| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| | |
tree-wide: code spelling fixes
|
| |
| |
| |
| | |
As reported by Fossies.
|
|/ |
|
|\
| |
| | |
mountpoint-util: don't go to the network when doing statx() to detect mountpoints/mnt_id
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The overflow check was hosed in two ways: overflows in C are undefined,
hence gcc was free to just optimize the whole thing away. We need to
catch overflows before we run into them, not after.
It checked for an overflow against size_t, but the field we need to
write this in is unsigned. i.e. typically 32bit rather than 64bit. Hence
check for the right maximum.
(The whole check is paranoia anyway, the kernel really shouldn't return
values that would induce an overflow, but you never know, the syscall
turned out to be problematic in so many other ways, hence let's stick to
this.)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
mnt_id/mountpoints
The concept of a "mount" is a local one, hence there's no point in going
to the network to retrieve mnt_id or STATX_ATTR_MOUNT_ROOT. Hence set
AT_STATX_DONT_SYNC so that the call will not go to the network ever, and
risk deadlocking on that.
Just some extra safety.
|
|/
|
|
|
|
|
|
|
| |
strstrafter() is like strstr() but returns a pointer to the first
character *after* the found substring, not on the substring itself.
Quite often this is what we actually want.
Inspired by #27267 I think it makes sense to add a helper for this,
to avoid the potentially fragile manual pointer increment afterwards.
|
| |
|
|
|
|
|
|
|
|
|
| |
Chasing symlinks is a core function that's used in a lot of places
so it deservers a less verbose names so let's rename it to chase()
and chaseat().
We also slightly change the pattern used for the chaseat() helpers
so we get chase_and_openat() and similar.
|
| |
|
|
|
|
| |
mount_option_supported()
|
| |
|
|
|
|
| |
And let's also ask the kernel explicitly for support.
|
|
|
|
| |
support for an fs
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-1 was used everywhere, but -EBADF or -EBADFD started being used in various
places. Let's make things consistent in the new style.
Note that there are two candidates:
EBADF 9 Bad file descriptor
EBADFD 77 File descriptor in bad state
Since we're initializating the fd, we're just assigning a value that means
"no fd yet", so it's just a bad file descriptor, and the first errno fits
better. If instead we had a valid file descriptor that became invalid because
of some operation or state change, the other errno would fit better.
In some places, initialization is dropped if unnecessary.
|
| |
|
|
|
|
| |
singular
|
|\
| |
| | |
Run generators with / ro and /tmp mounted
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the flag is set, we mount /tmp/ in a way that is suitable for generators and
other quick jobs.
Unfortunately I had to move some code from shared/mount-util.c to
basic/mountpoint-util.c. The functions that are moved are very thin wrappers
around mount(2), so this doesn't actually change much in the code split between
libbasic and libshared.
Implications for the host would be weird if a private mount namespace is not
used, so assert on FORK_NEW_MOUNTNS when the flag is used.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 7d4f00c88c65532bf66d20b3ec498b5bfaa621d2.
fstype_can_uid_gid() is about fixating all files to the specified
uid/gid. tmpfs does not qualify. The uid/gid parameter there is simply
about the default uid/gid for the root inode of the tmpfs, it allows
setting uids/gid arbirarily for all inodes after that.
This distinction matters: for file systems this function returns true
for we can use this in place of uidmapped mounts. But for tmpfs this is
not going to work, given inodes on that fs can end up having arbitrary
uid/gid.
See: https://github.com/systemd/systemd/pull/25284#issue-1438427144
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As tmpfs(5) says, both uid= and gid= are supported since kernel 2.5.7 and
the mount utility seems to agree:
```
# stat -c "%U:%G" mnt
root:root
# mount -o uid=testuser,gid=testuser -t tmpfs tmpfs mnt
# stat -c "%U:%G" mnt
testuser:testuser
```
However, systemd-mount currently complains:
```
# systemd-mount --owner testuser -t tmpfs tmpfs mnt
File system type tmpfs is not known to support uid=/gid=, refusing.
```
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inspired by: https://github.com/systemd/systemd/pull/24141
Calling fd_is_mountpoint() with AT_EMPTYPATH and an empty filename can
only work if we have new statx() available. If we do not, we can still
make things work for directories, but not for other inodes (since there
we cannot query information about the parent inode to compare things.)
Hence, let's handle and test this explicitly, to support this to the
level this is possible.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's define two helpers strdupa_safe() + strndupa_safe() which do the
same as their non-safe counterparts, except that they abort if called
with allocations larger than ALLOCA_MAX.
This should ensure that all our alloca() based allocations are subject
to this limit.
afaics glibc offers three alloca() based APIs: alloca() itself,
strndupa() + strdupa(). With this we have now replacements for all of
them, that take the limit into account.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
network fs
The second call to name_to_handle_at_loop() didn't check for the specific
errors that can happen when the parent dir is mounted by nfs and instead of
falling back like it's done for the child dir, fd_is_mount_point() failed in
this case.
|
|
|
|
| |
Those pull in selinux for labelling, and we should avoid selinux in basic/.
|
| |
|
|
|
|
|
|
|
|
| |
The various flavours of stat() basically tell us for free if something
is a symlink. If it is, then it's definitely not a mount point. Use
that.
All other inode types can be mount point, just symlinks cannot.
|
|
|
|
|
|
|
| |
Wherever we read virtual files we better should use
read_full_virtual_file(), to make sure we get a consistent response
given how weird the kernel's handling with partial read on such file
systems is.
|
| |
|
|
|
|
|
| |
Creates a file or a directory depending on the source path, useful
for creating mount points.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So the currentl and only fd_is_mount_point() check is actually entirely
bogus: it passes "/" as filename argument, but that's not actually a
a valid filename, but an absolute path.
fd_is_mount_point() is written in a way tha the fd refers to a directory
and the specified path is a file directly below it that shall be
checked. The test call actually violated that rule, but still expected
success.
Let's fix this, and check for this explicitly, and refuse it.
Let's extend the test and move it to test-mountpoint-util.c where the
rest of the tests for related calls are placed.
Replaces: #18004
Fixes: #17950
|
| |
|
|
|
|
|
| |
Let's deal with the msan initialization issue once for all cases instead
of over and over again.
|
|
|
|
|
|
| |
Similarly to "setup" vs. "set up", "fallback" is a noun, and "fall back"
is the verb. (This is pretty clear when we construct a sentence in the
present continous: "we are falling back" not "we are fallbacking").
|
|
|
|
|
| |
We finally have an explicit API for this in the kernel. It's great and
simple. Let's use it!
|
|
|
|
|
|
|
|
| |
The kernel finally has a proper API to determine the mnt_id of a file.
Let's use it.
This adds support for the STATX_MNT_ID field of statx(), added in
kernel 5.8.
|