From 7330fa55c5211eb7b3c675d1c7b8281b69b53553 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Wed, 13 Nov 2024 22:22:48 +0100 Subject: [PATCH] initd: mount /sys and /proc with MS_RELATIME Despite access timestamps not being needed on /sys and /proc, using MS_NOATIME leads to many container tools not working because the new mounts of /proc or /sys are more revealing than the original ones. This results in not being able to mount /proc inside a user namespace with procd's uxc, but also other tools like bubblewrap, podman or lxd. Fix this by setting MS_RELATIME instead. The problem has been present in procd since commit 9fcc900 ("fix up the mount options to match what openwrt had before using procd as pid 1") but also in pre-procd OpenWrt releases. Signed-off-by: Daniel Golle --- initd/early.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/initd/early.c b/initd/early.c index 04aa10d..aa164d7 100644 --- a/initd/early.c +++ b/initd/early.c @@ -58,14 +58,14 @@ early_mounts(void) unsigned int oldumask = umask(0); if (!is_container()) { - mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL); - mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL); - mount("efivars", "/sys/firmware/efi/efivars", "efivarfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL); + mount("proc", "/proc", "proc", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL); + mount("sysfs", "/sys", "sysfs", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL); + mount("efivars", "/sys/firmware/efi/efivars", "efivarfs", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL); mount("cgroup2", "/sys/fs/cgroup", "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, "nsdelegate"); - mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "mode=0755,size=512K"); + mount("tmpfs", "/dev", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_RELATIME, "mode=0755,size=512K"); ignore(symlink("/tmp/shm", "/dev/shm")); mkdir("/dev/pts", 0755); - mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | MS_NOSUID, NULL); + mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL); early_dev(); } -- 2.30.2