summaryrefslogtreecommitdiff
path: root/src/shared/mount-util.c
Commit message (Collapse)AuthorAgeFilesLines
* mount-util: simplify mount_switch_root() a bitLennart Poettering2023-05-031-36/+33
| | | | | | | | | | | | | There's no need to fchdir() out of the rootfs and back into it around the umount2(), hence don't. This brings the logic closer to what the pivot_root() man page suggests. While we are at it, always operate based on fds, once we opened the original dir, and pass the path string along only for generating messages (i.e. as "decoration"). Add tests for both code paths: the pivot_root() one and the MS_MOUNT.
* mount-util: split remount_idmap() in twoLennart Poettering2023-04-251-15/+18
| | | | | | | | This will make things a bit longer for now, but more powerful as we can reuse the userns fd between calls to remount_idmap() if we need to adjust multiple mounts. No change in behaviour, just some minor refactoring.
* tree-wide: hook up image dissection policy logic everywhereLennart Poettering2023-04-051-4/+6
|
* chase-symlinks: Rename chase_symlinks() to chase()Daan De Meyer2023-03-241-2/+2
| | | | | | | | | Chasing symlinks is a core function that's used in a lot of places so it deservers a less verbose names so let's rename it to chase() and chaseat(). We also slightly change the pattern used for the chaseat() helpers so we get chase_and_openat() and similar.
* mount-util: introduce remount_sysfs()Yu Watanabe2023-02-231-0/+185
| | | | | | | | | | This is useful when creating a new network namespace. Unlike procfs, we need to remount sysfs, otherwise properties of the network interfaces in the main network namespace are still accessible through the old sysfs, e.g. /sys/class/net/eth0. All sub-mounts previously mounted on the sysfs are moved onto the new sysfs mount. The function will be used in later commits.
* shared: port various shared helpers basename() → path_extract_filename()Lennart Poettering2022-12-231-3/+14
|
* tree-wide: introduce PIPE_EBADF macroYu Watanabe2022-12-201-1/+1
|
* tree-wide: use -EBADF also in pipe initializersZbigniew Jędrzejewski-Szmek2022-12-191-1/+1
| | | | In some places, initialization is dropped when unnecesary.
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-191-3/+3
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* mount-util: make mount_switch_root() take a mount propagation flagYu Watanabe2022-12-151-30/+8
|
* mount-util: mount flag is unsigned longYu Watanabe2022-12-151-3/+3
|
* mount-util: drop unnecessary inline attributesYu Watanabe2022-12-151-2/+2
|
* tree-wide: use mode=0nnn for mount optionZbigniew Jędrzejewski-Szmek2022-12-141-2/+2
| | | | | | This is an octal number. We used the 0 prefix in some places inconsistently. The kernel always interprets in base-8, so this has no effect, but I think it's nicer to use the 0 to remind the reader that this is not a decimal number.
* shared: add new safe_fork flag FORK_PRIVATE_TMPZbigniew Jędrzejewski-Szmek2022-12-141-46/+0
| | | | | | | | | | | | | If the flag is set, we mount /tmp/ in a way that is suitable for generators and other quick jobs. Unfortunately I had to move some code from shared/mount-util.c to basic/mountpoint-util.c. The functions that are moved are very thin wrappers around mount(2), so this doesn't actually change much in the code split between libbasic and libshared. Implications for the host would be weird if a private mount namespace is not used, so assert on FORK_NEW_MOUNTNS when the flag is used.
