Compare commits
3 Commits
c906069850
...
a5286dcb0b
| Author | SHA1 | Date |
|---|---|---|
davjav
|
a5286dcb0b | |
|
davjav
|
b4d53c63e8 | |
|
davjav
|
5b5c42fd31 |
|
|
@ -854,9 +854,19 @@ static void mount_dump(Unit *u, FILE *f, const char *prefix) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static int mount_spawn(Mount *m, ExecCommand *c, PidRef *ret_pid) {
|
static ExecFlags mount_exec_flags(MountState state) {
|
||||||
_cleanup_(exec_params_shallow_clear) ExecParameters exec_params = EXEC_PARAMETERS_INIT(
|
ExecFlags flags = EXEC_APPLY_SANDBOXING|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN;
|
||||||
EXEC_APPLY_SANDBOXING|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN);
|
|
||||||
|
assert(IN_SET(state, MOUNT_MOUNTING, MOUNT_REMOUNTING, MOUNT_UNMOUNTING));
|
||||||
|
|
||||||
|
if (IN_SET(state, MOUNT_MOUNTING, MOUNT_REMOUNTING))
|
||||||
|
flags |= EXEC_SETUP_CREDENTIALS;
|
||||||
|
|
||||||
|
return flags;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int mount_spawn(Mount *m, ExecCommand *c, ExecFlags flags, PidRef *ret_pid) {
|
||||||
|
_cleanup_(exec_params_shallow_clear) ExecParameters exec_params = EXEC_PARAMETERS_INIT(flags);
|
||||||
_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
|
_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
|
@ -1047,7 +1057,7 @@ static void mount_enter_unmounting(Mount *m) {
|
||||||
|
|
||||||
mount_unwatch_control_pid(m);
|
mount_unwatch_control_pid(m);
|
||||||
|
|
||||||
r = mount_spawn(m, m->control_command, &m->control_pid);
|
r = mount_spawn(m, m->control_command, mount_exec_flags(MOUNT_UNMOUNTING), &m->control_pid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_unit_warning_errno(UNIT(m), r, "Failed to spawn 'umount' task: %m");
|
log_unit_warning_errno(UNIT(m), r, "Failed to spawn 'umount' task: %m");
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
@ -1192,7 +1202,7 @@ static void mount_enter_mounting(Mount *m) {
|
||||||
|
|
||||||
mount_unwatch_control_pid(m);
|
mount_unwatch_control_pid(m);
|
||||||
|
|
||||||
r = mount_spawn(m, m->control_command, &m->control_pid);
|
r = mount_spawn(m, m->control_command, mount_exec_flags(MOUNT_MOUNTING), &m->control_pid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_unit_warning_errno(UNIT(m), r, "Failed to spawn 'mount' task: %m");
|
log_unit_warning_errno(UNIT(m), r, "Failed to spawn 'mount' task: %m");
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
@ -1257,7 +1267,7 @@ static void mount_enter_remounting(Mount *m) {
|
||||||
|
|
||||||
mount_unwatch_control_pid(m);
|
mount_unwatch_control_pid(m);
|
||||||
|
|
||||||
r = mount_spawn(m, m->control_command, &m->control_pid);
|
r = mount_spawn(m, m->control_command, mount_exec_flags(MOUNT_REMOUNTING), &m->control_pid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_unit_warning_errno(UNIT(m), r, "Failed to spawn 'remount' task: %m");
|
log_unit_warning_errno(UNIT(m), r, "Failed to spawn 'remount' task: %m");
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,49 @@ run_with_cred_compare() (
|
||||||
diff "$log_file" <(echo -ne "$exp")
|
diff "$log_file" <(echo -ne "$exp")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
test_mount_with_credential() {
|
||||||
|
local credfile tmpdir unit
|
||||||
|
credfile="/tmp/mount-cred"
|
||||||
|
tmpdir="/tmp/test-54-mount"
|
||||||
|
unit=$(systemd-escape --suffix mount --path "$tmpdir")
|
||||||
|
|
||||||
|
echo foo >"$credfile"
|
||||||
|
mkdir -p "$tmpdir"
|
||||||
|
|
||||||
|
# Set up test mount unit
|
||||||
|
cat >/run/systemd/system/"$unit" <<EOF
|
||||||
|
[Mount]
|
||||||
|
What=tmpfs
|
||||||
|
Where=$tmpdir
|
||||||
|
Type=thisisatest
|
||||||
|
LoadCredential=loadcred:$credfile
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Set up test mount type
|
||||||
|
cat >/usr/sbin/mount.thisisatest <<EOF
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# Mount after verifying credential file content
|
||||||
|
if [ \$(cat \${CREDENTIALS_DIRECTORY}/loadcred) = "foo" ]; then
|
||||||
|
mount -t tmpfs \$1 \$2
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
chmod +x /usr/sbin/mount.thisisatest
|
||||||
|
|
||||||
|
# Verify mount succeeds
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl start "$unit"
|
||||||
|
systemctl --no-pager show -p SubState --value "$unit" | grep -q mounted
|
||||||
|
|
||||||
|
# Verify mount fails with different credential file content
|
||||||
|
echo bar >"$credfile"
|
||||||
|
(! systemctl restart "$unit")
|
||||||
|
|
||||||
|
# Stop unit and delete files
|
||||||
|
systemctl stop "$unit"
|
||||||
|
rm -f "$credfile" /run/systemd/system/"$unit" /usr/sbin/mount.thisisatest
|
||||||
|
rm -rf "$tmpdir"
|
||||||
|
}
|
||||||
|
|
||||||
# Sanity checks
|
# Sanity checks
|
||||||
#
|
#
|
||||||
# Create a dummy "full" disk (similar to /dev/full) to check out-of-space
|
# Create a dummy "full" disk (similar to /dev/full) to check out-of-space
|
||||||
|
|
@ -474,6 +517,9 @@ systemd-creds encrypt --user /tmp/usertest.data /tmp/usertest.creds --name=mytes
|
||||||
systemctl start user@0.service
|
systemctl start user@0.service
|
||||||
XDG_RUNTIME_DIR=/run/user/0 systemd-run --pipe --user --unit=waldi.service -p LoadCredentialEncrypted=mytest:/tmp/usertest.creds cat /run/user/0/credentials/waldi.service/mytest | cmp /tmp/usertest.data
|
XDG_RUNTIME_DIR=/run/user/0 systemd-run --pipe --user --unit=waldi.service -p LoadCredentialEncrypted=mytest:/tmp/usertest.creds cat /run/user/0/credentials/waldi.service/mytest | cmp /tmp/usertest.data
|
||||||
|
|
||||||
|
# Test mount unit with credential
|
||||||
|
test_mount_with_credential
|
||||||
|
|
||||||
systemd-analyze log-level info
|
systemd-analyze log-level info
|
||||||
|
|
||||||
touch /testok
|
touch /testok
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue