]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
4349cd7c | 2 | |
11c3a366 | 3 | #include <errno.h> |
70599967 | 4 | #include <linux/loop.h> |
11c3a366 | 5 | #include <stdlib.h> |
4349cd7c | 6 | #include <sys/mount.h> |
11c3a366 | 7 | #include <sys/stat.h> |
4349cd7c | 8 | #include <sys/statvfs.h> |
11c3a366 | 9 | #include <unistd.h> |
4349cd7c | 10 | |
b5efdb8a | 11 | #include "alloc-util.h" |
70599967 | 12 | #include "dissect-image.h" |
9e7f941a | 13 | #include "extract-word.h" |
4349cd7c LP |
14 | #include "fd-util.h" |
15 | #include "fileio.h" | |
e1873695 | 16 | #include "fs-util.h" |
93cc7779 | 17 | #include "hashmap.h" |
13dcfe46 | 18 | #include "libmount-util.h" |
6af52c3a | 19 | #include "mkdir.h" |
4349cd7c | 20 | #include "mount-util.h" |
049af8ad | 21 | #include "mountpoint-util.h" |
2338a175 | 22 | #include "namespace-util.h" |
4349cd7c LP |
23 | #include "parse-util.h" |
24 | #include "path-util.h" | |
6af52c3a | 25 | #include "process-util.h" |
4349cd7c | 26 | #include "set.h" |
28126409 | 27 | #include "stat-util.h" |
15a5e950 | 28 | #include "stdio-util.h" |
4349cd7c | 29 | #include "string-util.h" |
6b7c9f8b | 30 | #include "strv.h" |
6af52c3a | 31 | #include "tmpfile-util.h" |
70599967 | 32 | #include "user-util.h" |
4349cd7c | 33 | |
28126409 LP |
34 | int mount_fd(const char *source, |
35 | int target_fd, | |
36 | const char *filesystemtype, | |
37 | unsigned long mountflags, | |
38 | const void *data) { | |
39 | ||
40 | char path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; | |
41 | ||
42 | xsprintf(path, "/proc/self/fd/%i", target_fd); | |
43 | if (mount(source, path, filesystemtype, mountflags, data) < 0) { | |
44 | if (errno != ENOENT) | |
45 | return -errno; | |
46 | ||
47 | /* ENOENT can mean two things: either that the source is missing, or that /proc/ isn't | |
48 | * mounted. Check for the latter to generate better error messages. */ | |
49 | if (proc_mounted() == 0) | |
50 | return -ENOSYS; | |
51 | ||
52 | return -ENOENT; | |
53 | } | |
54 | ||
55 | return 0; | |
56 | } | |
57 | ||
58 | int mount_nofollow( | |
59 | const char *source, | |
60 | const char *target, | |
61 | const char *filesystemtype, | |
62 | unsigned long mountflags, | |
63 | const void *data) { | |
64 | ||
65 | _cleanup_close_ int fd = -1; | |
66 | ||
67 | /* In almost all cases we want to manipulate the mount table without following symlinks, hence | |
68 | * mount_nofollow() is usually the way to go. The only exceptions are environments where /proc/ is | |
69 | * not available yet, since we need /proc/self/fd/ for this logic to work. i.e. during the early | |
70 | * initialization of namespacing/container stuff where /proc is not yet mounted (and maybe even the | |
71 | * fs to mount) we can only use traditional mount() directly. | |
72 | * | |
73 | * Note that this disables following only for the final component of the target, i.e symlinks within | |
74 | * the path of the target are honoured, as are symlinks in the source path everywhere. */ | |
75 | ||
76 | fd = open(target, O_PATH|O_CLOEXEC|O_NOFOLLOW); | |
77 | if (fd < 0) | |
78 | return -errno; | |
79 | ||
80 | return mount_fd(source, fd, filesystemtype, mountflags, data); | |
81 | } | |
82 | ||
4349cd7c | 83 | int umount_recursive(const char *prefix, int flags) { |
4349cd7c | 84 | int n = 0, r; |
f8b1904f | 85 | bool again; |
4349cd7c | 86 | |
9d0619de LP |
87 | /* Try to umount everything recursively below a directory. Also, take care of stacked mounts, and |
88 | * keep unmounting them until they are gone. */ | |
4349cd7c LP |
89 | |
90 | do { | |
13dcfe46 ZJS |
91 | _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; |
92 | _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL; | |
4349cd7c LP |
93 | |
94 | again = false; | |
4349cd7c | 95 | |
2f2d81d9 | 96 | r = libmount_parse("/proc/self/mountinfo", NULL, &table, &iter); |
fdeea3f4 | 97 | if (r < 0) |
13dcfe46 | 98 | return log_debug_errno(r, "Failed to parse /proc/self/mountinfo: %m"); |
35bbbf85 | 99 | |
4349cd7c | 100 | for (;;) { |
13dcfe46 ZJS |
101 | struct libmnt_fs *fs; |
102 | const char *path; | |
4349cd7c | 103 | |
13dcfe46 ZJS |
104 | r = mnt_table_next_fs(table, iter, &fs); |
105 | if (r == 1) | |
106 | break; | |
107 | if (r < 0) | |
108 | return log_debug_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m"); | |
4349cd7c | 109 | |
13dcfe46 ZJS |
110 | path = mnt_fs_get_target(fs); |
111 | if (!path) | |
112 | continue; | |
4349cd7c | 113 | |
13dcfe46 | 114 | if (!path_startswith(path, prefix)) |
4349cd7c LP |
115 | continue; |
116 | ||
827ea521 LP |
117 | if (umount2(path, flags | UMOUNT_NOFOLLOW) < 0) { |
118 | log_debug_errno(errno, "Failed to umount %s, ignoring: %m", path); | |
4349cd7c LP |
119 | continue; |
120 | } | |
121 | ||
13dcfe46 | 122 | log_debug("Successfully unmounted %s", path); |
6b7c9f8b | 123 | |
4349cd7c LP |
124 | again = true; |
125 | n++; | |
126 | ||
127 | break; | |
128 | } | |
4349cd7c LP |
129 | } while (again); |
130 | ||
13dcfe46 | 131 | return n; |
4349cd7c LP |
132 | } |
133 | ||
08b1f5c7 LP |
134 | static int get_mount_flags( |
135 | struct libmnt_table *table, | |
136 | const char *path, | |
137 | unsigned long *ret) { | |
5012d567 LP |
138 | |
139 | _cleanup_close_ int fd = -1; | |
08b1f5c7 LP |
140 | struct libmnt_fs *fs; |
141 | struct statvfs buf; | |
142 | const char *opts; | |
5012d567 | 143 | int r; |
d34a4008 | 144 | |
08b1f5c7 LP |
145 | /* Get the mount flags for the mountpoint at "path" from "table". We have a fallback using statvfs() |
146 | * in place (which provides us with mostly the same info), but it's just a fallback, since using it | |
5012d567 LP |
147 | * means triggering autofs or NFS mounts, which we'd rather avoid needlessly. |
148 | * | |
149 | * This generally doesn't follow symlinks. */ | |
08b1f5c7 | 150 | |
d34a4008 | 151 | fs = mnt_table_find_target(table, path, MNT_ITER_FORWARD); |
38288f0b | 152 | if (!fs) { |
08b1f5c7 | 153 | log_debug("Could not find '%s' in mount table, ignoring.", path); |
d34a4008 JU |
154 | goto fallback; |
155 | } | |
156 | ||
157 | opts = mnt_fs_get_vfs_options(fs); | |
08b1f5c7 LP |
158 | if (!opts) { |
159 | *ret = 0; | |
160 | return 0; | |
161 | } | |
162 | ||
163 | r = mnt_optstr_get_flags(opts, ret, mnt_get_builtin_optmap(MNT_LINUX_MAP)); | |
d34a4008 | 164 | if (r != 0) { |
08b1f5c7 | 165 | log_debug_errno(r, "Could not get flags for '%s', ignoring: %m", path); |
d34a4008 JU |
166 | goto fallback; |
167 | } | |
4349cd7c | 168 | |
08b1f5c7 LP |
169 | /* MS_RELATIME is default and trying to set it in an unprivileged container causes EPERM */ |
170 | *ret &= ~MS_RELATIME; | |
d34a4008 JU |
171 | return 0; |
172 | ||
173 | fallback: | |
5012d567 LP |
174 | fd = open(path, O_PATH|O_CLOEXEC|O_NOFOLLOW); |
175 | if (fd < 0) | |
176 | return -errno; | |
177 | ||
178 | if (fstatvfs(fd, &buf) < 0) | |
4349cd7c | 179 | return -errno; |
d34a4008 | 180 | |
08b1f5c7 LP |
181 | /* The statvfs() flags and the mount flags mostly have the same values, but for some cases do |
182 | * not. Hence map the flags manually. (Strictly speaking, ST_RELATIME/MS_RELATIME is the most | |
183 | * prominent one that doesn't match, but that's the one we mask away anyway, see above.) */ | |
184 | ||
185 | *ret = | |
186 | FLAGS_SET(buf.f_flag, ST_RDONLY) * MS_RDONLY | | |
187 | FLAGS_SET(buf.f_flag, ST_NODEV) * MS_NODEV | | |
188 | FLAGS_SET(buf.f_flag, ST_NOEXEC) * MS_NOEXEC | | |
189 | FLAGS_SET(buf.f_flag, ST_NOSUID) * MS_NOSUID | | |
190 | FLAGS_SET(buf.f_flag, ST_NOATIME) * MS_NOATIME | | |
191 | FLAGS_SET(buf.f_flag, ST_NODIRATIME) * MS_NODIRATIME; | |
192 | ||
4349cd7c LP |
193 | return 0; |
194 | } | |
195 | ||
be3f3752 | 196 | /* Use this function only if you do not have direct access to /proc/self/mountinfo but the caller can open it |
64e82c19 LP |
197 | * for you. This is the case when /proc is masked or not mounted. Otherwise, use bind_remount_recursive. */ |
198 | int bind_remount_recursive_with_mountinfo( | |
199 | const char *prefix, | |
200 | unsigned long new_flags, | |
201 | unsigned long flags_mask, | |
6b000af4 | 202 | char **deny_list, |
64e82c19 LP |
203 | FILE *proc_self_mountinfo) { |
204 | ||
4349cd7c | 205 | _cleanup_set_free_free_ Set *done = NULL; |
670e8efd | 206 | unsigned n_tries = 0; |
4349cd7c LP |
207 | int r; |
208 | ||
8403219f | 209 | assert(prefix); |
ac9de0b3 TR |
210 | assert(proc_self_mountinfo); |
211 | ||
ddc155b2 TM |
212 | /* Recursively remount a directory (and all its submounts) with desired flags (MS_READONLY, |
213 | * MS_NOSUID, MS_NOEXEC). If the directory is already mounted, we reuse the mount and simply mark it | |
214 | * MS_BIND|MS_RDONLY (or remove the MS_RDONLY for read-write operation), ditto for other flags. If it | |
215 | * isn't we first make it one. Afterwards we apply (or remove) the flags to all submounts we can | |
216 | * access, too. When mounts are stacked on the same mount point we only care for each individual | |
217 | * "top-level" mount on each point, as we cannot influence/access the underlying mounts anyway. We do | |
218 | * not have any effect on future submounts that might get propagated, they might be writable | |
4b6ef527 LP |
219 | * etc. This includes future submounts that have been triggered via autofs. Also note that we can't |
220 | * operate atomically here. Mounts established while we process the tree might or might not get | |
221 | * noticed and thus might or might not be covered. | |
6b7c9f8b | 222 | * |
6b000af4 LP |
223 | * If the "deny_list" parameter is specified it may contain a list of subtrees to exclude from the |
224 | * remount operation. Note that we'll ignore the deny list for the top-level path. */ | |
4349cd7c | 225 | |
548f6937 | 226 | done = set_new(&path_hash_ops); |
4349cd7c LP |
227 | if (!done) |
228 | return -ENOMEM; | |
229 | ||
230 | for (;;) { | |
4349cd7c | 231 | _cleanup_set_free_free_ Set *todo = NULL; |
13dcfe46 ZJS |
232 | _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; |
233 | _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL; | |
4349cd7c LP |
234 | bool top_autofs = false; |
235 | char *x; | |
236 | unsigned long orig_flags; | |
237 | ||
670e8efd LP |
238 | if (n_tries++ >= 32) /* Let's not retry this loop forever */ |
239 | return -EBUSY; | |
240 | ||
548f6937 | 241 | todo = set_new(&path_hash_ops); |
4349cd7c LP |
242 | if (!todo) |
243 | return -ENOMEM; | |
244 | ||
ac9de0b3 | 245 | rewind(proc_self_mountinfo); |
4349cd7c | 246 | |
e2857b3d | 247 | r = libmount_parse("/proc/self/mountinfo", proc_self_mountinfo, &table, &iter); |
13dcfe46 ZJS |
248 | if (r < 0) |
249 | return log_debug_errno(r, "Failed to parse /proc/self/mountinfo: %m"); | |
4349cd7c | 250 | |
13dcfe46 ZJS |
251 | for (;;) { |
252 | struct libmnt_fs *fs; | |
253 | const char *path, *type; | |
4349cd7c | 254 | |
13dcfe46 | 255 | r = mnt_table_next_fs(table, iter, &fs); |
d6bfab11 | 256 | if (r == 1) /* EOF */ |
13dcfe46 | 257 | break; |
4349cd7c | 258 | if (r < 0) |
13dcfe46 | 259 | return log_debug_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m"); |
4349cd7c | 260 | |
13dcfe46 | 261 | path = mnt_fs_get_target(fs); |
d6bfab11 | 262 | if (!path) |
6b7c9f8b LP |
263 | continue; |
264 | ||
c6111b85 | 265 | if (!path_startswith(path, prefix)) |
13dcfe46 ZJS |
266 | continue; |
267 | ||
d6bfab11 LP |
268 | type = mnt_fs_get_fstype(fs); |
269 | if (!type) | |
270 | continue; | |
271 | ||
272 | /* Let's ignore autofs mounts. If they aren't triggered yet, we want to avoid | |
273 | * triggering them, as we don't make any guarantees for future submounts anyway. If | |
274 | * they are already triggered, then we will find another entry for this. */ | |
275 | if (streq(type, "autofs")) { | |
276 | top_autofs = top_autofs || path_equal(path, prefix); | |
277 | continue; | |
278 | } | |
279 | ||
280 | if (set_contains(done, path)) | |
281 | continue; | |
282 | ||
6b000af4 | 283 | /* Ignore this mount if it is deny-listed, but only if it isn't the top-level mount |
13dcfe46 | 284 | * we shall operate on. */ |
c6111b85 | 285 | if (!path_equal(path, prefix)) { |
6b000af4 | 286 | bool deny_listed = false; |
6b7c9f8b LP |
287 | char **i; |
288 | ||
6b000af4 | 289 | STRV_FOREACH(i, deny_list) { |
c6111b85 | 290 | if (path_equal(*i, prefix)) |
6b7c9f8b LP |
291 | continue; |
292 | ||
c6111b85 | 293 | if (!path_startswith(*i, prefix)) |
6b7c9f8b LP |
294 | continue; |
295 | ||
13dcfe46 | 296 | if (path_startswith(path, *i)) { |
6b000af4 | 297 | deny_listed = true; |
d6bfab11 | 298 | log_debug("Not remounting %s deny-listed by %s, called for %s", path, *i, prefix); |
6b7c9f8b LP |
299 | break; |
300 | } | |
301 | } | |
d6bfab11 | 302 | |
6b000af4 | 303 | if (deny_listed) |
6b7c9f8b LP |
304 | continue; |
305 | } | |
306 | ||
d6bfab11 LP |
307 | r = set_put_strdup(&todo, path); |
308 | if (r < 0) | |
309 | return r; | |
4349cd7c LP |
310 | } |
311 | ||
5c5753b9 LP |
312 | /* Check if the top-level directory was among what we have seen so far. For that check both |
313 | * 'done' and 'todo'. Also check 'top_autofs' because if the top-level dir is an autofs we'll | |
314 | * not include it in either set but will set this bool. */ | |
c6111b85 | 315 | if (!set_contains(done, prefix) && |
5c5753b9 LP |
316 | !(top_autofs || set_contains(todo, prefix))) { |
317 | ||
6b7c9f8b | 318 | /* The prefix directory itself is not yet a mount, make it one. */ |
c6111b85 | 319 | r = mount_nofollow(prefix, prefix, NULL, MS_BIND|MS_REC, NULL); |
511a8cfe LP |
320 | if (r < 0) |
321 | return r; | |
4349cd7c | 322 | |
5c5753b9 LP |
323 | /* Immediately rescan, so that we pick up the new mount's flags */ |
324 | continue; | |
4349cd7c LP |
325 | } |
326 | ||
5c5753b9 LP |
327 | /* If we have no submounts to process anymore, we are done */ |
328 | if (set_isempty(todo)) | |
329 | return 0; | |
330 | ||
4349cd7c LP |
331 | while ((x = set_steal_first(todo))) { |
332 | ||
333 | r = set_consume(done, x); | |
4c701096 | 334 | if (IN_SET(r, 0, -EEXIST)) |
4349cd7c LP |
335 | continue; |
336 | if (r < 0) | |
337 | return r; | |
338 | ||
6b7c9f8b | 339 | /* Deal with mount points that are obstructed by a later mount */ |
e1873695 | 340 | r = path_is_mount_point(x, NULL, 0); |
4c701096 | 341 | if (IN_SET(r, 0, -ENOENT)) |
98df8089 | 342 | continue; |
065b4774 LP |
343 | if (r < 0) { |
344 | if (!ERRNO_IS_PRIVILEGE(r)) | |
345 | return r; | |
346 | ||
53c442ef YW |
347 | /* Even if root user invoke this, submounts under private FUSE or NFS mount points |
348 | * may not be acceessed. E.g., | |
349 | * | |
350 | * $ bindfs --no-allow-other ~/mnt/mnt ~/mnt/mnt | |
351 | * $ bindfs --no-allow-other ~/mnt ~/mnt | |
352 | * | |
353 | * Then, root user cannot access the mount point ~/mnt/mnt. | |
354 | * In such cases, the submounts are ignored, as we have no way to manage them. */ | |
ef454fd1 YW |
355 | log_debug_errno(r, "Failed to determine '%s' is mount point or not, ignoring: %m", x); |
356 | continue; | |
357 | } | |
98df8089 AC |
358 | |
359 | /* Try to reuse the original flag set */ | |
4349cd7c | 360 | orig_flags = 0; |
08b1f5c7 | 361 | (void) get_mount_flags(table, x, &orig_flags); |
4349cd7c | 362 | |
511a8cfe LP |
363 | r = mount_nofollow(NULL, x, NULL, (orig_flags & ~flags_mask)|MS_BIND|MS_REMOUNT|new_flags, NULL); |
364 | if (r < 0) | |
365 | return r; | |
4349cd7c | 366 | |
6b7c9f8b | 367 | log_debug("Remounted %s read-only.", x); |
4349cd7c LP |
368 | } |
369 | } | |
370 | } | |
371 | ||
8403219f LP |
372 | int bind_remount_recursive( |
373 | const char *prefix, | |
374 | unsigned long new_flags, | |
375 | unsigned long flags_mask, | |
6b000af4 | 376 | char **deny_list) { |
8403219f | 377 | |
ac9de0b3 | 378 | _cleanup_fclose_ FILE *proc_self_mountinfo = NULL; |
fdeea3f4 | 379 | int r; |
ac9de0b3 | 380 | |
fdeea3f4 ZJS |
381 | r = fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo); |
382 | if (r < 0) | |
383 | return r; | |
35bbbf85 | 384 | |
6b000af4 | 385 | return bind_remount_recursive_with_mountinfo(prefix, new_flags, flags_mask, deny_list, proc_self_mountinfo); |
ac9de0b3 TR |
386 | } |
387 | ||
7cce68e1 LP |
388 | int bind_remount_one_with_mountinfo( |
389 | const char *path, | |
390 | unsigned long new_flags, | |
391 | unsigned long flags_mask, | |
392 | FILE *proc_self_mountinfo) { | |
393 | ||
394 | _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; | |
395 | unsigned long orig_flags = 0; | |
396 | int r; | |
397 | ||
398 | assert(path); | |
399 | assert(proc_self_mountinfo); | |
400 | ||
401 | rewind(proc_self_mountinfo); | |
402 | ||
403 | table = mnt_new_table(); | |
404 | if (!table) | |
405 | return -ENOMEM; | |
406 | ||
407 | r = mnt_table_parse_stream(table, proc_self_mountinfo, "/proc/self/mountinfo"); | |
408 | if (r < 0) | |
409 | return r; | |
410 | ||
411 | /* Try to reuse the original flag set */ | |
412 | (void) get_mount_flags(table, path, &orig_flags); | |
413 | ||
511a8cfe LP |
414 | r = mount_nofollow(NULL, path, NULL, (orig_flags & ~flags_mask)|MS_BIND|MS_REMOUNT|new_flags, NULL); |
415 | if (r < 0) | |
416 | return r; | |
7cce68e1 LP |
417 | |
418 | return 0; | |
419 | } | |
420 | ||
4349cd7c LP |
421 | int mount_move_root(const char *path) { |
422 | assert(path); | |
423 | ||
424 | if (chdir(path) < 0) | |
425 | return -errno; | |
426 | ||
427 | if (mount(path, "/", NULL, MS_MOVE, NULL) < 0) | |
428 | return -errno; | |
429 | ||
430 | if (chroot(".") < 0) | |
431 | return -errno; | |
432 | ||
433 | if (chdir("/") < 0) | |
434 | return -errno; | |
435 | ||
436 | return 0; | |
437 | } | |
4e036b7a | 438 | |
3f2c0bec LP |
439 | int repeat_unmount(const char *path, int flags) { |
440 | bool done = false; | |
441 | ||
442 | assert(path); | |
443 | ||
444 | /* If there are multiple mounts on a mount point, this | |
445 | * removes them all */ | |
446 | ||
447 | for (;;) { | |
448 | if (umount2(path, flags) < 0) { | |
449 | ||
450 | if (errno == EINVAL) | |
451 | return done; | |
452 | ||
453 | return -errno; | |
454 | } | |
455 | ||
456 | done = true; | |
457 | } | |
458 | } | |
c4b41707 | 459 | |
48b747fa LP |
460 | int mode_to_inaccessible_node( |
461 | const char *runtime_dir, | |
462 | mode_t mode, | |
463 | char **ret) { | |
464 | ||
465 | /* This function maps a node type to a corresponding inaccessible file node. These nodes are created | |
466 | * during early boot by PID 1. In some cases we lacked the privs to create the character and block | |
467 | * devices (maybe because we run in an userns environment, or miss CAP_SYS_MKNOD, or run with a | |
468 | * devices policy that excludes device nodes with major and minor of 0), but that's fine, in that | |
469 | * case we use an AF_UNIX file node instead, which is not the same, but close enough for most | |
470 | * uses. And most importantly, the kernel allows bind mounts from socket nodes to any non-directory | |
471 | * file nodes, and that's the most important thing that matters. | |
472 | * | |
473 | * Note that the runtime directory argument shall be the top-level runtime directory, i.e. /run/ if | |
474 | * we operate in system context and $XDG_RUNTIME_DIR if we operate in user context. */ | |
475 | ||
e5f10caf AZ |
476 | _cleanup_free_ char *d = NULL; |
477 | const char *node = NULL; | |
e5f10caf | 478 | |
48b747fa LP |
479 | assert(ret); |
480 | ||
481 | if (!runtime_dir) | |
482 | runtime_dir = "/run"; | |
fe80fcc7 | 483 | |
c4b41707 AP |
484 | switch(mode & S_IFMT) { |
485 | case S_IFREG: | |
48b747fa | 486 | node = "/systemd/inaccessible/reg"; |
e5f10caf | 487 | break; |
fe80fcc7 | 488 | |
c4b41707 | 489 | case S_IFDIR: |
48b747fa | 490 | node = "/systemd/inaccessible/dir"; |
