#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mount.h>
+#include <sys/wait.h>
#include <errno.h>
#include <stdio.h>
return 0;
}
+void
+selinux_restorecon(char *overlaydir)
+{
+ struct stat s;
+ pid_t restorecon_pid;
+ int status;
+
+ /* on non-SELinux system we don't have /sbin/restorecon, return */
+ if (stat("/sbin/restorecon", &s))
+ return;
+
+ restorecon_pid = fork();
+ if (!restorecon_pid)
+ exit(execl("/sbin/restorecon", "restorecon", overlaydir, (char *) NULL));
+ else if (restorecon_pid > 0)
+ waitpid(restorecon_pid, &status, 0);
+}
+
/**
* fopivot - switch to overlay using passed dir as upper one
*
int
fopivot(char *rw_root, char *ro_root)
{
- char overlay[64], mount_options[64];
+ char overlay[64], mount_options[64], upperdir[64], workdir[64], upgrade[64], upgrade_dest[64];
+ struct stat st;
if (find_filesystem("overlay")) {
ULOG_ERR("BUG: no suitable fs found\n");
}
snprintf(overlay, sizeof(overlay), "overlayfs:%s", rw_root);
+ snprintf(upperdir, sizeof(upperdir), "%s/upper", rw_root);
+ snprintf(workdir, sizeof(workdir), "%s/work", rw_root);
+ snprintf(upgrade, sizeof(upgrade), "%s/sysupgrade.tgz", rw_root);
+ snprintf(upgrade_dest, sizeof(upgrade_dest), "%s/sysupgrade.tgz", upperdir);
+ snprintf(mount_options, sizeof(mount_options), "lowerdir=/,upperdir=%s,workdir=%s",
+ upperdir, workdir);
+
+ /*
+ * Initialize SELinux security label on newly created overlay
+ * filesystem where /upper doesn't yet exist
+ */
+ if (stat(upperdir, &st))
+ selinux_restorecon(rw_root);
/*
- * First, try to mount without a workdir, for overlayfs v22 and before.
- * If it fails, it means that we are probably using a v23 and
- * later versions that require a workdir
+ * Overlay FS v23 and later requires both a upper and
+ * a work directory, both on the same filesystem, but
+ * not part of the same subtree.
+ * We can't really deal with these constraints without
+ * creating two new subdirectories in /overlay.
*/
- snprintf(mount_options, sizeof(mount_options), "lowerdir=/,upperdir=%s", rw_root);
- if (mount(overlay, "/mnt", "overlayfs", MS_NOATIME, mount_options)) {
- char upperdir[64], workdir[64], upgrade[64], upgrade_dest[64];
- struct stat st;
-
- snprintf(upperdir, sizeof(upperdir), "%s/upper", rw_root);
- snprintf(workdir, sizeof(workdir), "%s/work", rw_root);
- snprintf(upgrade, sizeof(upgrade), "%s/sysupgrade.tgz", rw_root);
- snprintf(upgrade_dest, sizeof(upgrade_dest), "%s/sysupgrade.tgz", upperdir);
- snprintf(mount_options, sizeof(mount_options), "lowerdir=/,upperdir=%s,workdir=%s",
- upperdir, workdir);
-
- /*
- * Overlay FS v23 and later requires both a upper and
- * a work directory, both on the same filesystem, but
- * not part of the same subtree.
- * We can't really deal with these constraints without
- * creating two new subdirectories in /overlay.
- */
- mkdir(upperdir, 0755);
- mkdir(workdir, 0755);
-
- if (stat(upgrade, &st) == 0)
- rename(upgrade, upgrade_dest);
-
- /* Mainlined overlayfs has been renamed to "overlay", try that first */
- if (mount(overlay, "/mnt", "overlay", MS_NOATIME, mount_options)) {
- if (mount(overlay, "/mnt", "overlayfs", MS_NOATIME, mount_options)) {
- ULOG_ERR("mount failed: %s, options %m\n", mount_options);
- return -1;
- }
- }
+ if (mkdir(upperdir, 0755) == -1 && errno != EEXIST)
+ return -1;
+
+ if (mkdir(workdir, 0755) == -1 && errno != EEXIST)
+ return -1;
+
+ if (stat(upgrade, &st) == 0)
+ rename(upgrade, upgrade_dest);
+
+ if (mount(overlay, "/mnt", "overlay", MS_NOATIME, mount_options)) {
+ ULOG_ERR("mount failed: %m, options %s\n", mount_options);
+ return -1;
}
return pivot("/mnt", ro_root);