Re: [systemd-devel] [PATCH v4] Do not clear parent mount flags when setting up namespaces

2015-01-05 Thread Lennart Poettering 
On Sun, 04.01.15 20:51, Topi Miettinen (toiwo...@gmail.com) wrote:

> When setting up a namespace, mount flags like noexec, nosuid and
> nodev are cleared, so the mounts always have exec, suid and dev
> flags enabled.
> 
> Copy source directory mount flags to target mount when remounting
> the bind mounts.

I don't quite like that we have the set of flags anyway, from the line
we read from /proc/self/mountinfo, but still ask explicity via
statvfs() a second time. Gives this a smell of raciness...

However, /proc/self/mountinfo gives us the flag bits only broken out
as strings, which are nasty to translate back to a flags value, hence
I have merged the patch now.

Thanks!

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH v4] Do not clear parent mount flags when setting up namespaces

2015-01-04 Thread Topi Miettinen 
When setting up a namespace, mount flags like noexec, nosuid and
nodev are cleared, so the mounts always have exec, suid and dev
flags enabled.

Copy source directory mount flags to target mount when remounting
the bind mounts.
---
 src/shared/util.c | 23 +--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/shared/util.c b/src/shared/util.c
index dfaf7f7..8d4e91f 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -61,6 +61,7 @@
 #include 
 #include 
 #include 
+#include 
 #undef basename
 
 #ifdef HAVE_SYS_AUXV_H
@@ -6858,6 +6859,15 @@ int umount_recursive(const char *prefix, int flags) {
 return r ? r : n;
 }
 
+static int get_mount_flags(const char *path, unsigned long *flags) {
+struct statvfs buf;
+
+if (statvfs(path, &buf) < 0)
+return -errno;
+*flags = buf.f_flag;
+return 0;
+}
+
 int bind_remount_recursive(const char *prefix, bool ro) {
 _cleanup_set_free_free_ Set *done = NULL;
 _cleanup_free_ char *cleaned = NULL;
@@ -6892,6 +6902,7 @@ int bind_remount_recursive(const char *prefix, bool ro) {
 _cleanup_set_free_free_ Set *todo = NULL;
 bool top_autofs = false;
 char *x;
+unsigned long orig_flags;
 
 todo = set_new(&string_hash_ops);
 if (!todo)
@@ -6969,7 +6980,11 @@ int bind_remount_recursive(const char *prefix, bool ro) {
 if (mount(cleaned, cleaned, NULL, MS_BIND|MS_REC, 
NULL) < 0)
 return -errno;
 
-if (mount(NULL, prefix, NULL, MS_BIND|MS_REMOUNT|(ro ? 
MS_RDONLY : 0), NULL) < 0)
+r = get_mount_flags(prefix, &orig_flags);
+if (r < 0)
+return r;
+orig_flags &= ~MS_RDONLY;
+if (mount(NULL, prefix, NULL, 
orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)
 return -errno;
 
 x = strdup(cleaned);
@@ -6989,7 +7004,11 @@ int bind_remount_recursive(const char *prefix, bool ro) {
 if (r < 0)
 return r;
 
-if (mount(NULL, x, NULL, MS_BIND|MS_REMOUNT|(ro ? 
MS_RDONLY : 0), NULL) < 0) {
+r = get_mount_flags(x, &orig_flags);
+if (r < 0)
+return r;
+orig_flags &= ~MS_RDONLY;
+if (mount(NULL, x, NULL, 
orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) {
 
 /* Deal with mount points that are
  * obstructed by a later mount */
-- 
2.1.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel