]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/machine/image-dbus.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #7218 from matijaskala/patch-4
[thirdparty/systemd.git] / src / machine / image-dbus.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2014 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <sys/file.h>
21 #include <sys/mount.h>
22
23 #include "alloc-util.h"
24 #include "bus-label.h"
25 #include "bus-util.h"
26 #include "copy.h"
27 #include "dissect-image.h"
28 #include "fd-util.h"
29 #include "fileio.h"
30 #include "fs-util.h"
31 #include "image-dbus.h"
32 #include "io-util.h"
33 #include "loop-util.h"
34 #include "machine-image.h"
35 #include "mount-util.h"
36 #include "process-util.h"
37 #include "raw-clone.h"
38 #include "strv.h"
39 #include "user-util.h"
40
41 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, image_type, ImageType);
42
43 int bus_image_method_remove(
44 sd_bus_message *message,
45 void *userdata,
46 sd_bus_error *error) {
47
48 _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
49 Image *image = userdata;
50 Manager *m = image->userdata;
51 pid_t child;
52 int r;
53
54 assert(message);
55 assert(image);
56
57 if (m->n_operations >= OPERATIONS_MAX)
58 return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
59
60 r = bus_verify_polkit_async(
61 message,
62 CAP_SYS_ADMIN,
63 "org.freedesktop.machine1.manage-images",
64 NULL,
65 false,
66 UID_INVALID,
67 &m->polkit_registry,
68 error);
69 if (r < 0)
70 return r;
71 if (r == 0)
72 return 1; /* Will call us back */
73
74 if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
75 return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
76
77 child = fork();
78 if (child < 0)
79 return sd_bus_error_set_errnof(error, errno, "Failed to fork(): %m");
80 if (child == 0) {
81 errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
82
83 r = image_remove(image);
84 if (r < 0) {
85 (void) write(errno_pipe_fd[1], &r, sizeof(r));
86 _exit(EXIT_FAILURE);
87 }
88
89 _exit(EXIT_SUCCESS);
90 }
91
92 errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
93
94 r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
95 if (r < 0) {
96 (void) sigkill_wait(child);
97 return r;
98 }
99
100 errno_pipe_fd[0] = -1;
101
102 return 1;
103 }
104
105 int bus_image_method_rename(
106 sd_bus_message *message,
107 void *userdata,
108 sd_bus_error *error) {
109
110 Image *image = userdata;
111 Manager *m = image->userdata;
112 const char *new_name;
113 int r;
114
115 assert(message);
116 assert(image);
117
118 r = sd_bus_message_read(message, "s", &new_name);
119 if (r < 0)
120 return r;
121
122 if (!image_name_is_valid(new_name))
123 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
124
125 r = bus_verify_polkit_async(
126 message,
127 CAP_SYS_ADMIN,
128 "org.freedesktop.machine1.manage-images",
129 NULL,
130 false,
131 UID_INVALID,
132 &m->polkit_registry,
133 error);
134 if (r < 0)
135 return r;
136 if (r == 0)
137 return 1; /* Will call us back */
138
139 r = image_rename(image, new_name);
140 if (r < 0)
141 return r;
142
143 return sd_bus_reply_method_return(message, NULL);
144 }
145
146 int bus_image_method_clone(
147 sd_bus_message *message,
148 void *userdata,
149 sd_bus_error *error) {
150
151 _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
152 Image *image = userdata;
153 Manager *m = image->userdata;
154 const char *new_name;
155 int r, read_only;
156 pid_t child;
157
158 assert(message);
159 assert(image);
160 assert(m);
161
162 if (m->n_operations >= OPERATIONS_MAX)
163 return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
164
165 r = sd_bus_message_read(message, "sb", &new_name, &read_only);
166 if (r < 0)
167 return r;
168
169 if (!image_name_is_valid(new_name))
170 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
