We do not need to create a new mount node from /run/mount/tmptgt
(where we mount filesystem root), because /run is already mount
node in all mainstream distros, and we can use MS_PRIVATE for
this top-level directory. There is still fallback if /run is
on root filesystem.
This solution reduces number of mount operations, with the patch the
subdir implementation is:
* open current namespace from /proc/self/ns/mnt
* mkdir /run/mount/tmptg (if it does not exist)
* make /run private by mount(MS_PRIVATE)
* mount filesystem to /run/mount/tmptg
* bind mount /run/mount/tmptg/<subdir> to <target>
* umount /run/mount/tmptg
* setns() to the original namespace
Signed-off-by: Karel Zak <kzak@redhat.com>
The unshared namespace is per-process, so we can use the same
directory in all mount(8) instances. It's unnecessary to create
and remove process specific directory.
Signed-off-by: Karel Zak <kzak@redhat.com>
Like btrfs subvol=, but more generic and for all filesystems. This
feature is marked as EXPERIMENTAL (may be removed).
# mount /dev/sdc /mnt/test -o X-mount.subdir=AAA
# findmnt /dev/sdc
TARGET SOURCE FSTYPE OPTIONS
/mnt/test /dev/sdc[/AAA] ext4 rw,relatime,stripe=512
Implemented as:
* open current namespace from /proc/self/ns/mnt
* mkdir /tmp/mount/mount.<pid>
* unshare mount namespace
* create mount node from /tmp/mount/mount.<pid> by mount(MS_BIND)
* mark /tmp/mount/mount.<pid> private by mount(MS_PRIVATE|MS_REC)
* bind mount /tmp/mount/mount.<pid>/subdir to <target>
* umount /tmp/mount/mount.<pid>
* rmdir /tmp/mount/mount.<pid>
* setns() to the original namespace
Note that /tmp/mount/mount.<pid> conversion to mount node and call for
MS_PRIVATE are visible (propagated to the system) if /tmp is a shared
filesystem, the rest (all operations with the desired filesystem) is
atomic for a parental namespace.
Maybe one day it will be possible to reimplement it in more
elegant way with new mount kernel APIs (open_tree(), etc.).
Fixes: https://github.com/karelzak/util-linux/issues/1103
Signed-off-by: Karel Zak <kzak@redhat.com>
Parsing of verity.roothashsig did not take into consideration that other options
might follow, and used the whole string as a file path. But mnt_optstr_get_option
just returns a pointer in the mount option string, it doesn't extract it, so it
would have other subsequent options too. The length parameter has to be used.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Add verity.oncorruption= to let users override the default kernel
behaviour, using libcrypsetup's relevant flags.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
dlopen is treated as a dependency, but that's not quite right, it
should be an alternative way to link to libcryptsetup.
Search for it only if cryptsetup is not disabled, and if the cryptsetup-dlopen
is explicitly set to enabled. If it is, do not link to libcryptsetup.
Add cryptsetup support status to the meson summary.
Unfortunately libtools is not smart enough to link libblkid
dynamically if we link in-tree static libmount.a for libmount tests.
In this case libtools always uses also libblkid.a, but it's problem
for libcryptsetup which requires versioned symbols from libblkid.so
This is no problem for normal binaries, but for libmount tests only
(where we need static library to by-pass public library API).
Signed-off-by: Karel Zak <kzak@redhat.com>
The whole thing is complicated by the fact that we have two layers
of libraries: e.g. libmount also needs libblkid. If we just tell meson
to make libmount static, this is not enough, because we also need it
to link to a static libblkid. Hence in the case of libs that link to
other libs internally, we need to create a different object with a
a different set of link_with items.
To avoid building the libraries twice, libfdisk and libmount are first
built into an internal "convenience" library, which is then linked into
the static and shared versions as appropriate.
To build: meson build && ninja -C build
To run tests: ninja -C build check
To install for packaging: DESTDIR=/var/tmp/inst ninja -C build install
To install for realz: sudo ninja -C build install
v2:
- Optional items are now based on the 'feature' feature in meson.
Built libraries which are disabled turn into disabler() objects
and also poison any executables which link to them.
