]>
Commit | Line | Data |
---|---|---|
d6c9574f | 1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
8e274523 LP |
2 | |
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2010 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU General Public License as published by | |
10 | the Free Software Foundation; either version 2 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
22 | #include <sys/mount.h> | |
23 | #include <errno.h> | |
24 | #include <sys/stat.h> | |
25 | #include <stdlib.h> | |
26 | #include <string.h> | |
27 | #include <libgen.h> | |
28 | #include <assert.h> | |
5c0532d1 | 29 | #include <unistd.h> |
1829dc9d | 30 | #include <ftw.h> |
8e274523 LP |
31 | |
32 | #include "mount-setup.h" | |
33 | #include "log.h" | |
c9af1080 LP |
34 | #include "macro.h" |
35 | #include "util.h" | |
5275d3c1 | 36 | #include "label.h" |
8e274523 | 37 | |
bef2733f LP |
38 | #ifndef TTY_GID |
39 | #define TTY_GID 5 | |
40 | #endif | |
41 | ||
ca714c0e LP |
42 | typedef struct MountPoint { |
43 | const char *what; | |
44 | const char *where; | |
45 | const char *type; | |
46 | const char *options; | |
47 | unsigned long flags; | |
2076ca54 | 48 | bool fatal; |
ca714c0e LP |
49 | } MountPoint; |
50 | ||
51 | static const MountPoint mount_table[] = { | |
77d5f105 LP |
52 | { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, |
53 | { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, | |
54 | { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID, true }, | |
501c875b | 55 | { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV, true }, |
bef2733f | 56 | { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false }, |
2b583ce6 | 57 | { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, |
e5a53dc7 LP |
58 | { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, |
59 | { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, | |
8e274523 LP |
60 | }; |
61 | ||
949c6510 | 62 | /* These are API file systems that might be mounted by other software, |
46ff0ed7 | 63 | * we just list them here so that we know that we should ignore them */ |
949c6510 LP |
64 | |
65 | static const char * const ignore_paths[] = { | |
66 | "/selinux", | |
af49ec2c | 67 | "/proc/bus/usb" |
949c6510 LP |
68 | }; |
69 | ||
dad08730 LP |
70 | bool mount_point_is_api(const char *path) { |
71 | unsigned i; | |
72 | ||
73 | /* Checks if this mount point is considered "API", and hence | |
74 | * should be ignored */ | |
75 | ||
ca714c0e | 76 | for (i = 0; i < ELEMENTSOF(mount_table); i ++) |
449ddb2d | 77 | if (path_equal(path, mount_table[i].where)) |
dad08730 LP |
78 | return true; |
79 | ||
57f2a956 KS |
80 | return path_startswith(path, "/sys/fs/cgroup/"); |
81 | } | |
82 | ||
83 | bool mount_point_ignore(const char *path) { | |
46ff0ed7 | 84 | unsigned i; |
57f2a956 | 85 | |
949c6510 | 86 | for (i = 0; i < ELEMENTSOF(ignore_paths); i++) |
449ddb2d | 87 | if (path_equal(path, ignore_paths[i])) |
949c6510 LP |
88 | return true; |
89 | ||
57f2a956 | 90 | return false; |
dad08730 LP |
91 | } |
92 | ||
ca714c0e | 93 | static int mount_one(const MountPoint *p) { |
8e274523 LP |
94 | int r; |
95 | ||
ca714c0e | 96 | assert(p); |
8e274523 | 97 | |
51b4af2c LP |
98 | /* Relabel first, just in case */ |
99 | label_fix(p->where, true); | |
100 | ||
8d567588 | 101 | if ((r = path_is_mount_point(p->where)) < 0) |
8e274523 LP |
102 | return r; |
103 | ||
104 | if (r > 0) | |
51b4af2c | 105 | return 0; |
8e274523 | 106 | |
a04f58d6 LP |
107 | /* The access mode here doesn't really matter too much, since |
108 | * the mounted file system will take precedence anyway. */ | |
ca714c0e | 109 | mkdir_p(p->where, 0755); |
a04f58d6 | 110 | |
8e274523 | 111 | log_debug("Mounting %s to %s of type %s with options %s.", |
ca714c0e LP |
112 | p->what, |
113 | p->where, | |
114 | p->type, | |
115 | strna(p->options)); | |
116 | ||
117 | if (mount(p->what, | |
118 | p->where, | |
119 | p->type, | |
120 | p->flags, | |
121 | p->options) < 0) { | |
122 | log_error("Failed to mount %s: %s", p->where, strerror(errno)); | |
2076ca54 | 123 | return p->fatal ? -errno : 0; |
8e274523 LP |
124 | } |
125 | ||
51b4af2c | 126 | /* Relabel again, since we now mounted something fresh here */ |
c904f64d | 127 | label_fix(p->where, false); |
