www.infradead.org Git - users/willy/linux.git/commit

author	David Howells <dhowells@redhat.com>
	Tue, 11 Sep 2018 21:20:55 +0000 (22:20 +0100)
committer	David Howells <dhowells@redhat.com>
	Tue, 23 Oct 2018 16:38:57 +0000 (17:38 +0100)
commit	ae049c6c97e40abcd26f31c6d2c55f97c8d08eb0
tree	b52568bfde866bee6dad2c6d9020194703d14eed	tree
parent	8825fb43b70a84e8874953f8835b7b8c31f077aa	commit \| diff

vfs: Separate changing mount flags full remount

Separate just the changing of mount flags (MS_REMOUNT|MS_BIND) from full
remount because the mount data will get parsed with the new fs_context
stuff prior to doing a remount - and this causes the syscall to fail under
some circumstances.

To quote Eric's explanation:

  [...] mount(..., MS_REMOUNT|MS_BIND, ...) now validates the mount options
  string, which breaks systemd unit files with ProtectControlGroups=yes
  (e.g.  systemd-networkd.service) when systemd does the following to
  change a cgroup (v1) mount to read-only:

    mount(NULL, "/run/systemd/unit-root/sys/fs/cgroup/systemd", NULL,
  MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND, NULL)

  ... when the kernel has CONFIG_CGROUPS=y but no cgroup subsystems
  enabled, since in that case the error "cgroup1: Need name or subsystem
  set" is hit when the mount options string is empty.

  Probably it doesn't make sense to validate the mount options string at
  all in the MS_REMOUNT|MS_BIND case, though maybe you had something else
  in mind.

This is also worthwhile doing because we will need to add a mount_setattr()
syscall to take over the remount-bind function.

Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>

fs/namespace.c		diff \| blob \| history
include/linux/mount.h		diff \| blob \| history