diff options
| author | David Howells <dhowells@redhat.com> | 2018-11-01 23:07:25 +0000 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2018-12-20 16:32:56 +0000 |
| commit | 43f5e655eff7e124d4e484515689cba374ab698e (patch) | |
| tree | 40e0581b86f123bb4aaa540ff672d575fdcfa83d /security | |
| parent | e262e32d6bde0f77fb0c95d977482fc872c51996 (diff) | |
| download | linux-43f5e655eff7e124d4e484515689cba374ab698e.tar.bz2 | |
vfs: Separate changing mount flags full remount
Separate just the changing of mount flags (MS_REMOUNT|MS_BIND) from full
remount because the mount data will get parsed with the new fs_context
stuff prior to doing a remount - and this causes the syscall to fail under
some circumstances.
To quote Eric's explanation:
[...] mount(..., MS_REMOUNT|MS_BIND, ...) now validates the mount options
string, which breaks systemd unit files with ProtectControlGroups=yes
(e.g. systemd-networkd.service) when systemd does the following to
change a cgroup (v1) mount to read-only:
mount(NULL, "/run/systemd/unit-root/sys/fs/cgroup/systemd", NULL,
MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND, NULL)
... when the kernel has CONFIG_CGROUPS=y but no cgroup subsystems
enabled, since in that case the error "cgroup1: Need name or subsystem
set" is hit when the mount options string is empty.
Probably it doesn't make sense to validate the mount options string at
all in the MS_REMOUNT|MS_BIND case, though maybe you had something else
in mind.
This is also worthwhile doing because we will need to add a mount_setattr()
syscall to take over the remount-bind function.
Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Reviewed-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions