Skip to content

L
lxc
Unverified Commit ac11febd by Christian Brauner
Options

mount_utils: add locked flag helpers

Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent 01149adf
Showing with 172 additions and 53 deletions
configure.ac
...@@ -644,7 +644,7 @@ AC_CHECK_HEADER([ifaddrs.h], ...@@ -644,7 +644,7 @@ AC_CHECK_HEADER([ifaddrs.h],
AC_HEADER_MAJOR AC_HEADER_MAJOR
# Check for some syscalls functions # Check for some syscalls functions
AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick fsconfig fsmount, openat2, close_range]) AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick fsconfig fsmount, openat2, close_range, statvfs])
AC_CHECK_TYPES([struct open_how], [], [], [[#include <linux/openat2.h>]]) AC_CHECK_TYPES([struct open_how], [], [], [[#include <linux/openat2.h>]])
AC_CHECK_TYPES([struct clone_args], [], [], [[#include <linux/sched.h>]]) AC_CHECK_TYPES([struct clone_args], [], [], [[#include <linux/sched.h>]])
AC_CHECK_MEMBERS([struct clone_args.set_tid],[],[],[[#include <linux/sched.h>]]) AC_CHECK_MEMBERS([struct clone_args.set_tid],[],[],[[#include <linux/sched.h>]])
...@@ -684,7 +684,6 @@ fi ...@@ -684,7 +684,6 @@ fi
# Check for some functions # Check for some functions
AC_CHECK_LIB(pthread, main) AC_CHECK_LIB(pthread, main)
AC_CHECK_FUNCS(statvfs)
AC_CHECK_LIB(util, openpty) AC_CHECK_LIB(util, openpty)
AC_CHECK_FUNCS([hasmntopt setmntent endmntent utmpxname]) AC_CHECK_FUNCS([hasmntopt setmntent endmntent utmpxname])
AC_CHECK_FUNCS([getgrgid_r], AC_CHECK_FUNCS([getgrgid_r],
......
src/lxc/conf.c
...@@ -529,55 +529,6 @@ int pin_rootfs(const char *rootfs) ...@@ -529,55 +529,6 @@ int pin_rootfs(const char *rootfs)
return fd; return fd;
} }
/* If we are asking to remount something, make sure that any NOEXEC etc are
* honored.
*/
unsigned long add_required_remount_flags(const char *s, const char *d,
unsigned long flags)
{
#ifdef HAVE_STATVFS
int ret;
struct statvfs sb;
unsigned long required_flags = 0;
if (!s)
s = d;
if (!s)
return flags;
ret = statvfs(s, &sb);
if (ret < 0)
return flags;
if (flags & MS_REMOUNT) {
if (sb.f_flag & MS_NOSUID)
required_flags |= MS_NOSUID;
if (sb.f_flag & MS_NODEV)
required_flags |= MS_NODEV;
if (sb.f_flag & MS_RDONLY)
required_flags |= MS_RDONLY;
if (sb.f_flag & MS_NOEXEC)
required_flags |= MS_NOEXEC;
}
if (sb.f_flag & MS_NOATIME)
required_flags |= MS_NOATIME;
if (sb.f_flag & MS_NODIRATIME)
required_flags |= MS_NODIRATIME;
if (sb.f_flag & MS_LAZYTIME)
required_flags |= MS_LAZYTIME;
if (sb.f_flag & MS_RELATIME)
required_flags |= MS_RELATIME;
if (sb.f_flag & MS_STRICTATIME)
required_flags |= MS_STRICTATIME;
return flags | required_flags;
#else
return flags;
#endif
}
static int add_shmount_to_list(struct lxc_conf *conf) static int add_shmount_to_list(struct lxc_conf *conf)
{ {
char new_mount[PATH_MAX]; char new_mount[PATH_MAX];
......
