Merge pull request #3496 from brauner/2020-07-18/mount_pid

configure.ac

@@ -622,7 +622,7 @@ AC_CHECK_HEADER([ifaddrs.h],
 AC_HEADER_MAJOR
 
 # Check for some syscalls functions
-AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3])
+AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick fsconfig fsmount])
 AC_CHECK_TYPES([struct clone_args], [], [], [[#include <linux/sched.h>]])
 AC_CHECK_MEMBERS([struct clone_args.set_tid],[],[],[[#include <linux/sched.h>]])
 AC_CHECK_MEMBERS([struct clone_args.cgroup],[],[],[[#include <linux/sched.h>]])

src/lxc/Makefile.am

@@ -26,6 +26,7 @@ noinst_HEADERS = api_extensions.h \
 		 macro.h \
 		 memory_utils.h \
 		 monitor.h \
+		 mount_utils.h \
 		 namespace.h \
 		 process_utils.h \
 		 rexec.h \
@@ -125,6 +126,7 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \
 		    macro.h \
 		    memory_utils.h \
 		    mainloop.c mainloop.h \
+		    mount_utils.c mount_utils.h \
 		    namespace.c namespace.h \
 		    network.c network.h \
 		    nl.c nl.h \

src/lxc/attach.c

@@ -39,6 +39,7 @@
 #include "macro.h"
 #include "mainloop.h"
 #include "memory_utils.h"
+#include "mount_utils.h"
 #include "namespace.h"
 #include "process_utils.h"
 #include "syscall_wrappers.h"
@@ -202,7 +203,7 @@ int lxc_attach_remount_sys_proc(void)
 	if (ret < 0)
 		return log_error_errno(-1, errno, "Failed to unmount /proc");
 
-	ret = mount("none", "/proc", "proc", 0, NULL);
+	ret = mount_filesystem("proc", "/proc", 0);
 	if (ret < 0)
 		return log_error_errno(-1, errno, "Failed to remount /proc");
 
@@ -215,7 +216,7 @@ int lxc_attach_remount_sys_proc(void)
 		return log_error_errno(-1, errno, "Failed to unmount /sys");
 
 	/* Remount it. */
-	if (ret == 0 && mount("none", "/sys", "sysfs", 0, NULL))
+	if (ret == 0 && mount_filesystem("sysfs", "/sys", 0))
 		return log_error_errno(-1, errno, "Failed to remount /sys");
 
 	return 0;

src/lxc/conf.c

@@ -48,6 +48,7 @@
 #include "lxcseccomp.h"
 #include "macro.h"
 #include "memory_utils.h"
+#include "mount_utils.h"
 #include "namespace.h"
 #include "network.h"
 #include "parse.h"

src/lxc/log.h

@@ -85,7 +85,7 @@ struct lxc_log_category {
 };
 
 #ifndef NO_LXC_CONF
-__hidden extern int lxc_log_use_global_fd;
+extern int lxc_log_use_global_fd;
 #endif
 
 /*
@@ -278,8 +278,8 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
  * Helper macro to define and use static categories.
  */
 #define lxc_log_category_define(name, parent)					\
-	__hidden extern struct lxc_log_category lxc_log_category_##parent;	\
-	__hidden struct lxc_log_category lxc_log_category_##name = {		\
+	extern struct lxc_log_category lxc_log_category_##parent;	\
+	struct lxc_log_category lxc_log_category_##name = {		\
 		#name,								\
 		LXC_LOG_LEVEL_NOTSET,						\
 		NULL,								\
@@ -561,7 +561,7 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
 		__internal_ret__;                             \
 	})
 
-__hidden extern int lxc_log_fd;
+extern int lxc_log_fd;
 
 __hidden extern int lxc_log_syslog(int facility);
 __hidden extern void lxc_log_syslog_enable(void);

src/lxc/macro.h

@@ -57,20 +57,6 @@
 #define CAP_SETGID 6
 #endif
 
-/* move_mount */
-#ifndef MOVE_MOUNT_F_EMPTY_PATH
-#define MOVE_MOUNT_F_EMPTY_PATH 0x00000004 /* Empty from path permitted */
-#endif
-
-/* open_tree */
-#ifndef OPEN_TREE_CLONE
-#define OPEN_TREE_CLONE 1 /* Clone the target tree and attach the clone */
-#endif
-
-#ifndef OPEN_TREE_CLOEXEC
-#define OPEN_TREE_CLOEXEC O_CLOEXEC /* Close the file on execve() */
-#endif
-
 /* prctl */
 #ifndef PR_CAPBSET_READ
 #define PR_CAPBSET_READ 23

src/lxc/mount_utils.c

+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include "log.h"
+#include "macro.h"
+#include "memory_utils.h"
+#include "mount_utils.h"
+#include "syscall_numbers.h"
+#include "syscall_wrappers.h"
+
+lxc_log_define(mount_utils, lxc);
+
+int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags)
+{
+	unsigned int flags = 0;
+
+	if (old_flags & MS_RDONLY) {
+		flags |= MOUNT_ATTR_RDONLY;
+		old_flags &= ~MS_RDONLY;
+	}
+
+	if (old_flags & MS_NOSUID) {
+		flags |= MOUNT_ATTR_NOSUID;
+		old_flags &= ~MS_NOSUID;
+	}
+
+	if (old_flags & MS_NODEV) {
+		flags |= MOUNT_ATTR_NODEV;
+		old_flags &= ~MS_NODEV;
+	}
+
+	if (old_flags & MS_NOEXEC) {
+		flags |= MOUNT_ATTR_NOEXEC;
+		old_flags &= ~MS_NOEXEC;
+	}
+
+	if (old_flags & MS_RELATIME) {
+		flags |= MOUNT_ATTR_RELATIME;
+		old_flags &= ~MS_RELATIME;
+	}
+
+	if (old_flags & MS_NOATIME) {
+		flags |= MOUNT_ATTR_NOATIME;
+		old_flags &= ~MS_NOATIME;
+	}
+
+	if (old_flags & MS_STRICTATIME) {
+		flags |= MOUNT_ATTR_STRICTATIME;
+		old_flags &= ~MS_STRICTATIME;
+	}
+
+	if (old_flags & MS_NODIRATIME) {
+		flags |= MOUNT_ATTR_NODIRATIME;
+		old_flags &= ~MS_NODIRATIME;
+	}
+
+	*new_flags |= flags;
+	return old_flags;
+}
+
+int mnt_attributes_old(unsigned int new_flags, unsigned int *old_flags)
+{
+	unsigned int flags = 0;
+
+	if (new_flags & MOUNT_ATTR_RDONLY) {
+		flags |= MS_RDONLY;
+		new_flags &= ~MOUNT_ATTR_RDONLY;
+	}
+
+	if (new_flags & MOUNT_ATTR_NOSUID) {
+		flags |= MS_NOSUID;
+		new_flags &= ~MOUNT_ATTR_NOSUID;
+	}
+
+	if (new_flags & MS_NODEV) {
+		flags |= MOUNT_ATTR_NODEV;
+		new_flags &= ~MS_NODEV;
+	}
+
+	if (new_flags & MOUNT_ATTR_NOEXEC) {
+		flags |= MS_NOEXEC;
+		new_flags &= ~MOUNT_ATTR_NOEXEC;
+	}
+
+	if (new_flags & MS_RELATIME) {
+		flags |= MS_RELATIME;
+		new_flags &= ~MOUNT_ATTR_RELATIME;
+	}
+
+	if (new_flags & MS_NOATIME) {
+		flags |= MS_NOATIME;
+		new_flags &= ~MOUNT_ATTR_NOATIME;
+	}
+
+	if (new_flags & MS_STRICTATIME) {
+		flags |= MS_STRICTATIME;
+		new_flags &= ~MOUNT_ATTR_STRICTATIME;
+	}
+
+	if (new_flags & MS_NODIRATIME) {
+		flags |= MS_NODIRATIME;
+		new_flags &= ~MOUNT_ATTR_NODIRATIME;
+	}
+
+	*old_flags |= flags;
+	return new_flags;
+}
+
+int mount_filesystem(const char *fs_name, const char *path, unsigned int attr_flags)
+{
+	__do_close int fsfd = -EBADF;
+	unsigned int old_flags = 0;
+
+	fsfd = fsopen(fs_name, FSOPEN_CLOEXEC);
+	if (fsfd >= 0) {
+		__do_close int mfd = -EBADF;
+
+		if (fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0))
+			return -1;
+
+		mfd = fsmount(fsfd, FSMOUNT_CLOEXEC, attr_flags);
+		if (mfd < 0)
+			return -1;
+
+		return move_mount(mfd, "", AT_FDCWD, path, MOVE_MOUNT_F_EMPTY_PATH);
+	}
+
+	TRACE("Falling back to old mount api");
+	mnt_attributes_old(attr_flags, &old_flags);
+	return mount("none", path, fs_name, old_flags, NULL);
+}

