git.ipfire.org Git - thirdparty/systemd.git/commit

author	Daan De Meyer <daan@amutable.com>
	Tue, 10 Mar 2026 13:10:05 +0000 (14:10 +0100)
committer	Daan De Meyer <daan.j.demeyer@gmail.com>
	Wed, 1 Apr 2026 10:46:09 +0000 (12:46 +0200)
commit	af5126568af6080b5908f31fe4b39de278a02e5c
tree	44352acc6c14bdb6ac95468b0adf4208d1820ede	tree \| snapshot
parent	8768af40196601807b6910e517d9efc3295f4e53	commit \| diff

nspawn: keep backing files for boot_id and kmsg bind mounts alive

Both setup_boot_id() and setup_kmsg() previously created temporary files
in /run, bind mounted them over their respective /proc targets, and then
immediately unlinked the backing files. While the bind mount keeps the
inode alive, the kernel marks the dentry as deleted.

This is a problem because bind mounts backed by unlinked files cannot be
replicated: both the old mount API (mount(MS_BIND)) and the new mount
API (open_tree(OPEN_TREE_CLONE) + move_mount()) fail with ENOENT when
the source mount references a deleted dentry. This affects
mount_private_apivfs() in namespace.c, which needs to replicate these
submounts when setting up a fresh /proc instance for services with
ProtectProc= or similar sandboxing options — with an unlinked backing
file, the boot_id submount simply gets lost.

Fix this by using fixed paths (/run/proc-sys-kernel-random-boot-id and
/run/proc-kmsg) instead of randomized tempfiles, and not unlinking them
after the bind mount. The files live in /run which is cleaned up on
shutdown anyway.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>