namespace.c revision ac0930c892bc7979b4c9bc2a52e5e844650b025d
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <errno.h>
#include <string.h>
#include <stdio.h>
#include <unistd.h>
#include <sched.h>
#include <limits.h>
#include "strv.h"
#include "util.h"
#include "path-util.h"
#include "namespace.h"
#include "missing.h"
typedef enum PathMode {
/* This is ordered by priority! */
} PathMode;
typedef struct Path {
const char *path;
bool done;
} Path;
char **i;
STRV_FOREACH(i, strv) {
if (!path_is_absolute(*i))
return -EINVAL;
(*p)->path = *i;
(*p)++;
}
return 0;
}
static int path_compare(const void *a, const void *b) {
const Path *p = a, *q = b;
/* If the paths are equal, check the mode */
return -1;
return 1;
return 0;
}
/* If the paths are not equal, then order prefixes first */
return 1;
return -1;
return 0;
}
assert(p);
assert(n);
/* The first one wins */
continue;
if (t->mode == INACCESSIBLE)
*need_inaccessible = true;
previous = t;
t++;
}
*n = t - p;
}
static int apply_mount(
Path *p,
const char *tmp_dir,
const char *var_tmp_dir,
const char *inaccessible_dir) {
const char *what;
int r;
assert(p);
switch (p->mode) {
case INACCESSIBLE:
break;
case READONLY:
case READWRITE:
break;
case PRIVATE_TMP:
break;
case PRIVATE_VAR_TMP:
what = var_tmp_dir;
break;
default:
assert_not_reached("Unknown mode");
}
if (r >= 0)
return r;
}
static int make_read_only(Path *p) {
int r;
assert(p);
return 0;
if (r < 0)
return -errno;
return 0;
}
int setup_namespace(
char **writable,
char **readable,
char **inaccessible,
bool private_tmp,
unsigned long flags) {
char
tmp_dir[] = "/tmp/systemd-private-XXXXXX",
var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX",
unsigned n;
bool need_inaccessible = false;
int r;
if (!flags)
n =
(private_tmp ? 2 : 0);
goto fail;
if (private_tmp) {
p->path = "/tmp";
p->mode = PRIVATE_TMP;
p++;
p->mode = PRIVATE_VAR_TMP;
p++;
}
if (need_inaccessible) {
mode_t u;
char *d;
u = umask(0777);
d = mkdtemp(inaccessible_dir);
umask(u);
if (!d) {
r = -errno;
goto fail;
}
remove_inaccessible = true;
}
if (private_tmp) {
mode_t u;
char *d;
u = umask(0000);
umask(u);
if (!d) {
r = -errno;
goto fail;
}
remove_tmp = true;
u = umask(0000);
d = mkdtemp(var_tmp_dir);
umask(u);
if (!d) {
r = -errno;
goto fail;
}
remove_var_tmp = true;
r = -errno;
goto fail;
}
r = -errno;
goto fail;
}
}
if (unshare(CLONE_NEWNS) < 0) {
r = -errno;
goto fail;
}
/* Remount / as SLAVE so that nothing now mounted in the namespace
shows up in the parent */
r = -errno;
goto fail;
}
if (r < 0)
goto undo_mounts;
}
r = make_read_only(p);
if (r < 0)
goto undo_mounts;
}
/* Remount / as the desired mode */
r = -errno;
goto undo_mounts;
}
return 0;
if (p->done)
fail:
if (remove_inaccessible)
if (remove_tmp)
if (remove_var_tmp)
return r;
}