picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

nspawn/machine: move mount propagation dir to /run/host/incoming

Browse source 
Previously we'd use a directory /run/systemd/nspawn/incoming for
accepting mounts to propagate from the host. This is a bit weird, since
we have a shared namespace: /run/systemd/ contains both stuff managed by
the surround nspawn as well as from the systemd inside.

We now have the /run/host/ hierarchy that has special stuff we want to
pass from host to container. Let's make use of that here, and move this
directory here too.

This is not a compat breakage, since the payload never interfaces with
that directory natively: it's only nspawn and machined that need to
agree on it.
This commit is contained in:
Lennart Poettering 2020-07-22 17:57:29 +02:00
parent 2eecdd1d69
commit 5a27b39518
2 changed files with 9 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/machine/machine-dbus.c
View file

@ -978,9 +978,8 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
goto finish;
}
if (r == 0) {
const char *mount_inside;
const char *mount_inside, *q;
int mntfd;
const char *q;
errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
@ -1001,12 +1000,11 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
(void) mkdir_p(dest, 0755);
else {
(void) mkdir_parents(dest, 0755);
safe_close(open(dest, O_CREAT|O_EXCL|O_WRONLY|O_CLOEXEC|O_NOCTTY, 0600));
(void) mknod(dest, S_IFREG|0600, 0);
}
}
/* Fifth, move the mount to the right place inside */
mount_inside = strjoina("/run/systemd/nspawn/incoming/", basename(mount_outside));
mount_inside = strjoina("/run/host/incoming/", basename(mount_outside));
if (mount(mount_inside, dest, NULL, MS_MOVE, NULL) < 0) {
r = log_error_errno(errno, "Failed to mount: %m");
goto child_fail;

17
src/nspawn/nspawn.c
View file

@ -2517,19 +2517,15 @@ static int setup_propagate(const char *root) {
p = strjoina("/run/systemd/nspawn/propagate/", arg_machine);
(void) mkdir_p(p, 0600);
r = userns_mkdir(root, "/run/systemd", 0755, 0, 0);
r = userns_mkdir(root, "/run/host", 0755, 0, 0);
if (r < 0)
return log_error_errno(r, "Failed to create /run/systemd: %m");
return log_error_errno(r, "Failed to create /run/host: %m");
r = userns_mkdir(root, "/run/systemd/nspawn", 0755, 0, 0);
r = userns_mkdir(root, "/run/host/incoming", 0600, 0, 0);
if (r < 0)
return log_error_errno(r, "Failed to create /run/systemd/nspawn: %m");
return log_error_errno(r, "Failed to create /run/host/incoming: %m");
r = userns_mkdir(root, "/run/systemd/nspawn/incoming", 0600, 0, 0);
if (r < 0)
return log_error_errno(r, "Failed to create /run/systemd/nspawn/incoming: %m");
q = prefix_roota(root, "/run/systemd/nspawn/incoming");
q = prefix_roota(root, "/run/host/incoming");
r = mount_verbose(LOG_ERR, p, q, NULL, MS_BIND, NULL);
if (r < 0)
return r;
@ -2538,8 +2534,7 @@ static int setup_propagate(const char *root) {
if (r < 0)
return r;
/* machined will MS_MOVE into that directory, and that's only
* supported for non-shared mounts. */
/* machined will MS_MOVE into that directory, and that's only supported for non-shared mounts. */
return mount_verbose(LOG_ERR, NULL, q, NULL, MS_SLAVE, NULL);
}