e5f10caf | 491 | break; |
fe80fcc7 | 492 | |
c4b41707 | 493 | case S_IFCHR: |
48b747fa | 494 | node = "/systemd/inaccessible/chr"; |
e5f10caf | 495 | break; |
fe80fcc7 | 496 | |
c4b41707 | 497 | case S_IFBLK: |
48b747fa | 498 | node = "/systemd/inaccessible/blk"; |
e5f10caf | 499 | break; |
fe80fcc7 | 500 | |
c4b41707 | 501 | case S_IFIFO: |
48b747fa | 502 | node = "/systemd/inaccessible/fifo"; |
e5f10caf | 503 | break; |
fe80fcc7 | 504 | |
c4b41707 | 505 | case S_IFSOCK: |
48b747fa | 506 | node = "/systemd/inaccessible/sock"; |
e5f10caf | 507 | break; |
c4b41707 | 508 | } |
e5f10caf AZ |
509 | if (!node) |
510 | return -EINVAL; | |
511 | ||
48b747fa LP |
512 | d = path_join(runtime_dir, node); |
513 | if (!d) | |
514 | return -ENOMEM; | |
515 | ||
cbed1dc8 LP |
516 | /* On new kernels unprivileged users are permitted to create 0:0 char device nodes (because they also |
517 | * act as whiteout inode for overlayfs), but no other char or block device nodes. On old kernels no | |
518 | * device node whatsoever may be created by unprivileged processes. Hence, if the caller asks for the | |
519 | * inaccessible block device node let's see if the block device node actually exists, and if not, | |
520 | * fall back to the character device node. From there fall back to the socket device node. This means | |
521 | * in the best case we'll get the right device node type — but if not we'll hopefully at least get a | |
522 | * device node at all. */ | |
523 | ||
524 | if (S_ISBLK(mode) && | |
525 | access(d, F_OK) < 0 && errno == ENOENT) { | |
526 | free(d); | |
527 | d = path_join(runtime_dir, "/systemd/inaccessible/chr"); | |
528 | if (!d) | |
529 | return -ENOMEM; | |
530 | } | |
531 | ||
532 | if (IN_SET(mode & S_IFMT, S_IFBLK, S_IFCHR) && | |
533 | access(d, F_OK) < 0 && errno == ENOENT) { | |
48b747fa LP |
534 | free(d); |
535 | d = path_join(runtime_dir, "/systemd/inaccessible/sock"); | |
536 | if (!d) | |
537 | return -ENOMEM; | |
538 | } | |
e5f10caf | 539 | |
48b747fa | 540 | *ret = TAKE_PTR(d); |
e5f10caf | 541 | return 0; |
c4b41707 | 542 | } |
60e76d48 ZJS |
543 | |
544 | #define FLAG(name) (flags & name ? STRINGIFY(name) "|" : "") | |
545 | static char* mount_flags_to_string(long unsigned flags) { | |
546 | char *x; | |
547 | _cleanup_free_ char *y = NULL; | |
548 | long unsigned overflow; | |
549 | ||
550 | overflow = flags & ~(MS_RDONLY | | |
551 | MS_NOSUID | | |
552 | MS_NODEV | | |
553 | MS_NOEXEC | | |
554 | MS_SYNCHRONOUS | | |
555 | MS_REMOUNT | | |
556 | MS_MANDLOCK | | |
557 | MS_DIRSYNC | | |
558 | MS_NOATIME | | |
559 | MS_NODIRATIME | | |
560 | MS_BIND | | |
561 | MS_MOVE | | |
562 | MS_REC | | |
563 | MS_SILENT | | |
564 | MS_POSIXACL | | |
565 | MS_UNBINDABLE | | |
566 | MS_PRIVATE | | |
567 | MS_SLAVE | | |
568 | MS_SHARED | | |
569 | MS_RELATIME | | |
570 | MS_KERNMOUNT | | |
571 | MS_I_VERSION | | |
572 | MS_STRICTATIME | | |
573 | MS_LAZYTIME); | |
574 | ||
575 | if (flags == 0 || overflow != 0) | |
576 | if (asprintf(&y, "%lx", overflow) < 0) | |
577 | return NULL; | |
578 | ||
579 | x = strjoin(FLAG(MS_RDONLY), | |
580 | FLAG(MS_NOSUID), | |
581 | FLAG(MS_NODEV), | |
582 | FLAG(MS_NOEXEC), | |
583 | FLAG(MS_SYNCHRONOUS), | |
584 | FLAG(MS_REMOUNT), | |
585 | FLAG(MS_MANDLOCK), | |
586 | FLAG(MS_DIRSYNC), | |
587 | FLAG(MS_NOATIME), | |
588 | FLAG(MS_NODIRATIME), | |
589 | FLAG(MS_BIND), | |
590 | FLAG(MS_MOVE), | |
591 | FLAG(MS_REC), | |
592 | FLAG(MS_SILENT), | |
593 | FLAG(MS_POSIXACL), | |
594 | FLAG(MS_UNBINDABLE), | |
595 | FLAG(MS_PRIVATE), | |
596 | FLAG(MS_SLAVE), | |
597 | FLAG(MS_SHARED), | |
598 | FLAG(MS_RELATIME), | |
599 | FLAG(MS_KERNMOUNT), | |
600 | FLAG(MS_I_VERSION), | |
601 | FLAG(MS_STRICTATIME), | |
602 | FLAG(MS_LAZYTIME), | |
605405c6 | 603 | y); |
60e76d48 ZJS |
604 | if (!x) |
605 | return NULL; | |
606 | if (!y) | |
607 | x[strlen(x) - 1] = '\0'; /* truncate the last | */ | |
608 | return x; | |
609 | } | |
610 | ||
511a8cfe | 611 | int mount_verbose_full( |
60e76d48 ZJS |
612 | int error_log_level, |
613 | const char *what, | |
614 | const char *where, | |
615 | const char *type, | |
616 | unsigned long flags, | |
511a8cfe LP |
617 | const char *options, |
618 | bool follow_symlink) { | |
60e76d48 | 619 | |
6ef8df2b YW |
620 | _cleanup_free_ char *fl = NULL, *o = NULL; |
621 | unsigned long f; | |
622 | int r; | |
623 | ||
624 | r = mount_option_mangle(options, flags, &f, &o); | |
625 | if (r < 0) | |
626 | return log_full_errno(error_log_level, r, | |
627 | "Failed to mangle mount options %s: %m", | |
628 | strempty(options)); | |
60e76d48 | 629 | |
6ef8df2b | 630 | fl = mount_flags_to_string(f); |
60e76d48 | 631 | |
6ef8df2b | 632 | if ((f & MS_REMOUNT) && !what && !type) |
60e76d48 | 633 | log_debug("Remounting %s (%s \"%s\")...", |
6ef8df2b | 634 | where, strnull(fl), strempty(o)); |
60e76d48 ZJS |
635 | else if (!what && !type) |
636 | log_debug("Mounting %s (%s \"%s\")...", | |
6ef8df2b YW |
637 | where, strnull(fl), strempty(o)); |
638 | else if ((f & MS_BIND) && !type) | |
60e76d48 | 639 | log_debug("Bind-mounting %s on %s (%s \"%s\")...", |
6ef8df2b YW |
640 | what, where, strnull(fl), strempty(o)); |
641 | else if (f & MS_MOVE) | |
afe682bc | 642 | log_debug("Moving mount %s → %s (%s \"%s\")...", |
6ef8df2b | 643 | what, where, strnull(fl), strempty(o)); |
60e76d48 | 644 | else |
3b493d94 LP |
645 | log_debug("Mounting %s (%s) on %s (%s \"%s\")...", |
646 | strna(what), strna(type), where, strnull(fl), strempty(o)); | |
511a8cfe LP |
647 | |
648 | if (follow_symlink) | |
649 | r = mount(what, where, type, f, o) < 0 ? -errno : 0; | |
650 | else | |
651 | r = mount_nofollow(what, where, type, f, o); | |
652 | if (r < 0) | |
653 | return log_full_errno(error_log_level, r, | |
3ccf6126 LP |
654 | "Failed to mount %s (type %s) on %s (%s \"%s\"): %m", |
655 | strna(what), strna(type), where, strnull(fl), strempty(o)); | |
60e76d48 ZJS |
656 | return 0; |
657 | } | |
658 | ||
30f5d104 LP |
659 | int umount_verbose( |
660 | int error_log_level, | |
661 | const char *what, | |
662 | int flags) { | |
663 | ||
664 | assert(what); | |
665 | ||
60e76d48 | 666 | log_debug("Umounting %s...", what); |
30f5d104 LP |
667 | |
668 | if (umount2(what, flags) < 0) | |
669 | return log_full_errno(error_log_level, errno, | |
670 | "Failed to unmount %s: %m", what); | |
671 | ||
60e76d48 ZJS |
672 | return 0; |
673 | } | |
83555251 | 674 | |
9e7f941a YW |
675 | int mount_option_mangle( |
676 | const char *options, | |
677 | unsigned long mount_flags, | |
678 | unsigned long *ret_mount_flags, | |
679 | char **ret_remaining_options) { | |
680 | ||
681 | const struct libmnt_optmap *map; | |
682 | _cleanup_free_ char *ret = NULL; | |
683 | const char *p; | |
684 | int r; | |
685 | ||
686 | /* This extracts mount flags from the mount options, and store | |
687 | * non-mount-flag options to '*ret_remaining_options'. | |
688 | * E.g., | |
689 | * "rw,nosuid,nodev,relatime,size=1630748k,mode=700,uid=1000,gid=1000" | |
690 | * is split to MS_NOSUID|MS_NODEV|MS_RELATIME and | |
691 | * "size=1630748k,mode=700,uid=1000,gid=1000". | |
692 | * See more examples in test-mount-utils.c. | |
693 | * | |
694 | * Note that if 'options' does not contain any non-mount-flag options, | |
5238e957 | 695 | * then '*ret_remaining_options' is set to NULL instead of empty string. |
9e7f941a YW |
696 | * Note that this does not check validity of options stored in |
697 | * '*ret_remaining_options'. | |
698 | * Note that if 'options' is NULL, then this just copies 'mount_flags' | |
699 | * to '*ret_mount_flags'. */ | |
700 | ||
701 | assert(ret_mount_flags); | |
702 | assert(ret_remaining_options); | |
703 | ||
704 | map = mnt_get_builtin_optmap(MNT_LINUX_MAP); | |
705 | if (!map) | |
706 | return -EINVAL; | |
707 | ||
708 | p = options; | |
709 | for (;;) { | |
710 | _cleanup_free_ char *word = NULL; | |
711 | const struct libmnt_optmap *ent; | |
712 | ||
4ec85141 | 713 | r = extract_first_word(&p, &word, ",", EXTRACT_UNQUOTE); |
9e7f941a YW |
714 | if (r < 0) |
715 | return r; | |
716 | if (r == 0) | |
717 | break; | |
718 | ||
719 | for (ent = map; ent->name; ent++) { | |
720 | /* All entries in MNT_LINUX_MAP do not take any argument. | |
721 | * Thus, ent->name does not contain "=" or "[=]". */ | |
722 | if (!streq(word, ent->name)) | |
723 | continue; | |
724 | ||
725 | if (!(ent->mask & MNT_INVERT)) | |
726 | mount_flags |= ent->id; | |
727 | else if (mount_flags & ent->id) | |
728 | mount_flags ^= ent->id; | |
729 | ||
730 | break; | |
731 | } | |
732 | ||
733 | /* If 'word' is not a mount flag, then store it in '*ret_remaining_options'. */ | |
c2bc710b | 734 | if (!ent->name && !strextend_with_separator(&ret, ",", word)) |
9e7f941a YW |
735 | return -ENOMEM; |
736 | } | |
737 | ||
738 | *ret_mount_flags = mount_flags; | |
ae2a15bc | 739 | *ret_remaining_options = TAKE_PTR(ret); |
9e7f941a YW |
740 | |
741 | return 0; | |
742 | } | |
6af52c3a | 743 | |
70599967 | 744 | static int mount_in_namespace( |
6af52c3a LB |
745 | pid_t target, |
746 | const char *propagate_path, | |
747 | const char *incoming_path, | |
748 | const char *src, | |
749 | const char *dest, | |
750 | bool read_only, | |
70599967 LB |
751 | bool make_file_or_directory, |
752 | const MountOptions *options, | |
753 | bool is_image) { | |
6af52c3a LB |
754 | |
755 | _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 }; | |
f7c18d3d LB |
756 | _cleanup_close_ int self_mntns_fd = -1, mntns_fd = -1, root_fd = -1, pidns_fd = -1, chased_src_fd = -1; |
757 | char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p, | |
758 | chased_src[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; | |
6af52c3a LB |
759 | bool mount_slave_created = false, mount_slave_mounted = false, |
760 | mount_tmp_created = false, mount_tmp_mounted = false, | |
761 | mount_outside_created = false, mount_outside_mounted = false; | |
2338a175 | 762 | struct stat st, self_mntns_st; |
6af52c3a LB |
763 | pid_t child; |
764 | int r; | |
765 | ||
766 | assert(target > 0); | |
767 | assert(propagate_path); | |
768 | assert(incoming_path); | |
769 | assert(src); | |
770 | assert(dest); | |
70599967 | 771 | assert(!options || is_image); |
6af52c3a | 772 | |
98f654fd | 773 | r = namespace_open(target, &pidns_fd, &mntns_fd, NULL, NULL, &root_fd); |
2338a175 LB |
774 | if (r < 0) |
775 | return log_debug_errno(r, "Failed to retrieve FDs of the target process' namespace: %m"); | |
776 | ||
777 | if (fstat(mntns_fd, &st) < 0) | |
778 | return log_debug_errno(errno, "Failed to fstat mount namespace FD of target process: %m"); | |
779 | ||
780 | r = namespace_open(0, NULL, &self_mntns_fd, NULL, NULL, NULL); | |
781 | if (r < 0) | |
782 | return log_debug_errno(r, "Failed to retrieve FDs of systemd's namespace: %m"); | |
783 | ||
784 | if (fstat(self_mntns_fd, &self_mntns_st) < 0) | |
785 | return log_debug_errno(errno, "Failed to fstat mount namespace FD of systemd: %m"); | |
786 | ||
787 | /* We can't add new mounts at runtime if the process wasn't started in a namespace */ | |
788 | if (st.st_ino == self_mntns_st.st_ino && st.st_dev == self_mntns_st.st_dev) | |
789 | return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to activate bind mount in target, not running in a mount namespace"); | |
790 | ||
6af52c3a LB |
791 | /* One day, when bind mounting /proc/self/fd/n works across |
792 | * namespace boundaries we should rework this logic to make | |
793 | * use of it... */ | |
794 | ||
795 | p = strjoina(propagate_path, "/"); | |
796 | r = laccess(p, F_OK); | |
797 | if (r < 0) | |
798 | return log_debug_errno(r == -ENOENT ? SYNTHETIC_ERRNO(EOPNOTSUPP) : r, "Target does not allow propagation of mount points"); | |
799 | ||
f7c18d3d | 800 | r = chase_symlinks(src, NULL, CHASE_TRAIL_SLASH, NULL, &chased_src_fd); |
6af52c3a LB |
801 | if (r < 0) |
802 | return log_debug_errno(r, "Failed to resolve source path of %s: %m", src); | |
f7c18d3d | 803 | xsprintf(chased_src, "/proc/self/fd/%i", chased_src_fd); |
6af52c3a | 804 | |
f7c18d3d LB |
805 | if (fstat(chased_src_fd, &st) < 0) |
806 | return log_debug_errno(errno, "Failed to stat() resolved source path %s: %m", src); | |
6af52c3a | 807 | if (S_ISLNK(st.st_mode)) /* This shouldn't really happen, given that we just chased the symlinks above, but let's better be safe… */ |
f7c18d3d | 808 | return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Source directory %s can't be a symbolic link", src); |
6af52c3a LB |
809 | |
810 | /* Our goal is to install a new bind mount into the container, | |
811 | possibly read-only. This is irritatingly complex | |
812 | unfortunately, currently. | |
813 | ||
814 | First, we start by creating a private playground in /tmp, | |
815 | that we can mount MS_SLAVE. (Which is necessary, since | |
816 | MS_MOVE cannot be applied to mounts with MS_SHARED parent | |
817 | mounts.) */ | |
818 | ||
819 | if (!mkdtemp(mount_slave)) | |
820 | return log_debug_errno(errno, "Failed to create playground %s: %m", mount_slave); | |
821 | ||
822 | mount_slave_created = true; | |
823 | ||
824 | r = mount_nofollow_verbose(LOG_DEBUG, mount_slave, mount_slave, NULL, MS_BIND, NULL); | |
825 | if (r < 0) | |
826 | goto finish; | |
827 | ||
828 | mount_slave_mounted = true; | |
829 | ||
830 | r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_slave, NULL, MS_SLAVE, NULL); | |
831 | if (r < 0) | |
832 | goto finish; | |
833 | ||
834 | /* Second, we mount the source file or directory to a directory inside of our MS_SLAVE playground. */ | |
835 | mount_tmp = strjoina(mount_slave, "/mount"); | |
70599967 LB |
836 | if (is_image) |
837 | r = mkdir_p(mount_tmp, 0700); | |
838 | else | |
839 | r = make_mount_point_inode_from_stat(&st, mount_tmp, 0700); | |
6af52c3a LB |
840 | if (r < 0) { |
841 | log_debug_errno(r, "Failed to create temporary mount point %s: %m", mount_tmp); | |
842 | goto finish; | |
843 | } | |
844 | ||
845 | mount_tmp_created = true; | |
846 | ||
70599967 | 847 | if (is_image) |
93f59701 | 848 | r = verity_dissect_and_mount(chased_src, mount_tmp, options, NULL, NULL, NULL); |
70599967 LB |
849 | else |
850 | r = mount_follow_verbose(LOG_DEBUG, chased_src, mount_tmp, NULL, MS_BIND, NULL); | |
6af52c3a LB |
851 | if (r < 0) |
852 | goto finish; | |
853 | ||
854 | mount_tmp_mounted = true; | |
855 | ||
856 | /* Third, we remount the new bind mount read-only if requested. */ | |
857 | if (read_only) { | |
858 | r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_tmp, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL); | |
859 | if (r < 0) | |
860 | goto finish; | |
861 | } | |
862 | ||
863 | /* Fourth, we move the new bind mount into the propagation directory. This way it will appear there read-only | |
