1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 #include <sys/mount.h>
28 #include <sys/types.h>
30 #include <sys/syscall.h>
36 #include "path-util.h"
37 #include "namespace.h"
40 typedef enum PathMode {
41 /* This is ordered by priority! */
53 static int append_paths(Path **p, char **strv, PathMode mode) {
56 STRV_FOREACH(i, strv) {
58 if (!path_is_absolute(*i))
69 static int path_compare(const void *a, const void *b) {
70 const Path *p = a, *q = b;
72 if (path_equal(p->path, q->path)) {
74 /* If the paths are equal, check the mode */
75 if (p->mode < q->mode)
78 if (p->mode > q->mode)
84 /* If the paths are not equal, then order prefixes first */
85 if (path_startswith(p->path, q->path))
88 if (path_startswith(q->path, p->path))
94 static void drop_duplicates(Path *p, unsigned *n, bool *need_inaccessible, bool *need_private) {
95 Path *f, *t, *previous;
99 assert(need_inaccessible);
100 assert(need_private);
102 for (f = p, t = p, previous = NULL; f < p+*n; f++) {
104 if (previous && path_equal(f->path, previous->path))
110 if (t->mode == PRIVATE)
111 *need_private = true;
113 if (t->mode == INACCESSIBLE)
114 *need_inaccessible = true;
124 static int apply_mount(Path *p, const char *root_dir, const char *inaccessible_dir, const char *private_dir, unsigned long flags) {
131 assert(inaccessible_dir);
134 where = strappend(root_dir, p->path);
141 what = inaccessible_dir;
158 assert_not_reached("Unknown mode");
161 r = mount(what, where, NULL, MS_BIND|MS_REC, NULL);
163 log_debug("Successfully mounted %s to %s", what, where);
165 /* The bind mount will always inherit the original
166 * flags. If we want to set any flag we need
167 * to do so in a second independent step. */
169 r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|MS_REC|flags, NULL);
171 /* Avoid exponential growth of trees */
172 if (r >= 0 && path_equal(p->path, "/"))
173 r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|flags, NULL);
177 umount2(where, MNT_DETACH);
190 unsigned long flags) {
193 tmp_dir[] = "/tmp/systemd-namespace-XXXXXX",
194 root_dir[] = "/tmp/systemd-namespace-XXXXXX/root",
195 old_root_dir[] = "/tmp/systemd-namespace-XXXXXX/root/tmp/old-root-XXXXXX",
196 inaccessible_dir[] = "/tmp/systemd-namespace-XXXXXX/inaccessible",
197 private_dir[] = "/tmp/systemd-namespace-XXXXXX/private";
201 bool need_private = false, need_inaccessible = false;
202 bool remove_tmp = false, remove_root = false, remove_old_root = false, remove_inaccessible = false, remove_private = false;
207 strv_length(writable) +
208 strv_length(readable) +
209 strv_length(inaccessible) +
210 (private_tmp ? 3 : 1);
212 paths = new(Path, n);
217 if ((r = append_paths(&p, writable, READWRITE)) < 0 ||
218 (r = append_paths(&p, readable, READONLY)) < 0 ||
219 (r = append_paths(&p, inaccessible, INACCESSIBLE)) < 0)
227 p->path = "/var/tmp";
236 assert(paths + n == p);
238 qsort(paths, n, sizeof(Path), path_compare);
239 drop_duplicates(paths, &n, &need_inaccessible, &need_private);
241 if (!mkdtemp(tmp_dir)) {
247 memcpy(root_dir, tmp_dir, sizeof(tmp_dir)-1);
248 if (mkdir(root_dir, 0777) < 0) {
254 if (need_inaccessible) {
255 memcpy(inaccessible_dir, tmp_dir, sizeof(tmp_dir)-1);
256 if (mkdir(inaccessible_dir, 0) < 0) {
260 remove_inaccessible = true;
266 memcpy(private_dir, tmp_dir, sizeof(tmp_dir)-1);
269 if (mkdir(private_dir, 0777 + S_ISVTX) < 0) {
277 remove_private = true;
280 if (unshare(CLONE_NEWNS) < 0) {
285 /* Remount / as SLAVE so that nothing mounted in the namespace
286 shows up in the parent */
287 if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
292 for (p = paths; p < paths + n; p++) {
293 r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags);
298 memcpy(old_root_dir, tmp_dir, sizeof(tmp_dir)-1);
299 if (!mkdtemp(old_root_dir)) {
303 remove_old_root = true;
305 if (chdir(root_dir) < 0) {
310 if (pivot_root(root_dir, old_root_dir) < 0) {
315 t = old_root_dir + sizeof(root_dir) - 1;
316 if (umount2(t, MNT_DETACH) < 0)
317 /* At this point it's too late to turn anything back,
318 * since we are already in the new root. */
328 for (p--; p >= paths; p--) {
329 char full_path[PATH_MAX];
331 snprintf(full_path, sizeof(full_path), "%s%s", root_dir, p->path);
332 char_array_0(full_path);
334 umount2(full_path, MNT_DETACH);
341 if (remove_inaccessible)
342 rmdir(inaccessible_dir);