core/namespace: make '-' prefix in Bind{,ReadOnly}Paths= work
Each path in `Bind{ReadOnly}Paths=` accept '-' prefix. However,
the prefix is completely ignored.
This makes it work as expected.
This commit is contained in:
Yu Watanabe
parent
72d967df3e
commit
4ca763a902
|
|
@ -175,7 +175,9 @@
|
||||||
source path, destination path and option string, where the latter two are optional. If only a source path is
|
source path, destination path and option string, where the latter two are optional. If only a source path is
|
||||||
specified the source and destination is taken to be the same. The option string may be either
|
specified the source and destination is taken to be the same. The option string may be either
|
||||||
<literal>rbind</literal> or <literal>norbind</literal> for configuring a recursive or non-recursive bind
|
<literal>rbind</literal> or <literal>norbind</literal> for configuring a recursive or non-recursive bind
|
||||||
mount. If the destination path is omitted, the option string must be omitted too.</para>
|
mount. If the destination path is omitted, the option string must be omitted too.
|
||||||
|
Each bind mount definition may be prefixed with <literal>-</literal>, in which case it will be ignored
|
||||||
|
when its source path does not exist.</para>
|
||||||
|
|
||||||
<para><varname>BindPaths=</varname> creates regular writable bind mounts (unless the source file system mount
|
<para><varname>BindPaths=</varname> creates regular writable bind mounts (unless the source file system mount
|
||||||
is already marked read-only), while <varname>BindReadOnlyPaths=</varname> creates read-only bind mounts. These
|
is already marked read-only), while <varname>BindReadOnlyPaths=</varname> creates read-only bind mounts. These
|
||||||
|
|
|
||||||
|
|
@ -4173,13 +4173,13 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (c->n_bind_mounts > 0)
|
if (c->n_bind_mounts > 0)
|
||||||
for (i = 0; i < c->n_bind_mounts; i++) {
|
for (i = 0; i < c->n_bind_mounts; i++)
|
||||||
fprintf(f, "%s%s: %s:%s:%s\n", prefix,
|
fprintf(f, "%s%s: %s%s:%s:%s\n", prefix,
|
||||||
c->bind_mounts[i].read_only ? "BindReadOnlyPaths" : "BindPaths",
|
c->bind_mounts[i].read_only ? "BindReadOnlyPaths" : "BindPaths",
|
||||||
|
c->bind_mounts[i].ignore_enoent ? "-": "",
|
||||||
c->bind_mounts[i].source,
|
c->bind_mounts[i].source,
|
||||||
c->bind_mounts[i].destination,
|
c->bind_mounts[i].destination,
|
||||||
c->bind_mounts[i].recursive ? "rbind" : "norbind");
|
c->bind_mounts[i].recursive ? "rbind" : "norbind");
|
||||||
}
|
|
||||||
|
|
||||||
if (c->utmp_id)
|
if (c->utmp_id)
|
||||||
fprintf(f,
|
fprintf(f,
|
||||||
|
|
|
||||||
|
|
@ -262,6 +262,7 @@ static int append_bind_mounts(MountEntry **p, const BindMount *binds, unsigned n
|
||||||
.mode = b->recursive ? BIND_MOUNT_RECURSIVE : BIND_MOUNT,
|
.mode = b->recursive ? BIND_MOUNT_RECURSIVE : BIND_MOUNT,
|
||||||
.read_only = b->read_only,
|
.read_only = b->read_only,
|
||||||
.source_const = b->source,
|
.source_const = b->source,
|
||||||
|
.ignore = b->ignore_enoent,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -728,11 +729,11 @@ static int mount_entry_chase(
|
||||||
const char *root_directory,
|
const char *root_directory,
|
||||||
const MountEntry *m,
|
const MountEntry *m,
|
||||||
const char *path,
|
const char *path,
|
||||||
|
bool chase_nonexistent,
|
||||||
char **location) {
|
char **location) {
|
||||||
|
|
||||||
char *chased;
|
char *chased;
|
||||||
int r;
|
int r;
|
||||||
unsigned flags = 0;
|
|
||||||
|
|
||||||
assert(m);
|
assert(m);
|
||||||
|
|
||||||
|
|
@ -740,18 +741,7 @@ static int mount_entry_chase(
|
||||||
* chase the symlinks on our own first. This is called for the destination path, as well as the source path (if
|
* chase the symlinks on our own first. This is called for the destination path, as well as the source path (if
|
||||||
* that applies). The result is stored in "location". */
|
* that applies). The result is stored in "location". */
|
||||||
|
|
||||||
if (IN_SET(m->mode,
|
r = chase_symlinks(path, root_directory, chase_nonexistent ? CHASE_NONEXISTENT : 0, &chased);
|
||||||
BIND_MOUNT,
|
|
||||||
BIND_MOUNT_RECURSIVE,
|
|
||||||
PRIVATE_TMP,
|
|
||||||
PRIVATE_DEV,
|
|
||||||
BIND_DEV,
|
|
||||||
EMPTY_DIR,
|
|
||||||
SYSFS,
|
|
||||||
PROCFS))
|
|
||||||
flags |= CHASE_NONEXISTENT;
|
|
||||||
|
|
||||||
r = chase_symlinks(path, root_directory, flags, &chased);
|
|
||||||
if (r == -ENOENT && m->ignore) {
|
if (r == -ENOENT && m->ignore) {
|
||||||
log_debug_errno(r, "Path %s does not exist, ignoring.", path);
|
log_debug_errno(r, "Path %s does not exist, ignoring.", path);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -777,7 +767,7 @@ static int apply_mount(
|
||||||
|
|
||||||
assert(m);
|
assert(m);
|
||||||
|
|
||||||
r = mount_entry_chase(root_directory, m, mount_entry_path(m), &m->path_malloc);
|
r = mount_entry_chase(root_directory, m, mount_entry_path(m), !IN_SET(m->mode, INACCESSIBLE, READONLY, READWRITE), &m->path_malloc);
|
||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|
@ -822,7 +812,7 @@ static int apply_mount(
|
||||||
case BIND_MOUNT_RECURSIVE:
|
case BIND_MOUNT_RECURSIVE:
|
||||||
/* Also chase the source mount */
|
/* Also chase the source mount */
|
||||||
|
|
||||||
r = mount_entry_chase(root_directory, m, mount_entry_source(m), &m->source_malloc);
|
r = mount_entry_chase(root_directory, m, mount_entry_source(m), false, &m->source_malloc);
|
||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue