[people/ms/pakfire.git] / src / libpakfire / mount.c

/*#############################################################################
#                                                                             #
# Pakfire - The IPFire package management system                              #
# Copyright (C) 2022 Pakfire development team                                 #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
#############################################################################*/

#include <errno.h>
#include <linux/limits.h>
#include <stddef.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/sysmacros.h>
#include <sys/types.h>

#include <pakfire/arch.h>
#include <pakfire/logging.h>
#include <pakfire/pakfire.h>
#include <pakfire/parse.h>
#include <pakfire/path.h>
#include <pakfire/mount.h>
#include <pakfire/string.h>
#include <pakfire/util.h>

static const struct pakfire_mountpoint {
	pakfire_mntns_t ns;
	const char* source;
	const char* target;
	const char* fstype;
	int flags;
	const char* options;
} mountpoints[] = {
	// Mount a new instance of /proc
	{
		PAKFIRE_MNTNS_INNER|PAKFIRE_MNTNS_OUTER,
		"pakfire_proc",
		"proc",
		"proc",
		MS_NOSUID|MS_NOEXEC|MS_NODEV,
		NULL,
	},

	/*
		XXX it is kind of problematic to mount /proc twice as a process inside the
		jail can umount /proc and will then see the host's /proc.
	*/

	// Make /proc/sys read-only (except /proc/sys/net)
	{
		PAKFIRE_MNTNS_INNER,
		"/proc/sys",
		"proc/sys",
		"bind",
		MS_BIND|MS_REC,
		NULL,
	},
	{
		PAKFIRE_MNTNS_INNER,
		"/proc/sys/net",
		"proc/sys/net",
		"bind",
		MS_BIND|MS_REC,
		NULL,
	},
	{
		PAKFIRE_MNTNS_INNER,
		"/proc/sys",
		"proc/sys",
		"bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
		NULL,
	},

	// Deny write access to /proc/sysrq-trigger (can be used to restart the host)
	{
		PAKFIRE_MNTNS_INNER,
		"/proc/sysrq-trigger",
		"proc/sysrq-trigger",
		"bind",
		MS_BIND|MS_REC,
		NULL,
	},
	{
		PAKFIRE_MNTNS_INNER,
		"/proc/sysrq-trigger",
		"proc/sysrq-trigger",
		"bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
		NULL,
	},

	// Make /proc/irq read-only
	{
		PAKFIRE_MNTNS_INNER,
		"/proc/irq",
		"proc/irq",
		"bind",
		MS_BIND|MS_REC,
		NULL,
	},
	{
		PAKFIRE_MNTNS_INNER,
		"/proc/irq",
		"proc/irq",
		"bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
		NULL,
	},

	// Make /proc/bus read-only
	{
		PAKFIRE_MNTNS_INNER,
		"/proc/bus",
		"proc/bus",
		"bind",
		MS_BIND|MS_REC,
		NULL,
	},
	{
		PAKFIRE_MNTNS_INNER,
		"/proc/bus",
		"proc/bus",
		"bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
		NULL,
	},

	// Bind-Mount /sys ready-only
	{
		PAKFIRE_MNTNS_OUTER,
		"/sys",
		"sys",
		"bind",
		MS_BIND|MS_REC,
		NULL,
	},
	{
		PAKFIRE_MNTNS_OUTER,
		"/sys",
		"sys",
		"bind",
		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
		NULL,
	},

	// Create a new /dev
	{
		PAKFIRE_MNTNS_OUTER,
		"pakfire_dev",
		"dev",
		"tmpfs",
		MS_NOSUID|MS_NOEXEC,
		"mode=0755,size=4m,nr_inodes=64k",
	},
	{
		PAKFIRE_MNTNS_OUTER,
		"pakfire_dev_pts",
		"dev/pts",
		"devpts",
		MS_NOSUID|MS_NOEXEC,
		"newinstance,ptmxmode=0666,mode=620",
	},

	// Create a new /dev/shm
	{
		PAKFIRE_MNTNS_OUTER,
		"pakfire_dev_shm",
		"dev/shm",
		"tmpfs",
		MS_NOSUID|MS_NODEV|MS_STRICTATIME,
		"mode=1777,size=1024m",
	},

	// Mount /dev/mqueue
	{
		PAKFIRE_MNTNS_INNER,
		"mqueue",
		"dev/mqueue",
		"mqueue",
		MS_NOSUID|MS_NOEXEC|MS_NODEV,
		NULL,
	},

	// Create a new /run
	{
		PAKFIRE_MNTNS_OUTER,
		"pakfire_run",
		"run",
		"tmpfs",
		MS_NOSUID|MS_NOEXEC|MS_NODEV,
		"mode=755,size=256m,nr_inodes=1k",
	},

	// Create a new /tmp
	{
		PAKFIRE_MNTNS_OUTER,
		"pakfire_tmp",
		"tmp",
		"tmpfs",
		MS_NOSUID|MS_NODEV|MS_STRICTATIME,
		"mode=1777,size=4096m",
	},

	// The end
	{},
};

static const struct pakfire_devnode {
	const char* path;
	int major;
	int minor;
	mode_t mode;
	int flags;
} devnodes[] = {
	{ "/dev/null",      1,  3, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
	{ "/dev/zero",      1,  5, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
	{ "/dev/full",      1,  7, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
	{ "/dev/random",    1,  8, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, 0 },
	{ "/dev/urandom",   1,  9, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, 0 },
	{ "/dev/kmsg",      1, 11, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, 0 },
	{ "/dev/tty",       5,  0, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
	{ "/dev/console",   5,  1, S_IFCHR|S_IRUSR|S_IWUSR, 0 },
	{ "/dev/rtc0",    252,  0, S_IFCHR|S_IRUSR|S_IWUSR, 0 },

	// Loop Devices
	{ "/dev/loop-control", 10, 237, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop0",         7,   0, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop1",         7,   1, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop2",         7,   2, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop3",         7,   3, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop4",         7,   4, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop5",         7,   5, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop6",         7,   6, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	{ "/dev/loop7",         7,   7, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },

	{ NULL },
};

static const struct pakfire_symlink {
	const char* target;
	const char* path;
} symlinks[] = {
	{ "/dev/pts/ptmx",   "/dev/ptmx", },
	{ "/proc/self/fd",   "/dev/fd", },
	{ "/proc/self/fd/0", "/dev/stdin" },
	{ "/proc/self/fd/1", "/dev/stdout" },
	{ "/proc/self/fd/2", "/dev/stderr" },
	{ "/proc/kcore",     "/dev/core" },
	{ NULL },
};

int pakfire_mount_change_propagation(struct pakfire_ctx* ctx, const char* path, int propagation) {
	CTX_DEBUG(ctx, "Changing mount propagation on %s\n", path);

	int r = mount(NULL, path, NULL, propagation|MS_REC, NULL);
	if (r)
		CTX_ERROR(ctx, "Failed to change mount propagation on %s: %m\n", path);

	return r;
}

static int pakfire_mount_is_mountpoint(struct pakfire* pakfire, const char* path) {
	// XXX THIS STILL NEEDS TO BE IMPLEMENTED
	return 1;
}

int pakfire_mount_make_mounpoint(struct pakfire* pakfire, const char* path) {
	int r;

	// Check if path already is a mountpoint
	r = pakfire_mount_is_mountpoint(pakfire, path);
	switch (r) {
		// Already is a mountpoint
		case 0:
			return 0;

		// Is not a mountpoint
		case 1:
			break;

		default:
			ERROR(pakfire, "Could not determine whether %s is a mountpoint: %m\n", path);
			return r;
	}

	// Bind-mount to self
	r = mount(path, path, NULL, MS_BIND|MS_REC, NULL);
	if (r) {
		ERROR(pakfire, "Could not make %s a mountpoint: %m\n", path);
		return r;
	}

	return 0;
}

static int pakfire_mount(struct pakfire* pakfire, const char* source, const char* target,
		const char* fstype, unsigned long mflags, const void* data) {
	const char* options = (const char*)data;

	// Check for some basic inputs
	if (!source || !target) {
		errno = EINVAL;
		return 1;
	}

	DEBUG(pakfire, "Mounting %s from %s (%s - %s)\n", target, source, fstype, options);

	// Perform mount()
	int r = mount(source, target, fstype, mflags, data);
	if (r) {
		ERROR(pakfire, "Could not mount %s: %m\n", target);
	}

	return r;
}

static int __pakfire_mount_list(char* line, size_t length, void* data) {
	struct pakfire_ctx* ctx = data;

	// Send the line to the logger
	CTX_DEBUG(ctx, "  %.*s", (int)length, line);

	return 0;
}

int pakfire_mount_list(struct pakfire_ctx* ctx) {
	CTX_DEBUG(ctx, "Mountpoints:\n");

	return pakfire_parse_file("/proc/self/mounts", __pakfire_mount_list, ctx);
}

int pakfire_populate_dev(struct pakfire* pakfire, int flags) {
	char path[PATH_MAX];

	// Create device nodes
	for (const struct pakfire_devnode* devnode = devnodes; devnode->path; devnode++) {
		DEBUG(pakfire, "Creating device node %s\n", devnode->path);

