]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
e83bebef LP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2015 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
4f5dd394 | 21 | #include <sys/mount.h> |
07630cea | 22 | #include <linux/magic.h> |
e83bebef | 23 | |
b5efdb8a | 24 | #include "alloc-util.h" |
4f5dd394 | 25 | #include "escape.h" |
0996ef00 CB |
26 | #include "fd-util.h" |
27 | #include "fileio.h" | |
f4f15635 | 28 | #include "fs-util.h" |
e83bebef | 29 | #include "label.h" |
4f5dd394 | 30 | #include "mkdir.h" |
4349cd7c | 31 | #include "mount-util.h" |
6bedfcbb LP |
32 | #include "nspawn-mount.h" |
33 | #include "parse-util.h" | |
4f5dd394 LP |
34 | #include "path-util.h" |
35 | #include "rm-rf.h" | |
e83bebef | 36 | #include "set.h" |
8fcde012 | 37 | #include "stat-util.h" |
07630cea | 38 | #include "string-util.h" |
4f5dd394 | 39 | #include "strv.h" |
ee104e11 | 40 | #include "user-util.h" |
4f5dd394 | 41 | #include "util.h" |
e83bebef LP |
42 | |
43 | CustomMount* custom_mount_add(CustomMount **l, unsigned *n, CustomMountType t) { | |
44 | CustomMount *c, *ret; | |
45 | ||
46 | assert(l); | |
47 | assert(n); | |
48 | assert(t >= 0); | |
49 | assert(t < _CUSTOM_MOUNT_TYPE_MAX); | |
50 | ||
56391931 | 51 | c = realloc_multiply(*l, (*n + 1), sizeof(CustomMount)); |
e83bebef LP |
52 | if (!c) |
53 | return NULL; | |
54 | ||
55 | *l = c; | |
56 | ret = *l + *n; | |
57 | (*n)++; | |
58 | ||
59 | *ret = (CustomMount) { .type = t }; | |
60 | ||
61 | return ret; | |
62 | } | |
63 | ||
64 | void custom_mount_free_all(CustomMount *l, unsigned n) { | |
65 | unsigned i; | |
66 | ||
67 | for (i = 0; i < n; i++) { | |
68 | CustomMount *m = l + i; | |
69 | ||
70 | free(m->source); | |
71 | free(m->destination); | |
72 | free(m->options); | |
73 | ||
74 | if (m->work_dir) { | |
75 | (void) rm_rf(m->work_dir, REMOVE_ROOT|REMOVE_PHYSICAL); | |
76 | free(m->work_dir); | |
77 | } | |
78 | ||
c7a4890c LP |
79 | if (m->rm_rf_tmpdir) { |
80 | (void) rm_rf(m->rm_rf_tmpdir, REMOVE_ROOT|REMOVE_PHYSICAL); | |
81 | free(m->rm_rf_tmpdir); | |
82 | } | |
83 | ||
e83bebef LP |
84 | strv_free(m->lower); |
85 | } | |
86 | ||
87 | free(l); | |
88 | } | |
89 | ||
86c0dd4a | 90 | static int custom_mount_compare(const void *a, const void *b) { |
e83bebef LP |
91 | const CustomMount *x = a, *y = b; |
92 | int r; | |
93 | ||
94 | r = path_compare(x->destination, y->destination); | |
95 | if (r != 0) | |
96 | return r; | |
97 | ||
98 | if (x->type < y->type) | |
99 | return -1; | |
100 | if (x->type > y->type) | |
101 | return 1; | |
102 | ||
103 | return 0; | |
104 | } | |
105 | ||
86c0dd4a LP |
106 | static bool source_path_is_valid(const char *p) { |
107 | assert(p); | |
108 | ||
109 | if (*p == '+') | |
110 | p++; | |
111 | ||
112 | return path_is_absolute(p); | |
113 | } | |
114 | ||
115 | static char *resolve_source_path(const char *dest, const char *source) { | |
116 | ||
117 | if (!source) | |
118 | return NULL; | |
119 | ||
120 | if (source[0] == '+') | |
121 | return prefix_root(dest, source + 1); | |
122 | ||
123 | return strdup(source); | |
124 | } | |
125 | ||
126 | int custom_mount_prepare_all(const char *dest, CustomMount *l, unsigned n) { | |
127 | unsigned i; | |
128 | int r; | |
129 | ||
130 | /* Prepare all custom mounts. This will make source we know all temporary directories. This is called in the | |
131 | * parent process, so that we know the temporary directories to remove on exit before we fork off the | |
132 | * children. */ | |
133 | ||
134 | assert(l || n == 0); | |
135 | ||
136 | /* Order the custom mounts, and make sure we have a working directory */ | |
137 | qsort_safe(l, n, sizeof(CustomMount), custom_mount_compare); | |
138 | ||
139 | for (i = 0; i < n; i++) { | |
140 | CustomMount *m = l + i; | |
141 | ||
142 | if (m->source) { | |
143 | char *s; | |
144 | ||
145 | s = resolve_source_path(dest, m->source); | |
146 | if (!s) | |
147 | return log_oom(); | |
148 | ||
149 | free(m->source); | |
150 | m->source = s; | |
c7a4890c LP |
151 | } else { |
152 | /* No source specified? In that case, use a throw-away temporary directory in /var/tmp */ | |
153 | ||
154 | m->rm_rf_tmpdir = strdup("/var/tmp/nspawn-temp-XXXXXX"); | |
155 | if (!m->rm_rf_tmpdir) | |
156 | return log_oom(); | |
157 | ||
158 | if (!mkdtemp(m->rm_rf_tmpdir)) { | |
159 | m->rm_rf_tmpdir = mfree(m->rm_rf_tmpdir); | |
160 | return log_error_errno(errno, "Failed to acquire temporary directory: %m"); | |
161 | } | |
162 | ||
163 | m->source = strjoin(m->rm_rf_tmpdir, "/src"); | |
164 | if (!m->source) | |
165 | return log_oom(); | |
166 | ||
167 | if (mkdir(m->source, 0755) < 0) | |
168 | return log_error_errno(errno, "Failed to create %s: %m", m->source); | |
86c0dd4a LP |
169 | } |
170 | ||
171 | if (m->type == CUSTOM_MOUNT_OVERLAY) { | |
172 | char **j; | |
173 | ||
174 | STRV_FOREACH(j, m->lower) { | |
175 | char *s; | |
176 | ||
177 | s = resolve_source_path(dest, *j); | |
178 | if (!s) | |
179 | return log_oom(); | |
180 | ||
181 | free(*j); | |
182 | *j = s; | |
183 | } | |
184 | ||
185 | if (m->work_dir) { | |
186 | char *s; | |
187 | ||
188 | s = resolve_source_path(dest, m->work_dir); | |
189 | if (!s) | |
190 | return log_oom(); | |
191 | ||
192 | free(m->work_dir); | |
193 | m->work_dir = s; | |
194 | } else { | |
195 | assert(m->source); | |
196 | ||
197 | r = tempfn_random(m->source, NULL, &m->work_dir); | |
198 | if (r < 0) | |
199 | return log_error_errno(r, "Failed to acquire working directory: %m"); | |
200 | } | |
201 | ||
202 | (void) mkdir_label(m->work_dir, 0700); | |
203 | } | |
204 | } | |
205 | ||
206 | return 0; | |
207 | } | |
208 | ||
e83bebef LP |
209 | int bind_mount_parse(CustomMount **l, unsigned *n, const char *s, bool read_only) { |
210 | _cleanup_free_ char *source = NULL, *destination = NULL, *opts = NULL; | |
211 | const char *p = s; | |
212 | CustomMount *m; | |
213 | int r; | |
214 | ||
215 | assert(l); | |
216 | assert(n); | |
217 | ||
218 | r = extract_many_words(&p, ":", EXTRACT_DONT_COALESCE_SEPARATORS, &source, &destination, NULL); | |
219 | if (r < 0) | |
220 | return r; | |
221 | if (r == 0) | |
222 | return -EINVAL; | |
e83bebef | 223 | if (r == 1) { |
86c0dd4a | 224 | destination = strdup(source[0] == '+' ? source+1 : source); |
e83bebef LP |
225 | if (!destination) |
226 | return -ENOMEM; | |
227 | } | |
e83bebef LP |
228 | if (r == 2 && !isempty(p)) { |
229 | opts = strdup(p); | |
230 | if (!opts) | |
231 | return -ENOMEM; | |
232 | } | |
233 | ||
c7a4890c LP |
234 | if (isempty(source)) |
235 | source = NULL; | |
236 | else if (!source_path_is_valid(source)) | |
e83bebef | 237 | return -EINVAL; |
c7a4890c | 238 | |
e83bebef LP |
239 | if (!path_is_absolute(destination)) |
