1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
8 #include <sys/sendfile.h>
12 #include "alloc-util.h"
13 #include "btrfs-util.h"
14 #include "chattr-util.h"
16 #include "dirent-util.h"
22 #include "missing_syscall.h"
23 #include "mountpoint-util.h"
24 #include "nulstr-util.h"
26 #include "selinux-util.h"
27 #include "stat-util.h"
28 #include "stdio-util.h"
29 #include "string-util.h"
31 #include "time-util.h"
32 #include "tmpfile-util.h"
33 #include "umask-util.h"
34 #include "user-util.h"
35 #include "xattr-util.h"
37 #define COPY_BUFFER_SIZE (16U*1024U)
39 /* A safety net for descending recursively into file system trees to copy. On Linux PATH_MAX is 4096, which means the
40 * deepest valid path one can build is around 2048, which we hence use as a safety net here, to not spin endlessly in
41 * case of bind mount cycles and suchlike. */
42 #define COPY_DEPTH_MAX 2048U
44 static ssize_t
try_copy_file_range(
45 int fd_in
, loff_t
*off_in
,
46 int fd_out
, loff_t
*off_out
,
56 r
= copy_file_range(fd_in
, off_in
, fd_out
, off_out
, len
, flags
);
58 have
= r
>= 0 || errno
!= ENOSYS
;
68 FD_IS_NONBLOCKING_PIPE
,
71 static int fd_is_nonblock_pipe(int fd
) {
75 /* Checks whether the specified file descriptor refers to a pipe, and if so if O_NONBLOCK is set. */
77 if (fstat(fd
, &st
) < 0)
80 if (!S_ISFIFO(st
.st_mode
))
83 flags
= fcntl(fd
, F_GETFL
);
87 return FLAGS_SET(flags
, O_NONBLOCK
) ? FD_IS_NONBLOCKING_PIPE
: FD_IS_BLOCKING_PIPE
;
90 static int sigint_pending(void) {
93 assert_se(sigemptyset(&ss
) >= 0);
94 assert_se(sigaddset(&ss
, SIGINT
) >= 0);
96 if (sigtimedwait(&ss
, NULL
, &(struct timespec
) { 0, 0 }) < 0) {
109 CopyFlags copy_flags
,
111 size_t *ret_remains_size
,
112 copy_progress_bytes_t progress
,
115 bool try_cfr
= true, try_sendfile
= true, try_splice
= true;
116 int r
, nonblock_pipe
= -1;
117 size_t m
= SSIZE_MAX
; /* that is the maximum that sendfile and c_f_r accept */
122 /* Tries to copy bytes from the file descriptor 'fdf' to 'fdt' in the smartest possible way. Copies a maximum
123 * of 'max_bytes', which may be specified as UINT64_MAX, in which no maximum is applied. Returns negative on
124 * error, zero if EOF is hit before the bytes limit is hit and positive otherwise. If the copy fails for some
125 * reason but we read but didn't yet write some data an ret_remains/ret_remains_size is not NULL, then it will
126 * be initialized with an allocated buffer containing this "remaining" data. Note that these two parameters are
127 * initialized with a valid buffer only on failure and only if there's actually data already read. Otherwise
128 * these parameters if non-NULL are set to NULL. */
132 if (ret_remains_size
)
133 *ret_remains_size
= 0;
135 /* Try btrfs reflinks first. This only works on regular, seekable files, hence let's check the file offsets of
136 * source and destination first. */
137 if ((copy_flags
& COPY_REFLINK
)) {
140 foffset
= lseek(fdf
, 0, SEEK_CUR
);
144 toffset
= lseek(fdt
, 0, SEEK_CUR
);
147 if (foffset
== 0 && toffset
== 0 && max_bytes
== UINT64_MAX
)
148 r
= btrfs_reflink(fdf
, fdt
); /* full file reflink */
