[people/ms/pakfire.git] / src / libpakfire / mount.c

/*#############################################################################
#                                                                             #
# Pakfire - The IPFire package management system                              #
# Copyright (C) 2022 Pakfire development team                                 #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
#############################################################################*/

#include <errno.h>
#include <linux/limits.h>
#include <stddef.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/sysmacros.h>
#include <sys/types.h>

// libmount
#include <libmount/libmount.h>

#include <pakfire/arch.h>
#include <pakfire/logging.h>
#include <pakfire/pakfire.h>
#include <pakfire/path.h>
#include <pakfire/mount.h>
#include <pakfire/string.h>
#include <pakfire/util.h>

static const struct pakfire_mountpoint {
	const char* source;
	const char* target;
	const char* fstype;
	int flags;
	const char* options;
} mountpoints[] = {
	// Mount a new instance of /proc
	{ "pakfire_proc",        "proc",               "proc",
		MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, },

	// Make /proc/sys read-only (except /proc/sys/net)
	{ "/proc/sys",           "proc/sys",           "bind",   MS_BIND|MS_REC, NULL, },
	{ "/proc/sys/net",       "proc/sys/net",       "bind",   MS_BIND|MS_REC, NULL, },
	{ "/proc/sys",           "proc/sys",           "bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },

	// Deny write access to /proc/sysrq-trigger (can be used to restart the host)
	{ "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",   MS_BIND|MS_REC, NULL, },
	{ "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },

	// Make /proc/irq read-only
	{ "/proc/irq",           "proc/irq",           "bind",   MS_BIND|MS_REC, NULL, },
	{ "/proc/irq",           "proc/irq",           "bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },

	// Make /proc/bus read-only
	{ "/proc/bus",           "proc/bus",           "bind",   MS_BIND|MS_REC, NULL, },
	{ "/proc/bus",           "proc/bus",           "bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },

	// Bind-Mount /sys ready-only
	{ "/sys",                "sys",                "bind",   MS_BIND|MS_REC, NULL, },
	{ "/sys",                "sys",                "bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },

	// Create a new /dev
	{ "pakfire_dev",         "dev",                "tmpfs",  MS_NOSUID|MS_NOEXEC,
		"mode=0755,size=4m,nr_inodes=64k", },
	{ "pakfire_dev_pts",     "dev/pts",            "devpts", MS_NOSUID|MS_NOEXEC,
		"newinstance,ptmxmode=0666,mode=620", },

	// Create a new /dev/shm
	{ "pakfire_dev_shm",     "dev/shm",            "tmpfs",
		MS_NOSUID|MS_NODEV|MS_STRICTATIME, "mode=1777,size=1024m", },

	// Mount /dev/mqueue
	{ "mqueue",               "dev/mqueue",        "mqueue",
		MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL },

	// Create a new /run
	{ "pakfire_run",          "run",               "tmpfs",  MS_NOSUID|MS_NOEXEC|MS_NODEV,
		"mode=755,size=256m,nr_inodes=1k", },

	// Create a new /tmp
	{ "pakfire_tmp",          "tmp",               "tmpfs",
		MS_NOSUID|MS_NODEV|MS_STRICTATIME, "mode=1777,size=4096m", },

	// The end
	{ NULL },
};

static const struct pakfire_devnode {
	const char* path;
	int major;
	int minor;
	mode_t mode;
	int flags;
} devnodes[] = {
	{ "/dev/null",      1,  3, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
	{ "/dev/zero",      1,  5, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
	{ "/dev/full",      1,  7, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
	{ "/dev/random",    1,  8, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, 0 },
	{ "/dev/urandom",   1,  9, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, 0 },
	{ "/dev/kmsg",      1, 11, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, 0 },
	{ "/dev/tty",       5,  0, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
	{ "/dev/console",   5,  1, S_IFCHR|S_IRUSR|S_IWUSR, 0 },
	{ "/dev/rtc0",    252,  0, S_IFCHR|S_IRUSR|S_IWUSR, 0 },

	// Loop Devices
	{ "/dev/loop-control", 10, 237, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop0",         7,   0, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop1",         7,   1, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop2",         7,   2, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop3",         7,   3, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop4",         7,   4, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop5",         7,   5, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop6",         7,   6, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop7",         7,   7, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },

	{ NULL },
};

static const struct pakfire_symlink {
	const char* target;
	const char* path;
} symlinks[] = {
	{ "/dev/pts/ptmx",   "/dev/ptmx", },
	{ "/proc/self/fd",   "/dev/fd", },
	{ "/proc/self/fd/0", "/dev/stdin" },
	{ "/proc/self/fd/1", "/dev/stdout" },
	{ "/proc/self/fd/2", "/dev/stderr" },
	{ "/proc/kcore",     "/dev/core" },
	{ NULL },
};

int pakfire_mount_change_propagation(struct pakfire_ctx* ctx, const char* path, int propagation) {
	CTX_DEBUG(ctx, "Changing mount propagation on %s\n", path);

	int r = mount(NULL, path, NULL, propagation|MS_REC, NULL);
	if (r)
		CTX_ERROR(ctx, "Failed to change mount propagation on %s: %m\n", path);

	return r;
}

static int pakfire_mount_is_mountpoint(struct pakfire* pakfire, const char* path) {
	// XXX THIS STILL NEEDS TO BE IMPLEMENTED
	return 1;
}

int pakfire_mount_make_mounpoint(struct pakfire* pakfire, const char* path) {
	int r;

	// Check if path already is a mountpoint
	r = pakfire_mount_is_mountpoint(pakfire, path);
	switch (r) {
		// Already is a mountpoint
		case 0:
			return 0;

		// Is not a mountpoint
		case 1:
			break;

		default:
			ERROR(pakfire, "Could not determine whether %s is a mountpoint: %m\n", path);
			return r;
	}

	// Bind-mount to self
	r = mount(path, path, NULL, MS_BIND|MS_REC, NULL);
	if (r) {
		ERROR(pakfire, "Could not make %s a mountpoint: %m\n", path);
		return r;
	}

	return 0;
}

/*
	Easy way to iterate through all mountpoints
*/
static int pakfire_mount_foreach(struct pakfire* pakfire, int direction,
		int (*callback)(struct pakfire* pakfire, struct libmnt_fs* fs, const void* data),
		const void* data) {
	const char* root = pakfire_get_path(pakfire);
	int r = 0;

	struct libmnt_iter* iterator = NULL;
	struct libmnt_table* tab = NULL;
	struct libmnt_fs* fs = NULL;

	// Create an iterator
	iterator = mnt_new_iter(direction);
	if (!iterator) {
		ERROR(pakfire, "Could not setup iterator: %m\n");
		goto ERROR;
	}

	// Read /proc/mounts
	tab = mnt_new_table_from_file("/proc/mounts");
	if (!tab) {
		ERROR(pakfire, "Could not open /proc/mounts: %m\n");
		goto ERROR;
	}

	while (mnt_table_next_fs(tab, iterator, &fs) == 0) {
		const char* target = mnt_fs_get_target(fs);

		// Ignore any mointpoints that don't belong to us
		if (!pakfire_string_startswith(target, root))
			continue;

		// Call the callback for each relevant mountpoint
		r = callback(pakfire, fs, data);
		if (r)
			break;
	}

ERROR:
	// Tidy up
	if (fs)
		mnt_unref_fs(fs);
	if (tab)
		mnt_unref_table(tab);
	if (iterator)
		mnt_free_iter(iterator);

	return r;
}

static int pakfire_mount(struct pakfire* pakfire, const char* source, const char* target,
		const char* fstype, unsigned long mflags, const void* data) {
	const char* options = (const char*)data;

	// Check for some basic inputs
	if (!source || !target) {
		errno = EINVAL;
		return 1;
	}

	DEBUG(pakfire, "Mounting %s from %s (%s - %s)\n", target, source, fstype, options);

	// Perform mount()
	int r = mount(source, target, fstype, mflags, data);
	if (r) {
		ERROR(pakfire, "Could not mount %s: %m\n", target);
	}

	return r;
}

static int __pakfire_mount_print(struct pakfire* pakfire,
		struct libmnt_fs* fs, const void* data) {
	DEBUG(pakfire,
		"  %s %s %s %s\n",
		mnt_fs_get_source(fs),
		mnt_fs_get_target(fs),
		mnt_fs_get_fstype(fs),
		mnt_fs_get_fs_options(fs)
	);

	return 0;
}

int pakfire_mount_list(struct pakfire* pakfire) {
	DEBUG(pakfire, "Mountpoints:\n");

	return pakfire_mount_foreach(pakfire, MNT_ITER_FORWARD,
		__pakfire_mount_print, NULL);
}

static int pakfire_populate_dev(struct pakfire* pakfire, int flags) {
	char path[PATH_MAX];

	// Create device nodes
	for (const struct pakfire_devnode* devnode = devnodes; devnode->path; devnode++) {
		DEBUG(pakfire, "Creating device node %s\n", devnode->path);

		// Check if flags match
		if (devnode->flags && !(flags & devnode->flags))
			continue;

		int r = pakfire_path(pakfire, path, "%s", devnode->path);
		if (r)
			return r;

		dev_t dev = makedev(devnode->major, devnode->minor);

		r = mknod(path, devnode->mode, dev);

		// Continue if mknod was successful
		if (r == 0)
			continue;

		// If we could not create the device node because of permission issues,
		// it might be likely that we are running in a user namespace where creating
		// device nodes is not permitted. Try bind-mounting them.
		if (errno == EPERM)
			goto MOUNT;

		// Otherwise log an error and end
		ERROR(pakfire, "Could not create %s: %m\n", devnode->path);
		return r;

MOUNT:
		// Create an empty file
		r = pakfire_touch(path, 0444);
		if (r) {
			ERROR(pakfire, "Could not create %s: %m\n", path);
			return r;
		}

		// Create a bind-mount over the file
		r = pakfire_mount(pakfire, devnode->path, path, "bind", MS_BIND, NULL);
		if (r)
			return r;
	}

	// Create symlinks
	for (const struct pakfire_symlink* s = symlinks; s->target; s++) {
		DEBUG(pakfire, "Creating symlink %s -> %s\n", s->path, s->target);

		int r = pakfire_path(pakfire, path, "%s", s->path);
		if (r)
			return r;

		r = symlink(s->target, path);
		if (r) {
			ERROR(pakfire, "Could not create symlink %s: %m\n", s->path);
			return r;
		}
	}

	return 0;
}

static int pakfire_mount_interpreter(struct pakfire* pakfire) {
	char target[PATH_MAX];

	// Fetch the target architecture
	const char* arch = pakfire_get_effective_arch(pakfire);

	// Can we emulate this architecture?
	char* interpreter = pakfire_arch_find_interpreter(arch);

	// No interpreter required
	if (!interpreter)
		return 0;

	DEBUG(pakfire, "Mounting interpreter %s for %s\n", interpreter, arch);

	// Where to mount this?
	int r = pakfire_path(pakfire, target, "%s", interpreter);
	if (r)
		return r;

	// Create directory
	r = pakfire_mkparentdir(target, 0755);
	if (r)
		return r;

	// Create an empty file
	FILE* f = fopen(target, "w");
	if (!f)
		return 1;
	fclose(f);

	r = pakfire_mount(pakfire, interpreter, target, NULL, MS_BIND|MS_RDONLY, NULL);
	if (r)
		ERROR(pakfire, "Could not mount interpreter %s to %s: %m\n", interpreter, target);

	return r;
}

int pakfire_mount_all(struct pakfire* pakfire, int flags) {
	char target[PATH_MAX];
	int r;

	// Fetch Pakfire's root directory
	const char* root = pakfire_get_path(pakfire);

	for (const struct pakfire_mountpoint* mp = mountpoints; mp->source; mp++) {
		// Figure out where to mount
		r = pakfire_path_append(target, root, mp->target);
		if (r)
			return r;

		// Create target if it doesn't exist
		if (!pakfire_path_exists(target)) {
			r = pakfire_mkdir(target, 0755);
			if (r) {
				ERROR(pakfire, "Could not create %s: %m\n", target);
				return r;
			}
		}

		// Perform mount()
		r = pakfire_mount(pakfire, mp->source, target, mp->fstype, mp->flags, mp->options);
		if (r)
			return r;
	}

	// Populate /dev
	r = pakfire_populate_dev(pakfire, flags);
	if (r)
		return r;

	// Mount the interpreter (if needed)
	r = pakfire_mount_interpreter(pakfire);
	if (r)
		return r;

	return 0;
}

int pakfire_make_ramdisk(struct pakfire* pakfire, char* path, const char* args) {
	int r;

	// Create a new temporary directory
	char* p = pakfire_mkdtemp(path);
	if (!p)
		return -errno;

	// Mount the ramdisk
	r = pakfire_mount(pakfire, "pakfire_ramdisk", p, "tmpfs", 0, args);
	if (r) {
		ERROR_ERRNO(pakfire, r, "Could not mount ramdisk at %s (%s): %m\n", p, args);
		return r;
	}

	DEBUG(pakfire, "Ramdisk mounted at %s (%s)\n", p, args);

	return 0;
}

int pakfire_bind(struct pakfire* pakfire, const char* src, const char* dst, int flags) {
	struct stat st;
	char mountpoint[PATH_MAX];

	if (!dst)
		dst = src;

	int r = pakfire_path(pakfire, mountpoint, "%s", dst);
	if (r)
		return r;

	DEBUG(pakfire, "Bind-mounting %s to %s\n", src, mountpoint);

	r = stat(src, &st);
	if (r < 0) {
		ERROR(pakfire, "Could not stat %s: %m\n", src);
		return 1;
	}

	// Make sure the mountpoint exists
	switch (st.st_mode & S_IFMT) {
		case S_IFDIR:
			r = pakfire_mkdir(mountpoint, st.st_mode);
			if (r && errno != EEXIST)
				return r;
			break;

		case S_IFREG:
		case S_IFLNK:
			// Make parent directory
			r = pakfire_mkparentdir(mountpoint, 0755);
			if (r)
				return r;

			// Create a file
			FILE* f = fopen(mountpoint, "w");
			if (!f)
				return 1;
			fclose(f);
			break;

		default:
			errno = ENOTSUP;
			return 1;
	}

	// The Linux kernel seems to be quite funny when trying to bind-mount something
	// as read-only and requires us to mount the source first, and then remount it
	// again using MS_RDONLY.
	if (flags & MS_RDONLY) {
		r = pakfire_mount(pakfire, src, mountpoint, "bind", MS_BIND|MS_REC, NULL);
		if (r)
			return r;

		// Add the remount flag
		flags |= MS_REMOUNT;
	}

	// Perform mount
	return pakfire_mount(pakfire, src, mountpoint, "bind", flags|MS_BIND|MS_REC, NULL);
}
Commit	Line	Data
bf5f9c24 MT	1	/*#############################################################################
	2	# #
	3	# Pakfire - The IPFire package management system #
	4	# Copyright (C) 2022 Pakfire development team #
	5	# #
	6	# This program is free software: you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation, either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# This program is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	18	# #
	19	#############################################################################*/
	20
	21	#include <errno.h>
	22	#include <linux/limits.h>
bf5f9c24 MT	23	#include <stddef.h>
	24	#include <sys/mount.h>
	25	#include <sys/stat.h>
f71c82d8	26	#include <sys/sysmacros.h>
bf5f9c24 MT	27	#include <sys/types.h>
	28
	29	// libmount
	30	#include <libmount/libmount.h>
	31
660120b6	32	#include <pakfire/arch.h>
bf5f9c24 MT	33	#include <pakfire/logging.h>
bf5f9c24 MT	34	#include <pakfire/pakfire.h>
729827f7	35	#include <pakfire/path.h>
bf5f9c24	36	#include <pakfire/mount.h>
d973a13d	37	#include <pakfire/string.h>
bf5f9c24 MT	38	#include <pakfire/util.h>
	39
	40	static const struct pakfire_mountpoint {
	41	const char* source;
	42	const char* target;
	43	const char* fstype;
	44	int flags;
	45	const char* options;
bf5f9c24	46	} mountpoints[] = {
9ab7dd21 MT	47	// Mount a new instance of /proc
	48	{ "pakfire_proc", "proc", "proc",
	49	MS_NOSUID\|MS_NOEXEC\|MS_NODEV, NULL, },
bf5f9c24	50
9ab7dd21	51	// Make /proc/sys read-only (except /proc/sys/net)
cc752ada MT	52	{ "/proc/sys", "proc/sys", "bind", MS_BIND\|MS_REC, NULL, },
cc752ada MT	53	{ "/proc/sys/net", "proc/sys/net", "bind", MS_BIND\|MS_REC, NULL, },
9ab7dd21 MT	54	{ "/proc/sys", "proc/sys", "bind",
9ab7dd21 MT	55	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT, NULL, },
bf5f9c24	56
9ab7dd21	57	// Deny write access to /proc/sysrq-trigger (can be used to restart the host)
cc752ada	58	{ "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind", MS_BIND\|MS_REC, NULL, },
9ab7dd21 MT	59	{ "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",
	60	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT, NULL, },
	61
	62	// Make /proc/irq read-only
cc752ada	63	{ "/proc/irq", "proc/irq", "bind", MS_BIND\|MS_REC, NULL, },
9ab7dd21 MT	64	{ "/proc/irq", "proc/irq", "bind",
	65	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT, NULL, },
	66
	67	// Make /proc/bus read-only
cc752ada	68	{ "/proc/bus", "proc/bus", "bind", MS_BIND\|MS_REC, NULL, },
9ab7dd21 MT	69	{ "/proc/bus", "proc/bus", "bind",
	70	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT, NULL, },
