diff options
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/kmod-setup.c | 2 | ||||
| -rw-r--r-- | src/core/main.c | 1 | ||||
| -rw-r--r-- | src/core/manager.c | 7 | ||||
| -rw-r--r-- | src/core/mount-setup.c | 22 | ||||
| -rw-r--r-- | src/core/mount-setup.h | 1 | ||||
| -rw-r--r-- | src/core/namespace.c | 9 |
6 files changed, 26 insertions, 16 deletions
diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c index 38e1726e08..8136d3c0f8 100644 --- a/src/core/kmod-setup.c +++ b/src/core/kmod-setup.c @@ -71,7 +71,7 @@ int kmod_setup(void) { { "unix", "/proc/net/unix", true, NULL }, /* IPC is needed before we bring up any other services */ - { "kdbus", "/sys/bus/kdbus", false, cmdline_check_kdbus }, + { "kdbus", "/sys/fs/kdbus", false, cmdline_check_kdbus }, }; struct kmod_ctx *ctx = NULL; unsigned int i; diff --git a/src/core/main.c b/src/core/main.c index 56a1f6193c..d563ae3509 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1556,6 +1556,7 @@ int main(int argc, char *argv[]) { #ifdef HAVE_KMOD kmod_setup(); #endif + mount_setup_late(); hostname_setup(); machine_id_setup(NULL); loopback_setup(); diff --git a/src/core/manager.c b/src/core/manager.c index 1bc36a6c41..2bc1058436 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -729,13 +729,6 @@ static int manager_setup_kdbus(Manager *m) { } log_debug("Successfully set up kdbus on %s", p); - - /* Create the namespace directory here, so that the contents - * of that directory is not visible to non-root users. This is - * necessary to ensure that users cannot get access to busses - * of virtualized users when no UID namespacing is used. */ - if (m->running_as == SYSTEMD_SYSTEM) - mkdir_p_label("/dev/kdbus/domain", 0700); #endif return 0; diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index cda25ede13..e9a2ec6886 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -110,6 +110,13 @@ static const MountPoint mount_table[] = { #endif }; +static const MountPoint mount_table_late[] = { +#ifdef ENABLE_KDBUS + { "kdbusfs", "/sys/fs/kdbus", "kdbusfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_IN_CONTAINER }, +#endif +}; + /* These are API file systems that might be mounted by other software, * we just list them here so that we know that we should ignore them */ @@ -221,6 +228,21 @@ int mount_setup_early(void) { return r; } +int mount_setup_late(void) { + unsigned i; + int r = 0; + + for (i = 0; i < ELEMENTSOF(mount_table_late); i ++) { + int j; + + j = mount_one(mount_table_late + i, false); + if (r == 0) + r = j; + } + + return r; +} + int mount_cgroup_controllers(char ***join_controllers) { _cleanup_set_free_free_ Set *controllers = NULL; _cleanup_fclose_ FILE *f; diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h index 4b521ad0e1..928bd6edfe 100644 --- a/src/core/mount-setup.h +++ b/src/core/mount-setup.h @@ -24,6 +24,7 @@ #include <stdbool.h> int mount_setup_early(void); +int mount_setup_late(void); int mount_setup(bool loaded_policy); diff --git a/src/core/namespace.c b/src/core/namespace.c index 4bc288de1d..eb7f2ad60d 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -145,7 +145,7 @@ static int mount_dev(BindMount *m) { "/dev/tty\0"; char temporary_mount[] = "/tmp/namespace-dev-XXXXXX"; - const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devkdbus = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL; + const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL; _cleanup_umask_ mode_t u; int r; @@ -185,10 +185,6 @@ static int mount_dev(BindMount *m) { mkdir(devmqueue, 0755); mount("/dev/mqueue", devmqueue, NULL, MS_BIND, NULL); - devkdbus = strappenda(temporary_mount, "/dev/kdbus"); - mkdir(devkdbus, 0755); - mount("/dev/kdbus", devkdbus, NULL, MS_BIND, NULL); - devhugepages = strappenda(temporary_mount, "/dev/hugepages"); mkdir(devhugepages, 0755); mount("/dev/hugepages", devhugepages, NULL, MS_BIND, NULL); @@ -254,9 +250,6 @@ fail: if (devshm) umount(devshm); - if (devkdbus) - umount(devkdbus); - if (devhugepages) umount(devhugepages); |