1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include <linux/loop.h>
5 #include "sd-messages.h"
7 #include "bus-common-errors.h"
9 #include "bus-locator.h"
11 #include "conf-files.h"
13 #include "data-fd-util.h"
14 #include "constants.h"
15 #include "dirent-util.h"
16 #include "discover-image.h"
17 #include "dissect-image.h"
20 #include "errno-list.h"
22 #include "extension-util.h"
27 #include "iovec-util.h"
28 #include "locale-util.h"
29 #include "loop-util.h"
31 #include "nulstr-util.h"
33 #include "path-lookup.h"
35 #include "process-util.h"
37 #include "selinux-util.h"
39 #include "signal-util.h"
40 #include "socket-util.h"
41 #include "sort-util.h"
42 #include "string-table.h"
44 #include "tmpfile-util.h"
45 #include "user-util.h"
47 /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was
48 * dropped there by the portable service logic and b) for which image it was dropped there. */
49 #define PORTABLE_DROPIN_MARKER_BEGIN "# Drop-in created for image '"
50 #define PORTABLE_DROPIN_MARKER_END "', do not edit."
52 static bool prefix_match(const char *unit
, const char *prefix
) {
55 p
= startswith(unit
, prefix
);
59 /* Only respect prefixes followed by dash or dot or when there's a complete match */
60 return IN_SET(*p
, '-', '.', '@', 0);
63 static bool unit_match(const char *unit
, char **matches
) {
66 dot
= strrchr(unit
, '.');
70 if (!STR_IN_SET(dot
, ".service", ".socket", ".target", ".timer", ".path"))
73 /* Empty match expression means: everything */
74 if (strv_isempty(matches
))
77 /* Otherwise, at least one needs to match */
78 STRV_FOREACH(i
, matches
)
79 if (prefix_match(unit
, *i
))
85 static PortableMetadata
*portable_metadata_new(const char *name
, const char *path
, const char *selinux_label
, int fd
) {
88 m
= malloc0(offsetof(PortableMetadata
, name
) + strlen(name
) + 1);
92 /* In case of a layered attach, we want to remember which image the unit came from */
94 m
->image_path
= strdup(path
);
99 /* The metadata file might have SELinux labels, we need to carry them and reapply them */
100 if (!isempty(selinux_label
)) {
101 m
->selinux_label
= strdup(selinux_label
);
102 if (!m
->selinux_label
) {
108 strcpy(m
->name
, name
);
114 PortableMetadata
*portable_metadata_unref(PortableMetadata
*i
) {
121 free(i
->selinux_label
);
126 static int compare_metadata(PortableMetadata
*const *x
, PortableMetadata
*const *y
) {
127 return strcmp((*x
)->name
, (*y
)->name
);
130 int portable_metadata_hashmap_to_sorted_array(Hashmap
*unit_files
, PortableMetadata
***ret
) {
132 _cleanup_free_ PortableMetadata
**sorted
= NULL
;
133 PortableMetadata
*item
;
136 sorted
= new(PortableMetadata
*, hashmap_size(unit_files
));
140 HASHMAP_FOREACH(item
, unit_files
)
143 assert(k
== hashmap_size(unit_files
));
145 typesafe_qsort(sorted
, k
, compare_metadata
);
147 *ret
= TAKE_PTR(sorted
);
151 static int send_one_fd_iov_with_data_fd(
153 const struct iovec
*iov
,
157 _cleanup_close_
int data_fd
= -EBADF
;
159 assert(iov
|| iovlen
== 0);
160 assert(socket_fd
>= 0);
163 data_fd
= copy_data_fd(fd
);
167 return send_one_fd_iov(socket_fd
, data_fd
, iov
, iovlen
, 0);
170 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(portable_metadata_hash_ops
, char, string_hash_func
, string_compare_func
,
171 PortableMetadata
, portable_metadata_unref
);
173 static int extract_now(
176 const char *image_name
,
177 bool path_is_extension
,
178 bool relax_extension_release_check
,
180 PortableMetadata
**ret_os_release
,
181 Hashmap
**ret_unit_files
) {
183 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
184 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*os_release
= NULL
;
185 _cleanup_(lookup_paths_free
) LookupPaths paths
= {};
186 _cleanup_close_
int os_release_fd
= -EBADF
;
187 _cleanup_free_
char *os_release_path
= NULL
;
188 const char *os_release_id
;
191 /* Extracts the metadata from a directory tree 'where'. Extracts two kinds of information: the /etc/os-release
192 * data, and all unit files matching the specified expression. Note that this function is called in two very
193 * different but also similar contexts. When the tool gets invoked on a directory tree, we'll process it
194 * directly, and in-process, and thus can return the requested data directly, via 'ret_os_release' and
195 * 'ret_unit_files'. However, if the tool is invoked on a raw disk image — which needs to be mounted first — we
196 * are invoked in a child process with private mounts and then need to send the collected data to our
197 * parent. To handle both cases in one call this function also gets a 'socket_fd' parameter, which when >= 0 is
198 * used to send the data to the parent. */
202 /* First, find os-release/extension-release and send it upstream (or just save it). */
203 if (path_is_extension
) {
204 ImageClass
class = IMAGE_SYSEXT
;
206 r
= open_extension_release(where
, IMAGE_SYSEXT
, image_name
, relax_extension_release_check
, &os_release_path
, &os_release_fd
);
208 r
= open_extension_release(where
, IMAGE_CONFEXT
, image_name
, relax_extension_release_check
, &os_release_path
, &os_release_fd
);
210 class = IMAGE_CONFEXT
;
213 return log_error_errno(r
, "Failed to open extension release from '%s': %m", image_name
);
215 os_release_id
= strjoina((class == IMAGE_SYSEXT
) ? "/usr/lib" : "/etc", "/extension-release.d/extension-release.", image_name
);
217 os_release_id
= "/etc/os-release";
218 r
= open_os_release(where
, &os_release_path
, &os_release_fd
);
222 "Couldn't acquire %s file, ignoring: %m",
223 path_is_extension
? "extension-release " : "os-release");
225 if (socket_fd
>= 0) {
226 struct iovec iov
[] = {
227 IOVEC_MAKE_STRING(os_release_id
),
228 IOVEC_MAKE((char *)"\0", sizeof(char)),
231 r
= send_one_fd_iov_with_data_fd(socket_fd
, iov
, ELEMENTSOF(iov
), os_release_fd
);
233 return log_debug_errno(r
, "Failed to send os-release file: %m");
236 if (ret_os_release
) {
237 os_release
= portable_metadata_new(os_release_id
, NULL
, NULL
, os_release_fd
);
241 os_release_fd
= -EBADF
;
242 os_release
->source
= TAKE_PTR(os_release_path
);
246 /* Then, send unit file data to the parent (or/and add it to the hashmap). For that we use our usual unit
247 * discovery logic. Note that we force looking inside of /lib/systemd/system/ for units too, as the
248 * image might have a legacy split-usr layout. */
249 r
= lookup_paths_init(&paths
, RUNTIME_SCOPE_SYSTEM
, LOOKUP_PATHS_SPLIT_USR
, where
);
251 return log_debug_errno(r
, "Failed to acquire lookup paths: %m");
253 unit_files
= hashmap_new(&portable_metadata_hash_ops
);
257 STRV_FOREACH(i
, paths
.search_path
) {
258 _cleanup_free_
char *resolved
= NULL
;
259 _cleanup_closedir_
DIR *d
= NULL
;
261 r
= chase_and_opendir(*i
, where
, 0, &resolved
, &d
);
263 log_debug_errno(r
, "Failed to open unit path '%s', ignoring: %m", *i
);
267 FOREACH_DIRENT(de
, d
, return log_debug_errno(errno
, "Failed to read directory: %m")) {
268 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*m
= NULL
;
269 _cleanup_(mac_selinux_freep
) char *con
= NULL
;
270 _cleanup_close_
int fd
= -EBADF
;
273 if (!unit_name_is_valid(de
->d_name
, UNIT_NAME_ANY
))
276 if (!unit_match(de
->d_name
, matches
))
279 /* Filter out duplicates */
280 if (hashmap_get(unit_files
, de
->d_name
))
283 if (!IN_SET(de
->d_type
, DT_LNK
, DT_REG
))
286 fd
= openat(dirfd(d