150 r
= btrfs_clone_range(fdf
, foffset
, fdt
, toffset
, max_bytes
== UINT64_MAX
? 0 : max_bytes
); /* partial reflink */
154 /* This worked, yay! Now — to be fully correct — let's adjust the file pointers */
155 if (max_bytes
== UINT64_MAX
) {
157 /* We cloned to the end of the source file, let's position the read
158 * pointer there, and query it at the same time. */
159 t
= lseek(fdf
, 0, SEEK_END
);
165 /* Let's adjust the destination file write pointer by the same number
167 t
= lseek(fdt
, toffset
+ (t
- foffset
), SEEK_SET
);
171 return 0; /* we copied the whole thing, hence hit EOF, return 0 */
173 t
= lseek(fdf
, foffset
+ max_bytes
, SEEK_SET
);
177 t
= lseek(fdt
, toffset
+ max_bytes
, SEEK_SET
);
181 return 1; /* we copied only some number of bytes, which worked, but this means we didn't hit EOF, return 1 */
192 return 1; /* return > 0 if we hit the max_bytes limit */
194 if (FLAGS_SET(copy_flags
, COPY_SIGINT
)) {
195 r
= sigint_pending();
202 if (max_bytes
!= UINT64_MAX
&& m
> max_bytes
)
205 /* First try copy_file_range(), unless we already tried */
207 n
= try_copy_file_range(fdf
, NULL
, fdt
, NULL
, m
, 0u);
209 if (!IN_SET(n
, -EINVAL
, -ENOSYS
, -EXDEV
, -EBADF
))
213 /* use fallback below */
214 } else if (n
== 0) /* EOF */
221 /* First try sendfile(), unless we already tried */
223 n
= sendfile(fdt
, fdf
, NULL
, m
);
225 if (!IN_SET(errno
, EINVAL
, ENOSYS
))
228 try_sendfile
= false;
229 /* use fallback below */
230 } else if (n
== 0) /* EOF */
237 /* Then try splice, unless we already tried. */
240 /* splice()'s asynchronous I/O support is a bit weird. When it encounters a pipe file
241 * descriptor, then it will ignore its O_NONBLOCK flag and instead only honour the
242 * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour here, and
243 * check if either of the specified fds are a pipe, and if so, let's pass the flag
244 * automatically, depending on O_NONBLOCK being set.
246 * Here's a twist though: when we use it to move data between two pipes of which one has
247 * O_NONBLOCK set and the other has not, then we have no individual control over O_NONBLOCK
248 * behaviour. Hence in that case we can't use splice() and still guarantee systematic
249 * O_NONBLOCK behaviour, hence don't. */
251 if (nonblock_pipe
< 0) {
254 /* Check if either of these fds is a pipe, and if so non-blocking or not */
255 a
= fd_is_nonblock_pipe(fdf
);
259 b
= fd_is_nonblock_pipe(fdt
);
263 if ((a
== FD_IS_NO_PIPE
&& b
== FD_IS_NO_PIPE
) ||
264 (a
== FD_IS_BLOCKING_PIPE
&& b
== FD_IS_NONBLOCKING_PIPE
) ||
265 (a
== FD_IS_NONBLOCKING_PIPE
&& b
== FD_IS_BLOCKING_PIPE
))
267 /* splice() only works if one of the fds is a pipe. If neither is, let's skip
268 * this step right-away. As mentioned above, if one of the two fds refers to a
269 * blocking pipe and the other to a non-blocking pipe, we can't use splice()
270 * either, hence don't try either. This hence means we can only use splice() if
271 * either only one of the two fds is a pipe, or if both are pipes with the same
272 * nonblocking flag setting. */
276 nonblock_pipe
= a
