[systemd-bugs] [Bug 52039] New: With PrivateTmp enabled, the service doesn't see any changes in mounts

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jul 13 07:32:47 PDT 2012 

https://bugs.freedesktop.org/show_bug.cgi?id=52039

             Bug #: 52039
           Summary: With PrivateTmp enabled, the service doesn't see any
                    changes in mounts
    Classification: Unclassified
           Product: systemd
           Version: unspecified
          Platform: x86-64 (AMD64)
        OS/Version: Linux (All)
            Status: NEW
          Severity: major
          Priority: medium
         Component: general
        AssignedTo: systemd-bugs at lists.freedesktop.org
        ReportedBy: jedrzej at man.poznan.pl
         QAContact: systemd-bugs at lists.freedesktop.org


When PrivateTmp is enabled (true) for a service, it can't see any changes in
mounts (neither mounts on new FS, no umounts of existsing FS).

Furthermore, the service can read and write from/to files on a filesystem,
which was unmounted after the service was started.

At the moment I have httpd.service with PrivateTmp=true and sshd.service
without PrivateTmp.

# ps -ef | grep http
root       652     1  0 09:10 ?        00:00:00 /usr/sbin/httpd -k start
apache     654   652  0 09:10 ?        00:00:00 /usr/sbin/httpd -k start
apache     655   652  0 09:10 ?        00:00:00 /usr/sbin/httpd -k start
apache     656   652  0 09:10 ?        00:00:00 /usr/sbin/httpd -k start
apache     657   652  0 09:10 ?        00:00:00 /usr/sbin/httpd -k start
apache     658   652  0 09:10 ?        00:00:00 /usr/sbin/httpd -k start
apache     659   652  0 09:10 ?        00:00:00 /usr/sbin/httpd -k start
apache     660   652  0 09:10 ?        00:00:00 /usr/sbin/httpd -k start
apache     661   652  0 09:10 ?        00:00:00 /usr/sbin/httpd -k start

# ps -ef | grep sshd
root       771     1  0 Jul11 ?        00:00:00 /usr/sbin/sshd -D

I have a filesystem mounted as follows:

# mount | grep image
/dev/mapper/vg_myhost-lv_image_secure on /var/www/image_secure type ext4
(rw,relatime,seclabel,data=ordered)

Now both services can see this FS:

# cat /proc/652/mountinfo  | grep image
207 205 253:6 / /var/www/image_secure rw,relatime - ext4
/dev/mapper/vg_myhost-lv_image_secure rw,seclabel,data=ordered


# cat /proc/771/mountinfo | grep image
48 42 253:6 / /var/www/image_secure rw,relatime - ext4
/dev/mapper/vg_myhost-lv_image_secure rw,seclabel,data=ordered


When I unmount /var/www/image_secure, the httpd service can't see the change,
but sshd doesn't show this FS any more:

# umount /var/www/image_secure
# cat /proc/652/mountinfo | grep image
207 205 253:6 / /var/www/image_secure rw,relatime - ext4
/dev/mapper/vg_myhost-lv_image_secure rw,seclabel,data=ordered
# cat /proc/771/mountinfo | grep image
#

Now I can still create/read/write files on /var/www/image_secure, that is on
vg_myhost-lv_image_secure from apache. These files are not visible under my
shell (/var/www/image_secure was unmounted, and ls -la shows empty directory),
but they will show up after mounting /var/www/image_secure again.

This is on:
# cat /etc/issue
Fedora release 17 (Beefy Miracle)

Linux myhost 3.4.4-5.fc17.x86_64 #1 SMP Thu Jul 5 20:20:59 UTC 2012 x86_64
x86_64 x86_64 GNU/Linux

systemd-44-17.fc17.x86_64

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the systemd-bugs mailing list