), de
->d_name
, O_CLOEXEC
|O_RDONLY
);
288 log_debug_errno(errno
, "Failed to open unit file '%s', ignoring: %m", de
->d_name
);
292 /* Reject empty files, just in case */
293 if (fstat(fd
, &st
) < 0) {
294 log_debug_errno(errno
, "Failed to stat unit file '%s', ignoring: %m", de
->d_name
);
298 if (st
.st_size
<= 0) {
299 log_debug("Unit file '%s' is empty, ignoring.", de
->d_name
);
304 /* The units will be copied on the host's filesystem, so if they had a SELinux label
305 * we have to preserve it. Copy it out so that it can be applied later. */
307 r
= fgetfilecon_raw(fd
, &con
);
308 if (r
< 0 && !ERRNO_IS_XATTR_ABSENT(errno
))
309 log_debug_errno(errno
, "Failed to get SELinux file context from '%s', ignoring: %m", de
->d_name
);
312 if (socket_fd
>= 0) {
313 struct iovec iov
[] = {
314 IOVEC_MAKE_STRING(de
->d_name
),
315 IOVEC_MAKE((char *)"\0", sizeof(char)),
316 IOVEC_MAKE_STRING(strempty(con
)),
319 r
= send_one_fd_iov_with_data_fd(socket_fd
, iov
, ELEMENTSOF(iov
), fd
);
321 return log_debug_errno(r
, "Failed to send unit metadata to parent: %m");
324 m
= portable_metadata_new(de
->d_name
, where
, con
, fd
);
329 m
->source
= path_join(resolved
, de
->d_name
);
333 r
= hashmap_put(unit_files
, m
->name
, m
);
335 return log_debug_errno(r
, "Failed to add unit to hashmap: %m");
341 *ret_os_release
= TAKE_PTR(os_release
);
343 *ret_unit_files
= TAKE_PTR(unit_files
);
348 static int portable_extract_by_path(
350 bool path_is_extension
,
351 bool relax_extension_release_check
,
353 const ImagePolicy
*image_policy
,
354 PortableMetadata
**ret_os_release
,
355 Hashmap
**ret_unit_files
,
356 sd_bus_error
*error
) {
358 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
359 _cleanup_(portable_metadata_unrefp
) PortableMetadata
* os_release
= NULL
;
360 _cleanup_(loop_device_unrefp
) LoopDevice
*d
= NULL
;
365 r
= loop_device_make_by_path(path
, O_RDONLY
, /* sector_size= */ UINT32_MAX
, LO_FLAGS_PARTSCAN
, LOCK_SH
, &d
);
367 _cleanup_free_
char *image_name
= NULL
;
369 /* We can't turn this into a loop-back block device, and this returns EISDIR? Then this is a directory
370 * tree and not a raw device. It's easy then. */
372 r
= path_extract_filename(path
, &image_name
);
374 return log_error_errno(r
, "Failed to extract image name from path '%s': %m", path
);
376 r
= extract_now(path
, matches
, image_name
, path_is_extension
, /* relax_extension_release_check= */ false, -1, &os_release
, &unit_files
);
381 return log_debug_errno(r
, "Failed to set up loopback device for %s: %m", path
);
383 _cleanup_(dissected_image_unrefp
) DissectedImage
*m
= NULL
;
384 _cleanup_(rmdir_and_freep
) char *tmpdir
= NULL
;
385 _cleanup_close_pair_
int seq
[2] = EBADF_PAIR
;
386 _cleanup_(sigkill_waitp
) pid_t child
= 0;
388 /* We now have a loopback block device, let's fork off a child in its own mount namespace, mount it
389 * there, and extract the metadata we need. The metadata is sent from the child back to us. */
391 BLOCK_SIGNALS(SIGCHLD
);
393 r
= mkdtemp_malloc("/tmp/inspect-XXXXXX", &tmpdir
);
395 return log_debug_errno(r
, "Failed to create temporary directory: %m");
397 r
= dissect_loop_device(
400 /* mount_options= */ NULL
,
402 DISSECT_IMAGE_READ_ONLY
|
403 DISSECT_IMAGE_GENERIC_ROOT
|
404 DISSECT_IMAGE_REQUIRE_ROOT
|
405 DISSECT_IMAGE_DISCARD_ON_LOOP
|
406 DISSECT_IMAGE_RELAX_VAR_CHECK
|
407 DISSECT_IMAGE_USR_NO_ROOT
|
408 DISSECT_IMAGE_ADD_PARTITION_DEVICES
|
409 DISSECT_IMAGE_PIN_PARTITION_DEVICES
,
412 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Couldn't identify a suitable partition table or file system in '%s'.", path
);
413 else if (r
== -EADDRNOTAVAIL
)
414 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "No root partition for specified root hash found in '%s'.", path
);
415 else if (r
== -ENOTUNIQ
)
416 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Multiple suitable root partitions found in image '%s'.", path
);
417 else if (r
== -ENXIO
)
418 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "No suitable root partition found in image '%s'.", path
);
419 else if (r
== -EPROTONOSUPPORT
)
420 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Device '%s' is loopback block device with partition scanning turned off, please turn it on.", path
);
424 if (socketpair(AF_UNIX
, SOCK_SEQPACKET
|SOCK_CLOEXEC
, 0, seq
) < 0)
425 return log_debug_errno(errno
, "Failed to allocated SOCK_SEQPACKET socket: %m");
427 r
= safe_fork("(sd-dissect)", FORK_RESET_SIGNALS
|FORK_DEATHSIG_SIGTERM
|FORK_NEW_MOUNTNS
|FORK_MOUNTNS_SLAVE
|FORK_LOG
, &child
);
431 DissectImageFlags flags
= DISSECT_IMAGE_READ_ONLY
;
433 seq
[0] = safe_close(seq
[0]);
435 if (path_is_extension
)
436 flags
|= DISSECT_IMAGE_VALIDATE_OS_EXT
| (relax_extension_release_check
? DISSECT_IMAGE_RELAX_EXTENSION_CHECK
: 0);
438 flags
|= DISSECT_IMAGE_VALIDATE_OS
;
440 r
= dissected_image_mount(
443 /* uid_shift= */ UID_INVALID
,
444 /* uid_range= */ UID_INVALID
,
445 /* userns_fd= */ -EBADF
,
448 log_debug_errno(r
, "Failed to mount dissected image: %m");
452 r
= extract_now(tmpdir
, matches
, m
->image_name
, path_is_extension
, relax_extension_release_check
, seq
[1], NULL
, NULL
);
455 _exit(r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
);
458 seq
[1] = safe_close(seq
[1]);
460 unit_files
= hashmap_new(&portable_metadata_hash_ops
);
465 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*add
= NULL
;
466 _cleanup_close_
int fd
= -EBADF
;
467 /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
468 * according to suggestions from the SELinux people this will change and it will probably be
469 * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
471 char iov_buffer
[PATH_MAX
+ NAME_MAX
+ 2];
472 struct iovec iov
= IOVEC_MAKE(iov_buffer
, sizeof(iov_buffer
));
474 ssize_t n
= receive_one_fd_iov(seq
[0], &iov
, 1, 0, &fd
);
478 return log_debug_errno(n
, "Failed to receive item: %m");
481 /* We can't really distinguish a zero-length datagram without any fds from EOF (both are signalled the
482 * same way by recvmsg()). Hence, accept either as end notification. */
483 if (isempty(iov_buffer
) && fd
< 0)
486 if (isempty(iov_buffer
) || fd
< 0)
487 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL
),
488 "Invalid item sent from child.");
490 /* Given recvmsg cannot be used with multiple io vectors if you don't know the size in advance,
491 * use a marker to separate the name and the optional SELinux context. */
492 char *selinux_label
= memchr(iov_buffer
, 0, n
);
493 assert(selinux_label
);
496 add
= portable_metadata_new(iov_buffer
, path
, selinux_label
, fd
);
501 /* Note that we do not initialize 'add->source' here, as the source path is not usable here as
502 * it refers to a path only valid in the short-living namespaced child process we forked
505 if (PORTABLE_METADATA_IS_UNIT(add
)) {
506 r
= hashmap_put(unit_files
, add
->name
, add
);
508 return log_debug_errno(r
, "Failed to add item to unit file list: %m");
512 } else if (PORTABLE_METADATA_IS_OS_RELEASE(add
) || PORTABLE_METADATA_IS_EXTENSION_RELEASE(add
)) {
515 os_release
= TAKE_PTR(add
);
517 assert_not_reached();
520 r
= wait_for_terminate_and_check("(sd-dissect)", child
, 0);
527 return sd_bus_error_setf(error
,
528 SD_BUS_ERROR_INVALID_ARGS
,
529 "Image '%s' lacks %s data, refusing.",
531 path_is_extension
