]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/nspawn/nspawn-mount.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #16340 from keszybz/var-tmp-readonly
[thirdparty/systemd.git] / src / nspawn / nspawn-mount.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <sys/mount.h>
4 #include <linux/magic.h>
5
6 #include "alloc-util.h"
7 #include "escape.h"
8 #include "fd-util.h"
9 #include "format-util.h"
10 #include "fs-util.h"
11 #include "label.h"
12 #include "mkdir.h"
13 #include "mount-util.h"
14 #include "mountpoint-util.h"
15 #include "nspawn-mount.h"
16 #include "parse-util.h"
17 #include "path-util.h"
18 #include "rm-rf.h"
19 #include "set.h"
20 #include "sort-util.h"
21 #include "stat-util.h"
22 #include "string-util.h"
23 #include "strv.h"
24 #include "tmpfile-util.h"
25 #include "user-util.h"
26
27 CustomMount* custom_mount_add(CustomMount **l, size_t *n, CustomMountType t) {
28 CustomMount *c, *ret;
29
30 assert(l);
31 assert(n);
32 assert(t >= 0);
33 assert(t < _CUSTOM_MOUNT_TYPE_MAX);
34
35 c = reallocarray(*l, *n + 1, sizeof(CustomMount));
36 if (!c)
37 return NULL;
38
39 *l = c;
40 ret = *l + *n;
41 (*n)++;
42
43 *ret = (CustomMount) { .type = t };
44
45 return ret;
46 }
47
48 void custom_mount_free_all(CustomMount *l, size_t n) {
49 size_t i;
50
51 for (i = 0; i < n; i++) {
52 CustomMount *m = l + i;
53
54 free(m->source);
55 free(m->destination);
56 free(m->options);
57
58 if (m->work_dir) {
59 (void) rm_rf(m->work_dir, REMOVE_ROOT|REMOVE_PHYSICAL);
60 free(m->work_dir);
61 }
62
63 if (m->rm_rf_tmpdir) {
64 (void) rm_rf(m->rm_rf_tmpdir, REMOVE_ROOT|REMOVE_PHYSICAL);
65 free(m->rm_rf_tmpdir);
66 }
67
68 strv_free(m->lower);
69 free(m->type_argument);
70 }
71
72 free(l);
73 }
74
75 static int custom_mount_compare(const CustomMount *a, const CustomMount *b) {
76 int r;
77
78 r = path_compare(a->destination, b->destination);
79 if (r != 0)
80 return r;
81
82 return CMP(a->type, b->type);
83 }
84
85 static bool source_path_is_valid(const char *p) {
86 assert(p);
87
88 if (*p == '+')
89 p++;
90
91 return path_is_absolute(p);
92 }
93
94 static char *resolve_source_path(const char *dest, const char *source) {
95
96 if (!source)
97 return NULL;
98
99 if (source[0] == '+')
100 return path_join(dest, source + 1);
101
102 return strdup(source);
103 }
104
105 static int allocate_temporary_source(CustomMount *m) {
106 assert(m);
107 assert(!m->source);
108 assert(!m->rm_rf_tmpdir);
109
110 m->rm_rf_tmpdir = strdup("/var/tmp/nspawn-temp-XXXXXX");
111 if (!m->rm_rf_tmpdir)
112 return log_oom();
113
114 if (!mkdtemp(m->rm_rf_tmpdir)) {
115 m->rm_rf_tmpdir = mfree(m->rm_rf_tmpdir);
116 return log_error_errno(errno, "Failed to acquire temporary directory: %m");
117 }
118
119 m->source = path_join(m->rm_rf_tmpdir, "src");
120 if (!m->source)
121 return log_oom();
122
123 if (mkdir(m->source, 0755) < 0)
124 return log_error_errno(errno, "Failed to create %s: %m", m->source);
125
126 return 0;
127 }
128
129 int custom_mount_prepare_all(const char *dest, CustomMount *l, size_t n) {
130 size_t i;
131 int r;
132
133 /* Prepare all custom mounts. This will make source we know all temporary directories. This is called in the
134 * parent process, so that we know the temporary directories to remove on exit before we fork off the
135 * children. */
136
137 assert(l || n == 0);
138
139 /* Order the custom mounts, and make sure we have a working directory */
140 typesafe_qsort(l, n, custom_mount_compare);
141
142 for (i = 0; i < n; i++) {
143 CustomMount *m = l + i;
144
145 /* /proc we mount in the inner child, i.e. when we acquired CLONE_NEWPID. All other mounts we mount
146 * already in the outer child, so that the mounts are already established before CLONE_NEWPID and in
147 * particular CLONE_NEWUSER. This also means any custom mounts below /proc also need to be mounted in
148 * the inner child, not the outer one. Determine this here. */
149 m->in_userns = path_startswith(m->destination, "/proc");
150
151 if (m->type == CUSTOM_MOUNT_BIND) {
152 if (m->source) {
153 char *s;
154
155 s = resolve_source_path(dest, m->source);
156 if (!s)
157 return log_oom();
158
159 free_and_replace(m->source, s);
160 } else {
161 /* No source specified? In that case, use a throw-away temporary directory in /var/tmp */
162
163 r = allocate_temporary_source(m);
164 if (r < 0)
165 return r;
166 }
167 }
168
169 if (m->type == CUSTOM_MOUNT_OVERLAY) {
170 char **j;
171
172 STRV_FOREACH(j, m->lower) {
173 char *s;
174
175 s = resolve_source_path(dest, *j);
176 if (!s)
177 return log_oom();
178
179 free_and_replace(*j, s);
180 }
181
182 if (m->source) {
183 char *s;
184
185 s = resolve_source_path(dest, m->source);
186 if (!s)
187 return log_oom();
188
189 free_and_replace(m->source, s);
190 } else {
191 r = allocate_temporary_source(m);
192 if (r < 0)
193 return r;
194 }
195
196 if (m->work_dir) {
197 char *s;
198
199 s = resolve_source_path(dest, m->work_dir);
200 if (!s)
201 return log_oom();
202
203 free_and_replace(m->work_dir, s);
204 } else {
205 r = tempfn_random(m->source, NULL, &m->work_dir);
206 if (r < 0)
207 return log_error_errno(r, "Failed to acquire working directory: %m");
208 }
209
210 (void) mkdir_label(m->work_dir, 0700);
211 }
212 }
213
214 return 0;
215 }
216
217 int bind_mount_parse(CustomMount **l, size_t *n, const char *s, bool read_only) {
