]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/discover-image.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dissect-image: explain one more error
[thirdparty/systemd.git] / src / shared / discover-image.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
cd61c3bf 2
ebd93cb6 3#include <fcntl.h>
e08f94ac 4#include <linux/loop.h>
65ddc2c5 5#include <linux/magic.h>
a8fbdf54 6#include <stdio.h>
e306723e 7#include <sys/file.h>
204f52e3 8#include <sys/ioctl.h>
a8fbdf54 9#include <sys/stat.h>
69a283c5 10#include <sys/sysmacros.h>
a8fbdf54 11#include <unistd.h>
546dbec5 12
69a283c5 13#include "sd-json.h"
1c0ade2e
LP		 14#include "sd-path.h"
15
b5efdb8a 16#include "alloc-util.h"
01db9c85 17#include "blockdev-util.h"
cd61c3bf 18#include "btrfs-util.h"
f461a28d 19#include "chase.h"
c8b3094d 20#include "chattr-util.h"
ebd93cb6 21#include "copy.h"
d9c5566c 22#include "devnum-util.h"
a0956174 23#include "dirent-util.h"
57f1b61b 24#include "discover-image.h"
c7664c07 25#include "dissect-image.h"
686d13b9 26#include "env-file.h"
b6e953f2 27#include "env-util.h"
6afa5d86 28#include "extension-util.h"
3ffd4af2 29#include "fd-util.h"
f4f15635 30#include "fs-util.h"
a8fbdf54 31#include "hashmap.h"
e2054217 32#include "hostname-setup.h"
c7664c07 33#include "id128-util.h"
73740c9f 34#include "initrd-util.h"
64e89f56 35#include "lock-util.h"
a8fbdf54 36#include "log.h"
c7664c07 37#include "loop-util.h"
30535c16 38#include "mkdir.h"
d8b4d14d 39#include "nulstr-util.h"
d58ad743 40#include "os-util.h"
d9c5566c 41#include "path-lookup.h"
8e0b6570 42#include "path-util.h"
c6878637 43#include "rm-rf.h"
69a283c5 44#include "runtime-scope.h"
65ddc2c5 45#include "stat-util.h"
8b43440b 46#include "string-table.h"
07630cea 47#include "string-util.h"
8e0b6570 48#include "strv.h"
a8fbdf54 49#include "time-util.h"
a5ecdf7c 50#include "vpick.h"
89a5a90c 51#include "xattr-util.h"
cd61c3bf 52
f7178a04 53const char* const image_search_path[_IMAGE_CLASS_MAX] = {
9bca4ae4
LP		 54 [IMAGE_MACHINE] = "/etc/machines\0" /* only place symlinks here */
55 "/run/machines\0" /* and here too */
56 "/var/lib/machines\0" /* the main place for images */
57 "/var/lib/container\0" /* legacy */
58 "/usr/local/lib/machines\0"
59 "/usr/lib/machines\0",
5ef46e5f 60
9bca4ae4
LP		 61 [IMAGE_PORTABLE] = "/etc/portables\0" /* only place symlinks here */
62 "/run/portables\0" /* and here too */
63 "/var/lib/portables\0" /* the main place for images */
64 "/usr/local/lib/portables\0"
65 "/usr/lib/portables\0",
66
de862276
LB		 67 /* Note that we don't allow storing extensions under /usr/, unlike with other image types. That's
68 * because extension images are supposed to extend /usr/, so you get into recursive races, especially
69 * with directory-based extensions, as the kernel's OverlayFS explicitly checks for this and errors
70 * out with -ELOOP if it finds that a lowerdir= is a child of another lowerdir=. */
b60e0f57 71 [IMAGE_SYSEXT] = "/etc/extensions\0" /* only place symlinks here */
72 "/run/extensions\0" /* and here too */
73 "/var/lib/extensions\0", /* the main place for images */
74
75 [IMAGE_CONFEXT] = "/run/confexts\0" /* only place symlinks here */
76 "/var/lib/confexts\0" /* the main place for images */
77 "/usr/local/lib/confexts\0"
78 "/usr/lib/confexts\0",
5ef46e5f 79};
c2ce6a3d 80
8d07a8d6
VK		 81/* Inside the initrd, use a slightly different set of search path (i.e. include .extra/sysext/,
82 * /.extra/global_sysext, .extra/confext/, and /.extra/global_confext in extension search dir) */
73740c9f
LP		 83static const char* const image_search_path_initrd[_IMAGE_CLASS_MAX] = {
84 /* (entries that aren't listed here will get the same search path as for the non initrd-case) */
85
b151e696
LP		 86 [IMAGE_SYSEXT] = "/etc/extensions\0" /* only place symlinks here */
87 "/run/extensions\0" /* and here too */
88 "/var/lib/extensions\0" /* the main place for images */
8d07a8d6
VK		 89 "/.extra/sysext\0" /* put sysext (per-UKI and global) picked up by systemd-stub */
90 "/.extra/global_sysext\0", /* last, since not trusted */
d4fee894
LP		 91
92 [IMAGE_CONFEXT] = "/run/confexts\0" /* only place symlinks here */
93 "/var/lib/confexts\0" /* the main place for images */
94 "/usr/local/lib/confexts\0"
8d07a8d6
VK		 95 "/.extra/confext\0" /* put confext (per-UKI and global) picked up by systemd-stub */
96 "/.extra/global_confext\0", /* last, since not trusted. */
73740c9f
LP		 97};
98
a747994b
LP		 99static const char* image_class_suffix_table[_IMAGE_CLASS_MAX] = {
100 [IMAGE_SYSEXT] = ".sysext",
101 [IMAGE_CONFEXT] = ".confext",
102};
103
104DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(image_class_suffix, ImageClass);
105
7af5785d
LP		 106static const char *const image_root_table[_IMAGE_CLASS_MAX] = {
107 [IMAGE_MACHINE] = "/var/lib/machines",
108 [IMAGE_PORTABLE] = "/var/lib/portables",
109 [IMAGE_SYSEXT] = "/var/lib/extensions",
110 [IMAGE_CONFEXT] = "/var/lib/confexts",
111};
112
113DEFINE_STRING_TABLE_LOOKUP_TO_STRING(image_root, ImageClass);
114
8b918a3a
LP		 115static const char *const image_root_runtime_table[_IMAGE_CLASS_MAX] = {
116 [IMAGE_MACHINE] = "/run/machines",
117 [IMAGE_PORTABLE] = "/run/portables",
118 [IMAGE_SYSEXT] = "/run/extensions",
119 [IMAGE_CONFEXT] = "/run/confexts",
120};
121
122DEFINE_STRING_TABLE_LOOKUP_TO_STRING(image_root_runtime, ImageClass);
123
e1b3319b
LP		 124static const char *const image_dirname_table[_IMAGE_CLASS_MAX] = {
125 [IMAGE_MACHINE] = "machines",
126 [IMAGE_PORTABLE] = "portables",
127 [IMAGE_SYSEXT] = "extensions",
128 [IMAGE_CONFEXT] = "confexts",
129};
130
131DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(image_dirname, ImageClass);
132
d654b9dc 133static Image* image_free(Image *i) {
8301aa0b 134 assert(i);
9614bb06 135
cd61c3bf
LP		 136 free(i->name);
137 free(i->path);
c7664c07
LP		 138
139 free(i->hostname);
140 strv_free(i->machine_info);
141 strv_free(i->os_release);
a81fe93e
LP		 142 strv_free(i->sysext_release);
143 strv_free(i->confext_release);
c7664c07 144
6b430fdb 145 return mfree(i);
cd61c3bf
LP		 146}
147
8301aa0b 148DEFINE_TRIVIAL_REF_UNREF_FUNC(Image, image, image_free);
b07ec5a1
YW		 149DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(image_hash_ops, char, string_hash_func, string_compare_func,
150 Image, image_unref);
9614bb06 151
e1b3319b 152static char** image_settings_path(Image *image, RuntimeScope scope) {
8e0b6570 153 _cleanup_strv_free_ char **l = NULL;
162f6477
LP		 154 _cleanup_free_ char *fn = NULL;
155 size_t i = 0;
156 int r;
8e0b6570
LP		 157
158 assert(image);
159
e1b3319b 160 l = new0(char*, 5);
8e0b6570
LP		 161 if (!l)
162 return NULL;
163
162f6477
LP		 164 fn = strjoin(image->name, ".nspawn");
165 if (!fn)
166 return NULL;
8e0b6570 167
e1b3319b
LP		 168 static const uint64_t system_locations[] = {
169 SD_PATH_SYSTEM_CONFIGURATION,
170 SD_PATH_SYSTEM_RUNTIME,
171 SD_PATH_SYSTEM_LIBRARY_PRIVATE,
172 UINT64_MAX
173 };
174 static const uint64_t user_locations[] = {
175 SD_PATH_USER_CONFIGURATION,
176 SD_PATH_USER_RUNTIME,
177 SD_PATH_USER_LIBRARY_PRIVATE,
178 UINT64_MAX
179 };
180 const uint64_t *locations;
181
182 switch (scope) {
183 case RUNTIME_SCOPE_SYSTEM:
184 locations = system_locations;
185 break;
186
187 case RUNTIME_SCOPE_USER:
188 locations = user_locations;
189 break;
190
191 default:
192 assert_not_reached();
193 }
194
195 for (size_t k = 0; locations[k] != UINT64_MAX; k++) {
196 _cleanup_free_ char *s = NULL;
197 r = sd_path_lookup(locations[k], "systemd/nspawn", &s);
198 if (r == -ENXIO)
199 continue;
200 if (r < 0)
201 return NULL;
202
b910cc72 203 l[i] = path_join(s, fn);
8e0b6570
LP		 204 if (!l[i])
205 return NULL;
206
207 i++;
208 }
209
162f6477
LP		 210 r = file_in_same_dir(image->path, fn, l + i);
211 if (r == -ENOMEM)
8e0b6570 212 return NULL;
162f6477
LP		 213 if (r < 0)
214 log_debug_errno(r, "Failed to generate .nspawn settings path from image path, ignoring: %m");
215
216 strv_uniq(l);
8e0b6570 217
ae2a15bc 218 return TAKE_PTR(l);
