summaryrefslogtreecommitdiff
path: root/src/core/mount-setup.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/core/mount-setup.c')
-rw-r--r--src/core/mount-setup.c24
1 files changed, 17 insertions, 7 deletions
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index 1782d40720..9b16eaa0e2 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -93,12 +93,14 @@ static const MountPoint mount_table[] = {
#endif
{ "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
+ { "cgroup", "/sys/fs/cgroup", "cgroup", "__DEVEL__sane_behavior", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ cg_is_unified_wanted, MNT_FATAL|MNT_IN_CONTAINER },
{ "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
- NULL, MNT_FATAL|MNT_IN_CONTAINER },
+ cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER },
{ "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd,xattr", MS_NOSUID|MS_NOEXEC|MS_NODEV,
- NULL, MNT_IN_CONTAINER },
+ cg_is_legacy_wanted, MNT_IN_CONTAINER },
{ "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV,
- NULL, MNT_FATAL|MNT_IN_CONTAINER },
+ cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER },
{ "pstore", "/sys/fs/pstore", "pstore", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_NONE },
#ifdef ENABLE_EFI
@@ -162,7 +164,7 @@ static int mount_one(const MountPoint *p, bool relabel) {
return 0;
/* Skip securityfs in a container */
- if (!(p->mode & MNT_IN_CONTAINER) && detect_container(NULL) > 0)
+ if (!(p->mode & MNT_IN_CONTAINER) && detect_container() > 0)
return 0;
/* The access mode here doesn't really matter too much, since
@@ -206,7 +208,7 @@ int mount_setup_early(void) {
int j;
j = mount_one(mount_table + i, false);
- if (r == 0)
+ if (j != 0 && r >= 0)
r = j;
}
@@ -217,6 +219,9 @@ int mount_cgroup_controllers(char ***join_controllers) {
_cleanup_set_free_free_ Set *controllers = NULL;
int r;
+ if (!cg_is_legacy_wanted())
+ return 0;
+
/* Mount all available cgroup controllers that are built into the kernel. */
controllers = set_new(&string_hash_ops);
@@ -298,6 +303,11 @@ int mount_cgroup_controllers(char ***join_controllers) {
r = symlink(options, t);
if (r < 0 && errno != EEXIST)
return log_error_errno(errno, "Failed to create symlink %s: %m", t);
+#ifdef SMACK_RUN_LABEL
+ r = mac_smack_copy(t, options);
+ if (r < 0 && r != -EOPNOTSUPP)
+ return log_error_errno(r, "Failed to copy smack label from %s to %s: %m", options, t);
+#endif
}
}
}
@@ -341,7 +351,7 @@ int mount_setup(bool loaded_policy) {
int j;
j = mount_one(mount_table + i, loaded_policy);
- if (r == 0)
+ if (j != 0 && r >= 0)
r = j;
}
@@ -380,7 +390,7 @@ int mount_setup(bool loaded_policy) {
* nspawn and the container tools work out of the box. If
* specific setups need other settings they can reset the
* propagation mode to private if needed. */
- if (detect_container(NULL) <= 0)
+ if (detect_container() <= 0)
if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0)
log_warning_errno(errno, "Failed to set up the root directory for shared mount propagation: %m");
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-05-07 04:55:36 +0000