diff options
-rw-r--r-- | Makefile.am | 4 | ||||
-rw-r--r-- | src/core/machine-id-setup.c | 1 | ||||
-rw-r--r-- | src/nspawn/nspawn.c | 7 | ||||
-rw-r--r-- | src/shared/base-filesystem.c | 82 | ||||
-rw-r--r-- | src/shared/base-filesystem.h | 24 |
5 files changed, 117 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index 37a164e562..bc56d7500d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -827,7 +827,9 @@ libsystemd_shared_la_SOURCES = \ src/shared/eventfd-util.c \ src/shared/eventfd-util.h \ src/shared/copy.c \ - src/shared/copy.h + src/shared/copy.h \ + src/shared/base-filesystem.c \ + src/shared/base-filesystem.h nodist_libsystemd_shared_la_SOURCES = \ src/shared/errno-from-name.h \ diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c index e2e6d02269..f154800484 100644 --- a/src/core/machine-id-setup.c +++ b/src/core/machine-id-setup.c @@ -181,6 +181,7 @@ int machine_id_setup(const char *root) { * will be owned by root it doesn't matter much, but maybe * people look. */ + mkdir_parents(etc_machine_id, 0755); fd = open(etc_machine_id, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444); if (fd >= 0) writable = true; diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 212f7223bb..501bccae87 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -89,6 +89,7 @@ #include "gpt.h" #include "siphash24.h" #include "copy.h" +#include "base-filesystem.h" #ifdef HAVE_SECCOMP #include "seccomp-util.h" @@ -3008,6 +3009,12 @@ int main(int argc, char *argv[]) { srv_device, srv_device_rw) < 0) goto child_fail; + r = base_filesystem_create(arg_directory); + if (r < 0) { + log_error("creating base filesystem failed: %s", strerror(-r)); + goto child_fail; + } + /* Turn directory into bind mount */ if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) { log_error("Failed to make bind mount: %m"); diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c new file mode 100644 index 0000000000..a2201017e0 --- /dev/null +++ b/src/shared/base-filesystem.c @@ -0,0 +1,82 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/*** + This file is part of systemd. + + Copyright 2014 Kay Sievers + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <errno.h> +#include <sys/stat.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include <unistd.h> + +#include "base-filesystem.h" +#include "log.h" +#include "macro.h" +#include "util.h" +#include "label.h" +#include "mkdir.h" + +typedef struct BaseFilesystem { + const char *dir; + mode_t mode; + const char *target; +} BaseFilesystem; + +static const BaseFilesystem table[] = { + { "bin", 0, "usr/bin" }, + { "lib", 0, "usr/lib" }, + { "lib64", 0, "usr/lib64" }, + { "root", 0755, NULL }, + { "sbin", 0, "usr/sbin" }, +}; + +int base_filesystem_create(const char *root) { + _cleanup_close_ int fd = -1; + unsigned i; + int r; + + fd = open(root, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW); + if (fd < 0) + return -errno; + + for (i = 0; i < ELEMENTSOF(table); i ++) { + if (table[i].target) { + /* check if target exists */ + if (faccessat(fd, table[i].target, F_OK, AT_SYMLINK_NOFOLLOW) < 0) + continue; + + r = symlinkat(table[i].target, fd, table[i].dir); + if (r < 0 && errno != EEXIST) { + log_error("Failed to create symlink at %s/%s: %m", root, table[i].dir); + return -errno; + } + continue; + } + + RUN_WITH_UMASK(0000) + r = mkdirat(fd, table[i].dir, table[i].mode); + if (r < 0 && errno != EEXIST) { + log_error("Failed to create directory at %s/%s: %m", root, table[i].dir); + return -errno; + } + } + + return 0; +} diff --git a/src/shared/base-filesystem.h b/src/shared/base-filesystem.h new file mode 100644 index 0000000000..03201f7083 --- /dev/null +++ b/src/shared/base-filesystem.h @@ -0,0 +1,24 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +#pragma once + +/*** + This file is part of systemd. + + Copyright 2014 Kay Sievers + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +int base_filesystem_create(const char *root); |