171
172 r = bus_verify_polkit_async(
173 message,
174 CAP_SYS_ADMIN,
175 "org.freedesktop.machine1.manage-images",
176 NULL,
177 false,
178 UID_INVALID,
179 &m->polkit_registry,
180 error);
181 if (r < 0)
182 return r;
183 if (r == 0)
184 return 1; /* Will call us back */
185
186 if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
187 return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
188
189 child = fork();
190 if (child < 0)
191 return sd_bus_error_set_errnof(error, errno, "Failed to fork(): %m");
192 if (child == 0) {
193 errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
194
195 r = image_clone(image, new_name, read_only);
196 if (r < 0) {
197 (void) write(errno_pipe_fd[1], &r, sizeof(r));
198 _exit(EXIT_FAILURE);
199 }
200
201 _exit(EXIT_SUCCESS);
202 }
203
204 errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
205
206 r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
207 if (r < 0) {
208 (void) sigkill_wait(child);
209 return r;
210 }
211
212 errno_pipe_fd[0] = -1;
213
214 return 1;
215 }
216
217 int bus_image_method_mark_read_only(
218 sd_bus_message *message,
219 void *userdata,
220 sd_bus_error *error) {
221
222 Image *image = userdata;
223 Manager *m = image->userdata;
224 int r, read_only;
225
226 assert(message);
227
228 r = sd_bus_message_read(message, "b", &read_only);
229 if (r < 0)
230 return r;
231
232 r = bus_verify_polkit_async(
233 message,
234 CAP_SYS_ADMIN,
235 "org.freedesktop.machine1.manage-images",
236 NULL,
237 false,
238 UID_INVALID,
239 &m->polkit_registry,
240 error);
241 if (r < 0)
242 return r;
243 if (r == 0)
244 return 1; /* Will call us back */
245
246 r = image_read_only(image, read_only);
247 if (r < 0)
248 return r;
249
250 return sd_bus_reply_method_return(message, NULL);
251 }
252
253 int bus_image_method_set_limit(
254 sd_bus_message *message,
255 void *userdata,
256 sd_bus_error *error) {
257
258 Image *image = userdata;
259 Manager *m = image->userdata;
260 uint64_t limit;
261 int r;
262
263 assert(message);
264
265 r = sd_bus_message_read(message, "t", &limit);
266 if (r < 0)
267 return r;
268 if (!FILE_SIZE_VALID_OR_INFINITY(limit))
269 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
270
271 r = bus_verify_polkit_async(
272 message,
273 CAP_SYS_ADMIN,
274 "org.freedesktop.machine1.manage-images",
275 NULL,
276 false,
277 UID_INVALID,
278 &m->polkit_registry,
279 error);
280 if (r < 0)
281 return r;
282 if (r == 0)
283 return 1; /* Will call us back */
284
285 r = image_set_limit(image, limit);
286 if (r < 0)
287 return r;
288
289 return sd_bus_reply_method_return(message, NULL);
290 }
291
292 #define EXIT_NOT_FOUND 2
293
294 static int directory_image_get_os_release(Image *image, char ***ret, sd_bus_error *error) {
295
296 _cleanup_free_ char *path = NULL;
297 int r;
298
299 assert(image);
300 assert(ret);
301
302 r = chase_symlinks("/etc/os-release", image->path, CHASE_PREFIX_ROOT, &path);
303 if (r == -ENOENT)
304 r = chase_symlinks("/usr/lib/os-release", image->path, CHASE_PREFIX_ROOT, &path);
305 if (r == -ENOENT)
306 return sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "Image does not contain OS release information");
307 if (r < 0)
308 return sd_bus_error_set_errnof(error, r, "Failed to resolve %s: %m", image->path);
309
310 r = load_env_file_pairs(NULL, path, NULL, ret);
311 if (r < 0)
312 return sd_bus_error_set_errnof(error, r, "Failed to open %s: %m", path);
313
314 return 0;
315 }
316
317 static int raw_image_get_os_release(Image *image, char ***ret, sd_bus_error *error) {
318 _cleanup_(rmdir_and_freep) char *t = NULL;
319 _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
320 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
321 _cleanup_(sigkill_waitp) pid_t child = 0;
322 _cleanup_close_pair_ int pair[2] = { -1, -1 };
323 _cleanup_fclose_ FILE *f = NULL;
324 _cleanup_strv_free_ char **v = NULL;
325 siginfo_t si;
326 int r;
327
328 assert(image);
329 assert(ret);
330
331 r = mkdtemp_malloc("/tmp/machined-root-XXXXXX", &t);
332 if (r < 0)
333 return sd_bus_error_set_errnof(error, r, "Failed to create temporary directory: %m");
334
335 r = loop_device_make_by_path(image->path, O_RDONLY, &d);
336 if (r < 0)
337 return sd_bus_error_set_errnof(error, r, "Failed to set up loop block device for %s: %m", image->path);
338
339 r = dissect_image(d->fd, NULL, 0, DISSECT_IMAGE_REQUIRE_ROOT, &m);
340 if (r == -ENOPKG)
341 return sd_bus_error_set_errnof(error, r, "Disk image %s not understood: %m", image->path);
342 if (r < 0)
343 return sd_bus_error_set_errnof(error, r, "Failed to dissect image %s: %m", image->path);
344
345 if (pipe2(pair, O_CLOEXEC) < 0)
346 return sd_bus_error_set_errnof(error, errno, "Failed to create communication pipe: %m");
347
348 child = raw_clone(SIGCHLD|CLONE_NEWNS);
349 if (child < 0)
350 return sd_bus_error_set_errnof(error, errno, "Failed to fork(): %m");
351
352 if (child == 0) {
353 int fd;
354
355 pair[0] = safe_close(pair[0]);
356
357 /* Make sure we never propagate to the host */
358 if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
359 _exit(EXIT_FAILURE);
360
361 r = dissected_image_mount(m, t, DISSECT_IMAGE_READ_ONLY);
362 if (r < 0)
363 _exit(EXIT_FAILURE);
364
365 r = mount_move_root(t);
366 if (r < 0)
367 _exit(EXIT_FAILURE);
368
369 fd = open("/etc/os-release", O_RDONLY|O_CLOEXEC|O_NOCTTY);
370 if (fd < 0 && errno == ENOENT) {
371 fd = open("/usr/lib/os-release", O_RDONLY|O_CLOEXEC|O_NOCTTY);
372 if (fd < 0 && errno == ENOENT)
373 _exit(EXIT_NOT_FOUND);
374 }
375 if (fd < 0)
376 _exit(EXIT_FAILURE);
377
378 r = copy_bytes(fd, pair[1], (uint64_t) -1, 0);
379 if (r < 0)
380 _exit(EXIT_FAILURE);
381
382 _exit(EXIT_SUCCESS);
383 }
384
385 pair[1] = safe_close(pair[1]);
386
387 f = fdopen(pair[0], "re");
388 if (!f)
389 return -errno;
390
391 pair[0] = -1;
392
393 r = load_env_file_pairs(f, "os-release", NULL, &v);
394 if (r < 0)
395 return r;
396
397 r = wait_for_terminate(child, &si);
398 if (r < 0)
399 return sd_bus_error_set_errnof(error, r, "Failed to wait for child: %m");
400 child = 0;
401 if (si.si_code == CLD_EXITED && si.si_status == EXIT_NOT_FOUND)
402 return sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "Image does not contain OS release information");
403 if (si.si_code != CLD_EXITED || si.si_status != EXIT_SUCCESS)
404 return sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "Child died abnormally.");
405
406 *ret = v;
407 v = NULL;
408
409 return 0;
410 }
411
412 int bus_image_method_get_os_release(
413 sd_bus_message *message,
414 void *userdata,
415 sd_bus_error *error) {
416
417 _cleanup_release_lock_file_ LockFile tree_global_lock = LOCK_FILE_INIT, tree_local_lock = LOCK_FILE_INIT;
418 _cleanup_strv_free_ char **v = NULL;
419 Image *image = userdata;
420 int r;
421
422 r = image_path_lock(image->path, LOCK_SH|LOCK_NB, &tree_global_lock, &tree_local_lock);
423 if (r < 0)
424 return sd_bus_error_set_errnof(error, r, "Failed to lock image: %m");
425
426 switch (image->type) {
427
428 case IMAGE_DIRECTORY:
429 case IMAGE_SUBVOLUME:
430 r = directory_image_get_os_release(image, &v, error);
431 break;
432
433 case IMAGE_RAW:
434 case IMAGE_BLOCK:
435 r = raw_image_get_os_release(image, &v, error);
436 break;
437
438 default:
439 assert_not_reached("Unknown image type");
440 }
441 if (r < 0)
442 return r;
443
444 return bus_reply_pair_array(message, v);
445 }
446
447 const sd_bus_vtable image_vtable[] = {
448 SD_BUS_VTABLE_START(0),
449 SD_BUS_PROPERTY("Name", "s", NULL, offsetof(Image, name), 0),
450 SD_BUS_PROPERTY("Path", "s", NULL, offsetof(Image, path), 0),
