|
|
6eff72 |
From 8681757ee08361d78e4c74da8abae9d6df8623e7 Mon Sep 17 00:00:00 2001
|
|
|
6eff72 |
From: Karel Zak <kzak@redhat.com>
|
|
|
6eff72 |
Date: Mon, 28 May 2018 15:46:28 +0200
|
|
|
6eff72 |
Subject: [PATCH 62/63] libmount: accept another flags on MS_REMOUNT|MS_BIND
|
|
|
6eff72 |
|
|
|
6eff72 |
The current libmount MS_REMOUNT|MS_BIND support is restricted to
|
|
|
6eff72 |
MS_RDONLY (read-only bind mount). This is too restrictive as Linux
|
|
|
6eff72 |
kernel supports bind-remount for arbitrary VFS flags.
|
|
|
6eff72 |
|
|
|
6eff72 |
After this update you can use
|
|
|
6eff72 |
|
|
|
6eff72 |
# mount /dev/sdc1 /mnt/A
|
|
|
6eff72 |
# mount --bind -onosuid,noexec /mnt/A /mnt/B
|
|
|
6eff72 |
|
|
|
6eff72 |
# findmnt /dev/sdc1 -oTARGET,SOURCE,FS-OPTIONS,VFS-OPTIONS
|
|
|
6eff72 |
TARGET SOURCE FS-OPTIONS VFS-OPTIONS
|
|
|
6eff72 |
/mnt/A /dev/sdc1 rw,stripe=512,data=ordered rw,relatime
|
|
|
6eff72 |
/mnt/B /dev/sdc1 rw,stripe=512,data=ordered rw,nosuid,noexec,relatime
|
|
|
6eff72 |
|
|
|
6eff72 |
The "mount --bind" is composed from two syscalls of course (1st is
|
|
|
6eff72 |
bind, 2nd is bind,remount,nosuid,noexec).
|
|
|
6eff72 |
|
|
|
6eff72 |
Addresses: https://github.com/karelzak/util-linux/issues/637
|
|
|
6eff72 |
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1919529
|
|
|
6eff72 |
Upstream: http://github.com/karelzak/util-linux/commit/e82b77e9696a6dada96a7f3ea3ec20a63e8e7b9e
|
|
|
6eff72 |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
6eff72 |
---
|
|
|
6eff72 |
libmount/src/context_mount.c | 22 ++++++++--------------
|
|
|
6eff72 |
libmount/src/mountP.h | 3 +++
|
|
|
6eff72 |
sys-utils/mount.8 | 5 +++--
|
|
|
6eff72 |
3 files changed, 14 insertions(+), 16 deletions(-)
|
|
|
6eff72 |
|
|
|
6eff72 |
diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c
|
|
|
6eff72 |
index a6de36178..b88e60507 100644
|
|
|
6eff72 |
--- a/libmount/src/context_mount.c
|
|
|
6eff72 |
+++ b/libmount/src/context_mount.c
|
|
|
6eff72 |
@@ -107,22 +107,16 @@ static int init_propagation(struct libmnt_context *cxt)
|
|
|
6eff72 |
}
|
|
|
6eff72 |
|
|
|
6eff72 |
/*
|
|
|
6eff72 |
- * add additional mount(2) syscall request to implement "ro,bind", the first regular
|
|
|
6eff72 |
- * mount(2) is the "bind" operation, the second is "remount,ro,bind" call.
|
|
|
6eff72 |
- *
|
|
|
6eff72 |
- * Note that we don't remove "ro" from the first syscall (kernel silently
|
|
|
6eff72 |
- * ignores this flags for bind operation) -- maybe one day kernel will support
|
|
|
6eff72 |
- * read-only binds in one step and then all will be done by the first mount(2) and the
|
|
|
6eff72 |
- * second remount will be noop...
|
|
|
6eff72 |
+ * add additional mount(2) syscall request to implement "bind,<flags>", the first regular
|
|
|
6eff72 |
+ * mount(2) is the "bind" operation, the second is "remount,bind,<flags>" call.
|
|
|
6eff72 |
*/
|
|
|
6eff72 |
-static int init_robind(struct libmnt_context *cxt)
|
|
|
6eff72 |
+static int init_bind_remount(struct libmnt_context *cxt)
|
|
|
6eff72 |
{
|
|
|
6eff72 |
struct libmnt_addmount *ad;
|
|
|
6eff72 |
int rc;
|
|
|
6eff72 |
|
|
|
6eff72 |
assert(cxt);
|
|
|
6eff72 |
assert(cxt->mountflags & MS_BIND);
|
|
|
6eff72 |
- assert(cxt->mountflags & MS_RDONLY);
|
|
|
6eff72 |
assert(!(cxt->mountflags & MS_REMOUNT));
|
|
|
6eff72 |
|
|
|
6eff72 |
DBG(CXT, ul_debugobj(cxt, "mount: initialize additional ro,bind mount"));
|
|
|
6eff72 |
@@ -131,9 +125,9 @@ static int init_robind(struct libmnt_context *cxt)
|
|
|
6eff72 |
if (!ad)
|
|
|
6eff72 |
return -ENOMEM;
|
|
|
6eff72 |
|
|
|
6eff72 |
- ad->mountflags = MS_REMOUNT | MS_BIND | MS_RDONLY;
|
|
|
6eff72 |
- if (cxt->mountflags & MS_REC)
|
|
|
6eff72 |
- ad->mountflags |= MS_REC;
|
|
|
6eff72 |
+ ad->mountflags = cxt->mountflags;
|
|
|
6eff72 |
+ ad->mountflags |= (MS_REMOUNT | MS_BIND);
|
|
|
6eff72 |
+
|
|
|
6eff72 |
rc = mnt_context_append_additional_mount(cxt, ad);
|
|
|
6eff72 |
if (rc)
|
|
|
6eff72 |
return rc;
|
|
|
6eff72 |
@@ -254,9 +248,9 @@ static int fix_optstr(struct libmnt_context *cxt)
|
|
|
6eff72 |
return rc;
|
|
|
6eff72 |
}
|
|
|
6eff72 |
if ((cxt->mountflags & MS_BIND)
|
|
|
6eff72 |
- && (cxt->mountflags & MS_RDONLY)
|
|
|
6eff72 |
+ && (cxt->mountflags & MNT_BIND_SETTABLE)
|
|
|
6eff72 |
&& !(cxt->mountflags & MS_REMOUNT)) {
|
|
|
6eff72 |
- rc = init_robind(cxt);
|
|
|
6eff72 |
+ rc = init_bind_remount(cxt);
|
|
|
6eff72 |
if (rc)
|
|
|
6eff72 |
return rc;
|
|
|
6eff72 |
}
|
|
|
6eff72 |
diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h
|
|
|
6eff72 |
index 52a238ef3..64a507e61 100644
|
|
|
6eff72 |
--- a/libmount/src/mountP.h
|
|
|
6eff72 |
+++ b/libmount/src/mountP.h
|
|
|
6eff72 |
@@ -363,6 +363,9 @@ struct libmnt_context
|
|
|
6eff72 |
/* default flags */
|
|
|
6eff72 |
#define MNT_FL_DEFAULT 0
|
|
|
6eff72 |
|
|
|
6eff72 |
+/* Flags usable with MS_BIND|MS_REMOUNT */
|
|
|
6eff72 |
+#define MNT_BIND_SETTABLE (MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_NOATIME|MS_NODIRATIME|MS_RELATIME|MS_RDONLY)
|
|
|
6eff72 |
+
|
|
|
6eff72 |
/* lock.c */
|
|
|
6eff72 |
extern int mnt_lock_use_simplelock(struct libmnt_lock *ml, int enable);
|
|
|
6eff72 |
|
|
|
6eff72 |
diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
|
|
|
6eff72 |
index a4d7de2c0..291e65cb1 100644
|
|
|
6eff72 |
--- a/sys-utils/mount.8
|
|
|
6eff72 |
+++ b/sys-utils/mount.8
|
|
|
6eff72 |
@@ -410,8 +410,9 @@ will be writable, but the
|
|
|
6eff72 |
will be read-only.
|
|
|
6eff72 |
|
|
|
6eff72 |
It's also possible to change nosuid, nodev, noexec, noatime, nodiratime and
|
|
|
6eff72 |
-relatime VFS entry flags by "remount,bind" operation. It's impossible to change
|
|
|
6eff72 |
-mount options recursively (for example with \fB-o rbind,ro\fR).
|
|
|
6eff72 |
+relatime VFS entry flags by "remount,bind" operation. The another (for example
|
|
|
6eff72 |
+filesystem specific flags) are silently ignored. It's impossible to change mount
|
|
|
6eff72 |
+options recursively (for example with \fB-o rbind,ro\fR).
|
|
|
6eff72 |
|
|
|
6eff72 |
.BR mount (8)
|
|
|
6eff72 |
since v2.31 ignores the \fBbind\fR flag from
|
|
|
6eff72 |
--
|
|
|
6eff72 |
2.31.1
|
|
|
6eff72 |
|