]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/discover-image.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
chattr-util: Make chattr_full() an openat() style function
[thirdparty/systemd.git] / src / shared / discover-image.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
cd61c3bf 2
a8fbdf54 3#include <errno.h>
ebd93cb6 4#include <fcntl.h>
e08f94ac
LP		 5#include <linux/fs.h>
6#include <linux/loop.h>
65ddc2c5 7#include <linux/magic.h>
a8fbdf54
TA		 8#include <stdio.h>
9#include <stdlib.h>
e306723e 10#include <sys/file.h>
204f52e3 11#include <sys/ioctl.h>
a8fbdf54
TA		 12#include <sys/stat.h>
13#include <unistd.h>
546dbec5 14
b5efdb8a 15#include "alloc-util.h"
cd61c3bf 16#include "btrfs-util.h"
f461a28d 17#include "chase.h"
c8b3094d 18#include "chattr-util.h"
ebd93cb6 19#include "copy.h"
a0956174 20#include "dirent-util.h"
57f1b61b 21#include "discover-image.h"
c7664c07 22#include "dissect-image.h"
686d13b9 23#include "env-file.h"
b6e953f2 24#include "env-util.h"
6afa5d86 25#include "extension-util.h"
3ffd4af2 26#include "fd-util.h"
f4f15635 27#include "fs-util.h"
a8fbdf54 28#include "hashmap.h"
e2054217 29#include "hostname-setup.h"
c7664c07 30#include "id128-util.h"
73740c9f 31#include "initrd-util.h"
64e89f56 32#include "lock-util.h"
a8fbdf54 33#include "log.h"
c7664c07 34#include "loop-util.h"
546dbec5 35#include "macro.h"
30535c16 36#include "mkdir.h"
d8b4d14d 37#include "nulstr-util.h"
d58ad743 38#include "os-util.h"
8e0b6570 39#include "path-util.h"
c6878637 40#include "rm-rf.h"
65ddc2c5 41#include "stat-util.h"
8b43440b 42#include "string-table.h"
07630cea 43#include "string-util.h"
8e0b6570 44#include "strv.h"
a8fbdf54 45#include "time-util.h"
8e0b6570 46#include "utf8.h"
89a5a90c 47#include "xattr-util.h"
cd61c3bf 48
5ef46e5f 49static const char* const image_search_path[_IMAGE_CLASS_MAX] = {
9bca4ae4
LP		 50 [IMAGE_MACHINE] = "/etc/machines\0" /* only place symlinks here */
51 "/run/machines\0" /* and here too */
52 "/var/lib/machines\0" /* the main place for images */
53 "/var/lib/container\0" /* legacy */
54 "/usr/local/lib/machines\0"
55 "/usr/lib/machines\0",
5ef46e5f 56
9bca4ae4
LP		 57 [IMAGE_PORTABLE] = "/etc/portables\0" /* only place symlinks here */
58 "/run/portables\0" /* and here too */
59 "/var/lib/portables\0" /* the main place for images */
60 "/usr/local/lib/portables\0"
61 "/usr/lib/portables\0",
62
de862276
LB		 63 /* Note that we don't allow storing extensions under /usr/, unlike with other image types. That's
64 * because extension images are supposed to extend /usr/, so you get into recursive races, especially
65 * with directory-based extensions, as the kernel's OverlayFS explicitly checks for this and errors
66 * out with -ELOOP if it finds that a lowerdir= is a child of another lowerdir=. */
b60e0f57 67 [IMAGE_SYSEXT] = "/etc/extensions\0" /* only place symlinks here */
68 "/run/extensions\0" /* and here too */
69 "/var/lib/extensions\0", /* the main place for images */
70
71 [IMAGE_CONFEXT] = "/run/confexts\0" /* only place symlinks here */
72 "/var/lib/confexts\0" /* the main place for images */
73 "/usr/local/lib/confexts\0"
74 "/usr/lib/confexts\0",
5ef46e5f 75};
c2ce6a3d 76
73740c9f
LP		 77/* Inside the initrd, use a slightly different set of search path (i.e. include .extra/sysext in extension
78 * search dir) */
79static const char* const image_search_path_initrd[_IMAGE_CLASS_MAX] = {
80 /* (entries that aren't listed here will get the same search path as for the non initrd-case) */
81
b151e696
LP		 82 [IMAGE_SYSEXT] = "/etc/extensions\0" /* only place symlinks here */
83 "/run/extensions\0" /* and here too */
84 "/var/lib/extensions\0" /* the main place for images */
85 "/.extra/sysext\0" /* put sysext picked up by systemd-stub last, since not trusted */
73740c9f
LP		 86};
87
8301aa0b
YW		 88static Image *image_free(Image *i) {
89 assert(i);
9614bb06 90
cd61c3bf
LP		 91 free(i->name);
92 free(i->path);
c7664c07
LP		 93
94 free(i->hostname);
95 strv_free(i->machine_info);
96 strv_free(i->os_release);
bcf94222 97 strv_free(i->extension_release);
c7664c07 98
6b430fdb 99 return mfree(i);
cd61c3bf
LP		 100}
101
8301aa0b 102DEFINE_TRIVIAL_REF_UNREF_FUNC(Image, image, image_free);
b07ec5a1
YW		 103DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(image_hash_ops, char, string_hash_func, string_compare_func,
104 Image, image_unref);
9614bb06 105
8e0b6570
LP		 106static char **image_settings_path(Image *image) {
107 _cleanup_strv_free_ char **l = NULL;
162f6477
LP		 108 _cleanup_free_ char *fn = NULL;
109 size_t i = 0;
110 int r;
8e0b6570
LP		 111
112 assert(image);
113
114 l = new0(char*, 4);
115 if (!l)
116 return NULL;
117
162f6477
LP		 118 fn = strjoin(image->name, ".nspawn");
119 if (!fn)
120 return NULL;
8e0b6570 121
b910cc72
LP		 122 FOREACH_STRING(s, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
123 l[i] = path_join(s, fn);
8e0b6570
LP		 124 if (!l[i])
125 return NULL;
126
127 i++;
128 }
129
162f6477
LP		 130 r = file_in_same_dir(image->path, fn, l + i);
131 if (r == -ENOMEM)
8e0b6570 132 return NULL;
162f6477
LP		 133 if (r < 0)
134 log_debug_errno(r, "Failed to generate .nspawn settings path from image path, ignoring: %m");
135
136 strv_uniq(l);
8e0b6570 137
ae2a15bc 138 return TAKE_PTR(l);
8e0b6570
LP		 139}
140
162f6477
LP		 141static int image_roothash_path(Image *image, char **ret) {
142 _cleanup_free_ char *fn = NULL;
bafbac4e
LP		 143
144 assert(image);
145
162f6477
LP		 146 fn = strjoin(image->name, ".roothash");
147 if (!fn)
148 return -ENOMEM;
bafbac4e 149
162f6477 150 return file_in_same_dir(image->path, fn, ret);
bafbac4e
LP		 151}
152
c2ce6a3d 153static int image_new(
cd61c3bf 154 ImageType t,
3775e141 155 ImageClass c,
5fc7f358 156 const char *pretty,
cd61c3bf 157 const char *path,
5fc7f358 158 const char *filename,
cd61c3bf 159 bool read_only,
10f9c755 160 usec_t crtime,
cd61c3bf 161 usec_t mtime,
c2ce6a3d 162 Image **ret) {
cd61c3bf
LP		 163
164 _cleanup_(image_unrefp) Image *i = NULL;
cd61c3bf 165
cd61c3bf
LP		 166 assert(t >= 0);
167 assert(t < _IMAGE_TYPE_MAX);
5fc7f358
LP		 168 assert(pretty);
169 assert(filename);
c2ce6a3d 170 assert(ret);
cd61c3bf 171
c2108701 172 i = new(Image, 1);
cd61c3bf
LP		 173 if (!i)
174 return -ENOMEM;
175
c2108701
LP		 176 *i = (Image) {
177 .n_ref = 1,
178 .type = t,
3775e141 179 .class = c,
c2108701
LP		 180 .read_only = read_only,
181 .crtime = crtime,
182 .mtime = mtime,
183 .usage = UINT64_MAX,
184 .usage_exclusive = UINT64_MAX,
185 .limit = UINT64_MAX,
186 .limit_exclusive = UINT64_MAX,
187 };
cd61c3bf 188
5fc7f358 189 i->name = strdup(pretty);
cd61c3bf
LP		 190 if (!i->name)
191 return -ENOMEM;
192
657ee2d8 193 i->path = path_join(path, filename);
5fc7f358
LP		 194 if (!i->path)
195 return -ENOMEM;
196
4ff361cc 197 path_simplify(i->path);
cd61c3bf 198
1cc6c93a 199 *ret = TAKE_PTR(i);
c2ce6a3d 200
cd61c3bf
LP		 201 return 0;
202}
203
4756c94e
LP		 204static int extract_pretty(const char *path, const char *suffix, char **ret) {
205 _cleanup_free_ char *name = NULL;
206 const char *p;
4756c94e
LP		 207
208 assert(path);
209 assert(ret);
210
211 p = last_path_component(path);
4756c94e 212
e8bec624 213 name = strdupcspn(p, "/");
4756c94e
LP		 214 if (!name)
215 return -ENOMEM;
216
217 if (suffix) {
218 char *e;
219
220 e = endswith(name, suffix);
221 if (!e)
222 return -EINVAL;
223
224 *e = 0;
225 }
226
227 if (!image_name_is_valid(name))
228 return -EINVAL;
229
230 *ret = TAKE_PTR(name);
231 return 0;
232}
233
5fc7f358 234static int image_make(
3775e141 235 ImageClass c,
5fc7f358
LP		 236 const char *pretty,
237 int dfd,
238 const char *path,
239 const char *filename,
3a6ce860 240 const struct stat *st,
5fc7f358
LP		 241 Image **ret) {
242
2570578d 243 _cleanup_free_ char *pretty_buffer = NULL, *parent = NULL;
3a6ce860 244 struct stat stbuf;
5fc7f358 245 bool read_only;
cd61c3bf
LP		 246 int r;
247
3a6ce860 248 assert(dfd >= 0 || dfd == AT_FDCWD);
bcb846f3 249 assert(path || dfd == AT_FDCWD);
5fc7f358 250 assert(filename);
cd61c3bf 251
eb38edce 252 /* We explicitly *do* follow symlinks here, since we want to allow symlinking trees, raw files and block
3a6ce860
LP		 253 * devices into /var/lib/machines/, and treat them normally.
254 *
255 * This function returns -ENOENT if we can't find the image after all, and -EMEDIUMTYPE if it's not a file we
256 * recognize. */
cd61c3bf 257
3a6ce860
LP		 258 if (!st) {
259 if (fstatat(dfd, filename, &stbuf, 0) < 0)
260 return -errno;
261
262 st = &stbuf;
263 }
cd61c3bf 264
2570578d
LP		 265 if (!path) {
266 if (dfd == AT_FDCWD)
267 (void) safe_getcwd(&parent);
268 else
269 (void) fd_get_path(dfd, &parent);
270 }
bcb846f3 271
5fc7f358
LP		 272 read_only =
273 (path && path_startswith(path, "/usr")) ||
08ff5529 274 (faccessat(dfd, filename, W_OK, AT_EACCESS) < 0 && errno == EROFS);
86e339c8 275
3a6ce860 276 if (S_ISDIR(st->st_mode)) {
254d1313 277 _cleanup_close_ int fd = -EBADF;
01b72568 278 unsigned file_attr = 0;
02dcf215 279 usec_t crtime = 0;
cd61c3bf 280
c2ce6a3d 281 if (!ret)
3a6ce860 282 return 0;
cd61c3bf 283
4756c94e
LP		 284 if (!pretty) {
285 r = extract_pretty(filename, NULL, &pretty_buffer);
286 if (r < 0)
287 return r;
288
289 pretty = pretty_buffer;
290 }
5fc7f358 291
01b72568
LP		 292 fd = openat(dfd, filename, O_CLOEXEC|O_NOCTTY|O_DIRECTORY);
293 if (fd < 0)
294 return -errno;
295
674b04ff 296 if (btrfs_might_be_subvol(st)) {
cd61c3bf 297
65ddc2c5 298 r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC);
21222ea5
LP		 299 if (r < 0)
300 return r;
301 if (r) {
10f9c755 302 BtrfsSubvolInfo info;
cd61c3bf 303
c2ce6a3d 304 /* It's a btrfs subvolume */
cd61c3bf 305
5bcd08db 306 r = btrfs_subvol_get_info_fd(fd, 0, &info);
10f9c755
LP		 307 if (r < 0)
308 return r;
c2ce6a3d
LP		 309
310 r = image_new(IMAGE_SUBVOLUME,
3775e141 311 c,
5fc7f358 312 pretty,
c2ce6a3d 313 path,
5fc7f358
LP		 314 filename,
315 info.read_only || read_only,
10f9c755 316 info.otime,
c2ce6a3d 317 0,
c2ce6a3d
LP		 318 ret);
319 if (r < 0)
320 return r;
321
5bcd08db
LP		 322 if (btrfs_quota_scan_ongoing(fd) == 0) {
323 BtrfsQuotaInfo quota;
b6b18498 324
5bcd08db
LP		 325 r = btrfs_subvol_get_subtree_quota_fd(fd, 0, &quota);
326 if (r >= 0) {
327 (*ret)->usage = quota.referenced;
328 (*ret)->usage_exclusive = quota.exclusive;
329
330 (*ret)->limit = quota.referenced_max;
331 (*ret)->limit_exclusive = quota.exclusive_max;
332 }
b6b18498
LP		 333 }
334
3a6ce860 335 return 0;
cd61c3bf 336 }
c2ce6a3d 337 }
cd61c3bf 338
02dcf215 339 /* Get directory creation time (not available everywhere, but that's OK */
12a7f04a 340 (void) fd_getcrtime(fd, &crtime);
02dcf215
LP		 341
342 /* If the IMMUTABLE bit is set, we consider the directory read-only. Since the ioctl is not
01b72568
LP		 343 * supported everywhere we ignore failures. */
