static int get_sub_mounts(
const char *prefix,
- bool clone_tree,
SubMount **ret_mounts,
size_t *ret_n_mounts) {
_cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
continue;
}
- if (clone_tree)
- mount_fd = open_tree(AT_FDCWD, path, OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC | AT_RECURSIVE);
- else
- mount_fd = open(path, O_CLOEXEC|O_PATH);
+ mount_fd = open(path, O_CLOEXEC|O_PATH);
if (mount_fd < 0) {
if (errno == ENOENT) /* The path may be hidden by another over-mount or already unmounted. */
continue;
return 0;
}
-static int move_sub_mounts(SubMount *mounts, size_t n) {
- assert(mounts || n == 0);
-
- for (size_t i = 0; i < n; i++) {
- if (!mounts[i].path || mounts[i].mount_fd < 0)
- continue;
-
- (void) mkdir_p_label(mounts[i].path, 0755);
-
- if (move_mount(mounts[i].mount_fd, "", AT_FDCWD, mounts[i].path, MOVE_MOUNT_F_EMPTY_PATH) < 0)
- return log_debug_errno(errno, "Failed to move mount_fd to '%s': %m", mounts[i].path);
- }
-
- return 0;
-}
-
-int remount_and_move_sub_mounts(
- const char *what,
- const char *where,
- const char *type,
- unsigned long flags,
- const char *options) {
-
- SubMount *mounts = NULL;
- size_t n = 0;
- int r;
-
- CLEANUP_ARRAY(mounts, n, sub_mount_array_free);
-
- assert(where);
-
- /* This is useful when creating a new network namespace. Unlike procfs, we need to remount sysfs,
- * otherwise properties of the network interfaces in the main network namespace are still accessible
- * through the old sysfs, e.g. /sys/class/net/eth0. All sub-mounts previously mounted on the sysfs
- * are moved onto the new sysfs mount. */
-
- r = path_is_mount_point(where, NULL, 0);
- if (r < 0)
- return log_debug_errno(r, "Failed to determine if '%s' is a mountpoint: %m", where);
- if (r == 0)
- /* Shortcut. Simply mount the requested filesystem. */
- return mount_nofollow_verbose(LOG_DEBUG, what, where, type, flags, options);
-
- /* Get the list of sub-mounts and duplicate them. */
- r = get_sub_mounts(where, /* clone_tree= */ true, &mounts, &n);
- if (r < 0)
- return r;
-
- /* Then, remount the mount and its sub-mounts. */
- (void) umount_recursive(where, 0);
-
- /* Remount the target filesystem. */
- r = mount_nofollow_verbose(LOG_DEBUG, what, where, type, flags, options);
- if (r < 0)
- return r;
-
- /* Finally, move the all sub-mounts on the new target mount point. */
- return move_sub_mounts(mounts, n);
-}
-
int bind_mount_submounts(
const char *source,
const char *target) {
CLEANUP_ARRAY(mounts, n, sub_mount_array_free);
- r = get_sub_mounts(source, /* clone_tree= */ false, &mounts, &n);
+ r = get_sub_mounts(source, &mounts, &n);
if (r < 0)
return r;
return ret;
}
-int remount_sysfs(const char *where) {
- return remount_and_move_sub_mounts("sysfs", where, "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL);
-}
-
int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mode_t mode) {
assert(st);
assert(dest);
#include "tests.h"
#include "tmpfile-util.h"
-TEST(remount_and_move_sub_mounts) {
- int r;
-
- if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
- return (void) log_tests_skipped("not running privileged");
-
- r = safe_fork("(remount-and-move-sub-mounts)",
- FORK_RESET_SIGNALS |
- FORK_CLOSE_ALL_FDS |
- FORK_DEATHSIG |
- FORK_WAIT |
- FORK_REOPEN_LOG |
- FORK_LOG |
- FORK_NEW_MOUNTNS |
- FORK_MOUNTNS_SLAVE,
- NULL);
- assert_se(r >= 0);
- if (r == 0) {
- _cleanup_free_ char *d = NULL, *fn = NULL;
-
- assert_se(mkdtemp_malloc(NULL, &d) >= 0);
-
- assert_se(mount_nofollow_verbose(LOG_DEBUG, "tmpfs", d, "tmpfs", MS_NOSUID|MS_NODEV, NULL) >= 0);
-
- assert_se(fn = path_join(d, "memo"));
- assert_se(write_string_file(fn, d, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_AVOID_NEWLINE) >= 0);
- assert_se(access(fn, F_OK) >= 0);
-
- /* Create fs tree */
- FOREACH_STRING(p, "sub1", "sub1/hoge", "sub1/foo", "sub2", "sub2/aaa", "sub2/bbb") {
- _cleanup_free_ char *where = NULL, *filename = NULL;
