diff options
author | Doug Rabson <dfr@FreeBSD.org> | 2022-11-07 16:56:09 +0000 |
---|---|---|
committer | Doug Rabson <dfr@FreeBSD.org> | 2022-12-19 16:44:54 +0000 |
commit | a3f714c4ff8cf3754520f330abe783aa6a06dcdb (patch) | |
tree | 33418937f63f9c509c729b84f83c4e892fdc41a6 /sbin/mount_nullfs | |
parent | 5cfacab13291a2551f145ca4a68db42d095e4a9a (diff) | |
download | src-a3f714c4ff8cf3754520f330abe783aa6a06dcdb.tar.gz src-a3f714c4ff8cf3754520f330abe783aa6a06dcdb.zip |
Add support for mounting single files in nullfs
My main use-case for this is to support mounting config files and secrets
into OCI containers. My current workaround copies the files into the
container which is messy and risks secrets leaking into container images
if the cleanup fails.
Reviewed by: mjg, kib
Tested by: pho
Differential Revision: https://reviews.freebsd.org/D37478
Diffstat (limited to 'sbin/mount_nullfs')
-rw-r--r-- | sbin/mount_nullfs/mount_nullfs.8 | 11 | ||||
-rw-r--r-- | sbin/mount_nullfs/mount_nullfs.c | 23 |
2 files changed, 32 insertions, 2 deletions
diff --git a/sbin/mount_nullfs/mount_nullfs.8 b/sbin/mount_nullfs/mount_nullfs.8 index 756b13a7ffdf..68c252c69d61 100644 --- a/sbin/mount_nullfs/mount_nullfs.8 +++ b/sbin/mount_nullfs/mount_nullfs.8 @@ -64,6 +64,17 @@ but in other respects it is indistinguishable from the original. .Pp The .Nm +utility supports mounting both directories and single files. +Both +.Ar target +and +.Ar mount_point +must be the same type. +Mounting directories to files or files to +directories is not supported. +.Pp +The +.Nm file system differs from a traditional loopback file system in two respects: it is implemented using a stackable layers techniques, and its diff --git a/sbin/mount_nullfs/mount_nullfs.c b/sbin/mount_nullfs/mount_nullfs.c index 77ec0991ea9b..55d7ac982f70 100644 --- a/sbin/mount_nullfs/mount_nullfs.c +++ b/sbin/mount_nullfs/mount_nullfs.c @@ -48,6 +48,7 @@ static const char rcsid[] = #include <sys/param.h> #include <sys/mount.h> +#include <sys/stat.h> #include <sys/uio.h> #include <err.h> @@ -61,6 +62,14 @@ static const char rcsid[] = static void usage(void) __dead2; +static int +stat_realpath(const char *path, char *resolved, struct stat *sbp) +{ + if (realpath(path, resolved) == NULL || stat(resolved, sbp) != 0) + return (1); + return (0); +} + int main(int argc, char *argv[]) { @@ -71,6 +80,8 @@ main(int argc, char *argv[]) char errmsg[255]; int ch, iovlen; char nullfs[] = "nullfs"; + struct stat target_stat; + struct stat mountpoint_stat; iov = NULL; iovlen = 0; @@ -98,10 +109,18 @@ main(int argc, char *argv[]) usage(); /* resolve target and mountpoint with realpath(3) */ - if (checkpath(argv[0], target) != 0) + if (stat_realpath(argv[0], target, &target_stat) != 0) err(EX_USAGE, "%s", target); - if (checkpath(argv[1], mountpoint) != 0) + if (stat_realpath(argv[1], mountpoint, &mountpoint_stat) != 0) err(EX_USAGE, "%s", mountpoint); + if (!S_ISDIR(target_stat.st_mode) && !S_ISREG(target_stat.st_mode)) + errx(EX_USAGE, "%s: must be either a file or directory", + target); + if ((target_stat.st_mode & S_IFMT) != + (mountpoint_stat.st_mode & S_IFMT)) + errx(EX_USAGE, + "%s: must be same type as %s (file or directory)", + mountpoint, target); build_iovec(&iov, &iovlen, "fstype", nullfs, (size_t)-1); build_iovec(&iov, &iovlen, "fspath", mountpoint, (size_t)-1); |