]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
cd61c3bf | 2 | |
a8fbdf54 | 3 | #include <errno.h> |
ebd93cb6 | 4 | #include <fcntl.h> |
e08f94ac LP |
5 | #include <linux/fs.h> |
6 | #include <linux/loop.h> | |
65ddc2c5 | 7 | #include <linux/magic.h> |
a8fbdf54 TA |
8 | #include <stdio.h> |
9 | #include <stdlib.h> | |
e306723e | 10 | #include <sys/file.h> |
204f52e3 | 11 | #include <sys/ioctl.h> |
a8fbdf54 TA |
12 | #include <sys/stat.h> |
13 | #include <unistd.h> | |
546dbec5 | 14 | |
b5efdb8a | 15 | #include "alloc-util.h" |
cd61c3bf | 16 | #include "btrfs-util.h" |
f461a28d | 17 | #include "chase.h" |
c8b3094d | 18 | #include "chattr-util.h" |
ebd93cb6 | 19 | #include "copy.h" |
a0956174 | 20 | #include "dirent-util.h" |
57f1b61b | 21 | #include "discover-image.h" |
c7664c07 | 22 | #include "dissect-image.h" |
686d13b9 | 23 | #include "env-file.h" |
b6e953f2 | 24 | #include "env-util.h" |
6afa5d86 | 25 | #include "extension-util.h" |
3ffd4af2 | 26 | #include "fd-util.h" |
f4f15635 | 27 | #include "fs-util.h" |
a8fbdf54 | 28 | #include "hashmap.h" |
e2054217 | 29 | #include "hostname-setup.h" |
c7664c07 | 30 | #include "id128-util.h" |
73740c9f | 31 | #include "initrd-util.h" |
64e89f56 | 32 | #include "lock-util.h" |
a8fbdf54 | 33 | #include "log.h" |
c7664c07 | 34 | #include "loop-util.h" |
546dbec5 | 35 | #include "macro.h" |
30535c16 | 36 | #include "mkdir.h" |
d8b4d14d | 37 | #include "nulstr-util.h" |
d58ad743 | 38 | #include "os-util.h" |
8e0b6570 | 39 | #include "path-util.h" |
c6878637 | 40 | #include "rm-rf.h" |
65ddc2c5 | 41 | #include "stat-util.h" |
8b43440b | 42 | #include "string-table.h" |
07630cea | 43 | #include "string-util.h" |
8e0b6570 | 44 | #include "strv.h" |
a8fbdf54 | 45 | #include "time-util.h" |
8e0b6570 | 46 | #include "utf8.h" |
89a5a90c | 47 | #include "xattr-util.h" |
cd61c3bf | 48 | |
5ef46e5f | 49 | static const char* const image_search_path[_IMAGE_CLASS_MAX] = { |
9bca4ae4 LP |
50 | [IMAGE_MACHINE] = "/etc/machines\0" /* only place symlinks here */ |
51 | "/run/machines\0" /* and here too */ | |
52 | "/var/lib/machines\0" /* the main place for images */ | |
53 | "/var/lib/container\0" /* legacy */ | |
54 | "/usr/local/lib/machines\0" | |
55 | "/usr/lib/machines\0", | |
5ef46e5f | 56 | |
9bca4ae4 LP |
57 | [IMAGE_PORTABLE] = "/etc/portables\0" /* only place symlinks here */ |
58 | "/run/portables\0" /* and here too */ | |
59 | "/var/lib/portables\0" /* the main place for images */ | |
60 | "/usr/local/lib/portables\0" | |
61 | "/usr/lib/portables\0", | |
62 | ||
de862276 LB |
63 | /* Note that we don't allow storing extensions under /usr/, unlike with other image types. That's |
64 | * because extension images are supposed to extend /usr/, so you get into recursive races, especially | |
65 | * with directory-based extensions, as the kernel's OverlayFS explicitly checks for this and errors | |
66 | * out with -ELOOP if it finds that a lowerdir= is a child of another lowerdir=. */ | |
b60e0f57 | 67 | [IMAGE_SYSEXT] = "/etc/extensions\0" /* only place symlinks here */ |
68 | "/run/extensions\0" /* and here too */ | |
69 | "/var/lib/extensions\0", /* the main place for images */ | |
70 | ||
71 | [IMAGE_CONFEXT] = "/run/confexts\0" /* only place symlinks here */ | |
72 | "/var/lib/confexts\0" /* the main place for images */ | |
73 | "/usr/local/lib/confexts\0" | |
74 | "/usr/lib/confexts\0", | |
5ef46e5f | 75 | }; |
c2ce6a3d | 76 | |
73740c9f LP |
77 | /* Inside the initrd, use a slightly different set of search path (i.e. include .extra/sysext in extension |
78 | * search dir) */ | |
79 | static const char* const image_search_path_initrd[_IMAGE_CLASS_MAX] = { | |
80 | /* (entries that aren't listed here will get the same search path as for the non initrd-case) */ | |
81 | ||
b151e696 LP |
82 | [IMAGE_SYSEXT] = "/etc/extensions\0" /* only place symlinks here */ |
83 | "/run/extensions\0" /* and here too */ | |
84 | "/var/lib/extensions\0" /* the main place for images */ | |
85 | "/.extra/sysext\0" /* put sysext picked up by systemd-stub last, since not trusted */ | |
73740c9f LP |
86 | }; |
87 | ||
a747994b LP |
88 | static const char* image_class_suffix_table[_IMAGE_CLASS_MAX] = { |
89 | [IMAGE_SYSEXT] = ".sysext", | |
90 | [IMAGE_CONFEXT] = ".confext", | |
91 | }; | |
92 | ||
93 | DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(image_class_suffix, ImageClass); | |
94 | ||
8301aa0b YW |
95 | static Image *image_free(Image *i) { |
96 | assert(i); | |
9614bb06 | 97 | |
cd61c3bf LP |
98 | free(i->name); |
99 | free(i->path); | |
c7664c07 LP |
100 | |
101 | free(i->hostname); | |
102 | strv_free(i->machine_info); | |
103 | strv_free(i->os_release); | |
a81fe93e LP |
104 | strv_free(i->sysext_release); |
105 | strv_free(i->confext_release); | |
c7664c07 | 106 | |
6b430fdb | 107 | return mfree(i); |
cd61c3bf LP |
108 | } |
109 | ||
8301aa0b | 110 | DEFINE_TRIVIAL_REF_UNREF_FUNC(Image, image, image_free); |
b07ec5a1 YW |
111 | DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(image_hash_ops, char, string_hash_func, string_compare_func, |
112 | Image, image_unref); | |
9614bb06 | 113 | |
8e0b6570 LP |
114 | static char **image_settings_path(Image *image) { |
115 | _cleanup_strv_free_ char **l = NULL; | |
162f6477 LP |
116 | _cleanup_free_ char *fn = NULL; |
117 | size_t i = 0; | |
118 | int r; | |
8e0b6570 LP |
119 | |
120 | assert(image); | |
121 | ||
122 | l = new0(char*, 4); | |
123 | if (!l) | |
124 | return NULL; | |
125 | ||
162f6477 LP |
126 | fn = strjoin(image->name, ".nspawn"); |
127 | if (!fn) | |
128 | return NULL; | |
8e0b6570 | 129 | |
b910cc72 LP |
130 | FOREACH_STRING(s, "/etc/systemd/nspawn", "/run/systemd/nspawn") { |
131 | l[i] = path_join(s, fn); | |
8e0b6570 LP |
132 | if (!l[i]) |
133 | return NULL; | |
134 | ||
135 | i++; | |
136 | } | |
137 | ||
162f6477 LP |
138 | r = file_in_same_dir(image->path, fn, l + i); |
139 | if (r == -ENOMEM) | |
8e0b6570 | 140 | return NULL; |
162f6477 LP |
141 | if (r < 0) |
142 | log_debug_errno(r, "Failed to generate .nspawn settings path from image path, ignoring: %m"); | |
143 | ||
144 | strv_uniq(l); | |
8e0b6570 | 145 | |
ae2a15bc | 146 | return TAKE_PTR(l); |
8e0b6570 LP |
147 | } |
148 | ||
162f6477 LP |
149 | static int image_roothash_path(Image *image, char **ret) { |
150 | _cleanup_free_ char *fn = NULL; | |
bafbac4e LP |
151 | |
152 | assert(image); | |
153 | ||
162f6477 LP |
154 | fn = strjoin(image->name, ".roothash"); |
155 | if (!fn) | |
