From 3a1bd768e62a493aa73e82f5c443ca28b108af51 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Sat, 13 Feb 2021 17:21:15 +0000 Subject: [PATCH] systemd: Simplify mount error patch As mentioned during review, this patch can be less invasive and hence easier to maintain. Improve as such. Signed-off-by: Richard Purdie --- ...r-mount-error-with-invalid-options-o.patch | 43 +++---------------- 1 file changed, 7 insertions(+), 36 deletions(-) diff --git a/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch b/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch index b1d3d6963c..94a4c307b5 100644 --- a/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch +++ b/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch @@ -36,10 +36,10 @@ systemd 247 and above plus kernel v5.7 or older will need this. Upstream-Status: Denied [https://github.com/systemd/systemd/issues/16896] Signed-off-by: Paul Gortmaker -diff --git a/src/core/namespace.c b/src/core/namespace.c -index cdf427a6ea93..f8fc33a89fc2 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c +Index: git/src/core/namespace.c +=================================================================== +--- git.orig/src/core/namespace.c ++++ git/src/core/namespace.c @@ -4,7 +4,9 @@ #include #include @@ -50,11 +50,9 @@ index cdf427a6ea93..f8fc33a89fc2 100644 #include #include -@@ -859,14 +861,34 @@ static int mount_sysfs(const MountEntry *m) { - } +@@ -860,13 +862,32 @@ static int mount_sysfs(const MountEntry static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { -+ _cleanup_free_ char *opts = NULL; const char *entry_path; - int r; + int r, major, minor; @@ -86,41 +84,14 @@ index cdf427a6ea93..f8fc33a89fc2 100644 /* Mount a new instance, so that we get the one that matches our user namespace, if we are running in * one. i.e we don't reuse existing mounts here under any condition, we want a new instance owned by * our user namespace and with our hidepid= settings applied. Hence, let's get rid of everything -@@ -875,9 +897,8 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { +@@ -875,8 +896,8 @@ static int mount_procfs(const MountEntry (void) mkdir_p_label(entry_path, 0755); (void) umount_recursive(entry_path, 0); - if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || - ns_info->proc_subset != PROC_SUBSET_ALL) { -- _cleanup_free_ char *opts = NULL; + if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || + ns_info->proc_subset != PROC_SUBSET_ALL)) { + _cleanup_free_ char *opts = NULL; /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it - * pretended to be per-instance but actually was per-namespace), hence let's make use of it -@@ -891,21 +912,9 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { - ns_info->proc_subset == PROC_SUBSET_PID ? ",subset=pid" : ""); - if (!opts) - return -ENOMEM; -- -- r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); -- if (r < 0) { -- if (r != -EINVAL) -- return r; -- -- /* If this failed with EINVAL then this likely means the textual hidepid= stuff is -- * not supported by the kernel, and thus the per-instance hidepid= neither, which -- * means we really don't want to use it, since it would affect our host's /proc -- * mount. Hence let's gracefully fallback to a classic, unrestricted version. */ -- } else -- return 1; - } - -- r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL); -+ r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); - if (r < 0) - return r; - --- -2.29.2 - -- 2.40.1