From 7877a98bd9c00db5e81dd2f8c734cba2bab20be7 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 12 Aug 2022 09:26:17 +0200
Subject: Merging upstream version 1.36.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 collectors/proc.plugin/proc_self_mountinfo.c | 41 ++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

(limited to 'collectors/proc.plugin/proc_self_mountinfo.c')

diff --git a/collectors/proc.plugin/proc_self_mountinfo.c b/collectors/proc.plugin/proc_self_mountinfo.c
index ca00f8a89..4456d5978 100644
--- a/collectors/proc.plugin/proc_self_mountinfo.c
+++ b/collectors/proc.plugin/proc_self_mountinfo.c
@@ -182,6 +182,33 @@ static inline int is_read_only(const char *s) {
     return 0;
 }
 
+// for the full list of protected mount points look at
+// https://github.com/systemd/systemd/blob/1eb3ef78b4df28a9e9f464714208f2682f957e36/src/core/namespace.c#L142-L149
+// https://github.com/systemd/systemd/blob/1eb3ef78b4df28a9e9f464714208f2682f957e36/src/core/namespace.c#L180-L194
+static const char *systemd_protected_mount_points[] = {
+    "/home",
+    "/root",
+    "/usr",
+    "/boot",
+    "/efi",
+    "/etc",
+    "/run/user",
+    "/lib",
+    "/lib64",
+    "/bin",
+    "/sbin",
+    NULL
+};
+
+static inline int mount_point_is_protected(char *mount_point)
+{
+    for (size_t i = 0; systemd_protected_mount_points[i] != NULL; i++)
+        if (!strcmp(mount_point, systemd_protected_mount_points[i]))
+            return 1;
+
+    return 0;
+}
+
 // read the whole mountinfo into a linked list
 struct mountinfo *mountinfo_read(int do_statvfs) {
     char filename[FILENAME_MAX + 1];
@@ -199,11 +226,21 @@ struct mountinfo *mountinfo_read(int do_statvfs) {
 
     struct mountinfo *root = NULL, *last = NULL, *mi = NULL;
 
+    // create a dictionary to track uniqueness
+    DICTIONARY *dict = dictionary_create(DICTIONARY_FLAG_SINGLE_THREADED|DICTIONARY_FLAG_DONT_OVERWRITE_VALUE|DICTIONARY_FLAG_NAME_LINK_DONT_CLONE);
+
     unsigned long l, lines = procfile_lines(ff);
     for(l = 0; l < lines ;l++) {
         if(unlikely(procfile_linewords(ff, l) < 5))
             continue;
 
+        // make sure we don't add the same item twice
+        char *v = (char *)dictionary_set(dict, procfile_lineword(ff, l, 4), "N", 2);
+        if(v) {
+            if(*v == 'O') continue;
+            *v = 'O';
+        }
+
         mi = mallocz(sizeof(struct mountinfo));
 
         unsigned long w = 0;
@@ -242,6 +279,9 @@ struct mountinfo *mountinfo_read(int do_statvfs) {
         if(unlikely(is_read_only(mi->mount_options)))
             mi->flags |= MOUNTINFO_READONLY;
 
+        if(unlikely(mount_point_is_protected(mi->mount_point)))
+           mi->flags |= MOUNTINFO_IS_IN_SYSD_PROTECTED_LIST;
+
         // count the optional fields
 /*
         unsigned long wo = w;
@@ -411,6 +451,7 @@ struct mountinfo *mountinfo_read(int do_statvfs) {
     }
 */
 
+    dictionary_destroy(dict);
     procfile_close(ff);
     return root;
 }
-- 
cgit v1.2.3