diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index 8c3fa7b286..d5ef796e52 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -1264,7 +1264,7 @@ const sd_bus_vtable bus_exec_vtable[] = { SD_BUS_PROPERTY("ExecPaths", "as", NULL, offsetof(ExecContext, exec_paths), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("NoExecPaths", "as", NULL, offsetof(ExecContext, no_exec_paths), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ExecSearchPath", "as", NULL, offsetof(ExecContext, exec_search_path), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong, offsetof(ExecContext, mount_flags), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong, offsetof(ExecContext, mount_propagation_flag), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool, offsetof(ExecContext, private_tmp), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool, offsetof(ExecContext, private_devices), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ProtectClock", "b", bus_property_get_bool, offsetof(ExecContext, protect_clock), SD_BUS_VTABLE_PROPERTY_CONST), @@ -1673,7 +1673,7 @@ static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(personality, unsigned long, parse_pers static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(secure_bits, "i", int32_t, int, "%" PRIi32, secure_bits_to_string_alloc_with_check); static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(capability, "t", uint64_t, uint64_t, "%" PRIu64, capability_set_to_string); static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(namespace_flag, "t", uint64_t, unsigned long, "%" PRIu64, namespace_flags_to_string); -static BUS_DEFINE_SET_TRANSIENT_TO_STRING(mount_flags, "t", uint64_t, unsigned long, "%" PRIu64, mount_propagation_flag_to_string_with_check); +static BUS_DEFINE_SET_TRANSIENT_TO_STRING(mount_propagation_flag, "t", uint64_t, unsigned long, "%" PRIu64, mount_propagation_flag_to_string_with_check); int bus_exec_context_set_transient_property( Unit *u, @@ -2113,7 +2113,7 @@ int bus_exec_context_set_transient_property( } if (streq(name, "MountFlags")) - return bus_set_transient_mount_flags(u, name, &c->mount_flags, message, flags, error); + return bus_set_transient_mount_propagation_flag(u, name, &c->mount_propagation_flag, message, flags, error); if (streq(name, "NetworkNamespacePath")) return bus_set_transient_path(u, name, &c->network_namespace_path, message, flags, error); diff --git a/src/core/execute.c b/src/core/execute.c index 857b0b0070..6346ad79f6 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -2114,7 +2114,7 @@ bool exec_needs_mount_namespace( if (!strv_isempty(context->extension_directories)) return true; - if (!IN_SET(context->mount_flags, 0, MS_SHARED)) + if (!IN_SET(context->mount_propagation_flag, 0, MS_SHARED)) return true; if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) @@ -3671,7 +3671,7 @@ static int apply_mount_namespace( else ns_info = (NamespaceInfo) {}; - if (context->mount_flags == MS_SHARED) + if (context->mount_propagation_flag == MS_SHARED) log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring"); if (exec_context_has_credentials(context) && @@ -3726,7 +3726,7 @@ static int apply_mount_namespace( var_tmp_dir, creds_path, context->log_namespace, - context->mount_flags, + context->mount_propagation_flag, context->root_hash, context->root_hash_size, context->root_hash_path, context->root_hash_sig, context->root_hash_sig_size, context->root_hash_sig_path, context->root_verity, diff --git a/src/core/execute.h b/src/core/execute.h index 0cfbd3b1d2..1d264782fc 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -267,7 +267,7 @@ struct ExecContext { char **read_write_paths, **read_only_paths, **inaccessible_paths, **exec_paths, **no_exec_paths; char **exec_search_path; - unsigned long mount_flags; + unsigned long mount_propagation_flag; BindMount *bind_mounts; size_t n_bind_mounts; TemporaryFileSystem *temporary_filesystems; diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in index d78d6eca91..9a3ec7faf6 100644 --- a/src/core/load-fragment-gperf.gperf.in +++ b/src/core/load-fragment-gperf.gperf.in @@ -130,7 +130,7 @@ {{type}}.PrivateIPC, config_parse_bool, 0, offsetof({{type}}, exec_context.private_ipc) {{type}}.ProtectSystem, config_parse_protect_system, 0, offsetof({{type}}, exec_context.protect_system) {{type}}.ProtectHome, config_parse_protect_home, 0, offsetof({{type}}, exec_context.protect_home) -{{type}}.MountFlags, config_parse_exec_mount_flags, 0, offsetof({{type}}, exec_context.mount_flags) +{{type}}.MountFlags, config_parse_exec_mount_propagation_flag, 