diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-11-15 01:42:54 +0100 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-11-17 18:08:32 +0100 | 
| commit | 5327c910d2fc1ae91bd0b891be92b30379c7467b (patch) | |
| tree | 0fc37d0d4db923dd032b7d28514c095f7449a8c0 /src/shared/ima-util.h | |
| parent | 375fd1559b8fd3ece42716af3b8d25bc46fbd6fa (diff) | |
namespace: simplify, optimize and extend handling of mounts for namespace
This changes a couple of things in the namespace handling:
It merges the BindMount and TargetMount structures. They are mostly the same,
hence let's just use the same structue, and rely on C's implicit zero
initialization of partially initialized structures for the unneeded fields.
This reworks memory management of each entry a bit. It now contains one "const"
and one "malloc" path. We use the former whenever we can, but use the latter
when we have to, which is the case when we have to chase symlinks or prefix a
root directory. This means in the common case we don't actually need to
allocate any dynamic memory. To make this easy to use we add an accessor
function bind_mount_path() which retrieves the right path string from a
BindMount structure.
While we are at it, also permit "+" as prefix for dirs configured with
ReadOnlyPaths= and friends: if specified the root directory of the unit is
implicited prefixed.
This also drops set_bind_mount() and uses C99 structure initialization instead,
which I think is more readable and clarifies what is being done.
This drops append_protect_kernel_tunables() and
append_protect_kernel_modules() as append_static_mounts() is now simple enough
to be called directly.
Prefixing with the root dir is now done in an explicit step in
prefix_where_needed(). It will prepend the root directory on each entry that
doesn't have it prefixed yet. The latter is determined depending on an extra
bit in the BindMount structure.
Diffstat (limited to 'src/shared/ima-util.h')
0 files changed, 0 insertions, 0 deletions
