]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c0ab40) | patch
core: support MountAPIVFS and RootDirectory in user manager 22685/head
authorLuca Boccassi <bluca@debian.org>
Wed, 9 Mar 2022 02:07:34 +0000 (02:07 +0000)
committerLuca Boccassi <bluca@debian.org>
Thu, 10 Mar 2022 10:21:03 +0000 (10:21 +0000)
commitea63a260d43c27a6b5b5ae471a8d4617bb7be447
treee6295e1c86974caabcf656b2bd2a9d30f69e47e6tree | snapshot
parent4c0ab40ab8e173062db0d36a6007a047deb5abdecommit | diff
core: support MountAPIVFS and RootDirectory in user manager

The only piece missing was to somehow make /proc appear in the
new user+mount namespace. It is not possible to mount a new
/proc instance, not even with hidepid=invisible,subset=pid, in
a user namespace unless a PID namespace is created too (and also
at the same time as the other namespaces, it is not possible to
mount a new /proc in a child process that creates a PID namespace
forked from a parent that created a user+mount namespace, it has
to happen at the same time).

Use the host's /proc with a bind-mount as a fallback for this
case. User session services would already run with it, so
nothing is lost.
man/systemd.exec.xml diff | blob | blame | history
src/core/namespace.c diff | blob | blame | history
test/TEST-43-PRIVATEUSER-UNPRIV/test.sh diff | blob | blame | history
test/units/testsuite-43.sh diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.