[thirdparty/systemd.git] / src / mount-setup.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <sys/mount.h>
#include <errno.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <string.h>
#include <libgen.h>
#include <assert.h>
#include <unistd.h>
#include <ftw.h>

#include "mount-setup.h"
#include "log.h"
#include "macro.h"
#include "util.h"
#include "label.h"

#ifndef TTY_GID
#define TTY_GID 5
#endif

typedef struct MountPoint {
        const char *what;
        const char *where;
        const char *type;
        const char *options;
        unsigned long flags;
        bool fatal;
} MountPoint;

static const MountPoint mount_table[] = {
        { "proc",     "/proc",                  "proc",     NULL,                MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
        { "sysfs",    "/sys",                   "sysfs",    NULL,                MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
        { "devtmpfs", "/dev",                   "devtmpfs", "mode=755",          MS_NOSUID,                    true },
        { "tmpfs",    "/dev/shm",               "tmpfs",    "mode=1777",         MS_NOSUID|MS_NODEV,           true },
        { "devpts",   "/dev/pts",               "devpts",   "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false },
        { "tmpfs",    "/dev/.run",              "tmpfs",    "mode=755",          MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
        { "tmpfs",    "/sys/fs/cgroup",         "tmpfs",    "mode=755",          MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
        { "cgroup",   "/sys/fs/cgroup/systemd", "cgroup",   "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
};

/* These are API file systems that might be mounted by other software,
 * we just list them here so that we know that we should ignore them */

static const char * const ignore_paths[] = {
        "/selinux",
        "/proc/bus/usb",
        "/var/lib/nfs/rpc_pipefs",
        "/proc/fs/nfsd"
};

bool mount_point_is_api(const char *path) {
        unsigned i;

        /* Checks if this mount point is considered "API", and hence
         * should be ignored */

        for (i = 0; i < ELEMENTSOF(mount_table); i ++)
                if (path_equal(path, mount_table[i].where))
                        return true;

        return path_startswith(path, "/sys/fs/cgroup/");
}

bool mount_point_ignore(const char *path) {
        unsigned i;

        for (i = 0; i < ELEMENTSOF(ignore_paths); i++)
                if (path_equal(path, ignore_paths[i]))
                        return true;

        return false;
}

static int mount_one(const MountPoint *p) {
        int r;

        assert(p);

        if ((r = path_is_mount_point(p->where)) < 0)
                return r;

        if (r > 0)
                return 0;

        /* The access mode here doesn't really matter too much, since
         * the mounted file system will take precedence anyway. */
        mkdir_p(p->where, 0755);

        log_debug("Mounting %s to %s of type %s with options %s.",
                  p->what,
                  p->where,
                  p->type,
                  strna(p->options));

        if (mount(p->what,
                  p->where,
                  p->type,
                  p->flags,
                  p->options) < 0) {
                log_error("Failed to mount %s: %s", p->where, strerror(errno));
                return p->fatal ? -errno : 0;
        }

        label_fix(p->where, false);

        return 0;
}

static int mount_cgroup_controllers(void) {
        int r;
        FILE *f;
        char buf [256];

        /* Mount all available cgroup controllers that are built into the kernel. */

        if (!(f = fopen("/proc/cgroups", "re")))
                return -ENOENT;

        /* Ignore the header line */
        (void) fgets(buf, sizeof(buf), f);

        for (;;) {
                MountPoint p;
                char *controller, *where;
                int enabled = false;

                if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) {

                        if (feof(f))
                                break;

                        log_error("Failed to parse /proc/cgroups.");
                        r = -EIO;
                        goto finish;
                }

                if (!enabled) {
                        free(controller);
                        continue;
                }

                if (asprintf(&where, "/sys/fs/cgroup/%s", controller) < 0) {
                        free(controller);
                        r = -ENOMEM;
                        goto finish;
                }

                zero(p);
                p.what = "cgroup";
                p.where = where;
                p.type = "cgroup";
                p.options = controller;
                p.flags = MS_NOSUID|MS_NOEXEC|MS_NODEV;
                p.fatal = false;

                r = mount_one(&p);
                free(controller);
                free(where);

                if (r < 0)
                        goto finish;
        }

        r = 0;

finish:
        fclose(f);

        return r;
}

static int symlink_and_label(const char *old_path, const char *new_path) {
        int r;

        assert(old_path);
        assert(new_path);

        if ((r = label_symlinkfile_set(new_path)) < 0)
                return r;

        if (symlink(old_path, new_path) < 0)
                r = -errno;

        label_file_clear();

        return r;
}

static int nftw_cb(
                const char *fpath,
                const struct stat *sb,
                int tflag,
                struct FTW *ftwbuf) {

