1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
8 #include <sys/sendfile.h>
12 #include "alloc-util.h"
13 #include "btrfs-util.h"
14 #include "chattr-util.h"
16 #include "dirent-util.h"
22 #include "missing_syscall.h"
23 #include "mountpoint-util.h"
24 #include "nulstr-util.h"
26 #include "selinux-util.h"
27 #include "signal-util.h"
28 #include "stat-util.h"
29 #include "stdio-util.h"
30 #include "string-util.h"
32 #include "time-util.h"
33 #include "tmpfile-util.h"
34 #include "umask-util.h"
35 #include "user-util.h"
36 #include "xattr-util.h"
38 #define COPY_BUFFER_SIZE (16U*1024U)
40 /* A safety net for descending recursively into file system trees to copy. On Linux PATH_MAX is 4096, which means the
41 * deepest valid path one can build is around 2048, which we hence use as a safety net here, to not spin endlessly in
42 * case of bind mount cycles and suchlike. */
43 #define COPY_DEPTH_MAX 2048U
45 static ssize_t
try_copy_file_range(
46 int fd_in
, loff_t
*off_in
,
47 int fd_out
, loff_t
*off_out
,
57 r
= copy_file_range(fd_in
, off_in
, fd_out
, off_out
, len
, flags
);
59 have
= r
>= 0 || errno
!= ENOSYS
;
69 FD_IS_NONBLOCKING_PIPE
,
72 static int fd_is_nonblock_pipe(int fd
) {
76 /* Checks whether the specified file descriptor refers to a pipe, and if so if O_NONBLOCK is set. */
78 if (fstat(fd
, &st
) < 0)
81 if (!S_ISFIFO(st
.st_mode
))
84 flags
= fcntl(fd
, F_GETFL
);
88 return FLAGS_SET(flags
, O_NONBLOCK
) ? FD_IS_NONBLOCKING_PIPE
: FD_IS_BLOCKING_PIPE
;
96 size_t *ret_remains_size
,
97 copy_progress_bytes_t progress
,
100 bool try_cfr
= true, try_sendfile
= true, try_splice
= true, copied_something
= false;
101 int r
, nonblock_pipe
= -1;
102 size_t m
= SSIZE_MAX
; /* that is the maximum that sendfile and c_f_r accept */
107 /* Tries to copy bytes from the file descriptor 'fdf' to 'fdt' in the smartest possible way. Copies a maximum
108 * of 'max_bytes', which may be specified as UINT64_MAX, in which no maximum is applied. Returns negative on
109 * error, zero if EOF is hit before the bytes limit is hit and positive otherwise. If the copy fails for some
110 * reason but we read but didn't yet write some data an ret_remains/ret_remains_size is not NULL, then it will
111 * be initialized with an allocated buffer containing this "remaining" data. Note that these two parameters are
112 * initialized with a valid buffer only on failure and only if there's actually data already read. Otherwise
113 * these parameters if non-NULL are set to NULL. */
117 if (ret_remains_size
)
118 *ret_remains_size
= 0;
120 /* Try btrfs reflinks first. This only works on regular, seekable files, hence let's check the file offsets of
121 * source and destination first. */
122 if ((copy_flags
& COPY_REFLINK
)) {
125 foffset
= lseek(fdf
, 0, SEEK_CUR
);
129 toffset
= lseek(fdt
, 0, SEEK_CUR
);
132 if (foffset
== 0 && toffset
== 0 && max_bytes
== UINT64_MAX
)
133 r
= btrfs_reflink(fdf
, fdt
); /* full file reflink */
135 r
= btrfs_clone_range(fdf
, foffset
, fdt
, toffset
, max_bytes
== UINT64_MAX
? 0 : max_bytes
); /* partial reflink */
139 /* This worked, yay! Now — to be fully correct — let's adjust the file pointers */
140 if (max_bytes
== UINT64_MAX
) {
142 /* We cloned to the end of the source file, let's position the read
143 * pointer there, and query it at the same time. */
144 t
= lseek(fdf
, 0, SEEK_END
);
150 /* Let's adjust the destination file write pointer by the same number
152 t
= lseek(fdt
, toffset
+ (t
- foffset
), SEEK_SET
);
156 return 0; /* we copied the whole thing, hence hit EOF, return 0 */
158 t
= lseek(fdf
, foffset
+ max_bytes
, SEEK_SET
);
162 t
= lseek(fdt
, toffset
+ max_bytes
, SEEK_SET
);
166 return 1; /* we copied only some number of bytes, which worked, but this means we didn't hit EOF, return 1 */
177 return 1; /* return > 0 if we hit the max_bytes limit */
179 if (FLAGS_SET(copy_flags
, COPY_SIGINT
)) {
180 r
= pop_pending_signal(SIGINT
);
187 if (max_bytes
!= UINT64_MAX
&& m
> max_bytes
)
190 /* First try copy_file_range(), unless we already tried */
192 n
= try_copy_file_range(fdf
, NULL
, fdt
, NULL
, m
, 0u);
194 if (!IN_SET(n
, -EINVAL
, -ENOSYS
, -EXDEV
, -EBADF
))
198 /* use fallback below */
199 } else if (n
== 0) { /* likely EOF */
201 if (copied_something
)
204 /* So, we hit EOF immediately, without having copied a single byte. This
205 * could indicate two things: the file is actually empty, or we are on some
206 * virtual file system such as procfs/sysfs where the syscall actually
207 * doesn't work but doesn't return an error. Try to handle that, by falling
208 * back to simple read()s in case we encounter empty files.
210 * See: https://lwn.net/Articles/846403/ */
211 try_cfr
= try_sendfile
= try_splice
= false;
217 /* First try sendfile(), unless we already tried */
219 n
= sendfile(fdt
, fdf
, NULL
, m
);
221 if (!IN_SET(errno
, EINVAL
, ENOSYS
))
224 try_sendfile
= false;
225 /* use fallback below */
226 } else if (n
== 0) { /* likely EOF */
228 if (copied_something
)
231 try_sendfile
= try_splice
= false; /* same logic as above for copy_file_range() */
237 /* Then try splice, unless we already tried. */
240 /* splice()'s asynchronous I/O support is a bit weird. When it encounters a pipe file
241 * descriptor, then it will ignore its O_NONBLOCK flag and instead only honour the
242 * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour
243 * here, and check if either of the specified fds are a pipe, and if so, let's pass
244 * the flag automatically, depending on O_NONBLOCK being set.
246 * Here's a twist though: when we use it to move data between two pipes of which one
247 * has O_NONBLOCK set and the other has not, then we have no individual control over
248 * O_NONBLOCK behaviour. Hence in that case we can't use splice() and still guarantee
249 * systematic O_NONBLOCK behaviour, hence don't. */
251 if (nonblock_pipe
< 0) {
254 /* Check if either of these fds is a pipe, and if so non-blocking or not */
255 a
= fd_is_nonblock_pipe(fdf
);
259 b
= fd_is_nonblock_pipe(fdt
);
263 if ((a
== FD_IS_NO_PIPE
&& b
== FD_IS_NO_PIPE
) ||
264 (a
== FD_IS_BLOCKING_PIPE
&& b
== FD_IS_NONBLOCKING_PIPE
) ||
265 (a
== FD_IS_NONBLOCKING_PIPE
&& b
== FD_IS_BLOCKING_PIPE
))
267 /* splice() only works if one of the fds is a pipe. If neither is,
268 * let's skip this step right-away. As mentioned above, if one of the
269 * two fds refers to a blocking pipe and the other to a non-blocking
270 * pipe, we can't use splice() either, hence don't try either. This
271 * hence means we can only use splice() if either only one of the two
272 * fds is a pipe, or if both are pipes with the same nonblocking flag
277 nonblock_pipe
= a
== FD_IS_NONBLOCKING_PIPE