== FD_IS_NONBLOCKING_PIPE
|| b
== FD_IS_NONBLOCKING_PIPE
;
281 n
= splice(fdf
, NULL
, fdt
, NULL
, m
, nonblock_pipe
? SPLICE_F_NONBLOCK
: 0);
283 if (!IN_SET(errno
, EINVAL
, ENOSYS
))
287 /* use fallback below */
288 } else if (n
== 0) /* EOF */
295 /* As a fallback just copy bits by hand */
297 uint8_t buf
[MIN(m
, COPY_BUFFER_SIZE
)], *p
= buf
;
300 n
= read(fdf
, buf
, sizeof buf
);
303 if (n
== 0) /* EOF */
310 k
= write(fdt
, p
, z
);
324 if (ret_remains_size
)
325 *ret_remains_size
= z
;
338 r
= progress(n
, userdata
);
343 if (max_bytes
!= (uint64_t) -1) {
344 assert(max_bytes
>= (uint64_t) n
);
348 /* sendfile accepts at most SSIZE_MAX-offset bytes to copy,
349 * so reduce our maximum by the amount we already copied,
350 * but don't go below our copy buffer size, unless we are
351 * close the limit of bytes we are allowed to copy. */
352 m
= MAX(MIN(COPY_BUFFER_SIZE
, max_bytes
), m
- n
);
355 return 0; /* return 0 if we hit EOF earlier than the size limit */
358 static int fd_copy_symlink(
361 const struct stat
*st
,
366 CopyFlags copy_flags
) {
368 _cleanup_free_
char *target
= NULL
;
375 r
= readlinkat_malloc(df
, from
, &target
);
379 if (copy_flags
& COPY_MAC_CREATE
) {
380 r
= mac_selinux_create_file_prepare_at(dt
, to
, S_IFLNK
);
384 r
= symlinkat(target
, dt
, to
);
385 if (copy_flags
& COPY_MAC_CREATE
)
386 mac_selinux_create_file_clear();
391 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
392 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
,
393 AT_SYMLINK_NOFOLLOW
) < 0)
399 /* Encapsulates the database we store potential hardlink targets in */
400 typedef struct HardlinkContext
{
401 int dir_fd
; /* An fd to the directory we use as lookup table. Never AT_FDCWD. Lazily created, when
402 * we add the first entry. */
404 /* These two fields are used to create the hardlink repository directory above — via
405 * mkdirat(parent_fd, subdir) — and are kept so that we can automatically remove the directory again
406 * when we are done. */
407 int parent_fd
; /* Possibly AT_FDCWD */
411 static int hardlink_context_setup(
415 CopyFlags copy_flags
) {
417 _cleanup_close_
int dt_copy
= -1;
421 assert(c
->dir_fd
< 0 && c
->dir_fd
!= AT_FDCWD
);
422 assert(c
->parent_fd
< 0);
425 /* If hardlink recreation is requested we have to maintain a database of inodes that are potential
426 * hardlink sources. Given that generally disk sizes have to be assumed to be larger than what fits
427 * into physical RAM we cannot maintain that database in dynamic memory alone. Here we opt to
428 * maintain it on disk, to simplify things: inside the destination directory we'll maintain a
429 * temporary directory consisting of hardlinks of every inode we copied that might be subject of
430 * hardlinks. We can then use that as hardlink source later on. Yes, this means additional disk IO
431 * but thankfully Linux is optimized for this kind of thing. If this ever becomes a performance
432 * bottleneck we can certainly place an in-memory hash table in front of this, but for the beginning,
433 * let's keep things simple, and just use the disk as lookup table for inodes.
435 * Note that this should have zero performance impact as long as .n_link of all files copied remains
436 * <= 0, because in that case we will not actually allocate the hardlink inode lookup table directory
437 * on disk (we do so lazily, when the first candidate with .n_link > 1 is seen). This means, in the
438 * common case where hardlinks are not used at all or only for few files the fact that we store the
439 * table on disk shouldn't matter perfomance-wise. */
441 if (!FLAGS_SET(copy_flags
, COPY_HARDLINKS
))
449 dt_copy
= fcntl(dt
, F_DUPFD_CLOEXEC
, 3);
454 r
= tempfn_random_child(to
, "hardlink", &c
->subdir
);
458 c
->parent_fd
= TAKE_FD(dt_copy
);
460 /* We don't actually create the directory we keep the table in here, that's done on-demand when the
461 * first entry is added, using hardlink_context_realize() below. */
465 static int hardlink_context_realize(HardlinkContext
*c
) {
471 if (c
->dir_fd
>= 0) /* Already realized */
474 if (c
->parent_fd
< 0 && c
->parent_fd
!= AT_FDCWD
) /* Not configured */
479 if (mkdirat(c
->parent_fd
, c
->subdir
, 0700) < 0)
482 c
->dir_fd
= openat(c
->parent_fd
, c
->subdir
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
);
485 (void) unlinkat(c
->parent_fd
, c
->subdir
, AT_REMOVEDIR
);
492 static void hardlink_context_destroy(HardlinkContext
*c
) {
497 /* Automatically remove the hardlink lookup table directory again after we are done. This is used via
498 * _cleanup_() so that we really delete this, even on failure. */
500 if (c
->dir_fd
>= 0) {
501 r
= rm_rf_children(TAKE_FD(c
->dir_fd
), REMOVE_PHYSICAL
, NULL
); /* consumes dir_fd in all cases, even on failure */
503 log_debug_errno(r
, "Failed to remove hardlink store (%s) contents, ignoring: %m", c
->subdir
);
505 assert(c
->parent_fd
>= 0 || c
->parent_fd
== AT_FDCWD
);
508 if (unlinkat(c
->parent_fd
, c
->subdir
, AT_REMOVEDIR
) < 0)
509 log_debug_errno(errno
, "Failed to remove hardlink store (%s) directory, ignoring: %m", c
->subdir
);
512 assert_cc(AT_FDCWD
< 0);
513 c
->parent_fd
= safe_close(c
->parent_fd
);
515 c
->subdir
= mfree(c
->subdir
);
518 static int try_hardlink(
520 const struct stat
*st
,
524 char dev_ino
[DECIMAL_STR_MAX(dev_t
)*2 + DECIMAL_STR_MAX(uint64_t) + 4];
527 assert(dt
>= 0 || dt
== AT_FDCWD
);
530 if (!c
) /* No temporary hardlink directory, don't bother */
533 if (st
->st_nlink
<= 1) /* Source not hardlinked, don't bother */
536 if (c
->dir_fd
< 0) /* not yet realized, hence empty */
539 xsprintf(dev_ino
, "%u:%u:%" PRIu64
, major(st
->st_dev
), minor(st
->st_dev
), (uint64_t) st
->st_ino
);
540 if (linkat(c
->dir_fd
, dev_ino
, dt
, to
, 0) < 0) {
541 if (errno
!= ENOENT
) /* doesn't exist in store yet */
542 log_debug_errno(errno
, "Failed to hardlink %s to %s, ignoring: %m", dev_ino
, to
);
549 static int memorize_hardlink(
551 const struct stat
*st
,
555 char dev_ino
[DECIMAL_STR_MAX(dev_t
)*2 + DECIMAL_STR_MAX(uint64_t) + 4];
559 assert(dt
>= 0 || dt
== AT_FDCWD
);
562 if (!c
) /* No temporary hardlink directory, don't bother */
565 if (st
->st_nlink
