]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
ebeccf9e LP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2014 Lennart Poettering | |
ebeccf9e LP |
6 | ***/ |
7 | ||
fe993888 | 8 | #include <sys/file.h> |
9153b02b LP |
9 | #include <sys/mount.h> |
10 | ||
b5efdb8a | 11 | #include "alloc-util.h" |
ebeccf9e | 12 | #include "bus-label.h" |
1ddb263d | 13 | #include "bus-util.h" |
9153b02b LP |
14 | #include "copy.h" |
15 | #include "dissect-image.h" | |
56599585 | 16 | #include "fd-util.h" |
9153b02b LP |
17 | #include "fileio.h" |
18 | #include "fs-util.h" | |
003dffde | 19 | #include "image-dbus.h" |
a90fb858 | 20 | #include "io-util.h" |
9153b02b | 21 | #include "loop-util.h" |
ee104e11 | 22 | #include "machine-image.h" |
9153b02b | 23 | #include "mount-util.h" |
56599585 | 24 | #include "process-util.h" |
9153b02b | 25 | #include "raw-clone.h" |
ee104e11 LP |
26 | #include "strv.h" |
27 | #include "user-util.h" | |
ebeccf9e | 28 | |
1ddb263d | 29 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, image_type, ImageType); |
ebeccf9e | 30 | |
1ddb263d | 31 | int bus_image_method_remove( |
08682124 LP |
32 | sd_bus_message *message, |
33 | void *userdata, | |
34 | sd_bus_error *error) { | |
35 | ||
5d2036b5 | 36 | _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 }; |
1ddb263d | 37 | Image *image = userdata; |
70244d1d | 38 | Manager *m = image->userdata; |
5d2036b5 | 39 | pid_t child; |
08682124 LP |
40 | int r; |
41 | ||
08682124 | 42 | assert(message); |
1ddb263d | 43 | assert(image); |
08682124 | 44 | |
5d2036b5 LP |
45 | if (m->n_operations >= OPERATIONS_MAX) |
46 | return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations."); | |
47 | ||
70244d1d LP |
48 | r = bus_verify_polkit_async( |
49 | message, | |
50 | CAP_SYS_ADMIN, | |
51 | "org.freedesktop.machine1.manage-images", | |
403ed0e5 | 52 | NULL, |
70244d1d | 53 | false, |
c529695e | 54 | UID_INVALID, |
70244d1d LP |
55 | &m->polkit_registry, |
56 | error); | |
57 | if (r < 0) | |
58 | return r; | |
59 | if (r == 0) | |
60 | return 1; /* Will call us back */ | |
61 | ||
5d2036b5 LP |
62 | if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0) |
63 | return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m"); | |
64 | ||
4c253ed1 LP |
65 | r = safe_fork("(sd-imgrm)", FORK_RESET_SIGNALS, &child); |
66 | if (r < 0) | |
67 | return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m"); | |
68 | if (r == 0) { | |
5d2036b5 LP |
69 | errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]); |
70 | ||
71 | r = image_remove(image); | |
72 | if (r < 0) { | |
73 | (void) write(errno_pipe_fd[1], &r, sizeof(r)); | |
74 | _exit(EXIT_FAILURE); | |
75 | } | |
76 | ||
77 | _exit(EXIT_SUCCESS); | |
78 | } | |
79 | ||
80 | errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]); | |
81 | ||
03c2b288 | 82 | r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL); |
5d2036b5 LP |
83 | if (r < 0) { |
84 | (void) sigkill_wait(child); | |
08682124 | 85 | return r; |
5d2036b5 LP |
86 | } |
87 | ||
88 | errno_pipe_fd[0] = -1; | |
08682124 | 89 | |
5d2036b5 | 90 | return 1; |
08682124 LP |
91 | } |
92 | ||
1ddb263d | 93 | int bus_image_method_rename( |
ebd93cb6 LP |
94 | sd_bus_message *message, |
95 | void *userdata, | |
96 | sd_bus_error *error) { | |
97 | ||
1ddb263d | 98 | Image *image = userdata; |
70244d1d | 99 | Manager *m = image->userdata; |
ebd93cb6 LP |
100 | const char *new_name; |
101 | int r; | |
102 | ||
