1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
7 /* When we include libgen.h because we need dirname() we immediately
8 * undefine basename() since libgen.h defines it as a macro to the POSIX
9 * version which is really broken. We prefer GNU basename(). */
13 #include "alloc-util.h"
14 #include "bus-common-errors.h"
15 #include "bus-get-properties.h"
16 #include "bus-internal.h"
17 #include "bus-label.h"
18 #include "bus-locator.h"
19 #include "bus-polkit.h"
25 #include "format-util.h"
27 #include "in-addr-util.h"
29 #include "local-addresses.h"
30 #include "machine-dbus.h"
32 #include "missing_capability.h"
34 #include "mount-util.h"
35 #include "mountpoint-util.h"
36 #include "namespace-util.h"
38 #include "path-util.h"
39 #include "process-util.h"
40 #include "signal-util.h"
42 #include "terminal-util.h"
43 #include "tmpfile-util.h"
44 #include "user-util.h"
46 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_class
, machine_class
, MachineClass
);
47 static BUS_DEFINE_PROPERTY_GET2(property_get_state
, "s", Machine
, machine_get_state
, machine_state_to_string
);
49 static int property_get_netif(
52 const char *interface
,
54 sd_bus_message
*reply
,
56 sd_bus_error
*error
) {
58 Machine
*m
= userdata
;
64 assert_cc(sizeof(int) == sizeof(int32_t));
66 return sd_bus_message_append_array(reply
, 'i', m
->netif
, m
->n_netif
* sizeof(int));
69 int bus_machine_method_unregister(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
70 Machine
*m
= userdata
;
76 const char *details
[] = {
82 r
= bus_verify_polkit_async(
85 "org.freedesktop.machine1.manage-machines",
89 &m
->manager
->polkit_registry
,
94 return 1; /* Will call us back */
96 r
= machine_finalize(m
);
100 return sd_bus_reply_method_return(message
, NULL
);
103 int bus_machine_method_terminate(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
104 Machine
*m
= userdata
;
110 const char *details
[] = {
116 r
= bus_verify_polkit_async(
119 "org.freedesktop.machine1.manage-machines",
123 &m
->manager
->polkit_registry
,
128 return 1; /* Will call us back */
134 return sd_bus_reply_method_return(message
, NULL
);
137 int bus_machine_method_kill(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
138 Machine
*m
= userdata
;
147 r
= sd_bus_message_read(message
, "si", &swho
, &signo
);
154 who
= kill_who_from_string(swho
);
156 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid kill parameter '%s'", swho
);
159 if (!SIGNAL_VALID(signo
))
160 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid signal %i", signo
);
162 const char *details
[] = {
168 r
= bus_verify_polkit_async(
171 "org.freedesktop.machine1.manage-machines",
175 &m
->manager
->polkit_registry
,
180 return 1; /* Will call us back */
182 r
= machine_kill(m
, who
, signo
);
186 return sd_bus_reply_method_return(message
, NULL
);
189 int bus_machine_method_get_addresses(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
190 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
191 Machine
*m
= userdata
;
197 r
= sd_bus_message_new_method_return(message
, &reply
);
201 r
= sd_bus_message_open_container(reply
, 'a', "(iay)");
208 _cleanup_free_
struct local_address
*addresses
= NULL
;
209 struct local_address
*a
;
212 n
= local_addresses(NULL
, 0, AF_UNSPEC
, &addresses
);
216 for (a
= addresses
, i
= 0; i
< n
; a
++, i
++) {
218 r
= sd_bus_message_open_container(reply
, 'r', "iay");
222 r
= sd_bus_message_append(reply
, "i", addresses
[i
].family
);
226 r
= sd_bus_message_append_array(reply
, 'y', &addresses
[i
].address
, FAMILY_ADDRESS_SIZE(addresses
[i
].family
));
230 r
= sd_bus_message_close_container(reply
);
238 case MACHINE_CONTAINER
: {
239 _cleanup_close_pair_
int pair
[2] = { -1, -1 };
240 _cleanup_free_
char *us
= NULL
, *them
= NULL
;
241 _cleanup_close_
int netns_fd
= -1;
245 r
= readlink_malloc("/proc/self/ns/net", &us
);
249 p
= procfs_file_alloca(m
->leader
, "ns/net");
250 r
= readlink_malloc(p
, &them
);
255 return sd_bus_error_setf(error
, BUS_ERROR_NO_PRIVATE_NETWORKING
, "Machine %s does not use private networking", m
->name
);
257 r
= namespace_open(m
->leader
, NULL
, NULL
, &netns_fd
, NULL
, NULL
);
261 if (socketpair(AF_UNIX
, SOCK_SEQPACKET
, 0, pair
) < 0)
264 r
= namespace_fork("(sd-addrns)", "(sd-addr)", NULL
, 0, FORK_RESET_SIGNALS
|FORK_DEATHSIG
,
265 -1, -1, netns_fd
, -1, -1, &child
);
267 return sd_bus_error_set_errnof(error
, r
, "Failed to fork(): %m");
269 _cleanup_free_
struct local_address
*addresses
= NULL
;
270 struct local_address
*a
;
273 pair
[0] = safe_close(pair
[0]);
275 n
= local_addresses(NULL
, 0, AF_UNSPEC
, &addresses
);
279 for (a
= addresses
, i
= 0; i
< n
; a
++, i
++) {
280 struct iovec iov
[2] = {
281 { .iov_base
= &a
->family
, .iov_len
= sizeof(a
->family
) },
282 { .iov_base
= &a
->address
, .iov_len
= FAMILY_ADDRESS_SIZE(a
->family
) },
285 r
= writev(pair
[1], iov
, 2);
290 pair
[1] = safe_close(pair
[1]);
295 pair
[1] = safe_close(pair
[1]);
300 union in_addr_union in_addr
;
307 iov
[0] = IOVEC_MAKE(&family
, sizeof(family
));
308 iov
[1] = IOVEC_MAKE(&in_addr
, sizeof(in_addr
));
310 n
= recvmsg(pair
[0], &mh
, 0);
313 if ((size_t) n
< sizeof(family
))
316 r
= sd_bus_message_open_container(reply
, 'r', "iay");
320 r
= sd_bus_message_append(reply
, "i", family
);
327 if (n
!= sizeof(struct in_addr
) + sizeof(family
))
330 r
= sd_bus_message_append_array(reply
, 'y', &in_addr
.in
, sizeof(in_addr
.in
));
334 if (n
!= sizeof(struct in6_addr
) + sizeof(family
))
337 r
= sd_bus_message_append_array(reply
, 'y', &in_addr
.in6
, sizeof(in_addr
.in6
));
343 r
= sd_bus_message_close_container(reply
);
348 r
= wait_for_terminate_and_check("(sd-addrns)", child
, 0);
350 return sd_bus_error_set_errnof(error
, r
, "Failed to wait for child: %m");
351 if (r
!= EXIT_SUCCESS
)
352 return sd_bus_error_set(error
, SD_BUS_ERROR_FAILED
, "Child died abnormally.");
357 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Requesting IP address data is only supported on container machines.");
360 r
= sd_bus_message_close_container(reply
);
364 return sd_bus_send(NULL
, reply
, NULL
);
367 #define EXIT_NOT_FOUND 2
369 int bus_machine_method_get_os_release(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
370 _cleanup_strv_free_
char **l
= NULL
;
371 Machine
*m
= userdata
;
380 r
= load_os_release_pairs(NULL
, &l
);
386 case MACHINE_CONTAINER
: {
387 _cleanup_close_
int mntns_fd
= -1, root_fd
= -1, pidns_fd
= -1;
388 _cleanup_close_pair_
int pair
[2] = { -1, -1 };
389 _cleanup_fclose_
FILE *f
= NULL
;
392 r
= namespace_open(m
->leader
, &pidns_fd
, &mntns_fd
, NULL
, NULL
, &root_fd
);
396 if (socketpair(AF_UNIX
, SOCK_SEQPACKET
, 0, pair
) < 0)
399 r
= namespace_fork("(sd-osrelns)", "(sd-osrel)", NULL
, 0, FORK_RESET_SIGNALS
|FORK_DEATHSIG
,
400 pidns_fd
, mntns_fd
, -1, -1, root_fd
,
403 return sd_bus_error_set_errnof(error
, r
, "Failed to fork(): %m");
407 pair
[0] = safe_close(pair
[0]);
409 r
= open_os_release(NULL
, NULL
, &fd
);
411 _exit(EXIT_NOT_FOUND
