static const char *table[] = {
"proc", "/proc", "proc", NULL,
"sysfs", "/sys", "sysfs", NULL,
- "devtmps", "/dev", "devtmpfs", "mode=755",
- "tmpfs", "/dev/shm", "tmpfs", "mode=1777",
+ "devtmps", "/dev", "devtmpfs", "mode=755,noexec,nosuid",
+ "tmpfs", "/dev/shm", "tmpfs", "mode=1777,nodev,noexec,nosuid",
"devpts", "/dev/pts", "devpts", NULL,
"cgroup", "/cgroup/debug", "cgroup", "debug",
"debugfs", "/sys/kernel/debug", "debugfs", NULL,
- NULL
};
+bool mount_point_is_api(const char *path) {
+ unsigned i;
+
+ /* Checks if this mount point is considered "API", and hence
+ * should be ignored */
+
+ for (i = 0; i < ELEMENTSOF(table); i += MOUNT_SKIP)
+ if (path_startswith(path, table[i+MOUNT_WHERE]))
+ return true;
+
+ return false;
+}
+
static int is_mount_point(const char *t) {
struct stat a, b;
char *copy;
/* The access mode here doesn't really matter too much, since
* the mounted file system will take precedence anyway. */
- mkdir(t[MOUNT_WHERE], 0755);
+ mkdir_p(t[MOUNT_WHERE], 0755);
log_debug("Mounting %s to %s of type %s with options %s.",
t[MOUNT_WHAT],
int mount_setup(void) {
int r;
- const char **t;
+ unsigned i;
- for (t = table; *t; t += MOUNT_SKIP)
- if ((r = mount_one(t)) < 0)
+ for (i = 0; i < ELEMENTSOF(table); i += MOUNT_SKIP)
+ if ((r = mount_one(table + i)) < 0)
return r;
return 0;