218 _cleanup_free_ char *source = NULL, *destination = NULL, *opts = NULL;
219 const char *p = s;
220 CustomMount *m;
221 int r;
222
223 assert(l);
224 assert(n);
225
226 r = extract_many_words(&p, ":", EXTRACT_DONT_COALESCE_SEPARATORS, &source, &destination, NULL);
227 if (r < 0)
228 return r;
229 if (r == 0)
230 return -EINVAL;
231 if (r == 1) {
232 destination = strdup(source[0] == '+' ? source+1 : source);
233 if (!destination)
234 return -ENOMEM;
235 }
236 if (r == 2 && !isempty(p)) {
237 opts = strdup(p);
238 if (!opts)
239 return -ENOMEM;
240 }
241
242 if (isempty(source))
243 source = mfree(source);
244 else if (!source_path_is_valid(source))
245 return -EINVAL;
246
247 if (!path_is_absolute(destination))
248 return -EINVAL;
249
250 m = custom_mount_add(l, n, CUSTOM_MOUNT_BIND);
251 if (!m)
252 return -ENOMEM;
253
254 m->source = TAKE_PTR(source);
255 m->destination = TAKE_PTR(destination);
256 m->read_only = read_only;
257 m->options = TAKE_PTR(opts);
258
259 return 0;
260 }
261
262 int tmpfs_mount_parse(CustomMount **l, size_t *n, const char *s) {
263 _cleanup_free_ char *path = NULL, *opts = NULL;
264 const char *p = s;
265 CustomMount *m;
266 int r;
267
268 assert(l);
269 assert(n);
270 assert(s);
271
272 r = extract_first_word(&p, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
273 if (r < 0)
274 return r;
275 if (r == 0)
276 return -EINVAL;
277
278 if (isempty(p))
279 opts = strdup("mode=0755");
280 else
281 opts = strdup(p);
282 if (!opts)
283 return -ENOMEM;
284
285 if (!path_is_absolute(path))
286 return -EINVAL;
287
288 m = custom_mount_add(l, n, CUSTOM_MOUNT_TMPFS);
289 if (!m)
290 return -ENOMEM;
291
292 m->destination = TAKE_PTR(path);
293 m->options = TAKE_PTR(opts);
294
295 return 0;
296 }
297
298 int overlay_mount_parse(CustomMount **l, size_t *n, const char *s, bool read_only) {
299 _cleanup_free_ char *upper = NULL, *destination = NULL;
300 _cleanup_strv_free_ char **lower = NULL;
301 CustomMount *m;
302 int k;
303
304 k = strv_split_extract(&lower, s, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
305 if (k < 0)
306 return k;
307 if (k < 2)
308 return -EADDRNOTAVAIL;
309 if (k == 2) {
310 /* If two parameters are specified, the first one is the lower, the second one the upper directory. And
311 * we'll also define the destination mount point the same as the upper. */
312
313 if (!source_path_is_valid(lower[0]) ||
314 !source_path_is_valid(lower[1]))
315 return -EINVAL;
316
317 upper = TAKE_PTR(lower[1]);
318
319 destination = strdup(upper[0] == '+' ? upper+1 : upper); /* take the destination without "+" prefix */
320 if (!destination)
321 return -ENOMEM;
322 } else {
323 char **i;
324
325 /* If more than two parameters are specified, the last one is the destination, the second to last one
326 * the "upper", and all before that the "lower" directories. */
327
328 destination = lower[k - 1];
329 upper = TAKE_PTR(lower[k - 2]);
330
331 STRV_FOREACH(i, lower)
332 if (!source_path_is_valid(*i))
333 return -EINVAL;
334
335 /* If the upper directory is unspecified, then let's create it automatically as a throw-away directory
336 * in /var/tmp */
337 if (isempty(upper))
338 upper = mfree(upper);
339 else if (!source_path_is_valid(upper))
340 return -EINVAL;
341
342 if (!path_is_absolute(destination))
343 return -EINVAL;
344 }
345
346 m = custom_mount_add(l, n, CUSTOM_MOUNT_OVERLAY);
347 if (!m)
348 return -ENOMEM;
349
350 m->destination = TAKE_PTR(destination);
351 m->source = TAKE_PTR(upper);
352 m->lower = TAKE_PTR(lower);
353 m->read_only = read_only;
354
355 return 0;
356 }
357
358 int inaccessible_mount_parse(CustomMount **l, size_t *n, const char *s) {
359 _cleanup_free_ char *path = NULL;
360 CustomMount *m;
361
362 assert(l);
363 assert(n);
364 assert(s);
365
366 if (!path_is_absolute(s))
367 return -EINVAL;
368
369 path = strdup(s);
370 if (!path)
371 return -ENOMEM;
372
373 m = custom_mount_add(l, n, CUSTOM_MOUNT_INACCESSIBLE);
374 if (!m)
375 return -ENOMEM;
376
377 m->destination = TAKE_PTR(path);
378 return 0;
379 }
380
381 int tmpfs_patch_options(
382 const char *options,
383 uid_t uid_shift,
384 const char *selinux_apifs_context,
385 char **ret) {
386
387 char *buf = NULL;
388
389 if (uid_shift != UID_INVALID) {
390 if (asprintf(&buf, "%s%suid=" UID_FMT ",gid=" UID_FMT,
391 strempty(options), options ? "," : "",
392 uid_shift, uid_shift) < 0)
393 return -ENOMEM;
394
395 options = buf;
396 }
397
398 #if HAVE_SELINUX
399 if (selinux_apifs_context) {
400 char *t;
401
402 t = strjoin(strempty(options), options ? "," : "",
403 "context=\"", selinux_apifs_context, "\"");
404 free(buf);
405 if (!t)
406 return -ENOMEM;
407
408 buf = t;
409 }
410 #endif
411
412 if (!buf && options) {
413 buf = strdup(options);
414 if (!buf)
415 return -ENOMEM;
416 }
417 *ret = buf;
418
419 return !!buf;
420 }
421
422 int mount_sysfs(const char *dest, MountSettingsMask mount_settings) {
423 const char *full, *top, *x;
424 int r;
425 unsigned long extra_flags = 0;
426
427 top = prefix_roota(dest, "/sys");
428 r = path_is_fs_type(top, SYSFS_MAGIC);
429 if (r < 0)
430 return log_error_errno(r, "Failed to determine filesystem type of %s: %m", top);
431 /* /sys might already be mounted as sysfs by the outer child in the
432 * !netns case. In this case, it's all good. Don't touch it because we
433 * don't have the right to do so, see https://github.com/systemd/systemd/issues/1555.
