mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-30 18:20:19 +00:00
34fc1d847e
to v1.18.0 Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
371 lines
12 KiB
Go
371 lines
12 KiB
Go
/*
|
|
Copyright 2014 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
// TODO(thockin): This whole pkg is pretty linux-centric. As soon as we have
|
|
// an alternate platform, we will need to abstract further.
|
|
|
|
package mount
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
utilexec "k8s.io/utils/exec"
|
|
)
|
|
|
|
const (
|
|
// Default mount command if mounter path is not specified.
|
|
defaultMountCommand = "mount"
|
|
// Log message where sensitive mount options were removed
|
|
sensitiveOptionsRemoved = "<masked>"
|
|
)
|
|
|
|
// Interface defines the set of methods to allow for mount operations on a system.
|
|
type Interface interface {
|
|
// Mount mounts source to target as fstype with given options.
|
|
// options MUST not contain sensitive material (like passwords).
|
|
Mount(source string, target string, fstype string, options []string) error
|
|
// MountSensitive is the same as Mount() but this method allows
|
|
// sensitiveOptions to be passed in a separate parameter from the normal
|
|
// mount options and ensures the sensitiveOptions are never logged. This
|
|
// method should be used by callers that pass sensitive material (like
|
|
// passwords) as mount options.
|
|
MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error
|
|
// Unmount unmounts given target.
|
|
Unmount(target string) error
|
|
// List returns a list of all mounted filesystems. This can be large.
|
|
// On some platforms, reading mounts directly from the OS is not guaranteed
|
|
// consistent (i.e. it could change between chunked reads). This is guaranteed
|
|
// to be consistent.
|
|
List() ([]MountPoint, error)
|
|
// IsLikelyNotMountPoint uses heuristics to determine if a directory
|
|
// is not a mountpoint.
|
|
// It should return ErrNotExist when the directory does not exist.
|
|
// IsLikelyNotMountPoint does NOT properly detect all mountpoint types
|
|
// most notably linux bind mounts and symbolic link. For callers that do not
|
|
// care about such situations, this is a faster alternative to calling List()
|
|
// and scanning that output.
|
|
IsLikelyNotMountPoint(file string) (bool, error)
|
|
// GetMountRefs finds all mount references to pathname, returning a slice of
|
|
// paths. Pathname can be a mountpoint path or a normal directory
|
|
// (for bind mount). On Linux, pathname is excluded from the slice.
|
|
// For example, if /dev/sdc was mounted at /path/a and /path/b,
|
|
// GetMountRefs("/path/a") would return ["/path/b"]
|
|
// GetMountRefs("/path/b") would return ["/path/a"]
|
|
// On Windows there is no way to query all mount points; as long as pathname is
|
|
// a valid mount, it will be returned.
|
|
GetMountRefs(pathname string) ([]string, error)
|
|
}
|
|
|
|
// Compile-time check to ensure all Mounter implementations satisfy
|
|
// the mount interface.
|
|
var _ Interface = &Mounter{}
|
|
|
|
// MountPoint represents a single line in /proc/mounts or /etc/fstab.
|
|
type MountPoint struct {
|
|
Device string
|
|
Path string
|
|
Type string
|
|
Opts []string // Opts may contain sensitive mount options (like passwords) and MUST be treated as such (e.g. not logged).
|
|
Freq int
|
|
Pass int
|
|
}
|
|
|
|
type MountErrorType string
|
|
|
|
const (
|
|
FilesystemMismatch MountErrorType = "FilesystemMismatch"
|
|
HasFilesystemErrors MountErrorType = "HasFilesystemErrors"
|
|
UnformattedReadOnly MountErrorType = "UnformattedReadOnly"
|
|
FormatFailed MountErrorType = "FormatFailed"
|
|
GetDiskFormatFailed MountErrorType = "GetDiskFormatFailed"
|
|
UnknownMountError MountErrorType = "UnknownMountError"
|
|
)
|
|
|
|
type MountError struct {
|
|
Type MountErrorType
|
|
Message string
|
|
}
|
|
|
|
func (mountError MountError) String() string {
|
|
return mountError.Message
|
|
}
|
|
|
|
func (mountError MountError) Error() string {
|
|
return mountError.Message
|
|
}
|
|
|
|
func NewMountError(mountErrorValue MountErrorType, format string, args ...interface{}) error {
|
|
mountError := MountError{
|
|
Type: mountErrorValue,
|
|
Message: fmt.Sprintf(format, args...),
|
|
}
|
|
return mountError
|
|
}
|
|
|
|
// SafeFormatAndMount probes a device to see if it is formatted.
|
|
// Namely it checks to see if a file system is present. If so it
|
|
// mounts it otherwise the device is formatted first then mounted.
|
|
type SafeFormatAndMount struct {
|
|
Interface
|
|
Exec utilexec.Interface
|
|
}
|
|
|
|
// FormatAndMount formats the given disk, if needed, and mounts it.