? "extension-release" : "os-release");
534 *ret_unit_files
= TAKE_PTR(unit_files
);
537 *ret_os_release
= TAKE_PTR(os_release
);
542 static int extract_image_and_extensions(
543 const char *name_or_path
,
545 char **extension_image_paths
,
546 bool validate_extension
,
547 bool relax_extension_release_check
,
548 const ImagePolicy
*image_policy
,
550 OrderedHashmap
**ret_extension_images
,
551 OrderedHashmap
**ret_extension_releases
,
552 PortableMetadata
**ret_os_release
,
553 Hashmap
**ret_unit_files
,
554 char ***ret_valid_prefixes
,
555 sd_bus_error
*error
) {
557 _cleanup_free_
char *id
= NULL
, *version_id
= NULL
, *sysext_level
= NULL
, *confext_level
= NULL
;
558 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*os_release
= NULL
;
559 _cleanup_ordered_hashmap_free_ OrderedHashmap
*extension_images
= NULL
, *extension_releases
= NULL
;
560 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
561 _cleanup_strv_free_
char **valid_prefixes
= NULL
;
562 _cleanup_(image_unrefp
) Image
*image
= NULL
;
566 assert(name_or_path
);
568 r
= image_find_harder(IMAGE_PORTABLE
, name_or_path
, NULL
, &image
);
572 if (!strv_isempty(extension_image_paths
)) {
573 extension_images
= ordered_hashmap_new(&image_hash_ops
);
574 if (!extension_images
)
577 if (ret_extension_releases
) {
578 extension_releases
= ordered_hashmap_new(&portable_metadata_hash_ops
);
579 if (!extension_releases
)
583 STRV_FOREACH(p
, extension_image_paths
) {
584 _cleanup_(image_unrefp
) Image
*new = NULL
;
586 r
= image_find_harder(IMAGE_PORTABLE
, *p
, NULL
, &new);
590 r
= ordered_hashmap_put(extension_images
, new->name
, new);
597 r
= portable_extract_by_path(
599 /* path_is_extension= */ false,
600 /* relax_extension_release_check= */ false,
609 /* If we are layering extension images on top of a runtime image, check that the os-release and
610 * extension-release metadata match, otherwise reject it immediately as invalid, or it will fail when
611 * the units are started. Also, collect valid portable prefixes if caller requested that. */
612 if (validate_extension
|| ret_valid_prefixes
) {
613 _cleanup_free_
char *prefixes
= NULL
;
615 r
= parse_env_file_fd(os_release
->fd
, os_release
->name
,
617 "VERSION_ID", &version_id
,
618 "SYSEXT_LEVEL", &sysext_level
,
619 "CONFEXT_LEVEL", &confext_level
,
620 "PORTABLE_PREFIXES", &prefixes
);
624 return sd_bus_error_set_errnof(error
, SYNTHETIC_ERRNO(ESTALE
), "Image %s os-release metadata lacks the ID field", name_or_path
);
627 valid_prefixes
= strv_split(prefixes
, WHITESPACE
);
633 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
634 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*extension_release_meta
= NULL
;
635 _cleanup_hashmap_free_ Hashmap
*extra_unit_files
= NULL
;
636 _cleanup_strv_free_
char **extension_release
= NULL
;
639 r
= portable_extract_by_path(
641 /* path_is_extension= */ true,
642 relax_extension_release_check
,
645 &extension_release_meta
,
651 r
= hashmap_move(unit_files
, extra_unit_files
);
655 if (!validate_extension
&& !ret_valid_prefixes
&& !ret_extension_releases
)
658 r
= load_env_file_pairs_fd(extension_release_meta
->fd
, extension_release_meta
->name
, &extension_release
);
662 if (validate_extension
) {
663 r
= extension_release_validate(ext
->path
, id
, version_id
, sysext_level
, "portable", extension_release
, IMAGE_SYSEXT
);
665 r
= extension_release_validate(ext
->path
, id
, version_id
, confext_level
, "portable", extension_release
, IMAGE_CONFEXT
);
668 return sd_bus_error_set_errnof(error
, SYNTHETIC_ERRNO(ESTALE
), "Image %s extension-release metadata does not match the root's", ext
->path
);
670 return sd_bus_error_set_errnof(error
, r
, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext
->path
);
673 e
= strv_env_pairs_get(extension_release
, "PORTABLE_PREFIXES");
675 _cleanup_strv_free_
char **l
= NULL
;
677 l
= strv_split(e
, WHITESPACE
);
681 r
= strv_extend_strv(&valid_prefixes
, l
, true);
686 if (ret_extension_releases
) {
687 r
= ordered_hashmap_put(extension_releases
, ext
->name
, extension_release_meta
);
690 TAKE_PTR(extension_release_meta
);
694 strv_sort(valid_prefixes
);
697 *ret_image
= TAKE_PTR(image
);
698 if (ret_extension_images
)
699 *ret_extension_images
= TAKE_PTR(extension_images
);
700 if (ret_extension_releases
)
701 *ret_extension_releases
= TAKE_PTR(extension_releases
);
703 *ret_os_release
= TAKE_PTR(os_release
);
705 *ret_unit_files
= TAKE_PTR(unit_files
);
706 if (ret_valid_prefixes
)
707 *ret_valid_prefixes
= TAKE_PTR(valid_prefixes
);
712 int portable_extract(
713 const char *name_or_path
,
715 char **extension_image_paths
,
716 const ImagePolicy
*image_policy
,
718 PortableMetadata
**ret_os_release
,
719 OrderedHashmap
**ret_extension_releases
,
720 Hashmap
**ret_unit_files
,
721 char ***ret_valid_prefixes
,
722 sd_bus_error
*error
) {
724 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*os_release
= NULL
;
725 _cleanup_ordered_hashmap_free_ OrderedHashmap
*extension_images
= NULL
, *extension_releases
= NULL
;
726 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
727 _cleanup_strv_free_
char **valid_prefixes
= NULL
;
728 _cleanup_(image_unrefp
) Image
*image
= NULL
;
731 assert(name_or_path
);
733 r
= extract_image_and_extensions(
736 extension_image_paths
,
737 /* validate_extension= */ false,
738 /* relax_extension_release_check= */ FLAGS_SET(flags
, PORTABLE_FORCE_EXTENSION
),
745 ret_valid_prefixes
? &valid_prefixes
: NULL
,
750 if (hashmap_isempty(unit_files
)) {
751 _cleanup_free_
char *extensions
= strv_join(extension_image_paths
, ", ");
755 return sd_bus_error_setf(error
,
756 SD_BUS_ERROR_INVALID_ARGS
,
757 "Couldn't find any matching unit files in image '%s%s%s', refusing.",
759 isempty(extensions
) ? "" : "' or any of its extensions '",
760 isempty(extensions
) ? "" : extensions
);
764 *ret_os_release
= TAKE_PTR(os_release
);
765 if (ret_extension_releases
)
766 *ret_extension_releases
= TAKE_PTR(extension_releases
);
768 *ret_unit_files
= TAKE_PTR(unit_files
);
769 if (ret_valid_prefixes
)
770 *ret_valid_prefixes
= TAKE_PTR(valid_prefixes
);
775 static int unit_file_is_active(
778 sd_bus_error
*error
) {
780 static const char *const active_states
[] = {
792 /* If we are looking at a plain or instance things are easy, we can just query the state */
793 if (unit_name_is_valid(name
, UNIT_NAME_PLAIN
|UNIT_NAME_INSTANCE
)) {
794 _cleanup_free_
char *path
= NULL
, *buf
= NULL
;
796 path
= unit_dbus_path_from_name(name
);
800 r
= sd_bus_get_property_string(
802 "org.freedesktop.systemd1",
804 "org.freedesktop.systemd1.Unit",
809 return log_debug_errno(r
, "Failed to retrieve unit state: %s", bus_error_message(error
, r
));
811 return strv_contains((char**) active_states
, buf
);
814 /* Otherwise we need to enumerate. But let's build the most restricted query we can */
815 if (unit_name_is_valid(name
, UNIT_NAME_TEMPLATE
)) {
816 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*m
= NULL
, *reply
= NULL
;
817 const char *at
, *prefix
, *joined
;
819 r
= bus_message_new_method_call(bus
, &m
, bus_systemd_mgr
, "ListUnitsByPatterns");
823 r
= sd_bus_message_append_strv(m
, (char**) active_states
);
827 at
= strchr(name
, '@');
830 prefix
= strndupa_safe(name
, at
+ 1 - name
);
831 joined
= strjoina(prefix
, "*", at
+ 1);
833 r
= sd_bus_message_append_strv(m
, STRV_MAKE(joined
));
837 r
= sd_bus_call(bus
, m
, 0, error
, &reply
);
839 return log_debug_errno(r
, "Failed to list units: %s", bus_error_message(error
, r
));
841 r
= sd_bus_message_enter_container(reply
, SD_BUS_TYPE_ARRAY
, "(ssssssouso)");
845 r
= sd_bus_message_enter_container(reply
, SD_BUS_TYPE_STRUCT
, "ssssssouso");
855 static int portable_changes_add(
856 PortableChange
**changes
,
858 int type_or_errno
, /* PORTABLE_COPY, PORTABLE_SYMLINK, … if positive, or errno if negative */
860 const char *source
) {
862 _cleanup_free_
char *p
= NULL
, *s
= NULL
;
867 assert(!changes
== !n_changes
);
869 if (type_or_errno
>= 0)
870 assert(type_or_errno
< _PORTABLE_CHANGE_TYPE_MAX
);
872 assert(type_or_errno
>= -ERRNO_MAX
);
877 c
= reallocarray(*changes
, *n_changes
+ 1, sizeof(PortableChange
));
882 r
= path_simplify_alloc(path
, &p
);
886 r
= path_simplify_alloc(source
, &s
);
890 c
[(*n_changes
)++] = (PortableChange
) {
891 .type_or_errno
= type_or_errno
,
893 .source
= TAKE_PTR(s
),
899 static int portable_changes_add_with_prefix(
900 PortableChange
**changes
,
905 const char *source
) {
907 _cleanup_free_
char *path_buf
= NULL
, *source_buf
= NULL
;
910 assert(!changes
== !n_changes
);
916 path_buf
= path_join(prefix
, path
);
923 source_buf
= path_join(prefix
, source
);
931 return portable_changes_add(changes
, n_changes
, type_or_errno
, path
, source
);
934 void portable_changes_free(PortableChange
*changes
, size_t n_changes
) {
937 assert(changes
|| n_changes
== 0);
939 for (i
= 0; i
< n_changes
; i
++) {
940 free(changes
[i
].path
);
941 free(changes
[i
].source
);
947 static const char *root_setting_from_image(ImageType type
) {
948 return IN_SET(type
, IMAGE_DIRECTORY
, IMAGE_SUBVOLUME
) ? "RootDirectory=" : "RootImage=";
951 static const char *extension_setting_from_image(ImageType type
) {
952 return IN_SET(type
, IMAGE_DIRECTORY
, IMAGE_SUBVOLUME
) ? "ExtensionDirectories=" : "ExtensionImages=";
955 static int make_marker_text(const char *image_path
, OrderedHashmap
*extension_images
, char **ret_text
) {
956 _cleanup_free_
char *text
= NULL
, *escaped_image_path
= NULL
;
962 escaped_image_path
= xescape(image_path
, ":");
963 if (!escaped_image_path
)
966 /* If the image is layered, include all layers in the marker as a colon-separated
967 * list of paths, so that we can do exact matches on removal. */
968 text
= strjoin(PORTABLE_DROPIN_MARKER_BEGIN
, escaped_image_path
);
972 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
973 _cleanup_free_
char *escaped
= NULL
;
975 escaped
= xescape(ext
->path
, ":");
979 if (!strextend(&text
, ":", escaped
))
983 if (!strextend(&text
, PORTABLE_DROPIN_MARKER_END
"\n"))
986 *ret_text
= TAKE_PTR(text
);
990 static int append_release_log_fields(
992 const PortableMetadata
*release
,
994 const char *field_name
) {
996 static const char *const field_versions
[_IMAGE_CLASS_MAX
][4]= {
997 [IMAGE_PORTABLE
] = { "IMAGE_VERSION", "VERSION_ID", "BUILD_ID", NULL
},
998 [IMAGE_SYSEXT
] = { "SYSEXT_IMAGE_VERSION", "SYSEXT_VERSION_ID", "SYSEXT_BUILD_ID", NULL
},
999 [IMAGE_CONFEXT
] = { "CONFEXT_IMAGE_VERSION", "CONFEXT_VERSION_ID", "CONFEXT_BUILD_ID", NULL
},
1001 static const char *const field_ids
[_IMAGE_CLASS_MAX
][3]= {
1002 [IMAGE_PORTABLE
] = { "IMAGE_ID", "ID", NULL
},
1003 [IMAGE_SYSEXT
] = { "SYSEXT_IMAGE_ID", "SYSEXT_ID", NULL
},
1004 [IMAGE_CONFEXT
] = { "CONFEXT_IMAGE_ID", "CONFEXT_ID", NULL
},
1006 _cleanup_strv_free_
char **fields
= NULL
;
1007 const char *id
= NULL
, *version
= NULL
;
1010 assert(IN_SET(type
, IMAGE_PORTABLE
, IMAGE_SYSEXT
, IMAGE_CONFEXT
));
1011 assert(!strv_isempty((char *const *)field_ids
[type
]));
1012 assert(!strv_isempty((char *const *)field_versions
[type
]));
1017 return 0; /* Nothing to do. */
1019 r
= load_env_file_pairs_fd(release
->fd
, release
->name
, &fields
);
1021 return log_debug_errno(r
, "Failed to parse '%s': %m", release
->name
);
1023 /* Find an ID first, in order of preference from more specific to less specific: IMAGE_ID -> ID */
1024 id
= strv_find_first_field((char *const *)field_ids
[type
], fields
);
1026 /* Then the version, same logic, prefer the more specific one */
1027 version
= strv_find_first_field((char *const *)field_versions
[type
], fields
);
1029 /* If there's no valid version to be found, simply omit it. */
1030 if (!id
&& !version
)
1033 if (!strextend(text
,
1038 id
&& version
? "_" : "",
1046 static int install_chroot_dropin(
1047 const char *image_path
,
1049 OrderedHashmap
*extension_images
,
1050 OrderedHashmap
*extension_releases
,
1051 const PortableMetadata
*m
,
1052 const PortableMetadata
*os_release
,
1053 const char *dropin_dir
,
1054 PortableFlags flags
,
1056 PortableChange
**changes
,
1057 size_t *n_changes
) {
1059 _cleanup_free_
char *text
= NULL
, *dropin
= NULL
;
1066 dropin
= path_join(dropin_dir
, "20-portable.conf");
1070 r
= make_marker_text(image_path
, extension_images
, &text
);
1072 return log_debug_errno(r
, "Failed to generate marker string for portable drop-in: %m");
1074 if (endswith(m
->name
, ".service")) {
1075 const char *root_type
;
1076 _cleanup_free_
char *base_name
= NULL
;
1079 root_type
= root_setting_from_image(type
);
1081 r
= path_extract_filename(m
->image_path
?: image_path
, &base_name
);
1083 return log_debug_errno(r
, "Failed to extract basename from '%s': %m", m
->image_path
?: image_path
);
1085 if (!strextend(&text
,
1088 root_type
, image_path
, "\n"
1089 "Environment=PORTABLE=", base_name
, "\n"
1090 "LogExtraFields=PORTABLE=", base_name
, "\n"))
1093 /* If we have a single image then PORTABLE= will point to it, so we add
1094 * PORTABLE_NAME_AND_VERSION= with the os-release fields and we are done. But if we have
1095 * extensions, PORTABLE= will point to the image where the current unit was found in. So we
1096 * also list PORTABLE_ROOT= and PORTABLE_ROOT_NAME_AND_VERSION= for the base image, and
1097 * PORTABLE_EXTENSION= and PORTABLE_EXTENSION_NAME_AND_VERSION= for each extension, so that
1098 * all needed metadata is available. */
1099 if (ordered_hashmap_isempty(extension_images
))
1100 r
= append_release_log_fields(&text
, os_release
, IMAGE_PORTABLE
, "PORTABLE_NAME_AND_VERSION");
1102 _cleanup_free_
char *root_base_name
= NULL
;
1104 r
= path_extract_filename(image_path
, &root_base_name
);
1106 return log_debug_errno(r
, "Failed to extract basename from '%s': %m", image_path
);
1108 if (!strextend(&text
,
1109 "Environment=PORTABLE_ROOT=", root_base_name
, "\n",
1110 "LogExtraFields=PORTABLE_ROOT=", root_base_name
, "\n"))
1113 r
= append_release_log_fields(&text
, os_release
, IMAGE_PORTABLE
, "PORTABLE_ROOT_NAME_AND_VERSION");
1118 if (m
->image_path
&& !path_equal(m
->image_path
, image_path
))
1119 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
1120 _cleanup_free_
char *extension_base_name
= NULL
;
1122 r
= path_extract_filename(ext
->path
, &extension_base_name
);
1124 return log_debug_errno(r
, "Failed to extract basename from '%s': %m", ext
->path
);
1126 if (!strextend(&text
,
1128 extension_setting_from_image(ext
->type
),
1130 /* With --force tell PID1 to avoid enforcing that the image <name> and
1131 * extension-release.<name> have to match. */
1132 !IN_SET(type
, IMAGE_DIRECTORY
, IMAGE_SUBVOLUME
) &&
1133 FLAGS_SET(flags
, PORTABLE_FORCE_EXTENSION
) ?
1134 ":x-systemd.relax-extension-release-check\n" :
1136 /* In PORTABLE= we list the 'main' image name for this unit
1137 * (the image where the unit was extracted from), but we are
1138 * stacking multiple images, so list those too. */
1139 "LogExtraFields=PORTABLE_EXTENSION=", extension_base_name
, "\n"))
1142 /* Look for image/version identifiers in the extension release files. We
1143 * look for all possible IDs, but typically only 1 or 2 will be set, so
1144 * the number of fields added shouldn't be too large. We prefix the DDI
1145 * name to the value, so that we can add the same field multiple times and
1146 * still be able to identify what applies to what. */
1147 r
= append_release_log_fields(&text
,
1148 ordered_hashmap_get(extension_releases
, ext
->name
),
1150 "PORTABLE_EXTENSION_NAME_AND_VERSION");
1154 r
= append_release_log_fields(&text
,
1155 ordered_hashmap_get(extension_releases
, ext
->name
),
1157 "PORTABLE_EXTENSION_NAME_AND_VERSION");
1163 r
= write_string_file(dropin
, text
, WRITE_STRING_FILE_CREATE
|WRITE_STRING_FILE_ATOMIC
|WRITE_STRING_FILE_SYNC
);
1165 return log_debug_errno(r
, "Failed to write '%s': %m", dropin
);
1167 (void) portable_changes_add(changes
, n_changes
, PORTABLE_WRITE
, dropin
, NULL
);
1170 *ret_dropin
= TAKE_PTR(dropin
);
1175 static int install_profile_dropin(
1176 const char *image_path
,
1177 const PortableMetadata
*m
,
1178 const char *dropin_dir
,
1179 const char *profile
,
1180 PortableFlags flags
,
1182 PortableChange
**changes
,
1183 size_t *n_changes
) {
1185 _cleanup_free_
char *dropin
= NULL
, *from
= NULL
;
1195 r
= find_portable_profile(profile
, m
->name
, &from
);
1198 return log_debug_errno(errno
, "Profile '%s' is not accessible: %m", profile
);
1200 log_debug_errno(errno
, "Skipping link to profile '%s', as it does not exist: %m", profile
);
1204 dropin
= path_join(dropin_dir
, "10-profile.conf");
1208 if (flags
& PORTABLE_PREFER_COPY
) {
1210 r
= copy_file_atomic(from
, dropin
, 0644, COPY_REFLINK
|COPY_FSYNC
);
1212 return log_debug_errno(r
, "Failed to copy %s %s %s: %m", from
, special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
), dropin
);
1214 (void) portable_changes_add(changes
, n_changes
, PORTABLE_COPY
, dropin
, from
);
1218 if (symlink(from
, dropin
) < 0)
1219 return log_debug_errno(errno
, "Failed to link %s %s %s: %m", from
, special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
), dropin
);
1221 (void) portable_changes_add(changes
, n_changes
, PORTABLE_SYMLINK
, dropin
, from
);
1225 *ret_dropin
= TAKE_PTR(dropin
);
1230 static const char *attached_path(const LookupPaths
*paths
, PortableFlags flags
) {
1235 if (flags
& PORTABLE_RUNTIME
)
1236 where
= paths
->runtime_attached
;
1238 where
= paths
->persistent_attached
;
1244 static int attach_unit_file(
1245 const LookupPaths
*paths
,
1246 const char *image_path
,
1248 OrderedHashmap
*extension_images
,
1249 OrderedHashmap
*extension_releases
,
1250 const PortableMetadata
*m
,
1251 const PortableMetadata
*os_release
,
1252 const char *profile
,
1253 PortableFlags flags
,
1254 PortableChange
**changes
,
1255 size_t *n_changes
) {
1257 _cleanup_(unlink_and_freep
) char *chroot_dropin
= NULL
, *profile_dropin
= NULL
;
1258 _cleanup_(rmdir_and_freep
) char *dropin_dir
= NULL
;
1259 _cleanup_free_
char *path
= NULL
;
1266 assert(PORTABLE_METADATA_IS_UNIT(m
));
1268 where
= attached_path(paths
, flags
);
1270 (void) mkdir_parents(where
, 0755);
1271 if (mkdir(where
, 0755) < 0) {
1272 if (errno
!= EEXIST
)
1273 return log_debug_errno(errno
, "Failed to create attach directory %s: %m", where
);
1275 (void) portable_changes_add(changes
, n_changes
, PORTABLE_MKDIR
, where
, NULL
);
1277 path
= path_join(where
, m
->name
);
1281 dropin_dir
= strjoin(path
, ".d");
1285 if (mkdir(dropin_dir
, 0755) < 0) {
1286 if (errno
!= EEXIST
)
1287 return log_debug_errno(errno
, "Failed to create drop-in directory %s: %m", dropin_dir
);
1289 (void) portable_changes_add(changes
, n_changes
, PORTABLE_MKDIR
, dropin_dir
, NULL
);
1291 /* We install the drop-ins first, and the actual unit file last to achieve somewhat atomic behaviour if PID 1
1292 * is reloaded while we are creating things here: as long as only the drop-ins exist the unit doesn't exist at
1295 r
= install_chroot_dropin(image_path
, type
, extension_images
, extension_releases
, m
, os_release
, dropin_dir
, flags
, &chroot_dropin
, changes
, n_changes
);
1299 r
= install_profile_dropin(image_path
, m
, dropin_dir
, profile
, flags
, &profile_dropin
, changes
, n_changes
);
1303 if ((flags
& PORTABLE_PREFER_SYMLINK
) && m
->source
) {
1305 if (symlink(m
->source
, path
) < 0)
1306 return log_debug_errno(errno
, "Failed to symlink unit file '%s': %m", path
);
1308 (void) portable_changes_add(changes
, n_changes
, PORTABLE_SYMLINK
, path
, m
->source
);
1311 _cleanup_(unlink_and_freep
) char *tmp
= NULL
;
1312 _cleanup_close_
int fd
= -EBADF
;
1314 (void) mac_selinux_create_file_prepare_label(path
, m
->selinux_label
);
1316 fd
= open_tmpfile_linkable(path
, O_WRONLY
|O_CLOEXEC
, &tmp
);
1317 mac_selinux_create_file_clear(); /* Clear immediately in case of errors */
1319 return log_debug_errno(fd
, "Failed to create unit file '%s': %m", path
);
1321 r
= copy_bytes(m
->fd
, fd
, UINT64_MAX
, COPY_REFLINK
);
1323 return log_debug_errno(r
, "Failed to copy unit file '%s': %m", path
);
1325 if (fchmod(fd
, 0644) < 0)
1326 return log_debug_errno(errno
, "Failed to change unit file access mode for '%s': %m", path
);
1328 r
= link_tmpfile(fd
, tmp
, path
, LINK_TMPFILE_SYNC
);
1330 return log_debug_errno(r
, "Failed to install unit file '%s': %m", path
);
1334 (void) portable_changes_add(changes
, n_changes
, PORTABLE_COPY
, path
, m
->source
);
1337 /* All is established now, now let's disable any rollbacks */
1338 chroot_dropin
= mfree(chroot_dropin
);
1339 profile_dropin
= mfree(profile_dropin
);
1340 dropin_dir
= mfree(dropin_dir
);
1345 static int image_target_path(
1346 const char *image_path
,
1347 PortableFlags flags
,
1350 const char *fn
, *where
;
1351 char *joined
= NULL
;
1356 fn
= last_path_component(image_path
);
1358 if (flags
& PORTABLE_RUNTIME
)
1359 where
= "/run/portables/";
1361 where
= "/etc/portables/";
1363 joined
= strjoin(where
, fn
);
1371 static int install_image(
1372 const char *image_path
,
1373 PortableFlags flags
,
1374 PortableChange
**changes
,
1375 size_t *n_changes
) {
1377 _cleanup_free_
char *target
= NULL
;
1382 /* If the image is outside of the image search also link it into it, so that it can be found with
1383 * short image names and is listed among the images. If we are operating in mixed mode, the image is
1384 * copied instead. */
1386 if (image_in_search_path(IMAGE_PORTABLE
, NULL
, image_path
))
1389 r
= image_target_path(image_path
, flags
, &target
);
1391 return log_debug_errno(r
, "Failed to generate image symlink path: %m");
1393 (void) mkdir_parents(target
, 0755);
1395 if (flags
& PORTABLE_MIXED_COPY_LINK
) {
1396 r
= copy_tree(image_path
,
1400 COPY_REFLINK