8e0b6570
LP		 219}
220
162f6477
LP		 221static int image_roothash_path(Image *image, char **ret) {
222 _cleanup_free_ char *fn = NULL;
bafbac4e
LP		 223
224 assert(image);
225
162f6477
LP		 226 fn = strjoin(image->name, ".roothash");
227 if (!fn)
228 return -ENOMEM;
bafbac4e 229
162f6477 230 return file_in_same_dir(image->path, fn, ret);
bafbac4e
LP		 231}
232
c2ce6a3d 233static int image_new(
cd61c3bf 234 ImageType t,
3775e141 235 ImageClass c,
5fc7f358 236 const char *pretty,
cd61c3bf 237 const char *path,
5fc7f358 238 const char *filename,
cd61c3bf 239 bool read_only,
10f9c755 240 usec_t crtime,
cd61c3bf 241 usec_t mtime,
c2ce6a3d 242 Image **ret) {
cd61c3bf
LP		 243
244 _cleanup_(image_unrefp) Image *i = NULL;
cd61c3bf 245
cd61c3bf
LP		 246 assert(t >= 0);
247 assert(t < _IMAGE_TYPE_MAX);
5fc7f358
LP		 248 assert(pretty);
249 assert(filename);
c2ce6a3d 250 assert(ret);
cd61c3bf 251
c2108701 252 i = new(Image, 1);
cd61c3bf
LP		 253 if (!i)
254 return -ENOMEM;
255
c2108701
LP		 256 *i = (Image) {
257 .n_ref = 1,
258 .type = t,
3775e141 259 .class = c,
c2108701
LP		 260 .read_only = read_only,
261 .crtime = crtime,
262 .mtime = mtime,
263 .usage = UINT64_MAX,
264 .usage_exclusive = UINT64_MAX,
265 .limit = UINT64_MAX,
266 .limit_exclusive = UINT64_MAX,
267 };
cd61c3bf 268
5fc7f358 269 i->name = strdup(pretty);
cd61c3bf
LP		 270 if (!i->name)
271 return -ENOMEM;
272
657ee2d8 273 i->path = path_join(path, filename);
5fc7f358
LP		 274 if (!i->path)
275 return -ENOMEM;
276
4ff361cc 277 path_simplify(i->path);
cd61c3bf 278
1cc6c93a 279 *ret = TAKE_PTR(i);
c2ce6a3d 280
cd61c3bf
LP		 281 return 0;
282}
283
a5ecdf7c 284static int extract_image_basename(
a747994b 285 const char *path,
a5ecdf7c
LP		 286 const char *class_suffix, /* e.g. ".sysext" (this is an optional suffix) */
287 char **format_suffixes, /* e.g. ".raw" (one of these will be required) */
288 char **ret_basename,
289 char **ret_suffix) {
a747994b 290
a5ecdf7c 291 _cleanup_free_ char *name = NULL, *suffix = NULL;
a747994b 292 int r;
4756c94e
LP		 293
294 assert(path);
4756c94e 295
a747994b
LP		 296 r = path_extract_filename(path, &name);
297 if (r < 0)
298 return r;
4756c94e 299
a5ecdf7c 300 if (format_suffixes) {
2e6f012b 301 char *e = endswith_strv(name, format_suffixes);
a747994b 302 if (!e) /* Format suffix is required */
4756c94e
LP		 303 return -EINVAL;
304
a5ecdf7c
LP		 305 if (ret_suffix) {
306 suffix = strdup(e);
307 if (!suffix)
308 return -ENOMEM;
309 }
310
4756c94e
LP		 311 *e = 0;
312 }
313
a747994b
LP		 314 if (class_suffix) {
315 char *e = endswith(name, class_suffix);
a5ecdf7c
LP		 316 if (e) { /* Class suffix is optional */
317 if (ret_suffix) {
318 _cleanup_free_ char *j = strjoin(e, suffix);
319 if (!j)
320 return -ENOMEM;
321
322 free_and_replace(suffix, j);
323 }
324
a747994b 325 *e = 0;
a5ecdf7c 326 }
a747994b
LP		 327 }
328
4756c94e
LP		 329 if (!image_name_is_valid(name))
330 return -EINVAL;
331
a5ecdf7c
LP		 332 if (ret_suffix)
333 *ret_suffix = TAKE_PTR(suffix);
334
335 if (ret_basename)
336 *ret_basename = TAKE_PTR(name);
337
4756c94e
LP		 338 return 0;
339}
340
96ac6d3f
YW		 341static int image_update_quota(Image *i, int fd) {
342 _cleanup_close_ int fd_close = -EBADF;
343 int r;
344
345 assert(i);
346
73053472 347 if (image_is_vendor(i) || image_is_host(i))
96ac6d3f
YW		 348 return -EROFS;
349
350 if (i->type != IMAGE_SUBVOLUME)
351 return -EOPNOTSUPP;
352
353 if (fd < 0) {
476b7c3a 354 fd_close = open(i->path, O_CLOEXEC|O_DIRECTORY);
96ac6d3f
YW		 355 if (fd_close < 0)
356 return -errno;
357 fd = fd_close;
476b7c3a
LP		 358 } else {
359 /* Convert from O_PATH to proper fd, if needed */
360 fd = fd_reopen_condition(fd, O_CLOEXEC|O_DIRECTORY, O_PATH, &fd_close);
361 if (fd < 0)
362 return fd;
96ac6d3f
YW		 363 }
364
365 r = btrfs_quota_scan_ongoing(fd);
366 if (r < 0)
367 return r;
368 if (r > 0)
369 return 0;
370
371 BtrfsQuotaInfo quota;
372 r = btrfs_subvol_get_subtree_quota_fd(fd, 0, &quota);
373 if (r < 0)
374 return r;
375
376 i->usage = quota.referenced;
377 i->usage_exclusive = quota.exclusive;
378 i->limit = quota.referenced_max;
379 i->limit_exclusive = quota.exclusive_max;
380
381 return 1;
382}
383
5fc7f358 384static int image_make(
3775e141 385 ImageClass c,
5fc7f358 386 const char *pretty,
98e28335
LP		 387 int dir_fd,
388 const char *dir_path,
5fc7f358 389 const char *filename,
98e28335 390 int fd, /* O_PATH fd */
3a6ce860 391 const struct stat *st,
5fc7f358
LP		 392 Image **ret) {
393
98e28335 394 _cleanup_free_ char *pretty_buffer = NULL;
5fc7f358 395 bool read_only;
cd61c3bf
LP		 396 int r;
397
98e28335
LP		 398 assert(dir_fd >= 0 || dir_fd == AT_FDCWD);
399 assert(dir_path || dir_fd == AT_FDCWD);
5fc7f358 400 assert(filename);
cd61c3bf 401
eb38edce 402 /* We explicitly *do* follow symlinks here, since we want to allow symlinking trees, raw files and block
3a6ce860
LP		 403 * devices into /var/lib/machines/, and treat them normally.
404 *
405 * This function returns -ENOENT if we can't find the image after all, and -EMEDIUMTYPE if it's not a file we
406 * recognize. */
cd61c3bf 407
98e28335
LP		 408 _cleanup_close_ int _fd = -EBADF;
409 if (fd < 0) {
410 /* If we didn't get an fd passed in, then let's pin it via O_PATH now */
411 _fd = openat(dir_fd, filename, O_PATH|O_CLOEXEC);
412 if (_fd < 0)
413 return -errno;
414
415 fd = _fd;
416 st = NULL; /* refresh stat() data now that we have the inode pinned */
417 }
418
419 struct stat stbuf;
3a6ce860 420 if (!st) {
98e28335 421 if (fstat(fd, &stbuf) < 0)
3a6ce860
LP		 422 return -errno;
423
424 st = &stbuf;
425 }
cd61c3bf 426
98e28335
LP		 427 _cleanup_free_ char *parent = NULL;
428 if (!dir_path) {
429 (void) fd_get_path(dir_fd, &parent);
430 dir_path = parent;
431 }
bcb846f3 432
5fc7f358 433 read_only =
98e28335
LP		 434 (dir_path && path_startswith(dir_path, "/usr")) ||
435 (faccessat(fd, "", W_OK, AT_EACCESS|AT_EMPTY_PATH) < 0 && errno == EROFS);
86e339c8 436
3a6ce860 437 if (S_ISDIR(st->st_mode)) {
01b72568 438 unsigned file_attr = 0;
02dcf215 439 usec_t crtime = 0;
cd61c3bf 440
c2ce6a3d 441 if (!ret)
3a6ce860 442 return 0;
cd61c3bf 443
4756c94e 444 if (!pretty) {
a5ecdf7c
LP		 445 r = extract_image_basename(
446 filename,
447 image_class_suffix_to_string(c),
f15dcafd 448 /* format_suffixes= */ NULL,
a5ecdf7c
LP		 449 &pretty_buffer,
450 /* ret_suffix= */ NULL);
4756c94e
LP		 451 if (r < 0)
452 return r;
453
454 pretty = pretty_buffer;
455 }
5fc7f358 456
674b04ff 457 if (btrfs_might_be_subvol(st)) {
cd61c3bf 458
65ddc2c5 459 r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC);
21222ea5
LP		 460 if (r < 0)
461 return r;
79de6eb1 462 if (r > 0) {
10f9c755 463 BtrfsSubvolInfo info;
cd61c3bf 464
c2ce6a3d 465 /* It's a btrfs subvolume */
cd61c3bf 466
5bcd08db 467 r = btrfs_subvol_get_info_fd(fd, 0, &info);
10f9c755
LP		 468 if (r < 0)
469 return r;
c2ce6a3d
LP		 470
471 r = image_new(IMAGE_SUBVOLUME,
3775e141 472 c,
5fc7f358 473 pretty,
98e28335 474 dir_path,
5fc7f358
LP		 475 filename,
476 info.read_only || read_only,
10f9c755 477 info.otime,
4b270252 478 info.ctime,
c2ce6a3d
LP		 479 ret);
480 if (r < 0)
481 return r;
482
96ac6d3f 483 (void) image_update_quota(*ret, fd);
3a6ce860 484 return 0;
cd61c3bf 485 }
c2ce6a3d 486 }
cd61c3bf 487
02dcf215 488 /* Get directory creation time (not available everywhere, but that's OK */
12a7f04a 489 (void) fd_getcrtime(fd, &crtime);
02dcf215
LP		 490
491 /* If the IMMUTABLE bit is set, we consider the directory read-only. Since the ioctl is not
01b72568
LP		 492 * supported everywhere we ignore failures. */
493 (void) read_attr_fd(fd, &file_attr);
cd61c3bf 494
01b72568 495 /* It's just a normal directory. */
c2ce6a3d 496 r = image_new(IMAGE_DIRECTORY,
3775e141 497 c,
5fc7f358 498 pretty,
98e28335 499 dir_path,
5fc7f358 500 filename,
01b72568 501 read_only || (file_attr & FS_IMMUTABLE_FL),
02dcf215
LP		 502 crtime,
503 0, /* we don't use mtime of stat() here, since it's not the time of last change of the tree, but only of the top-level dir */
