[systemd-devel] [PATCH] nspawn: allow bind-mounting char and block files

Thu Jan 22 04:51:29 PST 2015

On Thu, 22.01.15 13:25, Alban Crequy (muadda at gmail.com) wrote:

> From: Alban Crequy <alban at endocode.com>

Hmm, I wonder if we can actually simplify this. IIRC the rules for
over-mounting are simpler than I thought initially: 

a) dirs can only over-mount dirs

b) everything else can over-mount everything else

With that in mind I think we can collapse this code to only have two
branches: one branch for the S_ISDIR() case, and another one that uses
touch() for everything else.

Anychance you can simplify the patch like this? The benefit would be
that we can do without CAP_SYS_MKNOD for all of this. Also, your patch
woud then shorten the code, while adding a feature, not make it
longer!

> 
> ---
>  src/nspawn/nspawn.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
> index 3fce3ad..db57b24 100644
> --- a/src/nspawn/nspawn.c
> +++ b/src/nspawn/nspawn.c
> @@ -911,8 +911,7 @@ static int mount_binds(const char *dest, char **l, bool ro) {
>                          return -errno;
>                  }
>  
> -                /* Create the mount point, but be conservative -- refuse to create block
> -                 * and char devices. */
> +                /* Create the mount point */
>                  if (S_ISDIR(source_st.st_mode)) {
>                          r = mkdir_label(where, 0755);
>                          if (r < 0 && errno != EEXIST)
> @@ -929,6 +928,10 @@ static int mount_binds(const char *dest, char **l, bool ro) {
>                          r = touch(where);
>                          if (r < 0)
>                                  return log_error_errno(r, "Failed to create mount point %s: %m", where);
> +                } else if (S_ISCHR(source_st.st_mode) || !S_ISBLK(source_st.st_mode)) {
> +                        r = mknod(where, source_st.st_mode, source_st.st_rdev) < 0;
> +                        if (r < 0 && errno != EEXIST)
> +                                return log_error_errno(errno, "Failed to create mount point %s: %m", where);
>                  } else {
>                          log_error("Refusing to create mountpoint for file: %s", *x);
>                          return -ENOTSUP;
> -- 
> 2.1.4
> 
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Lennart

-- 
Lennart Poettering, Red Hat