core/namespace: honor MountEntry.read_only, .options, and so on in static entries

Otherwise, ProtectHome=tmpfs makes /home/ and friends not read-only.
Also, mount options for /run/ specified in MountAPIVFS=yes are not
applied.

The function append_static_mounts() was introduced in
5327c910d2fc1ae91bd0b891be92b30379c7467b, but at that time, there were
neither .read_only nor .options in the struct. But, when later the
struct is extended, the function was not updated and they were not
copied from the static table.
The fields has been used in static tables since
e4da7d8c796a1fd11ecfa80fb8a48eac9e823f06, and also in
94293d65cd4125347e21b3e423d0e245226b1be2.

Fixes #34825.

(cherry picked from commit 0cc496b2d21f73d0a03414ce40eceb9e3af76e22)

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 80fb653794232caabd46d7f0e0c712c85c4472d4..f9fc5c8c848e1647bdf0c1cb62c673d71e3d849f 100644 (file)
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -693,11 +693,16 @@ static int append_static_mounts(MountList *ml, const MountEntry *mounts, size_t
                 if (!me)
                         return log_oom_debug();
 
-                *me = (MountEntry) {
-                        .path_const = mount_entry_path(m),
-                        .mode = m->mode,
-                        .ignore = m->ignore || ignore_protect,
-                };
+                /* No dynamic values allowed. */
+                assert(m->path_const);
+                assert(!m->path_malloc);
+                assert(!m->unprefixed_path_malloc);
+                assert(!m->source_malloc);
+                assert(!m->options_malloc);
+                assert(!m->overlay_layers);
+
+                *me = *m;
+                me->ignore = me->ignore || ignore_protect;
         }
 
         return 0;

diff --git a/test/units/TEST-07-PID1.exec-context.sh b/test/units/TEST-07-PID1.exec-context.sh
index cf39af08b2cec1b1c0da635b53dd7260ede6b1fb..9852ec0918ab174e52b38079dd25599af054ab17 100755 (executable)
--- a/test/units/TEST-07-PID1.exec-context.sh
+++ b/test/units/TEST-07-PID1.exec-context.sh
@@ -55,13 +55,22 @@ if [[ -z "${COVERAGE_BUILD_DIR:-}" ]]; then
         bash -xec "test ! -w /home; test ! -w /root; test ! -w /run/user; test ! -e $MARK"
     systemd-run --wait --pipe -p ProtectHome=read-only \
         bash -xec "test ! -w /home; test ! -w /root; test ! -w /run/user; test -e $MARK"
-    systemd-run --wait --pipe -p ProtectHome=tmpfs \
-        bash -xec "test -w /home; test -w /root; test -w /run/user; test ! -e $MARK"
+    systemd-run --wait --pipe -p ProtectHome=tmpfs -p TemporaryFileSystem=/home/foo \
+        bash -xec "test ! -w /home; test ! -w /root; test ! -w /run/user; test ! -e $MARK; test -w /home/foo"
     systemd-run --wait --pipe -p ProtectHome=no \
         bash -xec "test -w /home; test -w /root; test -w /run/user; test -e $MARK"
     rm -f "$MARK"
 fi
 
+systemd-run --wait --pipe -p PrivateMounts=true -p MountAPIVFS=yes \
+    bash -xec '[[ "$(findmnt --mountpoint /proc --noheadings -o FSTYPE)" == proc ]];
+               [[ "$$(findmnt --mountpoint /dev --noheadings -o FSTYPE)" =~ (devtmpfs|tmpfs) ]];
+               [[ "$$(findmnt --mountpoint /sys --noheadings -o FSTYPE)" =~ (sysfs|tmpfs) ]];
+               [[ "$$(findmnt --mountpoint /run --noheadings -o FSTYPE)" == tmpfs ]];
+               [[ "$$(findmnt --mountpoint /run --noheadings -o VFS-OPTIONS)" =~ rw ]];
+               [[ "$$(findmnt --mountpoint /run --noheadings -o VFS-OPTIONS)" =~ nosuid ]];
+               [[ "$$(findmnt --mountpoint /run --noheadings -o VFS-OPTIONS)" =~ nodev ]]'
+
 if proc_supports_option "hidepid=off"; then
     systemd-run --wait --pipe -p ProtectProc=noaccess -p User=testuser \
         bash -xec 'test -e /proc/1; test ! -r /proc/1; test -r /proc/$$$$/comm'