c2ce6a3d
LP		 504 ret);
505 if (r < 0)
506 return r;
cd61c3bf 507
3a6ce860 508 return 0;
cd61c3bf 509
3a6ce860 510 } else if (S_ISREG(st->st_mode) && endswith(filename, ".raw")) {
10f9c755 511 usec_t crtime = 0;
cd61c3bf 512
aceac2f0 513 /* It's a RAW disk image */
cd61c3bf 514
c2ce6a3d 515 if (!ret)
3a6ce860 516 return 0;
cd61c3bf 517
98e28335 518 (void) fd_getcrtime(fd, &crtime);
10f9c755 519
4756c94e 520 if (!pretty) {
a5ecdf7c
LP		 521 r = extract_image_basename(
522 filename,
523 image_class_suffix_to_string(c),
524 STRV_MAKE(".raw"),
525 &pretty_buffer,
526 /* ret_suffix= */ NULL);
4756c94e
LP		 527 if (r < 0)
528 return r;
529
530 pretty = pretty_buffer;
531 }
10f9c755 532
aceac2f0 533 r = image_new(IMAGE_RAW,
3775e141 534 c,
5fc7f358 535 pretty,
98e28335 536 dir_path,
5fc7f358 537 filename,
3a6ce860 538 !(st->st_mode & 0222) || read_only,
10f9c755 539 crtime,
3a6ce860 540 timespec_load(&st->st_mtim),
c2ce6a3d
LP		 541 ret);
542 if (r < 0)
543 return r;
cd61c3bf 544
3a6ce860
LP		 545 (*ret)->usage = (*ret)->usage_exclusive = st->st_blocks * 512;
546 (*ret)->limit = (*ret)->limit_exclusive = st->st_size;
b6b18498 547
3a6ce860 548 return 0;
eb38edce 549
3a6ce860 550 } else if (S_ISBLK(st->st_mode)) {
eb38edce
LP		 551 uint64_t size = UINT64_MAX;
552
553 /* A block device */
554
555 if (!ret)
3a6ce860 556 return 0;
eb38edce 557
4756c94e 558 if (!pretty) {
a5ecdf7c
LP		 559 r = extract_image_basename(
560 filename,
561 /* class_suffix= */ NULL,
562 /* format_suffix= */ NULL,
563 &pretty_buffer,
564 /* ret_suffix= */ NULL);
4756c94e
LP		 565 if (r < 0)
566 return r;
567
568 pretty = pretty_buffer;
569 }
eb38edce 570
98e28335 571 _cleanup_close_ int block_fd = fd_reopen(fd, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY);
eb38edce 572 if (block_fd < 0)
98e28335 573 log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", strnull(dir_path), filename);
eb38edce 574 else {
eb38edce
LP		 575 if (!read_only) {
576 int state = 0;
577
578 if (ioctl(block_fd, BLKROGET, &state) < 0)
98e28335 579 log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", strnull(dir_path), filename);
eb38edce
LP		 580 else if (state)
581 read_only = true;
582 }
583
01db9c85
LP		 584 r = blockdev_get_device_size(block_fd, &size);
585 if (r < 0)
98e28335 586 log_debug_errno(r, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", strnull(dir_path), filename);
eb38edce
LP		 587
588 block_fd = safe_close(block_fd);
589 }
590
591 r = image_new(IMAGE_BLOCK,
3775e141 592 c,
eb38edce 593 pretty,
98e28335 594 dir_path,
eb38edce 595 filename,
3a6ce860 596 !(st->st_mode & 0222) || read_only,
eb38edce
LP		 597 0,
598 0,
599 ret);
600 if (r < 0)
601 return r;
602
ed0cb346 603 if (!IN_SET(size, 0, UINT64_MAX))
eb38edce
LP		 604 (*ret)->usage = (*ret)->usage_exclusive = (*ret)->limit = (*ret)->limit_exclusive = size;
605
3a6ce860 606 return 0;
c2ce6a3d 607 }
cd61c3bf 608
3a6ce860 609 return -EMEDIUMTYPE;
c2ce6a3d 610}
cd61c3bf 611
1c0ade2e
LP		 612static int pick_image_search_path(
613 RuntimeScope scope,
614 ImageClass class,
615 char ***ret) {
616
617 int r;
618
619 assert(scope < _RUNTIME_SCOPE_MAX && scope != RUNTIME_SCOPE_GLOBAL);
620 assert(class < _IMAGE_CLASS_MAX);
621 assert(ret);
622
623 if (class < 0) {
624 *ret = NULL;
625 return 0;
626 }
627
628 if (scope < 0) {
629 _cleanup_strv_free_ char **a = NULL, **b = NULL;
630
631 r = pick_image_search_path(RUNTIME_SCOPE_USER, class, &a);
632 if (r < 0)
633 return r;
634
635 r = pick_image_search_path(RUNTIME_SCOPE_SYSTEM, class, &b);
636 if (r < 0)
637 return r;
638
639 r = strv_extend_strv(&a, b, /* filter_duplicates= */ false);
640 if (r < 0)
641 return r;
642
643 *ret = TAKE_PTR(a);
644 return 0;
645 }
646
647 switch (scope) {
648
649 case RUNTIME_SCOPE_SYSTEM: {
650 const char *ns;
651 /* Use the initrd search path if there is one, otherwise use the common one */
652 ns = in_initrd() && image_search_path_initrd[class] ?
653 image_search_path_initrd[class] :
654 image_search_path[class];
655 if (!ns)
656 break;
657
658 _cleanup_strv_free_ char **search = strv_split_nulstr(ns);
659 if (!search)
660 return -ENOMEM;
661
662 *ret = TAKE_PTR(search);
663 return 0;
664 }
665
666 case RUNTIME_SCOPE_USER: {
667 if (class != IMAGE_MACHINE)
668 break;
669
670 static const uint64_t dirs[] = {
671 SD_PATH_USER_RUNTIME,
672 SD_PATH_USER_STATE_PRIVATE,
673 SD_PATH_USER_LIBRARY_PRIVATE,
674 };
73740c9f 675
1c0ade2e
LP		 676 _cleanup_strv_free_ char **search = NULL;
677 FOREACH_ELEMENT(d, dirs) {
678 _cleanup_free_ char *p = NULL;
679
680 r = sd_path_lookup(*d, "machines", &p);
681 if (r == -ENXIO) /* No XDG_RUNTIME_DIR set */
682 continue;
683 if (r < 0)
684 return r;
685
686 r = strv_consume(&search, TAKE_PTR(p));
687 if (r < 0)
688 return r;
689 }
690
691 *ret = TAKE_PTR(search);
692 return 0;
693 }
694
695 default:
696 assert_not_reached();
697 }
698
699 *ret = NULL;
700 return 0;
73740c9f
LP		 701}
702
d654b9dc 703static char** make_possible_filenames(ImageClass class, const char *image_name) {
a5ecdf7c
LP		 704 _cleanup_strv_free_ char **l = NULL;
705
706 assert(image_name);
707
708 FOREACH_STRING(v_suffix, "", ".v")
709 FOREACH_STRING(format_suffix, "", ".raw") {
710 _cleanup_free_ char *j = NULL;
711 const char *class_suffix;
712
713 class_suffix = image_class_suffix_to_string(class);
714 if (class_suffix) {
715 j = strjoin(image_name, class_suffix, format_suffix, v_suffix);
716 if (!j)
717 return NULL;
718
719 if (strv_consume(&l, TAKE_PTR(j)) < 0)
720 return NULL;
721 }
722
723 j = strjoin(image_name, format_suffix, v_suffix);
724 if (!j)
725 return NULL;
726
727 if (strv_consume(&l, TAKE_PTR(j)) < 0)
728 return NULL;
729 }
730
731 return TAKE_PTR(l);
732}
733
1c0ade2e
LP		 734int image_find(RuntimeScope scope,
735 ImageClass class,
d577d4a4
LP		 736 const char *name,
737 const char *root,
738 Image **ret) {
739
98e28335
LP		 740 /* As mentioned above, we follow symlinks on this fstatat(), because we want to permit people to
741 * symlink block devices into the search path. (For now, we disable that when operating relative to
742 * some root directory.) */
743 int open_flags = root ? O_NOFOLLOW : 0, r;
cd61c3bf 744
1c0ade2e 745 assert(scope < _RUNTIME_SCOPE_MAX && scope != RUNTIME_SCOPE_GLOBAL);
5ef46e5f
LP		 746 assert(class >= 0);
747 assert(class < _IMAGE_CLASS_MAX);
c2ce6a3d 748 assert(name);
cd61c3bf 749
c2ce6a3d
LP		 750 /* There are no images with invalid names */
751 if (!image_name_is_valid(name))
3a6ce860 752 return -ENOENT;
cd61c3bf 753
a5ecdf7c
LP		 754 _cleanup_strv_free_ char **names = make_possible_filenames(class, name);
755 if (!names)
756 return -ENOMEM;
757
1c0ade2e
LP		 758 _cleanup_strv_free_ char **search = NULL;
759 r = pick_image_search_path(scope, class, &search);
760 if (r < 0)
761 return r;
762
763 STRV_FOREACH(path, search) {
d577d4a4 764 _cleanup_free_ char *resolved = NULL;
c2ce6a3d 765 _cleanup_closedir_ DIR *d = NULL;
cd61c3bf 766
1c0ade2e 767 r = chase_and_opendir(*path, root, CHASE_PREFIX_ROOT, &resolved, &d);
d577d4a4
LP		 768 if (r == -ENOENT)
769 continue;
770 if (r < 0)
771 return r;
cd61c3bf 772
a5ecdf7c
LP		 773 STRV_FOREACH(n, names) {
774 _cleanup_free_ char *fname_buf = NULL;
775 const char *fname = *n;
3a6ce860 776
98e28335
LP		 777 _cleanup_close_ int fd = openat(dirfd(d), fname, O_PATH|O_CLOEXEC|open_flags);
778 if (fd < 0) {
a5ecdf7c
LP		 779 if (errno != ENOENT)
780 return -errno;
5fc7f358 781
98e28335 782 continue;
a5ecdf7c
LP		 783 }
784
98e28335
LP		 785 struct stat st;
786 if (fstat(fd, &st) < 0)
787 return -errno;
788
a5ecdf7c
LP		 789 if (endswith(fname, ".raw")) {
790 if (!S_ISREG(st.st_mode)) {
791 log_debug("Ignoring non-regular file '%s' with .raw suffix.", fname);
3a6ce860 792 continue;
a5ecdf7c 793 }
3a6ce860 794
a5ecdf7c 795 } else if (endswith(fname, ".v")) {
3a6ce860 796
a5ecdf7c
LP		 797 if (!S_ISDIR(st.st_mode)) {
798 log_debug("Ignoring non-directory file '%s' with .v suffix.", fname);