);
415 r
= copy_bytes(fd
, pair
[1], UINT64_MAX
, 0);
422 pair
[1] = safe_close(pair
[1]);
424 f
= take_fdopen(&pair
[0], "r");
428 r
= load_env_file_pairs(f
, "/etc/os-release", &l
);
432 r
= wait_for_terminate_and_check("(sd-osrelns)", child
, 0);
434 return sd_bus_error_set_errnof(error
, r
, "Failed to wait for child: %m");
435 if (r
== EXIT_NOT_FOUND
)
436 return sd_bus_error_set(error
, SD_BUS_ERROR_FAILED
, "Machine does not contain OS release information");
437 if (r
!= EXIT_SUCCESS
)
438 return sd_bus_error_set(error
, SD_BUS_ERROR_FAILED
, "Child died abnormally.");
444 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Requesting OS release data is only supported on container machines.");
447 return bus_reply_pair_array(message
, l
);
450 int bus_machine_method_open_pty(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
451 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
452 _cleanup_free_
char *pty_name
= NULL
;
453 _cleanup_close_
int master
= -1;
454 Machine
*m
= userdata
;
460 const char *details
[] = {
465 r
= bus_verify_polkit_async(
468 m
->class == MACHINE_HOST
? "org.freedesktop.machine1.host-open-pty" : "org.freedesktop.machine1.open-pty",
472 &m
->manager
->polkit_registry
,
477 return 1; /* Will call us back */
479 master
= machine_openpt(m
, O_RDWR
|O_NOCTTY
|O_CLOEXEC
, &pty_name
);
483 r
= sd_bus_message_new_method_return(message
, &reply
);
487 r
= sd_bus_message_append(reply
, "hs", master
, pty_name
);
491 return sd_bus_send(NULL
, reply
, NULL
);
494 static int container_bus_new(Machine
*m
, sd_bus_error
*error
, sd_bus
**ret
) {
506 case MACHINE_CONTAINER
: {
507 _cleanup_(sd_bus_close_unrefp
) sd_bus
*bus
= NULL
;
510 r
= sd_bus_new(&bus
);
514 if (asprintf(&address
, "x-machine-unix:pid=%" PID_PRI
, m
->leader
) < 0)
517 bus
->address
= address
;
518 bus
->bus_client
= true;
519 bus
->trusted
= false;
520 bus
->is_system
= true;
522 r
= sd_bus_start(bus
);
524 return sd_bus_error_set_errnof(error
, r
, "There is no system bus in container %s.", m
->name
);
528 *ret
= TAKE_PTR(bus
);
539 int bus_machine_method_open_login(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
540 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
541 _cleanup_free_
char *pty_name
= NULL
;
542 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*allocated_bus
= NULL
;
543 _cleanup_close_
int master
= -1;
544 sd_bus
*container_bus
= NULL
;
545 Machine
*m
= userdata
;
546 const char *p
, *getty
;
552 const char *details
[] = {
558 r
= bus_verify_polkit_async(
561 m
->class == MACHINE_HOST
? "org.freedesktop.machine1.host-login" : "org.freedesktop.machine1.login",
565 &m
->manager
->polkit_registry
,
570 return 1; /* Will call us back */
572 master
= machine_openpt(m
, O_RDWR
|O_NOCTTY
|O_CLOEXEC
, &pty_name
);
576 p
= path_startswith(pty_name
, "/dev/pts/");
579 r
= container_bus_new(m
, error
, &allocated_bus
);
583 container_bus
= allocated_bus
?: m
->manager
->bus
;
585 getty
= strjoina("container-getty@", p
, ".service");
587 r
= bus_call_method(container_bus
, bus_systemd_mgr
, "StartUnit", error
, NULL
, "ss", getty
, "replace");
591 r
= sd_bus_message_new_method_return(message
, &reply
);
595 r
= sd_bus_message_append(reply
, "hs", master
, pty_name
);
599 return sd_bus_send(NULL
, reply
, NULL
);
602 int bus_machine_method_open_shell(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
603 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
, *tm
= NULL
;
604 _cleanup_free_
