diff options
| author | Luca Boccassi <luca.boccassi@microsoft.com> | 2020-07-30 19:37:10 +0100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-01-18 17:24:05 +0000 |
| commit | 5e8deb94c6f05137942b10b5288a37d9b09fd43f (patch) | |
| tree | 1cbed6e76c6398d4c183a6b71e0a9927386833d8 /src/systemctl | |
| parent | 94293d65cd4125347e21b3e423d0e245226b1be2 (diff) | |
| download | systemd-5e8deb94c6f05137942b10b5288a37d9b09fd43f.tar.gz | |
core: add DBUS method to bind mount new nodes without service restart
Allow to setup new bind mounts for a service at runtime (via either
DBUS or a new 'systemctl bind' verb) with a new helper that forks into
the unit's mount namespace.
Add a new integration test to cover this.
Useful for zero-downtime addition to services that are running inside
mount namespaces, especially when using RootImage/RootDirectory.
If a service runs with a read-only root, a tmpfs is added on /run
to ensure we can create the airlock directory for incoming mounts
under /run/host/incoming.
Diffstat (limited to 'src/systemctl')
| -rw-r--r-- | src/systemctl/systemctl-mount.c | 41 | ||||
| -rw-r--r-- | src/systemctl/systemctl-mount.h | 4 | ||||
| -rw-r--r-- | src/systemctl/systemctl.c | 20 | ||||
| -rw-r--r-- | src/systemctl/systemctl.h | 2 |
4 files changed, 67 insertions, 0 deletions
diff --git a/src/systemctl/systemctl-mount.c b/src/systemctl/systemctl-mount.c new file mode 100644 index 0000000000..513a876f21 --- /dev/null +++ b/src/systemctl/systemctl-mount.c @@ -0,0 +1,41 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#include "bus-error.h" +#include "bus-locator.h" +#include "systemctl-mount.h" +#include "systemctl-util.h" +#include "systemctl.h" + +int mount_bind(int argc, char *argv[], void *userdata) { + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_free_ char *n = NULL; + sd_bus *bus; + int r; + + r = acquire_bus(BUS_MANAGER, &bus); + if (r < 0) + return r; + + polkit_agent_open_maybe(); + + r = unit_name_mangle(argv[1], arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN, &n); + if (r < 0) + return log_error_errno(r, "Failed to mangle unit name: %m"); + + r = bus_call_method( + bus, + bus_systemd_mgr, + "BindMountUnit", + &error, + NULL, + "sssbb", + n, + argv[2], + argv[3], + arg_read_only, + arg_mkdir); + if (r < 0) + return log_error_errno(r, "Failed to bind mount: %s", bus_error_message(&error, r)); + + return 0; +} diff --git a/src/systemctl/systemctl-mount.h b/src/systemctl/systemctl-mount.h new file mode 100644 index 0000000000..1f9b3879fb --- /dev/null +++ b/src/systemctl/systemctl-mount.h @@ -0,0 +1,4 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ +#pragma once + +int mount_bind(int argc, char *argv[], void *userdata); diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 7471fadd91..4726f65f97 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -38,6 +38,7 @@ #include "systemctl-list-units.h" #include "systemctl-log-setting.h" #include "systemctl-logind.h" +#include "systemctl-mount.h" #include "systemctl-preset-all.h" #include "systemctl-reset-failed.h" #include "systemctl-service-watchdogs.h" @@ -105,6 +106,8 @@ bool arg_jobs_before = false; bool arg_jobs_after = false; char **arg_clean_what = NULL; TimestampStyle arg_timestamp_style = TIMESTAMP_PRETTY; +bool arg_read_only = false; +bool arg_mkdir = false; STATIC_DESTRUCTOR_REGISTER(arg_wall, strv_freep); STATIC_DESTRUCTOR_REGISTER(arg_root, freep); @@ -157,6 +160,8 @@ static int systemctl_help(void) { " freeze PATTERN... Freeze execution of unit processes\n" " thaw PATTERN... Resume execution of a frozen unit\n" " set-property UNIT PROPERTY=VALUE... Sets one or more properties of a unit\n" + " bind UNIT PATH [PATH] Bind-mount a path from the host into a\n" + " unit's namespace\n" " service-log-level SERVICE [LEVEL] Get/set logging threshold for service\n" " service-log-target SERVICE [TARGET] Get/set logging target for service\n" " reset-failed [PATTERN...] Reset failed state for all, one, or more\n" @@ -286,6 +291,8 @@ static int systemctl_help(void) { " 'us': 'Day YYYY-MM-DD HH:MM:SS.UUUUUU TZ\n" " 'utc': 'Day YYYY-MM-DD HH:MM:SS UTC\n" " 'us+utc': 'Day YYYY-MM-DD HH:MM:SS.UUUUUU UTC\n" + " --read-only Create read-only bind mount\n" + " --mkdir Create directory before bind-mounting, if missing\n" "\nSee the %2$s for details.\n" , program_invocation_short_name , link @@ -401,6 +408,8 @@ static int systemctl_parse_argv(int argc, char *argv[]) { ARG_WHAT, ARG_REBOOT_ARG, ARG_TIMESTAMP_STYLE, + ARG_READ_ONLY, + ARG_MKDIR, }; static const struct option options[] = { @@ -457,6 +466,8 @@ static int systemctl_parse_argv(int argc, char *argv[]) { { "what", required_argument, NULL, ARG_WHAT }, { "reboot-argument", required_argument, NULL, ARG_REBOOT_ARG }, { "timestamp", required_argument, NULL, ARG_TIMESTAMP_STYLE }, + { "read-only", no_argument, NULL, ARG_READ_ONLY }, + { "mkdir", no_argument, NULL, ARG_MKDIR }, {} }; @@ -878,6 +889,14 @@ static int systemctl_parse_argv(int argc, char *argv[]) { break; + case ARG_READ_ONLY: + arg_read_only = true; + break; + + case ARG_MKDIR: + arg_mkdir = true; + break; + case '.': /* Output an error mimicking getopt, and print a hint afterwards */ log_error("%s: invalid option -- '.'", program_invocation_name); @@ -1045,6 +1064,7 @@ static int systemctl_main(int argc, char *argv[]) { { "add-wants", 3, VERB_ANY, 0, add_dependency }, { "add-requires", 3, VERB_ANY, 0, add_dependency }, { "edit", 2, VERB_ANY, VERB_ONLINE_ONLY, edit }, + { "bind", 3, 4, VERB_ONLINE_ONLY, mount_bind }, {} }; diff --git a/src/systemctl/systemctl.h b/src/systemctl/systemctl.h index cdf56c7220..34650ebb44 100644 --- a/src/systemctl/systemctl.h +++ b/src/systemctl/systemctl.h @@ -90,3 +90,5 @@ extern bool arg_jobs_before; extern bool arg_jobs_after; extern char **arg_clean_what; extern TimestampStyle arg_timestamp_style; +extern bool arg_read_only; +extern bool arg_mkdir; |