From: Mike Yuan Date: Tue, 16 Dec 2025 20:57:20 +0000 (+0100) Subject: core/service: defer cryptsetup dlopen to helper process X-Git-Tag: v259~7^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=12df39fadf96b6651d215a138c488f7eb39e1c32;p=thirdparty%2Fsystemd.git core/service: defer cryptsetup dlopen to helper process This should still be safe, as we block dlopen() in namespace_fork(). Partially reverts 9252e26f4cbf92428cab595045716fee783f375e. --- diff --git a/src/core/service.c b/src/core/service.c index 99dd7bd0da3..36df9c17ed0 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -14,7 +14,6 @@ #include "bus-error.h" #include "bus-util.h" #include "chase.h" -#include "cryptsetup-util.h" #include "dbus-service.h" #include "dbus-unit.h" #include "devnum-util.h" @@ -5562,8 +5561,6 @@ static int service_live_mount( u->id); } - (void) dlopen_cryptsetup(); - service_unwatch_control_pid(s); s->live_mount_result = SERVICE_SUCCESS; s->control_command = NULL; @@ -5584,7 +5581,9 @@ static int service_live_mount( * directly, and instead fork a worker process. We record the D-Bus message, so that we can reply * after the operation has finished. This way callers can wait on the message and know that the new * resource is available (or the operation failed) once they receive the response. */ - r = unit_fork_helper_process(u, "(sd-mount-in-ns)", /* into_cgroup= */ false, &worker); + r = unit_fork_helper_process_full(u, "(sd-mount-in-ns)", /* into_cgroup= */ false, + FORK_ALLOW_DLOPEN, + &worker); if (r < 0) { log_unit_error_errno(u, r, "Failed to fork process to mount '%s' on '%s' in unit's namespace: %m",