799 continue;
800 }
801
802 _cleanup_free_ char *suffix = NULL;
803 suffix = strdup(ASSERT_PTR(startswith(fname, name)));
804 if (!suffix)
805 return -ENOMEM;
806
807 *ASSERT_PTR(endswith(suffix, ".v")) = 0;
808
809 _cleanup_free_ char *vp = path_join(resolved, fname);
810 if (!vp)
811 return -ENOMEM;
812
813 PickFilter filter = {
814 .type_mask = endswith(suffix, ".raw") ? (UINT32_C(1) << DT_REG) | (UINT32_C(1) << DT_BLK) : (UINT32_C(1) << DT_DIR),
815 .basename = name,
816 .architecture = _ARCHITECTURE_INVALID,
421a4ba7 817 .suffix = STRV_MAKE(suffix),
a5ecdf7c
LP		 818 };
819
820 _cleanup_(pick_result_done) PickResult result = PICK_RESULT_NULL;
821 r = path_pick(root,
822 /* toplevel_fd= */ AT_FDCWD,
823 vp,
824 &filter,
825 PICK_ARCHITECTURE|PICK_TRIES,
826 &result);
827 if (r < 0) {
828 log_debug_errno(r, "Failed to pick versioned image on '%s', skipping: %m", vp);
829 continue;
830 }
831 if (!result.path) {
832 log_debug("Found versioned directory '%s', without matching entry, skipping: %m", vp);
833 continue;
834 }
835
836 /* Refresh the stat data for the discovered target */
837 st = result.st;
98e28335 838 fd = safe_close(fd);
a5ecdf7c
LP		 839
840 _cleanup_free_ char *bn = NULL;
841 r = path_extract_filename(result.path, &bn);
842 if (r < 0) {
843 log_debug_errno(r, "Failed to extract basename of image path '%s', skipping: %m", result.path);
844 continue;
845 }
846
847 fname_buf = path_join(fname, bn);
848 if (!fname_buf)
849 return log_oom();
3a6ce860 850
a5ecdf7c 851 fname = fname_buf;
3a6ce860 852
a5ecdf7c
LP		 853 } else if (!S_ISDIR(st.st_mode) && !S_ISBLK(st.st_mode)) {
854 log_debug("Ignoring non-directory and non-block device file '%s' without suffix.", fname);
3a6ce860 855 continue;
a5ecdf7c 856 }
3a6ce860 857
98e28335 858 r = image_make(class, name, dirfd(d), resolved, fname, fd, &st, ret);
a5ecdf7c
LP		 859 if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
860 continue;
861 if (r < 0)
862 return r;
cd61c3bf 863
a5ecdf7c
LP		 864 if (ret)
865 (*ret)->discoverable = true;
cf604fd4 866
a5ecdf7c
LP		 867 return 1;
868 }
c2ce6a3d
LP		 869 }
870
1c0ade2e 871 if (scope == RUNTIME_SCOPE_SYSTEM && class == IMAGE_MACHINE && streq(name, ".host")) {
98e28335
LP		 872 r = image_make(class,
873 ".host",
874 /* dir_fd= */ AT_FDCWD,
875 /* dir_path= */ NULL,
876 /* filename= */ empty_to_root(root),
877 /* fd= */ -EBADF,
878 /* st= */ NULL,
879 ret);
cf604fd4
LP		 880 if (r < 0)
881 return r;
882
883 if (ret)
884 (*ret)->discoverable = true;
885
a5ecdf7c 886 return 1;
cf604fd4 887 }
5fc7f358 888
3a6ce860 889 return -ENOENT;
c2ce6a3d
LP		 890};
891
2ddf182b 892int image_from_path(const char *path, Image **ret) {
cf604fd4
LP		 893
894 /* Note that we don't set the 'discoverable' field of the returned object, because we don't check here whether
895 * the image is in the image search path. And if it is we don't know if the path we used is actually not
3fe91079 896 * overridden by another, different image earlier in the search path */
cf604fd4 897
2ddf182b 898 if (path_equal(path, "/"))
98e28335
LP		 899 return image_make(
900 IMAGE_MACHINE,
901 ".host",
902 /* dir_fd= */ AT_FDCWD,
903 /* dir_path= */ NULL,
904 /* filename= */ "/",
905 /* fd= */ -EBADF,
906 /* st= */ NULL,
907 ret);
908
909 return image_make(
910 _IMAGE_CLASS_INVALID,
911 /* pretty= */ NULL,
912 /* dir_fd= */ AT_FDCWD,
913 /* dir_path= */ NULL,
914 /* filename= */ path,
915 /* fd= */ -EBADF,
916 /* st= */ NULL,
917 ret);
2ddf182b
LP		 918}
919
1c0ade2e
LP		 920int image_find_harder(
921 RuntimeScope scope,
922 ImageClass class,
923 const char *name_or_path,
924 const char *root,
925 Image **ret) {
926
2ddf182b 927 if (image_name_is_valid(name_or_path))
1c0ade2e 928 return image_find(scope, class, name_or_path, root, ret);
2ddf182b
LP		 929
930 return image_from_path(name_or_path, ret);
931}
932
d577d4a4 933int image_discover(
1c0ade2e 934 RuntimeScope scope,
d577d4a4
LP		 935 ImageClass class,
936 const char *root,
624d3698 937 Hashmap **images) {
d577d4a4 938
98e28335
LP		 939 /* As mentioned above, we follow symlinks on this fstatat(), because we want to permit people to
940 * symlink block devices into the search path. (For now, we disable that when operating relative to
941 * some root directory.) */
942 int open_flags = root ? O_NOFOLLOW : 0, r;
c2ce6a3d 943
1c0ade2e 944 assert(scope < _RUNTIME_SCOPE_MAX && scope != RUNTIME_SCOPE_GLOBAL);
5ef46e5f
LP		 945 assert(class >= 0);
946 assert(class < _IMAGE_CLASS_MAX);
624d3698 947 assert(images);
c2ce6a3d 948
1c0ade2e
LP		 949 _cleanup_strv_free_ char **search = NULL;
950 r = pick_image_search_path(scope, class, &search);
951 if (r < 0)
952 return r;
953
954 STRV_FOREACH(path, search) {
d577d4a4 955 _cleanup_free_ char *resolved = NULL;
c2ce6a3d 956 _cleanup_closedir_ DIR *d = NULL;
c2ce6a3d 957
1c0ade2e 958 r = chase_and_opendir(*path, root, CHASE_PREFIX_ROOT, &resolved, &d);
d577d4a4
LP		 959 if (r == -ENOENT)
960 continue;
961 if (r < 0)
962 return r;
c2ce6a3d
LP		 963
964 FOREACH_DIRENT_ALL(de, d, return -errno) {
a5ecdf7c 965 _cleanup_free_ char *pretty = NULL, *fname_buf = NULL;
c2ce6a3d 966 _cleanup_(image_unrefp) Image *image = NULL;
a5ecdf7c 967 const char *fname = de->d_name;
c2ce6a3d 968
a5ecdf7c 969 if (dot_or_dot_dot(fname))
c2ce6a3d
LP		 970 continue;
971
98e28335
LP		 972 _cleanup_close_ int fd = openat(dirfd(d), fname, O_PATH|O_CLOEXEC|open_flags);
973 if (fd < 0) {
974 if (errno != ENOENT)
975 return -errno;
3a6ce860 976
98e28335 977 continue; /* Vanished while we were looking at it */
3a6ce860
LP		 978 }
979
98e28335
LP		 980 struct stat st;
981 if (fstat(fd, &st) < 0)
982 return -errno;
983
a5ecdf7c
LP		 984 if (S_ISREG(st.st_mode)) {
985 r = extract_image_basename(
986 fname,
987 image_class_suffix_to_string(class),
988 STRV_MAKE(".raw"),
989 &pretty,
f15dcafd 990 /* ret_suffix= */ NULL);
a5ecdf7c
LP		 991 if (r < 0) {
992 log_debug_errno(r, "Skipping directory entry '%s', which doesn't look like an image.", fname);
993 continue;
994 }
995 } else if (S_ISDIR(st.st_mode)) {
996 const char *v;
997
998 v = endswith(fname, ".v");
999 if (v) {
1000 _cleanup_free_ char *suffix = NULL, *nov = NULL;
1001
1002 nov = strndup(fname, v - fname); /* Chop off the .v */
1003 if (!nov)
1004 return -ENOMEM;
1005
1006 r = extract_image_basename(
1007 nov,
1008 image_class_suffix_to_string(class),
1009 STRV_MAKE(".raw", ""),
1010 &pretty,
1011 &suffix);
1012 if (r < 0) {
1013 log_debug_errno(r, "Skipping directory entry '%s', which doesn't look like a versioned image.", fname);
1014 continue;
1015 }
1016
1017 _cleanup_free_ char *vp = path_join(resolved, fname);
1018 if (!vp)
1019 return -ENOMEM;
1020
1021 PickFilter filter = {
1022 .type_mask = endswith(suffix, ".raw") ? (UINT32_C(1) << DT_REG) | (UINT32_C(1) << DT_BLK) : (UINT32_C(1) << DT_DIR),
1023 .basename = pretty,
1024 .architecture = _ARCHITECTURE_INVALID,
421a4ba7 1025 .suffix = STRV_MAKE(suffix),
a5ecdf7c
LP		 1026 };
1027
1028 _cleanup_(pick_result_done) PickResult result = PICK_RESULT_NULL;
1029 r = path_pick(root,
1030 /* toplevel_fd= */ AT_FDCWD,
1031 vp,
1032 &filter,
1033 PICK_ARCHITECTURE|PICK_TRIES,
1034 &result);
1035 if (r < 0) {
1036 log_debug_errno(r, "Failed to pick versioned image on '%s', skipping: %m", vp);
1037 continue;
1038 }
1039 if (!result.path) {
1040 log_debug("Found versioned directory '%s', without matching entry, skipping: %m", vp);
1041 continue;
1042 }
1043
1044 /* Refresh the stat data for the discovered target */
1045 st = result.st;
98e28335 1046 fd = safe_close(fd);
a5ecdf7c
LP		 1047
1048 _cleanup_free_ char *bn = NULL;
1049 r = path_extract_filename(result.path, &bn);
1050 if (r < 0) {
1051 log_debug_errno(r, "Failed to extract basename of image path '%s', skipping: %m", result.path);
1052 continue;
1053 }
1054
1055 fname_buf = path_join(fname, bn);
1056 if (!fname_buf)
1057 return log_oom();
1058
1059 fname = fname_buf;
1060 } else {
1061 r = extract_image_basename(
1062 fname,