	71
	72	// Bind-Mount /sys ready-only
cc752ada	73	{ "/sys", "sys", "bind", MS_BIND\|MS_REC, NULL, },
9ab7dd21 MT	74	{ "/sys", "sys", "bind",
9ab7dd21 MT	75	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT, NULL, },
bf5f9c24 MT	76
bf5f9c24 MT	77	// Create a new /dev
cc752ada	78	{ "pakfire_dev", "dev", "tmpfs", MS_NOSUID\|MS_NOEXEC,
9ab7dd21	79	"mode=0755,size=4m,nr_inodes=64k", },
0675c514 MT	80	{ "pakfire_dev_pts", "dev/pts", "devpts", MS_NOSUID\|MS_NOEXEC,
0675c514 MT	81	"newinstance,ptmxmode=0666,mode=620", },
cc752ada	82
99affb62 MT	83	// Create a new /dev/shm
	84	{ "pakfire_dev_shm", "dev/shm", "tmpfs",
	85	MS_NOSUID\|MS_NODEV\|MS_STRICTATIME, "mode=1777,size=1024m", },
	86
cc752ada MT	87	// Mount /dev/mqueue
	88	{ "mqueue", "dev/mqueue", "mqueue",
	89	MS_NOSUID\|MS_NOEXEC\|MS_NODEV, NULL },
bf5f9c24 MT	90
bf5f9c24 MT	91	// Create a new /run
b1a6d98c MT	92	{ "pakfire_run", "run", "tmpfs", MS_NOSUID\|MS_NOEXEC\|MS_NODEV,
	93	"mode=755,size=256m,nr_inodes=1k", },
	94
	95	// Create a new /tmp
	96	{ "pakfire_tmp", "tmp", "tmpfs",
84e5948e	97	MS_NOSUID\|MS_NODEV\|MS_STRICTATIME, "mode=1777,size=4096m", },
bf5f9c24	98
bf5f9c24 MT	99	// The end
	100	{ NULL },
	101	};
	102
f71c82d8 MT	103	static const struct pakfire_devnode {
	104	const char* path;
	105	int major;
	106	int minor;
	107	mode_t mode;
282b732a	108	int flags;
f71c82d8	109	} devnodes[] = {
282b732a MT	110	{ "/dev/null", 1, 3, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP\|S_IROTH\|S_IWOTH, 0 },
	111	{ "/dev/zero", 1, 5, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP\|S_IROTH\|S_IWOTH, 0 },
	112	{ "/dev/full", 1, 7, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP\|S_IROTH\|S_IWOTH, 0 },
	113	{ "/dev/random", 1, 8, S_IFCHR\|S_IRUSR\|S_IRGRP\|S_IROTH, 0 },
	114	{ "/dev/urandom", 1, 9, S_IFCHR\|S_IRUSR\|S_IRGRP\|S_IROTH, 0 },
	115	{ "/dev/kmsg", 1, 11, S_IFCHR\|S_IRUSR\|S_IRGRP\|S_IROTH, 0 },
	116	{ "/dev/tty", 5, 0, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP\|S_IROTH\|S_IWOTH, 0 },
	117	{ "/dev/console", 5, 1, S_IFCHR\|S_IRUSR\|S_IWUSR, 0 },
	118	{ "/dev/rtc0", 252, 0, S_IFCHR\|S_IRUSR\|S_IWUSR, 0 },
	119
	120	// Loop Devices
	121	{ "/dev/loop-control", 10, 237, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	122	{ "/dev/loop0", 7, 0, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	123	{ "/dev/loop1", 7, 1, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	124	{ "/dev/loop2", 7, 2, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	125	{ "/dev/loop3", 7, 3, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	126	{ "/dev/loop4", 7, 4, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	127	{ "/dev/loop5", 7, 5, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	128	{ "/dev/loop6", 7, 6, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	129	{ "/dev/loop7", 7, 7, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	130
f71c82d8 MT	131	{ NULL },
f71c82d8 MT	132	};
dc01afb6	133
f71c82d8 MT	134	static const struct pakfire_symlink {
	135	const char* target;
	136	const char* path;
	137	} symlinks[] = {
0675c514	138	{ "/dev/pts/ptmx", "/dev/ptmx", },
f71c82d8 MT	139	{ "/proc/self/fd", "/dev/fd", },
	140	{ "/proc/self/fd/0", "/dev/stdin" },
	141	{ "/proc/self/fd/1", "/dev/stdout" },
	142	{ "/proc/self/fd/2", "/dev/stderr" },
	143	{ "/proc/kcore", "/dev/core" },
	144	{ NULL },
	145	};
dc01afb6	146
719e2e3e MT	147	int pakfire_mount_change_propagation(struct pakfire_ctx* ctx, const char* path, int propagation) {
719e2e3e MT	148	CTX_DEBUG(ctx, "Changing mount propagation on %s\n", path);
