]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
e83bebef | 2 | |
4f5dd394 | 3 | #include <sys/mount.h> |
07630cea | 4 | #include <linux/magic.h> |
e83bebef | 5 | |
b5efdb8a | 6 | #include "alloc-util.h" |
4f5dd394 | 7 | #include "escape.h" |
0996ef00 CB |
8 | #include "fd-util.h" |
9 | #include "fileio.h" | |
f4f15635 | 10 | #include "fs-util.h" |
e83bebef | 11 | #include "label.h" |
4f5dd394 | 12 | #include "mkdir.h" |
4349cd7c | 13 | #include "mount-util.h" |
6bedfcbb LP |
14 | #include "nspawn-mount.h" |
15 | #include "parse-util.h" | |
4f5dd394 LP |
16 | #include "path-util.h" |
17 | #include "rm-rf.h" | |
e83bebef | 18 | #include "set.h" |
8fcde012 | 19 | #include "stat-util.h" |
07630cea | 20 | #include "string-util.h" |
4f5dd394 | 21 | #include "strv.h" |
ee104e11 | 22 | #include "user-util.h" |
4f5dd394 | 23 | #include "util.h" |
e83bebef | 24 | |
88614c8a | 25 | CustomMount* custom_mount_add(CustomMount **l, size_t *n, CustomMountType t) { |
e83bebef LP |
26 | CustomMount *c, *ret; |
27 | ||
28 | assert(l); | |
29 | assert(n); | |
30 | assert(t >= 0); | |
31 | assert(t < _CUSTOM_MOUNT_TYPE_MAX); | |
32 | ||
aa484f35 | 33 | c = reallocarray(*l, *n + 1, sizeof(CustomMount)); |
e83bebef LP |
34 | if (!c) |
35 | return NULL; | |
36 | ||
37 | *l = c; | |
38 | ret = *l + *n; | |
39 | (*n)++; | |
40 | ||
41 | *ret = (CustomMount) { .type = t }; | |
42 | ||
43 | return ret; | |
44 | } | |
45 | ||
88614c8a LP |
46 | void custom_mount_free_all(CustomMount *l, size_t n) { |
47 | size_t i; | |
e83bebef LP |
48 | |
49 | for (i = 0; i < n; i++) { | |
50 | CustomMount *m = l + i; | |
51 | ||
52 | free(m->source); | |
53 | free(m->destination); | |
54 | free(m->options); | |
55 | ||
56 | if (m->work_dir) { | |
57 | (void) rm_rf(m->work_dir, REMOVE_ROOT|REMOVE_PHYSICAL); | |
58 | free(m->work_dir); | |
59 | } | |
60 | ||
c7a4890c LP |
61 | if (m->rm_rf_tmpdir) { |
62 | (void) rm_rf(m->rm_rf_tmpdir, REMOVE_ROOT|REMOVE_PHYSICAL); | |
63 | free(m->rm_rf_tmpdir); | |
64 | } | |
65 | ||
e83bebef LP |
66 | strv_free(m->lower); |
67 | } | |
68 | ||
69 | free(l); | |
70 | } | |
71 | ||
86c0dd4a | 72 | static int custom_mount_compare(const void *a, const void *b) { |
e83bebef LP |
73 | const CustomMount *x = a, *y = b; |
74 | int r; | |
75 | ||
76 | r = path_compare(x->destination, y->destination); | |
77 | if (r != 0) | |
78 | return r; | |
79 | ||
80 | if (x->type < y->type) | |
81 | return -1; | |
82 | if (x->type > y->type) | |
83 | return 1; | |
84 | ||
85 | return 0; | |
86 | } | |
87 | ||
86c0dd4a LP |
88 | static bool source_path_is_valid(const char *p) { |
89 | assert(p); | |
90 | ||
91 | if (*p == '+') | |
92 | p++; | |
93 | ||
94 | return path_is_absolute(p); | |
95 | } | |
96 | ||
97 | static char *resolve_source_path(const char *dest, const char *source) { | |
98 | ||
99 | if (!source) | |
100 | return NULL; | |
101 | ||
102 | if (source[0] == '+') | |
103 | return prefix_root(dest, source + 1); | |
104 | ||
105 | return strdup(source); | |
106 | } | |
107 | ||
88614c8a LP |
108 | int custom_mount_prepare_all(const char *dest, CustomMount *l, size_t n) { |
109 | size_t i; | |
86c0dd4a LP |
110 | int r; |
111 | ||
112 | /* Prepare all custom mounts. This will make source we know all temporary directories. This is called in the | |
113 | * parent process, so that we know the temporary directories to remove on exit before we fork off the | |
114 | * children. */ | |
115 | ||
116 | assert(l || n == 0); | |
117 | ||
118 | /* Order the custom mounts, and make sure we have a working directory */ | |
119 | qsort_safe(l, n, sizeof(CustomMount), custom_mount_compare); | |
120 | ||
121 | for (i = 0; i < n; i++) { | |
122 | CustomMount *m = l + i; | |
123 | ||
124 | if (m->source) { | |
125 | char *s; | |
126 | ||
127 | s = resolve_source_path(dest, m->source); | |
128 | if (!s) | |
129 | return log_oom(); | |
130 | ||
10af01a5 | 131 | free_and_replace(m->source, s); |
c7a4890c LP |
132 | } else { |
133 | /* No source specified? In that case, use a throw-away temporary directory in /var/tmp */ | |
134 | ||
135 | m->rm_rf_tmpdir = strdup("/var/tmp/nspawn-temp-XXXXXX"); | |
136 | if (!m->rm_rf_tmpdir) | |
137 | return log_oom(); | |
138 | ||
139 | if (!mkdtemp(m->rm_rf_tmpdir)) { | |
140 | m->rm_rf_tmpdir = mfree(m->rm_rf_tmpdir); | |
141 | return log_error_errno(errno, "Failed to acquire temporary directory: %m"); | |
142 | } | |
143 | ||
144 | m->source = strjoin(m->rm_rf_tmpdir, "/src"); | |
145 | if (!m->source) | |
146 | return log_oom(); | |
147 | ||
148 | if (mkdir(m->source, 0755) < 0) | |
149 | return log_error_errno(errno, "Failed to create %s: %m", m->source); | |
86c0dd4a LP |
150 | } |
151 | ||
152 | if (m->type == CUSTOM_MOUNT_OVERLAY) { | |
153 | char **j; | |
154 | ||
155 | STRV_FOREACH(j, m->lower) { | |
156 | char *s; | |
157 | ||
158 | s = resolve_source_path(dest, *j); | |