src/lxc/mount_utils.h

+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#ifndef __LXC_MOUNT_UTILS_H
+#define __LXC_MOUNT_UTILS_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mount.h>
+
+#include "compiler.h"
+
+/* open_tree() flags */
+#ifndef OPEN_TREE_CLONE
+#define OPEN_TREE_CLONE 1
+#endif
+
+#ifndef OPEN_TREE_CLOEXEC
+#define OPEN_TREE_CLOEXEC O_CLOEXEC
+#endif
+
+/* move_mount() flags */
+#ifndef MOVE_MOUNT_F_SYMLINKS
+#define MOVE_MOUNT_F_SYMLINKS 0x00000001 /* Follow symlinks on from path */
+#endif
+
+#ifndef MOVE_MOUNT_F_AUTOMOUNTS
+#define MOVE_MOUNT_F_AUTOMOUNTS 0x00000002 /* Follow automounts on from path */
+#endif
+
+#ifndef MOVE_MOUNT_F_EMPTY_PATH
+#define MOVE_MOUNT_F_EMPTY_PATH 0x00000004 /* Empty from path permitted */
+#endif
+
+#ifndef MOVE_MOUNT_T_SYMLINKS
+#define MOVE_MOUNT_T_SYMLINKS 0x00000010 /* Follow symlinks on to path */
+#endif
+
+#ifndef MOVE_MOUNT_T_AUTOMOUNTS
+#define MOVE_MOUNT_T_AUTOMOUNTS 0x00000020 /* Follow automounts on to path */
+#endif
+
+#ifndef MOVE_MOUNT_T_EMPTY_PATH
+#define MOVE_MOUNT_T_EMPTY_PATH 0x00000040 /* Empty to path permitted */
+#endif
+
+#ifndef MOVE_MOUNT__MASK
+#define MOVE_MOUNT__MASK 0x00000077
+#endif
+
+/* fsopen() flags */
+#ifndef FSOPEN_CLOEXEC
+#define FSOPEN_CLOEXEC 0x00000001
+#endif
+
+/* fspick() flags */
+#ifndef FSPICK_CLOEXEC
+#define FSPICK_CLOEXEC 0x00000001
+#endif
+
+#ifndef FSPICK_SYMLINK_NOFOLLOW
+#define FSPICK_SYMLINK_NOFOLLOW 0x00000002
+#endif
+
+#ifndef FSPICK_NO_AUTOMOUNT
+#define FSPICK_NO_AUTOMOUNT 0x00000004
+#endif
+
+#ifndef FSPICK_EMPTY_PATH
+#define FSPICK_EMPTY_PATH 0x00000008
+#endif
+
+/* fsconfig() commands */
+#ifndef FSCONFIG_SET_FLAG
+#define FSCONFIG_SET_FLAG 0 /* Set parameter, supplying no value */
+#endif
+
+#ifndef FSCONFIG_SET_STRING
+#define FSCONFIG_SET_STRING 1 /* Set parameter, supplying a string value */
+#endif
+
+#ifndef FSCONFIG_SET_BINARY
+#define FSCONFIG_SET_BINARY 2 /* Set parameter, supplying a binary blob value */
+#endif
+
+#ifndef FSCONFIG_SET_PATH