240 | return -EINVAL; | |
241 | ||
242 | m = custom_mount_add(l, n, CUSTOM_MOUNT_BIND); | |
243 | if (!m) | |
48cbe5f8 | 244 | return -ENOMEM; |
e83bebef LP |
245 | |
246 | m->source = source; | |
247 | m->destination = destination; | |
248 | m->read_only = read_only; | |
249 | m->options = opts; | |
250 | ||
251 | source = destination = opts = NULL; | |
252 | return 0; | |
253 | } | |
254 | ||
255 | int tmpfs_mount_parse(CustomMount **l, unsigned *n, const char *s) { | |
256 | _cleanup_free_ char *path = NULL, *opts = NULL; | |
257 | const char *p = s; | |
258 | CustomMount *m; | |
259 | int r; | |
260 | ||
261 | assert(l); | |
262 | assert(n); | |
263 | assert(s); | |
264 | ||
265 | r = extract_first_word(&p, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS); | |
266 | if (r < 0) | |
267 | return r; | |
268 | if (r == 0) | |
269 | return -EINVAL; | |
270 | ||
271 | if (isempty(p)) | |
272 | opts = strdup("mode=0755"); | |
273 | else | |
274 | opts = strdup(p); | |
275 | if (!opts) | |
276 | return -ENOMEM; | |
277 | ||
278 | if (!path_is_absolute(path)) | |
279 | return -EINVAL; | |
280 | ||
281 | m = custom_mount_add(l, n, CUSTOM_MOUNT_TMPFS); | |
282 | if (!m) | |
283 | return -ENOMEM; | |
284 | ||
285 | m->destination = path; | |
286 | m->options = opts; | |
287 | ||
288 | path = opts = NULL; | |
289 | return 0; | |
290 | } | |
291 | ||
ad85779a LP |
292 | int overlay_mount_parse(CustomMount **l, unsigned *n, const char *s, bool read_only) { |
293 | _cleanup_free_ char *upper = NULL, *destination = NULL; | |
294 | _cleanup_strv_free_ char **lower = NULL; | |
295 | CustomMount *m; | |
86c0dd4a | 296 | int k; |
ad85779a | 297 | |
86c0dd4a LP |
298 | k = strv_split_extract(&lower, s, ":", EXTRACT_DONT_COALESCE_SEPARATORS); |
299 | if (k < 0) | |
300 | return k; | |
ad85779a LP |
301 | if (k < 2) |
302 | return -EADDRNOTAVAIL; | |
303 | if (k == 2) { | |
86c0dd4a LP |
304 | /* If two parameters are specified, the first one is the lower, the second one the upper directory. And |
305 | * we'll also define the destination mount point the same as the upper. */ | |
306 | ||
307 | if (!source_path_is_valid(lower[0]) || | |
308 | !source_path_is_valid(lower[1])) | |
309 | return -EINVAL; | |
310 | ||
ad85779a LP |
311 | upper = lower[1]; |
312 | lower[1] = NULL; | |
313 | ||
86c0dd4a | 314 | destination = strdup(upper[0] == '+' ? upper+1 : upper); /* take the destination without "+" prefix */ |
ad85779a LP |
315 | if (!destination) |
316 | return -ENOMEM; | |
ad85779a | 317 | } else { |
c7a4890c | 318 | char **i; |
86c0dd4a LP |
319 | |
320 | /* If more than two parameters are specified, the last one is the destination, the second to last one | |
321 | * the "upper", and all before that the "lower" directories. */ | |
322 | ||
ad85779a | 323 | destination = lower[k - 1]; |
86c0dd4a | 324 | upper = lower[k - 2]; |
ad85779a | 325 | lower[k - 2] = NULL; |
86c0dd4a | 326 | |
c7a4890c LP |
327 | STRV_FOREACH(i, lower) |
328 | if (!source_path_is_valid(*i)) | |
329 | return -EINVAL; | |
330 | ||
331 | /* If the upper directory is unspecified, then let's create it automatically as a throw-away directory | |
332 | * in /var/tmp */ | |
333 | if (isempty(upper)) | |
334 | upper = NULL; | |
335 | else if (!source_path_is_valid(upper)) | |
336 | return -EINVAL; | |
337 | ||
86c0dd4a LP |
338 | if (!path_is_absolute(destination)) |
339 | return -EINVAL; | |
ad85779a LP |
340 | } |
341 | ||
342 | m = custom_mount_add(l, n, CUSTOM_MOUNT_OVERLAY); | |
343 | if (!m) | |
344 | return -ENOMEM; | |
345 | ||
346 | m->destination = destination; | |
347 | m->source = upper; | |
348 | m->lower = lower; | |
349 | m->read_only = read_only; | |
350 | ||
351 | upper = destination = NULL; | |
352 | lower = NULL; | |
353 | ||
354 | return 0; | |
355 | } | |
356 | ||
e83bebef LP |
357 | static int tmpfs_patch_options( |
358 | const char *options, | |
0996ef00 CB |
359 | bool userns, |
360 | uid_t uid_shift, uid_t uid_range, | |
361 | bool patch_ids, | |
e83bebef LP |
362 | const char *selinux_apifs_context, |
363 | char **ret) { | |
364 | ||
365 | char *buf = NULL; | |
366 | ||
0996ef00 | 367 | if ((userns && uid_shift != 0) || patch_ids) { |
e83bebef LP |
368 | assert(uid_shift != UID_INVALID); |
369 | ||
9aa2169e ZJS |
370 | if (asprintf(&buf, "%s%suid=" UID_FMT ",gid=" UID_FMT, |
371 | options ?: "", options ? "," : "", | |
372 | uid_shift, uid_shift) < 0) | |
e83bebef LP |
373 | return -ENOMEM; |
374 | ||
375 | options = buf; | |
376 | } | |
377 | ||
349cc4a5 | 378 | #if HAVE_SELINUX |
e83bebef LP |
379 | if (selinux_apifs_context) { |
380 | char *t; | |
381 | ||
9aa2169e ZJS |
382 | t = strjoin(options ?: "", options ? "," : "", |
383 | "context=\"", selinux_apifs_context, "\""); | |
384 | free(buf); | |
385 | if (!t) | |
e83bebef | 386 | return -ENOMEM; |
e83bebef | 387 | |
e83bebef LP |
388 | buf = t; |
389 | } | |
390 | #endif | |
391 | ||
0996ef00 CB |
392 | if (!buf && options) { |
393 | buf = strdup(options); | |
394 | if (!buf) | |
395 | return -ENOMEM; | |
396 | } | |
e83bebef | 397 | *ret = buf; |
0996ef00 | 398 | |
e83bebef LP |
399 | return !!buf; |
400 | } | |
401 | ||
4f086aab | 402 | int mount_sysfs(const char *dest, MountSettingsMask mount_settings) { |
d8fc6a00 | 403 | const char *full, *top, *x; |
d1678248 | 404 | int r; |
4f086aab | 405 | unsigned long extra_flags = 0; |
d8fc6a00 LP |
406 | |
407 | top = prefix_roota(dest, "/sys"); | |
d1678248 ILG |
408 | r = path_check_fstype(top, SYSFS_MAGIC); |
409 | if (r < 0) | |
410 | return log_error_errno(r, "Failed to determine filesystem type of %s: %m", top); | |
411 | /* /sys might already be mounted as sysfs by the outer child in the | |
412 | * !netns case. In this case, it's all good. Don't touch it because we | |
413 | * don't have the right to do so, see https://github.com/systemd/systemd/issues/1555. | |
414 | */ | |
415 | if (r > 0) | |
416 | return 0; | |
417 | ||
d8fc6a00 LP |
418 | full = prefix_roota(top, "/full"); |
419 | ||
420 | (void) mkdir(full, 0755); | |
421 | ||
4f086aab SU |
422 | if (mount_settings & MOUNT_APPLY_APIVFS_RO) |
423 | extra_flags |= MS_RDONLY; | |
424 | ||
60e76d48 | 425 | r = mount_verbose(LOG_ERR, "sysfs", full, "sysfs", |
4f086aab | 426 | MS_NOSUID|MS_NOEXEC|MS_NODEV|extra_flags, NULL); |
60e76d48 ZJS |
427 | if (r < 0) |
428 | return r; | |
d8fc6a00 LP |
429 | |
430 | FOREACH_STRING(x, "block", "bus", "class", "dev", "devices", "kernel") { | |
431 | _cleanup_free_ char *from = NULL, *to = NULL; | |
432 | ||
433 | from = prefix_root(full, x); | |
434 | if (!from) | |
435 | return log_oom(); | |
436 | ||
437 | to = prefix_root(top, x); | |
438 | if (!to) | |
439 | return log_oom(); | |
440 | ||
