]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/discover-image.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix compilation error
[thirdparty/systemd.git] / src / shared / discover-image.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
cd61c3bf 2
a8fbdf54 3#include <errno.h>
ebd93cb6 4#include <fcntl.h>
e08f94ac
LP		 5#include <linux/fs.h>
6#include <linux/loop.h>
65ddc2c5 7#include <linux/magic.h>
a8fbdf54
TA		 8#include <stdio.h>
9#include <stdlib.h>
e306723e 10#include <sys/file.h>
204f52e3 11#include <sys/ioctl.h>
a8fbdf54
TA		 12#include <sys/stat.h>
13#include <unistd.h>
546dbec5 14
b5efdb8a 15#include "alloc-util.h"
cd61c3bf 16#include "btrfs-util.h"
f461a28d 17#include "chase.h"
c8b3094d 18#include "chattr-util.h"
ebd93cb6 19#include "copy.h"
a0956174 20#include "dirent-util.h"
57f1b61b 21#include "discover-image.h"
c7664c07 22#include "dissect-image.h"
686d13b9 23#include "env-file.h"
b6e953f2 24#include "env-util.h"
6afa5d86 25#include "extension-util.h"
3ffd4af2 26#include "fd-util.h"
f4f15635 27#include "fs-util.h"
a8fbdf54 28#include "hashmap.h"
e2054217 29#include "hostname-setup.h"
c7664c07 30#include "id128-util.h"
73740c9f 31#include "initrd-util.h"
64e89f56 32#include "lock-util.h"
a8fbdf54 33#include "log.h"
c7664c07 34#include "loop-util.h"
546dbec5 35#include "macro.h"
30535c16 36#include "mkdir.h"
d8b4d14d 37#include "nulstr-util.h"
d58ad743 38#include "os-util.h"
8e0b6570 39#include "path-util.h"
c6878637 40#include "rm-rf.h"
65ddc2c5 41#include "stat-util.h"
8b43440b 42#include "string-table.h"
07630cea 43#include "string-util.h"
8e0b6570 44#include "strv.h"
a8fbdf54 45#include "time-util.h"
8e0b6570 46#include "utf8.h"
89a5a90c 47#include "xattr-util.h"
cd61c3bf 48
5ef46e5f 49static const char* const image_search_path[_IMAGE_CLASS_MAX] = {
9bca4ae4
LP		 50 [IMAGE_MACHINE] = "/etc/machines\0" /* only place symlinks here */
51 "/run/machines\0" /* and here too */
52 "/var/lib/machines\0" /* the main place for images */
53 "/var/lib/container\0" /* legacy */
54 "/usr/local/lib/machines\0"
55 "/usr/lib/machines\0",
5ef46e5f 56
9bca4ae4
LP		 57 [IMAGE_PORTABLE] = "/etc/portables\0" /* only place symlinks here */
58 "/run/portables\0" /* and here too */
59 "/var/lib/portables\0" /* the main place for images */
60 "/usr/local/lib/portables\0"
61 "/usr/lib/portables\0",
62
de862276
LB		 63 /* Note that we don't allow storing extensions under /usr/, unlike with other image types. That's
64 * because extension images are supposed to extend /usr/, so you get into recursive races, especially
65 * with directory-based extensions, as the kernel's OverlayFS explicitly checks for this and errors
66 * out with -ELOOP if it finds that a lowerdir= is a child of another lowerdir=. */
b60e0f57 67 [IMAGE_SYSEXT] = "/etc/extensions\0" /* only place symlinks here */
68 "/run/extensions\0" /* and here too */
69 "/var/lib/extensions\0", /* the main place for images */
70
71 [IMAGE_CONFEXT] = "/run/confexts\0" /* only place symlinks here */
72 "/var/lib/confexts\0" /* the main place for images */
73 "/usr/local/lib/confexts\0"
74 "/usr/lib/confexts\0",
5ef46e5f 75};
c2ce6a3d 76
73740c9f
LP		 77/* Inside the initrd, use a slightly different set of search path (i.e. include .extra/sysext in extension
78 * search dir) */
79static const char* const image_search_path_initrd[_IMAGE_CLASS_MAX] = {
80 /* (entries that aren't listed here will get the same search path as for the non initrd-case) */
81
14cb10b7
DDM		 82 [IMAGE_SYSEXT] = "/etc/extensions\0" /* only place symlinks here */
83 "/run/extensions\0" /* and here too */
84 "/var/lib/extensions\0" /* the main place for images */
85 "/usr/local/lib/extensions\0"
86 "/usr/lib/extensions\0"
87 "/.extra/sysext\0" /* put sysext picked up by systemd-stub last, since not trusted */
73740c9f
LP		 88};
89
8301aa0b
YW		 90static Image *image_free(Image *i) {
91 assert(i);
9614bb06 92
cd61c3bf
LP		 93 free(i->name);
94 free(i->path);
c7664c07
LP		 95
96 free(i->hostname);
97 strv_free(i->machine_info);
98 strv_free(i->os_release);
bcf94222 99 strv_free(i->extension_release);
c7664c07 100
6b430fdb 101 return mfree(i);
cd61c3bf
LP		 102}
103
8301aa0b 104DEFINE_TRIVIAL_REF_UNREF_FUNC(Image, image, image_free);
b07ec5a1
YW		 105DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(image_hash_ops, char, string_hash_func, string_compare_func,
106 Image, image_unref);
9614bb06 107
8e0b6570
LP		 108static char **image_settings_path(Image *image) {
109 _cleanup_strv_free_ char **l = NULL;
162f6477
LP		 110 _cleanup_free_ char *fn = NULL;
111 size_t i = 0;
112 int r;
8e0b6570
LP		 113
114 assert(image);
115
116 l = new0(char*, 4);
117 if (!l)
118 return NULL;
119
162f6477
LP		 120 fn = strjoin(image->name, ".nspawn");
121 if (!fn)
122 return NULL;
8e0b6570 123
b910cc72
LP		 124 FOREACH_STRING(s, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
125 l[i] = path_join(s, fn);
8e0b6570
LP		 126 if (!l[i])
127 return NULL;
128
129 i++;
130 }
131
162f6477
LP		 132 r = file_in_same_dir(image->path, fn, l + i);
133 if (r == -ENOMEM)
8e0b6570 134 return NULL;
162f6477
LP		 135 if (r < 0)
136 log_debug_errno(r, "Failed to generate .nspawn settings path from image path, ignoring: %m");
137
138 strv_uniq(l);
8e0b6570 139
ae2a15bc 140 return TAKE_PTR(l);
8e0b6570
LP		 141}
142
162f6477
LP		 143static int image_roothash_path(Image *image, char **ret) {
144 _cleanup_free_ char *fn = NULL;
bafbac4e
LP		 145
146 assert(image);
147
162f6477
LP		 148 fn = strjoin(image->name, ".roothash");
149 if (!fn)
150 return -ENOMEM;
bafbac4e 151
162f6477 152 return file_in_same_dir(image->path, fn, ret);
bafbac4e
LP		 153}
154
c2ce6a3d 155static int image_new(
cd61c3bf 156 ImageType t,
3775e141 157 ImageClass c,
5fc7f358 158 const char *pretty,
cd61c3bf 159 const char *path,
5fc7f358 160 const char *filename,
cd61c3bf 161 bool read_only,
10f9c755 162 usec_t crtime,
cd61c3bf 163 usec_t mtime,
c2ce6a3d 164 Image **ret) {
cd61c3bf
LP		 165
166 _cleanup_(image_unrefp) Image *i = NULL;
cd61c3bf 167
cd61c3bf
LP		 168 assert(t >= 0);
169 assert(t < _IMAGE_TYPE_MAX);
5fc7f358
LP		 170 assert(pretty);
171 assert(filename);
c2ce6a3d 172 assert(ret);
cd61c3bf 173
c2108701 174 i = new(Image, 1);
cd61c3bf
LP		 175 if (!i)
176 return -ENOMEM;
177
c2108701
LP		 178 *i = (Image) {
179 .n_ref = 1,
180 .type = t,
3775e141 181 .class = c,
c2108701
LP		 182 .read_only = read_only,
183 .crtime = crtime,
184 .mtime = mtime,
185 .usage = UINT64_MAX,
186 .usage_exclusive = UINT64_MAX,
187 .limit = UINT64_MAX,
188 .limit_exclusive = UINT64_MAX,
189 };
cd61c3bf 190
5fc7f358 191 i->name = strdup(pretty);
cd61c3bf
LP		 192 if (!i->name)
193 return -ENOMEM;
194
657ee2d8 195 i->path = path_join(path, filename);
5fc7f358
LP		 196 if (!i->path)
197 return -ENOMEM;
198
4ff361cc 199 path_simplify(i->path);
cd61c3bf 200
1cc6c93a 201 *ret = TAKE_PTR(i);
c2ce6a3d 202
cd61c3bf
LP		 203 return 0;
204}
205
4756c94e
LP		 206static int extract_pretty(const char *path, const char *suffix, char **ret) {
207 _cleanup_free_ char *name = NULL;
208 const char *p;
4756c94e
LP		 209
210 assert(path);
211 assert(ret);
212
213 p = last_path_component(path);
4756c94e 214
e8bec624 215 name = strdupcspn(p, "/");
4756c94e
LP		 216 if (!name)
217 return -ENOMEM;
218
219 if (suffix) {
220 char *e;
221
222 e = endswith(name, suffix);
223 if (!e)
224 return -EINVAL;
225
226 *e = 0;
227 }
228
229 if (!image_name_is_valid(name))
230 return -EINVAL;
231
232 *ret = TAKE_PTR(name);
233 return 0;
234}
235
5fc7f358 236static int image_make(
3775e141 237 ImageClass c,
5fc7f358
LP		 238 const char *pretty,
239 int dfd,
240 const char *path,
241 const char *filename,
3a6ce860 242 const struct stat *st,
5fc7f358
LP		 243 Image **ret) {
244
2570578d 245 _cleanup_free_ char *pretty_buffer = NULL, *parent = NULL;
3a6ce860 246 struct stat stbuf;
5fc7f358 247 bool read_only;
cd61c3bf
LP		 248 int r;
249
3a6ce860 250 assert(dfd >= 0 || dfd == AT_FDCWD);
bcb846f3 251 assert(path || dfd == AT_FDCWD);
5fc7f358 252 assert(filename);
cd61c3bf 253
eb38edce 254 /* We explicitly *do* follow symlinks here, since we want to allow symlinking trees, raw files and block
3a6ce860
LP		 255 * devices into /var/lib/machines/, and treat them normally.
256 *
257 * This function returns -ENOENT if we can't find the image after all, and -EMEDIUMTYPE if it's not a file we
258 * recognize. */
cd61c3bf 259
3a6ce860
LP		 260 if (!st) {
261 if (fstatat(dfd, filename, &stbuf, 0) < 0)
262 return -errno;
263
264 st = &stbuf;
265 }
cd61c3bf 266
2570578d
LP		 267 if (!path) {
268 if (dfd == AT_FDCWD)
269 (void) safe_getcwd(&parent);
270 else
271 (void) fd_get_path(dfd, &parent);
272 }
bcb846f3 273
5fc7f358
LP		 274 read_only =
275 (path && path_startswith(path, "/usr")) ||
08ff5529 276 (faccessat(dfd, filename, W_OK, AT_EACCESS) < 0 && errno == EROFS);
86e339c8 277
3a6ce860 278 if (S_ISDIR(st->st_mode)) {
254d1313 279 _cleanup_close_ int fd = -EBADF;
01b72568 280 unsigned file_attr = 0;
02dcf215 281 usec_t crtime = 0;
cd61c3bf 282
c2ce6a3d 283 if (!ret)
3a6ce860 284 return 0;
cd61c3bf 285
4756c94e
LP		 286 if (!pretty) {
287 r = extract_pretty(filename, NULL, &pretty_buffer);
288 if (r < 0)
289 return r;
290
291 pretty = pretty_buffer;
292 }
5fc7f358 293
01b72568
LP		 294 fd = openat(dfd, filename, O_CLOEXEC|O_NOCTTY|O_DIRECTORY);
295 if (fd < 0)
296 return -errno;
297
674b04ff 298 if (btrfs_might_be_subvol(st)) {
cd61c3bf 299
65ddc2c5 300 r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC);
21222ea5
LP		 301 if (r < 0)
302 return r;
303 if (r) {
10f9c755 304 BtrfsSubvolInfo info;
cd61c3bf 305
c2ce6a3d 306 /* It's a btrfs subvolume */
cd61c3bf 307
5bcd08db 308 r = btrfs_subvol_get_info_fd(fd, 0, &info);
10f9c755
LP		 309 if (r < 0)
310 return r;
c2ce6a3d
LP		 311
312 r = image_new(IMAGE_SUBVOLUME,
3775e141 313 c,
5fc7f358 314 pretty,
c2ce6a3d 315 path,
5fc7f358
LP		 316 filename,
317 info.read_only || read_only,
10f9c755 318 info.otime,
c2ce6a3d 319 0,
c2ce6a3d
LP		 320 ret);
321 if (r < 0)
322 return r;
323
5bcd08db
LP		 324 if (btrfs_quota_scan_ongoing(fd) == 0) {
325 BtrfsQuotaInfo quota;
b6b18498 326
5bcd08db
LP		 327 r = btrfs_subvol_get_subtree_quota_fd(fd, 0, &quota);
328 if (r >= 0) {
329 (*ret)->usage = quota.referenced;
330 (*ret)->usage_exclusive = quota.exclusive;
331
332 (*ret)->limit = quota.referenced_max;
333 (*ret)->limit_exclusive = quota.exclusive_max;
334 }
b6b18498
LP		 335 }
336
3a6ce860 337 return 0;
cd61c3bf 338 }
c2ce6a3d 339 }
cd61c3bf 340
02dcf215 341 /* Get directory creation time (not available everywhere, but that's OK */
12a7f04a 342 (void) fd_getcrtime(fd, &crtime);
02dcf215
LP		 343
344 /* If the IMMUTABLE bit is set, we consider the directory read-only. Since the ioctl is not
01b72568
LP		 345 * supported everywhere we ignore failures. */
346 (void) read_attr_fd(fd, &file_attr);
cd61c3bf 347
01b72568 348 /* It's just a normal directory. */
c2ce6a3d 349 r = image_new(IMAGE_DIRECTORY,
3775e141 350 c,
5fc7f358 351 pretty,
c2ce6a3d 352 path,
5fc7f358 353 filename,
01b72568 354 read_only || (file_attr & FS_IMMUTABLE_FL),
02dcf215
LP		 355 crtime,
356 0, /* we don't use mtime of stat() here, since it's not the time of last change of the tree, but only of the top-level dir */
c2ce6a3d
LP		 357 ret);
358 if (r < 0)
359 return r;
cd61c3bf 360
3a6ce860 361 return 0;
cd61c3bf 362
3a6ce860 363 } else if (S_ISREG(st->st_mode) && endswith(filename, ".raw")) {
10f9c755 364 usec_t crtime = 0;
cd61c3bf 365
aceac2f0 366 /* It's a RAW disk image */
cd61c3bf 367
c2ce6a3d 368 if (!ret)
3a6ce860 369 return 0;
cd61c3bf 370
c53e07e2 371 (void) fd_getcrtime_at(dfd, filename, AT_SYMLINK_FOLLOW, &crtime);
10f9c755 372
4756c94e
LP		 373 if (!pretty) {
374 r = extract_pretty(filename, ".raw", &pretty_buffer);
375 if (r < 0)
376 return r;
377
378 pretty = pretty_buffer;
379 }
10f9c755 380
aceac2f0 381 r = image_new(IMAGE_RAW,
3775e141 382 c,
5fc7f358 383 pretty,
c2ce6a3d 384 path,
5fc7f358 385 filename,
3a6ce860 386 !(st->st_mode & 0222) || read_only,
10f9c755 387 crtime,
3a6ce860 388 timespec_load(&st->st_mtim),
c2ce6a3d
LP		 389 ret);
390 if (r < 0)
391 return r;
cd61c3bf 392
3a6ce860
LP		 393 (*ret)->usage = (*ret)->usage_exclusive = st->st_blocks * 512;
394 (*ret)->limit = (*ret)->limit_exclusive = st->st_size;
b6b18498 395
3a6ce860 396 return 0;
eb38edce 397
3a6ce860 398 } else if (S_ISBLK(st->st_mode)) {
254d1313 399 _cleanup_close_ int block_fd = -EBADF;
eb38edce
LP		 400 uint64_t size = UINT64_MAX;
401
402 /* A block device */
403
404 if (!ret)
3a6ce860 405 return 0;
eb38edce 406
4756c94e
LP		 407 if (!pretty) {
408 r = extract_pretty(filename, NULL, &pretty_buffer);
409 if (r < 0)
410 return r;
411
412 pretty = pretty_buffer;
413 }
eb38edce
LP		 414
415 block_fd = openat(dfd, filename, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY);
416 if (block_fd < 0)
2570578d 417 log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
eb38edce 418 else {
3a6ce860
LP		 419 /* Refresh stat data after opening the node */
420 if (fstat(block_fd, &stbuf) < 0)
eb38edce 421 return -errno;
3a6ce860
LP		 422 st = &stbuf;
423
424 if (!S_ISBLK(st->st_mode)) /* Verify that what we opened is actually what we think it is */
eb38edce
LP		 425 return -ENOTTY;
426
427 if (!read_only) {
428 int state = 0;
429
430 if (ioctl(block_fd, BLKROGET, &state) < 0)
2570578d 431 log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
eb38edce
LP		 432 else if (state)
433 read_only = true;
434 }
435
436 if (ioctl(block_fd, BLKGETSIZE64, &size) < 0)
2570578d 437 log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
eb38edce
LP		 438
439 block_fd = safe_close(block_fd);
440 }
441
442 r = image_new(IMAGE_BLOCK,
3775e141 443 c,
eb38edce
LP		 444 pretty,
445 path,
446 filename,
3a6ce860 447 !(st->st_mode & 0222) || read_only,
eb38edce
LP		 448 0,
449 0,
450 ret);
451 if (r < 0)
452 return r;
453
ed0cb346 454 if (!IN_SET(size, 0, UINT64_MAX))
eb38edce
LP		 455 (*ret)->usage = (*ret)->usage_exclusive = (*ret)->limit = (*ret)->limit_exclusive = size;
456
3a6ce860 457 return 0;
c2ce6a3d 458 }
cd61c3bf 459
3a6ce860 460 return -EMEDIUMTYPE;
c2ce6a3d 461}
cd61c3bf 462
73740c9f
LP		 463static const char *pick_image_search_path(ImageClass class) {
464 if (class < 0 || class >= _IMAGE_CLASS_MAX)
465 return NULL;
466
467 /* Use the initrd search path if there is one, otherwise use the common one */
468 return in_initrd() && image_search_path_initrd[class] ? image_search_path_initrd[class] : image_search_path[class];
469}
470
d577d4a4
LP		 471int image_find(ImageClass class,
472 const char *name,
473 const char *root,
474 Image **ret) {
475
c2ce6a3d 476 int r;
cd61c3bf 477
5ef46e5f
LP		 478 assert(class >= 0);
479 assert(class < _IMAGE_CLASS_MAX);
c2ce6a3d 480 assert(name);
cd61c3bf 481
c2ce6a3d
LP		 482 /* There are no images with invalid names */
483 if (!image_name_is_valid(name))
3a6ce860 484 return -ENOENT;
cd61c3bf 485
73740c9f 486 NULSTR_FOREACH(path, pick_image_search_path(class)) {
d577d4a4 487 _cleanup_free_ char *resolved = NULL;
c2ce6a3d 488 _cleanup_closedir_ DIR *d = NULL;
3a6ce860 489 struct stat st;
d577d4a4 490 int flags;
cd61c3bf 491
f461a28d 492 r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d);
d577d4a4
LP		 493 if (r == -ENOENT)
494 continue;
495 if (r < 0)
496 return r;
cd61c3bf 497
d577d4a4
LP		 498 /* As mentioned above, we follow symlinks on this fstatat(), because we want to permit people
499 * to symlink block devices into the search path. (For now, we disable that when operating
500 * relative to some root directory.) */
501 flags = root ? AT_SYMLINK_NOFOLLOW : 0;
502 if (fstatat(dirfd(d), name, &st, flags) < 0) {
aceac2f0 503 _cleanup_free_ char *raw = NULL;
5fc7f358 504
3a6ce860
LP		 505 if (errno != ENOENT)
506 return -errno;
507
b910cc72 508 raw = strjoin(name, ".raw");
aceac2f0 509 if (!raw)
5fc7f358
LP		 510 return -ENOMEM;
511
d577d4a4 512 if (fstatat(dirfd(d), raw, &st, flags) < 0) {
3a6ce860
LP		 513 if (errno == ENOENT)
514 continue;
515
516 return -errno;
517 }
518
519 if (!S_ISREG(st.st_mode))
5fc7f358 520 continue;
3a6ce860 521
3775e141 522 r = image_make(class, name, dirfd(d), resolved, raw, &st, ret);
