[thirdparty/systemd.git] / src / shared / mount-util.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include <mntent.h>
#include <stdio.h>
#include <sys/stat.h>
#include <unistd.h>

#include "alloc-util.h"
#include "dissect-image.h"
#include "errno-util.h"
#include "macro.h"

typedef enum MountAttrPropagationType {
        MOUNT_ATTR_PROPAGATION_INHERIT,   /* no special MS_* propagation flags */
        MOUNT_ATTR_PROPAGATION_PRIVATE,   /* MS_PRIVATE */
        MOUNT_ATTR_PROPAGATION_DEPENDENT, /* MS_SLAVE */
        MOUNT_ATTR_PROPAGATION_SHARED,    /* MS_SHARE */

        _MOUNT_ATTR_PROPAGATION_TYPE_MAX,
        _MOUNT_ATTR_PROPAGATION_TYPE_INVALID = -EINVAL,
} MountAttrPropagationType;

const char* mount_attr_propagation_type_to_string(MountAttrPropagationType t) _const_;
MountAttrPropagationType mount_attr_propagation_type_from_string(const char *s) _pure_;
unsigned int mount_attr_propagation_type_to_flag(MountAttrPropagationType t);

int repeat_unmount(const char *path, int flags);
int umount_recursive(const char *target, int flags);

int bind_remount_recursive_with_mountinfo(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **deny_list, FILE *proc_self_mountinfo);
static inline int bind_remount_recursive(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **deny_list) {
        return bind_remount_recursive_with_mountinfo(prefix, new_flags, flags_mask, deny_list, NULL);
}

int bind_remount_one_with_mountinfo(const char *path, unsigned long new_flags, unsigned long flags_mask, FILE *proc_self_mountinfo);

int mount_switch_root(const char *path, MountAttrPropagationType type);

DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(FILE*, endmntent, NULL);
#define _cleanup_endmntent_ _cleanup_(endmntentp)

int mount_verbose_full(
                int error_log_level,
                const char *what,
                const char *where,
                const char *type,
                unsigned long flags,
                const char *options,
                bool follow_symlink);

static inline int mount_follow_verbose(
                int error_log_level,
                const char *what,
                const char *where,
                const char *type,
                unsigned long flags,
                const char *options) {
        return mount_verbose_full(error_log_level, what, where, type, flags, options, true);
}

static inline int mount_nofollow_verbose(
                int error_log_level,
                const char *what,
                const char *where,
                const char *type,
                unsigned long flags,
                const char *options) {
        return mount_verbose_full(error_log_level, what, where, type, flags, options, false);
}

int umount_verbose(
                int error_log_level,
                const char *where,
                int flags);

int mount_option_mangle(
                const char *options,
                unsigned long mount_flags,
                unsigned long *ret_mount_flags,
                char **ret_remaining_options);

int mode_to_inaccessible_node(const char *runtime_dir, mode_t mode, char **dest);
int mount_flags_to_string(unsigned long flags, char **ret);

/* Useful for usage with _cleanup_(), unmounts, removes a directory and frees the pointer */
static inline char* umount_and_rmdir_and_free(char *p) {
        PROTECT_ERRNO;
        if (p) {
                (void) umount_recursive(p, 0);
                (void) rmdir(p);
        }
        return mfree(p);
}
DEFINE_TRIVIAL_CLEANUP_FUNC(char*, umount_and_rmdir_and_free);

int bind_mount_in_namespace(pid_t target, const char *propagate_path, const char *incoming_path, const char *src, const char *dest, bool read_only, bool make_file_or_directory);
int mount_image_in_namespace(pid_t target, const char *propagate_path, const char *incoming_path, const char *src, const char *dest, bool read_only, bool make_file_or_directory, const MountOptions *options);

int make_mount_point(const char *path);