5275d3c1 | 128 | |
8e274523 LP |
129 | return 0; |
130 | } | |
131 | ||
2076ca54 LP |
132 | static int mount_cgroup_controllers(void) { |
133 | int r; | |
134 | FILE *f; | |
20c03b7b | 135 | char buf[LINE_MAX]; |
2076ca54 | 136 | |
670802d4 | 137 | /* Mount all available cgroup controllers that are built into the kernel. */ |
2076ca54 LP |
138 | |
139 | if (!(f = fopen("/proc/cgroups", "re"))) | |
140 | return -ENOENT; | |
141 | ||
142 | /* Ignore the header line */ | |
bab45044 | 143 | (void) fgets(buf, sizeof(buf), f); |
2076ca54 LP |
144 | |
145 | for (;;) { | |
146 | MountPoint p; | |
147 | char *controller, *where; | |
600a328f | 148 | int enabled = false; |
2076ca54 | 149 | |
16f6682d | 150 | if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) { |
2076ca54 LP |
151 | |
152 | if (feof(f)) | |
153 | break; | |
154 | ||
155 | log_error("Failed to parse /proc/cgroups."); | |
156 | r = -EIO; | |
157 | goto finish; | |
158 | } | |
159 | ||
600a328f LP |
160 | if (!enabled) { |
161 | free(controller); | |
162 | continue; | |
163 | } | |
164 | ||
77d5f105 | 165 | if (asprintf(&where, "/sys/fs/cgroup/%s", controller) < 0) { |
2076ca54 LP |
166 | free(controller); |
167 | r = -ENOMEM; | |
168 | goto finish; | |
169 | } | |
170 | ||
171 | zero(p); | |
172 | p.what = "cgroup"; | |
173 | p.where = where; | |
174 | p.type = "cgroup"; | |
175 | p.options = controller; | |
176 | p.flags = MS_NOSUID|MS_NOEXEC|MS_NODEV; | |
177 | p.fatal = false; | |
178 | ||
179 | r = mount_one(&p); | |
180 | free(controller); | |
181 | free(where); | |
182 | ||
183 | if (r < 0) | |
184 | goto finish; | |
185 | } | |
186 | ||
187 | r = 0; | |
188 | ||
189 | finish: | |
190 | fclose(f); | |
191 | ||
192 | return r; | |
193 | } | |
194 | ||
5c0532d1 LP |
195 | static int symlink_and_label(const char *old_path, const char *new_path) { |
196 | int r; | |
197 | ||
198 | assert(old_path); | |
199 | assert(new_path); | |
200 | ||
201 | if ((r = label_symlinkfile_set(new_path)) < 0) | |
202 | return r; | |
203 | ||
204 | if (symlink(old_path, new_path) < 0) | |
205 | r = -errno; | |
206 | ||
207 | label_file_clear(); | |
208 | ||
209 | return r; | |
210 | } | |
211 | ||
1829dc9d LP |
212 | static int nftw_cb( |
213 | const char *fpath, | |
214 | const struct stat *sb, | |
215 | int tflag, | |
216 | struct FTW *ftwbuf) { | |
217 | ||
9fe117ea LP |
218 | /* No need to label /dev twice in a row... */ |
219 | if (ftwbuf->level == 0) | |
220 | return 0; | |
221 | ||
c904f64d | 222 | label_fix(fpath, true); |
1829dc9d LP |
223 | return 0; |
224 | }; | |
225 | ||
8e274523 | 226 | int mount_setup(void) { |
5c0532d1 | 227 | |
40f9afa7 | 228 | const char symlinks[] = |
5c0532d1 LP |
229 | "/proc/kcore\0" "/dev/core\0" |
230 | "/proc/self/fd\0" "/dev/fd\0" | |
231 | "/proc/self/fd/0\0" "/dev/stdin\0" | |
232 | "/proc/self/fd/1\0" "/dev/stdout\0" | |
34df5a34 | 233 | "/proc/self/fd/2\0" "/dev/stderr\0"; |
5c0532d1 | 234 | |
8e274523 | 235 | int r; |
dad08730 | 236 | unsigned i; |
5c0532d1 | 237 | const char *j, *k; |
8e274523 | 238 | |
ca714c0e LP |
239 | for (i = 0; i < ELEMENTSOF(mount_table); i ++) |
240 | if ((r = mount_one(mount_table+i)) < 0) | |
8e274523 LP |
241 | return r; |
242 | ||
f1d19aa4 LP |
243 | /* Nodes in devtmpfs and /run need to be manually updated for |
244 | * the appropriate labels, after mounting. The other virtual | |
245 | * API file systems like /sys and /proc do not need that, they | |
246 | * use the same label for all their files. */ | |
3bbecb2f | 247 | if (unlink("/dev/.systemd-relabel-run-dev") >= 0) { |
1829dc9d | 248 | nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS); |
3bbecb2f LP |
249 | nftw("/run", nftw_cb, 64, FTW_MOUNT|FTW_PHYS); |
250 | } | |
1829dc9d | 251 | |
5c0532d1 | 252 | /* Create a few default symlinks, which are normally created |
f1d19aa4 | 253 | * by udevd, but some scripts might need them before we start |
5c0532d1 | 254 | * udevd. */ |
5c0532d1 LP |
255 | NULSTR_FOREACH_PAIR(j, k, symlinks) |
256 | symlink_and_label(j, k); | |
257 | ||
b925e726 | 258 | /* Create a few directories we always want around */ |
2b583ce6 | 259 | mkdir("/run/systemd", 0755); |
b925e726 | 260 | |
2076ca54 | 261 | return mount_cgroup_controllers(); |
8e274523 | 262 | } |