1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
8 #include <sys/sendfile.h>
12 #include "alloc-util.h"
13 #include "btrfs-util.h"
14 #include "chattr-util.h"
16 #include "dirent-util.h"
22 #include "missing_syscall.h"
23 #include "mountpoint-util.h"
24 #include "nulstr-util.h"
26 #include "selinux-util.h"
27 #include "stat-util.h"
28 #include "stdio-util.h"
29 #include "string-util.h"
31 #include "time-util.h"
32 #include "tmpfile-util.h"
33 #include "umask-util.h"
34 #include "user-util.h"
35 #include "xattr-util.h"
37 #define COPY_BUFFER_SIZE (16U*1024U)
39 /* A safety net for descending recursively into file system trees to copy. On Linux PATH_MAX is 4096, which means the
40 * deepest valid path one can build is around 2048, which we hence use as a safety net here, to not spin endlessly in
41 * case of bind mount cycles and suchlike. */
42 #define COPY_DEPTH_MAX 2048U
44 static ssize_t
try_copy_file_range(
45 int fd_in
, loff_t
*off_in
,
46 int fd_out
, loff_t
*off_out
,
56 r
= copy_file_range(fd_in
, off_in
, fd_out
, off_out
, len
, flags
);
58 have
= r
>= 0 || errno
!= ENOSYS
;
68 FD_IS_NONBLOCKING_PIPE
,
71 static int fd_is_nonblock_pipe(int fd
) {
75 /* Checks whether the specified file descriptor refers to a pipe, and if so if O_NONBLOCK is set. */
77 if (fstat(fd
, &st
) < 0)
80 if (!S_ISFIFO(st
.st_mode
))
83 flags
= fcntl(fd
, F_GETFL
);
87 return FLAGS_SET(flags
, O_NONBLOCK
) ? FD_IS_NONBLOCKING_PIPE
: FD_IS_BLOCKING_PIPE
;
90 static int sigint_pending(void) {
93 assert_se(sigemptyset(&ss
) >= 0);
94 assert_se(sigaddset(&ss
, SIGINT
) >= 0);
96 if (sigtimedwait(&ss
, NULL
, &(struct timespec
) { 0, 0 }) < 0) {
109 CopyFlags copy_flags
,
111 size_t *ret_remains_size
,
112 copy_progress_bytes_t progress
,
115 bool try_cfr
= true, try_sendfile
= true, try_splice
= true, copied_something
= false;
116 int r
, nonblock_pipe
= -1;
117 size_t m
= SSIZE_MAX
; /* that is the maximum that sendfile and c_f_r accept */
122 /* Tries to copy bytes from the file descriptor 'fdf' to 'fdt' in the smartest possible way. Copies a maximum
123 * of 'max_bytes', which may be specified as UINT64_MAX, in which no maximum is applied. Returns negative on
124 * error, zero if EOF is hit before the bytes limit is hit and positive otherwise. If the copy fails for some
125 * reason but we read but didn't yet write some data an ret_remains/ret_remains_size is not NULL, then it will
126 * be initialized with an allocated buffer containing this "remaining" data. Note that these two parameters are
127 * initialized with a valid buffer only on failure and only if there's actually data already read. Otherwise
128 * these parameters if non-NULL are set to NULL. */
132 if (ret_remains_size
)
133 *ret_remains_size
= 0;
135 /* Try btrfs reflinks first. This only works on regular, seekable files, hence let's check the file offsets of
136 * source and destination first. */
137 if ((copy_flags
& COPY_REFLINK
)) {
140 foffset
= lseek(fdf
, 0, SEEK_CUR
);
144 toffset
= lseek(fdt
, 0, SEEK_CUR
);
147 if (foffset
== 0 && toffset
== 0 && max_bytes
== UINT64_MAX
)
148 r
= btrfs_reflink(fdf
, fdt
); /* full file reflink */
150 r
= btrfs_clone_range(fdf
, foffset
, fdt
, toffset
, max_bytes
== UINT64_MAX
? 0 : max_bytes
); /* partial reflink */
154 /* This worked, yay! Now — to be fully correct — let's adjust the file pointers */
155 if (max_bytes
== UINT64_MAX
) {
