From: Alan Jenkins Date: Wed, 17 Jan 2018 12:53:26 +0000 (+0000) Subject: core: namespace: remove unnecessary mode on /dev/shm mount target X-Git-Tag: v237~80^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8d95368210007e50df80a9d6e6b2b86010ce2585;p=thirdparty%2Fsystemd.git core: namespace: remove unnecessary mode on /dev/shm mount target This should have no behavioural effect; it just confused me. All the other mount directories in this function are created as 0755. Some of the mounts are allowed to fail - mqueue and hugepages. If the /dev/mqueue mount target was created with the permissive mode 01777, to match the filesystem we're trying to mount there, then a mount failure would allow unprivileged users to write to the /dev filesystem, e.g. to exhaust the available space. There is no reason to allow this. (Allowing the user read access (0755) seems a reasonable idea though, e.g. for quicker troubleshooting.) We do not allow failure of the /dev/shm mount, so it doesn't matter that it is created as 01777. But on the same grounds, we have no *reason* to create it as any specific mode. 0755 is equally fine. This function will be clearer by using 0755 throughout, to avoid unintentionally implying some connection between the mode of the mount target, and the mode of the mounted filesystem. --- diff --git a/src/core/namespace.c b/src/core/namespace.c index e20c5007933..19678e6d57c 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -587,7 +587,7 @@ static int mount_private_dev(MountEntry *m) { } devshm = strjoina(temporary_mount, "/dev/shm"); - (void) mkdir(devshm, 01777); + (void) mkdir(devshm, 0755); r = mount("/dev/shm", devshm, NULL, MS_BIND, NULL); if (r < 0) { r = -errno;