cb136dd51a
in deployment on remounting the mount pointing to /opt/cool/systemplate with an additional MS_NOATIME results in EPERM. Where that dir is on a (toplevel) [rel]atime mount. man 2 mount states 'An attempt was made to modify (MS_REMOUNT) the MS_RDONLY, MS_NOSUID, or MS_NOEXEC flag, or one of the "atime" flags (MS_NOATIME, MS_NODIRATIME, MS_RELATIME) of an existing mount, but the mount is locked'. Presumably we can add flags that drop privs, but not those that could circumvent original mount policy. Thanks to Kay Sievers for help & advice to bootstrap these namespace mounts. Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com> Change-Id: I4c0c6a6e4a0e7fae04255e247b18cd5a86c3f327
37 lines
1 KiB
C++
37 lines
1 KiB
C++
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
|
|
/*
|
|
* Copyright the Collabora Online contributors.
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*/
|
|
/*
|
|
* This is a very tiny helper to allow overlay mounting.
|
|
*/
|
|
|
|
#include <config.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <sysexits.h>
|
|
|
|
#include <security.h>
|
|
|
|
extern int domount(bool namespace_mount, int argc, const char* const* argv);
|
|
|
|
int main(int argc, char** argv)
|
|
{
|
|
/*WARNING: PRIVILEGED CODE CHECKING START */
|
|
/*WARNING*/ if (!hasCorrectUID(/* appName = */ "coolmount"))
|
|
/*WARNING*/ {
|
|
/*WARNING*/ fprintf(stderr, "Aborting.\n");
|
|
/*WARNING*/ return EX_SOFTWARE;
|
|
/*WARNING*/ }
|
|
/*WARNING: PRIVILEGED CODE CHECKING END */
|
|
|
|
return domount(false, argc, argv);
|
|
}
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|