159 | if (!s) | |
160 | return log_oom(); | |
161 | ||
10af01a5 | 162 | free_and_replace(*j, s); |
86c0dd4a LP |
163 | } |
164 | ||
165 | if (m->work_dir) { | |
166 | char *s; | |
167 | ||
168 | s = resolve_source_path(dest, m->work_dir); | |
169 | if (!s) | |
170 | return log_oom(); | |
171 | ||
10af01a5 | 172 | free_and_replace(m->work_dir, s); |
86c0dd4a LP |
173 | } else { |
174 | assert(m->source); | |
175 | ||
176 | r = tempfn_random(m->source, NULL, &m->work_dir); | |
177 | if (r < 0) | |
178 | return log_error_errno(r, "Failed to acquire working directory: %m"); | |
179 | } | |
180 | ||
181 | (void) mkdir_label(m->work_dir, 0700); | |
182 | } | |
183 | } | |
184 | ||
185 | return 0; | |
186 | } | |
187 | ||
88614c8a | 188 | int bind_mount_parse(CustomMount **l, size_t *n, const char *s, bool read_only) { |
e83bebef LP |
189 | _cleanup_free_ char *source = NULL, *destination = NULL, *opts = NULL; |
190 | const char *p = s; | |
191 | CustomMount *m; | |
192 | int r; | |
193 | ||
194 | assert(l); | |
195 | assert(n); | |
196 | ||
197 | r = extract_many_words(&p, ":", EXTRACT_DONT_COALESCE_SEPARATORS, &source, &destination, NULL); | |
198 | if (r < 0) | |
199 | return r; | |
200 | if (r == 0) | |
201 | return -EINVAL; | |
e83bebef | 202 | if (r == 1) { |
86c0dd4a | 203 | destination = strdup(source[0] == '+' ? source+1 : source); |
e83bebef LP |
204 | if (!destination) |
205 | return -ENOMEM; | |
206 | } | |
e83bebef LP |
207 | if (r == 2 && !isempty(p)) { |
208 | opts = strdup(p); | |
209 | if (!opts) | |
210 | return -ENOMEM; | |
211 | } | |
212 | ||
c7a4890c LP |
213 | if (isempty(source)) |
214 | source = NULL; | |
215 | else if (!source_path_is_valid(source)) | |
e83bebef | 216 | return -EINVAL; |
c7a4890c | 217 | |
e83bebef LP |
218 | if (!path_is_absolute(destination)) |
219 | return -EINVAL; | |
220 | ||
221 | m = custom_mount_add(l, n, CUSTOM_MOUNT_BIND); | |
222 | if (!m) | |
48cbe5f8 | 223 | return -ENOMEM; |
e83bebef LP |
224 | |
225 | m->source = source; | |
226 | m->destination = destination; | |
227 | m->read_only = read_only; | |
228 | m->options = opts; | |
229 | ||
230 | source = destination = opts = NULL; | |
231 | return 0; | |
232 | } | |
233 | ||
88614c8a | 234 | int tmpfs_mount_parse(CustomMount **l, size_t *n, const char *s) { |
e83bebef LP |
235 | _cleanup_free_ char *path = NULL, *opts = NULL; |
236 | const char *p = s; | |
237 | CustomMount *m; | |
238 | int r; | |
239 | ||
240 | assert(l); | |
241 | assert(n); | |
242 | assert(s); | |
243 | ||
244 | r = extract_first_word(&p, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS); | |
245 | if (r < 0) | |
246 | return r; | |
247 | if (r == 0) | |
248 | return -EINVAL; | |
249 | ||
250 | if (isempty(p)) | |
251 | opts = strdup("mode=0755"); | |
252 | else | |
253 | opts = strdup(p); | |
254 | if (!opts) | |
255 | return -ENOMEM; | |
256 | ||
257 | if (!path_is_absolute(path)) | |
258 | return -EINVAL; | |
259 | ||
260 | m = custom_mount_add(l, n, CUSTOM_MOUNT_TMPFS); | |
261 | if (!m) | |
262 | return -ENOMEM; | |
263 | ||
1cc6c93a YW |
264 | m->destination = TAKE_PTR(path); |
265 | m->options = TAKE_PTR(opts); | |
e83bebef | 266 | |
e83bebef LP |
267 | return 0; |
268 | } | |
269 | ||
88614c8a | 270 | int overlay_mount_parse(CustomMount **l, size_t *n, const char *s, bool read_only) { |
ad85779a LP |
271 | _cleanup_free_ char *upper = NULL, *destination = NULL; |
272 | _cleanup_strv_free_ char **lower = NULL; | |
273 | CustomMount *m; | |
86c0dd4a | 274 | int k; |
ad85779a | 275 | |
86c0dd4a LP |
276 | k = strv_split_extract(&lower, s, ":", EXTRACT_DONT_COALESCE_SEPARATORS); |
277 | if (k < 0) | |
278 | return k; | |
ad85779a LP |
279 | if (k < 2) |
280 | return -EADDRNOTAVAIL; | |
281 | if (k == 2) { | |
86c0dd4a LP |
282 | /* If two parameters are specified, the first one is the lower, the second one the upper directory. And |
283 | * we'll also define the destination mount point the same as the upper. */ | |
284 | ||
285 | if (!source_path_is_valid(lower[0]) || | |
286 | !source_path_is_valid(lower[1])) | |
287 | return -EINVAL; | |
288 | ||
ae2a15bc | 289 | upper = TAKE_PTR(lower[1]); |
ad85779a | 290 | |
86c0dd4a | 291 | destination = strdup(upper[0] == '+' ? upper+1 : upper); /* take the destination without "+" prefix */ |
ad85779a LP |
292 | if (!destination) |
293 | return -ENOMEM; | |
ad85779a | 294 | } else { |
c7a4890c | 295 | char **i; |
86c0dd4a LP |
296 | |
297 | /* If more than two parameters are specified, the last one is the destination, the second to last one | |
298 | * the "upper", and all before that the "lower" directories. */ | |
299 | ||
ad85779a | 300 | destination = lower[k - 1]; |
ae2a15bc | 301 | upper = TAKE_PTR(lower[k - 2]); |
86c0dd4a | 302 | |
c7a4890c LP |
303 | STRV_FOREACH(i, lower) |
304 | if (!source_path_is_valid(*i)) | |
305 | return -EINVAL; | |