|| b
== FD_IS_NONBLOCKING_PIPE
;
282 n
= splice(fdf
, NULL
, fdt
, NULL
, m
, nonblock_pipe
? SPLICE_F_NONBLOCK
: 0);
284 if (!IN_SET(errno
, EINVAL
, ENOSYS
))
288 /* use fallback below */
289 } else if (n
== 0) { /* likely EOF */
291 if (copied_something
)
294 try_splice
= false; /* same logic as above for copy_file_range() + sendfile() */
300 /* As a fallback just copy bits by hand */
302 uint8_t buf
[MIN(m
, COPY_BUFFER_SIZE
)], *p
= buf
;
305 n
= read(fdf
, buf
, sizeof buf
);
308 if (n
== 0) /* EOF */
315 k
= write(fdt
, p
, z
);
329 if (ret_remains_size
)
330 *ret_remains_size
= z
;
343 r
= progress(n
, userdata
);
348 if (max_bytes
!= UINT64_MAX
) {
349 assert(max_bytes
>= (uint64_t) n
);
353 /* sendfile accepts at most SSIZE_MAX-offset bytes to copy, so reduce our maximum by the
354 * amount we already copied, but don't go below our copy buffer size, unless we are close the
355 * limit of bytes we are allowed to copy. */
356 m
= MAX(MIN(COPY_BUFFER_SIZE
, max_bytes
), m
- n
);
358 copied_something
= true;
361 return 0; /* return 0 if we hit EOF earlier than the size limit */
364 static int fd_copy_symlink(
367 const struct stat
*st
,
372 CopyFlags copy_flags
) {
374 _cleanup_free_
char *target
= NULL
;
381 r
= readlinkat_malloc(df
, from
, &target
);
385 if (copy_flags
& COPY_MAC_CREATE
) {
386 r
= mac_selinux_create_file_prepare_at(dt
, to
, S_IFLNK
);
390 r
= symlinkat(target
, dt
, to
);
391 if (copy_flags
& COPY_MAC_CREATE
)
392 mac_selinux_create_file_clear();
397 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
398 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
,
399 AT_SYMLINK_NOFOLLOW
) < 0)
402 (void) utimensat(dt
, to
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
}, AT_SYMLINK_NOFOLLOW
);
406 /* Encapsulates the database we store potential hardlink targets in */
407 typedef struct HardlinkContext
{
408 int dir_fd
; /* An fd to the directory we use as lookup table. Never AT_FDCWD. Lazily created, when
409 * we add the first entry. */
411 /* These two fields are used to create the hardlink repository directory above — via
412 * mkdirat(parent_fd, subdir) — and are kept so that we can automatically remove the directory again
413 * when we are done. */
414 int parent_fd
; /* Possibly AT_FDCWD */
418 static int hardlink_context_setup(
422 CopyFlags copy_flags
) {
424 _cleanup_close_
int dt_copy
= -1;
428 assert(c
->dir_fd
< 0 && c
->dir_fd
!= AT_FDCWD
);
429 assert(c
->parent_fd
< 0);
432 /* If hardlink recreation is requested we have to maintain a database of inodes that are potential
433 * hardlink sources. Given that generally disk sizes have to be assumed to be larger than what fits
434 * into physical RAM we cannot maintain that database in dynamic memory alone. Here we opt to
435 * maintain it on disk, to simplify things: inside the destination directory we'll maintain a
436 * temporary directory consisting of hardlinks of every inode we copied that might be subject of
437 * hardlinks. We can then use that as hardlink source later on. Yes, this means additional disk IO
438 * but thankfully Linux is optimized for this kind of thing. If this ever becomes a performance
439 * bottleneck we can certainly place an in-memory hash table in front of this, but for the beginning,
440 * let's keep things simple, and just use the disk as lookup table for inodes.
442 * Note that this should have zero performance impact as long as .n_link of all files copied remains
443 * <= 0, because in that case we will not actually allocate the hardlink inode lookup table directory
444 * on disk (we do so lazily, when the first candidate with .n_link > 1 is seen). This means, in the
445 * common case where hardlinks are not used at all or only for few files the fact that we store the
446 * table on disk shouldn't matter perfomance-wise. */
448 if (!FLAGS_SET(copy_flags
, COPY_HARDLINKS
))
456 dt_copy
= fcntl(dt
, F_DUPFD_CLOEXEC
, 3);
461 r
= tempfn_random_child(to
, "hardlink", &c
->subdir
);
465 c
->parent_fd
= TAKE_FD(dt_copy
);
467 /* We don't actually create the directory we keep the table in here, that's done on-demand when the
468 * first entry is added, using hardlink_context_realize() below. */
472 static int hardlink_context_realize(HardlinkContext
*c
) {
478 if (c
->dir_fd
>= 0) /* Already realized */
481 if (c
->parent_fd
< 0 && c
->parent_fd
!= AT_FDCWD
) /* Not configured */
486 if (mkdirat(c
->parent_fd
, c
->subdir
, 0700) < 0)
489 c
->dir_fd
= openat(c
->parent_fd
, c
->subdir
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
);
492 (void) unlinkat(c
->parent_fd
, c
->subdir
, AT_REMOVEDIR
);
499 static void hardlink_context_destroy(HardlinkContext
*c
) {
504 /* Automatically remove the hardlink lookup table directory again after we are done. This is used via
505 * _cleanup_() so that we really delete this, even on failure. */
507 if (c
->dir_fd
>= 0) {
508 r
= rm_rf_children(TAKE_FD(c
->dir_fd
), REMOVE_PHYSICAL
, NULL
); /* consumes dir_fd in all cases, even on failure */
510 log_debug_errno(r
, "Failed to remove hardlink store (%s) contents, ignoring: %m", c
->subdir
);
512 assert(c
->parent_fd
>= 0 || c
->parent_fd
== AT_FDCWD
);
515 if (unlinkat(c
->parent_fd
, c
->subdir
, AT_REMOVEDIR
) < 0)
516 log_debug_errno(errno
, "Failed to remove hardlink store (%s) directory, ignoring: %m", c
->subdir
);
519 assert_cc(AT_FDCWD
< 0);
520 c
->parent_fd
= safe_close(c
->parent_fd
);
522 c
->subdir
= mfree(c
->subdir
);
525 static int try_hardlink(
527 const struct stat
*st
,
531 char dev_ino
[DECIMAL_STR_MAX(dev_t
)*2 + DECIMAL_STR_MAX(uint64_t) + 4];
534 assert(dt
>= 0 || dt
== AT_FDCWD
);
537 if (!c
) /* No temporary hardlink directory, don't bother */
540 if (st
->st_nlink
<= 1) /* Source not hardlinked, don't bother */
543 if (c
->dir_fd
< 0) /* not yet realized, hence empty */
546 xsprintf(dev_ino
, "%u:%u:%" PRIu64
, major(st
->st_dev
), minor(st
->st_dev
), (uint64_t) st
->st_ino
);
547 if (linkat(c
->dir_fd
, dev_ino
, dt
, to
, 0) < 0) {
548 if (errno
!= ENOENT
) /* doesn't exist in store yet */
549 log_debug_errno(errno
, "Failed to hardlink %s to %s, ignoring: %m", dev_ino
, to
);
556 static int memorize_hardlink(
558 const struct stat
*st
,
562 char dev_ino
[DECIMAL_STR_MAX(dev_t
)*2 + DECIMAL_STR_MAX(uint64_t) + 4];
566 assert(dt
>= 0 || dt
== AT_FDCWD
);
569 if (!c
) /* No temporary hardlink directory, don't bother */
572 if (st
->st_nlink
<= 1) /* Source not hardlinked, don't bother */
575 r
= hardlink_context_realize(c
); /* Create the hardlink store lazily */
579 xsprintf(dev_ino
, "%u:%u:%" PRIu64
, major(st
->st_dev
), minor(st
->st_dev
), (uint64_t) st
->st_ino
);
580 if (linkat(dt
, to
, c
->dir_fd
, dev_ino
, 0) < 0) {
581 log_debug_errno(errno
, "Failed to hardlink %s to %s, ignoring: %m", to
, dev_ino
);
