- static const uint64_t retain =
- (1ULL << CAP_CHOWN) |
- (1ULL << CAP_DAC_OVERRIDE) |
- (1ULL << CAP_DAC_READ_SEARCH) |
- (1ULL << CAP_FOWNER) |
- (1ULL << CAP_FSETID) |
- (1ULL << CAP_IPC_OWNER) |
- (1ULL << CAP_KILL) |
- (1ULL << CAP_LEASE) |
- (1ULL << CAP_LINUX_IMMUTABLE) |
- (1ULL << CAP_NET_BIND_SERVICE) |
- (1ULL << CAP_NET_BROADCAST) |
- (1ULL << CAP_NET_RAW) |
- (1ULL << CAP_SETGID) |
- (1ULL << CAP_SETFCAP) |
- (1ULL << CAP_SETPCAP) |
- (1ULL << CAP_SETUID) |
- (1ULL << CAP_SYS_ADMIN) |
- (1ULL << CAP_SYS_CHROOT) |
- (1ULL << CAP_SYS_NICE) |
- (1ULL << CAP_SYS_PTRACE) |
- (1ULL << CAP_SYS_TTY_CONFIG);
-
- return capability_bounding_set_drop(~retain, false);
+ return 0;
+ }
+
+ if (path_is_mount_point(q, false) > 0) {
+ if (arg_link_journal != LINK_AUTO) {
+ log_error("%s: already a mount point, refusing to use for journal", q);
+ return -EEXIST;
+ }
+
+ return 0;
+ }
+
+ r = readlink_and_make_absolute(p, &d);
+ if (r >= 0) {
+ if ((arg_link_journal == LINK_GUEST ||
+ arg_link_journal == LINK_AUTO) &&
+ path_equal(d, q)) {
+
+ r = mkdir_p(q, 0755);
+ if (r < 0)
+ log_warning("failed to create directory %s: %m", q);
+ return 0;
+ }
+
+ if (unlink(p) < 0) {
+ log_error("Failed to remove symlink %s: %m", p);
+ return -errno;
+ }
+ } else if (r == -EINVAL) {
+
+ if (arg_link_journal == LINK_GUEST &&
+ rmdir(p) < 0) {
+
+ if (errno == ENOTDIR) {
+ log_error("%s already exists and is neither a symlink nor a directory", p);
+ return r;
+ } else {
+ log_error("Failed to remove %s: %m", p);
+ return -errno;
+ }
+ }
+ } else if (r != -ENOENT) {
+ log_error("readlink(%s) failed: %m", p);
+ return r;
+ }
+
+ if (arg_link_journal == LINK_GUEST) {
+
+ if (symlink(q, p) < 0) {
+ log_error("Failed to symlink %s to %s: %m", q, p);
+ return -errno;
+ }
+
+ r = mkdir_p(q, 0755);
+ if (r < 0)
+ log_warning("failed to create directory %s: %m", q);
+ return 0;
+ }
+
+ if (arg_link_journal == LINK_HOST) {
+ r = mkdir_p(p, 0755);
+ if (r < 0) {
+ log_error("Failed to create %s: %m", p);
+ return r;
+ }
+
+ } else if (access(p, F_OK) < 0)
+ return 0;
+
+ if (dir_is_empty(q) == 0) {
+ log_error("%s not empty.", q);
+ return -ENOTEMPTY;
+ }
+
+ r = mkdir_p(q, 0755);
+ if (r < 0) {
+ log_error("Failed to create %s: %m", q);
+ return r;
+ }
+
+ if (mount(p, q, "bind", MS_BIND, NULL) < 0) {
+ log_error("Failed to bind mount journal from host into guest: %m");
+ return -errno;
+ }
+
+ return 0;
+}
+
+static int drop_capabilities(void) {
+ return capability_bounding_set_drop(~arg_retain, false);