]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
f4f15635 | 2 | |
11c3a366 TA |
3 | #include <errno.h> |
4 | #include <stddef.h> | |
5 | #include <stdio.h> | |
6 | #include <stdlib.h> | |
7 | #include <string.h> | |
8 | #include <sys/stat.h> | |
655f2da0 | 9 | #include <linux/magic.h> |
11c3a366 TA |
10 | #include <time.h> |
11 | #include <unistd.h> | |
12 | ||
b5efdb8a | 13 | #include "alloc-util.h" |
f4f15635 LP |
14 | #include "dirent-util.h" |
15 | #include "fd-util.h" | |
16 | #include "fileio.h" | |
17 | #include "fs-util.h" | |
11c3a366 TA |
18 | #include "log.h" |
19 | #include "macro.h" | |
20 | #include "missing.h" | |
93cc7779 TA |
21 | #include "mkdir.h" |
22 | #include "parse-util.h" | |
23 | #include "path-util.h" | |
dccca82b | 24 | #include "process-util.h" |
34a8f081 | 25 | #include "stat-util.h" |
430fbf8e | 26 | #include "stdio-util.h" |
f4f15635 LP |
27 | #include "string-util.h" |
28 | #include "strv.h" | |
93cc7779 | 29 | #include "time-util.h" |
ee104e11 | 30 | #include "user-util.h" |
f4f15635 LP |
31 | #include "util.h" |
32 | ||
33 | int unlink_noerrno(const char *path) { | |
34 | PROTECT_ERRNO; | |
35 | int r; | |
36 | ||
37 | r = unlink(path); | |
38 | if (r < 0) | |
39 | return -errno; | |
40 | ||
41 | return 0; | |
42 | } | |
43 | ||
44 | int rmdir_parents(const char *path, const char *stop) { | |
45 | size_t l; | |
46 | int r = 0; | |
47 | ||
48 | assert(path); | |
49 | assert(stop); | |
50 | ||
51 | l = strlen(path); | |
52 | ||
53 | /* Skip trailing slashes */ | |
54 | while (l > 0 && path[l-1] == '/') | |
55 | l--; | |
56 | ||
57 | while (l > 0) { | |
58 | char *t; | |
59 | ||
60 | /* Skip last component */ | |
61 | while (l > 0 && path[l-1] != '/') | |
62 | l--; | |
63 | ||
64 | /* Skip trailing slashes */ | |
65 | while (l > 0 && path[l-1] == '/') | |
66 | l--; | |
67 | ||
68 | if (l <= 0) | |
69 | break; | |
70 | ||
71 | t = strndup(path, l); | |
72 | if (!t) | |
73 | return -ENOMEM; | |
74 | ||
75 | if (path_startswith(stop, t)) { | |
76 | free(t); | |
77 | return 0; | |
78 | } | |
79 | ||
80 | r = rmdir(t); | |
81 | free(t); | |
82 | ||
83 | if (r < 0) | |
84 | if (errno != ENOENT) | |
85 | return -errno; | |
86 | } | |
87 | ||
88 | return 0; | |
89 | } | |
90 | ||
f4f15635 LP |
91 | int rename_noreplace(int olddirfd, const char *oldpath, int newdirfd, const char *newpath) { |
92 | struct stat buf; | |
93 | int ret; | |
94 | ||
95 | ret = renameat2(olddirfd, oldpath, newdirfd, newpath, RENAME_NOREPLACE); | |
96 | if (ret >= 0) | |
97 | return 0; | |
98 | ||
99 | /* renameat2() exists since Linux 3.15, btrfs added support for it later. | |
100 | * If it is not implemented, fallback to another method. */ | |
101 | if (!IN_SET(errno, EINVAL, ENOSYS)) | |
102 | return -errno; | |
103 | ||
104 | /* The link()/unlink() fallback does not work on directories. But | |
105 | * renameat() without RENAME_NOREPLACE gives the same semantics on | |
106 | * directories, except when newpath is an *empty* directory. This is | |
107 | * good enough. */ | |
108 | ret = fstatat(olddirfd, oldpath, &buf, AT_SYMLINK_NOFOLLOW); | |
109 | if (ret >= 0 && S_ISDIR(buf.st_mode)) { | |
110 | ret = renameat(olddirfd, oldpath, newdirfd, newpath); | |
111 | return ret >= 0 ? 0 : -errno; | |
112 | } | |
113 | ||
114 | /* If it is not a directory, use the link()/unlink() fallback. */ | |
115 | ret = linkat(olddirfd, oldpath, newdirfd, newpath, 0); | |
116 | if (ret < 0) | |
117 | return -errno; | |
118 | ||
119 | ret = unlinkat(olddirfd, oldpath, 0); | |
120 | if (ret < 0) { | |
121 | /* backup errno before the following unlinkat() alters it */ | |
122 | ret = errno; | |
123 | (void) unlinkat(newdirfd, newpath, 0); | |
124 | errno = ret; | |
125 | return -errno; | |
126 | } | |
127 | ||
128 | return 0; | |
129 | } | |
130 | ||
131 | int readlinkat_malloc(int fd, const char *p, char **ret) { | |
132 | size_t l = 100; | |
133 | int r; | |
134 | ||
135 | assert(p); | |
136 | assert(ret); | |
137 | ||
138 | for (;;) { | |
139 | char *c; | |
140 | ssize_t n; | |
141 | ||
142 | c = new(char, l); | |
143 | if (!c) | |
144 | return -ENOMEM; | |
145 | ||
146 | n = readlinkat(fd, p, c, l-1); | |
147 | if (n < 0) { | |
148 | r = -errno; | |
149 | free(c); | |
150 | return r; | |
151 | } | |
152 | ||
153 | if ((size_t) n < l-1) { | |
154 | c[n] = 0; | |
155 | *ret = c; | |
156 | return 0; | |
157 | } | |
158 | ||
159 | free(c); | |
160 | l *= 2; | |
161 | } | |
162 | } | |
163 | ||
164 | int readlink_malloc(const char *p, char **ret) { | |
165 | return readlinkat_malloc(AT_FDCWD, p, ret); | |
166 | } | |
167 | ||
168 | int readlink_value(const char *p, char **ret) { | |
169 | _cleanup_free_ char *link = NULL; | |
170 | char *value; | |
171 | int r; | |
172 | ||
173 | r = readlink_malloc(p, &link); | |
174 | if (r < 0) | |
175 | return r; | |
176 | ||
177 | value = basename(link); | |
178 | if (!value) | |
179 | return -ENOENT; | |
180 | ||
181 | value = strdup(value); | |
182 | if (!value) | |
183 | return -ENOMEM; | |
184 | ||
185 | *ret = value; | |
186 | ||
187 | return 0; | |
188 | } | |
189 | ||
190 | int readlink_and_make_absolute(const char *p, char **r) { | |
191 | _cleanup_free_ char *target = NULL; | |
192 | char *k; | |
193 | int j; | |
194 | ||
195 | assert(p); | |
196 | assert(r); | |
197 | ||
198 | j = readlink_malloc(p, &target); | |
199 | if (j < 0) | |
200 | return j; | |
201 | ||
202 | k = file_in_same_dir(p, target); | |
203 | if (!k) | |
204 | return -ENOMEM; | |
205 | ||
206 | *r = k; | |
207 | return 0; | |
208 | } | |
209 | ||
f4f15635 LP |
210 | int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) { |
211 | assert(path); | |
212 | ||
213 | /* Under the assumption that we are running privileged we | |
214 | * first change the access mode and only then hand out | |
215 | * ownership to avoid a window where access is too open. */ | |
216 | ||
217 | if (mode != MODE_INVALID) | |
218 | if (chmod(path, mode) < 0) | |
219 | return -errno; | |
220 | ||
221 | if (uid != UID_INVALID || gid != GID_INVALID) | |
222 | if (chown(path, uid, gid) < 0) | |
223 | return -errno; | |
b8da477e YW |
224 | |
225 | return 0; | |
226 | } | |
227 | ||
228 | int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) { | |
229 | /* Under the assumption that we are running privileged we | |
230 | * first change the access mode and only then hand out | |
231 | * ownership to avoid a window where access is too open. */ | |
232 | ||
233 | if (mode != MODE_INVALID) | |
234 | if (fchmod(fd, mode) < 0) | |
235 | return -errno; | |
236 | ||
237 | if (uid != UID_INVALID || gid != GID_INVALID) | |
238 | if (fchown(fd, uid, gid) < 0) | |
239 | return -errno; | |
f4f15635 LP |
240 | |
241 | return 0; | |
242 | } | |
243 | ||
f4f15635 LP |
244 | int fchmod_umask(int fd, mode_t m) { |
245 | mode_t u; | |
246 | int r; | |
247 | ||
248 | u = umask(0777); | |
249 | r = fchmod(fd, m & (~u)) < 0 ? -errno : 0; | |
250 | umask(u); | |
251 | ||
252 | return r; | |
253 | } | |
254 | ||
4dfaa528 | 255 | int fchmod_opath(int fd, mode_t m) { |
22dd8d35 | 256 | char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; |
4dfaa528 FB |
257 | |
258 | /* This function operates also on fd that might have been opened with | |
259 | * O_PATH. Indeed fchmodat() doesn't have the AT_EMPTY_PATH flag like | |
260 | * fchownat() does. */ | |
261 | ||
262 | xsprintf(procfs_path, "/proc/self/fd/%i", fd); | |
263 | ||
264 | if (chmod(procfs_path, m) < 0) | |
265 | return -errno; | |
266 | ||
267 | return 0; | |
268 | } | |
269 | ||
f4f15635 LP |
270 | int fd_warn_permissions(const char *path, int fd) { |
271 | struct stat st; | |
272 | ||
273 | if (fstat(fd, &st) < 0) | |
274 | return -errno; | |
275 | ||
276 | if (st.st_mode & 0111) | |
277 | log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path); | |
278 | ||
279 | if (st.st_mode & 0002) | |
280 | log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path); | |
281 | ||
df0ff127 | 282 | if (getpid_cached() == 1 && (st.st_mode & 0044) != 0044) |
f4f15635 LP |
283 | log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path); |
284 | ||
285 | return 0; | |
286 | } | |
287 | ||
288 | int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) { | |
9e3fa6e8 LP |
289 | char fdpath[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; |
290 | _cleanup_close_ int fd = -1; | |
291 | int r, ret = 0; | |
f4f15635 LP |
292 | |
293 | assert(path); | |
294 | ||
9e3fa6e8 LP |
295 | /* Note that touch_file() does not follow symlinks: if invoked on an existing symlink, then it is the symlink |
296 | * itself which is updated, not its target | |
297 | * | |
298 | * Returns the first error we encounter, but tries to apply as much as possible. */ | |
f4f15635 | 299 | |
9e3fa6e8 LP |
300 | if (parents) |
301 | (void) mkdir_parents(path, 0755); | |
302 | ||
303 | /* Initially, we try to open the node with O_PATH, so that we get a reference to the node. This is useful in | |
304 | * case the path refers to an existing device or socket node, as we can open it successfully in all cases, and | |
305 | * won't trigger any driver magic or so. */ | |
306 | fd = open(path, O_PATH|O_CLOEXEC|O_NOFOLLOW); | |
307 | if (fd < 0) { | |
308 | if (errno != ENOENT) | |
f4f15635 | 309 | return -errno; |
f4f15635 | 310 | |
9e3fa6e8 LP |
311 | /* if the node doesn't exist yet, we create it, but with O_EXCL, so that we only create a regular file |
312 | * here, and nothing else */ | |
313 | fd = open(path, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, IN_SET(mode, 0, MODE_INVALID) ? 0644 : mode); | |
314 | if (fd < 0) | |
f4f15635 LP |
315 | return -errno; |
316 | } | |
317 | ||
9e3fa6e8 LP |
318 | /* Let's make a path from the fd, and operate on that. With this logic, we can adjust the access mode, |
319 | * ownership and time of the file node in all cases, even if the fd refers to an O_PATH object — which is | |
320 | * something fchown(), fchmod(), futimensat() don't allow. */ | |
321 | xsprintf(fdpath, "/proc/self/fd/%i", fd); | |
322 | ||
323 | if (mode != MODE_INVALID) | |
324 | if (chmod(fdpath, mode) < 0) | |
325 | ret = -errno; | |
326 | ||
327 | if (uid_is_valid(uid) || gid_is_valid(gid)) | |
328 | if (chown(fdpath, uid, gid) < 0 && ret >= 0) | |
329 | ret = -errno; | |
330 | ||
f4f15635 LP |
331 | if (stamp != USEC_INFINITY) { |
332 | struct timespec ts[2]; | |
333 | ||
334 | timespec_store(&ts[0], stamp); | |
335 | ts[1] = ts[0]; | |
9e3fa6e8 | 336 | r = utimensat(AT_FDCWD, fdpath, ts, 0); |
f4f15635 | 337 | } else |
9e3fa6e8 LP |