<= 1) /* Source not hardlinked, don't bother */
568 r
= hardlink_context_realize(c
); /* Create the hardlink store lazily */
572 xsprintf(dev_ino
, "%u:%u:%" PRIu64
, major(st
->st_dev
), minor(st
->st_dev
), (uint64_t) st
->st_ino
);
573 if (linkat(dt
, to
, c
->dir_fd
, dev_ino
, 0) < 0) {
574 log_debug_errno(errno
, "Failed to hardlink %s to %s, ignoring: %m", to
, dev_ino
);
581 static int fd_copy_regular(
584 const struct stat
*st
,
589 CopyFlags copy_flags
,
590 HardlinkContext
*hardlink_context
,
591 copy_progress_bytes_t progress
,
594 _cleanup_close_
int fdf
= -1, fdt
= -1;
595 struct timespec ts
[2];
602 r
= try_hardlink(hardlink_context
, st
, dt
, to
);
605 if (r
> 0) /* worked! */
608 fdf
= openat(df
, from
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
);
612 if (copy_flags
& COPY_MAC_CREATE
) {
613 r
= mac_selinux_create_file_prepare_at(dt
, to
, S_IFREG
);
617 fdt
= openat(dt
, to
, O_WRONLY
|O_CREAT
|O_EXCL
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
, st
->st_mode
& 07777);
618 if (copy_flags
& COPY_MAC_CREATE
)
619 mac_selinux_create_file_clear();
623 r
= copy_bytes_full(fdf
, fdt
, (uint64_t) -1, copy_flags
, NULL
, NULL
, progress
, userdata
);
625 (void) unlinkat(dt
, to
, 0);
630 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
631 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
) < 0)
634 if (fchmod(fdt
, st
->st_mode
& 07777) < 0)
639 (void) futimens(fdt
, ts
);
640 (void) copy_xattr(fdf
, fdt
);
647 (void) unlinkat(dt
, to
, 0);
650 (void) memorize_hardlink(hardlink_context
, st
, dt
, to
);
654 static int fd_copy_fifo(
657 const struct stat
*st
,
662 CopyFlags copy_flags
,
663 HardlinkContext
*hardlink_context
) {
670 r
= try_hardlink(hardlink_context
, st
, dt
, to
);
673 if (r
> 0) /* worked! */
676 if (copy_flags
& COPY_MAC_CREATE
) {
677 r
= mac_selinux_create_file_prepare_at(dt
, to
, S_IFIFO
);
681 r
= mkfifoat(dt
, to
, st
->st_mode
& 07777);
682 if (copy_flags
& COPY_MAC_CREATE
)
683 mac_selinux_create_file_clear();
688 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
689 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
,
690 AT_SYMLINK_NOFOLLOW
) < 0)
693 if (fchmodat(dt
, to
, st
->st_mode
& 07777, 0) < 0)
696 (void) memorize_hardlink(hardlink_context
, st
, dt
, to
);
700 static int fd_copy_node(
703 const struct stat
*st
,
708 CopyFlags copy_flags
,
709 HardlinkContext
*hardlink_context
) {
716 r
= try_hardlink(hardlink_context
, st
, dt
, to
);
719 if (r
> 0) /* worked! */
722 if (copy_flags
& COPY_MAC_CREATE
) {
723 r
= mac_selinux_create_file_prepare_at(dt
, to
, st
->st_mode
& S_IFMT
);
727 r
= mknodat(dt
, to
, st
->st_mode
, st
->st_rdev
);
728 if (copy_flags
& COPY_MAC_CREATE
)
729 mac_selinux_create_file_clear();
734 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
735 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
,
736 AT_SYMLINK_NOFOLLOW
) < 0)
739 if (fchmodat(dt
, to
, st
->st_mode
& 07777, 0) < 0)
742 (void) memorize_hardlink(hardlink_context
, st
, dt
, to
);
746 static int fd_copy_directory(
749 const struct stat
*st
,
