From nobody Fri Jan 06 09:46:31 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NpJPz30vJz2pD5d; Fri, 6 Jan 2023 09:46:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NpJPz21Vtz3wFS; Fri, 6 Jan 2023 09:46:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1672998391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vLe3zVaLWCg0AjLEDYHt4klWb+Zp/V7L9XNJMUl1MSU=; b=uBOdLfBD5qDOVfjcWvgZq4ZCnaEzal9NSLqCXm97vzL1NYEpWbPfheoQKANOzRMmo/ltTt rubbUpb4bH1SrJkF2q7Sd8riZ0ebceryVbu7UjBLMFPdE4IMM6aHtfCLudsGFyxiargVWd zZr0THaB/8NMLpj9xgEML3v3TpqzagZZm0TEOeY9OCRoYbjfN53RfROEpDSSMGK6ortivA Ao1ZxTGt2Q3xDOqMJ6CzdKH0GwZpokA4hmBOWY/G8SdjfbjpBVdZKuZJ2p9RWhZp+JQdsr vN0Ffy6eJA0yYtSfRP2sqhoUJHDDFjBtSySnDgdxyDzBJLapxwGA1R6sNlmFWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1672998391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vLe3zVaLWCg0AjLEDYHt4klWb+Zp/V7L9XNJMUl1MSU=; b=Fsisa/PDTcqCgsiPsqAuKq54qj1B6JkpPoVowEBXv4EV/wAO7dROHuCsQwJwYzznF+a+WT X6pKgMKEYe2L+QzPK8Z+mv71hjvL1bGPeH2dngthirBo3Nxue2HHgbGc76jSTIJajIUieS 2uU5dWXgJHsuUEjpxjy1UAnoMs7y7nmSBGgCTbr3ZyjczNdvuj4d+HkQcbFtqhhwYm/x7U cL126Y230/WjCyoELyfLmbBiRKtx4qESwbGWbw1XRhhyRYmPaaaQQQ52lzRHxdj5CqyUgF A9sRlYC75oD5PqsliffTY39MMRzheXy7GzlLr1tsji+tqzPhfzbbhCuWs1KUOQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1672998391; a=rsa-sha256; cv=none; b=gzYdUilUzLFkCc2EiMSOsKt9YZ1L1N6e+aW6L91Gi1HbOHj25zOKpwHrVeLd27sGX/nnY4 h2mD77KScnynr6ToqOp7h6LWRRiwxen4s371frug3InXwdBmxtUe9k2+5ABcZBP48XgEi3 h7JeekTQ26MxuIbN8L+3HHzyZhU0voKBWgSZAoUVzvWvgJKU2h4bS4JexbCWjgsX+kuqKB +Of0XNdguRhiwG2vC8+IeG3KRMxKJzfA8rHdc0A75Qs13hW7Z3I75LxiW1GYgABf0iGxb9 /PJtKtqLhFTObuQ3AByaLa0DCH7UrAydns4hgIOW8M1RGHMF4TwJtgk+1ggZTQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NpJPz10nJzQGm; Fri, 6 Jan 2023 09:46:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3069kVaH090407; Fri, 6 Jan 2023 09:46:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3069kVYA090405; Fri, 6 Jan 2023 09:46:31 GMT (envelope-from git) Date: Fri, 6 Jan 2023 09:46:31 GMT Message-Id: <202301060946.3069kVYA090405@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Doug Rabson Subject: git: 823dfd17e27c - stable/13 - Add support for mounting single files in nullfs List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dfr X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 823dfd17e27c2561119b1de9b04dc28d8e709b1a Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by dfr: URL: https://cgit.FreeBSD.org/src/commit/?id=823dfd17e27c2561119b1de9b04dc28d8e709b1a commit 823dfd17e27c2561119b1de9b04dc28d8e709b1a Author: Doug Rabson AuthorDate: 2022-11-07 16:56:09 +0000 Commit: Doug Rabson CommitDate: 2023-01-06 07:57:57 +0000 Add support for mounting single files in nullfs My main use-case for this is to support mounting config files and secrets into OCI containers. My current workaround copies the files into the container which is messy and risks secrets leaking into container images if the cleanup fails. Reviewed by: mjg, kib Tested by: pho Differential Revision: https://reviews.freebsd.org/D37478 (cherry picked from commit a3f714c4ff8cf3754520f330abe783aa6a06dcdb) --- sbin/mount/getmntopts.c | 14 ++++++++++++++ sbin/mount/mntopts.h | 1 + sbin/mount/mount.c | 23 ++++++++++++++++++++--- sbin/mount_nullfs/mount_nullfs.8 | 11 +++++++++++ sbin/mount_nullfs/mount_nullfs.c | 23 +++++++++++++++++++++-- 5 files changed, 67 insertions(+), 5 deletions(-) diff --git a/sbin/mount/getmntopts.c b/sbin/mount/getmntopts.c index fb739c6406ae..0ee6d99ed8b9 100644 --- a/sbin/mount/getmntopts.c +++ b/sbin/mount/getmntopts.c @@ -139,6 +139,20 @@ checkpath(const char *path, char *resolved) return (0); } +int +checkpath_allow_file(const char *path, char *resolved) +{ + struct stat sb; + + if (realpath(path, resolved) == NULL || stat(resolved, &sb) != 0) + return (1); + if (!S_ISDIR(sb.st_mode) && !S_ISREG(sb.st_mode)) { + errno = ENOTDIR; + return (1); + } + return (0); +} + void build_iovec(struct iovec **iov, int *iovlen, const char *name, void *val, size_t len) diff --git a/sbin/mount/mntopts.h b/sbin/mount/mntopts.h index 183d6d9e501d..1d8b80069355 100644 --- a/sbin/mount/mntopts.h +++ b/sbin/mount/mntopts.h @@ -103,6 +103,7 @@ struct mntopt { void getmntopts(const char *, const struct mntopt *, int *, int *); void rmslashes(char *, char *); int checkpath(const char *, char resolved_path[]); +int checkpath_allow_file(const char *, char resolved_path[]); extern int getmnt_silent; void build_iovec(struct iovec **iov, int *iovlen, const char *name, void *val, size_t len); void build_iovec_argf(struct iovec **iov, int *iovlen, const char *name, const char *fmt, ...); diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c index cbb2a8784e26..66c1c1d1d000 100644 --- a/sbin/mount/mount.c +++ b/sbin/mount/mount.c @@ -89,6 +89,7 @@ struct statfs *getmntpt(const char *); int hasopt(const char *, const char *); int ismounted(struct fstab *, struct statfs *, int); int isremountable(const char *); +int allow_file_mount(const char *); void mangle(char *, struct cpa *); char *update_options(char *, char *, int); int mountfs(const char *, const char *, const char *, @@ -527,6 +528,15 @@ isremountable(const char *vfsname) return (0); } +int +allow_file_mount(const char *vfsname) +{ + + if (strcmp(vfsname, "nullfs") == 0) + return (1); + return (0); +} + int hasopt(const char *mntopts, const char *option) { @@ -573,9 +583,16 @@ mountfs(const char *vfstype, const char *spec, const char *name, int flags, static struct cpa mnt_argv; /* resolve the mountpoint with realpath(3) */ - if (checkpath(name, mntpath) != 0) { - xo_warn("%s", mntpath); - return (1); + if (allow_file_mount(vfstype)) { + if (checkpath_allow_file(name, mntpath) != 0) { + xo_warn("%s", mntpath); + return (1); + } + } else { + if (checkpath(name, mntpath) != 0) { + xo_warn("%s", mntpath); + return (1); + } } name = mntpath; diff --git a/sbin/mount_nullfs/mount_nullfs.8 b/sbin/mount_nullfs/mount_nullfs.8 index f2969209e240..46e55d8a7d54 100644 --- a/sbin/mount_nullfs/mount_nullfs.8 +++ b/sbin/mount_nullfs/mount_nullfs.8 @@ -64,6 +64,17 @@ but in other respects it is indistinguishable from the original. .Pp The .Nm +utility supports mounting both directories and single files. +Both +.Ar target +and +.Ar mount_point +must be the same type. +Mounting directories to files or files to +directories is not supported. +.Pp +The +.Nm file system differs from a traditional loopback file system in two respects: it is implemented using a stackable layers techniques, and its diff --git a/sbin/mount_nullfs/mount_nullfs.c b/sbin/mount_nullfs/mount_nullfs.c index 77ec0991ea9b..55d7ac982f70 100644 --- a/sbin/mount_nullfs/mount_nullfs.c +++ b/sbin/mount_nullfs/mount_nullfs.c @@ -48,6 +48,7 @@ static const char rcsid[] = #include #include +#include #include #include @@ -61,6 +62,14 @@ static const char rcsid[] = static void usage(void) __dead2; +static int +stat_realpath(const char *path, char *resolved, struct stat *sbp) +{ + if (realpath(path, resolved) == NULL || stat(resolved, sbp) != 0) + return (1); + return (0); +} + int main(int argc, char *argv[]) { @@ -71,6 +80,8 @@ main(int argc, char *argv[]) char errmsg[255]; int ch, iovlen; char nullfs[] = "nullfs"; + struct stat target_stat; + struct stat mountpoint_stat; iov = NULL; iovlen = 0; @@ -98,10 +109,18 @@ main(int argc, char *argv[]) usage(); /* resolve target and mountpoint with realpath(3) */ - if (checkpath(argv[0], target) != 0) + if (stat_realpath(argv[0], target, &target_stat) != 0) err(EX_USAGE, "%s", target); - if (checkpath(argv[1], mountpoint) != 0) + if (stat_realpath(argv[1], mountpoint, &mountpoint_stat) != 0) err(EX_USAGE, "%s", mountpoint); + if (!S_ISDIR(target_stat.st_mode) && !S_ISREG(target_stat.st_mode)) + errx(EX_USAGE, "%s: must be either a file or directory", + target); + if ((target_stat.st_mode & S_IFMT) != + (mountpoint_stat.st_mode & S_IFMT)) + errx(EX_USAGE, + "%s: must be same type as %s (file or directory)", + mountpoint, target); build_iovec(&iov, &iovlen, "fstype", nullfs, (size_t)-1); build_iovec(&iov, &iovlen, "fspath", mountpoint, (size_t)-1);