		// Check if flags match
		if (devnode->flags && !(flags & devnode->flags))
			continue;

		int r = pakfire_path(pakfire, path, "%s", devnode->path);
		if (r)
			return r;

		dev_t dev = makedev(devnode->major, devnode->minor);

		r = mknod(path, devnode->mode, dev);

		// Continue if mknod was successful
		if (r == 0)
			continue;

		// If we could not create the device node because of permission issues,
		// it might be likely that we are running in a user namespace where creating
		// device nodes is not permitted. Try bind-mounting them.
		if (errno == EPERM)
			goto MOUNT;

		// Otherwise log an error and end
		ERROR(pakfire, "Could not create %s: %m\n", devnode->path);
		return r;

MOUNT:
		// Create an empty file
		r = pakfire_touch(path, 0444);
		if (r) {
			ERROR(pakfire, "Could not create %s: %m\n", path);
			return r;
		}

		// Create a bind-mount over the file
		r = pakfire_mount(pakfire, devnode->path, path, "bind", MS_BIND, NULL);
		if (r)
			return r;
	}

	// Create symlinks
	for (const struct pakfire_symlink* s = symlinks; s->target; s++) {
		DEBUG(pakfire, "Creating symlink %s -> %s\n", s->path, s->target);

		int r = pakfire_path(pakfire, path, "%s", s->path);
		if (r)
			return r;

		r = symlink(s->target, path);
		if (r) {
			ERROR(pakfire, "Could not create symlink %s: %m\n", s->path);
			return r;
		}
	}

	return 0;
}

int pakfire_mount_interpreter(struct pakfire* pakfire) {
	char target[PATH_MAX];

	// Fetch the target architecture
	const char* arch = pakfire_get_effective_arch(pakfire);

	// Can we emulate this architecture?
	char* interpreter = pakfire_arch_find_interpreter(arch);

	// No interpreter required
	if (!interpreter)
		return 0;

	DEBUG(pakfire, "Mounting interpreter %s for %s\n", interpreter, arch);

	// Where to mount this?
	int r = pakfire_path(pakfire, target, "%s", interpreter);
	if (r)
		return r;

	// Create directory
	r = pakfire_mkparentdir(target, 0755);
	if (r)
		return r;

	// Create an empty file
	FILE* f = fopen(target, "w");
	if (!f)
		return 1;
	fclose(f);

	r = pakfire_mount(pakfire, interpreter, target, NULL, MS_BIND|MS_RDONLY, NULL);
	if (r)
		ERROR(pakfire, "Could not mount interpreter %s to %s: %m\n", interpreter, target);

	return r;
}

int pakfire_mount_all(struct pakfire* pakfire, pakfire_mntns_t ns, int flags) {
	char target[PATH_MAX];
	int r;

	const char* root = "/";

	// Fetch Pakfire's root directory
	if (ns == PAKFIRE_MNTNS_OUTER)
		root = pakfire_get_path(pakfire);

	for (const struct pakfire_mountpoint* mp = mountpoints; mp->source; mp++) {
		if (!(mp->ns & ns))
			continue;

		// Figure out where to mount
		r = pakfire_path_append(target, root, mp->target);
		if (r)
			return r;

		// Create target if it doesn't exist
		if (!pakfire_path_exists(target)) {
			r = pakfire_mkdir(target, 0755);
			if (r) {
				ERROR(pakfire, "Could not create %s: %m\n", target);
				return r;
			}
		}

		// Perform mount()
		r = pakfire_mount(pakfire, mp->source, target, mp->fstype, mp->flags, mp->options);
		if (r)
			return r;
	}

	return 0;
}

int pakfire_make_ramdisk(struct pakfire* pakfire, char* path, const char* args) {
	int r;

	// Create a new temporary directory
	char* p = pakfire_mkdtemp(path);
	if (!p)
		return -errno;

	// Mount the ramdisk
	r = pakfire_mount(pakfire, "pakfire_ramdisk", p, "tmpfs", 0, args);
	if (r) {
		ERROR_ERRNO(pakfire, r, "Could not mount ramdisk at %s (%s): %m\n", p, args);
		return r;
	}

	DEBUG(pakfire, "Ramdisk mounted at %s (%s)\n", p, args);

	return 0;
}

int pakfire_bind(struct pakfire* pakfire, const char* src, const char* dst, int flags) {
	struct stat st;
	char mountpoint[PATH_MAX];

	if (!dst)
		dst = src;

	int r = pakfire_path(pakfire, mountpoint, "%s", dst);
	if (r)
		return r;

	DEBUG(pakfire, "Bind-mounting %s to %s\n", src, mountpoint);

	r = stat(src, &st);
	if (r < 0) {
		ERROR(pakfire, "Could not stat %s: %m\n", src);
		return 1;
	}