441 | (void) mkdir(to, 0755); | |
442 | ||
60e76d48 ZJS |
443 | r = mount_verbose(LOG_ERR, from, to, NULL, MS_BIND, NULL); |
444 | if (r < 0) | |
445 | return r; | |
d8fc6a00 | 446 | |
60e76d48 | 447 | r = mount_verbose(LOG_ERR, NULL, to, NULL, |
4f086aab | 448 | MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT|extra_flags, NULL); |
60e76d48 ZJS |
449 | if (r < 0) |
450 | return r; | |
d8fc6a00 LP |
451 | } |
452 | ||
60e76d48 ZJS |
453 | r = umount_verbose(full); |
454 | if (r < 0) | |
455 | return r; | |
d8fc6a00 LP |
456 | |
457 | if (rmdir(full) < 0) | |
458 | return log_error_errno(errno, "Failed to remove %s: %m", full); | |
459 | ||
0996ef00 CB |
460 | /* Create mountpoint for cgroups. Otherwise we are not allowed since we |
461 | * remount /sys read-only. | |
462 | */ | |
463 | if (cg_ns_supported()) { | |
464 | x = prefix_roota(top, "/fs/cgroup"); | |
465 | (void) mkdir_p(x, 0755); | |
466 | } | |
d8fc6a00 | 467 | |
60e76d48 | 468 | return mount_verbose(LOG_ERR, NULL, top, NULL, |
4f086aab | 469 | MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT|extra_flags, NULL); |
d8fc6a00 LP |
470 | } |
471 | ||
acbbf69b | 472 | static int mkdir_userns(const char *path, mode_t mode, MountSettingsMask mask, uid_t uid_shift) { |
63eae723 EV |
473 | int r; |
474 | ||
475 | assert(path); | |
476 | ||
477 | r = mkdir(path, mode); | |
478 | if (r < 0 && errno != EEXIST) | |
479 | return -errno; | |
480 | ||
acbbf69b LP |
481 | if ((mask & MOUNT_USE_USERNS) == 0) |
482 | return 0; | |
483 | ||
484 | if (mask & MOUNT_IN_USERNS) | |
485 | return 0; | |
486 | ||
487 | r = lchown(path, uid_shift, uid_shift); | |
488 | if (r < 0) | |
489 | return -errno; | |
63eae723 EV |
490 | |
491 | return 0; | |
492 | } | |
493 | ||
acbbf69b | 494 | static int mkdir_userns_p(const char *prefix, const char *path, mode_t mode, MountSettingsMask mask, uid_t uid_shift) { |
63eae723 EV |
495 | const char *p, *e; |
496 | int r; | |
497 | ||
498 | assert(path); | |
499 | ||
500 | if (prefix && !path_startswith(path, prefix)) | |
501 | return -ENOTDIR; | |
502 | ||
503 | /* create every parent directory in the path, except the last component */ | |
504 | p = path + strspn(path, "/"); | |
505 | for (;;) { | |
506 | char t[strlen(path) + 1]; | |
507 | ||
508 | e = p + strcspn(p, "/"); | |
509 | p = e + strspn(e, "/"); | |
510 | ||
511 | /* Is this the last component? If so, then we're done */ | |
512 | if (*p == 0) | |
513 | break; | |
514 | ||
515 | memcpy(t, path, e - path); | |
516 | t[e-path] = 0; | |
517 | ||
518 | if (prefix && path_startswith(prefix, t)) | |
519 | continue; | |
520 | ||
acbbf69b | 521 | r = mkdir_userns(t, mode, mask, uid_shift); |
63eae723 EV |
522 | if (r < 0) |
523 | return r; | |
524 | } | |
525 | ||
acbbf69b | 526 | return mkdir_userns(path, mode, mask, uid_shift); |
63eae723 EV |
527 | } |
528 | ||
e83bebef | 529 | int mount_all(const char *dest, |
4f086aab | 530 | MountSettingsMask mount_settings, |
403af78c | 531 | uid_t uid_shift, uid_t uid_range, |
e83bebef LP |
532 | const char *selinux_apifs_context) { |
533 | ||
534 | typedef struct MountPoint { | |
535 | const char *what; | |
536 | const char *where; | |
537 | const char *type; | |
538 | const char *options; | |
539 | unsigned long flags; | |
4f086aab | 540 | MountSettingsMask mount_settings; |
e83bebef LP |
541 | } MountPoint; |
542 | ||
543 | static const MountPoint mount_table[] = { | |
4f086aab SU |
544 | /* inner child mounts */ |
545 | { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, MOUNT_FATAL|MOUNT_IN_USERNS }, | |
13e785f7 | 546 | { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND, MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* Bind mount first ... */ |
4f086aab SU |
547 | { "/proc/sys/net", "/proc/sys/net", NULL, NULL, MS_BIND, MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO|MOUNT_APPLY_APIVFS_NETNS }, /* (except for this) */ |
548 | { NULL, "/proc/sys", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* ... then, make it r/o */ | |
13e785f7 | 549 | { "/proc/sysrq-trigger", "/proc/sysrq-trigger", NULL, NULL, MS_BIND, MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* Bind mount first ... */ |
4f086aab | 550 | { NULL, "/proc/sysrq-trigger", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* ... then, make it r/o */ |
4f086aab SU |
551 | |
552 | /* outer child mounts */ | |
e8a94ce8 | 553 | { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, MOUNT_FATAL }, |
4f086aab SU |
554 | { "tmpfs", "/sys", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, MOUNT_FATAL|MOUNT_APPLY_APIVFS_NETNS }, |
555 | { "sysfs", "/sys", "sysfs", NULL, MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, MOUNT_FATAL|MOUNT_APPLY_APIVFS_RO }, /* skipped if above was mounted */ | |
556 | { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, MOUNT_FATAL }, /* skipped if above was mounted */ | |
557 | ||
558 | { "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, MOUNT_FATAL }, | |
559 | { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, MOUNT_FATAL }, | |
560 | { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, MOUNT_FATAL }, | |
349cc4a5 | 561 | #if HAVE_SELINUX |
4f086aab SU |
562 | { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, 0 }, /* Bind mount first */ |
563 | { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, 0 }, /* Then, make it r/o */ | |
e83bebef LP |
564 | #endif |
565 | }; | |
566 | ||
567 | unsigned k; | |
568 | int r; | |
4f086aab SU |
569 | bool use_userns = (mount_settings & MOUNT_USE_USERNS); |
570 | bool netns = (mount_settings & MOUNT_APPLY_APIVFS_NETNS); | |
571 | bool ro = (mount_settings & MOUNT_APPLY_APIVFS_RO); | |
572 | bool in_userns = (mount_settings & MOUNT_IN_USERNS); | |
e83bebef LP |
573 | |
574 | for (k = 0; k < ELEMENTSOF(mount_table); k++) { | |
575 | _cleanup_free_ char *where = NULL, *options = NULL; | |
576 | const char *o; | |
4f086aab SU |
577 | bool fatal = (mount_table[k].mount_settings & MOUNT_FATAL); |
578 | ||
579 | if (in_userns != (bool)(mount_table[k].mount_settings & MOUNT_IN_USERNS)) | |
580 | continue; | |
e83bebef | 581 | |
4f086aab | 582 | if (!netns && (bool)(mount_table[k].mount_settings & MOUNT_APPLY_APIVFS_NETNS)) |
d1678248 ILG |
583 | continue; |
584 | ||
4f086aab | 585 | if (!ro && (bool)(mount_table[k].mount_settings & MOUNT_APPLY_APIVFS_RO)) |
e83bebef LP |
586 | continue; |
587 | ||
cb638b5e | 588 | r = chase_symlinks(mount_table[k].where, dest, CHASE_NONEXISTENT|CHASE_PREFIX_ROOT, &where); |
8ce48cf0 | 589 | if (r < 0) |
ec57bd42 | 590 | return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, mount_table[k].where); |
e83bebef | 591 | |
8ce48cf0 | 592 | r = path_is_mount_point(where, NULL, 0); |
e83bebef LP |