src/lxc/conf.h
...@@ -516,8 +516,6 @@ __hidden extern void turn_into_dependent_mounts(void); ...@@ -516,8 +516,6 @@ __hidden extern void turn_into_dependent_mounts(void);
__hidden extern void suggest_default_idmap(void); __hidden extern void suggest_default_idmap(void);
__hidden extern FILE *make_anonymous_mount_file(struct lxc_list *mount, bool include_nesting_helpers); __hidden extern FILE *make_anonymous_mount_file(struct lxc_list *mount, bool include_nesting_helpers);
__hidden extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings); __hidden extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
__hidden extern unsigned long add_required_remount_flags(const char *s, const char *d,
unsigned long flags);
__hidden extern int run_script(const char *name, const char *section, const char *script, ...); __hidden extern int run_script(const char *name, const char *section, const char *script, ...);
__hidden extern int run_script_argv(const char *name, unsigned int hook_version, const char *section, __hidden extern int run_script_argv(const char *name, unsigned int hook_version, const char *section,
const char *script, const char *hookname, char **argsin); const char *script, const char *hookname, char **argsin);
......
src/lxc/mount_utils.c
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
#include "file_utils.h"
#include "log.h" #include "log.h"
#include "macro.h" #include "macro.h"
#include "memory_utils.h" #include "memory_utils.h"
...@@ -18,6 +19,10 @@ ...@@ -18,6 +19,10 @@
#include "syscall_numbers.h" #include "syscall_numbers.h"
#include "syscall_wrappers.h" #include "syscall_wrappers.h"
#ifdef HAVE_STATVFS
#include <sys/statvfs.h>
#endif
lxc_log_define(mount_utils, lxc); lxc_log_define(mount_utils, lxc);
int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags) int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags)
...@@ -284,3 +289,152 @@ int fd_bind_mount(int dfd_from, const char *path_from, ...@@ -284,3 +289,152 @@ int fd_bind_mount(int dfd_from, const char *path_from,
TRACE("Attach detached mount %d to filesystem at %d", fd_tree_from, fd_to); TRACE("Attach detached mount %d to filesystem at %d", fd_tree_from, fd_to);
return 0; return 0;
} }
int calc_remount_flags_new(int dfd_from, const char *path_from,
__u64 o_flags_from, __u64 resolve_flags_from,
bool remount, unsigned long cur_flags,
unsigned int *new_flags)
{
#ifdef HAVE_STATVFS
__do_close int fd_from = -EBADF;
unsigned int new_required_flags = 0;
int ret;
struct statvfs sb;
fd_from = open_at(dfd_from, path_from, o_flags_from, resolve_flags_from, 0);
if (fd_from < 0)
return log_error_errno(-errno, errno, "Failed to open %d(%s)", dfd_from, maybe_empty(path_from));
ret = fstatvfs(dfd_from, &sb);
if (ret < 0)
return log_error_errno(-errno, errno, "Failed to retrieve mount information from %d(%s)", fd_from, maybe_empty(path_from));
if (remount) {
if (sb.f_flag & MS_NOSUID)
new_required_flags |= MOUNT_ATTR_NOSUID;
if (sb.f_flag & MS_NODEV)
new_required_flags |= MOUNT_ATTR_NODEV;
if (sb.f_flag & MS_RDONLY)
new_required_flags |= MOUNT_ATTR_RDONLY;
if (sb.f_flag & MS_NOEXEC)
new_required_flags |= MOUNT_ATTR_NOEXEC;
}
if (sb.f_flag & MS_NOATIME)
new_required_flags |= MOUNT_ATTR_NOATIME;
if (sb.f_flag & MS_NODIRATIME)
new_required_flags |= MOUNT_ATTR_NODIRATIME;
if (sb.f_flag & MS_RELATIME)
new_required_flags |= MOUNT_ATTR_RELATIME;
if (sb.f_flag & MS_STRICTATIME)