157 /* We cloned to the end of the source file, let's position the read
158 * pointer there, and query it at the same time. */
159 t
= lseek(fdf
, 0, SEEK_END
);
165 /* Let's adjust the destination file write pointer by the same number
167 t
= lseek(fdt
, toffset
+ (t
- foffset
), SEEK_SET
);
171 return 0; /* we copied the whole thing, hence hit EOF, return 0 */
173 t
= lseek(fdf
, foffset
+ max_bytes
, SEEK_SET
);
177 t
= lseek(fdt
, toffset
+ max_bytes
, SEEK_SET
);
181 return 1; /* we copied only some number of bytes, which worked, but this means we didn't hit EOF, return 1 */
192 return 1; /* return > 0 if we hit the max_bytes limit */
194 if (FLAGS_SET(copy_flags
, COPY_SIGINT
)) {
195 r
= sigint_pending();
202 if (max_bytes
!= UINT64_MAX
&& m
> max_bytes
)
205 /* First try copy_file_range(), unless we already tried */
207 n
= try_copy_file_range(fdf
, NULL
, fdt
, NULL
, m
, 0u);
209 if (!IN_SET(n
, -EINVAL
, -ENOSYS
, -EXDEV
, -EBADF
))
213 /* use fallback below */
214 } else if (n
== 0) { /* likely EOF */
216 if (copied_something
)
219 /* So, we hit EOF immediately, without having copied a single byte. This
220 * could indicate two things: the file is actually empty, or we are on some
221 * virtual file system such as procfs/sysfs where the syscall actually
222 * doesn't work but doesn't return an error. Try to handle that, by falling
223 * back to simple read()s in case we encounter empty files.
225 * See: https://lwn.net/Articles/846403/ */
226 try_cfr
= try_sendfile
= try_splice
= false;
232 /* First try sendfile(), unless we already tried */
234 n
= sendfile(fdt
, fdf
, NULL
, m
);
236 if (!IN_SET(errno
, EINVAL
, ENOSYS
))
239 try_sendfile
= false;
240 /* use fallback below */
241 } else if (n
== 0) { /* likely EOF */
243 if (copied_something
)
246 try_sendfile
= try_splice
= false; /* same logic as above for copy_file_range() */
253 /* Then try splice, unless we already tried. */
256 /* splice()'s asynchronous I/O support is a bit weird. When it encounters a pipe file
257 * descriptor, then it will ignore its O_NONBLOCK flag and instead only honour the
258 * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour
259 * here, and check if either of the specified fds are a pipe, and if so, let's pass
260 * the flag automatically, depending on O_NONBLOCK being set.
262 * Here's a twist though: when we use it to move data between two pipes of which one
263 * has O_NONBLOCK set and the other has not, then we have no individual control over
264 * O_NONBLOCK behaviour. Hence in that case we can't use splice() and still guarantee
265 * systematic O_NONBLOCK behaviour, hence don't. */
267 if (nonblock_pipe
< 0) {
270 /* Check if either of these fds is a pipe, and if so non-blocking or not */
271 a
= fd_is_nonblock_pipe(fdf
);
275 b
= fd_is_nonblock_pipe(fdt
);
279 if ((a
== FD_IS_NO_PIPE
&& b
== FD_IS_NO_PIPE
) ||
280 (a
== FD_IS_BLOCKING_PIPE
&& b
== FD_IS_NONBLOCKING_PIPE
) ||
281 (a
== FD_IS_NONBLOCKING_PIPE
&& b
== FD_IS_BLOCKING_PIPE
))
283 /* splice() only works if one of the fds is a pipe. If neither is,
284 * let's skip this step right-away. As mentioned above, if one of the
285 * two fds refers to a blocking pipe and the other to a non-blocking
286 * pipe, we can't use splice() either, hence don't try either. This
287 * hence means we can only use splice() if either only one of the two
288 * fds is a pipe, or if both are pipes with the same nonblocking flag
