asedeno.scripts.mit.edu Git - linux.git/commit

author	David Howells <dhowells@redhat.com>
	Thu, 1 Nov 2018 23:07:25 +0000 (23:07 +0000)
committer	David Howells <dhowells@redhat.com>
	Thu, 20 Dec 2018 16:32:56 +0000 (16:32 +0000)
commit	43f5e655eff7e124d4e484515689cba374ab698e
tree	40e0581b86f123bb4aaa540ff672d575fdcfa83d	tree \| snapshot
parent	e262e32d6bde0f77fb0c95d977482fc872c51996	commit \| diff

vfs: Separate changing mount flags full remount

Separate just the changing of mount flags (MS_REMOUNT|MS_BIND) from full
remount because the mount data will get parsed with the new fs_context
stuff prior to doing a remount - and this causes the syscall to fail under
some circumstances.

To quote Eric's explanation:

  [...] mount(..., MS_REMOUNT|MS_BIND, ...) now validates the mount options
  string, which breaks systemd unit files with ProtectControlGroups=yes
  (e.g.  systemd-networkd.service) when systemd does the following to
  change a cgroup (v1) mount to read-only:

    mount(NULL, "/run/systemd/unit-root/sys/fs/cgroup/systemd", NULL,
  MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND, NULL)

  ... when the kernel has CONFIG_CGROUPS=y but no cgroup subsystems
  enabled, since in that case the error "cgroup1: Need name or subsystem
  set" is hit when the mount options string is empty.

  Probably it doesn't make sense to validate the mount options string at
  all in the MS_REMOUNT|MS_BIND case, though maybe you had something else
  in mind.

This is also worthwhile doing because we will need to add a mount_setattr()
syscall to take over the remount-bind function.

Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Reviewed-by: David Howells <dhowells@redhat.com>

fs/namespace.c		diff \| blob \| history
include/linux/mount.h		diff \| blob \| history