new_required_flags |= MOUNT_ATTR_STRICTATIME;
*new_flags = (cur_flags | new_required_flags);
#endif
return 0;
}
int calc_remount_flags_old(int dfd_from, const char *path_from,
__u64 o_flags_from, __u64 resolve_flags_from,
bool remount, unsigned long cur_flags,
unsigned int *old_flags)
{
#ifdef HAVE_STATVFS
__do_close int fd_from = -EBADF;
unsigned int old_required_flags = 0;
int ret;
struct statvfs sb;
fd_from = open_at(dfd_from, path_from, o_flags_from, resolve_flags_from, 0);
if (fd_from < 0)
return log_error_errno(-errno, errno, "Failed to open %d(%s)", dfd_from, maybe_empty(path_from));
ret = fstatvfs(dfd_from, &sb);
if (ret < 0)
return log_error_errno(-errno, errno, "Failed to retrieve mount information from %d(%s)", fd_from, maybe_empty(path_from));
if (remount) {
if (sb.f_flag & MS_NOSUID)
old_required_flags |= MS_NOSUID;
if (sb.f_flag & MS_NODEV)
old_required_flags |= MS_NODEV;
if (sb.f_flag & MS_RDONLY)
old_required_flags |= MS_RDONLY;
if (sb.f_flag & MS_NOEXEC)
old_required_flags |= MS_NOEXEC;
}
if (sb.f_flag & MS_NOATIME)
old_required_flags |= MS_NOATIME;
if (sb.f_flag & MS_NODIRATIME)
old_required_flags |= MS_NODIRATIME;
if (sb.f_flag & MS_RELATIME)
old_required_flags |= MS_RELATIME;
if (sb.f_flag & MS_STRICTATIME)
old_required_flags |= MS_STRICTATIME;
*old_flags = (cur_flags | old_required_flags);
#endif
return 0;
}
/* If we are asking to remount something, make sure that any NOEXEC etc are
* honored.
*/
unsigned long add_required_remount_flags(const char *s, const char *d,
unsigned long flags)
{
#ifdef HAVE_STATVFS
int ret;
struct statvfs sb;
unsigned long required_flags = 0;
if (!s)
s = d;
if (!s)
return flags;
ret = statvfs(s, &sb);
if (ret < 0)
return flags;
if (flags & MS_REMOUNT) {
if (sb.f_flag & MS_NOSUID)
required_flags |= MS_NOSUID;
if (sb.f_flag & MS_NODEV)
required_flags |= MS_NODEV;
if (sb.f_flag & MS_RDONLY)
required_flags |= MS_RDONLY;
if (sb.f_flag & MS_NOEXEC)
required_flags |= MS_NOEXEC;
}
if (sb.f_flag & MS_NOATIME)
required_flags |= MS_NOATIME;
if (sb.f_flag & MS_NODIRATIME)
required_flags |= MS_NODIRATIME;
if (sb.f_flag & MS_LAZYTIME)
required_flags |= MS_LAZYTIME;
if (sb.f_flag & MS_RELATIME)
required_flags |= MS_RELATIME;
if (sb.f_flag & MS_STRICTATIME)
required_flags |= MS_STRICTATIME;
return flags | required_flags;
#else
return flags;
#endif
}
src/lxc/mount_utils.h
...@@ -207,4 +207,20 @@ static inline bool new_mount_api(void) ...@@ -207,4 +207,20 @@ static inline bool new_mount_api(void)
return supported == 1; return supported == 1;
} }
__hidden extern int calc_remount_flags_new(int dfd_from, const char *path_from,
__u64 o_flags_from,
__u64 resolve_flags_from,
bool remount, unsigned long cur_flags,
unsigned int *new_flags);
__hidden extern int calc_remount_flags_old(int dfd_from, const char *path_from,
__u64 o_flags_from,
__u64 resolve_flags_from,
bool remount, unsigned long cur_flags,
unsigned int *old_flags);
__hidden extern unsigned long add_required_remount_flags(const char *s,
const char *d,
unsigned long flags);
#endif /* __LXC_MOUNT_UTILS_H */ #endif /* __LXC_MOUNT_UTILS_H */
src/lxc/storage/dir.c
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
#include "log.h" #include "log.h"
#include "macro.h" #include "macro.h"
#include "memory_utils.h" #include "memory_utils.h"
#include "mount_utils.h"
#include "storage.h" #include "storage.h"
#include "utils.h" #include "utils.h"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment