diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-06-16 16:50:46 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-06-23 10:17:36 +0200 |
| commit | 6fe01ced0e081a9a1d9d484b4bd87a9ae567ae19 (patch) | |
| tree | 3301f0be30ca49c2e6f466d73b3f01fb58321e2e /src | |
| parent | Merge pull request #16196 from mrc0mmand/travis-simplification (diff) | |
| download | systemd-6fe01ced0e081a9a1d9d484b4bd87a9ae567ae19.tar.xz systemd-6fe01ced0e081a9a1d9d484b4bd87a9ae567ae19.zip | |
nspawn: mkdir selinux mount point once, but not twice
Since #15533 we didn't create the mount point for selinuxfs anymore.
Before it we created it twice because we mount selinuxfs twice: once the
superblock, and once we remount its bind mound read-only. The second
mkdir would mean we'd chown() the host version of selinuxfs (since
there's only one selinuxfs superblock kernel-wide).
The right time to create mount point point is once: before we mount the
selinuxfs. But not a second time for the remount.
Fixes: #16032
Diffstat (limited to 'src')
| -rw-r--r-- | src/nspawn/nspawn-mount.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index eb80c2960b..2fbaf65692 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -619,9 +619,9 @@ int mount_all(const char *dest, #if HAVE_SELINUX { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, - 0 }, /* Bind mount first */ + MOUNT_MKDIR }, /* Bind mount first (mkdir/chown the mount point in case /sys/ is mounted as minimal skeleton tmpfs) */ { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, - 0 }, /* Then, make it r/o */ + 0 }, /* Then, make it r/o (don't mkdir/chown the mount point here, the previous entry already did that) */ #endif }; |