git.ipfire.org Git - thirdparty/systemd.git/commit

author	Luca Boccassi <bluca@debian.org>
	Sun, 13 Aug 2023 21:29:25 +0000 (22:29 +0100)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Wed, 16 Aug 2023 15:17:41 +0000 (16:17 +0100)
commit	663e27564ff4529b04da0ddc96804eb4e084a043
tree	bfd59362a172358724dc70ca216802a38c7cf45d	tree \| snapshot
parent	409986ed3ed9db7315aa50ee515de5b579f57bad	commit \| diff

core: stage /run/host/os-release with a symlink to avoid possible race condition

If someone reads /run/host/os-release at the exact same time it is being updated, and it
is large enough, they might read a half-written file. This is very unlikely as
os-release is typically small and very rarely changes, but it is not
impossible.

Bind mount a staging directory instead of the file, and symlink the file
into into, so that we can do atomic file updates and close this gap.
Atomic replacement creates a new inode, so existing bind mounts would
continue to see the old file, and only new services would see the new file.
The indirection via the directory allows to work around this, as the
directory is fixed and never changes so the bind mount is always valid,
and its content is shared with all existing services.

Fixes https://github.com/systemd/systemd/issues/28794

Follow-up for 3f37a82545d461ab

src/core/execute.c		diff \| blob \| blame \| history
src/core/main.c		diff \| blob \| blame \| history
src/core/namespace.c		diff \| blob \| blame \| history
src/core/namespace.h		diff \| blob \| blame \| history
test/units/testsuite-82.sh		diff \| blob \| blame \| history