344 (void) read_attr_fd(fd, &file_attr);
cd61c3bf 345
01b72568 346 /* It's just a normal directory. */
c2ce6a3d 347 r = image_new(IMAGE_DIRECTORY,
3775e141 348 c,
5fc7f358 349 pretty,
c2ce6a3d 350 path,
5fc7f358 351 filename,
01b72568 352 read_only || (file_attr & FS_IMMUTABLE_FL),
02dcf215
LP		 353 crtime,
354 0, /* we don't use mtime of stat() here, since it's not the time of last change of the tree, but only of the top-level dir */
c2ce6a3d
LP		 355 ret);
356 if (r < 0)
357 return r;
cd61c3bf 358
3a6ce860 359 return 0;
cd61c3bf 360
3a6ce860 361 } else if (S_ISREG(st->st_mode) && endswith(filename, ".raw")) {
10f9c755 362 usec_t crtime = 0;
cd61c3bf 363
aceac2f0 364 /* It's a RAW disk image */
cd61c3bf 365
c2ce6a3d 366 if (!ret)
3a6ce860 367 return 0;
cd61c3bf 368
c53e07e2 369 (void) fd_getcrtime_at(dfd, filename, AT_SYMLINK_FOLLOW, &crtime);
10f9c755 370
4756c94e
LP		 371 if (!pretty) {
372 r = extract_pretty(filename, ".raw", &pretty_buffer);
373 if (r < 0)
374 return r;
375
376 pretty = pretty_buffer;
377 }
10f9c755 378
aceac2f0 379 r = image_new(IMAGE_RAW,
3775e141 380 c,
5fc7f358 381 pretty,
c2ce6a3d 382 path,
5fc7f358 383 filename,
3a6ce860 384 !(st->st_mode & 0222) || read_only,
10f9c755 385 crtime,
3a6ce860 386 timespec_load(&st->st_mtim),
c2ce6a3d
LP		 387 ret);
388 if (r < 0)
389 return r;
cd61c3bf 390
3a6ce860
LP		 391 (*ret)->usage = (*ret)->usage_exclusive = st->st_blocks * 512;
392 (*ret)->limit = (*ret)->limit_exclusive = st->st_size;
b6b18498 393
3a6ce860 394 return 0;
eb38edce 395
3a6ce860 396 } else if (S_ISBLK(st->st_mode)) {
254d1313 397 _cleanup_close_ int block_fd = -EBADF;
eb38edce
LP		 398 uint64_t size = UINT64_MAX;
399
400 /* A block device */
401
402 if (!ret)
3a6ce860 403 return 0;
eb38edce 404
4756c94e
LP		 405 if (!pretty) {
406 r = extract_pretty(filename, NULL, &pretty_buffer);
407 if (r < 0)
408 return r;
409
410 pretty = pretty_buffer;
411 }
eb38edce
LP		 412
413 block_fd = openat(dfd, filename, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY);
414 if (block_fd < 0)
2570578d 415 log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
eb38edce 416 else {
3a6ce860
LP		 417 /* Refresh stat data after opening the node */
418 if (fstat(block_fd, &stbuf) < 0)
eb38edce 419 return -errno;
3a6ce860
LP		 420 st = &stbuf;
421
422 if (!S_ISBLK(st->st_mode)) /* Verify that what we opened is actually what we think it is */
eb38edce
LP		 423 return -ENOTTY;
424
425 if (!read_only) {
426 int state = 0;
427
428 if (ioctl(block_fd, BLKROGET, &state) < 0)
2570578d 429 log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
eb38edce
LP		 430 else if (state)
431 read_only = true;
432 }
433
434 if (ioctl(block_fd, BLKGETSIZE64, &size) < 0)
2570578d 435 log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
eb38edce
LP		 436
437 block_fd = safe_close(block_fd);
438 }
439
440 r = image_new(IMAGE_BLOCK,
3775e141 441 c,
eb38edce
LP		 442 pretty,
443 path,
444 filename,
3a6ce860 445 !(st->st_mode & 0222) || read_only,
eb38edce
LP		 446 0,
447 0,
448 ret);
449 if (r < 0)
450 return r;
451
ed0cb346 452 if (!IN_SET(size, 0, UINT64_MAX))
eb38edce
LP		 453 (*ret)->usage = (*ret)->usage_exclusive = (*ret)->limit = (*ret)->limit_exclusive = size;
454
3a6ce860 455 return 0;
c2ce6a3d 456 }
cd61c3bf 457
3a6ce860 458 return -EMEDIUMTYPE;
c2ce6a3d 459}
cd61c3bf 460
73740c9f
LP		 461static const char *pick_image_search_path(ImageClass class) {
462 if (class < 0 || class >= _IMAGE_CLASS_MAX)
463 return NULL;
464
465 /* Use the initrd search path if there is one, otherwise use the common one */
466 return in_initrd() && image_search_path_initrd[class] ? image_search_path_initrd[class] : image_search_path[class];
467}
468
d577d4a4
LP		 469int image_find(ImageClass class,
470 const char *name,
471 const char *root,
472 Image **ret) {
473
c2ce6a3d 474 int r;
cd61c3bf 475
5ef46e5f
LP		 476 assert(class >= 0);
477 assert(class < _IMAGE_CLASS_MAX);
c2ce6a3d 478 assert(name);
cd61c3bf 479
c2ce6a3d
LP		 480 /* There are no images with invalid names */
481 if (!image_name_is_valid(name))
3a6ce860 482 return -ENOENT;
cd61c3bf 483
73740c9f 484 NULSTR_FOREACH(path, pick_image_search_path(class)) {
d577d4a4 485 _cleanup_free_ char *resolved = NULL;
c2ce6a3d 486 _cleanup_closedir_ DIR *d = NULL;
3a6ce860 487 struct stat st;
d577d4a4 488 int flags;
cd61c3bf 489
f461a28d 490 r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d);
d577d4a4
LP		 491 if (r == -ENOENT)
492 continue;
493 if (r < 0)
494 return r;
cd61c3bf 495
d577d4a4
LP		 496 /* As mentioned above, we follow symlinks on this fstatat(), because we want to permit people
497 * to symlink block devices into the search path. (For now, we disable that when operating
498 * relative to some root directory.) */
499 flags = root ? AT_SYMLINK_NOFOLLOW : 0;
500 if (fstatat(dirfd(d), name, &st, flags) < 0) {
aceac2f0 501 _cleanup_free_ char *raw = NULL;
5fc7f358 502
3a6ce860
LP		 503 if (errno != ENOENT)
504 return -errno;
505
b910cc72 506 raw = strjoin(name, ".raw");
aceac2f0 507 if (!raw)
5fc7f358
LP		 508 return -ENOMEM;
509
d577d4a4 510 if (fstatat(dirfd(d), raw, &st, flags) < 0) {
3a6ce860
LP		 511 if (errno == ENOENT)
512 continue;
513
514 return -errno;
515 }
516
517 if (!S_ISREG(st.st_mode))
5fc7f358 518 continue;
3a6ce860 519
3775e141 520 r = image_make(class, name, dirfd(d), resolved, raw, &st, ret);
