]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b257b19) | patch
namespace: be more careful when handling namespacing failures gracefully
authorLennart Poettering <lennart@poettering.net>
Fri, 10 Aug 2018 13:07:14 +0000 (15:07 +0200)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 21 Aug 2018 18:00:33 +0000 (20:00 +0200)
commit1beab8b0d0ff2d7d1436b52d4a0c3d56dc908962
tree2d9d53d24f8d53ecd5dfa27be8c2f298b02b9362tree | snapshot
parentb257b19e6ba05559c126356526a4b7e095afa39ecommit | diff
namespace: be more careful when handling namespacing failures gracefully

This makes two changes to the namespacing code:

1. We'll only gracefully skip service namespacing on access failure if
   exclusively sandboxing options where selected, and not mount-related
   options that result in a very different view of the world. For example,
   ignoring RootDirectory=, RootImage= or Bind= is really probablematic,
   but ReadOnlyPaths= is just a weaker sandbox.

2. The namespacing code will now return a clearly recognizable error
   code when it cannot enforce its namespacing, so that we cannot
   confuse EPERM errors from mount() with those from unshare(). Only the
   errors from the first unshare() are now taken as hint to gracefully
   disable namespacing.

Fixes: #9844 #9835
src/core/execute.c diff | blob | blame | history
src/core/namespace.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.