__do_close int dfd_idmapped = -EBADF, fd_userns = -EBADF;
struct lxc_rootfs *rootfs = &handler->conf->rootfs;
struct lxc_storage *storage = rootfs->storage;
+ const struct lxc_mount_options *mnt_opts = &rootfs->mnt_opts;
int ret;
const char *path_source;
path_source = lxc_storage_get_path(storage->src, storage->type);
- dfd_idmapped = create_detached_idmapped_mount(path_source, fd_userns, true);
+ dfd_idmapped = create_detached_idmapped_mount(path_source, fd_userns, true,
+ mnt_opts->attr.attr_set,
+ mnt_opts->attr.attr_clr);
if (dfd_idmapped < 0)
return syserror("Failed to create detached idmapped mount");
PROTECT_LOOKUP_BENEATH_XDEV,
fd_to, "",
PROTECT_OPATH_FILE,
- PROTECT_LOOKUP_BENEATH_XDEV, 0,
+ PROTECT_LOOKUP_BENEATH_XDEV,
+ 0,
+ 0,
+ 0,
false);
else
ret = mount_fd(tty->pty, fd_to, "none", MS_BIND, 0);
PROTECT_LOOKUP_BENEATH_XDEV,
fd_to, "",
PROTECT_OPATH_FILE,
- PROTECT_LOOKUP_BENEATH, 0,
+ PROTECT_LOOKUP_BENEATH,
+ 0,
+ 0,
+ 0,
false);
else
ret = mount_fd(tty->pty, fd_to, "none", MS_BIND, 0);
PROTECT_LOOKUP_BENEATH_XDEV,
rootfs->dfd_dev, device->name,
PROTECT_OPATH_FILE,
- PROTECT_LOOKUP_BENEATH, 0, false);
+ PROTECT_LOOKUP_BENEATH,
+ 0,
+ 0,
+ 0,
+ false);
} else {
char path[PATH_MAX];
* we're operating directly on the fd.
*/
if (can_use_mount_api())
- return fd_bind_mount(fd_pty, "", 0, 0, fd_to, "", 0, 0, 0, false);
+ return fd_bind_mount(fd_pty, "", 0, 0, fd_to, "", 0, 0, 0, 0, 0, false);
return mount_fd(fd_pty, fd_to, "none", MS_BIND, 0);
}
PROTECT_OPATH_FILE,
PROTECT_LOOKUP_BENEATH,
0,
+ 0,
+ 0,
false);
else
ret = mount_fd(fd_dev_console, fd_reg_console, "none", MS_BIND, 0);
return 0;
}
-static int parse_mount_attrs(struct lxc_mount_options *opts, const char *mntopts)
+int parse_mount_attrs(struct lxc_mount_options *opts, const char *mntopts)
{
__do_free char *mntopts_new = NULL, *mntopts_dup = NULL;
char *end = NULL, *mntopt_cur = NULL;
__hidden extern int parse_mntopts_legacy(const char *mntopts, unsigned long *mntflags, char **mntdata);
__hidden extern int parse_propagationopts(const char *mntopts, unsigned long *pflags);
__hidden extern int parse_lxc_mount_attrs(struct lxc_mount_options *opts, char *mnt_opts);
+__hidden extern int parse_mount_attrs(struct lxc_mount_options *opts, const char *mntopts);
__hidden extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
__hidden extern void suggest_default_idmap(void);
__hidden extern FILE *make_anonymous_mount_file(struct lxc_list *mount, bool include_nesting_helpers);
static int set_config_rootfs_options(const char *key, const char *value,
struct lxc_conf *lxc_conf, void *data)
{
- __do_free char *__data = NULL, *dup = NULL, *mdata = NULL, *opts = NULL;
+ __do_free char *dup = NULL, *raw_options = NULL;
struct lxc_rootfs *rootfs = &lxc_conf->rootfs;
struct lxc_mount_options *mnt_opts = &rootfs->mnt_opts;
int ret;
if (lxc_config_value_empty(value))
return 0;
+ ret = set_config_string_item(&raw_options, value);
+ if (ret < 0)
+ return ret_errno(ENOMEM);
+
dup = strdup(value);
if (!dup)
return -ENOMEM;
ret = parse_lxc_mount_attrs(mnt_opts, dup);
if (ret < 0)
return ret;
- __data = mnt_opts->data;
-
- ret = parse_mntopts_legacy(dup, &mnt_opts->mnt_flags, &mdata);
- if (ret < 0)
- return ret_errno(EINVAL);
-
- ret = parse_propagationopts(dup, &mnt_opts->prop_flags);
- if (ret < 0)
- return ret_errno(EINVAL);
-
- ret = set_config_string_item(&opts, dup);
- if (ret < 0)
- return ret_errno(ENOMEM);
+ /* Make sure we're only valid LXC specific mount options. */
if (mnt_opts->create_dir || mnt_opts->create_file ||
mnt_opts->optional || mnt_opts->relative)
return syserror_set(-EINVAL, "Invalid LXC specific mount option for rootfs mount");
- mnt_opts->data = move_ptr(mdata);
- rootfs->options = move_ptr(opts);
+ ret = parse_mount_attrs(mnt_opts, dup);
+ if (ret < 0)
+ return ret_errno(EINVAL);
+ rootfs->options = move_ptr(raw_options);
return 0;
}
lxc_log_define(mount_utils, lxc);
+/*
+ * Since the MOUNT_ATTR_<atime> values are an enum, not a bitmap, users wanting
+ * to transition to a different atime setting cannot simply specify the atime
+ * setting in @attr_set, but must also specify MOUNT_ATTR__ATIME in the
+ * @attr_clr field.