3a6ce860
LP		 521
522 } else {
523 if (!S_ISDIR(st.st_mode) && !S_ISBLK(st.st_mode))
524 continue;
525
3775e141 526 r = image_make(class, name, dirfd(d), resolved, name, &st, ret);
5fc7f358 527 }
3a6ce860
LP		 528 if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
529 continue;
c2ce6a3d
LP		 530 if (r < 0)
531 return r;
cd61c3bf 532
cf604fd4
LP		 533 if (ret)
534 (*ret)->discoverable = true;
535
c2ce6a3d
LP		 536 return 1;
537 }
538
cf604fd4 539 if (class == IMAGE_MACHINE && streq(name, ".host")) {
3775e141 540 r = image_make(class, ".host", AT_FDCWD, NULL, empty_to_root(root), NULL, ret);
cf604fd4
LP		 541 if (r < 0)
542 return r;
543
544 if (ret)
545 (*ret)->discoverable = true;
546
547 return r;
548 }
5fc7f358 549
3a6ce860 550 return -ENOENT;
c2ce6a3d
LP		 551};
552
2ddf182b 553int image_from_path(const char *path, Image **ret) {
cf604fd4
LP		 554
555 /* Note that we don't set the 'discoverable' field of the returned object, because we don't check here whether
556 * the image is in the image search path. And if it is we don't know if the path we used is actually not
3fe91079 557 * overridden by another, different image earlier in the search path */
cf604fd4 558
2ddf182b 559 if (path_equal(path, "/"))
3775e141 560 return image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, "/", NULL, ret);
2ddf182b 561
3775e141 562 return image_make(_IMAGE_CLASS_INVALID, NULL, AT_FDCWD, NULL, path, NULL, ret);
2ddf182b
LP		 563}
564
d577d4a4 565int image_find_harder(ImageClass class, const char *name_or_path, const char *root, Image **ret) {
2ddf182b 566 if (image_name_is_valid(name_or_path))
d577d4a4 567 return image_find(class, name_or_path, root, ret);
2ddf182b
LP		 568
569 return image_from_path(name_or_path, ret);
570}
571
d577d4a4
LP		 572int image_discover(
573 ImageClass class,
574 const char *root,
575 Hashmap *h) {
576
c2ce6a3d
LP		 577 int r;
578
5ef46e5f
LP		 579 assert(class >= 0);
580 assert(class < _IMAGE_CLASS_MAX);
c2ce6a3d
LP		 581 assert(h);
582
73740c9f 583 NULSTR_FOREACH(path, pick_image_search_path(class)) {
d577d4a4 584 _cleanup_free_ char *resolved = NULL;
c2ce6a3d 585 _cleanup_closedir_ DIR *d = NULL;
c2ce6a3d 586
f461a28d 587 r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d);
d577d4a4
LP		 588 if (r == -ENOENT)
589 continue;
590 if (r < 0)
591 return r;
c2ce6a3d
LP		 592
593 FOREACH_DIRENT_ALL(de, d, return -errno) {
594 _cleanup_(image_unrefp) Image *image = NULL;
1bf36bf9 595 _cleanup_free_ char *truncated = NULL;
3a6ce860
LP		 596 const char *pretty;
597 struct stat st;
d577d4a4 598 int flags;
c2ce6a3d 599
1bf36bf9 600 if (dot_or_dot_dot(de->d_name))
c2ce6a3d
LP		 601 continue;
602
d577d4a4
LP		 603 /* As mentioned above, we follow symlinks on this fstatat(), because we want to
604 * permit people to symlink block devices into the search path. */
605 flags = root ? AT_SYMLINK_NOFOLLOW : 0;
606 if (fstatat(dirfd(d), de->d_name, &st, flags) < 0) {
3a6ce860
LP		 607 if (errno == ENOENT)
608 continue;
609
610 return -errno;
611 }
612
613 if (S_ISREG(st.st_mode)) {
614 const char *e;
615
616 e = endswith(de->d_name, ".raw");
617 if (!e)
618 continue;
619
1bf36bf9
LP		 620 truncated = strndup(de->d_name, e - de->d_name);
621 if (!truncated)
622 return -ENOMEM;
623
624 pretty = truncated;
3a6ce860 625 } else if (S_ISDIR(st.st_mode) || S_ISBLK(st.st_mode))
1bf36bf9 626 pretty = de->d_name;
3a6ce860
LP		 627 else
628 continue;
1bf36bf9
LP		 629
630 if (!image_name_is_valid(pretty))
631 continue;
632
633 if (hashmap_contains(h, pretty))
c2ce6a3d
LP		 634 continue;
635
3775e141 636 r = image_make(class, pretty, dirfd(d), resolved, de->d_name, &st, &image);
3a6ce860 637 if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
c2ce6a3d
LP		 638 continue;
639 if (r < 0)
640 return r;
641
cf604fd4
LP		 642 image->discoverable = true;
643
c2ce6a3d
LP		 644 r = hashmap_put(h, image->name, image);
645 if (r < 0)
646 return r;
647
648 image = NULL;
cd61c3bf
LP		 649 }
650 }
651
5ef46e5f 652 if (class == IMAGE_MACHINE && !hashmap_contains(h, ".host")) {
5fc7f358
LP		 653 _cleanup_(image_unrefp) Image *image = NULL;
654
3775e141 655 r = image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, empty_to_root("/"), NULL, &image);
5fc7f358
LP		 656 if (r < 0)
657 return r;
658
cf604fd4
LP		 659 image->discoverable = true;
660
5fc7f358
LP		 661 r = hashmap_put(h, image->name, image);
662 if (r < 0)
663 return r;
664
665 image = NULL;
5fc7f358
LP		 666 }
667
cd61c3bf
LP		 668 return 0;
669}
670
08682124 671int image_remove(Image *i) {
8e766630 672 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
8e0b6570 673 _cleanup_strv_free_ char **settings = NULL;
bafbac4e 674 _cleanup_free_ char *roothash = NULL;
30535c16
LP		 675 int r;
676
08682124
LP		 677 assert(i);
678
d94c2b06 679 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
08682124
LP		 680 return -EROFS;
681
8e0b6570
LP		 682 settings = image_settings_path(i);
683 if (!settings)
684 return -ENOMEM;
685
162f6477
LP		 686 r = image_roothash_path(i, &roothash);
687 if (r < 0)
688 return r;
bafbac4e 689
30535c16
LP		 690 /* Make sure we don't interfere with a running nspawn */
691 r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
692 if (r < 0)
693 return r;
694
ebd93cb6
LP		 695 switch (i->type) {
696
697 case IMAGE_SUBVOLUME:
9fb0b9c7
LP		 698
