From: Franck Bui <fbui@suse.com>
Date: Fri, 28 Aug 2020 14:03:06 +0000 (+0200)
Subject: pid1: only add a Wants= type dependency on /tmp when PrivateTmp=yes
X-Git-Tag: v249-rc1~86
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b2c7d1bbc2243a425d9b825859bbd0647eecd050;p=thirdparty%2Fsystemd.git

pid1: only add a Wants= type dependency on /tmp when PrivateTmp=yes

We support that tmp.mount being masked, and this should not be considered an
error.
---

diff --git a/src/core/unit.c b/src/core/unit.c
index 42882dbd28d..c6b17afa518 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1282,13 +1282,18 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
         }
 
         if (c->private_tmp) {
-                const char *p;
 
-                FOREACH_STRING(p, "/tmp", "/var/tmp") {
-                        r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
-                        if (r < 0)
-                                return r;
-                }
+                /* FIXME: for now we make a special case for /tmp and add a weak dependency on
+                 * tmp.mount so /tmp being masked is supported. However there's no reason to treat
+                 * /tmp specifically and masking other mount units should be handled more
+                 * gracefully too, see PR#16894. */
+                r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
+                if (r < 0)
+                        return r;
+
+                r = unit_require_mounts_for(u, "/var/tmp", UNIT_DEPENDENCY_FILE);
+                if (r < 0)
+                        return r;
 
                 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE);
                 if (r < 0)