3a6ce860
LP		 523
524 } else {
525 if (!S_ISDIR(st.st_mode) && !S_ISBLK(st.st_mode))
526 continue;
527
3775e141 528 r = image_make(class, name, dirfd(d), resolved, name, &st, ret);
5fc7f358 529 }
3a6ce860
LP		 530 if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
531 continue;
c2ce6a3d
LP		 532 if (r < 0)
533 return r;
cd61c3bf 534
cf604fd4
LP		 535 if (ret)
536 (*ret)->discoverable = true;
537
c2ce6a3d
LP		 538 return 1;
539 }
540
cf604fd4 541 if (class == IMAGE_MACHINE && streq(name, ".host")) {
3775e141 542 r = image_make(class, ".host", AT_FDCWD, NULL, empty_to_root(root), NULL, ret);
cf604fd4
LP		 543 if (r < 0)
544 return r;
545
546 if (ret)
547 (*ret)->discoverable = true;
548
549 return r;
550 }
5fc7f358 551
3a6ce860 552 return -ENOENT;
c2ce6a3d
LP		 553};
554
2ddf182b 555int image_from_path(const char *path, Image **ret) {
cf604fd4
LP		 556
557 /* Note that we don't set the 'discoverable' field of the returned object, because we don't check here whether
558 * the image is in the image search path. And if it is we don't know if the path we used is actually not
3fe91079 559 * overridden by another, different image earlier in the search path */
cf604fd4 560
2ddf182b 561 if (path_equal(path, "/"))
3775e141 562 return image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, "/", NULL, ret);
2ddf182b 563
3775e141 564 return image_make(_IMAGE_CLASS_INVALID, NULL, AT_FDCWD, NULL, path, NULL, ret);
2ddf182b
LP		 565}
566
d577d4a4 567int image_find_harder(ImageClass class, const char *name_or_path, const char *root, Image **ret) {
2ddf182b 568 if (image_name_is_valid(name_or_path))
d577d4a4 569 return image_find(class, name_or_path, root, ret);
2ddf182b
LP		 570
571 return image_from_path(name_or_path, ret);
572}
573
d577d4a4
LP		 574int image_discover(
575 ImageClass class,
576 const char *root,
577 Hashmap *h) {
578
c2ce6a3d
LP		 579 int r;
580
5ef46e5f
LP		 581 assert(class >= 0);
582 assert(class < _IMAGE_CLASS_MAX);
c2ce6a3d
LP		 583 assert(h);
584
73740c9f 585 NULSTR_FOREACH(path, pick_image_search_path(class)) {
d577d4a4 586 _cleanup_free_ char *resolved = NULL;
c2ce6a3d 587 _cleanup_closedir_ DIR *d = NULL;
c2ce6a3d 588
f461a28d 589 r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d);
d577d4a4
LP		 590 if (r == -ENOENT)
591 continue;
592 if (r < 0)
593 return r;
c2ce6a3d
LP		 594
595 FOREACH_DIRENT_ALL(de, d, return -errno) {
596 _cleanup_(image_unrefp) Image *image = NULL;
1bf36bf9 597 _cleanup_free_ char *truncated = NULL;
3a6ce860
LP		 598 const char *pretty;
599 struct stat st;
d577d4a4 600 int flags;
c2ce6a3d 601
1bf36bf9 602 if (dot_or_dot_dot(de->d_name))
c2ce6a3d
LP		 603 continue;
604
d577d4a4
LP		 605 /* As mentioned above, we follow symlinks on this fstatat(), because we want to
606 * permit people to symlink block devices into the search path. */
607 flags = root ? AT_SYMLINK_NOFOLLOW : 0;
608 if (fstatat(dirfd(d), de->d_name, &st, flags) < 0) {
3a6ce860
LP		 609 if (errno == ENOENT)
610 continue;
611
612 return -errno;
613 }
614
615 if (S_ISREG(st.st_mode)) {
616 const char *e;
617
618 e = endswith(de->d_name, ".raw");
619 if (!e)
620 continue;
621
1bf36bf9
LP		 622 truncated = strndup(de->d_name, e - de->d_name);
623 if (!truncated)
624 return -ENOMEM;
625
626 pretty = truncated;
3a6ce860 627 } else if (S_ISDIR(st.st_mode) || S_ISBLK(st.st_mode))
1bf36bf9 628 pretty = de->d_name;
3a6ce860
LP		 629 else
630 continue;
1bf36bf9
LP		 631
632 if (!image_name_is_valid(pretty))
633 continue;
634
635 if (hashmap_contains(h, pretty))
c2ce6a3d
LP		 636 continue;
637
3775e141 638 r = image_make(class, pretty, dirfd(d), resolved, de->d_name, &st, &image);
3a6ce860 639 if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
c2ce6a3d
LP		 640 continue;
641 if (r < 0)
642 return r;
643
cf604fd4
LP		 644 image->discoverable = true;
645
c2ce6a3d
LP		 646 r = hashmap_put(h, image->name, image);
647 if (r < 0)
648 return r;
649
650 image = NULL;
cd61c3bf
LP		 651 }
652 }
653
5ef46e5f 654 if (class == IMAGE_MACHINE && !hashmap_contains(h, ".host")) {
5fc7f358
LP		 655 _cleanup_(image_unrefp) Image *image = NULL;
656
3775e141 657 r = image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, empty_to_root("/"), NULL, &image);
5fc7f358
LP		 658 if (r < 0)
659 return r;
660
cf604fd4
LP		 661 image->discoverable = true;
662
5fc7f358
LP		 663 r = hashmap_put(h, image->name, image);
664 if (r < 0)
665 return r;
666
667 image = NULL;
5fc7f358
LP		 668 }
669
cd61c3bf
LP		 670 return 0;
671}
672
08682124 673int image_remove(Image *i) {
8e766630 674 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
8e0b6570 675 _cleanup_strv_free_ char **settings = NULL;
bafbac4e 676 _cleanup_free_ char *roothash = NULL;
30535c16
LP		 677 int r;
678
08682124
LP		 679 assert(i);
680
d94c2b06 681 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
08682124
LP		 682 return -EROFS;
683
8e0b6570
LP		 684 settings = image_settings_path(i);
685 if (!settings)
686 return -ENOMEM;
687
162f6477
LP		 688 r = image_roothash_path(i, &roothash);
689 if (r < 0)
690 return r;
bafbac4e 691
30535c16
LP		 692 /* Make sure we don't interfere with a running nspawn */
693 r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
694 if (r < 0)
695 return r;
696
ebd93cb6
LP		 697 switch (i->type) {
698
699 case IMAGE_SUBVOLUME:
9fb0b9c7
LP		 700
701 /* Let's unlink first, maybe it is a symlink? If that works we are happy. Otherwise, let's get out the
702 * big guns */
703 if (unlink(i->path) < 0) {
704 r = btrfs_subvol_remove(i->path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
705 if (r < 0)
706 return r;
707 }
708
8e0b6570 709 break;
ebd93cb6
LP		 710
711 case IMAGE_DIRECTORY:
01b72568 712 /* Allow deletion of read-only directories */
db9a4254 713 (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL);
8e0b6570
LP		 714 r = rm_rf(i->path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
715 if (r < 0)
716 return r;
717
718 break;
01b72568 719
eb38edce
LP		 720 case IMAGE_BLOCK:
721
722 /* If this is inside of /dev, then it's a real block device, hence let's not touch the device node
723 * itself (but let's remove the stuff stored alongside it). If it's anywhere else, let's try to unlink
724 * the thing (it's most likely a symlink after all). */
725
726 if (path_startswith(i->path, "/dev"))
727 break;
728
4831981d 729 _fallthrough_;
aceac2f0 730 case IMAGE_RAW:
41d1ed05
LP		 731 if (unlink(i->path) < 0)
732 return -errno;
8e0b6570 733 break;
ebd93cb6
LP		 734
735 default:
15411c0c 736 return -EOPNOTSUPP;
ebd93cb6 737 }
8e0b6570 738
de010b0b 739 STRV_FOREACH(j, settings)
8e0b6570
LP		 740 if (unlink(*j) < 0 && errno != ENOENT)
741 log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", *j);
8e0b6570 742
bafbac4e
LP		 743 if (unlink(roothash) < 0 && errno != ENOENT)
744 log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", roothash);
745
8e0b6570
LP		 746 return 0;
747}
748
bafbac4e 749static int rename_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
162f6477
LP		 750 _cleanup_free_ char *fn = NULL, *rs = NULL;
751 int r;
8e0b6570 752
162f6477
LP		 753 fn = strjoin(new_name, suffix);
754 if (!fn)
8e0b6570
LP		 755 return -ENOMEM;
756
162f6477
LP		 757 r = file_in_same_dir(path, fn, &rs);
758 if (r < 0)
759 return r;
760
8e0b6570 761 return rename_noreplace(AT_FDCWD, path, AT_FDCWD, rs);
ebd93cb6
LP		 762}
763
764int image_rename(Image *i, const char *new_name) {
8e766630 765 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT, name_lock = LOCK_FILE_INIT;
bafbac4e 766 _cleanup_free_ char *new_path = NULL, *nn = NULL, *roothash = NULL;
8e0b6570 767 _cleanup_strv_free_ char **settings = NULL;
01b72568 768 unsigned file_attr = 0;
ebd93cb6
LP		 769 int r;
770
771 assert(i);
772
773 if (!image_name_is_valid(new_name))
774 return -EINVAL;
775
d94c2b06 776 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
ebd93cb6
LP		 777 return -EROFS;
778
8e0b6570
LP		 779 settings = image_settings_path(i);
780 if (!settings)
781 return -ENOMEM;
782
162f6477
LP		 783 r = image_roothash_path(i, &roothash);
784 if (r < 0)
785 return r;
bafbac4e 786
30535c16
LP		 787 /* Make sure we don't interfere with a running nspawn */
788 r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
789 if (r < 0)
790 return r;
791
792 /* Make sure nobody takes the new name, between the time we
793 * checked it is currently unused in all search paths, and the
f8e2f4d6 794 * time we take possession of it */
30535c16
LP		 795 r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock);
796 if (r < 0)
797 return r;
798
d577d4a4 799 r = image_find(IMAGE_MACHINE, new_name, NULL, NULL);
3a6ce860 800 if (r >= 0)
ebd93cb6 801 return -EEXIST;
3a6ce860
LP		 802 if (r != -ENOENT)
803 return r;
ebd93cb6
LP		 804
805 switch (i->type) {
806
ebd93cb6 807 case IMAGE_DIRECTORY:
01b72568
LP		 808 /* Turn of the immutable bit while we rename the image, so that we can rename it */
809 (void) read_attr_path(i->path, &file_attr);
810
811 if (file_attr & FS_IMMUTABLE_FL)
db9a4254 812 (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL);
01b72568 813
4831981d 814 _fallthrough_;
01b72568 815 case IMAGE_SUBVOLUME:
162f6477 816 r = file_in_same_dir(i->path, new_name, &new_path);
ebd93cb6
LP		 817 break;
818
eb38edce
LP		 819 case IMAGE_BLOCK:
820
821 /* Refuse renaming raw block devices in /dev, the names are picked by udev after all. */
822 if (path_startswith(i->path, "/dev"))
823 return -EROFS;
824
162f6477 825 r = file_in_same_dir(i->path, new_name, &new_path);
eb38edce
LP		 826 break;
827
aceac2f0 828 case IMAGE_RAW: {
ebd93cb6
LP		 829 const char *fn;
830
63c372cb 831 fn = strjoina(new_name, ".raw");
162f6477
LP		 832
833 r = file_in_same_dir(i->path, fn, &new_path);
ebd93cb6
LP		 834 break;
835 }
836
837 default:
15411c0c 838 return -EOPNOTSUPP;
ebd93cb6 839 }
162f6477
LP		 840 if (r < 0)
841 return r;
ebd93cb6
LP		 842
843 nn = strdup(new_name);
844 if (!nn)
845 return -ENOMEM;
846
f85ef957
AC		 847 r = rename_noreplace(AT_FDCWD, i->path, AT_FDCWD, new_path);
848 if (r < 0)
849 return r;
ebd93cb6 850
01b72568
LP		 851 /* Restore the immutable bit, if it was set before */
852 if (file_attr & FS_IMMUTABLE_FL)
db9a4254 853 (void) chattr_path(new_path, FS_IMMUTABLE_FL, FS_IMMUTABLE_FL, NULL);
01b72568 854
f9ecfd3b
DL		 855 free_and_replace(i->path, new_path);
856 free_and_replace(i->name, nn);
ebd93cb6 857
8e0b6570 858 STRV_FOREACH(j, settings) {
bafbac4e 859 r = rename_auxiliary_file(*j, new_name, ".nspawn");
8e0b6570
LP		 860 if (r < 0 && r != -ENOENT)
861 log_debug_errno(r, "Failed to rename settings file %s, ignoring: %m", *j);
862 }
863
bafbac4e
LP		 864 r = rename_auxiliary_file(roothash, new_name, ".roothash");
865 if (r < 0 && r != -ENOENT)
866 log_debug_errno(r, "Failed to rename roothash file %s, ignoring: %m", roothash);
867
ebd93cb6
LP		 868 return 0;
869}
870
bafbac4e 871static int clone_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
162f6477
LP		 872 _cleanup_free_ char *fn = NULL, *rs = NULL;
873 int r;
8e0b6570 874
162f6477
LP		 875 fn = strjoin(new_name, suffix);
876 if (!fn)
8e0b6570
LP		 877 return -ENOMEM;
878
162f6477
LP		 879 r = file_in_same_dir(path, fn, &rs);
880 if (r < 0)
881 return r;
882
7c2f5495 883 return copy_file_atomic(path, rs, 0664, COPY_REFLINK);
8e0b6570
LP		 884}
885
ebd93cb6 886int image_clone(Image *i, const char *new_name, bool read_only) {
8e766630 887 _cleanup_(release_lock_file) LockFile name_lock = LOCK_FILE_INIT;
8e0b6570 888 _cleanup_strv_free_ char **settings = NULL;
bafbac4e 889 _cleanup_free_ char *roothash = NULL;
ebd93cb6
LP		 890 const char *new_path;
891 int r;
892
893 assert(i);
894
895 if (!image_name_is_valid(new_name))
896 return -EINVAL;
897
8e0b6570
LP		 898 settings = image_settings_path(i);
899 if (!settings)
900 return -ENOMEM;
901
162f6477
LP		 902 r = image_roothash_path(i, &roothash);
903 if (r < 0)
904 return r;
bafbac4e 905
30535c16
LP		 906 /* Make sure nobody takes the new name, between the time we
907 * checked it is currently unused in all search paths, and the
f8e2f4d6 908 * time we take possession of it */
30535c16
LP		 909 r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock);
910 if (r < 0)
911 return r;
912
d577d4a4 913 r = image_find(IMAGE_MACHINE, new_name, NULL, NULL);
3a6ce860 914 if (r >= 0)
ebd93cb6 915 return -EEXIST;
3a6ce860
LP		 916 if (r != -ENOENT)
917 return r;
ebd93cb6
LP		 918
919 switch (i->type) {
920
921 case IMAGE_SUBVOLUME:
922 case IMAGE_DIRECTORY:
9a50e3ca 923 /* If we can we'll always try to create a new btrfs subvolume here, even if the source is a plain
13e785f7 924 * directory. */
9a50e3ca 925
63c372cb 926 new_path = strjoina("/var/lib/machines/", new_name);
ebd93cb6 927
17cbb288
LP		 928 r = btrfs_subvol_snapshot(i->path, new_path,
929 (read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) |
930 BTRFS_SNAPSHOT_FALLBACK_COPY |
931 BTRFS_SNAPSHOT_FALLBACK_DIRECTORY |
932 BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE |
933 BTRFS_SNAPSHOT_RECURSIVE |
934 BTRFS_SNAPSHOT_QUOTA);
935 if (r >= 0)
9a50e3ca 936 /* Enable "subtree" quotas for the copy, if we didn't copy any quota from the source. */
8120ee28 937 (void) btrfs_subvol_auto_qgroup(new_path, 0, true);
5bcd08db 938
ebd93cb6
LP		 939 break;
940
aceac2f0 941 case IMAGE_RAW:
63c372cb 942 new_path = strjoina("/var/lib/machines/", new_name, ".raw");
ebd93cb6 943
7c2f5495
DDM		 944 r = copy_file_atomic_full(i->path, new_path, read_only ? 0444 : 0644, FS_NOCOW_FL, FS_NOCOW_FL,
945 COPY_REFLINK|COPY_CRTIME, NULL, NULL);
ebd93cb6
LP		 946 break;
947
eb38edce 948 case IMAGE_BLOCK:
ebd93cb6 949 default:
15411c0c 950 return -EOPNOTSUPP;
ebd93cb6
LP		 951 }
952
953 if (r < 0)
954 return r;
955
8e0b6570 956 STRV_FOREACH(j, settings) {
bafbac4e 957 r = clone_auxiliary_file(*j, new_name, ".nspawn");
8e0b6570
LP		 958 if (r < 0 && r != -ENOENT)
959 log_debug_errno(r, "Failed to clone settings %s, ignoring: %m", *j);
960 }
961
bafbac4e
LP		 962 r = clone_auxiliary_file(roothash, new_name, ".roothash");
963 if (r < 0 && r != -ENOENT)
964 log_debug_errno(r, "Failed to clone root hash file %s, ignoring: %m", roothash);
965
ebd93cb6
LP		 966 return 0;
967}
968
969int image_read_only(Image *i, bool b) {
8e766630 970 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
ebd93cb6 971 int r;
c7664c07 972
ebd93cb6
LP		 973 assert(i);
974
d94c2b06 975 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
ebd93cb6
LP		 976 return -EROFS;
977
30535c16
LP		 978 /* Make sure we don't interfere with a running nspawn */
979 r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
980 if (r < 0)
981 return r;
982
ebd93cb6
LP		 983 switch (i->type) {
984
985 case IMAGE_SUBVOLUME:
5bcd08db
LP		 986
987 /* Note that we set the flag only on the top-level
988 * subvolume of the image. */
989
ebd93cb6
LP		 990 r = btrfs_subvol_set_read_only(i->path, b);
991 if (r < 0)
992 return r;
01b72568
LP		 993
994 break;
995
996 case IMAGE_DIRECTORY:
997 /* For simple directory trees we cannot use the access
998 mode of the top-level directory, since it has an
999 effect on the container itself. However, we can
1000 use the "immutable" flag, to at least make the
1001 top-level directory read-only. It's not as good as
1002 a read-only subvolume, but at least something, and
13e785f7 1003 we can read the value back. */
01b72568 1004
db9a4254 1005 r = chattr_path(i->path, b ? FS_IMMUTABLE_FL : 0, FS_IMMUTABLE_FL, NULL);
01b72568
LP		 1006 if (r < 0)
1007 return r;
1008
ebd93cb6
LP		 1009 break;
1010
aceac2f0 1011 case IMAGE_RAW: {
ebd93cb6
LP		 1012 struct stat st;
1013
1014 if (stat(i->path, &st) < 0)
1015 return -errno;
1016
1017 if (chmod(i->path, (st.st_mode & 0444) | (b ? 0000 : 0200)) < 0)
1018 return -errno;
f2068bcc
LP		 1019
1020 /* If the images is now read-only, it's a good time to
1021 * defrag it, given that no write patterns will
1022 * fragment it again. */
1023 if (b)
1024 (void) btrfs_defrag(i->path);
ebd93cb6
LP		 1025 break;
1026 }
1027
eb38edce 1028 case IMAGE_BLOCK: {
254d1313 1029 _cleanup_close_ int fd = -EBADF;
eb38edce
LP		 1030 struct stat st;
1031 int state = b;
1032
1033 fd = open(i->path, O_CLOEXEC|O_RDONLY|O_NONBLOCK|O_NOCTTY);
1034 if (fd < 0)
1035 return -errno;
1036
1037 if (fstat(fd, &st) < 0)
1038 return -errno;
1039 if (!S_ISBLK(st.st_mode))
1040 return -ENOTTY;
1041
1042 if (ioctl(fd, BLKROSET, &state) < 0)
1043 return -errno;
1044
1045 break;
1046 }
1047
ebd93cb6 1048 default:
15411c0c 1049 return -EOPNOTSUPP;
ebd93cb6
LP		 1050 }
1051
1052 return 0;
08682124
LP		 1053}
1054
30535c16
LP		 1055int image_path_lock(const char *path, int operation, LockFile *global, LockFile *local) {
1056 _cleanup_free_ char *p = NULL;
1057 LockFile t = LOCK_FILE_INIT;
1058 struct stat st;
f25bed67 1059 bool exclusive;
30535c16
LP		 1060 int r;
1061
1062 assert(path);
1063 assert(global);
1064 assert(local);
1065
f25bed67
LP		 1066 /* Locks an image path. This actually creates two locks: one "local" one, next to the image path
1067 * itself, which might be shared via NFS. And another "global" one, in /run, that uses the
1068 * device/inode number. This has the benefit that we can even lock a tree that is a mount point,
1069 * correctly. */
30535c16 1070
30535c16
LP		 1071 if (!path_is_absolute(path))
1072 return -EINVAL;
1073
f25bed67
LP		 1074 switch (operation & (LOCK_SH|LOCK_EX)) {
1075 case LOCK_SH:
1076 exclusive = false;
1077 break;
1078 case LOCK_EX:
1079 exclusive = true;
1080 break;
1081 default:
1082 return -EINVAL;
1083 }
1084
b6e953f2
LP		 1085 if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
1086 *local = *global = (LockFile) LOCK_FILE_INIT;
1087 return 0;
1088 }
1089
f25bed67
LP		 1090 /* Prohibit taking exclusive locks on the host image. We can't allow this, since we ourselves are
1091 * running off it after all, and we don't want any images to manipulate the host image. We make an
1092 * exception for shared locks however: we allow those (and make them NOPs since there's no point in
1093 * taking them if there can't be exclusive locks). Strictly speaking these are questionable as well,
1094 * since it means changes made to the host might propagate to the container as they happen (and a
1095 * shared lock kinda suggests that no changes happen at all while it is in place), but it's too
1096 * useful not to allow read-only containers off the host root, hence let's support this, and trust
1097 * the user to do the right thing with this. */
1098 if (path_equal(path, "/")) {
1099 if (exclusive)
1100 return -EBUSY;
1101
1102 *local = *global = (LockFile) LOCK_FILE_INIT;
1103 return 0;
1104 }
b6e953f2 1105
30535c16 1106 if (stat(path, &st) >= 0) {
eb38edce
LP		 1107 if (S_ISBLK(st.st_mode))
1108 r = asprintf(&p, "/run/systemd/nspawn/locks/block-%u:%u", major(st.st_rdev), minor(st.st_rdev));
1109 else if (S_ISDIR(st.st_mode) || S_ISREG(st.st_mode))
1110 r = asprintf(&p, "/run/systemd/nspawn/locks/inode-%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino);
1111 else
1112 return -ENOTTY;
eb38edce 1113 if (r < 0)
30535c16
LP		 1114 return -ENOMEM;
1115 }
1116
f25bed67
LP		 1117 /* For block devices we don't need the "local" lock, as the major/minor lock above should be
1118 * sufficient, since block devices are host local anyway. */
1119 if (!path_startswith(path, "/dev/")) {
eb38edce 1120 r = make_lock_file_for(path, operation, &t);
8be17c9b 1121 if (r < 0) {
f25bed67 1122 if (!exclusive && r == -EROFS)
771b7ead 1123 log_debug_errno(r, "Failed to create shared lock for '%s', ignoring: %m", path);
8be17c9b
LT		 1124 else
1125 return r;
1126 }
eb38edce 1127 }
30535c16
LP		 1128
1129 if (p) {
6e5dcce4 1130 (void) mkdir_p("/run/systemd/nspawn/locks", 0700);
30535c16
LP		 1131
1132 r = make_lock_file(p, operation, global);
1133 if (r < 0) {
1134 release_lock_file(&t);
1135 return r;
1136 }
546dbec5
LP		 1137 } else
1138 *global = (LockFile) LOCK_FILE_INIT;
30535c16
LP		 1139
1140 *local = t;
1141 return 0;
1142}
1143
cb81cd80 1144int image_set_limit(Image *i, uint64_t referenced_max) {
d6ce17c7
LP		 1145 assert(i);
1146
d94c2b06 1147 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
d6ce17c7
LP		 1148 return -EROFS;
1149
1150 if (i->type != IMAGE_SUBVOLUME)
15411c0c 1151 return -EOPNOTSUPP;
d6ce17c7 1152
5bcd08db
LP		 1153 /* We set the quota both for the subvolume as well as for the
1154 * subtree. The latter is mostly for historical reasons, since
1155 * we didn't use to have a concept of subtree quota, and hence
1156 * only modified the subvolume quota. */
1157
1158 (void) btrfs_qgroup_set_limit(i->path, 0, referenced_max);
1159 (void) btrfs_subvol_auto_qgroup(i->path, 0, true);
1160 return btrfs_subvol_set_subtree_quota_limit(i->path, 0, referenced_max);
d6ce17c7
LP		 1161}
1162
84be0c71 1163int image_read_metadata(Image *i, const ImagePolicy *image_policy) {
8e766630 1164 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
c7664c07
LP		 1165 int r;
1166
1167 assert(i);
1168
1169 r = image_path_lock(i->path, LOCK_SH|LOCK_NB, &global_lock, &local_lock);
1170 if (r < 0)
1171 return r;
1172
1173 switch (i->type) {
1174
1175 case IMAGE_SUBVOLUME:
1176 case IMAGE_DIRECTORY: {
bcf94222 1177 _cleanup_strv_free_ char **machine_info = NULL, **os_release = NULL, **extension_release = NULL;
c7664c07
LP		 1178 sd_id128_t machine_id = SD_ID128_NULL;
1179 _cleanup_free_ char *hostname = NULL;
1180 _cleanup_free_ char *path = NULL;
1181
b60e0f57 1182 if (i->class == IMAGE_SYSEXT) {
6afa5d86
LB		 1183 r = extension_has_forbidden_content(i->path);
1184 if (r < 0)
1185 return r;
1186 if (r > 0)
1187 return log_debug_errno(SYNTHETIC_ERRNO(ENOMEDIUM),
1188 "Conflicting content found in image %s, refusing.",
1189 i->name);
1190 }
1191
f461a28d 1192 r = chase("/etc/hostname", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
c7664c07
LP		 1193 if (r < 0 && r != -ENOENT)
1194 log_debug_errno(r, "Failed to chase /etc/hostname in image %s: %m", i->name);
1195 else if (r >= 0) {
1196 r = read_etc_hostname(path, &hostname);
1197 if (r < 0)
1198 log_debug_errno(errno, "Failed to read /etc/hostname of image %s: %m", i->name);
1199 }
1200
1201 path = mfree(path);
1202
f7b5f399
YW		 1203 r = id128_get_machine(i->path, &machine_id);
1204 if (r < 0)
1205 log_debug_errno(r, "Failed to read machine ID in image %s, ignoring: %m", i->name);
c7664c07 1206
f461a28d 1207 r = chase("/etc/machine-info", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
c7664c07
LP		 1208 if (r < 0 && r != -ENOENT)
1209 log_debug_errno(r, "Failed to chase /etc/machine-info in image %s: %m", i->name);
1210 else if (r >= 0) {
aa8fbc74 1211 r = load_env_file_pairs(NULL, path, &machine_info);
c7664c07
LP		 1212 if (r < 0)
1213 log_debug_errno(r, "Failed to parse machine-info data of %s: %m", i->name);
1214 }
1215
d58ad743
LP		 1216 r = load_os_release_pairs(i->path, &os_release);
1217 if (r < 0)
1218 log_debug_errno(r, "Failed to read os-release in image, ignoring: %m");
c7664c07 1219
b60e0f57 1220 r = load_extension_release_pairs(i->path, i->class, i->name, /* relax_extension_release_check= */ false, &extension_release);
bcf94222
LB		 1221 if (r < 0)
1222 log_debug_errno(r, "Failed to read extension-release in image, ignoring: %m");
1223
c7664c07
LP		 1224 free_and_replace(i->hostname, hostname);
1225 i->machine_id = machine_id;
1226 strv_free_and_replace(i->machine_info, machine_info);
1227 strv_free_and_replace(i->os_release, os_release);
bcf94222 1228 strv_free_and_replace(i->extension_release, extension_release);
c7664c07
LP		 1229
1230 break;
1231 }
1232
1233 case IMAGE_RAW:
1234 case IMAGE_BLOCK: {
1235 _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
1236 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
1237
22ee78a8 1238 r = loop_device_make_by_path(i->path, O_RDONLY, /* sector_size= */ UINT32_MAX, LO_FLAGS_PARTSCAN, LOCK_SH, &d);
41bc4849
LP		 1239 if (r < 0)
1240 return r;
1241
bad31660
YW		 1242 r = dissect_loop_device(
1243 d,
84be0c71
LP		 1244 /* verity= */ NULL,
1245 /* mount_options= */ NULL,
1246 image_policy,
4b5de5dd
LP		 1247 DISSECT_IMAGE_GENERIC_ROOT |
1248 DISSECT_IMAGE_REQUIRE_ROOT |
1249 DISSECT_IMAGE_RELAX_VAR_CHECK |
f6f4ec79 1250 DISSECT_IMAGE_READ_ONLY |
73d88b80
LP		 1251 DISSECT_IMAGE_USR_NO_ROOT |
1252 DISSECT_IMAGE_ADD_PARTITION_DEVICES |
1253 DISSECT_IMAGE_PIN_PARTITION_DEVICES,
75dc190d 1254 &m);
c7664c07
LP		 1255 if (r < 0)
1256 return r;
1257
22847508
ZJS		 1258 r = dissected_image_acquire_metadata(m,
1259 DISSECT_IMAGE_VALIDATE_OS |
1260 DISSECT_IMAGE_VALIDATE_OS_EXT);
c7664c07
LP		 1261 if (r < 0)
1262 return r;
1263
1264 free_and_replace(i->hostname, m->hostname);
1265 i->machine_id = m->machine_id;
1266 strv_free_and_replace(i->machine_info, m->machine_info);
1267 strv_free_and_replace(i->os_release, m->os_release);
bcf94222 1268 strv_free_and_replace(i->extension_release, m->extension_release);
c7664c07
LP		 1269
1270 break;
1271 }
1272
1273 default:
1274 return -EOPNOTSUPP;
1275 }
1276
1277 i->metadata_valid = true;
1278
1279 return 0;
1280}
1281
30535c16 1282int image_name_lock(const char *name, int operation, LockFile *ret) {
99d97afc
LP		 1283 const char *p;
1284
30535c16
LP		 1285 assert(name);
1286 assert(ret);
1287
1288 /* Locks an image name, regardless of the precise path used. */
1289
99d97afc
LP		 1290 if (streq(name, ".host"))
1291 return -EBUSY;
1292
30535c16
LP		 1293 if (!image_name_is_valid(name))
1294 return -EINVAL;
1295
b6e953f2
LP		 1296 if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
1297 *ret = (LockFile) LOCK_FILE_INIT;
1298 return 0;
1299 }
1300
6e5dcce4 1301 (void) mkdir_p("/run/systemd/nspawn/locks", 0700);
99d97afc
LP		 1302
1303 p = strjoina("/run/systemd/nspawn/locks/name-", name);
30535c16
LP		 1304 return make_lock_file(p, operation, ret);
1305}
1306
d577d4a4
LP		 1307bool image_in_search_path(
1308 ImageClass class,
1309 const char *root,
1310 const char *image) {
1311
ace9ab19
LP		 1312 assert(image);
1313
73740c9f 1314 NULSTR_FOREACH(path, pick_image_search_path(class)) {
d577d4a4 1315 const char *p, *q;
ace9ab19
LP		 1316 size_t k;
1317
d577d4a4
LP		 1318 if (!empty_or_root(root)) {
1319 q = path_startswith(path, root);
1320 if (!q)
1321 continue;
1322 } else
1323 q = path;
1324
1325 p = path_startswith(q, path);
ace9ab19
LP		 1326 if (!p)
1327 continue;
1328
1329 /* Make sure there's a filename following */
1330 k = strcspn(p, "/");
1331 if (k == 0)
1332 continue;
1333
1334 p += k;
1335
1336 /* Accept trailing slashes */
1337 if (p[strspn(p, "/")] == 0)
1338 return true;
1339
1340 }
1341
1342 return false;
1343}
1344
cd61c3bf
LP		 1345static const char* const image_type_table[_IMAGE_TYPE_MAX] = {
1346 [IMAGE_DIRECTORY] = "directory",
1347 [IMAGE_SUBVOLUME] = "subvolume",
aceac2f0 1348 [IMAGE_RAW] = "raw",
eb38edce 1349 [IMAGE_BLOCK] = "block",
cd61c3bf
LP		 1350};
1351
1352DEFINE_STRING_TABLE_LOOKUP(image_type, ImageType);
Unnamed repository; edit this file 'description' to name the repository.