In cases when we are running as system manager, but we don't have the capability to mount filesystems don't call mount_setup(). However we assume that some directories (e.g. /run/systemd) are always around. Hence don't create those directories in mount_setup(). --- src/core/main.c | 7 ++++++- src/core/mount-setup.c | 20 ++++++++++++-------- src/core/mount-setup.h | 1 + 3 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c index 1a62e04..fcd9471 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1393,10 +1393,15 @@ int main(int argc, char *argv[]) { /* Mount /proc, /sys and friends, so that /proc/cmdline and * /proc/$PID/fd is available. */ - if (getpid() == 1) { + if (getpid() == 1 && have_effective_cap(CAP_SYS_ADMIN)) { r = mount_setup(loaded_policy); if (r < 0) goto finish; + } else if (getpid() == 1 && detect_container(NULL) > 0) { + /* Running inside the container as PID 1 but without capability + to mount filesystems. Create at least directories we always + expect to be around */ + mount_setup_run_dirs(); } /* Reset all signal handlers. */ diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index 23a66d2..cd2991d 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -373,6 +373,17 @@ static int nftw_cb( return FTW_CONTINUE; }; +void mount_setup_run_dirs(void) { + /* Create a few directories we always want around, Note that + * sd_booted() checks for /run/systemd/system, so this mkdir + * really needs to stay for good, otherwise software that + * copied sd-daemon.c into their sources will misdetect + * systemd. */ + mkdir_label("/run/systemd", 0755); + mkdir_label("/run/systemd/system", 0755); + mkdir_label("/run/systemd/inaccessible", 0000); +} + int mount_setup(bool loaded_policy) { int r; unsigned i; @@ -418,14 +429,7 @@ int mount_setup(bool loaded_policy) { if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0) log_warning("Failed to set up the root directory for shared mount propagation: %m"); - /* Create a few directories we always want around, Note that - * sd_booted() checks for /run/systemd/system, so this mkdir - * really needs to stay for good, otherwise software that - * copied sd-daemon.c into their sources will misdetect - * systemd. */ - mkdir_label("/run/systemd", 0755); - mkdir_label("/run/systemd/system", 0755); - mkdir_label("/run/systemd/inaccessible", 0000); + mount_setup_run_dirs(); return 0; } diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h index 4b521ad..bfe92b1 100644 --- a/src/core/mount-setup.h +++ b/src/core/mount-setup.h @@ -25,6 +25,7 @@ int mount_setup_early(void); +void mount_setup_run_dirs(void); int mount_setup(bool loaded_policy); int mount_cgroup_controllers(char ***join_controllers); -- 2.0.1 _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel