shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Code

Merge pull request #29788 from poettering/nspawn-barrier-fix

Browse Source 
nspawn: fix barriers when wiping fully visible procfs/sysfs
This commit is contained in:
Lennart Poettering 2023-11-01 15:20:15 +01:00 committed by GitHub
commit 5c2597ab07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/nspawn/nspawn.c
View File

@ -3516,9 +3516,7 @@ static int inner_child(
if (!env_use) if (!env_use)
return log_oom(); return log_oom();
/* Let the parent know that we are ready and /* Let the parent know that we are ready and wait until the parent is ready with the setup, too... */
* wait until the parent is ready with the
* setup, too... */
if (!barrier_place_and_sync(barrier)) /* #5 */ if (!barrier_place_and_sync(barrier)) /* #5 */
return log_error_errno(SYNTHETIC_ERRNO(ESRCH), "Parent died too early"); return log_error_errno(SYNTHETIC_ERRNO(ESRCH), "Parent died too early");
@ -5151,6 +5149,11 @@ static int run_container(
if (r < 0) if (r < 0)
return r; return r;
/* Wait that the child is completely ready now, and has mounted their own copies of procfs and so on,
* before we take the fully visible instances away. */
if (!barrier_sync(&barrier)) /* #5.1 */
return log_error_errno(SYNTHETIC_ERRNO(ESRCH), "Child died too early.");
if (arg_userns_mode != USER_NAMESPACE_NO) { if (arg_userns_mode != USER_NAMESPACE_NO) {
r = wipe_fully_visible_fs(mntns_fd); r = wipe_fully_visible_fs(mntns_fd);
if (r < 0) if (r < 0)
@ -5158,8 +5161,9 @@ static int run_container(
mntns_fd = safe_close(mntns_fd); mntns_fd = safe_close(mntns_fd);
} }
/* Let the child know that we are ready and wait that the child is completely ready now. */ /* And now let the child know that we completed removing the procfs instances, and it can start the
if (!barrier_place_and_sync(&barrier)) /* #5 */ * payload. */
if (!barrier_place(&barrier)) /* #5.2 */
return log_error_errno(SYNTHETIC_ERRNO(ESRCH), "Child died too early."); return log_error_errno(SYNTHETIC_ERRNO(ESRCH), "Child died too early.");
/* At this point we have made use of the UID we picked, and thus nss-systemd/systemd-machined.service /* At this point we have made use of the UID we picked, and thus nss-systemd/systemd-machined.service

2
src/shared/barrier.h
View File

@ -34,7 +34,7 @@ struct Barrier {
int64_t barriers; int64_t barriers;
}; };
#define BARRIER_NULL {-1, -1, {-1, -1}, 0} #define BARRIER_NULL {-EBADF, -EBADF, {-EBADF, -EBADF}, 0}
int barrier_create(Barrier *obj); int barrier_create(Barrier *obj);
Barrier* barrier_destroy(Barrier *b); Barrier* barrier_destroy(Barrier *b);