338 | r = utimensat(AT_FDCWD, fdpath, NULL, 0); |
339 | if (r < 0 && ret >= 0) | |
f4f15635 LP |
340 | return -errno; |
341 | ||
9e3fa6e8 | 342 | return ret; |
f4f15635 LP |
343 | } |
344 | ||
345 | int touch(const char *path) { | |
ee735086 | 346 | return touch_file(path, false, USEC_INFINITY, UID_INVALID, GID_INVALID, MODE_INVALID); |
f4f15635 LP |
347 | } |
348 | ||
349 | int symlink_idempotent(const char *from, const char *to) { | |
f4f15635 LP |
350 | int r; |
351 | ||
352 | assert(from); | |
353 | assert(to); | |
354 | ||
355 | if (symlink(from, to) < 0) { | |
77b79723 LP |
356 | _cleanup_free_ char *p = NULL; |
357 | ||
f4f15635 LP |
358 | if (errno != EEXIST) |
359 | return -errno; | |
360 | ||
361 | r = readlink_malloc(to, &p); | |
77b79723 LP |
362 | if (r == -EINVAL) /* Not a symlink? In that case return the original error we encountered: -EEXIST */ |
363 | return -EEXIST; | |
364 | if (r < 0) /* Any other error? In that case propagate it as is */ | |
f4f15635 LP |
365 | return r; |
366 | ||
77b79723 LP |
367 | if (!streq(p, from)) /* Not the symlink we want it to be? In that case, propagate the original -EEXIST */ |
368 | return -EEXIST; | |
f4f15635 LP |
369 | } |
370 | ||
371 | return 0; | |
372 | } | |
373 | ||
374 | int symlink_atomic(const char *from, const char *to) { | |
375 | _cleanup_free_ char *t = NULL; | |
376 | int r; | |
377 | ||
378 | assert(from); | |
379 | assert(to); | |
380 | ||
381 | r = tempfn_random(to, NULL, &t); | |
382 | if (r < 0) | |
383 | return r; | |
384 | ||
385 | if (symlink(from, t) < 0) | |
386 | return -errno; | |
387 | ||
388 | if (rename(t, to) < 0) { | |
389 | unlink_noerrno(t); | |
390 | return -errno; | |
391 | } | |
392 | ||
393 | return 0; | |
394 | } | |
395 | ||
396 | int mknod_atomic(const char *path, mode_t mode, dev_t dev) { | |
397 | _cleanup_free_ char *t = NULL; | |
398 | int r; | |
399 | ||
400 | assert(path); | |
401 | ||
402 | r = tempfn_random(path, NULL, &t); | |
403 | if (r < 0) | |
404 | return r; | |
405 | ||
406 | if (mknod(t, mode, dev) < 0) | |
407 | return -errno; | |
408 | ||
409 | if (rename(t, path) < 0) { | |
410 | unlink_noerrno(t); | |
411 | return -errno; | |
412 | } | |
413 | ||
414 | return 0; | |
415 | } | |
416 | ||
417 | int mkfifo_atomic(const char *path, mode_t mode) { | |
418 | _cleanup_free_ char *t = NULL; | |
419 | int r; | |
420 | ||
421 | assert(path); | |
422 | ||
423 | r = tempfn_random(path, NULL, &t); | |
424 | if (r < 0) | |
425 | return r; | |
426 | ||
427 | if (mkfifo(t, mode) < 0) | |
428 | return -errno; | |
429 | ||
430 | if (rename(t, path) < 0) { | |
431 | unlink_noerrno(t); | |
432 | return -errno; | |
433 | } | |
434 | ||
435 | return 0; | |
436 | } | |
437 | ||
438 | int get_files_in_directory(const char *path, char ***list) { | |
439 | _cleanup_closedir_ DIR *d = NULL; | |
8fb3f009 | 440 | struct dirent *de; |
f4f15635 LP |
441 | size_t bufsize = 0, n = 0; |
442 | _cleanup_strv_free_ char **l = NULL; | |
443 | ||
444 | assert(path); | |
445 | ||
446 | /* Returns all files in a directory in *list, and the number | |
447 | * of files as return value. If list is NULL returns only the | |
448 | * number. */ | |
449 | ||
450 | d = opendir(path); | |
451 | if (!d) | |
452 | return -errno; | |
453 | ||
8fb3f009 | 454 | FOREACH_DIRENT_ALL(de, d, return -errno) { |
f4f15635 LP |
455 | dirent_ensure_type(d, de); |
456 | ||
457 | if (!dirent_is_file(de)) | |
458 | continue; | |
459 | ||
460 | if (list) { | |
461 | /* one extra slot is needed for the terminating NULL */ | |
462 | if (!GREEDY_REALLOC(l, bufsize, n + 2)) | |
463 | return -ENOMEM; | |
464 | ||
465 | l[n] = strdup(de->d_name); | |
466 | if (!l[n]) | |
467 | return -ENOMEM; | |
468 | ||
469 | l[++n] = NULL; | |
470 | } else | |
471 | n++; | |
472 | } | |
473 | ||
ae2a15bc LP |
474 | if (list) |
475 | *list = TAKE_PTR(l); | |
f4f15635 LP |
476 | |
477 | return n; | |
478 | } | |
430fbf8e | 479 | |
992e8f22 LP |
480 | static int getenv_tmp_dir(const char **ret_path) { |
481 | const char *n; | |
482 | int r, ret = 0; | |
34a8f081 | 483 | |
992e8f22 | 484 | assert(ret_path); |
34a8f081 | 485 | |
992e8f22 LP |
486 | /* We use the same order of environment variables python uses in tempfile.gettempdir(): |
487 | * https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir */ | |
488 | FOREACH_STRING(n, "TMPDIR", "TEMP", "TMP") { | |
489 | const char *e; | |
490 | ||
491 | e = secure_getenv(n); | |
492 | if (!e) | |
493 | continue; | |
494 | if (!path_is_absolute(e)) { | |
495 | r = -ENOTDIR; | |
496 | goto next; | |
497 | } | |
99be45a4 | 498 | if (!path_is_normalized(e)) { |
992e8f22 LP |
499 | r = -EPERM; |
500 | goto next; | |
501 | } | |
502 | ||
503 | r = is_dir(e, true); | |
504 | if (r < 0) | |
505 | goto next; | |
506 | if (r == 0) { | |
507 | r = -ENOTDIR; | |
508 | goto next; | |
509 | } | |
510 | ||
511 | *ret_path = e; | |
512 | return 1; | |
513 | ||
514 | next: | |
515 | /* Remember first error, to make this more debuggable */ | |
516 | if (ret >= 0) | |
517 | ret = r; | |
34a8f081 OW |
518 | } |
519 | ||
992e8f22 LP |
520 | if (ret < 0) |
521 | return ret; | |
34a8f081 | 522 | |
992e8f22 LP |
523 | *ret_path = NULL; |
524 | return ret; | |
525 | } | |
34a8f081 | 526 | |
992e8f22 LP |
527 | static int tmp_dir_internal(const char *def, const char **ret) { |