434 */
435 if (r > 0)
436 return 0;
437
438 full = prefix_roota(top, "/full");
439
440 (void) mkdir(full, 0755);
441
442 if (FLAGS_SET(mount_settings, MOUNT_APPLY_APIVFS_RO))
443 extra_flags |= MS_RDONLY;
444
445 r = mount_verbose(LOG_ERR, "sysfs", full, "sysfs",
446 MS_NOSUID|MS_NOEXEC|MS_NODEV|extra_flags, NULL);
447 if (r < 0)
448 return r;
449
450 FOREACH_STRING(x, "block", "bus", "class", "dev", "devices", "kernel") {
451 _cleanup_free_ char *from = NULL, *to = NULL;
452
453 from = path_join(full, x);
454 if (!from)
455 return log_oom();
456
457 to = path_join(top, x);
458 if (!to)
459 return log_oom();
460
461 (void) mkdir(to, 0755);
462
463 r = mount_verbose(LOG_ERR, from, to, NULL, MS_BIND, NULL);
464 if (r < 0)
465 return r;
466
467 r = mount_verbose(LOG_ERR, NULL, to, NULL,
468 MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT|extra_flags, NULL);
469 if (r < 0)
470 return r;
471 }
472
473 r = umount_verbose(full);
474 if (r < 0)
475 return r;
476
477 if (rmdir(full) < 0)
478 return log_error_errno(errno, "Failed to remove %s: %m", full);
479
480 /* Create mountpoint for cgroups. Otherwise we are not allowed since we
481 * remount /sys read-only.
482 */
483 x = prefix_roota(top, "/fs/cgroup");
484 (void) mkdir_p(x, 0755);
485
486 return mount_verbose(LOG_ERR, NULL, top, NULL,
487 MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT|extra_flags, NULL);
488 }
489
490 int mount_all(const char *dest,
491 MountSettingsMask mount_settings,
492 uid_t uid_shift,
493 const char *selinux_apifs_context) {
494
495 #define PROC_INACCESSIBLE_REG(path) \
496 { "/run/systemd/inaccessible/reg", (path), NULL, NULL, MS_BIND, \
497 MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* Bind mount first ... */ \
498 { NULL, (path), NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, \
499 MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO } /* Then, make it r/o */
500
501 #define PROC_READ_ONLY(path) \
502 { (path), (path), NULL, NULL, MS_BIND, \
503 MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* Bind mount first ... */ \
504 { NULL, (path), NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, \
505 MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO } /* Then, make it r/o */
506
507 typedef struct MountPoint {
508 const char *what;
509 const char *where;
510 const char *type;
511 const char *options;
512 unsigned long flags;
513 MountSettingsMask mount_settings;
514 } MountPoint;
515
516 static const MountPoint mount_table[] = {
517 /* First we list inner child mounts (i.e. mounts applied *after* entering user namespacing) */
518 { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
519 MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_MKDIR },
520
521 { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND,
522 MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* Bind mount first ... */
523
524 { "/proc/sys/net", "/proc/sys/net", NULL, NULL, MS_BIND,
525 MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO|MOUNT_APPLY_APIVFS_NETNS }, /* (except for this) */
526
527 { NULL, "/proc/sys", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
528 MOUNT_FATAL|MOUNT_IN_USERNS|MOUNT_APPLY_APIVFS_RO }, /* ... then, make it r/o */
529
530 /* Make these files inaccessible to container payloads: they potentially leak information about kernel
531 * internals or the host's execution environment to the container */
532 PROC_INACCESSIBLE_REG("/proc/kallsyms"),
533 PROC_INACCESSIBLE_REG("/proc/kcore"),
534 PROC_INACCESSIBLE_REG("/proc/keys"),
535 PROC_INACCESSIBLE_REG("/proc/sysrq-trigger"),
536 PROC_INACCESSIBLE_REG("/proc/timer_list"),
537
538 /* Make these directories read-only to container payloads: they show hardware information, and in some
539 * cases contain tunables the container really shouldn't have access to. */
540 PROC_READ_ONLY("/proc/acpi"),
541 PROC_READ_ONLY("/proc/apm"),
542 PROC_READ_ONLY("/proc/asound"),
543 PROC_READ_ONLY("/proc/bus"),
544 PROC_READ_ONLY("/proc/fs"),
545 PROC_READ_ONLY("/proc/irq"),
546 PROC_READ_ONLY("/proc/scsi"),
547
548 { "mqueue", "/dev/mqueue", "mqueue", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
549 MOUNT_IN_USERNS|MOUNT_MKDIR },
550
551 /* Then we list outer child mounts (i.e. mounts applied *before* entering user namespacing) */
552 { "tmpfs", "/tmp", "tmpfs", "mode=1777" TMPFS_LIMITS_TMP, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
553 MOUNT_FATAL|MOUNT_APPLY_TMPFS_TMP|MOUNT_MKDIR },
554 { "tmpfs", "/sys", "tmpfs", "mode=555" TMPFS_LIMITS_SYS, MS_NOSUID|MS_NOEXEC|MS_NODEV,
555 MOUNT_FATAL|MOUNT_APPLY_APIVFS_NETNS|MOUNT_MKDIR },
556 { "sysfs", "/sys", "sysfs", NULL, MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV,
