diff options
| author | Mike Yuan <me@yhndnzj.com> | 2024-05-14 11:03:00 +0200 |
|---|---|---|
| committer | Mike Yuan <me@yhndnzj.com> | 2024-05-15 18:48:16 +0200 |
| commit | 07c5c2ab8b80f75a1c89fc405db1ce1dfd08534b (patch) | |
| tree | f2a17d5f27c079a8e5ea56500b04ee2ed351470f | |
| parent | test/test-rpm-macros.sh: add build directory to pkg-config search path (diff) | |
| download | systemd-07c5c2ab8b80f75a1c89fc405db1ce1dfd08534b.tar.xz systemd-07c5c2ab8b80f75a1c89fc405db1ce1dfd08534b.zip | |
switch-root: preserve the whole cred mount tree (/run/credentials/)
Currently, during soft-reboot, some services may survive,
but their associated credential mounts are dropped.
Let's instead preserve them, as discussed.
| -rw-r--r-- | src/shared/switch-root.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/src/shared/switch-root.c b/src/shared/switch-root.c index cd87417a60..2a5307feb7 100644 --- a/src/shared/switch-root.c +++ b/src/shared/switch-root.c @@ -39,13 +39,12 @@ int switch_root(const char *new_root, unsigned long mount_flags; /* Flags to apply if SWITCH_ROOT_RECURSIVE_RUN is unset */ unsigned long mount_flags_recursive_run; /* Flags to apply if SWITCH_ROOT_RECURSIVE_RUN is set (0 if shall be skipped) */ } transfer_table[] = { - { "/dev", MS_BIND|MS_REC, MS_BIND|MS_REC }, /* Recursive, because we want to save the original /dev/shm/ + /dev/pts/ and similar */ - { "/sys", MS_BIND|MS_REC, MS_BIND|MS_REC }, /* Similar, we want to retain various API VFS, or the cgroupv1 /sys/fs/cgroup/ tree */ - { "/proc", MS_BIND|MS_REC, MS_BIND|MS_REC }, /* Similar */ - { "/run", MS_BIND, MS_BIND|MS_REC }, /* Recursive except on soft reboot, see above */ - { SYSTEM_CREDENTIALS_DIRECTORY, MS_BIND, 0 /* skip! */ }, /* Credentials passed into the system should survive */ - { ENCRYPTED_SYSTEM_CREDENTIALS_DIRECTORY, MS_BIND, 0 /* skip! */ }, /* Similar */ - { "/run/host", MS_BIND|MS_REC, 0 /* skip! */ }, /* Host supplied hierarchy should also survive */ + { "/dev", MS_BIND|MS_REC, MS_BIND|MS_REC }, /* Recursive, because we want to save the original /dev/shm/ + /dev/pts/ and similar */ + { "/sys", MS_BIND|MS_REC, MS_BIND|MS_REC }, /* Similar, we want to retain various API VFS, or the cgroupv1 /sys/fs/cgroup/ tree */ + { "/proc", MS_BIND|MS_REC, MS_BIND|MS_REC }, /* Similar */ + { "/run", MS_BIND, MS_BIND|MS_REC }, /* Recursive except on soft reboot, see above */ + { "/run/credentials", MS_BIND|MS_REC, 0 /* skip! */ }, /* Credential mounts should survive */ + { "/run/host", MS_BIND|MS_REC, 0 /* skip! */ }, /* Host supplied hierarchy should also survive */ }; _cleanup_close_ int old_root_fd = -EBADF, new_root_fd = -EBADF; |