293 nonblock_pipe
= a
== FD_IS_NONBLOCKING_PIPE
|| b
== FD_IS_NONBLOCKING_PIPE
;
298 n
= splice(fdf
, NULL
, fdt
, NULL
, m
, nonblock_pipe
? SPLICE_F_NONBLOCK
: 0);
300 if (!IN_SET(errno
, EINVAL
, ENOSYS
))
304 /* use fallback below */
305 } else if (n
== 0) { /* likely EOF */
307 if (copied_something
)
310 try_splice
= false; /* same logic as above for copy_file_range() + sendfile() */
316 /* As a fallback just copy bits by hand */
318 uint8_t buf
[MIN(m
, COPY_BUFFER_SIZE
)], *p
= buf
;
321 n
= read(fdf
, buf
, sizeof buf
);
324 if (n
== 0) /* EOF */
331 k
= write(fdt
, p
, z
);
345 if (ret_remains_size
)
346 *ret_remains_size
= z
;
359 r
= progress(n
, userdata
);
364 if (max_bytes
!= UINT64_MAX
) {
365 assert(max_bytes
>= (uint64_t) n
);
369 /* sendfile accepts at most SSIZE_MAX-offset bytes to copy, so reduce our maximum by the
370 * amount we already copied, but don't go below our copy buffer size, unless we are close the
371 * limit of bytes we are allowed to copy. */
372 m
= MAX(MIN(COPY_BUFFER_SIZE
, max_bytes
), m
- n
);
374 copied_something
= true;
377 return 0; /* return 0 if we hit EOF earlier than the size limit */
380 static int fd_copy_symlink(
383 const struct stat
*st
,
388 CopyFlags copy_flags
) {
390 _cleanup_free_
char *target
= NULL
;
397 r
= readlinkat_malloc(df
, from
, &target
);
401 if (copy_flags
& COPY_MAC_CREATE
) {
402 r
= mac_selinux_create_file_prepare_at(dt
, to
, S_IFLNK
);
406 r
= symlinkat(target
, dt
, to
);
407 if (copy_flags
& COPY_MAC_CREATE
)
408 mac_selinux_create_file_clear();
413 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
414 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
,
415 AT_SYMLINK_NOFOLLOW
) < 0)
418 (void) utimensat(dt
, to
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
}, AT_SYMLINK_NOFOLLOW
);
422 /* Encapsulates the database we store potential hardlink targets in */
423 typedef struct HardlinkContext
{
424 int dir_fd
; /* An fd to the directory we use as lookup table. Never AT_FDCWD. Lazily created, when
425 * we add the first entry. */
427 /* These two fields are used to create the hardlink repository directory above — via
428 * mkdirat(parent_fd, subdir) — and are kept so that we can automatically remove the directory again
429 * when we are done. */
430 int parent_fd
; /* Possibly AT_FDCWD */
434 static int hardlink_context_setup(
438 CopyFlags copy_flags
) {
440 _cleanup_close_
int dt_copy
= -1;
444 assert(c
->dir_fd
< 0 && c
->dir_fd
!= AT_FDCWD
);
445 assert(c
->parent_fd
< 0);
448 /* If hardlink recreation is requested we have to maintain a database of inodes that are potential
449 * hardlink sources. Given that generally disk sizes have to be assumed to be larger than what fits
450 * into physical RAM we cannot maintain that database in dynamic memory alone. Here we opt to
451 * maintain it on disk, to simplify things: inside the destination directory we'll maintain a
452 * temporary directory consisting of hardlinks of every inode we copied that might be subject of
453 * hardlinks. We can then use that as hardlink source later on. Yes, this means additional disk IO
454 * but thankfully Linux is optimized for this kind of thing. If this ever becomes a performance
455 * bottleneck we can certainly place an in-memory hash table in front of this, but for the beginning,
456 * let's keep things simple, and just use the disk as lookup table for inodes.
