X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fmount.c;h=b571db946d4f01c128398a70543afb005353ab6c;hb=61da906a744594002c2c967ecf6ec7899c7a9397;hp=39a9aaf2a0bf35e0ff333c9d0116a7512db6002c;hpb=b24de9d21d30245b66d8d6b869c575b48ddb6068;p=elogind.git diff --git a/src/core/mount.c b/src/core/mount.c index 39a9aaf2a..b571db946 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -691,6 +691,11 @@ static void mount_dump(Unit *u, FILE *f, const char *prefix) { static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) { pid_t pid; int r; + ExecParameters exec_params = { + .apply_permissions = true, + .apply_chroot = true, + .apply_tty_stdin = true, + }; assert(m); assert(c); @@ -706,21 +711,17 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) { if (r < 0) goto fail; + exec_params.environment = UNIT(m)->manager->environment; + exec_params.confirm_spawn = UNIT(m)->manager->confirm_spawn; + exec_params.cgroup_supported = UNIT(m)->manager->cgroup_supported; + exec_params.cgroup_path = UNIT(m)->cgroup_path; + exec_params.cgroup_delegate = m->cgroup_context.delegate; + exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(m)->manager); + exec_params.unit_id = UNIT(m)->id; + r = exec_spawn(c, - NULL, &m->exec_context, - NULL, 0, - UNIT(m)->manager->environment, - true, - true, - true, - UNIT(m)->manager->confirm_spawn, - UNIT(m)->manager->cgroup_supported, - UNIT(m)->cgroup_path, - manager_get_runtime_prefix(UNIT(m)->manager), - UNIT(m)->id, - 0, - NULL, + &exec_params, m->exec_runtime, &pid); if (r < 0) @@ -775,7 +776,8 @@ static void mount_enter_signal(Mount *m, MountState state, MountResult f) { r = unit_kill_context( UNIT(m), &m->kill_context, - state != MOUNT_MOUNTING_SIGTERM && state != MOUNT_UNMOUNTING_SIGTERM && state != MOUNT_REMOUNTING_SIGTERM, + (state != MOUNT_MOUNTING_SIGTERM && state != MOUNT_UNMOUNTING_SIGTERM && state != MOUNT_REMOUNTING_SIGTERM) ? + KILL_KILL : KILL_TERMINATE, -1, m->control_pid, false); @@ -812,19 +814,43 @@ fail: } void warn_if_dir_nonempty(const char *unit, const char* where) { + int r; + assert(unit); assert(where); - if (dir_is_empty(where) > 0) + r = dir_is_empty(where); + if (r > 0) return; + else if (r == 0) + log_struct_unit(LOG_NOTICE, + unit, + "MESSAGE=%s: Directory %s to mount over is not empty, mounting anyway.", + unit, where, + "WHERE=%s", where, + MESSAGE_ID(SD_MESSAGE_OVERMOUNTING), + NULL); + else + log_warning_unit(unit, + "MESSAGE=Failed to check directory %s: %s", + where, strerror(-r)); +} + +static int fail_if_symlink(const char *unit, const char* where) { + assert(where); - log_struct_unit(LOG_NOTICE, - unit, - "MESSAGE=%s: Directory %s to mount over is not empty, mounting anyway.", - unit, where, - "WHERE=%s", where, - MESSAGE_ID(SD_MESSAGE_OVERMOUNTING), - NULL); + if (is_symlink(where) > 0) { + log_struct_unit(LOG_WARNING, + unit, + "MESSAGE=%s: Mount on symlink %s not allowed.", + unit, where, + "WHERE=%s", where, + MESSAGE_ID(SD_MESSAGE_OVERMOUNTING), + NULL); + + return -ELOOP; + } + return 0; } static void mount_enter_unmounting(Mount *m) { @@ -877,6 +903,10 @@ static void mount_enter_mounting(Mount *m) { if (p && mount_is_bind(p)) mkdir_p_label(p->what, m->directory_mode); + r = fail_if_symlink(m->meta.id, m->where); + if (r < 0) + goto fail; + if (m->from_fragment) r = exec_command_set( m->control_command,