593 | if (r < 0 && r != -ENOENT) |
594 | return log_error_errno(r, "Failed to detect whether %s is a mount point: %m", where); | |
595 | ||
596 | /* Skip this entry if it is not a remount. */ | |
597 | if (mount_table[k].what && r > 0) | |
598 | continue; | |
599 | ||
acbbf69b | 600 | r = mkdir_userns_p(dest, where, 0755, mount_settings, uid_shift); |
920a7899 | 601 | if (r < 0 && r != -EEXIST) { |
4f13e534 | 602 | if (fatal && r != -EROFS) |
e83bebef LP |
603 | return log_error_errno(r, "Failed to create directory %s: %m", where); |
604 | ||
201b13c8 | 605 | log_debug_errno(r, "Failed to create directory %s: %m", where); |
4f13e534 LT |
606 | /* If we failed mkdir() or chown() due to the root |
607 | * directory being read only, attempt to mount this fs | |
608 | * anyway and let mount_verbose log any errors */ | |
609 | if (r != -EROFS) | |
610 | continue; | |
e83bebef LP |
611 | } |
612 | ||
613 | o = mount_table[k].options; | |
614 | if (streq_ptr(mount_table[k].type, "tmpfs")) { | |
8492849e EV |
615 | if (in_userns) |
616 | r = tmpfs_patch_options(o, use_userns, 0, uid_range, true, selinux_apifs_context, &options); | |
617 | else | |
618 | r = tmpfs_patch_options(o, use_userns, uid_shift, uid_range, false, selinux_apifs_context, &options); | |
e83bebef LP |
619 | if (r < 0) |
620 | return log_oom(); | |
621 | if (r > 0) | |
622 | o = options; | |
623 | } | |
624 | ||
4f086aab | 625 | r = mount_verbose(fatal ? LOG_ERR : LOG_DEBUG, |
60e76d48 ZJS |
626 | mount_table[k].what, |
627 | where, | |
628 | mount_table[k].type, | |
629 | mount_table[k].flags, | |
630 | o); | |
4f086aab | 631 | if (r < 0 && fatal) |
60e76d48 | 632 | return r; |
e83bebef LP |
633 | } |
634 | ||
635 | return 0; | |
636 | } | |
637 | ||
638 | static int parse_mount_bind_options(const char *options, unsigned long *mount_flags, char **mount_opts) { | |
639 | const char *p = options; | |
640 | unsigned long flags = *mount_flags; | |
641 | char *opts = NULL; | |
4da92e58 | 642 | int r; |
e83bebef LP |
643 | |
644 | assert(options); | |
645 | ||
646 | for (;;) { | |
647 | _cleanup_free_ char *word = NULL; | |
4da92e58 LP |
648 | |
649 | r = extract_first_word(&p, &word, ",", 0); | |
e83bebef LP |
650 | if (r < 0) |
651 | return log_error_errno(r, "Failed to extract mount option: %m"); | |
652 | if (r == 0) | |
653 | break; | |
654 | ||
655 | if (streq(word, "rbind")) | |
656 | flags |= MS_REC; | |
657 | else if (streq(word, "norbind")) | |
658 | flags &= ~MS_REC; | |
659 | else { | |
660 | log_error("Invalid bind mount option: %s", word); | |
661 | return -EINVAL; | |
662 | } | |
663 | } | |
664 | ||
665 | *mount_flags = flags; | |
666 | /* in the future mount_opts will hold string options for mount(2) */ | |
667 | *mount_opts = opts; | |
668 | ||
669 | return 0; | |
670 | } | |
671 | ||
672 | static int mount_bind(const char *dest, CustomMount *m) { | |
68cf43c3 LP |
673 | |
674 | _cleanup_free_ char *mount_opts = NULL, *where = NULL; | |
e83bebef | 675 | unsigned long mount_flags = MS_BIND | MS_REC; |
68cf43c3 | 676 | struct stat source_st, dest_st; |
e83bebef LP |
677 | int r; |
678 | ||
86c0dd4a | 679 | assert(dest); |
e83bebef LP |
680 | assert(m); |
681 | ||
682 | if (m->options) { | |
683 | r = parse_mount_bind_options(m->options, &mount_flags, &mount_opts); | |
684 | if (r < 0) | |
685 | return r; | |
686 | } | |
687 | ||
688 | if (stat(m->source, &source_st) < 0) | |
689 | return log_error_errno(errno, "Failed to stat %s: %m", m->source); | |
690 | ||
cb638b5e | 691 | r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where); |
68cf43c3 | 692 | if (r < 0) |
ec57bd42 | 693 | return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination); |
8ce48cf0 LP |
694 | if (r > 0) { /* Path exists already? */ |
695 | ||
696 | if (stat(where, &dest_st) < 0) | |
697 | return log_error_errno(errno, "Failed to stat %s: %m", where); | |
e83bebef | 698 | |
e83bebef LP |
699 | if (S_ISDIR(source_st.st_mode) && !S_ISDIR(dest_st.st_mode)) { |
700 | log_error("Cannot bind mount directory %s on file %s.", m->source, where); | |
701 | return -EINVAL; | |
702 | } | |
703 | ||
704 | if (!S_ISDIR(source_st.st_mode) && S_ISDIR(dest_st.st_mode)) { | |
705 | log_error("Cannot bind mount file %s on directory %s.", m->source, where); | |
706 | return -EINVAL; | |
707 | } | |
708 | ||
8ce48cf0 | 709 | } else { /* Path doesn't exist yet? */ |
e83bebef LP |
710 | r = mkdir_parents_label(where, 0755); |
711 | if (r < 0) | |
712 | return log_error_errno(r, "Failed to make parents of %s: %m", where); | |
b97e83cb BN |
713 | |
714 | /* Create the mount point. Any non-directory file can be | |
715 | * mounted on any non-directory file (regular, fifo, socket, | |
716 | * char, block). | |
717 | */ | |
718 | if (S_ISDIR(source_st.st_mode)) | |
719 | r = mkdir_label(where, 0755); | |
720 | else | |
721 | r = touch(where); | |
722 | if (r < 0) | |
723 | return log_error_errno(r, "Failed to create mount point %s: %m", where); | |
724 | ||
8ce48cf0 | 725 | } |
e83bebef | 726 | |
60e76d48 ZJS |
727 | r = mount_verbose(LOG_ERR, m->source, where, NULL, mount_flags, mount_opts); |
728 | if (r < 0) | |
729 | return r; | |
e83bebef LP |
730 | |
731 | if (m->read_only) { | |
6b7c9f8b | 732 | r = bind_remount_recursive(where, true, NULL); |
e83bebef LP |
733 | if (r < 0) |
734 | return log_error_errno(r, "Read-only bind mount failed: %m"); | |
735 | } | |
736 | ||
737 | return 0; | |
738 | } | |
739 | ||
740 | static int mount_tmpfs( | |
741 | const char *dest, | |
742 | CustomMount *m, | |
743 | bool userns, uid_t uid_shift, uid_t uid_range, | |
744 | const char *selinux_apifs_context) { | |
745 | ||
68cf43c3 LP |
746 | const char *options; |
747 | _cleanup_free_ char *buf = NULL, *where = NULL; | |
e83bebef LP |
748 | int r; |
749 | ||
750 | assert(dest); | |
751 | assert(m); | |
752 | ||
cb638b5e | 753 | r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where); |
68cf43c3 | 754 | if (r < 0) |
ec57bd42 | 755 | return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination); |
8ce48cf0 LP |
756 | if (r == 0) { /* Doesn't exist yet? */ |
757 | r = mkdir_p_label(where, 0755); | |
758 | if (r < 0) | |
759 | return log_error_errno(r, "Creating mount point for tmpfs %s failed: %m", where); | |
760 | } | |
e83bebef | 761 | |
0996ef00 | 762 | r = tmpfs_patch_options(m->options, userns, uid_shift, uid_range, false, selinux_apifs_context, &buf); |
e83bebef LP |
763 | if (r < 0) |
764 | return log_oom(); | |
765 | options = r > 0 ? buf : m->options; | |
766 | ||
60e76d48 | 767 | return mount_verbose(LOG_ERR, "tmpfs", where, "tmpfs", MS_NODEV|MS_STRICTATIME, options); |
e83bebef LP |
768 | } |
769 | ||
86c0dd4a | 770 | static char *joined_and_escaped_lower_dirs(char **lower) { |