char *pty_name
= NULL
;
605 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*allocated_bus
= NULL
;
606 sd_bus
*container_bus
= NULL
;
607 _cleanup_close_
int master
= -1, slave
= -1;
608 _cleanup_strv_free_
char **env
= NULL
, **args_wire
= NULL
, **args
= NULL
;
609 Machine
*m
= userdata
;
610 const char *p
, *unit
, *user
, *path
, *description
, *utmp_id
;
616 r
= sd_bus_message_read(message
, "ss", &user
, &path
);
619 user
= isempty(user
) ? "root" : user
;
620 r
= sd_bus_message_read_strv(message
, &args_wire
);
626 args
= new0(char*, 3 + 1);
629 args
[0] = strdup("sh");
632 args
[1] = strdup("-c");
635 r
= asprintf(&args
[2],
636 "shell=$(getent passwd %s 2>/dev/null | { IFS=: read _ _ _ _ _ _ x; echo \"$x\"; })\n"\
637 "exec \"${shell:-/bin/sh}\" -l", /* -l is means --login */
644 if (!path_is_absolute(path
))
645 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Specified path '%s' is not absolute", path
);
646 args
= TAKE_PTR(args_wire
);
647 if (strv_isempty(args
)) {
648 args
= strv_free(args
);
650 args
= strv_new(path
);
656 r
= sd_bus_message_read_strv(message
, &env
);
659 if (!strv_env_is_valid(env
))
660 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid environment assignments");
662 const char *details
[] = {
669 r
= bus_verify_polkit_async(
672 m
->class == MACHINE_HOST
? "org.freedesktop.machine1.host-shell" : "org.freedesktop.machine1.shell",
676 &m
->manager
->polkit_registry
,
681 return 1; /* Will call us back */
683 master
= machine_openpt(m
, O_RDWR
|O_NOCTTY
|O_CLOEXEC
, &pty_name
);
687 p
= path_startswith(pty_name
, "/dev/pts/");
690 slave
= machine_open_terminal(m
, pty_name
, O_RDWR
|O_NOCTTY
|O_CLOEXEC
);
694 utmp_id
= path_startswith(pty_name
, "/dev/");
697 r
= container_bus_new(m
, error
, &allocated_bus
);
701 container_bus
= allocated_bus
?: m
->manager
->bus
;
703 r
= bus_message_new_method_call(container_bus
, &tm
, bus_systemd_mgr
, "StartTransientUnit");
708 unit
= strjoina("container-shell@", p
, ".service");
709 r
= sd_bus_message_append(tm
, "ss", unit
, "fail");
714 r
= sd_bus_message_open_container(tm
, 'a', "(sv)");
718 description
= strjoina("Shell for User ", user
);
719 r
= sd_bus_message_append(tm
,
720 "(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)",
721 "Description", "s", description
,
722 "StandardInputFileDescriptor", "h", slave
,
723 "StandardOutputFileDescriptor", "h", slave
,
724 "StandardErrorFileDescriptor", "h", slave
,
725 "SendSIGHUP", "b", true,
726 "IgnoreSIGPIPE", "b", false,
727 "KillMode", "s", "mixed",
728 "TTYPath", "s", pty_name
,
729 "TTYReset", "b", true,
730 "UtmpIdentifier", "s", utmp_id
,
731 "UtmpMode", "s", "user",
732 "PAMName", "s", "login",
733 "WorkingDirectory", "s", "-~");
737 r
= sd_bus_message_append(tm
, "(sv)", "User", "s", user
);
741 if (!strv_isempty(env
)) {
742 r
= sd_bus_message_open_container(tm
, 'r', "sv");
746 r
= sd_bus_message_append(tm
, "s", "Environment");
750 r
= sd_bus_message_open_container(tm
, 'v', "as");
754 r
= sd_bus_message_append_strv(tm
, env
);
758 r
= sd_bus_message_close_container(tm
);
762 r
= sd_bus_message_close_container(tm
);
768 r
= sd_bus_message_open_container(tm
, 'r', "sv");
772 r
= sd_bus_message_append(tm
, "s", "ExecStart");
776 r
= sd_bus_message_open_container(tm
, 'v', "a(sasb)");
780 r
= sd_bus_message_open_container(tm
, 'a', "(sasb)");
784 r
= sd_bus_message_open_container(tm
, 'r', "sasb");
788 r
= sd_bus_message_append(tm
, "s", path
);
792 r
= sd_bus_message_append_strv(tm