752 dev_t original_device
,
756 CopyFlags copy_flags
,
757 HardlinkContext
*hardlink_context
,
758 const char *display_path
,
759 copy_progress_path_t progress_path
,
760 copy_progress_bytes_t progress_bytes
,
763 _cleanup_(hardlink_context_destroy
) HardlinkContext our_hardlink_context
= {
768 _cleanup_close_
int fdf
= -1, fdt
= -1;
769 _cleanup_closedir_
DIR *d
= NULL
;
771 bool exists
, created
;
778 return -ENAMETOOLONG
;
781 fdf
= openat(df
, from
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
);
783 fdf
= fcntl(df
, F_DUPFD_CLOEXEC
, 3);
787 if (!hardlink_context
) {
788 /* If recreating hardlinks is requested let's set up a context for that now. */
789 r
= hardlink_context_setup(&our_hardlink_context
, dt
, to
, copy_flags
);
792 if (r
> 0) /* It's enabled and allocated, let's now use the same context for all recursive
793 * invocations from here down */
794 hardlink_context
= &our_hardlink_context
;
797 d
= take_fdopendir(&fdf
);
802 if (copy_flags
& COPY_MERGE_EMPTY
) {
803 r
= dir_is_empty_at(dt
, to
);
804 if (r
< 0 && r
!= -ENOENT
)
813 if (copy_flags
& COPY_MAC_CREATE
)
814 r
= mkdirat_label(dt
, to
, st
->st_mode
& 07777);
816 r
= mkdirat(dt
, to
, st
->st_mode
& 07777);
819 else if (errno
== EEXIST
&& (copy_flags
& COPY_MERGE
))
825 fdt
= openat(dt
, to
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
);
831 FOREACH_DIRENT_ALL(de
, d
, return -errno
) {
832 const char *child_display_path
= NULL
;
833 _cleanup_free_
char *dp
= NULL
;
837 if (dot_or_dot_dot(de
->d_name
))
840 if (FLAGS_SET(copy_flags
, COPY_SIGINT
)) {
841 r
= sigint_pending();
848 if (fstatat(dirfd(d
), de
->d_name
, &buf
, AT_SYMLINK_NOFOLLOW
) < 0) {
855 child_display_path
= dp
= path_join(display_path
, de
->d_name
);
857 child_display_path
= de
->d_name
;
859 r
= progress_path(child_display_path
, &buf
, userdata
);
864 if (S_ISDIR(buf
.st_mode
)) {
866 * Don't descend into directories on other file systems, if this is requested. We do a simple
867 * .st_dev check here, which basically comes for free. Note that we do this check only on
868 * directories, not other kind of file system objects, for two reason:
870 * • The kernel's overlayfs pseudo file system that overlays multiple real file systems
871 * propagates the .st_dev field of the file system a file originates from all the way up
872 * through the stack to stat(). It doesn't do that for directories however. This means that
873 * comparing .st_dev on non-directories suggests that they all are mount points. To avoid
874 * confusion we hence avoid relying on this check for regular files.
876 * • The main reason we do this check at all is to protect ourselves from bind mount cycles,
877 * where we really want to avoid descending down in all eternity. However the .st_dev check
878 * is usually not sufficient for this protection anyway, as bind mount cycles from the same
879 * file system onto itself can't be detected that way. (Note we also do a recursion depth
880 * check, which is probably the better protection in this regard, which is why
881 * COPY_SAME_MOUNT is optional).
