| | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
| | 2 | |
| | 3 | #include <unistd.h> |
| | 4 | |
| | 5 | #include "sd-bus.h" |
| | 6 | #include "sd-id128.h" |
| | 7 | |
| | 8 | #include "alloc-util.h" |
| | 9 | #include "btrfs-util.h" |
| | 10 | #include "bus-common-errors.h" |
| | 11 | #include "bus-get-properties.h" |
| | 12 | #include "bus-locator.h" |
| | 13 | #include "bus-message-util.h" |
| | 14 | #include "bus-object.h" |
| | 15 | #include "bus-polkit.h" |
| | 16 | #include "bus-util.h" |
| | 17 | #include "cgroup-util.h" |
| | 18 | #include "discover-image.h" |
| | 19 | #include "errno-util.h" |
| | 20 | #include "fd-util.h" |
| | 21 | #include "fileio.h" |
| | 22 | #include "format-util.h" |
| | 23 | #include "hashmap.h" |
| | 24 | #include "hostname-util.h" |
| | 25 | #include "image.h" |
| | 26 | #include "image-dbus.h" |
| | 27 | #include "io-util.h" |
| | 28 | #include "machine.h" |
| | 29 | #include "machine-dbus.h" |
| | 30 | #include "machine-pool.h" |
| | 31 | #include "machined.h" |
| | 32 | #include "namespace-util.h" |
| | 33 | #include "operation.h" |
| | 34 | #include "os-util.h" |
| | 35 | #include "path-util.h" |
| | 36 | #include "socket-util.h" |
| | 37 | #include "string-util.h" |
| | 38 | #include "strv.h" |
| | 39 | #include "unit-def.h" |
| | 40 | #include "user-util.h" |
| | 41 | |
| | 42 | static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_pool_path, "s", "/var/lib/machines"); |
| | 43 | |
| | 44 | static int property_get_pool_usage( |
| | 45 | sd_bus *bus, |
| | 46 | const char *path, |
| | 47 | const char *interface, |
| | 48 | const char *property, |
| | 49 | sd_bus_message *reply, |
| | 50 | void *userdata, |
| | 51 | sd_bus_error *error) { |
| | 52 | |
| | 53 | _cleanup_close_ int fd = -EBADF; |
| | 54 | uint64_t usage = UINT64_MAX; |
| | 55 | |
| | 56 | assert(bus); |
| | 57 | assert(reply); |
| | 58 | |
| | 59 | fd = open("/var/lib/machines", O_RDONLY|O_CLOEXEC|O_DIRECTORY); |
| | 60 | if (fd >= 0) { |
| | 61 | BtrfsQuotaInfo q; |
| | 62 | |
| | 63 | if (btrfs_subvol_get_subtree_quota_fd(fd, 0, &q) >= 0) |
| | 64 | usage = q.referenced; |
| | 65 | } |
| | 66 | |
| | 67 | return sd_bus_message_append(reply, "t", usage); |
| | 68 | } |
| | 69 | |
| | 70 | static int property_get_pool_limit( |
| | 71 | sd_bus *bus, |
| | 72 | const char *path, |
| | 73 | const char *interface, |
| | 74 | const char *property, |
| | 75 | sd_bus_message *reply, |
| | 76 | void *userdata, |
| | 77 | sd_bus_error *error) { |
| | 78 | |
| | 79 | _cleanup_close_ int fd = -EBADF; |
| | 80 | uint64_t size = UINT64_MAX; |
| | 81 | |
| | 82 | assert(bus); |
| | 83 | assert(reply); |
| | 84 | |
| | 85 | fd = open("/var/lib/machines", O_RDONLY|O_CLOEXEC|O_DIRECTORY); |
| | 86 | if (fd >= 0) { |
| | 87 | BtrfsQuotaInfo q; |
| | 88 | |
| | 89 | if (btrfs_subvol_get_subtree_quota_fd(fd, 0, &q) >= 0) |
| | 90 | size = q.referenced_max; |
| | 91 | } |
| | 92 | |
| | 93 | return sd_bus_message_append(reply, "t", size); |
| | 94 | } |
| | 95 | |
| | 96 | static int method_get_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 97 | _cleanup_free_ char *p = NULL; |
| | 98 | Manager *m = ASSERT_PTR(userdata); |
| | 99 | Machine *machine; |
| | 100 | const char *name; |
| | 101 | int r; |
| | 102 | |
| | 103 | assert(message); |
| | 104 | |
| | 105 | r = sd_bus_message_read(message, "s", &name); |
| | 106 | if (r < 0) |
| | 107 | return r; |
| | 108 | |
| | 109 | machine = hashmap_get(m->machines, name); |
| | 110 | if (!machine) |
| | 111 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name); |
| | 112 | |
| | 113 | p = machine_bus_path(machine); |
| | 114 | if (!p) |
| | 115 | return -ENOMEM; |
| | 116 | |
| | 117 | return sd_bus_reply_method_return(message, "o", p); |
| | 118 | } |
| | 119 | |
| | 120 | static int method_get_image(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 121 | _cleanup_free_ char *p = NULL; |
| | 122 | _unused_ Manager *m = ASSERT_PTR(userdata); |
| | 123 | const char *name; |
| | 124 | int r; |
| | 125 | |
| | 126 | assert(message); |
| | 127 | |
| | 128 | r = sd_bus_message_read(message, "s", &name); |
| | 129 | if (r < 0) |
| | 130 | return r; |
| | 131 | |
| | 132 | r = image_find(m->runtime_scope, IMAGE_MACHINE, name, NULL, NULL); |
| | 133 | if (r == -ENOENT) |
| | 134 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name); |
| | 135 | if (r < 0) |
| | 136 | return r; |
| | 137 | |
| | 138 | p = image_bus_path(name); |
| | 139 | if (!p) |
| | 140 | return -ENOMEM; |
| | 141 | |
| | 142 | return sd_bus_reply_method_return(message, "o", p); |
| | 143 | } |
| | 144 | |