|
|
// That is if the disk is not formatted and it is not being mounted as
|
|
// read-only it will format it first then mount it. Otherwise, if the
|
|
// disk is already formatted or it is being mounted as read-only, it
|
|
// will be mounted without formatting.
|
|
// options MUST not contain sensitive material (like passwords).
|
|
func (mounter *SafeFormatAndMount) FormatAndMount(source string, target string, fstype string, options []string) error {
|
|
return mounter.FormatAndMountSensitive(source, target, fstype, options, nil /* sensitiveOptions */)
|
|
}
|
|
|
|
// FormatAndMountSensitive is the same as FormatAndMount but this method allows
|
|
// sensitiveOptions to be passed in a separate parameter from the normal mount
|
|
// options and ensures the sensitiveOptions are never logged. This method should
|
|
// be used by callers that pass sensitive material (like passwords) as mount
|
|
// options.
|
|
func (mounter *SafeFormatAndMount) FormatAndMountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error {
|
|
return mounter.formatAndMountSensitive(source, target, fstype, options, sensitiveOptions)
|
|
}
|
|
|
|
// getMountRefsByDev finds all references to the device provided
|
|
// by mountPath; returns a list of paths.
|
|
// Note that mountPath should be path after the evaluation of any symblolic links.
|
|
func getMountRefsByDev(mounter Interface, mountPath string) ([]string, error) {
|
|
mps, err := mounter.List()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Finding the device mounted to mountPath.
|
|
diskDev := ""
|
|
for i := range mps {
|
|
if mountPath == mps[i].Path {
|
|
diskDev = mps[i].Device
|
|
break
|
|
}
|
|
}
|
|
|
|
// Find all references to the device.
|
|
var refs []string
|
|
for i := range mps {
|
|
if mps[i].Device == diskDev || mps[i].Device == mountPath {
|
|
if mps[i].Path != mountPath {
|
|
refs = append(refs, mps[i].Path)
|
|
}
|
|
}
|
|
}
|
|
return refs, nil
|
|
}
|
|
|
|
// GetDeviceNameFromMount given a mnt point, find the device from /proc/mounts
|
|
// returns the device name, reference count, and error code.
|
|
func GetDeviceNameFromMount(mounter Interface, mountPath string) (string, int, error) {
|
|
mps, err := mounter.List()
|
|
if err != nil {
|
|
return "", 0, err
|
|
}
|
|
|
|
// Find the device name.
|
|
// FIXME if multiple devices mounted on the same mount path, only the first one is returned.
|
|
device := ""
|
|
// If mountPath is symlink, need get its target path.
|
|
slTarget, err := filepath.EvalSymlinks(mountPath)
|
|
if err != nil {
|
|
slTarget = mountPath
|
|
}
|
|
for i := range mps {
|
|
if mps[i].Path == slTarget {
|
|
device = mps[i].Device
|
|
break
|
|
}
|
|
}
|
|
|
|
// Find all references to the device.
|
|
refCount := 0
|
|
for i := range mps {
|
|
if mps[i].Device == device {
|
|
refCount++
|
|
}
|
|
}
|
|
return device, refCount, nil
|
|
}
|
|
|
|
// IsNotMountPoint determines if a directory is a mountpoint.
|
|
// It should return ErrNotExist when the directory does not exist.
|
|
// IsNotMountPoint is more expensive than IsLikelyNotMountPoint.
|
|
// IsNotMountPoint detects bind mounts in linux.
|
|
// IsNotMountPoint enumerates all the mountpoints using List() and
|
|
// the list of mountpoints may be large, then it uses
|
|
// isMountPointMatch to evaluate whether the directory is a mountpoint.
|
|
func IsNotMountPoint(mounter Interface, file string) (bool, error) {
|
|
// IsLikelyNotMountPoint provides a quick check
|
|
// to determine whether file IS A mountpoint.
|
|
notMnt, notMntErr := mounter.IsLikelyNotMountPoint(file)
|
|
if notMntErr != nil && os.IsPermission(notMntErr) {
|
|
// We were not allowed to do the simple stat() check, e.g. on NFS with
|
|
// root_squash. Fall back to /proc/mounts check below.
|
|
notMnt = true
|
|
notMntErr = nil
|
|
}
|
|
if notMntErr != nil {
|
|
return notMnt, notMntErr
|
|
}
|
|
// identified as mountpoint, so return this fact.
|
|
if notMnt == false {
|
|
return notMnt, nil
|
|
}
|
|
|
|
// Resolve any symlinks in file, kernel would do the same and use the resolved path in /proc/mounts.
|
|
resolvedFile, err := filepath.EvalSymlinks(file)
|
|
if err != nil {
|
|
return true, err
|
|
}
|
|
|
|
// check all mountpoints since IsLikelyNotMountPoint
|
|
// is not reliable for some mountpoint types.
