mount-setup.c revision 08e1fb68d78b4adf26cce8387fc428b9e370bcf4
45632c3574ce843b9e85b9f73efe75b7b809f789slive/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd This file is part of systemd.
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd Copyright 2010 Lennart Poettering
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd systemd is free software; you can redistribute it and/or modify it
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd under the terms of the GNU Lesser General Public License as published by
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd the Free Software Foundation; either version 2.1 of the License, or
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd (at your option) any later version.
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd systemd is distributed in the hope that it will be useful, but
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd WITHOUT ANY WARRANTY; without even the implied warranty of
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd Lesser General Public License for more details.
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd You should have received a copy of the GNU Lesser General Public License
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd along with systemd; If not, see <http://www.gnu.org/licenses/>.
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26ndtypedef struct MountPoint {
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd const char *what;
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd const char *where;
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd const char *type;
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd const char *options;
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd unsigned long flags;
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd/* The first three entries we might need before SELinux is up. The
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd * fourth (securityfs) is needed by IMA to load a custom policy. The
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd * other ones we can delay until SELinux and IMA are loaded. */
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true },
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, false },
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true },
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false },
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true },
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, false },
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, false },
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd/* These are API file systems that might be mounted by other software,
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd * we just list them here so that we know that we should ignore them */
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26ndstatic const char * const ignore_paths[] = {
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd "/selinux",
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd unsigned i;
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd /* Checks if this mount point is considered "API", and hence
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd * should be ignored */
ad74a0524a06bfe11b7de9e3b4ce7233ab3bd3f7nd return true;
assert(p);
if (relabel)
p->what,
p->where,
p->type,
p->where,
p->type,
p->flags,
p->options) < 0) {
if (relabel)
int mount_setup_early(void) {
for (i = 0; i < N_EARLY_MOUNT; i ++) {
FILE *f;
if (!controllers) {
r = -ENOMEM;
goto finish;
char *controller;
int enabled = 0;
if (feof(f))
r = -EIO;
goto finish;
if (!enabled) {
goto finish;
MountPoint p;
char ***k = NULL;
if (!controller)
if (join_controllers)
for (k = join_controllers; *k; k++)
free(*i);
free(t);
*j = NULL;
if (!options) {
r = -ENOMEM;
goto finish;
if (!where) {
r = -ENOMEM;
goto finish;
zero(p);
p.fatal = false;
r = mount_one(&p, true);
goto finish;
r = -ENOMEM;
goto finish;
free(t);
r = -errno;
goto finish;
fclose(f);
r = -errno;
static int nftw_cb(
const char *fpath,
int tflag,
return FTW_CONTINUE;
return FTW_SKIP_SUBTREE;
return FTW_CONTINUE;
static const char symlinks[] =
static const char relabel[] =
if (loaded_policy) {
label_fix(j, true);
symlink_and_label(j, k);