Linux kernel ≥ 5.11 for epoll_pwait2()
≥ 5.12 for idmapped mount (mount_setattr())
- ≥ 5.14 for cgroup.kill and quotactl_fd()
+ ≥ 5.14 for cgroup.kill, quotactl_fd(), and MOUNT_ATTR_NOSYMFOLLOW
⚠️ Kernel versions below 5.14 ("recommended baseline") have significant gaps
in functionality and are not recommended for use with this version
≥ 6.10 for fcntl(F_DUPFD_QUERY), unprivileged linkat(AT_EMPTY_PATH),
and block device 'partscan' sysfs attribute
≥ 6.12 for AT_HANDLE_MNT_ID_UNIQUE
- ≥ 6.13 for PIDFD_GET_INFO and {set,remove}xattrat() and
+ ≥ 6.13 for PIDFD_GET_INFO, {set,remove}xattrat(), and
FSCONFIG_SET_FD support for overlayfs layers
≥ 6.16 for coredump pattern '%F' (pidfd) specifier and SO_PASSRIGHTS
if (fsconfig(fs_fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0) < 0)
return -errno;
- int mfd = fsmount(fs_fd, FSMOUNT_CLOEXEC,
- ms_flags_to_mount_attr(credentials_fs_mount_flags(/* ro= */ false)));
+ unsigned mount_attrs = ms_flags_to_mount_attr(credentials_fs_mount_flags(/* ro = */ false));
+
+ int mfd = RET_NERRNO(fsmount(fs_fd, FSMOUNT_CLOEXEC, mount_attrs));
+ if (mfd == -EINVAL) {
+ /* MS_NOSYMFOLLOW was added in kernel 5.10, but the new mount API counterpart was missing
+ * until 5.14 (c.f. https://github.com/torvalds/linux/commit/dd8b477f9a3d8edb136207acb3652e1a34a661b7).
+ *
+ * TODO: drop this once our baseline is raised to 5.14 */
+ assert(FLAGS_SET(mount_attrs, MOUNT_ATTR_NOSYMFOLLOW));
+ mfd = RET_NERRNO(fsmount(fs_fd, FSMOUNT_CLOEXEC, mount_attrs & ~MOUNT_ATTR_NOSYMFOLLOW));
+ }
if (mfd < 0)
- return -errno;
+ return mfd;
if (ret_fsfd)
*ret_fsfd = TAKE_FD(fs_fd);
projects / thirdparty / systemd.git / commitdiff
