if (!p)
return 0;
- if (path_equal(m->where, "/"))
+ if (path_equal(m->where, "/") ||
+ path_equal(m->where, "/usr"))
return 0;
if (mount_is_network(p)) {
return 0;
}
-static int mount_fix_timeouts(Mount *m) {
- MountParameters *p;
- const char *timeout = NULL;
- Unit *other;
- Iterator i;
- usec_t u;
- char *t;
- int r;
-
- assert(m);
-
- p = get_mount_parameters_fragment(m);
- if (!p)
- return 0;
-
- /* Allow configuration how long we wait for a device that
- * backs a mount point to show up. This is useful to support
- * endless device timeouts for devices that show up only after
- * user input, like crypto devices. */
-
- if ((timeout = mount_test_option(p->options, "comment=systemd.device-timeout")))
- timeout += 31;
- else if ((timeout = mount_test_option(p->options, "x-systemd.device-timeout")))
- timeout += 25;
- else
- return 0;
-
- t = strndup(timeout, strcspn(timeout, ",;" WHITESPACE));
- if (!t)
- return -ENOMEM;
-
- r = parse_sec(t, &u);
- free(t);
-
- if (r < 0) {
- log_warning_unit(UNIT(m)->id,
- "Failed to parse timeout for %s, ignoring: %s",
- m->where, timeout);
- return r;
- }
-
- SET_FOREACH(other, UNIT(m)->dependencies[UNIT_AFTER], i) {
- if (other->type != UNIT_DEVICE)
- continue;
-
- other->job_timeout = u;
- }
-
- return 0;
-}
-
static int mount_verify(Mount *m) {
_cleanup_free_ char *e = NULL;
bool b;
if (r < 0)
return r;
- r = mount_fix_timeouts(m);
- if (r < 0)
- return r;
-
if (u->default_dependencies) {
r = mount_add_default_dependencies(m);
if (r < 0)
static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
pid_t pid;
int r;
+ ExecParameters exec_params = {
+ .apply_permissions = true,
+ .apply_chroot = true,
+ .apply_tty_stdin = true,
+ };
assert(m);
assert(c);
if (r < 0)
goto fail;
+ exec_params.environment = UNIT(m)->manager->environment;
+ exec_params.confirm_spawn = UNIT(m)->manager->confirm_spawn;
+ exec_params.cgroup_supported = UNIT(m)->manager->cgroup_supported;
+ exec_params.cgroup_path = UNIT(m)->cgroup_path;
+ exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(m)->manager);
+ exec_params.unit_id = UNIT(m)->id;
+
r = exec_spawn(c,
- NULL,
&m->exec_context,
- NULL, 0,
- UNIT(m)->manager->environment,
- true,
- true,
- true,
- UNIT(m)->manager->confirm_spawn,
- UNIT(m)->manager->cgroup_supported,
- UNIT(m)->cgroup_path,
- manager_get_runtime_prefix(UNIT(m)->manager),
- UNIT(m)->id,
- 0,
- NULL,
+ &exec_params,
m->exec_runtime,
&pid);
if (r < 0)
r = unit_kill_context(
UNIT(m),
&m->kill_context,
- state != MOUNT_MOUNTING_SIGTERM && state != MOUNT_UNMOUNTING_SIGTERM && state != MOUNT_REMOUNTING_SIGTERM,
+ (state != MOUNT_MOUNTING_SIGTERM && state != MOUNT_UNMOUNTING_SIGTERM && state != MOUNT_REMOUNTING_SIGTERM) ?
+ KILL_KILL : KILL_TERMINATE,
-1,
m->control_pid,
false);
NULL);
}
+static int fail_if_symlink(const char *unit, const char* where) {
+ assert(where);
+
+ if (is_symlink(where) > 0) {
+ log_struct_unit(LOG_WARNING,
+ unit,
+ "MESSAGE=%s: Mount on symlink %s not allowed.",
+ unit, where,
+ "WHERE=%s", where,
+ MESSAGE_ID(SD_MESSAGE_OVERMOUNTING),
+ NULL);
+
+ return -ELOOP;
+ }
+ return 0;
+}
+
static void mount_enter_unmounting(Mount *m) {
int r;
if (p && mount_is_bind(p))
mkdir_p_label(p->what, m->directory_mode);
+ r = fail_if_symlink(m->meta.id, m->where);
+ if (r < 0)
+ goto fail;
+
if (m->from_fragment)
r = exec_command_set(
m->control_command,
"/bin/mount",
- "-n",
+ m->sloppy_options ? "-ns" : "-n",
m->parameters_fragment.what,
m->where,
"-t", m->parameters_fragment.fstype ? m->parameters_fragment.fstype : "auto",
r = exec_command_set(
m->control_command,
"/bin/mount",
- "-n",
+ m->sloppy_options ? "-ns" : "-n",
m->parameters_fragment.what,
m->where,
"-t", m->parameters_fragment.fstype ? m->parameters_fragment.fstype : "auto",
~ianmdlvl / elogind.git / blobdiff