From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 29 Dec 2017 17:52:20 +0000 (+0100)
Subject: process-util: add new FORK_NEW_MOUNTNS flag to safe_fork()
X-Git-Tag: v237~146^2~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be39f6ee315e8935fc4999ffd3b072e358043714;p=thirdparty%2Fsystemd.git

process-util: add new FORK_NEW_MOUNTNS flag to safe_fork()

That way we can move one more code location to use safe_fork()
---

diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index 69f1d1e7b4e..d74813dada4 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -1199,7 +1199,10 @@ int safe_fork_full(
                 if (sigprocmask(SIG_SETMASK, &ss, &saved_ss) < 0)
                         return log_full_errno(prio, errno, "Failed to set signal mask: %m");
 
-        pid = fork();
+        if (flags & FORK_NEW_MOUNTNS)
+                pid = raw_clone(SIGCHLD|CLONE_NEWNS);
+        else
+                pid = fork();
         if (pid < 0) {
                 r = -errno;
 
diff --git a/src/basic/process-util.h b/src/basic/process-util.h
index ba247a089d9..fdb1790b2ec 100644
--- a/src/basic/process-util.h
+++ b/src/basic/process-util.h
@@ -168,6 +168,7 @@ typedef enum ForkFlags {
         FORK_REOPEN_LOG    = 1U << 4,
         FORK_LOG           = 1U << 5,
         FORK_WAIT          = 1U << 6,
+        FORK_NEW_MOUNTNS   = 1U << 7,
 } ForkFlags;
 
 int safe_fork_full(const char *name, const int except_fds[], size_t n_except_fds, ForkFlags flags, pid_t *ret_pid);
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 05a9f37da38..35b2c56555b 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -1259,18 +1259,10 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
         if (r < 0)
                 goto finish;
 
-        child = raw_clone(SIGCHLD|CLONE_NEWNS);
-        if (child < 0) {
-                r = -errno;
+        r = safe_fork("(sd-dissect)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_NEW_MOUNTNS, &child);
+        if (r < 0)
                 goto finish;
-        }
-
-        if (child == 0) {
-
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
-
+        if (r == 0) {
                 /* Make sure we never propagate to the host */
                 if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
                         _exit(EXIT_FAILURE);