switch_root.c

   1 /*
   2  * switchroot.c - switch to new root directory and start init.
   3  *
   4  * Copyright 2002-2009 Red Hat, Inc.  All rights reserved.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  *
  19  * Authors:
  20  *      Peter Jones <pjones@redhat.com>
  21  *      Jeremy Katz <katzj@redhat.com>
  22  */
  23 #include <sys/mount.h>
  24 #include <sys/types.h>
  25 #include <sys/stat.h>
  26 #include <sys/param.h>
  27 #include <fcntl.h>
  28 #include <stdio.h>
  29 #include <stdlib.h>
  30 #include <unistd.h>
  31 #include <string.h>
  32 #include <errno.h>
  33 #include <ctype.h>
  34 #include <dirent.h>
  35 #include <err.h>
  36 #include <libgen.h>
  37
  38 #ifndef MS_MOVE
  39 #define MS_MOVE 8192
  40 #endif
  41
  42 /* find the enclosing mount point of a path, by examining the backing device
  43  * of parent directories until we reach / or find a parent with a differing
  44  * device.
  45  * result must be freed.
  46  */
  47 static char *get_parent_mount(const char *path)
  48 {
  49         struct stat sb;
  50         char dir[PATH_MAX];
  51         char tmp[PATH_MAX];
  52         dev_t inner_dev;
  53         int r;
  54
  55         r = stat(path, &sb);
  56         if (r != 0) {
  57                 warn("failed to stat %s", path);
  58                 return NULL;
  59         }
  60         inner_dev = sb.st_dev;
  61
  62         /* dirname has some annoying properties of modifying the input... */
  63         strncpy(dir, path, PATH_MAX);
  64         dir[PATH_MAX - 1] = 0; /* for safety */
  65
  66         while (1) {
  67                 char *parent;
  68
  69                 strncpy(tmp, dir, PATH_MAX);
  70                 tmp[PATH_MAX - 1] = 0;
  71                 parent = dirname(tmp);
  72
  73                 r = stat(parent, &sb);
  74                 if (r != 0) {
  75                         warn("failed to stat %s", parent);
  76                         return NULL;
  77                 }
  78
  79                 /* if the parent directory's device differs then we have found a mount
  80                  * point */
  81                 if (sb.st_dev != inner_dev)
  82                         return strdup(dir);
  83
  84                 strncpy(dir, parent, PATH_MAX);
  85                 dir[PATH_MAX - 1] = 0;
  86
  87                 /* maybe we've reached / */
  88                 if (strlen(dir) == 1)
  89                         return strdup(dir);
  90         }
  91 }
  92
  93 /* remove all files/directories below dirName -- don't cross mountpoints */
  94 static int recursiveRemove(char *dirName)
  95 {
  96         struct stat rb;
  97         DIR *dir;
  98         int rc = -1;
  99         int dfd;
 100
 101         if (!(dir = opendir(dirName))) {
 102                 warn("failed to open %s", dirName);
 103                 goto done;
 104         }
 105
 106         dfd = dirfd(dir);
 107
 108         if (fstat(dfd, &rb)) {
 109                 warn("failed to stat %s", dirName);
 110                 goto done;
 111         }
 112
 113         while(1) {
 114                 struct dirent *d;
 115
 116                 errno = 0;
 117                 if (!(d = readdir(dir))) {
 118                         if (errno) {
 119                                 warn("failed to read %s", dirName);
 120                                 goto done;
 121                         }
 122                         break;  /* end of directory */
 123                 }
 124
 125                 if (!strcmp(d->d_name, ".") || !strcmp(d->d_name, ".."))