|
|
mountPoints, mountPointsErr := mounter.List()
|
|
if mountPointsErr != nil {
|
|
return notMnt, mountPointsErr
|
|
}
|
|
for _, mp := range mountPoints {
|
|
if isMountPointMatch(mp, resolvedFile) {
|
|
notMnt = false
|
|
break
|
|
}
|
|
}
|
|
return notMnt, nil
|
|
}
|
|
|
|
// MakeBindOpts detects whether a bind mount is being requested and makes the remount options to
|
|
// use in case of bind mount, due to the fact that bind mount doesn't respect mount options.
|
|
// The list equals:
|
|
// options - 'bind' + 'remount' (no duplicate)
|
|
func MakeBindOpts(options []string) (bool, []string, []string) {
|
|
bind, bindOpts, bindRemountOpts, _ := MakeBindOptsSensitive(options, nil /* sensitiveOptions */)
|
|
return bind, bindOpts, bindRemountOpts
|
|
}
|
|
|
|
// MakeBindOptsSensitive is the same as MakeBindOpts but this method allows
|
|
// sensitiveOptions to be passed in a separate parameter from the normal mount
|
|
// options and ensures the sensitiveOptions are never logged. This method should
|
|
// be used by callers that pass sensitive material (like passwords) as mount
|
|
// options.
|
|
func MakeBindOptsSensitive(options []string, sensitiveOptions []string) (bool, []string, []string, []string) {
|
|
// Because we have an FD opened on the subpath bind mount, the "bind" option
|
|
// needs to be included, otherwise the mount target will error as busy if you
|
|
// remount as readonly.
|
|
//
|
|
// As a consequence, all read only bind mounts will no longer change the underlying
|
|
// volume mount to be read only.
|
|
bindRemountOpts := []string{"bind", "remount"}
|
|
bindRemountSensitiveOpts := []string{}
|
|
bind := false
|
|
bindOpts := []string{"bind"}
|
|
|
|
// _netdev is a userspace mount option and does not automatically get added when
|
|
// bind mount is created and hence we must carry it over.
|
|
if checkForNetDev(options, sensitiveOptions) {
|
|
bindOpts = append(bindOpts, "_netdev")
|
|
}
|
|
|
|
for _, option := range options {
|
|
switch option {
|
|
case "bind":
|
|
bind = true
|
|
break
|
|
case "remount":
|
|
break
|
|
default:
|
|
bindRemountOpts = append(bindRemountOpts, option)
|
|
}
|
|
}
|
|
|
|
for _, sensitiveOption := range sensitiveOptions {
|
|
switch sensitiveOption {
|
|
case "bind":
|
|
bind = true
|
|
break
|
|
case "remount":
|
|
break
|
|
default:
|
|
bindRemountSensitiveOpts = append(bindRemountSensitiveOpts, sensitiveOption)
|
|
}
|
|
}
|
|
|
|
return bind, bindOpts, bindRemountOpts, bindRemountSensitiveOpts
|
|
}
|
|
|
|
func checkForNetDev(options []string, sensitiveOptions []string) bool {
|
|
for _, option := range options {
|
|
if option == "_netdev" {
|
|
return true
|
|
}
|
|
}
|
|
for _, sensitiveOption := range sensitiveOptions {
|
|
if sensitiveOption == "_netdev" {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// PathWithinBase checks if give path is within given base directory.
|
|
func PathWithinBase(fullPath, basePath string) bool {
|
|
rel, err := filepath.Rel(basePath, fullPath)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
if StartsWithBackstep(rel) {
|
|
// Needed to escape the base path.
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
// StartsWithBackstep checks if the given path starts with a backstep segment.
|
|
func StartsWithBackstep(rel string) bool {
|
|
// normalize to / and check for ../
|
|
return rel == ".." || strings.HasPrefix(filepath.ToSlash(rel), "../")
|
|
}
|
|
|
|
// sanitizedOptionsForLogging will return a comma seperated string containing
|
|
// options and sensitiveOptions. Each entry in sensitiveOptions will be
|
|
// replaced with the string sensitiveOptionsRemoved
|
|
// e.g. o1,o2,<masked>,<masked>
|
|
func sanitizedOptionsForLogging(options []string, sensitiveOptions []string) string {
|
|
seperator := ""
|
|
if len(options) > 0 && len(sensitiveOptions) > 0 {
|
|
seperator = ","
|
|
}
|
|
|
|
sensitiveOptionsStart := ""
|
|
sensitiveOptionsEnd := ""
|
|
if len(sensitiveOptions) > 0 {
|
|
sensitiveOptionsStart = strings.Repeat(sensitiveOptionsRemoved+",", len(sensitiveOptions)-1)
|
|
sensitiveOptionsEnd = sensitiveOptionsRemoved
|
|
}
|
|
|
|
return strings.Join(options, ",") +
|
|
seperator +
|
|
sensitiveOptionsStart +
|
|
sensitiveOptionsEnd
|
|
}
|