mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
machine: enter target PID namespace when adding a live mount
machinectl fails since 21935150a0
as it's now
mounting onto a file descriptor in a target namespace, without joining the
target's PID namespace.
Note that it's not enough to setns CLONE_NEWPID, but a double-fork is required
as well, as implemented by namespace_fork().
Add a test case to TEST-13-NSPAWN to cover this use case.
This commit is contained in:
parent
2338a175fd
commit
98f654fdea
@ -757,7 +757,7 @@ int bind_mount_in_namespace(
|
||||
bool make_file_or_directory) {
|
||||
|
||||
_cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
|
||||
_cleanup_close_ int self_mntns_fd = -1, mntns_fd = -1, root_fd = -1;
|
||||
_cleanup_close_ int self_mntns_fd = -1, mntns_fd = -1, root_fd = -1, pidns_fd = -1;
|
||||
char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p;
|
||||
bool mount_slave_created = false, mount_slave_mounted = false,
|
||||
mount_tmp_created = false, mount_tmp_mounted = false,
|
||||
@ -773,7 +773,7 @@ int bind_mount_in_namespace(
|
||||
assert(src);
|
||||
assert(dest);
|
||||
|
||||
r = namespace_open(target, NULL, &mntns_fd, NULL, NULL, &root_fd);
|
||||
r = namespace_open(target, &pidns_fd, &mntns_fd, NULL, NULL, &root_fd);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to retrieve FDs of the target process' namespace: %m");
|
||||
|
||||
@ -898,7 +898,7 @@ int bind_mount_in_namespace(
|
||||
}
|
||||
|
||||
r = namespace_fork("(sd-bindmnt)", "(sd-bindmnt-inner)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG,
|
||||
-1, mntns_fd, -1, -1, root_fd, &child);
|
||||
pidns_fd, mntns_fd, -1, -1, root_fd, &child);
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
if (r == 0) {
|
||||
|
@ -28,6 +28,9 @@ ln -s busybox "$root/bin/cat"
|
||||
ln -s busybox "$root/bin/tr"
|
||||
ln -s busybox "$root/bin/ps"
|
||||
ln -s busybox "$root/bin/ip"
|
||||
ln -s busybox "$root/bin/seq"
|
||||
ln -s busybox "$root/bin/sleep"
|
||||
ln -s busybox "$root/bin/test"
|
||||
|
||||
mkdir -p "$root/sbin"
|
||||
cat <<'EOF' >"$root/sbin/init"
|
||||
|
@ -93,6 +93,29 @@ if echo test >> /run/host/os-release; then exit 1; fi
|
||||
fi
|
||||
}
|
||||
|
||||
function check_machinectl_bind {
|
||||
local _cmd='for i in $(seq 1 20); do if test -f /tmp/marker; then exit 0; fi; sleep 0.5; done; exit 1;'
|
||||
|
||||
cat <<EOF > /run/systemd/system/nspawn_machinectl_bind.service
|
||||
[Service]
|
||||
Type=notify
|
||||
ExecStart=systemd-nspawn $SUSE_OPTS -D /testsuite-13.nc-container --notify-ready=no /bin/sh -x -e -c "$_cmd"
|
||||
EOF
|
||||
|
||||
systemctl start nspawn_machinectl_bind.service
|
||||
|
||||
touch /tmp/marker
|
||||
|
||||
machinectl bind --mkdir testsuite-13.nc-container /tmp/marker
|
||||
|
||||
while systemctl show -P SubState nspawn_machinectl_bind.service | grep -q running
|
||||
do
|
||||
sleep 0.1
|
||||
done
|
||||
|
||||
return $(systemctl show -P ExecMainStatus nspawn_machinectl_bind.service)
|
||||
}
|
||||
|
||||
function run {
|
||||
if [[ "$1" = "yes" && "$is_v2_supported" = "no" ]]; then
|
||||
printf "Unified cgroup hierarchy is not supported. Skipping.\n" >&2
|
||||
@ -186,4 +209,6 @@ for api_vfs_writable in yes no network; do
|
||||
run yes yes $api_vfs_writable
|
||||
done
|
||||
|
||||
check_machinectl_bind
|
||||
|
||||
touch /testok
|
||||
|
Loading…
Reference in New Issue
Block a user