 126                         continue;
 127
 128                 if (d->d_type == DT_DIR) {
 129                         struct stat sb;
 130
 131                         if (fstatat(dfd, d->d_name, &sb, AT_SYMLINK_NOFOLLOW)) {
 132                                 warn("failed to stat %s/%s", dirName, d->d_name);
 133                                 continue;
 134                         }
 135
 136                         /* remove subdirectories if device is same as dir */
 137                         if (sb.st_dev == rb.st_dev) {
 138                                 char subdir[ strlen(dirName) +
 139                                              strlen(d->d_name) + 2 ];
 140
 141                                 sprintf(subdir, "%s/%s", dirName, d->d_name);
 142                                 recursiveRemove(subdir);
 143                         } else
 144                                 continue;
 145                 }
 146
 147                 if (unlinkat(dfd, d->d_name,
 148                              d->d_type == DT_DIR ? AT_REMOVEDIR : 0))
 149                         warn("failed to unlink %s/%s", dirName, d->d_name);
 150         }
 151
 152         rc = 0; /* success */
 153
 154 done:
 155         if (dir)
 156                 closedir(dir);
 157         return rc;
 158 }
 159
 160 static int switchroot(const char *newroot)
 161 {
 162         /*  Don't try to unmount the old "/", there's no way to do it. */
 163         const char *umounts[] = { "/dev", "/proc", "/sys", NULL };
 164         char *newroot_mnt;
 165         const char *chroot_path = NULL;
 166         int i;
 167         int r = -1;
 168
 169         for (i = 0; umounts[i] != NULL; i++) {
 170                 char newmount[PATH_MAX];
 171
 172                 snprintf(newmount, sizeof(newmount), "%s%s", newroot, umounts[i]);
 173
 174                 if (mount(umounts[i], newmount, NULL, MS_MOVE, NULL) < 0) {
 175                         warn("failed to mount moving %s to %s",
 176                                 umounts[i], newmount);
 177                         warnx("forcing unmount of %s", umounts[i]);
 178                         umount2(umounts[i], MNT_FORCE);
 179                 }
 180         }
 181
 182         if (chdir(newroot)) {
 183                 warn("failed to change directory to %s", newroot);
 184                 return -1;
 185         }
 186
 187         recursiveRemove("/");
 188
 189         newroot_mnt = get_parent_mount(newroot);
 190         if (newroot_mnt && strcmp(newroot, newroot_mnt)) {
 191                 /* newroot is not a mount point, so we have to MS_MOVE the parent
 192                  * mount point and then chroot in to the "subroot" */
 193                 chroot_path = newroot + strlen(newroot_mnt);
 194                 newroot = newroot_mnt;
 195
 196                 if (chdir(newroot)) {
 197                         warn("failed to chdir to newroot mount %s", newroot);
 198                         goto err;
 199                 }
 200         }
 201
 202         if (mount(newroot, "/", NULL, MS_MOVE, NULL) < 0) {
 203                 warn("failed to mount moving %s to /", newroot);
 204                 goto err;
 205         }
 206
 207         if (chroot(".")) {
 208                 warn("failed to change root");
 209                 goto err;
 210         }
 211
 212         if (chroot_path) {
 213                 if (chdir(chroot_path)) {
 214                         warn("failed to chdir to subroot %s", chroot_path);
 215                         goto err;
 216                 }
 217
 218                 if (chroot(".")) {
 219                         warn("failed to change root to subroot");
 220                         goto err;
 221                 }
 222         }
 223
 224         r = 0;
 225 err:
 226         if (newroot_mnt)
 227                 free(newroot_mnt);
 228         return r;
 229 }
 230
 231 static void usage(FILE *output)
 232 {
 233         fprintf(output, "usage: %s <newrootdir> <init> <args to init>\n",
 234                         program_invocation_short_name);
 235         exit(output == stderr ? EXIT_FAILURE : EXIT_SUCCESS);
 236 }
 237
 238 static void version(void)
 239 {
 240         fprintf(stdout,  "%s from %s\n", program_invocation_short_name,
 241                         PACKAGE_STRING);
 242         exit(EXIT_SUCCESS);
 243 }
 244
 245 int main(int argc, char *argv[])
 246 {
 247         char *newroot, *init, **initargs;
 248
 249         if (argv[1] && (!strcmp(argv[1], "--help") || !strcmp(argv[1], "-h")))
 250                 usage(stdout);
 251         if (argv[1] && (!strcmp(argv[1], "--version") || !strcmp(argv[1], "-V")))
 252                 version();
 253         if (argc < 3)
 254                 usage(stderr);
 255
 256         newroot = argv[1];
 257         init = argv[2];
 258         initargs = &argv[2];
 259
 260         if (!*newroot || !*init)
 261                 usage(stderr);
 262
 263         if (switchroot(newroot))
 264                 errx(EXIT_FAILURE, "failed. Sorry.");
 265
 266         if (access(init, X_OK))
 267                 warn("cannot access %s", init);
 268
 269         /* get session leader */
 270         setsid();
 271
 272         /* set controlling terminal */
 273         if (ioctl (0, TIOCSCTTY, 1))
 274                 warn("failed to TIOCSCTTY");
 275
 276         execv(init, initargs);
 277         err(EXIT_FAILURE, "failed to execute %s", init);
 278 }
 279