* nspawn: support pivot_root()Christian Brauner2022-12-051-28/+69
| | | | | | | | | | In order to support pivot_root() we need to move mount propagation changes after the pivot_root(). While MS_MOVE requires the source mount to not be a shared mount pivot_root() also requires the target mount to not be a shared mount. This guarantees that pivot_root() doesn't leak any mounts. Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
* shared: use move_pivot_root() for servicesChristian Brauner2022-11-241-0/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, services use mount_move_root() in order to setup the root directory of services using a mount namespace. This relies on MS_MOVE and chroot(). However, this has serious drawbacks even for relatively simple mount propagation scenarios. What systemd currently does is roughly equivalent to the following shell code: unshare --mount --propagation=shared cd / mount --make-rslave / mkdir /new-root mount --rbind / /new-root cd /new-root mount --move /new-root / chroot . This looks simple enough but has the consequence that two separate mount trees exist for the lifetime of the service. The first one was created when the mount namespace was created, and the second one when a new mount for the rootfs was created. The first mount tree sticks around as a shadow mount tree. Both mount trees are dependent mounts with the host rootfs as their dominating mount. Now, when mount propagation is triggered by the host by e.g., mount --bind /opt /mnt it means that two propagation events are generated. I'm skipping over the exact kernel details as they aren't that important. The gist is that for every propagation event that is generated a second one is generated for the shadow mount tree. In other words, the kernel creates two copies for each mount that is propagated instead of one. This isn't necessary. We can simply change the sequence above to: unshare --mount --propagation=shared cd / mount --make-rslave / mkdir /new-root # stash fd to old rootfs # stash fd to new rootfs mount --rbind / /new-root mkdir /new-root cd /new-root pivot_root . . # new root is tucked under old root # chdir into old rootfs via stashed fd umount -l /old-root The pivot_root allows us to get rid of the old mount tree that was created when the mount namespace was created. So after this sequence only one mount tree is alive. Plus, it's safer and nicer. Moving mounts isn't pleasnt. This patch doesn't convert nspawn yet as the requirements are more tricky given that it wants to preserve the rootfs as a shared mount which goes against pivot_root() requirements. Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
* shared/mount-util: fix commentZbigniew Jędrzejewski-Szmek2022-11-091-7/+5
| | | | | Just typos and grammar. In the end didn't add a use of a function, but I read the comment carefully, and this commit is the result of that.
* mount-util: do not pass 'x-*' options to mount syscallLuca Boccassi2022-10-121-1/+3
| | | | They will not be recognized. libmount filters them manually.
* mount-util: use in_same_namespace()Christian Brauner2022-10-041-12/+5
| | | | Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
* nspawn: add support for rootidmap bind optionQuentin Deslandes2022-09-051-19/+31
| | | | | | | | rootidmap bind option will map the root user from the container to the owner of the mounted directory on the filesystem. This will ensure files and directories created by the root user in the container will be owned by the directory owner on the filesystem. All other user will remain unmapped.
* nspawn: rename RemountIdmapFlags enum to RemountIdmappingQuentin Deslandes2022-09-051-4/+4
| | | | | | This enum should be used to define various idmapping modes for bind mounts which might be incompatible. Changing its name and the values name to reflect that.
* mount-util: fix error codeYu Watanabe2022-09-051-1/+1
| | | | | | | | | | | | | | | | | | | | If multiple service is starting simultaneously with a shared image, then one of the service may fail to create a mount node: systemd[695]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... systemd[696]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... systemd[695]: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory systemd[696]: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory systemd[695]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... systemd[696]: Failed to create destination mount point node '/run/systemd/unit-root/run/host/os-release': Operation not permitted systemd[695]: Successfully mounted /usr/lib/os-release to /run/systemd/unit-root/run/host/os-release The function apply_one_mount() in src/core/namespace.c gracefully handles -EEXIST from make_mount_point_inode_from_path(), but it erroneously returned -EPERM previously. This fixes the issue. Fixes one of the issues in #24147, especially reported at https://github.com/systemd/systemd/issues/24147#issuecomment-1236194671.
* tree-wide: Use correct format specifiersJan Janssen2022-08-301-2/+2
| | | | gcc will complain about all these with -Wformat-signedness.
* glibc: Remove #include <linux/fs.h> to resolve fsconfig_command/mount_attr ↵Rudi Heitbaum2022-07-241-0/+2
| | | | conflict with glibc 2.36
* tree-wide: allow ASCII fallback for → in logsDavid Tardon2022-06-281-2/+3
|
* core: fix dm-verity auto-discovery in MountImageUnit()Luca Boccassi2022-04-071-2/+4
| | | | | | | | | The implementation of MountImageUnit()/systemctl mount-image was changed to use a /proc/self/fd path as the source, but that causes the dm-verity files autodiscovery to fail, as it looks for files in the same directory as the image. Use the original file path when setting up dm-verity.
