summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_fs.c
diff options
context:
space:
mode:
authorTiago Natel de Moura <t.nateldemoura@f5.com>2020-10-29 20:30:53 +0000
committerTiago Natel de Moura <t.nateldemoura@f5.com>2020-10-29 20:30:53 +0000
commit0390cb3a61051dd93e206d50591aff5759cf42fc (patch)
treed2105e88cbe4ef30a25243d7ccb07fae706c1003 /src/nxt_fs.c
parent417f5d911ddb3a46b590d89e73313856a32ff435 (diff)
downloadunit-0390cb3a61051dd93e206d50591aff5759cf42fc.tar.gz
unit-0390cb3a61051dd93e206d50591aff5759cf42fc.tar.bz2
Isolation: mounting of procfs by default when using "rootfs".
Diffstat (limited to '')
-rw-r--r--src/nxt_fs.c113
1 files changed, 93 insertions, 20 deletions
diff --git a/src/nxt_fs.c b/src/nxt_fs.c
index 0228c25a..87d3b4a5 100644
--- a/src/nxt_fs.c
+++ b/src/nxt_fs.c
@@ -18,15 +18,59 @@ static nxt_int_t nxt_fs_mkdir(const u_char *dir, mode_t mode);
nxt_int_t
nxt_fs_mount(nxt_task_t *task, nxt_fs_mount_t *mnt)
{
- int rc;
+ int rc;
+ const char *fsname;
+ unsigned long flags;
- rc = mount((const char *) mnt->src, (const char *) mnt->dst,
- (const char *) mnt->fstype, mnt->flags, mnt->data);
+ flags = 0;
+
+ switch (mnt->type) {
+ case NXT_FS_BIND:
+ if (nxt_slow_path(mnt->flags != 0)) {
+ nxt_log(task, NXT_LOG_WARN,
+ "bind mount ignores additional flags");
+ }
+
+ fsname = "bind";
+ flags = MS_BIND | MS_REC;
+ break;
+
+ case NXT_FS_PROC:
+ fsname = "proc";
+ goto getflags;
+
+ case NXT_FS_TMP:
+ fsname = "tmpfs";
+ goto getflags;
+
+ default:
+ fsname = (const char *) mnt->name;
+
+ getflags:
+
+ if (mnt->flags & NXT_FS_FLAGS_NODEV) {
+ flags |= MS_NODEV;
+ }
+
+ if (mnt->flags & NXT_FS_FLAGS_NOEXEC) {
+ flags |= MS_NOEXEC;
+ }
+
+ if (mnt->flags & NXT_FS_FLAGS_NOSUID) {
+ flags |= MS_NOSUID;
+ }
+
+ if (!(mnt->flags & NXT_FS_FLAGS_NOTIME)) {
+ flags |= MS_RELATIME;
+ }
+ }
+
+ rc = mount((const char *) mnt->src, (const char *) mnt->dst, fsname, flags,
+ mnt->data);
if (nxt_slow_path(rc < 0)) {
- nxt_alert(task, "mount(\"%s\", \"%s\", \"%s\", %d, \"%s\") %E",
- mnt->src, mnt->dst, mnt->fstype, mnt->flags, mnt->data,
- nxt_errno);
+ nxt_alert(task, "mount(\"%s\", \"%s\", \"%s\", %ul, \"%s\") %E",
+ mnt->src, mnt->dst, fsname, flags, mnt->data, nxt_errno);
return NXT_ERROR;
}
@@ -34,37 +78,66 @@ nxt_fs_mount(nxt_task_t *task, nxt_fs_mount_t *mnt)
return NXT_OK;
}
-
#elif (NXT_HAVE_FREEBSD_NMOUNT)
nxt_int_t
nxt_fs_mount(nxt_task_t *task, nxt_fs_mount_t *mnt)
{
+ int flags;
u_char *data, *p, *end;
size_t iovlen;
nxt_int_t ret;
- const char *fstype;
+ const char *fsname;
struct iovec iov[128];
char errmsg[256];
- if (nxt_strncmp(mnt->fstype, "bind", 4) == 0) {
- fstype = "nullfs";
+ if (nxt_slow_path((mnt->flags & NXT_FS_FLAGS_NODEV) && !mnt->builtin)) {
+ nxt_alert(task, "nmount(2) doesn't support \"nodev\" option");
- } else if (nxt_strncmp(mnt->fstype, "proc", 4) == 0) {
- fstype = "procfs";
+ return NXT_ERROR;
+ }
- } else if (nxt_strncmp(mnt->fstype, "tmpfs", 5) == 0) {
- fstype = "tmpfs";
+ flags = 0;
- } else {
- nxt_alert(task, "mount type \"%s\" not implemented.", mnt->fstype);
- return NXT_ERROR;
+ switch (mnt->type) {
+ case NXT_FS_BIND:
+ fsname = "nullfs";
+ break;
+
+ case NXT_FS_PROC:
+ fsname = "procfs";
+ goto getflags;
+
+ case NXT_FS_TMP:
+ fsname = "tmpfs";
+ goto getflags;
+
+ default:
+ fsname = (const char *) mnt->name;
+
+ getflags:
+
+ if (mnt->flags & NXT_FS_FLAGS_NOEXEC) {
+ flags |= MNT_NOEXEC;
+ }
+
+ if (mnt->flags & NXT_FS_FLAGS_NOSUID) {
+ flags |= MNT_NOSUID;
+ }
+
+ if (mnt->flags & NXT_FS_FLAGS_NOTIME) {
+ flags |= MNT_NOATIME;
+ }
+
+ if (mnt->flags & NXT_FS_FLAGS_RDONLY) {
+ flags |= MNT_RDONLY;
+ }
}
iov[0].iov_base = (void *) "fstype";
iov[0].iov_len = 7;
- iov[1].iov_base = (void *) fstype;
- iov[1].iov_len = nxt_strlen(fstype) + 1;
+ iov[1].iov_base = (void *) fsname;
+ iov[1].iov_len = nxt_strlen(fsname) + 1;
iov[2].iov_base = (void *) "fspath";
iov[2].iov_len = 7;
iov[3].iov_base = (void *) mnt->dst;
@@ -117,7 +190,7 @@ nxt_fs_mount(nxt_task_t *task, nxt_fs_mount_t *mnt)
ret = NXT_OK;
- if (nxt_slow_path(nmount(iov, iovlen, 0) < 0)) {
+ if (nxt_slow_path(nmount(iov, iovlen, flags) < 0)) {
nxt_alert(task, "nmount(%p, %d, 0) %s", iov, iovlen, errmsg);
ret = NXT_ERROR;
}