From 0cc496b2d21f73d0a03414ce40eceb9e3af76e22 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 19 Oct 2024 14:38:08 +0900 Subject: [PATCH] core/namespace: honor MountEntry.read_only, .options, and so on in static entries Otherwise, ProtectHome=tmpfs makes /home/ and friends not read-only. Also, mount options for /run/ specified in MountAPIVFS=yes are not applied. The function append_static_mounts() was introduced in 5327c910d2fc1ae91bd0b891be92b30379c7467b, but at that time, there were neither .read_only nor .options in the struct. But, when later the struct is extended, the function was not updated and they were not copied from the static table. The fields has been used in static tables since e4da7d8c796a1fd11ecfa80fb8a48eac9e823f06, and also in 94293d65cd4125347e21b3e423d0e245226b1be2. Fixes #34825. --- src/core/namespace.c | 15 ++++++++++----- test/units/TEST-07-PID1.exec-context.sh | 13 +++++++++++-- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index e1a88f2455e..6606d767ede 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -714,11 +714,16 @@ static int append_static_mounts(MountList *ml, const MountEntry *mounts, size_t if (!me) return log_oom_debug(); - *me = (MountEntry) { - .path_const = mount_entry_path(m), - .mode = m->mode, - .ignore = m->ignore || ignore_protect, - }; + /* No dynamic values allowed. */ + assert(m->path_const); + assert(!m->path_malloc); + assert(!m->unprefixed_path_malloc); + assert(!m->source_malloc); + assert(!m->options_malloc); + assert(!m->overlay_layers); + + *me = *m; + me->ignore = me->ignore || ignore_protect; } return 0; diff --git a/test/units/TEST-07-PID1.exec-context.sh b/test/units/TEST-07-PID1.exec-context.sh index 08094609559..46fb1f79e85 100755 --- a/test/units/TEST-07-PID1.exec-context.sh +++ b/test/units/TEST-07-PID1.exec-context.sh @@ -55,13 +55,22 @@ if [[ -z "${COVERAGE_BUILD_DIR:-}" ]]; then bash -xec "test ! -w /home; test ! -w /root; test ! -w /run/user; test ! -e $MARK" systemd-run --wait --pipe -p ProtectHome=read-only \ bash -xec "test ! -w /home; test ! -w /root; test ! -w /run/user; test -e $MARK" - systemd-run --wait --pipe -p ProtectHome=tmpfs \ - bash -xec "test -w /home; test -w /root; test -w /run/user; test ! -e $MARK" + systemd-run --wait --pipe -p ProtectHome=tmpfs -p TemporaryFileSystem=/home/foo \ + bash -xec "test ! -w /home; test ! -w /root; test ! -w /run/user; test ! -e $MARK; test -w /home/foo" systemd-run --wait --pipe -p ProtectHome=no \ bash -xec "test -w /home; test -w /root; test -w /run/user; test -e $MARK" rm -f "$MARK" fi +systemd-run --wait --pipe -p PrivateMounts=true -p MountAPIVFS=yes \ + bash -xec '[[ "$(findmnt --mountpoint /proc --noheadings -o FSTYPE)" == proc ]]; + [[ "$$(findmnt --mountpoint /dev --noheadings -o FSTYPE)" =~ (devtmpfs|tmpfs) ]]; + [[ "$$(findmnt --mountpoint /sys --noheadings -o FSTYPE)" =~ (sysfs|tmpfs) ]]; + [[ "$$(findmnt --mountpoint /run --noheadings -o FSTYPE)" == tmpfs ]]; + [[ "$$(findmnt --mountpoint /run --noheadings -o VFS-OPTIONS)" =~ rw ]]; + [[ "$$(findmnt --mountpoint /run --noheadings -o VFS-OPTIONS)" =~ nosuid ]]; + [[ "$$(findmnt --mountpoint /run --noheadings -o VFS-OPTIONS)" =~ nodev ]]' + if proc_supports_option "hidepid=off"; then systemd-run --wait --pipe -p ProtectProc=noaccess -p User=testuser \ bash -xec 'test -e /proc/1; test ! -r /proc/1; test -r /proc/$$$$/comm' -- 2.47.3