diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-06-06 11:42:25 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-06-06 14:37:40 +0200 |
| commit | d6797c920e9eb70f46a893c00fdd9ecb86d15f84 (patch) | |
| tree | 7029ba9333ceb289752c85f154f4fa1350fa941d /src/core | |
| parent | c8835999c33c0443bf91e1a8fa6dd716a8ff0b0f (diff) | |
namespace: beef up read-only bind mount logic
Instead of blindly creating another bind mount for read-only mounts,
check if there's already one we can use, and if so, use it. Also,
recursively mark all submounts read-only too. Also, ignore autofs mounts
when remounting read-only unless they are already triggered.
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/namespace.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c index 43b9045800..f11065ee4b 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -280,9 +280,6 @@ static int apply_mount( switch (m->mode) { - case PRIVATE_DEV: - return mount_dev(m); - case INACCESSIBLE: /* First, get rid of everything that is below if there @@ -295,8 +292,9 @@ static int apply_mount( case READONLY: case READWRITE: - what = m->path; - break; + /* Nothing to mount here, we just later toggle the + * MS_RDONLY bit for the mount point */ + return 0; case PRIVATE_TMP: what = tmp_dir; @@ -306,6 +304,9 @@ static int apply_mount( what = var_tmp_dir; break; + case PRIVATE_DEV: + return mount_dev(m); + default: assert_not_reached("Unknown mode"); } @@ -316,7 +317,7 @@ static int apply_mount( if (r >= 0) log_debug("Successfully mounted %s to %s", what, m->path); else if (m->ignore && errno == ENOENT) - r = 0; + return 0; return r; } @@ -326,14 +327,17 @@ static int make_read_only(BindMount *m) { assert(m); - if (m->mode != INACCESSIBLE && m->mode != READONLY) - return 0; + if (IN_SET(m->mode, INACCESSIBLE, READONLY)) + r = bind_remount_recursive(m->path, true); + else if (m->mode == READWRITE) + r = bind_remount_recursive(m->path, false); + else + r = 0; - r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL); - if (r < 0 && !(m->ignore && errno == ENOENT)) - return -errno; + if (m->ignore && r == -ENOENT) + return 0; - return 0; + return r; } int setup_namespace( |