306 | ||
307 | /* If the upper directory is unspecified, then let's create it automatically as a throw-away directory | |
308 | * in /var/tmp */ | |
309 | if (isempty(upper)) | |
310 | upper = NULL; | |
311 | else if (!source_path_is_valid(upper)) | |
312 | return -EINVAL; | |
313 | ||
86c0dd4a LP |
314 | if (!path_is_absolute(destination)) |
315 | return -EINVAL; | |
ad85779a LP |
316 | } |
317 | ||
318 | m = custom_mount_add(l, n, CUSTOM_MOUNT_OVERLAY); | |
319 | if (!m) | |
320 | return -ENOMEM; | |
321 | ||
1cc6c93a YW |
322 | m->destination = TAKE_PTR(destination); |
323 | m->source = TAKE_PTR(upper); | |
324 | m->lower = TAKE_PTR(lower); | |
ad85779a LP |
325 | m->read_only = read_only; |
326 | ||
ad85779a LP |
327 | return 0; |
328 | } | |
329 | ||
04029482 | 330 | int tmpfs_patch_options( |
e83bebef | 331 | const char *options, |
2fa017f1 | 332 | uid_t uid_shift, |
e83bebef LP |
333 | const char *selinux_apifs_context, |
334 | char **ret) { | |
335 | ||
336 | char *buf = NULL; | |
337 | ||
2fa017f1 | 338 | if (uid_shift != UID_INVALID) { |
9aa2169e | 339 | if (asprintf(&buf, "%s%suid=" UID_FMT ",gid=" UID_FMT, |
87e4e28d | 340 | strempty(options), options ? "," : "", |
9aa2169e | 341 | uid_shift, uid_shift) < 0) |
e83bebef LP |
342 | return -ENOMEM; |
343 | ||
344 | options = buf; | |
345 | } | |
346 | ||
349cc4a5 | 347 | #if HAVE_SELINUX |
e83bebef LP |
348 | if (selinux_apifs_context) { |
349 | char *t; | |
350 | ||
87e4e28d | 351 | t = strjoin(strempty(options), options ? "," : "", |
9aa2169e ZJS |
352 | "context=\"", selinux_apifs_context, "\""); |
353 | free(buf); | |
354 | if (!t) | |
e83bebef | 355 | return -ENOMEM; |
e83bebef | 356 | |
e83bebef LP |
357 | buf = t; |
358 | } | |
359 | #endif | |
360 | ||
0996ef00 CB |
361 | if (!buf && options) { |
362 | buf = strdup(options); | |
363 | if (!buf) | |
364 | return -ENOMEM; | |
365 | } | |
e83bebef | 366 | *ret = buf; |
0996ef00 | 367 | |
e83bebef LP |
368 | return !!buf; |
369 | } | |
370 | ||
4f086aab | 371 | int mount_sysfs(const char *dest, MountSettingsMask mount_settings) { |
d8fc6a00 | 372 | const char *full, *top, *x; |
d1678248 | 373 | int r; |
4f086aab | 374 | unsigned long extra_flags = 0; |
d8fc6a00 LP |
375 | |
376 | top = prefix_roota(dest, "/sys"); | |
40fd52f2 | 377 | r = path_is_fs_type(top, SYSFS_MAGIC); |
d1678248 ILG |
378 | if (r < 0) |
379 | return log_error_errno(r, "Failed to determine filesystem type of %s: %m", top); | |
380 | /* /sys might already be mounted as sysfs by the outer child in the | |
381 | * !netns case. In this case, it's all good. Don't touch it because we | |
382 | * don't have the right to do so, see https://github.com/systemd/systemd/issues/1555. | |
383 | */ | |
384 | if (r > 0) | |
385 | return 0; | |
386 | ||
d8fc6a00 LP |
387 | full = prefix_roota(top, "/full"); |
388 | ||
389 | (void) mkdir(full, 0755); | |
390 | ||
4f086aab SU |
391 | if (mount_settings & MOUNT_APPLY_APIVFS_RO) |
392 | extra_flags |= MS_RDONLY; | |
393 | ||
60e76d48 | 394 | r = mount_verbose(LOG_ERR, "sysfs", full, "sysfs", |
4f086aab | 395 | MS_NOSUID|MS_NOEXEC|MS_NODEV|extra_flags, NULL); |
60e76d48 ZJS |
396 | if (r < 0) |
397 | return r; | |
d8fc6a00 LP |
398 | |
399 | FOREACH_STRING(x, "block", "bus", "class", "dev", "devices", "kernel") { | |
400 | _cleanup_free_ char *from = NULL, *to = NULL; | |
401 | ||
402 | from = prefix_root(full, x); | |
403 | if (!from) | |
404 | return log_oom(); | |
405 | ||
406 | to = prefix_root(top, x); | |
407 | if (!to) | |
408 | return log_oom(); | |
409 | ||
410 | (void) mkdir(to, 0755); | |
411 | ||
60e76d48 ZJS |
412 | r = mount_verbose(LOG_ERR, from, to, NULL, MS_BIND, NULL); |
413 | if (r < 0) | |
414 | return r; | |
d8fc6a00 | 415 | |
60e76d48 | 416 | r = mount_verbose(LOG_ERR, NULL, to, NULL, |
4f086aab | 417 | MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT|extra_flags, NULL); |
60e76d48 ZJS |
418 | if (r < 0) |
419 | return r; | |
d8fc6a00 LP |
420 | } |
421 | ||
60e76d48 ZJS |
422 | r = umount_verbose(full); |
423 | if (r < 0) | |
424 | return r; | |
d8fc6a00 LP |
425 | |
426 | if (rmdir(full) < 0) | |
427 | return log_error_errno(errno, "Failed to remove %s: %m", full); | |
428 | ||
0996ef00 CB |
429 | /* Create mountpoint for cgroups. Otherwise we are not allowed since we |
430 | * remount /sys read-only. | |
431 | */ | |
677a72cd LS |
432 | x = prefix_roota(top, "/fs/cgroup"); |
433 | (void) mkdir_p(x, 0755); | |
d8fc6a00 | 434 | |
60e76d48 | 435 | return mount_verbose(LOG_ERR, NULL, top, NULL, |
4f086aab | 436 | MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT|extra_flags, NULL); |
d8fc6a00 LP |
437 | } |
438 | ||
9c0fad5f | 439 | static int mkdir_userns(const char *path, mode_t mode, uid_t uid_shift) { |
63eae723 EV |
440 | int r; |
441 | ||
442 | assert(path); | |
443 | ||
dae8b82e ZJS |
444 | r = mkdir_errno_wrapper(path, mode); |