e83bebef LP |
771 | _cleanup_strv_free_ char **sv = NULL; |
772 | ||
773 | sv = strv_copy(lower); | |
774 | if (!sv) | |
775 | return NULL; | |
776 | ||
777 | strv_reverse(sv); | |
778 | ||
779 | if (!strv_shell_escape(sv, ",:")) | |
780 | return NULL; | |
781 | ||
782 | return strv_join(sv, ":"); | |
783 | } | |
784 | ||
785 | static int mount_overlay(const char *dest, CustomMount *m) { | |
68cf43c3 | 786 | |
86c0dd4a | 787 | _cleanup_free_ char *lower = NULL, *where = NULL, *escaped_source = NULL; |
68cf43c3 | 788 | const char *options; |
e83bebef LP |
789 | int r; |
790 | ||
791 | assert(dest); | |
792 | assert(m); | |
793 | ||
cb638b5e | 794 | r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where); |
68cf43c3 | 795 | if (r < 0) |
ec57bd42 | 796 | return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination); |
8ce48cf0 LP |
797 | if (r == 0) { /* Doesn't exist yet? */ |
798 | r = mkdir_label(where, 0755); | |
799 | if (r < 0) | |
800 | return log_error_errno(r, "Creating mount point for overlay %s failed: %m", where); | |
801 | } | |
e83bebef LP |
802 | |
803 | (void) mkdir_p_label(m->source, 0755); | |
804 | ||
805 | lower = joined_and_escaped_lower_dirs(m->lower); | |
806 | if (!lower) | |
807 | return log_oom(); | |
808 | ||
86c0dd4a LP |
809 | escaped_source = shell_escape(m->source, ",:"); |
810 | if (!escaped_source) | |
811 | return log_oom(); | |
e83bebef | 812 | |
86c0dd4a | 813 | if (m->read_only) |
e83bebef | 814 | options = strjoina("lowerdir=", escaped_source, ":", lower); |
86c0dd4a LP |
815 | else { |
816 | _cleanup_free_ char *escaped_work_dir = NULL; | |
e83bebef | 817 | |
e83bebef LP |
818 | escaped_work_dir = shell_escape(m->work_dir, ",:"); |
819 | if (!escaped_work_dir) | |
820 | return log_oom(); | |
821 | ||
822 | options = strjoina("lowerdir=", lower, ",upperdir=", escaped_source, ",workdir=", escaped_work_dir); | |
823 | } | |
824 | ||
60e76d48 | 825 | return mount_verbose(LOG_ERR, "overlay", where, "overlay", m->read_only ? MS_RDONLY : 0, options); |
e83bebef LP |
826 | } |
827 | ||
828 | int mount_custom( | |
829 | const char *dest, | |
830 | CustomMount *mounts, unsigned n, | |
831 | bool userns, uid_t uid_shift, uid_t uid_range, | |
832 | const char *selinux_apifs_context) { | |
833 | ||
834 | unsigned i; | |
835 | int r; | |
836 | ||
837 | assert(dest); | |
838 | ||
839 | for (i = 0; i < n; i++) { | |
840 | CustomMount *m = mounts + i; | |
841 | ||
842 | switch (m->type) { | |
843 | ||
844 | case CUSTOM_MOUNT_BIND: | |
845 | r = mount_bind(dest, m); | |
846 | break; | |
847 | ||
848 | case CUSTOM_MOUNT_TMPFS: | |
849 | r = mount_tmpfs(dest, m, userns, uid_shift, uid_range, selinux_apifs_context); | |
850 | break; | |
851 | ||
852 | case CUSTOM_MOUNT_OVERLAY: | |
853 | r = mount_overlay(dest, m); | |
854 | break; | |
855 | ||
856 | default: | |
857 | assert_not_reached("Unknown custom mount type"); | |
858 | } | |
859 | ||
860 | if (r < 0) | |
861 | return r; | |
862 | } | |
863 | ||
864 | return 0; | |
865 | } | |
866 | ||
0996ef00 CB |
867 | /* Retrieve existing subsystems. This function is called in a new cgroup |
868 | * namespace. | |
869 | */ | |
870 | static int get_controllers(Set *subsystems) { | |
871 | _cleanup_fclose_ FILE *f = NULL; | |
872 | char line[LINE_MAX]; | |
873 | ||
874 | assert(subsystems); | |
875 | ||
876 | f = fopen("/proc/self/cgroup", "re"); | |
877 | if (!f) | |
878 | return errno == ENOENT ? -ESRCH : -errno; | |
879 | ||
880 | FOREACH_LINE(line, f, return -errno) { | |
881 | int r; | |
882 | char *e, *l, *p; | |
883 | ||
0996ef00 CB |
884 | l = strchr(line, ':'); |
885 | if (!l) | |
886 | continue; | |
887 | ||
888 | l++; | |
889 | e = strchr(l, ':'); | |
890 | if (!e) | |
891 | continue; | |
892 | ||
893 | *e = 0; | |
894 | ||
2977724b | 895 | if (STR_IN_SET(l, "", "name=systemd", "name=unified")) |
0996ef00 CB |
896 | continue; |
897 | ||
898 | p = strdup(l); | |
add554f4 ZJS |
899 | if (!p) |
900 | return -ENOMEM; | |
901 | ||
0996ef00 CB |
902 | r = set_consume(subsystems, p); |
903 | if (r < 0) | |
904 | return r; | |
905 | } | |
906 | ||
907 | return 0; | |
908 | } | |
909 | ||
e1873695 LP |
910 | static int mount_legacy_cgroup_hierarchy( |
911 | const char *dest, | |
912 | const char *controller, | |
913 | const char *hierarchy, | |
e1873695 LP |
914 | bool read_only) { |
915 | ||
60e76d48 | 916 | const char *to, *fstype, *opts; |
e83bebef LP |
917 | int r; |
918 | ||
ee30f6ac | 919 | to = strjoina(strempty(dest), "/sys/fs/cgroup/", hierarchy); |
e83bebef | 920 | |
e1873695 | 921 | r = path_is_mount_point(to, dest, 0); |
e83bebef LP |
922 | if (r < 0 && r != -ENOENT) |
923 | return log_error_errno(r, "Failed to determine if %s is mounted already: %m", to); | |
924 | if (r > 0) | |
925 | return 0; | |
926 | ||
927 | mkdir_p(to, 0755); | |
928 | ||
929 | /* The superblock mount options of the mount point need to be | |
930 | * identical to the hosts', and hence writable... */ | |
2977724b TH |
931 | if (streq(controller, SYSTEMD_CGROUP_CONTROLLER_HYBRID)) { |
932 | fstype = "cgroup2"; | |
933 | opts = NULL; | |
934 | } else if (streq(controller, SYSTEMD_CGROUP_CONTROLLER_LEGACY)) { | |
935 | fstype = "cgroup"; | |
936 | opts = "none,name=systemd,xattr"; | |
60e76d48 ZJS |
937 | } else { |
938 | fstype = "cgroup"; | |
939 | opts = controller; | |
940 | } | |
5da38d07 | 941 | |
60e76d48 | 942 | r = mount_verbose(LOG_ERR, "cgroup", to, fstype, MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); |
5da38d07 | 943 | if (r < 0) |
60e76d48 | 944 | return r; |
e83bebef | 945 | |
60e76d48 | 946 | /* ... hence let's only make the bind mount read-only, not the superblock. */ |
e83bebef | 947 | if (read_only) { |
60e76d48 ZJS |
948 | r = mount_verbose(LOG_ERR, NULL, to, NULL, |
949 | MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, NULL); | |
950 | if (r < 0) | |
951 | return r; | |
e83bebef | 952 | } |
60e76d48 | 953 | |
e83bebef LP |
954 | return 1; |
955 | } | |
956 | ||
0996ef00 CB |
957 | /* Mount a legacy cgroup hierarchy when cgroup namespaces are supported. */ |
958 | static int mount_legacy_cgns_supported( | |
e1873695 LP |
959 | const char *dest, |
960 | CGroupUnified unified_requested, | |
961 | bool userns, | |
962 | uid_t uid_shift, | |
963 | uid_t uid_range, | |
964 | const char *selinux_apifs_context) { | |
965 | ||
0996ef00 CB |
966 | _cleanup_set_free_free_ Set *controllers = NULL; |
967 | const char *cgroup_root = "/sys/fs/cgroup", *c; | |
968 | int r; | |
e83bebef | 969 | |
0996ef00 CB |
970 | (void) mkdir_p(cgroup_root, 0755); |
971 | ||
972 | /* Mount a tmpfs to /sys/fs/cgroup if it's not mounted there yet. */ | |
e1873695 | 973 | r = path_is_mount_point(cgroup_root, dest, AT_SYMLINK_FOLLOW); |