588 static int fd_copy_regular(
591 const struct stat
*st
,
596 CopyFlags copy_flags
,
597 HardlinkContext
*hardlink_context
,
598 copy_progress_bytes_t progress
,
601 _cleanup_close_
int fdf
= -1, fdt
= -1;
608 r
= try_hardlink(hardlink_context
, st
, dt
, to
);
611 if (r
> 0) /* worked! */
614 fdf
= openat(df
, from
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
);
618 if (copy_flags
& COPY_MAC_CREATE
) {
619 r
= mac_selinux_create_file_prepare_at(dt
, to
, S_IFREG
);
623 fdt
= openat(dt
, to
, O_WRONLY
|O_CREAT
|O_EXCL
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
, st
->st_mode
& 07777);
624 if (copy_flags
& COPY_MAC_CREATE
)
625 mac_selinux_create_file_clear();
629 r
= copy_bytes_full(fdf
, fdt
, UINT64_MAX
, copy_flags
, NULL
, NULL
, progress
, userdata
);
631 (void) unlinkat(dt
, to
, 0);
636 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
637 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
) < 0)
640 if (fchmod(fdt
, st
->st_mode
& 07777) < 0)
643 (void) futimens(fdt
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
});
644 (void) copy_xattr(fdf
, fdt
);
651 (void) unlinkat(dt
, to
, 0);
654 (void) memorize_hardlink(hardlink_context
, st
, dt
, to
);
658 static int fd_copy_fifo(
661 const struct stat
*st
,
666 CopyFlags copy_flags
,
667 HardlinkContext
*hardlink_context
) {
674 r
= try_hardlink(hardlink_context
, st
, dt
, to
);
677 if (r
> 0) /* worked! */
680 if (copy_flags
& COPY_MAC_CREATE
) {
681 r
= mac_selinux_create_file_prepare_at(dt
, to
, S_IFIFO
);
685 r
= mkfifoat(dt
, to
, st
->st_mode
& 07777);
686 if (copy_flags
& COPY_MAC_CREATE
)
687 mac_selinux_create_file_clear();
692 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
693 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
,
694 AT_SYMLINK_NOFOLLOW
) < 0)
697 if (fchmodat(dt
, to
, st
->st_mode
& 07777, 0) < 0)
700 (void) utimensat(dt
, to
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
}, AT_SYMLINK_NOFOLLOW
);
702 (void) memorize_hardlink(hardlink_context
, st
, dt
, to
);
706 static int fd_copy_node(
709 const struct stat
*st
,
714 CopyFlags copy_flags
,
715 HardlinkContext
*hardlink_context
) {
722 r
= try_hardlink(hardlink_context
, st
, dt
, to
);
725 if (r
> 0) /* worked! */
728 if (copy_flags
& COPY_MAC_CREATE
) {
729 r
= mac_selinux_create_file_prepare_at(dt
, to
, st
->st_mode
& S_IFMT
);
733 r
= mknodat(dt
, to
, st
->st_mode
, st
->st_rdev
);
734 if (copy_flags
& COPY_MAC_CREATE
)
735 mac_selinux_create_file_clear();
740 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
741 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
,
742 AT_SYMLINK_NOFOLLOW
) < 0)
745 if (fchmodat(dt
, to
, st
->st_mode
& 07777, 0) < 0)
748 (void) utimensat(dt
, to
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
}, AT_SYMLINK_NOFOLLOW
);
750 (void) memorize_hardlink(hardlink_context
, st
, dt
, to
);
754 static int fd_copy_directory(
757 const struct stat
*st
,
760 dev_t original_device
,
764 CopyFlags copy_flags
,
765 HardlinkContext
*hardlink_context
,
766 const char *display_path
,
767 copy_progress_path_t progress_path
,
768 copy_progress_bytes_t progress_bytes
,
771 _cleanup_(hardlink_context_destroy
) HardlinkContext our_hardlink_context
= {
776 _cleanup_close_
int fdf
= -1, fdt
= -1;
777 _cleanup_closedir_
DIR *d
= NULL
;
779 bool exists
, created
;
786 return -ENAMETOOLONG
;
789 fdf
= openat(df
, from
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
);
791 fdf