156 | return -ENOMEM; | |
bafbac4e | 157 | |
162f6477 | 158 | return file_in_same_dir(image->path, fn, ret); |
bafbac4e LP |
159 | } |
160 | ||
c2ce6a3d | 161 | static int image_new( |
cd61c3bf | 162 | ImageType t, |
3775e141 | 163 | ImageClass c, |
5fc7f358 | 164 | const char *pretty, |
cd61c3bf | 165 | const char *path, |
5fc7f358 | 166 | const char *filename, |
cd61c3bf | 167 | bool read_only, |
10f9c755 | 168 | usec_t crtime, |
cd61c3bf | 169 | usec_t mtime, |
c2ce6a3d | 170 | Image **ret) { |
cd61c3bf LP |
171 | |
172 | _cleanup_(image_unrefp) Image *i = NULL; | |
cd61c3bf | 173 | |
cd61c3bf LP |
174 | assert(t >= 0); |
175 | assert(t < _IMAGE_TYPE_MAX); | |
5fc7f358 LP |
176 | assert(pretty); |
177 | assert(filename); | |
c2ce6a3d | 178 | assert(ret); |
cd61c3bf | 179 | |
c2108701 | 180 | i = new(Image, 1); |
cd61c3bf LP |
181 | if (!i) |
182 | return -ENOMEM; | |
183 | ||
c2108701 LP |
184 | *i = (Image) { |
185 | .n_ref = 1, | |
186 | .type = t, | |
3775e141 | 187 | .class = c, |
c2108701 LP |
188 | .read_only = read_only, |
189 | .crtime = crtime, | |
190 | .mtime = mtime, | |
191 | .usage = UINT64_MAX, | |
192 | .usage_exclusive = UINT64_MAX, | |
193 | .limit = UINT64_MAX, | |
194 | .limit_exclusive = UINT64_MAX, | |
195 | }; | |
cd61c3bf | 196 | |
5fc7f358 | 197 | i->name = strdup(pretty); |
cd61c3bf LP |
198 | if (!i->name) |
199 | return -ENOMEM; | |
200 | ||
657ee2d8 | 201 | i->path = path_join(path, filename); |
5fc7f358 LP |
202 | if (!i->path) |
203 | return -ENOMEM; | |
204 | ||
4ff361cc | 205 | path_simplify(i->path); |
cd61c3bf | 206 | |
1cc6c93a | 207 | *ret = TAKE_PTR(i); |
c2ce6a3d | 208 | |
cd61c3bf LP |
209 | return 0; |
210 | } | |
211 | ||
a747994b LP |
212 | static int extract_pretty( |
213 | const char *path, | |
214 | const char *class_suffix, | |
215 | const char *format_suffix, | |
216 | char **ret) { | |
217 | ||
4756c94e | 218 | _cleanup_free_ char *name = NULL; |
a747994b | 219 | int r; |
4756c94e LP |
220 | |
221 | assert(path); | |
222 | assert(ret); | |
223 | ||
a747994b LP |
224 | r = path_extract_filename(path, &name); |
225 | if (r < 0) | |
226 | return r; | |
4756c94e | 227 | |
a747994b LP |
228 | if (format_suffix) { |
229 | char *e = endswith(name, format_suffix); | |
230 | if (!e) /* Format suffix is required */ | |
4756c94e LP |
231 | return -EINVAL; |
232 | ||
233 | *e = 0; | |
234 | } | |
235 | ||
a747994b LP |
236 | if (class_suffix) { |
237 | char *e = endswith(name, class_suffix); | |
238 | if (e) /* Class suffix is optional */ | |
239 | *e = 0; | |
240 | } | |
241 | ||
4756c94e LP |
242 | if (!image_name_is_valid(name)) |
243 | return -EINVAL; | |
244 | ||
245 | *ret = TAKE_PTR(name); | |
246 | return 0; | |
247 | } | |
248 | ||
5fc7f358 | 249 | static int image_make( |
3775e141 | 250 | ImageClass c, |
5fc7f358 LP |
251 | const char *pretty, |
252 | int dfd, | |
253 | const char *path, | |
254 | const char *filename, | |
3a6ce860 | 255 | const struct stat *st, |
5fc7f358 LP |
256 | Image **ret) { |
257 | ||
2570578d | 258 | _cleanup_free_ char *pretty_buffer = NULL, *parent = NULL; |
3a6ce860 | 259 | struct stat stbuf; |
5fc7f358 | 260 | bool read_only; |
cd61c3bf LP |
261 | int r; |
262 | ||
3a6ce860 | 263 | assert(dfd >= 0 || dfd == AT_FDCWD); |
bcb846f3 | 264 | assert(path || dfd == AT_FDCWD); |
5fc7f358 | 265 | assert(filename); |
cd61c3bf | 266 | |
eb38edce | 267 | /* We explicitly *do* follow symlinks here, since we want to allow symlinking trees, raw files and block |
3a6ce860 LP |
268 | * devices into /var/lib/machines/, and treat them normally. |
269 | * | |
270 | * This function returns -ENOENT if we can't find the image after all, and -EMEDIUMTYPE if it's not a file we | |
271 | * recognize. */ | |
cd61c3bf | 272 | |
3a6ce860 LP |
273 | if (!st) { |
274 | if (fstatat(dfd, filename, &stbuf, 0) < 0) | |
275 | return -errno; | |
276 | ||
277 | st = &stbuf; | |
278 | } | |
cd61c3bf | 279 | |
2570578d LP |
280 | if (!path) { |
281 | if (dfd == AT_FDCWD) | |
282 | (void) safe_getcwd(&parent); | |
283 | else | |
284 | (void) fd_get_path(dfd, &parent); | |
285 | } | |
bcb846f3 | 286 | |
5fc7f358 LP |
287 | read_only = |
288 | (path && path_startswith(path, "/usr")) || | |
08ff5529 | 289 | (faccessat(dfd, filename, W_OK, AT_EACCESS) < 0 && errno == EROFS); |
86e339c8 | 290 | |
3a6ce860 | 291 | if (S_ISDIR(st->st_mode)) { |
254d1313 | 292 | _cleanup_close_ int fd = -EBADF; |
01b72568 | 293 | unsigned file_attr = 0; |
02dcf215 | 294 | usec_t crtime = 0; |
cd61c3bf | 295 | |
c2ce6a3d | 296 | if (!ret) |
3a6ce860 | 297 | return 0; |
cd61c3bf | 298 | |
4756c94e | 299 | if (!pretty) { |
a747994b | 300 | r = extract_pretty(filename, image_class_suffix_to_string(c), NULL, &pretty_buffer); |
4756c94e LP |
301 | if (r < 0) |
302 | return r; | |
303 | ||
304 | pretty = pretty_buffer; | |
305 | } | |
5fc7f358 | 306 | |
01b72568 LP |
307 | fd = openat(dfd, filename, O_CLOEXEC|O_NOCTTY|O_DIRECTORY); |
308 | if (fd < 0) | |
309 | return -errno; | |
310 | ||
674b04ff | 311 | if (btrfs_might_be_subvol(st)) { |
cd61c3bf | 312 | |
65ddc2c5 | 313 | r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC); |
21222ea5 LP |
314 | if (r < 0) |
315 | return r; | |
79de6eb1 | 316 | if (r > 0) { |
10f9c755 | 317 | BtrfsSubvolInfo info; |
cd61c3bf | 318 | |
c2ce6a3d | 319 | /* It's a btrfs subvolume */ |
cd61c3bf | 320 | |
5bcd08db | 321 | r = btrfs_subvol_get_info_fd(fd, 0, &info); |
10f9c755 LP |
322 | if (r < 0) |
323 | return r; | |
c2ce6a3d LP |
324 | |
325 | r = image_new(IMAGE_SUBVOLUME, | |
3775e141 | 326 | c, |
5fc7f358 | 327 | pretty, |
c2ce6a3d | 328 | path, |
5fc7f358 LP |
329 | filename, |
330 | info.read_only || read_only, | |
10f9c755 | 331 | info.otime, |
c2ce6a3d | 332 | 0, |
c2ce6a3d LP |
333 | ret); |
334 | if (r < 0) | |
335 | return r; | |
336 | ||
5bcd08db LP |
337 | if (btrfs_quota_scan_ongoing(fd) == 0) { |
338 | BtrfsQuotaInfo quota; | |
b6b18498 | 339 | |
5bcd08db LP |
340 | r = btrfs_subvol_get_subtree_quota_fd(fd, 0, "a); |
341 | if (r >= 0) { | |
342 | (*ret)->usage = quota.referenced; | |
343 | (*ret)->usage_exclusive = quota.exclusive; | |
344 | ||
345 | (*ret)->limit = quota.referenced_max; | |
346 | (*ret)->limit_exclusive = quota.exclusive_max; | |
347 | } | |
b6b18498 LP |
348 | } |
349 | ||
3a6ce860 | 350 | return 0; |
cd61c3bf | 351 | } |
c2ce6a3d | 352 | } |
cd61c3bf | 353 | |
02dcf215 | 354 | /* Get directory creation time (not available everywhere, but that's OK */ |
12a7f04a | 355 | (void) fd_getcrtime(fd, &crtime); |
02dcf215 LP |
356 | |
357 | /* If the IMMUTABLE bit is set, we consider the directory read-only. Since the ioctl is not | |
01b72568 LP |
358 | * supported everywhere we ignore failures. */ |
359 | (void) read_attr_fd(fd, &file_attr); | |
cd61c3bf | 360 | |
01b72568 | 361 | /* It's just a normal directory. */ |
c2ce6a3d | 362 | r = image_new(IMAGE_DIRECTORY, |
3775e141 | 363 | c, |
5fc7f358 | 364 | pretty, |
c2ce6a3d | 365 | path, |
5fc7f358 | 366 | filename, |
01b72568 | 367 | read_only || (file_attr & FS_IMMUTABLE_FL), |
02dcf215 LP |
368 | crtime, |
369 | 0, /* we don't use mtime of stat() here, since it's not the time of last change of the tree, but only of the top-level dir */ | |
c2ce6a3d LP |
370 | ret); |
371 | if (r < 0) | |
372 | return r; | |
cd61c3bf | 373 | |
3a6ce860 | 374 | return 0; |
cd61c3bf | 375 | |
3a6ce860 | 376 | } else if (S_ISREG(st->st_mode) && endswith(filename, ".raw")) { |
10f9c755 | 377 | usec_t crtime = 0; |
cd61c3bf | 378 | |
aceac2f0 | 379 | /* It's a RAW disk image */ |
cd61c3bf | 380 | |
c2ce6a3d | 381 | if (!ret) |
3a6ce860 | 382 | return 0; |
cd61c3bf | 383 | |
c53e07e2 | 384 | (void) fd_getcrtime_at(dfd, filename, AT_SYMLINK_FOLLOW, &crtime); |
10f9c755 | 385 | |
4756c94e | 386 | if (!pretty) { |
a747994b | 387 | r = extract_pretty(filename, image_class_suffix_to_string(c), ".raw", &pretty_buffer); |
4756c94e LP |
388 | if (r < 0) |
389 | return r; | |
390 | ||
391 | pretty = pretty_buffer; | |
392 | } | |
10f9c755 | 393 | |
aceac2f0 | 394 | r = image_new(IMAGE_RAW, |
3775e141 | 395 | c, |
5fc7f358 | 396 | pretty, |
c2ce6a3d | 397 | path, |
5fc7f358 | 398 | filename, |
3a6ce860 | 399 | !(st->st_mode & 0222) || read_only, |
10f9c755 | 400 | crtime, |
3a6ce860 | 401 | timespec_load(&st->st_mtim), |
c2ce6a3d LP |
402 | ret); |
403 | if (r < 0) | |
404 | return r; | |
cd61c3bf | 405 | |
3a6ce860 LP |
406 | (*ret)->usage = (*ret)->usage_exclusive = st->st_blocks * 512; |
407 | (*ret)->limit = (*ret)->limit_exclusive = st->st_size; | |
b6b18498 | 408 | |
3a6ce860 | 409 | return 0; |
eb38edce | 410 | |
3a6ce860 | 411 | } else if (S_ISBLK(st->st_mode)) { |
254d1313 | 412 | _cleanup_close_ int block_fd = -EBADF; |
eb38edce LP |
413 | uint64_t size = UINT64_MAX; |
414 | ||
415 | /* A block device */ | |
416 | ||
417 | if (!ret) | |
3a6ce860 | 418 | return 0; |
eb38edce | 419 | |
4756c94e | 420 | if (!pretty) { |
a747994b | 421 | r = extract_pretty(filename, NULL, NULL, &pretty_buffer); |
4756c94e LP |
422 | if (r < 0) |
423 | return r; | |
424 | ||
425 | pretty = pretty_buffer; | |
426 | } | |
eb38edce LP |
427 | |
428 | block_fd = openat(dfd, filename, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY); | |
429 | if (block_fd < 0) | |
2570578d | 430 | log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path ?: strnull(parent), filename); |
eb38edce | 431 | else { |
3a6ce860 LP |
432 | /* Refresh stat data after opening the node */ |
433 | if (fstat(block_fd, &stbuf) < 0) | |
eb38edce | 434 | return -errno; |
3a6ce860 LP |
435 | st = &stbuf; |
436 | ||
437 | if (!S_ISBLK(st->st_mode)) /* Verify that what we opened is actually what we think it is */ | |
eb38edce LP |
438 | return -ENOTTY; |
439 | ||
440 | if (!read_only) { | |
441 | int state = 0; | |
442 | ||
443 | if (ioctl(block_fd, BLKROGET, &state) < 0) | |
2570578d | 444 | log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path ?: strnull(parent), filename); |
eb38edce LP |
445 | else if (state) |
446 | read_only = true; | |
447 | } | |
448 | ||
449 | if (ioctl(block_fd, BLKGETSIZE64, &size) < 0) | |
2570578d | 450 | log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path ?: strnull(parent), filename); |
eb38edce LP |
451 | |
452 | block_fd = safe_close(block_fd); | |
453 | } | |
454 | ||
455 | r = image_new(IMAGE_BLOCK, | |
3775e141 | 456 | c, |
eb38edce LP |
457 | pretty, |
458 | path, | |
459 | filename, | |
3a6ce860 | 460 | !(st->st_mode & 0222) || read_only, |
eb38edce LP |
461 | 0, |
462 | 0, | |
463 | ret); | |
464 | if (r < 0) | |
465 | return r; | |
466 | ||
ed0cb346 | 467 | if (!IN_SET(size, 0, UINT64_MAX)) |
eb38edce LP |
468 | (*ret)->usage = (*ret)->usage_exclusive = (*ret)->limit = (*ret)->limit_exclusive = size; |
469 | ||
3a6ce860 | 470 | return 0; |
c2ce6a3d | 471 | } |
cd61c3bf | 472 | |
3a6ce860 | 473 | return -EMEDIUMTYPE; |
c2ce6a3d | 474 | } |
cd61c3bf | 475 | |
73740c9f LP |
476 | static const char *pick_image_search_path(ImageClass class) { |
477 | if (class < 0 || class >= _IMAGE_CLASS_MAX) | |
478 | return NULL; | |
479 | ||
480 | /* Use the initrd search path if there is one, otherwise use the common one */ | |
481 | return in_initrd() && image_search_path_initrd[class] ? image_search_path_initrd[class] : image_search_path[class]; | |
482 | } | |
483 | ||
d577d4a4 LP |
484 | int image_find(ImageClass class, |
485 | const char *name, | |
486 | const char *root, | |
487 | Image **ret) { | |
488 | ||
c2ce6a3d | 489 | int r; |
cd61c3bf | 490 | |
5ef46e5f LP |
491 | assert(class >= 0); |
492 | assert(class < _IMAGE_CLASS_MAX); | |
c2ce6a3d | 493 | assert(name); |
cd61c3bf | 494 | |
c2ce6a3d LP |
495 | /* There are no images with invalid names */ |
496 | if (!image_name_is_valid(name)) | |
3a6ce860 | 497 | return -ENOENT; |
cd61c3bf | 498 | |
73740c9f | 499 | NULSTR_FOREACH(path, pick_image_search_path(class)) { |
d577d4a4 | 500 | _cleanup_free_ char *resolved = NULL; |
c2ce6a3d | 501 | _cleanup_closedir_ DIR *d = NULL; |
3a6ce860 | 502 | struct stat st; |
d577d4a4 | 503 | int flags; |
cd61c3bf | 504 | |
f461a28d | 505 | r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d); |
d577d4a4 LP |
506 | if (r == -ENOENT) |
507 | continue; | |
508 | if (r < 0) | |
509 | return r; | |
cd61c3bf | 510 | |
d577d4a4 LP |
511 | /* As mentioned above, we follow symlinks on this fstatat(), because we want to permit people |
512 | * to symlink block devices into the search path. (For now, we disable that when operating | |
513 | * relative to some root directory.) */ | |
514 | flags = root ? AT_SYMLINK_NOFOLLOW : 0; | |
515 | if (fstatat(dirfd(d), name, &st, flags) < 0) { | |
aceac2f0 | 516 | _cleanup_free_ char *raw = NULL; |
5fc7f358 | 517 | |
3a6ce860 LP |
518 | if (errno != ENOENT) |
519 | return -errno; | |
520 | ||
b910cc72 | 521 | raw = strjoin(name, ".raw"); |
aceac2f0 | 522 | if (!raw) |
5fc7f358 LP |
523 | return -ENOMEM; |
524 | ||
d577d4a4 | 525 | if (fstatat(dirfd(d), raw, &st, flags) < 0) { |
3a6ce860 LP |
526 | if (errno == ENOENT) |
527 | continue; | |
528 | ||
529 | return -errno; | |
530 | } | |
531 | ||
532 | if (!S_ISREG(st.st_mode)) | |
5fc7f358 | 533 | continue; |
3a6ce860 | 534 | |
3775e141 | 535 | r = image_make(class, name, dirfd(d), resolved, raw, &st, ret); |
3a6ce860 LP |
536 | |
537 | } else { | |
538 | if (!S_ISDIR(st.st_mode) && !S_ISBLK(st.st_mode)) | |
539 | continue; | |
540 | ||
3775e141 | 541 | r = image_make(class, name, dirfd(d), resolved, name, &st, ret); |
5fc7f358 | 542 | } |
3a6ce860 LP |
543 | if (IN_SET(r, -ENOENT, -EMEDIUMTYPE)) |
544 | continue; | |
c2ce6a3d LP |
545 | if (r < 0) |
546 | return r; | |
cd61c3bf | 547 | |
cf604fd4 LP |
548 | if (ret) |
549 | (*ret)->discoverable = true; | |
550 | ||
c2ce6a3d LP |
551 | return 1; |
552 | } | |
553 | ||
cf604fd4 | 554 | if (class == IMAGE_MACHINE && streq(name, ".host")) { |
3775e141 | 555 | r = image_make(class, ".host", AT_FDCWD, NULL, empty_to_root(root), NULL, ret); |
cf604fd4 LP |
556 | if (r < 0) |
557 | return r; | |
558 | ||
559 | if (ret) | |
560 | (*ret)->discoverable = true; | |
561 | ||
562 | return r; | |
563 | } | |
5fc7f358 | 564 | |
3a6ce860 | 565 | return -ENOENT; |
c2ce6a3d LP |
566 | }; |
567 | ||
2ddf182b | 568 | int image_from_path(const char *path, Image **ret) { |
cf604fd4 LP |
569 | |
570 | /* Note that we don't set the 'discoverable' field of the returned object, because we don't check here whether | |
571 | * the image is in the image search path. And if it is we don't know if the path we used is actually not | |
3fe91079 | 572 | * overridden by another, different image earlier in the search path */ |
cf604fd4 | 573 | |
2ddf182b | 574 | if (path_equal(path, "/")) |
3775e141 | 575 | return image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, "/", NULL, ret); |
2ddf182b | 576 | |
3775e141 | 577 | return image_make(_IMAGE_CLASS_INVALID, NULL, AT_FDCWD, NULL, path, NULL, ret); |
2ddf182b LP |
578 | } |
579 | ||
d577d4a4 | 580 | int image_find_harder(ImageClass class, const char *name_or_path, const char *root, Image **ret) { |
2ddf182b | 581 | if (image_name_is_valid(name_or_path)) |
d577d4a4 | 582 | return image_find(class, name_or_path, root, ret); |
2ddf182b LP |
583 | |
584 | return image_from_path(name_or_path, ret); | |
585 | } | |
586 | ||
d577d4a4 LP |
587 | int image_discover( |
588 | ImageClass class, | |
589 | const char *root, | |
590 | Hashmap *h) { | |
591 | ||
c2ce6a3d LP |
592 | int r; |
593 | ||
5ef46e5f LP |
594 | assert(class >= 0); |
595 | assert(class < _IMAGE_CLASS_MAX); | |
c2ce6a3d LP |
596 | assert(h); |
597 | ||
73740c9f | 598 | NULSTR_FOREACH(path, pick_image_search_path(class)) { |
d577d4a4 | 599 | _cleanup_free_ char *resolved = NULL; |
c2ce6a3d | 600 | _cleanup_closedir_ DIR *d = NULL; |
c2ce6a3d | 601 | |
f461a28d | 602 | r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d); |
d577d4a4 LP |
603 | if (r == -ENOENT) |
604 | continue; | |
605 | if (r < 0) | |
606 | return r; | |
c2ce6a3d LP |
607 | |
608 | FOREACH_DIRENT_ALL(de, d, return -errno) { | |
609 | _cleanup_(image_unrefp) Image *image = NULL; | |
a747994b | 610 | _cleanup_free_ char *pretty = NULL; |
3a6ce860 | 611 | struct stat st; |
d577d4a4 | 612 | int flags; |
c2ce6a3d | 613 | |
1bf36bf9 | 614 | if (dot_or_dot_dot(de->d_name)) |
c2ce6a3d LP |
615 | continue; |
616 | ||
d577d4a4 LP |
617 | /* As mentioned above, we follow symlinks on this fstatat(), because we want to |
618 | * permit people to symlink block devices into the search path. */ | |
619 | flags = root ? AT_SYMLINK_NOFOLLOW : 0; | |
620 | if (fstatat(dirfd(d), de->d_name, &st, flags) < 0) { | |
3a6ce860 LP |
621 | if (errno == ENOENT) |
622 | continue; | |
623 | ||
624 | return -errno; | |
625 | } | |
626 | ||
a747994b LP |
627 | if (S_ISREG(st.st_mode)) |
628 | r = extract_pretty(de->d_name, image_class_suffix_to_string(class), ".raw", &pretty); | |
629 | else if (S_ISDIR(st.st_mode)) | |
630 | r = extract_pretty(de->d_name, image_class_suffix_to_string(class), NULL, &pretty); | |
631 | else if (S_ISBLK(st.st_mode)) | |
632 | r = extract_pretty(de->d_name, NULL, NULL, &pretty); | |
e7df707b LP |
633 | else { |
634 | log_debug("Skipping directory entry '%s', which is neither regular file, directory nor block device.", de->d_name); | |
3a6ce860 | 635 | continue; |
e7df707b LP |
636 | } |
637 | if (r < 0) { | |
638 | log_debug_errno(r, "Skipping directory entry '%s', which doesn't look like an image.", de->d_name); | |
1bf36bf9 | 639 | continue; |
e7df707b | 640 | } |
1bf36bf9 LP |
641 | |
642 | if (hashmap_contains(h, pretty)) | |
c2ce6a3d LP |
643 | continue; |
644 | ||
3775e141 | 645 | r = image_make(class, pretty, dirfd(d), resolved, de->d_name, &st, &image); |
3a6ce860 | 646 | if (IN_SET(r, -ENOENT, -EMEDIUMTYPE)) |
c2ce6a3d LP |
647 | continue; |
648 | if (r < 0) | |
649 | return r; | |
650 | ||
cf604fd4 LP |
651 | image->discoverable = true; |
652 | ||
c2ce6a3d LP |
653 | r = hashmap_put(h, image->name, image); |
654 | if (r < 0) | |
655 | return r; | |
656 | ||
657 | image = NULL; | |
cd61c3bf LP |
658 | } |
659 | } | |
660 | ||
5ef46e5f | 661 | if (class == IMAGE_MACHINE && !hashmap_contains(h, ".host")) { |
5fc7f358 LP |
662 | _cleanup_(image_unrefp) Image *image = NULL; |
663 | ||
3775e141 | 664 | r = image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, empty_to_root("/"), NULL, &image); |
5fc7f358 LP |
665 | if (r < 0) |
666 | return r; | |
667 | ||
cf604fd4 LP |
668 | image->discoverable = true; |
669 | ||
5fc7f358 LP |
670 | r = hashmap_put(h, image->name, image); |
671 | if (r < 0) | |
672 | return r; | |
673 | ||
674 | image = NULL; | |
5fc7f358 LP |
675 | } |
676 | ||
cd61c3bf LP |
677 | return 0; |
678 | } | |
679 | ||
08682124 | 680 | int image_remove(Image *i) { |
8e766630 | 681 | _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT; |
8e0b6570 | 682 | _cleanup_strv_free_ char **settings = NULL; |
bafbac4e | 683 | _cleanup_free_ char *roothash = NULL; |
30535c16 LP |
684 | int r; |
685 | ||
08682124 LP |
686 | assert(i); |
687 | ||
d94c2b06 | 688 | if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i)) |
08682124 LP |
689 | return -EROFS; |
690 | ||
8e0b6570 LP |
691 | settings = image_settings_path(i); |
692 | if (!settings) | |
693 | return -ENOMEM; | |
694 | ||
162f6477 LP |
695 | r = image_roothash_path(i, &roothash); |
696 | if (r < 0) | |
697 | return r; | |
bafbac4e | 698 | |
30535c16 LP |
