2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2015-10-26 18:44:13 +01:00
|
|
|
#pragma once
|
|
|
|
|
2015-10-27 13:45:00 +01:00
|
|
|
#include <fcntl.h>
|
2015-10-26 18:44:13 +01:00
|
|
|
#include <mntent.h>
|
2015-10-27 13:45:00 +01:00
|
|
|
#include <stdbool.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <stdio.h>
|
2015-10-27 13:45:00 +01:00
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
2015-11-30 21:43:37 +01:00
|
|
|
#include "macro.h"
|
2015-12-01 23:22:03 +01:00
|
|
|
#include "missing.h"
|
2015-10-26 18:44:13 +01:00
|
|
|
|
2017-11-20 15:29:53 +01:00
|
|
|
int name_to_handle_at_loop(int fd, const char *path, struct file_handle **ret_handle, int *ret_mnt_id, int flags);
|
|
|
|
|
2017-11-20 16:05:41 +01:00
|
|
|
int path_get_mnt_id(const char *path, int *ret);
|
|
|
|
|
2015-10-26 18:44:13 +01:00
|
|
|
int fd_is_mount_point(int fd, const char *filename, int flags);
|
2016-11-18 21:35:21 +01:00
|
|
|
int path_is_mount_point(const char *path, const char *root, int flags);
|
2015-10-26 18:44:13 +01:00
|
|
|
|
2015-10-27 14:25:58 +01:00
|
|
|
int repeat_unmount(const char *path, int flags);
|
|
|
|
|
2015-10-26 18:44:13 +01:00
|
|
|
int umount_recursive(const char *target, int flags);
|
namespace: rework how ReadWritePaths= is applied
Previously, if ReadWritePaths= was nested inside a ReadOnlyPaths=
specification, then we'd first recursively apply the ReadOnlyPaths= paths, and
make everything below read-only, only in order to then flip the read-only bit
again for the subdirs listed in ReadWritePaths= below it.
This is not only ugly (as for the dirs in question we first turn on the RO bit,
only to turn it off again immediately after), but also problematic in
containers, where a container manager might have marked a set of dirs read-only
and this code will undo this is ReadWritePaths= is set for any.
With this patch behaviour in this regard is altered: ReadOnlyPaths= will not be
applied to the children listed in ReadWritePaths= in the first place, so that
we do not need to turn off the RO bit for those after all.
This means that ReadWritePaths=/ReadOnlyPaths= may only be used to turn on the
RO bit, but never to turn it off again. Or to say this differently: if some
dirs are marked read-only via some external tool, then ReadWritePaths= will not
undo it.
This is not only the safer option, but also more in-line with what the man page
currently claims:
"Entries (files or directories) listed in ReadWritePaths= are
accessible from within the namespace with the same access rights as
from outside."
To implement this change bind_remount_recursive() gained a new "blacklist"
string list parameter, which when passed may contain subdirs that shall be
excluded from the read-only mounting.
A number of functions are updated to add more debug logging to make this more
digestable.
2016-09-25 10:40:51 +02:00
|
|
|
int bind_remount_recursive(const char *prefix, bool ro, char **blacklist);
|
2017-05-19 14:38:40 +02:00
|
|
|
int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **blacklist, FILE *proc_self_mountinfo);
|
2015-10-26 18:44:13 +01:00
|
|
|
|
|
|
|
int mount_move_root(const char *path);
|
|
|
|
|
|
|
|
DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, endmntent);
|
|
|
|
#define _cleanup_endmntent_ _cleanup_(endmntentp)
|
2015-10-27 13:45:00 +01:00
|
|
|
|
|
|
|
bool fstype_is_network(const char *fstype);
|
2017-09-04 03:55:51 +02:00
|
|
|
bool fstype_is_api_vfs(const char *fstype);
|
2017-09-29 14:19:22 +02:00
|
|
|
bool fstype_is_ro(const char *fsype);
|
2017-09-29 14:23:17 +02:00
|
|
|
bool fstype_can_discard(const char *fstype);
|
2017-11-28 16:46:26 +01:00
|
|
|
bool fstype_can_uid_gid(const char *fstype);
|
2015-10-27 13:45:00 +01:00
|
|
|
|
2016-07-06 09:48:58 +02:00
|
|
|
const char* mode_to_inaccessible_node(mode_t mode);
|
|
|
|
|
nspawn,mount-util: add [u]mount_verbose and use it in nspawn
This makes it easier to debug failed nspawn invocations:
Mounting sysfs on /var/lib/machines/fedora-rawhide/sys (MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV "")...
Mounting tmpfs on /var/lib/machines/fedora-rawhide/dev (MS_NOSUID|MS_STRICTATIME "mode=755,uid=1450901504,gid=1450901504")...
Mounting tmpfs on /var/lib/machines/fedora-rawhide/dev/shm (MS_NOSUID|MS_NODEV|MS_STRICTATIME "mode=1777,uid=1450901504,gid=1450901504")...
Mounting tmpfs on /var/lib/machines/fedora-rawhide/run (MS_NOSUID|MS_NODEV|MS_STRICTATIME "mode=755,uid=1450901504,gid=1450901504")...
Bind-mounting /sys/fs/selinux on /var/lib/machines/fedora-rawhide/sys/fs/selinux (MS_BIND "")...
Remounting /var/lib/machines/fedora-rawhide/sys/fs/selinux (MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_BIND|MS_REMOUNT "")...
Mounting proc on /proc (MS_NOSUID|MS_NOEXEC|MS_NODEV "")...
Bind-mounting /proc/sys on /proc/sys (MS_BIND "")...
Remounting /proc/sys (MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_BIND|MS_REMOUNT "")...
Bind-mounting /proc/sysrq-trigger on /proc/sysrq-trigger (MS_BIND "")...
Remounting /proc/sysrq-trigger (MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_BIND|MS_REMOUNT "")...
Mounting tmpfs on /tmp (MS_STRICTATIME "mode=1777,uid=0,gid=0")...
Mounting tmpfs on /sys/fs/cgroup (MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME "mode=755,uid=0,gid=0")...
Mounting cgroup on /sys/fs/cgroup/systemd (MS_NOSUID|MS_NOEXEC|MS_NODEV "none,name=systemd,xattr")...
Failed to mount cgroup on /sys/fs/cgroup/systemd (MS_NOSUID|MS_NOEXEC|MS_NODEV "none,name=systemd,xattr"): No such file or directory
2016-10-10 21:55:20 +02:00
|
|
|
int mount_verbose(
|
|
|
|
int error_log_level,
|
|
|
|
const char *what,
|
|
|
|
const char *where,
|
|
|
|
const char *type,
|
|
|
|
unsigned long flags,
|
|
|
|
const char *options);
|
|
|
|
int umount_verbose(const char *where);
|
2016-11-22 20:19:08 +01:00
|
|
|
|
|
|
|
const char *mount_propagation_flags_to_string(unsigned long flags);
|
2016-12-03 19:57:42 +01:00
|
|
|
int mount_propagation_flags_from_string(const char *name, unsigned long *ret);
|
2018-02-15 01:32:04 +01:00
|
|
|
|
|
|
|
int mount_option_mangle(
|
|
|
|
const char *options,
|
|
|
|
unsigned long mount_flags,
|
|
|
|
unsigned long *ret_mount_flags,
|
|
|
|
char **ret_remaining_options);
|
2018-08-13 10:59:44 +02:00
|
|
|
|
|
|
|
int dev_is_devtmpfs(void);
|