Add ExtensionImages directive to form overlays

Add support for overlaying images for services on top of their root fs, using a read-only overlay.
author: Luca Boccassi <luca.boccassi@microsoft.com> 2021-02-22 12:20:33 +0000
committer: Luca Boccassi <luca.boccassi@microsoft.com> 2021-02-23 15:34:46 +0000
commit: 93f597013a82298c5922f2f06de98be22b635e7b (patch)
tree: 963d5f91e083841912ab1a9eba67a96acbd81951 /src/core/execute.c
parent: 82fb2da21347b750b3de53cde588ee1189f7acb7 (diff)
download: systemd-93f597013a82298c5922f2f06de98be22b635e7b.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index d27adbbba5..60d107477b 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2018,6 +2018,9 @@ bool exec_needs_mount_namespace(
         if (context->n_mount_images > 0)
                 return true;
 
+        if (context->n_extension_images > 0)
+                return true;
+
         if (!IN_SET(context->mount_flags, 0, MS_SHARED))
                 return true;
 
@@ -3230,6 +3233,8 @@ static int apply_mount_namespace(
                             context->root_hash, context->root_hash_size, context->root_hash_path,
                             context->root_hash_sig, context->root_hash_sig_size, context->root_hash_sig_path,
                             context->root_verity,
+                            context->extension_images,
+                            context->n_extension_images,
                             propagate_dir,
                             incoming_dir,
                             root_dir || root_image ? params->notify_socket : NULL,
@@ -4816,6 +4821,7 @@ void exec_context_done(ExecContext *c) {
         c->root_hash_sig_size = 0;
         c->root_hash_sig_path = mfree(c->root_hash_sig_path);
         c->root_verity = mfree(c->root_verity);
+        c->extension_images = mount_image_free_many(c->extension_images, &c->n_extension_images);
         c->tty_path = mfree(c->tty_path);
         c->syslog_identifier = mfree(c->syslog_identifier);
         c->user = mfree(c->user);
@@ -5658,6 +5664,19 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
                                 strempty(o->options));
                 fprintf(f, "\n");
         }
+
+        for (size_t i = 0; i < c->n_extension_images; i++) {
+                MountOptions *o;
+
+                fprintf(f, "%sExtensionImages: %s%s", prefix,
+                        c->extension_images[i].ignore_enoent ? "-": "",
+                        c->extension_images[i].source);
+                LIST_FOREACH(mount_options, o, c->extension_images[i].mount_options)
+                        fprintf(f, ":%s:%s",
+                                partition_designator_to_string(o->partition_designator),
+                                strempty(o->options));
+                fprintf(f, "\n");
+        }
 }
 
 bool exec_context_maintains_privileges(const ExecContext *c) {
author	Luca Boccassi <luca.boccassi@microsoft.com>	2021-02-22 12:20:33 +0000
committer	Luca Boccassi <luca.boccassi@microsoft.com>	2021-02-23 15:34:46 +0000
commit	93f597013a82298c5922f2f06de98be22b635e7b (patch)
tree	963d5f91e083841912ab1a9eba67a96acbd81951 /src/core/execute.c
parent	82fb2da21347b750b3de53cde588ee1189f7acb7 (diff)
download	systemd-93f597013a82298c5922f2f06de98be22b635e7b.tar.gz