diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-10-26 18:34:57 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-10-28 08:17:46 +0200 |
commit | 1147c538bbb6a2d3d5ba2e40f1437bcbeb22b33e (patch) | |
tree | d4c93fc887ad1e8189b19ed051d3501e19998552 /src/home/homework-mount.c | |
parent | homework: also move to using .image_fd field of HomeSetup in home_create_luks() (diff) | |
download | systemd-1147c538bbb6a2d3d5ba2e40f1437bcbeb22b33e.tar.xz systemd-1147c538bbb6a2d3d5ba2e40f1437bcbeb22b33e.zip |
homework: teach luks backend uid mapping
This teachs the LUKS backend UID mapping, similar to the existing
logic for the "directory", "subvolume" and "fscrypt" backends: the files
will be owned by "nobody" on the fs itself, but will be mapped to
logging in user via uidmapped mounts.
This way LUKS home dirs become truly portable: no local UID info will
leak onto the images anymore, and the need to recursively chown them on
activation goes away. This means activation is always as performant as
it should be.
Diffstat (limited to 'src/home/homework-mount.c')
-rw-r--r-- | src/home/homework-mount.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/home/homework-mount.c b/src/home/homework-mount.c index 5758e85839..82b461a987 100644 --- a/src/home/homework-mount.c +++ b/src/home/homework-mount.c @@ -84,7 +84,17 @@ int home_unshare_and_mount(const char *node, const char *fstype, bool discard, u if (r < 0) return r; - return home_mount_node(node, fstype, discard, flags); + r = home_mount_node(node, fstype, discard, flags); + if (r < 0) + return r; + + r = mount_nofollow_verbose(LOG_ERR, NULL, HOME_RUNTIME_WORK_DIR, NULL, MS_PRIVATE, NULL); + if (r < 0) { + (void) umount_verbose(LOG_ERR, HOME_RUNTIME_WORK_DIR, UMOUNT_NOFOLLOW); + return r; + } + + return 0; } int home_move_mount(const char *mount_suffix, const char *target) { @@ -111,9 +121,9 @@ int home_move_mount(const char *mount_suffix, const char *target) { if (r < 0) return r; - r = umount_verbose(LOG_ERR, HOME_RUNTIME_WORK_DIR, UMOUNT_NOFOLLOW); + r = umount_recursive(HOME_RUNTIME_WORK_DIR, 0); if (r < 0) - return r; + return log_error_errno(r, "Failed to unmount %s: %m", HOME_RUNTIME_WORK_DIR); log_info("Moving to final mount point %s completed.", target); return 0; |