0996ef00 CB |
974 | if (r < 0) |
975 | return log_error_errno(r, "Failed to determine if /sys/fs/cgroup is already mounted: %m"); | |
976 | if (r == 0) { | |
977 | _cleanup_free_ char *options = NULL; | |
978 | ||
979 | /* When cgroup namespaces are enabled and user namespaces are | |
980 | * used then the mount of the cgroupfs is done *inside* the new | |
981 | * user namespace. We're root in the new user namespace and the | |
982 | * kernel will happily translate our uid/gid to the correct | |
983 | * uid/gid as seen from e.g. /proc/1/mountinfo. So we simply | |
984 | * pass uid 0 and not uid_shift to tmpfs_patch_options(). | |
985 | */ | |
986 | r = tmpfs_patch_options("mode=755", userns, 0, uid_range, true, selinux_apifs_context, &options); | |
987 | if (r < 0) | |
988 | return log_oom(); | |
989 | ||
60e76d48 ZJS |
990 | r = mount_verbose(LOG_ERR, "tmpfs", cgroup_root, "tmpfs", |
991 | MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, options); | |
992 | if (r < 0) | |
993 | return r; | |
0996ef00 CB |
994 | } |
995 | ||
b4cccbc1 LP |
996 | r = cg_all_unified(); |
997 | if (r < 0) | |
998 | return r; | |
999 | if (r > 0) | |
0996ef00 CB |
1000 | goto skip_controllers; |
1001 | ||
1002 | controllers = set_new(&string_hash_ops); | |
1003 | if (!controllers) | |
1004 | return log_oom(); | |
1005 | ||
1006 | r = get_controllers(controllers); | |
1007 | if (r < 0) | |
1008 | return log_error_errno(r, "Failed to determine cgroup controllers: %m"); | |
1009 | ||
1010 | for (;;) { | |
1011 | _cleanup_free_ const char *controller = NULL; | |
1012 | ||
1013 | controller = set_steal_first(controllers); | |
1014 | if (!controller) | |
1015 | break; | |
1016 | ||
2977724b | 1017 | r = mount_legacy_cgroup_hierarchy("", controller, controller, !userns); |
0996ef00 CB |
1018 | if (r < 0) |
1019 | return r; | |
1020 | ||
1021 | /* When multiple hierarchies are co-mounted, make their | |
1022 | * constituting individual hierarchies a symlink to the | |
1023 | * co-mount. | |
1024 | */ | |
1025 | c = controller; | |
1026 | for (;;) { | |
1027 | _cleanup_free_ char *target = NULL, *tok = NULL; | |
1028 | ||
1029 | r = extract_first_word(&c, &tok, ",", 0); | |
1030 | if (r < 0) | |
1031 | return log_error_errno(r, "Failed to extract co-mounted cgroup controller: %m"); | |
1032 | if (r == 0) | |
1033 | break; | |
1034 | ||
1035 | target = prefix_root("/sys/fs/cgroup", tok); | |
1036 | if (!target) | |
1037 | return log_oom(); | |
1038 | ||
1039 | if (streq(controller, tok)) | |
1040 | break; | |
1041 | ||
1042 | r = symlink_idempotent(controller, target); | |
1043 | if (r == -EINVAL) | |
1044 | return log_error_errno(r, "Invalid existing symlink for combined hierarchy: %m"); | |
1045 | if (r < 0) | |
1046 | return log_error_errno(r, "Failed to create symlink for combined hierarchy: %m"); | |
1047 | } | |
1048 | } | |
1049 | ||
1050 | skip_controllers: | |
2977724b TH |
1051 | if (unified_requested >= CGROUP_UNIFIED_SYSTEMD) { |
1052 | r = mount_legacy_cgroup_hierarchy("", SYSTEMD_CGROUP_CONTROLLER_HYBRID, "unified", false); | |
1053 | if (r < 0) | |
1054 | return r; | |
1055 | } | |
1056 | ||
1057 | r = mount_legacy_cgroup_hierarchy("", SYSTEMD_CGROUP_CONTROLLER_LEGACY, "systemd", false); | |
0996ef00 CB |
1058 | if (r < 0) |
1059 | return r; | |
1060 | ||
60e76d48 ZJS |
1061 | if (!userns) |
1062 | return mount_verbose(LOG_ERR, NULL, cgroup_root, NULL, | |
1063 | MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); | |
0996ef00 CB |
1064 | |
1065 | return 0; | |
1066 | } | |
1067 | ||
1068 | /* Mount legacy cgroup hierarchy when cgroup namespaces are unsupported. */ | |
1069 | static int mount_legacy_cgns_unsupported( | |
1070 | const char *dest, | |
e1873695 LP |
1071 | CGroupUnified unified_requested, |
1072 | bool userns, | |
1073 | uid_t uid_shift, | |
1074 | uid_t uid_range, | |
0996ef00 | 1075 | const char *selinux_apifs_context) { |
e1873695 | 1076 | |
e83bebef LP |
1077 | _cleanup_set_free_free_ Set *controllers = NULL; |
1078 | const char *cgroup_root; | |
1079 | int r; | |
1080 | ||
1081 | cgroup_root = prefix_roota(dest, "/sys/fs/cgroup"); | |
1082 | ||
d8fc6a00 LP |
1083 | (void) mkdir_p(cgroup_root, 0755); |
1084 | ||
e83bebef | 1085 | /* Mount a tmpfs to /sys/fs/cgroup if it's not mounted there yet. */ |
e1873695 | 1086 | r = path_is_mount_point(cgroup_root, dest, AT_SYMLINK_FOLLOW); |
e83bebef LP |
1087 | if (r < 0) |
1088 | return log_error_errno(r, "Failed to determine if /sys/fs/cgroup is already mounted: %m"); | |
1089 | if (r == 0) { | |
1090 | _cleanup_free_ char *options = NULL; | |
1091 | ||
0996ef00 | 1092 | r = tmpfs_patch_options("mode=755", userns, uid_shift, uid_range, false, selinux_apifs_context, &options); |
e83bebef LP |
1093 | if (r < 0) |
1094 | return log_oom(); | |
1095 | ||
60e76d48 ZJS |
1096 | r = mount_verbose(LOG_ERR, "tmpfs", cgroup_root, "tmpfs", |
1097 | MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, options); | |
1098 | if (r < 0) | |
1099 | return r; | |
e83bebef LP |
1100 | } |
1101 | ||
b4cccbc1 LP |
1102 | r = cg_all_unified(); |
1103 | if (r < 0) | |
1104 | return r; | |
1105 | if (r > 0) | |
e83bebef LP |
1106 | goto skip_controllers; |
1107 | ||
1108 | controllers = set_new(&string_hash_ops); | |
1109 | if (!controllers) | |
1110 | return log_oom(); | |
1111 | ||
1112 | r = cg_kernel_controllers(controllers); | |
1113 | if (r < 0) | |
1114 | return log_error_errno(r, "Failed to determine cgroup controllers: %m"); | |
1115 | ||
1116 | for (;;) { | |
1117 | _cleanup_free_ char *controller = NULL, *origin = NULL, *combined = NULL; | |
1118 | ||
1119 | controller = set_steal_first(controllers); | |
1120 | if (!controller) | |
1121 | break; | |
1122 | ||
1123 | origin = prefix_root("/sys/fs/cgroup/", controller); | |
1124 | if (!origin) | |
1125 | return log_oom(); | |
1126 | ||
1127 | r = readlink_malloc(origin, &combined); | |
1128 | if (r == -EINVAL) { | |
1129 | /* Not a symbolic link, but directly a single cgroup hierarchy */ | |
1130 | ||
2977724b | 1131 | r = mount_legacy_cgroup_hierarchy(dest, controller, controller, true); |
e83bebef LP |
1132 | if (r < 0) |
1133 | return r; | |
1134 | ||
1135 | } else if (r < 0) | |
1136 | return log_error_errno(r, "Failed to read link %s: %m", origin); | |
1137 | else { | |
1138 | _cleanup_free_ char *target = NULL; | |
1139 | ||
1140 | target = prefix_root(dest, origin); | |
1141 | if (!target) | |
1142 | return log_oom(); | |
1143 | ||
1144 | /* A symbolic link, a combination of controllers in one hierarchy */ | |
1145 | ||
1146 | if (!filename_is_valid(combined)) { | |
1147 | log_warning("Ignoring invalid combined hierarchy %s.", combined); | |
1148 | continue; | |
1149 | } | |