= fcntl(df
, F_DUPFD_CLOEXEC
, 3);
795 if (!hardlink_context
) {
796 /* If recreating hardlinks is requested let's set up a context for that now. */
797 r
= hardlink_context_setup(&our_hardlink_context
, dt
, to
, copy_flags
);
800 if (r
> 0) /* It's enabled and allocated, let's now use the same context for all recursive
801 * invocations from here down */
802 hardlink_context
= &our_hardlink_context
;
805 d
= take_fdopendir(&fdf
);
810 if (copy_flags
& COPY_MERGE_EMPTY
) {
811 r
= dir_is_empty_at(dt
, to
);
812 if (r
< 0 && r
!= -ENOENT
)
821 if (copy_flags
& COPY_MAC_CREATE
)
822 r
= mkdirat_label(dt
, to
, st
->st_mode
& 07777);
824 r
= mkdirat(dt
, to
, st
->st_mode
& 07777);
827 else if (errno
== EEXIST
&& (copy_flags
& COPY_MERGE
))
833 fdt
= openat(dt
, to
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
);
839 FOREACH_DIRENT_ALL(de
, d
, return -errno
) {
840 const char *child_display_path
= NULL
;
841 _cleanup_free_
char *dp
= NULL
;
845 if (dot_or_dot_dot(de
->d_name
))
848 if (FLAGS_SET(copy_flags
, COPY_SIGINT
)) {
849 r
= pop_pending_signal(SIGINT
);
856 if (fstatat(dirfd(d
), de
->d_name
, &buf
, AT_SYMLINK_NOFOLLOW
) < 0) {
863 child_display_path
= dp
= path_join(display_path
, de
->d_name
);
865 child_display_path
= de
->d_name
;
867 r
= progress_path(child_display_path
, &buf
, userdata
);
872 if (S_ISDIR(buf
.st_mode
)) {
874 * Don't descend into directories on other file systems, if this is requested. We do a simple
875 * .st_dev check here, which basically comes for free. Note that we do this check only on
876 * directories, not other kind of file system objects, for two reason:
878 * • The kernel's overlayfs pseudo file system that overlays multiple real file systems
879 * propagates the .st_dev field of the file system a file originates from all the way up
880 * through the stack to stat(). It doesn't do that for directories however. This means that
881 * comparing .st_dev on non-directories suggests that they all are mount points. To avoid
882 * confusion we hence avoid relying on this check for regular files.
884 * • The main reason we do this check at all is to protect ourselves from bind mount cycles,
885 * where we really want to avoid descending down in all eternity. However the .st_dev check
886 * is usually not sufficient for this protection anyway, as bind mount cycles from the same
887 * file system onto itself can't be detected that way. (Note we also do a recursion depth
888 * check, which is probably the better protection in this regard, which is why
889 * COPY_SAME_MOUNT is optional).
892 if (FLAGS_SET(copy_flags
, COPY_SAME_MOUNT
)) {
893 if (buf
.st_dev
!= original_device
)
896 r
= fd_is_mount_point(dirfd(d
), de
->d_name
, 0);
903 q
= fd_copy_directory(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, original_device
, depth_left
-1, override_uid
, override_gid
, copy_flags
, hardlink_context
, child_display_path
, progress_path
, progress_bytes
, userdata
);
904 } else if (S_ISREG(buf
.st_mode
))
905 q
= fd_copy_regular(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
, hardlink_context
, progress_bytes
, userdata
);
906 else if (S_ISLNK(buf
.st_mode
))
907 q
= fd_copy_symlink(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
);
908 else if (S_ISFIFO(buf
.st_mode
))
909 q
= fd_copy_fifo(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
, hardlink_context
);
910 else if (S_ISBLK(buf
.st_mode
) || S_ISCHR(buf
.st_mode
