Merge pull request #13173 from kinvolk/iaguis/fix-norbind

Revert "nspawn: remove unnecessary mount option parsing logic"
2019-07-25 09:47:59 +09:00 · 2019-07-25 09:47:59 +09:00 · 9a4490e1e9
parent 14f3e04d2b 5574181151
commit 9a4490e1e9
2 changed files with 56 additions and 2 deletions
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@ -681,14 +681,55 @@ int mount_all(const char *dest,
        return 0;
 }

+static int parse_mount_bind_options(const char *options, unsigned long *mount_flags, char **mount_opts) {
+        const char *p = options;
+        unsigned long flags = *mount_flags;
+        char *opts = NULL;
+        int r;
+
+        assert(options);
+
+        for (;;) {
+                _cleanup_free_ char *word = NULL;
+
+                r = extract_first_word(&p, &word, ",", 0);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to extract mount option: %m");
+                if (r == 0)
+                        break;
+
+                if (streq(word, "rbind"))
+                        flags |= MS_REC;
+                else if (streq(word, "norbind"))
+                        flags &= ~MS_REC;
+                else {
+                        log_error("Invalid bind mount option: %s", word);
+                        return -EINVAL;
+                }
+        }
+
+        *mount_flags = flags;
+        /* in the future mount_opts will hold string options for mount(2) */
+        *mount_opts = opts;
+
+        return 0;
+}
+
 static int mount_bind(const char *dest, CustomMount *m) {
-        _cleanup_free_ char *where = NULL;
+        _cleanup_free_ char *mount_opts = NULL, *where = NULL;
+        unsigned long mount_flags = MS_BIND | MS_REC;
        struct stat source_st, dest_st;
        int r;

        assert(dest);
        assert(m);

+        if (m->options) {
+                r = parse_mount_bind_options(m->options, &mount_flags, &mount_opts);
+                if (r < 0)
+                        return r;
+        }
+
        if (stat(m->source, &source_st) < 0)
                return log_error_errno(errno, "Failed to stat %s: %m", m->source);

@ -727,7 +768,7 @@ static int mount_bind(const char *dest, CustomMount *m) {
                        return log_error_errno(r, "Failed to create mount point %s: %m", where);
        }

-        r = mount_verbose(LOG_ERR, m->source, where, NULL, MS_BIND | MS_REC, m->options);
+        r = mount_verbose(LOG_ERR, m->source, where, NULL, mount_flags, mount_opts);
        if (r < 0)
                return r;

--- a/test/TEST-13-NSPAWN-SMOKE/test.sh
+++ b/test/TEST-13-NSPAWN-SMOKE/test.sh
@ -83,6 +83,17 @@ function check_bind_tmp_path {
    systemd-nspawn --register=no -D "$_root" --bind=/tmp/bind /bin/sh -c 'test -e /tmp/bind'
 }

+function check_norbind {
+    # https://github.com/systemd/systemd/issues/13170
+    local _root="/var/lib/machines/norbind-path"
+    mkdir -p /tmp/binddir/subdir
+    echo -n "outer" > /tmp/binddir/subdir/file
+    mount -t tmpfs tmpfs /tmp/binddir/subdir
+    echo -n "inner" > /tmp/binddir/subdir/file
+    /create-busybox-container "$_root"
+    systemd-nspawn --register=no -D "$_root" --bind=/tmp/binddir:/mnt:norbind /bin/sh -c 'CONTENT=$(cat /mnt/subdir/file); if [[ $CONTENT != "outer" ]]; then echo "*** unexpected content: $CONTENT"; return 1; fi'
+}
+
 function check_notification_socket {
    # https://github.com/systemd/systemd/issues/4944
    local _cmd='echo a | $(busybox which nc) -U -u -w 1 /run/systemd/nspawn/notify'
@ -168,6 +179,8 @@ function run {

 check_bind_tmp_path

+check_norbind
+
 check_notification_socket

 for api_vfs_writable in yes no network; do