[systemd-devel] [PATCH 3/4] shutdown: don't do final unmounting when inside the container and running without CAP_SYS_ADMIN
Lennart Poettering
lennart at poettering.net
Thu Oct 2 03:04:02 PDT 2014
On Thu, 02.10.14 09:57, Michal Sekletar (msekleta at redhat.com) wrote:
> #define FINALIZE_ATTEMPTS 50
>
> @@ -207,7 +208,11 @@ int main(int argc, char *argv[]) {
>
> in_container = detect_container(NULL) > 0;
>
> - need_umount = true;
> + if (in_container && !have_effective_cap(CAP_SYS_ADMIN))
> + need_umount = false;
> + else
> + need_umount = true;
> +
> need_swapoff = !in_container;
> need_loop_detach = !in_container;
> need_dm_detach = !in_container;
Hmm, I think we should just do "need_umount = !in_container", like we
do for the other things like loopback detaching, dm detaching or
swapoff. After all, if we run in a container we run in a mount
namespace anyway, so unmounting things is done by the kernel
implicitly if the namespace dies. At least in theory this means we can
simply skip the unmounting in all containers, but I must admit that I
am not entirely clear on this one, so this needs to be tested in the
common container managers really, I figure...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list