557 MOUNT_FATAL|MOUNT_APPLY_APIVFS_RO|MOUNT_MKDIR }, /* skipped if above was mounted */
558 { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
559 MOUNT_FATAL|MOUNT_MKDIR }, /* skipped if above was mounted */
560 { "tmpfs", "/dev", "tmpfs", "mode=755" TMPFS_LIMITS_DEV, MS_NOSUID|MS_STRICTATIME,
561 MOUNT_FATAL|MOUNT_MKDIR },
562 { "tmpfs", "/dev/shm", "tmpfs", "mode=1777" TMPFS_LIMITS_DEV_SHM, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
563 MOUNT_FATAL|MOUNT_MKDIR },
564 { "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
565 MOUNT_FATAL|MOUNT_MKDIR },
566 { "/usr/lib/os-release", "/run/host/usr/lib/os-release", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV,
567 MOUNT_FATAL|MOUNT_MKDIR|MOUNT_TOUCH },
568 { "/etc/os-release", "/run/host/etc/os-release", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV,
569 MOUNT_MKDIR|MOUNT_TOUCH },
570
571 #if HAVE_SELINUX
572 { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND,
573 MOUNT_MKDIR }, /* Bind mount first (mkdir/chown the mount point in case /sys/ is mounted as minimal skeleton tmpfs) */
574 { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
575 0 }, /* Then, make it r/o (don't mkdir/chown the mount point here, the previous entry already did that) */
576 #endif
577 };
578
579 bool use_userns = FLAGS_SET(mount_settings, MOUNT_USE_USERNS);
580 bool netns = FLAGS_SET(mount_settings, MOUNT_APPLY_APIVFS_NETNS);
581 bool ro = FLAGS_SET(mount_settings, MOUNT_APPLY_APIVFS_RO);
582 bool in_userns = FLAGS_SET(mount_settings, MOUNT_IN_USERNS);
583 bool tmpfs_tmp = FLAGS_SET(mount_settings, MOUNT_APPLY_TMPFS_TMP);
584 size_t k;
585 int r;
586
587 for (k = 0; k < ELEMENTSOF(mount_table); k++) {
588 _cleanup_free_ char *where = NULL, *options = NULL;
589 const char *o;
590 struct stat source_st;
591 bool fatal = FLAGS_SET(mount_table[k].mount_settings, MOUNT_FATAL);
592
593 if (in_userns != FLAGS_SET(mount_table[k].mount_settings, MOUNT_IN_USERNS))
594 continue;
595
596 if (!netns && FLAGS_SET(mount_table[k].mount_settings, MOUNT_APPLY_APIVFS_NETNS))
597 continue;
598
599 if (!ro && FLAGS_SET(mount_table[k].mount_settings, MOUNT_APPLY_APIVFS_RO))
600 continue;
601
602 if (!tmpfs_tmp && FLAGS_SET(mount_table[k].mount_settings, MOUNT_APPLY_TMPFS_TMP))
603 continue;
604
605 r = chase_symlinks(mount_table[k].where, dest, CHASE_NONEXISTENT|CHASE_PREFIX_ROOT, &where, NULL);
606 if (r < 0)
607 return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, mount_table[k].where);
608
609 /* Skip this entry if it is not a remount. */
610 if (mount_table[k].what) {
611 r = path_is_mount_point(where, NULL, 0);
612 if (r < 0 && r != -ENOENT)
613 return log_error_errno(r, "Failed to detect whether %s is a mount point: %m", where);
614 if (r > 0)
615 continue;
616
617 /* Shortcut for optional bind mounts: if the source can't be found skip ahead to avoid creating
618 * empty and unused directories. */
619 if (!fatal && FLAGS_SET(mount_table[k].mount_settings, MOUNT_MKDIR) && FLAGS_SET(mount_table[k].flags, MS_BIND)) {
620 r = stat(mount_table[k].what, &source_st);
621 if (r < 0) {
622 if (errno == ENOENT)
623 continue;
624 return log_error_errno(errno, "Failed to stat %s: %m", mount_table[k].what);
625 }
626 }
627 }
628
629 if (FLAGS_SET(mount_table[k].mount_settings, MOUNT_MKDIR)) {
630 uid_t u = (use_userns && !in_userns) ? uid_shift : UID_INVALID;
631
632 if (FLAGS_SET(mount_table[k].mount_settings, MOUNT_TOUCH))
633 r = mkdir_parents_safe(dest, where, 0755, u, u, 0);
634 else
635 r = mkdir_p_safe(dest, where, 0755, u, u, 0);
636 if (r < 0 && r != -EEXIST) {
637 if (fatal && r != -EROFS)
638 return log_error_errno(r, "Failed to create directory %s: %m", where);
639
640 log_debug_errno(r, "Failed to create directory %s: %m", where);
641
642 /* If we failed mkdir() or chown() due to the root directory being read only,
643 * attempt to mount this fs anyway and let mount_verbose log any errors */
644 if (r != -EROFS)
645 continue;
646 }
647 if (FLAGS_SET(mount_table[k].mount_settings, MOUNT_TOUCH)) {
648 r = touch(where);
649 if (r < 0 && r != -EEXIST) {
650 if (fatal)
651 return log_error_errno(r, "Failed to create mount point %s: %m", where);
652 log_debug_errno(r, "Failed to create mount point %s: %m", where);
653 }
654 }
655 }
656
657 o = mount_table[k].options;
658 if (streq_ptr(mount_table[k].type, "tmpfs")) {
659 r = tmpfs_patch_options(o, in_userns ? 0 : uid_shift, selinux_apifs_context, &options);
660 if (r < 0)
661 return log_oom();
662 if (r > 0)
663 o = options;
664 }
665
666 r = mount_verbose(fatal ? LOG_ERR : LOG_DEBUG,
667 mount_table[k].what,
668 where,
669 mount_table[k].type,
670 mount_table[k].flags,
671 o);
672 if (r < 0 && fatal)
673 return r;
674 }
675
676 return 0;
677 }
678
