2010-08-14 21:59:25 +04:00
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2010-03-31 18:29:55 +04:00
/***
This file is part of systemd .
Copyright 2010 Lennart Poettering
systemd is free software ; you can redistribute it and / or modify it
2012-04-12 02:20:58 +04:00
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation ; either version 2.1 of the License , or
2010-03-31 18:29:55 +04:00
( at your option ) any later version .
systemd is distributed in the hope that it will be useful , but
WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
2012-04-12 02:20:58 +04:00
Lesser General Public License for more details .
2010-03-31 18:29:55 +04:00
2012-04-12 02:20:58 +04:00
You should have received a copy of the GNU Lesser General Public License
2010-03-31 18:29:55 +04:00
along with systemd ; If not , see < http : //www.gnu.org/licenses/>.
* * */
# include <sys/mount.h>
# include <errno.h>
# include <sys/stat.h>
# include <stdlib.h>
# include <string.h>
# include <libgen.h>
# include <assert.h>
2010-10-27 07:47:48 +04:00
# include <unistd.h>
2010-11-08 06:59:39 +03:00
# include <ftw.h>
2010-03-31 18:29:55 +04:00
# include "mount-setup.h"
2012-04-18 00:25:24 +04:00
# include "dev-setup.h"
2010-03-31 18:29:55 +04:00
# include "log.h"
2010-04-08 03:43:07 +04:00
# include "macro.h"
# include "util.h"
2010-09-15 03:38:07 +04:00
# include "label.h"
2011-08-23 02:37:35 +04:00
# include "set.h"
# include "strv.h"
2012-04-10 23:54:31 +04:00
# include "mkdir.h"
2012-05-07 23:36:12 +04:00
# include "path-util.h"
2010-03-31 18:29:55 +04:00
2011-01-04 03:58:38 +03:00
# ifndef TTY_GID
# define TTY_GID 5
# endif
2010-04-12 23:58:01 +04:00
typedef struct MountPoint {
const char * what ;
const char * where ;
const char * type ;
const char * options ;
unsigned long flags ;
2010-04-17 01:22:32 +04:00
bool fatal ;
2010-04-12 23:58:01 +04:00
} MountPoint ;
2011-07-29 03:48:18 +04:00
/* The first three entries we might need before SELinux is up. The
2012-03-15 22:06:10 +04:00
* fourth ( securityfs ) is needed by IMA to load a custom policy . The
* other ones we can delay until SELinux and IMA are loaded . */
# define N_EARLY_MOUNT 4
2011-07-29 03:48:18 +04:00
2010-04-12 23:58:01 +04:00
static const MountPoint mount_table [ ] = {
2010-08-25 06:58:16 +04:00
{ " proc " , " /proc " , " proc " , NULL , MS_NOSUID | MS_NOEXEC | MS_NODEV , true } ,
{ " sysfs " , " /sys " , " sysfs " , NULL , MS_NOSUID | MS_NOEXEC | MS_NODEV , true } ,
2012-04-12 00:18:55 +04:00
{ " devtmpfs " , " /dev " , " devtmpfs " , " mode=755 " , MS_NOSUID | MS_STRICTATIME , true } ,
2012-03-15 22:06:10 +04:00
{ " securityfs " , " /sys/kernel/security " , " securityfs " , NULL , MS_NOSUID | MS_NOEXEC | MS_NODEV , false } ,
2012-04-12 00:18:55 +04:00
{ " tmpfs " , " /dev/shm " , " tmpfs " , " mode=1777 " , MS_NOSUID | MS_NODEV | MS_STRICTATIME , true } ,
2011-01-04 03:58:38 +03:00
{ " devpts " , " /dev/pts " , " devpts " , " mode=620,gid= " STRINGIFY ( TTY_GID ) , MS_NOSUID | MS_NOEXEC , false } ,
2012-04-12 00:18:55 +04:00
{ " tmpfs " , " /run " , " tmpfs " , " mode=755 " , MS_NOSUID | MS_NODEV | MS_STRICTATIME , true } ,
{ " tmpfs " , " /sys/fs/cgroup " , " tmpfs " , " mode=755 " , MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME , false } ,
2011-04-13 00:15:59 +04:00
{ " cgroup " , " /sys/fs/cgroup/systemd " , " cgroup " , " none,name=systemd " , MS_NOSUID | MS_NOEXEC | MS_NODEV , false } ,
2010-03-31 18:29:55 +04:00
} ;
2010-07-16 04:56:57 +04:00
/* These are API file systems that might be mounted by other software,
2010-11-25 00:27:45 +03:00
* we just list them here so that we know that we should ignore them */
2010-07-16 04:56:57 +04:00
2012-04-22 03:00:57 +04:00
static const char ignore_paths [ ] =
/* SELinux file systems */
" /sys/fs/selinux \0 "
" /selinux \0 "
/* Legacy cgroup mount points */
" /dev/cgroup \0 "
" /cgroup \0 "
/* Legacy kernel file system */
" /proc/bus/usb \0 "
/* Container bind mounts */
" /proc/sys \0 "
" /dev/console \0 "
" /proc/kmsg \0 "
" /etc/localtime \0 "
" /etc/timezone \0 "
" /etc/machine-id \0 " ;
2010-07-16 04:56:57 +04:00
2010-04-10 19:42:00 +04:00
bool mount_point_is_api ( const char * path ) {
unsigned i ;
/* Checks if this mount point is considered "API", and hence
* should be ignored */
2010-04-12 23:58:01 +04:00
for ( i = 0 ; i < ELEMENTSOF ( mount_table ) ; i + + )
2010-08-20 05:26:15 +04:00
if ( path_equal ( path , mount_table [ i ] . where ) )
2010-04-10 19:42:00 +04:00
return true ;
2010-11-11 13:15:16 +03:00
return path_startswith ( path , " /sys/fs/cgroup/ " ) ;
}
bool mount_point_ignore ( const char * path ) {
2012-04-22 03:00:57 +04:00
const char * i ;
2010-11-11 13:15:16 +03:00
2012-04-22 03:00:57 +04:00
NULSTR_FOREACH ( i , ignore_paths )
if ( path_equal ( path , i ) )
2010-07-16 04:56:57 +04:00
return true ;
2010-11-11 13:15:16 +03:00
return false ;
2010-04-10 19:42:00 +04:00
}
2011-07-29 03:48:18 +04:00
static int mount_one ( const MountPoint * p , bool relabel ) {
2010-03-31 18:29:55 +04:00
int r ;
2010-04-12 23:58:01 +04:00
assert ( p ) ;
2010-03-31 18:29:55 +04:00
2011-04-07 01:38:01 +04:00
/* Relabel first, just in case */
2011-07-29 03:48:18 +04:00
if ( relabel )
label_fix ( p - > where , true ) ;
2011-04-07 01:38:01 +04:00
2011-08-23 02:37:35 +04:00
if ( ( r = path_is_mount_point ( p - > where , true ) ) < 0 )
2010-03-31 18:29:55 +04:00
return r ;
if ( r > 0 )
2011-04-07 01:38:01 +04:00
return 0 ;
2010-03-31 18:29:55 +04:00
2010-04-06 23:55:58 +04:00
/* The access mode here doesn't really matter too much, since
* the mounted file system will take precedence anyway . */
2010-04-12 23:58:01 +04:00
mkdir_p ( p - > where , 0755 ) ;
2010-04-06 23:55:58 +04:00
2010-03-31 18:29:55 +04:00
log_debug ( " Mounting %s to %s of type %s with options %s. " ,
2010-04-12 23:58:01 +04:00
p - > what ,
p - > where ,
p - > type ,
strna ( p - > options ) ) ;
if ( mount ( p - > what ,
p - > where ,
p - > type ,
p - > flags ,
p - > options ) < 0 ) {
2012-04-20 14:39:09 +04:00
log_full ( p - > fatal ? LOG_ERR : LOG_DEBUG , " Failed to mount %s: %s " , p - > where , strerror ( errno ) ) ;
2010-04-17 01:22:32 +04:00
return p - > fatal ? - errno : 0 ;
2010-03-31 18:29:55 +04:00
}
2011-04-07 01:38:01 +04:00
/* Relabel again, since we now mounted something fresh here */
2011-07-29 03:48:18 +04:00
if ( relabel )
label_fix ( p - > where , false ) ;
2010-09-15 03:38:07 +04:00
2011-08-23 02:37:35 +04:00
return 1 ;
2010-03-31 18:29:55 +04:00
}
2011-07-29 03:48:18 +04:00
int mount_setup_early ( void ) {
unsigned i ;
int r = 0 ;
assert_cc ( N_EARLY_MOUNT < = ELEMENTSOF ( mount_table ) ) ;
/* Do a minimal mount of /proc and friends to enable the most
* basic stuff , such as SELinux */
for ( i = 0 ; i < N_EARLY_MOUNT ; i + + ) {