528 | const char *e; | |
529 | int r, k; | |
530 | ||
531 | assert(def); | |
532 | assert(ret); | |
533 | ||
534 | r = getenv_tmp_dir(&e); | |
535 | if (r > 0) { | |
536 | *ret = e; | |
537 | return 0; | |
538 | } | |
539 | ||
540 | k = is_dir(def, true); | |
541 | if (k == 0) | |
542 | k = -ENOTDIR; | |
543 | if (k < 0) | |
544 | return r < 0 ? r : k; | |
545 | ||
546 | *ret = def; | |
34a8f081 OW |
547 | return 0; |
548 | } | |
549 | ||
992e8f22 LP |
550 | int var_tmp_dir(const char **ret) { |
551 | ||
552 | /* Returns the location for "larger" temporary files, that is backed by physical storage if available, and thus | |
553 | * even might survive a boot: /var/tmp. If $TMPDIR (or related environment variables) are set, its value is | |
554 | * returned preferably however. Note that both this function and tmp_dir() below are affected by $TMPDIR, | |
555 | * making it a variable that overrides all temporary file storage locations. */ | |
556 | ||
557 | return tmp_dir_internal("/var/tmp", ret); | |
558 | } | |
559 | ||
560 | int tmp_dir(const char **ret) { | |
561 | ||
562 | /* Similar to var_tmp_dir() above, but returns the location for "smaller" temporary files, which is usually | |
563 | * backed by an in-memory file system: /tmp. */ | |
564 | ||
565 | return tmp_dir_internal("/tmp", ret); | |
566 | } | |
567 | ||
af229d7a ZJS |
568 | int unlink_or_warn(const char *filename) { |
569 | if (unlink(filename) < 0 && errno != ENOENT) | |
570 | /* If the file doesn't exist and the fs simply was read-only (in which | |
571 | * case unlink() returns EROFS even if the file doesn't exist), don't | |
572 | * complain */ | |
573 | if (errno != EROFS || access(filename, F_OK) >= 0) | |
574 | return log_error_errno(errno, "Failed to remove \"%s\": %m", filename); | |
575 | ||
576 | return 0; | |
577 | } | |
578 | ||
430fbf8e | 579 | int inotify_add_watch_fd(int fd, int what, uint32_t mask) { |
fbd0b64f | 580 | char path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1]; |
430fbf8e LP |
581 | int r; |
582 | ||
583 | /* This is like inotify_add_watch(), except that the file to watch is not referenced by a path, but by an fd */ | |
584 | xsprintf(path, "/proc/self/fd/%i", what); | |
585 | ||
586 | r = inotify_add_watch(fd, path, mask); | |
587 | if (r < 0) | |
588 | return -errno; | |
589 | ||
590 | return r; | |
591 | } | |
d944dc95 | 592 | |
f14f1806 LP |
593 | static bool safe_transition(const struct stat *a, const struct stat *b) { |
594 | /* Returns true if the transition from a to b is safe, i.e. that we never transition from unprivileged to | |
595 | * privileged files or directories. Why bother? So that unprivileged code can't symlink to privileged files | |
596 | * making us believe we read something safe even though it isn't safe in the specific context we open it in. */ | |
597 | ||
598 | if (a->st_uid == 0) /* Transitioning from privileged to unprivileged is always fine */ | |
599 | return true; | |
600 | ||
601 | return a->st_uid == b->st_uid; /* Otherwise we need to stay within the same UID */ | |
602 | } | |
603 | ||
c4f4fce7 | 604 | int chase_symlinks(const char *path, const char *original_root, unsigned flags, char **ret) { |
d944dc95 LP |
605 | _cleanup_free_ char *buffer = NULL, *done = NULL, *root = NULL; |
606 | _cleanup_close_ int fd = -1; | |
f10f4215 | 607 | unsigned max_follow = CHASE_SYMLINKS_MAX; /* how many symlinks to follow before giving up and returning ELOOP */ |
f14f1806 | 608 | struct stat previous_stat; |
a9fb0867 | 609 | bool exists = true; |
d944dc95 LP |
610 | char *todo; |
611 | int r; | |
612 | ||
613 | assert(path); | |
614 | ||
1ed34d75 | 615 | /* Either the file may be missing, or we return an fd to the final object, but both make no sense */ |
d94a24ca | 616 | if (FLAGS_SET(flags, CHASE_NONEXISTENT | CHASE_OPEN)) |
1ed34d75 LP |
617 | return -EINVAL; |
618 | ||
d94a24ca | 619 | if (FLAGS_SET(flags, CHASE_STEP | CHASE_OPEN)) |
49eb3659 LP |
620 | return -EINVAL; |
621 | ||
a49424af LP |
622 | if (isempty(path)) |
623 | return -EINVAL; | |
624 | ||
d944dc95 LP |
625 | /* This is a lot like canonicalize_file_name(), but takes an additional "root" parameter, that allows following |
626 | * symlinks relative to a root directory, instead of the root of the host. | |
627 | * | |
fc4b68e5 | 628 | * Note that "root" primarily matters if we encounter an absolute symlink. It is also used when following |
c4f4fce7 LP |
629 | * relative symlinks to ensure they cannot be used to "escape" the root directory. The path parameter passed is |
630 | * assumed to be already prefixed by it, except if the CHASE_PREFIX_ROOT flag is set, in which case it is first | |
631 | * prefixed accordingly. | |
d944dc95 LP |
632 | * |
633 | * Algorithmically this operates on two path buffers: "done" are the components of the path we already | |
634 | * processed and resolved symlinks, "." and ".." of. "todo" are the components of the path we still need to | |
635 | * process. On each iteration, we move one component from "todo" to "done", processing it's special meaning | |
636 | * each time. The "todo" path always starts with at least one slash, the "done" path always ends in no | |
637 | * slash. We always keep an O_PATH fd to the component we are currently processing, thus keeping lookup races | |
