#include <pakfire/util.h>
static const struct pakfire_mountpoint {
+ pakfire_mntns_t ns;
const char* source;
const char* target;
const char* fstype;
const char* options;
} mountpoints[] = {
// Mount a new instance of /proc
- { "pakfire_proc", "proc", "proc",
- MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, },
+ {
+ PAKFIRE_MNTNS_INNER|PAKFIRE_MNTNS_OUTER,
+ "pakfire_proc",
+ "proc",
+ "proc",
+ MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ NULL,
+ },
// Make /proc/sys read-only (except /proc/sys/net)
- { "/proc/sys", "proc/sys", "bind", MS_BIND|MS_REC, NULL, },
- { "/proc/sys/net", "proc/sys/net", "bind", MS_BIND|MS_REC, NULL, },
- { "/proc/sys", "proc/sys", "bind",
- MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "/proc/sys",
+ "proc/sys",
+ "bind",
+ MS_BIND|MS_REC,
+ NULL,
+ },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "/proc/sys/net",
+ "proc/sys/net",
+ "bind",
+ MS_BIND|MS_REC,
+ NULL,
+ },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "/proc/sys",
+ "proc/sys",
+ "bind",
+ MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
+ NULL,
+ },
// Deny write access to /proc/sysrq-trigger (can be used to restart the host)
- { "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind", MS_BIND|MS_REC, NULL, },
- { "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",
- MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "/proc/sysrq-trigger",
+ "proc/sysrq-trigger",
+ "bind",
+ MS_BIND|MS_REC,
+ NULL,
+ },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "/proc/sysrq-trigger",
+ "proc/sysrq-trigger",
+ "bind",
+ MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
+ NULL,
+ },
// Make /proc/irq read-only
- { "/proc/irq", "proc/irq", "bind", MS_BIND|MS_REC, NULL, },
- { "/proc/irq", "proc/irq", "bind",
- MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "/proc/irq",
+ "proc/irq",
+ "bind",
+ MS_BIND|MS_REC,
+ NULL,
+ },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "/proc/irq",
+ "proc/irq",
+ "bind",
+ MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
+ NULL,
+ },
// Make /proc/bus read-only
- { "/proc/bus", "proc/bus", "bind", MS_BIND|MS_REC, NULL, },
- { "/proc/bus", "proc/bus", "bind",
- MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "/proc/bus",
+ "proc/bus",
+ "bind",
+ MS_BIND|MS_REC,
+ NULL,
+ },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "/proc/bus",
+ "proc/bus",
+ "bind",
+ MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
+ NULL,
+ },
// Bind-Mount /sys ready-only
- { "/sys", "sys", "bind", MS_BIND|MS_REC, NULL, },
- { "/sys", "sys", "bind",
- MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
+ {
+ PAKFIRE_MNTNS_OUTER,
+ "/sys",
+ "sys",
+ "bind",
+ MS_BIND|MS_REC,
+ NULL,
+ },
+ {
+ PAKFIRE_MNTNS_OUTER,
+ "/sys",
+ "sys",
+ "bind",
+ MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
+ NULL,
+ },
// Create a new /dev
- { "pakfire_dev", "dev", "tmpfs", MS_NOSUID|MS_NOEXEC,
- "mode=0755,size=4m,nr_inodes=64k", },
- { "pakfire_dev_pts", "dev/pts", "devpts", MS_NOSUID|MS_NOEXEC,
- "newinstance,ptmxmode=0666,mode=620", },
+ {
+ PAKFIRE_MNTNS_OUTER,
+ "pakfire_dev",
+ "dev",
+ "tmpfs",
+ MS_NOSUID|MS_NOEXEC,
+ "mode=0755,size=4m,nr_inodes=64k",
+ },
+ {
+ PAKFIRE_MNTNS_OUTER,
+ "pakfire_dev_pts",
+ "dev/pts",
+ "devpts",
+ MS_NOSUID|MS_NOEXEC,
+ "newinstance,ptmxmode=0666,mode=620",
+ },
// Create a new /dev/shm
- { "pakfire_dev_shm", "dev/shm", "tmpfs",
- MS_NOSUID|MS_NODEV|MS_STRICTATIME, "mode=1777,size=1024m", },
+ {
+ PAKFIRE_MNTNS_OUTER,
+ "pakfire_dev_shm",
+ "dev/shm",
+ "tmpfs",
+ MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ "mode=1777,size=1024m",
+ },
// Mount /dev/mqueue
- { "mqueue", "dev/mqueue", "mqueue",
- MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL },
+ {
+ PAKFIRE_MNTNS_INNER,
+ "mqueue",
+ "dev/mqueue",
+ "mqueue",
+ MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ NULL,
+ },
// Create a new /run
- { "pakfire_run", "run", "tmpfs", MS_NOSUID|MS_NOEXEC|MS_NODEV,
- "mode=755,size=256m,nr_inodes=1k", },
+ {
+ PAKFIRE_MNTNS_OUTER,
+ "pakfire_run",
+ "run",
+ "tmpfs",
+ MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ "mode=755,size=256m,nr_inodes=1k",
+ },
// Create a new /tmp
- { "pakfire_tmp", "tmp", "tmpfs",
- MS_NOSUID|MS_NODEV|MS_STRICTATIME, "mode=1777,size=4096m", },
+ {
+ PAKFIRE_MNTNS_OUTER,
+ "pakfire_tmp",
+ "tmp",
+ "tmpfs",
+ MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ "mode=1777,size=4096m",
+ },
// The end
- { NULL },
+ {},
};
static const struct pakfire_devnode {
return pakfire_parse_file("/proc/self/mounts", __pakfire_mount_list, ctx);
}
-static int pakfire_populate_dev(struct pakfire* pakfire, int flags) {
+int pakfire_populate_dev(struct pakfire* pakfire, int flags) {
char path[PATH_MAX];
// Create device nodes
return 0;
}
-static int pakfire_mount_interpreter(struct pakfire* pakfire) {
+int pakfire_mount_interpreter(struct pakfire* pakfire) {
char target[PATH_MAX];
// Fetch the target architecture
return r;
}
-int pakfire_mount_all(struct pakfire* pakfire, int flags) {
+int pakfire_mount_all(struct pakfire* pakfire, pakfire_mntns_t ns, int flags) {
char target[PATH_MAX];
int r;
+ const char* root = "/";
+
// Fetch Pakfire's root directory
- const char* root = pakfire_get_path(pakfire);
+ if (ns == PAKFIRE_MNTNS_OUTER)
+ root = pakfire_get_path(pakfire);
for (const struct pakfire_mountpoint* mp = mountpoints; mp->source; mp++) {
+ if (!(mp->ns & ns))
+ continue;
+
// Figure out where to mount
r = pakfire_path_append(target, root, mp->target);
if (r)
return r;
}
- // Populate /dev
- r = pakfire_populate_dev(pakfire, flags);
- if (r)
- return r;
-
- // Mount the interpreter (if needed)
- r = pakfire_mount_interpreter(pakfire);
- if (r)
- return r;
-
return 0;
}
projects / people / ms / pakfire.git / blobdiff