diff options
| author | Daniel Golle | 2024-11-13 21:22:48 +0000 |
|---|---|---|
| committer | Daniel Golle | 2024-11-13 21:48:05 +0000 |
| commit | 7330fa55c5211eb7b3c675d1c7b8281b69b53553 (patch) | |
| tree | ae76e71ea06130a91298d05f2e1327c3099f03f7 | |
| parent | 109fa41b2321506280397e03757976c468832668 (diff) | |
| download | procd-7330fa55c5211eb7b3c675d1c7b8281b69b53553.tar.gz | |
initd: mount /sys and /proc with MS_RELATIME
Despite access timestamps not being needed on /sys and /proc, using
MS_NOATIME leads to many container tools not working because the new
mounts of /proc or /sys are more revealing than the original ones.
This results in not being able to mount /proc inside a user namespace
with procd's uxc, but also other tools like bubblewrap, podman or lxd.
Fix this by setting MS_RELATIME instead.
The problem has been present in procd since commit 9fcc900 ("fix up the
mount options to match what openwrt had before using procd as pid 1") but
also in pre-procd OpenWrt releases.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
| -rw-r--r-- | initd/early.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/initd/early.c b/initd/early.c index 04aa10d..aa164d7 100644 --- a/initd/early.c +++ b/initd/early.c @@ -58,14 +58,14 @@ early_mounts(void) unsigned int oldumask = umask(0); if (!is_container()) { - mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL); - mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL); - mount("efivars", "/sys/firmware/efi/efivars", "efivarfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL); + mount("proc", "/proc", "proc", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL); + mount("sysfs", "/sys", "sysfs", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL); + mount("efivars", "/sys/firmware/efi/efivars", "efivarfs", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL); mount("cgroup2", "/sys/fs/cgroup", "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, "nsdelegate"); - mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "mode=0755,size=512K"); + mount("tmpfs", "/dev", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_RELATIME, "mode=0755,size=512K"); ignore(symlink("/tmp/shm", "/dev/shm")); mkdir("/dev/pts", 0755); - mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | MS_NOSUID, NULL); + mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL); early_dev(); } |