]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 53c0397) | patch
Revert "core: do not leak mount for credentials directory if mount namespace is enabled"
authorYu Watanabe <watanabe.yu+github@gmail.com>
Fri, 25 Aug 2023 06:54:52 +0000 (15:54 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Wed, 6 Sep 2023 15:53:28 +0000 (00:53 +0900)
commit73ff4d48de888d6f9908f5383b70a4d53e8edd7a
treebc8f71ceb2c8d20fb9f3ccb82ae805c0dbf5b986tree | snapshot
parent53c0397b1dbc95f144d9a551c2086d132933e8cecommit | diff
Revert "core: do not leak mount for credentials directory if mount namespace is enabled"

This reverts commits
9ae3624889b98f75efa6fd0c5f4b4de3eaf328d4
  "test-execute: add tests for credentials directory with mount namespace"↲
94fe4cf2557d1f70f20ee02d32f4c2ae6bc1fb3f
  "core: do not leak mount for credentials directory if mount namespace is enabled",
7241b9cd72d6e6079d5140cf24c34e78d3cf43cc
  "core/credential: make setup_credentials() return path to credentials directory",
fbaf3b23ae4aa79110ebd37aada70ce6a044c692
  "core: set $CREDENTIALS_DIRECTORY only when we set up credentials"

Before the commits, credentials directory set up on ExecStart= was kept
on e.g. ExecStop=. But, with the changes, if a service requests a
private mount namespace, the credentials directory is discarded after
ExecStart= is finished.

Let's revert the change, and find better way later.

Addresses the post-merge comment
https://github.com/systemd/systemd/pull/28787#issuecomment-1690614202.
12 files changed:
src/core/credential.c diff | blob | blame | history
src/core/credential.h diff | blob | blame | history
src/core/execute.c diff | blob | blame | history
src/core/namespace.c diff | blob | blame | history
src/core/namespace.h diff | blob | blame | history
src/test/test-execute.c diff | blob | blame | history
src/test/test-namespace.c diff | blob | blame | history
src/test/test-ns.c diff | blob | blame | history
test/test-execute/exec-load-credential-with-mount-namespace.service [deleted file] blob | blame | history
test/test-execute/exec-load-credential-with-seccomp.service [deleted file] blob | blame | history
test/test-execute/exec-set-credential-with-mount-namespace.service [deleted file] blob | blame | history
test/test-execute/exec-set-credential-with-seccomp.service [deleted file] blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.