ebd93cb6 | 103 | assert(message); |
1ddb263d | 104 | assert(image); |
ebd93cb6 LP |
105 | |
106 | r = sd_bus_message_read(message, "s", &new_name); | |
107 | if (r < 0) | |
108 | return r; | |
109 | ||
110 | if (!image_name_is_valid(new_name)) | |
111 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name); | |
112 | ||
70244d1d LP |
113 | r = bus_verify_polkit_async( |
114 | message, | |
115 | CAP_SYS_ADMIN, | |
116 | "org.freedesktop.machine1.manage-images", | |
403ed0e5 | 117 | NULL, |
70244d1d | 118 | false, |
c529695e | 119 | UID_INVALID, |
70244d1d LP |
120 | &m->polkit_registry, |
121 | error); | |
122 | if (r < 0) | |
123 | return r; | |
124 | if (r == 0) | |
125 | return 1; /* Will call us back */ | |
126 | ||
ebd93cb6 LP |
127 | r = image_rename(image, new_name); |
128 | if (r < 0) | |
129 | return r; | |
130 | ||
131 | return sd_bus_reply_method_return(message, NULL); | |
132 | } | |
133 | ||
1ddb263d | 134 | int bus_image_method_clone( |
ebd93cb6 LP |
135 | sd_bus_message *message, |
136 | void *userdata, | |
137 | sd_bus_error *error) { | |
138 | ||
56599585 | 139 | _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 }; |
1ddb263d | 140 | Image *image = userdata; |
70244d1d | 141 | Manager *m = image->userdata; |
ebd93cb6 LP |
142 | const char *new_name; |
143 | int r, read_only; | |
56599585 | 144 | pid_t child; |
ebd93cb6 | 145 | |
ebd93cb6 | 146 | assert(message); |
1ddb263d | 147 | assert(image); |
56599585 LP |
148 | assert(m); |
149 | ||
150 | if (m->n_operations >= OPERATIONS_MAX) | |
151 | return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations."); | |
ebd93cb6 LP |
152 | |
153 | r = sd_bus_message_read(message, "sb", &new_name, &read_only); | |
154 | if (r < 0) | |
155 | return r; | |
156 | ||
157 | if (!image_name_is_valid(new_name)) | |
158 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name); | |
159 | ||
70244d1d LP |
160 | r = bus_verify_polkit_async( |
161 | message, | |
162 | CAP_SYS_ADMIN, | |
163 | "org.freedesktop.machine1.manage-images", | |
403ed0e5 | 164 | NULL, |
70244d1d | 165 | false, |
c529695e | 166 | UID_INVALID, |
70244d1d LP |
167 | &m->polkit_registry, |
168 | error); | |
169 | if (r < 0) | |
170 | return r; | |
171 | if (r == 0) | |
172 | return 1; /* Will call us back */ | |
173 | ||
56599585 LP |
174 | if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0) |
175 | return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m"); | |
176 | ||
4c253ed1 LP |
177 | r = safe_fork("(imgclone)", FORK_RESET_SIGNALS, &child); |
178 | if (r < 0) | |
179 | return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m"); | |
180 | if (r == 0) { | |
56599585 LP |
181 | errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]); |
182 | ||
183 | r = image_clone(image, new_name, read_only); | |
184 | if (r < 0) { | |
185 | (void) write(errno_pipe_fd[1], &r, sizeof(r)); | |
186 | _exit(EXIT_FAILURE); | |
187 | } | |
188 | ||
189 | _exit(EXIT_SUCCESS); | |
190 | } | |
191 | ||
192 | errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]); | |
193 | ||
03c2b288 | 194 | r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL); |
56599585 | 195 | if (r < 0) { |
89c9030d | 196 | (void) sigkill_wait(child); |
ebd93cb6 | 197 | return r; |
56599585 | 198 | } |
ebd93cb6 | 199 | |
56599585 LP |
200 | errno_pipe_fd[0] = -1; |
201 | ||
202 | return 1; | |
ebd93cb6 LP |
203 | } |
204 | ||
1ddb263d | 205 | int bus_image_method_mark_read_only( |