fc4b68e5 LP |
638 | * at a minimum. |
639 | * | |
640 | * Suggested usage: whenever you want to canonicalize a path, use this function. Pass the absolute path you got | |
641 | * as-is: fully qualified and relative to your host's root. Optionally, specify the root parameter to tell this | |
642 | * function what to do when encountering a symlink with an absolute path as directory: prefix it by the | |
49eb3659 LP |
643 | * specified path. |
644 | * | |
645 | * There are three ways to invoke this function: | |
646 | * | |
647 | * 1. Without CHASE_STEP or CHASE_OPEN: in this case the path is resolved and the normalized path is returned | |
648 | * in `ret`. The return value is < 0 on error. If CHASE_NONEXISTENT is also set 0 is returned if the file | |
649 | * doesn't exist, > 0 otherwise. If CHASE_NONEXISTENT is not set >= 0 is returned if the destination was | |
650 | * found, -ENOENT if it doesn't. | |
651 | * | |
652 | * 2. With CHASE_OPEN: in this case the destination is opened after chasing it as O_PATH and this file | |
653 | * descriptor is returned as return value. This is useful to open files relative to some root | |
654 | * directory. Note that the returned O_PATH file descriptors must be converted into a regular one (using | |
655 | * fd_reopen() or such) before it can be used for reading/writing. CHASE_OPEN may not be combined with | |
656 | * CHASE_NONEXISTENT. | |
657 | * | |
658 | * 3. With CHASE_STEP: in this case only a single step of the normalization is executed, i.e. only the first | |
659 | * symlink or ".." component of the path is resolved, and the resulting path is returned. This is useful if | |
660 | * a caller wants to trace the a path through the file system verbosely. Returns < 0 on error, > 0 if the | |
661 | * path is fully normalized, and == 0 for each normalization step. This may be combined with | |
662 | * CHASE_NONEXISTENT, in which case 1 is returned when a component is not found. | |
663 | * | |
664 | * */ | |
d944dc95 | 665 | |
22bc57c5 | 666 | /* A root directory of "/" or "" is identical to none */ |
57ea45e1 | 667 | if (empty_or_root(original_root)) |
22bc57c5 | 668 | original_root = NULL; |
b1bfb848 | 669 | |
49eb3659 | 670 | if (!original_root && !ret && (flags & (CHASE_NONEXISTENT|CHASE_NO_AUTOFS|CHASE_SAFE|CHASE_OPEN|CHASE_STEP)) == CHASE_OPEN) { |
244d2f07 LP |
671 | /* Shortcut the CHASE_OPEN case if the caller isn't interested in the actual path and has no root set |
672 | * and doesn't care about any of the other special features we provide either. */ | |
673 | r = open(path, O_PATH|O_CLOEXEC); | |
674 | if (r < 0) | |
675 | return -errno; | |
676 | ||
677 | return r; | |
678 | } | |
679 | ||
c4f4fce7 LP |
680 | if (original_root) { |
681 | r = path_make_absolute_cwd(original_root, &root); | |
d944dc95 LP |
682 | if (r < 0) |
683 | return r; | |
c4f4fce7 | 684 | |
382a5078 LP |
685 | if (flags & CHASE_PREFIX_ROOT) { |
686 | ||
687 | /* We don't support relative paths in combination with a root directory */ | |
688 | if (!path_is_absolute(path)) | |
689 | return -EINVAL; | |
690 | ||
c4f4fce7 | 691 | path = prefix_roota(root, path); |
382a5078 | 692 | } |
d944dc95 LP |
693 | } |
694 | ||
c4f4fce7 LP |
695 | r = path_make_absolute_cwd(path, &buffer); |
696 | if (r < 0) | |
697 | return r; | |
698 | ||
d944dc95 LP |
699 | fd = open("/", O_CLOEXEC|O_NOFOLLOW|O_PATH); |
700 | if (fd < 0) | |
701 | return -errno; | |
702 | ||
f14f1806 LP |
703 | if (flags & CHASE_SAFE) { |
704 | if (fstat(fd, &previous_stat) < 0) | |
705 | return -errno; | |
706 | } | |
707 | ||
d944dc95 LP |
708 | todo = buffer; |
709 | for (;;) { | |
710 | _cleanup_free_ char *first = NULL; | |
711 | _cleanup_close_ int child = -1; | |
712 | struct stat st; | |
713 | size_t n, m; | |
714 | ||
715 | /* Determine length of first component in the path */ | |
716 | n = strspn(todo, "/"); /* The slashes */ | |
717 | m = n + strcspn(todo + n, "/"); /* The entire length of the component */ | |
718 | ||
719 | /* Extract the first component. */ | |
720 | first = strndup(todo, m); | |
721 | if (!first) | |
722 | return -ENOMEM; | |
723 | ||
724 | todo += m; | |
725 | ||
b12d25a8 ZJS |
726 | /* Empty? Then we reached the end. */ |
727 | if (isempty(first)) | |
728 | break; | |
729 | ||
d944dc95 | 730 | /* Just a single slash? Then we reached the end. */ |
b12d25a8 ZJS |
731 | if (path_equal(first, "/")) { |
732 | /* Preserve the trailing slash */ | |
62570f6f LP |
733 | |
734 | if (flags & CHASE_TRAIL_SLASH) | |
735 | if (!strextend(&done, "/", NULL)) | |
736 | return -ENOMEM; | |
b12d25a8 | 737 | |
d944dc95 | 738 | break; |
b12d25a8 | 739 | } |
d944dc95 LP |
740 | |
741 | /* Just a dot? Then let's eat this up. */ | |
742 | if (path_equal(first, "/.")) | |
743 | continue; | |
744 | ||
745 | /* Two dots? Then chop off the last bit of what we already found out. */ | |
746 | if (path_equal(first, "/..")) { | |
747 | _cleanup_free_ char *parent = NULL; | |
2b6d2dda | 748 | _cleanup_close_ int fd_parent = -1; |
d944dc95 | 749 | |
a4eaf3cf LP |
750 | /* If we already are at the top, then going up will not change anything. This is in-line with |
751 | * how the kernel handles this. */ | |
57ea45e1 | 752 | if (empty_or_root(done)) |
