This function pins the *API* FS, i.e. /proc/ + /sys/, not just any fs.
Hence clarify this in the name.
(At least we call these two fs "API (V)FS" in our codebase, hence
continue to do so here)
#define NSPAWN_PRIVATE_FULLY_VISIBLE_PROCFS "/run/host/proc"
#define NSPAWN_PRIVATE_FULLY_VISIBLE_SYSFS "/run/host/sys"
-int pin_fully_visible_fs(void) {
+int pin_fully_visible_api_fs(void) {
int r;
log_debug("Pinning fully visible API FS");
return 0;
}
-static int do_wipe_fully_visible_fs(void) {
+static int do_wipe_fully_visible_api_fs(void) {
if (umount2(NSPAWN_PRIVATE_FULLY_VISIBLE_PROCFS, MNT_DETACH) < 0)
return log_error_errno(errno, "Failed to unmount temporary proc: %m");
return 0;
}
-int wipe_fully_visible_fs(int mntns_fd) {
+int wipe_fully_visible_api_fs(int mntns_fd) {
_cleanup_close_ int orig_mntns_fd = -EBADF;
int r, rr;
if (r < 0)
return log_error_errno(r, "Failed to enter mount namespace: %m");
- rr = do_wipe_fully_visible_fs();
+ rr = do_wipe_fully_visible_api_fs();
r = namespace_enter(/* pidns_fd = */ -EBADF,
orig_mntns_fd,
int setup_pivot_root(const char *directory, const char *pivot_root_new, const char *pivot_root_old);
int tmpfs_patch_options(const char *options,uid_t uid_shift, const char *selinux_apifs_context, char **ret);
-int pin_fully_visible_fs(void);
-int wipe_fully_visible_fs(int mntns_fd);
+
+int pin_fully_visible_api_fs(void);
+int wipe_fully_visible_api_fs(int mntns_fd);
* Note, the inner child wouldn't be able to unmount the instances on its own since
* it doesn't own the originating mount namespace. IOW, the outer child needs to do
* this. */
- r = pin_fully_visible_fs();
+ r = pin_fully_visible_api_fs();
if (r < 0)
return r;
}
return log_error_errno(SYNTHETIC_ERRNO(ESRCH), "Child died too early.");
if (arg_userns_mode != USER_NAMESPACE_NO) {
- r = wipe_fully_visible_fs(mntns_fd);
+ r = wipe_fully_visible_api_fs(mntns_fd);
if (r < 0)
return r;
mntns_fd = safe_close(mntns_fd);
projects / thirdparty / systemd.git / commitdiff
