1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-14 23:24:38 +03:00

core:namespace: simplify mount calculation

Move out mount calculation on its own function. Actually the logic is
smart enough to later drop nop and duplicates mounts, this change
improves code readability.
---
 src/core/namespace.c | 47 ++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 36 insertions(+), 11 deletions(-)
This commit is contained in:
Djalal Harouni 2016-09-25 11:25:00 +02:00
parent 11a30cec2a
commit 2652c6c103

View File

@ -515,6 +515,32 @@ static int chase_all_symlinks(const char *root_directory, BindMount *m, unsigned
return 0; return 0;
} }
static unsigned namespace_calculate_mounts(
char** read_write_paths,
char** read_only_paths,
char** inaccessible_paths,
const char* tmp_dir,
const char* var_tmp_dir,
bool private_dev,
bool protect_sysctl,
bool protect_cgroups,
ProtectHome protect_home,
ProtectSystem protect_system) {
return !!tmp_dir + !!var_tmp_dir +
strv_length(read_write_paths) +
strv_length(read_only_paths) +
strv_length(inaccessible_paths) +
private_dev +
(protect_sysctl ? ELEMENTSOF(protect_kernel_tunables_table) : 0) +
(protect_cgroups ? 1 : 0) +
(protect_home != PROTECT_HOME_NO || protect_system == PROTECT_SYSTEM_STRICT ? 3 : 0) +
(protect_system == PROTECT_SYSTEM_STRICT ?
(2 + !private_dev + !protect_sysctl) :
((protect_system != PROTECT_SYSTEM_NO ? 3 : 0) +
(protect_system == PROTECT_SYSTEM_FULL ? 1 : 0)));
}
int setup_namespace( int setup_namespace(
const char* root_directory, const char* root_directory,
char** read_write_paths, char** read_write_paths,
@ -537,19 +563,15 @@ int setup_namespace(
if (mount_flags == 0) if (mount_flags == 0)
mount_flags = MS_SHARED; mount_flags = MS_SHARED;
n = !!tmp_dir + !!var_tmp_dir + n = namespace_calculate_mounts(read_write_paths,
strv_length(read_write_paths) + read_only_paths,
strv_length(read_only_paths) + inaccessible_paths,
strv_length(inaccessible_paths) + tmp_dir, var_tmp_dir,
private_dev + private_dev, protect_sysctl,
(protect_sysctl ? ELEMENTSOF(protect_kernel_tunables_table) : 0) + protect_cgroups, protect_home,
(protect_cgroups ? 1 : 0) + protect_system);
(protect_home != PROTECT_HOME_NO || protect_system == PROTECT_SYSTEM_STRICT ? 3 : 0) +
(protect_system == PROTECT_SYSTEM_STRICT ?
(2 + !private_dev + !protect_sysctl) :
((protect_system != PROTECT_SYSTEM_NO ? 3 : 0) +
(protect_system == PROTECT_SYSTEM_FULL ? 1 : 0)));
/* Set mount slave mode */
if (root_directory || n > 0) if (root_directory || n > 0)
make_slave = true; make_slave = true;