a4eaf3cf | 753 | continue; |
d944dc95 LP |
754 | |
755 | parent = dirname_malloc(done); | |
756 | if (!parent) | |
757 | return -ENOMEM; | |
758 | ||
a4eaf3cf | 759 | /* Don't allow this to leave the root dir. */ |
d944dc95 LP |
760 | if (root && |
761 | path_startswith(done, root) && | |
762 | !path_startswith(parent, root)) | |
a4eaf3cf | 763 | continue; |
d944dc95 | 764 | |
3b319885 | 765 | free_and_replace(done, parent); |
d944dc95 | 766 | |
49eb3659 LP |
767 | if (flags & CHASE_STEP) |
768 | goto chased_one; | |
769 | ||
d944dc95 LP |
770 | fd_parent = openat(fd, "..", O_CLOEXEC|O_NOFOLLOW|O_PATH); |
771 | if (fd_parent < 0) | |
772 | return -errno; | |
773 | ||
f14f1806 LP |
774 | if (flags & CHASE_SAFE) { |
775 | if (fstat(fd_parent, &st) < 0) | |
776 | return -errno; | |
777 | ||
778 | if (!safe_transition(&previous_stat, &st)) | |
779 | return -EPERM; | |
780 | ||
781 | previous_stat = st; | |
782 | } | |
783 | ||
d944dc95 | 784 | safe_close(fd); |
c10d6bdb | 785 | fd = TAKE_FD(fd_parent); |
d944dc95 LP |
786 | |
787 | continue; | |
788 | } | |
789 | ||
790 | /* Otherwise let's see what this is. */ | |
791 | child = openat(fd, first + n, O_CLOEXEC|O_NOFOLLOW|O_PATH); | |
a9fb0867 LP |
792 | if (child < 0) { |
793 | ||
794 | if (errno == ENOENT && | |
cb638b5e | 795 | (flags & CHASE_NONEXISTENT) && |
99be45a4 | 796 | (isempty(todo) || path_is_normalized(todo))) { |
a9fb0867 | 797 | |
cb638b5e | 798 | /* If CHASE_NONEXISTENT is set, and the path does not exist, then that's OK, return |
a9fb0867 LP |
799 | * what we got so far. But don't allow this if the remaining path contains "../ or "./" |
800 | * or something else weird. */ | |
801 | ||
a1904a46 YW |
802 | /* If done is "/", as first also contains slash at the head, then remove this redundant slash. */ |
803 | if (streq_ptr(done, "/")) | |
804 | *done = '\0'; | |
805 | ||
a9fb0867 LP |
806 | if (!strextend(&done, first, todo, NULL)) |
807 | return -ENOMEM; | |
808 | ||
809 | exists = false; | |
810 | break; | |
811 | } | |
812 | ||
d944dc95 | 813 | return -errno; |
a9fb0867 | 814 | } |
d944dc95 LP |
815 | |
816 | if (fstat(child, &st) < 0) | |
817 | return -errno; | |
f14f1806 LP |
818 | if ((flags & CHASE_SAFE) && |
819 | !safe_transition(&previous_stat, &st)) | |
820 | return -EPERM; | |
821 | ||
822 | previous_stat = st; | |
823 | ||
655f2da0 | 824 | if ((flags & CHASE_NO_AUTOFS) && |
a66fee2e | 825 | fd_is_fs_type(child, AUTOFS_SUPER_MAGIC) > 0) |
655f2da0 | 826 | return -EREMOTE; |
d944dc95 LP |
827 | |
828 | if (S_ISLNK(st.st_mode)) { | |
877777d7 CCW |
829 | char *joined; |
830 | ||
d944dc95 LP |
831 | _cleanup_free_ char *destination = NULL; |
832 | ||
833 | /* This is a symlink, in this case read the destination. But let's make sure we don't follow | |
834 | * symlinks without bounds. */ | |
835 | if (--max_follow <= 0) | |
836 | return -ELOOP; | |
837 | ||
838 | r = readlinkat_malloc(fd, first + n, &destination); | |
839 | if (r < 0) | |
840 | return r; | |
841 | if (isempty(destination)) | |
842 | return -EINVAL; | |
843 | ||
844 | if (path_is_absolute(destination)) { | |
845 | ||
846 | /* An absolute destination. Start the loop from the beginning, but use the root | |
847 | * directory as base. */ | |
848 | ||
849 | safe_close(fd); | |
850 | fd = open(root ?: "/", O_CLOEXEC|O_NOFOLLOW|O_PATH); | |
851 | if (fd < 0) | |
852 | return -errno; | |
853 | ||
f14f1806 LP |
854 | if (flags & CHASE_SAFE) { |
855 | if (fstat(fd, &st) < 0) | |
856 | return -errno; | |
857 | ||
858 | if (!safe_transition(&previous_stat, &st)) | |
859 | return -EPERM; | |
860 | ||
861 | previous_stat = st; | |
862 | } | |
863 | ||
b539437a YW |
864 | free(done); |
865 | ||
d944dc95 LP |
866 | /* Note that we do not revalidate the root, we take it as is. */ |
867 | if (isempty(root)) | |
868 | done = NULL; | |
869 | else { | |
870 | done = strdup(root); | |
871 | if (!done) | |
872 | return -ENOMEM; | |
873 | } | |
874 | ||
8c4a8ea2 LP |
875 | /* Prefix what's left to do with what we just read, and start the loop again, but |
876 | * remain in the current directory. */ | |
877 | joined = strjoin(destination, todo); | |
878 | } else | |
879 | joined = strjoin("/", destination, todo); | |
877777d7 CCW |
880 | if (!joined) |
881 | return -ENOMEM; | |
d944dc95 | 882 | |
877777d7 CCW |
883 | free(buffer); |
884 | todo = buffer = joined; | |
d944dc95 | 885 | |
49eb3659 LP |
886 | if (flags & CHASE_STEP) |
887 | goto chased_one; | |
888 | ||
d944dc95 LP |
889 | continue; |
890 | } | |
891 | ||
892 | /* If this is not a symlink, then let's just add the name we read to what we already verified. */ | |
ae2a15bc LP |
893 | if (!done) |
894 | done = TAKE_PTR(first); | |
895 | else { | |
a1904a46 YW |
896 | /* If done is "/", as first also contains slash at the head, then remove this redundant slash. */ |
897 | if (streq(done, "/")) | |
898 | *done = '\0'; | |
899 | ||
d944dc95 LP |
900 | if (!strextend(&done, first, NULL)) |
901 | return -ENOMEM; | |
902 | } | |
903 | ||
904 | /* And iterate again, but go one directory further down. */ | |
905 | safe_close(fd); | |
c10d6bdb | 906 | fd = TAKE_FD(child); |
d944dc95 LP |
907 | } |
908 | ||
909 | if (!done) { | |
910 | /* Special case, turn the empty string into "/", to indicate the root directory. */ | |
