diff options
author | Lennart Poettering <lennart@poettering.net> | 2018-05-03 16:10:35 +0200 |
---|---|---|
committer | Sven Eden <yamakuzure@gmx.net> | 2018-08-24 16:47:08 +0200 |
commit | 1791a21ab8c2809115c095f96b300195262f7a9e (patch) | |
tree | e4c8c469a3d0a5133a66f20d5b33e2525229b8a9 /src/basic/mount-util.c | |
parent | be6bb0f678b2ecca0481951a803545243469cc97 (diff) |
mount-setup: add a comment that the character/block device nodes are "optional" (#8893)
if we lack privs to create device nodes that's fine, and creating
/run/systemd/inaccessible/chr or /run/systemd/inaccessible/blk won't
work then. Document this in longer comments.
Fixes: #4484
Diffstat (limited to 'src/basic/mount-util.c')
-rw-r--r-- | src/basic/mount-util.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c index 1736cf19b..9d1f34e08 100644 --- a/src/basic/mount-util.c +++ b/src/basic/mount-util.c @@ -702,24 +702,33 @@ int repeat_unmount(const char *path, int flags) { #endif // 0 const char* mode_to_inaccessible_node(mode_t mode) { - /* This function maps a node type to the correspondent inaccessible node type. - * Character and block inaccessible devices may not be created (because major=0 and minor=0), - * in such case we map character and block devices to the inaccessible node type socket. */ + /* This function maps a node type to a corresponding inaccessible file node. These nodes are created during + * early boot by PID 1. In some cases we lacked the privs to create the character and block devices (maybe + * because we run in an userns environment, or miss CAP_SYS_MKNOD, or run with a devices policy that excludes + * device nodes with major and minor of 0), but that's fine, in that case we use an AF_UNIX file node instead, + * which is not the same, but close enough for most uses. And most importantly, the kernel allows bind mounts + * from socket nodes to any non-directory file nodes, and that's the most important thing that matters. */ + switch(mode & S_IFMT) { case S_IFREG: return "/run/systemd/inaccessible/reg"; + case S_IFDIR: return "/run/systemd/inaccessible/dir"; + case S_IFCHR: if (access("/run/systemd/inaccessible/chr", F_OK) == 0) return "/run/systemd/inaccessible/chr"; return "/run/systemd/inaccessible/sock"; + case S_IFBLK: if (access("/run/systemd/inaccessible/blk", F_OK) == 0) return "/run/systemd/inaccessible/blk"; return "/run/systemd/inaccessible/sock"; + case S_IFIFO: return "/run/systemd/inaccessible/fifo"; + case S_IFSOCK: return "/run/systemd/inaccessible/sock"; } |