ebd93cb6 LP |
206 | sd_bus_message *message, |
207 | void *userdata, | |
208 | sd_bus_error *error) { | |
209 | ||
1ddb263d | 210 | Image *image = userdata; |
70244d1d | 211 | Manager *m = image->userdata; |
ebd93cb6 LP |
212 | int r, read_only; |
213 | ||
ebd93cb6 LP |
214 | assert(message); |
215 | ||
ebd93cb6 LP |
216 | r = sd_bus_message_read(message, "b", &read_only); |
217 | if (r < 0) | |
218 | return r; | |
219 | ||
70244d1d LP |
220 | r = bus_verify_polkit_async( |
221 | message, | |
222 | CAP_SYS_ADMIN, | |
223 | "org.freedesktop.machine1.manage-images", | |
403ed0e5 | 224 | NULL, |
70244d1d | 225 | false, |
c529695e | 226 | UID_INVALID, |
70244d1d LP |
227 | &m->polkit_registry, |
228 | error); | |
229 | if (r < 0) | |
230 | return r; | |
231 | if (r == 0) | |
232 | return 1; /* Will call us back */ | |
233 | ||
ebd93cb6 LP |
234 | r = image_read_only(image, read_only); |
235 | if (r < 0) | |
236 | return r; | |
237 | ||
238 | return sd_bus_reply_method_return(message, NULL); | |
239 | } | |
240 | ||
d6ce17c7 | 241 | int bus_image_method_set_limit( |
d6ce17c7 LP |
242 | sd_bus_message *message, |
243 | void *userdata, | |
244 | sd_bus_error *error) { | |
245 | ||
246 | Image *image = userdata; | |
247 | Manager *m = image->userdata; | |
248 | uint64_t limit; | |
249 | int r; | |
250 | ||
d6ce17c7 LP |
251 | assert(message); |
252 | ||
253 | r = sd_bus_message_read(message, "t", &limit); | |
254 | if (r < 0) | |
255 | return r; | |
a90fb858 LP |
256 | if (!FILE_SIZE_VALID_OR_INFINITY(limit)) |
257 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range"); | |
d6ce17c7 LP |
258 | |
259 | r = bus_verify_polkit_async( | |
260 | message, | |
261 | CAP_SYS_ADMIN, | |
262 | "org.freedesktop.machine1.manage-images", | |
403ed0e5 | 263 | NULL, |
d6ce17c7 LP |
264 | false, |
265 | UID_INVALID, | |
266 | &m->polkit_registry, | |
267 | error); | |
268 | if (r < 0) | |
269 | return r; | |
270 | if (r == 0) | |
271 | return 1; /* Will call us back */ | |
272 | ||
273 | r = image_set_limit(image, limit); | |
274 | if (r < 0) | |
275 | return r; | |
276 | ||
277 | return sd_bus_reply_method_return(message, NULL); | |
278 | } | |
279 | ||
cf30a8c1 LP |
280 | int bus_image_method_get_hostname( |
281 | sd_bus_message *message, | |
282 | void *userdata, | |
283 | sd_bus_error *error) { | |
9153b02b | 284 | |
cf30a8c1 | 285 | Image *image = userdata; |
9153b02b LP |
286 | int r; |
287 | ||
cf30a8c1 LP |
288 | if (!image->metadata_valid) { |
289 | r = image_read_metadata(image); | |
290 | if (r < 0) | |
291 | return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m"); | |
292 | } | |
9153b02b | 293 | |
cf30a8c1 | 294 | return sd_bus_reply_method_return(message, "s", image->hostname); |
9153b02b LP |
295 | } |
296 | ||
cf30a8c1 LP |
297 | int bus_image_method_get_machine_id( |
298 | sd_bus_message *message, | |
299 | void *userdata, | |
300 | sd_bus_error *error) { | |
9153b02b | 301 | |
cf30a8c1 LP |
302 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; |
303 | Image *image = userdata; | |
304 | int r; | |
9153b02b | 305 | |
cf30a8c1 LP |
306 | if (!image->metadata_valid) { |
307 | r = image_read_metadata(image); | |
9153b02b | 308 | if (r < 0) |
cf30a8c1 | 309 | return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m"); |
9153b02b LP |
310 | } |
311 | ||
cf30a8c1 | 312 | r = sd_bus_message_new_method_return(message, &reply); |
9153b02b LP |
313 | if (r < 0) |
314 | return r; | |
315 | ||
cf30a8c1 LP |
316 | if (sd_id128_is_null(image->machine_id)) /* Add an empty array if the ID is zero */ |
317 | r = sd_bus_message_append(reply, "ay", 0); | |
318 | else | |
319 | r = sd_bus_message_append_array(reply, 'y', image->machine_id.bytes, 16); | |
9153b02b | 320 | if (r < 0) |
cf30a8c1 | 321 | return r; |
9153b02b | 322 | |
cf30a8c1 | 323 | return sd_bus_send(NULL, reply, NULL); |
9153b02b LP |
324 | } |
325 | ||
cf30a8c1 | 326 | int bus_image_method_get_machine_info( |
9153b02b LP |
327 | sd_bus_message *message, |
328 | void *userdata, | |
329 | sd_bus_error *error) { | |
330 | ||
9153b02b LP |
331 | Image *image = userdata; |
332 | int r; | |
333 | ||
cf30a8c1 LP |
334 | if (!image->metadata_valid) { |
335 | r = image_read_metadata(image); | |
336 | if (r < 0) | |
337 | return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m"); | |
338 | } | |
9153b02b | 339 | |
cf30a8c1 LP |
340 | return bus_reply_pair_array(message, image->machine_info); |
341 | } | |
9153b02b | 342 | |
cf30a8c1 LP |
343 | int bus_image_method_get_os_release( |
344 | sd_bus_message *message, | |
345 | void *userdata, | |
346 | sd_bus_error *error) { | |
9153b02b | 347 | |
cf30a8c1 LP |
348 | Image *image = userdata; |
349 | int r; | |
9153b02b | 350 | |
cf30a8c1 LP |
351 | if (!image->metadata_valid) { |
352 | r = image_read_metadata(image); | |
353 | if (r < 0) | |
354 | return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m"); | |
9153b02b | 355 | } |
9153b02b | 356 | |
cf30a8c1 | 357 | return bus_reply_pair_array(message, image->os_release); |
9153b02b LP |
358 | } |
359 | ||
ebeccf9e LP |
360 | const sd_bus_vtable image_vtable[] = { |
361 | SD_BUS_VTABLE_START(0), | |
1ddb263d LP |
362 | SD_BUS_PROPERTY("Name", "s", NULL, offsetof(Image, name), 0), |
363 | SD_BUS_PROPERTY("Path", "s", NULL, offsetof(Image, path), 0), | |
364 | SD_BUS_PROPERTY("Type", "s", property_get_type, offsetof(Image, type), 0), | |
365 | SD_BUS_PROPERTY("ReadOnly", "b", bus_property_get_bool, offsetof(Image, read_only), 0), | |
366 | SD_BUS_PROPERTY("CreationTimestamp", "t", NULL, offsetof(Image, crtime), 0), | |
367 | SD_BUS_PROPERTY("ModificationTimestamp", "t", NULL, offsetof(Image, mtime), 0), | |
c19de711 | 368 | SD_BUS_PROPERTY("Usage", "t", NULL, offsetof(Image, usage), 0), |
1ddb263d | 369 | SD_BUS_PROPERTY("Limit", "t", NULL, offsetof(Image, limit), 0), |
c19de711 | 370 | SD_BUS_PROPERTY("UsageExclusive", "t", NULL, offsetof(Image, usage_exclusive), 0), |
1ddb263d | 371 | SD_BUS_PROPERTY("LimitExclusive", "t", NULL, offsetof(Image, limit_exclusive), 0), |
70244d1d LP |
372 | SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, SD_BUS_VTABLE_UNPRIVILEGED), |
373 | SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, SD_BUS_VTABLE_UNPRIVILEGED), | |
374 | SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, SD_BUS_VTABLE_UNPRIVILEGED), | |
375 | SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, SD_BUS_VTABLE_UNPRIVILEGED), | |
d6ce17c7 | 376 | SD_BUS_METHOD("SetLimit", "t", NULL, bus_image_method_set_limit, SD_BUS_VTABLE_UNPRIVILEGED), |
cf30a8c1 LP |
377 | SD_BUS_METHOD("GetHostname", NULL, "s", bus_image_method_get_hostname, SD_BUS_VTABLE_UNPRIVILEGED), |
378 | SD_BUS_METHOD("GetMachineID", NULL, "ay", bus_image_method_get_machine_id, SD_BUS_VTABLE_UNPRIVILEGED), | |
379 | SD_BUS_METHOD("GetMachineInfo", NULL, "a{ss}", bus_image_method_get_machine_info, SD_BUS_VTABLE_UNPRIVILEGED), | |
9153b02b | 380 | SD_BUS_METHOD("GetOSRelease", NULL, "a{ss}", bus_image_method_get_os_release, SD_BUS_VTABLE_UNPRIVILEGED), |
ebeccf9e LP |
381 | SD_BUS_VTABLE_END |
382 | }; | |
383 | ||
1ddb263d LP |
384 | static int image_flush_cache(sd_event_source *s, void *userdata) { |
385 | Manager *m = userdata; | |
1ddb263d LP |
386 | |
387 | assert(s); | |
388 | assert(m); | |
389 | ||
224b0e7a | 390 | hashmap_clear_with_destructor(m->image_cache, image_unref); |
1ddb263d LP |
391 | return 0; |
392 | } | |
393 | ||
ebeccf9e | 394 | int image_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) { |
1ddb263d LP |
395 | _cleanup_free_ char *e = NULL; |
396 | Manager *m = userdata; | |
397 | Image *image = NULL; | |
398 | const char *p; | |
ebeccf9e LP |
399 | int r; |
400 | ||
401 | assert(bus); | |
402 | assert(path); | |
403 | assert(interface); | |
404 | assert(found); | |
405 | ||
1ddb263d LP |
406 | p = startswith(path, "/org/freedesktop/machine1/image/"); |
407 | if (!p) | |
408 | return 0; | |
409 | ||
410 | e = bus_label_unescape(p); | |
411 | if (!e) | |
412 | return -ENOMEM; | |
413 | ||
414 | image = hashmap_get(m->image_cache, e); | |
415 | if (image) { | |
416 | *found = image; | |
417 | return 1; | |
418 | } | |
419 | ||
420 | r = hashmap_ensure_allocated(&m->image_cache, &string_hash_ops); | |
421 | if (r < 0) | |
422 | return r; | |
423 | ||
424 | if (!m->image_cache_defer_event) { | |
425 | r = sd_event_add_defer(m->event, &m->image_cache_defer_event, image_flush_cache, m); | |
426 | if (r < 0) | |
427 | return r; | |
428 | ||
429 | r = sd_event_source_set_priority(m->image_cache_defer_event, SD_EVENT_PRIORITY_IDLE); | |
430 | if (r < 0) | |
431 | return r; | |
432 | } | |
433 | ||
434 | r = sd_event_source_set_enabled(m->image_cache_defer_event, SD_EVENT_ONESHOT); | |
435 | if (r < 0) | |
436 | return r; | |
437 | ||
438 | r = image_find(e, &image); | |
ebeccf9e LP |
439 | if (r <= 0) |
440 | return r; | |
441 | ||
70244d1d LP |
442 | image->userdata = m; |
443 | ||
1ddb263d LP |
444 | r = hashmap_put(m->image_cache, image->name, image); |
445 | if (r < 0) { | |
446 | image_unref(image); | |
447 | return r; | |
448 | } | |
449 | ||
450 | *found = image; | |
ebeccf9e LP |
451 | return 1; |
452 | } | |
453 | ||
454 | char *image_bus_path(const char *name) { | |
455 | _cleanup_free_ char *e = NULL; | |
456 | ||
457 | assert(name); | |
458 | ||
459 | e = bus_label_escape(name); | |
460 | if (!e) | |
461 | return NULL; | |
462 | ||
463 | return strappend("/org/freedesktop/machine1/image/", e); | |
464 | } | |
465 | ||
466 | int image_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) { | |
467 | _cleanup_(image_hashmap_freep) Hashmap *images = NULL; | |
468 | _cleanup_strv_free_ char **l = NULL; | |
469 | Image *image; | |
470 | Iterator i; | |
471 | int r; | |
472 | ||
473 | assert(bus); | |
474 | assert(path); | |
475 | assert(nodes); | |
476 | ||
477 | images = hashmap_new(&string_hash_ops); | |
478 | if (!images) | |
479 | return -ENOMEM; | |
480 | ||
481 | r = image_discover(images); | |
482 | if (r < 0) | |
483 | return r; | |
484 | ||
485 | HASHMAP_FOREACH(image, images, i) { | |
486 | char *p; | |
487 | ||
488 | p = image_bus_path(image->name); | |
489 | if (!p) | |
490 | return -ENOMEM; | |
491 | ||
492 | r = strv_consume(&l, p); | |
493 | if (r < 0) | |
494 | return r; | |
495 | } | |
496 | ||
1cc6c93a | 497 | *nodes = TAKE_PTR(l); |
ebeccf9e LP |
498 | |
499 | return 1; | |
500 | } |