Bug 1010673 - PrivateTmp keeps the whole filesystem as MS_SLAVE
PrivateTmp keeps the whole filesystem as MS_SLAVE
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: systemd (Show other bugs)
19
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: systemd-maint
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-22 07:59 EDT by Etsuji Nakai
Modified: 2014-06-20 02:30 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-19 14:45:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Etsuji Nakai 2013-09-22 07:59:51 EDT
Description of problem:

Under the current F19 kernel, once filesystem is marked as MS_SLAVE, it cannot be converted to MS_SHARED again. I filed the bz entry 1010669 for that:

https://bugzilla.redhat.com/show_bug.cgi?id=1010669

I'm not yet sure if this is the intended behavior or not. But anyway, because of this, the following code for the PrivateTmp mechanism doesn't work as intended.

src/core/namespace.c
------
    203 int setup_namespace(char** read_write_dirs,
...
    245         /* Remount / as SLAVE so that nothing now mounted in the namespace
    246            shows up in the parent */
    247         if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0)
    248                 return -errno;
...
    262         /* Remount / as the desired mode */
    263         if (mount(NULL, "/", NULL, mount_flags | MS_REC, NULL) < 0) {
                                        /* mount_flags = MS_SHARED for default */
    264                 r = -errno;
    265                 goto undo_mounts;
    266         }
------

Although remounting / as MS_SHARED in line 263, / still behaves as MS_SLAVE. If you bind-mount some directory from the daemon running under PrivateTmp, the bind-mount cannot seen from other processes.

I checked it with the following simple service.

/etc/systemd/system/test.service
------------------
[Unit]
Description=PrivateTmp option test

[Service]
ExecStart=/root/bin/test.sh
PrivateTmp=true

[Install]
WantedBy=multi-user.target
------------------

/root/bin/test.sh
------------------
#!/bin/sh
mkdir -p /root/bind
mount --bind /tmp /root/bind
sleep 120
umount /root/bind
------------------

If PrivateTmp=false,
------------------
# systemctl start test.service
# ls /root/bind       ## /root/bind is binded to /tmp outside the daemon.
yum_save_tx.2013-09-22.04-53.Cu432Q.yumtx
------------------

If PrivateTmp=true,
------------------
# systemctl start test.service
# ls /root/bind       ## /root/bind is _not_ binded to /tmp outside the daemon.
------------------

Version-Release number of selected component (if applicable):

# rpm -q systemd
systemd-204-15.fc19.x86_64
Comment 2 Trevor Cordes 2014-01-20 08:40:32 EST
Would this also cause a service (say httpd) that was started with PrivateTmp=true to keep using a private tmp even when changed to PrivateTmp=false and daemon-reload and httpd stop / start?  I'm seeing such behavior and can't explain it.  Thanks
Comment 4 Lennart Poettering 2014-06-18 05:36:41 EDT
if you use PrivateTmp= then mount propagation from the service to the host is disabled. sandboxes set up like that must have MS_SLAVE, and the host must have MS_SHARED for privatetmp= to work (privatedevices= and the others, the same).
Comment 5 Lennart Poettering 2014-06-19 14:45:47 EDT
I don't think there's anything to fix here. Closing. Feel free to reopen if there's actually something to fix.

Note You need to log in before you can comment on or make changes to this bug.