699 | /* Make sure we don't interfere with a running nspawn */ |
700 | r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock); | |
701 | if (r < 0) | |
702 | return r; | |
703 | ||
ebd93cb6 LP |
704 | switch (i->type) { |
705 | ||
706 | case IMAGE_SUBVOLUME: | |
9fb0b9c7 LP |
707 | |
708 | /* Let's unlink first, maybe it is a symlink? If that works we are happy. Otherwise, let's get out the | |
709 | * big guns */ | |
710 | if (unlink(i->path) < 0) { | |
711 | r = btrfs_subvol_remove(i->path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); | |
712 | if (r < 0) | |
713 | return r; | |
714 | } | |
715 | ||
8e0b6570 | 716 | break; |
ebd93cb6 LP |
717 | |
718 | case IMAGE_DIRECTORY: | |
01b72568 | 719 | /* Allow deletion of read-only directories */ |
db9a4254 | 720 | (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL); |
8e0b6570 LP |
721 | r = rm_rf(i->path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME); |
722 | if (r < 0) | |
723 | return r; | |
724 | ||
725 | break; | |
01b72568 | 726 | |
eb38edce LP |
727 | case IMAGE_BLOCK: |
728 | ||
729 | /* If this is inside of /dev, then it's a real block device, hence let's not touch the device node | |
730 | * itself (but let's remove the stuff stored alongside it). If it's anywhere else, let's try to unlink | |
731 | * the thing (it's most likely a symlink after all). */ | |
732 | ||
733 | if (path_startswith(i->path, "/dev")) | |
734 | break; | |
735 | ||
4831981d | 736 | _fallthrough_; |
aceac2f0 | 737 | case IMAGE_RAW: |
41d1ed05 LP |
738 | if (unlink(i->path) < 0) |
739 | return -errno; | |
8e0b6570 | 740 | break; |
ebd93cb6 LP |
741 | |
742 | default: | |
15411c0c | 743 | return -EOPNOTSUPP; |
ebd93cb6 | 744 | } |
8e0b6570 | 745 | |
de010b0b | 746 | STRV_FOREACH(j, settings) |
8e0b6570 LP |
747 | if (unlink(*j) < 0 && errno != ENOENT) |
748 | log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", *j); | |
8e0b6570 | 749 | |
bafbac4e LP |
750 | if (unlink(roothash) < 0 && errno != ENOENT) |
751 | log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", roothash); | |
752 | ||
8e0b6570 LP |
753 | return 0; |
754 | } | |
755 | ||
bafbac4e | 756 | static int rename_auxiliary_file(const char *path, const char *new_name, const char *suffix) { |
162f6477 LP |
757 | _cleanup_free_ char *fn = NULL, *rs = NULL; |
758 | int r; | |
8e0b6570 | 759 | |
162f6477 LP |
760 | fn = strjoin(new_name, suffix); |
761 | if (!fn) | |
8e0b6570 LP |
762 | return -ENOMEM; |
763 | ||
162f6477 LP |
764 | r = file_in_same_dir(path, fn, &rs); |
765 | if (r < 0) | |
766 | return r; | |
767 | ||
8e0b6570 | 768 | return rename_noreplace(AT_FDCWD, path, AT_FDCWD, rs); |
ebd93cb6 LP |
769 | } |
770 | ||
771 | int image_rename(Image *i, const char *new_name) { | |
8e766630 | 772 | _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT, name_lock = LOCK_FILE_INIT; |
bafbac4e | 773 | _cleanup_free_ char *new_path = NULL, *nn = NULL, *roothash = NULL; |
8e0b6570 | 774 | _cleanup_strv_free_ char **settings = NULL; |
01b72568 | 775 | unsigned file_attr = 0; |
ebd93cb6 LP |
776 | int r; |
777 | ||
778 | assert(i); | |
779 | ||
780 | if (!image_name_is_valid(new_name)) | |
781 | return -EINVAL; | |
782 | ||
d94c2b06 | 783 | if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i)) |
ebd93cb6 LP |
784 | return -EROFS; |
785 | ||
8e0b6570 LP |
786 | settings = image_settings_path(i); |
787 | if (!settings) | |
788 | return -ENOMEM; | |
789 | ||
162f6477 LP |
790 | r = image_roothash_path(i, &roothash); |
791 | if (r < 0) | |
792 | return r; | |
bafbac4e | 793 | |
30535c16 LP |
794 | /* Make sure we don't interfere with a running nspawn */ |
795 | r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock); | |
796 | if (r < 0) | |
797 | return r; | |
798 | ||
799 | /* Make sure nobody takes the new name, between the time we | |
800 | * checked it is currently unused in all search paths, and the | |
f8e2f4d6 | 801 | * time we take possession of it */ |
30535c16 LP |
802 | r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock); |
803 | if (r < 0) | |
804 | return r; | |
805 | ||
d577d4a4 | 806 | r = image_find(IMAGE_MACHINE, new_name, NULL, NULL); |
3a6ce860 | 807 | if (r >= 0) |
ebd93cb6 | 808 | return -EEXIST; |
3a6ce860 LP |
809 | if (r != -ENOENT) |
810 | return r; | |
ebd93cb6 LP |
811 | |
812 | switch (i->type) { | |
813 | ||
ebd93cb6 | 814 | case IMAGE_DIRECTORY: |
01b72568 LP |
815 | /* Turn of the immutable bit while we rename the image, so that we can rename it */ |
816 | (void) read_attr_path(i->path, &file_attr); | |
817 | ||
818 | if (file_attr & FS_IMMUTABLE_FL) | |
db9a4254 | 819 | (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL); |
01b72568 | 820 | |
4831981d | 821 | _fallthrough_; |
01b72568 | 822 | case IMAGE_SUBVOLUME: |
162f6477 | 823 | r = file_in_same_dir(i->path, new_name, &new_path); |
ebd93cb6 LP |
824 | break; |
825 | ||
eb38edce LP |
826 | case IMAGE_BLOCK: |
827 | ||
828 | /* Refuse renaming raw block devices in /dev, the names are picked by udev after all. */ | |
829 | if (path_startswith(i->path, "/dev")) | |
830 | return -EROFS; | |
831 | ||
162f6477 | 832 | r = file_in_same_dir(i->path, new_name, &new_path); |
eb38edce LP |
833 | break; |
834 | ||
aceac2f0 | 835 | case IMAGE_RAW: { |
ebd93cb6 LP |
836 | const char *fn; |
837 | ||
63c372cb | 838 | fn = strjoina(new_name, ".raw"); |
162f6477 LP |
839 | |
840 | r = file_in_same_dir(i->path, fn, &new_path); | |
ebd93cb6 LP |
841 | break; |
842 | } | |
843 | ||
844 | default: | |
15411c0c | 845 | return -EOPNOTSUPP; |
ebd93cb6 | 846 | } |
162f6477 LP |
847 | if (r < 0) |
848 | return r; | |
ebd93cb6 LP |
849 | |
850 | nn = strdup(new_name); | |
851 | if (!nn) | |
852 | return -ENOMEM; | |
853 | ||
f85ef957 AC |
854 | r = rename_noreplace(AT_FDCWD, i->path, AT_FDCWD, new_path); |
855 | if (r < 0) | |
856 | return r; | |
ebd93cb6 | 857 | |
01b72568 LP |
858 | /* Restore the immutable bit, if it was set before */ |
859 | if (file_attr & FS_IMMUTABLE_FL) | |
db9a4254 | 860 | (void) chattr_path(new_path, FS_IMMUTABLE_FL, FS_IMMUTABLE_FL, NULL); |
01b72568 | 861 | |
f9ecfd3b DL |
862 | free_and_replace(i->path, new_path); |
863 | free_and_replace(i->name, nn); | |
ebd93cb6 | 864 | |
8e0b6570 | 865 | STRV_FOREACH(j, settings) { |
bafbac4e | 866 | r = rename_auxiliary_file(*j, new_name, ".nspawn"); |
8e0b6570 LP |
867 | if (r < 0 && r != -ENOENT) |
868 | log_debug_errno(r, "Failed to rename settings file %s, ignoring: %m", *j); | |
869 | } | |
870 | ||