884 if (FLAGS_SET(copy_flags
, COPY_SAME_MOUNT
)) {
885 if (buf
.st_dev
!= original_device
)
888 r
= fd_is_mount_point(dirfd(d
), de
->d_name
, 0);
895 q
= fd_copy_directory(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, original_device
, depth_left
-1, override_uid
, override_gid
, copy_flags
, hardlink_context
, child_display_path
, progress_path
, progress_bytes
, userdata
);
896 } else if (S_ISREG(buf
.st_mode
))
897 q
= fd_copy_regular(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
, hardlink_context
, progress_bytes
, userdata
);
898 else if (S_ISLNK(buf
.st_mode
))
899 q
= fd_copy_symlink(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
);
900 else if (S_ISFIFO(buf
.st_mode
))
901 q
= fd_copy_fifo(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
, hardlink_context
);
902 else if (S_ISBLK(buf
.st_mode
) || S_ISCHR(buf
.st_mode
) || S_ISSOCK(buf
.st_mode
))
903 q
= fd_copy_node(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
, hardlink_context
);
907 if (q
== -EINTR
) /* Propagate SIGINT up instantly */
909 if (q
== -EEXIST
&& (copy_flags
& COPY_MERGE
))
916 struct timespec ut
[2] = {
922 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
923 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
) < 0)
926 if (fchmod(fdt
, st
->st_mode
& 07777) < 0)
929 (void) copy_xattr(dirfd(d
), fdt
);
930 (void) futimens(fdt
, ut
);
936 int copy_tree_at_full(
943 CopyFlags copy_flags
,
944 copy_progress_path_t progress_path
,
945 copy_progress_bytes_t progress_bytes
,
953 if (fstatat(fdf
, from
, &st
, AT_SYMLINK_NOFOLLOW
) < 0)
956 if (S_ISREG(st
.st_mode
))
957 return fd_copy_regular(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
, NULL
, progress_bytes
, userdata
);
958 else if (S_ISDIR(st
.st_mode
))
959 return fd_copy_directory(fdf
, from
, &st
, fdt
, to
, st
.st_dev
, COPY_DEPTH_MAX
, override_uid
, override_gid
, copy_flags
, NULL
, NULL
, progress_path
, progress_bytes
, userdata
);
960 else if (S_ISLNK(st
.st_mode
))
961 return fd_copy_symlink(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
);
962 else if (S_ISFIFO(st
.st_mode
))
963 return fd_copy_fifo(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
, NULL
);
964 else if (S_ISBLK(st
.st_mode
) || S_ISCHR(st
.st_mode
) || S_ISSOCK(st
.st_mode
))
965 return fd_copy_node(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
, NULL
);
970 int copy_directory_fd_full(
973 CopyFlags copy_flags
,
974 copy_progress_path_t progress_path
,
975 copy_progress_bytes_t progress_bytes
,
983 if (fstat(dirfd
, &st
) < 0)
986 if (!S_ISDIR(st
.st_mode
))
989 return fd_copy_directory(dirfd
, NULL
, &st
, AT_FDCWD
, to
, st
.st_dev
, COPY_DEPTH_MAX
, UID_INVALID
, GID_INVALID
, copy_flags
, NULL
, NULL
, progress_path
, progress_bytes
, userdata
);
992 int copy_directory_full(
995 CopyFlags copy_flags
,
996 copy_progress_path_t progress_path
,
997 copy_progress_bytes_t progress_bytes
,
1005 if (lstat(from
, &st
) < 0)
1008 if (!S_ISDIR(st
.st_mode
))
1011 return fd_copy_directory(AT_FDCWD
, from
, &st
, AT_FDCWD
, to
, st
.st_dev
, COPY_DEPTH_MAX
, UID_INVALID
, GID_INVALID
, copy_flags
, NULL
, NULL
, progress_path
, progress_bytes
, userdata
);
1014 int copy_file_fd_full(
1017 CopyFlags copy_flags
,
1018 copy_progress_bytes_t progress_bytes
,
1021 _cleanup_close_
int fdf
= -1;
1027 fdf
= open(from
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1031 r
= copy_bytes_full(fdf
, fdt
