From: Luca Boccassi <bluca@debian.org>
Date: Sun, 30 Apr 2023 18:21:23 +0000 (+0100)
Subject: generators: skip private tmpfs if /tmp does not exist
X-Git-Tag: v254-rc1~577
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8fba0cded2c3e14fe8c0b52aae3ecf2c9fa718e;p=thirdparty%2Fsystemd.git

generators: skip private tmpfs if /tmp does not exist

When spawning generators within a sandbox we want a private /tmp, but it
might not exist, and on some systems we might be unable to create it
because users want a BTRFS subvolume instead.

Fixes https://github.com/systemd/systemd/issues/27436
---

diff --git a/src/core/manager.c b/src/core/manager.c
index ce9b27ece79..9e91aba6327 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3959,6 +3959,7 @@ static int manager_execute_generators(Manager *m, char **paths, bool remount_ro)
 }
 
 static int manager_run_generators(Manager *m) {
+        ForkFlags flags = FORK_RESET_SIGNALS | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE;
         _cleanup_strv_free_ char **paths = NULL;
         int r;
 
@@ -3989,9 +3990,12 @@ static int manager_run_generators(Manager *m) {
                 goto finish;
         }
 
-        r = safe_fork("(sd-gens)",
-                      FORK_RESET_SIGNALS | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE | FORK_PRIVATE_TMP,
-                      NULL);
+        /* On some systems /tmp/ doesn't exist, and on some other systems we cannot create it at all. Avoid
+         * trying to mount a private tmpfs on it as there's no one size fits all. */
+        if (is_dir("/tmp", /* follow= */ false) > 0)
+                flags |= FORK_PRIVATE_TMP;
+
+        r = safe_fork("(sd-gens)", flags, NULL);
         if (r == 0) {
                 r = manager_execute_generators(m, paths, /* remount_ro= */ true);
                 _exit(r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE);