[apparmor] [patch] tests: work around systemd mounting / shared in pivot_root tests

Tyler Hicks tyhicks at canonical.com
Tue Mar 24 23:43:55 UTC 2015 

On 2015-03-24 16:40:37, Steve Beattie wrote:
> On Tue, Mar 24, 2015 at 02:48:22PM -0700, Steve Beattie wrote:
> > The systemd init daemon mounts the / filesystem as shared [1], which
> > breaks pivot_root(2). The following patch adjusts the pivot_root
> > test script to remount / as private if it detects that its shared,
> > allowing the tests to run successfully, and then undoes it once the
> > tests are complete.
> > 
> > [1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=b3ac5f8cb98757416d8660023d6564a7c411f0a0
> > 
> > Signed-off-by: Steve Beattie <steve at nxnw.org>
> 
> Oh, I should note that I'm nominating this for 2.9. Here's the version I
> committed to trunk, which incorporated Tyler's suggestion:

Ack for 2.9.

Tyler

> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>
> 
> === modified file 'tests/regression/apparmor/pivot_root.sh'
> --- tests/regression/apparmor/pivot_root.sh	2014-04-15 02:48:14 +0000
> +++ tests/regression/apparmor/pivot_root.sh	2015-03-24 22:59:44 +0000
> @@ -25,6 +25,7 @@
>  bad=$tmpdir/BAD/
>  proc=$new_root/proc
>  fstype="ext2"
> +root_was_shared="no"
>  
>  pivot_root_cleanup() {
>  	mountpoint -q "$proc"
> @@ -36,9 +37,32 @@
>  	if [ $? -eq 0 ] ; then
>  		umount "$new_root"
>  	fi
> +
> +	if [ "${root_was_shared}" = "yes" ] ; then
> +		[ -n "$VERBOSE" ] && echo 'notice: re-mounting / as shared'
> +		mount --make-shared /
> +	fi
>  }
>  do_onexit="pivot_root_cleanup"
>  
> +# systemd mounts / and everything under it MS_SHARED. This breaks
> +# pivot_root entirely, so attempt to detect it, and remount /
> +# MS_PRIVATE temporarily.
> +FINDMNT=/bin/findmnt
> +if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
> +	if [ "$(${FINDMNT} -no PROPAGATION /)" == "shared" ] ; then
> +		root_was_shared="yes"
> +	fi
> +elif [ "$(ps -hp1  -ocomm)" = "systemd" ] ; then
> +	# no findmnt or findmnt doesn't know the PROPAGATION column,
> +	# but init is systemd so assume rootfs is shared
> +	root_was_shared="yes"
> +fi
> +if [ "${root_was_shared}" = "yes" ] ; then
> +	[ -n "$VERBOSE" ] && echo 'notice: re-mounting / as private'
> +	mount --make-private /
> +fi
> +
>  # Create disk image since pivot_root doesn't allow old root and new root to be
>  # on the same filesystem
>  dd if=/dev/zero of="$disk_img" bs=1024 count=512 2> /dev/null
> 
> -- 
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/



> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150324/b9f778cb/attachment.pgp>

More information about the AppArmor mailing list