Comments (8)
I don't understand what you are saying? Which mount API are you talking about?
Last time I looked Linux doesn't allow symlink inodes to either being overmounted nor can they be bind mounted on something else.
The new mount API (open_tree
+ move_mount
) supports that: util-linux/util-linux@1b2d818
from systemd.
I see it now. This is the part I think you are referring to:
/* ExtensionImages/Directories are first opened in the propagate directory, not in the root_directory */
r = follow_symlink(!IN_SET(m->mode, MOUNT_EXTENSION_IMAGE, MOUNT_EXTENSION_DIRECTORY) ? root : NULL, m);
if (r < 0) {
mount_entry_path_debug_string(root, m, error_path);
return r;
}
if (r == 0) {
/* We hit a symlinked mount point. The entry got rewritten and might
* point to a very different place now. Let's normalize the changed
* list, and start from the beginning. After all to mount the entry
* at the new location we might need some other mounts first */
again = true;
break;
}
I'm not able to understand (not without spending more time looking at it) how follow_symlink
rewrites the mount point, but the comment here insinuates that it does.
Here's a suggestion for how this might be made to work. Add a bool nofollow
field to MountEntry
. When nofollow
is false, the behavior should be exactly as it is now. When nofollow
is true, follow_symlink
should still resolve symlinks in the path except for a symlink in the last piece of the path. So, in this new case, the rewritten path may not contain a symlink anywhere except in its last piece (e.g. in path /foo/bar/baz
, foo
and bar
cannot be symlinks but baz
can. And then, working back out toward the user-facing interface, both BindPaths
and BindReadOnlyPaths
would be lowered to MountEntry
s with noresolve
set to true, and for everything else, noresolve
would be false.
This suggestion is a breaking change, but it makes the interface more consistent with tools like mount
. To make it a nonbreaking change, systemd could instead introduce additional syntax (BindPaths=/foo:/bar:nofollow
).
I'm happy to implement this if anyone can provide (or approve) for what shape this improvement should take.
from systemd.
I don't understand what you are saying? Which mount API are you talking about?
Last time I looked Linux doesn't allow symlink inodes to either being overmounted nor can they be bind mounted on something else.
Please provide an example in shell how you create a bind mount that overmounts a symlink inode.
from systemd.
Hmm, for your specific use case, i.e. bind mount over a target symlink, it is already supported? Which systemd version are you running?
from systemd.
Here's all the version information for the system I use:
systemd 249 (249.11-0ubuntu3.12)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
from systemd.
Sorry, disregard the previous information. That was run from the wrong system. Here's the systemd version that is used:
systemd 249 (249.11-0ubuntu3.12)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
And here is the output from uname -a
:
Linux THEHOSTNAME 5.15.0-1038-raspi #41-Ubuntu SMP PREEMPT Fri Sep 8 12:38:39 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
from systemd.
Ubuntu 24 was just released, which includes systemd 255. I have been able to confirm that the same behavior is present there.
from systemd.
Hmm, right. I looked a bit closer and discovered that while we have the mount_nofollow_verbose
helper that supports bind mounting over a symlink, setup_namespace
-> apply_mounts
always resolve the symlink first.
from systemd.
Related Issues (20)
- Missing credentials in `ExecStartPost=/ExecStop*=` when `ReadWritePaths=` is used HOT 3
- LUKS unlock failure with a FIDO2 token when using gpt-auto-generator HOT 1
- Not able to add device/event to watch list of systemd-logind HOT 4
- systemd-homed fscrypt-backed files are still visible after logout HOT 1
- `systemctl disable [--now] someunit@*` gives wrong error message HOT 2
- TPM2 support: Compatibility with older Intel PTT HOT 3
- Log output can be lost from services using log namespaces that only produce output immediately before exiting HOT 2
- `systemctl disable [--now] someunit@*` gives an error message HOT 2
- Try unlock with FIDO2 key before asking for password(/PIN). HOT 2
- systemd.network Kind=/Type= ambiguity
- systemd.network Name=enp* matches eno* HOT 4
- Strange results when using sd_device_monitor to monitor USB device events HOT 15
- IPv6 Compliance Failure Summary (April 25, 2024)
- systemctl hibernate error message on "not enough space" could use more detail
- machined: Assertion '(_error) != 0' failed at src/shared/discover-image.c:1450, function image_read_metadata(). Aborting. (in developer mode)
- WorkingDirectory= feature to normalize or ability to use ".." ? HOT 1
- systemd-repart: document implied copy deny lists, and how to cancel them out HOT 3
- IPv6 Compliance RFC4862: Address Lifetime Expiry (Hosts Only) [v6LC.3.2.2] HOT 3
- sysupdate / Automatic Boot Assessment: For rootfs image as well?
- systemd-repart refuses to copy blocks from unaligned files HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from systemd.