451 SD_BUS_PROPERTY("Type", "s", property_get_type, offsetof(Image, type), 0),
452 SD_BUS_PROPERTY("ReadOnly", "b", bus_property_get_bool, offsetof(Image, read_only), 0),
453 SD_BUS_PROPERTY("CreationTimestamp", "t", NULL, offsetof(Image, crtime), 0),
454 SD_BUS_PROPERTY("ModificationTimestamp", "t", NULL, offsetof(Image, mtime), 0),
455 SD_BUS_PROPERTY("Usage", "t", NULL, offsetof(Image, usage), 0),
456 SD_BUS_PROPERTY("Limit", "t", NULL, offsetof(Image, limit), 0),
457 SD_BUS_PROPERTY("UsageExclusive", "t", NULL, offsetof(Image, usage_exclusive), 0),
458 SD_BUS_PROPERTY("LimitExclusive", "t", NULL, offsetof(Image, limit_exclusive), 0),
459 SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, SD_BUS_VTABLE_UNPRIVILEGED),
460 SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, SD_BUS_VTABLE_UNPRIVILEGED),
461 SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, SD_BUS_VTABLE_UNPRIVILEGED),
462 SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, SD_BUS_VTABLE_UNPRIVILEGED),
463 SD_BUS_METHOD("SetLimit", "t", NULL, bus_image_method_set_limit, SD_BUS_VTABLE_UNPRIVILEGED),
464 SD_BUS_METHOD("GetOSRelease", NULL, "a{ss}", bus_image_method_get_os_release, SD_BUS_VTABLE_UNPRIVILEGED),
465 SD_BUS_VTABLE_END
466 };
467
468 static int image_flush_cache(sd_event_source *s, void *userdata) {
469 Manager *m = userdata;
470 Image *i;
471
472 assert(s);
473 assert(m);
474
475 while ((i = hashmap_steal_first(m->image_cache)))
476 image_unref(i);
477
478 return 0;
479 }
480
481 int image_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
482 _cleanup_free_ char *e = NULL;
483 Manager *m = userdata;
484 Image *image = NULL;
485 const char *p;
486 int r;
487
488 assert(bus);
489 assert(path);
490 assert(interface);
491 assert(found);
492
493 p = startswith(path, "/org/freedesktop/machine1/image/");
494 if (!p)
495 return 0;
496
497 e = bus_label_unescape(p);
498 if (!e)
499 return -ENOMEM;
500
501 image = hashmap_get(m->image_cache, e);
502 if (image) {
503 *found = image;
504 return 1;
505 }
506
507 r = hashmap_ensure_allocated(&m->image_cache, &string_hash_ops);
508 if (r < 0)
509 return r;
510
511 if (!m->image_cache_defer_event) {
512 r = sd_event_add_defer(m->event, &m->image_cache_defer_event, image_flush_cache, m);
513 if (r < 0)
514 return r;
515
516 r = sd_event_source_set_priority(m->image_cache_defer_event, SD_EVENT_PRIORITY_IDLE);
517 if (r < 0)
518 return r;
519 }
520
521 r = sd_event_source_set_enabled(m->image_cache_defer_event, SD_EVENT_ONESHOT);
522 if (r < 0)
523 return r;
524
525 r = image_find(e, &image);
526 if (r <= 0)
527 return r;
528
529 image->userdata = m;
530
531 r = hashmap_put(m->image_cache, image->name, image);
532 if (r < 0) {
533 image_unref(image);
534 return r;
535 }
536
537 *found = image;
538 return 1;
539 }
540
541 char *image_bus_path(const char *name) {
542 _cleanup_free_ char *e = NULL;
543
544 assert(name);
545
546 e = bus_label_escape(name);
547 if (!e)
548 return NULL;
549
550 return strappend("/org/freedesktop/machine1/image/", e);
551 }
552
553 int image_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
554 _cleanup_(image_hashmap_freep) Hashmap *images = NULL;
555 _cleanup_strv_free_ char **l = NULL;
556 Image *image;
557 Iterator i;
558 int r;
559
560 assert(bus);
561 assert(path);
562 assert(nodes);
563
564 images = hashmap_new(&string_hash_ops);
565 if (!images)
566 return -ENOMEM;
567
568 r = image_discover(images);
569 if (r < 0)
570 return r;
571
572 HASHMAP_FOREACH(image, images, i) {
573 char *p;
574
575 p = image_bus_path(image->name);
576 if (!p)
577 return -ENOMEM;
578
579 r = strv_consume(&l, p);
580 if (r < 0)
581 return r;
582 }
583
584 *nodes = l;
585 l = NULL;
586
587 return 1;
588 }
Unnamed repository; edit this file 'description' to name the repository.