From 9d0f728f65e6c3ad586e276c1ed3c2cd8cc944be Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 20 Feb 2023 12:00:30 +0900 Subject: [PATCH 5000/5000] core/manager: run generators directly when we are in initrd Some initrd system write files at ourside of /run, /etc, or other allowed places. This is a kind of workaround, but in most cases, such sandboxing is not necessary as the filesystem is on ramfs when we are in initrd. Fixes #26488. --- src/core/manager.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c index 380a4e30d7..6135205761 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If * we are the user manager, let's just execute the generators directly. We might not have the * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. - */ - if (MANAGER_IS_USER(m)) { + * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ + if (MANAGER_IS_USER(m) || in_initrd()) { r = manager_execute_generators(m, paths, /* remount_ro= */ false); goto finish; } -- 2.35.3