, args
);
796 r
= sd_bus_message_append(tm
, "b", true);
800 r
= sd_bus_message_close_container(tm
);
804 r
= sd_bus_message_close_container(tm
);
808 r
= sd_bus_message_close_container(tm
);
812 r
= sd_bus_message_close_container(tm
);
816 r
= sd_bus_message_close_container(tm
);
820 /* Auxiliary units */
821 r
= sd_bus_message_append(tm
, "a(sa(sv))", 0);
825 r
= sd_bus_call(container_bus
, tm
, 0, error
, NULL
);
829 slave
= safe_close(slave
);
831 r
= sd_bus_message_new_method_return(message
, &reply
);
835 r
= sd_bus_message_append(reply
, "hs", master
, pty_name
);
839 return sd_bus_send(NULL
, reply
, NULL
);
842 int bus_machine_method_bind_mount(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
843 int read_only
, make_file_or_directory
;
844 const char *dest
, *src
, *propagate_directory
;
845 Machine
*m
= userdata
;
852 if (m
->class != MACHINE_CONTAINER
)
853 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Bind mounting is only supported on container machines.");
855 r
= sd_bus_message_read(message
, "ssbb", &src
, &dest
, &read_only
, &make_file_or_directory
);
859 if (!path_is_absolute(src
) || !path_is_normalized(src
))
860 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path must be absolute and normalized.");
864 else if (!path_is_absolute(dest
) || !path_is_normalized(dest
))
865 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path must be absolute and normalized.");
867 const char *details
[] = {
875 r
= bus_verify_polkit_async(
878 "org.freedesktop.machine1.manage-machines",
882 &m
->manager
->polkit_registry
,
887 return 1; /* Will call us back */
889 r
= machine_get_uid_shift(m
, &uid
);
893 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Can't bind mount on container with user namespacing applied.");
895 propagate_directory
= strjoina("/run/systemd/nspawn/propagate/", m
->name
);
896 r
= bind_mount_in_namespace(m
->leader
,
898 "/run/host/incoming/",
899 src
, dest
, read_only
, make_file_or_directory
);
901 return sd_bus_error_set_errnof(error
, r
, "Failed to mount %s on %s in machine's namespace: %m", src
, dest
);
903 return sd_bus_reply_method_return(message
, NULL
);
906 int bus_machine_method_copy(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
907 const char *src
, *dest
, *host_path
, *container_path
, *host_basename
, *container_basename
, *container_dirname
;
908 _cleanup_close_pair_
int errno_pipe_fd
[2] = { -1, -1 };
909 CopyFlags copy_flags
= COPY_REFLINK
|COPY_MERGE
|COPY_HARDLINKS
;
910 _cleanup_close_
int hostfd
= -1;
911 Machine
*m
= userdata
;
921 if (m
->manager
->n_operations
>= OPERATIONS_MAX
)
922 return sd_bus_error_set(error
, SD_BUS_ERROR_LIMITS_EXCEEDED
, "Too many ongoing copies.");
924 if (m
->class != MACHINE_CONTAINER
)
925 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Copying files is only supported on container machines.");
927 r
= sd_bus_message_read(message
, "ss", &src
, &dest
);
931 if (!path_is_absolute(src
))
932 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path must be absolute.");
936 else if (!path_is_absolute(dest
))
937 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path must be absolute.");
939 const char *details
[] = {
947 r
= bus_verify_polkit_async(
950 "org.freedesktop.machine1.manage-machines",
954 &m
->manager
->polkit_registry
,
959 return 1; /* Will call us back */
961 r
= machine_get_uid_shift(m
, &uid_shift
);
965 copy_from
= strstr(sd_bus_message_get_member(message
), "CopyFrom");
