diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-04-21 20:25:01 -0400 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-04-21 21:43:43 -0400 |
commit | a383724e4202ee9681bd31cb668c44bdbbf83638 (patch) | |
tree | c770133a8de1794fd4fe6d43374e7a5770f3d378 /src/core | |
parent | 9097fe299f22c46316979356d945ebb494e85814 (diff) |
systemd,nspawn: use extended attributes to store metadata
All attributes are stored as text, since root_directory is already
text, and it seems easier to have all of them in text format.
Attributes are written in the trusted. namespace, because the kernel
currently does not allow user. attributes on cgroups. This is a PITA,
and CAP_SYS_ADMIN is required to *read* the attributes. Alas.
A second pipe is opened for the child to signal the parent that the
cgroup hierarchy has been set up.
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/mount-setup.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index e45a6bc1c8..56d358b094 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -68,6 +68,12 @@ typedef struct MountPoint { * other ones we can delay until SELinux and IMA are loaded. */ #define N_EARLY_MOUNT 5 +#ifdef HAVE_XATTR +# define FS_XATTR_OPT ",xattr" +#else +# define FS_XATTR_OPT "" +#endif + static const MountPoint mount_table[] = { { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, MNT_FATAL|MNT_IN_CONTAINER }, @@ -87,7 +93,7 @@ static const MountPoint mount_table[] = { NULL, MNT_FATAL|MNT_IN_CONTAINER }, { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, NULL, MNT_IN_CONTAINER }, - { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, + { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd" FS_XATTR_OPT, MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, MNT_IN_CONTAINER }, { "pstore", "/sys/fs/pstore", "pstore", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, MNT_NONE }, |