458 * Note that this should have zero performance impact as long as .n_link of all files copied remains
459 * <= 0, because in that case we will not actually allocate the hardlink inode lookup table directory
460 * on disk (we do so lazily, when the first candidate with .n_link > 1 is seen). This means, in the
461 * common case where hardlinks are not used at all or only for few files the fact that we store the
462 * table on disk shouldn't matter perfomance-wise. */
464 if (!FLAGS_SET(copy_flags
, COPY_HARDLINKS
))
472 dt_copy
= fcntl(dt
, F_DUPFD_CLOEXEC
, 3);
477 r
= tempfn_random_child(to
, "hardlink", &c
->subdir
);
481 c
->parent_fd
= TAKE_FD(dt_copy
);
483 /* We don't actually create the directory we keep the table in here, that's done on-demand when the
484 * first entry is added, using hardlink_context_realize() below. */
488 static int hardlink_context_realize(HardlinkContext
*c
) {
494 if (c
->dir_fd
>= 0) /* Already realized */
497 if (c
->parent_fd
< 0 && c
->parent_fd
!= AT_FDCWD
) /* Not configured */
502 if (mkdirat(c
->parent_fd
, c
->subdir
, 0700) < 0)
505 c
->dir_fd
= openat(c
->parent_fd
, c
->subdir
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
);
508 (void) unlinkat(c
->parent_fd
, c
->subdir
, AT_REMOVEDIR
);
515 static void hardlink_context_destroy(HardlinkContext
*c
) {
520 /* Automatically remove the hardlink lookup table directory again after we are done. This is used via
521 * _cleanup_() so that we really delete this, even on failure. */
523 if (c
->dir_fd
>= 0) {
524 r
= rm_rf_children(TAKE_FD(c
->dir_fd
), REMOVE_PHYSICAL
, NULL
); /* consumes dir_fd in all cases, even on failure */
526 log_debug_errno(r
, "Failed to remove hardlink store (%s) contents, ignoring: %m", c
->subdir
);
528 assert(c
->parent_fd
>= 0 || c
->parent_fd
== AT_FDCWD
);
531 if (unlinkat(c
->parent_fd
, c
->subdir
, AT_REMOVEDIR
) < 0)
532 log_debug_errno(errno
, "Failed to remove hardlink store (%s) directory, ignoring: %m", c
->subdir
);
535 assert_cc(AT_FDCWD
< 0);
536 c
->parent_fd
= safe_close(c
->parent_fd
);
538 c
->subdir
= mfree(c
->subdir
);
541 static int try_hardlink(
543 const struct stat
*st
,
547 char dev_ino
[DECIMAL_STR_MAX(dev_t
)*2 + DECIMAL_STR_MAX(uint64_t) + 4];
550 assert(dt
>= 0 || dt
== AT_FDCWD
);
553 if (!c
) /* No temporary hardlink directory, don't bother */
556 if (st
->st_nlink
<= 1) /* Source not hardlinked, don't bother */
559 if (c
->dir_fd
< 0) /* not yet realized, hence empty */
562 xsprintf(dev_ino
, "%u:%u:%" PRIu64
, major(st
->st_dev
), minor(st
->st_dev
), (uint64_t) st
->st_ino
);
563 if (linkat(c
->dir_fd
, dev_ino
, dt
, to
, 0) < 0) {
564 if (errno
!= ENOENT
) /* doesn't exist in store yet */
565 log_debug_errno(errno
, "Failed to hardlink %s to %s, ignoring: %m", dev_ino
, to
);
572 static int memorize_hardlink(
574 const struct stat
*st
,
578 char dev_ino
[DECIMAL_STR_MAX(dev_t
)*2 + DECIMAL_STR_MAX(uint64_t) + 4];
582 assert(dt
>= 0 || dt
== AT_FDCWD
);
585 if (!c
) /* No temporary hardlink directory, don't bother */
588 if (st
->st_nlink
<= 1) /* Source not hardlinked, don't bother */
591 r
= hardlink_context_realize(c
