Revert "core: do not leak mount for credentials directory if mount namespace is enabled"

This reverts commits - 9ae3624889 "test-execute: add tests for credentials directory with mount namespace"↲ - 94fe4cf255 "core: do not leak mount for credentials directory if mount namespace is enabled", - 7241b9cd72 "core/credential: make setup_credentials() return path to credentials directory", - fbaf3b23ae "core: set $CREDENTIALS_DIRECTORY only when we set up credentials" Before the commits, credentials directory set up on ExecStart= was kept on e.g. ExecStop=. But, with the changes, if a service requests a private mount namespace, the credentials directory is discarded after ExecStart= is finished. Let's revert the change, and find better way later. Addresses the post-merge comment https://github.com/systemd/systemd/pull/28787#issuecomment-1690614202.
2026-04-14 00:14:32 +09:00 · 2023-08-25 15:54:52 +09:00
parent 53c0397b1d
commit 73ff4d48de
12 changed files with 30 additions and 170 deletions
--- a/test/test-execute/exec-load-credential-with-mount-namespace.service
+++ b/test/test-execute/exec-load-credential-with-mount-namespace.service
@@ -1,9 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-[Unit]
-Description=Test for LoadCredential=
-
-[Service]
-ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"'
-Type=oneshot
-LoadCredential=test-execute.load-credential
-PrivateMounts=yes
--- a/test/test-execute/exec-load-credential-with-seccomp.service
+++ b/test/test-execute/exec-load-credential-with-seccomp.service
@@ -1,9 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-[Unit]
-Description=Test for LoadCredential=
-
-[Service]
-ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"'
-Type=oneshot
-LoadCredential=test-execute.load-credential
-SystemCallFilter=~open_tree move_mount
--- a/test/test-execute/exec-set-credential-with-mount-namespace.service
+++ b/test/test-execute/exec-set-credential-with-mount-namespace.service
@@ -1,9 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-[Unit]
-Description=Test for SetCredential=
-
-[Service]
-ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"'
-Type=oneshot
-SetCredential=test-execute.set-credential:hoge
-PrivateMounts=yes
--- a/test/test-execute/exec-set-credential-with-seccomp.service
+++ b/test/test-execute/exec-set-credential-with-seccomp.service
@@ -1,9 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-[Unit]
-Description=Test for SetCredential=
-
-[Service]
-ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"'
-Type=oneshot
-SetCredential=test-execute.set-credential:hoge
-SystemCallFilter=~open_tree move_mount