	// Make sure the mountpoint exists
	switch (st.st_mode & S_IFMT) {
		case S_IFDIR:
			r = pakfire_mkdir(mountpoint, st.st_mode);
			if (r && errno != EEXIST)
				return r;
			break;

		case S_IFREG:
		case S_IFLNK:
			// Make parent directory
			r = pakfire_mkparentdir(mountpoint, 0755);
			if (r)
				return r;

			// Create a file
			FILE* f = fopen(mountpoint, "w");
			if (!f)
				return 1;
			fclose(f);
			break;

		default:
			errno = ENOTSUP;
			return 1;
	}

	// The Linux kernel seems to be quite funny when trying to bind-mount something
	// as read-only and requires us to mount the source first, and then remount it
	// again using MS_RDONLY.
	if (flags & MS_RDONLY) {
		r = pakfire_mount(pakfire, src, mountpoint, "bind", MS_BIND|MS_REC, NULL);
		if (r)
			return r;

		// Add the remount flag
		flags |= MS_REMOUNT;
	}

	// Perform mount
	return pakfire_mount(pakfire, src, mountpoint, "bind", flags|MS_BIND|MS_REC, NULL);
}
Commit	Line	Data
bf5f9c24 MT	1	/*#############################################################################
	2	# #
	3	# Pakfire - The IPFire package management system #
	4	# Copyright (C) 2022 Pakfire development team #
	5	# #
	6	# This program is free software: you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation, either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# This program is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	18	# #
	19	#############################################################################*/
	20
	21	#include <errno.h>
	22	#include <linux/limits.h>
bf5f9c24 MT	23	#include <stddef.h>
	24	#include <sys/mount.h>
	25	#include <sys/stat.h>
f71c82d8	26	#include <sys/sysmacros.h>
bf5f9c24 MT	27	#include <sys/types.h>
bf5f9c24 MT	28
660120b6	29	#include <pakfire/arch.h>
bf5f9c24 MT	30	#include <pakfire/logging.h>
bf5f9c24 MT	31	#include <pakfire/pakfire.h>
bc0b24a7	32	#include <pakfire/parse.h>
729827f7	33	#include <pakfire/path.h>
bf5f9c24	34	#include <pakfire/mount.h>
d973a13d	35	#include <pakfire/string.h>
bf5f9c24 MT	36	#include <pakfire/util.h>
	37
	38	static const struct pakfire_mountpoint {
b2ccb363	39	pakfire_mntns_t ns;
bf5f9c24 MT	40	const char* source;
	41	const char* target;
	42	const char* fstype;
	43	int flags;
	44	const char* options;
bf5f9c24	45	} mountpoints[] = {
9ab7dd21	46	// Mount a new instance of /proc
b2ccb363 MT	47	{
	48	PAKFIRE_MNTNS_INNER\|PAKFIRE_MNTNS_OUTER,
	49	"pakfire_proc",
	50	"proc",
	51	"proc",
	52	MS_NOSUID\|MS_NOEXEC\|MS_NODEV,
	53	NULL,
	54	},
bf5f9c24	55
0d9e0714 MT	56	/*
	57	XXX it is kind of problematic to mount /proc twice as a process inside the
	58	jail can umount /proc and will then see the host's /proc.
	59	*/
	60
9ab7dd21	61	// Make /proc/sys read-only (except /proc/sys/net)
b2ccb363 MT	62	{
	63	PAKFIRE_MNTNS_INNER,
	64	"/proc/sys",
	65	"proc/sys",
	66	"bind",
	67	MS_BIND\|MS_REC,
	68	NULL,
	69	},
	70	{
	71	PAKFIRE_MNTNS_INNER,
	72	"/proc/sys/net",
	73	"proc/sys/net",
	74	"bind",
	75	MS_BIND\|MS_REC,
	76	NULL,
	77	},
	78	{
	79	PAKFIRE_MNTNS_INNER,
	80	"/proc/sys",
	81	"proc/sys",
	82	"bind",
	83	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT,
	84	NULL,
	85	},
bf5f9c24	86
9ab7dd21	87	// Deny write access to /proc/sysrq-trigger (can be used to restart the host)
b2ccb363 MT	88	{
	89	PAKFIRE_MNTNS_INNER,
	90	"/proc/sysrq-trigger",
	91	"proc/sysrq-trigger",
	92	"bind",
	93	MS_BIND\|MS_REC,
	94	NULL,
	95	},
	96	{
	97	PAKFIRE_MNTNS_INNER,
	98	"/proc/sysrq-trigger",
