From d852352b9c5d4b5b2c6f62bf0d103c54f0d7b744 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 5 Oct 2023 12:49:07 +0200
Subject: [PATCH] mountpoint-util: Check hardcoded list before asking kernel if
 option is supported

mount_option_supported() will call fsopen() which will probe the
kernel filesystem module. This means that we'll suddenly start
probing filesystem modules when running generators as those determine
which mount options to use. To prevent generators from loading kernel
filesystem modules as much as possible, let's always first check the
hardcoded list of filesystem which we know support a feature before
falling back to asking the kernel.
---
 src/basic/mountpoint-util.c | 47 +++++++++++++------------------------
 1 file changed, 16 insertions(+), 31 deletions(-)

diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
index 6a07f1da2c..bf67f7e01a 100644
--- a/src/basic/mountpoint-util.c
+++ b/src/basic/mountpoint-util.c
@@ -484,51 +484,36 @@ bool fstype_is_ro(const char *fstype) {
 }
 
 bool fstype_can_discard(const char *fstype) {
-        int r;
-
         assert(fstype);
 
-        /* On new kernels we can just ask the kernel */
-        r = mount_option_supported(fstype, "discard", NULL);
-        if (r >= 0)
-                return r;
+        /* Use a curated list as first check, to avoid calling fsopen() which might load kmods, which might
+         * not be allowed in our MAC context. */
+        if (STR_IN_SET(fstype, "btrfs", "f2fs", "ext4", "vfat", "xfs"))
+                return true;
 
-        return STR_IN_SET(fstype,
-                          "btrfs",
-                          "f2fs",
-                          "ext4",
-                          "vfat",
-                          "xfs");
+        /* On new kernels we can just ask the kernel */
+        return mount_option_supported(fstype, "discard", NULL) > 0;
 }
 
 bool fstype_can_norecovery(const char *fstype) {
-        int r;
-
         assert(fstype);
 
-        /* On new kernels we can just ask the kernel */
-        r = mount_option_supported(fstype, "norecovery", NULL);
-        if (r >= 0)
-                return r;
+        /* Use a curated list as first check, to avoid calling fsopen() which might load kmods, which might
+         * not be allowed in our MAC context. */
+        if (STR_IN_SET(fstype, "ext3", "ext4", "xfs", "btrfs"))
+                return true;
 
-        return STR_IN_SET(fstype,
-                          "ext3",
-                          "ext4",
-                          "xfs",
-                          "btrfs");
+        /* On new kernels we can just ask the kernel */
+        return mount_option_supported(fstype, "norecovery", NULL) > 0;
 }
 
 bool fstype_can_umask(const char *fstype) {
-        int r;
-
         assert(fstype);
 
-        /* On new kernels we can just ask the kernel */
-        r = mount_option_supported(fstype, "umask", "0077");
-        if (r >= 0)
-                return r;
-
-        return streq(fstype, "vfat");
+        /* Use a curated list as first check, to avoid calling fsopen() which might load kmods, which might
+         * not be allowed in our MAC context. If we don't know ourselves, on new kernels we can just ask the
+         * kernel. */
+        return streq(fstype, "vfat") || mount_option_supported(fstype, "umask", "0077") > 0;
 }
 
 bool fstype_can_uid_gid(const char *fstype) {
-- 
2.25.1