679 static int parse_mount_bind_options(const char *options, unsigned long *mount_flags, char **mount_opts) {
680 const char *p = options;
681 unsigned long flags = *mount_flags;
682 char *opts = NULL;
683 int r;
684
685 assert(options);
686
687 for (;;) {
688 _cleanup_free_ char *word = NULL;
689
690 r = extract_first_word(&p, &word, ",", 0);
691 if (r < 0)
692 return log_error_errno(r, "Failed to extract mount option: %m");
693 if (r == 0)
694 break;
695
696 if (streq(word, "rbind"))
697 flags |= MS_REC;
698 else if (streq(word, "norbind"))
699 flags &= ~MS_REC;
700 else {
701 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
702 "Invalid bind mount option: %s",
703 word);
704 }
705 }
706
707 *mount_flags = flags;
708 /* in the future mount_opts will hold string options for mount(2) */
709 *mount_opts = opts;
710
711 return 0;
712 }
713
714 static int mount_bind(const char *dest, CustomMount *m) {
715 _cleanup_free_ char *mount_opts = NULL, *where = NULL;
716 unsigned long mount_flags = MS_BIND | MS_REC;
717 struct stat source_st, dest_st;
718 int r;
719
720 assert(dest);
721 assert(m);
722
723 if (m->options) {
724 r = parse_mount_bind_options(m->options, &mount_flags, &mount_opts);
725 if (r < 0)
726 return r;
727 }
728
729 if (stat(m->source, &source_st) < 0)
730 return log_error_errno(errno, "Failed to stat %s: %m", m->source);
731
732 r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where, NULL);
733 if (r < 0)
734 return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination);
735 if (r > 0) { /* Path exists already? */
736
737 if (stat(where, &dest_st) < 0)
738 return log_error_errno(errno, "Failed to stat %s: %m", where);
739
740 if (S_ISDIR(source_st.st_mode) && !S_ISDIR(dest_st.st_mode))
741 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
742 "Cannot bind mount directory %s on file %s.",
743 m->source, where);
744
745 if (!S_ISDIR(source_st.st_mode) && S_ISDIR(dest_st.st_mode))
746 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
747 "Cannot bind mount file %s on directory %s.",
748 m->source, where);
749
750 } else { /* Path doesn't exist yet? */
751 r = mkdir_parents_label(where, 0755);
752 if (r < 0)
753 return log_error_errno(r, "Failed to make parents of %s: %m", where);
754
755 /* Create the mount point. Any non-directory file can be
756 * mounted on any non-directory file (regular, fifo, socket,
757 * char, block).
758 */
759 if (S_ISDIR(source_st.st_mode))
760 r = mkdir_label(where, 0755);
761 else
762 r = touch(where);
763 if (r < 0)
764 return log_error_errno(r, "Failed to create mount point %s: %m", where);
765 }
766
767 r = mount_verbose(LOG_ERR, m->source, where, NULL, mount_flags, mount_opts);
768 if (r < 0)
769 return r;
770
771 if (m->read_only) {
772 r = bind_remount_recursive(where, MS_RDONLY, MS_RDONLY, NULL);
773 if (r < 0)
774 return log_error_errno(r, "Read-only bind mount failed: %m");
775 }
776
777 return 0;
778 }
779
780 static int mount_tmpfs(const char *dest, CustomMount *m, uid_t uid_shift, const char *selinux_apifs_context) {
781
782 const char *options;
783 _cleanup_free_ char *buf = NULL, *where = NULL;
784 int r;
785
786 assert(dest);
787 assert(m);
788
789 r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where, NULL);
790 if (r < 0)
791 return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination);
792 if (r == 0) { /* Doesn't exist yet? */
793 r = mkdir_p_label(where, 0755);
794 if (r < 0)
795 return log_error_errno(r, "Creating mount point for tmpfs %s failed: %m", where);
796 }
797
798 r = tmpfs_patch_options(m->options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf);
799 if (r < 0)
800 return log_oom();
801 options = r > 0 ? buf : m->options;
802
803 return mount_verbose(LOG_ERR, "tmpfs", where, "tmpfs", MS_NODEV|MS_STRICTATIME, options);
804 }
805
806 static char *joined_and_escaped_lower_dirs(char **lower) {
807 _cleanup_strv_free_ char **sv = NULL;
808
809 sv = strv_copy(lower);
810 if (!sv)
811 return NULL;
812
813 strv_reverse(sv);
814
815 if (!strv_shell_escape(sv, ",:"))
816 return NULL;
817
818 return strv_join(sv, ":");
819 }
820
821 static int mount_overlay(const char *dest, CustomMount *m) {
822 _cleanup_free_ char *lower = NULL, *where = NULL, *escaped_source = NULL;
823 const char *options;
824 int r;
825
826 assert(dest);
827 assert(m);
828
829 r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where, NULL);
830 if (r < 0)
831 return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination);
832 if (r == 0) { /* Doesn't exist yet? */
833 r = mkdir_label(where, 0755);
834 if (r < 0)
835 return log_error_errno(r, "Creating mount point for overlay %s failed: %m", where);
836 }
837
838 (void) mkdir_p_label(m->source, 0755);
839
840 lower = joined_and_escaped_lower_dirs(m->lower);