1063 image_class_suffix_to_string(class),
f15dcafd 1064 /* format_suffixes= */ NULL,
a5ecdf7c
LP		 1065 &pretty,
1066 /* ret_suffix= */ NULL);
1067 if (r < 0) {
1068 log_debug_errno(r, "Skipping directory entry '%s', which doesn't look like an image.", fname);
1069 continue;
1070 }
1071 }
1072
1073 } else if (S_ISBLK(st.st_mode)) {
1074 r = extract_image_basename(
1075 fname,
1076 /* class_suffix= */ NULL,
1077 /* format_suffix= */ NULL,
1078 &pretty,
f15dcafd 1079 /* ret_suffix= */ NULL);
a5ecdf7c
LP		 1080 if (r < 0) {
1081 log_debug_errno(r, "Skipping directory entry '%s', which doesn't look like an image.", fname);
1082 continue;
1083 }
1084 } else {
1085 log_debug("Skipping directory entry '%s', which is neither regular file, directory nor block device.", fname);
1bf36bf9 1086 continue;
e7df707b 1087 }
1bf36bf9 1088
624d3698 1089 if (hashmap_contains(*images, pretty))
c2ce6a3d
LP		 1090 continue;
1091
98e28335 1092 r = image_make(class, pretty, dirfd(d), resolved, fname, fd, &st, &image);
3a6ce860 1093 if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
c2ce6a3d
LP		 1094 continue;
1095 if (r < 0)
1096 return r;
1097
cf604fd4
LP		 1098 image->discoverable = true;
1099
624d3698 1100 r = hashmap_ensure_put(images, &image_hash_ops, image->name, image);
c2ce6a3d
LP		 1101 if (r < 0)
1102 return r;
1103
5df1a553 1104 TAKE_PTR(image);
cd61c3bf
LP		 1105 }
1106 }
1107
624d3698 1108 if (scope == RUNTIME_SCOPE_SYSTEM && class == IMAGE_MACHINE && !hashmap_contains(*images, ".host")) {
5fc7f358
LP		 1109 _cleanup_(image_unrefp) Image *image = NULL;
1110
98e28335
LP		 1111 r = image_make(IMAGE_MACHINE,
1112 ".host",
1113 /* dir_fd= */ AT_FDCWD,
1114 /* dir_path= */ NULL,
1115 empty_to_root(root),
1116 /* fd= */ -EBADF,
1117 /* st= */ NULL,
1118 &image);
5fc7f358
LP		 1119 if (r < 0)
1120 return r;
1121
cf604fd4
LP		 1122 image->discoverable = true;
1123
624d3698 1124 r = hashmap_ensure_put(images, &image_hash_ops, image->name, image);
5fc7f358
LP		 1125 if (r < 0)
1126 return r;
1127
1128 image = NULL;
5fc7f358
LP		 1129 }
1130
cd61c3bf
LP		 1131 return 0;
1132}
1133
e1b3319b 1134int image_remove(Image *i, RuntimeScope scope) {
8e766630 1135 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
8e0b6570 1136 _cleanup_strv_free_ char **settings = NULL;
bafbac4e 1137 _cleanup_free_ char *roothash = NULL;
30535c16
LP		 1138 int r;
1139
08682124
LP		 1140 assert(i);
1141
73053472 1142 if (image_is_vendor(i) || image_is_host(i))
08682124
LP		 1143 return -EROFS;
1144
e1b3319b 1145 settings = image_settings_path(i, scope);
8e0b6570
LP		 1146 if (!settings)
1147 return -ENOMEM;
1148
162f6477
LP		 1149 r = image_roothash_path(i, &roothash);
1150 if (r < 0)
1151 return r;
bafbac4e 1152
30535c16 1153 /* Make sure we don't interfere with a running nspawn */
d9c5566c 1154 r = image_path_lock(scope, i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
30535c16
LP		 1155 if (r < 0)
1156 return r;
1157
ebd93cb6
LP		 1158 switch (i->type) {
1159
1160 case IMAGE_SUBVOLUME:
9fb0b9c7
LP		 1161
1162 /* Let's unlink first, maybe it is a symlink? If that works we are happy. Otherwise, let's get out the
1163 * big guns */
1164 if (unlink(i->path) < 0) {
1165 r = btrfs_subvol_remove(i->path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
1166 if (r < 0)
1167 return r;
1168 }
1169
8e0b6570 1170 break;
ebd93cb6
LP		 1171
1172 case IMAGE_DIRECTORY:
01b72568 1173 /* Allow deletion of read-only directories */
a997f338 1174 (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL);
8e0b6570
LP		 1175 r = rm_rf(i->path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
1176 if (r < 0)
1177 return r;
1178
1179 break;
01b72568 1180
eb38edce
LP		 1181 case IMAGE_BLOCK:
1182
1183 /* If this is inside of /dev, then it's a real block device, hence let's not touch the device node
1184 * itself (but let's remove the stuff stored alongside it). If it's anywhere else, let's try to unlink
1185 * the thing (it's most likely a symlink after all). */
1186
1187 if (path_startswith(i->path, "/dev"))
1188 break;
1189
4831981d 1190 _fallthrough_;
aceac2f0 1191 case IMAGE_RAW:
41d1ed05
LP		 1192 if (unlink(i->path) < 0)
1193 return -errno;
8e0b6570 1194 break;
ebd93cb6
LP		 1195
1196 default:
15411c0c 1197 return -EOPNOTSUPP;
ebd93cb6 1198 }
8e0b6570 1199
de010b0b 1200 STRV_FOREACH(j, settings)
8e0b6570
LP		 1201 if (unlink(*j) < 0 && errno != ENOENT)
1202 log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", *j);
8e0b6570 1203
bafbac4e
LP		 1204 if (unlink(roothash) < 0 && errno != ENOENT)
1205 log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", roothash);
1206
8e0b6570
LP		 1207 return 0;
1208}
1209
bafbac4e 1210static int rename_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
162f6477
LP		 1211 _cleanup_free_ char *fn = NULL, *rs = NULL;
1212 int r;
8e0b6570 1213
162f6477
LP		 1214 fn = strjoin(new_name, suffix);
1215 if (!fn)
8e0b6570
LP		 1216 return -ENOMEM;
1217
162f6477
LP		 1218 r = file_in_same_dir(path, fn, &rs);
1219 if (r < 0)
1220 return r;
1221
8e0b6570 1222 return rename_noreplace(AT_FDCWD, path, AT_FDCWD, rs);
ebd93cb6
LP		 1223}
1224
1c0ade2e 1225int image_rename(Image *i, const char *new_name, RuntimeScope scope) {
8e766630 1226 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT, name_lock = LOCK_FILE_INIT;
bafbac4e 1227 _cleanup_free_ char *new_path = NULL, *nn = NULL, *roothash = NULL;
8e0b6570 1228 _cleanup_strv_free_ char **settings = NULL;
01b72568 1229 unsigned file_attr = 0;
ebd93cb6
LP		 1230 int r;
1231
1232 assert(i);
1233
1234 if (!image_name_is_valid(new_name))
1235 return -EINVAL;
1236
73053472 1237 if (image_is_vendor(i) || image_is_host(i))
ebd93cb6
LP		 1238 return -EROFS;
1239
e1b3319b 1240 settings = image_settings_path(i, scope);
8e0b6570
LP		 1241 if (!settings)
1242 return -ENOMEM;
1243
162f6477
LP		 1244 r = image_roothash_path(i, &roothash);
1245 if (r < 0)
1246 return r;
bafbac4e 1247
30535c16 1248 /* Make sure we don't interfere with a running nspawn */
d9c5566c 1249 r = image_path_lock(scope, i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
30535c16
LP		 1250 if (r < 0)
1251 return r;
1252
1253 /* Make sure nobody takes the new name, between the time we
1254 * checked it is currently unused in all search paths, and the
f8e2f4d6 1255 * time we take possession of it */
d9c5566c 1256 r = image_name_lock(scope, new_name, LOCK_EX|LOCK_NB, &name_lock);
30535c16
LP		 1257 if (r < 0)
1258 return r;
1259
1c0ade2e 1260 r = image_find(scope, IMAGE_MACHINE, new_name, NULL, NULL);
3a6ce860 1261 if (r >= 0)
ebd93cb6 1262 return -EEXIST;
3a6ce860
LP		 1263 if (r != -ENOENT)
1264 return r;
ebd93cb6
LP		 1265
1266 switch (i->type) {
1267
ebd93cb6 1268 case IMAGE_DIRECTORY:
01b72568 1269 /* Turn of the immutable bit while we rename the image, so that we can rename it */
5e496845 1270 (void) read_attr_at(AT_FDCWD, i->path, &file_attr);
01b72568
LP		 1271
1272 if (file_attr & FS_IMMUTABLE_FL)
a997f338 1273 (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL);
01b72568 1274
4831981d 1275 _fallthrough_;
01b72568 1276 case IMAGE_SUBVOLUME:
162f6477 1277 r = file_in_same_dir(i->path, new_name, &new_path);
ebd93cb6
LP		 1278 break;
1279
eb38edce
LP		 1280 case IMAGE_BLOCK:
1281
1282 /* Refuse renaming raw block devices in /dev, the names are picked by udev after all. */
1283 if (path_startswith(i->path, "/dev"))
1284 return -EROFS;
1285
162f6477 1286 r = file_in_same_dir(i->path, new_name, &new_path);
eb38edce
LP		 1287 break;
1288
aceac2f0 1289 case IMAGE_RAW: {
ebd93cb6
LP		 1290 const char *fn;
1291
63c372cb 1292 fn = strjoina(new_name, ".raw");
162f6477
LP		 1293
1294 r = file_in_same_dir(i->path, fn, &new_path);
ebd93cb6
LP		 1295 break;
1296 }
1297
1298 default:
15411c0c 1299 return -EOPNOTSUPP;
ebd93cb6 1300 }
162f6477
LP		 1301 if (r < 0)
1302 return r;
ebd93cb6
LP		 1303
1304 nn = strdup(new_name);
1305 if (!nn)
1306 return -ENOMEM;
1307
f85ef957
AC		 1308 r = rename_noreplace(AT_FDCWD, i->path, AT_FDCWD, new_path);
