#include "memory-util.h"
#include "missing_fs.h"
#include "mkdir.h"
+#include "mount-util.h"
#include "mountpoint-util.h"
#include "namespace.h"
#include "parse-util.h"
* the final version to the workspace, and make it writable, so that we can make
* changes */
- if (mount(final, workspace, NULL, MS_BIND|MS_REC, NULL) < 0)
- return -errno;
+ r = mount_nofollow_verbose(LOG_DEBUG, final, workspace, NULL, MS_BIND|MS_REC, NULL);
+ if (r < 0)
+ return r;
- if (mount(NULL, workspace, NULL, MS_BIND|MS_REMOUNT|MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL) < 0)
- return -errno;
+ r = mount_nofollow_verbose(LOG_DEBUG, NULL, workspace, NULL, MS_BIND|MS_REMOUNT|MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL);
+ if (r < 0)
+ return r;
workspace_mounted = true;
}
if (try == 0) {
/* Try "ramfs" first, since it's not swap backed */
- if (mount("ramfs", workspace, "ramfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, "mode=0700") >= 0) {
+ r = mount_nofollow_verbose(LOG_DEBUG, "ramfs", workspace, "ramfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, "mode=0700");
+ if (r >= 0) {
workspace_mounted = true;
break;
}
return -ENOMEM;
/* Fall back to "tmpfs" otherwise */
- if (mount("tmpfs", workspace, "tmpfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, opts) >= 0) {
+ r = mount_nofollow_verbose(LOG_DEBUG, "tmpfs", workspace, "tmpfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, opts);
+ if (r >= 0) {
workspace_mounted = true;
break;
}
} else {
/* If that didn't work, try to make a bind mount from the final to the workspace, so that we can make it writable there. */
- if (mount(final, workspace, NULL, MS_BIND|MS_REC, NULL) < 0) {
- if (!ERRNO_IS_PRIVILEGE(errno)) /* Propagate anything that isn't a permission problem */
- return -errno;
+ r = mount_nofollow_verbose(LOG_DEBUG, final, workspace, NULL, MS_BIND|MS_REC, NULL);
+ if (r < 0) {
+ if (!ERRNO_IS_PRIVILEGE(r)) /* Propagate anything that isn't a permission problem */
+ return r;
if (must_mount) /* If we it's not OK to use the plain directory
* fallback, propagate all errors too */
- return -errno;
+ return r;
/* If we lack privileges to bind mount stuff, then let's gracefully
* proceed for compat with container envs, and just use the final dir
}
/* Make the new bind mount writable (i.e. drop MS_RDONLY) */
- if (mount(NULL, workspace, NULL, MS_BIND|MS_REMOUNT|MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL) < 0)
- return -errno;
+ r = mount_nofollow_verbose(LOG_DEBUG, NULL, workspace, NULL, MS_BIND|MS_REMOUNT|MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL);
+ if (r < 0)
+ return r;
workspace_mounted = true;
break;
if (workspace_mounted) {
/* Make workspace read-only now, so that any bind mount we make from it defaults to read-only too */
- if (mount(NULL, workspace, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL) < 0)
- return -errno;
+ r = mount_nofollow_verbose(LOG_DEBUG, NULL, workspace, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL);
+ if (r < 0)
+ return r;
/* And mount it to the final place, read-only */
- if (final_mounted) {
- if (umount2(workspace, MNT_DETACH|UMOUNT_NOFOLLOW) < 0)
- return -errno;
- } else {
- if (mount(workspace, final, NULL, MS_MOVE, NULL) < 0)
- return -errno;
- }
+ if (final_mounted)
+ r = umount_verbose(LOG_DEBUG, workspace, MNT_DETACH|UMOUNT_NOFOLLOW);
+ else
+ r = mount_nofollow_verbose(LOG_DEBUG, workspace, final, NULL, MS_MOVE, NULL);
+ if (r < 0)
+ return r;
} else {
_cleanup_free_ char *parent = NULL;
* given that the we do this in a privately namespaced short-lived single-threaded process
* that no one else sees this should be OK to do.*/
- if (mount(NULL, "/dev", NULL, MS_SLAVE|MS_REC, NULL) < 0) /* Turn off propagation from our namespace to host */
+ r = mount_nofollow_verbose(LOG_DEBUG, NULL, "/dev", NULL, MS_SLAVE|MS_REC, NULL); /* Turn off propagation from our namespace to host */
+ if (r < 0)
goto child_fail;
r = setup_credentials_internal(
#include "machine-id-setup.h"
#include "macro.h"
#include "mkdir.h"
+#include "mount-util.h"
#include "mountpoint-util.h"
#include "namespace-util.h"
#include "path-util.h"
}
/* And now, let's mount it over */
- if (mount(run_machine_id, etc_machine_id, NULL, MS_BIND, NULL) < 0) {
- (void) unlink_noerrno(run_machine_id);
- return log_error_errno(errno, "Failed to mount %s: %m", etc_machine_id);
+ r = mount_follow_verbose(LOG_ERR, run_machine_id, etc_machine_id, NULL, MS_BIND, NULL);
+ if (r < 0) {
+ (void) unlink(run_machine_id);
+ return r;
}
log_info("Installed transient %s file.", etc_machine_id);
/* Mark the mount read-only */
- if (mount(NULL, etc_machine_id, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL) < 0)
- log_warning_errno(errno, "Failed to make transient %s read-only, ignoring: %m", etc_machine_id);
+ r = mount_follow_verbose(LOG_WARNING, NULL, etc_machine_id, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL);
+ if (r < 0)
+ return r;
finish:
if (ret)
if (r < 0)
return log_error_errno(r, "Failed to set up new mount namespace: %m");
- if (umount(etc_machine_id) < 0)
- return log_error_errno(errno, "Failed to unmount transient %s file in our private namespace: %m", etc_machine_id);
+ r = umount_verbose(LOG_ERR, etc_machine_id, 0);
+ if (r < 0)
+ return r;
/* Update a persistent version of etc_machine_id */
r = id128_write(etc_machine_id, ID128_PLAIN, id, true);
MNT_FATAL = 1 << 0,
MNT_IN_CONTAINER = 1 << 1,
MNT_CHECK_WRITABLE = 1 << 2,
+ MNT_FOLLOW_SYMLINK = 1 << 3,
} MountMode;
typedef struct MountPoint {
#endif
static const MountPoint mount_table[] = {
- { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
- NULL, MNT_FATAL|MNT_IN_CONTAINER },
{ "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ NULL, MNT_FATAL|MNT_IN_CONTAINER|MNT_FOLLOW_SYMLINK },
+ { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
{ "devtmpfs", "/dev", "devtmpfs", "mode=755" TMPFS_LIMITS_DEV, MS_NOSUID|MS_NOEXEC|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
p->type,
strna(p->options));
- if (mount(p->what,
- p->where,
- p->type,
- p->flags,
- p->options) < 0) {
- log_full_errno(priority, errno, "Failed to mount %s at %s: %m", p->type, p->where);
- return (p->mode & MNT_FATAL) ? -errno : 0;
+ if (FLAGS_SET(p->mode, MNT_FOLLOW_SYMLINK))
+ r = mount(p->what, p->where, p->type, p->flags, p->options) < 0 ? -errno : 0;
+ else
+ r = mount_nofollow(p->what, p->where, p->type, p->flags, p->options);
+ if (r < 0) {
+ log_full_errno(priority, r, "Failed to mount %s at %s: %m", p->type, p->where);
