]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 02c4d27)
nspawn: reject existing cgroupfs mount if cgns is enabled
authorMike Yuan <me@yhndnzj.com>
Sun, 16 Mar 2025 21:42:02 +0000 (22:42 +0100)
committerMike Yuan <me@yhndnzj.com>
Fri, 4 Apr 2025 12:36:14 +0000 (14:36 +0200)
src/nspawn/nspawn-cgroup.c patch | blob | blame | history
src/nspawn/nspawn-cgroup.h patch | blob | blame | history
src/nspawn/nspawn.c patch | blob | blame | history

diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c
index fcca16286a72285e6dd853d4634af802c59995b8..09a581a42a27fce1c72ab396be9c0e4217b3c34b 100644 (file)
--- a/src/nspawn/nspawn-cgroup.c
+++ b/src/nspawn/nspawn-cgroup.c
@@ -134,7 +134,7 @@ int create_subcgroup(
         return 0;
 }
 
-int mount_cgroups(const char *dest) {
+int mount_cgroups(const char *dest, bool accept_existing) {
         const char *p;
         int r;
 
@@ -146,6 +146,9 @@ int mount_cgroups(const char *dest) {
         if (r < 0)
                 return log_error_errno(r, "Failed to determine if %s is mounted already: %m", p);
         if (r > 0) {
+                if (!accept_existing)
+                        return log_error_errno(SYNTHETIC_ERRNO(EEXIST), "Refusing existing cgroupfs mount: %s", p);
+
                 if (access(strjoina(p, "/cgroup.procs"), F_OK) >= 0)
                         return 0;
                 if (errno != ENOENT)
diff --git a/src/nspawn/nspawn-cgroup.h b/src/nspawn/nspawn-cgroup.h
index 92f473c1d7a29fcca3720b76ba2655e6c2fc711d..125bbf5f8032cc8b6263747ef76cfafeea0377e4 100644 (file)
--- a/src/nspawn/nspawn-cgroup.h
+++ b/src/nspawn/nspawn-cgroup.h
@@ -13,5 +13,5 @@ int create_subcgroup(
                 int userns_fd,
                 UserNamespaceMode userns_mode);
 
-int mount_cgroups(const char *dest);
+int mount_cgroups(const char *dest, bool accept_existing);
 int bind_mount_cgroup_hierarchy(void);
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 4cd9cc70ae4dc8a5374aa64c171096e045db887b..2dcab7d3798e22c670a29be392f5a2ffb71240bb 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3342,7 +3342,7 @@ static int inner_child(
                 if (r < 0)
                         return log_error_errno(errno, "Failed to unshare cgroup namespace: %m");
 
-                r = mount_cgroups(/* dest = */ NULL);
+                r = mount_cgroups(/* dest = */ NULL, /* accept_existing = */ false);
         } else
                 r = bind_mount_cgroup_hierarchy();
         if (r < 0)
@@ -4217,7 +4217,7 @@ static int outer_child(
         (void) write_string_filef(p, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0444, SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(arg_uuid));
 
         if (!arg_use_cgns) {
-                r = mount_cgroups(directory);
+                r = mount_cgroups(directory, /* accept_existing = */ true);
                 if (r < 0)
                         return r;
         }
Unnamed repository; edit this file 'description' to name the repository.