]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/machine-id-setup.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2589 from keszybz/resolve-tool-2
[thirdparty/systemd.git] / src / core / machine-id-setup.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2010 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <errno.h>
21 #include <fcntl.h>
22 #include <sched.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <sys/mount.h>
26 #include <unistd.h>
27
28 #include "sd-id128.h"
29
30 #include "alloc-util.h"
31 #include "fd-util.h"
32 #include "fileio.h"
33 #include "fs-util.h"
34 #include "hexdecoct.h"
35 #include "io-util.h"
36 #include "log.h"
37 #include "machine-id-setup.h"
38 #include "macro.h"
39 #include "mkdir.h"
40 #include "mount-util.h"
41 #include "path-util.h"
42 #include "process-util.h"
43 #include "stat-util.h"
44 #include "string-util.h"
45 #include "umask-util.h"
46 #include "util.h"
47 #include "virt.h"
48
49 static int shorten_uuid(char destination[34], const char source[36]) {
50 unsigned i, j;
51
52 assert(destination);
53 assert(source);
54
55 /* Converts a UUID into a machine ID, by lowercasing it and
56 * removing dashes. Validates everything. */
57
58 for (i = 0, j = 0; i < 36 && j < 32; i++) {
59 int t;
60
61 t = unhexchar(source[i]);
62 if (t < 0)
63 continue;
64
65 destination[j++] = hexchar(t);
66 }
67
68 if (i != 36 || j != 32)
69 return -EINVAL;
70
71 destination[32] = '\n';
72 destination[33] = 0;
73 return 0;
74 }
75
76 static int read_machine_id(int fd, char id[34]) {
77 char id_to_validate[34];
78 int r;
79
80 assert(fd >= 0);
81 assert(id);
82
83 /* Reads a machine ID from a file, validates it, and returns
84 * it. The returned ID ends in a newline. */
85
86 r = loop_read_exact(fd, id_to_validate, 33, false);
87 if (r < 0)
88 return r;
89
90 if (id_to_validate[32] != '\n')
91 return -EINVAL;
92
93 id_to_validate[32] = 0;
94
95 if (!id128_is_valid(id_to_validate))
96 return -EINVAL;
97
98 memcpy(id, id_to_validate, 32);
99 id[32] = '\n';
100 id[33] = 0;
101 return 0;
102 }
103
104 static int write_machine_id(int fd, char id[34]) {
105 assert(fd >= 0);
106 assert(id);
107
108 if (lseek(fd, 0, SEEK_SET) < 0)
109 return -errno;
110
111 return loop_write(fd, id, 33, false);
112 }
113
114 static int generate_machine_id(char id[34], const char *root) {
115 int fd, r;
116 unsigned char *p;
117 sd_id128_t buf;
118 char *q;
119 const char *dbus_machine_id;
120
121 assert(id);
122
123 if (isempty(root))
124 dbus_machine_id = "/var/lib/dbus/machine-id";
125 else
126 dbus_machine_id = strjoina(root, "/var/lib/dbus/machine-id");
127
128 /* First, try reading the D-Bus machine id, unless it is a symlink */
129 fd = open(dbus_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
130 if (fd >= 0) {
131 r = read_machine_id(fd, id);
132 safe_close(fd);
133
134 if (r >= 0) {
135 log_info("Initializing machine ID from D-Bus machine ID.");
136 return 0;
137 }
138 }
139
140 if (isempty(root)) {
141 /* If that didn't work, see if we are running in a container,
142 * and a machine ID was passed in via $container_uuid the way
143 * libvirt/LXC does it */
144
145 if (detect_container() > 0) {
146 _cleanup_free_ char *e = NULL;
147
148 r = getenv_for_pid(1, "container_uuid", &e);
149 if (r > 0) {
150 r = shorten_uuid(id, e);
151 if (r >= 0) {
152 log_info("Initializing machine ID from container UUID.");
153 return 0;
154 }
155 }
156
157 } else if (detect_vm() == VIRTUALIZATION_KVM) {
158
159 /* If we are not running in a container, see if we are