* tree-wide: add a space after if, switch, for, and whileYu Watanabe2022-04-011-1/+1
|
* strv: make iterator in STRV_FOREACH() declaread in the loopYu Watanabe2022-03-191-1/+0
| | | | This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
* nspawn: make sure host root can write to the uidmapped mounts we prepare for ↵Lennart Poettering2022-03-171-5/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the container payload When using user namespaces in conjunction with uidmapped mounts, nspawn so far set up two uidmappings: 1. One that is used for the uidmapped mount and that maps the UID range 0…65535 on the backing fs to some high UID range X…X+65535 on the uidmapped fs. (Let's call this mapping the "mount mapping") 2. One that is used for the userns namespace the container payload processes run in, that maps X…X+65535 back to 0…65535. (Let's call this one the "process mapping"). These mappings hence are pretty much identical, one just moves things up and one back down. (Reminder: we do all this so that the processes can run under high UIDs while running off file systems that require no recursive chown()ing, i.e. we want processes with high UID range but files with low UID range.) This creates one problem, i.e. issue #20989: if nspawn (which runs as host root, i.e. host UID 0) wants to add inodes to the uidmapped mount it can't do that, since host UID 0 is not defined in the mount mapping (only the X…X+65536 range is, after all, and X > 0), and processes whose UID is not mapped in a uidmapped fs cannot create inodes in it since those would be owned by an unmapped UID, which then triggers the famous EOVERFLOW error. Let's fix this, by explicitly including an entry for the host UID 0 in the mount mapping. Specifically, we'll extend the mount mapping to map UID 2147483646 (which is INT32_MAX-1, see code for an explanation why I picked this one) of the backing fs to UID 0 on the uidmapped fs. This way nspawn can creates inode on the uidmapped as it likes (which will then actually be owned by UID 2147483646 on the backing fs), and as it always did. Note that we do *not* create a similar entry in the process mapping. Thus any files created by nspawn that way (and not chown()ed to something better) will appear as unmapped (i.e. as overflowuid/"nobody") in the container payload. And that's good. Of course, the latter is mostly theoretic, as nspawn should generally chown() the inodes it creates to UID ranges that actually make sense for the container (and we generally already do this correctly), but it#s good to know that we are safe here, given we might accidentally forget to chown() some inodes we create. Net effect: the two mappings will not be identical anymore. The mount mapping has one entry more, and the only reason it exists is so that nspawn can access the uidmapped fs reasonably independently from any process mapping. Fixes: #20989
* tree-wide: port various places over to new stat_inode_same() helperLennart Poettering2022-02-141-1/+1
|
* tree-wide: move `unsigned` to the start of type declarationFrantisek Sumsal2022-02-101-2/+2
| | | | | | | | | | | | | | | | | Even though ISO C11 doesn't mandate in which order the type specifiers should appear, having `unsigned` at the beginning of each type declaration feels more natural and, more importantly, it unbreaks Coccinelle, which has a hard time parsing `long unsigned` and others: ``` init_defs_builtins: /usr/lib64/coccinelle/standard.h init_defs: /home/mrc0mmand/repos/systemd/coccinelle/macros.h HANDLING: src/shared/mount-util.c : 1: strange type1, maybe because of weird order: long unsigned ``` Most of the codebase already "complies", so let's fix the remaining "offenders".
* extension-release.d/: add a new field SYSEXT_SCOPE= for clarifying what a ↵Lennart Poettering2021-11-231-1/+1
| | | | | | | | | | | | | | | | system extension is for This should make things a bit more robust since it ensures system extension can only applied to the right environments. Right now three different "scopes" are defined: 1. "system" (for regular OS systems, after the initrd transition) 2. "initrd" (for sysext images that apply to the initrd environment) 3. "portable" (for sysext images that apply to portable images) If not specified we imply a default of "system portable", i.e. any image where the field is not specified is implicitly OK for application to OS images and for portable services – but not for initrds.
* shared: clean up mkdir.h/label.h situationLennart Poettering2021-11-161-1/+1
| | | | | | | | | | Previously the mkdir_label() family of calls was implemented in src/shared/mkdir-label.c but its functions partly declared ins src/shared/label.h and partly in src/basic/mkdir.h (!!). That's weird (and wrong). Let's clean this up, and add a proper mkdir-label.h matching the .c file.
* tree-wide: use new RET_NERRNO() helper at various placesLennart Poettering2021-11-161-5/+2
|
* mount-util: move opening of /proc/self/mountinfo into ↵Lennart Poettering2021-10-251-17/+9
| | | | | | | | | | bind_remount_one_with_mountinfo() Let's move things around a bit, and open /proc/self/mountinfo if needed inside of bind_remount_one_with_mountinfo(). That way bind_remount_one() can become a superthin inline wrapper around bind_remount_one_with_mountinfo(). Main benefit is that we don't even have to open /p/s/mi in case mount_setattr() actually worked for us.