int j ;
j = mount_one ( mount_table + i , false ) ;
if ( r = = 0 )
r = j ;
}
return r ;
}
2011-08-23 02:37:35 +04:00
int mount_cgroup_controllers ( char * * * join_controllers ) {
2010-04-17 01:22:32 +04:00
int r ;
FILE * f ;
2011-04-07 20:48:50 +04:00
char buf [ LINE_MAX ] ;
2011-08-23 02:37:35 +04:00
Set * controllers ;
2010-04-17 01:22:32 +04:00
2010-05-18 05:10:17 +04:00
/* Mount all available cgroup controllers that are built into the kernel. */
2010-04-17 01:22:32 +04:00
2011-08-23 02:37:35 +04:00
f = fopen ( " /proc/cgroups " , " re " ) ;
if ( ! f ) {
2011-04-26 23:12:36 +04:00
log_error ( " Failed to enumerate cgroup controllers: %m " ) ;
return 0 ;
}
2010-04-17 01:22:32 +04:00
2011-08-23 02:37:35 +04:00
controllers = set_new ( string_hash_func , string_compare_func ) ;
if ( ! controllers ) {
r = - ENOMEM ;
log_error ( " Failed to allocate controller set. " ) ;
goto finish ;
}
2010-04-17 01:22:32 +04:00
/* Ignore the header line */
2010-05-10 05:34:31 +04:00
( void ) fgets ( buf , sizeof ( buf ) , f ) ;
2010-04-17 01:22:32 +04:00
for ( ; ; ) {
2011-08-23 02:37:35 +04:00
char * controller ;
int enabled = 0 ;
2010-04-17 01:22:32 +04:00
2010-11-22 13:06:38 +03:00
if ( fscanf ( f , " %ms %*i %*i %i " , & controller , & enabled ) ! = 2 ) {
2010-04-17 01:22:32 +04:00
if ( feof ( f ) )
break ;
log_error ( " Failed to parse /proc/cgroups. " ) ;
r = - EIO ;
goto finish ;
}
2010-11-22 00:29:10 +03:00
if ( ! enabled ) {
free ( controller ) ;
continue ;
}
2011-08-23 02:37:35 +04:00
r = set_put ( controllers , controller ) ;
if ( r < 0 ) {
log_error ( " Failed to add controller to set. " ) ;
2010-04-17 01:22:32 +04:00
free ( controller ) ;
2011-08-23 02:37:35 +04:00
goto finish ;
}
}
for ( ; ; ) {
MountPoint p ;
char * controller , * where , * options ;
char * * * k = NULL ;
controller = set_steal_first ( controllers ) ;
if ( ! controller )
break ;
if ( join_controllers )
for ( k = join_controllers ; * k ; k + + )
if ( strv_find ( * k , controller ) )
break ;
if ( k & & * k ) {
char * * i , * * j ;
for ( i = * k , j = * k ; * i ; i + + ) {
if ( ! streq ( * i , controller ) ) {
char * t ;
t = set_remove ( controllers , * i ) ;
if ( ! t ) {
free ( * i ) ;
continue ;
}
free ( t ) ;
}
* ( j + + ) = * i ;
}
* j = NULL ;
options = strv_join ( * k , " , " ) ;
if ( ! options ) {
log_error ( " Failed to join options " ) ;
free ( controller ) ;
r = - ENOMEM ;
goto finish ;
}
} else {
options = controller ;
controller = NULL ;
}
where = strappend ( " /sys/fs/cgroup/ " , options ) ;
if ( ! where ) {
log_error ( " Failed to build path " ) ;
free ( options ) ;
2010-04-17 01:22:32 +04:00
r = - ENOMEM ;
goto finish ;
}
zero ( p ) ;
p . what = " cgroup " ;
p . where = where ;
p . type = " cgroup " ;
2011-08-23 02:37:35 +04:00
p . options = options ;
2010-04-17 01:22:32 +04:00
p . flags = MS_NOSUID | MS_NOEXEC | MS_NODEV ;
p . fatal = false ;
2011-07-29 03:48:18 +04:00
r = mount_one ( & p , true ) ;
2010-04-17 01:22:32 +04:00
free ( controller ) ;
free ( where ) ;
2011-08-23 02:37:35 +04:00
if ( r < 0 ) {
free ( options ) ;
2010-04-17 01:22:32 +04:00
goto finish ;
2011-08-23 02:37:35 +04:00
}
if ( r > 0 & & k & & * k ) {
char * * i ;
for ( i = * k ; * i ; i + + ) {
char * t ;
t = strappend ( " /sys/fs/cgroup/ " , * i ) ;
if ( ! t ) {
log_error ( " Failed to build path " ) ;
r = - ENOMEM ;
free ( options ) ;
goto finish ;
}
r = symlink ( options , t ) ;
free ( t ) ;
if ( r < 0 & & errno ! = EEXIST ) {
log_error ( " Failed to create symlink: %m " ) ;
r = - errno ;
free ( options ) ;
goto finish ;
}
}
}
free ( options ) ;
2010-04-17 01:22:32 +04:00
}
r = 0 ;
finish :
2011-08-23 02:37:35 +04:00
set_free_free ( controllers ) ;
2010-04-17 01:22:32 +04:00
fclose ( f ) ;
return r ;
}
2010-11-08 06:59:39 +03:00
static int nftw_cb (
const char * fpath ,
const struct stat * sb ,
int tflag ,
struct FTW * ftwbuf ) {
2010-11-11 03:22:42 +03:00
/* No need to label /dev twice in a row... */
2011-08-30 02:16:00 +04:00
if ( _unlikely_ ( ftwbuf - > level = = 0 ) )
return FTW_CONTINUE ;
2011-08-30 20:49:17 +04:00
label_fix ( fpath , true ) ;
2011-08-30 02:16:00 +04:00
/* /run/initramfs is static data and big, no need to
2011-08-30 20:49:17 +04:00
* dynamically relabel its contents at boot . . . */
2011-08-30 02:16:00 +04:00
if ( _unlikely_ ( ftwbuf - > level = = 1 & &
tflag = = FTW_D & &
streq ( fpath , " /run/initramfs " ) ) )
return FTW_SKIP_SUBTREE ;
2010-11-11 03:22:42 +03:00
2011-08-30 02:16:00 +04:00
return FTW_CONTINUE ;
2010-11-08 06:59:39 +03:00
} ;
2011-07-29 01:52:23 +04:00
int mount_setup ( bool loaded_policy ) {
2010-10-27 07:47:48 +04:00
2011-08-30 20:49:17 +04:00
static const char relabel [ ] =
" /run/initramfs/root-fsck \0 "
" /run/initramfs/shutdown \0 " ;
2010-03-31 18:29:55 +04:00
int r ;
2010-04-10 19:42:00 +04:00
unsigned i ;
2012-04-18 00:25:24 +04:00
const char * j ;
2010-03-31 18:29:55 +04:00
2011-07-29 03:48:18 +04:00
for ( i = 0 ; i < ELEMENTSOF ( mount_table ) ; i + + ) {
r = mount_one ( mount_table + i , true ) ;
if ( r < 0 )
2010-03-31 18:29:55 +04:00
return r ;
2011-07-29 03:48:18 +04:00
}
2010-03-31 18:29:55 +04:00
2011-04-07 23:22:41 +04:00
/* Nodes in devtmpfs and /run need to be manually updated for
* the appropriate labels , after mounting . The other virtual
* API file systems like / sys and / proc do not need that , they
* use the same label for all their files . */
2011-07-29 01:52:23 +04:00
if ( loaded_policy ) {
usec_t before_relabel , after_relabel ;
char timespan [ FORMAT_TIMESPAN_MAX ] ;
before_relabel = now ( CLOCK_MONOTONIC ) ;
2011-08-30 02:16:00 +04:00
nftw ( " /dev " , nftw_cb , 64 , FTW_MOUNT | FTW_PHYS | FTW_ACTIONRETVAL ) ;
nftw ( " /run " , nftw_cb , 64 , FTW_MOUNT | FTW_PHYS | FTW_ACTIONRETVAL ) ;
2011-07-29 01:52:23 +04:00
2011-08-30 20:49:17 +04:00
/* Explicitly relabel these */
NULSTR_FOREACH ( j , relabel )
label_fix ( j , true ) ;
2011-07-29 01:52:23 +04:00
after_relabel = now ( CLOCK_MONOTONIC ) ;
log_info ( " Relabelled /dev and /run in %s. " ,
format_timespan ( timespan , sizeof ( timespan ) , after_relabel - before_relabel ) ) ;
2011-04-04 18:56:51 +04:00
}
2010-11-08 06:59:39 +03:00
2010-10-27 07:47:48 +04:00
/* Create a few default symlinks, which are normally created
2011-04-07 23:22:41 +04:00
* by udevd , but some scripts might need them before we start
2010-10-27 07:47:48 +04:00
* udevd . */
2012-04-18 00:25:24 +04:00
dev_setup ( ) ;
2010-10-27 07:47:48 +04:00
2011-03-10 00:45:47 +03:00
/* Create a few directories we always want around */
2011-08-30 20:49:17 +04:00
label_mkdir ( " /run/systemd " , 0755 ) ;
label_mkdir ( " /run/systemd/system " , 0755 ) ;
2011-03-10 00:45:47 +03:00
2011-08-23 02:37:35 +04:00
return 0 ;
2010-03-31 18:29:55 +04:00
}