160 * running in qemu/kvm and a machine ID was passed in
161 * via -uuid on the qemu/kvm command line */
162
163 char uuid[36];
164
165 fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
166 if (fd >= 0) {
167 r = loop_read_exact(fd, uuid, 36, false);
168 safe_close(fd);
169
170 if (r >= 0) {
171 r = shorten_uuid(id, uuid);
172 if (r >= 0) {
173 log_info("Initializing machine ID from KVM UUID.");
174 return 0;
175 }
176 }
177 }
178 }
179 }
180
181 /* If that didn't work, generate a random machine id */
182 r = sd_id128_randomize(&buf);
183 if (r < 0)
184 return log_error_errno(r, "Failed to open /dev/urandom: %m");
185
186 for (p = buf.bytes, q = id; p < buf.bytes + sizeof(buf); p++, q += 2) {
187 q[0] = hexchar(*p >> 4);
188 q[1] = hexchar(*p & 15);
189 }
190
191 id[32] = '\n';
192 id[33] = 0;
193
194 log_info("Initializing machine ID from random generator.");
195
196 return 0;
197 }
198
199 int machine_id_setup(const char *root, sd_id128_t machine_id) {
200 const char *etc_machine_id, *run_machine_id;
201 _cleanup_close_ int fd = -1;
202 bool writable = true;
203 char id[34]; /* 32 + \n + \0 */
204 int r;
205
206 if (isempty(root)) {
207 etc_machine_id = "/etc/machine-id";
208 run_machine_id = "/run/machine-id";
209 } else {
210 char *x;
211
212 x = strjoina(root, "/etc/machine-id");
213 etc_machine_id = path_kill_slashes(x);
214
215 x = strjoina(root, "/run/machine-id");
216 run_machine_id = path_kill_slashes(x);
217 }
218
219 RUN_WITH_UMASK(0000) {
220 /* We create this 0444, to indicate that this isn't really
221 * something you should ever modify. Of course, since the file
222 * will be owned by root it doesn't matter much, but maybe
223 * people look. */
224
225 mkdir_parents(etc_machine_id, 0755);
226 fd = open(etc_machine_id, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444);
227 if (fd < 0) {
228 int old_errno = errno;
229
230 fd = open(etc_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY);
231 if (fd < 0) {
232 if (old_errno == EROFS && errno == ENOENT)
233 log_error_errno(errno,
234 "System cannot boot: Missing /etc/machine-id and /etc is mounted read-only.\n"
235 "Booting up is supported only when:\n"
236 "1) /etc/machine-id exists and is populated.\n"
237 "2) /etc/machine-id exists and is empty.\n"
238 "3) /etc/machine-id is missing and /etc is writable.\n");
239 else
240 log_error_errno(errno, "Cannot open %s: %m", etc_machine_id);
241
242 return -errno;
243 }
244
245 writable = false;
246 }
247 }
248
249 /* A machine id argument overrides all other machined-ids */
250 if (!sd_id128_is_null(machine_id)) {
251 sd_id128_to_string(machine_id, id);
252 id[32] = '\n';
253 id[33] = 0;
254 } else {
255 if (read_machine_id(fd, id) >= 0)
256 return 0;
257
258 /* Hmm, so, the id currently stored is not useful, then let's
259 * generate one */
260
261 r = generate_machine_id(id, root);
262 if (r < 0)
263 return r;
264 }
265
266 if (writable)
267 if (write_machine_id(fd, id) >= 0)
268 return 0;
269
270 fd = safe_close(fd);
271
272 /* Hmm, we couldn't write it? So let's write it to
273 * /run/machine-id as a replacement */
274
275 RUN_WITH_UMASK(0022) {
276 r = write_string_file(run_machine_id, id, WRITE_STRING_FILE_CREATE);
277 }
278 if (r < 0) {
279 (void) unlink(run_machine_id);
280 return log_error_errno(r, "Cannot write %s: %m", run_machine_id);
281 }
282
283 /* And now, let's mount it over */
284 if (mount(run_machine_id, etc_machine_id, NULL, MS_BIND, NULL) < 0) {
285 (void) unlink_noerrno(run_machine_id);
