tmpfiles: explicitly say we need /proc/ to run

I don't think it's realistic to operate without /proc/. Hence, let's
make this explicit.

If one day someone finds a way to do what we need without /proc/ we can
certainly drop this check again, but for now I think it's a lot
friendlier to users to make this explicitly early on instead continuing
to run and then not do what we need to do, oftentimes failing in cryptic
ways.

After all, invoking the tool without /proc/ is not an error that was
specific to some of the lines we process, but it's systematic error that
will show its ugly face in many codepaths down the line.

Fixes: #14745

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 63427ae6597590258e3cc56c6c84e250afa4bdb0..97de00e3dce828ed1f7adade6a3edb44ccc69e93 100644 (file)
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -3371,6 +3371,16 @@ static int run(int argc, char *argv[]) {
 
         log_setup();
 
+        /* We require /proc/ for a lot of our operations, i.e. for adjusting access modes, for anything
+         * SELinux related, for recursive operation, for xattr, acl and chattr handling, for btrfs stuff and
+         * a lot more. It's probably the majority of invocations where /proc/ is required. Since people
+         * apparently invoke it without anyway and are surprised about the failures, let's catch this early
+         * and output a nice and friendly warning. */
+        if (proc_mounted() == 0)
+                return log_error_errno(SYNTHETIC_ERRNO(ENOSYS),
+                                       "/proc/ is not mounted, but required for successful operation of systemd-tmpfiles. "
+                                       "Please mount /proc/. Alternatively, consider using the --root= or --image= switches.");
+
         /* Descending down file system trees might take a lot of fds */
         (void) rlimit_nofile_bump(HIGH_RLIMIT_NOFILE);