968 container_path
= src
;
972 container_path
= dest
;
975 host_basename
= basename(host_path
);
977 container_basename
= basename(container_path
);
978 t
= strdupa_safe(container_path
);
979 container_dirname
= dirname(t
);
981 hostfd
= open_parent(host_path
, O_CLOEXEC
, 0);
983 return sd_bus_error_set_errnof(error
, hostfd
, "Failed to open host directory %s: %m", host_path
);
985 if (pipe2(errno_pipe_fd
, O_CLOEXEC
|O_NONBLOCK
) < 0)
986 return sd_bus_error_set_errnof(error
, errno
, "Failed to create pipe: %m");
988 r
= safe_fork("(sd-copy)", FORK_RESET_SIGNALS
, &child
);
990 return sd_bus_error_set_errnof(error
, r
, "Failed to fork(): %m");
996 errno_pipe_fd
[0] = safe_close(errno_pipe_fd
[0]);
998 q
= procfs_file_alloca(m
->leader
, "ns/mnt");
999 mntfd
= open(q
, O_RDONLY
|O_NOCTTY
|O_CLOEXEC
);
1001 r
= log_error_errno(errno
, "Failed to open mount namespace of leader: %m");
1005 if (setns(mntfd
, CLONE_NEWNS
) < 0) {
1006 r
= log_error_errno(errno
, "Failed to join namespace of leader: %m");
1010 containerfd
= open(container_dirname
, O_CLOEXEC
|O_RDONLY
|O_NOCTTY
|O_DIRECTORY
);
1011 if (containerfd
< 0) {
1012 r
= log_error_errno(errno
, "Failed to open destination directory: %m");
1016 /* Run the actual copy operation. Note that when an UID shift is set we'll either clamp the UID/GID to
1017 * 0 or to the actual UID shift depending on the direction we copy. If no UID shift is set we'll copy
1018 * the UID/GIDs as they are. */
1020 r
= copy_tree_at(containerfd
, container_basename
, hostfd
, host_basename
, uid_shift
== 0 ? UID_INVALID
: 0, uid_shift
== 0 ? GID_INVALID
: 0, copy_flags
);
1022 r
= copy_tree_at(hostfd
, host_basename
, containerfd
, container_basename
, uid_shift
== 0 ? UID_INVALID
: uid_shift
, uid_shift
== 0 ? GID_INVALID
: uid_shift
, copy_flags
);
1024 hostfd
= safe_close(hostfd
);
1025 containerfd
= safe_close(containerfd
);
1028 r
= log_error_errno(r
, "Failed to copy tree: %m");
1032 _exit(EXIT_SUCCESS
);
1035 (void) write(errno_pipe_fd
[1], &r
, sizeof(r
));
1036 _exit(EXIT_FAILURE
);
1039 errno_pipe_fd
[1] = safe_close(errno_pipe_fd
[1]);
1041 /* Copying might take a while, hence install a watch on the child, and return */
1043 r
= operation_new(m
->manager
, m
, child
, message
, errno_pipe_fd
[0], NULL
);
1045 (void) sigkill_wait(child
);
1048 errno_pipe_fd
[0] = -1;
1053 int bus_machine_method_open_root_directory(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
1054 _cleanup_close_
int fd
= -1;
1055 Machine
*m
= userdata
;
1061 const char *details
[] = {
1063 "verb", "open_root_directory",
1067 r
= bus_verify_polkit_async(
1070 "org.freedesktop.machine1.manage-machines",
1074 &m
->manager
->polkit_registry
,
1079 return 1; /* Will call us back */
1084 fd
= open("/", O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
);
1090 case MACHINE_CONTAINER
: {
1091 _cleanup_close_
int mntns_fd
= -1, root_fd
= -1;
1092 _cleanup_close_pair_
int pair
[2] = { -1, -1 };
1095 r
= namespace_open(m
->leader
, NULL
, &mntns_fd
, NULL
, NULL
, &root_fd
);
1099 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, pair
) < 0)
1102 r
= namespace_fork("(sd-openrootns)", "(sd-openroot)", NULL
, 0, FORK_RESET_SIGNALS
|FORK_DEATHSIG
,
1103 -1, mntns_fd
, -1, -1, root_fd
, &child
);
1105 return sd_bus_error_set_errnof(error
, r
, "Failed to fork(): %m");
1107 _cleanup_close_
int dfd
= -1;
1109 pair
[0] = safe_close(pair
[0]);
1111 dfd
= open("/", O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
);
