src/home/homework-mount.c

   1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
   2
   3 #include <sched.h>
   4 #include <sys/mount.h>
   5 #include <linux/fs.h>
   6
   7 #include "alloc-util.h"
   8 #include "fd-util.h"
   9 #include "format-util.h"
  10 #include "home-util.h"
  11 #include "homework-mount.h"
  12 #include "homework.h"
  13 #include "missing_mount.h"
  14 #include "missing_syscall.h"
  15 #include "mkdir.h"
  16 #include "mount-util.h"
  17 #include "namespace-util.h"
  18 #include "path-util.h"
  19 #include "string-util.h"
  20 #include "user-util.h"
  21
  22 static const char *mount_options_for_fstype(const char *fstype) {
  23         if (streq(fstype, "ext4"))
  24                 return "noquota,user_xattr";
  25         if (streq(fstype, "xfs"))
  26                 return "noquota";
  27         if (streq(fstype, "btrfs"))
  28                 return "noacl";
  29         return NULL;
  30 }
  31
  32 int home_mount_node(const char *node, const char *fstype, bool discard, unsigned long flags) {
  33         _cleanup_free_ char *joined = NULL;
  34         const char *options, *discard_option;
  35         int r;
  36
  37         assert(node);
  38         assert(fstype);
  39
  40         options = mount_options_for_fstype(fstype);
  41
  42         discard_option = discard ? "discard" : "nodiscard";
  43
  44         if (options) {
  45                 joined = strjoin(options, ",", discard_option);
  46                 if (!joined)
  47                         return log_oom();
  48
  49                 options = joined;
  50         } else
  51                 options = discard_option;
  52
  53         r = mount_nofollow_verbose(LOG_ERR, node, HOME_RUNTIME_WORK_DIR, fstype, flags|MS_RELATIME, strempty(options));
  54         if (r < 0)
  55                 return r;
  56
  57         log_info("Mounting file system completed.");
  58         return 0;
  59 }
  60
  61 int home_unshare_and_mkdir(void) {
  62         int r;
  63
  64         if (unshare(CLONE_NEWNS) < 0)
  65                 return log_error_errno(errno, "Couldn't unshare file system namespace: %m");
  66
  67         assert(path_startswith(HOME_RUNTIME_WORK_DIR, "/run"));
  68
  69         r = mount_nofollow_verbose(LOG_ERR, "/run", "/run", NULL, MS_SLAVE|MS_REC, NULL); /* Mark /run as MS_SLAVE in our new namespace */
  70         if (r < 0)
  71                 return r;
  72
  73         (void) mkdir_p(HOME_RUNTIME_WORK_DIR, 0700);
  74         return 0;
  75 }
  76
  77 int home_unshare_and_mount(const char *node, const char *fstype, bool discard, unsigned long flags) {
  78         int r;
  79
  80         assert(node);
  81         assert(fstype);
  82
  83         r = home_unshare_and_mkdir();
  84         if (r < 0)
  85                 return r;
  86
  87         return home_mount_node(node, fstype, discard, flags);
  88 }
  89
  90 int home_move_mount(const char *mount_suffix, const char *target) {
  91         _cleanup_free_ char *subdir = NULL;
  92         const char *d;
  93         int r;
  94
  95         assert(target);
  96
  97         /* If 'mount_suffix' is set, then we'll mount a subdir of the source mount into the host. If it's
  98          * NULL we'll move the mount itself */
  99         if (mount_suffix) {
 100                 subdir = path_join(HOME_RUNTIME_WORK_DIR, mount_suffix);
 101                 if (!subdir)
 102                         return log_oom();
 103
 104                 d = subdir;
 105         } else
 106                 d = HOME_RUNTIME_WORK_DIR;
 107
 108         (void) mkdir_p(target, 0700);
 109
 110         r = mount_nofollow_verbose(LOG_ERR, d, target, NULL, MS_BIND, NULL);
 111         if (r < 0)
 112                 return r;
 113
 114         r = umount_verbose(LOG_ERR, HOME_RUNTIME_WORK_DIR, UMOUNT_NOFOLLOW);
 115         if (r < 0)
 116                 return r;
 117
 118         log_info("Moving to final mount point %s completed.", target);
 119         return 0;
 120 }
 121
 122 static int append_identity_range(char **text, uid_t start, uid_t next_start, uid_t exclude) {
 123         /* Creates an identity range ranging from 'start' to 'next_start-1'. Excludes the UID specified by 'exclude' if
 124          * it is in that range. */
 125
 126         assert(text);
 127
 128         if (next_start <= start) /* Empty range? */
 129                 return 0;
 130
 131         if (exclude < start || exclude >= next_start) /* UID to exclude it outside of the range? */
 132                 return strextendf(text, UID_FMT " " UID_FMT " " UID_FMT "\n", start, start, next_start - start);
 133
 134         if (start == exclude && next_start == exclude + 1) /* The only UID in the range is the one to exclude? */
 135                 return 0;
 136
 137         if (exclude == start) /* UID to exclude at beginning of range? */
 138                 return strextendf(text, UID_FMT " " UID_FMT " " UID_FMT "\n", start+1, start+1, next_start - start - 1);
 139
 140         if (exclude == next_start - 1) /* UID to exclude at end of range? */
 141                 return strextendf(text, UID_FMT " " UID_FMT " " UID_FMT "\n", start, start, next_start - start - 1);
 142
 143         return strextendf(text,
 144                           UID_FMT " " UID_FMT " " UID_FMT "\n"
 145                           UID_FMT " " UID_FMT " " UID_FMT "\n",
