From 096a8f9bdec62737b539a9d9fb8d8eed08c8da49 Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Fri, 27 Sep 2024 12:39:33 +0200 Subject: [PATCH] cmd/snap-update-ns: allow detaches to propagate When snap-update-ns chooses not to reuse a mount entry it attempts to unmount it by detaching the mount entry. Before that is done the mount entry used to be switch to private propagation, so that the unmount operation was isolated. Disable this logic so that unmounts (and detaches) propagate normally. The mount namespace of the snap is mostly switched to slaved propagation, with the sole exception of /media or /run/media, which uses bidirectional propagation by design. This patch is experimental and is not ready for being merged yet. Jira: https://warthogs.atlassian.net/browse/SNAPDENG-31645 Signed-off-by: Zygmunt Krynicki --- cmd/snap-update-ns/change.go | 9 --------- cmd/snap-update-ns/change_test.go | 7 ------- 2 files changed, 16 deletions(-) diff --git a/cmd/snap-update-ns/change.go b/cmd/snap-update-ns/change.go index e1a334ffd7f..7de5b243be1 100644 --- a/cmd/snap-update-ns/change.go +++ b/cmd/snap-update-ns/change.go @@ -405,15 +405,6 @@ func (c *Change) lowLevelPerform(as *Assumptions) error { flags := umountNoFollow if c.Entry.XSnapdDetach() { flags |= syscall.MNT_DETACH - // If we are detaching something then before performing the actual detach - // switch the entire hierarchy to private event propagation (that is, - // none). This works around a bit of peculiar kernel behavior when the - // kernel reports EBUSY during a detach operation, because the changes - // propagate in a way that conflicts with itself. This is also documented - // in umount(2). - err = sysMount("none", c.Entry.Dir, "", syscall.MS_REC|syscall.MS_PRIVATE, "") - logger.Debugf("mount --make-rprivate %q (error: %v)", c.Entry.Dir, err) - err = clearMissingMountError(err) } // Perform the raw unmount operation. diff --git a/cmd/snap-update-ns/change_test.go b/cmd/snap-update-ns/change_test.go index 83beae259b5..f6ce7bbadcd 100644 --- a/cmd/snap-update-ns/change_test.go +++ b/cmd/snap-update-ns/change_test.go @@ -812,7 +812,6 @@ func (s *changeSuite) TestPerformFilesystemMountWithoutMountPointAndReadOnlyBase {C: `lstat "/rofs"`, R: testutil.FileInfoDir}, {C: `mount "tmpfs" "/rofs" "tmpfs" 0 "mode=0755,uid=0,gid=0"`}, - {C: `mount "none" "/tmp/.snap/rofs" "" MS_REC|MS_PRIVATE ""`}, {C: `unmount "/tmp/.snap/rofs" UMOUNT_NOFOLLOW|MNT_DETACH`}, // Perform clean up after the unmount operation. @@ -976,7 +975,6 @@ func (s *changeSuite) TestPerformFilesystemDetch(c *C) { synth, err := chg.Perform(s.as) c.Assert(err, IsNil) c.Assert(s.sys.RCalls(), testutil.SyscallsEqual, []testutil.CallResultError{ - {C: `mount "none" "/target" "" MS_REC|MS_PRIVATE ""`}, {C: `unmount "/target" UMOUNT_NOFOLLOW|MNT_DETACH`}, // Perform clean up after the unmount operation. @@ -1323,7 +1321,6 @@ func (s *changeSuite) TestPerformDirectoryBindMountWithoutMountPointAndReadOnlyB {C: `lstat "/rofs"`, R: testutil.FileInfoDir}, {C: `mount "tmpfs" "/rofs" "tmpfs" 0 "mode=0755,uid=0,gid=0"`}, - {C: `mount "none" "/tmp/.snap/rofs" "" MS_REC|MS_PRIVATE ""`}, {C: `unmount "/tmp/.snap/rofs" UMOUNT_NOFOLLOW|MNT_DETACH`}, // Perform clean up after the unmount operation. @@ -1471,7 +1468,6 @@ func (s *changeSuite) TestPerformDirectoryBindMountWithoutMountSourceAndReadOnly {C: `close 4`}, {C: `lstat "/rofs"`, R: testutil.FileInfoDir}, {C: `mount "tmpfs" "/rofs" "tmpfs" 0 "mode=0755,uid=0,gid=0"`}, - {C: `mount "none" "/tmp/.snap/rofs" "" MS_REC|MS_PRIVATE ""`}, {C: `unmount "/tmp/.snap/rofs" UMOUNT_NOFOLLOW|MNT_DETACH`}, // Perform clean up after the unmount operation. @@ -1864,7 +1860,6 @@ func (s *changeSuite) TestPerformFileBindMountWithoutMountPointAndReadOnlyBase(c {C: `lstat "/rofs"`, R: testutil.FileInfoDir}, {C: `mount "tmpfs" "/rofs" "tmpfs" 0 "mode=0755,uid=0,gid=0"`}, - {C: `mount "none" "/tmp/.snap/rofs" "" MS_REC|MS_PRIVATE ""`}, {C: `unmount "/tmp/.snap/rofs" UMOUNT_NOFOLLOW|MNT_DETACH`}, // Perform clean up after the unmount operation. @@ -2259,7 +2254,6 @@ func (s *changeSuite) TestPerformCreateSymlinkWithoutBaseDirAndReadOnlyBase(c *C {C: `lstat "/rofs"`, R: testutil.FileInfoDir}, {C: `mount "tmpfs" "/rofs" "tmpfs" 0 "mode=0755,uid=0,gid=0"`}, - {C: `mount "none" "/tmp/.snap/rofs" "" MS_REC|MS_PRIVATE ""`}, {C: `unmount "/tmp/.snap/rofs" UMOUNT_NOFOLLOW|MNT_DETACH`}, // Perform clean up after the unmount operation. @@ -2520,7 +2514,6 @@ func (s *changeSuite) TestPerformCreateSymlinkWithAvoidedTrespassing(c *C) { {C: `close 7`}, // We're done restoring now. - {C: `mount "none" "/tmp/.snap/etc" "" MS_REC|MS_PRIVATE ""`}, {C: `unmount "/tmp/.snap/etc" UMOUNT_NOFOLLOW|MNT_DETACH`}, // Perform clean up after the unmount operation.