Attachment 536968 Details for Bug 658832 – fix cgroup mount when SELinux is enabled on systemd v238

[patch] fix cgroup mount when SELinux is enabled on systemd v238

90_systemd238_mount_cgroup_selinux_relabel.patch (text/plain), 2.76 KB, created by Takahiro HASHIMOTO on 2018-06-23 14:51:29 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Takahiro HASHIMOTO

Created: 2018-06-23 14:51:29 UTC

Size: 2.76 KB

patch

obsolete

>--- a/src/core/mount-setup.c	2018-06-23 22:27:48.190331895 +0900
>+++ b/src/core/mount-setup.c	2018-06-23 22:30:50.578221092 +0900
>@@ -22,6 +22,7 @@
> #include <ftw.h>
> #include <stdlib.h>
> #include <sys/mount.h>
>+#include <sys/statvfs.h>
> #include <unistd.h>
> 
> #include "alloc-util.h"
>@@ -387,6 +388,35 @@ static int nftw_cb(
> 
>         return FTW_CONTINUE;
> };
>+
>+static int relabel_cgroup_filesystems(void) {
>+        int r;
>+        struct statfs st;
>+
>+        r = cg_all_unified();
>+        if (r == 0) {
>+                /* Temporarily remount the root cgroup filesystem to give it a proper label. Do this
>+                   only when the filesystem has been already populated by a previous instance of systemd
>+                   running from initrd. Otherwise don't remount anything and leave the filesystem read-write
>+                   for the cgroup filesystems to be mounted inside. */
>+                r = statfs("/sys/fs/cgroup", &st);
>+                if (r < 0) {
>+                        return log_error_errno(errno, "Failed to determine mount flags for /sys/fs/cgroup: %m");
>+                }
>+
>+                if (st.f_flags & ST_RDONLY)
>+                        (void) mount(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT, NULL);
>+
>+                (void) label_fix("/sys/fs/cgroup", false, false);
>+                nftw("/sys/fs/cgroup", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
>+
>+                if (st.f_flags & ST_RDONLY)
>+                        (void) mount(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT|MS_RDONLY, NULL);
>+        } else if (r < 0)
>+                return log_error_errno(r, "Failed to determine whether we are in all unified mode: %m");
>+
>+        return 0;
>+}
> #endif
> 
> int mount_setup(bool loaded_policy) {
>@@ -411,15 +441,9 @@ int mount_setup(bool loaded_policy) {
>                 nftw("/dev/shm", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
>                 nftw("/run", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
> 
>-                /* Temporarily remount the root cgroup filesystem to give it a proper label. */
>-                r = cg_all_unified();
>-                if (r == 0) {
>-                        (void) mount(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT, NULL);
>-                        label_fix("/sys/fs/cgroup", false, false);
>-                        nftw("/sys/fs/cgroup", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
>-                        (void) mount(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT|MS_RDONLY, NULL);
>-                } else if (r < 0)
>-                        return log_error_errno(r, "Failed to determine whether we are in all unified mode: %m");
>+                r = relabel_cgroup_filesystems();
>+                if (r < 0)
>+                        return r;
> 
>                 after_relabel = now(CLOCK_MONOTONIC);
>

Actions: View | Diff

Attachments on bug 658832: 536968