445 | if (r < 0 && r != -EEXIST) | |
446 | return r; | |
63eae723 | 447 | |
9c0fad5f | 448 | if (uid_shift == UID_INVALID) |
acbbf69b LP |
449 | return 0; |
450 | ||
dae8b82e | 451 | if (lchown(path, uid_shift, uid_shift) < 0) |
acbbf69b | 452 | return -errno; |
63eae723 EV |
453 | |
454 | return 0; | |
455 | } | |
456 | ||
9c0fad5f | 457 | static int mkdir_userns_p(const char *prefix, const char *path, mode_t mode, uid_t uid_shift) { |
63eae723 EV |
458 | const char *p, *e; |
459 | int r; | |
460 | ||
461 | assert(path); | |
462 | ||
463 | if (prefix && !path_startswith(path, prefix)) | |
464 | return -ENOTDIR; | |
465 | ||
466 | /* create every parent directory in the path, except the last component */ | |
467 | p = path + strspn(path, "/"); | |
468 | for (;;) { | |
469 | char t[strlen(path) + 1]; | |
470 | ||
471 | e = p + strcspn(p, "/"); | |
472 | p = e + strspn(e, "/"); | |
473 | ||
474 | /* Is this the last component? If so, then we're done */ | |
475 | if (*p == 0) | |
476 | break; | |
477 | ||
478 | memcpy(t, path, e - path); | |
479 | t[e-path] = 0; | |
480 | ||
481 | if (prefix && path_startswith(prefix, t)) | |
482 | continue; | |
483 | ||
9c0fad5f | 484 | r = mkdir_userns(t, mode, uid_shift); |
63eae723 EV |
485 | if (r < 0) |
486 | return r; | |
487 | } | |
488 | ||
9c0fad5f | 489 | return mkdir_userns(path, mode, uid_shift); |
63eae723 EV |
490 | } |
491 | ||
e83bebef | 492 | int mount_all(const char *dest, |
4f086aab | 493 | MountSettingsMask mount_settings, |
2fa017f1 | 494 | uid_t uid_shift, |
e83bebef LP |
495 | const char *selinux_apifs_context) { |
496 | ||
d4b653c5 LP |
497 | #define PROC_INACCESSIBLE(path) \ |
498 | { NULL, (path), NULL, NULL, MS_BIND, \ | |
499 | MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO|MOUNT_INACCESSIBLE_REG }, /* Bind mount first ... */ \ | |
500 | { NULL, (path), NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, \ | |
501 | MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO } /* Then, make it r/o */ | |
502 | ||
503 | #define PROC_READ_ONLY(path) \ | |
504 | { (path), (path), NULL, NULL, MS_BIND, \ | |
505 | MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* Bind mount first ... */ \ | |
506 | { NULL, (path), NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, \ | |
507 | MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO } /* Then, make it r/o */ | |
508 | ||
e83bebef LP |
509 | typedef struct MountPoint { |
510 | const char *what; | |
511 | const char *where; | |
512 | const char *type; | |
513 | const char *options; | |
514 | unsigned long flags; | |
4f086aab | 515 | MountSettingsMask mount_settings; |
e83bebef LP |
516 | } MountPoint; |
517 | ||
518 | static const MountPoint mount_table[] = { | |
d4b653c5 LP |
519 | /* First we list inner child mounts (i.e. mounts applied *after* entering user namespacing) */ |
520 | { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, | |
521 | MOUNT_FATAL|MOUNT_IN_USERNS }, | |
522 | ||
523 | { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND, | |
524 | MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* Bind mount first ... */ | |
525 | ||
526 | { "/proc/sys/net", "/proc/sys/net", NULL, NULL, MS_BIND, | |
527 | MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO|MOUNT_APPLY_APIVFS_NETNS }, /* (except for this) */ | |
528 | ||
529 | { NULL, "/proc/sys", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, | |
530 | MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* ... then, make it r/o */ | |
531 | ||
532 | /* Make these files inaccessible to container payloads: they potentially leak information about kernel | |
533 | * internals or the host's execution environment to the container */ | |
534 | PROC_INACCESSIBLE("/proc/kallsyms"), | |
535 | PROC_INACCESSIBLE("/proc/kcore"), | |
536 | PROC_INACCESSIBLE("/proc/keys"), | |
537 | PROC_INACCESSIBLE("/proc/sysrq-trigger"), | |
538 | PROC_INACCESSIBLE("/proc/timer_list"), | |
539 | ||
540 | /* Make these directories read-only to container payloads: they show hardware information, and in some | |
541 | * cases contain tunables the container really shouldn't have access to. */ | |
542 | PROC_READ_ONLY("/proc/acpi"), | |
543 | PROC_READ_ONLY("/proc/apm"), | |
544 | PROC_READ_ONLY("/proc/asound"), | |
545 | PROC_READ_ONLY("/proc/bus"), | |
546 | PROC_READ_ONLY("/proc/fs"), | |
547 | PROC_READ_ONLY("/proc/irq"), | |
548 | PROC_READ_ONLY("/proc/scsi"), | |
549 | ||
550 | /* Then we list outer child mounts (i.e. mounts applied *before* entering user namespacing) */ | |
551 | { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, | |
552 | MOUNT_FATAL }, | |
03d0f4b5 | 553 | { "tmpfs", "/sys", "tmpfs", "mode=555", MS_NOSUID|MS_NOEXEC|MS_NODEV, |
d4b653c5 LP |
554 | MOUNT_FATAL|MOUNT_APPLY_APIVFS_NETNS }, |
555 | { "sysfs", "/sys", "sysfs", NULL, MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, | |
