The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3497
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner <[email protected]>
From 49b21cd7d99e5f22a3e09e78b92b13f2df2d5aed Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 22 Jul 2020 10:50:20 +0200 Subject: [PATCH 1/9] syscalls: add fsopen() Signed-off-by: Christian Brauner <[email protected]> --- configure.ac | 2 +- src/lxc/syscall_numbers.h | 20 ++++++++++++++++++++ src/lxc/syscall_wrappers.h | 10 ++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index f74d29a726..85d2668850 100644 --- a/configure.ac +++ b/configure.ac @@ -622,7 +622,7 @@ AC_CHECK_HEADER([ifaddrs.h], AC_HEADER_MAJOR # Check for some syscalls functions -AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3]) +AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen]) AC_CHECK_TYPES([struct clone_args], [], [], [[#include <linux/sched.h>]]) AC_CHECK_MEMBERS([struct clone_args.set_tid],[],[],[[#include <linux/sched.h>]]) AC_CHECK_MEMBERS([struct clone_args.cgroup],[],[],[[#include <linux/sched.h>]]) diff --git a/src/lxc/syscall_numbers.h b/src/lxc/syscall_numbers.h index bfd0e57ab9..6786830924 100644 --- a/src/lxc/syscall_numbers.h +++ b/src/lxc/syscall_numbers.h @@ -563,4 +563,24 @@ #endif #endif +#ifndef __NR_fsopen + #if defined __alpha__ + #define __NR_fsopen 540 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_fsopen 4430 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_fsopen 6430 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_fsopen 5430 + #endif + #elif defined __ia64__ + #define __NR_fsopen (430 + 1024) + #else + #define __NR_fsopen 430 + #endif +#endif + #endif /* __LXC_SYSCALL_NUMBERS_H */ diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h index 041daf3575..8e7937d4d4 100644 --- a/src/lxc/syscall_wrappers.h +++ b/src/lxc/syscall_wrappers.h @@ -161,4 +161,14 @@ static inline int open_tree_lxc(int dfd, const char *filename, unsigned int flag extern int open_tree(int dfd, const char *filename, unsigned int flags); #endif +#ifndef HAVE_FSOPEN +static inline int fsopen_lxc(const char *fs_name, unsigned int flags) +{ + return syscall(__NR_fsopen, fs_name, flags); +} +#define fsopen fsopen_lxc +#else +extern int fsopen(const char *fs_name, unsigned int flags); +#endif + #endif /* __LXC_SYSCALL_WRAPPER_H */ From 749bc40479328b146fad2ef79cfb6cffa9701319 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 22 Jul 2020 10:54:12 +0200 Subject: [PATCH 2/9] syscalls: add fspick() Signed-off-by: Christian Brauner <[email protected]> --- configure.ac | 2 +- src/lxc/syscall_numbers.h | 20 ++++++++++++++++++++ src/lxc/syscall_wrappers.h | 10 ++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 85d2668850..32fcdc230d 100644 --- a/configure.ac +++ b/configure.ac @@ -622,7 +622,7 @@ AC_CHECK_HEADER([ifaddrs.h], AC_HEADER_MAJOR # Check for some syscalls functions -AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen]) +AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick]) AC_CHECK_TYPES([struct clone_args], [], [], [[#include <linux/sched.h>]]) AC_CHECK_MEMBERS([struct clone_args.set_tid],[],[],[[#include <linux/sched.h>]]) AC_CHECK_MEMBERS([struct clone_args.cgroup],[],[],[[#include <linux/sched.h>]]) diff --git a/src/lxc/syscall_numbers.h b/src/lxc/syscall_numbers.h index 6786830924..cbd69803ea 100644 --- a/src/lxc/syscall_numbers.h +++ b/src/lxc/syscall_numbers.h @@ -583,4 +583,24 @@ #endif #endif +#ifndef __NR_fspick + #if defined __alpha__ + #define __NR_fspick 543 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_fspick 4433 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_fspick 6433 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_fspick 5433 + #endif + #elif defined __ia64__ + #define __NR_fspick (433 + 1024) + #else + #define __NR_fspick 433 + #endif +#endif + #endif /* __LXC_SYSCALL_NUMBERS_H */ diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h index 8e7937d4d4..6d4f8f42cd 100644 --- a/src/lxc/syscall_wrappers.h +++ b/src/lxc/syscall_wrappers.h @@ -171,4 +171,14 @@ static inline int fsopen_lxc(const char *fs_name, unsigned int flags) extern int fsopen(const char *fs_name, unsigned int flags); #endif +#ifndef HAVE_FSPICK +static inline int fspick_lxc(int dfd, const char *path, unsigned int flags) +{ + return syscall(__NR_fspick, dfd, path, flags); +} +#define fspick fspick_lxc +#else +extern int fspick(int dfd, const char *path, unsigned int flags); +#endif + #endif /* __LXC_SYSCALL_WRAPPER_H */ From 9edfcaa8220c1d80a91646e0286ae1aa0da7957b Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 22 Jul 2020 10:59:49 +0200 Subject: [PATCH 3/9] syscalls: add fsconfig() Signed-off-by: Christian Brauner <[email protected]> --- configure.ac | 2 +- src/lxc/syscall_numbers.h | 20 ++++++++++++++++++++ src/lxc/syscall_wrappers.h | 10 ++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 32fcdc230d..8178a4452e 100644 --- a/configure.ac +++ b/configure.ac @@ -622,7 +622,7 @@ AC_CHECK_HEADER([ifaddrs.h], AC_HEADER_MAJOR # Check for some syscalls functions -AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick]) +AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick fsconfig]) AC_CHECK_TYPES([struct clone_args], [], [], [[#include <linux/sched.h>]]) AC_CHECK_MEMBERS([struct clone_args.set_tid],[],[],[[#include <linux/sched.h>]]) AC_CHECK_MEMBERS([struct clone_args.cgroup],[],[],[[#include <linux/sched.h>]]) diff --git a/src/lxc/syscall_numbers.h b/src/lxc/syscall_numbers.h index cbd69803ea..0cc2d67426 100644 --- a/src/lxc/syscall_numbers.h +++ b/src/lxc/syscall_numbers.h @@ -603,4 +603,24 @@ #endif #endif +#ifndef __NR_fsconfig + #if defined __alpha__ + #define __NR_fsconfig 541 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_fsconfig 4431 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_fsconfig 6431 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_fsconfig 5431 + #endif + #elif defined __ia64__ + #define __NR_fsconfig (431 + 1024) + #else + #define __NR_fsconfig 431 + #endif +#endif + #endif /* __LXC_SYSCALL_NUMBERS_H */ diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h index 6d4f8f42cd..aeb1db8ac9 100644 --- a/src/lxc/syscall_wrappers.h +++ b/src/lxc/syscall_wrappers.h @@ -181,4 +181,14 @@ static inline int fspick_lxc(int dfd, const char *path, unsigned int flags) extern int fspick(int dfd, const char *path, unsigned int flags); #endif +#ifndef HAVE_FSCONFIG +static inline int fsconfig_lxc(int fd, unsigned int cmd, const char *key, const void *value, int aux) +{ + return syscall(__NR_fsconfig, fd, cmd, key, value, aux); +} +#define fsconfig fsconfig_lxc +#else +extern int fsconfig(int fd, unsigned int cmd, const char *key, const void *value, int aux); +#endif + #endif /* __LXC_SYSCALL_WRAPPER_H */ From 7f1d397bbdc8140e02fca8120fc626812e975681 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 22 Jul 2020 11:02:33 +0200 Subject: [PATCH 4/9] syscalls: add fsmount() Signed-off-by: Christian Brauner <[email protected]> --- configure.ac | 2 +- src/lxc/syscall_numbers.h | 20 ++++++++++++++++++++ src/lxc/syscall_wrappers.h | 10 ++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 8178a4452e..70099e3ad0 100644 --- a/configure.ac +++ b/configure.ac @@ -622,7 +622,7 @@ AC_CHECK_HEADER([ifaddrs.h], AC_HEADER_MAJOR # Check for some syscalls functions -AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick fsconfig]) +AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick fsconfig fsmount]) AC_CHECK_TYPES([struct clone_args], [], [], [[#include <linux/sched.h>]]) AC_CHECK_MEMBERS([struct clone_args.set_tid],[],[],[[#include <linux/sched.h>]]) AC_CHECK_MEMBERS([struct clone_args.cgroup],[],[],[[#include <linux/sched.h>]]) diff --git a/src/lxc/syscall_numbers.h b/src/lxc/syscall_numbers.h index 0cc2d67426..e2e7883786 100644 --- a/src/lxc/syscall_numbers.h +++ b/src/lxc/syscall_numbers.h @@ -623,4 +623,24 @@ #endif #endif +#ifndef __NR_fsmount + #if defined __alpha__ + #define __NR_fsmount 542 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_fsmount 4432 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_fsmount 6432 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_fsmount 5432 + #endif + #elif defined __ia64__ + #define __NR_fsmount (432 + 1024) + #else + #define __NR_fsmount 432 + #endif +#endif + #endif /* __LXC_SYSCALL_NUMBERS_H */ diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h index aeb1db8ac9..220ef65fde 100644 --- a/src/lxc/syscall_wrappers.h +++ b/src/lxc/syscall_wrappers.h @@ -191,4 +191,14 @@ static inline int fsconfig_lxc(int fd, unsigned int cmd, const char *key, const extern int fsconfig(int fd, unsigned int cmd, const char *key, const void *value, int aux); #endif +#ifndef HAVE_FSMOUNT +static inline int fsmount_lxc(int fs_fd, unsigned int flags, unsigned int attr_flags) +{ + return syscall(__NR_fsmount, fs_fd, flags, attr_flags); +} +#define fsmount fsmount_lxc +#else +extern int fsmount(int fs_fd, unsigned int flags, unsigned int attr_flags); +#endif + #endif /* __LXC_SYSCALL_WRAPPER_H */ From 7f88a1a2f6151a70cd5e2142b4456e88c0efb196 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 22 Jul 2020 11:32:28 +0200 Subject: [PATCH 5/9] mount_utils: add mount utils Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/Makefile.am | 2 + src/lxc/conf.c | 1 + src/lxc/macro.h | 14 ---- src/lxc/mount_utils.c | 110 ++++++++++++++++++++++++++++++ src/lxc/mount_utils.h | 151 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 264 insertions(+), 14 deletions(-) create mode 100644 src/lxc/mount_utils.c create mode 100644 src/lxc/mount_utils.h diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index d217821362..442112353c 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -26,6 +26,7 @@ noinst_HEADERS = api_extensions.h \ macro.h \ memory_utils.h \ monitor.h \ + mount_utils.h \ namespace.h \ process_utils.h \ rexec.h \ @@ -125,6 +126,7 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \ macro.h \ memory_utils.h \ mainloop.c mainloop.h \ + mount_utils.c mount_utils.h \ namespace.c namespace.h \ network.c network.h \ nl.c nl.h \ diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 7ea13e4504..9410cac920 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -48,6 +48,7 @@ #include "lxcseccomp.h" #include "macro.h" #include "memory_utils.h" +#include "mount_utils.h" #include "namespace.h" #include "network.h" #include "parse.h" diff --git a/src/lxc/macro.h b/src/lxc/macro.h index 2ae1a7bb32..5155f7b162 100644 --- a/src/lxc/macro.h +++ b/src/lxc/macro.h @@ -57,20 +57,6 @@ #define CAP_SETGID 6 #endif -/* move_mount */ -#ifndef MOVE_MOUNT_F_EMPTY_PATH -#define MOVE_MOUNT_F_EMPTY_PATH 0x00000004 /* Empty from path permitted */ -#endif - -/* open_tree */ -#ifndef OPEN_TREE_CLONE -#define OPEN_TREE_CLONE 1 /* Clone the target tree and attach the clone */ -#endif - -#ifndef OPEN_TREE_CLOEXEC -#define OPEN_TREE_CLOEXEC O_CLOEXEC /* Close the file on execve() */ -#endif - /* prctl */ #ifndef PR_CAPBSET_READ #define PR_CAPBSET_READ 23 diff --git a/src/lxc/mount_utils.c b/src/lxc/mount_utils.c new file mode 100644 index 0000000000..f8e0f6e006 --- /dev/null +++ b/src/lxc/mount_utils.c @@ -0,0 +1,110 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE 1 +#endif +#include <stdio.h> +#include <stdlib.h> +#include <sys/mount.h> + +#include "macro.h" +#include "memory_utils.h" +#include "mount_utils.h" +#include "syscall_numbers.h" +#include "syscall_wrappers.h" + +int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags) +{ + unsigned int flags = 0; + + if (old_flags & MS_RDONLY) { + flags |= MOUNT_ATTR_RDONLY; + old_flags &= ~MS_RDONLY; + } + + if (old_flags & MS_NOSUID) { + flags |= MOUNT_ATTR_NOSUID; + old_flags &= ~MS_NOSUID; + } + + if (old_flags & MS_NODEV) { + flags |= MOUNT_ATTR_NODEV; + old_flags &= ~MS_NODEV; + } + + if (old_flags & MS_NOEXEC) { + flags |= MOUNT_ATTR_NOEXEC; + old_flags &= ~MS_NOEXEC; + } + + if (old_flags & MS_RELATIME) { + flags |= MOUNT_ATTR_RELATIME; + old_flags &= ~MS_RELATIME; + } + + if (old_flags & MS_NOATIME) { + flags |= MOUNT_ATTR_NOATIME; + old_flags &= ~MS_NOATIME; + } + + if (old_flags & MS_STRICTATIME) { + flags |= MOUNT_ATTR_STRICTATIME; + old_flags &= ~MS_STRICTATIME; + } + + if (old_flags & MS_NODIRATIME) { + flags |= MOUNT_ATTR_NODIRATIME; + old_flags &= ~MS_NODIRATIME; + } + + *new_flags |= flags; + return old_flags; +} + +int mnt_attributes_old(unsigned int new_flags, unsigned int *old_flags) +{ + unsigned int flags = 0; + + if (new_flags & MOUNT_ATTR_RDONLY) { + flags |= MS_RDONLY; + new_flags &= ~MOUNT_ATTR_RDONLY; + } + + if (new_flags & MOUNT_ATTR_NOSUID) { + flags |= MS_NOSUID; + new_flags &= ~MOUNT_ATTR_NOSUID; + } + + if (new_flags & MS_NODEV) { + flags |= MOUNT_ATTR_NODEV; + new_flags &= ~MS_NODEV; + } + + if (new_flags & MOUNT_ATTR_NOEXEC) { + flags |= MS_NOEXEC; + new_flags &= ~MOUNT_ATTR_NOEXEC; + } + + if (new_flags & MS_RELATIME) { + flags |= MS_RELATIME; + new_flags &= ~MOUNT_ATTR_RELATIME; + } + + if (new_flags & MS_NOATIME) { + flags |= MS_NOATIME; + new_flags &= ~MOUNT_ATTR_NOATIME; + } + + if (new_flags & MS_STRICTATIME) { + flags |= MS_STRICTATIME; + new_flags &= ~MOUNT_ATTR_STRICTATIME; + } + + if (new_flags & MS_NODIRATIME) { + flags |= MS_NODIRATIME; + new_flags &= ~MOUNT_ATTR_NODIRATIME; + } + + *old_flags |= flags; + return new_flags; +} diff --git a/src/lxc/mount_utils.h b/src/lxc/mount_utils.h new file mode 100644 index 0000000000..19d7b95cce --- /dev/null +++ b/src/lxc/mount_utils.h @@ -0,0 +1,151 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#ifndef __LXC_MOUNT_UTILS_H +#define __LXC_MOUNT_UTILS_H + +#include <stdio.h> +#include <stdlib.h> +#include <sys/mount.h> + +#include "compiler.h" + +/* open_tree() flags */ +#ifndef OPEN_TREE_CLONE +#define OPEN_TREE_CLONE 1 +#endif + +#ifndef OPEN_TREE_CLOEXEC +#define OPEN_TREE_CLOEXEC O_CLOEXEC +#endif + +/* move_mount() flags */ +#ifndef MOVE_MOUNT_F_SYMLINKS +#define MOVE_MOUNT_F_SYMLINKS 0x00000001 /* Follow symlinks on from path */ +#endif + +#ifndef MOVE_MOUNT_F_AUTOMOUNTS +#define MOVE_MOUNT_F_AUTOMOUNTS 0x00000002 /* Follow automounts on from path */ +#endif + +#ifndef MOVE_MOUNT_F_EMPTY_PATH +#define MOVE_MOUNT_F_EMPTY_PATH 0x00000004 /* Empty from path permitted */ +#endif + +#ifndef MOVE_MOUNT_T_SYMLINKS +#define MOVE_MOUNT_T_SYMLINKS 0x00000010 /* Follow symlinks on to path */ +#endif + +#ifndef MOVE_MOUNT_T_AUTOMOUNTS +#define MOVE_MOUNT_T_AUTOMOUNTS 0x00000020 /* Follow automounts on to path */ +#endif + +#ifndef MOVE_MOUNT_T_EMPTY_PATH +#define MOVE_MOUNT_T_EMPTY_PATH 0x00000040 /* Empty to path permitted */ +#endif + +#ifndef MOVE_MOUNT__MASK +#define MOVE_MOUNT__MASK 0x00000077 +#endif + +/* fsopen() flags */ +#ifndef FSOPEN_CLOEXEC +#define FSOPEN_CLOEXEC 0x00000001 +#endif + +/* fspick() flags */ +#ifndef FSPICK_CLOEXEC +#define FSPICK_CLOEXEC 0x00000001 +#endif + +#ifndef FSPICK_SYMLINK_NOFOLLOW +#define FSPICK_SYMLINK_NOFOLLOW 0x00000002 +#endif + +#ifndef FSPICK_NO_AUTOMOUNT +#define FSPICK_NO_AUTOMOUNT 0x00000004 +#endif + +#ifndef FSPICK_EMPTY_PATH +#define FSPICK_EMPTY_PATH 0x00000008 +#endif + +/* fsconfig() commands */ +#ifndef FSCONFIG_SET_FLAG +#define FSCONFIG_SET_FLAG 0 /* Set parameter, supplying no value */ +#endif + +#ifndef FSCONFIG_SET_STRING +#define FSCONFIG_SET_STRING 1 /* Set parameter, supplying a string value */ +#endif + +#ifndef FSCONFIG_SET_BINARY +#define FSCONFIG_SET_BINARY 2 /* Set parameter, supplying a binary blob value */ +#endif + +#ifndef FSCONFIG_SET_PATH +#define FSCONFIG_SET_PATH 3 /* Set parameter, supplying an object by path */ +#endif + +#ifndef FSCONFIG_SET_PATH_EMPTY +#define FSCONFIG_SET_PATH_EMPTY 4 /* Set parameter, supplying an object by (empty) path */ +#endif + +#ifndef FSCONFIG_SET_FD +#define FSCONFIG_SET_FD 5 /* Set parameter, supplying an object by fd */ +#endif + +#ifndef FSCONFIG_CMD_CREATE +#define FSCONFIG_CMD_CREATE 6 /* Invoke superblock creation */ +#endif + +#ifndef FSCONFIG_CMD_RECONFIGURE +#define FSCONFIG_CMD_RECONFIGURE 7 /* Invoke superblock reconfiguration */ +#endif + +/* fsmount() flags */ +#ifndef FSMOUNT_CLOEXEC +#define FSMOUNT_CLOEXEC 0x00000001 +#endif + +/* mount attributes */ +#ifndef MOUNT_ATTR_RDONLY +#define MOUNT_ATTR_RDONLY 0x00000001 /* Mount read-only */ +#endif + +#ifndef MOUNT_ATTR_NOSUID +#define MOUNT_ATTR_NOSUID 0x00000002 /* Ignore suid and sgid bits */ +#endif + +#ifndef MOUNT_ATTR_NODEV +#define MOUNT_ATTR_NODEV 0x00000004 /* Disallow access to device special files */ +#endif + +#ifndef MOUNT_ATTR_NOEXEC +#define MOUNT_ATTR_NOEXEC 0x00000008 /* Disallow program execution */ +#endif + +#ifndef MOUNT_ATTR__ATIME +#define MOUNT_ATTR__ATIME 0x00000070 /* Setting on how atime should be updated */ +#endif + +#ifndef MOUNT_ATTR_RELATIME +#define MOUNT_ATTR_RELATIME 0x00000000 /* - Update atime relative to mtime/ctime. */ +#endif + +#ifndef MOUNT_ATTR_NOATIME +#define MOUNT_ATTR_NOATIME 0x00000010 /* - Do not update access times. */ +#endif + +#ifndef MOUNT_ATTR_STRICTATIME +#define MOUNT_ATTR_STRICTATIME 0x00000020 /* - Always perform atime updates */ +#endif + +#ifndef MOUNT_ATTR_NODIRATIME +#define MOUNT_ATTR_NODIRATIME 0x00000080 /* Do not update directory access times */ +#endif + +__hidden extern int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags); + +__hidden extern int mnt_attributes_old(unsigned int new_flags, unsigned int *old_flags); + +#endif /* __LXC_MOUNT_UTILS_H */ From 14df702190f8bb7693c65a36392e09a1dd66e96b Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 22 Jul 2020 11:45:15 +0200 Subject: [PATCH 6/9] mount_utils: add mount_filesystem() helper that translates between the two mount apis. Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/mount_utils.c | 30 ++++++++++++++++++++++++++++++ src/lxc/mount_utils.h | 2 ++ 2 files changed, 32 insertions(+) diff --git a/src/lxc/mount_utils.c b/src/lxc/mount_utils.c index f8e0f6e006..f07cddd8a0 100644 --- a/src/lxc/mount_utils.c +++ b/src/lxc/mount_utils.c @@ -3,16 +3,22 @@ #ifndef _GNU_SOURCE #define _GNU_SOURCE 1 #endif +#include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <sys/mount.h> +#include <sys/stat.h> +#include <sys/types.h> +#include "log.h" #include "macro.h" #include "memory_utils.h" #include "mount_utils.h" #include "syscall_numbers.h" #include "syscall_wrappers.h" +lxc_log_define(mount_utils, lxc); + int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags) { unsigned int flags = 0; @@ -108,3 +114,27 @@ int mnt_attributes_old(unsigned int new_flags, unsigned int *old_flags) *old_flags |= flags; return new_flags; } + +int mount_filesystem(const char *fs_name, const char *path, unsigned int attr_flags) +{ + __do_close int fsfd = -EBADF; + unsigned int old_flags = 0; + + fsfd = fsopen(fs_name, FSOPEN_CLOEXEC); + if (fsfd >= 0) { + __do_close int mfd = -EBADF; + + if (fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0)) + return -1; + + mfd = fsmount(fsfd, FSMOUNT_CLOEXEC, attr_flags); + if (mfd < 0) + return -1; + + return move_mount(mfd, "", AT_FDCWD, path, MOVE_MOUNT_F_EMPTY_PATH); + } + + TRACE("Falling back to old mount api"); + mnt_attributes_old(attr_flags, &old_flags); + return mount("none", path, fs_name, old_flags, NULL); +} diff --git a/src/lxc/mount_utils.h b/src/lxc/mount_utils.h index 19d7b95cce..bdcf8a3907 100644 --- a/src/lxc/mount_utils.h +++ b/src/lxc/mount_utils.h @@ -148,4 +148,6 @@ __hidden extern int mnt_attributes_new(unsigned int old_flags, unsigned int *new __hidden extern int mnt_attributes_old(unsigned int new_flags, unsigned int *old_flags); +__hidden extern int mount_filesystem(const char *fs_name, const char *path, unsigned int attr_flags); + #endif /* __LXC_MOUNT_UTILS_H */ From 657256e0b86b63e1f14f1ae10356e329d749b25f Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 22 Jul 2020 11:47:21 +0200 Subject: [PATCH 7/9] attach: use new mount api Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/attach.