| | 145 | static int method_get_machine_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 146 | _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL; |
| | 147 | _cleanup_free_ char *p = NULL; |
| | 148 | Manager *m = ASSERT_PTR(userdata); |
| | 149 | Machine *machine = NULL; |
| | 150 | pid_t pid; |
| | 151 | int r; |
| | 152 | |
| | 153 | assert(message); |
| | 154 | |
| | 155 | assert_cc(sizeof(pid_t) == sizeof(uint32_t)); |
| | 156 | |
| | 157 | r = sd_bus_message_read(message, "u", &pid); |
| | 158 | if (r < 0) |
| | 159 | return r; |
| | 160 | |
| | 161 | if (pid < 0) |
| | 162 | return -EINVAL; |
| | 163 | |
| | 164 | pidref = PIDREF_MAKE_FROM_PID(pid); |
| | 165 | |
| | 166 | if (pid == 0) { |
| | 167 | _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; |
| | 168 | |
| | 169 | r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID|SD_BUS_CREDS_PIDFD, &creds); |
| | 170 | if (r < 0) |
| | 171 | return r; |
| | 172 | |
| | 173 | r = bus_creds_get_pidref(creds, &pidref); |
| | 174 | if (r < 0) |
| | 175 | return r; |
| | 176 | } |
| | 177 | |
| | 178 | r = manager_get_machine_by_pidref(m, &pidref, &machine); |
| | 179 | if (r < 0) |
| | 180 | return r; |
| | 181 | if (r == 0) |
| | 182 | return sd_bus_error_setf(error, BUS_ERROR_NO_MACHINE_FOR_PID, "PID "PID_FMT" does not belong to any known machine", pid); |
| | 183 | |
| | 184 | p = machine_bus_path(machine); |
| | 185 | if (!p) |
| | 186 | return -ENOMEM; |
| | 187 | |
| | 188 | return sd_bus_reply_method_return(message, "o", p); |
| | 189 | } |
| | 190 | |
| | 191 | static int method_list_machines(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 192 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; |
| | 193 | Manager *m = ASSERT_PTR(userdata); |
| | 194 | Machine *machine; |
| | 195 | int r; |
| | 196 | |
| | 197 | assert(message); |
| | 198 | |
| | 199 | r = sd_bus_message_new_method_return(message, &reply); |
| | 200 | if (r < 0) |
| | 201 | return sd_bus_error_set_errno(error, r); |
| | 202 | |
| | 203 | r = sd_bus_message_open_container(reply, 'a', "(ssso)"); |
| | 204 | if (r < 0) |
| | 205 | return sd_bus_error_set_errno(error, r); |
| | 206 | |
| | 207 | HASHMAP_FOREACH(machine, m->machines) { |
| | 208 | _cleanup_free_ char *p = NULL; |
| | 209 | |
| | 210 | p = machine_bus_path(machine); |
| | 211 | if (!p) |
| | 212 | return -ENOMEM; |
| | 213 | |
| | 214 | r = sd_bus_message_append(reply, "(ssso)", |
| | 215 | machine->name, |
| | 216 | strempty(machine_class_to_string(machine->class)), |
| | 217 | machine->service, |
| | 218 | p); |
| | 219 | if (r < 0) |
| | 220 | return sd_bus_error_set_errno(error, r); |
| | 221 | } |
| | 222 | |
| | 223 | r = sd_bus_message_close_container(reply); |
| | 224 | if (r < 0) |
| | 225 | return sd_bus_error_set_errno(error, r); |
| | 226 | |
| | 227 | return sd_bus_message_send(reply); |
| | 228 | } |
| | 229 | |
| | 230 | static int machine_add_from_params( |
| | 231 | Manager *manager, |
| | 232 | sd_bus_message *message, |
| | 233 | const char *polkit_action, |
| | 234 | const char *name, |
| | 235 | MachineClass c, |
| | 236 | sd_id128_t id, |
| | 237 | const char *service, |
| | 238 | PidRef *leader_pidref, |
| | 239 | PidRef *supervisor_pidref, |
| | 240 | const char *root_directory, |
| | 241 | const int32_t *netif, |
| | 242 | size_t n_netif, |
| | 243 | unsigned cid, |
| | 244 | const char *ssh_address, |
| | 245 | const char *ssh_private_key_path, |
| | 246 | Machine **ret, |
| | 247 | sd_bus_error *error) { |
| | 248 | |
| | 249 | Machine *m; |
| | 250 | int r; |
| | 251 | |
| | 252 | assert(manager); |
| | 253 | assert(message); |
| | 254 | assert(name); |
| | 255 | assert(ret); |
| | 256 | |
| | 257 | if (leader_pidref->pid == 1) |
| | 258 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID"); |
| | 259 | if (supervisor_pidref->pid == 1) |
| | 260 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid supervisor PID"); |
| | 261 | |
| | 262 | _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; |
| | 263 | r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds); |
| | 264 | if (r < 0) |
| | 265 | return r; |
| | 266 | |
| | 267 | uid_t uid; |
| | 268 | r = sd_bus_creds_get_euid(creds, &uid); |
| | 269 | if (r < 0) |
| | 270 | return r; |
| | 271 | |
| | 272 | /* Ensure an unprivileged user cannot claim any process they don't control as their own machine */ |
| | 273 | if (uid != 0) { |
| | 274 | r = process_is_owned_by_uid(leader_pidref, uid); |
| | 275 | if (r < 0) |
| | 276 | return r; |
| | 277 | if (r == 0) |
| | 278 | return sd_bus_error_set(error, SD_BUS_ERROR_ACCESS_DENIED, "Only root may register machines for other users"); |
| | 279 | } |
