From e544779c61b1334e54db34ad3c6b90356e51dfe9 Mon Sep 17 00:00:00 2001 From: Manabu Sugimoto Date: Fri, 11 Jun 2021 15:03:30 +0900 Subject: [PATCH 1/2] agent: Add some mount options Add the following mount options to catch up with the runtime spec - silent - loud - (no)acl - (no)iversion - (no)lazytime Fixes: #1999 Signed-off-by: Manabu Sugimoto --- src/agent/rustjail/src/mount.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/agent/rustjail/src/mount.rs b/src/agent/rustjail/src/mount.rs index c6482a8b94..5244875591 100644 --- a/src/agent/rustjail/src/mount.rs +++ b/src/agent/rustjail/src/mount.rs @@ -97,8 +97,16 @@ lazy_static! { m.insert("rbind", (false, MsFlags::MS_BIND | MsFlags::MS_REC)); m.insert("relatime", (false, MsFlags::MS_RELATIME)); m.insert("norelatime", (true, MsFlags::MS_RELATIME)); + m.insert("silent", (false, MsFlags::MS_SILENT)); + m.insert("loud", (true, MsFlags::MS_SILENT)); + m.insert("acl", (false, MsFlags::MS_POSIXACL)); + m.insert("noacl", (true, MsFlags::MS_POSIXACL)); + m.insert("iversion", (false, MsFlags::MS_I_VERSION)); + m.insert("noiversion", (true, MsFlags::MS_I_VERSION)); m.insert("strictatime", (false, MsFlags::MS_STRICTATIME)); m.insert("nostrictatime", (true, MsFlags::MS_STRICTATIME)); + m.insert("lazytime", (false, MsFlags::MS_LAZYTIME)); + m.insert("nolazytime", (true, MsFlags::MS_LAZYTIME)); m }; } From bd27f7bab538585f93ed22aa5b8ff699d1ea60cd Mon Sep 17 00:00:00 2001 From: Manabu Sugimoto Date: Wed, 16 Jun 2021 17:14:35 +0900 Subject: [PATCH 2/2] agent: Sort PROPAGATION and OPTIONS alphabetically to scan easily It's hard to visually scan over the list currently. Therefore, we should sort the list alphabetically to scan easily. Fixes: #1999 Signed-off-by: Manabu Sugimoto --- src/agent/rustjail/src/mount.rs | 60 ++++++++++++++++----------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/src/agent/rustjail/src/mount.rs b/src/agent/rustjail/src/mount.rs index 5244875591..de4af7a5a1 100644 --- a/src/agent/rustjail/src/mount.rs +++ b/src/agent/rustjail/src/mount.rs @@ -62,51 +62,51 @@ const PROC_SUPER_MAGIC: libc::c_uint = 0x00009fa0; lazy_static! { static ref PROPAGATION: HashMap<&'static str, MsFlags> = { let mut m = HashMap::new(); - m.insert("shared", MsFlags::MS_SHARED); - m.insert("rshared", MsFlags::MS_SHARED | MsFlags::MS_REC); m.insert("private", MsFlags::MS_PRIVATE); m.insert("rprivate", MsFlags::MS_PRIVATE | MsFlags::MS_REC); - m.insert("slave", MsFlags::MS_SLAVE); + m.insert("rshared", MsFlags::MS_SHARED | MsFlags::MS_REC); m.insert("rslave", MsFlags::MS_SLAVE | MsFlags::MS_REC); - m.insert("unbindable", MsFlags::MS_UNBINDABLE); m.insert("runbindable", MsFlags::MS_UNBINDABLE | MsFlags::MS_REC); + m.insert("shared", MsFlags::MS_SHARED); + m.insert("slave", MsFlags::MS_SLAVE); + m.insert("unbindable", MsFlags::MS_UNBINDABLE); m }; static ref OPTIONS: HashMap<&'static str, (bool, MsFlags)> = { let mut m = HashMap::new(); - m.insert("defaults", (false, MsFlags::empty())); - m.insert("ro", (false, MsFlags::MS_RDONLY)); - m.insert("rw", (true, MsFlags::MS_RDONLY)); - m.insert("suid", (true, MsFlags::MS_NOSUID)); - m.insert("nosuid", (false, MsFlags::MS_NOSUID)); - m.insert("dev", (true, MsFlags::MS_NODEV)); - m.insert("nodev", (false, MsFlags::MS_NODEV)); - m.insert("exec", (true, MsFlags::MS_NOEXEC)); - m.insert("noexec", (false, MsFlags::MS_NOEXEC)); - m.insert("sync", (false, MsFlags::MS_SYNCHRONOUS)); + m.insert("acl", (false, MsFlags::MS_POSIXACL)); m.insert("async", (true, MsFlags::MS_SYNCHRONOUS)); - m.insert("dirsync", (false, MsFlags::MS_DIRSYNC)); - m.insert("remount", (false, MsFlags::MS_REMOUNT)); - m.insert("mand", (false, MsFlags::MS_MANDLOCK)); - m.insert("nomand", (true, MsFlags::MS_MANDLOCK)); m.insert("atime", (true, MsFlags::MS_NOATIME)); - m.insert("noatime", (false, MsFlags::MS_NOATIME)); - m.insert("diratime", (true, MsFlags::MS_NODIRATIME)); - m.insert("nodiratime", (false, MsFlags::MS_NODIRATIME)); m.insert("bind", (false, MsFlags::MS_BIND)); + m.insert("defaults", (false, MsFlags::empty())); + m.insert("dev", (true, MsFlags::MS_NODEV)); + m.insert("diratime", (true, MsFlags::MS_NODIRATIME)); + m.insert("dirsync", (false, MsFlags::MS_DIRSYNC)); + m.insert("exec", (true, MsFlags::MS_NOEXEC)); + m.insert("iversion", (false, MsFlags::MS_I_VERSION)); + m.insert("lazytime", (false, MsFlags::MS_LAZYTIME)); + m.insert("loud", (true, MsFlags::MS_SILENT)); + m.insert("mand", (false, MsFlags::MS_MANDLOCK)); + m.insert("noacl", (true, MsFlags::MS_POSIXACL)); + m.insert("noatime", (false, MsFlags::MS_NOATIME)); + m.insert("nodev", (false, MsFlags::MS_NODEV)); + m.insert("nodiratime", (false, MsFlags::MS_NODIRATIME)); + m.insert("noexec", (false, MsFlags::MS_NOEXEC)); + m.insert("noiversion", (true, MsFlags::MS_I_VERSION)); + m.insert("nolazytime", (true, MsFlags::MS_LAZYTIME)); + m.insert("nomand", (true, MsFlags::MS_MANDLOCK)); + m.insert("norelatime", (true, MsFlags::MS_RELATIME)); + m.insert("nostrictatime", (true, MsFlags::MS_STRICTATIME)); + m.insert("nosuid", (false, MsFlags::MS_NOSUID)); m.insert("rbind", (false, MsFlags::MS_BIND | MsFlags::MS_REC)); m.insert("relatime", (false, MsFlags::MS_RELATIME)); - m.insert("norelatime", (true, MsFlags::MS_RELATIME)); + m.insert("remount", (false, MsFlags::MS_REMOUNT)); + m.insert("ro", (false, MsFlags::MS_RDONLY)); + m.insert("rw", (true, MsFlags::MS_RDONLY)); m.insert("silent", (false, MsFlags::MS_SILENT)); - m.insert("loud", (true, MsFlags::MS_SILENT)); - m.insert("acl", (false, MsFlags::MS_POSIXACL)); - m.insert("noacl", (true, MsFlags::MS_POSIXACL)); - m.insert("iversion", (false, MsFlags::MS_I_VERSION)); - m.insert("noiversion", (true, MsFlags::MS_I_VERSION)); m.insert("strictatime", (false, MsFlags::MS_STRICTATIME)); - m.insert("nostrictatime", (true, MsFlags::MS_STRICTATIME)); - m.insert("lazytime", (false, MsFlags::MS_LAZYTIME)); - m.insert("nolazytime", (true, MsFlags::MS_LAZYTIME)); + m.insert("suid", (true, MsFlags::MS_NOSUID)); + m.insert("sync", (false, MsFlags::MS_SYNCHRONOUS)); m }; }