699 /* Let's unlink first, maybe it is a symlink? If that works we are happy. Otherwise, let's get out the
700 * big guns */
701 if (unlink(i->path) < 0) {
702 r = btrfs_subvol_remove(i->path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
703 if (r < 0)
704 return r;
705 }
706
8e0b6570 707 break;
ebd93cb6
LP		 708
709 case IMAGE_DIRECTORY:
01b72568 710 /* Allow deletion of read-only directories */
db9a4254 711 (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL);
8e0b6570
LP		 712 r = rm_rf(i->path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
713 if (r < 0)
714 return r;
715
716 break;
01b72568 717
eb38edce
LP		 718 case IMAGE_BLOCK:
719
720 /* If this is inside of /dev, then it's a real block device, hence let's not touch the device node
721 * itself (but let's remove the stuff stored alongside it). If it's anywhere else, let's try to unlink
722 * the thing (it's most likely a symlink after all). */
723
724 if (path_startswith(i->path, "/dev"))
725 break;
726
4831981d 727 _fallthrough_;
aceac2f0 728 case IMAGE_RAW:
41d1ed05
LP		 729 if (unlink(i->path) < 0)
730 return -errno;
8e0b6570 731 break;
ebd93cb6
LP		 732
733 default:
15411c0c 734 return -EOPNOTSUPP;
ebd93cb6 735 }
8e0b6570 736
de010b0b 737 STRV_FOREACH(j, settings)
8e0b6570
LP		 738 if (unlink(*j) < 0 && errno != ENOENT)
739 log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", *j);
8e0b6570 740
bafbac4e
LP		 741 if (unlink(roothash) < 0 && errno != ENOENT)
742 log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", roothash);
743
8e0b6570
LP		 744 return 0;
745}
746
bafbac4e 747static int rename_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
162f6477
LP		 748 _cleanup_free_ char *fn = NULL, *rs = NULL;
749 int r;
8e0b6570 750
162f6477
LP		 751 fn = strjoin(new_name, suffix);
752 if (!fn)
8e0b6570
LP		 753 return -ENOMEM;
754
162f6477
LP		 755 r = file_in_same_dir(path, fn, &rs);
756 if (r < 0)
757 return r;
758
8e0b6570 759 return rename_noreplace(AT_FDCWD, path, AT_FDCWD, rs);
ebd93cb6
LP		 760}
761
762int image_rename(Image *i, const char *new_name) {
8e766630 763 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT, name_lock = LOCK_FILE_INIT;
bafbac4e 764 _cleanup_free_ char *new_path = NULL, *nn = NULL, *roothash = NULL;
8e0b6570 765 _cleanup_strv_free_ char **settings = NULL;
01b72568 766 unsigned file_attr = 0;
ebd93cb6
LP		 767 int r;
768
769 assert(i);
770
771 if (!image_name_is_valid(new_name))
772 return -EINVAL;
773
d94c2b06 774 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
ebd93cb6
LP		 775 return -EROFS;
776
8e0b6570
LP		 777 settings = image_settings_path(i);
778 if (!settings)
779 return -ENOMEM;
780
162f6477
LP		 781 r = image_roothash_path(i, &roothash);
782 if (r < 0)
783 return r;
bafbac4e 784
30535c16
LP		 785 /* Make sure we don't interfere with a running nspawn */
786 r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
787 if (r < 0)
788 return r;
789
790 /* Make sure nobody takes the new name, between the time we
791 * checked it is currently unused in all search paths, and the
f8e2f4d6 792 * time we take possession of it */
30535c16
LP		 793 r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock);
794 if (r < 0)
795 return r;
796
d577d4a4 797 r = image_find(IMAGE_MACHINE, new_name, NULL, NULL);
3a6ce860 798 if (r >= 0)
ebd93cb6 799 return -EEXIST;
3a6ce860
LP		 800 if (r != -ENOENT)
801 return r;
ebd93cb6
LP		 802
803 switch (i->type) {
804
ebd93cb6 805 case IMAGE_DIRECTORY:
01b72568
LP		 806 /* Turn of the immutable bit while we rename the image, so that we can rename it */
807 (void) read_attr_path(i->path, &file_attr);
808
809 if (file_attr & FS_IMMUTABLE_FL)
db9a4254 810 (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL);
01b72568 811
4831981d 812 _fallthrough_;
01b72568 813 case IMAGE_SUBVOLUME:
162f6477 814 r = file_in_same_dir(i->path, new_name, &new_path);
ebd93cb6
LP		 815 break;
816
eb38edce
LP		 817 case IMAGE_BLOCK:
818
819 /* Refuse renaming raw block devices in /dev, the names are picked by udev after all. */
820 if (path_startswith(i->path, "/dev"))
821 return -EROFS;
822
162f6477 823 r = file_in_same_dir(i->path, new_name, &new_path);
eb38edce
LP		 824 break;
825
aceac2f0 826 case IMAGE_RAW: {
ebd93cb6
LP		 827 const char *fn;
828
63c372cb 829 fn = strjoina(new_name, ".raw");
162f6477
LP		 830
831 r = file_in_same_dir(i->path, fn, &new_path);
ebd93cb6
LP		 832 break;
833 }
834
835 default:
15411c0c 836 return -EOPNOTSUPP;
ebd93cb6 837 }
162f6477
LP		 838 if (r < 0)
839 return r;
ebd93cb6
LP		 840
841 nn = strdup(new_name);
842 if (!nn)
843 return -ENOMEM;
844
f85ef957
AC		 845 r = rename_noreplace(AT_FDCWD, i->path, AT_FDCWD, new_path);
846 if (r < 0)
847 return r;
ebd93cb6 848
01b72568
LP		 849 /* Restore the immutable bit, if it was set before */
850 if (file_attr & FS_IMMUTABLE_FL)
db9a4254 851 (void) chattr_path(new_path, FS_IMMUTABLE_FL, FS_IMMUTABLE_FL, NULL);
01b72568 852
f9ecfd3b
DL		 853 free_and_replace(i->path, new_path);
854 free_and_replace(i->name, nn);
ebd93cb6 855
8e0b6570 856 STRV_FOREACH(j, settings) {
bafbac4e 857 r = rename_auxiliary_file(*j, new_name, ".nspawn");
8e0b6570
LP		 858 if (r < 0 && r != -ENOENT)
859 log_debug_errno(r, "Failed to rename settings file %s, ignoring: %m", *j);
860 }
861
bafbac4e
LP		 862 r = rename_auxiliary_file(roothash, new_name, ".roothash");
863 if (r < 0 && r != -ENOENT)
864 log_debug_errno(r, "Failed to rename roothash file %s, ignoring: %m", roothash);
865
ebd93cb6
LP		 866 return 0;
867}
868
bafbac4e 869static int clone_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
162f6477
LP		 870 _cleanup_free_ char *fn = NULL, *rs = NULL;
871 int r;
8e0b6570 872
162f6477
LP		 873 fn = strjoin(new_name, suffix);
874 if (!fn)
8e0b6570
LP		 875 return -ENOMEM;
876
162f6477
LP		 877 r = file_in_same_dir(path, fn, &rs);
878 if (r < 0)
879 return r;
880
7c2f5495 881 return copy_file_atomic(path, rs, 0664, COPY_REFLINK);
8e0b6570
LP		 882}
883
ebd93cb6 884int image_clone(Image *i, const char *new_name, bool read_only) {
8e766630 885 _cleanup_(release_lock_file) LockFile name_lock = LOCK_FILE_INIT;
8e0b6570 886 _cleanup_strv_free_ char **settings = NULL;
bafbac4e 887 _cleanup_free_ char *roothash = NULL;
ebd93cb6
LP		 888 const char *new_path;
889 int r;
890
891 assert(i);
892
893 if (!image_name_is_valid(new_name))
894 return -EINVAL;
895
8e0b6570
LP		 896 settings = image_settings_path(i);
897 if (!settings)
898 return -ENOMEM;
899
162f6477
LP		 900 r = image_roothash_path(i, &roothash);
901 if (r < 0)
902 return r;
bafbac4e 903
30535c16
LP		 904 /* Make sure nobody takes the new name, between the time we
905 * checked it is currently unused in all search paths, and the
f8e2f4d6 906 * time we take possession of it */
30535c16
LP		 907 r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock);
908 if (r < 0)
909 return r;
910
d577d4a4 911 r = image_find(IMAGE_MACHINE, new_name, NULL, NULL);
3a6ce860 912 if (r >= 0)
ebd93cb6 913 return -EEXIST;
3a6ce860
LP		 914 if (r != -ENOENT)
915 return r;
ebd93cb6
LP		 916
917 switch (i->type) {
918
919 case IMAGE_SUBVOLUME:
920 case IMAGE_DIRECTORY:
9a50e3ca 921 /* If we can we'll always try to create a new btrfs subvolume here, even if the source is a plain
13e785f7 922 * directory. */
9a50e3ca 923
63c372cb 924 new_path = strjoina("/var/lib/machines/", new_name);
ebd93cb6 925
17cbb288
LP		 926 r = btrfs_subvol_snapshot(i->path, new_path,
927 (read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) |
928 BTRFS_SNAPSHOT_FALLBACK_COPY |
929 BTRFS_SNAPSHOT_FALLBACK_DIRECTORY |
930 BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE |
931 BTRFS_SNAPSHOT_RECURSIVE |
932 BTRFS_SNAPSHOT_QUOTA);
933 if (r >= 0)
9a50e3ca 934 /* Enable "subtree" quotas for the copy, if we didn't copy any quota from the source. */
8120ee28 935 (void) btrfs_subvol_auto_qgroup(new_path, 0, true);
5bcd08db 936
ebd93cb6
LP		 937 break;
938
aceac2f0 939 case IMAGE_RAW:
63c372cb 940 new_path = strjoina("/var/lib/machines/", new_name, ".raw");
ebd93cb6 941
7c2f5495
DDM		 942 r = copy_file_atomic_full(i->path, new_path, read_only ? 0444 : 0644, FS_NOCOW_FL, FS_NOCOW_FL,
943 COPY_REFLINK|COPY_CRTIME, NULL, NULL);
ebd93cb6
LP		 944 break;
945
eb38edce 946 case IMAGE_BLOCK:
ebd93cb6 947 default:
15411c0c 948 return -EOPNOTSUPP;
ebd93cb6
LP		 949 }
950
951 if (r < 0)
952 return r;
953
8e0b6570 954 STRV_FOREACH(j, settings) {
bafbac4e 955 r = clone_auxiliary_file(*j, new_name, ".nspawn");
8e0b6570
LP		 956 if (r < 0 && r != -ENOENT)
957 log_debug_errno(r, "Failed to clone settings %s, ignoring: %m", *j);
958 }
959
bafbac4e
LP		 960 r = clone_auxiliary_file(roothash, new_name, ".roothash");
961 if (r < 0 && r != -ENOENT)
962 log_debug_errno(r, "Failed to clone root hash file %s, ignoring: %m", roothash);
963
ebd93cb6
LP		 964 return 0;
965}
966
967int image_read_only(Image *i, bool b) {
8e766630 968 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
ebd93cb6 969 int r;
c7664c07 970
ebd93cb6
LP		 971 assert(i);
972
d94c2b06 973 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
ebd93cb6
LP		 974 return -EROFS;
975
30535c16
LP		 976 /* Make sure we don't interfere with a running nspawn */
977 r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
978 if (r < 0)
979 return r;
980
ebd93cb6
LP		 981 switch (i->type) {
982
983 case IMAGE_SUBVOLUME:
5bcd08db
LP		 984
985 /* Note that we set the flag only on the top-level
986 * subvolume of the image. */
987
ebd93cb6
LP		 988 r = btrfs_subvol_set_read_only(i->path, b);
989 if (r < 0)
990 return r;
01b72568
LP		 991
992 break;
993
994 case IMAGE_DIRECTORY:
995 /* For simple directory trees we cannot use the access
996 mode of the top-level directory, since it has an
997 effect on the container itself. However, we can
998 use the "immutable" flag, to at least make the
999 top-level directory read-only. It's not as good as
1000 a read-only subvolume, but at least something, and
13e785f7 1001 we can read the value back. */
01b72568 1002
db9a4254 1003 r = chattr_path(i->path, b ? FS_IMMUTABLE_FL : 0, FS_IMMUTABLE_FL, NULL);
01b72568
LP		 1004 if (r < 0)
1005 return r;
1006
ebd93cb6
LP		 1007 break;
1008
aceac2f0 1009 case IMAGE_RAW: {
ebd93cb6
LP		 1010 struct stat st;
1011
1012 if (stat(i->path, &st) < 0)
1013 return -errno;
1014
1015 if (chmod(i->path, (st.st_mode & 0444) | (b ? 0000 : 0200)) < 0)
1016 return -errno;
f2068bcc
LP		 1017
1018 /* If the images is now read-only, it's a good time to
1019 * defrag it, given that no write patterns will
1020 * fragment it again. */
1021 if (b)
1022 (void) btrfs_defrag(i->path);
ebd93cb6
LP		 1023 break;
1024 }
1025
eb38edce 1026 case IMAGE_BLOCK: {
254d1313 1027 _cleanup_close_ int fd = -EBADF;
eb38edce
LP		 1028 struct stat st;
1029 int state = b;
1030
1031 fd = open(i->path, O_CLOEXEC|O_RDONLY|O_NONBLOCK|O_NOCTTY);
1032 if (fd < 0)
1033 return -errno;
1034
1035 if (fstat(fd, &st) < 0)
1036 return -errno;
1037 if (!S_ISBLK(st.st_mode))
1038 return -ENOTTY;
1039
1040 if (ioctl(fd, BLKROSET, &state) < 0)
1041 return -errno;
1042
1043 break;
1044 }
1045
ebd93cb6 1046 default:
15411c0c 1047 return -EOPNOTSUPP;
ebd93cb6
LP		 1048 }
1049
1050 return 0;
08682124
LP		 1051}
1052
30535c16
LP		 1053int image_path_lock(const char *path, int operation, LockFile *global, LockFile *local) {
1054 _cleanup_free_ char *p = NULL;
1055 LockFile t = LOCK_FILE_INIT;
1056 struct stat st;
f25bed67 1057 bool exclusive;
30535c16
LP		 1058 int r;
1059
1060 assert(path);
1061 assert(global);
1062 assert(local);
1063
f25bed67
LP		 1064 /* Locks an image path. This actually creates two locks: one "local" one, next to the image path
1065 * itself, which might be shared via NFS. And another "global" one, in /run, that uses the
1066 * device/inode number. This has the benefit that we can even lock a tree that is a mount point,
1067 * correctly. */
30535c16 1068
30535c16
LP		 1069 if (!path_is_absolute(path))
1070 return -EINVAL;
1071
f25bed67
LP		 1072 switch (operation & (LOCK_SH|LOCK_EX)) {
1073 case LOCK_SH:
1074 exclusive = false;
1075 break;
1076 case LOCK_EX:
1077 exclusive = true;
1078 break;
1079 default:
1080 return -EINVAL;
1081 }
1082
b6e953f2
LP		 1083 if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
1084 *local = *global = (LockFile) LOCK_FILE_INIT;
1085 return 0;
1086 }
1087
f25bed67
LP		 1088 /* Prohibit taking exclusive locks on the host image. We can't allow this, since we ourselves are
1089 * running off it after all, and we don't want any images to manipulate the host image. We make an
1090 * exception for shared locks however: we allow those (and make them NOPs since there's no point in
1091 * taking them if there can't be exclusive locks). Strictly speaking these are questionable as well,
1092 * since it means changes made to the host might propagate to the container as they happen (and a
1093 * shared lock kinda suggests that no changes happen at all while it is in place), but it's too
1094 * useful not to allow read-only containers off the host root, hence let's support this, and trust
1095 * the user to do the right thing with this. */
1096 if (path_equal(path, "/")) {
1097 if (exclusive)
1098 return -EBUSY;
1099
1100 *local = *global = (LockFile) LOCK_FILE_INIT;
1101 return 0;
1102 }
b6e953f2 1103
30535c16 1104 if (stat(path, &st) >= 0) {
eb38edce
LP		 1105 if (S_ISBLK(st.st_mode))
1106 r = asprintf(&p, "/run/systemd/nspawn/locks/block-%u:%u", major(st.st_rdev), minor(st.st_rdev));
1107 else if (S_ISDIR(st.st_mode) || S_ISREG(st.st_mode))
1108 r = asprintf(&p, "/run/systemd/nspawn/locks/inode-%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino);
1109 else
1110 return -ENOTTY;
eb38edce 1111 if (r < 0)
30535c16
LP		 1112 return -ENOMEM;
1113 }
1114
f25bed67
LP		 1115 /* For block devices we don't need the "local" lock, as the major/minor lock above should be
1116 * sufficient, since block devices are host local anyway. */
1117 if (!path_startswith(path, "/dev/")) {
eb38edce 1118 r = make_lock_file_for(path, operation, &t);
8be17c9b 1119 if (r < 0) {
f25bed67 1120 if (!exclusive && r == -EROFS)
771b7ead 1121 log_debug_errno(r, "Failed to create shared lock for '%s', ignoring: %m", path);
8be17c9b
LT		 1122 else
1123 return r;
1124 }
eb38edce 1125 }
30535c16
LP		 1126
1127 if (p) {
6e5dcce4 1128 (void) mkdir_p("/run/systemd/nspawn/locks", 0700);
30535c16
LP		 1129
1130 r = make_lock_file(p, operation, global);
1131 if (r < 0) {
1132 release_lock_file(&t);
1133 return r;
1134 }
546dbec5
LP		 1135 } else
1136 *global = (LockFile) LOCK_FILE_INIT;
30535c16
LP		 1137
1138 *local = t;
1139 return 0;
1140}
1141
cb81cd80 1142int image_set_limit(Image *i, uint64_t referenced_max) {
d6ce17c7
LP		 1143 assert(i);
1144
d94c2b06 1145 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
d6ce17c7
LP		 1146 return -EROFS;
1147
1148 if (i->type != IMAGE_SUBVOLUME)
15411c0c 1149 return -EOPNOTSUPP;
d6ce17c7 1150
5bcd08db
LP		 1151 /* We set the quota both for the subvolume as well as for the
1152 * subtree. The latter is mostly for historical reasons, since
1153 * we didn't use to have a concept of subtree quota, and hence
1154 * only modified the subvolume quota. */
1155
1156 (void) btrfs_qgroup_set_limit(i->path, 0, referenced_max);
1157 (void) btrfs_subvol_auto_qgroup(i->path, 0, true);
1158 return btrfs_subvol_set_subtree_quota_limit(i->path, 0, referenced_max);
d6ce17c7
LP		 1159}
1160
84be0c71 1161int image_read_metadata(Image *i, const ImagePolicy *image_policy) {
8e766630 1162 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
c7664c07
LP		 1163 int r;
1164
1165 assert(i);
1166
1167 r = image_path_lock(i->path, LOCK_SH|LOCK_NB, &global_lock, &local_lock);
1168 if (r < 0)
1169 return r;
1170
1171 switch (i->type) {
1172
1173 case IMAGE_SUBVOLUME:
1174 case IMAGE_DIRECTORY: {
bcf94222 1175 _cleanup_strv_free_ char **machine_info = NULL, **os_release = NULL, **extension_release = NULL;
c7664c07
LP		 1176 sd_id128_t machine_id = SD_ID128_NULL;
1177 _cleanup_free_ char *hostname = NULL;
1178 _cleanup_free_ char *path = NULL;
1179
b60e0f57 1180 if (i->class == IMAGE_SYSEXT) {
6afa5d86
LB		 1181 r = extension_has_forbidden_content(i->path);
1182 if (r < 0)
1183 return r;
1184 if (r > 0)
1185 return log_debug_errno(SYNTHETIC_ERRNO(ENOMEDIUM),
1186 "Conflicting content found in image %s, refusing.",
1187 i->name);
1188 }
1189
f461a28d 1190 r = chase("/etc/hostname", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
c7664c07
LP		 1191 if (r < 0 && r != -ENOENT)
1192 log_debug_errno(r, "Failed to chase /etc/hostname in image %s: %m", i->name);
1193 else if (r >= 0) {
1194 r = read_etc_hostname(path, &hostname);
1195 if (r < 0)
1196 log_debug_errno(errno, "Failed to read /etc/hostname of image %s: %m", i->name);
1197 }
1198
1199 path = mfree(path);
1200
f7b5f399
YW		 1201 r = id128_get_machine(i->path, &machine_id);
1202 if (r < 0)
1203 log_debug_errno(r, "Failed to read machine ID in image %s, ignoring: %m", i->name);
c7664c07 1204
f461a28d 1205 r = chase("/etc/machine-info", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
c7664c07
LP		 1206 if (r < 0 && r != -ENOENT)
1207 log_debug_errno(r, "Failed to chase /etc/machine-info in image %s: %m", i->name);
1208 else if (r >= 0) {
aa8fbc74 1209 r = load_env_file_pairs(NULL, path, &machine_info);
c7664c07
LP		 1210 if (r < 0)
1211 log_debug_errno(r, "Failed to parse machine-info data of %s: %m", i->name);
1212 }
1213
d58ad743
LP		 1214 r = load_os_release_pairs(i->path, &os_release);
1215 if (r < 0)
1216 log_debug_errno(r, "Failed to read os-release in image, ignoring: %m");
c7664c07 1217
b60e0f57 1218 r = load_extension_release_pairs(i->path, i->class, i->name, /* relax_extension_release_check= */ false, &extension_release);
bcf94222
LB		 1219 if (r < 0)
1220 log_debug_errno(r, "Failed to read extension-release in image, ignoring: %m");
1221
c7664c07
LP		 1222 free_and_replace(i->hostname, hostname);
1223 i->machine_id = machine_id;
1224 strv_free_and_replace(i->machine_info, machine_info);
1225 strv_free_and_replace(i->os_release, os_release);
bcf94222 1226 strv_free_and_replace(i->extension_release, extension_release);
c7664c07
LP		 1227
1228 break;
1229 }
1230
1231 case IMAGE_RAW:
1232 case IMAGE_BLOCK: {
1233 _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
1234 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
1235
22ee78a8 1236 r = loop_device_make_by_path(i->path, O_RDONLY, /* sector_size= */ UINT32_MAX, LO_FLAGS_PARTSCAN, LOCK_SH, &d);
41bc4849
LP		 1237 if (r < 0)
1238 return r;
1239
bad31660
YW		 1240 r = dissect_loop_device(
1241 d,
84be0c71
LP		 1242 /* verity= */ NULL,
1243 /* mount_options= */ NULL,
1244 image_policy,
4b5de5dd
LP		 1245 DISSECT_IMAGE_GENERIC_ROOT |
1246 DISSECT_IMAGE_REQUIRE_ROOT |
1247 DISSECT_IMAGE_RELAX_VAR_CHECK |
f6f4ec79 1248 DISSECT_IMAGE_READ_ONLY |
73d88b80
LP		 1249 DISSECT_IMAGE_USR_NO_ROOT |
1250 DISSECT_IMAGE_ADD_PARTITION_DEVICES |
1251 DISSECT_IMAGE_PIN_PARTITION_DEVICES,
75dc190d 1252 &m);
c7664c07
LP		 1253 if (r < 0)
1254 return r;
1255
22847508
ZJS		 1256 r = dissected_image_acquire_metadata(m,
1257 DISSECT_IMAGE_VALIDATE_OS |
1258 DISSECT_IMAGE_VALIDATE_OS_EXT);
c7664c07
LP		 1259 if (r < 0)
1260 return r;
1261
1262 free_and_replace(i->hostname, m->hostname);
1263 i->machine_id = m->machine_id;
1264 strv_free_and_replace(i->machine_info, m->machine_info);
1265 strv_free_and_replace(i->os_release, m->os_release);
bcf94222 1266 strv_free_and_replace(i->extension_release, m->extension_release);
c7664c07
LP		 1267
1268 break;
1269 }
1270
1271 default:
1272 return -EOPNOTSUPP;
1273 }
1274
1275 i->metadata_valid = true;
1276
1277 return 0;
1278}
1279
30535c16 1280int image_name_lock(const char *name, int operation, LockFile *ret) {
99d97afc
LP		 1281 const char *p;
1282
30535c16
LP		 1283 assert(name);
1284 assert(ret);
1285
1286 /* Locks an image name, regardless of the precise path used. */
1287
99d97afc
LP		 1288 if (streq(name, ".host"))
1289 return -EBUSY;
1290
30535c16
LP		 1291 if (!image_name_is_valid(name))
1292 return -EINVAL;
1293
b6e953f2
LP		 1294 if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
1295 *ret = (LockFile) LOCK_FILE_INIT;
1296 return 0;
1297 }
1298
6e5dcce4 1299 (void) mkdir_p("/run/systemd/nspawn/locks", 0700);
99d97afc
LP		 1300
1301 p = strjoina("/run/systemd/nspawn/locks/name-", name);
30535c16
LP		 1302 return make_lock_file(p, operation, ret);
1303}
1304
d577d4a4
LP		 1305bool image_in_search_path(
1306 ImageClass class,
1307 const char *root,
1308 const char *image) {
1309
ace9ab19
LP		 1310 assert(image);
1311
73740c9f 1312 NULSTR_FOREACH(path, pick_image_search_path(class)) {
d577d4a4 1313 const char *p, *q;
ace9ab19
LP		 1314 size_t k;
1315
d577d4a4
LP		 1316 if (!empty_or_root(root)) {
1317 q = path_startswith(path, root);
1318 if (!q)
1319 continue;
1320 } else
1321 q = path;
1322
1323 p = path_startswith(q, path);
ace9ab19
LP		 1324 if (!p)
1325 continue;
1326
1327 /* Make sure there's a filename following */
1328 k = strcspn(p, "/");
1329 if (k == 0)
1330 continue;
1331
1332 p += k;
1333
1334 /* Accept trailing slashes */
1335 if (p[strspn(p, "/")] == 0)
1336 return true;
1337
1338 }
1339
1340 return false;
1341}
1342
cd61c3bf
LP		 1343static const char* const image_type_table[_IMAGE_TYPE_MAX] = {
1344 [IMAGE_DIRECTORY] = "directory",
1345 [IMAGE_SUBVOLUME] = "subvolume",
aceac2f0 1346 [IMAGE_RAW] = "raw",
eb38edce 1347 [IMAGE_BLOCK] = "block",
cd61c3bf
LP		 1348};
1349
1350DEFINE_STRING_TABLE_LOOKUP(image_type, ImageType);
Unnamed repository; edit this file 'description' to name the repository.