summaryrefslogtreecommitdiff
path: root/src/basic/mount-util.c
AgeCommit message (Collapse)Author
2016-10-23basic: fallback to the fstat if we don't have access to the /proc/self/fdinfoEvgeny Vereshchagin
https://github.com/systemd/systemd/pull/4372#discussion_r83354107: I get `open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)` 327 mkdir("/proc", 0755 <unfinished ...> 327 <... mkdir resumed> ) = -1 EEXIST (File exists) 327 stat("/proc", <unfinished ...> 327 <... stat resumed> {st_dev=makedev(8, 1), st_ino=28585, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=0, st_blksize=1024, st_blocks=4, st_size=1024, st_atime=2016/10/14-02:55:32, st_mtime=2016/ 327 mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL <unfinished ...> 327 <... mount resumed> ) = 0 327 lstat("/proc", <unfinished ...> 327 <... lstat resumed> {st_dev=makedev(0, 34), st_ino=1, st_mode=S_IFDIR|0555, st_nlink=75, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:35.971031263, 327 lstat("/proc/sys", {st_dev=makedev(0, 34), st_ino=4026531855, st_mode=S_IFDIR|0555, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:39.1630 327 openat(AT_FDCWD, "/proc", O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_PATH) = 11</proc> 327 name_to_handle_at(11</proc>, "sys", {handle_bytes=128}, 0x7ffe3a238604, AT_SYMLINK_FOLLOW) = -1 EOPNOTSUPP (Operation not supported) 327 name_to_handle_at(11</proc>, "", {handle_bytes=128}, 0x7ffe3a238608, AT_EMPTY_PATH) = -1 EOPNOTSUPP (Operation not supported) 327 openat(11</proc>, "sys", O_RDONLY|O_CLOEXEC|O_PATH) = 13</proc/sys> 327 open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) 327 close(13</proc/sys> <unfinished ...> 327 <... close resumed> ) = 0 327 close(11</proc> <unfinished ...> 327 <... close resumed> ) = 0 -bash-4.3# ls -ld /proc/ dr-xr-xr-x 76 65534 65534 0 Oct 14 02:57 /proc/ -bash-4.3# ls -ld /proc/1 dr-xr-xr-x 9 root root 0 Oct 14 02:57 /proc/1 -bash-4.3# ls -ld /proc/1/fdinfo dr-x------ 2 65534 65534 0 Oct 14 03:00 /proc/1/fdinfo
2016-10-11nspawn,mount-util: add [u]mount_verbose and use it in nspawnZbigniew Jędrzejewski-Szmek
This makes it easier to debug failed nspawn invocations: Mounting sysfs on /var/lib/machines/fedora-rawhide/sys (MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV "")... Mounting tmpfs on /var/lib/machines/fedora-rawhide/dev (MS_NOSUID|MS_STRICTATIME "mode=755,uid=1450901504,gid=1450901504")... Mounting tmpfs on /var/lib/machines/fedora-rawhide/dev/shm (MS_NOSUID|MS_NODEV|MS_STRICTATIME "mode=1777,uid=1450901504,gid=1450901504")... Mounting tmpfs on /var/lib/machines/fedora-rawhide/run (MS_NOSUID|MS_NODEV|MS_STRICTATIME "mode=755,uid=1450901504,gid=1450901504")... Bind-mounting /sys/fs/selinux on /var/lib/machines/fedora-rawhide/sys/fs/selinux (MS_BIND "")... Remounting /var/lib/machines/fedora-rawhide/sys/fs/selinux (MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_BIND|MS_REMOUNT "")... Mounting proc on /proc (MS_NOSUID|MS_NOEXEC|MS_NODEV "")... Bind-mounting /proc/sys on /proc/sys (MS_BIND "")... Remounting /proc/sys (MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_BIND|MS_REMOUNT "")... Bind-mounting /proc/sysrq-trigger on /proc/sysrq-trigger (MS_BIND "")... Remounting /proc/sysrq-trigger (MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_BIND|MS_REMOUNT "")... Mounting tmpfs on /tmp (MS_STRICTATIME "mode=1777,uid=0,gid=0")... Mounting tmpfs on /sys/fs/cgroup (MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME "mode=755,uid=0,gid=0")... Mounting cgroup on /sys/fs/cgroup/systemd (MS_NOSUID|MS_NOEXEC|MS_NODEV "none,name=systemd,xattr")... Failed to mount cgroup on /sys/fs/cgroup/systemd (MS_NOSUID|MS_NOEXEC|MS_NODEV "none,name=systemd,xattr"): No such file or directory
2016-09-25namespace: rework how ReadWritePaths= is appliedLennart Poettering
Previously, if ReadWritePaths= was nested inside a ReadOnlyPaths= specification, then we'd first recursively apply the ReadOnlyPaths= paths, and make everything below read-only, only in order to then flip the read-only bit again for the subdirs listed in ReadWritePaths= below it. This is not only ugly (as for the dirs in question we first turn on the RO bit, only to turn it off again immediately after), but also problematic in containers, where a container manager might have marked a set of dirs read-only and this code will undo this is ReadWritePaths= is set for any. With this patch behaviour in this regard is altered: ReadOnlyPaths= will not be applied to the children listed in ReadWritePaths= in the first place, so that we do not need to turn off the RO bit for those after all. This means that ReadWritePaths=/ReadOnlyPaths= may only be used to turn on the RO bit, but never to turn it off again. Or to say this differently: if some dirs are marked read-only via some external tool, then ReadWritePaths= will not undo it. This is not only the safer option, but also more in-line with what the man page currently claims: "Entries (files or directories) listed in ReadWritePaths= are accessible from within the namespace with the same access rights as from outside." To implement this change bind_remount_recursive() gained a new "blacklist" string list parameter, which when passed may contain subdirs that shall be excluded from the read-only mounting. A number of functions are updated to add more debug logging to make this more digestable.
