[systemd-devel] [PATCH 3/4] shutdown: don't do final unmounting when inside the container and running without CAP_SYS_ADMIN
Michal Sekletar
msekleta at redhat.com
Thu Oct 2 00:57:43 PDT 2014
---
Makefile.am | 3 ++-
src/core/shutdown.c | 7 ++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 5033028..f8104bc 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1925,7 +1925,8 @@ systemd_shutdown_SOURCES = \
systemd_shutdown_LDADD = \
libsystemd-label.la \
libudev-internal.la \
- libsystemd-shared.la
+ libsystemd-shared.la \
+ libsystemd-capability.la
# ------------------------------------------------------------------------------
if HAVE_KMOD
diff --git a/src/core/shutdown.c b/src/core/shutdown.c
index 1e88b05..5b539f0 100644
--- a/src/core/shutdown.c
+++ b/src/core/shutdown.c
@@ -49,6 +49,7 @@
#include "cgroup-util.h"
#include "def.h"
#include "switch-root.h"
+#include "capability.h"
#define FINALIZE_ATTEMPTS 50
@@ -207,7 +208,11 @@ int main(int argc, char *argv[]) {
in_container = detect_container(NULL) > 0;
- need_umount = true;
+ if (in_container && !have_effective_cap(CAP_SYS_ADMIN))
+ need_umount = false;
+ else
+ need_umount = true;
+
need_swapoff = !in_container;
need_loop_detach = !in_container;
need_dm_detach = !in_container;
--
2.0.1
More information about the systemd-devel
mailing list