	99	"proc/sysrq-trigger",
	100	"bind",
	101	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT,
	102	NULL,
	103	},
9ab7dd21 MT	104
9ab7dd21 MT	105	// Make /proc/irq read-only
b2ccb363 MT	106	{
	107	PAKFIRE_MNTNS_INNER,
	108	"/proc/irq",
	109	"proc/irq",
	110	"bind",
	111	MS_BIND\|MS_REC,
	112	NULL,
	113	},
	114	{
	115	PAKFIRE_MNTNS_INNER,
	116	"/proc/irq",
	117	"proc/irq",
	118	"bind",
	119	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT,
	120	NULL,
	121	},
9ab7dd21 MT	122
9ab7dd21 MT	123	// Make /proc/bus read-only
b2ccb363 MT	124	{
	125	PAKFIRE_MNTNS_INNER,
	126	"/proc/bus",
	127	"proc/bus",
	128	"bind",
	129	MS_BIND\|MS_REC,
	130	NULL,
	131	},
	132	{
	133	PAKFIRE_MNTNS_INNER,
	134	"/proc/bus",
	135	"proc/bus",
	136	"bind",
	137	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT,
	138	NULL,
	139	},
9ab7dd21 MT	140
9ab7dd21 MT	141	// Bind-Mount /sys ready-only
b2ccb363 MT	142	{
	143	PAKFIRE_MNTNS_OUTER,
	144	"/sys",
	145	"sys",
	146	"bind",
	147	MS_BIND\|MS_REC,
	148	NULL,
	149	},
	150	{
	151	PAKFIRE_MNTNS_OUTER,
	152	"/sys",
	153	"sys",
	154	"bind",
	155	MS_BIND\|MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REMOUNT,
	156	NULL,
	157	},
bf5f9c24 MT	158
bf5f9c24 MT	159	// Create a new /dev
b2ccb363 MT	160	{
	161	PAKFIRE_MNTNS_OUTER,
	162	"pakfire_dev",
	163	"dev",
	164	"tmpfs",
	165	MS_NOSUID\|MS_NOEXEC,
	166	"mode=0755,size=4m,nr_inodes=64k",
	167	},
	168	{
	169	PAKFIRE_MNTNS_OUTER,
	170	"pakfire_dev_pts",
	171	"dev/pts",
	172	"devpts",
	173	MS_NOSUID\|MS_NOEXEC,
	174	"newinstance,ptmxmode=0666,mode=620",
	175	},
cc752ada	176
99affb62	177	// Create a new /dev/shm
b2ccb363 MT	178	{
	179	PAKFIRE_MNTNS_OUTER,
	180	"pakfire_dev_shm",
	181	"dev/shm",
	182	"tmpfs",
	183	MS_NOSUID\|MS_NODEV\|MS_STRICTATIME,
	184	"mode=1777,size=1024m",
	185	},
99affb62	186
cc752ada	187	// Mount /dev/mqueue
b2ccb363 MT	188	{
	189	PAKFIRE_MNTNS_INNER,
	190	"mqueue",
	191	"dev/mqueue",
	192	"mqueue",
	193	MS_NOSUID\|MS_NOEXEC\|MS_NODEV,
	194	NULL,
	195	},
bf5f9c24 MT	196
bf5f9c24 MT	197	// Create a new /run
b2ccb363 MT	198	{
	199	PAKFIRE_MNTNS_OUTER,
	200	"pakfire_run",
	201	"run",
	202	"tmpfs",
	203	MS_NOSUID\|MS_NOEXEC\|MS_NODEV,
	204	"mode=755,size=256m,nr_inodes=1k",
	205	},
b1a6d98c MT	206
b1a6d98c MT	207	// Create a new /tmp
b2ccb363 MT	208	{
	209	PAKFIRE_MNTNS_OUTER,
	210	"pakfire_tmp",
	211	"tmp",
	212	"tmpfs",
	213	MS_NOSUID\|MS_NODEV\|MS_STRICTATIME,
	214	"mode=1777,size=4096m",
	215	},
bf5f9c24	216
bf5f9c24	217	// The end
b2ccb363	218	{},
bf5f9c24 MT	219	};
bf5f9c24 MT	220
f71c82d8 MT	221	static const struct pakfire_devnode {
	222	const char* path;
	223	int major;
	224	int minor;
	225	mode_t mode;
282b732a	226	int flags;
f71c82d8	227	} devnodes[] = {
282b732a MT	228	{ "/dev/null", 1, 3, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP\|S_IROTH\|S_IWOTH, 0 },
	229	{ "/dev/zero", 1, 5, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP\|S_IROTH\|S_IWOTH, 0 },
	230	{ "/dev/full", 1, 7, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP\|S_IROTH\|S_IWOTH, 0 },
	231	{ "/dev/random", 1, 8, S_IFCHR\|S_IRUSR\|S_IRGRP\|S_IROTH, 0 },
	232	{ "/dev/urandom", 1, 9, S_IFCHR\|S_IRUSR\|S_IRGRP\|S_IROTH, 0 },
	233	{ "/dev/kmsg", 1, 11, S_IFCHR\|S_IRUSR\|S_IRGRP\|S_IROTH, 0 },
	234	{ "/dev/tty", 5, 0, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP\|S_IROTH\|S_IWOTH, 0 },
	235	{ "/dev/console", 5, 1, S_IFCHR\|S_IRUSR\|S_IWUSR, 0 },
	236	{ "/dev/rtc0", 252, 0, S_IFCHR\|S_IRUSR\|S_IWUSR, 0 },
