[systemd-devel] [PATCH 3/4] shutdown: don't do final unmounting when inside the container and running without CAP_SYS_ADMIN
Michal Sekletar
msekleta at redhat.com
Tue Oct 7 05:17:43 PDT 2014
On Thu, Oct 02, 2014 at 12:04:02PM +0200, Lennart Poettering wrote:
> On Thu, 02.10.14 09:57, Michal Sekletar (msekleta at redhat.com) wrote:
>
> > #define FINALIZE_ATTEMPTS 50
> >
> > @@ -207,7 +208,11 @@ int main(int argc, char *argv[]) {
> >
> > in_container = detect_container(NULL) > 0;
> >
> > - need_umount = true;
> > + if (in_container && !have_effective_cap(CAP_SYS_ADMIN))
> > + need_umount = false;
> > + else
> > + need_umount = true;
> > +
> > need_swapoff = !in_container;
> > need_loop_detach = !in_container;
> > need_dm_detach = !in_container;
>
> Hmm, I think we should just do "need_umount = !in_container", like we
> do for the other things like loopback detaching, dm detaching or
> swapoff. After all, if we run in a container we run in a mount
> namespace anyway, so unmounting things is done by the kernel
> implicitly if the namespace dies. At least in theory this means we can
> simply skip the unmounting in all containers, but I must admit that I
> am not entirely clear on this one, so this needs to be tested in the
> common container managers really, I figure...
Do you mind if I push just need_umount = !in_container then?
Michal
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list