bafbac4e LP |
871 | r = rename_auxiliary_file(roothash, new_name, ".roothash"); |
872 | if (r < 0 && r != -ENOENT) | |
873 | log_debug_errno(r, "Failed to rename roothash file %s, ignoring: %m", roothash); | |
874 | ||
ebd93cb6 LP |
875 | return 0; |
876 | } | |
877 | ||
bafbac4e | 878 | static int clone_auxiliary_file(const char *path, const char *new_name, const char *suffix) { |
162f6477 LP |
879 | _cleanup_free_ char *fn = NULL, *rs = NULL; |
880 | int r; | |
8e0b6570 | 881 | |
162f6477 LP |
882 | fn = strjoin(new_name, suffix); |
883 | if (!fn) | |
8e0b6570 LP |
884 | return -ENOMEM; |
885 | ||
162f6477 LP |
886 | r = file_in_same_dir(path, fn, &rs); |
887 | if (r < 0) | |
888 | return r; | |
889 | ||
7c2f5495 | 890 | return copy_file_atomic(path, rs, 0664, COPY_REFLINK); |
8e0b6570 LP |
891 | } |
892 | ||
ebd93cb6 | 893 | int image_clone(Image *i, const char *new_name, bool read_only) { |
8e766630 | 894 | _cleanup_(release_lock_file) LockFile name_lock = LOCK_FILE_INIT; |
8e0b6570 | 895 | _cleanup_strv_free_ char **settings = NULL; |
bafbac4e | 896 | _cleanup_free_ char *roothash = NULL; |
ebd93cb6 LP |
897 | const char *new_path; |
898 | int r; | |
899 | ||
900 | assert(i); | |
901 | ||
902 | if (!image_name_is_valid(new_name)) | |
903 | return -EINVAL; | |
904 | ||
8e0b6570 LP |
905 | settings = image_settings_path(i); |
906 | if (!settings) | |
907 | return -ENOMEM; | |
908 | ||
162f6477 LP |
909 | r = image_roothash_path(i, &roothash); |
910 | if (r < 0) | |
911 | return r; | |
bafbac4e | 912 | |
30535c16 LP |
913 | /* Make sure nobody takes the new name, between the time we |
914 | * checked it is currently unused in all search paths, and the | |
f8e2f4d6 | 915 | * time we take possession of it */ |
30535c16 LP |
916 | r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock); |
917 | if (r < 0) | |
918 | return r; | |
919 | ||
d577d4a4 | 920 | r = image_find(IMAGE_MACHINE, new_name, NULL, NULL); |
3a6ce860 | 921 | if (r >= 0) |
ebd93cb6 | 922 | return -EEXIST; |
3a6ce860 LP |
923 | if (r != -ENOENT) |
924 | return r; | |
ebd93cb6 LP |
925 | |
926 | switch (i->type) { | |
927 | ||
928 | case IMAGE_SUBVOLUME: | |
929 | case IMAGE_DIRECTORY: | |
9a50e3ca | 930 | /* If we can we'll always try to create a new btrfs subvolume here, even if the source is a plain |
13e785f7 | 931 | * directory. */ |
9a50e3ca | 932 | |
63c372cb | 933 | new_path = strjoina("/var/lib/machines/", new_name); |
ebd93cb6 | 934 | |
fab4ef72 DDM |
935 | r = btrfs_subvol_snapshot_at(AT_FDCWD, i->path, AT_FDCWD, new_path, |
936 | (read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) | | |
937 | BTRFS_SNAPSHOT_FALLBACK_COPY | | |
938 | BTRFS_SNAPSHOT_FALLBACK_DIRECTORY | | |
939 | BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE | | |
940 | BTRFS_SNAPSHOT_RECURSIVE | | |
941 | BTRFS_SNAPSHOT_QUOTA); | |
17cbb288 | 942 | if (r >= 0) |
9a50e3ca | 943 | /* Enable "subtree" quotas for the copy, if we didn't copy any quota from the source. */ |
8120ee28 | 944 | (void) btrfs_subvol_auto_qgroup(new_path, 0, true); |
5bcd08db | 945 | |
ebd93cb6 LP |
946 | break; |
947 | ||
aceac2f0 | 948 | case IMAGE_RAW: |
63c372cb | 949 | new_path = strjoina("/var/lib/machines/", new_name, ".raw"); |
ebd93cb6 | 950 | |
7c2f5495 DDM |
951 | r = copy_file_atomic_full(i->path, new_path, read_only ? 0444 : 0644, FS_NOCOW_FL, FS_NOCOW_FL, |
952 | COPY_REFLINK|COPY_CRTIME, NULL, NULL); | |
ebd93cb6 LP |
953 | break; |
954 | ||
eb38edce | 955 | case IMAGE_BLOCK: |
ebd93cb6 | 956 | default: |
15411c0c | 957 | return -EOPNOTSUPP; |
ebd93cb6 LP |
958 | } |
959 | ||
960 | if (r < 0) | |
961 | return r; | |
962 | ||
8e0b6570 | 963 | STRV_FOREACH(j, settings) { |
bafbac4e | 964 | r = clone_auxiliary_file(*j, new_name, ".nspawn"); |
8e0b6570 LP |
965 | if (r < 0 && r != -ENOENT) |
966 | log_debug_errno(r, "Failed to clone settings %s, ignoring: %m", *j); | |
967 | } | |
968 | ||
bafbac4e LP |
969 | r = clone_auxiliary_file(roothash, new_name, ".roothash"); |
970 | if (r < 0 && r != -ENOENT) | |
971 | log_debug_errno(r, "Failed to clone root hash file %s, ignoring: %m", roothash); | |
972 | ||
ebd93cb6 LP |
973 | return 0; |
974 | } | |
975 | ||
976 | int image_read_only(Image *i, bool b) { | |
8e766630 | 977 | _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT; |
ebd93cb6 | 978 | int r; |
c7664c07 | 979 | |
ebd93cb6 LP |
980 | assert(i); |
981 | ||
d94c2b06 | 982 | if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i)) |
ebd93cb6 LP |
983 | return -EROFS; |
984 | ||
30535c16 LP |
985 | /* Make sure we don't interfere with a running nspawn */ |
986 | r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock); | |
987 | if (r < 0) | |
988 | return r; | |
989 | ||
ebd93cb6 LP |
990 | switch (i->type) { |
991 | ||
992 | case IMAGE_SUBVOLUME: | |
5bcd08db LP |
993 | |
994 | /* Note that we set the flag only on the top-level | |
995 | * subvolume of the image. */ | |
996 | ||
ebd93cb6 LP |
997 | r = btrfs_subvol_set_read_only(i->path, b); |
998 | if (r < 0) | |
999 | return r; | |
01b72568 LP |
1000 | |
1001 | break; | |
1002 | ||
1003 | case IMAGE_DIRECTORY: | |
1004 | /* For simple directory trees we cannot use the access | |
1005 | mode of the top-level directory, since it has an | |
1006 | effect on the container itself. However, we can | |
1007 | use the "immutable" flag, to at least make the | |
1008 | top-level directory read-only. It's not as good as | |
1009 | a read-only subvolume, but at least something, and | |
13e785f7 | 1010 | we can read the value back. */ |
01b72568 | 1011 | |
db9a4254 | 1012 | r = chattr_path(i->path, b ? FS_IMMUTABLE_FL : 0, FS_IMMUTABLE_FL, NULL); |
01b72568 LP |
1013 | if (r < 0) |
1014 | return r; | |
1015 | ||
ebd93cb6 LP |
1016 | break; |
1017 | ||
aceac2f0 | 1018 | case IMAGE_RAW: { |
ebd93cb6 LP |
1019 | struct stat st; |
1020 | ||
1021 | if (stat(i->path, &st) < 0) | |
1022 | return -errno; | |
1023 | ||
1024 | if (chmod(i->path, (st.st_mode & 0444) | (b ? 0000 : 0200)) < 0) | |
1025 | return -errno; | |
f2068bcc LP |
1026 | |
1027 | /* If the images is now read-only, it's a good time to | |
1028 | * defrag it, given that no write patterns will | |
1029 | * fragment it again. */ | |
1030 | if (b) | |
1031 | (void) btrfs_defrag(i->path); | |
ebd93cb6 LP |
1032 | break; |
1033 | } | |
1034 | ||
eb38edce | 1035 | case IMAGE_BLOCK: { |
254d1313 | 1036 | _cleanup_close_ int fd = -EBADF; |
eb38edce LP |
1037 | struct stat st; |
1038 | int state = b; | |