| COPY_FSYNC
| COPY_FSYNC_FULL
| COPY_SYNCFS
,
1401 /* denylist= */ NULL
,
1402 /* subvolumes= */ NULL
);
1404 return log_debug_errno(
1406 "Failed to copy %s %s %s: %m",
1408 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
),
1412 if (symlink(image_path
, target
) < 0)
1413 return log_debug_errno(
1415 "Failed to link %s %s %s: %m",
1417 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
),
1421 (void) portable_changes_add(
1424 (flags
& PORTABLE_MIXED_COPY_LINK
) ? PORTABLE_COPY
: PORTABLE_SYMLINK
,
1430 static int install_image_and_extensions(
1432 OrderedHashmap
*extension_images
,
1433 PortableFlags flags
,
1434 PortableChange
**changes
,
1435 size_t *n_changes
) {
1442 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
1443 r
= install_image(ext
->path
, flags
, changes
, n_changes
);
1448 r
= install_image(image
->path
, flags
, changes
, n_changes
);
1455 static bool prefix_matches_compatible(char **matches
, char **valid_prefixes
) {
1456 /* Checks if all 'matches' are included in the list of 'valid_prefixes' */
1458 STRV_FOREACH(m
, matches
)
1459 if (!strv_contains(valid_prefixes
, *m
))
1465 static void log_portable_verb(
1467 const char *message_id
,
1468 const char *image_path
,
1469 OrderedHashmap
*extension_images
,
1470 char **extension_image_paths
,
1471 PortableFlags flags
) {
1473 _cleanup_free_
char *root_base_name
= NULL
, *extensions_joined
= NULL
;
1474 _cleanup_strv_free_
char **extension_base_names
= NULL
;
1481 assert(!extension_images
|| !extension_image_paths
);
1483 /* Use the same structured metadata as it is attached to units via LogExtraFields=. The main image
1484 * is logged as PORTABLE_ROOT= and extensions, if any, as individual PORTABLE_EXTENSION= fields. */
1486 r
= path_extract_filename(image_path
, &root_base_name
);
1488 log_debug_errno(r
, "Failed to extract basename from '%s', ignoring: %m", image_path
);
1490 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
1491 _cleanup_free_
char *extension_base_name
= NULL
;
1493 r
= path_extract_filename(ext
->path
, &extension_base_name
);
1495 log_debug_errno(r
, "Failed to extract basename from '%s', ignoring: %m", ext
->path
);
1499 r
= strv_extendf(&extension_base_names
, "PORTABLE_EXTENSION=%s", extension_base_name
);
1503 if (!strextend_with_separator(&extensions_joined
, ", ", ext
->path
))
1507 STRV_FOREACH(e
, extension_image_paths
) {
1508 _cleanup_free_
char *extension_base_name
= NULL
;
1510 r
= path_extract_filename(*e
, &extension_base_name
);
1512 log_debug_errno(r
, "Failed to extract basename from '%s', ignoring: %m", *e
);
1516 r
= strv_extendf(&extension_base_names
, "PORTABLE_EXTENSION=%s", extension_base_name
);
1520 if (!strextend_with_separator(&extensions_joined
, ", ", *e
))
1524 LOG_CONTEXT_PUSH_STRV(extension_base_names
);
1526 log_struct(LOG_INFO
,
1527 LOG_MESSAGE("Successfully %s%s '%s%s%s'",
1529 FLAGS_SET(flags
, PORTABLE_RUNTIME
) ? " ephemeral" : "",
1531 isempty(extensions_joined
) ? "" : "' and its extension(s) '",
1532 strempty(extensions_joined
)),
1534 "PORTABLE_ROOT=%s", strna(root_base_name
));
1537 int portable_attach(
1539 const char *name_or_path
,
1541 const char *profile
,
1542 char **extension_image_paths
,
1543 const ImagePolicy
*image_policy
,
1544 PortableFlags flags
,
1545 PortableChange
**changes
,
1547 sd_bus_error
*error
) {
1549 _cleanup_ordered_hashmap_free_ OrderedHashmap
*extension_images
= NULL
, *extension_releases
= NULL
;
1550 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*os_release
= NULL
;
1551 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
1552 _cleanup_(lookup_paths_free
) LookupPaths paths
= {};
1553 _cleanup_strv_free_
char **valid_prefixes
= NULL
;
1554 _cleanup_(image_unrefp
) Image
*image
= NULL
;
1555 PortableMetadata
*item
;
1558 r
= extract_image_and_extensions(
1561 extension_image_paths
,
1562 /* validate_extension= */ true,
1563 /* relax_extension_release_check= */ FLAGS_SET(flags
, PORTABLE_FORCE_EXTENSION
),
1567 &extension_releases
,
1575 if (valid_prefixes
&& !prefix_matches_compatible(matches
, valid_prefixes
)) {
1576 _cleanup_free_
char *matches_joined
= NULL
, *extensions_joined
= NULL
, *valid_prefixes_joined
= NULL
;
1578 matches_joined
= strv_join(matches
, "', '");
1579 if (!matches_joined
)
1582 extensions_joined
= strv_join(extension_image_paths
, ", ");
1583 if (!extensions_joined
)
1586 valid_prefixes_joined
= strv_join(valid_prefixes
, ", ");
1587 if (!valid_prefixes_joined
)
1590 return sd_bus_error_setf(
1592 SD_BUS_ERROR_INVALID_ARGS
,
1593 "Selected matches '%s' are not compatible with portable service image '%s%s%s', refusing. (Acceptable prefix matches are: %s)",
1596 isempty(extensions_joined
) ? "" : "' or any of its extensions '",
1597 strempty(extensions_joined
),
1598 valid_prefixes_joined
);
1601 if (hashmap_isempty(unit_files
)) {
1602 _cleanup_free_
char *extensions_joined
= strv_join(extension_image_paths
, ", ");
1603 if (!extensions_joined
)
1606 return sd_bus_error_setf(
1608 SD_BUS_ERROR_INVALID_ARGS
,
1609 "Couldn't find any matching unit files in image '%s%s%s', refusing.",
1611 isempty(extensions_joined
) ? "" : "' or any of its extensions '",
1612 strempty(extensions_joined
));
1615 r
= lookup_paths_init(&paths
, RUNTIME_SCOPE_SYSTEM
, /* flags= */ 0, NULL
);
1619 if (!FLAGS_SET(flags
, PORTABLE_REATTACH
) && !FLAGS_SET(flags
, PORTABLE_FORCE_ATTACH
))
1620 HASHMAP_FOREACH(item
, unit_files
) {
1621 r
= unit_file_exists(RUNTIME_SCOPE_SYSTEM
, &paths
, item
->name
);
1623 return sd_bus_error_set_errnof(error
, r
, "Failed to determine whether unit '%s' exists on the host: %m", item
->name
);
1625 return sd_bus_error_setf(error
, BUS_ERROR_UNIT_EXISTS
, "Unit file '%s' exists on the host already, refusing.", item
->name
);
1627 r
= unit_file_is_active(bus
, item
->name
, error
);
1631 return sd_bus_error_setf(error
, BUS_ERROR_UNIT_EXISTS
, "Unit file '%s' is active already, refusing.", item
->name
);
1634 HASHMAP_FOREACH(item
, unit_files
) {
1635 r
= attach_unit_file(&paths
, image
->path
, image
->type
, extension_images
, extension_releases
,
1636 item
, os_release
, profile
, flags
, changes
, n_changes
);
1638 return sd_bus_error_set_errnof(error
, r
, "Failed to attach unit '%s': %m", item
->name
);
1641 /* We don't care too much for the image symlink/copy, it's just a convenience thing, it's not necessary for
1642 * proper operation otherwise. */
1643 (void) install_image_and_extensions(image
, extension_images
, flags
, changes
, n_changes
);
1647 "MESSAGE_ID=" SD_MESSAGE_PORTABLE_ATTACHED_STR
,
1650 /* extension_image_paths= */ NULL
,
1656 static bool marker_matches_images(const char *marker
, const char *name_or_path
, char **extension_image_paths
) {
1657 _cleanup_strv_free_
char **root_and_extensions
= NULL
;
1662 assert(name_or_path
);
1664 /* If extensions were used when attaching, the marker will be a colon-separated
1665 * list of images/paths. We enforce strict 1:1 matching, so that we are sure
1666 * we are detaching exactly what was attached.
1667 * For each image, starting with the root, we look for a token in the marker,
1668 * and return a negative answer on any non-matching combination. */
1670 root_and_extensions
= strv_new(name_or_path
);
1671 if (!root_and_extensions
)
1674 r
= strv_extend_strv(&root_and_extensions
, extension_image_paths
, false);
1678 STRV_FOREACH(image_name_or_path
, root_and_extensions
) {
1679 _cleanup_free_
char *image
= NULL
;
1681 r
= extract_first_word(&marker
, &image
, ":", EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
1683 return log_debug_errno(r
, "Failed to parse marker: %s", marker
);
1687 a
= last_path_component(image
);
1689 if (image_name_is_valid(*image_name_or_path
)) {
1690 const char *e
, *underscore
;
1692 /* We shall match against an image name. In that case let's compare the last component, and optionally
1693 * allow either a suffix of ".raw" or a series of "/".
1694 * But allow matching on a different version of the same image, when a "_" is used as a separator. */
1695 underscore
= strchr(*image_name_or_path
, '_');
1697 if (strneq(a
, *image_name_or_path
, underscore
- *image_name_or_path
))
1702 e
= startswith(a
, *image_name_or_path
);
1706 if(!(e
[strspn(e
, "/")] == 0 || streq(e
, ".raw")))
1709 const char *b
, *underscore
;
1712 /* We shall match against a path. Let's ignore any prefix here though, as often there are many ways to
1713 * reach the same file. However, in this mode, let's validate any file suffix.
1714 * But also ensure that we don't fail if both components don't have a '/' at all
1715 * (strcspn returns the full length of the string in that case, which might not
1716 * match as the versions might differ). */
1718 l
= strcspn(a
, "/");
1719 b
= last_path_component(*image_name_or_path
);
1721 if ((a
[l
] != '/') != !strchr(b
, '/')) /* One is a directory, the other is not */
1724 if (a
[l
] != 0 && strcspn(b
, "/") != l
)
1727 underscore
= strchr(b
, '_');
1730 else { /* Either component could be versioned */
1731 underscore
= strchr(a
, '_');
1736 if (!strneq(a
, b
, l
))
1744 static int test_chroot_dropin(
1748 const char *name_or_path
,
1749 char **extension_image_paths
,
1750 char **ret_marker
) {
1752 _cleanup_free_
char *line
= NULL
, *marker
= NULL
;
1753 _cleanup_fclose_
FILE *f
= NULL
;
1754 _cleanup_close_
int fd
= -EBADF
;
1755 const char *p
, *e
, *k
;
1762 /* We recognize unis created from portable images via the drop-in we created for them */
1764 p
= strjoina(fname
, ".d/20-portable.conf");
1765 fd
= openat(dirfd(d
), p
, O_RDONLY
|O_CLOEXEC
);
1767 if (errno
== ENOENT
)
1770 return log_debug_errno(errno
, "Failed to open %s/%s: %m", where
, p
);
1773 r
= take_fdopen_unlocked(&fd
, "r", &f
);
1775 return log_debug_errno(r
, "Failed to convert file handle: %m");
1777 r
= read_line(f
, LONG_LINE_MAX
, &line
);
1779 return log_debug_errno(r
, "Failed to read from %s/%s: %m", where
, p
);
1781 e
= startswith(line
, PORTABLE_DROPIN_MARKER_BEGIN
);
1785 k
= endswith(e
, PORTABLE_DROPIN_MARKER_END
);
1789 marker
= strndup(e
, k
- e
);
1796 r
= marker_matches_images(marker
, name_or_path
, extension_image_paths
);
1799 *ret_marker
= TAKE_PTR(marker
);
1804 int portable_detach(
1806 const char *name_or_path
,
1807 char **extension_image_paths
,
1808 PortableFlags flags
,
1809 PortableChange
**changes
,
1811 sd_bus_error
*error
) {
1813 _cleanup_(lookup_paths_free
) LookupPaths paths
= {};
1814 _cleanup_set_free_ Set
*unit_files
= NULL
, *markers
= NULL
;
1815 _cleanup_free_
char *extensions
= NULL
;
1816 _cleanup_closedir_
DIR *d
= NULL
;
1817 const char *where
, *item
;
1821 assert(name_or_path
);
1823 r
= lookup_paths_init(&paths
, RUNTIME_SCOPE_SYSTEM
, /* flags= */ 0, NULL
);
1827 where
= attached_path(&paths
, flags
);
1831 if (errno
== ENOENT
)
1834 return log_debug_errno(errno
, "Failed to open '%s' directory: %m", where
);
1837 FOREACH_DIRENT(de
, d
, return log_debug_errno(errno
, "Failed to enumerate '%s' directory: %m", where
)) {
1838 _cleanup_free_
char *marker
= NULL
, *unit_name
= NULL
;
1841 /* When a portable service is enabled with "portablectl --copy=symlink --enable --now attach",
1842 * and is disabled with "portablectl --enable --now detach", which calls DisableUnitFilesWithFlags
1843 * DBus method, the main unit file is removed, but its drop-ins are not. Hence, here we need
1844 * to list both main unit files and drop-in directories (without the main unit files). */
1846 dot
= endswith(de
->d_name
, ".d");
1848 unit_name
= strndup(de
->d_name
, dot
- de
->d_name
);
1850 unit_name
= strdup(de
->d_name
);
1854 if (!unit_name_is_valid(unit_name
, UNIT_NAME_ANY
))
1857 /* Filter out duplicates */
1858 if (set_contains(unit_files
, unit_name
))
1861 if (dot
? !IN_SET(de
->d_type
, DT_LNK
, DT_DIR
) : !IN_SET(de
->d_type
, DT_LNK
, DT_REG
))
1864 r
= test_chroot_dropin(d
, where
, unit_name
, name_or_path
, extension_image_paths
, &marker
);
1870 if (!FLAGS_SET(flags
, PORTABLE_REATTACH
) && !FLAGS_SET(flags
, PORTABLE_FORCE_ATTACH
)) {
1871 r
= unit_file_is_active(bus
, unit_name
, error
);
1875 return sd_bus_error_setf(error
, BUS_ERROR_UNIT_EXISTS
, "Unit file '%s' is active, can't detach.", unit_name
);
1878 r
= set_ensure_consume(&unit_files
, &string_hash_ops_free
, TAKE_PTR(unit_name
));
1880 return log_oom_debug();
1882 for (const char *p
= marker
;;) {
1883 _cleanup_free_
char *image
= NULL
;
1885 r
= extract_first_word(&p
, &image
, ":", EXTRACT_UNESCAPE_SEPARATORS
|EXTRACT_RETAIN_ESCAPE
);
1887 return log_debug_errno(r
, "Failed to parse marker: %s", p
);
1891 if (path_is_absolute(image
) && !image_in_search_path(IMAGE_PORTABLE
, NULL
, image
)) {
1892 r
= set_ensure_consume(&markers
, &path_hash_ops_free
, TAKE_PTR(image
));
1899 if (set_isempty(unit_files
))
1902 SET_FOREACH(item
, unit_files
) {
1903 _cleanup_free_
char *md
= NULL
;
1905 if (unlinkat(dirfd(d
), item
, 0) < 0) {
1906 log_debug_errno(errno
, "Can't remove unit file %s/%s: %m", where
