core: open /proc/self/mountinfo early to allow mounts over /proc (#5985)

Enable masking the /proc folder using the 'InaccessiblePaths' unit option. This also slightly simplify mounts setup as the bind_remount_recursive function will only open /proc/self/mountinfo once. This is based on the suggestion at: https://lists.freedesktop.org/archives/elogind-devel/2017-April/038634.html
author: Timothée Ravier <tim@siosm.fr> 2017-05-19 14:38:40 +0200
committer: Sven Eden <yamakuzure@gmx.net> 2017-07-25 09:46:52 +0200
commit: 5c4d519ec1edd17ef53cd19ad41b5f359aca975c (patch)
tree: b0c33d68646f39672c0a4b2d96043073f8c2aa16 /src/basic/mount-util.c
parent: bb81dc92d38d5b1336ad842ef5f43f178aafcbb5 (diff)
1 files changed, 17 insertions, 5 deletions
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index fef991207..aee878e88 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -317,11 +317,16 @@ static int get_mount_flags(const char *path, unsigned long *flags) {
         return 0;
 }
 
-int bind_remount_recursive(const char *prefix, bool ro, char **blacklist) {
+/* Use this function only if do you have direct access to /proc/self/mountinfo
+ * and need the caller to open it for you. This is the case when /proc is
+ * masked or not mounted. Otherwise, use bind_remount_recursive. */
+int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **blacklist, FILE *proc_self_mountinfo) {
         _cleanup_set_free_free_ Set *done = NULL;
         _cleanup_free_ char *cleaned = NULL;
         int r;
 
+        assert(proc_self_mountinfo);
+
         /* Recursively remount a directory (and all its submounts) read-only or read-write. If the directory is already
          * mounted, we reuse the mount and simply mark it MS_BIND|MS_RDONLY (or remove the MS_RDONLY for read-write
          * operation). If it isn't we first make it one. Afterwards we apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to
@@ -344,7 +349,6 @@ int bind_remount_recursive(const char *prefix, bool ro, char **blacklist) {
                 return -ENOMEM;
 
         for (;;) {
-                _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
                 _cleanup_set_free_free_ Set *todo = NULL;
                 bool top_autofs = false;
                 char *x;
@@ -354,9 +358,7 @@ int bind_remount_recursive(const char *prefix, bool ro, char **blacklist) {
                 if (!todo)
                         return -ENOMEM;
 
-                proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
-                if (!proc_self_mountinfo)
-                        return -errno;
+                rewind(proc_self_mountinfo);
 
                 for (;;) {
                         _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL;
@@ -495,6 +497,16 @@ int bind_remount_recursive(const char *prefix, bool ro, char **blacklist) {
         }
 }
 
+int bind_remount_recursive(const char *prefix, bool ro, char **blacklist) {
+        _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
+
+        proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
+        if (!proc_self_mountinfo)
+                return -errno;
+
+        return bind_remount_recursive_with_mountinfo(prefix, ro, blacklist, proc_self_mountinfo);
+}
+
 int mount_move_root(const char *path) {
         assert(path);
author	Timothée Ravier <tim@siosm.fr>	2017-05-19 14:38:40 +0200
committer	Sven Eden <yamakuzure@gmx.net>	2017-07-25 09:46:52 +0200
commit	5c4d519ec1edd17ef53cd19ad41b5f359aca975c (patch)
tree	b0c33d68646f39672c0a4b2d96043073f8c2aa16 /src/basic/mount-util.c
parent	bb81dc92d38d5b1336ad842ef5f43f178aafcbb5 (diff)