        /* No need to label /dev twice in a row... */
        if (ftwbuf->level == 0)
                return 0;

        label_fix(fpath, true);
        return 0;
};

int mount_setup(void) {

        const char symlinks[] =
                "/proc/kcore\0"      "/dev/core\0"
                "/proc/self/fd\0"    "/dev/fd\0"
                "/proc/self/fd/0\0"  "/dev/stdin\0"
                "/proc/self/fd/1\0"  "/dev/stdout\0"
                "/proc/self/fd/2\0"  "/dev/stderr\0";

        int r;
        unsigned i;
        const char *j, *k;

        for (i = 0; i < ELEMENTSOF(mount_table); i ++)
                if ((r = mount_one(mount_table+i)) < 0)
                        return r;

        /* Nodes in devtmpfs need to be manually updated for the
         * appropriate labels, after mounting. The other virtual API
         * file systems do not need. */

        if (unlink("/dev/.systemd/relabel-devtmpfs") >= 0)
                nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS);

        /* Create a few default symlinks, which are normally created
         * bei udevd, but some scripts might need them before we start
         * udevd. */

        NULSTR_FOREACH_PAIR(j, k, symlinks)
                symlink_and_label(j, k);

        return mount_cgroup_controllers();
}
Commit	Line	Data
d6c9574f	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
8e274523 LP	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU General Public License as published by
	10	the Free Software Foundation; either version 2 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	General Public License for more details.
	17
	18	You should have received a copy of the GNU General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <sys/mount.h>
	23	#include <errno.h>
	24	#include <sys/stat.h>
	25	#include <stdlib.h>
	26	#include <string.h>
	27	#include <libgen.h>
	28	#include <assert.h>
5c0532d1	29	#include <unistd.h>
1829dc9d	30	#include <ftw.h>
8e274523 LP	31
	32	#include "mount-setup.h"
	33	#include "log.h"
c9af1080 LP	34	#include "macro.h"
c9af1080 LP	35	#include "util.h"
5275d3c1	36	#include "label.h"
8e274523	37
bef2733f LP	38	#ifndef TTY_GID
	39	#define TTY_GID 5
	40	#endif
	41
ca714c0e LP	42	typedef struct MountPoint {
	43	const char *what;
	44	const char *where;
	45	const char *type;
	46	const char *options;
	47	unsigned long flags;
2076ca54	48	bool fatal;
ca714c0e LP	49	} MountPoint;
	50
	51	static const MountPoint mount_table[] = {
77d5f105 LP	52	{ "proc", "/proc", "proc", NULL, MS_NOSUID\|MS_NOEXEC\|MS_NODEV, true },
	53	{ "sysfs", "/sys", "sysfs", NULL, MS_NOSUID\|MS_NOEXEC\|MS_NODEV, true },
	54	{ "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID, true },
501c875b	55	{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID\|MS_NODEV, true },
bef2733f	56	{ "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID\|MS_NOEXEC, false },
cc5524ec	57	{ "tmpfs", "/dev/.run", "tmpfs", "mode=755", MS_NOSUID\|MS_NOEXEC\|MS_NODEV, true },
77d5f105 LP	58	{ "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID\|MS_NOEXEC\|MS_NODEV, true },
77d5f105 LP	59	{ "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID\|MS_NOEXEC\|MS_NODEV, true },
8e274523 LP	60	};
8e274523 LP	61
949c6510	62	/* These are API file systems that might be mounted by other software,
46ff0ed7	63	* we just list them here so that we know that we should ignore them */
949c6510 LP	64
	65	static const char * const ignore_paths[] = {
	66	"/selinux",
	67	"/proc/bus/usb",
	68	"/var/lib/nfs/rpc_pipefs",
	69	"/proc/fs/nfsd"
	70	};
	71
dad08730 LP	72	bool mount_point_is_api(const char *path) {
	73	unsigned i;
	74
	75	/* Checks if this mount point is considered "API", and hence
	76	* should be ignored */
	77
ca714c0e	78	for (i = 0; i < ELEMENTSOF(mount_table); i ++)
449ddb2d	79	if (path_equal(path, mount_table[i].where))
dad08730 LP	80	return true;
dad08730 LP	81
57f2a956 KS	82	return path_startswith(path, "/sys/fs/cgroup/");
	83	}
	84
	85	bool mount_point_ignore(const char *path) {
46ff0ed7	86	unsigned i;
57f2a956	87
949c6510	88	for (i = 0; i < ELEMENTSOF(ignore_paths); i++)
449ddb2d	89	if (path_equal(path, ignore_paths[i]))
949c6510 LP	90	return true;
