Mount read-only directly if mounting rw fails
For new mounts if MNT_LOCK_READONLY is locked on the visible mnt mount_too_revealing will fail and the whole mount will fail. Those mounts need to be created with the readonly flag set.
This commit is contained in:
parent
5b48117a09
commit
f920c9194e
16
mnt.cc
16
mnt.cc
@ -128,6 +128,19 @@ static bool isDir(const char* path) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int mountRWIfPossible(mount_t* mpt, const char* src, const char* dst) {
|
||||||
|
int res =
|
||||||
|
mount(src, dst, mpt->fs_type.c_str(), mpt->flags & ~(MS_RDONLY), mpt->options.c_str());
|
||||||
|
if ((mpt->flags & MS_RDONLY) && res == -1 && errno == EPERM) {
|
||||||
|
LOG_W(
|
||||||
|
"mount('%s') src: '%s' dstpath: '%s' could not mount read-write, falling back "
|
||||||
|
"to mounting read-only directly",
|
||||||
|
describeMountPt(*mpt).c_str(), src, dst);
|
||||||
|
res = mount(src, dst, mpt->fs_type.c_str(), mpt->flags, mpt->options.c_str());
|
||||||
|
}
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
static bool mountPt(mount_t* mpt, const char* newroot, const char* tmpdir) {
|
static bool mountPt(mount_t* mpt, const char* newroot, const char* tmpdir) {
|
||||||
LOG_D("Mounting %s", describeMountPt(*mpt).c_str());
|
LOG_D("Mounting %s", describeMountPt(*mpt).c_str());
|
||||||
|
|
||||||
@ -199,8 +212,7 @@ static bool mountPt(mount_t* mpt, const char* newroot, const char* tmpdir) {
|
|||||||
/*
|
/*
|
||||||
* Initially mount it as RW, it will be remounted later on if needed
|
* Initially mount it as RW, it will be remounted later on if needed
|
||||||
*/
|
*/
|
||||||
unsigned long flags = mpt->flags & ~(MS_RDONLY);
|
if (mountRWIfPossible(mpt, srcpath, dstpath) == -1) {
|
||||||
if (mount(srcpath, dstpath, mpt->fs_type.c_str(), flags, mpt->options.c_str()) == -1) {
|
|
||||||
if (errno == EACCES) {
|
if (errno == EACCES) {
|
||||||
PLOG_W(
|
PLOG_W(
|
||||||
"mount('%s') src:'%s' dstpath:'%s' failed. "
|
"mount('%s') src:'%s' dstpath:'%s' failed. "
|
||||||
|
Loading…
Reference in New Issue
Block a user