) || S_ISSOCK(buf
.st_mode
))
911 q
= fd_copy_node(dirfd(d
), de
->d_name
, &buf
, fdt
, de
->d_name
, override_uid
, override_gid
, copy_flags
, hardlink_context
);
915 if (q
== -EINTR
) /* Propagate SIGINT up instantly */
917 if (q
== -EEXIST
&& (copy_flags
& COPY_MERGE
))
925 uid_is_valid(override_uid
) ? override_uid
: st
->st_uid
,
926 gid_is_valid(override_gid
) ? override_gid
: st
->st_gid
) < 0)
929 if (fchmod(fdt
, st
->st_mode
& 07777) < 0)
932 (void) copy_xattr(dirfd(d
), fdt
);
933 (void) futimens(fdt
, (struct timespec
[]) { st
->st_atim
, st
->st_mtim
});
939 int copy_tree_at_full(
946 CopyFlags copy_flags
,
947 copy_progress_path_t progress_path
,
948 copy_progress_bytes_t progress_bytes
,
956 if (fstatat(fdf
, from
, &st
, AT_SYMLINK_NOFOLLOW
) < 0)
959 if (S_ISREG(st
.st_mode
))
960 return fd_copy_regular(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
, NULL
, progress_bytes
, userdata
);
961 else if (S_ISDIR(st
.st_mode
))
962 return fd_copy_directory(fdf
, from
, &st
, fdt
, to
, st
.st_dev
, COPY_DEPTH_MAX
, override_uid
, override_gid
, copy_flags
, NULL
, NULL
, progress_path
, progress_bytes
, userdata
);
963 else if (S_ISLNK(st
.st_mode
))
964 return fd_copy_symlink(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
);
965 else if (S_ISFIFO(st
.st_mode
))
966 return fd_copy_fifo(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
, NULL
);
967 else if (S_ISBLK(st
.st_mode
) || S_ISCHR(st
.st_mode
) || S_ISSOCK(st
.st_mode
))
968 return fd_copy_node(fdf
, from
, &st
, fdt
, to
, override_uid
, override_gid
, copy_flags
, NULL
);
973 int copy_directory_fd_full(
976 CopyFlags copy_flags
,
977 copy_progress_path_t progress_path
,
978 copy_progress_bytes_t progress_bytes
,
987 if (fstat(dirfd
, &st
) < 0)
990 r
= stat_verify_directory(&st
);
994 return fd_copy_directory(dirfd
, NULL
, &st
, AT_FDCWD
, to
, st
.st_dev
, COPY_DEPTH_MAX
, UID_INVALID
, GID_INVALID
, copy_flags
, NULL
, NULL
, progress_path
, progress_bytes
, userdata
);
997 int copy_directory_full(
1000 CopyFlags copy_flags
,
1001 copy_progress_path_t progress_path
,
1002 copy_progress_bytes_t progress_bytes
,
1011 if (lstat(from
, &st
) < 0)
1014 r
= stat_verify_directory(&st
);
1018 return fd_copy_directory(AT_FDCWD
, from
, &st
, AT_FDCWD
, to
, st
.st_dev
, COPY_DEPTH_MAX
, UID_INVALID
, GID_INVALID
, copy_flags
, NULL
, NULL
, progress_path
, progress_bytes
, userdata
);
1021 int copy_file_fd_full(
1024 CopyFlags copy_flags
,
1025 copy_progress_bytes_t progress_bytes
,
1028 _cleanup_close_
int fdf
= -1;
1034 fdf
= open(from
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1038 r
= copy_bytes_full(fdf
, fdt
, UINT64_MAX
, copy_flags
, NULL
, NULL
, progress_bytes
, userdata
);
1040 (void) copy_times(fdf
, fdt
, copy_flags
);
1041 (void) copy_xattr(fdf
, fdt
);
1051 unsigned chattr_flags
,
1052 unsigned chattr_mask
,
1053 CopyFlags copy_flags
,
1054 copy_progress_bytes_t progress_bytes
,
1057 _cleanup_close_
int fdf
= -1;
1059 int r
, fdt
= -1; /* avoid false maybe-uninitialized warning */
1064 fdf
= open(from
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1068 if (mode
== MODE_INVALID
)
1069 if (fstat(fdf
, &st
) < 0)
1072 RUN_WITH_UMASK(0000) {
1073 if (copy_flags
& COPY_MAC_CREATE
) {
1074 r
= mac_selinux_create_file_prepare(to
, S_IFREG
);
1078 fdt
= open(to
, flags
|O_WRONLY
|O_CREAT
|O_CLOEXEC
|O_NOCTTY
,
1079 mode
!= MODE_INVALID
? mode
: st
.st_mode
);
1080 if (copy_flags
