#include "mkdir.h"
#include "dev-setup.h"
#include "def.h"
+#include "label.h"
typedef enum MountMode {
/* This is ordered by priority! */
STRV_FOREACH(i, strv) {
(*p)->ignore = false;
+ (*p)->done = false;
if ((mode == INACCESSIBLE || mode == READONLY || mode == READWRITE) && (*i)[0] == '-') {
(*p)->ignore = true;
if (previous && path_equal(f->path, previous->path))
continue;
- t->path = f->path;
- t->mode = f->mode;
+ *t = *f;
previous = t;
goto fail;
}
+ label_context_set(d, st.st_mode);
r = mknod(dn, st.st_mode, st.st_rdev);
+ label_context_clear();
+
if (r < 0) {
r = -errno;
goto fail;
if (IN_SET(m->mode, INACCESSIBLE, READONLY))
r = bind_remount_recursive(m->path, true);
- else if (m->mode == READWRITE)
+ else if (IN_SET(m->mode, READWRITE, PRIVATE_TMP, PRIVATE_VAR_TMP, PRIVATE_DEV))
r = bind_remount_recursive(m->path, false);
else
r = 0;
strv_length(inaccessible_dirs) +
private_dev +
(protect_home != PROTECT_HOME_NO ? 3 : 0) +
- (protect_system != PROTECT_SYSTEM_NO ? 1 : 0) +
+ (protect_system != PROTECT_SYSTEM_NO ? 2 : 0) +
(protect_system == PROTECT_SYSTEM_FULL ? 1 : 0);
if (n > 0) {
- m = mounts = (BindMount *) alloca(n * sizeof(BindMount));
+ m = mounts = (BindMount *) alloca0(n * sizeof(BindMount));
r = append_mounts(&m, read_write_dirs, READWRITE);
if (r < 0)
return r;
}
if (protect_system != PROTECT_SYSTEM_NO) {
- r = append_mounts(&m, protect_system == PROTECT_SYSTEM_FULL ? STRV_MAKE("/usr", "/etc") : STRV_MAKE("/usr"), READONLY);
+ r = append_mounts(&m, protect_system == PROTECT_SYSTEM_FULL ? STRV_MAKE("/usr", "-/boot", "/etc") : STRV_MAKE("/usr", "-/boot"), READONLY);
if (r < 0)
return r;
}
~ianmdlvl / elogind.git / blobdiff