From: Lennart Poettering Date: Tue, 14 Mar 2023 21:55:32 +0000 (+0100) Subject: mount-util: split remount_idmap() in two X-Git-Tag: v254-rc1~635 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=17b798d915713d4a6fe8edafe5645f26bdc14225;p=thirdparty%2Fsystemd.git mount-util: split remount_idmap() in two This will make things a bit longer for now, but more powerful as we can reuse the userns fd between calls to remount_idmap() if we need to adjust multiple mounts. No change in behaviour, just some minor refactoring. --- diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c index edf01fe0921..f30b5f1a7fc 100644 --- a/src/shared/mount-util.c +++ b/src/shared/mount-util.c @@ -1080,13 +1080,16 @@ int make_mount_point(const char *path) { return 1; } -static int make_userns(uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping) { +int make_userns(uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping) { _cleanup_close_ int userns_fd = -EBADF; _cleanup_free_ char *line = NULL; /* Allocates a userns file descriptor with the mapping we need. For this we'll fork off a child * process whose only purpose is to give us a new user namespace. It's killed when we got it. */ + if (!userns_shift_range_valid(uid_shift, uid_range)) + return -EINVAL; + if (IN_SET(idmapping, REMOUNT_IDMAPPING_NONE, REMOUNT_IDMAPPING_HOST_ROOT)) { if (asprintf(&line, UID_FMT " " UID_FMT " " UID_FMT "\n", 0u, uid_shift, uid_range) < 0) return log_oom_debug(); @@ -1125,31 +1128,21 @@ static int make_userns(uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdm return TAKE_FD(userns_fd); } -int remount_idmap( +int remount_idmap_fd( const char *p, - uid_t uid_shift, - uid_t uid_range, - uid_t owner, - RemountIdmapping idmapping) { + int userns_fd) { - _cleanup_close_ int mount_fd = -EBADF, userns_fd = -EBADF; + _cleanup_close_ int mount_fd = -EBADF; int r; assert(p); - - if (!userns_shift_range_valid(uid_shift, uid_range)) - return -EINVAL; + assert(userns_fd >= 0); /* Clone the mount point */ mount_fd = open_tree(-1, p, OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC); if (mount_fd < 0) return log_debug_errno(errno, "Failed to open tree of mounted filesystem '%s': %m", p); - /* Create a user namespace mapping */ - userns_fd = make_userns(uid_shift, uid_range, owner, idmapping); - if (userns_fd < 0) - return userns_fd; - /* Set the user namespace mapping attribute on the cloned mount point */ if (mount_setattr(mount_fd, "", AT_EMPTY_PATH | AT_RECURSIVE, &(struct mount_attr) { @@ -1170,6 +1163,16 @@ int remount_idmap( return 0; } +int remount_idmap(const char *p, uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping) { + _cleanup_close_ int userns_fd = -EBADF; + + userns_fd = make_userns(uid_shift, uid_range, owner, idmapping); + if (userns_fd < 0) + return userns_fd; + + return remount_idmap_fd(p, userns_fd); +} + typedef struct SubMount { char *path; int mount_fd; diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h index f52687828a6..d1defcd8be4 100644 --- a/src/shared/mount-util.h +++ b/src/shared/mount-util.h @@ -103,6 +103,8 @@ typedef enum RemountIdmapping { _REMOUNT_IDMAPPING_INVALID = -EINVAL, } RemountIdmapping; +int make_userns(uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping); +int remount_idmap_fd(const char *p, int userns_fd); int remount_idmap(const char *p, uid_t uid_shift, uid_t uid_range, uid_t owner, RemountIdmapping idmapping); int remount_and_move_sub_mounts(