-
- assert_se(where = path_join(d, p));
- assert_se(mkdir_p(where, 0755) >= 0);
- assert_se(mount_nofollow_verbose(LOG_DEBUG, "tmpfs", where, "tmpfs", MS_NOSUID|MS_NODEV, NULL) >= 0);
-
- assert_se(filename = path_join(where, "memo"));
- assert_se(write_string_file(filename, where, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_AVOID_NEWLINE) >= 0);
- assert_se(access(filename, F_OK) >= 0);
- }
-
- /* Hide sub1. */
- FOREACH_STRING(p, "sub1", "sub1/hogehoge", "sub1/foofoo") {
- _cleanup_free_ char *where = NULL, *filename = NULL;
-
- assert_se(where = path_join(d, p));
- assert_se(mkdir_p(where, 0755) >= 0);
- assert_se(mount_nofollow_verbose(LOG_DEBUG, "tmpfs", where, "tmpfs", MS_NOSUID|MS_NODEV, NULL) >= 0);
-
- assert_se(filename = path_join(where, "memo"));
- assert_se(write_string_file(filename, where, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_AVOID_NEWLINE) >= 0);
- assert_se(access(filename, F_OK) >= 0);
- }
-
- /* Remount the main fs. */
- r = remount_and_move_sub_mounts("tmpfs", d, "tmpfs", MS_NOSUID|MS_NODEV, NULL);
- if (r == -EINVAL || (r < 0 && ERRNO_IS_NOT_SUPPORTED(r))) {
- log_tests_skipped_errno(r, "The kernel seems too old: %m");
- _exit(EXIT_SUCCESS);
- }
-
- /* Check the file in the main fs does not exist. */
- assert_se(access(fn, F_OK) < 0 && errno == ENOENT);
-
- /* Check the files in sub-mounts are kept. */
- FOREACH_STRING(p, "sub1", "sub1/hogehoge", "sub1/foofoo", "sub2", "sub2/aaa", "sub2/bbb") {
- _cleanup_free_ char *where = NULL, *filename = NULL, *content = NULL;
-
- assert_se(where = path_join(d, p));
- assert_se(filename = path_join(where, "memo"));
- assert_se(read_full_file(filename, &content, NULL) >= 0);
- assert_se(streq(content, where));
- }
-
- /* umount sub1, and check if the previously hidden sub-mounts are dropped. */
- FOREACH_STRING(p, "sub1/hoge", "sub1/foo") {
- _cleanup_free_ char *where = NULL;
-
- assert_se(where = path_join(d, p));
- assert_se(access(where, F_OK) < 0 && errno == ENOENT);
- }
-
- _exit(EXIT_SUCCESS);
- }
-}
-
-TEST(remount_sysfs) {
- int r;
-
- if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
- return (void) log_tests_skipped("not running privileged");
-
- if (path_is_fs_type("/sys", SYSFS_MAGIC) <= 0)
- return (void) log_tests_skipped("sysfs is not mounted on /sys");
-
- if (access("/sys/class/net/dummy-test-mnt", F_OK) < 0)
- return (void) log_tests_skipped_errno(errno, "The network interface dummy-test-mnt does not exit");
-
- r = safe_fork("(remount-sysfs)",
- FORK_RESET_SIGNALS |
- FORK_CLOSE_ALL_FDS |
- FORK_DEATHSIG |
- FORK_WAIT |
- FORK_REOPEN_LOG |
- FORK_LOG |
- FORK_NEW_MOUNTNS |
- FORK_MOUNTNS_SLAVE,
- NULL);
- assert_se(r >= 0);
- if (r == 0) {
- assert_se(unshare(CLONE_NEWNET) >= 0);
-
- /* Even unshare()ed, the interfaces in the main namespace can be accessed through sysfs. */
- assert_se(access("/sys/class/net/lo", F_OK) >= 0);
- assert_se(access("/sys/class/net/dummy-test-mnt", F_OK) >= 0);
-
- r = remount_sysfs("/sys");
- if (r == -EINVAL || (r < 0 && ERRNO_IS_NOT_SUPPORTED(r))) {
- log_tests_skipped_errno(r, "The kernel seems too old: %m");
- _exit(EXIT_SUCCESS);
- }
-
- /* After remounting sysfs, the interfaces in the main namespace cannot be accessed. */
- assert_se(access("/sys/class/net/lo", F_OK) >= 0);
- assert_se(access("/sys/class/net/dummy-test-mnt", F_OK) < 0 && errno == ENOENT);
-
- _exit(EXIT_SUCCESS);
- }
-}
-
TEST(mount_option_mangle) {
char *opts = NULL;
unsigned long f;
assert_se(umount_recursive(b, 0) >= 0);
}
-static int intro(void) {
- /* Create a dummy network interface for testing remount_sysfs(). */
- (void) system("ip link add dummy-test-mnt type dummy");
-
- return 0;
-}
-
-static int outro(void) {
- (void) system("ip link del dummy-test-mnt");
-
- return 0;
-}
-
-DEFINE_TEST_MAIN_FULL(LOG_DEBUG, intro, outro);
+DEFINE_TEST_MAIN(LOG_DEBUG);
projects / thirdparty / systemd.git / commitdiff
