a8

分支 (7)

管理

管理

a8

a23

a7

a8.4

a8.2

master

a8-LoongArch

systemd
/
1006-mount-setup-change-the-system-mo...

From bdd65129e7fbd09c7e0c1fd7fbaffeb9b0b81e1d Mon Sep 17 00:00:00 2001
From: Wen Yang <wenyang@linux.alibaba.com>
Date: Mon, 23 Mar 2020 10:42:46 +0800
Subject: [PATCH] mount-setup: change the system mount propagation to
 shared by default only at bootup

The commit b3ac5f8cb987 has changed the system mount propagation to
shared by default, and according to the following patch:
https://github.com/opencontainers/runc/pull/208
When starting the container, the pouch daemon will call runc to execute
make-private.

However, if the systemctl daemon-reexec is executed after the container
has been started, the system mount propagation will be changed to share
again by default, and the make-private operation above will have no chance
to execute.

cherry-picked from upstream f74349d8 without conflict.

Signed-off-by: Yuanhong Peng <yummypeng@linux.alibaba.com>
---
 src/core/main.c        | 2 +-
 src/core/mount-setup.c | 4 ++--
 src/core/mount-setup.h | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/core/main.c b/src/core/main.c
index a72c685b20..55c54aecd5 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2519,7 +2519,7 @@ int main(int argc, char *argv[]) {
                 if (!skip_setup)
                         kmod_setup();

-                r = mount_setup(loaded_policy);
+                r = mount_setup(loaded_policy, skip_setup);
                 if (r < 0) {
                         error_message = "Failed to mount API filesystems";
                         goto finish;
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index b3cf13af2b..ff7fc18765 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -400,7 +400,7 @@ static int relabel_cgroup_filesystems(void) {
 }
 #endif

-int mount_setup(bool loaded_policy) {
+int mount_setup(bool loaded_policy, bool leave_propagation) {
         int r = 0;

         r = mount_points_setup(ELEMENTSOF(mount_table), loaded_policy);
@@ -444,7 +444,7 @@ int mount_setup(bool loaded_policy) {
          * needed. Note that we set this only when we are invoked directly by the kernel. If we are invoked by a
          * container manager we assume the container manager knows what it is doing (for example, because it set up
          * some directories with different propagation modes). */
-        if (detect_container() <= 0)
+        if (detect_container() <= 0 && !leave_propagation)
                 if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0)
                         log_warning_errno(errno, "Failed to set up the root directory for shared mount propagation: %m");

diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h
index 43cd8908de..7a011b25c8 100644
--- a/src/core/mount-setup.h
+++ b/src/core/mount-setup.h
@@ -4,7 +4,7 @@
 #include <stdbool.h>

 int mount_setup_early(void);
-int mount_setup(bool loaded_policy);
+int mount_setup(bool loaded_policy, bool leave_propagation);

 int mount_cgroup_controllers(char ***join_controllers);

--
2.18.1