mirror of
https://github.com/systemd/systemd.git
synced 2025-01-09 01:18:19 +03:00
core/namespace: make '-' prefix in Bind{,ReadOnly}Paths= work
Each path in `Bind{ReadOnly}Paths=` accept '-' prefix. However, the prefix is completely ignored. This makes it work as expected.
This commit is contained in:
parent
72d967df3e
commit
4ca763a902
@ -175,7 +175,9 @@
|
||||
source path, destination path and option string, where the latter two are optional. If only a source path is
|
||||
specified the source and destination is taken to be the same. The option string may be either
|
||||
<literal>rbind</literal> or <literal>norbind</literal> for configuring a recursive or non-recursive bind
|
||||
mount. If the destination path is omitted, the option string must be omitted too.</para>
|
||||
mount. If the destination path is omitted, the option string must be omitted too.
|
||||
Each bind mount definition may be prefixed with <literal>-</literal>, in which case it will be ignored
|
||||
when its source path does not exist.</para>
|
||||
|
||||
<para><varname>BindPaths=</varname> creates regular writable bind mounts (unless the source file system mount
|
||||
is already marked read-only), while <varname>BindReadOnlyPaths=</varname> creates read-only bind mounts. These
|
||||
|
@ -4173,13 +4173,13 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
|
||||
}
|
||||
|
||||
if (c->n_bind_mounts > 0)
|
||||
for (i = 0; i < c->n_bind_mounts; i++) {
|
||||
fprintf(f, "%s%s: %s:%s:%s\n", prefix,
|
||||
for (i = 0; i < c->n_bind_mounts; i++)
|
||||
fprintf(f, "%s%s: %s%s:%s:%s\n", prefix,
|
||||
c->bind_mounts[i].read_only ? "BindReadOnlyPaths" : "BindPaths",
|
||||
c->bind_mounts[i].ignore_enoent ? "-": "",
|
||||
c->bind_mounts[i].source,
|
||||
c->bind_mounts[i].destination,
|
||||
c->bind_mounts[i].recursive ? "rbind" : "norbind");
|
||||
}
|
||||
|
||||
if (c->utmp_id)
|
||||
fprintf(f,
|
||||
|
@ -262,6 +262,7 @@ static int append_bind_mounts(MountEntry **p, const BindMount *binds, unsigned n
|
||||
.mode = b->recursive ? BIND_MOUNT_RECURSIVE : BIND_MOUNT,
|
||||
.read_only = b->read_only,
|
||||
.source_const = b->source,
|
||||
.ignore = b->ignore_enoent,
|
||||
};
|
||||
}
|
||||
|
||||
@ -728,11 +729,11 @@ static int mount_entry_chase(
|
||||
const char *root_directory,
|
||||
const MountEntry *m,
|
||||
const char *path,
|
||||
bool chase_nonexistent,
|
||||
char **location) {
|
||||
|
||||
char *chased;
|
||||
int r;
|
||||
unsigned flags = 0;
|
||||
|
||||
assert(m);
|
||||
|
||||
@ -740,18 +741,7 @@ static int mount_entry_chase(
|
||||
* chase the symlinks on our own first. This is called for the destination path, as well as the source path (if
|
||||
* that applies). The result is stored in "location". */
|
||||
|
||||
if (IN_SET(m->mode,
|
||||
BIND_MOUNT,
|
||||
BIND_MOUNT_RECURSIVE,
|
||||
PRIVATE_TMP,
|
||||
PRIVATE_DEV,
|
||||
BIND_DEV,
|
||||
EMPTY_DIR,
|
||||
SYSFS,
|
||||
PROCFS))
|
||||
flags |= CHASE_NONEXISTENT;
|
||||
|
||||
r = chase_symlinks(path, root_directory, flags, &chased);
|
||||
r = chase_symlinks(path, root_directory, chase_nonexistent ? CHASE_NONEXISTENT : 0, &chased);
|
||||
if (r == -ENOENT && m->ignore) {
|
||||
log_debug_errno(r, "Path %s does not exist, ignoring.", path);
|
||||
return 0;
|
||||
@ -777,7 +767,7 @@ static int apply_mount(
|
||||
|
||||
assert(m);
|
||||
|
||||
r = mount_entry_chase(root_directory, m, mount_entry_path(m), &m->path_malloc);
|
||||
r = mount_entry_chase(root_directory, m, mount_entry_path(m), !IN_SET(m->mode, INACCESSIBLE, READONLY, READWRITE), &m->path_malloc);
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
||||
@ -822,7 +812,7 @@ static int apply_mount(
|
||||
case BIND_MOUNT_RECURSIVE:
|
||||
/* Also chase the source mount */
|
||||
|
||||
r = mount_entry_chase(root_directory, m, mount_entry_source(m), &m->source_malloc);
|
||||
r = mount_entry_chase(root_directory, m, mount_entry_source(m), false, &m->source_malloc);
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user