1150 | ||
2977724b | 1151 | r = mount_legacy_cgroup_hierarchy(dest, combined, combined, true); |
e83bebef LP |
1152 | if (r < 0) |
1153 | return r; | |
1154 | ||
1155 | r = symlink_idempotent(combined, target); | |
0996ef00 CB |
1156 | if (r == -EINVAL) |
1157 | return log_error_errno(r, "Invalid existing symlink for combined hierarchy: %m"); | |
e83bebef LP |
1158 | if (r < 0) |
1159 | return log_error_errno(r, "Failed to create symlink for combined hierarchy: %m"); | |
1160 | } | |
1161 | } | |
1162 | ||
1163 | skip_controllers: | |
2977724b TH |
1164 | if (unified_requested >= CGROUP_UNIFIED_SYSTEMD) { |
1165 | r = mount_legacy_cgroup_hierarchy(dest, SYSTEMD_CGROUP_CONTROLLER_HYBRID, "unified", false); | |
1166 | if (r < 0) | |
1167 | return r; | |
1168 | } | |
1169 | ||
1170 | r = mount_legacy_cgroup_hierarchy(dest, SYSTEMD_CGROUP_CONTROLLER_LEGACY, "systemd", false); | |
e83bebef LP |
1171 | if (r < 0) |
1172 | return r; | |
1173 | ||
60e76d48 ZJS |
1174 | return mount_verbose(LOG_ERR, NULL, cgroup_root, NULL, |
1175 | MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); | |
e83bebef LP |
1176 | } |
1177 | ||
1178 | static int mount_unified_cgroups(const char *dest) { | |
1179 | const char *p; | |
1180 | int r; | |
1181 | ||
1182 | assert(dest); | |
1183 | ||
88e10572 MT |
1184 | p = prefix_roota(dest, "/sys/fs/cgroup"); |
1185 | ||
1186 | (void) mkdir_p(p, 0755); | |
e83bebef | 1187 | |
e1873695 | 1188 | r = path_is_mount_point(p, dest, AT_SYMLINK_FOLLOW); |
e83bebef LP |
1189 | if (r < 0) |
1190 | return log_error_errno(r, "Failed to determine if %s is mounted already: %m", p); | |
1191 | if (r > 0) { | |
88e10572 | 1192 | p = prefix_roota(dest, "/sys/fs/cgroup/cgroup.procs"); |
e83bebef LP |
1193 | if (access(p, F_OK) >= 0) |
1194 | return 0; | |
1195 | if (errno != ENOENT) | |
1196 | return log_error_errno(errno, "Failed to determine if mount point %s contains the unified cgroup hierarchy: %m", p); | |
1197 | ||
1198 | log_error("%s is already mounted but not a unified cgroup hierarchy. Refusing.", p); | |
1199 | return -EINVAL; | |
1200 | } | |
1201 | ||
60e76d48 | 1202 | return mount_verbose(LOG_ERR, "cgroup", p, "cgroup2", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL); |
e83bebef LP |
1203 | } |
1204 | ||
1205 | int mount_cgroups( | |
1206 | const char *dest, | |
5da38d07 | 1207 | CGroupUnified unified_requested, |
e1873695 LP |
1208 | bool userns, |
1209 | uid_t uid_shift, | |
1210 | uid_t uid_range, | |
5a8ff0e6 CB |
1211 | const char *selinux_apifs_context, |
1212 | bool use_cgns) { | |
e83bebef | 1213 | |
5da38d07 | 1214 | if (unified_requested >= CGROUP_UNIFIED_ALL) |
e83bebef | 1215 | return mount_unified_cgroups(dest); |
ada54120 | 1216 | else if (use_cgns) |
e1873695 | 1217 | return mount_legacy_cgns_supported(dest, unified_requested, userns, uid_shift, uid_range, selinux_apifs_context); |
0996ef00 | 1218 | |
5da38d07 | 1219 | return mount_legacy_cgns_unsupported(dest, unified_requested, userns, uid_shift, uid_range, selinux_apifs_context); |
e83bebef LP |
1220 | } |
1221 | ||
2977724b TH |
1222 | static int mount_systemd_cgroup_writable_one(const char *systemd_own, const char *systemd_root) |
1223 | { | |
1224 | int r; | |
1225 | ||
1226 | /* Make our own cgroup a (writable) bind mount */ | |
1227 | r = mount_verbose(LOG_ERR, systemd_own, systemd_own, NULL, MS_BIND, NULL); | |
1228 | if (r < 0) | |
1229 | return r; | |
1230 | ||
1231 | /* And then remount the systemd cgroup root read-only */ | |
1232 | return mount_verbose(LOG_ERR, NULL, systemd_root, NULL, | |
1233 | MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, NULL); | |
1234 | } | |
1235 | ||
e83bebef LP |
1236 | int mount_systemd_cgroup_writable( |
1237 | const char *dest, | |
5da38d07 | 1238 | CGroupUnified unified_requested) { |
e83bebef LP |
1239 | |
1240 | _cleanup_free_ char *own_cgroup_path = NULL; | |
e83bebef LP |
1241 | int r; |
1242 | ||
1243 | assert(dest); | |
1244 | ||
1245 | r = cg_pid_get_path(NULL, 0, &own_cgroup_path); | |
1246 | if (r < 0) | |
1247 | return log_error_errno(r, "Failed to determine our own cgroup path: %m"); | |
1248 | ||
1249 | /* If we are living in the top-level, then there's nothing to do... */ | |
1250 | if (path_equal(own_cgroup_path, "/")) | |
1251 | return 0; | |
1252 | ||
2977724b TH |
1253 | if (unified_requested >= CGROUP_UNIFIED_ALL) |
1254 | return mount_systemd_cgroup_writable_one(strjoina(dest, "/sys/fs/cgroup", own_cgroup_path), | |
1255 | prefix_roota(dest, "/sys/fs/cgroup")); | |
e83bebef | 1256 | |
2977724b TH |
1257 | if (unified_requested >= CGROUP_UNIFIED_SYSTEMD) { |
1258 | r = mount_systemd_cgroup_writable_one(strjoina(dest, "/sys/fs/cgroup/unified", own_cgroup_path), | |
1259 | prefix_roota(dest, "/sys/fs/cgroup/unified")); | |
1260 | if (r < 0) | |
1261 | return r; | |
1262 | } | |
e83bebef | 1263 | |
2977724b TH |
1264 | return mount_systemd_cgroup_writable_one(strjoina(dest, "/sys/fs/cgroup/systemd", own_cgroup_path), |
1265 | prefix_roota(dest, "/sys/fs/cgroup/systemd")); | |
e83bebef LP |
1266 | } |
1267 | ||
1268 | int setup_volatile_state( | |
1269 | const char *directory, | |
1270 | VolatileMode mode, | |
1271 | bool userns, uid_t uid_shift, uid_t uid_range, | |
1272 | const char *selinux_apifs_context) { | |
1273 | ||
1274 | _cleanup_free_ char *buf = NULL; | |
1275 | const char *p, *options; | |
1276 | int r; | |
1277 | ||
1278 | assert(directory); | |
1279 | ||
1280 | if (mode != VOLATILE_STATE) | |
1281 | return 0; | |
1282 | ||
1283 | /* --volatile=state means we simply overmount /var | |
1284 | with a tmpfs, and the rest read-only. */ | |
1285 | ||
6b7c9f8b | 1286 | r = bind_remount_recursive(directory, true, NULL); |
e83bebef LP |
1287 | if (r < 0) |
1288 | return log_error_errno(r, "Failed to remount %s read-only: %m", directory); | |
1289 | ||
1290 | p = prefix_roota(directory, "/var"); | |
1291 | r = mkdir(p, 0755); | |
1292 | if (r < 0 && errno != EEXIST) | |
1293 | return log_error_errno(errno, "Failed to create %s: %m", directory); | |
1294 | ||
1295 | options = "mode=755"; | |
0996ef00 | 1296 | r = tmpfs_patch_options(options, userns, uid_shift, uid_range, false, selinux_apifs_context, &buf); |
e83bebef LP |
1297 | if (r < 0) |
1298 | return log_oom(); | |
1299 | if (r > 0) | |
1300 | options = buf; | |
1301 | ||
60e76d48 | 1302 | return mount_verbose(LOG_ERR, "tmpfs", p, "tmpfs", MS_STRICTATIME, options); |
e83bebef LP |
1303 | } |
1304 | ||
1305 | int setup_volatile( | |
1306 | const char *directory, | |
1307 | VolatileMode mode, | |
1308 | bool userns, uid_t uid_shift, uid_t uid_range, | |
1309 | const char *selinux_apifs_context) { | |
1310 | ||
1311 | bool tmpfs_mounted = false, bind_mounted = false; | |