9f558f7d MT	149
	150	int r = mount(NULL, path, NULL, propagation\|MS_REC, NULL);
	151	if (r)
719e2e3e	152	CTX_ERROR(ctx, "Failed to change mount propagation on %s: %m\n", path);
9f558f7d MT	153
	154	return r;
	155	}
	156
14df7388 MT	157	static int pakfire_mount_is_mountpoint(struct pakfire* pakfire, const char* path) {
	158	// XXX THIS STILL NEEDS TO BE IMPLEMENTED
	159	return 1;
	160	}
	161
	162	int pakfire_mount_make_mounpoint(struct pakfire* pakfire, const char* path) {
	163	int r;
	164
	165	// Check if path already is a mountpoint
	166	r = pakfire_mount_is_mountpoint(pakfire, path);
	167	switch (r) {
	168	// Already is a mountpoint
	169	case 0:
	170	return 0;
	171
	172	// Is not a mountpoint
	173	case 1:
	174	break;
	175
	176	default:
	177	ERROR(pakfire, "Could not determine whether %s is a mountpoint: %m\n", path);
	178	return r;
	179	}
	180
	181	// Bind-mount to self
	182	r = mount(path, path, NULL, MS_BIND\|MS_REC, NULL);
	183	if (r) {
	184	ERROR(pakfire, "Could not make %s a mountpoint: %m\n", path);
	185	return r;
	186	}
	187
	188	return 0;
	189	}
	190
bf5f9c24 MT	191	/*
	192	Easy way to iterate through all mountpoints
	193	*/
0ea82518 MT	194	static int pakfire_mount_foreach(struct pakfire* pakfire, int direction,
0ea82518 MT	195	int (callback)(struct pakfire pakfire, struct libmnt_fs* fs, const void* data),
f71c82d8	196	const void* data) {
bf5f9c24	197	const char* root = pakfire_get_path(pakfire);
ec64a612	198	int r = 0;
bf5f9c24	199
0ea82518 MT	200	struct libmnt_iter* iterator = NULL;
	201	struct libmnt_table* tab = NULL;
	202	struct libmnt_fs* fs = NULL;
	203
	204	// Create an iterator
	205	iterator = mnt_new_iter(direction);
	206	if (!iterator) {
	207	ERROR(pakfire, "Could not setup iterator: %m\n");
	208	goto ERROR;
	209	}
	210
	211	// Read /proc/mounts
	212	tab = mnt_new_table_from_file("/proc/mounts");
	213	if (!tab) {
bf5f9c24	214	ERROR(pakfire, "Could not open /proc/mounts: %m\n");
0ea82518	215	goto ERROR;
bf5f9c24 MT	216	}
bf5f9c24 MT	217
0ea82518 MT	218	while (mnt_table_next_fs(tab, iterator, &fs) == 0) {
0ea82518 MT	219	const char* target = mnt_fs_get_target(fs);
bf5f9c24 MT	220
bf5f9c24 MT	221	// Ignore any mointpoints that don't belong to us
0ea82518	222	if (!pakfire_string_startswith(target, root))
bf5f9c24 MT	223	continue;
bf5f9c24 MT	224
bf5f9c24	225	// Call the callback for each relevant mountpoint
0ea82518	226	r = callback(pakfire, fs, data);
bf5f9c24 MT	227	if (r)
	228	break;
	229	}
	230
0ea82518	231	ERROR:
bf5f9c24	232	// Tidy up
0ea82518 MT	233	if (fs)
	234	mnt_unref_fs(fs);
	235	if (tab)
	236	mnt_unref_table(tab);
	237	if (iterator)
	238	mnt_free_iter(iterator);
bf5f9c24 MT	239
	240	return r;
	241	}
	242
163851bc	243	static int pakfire_mount(struct pakfire* pakfire, const char* source, const char* target,
bf5f9c24 MT	244	const char* fstype, unsigned long mflags, const void* data) {
bf5f9c24 MT	245	const char* options = (const char*)data;
bf5f9c24 MT	246
	247	// Check for some basic inputs
	248	if (!source \|\| !target) {
	249	errno = EINVAL;
	250	return 1;
	251	}
	252
7f970e6e	253	DEBUG(pakfire, "Mounting %s from %s (%s - %s)\n", target, source, fstype, options);
bf5f9c24	254
7f970e6e MT	255	// Perform mount()
7f970e6e MT	256	int r = mount(source, target, fstype, mflags, data);
bf5f9c24	257	if (r) {
7f970e6e	258	ERROR(pakfire, "Could not mount %s: %m\n", target);
bf5f9c24 MT	259	}
bf5f9c24 MT	260
bf5f9c24 MT	261	return r;
	262	}
	263
bf5f9c24	264	static int __pakfire_mount_print(struct pakfire* pakfire,
0ea82518 MT	265	struct libmnt_fs* fs, const void* data) {