+ return (p->mode & MNT_FATAL) ? r : 0;
}
/* Relabel again, since we now mounted something fresh here */
if (access(p->where, W_OK) < 0) {
r = -errno;
- (void) umount(p->where);
+ (void) umount2(p->where, UMOUNT_NOFOLLOW);
(void) rmdir(p->where);
log_full_errno(priority, r, "Mount point %s not writable after mounting: %m", p->where);
}
/* Now that we mounted everything, let's make the tmpfs the cgroup file systems are mounted into read-only. */
- (void) mount("tmpfs", "/sys/fs/cgroup", "tmpfs", MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755" TMPFS_LIMITS_SYS_FS_CGROUP);
+ (void) mount_nofollow("tmpfs", "/sys/fs/cgroup", "tmpfs", MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755" TMPFS_LIMITS_SYS_FS_CGROUP);
return 0;
}
return log_error_errno(errno, "Failed to determine mount flags for /sys/fs/cgroup: %m");
if (st.f_flags & ST_RDONLY)
- (void) mount(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT, NULL);
+ (void) mount_nofollow(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT, NULL);
(void) label_fix("/sys/fs/cgroup", 0);
(void) nftw("/sys/fs/cgroup", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
if (st.f_flags & ST_RDONLY)
- (void) mount(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT|MS_RDONLY, NULL);
+ (void) mount_nofollow(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT|MS_RDONLY, NULL);
} else if (r < 0)
return log_error_errno(r, "Failed to determine whether we are in all unified mode: %m");
if (r < 0 && errno != EEXIST)
return log_debug_errno(errno, "mknod() fallback failed for '%s': %m", d);
- /* Fallback to bind-mounting:
- * The assumption here is that all used device nodes carry standard
- * properties. Specifically, the devices nodes we bind-mount should
- * either be owned by root:root or root:tty (e.g. /dev/tty, /dev/ptmx)
- * and should not carry ACLs. */
- if (mount(d, dn, NULL, MS_BIND, NULL) < 0)
- return log_debug_errno(errno, "Bind mounting failed for '%s': %m", d);
+ /* Fallback to bind-mounting: The assumption here is that all used device nodes carry standard
+ * properties. Specifically, the devices nodes we bind-mount should either be owned by root:root or
+ * root:tty (e.g. /dev/tty, /dev/ptmx) and should not carry ACLs. */
+ r = mount_nofollow_verbose(LOG_DEBUG, d, dn, NULL, MS_BIND, NULL);
+ if (r < 0)
+ return r;
add_symlink:
bn = path_startswith(d, "/dev/");
dev = strjoina(temporary_mount, "/dev");
(void) mkdir(dev, 0755);
- if (mount("tmpfs", dev, "tmpfs", DEV_MOUNT_OPTIONS, "mode=755" TMPFS_LIMITS_DEV) < 0) {
- r = log_debug_errno(errno, "Failed to mount tmpfs on '%s': %m", dev);
+ r = mount_nofollow_verbose(LOG_DEBUG, "tmpfs", dev, "tmpfs", DEV_MOUNT_OPTIONS, "mode=755" TMPFS_LIMITS_DEV);
+ if (r < 0)
goto fail;
- }
+
r = label_fix_container(dev, "/dev", 0);
if (r < 0) {
log_debug_errno(errno, "Failed to fix label of '%s' as /dev: %m", dev);
devpts = strjoina(temporary_mount, "/dev/pts");
(void) mkdir(devpts, 0755);
- if (mount("/dev/pts", devpts, NULL, MS_BIND, NULL) < 0) {
- r = log_debug_errno(errno, "Failed to bind mount /dev/pts on '%s': %m", devpts);
+ r = mount_nofollow_verbose(LOG_DEBUG, "/dev/pts", devpts, NULL, MS_BIND, NULL);
+ if (r < 0)
goto fail;
- }
/* /dev/ptmx can either be a device node or a symlink to /dev/pts/ptmx.