556 | MOUNT_FATAL|MOUNT_APPLY_APIVFS_RO }, /* skipped if above was mounted */ | |
557 | { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, | |
558 | MOUNT_FATAL }, /* skipped if above was mounted */ | |
559 | { "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, | |
560 | MOUNT_FATAL }, | |
561 | { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, | |
562 | MOUNT_FATAL }, | |
563 | { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, | |
564 | MOUNT_FATAL }, | |
565 | ||
349cc4a5 | 566 | #if HAVE_SELINUX |
d4b653c5 LP |
567 | { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, |
568 | 0 }, /* Bind mount first */ | |
569 | { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, | |
570 | 0 }, /* Then, make it r/o */ | |
e83bebef LP |
571 | #endif |
572 | }; | |
573 | ||
d4b653c5 | 574 | _cleanup_(unlink_and_freep) char *inaccessible = NULL; |
4f086aab SU |
575 | bool use_userns = (mount_settings & MOUNT_USE_USERNS); |
576 | bool netns = (mount_settings & MOUNT_APPLY_APIVFS_NETNS); | |
577 | bool ro = (mount_settings & MOUNT_APPLY_APIVFS_RO); | |
578 | bool in_userns = (mount_settings & MOUNT_IN_USERNS); | |
d4b653c5 | 579 | size_t k; |
88614c8a | 580 | int r; |
e83bebef LP |
581 | |
582 | for (k = 0; k < ELEMENTSOF(mount_table); k++) { | |
583 | _cleanup_free_ char *where = NULL, *options = NULL; | |
d4b653c5 | 584 | const char *o, *what; |
4f086aab SU |
585 | bool fatal = (mount_table[k].mount_settings & MOUNT_FATAL); |
586 | ||
587 | if (in_userns != (bool)(mount_table[k].mount_settings & MOUNT_IN_USERNS)) | |
588 | continue; | |
e83bebef | 589 | |
4f086aab | 590 | if (!netns && (bool)(mount_table[k].mount_settings & MOUNT_APPLY_APIVFS_NETNS)) |
d1678248 ILG |
591 | continue; |
592 | ||
4f086aab | 593 | if (!ro && (bool)(mount_table[k].mount_settings & MOUNT_APPLY_APIVFS_RO)) |
e83bebef LP |
594 | continue; |
595 | ||
cb638b5e | 596 | r = chase_symlinks(mount_table[k].where, dest, CHASE_NONEXISTENT|CHASE_PREFIX_ROOT, &where); |
8ce48cf0 | 597 | if (r < 0) |
ec57bd42 | 598 | return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, mount_table[k].where); |
e83bebef | 599 | |
d4b653c5 LP |
600 | if (mount_table[k].mount_settings & MOUNT_INACCESSIBLE_REG) { |
601 | ||
602 | if (!inaccessible) { | |
603 | _cleanup_free_ char *np = NULL; | |
604 | ||
605 | r = tempfn_random_child(NULL, "inaccessible", &np); | |
606 | if (r < 0) | |
607 | return log_error_errno(r, "Failed to generate inaccessible file node path: %m"); | |
608 | ||
609 | r = touch_file(np, false, USEC_INFINITY, UID_INVALID, GID_INVALID, 0000); | |
610 | if (r < 0) | |
611 | return log_error_errno(r, "Failed to create inaccessible file node '%s': %m", np); | |
612 | ||
613 | inaccessible = TAKE_PTR(np); | |
614 | } | |
615 | ||
616 | what = inaccessible; | |
617 | } else | |
618 | what = mount_table[k].what; | |
619 | ||
8ce48cf0 | 620 | r = path_is_mount_point(where, NULL, 0); |
e83bebef LP |
621 | if (r < 0 && r != -ENOENT) |
622 | return log_error_errno(r, "Failed to detect whether %s is a mount point: %m", where); | |
623 | ||
624 | /* Skip this entry if it is not a remount. */ | |
d4b653c5 | 625 | if (what && r > 0) |
e83bebef LP |
626 | continue; |
627 | ||
9c0fad5f | 628 | r = mkdir_userns_p(dest, where, 0755, (use_userns && !in_userns) ? uid_shift : UID_INVALID); |
920a7899 | 629 | if (r < 0 && r != -EEXIST) { |
4f13e534 | 630 | if (fatal && r != -EROFS) |
e83bebef LP |
631 | return log_error_errno(r, "Failed to create directory %s: %m", where); |
632 | ||
201b13c8 | 633 | log_debug_errno(r, "Failed to create directory %s: %m", where); |
4f13e534 LT |
634 | /* If we failed mkdir() or chown() due to the root |
635 | * directory being read only, attempt to mount this fs | |
636 | * anyway and let mount_verbose log any errors */ | |
637 | if (r != -EROFS) | |
638 | continue; | |
e83bebef LP |
639 | } |
640 | ||
641 | o = mount_table[k].options; | |
642 | if (streq_ptr(mount_table[k].type, "tmpfs")) { | |
2fa017f1 | 643 | r = tmpfs_patch_options(o, in_userns ? 0 : uid_shift, selinux_apifs_context, &options); |
e83bebef LP |
644 | if (r < 0) |
645 | return log_oom(); | |
646 | if (r > 0) | |
647 | o = options; | |
648 | } | |
649 | ||
4f086aab | 650 | r = mount_verbose(fatal ? LOG_ERR : LOG_DEBUG, |
d4b653c5 | 651 | what, |
60e76d48 ZJS |
652 | where, |
653 | mount_table[k].type, | |
654 | mount_table[k].flags, | |
655 | o); | |
4f086aab | 656 | if (r < 0 && fatal) |
60e76d48 | 657 | return r; |
e83bebef LP |
658 | } |
659 | ||
660 | return 0; | |
661 | } | |
662 | ||
e83bebef | 663 | static int mount_bind(const char *dest, CustomMount *m) { |
68cf43c3 | 664 | |
72d967df | 665 | _cleanup_free_ char *where = NULL; |
68cf43c3 | 666 | struct stat source_st, dest_st; |
e83bebef LP |
667 | int r; |
668 | ||
86c0dd4a | 669 | assert(dest); |
e83bebef LP |
670 | assert(m); |
671 | ||
