namespace.c revision c1d70f7ca5eeeb3850161444028ba227f79df83e
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <errno.h>
#include <string.h>
#include <stdio.h>
#include <unistd.h>
#include <sched.h>
#include <limits.h>
#include "strv.h"
#include "util.h"
#include "path-util.h"
#include "namespace.h"
#include "missing.h"
typedef enum PathMode {
/* This is ordered by priority! */
} PathMode;
typedef struct Path {
const char *path;
} Path;
char **i;
STRV_FOREACH(i, strv) {
if (!path_is_absolute(*i))
return -EINVAL;
(*p)->path = *i;
(*p)++;
}
return 0;
}
static int path_compare(const void *a, const void *b) {
const Path *p = a, *q = b;
/* If the paths are equal, check the mode */
return -1;
return 1;
return 0;
}
/* If the paths are not equal, then order prefixes first */
return 1;
return -1;
return 0;
}
assert(p);
assert(n);
continue;
*need_private = true;
if (t->mode == INACCESSIBLE)
*need_inaccessible = true;
previous = t;
t++;
}
*n = t - p;
}
static int apply_mount(Path *p, const char *root_dir, const char *inaccessible_dir, const char *private_dir, unsigned long flags) {
const char *what;
char *where;
int r;
assert(p);
if (!where)
return -ENOMEM;
switch (p->mode) {
case INACCESSIBLE:
break;
case READONLY:
/* Fall through */
case READWRITE:
break;
case PRIVATE:
what = private_dir;
break;
default:
assert_not_reached("Unknown mode");
}
if (r >= 0) {
/* The bind mount will always inherit the original
* flags. If we want to set any flag we need
* to do so in a second independent step. */
if (flags)
/* Avoid exponential growth of trees */
if (r < 0) {
r = -errno;
}
}
return r;
}
int setup_namespace(
char **writable,
char **readable,
char **inaccessible,
bool private_tmp,
unsigned long flags) {
char
tmp_dir[] = "/tmp/systemd-namespace-XXXXXX",
root_dir[] = "/tmp/systemd-namespace-XXXXXX/root",
unsigned n;
bool need_private = false, need_inaccessible = false;
bool remove_tmp = false, remove_root = false, remove_old_root = false, remove_inaccessible = false, remove_private = false;
int r;
const char *t;
n =
if (!paths)
return -ENOMEM;
p = paths;
goto fail;
if (private_tmp) {
p->path = "/tmp";
p++;
p++;
}
p->path = "/";
p++;
r = -errno;
goto fail;
}
remove_tmp = true;
r = -errno;
goto fail;
}
remove_root = true;
if (need_inaccessible) {
if (mkdir(inaccessible_dir, 0) < 0) {
r = -errno;
goto fail;
}
remove_inaccessible = true;
}
if (need_private) {
mode_t u;
u = umask(0000);
umask(u);
r = -errno;
goto fail;
}
umask(u);
remove_private = true;
}
if (unshare(CLONE_NEWNS) < 0) {
r = -errno;
goto fail;
}
/* Remount / as SLAVE so that nothing mounted in the namespace
shows up in the parent */
r = -errno;
goto fail;
}
if (r < 0)
goto undo_mounts;
}
if (!mkdtemp(old_root_dir)) {
r = -errno;
goto undo_mounts;
}
remove_old_root = true;
r = -errno;
goto undo_mounts;
}
r = -errno;
goto undo_mounts;
}
if (umount2(t, MNT_DETACH) < 0)
/* At this point it's too late to turn anything back,
* since we are already in the new root. */
return -errno;
if (rmdir(t) < 0)
return -errno;
return 0;
for (p--; p >= paths; p--) {
}
fail:
if (remove_old_root)
if (remove_inaccessible)
if (remove_private)
if (remove_root)
if (remove_tmp)
return r;
}