); /* Create the hardlink store lazily */
595 xsprintf(dev_ino
, "%u:%u:%" PRIu64
, major(st
->st_dev
), minor(st
->st_dev
), (uint64_t) st
->st_ino
);
596 if (linkat(dt
, to
, c
->dir_fd
, dev_ino
, 0) < 0) {
597 log_debug_errno(errno
, "Failed to hardlink %s to %s, ignoring: %m", to
, dev_ino
);
604 static int fd_copy_regular(
607 const struct stat
*st
,
612 CopyFlags copy_flags
,
613 HardlinkContext
*hardlink_context
,
614 copy_progress_bytes_t progress
,
617 _cleanup_close_
int fdf
= -1, fdt
= -1;
624 r
= try_hardlink(hardlink_context
, st
, dt
, to
);
627 if (r
> 0) /* worked! */
630 fdf
= openat(df
, from
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
);
634 if (copy_flags
& COPY_MAC_CREATE
) {
635 r
= mac_selinux_create_file_prepare_at(dt
, to
, S_IFREG
);
639 fdt
= openat(dt
, to
, O_WRONLY
|O_CREAT
|O_EXCL
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
, st
->st_mode
& 07777);
640 if (copy_flags
& COPY_MAC_CREATE
)
641 mac_selinux_create_file_clear();
645 r
= copy_bytes_full(fdf
, fdt
, UINT64_MAX
, copy_flags
, NULL
, NULL
, progress
, userdata
);
647 (void) unlinkat(dt
, to
, 0);
652 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
653 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
) < 0)
656 if (fchmod(fdt
, st
->st_mode
& 07777) < 0)
659 (void) futimens(fdt
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
});
660 (void) copy_xattr(fdf
, fdt
);
667 (void) unlinkat(dt
, to
, 0);
670 (void) memorize_hardlink(hardlink_context
, st
, dt
, to
);
674 static int fd_copy_fifo(
677 const struct stat
*st
,
682 CopyFlags copy_flags
,
683 HardlinkContext
*hardlink_context
) {
690 r
= try_hardlink(hardlink_context
, st
, dt
, to
);
693 if (r
> 0) /* worked! */
696 if (copy_flags
& COPY_MAC_CREATE
) {
697 r
= mac_selinux_create_file_prepare_at(dt
, to
, S_IFIFO
);
701 r
= mkfifoat(dt
, to
, st
->st_mode
& 07777);
702 if (copy_flags
& COPY_MAC_CREATE
)
703 mac_selinux_create_file_clear();
708 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
709 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
,
710 AT_SYMLINK_NOFOLLOW
) < 0)
713 if (fchmodat(dt
, to
, st
->st_mode
& 07777, 0) < 0)
716 (void) utimensat(dt
, to
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
}, AT_SYMLINK_NOFOLLOW
);
718 (void) memorize_hardlink(hardlink_context
, st
, dt
, to
);
722 static int fd_copy_node(
725 const struct stat
*st
,
730 CopyFlags copy_flags
,
731 HardlinkContext
*hardlink_context
) {
738 r
= try_hardlink(hardlink_context
, st
, dt
, to
);
741 if (r
> 0) /* worked! */
744 if (copy_flags
& COPY_MAC_CREATE
) {
745 r
= mac_selinux_create_file_prepare_at(dt
, to
, st
->st_mode
& S_IFMT
);
749 r
= mknodat(dt
, to
, st
->st_mode
, st
->st_rdev
);
750 if (copy_flags
& COPY_MAC_CREATE
)
751 mac_selinux_create_file_clear();
756 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
757 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
,
758 AT_SYMLINK_NOFOLLOW
) < 0)
761 if (fchmodat(dt
, to
, st
->st_mode
& 07777, 0) < 0)
764 (void) utimensat(dt
, to
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
}, AT_SYMLINK_NOFOLLOW
);
766 (void) memorize_hardlink(hardlink_context
, st
, dt
