diff options
Diffstat (limited to 'src/nspawn/nspawn-mount.c')
-rw-r--r-- | src/nspawn/nspawn-mount.c | 500 |
1 files changed, 38 insertions, 462 deletions
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index b5df65e2a4..a9af889747 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -6,11 +6,11 @@ #include "alloc-util.h" #include "escape.h" #include "fd-util.h" -#include "fileio.h" #include "fs-util.h" #include "label.h" #include "mkdir.h" #include "mount-util.h" +#include "mountpoint-util.h" #include "nspawn-mount.h" #include "parse-util.h" #include "path-util.h" @@ -19,6 +19,7 @@ #include "stat-util.h" #include "string-util.h" #include "strv.h" +#include "tmpfile-util.h" #include "user-util.h" #include "util.h" @@ -69,20 +70,14 @@ void custom_mount_free_all(CustomMount *l, size_t n) { free(l); } -static int custom_mount_compare(const void *a, const void *b) { - const CustomMount *x = a, *y = b; +static int custom_mount_compare(const CustomMount *a, const CustomMount *b) { int r; - r = path_compare(x->destination, y->destination); + r = path_compare(a->destination, b->destination); if (r != 0) return r; - if (x->type < y->type) - return -1; - if (x->type > y->type) - return 1; - - return 0; + return CMP(a->type, b->type); } static bool source_path_is_valid(const char *p) { @@ -116,7 +111,7 @@ int custom_mount_prepare_all(const char *dest, CustomMount *l, size_t n) { assert(l || n == 0); /* Order the custom mounts, and make sure we have a working directory */ - qsort_safe(l, n, sizeof(CustomMount), custom_mount_compare); + typesafe_qsort(l, n, custom_mount_compare); for (i = 0; i < n; i++) { CustomMount *m = l + i; @@ -327,19 +322,15 @@ int overlay_mount_parse(CustomMount **l, size_t *n, const char *s, bool read_onl return 0; } -static int tmpfs_patch_options( +int tmpfs_patch_options( const char *options, - bool userns, - uid_t uid_shift, uid_t uid_range, - bool patch_ids, + uid_t uid_shift, const char *selinux_apifs_context, char **ret) { char *buf = NULL; - if ((userns && uid_shift != 0) || patch_ids) { - assert(uid_shift != UID_INVALID); - + if (uid_shift != UID_INVALID) { if (asprintf(&buf, "%s%suid=" UID_FMT ",gid=" UID_FMT, strempty(options), options ? "," : "", uid_shift, uid_shift) < 0) @@ -433,16 +424,14 @@ int mount_sysfs(const char *dest, MountSettingsMask mount_settings) { /* Create mountpoint for cgroups. Otherwise we are not allowed since we * remount /sys read-only. */ - if (cg_ns_supported()) { - x = prefix_roota(top, "/fs/cgroup"); - (void) mkdir_p(x, 0755); - } + x = prefix_roota(top, "/fs/cgroup"); + (void) mkdir_p(x, 0755); return mount_verbose(LOG_ERR, NULL, top, NULL, MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT|extra_flags, NULL); } -static int mkdir_userns(const char *path, mode_t mode, MountSettingsMask mask, uid_t uid_shift) { +static int mkdir_userns(const char *path, mode_t mode, uid_t uid_shift) { int r; assert(path); @@ -451,10 +440,7 @@ static int mkdir_userns(const char *path, mode_t mode, MountSettingsMask mask, u if (r < 0 && r != -EEXIST) return r; - if ((mask & MOUNT_USE_USERNS) == 0) - return 0; - - if (mask & MOUNT_IN_USERNS) + if (uid_shift == UID_INVALID) return 0; if (lchown(path, uid_shift, uid_shift) < 0) @@ -463,7 +449,7 @@ static int mkdir_userns(const char *path, mode_t mode, MountSettingsMask mask, u return 0; } -static int mkdir_userns_p(const char *prefix, const char *path, mode_t mode, MountSettingsMask mask, uid_t uid_shift) { +static int mkdir_userns_p(const char *prefix, const char *path, mode_t mode, uid_t uid_shift) { const char *p, *e; int r; @@ -490,17 +476,17 @@ static int mkdir_userns_p(const char *prefix, const char *path, mode_t mode, Mou if (prefix && path_startswith(prefix, t)) continue; - r = mkdir_userns(t, mode, mask, uid_shift); + r = mkdir_userns(t, mode, uid_shift); if (r < 0) return r; } - return mkdir_userns(path, mode, mask, uid_shift); + return mkdir_userns(path, mode, uid_shift); } int