, item
);
1908 if (errno
!= ENOENT
&& ret
>= 0)
1911 portable_changes_add_with_prefix(changes
, n_changes
, PORTABLE_UNLINK
, where
, item
, NULL
);
1913 FOREACH_STRING(suffix
, ".d/10-profile.conf", ".d/20-portable.conf") {
1914 _cleanup_free_
char *dropin
= NULL
;
1916 dropin
= strjoin(item
, suffix
);
1920 if (unlinkat(dirfd(d
), dropin
, 0) < 0) {
1921 log_debug_errno(errno
, "Can't remove drop-in %s/%s: %m", where
, dropin
);
1923 if (errno
!= ENOENT
&& ret
>= 0)
1926 portable_changes_add_with_prefix(changes
, n_changes
, PORTABLE_UNLINK
, where
, dropin
, NULL
);
1929 md
= strjoin(item
, ".d");
1933 if (unlinkat(dirfd(d
), md
, AT_REMOVEDIR
) < 0) {
1934 log_debug_errno(errno
, "Can't remove drop-in directory %s/%s: %m", where
, md
);
1936 if (errno
!= ENOENT
&& ret
>= 0)
1939 portable_changes_add_with_prefix(changes
, n_changes
, PORTABLE_UNLINK
, where
, md
, NULL
);
1942 /* Now, also drop any image symlink or copy, for images outside of the sarch path */
1943 SET_FOREACH(item
, markers
) {
1944 _cleanup_free_
char *target
= NULL
;
1946 r
= image_target_path(item
, flags
, &target
);
1948 log_debug_errno(r
, "Failed to determine image path for '%s', ignoring: %m", item
);
1952 r
= rm_rf(target
, REMOVE_ROOT
| REMOVE_PHYSICAL
| REMOVE_MISSING_OK
| REMOVE_SYNCFS
);
1954 log_debug_errno(r
, "Can't remove image '%s': %m", target
);
1959 portable_changes_add(changes
, n_changes
, PORTABLE_UNLINK
, target
, NULL
);
1962 /* Try to remove the unit file directory, if we can */
1963 if (rmdir(where
) >= 0)
1964 portable_changes_add(changes
, n_changes
, PORTABLE_UNLINK
, where
, NULL
);
1968 "MESSAGE_ID=" SD_MESSAGE_PORTABLE_DETACHED_STR
,
1970 /* extension_images= */ NULL
,
1971 extension_image_paths
,
1977 extensions
= strv_join(extension_image_paths
, ", ");
1981 r
= sd_bus_error_setf(error
,
1982 BUS_ERROR_NO_SUCH_UNIT
,
1983 "No unit files associated with '%s%s%s' found attached to the system. Image not attached?",
1985 isempty(extensions
) ? "" : "' or any of its extensions '",
1986 isempty(extensions
) ? "" : extensions
);
1987 return log_debug_errno(r
, "%s", error
->message
);
1990 static int portable_get_state_internal(
1992 const char *name_or_path
,
1993 char **extension_image_paths
,
1994 PortableFlags flags
,
1996 sd_bus_error
*error
) {
1998 _cleanup_(lookup_paths_free
) LookupPaths paths
= {};
1999 bool found_enabled
= false, found_running
= false;
2000 _cleanup_set_free_ Set
*unit_files
= NULL
;
2001 _cleanup_closedir_
DIR *d
= NULL
;
2005 assert(name_or_path
);
2008 r
= lookup_paths_init(&paths
, RUNTIME_SCOPE_SYSTEM
, /* flags= */ 0, NULL
);
2012 where
= attached_path(&paths
, flags
);
2016 if (errno
== ENOENT
) {
2017 /* If the 'attached' directory doesn't exist at all, then we know for sure this image isn't attached. */
2018 *ret
= PORTABLE_DETACHED
;
2022 return log_debug_errno(errno
, "Failed to open '%s' directory: %m", where
);
2025 FOREACH_DIRENT(de
, d
, return log_debug_errno(errno
, "Failed to enumerate '%s' directory: %m", where
)) {
2026 UnitFileState state
;
2028 if (!unit_name_is_valid(de
->d_name
, UNIT_NAME_ANY
))
2031 /* Filter out duplicates */
2032 if (set_contains(unit_files
, de
->d_name
))
2035 if (!IN_SET(de
->d_type
, DT_LNK
, DT_REG
))
2038 r
= test_chroot_dropin(d
, where
, de
->d_name
, name_or_path
, extension_image_paths
, NULL
);
2044 r
= unit_file_lookup_state(RUNTIME_SCOPE_SYSTEM
, &paths
, de
->d_name
, &state
);
2046 return log_debug_errno(r
, "Failed to determine unit file state of '%s': %m", de
->d_name
);
2047 if (!IN_SET(state
, UNIT_FILE_STATIC
, UNIT_FILE_DISABLED
, UNIT_FILE_LINKED
, UNIT_FILE_LINKED_RUNTIME
))
2048 found_enabled
= true;
2050 r
= unit_file_is_active(bus
, de
->d_name
, error
);
2054 found_running
= true;
2056 r
= set_put_strdup(&unit_files
, de
->d_name
);
2058 return log_debug_errno(r
, "Failed to add unit name '%s' to set: %m", de
->d_name
);
2061 *ret
= found_running
? (!set_isempty(unit_files
) && (flags
& PORTABLE_RUNTIME
) ? PORTABLE_RUNNING_RUNTIME
: PORTABLE_RUNNING
) :
2062 found_enabled
? (flags
& PORTABLE_RUNTIME
? PORTABLE_ENABLED_RUNTIME
: PORTABLE_ENABLED
) :
2063 !set_isempty(unit_files
) ? (flags
& PORTABLE_RUNTIME
? PORTABLE_ATTACHED_RUNTIME
: PORTABLE_ATTACHED
) : PORTABLE_DETACHED
;
2068 int portable_get_state(
2070 const char *name_or_path
,
2071 char **extension_image_paths
,
2072 PortableFlags flags
,
2074 sd_bus_error
*error
) {
2076 PortableState state
;
2079 assert(name_or_path
);
2082 /* We look for matching units twice: once in the regular directories, and once in the runtime directories — but
2083 * the latter only if we didn't find anything in the former. */
2085 r
= portable_get_state_internal(bus
, name_or_path
, extension_image_paths
, flags
& ~PORTABLE_RUNTIME
, &state
, error
);
2089 if (state
== PORTABLE_DETACHED
) {
2090 r
= portable_get_state_internal(bus
, name_or_path
, extension_image_paths
, flags
| PORTABLE_RUNTIME
, &state
, error
);
2099 int portable_get_profiles(char ***ret
) {
2102 return conf_files_list_nulstr(ret
, NULL
, NULL
, CONF_FILES_DIRECTORY
|CONF_FILES_BASENAME
|CONF_FILES_FILTER_MASKED
, PORTABLE_PROFILE_DIRS
);
2105 static const char* const portable_change_type_table
[_PORTABLE_CHANGE_TYPE_MAX
] = {
2106 [PORTABLE_COPY
] = "copy",
2107 [PORTABLE_MKDIR
] = "mkdir",
2108 [PORTABLE_SYMLINK
] = "symlink",
2109 [PORTABLE_UNLINK
] = "unlink",
2110 [PORTABLE_WRITE
] = "write",
2113 DEFINE_STRING_TABLE_LOOKUP(portable_change_type
, int);
2115 static const char* const portable_state_table
[_PORTABLE_STATE_MAX
] = {
2116 [PORTABLE_DETACHED
] = "detached",
2117 [PORTABLE_ATTACHED
] = "attached",
2118 [PORTABLE_ATTACHED_RUNTIME
] = "attached-runtime",
2119 [PORTABLE_ENABLED
] = "enabled",
2120 [PORTABLE_ENABLED_RUNTIME
] = "enabled-runtime",
2121 [PORTABLE_RUNNING
] = "running",
2122 [PORTABLE_RUNNING_RUNTIME
] = "running-runtime",
2125 DEFINE_STRING_TABLE_LOOKUP(portable_state
, PortableState
);