* mount-util: port over bind_remount_recursive_with_mountinfo() to mount_setattr()Lennart Poettering2021-10-251-0/+24
|
* mount-util: use modern mount_setattr() syscall for ↵Lennart Poettering2021-10-251-0/+42
| | | | | | | bind_remount_one_with_mountinfo() New kernels have a nice syscall for changing bind mount flags. Let's use it. This makes the complex libmount based iteration logic unnecessary.
* namespace-util: introduce userns_acquire() as helper for allocating new ↵Lennart Poettering2021-10-221-23/+4
| | | | | | | | unbound userns This returns a namespace fd, and takes a uidmap/gidmap as string. This is split out out mount-util.c's remount_idmap() logic, so that we can allocate a userns independently.
* basic: spit out chase_symlinks() from fs-util.[ch] → chase-symlinks.[ch]Lennart Poettering2021-10-051-0/+1
|
* tree-wide: port things over to FORMAT_PROC_FD_PATH()Lennart Poettering2021-08-191-12/+6
|
* Move freeze() into shared/Zbigniew Jędrzejewski-Szmek2021-07-231-3/+2
| | | | | | | | Library code should not call freeze(), this is something that should only be done by "application code", so moving it into shared/ is appropriate. The fallback to call _exit() is dropped: let's trust that the infinite loop is infinite.
* core: when recursively bind-remounting nested mounts, use options from top oneLuca Boccassi2021-06-301-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When mount points are stacked, bind_remount_recursive_with_mountinfo() uses the existing mount options of the "lower" level mount (ie: the first one that was mounted on a mount point). But the actual mount point in use is the "top" one (ie: the last one that was mounted on a mount point), so in practice if the mount options are different between the layers, the bottom options are used by mistake on the top mount, which is not what we want. This is because libmount returns the "bottom" one first. If the hashmap returns EEXIST, which means the same key (path) with different value (options) is already present, update the hashmap instead of discarding the result. This way, the last/top mount options are always used when mounts are stacked on a mount point. This was found to cause problems as LXC version 4.x stacks two /sys mounts, the bottom one read-write and the top one read-only. systemd accidentally remounts the top-one read-write, breaking various expectations since a read-only /sys is the way we decide whether we are running in a container or not (in this particular case, networkd tests are broken as networkd expects to be able to modify network settings with a writable /sys). Future versions of LXC will no longer do this double-stacking, but we need to support running inside older versions too. This was triggered by https://github.com/systemd/systemd/commit/6720e356c137 as that causes a recursive remount of '/', which processes '/sys' as one of the submounts, from make_nosuid(). But it's likely that other combinations of options could trigger this as well. Before: root@systemd-debug:/# systemd-run -t --wait --property ProtectSystem=yes findmnt Running as unit: run-u9.service Press ^] three times within 1s to disconnect TTY. TARGET SOURCE FSTYPE OPTIONS / /dev/sda2[/var/lib/lxc/systemd-debug/rootfs] │ ext4 ro,nosuid,relatime,errors=remount-ro,stripe= ├─/dev none tmpfs rw,nosuid,relatime,size=492k,mode=755 │ ├─/dev/.lxc/proc proc proc rw,nosuid,relatime │ ├─/dev/.lxc/sys sys sysfs rw,nosuid,relatime │ ├─/dev/console devpts[/2] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptm │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptm │ ├─/dev/ptmx devpts[/ptmx] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptm │ ├─/dev/tty1 devpts[/0] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptm │ ├─/dev/tty2 devpts[/1] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptm │ ├─/dev/tty3 devpts[/2] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptm │ ├─/dev/tty4 devpts[/3] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptm │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,nosuid,relatime,pagesize=2M │ └─/dev/mqueue mqueue mqueue rw,nosuid,nodev,noexec,relatime ├─/proc proc proc rw,nosuid,nodev,noexec,relatime │ ├─/proc/sys proc[/sys] proc ro,nosuid,nodev,noexec,relatime │ │ ├─/proc/sys/net proc[/sys/net] proc rw,nosuid,nodev,noexec,relatime │ │ └─/proc/sys/kernel/random/boot_id │ │ none[/.lxc-boot-id] tmpfs ro,nosuid,nodev,noexec,relatime,size=492k,mo │ └─/proc/sysrq-trigger proc[/sysrq-trigger] proc ro,nosuid,nodev,noexec,relatime ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ └─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/devices/virtual/net sysfs sysfs rw,relatime │ │ └─/sys/devices/virtual/net │ │ sysfs[/devices/virtual/net] sysfs rw,nosuid,relatime │ ├─/sys/fs/fuse/connections fusectl fusectl rw,nosuid,nodev,noexec,relatime │ └─/sys/fs/cgroup cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,m ├─/run tmpfs tmpfs ro,nosuid,nodev,size=4912348k,nr_inodes=8192 │ ├─/run/credentials tmpfs[/systemd/inaccessible/dir] tmpfs ro,nosuid,nodev,noexec,size=4912348k,nr_inod │ └─/run/systemd/incoming tmpfs[/systemd/propagate/run-u9.service] │ tmpfs ro,nosuid,nodev,size=4912348k,nr_inodes=8192 ├─/tmp tmpfs tmpfs rw,nosuid,nodev,size=12280872k,nr_inodes=409 │ └─/tmp tmpfs[/systemd-private-b730df90da424397a3f246cb15dcdbb1-run-u9.service-K6EUwf/tmp] │ tmpfs rw,nosuid,nodev,size=12280872k,nr_inodes=409 └─/var/tmp /dev/sda2[/var/lib/lxc/systemd-debug/rootfs/var/tmp/systemd-private-b730df90da424397a3f246cb15dcdbb1-run-u9.service-vEHyRi/tmp] ext4 rw,nosuid,relatime,errors=remount-ro,stripe= Finished with result: success Main processes terminated with: code=exited/status=0 Service runtime: 14.249s CPU time consumed: 37ms After: root@systemd-debug:/# systemd-run -t --wait --property ProtectSystem=yes findmnt Running as unit: run-u3.service Press ^] three times within 1s to disconnect TTY. TARGET SOURCE FSTYPE OPTIONS / /dev/sda2[/var/lib/lxc/systemd-debug/rootfs] │ ext4 rw,relatime,errors=remount-ro,stripe=32699 ├─/dev none tmpfs rw,relatime,size=492k,mode=755 │ ├─/dev/.lxc/proc proc proc rw,relatime │ ├─/dev/.lxc/sys sys sysfs rw,relatime │ ├─/dev/console devpts[/2] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode │ ├─/dev/ptmx devpts[/ptmx] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode │ ├─/dev/tty1 devpts[/0] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode │ ├─/dev/tty2 devpts[/1] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode │ ├─/dev/tty3 devpts[/2] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode │ ├─/dev/tty4 devpts[/3] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime,pagesize=2M │ └─/dev/mqueue mqueue mqueue rw,nosuid,nodev,noexec,relatime ├─/proc proc proc rw,nosuid,nodev,noexec,relatime │ ├─/proc/sys proc[/sys] proc ro,nosuid,nodev,noexec,relatime │ │ ├─/proc/sys/net proc[/sys/net] proc rw,nosuid,nodev,noexec,relatime │ │ └─/proc/sys/kernel/random/boot_id │ │ none[/.lxc-boot-id] tmpfs ro,nosuid,nodev,noexec,relatime,size=492k,mode=75 │ └─/proc/sysrq-trigger proc[/sysrq-trigger] proc ro,nosuid,nodev,noexec,relatime ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ └─/sys sysfs sysfs ro,nosuid,nodev,noexec,relatime │ ├─/sys/devices/virtual/net sysfs sysfs rw,relatime │ │ └─/sys/devices/virtual/net │ │ sysfs[/devices/virtual/net] sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/fuse/connections fusectl fusectl rw,nosuid,nodev,noexec,relatime │ └─/sys/fs/cgroup cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory ├─/run tmpfs tmpfs rw,nosuid,nodev,size=4912348k,nr_inodes=819200,mo │ ├─/run/credentials tmpfs[/systemd/inaccessible/dir] │ │ tmpfs