git.ipfire.org Git - thirdparty/systemd.git/commit

author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Sat, 12 Aug 2023 06:18:41 +0000 (15:18 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Tue, 22 Aug 2023 02:50:16 +0000 (11:50 +0900)
commit	94fe4cf2557d1f70f20ee02d32f4c2ae6bc1fb3f
tree	18f374ba064ad7a3b53976ec2678564b520f7fe6	tree \| snapshot
parent	7241b9cd72d6e6079d5140cf24c34e78d3cf43cc	commit \| diff

core: do not leak mount for credentials directory if mount namespace is enabled

Since kernel v5.2, open_tree() and move_mount() are added. If a service
loads or sets credentials, then let's try to clone the mount that contains
credentials with open_tree(), then mount it after a (private) mount
namespace is initialized for the service. Then, we can setup a mount for
credentials directory without leaking it to the main shared mount
namespace.

With this change, the credentials for services that request their own
private mount namespace become much much safer. And, the number of mount
events triggered by setting up credential directories can be decreased.

Unfortunately, this does not 'fix' the original issue #25527, as the
reported service does not requests private mount namespace, but the
situation should be better now.

src/core/credential.c		diff \| blob \| blame \| history
src/core/credential.h		diff \| blob \| blame \| history
src/core/execute.c		diff \| blob \| blame \| history
src/core/namespace.c		diff \| blob \| blame \| history
src/core/namespace.h		diff \| blob \| blame \| history
src/test/test-namespace.c		diff \| blob \| blame \| history
src/test/test-ns.c		diff \| blob \| blame \| history