mount_all(const char *dest, MountSettingsMask mount_settings, - uid_t uid_shift, uid_t uid_range, + uid_t uid_shift, const char *selinux_apifs_context) { #define PROC_INACCESSIBLE(path) \ @@ -558,8 +544,8 @@ int mount_all(const char *dest, /* Then we list outer child mounts (i.e. mounts applied *before* entering user namespacing) */ { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, - MOUNT_FATAL }, - { "tmpfs", "/sys", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, + MOUNT_FATAL|MOUNT_APPLY_TMPFS_TMP }, + { "tmpfs", "/sys", "tmpfs", "mode=555", MS_NOSUID|MS_NOEXEC|MS_NODEV, MOUNT_FATAL|MOUNT_APPLY_APIVFS_NETNS }, { "sysfs", "/sys", "sysfs", NULL, MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, MOUNT_FATAL|MOUNT_APPLY_APIVFS_RO }, /* skipped if above was mounted */ @@ -571,6 +557,8 @@ int mount_all(const char *dest, MOUNT_FATAL }, { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, MOUNT_FATAL }, + { "mqueue", "/dev/mqueue", "mqueue", NULL, 0, + MOUNT_FATAL }, #if HAVE_SELINUX { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, @@ -585,6 +573,7 @@ int mount_all(const char *dest, bool netns = (mount_settings & MOUNT_APPLY_APIVFS_NETNS); bool ro = (mount_settings & MOUNT_APPLY_APIVFS_RO); bool in_userns = (mount_settings & MOUNT_IN_USERNS); + bool tmpfs_tmp = (mount_settings & MOUNT_APPLY_TMPFS_TMP); size_t k; int r; @@ -602,6 +591,9 @@ int mount_all(const char *dest, if (!ro && (bool)(mount_table[k].mount_settings & MOUNT_APPLY_APIVFS_RO)) continue; + if (!tmpfs_tmp && (bool)(mount_table[k].mount_settings & MOUNT_APPLY_TMPFS_TMP)) + continue; + r = chase_symlinks(mount_table[k].where, dest, CHASE_NONEXISTENT|CHASE_PREFIX_ROOT, &where); if (r < 0) return log_error_errno(r, "Failed to resolve %s/%s: %m", dest, mount_table[k].where); @@ -634,7 +626,7 @@ int mount_all(const char *dest, if (what && r > 0) continue; - r = mkdir_userns_p(dest, where, 0755, mount_settings, uid_shift); + r = mkdir_userns_p(dest, where, 0755, (use_userns && !in_userns) ? uid_shift : UID_INVALID); if (r < 0 && r != -EEXIST) { if (fatal && r != -EROFS) return log_error_errno(r, "Failed to create directory %s: %m", where); @@ -649,10 +641,7 @@ int mount_all(const char *dest, o = mount_table[k].options; if (streq_ptr(mount_table[k].type, "tmpfs")) { - if (in_userns) - r = tmpfs_patch_options(o, use_userns, 0, uid_range, true, selinux_apifs_context, &options); - else - r = tmpfs_patch_options(o, use_userns, uid_shift, uid_range, false, selinux_apifs_context, &options); + r = tmpfs_patch_options(o, in_userns ? 0 : uid_shift, selinux_apifs_context, &options); if (r < 0) return log_oom(); if (r > 0) @@ -692,15 +681,15 @@ static int mount_bind(const char *dest, CustomMount *m) { if (stat(where, &dest_st) < 0) return log_error_errno(errno, "Failed to stat %s: %m", where); - if (S_ISDIR(source_st.st_mode) && !S_ISDIR(dest_st.st_mode)) { - log_error("Cannot bind mount directory %s on file %s.", m->source, where); - return -EINVAL; - } + if (S_ISDIR(source_st.st_mode) && !S_ISDIR(dest_st.st_mode)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Cannot bind mount directory %s on file %s.", + m->source, where); - if (!S_ISDIR(source_st.st_mode) && S_ISDIR(dest_st.st_mode)) { - log_error("Cannot bind mount file %s on directory %s.", m->source, where); - return -EINVAL; - } + if (!S_ISDIR(source_st.st_mode) && S_ISDIR(dest_st.st_mode)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Cannot bind mount file %s on directory %s.", + m->source, where); } else { /* Path doesn't exist yet? */ r = mkdir_parents_label(where, 0755); @@ -755,7 +744,7 @@ static int mount_tmpfs( return log_error_errno(r, "Creating mount point for tmpfs %s failed: %m", where); } - r = tmpfs_patch_options(m->options, userns, uid_shift, uid_range, false, selinux_apifs_context, &buf); + r = tmpfs_patch_options(m->options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); if (r < 0) return log_oom(); options = r > 0 ? buf : m->options; @@ -860,419 +849,6 @@ int mount_custom( return 0; } -/* Retrieve existing subsystems. This function is called in a new cgroup - * namespace. - */ -static int get_process_controllers(Set **ret) { - _cleanup_set_free_free_ Set *controllers = NULL; - _cleanup_fclose_ FILE *f = NULL; - int r; - - assert(ret); - - controllers = set_new(&string_hash_ops); - if (!controllers) - return -ENOMEM; - - f = fopen("/proc/self/cgroup", "re"); - if (!f) - return errno == ENOENT ? -ESRCH : -errno; - - for (;;) { - _cleanup_free_ char *line = NULL; - char *e, *l; - - r = read_line(f, LONG_LINE_MAX, &line); - if (r < 0) - return r; - if (r == 0) - break; - - l = strchr(line, ':'); - if (!l) - continue; - - l++; - e = strchr(l, ':'); - if (!e) - continue; - - *e = 0; - - if (STR_IN_SET(l, "", "name=systemd", "name=unified")) - continue; - - r = set_put_strdup(controllers, l); - if (r < 0) - return r; - } - - *ret = TAKE_PTR(controllers); - - return 0; -} - -static int mount_legacy_cgroup_hierarchy( - const char *dest, - const char *controller, - const char *hierarchy, - bool read_only) { - - const char *to, *fstype, *opts; - int r; - - to = strjoina(strempty(dest), "/sys/fs/cgroup/", hierarchy); - - r = path_is_mount_point(to, dest, 0); - if (r < 0 && r != -ENOENT) - return log_error_errno(r, "Failed to determine if %s is mounted already: %m", to); - if (r > 0) - return 0; - - mkdir_p(to, 0755); - - /* The superblock mount options of the mount point need to be - * identical to the hosts', and hence writable... */ - if (streq(controller, SYSTEMD_CGROUP_CONTROLLER_HYBRID)) { - fstype = "cgroup2"; - opts = NULL; - } else if (streq(controller, SYSTEMD_CGROUP_CONTROLLER_LEGACY)) { - fstype = "cgroup"; - opts = "none,name=systemd,xattr"; - } else { - fstype = "cgroup"; - opts = controller; - } - - r = mount_verbose(LOG_ERR, "cgroup", to, fstype, MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); - if (r < 0) - return r; - - /* ... hence let's only make the bind mount read-only, not the superblock. */ - if (read_only) { - r = mount_verbose(LOG_ERR, NULL, to, NULL, - MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, NULL); - if (r < 0) - return r; - } - - return 1; -} - -/* Mount a legacy cgroup hierarchy when cgroup namespaces are supported. */ -static int mount_legacy_cgns_supported( - const char *dest, - CGroupUnified unified_requested, - bool userns, - uid_t uid_shift, - uid_t uid_range, - const char *selinux_apifs_context) { - - _cleanup_set_free_free_ Set *controllers = NULL; - const char *cgroup_root = "/sys/fs/cgroup", *c; - int r; - - (void) mkdir_p(cgroup_root, 0755); - - /* Mount a tmpfs to /sys/fs/cgroup if it's not mounted there yet. */ - r = path_is_mount_point(cgroup_root, dest, AT_SYMLINK_FOLLOW); - if (r < 0) - return log_error_errno(r, "Failed to determine if /sys/fs/cgroup is already mounted: %m"); - if (r == 0) { - _cleanup_free_ char *options = NULL; - - /* When cgroup namespaces are enabled and user namespaces are - * used then the mount of the cgroupfs is done *inside* the new - * user namespace. We're root in the new user namespace and the - * kernel will happily translate our uid/gid to the correct - * uid/gid as seen from e.g. /proc/1/mountinfo. So we simply - * pass uid 0 and not uid_shift to tmpfs_patch_options(). - */ - r = tmpfs_patch_options("mode=755", userns, 0, uid_range, true, selinux_apifs_context, &options); - if (r < 0) - return log_oom(); - - r = mount_verbose(LOG_ERR, "tmpfs", cgroup_root, "tmpfs", - MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, options); - if (r < 0) - return r; - } - - r = cg_all_unified(); - if (r < 0) - return r; - if (r > 0) - goto skip_controllers; - - r = get_process_controllers(&controllers); - if (r < 0) - return log_error_errno(r, "Failed to determine cgroup controllers: %m"); - - for (;;) { - _cleanup_free_ const char *controller = NULL; - - controller = set_steal_first(controllers); - if (!controller) - break; - - r = mount_legacy_cgroup_hierarchy("", controller, controller, !userns); - if (r < 0) - return r; - - /* When multiple hierarchies are co-mounted, make their - * constituting individual hierarchies a symlink to the - * co-mount. - */ - c = controller; - for (;;) { - _cleanup_free_ char *target = NULL, *tok = NULL; - - r = extract_first_word(&c, &tok, ",", 0); - if (r < 0) - return log_error_errno(r, "Failed to extract co-mounted cgroup controller: %m"); - if (r == 0) - break; - - if (streq(controller, tok)) - break; - - target = prefix_root("/sys/fs/cgroup/", tok); - if (!target) - return log_oom(); - - r = symlink_idempotent(controller, target); - if (r == -EINVAL) - return log_error_errno(r, "Invalid existing symlink for combined hierarchy: %m"); - if (r < 0) - return log_error_errno(r, "Failed to create symlink for combined hierarchy: %m"); - } - } - -skip_controllers: - if (unified_requested >= CGROUP_UNIFIED_SYSTEMD) { - r = mount_legacy_cgroup_hierarchy("", SYSTEMD_CGROUP_CONTROLLER_HYBRID, "unified", false); - if (r < 0) - return r; - } - - r = mount_legacy_cgroup_hierarchy("", SYSTEMD_CGROUP_CONTROLLER_LEGACY, "systemd", false); - if (r < 0) - return r; - - if (!userns) - return mount_verbose(LOG_ERR, NULL, cgroup_root, NULL, - MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); - - return 0; -} - -/* Mount legacy cgroup hierarchy when cgroup namespaces are unsupported. */ -static int mount_legacy_cgns_unsupported( - const char *dest, - CGroupUnified unified_requested, - bool userns, - uid_t uid_shift, - uid_t uid_range, - const char *selinux_apifs_context) { - - _cleanup_set_free_free_ Set *controllers = NULL; - const char *cgroup_root; - int r; - - cgroup_root = prefix_roota(dest, "/sys/fs/cgroup"); - - (void) mkdir_p(cgroup_root, 0755); - - /* Mount a tmpfs to /sys/fs/cgroup if it's not mounted there yet. */ - r = path_is_mount_point(cgroup_root, dest, AT_SYMLINK_FOLLOW); - if (r < 0) - return log_error_errno(r, "Failed to determine if /sys/fs/cgroup is already mounted: %m"); - if (r == 0) { - _cleanup_free_ char *options = NULL; - - r = tmpfs_patch_options("mode=755", userns, uid_shift, uid_range, false, selinux_apifs_context, &options); - if (r < 0) - return log_oom(); - - r = mount_verbose(LOG_ERR, "tmpfs", cgroup_root, "tmpfs", - MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, options); - if (r < 0) - return r; - } - - r = cg_all_unified(); - if (r < 0) - return r; - if (r > 0) - goto skip_controllers; - - r = cg_kernel_controllers(&controllers); - if (r < 0) - return log_error_errno(r, "Failed to determine cgroup controllers: %m"); - - for (;;) { - _cleanup_free_ char *controller = NULL, *origin = NULL, *combined = NULL; - - controller = set_steal_first(controllers); - if (!controller) - break; - - origin = prefix_root("/sys/fs/cgroup/", controller); - if (!origin) - return log_oom(); - - r = readlink_malloc(origin, &combined); - if (r == -EINVAL) { - /* Not a symbolic link, but directly a single cgroup hierarchy */ - - r = mount_legacy_cgroup_hierarchy(dest, controller, controller, true); - if (r < 0) - return r; - - } else if (r < 0) - return log_error_errno(r, "Failed to read link %s: %m", origin); - else { - _cleanup_free_ char *target = NULL; - - target = prefix_root(dest, origin); - if (!target) - return log_oom(); - - /* A symbolic link, a combination of controllers in one hierarchy */ - - if (!filename_is_valid(combined)) { - log_warning("Ignoring invalid combined hierarchy %s.", combined); - continue; - } - - r = mount_legacy_cgroup_hierarchy(dest, combined, combined, true); - if (r < 0) - return r; - - r = symlink_idempotent(combined, target); - if (r == -EINVAL) - return log_error_errno(r, "Invalid existing symlink for combined hierarchy: %m"); - if (r < 0) - return log_error_errno(r, "Failed to create symlink for combined hierarchy: %m"); - } - } - -skip_controllers: - if (unified_requested >= CGROUP_UNIFIED_SYSTEMD) { - r = mount_legacy_cgroup_hierarchy(dest, SYSTEMD_CGROUP_CONTROLLER_HYBRID, "unified", false); - if (r < 0) - return r; - } - - r = mount_legacy_cgroup_hierarchy(dest, SYSTEMD_CGROUP_CONTROLLER_LEGACY, "systemd", false); - if (r < 0) - return r; - - return mount_verbose(LOG_ERR, NULL, cgroup_root, NULL, - MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); -} - -static int mount_unified_cgroups(const char *dest) { - const char *p; - int r; - - assert(dest); - - p = prefix_roota(dest, "/sys/fs/cgroup"); - - (void) mkdir_p(p, 0755); - - r = path_is_mount_point(p, dest, AT_SYMLINK_FOLLOW); - if (r < 0) - return log_error_errno(r, "Failed to determine if %s is mounted already: %m", p); - if (r > 0) { - p = prefix_roota(dest, "/sys/fs/cgroup/cgroup.procs"); - if (access(p, F_OK) >= 0) - return 0; - if (errno != ENOENT) - return log_error_errno(errno, "Failed to determine if mount point %s contains the unified cgroup hierarchy: %m", p); - - log_error("%s is already mounted but not a unified cgroup hierarchy. Refusing.", p); - return -EINVAL; - } - - return mount_verbose(LOG_ERR, "cgroup", p, "cgroup2", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL); -} - -int mount_cgroups( - const char *dest, - CGroupUnified unified_requested, - bool userns, - uid_t uid_shift, - uid_t uid_range, - const char *selinux_apifs_context, - bool use_cgns) { - - if (unified_requested >= CGROUP_UNIFIED_ALL) - return mount_unified_cgroups(dest); - if (use_cgns) - return mount_legacy_cgns_supported(dest, unified_requested, userns, uid_shift, uid_range, selinux_apifs_context); - - return mount_legacy_cgns_unsupported(dest, unified_requested, userns, uid_shift, uid_range, selinux_apifs_context); -} - -static int mount_systemd_cgroup_writable_one(const char *root, const char *own) { - int r; - - assert(root); - assert(own); - - /* Make our own cgroup a (writable) bind mount */ - r = mount_verbose(LOG_ERR, own, own, NULL, MS_BIND, NULL); - if (r < 0) - return r; - - /* And then remount the systemd cgroup root read-only */ - return mount_verbose(LOG_ERR, NULL, root, NULL, - MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, NULL); -} - -int mount_systemd_cgroup_writable( - const char *dest, - CGroupUnified unified_requested) { - - _cleanup_free_ char *own_cgroup_path = NULL; - const char *root, *own; - int r; - - assert(dest); - - r = cg_pid_get_path(NULL, 0, &own_cgroup_path); - if (r < 0) - return log_error_errno(r, "Failed to determine our own cgroup path: %m"); - - /* If we are living in the top-level, then there's nothing to do... */ - if (path_equal(own_cgroup_path, "/")) - return 0; - - if (unified_requested >= CGROUP_UNIFIED_ALL) { - - root = prefix_roota(dest, "/sys/fs/cgroup"); - own = strjoina(root, own_cgroup_path); - - } else { - - if (unified_requested >= CGROUP_UNIFIED_SYSTEMD) { - root = prefix_roota(dest, "/sys/fs/cgroup/unified"); - own = strjoina(root, own_cgroup_path); - - r = mount_systemd_cgroup_writable_one(root, own); - if (r < 0) - return r; - } - - root = prefix_roota(dest, "/sys/fs/cgroup/systemd"); - own = strjoina(root, own_cgroup_path); - } - - return mount_systemd_cgroup_writable_one(root, own); -} - int setup_volatile_state( const char *directory, VolatileMode mode, @@ -1301,7 +877,7 @@ int setup_volatile_state( return log_error_errno(errno, "Failed to create %s: %m", directory); options = "mode=755"; - r = tmpfs_patch_options(options, userns, uid_shift, uid_range, false, selinux_apifs_context, &buf); + r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); if (r < 0) return log_oom(); if (r > 0) @@ -1334,7 +910,7 @@ int setup_volatile( return log_error_errno(errno, "Failed to create temporary directory: %m"); options = "mode=755"; - r = tmpfs_patch_options(options, userns, uid_shift, uid_range, false, selinux_apifs_context, &buf); + r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); if (r < 0) return log_oom(); if (r > 0) |