]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
4349cd7c LP |
2 | #pragma once |
3 | ||
4349cd7c | 4 | #include <mntent.h> |
11c3a366 | 5 | #include <stdio.h> |
9c653536 | 6 | #include <sys/stat.h> |
e49ee285 | 7 | #include <unistd.h> |
4e036b7a | 8 | |
75f79cd2 | 9 | #include "alloc-util.h" |
70599967 | 10 | #include "dissect-image.h" |
e49ee285 | 11 | #include "errno-util.h" |
11c3a366 | 12 | #include "macro.h" |
4349cd7c | 13 | |
570fe6f1 FB |
14 | /* The limit used for /dev itself. 4MB should be enough since device nodes and symlinks don't |
15 | * consume any space and udev isn't supposed to create regular file either. There's no limit on the | |
16 | * max number of inodes since such limit is hard to guess especially on large storage array | |
17 | * systems. */ | |
18 | #define TMPFS_LIMITS_DEV ",size=4m" | |
19 | ||
20 | /* The limit used for /dev in private namespaces. 4MB for contents of regular files. The number of | |
21 | * inodes should be relatively low in private namespaces but for now use a 64k limit. */ | |
22 | #define TMPFS_LIMITS_PRIVATE_DEV ",size=4m,nr_inodes=64k" | |
362a55fc | 23 | |
7d85383e TM |
24 | /* Very little, if any use expected */ |
25 | #define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k" | |
26 | #define TMPFS_LIMITS_SYS TMPFS_LIMITS_EMPTY_OR_ALMOST | |
27 | #define TMPFS_LIMITS_SYS_FS_CGROUP TMPFS_LIMITS_EMPTY_OR_ALMOST | |
362a55fc ZJS |
28 | |
29 | /* On an extremely small device with only 256MB of RAM, 20% of RAM should be enough for the re-execution of | |
30 | * PID1 because 16MB of free space is required. */ | |
b4e1563f | 31 | #define TMPFS_LIMITS_RUN ",size=20%,nr_inodes=800k" |
362a55fc | 32 | |
84f9a680 | 33 | /* The limit used for various nested tmpfs mounts, in particular for guests started by systemd-nspawn. |
362a55fc ZJS |
34 | * 10% of RAM (using 16GB of RAM as a baseline) translates to 400k inodes (assuming 4k each) and 25% |
35 | * translates to 1M inodes. | |
b67ec8e5 ZJS |
36 | * (On the host, /tmp is configured through a .mount unit file.) */ |
37 | #define NESTED_TMPFS_LIMITS ",size=10%,nr_inodes=400k" | |
362a55fc | 38 | |
b4e1563f | 39 | /* More space for volatile root and /var */ |
7d85383e TM |
40 | #define TMPFS_LIMITS_VAR ",size=25%,nr_inodes=1m" |
41 | #define TMPFS_LIMITS_ROOTFS TMPFS_LIMITS_VAR | |
42 | #define TMPFS_LIMITS_VOLATILE_STATE TMPFS_LIMITS_VAR | |
43 | ||
28126409 LP |
44 | int mount_fd(const char *source, int target_fd, const char *filesystemtype, unsigned long mountflags, const void *data); |
45 | int mount_nofollow(const char *source, const char *target, const char *filesystemtype, unsigned long mountflags, const void *data); | |
46 | ||
3f2c0bec | 47 | int repeat_unmount(const char *path, int flags); |
4349cd7c | 48 | int umount_recursive(const char *target, int flags); |
0289948e | 49 | |
6b000af4 | 50 | int bind_remount_recursive_with_mountinfo(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **deny_list, FILE *proc_self_mountinfo); |
0289948e LP |
51 | static inline int bind_remount_recursive(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **deny_list) { |
52 | return bind_remount_recursive_with_mountinfo(prefix, new_flags, flags_mask, deny_list, NULL); | |
53 | } | |
54 | ||
7cce68e1 | 55 | int bind_remount_one_with_mountinfo(const char *path, unsigned long new_flags, unsigned long flags_mask, FILE *proc_self_mountinfo); |
4349cd7c LP |
56 | |
57 | int mount_move_root(const char *path); | |
2e776ed6 | 58 | int mount_pivot_root(const char *path); |
4349cd7c | 59 | |
fd421c4a | 60 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(FILE*, endmntent, NULL); |
4349cd7c | 61 | #define _cleanup_endmntent_ _cleanup_(endmntentp) |
4e036b7a | 62 | |
511a8cfe | 63 | int mount_verbose_full( |
60e76d48 ZJS |
64 | int error_log_level, |
65 | const char *what, | |
66 | const char *where, | |
67 | const char *type, | |
68 | unsigned long flags, | |
511a8cfe LP |
69 | const char *options, |