1039 | ||
1040 | fd = open(i->path, O_CLOEXEC|O_RDONLY|O_NONBLOCK|O_NOCTTY); | |
1041 | if (fd < 0) | |
1042 | return -errno; | |
1043 | ||
1044 | if (fstat(fd, &st) < 0) | |
1045 | return -errno; | |
1046 | if (!S_ISBLK(st.st_mode)) | |
1047 | return -ENOTTY; | |
1048 | ||
1049 | if (ioctl(fd, BLKROSET, &state) < 0) | |
1050 | return -errno; | |
1051 | ||
1052 | break; | |
1053 | } | |
1054 | ||
ebd93cb6 | 1055 | default: |
15411c0c | 1056 | return -EOPNOTSUPP; |
ebd93cb6 LP |
1057 | } |
1058 | ||
1059 | return 0; | |
08682124 LP |
1060 | } |
1061 | ||
30535c16 LP |
1062 | int image_path_lock(const char *path, int operation, LockFile *global, LockFile *local) { |
1063 | _cleanup_free_ char *p = NULL; | |
1064 | LockFile t = LOCK_FILE_INIT; | |
1065 | struct stat st; | |
f25bed67 | 1066 | bool exclusive; |
30535c16 LP |
1067 | int r; |
1068 | ||
1069 | assert(path); | |
1070 | assert(global); | |
1071 | assert(local); | |
1072 | ||
f25bed67 LP |
1073 | /* Locks an image path. This actually creates two locks: one "local" one, next to the image path |
1074 | * itself, which might be shared via NFS. And another "global" one, in /run, that uses the | |
1075 | * device/inode number. This has the benefit that we can even lock a tree that is a mount point, | |
1076 | * correctly. */ | |
30535c16 | 1077 | |
30535c16 LP |
1078 | if (!path_is_absolute(path)) |
1079 | return -EINVAL; | |
1080 | ||
f25bed67 LP |
1081 | switch (operation & (LOCK_SH|LOCK_EX)) { |
1082 | case LOCK_SH: | |
1083 | exclusive = false; | |
1084 | break; | |
1085 | case LOCK_EX: | |
1086 | exclusive = true; | |
1087 | break; | |
1088 | default: | |
1089 | return -EINVAL; | |
1090 | } | |
1091 | ||
b6e953f2 LP |
1092 | if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) { |
1093 | *local = *global = (LockFile) LOCK_FILE_INIT; | |
1094 | return 0; | |
1095 | } | |
1096 | ||
f25bed67 LP |
1097 | /* Prohibit taking exclusive locks on the host image. We can't allow this, since we ourselves are |
1098 | * running off it after all, and we don't want any images to manipulate the host image. We make an | |
1099 | * exception for shared locks however: we allow those (and make them NOPs since there's no point in | |
1100 | * taking them if there can't be exclusive locks). Strictly speaking these are questionable as well, | |
1101 | * since it means changes made to the host might propagate to the container as they happen (and a | |
1102 | * shared lock kinda suggests that no changes happen at all while it is in place), but it's too | |
1103 | * useful not to allow read-only containers off the host root, hence let's support this, and trust | |
1104 | * the user to do the right thing with this. */ | |
1105 | if (path_equal(path, "/")) { | |
1106 | if (exclusive) | |
1107 | return -EBUSY; | |
1108 | ||
1109 | *local = *global = (LockFile) LOCK_FILE_INIT; | |
1110 | return 0; | |
1111 | } | |
b6e953f2 | 1112 | |
30535c16 | 1113 | if (stat(path, &st) >= 0) { |
eb38edce LP |
1114 | if (S_ISBLK(st.st_mode)) |
1115 | r = asprintf(&p, "/run/systemd/nspawn/locks/block-%u:%u", major(st.st_rdev), minor(st.st_rdev)); | |
1116 | else if (S_ISDIR(st.st_mode) || S_ISREG(st.st_mode)) | |
1117 | r = asprintf(&p, "/run/systemd/nspawn/locks/inode-%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino); | |
1118 | else | |
1119 | return -ENOTTY; | |
eb38edce | 1120 | if (r < 0) |
30535c16 LP |
1121 | return -ENOMEM; |
1122 | } | |
1123 | ||
f25bed67 LP |
1124 | /* For block devices we don't need the "local" lock, as the major/minor lock above should be |
1125 | * sufficient, since block devices are host local anyway. */ | |
1126 | if (!path_startswith(path, "/dev/")) { | |
eb38edce | 1127 | r = make_lock_file_for(path, operation, &t); |
8be17c9b | 1128 | if (r < 0) { |
f25bed67 | 1129 | if (!exclusive && r == -EROFS) |
771b7ead | 1130 | log_debug_errno(r, "Failed to create shared lock for '%s', ignoring: %m", path); |
8be17c9b LT |
1131 | else |
1132 | return r; | |
1133 | } | |
eb38edce | 1134 | } |
30535c16 LP |
1135 | |
1136 | if (p) { | |
6e5dcce4 | 1137 | (void) mkdir_p("/run/systemd/nspawn/locks", 0700); |
30535c16 LP |
1138 | |
1139 | r = make_lock_file(p, operation, global); | |
1140 | if (r < 0) { | |
1141 | release_lock_file(&t); | |
1142 | return r; | |
1143 | } | |
546dbec5 LP |
1144 | } else |
1145 | *global = (LockFile) LOCK_FILE_INIT; | |
30535c16 LP |
1146 | |
1147 | *local = t; | |
1148 | return 0; | |
1149 | } | |
1150 | ||
cb81cd80 | 1151 | int image_set_limit(Image *i, uint64_t referenced_max) { |
d6ce17c7 LP |
1152 | assert(i); |
1153 | ||
d94c2b06 | 1154 | if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i)) |
d6ce17c7 LP |
1155 | return -EROFS; |
1156 | ||
1157 | if (i->type != IMAGE_SUBVOLUME) | |
15411c0c | 1158 | return -EOPNOTSUPP; |
d6ce17c7 | 1159 | |
5bcd08db LP |
1160 | /* We set the quota both for the subvolume as well as for the |
1161 | * subtree. The latter is mostly for historical reasons, since | |
1162 | * we didn't use to have a concept of subtree quota, and hence | |
1163 | * only modified the subvolume quota. */ | |
1164 | ||
1165 | (void) btrfs_qgroup_set_limit(i->path, 0, referenced_max); | |
1166 | (void) btrfs_subvol_auto_qgroup(i->path, 0, true); | |
1167 | return btrfs_subvol_set_subtree_quota_limit(i->path, 0, referenced_max); | |
d6ce17c7 LP |
1168 | } |
1169 | ||
84be0c71 | 1170 | int image_read_metadata(Image *i, const ImagePolicy *image_policy) { |
8e766630 | 1171 | _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT; |
c7664c07 LP |
1172 | int r; |
1173 | ||
1174 | assert(i); | |
1175 | ||
1176 | r = image_path_lock(i->path, LOCK_SH|LOCK_NB, &global_lock, &local_lock); | |
1177 | if (r < 0) | |
1178 | return r; | |
1179 | ||
1180 | switch (i->type) { | |
1181 | ||
1182 | case IMAGE_SUBVOLUME: | |
1183 | case IMAGE_DIRECTORY: { | |
a81fe93e LP |
1184 | _cleanup_strv_free_ char **machine_info = NULL, **os_release = NULL, **sysext_release = NULL, **confext_release = NULL; |
1185 | _cleanup_free_ char *hostname = NULL, *path = NULL; | |
c7664c07 | 1186 | sd_id128_t machine_id = SD_ID128_NULL; |
c7664c07 | 1187 | |
b60e0f57 | 1188 | if (i->class == IMAGE_SYSEXT) { |
6afa5d86 LB |
1189 | r = extension_has_forbidden_content(i->path); |
1190 | if (r < 0) | |
1191 | return r; | |
1192 | if (r > 0) | |
1193 | return log_debug_errno(SYNTHETIC_ERRNO(ENOMEDIUM), | |
1194 | "Conflicting content found in image %s, refusing.", | |
1195 | i->name); | |