, to
);
770 static int fd_copy_directory(
773 const struct stat
*st
,
776 dev_t original_device
,
780 CopyFlags copy_flags
,
781 HardlinkContext
*hardlink_context
,
782 const char *display_path
,
783 copy_progress_path_t progress_path
,
784 copy_progress_bytes_t progress_bytes
,
787 _cleanup_(hardlink_context_destroy
) HardlinkContext our_hardlink_context
= {
792 _cleanup_close_
int fdf
= -1, fdt
= -1;
793 _cleanup_closedir_
DIR *d
= NULL
;
795 bool exists
, created
;
802 return -ENAMETOOLONG
;
805 fdf
= openat(df
, from
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
);
807 fdf
= fcntl(df
, F_DUPFD_CLOEXEC
, 3);
811 if (!hardlink_context
) {
812 /* If recreating hardlinks is requested let's set up a context for that now. */
813 r
= hardlink_context_setup(&our_hardlink_context
, dt
, to
, copy_flags
);
816 if (r
> 0) /* It's enabled and allocated, let's now use the same context for all recursive
817 * invocations from here down */
818 hardlink_context
= &our_hardlink_context
;
821 d
= take_fdopendir(&fdf
);
826 if (copy_flags
& COPY_MERGE_EMPTY
) {
827 r
= dir_is_empty_at(dt
, to
);
828 if (r
< 0 && r
!= -ENOENT
)
837 if (copy_flags
& COPY_MAC_CREATE
)
838 r
= mkdirat_label(dt
, to
, st
->st_mode
& 07777);
840 r
= mkdirat(dt
, to
, st
->st_mode
& 07777);
843 else if (errno
== EEXIST
&& (copy_flags
& COPY_MERGE
))
849 fdt
= openat(dt
, to
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
);
855 FOREACH_DIRENT_ALL(de
, d
, return -errno
) {
856 const char *child_display_path
= NULL
;
857 _cleanup_free_
char *dp
= NULL
;
861 if (dot_or_dot_dot(de
->d_name
))
864 if (FLAGS_SET(copy_flags
, COPY_SIGINT
)) {
865 r
= sigint_pending();
872 if (fstatat(dirfd(d
), de
->d_name
, &buf
, AT_SYMLINK_NOFOLLOW
) < 0) {
879 child_display_path
= dp
= path_join(display_path
, de
->d_name
);
881 child_display_path
= de
->d_name
;
883 r
= progress_path(child_display_path
, &buf
, userdata
);
888 if (S_ISDIR(buf
.st_mode
)) {
890 * Don't descend into directories on other file systems, if this is requested. We do a simple
891 * .st_dev check here, which basically comes for free. Note that we do this check only on
892 * directories, not other kind of file system objects, for two reason:
894 * • The kernel's overlayfs pseudo file system that overlays multiple real file systems
895 * propagates the .st_dev field of the file system a file originates from all the way up
896 * through the stack to stat(). It doesn't do that for directories however. This means that
897 * comparing .st_dev on non-directories suggests that they all are mount points. To avoid
898 * confusion we hence avoid relying on this check for regular files.
900 * • The main reason we do this check at all is to protect ourselves from bind mount cycles,
901 * where we really want to avoid descending down in all eternity. However the .st_dev check
902 * is usually not sufficient for this protection anyway, as bind mount cycles from the same
903 * file system onto itself can't be detected that way. (Note we also do a recursion depth
904 * check, which is probably the better protection in this regard, which is why
905 * COPY_SAME_MOUNT is optional).
908 if (FLAGS_SET(copy_flags
, COPY_SAME_MOUNT
)) {
909 if (buf
.st_dev
!= original_device
)
912 r
= fd_is_mount_point(dirfd(d
), de
->d_name
, 0);
919 q
= fd_copy_directory(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, original_device
, depth_left
-1, override_uid
, override_gid
, copy_flags
, hardlink_context
, child_display_path
, progress_path
, progress_bytes
, userdata
);
920 } else if (S_ISREG(buf
.st_mode
))
921 q
= fd_copy_regular(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
, hardlink_context
, progress_bytes
, userdata
);
922 else if (S_ISLNK(buf
.st_mode
))
923 q
= fd_copy_symlink(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
);
924 else if (S_ISFIFO(buf
.st_mode
))
925 q
= fd_copy_fifo(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
, hardlink_context
);
926 else if (S_ISBLK(buf
.st_mode
) || S_ISCHR(buf
.st_mode
) || S_ISSOCK(buf
.st_mode
))
927 q
= fd_copy_node(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
, hardlink_context
);
931 if (q
== -EINTR
) /* Propagate SIGINT up instantly */
933 if (q
== -EEXIST
&& (copy_flags
& COPY_MERGE
))
941 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
942 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
) < 0)
945 if (fchmod(fdt
, st
->st_mode
& 07777) < 0)
948 (void) copy_xattr(dirfd(d
), fdt
);
949 (void) futimens(fdt
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
});
955 int copy_tree_at_full(
962 CopyFlags copy_flags
,
963 copy_progress_path_t progress_path
,
964 copy_progress_bytes_t progress_bytes
,
972 if (fstatat(fdf
, from
, &st
, AT_SYMLINK_NOFOLLOW
) < 0)
975 if (S_ISREG(st
.st_mode
))
976 return fd_copy_regular(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
, NULL
, progress_bytes
, userdata
);
977 else if (S_ISDIR(st
.st_mode
))
978 return fd_copy_directory(fdf
, from
, &st
, fdt
, to
, st
.st_dev
, COPY_DEPTH_MAX
, override_uid
, override_gid
, copy_flags
, NULL
, NULL
, progress_path
, progress_bytes
, userdata
);
979 else if (S_ISLNK(st
.st_mode
))
980 return fd_copy_symlink(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
);
981 else if (S_ISFIFO(st
.st_mode
))
982 return fd_copy_fifo(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
, NULL
);
983 else if (S_ISBLK(st
.st_mode
) || S_ISCHR(st
.st_mode
) || S_ISSOCK(st
.st_mode
))
984 return fd_copy_node(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
, NULL
);
989 int copy_directory_fd_full(
992 CopyFlags copy_flags
,
993 copy_progress_path_t progress_path
,
994 copy_progress_bytes_t progress_bytes
,
1003 if (fstat(dirfd
, &st
) < 0)
1006 r
= stat_verify_directory(&st
);
1010 return fd_copy_directory(dirfd
, NULL
, &st
, AT_FDCWD
, to
, st
.st_dev
, COPY_DEPTH_MAX
, UID_INVALID
, GID_INVALID
, copy_flags
, NULL
, NULL
, progress_path
, progress_bytes
, userdata
);
1013 int copy_directory_full(
1016 CopyFlags copy_flags
,
1017 copy_progress_path_t progress_path
,
1018 copy_progress_bytes_t progress_bytes
,
1027 if (lstat(from
, &st
) < 0)
1030 r
= stat_verify_directory(&st
);
1034 return fd_copy_directory(AT_FDCWD
, from
, &st
, AT_FDCWD
, to
, st
.st_dev
, COPY_DEPTH_MAX
, UID_INVALID
, GID_INVALID
, copy_flags
, NULL
, NULL
, progress_path
, progress_bytes
, userdata
);
1037 int copy_file_fd_full(
1040 CopyFlags copy_flags
,
1041 copy_progress_bytes_t progress_bytes
,
1044 _cleanup_close_
int fdf
= -1;
1050 fdf
= open(from
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1054 r
= copy_bytes_full(fdf
, fdt
, UINT64_MAX
, copy_flags
, NULL
, NULL
, progress_bytes
, userdata
);
1056 (void) copy_times(fdf
, fdt
, copy_flags
);
1057 (void) copy_xattr(fdf
, fdt
