nspawn: rename is_procfs_sysfs_or_suchlike() to is_fs_fully_userns_compatible()

tixxdz · tixxdz · commit 231bfb1b02e0 · 2016-05-26T22:39:34.000+02:00
Rename is_procfs_sysfs_or_suchlike() to is_fs_fully_userns_compatible()
to give it the real meaning. This may prevent future modifications that
may introduce bugs.
diff --git a/src/nspawn/nspawn-patch-uid.c b/src/nspawn/nspawn-patch-uid.c
@@ -280,7 +280,13 @@ static int patch_fd(int fd, const char *name, const struct stat *st, uid_t shift
         return r > 0 || changed;
 }
 
-static int is_procfs_sysfs_or_suchlike(int fd) {
+/*
+ * Check if the filesystem is fully compatible with user namespaces or
+ * UID/GID patching. Some filesystems in this list can be fully mounted inside
+ * user namespaces, however their inodes may relate to host resources or only
+ * valid in the global user namespace, therefore no patching should be applied.
+ */
+static int is_fs_fully_userns_compatible(int fd) {
         struct statfs sfs;
 
         assert(fd >= 0);
@@ -314,8 +320,8 @@ static int recurse_fd(int fd, bool donate_fd, const struct stat *st, uid_t shift
 
         /* We generally want to permit crossing of mount boundaries when patching the UIDs/GIDs. However, we
          * probably shouldn't do this for /proc and /sys if that is already mounted into place. Hence, let's
-         * stop the recursion when we hit a procfs or sysfs file system. */
-        r = is_procfs_sysfs_or_suchlike(fd);
+         * stop the recursion when we hit procfs, sysfs or some other special file systems. */
+        r = is_fs_fully_userns_compatible(fd);
         if (r < 0)
                 goto finish;
         if (r > 0) {