0, offsetof({{type}}, exec_context.mount_propagation_flag) {{type}}.MountAPIVFS, config_parse_exec_mount_apivfs, 0, offsetof({{type}}, exec_context) {{type}}.Personality, config_parse_personality, 0, offsetof({{type}}, exec_context.personality) {{type}}.RuntimeDirectoryPreserve, config_parse_runtime_preserve_mode, 0, offsetof({{type}}, exec_context.runtime_directory_preserve_mode) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 776d0f1a32..fa2f15c2f4 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -152,7 +152,7 @@ DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight"); DEFINE_CONFIG_PARSE_PTR(config_parse_cg_cpu_weight, cg_cpu_weight_parse, uint64_t, "Invalid CPU weight"); static DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares_internal, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares"); -DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flag_from_string, unsigned long, "Failed to parse mount flag"); +DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_propagation_flag, mount_propagation_flag_from_string, unsigned long, "Failed to parse mount propagation flag"); DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type"); DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat, "Failed to parse status unit format"); DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping, socket_timestamping_from_string_harder, SocketTimestamping, "Failed to parse timestamping precision"); @@ -6214,8 +6214,10 @@ void unit_dump_config_items(FILE *f) { { config_parse_nsec, "NANOSECONDS" }, { config_parse_namespace_path_strv, "PATH [...]" }, { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" }, - { config_parse_unit_requires_mounts_for, "PATH [...]" }, - { config_parse_exec_mount_flags, "MOUNTFLAG [...]" }, + { config_parse_unit_requires_mounts_for, + "PATH [...]" }, + { config_parse_exec_mount_propagation_flag, + "MOUNTFLAG [...]" }, { config_parse_unit_string_printf, "STRING" }, { config_parse_trigger_unit, "UNIT" }, { config_parse_timer, "TIMER" }, diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h index 7fd82e34cc..91dc917458 100644 --- a/src/core/load-fragment.h +++ b/src/core/load-fragment.h @@ -55,7 +55,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_root_image_options); CONFIG_PARSER_PROTOTYPE(config_parse_exec_root_hash); CONFIG_PARSER_PROTOTYPE(config_parse_exec_root_hash_sig); CONFIG_PARSER_PROTOTYPE(config_parse_capability_set); -CONFIG_PARSER_PROTOTYPE(config_parse_exec_mount_flags); +CONFIG_PARSER_PROTOTYPE(config_parse_exec_mount_propagation_flag); CONFIG_PARSER_PROTOTYPE(config_parse_timer); CONFIG_PARSER_PROTOTYPE(config_parse_trigger_unit); CONFIG_PARSER_PROTOTYPE(config_parse_path_spec); diff --git a/src/core/namespace.c b/src/core/namespace.c index 8a8ff5ac7d..90c0f84420 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -2030,7 +2030,7 @@ int setup_namespace( const char* var_tmp_dir, const char *creds_path, const char *log_namespace, - unsigned long mount_flags, + unsigned long mount_propagation_flag, const void *root_hash, size_t root_hash_size, const char *root_hash_path, @@ -2076,8 +2076,8 @@ int setup_namespace( if (!isempty(propagate_dir) && !isempty(incoming_dir)) setup_propagate = true; - if (mount_flags == 0) - mount_flags = MS_SHARED; + if (mount_propagation_flag == 0) + mount_propagation_flag = MS_SHARED; if (root_image) { /* Make the whole image read-only if we can determine that we only access it in a read-only fashion. */ @@ -2523,10 +2523,9 @@ int setup_namespace( goto finish; } - /* Remount / as the desired mode. Note that this will not - * reestablish propagation from our side to the host, since - * what's disconnected is disconnected. */ - if (mount(NULL, "/", NULL, mount_flags | MS_REC, NULL) < 0) { + /* Remount / as the desired mode. Note that this will not reestablish propagation from our side to + * the host, since what's disconnected is disconnected. */ + if (mount(NULL, "/", NULL, mount_propagation_flag | MS_REC, NULL) < 0) { r = log_debug_errno(errno, "Failed to remount '/' with desired mount flags: %m"); goto finish; } diff --git a/src/core/namespace.h b/src/core/namespace.h index 52ab6c4f2f..1cd4fdd921 100644 --- a/src/core/namespace.h +++ b/src/core/namespace.h @@ -121,7 +121,7 @@ int setup_namespace( const char *var_tmp_dir, const char *creds_path, const char *log_namespace, - unsigned long mount_flags, + unsigned long mount_propagation_flag, const void *root_hash, size_t root_hash_size, const char *root_hash_path,