diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-12-15 12:53:49 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-15 12:53:49 +0900 |
| commit | a6e16d949cc290017c79db2d27805ad3c6ebe4a6 (patch) | |
| tree | 8063d85702b5e09202256d6c5930808068421601 /src/basic/mountpoint-util.c | |
| parent | 1af1c95e30da5b9cd2493ec3f46f32ad003386ff (diff) | |
| parent | c41fff1e0897df5731881225d831febaebf70413 (diff) | |
| download | systemd-a6e16d949cc290017c79db2d27805ad3c6ebe4a6.tar.gz | |
Merge pull request #25723 from keszybz/generators-tmp
Run generators with / ro and /tmp mounted
Diffstat (limited to 'src/basic/mountpoint-util.c')
| -rw-r--r-- | src/basic/mountpoint-util.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c index c9253b03f2..09fbdcfebe 100644 --- a/src/basic/mountpoint-util.c +++ b/src/basic/mountpoint-util.c @@ -522,6 +522,52 @@ int dev_is_devtmpfs(void) { return false; } +int mount_fd(const char *source, + int target_fd, + const char *filesystemtype, + unsigned long mountflags, + const void *data) { + + if (mount(source, FORMAT_PROC_FD_PATH(target_fd), filesystemtype, mountflags, data) < 0) { + if (errno != ENOENT) + return -errno; + + /* ENOENT can mean two things: either that the source is missing, or that /proc/ isn't + * mounted. Check for the latter to generate better error messages. */ + if (proc_mounted() == 0) + return -ENOSYS; + + return -ENOENT; + } + + return 0; +} + +int mount_nofollow( + const char *source, + const char *target, + const char *filesystemtype, + unsigned long mountflags, + const void *data) { + + _cleanup_close_ int fd = -1; + + /* In almost all cases we want to manipulate the mount table without following symlinks, hence + * mount_nofollow() is usually the way to go. The only exceptions are environments where /proc/ is + * not available yet, since we need /proc/self/fd/ for this logic to work. i.e. during the early + * initialization of namespacing/container stuff where /proc is not yet mounted (and maybe even the + * fs to mount) we can only use traditional mount() directly. + * + * Note that this disables following only for the final component of the target, i.e symlinks within + * the path of the target are honoured, as are symlinks in the source path everywhere. */ + + fd = open(target, O_PATH|O_CLOEXEC|O_NOFOLLOW); + if (fd < 0) + return -errno; + + return mount_fd(source, fd, filesystemtype, mountflags, data); +} + const char *mount_propagation_flags_to_string(unsigned long flags) { switch (flags & (MS_SHARED|MS_SLAVE|MS_PRIVATE)) { |