typedef enum RemountIdmapping {
        REMOUNT_IDMAPPING_NONE,
        /* Include a mapping from UID_MAPPED_ROOT (i.e. UID 2^31-2) on the backing fs to UID 0 on the
         * uidmapped fs. This is useful to ensure that the host root user can safely add inodes to the
         * uidmapped fs (which otherwise wouldn't work as the host root user is not defined on the uidmapped
         * mount and any attempts to create inodes will then be refused with EOVERFLOW). The idea is that
         * these inodes are quickly re-chown()ed to more suitable UIDs/GIDs. Any code that intends to be able
         * to add inodes to file systems mapped this way should set this flag, but given it comes with
         * certain security implications defaults to off, and requires explicit opt-in. */
        REMOUNT_IDMAPPING_HOST_ROOT,
        /* Define a mapping from root user within the container to the owner of the bind mounted directory.
         * This ensure no root-owned files will be written in a bind-mounted directory owned by a different
         * user. No other users are mapped. */
        REMOUNT_IDMAPPING_HOST_OWNER,
        _REMOUNT_IDMAPPING_MAX,
        _REMOUNT_IDMAPPING_INVALID = -EINVAL,
} RemountIdmapping;

int remount_idmap(const char *p, uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping);

/* Creates a mount point (not parents) based on the source path or stat - ie, a file or a directory */
int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mode_t mode);
int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode);
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
4349cd7c LP	2	#pragma once
4349cd7c LP	3
4349cd7c	4	#include <mntent.h>
11c3a366	5	#include <stdio.h>
9c653536	6	#include <sys/stat.h>
e49ee285	7	#include <unistd.h>
4e036b7a	8
75f79cd2	9	#include "alloc-util.h"
70599967	10	#include "dissect-image.h"
e49ee285	11	#include "errno-util.h"
11c3a366	12	#include "macro.h"
4349cd7c	13
57c10a56 CB	14	typedef enum MountAttrPropagationType {
	15	MOUNT_ATTR_PROPAGATION_INHERIT, /* no special MS_* propagation flags */
	16	MOUNT_ATTR_PROPAGATION_PRIVATE, /* MS_PRIVATE */
	17	MOUNT_ATTR_PROPAGATION_DEPENDENT, /* MS_SLAVE */
	18	MOUNT_ATTR_PROPAGATION_SHARED, /* MS_SHARE */
	19
	20	_MOUNT_ATTR_PROPAGATION_TYPE_MAX,
	21	_MOUNT_ATTR_PROPAGATION_TYPE_INVALID = -EINVAL,
	22	} MountAttrPropagationType;
	23
	24	const char* mount_attr_propagation_type_to_string(MountAttrPropagationType t) _const_;
	25	MountAttrPropagationType mount_attr_propagation_type_from_string(const char *s) _pure_;
	26	unsigned int mount_attr_propagation_type_to_flag(MountAttrPropagationType t);
	27
3f2c0bec	28	int repeat_unmount(const char *path, int flags);
4349cd7c	29	int umount_recursive(const char *target, int flags);
0289948e	30
6b000af4	31	int bind_remount_recursive_with_mountinfo(const char prefix, unsigned long new_flags, unsigned long flags_mask, char deny_list, FILE proc_self_mountinfo);
0289948e LP	32	static inline int bind_remount_recursive(const char prefix, unsigned long new_flags, unsigned long flags_mask, char *deny_list) {
	33	return bind_remount_recursive_with_mountinfo(prefix, new_flags, flags_mask, deny_list, NULL);
	34	}
	35
7cce68e1	36	int bind_remount_one_with_mountinfo(const char path, unsigned long new_flags, unsigned long flags_mask, FILE proc_self_mountinfo);
4349cd7c	37
57c10a56	38	int mount_switch_root(const char *path, MountAttrPropagationType type);
4349cd7c	39
fd421c4a	40	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(FILE*, endmntent, NULL);
4349cd7c	41	#define _cleanup_endmntent_ _cleanup_(endmntentp)
4e036b7a	42
511a8cfe	43	int mount_verbose_full(
60e76d48 ZJS	44	int error_log_level,
	45	const char *what,
	46	const char *where,
	47	const char *type,