1113 _exit(EXIT_FAILURE
);
1115 r
= send_one_fd(pair
[1], dfd
, 0);
1116 dfd
= safe_close(dfd
);
1118 _exit(EXIT_FAILURE
);
1120 _exit(EXIT_SUCCESS
);
1123 pair
[1] = safe_close(pair
[1]);
1125 r
= wait_for_terminate_and_check("(sd-openrootns)", child
, 0);
1127 return sd_bus_error_set_errnof(error
, r
, "Failed to wait for child: %m");
1128 if (r
!= EXIT_SUCCESS
)
1129 return sd_bus_error_set(error
, SD_BUS_ERROR_FAILED
, "Child died abnormally.");
1131 fd
= receive_one_fd(pair
[0], MSG_DONTWAIT
);
1139 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Opening the root directory is only supported on container machines.");
1142 return sd_bus_reply_method_return(message
, "h", fd
);
1145 int bus_machine_method_get_uid_shift(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
1146 Machine
*m
= userdata
;
1153 /* You wonder why this is a method and not a property? Well, properties are not supposed to return errors, but
1154 * we kinda have to for this. */
1156 if (m
->class == MACHINE_HOST
)
1157 return sd_bus_reply_method_return(message
, "u", UINT32_C(0));
1159 if (m
->class != MACHINE_CONTAINER
)
1160 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "UID/GID shift may only be determined for container machines.");
1162 r
= machine_get_uid_shift(m
, &shift
);
1164 return sd_bus_error_setf(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Machine %s uses a complex UID/GID mapping, cannot determine shift", m
->name
);
1168 return sd_bus_reply_method_return(message
, "u", (uint32_t) shift
);
1171 static int machine_object_find(sd_bus
*bus
, const char *path
, const char *interface
, void *userdata
, void **found
, sd_bus_error
*error
) {
1172 Manager
*m
= userdata
;
1182 if (streq(path
, "/org/freedesktop/machine1/machine/self")) {
1183 _cleanup_(sd_bus_creds_unrefp
) sd_bus_creds
*creds
= NULL
;
1184 sd_bus_message
*message
;
1187 message
= sd_bus_get_current_message(bus
);
1191 r
= sd_bus_query_sender_creds(message
, SD_BUS_CREDS_PID
, &creds
);
1195 r
= sd_bus_creds_get_pid(creds
, &pid
);
1199 r
= manager_get_machine_by_pid(m
, pid
, &machine
);
1203 _cleanup_free_
char *e
= NULL
;
1206 p
= startswith(path
, "/org/freedesktop/machine1/machine/");
1210 e
= bus_label_unescape(p
);
1214 machine
= hashmap_get(m
->machines
, e
);
1223 char *machine_bus_path(Machine
*m
) {
1224 _cleanup_free_
char *e
= NULL
;
1228 e
= bus_label_escape(m
->name
);
1232 return strjoin("/org/freedesktop/machine1/machine/", e
);
1235 static int machine_node_enumerator(sd_bus
*bus
, const char *path
, void *userdata
, char ***nodes
, sd_bus_error
*error
) {
1236 _cleanup_strv_free_
char **l
= NULL
;
1237 Machine
*machine
= NULL
;
1238 Manager
*m
= userdata
;
1245 HASHMAP_FOREACH(machine
, m
->machines
) {
1248 p
= machine_bus_path(machine
);
1252 r
= strv_consume(&l
, p
);
1257 *nodes
= TAKE_PTR(l
);
1262 static const sd_bus_vtable machine_vtable
[] = {
1263 SD_BUS_VTABLE_START(0),
1264 SD_BUS_PROPERTY("Name", "s", NULL
, offsetof(Machine
, name
), SD_BUS_VTABLE_PROPERTY_CONST
),
1265 SD_BUS_PROPERTY("Id", "ay", bus_property_get_id128
, offsetof(Machine
, id
), SD_BUS_VTABLE_PROPERTY_CONST
),
1266 BUS_PROPERTY_DUAL_TIMESTAMP("Timestamp", offsetof(Machine
, timestamp
), SD_BUS_VTABLE_PROPERTY_CONST
),
1267 SD_BUS_PROPERTY("Service", "s", NULL
, offsetof(Machine
, service
), SD_BUS_VTABLE_PROPERTY_CONST
),
1268 SD_BUS_PROPERTY("Unit", "s", NULL
, offsetof(Machine
, unit
), SD_BUS_VTABLE_PROPERTY_CONST
),
1269 SD_BUS_PROPERTY("Scope", "s", NULL
