|
|
2e1338 |
From 2b8d586c5a10e9574acd1ae49a60cbf11cf22830 Mon Sep 17 00:00:00 2001
|
|
|
2e1338 |
From: Colin Walters <walters@verbum.org>
|
|
|
2e1338 |
Date: Mon, 29 Jan 2018 13:48:02 +0100
|
|
|
2e1338 |
Subject: [PATCH] switchroot: Ensure /sysroot is set to "private" propagation
|
|
|
2e1338 |
|
|
|
2e1338 |
Downstream BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1498281
|
|
|
2e1338 |
|
|
|
2e1338 |
This came up as a problem with `oci-umount` which was trying to ensure some host
|
|
|
2e1338 |
mounts like `/var/lib/containers` don't leak into privileged containers. But
|
|
|
2e1338 |
since our `/sysroot` mount wasn't private we also got a copy there.
|
|
|
2e1338 |
|
|
|
2e1338 |
We should have done this from the very start - it makes `findmnt` way, way less
|
|
|
2e1338 |
ugly and is just the obviously right thing to do, will possibly create world
|
|
|
2e1338 |
peace etc.
|
|
|
2e1338 |
|
|
|
2e1338 |
Closes: #1438
|
|
|
2e1338 |
Approved by: rhvgoyal
|
|
|
2e1338 |
---
|
|
|
2e1338 |
src/switchroot/ostree-prepare-root.c | 11 +++++++++++
|
|
|
2e1338 |
src/switchroot/ostree-remount.c | 9 +++++++++
|
|
|
2e1338 |
2 files changed, 20 insertions(+)
|
|
|
2e1338 |
|
|
|
2e1338 |
diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
|
|
|
2e1338 |
index 43e15fcc..671a6a26 100644
|
|
|
2e1338 |
--- a/src/switchroot/ostree-prepare-root.c
|
|
|
2e1338 |
+++ b/src/switchroot/ostree-prepare-root.c
|
|
|
2e1338 |
@@ -244,6 +244,17 @@ main(int argc, char *argv[])
|
|
|
2e1338 |
err (EXIT_FAILURE, "failed to MS_MOVE %s to %s", deploy_path, root_mountpoint);
|
|
|
2e1338 |
}
|
|
|
2e1338 |
|
|
|
2e1338 |
+ /* The /sysroot mount needs to be private to avoid having a mount for e.g. /var/cache
|
|
|
2e1338 |
+ * also propagate to /sysroot/ostree/deploy/$stateroot/var/cache
|
|
|
2e1338 |
+ *
|
|
|
2e1338 |
+ * Now in reality, today this is overridden by systemd: the *actual* way we fix this up
|
|
|
2e1338 |
+ * is in ostree-remount.c. But let's do it here to express the semantics we want
|
|
|
2e1338 |
+ * at the very start (perhaps down the line systemd will have compile/runtime option
|
|
|
2e1338 |
+ * to say that the initramfs environment did everything right from the start).
|
|
|
2e1338 |
+ */
|
|
|
2e1338 |
+ if (mount ("none", "sysroot", NULL, MS_PRIVATE, NULL) < 0)
|
|
|
2e1338 |
+ err (EXIT_FAILURE, "remounting 'sysroot' private");
|
|
|
2e1338 |
+
|
|
|
2e1338 |
if (getpid() == 1)
|
|
|
2e1338 |
{
|
|
|
2e1338 |
execl ("/sbin/init", "/sbin/init", NULL);
|
|
|
2e1338 |
diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
|
|
|
2e1338 |
index fe6b6f44..cc2b81b3 100644
|
|
|
2e1338 |
--- a/src/switchroot/ostree-remount.c
|
|
|
2e1338 |
+++ b/src/switchroot/ostree-remount.c
|
|
|
2e1338 |
@@ -44,6 +44,15 @@ main(int argc, char *argv[])
|
|
|
2e1338 |
struct stat stbuf;
|
|
|
2e1338 |
int i;
|
|
|
2e1338 |
|
|
|
2e1338 |
+ /* The /sysroot mount needs to be private to avoid having a mount for e.g. /var/cache
|
|
|
2e1338 |
+ * also propagate to /sysroot/ostree/deploy/$stateroot/var/cache
|
|
|
2e1338 |
+ *
|
|
|
2e1338 |
+ * Today systemd remounts / (recursively) as shared, so we're undoing that as early
|
|
|
2e1338 |
+ * as possible. See also a copy of this in ostree-prepare-root.c.
|
|
|
2e1338 |
+ */
|
|
|
2e1338 |
+ if (mount ("none", "/sysroot", NULL, MS_REC | MS_PRIVATE, NULL) < 0)
|
|
|
2e1338 |
+ perror ("warning: While remounting /sysroot MS_PRIVATE");
|
|
|
2e1338 |
+
|
|
|
2e1338 |
if (path_is_on_readonly_fs ("/"))
|
|
|
2e1338 |
{
|
|
|
2e1338 |
/* If / isn't writable, don't do any remounts; we don't want
|
|
|
2e1338 |
--
|
|
|
2e1338 |
2.14.3
|
|
|
2e1338 |
|