| | 280 | |
| | 281 | if (manager->runtime_scope != RUNTIME_SCOPE_USER) { |
| | 282 | const char *details[] = { |
| | 283 | "name", name, |
| | 284 | "class", machine_class_to_string(c), |
| | 285 | NULL |
| | 286 | }; |
| | 287 | |
| | 288 | r = bus_verify_polkit_async( |
| | 289 | message, |
| | 290 | polkit_action, |
| | 291 | details, |
| | 292 | &manager->polkit_registry, |
| | 293 | error); |
| | 294 | if (r < 0) |
| | 295 | return r; |
| | 296 | if (r == 0) |
| | 297 | return 0; /* Will call us back */ |
| | 298 | } |
| | 299 | |
| | 300 | r = manager_add_machine(manager, name, &m); |
| | 301 | if (r < 0) |
| | 302 | return r; |
| | 303 | |
| | 304 | m->leader = TAKE_PIDREF(*leader_pidref); |
| | 305 | m->supervisor = TAKE_PIDREF(*supervisor_pidref); |
| | 306 | m->class = c; |
| | 307 | m->id = id; |
| | 308 | m->uid = uid; |
| | 309 | m->vsock_cid = cid; |
| | 310 | |
| | 311 | if (!isempty(service)) { |
| | 312 | m->service = strdup(service); |
| | 313 | if (!m->service) { |
| | 314 | r = -ENOMEM; |
| | 315 | goto fail; |
| | 316 | } |
| | 317 | } |
| | 318 | |
| | 319 | if (!isempty(root_directory)) { |
| | 320 | m->root_directory = strdup(root_directory); |
| | 321 | if (!m->root_directory) { |
| | 322 | r = -ENOMEM; |
| | 323 | goto fail; |
| | 324 | } |
| | 325 | } |
| | 326 | |
| | 327 | if (n_netif > 0) { |
| | 328 | assert_cc(sizeof(int32_t) == sizeof(int)); |
| | 329 | m->netif = memdup(netif, sizeof(int32_t) * n_netif); |
| | 330 | if (!m->netif) { |
| | 331 | r = -ENOMEM; |
| | 332 | goto fail; |
| | 333 | } |
| | 334 | |
| | 335 | m->n_netif = n_netif; |
| | 336 | } |
| | 337 | |
| | 338 | if (!isempty(ssh_address)) { |
| | 339 | m->ssh_address = strdup(ssh_address); |
| | 340 | if (!m->ssh_address) { |
| | 341 | r = -ENOMEM; |
| | 342 | goto fail; |
| | 343 | } |
| | 344 | } |
| | 345 | |
| | 346 | if (!isempty(ssh_private_key_path)) { |
| | 347 | m->ssh_private_key_path = strdup(ssh_private_key_path); |
| | 348 | if (!m->ssh_private_key_path) { |
| | 349 | r = -ENOMEM; |
| | 350 | goto fail; |
| | 351 | } |
| | 352 | } |
| | 353 | |
| | 354 | *ret = m; |
| | 355 | return 1; |
| | 356 | |
| | 357 | fail: |
| | 358 | machine_add_to_gc_queue(m); |
| | 359 | return r; |
| | 360 | } |
| | 361 | |
| | 362 | static int method_create_or_register_machine( |
| | 363 | Manager *manager, |
| | 364 | sd_bus_message *message, |
| | 365 | const char *polkit_action, |
| | 366 | Machine **ret, |
| | 367 | sd_bus_error *error) { |
| | 368 | |
| | 369 | _cleanup_(pidref_done) PidRef leader_pidref = PIDREF_NULL, supervisor_pidref = PIDREF_NULL; |
| | 370 | const char *name, *service, *class, *root_directory; |
| | 371 | const int32_t *netif = NULL; |
| | 372 | MachineClass c; |
| | 373 | uint32_t leader; |
| | 374 | sd_id128_t id; |
| | 375 | size_t n_netif = 0; |
| | 376 | int r; |
| | 377 | |
| | 378 | assert(manager); |
| | 379 | assert(message); |
| | 380 | assert(ret); |
| | 381 | |
| | 382 | r = sd_bus_message_read(message, "s", &name); |
| | 383 | if (r < 0) |
| | 384 | return r; |
| | 385 | if (!hostname_is_valid(name, 0)) |
| | 386 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine name"); |
| | 387 | |
| | 388 | r = bus_message_read_id128(message, &id); |
| | 389 | if (r < 0) |
| | 390 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine ID parameter"); |
| | 391 | |
| | 392 | r = sd_bus_message_read(message, "ssus", &service, &class, &leader, &root_directory); |
| | 393 | if (r < 0) |
| | 394 | return r; |
| | 395 | |
| | 396 | if (endswith(sd_bus_message_get_member(message), "WithNetwork")) { |
| | 397 | r = sd_bus_message_read_array(message, 'i', (const void**) &netif, &n_netif); |
| | 398 | if (r < 0) |
| | 399 | return r; |
| | 400 | |
| | 401 | n_netif /= sizeof(int32_t); |
| | 402 | |
| | 403 | for (size_t i = 0; i < n_netif; i++) { |
| | 404 | if (netif[i] <= 0) |
| | 405 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid network interface index %i", netif[i]); |
| | 406 | } |
| | 407 | } |
| | 408 | |
| | 409 | if (isempty(class)) |
| | 410 | c = _MACHINE_CLASS_INVALID; |
| | 411 | else { |
| | 412 | c = machine_class_from_string(class); |
| | 413 | if (c < 0) |
| | 414 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine class parameter"); |
| | 415 | } |
| | 416 | |
| | 417 | if (leader == 1) |
| | 418 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID"); |
| | 419 | |
| | 420 | if (!isempty(root_directory) && (!path_is_absolute(root_directory) || !path_is_valid(root_directory))) |
| | 421 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Root directory must be empty or an absolute path"); |
| | 422 | |