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lxc/attach.c b/src/lxc/attach.c index 5443fee5f7..ad25aada9e 100644 --- a/src/lxc/attach.c +++ b/src/lxc/attach.c @@ -39,6 +39,7 @@ #include "macro.h" #include "mainloop.h" #include "memory_utils.h" +#include "mount_utils.h" #include "namespace.h" #include "process_utils.h" #include "syscall_wrappers.h" @@ -202,7 +203,7 @@ int lxc_attach_remount_sys_proc(void) if (ret < 0) return log_error_errno(-1, errno, "Failed to unmount /proc"); - ret = mount("none", "/proc", "proc", 0, NULL); + ret = mount_filesystem("proc", "/proc", 0); if (ret < 0) return log_error_errno(-1, errno, "Failed to remount /proc"); @@ -215,7 +216,7 @@ int lxc_attach_remount_sys_proc(void) return log_error_errno(-1, errno, "Failed to unmount /sys"); /* Remount it. */ - if (ret == 0 && mount("none", "/sys", "sysfs", 0, NULL)) + if (ret == 0 && mount_filesystem("sysfs", "/sys", 0)) return log_error_errno(-1, errno, "Failed to remount /sys"); return 0; From 18780b9068e05c29629e1c346e906ca9e54c2331 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 22 Jul 2020 12:04:52 +0200 Subject: [PATCH 8/9] log: don't break logging by hiding symbols Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/log.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lxc/log.h b/src/lxc/log.h index 0ddcfa20a5..0361db40fa 100644 --- a/src/lxc/log.h +++ b/src/lxc/log.h @@ -85,7 +85,7 @@ struct lxc_log_category { }; #ifndef NO_LXC_CONF -__hidden extern int lxc_log_use_global_fd; +extern int lxc_log_use_global_fd; #endif /* @@ -278,8 +278,8 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo, \ * Helper macro to define and use static categories. */ #define lxc_log_category_define(name, parent) \ - __hidden extern struct lxc_log_category lxc_log_category_##parent; \ - __hidden struct lxc_log_category lxc_log_category_##name = { \ + extern struct lxc_log_category lxc_log_category_##parent; \ + struct lxc_log_category lxc_log_category_##name = { \ #name, \ LXC_LOG_LEVEL_NOTSET, \ NULL, \ @@ -561,7 +561,7 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo, \ __internal_ret__; \ }) -__hidden extern int lxc_log_fd; +extern int lxc_log_fd; __hidden extern int lxc_log_syslog(int facility); __hidden extern void lxc_log_syslog_enable(void); From 7a7286393a37c4e698e7ae9281da482049c10f08 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Thu, 23 Jul 2020 10:33:33 +0200 Subject: [PATCH 9/9] Makefile: fix Makefile Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/Makefile.am | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 442112353c..baa624ac98 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -1440,22 +1440,16 @@ endif if ENABLE_COMMANDS # Binaries shipping with liblxc init_lxc_SOURCES = cmd/lxc_init.c \ + af_unix.c af_unix.h \ caps.c caps.h \ - compiler.h \ error.c error.h \ file_utils.c file_utils.h \ initutils.c initutils.h \ log.c log.h \ + macro.h \ memory_utils.h \ - parse.c parse.h \ - process_utils.c process_utils.h \ - ringbuf.c ringbuf.h \ - string_utils.c string_utils.h \ - syscall_numbers.h -if ENABLE_SECCOMP -init_lxc_SOURCES += seccomp.c lxcseccomp.h -endif - + namespace.c namespace.h \ + string_utils.c string_utils.h init_lxc_LDFLAGS = -pthread lxc_monitord_SOURCES = cmd/lxc_monitord.c \
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
