[systemd-devel] [PATCH RFC] namespace: make sure ReadWriteDirectories are actually writable
Michael Olbrich
m.olbrich at pengutronix.de
Fri Dec 27 01:18:30 PST 2013
Currently adding directories to ReadWriteDirectories= only restores the
original mount flags. So e.g. setting ReadOnlyDirectories=/usr and
ReadWriteDirectories=/usr/local works as expected if the underlying file
system was writable. However, setting ReadWriteDirectories= has no effect
if the underlying file system is mounted read-only.
This patch changes that by explicitly remounting the bind mount.
---
Hi,
I'm no expert when it comes to mount flags or namespaces. In my use case
the rootfs is mounted read-only. I'd like to make it writeable for some
selected services. I can do this manually but it would be nicer to let
systemd do it for me. This works for me. I have no idea if there are better
ways to do this.
Regards,
Michael
src/core/namespace.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 85147be..cc3ae51 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -188,6 +188,21 @@ static int make_read_only(BindMount *m) {
return 0;
}
+static int make_read_write(BindMount *m) {
+ int r;
+
+ assert(m);
+
+ if (m->mode != READWRITE)
+ return 0;
+
+ r = mount(NULL, m->path, NULL, MS_REMOUNT|MS_REC, NULL);
+ if (r < 0 && !(m->ignore && errno == ENOENT))
+ return -errno;
+
+ return 0;
+}
+
int setup_namespace(
char** read_write_dirs,
char** read_only_dirs,
@@ -258,6 +273,9 @@ int setup_namespace(
r = make_read_only(m);
if (r < 0)
goto fail;
+ r = make_read_write(m);
+ if (r < 0)
+ goto fail;
}
/* Remount / as the desired mode */
--
1.8.5.1
More information about the systemd-devel
mailing list