1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/mount.h>
32 #include "mount-setup.h"
33 #include "dev-setup.h"
41 #include "path-util.h"
50 typedef enum MountMode {
53 MNT_IN_CONTAINER = 1 << 1,
56 typedef struct MountPoint {
62 bool (*condition_fn)(void);
66 /* The first three entries we might need before SELinux is up. The
67 * fourth (securityfs) is needed by IMA to load a custom policy. The
68 * other ones we can delay until SELinux and IMA are loaded. */
69 #define N_EARLY_MOUNT 5
71 static const MountPoint mount_table[] = {
72 { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
73 NULL, MNT_FATAL|MNT_IN_CONTAINER },
74 { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
75 NULL, MNT_FATAL|MNT_IN_CONTAINER },
76 { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME,
77 NULL, MNT_FATAL|MNT_IN_CONTAINER },
78 { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
80 { "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
82 { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
83 NULL, MNT_FATAL|MNT_IN_CONTAINER },
84 { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC,
85 NULL, MNT_IN_CONTAINER },
86 { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
87 NULL, MNT_FATAL|MNT_IN_CONTAINER },
88 { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
89 NULL, MNT_IN_CONTAINER },
91 { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd,xattr", MS_NOSUID|MS_NOEXEC|MS_NODEV,
92 NULL, MNT_IN_CONTAINER },
94 { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV,
95 NULL, MNT_IN_CONTAINER },
96 { "pstore", "/sys/fs/pstore", "pstore", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
99 { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
100 is_efi_boot, MNT_NONE },
104 /* These are API file systems that might be mounted by other software,
105 * we just list them here so that we know that we should ignore them */
107 static const char ignore_paths[] =
108 /* SELinux file systems */
111 /* Legacy cgroup mount points */
114 /* Legacy kernel file system */
116 /* Container bind mounts */
121 bool mount_point_is_api(const char *path) {
124 /* Checks if this mount point is considered "API", and hence
125 * should be ignored */
127 for (i = 0; i < ELEMENTSOF(mount_table); i ++)
128 if (path_equal(path, mount_table[i].where))
131 return path_startswith(path, "/sys/fs/cgroup/");
134 bool mount_point_ignore(const char *path) {
137 NULSTR_FOREACH(i, ignore_paths)
138 if (path_equal(path, i))
144 static int mount_one(const MountPoint *p, bool relabel) {
149 if (p->condition_fn && !p->condition_fn())
152 /* Relabel first, just in case */
154 label_fix(p->where, true, true);
156 r = path_is_mount_point(p->where, true);
163 /* Skip securityfs in a container */
164 if (!(p->mode & MNT_IN_CONTAINER) && detect_container(NULL) > 0)
167 /* The access mode here doesn't really matter too much, since
168 * the mounted file system will take precedence anyway. */
169 mkdir_p_label(p->where, 0755);
171 log_debug("Mounting %s to %s of type %s with options %s.",
182 log_full((p->mode & MNT_FATAL) ? LOG_ERR : LOG_DEBUG, "Failed to mount %s: %s", p->where, strerror(errno));
183 return (p->mode & MNT_FATAL) ? -errno : 0;
186 /* Relabel again, since we now mounted something fresh here */
188 label_fix(p->where, false, false);
193 int mount_setup_early(void) {
197 assert_cc(N_EARLY_MOUNT <= ELEMENTSOF(mount_table));
199 /* Do a minimal mount of /proc and friends to enable the most
200 * basic stuff, such as SELinux */
201 for (i = 0; i < N_EARLY_MOUNT; i ++) {
204 j = mount_one(mount_table + i, false);
212 int mount_cgroup_controllers(char ***join_controllers) {
218 /* Mount all available cgroup controllers that are built into the kernel. */
220 f = fopen("/proc/cgroups", "re");
222 log_error("Failed to enumerate cgroup controllers: %m");
226 controllers = set_new(string_hash_func, string_compare_func);
232 /* Ignore the header line */
233 (void) fgets(buf, sizeof(buf), f);
239 if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) {
244 log_error("Failed to parse /proc/cgroups.");
254 r = set_put(controllers, controller);
256 log_error("Failed to add controller to set.");
264 char *controller, *where, *options;
267 controller = set_steal_first(controllers);
271 if (join_controllers)
272 for (k = join_controllers; *k; k++)
273 if (strv_find(*k, controller))
279 for (i = *k, j = *k; *i; i++) {
281 if (!streq(*i, controller)) {
284 t = set_remove(controllers, *i);
297 options = strv_join(*k, ",");
305 options = controller;
309 where = strappend("/sys/fs/cgroup/", options);
321 p.flags = MS_NOSUID|MS_NOEXEC|MS_NODEV;
322 p.mode = MNT_IN_CONTAINER;
324 r = mount_one(&p, true);
333 if (r > 0 && k && *k) {
336 for (i = *k; *i; i++) {
337 _cleanup_free_ char *t;
339 t = strappend("/sys/fs/cgroup/", *i);
346 r = symlink(options, t);
347 if (r < 0 && errno != EEXIST) {
348 log_error("Failed to create symlink %s: %m", t);
362 set_free_free(controllers);
371 const struct stat *sb,
373 struct FTW *ftwbuf) {
375 /* No need to label /dev twice in a row... */
376 if (_unlikely_(ftwbuf->level == 0))
379 label_fix(fpath, false, false);
381 /* /run/initramfs is static data and big, no need to
382 * dynamically relabel its contents at boot... */
383 if (_unlikely_(ftwbuf->level == 1 &&
385 streq(fpath, "/run/initramfs")))
386 return FTW_SKIP_SUBTREE;
391 int mount_setup(bool loaded_policy) {
393 static const char relabel[] =
394 "/run/initramfs/root-fsck\0"
395 "/run/initramfs/shutdown\0";
401 for (i = 0; i < ELEMENTSOF(mount_table); i ++) {
402 r = mount_one(mount_table + i, true);
408 /* Nodes in devtmpfs and /run need to be manually updated for
409 * the appropriate labels, after mounting. The other virtual
410 * API file systems like /sys and /proc do not need that, they
411 * use the same label for all their files. */
413 usec_t before_relabel, after_relabel;
414 char timespan[FORMAT_TIMESPAN_MAX];
416 before_relabel = now(CLOCK_MONOTONIC);
418 nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
419 nftw("/run", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
421 /* Explicitly relabel these */
422 NULSTR_FOREACH(j, relabel)
423 label_fix(j, true, false);
425 after_relabel = now(CLOCK_MONOTONIC);
427 log_info("Relabelled /dev and /run in %s.",
428 format_timespan(timespan, sizeof(timespan), after_relabel - before_relabel, 0));
431 /* Create a few default symlinks, which are normally created
432 * by udevd, but some scripts might need them before we start
436 /* Mark the root directory as shared in regards to mount
437 * propagation. The kernel defaults to "private", but we think
438 * it makes more sense to have a default of "shared" so that
439 * nspawn and the container tools work out of the box. If
440 * specific setups need other settings they can reset the
441 * propagation mode to private if needed. */
442 if (detect_container(NULL) <= 0)
443 if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0)
444 log_warning("Failed to set up the root directory for shared mount propagation: %m");
446 /* Create a few directories we always want around, Note that
447 * sd_booted() checks for /run/systemd/system, so this mkdir
448 * really needs to stay for good, otherwise software that
449 * copied sd-daemon.c into their sources will misdetect
451 mkdir_label("/run/systemd", 0755);
452 mkdir_label("/run/systemd/system", 0755);
453 mkdir_label("/run/systemd/inaccessible", 0000);