[apparmor] [patch] tests: work around systemd mounting / shared in pivot_root tests

Steve Beattie steve at nxnw.org
Tue Mar 24 21:48:22 UTC 2015 

The systemd init daemon mounts the / filesystem as shared [1], which
breaks pivot_root(2). The following patch adjusts the pivot_root
test script to remount / as private if it detects that its shared,
allowing the tests to run successfully, and then undoes it once the
tests are complete.

[1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=b3ac5f8cb98757416d8660023d6564a7c411f0a0

Signed-off-by: Steve Beattie <steve at nxnw.org>
---
 tests/regression/apparmor/pivot_root.sh |   24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

Index: b/tests/regression/apparmor/pivot_root.sh
===================================================================
--- a/tests/regression/apparmor/pivot_root.sh
+++ b/tests/regression/apparmor/pivot_root.sh
@@ -25,6 +25,7 @@ put_old=${new_root}put_old/
 bad=$tmpdir/BAD/
 proc=$new_root/proc
 fstype="ext2"
+root_was_shared="no"
 
 pivot_root_cleanup() {
 	mountpoint -q "$proc"
@@ -36,9 +37,32 @@ pivot_root_cleanup() {
 	if [ $? -eq 0 ] ; then
 		umount "$new_root"
 	fi
+
+	if [ "${root_was_shared}" = "yes" ] ; then
+		[ -n "$VERBOSE" ] && echo 'notice: re-mounting / as shared'
+		mount -o remount --make-shared /
+	fi
 }
 do_onexit="pivot_root_cleanup"
 
+# systemd mounts / and everything under it MS_SHARED. This breaks
+# pivot_root entirely, so attempt to detect it, and remount /
+# MS_PRIVATE temporarily.
+FINDMNT=/bin/findmnt
+if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
+	if [ "$(${FINDMNT} -no PROPAGATION /)" == "shared" ] ; then
+		root_was_shared="yes"
+	fi
+elif [ "$(ps -hp1  -ocomm)" = "systemd" ] ; then
+	# no findmnt or findmnt doesn't know the PROPAGATION column,
+	# but init is systemd so assume rootfs is shared
+	root_was_shared="yes"
+fi
+if [ "${root_was_shared}" = "yes" ] ; then
+	[ -n "$VERBOSE" ] && echo 'notice: re-mounting / as private'
+	mount -o remount --make-private /
+fi
+
 # Create disk image since pivot_root doesn't allow old root and new root to be
 # on the same filesystem
 dd if=/dev/zero of="$disk_img" bs=1024 count=512 2> /dev/null

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150324/12d27ca1/attachment.pgp>

More information about the AppArmor mailing list