+ */
+static inline void set_atime(struct lxc_mount_attr *attr)
+{
+ switch (attr->attr_set & MOUNT_ATTR__ATIME) {
+ case MOUNT_ATTR_RELATIME:
+ __fallthrough;
+ case MOUNT_ATTR_NOATIME:
+ __fallthrough;
+ case MOUNT_ATTR_STRICTATIME:
+ attr->attr_clr = MOUNT_ATTR__ATIME;
+ break;
+ }
+}
+
int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags)
{
unsigned int flags = 0;
return 0;
}
-int create_detached_idmapped_mount(const char *path, int userns_fd, bool recursive)
+int create_detached_idmapped_mount(const char *path, int userns_fd,
+ bool recursive, __u64 attr_set, __u64 attr_clr)
{
__do_close int fd_tree_from = -EBADF;
unsigned int open_tree_flags = OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC;
struct lxc_mount_attr attr = {
- .attr_set = MOUNT_ATTR_IDMAP,
+ .attr_set = MOUNT_ATTR_IDMAP | attr_set,
+ .attr_clr = attr_clr,
.userns_fd = userns_fd,
.propagation = MS_SLAVE,
};
int ret;
+ set_atime(&attr);
+
TRACE("Idmapped mount \"%s\" requested with user namespace fd %d", path, userns_fd);
if (recursive)
int __fd_bind_mount(int dfd_from, const char *path_from, __u64 o_flags_from,
__u64 resolve_flags_from, int dfd_to, const char *path_to,
- __u64 o_flags_to, __u64 resolve_flags_to, __u64 attr_flags,
- int userns_fd, bool recursive)
+ __u64 o_flags_to, __u64 resolve_flags_to, __u64 attr_set,
+ __u64 attr_clr, __u64 propagation, int userns_fd,
+ bool recursive)
{
struct lxc_mount_attr attr = {
- .attr_set = attr_flags,
+ .attr_set = attr_set,
+ .attr_clr = attr_clr,
+ .propagation = propagation,
};
__do_close int __fd_from = -EBADF;
__do_close int fd_tree_from = -EBADF;
unsigned int open_tree_flags = AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC;
int fd_from, ret;
+ set_atime(&attr);
+
if (!is_empty_string(path_from)) {
struct lxc_open_how how = {
.flags = o_flags_from,
__u64 o_flags_from,
__u64 resolve_flags_from, int dfd_to,
const char *path_to, __u64 o_flags_to,
- __u64 resolve_flags_to, __u64 attr_flags,
+ __u64 resolve_flags_to, __u64 attr_set,
+ __u64 attr_clr, __u64 propagation,
int userns_fd, bool recursive);
static inline int fd_mount_idmapped(int dfd_from, const char *path_from,
__u64 o_flags_from,
__u64 resolve_flags_from, int dfd_to,
const char *path_to, __u64 o_flags_to,
- __u64 resolve_flags_to, __u64 attr_flags,
+ __u64 resolve_flags_to, __u64 attr_set,
+ __u64 attr_clr, __u64 propagation,
int userns_fd, bool recursive)
{
- return __fd_bind_mount(dfd_from, path_from, o_flags_from, resolve_flags_from,
- dfd_to, path_to, o_flags_to, resolve_flags_to,
- attr_flags, userns_fd, recursive);
+ return __fd_bind_mount(dfd_from, path_from, o_flags_from,
+ resolve_flags_from, dfd_to, path_to, o_flags_to,
+ resolve_flags_to, attr_set, attr_clr,
+ propagation, userns_fd, recursive);
}
static inline int fd_bind_mount(int dfd_from, const char *path_from,
__u64 o_flags_from, __u64 resolve_flags_from,
int dfd_to, const char *path_to,
__u64 o_flags_to, __u64 resolve_flags_to,
- __u64 attr_flags, bool recursive)
+ __u64 attr_set, __u64 attr_clr,
+ __u64 propagation, bool recursive)
{
return __fd_bind_mount(dfd_from, path_from, o_flags_from, resolve_flags_from,
dfd_to, path_to, o_flags_to, resolve_flags_to,
- attr_flags, -EBADF, recursive);
+ attr_set, attr_clr, propagation, -EBADF, recursive);
}
__hidden extern int create_detached_idmapped_mount(const char *path,
- int userns_fd, bool recursive);
+ int userns_fd, bool recursive,
+ __u64 attr_set, __u64 attr_clr);
__hidden extern int move_detached_mount(int dfd_from, int dfd_to,
const char *path_to, __u64 o_flags_to,
__u64 resolve_flags_to);
ret = fd_bind_mount(fd_source, "",
PROTECT_OPATH_DIRECTORY,
- PROTECT_LOOKUP_BENEATH, fd_target,
- "", PROTECT_OPATH_DIRECTORY,
- PROTECT_LOOKUP_BENEATH, 0, true);
+ PROTECT_LOOKUP_BENEATH,
+ fd_target, "",
+ PROTECT_OPATH_DIRECTORY,
+ PROTECT_LOOKUP_BENEATH,
+ mnt_opts->attr.attr_set,
+ mnt_opts->attr.attr_clr,
+ mnt_opts->attr.propagation,
+ true);
}
} else {
ret = mount(source, target, "bind", MS_BIND | MS_REC | mnt_opts->mnt_flags | mnt_opts->prop_flags, mnt_opts->data);
projects / thirdparty / lxc.git / commitdiff