911 | done = strdup("/"); | |
912 | if (!done) | |
913 | return -ENOMEM; | |
914 | } | |
915 | ||
ae2a15bc LP |
916 | if (ret) |
917 | *ret = TAKE_PTR(done); | |
d944dc95 | 918 | |
1ed34d75 | 919 | if (flags & CHASE_OPEN) { |
1ed34d75 LP |
920 | /* Return the O_PATH fd we currently are looking to the caller. It can translate it to a proper fd by |
921 | * opening /proc/self/fd/xyz. */ | |
922 | ||
923 | assert(fd >= 0); | |
c10d6bdb | 924 | return TAKE_FD(fd); |
1ed34d75 LP |
925 | } |
926 | ||
49eb3659 LP |
927 | if (flags & CHASE_STEP) |
928 | return 1; | |
929 | ||
a9fb0867 | 930 | return exists; |
49eb3659 LP |
931 | |
932 | chased_one: | |
49eb3659 LP |
933 | if (ret) { |
934 | char *c; | |
935 | ||
027cc9c9 ZJS |
936 | c = strjoin(strempty(done), todo); |
937 | if (!c) | |
938 | return -ENOMEM; | |
49eb3659 LP |
939 | |
940 | *ret = c; | |
941 | } | |
942 | ||
943 | return 0; | |
d944dc95 | 944 | } |
57a4359e | 945 | |
21c692e9 LP |
946 | int chase_symlinks_and_open( |
947 | const char *path, | |
948 | const char *root, | |
949 | unsigned chase_flags, | |
950 | int open_flags, | |
951 | char **ret_path) { | |
952 | ||
953 | _cleanup_close_ int path_fd = -1; | |
954 | _cleanup_free_ char *p = NULL; | |
955 | int r; | |
956 | ||
957 | if (chase_flags & CHASE_NONEXISTENT) | |
958 | return -EINVAL; | |
959 | ||
57ea45e1 | 960 | if (empty_or_root(root) && !ret_path && (chase_flags & (CHASE_NO_AUTOFS|CHASE_SAFE)) == 0) { |
21c692e9 LP |
961 | /* Shortcut this call if none of the special features of this call are requested */ |
962 | r = open(path, open_flags); | |
963 | if (r < 0) | |
964 | return -errno; | |
965 | ||
966 | return r; | |
967 | } | |
968 | ||
969 | path_fd = chase_symlinks(path, root, chase_flags|CHASE_OPEN, ret_path ? &p : NULL); | |
970 | if (path_fd < 0) | |
971 | return path_fd; | |
972 | ||
973 | r = fd_reopen(path_fd, open_flags); | |
974 | if (r < 0) | |
975 | return r; | |
976 | ||
977 | if (ret_path) | |
978 | *ret_path = TAKE_PTR(p); | |
979 | ||
980 | return r; | |
981 | } | |
982 | ||
983 | int chase_symlinks_and_opendir( | |
984 | const char *path, | |
985 | const char *root, | |
986 | unsigned chase_flags, | |
987 | char **ret_path, | |
988 | DIR **ret_dir) { | |
989 | ||
990 | char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; | |
991 | _cleanup_close_ int path_fd = -1; | |
992 | _cleanup_free_ char *p = NULL; | |
993 | DIR *d; | |
994 | ||
995 | if (!ret_dir) | |
996 | return -EINVAL; | |
997 | if (chase_flags & CHASE_NONEXISTENT) | |
998 | return -EINVAL; | |
999 | ||
57ea45e1 | 1000 | if (empty_or_root(root) && !ret_path && (chase_flags & (CHASE_NO_AUTOFS|CHASE_SAFE)) == 0) { |
21c692e9 LP |
1001 | /* Shortcut this call if none of the special features of this call are requested */ |
1002 | d = opendir(path); | |
1003 | if (!d) | |
1004 | return -errno; | |
1005 | ||
1006 | *ret_dir = d; | |
1007 | return 0; | |
1008 | } | |
1009 | ||
1010 | path_fd = chase_symlinks(path, root, chase_flags|CHASE_OPEN, ret_path ? &p : NULL); | |
1011 | if (path_fd < 0) | |
1012 | return path_fd; | |
1013 | ||
1014 | xsprintf(procfs_path, "/proc/self/fd/%i", path_fd); | |
1015 | d = opendir(procfs_path); | |
1016 | if (!d) | |
1017 | return -errno; | |
1018 | ||
1019 | if (ret_path) | |
1020 | *ret_path = TAKE_PTR(p); | |
1021 | ||
1022 | *ret_dir = d; | |
1023 | return 0; | |
1024 | } | |
1025 | ||
d2bcd0ba LP |
1026 | int chase_symlinks_and_stat( |
1027 | const char *path, | |
1028 | const char *root, | |
1029 | unsigned chase_flags, | |
1030 | char **ret_path, | |
1031 | struct stat *ret_stat) { | |
1032 | ||
1033 | _cleanup_close_ int path_fd = -1; | |
1034 | _cleanup_free_ char *p = NULL; | |
1035 | ||
1036 | assert(path); | |
1037 | assert(ret_stat); | |
1038 | ||
1039 | if (chase_flags & CHASE_NONEXISTENT) | |
1040 | return -EINVAL; | |
1041 | ||
1042 | if (empty_or_root(root) && !ret_path && (chase_flags & (CHASE_NO_AUTOFS|CHASE_SAFE)) == 0) { | |
1043 | /* Shortcut this call if none of the special features of this call are requested */ | |
1044 | if (stat(path, ret_stat) < 0) | |
1045 | return -errno; | |
1046 | ||
1047 | return 1; | |
1048 | } | |
1049 | ||
1050 | path_fd = chase_symlinks(path, root, chase_flags|CHASE_OPEN, ret_path ? &p : NULL); | |
1051 | if (path_fd < 0) | |
1052 | return path_fd; | |
1053 | ||
1054 | if (fstat(path_fd, ret_stat) < 0) | |
1055 | return -errno; | |
1056 | ||
1057 | if (ret_path) | |
1058 | *ret_path = TAKE_PTR(p); | |
1059 | ||
1060 | if (chase_flags & CHASE_OPEN) | |
1061 | return TAKE_FD(path_fd); | |
1062 | ||
1063 | return 1; | |
1064 | } | |
1065 | ||
57a4359e | 1066 | int access_fd(int fd, int mode) { |
fbd0b64f | 1067 | char p[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(fd) + 1]; |
57a4359e LP |
1068 | int r; |
1069 | ||
1070 | /* Like access() but operates on an already open fd */ | |
1071 | ||
1072 | xsprintf(p, "/proc/self/fd/%i", fd); | |
57a4359e LP |
1073 | r = access(p, mode); |
1074 | if (r < 0) | |
21c692e9 | 1075 | return -errno; |
57a4359e LP |
1076 | |
1077 | return r; | |
1078 | } | |
43767d9d | 1079 | |
627d2bac ZJS |
1080 | void unlink_tempfilep(char (*p)[]) { |
1081 | /* If the file is created with mkstemp(), it will (almost always) | |
1082 | * change the suffix. Treat this as a sign that the file was | |