e83bebef LP |
672 | if (stat(m->source, &source_st) < 0) |
673 | return log_error_errno(errno, "Failed to stat %s: %m", m->source); | |
674 | ||
cb638b5e | 675 | r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where); |
68cf43c3 | 676 | if (r < 0) |
ec57bd42 | 677 | return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination); |
8ce48cf0 LP |
678 | if (r > 0) { /* Path exists already? */ |
679 | ||
680 | if (stat(where, &dest_st) < 0) | |
681 | return log_error_errno(errno, "Failed to stat %s: %m", where); | |
e83bebef | 682 | |
e83bebef LP |
683 | if (S_ISDIR(source_st.st_mode) && !S_ISDIR(dest_st.st_mode)) { |
684 | log_error("Cannot bind mount directory %s on file %s.", m->source, where); | |
685 | return -EINVAL; | |
686 | } | |
687 | ||
688 | if (!S_ISDIR(source_st.st_mode) && S_ISDIR(dest_st.st_mode)) { | |
689 | log_error("Cannot bind mount file %s on directory %s.", m->source, where); | |
690 | return -EINVAL; | |
691 | } | |
692 | ||
8ce48cf0 | 693 | } else { /* Path doesn't exist yet? */ |
e83bebef LP |
694 | r = mkdir_parents_label(where, 0755); |
695 | if (r < 0) | |
696 | return log_error_errno(r, "Failed to make parents of %s: %m", where); | |
b97e83cb BN |
697 | |
698 | /* Create the mount point. Any non-directory file can be | |
699 | * mounted on any non-directory file (regular, fifo, socket, | |
700 | * char, block). | |
701 | */ | |
702 | if (S_ISDIR(source_st.st_mode)) | |
703 | r = mkdir_label(where, 0755); | |
704 | else | |
705 | r = touch(where); | |
706 | if (r < 0) | |
707 | return log_error_errno(r, "Failed to create mount point %s: %m", where); | |
708 | ||
8ce48cf0 | 709 | } |
e83bebef | 710 | |
72d967df | 711 | r = mount_verbose(LOG_ERR, m->source, where, NULL, MS_BIND | MS_REC, m->options); |
60e76d48 ZJS |
712 | if (r < 0) |
713 | return r; | |
e83bebef LP |
714 | |
715 | if (m->read_only) { | |
6b7c9f8b | 716 | r = bind_remount_recursive(where, true, NULL); |
e83bebef LP |
717 | if (r < 0) |
718 | return log_error_errno(r, "Read-only bind mount failed: %m"); | |
719 | } | |
720 | ||
721 | return 0; | |
722 | } | |
723 | ||
724 | static int mount_tmpfs( | |
725 | const char *dest, | |
726 | CustomMount *m, | |
727 | bool userns, uid_t uid_shift, uid_t uid_range, | |
728 | const char *selinux_apifs_context) { | |
729 | ||
68cf43c3 LP |
730 | const char *options; |
731 | _cleanup_free_ char *buf = NULL, *where = NULL; | |
e83bebef LP |
732 | int r; |
733 | ||
734 | assert(dest); | |
735 | assert(m); | |
736 | ||
cb638b5e | 737 | r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where); |
68cf43c3 | 738 | if (r < 0) |
ec57bd42 | 739 | return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination); |
8ce48cf0 LP |
740 | if (r == 0) { /* Doesn't exist yet? */ |
741 | r = mkdir_p_label(where, 0755); | |
742 | if (r < 0) | |
743 | return log_error_errno(r, "Creating mount point for tmpfs %s failed: %m", where); | |
744 | } | |
e83bebef | 745 | |
2fa017f1 | 746 | r = tmpfs_patch_options(m->options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); |
e83bebef LP |
747 | if (r < 0) |
748 | return log_oom(); | |
749 | options = r > 0 ? buf : m->options; | |
750 | ||
60e76d48 | 751 | return mount_verbose(LOG_ERR, "tmpfs", where, "tmpfs", MS_NODEV|MS_STRICTATIME, options); |
e83bebef LP |
752 | } |
753 | ||
86c0dd4a | 754 | static char *joined_and_escaped_lower_dirs(char **lower) { |
e83bebef LP |
755 | _cleanup_strv_free_ char **sv = NULL; |
756 | ||
757 | sv = strv_copy(lower); | |
758 | if (!sv) | |
759 | return NULL; | |
760 | ||
761 | strv_reverse(sv); | |
762 | ||
763 | if (!strv_shell_escape(sv, ",:")) | |
764 | return NULL; | |
765 | ||
766 | return strv_join(sv, ":"); | |
767 | } | |
768 | ||
769 | static int mount_overlay(const char *dest, CustomMount *m) { | |
68cf43c3 | 770 | |
86c0dd4a | 771 | _cleanup_free_ char *lower = NULL, *where = NULL, *escaped_source = NULL; |
68cf43c3 | 772 | const char *options; |
e83bebef LP |
773 | int r; |
774 | ||
775 | assert(dest); | |
776 | assert(m); | |
777 | ||
cb638b5e | 778 | r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where); |
68cf43c3 | 779 | if (r < 0) |
ec57bd42 | 780 | return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination); |
8ce48cf0 LP |
781 | if (r == 0) { /* Doesn't exist yet? */ |
782 | r = mkdir_label(where, 0755); | |
783 | if (r < 0) | |
784 | return log_error_errno(r, "Creating mount point for overlay %s failed: %m", where); | |
785 | } | |
e83bebef LP |
786 | |
787 | (void) mkdir_p_label(m->source, 0755); | |
788 | ||
789 | lower = joined_and_escaped_lower_dirs(m->lower); | |
790 | if (!lower) | |
791 | return log_oom(); | |
792 | ||
86c0dd4a LP |
793 | escaped_source = shell_escape(m->source, ",:"); |
794 | if (!escaped_source) | |
795 | return log_oom(); | |
e83bebef | 796 | |
86c0dd4a | 797 | if (m->read_only) |