	266	DEBUG(pakfire,
	267	" %s %s %s %s\n",
	268	mnt_fs_get_source(fs),
	269	mnt_fs_get_target(fs),
	270	mnt_fs_get_fstype(fs),
	271	mnt_fs_get_fs_options(fs)
bf5f9c24 MT	272	);
	273
	274	return 0;
	275	}
	276
91247a7b MT	277	int pakfire_mount_list(struct pakfire* pakfire) {
91247a7b MT	278	DEBUG(pakfire, "Mountpoints:\n");
bf5f9c24	279
0ea82518	280	return pakfire_mount_foreach(pakfire, MNT_ITER_FORWARD,
f71c82d8 MT	281	__pakfire_mount_print, NULL);
	282	}
	283
282b732a	284	static int pakfire_populate_dev(struct pakfire* pakfire, int flags) {
f71c82d8 MT	285	char path[PATH_MAX];
	286
	287	// Create device nodes
	288	for (const struct pakfire_devnode* devnode = devnodes; devnode->path; devnode++) {
	289	DEBUG(pakfire, "Creating device node %s\n", devnode->path);
	290
282b732a MT	291	// Check if flags match
	292	if (devnode->flags && !(flags & devnode->flags))
	293	continue;
	294
77e26129 MT	295	int r = pakfire_path(pakfire, path, "%s", devnode->path);
	296	if (r)
	297	return r;
f71c82d8 MT	298
	299	dev_t dev = makedev(devnode->major, devnode->minor);
	300
	301	r = mknod(path, devnode->mode, dev);
8f1003a3 MT	302
	303	// Continue if mknod was successful
	304	if (r == 0)
	305	continue;
	306
	307	// If we could not create the device node because of permission issues,
	308	// it might be likely that we are running in a user namespace where creating
	309	// device nodes is not permitted. Try bind-mounting them.
	310	if (errno == EPERM)
	311	goto MOUNT;
	312
	313	// Otherwise log an error and end
	314	ERROR(pakfire, "Could not create %s: %m\n", devnode->path);
	315	return r;
	316
	317	MOUNT:
	318	// Create an empty file
	319	r = pakfire_touch(path, 0444);
f71c82d8	320	if (r) {
8f1003a3	321	ERROR(pakfire, "Could not create %s: %m\n", path);
f71c82d8 MT	322	return r;
f71c82d8 MT	323	}
8f1003a3 MT	324
8f1003a3 MT	325	// Create a bind-mount over the file
64e3b4ff	326	r = pakfire_mount(pakfire, devnode->path, path, "bind", MS_BIND, NULL);
8f1003a3 MT	327	if (r)
8f1003a3 MT	328	return r;
f71c82d8 MT	329	}
	330
	331	// Create symlinks
	332	for (const struct pakfire_symlink* s = symlinks; s->target; s++) {
	333	DEBUG(pakfire, "Creating symlink %s -> %s\n", s->path, s->target);
	334
77e26129 MT	335	int r = pakfire_path(pakfire, path, "%s", s->path);
	336	if (r)
	337	return r;
f71c82d8 MT	338
	339	r = symlink(s->target, path);
	340	if (r) {
	341	ERROR(pakfire, "Could not create symlink %s: %m\n", s->path);
	342	return r;
	343	}
	344	}
	345
	346	return 0;
bf5f9c24 MT	347	}
bf5f9c24 MT	348
660120b6 MT	349	static int pakfire_mount_interpreter(struct pakfire* pakfire) {
	350	char target[PATH_MAX];
	351
	352	// Fetch the target architecture
652f2a99	353	const char* arch = pakfire_get_effective_arch(pakfire);
660120b6 MT	354
	355	// Can we emulate this architecture?
	356	char* interpreter = pakfire_arch_find_interpreter(arch);
	357
	358	// No interpreter required
	359	if (!interpreter)
	360	return 0;
	361
	362	DEBUG(pakfire, "Mounting interpreter %s for %s\n", interpreter, arch);
	363
	364	// Where to mount this?
77e26129 MT	365	int r = pakfire_path(pakfire, target, "%s", interpreter);
77e26129 MT	366	if (r)
660120b6 MT	367	return r;
	368
	369	// Create directory
520ce66c	370	r = pakfire_mkparentdir(target, 0755);
660120b6 MT	371	if (r)
	372	return r;
	373
	374	// Create an empty file
	375	FILE* f = fopen(target, "w");
	376	if (!f)
	377	return 1;
	378	fclose(f);
	379
	380	r = pakfire_mount(pakfire, interpreter, target, NULL, MS_BIND\|MS_RDONLY, NULL);
	381	if (r)
