diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-06-06 11:42:25 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-06-06 14:37:40 +0200 |
| commit | d6797c920e9eb70f46a893c00fdd9ecb86d15f84 (patch) | |
| tree | 7029ba9333ceb289752c85f154f4fa1350fa941d /src/nspawn | |
| parent | c8835999c33c0443bf91e1a8fa6dd716a8ff0b0f (diff) | |
namespace: beef up read-only bind mount logic
Instead of blindly creating another bind mount for read-only mounts,
check if there's already one we can use, and if so, use it. Also,
recursively mark all submounts read-only too. Also, ignore autofs mounts
when remounting read-only unless they are already triggered.
Diffstat (limited to 'src/nspawn')
| -rw-r--r-- | src/nspawn/nspawn.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index a1d77244f8..19fb086e7a 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -635,7 +635,7 @@ static int mount_all(const char *dest) { return r; } -static int mount_binds(const char *dest, char **l, unsigned long flags) { +static int mount_binds(const char *dest, char **l, bool ro) { char **x, **y; STRV_FOREACH_PAIR(x, y, l) { @@ -686,9 +686,12 @@ static int mount_binds(const char *dest, char **l, unsigned long flags) { return -errno; } - if (flags && mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|flags, NULL) < 0) { - log_error("mount(%s) failed: %m", where); - return -errno; + if (ro) { + r = bind_remount_recursive(where, true); + if (r < 0) { + log_error("Read-Only bind mount failed: %s", strerror(-r)); + return r; + } } } @@ -2941,15 +2944,17 @@ int main(int argc, char *argv[]) { /* Turn directory into bind mount */ if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) { - log_error("Failed to make bind mount."); + log_error("Failed to make bind mount: %m"); goto child_fail; } - if (arg_read_only) - if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL) < 0) { - log_error("Failed to make read-only."); + if (arg_read_only) { + k = bind_remount_recursive(arg_directory, true); + if (k < 0) { + log_error("Failed to make tree read-only: %s", strerror(-k)); goto child_fail; } + } if (mount_all(arg_directory) < 0) goto child_fail; @@ -2985,10 +2990,10 @@ int main(int argc, char *argv[]) { if (setup_journal(arg_directory) < 0) goto child_fail; - if (mount_binds(arg_directory, arg_bind, 0) < 0) + if (mount_binds(arg_directory, arg_bind, false) < 0) goto child_fail; - if (mount_binds(arg_directory, arg_bind_ro, MS_RDONLY) < 0) + if (mount_binds(arg_directory, arg_bind_ro, true) < 0) goto child_fail; if (setup_kdbus(arg_directory, kdbus_domain) < 0) |