 146                           start, start, exclude - start,
 147                           exclude + 1, exclude + 1, next_start - exclude - 1);
 148 }
 149
 150 static int make_userns(uid_t stored_uid, uid_t exposed_uid) {
 151         _cleanup_free_ char *text = NULL;
 152         _cleanup_close_ int userns_fd = -1;
 153         int r;
 154
 155         assert(uid_is_valid(stored_uid));
 156         assert(uid_is_valid(exposed_uid));
 157
 158         assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
 159         assert_cc(HOME_UID_MAX < UID_NOBODY);
 160
 161         /* Map everything below the homed UID range to itself (except for the UID we actually care about if
 162          * it is inside this range) */
 163         r = append_identity_range(&text, 0, HOME_UID_MIN, stored_uid);
 164         if (r < 0)
 165                 return log_oom();
 166
 167         /* Now map the UID we are doing this for to the target UID. */
 168         r = strextendf(&text, UID_FMT " " UID_FMT " " UID_FMT "\n", stored_uid, exposed_uid, 1);
 169         if (r < 0)
 170                 return log_oom();
 171
 172         /* Map everything above the homed UID range to itself (again, excluding the UID we actually care
 173          * about if it is in that range). Also we leave "nobody" itself excluded) */
 174         r = append_identity_range(&text, HOME_UID_MAX, UID_NOBODY, stored_uid);
 175         if (r < 0)
 176                 return log_oom();
 177
 178         /* Leave everything else unmapped, starting from UID_NOBODY itself. Specifically, this means the
 179          * whole space outside of 16bit remains unmapped */
 180
 181         log_debug("Creating userns with mapping:\n%s", text);
 182
 183         userns_fd = userns_acquire(text, text); /* same uid + gid mapping */
 184         if (userns_fd < 0)
 185                 return log_error_errno(userns_fd, "Failed to allocate user namespace: %m");
 186
 187         return TAKE_FD(userns_fd);
 188 }
 189
 190 int home_shift_uid(int dir_fd, const char *target, uid_t stored_uid, uid_t exposed_uid, int *ret_mount_fd) {
 191         _cleanup_close_ int mount_fd = -1, userns_fd = -1;
 192         int r;
 193
 194         assert(dir_fd >= 0);
 195         assert(uid_is_valid(stored_uid));
 196         assert(uid_is_valid(exposed_uid));
 197
 198         /* Let's try to set up a UID mapping for this directory. This is called when first creating a home
 199          * directory or when activating it again. We do this as optimization only, to avoid having to
 200          * recursively chown() things on each activation. If the kernel or file system doesn't support this
 201          * scheme we'll handle this gracefully, and not do anything, so that the later recursive chown()ing
 202          * then fixes up things for us. Note that the chown()ing is smart enough to skip things if they look
 203          * alright already.
 204          *
 205          * Note that this always creates a new mount (i.e. we use OPEN_TREE_CLONE), since applying idmaps is
 206          * not allowed once the mount is put in place. */
 207
 208         mount_fd = open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC);
 209         if (mount_fd < 0) {
 210                 if (ERRNO_IS_NOT_SUPPORTED(errno)) {
 211                         log_debug_errno(errno, "The open_tree() syscall is not supported, not setting up UID shift mount: %m");
 212
 213                         if (ret_mount_fd)
 214                                 *ret_mount_fd = -1;
 215
 216                         return 0;
 217                 }
 218
 219                 return log_error_errno(errno, "Failed to open tree of home directory: %m");
 220         }
 221
 222         userns_fd = make_userns(stored_uid, exposed_uid);
 223         if (userns_fd < 0)
 224                 return userns_fd;
 225
 226         /* Set the user namespace mapping attribute on the cloned mount point */
 227         if (mount_setattr(mount_fd, "", AT_EMPTY_PATH,
 228                           &(struct mount_attr) {
 229                                   .attr_set = MOUNT_ATTR_IDMAP,
 230                                   .userns_fd = userns_fd,
 231                           }, MOUNT_ATTR_SIZE_VER0) < 0) {
 232
 233                 if (ERRNO_IS_NOT_SUPPORTED(errno) || errno == EINVAL) { /* EINVAL is documented in mount_attr() as fs doesn't support idmapping */
 234                         log_debug_errno(errno, "UID/GID mapping for shifted mount not available, not setting it up: %m");
 235
 236                         if (ret_mount_fd)
 237                                 *ret_mount_fd = -1;
 238
 239                         return 0;
 240                 }
 241
 242                 return log_error_errno(errno, "Failed to apply UID/GID mapping: %m");
 243         }
 244
 245         if (target)
 246                 r = move_mount(mount_fd, "", AT_FDCWD, target, MOVE_MOUNT_F_EMPTY_PATH);
 247         else
 248                 r = move_mount(mount_fd, "", dir_fd, "", MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_EMPTY_PATH);
 249         if (r < 0)
 250                 return log_error_errno(errno, "Failed to apply UID/GID map: %m");
 251
 252         if (ret_mount_fd)
 253                 *ret_mount_fd = TAKE_FD(mount_fd);
 254
 255         return 1;
 256 }