* When /dev/ptmx a device node, /dev/pts/ptmx has 000 permissions making it inaccessible.
devshm = strjoina(temporary_mount, "/dev/shm");
(void) mkdir(devshm, 0755);
- r = mount("/dev/shm", devshm, NULL, MS_BIND, NULL);
- if (r < 0) {
- r = log_debug_errno(errno, "Failed to bind mount /dev/shm on '%s': %m", devshm);
+ r = mount_nofollow_verbose(LOG_DEBUG, "/dev/shm", devshm, NULL, MS_BIND, NULL);
+ if (r < 0)
goto fail;
- }
devmqueue = strjoina(temporary_mount, "/dev/mqueue");
(void) mkdir(devmqueue, 0755);
- if (mount("/dev/mqueue", devmqueue, NULL, MS_BIND, NULL) < 0)
- log_debug_errno(errno, "Failed to bind mount /dev/mqueue on '%s', ignoring: %m", devmqueue);
+ (void) mount_nofollow_verbose(LOG_DEBUG, "/dev/mqueue", devmqueue, NULL, MS_BIND, NULL);
devhugepages = strjoina(temporary_mount, "/dev/hugepages");
(void) mkdir(devhugepages, 0755);
- if (mount("/dev/hugepages", devhugepages, NULL, MS_BIND, NULL) < 0)
- log_debug_errno(errno, "Failed to bind mount /dev/hugepages on '%s', ignoring: %m", devhugepages);
+ (void) mount_nofollow_verbose(LOG_DEBUG, "/dev/hugepages", devhugepages, NULL, MS_BIND, NULL);
devlog = strjoina(temporary_mount, "/dev/log");
if (symlink("/run/systemd/journal/dev-log", devlog) < 0)
if (r < 0)
log_debug_errno(r, "Failed to unmount directories below '%s', ignoring: %m", mount_entry_path(m));
- if (mount(dev, mount_entry_path(m), NULL, MS_MOVE, NULL) < 0) {
- r = log_debug_errno(errno, "Failed to move mount point '%s' to '%s': %m", dev, mount_entry_path(m));
+ r = mount_nofollow_verbose(LOG_DEBUG, dev, mount_entry_path(m), NULL, MS_MOVE, NULL);
+ if (r < 0)
goto fail;
- }
(void) rmdir(dev);
(void) rmdir(temporary_mount);
fail:
if (devpts)
- (void) umount(devpts);
+ (void) umount_verbose(LOG_DEBUG, devpts, UMOUNT_NOFOLLOW);
if (devshm)
- (void) umount(devshm);
+ (void) umount_verbose(LOG_DEBUG, devshm, UMOUNT_NOFOLLOW);
if (devhugepages)
- (void) umount(devhugepages);
+ (void) umount_verbose(LOG_DEBUG, devhugepages, UMOUNT_NOFOLLOW);
if (devmqueue)
- (void) umount(devmqueue);
+ (void) umount_verbose(LOG_DEBUG, devmqueue, UMOUNT_NOFOLLOW);
- (void) umount(dev);
+ (void) umount_verbose(LOG_DEBUG, dev, UMOUNT_NOFOLLOW);
(void) rmdir(dev);
(void) rmdir(temporary_mount);
if (r > 0) /* make this a NOP if /dev is already a mount point */
return 0;
- if (mount("/dev", mount_entry_path(m), NULL, MS_BIND|MS_REC, NULL) < 0)
- return log_debug_errno(errno, "Failed to bind mount %s: %m", mount_entry_path(m));
+ r = mount_nofollow_verbose(LOG_DEBUG, "/dev", mount_entry_path(m), NULL, MS_BIND|MS_REC, NULL);
+ if (r < 0)
+ return r;
return 1;
}
return 0;
/* Bind mount the host's version so that we get all child mounts of it, too. */
- if (mount("/sys", mount_entry_path(m), NULL, MS_BIND|MS_REC, NULL) < 0)
- return log_debug_errno(errno, "Failed to mount %s: %m", mount_entry_path(m));
+ r = mount_nofollow_verbose(LOG_DEBUG, "/sys", mount_entry_path(m), NULL, MS_BIND|MS_REC, NULL);
+ if (r < 0)
+ return r;
return 1;
}
static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) {
const char *entry_path;
+ int r;
assert(m);
assert(ns_info);
if (!opts)
return -ENOMEM;
- if (mount("proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts) < 0) {
- if (errno != EINVAL)
- return log_debug_errno(errno, "Failed to mount %s (options=%s): %m", mount_entry_path(m), opts);
+ r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts);
+ if (r < 0) {
+ if (r != -EINVAL)
+ return r;
/* If this failed with EINVAL then this likely means the textual hidepid= stuff is
* not supported by the kernel, and thus the per-instance hidepid= neither, which
return 1;
}
- if (mount("proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL) < 0)
- return log_debug_errno(errno, "Failed to mount %s (no options): %m", mount_entry_path(m));
+ r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL);
+ if (r < 0)
+ return r;
return 1;
}
(void) mkdir_p_label(entry_path, 0755);
(void) umount_recursive(entry_path, 0);
- if (mount("tmpfs", entry_path, "tmpfs", m->flags, mount_entry_options(m)) < 0)
- return log_debug_errno(errno, "Failed to mount %s: %m", entry_path);
+ r = mount_nofollow_verbose(LOG_DEBUG, "tmpfs", entry_path, "tmpfs", m->flags, mount_entry_options(m));
+ if (r < 0)
+ return r;
r = label_fix_container(entry_path, inner_path, 0);
if (r < 0)
assert(what);
- if (mount(what, mount_entry_path(m), NULL, MS_BIND|(rbind ? MS_REC : 0), NULL) < 0) {
+ r = mount_nofollow_verbose(LOG_DEBUG, what, mount_entry_path(m), NULL, MS_BIND|(rbind ? MS_REC : 0), NULL);
+ if (r < 0) {
bool try_again = false;
- r = -errno;
if (r == -ENOENT && make) {
struct stat st;
}
}
- if (try_again) {
- if (mount(what, mount_entry_path(m), NULL, MS_BIND|(rbind ? MS_REC : 0), NULL) < 0)
- r = -errno;
- else
- r = 0;
- }
-
+ if (try_again)
+ r = mount_nofollow_verbose(LOG_DEBUG, what, mount_entry_path(m), NULL, MS_BIND|(rbind ? MS_REC : 0), NULL);
if (r < 0)
return log_error_errno(r, "Failed to mount %s to %s: %m", what, mount_entry_path(m));
}
goto finish;
}
if (r == 0) {
- if (mount(root, root, NULL, MS_BIND|MS_REC, NULL) < 0) {
- r = log_debug_errno(errno, "Failed to bind mount '%s': %m", root);
+ r = mount_nofollow_verbose(LOG_DEBUG, root, root, NULL, MS_BIND|MS_REC, NULL);
+ if (r < 0)
goto finish;
- }
}
} else {
-
/* Let's mount the main root directory to the root directory to use */
- if (mount("/", root, NULL, MS_BIND|MS_REC, NULL) < 0) {
- r = log_debug_errno(errno, "Failed to bind mount '/' on '%s': %m", root);
+ r = mount_nofollow_verbose(LOG_DEBUG, "/", root, NULL, MS_BIND|MS_REC, NULL);
+ if (r < 0)
goto finish;
- }
}
/* Try to set up the new root directory before mounting anything else there. */
#include "limits-util.h"
#include "main-func.h"
#include "mkdir.h"
+#include "mount-util.h"
#include "mountpoint-util.h"
#include "path-util.h"
#include "rm-rf.h"
(void) mkdir_label(runtime_path, 0700);
- r = mount("tmpfs", runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, options);
+ r = mount_nofollow_verbose(LOG_DEBUG, "tmpfs", runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, options);
if (r < 0) {
- if (!ERRNO_IS_PRIVILEGE(errno)) {
- r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", runtime_path);
+ if (!ERRNO_IS_PRIVILEGE(r)) {
+ log_error_errno(r, "Failed to mount per-user tmpfs directory %s: %m", runtime_path);
goto fail;
}
- log_debug_errno(errno,
+ log_debug_errno(r,
"Failed to mount per-user tmpfs directory %s.\n"
"Assuming containerized execution, ignoring: %m", runtime_path);
#include "machine.h"
#include "missing_capability.h"
#include "mkdir.h"
+#include "mount-util.h"
#include "namespace-util.h"
#include "os-util.h"
#include "path-util.h"
mount_slave_created = true;
- if (mount(mount_slave, mount_slave, NULL, MS_BIND, NULL) < 0) {
- r = sd_bus_error_set_errnof(error, errno, "Failed to make bind mount %s: %m", mount_slave);
+ r = mount_nofollow_verbose(LOG_DEBUG, mount_slave, mount_slave, NULL, MS_BIND, NULL);
+ if (r < 0) {
+ sd_bus_error_set_errnof(error, r, "Failed to make bind mount %s: %m", mount_slave);
goto finish;
}
mount_slave_mounted = true;
- if (mount(NULL, mount_slave, NULL, MS_SLAVE, NULL) < 0) {
- r = sd_bus_error_set_errnof(error, errno, "Failed to remount slave %s: %m", mount_slave);
+ r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_slave, NULL, MS_SLAVE, NULL);
+ if (r < 0) {
+ sd_bus_error_set_errnof(error, r, "Failed to remount slave %s: %m", mount_slave);
goto finish;
}
mount_tmp_created = true;
- if (mount(chased_src, mount_tmp, NULL, MS_BIND, NULL) < 0) {
- r = sd_bus_error_set_errnof(error, errno, "Failed to mount %s: %m", chased_src);
+ r = mount_nofollow_verbose(LOG_DEBUG, chased_src, mount_tmp, NULL, MS_BIND, NULL);
+ if (r < 0) {
+ sd_bus_error_set_errnof(error, r, "Failed to mount %s: %m", chased_src);
goto finish;
}
mount_tmp_mounted = true;
/* Third, we remount the new bind mount read-only if requested. */
- if (read_only)
- if (mount(NULL, mount_tmp, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
- r = sd_bus_error_set_errnof(error, errno, "Failed to remount read-only %s: %m", mount_tmp);
+ if (read_only) {
+ r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_tmp, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL);
+ if (r < 0) {
+ sd_bus_error_set_errnof(error, r, "Failed to remount read-only %s: %m", mount_tmp);
goto finish;
}
+ }
/* Fourth, we move the new bind mount into the propagation directory. This way it will appear there read-only
* right-away. */
mount_outside_created = true;
- if (mount(mount_tmp, mount_outside, NULL, MS_MOVE, NULL) < 0) {
- r = sd_bus_error_set_errnof(error, errno, "Failed to move %s to %s: %m", mount_tmp, mount_outside);
+ r = mount_nofollow_verbose(LOG_DEBUG, mount_tmp, mount_outside, NULL, MS_MOVE, NULL);
+ if (r < 0) {
+ sd_bus_error_set_errnof(error, r, "Failed to move %s to %s: %m", mount_tmp, mount_outside);
goto finish;
}
}
mount_inside = strjoina("/run/host/incoming/", basename(mount_outside));
- if (mount(mount_inside, dest, NULL, MS_MOVE, NULL) < 0) {
- r = log_error_errno(errno, "Failed to mount: %m");
+ r = mount_nofollow_verbose(LOG_ERR, mount_inside, dest, NULL, MS_MOVE, NULL);
+ if (r < 0)
goto child_fail;
- }
_exit(EXIT_SUCCESS);