1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 #include <sys/mount.h>
28 #include <sys/types.h>
30 #include <sys/syscall.h>
36 #include "path-util.h"
37 #include "namespace.h"
40 typedef enum PathMode {
41 /* This is ordered by priority! */
53 static int append_paths(Path **p, char **strv, PathMode mode) {
56 STRV_FOREACH(i, strv) {
58 if (!path_is_absolute(*i))
69 static int path_compare(const void *a, const void *b) {
70 const Path *p = a, *q = b;
72 if (path_equal(p->path, q->path)) {
74 /* If the paths are equal, check the mode */
75 if (p->mode < q->mode)
78 if (p->mode > q->mode)
84 /* If the paths are not equal, then order prefixes first */
85 if (path_startswith(p->path, q->path))
88 if (path_startswith(q->path, p->path))
94 static void drop_duplicates(Path *p, unsigned *n, bool *need_inaccessible, bool *need_private) {
95 Path *f, *t, *previous;
99 assert(need_inaccessible);
100 assert(need_private);
102 for (f = p, t = p, previous = NULL; f < p+*n; f++) {
104 if (previous && path_equal(f->path, previous->path))
110 if (t->mode == PRIVATE)
111 *need_private = true;
113 if (t->mode == INACCESSIBLE)
114 *need_inaccessible = true;
124 static int apply_mount(Path *p, const char *root_dir, const char *inaccessible_dir, const char *private_dir, unsigned long flags) {
131 assert(inaccessible_dir);
134 if (!(where = strappend(root_dir, p->path)))
140 what = inaccessible_dir;
157 assert_not_reached("Unknown mode");
160 if ((r = mount(what, where, NULL, MS_BIND|MS_REC, NULL)) >= 0) {
161 log_debug("Successfully mounted %s to %s", what, where);
163 /* The bind mount will always inherit the original
164 * flags. If we want to set any flag we need
165 * to do so in a second independent step. */
167 r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|MS_REC|flags, NULL);
169 /* Avoid exponential growth of trees */
170 if (r >= 0 && path_equal(p->path, "/"))
171 r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|flags, NULL);
175 umount2(where, MNT_DETACH);
188 unsigned long flags) {
191 tmp_dir[] = "/tmp/systemd-namespace-XXXXXX",
192 root_dir[] = "/tmp/systemd-namespace-XXXXXX/root",
193 old_root_dir[] = "/tmp/systemd-namespace-XXXXXX/root/tmp/old-root-XXXXXX",
194 inaccessible_dir[] = "/tmp/systemd-namespace-XXXXXX/inaccessible",
195 private_dir[] = "/tmp/systemd-namespace-XXXXXX/private";
199 bool need_private = false, need_inaccessible = false;
200 bool remove_tmp = false, remove_root = false, remove_old_root = false, remove_inaccessible = false, remove_private = false;
205 strv_length(writable) +
206 strv_length(readable) +
207 strv_length(inaccessible) +
208 (private_tmp ? 2 : 1);
210 if (!(paths = new(Path, n)))
214 if ((r = append_paths(&p, writable, READWRITE)) < 0 ||
215 (r = append_paths(&p, readable, READONLY)) < 0 ||
216 (r = append_paths(&p, inaccessible, INACCESSIBLE)) < 0)
229 assert(paths + n == p);
231 qsort(paths, n, sizeof(Path), path_compare);
232 drop_duplicates(paths, &n, &need_inaccessible, &need_private);
234 if (!mkdtemp(tmp_dir)) {
240 memcpy(root_dir, tmp_dir, sizeof(tmp_dir)-1);
241 if (mkdir(root_dir, 0777) < 0) {
247 if (need_inaccessible) {
248 memcpy(inaccessible_dir, tmp_dir, sizeof(tmp_dir)-1);
249 if (mkdir(inaccessible_dir, 0) < 0) {
253 remove_inaccessible = true;
259 memcpy(private_dir, tmp_dir, sizeof(tmp_dir)-1);
262 if (mkdir(private_dir, 0777 + S_ISVTX) < 0) {
270 remove_private = true;
273 if (unshare(CLONE_NEWNS) < 0) {
278 /* Remount / as SLAVE so that nothing mounted in the namespace
279 shows up in the parent */
280 if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
285 for (p = paths; p < paths + n; p++)
286 if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0)
289 memcpy(old_root_dir, tmp_dir, sizeof(tmp_dir)-1);
290 if (!mkdtemp(old_root_dir)) {
294 remove_old_root = true;
296 if (chdir(root_dir) < 0) {
301 if (pivot_root(root_dir, old_root_dir) < 0) {
306 t = old_root_dir + sizeof(root_dir) - 1;
307 if (umount2(t, MNT_DETACH) < 0)
308 /* At this point it's too late to turn anything back,
309 * since we are already in the new root. */
319 for (p--; p >= paths; p--) {
320 char full_path[PATH_MAX];
322 snprintf(full_path, sizeof(full_path), "%s%s", root_dir, p->path);
323 char_array_0(full_path);
325 umount2(full_path, MNT_DETACH);
332 if (remove_inaccessible)
333 rmdir(inaccessible_dir);