nspawn: always use mode 555 for /sys

When a network namespace is needed, /sys is mounted as tmpfs (see commit d8fc6a000fe21b0c1ba27f for details). But in this case mode 755 was used as initial permissions for /sys whereas the default mode for sysfs is 555. In practice using 755 doesn't have any impact because /sys is mounted read-only too but for consistency, let's use the correct mode. Fixes: #10050
2025-05-27 21:05:55 +03:00 · 2018-09-10 14:17:32 +02:00 · 2018-09-10 14:17:32 +02:00 · 03d0f4b58e
commit 03d0f4b58e
parent da0da5eccf
1 changed files with 1 additions and 1 deletions
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@ -550,7 +550,7 @@ int mount_all(const char *dest,
                /* Then we list outer child mounts (i.e. mounts applied *before* entering user namespacing) */
                { "tmpfs",           "/tmp",            "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
                  MOUNT_FATAL },
-                { "tmpfs",           "/sys",            "tmpfs", "mode=755",  MS_NOSUID|MS_NOEXEC|MS_NODEV,
+                { "tmpfs",           "/sys",            "tmpfs", "mode=555",  MS_NOSUID|MS_NOEXEC|MS_NODEV,
                  MOUNT_FATAL|MOUNT_APPLY_APIVFS_NETNS },
                { "sysfs",           "/sys",            "sysfs", NULL,        MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV,
                  MOUNT_FATAL|MOUNT_APPLY_APIVFS_RO },    /* skipped if above was mounted */