1309 if (r < 0)
1310 return r;
ebd93cb6 1311
01b72568
LP		 1312 /* Restore the immutable bit, if it was set before */
1313 if (file_attr & FS_IMMUTABLE_FL)
a997f338 1314 (void) chattr_path(new_path, FS_IMMUTABLE_FL, FS_IMMUTABLE_FL);
01b72568 1315
f9ecfd3b
DL		 1316 free_and_replace(i->path, new_path);
1317 free_and_replace(i->name, nn);
ebd93cb6 1318
8e0b6570 1319 STRV_FOREACH(j, settings) {
bafbac4e 1320 r = rename_auxiliary_file(*j, new_name, ".nspawn");
8e0b6570
LP		 1321 if (r < 0 && r != -ENOENT)
1322 log_debug_errno(r, "Failed to rename settings file %s, ignoring: %m", *j);
1323 }
1324
bafbac4e
LP		 1325 r = rename_auxiliary_file(roothash, new_name, ".roothash");
1326 if (r < 0 && r != -ENOENT)
1327 log_debug_errno(r, "Failed to rename roothash file %s, ignoring: %m", roothash);
1328
ebd93cb6
LP		 1329 return 0;
1330}
1331
bafbac4e 1332static int clone_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
162f6477
LP		 1333 _cleanup_free_ char *fn = NULL, *rs = NULL;
1334 int r;
8e0b6570 1335
162f6477
LP		 1336 fn = strjoin(new_name, suffix);
1337 if (!fn)
8e0b6570
LP		 1338 return -ENOMEM;
1339
162f6477
LP		 1340 r = file_in_same_dir(path, fn, &rs);
1341 if (r < 0)
1342 return r;
1343
7c2f5495 1344 return copy_file_atomic(path, rs, 0664, COPY_REFLINK);
8e0b6570
LP		 1345}
1346
e1b3319b
LP		 1347static int get_pool_directory(
1348 RuntimeScope scope,
1349 ImageClass class,
1350 const char *fname,
1351 const char *suffix,
1352 char **ret) {
1353
1354 int r;
1355
1356 assert(scope >= 0);
1357 assert(scope < _RUNTIME_SCOPE_MAX);
1358 assert(class >= 0);
1359 assert(class < _IMAGE_CLASS_MAX);
1360 assert(ret);
1361
1362 _cleanup_free_ char *root = NULL;
1363 switch (scope) {
1364
1365 case RUNTIME_SCOPE_SYSTEM:
1366 r = sd_path_lookup(SD_PATH_SYSTEM_STATE_PRIVATE, /* suffix= */ NULL, &root);
1367 break;
1368
1369 case RUNTIME_SCOPE_USER:
1370 r = sd_path_lookup(SD_PATH_USER_STATE_PRIVATE, /* suffix= */ NULL, &root);
1371 break;
1372
1373 default:
1374 return -EOPNOTSUPP;
1375 }
1376 if (r < 0)
1377 return r;
1378
1379 const char *n = image_dirname_to_string(class);
1380 if (!n)
1381 return -EOPNOTSUPP;
1382
1383 _cleanup_free_ char *j = NULL;
1384 const char *fn;
1385 if (fname && suffix) {
1386 j = strjoin(fname, suffix);
1387 if (!j)
1388 return -ENOMEM;
1389 fn = j;
1390 } else
1391 fn = fname ?: suffix;
1392
1393 _cleanup_free_ char *p = path_join(root, n, fn);
1394 if (!p)
1395 return -ENOMEM;
1396
1397 *ret = TAKE_PTR(p);
1398 return 0;
1399}
1400
1c0ade2e 1401int image_clone(Image *i, const char *new_name, bool read_only, RuntimeScope scope) {
8e766630 1402 _cleanup_(release_lock_file) LockFile name_lock = LOCK_FILE_INIT;
8e0b6570 1403 _cleanup_strv_free_ char **settings = NULL;
bafbac4e 1404 _cleanup_free_ char *roothash = NULL;
ebd93cb6
LP		 1405 int r;
1406
1407 assert(i);
1408
1409 if (!image_name_is_valid(new_name))
1410 return -EINVAL;
1411
e1b3319b 1412 settings = image_settings_path(i, scope);
8e0b6570
LP		 1413 if (!settings)
1414 return -ENOMEM;
1415
162f6477
LP		 1416 r = image_roothash_path(i, &roothash);
1417 if (r < 0)
1418 return r;
bafbac4e 1419
30535c16
LP		 1420 /* Make sure nobody takes the new name, between the time we
1421 * checked it is currently unused in all search paths, and the
f8e2f4d6 1422 * time we take possession of it */
d9c5566c 1423 r = image_name_lock(scope, new_name, LOCK_EX|LOCK_NB, &name_lock);
30535c16
LP		 1424 if (r < 0)
1425 return r;
1426
e1b3319b 1427 r = image_find(scope, i->class, new_name, NULL, NULL);
3a6ce860 1428 if (r >= 0)
ebd93cb6 1429 return -EEXIST;
3a6ce860
LP		 1430 if (r != -ENOENT)
1431 return r;
ebd93cb6
LP		 1432
1433 switch (i->type) {
1434
1435 case IMAGE_SUBVOLUME:
e1b3319b 1436 case IMAGE_DIRECTORY: {
9a50e3ca 1437 /* If we can we'll always try to create a new btrfs subvolume here, even if the source is a plain
13e785f7 1438 * directory. */
9a50e3ca 1439
e1b3319b
LP		 1440 _cleanup_free_ char *new_path = NULL;
1441 r = get_pool_directory(scope, i->class, new_name, /* suffix= */ NULL, &new_path);
1442 if (r < 0)
1443 return r;
ebd93cb6 1444
fab4ef72
DDM		 1445 r = btrfs_subvol_snapshot_at(AT_FDCWD, i->path, AT_FDCWD, new_path,
1446 (read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) |
1447 BTRFS_SNAPSHOT_FALLBACK_COPY |
1448 BTRFS_SNAPSHOT_FALLBACK_DIRECTORY |
1449 BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE |
1450 BTRFS_SNAPSHOT_RECURSIVE |
1451 BTRFS_SNAPSHOT_QUOTA);
17cbb288 1452 if (r >= 0)
9a50e3ca 1453 /* Enable "subtree" quotas for the copy, if we didn't copy any quota from the source. */
8120ee28 1454 (void) btrfs_subvol_auto_qgroup(new_path, 0, true);
5bcd08db 1455
ebd93cb6 1456 break;
e1b3319b 1457 }
ebd93cb6 1458
e1b3319b
LP		 1459 case IMAGE_RAW: {
1460 _cleanup_free_ char *new_path = NULL;
1461 r = get_pool_directory(scope, i->class, new_name, ".raw", &new_path);
1462 if (r < 0)
1463 return r;
ebd93cb6 1464
b1cfa930
DDM		 1465 r = copy_file_atomic(i->path, new_path, read_only ? 0444 : 0644,
1466 COPY_REFLINK|COPY_CRTIME|COPY_NOCOW_AFTER);
ebd93cb6 1467 break;
e1b3319b 1468 }
ebd93cb6 1469
eb38edce 1470 case IMAGE_BLOCK:
ebd93cb6 1471 default:
15411c0c 1472 return -EOPNOTSUPP;
ebd93cb6 1473 }
ebd93cb6
LP		 1474 if (r < 0)
1475 return r;
1476
8e0b6570 1477 STRV_FOREACH(j, settings) {
bafbac4e 1478 r = clone_auxiliary_file(*j, new_name, ".nspawn");
8e0b6570
LP		 1479 if (r < 0 && r != -ENOENT)
1480 log_debug_errno(r, "Failed to clone settings %s, ignoring: %m", *j);
1481 }
1482
bafbac4e
LP		 1483 r = clone_auxiliary_file(roothash, new_name, ".roothash");
1484 if (r < 0 && r != -ENOENT)
1485 log_debug_errno(r, "Failed to clone root hash file %s, ignoring: %m", roothash);
1486
ebd93cb6
LP		 1487 return 0;
1488}
1489
d9c5566c 1490int image_read_only(Image *i, bool b, RuntimeScope scope) {
8e766630 1491 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
ebd93cb6 1492 int r;
c7664c07 1493
ebd93cb6
LP		 1494 assert(i);
1495
73053472 1496 if (image_is_vendor(i) || image_is_host(i))
ebd93cb6
LP		 1497 return -EROFS;
1498
30535c16 1499 /* Make sure we don't interfere with a running nspawn */
d9c5566c 1500 r = image_path_lock(scope, i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
30535c16
LP		 1501 if (r < 0)
1502 return r;
1503
ebd93cb6
LP		 1504 switch (i->type) {
1505
1506 case IMAGE_SUBVOLUME:
5bcd08db
LP		 1507
1508 /* Note that we set the flag only on the top-level
1509 * subvolume of the image. */
1510
ebd93cb6
LP		 1511 r = btrfs_subvol_set_read_only(i->path, b);
1512 if (r < 0)
1513 return r;
01b72568
LP		 1514
1515 break;
1516
1517 case IMAGE_DIRECTORY:
1518 /* For simple directory trees we cannot use the access
1519 mode of the top-level directory, since it has an
1520 effect on the container itself. However, we can
1521 use the "immutable" flag, to at least make the
1522 top-level directory read-only. It's not as good as
1523 a read-only subvolume, but at least something, and
13e785f7 1524 we can read the value back. */
01b72568 1525
a997f338 1526 r = chattr_path(i->path, b ? FS_IMMUTABLE_FL : 0, FS_IMMUTABLE_FL);
01b72568
LP		 1527 if (r < 0)
1528 return r;
1529
ebd93cb6
LP		 1530 break;
1531
aceac2f0 1532 case IMAGE_RAW: {
ebd93cb6
LP		 1533 struct stat st;
1534
1535 if (stat(i->path, &st) < 0)
1536 return -errno;
1537
1538 if (chmod(i->path, (st.st_mode & 0444) | (b ? 0000 : 0200)) < 0)
1539 return -errno;
f2068bcc
LP		 1540
1541 /* If the images is now read-only, it's a good time to
1542 * defrag it, given that no write patterns will
1543 * fragment it again. */
1544 if (b)
1545 (void) btrfs_defrag(i->path);
ebd93cb6
LP		 1546 break;
1547 }
1548
eb38edce 1549 case IMAGE_BLOCK: {
254d1313 1550 _cleanup_close_ int fd = -EBADF;
eb38edce
LP		 1551 struct stat st;
1552 int state = b;
1553
1554 fd = open(i->path, O_CLOEXEC|O_RDONLY|O_NONBLOCK|O_NOCTTY);
1555 if (fd < 0)
1556 return -errno;
1557
1558 if (fstat(fd, &st) < 0)
1559 return -errno;
1560 if (!S_ISBLK(st.st_mode))