841 if (!lower)
842 return log_oom();
843
844 escaped_source = shell_escape(m->source, ",:");
845 if (!escaped_source)
846 return log_oom();
847
848 if (m->read_only)
849 options = strjoina("lowerdir=", escaped_source, ":", lower);
850 else {
851 _cleanup_free_ char *escaped_work_dir = NULL;
852
853 escaped_work_dir = shell_escape(m->work_dir, ",:");
854 if (!escaped_work_dir)
855 return log_oom();
856
857 options = strjoina("lowerdir=", lower, ",upperdir=", escaped_source, ",workdir=", escaped_work_dir);
858 }
859
860 return mount_verbose(LOG_ERR, "overlay", where, "overlay", m->read_only ? MS_RDONLY : 0, options);
861 }
862
863 static int mount_inaccessible(const char *dest, CustomMount *m) {
864 _cleanup_free_ char *where = NULL, *source = NULL;
865 struct stat st;
866 int r;
867
868 assert(dest);
869 assert(m);
870
871 r = chase_symlinks_and_stat(m->destination, dest, CHASE_PREFIX_ROOT, &where, &st, NULL);
872 if (r < 0) {
873 log_full_errno(m->graceful ? LOG_DEBUG : LOG_ERR, r, "Failed to resolve %s/%s: %m", dest, m->destination);
874 return m->graceful ? 0 : r;
875 }
876
877 r = mode_to_inaccessible_node(NULL, st.st_mode, &source);
878 if (r < 0)
879 return m->graceful ? 0 : r;
880
881 r = mount_verbose(m->graceful ? LOG_DEBUG : LOG_ERR, source, where, NULL, MS_BIND, NULL);
882 if (r < 0)
883 return m->graceful ? 0 : r;
884
885 r = mount_verbose(m->graceful ? LOG_DEBUG : LOG_ERR, NULL, where, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL);
886 if (r < 0) {
887 (void) umount_verbose(where);
888 return m->graceful ? 0 : r;
889 }
890
891 return 0;
892 }
893
894 static int mount_arbitrary(const char *dest, CustomMount *m) {
895 _cleanup_free_ char *where = NULL;
896 int r;
897
898 assert(dest);
899 assert(m);
900
901 r = chase_symlinks(m->destination, dest, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &where, NULL);
902 if (r < 0)
903 return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, m->destination);
904 if (r == 0) { /* Doesn't exist yet? */
905 r = mkdir_p_label(where, 0755);
906 if (r < 0)
907 return log_error_errno(r, "Creating mount point for mount %s failed: %m", where);
908 }
909
910 return mount_verbose(LOG_ERR, m->source, where, m->type_argument, 0, m->options);
911 }
912
913 int mount_custom(
914 const char *dest,
915 CustomMount *mounts, size_t n,
916 uid_t uid_shift,
917 const char *selinux_apifs_context,
918 MountSettingsMask mount_settings) {
919
920 size_t i;
921 int r;
922
923 assert(dest);
924
925 for (i = 0; i < n; i++) {
926 CustomMount *m = mounts + i;
927
928 if (FLAGS_SET(mount_settings, MOUNT_IN_USERNS) != m->in_userns)
929 continue;
930
931 if (FLAGS_SET(mount_settings, MOUNT_ROOT_ONLY) && !path_equal(m->destination, "/"))
932 continue;
933
934 if (FLAGS_SET(mount_settings, MOUNT_NON_ROOT_ONLY) && path_equal(m->destination, "/"))
935 continue;
936
937 switch (m->type) {
938
939 case CUSTOM_MOUNT_BIND:
940 r = mount_bind(dest, m);
941 break;
942
943 case CUSTOM_MOUNT_TMPFS:
944 r = mount_tmpfs(dest, m, uid_shift, selinux_apifs_context);
945 break;
946
947 case CUSTOM_MOUNT_OVERLAY:
948 r = mount_overlay(dest, m);
949 break;
950
951 case CUSTOM_MOUNT_INACCESSIBLE:
952 r = mount_inaccessible(dest, m);
953 break;
954
955 case CUSTOM_MOUNT_ARBITRARY:
956 r = mount_arbitrary(dest, m);
957 break;
958
959 default:
960 assert_not_reached("Unknown custom mount type");
961 }
962
963 if (r < 0)
964 return r;
965 }
966
967 return 0;
968 }
969
970 bool has_custom_root_mount(const CustomMount *mounts, size_t n) {
971 size_t i;
972
973 for (i = 0; i < n; i++) {
974 const CustomMount *m = mounts + i;
975
976 if (path_equal(m->destination, "/"))
977 return true;
978 }
979
980 return false;
981 }
982
983 static int setup_volatile_state(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) {
984
985 _cleanup_free_ char *buf = NULL;
986 const char *p, *options;
987 int r;
988
989 assert(directory);
990
991 /* --volatile=state means we simply overmount /var with a tmpfs, and the rest read-only. */
992
993 r = bind_remount_recursive(directory, MS_RDONLY, MS_RDONLY, NULL);
994 if (r < 0)
995 return log_error_errno(r, "Failed to remount %s read-only: %m", directory);
996
997 p = prefix_roota(directory, "/var");
998 r = mkdir(p, 0755);
999 if (r < 0 && errno != EEXIST)
1000 return log_error_errno(errno, "Failed to create %s: %m", directory);
1001
1002 options = "mode=755" TMPFS_LIMITS_VOLATILE_STATE;
1003 r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf);
1004 if (r < 0)
1005 return log_oom();
1006 if (r > 0)
1007 options = buf;
1008
1009 return mount_verbose(LOG_ERR, "tmpfs", p, "tmpfs", MS_STRICTATIME, options);
1010 }
1011
1012 static int setup_volatile_yes(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) {