1312 | char template[] = "/tmp/nspawn-volatile-XXXXXX"; | |
1313 | _cleanup_free_ char *buf = NULL; | |
1314 | const char *f, *t, *options; | |
1315 | int r; | |
1316 | ||
1317 | assert(directory); | |
1318 | ||
1319 | if (mode != VOLATILE_YES) | |
1320 | return 0; | |
1321 | ||
1322 | /* --volatile=yes means we mount a tmpfs to the root dir, and | |
1323 | the original /usr to use inside it, and that read-only. */ | |
1324 | ||
1325 | if (!mkdtemp(template)) | |
1326 | return log_error_errno(errno, "Failed to create temporary directory: %m"); | |
1327 | ||
1328 | options = "mode=755"; | |
0996ef00 | 1329 | r = tmpfs_patch_options(options, userns, uid_shift, uid_range, false, selinux_apifs_context, &buf); |
e83bebef LP |
1330 | if (r < 0) |
1331 | return log_oom(); | |
1332 | if (r > 0) | |
1333 | options = buf; | |
1334 | ||
60e76d48 ZJS |
1335 | r = mount_verbose(LOG_ERR, "tmpfs", template, "tmpfs", MS_STRICTATIME, options); |
1336 | if (r < 0) | |
e83bebef | 1337 | goto fail; |
e83bebef LP |
1338 | |
1339 | tmpfs_mounted = true; | |
1340 | ||
1341 | f = prefix_roota(directory, "/usr"); | |
1342 | t = prefix_roota(template, "/usr"); | |
1343 | ||
1344 | r = mkdir(t, 0755); | |
1345 | if (r < 0 && errno != EEXIST) { | |
1346 | r = log_error_errno(errno, "Failed to create %s: %m", t); | |
1347 | goto fail; | |
1348 | } | |
1349 | ||
60e76d48 ZJS |
1350 | r = mount_verbose(LOG_ERR, f, t, NULL, MS_BIND|MS_REC, NULL); |
1351 | if (r < 0) | |
e83bebef | 1352 | goto fail; |
e83bebef LP |
1353 | |
1354 | bind_mounted = true; | |
1355 | ||
6b7c9f8b | 1356 | r = bind_remount_recursive(t, true, NULL); |
e83bebef LP |
1357 | if (r < 0) { |
1358 | log_error_errno(r, "Failed to remount %s read-only: %m", t); | |
1359 | goto fail; | |
1360 | } | |
1361 | ||
60e76d48 ZJS |
1362 | r = mount_verbose(LOG_ERR, template, directory, NULL, MS_MOVE, NULL); |
1363 | if (r < 0) | |
e83bebef | 1364 | goto fail; |
e83bebef LP |
1365 | |
1366 | (void) rmdir(template); | |
1367 | ||
1368 | return 0; | |
1369 | ||
1370 | fail: | |
1371 | if (bind_mounted) | |
60e76d48 | 1372 | (void) umount_verbose(t); |
e83bebef LP |
1373 | |
1374 | if (tmpfs_mounted) | |
60e76d48 | 1375 | (void) umount_verbose(template); |
e83bebef LP |
1376 | (void) rmdir(template); |
1377 | return r; | |
1378 | } | |
b53ede69 PW |
1379 | |
1380 | /* Expects *pivot_root_new and *pivot_root_old to be initialised to allocated memory or NULL. */ | |
1381 | int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s) { | |
1382 | _cleanup_free_ char *root_new = NULL, *root_old = NULL; | |
1383 | const char *p = s; | |
1384 | int r; | |
1385 | ||
1386 | assert(pivot_root_new); | |
1387 | assert(pivot_root_old); | |
1388 | ||
1389 | r = extract_first_word(&p, &root_new, ":", EXTRACT_DONT_COALESCE_SEPARATORS); | |
1390 | if (r < 0) | |
1391 | return r; | |
1392 | if (r == 0) | |
1393 | return -EINVAL; | |
1394 | ||
1395 | if (isempty(p)) | |
1396 | root_old = NULL; | |
1397 | else { | |
1398 | root_old = strdup(p); | |
1399 | if (!root_old) | |
1400 | return -ENOMEM; | |
1401 | } | |
1402 | ||
1403 | if (!path_is_absolute(root_new)) | |
1404 | return -EINVAL; | |
1405 | if (root_old && !path_is_absolute(root_old)) | |
1406 | return -EINVAL; | |
1407 | ||
1408 | free_and_replace(*pivot_root_new, root_new); | |
1409 | free_and_replace(*pivot_root_old, root_old); | |
1410 | ||
1411 | return 0; | |
1412 | } | |
1413 | ||
1414 | int setup_pivot_root(const char *directory, const char *pivot_root_new, const char *pivot_root_old) { | |
1415 | _cleanup_free_ char *directory_pivot_root_new = NULL; | |
1416 | _cleanup_free_ char *pivot_tmp_pivot_root_old = NULL; | |
1417 | char pivot_tmp[] = "/tmp/nspawn-pivot-XXXXXX"; | |
1418 | bool remove_pivot_tmp = false; | |
1419 | int r; | |
1420 | ||
1421 | assert(directory); | |
1422 | ||
1423 | if (!pivot_root_new) | |
1424 | return 0; | |
1425 | ||
1426 | /* Pivot pivot_root_new to / and the existing / to pivot_root_old. | |
1427 | * If pivot_root_old is NULL, the existing / disappears. | |
1428 | * This requires a temporary directory, pivot_tmp, which is | |
1429 | * not a child of either. | |
1430 | * | |
1431 | * This is typically used for OSTree-style containers, where | |
1432 | * the root partition contains several sysroots which could be | |
1433 | * run. Normally, one would be chosen by the bootloader and | |
1434 | * pivoted to / by initramfs. | |
1435 | * | |
1436 | * For example, for an OSTree deployment, pivot_root_new | |
1437 | * would be: /ostree/deploy/$os/deploy/$checksum. Note that this | |
1438 | * code doesn’t do the /var mount which OSTree expects: use | |
1439 | * --bind +/sysroot/ostree/deploy/$os/var:/var for that. | |
1440 | * | |
1441 | * So in the OSTree case, we’ll end up with something like: | |
1442 | * - directory = /tmp/nspawn-root-123456 | |
1443 | * - pivot_root_new = /ostree/deploy/os/deploy/123abc | |
1444 | * - pivot_root_old = /sysroot | |
1445 | * - directory_pivot_root_new = | |
1446 | * /tmp/nspawn-root-123456/ostree/deploy/os/deploy/123abc | |
1447 | * - pivot_tmp = /tmp/nspawn-pivot-123456 | |
1448 | * - pivot_tmp_pivot_root_old = /tmp/nspawn-pivot-123456/sysroot | |
1449 | * | |
1450 | * Requires all file systems at directory and below to be mounted | |
1451 | * MS_PRIVATE or MS_SLAVE so they can be moved. | |
1452 | */ | |
1453 | directory_pivot_root_new = prefix_root(directory, pivot_root_new); | |
1454 | ||
1455 | /* Remount directory_pivot_root_new to make it movable. */ | |
1456 | r = mount_verbose(LOG_ERR, directory_pivot_root_new, directory_pivot_root_new, NULL, MS_BIND, NULL); | |
1457 | if (r < 0) | |
1458 | goto done; | |
1459 | ||
1460 | if (pivot_root_old) { | |
1461 | if (!mkdtemp(pivot_tmp)) { | |
1462 | r = log_error_errno(errno, "Failed to create temporary directory: %m"); | |
1463 | goto done; | |
1464 | } | |
1465 | ||
1466 | remove_pivot_tmp = true; | |
1467 | pivot_tmp_pivot_root_old = prefix_root(pivot_tmp, pivot_root_old); | |
1468 | ||
1469 | r = mount_verbose(LOG_ERR, directory_pivot_root_new, pivot_tmp, NULL, MS_MOVE, NULL); | |
1470 | if (r < 0) | |
1471 | goto done; | |
1472 | ||
1473 | r = mount_verbose(LOG_ERR, directory, pivot_tmp_pivot_root_old, NULL, MS_MOVE, NULL); | |
1474 | if (r < 0) | |
1475 | goto done; | |
1476 | ||
1477 | r = mount_verbose(LOG_ERR, pivot_tmp, directory, NULL, MS_MOVE, NULL); | |
1478 | if (r < 0) | |
1479 | goto done; | |
1480 | } else { | |
1481 | r = mount_verbose(LOG_ERR, directory_pivot_root_new, directory, NULL, MS_MOVE, NULL); | |
1482 | if (r < 0) | |
1483 | goto done; | |
1484 | } | |
1485 | ||
1486 | done: | |
1487 | if (remove_pivot_tmp) | |
1488 | (void) rmdir(pivot_tmp); | |
1489 | ||
1490 | return r; | |
1491 | } |