summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-06-06 11:42:25 +0200
committerLennart Poettering <lennart@poettering.net>2014-06-06 14:37:40 +0200
commitd6797c920e9eb70f46a893c00fdd9ecb86d15f84 (patch)
tree7029ba9333ceb289752c85f154f4fa1350fa941d /src/core
parentc8835999c33c0443bf91e1a8fa6dd716a8ff0b0f (diff)
namespace: beef up read-only bind mount logic
Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
Diffstat (limited to 'src/core')
-rw-r--r--src/core/namespace.c28
1 files changed, 16 insertions, 12 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 43b9045800..f11065ee4b 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -280,9 +280,6 @@ static int apply_mount(
switch (m->mode) {
- case PRIVATE_DEV:
- return mount_dev(m);
-
case INACCESSIBLE:
/* First, get rid of everything that is below if there
@@ -295,8 +292,9 @@ static int apply_mount(
case READONLY:
case READWRITE:
- what = m->path;
- break;
+ /* Nothing to mount here, we just later toggle the
+ * MS_RDONLY bit for the mount point */
+ return 0;
case PRIVATE_TMP:
what = tmp_dir;
@@ -306,6 +304,9 @@ static int apply_mount(
what = var_tmp_dir;
break;
+ case PRIVATE_DEV:
+ return mount_dev(m);
+
default:
assert_not_reached("Unknown mode");
}
@@ -316,7 +317,7 @@ static int apply_mount(
if (r >= 0)
log_debug("Successfully mounted %s to %s", what, m->path);
else if (m->ignore && errno == ENOENT)
- r = 0;
+ return 0;
return r;
}
@@ -326,14 +327,17 @@ static int make_read_only(BindMount *m) {
assert(m);
- if (m->mode != INACCESSIBLE && m->mode != READONLY)
- return 0;
+ if (IN_SET(m->mode, INACCESSIBLE, READONLY))
+ r = bind_remount_recursive(m->path, true);
+ else if (m->mode == READWRITE)
+ r = bind_remount_recursive(m->path, false);
+ else
+ r = 0;
- r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL);
- if (r < 0 && !(m->ignore && errno == ENOENT))
- return -errno;
+ if (m->ignore && r == -ENOENT)
+ return 0;
- return 0;
+ return r;
}
int setup_namespace(