From 42b1d8e0f5c025d3c85a4a60fda73d98bf725da5 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 4 Jan 2018 00:16:53 +0900 Subject: [PATCH 1/3] Revert "core/execute: RuntimeDirectory= or friends requires mount namespace" This reverts commit 652bb2637aee54e3503a22d2928a929ecd7a84b3. Fixes #7761. --- src/core/execute.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index 3f3d73272e6..de72786d7fe 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1789,12 +1789,7 @@ static bool exec_needs_mount_namespace( !strv_isempty(context->inaccessible_paths)) return true; - if (context->n_bind_mounts > 0 || - !strv_isempty(context->directories[EXEC_DIRECTORY_RUNTIME].paths) || - !strv_isempty(context->directories[EXEC_DIRECTORY_STATE].paths) || - !strv_isempty(context->directories[EXEC_DIRECTORY_CACHE].paths) || - !strv_isempty(context->directories[EXEC_DIRECTORY_LOGS].paths) || - !strv_isempty(context->directories[EXEC_DIRECTORY_CONFIGURATION].paths)) + if (context->n_bind_mounts > 0) return true; if (context->mount_flags != 0) @@ -1814,6 +1809,13 @@ static bool exec_needs_mount_namespace( if (context->mount_apivfs && (context->root_image || context->root_directory)) return true; + if (context->dynamic_user && + (!strv_isempty(context->directories[EXEC_DIRECTORY_RUNTIME].paths) || + !strv_isempty(context->directories[EXEC_DIRECTORY_STATE].paths) || + !strv_isempty(context->directories[EXEC_DIRECTORY_CACHE].paths) || + !strv_isempty(context->directories[EXEC_DIRECTORY_LOGS].paths))) + return true; + return false; } From b43ee82fc1366489963b319dd5f1f22d2833883c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 4 Jan 2018 00:20:44 +0900 Subject: [PATCH 2/3] core: RuntimeDirectory= does not request new mount namespace Now RuntimeDirectory= does not create 'private' directory. Thus, it is not neccessary to request new mount namespace. Follow-up for 8092a48cc1d1fb20b66371576754df831d30a43b. --- src/core/execute.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index de72786d7fe..2ec8620b867 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1810,8 +1810,7 @@ static bool exec_needs_mount_namespace( return true; if (context->dynamic_user && - (!strv_isempty(context->directories[EXEC_DIRECTORY_RUNTIME].paths) || - !strv_isempty(context->directories[EXEC_DIRECTORY_STATE].paths) || + (!strv_isempty(context->directories[EXEC_DIRECTORY_STATE].paths) || !strv_isempty(context->directories[EXEC_DIRECTORY_CACHE].paths) || !strv_isempty(context->directories[EXEC_DIRECTORY_LOGS].paths))) return true; From 4657abb5d456fa351386a2dfae34b6c3afdb19bb Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 30 Dec 2017 18:38:26 +0900 Subject: [PATCH 3/3] execute: make "runtime" argument const in exec_needs_mount_namespace() The argument can be const, then let's make so. --- src/core/execute.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/execute.c b/src/core/execute.c index 2ec8620b867..1572515615d 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1776,7 +1776,7 @@ static int build_pass_environment(const ExecContext *c, char ***ret) { static bool exec_needs_mount_namespace( const ExecContext *context, const ExecParameters *params, - ExecRuntime *runtime) { + const ExecRuntime *runtime) { assert(context); assert(params);