shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-26 10:03:40 +03:00
Code

pid1: improve message when setting up namespace fails

Browse Source 
I covered the most obvious paths: those where there's a clear problem
with a path specified by the user.

Prints something like this (at error level):
May 21 20:00:01.040418 systemd[125871]: bad-workdir.service: Failed to set up mount namespacing: /run/systemd/unit-root/etc/tomcat9/Catalina: No such file or directory
May 21 20:00:01.040456 systemd[125871]: bad-workdir.service: Failed at step NAMESPACE spawning /bin/true: No such file or directory

Fixes #10972.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2019-05-21 20:02:34 +02:00
parent 35b966ca23
commit 7cc5ef5f18
4 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/core/execute.c
View File

@ -2406,7 +2406,8 @@ static int apply_mount_namespace(
const ExecCommand *command, const ExecCommand *command,
const ExecContext *context, const ExecContext *context,
const ExecParameters *params, const ExecParameters *params,
const ExecRuntime *runtime) { const ExecRuntime *runtime,
char **error_path) {
_cleanup_strv_free_ char **empty_directories = NULL; _cleanup_strv_free_ char **empty_directories = NULL;
char *tmp = NULL, *var = NULL; char *tmp = NULL, *var = NULL;
@ -2482,7 +2483,8 @@ static int apply_mount_namespace(
needs_sandboxing ? context->protect_home : PROTECT_HOME_NO, needs_sandboxing ? context->protect_home : PROTECT_HOME_NO,
needs_sandboxing ? context->protect_system : PROTECT_SYSTEM_NO, needs_sandboxing ? context->protect_system : PROTECT_SYSTEM_NO,
context->mount_flags, context->mount_flags,
DISSECT_IMAGE_DISCARD_ON_LOOP); DISSECT_IMAGE_DISCARD_ON_LOOP,
error_path);
bind_mount_free_many(bind_mounts, n_bind_mounts); bind_mount_free_many(bind_mounts, n_bind_mounts);
@ -3319,10 +3321,13 @@ static int exec_child(
needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime); needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime);
if (needs_mount_namespace) { if (needs_mount_namespace) {
r = apply_mount_namespace(unit, command, context, params, runtime); _cleanup_free_ char *error_path = NULL;
r = apply_mount_namespace(unit, command, context, params, runtime, &error_path);
if (r < 0) { if (r < 0) {
*exit_status = EXIT_NAMESPACE; *exit_status = EXIT_NAMESPACE;
return log_unit_error_errno(unit, r, "Failed to set up mount namespacing: %m"); return log_unit_error_errno(unit, r, "Failed to set up mount namespacing%s%s: %m",
error_path ? ": " : "", strempty(error_path));
} }
} }

20
src/core/namespace.c
View File

@ -1187,7 +1187,8 @@ int setup_namespace(
ProtectHome protect_home, ProtectHome protect_home,
ProtectSystem protect_system, ProtectSystem protect_system,
unsigned long mount_flags, unsigned long mount_flags,
DissectImageFlags dissect_image_flags) { DissectImageFlags dissect_image_flags,
char **error_path) {
_cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
_cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL; _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
@ -1440,6 +1441,8 @@ int setup_namespace(
proc_self_mountinfo = fopen("/proc/self/mountinfo", "re"); proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
if (!proc_self_mountinfo) { if (!proc_self_mountinfo) {
r = log_debug_errno(errno, "Failed to open /proc/self/mountinfo: %m"); r = log_debug_errno(errno, "Failed to open /proc/self/mountinfo: %m");
if (error_path)
*error_path = strdup("/proc/self/mountinfo");
goto finish; goto finish;
} }
@ -1453,8 +1456,11 @@ int setup_namespace(
continue; continue;
r = follow_symlink(root, m); r = follow_symlink(root, m);
if (r < 0) if (r < 0) {
if (error_path && mount_entry_path(m))
*error_path = strdup(mount_entry_path(m));
goto finish; goto finish;
}
if (r == 0) { if (r == 0) {
/* We hit a symlinked mount point. The entry got rewritten and might point to a /* We hit a symlinked mount point. The entry got rewritten and might point to a
* very different place now. Let's normalize the changed list, and start from * very different place now. Let's normalize the changed list, and start from
@ -1465,8 +1471,11 @@ int setup_namespace(
} }
r = apply_mount(root, m); r = apply_mount(root, m);
if (r < 0) if (r < 0) {
if (error_path && mount_entry_path(m))
*error_path = strdup(mount_entry_path(m));
goto finish; goto finish;
}
m->applied = true; m->applied = true;
} }
@ -1490,8 +1499,11 @@ int setup_namespace(
/* Second round, flip the ro bits if necessary. */ /* Second round, flip the ro bits if necessary. */
for (m = mounts; m < mounts + n_mounts; ++m) { for (m = mounts; m < mounts + n_mounts; ++m) {
r = make_read_only(m, blacklist, proc_self_mountinfo); r = make_read_only(m, blacklist, proc_self_mountinfo);
if (r < 0) if (r < 0) {
if (error_path && mount_entry_path(m))
*error_path = strdup(mount_entry_path(m));
goto finish; goto finish;
}
} }
} }

3
src/core/namespace.h
View File

@ -86,7 +86,8 @@ int setup_namespace(
ProtectHome protect_home, ProtectHome protect_home,
ProtectSystem protect_system, ProtectSystem protect_system,
unsigned long mount_flags, unsigned long mount_flags,
DissectImageFlags dissected_image_flags); DissectImageFlags dissected_image_flags,
char **error_path);
int setup_tmp_dirs( int setup_tmp_dirs(
const char *id, const char *id,

3
src/test/test-ns.c
View File

@ -75,7 +75,8 @@ int main(int argc, char *argv[]) {
PROTECT_HOME_NO, PROTECT_HOME_NO,
PROTECT_SYSTEM_NO, PROTECT_SYSTEM_NO,
0, 0,
0); 0,
NULL);
if (r < 0) { if (r < 0) {
log_error_errno(r, "Failed to setup namespace: %m"); log_error_errno(r, "Failed to setup namespace: %m");