On Sun, Jul 08, 2018 at 02:01:36PM -0700, Eric Biggers wrote:
> Hi David and Al, here are some fixes for the fs_context patches.
>
> Feel free to fold these into the original patches if you want.
>
> Patches 13-18 are cleanups only.
>
Also, mount(..., MS_REMOUNT|MS_BIND, ...) now validates the mount options
string, which breaks systemd unit files with ProtectControlGroups=yes (e.g.
systemd-networkd.service) when systemd does the following to change a cgroup
(v1) mount to read-only:
mount(NULL, "/run/systemd/unit-root/sys/fs/cgroup/systemd", NULL,
MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND, NULL)
... when the kernel has CONFIG_CGROUPS=y but no cgroup subsystems enabled, since
in that case the error "cgroup1: Need name or subsystem set" is hit when the
mount options string is empty.
Probably it doesn't make sense to validate the mount options string at all in
the MS_REMOUNT|MS_BIND case, though maybe you had something else in mind.
- Eric
