From nobody Mon Dec 19 16:50:33 2022
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NbQgY2VJwz1GB42;
	Mon, 19 Dec 2022 16:50:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NbQgY21Ypz3hsf;
	Mon, 19 Dec 2022 16:50:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1671468633;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=A688IV+FrJ7KTid1wlOTRxmBzGrZqFoSYZAArV+86Tg=;
	b=b4HAZ+36ue5yMZlk29JUtVS9R9vIeMKgPni/xrQlRQv5cl8wqU7fNPrl2PHbDU5IxJ7IG3
	qoCK3gFgZoy/Z81368SNVKg3b4+8eYwLke/TGprL7BR7I9QSsouvpKxlAPoS2nTZGsOeV8
	2hpHC0WU4ip8uCnaW3U/Ca0WFRVYbg7n45g2AW76BZKVUGfTm2UxG/WutFspeQjRr5euh6
	7ARyAS5OZqsqHYwf0DHhrbQoZ/5a2BH/Jf/2UL3tS3MKcY2pbErNlactrGAZQunybJ75Dd
	ZbZ2zXGFoh6mKG9VDxjIPqoDRvOIgoHd+JmDB/eMHL567OZEXEMHTwxPBWeRSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1671468633;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=A688IV+FrJ7KTid1wlOTRxmBzGrZqFoSYZAArV+86Tg=;
	b=TvQyduntzoehBs0Zz9R8evyd5kK490+j9JGgKZWDbJThf056AMZXu1OyuYzftR3tlDhYQa
	ZKFwHki4GStHh7b6u/3maBGTrdhOXxmjn/vjChajdoAf4tA+1afkh9DKMW8/vKyd/wgwwZ
	0R5DBO+RCZRT2oerP8OLSF4GAJcs6184vrpZT9QIg1Kfzu3RkUkD0zXY+ON6nd3tuUrFV0
	nzzkwlKbTa1isO93notpglQwnYpwjNSrSXHuiVvZMduetSJQBWABMRl/HTqbB/oH+hGylH
	yoEz+PxqfdmuK14ZMPETOS3kQTZDFck3Ov2g944OkECAyaCfzIrshngNCj/MMg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1671468633; a=rsa-sha256; cv=none;
	b=xZWviIHzHbcuPk4dHsi0SpkZbU1Z8QI8FZUQSQ5Kk6MOK70uJH+YCe0TbByKN9EvN4q75B
	jLS/wXpAGrybIEo+CyRXizbYakrq72L+c/yPm5w0CF7E0qyQAUCDA5VYhc+jOd0gy4XRrh
	fN6fvtfOJJZmYBgl30SB8eDp3/sLhpbC7hlYPUkIFcbx5RX1DdwqlyewHRA+XNTmp+aBjm
	2nXBLNff7BUu2vxuS8Nf2RcEQlTdVrlhQN9FeqISmJ3lG42YDnfiLuU5FTPDAoxcUY27j4
	t7PQorcsJxMh2sAsfqVOOguH9u8E5vLy9ky7atoP7wvBcdX0u3/fT7Tw88KiYw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NbQgY0vBtz12QT;
	Mon, 19 Dec 2022 16:50:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2BJGoXjF094512;
	Mon, 19 Dec 2022 16:50:33 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2BJGoXGZ094511;
	Mon, 19 Dec 2022 16:50:33 GMT
	(envelope-from git)
Date: Mon, 19 Dec 2022 16:50:33 GMT
Message-Id: <202212191650.2BJGoXGZ094511@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Doug Rabson <dfr@FreeBSD.org>
Subject: git: 521fbb722c33 - main - Add support for mounting single files in nullfs
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: dfr
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 521fbb722c33663cf00a83bca70ad7cb790687b3
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by dfr:

URL: https://cgit.FreeBSD.org/src/commit/?id=521fbb722c33663cf00a83bca70ad7cb790687b3

commit 521fbb722c33663cf00a83bca70ad7cb790687b3
Author:     Doug Rabson <dfr@FreeBSD.org>
AuthorDate: 2022-11-23 14:51:13 +0000
Commit:     Doug Rabson <dfr@FreeBSD.org>
CommitDate: 2022-12-19 16:46:13 +0000

    Add support for mounting single files in nullfs
    
    The main use-case for this is to support mounting config files and
    secrets into OCI containers. My current workaround copies the files into
    the container which is messy and risks secrets leaking into container
    images if the cleanup fails.
    
    This adds a VFCF flag to indicate whether the filesystem supports file
    mounts and allows fspath to be either a directory or a file if the flag
    is set.
    