| | 423 | if (leader == 0) { |
| | 424 | /* If no PID is specified, the client is the leader */ |
| | 425 | r = bus_query_sender_pidref(message, &leader_pidref); |
| | 426 | if (r < 0) |
| | 427 | return sd_bus_error_set_errnof(error, r, "Failed to pin client process: %m"); |
| | 428 | } else { |
| | 429 | /* If a PID is specified that's the leader, but if the client process is different from it, than that's the supervisor */ |
| | 430 | r = pidref_set_pid(&leader_pidref, leader); |
| | 431 | if (r < 0) |
| | 432 | return sd_bus_error_set_errnof(error, r, "Failed to pin process " PID_FMT ": %m", (pid_t) leader); |
| | 433 | |
| | 434 | _cleanup_(pidref_done) PidRef client_pidref = PIDREF_NULL; |
| | 435 | r = bus_query_sender_pidref(message, &client_pidref); |
| | 436 | if (r < 0) |
| | 437 | return sd_bus_error_set_errnof(error, r, "Failed to pin client process: %m"); |
| | 438 | |
| | 439 | if (!pidref_equal(&client_pidref, &leader_pidref)) |
| | 440 | supervisor_pidref = TAKE_PIDREF(client_pidref); |
| | 441 | } |
| | 442 | |
| | 443 | if (hashmap_get(manager->machines, name)) |
| | 444 | return sd_bus_error_setf(error, BUS_ERROR_MACHINE_EXISTS, "Machine '%s' already exists", name); |
| | 445 | |
| | 446 | return machine_add_from_params( |
| | 447 | manager, |
| | 448 | message, |
| | 449 | polkit_action, |
| | 450 | name, |
| | 451 | c, |
| | 452 | id, |
| | 453 | service, |
| | 454 | &leader_pidref, |
| | 455 | &supervisor_pidref, |
| | 456 | root_directory, |
| | 457 | netif, |
| | 458 | n_netif, |
| | 459 | /* cid= */ 0, |
| | 460 | /* ssh_address= */ NULL, |
| | 461 | /* ssh_private_key_path= */ NULL, |
| | 462 | ret, |
| | 463 | error); |
| | 464 | } |
| | 465 | |
| | 466 | static int method_create_or_register_machine_ex( |
| | 467 | Manager *manager, |
| | 468 | sd_bus_message *message, |
| | 469 | const char *polkit_action, |
| | 470 | Machine **ret, |
| | 471 | sd_bus_error *error) { |
| | 472 | |
| | 473 | const char *name = NULL, *service = NULL, *class = NULL, *root_directory = NULL, *ssh_address = NULL, *ssh_private_key_path = NULL; |
| | 474 | _cleanup_(pidref_done) PidRef leader_pidref = PIDREF_NULL, supervisor_pidref = PIDREF_NULL; |
| | 475 | sd_id128_t id = SD_ID128_NULL; |
| | 476 | const int32_t *netif = NULL; |
| | 477 | size_t n_netif = 0; |
| | 478 | unsigned cid = 0; |
| | 479 | MachineClass c; |
| | 480 | uint64_t leader_pidfdid = 0; |
| | 481 | uint32_t leader_pid = 0; |
| | 482 | int r, leader_pidfd = -EBADF; |
| | 483 | |
| | 484 | assert(manager); |
| | 485 | assert(message); |
| | 486 | assert(ret); |
| | 487 | |
| | 488 | r = sd_bus_message_read(message, "s", &name); |
| | 489 | if (r < 0) |
| | 490 | return r; |
| | 491 | if (!hostname_is_valid(name, 0)) |
| | 492 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine name"); |
| | 493 | |
| | 494 | r = sd_bus_message_enter_container(message, 'a', "(sv)"); |
| | 495 | if (r < 0) |
| | 496 | return r; |
| | 497 | |
| | 498 | for (;;) { |
| | 499 | const char *key; |
| | 500 | |
| | 501 | r = sd_bus_message_enter_container(message, 'r', "sv"); |
| | 502 | if (r < 0) |
| | 503 | return r; |
| | 504 | if (r == 0) |
| | 505 | break; |
| | 506 | |
| | 507 | r = sd_bus_message_read(message, "s", &key); |
| | 508 | if (r < 0) |
| | 509 | return r; |
| | 510 | |
| | 511 | r = sd_bus_message_enter_container(message, 'v', NULL); |
| | 512 | if (r < 0) |
| | 513 | return r; |
| | 514 | |
| | 515 | if (streq(key, "Id")) { |
| | 516 | r = bus_message_read_id128(message, &id); |
| | 517 | if (r < 0) |
| | 518 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine ID parameter"); |
| | 519 | } else if (streq(key, "Service")) { |
| | 520 | r = sd_bus_message_read(message, "s", &service); |
| | 521 | if (r < 0) |
| | 522 | return r; |
| | 523 | } else if (streq(key, "Class")) { |
| | 524 | r = sd_bus_message_read(message, "s", &class); |
| | 525 | if (r < 0) |
| | 526 | return r; |
| | 527 | } else if (streq(key, "LeaderPID")) { |
| | 528 | r = sd_bus_message_read(message, "u", &leader_pid); |
| | 529 | if (r < 0) |
| | 530 | return r; |
| | 531 | } else if (streq(key, "LeaderPIDFD")) { |
| | 532 | r = sd_bus_message_read(message, "h", &leader_pidfd); |
| | 533 | if (r < 0) |
| | 534 | return r; |
| | 535 | } else if (streq(key, "LeaderPIDFDID")) { |
| | 536 | r = sd_bus_message_read(message, "t", &leader_pidfdid); |
| | 537 | if (r < 0) |
| | 538 | return r; |
| | 539 | } else if (streq(key, "RootDirectory")) { |
| | 540 | r = sd_bus_message_read(message, "s", &root_directory); |
| | 541 | if (r < 0) |
| | 542 | return r; |
| | 543 | } else if (streq(key, "NetworkInterfaces")) { |
