1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-11 05:17:44 +03:00

core/namespace: make '-' prefix in Bind{,ReadOnly}Paths= work

Each path in `Bind{ReadOnly}Paths=` accept '-' prefix. However,
the prefix is completely ignored.
This makes it work as expected.
This commit is contained in:
Yu Watanabe 2018-02-21 09:07:56 +09:00
parent 72d967df3e
commit 4ca763a902
3 changed files with 11 additions and 19 deletions

View File

@ -175,7 +175,9 @@
source path, destination path and option string, where the latter two are optional. If only a source path is
specified the source and destination is taken to be the same. The option string may be either
<literal>rbind</literal> or <literal>norbind</literal> for configuring a recursive or non-recursive bind
mount. If the destination path is omitted, the option string must be omitted too.</para>
mount. If the destination path is omitted, the option string must be omitted too.
Each bind mount definition may be prefixed with <literal>-</literal>, in which case it will be ignored
when its source path does not exist.</para>
<para><varname>BindPaths=</varname> creates regular writable bind mounts (unless the source file system mount
is already marked read-only), while <varname>BindReadOnlyPaths=</varname> creates read-only bind mounts. These

View File

@ -4173,13 +4173,13 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
}
if (c->n_bind_mounts > 0)
for (i = 0; i < c->n_bind_mounts; i++) {
fprintf(f, "%s%s: %s:%s:%s\n", prefix,
for (i = 0; i < c->n_bind_mounts; i++)
fprintf(f, "%s%s: %s%s:%s:%s\n", prefix,
c->bind_mounts[i].read_only ? "BindReadOnlyPaths" : "BindPaths",
c->bind_mounts[i].ignore_enoent ? "-": "",
c->bind_mounts[i].source,
c->bind_mounts[i].destination,
c->bind_mounts[i].recursive ? "rbind" : "norbind");
}
if (c->utmp_id)
fprintf(f,

View File

@ -262,6 +262,7 @@ static int append_bind_mounts(MountEntry **p, const BindMount *binds, unsigned n
.mode = b->recursive ? BIND_MOUNT_RECURSIVE : BIND_MOUNT,
.read_only = b->read_only,
.source_const = b->source,
.ignore = b->ignore_enoent,
};
}
@ -728,11 +729,11 @@ static int mount_entry_chase(
const char *root_directory,
const MountEntry *m,
const char *path,
bool chase_nonexistent,
char **location) {
char *chased;
int r;
unsigned flags = 0;
assert(m);
@ -740,18 +741,7 @@ static int mount_entry_chase(
* chase the symlinks on our own first. This is called for the destination path, as well as the source path (if
* that applies). The result is stored in "location". */
if (IN_SET(m->mode,
BIND_MOUNT,
BIND_MOUNT_RECURSIVE,
PRIVATE_TMP,
PRIVATE_DEV,
BIND_DEV,
EMPTY_DIR,
SYSFS,
PROCFS))
flags |= CHASE_NONEXISTENT;
r = chase_symlinks(path, root_directory, flags, &chased);
r = chase_symlinks(path, root_directory, chase_nonexistent ? CHASE_NONEXISTENT : 0, &chased);
if (r == -ENOENT && m->ignore) {
log_debug_errno(r, "Path %s does not exist, ignoring.", path);
return 0;
@ -777,7 +767,7 @@ static int apply_mount(
assert(m);
r = mount_entry_chase(root_directory, m, mount_entry_path(m), &m->path_malloc);
r = mount_entry_chase(root_directory, m, mount_entry_path(m), !IN_SET(m->mode, INACCESSIBLE, READONLY, READWRITE), &m->path_malloc);
if (r <= 0)
return r;
@ -822,7 +812,7 @@ static int apply_mount(
case BIND_MOUNT_RECURSIVE:
/* Also chase the source mount */
r = mount_entry_chase(root_directory, m, mount_entry_source(m), &m->source_malloc);
r = mount_entry_chase(root_directory, m, mount_entry_source(m), false, &m->source_malloc);
if (r <= 0)
return r;