mount: apply SELinux labels before overlayfs mount

[project/fstools.git] / libfstools / overlay.c

diff --git a/libfstools/overlay.c b/libfstools/overlay.c
index a41364c5e3e14b8ce319052f685612759fc82724..eadafcf4391f36658c26f94c5fec770aeb6c743a 100644 (file)
--- a/libfstools/overlay.c
+++ b/libfstools/overlay.c
@@ -30,7 +30,12 @@
 #include "libfstools.h"
 #include "volume.h"
 
+#ifndef GLOB_ONLYDIR
+#define GLOB_ONLYDIR 0x100
+#endif
+
 #define SWITCH_JFFS2 "/tmp/.switch_jffs2"
+#define OVERLAYDIR "/rom/overlay"
 
 static bool keep_sysupgrade;
 
@@ -112,6 +117,24 @@ foreachdir(const char *dir, int (*cb)(const char*))
        cb(dir);
 }
 
+static void foreach_mount(int (*cb)(const char *, const char *))
+{
+       FILE *fp = fopen("/proc/mounts", "r");
+       static char line[256];
+
+       if (!fp)
+               return;
+
+       while (fgets(line, sizeof(line), fp)) {
+               char device[32], mount_point[32];
+
+               if (sscanf(line, "%31s %31s %*s %*s %*u %*u", device, mount_point) == 2)
+                       cb(device, mount_point);
+       }
+
+       fclose(fp);
+}
+
 void
 overlay_delete(const char *dir, bool _keep_sysupgrade)
 {
@@ -135,6 +158,19 @@ overlay_mount(struct volume *v, char *fs)
        return 0;
 }
 
+/**
+ * move_mount - move mount point to the new root
+ */
+static int move_mount(const char *device, const char *mount_point)
+{
+       static const char *prefix = "/tmp/root/";
+
+       if (strncmp(mount_point, prefix, strlen(prefix)))
+               return 0;
+
+       return mount_move(prefix, "/", mount_point + strlen(prefix));
+}
+
 static int
 switch2jffs(struct volume *v)
 {
@@ -146,13 +182,14 @@ switch2jffs(struct volume *v)
                return -1;
        }
 
-       creat("/tmp/.switch_jffs2", 0600);
-       ret = mount(v->blk, "/rom/overlay", "jffs2", MS_NOATIME, NULL);
-       unlink("/tmp/.switch_jffs2");
+       creat(SWITCH_JFFS2, 0600);
+       ret = mount(v->blk, OVERLAYDIR, "jffs2", MS_NOATIME, NULL);
+       unlink(SWITCH_JFFS2);
        if (ret) {
-               ULOG_ERR("failed - mount -t jffs2 %s /rom/overlay: %m\n", v->blk);
+               ULOG_ERR("failed - mount -t jffs2 %s %s: %m\n", v->blk, OVERLAYDIR);
                return -1;
        }
+       selinux_restorecon(OVERLAYDIR);
 
        if (mount("none", "/", NULL, MS_NOATIME | MS_REMOUNT, 0)) {
                ULOG_ERR("failed - mount -o remount,ro none: %m\n");
@@ -174,7 +211,20 @@ switch2jffs(struct volume *v)
                return -1;
        }
 
-       return fopivot("/overlay", "/rom");
+       ret = fopivot("/overlay", "/rom");
+
+       /*
+        * Besides copying overlay data from "tmpfs" to "jffs2" we should also
+        * move mount points that user could create during JFFS2 formatting.
+        * This has to happen after fopivot call because:
+        * 1) It's trivial to find mount points to move then (/tmp/root/...).
+        * 2) We can't do that earlier using /rom/overlay/upper/ as overlay(fs)
+        *    doesn't support mounts. Mounting to upper dir don't make overlay
+        *    /propagate/ files to the target dir.
+        */
+       foreach_mount(move_mount);
+
+       return ret;
 }
 
 int
@@ -297,7 +347,18 @@ static int overlay_mount_fs(struct volume *v)
                return -1;
        }
 
-       if (mount(v->blk, "/tmp/overlay", fstype, MS_NOATIME, NULL)) {
+       if (mount(v->blk, "/tmp/overlay", fstype,
+#ifdef OVL_MOUNT_FULL_ACCESS_TIME
+               MS_RELATIME,
+#else
+               MS_NOATIME,
+#endif
+#ifdef OVL_MOUNT_COMPRESS_ZLIB
+               "compr=zlib"
+#else
+               NULL
+#endif
+               )) {
                ULOG_ERR("failed to mount -t %s %s /tmp/overlay: %m\n",
                         fstype, v->blk);
                return -1;