From fe487d3670040a7e019b5e01260603f970f8af4c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 28 Nov 2025 16:18:07 +0100 Subject: [PATCH] namespace: extend bind mount ignore field to permission issues A later commit will add transient allocation of user namespaces with dynamic UID range assignment. That creates certain permission issues. Let's hence allow them to be handled gracefully in case the 'ignore' field is set for a mount. --- man/systemd.exec.xml | 20 ++++++++++---------- src/core/namespace.c | 18 +++++++++++++----- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 87bd3fd92ae..59b6919a75e 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -450,16 +450,16 @@ BindPaths= BindReadOnlyPaths= - Configures unit-specific bind mounts. A bind mount makes a particular file or directory - available at an additional place in the unit's view of the file system. Any bind mounts created with this - option are specific to the unit, and are not visible in the host's mount table. This option expects a - whitespace separated list of bind mount definitions. Each definition consists of a colon-separated triple of - source path, destination path and option string, where the latter two are optional. If only a source path is - specified the source and destination is taken to be the same. The option string may be either - rbind or norbind for configuring a recursive or non-recursive bind - mount. If the destination path is omitted, the option string must be omitted too. - Each bind mount definition may be prefixed with -, in which case it will be ignored - when its source path does not exist. + Configures unit-specific bind mounts. A bind mount makes a particular file or + directory available at an additional place in the unit's view of the file system. Any bind mounts + created with this option are specific to the unit, and are not visible in the host's mount + table. This option expects a whitespace separated list of bind mount definitions. Each definition + consists of a colon-separated triple of source path, destination path and option string, where the + latter two are optional. If only a source path is specified the source and destination is taken to be + the same. The option string may be either rbind or norbind for + configuring a recursive or non-recursive bind mount. If the destination path is omitted, the option + string must be omitted too. Each bind mount definition may be prefixed with -, in + which case it will be ignored when its source path does not exist or is not accessible. BindPaths= creates regular writable bind mounts (unless the source file system mount is already marked read-only), while BindReadOnlyPaths= creates read-only bind mounts. These diff --git a/src/core/namespace.c b/src/core/namespace.c index 680ee262852..e348d26c43b 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -2016,12 +2016,20 @@ static int apply_one_mount( } r = chase(mount_entry_source(m), NULL, CHASE_TRAIL_SLASH|CHASE_TRIGGER_AUTOFS, &chased, NULL); - if (r == -ENOENT && m->ignore) { - log_debug_errno(r, "Path %s does not exist, ignoring.", mount_entry_source(m)); - return 0; - } - if (r < 0) + if (r < 0) { + if (m->ignore) { + if (r == -ENOENT) { + log_debug_errno(r, "Path '%s' does not exist, ignoring.", mount_entry_source(m)); + return 0; + } + if (ERRNO_IS_NEG_PRIVILEGE(r)) { + log_debug_errno(r, "Path '%s' is not accessible, ignoring: %m", mount_entry_source(m)); + return 0; + } + } + return log_debug_errno(r, "Failed to follow symlinks on %s: %m", mount_entry_source(m)); + } log_debug("Followed source symlinks %s %s %s.", mount_entry_source(m), glyph(GLYPH_ARROW_RIGHT), chased); -- 2.47.3