1083 | * successfully created. We ignore both the rare case where the | |
1084 | * original suffix is used and unlink failures. */ | |
1085 | if (!endswith(*p, ".XXXXXX")) | |
69821560 | 1086 | (void) unlink_noerrno(*p); |
627d2bac ZJS |
1087 | } |
1088 | ||
43767d9d LP |
1089 | int unlinkat_deallocate(int fd, const char *name, int flags) { |
1090 | _cleanup_close_ int truncate_fd = -1; | |
1091 | struct stat st; | |
1092 | off_t l, bs; | |
1093 | ||
1094 | /* Operates like unlinkat() but also deallocates the file contents if it is a regular file and there's no other | |
1095 | * link to it. This is useful to ensure that other processes that might have the file open for reading won't be | |
1096 | * able to keep the data pinned on disk forever. This call is particular useful whenever we execute clean-up | |
1097 | * jobs ("vacuuming"), where we want to make sure the data is really gone and the disk space released and | |
1098 | * returned to the free pool. | |
1099 | * | |
1100 | * Deallocation is preferably done by FALLOC_FL_PUNCH_HOLE|FALLOC_FL_KEEP_SIZE (👊) if supported, which means | |
1101 | * the file won't change size. That's a good thing since we shouldn't needlessly trigger SIGBUS in other | |
1102 | * programs that have mmap()ed the file. (The assumption here is that changing file contents to all zeroes | |
1103 | * underneath those programs is the better choice than simply triggering SIGBUS in them which truncation does.) | |
1104 | * However if hole punching is not implemented in the kernel or file system we'll fall back to normal file | |
1105 | * truncation (🔪), as our goal of deallocating the data space trumps our goal of being nice to readers (💐). | |
1106 | * | |
1107 | * Note that we attempt deallocation, but failure to succeed with that is not considered fatal, as long as the | |
1108 | * primary job – to delete the file – is accomplished. */ | |
1109 | ||
1110 | if ((flags & AT_REMOVEDIR) == 0) { | |
1111 | truncate_fd = openat(fd, name, O_WRONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW|O_NONBLOCK); | |
1112 | if (truncate_fd < 0) { | |
1113 | ||
1114 | /* If this failed because the file doesn't exist propagate the error right-away. Also, | |
1115 | * AT_REMOVEDIR wasn't set, and we tried to open the file for writing, which means EISDIR is | |
1116 | * returned when this is a directory but we are not supposed to delete those, hence propagate | |
1117 | * the error right-away too. */ | |
1118 | if (IN_SET(errno, ENOENT, EISDIR)) | |
1119 | return -errno; | |
1120 | ||
1121 | if (errno != ELOOP) /* don't complain if this is a symlink */ | |
1122 | log_debug_errno(errno, "Failed to open file '%s' for deallocation, ignoring: %m", name); | |
1123 | } | |
1124 | } | |
1125 | ||
1126 | if (unlinkat(fd, name, flags) < 0) | |
1127 | return -errno; | |
1128 | ||
1129 | if (truncate_fd < 0) /* Don't have a file handle, can't do more ☹️ */ | |
1130 | return 0; | |
1131 | ||
1132 | if (fstat(truncate_fd, &st) < 0) { | |
1133 | log_debug_errno(errno, "Failed to stat file '%s' for deallocation, ignoring.", name); | |
1134 | return 0; | |
1135 | } | |
1136 | ||
1137 | if (!S_ISREG(st.st_mode) || st.st_blocks == 0 || st.st_nlink > 0) | |
1138 | return 0; | |
1139 | ||
1140 | /* If this is a regular file, it actually took up space on disk and there are no other links it's time to | |
1141 | * punch-hole/truncate this to release the disk space. */ | |
1142 | ||
1143 | bs = MAX(st.st_blksize, 512); | |
1144 | l = DIV_ROUND_UP(st.st_size, bs) * bs; /* Round up to next block size */ | |
1145 | ||
1146 | if (fallocate(truncate_fd, FALLOC_FL_PUNCH_HOLE|FALLOC_FL_KEEP_SIZE, 0, l) >= 0) | |
1147 | return 0; /* Successfully punched a hole! 😊 */ | |
1148 | ||
1149 | /* Fall back to truncation */ | |
1150 | if (ftruncate(truncate_fd, 0) < 0) { | |
1151 | log_debug_errno(errno, "Failed to truncate file to 0, ignoring: %m"); | |
1152 | return 0; | |
1153 | } | |
1154 | ||
1155 | return 0; | |
1156 | } | |
11b29a96 LP |
1157 | |
1158 | int fsync_directory_of_file(int fd) { | |
1159 | _cleanup_free_ char *path = NULL, *dn = NULL; | |
1160 | _cleanup_close_ int dfd = -1; | |
1161 | int r; | |
1162 | ||
1163 | r = fd_verify_regular(fd); | |
1164 | if (r < 0) | |
1165 | return r; | |
1166 | ||
1167 | r = fd_get_path(fd, &path); | |
3ceae1bc | 1168 | if (r < 0) { |
b8b846d7 LP |
1169 | log_debug_errno(r, "Failed to query /proc/self/fd/%d%s: %m", |
1170 | fd, | |
1171 | r == -EOPNOTSUPP ? ", ignoring" : ""); | |
3ceae1bc ZJS |
1172 | |
1173 | if (r == -EOPNOTSUPP) | |
1174 | /* If /proc is not available, we're most likely running in some | |
1175 | * chroot environment, and syncing the directory is not very | |
1176 | * important in that case. Let's just silently do nothing. */ | |
1177 | return 0; | |
1178 | ||
11b29a96 | 1179 | return r; |
3ceae1bc | 1180 | } |
11b29a96 LP |
1181 | |
1182 | if (!path_is_absolute(path)) | |
1183 | return -EINVAL; | |
1184 | ||
1185 | dn = dirname_malloc(path); | |
1186 | if (!dn) | |
1187 | return -ENOMEM; | |
1188 | ||
1189 | dfd = open(dn, O_RDONLY|O_CLOEXEC|O_DIRECTORY); | |
1190 | if (dfd < 0) | |
1191 | return -errno; | |
1192 | ||
1193 | if (fsync(dfd) < 0) | |
1194 | return -errno; | |
1195 | ||
1196 | return 0; | |
1197 | } |