@@ -569,7 +569,7 @@ int mount_all(const char *dest,
569569 static const MountPoint mount_table [] = {
570570 /* First we list inner child mounts (i.e. mounts applied *after* entering user namespacing) */
571571 { "proc" , "/proc" , "proc" , NULL , MS_NOSUID |MS_NOEXEC |MS_NODEV ,
572- MOUNT_FATAL |MOUNT_IN_USERNS },
572+ MOUNT_FATAL |MOUNT_IN_USERNS | MOUNT_MKDIR },
573573
574574 { "/proc/sys" , "/proc/sys" , NULL , NULL , MS_BIND ,
575575 MOUNT_FATAL |MOUNT_IN_USERNS |MOUNT_APPLY_APIVFS_RO }, /* Bind mount first ... */
@@ -599,23 +599,23 @@ int mount_all(const char *dest,
599599 PROC_READ_ONLY ("/proc/scsi" ),
600600
601601 { "mqueue" , "/dev/mqueue" , "mqueue" , NULL , MS_NOSUID |MS_NOEXEC |MS_NODEV ,
602- MOUNT_IN_USERNS },
602+ MOUNT_IN_USERNS | MOUNT_MKDIR },
603603
604604 /* Then we list outer child mounts (i.e. mounts applied *before* entering user namespacing) */
605605 { "tmpfs" , "/tmp" , "tmpfs" , "mode=1777" , MS_NOSUID |MS_NODEV |MS_STRICTATIME ,
606- MOUNT_FATAL |MOUNT_APPLY_TMPFS_TMP },
606+ MOUNT_FATAL |MOUNT_APPLY_TMPFS_TMP | MOUNT_MKDIR },
607607 { "tmpfs" , "/sys" , "tmpfs" , "mode=555" , MS_NOSUID |MS_NOEXEC |MS_NODEV ,
608- MOUNT_FATAL |MOUNT_APPLY_APIVFS_NETNS },
608+ MOUNT_FATAL |MOUNT_APPLY_APIVFS_NETNS | MOUNT_MKDIR },
609609 { "sysfs" , "/sys" , "sysfs" , NULL , MS_RDONLY |MS_NOSUID |MS_NOEXEC |MS_NODEV ,
610- MOUNT_FATAL |MOUNT_APPLY_APIVFS_RO }, /* skipped if above was mounted */
610+ MOUNT_FATAL |MOUNT_APPLY_APIVFS_RO | MOUNT_MKDIR }, /* skipped if above was mounted */
611611 { "sysfs" , "/sys" , "sysfs" , NULL , MS_NOSUID |MS_NOEXEC |MS_NODEV ,
612- MOUNT_FATAL }, /* skipped if above was mounted */
612+ MOUNT_FATAL | MOUNT_MKDIR }, /* skipped if above was mounted */
613613 { "tmpfs" , "/dev" , "tmpfs" , "mode=755" , MS_NOSUID |MS_STRICTATIME ,
614- MOUNT_FATAL },
614+ MOUNT_FATAL | MOUNT_MKDIR },
615615 { "tmpfs" , "/dev/shm" , "tmpfs" , "mode=1777" , MS_NOSUID |MS_NODEV |MS_STRICTATIME ,
616- MOUNT_FATAL },
616+ MOUNT_FATAL | MOUNT_MKDIR },
617617 { "tmpfs" , "/run" , "tmpfs" , "mode=755" , MS_NOSUID |MS_NODEV |MS_STRICTATIME ,
618- MOUNT_FATAL },
618+ MOUNT_FATAL | MOUNT_MKDIR },
619619
620620#if HAVE_SELINUX
621621 { "/sys/fs/selinux" , "/sys/fs/selinux" , NULL , NULL , MS_BIND ,
@@ -663,17 +663,19 @@ int mount_all(const char *dest,
663663 continue ;
664664 }
665665
666- r = mkdir_userns_p (dest , where , 0755 , (use_userns && !in_userns ) ? uid_shift : UID_INVALID );
667- if (r < 0 && r != - EEXIST ) {
668- if (fatal && r != - EROFS )
669- return log_error_errno (r , "Failed to create directory %s: %m" , where );
666+ if (FLAGS_SET (mount_table [k ].mount_settings , MOUNT_MKDIR )) {
667+ r = mkdir_userns_p (dest , where , 0755 , (use_userns && !in_userns ) ? uid_shift : UID_INVALID );
668+ if (r < 0 && r != - EEXIST ) {
669+ if (fatal && r != - EROFS )
670+ return log_error_errno (r , "Failed to create directory %s: %m" , where );
670671
671- log_debug_errno (r , "Failed to create directory %s: %m" , where );
672- /* If we failed mkdir() or chown() due to the root
673- * directory being read only, attempt to mount this fs
674- * anyway and let mount_verbose log any errors */
675- if (r != - EROFS )
676- continue ;
672+ log_debug_errno (r , "Failed to create directory %s: %m" , where );
673+
674+ /* If we failed mkdir() or chown() due to the root directory being read only,
675+ * attempt to mount this fs anyway and let mount_verbose log any errors */
676+ if (r != - EROFS )
677+ continue ;
678+ }
677679 }
678680
679681 o = mount_table [k ].options ;
0 commit comments