	382	ERROR(pakfire, "Could not mount interpreter %s to %s: %m\n", interpreter, target);
	383
	384	return r;
	385	}
	386
282b732a	387	int pakfire_mount_all(struct pakfire* pakfire, int flags) {
bf5f9c24	388	char target[PATH_MAX];
bf5f9c24 MT	389	int r;
	390
	391	// Fetch Pakfire's root directory
	392	const char* root = pakfire_get_path(pakfire);
	393
bf5f9c24	394	for (const struct pakfire_mountpoint* mp = mountpoints; mp->source; mp++) {
bf5f9c24	395	// Figure out where to mount
819232d6	396	r = pakfire_path_append(target, root, mp->target);
56796f84	397	if (r)
bf5f9c24 MT	398	return r;
bf5f9c24 MT	399
a685a503 MT	400	// Create target if it doesn't exist
	401	if (!pakfire_path_exists(target)) {
	402	r = pakfire_mkdir(target, 0755);
	403	if (r) {
	404	ERROR(pakfire, "Could not create %s: %m\n", target);
	405	return r;
	406	}
	407	}
bf5f9c24	408
bf5f9c24	409	// Perform mount()
f71c82d8	410	r = pakfire_mount(pakfire, mp->source, target, mp->fstype, mp->flags, mp->options);
a685a503	411	if (r)
bf5f9c24	412	return r;
bf5f9c24 MT	413	}
bf5f9c24 MT	414
f71c82d8	415	// Populate /dev
282b732a	416	r = pakfire_populate_dev(pakfire, flags);
f71c82d8 MT	417	if (r)
	418	return r;
	419
660120b6 MT	420	// Mount the interpreter (if needed)
	421	r = pakfire_mount_interpreter(pakfire);
	422	if (r)
	423	return r;
	424
bf5f9c24 MT	425	return 0;
	426	}
	427
06d741c6 MT	428	int pakfire_make_ramdisk(struct pakfire* pakfire, char* path, const char* args) {
	429	int r;
	430
	431	// Create a new temporary directory
	432	char* p = pakfire_mkdtemp(path);
	433	if (!p)
	434	return -errno;
	435
	436	// Mount the ramdisk
	437	r = pakfire_mount(pakfire, "pakfire_ramdisk", p, "tmpfs", 0, args);
	438	if (r) {
	439	ERROR_ERRNO(pakfire, r, "Could not mount ramdisk at %s (%s): %m\n", p, args);
	440	return r;
	441	}
	442
	443	DEBUG(pakfire, "Ramdisk mounted at %s (%s)\n", p, args);
	444
	445	return 0;
	446	}
	447
061223f7	448	int pakfire_bind(struct pakfire* pakfire, const char* src, const char* dst, int flags) {
163851bc MT	449	struct stat st;
	450	char mountpoint[PATH_MAX];
	451
	452	if (!dst)
	453	dst = src;
	454
77e26129 MT	455	int r = pakfire_path(pakfire, mountpoint, "%s", dst);
	456	if (r)
	457	return r;
163851bc MT	458
	459	DEBUG(pakfire, "Bind-mounting %s to %s\n", src, mountpoint);
	460
	461	r = stat(src, &st);
	462	if (r < 0) {
	463	ERROR(pakfire, "Could not stat %s: %m\n", src);
	464	return 1;
	465	}
	466
	467	// Make sure the mountpoint exists
	468	switch (st.st_mode & S_IFMT) {
	469	case S_IFDIR:
520ce66c	470	r = pakfire_mkdir(mountpoint, st.st_mode);
163851bc MT	471	if (r && errno != EEXIST)
	472	return r;
	473	break;
	474
	475	case S_IFREG:
	476	case S_IFLNK:
	477	// Make parent directory
520ce66c	478	r = pakfire_mkparentdir(mountpoint, 0755);
163851bc MT	479	if (r)
	480	return r;
	481
	482	// Create a file
	483	FILE* f = fopen(mountpoint, "w");
	484	if (!f)
	485	return 1;
	486	fclose(f);
	487	break;
	488
	489	default:
	490	errno = ENOTSUP;
	491	return 1;
	492	}
	493
976fbbc8 MT	494	// The Linux kernel seems to be quite funny when trying to bind-mount something
	495	// as read-only and requires us to mount the source first, and then remount it
	496	// again using MS_RDONLY.
	497	if (flags & MS_RDONLY) {
b16b8753	498	r = pakfire_mount(pakfire, src, mountpoint, "bind", MS_BIND\|MS_REC, NULL);
976fbbc8 MT	499	if (r)
	500	return r;
	501
	502	// Add the remount flag
	503	flags \|= MS_REMOUNT;
	504	}
	505
163851bc	506	// Perform mount
b16b8753	507	return pakfire_mount(pakfire, src, mountpoint, "bind", flags\|MS_BIND\|MS_REC, NULL);
163851bc	508	}