70 | bool follow_symlink); | |
71 | ||
72 | static inline int mount_follow_verbose( | |
73 | int error_log_level, | |
74 | const char *what, | |
75 | const char *where, | |
76 | const char *type, | |
77 | unsigned long flags, | |
78 | const char *options) { | |
79 | return mount_verbose_full(error_log_level, what, where, type, flags, options, true); | |
80 | } | |
81 | ||
82 | static inline int mount_nofollow_verbose( | |
83 | int error_log_level, | |
84 | const char *what, | |
85 | const char *where, | |
86 | const char *type, | |
87 | unsigned long flags, | |
88 | const char *options) { | |
89 | return mount_verbose_full(error_log_level, what, where, type, flags, options, false); | |
90 | } | |
91 | ||
30f5d104 LP |
92 | int umount_verbose( |
93 | int error_log_level, | |
94 | const char *where, | |
95 | int flags); | |
83555251 | 96 | |
9e7f941a YW |
97 | int mount_option_mangle( |
98 | const char *options, | |
99 | unsigned long mount_flags, | |
100 | unsigned long *ret_mount_flags, | |
101 | char **ret_remaining_options); | |
be1791ad | 102 | |
e5f10caf | 103 | int mode_to_inaccessible_node(const char *runtime_dir, mode_t mode, char **dest); |
da185cd0 | 104 | int mount_flags_to_string(unsigned long flags, char **ret); |
e49ee285 LP |
105 | |
106 | /* Useful for usage with _cleanup_(), unmounts, removes a directory and frees the pointer */ | |
f93ba375 | 107 | static inline char* umount_and_rmdir_and_free(char *p) { |
e49ee285 | 108 | PROTECT_ERRNO; |
4d686e6b LP |
109 | if (p) { |
110 | (void) umount_recursive(p, 0); | |
111 | (void) rmdir(p); | |
112 | } | |
75f79cd2 | 113 | return mfree(p); |
e49ee285 LP |
114 | } |
115 | DEFINE_TRIVIAL_CLEANUP_FUNC(char*, umount_and_rmdir_and_free); | |
6af52c3a LB |
116 | |
117 | int bind_mount_in_namespace(pid_t target, const char *propagate_path, const char *incoming_path, const char *src, const char *dest, bool read_only, bool make_file_or_directory); | |
70599967 | 118 | int mount_image_in_namespace(pid_t target, const char *propagate_path, const char *incoming_path, const char *src, const char *dest, bool read_only, bool make_file_or_directory, const MountOptions *options); |
14a25e1f LP |
119 | |
120 | int make_mount_point(const char *path); | |
35fd3558 | 121 | |
1aa18710 QD |
122 | typedef enum RemountIdmapping { |
123 | REMOUNT_IDMAPPING_NONE, | |
50ae2966 LP |
124 | /* Include a mapping from UID_MAPPED_ROOT (i.e. UID 2^31-2) on the backing fs to UID 0 on the |
125 | * uidmapped fs. This is useful to ensure that the host root user can safely add inodes to the | |
126 | * uidmapped fs (which otherwise wouldn't work as the host root user is not defined on the uidmapped | |
127 | * mount and any attempts to create inodes will then be refused with EOVERFLOW). The idea is that | |
128 | * these inodes are quickly re-chown()ed to more suitable UIDs/GIDs. Any code that intends to be able | |
129 | * to add inodes to file systems mapped this way should set this flag, but given it comes with | |
130 | * certain security implications defaults to off, and requires explicit opt-in. */ | |
1aa18710 | 131 | REMOUNT_IDMAPPING_HOST_ROOT, |
2b2777ed QD |
132 | /* Define a mapping from root user within the container to the owner of the bind mounted directory. |
133 | * This ensure no root-owned files will be written in a bind-mounted directory owned by a different | |
134 | * user. No other users are mapped. */ | |
135 | REMOUNT_IDMAPPING_HOST_OWNER, | |
1aa18710 QD |
136 | _REMOUNT_IDMAPPING_MAX, |
137 | _REMOUNT_IDMAPPING_INVALID = -EINVAL, | |
138 | } RemountIdmapping; | |
50ae2966 | 139 | |
2b2777ed | 140 | int remount_idmap(const char *p, uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping); |
9c653536 ZJS |
141 | |
142 | /* Creates a mount point (not parents) based on the source path or stat - ie, a file or a directory */ | |
143 | int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mode_t mode); | |
144 | int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode); |