ro,nosuid,nodev,noexec,size=4912348k,nr_inodes=81 │ └─/run/systemd/incoming tmpfs[/systemd/propagate/run-u3.service] │ tmpfs ro,nosuid,nodev,size=4912348k,nr_inodes=819200,mo ├─/tmp tmpfs tmpfs rw,nosuid,nodev,size=12280872k,nr_inodes=409600 ├─/boot /dev/sda2[/var/lib/lxc/systemd-debug/rootfs/boot] │ ext4 ro,relatime,errors=remount-ro,stripe=32699 └─/usr /dev/sda2[/var/lib/lxc/systemd-debug/rootfs/usr] ext4 ro,relatime,errors=remount-ro,stripe=32699 Finished with result: success Main processes terminated with: code=exited/status=0 Service runtime: 14ms CPU time consumed: 5ms Host (LXC): root@systemd-debug:/# findmnt TARGET SOURCE FSTYPE OPTIONS / /dev/sda2[/var/lib/lxc/systemd-debug/rootfs] │ ext4 rw,relatime,errors=remount-ro,stripe=32699 ├─/run tmpfs tmpfs rw,nosuid,nodev,size=4912348k,nr_inodes=819200,mode=755 ├─/tmp tmpfs tmpfs rw,nosuid,nodev,size=12280872k,nr_inodes=409600 ├─/dev none tmpfs rw,relatime,size=492k,mode=755 │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666,ma │ ├─/dev/ptmx devpts[/ptmx] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666,ma │ ├─/dev/tty1 devpts[/0] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666,ma │ ├─/dev/tty2 devpts[/1] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666,ma │ ├─/dev/tty3 devpts[/2] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666,ma │ ├─/dev/tty4 devpts[/3] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666,ma │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime,pagesize=2M │ ├─/dev/mqueue mqueue mqueue rw,nosuid,nodev,noexec,relatime │ ├─/dev/console devpts[/2] devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 │ ├─/dev/.lxc/proc proc proc rw,relatime │ └─/dev/.lxc/sys sys sysfs rw,relatime ├─/proc proc proc rw,nosuid,nodev,noexec,relatime │ ├─/proc/sys proc[/sys] proc ro,nosuid,nodev,noexec,relatime │ │ ├─/proc/sys/kernel/random/boot_id │ │ │ none[/.lxc-boot-id] tmpfs ro,nosuid,nodev,noexec,relatime,size=492k,mode=755 │ │ └─/proc/sys/net proc[/sys/net] proc rw,nosuid,nodev,noexec,relatime │ └─/proc/sysrq-trigger proc[/sysrq-trigger] proc ro,nosuid,nodev,noexec,relatime └─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime └─/sys sysfs sysfs ro,nosuid,nodev,noexec,relatime ├─/sys/devices/virtual/net sysfs sysfs rw,relatime │ └─/sys/devices/virtual/net │ sysfs[/devices/virtual/net] │ sysfs rw,nosuid,nodev,noexec,relatime ├─/sys/fs/fuse/connections fusectl fusectl rw,nosuid,nodev,noexec,relatime └─/sys/fs/cgroup cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recurs Fixes https://github.com/systemd/systemd/issues/20032
* basic,shared: move make_mount_point_inode_*() to shared/Zbigniew Jędrzejewski-Szmek2021-06-231-0/+23
| | | | Those pull in selinux for labelling, and we should avoid selinux in basic/.
* test-mount-util: add output test for mount_flags_to_string()Zbigniew Jędrzejewski-Szmek2021-06-221-1/+1
|
* mount-util: add one more assertionYu Watanabe2021-06-221-0/+2
|
* mount-util: use EXTRACT_KEEP_QUOTE to handle mount optionsYu Watanabe2021-06-211-1/+1
| | | | Otherwise, the quotes which wrap SELinux options are dropped.
* mount-util: reduce scope of variableYu Watanabe2021-06-211-3/+1
|
* mount-util: make mount_flags_to_string() show flag name instead of numberYu Watanabe2021-06-211-66/+48
| | | | | This also adds missing MS_NOSYMFOLLOW flag. Moreover, this makes the function always add unhandled flags in number.
* mount-util: add a helper that can add an idmap to an existing mountLennart Poettering2021-05-071-1/+84
| | | | | | This makes use of the new kernel 5.12 APIs to add an idmap to a mount point. It does so by cloning the mountpoint, changing it, and then unmounting the old mountpoint, replacing it later with the new one.
* mount-util: add helper that ensures something is a mount pointLennart Poettering2021-05-071-0/+20
|
View Lorry Controller Status