e83bebef | 798 | options = strjoina("lowerdir=", escaped_source, ":", lower); |
86c0dd4a LP |
799 | else { |
800 | _cleanup_free_ char *escaped_work_dir = NULL; | |
e83bebef | 801 | |
e83bebef LP |
802 | escaped_work_dir = shell_escape(m->work_dir, ",:"); |
803 | if (!escaped_work_dir) | |
804 | return log_oom(); | |
805 | ||
806 | options = strjoina("lowerdir=", lower, ",upperdir=", escaped_source, ",workdir=", escaped_work_dir); | |
807 | } | |
808 | ||
60e76d48 | 809 | return mount_verbose(LOG_ERR, "overlay", where, "overlay", m->read_only ? MS_RDONLY : 0, options); |
e83bebef LP |
810 | } |
811 | ||
812 | int mount_custom( | |
813 | const char *dest, | |
88614c8a | 814 | CustomMount *mounts, size_t n, |
e83bebef LP |
815 | bool userns, uid_t uid_shift, uid_t uid_range, |
816 | const char *selinux_apifs_context) { | |
817 | ||
88614c8a | 818 | size_t i; |
e83bebef LP |
819 | int r; |
820 | ||
821 | assert(dest); | |
822 | ||
823 | for (i = 0; i < n; i++) { | |
824 | CustomMount *m = mounts + i; | |
825 | ||
826 | switch (m->type) { | |
827 | ||
828 | case CUSTOM_MOUNT_BIND: | |
829 | r = mount_bind(dest, m); | |
830 | break; | |
831 | ||
832 | case CUSTOM_MOUNT_TMPFS: | |
833 | r = mount_tmpfs(dest, m, userns, uid_shift, uid_range, selinux_apifs_context); | |
834 | break; | |
835 | ||
836 | case CUSTOM_MOUNT_OVERLAY: | |
837 | r = mount_overlay(dest, m); | |
838 | break; | |
839 | ||
840 | default: | |
841 | assert_not_reached("Unknown custom mount type"); | |
842 | } | |
843 | ||
844 | if (r < 0) | |
845 | return r; | |
846 | } | |
847 | ||
848 | return 0; | |
849 | } | |
850 | ||
e83bebef LP |
851 | int setup_volatile_state( |
852 | const char *directory, | |
853 | VolatileMode mode, | |
854 | bool userns, uid_t uid_shift, uid_t uid_range, | |
855 | const char *selinux_apifs_context) { | |
856 | ||
857 | _cleanup_free_ char *buf = NULL; | |
858 | const char *p, *options; | |
859 | int r; | |
860 | ||
861 | assert(directory); | |
862 | ||
863 | if (mode != VOLATILE_STATE) | |
864 | return 0; | |
865 | ||
866 | /* --volatile=state means we simply overmount /var | |
867 | with a tmpfs, and the rest read-only. */ | |
868 | ||
6b7c9f8b | 869 | r = bind_remount_recursive(directory, true, NULL); |
e83bebef LP |
870 | if (r < 0) |
871 | return log_error_errno(r, "Failed to remount %s read-only: %m", directory); | |
872 | ||
873 | p = prefix_roota(directory, "/var"); | |
874 | r = mkdir(p, 0755); | |
875 | if (r < 0 && errno != EEXIST) | |
876 | return log_error_errno(errno, "Failed to create %s: %m", directory); | |
877 | ||
878 | options = "mode=755"; | |
2fa017f1 | 879 | r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); |
e83bebef LP |
880 | if (r < 0) |
881 | return log_oom(); | |
882 | if (r > 0) | |
883 | options = buf; | |
884 | ||
60e76d48 | 885 | return mount_verbose(LOG_ERR, "tmpfs", p, "tmpfs", MS_STRICTATIME, options); |
e83bebef LP |
886 | } |
887 | ||
888 | int setup_volatile( | |
889 | const char *directory, | |
890 | VolatileMode mode, | |
891 | bool userns, uid_t uid_shift, uid_t uid_range, | |
892 | const char *selinux_apifs_context) { | |
893 | ||
894 | bool tmpfs_mounted = false, bind_mounted = false; | |
895 | char template[] = "/tmp/nspawn-volatile-XXXXXX"; | |
896 | _cleanup_free_ char *buf = NULL; | |
897 | const char *f, *t, *options; | |
898 | int r; | |
899 | ||
900 | assert(directory); | |
901 | ||
902 | if (mode != VOLATILE_YES) | |
903 | return 0; | |
904 | ||
905 | /* --volatile=yes means we mount a tmpfs to the root dir, and | |
906 | the original /usr to use inside it, and that read-only. */ | |
907 | ||
908 | if (!mkdtemp(template)) | |
909 | return log_error_errno(errno, "Failed to create temporary directory: %m"); | |
910 | ||
911 | options = "mode=755"; | |
2fa017f1 | 912 | r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); |
e83bebef LP |
913 | if (r < 0) |
914 | return log_oom(); | |
915 | if (r > 0) | |
916 | options = buf; | |
917 | ||
60e76d48 ZJS |
918 | r = mount_verbose(LOG_ERR, "tmpfs", template, "tmpfs", MS_STRICTATIME, options); |
919 | if (r < 0) | |
e83bebef | 920 | goto fail; |
e83bebef LP |
921 | |
922 | tmpfs_mounted = true; | |
923 | ||
924 | f = prefix_roota(directory, "/usr"); | |
925 | t = prefix_roota(template, "/usr"); | |
926 | ||
927 | r = mkdir(t, 0755); | |
928 | if (r < 0 && errno != EEXIST) { | |
929 | r = log_error_errno(errno, "Failed to create %s: %m", t); | |
930 | goto fail; | |
931 | } | |
932 | ||
60e76d48 ZJS |
933 | r = mount_verbose(LOG_ERR, f, t, NULL, MS_BIND|MS_REC, NULL); |
934 | if (r < 0) | |
e83bebef | 935 | goto fail; |
e83bebef LP |
936 | |
937 | bind_mounted = true; | |
938 | ||
6b7c9f8b | 939 | r = bind_remount_recursive(t, true, NULL); |
e83bebef LP |
940 | if (r < 0) { |
941 | log_error_errno(r, "Failed to remount %s read-only: %m", t); | |
942 | goto fail; | |
943 | } | |
944 | ||
60e76d48 ZJS |
945 | r = mount_verbose(LOG_ERR, template, directory, NULL, MS_MOVE, NULL); |
946 | if (r < 0) | |
e83bebef | 947 | goto fail; |
e83bebef LP |
948 | |
949 | (void) rmdir(template); | |
950 | ||
951 | return 0; | |
952 | ||
953 | fail: | |
954 | if (bind_mounted) | |
60e76d48 | 955 | (void) umount_verbose(t); |
e83bebef LP |
956 | |
957 | if (tmpfs_mounted) | |
60e76d48 | 958 | (void) umount_verbose(template); |
e83bebef LP |
959 | (void) rmdir(template); |
960 | return r; | |
961 | } | |
b53ede69 PW |
962 | |
963 | /* Expects *pivot_root_new and *pivot_root_old to be initialised to allocated memory or NULL. */ | |
964 | int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s) { | |
965 | _cleanup_free_ char *root_new = NULL, *root_old = NULL; | |
966 | const char *p = s; | |
967 | int r; | |
968 | ||
969 | assert(pivot_root_new); | |
970 | assert(pivot_root_old); | |
971 | ||
972 | r = extract_first_word(&p, &root_new, ":", EXTRACT_DONT_COALESCE_SEPARATORS); | |
973 | if (r < 0) | |
974 | return r; | |
975 | if (r == 0) | |
976 | return -EINVAL; | |
977 | ||
978 | if (isempty(p)) | |
979 | root_old = NULL; | |
980 | else { | |
981 | root_old = strdup(p); | |
982 | if (!root_old) | |
983 | return -ENOMEM; | |
984 | } | |
985 | ||
986 | if (!path_is_absolute(root_new)) | |
987 | return -EINVAL; | |
988 | if (root_old && !path_is_absolute(root_old)) | |
989 | return -EINVAL; | |
990 | ||
991 | free_and_replace(*pivot_root_new, root_new); | |
992 | free_and_replace(*pivot_root_old, root_old); | |
993 | ||
994 | return 0; | |
995 | } | |
996 | ||
997 | int setup_pivot_root(const char *directory, const char *pivot_root_new, const char *pivot_root_old) { | |
998 | _cleanup_free_ char *directory_pivot_root_new = NULL; | |
999 | _cleanup_free_ char *pivot_tmp_pivot_root_old = NULL; | |
1000 | char pivot_tmp[] = "/tmp/nspawn-pivot-XXXXXX"; | |
1001 | bool remove_pivot_tmp = false; | |
1002 | int r; | |
1003 | ||
1004 | assert(directory); | |
1005 | ||
1006 | if (!pivot_root_new) | |
1007 | return 0; | |
1008 | ||
1009 | /* Pivot pivot_root_new to / and the existing / to pivot_root_old. | |
1010 | * If pivot_root_old is NULL, the existing / disappears. | |
1011 | * This requires a temporary directory, pivot_tmp, which is | |
1012 | * not a child of either. | |
1013 | * | |
1014 | * This is typically used for OSTree-style containers, where | |
1015 | * the root partition contains several sysroots which could be | |
1016 | * run. Normally, one would be chosen by the bootloader and | |
1017 | * pivoted to / by initramfs. | |
1018 | * | |
1019 | * For example, for an OSTree deployment, pivot_root_new | |
1020 | * would be: /ostree/deploy/$os/deploy/$checksum. Note that this | |
1021 | * code doesn’t do the /var mount which OSTree expects: use | |
1022 | * --bind +/sysroot/ostree/deploy/$os/var:/var for that. | |
1023 | * | |
1024 | * So in the OSTree case, we’ll end up with something like: | |
1025 | * - directory = /tmp/nspawn-root-123456 | |
1026 | * - pivot_root_new = /ostree/deploy/os/deploy/123abc | |
1027 | * - pivot_root_old = /sysroot | |
1028 | * - directory_pivot_root_new = | |
1029 | * /tmp/nspawn-root-123456/ostree/deploy/os/deploy/123abc | |
1030 | * - pivot_tmp = /tmp/nspawn-pivot-123456 | |
1031 | * - pivot_tmp_pivot_root_old = /tmp/nspawn-pivot-123456/sysroot | |
1032 | * | |
1033 | * Requires all file systems at directory and below to be mounted | |
1034 | * MS_PRIVATE or MS_SLAVE so they can be moved. | |
1035 | */ | |
1036 | directory_pivot_root_new = prefix_root(directory, pivot_root_new); | |
1037 | ||
1038 | /* Remount directory_pivot_root_new to make it movable. */ | |
1039 | r = mount_verbose(LOG_ERR, directory_pivot_root_new, directory_pivot_root_new, NULL, MS_BIND, NULL); | |
1040 | if (r < 0) | |
1041 | goto done; | |
1042 | ||
1043 | if (pivot_root_old) { | |
1044 | if (!mkdtemp(pivot_tmp)) { | |
1045 | r = log_error_errno(errno, "Failed to create temporary directory: %m"); | |
1046 | goto done; | |
1047 | } | |
1048 | ||
1049 | remove_pivot_tmp = true; | |
1050 | pivot_tmp_pivot_root_old = prefix_root(pivot_tmp, pivot_root_old); | |
1051 | ||
1052 | r = mount_verbose(LOG_ERR, directory_pivot_root_new, pivot_tmp, NULL, MS_MOVE, NULL); | |
1053 | if (r < 0) | |
1054 | goto done; | |
1055 | ||
1056 | r = mount_verbose(LOG_ERR, directory, pivot_tmp_pivot_root_old, NULL, MS_MOVE, NULL); | |
1057 | if (r < 0) | |
1058 | goto done; | |
1059 | ||
1060 | r = mount_verbose(LOG_ERR, pivot_tmp, directory, NULL, MS_MOVE, NULL); | |
1061 | if (r < 0) | |
1062 | goto done; | |
1063 | } else { | |
1064 | r = mount_verbose(LOG_ERR, directory_pivot_root_new, directory, NULL, MS_MOVE, NULL); | |
1065 | if (r < 0) | |
1066 | goto done; | |
1067 | } | |
1068 | ||
1069 | done: | |
1070 | if (remove_pivot_tmp) | |
1071 | (void) rmdir(pivot_tmp); | |
1072 | ||
1073 | return r; | |
1074 | } |