From: Mike Yuan <me@yhndnzj.com>
Date: Sun, 16 Mar 2025 21:42:02 +0000 (+0100)
Subject: nspawn: reject existing cgroupfs mount if cgns is enabled
X-Git-Tag: v258-rc1~906^2~10
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b26a994fb8c86a0aee63acb3e780ada73dec93e9;p=thirdparty%2Fsystemd.git

nspawn: reject existing cgroupfs mount if cgns is enabled
---

diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c
index fcca16286a7..09a581a42a2 100644
--- a/src/nspawn/nspawn-cgroup.c
+++ b/src/nspawn/nspawn-cgroup.c
@@ -134,7 +134,7 @@ int create_subcgroup(
         return 0;
 }
 
-int mount_cgroups(const char *dest) {
+int mount_cgroups(const char *dest, bool accept_existing) {
         const char *p;
         int r;
 
@@ -146,6 +146,9 @@ int mount_cgroups(const char *dest) {
         if (r < 0)
                 return log_error_errno(r, "Failed to determine if %s is mounted already: %m", p);
         if (r > 0) {
+                if (!accept_existing)
+                        return log_error_errno(SYNTHETIC_ERRNO(EEXIST), "Refusing existing cgroupfs mount: %s", p);
+
                 if (access(strjoina(p, "/cgroup.procs"), F_OK) >= 0)
                         return 0;
                 if (errno != ENOENT)
diff --git a/src/nspawn/nspawn-cgroup.h b/src/nspawn/nspawn-cgroup.h
index 92f473c1d7a..125bbf5f803 100644
--- a/src/nspawn/nspawn-cgroup.h
+++ b/src/nspawn/nspawn-cgroup.h
@@ -13,5 +13,5 @@ int create_subcgroup(
                 int userns_fd,
                 UserNamespaceMode userns_mode);
 
-int mount_cgroups(const char *dest);
+int mount_cgroups(const char *dest, bool accept_existing);
 int bind_mount_cgroup_hierarchy(void);
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 4cd9cc70ae4..2dcab7d3798 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3342,7 +3342,7 @@ static int inner_child(
                 if (r < 0)
                         return log_error_errno(errno, "Failed to unshare cgroup namespace: %m");
 
-                r = mount_cgroups(/* dest = */ NULL);
+                r = mount_cgroups(/* dest = */ NULL, /* accept_existing = */ false);
         } else
                 r = bind_mount_cgroup_hierarchy();
         if (r < 0)
@@ -4217,7 +4217,7 @@ static int outer_child(
         (void) write_string_filef(p, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0444, SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(arg_uuid));
 
         if (!arg_use_cgns) {
-                r = mount_cgroups(directory);
+                r = mount_cgroups(directory, /* accept_existing = */ true);
                 if (r < 0)
                         return r;
         }