From: Mike Yuan Date: Sun, 18 Jan 2026 21:54:17 +0000 (+0100) Subject: core/namespace: remove availability checks for procfs hidepid=/subset= opts X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fd7c5ecdfd569d8c491b9583510a16c1e87290b;p=thirdparty%2Fsystemd.git core/namespace: remove availability checks for procfs hidepid=/subset= opts --- diff --git a/README b/README index 2410174138e..3f4bce5c924 100644 --- a/README +++ b/README @@ -50,7 +50,8 @@ REQUIREMENTS: ≥ 5.6 for getrandom() GRND_INSECURE ≥ 5.7 for CLONE_INTO_CGROUP, cgroup2fs memory_recursiveprot option, BPF links and the BPF LSM hook - ≥ 5.8 for LOOP_CONFIGURE and STATX_ATTR_MOUNT_ROOT + ≥ 5.8 for LOOP_CONFIGURE, STATX_ATTR_MOUNT_ROOT, and procfs + per-instance hidepid=/subset= options ≥ 5.9 for close_range() ≥ 5.10 for STATX_MNT_ID and MS_NOSYMFOLLOW mount option diff --git a/src/core/namespace.c b/src/core/namespace.c index 87d93a4fe76..065e291ccb0 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -1515,6 +1515,7 @@ static int mount_private_cgroup2fs(const MountEntry *m, const NamespaceParameter static int mount_procfs(const MountEntry *m, const NamespaceParameters *p) { _cleanup_free_ char *opts = NULL; + int r; assert(m); assert(p); @@ -1522,32 +1523,16 @@ static int mount_procfs(const MountEntry *m, const NamespaceParameters *p) { if (p->protect_proc != PROTECT_PROC_DEFAULT || p->proc_subset != PROC_SUBSET_ALL) { - /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it - * pretended to be per-instance but actually was per-namespace), hence let's make use of it - * if requested. To make sure this logic succeeds only on kernels where hidepid= is - * per-instance, we'll exclusively use the textual value for hidepid=, since support was - * added in the same commit: if it's supported it is thus also per-instance. */ - - const char *hpv = p->protect_proc == PROTECT_PROC_DEFAULT ? - "off" : - protect_proc_to_string(p->protect_proc); - - /* hidepid= support was added in 5.8, so we can use fsconfig()/fsopen() (which were added in - * 5.2) to check if hidepid= is supported. This avoids a noisy dmesg log by the kernel when - * trying to use hidepid= on systems where it isn't supported. The same applies for subset=. - * fsopen()/fsconfig() was also backported on some distros which allows us to detect - * hidepid=/subset= support in even more scenarios. */ - - if (mount_option_supported("proc", "hidepid", hpv) > 0) { - opts = strjoin("hidepid=", hpv); - if (!opts) - return -ENOMEM; - } + opts = strjoin("hidepid=", + p->protect_proc == PROTECT_PROC_DEFAULT ? "off" : protect_proc_to_string(p->protect_proc)); + if (!opts) + return -ENOMEM; - if (p->proc_subset == PROC_SUBSET_PID && - mount_option_supported("proc", "subset", "pid") > 0) - if (!strextend_with_separator(&opts, ",", "subset=pid")) - return -ENOMEM; + if (p->proc_subset != PROC_SUBSET_ALL) { + r = strextendf_with_separator(&opts, ",", "subset=%s", proc_subset_to_string(p->proc_subset)); + if (r < 0) + return r; + } } /* Mount a new instance, so that we get the one that matches our user namespace, if we are running in