);
1067 unsigned chattr_flags
,
1068 unsigned chattr_mask
,
1069 CopyFlags copy_flags
,
1070 copy_progress_bytes_t progress_bytes
,
1073 _cleanup_close_
int fdf
= -1;
1080 fdf
= open(from
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1084 if (mode
== MODE_INVALID
)
1085 if (fstat(fdf
, &st
) < 0)
1088 RUN_WITH_UMASK(0000) {
1089 if (copy_flags
& COPY_MAC_CREATE
) {
1090 r
= mac_selinux_create_file_prepare(to
, S_IFREG
);
1094 fdt
= open(to
, flags
|O_WRONLY
|O_CREAT
|O_CLOEXEC
|O_NOCTTY
,
1095 mode
!= MODE_INVALID
? mode
: st
.st_mode
);
1096 if (copy_flags
& COPY_MAC_CREATE
)
1097 mac_selinux_create_file_clear();
1102 if (chattr_mask
!= 0)
1103 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& CHATTR_EARLY_FL
, NULL
);
1105 r
= copy_bytes_full(fdf
, fdt
, UINT64_MAX
, copy_flags
, NULL
, NULL
, progress_bytes
, userdata
);
1112 (void) copy_times(fdf
, fdt
, copy_flags
);
1113 (void) copy_xattr(fdf
, fdt
);
1115 if (chattr_mask
!= 0)
1116 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& ~CHATTR_EARLY_FL
, NULL
);
1118 if (close(fdt
) < 0) {
1126 int copy_file_atomic_full(
1130 unsigned chattr_flags
,
1131 unsigned chattr_mask
,
1132 CopyFlags copy_flags
,
1133 copy_progress_bytes_t progress_bytes
,
1136 _cleanup_(unlink_and_freep
) char *t
= NULL
;
1137 _cleanup_close_
int fdt
= -1;
1143 /* We try to use O_TMPFILE here to create the file if we can. Note that this only works if COPY_REPLACE is not
1144 * set though as we need to use linkat() for linking the O_TMPFILE file into the file system but that system
1145 * call can't replace existing files. Hence, if COPY_REPLACE is set we create a temporary name in the file
1146 * system right-away and unconditionally which we then can renameat() to the right name after we completed
1149 if (copy_flags
& COPY_REPLACE
) {
1150 r
= tempfn_random(to
, NULL
, &t
);
1154 if (copy_flags
& COPY_MAC_CREATE
) {
1155 r
= mac_selinux_create_file_prepare(to
, S_IFREG
);
1161 fdt
= open(t
, O_CREAT
|O_EXCL
|O_NOFOLLOW
|O_NOCTTY
|O_WRONLY
|O_CLOEXEC
, 0600);
1162 if (copy_flags
& COPY_MAC_CREATE
)
1163 mac_selinux_create_file_clear();
1169 if (copy_flags
& COPY_MAC_CREATE
) {
1170 r
= mac_selinux_create_file_prepare(to
, S_IFREG
);
1174 fdt
= open_tmpfile_linkable(to
, O_WRONLY
|O_CLOEXEC
, &t
);
1175 if (copy_flags
& COPY_MAC_CREATE
)
1176 mac_selinux_create_file_clear();
1181 if (chattr_mask
!= 0)
1182 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& CHATTR_EARLY_FL
, NULL
);
1184 r
= copy_file_fd_full(from
, fdt
, copy_flags
, progress_bytes
, userdata
);
1188 if (fchmod(fdt
, mode
) < 0)
1191 if (copy_flags
& COPY_REPLACE
) {
1192 if (renameat(AT_FDCWD
, t
, AT_FDCWD
, to
) < 0)
1195 r
= link_tmpfile(fdt
, t
, to
);
1200 if (chattr_mask
!= 0)
1201 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& ~CHATTR_EARLY_FL
, NULL
);
1207 int copy_times(int fdf
, int fdt
, CopyFlags flags
) {
1213 if (fstat(fdf
, &st
) < 0)
1216 if (futimens(fdt
, (struct timespec
[2]) { st
.st_atim
, st
.st_mtim
}) < 0)
1219 if (FLAGS_SET(flags
, COPY_CRTIME
)) {
1222 if (fd_getcrtime(fdf
, &crtime
) >= 0)
1223 (void) fd_setcrtime(fdt
, crtime
);
1229 int copy_access(int fdf
, int fdt
) {
1235 if (fstat(fdf
, &st
) < 0)
1238 if (fchmod(fdt
, st
.st_mode
& 07777) < 0)
1244 int copy_xattr(int fdf
, int fdt
) {
1245 _cleanup_free_
char *names
= NULL
;
1249 r
= flistxattr_malloc(fdf
, &names
);
1253 NULSTR_FOREACH(p
, names
) {
1254 _cleanup_free_
char *value
= NULL
;
1256 if (!startswith(p
, "user."))
1259 r
= fgetxattr_malloc(fdf
, p
, &value
);
1261 continue; /* gone by now */
1265 if (fsetxattr(fdt
, p
, value
, r
, 0) < 0)