From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 5 Jan 2026 04:24:43 +0000 (+0900)
Subject: mount-setup: memory_recursiveprot is supported since kernel v5.7
X-Git-Tag: v260-rc1~408^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80c5b63db5f7740cd25505e1e14251b6869b885a;p=thirdparty%2Fsystemd.git

mount-setup: memory_recursiveprot is supported since kernel v5.7

Our baseline on kernel is 5.10. Hence we can unconditionally use it.
---

diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c
index b044c16195a..9077d086919 100644
--- a/src/shared/mount-setup.c
+++ b/src/shared/mount-setup.c
@@ -49,19 +49,20 @@ static int cgroupfs_mount_options(int priority, const char *type, char **ret) {
         assert(streq(type, "cgroup2"));
         assert(ret);
 
-        _cleanup_free_ char *opts = NULL;
-        FOREACH_STRING(o, "memory_recursiveprot", "memory_hugetlb_accounting") {
-                r = mount_option_supported("cgroup2", o, /* value= */ NULL);
+        /* memory_hugetlb_accounting mount option is since kernel v6.7 (8cba9576df601c384abd334a503c3f6e1e29eefb). */
+
+        r = mount_option_supported("cgroup2", "memory_hugetlb_accounting", /* value= */ NULL);
+        if (r <= 0) {
                 if (r < 0)
-                        log_full_errno(priority, r, "Failed to determine whether cgroupfs supports '%s' mount option, assuming not: %m", o);
-                else if (r == 0)
-                        log_debug("'%s' not supported by cgroupfs, not using mount option.", o);
-                else if (!strextend_with_separator(&opts, ",", o))
-                        return log_oom_full(priority);
+                        log_full_errno(priority, r, "Failed to determine whether cgroupfs supports 'memory_hugetlb_accounting' mount option, assuming not: %m");
+                else
+                        log_debug("'memory_hugetlb_accounting' not supported by cgroupfs, not using mount option.");
+
+                *ret = NULL;
+                return 0;
         }
 
-        *ret = TAKE_PTR(opts);
-        return 0;
+        return strdup_to(ret, "memory_hugetlb_accounting");
 }
 
 int mount_cgroupfs(const char *path) {
@@ -81,7 +82,7 @@ int mount_cgroupfs(const char *path) {
                 return r;
 
         /* These options shall be kept in sync with those in mount_table below. */
-        if (!strprepend_with_separator(&opts, ",", "nsdelegate"))
+        if (!strprepend_with_separator(&opts, ",", "nsdelegate,memory_recursiveprot"))
                 return log_oom();
 
         return mount_nofollow_verbose(LOG_ERR, "cgroup2", path, "cgroup2", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts);
@@ -199,7 +200,7 @@ static const MountPoint mount_table[] = {
                 .what = "cgroup2",
                 .where = "/sys/fs/cgroup",
                 .type = "cgroup2",
-                .options = "nsdelegate",
+                .options = "nsdelegate,memory_recursiveprot",
                 .options_fn = cgroupfs_mount_options,
                 .flags = MS_NOSUID|MS_NOEXEC|MS_NODEV,
                 .mode = MNT_FATAL|MNT_IN_CONTAINER|MNT_CHECK_WRITABLE,