dissect-image: clean up meaning of DISSECT_IMAGE_MKDIR

Previously handling of DISSECT_IMAGE_MKDIR was pretty weird and broken:
it would control both if we create the top-level mount point when
mounting an image, and the inner mount points for images that consist of
multiple file systems. However, the latter is redundant, since
1f0f82f1311e4c52152b8e2b6f266258709c137d does this too, a few lines
further up – unconditionally!

Hence, let's make the meaning of DISSECT_IMAGE_MKDIR more strict: it
shall be only about the top-level mount point, not about the inner ones
(where we'll continue to create what is missing alwayway). Having a
separate flag for the top-level mount point is relevant, since the mount
point dir created by it will remain on the host fs – unlike the
directories we create inside the image, which will stay within the
image.

This slightly change of meaning is actually inline with what the flag is
actually used for and documented in systemd-dissect.

(cherry picked from commit 9842905ede9c7fdc541724ee5c6db7d46a47405d)

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index c4ba1bca7b9ad978b507af59f438f78867afc7e7..b8241e61c22d8f506d9eff59e74721cb38a966e5 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -1311,7 +1311,7 @@ static int mount_partition(
 
         if (directory) {
                 if (!FLAGS_SET(flags, DISSECT_IMAGE_READ_ONLY)) {
-                        /* Automatically create missing mount points, if necessary. */
+                        /* Automatically create missing mount points inside the image, if necessary. */
                         r = mkdir_p_root(where, directory, uid_shift, (gid_t) uid_shift, 0755);
                         if (r < 0)
                                 return r;
@@ -1322,8 +1322,18 @@ static int mount_partition(
                         return r;
 
                 p = chased;
-        } else
+        } else {
+                /* Create top-level mount if missing – but only if this is asked for. This won't modify the
+                 * image (as the branch above does) but the host hierarchy, and the created directory might
+                 * survive our mount in the host hierarchy hence. */
+                if (FLAGS_SET(flags, DISSECT_IMAGE_MKDIR)) {
+                        r = mkdir_p(where, 0755);
+                        if (r < 0)
+                                return r;
+                }
+
                 p = where;
+        }
 
         /* If requested, turn on discard support. */
         if (fstype_can_discard(fstype) &&
@@ -1348,12 +1358,6 @@ static int mount_partition(
                 if (!strextend_with_separator(&options, ",", m->mount_options, NULL))
                         return -ENOMEM;
 
-        if (FLAGS_SET(flags, DISSECT_IMAGE_MKDIR)) {
-                r = mkdir_p(p, 0755);
-                if (r < 0)
-                        return r;
-        }
-
         r = mount_nofollow_verbose(LOG_DEBUG, node, p, fstype, MS_NODEV|(rw ? 0 : MS_RDONLY), options);
         if (r < 0)
                 return r;
@@ -1386,10 +1390,6 @@ int dissected_image_mount(DissectedImage *m, const char *where, uid_t uid_shift,
                         return r;
         }
 
-        /* Mask DISSECT_IMAGE_MKDIR for all subdirs: the idea is that only the top-level mount point is
-         * created if needed, but the image itself not modified. */
-        flags &= ~DISSECT_IMAGE_MKDIR;
-
         if ((flags & DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY) == 0) {
                 /* For us mounting root always means mounting /usr as well */
                 r = mount_partition(m->partitions + PARTITION_USR, where, "/usr", uid_shift, flags);

diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h
index 3b30e08f90fbcfc1d9827dd596e0f1629ac8186b..72f10ee2f1cea991761a49bc7046733191901759 100644 (file)
--- a/src/shared/dissect-image.h
+++ b/src/shared/dissect-image.h
@@ -86,7 +86,7 @@ typedef enum DissectImageFlags {
         DISSECT_IMAGE_FSCK                = 1 << 11, /* File system check the partition before mounting (no effect when combined with DISSECT_IMAGE_READ_ONLY) */
         DISSECT_IMAGE_NO_PARTITION_TABLE  = 1 << 12, /* Only recognize single file system images */
         DISSECT_IMAGE_VERITY_SHARE        = 1 << 13, /* When activating a verity device, reuse existing one if already open */
-        DISSECT_IMAGE_MKDIR               = 1 << 14, /* Make directory to mount right before mounting, if missing */
+        DISSECT_IMAGE_MKDIR               = 1 << 14, /* Make top-level directory to mount right before mounting, if missing */
 } DissectImageFlags;
 
 struct DissectedImage {