, offsetof(Machine
, unit
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1270 SD_BUS_PROPERTY("Leader", "u", NULL
, offsetof(Machine
, leader
), SD_BUS_VTABLE_PROPERTY_CONST
),
1271 SD_BUS_PROPERTY("Class", "s", property_get_class
, offsetof(Machine
, class), SD_BUS_VTABLE_PROPERTY_CONST
),
1272 SD_BUS_PROPERTY("RootDirectory", "s", NULL
, offsetof(Machine
, root_directory
), SD_BUS_VTABLE_PROPERTY_CONST
),
1273 SD_BUS_PROPERTY("NetworkInterfaces", "ai", property_get_netif
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1274 SD_BUS_PROPERTY("State", "s", property_get_state
, 0, 0),
1276 SD_BUS_METHOD("Terminate",
1279 bus_machine_method_terminate
,
1280 SD_BUS_VTABLE_UNPRIVILEGED
),
1281 SD_BUS_METHOD_WITH_NAMES("Kill",
1284 SD_BUS_PARAM(signal
),
1286 bus_machine_method_kill
,
1287 SD_BUS_VTABLE_UNPRIVILEGED
),
1288 SD_BUS_METHOD_WITH_NAMES("GetAddresses",
1291 SD_BUS_PARAM(addresses
),
1292 bus_machine_method_get_addresses
,
1293 SD_BUS_VTABLE_UNPRIVILEGED
),
1294 SD_BUS_METHOD_WITH_NAMES("GetOSRelease",
1297 SD_BUS_PARAM(fields
),
1298 bus_machine_method_get_os_release
,
1299 SD_BUS_VTABLE_UNPRIVILEGED
),
1300 SD_BUS_METHOD_WITH_NAMES("GetUIDShift",
1303 SD_BUS_PARAM(shift
),
1304 bus_machine_method_get_uid_shift
,
1305 SD_BUS_VTABLE_UNPRIVILEGED
),
1306 SD_BUS_METHOD_WITH_NAMES("OpenPTY",
1310 SD_BUS_PARAM(pty_path
),
1311 bus_machine_method_open_pty
,
1312 SD_BUS_VTABLE_UNPRIVILEGED
),
1313 SD_BUS_METHOD_WITH_NAMES("OpenLogin",
1317 SD_BUS_PARAM(pty_path
),
1318 bus_machine_method_open_login
,
1319 SD_BUS_VTABLE_UNPRIVILEGED
),
1320 SD_BUS_METHOD_WITH_NAMES("OpenShell",
1325 SD_BUS_PARAM(environment
),
1328 SD_BUS_PARAM(pty_path
),
1329 bus_machine_method_open_shell
,
1330 SD_BUS_VTABLE_UNPRIVILEGED
),
1331 SD_BUS_METHOD_WITH_NAMES("BindMount",
1333 SD_BUS_PARAM(source
)
1334 SD_BUS_PARAM(destination
)
1335 SD_BUS_PARAM(read_only
)
1336 SD_BUS_PARAM(mkdir
),
1338 bus_machine_method_bind_mount
,
1339 SD_BUS_VTABLE_UNPRIVILEGED
),
1340 SD_BUS_METHOD_WITH_NAMES("CopyFrom",
1342 SD_BUS_PARAM(source
)
1343 SD_BUS_PARAM(destination
),
1345 bus_machine_method_copy
,
1346 SD_BUS_VTABLE_UNPRIVILEGED
),
1347 SD_BUS_METHOD_WITH_NAMES("CopyTo",
1349 SD_BUS_PARAM(source
)
1350 SD_BUS_PARAM(destination
),
1352 bus_machine_method_copy
,
1353 SD_BUS_VTABLE_UNPRIVILEGED
),
1354 SD_BUS_METHOD_WITH_NAMES("OpenRootDirectory",
1358 bus_machine_method_open_root_directory
,
1359 SD_BUS_VTABLE_UNPRIVILEGED
),
1364 const BusObjectImplementation machine_object
= {
1365 "/org/freedesktop/machine1/machine",
1366 "org.freedesktop.machine1.Machine",
1367 .fallback_vtables
= BUS_FALLBACK_VTABLES({machine_vtable
, machine_object_find
}),
1368 .node_enumerator
= machine_node_enumerator
,
1371 int machine_send_signal(Machine
*m
, bool new_machine
) {
1372 _cleanup_free_
char *p
= NULL
;
1376 p
= machine_bus_path(m
);
1380 return sd_bus_emit_signal(
1382 "/org/freedesktop/machine1",
1383 "org.freedesktop.machine1.Manager",
1384 new_machine
? "MachineNew" : "MachineRemoved",
1388 int machine_send_create_reply(Machine
*m
, sd_bus_error
*error
) {
1389 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*c
= NULL
;
1390 _cleanup_free_
char *p
= NULL
;
1394 if (!m
->create_message
)
1397 c
= TAKE_PTR(m
->create_message
);
1400 return sd_bus_reply_method_error(c
, error
);
1402 /* Update the machine state file before we notify the client
1403 * about the result. */
1406 p
= machine_bus_path(m
);
1410 return sd_bus_reply_method_return(c
, "o", p
);