1196 | } | |
1197 | ||
f461a28d | 1198 | r = chase("/etc/hostname", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL); |
c7664c07 LP |
1199 | if (r < 0 && r != -ENOENT) |
1200 | log_debug_errno(r, "Failed to chase /etc/hostname in image %s: %m", i->name); | |
1201 | else if (r >= 0) { | |
1202 | r = read_etc_hostname(path, &hostname); | |
1203 | if (r < 0) | |
1204 | log_debug_errno(errno, "Failed to read /etc/hostname of image %s: %m", i->name); | |
1205 | } | |
1206 | ||
1207 | path = mfree(path); | |
1208 | ||
f7b5f399 YW |
1209 | r = id128_get_machine(i->path, &machine_id); |
1210 | if (r < 0) | |
1211 | log_debug_errno(r, "Failed to read machine ID in image %s, ignoring: %m", i->name); | |
c7664c07 | 1212 | |
f461a28d | 1213 | r = chase("/etc/machine-info", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL); |
c7664c07 LP |
1214 | if (r < 0 && r != -ENOENT) |
1215 | log_debug_errno(r, "Failed to chase /etc/machine-info in image %s: %m", i->name); | |
1216 | else if (r >= 0) { | |
aa8fbc74 | 1217 | r = load_env_file_pairs(NULL, path, &machine_info); |
c7664c07 LP |
1218 | if (r < 0) |
1219 | log_debug_errno(r, "Failed to parse machine-info data of %s: %m", i->name); | |
1220 | } | |
1221 | ||
d58ad743 LP |
1222 | r = load_os_release_pairs(i->path, &os_release); |
1223 | if (r < 0) | |
1224 | log_debug_errno(r, "Failed to read os-release in image, ignoring: %m"); | |
c7664c07 | 1225 | |
a81fe93e | 1226 | r = load_extension_release_pairs(i->path, IMAGE_SYSEXT, i->name, /* relax_extension_release_check= */ false, &sysext_release); |
bcf94222 | 1227 | if (r < 0) |
a81fe93e LP |
1228 | log_debug_errno(r, "Failed to read sysext-release in image, ignoring: %m"); |
1229 | ||
1230 | r = load_extension_release_pairs(i->path, IMAGE_CONFEXT, i->name, /* relax_extension_release_check= */ false, &confext_release); | |
1231 | if (r < 0) | |
1232 | log_debug_errno(r, "Failed to read confext-release in image, ignoring: %m"); | |
bcf94222 | 1233 | |
c7664c07 LP |
1234 | free_and_replace(i->hostname, hostname); |
1235 | i->machine_id = machine_id; | |
1236 | strv_free_and_replace(i->machine_info, machine_info); | |
1237 | strv_free_and_replace(i->os_release, os_release); | |
a81fe93e LP |
1238 | strv_free_and_replace(i->sysext_release, sysext_release); |
1239 | strv_free_and_replace(i->confext_release, confext_release); | |
c7664c07 LP |
1240 | break; |
1241 | } | |
1242 | ||
1243 | case IMAGE_RAW: | |
1244 | case IMAGE_BLOCK: { | |
1245 | _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; | |
1246 | _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; | |
1247 | ||
22ee78a8 | 1248 | r = loop_device_make_by_path(i->path, O_RDONLY, /* sector_size= */ UINT32_MAX, LO_FLAGS_PARTSCAN, LOCK_SH, &d); |
41bc4849 LP |
1249 | if (r < 0) |
1250 | return r; | |
1251 | ||
bad31660 YW |
1252 | r = dissect_loop_device( |
1253 | d, | |
84be0c71 LP |
1254 | /* verity= */ NULL, |
1255 | /* mount_options= */ NULL, | |
1256 | image_policy, | |
4b5de5dd LP |
1257 | DISSECT_IMAGE_GENERIC_ROOT | |
1258 | DISSECT_IMAGE_REQUIRE_ROOT | | |
1259 | DISSECT_IMAGE_RELAX_VAR_CHECK | | |
f6f4ec79 | 1260 | DISSECT_IMAGE_READ_ONLY | |
73d88b80 LP |
1261 | DISSECT_IMAGE_USR_NO_ROOT | |
1262 | DISSECT_IMAGE_ADD_PARTITION_DEVICES | | |
1263 | DISSECT_IMAGE_PIN_PARTITION_DEVICES, | |
75dc190d | 1264 | &m); |
c7664c07 LP |
1265 | if (r < 0) |
1266 | return r; | |
1267 | ||
22847508 ZJS |
1268 | r = dissected_image_acquire_metadata(m, |
1269 | DISSECT_IMAGE_VALIDATE_OS | | |
1270 | DISSECT_IMAGE_VALIDATE_OS_EXT); | |
c7664c07 LP |
1271 | if (r < 0) |
1272 | return r; | |
1273 | ||
1274 | free_and_replace(i->hostname, m->hostname); | |
1275 | i->machine_id = m->machine_id; | |
1276 | strv_free_and_replace(i->machine_info, m->machine_info); | |
1277 | strv_free_and_replace(i->os_release, m->os_release); | |
a81fe93e LP |
1278 | strv_free_and_replace(i->sysext_release, m->sysext_release); |
1279 | strv_free_and_replace(i->confext_release, m->confext_release); | |
c7664c07 LP |
1280 | |
1281 | break; | |
1282 | } | |
1283 | ||
1284 | default: | |
1285 | return -EOPNOTSUPP; | |
1286 | } | |
1287 | ||
1288 | i->metadata_valid = true; | |
1289 | ||
1290 | return 0; | |
1291 | } | |
1292 | ||
30535c16 | 1293 | int image_name_lock(const char *name, int operation, LockFile *ret) { |
99d97afc LP |
1294 | const char *p; |
1295 | ||
30535c16 LP |
1296 | assert(name); |
1297 | assert(ret); | |
1298 | ||
1299 | /* Locks an image name, regardless of the precise path used. */ | |
1300 | ||
99d97afc LP |
1301 | if (streq(name, ".host")) |
1302 | return -EBUSY; | |
1303 | ||
30535c16 LP |
1304 | if (!image_name_is_valid(name)) |
1305 | return -EINVAL; | |
1306 | ||
b6e953f2 LP |
1307 | if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) { |
1308 | *ret = (LockFile) LOCK_FILE_INIT; | |
1309 | return 0; | |
1310 | } | |
1311 | ||
6e5dcce4 | 1312 | (void) mkdir_p("/run/systemd/nspawn/locks", 0700); |
99d97afc LP |
1313 | |
1314 | p = strjoina("/run/systemd/nspawn/locks/name-", name); | |
30535c16 LP |
1315 | return make_lock_file(p, operation, ret); |
1316 | } | |
1317 | ||
d577d4a4 LP |
1318 | bool image_in_search_path( |
1319 | ImageClass class, | |
1320 | const char *root, | |
1321 | const char *image) { | |
1322 | ||
ace9ab19 LP |
1323 | assert(image); |
1324 | ||
73740c9f | 1325 | NULSTR_FOREACH(path, pick_image_search_path(class)) { |
d577d4a4 | 1326 | const char *p, *q; |
ace9ab19 LP |
1327 | size_t k; |
1328 | ||
d577d4a4 LP |
1329 | if (!empty_or_root(root)) { |
1330 | q = path_startswith(path, root); | |
1331 | if (!q) | |
1332 | continue; | |
1333 | } else | |
1334 | q = path; | |
1335 | ||
1336 | p = path_startswith(q, path); | |
ace9ab19 LP |
1337 | if (!p) |
1338 | continue; | |
1339 | ||
1340 | /* Make sure there's a filename following */ | |
1341 | k = strcspn(p, "/"); | |
1342 | if (k == 0) | |
1343 | continue; | |
1344 | ||
1345 | p += k; | |
1346 | ||
1347 | /* Accept trailing slashes */ | |
1348 | if (p[strspn(p, "/")] == 0) | |
1349 | return true; | |
1350 | ||
1351 | } | |
1352 | ||
1353 | return false; | |
1354 | } | |
1355 | ||
cd61c3bf LP |
1356 | static const char* const image_type_table[_IMAGE_TYPE_MAX] = { |
1357 | [IMAGE_DIRECTORY] = "directory", | |
1358 | [IMAGE_SUBVOLUME] = "subvolume", | |
aceac2f0 | 1359 | [IMAGE_RAW] = "raw", |
eb38edce | 1360 | [IMAGE_BLOCK] = "block", |
cd61c3bf LP |
1361 | }; |
1362 | ||
1363 | DEFINE_STRING_TABLE_LOOKUP(image_type, ImageType); |