mount-util: split remount_idmap() in two

This will make things a bit longer for now, but more powerful as we can
reuse the userns fd between calls to remount_idmap() if we need to
adjust multiple mounts.

No change in behaviour, just some minor refactoring.

diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c
index edf01fe0921ccf459f703104d1fc815d4d37350d..f30b5f1a7fcc174b65cc2f0b6cc2f599faf5adbc 100644 (file)
--- a/src/shared/mount-util.c
+++ b/src/shared/mount-util.c
@@ -1080,13 +1080,16 @@ int make_mount_point(const char *path) {
         return 1;
 }
 
-static int make_userns(uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping) {
+int make_userns(uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping) {
         _cleanup_close_ int userns_fd = -EBADF;
         _cleanup_free_ char *line = NULL;
 
         /* Allocates a userns file descriptor with the mapping we need. For this we'll fork off a child
          * process whose only purpose is to give us a new user namespace. It's killed when we got it. */
 
+        if (!userns_shift_range_valid(uid_shift, uid_range))
+                return -EINVAL;
+
         if (IN_SET(idmapping, REMOUNT_IDMAPPING_NONE, REMOUNT_IDMAPPING_HOST_ROOT)) {
                 if (asprintf(&line, UID_FMT " " UID_FMT " " UID_FMT "\n", 0u, uid_shift, uid_range) < 0)
                         return log_oom_debug();
@@ -1125,31 +1128,21 @@ static int make_userns(uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdm
         return TAKE_FD(userns_fd);
 }
 
-int remount_idmap(
+int remount_idmap_fd(
                 const char *p,
-                uid_t uid_shift,
-                uid_t uid_range,
-                uid_t owner,
-                RemountIdmapping idmapping) {
+                int userns_fd) {
 
-        _cleanup_close_ int mount_fd = -EBADF, userns_fd = -EBADF;
+        _cleanup_close_ int mount_fd = -EBADF;
         int r;
 
         assert(p);
-
-        if (!userns_shift_range_valid(uid_shift, uid_range))
-                return -EINVAL;
+        assert(userns_fd >= 0);
 
         /* Clone the mount point */
         mount_fd = open_tree(-1, p, OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC);
         if (mount_fd < 0)
                 return log_debug_errno(errno, "Failed to open tree of mounted filesystem '%s': %m", p);
 
-        /* Create a user namespace mapping */
-        userns_fd = make_userns(uid_shift, uid_range, owner, idmapping);
-        if (userns_fd < 0)
-                return userns_fd;
-
         /* Set the user namespace mapping attribute on the cloned mount point */
         if (mount_setattr(mount_fd, "", AT_EMPTY_PATH | AT_RECURSIVE,
                           &(struct mount_attr) {
@@ -1170,6 +1163,16 @@ int remount_idmap(
         return 0;
 }
 
+int remount_idmap(const char *p, uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping) {
+        _cleanup_close_ int userns_fd = -EBADF;
+
+        userns_fd = make_userns(uid_shift, uid_range, owner, idmapping);
+        if (userns_fd < 0)
+                return userns_fd;
+
+        return remount_idmap_fd(p, userns_fd);
+}
+
 typedef struct SubMount {
         char *path;
         int mount_fd;

diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h
index f52687828a6c7b9d6ad7ce33f05089eed1bb8c3e..d1defcd8be482fb20d335e9951305f1dfcb4250d 100644 (file)
--- a/src/shared/mount-util.h
+++ b/src/shared/mount-util.h
@@ -103,6 +103,8 @@ typedef enum RemountIdmapping {
         _REMOUNT_IDMAPPING_INVALID = -EINVAL,
 } RemountIdmapping;
 
+int make_userns(uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping);
+int remount_idmap_fd(const char *p, int userns_fd);
 int remount_idmap(const char *p, uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping);
 
 int remount_and_move_sub_mounts(