	48	unsigned long flags,
511a8cfe LP	49	const char *options,
	50	bool follow_symlink);
	51
	52	static inline int mount_follow_verbose(
	53	int error_log_level,
	54	const char *what,
	55	const char *where,
	56	const char *type,
	57	unsigned long flags,
	58	const char *options) {
	59	return mount_verbose_full(error_log_level, what, where, type, flags, options, true);
	60	}
	61
	62	static inline int mount_nofollow_verbose(
	63	int error_log_level,
	64	const char *what,
	65	const char *where,
	66	const char *type,
	67	unsigned long flags,
	68	const char *options) {
	69	return mount_verbose_full(error_log_level, what, where, type, flags, options, false);
	70	}
	71
30f5d104 LP	72	int umount_verbose(
	73	int error_log_level,
	74	const char *where,
	75	int flags);
83555251	76
9e7f941a YW	77	int mount_option_mangle(
	78	const char *options,
	79	unsigned long mount_flags,
	80	unsigned long *ret_mount_flags,
	81	char **ret_remaining_options);
be1791ad	82
e5f10caf	83	int mode_to_inaccessible_node(const char runtime_dir, mode_t mode, char *dest);
da185cd0	84	int mount_flags_to_string(unsigned long flags, char **ret);
e49ee285 LP	85
e49ee285 LP	86	/* Useful for usage with _cleanup_(), unmounts, removes a directory and frees the pointer */
f93ba375	87	static inline char* umount_and_rmdir_and_free(char *p) {
e49ee285	88	PROTECT_ERRNO;
4d686e6b LP	89	if (p) {
	90	(void) umount_recursive(p, 0);
	91	(void) rmdir(p);
	92	}
75f79cd2	93	return mfree(p);
e49ee285 LP	94	}
e49ee285 LP	95	DEFINE_TRIVIAL_CLEANUP_FUNC(char*, umount_and_rmdir_and_free);
6af52c3a LB	96
6af52c3a LB	97	int bind_mount_in_namespace(pid_t target, const char propagate_path, const char incoming_path, const char src, const char dest, bool read_only, bool make_file_or_directory);
70599967	98	int mount_image_in_namespace(pid_t target, const char propagate_path, const char incoming_path, const char src, const char dest, bool read_only, bool make_file_or_directory, const MountOptions *options);
14a25e1f LP	99
14a25e1f LP	100	int make_mount_point(const char *path);
35fd3558	101
1aa18710 QD	102	typedef enum RemountIdmapping {
1aa18710 QD	103	REMOUNT_IDMAPPING_NONE,
50ae2966 LP	104	/* Include a mapping from UID_MAPPED_ROOT (i.e. UID 2^31-2) on the backing fs to UID 0 on the
	105	* uidmapped fs. This is useful to ensure that the host root user can safely add inodes to the
	106	* uidmapped fs (which otherwise wouldn't work as the host root user is not defined on the uidmapped
	107	* mount and any attempts to create inodes will then be refused with EOVERFLOW). The idea is that
	108	* these inodes are quickly re-chown()ed to more suitable UIDs/GIDs. Any code that intends to be able
	109	* to add inodes to file systems mapped this way should set this flag, but given it comes with
	110	* certain security implications defaults to off, and requires explicit opt-in. */
1aa18710	111	REMOUNT_IDMAPPING_HOST_ROOT,
2b2777ed QD	112	/* Define a mapping from root user within the container to the owner of the bind mounted directory.
	113	* This ensure no root-owned files will be written in a bind-mounted directory owned by a different
	114	* user. No other users are mapped. */
	115	REMOUNT_IDMAPPING_HOST_OWNER,
1aa18710 QD	116	_REMOUNT_IDMAPPING_MAX,
	117	_REMOUNT_IDMAPPING_INVALID = -EINVAL,
	118	} RemountIdmapping;
50ae2966	119
2b2777ed	120	int remount_idmap(const char *p, uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping);
9c653536 ZJS	121
	122	/* Creates a mount point (not parents) based on the source path or stat - ie, a file or a directory */
	123	int make_mount_point_inode_from_stat(const struct stat st, const char dest, mode_t mode);
	124	int make_mount_point_inode_from_path(const char source, const char dest, mode_t mode);