, (uint64_t) -1, copy_flags
, NULL
, NULL
, progress_bytes
, userdata
);
1033 (void) copy_times(fdf
, fdt
, copy_flags
);
1034 (void) copy_xattr(fdf
, fdt
);
1044 unsigned chattr_flags
,
1045 unsigned chattr_mask
,
1046 CopyFlags copy_flags
,
1047 copy_progress_bytes_t progress_bytes
,
1055 RUN_WITH_UMASK(0000) {
1056 if (copy_flags
& COPY_MAC_CREATE
) {
1057 r
= mac_selinux_create_file_prepare(to
, S_IFREG
);
1061 fdt
= open(to
, flags
|O_WRONLY
|O_CREAT
|O_CLOEXEC
|O_NOCTTY
, mode
);
1062 if (copy_flags
& COPY_MAC_CREATE
)
1063 mac_selinux_create_file_clear();
1068 if (chattr_mask
!= 0)
1069 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& CHATTR_EARLY_FL
, NULL
);
1071 r
= copy_file_fd_full(from
, fdt
, copy_flags
, progress_bytes
, userdata
);
1078 if (chattr_mask
!= 0)
1079 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& ~CHATTR_EARLY_FL
, NULL
);
1081 if (close(fdt
) < 0) {
1089 int copy_file_atomic_full(
1093 unsigned chattr_flags
,
1094 unsigned chattr_mask
,
1095 CopyFlags copy_flags
,
1096 copy_progress_bytes_t progress_bytes
,
1099 _cleanup_(unlink_and_freep
) char *t
= NULL
;
1100 _cleanup_close_
int fdt
= -1;
1106 /* We try to use O_TMPFILE here to create the file if we can. Note that that only works if COPY_REPLACE is not
1107 * set though as we need to use linkat() for linking the O_TMPFILE file into the file system but that system
1108 * call can't replace existing files. Hence, if COPY_REPLACE is set we create a temporary name in the file
1109 * system right-away and unconditionally which we then can renameat() to the right name after we completed
1112 if (copy_flags
& COPY_REPLACE
) {
1113 r
= tempfn_random(to
, NULL
, &t
);
1117 if (copy_flags
& COPY_MAC_CREATE
) {
1118 r
= mac_selinux_create_file_prepare(to
, S_IFREG
);
1124 fdt
= open(t
, O_CREAT
|O_EXCL
|O_NOFOLLOW
|O_NOCTTY
|O_WRONLY
|O_CLOEXEC
, 0600);
1125 if (copy_flags
& COPY_MAC_CREATE
)
1126 mac_selinux_create_file_clear();
1132 if (copy_flags
& COPY_MAC_CREATE
) {
1133 r
= mac_selinux_create_file_prepare(to
, S_IFREG
);
1137 fdt
= open_tmpfile_linkable(to
, O_WRONLY
|O_CLOEXEC
, &t
);
1138 if (copy_flags
& COPY_MAC_CREATE
)
1139 mac_selinux_create_file_clear();
1144 if (chattr_mask
!= 0)
1145 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& CHATTR_EARLY_FL
, NULL
);
1147 r
= copy_file_fd_full(from
, fdt
, copy_flags
, progress_bytes
, userdata
);
1151 if (fchmod(fdt
, mode
) < 0)
1154 if (copy_flags
& COPY_REPLACE
) {
1155 if (renameat(AT_FDCWD
, t
, AT_FDCWD
, to
) < 0)
1158 r
= link_tmpfile(fdt
, t
, to
);
1163 if (chattr_mask
!= 0)
1164 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& ~CHATTR_EARLY_FL
, NULL
);
1170 int copy_times(int fdf
, int fdt
, CopyFlags flags
) {
1171 struct timespec ut
[2];
1177 if (fstat(fdf
, &st
) < 0)
1183 if (futimens(fdt
, ut
) < 0)
1186 if (FLAGS_SET(flags
, COPY_CRTIME
)) {
1189 if (fd_getcrtime(fdf
, &crtime
) >= 0)
1190 (void) fd_setcrtime(fdt
, crtime
);
1196 int copy_access(int fdf
, int fdt
) {
1202 if (fstat(fdf
, &st
) < 0)
1205 if (fchmod(fdt
, st
.st_mode
& 07777) < 0)
1211 int copy_xattr(int fdf
, int fdt
) {
1212 _cleanup_free_
char *names
= NULL
;
1216 r
= flistxattr_malloc(fdf
, &names
);
1220 NULSTR_FOREACH(p
, names
) {
1221 _cleanup_free_
char *value
= NULL
;
1223 if (!startswith(p
, "user."))
1226 r
= fgetxattr_malloc(fdf
, p
, &value
);
1228 continue; /* gone by now */
1232 if (fsetxattr(fdt
, p
, value
, r
, 0) < 0)