From: Lennart Poettering Date: Mon, 25 Nov 2024 10:32:35 +0000 (+0100) Subject: nspawn: rename pin_fully_visible_fs() → pin_fully_visible_api_fs() X-Git-Tag: v258-rc1~1808^2~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b83358b87f0f6feaffca75f0ebd1d9fd80f34217;p=thirdparty%2Fsystemd.git nspawn: rename pin_fully_visible_fs() → pin_fully_visible_api_fs() This function pins the *API* FS, i.e. /proc/ + /sys/, not just any fs. Hence clarify this in the name. (At least we call these two fs "API (V)FS" in our codebase, hence continue to do so here) --- diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index eda455c8715..af88e82d04a 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -1406,7 +1406,7 @@ done: #define NSPAWN_PRIVATE_FULLY_VISIBLE_PROCFS "/run/host/proc" #define NSPAWN_PRIVATE_FULLY_VISIBLE_SYSFS "/run/host/sys" -int pin_fully_visible_fs(void) { +int pin_fully_visible_api_fs(void) { int r; log_debug("Pinning fully visible API FS"); @@ -1425,7 +1425,7 @@ int pin_fully_visible_fs(void) { return 0; } -static int do_wipe_fully_visible_fs(void) { +static int do_wipe_fully_visible_api_fs(void) { if (umount2(NSPAWN_PRIVATE_FULLY_VISIBLE_PROCFS, MNT_DETACH) < 0) return log_error_errno(errno, "Failed to unmount temporary proc: %m"); @@ -1441,7 +1441,7 @@ static int do_wipe_fully_visible_fs(void) { return 0; } -int wipe_fully_visible_fs(int mntns_fd) { +int wipe_fully_visible_api_fs(int mntns_fd) { _cleanup_close_ int orig_mntns_fd = -EBADF; int r, rr; @@ -1464,7 +1464,7 @@ int wipe_fully_visible_fs(int mntns_fd) { if (r < 0) return log_error_errno(r, "Failed to enter mount namespace: %m"); - rr = do_wipe_fully_visible_fs(); + rr = do_wipe_fully_visible_api_fs(); r = namespace_enter(/* pidns_fd = */ -EBADF, orig_mntns_fd, diff --git a/src/nspawn/nspawn-mount.h b/src/nspawn/nspawn-mount.h index 5f66bc7328d..53aa993d6a2 100644 --- a/src/nspawn/nspawn-mount.h +++ b/src/nspawn/nspawn-mount.h @@ -73,5 +73,6 @@ int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s int setup_pivot_root(const char *directory, const char *pivot_root_new, const char *pivot_root_old); int tmpfs_patch_options(const char *options,uid_t uid_shift, const char *selinux_apifs_context, char **ret); -int pin_fully_visible_fs(void); -int wipe_fully_visible_fs(int mntns_fd); + +int pin_fully_visible_api_fs(void); +int wipe_fully_visible_api_fs(int mntns_fd); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 74e9fa04bd5..8a07000fce3 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -4357,7 +4357,7 @@ static int outer_child( * Note, the inner child wouldn't be able to unmount the instances on its own since * it doesn't own the originating mount namespace. IOW, the outer child needs to do * this. */ - r = pin_fully_visible_fs(); + r = pin_fully_visible_api_fs(); if (r < 0) return r; } @@ -5625,7 +5625,7 @@ static int run_container( return log_error_errno(SYNTHETIC_ERRNO(ESRCH), "Child died too early."); if (arg_userns_mode != USER_NAMESPACE_NO) { - r = wipe_fully_visible_fs(mntns_fd); + r = wipe_fully_visible_api_fs(mntns_fd); if (r < 0) return r; mntns_fd = safe_close(mntns_fd);