| | 544 | r = sd_bus_message_read_array(message, 'i', (const void**) &netif, &n_netif); |
| | 545 | if (r < 0) |
| | 546 | return r; |
| | 547 | |
| | 548 | n_netif /= sizeof(int32_t); |
| | 549 | |
| | 550 | for (size_t i = 0; i < n_netif; i++) |
| | 551 | if (netif[i] <= 0) |
| | 552 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid network interface index %i", netif[i]); |
| | 553 | } else if (streq(key, "VSockCID")) { |
| | 554 | r = sd_bus_message_read(message, "u", &cid); |
| | 555 | if (r < 0) |
| | 556 | return r; |
| | 557 | |
| | 558 | if (!VSOCK_CID_IS_REGULAR(cid)) |
| | 559 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "JSON field 'vSockCid' is not a regular VSOCK CID."); |
| | 560 | } else if (streq(key, "SSHAddress")) { |
| | 561 | r = sd_bus_message_read(message, "s", &ssh_address); |
| | 562 | if (r < 0) |
| | 563 | return r; |
| | 564 | } else if (streq(key, "SSHPrivateKeyPath")) { |
| | 565 | r = sd_bus_message_read(message, "s", &ssh_private_key_path); |
| | 566 | if (r < 0) |
| | 567 | return r; |
| | 568 | } else |
| | 569 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown property '%s'", key); |
| | 570 | |
| | 571 | r = sd_bus_message_exit_container(message); |
| | 572 | if (r < 0) |
| | 573 | return r; |
| | 574 | |
| | 575 | r = sd_bus_message_exit_container(message); |
| | 576 | if (r < 0) |
| | 577 | return r; |
| | 578 | } |
| | 579 | |
| | 580 | r = sd_bus_message_exit_container(message); |
| | 581 | if (r < 0) |
| | 582 | return r; |
| | 583 | |
| | 584 | if (isempty(class)) |
| | 585 | c = _MACHINE_CLASS_INVALID; |
| | 586 | else { |
| | 587 | c = machine_class_from_string(class); |
| | 588 | if (c < 0) |
| | 589 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine class parameter"); |
| | 590 | } |
| | 591 | |
| | 592 | if (!isempty(root_directory) && (!path_is_absolute(root_directory) || !path_is_valid(root_directory))) |
| | 593 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Root directory must be empty or an absolute path"); |
| | 594 | |
| | 595 | if (hashmap_get(manager->machines, name)) |
| | 596 | return sd_bus_error_setf(error, BUS_ERROR_MACHINE_EXISTS, "Machine '%s' already exists", name); |
| | 597 | |
| | 598 | /* If a PID is specified that's the leader, but if the client process is different from it, than that's the supervisor */ |
| | 599 | if (leader_pidfd >= 0) { |
| | 600 | r = pidref_set_pidfd(&leader_pidref, leader_pidfd); |
| | 601 | if (r < 0) |
| | 602 | return sd_bus_error_set_errnof(error, r, "Failed to parse PIDFD %d: %m", leader_pidfd); |
| | 603 | |
| | 604 | if (leader_pid > 0 && leader_pidref.pid != (pid_t) leader_pid) |
| | 605 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "LeaderPID and LeaderPIDFD refer to different processes"); |
| | 606 | if (leader_pidfdid > 0) { |
| | 607 | r = pidref_acquire_pidfd_id(&leader_pidref); |
| | 608 | if (r >= 0 && leader_pidref.fd_id != leader_pidfdid) |
| | 609 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "LeaderPIDFDID does not match the inode number of LeaderPIDFD"); |
| | 610 | } |
| | 611 | } else if (leader_pid > 0 && leader_pidfdid > 0) { |
| | 612 | r = pidref_set_pid_and_pidfd_id(&leader_pidref, leader_pid, leader_pidfdid); |
| | 613 | if (r < 0) |
| | 614 | return sd_bus_error_set_errnof(error, r, "Failed to pin process " PID_FMT " by PIDFDID %" PRIu64 ": %m", (pid_t) leader_pid, leader_pidfdid); |
| | 615 | } else if (leader_pid > 0 || leader_pidfdid > 0) |
| | 616 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Both LeaderPID and LeaderPIDFDID must be specified to identify the leader process by PIDFDID"); |
| | 617 | |
| | 618 | if (pidref_is_set(&leader_pidref)) { |
| | 619 | _cleanup_(pidref_done) PidRef client_pidref = PIDREF_NULL; |
| | 620 | r = bus_query_sender_pidref(message, &client_pidref); |
| | 621 | if (r < 0) |
| | 622 | return sd_bus_error_set_errnof(error, r, "Failed to pin client process: %m"); |
| | 623 | |
| | 624 | if (!pidref_equal(&client_pidref, &leader_pidref)) |
| | 625 | supervisor_pidref = TAKE_PIDREF(client_pidref); |
| | 626 | } else { |
| | 627 | /* If no PID is specified, the client is the leader */ |
| | 628 | r = bus_query_sender_pidref(message, &leader_pidref); |
| | 629 | if (r < 0) |
| | 630 | return sd_bus_error_set_errnof(error, r, "Failed to pin client process: %m"); |
| | 631 | } |
| | 632 | |
| | 633 | return machine_add_from_params( |
| | 634 | manager, |
| | 635 | message, |
| | 636 | polkit_action, |
| | 637 | name, |
| | 638 | c, |
| | 639 | id, |
| | 640 | service, |
| | 641 | &leader_pidref, |
| | 642 | &supervisor_pidref, |
| | 643 | root_directory, |
| | 644 | netif, |
| | 645 | n_netif, |
| | 646 | cid, |
| | 647 | ssh_address, |
| | 648 | ssh_private_key_path, |
| | 649 | ret, |
| | 650 | error); |
| | 651 | } |
| | 652 | |
| | 653 | static int method_create_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 654 | Manager *manager = ASSERT_PTR(userdata); |
| | 655 | Machine *m = NULL; |
| | 656 | int r; |
| | 657 | |
| | 658 | assert(message); |
| | 659 | |
| | 660 | if (sd_bus_message_is_method_call(message, NULL, "CreateMachineEx")) |
| | 661 | r = method_create_or_register_machine_ex(manager, message, "org.freedesktop.machine1.create-machines", &m, error); |
| | 662 | else |
| | 663 | r = method_create_or_register_machine(manager, message, "org.freedesktop.machine1.create-machine", &m, error); |
| | 664 | if (r < 0) |
| | 665 | return r; |
| | 666 | if (r == 0) |
| | 667 | return 1; /* Will call us back */ |
| | 668 | |
| | 669 | r = sd_bus_message_enter_container(message, 'a', "(sv)"); |
| | 670 | if (r < 0) |
| | 671 | goto fail; |
| | 672 | |
| | 673 | r = machine_start(m, message, error); |
| | 674 | if (r < 0) |
| | 675 | goto fail; |
| | 676 | |
| | 677 | m->create_message = sd_bus_message_ref(message); |
| | 678 | return 1; |
| | 679 | |
| | 680 | fail: |
| | 681 | machine_add_to_gc_queue(m); |
| | 682 | return r; |
| | 683 | } |
| | 684 | |
| | 685 | static int method_register_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 686 | Manager *manager = ASSERT_PTR(userdata); |
| | 687 | _cleanup_free_ char *p = NULL; |
| | 688 | Machine *m = NULL; |
| | 689 | int r; |
| | 690 | |
| | 691 | assert(message); |
| | 692 | |
| | 693 | if (sd_bus_message_is_method_call(message, NULL, "RegisterMachineEx")) |
| | 694 | r = method_create_or_register_machine_ex(manager, message, "org.freedesktop.machine1.register-machine", &m, error); |
| | 695 | else |
| | 696 | r = method_create_or_register_machine(manager, message, "org.freedesktop.machine1.register-machine", &m, error); |
| | 697 | if (r < 0) |
| | 698 | return r; |
| | 699 | if (r == 0) |
| | 700 | return 1; /* Will call us back */ |
| | 701 | |
| | 702 | switch (manager->runtime_scope) { |
| | 703 | case RUNTIME_SCOPE_USER: |
| | 704 | r = cg_pidref_get_user_unit_full(&m->leader, &m->unit, &m->subgroup); |
| | 705 | break; |
| | 706 | |
| | 707 | case RUNTIME_SCOPE_SYSTEM: |
| | 708 | r = cg_pidref_get_unit_full(&m->leader, &m->unit, &m->subgroup); |
| | 709 | break; |
| | 710 | |
| | 711 | default: |
| | 712 | assert_not_reached(); |
| | 713 | } |
| | 714 | if (r < 0) { |
| | 715 | r = sd_bus_error_set_errnof(error, r, |
| | 716 | "Failed to determine unit of process "PID_FMT" : %m", |
| | 717 | m->leader.pid); |
| | 718 | goto fail; |
| | 719 | } |
| | 720 | |
| | 721 | if (!empty_or_root(m->subgroup)) { |
| | 722 | /* If this is not a top-level cgroup, then we need the cgroup path to be able to watch when |
| | 723 | * it empties */ |
| | 724 | |
| | 725 | r = cg_pidref_get_path(&m->leader, &m->cgroup); |
| | 726 | if (r < 0) { |
| | 727 | r = sd_bus_error_set_errnof(error, r, |
| | 728 | "Failed to determine cgroup of process "PID_FMT" : %m", |
| | 729 | m->leader.pid); |
| | 730 | goto fail; |
| | 731 | } |
| | 732 | } |
| | 733 | |
| | 734 | r = machine_start(m, NULL, error); |
| | 735 | if (r < 0) |
| | 736 | goto fail; |
| | 737 | |
| | 738 | p = machine_bus_path(m); |
| | 739 | if (!p) { |
| | 740 | r = -ENOMEM; |
| | 741 | goto fail; |
| | 742 | } |
| | 743 | |
| | 744 | return sd_bus_reply_method_return(message, "o", p); |
| | 745 | |
| | 746 | fail: |
| | 747 | machine_add_to_gc_queue(m); |
| | 748 | return r; |
| | 749 | } |
| | 750 | |
| | 751 | static int redirect_method_to_machine(sd_bus_message *message, Manager *m, sd_bus_error *error, sd_bus_message_handler_t method) { |
| | 752 | Machine *machine; |
| | 753 | const char *name; |
| | 754 | int r; |
| | 755 | |
| | 756 | assert(message); |
| | 757 | assert(m); |
| | 758 | assert(method); |
| | 759 | |
| | 760 | r = sd_bus_message_read(message, "s", &name); |
| | 761 | if (r < 0) |
| | 762 | return sd_bus_error_set_errno(error, r); |
| | 763 | |
| | 764 | machine = hashmap_get(m->machines, name); |
| | 765 | if (!machine) |
| | 766 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name); |
| | 767 | |
| | 768 | return method(message, machine, error); |
| | 769 | } |
| | 770 | |
| | 771 | static int method_unregister_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 772 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_unregister); |
| | 773 | } |
| | 774 | |
| | 775 | static int method_terminate_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 776 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_terminate); |
| | 777 | } |
| | 778 | |
| | 779 | static int method_kill_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 780 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_kill); |
| | 781 | } |
| | 782 | |
| | 783 | static int method_get_machine_addresses(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 784 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_get_addresses); |
| | 785 | } |
| | 786 | |
| | 787 | static int method_get_machine_ssh_info(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 788 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_get_ssh_info); |
| | 789 | } |
| | 790 | |
| | 791 | static int method_get_machine_os_release(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 792 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_get_os_release); |
| | 793 | } |
| | 794 | |
| | 795 | static int method_list_images(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 796 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; |
| | 797 | Manager *m = ASSERT_PTR(userdata); |
| | 798 | int r; |
| | 799 | |
| | 800 | assert(message); |
| | 801 | |
| | 802 | _cleanup_hashmap_free_ Hashmap *images = NULL; |
| | 803 | r = image_discover(m->runtime_scope, IMAGE_MACHINE, NULL, &images); |
| | 804 | if (r < 0) |
| | 805 | return r; |
| | 806 | |
| | 807 | r = sd_bus_message_new_method_return(message, &reply); |
| | 808 | if (r < 0) |
| | 809 | return r; |
| | 810 | |
| | 811 | r = sd_bus_message_open_container(reply, 'a', "(ssbttto)"); |
| | 812 | if (r < 0) |
| | 813 | return r; |
| | 814 | |
| | 815 | Image *image; |
| | 816 | HASHMAP_FOREACH(image, images) { |
| | 817 | _cleanup_free_ char *p = NULL; |
| | 818 | |
| | 819 | p = image_bus_path(image->name); |
| | 820 | if (!p) |
| | 821 | return -ENOMEM; |
| | 822 | |
| | 823 | r = sd_bus_message_append(reply, "(ssbttto)", |
| | 824 | image->name, |
| | 825 | image_type_to_string(image->type), |
| | 826 | image_is_read_only(image), |
| | 827 | image->crtime, |
| | 828 | image->mtime, |
| | 829 | image->usage, |
| | 830 | p); |
| | 831 | if (r < 0) |
| | 832 | return r; |
| | 833 | } |
| | 834 | |
| | 835 | r = sd_bus_message_close_container(reply); |
| | 836 | if (r < 0) |
| | 837 | return r; |
| | 838 | |
| | 839 | return sd_bus_message_send(reply); |
| | 840 | } |
| | 841 | |
| | 842 | static int method_open_machine_pty(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 843 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_open_pty); |
| | 844 | } |
| | 845 | |
| | 846 | static int method_open_machine_login(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 847 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_open_login); |
| | 848 | } |
| | 849 | |
| | 850 | static int method_open_machine_shell(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 851 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_open_shell); |
| | 852 | } |
| | 853 | |
| | 854 | static int method_bind_mount_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 855 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_bind_mount); |
| | 856 | } |
| | 857 | |
| | 858 | static int method_copy_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 859 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_copy); |
| | 860 | } |
| | 861 | |
| | 862 | static int method_open_machine_root_directory(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 863 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_open_root_directory); |
| | 864 | } |
| | 865 | |
| | 866 | static int method_get_machine_uid_shift(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 867 | return redirect_method_to_machine(message, userdata, error, bus_machine_method_get_uid_shift); |
| | 868 | } |
| | 869 | |
| | 870 | static int redirect_method_to_image(sd_bus_message *message, Manager *m, sd_bus_error *error, sd_bus_message_handler_t method) { |
| | 871 | const char *name; |
| | 872 | Image *i; |
| | 873 | int r; |
| | 874 | |
| | 875 | assert(message); |
| | 876 | assert(m); |
| | 877 | assert(method); |
| | 878 | |
| | 879 | r = sd_bus_message_read(message, "s", &name); |
| | 880 | if (r < 0) |
| | 881 | return r; |
| | 882 | |
| | 883 | if (!image_name_is_valid(name)) |
| | 884 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", name); |
| | 885 | |
| | 886 | r = manager_acquire_image(m, name, &i); |
| | 887 | if (r == -ENOENT) |
| | 888 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name); |
| | 889 | if (r < 0) |
| | 890 | return r; |
| | 891 | |
| | 892 | return method(message, i, error); |
| | 893 | } |
| | 894 | |