1013
1014 bool tmpfs_mounted = false, bind_mounted = false;
1015 char template[] = "/tmp/nspawn-volatile-XXXXXX";
1016 _cleanup_free_ char *buf = NULL, *bindir = NULL;
1017 const char *f, *t, *options;
1018 struct stat st;
1019 int r;
1020
1021 assert(directory);
1022
1023 /* --volatile=yes means we mount a tmpfs to the root dir, and the original /usr to use inside it, and
1024 * that read-only. Before we start setting this up let's validate if the image has the /usr merge
1025 * implemented, and let's output a friendly log message if it hasn't. */
1026
1027 bindir = path_join(directory, "/bin");
1028 if (!bindir)
1029 return log_oom();
1030 if (lstat(bindir, &st) < 0) {
1031 if (errno != ENOENT)
1032 return log_error_errno(errno, "Failed to stat /bin directory below image: %m");
1033
1034 /* ENOENT is fine, just means the image is probably just a naked /usr and we can create the
1035 * rest. */
1036 } else if (S_ISDIR(st.st_mode))
1037 return log_error_errno(SYNTHETIC_ERRNO(EISDIR),
1038 "Sorry, --volatile=yes mode is not supported with OS images that have not merged /bin/, /sbin/, /lib/, /lib64/ into /usr/. "
1039 "Please work with your distribution and help them adopt the merged /usr scheme.");
1040 else if (!S_ISLNK(st.st_mode))
1041 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1042 "Error starting image: if --volatile=yes is used /bin must be a symlink (for merged /usr support) or non-existent (in which case a symlink is created automatically).");
1043
1044 if (!mkdtemp(template))
1045 return log_error_errno(errno, "Failed to create temporary directory: %m");
1046
1047 options = "mode=755" TMPFS_LIMITS_ROOTFS;
1048 r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf);
1049 if (r < 0)
1050 goto fail;
1051 if (r > 0)
1052 options = buf;
1053
1054 r = mount_verbose(LOG_ERR, "tmpfs", template, "tmpfs", MS_STRICTATIME, options);
1055 if (r < 0)
1056 goto fail;
1057
1058 tmpfs_mounted = true;
1059
1060 f = prefix_roota(directory, "/usr");
1061 t = prefix_roota(template, "/usr");
1062
1063 r = mkdir(t, 0755);
1064 if (r < 0 && errno != EEXIST) {
1065 r = log_error_errno(errno, "Failed to create %s: %m", t);
1066 goto fail;
1067 }
1068
1069 r = mount_verbose(LOG_ERR, f, t, NULL, MS_BIND|MS_REC, NULL);
1070 if (r < 0)
1071 goto fail;
1072
1073 bind_mounted = true;
1074
1075 r = bind_remount_recursive(t, MS_RDONLY, MS_RDONLY, NULL);
1076 if (r < 0) {
1077 log_error_errno(r, "Failed to remount %s read-only: %m", t);
1078 goto fail;
1079 }
1080
1081 r = mount_verbose(LOG_ERR, template, directory, NULL, MS_MOVE, NULL);
1082 if (r < 0)
1083 goto fail;
1084
1085 (void) rmdir(template);
1086
1087 return 0;
1088
1089 fail:
1090 if (bind_mounted)
1091 (void) umount_verbose(t);
1092
1093 if (tmpfs_mounted)
1094 (void) umount_verbose(template);
1095 (void) rmdir(template);
1096 return r;
1097 }
1098
1099 static int setup_volatile_overlay(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) {
1100
1101 _cleanup_free_ char *buf = NULL, *escaped_directory = NULL, *escaped_upper = NULL, *escaped_work = NULL;
1102 char template[] = "/tmp/nspawn-volatile-XXXXXX";
1103 const char *upper, *work, *options;
1104 bool tmpfs_mounted = false;
1105 int r;
1106
1107 assert(directory);
1108
1109 /* --volatile=overlay means we mount an overlayfs to the root dir. */
1110
1111 if (!mkdtemp(template))
1112 return log_error_errno(errno, "Failed to create temporary directory: %m");
1113
1114 options = "mode=755" TMPFS_LIMITS_ROOTFS;
1115 r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf);
1116 if (r < 0)
1117 goto finish;
1118 if (r > 0)
1119 options = buf;
1120
1121 r = mount_verbose(LOG_ERR, "tmpfs", template, "tmpfs", MS_STRICTATIME, options);
1122 if (r < 0)
1123 goto finish;
1124
1125 tmpfs_mounted = true;
1126
1127 upper = strjoina(template, "/upper");
1128 work = strjoina(template, "/work");
1129
1130 if (mkdir(upper, 0755) < 0) {
1131 r = log_error_errno(errno, "Failed to create %s: %m", upper);
1132 goto finish;
1133 }
1134 if (mkdir(work, 0755) < 0) {
1135 r = log_error_errno(errno, "Failed to create %s: %m", work);
1136 goto finish;
1137 }
1138
1139 /* And now, let's overmount the root dir with an overlayfs that uses the root dir as lower dir. It's kinda nice
1140 * that the kernel allows us to do that without going through some mount point rearrangements. */
1141
1142 escaped_directory = shell_escape(directory, ",:");
1143 escaped_upper = shell_escape(upper, ",:");
1144 escaped_work = shell_escape(work, ",:");
1145 if (!escaped_directory || !escaped_upper || !escaped_work) {
1146 r = -ENOMEM;
1147 goto finish;
1148 }
1149
1150 options = strjoina("lowerdir=", escaped_directory, ",upperdir=", escaped_upper, ",workdir=", escaped_work);