What is there:
- building of the binaries and libs and the python module
- installation of binaries, libs, python module, localization files,
man pages, pkgconfig files
- running of tests
- most options to configure build equivalently to the
./configure settings
Partially implemented:
- disabling of stuff when things missing. In the C code, the defines
are all used, so that should be fine. In the build system, some
files should be skipped, but that is probably not always done properly.
Getting this right might require some testing of various build option
combinations to get the details right.
Not implemented:
- static builds of fdisk and other binaries
- things marked with XXX or FIXME
- ???
Differences:
- .la files are not created. They are useless and everybody hates them.
- Requires.private in pkgconfig files are not present in the
autogenerated .pc file. Not sure if they should be there or not. If
necessary, they can be added by hand.
- man pages and systemd units are installed by the install target. Not
sure why 'make install' doesn't do that.
- the split between / and /usr is probably wrong. But it's all pointless
anyway, so maybe we could simplify things but not implementing it at
all under meson?
All `eject` tests were failing under ASan, since they call /bin/mount,
which is uninstrumented, but it picks up the instrumented `libblkid`
library, causing ASan to complain:
gcc:
ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.
eject: unmount of `/home/runner/work/util-linux/util-linux/tests/output/eject/umount-by-disk-mounted-mnt' failed
clang:
/bin/umount: symbol lookup error: /home/runner/work/util-linux/util-linux/.libs/libblkid.so.1: undefined symbol: __sancov_lowest_stack
eject: unmount of `/home/runner/work/util-linux/util-linux/tests/output/eject/umount-by-disk-mounted-mnt' failed
Subsequently, all tests which require the `scsi_debug` module get skipped,
since it's still in use due to the failed umount:
fdisk: align 512/4K ... SKIPPED (cannot remove scsi_debug module (rmmod))
fdisk: align 512/4K +alignment_offset ... SKIPPED (cannot remove scsi_debug module (rmmod))
fdisk: align 512/4K +MD ... SKIPPED (cannot remove scsi_debug module (rmmod))
In case of gcc this can be easily resolved by setting $LD_PRELOAD to the
respective ASan library. clang makes this a bit more difficult, since it
compiles the ASan library statically, so firstly we need to force dynamic
linking (via -shared-asan), and then add the runtime DSO path to the
linker cache, since it's in a non-standard path.
The command "mount -r" was supported for non-root users in very old
mount(8) versions. Unfortunately, in this case libmount replaces all
mount options from command line by options from fstab. We need
exception for MS_RDONLY.
Fixes: https://github.com/karelzak/util-linux/issues/1235
Signed-off-by: Karel Zak <kzak@redhat.com>
It might be useful for security auditing purposes list all possible
mount flags/options including default set which are normally not listed.
This patch adds "--vfs-all" option to list all fs-independent flags
on VFS-OPTIONS column, as well as libmount funcionality to accomplish
it.
i.e.:
$ findmnt -o VFS-OPTIONS
VFS-OPTIONS
rw,relatime
rw,nosuid,nodev,noexec,relatime
rw,nosuid,nodev,noexec,relatime
ro,nosuid,nodev,noexec
...
$ findmnt --vfs-all -o VFS-OPTIONS
VFS-OPTIONS
rw,exec,suid,dev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
ro,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,norelatime,nostrictatime,nolazytime,symfollow
...
[kzak@redhat.com: - cleanup coding style and comments]
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
It seems like overkill to provide this #ifdef. For example coreutils
use "char *" for all selinux contexts (since 2014).
Signed-off-by: Karel Zak <kzak@redhat.com>
The function mnt_fs_is_swaparea() does not return TRUE for entries
from /proc/swaps. This is pretty strange.
Signed-off-by: Karel Zak <kzak@redhat.com>
- use robust functions like write_all()
- don't use assert() to check write/open/etc return values, because oss-fuzz.com
report foreign (system, libc, ...) issues as our fails
Addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28009
Signed-off-by: Karel Zak <kzak@redhat.com>
There's a couple of places which use varients on "0x%u" in format strings;
that's almost always wrong - you either want 0x%x or just %u. In libmount's
case it's flags, so I'm assuming the intention really is hex. In the ja.po
case it's %u in the original msgid.
Signed-off-by: Dr. David Alan Gilbert <dave@treblig.org>
We append to the options string in loop there. It seems better to use
ul_buffer for this case to avoid duplicate strlen() and reallocs.
Signed-off-by: Karel Zak <kzak@redhat.com>