• David Howells's avatar
    vfs: Separate changing mount flags full remount · 43f5e655
    David Howells authored
    Separate just the changing of mount flags (MS_REMOUNT|MS_BIND) from full
    remount because the mount data will get parsed with the new fs_context
    stuff prior to doing a remount - and this causes the syscall to fail under
    some circumstances.
    
    To quote Eric's explanation:
    
      [...] mount(..., MS_REMOUNT|MS_BIND, ...) now validates the mount options
      string, which breaks systemd unit files with ProtectControlGroups=yes
      (e.g.  systemd-networkd.service) when systemd does the following to
      change a cgroup (v1) mount to read-only:
    
        mount(NULL, "/run/systemd/unit-root/sys/fs/cgroup/systemd", NULL,
    	  MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND, NULL)
    
      ... when the kernel has CONFIG_CGROUPS=y but no cgroup subsystems
      enabled, since in that case the error "cgroup1: Need name or subsystem
      set" is hit when the mount options string is empty.
    
      Probably it doesn't make sense to validate the mount options string at
      all in the MS_REMOUNT|MS_BIND case, though maybe you had something else
      in mind.
    
    This is also worthwhile doing because we will need to add a mount_setattr()
    syscall to take over the remount-bind function.
    Reported-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
    43f5e655
namespace.c 85.3 KB