From b83358b87f0f6feaffca75f0ebd1d9fd80f34217 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 25 Nov 2024 11:32:35 +0100 Subject: [PATCH] =?utf8?q?nspawn:=20rename=20pin=5Ffully=5Fvisible=5Ffs()?= =?utf8?q?=20=E2=86=92=20pin=5Ffully=5Fvisible=5Fapi=5Ffs()?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This function pins the *API* FS, i.e. /proc/ + /sys/, not just any fs. Hence clarify this in the name. (At least we call these two fs "API (V)FS" in our codebase, hence continue to do so here) --- src/nspawn/nspawn-mount.c | 8 ++++---- src/nspawn/nspawn-mount.h | 5 +++-- src/nspawn/nspawn.c | 4 ++-- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index eda455c8715..af88e82d04a 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -1406,7 +1406,7 @@ done: #define NSPAWN_PRIVATE_FULLY_VISIBLE_PROCFS "/run/host/proc" #define NSPAWN_PRIVATE_FULLY_VISIBLE_SYSFS "/run/host/sys" -int pin_fully_visible_fs(void) { +int pin_fully_visible_api_fs(void) { int r; log_debug("Pinning fully visible API FS"); @@ -1425,7 +1425,7 @@ int pin_fully_visible_fs(void) { return 0; } -static int do_wipe_fully_visible_fs(void) { +static int do_wipe_fully_visible_api_fs(void) { if (umount2(NSPAWN_PRIVATE_FULLY_VISIBLE_PROCFS, MNT_DETACH) < 0) return log_error_errno(errno, "Failed to unmount temporary proc: %m"); @@ -1441,7 +1441,7 @@ static int do_wipe_fully_visible_fs(void) { return 0; } -int wipe_fully_visible_fs(int mntns_fd) { +int wipe_fully_visible_api_fs(int mntns_fd) { _cleanup_close_ int orig_mntns_fd = -EBADF; int r, rr; @@ -1464,7 +1464,7 @@ int wipe_fully_visible_fs(int mntns_fd) { if (r < 0) return log_error_errno(r, "Failed to enter mount namespace: %m"); - rr = do_wipe_fully_visible_fs(); + rr = do_wipe_fully_visible_api_fs(); r = namespace_enter(/* pidns_fd = */ -EBADF, orig_mntns_fd, diff --git a/src/nspawn/nspawn-mount.h b/src/nspawn/nspawn-mount.h index 5f66bc7328d..53aa993d6a2 100644 --- a/src/nspawn/nspawn-mount.h +++ b/src/nspawn/nspawn-mount.h @@ -73,5 +73,6 @@ int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s int setup_pivot_root(const char *directory, const char *pivot_root_new, const char *pivot_root_old); int tmpfs_patch_options(const char *options,uid_t uid_shift, const char *selinux_apifs_context, char **ret); -int pin_fully_visible_fs(void); -int wipe_fully_visible_fs(int mntns_fd); + +int pin_fully_visible_api_fs(void); +int wipe_fully_visible_api_fs(int mntns_fd); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 74e9fa04bd5..8a07000fce3 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -4357,7 +4357,7 @@ static int outer_child( * Note, the inner child wouldn't be able to unmount the instances on its own since * it doesn't own the originating mount namespace. IOW, the outer child needs to do * this. */ - r = pin_fully_visible_fs(); + r = pin_fully_visible_api_fs(); if (r < 0) return r; } @@ -5625,7 +5625,7 @@ static int run_container( return log_error_errno(SYNTHETIC_ERRNO(ESRCH), "Child died too early."); if (arg_userns_mode != USER_NAMESPACE_NO) { - r = wipe_fully_visible_fs(mntns_fd); + r = wipe_fully_visible_api_fs(mntns_fd); if (r < 0) return r; mntns_fd = safe_close(mntns_fd); -- 2.47.3