& COPY_MAC_CREATE
)
1081 mac_selinux_create_file_clear();
1086 if (chattr_mask
!= 0)
1087 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& CHATTR_EARLY_FL
, NULL
);
1089 r
= copy_bytes_full(fdf
, fdt
, UINT64_MAX
, copy_flags
, NULL
, NULL
, progress_bytes
, userdata
);
1096 (void) copy_times(fdf
, fdt
, copy_flags
);
1097 (void) copy_xattr(fdf
, fdt
);
1099 if (chattr_mask
!= 0)
1100 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& ~CHATTR_EARLY_FL
, NULL
);
1102 if (close(fdt
) < 0) {
1110 int copy_file_atomic_full(
1114 unsigned chattr_flags
,
1115 unsigned chattr_mask
,
1116 CopyFlags copy_flags
,
1117 copy_progress_bytes_t progress_bytes
,
1120 _cleanup_(unlink_and_freep
) char *t
= NULL
;
1121 _cleanup_close_
int fdt
= -1;
1127 /* We try to use O_TMPFILE here to create the file if we can. Note that this only works if COPY_REPLACE is not
1128 * set though as we need to use linkat() for linking the O_TMPFILE file into the file system but that system
1129 * call can't replace existing files. Hence, if COPY_REPLACE is set we create a temporary name in the file
1130 * system right-away and unconditionally which we then can renameat() to the right name after we completed
1133 if (copy_flags
& COPY_REPLACE
) {
1134 _cleanup_free_
char *f
= NULL
;
1136 r
= tempfn_random(to
, NULL
, &f
);
1140 if (copy_flags
& COPY_MAC_CREATE
) {
1141 r
= mac_selinux_create_file_prepare(to
, S_IFREG
);
1145 fdt
= open(f
, O_CREAT
|O_EXCL
|O_NOFOLLOW
|O_NOCTTY
|O_WRONLY
|O_CLOEXEC
, 0600);
1146 if (copy_flags
& COPY_MAC_CREATE
)
1147 mac_selinux_create_file_clear();
1153 if (copy_flags
& COPY_MAC_CREATE
) {
1154 r
= mac_selinux_create_file_prepare(to
, S_IFREG
);
1158 fdt
= open_tmpfile_linkable(to
, O_WRONLY
|O_CLOEXEC
, &t
);
1159 if (copy_flags
& COPY_MAC_CREATE
)
1160 mac_selinux_create_file_clear();
1165 if (chattr_mask
!= 0)
1166 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& CHATTR_EARLY_FL
, NULL
);
1168 r
= copy_file_fd_full(from
, fdt
, copy_flags
, progress_bytes
, userdata
);
1172 if (fchmod(fdt
, mode
) < 0)
1175 if (copy_flags
& COPY_REPLACE
) {
1176 if (renameat(AT_FDCWD
, t
, AT_FDCWD
, to
) < 0)
1179 r
= link_tmpfile(fdt
, t
, to
);
1184 if (chattr_mask
!= 0)
1185 (void) chattr_fd(fdt
, chattr_flags
, chattr_mask
& ~CHATTR_EARLY_FL
, NULL
);
1191 int copy_times(int fdf
, int fdt
, CopyFlags flags
) {
1197 if (fstat(fdf
, &st
) < 0)
1200 if (futimens(fdt
, (struct timespec
[2]) { st
.st_atim
, st
.st_mtim
}) < 0)
1203 if (FLAGS_SET(flags
, COPY_CRTIME
)) {
1206 if (fd_getcrtime(fdf
, &crtime
) >= 0)
1207 (void) fd_setcrtime(fdt
, crtime
);
1213 int copy_access(int fdf
, int fdt
) {
1219 /* Copies just the access mode (and not the ownership) from fdf to fdt */
1221 if (fstat(fdf
, &st
) < 0)
1224 if (fchmod(fdt
, st
.st_mode
& 07777) < 0)
1230 int copy_rights_with_fallback(int fdf
, int fdt
, const char *patht
) {
1236 /* Copies both access mode and ownership from fdf to fdt */
1238 if (fstat(fdf
, &st
) < 0)
1241 return fchmod_and_chown_with_fallback(fdt
, patht
, st
.st_mode
& 07777, st
.st_uid
, st
.st_gid
);
1244 int copy_xattr(int fdf
, int fdt
) {
1245 _cleanup_free_
char *names
= NULL
;
1249 r
= flistxattr_malloc(fdf
, &names
);
1253 NULSTR_FOREACH(p
, names
) {
1254 _cleanup_free_
char *value
= NULL
;
1256 if (!startswith(p
, "user."))
1259 r
= fgetxattr_malloc(fdf
, p
, &value
);
1261 continue; /* gone by now */
1265 if (fsetxattr(fdt
, p
, value
, r
, 0) < 0)