	237
	238	// Loop Devices
	239	{ "/dev/loop-control", 10, 237, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	240	{ "/dev/loop0", 7, 0, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	241	{ "/dev/loop1", 7, 1, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	242	{ "/dev/loop2", 7, 2, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	243	{ "/dev/loop3", 7, 3, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	244	{ "/dev/loop4", 7, 4, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	245	{ "/dev/loop5", 7, 5, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	246	{ "/dev/loop6", 7, 6, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	247	{ "/dev/loop7", 7, 7, S_IFCHR\|S_IRUSR\|S_IWUSR\|S_IRGRP\|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
	248
f71c82d8 MT	249	{ NULL },
f71c82d8 MT	250	};
dc01afb6	251
f71c82d8 MT	252	static const struct pakfire_symlink {
	253	const char* target;
	254	const char* path;
	255	} symlinks[] = {
0675c514	256	{ "/dev/pts/ptmx", "/dev/ptmx", },
f71c82d8 MT	257	{ "/proc/self/fd", "/dev/fd", },
	258	{ "/proc/self/fd/0", "/dev/stdin" },
	259	{ "/proc/self/fd/1", "/dev/stdout" },
	260	{ "/proc/self/fd/2", "/dev/stderr" },
	261	{ "/proc/kcore", "/dev/core" },
	262	{ NULL },
	263	};
dc01afb6	264
719e2e3e MT	265	int pakfire_mount_change_propagation(struct pakfire_ctx* ctx, const char* path, int propagation) {
719e2e3e MT	266	CTX_DEBUG(ctx, "Changing mount propagation on %s\n", path);
9f558f7d MT	267
	268	int r = mount(NULL, path, NULL, propagation\|MS_REC, NULL);
	269	if (r)
719e2e3e	270	CTX_ERROR(ctx, "Failed to change mount propagation on %s: %m\n", path);
9f558f7d MT	271
	272	return r;
	273	}
	274
14df7388 MT	275	static int pakfire_mount_is_mountpoint(struct pakfire* pakfire, const char* path) {
	276	// XXX THIS STILL NEEDS TO BE IMPLEMENTED
	277	return 1;
	278	}
	279
	280	int pakfire_mount_make_mounpoint(struct pakfire* pakfire, const char* path) {
	281	int r;
	282
	283	// Check if path already is a mountpoint
	284	r = pakfire_mount_is_mountpoint(pakfire, path);
	285	switch (r) {
	286	// Already is a mountpoint
	287	case 0:
	288	return 0;
	289
	290	// Is not a mountpoint
	291	case 1:
	292	break;
	293
	294	default:
	295	ERROR(pakfire, "Could not determine whether %s is a mountpoint: %m\n", path);
	296	return r;
	297	}
	298
	299	// Bind-mount to self
	300	r = mount(path, path, NULL, MS_BIND\|MS_REC, NULL);
	301	if (r) {
	302	ERROR(pakfire, "Could not make %s a mountpoint: %m\n", path);
	303	return r;
	304	}
	305
	306	return 0;
	307	}
	308
163851bc	309	static int pakfire_mount(struct pakfire* pakfire, const char* source, const char* target,
bf5f9c24 MT	310	const char* fstype, unsigned long mflags, const void* data) {
bf5f9c24 MT	311	const char* options = (const char*)data;
bf5f9c24 MT	312
	313	// Check for some basic inputs
	314	if (!source \|\| !target) {
	315	errno = EINVAL;
	316	return 1;
	317	}
	318
7f970e6e	319	DEBUG(pakfire, "Mounting %s from %s (%s - %s)\n", target, source, fstype, options);
bf5f9c24	320
7f970e6e MT	321	// Perform mount()
7f970e6e MT	322	int r = mount(source, target, fstype, mflags, data);
bf5f9c24	323	if (r) {
7f970e6e	324	ERROR(pakfire, "Could not mount %s: %m\n", target);
bf5f9c24 MT	325	}
bf5f9c24 MT	326
bf5f9c24 MT	327	return r;
	328	}
	329
bc0b24a7 MT	330	static int __pakfire_mount_list(char* line, size_t length, void* data) {
bc0b24a7 MT	331	struct pakfire_ctx* ctx = data;
bf5f9c24	332
bc0b24a7 MT	333	// Send the line to the logger
	334	CTX_DEBUG(ctx, " %.*s", (int)length, line);
	335
	336	return 0;
	337	}
	338
	339	int pakfire_mount_list(struct pakfire_ctx* ctx) {
	340	CTX_DEBUG(ctx, "Mountpoints:\n");
	341
	342	return pakfire_parse_file("/proc/self/mounts", __pakfire_mount_list, ctx);
f71c82d8 MT	343	}
f71c82d8 MT	344
b2ccb363	345	int pakfire_populate_dev(struct pakfire* pakfire, int flags) {
f71c82d8 MT	346	char path[PATH_MAX];
	347
	348	// Create device nodes
	349	for (const struct pakfire_devnode* devnode = devnodes; devnode->path; devnode++) {
	350	DEBUG(pakfire, "Creating device node %s\n", devnode->path);
	351
282b732a MT	352	// Check if flags match
	353	if (devnode->flags && !(flags & devnode->flags))
	354	continue;
	355
77e26129 MT	356	int r = pakfire_path(pakfire, path, "%s", devnode->path);
	357	if (r)
	358	return r;
f71c82d8 MT	359
	360	dev_t dev = makedev(devnode->major, devnode->minor);
	361
	362	r = mknod(path, devnode->mode, dev);
8f1003a3 MT	363
	364	// Continue if mknod was successful
	365	if (r == 0)
	366	continue;
	367
	368	// If we could not create the device node because of permission issues,
	369	// it might be likely that we are running in a user namespace where creating
	370	// device nodes is not permitted. Try bind-mounting them.
	371	if (errno == EPERM)
	372	goto MOUNT;
	373
	374	// Otherwise log an error and end
	375	ERROR(pakfire, "Could not create %s: %m\n", devnode->path);
	376	return r;
	377
	378	MOUNT:
	379	// Create an empty file
	380	r = pakfire_touch(path, 0444);
f71c82d8	381	if (r) {
8f1003a3	382	ERROR(pakfire, "Could not create %s: %m\n", path);
f71c82d8 MT	383	return r;
f71c82d8 MT	384	}
8f1003a3 MT	385
8f1003a3 MT	386	// Create a bind-mount over the file
64e3b4ff	387	r = pakfire_mount(pakfire, devnode->path, path, "bind", MS_BIND, NULL);
8f1003a3 MT	388	if (r)
8f1003a3 MT	389	return r;
f71c82d8 MT	390	}
	391
	392	// Create symlinks
	393	for (const struct pakfire_symlink* s = symlinks; s->target; s++) {
	394	DEBUG(pakfire, "Creating symlink %s -> %s\n", s->path, s->target);
	395
77e26129 MT	396	int r = pakfire_path(pakfire, path, "%s", s->path);
	397	if (r)
	398	return r;
f71c82d8 MT	399
	400	r = symlink(s->target, path);
	401	if (r) {
	402	ERROR(pakfire, "Could not create symlink %s: %m\n", s->path);
	403	return r;
	404	}
	405	}
	406
	407	return 0;
bf5f9c24 MT	408	}
bf5f9c24 MT	409
b2ccb363	410	int pakfire_mount_interpreter(struct pakfire* pakfire) {
660120b6 MT	411	char target[PATH_MAX];
	412
	413	// Fetch the target architecture
652f2a99	414	const char* arch = pakfire_get_effective_arch(pakfire);
660120b6 MT	415
	416	// Can we emulate this architecture?
	417	char* interpreter = pakfire_arch_find_interpreter(arch);
	418
	419	// No interpreter required
	420	if (!interpreter)
	421	return 0;
	422
	423	DEBUG(pakfire, "Mounting interpreter %s for %s\n", interpreter, arch);
	424
	425	// Where to mount this?
77e26129 MT	426	int r = pakfire_path(pakfire, target, "%s", interpreter);
77e26129 MT	427	if (r)
660120b6 MT	428	return r;
	429
	430	// Create directory
520ce66c	431	r = pakfire_mkparentdir(target, 0755);
660120b6 MT	432	if (r)
	433	return r;
	434
	435	// Create an empty file
	436	FILE* f = fopen(target, "w");
	437	if (!f)
	438	return 1;
	439	fclose(f);
	440
	441	r = pakfire_mount(pakfire, interpreter, target, NULL, MS_BIND\|MS_RDONLY, NULL);
	442	if (r)
	443	ERROR(pakfire, "Could not mount interpreter %s to %s: %m\n", interpreter, target);
	444
	445	return r;
	446	}
	447
b2ccb363	448	int pakfire_mount_all(struct pakfire* pakfire, pakfire_mntns_t ns, int flags) {
bf5f9c24	449	char target[PATH_MAX];
bf5f9c24 MT	450	int r;
bf5f9c24 MT	451
b2ccb363 MT	452	const char* root = "/";
b2ccb363 MT	453
bf5f9c24	454	// Fetch Pakfire's root directory
b2ccb363 MT	455	if (ns == PAKFIRE_MNTNS_OUTER)
b2ccb363 MT	456	root = pakfire_get_path(pakfire);
bf5f9c24	457
bf5f9c24	458	for (const struct pakfire_mountpoint* mp = mountpoints; mp->source; mp++) {
b2ccb363 MT	459	if (!(mp->ns & ns))
	460	continue;
	461
bf5f9c24	462	// Figure out where to mount
819232d6	463	r = pakfire_path_append(target, root, mp->target);
56796f84	464	if (r)
bf5f9c24 MT	465	return r;
bf5f9c24 MT	466
a685a503 MT	467	// Create target if it doesn't exist
	468	if (!pakfire_path_exists(target)) {
	469	r = pakfire_mkdir(target, 0755);
	470	if (r) {
	471	ERROR(pakfire, "Could not create %s: %m\n", target);
	472	return r;
	473	}
	474	}
bf5f9c24	475
bf5f9c24	476	// Perform mount()
f71c82d8	477	r = pakfire_mount(pakfire, mp->source, target, mp->fstype, mp->flags, mp->options);
a685a503	478	if (r)
bf5f9c24	479	return r;
bf5f9c24 MT	480	}
bf5f9c24 MT	481
bf5f9c24 MT	482	return 0;
	483	}
	484
06d741c6 MT	485	int pakfire_make_ramdisk(struct pakfire* pakfire, char* path, const char* args) {
	486	int r;
	487
	488	// Create a new temporary directory
	489	char* p = pakfire_mkdtemp(path);
	490	if (!p)
	491	return -errno;
	492
	493	// Mount the ramdisk
	494	r = pakfire_mount(pakfire, "pakfire_ramdisk", p, "tmpfs", 0, args);
	495	if (r) {
	496	ERROR_ERRNO(pakfire, r, "Could not mount ramdisk at %s (%s): %m\n", p, args);
	497	return r;
	498	}
	499
	500	DEBUG(pakfire, "Ramdisk mounted at %s (%s)\n", p, args);
	501
	502	return 0;
	503	}
	504
061223f7	505	int pakfire_bind(struct pakfire* pakfire, const char* src, const char* dst, int flags) {
163851bc MT	506	struct stat st;
	507	char mountpoint[PATH_MAX];
	508
	509	if (!dst)
	510	dst = src;
	511
77e26129 MT	512	int r = pakfire_path(pakfire, mountpoint, "%s", dst);
	513	if (r)
	514	return r;
163851bc MT	515
	516	DEBUG(pakfire, "Bind-mounting %s to %s\n", src, mountpoint);
	517
	518	r = stat(src, &st);
	519	if (r < 0) {
	520	ERROR(pakfire, "Could not stat %s: %m\n", src);
	521	return 1;
	522	}
	523
	524	// Make sure the mountpoint exists
	525	switch (st.st_mode & S_IFMT) {
	526	case S_IFDIR:
520ce66c	527	r = pakfire_mkdir(mountpoint, st.st_mode);
163851bc MT	528	if (r && errno != EEXIST)
	529	return r;
	530	break;
	531
	532	case S_IFREG:
	533	case S_IFLNK:
	534	// Make parent directory
520ce66c	535	r = pakfire_mkparentdir(mountpoint, 0755);
163851bc MT	536	if (r)
	537	return r;
	538
	539	// Create a file
	540	FILE* f = fopen(mountpoint, "w");
	541	if (!f)
	542	return 1;
	543	fclose(f);
	544	break;
	545
	546	default:
	547	errno = ENOTSUP;
	548	return 1;
	549	}
	550
976fbbc8 MT	551	// The Linux kernel seems to be quite funny when trying to bind-mount something
	552	// as read-only and requires us to mount the source first, and then remount it
	553	// again using MS_RDONLY.
	554	if (flags & MS_RDONLY) {
b16b8753	555	r = pakfire_mount(pakfire, src, mountpoint, "bind", MS_BIND\|MS_REC, NULL);
976fbbc8 MT	556	if (r)
	557	return r;
	558
	559	// Add the remount flag
	560	flags \|= MS_REMOUNT;
	561	}
	562
163851bc	563	// Perform mount
b16b8753	564	return pakfire_mount(pakfire, src, mountpoint, "bind", flags\|MS_BIND\|MS_REC, NULL);
163851bc	565	}