namespace: make MountFlags=shared work again

Since commit 0722b359342d2a9f9e0d453875624387a0ba1be2, the root mountpoint is unconditionnally turned to slave which breaks units that are using explicitly MountFlags=shared (and no other options that would implicitly require a slave root mountpoint). Here is a test case: $ systemctl cat test-shared-mount-flag.service # /etc/systemd/system/test-shared-mount-flag.service [Service] Type=simple ExecStartPre=/usr/bin/mkdir -p /mnt/tmp ExecStart=/bin/sh -c "/usr/bin/mount -t tmpfs -o size=10M none /mnt/tmp && sleep infinity" ExecStop=-/bin/sh -c "/usr/bin/umount /mnt/tmp" MountFlags=shared $ systemctl start test-shared-mount-flag.service $ findmnt /mnt/tmp $ Mount on /mnt/tmp is not visible from the host although MountFlags=shared was used. This patch fixes that and turns the root mountpoint to slave when it's really required.
2025-02-03 13:47:04 +03:00 · 2019-02-13 18:45:36 +01:00 · 2019-02-13 18:45:36 +01:00 · 37ed15d7ed
commit 37ed15d7ed
parent ebf963c551
1 changed files with 4 additions and 1 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -1839,7 +1839,7 @@ static bool exec_needs_mount_namespace(
        if (context->n_temporary_filesystems > 0)
                return true;

-        if (context->mount_flags != 0)
+        if (!IN_SET(context->mount_flags, 0, MS_SHARED))
                return true;

        if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))
@ -2435,6 +2435,9 @@ static int apply_mount_namespace(
        else
                ns_info = (NamespaceInfo) {};

+        if (context->mount_flags == MS_SHARED)
+                log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring");
+
        r = setup_namespace(root_dir, root_image,
                            &ns_info, context->read_write_paths,
                            needs_sandboxing ? context->read_only_paths : NULL,