1151 r = mount_verbose(LOG_ERR, "overlay", directory, "overlay", 0, options);
1152
1153 finish:
1154 if (tmpfs_mounted)
1155 (void) umount_verbose(template);
1156
1157 (void) rmdir(template);
1158 return r;
1159 }
1160
1161 int setup_volatile_mode(
1162 const char *directory,
1163 VolatileMode mode,
1164 uid_t uid_shift,
1165 const char *selinux_apifs_context) {
1166
1167 switch (mode) {
1168
1169 case VOLATILE_YES:
1170 return setup_volatile_yes(directory, uid_shift, selinux_apifs_context);
1171
1172 case VOLATILE_STATE:
1173 return setup_volatile_state(directory, uid_shift, selinux_apifs_context);
1174
1175 case VOLATILE_OVERLAY:
1176 return setup_volatile_overlay(directory, uid_shift, selinux_apifs_context);
1177
1178 default:
1179 return 0;
1180 }
1181 }
1182
1183 /* Expects *pivot_root_new and *pivot_root_old to be initialised to allocated memory or NULL. */
1184 int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s) {
1185 _cleanup_free_ char *root_new = NULL, *root_old = NULL;
1186 const char *p = s;
1187 int r;
1188
1189 assert(pivot_root_new);
1190 assert(pivot_root_old);
1191
1192 r = extract_first_word(&p, &root_new, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
1193 if (r < 0)
1194 return r;
1195 if (r == 0)
1196 return -EINVAL;
1197
1198 if (isempty(p))
1199 root_old = NULL;
1200 else {
1201 root_old = strdup(p);
1202 if (!root_old)
1203 return -ENOMEM;
1204 }
1205
1206 if (!path_is_absolute(root_new))
1207 return -EINVAL;
1208 if (root_old && !path_is_absolute(root_old))
1209 return -EINVAL;
1210
1211 free_and_replace(*pivot_root_new, root_new);
1212 free_and_replace(*pivot_root_old, root_old);
1213
1214 return 0;
1215 }
1216
1217 int setup_pivot_root(const char *directory, const char *pivot_root_new, const char *pivot_root_old) {
1218 _cleanup_free_ char *directory_pivot_root_new = NULL;
1219 _cleanup_free_ char *pivot_tmp_pivot_root_old = NULL;
1220 char pivot_tmp[] = "/tmp/nspawn-pivot-XXXXXX";
1221 bool remove_pivot_tmp = false;
1222 int r;
1223
1224 assert(directory);
1225
1226 if (!pivot_root_new)
1227 return 0;
1228
1229 /* Pivot pivot_root_new to / and the existing / to pivot_root_old.
1230 * If pivot_root_old is NULL, the existing / disappears.
1231 * This requires a temporary directory, pivot_tmp, which is
1232 * not a child of either.
1233 *
1234 * This is typically used for OSTree-style containers, where
1235 * the root partition contains several sysroots which could be
1236 * run. Normally, one would be chosen by the bootloader and
1237 * pivoted to / by initramfs.
1238 *
1239 * For example, for an OSTree deployment, pivot_root_new
1240 * would be: /ostree/deploy/$os/deploy/$checksum. Note that this
1241 * code doesn’t do the /var mount which OSTree expects: use
1242 * --bind +/sysroot/ostree/deploy/$os/var:/var for that.
1243 *
1244 * So in the OSTree case, we’ll end up with something like:
1245 * - directory = /tmp/nspawn-root-123456
1246 * - pivot_root_new = /ostree/deploy/os/deploy/123abc
1247 * - pivot_root_old = /sysroot
1248 * - directory_pivot_root_new =
1249 * /tmp/nspawn-root-123456/ostree/deploy/os/deploy/123abc
1250 * - pivot_tmp = /tmp/nspawn-pivot-123456
1251 * - pivot_tmp_pivot_root_old = /tmp/nspawn-pivot-123456/sysroot
1252 *
1253 * Requires all file systems at directory and below to be mounted
1254 * MS_PRIVATE or MS_SLAVE so they can be moved.
1255 */
1256 directory_pivot_root_new = path_join(directory, pivot_root_new);
1257 if (!directory_pivot_root_new)
1258 return log_oom();
1259
1260 /* Remount directory_pivot_root_new to make it movable. */
1261 r = mount_verbose(LOG_ERR, directory_pivot_root_new, directory_pivot_root_new, NULL, MS_BIND, NULL);
1262 if (r < 0)
1263 goto done;
1264
1265 if (pivot_root_old) {
1266 if (!mkdtemp(pivot_tmp)) {
1267 r = log_error_errno(errno, "Failed to create temporary directory: %m");
1268 goto done;
1269 }
1270
1271 remove_pivot_tmp = true;
1272 pivot_tmp_pivot_root_old = path_join(pivot_tmp, pivot_root_old);
1273 if (!pivot_tmp_pivot_root_old) {
1274 r = log_oom();
1275 goto done;
1276 }
1277
1278 r = mount_verbose(LOG_ERR, directory_pivot_root_new, pivot_tmp, NULL, MS_MOVE, NULL);
1279 if (r < 0)
1280 goto done;
1281
1282 r = mount_verbose(LOG_ERR, directory, pivot_tmp_pivot_root_old, NULL, MS_MOVE, NULL);
1283 if (r < 0)
1284 goto done;
1285
1286 r = mount_verbose(LOG_ERR, pivot_tmp, directory, NULL, MS_MOVE, NULL);
1287 if (r < 0)
1288 goto done;
1289 } else {
1290 r = mount_verbose(LOG_ERR, directory_pivot_root_new, directory, NULL, MS_MOVE, NULL);
1291 if (r < 0)
1292 goto done;
1293 }
1294
1295 done:
1296 if (remove_pivot_tmp)
1297 (void) rmdir(pivot_tmp);
1298
1299 return r;
1300 }
Unnamed repository; edit this file 'description' to name the repository.