    Test Plan:
    $ sudo mkdir -p /mnt
    $ sudo touch /mnt/foo
    $ sudo mount -t nullfs /COPYRIGHT /mnt/foo
    
    Reviewed by:    mjg, kib
    Tested by:      pho
---
 sys/fs/nullfs/null_vfsops.c | 13 ++++++++++++-
 sys/kern/vfs_mount.c        | 34 +++++++++++++++++++++++++++-------
 sys/sys/mount.h             |  1 +
 3 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/sys/fs/nullfs/null_vfsops.c b/sys/fs/nullfs/null_vfsops.c
index 216a8badce56..7f78d23ba016 100644
--- a/sys/fs/nullfs/null_vfsops.c
+++ b/sys/fs/nullfs/null_vfsops.c
@@ -156,6 +156,17 @@ nullfs_mount(struct mount *mp)
 		}
 	}
 
+	/*
+	 * Lower vnode must be the same type as the covered vnode - we
+	 * don't allow mounting directories to files or vice versa.
+	 */
+	if ((lowerrootvp->v_type != VDIR && lowerrootvp->v_type != VREG) ||
+	    lowerrootvp->v_type != mp->mnt_vnodecovered->v_type) {
+		NULLFSDEBUG("nullfs_mount: target must be same type as fspath");
+		vput(lowerrootvp);
+		return (EINVAL);
+	}
+
 	xmp = (struct null_mount *) malloc(sizeof(struct null_mount),
 	    M_NULLFSMNT, M_WAITOK | M_ZERO);
 
@@ -503,4 +514,4 @@ static struct vfsops null_vfsops = {
 	.vfs_unlink_lowervp =	nullfs_unlink_lowervp,
 };
 
-VFS_SET(null_vfsops, nullfs, VFCF_LOOPBACK | VFCF_JAIL);
+VFS_SET(null_vfsops, nullfs, VFCF_LOOPBACK | VFCF_JAIL | VFCF_FILEMOUNT);
diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index bf8fd3b1c179..8001604d2855 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -1105,8 +1105,13 @@ vfs_domount_first(
 		error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN);
 	if (error == 0)
 		error = vinvalbuf(vp, V_SAVE, 0, 0);
-	if (error == 0 && vp->v_type != VDIR)
-		error = ENOTDIR;
+	if (vfsp->vfc_flags & VFCF_FILEMOUNT) {
+		if (error == 0 && vp->v_type != VDIR && vp->v_type != VREG)
+			error = EINVAL;
+	} else {
+		if (error == 0 && vp->v_type != VDIR)
+			error = ENOTDIR;
+	}
 	if (error == 0 && (fsflags & MNT_EMPTYDIR) != 0)
 		error = vfs_emptydir(vp);
 	if (error == 0) {
@@ -1535,22 +1540,33 @@ vfs_domount(
 	/*
 	 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE.
 	 */
-	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE,
-	    fspath);
+	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1 | WANTPARENT,
+	    UIO_SYSSPACE, fspath);
 	error = namei(&nd);
 	if (error != 0)
 		return (error);
-	NDFREE_PNBUF(&nd);
 	vp = nd.ni_vp;
 	if ((fsflags & MNT_UPDATE) == 0) {
 		if ((vp->v_vflag & VV_ROOT) != 0 &&
 		    (fsflags & MNT_NOCOVER) != 0) {
 			vput(vp);
-			return (EBUSY);
+			error = EBUSY;
+			goto out;
 		}
 		pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK);
 		strcpy(pathbuf, fspath);
-		error = vn_path_to_global_path(td, vp, pathbuf, MNAMELEN);
+		/*
+		 * Note: we allow any vnode type here. If the path sanity check
+		 * succeeds, the type will be validated in vfs_domount_first
+		 * above.
+		 */
+		if (vp->v_type == VDIR)
+			error = vn_path_to_global_path(td, vp, pathbuf,
+			    MNAMELEN);
+		else
+			error = vn_path_to_global_path_hardlink(td, vp,
+			    nd.ni_dvp, pathbuf, MNAMELEN,
+			    nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen);
 		if (error == 0) {
 			error = vfs_domount_first(td, vfsp, pathbuf, vp,
 			    fsflags, optlist);
@@ -1559,6 +1575,10 @@ vfs_domount(
 	} else
 		error = vfs_domount_update(td, vp, fsflags, optlist);
 
+out:
+	NDFREE_PNBUF(&nd);
+	vrele(nd.ni_dvp);
+
 	return (error);
 }
 
diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index ffb2676258f3..4bfc77b7f1a1 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -678,6 +678,7 @@ struct ovfsconf {
 #define	VFCF_DELEGADMIN	0x00800000	/* supports delegated administration */
 #define	VFCF_SBDRY	0x01000000	/* Stop at Boundary: defer stop requests
 					   to kernel->user (AST) transition */
+#define	VFCF_FILEMOUNT	0x02000000	/* allow mounting files */
 
 typedef uint32_t fsctlop_t;