]>
Commit | Line | Data |
---|---|---|
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ | |
2 | #pragma once | |
3 | ||
4 | #include <mntent.h> | |
5 | #include <stdio.h> | |
6 | #include <sys/stat.h> | |
7 | #include <unistd.h> | |
8 | ||
9 | #include "alloc-util.h" | |
10 | #include "dissect-image.h" | |
11 | #include "errno-util.h" | |
12 | #include "macro.h" | |
13 | ||
14 | typedef enum MountAttrPropagationType { | |
15 | MOUNT_ATTR_PROPAGATION_INHERIT, /* no special MS_* propagation flags */ | |
16 | MOUNT_ATTR_PROPAGATION_PRIVATE, /* MS_PRIVATE */ | |
17 | MOUNT_ATTR_PROPAGATION_DEPENDENT, /* MS_SLAVE */ | |
18 | MOUNT_ATTR_PROPAGATION_SHARED, /* MS_SHARE */ | |
19 | ||
20 | _MOUNT_ATTR_PROPAGATION_TYPE_MAX, | |
21 | _MOUNT_ATTR_PROPAGATION_TYPE_INVALID = -EINVAL, | |
22 | } MountAttrPropagationType; | |
23 | ||
24 | const char* mount_attr_propagation_type_to_string(MountAttrPropagationType t) _const_; | |
25 | MountAttrPropagationType mount_attr_propagation_type_from_string(const char *s) _pure_; | |
26 | unsigned int mount_attr_propagation_type_to_flag(MountAttrPropagationType t); | |
27 | ||
28 | int repeat_unmount(const char *path, int flags); | |
29 | int umount_recursive(const char *target, int flags); | |
30 | ||
31 | int bind_remount_recursive_with_mountinfo(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **deny_list, FILE *proc_self_mountinfo); | |
32 | static inline int bind_remount_recursive(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **deny_list) { | |
33 | return bind_remount_recursive_with_mountinfo(prefix, new_flags, flags_mask, deny_list, NULL); | |
34 | } | |
35 | ||
36 | int bind_remount_one_with_mountinfo(const char *path, unsigned long new_flags, unsigned long flags_mask, FILE *proc_self_mountinfo); | |
37 | ||
38 | int mount_switch_root(const char *path, MountAttrPropagationType type); | |
39 | ||
40 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(FILE*, endmntent, NULL); | |
41 | #define _cleanup_endmntent_ _cleanup_(endmntentp) | |
42 | ||
43 | int mount_verbose_full( | |
44 | int error_log_level, | |
45 | const char *what, | |
46 | const char *where, | |
47 | const char *type, | |
48 | unsigned long flags, | |
49 | const char *options, | |
50 | bool follow_symlink); | |
51 | ||
52 | static inline int mount_follow_verbose( | |
53 | int error_log_level, | |
54 | const char *what, | |
55 | const char *where, | |
56 | const char *type, | |
57 | unsigned long flags, | |
58 | const char *options) { | |
59 | return mount_verbose_full(error_log_level, what, where, type, flags, options, true); | |
60 | } | |
61 | ||
62 | static inline int mount_nofollow_verbose( | |
63 | int error_log_level, | |
64 | const char *what, | |
65 | const char *where, | |
66 | const char *type, | |
67 | unsigned long flags, | |
68 | const char *options) { | |
69 | return mount_verbose_full(error_log_level, what, where, type, flags, options, false); | |
70 | } | |
71 | ||
72 | int umount_verbose( | |
73 | int error_log_level, | |
74 | const char *where, | |
75 | int flags); | |
76 | ||
77 | int mount_option_mangle( | |
78 | const char *options, | |
79 | unsigned long mount_flags, | |
80 | unsigned long *ret_mount_flags, | |
81 | char **ret_remaining_options); | |
82 | ||
83 | int mode_to_inaccessible_node(const char *runtime_dir, mode_t mode, char **dest); | |
84 | int mount_flags_to_string(unsigned long flags, char **ret); | |
85 | ||
86 | /* Useful for usage with _cleanup_(), unmounts, removes a directory and frees the pointer */ | |
87 | static inline char* umount_and_rmdir_and_free(char *p) { | |
88 | PROTECT_ERRNO; | |
89 | if (p) { | |
90 | (void) umount_recursive(p, 0); | |
91 | (void) rmdir(p); | |
92 | } | |
93 | return mfree(p); | |
94 | } | |
95 | DEFINE_TRIVIAL_CLEANUP_FUNC(char*, umount_and_rmdir_and_free); | |
96 | ||
97 | int bind_mount_in_namespace(pid_t target, const char *propagate_path, const char *incoming_path, const char *src, const char *dest, bool read_only, bool make_file_or_directory); | |
98 | int mount_image_in_namespace(pid_t target, const char *propagate_path, const char *incoming_path, const char *src, const char *dest, bool read_only, bool make_file_or_directory, const MountOptions *options); | |
99 | ||
100 | int make_mount_point(const char *path); | |
101 | ||
102 | typedef enum RemountIdmapping { | |
103 | REMOUNT_IDMAPPING_NONE, | |
104 | /* Include a mapping from UID_MAPPED_ROOT (i.e. UID 2^31-2) on the backing fs to UID 0 on the | |
105 | * uidmapped fs. This is useful to ensure that the host root user can safely add inodes to the | |
106 | * uidmapped fs (which otherwise wouldn't work as the host root user is not defined on the uidmapped | |
107 | * mount and any attempts to create inodes will then be refused with EOVERFLOW). The idea is that | |
108 | * these inodes are quickly re-chown()ed to more suitable UIDs/GIDs. Any code that intends to be able | |
109 | * to add inodes to file systems mapped this way should set this flag, but given it comes with | |
110 | * certain security implications defaults to off, and requires explicit opt-in. */ | |
111 | REMOUNT_IDMAPPING_HOST_ROOT, | |
112 | /* Define a mapping from root user within the container to the owner of the bind mounted directory. | |
113 | * This ensure no root-owned files will be written in a bind-mounted directory owned by a different | |
114 | * user. No other users are mapped. */ | |
115 | REMOUNT_IDMAPPING_HOST_OWNER, | |
116 | _REMOUNT_IDMAPPING_MAX, | |
117 | _REMOUNT_IDMAPPING_INVALID = -EINVAL, | |
118 | } RemountIdmapping; | |
119 | ||
120 | int remount_idmap(const char *p, uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping); | |
121 | ||
122 | /* Creates a mount point (not parents) based on the source path or stat - ie, a file or a directory */ | |
123 | int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mode_t mode); | |
124 | int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode); |