- static const uint64_t retain =
- (1ULL << CAP_CHOWN) |
- (1ULL << CAP_DAC_OVERRIDE) |
- (1ULL << CAP_DAC_READ_SEARCH) |
- (1ULL << CAP_FOWNER) |
- (1ULL << CAP_FSETID) |
- (1ULL << CAP_IPC_OWNER) |
- (1ULL << CAP_KILL) |
- (1ULL << CAP_LEASE) |
- (1ULL << CAP_LINUX_IMMUTABLE) |
- (1ULL << CAP_NET_BIND_SERVICE) |
- (1ULL << CAP_NET_BROADCAST) |
- (1ULL << CAP_NET_RAW) |
- (1ULL << CAP_SETGID) |
- (1ULL << CAP_SETFCAP) |
- (1ULL << CAP_SETPCAP) |
- (1ULL << CAP_SETUID) |
- (1ULL << CAP_SYS_ADMIN) |
- (1ULL << CAP_SYS_CHROOT) |
- (1ULL << CAP_SYS_NICE) |
- (1ULL << CAP_SYS_PTRACE) |
- (1ULL << CAP_SYS_TTY_CONFIG);
-
- return capability_bounding_set_drop(~retain, false);
+ r = 0;
+ goto finish;
+ }
+
+ if (unlink(p) < 0) {
+ log_error("Failed to remove symlink %s: %m", p);
+ r = -errno;
+ goto finish;
+ }
+ } else if (r == -EINVAL) {
+
+ if (arg_link_journal == LINK_GUEST &&
+ rmdir(p) < 0) {
+
+ if (errno == ENOTDIR)
+ log_error("%s already exists and is neither symlink nor directory.", p);
+ else {
+ log_error("Failed to remove %s: %m", p);
+ r = -errno;
+ }
+
+ goto finish;
+ }
+ } else if (r != -ENOENT) {
+ log_error("readlink(%s) failed: %m", p);
+ goto finish;
+ }
+
+ if (arg_link_journal == LINK_GUEST) {
+
+ if (symlink(q, p) < 0) {
+ log_error("Failed to symlink %s to %s: %m", q, p);
+ r = -errno;
+ goto finish;
+ }
+
+ mkdir_p(q, 0755);
+
+ r = 0;
+ goto finish;
+ }
+
+ if (arg_link_journal == LINK_HOST) {
+ r = mkdir_p(p, 0755);
+ if (r < 0) {
+ log_error("Failed to create %s: %m", p);
+ goto finish;
+ }
+
+ } else if (access(p, F_OK) < 0) {
+ r = 0;
+ goto finish;
+ }
+
+ if (dir_is_empty(q) == 0) {
+ log_error("%s not empty.", q);
+ r = -ENOTEMPTY;
+ goto finish;
+ }
+
+ r = mkdir_p(q, 0755);
+ if (r < 0) {
+ log_error("Failed to create %s: %m", q);
+ goto finish;
+ }
+
+ if (mount(p, q, "bind", MS_BIND, NULL) < 0) {
+ log_error("Failed to bind mount journal from host into guest: %m");
+ r = -errno;
+ goto finish;
+ }
+
+ r = 0;
+
+finish:
+ free(p);
+ free(q);
+ free(d);
+ free(b);
+ return r;
+
+}
+
+static int drop_capabilities(void) {
+ return capability_bounding_set_drop(~arg_retain, false);