+#define FSCONFIG_SET_PATH 3 /* Set parameter, supplying an object by path */
+#endif
+
+#ifndef FSCONFIG_SET_PATH_EMPTY
+#define FSCONFIG_SET_PATH_EMPTY 4 /* Set parameter, supplying an object by (empty) path */
+#endif
+
+#ifndef FSCONFIG_SET_FD
+#define FSCONFIG_SET_FD 5 /* Set parameter, supplying an object by fd */
+#endif
+
+#ifndef FSCONFIG_CMD_CREATE
+#define FSCONFIG_CMD_CREATE 6 /* Invoke superblock creation */
+#endif
+
+#ifndef FSCONFIG_CMD_RECONFIGURE
+#define	FSCONFIG_CMD_RECONFIGURE 7	/* Invoke superblock reconfiguration */
+#endif
+
+/* fsmount() flags */
+#ifndef FSMOUNT_CLOEXEC
+#define FSMOUNT_CLOEXEC 0x00000001
+#endif
+
+/* mount attributes */
+#ifndef MOUNT_ATTR_RDONLY
+#define MOUNT_ATTR_RDONLY 0x00000001 /* Mount read-only */
+#endif
+
+#ifndef MOUNT_ATTR_NOSUID
+#define MOUNT_ATTR_NOSUID 0x00000002 /* Ignore suid and sgid bits */
+#endif
+
+#ifndef MOUNT_ATTR_NODEV
+#define MOUNT_ATTR_NODEV 0x00000004 /* Disallow access to device special files */
+#endif
+
+#ifndef MOUNT_ATTR_NOEXEC
+#define MOUNT_ATTR_NOEXEC 0x00000008 /* Disallow program execution */
+#endif
+
+#ifndef MOUNT_ATTR__ATIME
+#define MOUNT_ATTR__ATIME 0x00000070 /* Setting on how atime should be updated */
+#endif
+
+#ifndef MOUNT_ATTR_RELATIME
+#define MOUNT_ATTR_RELATIME 0x00000000 /* - Update atime relative to mtime/ctime. */
+#endif
+
+#ifndef MOUNT_ATTR_NOATIME
+#define MOUNT_ATTR_NOATIME 0x00000010 /* - Do not update access times. */
+#endif
+
+#ifndef MOUNT_ATTR_STRICTATIME
+#define MOUNT_ATTR_STRICTATIME 0x00000020 /* - Always perform atime updates */
+#endif
+
+#ifndef MOUNT_ATTR_NODIRATIME
+#define MOUNT_ATTR_NODIRATIME 0x00000080 /* Do not update directory access times */
+#endif
+
+__hidden extern int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags);
+
+__hidden extern int mnt_attributes_old(unsigned int new_flags, unsigned int *old_flags);
+
+__hidden extern int mount_filesystem(const char *fs_name, const char *path, unsigned int attr_flags);
+
+#endif /* __LXC_MOUNT_UTILS_H */

