const ExecCommand *command,
const ExecContext *context,
const ExecParameters *params,
- const ExecRuntime *runtime) {
+ const ExecRuntime *runtime,
+ char **error_path) {
_cleanup_strv_free_ char **empty_directories = NULL;
char *tmp = NULL, *var = NULL;
needs_sandboxing ? context->protect_home : PROTECT_HOME_NO,
needs_sandboxing ? context->protect_system : PROTECT_SYSTEM_NO,
context->mount_flags,
- DISSECT_IMAGE_DISCARD_ON_LOOP);
+ DISSECT_IMAGE_DISCARD_ON_LOOP,
+ error_path);
bind_mount_free_many(bind_mounts, n_bind_mounts);
needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime);
if (needs_mount_namespace) {
- r = apply_mount_namespace(unit, command, context, params, runtime);
+ _cleanup_free_ char *error_path = NULL;
+
+ r = apply_mount_namespace(unit, command, context, params, runtime, &error_path);
if (r < 0) {
*exit_status = EXIT_NAMESPACE;
- return log_unit_error_errno(unit, r, "Failed to set up mount namespacing: %m");
+ return log_unit_error_errno(unit, r, "Failed to set up mount namespacing%s%s: %m",
+ error_path ? ": " : "", strempty(error_path));
}
}
ProtectHome protect_home,
ProtectSystem protect_system,
unsigned long mount_flags,
- DissectImageFlags dissect_image_flags) {
+ DissectImageFlags dissect_image_flags,
+ char **error_path) {
_cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
_cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
if (!proc_self_mountinfo) {
r = log_debug_errno(errno, "Failed to open /proc/self/mountinfo: %m");
+ if (error_path)
+ *error_path = strdup("/proc/self/mountinfo");
goto finish;
}
continue;
r = follow_symlink(root, m);
- if (r < 0)
+ if (r < 0) {
+ if (error_path && mount_entry_path(m))
+ *error_path = strdup(mount_entry_path(m));
goto finish;
+ }
if (r == 0) {
/* We hit a symlinked mount point. The entry got rewritten and might point to a
* very different place now. Let's normalize the changed list, and start from
}
r = apply_mount(root, m);
- if (r < 0)
+ if (r < 0) {
+ if (error_path && mount_entry_path(m))
+ *error_path = strdup(mount_entry_path(m));
goto finish;
+ }
m->applied = true;
}
/* Second round, flip the ro bits if necessary. */
for (m = mounts; m < mounts + n_mounts; ++m) {
r = make_read_only(m, blacklist, proc_self_mountinfo);
- if (r < 0)
+ if (r < 0) {
+ if (error_path && mount_entry_path(m))
+ *error_path = strdup(mount_entry_path(m));
goto finish;
+ }
}
}
ProtectHome protect_home,
ProtectSystem protect_system,
unsigned long mount_flags,
- DissectImageFlags dissected_image_flags);
+ DissectImageFlags dissected_image_flags,
+ char **error_path);
int setup_tmp_dirs(
const char *id,
PROTECT_HOME_NO,
PROTECT_SYSTEM_NO,
0,
- 0);
+ 0,
+ NULL);
if (r < 0) {
log_error_errno(r, "Failed to setup namespace: %m");