[systemd-devel] [PATCH 2/4] mount-setup: introduce mount_setup_run_dirs()

Michal Sekletar msekleta at redhat.com
Thu Oct 2 00:57:42 PDT 2014 

In cases when we are running as system manager, but we don't have the
capability to mount filesystems don't call mount_setup(). However we
assume that some directories (e.g. /run/systemd) are always
around. Hence don't create those directories in mount_setup().
---
 src/core/main.c        |  7 ++++++-
 src/core/mount-setup.c | 20 ++++++++++++--------
 src/core/mount-setup.h |  1 +
 3 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/core/main.c b/src/core/main.c
index 1a62e04..fcd9471 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1393,10 +1393,15 @@ int main(int argc, char *argv[]) {
 
         /* Mount /proc, /sys and friends, so that /proc/cmdline and
          * /proc/$PID/fd is available. */
-        if (getpid() == 1) {
+        if (getpid() == 1 && have_effective_cap(CAP_SYS_ADMIN)) {
                 r = mount_setup(loaded_policy);
                 if (r < 0)
                         goto finish;
+        } else if (getpid() == 1 && detect_container(NULL) > 0) {
+                /* Running inside the container as PID 1 but without capability
+                   to mount filesystems. Create at least directories we always
+                   expect to be around */
+                mount_setup_run_dirs();
         }
 
         /* Reset all signal handlers. */
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index 23a66d2..cd2991d 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -373,6 +373,17 @@ static int nftw_cb(
         return FTW_CONTINUE;
 };
 
+void mount_setup_run_dirs(void) {
+        /* Create a few directories we always want around, Note that
+         * sd_booted() checks for /run/systemd/system, so this mkdir
+         * really needs to stay for good, otherwise software that
+         * copied sd-daemon.c into their sources will misdetect
+         * systemd. */
+        mkdir_label("/run/systemd", 0755);
+        mkdir_label("/run/systemd/system", 0755);
+        mkdir_label("/run/systemd/inaccessible", 0000);
+}
+
 int mount_setup(bool loaded_policy) {
         int r;
         unsigned i;
@@ -418,14 +429,7 @@ int mount_setup(bool loaded_policy) {
                 if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0)
                         log_warning("Failed to set up the root directory for shared mount propagation: %m");
 
-        /* Create a few directories we always want around, Note that
-         * sd_booted() checks for /run/systemd/system, so this mkdir
-         * really needs to stay for good, otherwise software that
-         * copied sd-daemon.c into their sources will misdetect
-         * systemd. */
-        mkdir_label("/run/systemd", 0755);
-        mkdir_label("/run/systemd/system", 0755);
-        mkdir_label("/run/systemd/inaccessible", 0000);
+        mount_setup_run_dirs();
 
         return 0;
 }
diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h
index 4b521ad..bfe92b1 100644
--- a/src/core/mount-setup.h
+++ b/src/core/mount-setup.h
@@ -25,6 +25,7 @@
 
 int mount_setup_early(void);
 
+void mount_setup_run_dirs(void);
 int mount_setup(bool loaded_policy);
 
 int mount_cgroup_controllers(char ***join_controllers);
-- 
2.0.1

More information about the systemd-devel mailing list