#include "util.h"
#include "label.h"
+#ifndef TTY_GID
+#define TTY_GID 5
+#endif
+
typedef struct MountPoint {
const char *what;
const char *where;
{ "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID, true },
- { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
- { "devpts", "/dev/pts", "devpts", NULL, MS_NOSUID|MS_NOEXEC, false },
+ { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV, true },
+ { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false },
+ { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
};
return p->fatal ? -errno : 0;
}
- label_fix(p->where);
+ label_fix(p->where, false);
return 0;
}
if (ftwbuf->level == 0)
return 0;
- label_fix(fpath);
+ label_fix(fpath, true);
return 0;
};
"/proc/self/fd\0" "/dev/fd\0"
"/proc/self/fd/0\0" "/dev/stdin\0"
"/proc/self/fd/1\0" "/dev/stdout\0"
- "/proc/self/fd/2\0" "/dev/stderr\0"
- "\0";
+ "/proc/self/fd/2\0" "/dev/stderr\0";
int r;
unsigned i;
* appropriate labels, after mounting. The other virtual API
* file systems do not need. */
- if (unlink("/dev/.systemd/relabel-devtmpfs") >= 0)
+ if (unlink("/dev/.systemd-relabel-devtmpfs") >= 0)
nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS);
/* Create a few default symlinks, which are normally created
NULSTR_FOREACH_PAIR(j, k, symlinks)
symlink_and_label(j, k);
+ /* Create a few directories we always want around */
+ mkdir("/run/systemd", 0755);
+ mkdir("/run/systemd/ask-password", 0755);
+
return mount_cgroup_controllers();
}