286 return log_error_errno(errno, "Failed to mount %s: %m", etc_machine_id);
287 }
288
289 log_info("Installed transient %s file.", etc_machine_id);
290
291 /* Mark the mount read-only */
292 if (mount(NULL, etc_machine_id, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL) < 0)
293 log_warning_errno(errno, "Failed to make transient %s read-only: %m", etc_machine_id);
294
295 return 0;
296 }
297
298 int machine_id_commit(const char *root) {
299 _cleanup_close_ int fd = -1, initial_mntns_fd = -1;
300 const char *etc_machine_id;
301 char id[34]; /* 32 + \n + \0 */
302 int r;
303
304 if (isempty(root))
305 etc_machine_id = "/etc/machine-id";
306 else {
307 char *x;
308
309 x = strjoina(root, "/etc/machine-id");
310 etc_machine_id = path_kill_slashes(x);
311 }
312
313 r = path_is_mount_point(etc_machine_id, 0);
314 if (r < 0)
315 return log_error_errno(r, "Failed to determine whether %s is a mount point: %m", etc_machine_id);
316 if (r == 0) {
317 log_debug("%s is is not a mount point. Nothing to do.", etc_machine_id);
318 return 0;
319 }
320
321 /* Read existing machine-id */
322 fd = open(etc_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY);
323 if (fd < 0)
324 return log_error_errno(errno, "Cannot open %s: %m", etc_machine_id);
325
326 r = read_machine_id(fd, id);
327 if (r < 0)
328 return log_error_errno(r, "We didn't find a valid machine ID in %s.", etc_machine_id);
329
330 r = fd_is_temporary_fs(fd);
331 if (r < 0)
332 return log_error_errno(r, "Failed to determine whether %s is on a temporary file system: %m", etc_machine_id);
333 if (r == 0) {
334 log_error("%s is not on a temporary file system.", etc_machine_id);
335 return -EROFS;
336 }
337
338 fd = safe_close(fd);
339
340 /* Store current mount namespace */
341 r = namespace_open(0, NULL, &initial_mntns_fd, NULL, NULL, NULL);
342 if (r < 0)
343 return log_error_errno(r, "Can't fetch current mount namespace: %m");
344
345 /* Switch to a new mount namespace, isolate ourself and unmount etc_machine_id in our new namespace */
346 if (unshare(CLONE_NEWNS) < 0)
347 return log_error_errno(errno, "Failed to enter new namespace: %m");
348
349 if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
350 return log_error_errno(errno, "Couldn't make-rslave / mountpoint in our private namespace: %m");
351
352 if (umount(etc_machine_id) < 0)
353 return log_error_errno(errno, "Failed to unmount transient %s file in our private namespace: %m", etc_machine_id);
354
355 /* Update a persistent version of etc_machine_id */
356 fd = open(etc_machine_id, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444);
357 if (fd < 0)
358 return log_error_errno(errno, "Cannot open for writing %s. This is mandatory to get a persistent machine-id: %m", etc_machine_id);
359
360 r = write_machine_id(fd, id);
361 if (r < 0)
362 return log_error_errno(r, "Cannot write %s: %m", etc_machine_id);
363
364 fd = safe_close(fd);
365
366 /* Return to initial namespace and proceed a lazy tmpfs unmount */
367 r = namespace_enter(-1, initial_mntns_fd, -1, -1, -1);
368 if (r < 0)
369 return log_warning_errno(r, "Failed to switch back to initial mount namespace: %m.\nWe'll keep transient %s file until next reboot.", etc_machine_id);
370
371 if (umount2(etc_machine_id, MNT_DETACH) < 0)
372 return log_warning_errno(errno, "Failed to unmount transient %s file: %m.\nWe keep that mount until next reboot.", etc_machine_id);
373
374 return 0;
375 }
Unnamed repository; edit this file 'description' to name the repository.