1561 return -ENOTTY;
1562
1563 if (ioctl(fd, BLKROSET, &state) < 0)
1564 return -errno;
1565
1566 break;
1567 }
1568
ebd93cb6 1569 default:
15411c0c 1570 return -EOPNOTSUPP;
ebd93cb6
LP		 1571 }
1572
608c321f 1573 i->read_only = b;
ebd93cb6 1574 return 0;
08682124
LP		 1575}
1576
d9c5566c
LP		 1577static int make_lock_dir(RuntimeScope scope) {
1578 int r;
1579
1580 _cleanup_free_ char *p = NULL;
1581 r = runtime_directory_generic(scope, "systemd", &p);
1582 if (r < 0)
1583 return r;
1584
1585 _cleanup_close_ int pfd = open_mkdir_at(AT_FDCWD, p, O_CLOEXEC, 0755);
1586 if (pfd < 0)
1587 return pfd;
1588
1589 _cleanup_close_ int nfd = open_mkdir_at(pfd, "nspawn", O_CLOEXEC, 0755);
1590 if (nfd < 0)
1591 return nfd;
1592
1593 r = RET_NERRNO(mkdirat(nfd, "locks", 0700));
1594 if (r == -EEXIST)
1595 return 0;
1596 if (r < 0)
1597 return r;
1598
1599 return 1;
8759bc95
LP		 1600}
1601
cb1b813f 1602int image_path_lock(
d9c5566c 1603 RuntimeScope scope,
cb1b813f
LP		 1604 const char *path,
1605 int operation,
1606 LockFile *ret_global,
1607 LockFile *ret_local) {
1608
30535c16
LP		 1609 _cleanup_free_ char *p = NULL;
1610 LockFile t = LOCK_FILE_INIT;
1611 struct stat st;
f25bed67 1612 bool exclusive;
30535c16
LP		 1613 int r;
1614
1615 assert(path);
cb1b813f 1616 assert(ret_local);
30535c16 1617
f25bed67 1618 /* Locks an image path. This actually creates two locks: one "local" one, next to the image path
d9c5566c 1619 * itself, which might be shared via NFS. And another "global" one, in /run/, that uses the
f25bed67
LP		 1620 * device/inode number. This has the benefit that we can even lock a tree that is a mount point,
1621 * correctly. */
30535c16 1622
30535c16
LP		 1623 if (!path_is_absolute(path))
1624 return -EINVAL;
1625
f25bed67
LP		 1626 switch (operation & (LOCK_SH|LOCK_EX)) {
1627 case LOCK_SH:
1628 exclusive = false;
1629 break;
1630 case LOCK_EX:
1631 exclusive = true;
1632 break;
1633 default:
1634 return -EINVAL;
1635 }
1636
b6e953f2 1637 if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
cb1b813f
LP		 1638 *ret_local = LOCK_FILE_INIT;
1639 if (ret_global)
1640 *ret_global = LOCK_FILE_INIT;
b6e953f2
LP		 1641 return 0;
1642 }
1643
f25bed67
LP		 1644 /* Prohibit taking exclusive locks on the host image. We can't allow this, since we ourselves are
1645 * running off it after all, and we don't want any images to manipulate the host image. We make an
1646 * exception for shared locks however: we allow those (and make them NOPs since there's no point in
1647 * taking them if there can't be exclusive locks). Strictly speaking these are questionable as well,
1648 * since it means changes made to the host might propagate to the container as they happen (and a
1649 * shared lock kinda suggests that no changes happen at all while it is in place), but it's too
1650 * useful not to allow read-only containers off the host root, hence let's support this, and trust
1651 * the user to do the right thing with this. */
1652 if (path_equal(path, "/")) {
1653 if (exclusive)
1654 return -EBUSY;
1655
cb1b813f
LP		 1656 *ret_local = LOCK_FILE_INIT;
1657 if (ret_global)
1658 *ret_global = LOCK_FILE_INIT;
f25bed67
LP		 1659 return 0;
1660 }
b6e953f2 1661
cb1b813f 1662 if (ret_global) {
d9c5566c
LP		 1663 if (stat(path, &st) < 0)
1664 log_debug_errno(errno, "Failed to stat() image '%s', not locking image: %m", path);
1665 else {
1666 r = runtime_directory_generic(scope, "systemd/nspawn/locks/", &p);
1667 if (r < 0)
1668 return r;
1669
cb1b813f 1670 if (S_ISBLK(st.st_mode))
d9c5566c 1671 r = strextendf(&p, "block-" DEVNUM_FORMAT_STR, DEVNUM_FORMAT_VAL(st.st_rdev));
cb1b813f 1672 else if (S_ISDIR(st.st_mode) || S_ISREG(st.st_mode))
d9c5566c 1673 r = strextendf(&p, "inode-%" PRIu64 ":%" PRIu64, (uint64_t) st.st_dev, (uint64_t) st.st_ino);
cb1b813f
LP		 1674 else
1675 return -ENOTTY;
1676 if (r < 0)
d9c5566c 1677 return r;
cb1b813f 1678 }
30535c16
LP		 1679 }
1680
f25bed67
LP		 1681 /* For block devices we don't need the "local" lock, as the major/minor lock above should be
1682 * sufficient, since block devices are host local anyway. */
1683 if (!path_startswith(path, "/dev/")) {
eb38edce 1684 r = make_lock_file_for(path, operation, &t);
8be17c9b 1685 if (r < 0) {
d9c5566c 1686 if (exclusive || r != -EROFS)
8be17c9b 1687 return r;
d9c5566c
LP		 1688
1689 log_debug_errno(r, "Failed to create shared lock for '%s', ignoring: %m", path);
8be17c9b 1690 }
eb38edce 1691 }
30535c16
LP		 1692
1693 if (p) {
d9c5566c 1694 (void) make_lock_dir(scope);
30535c16 1695
cb1b813f 1696 r = make_lock_file(p, operation, ret_global);
30535c16
LP		 1697 if (r < 0) {
1698 release_lock_file(&t);
1699 return r;
1700 }
cb1b813f
LP		 1701 } else if (ret_global)
1702 *ret_global = LOCK_FILE_INIT;
30535c16 1703
cb1b813f 1704 *ret_local = t;
30535c16
LP		 1705 return 0;
1706}
1707
cb81cd80 1708int image_set_limit(Image *i, uint64_t referenced_max) {
96ac6d3f
YW		 1709 int r;
1710
d6ce17c7
LP		 1711 assert(i);
1712
73053472 1713 if (image_is_vendor(i) || image_is_host(i))
d6ce17c7
LP		 1714 return -EROFS;
1715
1716 if (i->type != IMAGE_SUBVOLUME)
15411c0c 1717 return -EOPNOTSUPP;
d6ce17c7 1718
5bcd08db
LP		 1719 /* We set the quota both for the subvolume as well as for the
1720 * subtree. The latter is mostly for historical reasons, since
1721 * we didn't use to have a concept of subtree quota, and hence
1722 * only modified the subvolume quota. */
1723
1724 (void) btrfs_qgroup_set_limit(i->path, 0, referenced_max);
1725 (void) btrfs_subvol_auto_qgroup(i->path, 0, true);
96ac6d3f
YW		 1726 r = btrfs_subvol_set_subtree_quota_limit(i->path, 0, referenced_max);
1727 if (r < 0)
1728 return r;
1729
1730 (void) image_update_quota(i, -EBADF);
1731 return 0;
d6ce17c7
LP		 1732}
1733
e1b3319b 1734int image_set_pool_limit(RuntimeScope scope, ImageClass class, uint64_t referenced_max) {
42f2740a
IK		 1735 int r;
1736
e1b3319b 1737 assert(scope >= 0 && scope < _RUNTIME_SCOPE_MAX);
42f2740a
IK		 1738 assert(class >= 0 && class < _IMAGE_CLASS_MAX);
1739
e1b3319b
LP		 1740 _cleanup_free_ char *pool = NULL;
1741 r = get_pool_directory(scope, class, /* fname= */ NULL, /* suffix= */ NULL, &pool);
1742 if (r < 0)
1743 return r;
42f2740a 1744
e1b3319b 1745 r = btrfs_qgroup_set_limit(pool, /* qgroupid = */ 0, referenced_max);
42f2740a
IK		 1746 if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
1747 return r;
1748 if (r < 0)
e1b3319b 1749 log_debug_errno(r, "Failed to set limit on btrfs quota group for '%s', ignoring: %m", pool);
42f2740a 1750
e1b3319b 1751 r = btrfs_subvol_set_subtree_quota_limit(pool, /* subvol_id = */ 0, referenced_max);
42f2740a
IK		 1752 if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
1753 return r;
1754 if (r < 0)
e1b3319b 1755 return log_debug_errno(r, "Failed to set subtree quota limit for '%s': %m", pool);
42f2740a
IK		 1756
1757 return 0;
1758}
1759
d9c5566c 1760int image_read_metadata(Image *i, const ImagePolicy *image_policy, RuntimeScope scope) {
8e766630 1761 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
c7664c07
LP		 1762 int r;
1763
1764 assert(i);
1765
d9c5566c 1766 r = image_path_lock(scope, i->path, LOCK_SH|LOCK_NB, &global_lock, &local_lock);
c7664c07
LP		 1767 if (r < 0)
1768 return r;
1769
1770 switch (i->type) {
1771
1772 case IMAGE_SUBVOLUME:
1773 case IMAGE_DIRECTORY: {
a81fe93e
LP		 1774 _cleanup_strv_free_ char **machine_info = NULL, **os_release = NULL, **sysext_release = NULL, **confext_release = NULL;
1775 _cleanup_free_ char *hostname = NULL, *path = NULL;
c7664c07 1776 sd_id128_t machine_id = SD_ID128_NULL;
c7664c07 1777
b60e0f57 1778 if (i->class == IMAGE_SYSEXT) {
6afa5d86
LB		 1779 r = extension_has_forbidden_content(i->path);
1780 if (r < 0)
1781 return r;
1782 if (r > 0)
1783 return log_debug_errno(SYNTHETIC_ERRNO(ENOMEDIUM),
1784 "Conflicting content found in image %s, refusing.",
1785 i->name);
1786 }
1787
f461a28d 1788 r = chase("/etc/hostname", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