864 | * right-away. */ | |
865 | ||
866 | mount_outside = strjoina(propagate_path, "/XXXXXX"); | |
70599967 | 867 | if (is_image || S_ISDIR(st.st_mode)) |
6af52c3a LB |
868 | r = mkdtemp(mount_outside) ? 0 : -errno; |
869 | else { | |
870 | r = mkostemp_safe(mount_outside); | |
871 | safe_close(r); | |
872 | } | |
873 | if (r < 0) { | |
874 | log_debug_errno(r, "Cannot create propagation file or directory %s: %m", mount_outside); | |
875 | goto finish; | |
876 | } | |
877 | ||
878 | mount_outside_created = true; | |
879 | ||
880 | r = mount_nofollow_verbose(LOG_DEBUG, mount_tmp, mount_outside, NULL, MS_MOVE, NULL); | |
881 | if (r < 0) | |
882 | goto finish; | |
883 | ||
884 | mount_outside_mounted = true; | |
885 | mount_tmp_mounted = false; | |
886 | ||
70599967 | 887 | if (is_image || S_ISDIR(st.st_mode)) |
6af52c3a LB |
888 | (void) rmdir(mount_tmp); |
889 | else | |
890 | (void) unlink(mount_tmp); | |
891 | mount_tmp_created = false; | |
892 | ||
893 | (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW); | |
894 | mount_slave_mounted = false; | |
895 | ||
896 | (void) rmdir(mount_slave); | |
897 | mount_slave_created = false; | |
898 | ||
899 | if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0) { | |
900 | log_debug_errno(errno, "Failed to create pipe: %m"); | |
901 | goto finish; | |
902 | } | |
903 | ||
2338a175 | 904 | r = namespace_fork("(sd-bindmnt)", "(sd-bindmnt-inner)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, |
98f654fd | 905 | pidns_fd, mntns_fd, -1, -1, root_fd, &child); |
6af52c3a LB |
906 | if (r < 0) |
907 | goto finish; | |
908 | if (r == 0) { | |
2338a175 | 909 | const char *mount_inside; |
6af52c3a LB |
910 | |
911 | errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]); | |
912 | ||
6af52c3a | 913 | if (make_file_or_directory) { |
70599967 LB |
914 | if (!is_image) { |
915 | (void) mkdir_parents(dest, 0755); | |
916 | (void) make_mount_point_inode_from_stat(&st, dest, 0700); | |
917 | } else | |
918 | (void) mkdir_p(dest, 0755); | |
6af52c3a LB |
919 | } |
920 | ||
921 | /* Fifth, move the mount to the right place inside */ | |
922 | mount_inside = strjoina(incoming_path, basename(mount_outside)); | |
923 | r = mount_nofollow_verbose(LOG_ERR, mount_inside, dest, NULL, MS_MOVE, NULL); | |
924 | if (r < 0) | |
925 | goto child_fail; | |
926 | ||
927 | _exit(EXIT_SUCCESS); | |
928 | ||
929 | child_fail: | |
930 | (void) write(errno_pipe_fd[1], &r, sizeof(r)); | |
931 | errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]); | |
932 | ||
933 | _exit(EXIT_FAILURE); | |
934 | } | |
935 | ||
936 | errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]); | |
937 | ||
938 | r = wait_for_terminate_and_check("(sd-bindmnt)", child, 0); | |
939 | if (r < 0) { | |
940 | log_debug_errno(r, "Failed to wait for child: %m"); | |
941 | goto finish; | |
942 | } | |
943 | if (r != EXIT_SUCCESS) { | |
944 | if (read(errno_pipe_fd[0], &r, sizeof(r)) == sizeof(r)) | |
945 | log_debug_errno(r, "Failed to mount: %m"); | |
946 | else | |
947 | log_debug("Child failed."); | |
948 | goto finish; | |
949 | } | |
950 | ||
951 | finish: | |
952 | if (mount_outside_mounted) | |
953 | (void) umount_verbose(LOG_DEBUG, mount_outside, UMOUNT_NOFOLLOW); | |
954 | if (mount_outside_created) { | |
70599967 | 955 | if (is_image || S_ISDIR(st.st_mode)) |
6af52c3a LB |
956 | (void) rmdir(mount_outside); |
957 | else | |
958 | (void) unlink(mount_outside); | |
959 | } | |
960 | ||
961 | if (mount_tmp_mounted) | |
962 | (void) umount_verbose(LOG_DEBUG, mount_tmp, UMOUNT_NOFOLLOW); | |
963 | if (mount_tmp_created) { | |
70599967 | 964 | if (is_image || S_ISDIR(st.st_mode)) |
6af52c3a LB |
965 | (void) rmdir(mount_tmp); |
966 | else | |
967 | (void) unlink(mount_tmp); | |
968 | } | |
969 | ||
970 | if (mount_slave_mounted) | |
971 | (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW); | |
972 | if (mount_slave_created) | |
973 | (void) rmdir(mount_slave); | |
974 | ||
975 | return r; | |
976 | } | |
70599967 LB |
977 | |
978 | int bind_mount_in_namespace( | |
979 | pid_t target, | |
980 | const char *propagate_path, | |
981 | const char *incoming_path, | |
982 | const char *src, | |
983 | const char *dest, | |
984 | bool read_only, | |
985 | bool make_file_or_directory) { | |
986 | ||
987 | return mount_in_namespace(target, propagate_path, incoming_path, src, dest, read_only, make_file_or_directory, NULL, false); | |
988 | } | |
989 | ||
990 | int mount_image_in_namespace( | |
991 | pid_t target, | |
992 | const char *propagate_path, | |
993 | const char *incoming_path, | |
994 | const char *src, | |
995 | const char *dest, | |
996 | bool read_only, | |
997 | bool make_file_or_directory, | |
998 | const MountOptions *options) { | |
999 | ||
1000 | return mount_in_namespace(target, propagate_path, incoming_path, src, dest, read_only, make_file_or_directory, options, true); | |
1001 | } |