mirror of
https://github.com/systemd/systemd.git
synced 2025-01-14 23:24:38 +03:00
core:namespace: simplify mount calculation
Move out mount calculation on its own function. Actually the logic is smart enough to later drop nop and duplicates mounts, this change improves code readability. --- src/core/namespace.c | 47 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 11 deletions(-)
This commit is contained in:
parent
11a30cec2a
commit
2652c6c103
@ -515,6 +515,32 @@ static int chase_all_symlinks(const char *root_directory, BindMount *m, unsigned
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static unsigned namespace_calculate_mounts(
|
||||||
|
char** read_write_paths,
|
||||||
|
char** read_only_paths,
|
||||||
|
char** inaccessible_paths,
|
||||||
|
const char* tmp_dir,
|
||||||
|
const char* var_tmp_dir,
|
||||||
|
bool private_dev,
|
||||||
|
bool protect_sysctl,
|
||||||
|
bool protect_cgroups,
|
||||||
|
ProtectHome protect_home,
|
||||||
|
ProtectSystem protect_system) {
|
||||||
|
|
||||||
|
return !!tmp_dir + !!var_tmp_dir +
|
||||||
|
strv_length(read_write_paths) +
|
||||||
|
strv_length(read_only_paths) +
|
||||||
|
strv_length(inaccessible_paths) +
|
||||||
|
private_dev +
|
||||||
|
(protect_sysctl ? ELEMENTSOF(protect_kernel_tunables_table) : 0) +
|
||||||
|
(protect_cgroups ? 1 : 0) +
|
||||||
|
(protect_home != PROTECT_HOME_NO || protect_system == PROTECT_SYSTEM_STRICT ? 3 : 0) +
|
||||||
|
(protect_system == PROTECT_SYSTEM_STRICT ?
|
||||||
|
(2 + !private_dev + !protect_sysctl) :
|
||||||
|
((protect_system != PROTECT_SYSTEM_NO ? 3 : 0) +
|
||||||
|
(protect_system == PROTECT_SYSTEM_FULL ? 1 : 0)));
|
||||||
|
}
|
||||||
|
|
||||||
int setup_namespace(
|
int setup_namespace(
|
||||||
const char* root_directory,
|
const char* root_directory,
|
||||||
char** read_write_paths,
|
char** read_write_paths,
|
||||||
@ -537,19 +563,15 @@ int setup_namespace(
|
|||||||
if (mount_flags == 0)
|
if (mount_flags == 0)
|
||||||
mount_flags = MS_SHARED;
|
mount_flags = MS_SHARED;
|
||||||
|
|
||||||
n = !!tmp_dir + !!var_tmp_dir +
|
n = namespace_calculate_mounts(read_write_paths,
|
||||||
strv_length(read_write_paths) +
|
read_only_paths,
|
||||||
strv_length(read_only_paths) +
|
inaccessible_paths,
|
||||||
strv_length(inaccessible_paths) +
|
tmp_dir, var_tmp_dir,
|
||||||
private_dev +
|
private_dev, protect_sysctl,
|
||||||
(protect_sysctl ? ELEMENTSOF(protect_kernel_tunables_table) : 0) +
|
protect_cgroups, protect_home,
|
||||||
(protect_cgroups ? 1 : 0) +
|
protect_system);
|
||||||
(protect_home != PROTECT_HOME_NO || protect_system == PROTECT_SYSTEM_STRICT ? 3 : 0) +
|
|
||||||
(protect_system == PROTECT_SYSTEM_STRICT ?
|
|
||||||
(2 + !private_dev + !protect_sysctl) :
|
|
||||||
((protect_system != PROTECT_SYSTEM_NO ? 3 : 0) +
|
|
||||||
(protect_system == PROTECT_SYSTEM_FULL ? 1 : 0)));
|
|
||||||
|
|
||||||
|
/* Set mount slave mode */
|
||||||
if (root_directory || n > 0)
|
if (root_directory || n > 0)
|
||||||
make_slave = true;
|
make_slave = true;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user