c7664c07
LP		 1789 if (r < 0 && r != -ENOENT)
1790 log_debug_errno(r, "Failed to chase /etc/hostname in image %s: %m", i->name);
1791 else if (r >= 0) {
af9c45d5 1792 r = read_etc_hostname(path, /* substitute_wildcards= */ false, &hostname);
c7664c07 1793 if (r < 0)
cc4482ee 1794 log_debug_errno(r, "Failed to read /etc/hostname of image %s: %m", i->name);
c7664c07
LP		 1795 }
1796
1797 path = mfree(path);
1798
f7b5f399
YW		 1799 r = id128_get_machine(i->path, &machine_id);
1800 if (r < 0)
1801 log_debug_errno(r, "Failed to read machine ID in image %s, ignoring: %m", i->name);
c7664c07 1802
f461a28d 1803 r = chase("/etc/machine-info", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
c7664c07
LP		 1804 if (r < 0 && r != -ENOENT)
1805 log_debug_errno(r, "Failed to chase /etc/machine-info in image %s: %m", i->name);
1806 else if (r >= 0) {
aa8fbc74 1807 r = load_env_file_pairs(NULL, path, &machine_info);
c7664c07
LP		 1808 if (r < 0)
1809 log_debug_errno(r, "Failed to parse machine-info data of %s: %m", i->name);
1810 }
1811
d58ad743
LP		 1812 r = load_os_release_pairs(i->path, &os_release);
1813 if (r < 0)
1814 log_debug_errno(r, "Failed to read os-release in image, ignoring: %m");
c7664c07 1815
a81fe93e 1816 r = load_extension_release_pairs(i->path, IMAGE_SYSEXT, i->name, /* relax_extension_release_check= */ false, &sysext_release);
bcf94222 1817 if (r < 0)
a81fe93e
LP		 1818 log_debug_errno(r, "Failed to read sysext-release in image, ignoring: %m");
1819
1820 r = load_extension_release_pairs(i->path, IMAGE_CONFEXT, i->name, /* relax_extension_release_check= */ false, &confext_release);
1821 if (r < 0)
1822 log_debug_errno(r, "Failed to read confext-release in image, ignoring: %m");
bcf94222 1823
c7664c07
LP		 1824 free_and_replace(i->hostname, hostname);
1825 i->machine_id = machine_id;
1826 strv_free_and_replace(i->machine_info, machine_info);
1827 strv_free_and_replace(i->os_release, os_release);
a81fe93e
LP		 1828 strv_free_and_replace(i->sysext_release, sysext_release);
1829 strv_free_and_replace(i->confext_release, confext_release);
c7664c07
LP		 1830 break;
1831 }
1832
1833 case IMAGE_RAW:
1834 case IMAGE_BLOCK: {
1835 _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
1836 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
f4a63ce2
LP		 1837 DissectImageFlags flags =
1838 DISSECT_IMAGE_GENERIC_ROOT |
1839 DISSECT_IMAGE_REQUIRE_ROOT |
1840 DISSECT_IMAGE_RELAX_VAR_CHECK |
1841 DISSECT_IMAGE_READ_ONLY |
1842 DISSECT_IMAGE_USR_NO_ROOT |
1843 DISSECT_IMAGE_ADD_PARTITION_DEVICES |
1844 DISSECT_IMAGE_PIN_PARTITION_DEVICES |
1845 DISSECT_IMAGE_VALIDATE_OS |
1846 DISSECT_IMAGE_VALIDATE_OS_EXT |
1847 DISSECT_IMAGE_ALLOW_USERSPACE_VERITY;
1848
1849 r = loop_device_make_by_path(
1850 i->path,
1851 O_RDONLY,
1852 /* sector_size= */ UINT32_MAX,
1853 LO_FLAGS_PARTSCAN,
1854 LOCK_SH,
1855 &d);
41bc4849
LP		 1856 if (r < 0)
1857 return r;
1858
bad31660
YW		 1859 r = dissect_loop_device(
1860 d,
84be0c71
LP		 1861 /* verity= */ NULL,
1862 /* mount_options= */ NULL,
1863 image_policy,
f1395724 1864 /* image_filter= */ NULL,
f4a63ce2 1865 flags,
75dc190d 1866 &m);
c7664c07
LP		 1867 if (r < 0)
1868 return r;
1869
44e3097d
LP		 1870 r = dissected_image_acquire_metadata(
1871 m,
1872 /* userns_fd= */ -EBADF,
1873 flags);
c7664c07
LP		 1874 if (r < 0)
1875 return r;
1876
1877 free_and_replace(i->hostname, m->hostname);
1878 i->machine_id = m->machine_id;
1879 strv_free_and_replace(i->machine_info, m->machine_info);
1880 strv_free_and_replace(i->os_release, m->os_release);
a81fe93e
LP		 1881 strv_free_and_replace(i->sysext_release, m->sysext_release);
1882 strv_free_and_replace(i->confext_release, m->confext_release);
c7664c07
LP		 1883
1884 break;
1885 }
1886
1887 default:
1888 return -EOPNOTSUPP;
1889 }
1890
1891 i->metadata_valid = true;
1892
1893 return 0;
1894}
1895
d9c5566c
LP		 1896int image_name_lock(
1897 RuntimeScope scope,
1898 const char *name,
1899 int operation,
1900 LockFile *ret) {
1901
1902 int r;
99d97afc 1903
30535c16
LP		 1904 assert(name);
1905 assert(ret);
1906
1907 /* Locks an image name, regardless of the precise path used. */
1908
99d97afc
LP		 1909 if (streq(name, ".host"))
1910 return -EBUSY;
1911
30535c16
LP		 1912 if (!image_name_is_valid(name))
1913 return -EINVAL;
1914
b6e953f2
LP		 1915 if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
1916 *ret = (LockFile) LOCK_FILE_INIT;
1917 return 0;
1918 }
1919
d9c5566c
LP		 1920 (void) make_lock_dir(scope);
1921
1922 _cleanup_free_ char *p = NULL;
1923 r = runtime_directory_generic(scope, "systemd/nspawn/locks/name-", &p);
1924 if (r < 0)
1925 return r;
1926
1927 if (!strextend(&p, name))
1928 return -ENOMEM;
99d97afc 1929
30535c16
LP		 1930 return make_lock_file(p, operation, ret);
1931}
1932
d577d4a4 1933bool image_in_search_path(
1c0ade2e 1934 RuntimeScope scope,
d577d4a4
LP		 1935 ImageClass class,
1936 const char *root,
1937 const char *image) {
1938
1c0ade2e
LP		 1939 int r;
1940
1941 assert(scope < _RUNTIME_SCOPE_MAX && scope != RUNTIME_SCOPE_GLOBAL);
1942 assert(class >= 0);
1943 assert(class < _IMAGE_CLASS_MAX);
ace9ab19
LP		 1944 assert(image);
1945
1c0ade2e
LP		 1946 _cleanup_strv_free_ char **search = NULL;
1947 r = pick_image_search_path(scope, class, &search);
1948 if (r < 0)
1949 return r;
1950
1951 STRV_FOREACH(path, search) {
d577d4a4 1952 const char *p, *q;
ace9ab19
LP		 1953 size_t k;
1954
d577d4a4 1955 if (!empty_or_root(root)) {
1c0ade2e 1956 q = path_startswith(*path, root);
d577d4a4
LP		 1957 if (!q)
1958 continue;
1959 } else
1c0ade2e 1960 q = *path;
d577d4a4 1961
1c0ade2e 1962 p = path_startswith(q, *path);
ace9ab19
LP		 1963 if (!p)
1964 continue;
1965
1966 /* Make sure there's a filename following */
1967 k = strcspn(p, "/");
1968 if (k == 0)
1969 continue;
1970
1971 p += k;
1972
1973 /* Accept trailing slashes */
1974 if (p[strspn(p, "/")] == 0)
1975 return true;
ace9ab19
LP		 1976 }
1977
1978 return false;
1979}
1980
73053472
DDM		 1981bool image_is_vendor(const struct Image *i) {
1982 assert(i);
1983
1984 return i->path && path_startswith(i->path, "/usr");
1985}
1986
1987bool image_is_host(const struct Image *i) {
1988 assert(i);
1989
1990 if (i->name && streq(i->name, ".host"))
1991 return true;
1992
1993 if (i->path && path_equal(i->path, "/"))
1994 return true;
1995
1996 return false;
1997}
1998
309a747f 1999int image_to_json(const struct Image *img, sd_json_variant **ret) {
f5151fb4
LP		 2000 assert(img);
2001
be5bee2a
LP		 2002 return sd_json_buildo(
2003 ret,
2004 SD_JSON_BUILD_PAIR_STRING("Type", image_type_to_string(img->type)),
2005 SD_JSON_BUILD_PAIR_STRING("Class", image_class_to_string(img->class)),
2006 SD_JSON_BUILD_PAIR_STRING("Name", img->name),
2007 SD_JSON_BUILD_PAIR_CONDITION(!!img->path, "Path", SD_JSON_BUILD_STRING(img->path)),
2008 SD_JSON_BUILD_PAIR_BOOLEAN("ReadOnly", img->read_only),
2009 SD_JSON_BUILD_PAIR_CONDITION(img->crtime != 0, "CreationTimestamp", SD_JSON_BUILD_UNSIGNED(img->crtime)),
2010 SD_JSON_BUILD_PAIR_CONDITION(img->mtime != 0, "ModificationTimestamp", SD_JSON_BUILD_UNSIGNED(img->mtime)),
2011 SD_JSON_BUILD_PAIR_CONDITION(img->usage != UINT64_MAX, "Usage", SD_JSON_BUILD_UNSIGNED(img->usage)),
2012 SD_JSON_BUILD_PAIR_CONDITION(img->usage_exclusive != UINT64_MAX, "UsageExclusive", SD_JSON_BUILD_UNSIGNED(img->usage_exclusive)),
2013 SD_JSON_BUILD_PAIR_CONDITION(img->limit != UINT64_MAX, "Limit", SD_JSON_BUILD_UNSIGNED(img->limit)),
2014 SD_JSON_BUILD_PAIR_CONDITION(img->limit_exclusive != UINT64_MAX, "LimitExclusive", SD_JSON_BUILD_UNSIGNED(img->limit_exclusive)));
f5151fb4
LP		 2015}
2016
cd61c3bf
LP		 2017static const char* const image_type_table[_IMAGE_TYPE_MAX] = {
2018 [IMAGE_DIRECTORY] = "directory",
2019 [IMAGE_SUBVOLUME] = "subvolume",
25cdbd04
LP		 2020 [IMAGE_RAW] = "raw",
2021 [IMAGE_BLOCK] = "block",
cd61c3bf
LP		 2022};
2023
2024DEFINE_STRING_TABLE_LOOKUP(image_type, ImageType);
Unnamed repository; edit this file 'description' to name the repository.