From patchwork Mon Feb 12 19:23:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lubomir Rintel X-Patchwork-Id: 872349 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zgG254GQbz9s7f for ; Tue, 13 Feb 2018 06:29:17 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750898AbeBLT3O (ORCPT ); Mon, 12 Feb 2018 14:29:14 -0500 Received: from shell.v3.sk ([92.60.52.57]:43200 "EHLO shell.v3.sk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750800AbeBLT3N (ORCPT ); Mon, 12 Feb 2018 14:29:13 -0500 X-Greylist: delayed 350 seconds by postgrey-1.27 at vger.kernel.org; Mon, 12 Feb 2018 14:29:13 EST Received: from localhost (localhost [127.0.0.1]) by zimbra.v3.sk (Postfix) with ESMTP id 442599B1A5; Mon, 12 Feb 2018 20:23:21 +0100 (CET) Received: from shell.v3.sk ([127.0.0.1]) by localhost (zimbra.v3.sk [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id NxL1_7o6RfZf; Mon, 12 Feb 2018 20:23:17 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by zimbra.v3.sk (Postfix) with ESMTP id 00D609B1FF; Mon, 12 Feb 2018 20:23:16 +0100 (CET) X-Virus-Scanned: amavisd-new at zimbra.v3.sk Received: from shell.v3.sk ([127.0.0.1]) by localhost (zimbra.v3.sk [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Zsgyzg0VtKR6; Mon, 12 Feb 2018 20:23:15 +0100 (CET) Received: from belphegor.brq.redhat.com (nat-pool-brq-t.redhat.com [213.175.37.10]) by zimbra.v3.sk (Postfix) with ESMTPSA id 6E27B9B1A5; Mon, 12 Feb 2018 20:23:15 +0100 (CET) From: Lubomir Rintel To: netdev@vger.kernel.org Cc: Phil Sutter , Lubomir Rintel Subject: [PATCH iproute2] lib/namespace: don't try to mount rw /sys over a ro one Date: Mon, 12 Feb 2018 20:23:12 +0100 Message-Id: <20180212192312.3472-1-lkundrak@v3.sk> X-Mailer: git-send-email 2.14.3 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org It will fail with EPERM on Linux 4.15. Signed-off-by: Lubomir Rintel Acked-by: Phil Sutter --- lib/namespace.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/lib/namespace.c b/lib/namespace.c index 30b51388..6f3356d0 100644 --- a/lib/namespace.c +++ b/lib/namespace.c @@ -7,6 +7,7 @@ * 2 of the License, or (at your option) any later version. */ +#include #include #include #include @@ -46,6 +47,8 @@ int netns_switch(char *name) { char net_path[PATH_MAX]; int netns; + unsigned long mountflags = 0; + struct statvfs fsstat; snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name); netns = open(net_path, O_RDONLY | O_CLOEXEC); @@ -73,12 +76,25 @@ int netns_switch(char *name) strerror(errno)); return -1; } + /* Mount a version of /sys that describes the network namespace */ - if (umount2("/sys", MNT_DETACH) < 0) { - fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno)); + + if (statvfs("/sys", &fsstat) < 0) { + fprintf(stderr, "could not stat /sys (not mounted?): %s\n",strerror(errno)); return -1; } - if (mount(name, "/sys", "sysfs", 0, NULL) < 0) { + if (fsstat.f_flag & ST_RDONLY) { + /* If /sys is not writable (e.g. in a container), we can't + * unmount the old /sys instance, but we can still mount a new + * read-only instance over it. */ + mountflags = MS_RDONLY; + } else { + if (umount2("/sys", MNT_DETACH) < 0) { + fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno)); + return -1; + } + } + if (mount(name, "/sys", "sysfs", mountflags, NULL) < 0) { fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno)); return -1; }