2016-08-18add a new tool for creating transient mount and automount unitsLennart Poettering
This adds "systemd-mount" which is for transient mount and automount units what "systemd-run" is for transient service, scope and timer units. The tool allows establishing mounts and automounts during runtime. It is very similar to the usual /bin/mount commands, but can pull in additional dependenices on access (for example, it pulls in fsck automatically), an take benefit of the automount logic. This tool is particularly useful for mount removable file systems (such as USB sticks), as the automount logic (together with automatic unmount-on-idle), as well as automatic fsck on first access ensure that the removable file system has a high chance to remain in a fully clean state even when it is unplugged abruptly, and returns to a clean state on the next re-plug. This is a follow-up for #2471, as it adds a simple client-side for the transient automount logic added in that PR. In later work it might make sense to invoke this tool automatically from udev rules in order to implement a simpler and safer version of removable media management á la udisks.
2016-07-25namespace: don't fail on masked mounts (#3794)Alban Crequy
Before this patch, a service file with ReadWriteDirectories=/file... could fail if the file exists but is not a mountpoint, despite being listed in /proc/self/mountinfo. It could happen with masked mounts. Fixes https://github.com/systemd/systemd/issues/3793
2016-07-22namespace: ensure to return a valid inaccessible nodes (#3778)Alessandro Puccetti
Because /run/systemd/inaccessible/{chr,blk} are devices with major=0 and minor=0 it might be possible that these devices cannot be created so we use /run/systemd/inaccessible/sock instead to map them.
2016-07-19namespace: unify limit behavior on non-directory pathsAlessandro Puccetti
Despite the name, `Read{Write,Only}Directories=` already allows for regular file paths to be masked. This commit adds the same behavior to `InaccessibleDirectories=` and makes it explicit in the doc. This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}` {dile,device}nodes and mounts on the appropriate one the paths specified in `InacessibleDirectories=`. Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
2016-07-14basic/mount-util: recognize ocfs2 as network fs (#3713)Valentin Vidić
2016-07-11treewide: fix typos and remove accidental repetition of wordsTorstein Husebø
2016-04-28basic/mount-util: recognize pvfs2 as network fs (#3140)Zbigniew Jędrzejewski-Szmek
Added to kernel 4.6.
2016-03-02tree-wide: no need to pass excess flags to open()/openat() if O_PATH is passedAlexander Kuleshov
As described in the documentation: When O_PATH is specified in flags, flag bits other than O_CLOEXEC, O_DIRECTORY, and O_NOFOLLOW are ignored. So, we can remove unnecessary flags in a case when O_PATH is passed to the open() or openat().
2016-02-10tree-wide: remove Emacs lines from all filesDaniel Mack
This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
2015-12-01basic: re-sort includesThomas Hindoe Paaboel Andersen
My previous patch to only include what we use accidentially placed the added inlcudes in non-sorted order.
2015-11-30basic: include only what we useThomas Hindoe Paaboel Andersen
This is a cleaned up result of running iwyu but without forward declarations on src/basic.
2015-10-27automount: move generically userful call repeat_mount() into mount-util.[ch]Lennart Poettering
2015-10-27mount-util: move fstype_is_network() and name_to_handle_at() definitions overLennart Poettering
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27util-lib: split out printf() helpers to stdio-util.hLennart Poettering
2015-10-27util-lib: move mount related utility calls to mount-util.[ch]Lennart Poettering