]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/namespace.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 #include <sys/mount.h>
28 #include <sys/types.h>
30 #include <sys/syscall.h>
36 #include "namespace.h"
39 typedef enum PathMode
{
40 /* This is ordered by priority! */
52 static int append_paths(Path
**p
, char **strv
, PathMode mode
) {
55 STRV_FOREACH(i
, strv
) {
57 if (!path_is_absolute(*i
))
68 static int path_compare(const void *a
, const void *b
) {
69 const Path
*p
= a
, *q
= b
;
71 if (path_equal(p
->path
, q
->path
)) {
73 /* If the paths are equal, check the mode */
74 if (p
->mode
< q
->mode
)
77 if (p
->mode
> q
->mode
)
83 /* If the paths are not equal, then order prefixes first */
84 if (path_startswith(p
->path
, q
->path
))
87 if (path_startswith(q
->path
, p
->path
))
93 static void drop_duplicates(Path
*p
, unsigned *n
, bool *need_inaccessible
, bool *need_private
) {
94 Path
*f
, *t
, *previous
;
98 assert(need_inaccessible
);
101 for (f
= p
, t
= p
, previous
= NULL
; f
< p
+*n
; f
++) {
103 if (previous
&& path_equal(f
->path
, previous
->path
))
109 if (t
->mode
== PRIVATE
)
110 *need_private
= true;
112 if (t
->mode
== INACCESSIBLE
)
113 *need_inaccessible
= true;
123 static int apply_mount(Path
*p
, const char *root_dir
, const char *inaccessible_dir
, const char *private_dir
, unsigned long flags
) {
130 assert(inaccessible_dir
);
133 if (!(where
= strappend(root_dir
, p
->path
)))
139 what
= inaccessible_dir
;
156 assert_not_reached("Unknown mode");
159 if ((r
= mount(what
, where
, NULL
, MS_BIND
|MS_REC
, NULL
)) >= 0) {
160 log_debug("Successfully mounted %s to %s", what
, where
);
162 /* The bind mount will always inherit the original
163 * flags. If we want to set any flag we need
164 * to do so in a second independent step. */
166 r
= mount(NULL
, where
, NULL
, MS_REMOUNT
|MS_BIND
|MS_REC
|flags
, NULL
);
168 /* Avoid exponential growth of trees */
169 if (r
>= 0 && path_equal(p
->path
, "/"))
170 r
= mount(NULL
, where
, NULL
, MS_REMOUNT
|MS_BIND
|MS_UNBINDABLE
|flags
, NULL
);
174 umount2(where
, MNT_DETACH
);
187 unsigned long flags
) {
190 tmp_dir
[] = "/tmp/systemd-namespace-XXXXXX",
191 root_dir
[] = "/tmp/systemd-namespace-XXXXXX/root",
192 old_root_dir
[] = "/tmp/systemd-namespace-XXXXXX/root/tmp/old-root-XXXXXX",
193 inaccessible_dir
[] = "/tmp/systemd-namespace-XXXXXX/inaccessible",
194 private_dir
[] = "/tmp/systemd-namespace-XXXXXX/private";
198 bool need_private
= false, need_inaccessible
= false;
199 bool remove_tmp
= false, remove_root
= false, remove_old_root
= false, remove_inaccessible
= false, remove_private
= false;
204 strv_length(writable
) +
205 strv_length(readable
) +
206 strv_length(inaccessible
) +
207 (private_tmp
? 2 : 1);
209 if (!(paths
= new(Path
, n
)))
213 if ((r
= append_paths(&p
, writable
, READWRITE
)) < 0 ||
214 (r
= append_paths(&p
, readable
, READONLY
)) < 0 ||
215 (r
= append_paths(&p
, inaccessible
, INACCESSIBLE
)) < 0)
228 assert(paths
+ n
== p
);
230 qsort(paths
, n
, sizeof(Path
), path_compare
);
231 drop_duplicates(paths
, &n
, &need_inaccessible
, &need_private
);
233 if (!mkdtemp(tmp_dir
)) {
239 memcpy(root_dir
, tmp_dir
, sizeof(tmp_dir
)-1);
240 if (mkdir(root_dir
, 0777) < 0) {
246 if (need_inaccessible
) {
247 memcpy(inaccessible_dir
, tmp_dir
, sizeof(tmp_dir
)-1);
248 if (mkdir(inaccessible_dir
, 0) < 0) {
252 remove_inaccessible
= true;
258 memcpy(private_dir
, tmp_dir
, sizeof(tmp_dir
)-1);
261 if (mkdir(private_dir
, 0777 + S_ISVTX
) < 0) {
269 remove_private
= true;
272 if (unshare(CLONE_NEWNS
) < 0) {
277 /* Remount / as SLAVE so that nothing mounted in the namespace
278 shows up in the parent */
279 if (mount(NULL
, "/", NULL
, MS_SLAVE
|MS_REC
, NULL
) < 0) {
284 for (p
= paths
; p
< paths
+ n
; p
++)
285 if ((r
= apply_mount(p
, root_dir
, inaccessible_dir
, private_dir
, flags
)) < 0)
288 memcpy(old_root_dir
, tmp_dir
, sizeof(tmp_dir
)-1);
289 if (!mkdtemp(old_root_dir
)) {
293 remove_old_root
= true;
295 if (chdir(root_dir
) < 0) {
300 if (pivot_root(root_dir
, old_root_dir
) < 0) {
305 t
= old_root_dir
+ sizeof(root_dir
) - 1;
306 if (umount2(t
, MNT_DETACH
) < 0)
307 /* At this point it's too late to turn anything back,
308 * since we are already in the new root. */
318 for (p
--; p
>= paths
; p
--) {
319 char full_path
[PATH_MAX
];
321 snprintf(full_path
, sizeof(full_path
), "%s%s", root_dir
, p
->path
);
322 char_array_0(full_path
);
324 umount2(full_path
, MNT_DETACH
);
331 if (remove_inaccessible
)
332 rmdir(inaccessible_dir
);