949c6510 LP	91
57f2a956	92	return false;
dad08730 LP	93	}
dad08730 LP	94
ca714c0e	95	static int mount_one(const MountPoint *p) {
8e274523 LP	96	int r;
8e274523 LP	97
ca714c0e	98	assert(p);
8e274523	99
8d567588	100	if ((r = path_is_mount_point(p->where)) < 0)
8e274523 LP	101	return r;
	102
	103	if (r > 0)
	104	return 0;
	105
a04f58d6 LP	106	/* The access mode here doesn't really matter too much, since
a04f58d6 LP	107	* the mounted file system will take precedence anyway. */
ca714c0e	108	mkdir_p(p->where, 0755);
a04f58d6	109
8e274523	110	log_debug("Mounting %s to %s of type %s with options %s.",
ca714c0e LP	111	p->what,
	112	p->where,
	113	p->type,
	114	strna(p->options));
	115
	116	if (mount(p->what,
	117	p->where,
	118	p->type,
	119	p->flags,
	120	p->options) < 0) {
	121	log_error("Failed to mount %s: %s", p->where, strerror(errno));
2076ca54	122	return p->fatal ? -errno : 0;
8e274523 LP	123	}
8e274523 LP	124
c904f64d	125	label_fix(p->where, false);
5275d3c1	126
8e274523 LP	127	return 0;
	128	}
	129
2076ca54 LP	130	static int mount_cgroup_controllers(void) {
	131	int r;
	132	FILE *f;
	133	char buf [256];
	134
670802d4	135	/* Mount all available cgroup controllers that are built into the kernel. */
2076ca54 LP	136
	137	if (!(f = fopen("/proc/cgroups", "re")))
	138	return -ENOENT;
	139
	140	/* Ignore the header line */
bab45044	141	(void) fgets(buf, sizeof(buf), f);
2076ca54 LP	142
	143	for (;;) {
	144	MountPoint p;
	145	char controller, where;
600a328f	146	int enabled = false;
2076ca54	147
16f6682d	148	if (fscanf(f, "%ms %i %i %i", &controller, &enabled) != 2) {
2076ca54 LP	149
	150	if (feof(f))
	151	break;
	152
	153	log_error("Failed to parse /proc/cgroups.");
	154	r = -EIO;
	155	goto finish;
	156	}
	157
600a328f LP	158	if (!enabled) {
	159	free(controller);
	160	continue;
	161	}
	162
77d5f105	163	if (asprintf(&where, "/sys/fs/cgroup/%s", controller) < 0) {
2076ca54 LP	164	free(controller);
	165	r = -ENOMEM;
	166	goto finish;
	167	}
	168
	169	zero(p);
	170	p.what = "cgroup";
	171	p.where = where;
	172	p.type = "cgroup";
	173	p.options = controller;
	174	p.flags = MS_NOSUID\|MS_NOEXEC\|MS_NODEV;
	175	p.fatal = false;
	176
	177	r = mount_one(&p);
	178	free(controller);
	179	free(where);
	180
	181	if (r < 0)
	182	goto finish;
	183	}
	184
	185	r = 0;
	186
	187	finish:
	188	fclose(f);
	189
	190	return r;
	191	}
	192
5c0532d1 LP	193	static int symlink_and_label(const char old_path, const char new_path) {
	194	int r;
	195
	196	assert(old_path);
	197	assert(new_path);
	198
	199	if ((r = label_symlinkfile_set(new_path)) < 0)
	200	return r;
	201
	202	if (symlink(old_path, new_path) < 0)
	203	r = -errno;
	204
	205	label_file_clear();
	206
	207	return r;
	208	}
	209
1829dc9d LP	210	static int nftw_cb(
	211	const char *fpath,
	212	const struct stat *sb,
	213	int tflag,
	214	struct FTW *ftwbuf) {
	215
9fe117ea LP	216	/* No need to label /dev twice in a row... */
	217	if (ftwbuf->level == 0)
	218	return 0;
	219
c904f64d	220	label_fix(fpath, true);
1829dc9d LP	221	return 0;
	222	};
	223
8e274523	224	int mount_setup(void) {
5c0532d1	225
40f9afa7	226	const char symlinks[] =
5c0532d1 LP	227	"/proc/kcore\0" "/dev/core\0"
	228	"/proc/self/fd\0" "/dev/fd\0"
	229	"/proc/self/fd/0\0" "/dev/stdin\0"
	230	"/proc/self/fd/1\0" "/dev/stdout\0"
34df5a34	231	"/proc/self/fd/2\0" "/dev/stderr\0";
5c0532d1	232
8e274523	233	int r;
dad08730	234	unsigned i;
5c0532d1	235	const char j, k;
8e274523	236
ca714c0e LP	237	for (i = 0; i < ELEMENTSOF(mount_table); i ++)
ca714c0e LP	238	if ((r = mount_one(mount_table+i)) < 0)
8e274523 LP	239	return r;
8e274523 LP	240
1829dc9d LP	241	/* Nodes in devtmpfs need to be manually updated for the
	242	* appropriate labels, after mounting. The other virtual API
	243	* file systems do not need. */
	244
	245	if (unlink("/dev/.systemd/relabel-devtmpfs") >= 0)
	246	nftw("/dev", nftw_cb, 64, FTW_MOUNT\|FTW_PHYS);
	247
5c0532d1 LP	248	/* Create a few default symlinks, which are normally created
	249	* bei udevd, but some scripts might need them before we start
	250	* udevd. */
	251
	252	NULSTR_FOREACH_PAIR(j, k, symlinks)
	253	symlink_and_label(j, k);
	254
2076ca54	255	return mount_cgroup_controllers();
8e274523	256	}