diff options
author | Evgeny Vereshchagin <evvers@ya.ru> | 2016-10-12 00:18:27 +0300 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-10-11 17:18:27 -0400 |
commit | 8492849ee567c4657d6ac6587ed9536857624b4c (patch) | |
tree | 27d1052b3f070e0c0ca749e664a6aa9729e0b79d | |
parent | e0d2adfde677d91b57dd63f6a3f00f4b86be9a64 (diff) |
nspawn: let's mount(/tmp) inside the user namespace (#4340)
Fixes:
host# systemd-nspawn -D ... -U -b systemd.unit=multi-user.target
...
$ grep /tmp /proc/self/mountinfo
154 145 0:41 / /tmp rw - tmpfs tmpfs rw,seclabel,uid=1036124160,gid=1036124160
$ umount /tmp
umount: /root/tmp: not mounted
$ systemctl poweroff
...
[FAILED] Failed unmounting Temporary Directory.
-rw-r--r-- | src/nspawn/nspawn-mount.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index 25d38aa742..895fc6134c 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -325,7 +325,7 @@ int mount_all(const char *dest, { "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true, false, false }, { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false }, { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false }, - { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, false, false }, + { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, true, false }, #ifdef HAVE_SELINUX { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, false, false, false }, /* Bind mount first */ { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, false, false, false }, /* Then, make it r/o */ @@ -368,7 +368,10 @@ int mount_all(const char *dest, o = mount_table[k].options; if (streq_ptr(mount_table[k].type, "tmpfs")) { - r = tmpfs_patch_options(o, use_userns, uid_shift, uid_range, false, selinux_apifs_context, &options); + if (in_userns) + r = tmpfs_patch_options(o, use_userns, 0, uid_range, true, selinux_apifs_context, &options); + else + r = tmpfs_patch_options(o, use_userns, uid_shift, uid_range, false, selinux_apifs_context, &options); if (r < 0) return log_oom(); if (r > 0) |