From: Daniel Golle <daniel@makrotopia.org>
Date: Wed, 13 Nov 2024 21:22:48 +0000 (+0100)
Subject: initd: mount /sys and /proc with MS_RELATIME
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=7330fa55c5211eb7b3c675d1c7b8281b69b53553;p=project%2Fprocd.git

initd: mount /sys and /proc with MS_RELATIME

Despite access timestamps not being needed on /sys and /proc, using
MS_NOATIME leads to many container tools not working because the new
mounts of /proc or /sys are more revealing than the original ones.
This results in not being able to mount /proc inside a user namespace
with procd's uxc, but also other tools like bubblewrap, podman or lxd.
Fix this by setting MS_RELATIME instead.

The problem has been present in procd since commit 9fcc900 ("fix up the
mount options to match what openwrt had before using procd as pid 1") but
also in pre-procd OpenWrt releases.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---

diff --git a/initd/early.c b/initd/early.c
index 04aa10d..aa164d7 100644
--- a/initd/early.c
+++ b/initd/early.c
@@ -58,14 +58,14 @@ early_mounts(void)
 	unsigned int oldumask = umask(0);
 
 	if (!is_container()) {
-		mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL);
-		mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL);
-		mount("efivars", "/sys/firmware/efi/efivars", "efivarfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL);
+		mount("proc", "/proc", "proc", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL);
+		mount("sysfs", "/sys", "sysfs", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL);
+		mount("efivars", "/sys/firmware/efi/efivars", "efivarfs", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL);
 		mount("cgroup2", "/sys/fs/cgroup", "cgroup2",  MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, "nsdelegate");
-		mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "mode=0755,size=512K");
+		mount("tmpfs", "/dev", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_RELATIME, "mode=0755,size=512K");
 		ignore(symlink("/tmp/shm", "/dev/shm"));
 		mkdir("/dev/pts", 0755);
-		mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | MS_NOSUID, NULL);
+		mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL);
 
 		early_dev();
 	}