From ac8399db6ce846597966360732ce6d39a247bdd2 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 6 May 2024 04:25:51 +0200 Subject: Adding debian version 241-7~deb10u8. Signed-off-by: Daniel Baumann --- ...mespace-make-MountFlags-shared-work-again.patch | 58 ++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 debian/patches/namespace-make-MountFlags-shared-work-again.patch (limited to 'debian/patches/namespace-make-MountFlags-shared-work-again.patch') diff --git a/debian/patches/namespace-make-MountFlags-shared-work-again.patch b/debian/patches/namespace-make-MountFlags-shared-work-again.patch new file mode 100644 index 0000000..2954e67 --- /dev/null +++ b/debian/patches/namespace-make-MountFlags-shared-work-again.patch @@ -0,0 +1,58 @@ +From: Franck Bui +Date: Wed, 13 Feb 2019 18:45:36 +0100 +Subject: namespace: make MountFlags=shared work again + +Since commit 0722b359342d2a9f9e0d453875624387a0ba1be2, the root mountpoint is +unconditionnally turned to slave which breaks units that are using explicitly +MountFlags=shared (and no other options that would implicitly require a slave +root mountpoint). + +Here is a test case: + + $ systemctl cat test-shared-mount-flag.service + # /etc/systemd/system/test-shared-mount-flag.service + [Service] + Type=simple + ExecStartPre=/usr/bin/mkdir -p /mnt/tmp + ExecStart=/bin/sh -c "/usr/bin/mount -t tmpfs -o size=10M none /mnt/tmp && sleep infinity" + ExecStop=-/bin/sh -c "/usr/bin/umount /mnt/tmp" + MountFlags=shared + + $ systemctl start test-shared-mount-flag.service + $ findmnt /mnt/tmp + $ + +Mount on /mnt/tmp is not visible from the host although MountFlags=shared was +used. + +This patch fixes that and turns the root mountpoint to slave when it's really +required. + +(cherry picked from commit 37ed15d7edaf59a1fc7c9e3552cd93a83f3814ef) +--- + src/core/execute.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 47518f4..f2a4c54 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1839,7 +1839,7 @@ static bool exec_needs_mount_namespace( + if (context->n_temporary_filesystems > 0) + return true; + +- if (context->mount_flags != 0) ++ if (!IN_SET(context->mount_flags, 0, MS_SHARED)) + return true; + + if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) +@@ -2435,6 +2435,9 @@ static int apply_mount_namespace( + else + ns_info = (NamespaceInfo) {}; + ++ if (context->mount_flags == MS_SHARED) ++ log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring"); ++ + r = setup_namespace(root_dir, root_image, + &ns_info, context->read_write_paths, + needs_sandboxing ? context->read_only_paths : NULL, -- cgit v1.2.3