]>
Commit | Line | Data |
---|---|---|
d6c9574f | 1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
8e274523 LP |
2 | |
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2010 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU General Public License as published by | |
10 | the Free Software Foundation; either version 2 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
22 | #include <sys/mount.h> | |
23 | #include <errno.h> | |
24 | #include <sys/stat.h> | |
25 | #include <stdlib.h> | |
26 | #include <string.h> | |
27 | #include <libgen.h> | |
28 | #include <assert.h> | |
5c0532d1 | 29 | #include <unistd.h> |
1829dc9d | 30 | #include <ftw.h> |
8e274523 LP |
31 | |
32 | #include "mount-setup.h" | |
33 | #include "log.h" | |
c9af1080 LP |
34 | #include "macro.h" |
35 | #include "util.h" | |
5275d3c1 | 36 | #include "label.h" |
8e274523 | 37 | |
ca714c0e LP |
38 | typedef struct MountPoint { |
39 | const char *what; | |
40 | const char *where; | |
41 | const char *type; | |
42 | const char *options; | |
43 | unsigned long flags; | |
2076ca54 | 44 | bool fatal; |
ca714c0e LP |
45 | } MountPoint; |
46 | ||
47 | static const MountPoint mount_table[] = { | |
77d5f105 LP |
48 | { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, |
49 | { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, | |
50 | { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID, true }, | |
501c875b | 51 | { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV, true }, |
77d5f105 LP |
52 | { "devpts", "/dev/pts", "devpts", NULL, MS_NOSUID|MS_NOEXEC, false }, |
53 | { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, | |
54 | { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, | |
8e274523 LP |
55 | }; |
56 | ||
949c6510 | 57 | /* These are API file systems that might be mounted by other software, |
46ff0ed7 | 58 | * we just list them here so that we know that we should ignore them */ |
949c6510 LP |
59 | |
60 | static const char * const ignore_paths[] = { | |
61 | "/selinux", | |
62 | "/proc/bus/usb", | |
63 | "/var/lib/nfs/rpc_pipefs", | |
64 | "/proc/fs/nfsd" | |
65 | }; | |
66 | ||
dad08730 LP |
67 | bool mount_point_is_api(const char *path) { |
68 | unsigned i; | |
69 | ||
70 | /* Checks if this mount point is considered "API", and hence | |
71 | * should be ignored */ | |
72 | ||
ca714c0e | 73 | for (i = 0; i < ELEMENTSOF(mount_table); i ++) |
449ddb2d | 74 | if (path_equal(path, mount_table[i].where)) |
dad08730 LP |
75 | return true; |
76 | ||
57f2a956 KS |
77 | return path_startswith(path, "/sys/fs/cgroup/"); |
78 | } | |
79 | ||
80 | bool mount_point_ignore(const char *path) { | |
46ff0ed7 | 81 | unsigned i; |
57f2a956 | 82 | |
949c6510 | 83 | for (i = 0; i < ELEMENTSOF(ignore_paths); i++) |
449ddb2d | 84 | if (path_equal(path, ignore_paths[i])) |
949c6510 LP |
85 | return true; |
86 | ||
57f2a956 | 87 | return false; |
dad08730 LP |
88 | } |
89 | ||
ca714c0e | 90 | static int mount_one(const MountPoint *p) { |
8e274523 LP |
91 | int r; |
92 | ||
ca714c0e | 93 | assert(p); |
8e274523 | 94 | |
8d567588 | 95 | if ((r = path_is_mount_point(p->where)) < 0) |
8e274523 LP |
96 | return r; |
97 | ||
98 | if (r > 0) | |
99 | return 0; | |
100 | ||
a04f58d6 LP |
101 | /* The access mode here doesn't really matter too much, since |
102 | * the mounted file system will take precedence anyway. */ | |
ca714c0e | 103 | mkdir_p(p->where, 0755); |
a04f58d6 | 104 | |
8e274523 | 105 | log_debug("Mounting %s to %s of type %s with options %s.", |
ca714c0e LP |
106 | p->what, |
107 | p->where, | |
108 | p->type, | |
109 | strna(p->options)); | |
110 | ||
111 | if (mount(p->what, | |
112 | p->where, | |
113 | p->type, | |
114 | p->flags, | |
115 | p->options) < 0) { | |
116 | log_error("Failed to mount %s: %s", p->where, strerror(errno)); | |
2076ca54 | 117 | return p->fatal ? -errno : 0; |
8e274523 LP |
118 | } |
119 | ||
5275d3c1 LP |
120 | label_fix(p->where); |
121 | ||
8e274523 LP |
122 | return 0; |
123 | } | |
124 | ||
2076ca54 LP |
125 | static int mount_cgroup_controllers(void) { |
126 | int r; | |
127 | FILE *f; | |
128 | char buf [256]; | |
129 | ||
670802d4 | 130 | /* Mount all available cgroup controllers that are built into the kernel. */ |
2076ca54 LP |
131 | |
132 | if (!(f = fopen("/proc/cgroups", "re"))) | |
133 | return -ENOENT; | |
134 | ||
135 | /* Ignore the header line */ | |
bab45044 | 136 | (void) fgets(buf, sizeof(buf), f); |
2076ca54 LP |
137 | |
138 | for (;;) { | |
139 | MountPoint p; | |
140 | char *controller, *where; | |
600a328f | 141 | int enabled = false; |
2076ca54 | 142 | |
16f6682d | 143 | if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) { |
2076ca54 LP |
144 | |
145 | if (feof(f)) | |
146 | break; | |
147 | ||
148 | log_error("Failed to parse /proc/cgroups."); | |
149 | r = -EIO; | |
150 | goto finish; | |
151 | } | |
152 | ||
600a328f LP |
153 | if (!enabled) { |
154 | free(controller); | |
155 | continue; | |
156 | } | |
157 | ||
77d5f105 | 158 | if (asprintf(&where, "/sys/fs/cgroup/%s", controller) < 0) { |
2076ca54 LP |
159 | free(controller); |
160 | r = -ENOMEM; | |
161 | goto finish; | |
162 | } | |
163 | ||
164 | zero(p); | |
165 | p.what = "cgroup"; | |
166 | p.where = where; | |
167 | p.type = "cgroup"; | |
168 | p.options = controller; | |
169 | p.flags = MS_NOSUID|MS_NOEXEC|MS_NODEV; | |
170 | p.fatal = false; | |
171 | ||
172 | r = mount_one(&p); | |
173 | free(controller); | |
174 | free(where); | |
175 | ||
176 | if (r < 0) | |
177 | goto finish; | |
178 | } | |
179 | ||
180 | r = 0; | |
181 | ||
182 | finish: | |
183 | fclose(f); | |
184 | ||
185 | return r; | |
186 | } | |
187 | ||
5c0532d1 LP |
188 | static int symlink_and_label(const char *old_path, const char *new_path) { |
189 | int r; | |
190 | ||
191 | assert(old_path); | |
192 | assert(new_path); | |
193 | ||
194 | if ((r = label_symlinkfile_set(new_path)) < 0) | |
195 | return r; | |
196 | ||
197 | if (symlink(old_path, new_path) < 0) | |
198 | r = -errno; | |
199 | ||
200 | label_file_clear(); | |
201 | ||
202 | return r; | |
203 | } | |
204 | ||
1829dc9d LP |
205 | static int nftw_cb( |
206 | const char *fpath, | |
207 | const struct stat *sb, | |
208 | int tflag, | |
209 | struct FTW *ftwbuf) { | |
210 | ||
9fe117ea LP |
211 | /* No need to label /dev twice in a row... */ |
212 | if (ftwbuf->level == 0) | |
213 | return 0; | |
214 | ||
1829dc9d LP |
215 | label_fix(fpath); |
216 | return 0; | |
217 | }; | |
218 | ||
8e274523 | 219 | int mount_setup(void) { |
5c0532d1 | 220 | |
40f9afa7 | 221 | const char symlinks[] = |
5c0532d1 LP |
222 | "/proc/kcore\0" "/dev/core\0" |
223 | "/proc/self/fd\0" "/dev/fd\0" | |
224 | "/proc/self/fd/0\0" "/dev/stdin\0" | |
225 | "/proc/self/fd/1\0" "/dev/stdout\0" | |
226 | "/proc/self/fd/2\0" "/dev/stderr\0" | |
227 | "\0"; | |
228 | ||
8e274523 | 229 | int r; |
dad08730 | 230 | unsigned i; |
5c0532d1 | 231 | const char *j, *k; |
8e274523 | 232 | |
ca714c0e LP |
233 | for (i = 0; i < ELEMENTSOF(mount_table); i ++) |
234 | if ((r = mount_one(mount_table+i)) < 0) | |
8e274523 LP |
235 | return r; |
236 | ||
1829dc9d LP |
237 | /* Nodes in devtmpfs need to be manually updated for the |
238 | * appropriate labels, after mounting. The other virtual API | |
239 | * file systems do not need. */ | |
240 | ||
241 | if (unlink("/dev/.systemd/relabel-devtmpfs") >= 0) | |
242 | nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS); | |
243 | ||
5c0532d1 LP |
244 | /* Create a few default symlinks, which are normally created |
245 | * bei udevd, but some scripts might need them before we start | |
246 | * udevd. */ | |
247 | ||
248 | NULSTR_FOREACH_PAIR(j, k, symlinks) | |
249 | symlink_and_label(j, k); | |
250 | ||
2076ca54 | 251 | return mount_cgroup_controllers(); |
8e274523 | 252 | } |