src/lxc/syscall_numbers.h

@@ -563,4 +563,84 @@
 	#endif
 #endif
 
+#ifndef __NR_fsopen
+	#if defined __alpha__
+		#define __NR_fsopen 540
+	#elif defined _MIPS_SIM
+		#if _MIPS_SIM == _MIPS_SIM_ABI32	/* o32 */
+			#define __NR_fsopen 4430
+		#endif
+		#if _MIPS_SIM == _MIPS_SIM_NABI32	/* n32 */
+			#define __NR_fsopen 6430
+		#endif
+		#if _MIPS_SIM == _MIPS_SIM_ABI64	/* n64 */
+			#define __NR_fsopen 5430
+		#endif
+	#elif defined __ia64__
+		#define __NR_fsopen (430 + 1024)
+	#else
+		#define __NR_fsopen 430
+	#endif
+#endif
+
+#ifndef __NR_fspick
+	#if defined __alpha__
+		#define __NR_fspick 543
+	#elif defined _MIPS_SIM
+		#if _MIPS_SIM == _MIPS_SIM_ABI32	/* o32 */
+			#define __NR_fspick 4433
+		#endif
+		#if _MIPS_SIM == _MIPS_SIM_NABI32	/* n32 */
+			#define __NR_fspick 6433
+		#endif
+		#if _MIPS_SIM == _MIPS_SIM_ABI64	/* n64 */
+			#define __NR_fspick 5433
+		#endif
+	#elif defined __ia64__
+		#define __NR_fspick (433 + 1024)
+	#else
+		#define __NR_fspick 433
+	#endif
+#endif
+
+#ifndef __NR_fsconfig
+	#if defined __alpha__
+		#define __NR_fsconfig 541
+	#elif defined _MIPS_SIM
+		#if _MIPS_SIM == _MIPS_SIM_ABI32	/* o32 */
+			#define __NR_fsconfig 4431
+		#endif
+		#if _MIPS_SIM == _MIPS_SIM_NABI32	/* n32 */
+			#define __NR_fsconfig 6431
+		#endif
+		#if _MIPS_SIM == _MIPS_SIM_ABI64	/* n64 */
+			#define __NR_fsconfig 5431
+		#endif
+	#elif defined __ia64__
+		#define __NR_fsconfig (431 + 1024)
+	#else
+		#define __NR_fsconfig 431
+	#endif
+#endif
+
+#ifndef __NR_fsmount
+	#if defined __alpha__
+		#define __NR_fsmount 542
+	#elif defined _MIPS_SIM
+		#if _MIPS_SIM == _MIPS_SIM_ABI32	/* o32 */
+			#define __NR_fsmount 4432
+		#endif
+		#if _MIPS_SIM == _MIPS_SIM_NABI32	/* n32 */
+			#define __NR_fsmount 6432
+		#endif
+		#if _MIPS_SIM == _MIPS_SIM_ABI64	/* n64 */
+			#define __NR_fsmount 5432
+		#endif
+	#elif defined __ia64__
+		#define __NR_fsmount (432 + 1024)
+	#else
+		#define __NR_fsmount 432
+	#endif
+#endif
+
 #endif /* __LXC_SYSCALL_NUMBERS_H */

src/lxc/syscall_wrappers.h

@@ -161,4 +161,44 @@ static inline int open_tree_lxc(int dfd, const char *filename, unsigned int flag
 extern int open_tree(int dfd, const char *filename, unsigned int flags);
 #endif
 
+#ifndef HAVE_FSOPEN
+static inline int fsopen_lxc(const char *fs_name, unsigned int flags)
+{
+	return syscall(__NR_fsopen, fs_name, flags);
+}
+#define fsopen fsopen_lxc
+#else
+extern int fsopen(const char *fs_name, unsigned int flags);
+#endif
+
+#ifndef HAVE_FSPICK
+static inline int fspick_lxc(int dfd, const char *path, unsigned int flags)
+{
+	return syscall(__NR_fspick, dfd, path, flags);
+}
+#define fspick fspick_lxc
+#else
+extern int fspick(int dfd, const char *path, unsigned int flags);
+#endif
+
+#ifndef HAVE_FSCONFIG
+static inline int fsconfig_lxc(int fd, unsigned int cmd, const char *key, const void *value, int aux)
+{
+	return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
+}
+#define fsconfig fsconfig_lxc
+#else
+extern int fsconfig(int fd, unsigned int cmd, const char *key, const void *value, int aux);
+#endif
+
+#ifndef HAVE_FSMOUNT
+static inline int fsmount_lxc(int fs_fd, unsigned int flags, unsigned int attr_flags)
+{
+	return syscall(__NR_fsmount, fs_fd, flags, attr_flags);
+}
+#define fsmount fsmount_lxc
+#else
+extern int fsmount(int fs_fd, unsigned int flags, unsigned int attr_flags);
+#endif
+
 #endif /* __LXC_SYSCALL_WRAPPER_H */