libreoffice-online/common
Caolán McNamara cb136dd51a namespace mount can fail due to adding MS_NOATIME
in deployment on remounting the mount pointing to /opt/cool/systemplate
with an additional MS_NOATIME results in EPERM.  Where that dir is on a
(toplevel) [rel]atime mount.

man 2 mount states 'An attempt was made to modify (MS_REMOUNT) the
MS_RDONLY, MS_NOSUID, or MS_NOEXEC flag, or one of the "atime" flags
(MS_NOATIME, MS_NODIRATIME, MS_RELATIME) of an existing mount, but the
mount is locked'. Presumably we can add flags that drop privs, but not
those that could circumvent original mount policy.

Thanks to Kay Sievers for help & advice to bootstrap these namespace
mounts.

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I4c0c6a6e4a0e7fae04255e247b18cd5a86c3f327
2024-07-03 23:31:17 +02:00
..
Authorization.cpp
Authorization.hpp wsd: include cleanup 2024-03-19 20:51:02 -04:00
Clipboard.hpp cool#9219 clipboard: only accept downloaded data in own format 2024-06-11 14:45:50 +01:00
CommandControl.cpp
CommandControl.hpp
Common.hpp Forkit needs to wakeup to waitpid processes. 2024-05-10 16:30:37 +01:00
ConfigUtil.cpp bgsave: lower priority of background thread. 2024-05-10 16:30:37 +01:00
ConfigUtil.hpp bgsave: lower priority of background thread. 2024-05-10 16:30:37 +01:00
CoolMount.cpp namespace mount can fail due to adding MS_NOATIME 2024-07-03 23:31:17 +02:00
Crypto-stub.cpp wsd: Unconditionally compile support-key-enabled code paths 2024-04-14 01:23:00 +01:00
Crypto.cpp wsd: Unconditionally compile support-key-enabled code paths 2024-04-14 01:23:00 +01:00
Crypto.hpp wsd: Unconditionally compile support-key-enabled code paths 2024-04-14 01:23:00 +01:00
DummyTraceEventEmitter.cpp wsd: reduce directives for unused variable supression 2024-03-09 12:37:19 -05:00
FileUtil.cpp wsd: jails: remove empty directories 2024-07-03 11:51:14 +02:00
FileUtil.hpp wsd: jails: remove empty directories 2024-07-03 11:51:14 +02:00
JailUtil.cpp namespace mount can fail due to adding MS_NOATIME 2024-07-03 23:31:17 +02:00
JailUtil.hpp add 'mount_namespaces' option to use linux mount namespaces 2024-07-02 13:31:38 +01:00
JsonUtil.hpp killpoco: remove lots of redundant JSON includes. 2024-04-25 09:06:13 +02:00
LangUtil.hpp
Log.cpp fuzzer: reject increasing the log level via update-log-levels 2024-06-26 22:16:08 +02:00
Log.hpp delta: Disable pixel tracing in trace logging by default. 2024-06-20 15:55:01 +01:00
Message.hpp cool#9120 - use a simple hash to avoid most tile: comparisons. 2024-05-22 19:58:28 +01:00
MobileApp.cpp wsd: move wopi stub/dummy interface to MobileApp.hpp 2024-04-03 14:26:28 +01:00
MobileApp.hpp impress: restrict presentation in readonly mode 2024-05-07 13:21:04 +01:00
Png.hpp reduce uses of MOBILEAPP on some files 2024-03-20 09:13:00 +01:00
Protocol.cpp
Protocol.hpp
Rectangle.hpp common: avoid adding too large ints in the Rectangle ctor 2024-05-28 13:41:14 +02:00
RenderTiles.hpp Cleanup and shorten tilecombine descriptor lists. 2024-05-26 19:28:30 +01:00
Seccomp.cpp wsd: reduce directives for unused variable supression 2024-03-09 12:37:19 -05:00
Seccomp.hpp
security.h Add more comment warnings around security critical code. 2024-05-07 13:11:30 +01:00
Session.cpp honour online host verification exemption also in core 2024-06-24 18:53:34 +02:00
Session.hpp honour online host verification exemption also in core 2024-06-24 18:53:34 +02:00
SigUtil.cpp bgsave: ensure kit processes die when their parents do. 2024-04-16 15:07:18 +01:00
SigUtil.hpp bgsave: ensure kit processes die when their parents do. 2024-04-16 15:07:18 +01:00
Simd.cpp
Simd.hpp cool#8328 - config header fixup. 2024-02-21 09:35:25 +00:00
SpookyV2.cpp
SpookyV2.h
StateEnum.hpp Logging: add Area parameter and new LOGA_ macros to annotate areas. 2024-05-14 18:37:52 +02:00
StringVector.cpp cool#8328 - config header fixup. 2024-02-21 09:35:25 +00:00
StringVector.hpp Add SysStopwatch to use /proc/self/stat tick timings to measure time. 2024-06-04 09:11:52 +02:00
ThreadPool.hpp cool#9271 - re-start delta thread pool after bgsave. 2024-06-13 20:14:08 +01:00
TraceEvent.cpp wsd: streamline TraceEvent strings 2024-03-18 18:41:49 +00:00
TraceEvent.hpp wsd: avoid duplicate string copying for ProfileZone 2024-03-18 18:41:49 +00:00
Unit.cpp wsd: test: unit-test validation in debug only 2024-06-12 09:15:40 +01:00
Unit.hpp test: abort UnitSaveTorture if we don't get a bgsave when expected. 2024-06-25 22:43:08 +02:00
Util-desktop.cpp UnitPerf: add a simple performance unit test. 2024-06-04 09:11:52 +02:00
Util-mobile.cpp add isMobileApp util function to reduce ifdefs 2024-03-20 09:13:00 +01:00
Util.cpp killpoco: remove lots of redundant JSON includes. 2024-04-25 09:06:13 +02:00
Util.hpp Add SysStopwatch to use /proc/self/stat tick timings to measure time. 2024-06-04 09:11:52 +02:00
Watchdog.hpp bump watchdog pings from 20ms to 50ms 2024-04-30 17:55:13 +02:00