| | 895 | static int method_remove_image(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 896 | return redirect_method_to_image(message, userdata, error, bus_image_method_remove); |
| | 897 | } |
| | 898 | |
| | 899 | static int method_rename_image(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 900 | return redirect_method_to_image(message, userdata, error, bus_image_method_rename); |
| | 901 | } |
| | 902 | |
| | 903 | static int method_clone_image(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 904 | return redirect_method_to_image(message, userdata, error, bus_image_method_clone); |
| | 905 | } |
| | 906 | |
| | 907 | static int method_mark_image_read_only(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 908 | return redirect_method_to_image(message, userdata, error, bus_image_method_mark_read_only); |
| | 909 | } |
| | 910 | |
| | 911 | static int method_get_image_hostname(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 912 | return redirect_method_to_image(message, userdata, error, bus_image_method_get_hostname); |
| | 913 | } |
| | 914 | |
| | 915 | static int method_get_image_machine_id(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 916 | return redirect_method_to_image(message, userdata, error, bus_image_method_get_machine_id); |
| | 917 | } |
| | 918 | |
| | 919 | static int method_get_image_machine_info(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 920 | return redirect_method_to_image(message, userdata, error, bus_image_method_get_machine_info); |
| | 921 | } |
| | 922 | |
| | 923 | static int method_get_image_os_release(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 924 | return redirect_method_to_image(message, userdata, error, bus_image_method_get_os_release); |
| | 925 | } |
| | 926 | |
| | 927 | static int clean_pool_done(Operation *operation, int child_error, sd_bus_error *error) { |
| | 928 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; |
| | 929 | _cleanup_fclose_ FILE *file = NULL; |
| | 930 | int r; |
| | 931 | |
| | 932 | assert(operation); |
| | 933 | assert(operation->message); |
| | 934 | assert(operation->extra_fd >= 0); |
| | 935 | |
| | 936 | file = take_fdopen(&operation->extra_fd, "r"); |
| | 937 | if (!file) |
| | 938 | return log_debug_errno(errno, "Failed to take opened tmp file's fd: %m"); |
| | 939 | |
| | 940 | r = clean_pool_read_first_entry(file, child_error, error); |
| | 941 | if (r < 0) |
| | 942 | return r; |
| | 943 | |
| | 944 | r = sd_bus_message_new_method_return(operation->message, &reply); |
| | 945 | if (r < 0) |
| | 946 | return r; |
| | 947 | |
| | 948 | r = sd_bus_message_open_container(reply, 'a', "(st)"); |
| | 949 | if (r < 0) |
| | 950 | return r; |
| | 951 | |
| | 952 | /* On success the resulting temporary file will contain a list of image names that were removed followed by |
| | 953 | * their size on disk. Let's read that and turn it into a bus message. */ |
| | 954 | for (;;) { |
| | 955 | _cleanup_free_ char *name = NULL; |
| | 956 | uint64_t usage; |
| | 957 | |
| | 958 | r = clean_pool_read_next_entry(file, &name, &usage); |
| | 959 | if (r < 0) |
| | 960 | return r; |
| | 961 | if (r == 0) |
| | 962 | break; |
| | 963 | |
| | 964 | r = sd_bus_message_append(reply, "(st)", name, usage); |
| | 965 | if (r < 0) |
| | 966 | return r; |
| | 967 | } |
| | 968 | |
| | 969 | r = sd_bus_message_close_container(reply); |
| | 970 | if (r < 0) |
| | 971 | return r; |
| | 972 | |
| | 973 | return sd_bus_message_send(reply); |
| | 974 | } |
| | 975 | |
| | 976 | static int method_clean_pool(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 977 | ImageCleanPoolMode mode; |
| | 978 | Manager *m = userdata; |
| | 979 | Operation *operation; |
| | 980 | const char *mm; |
| | 981 | int r; |
| | 982 | |
| | 983 | assert(message); |
| | 984 | |
| | 985 | if (m->n_operations >= OPERATIONS_MAX) |
| | 986 | return sd_bus_error_set(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations."); |
| | 987 | |
| | 988 | r = sd_bus_message_read(message, "s", &mm); |
| | 989 | if (r < 0) |
| | 990 | return r; |
| | 991 | |
| | 992 | if (streq(mm, "all")) |
| | 993 | mode = IMAGE_CLEAN_POOL_REMOVE_ALL; |
| | 994 | else if (streq(mm, "hidden")) |
| | 995 | mode = IMAGE_CLEAN_POOL_REMOVE_HIDDEN; |
| | 996 | else |
| | 997 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown mode '%s'.", mm); |
| | 998 | |
| | 999 | if (m->runtime_scope != RUNTIME_SCOPE_USER) { |
| | 1000 | const char *details[] = { |
| | 1001 | "verb", "clean_pool", |
| | 1002 | "mode", mm, |
| | 1003 | NULL |
| | 1004 | }; |
| | 1005 | |
| | 1006 | r = bus_verify_polkit_async( |
| | 1007 | message, |
| | 1008 | "org.freedesktop.machine1.manage-machines", |
| | 1009 | details, |
| | 1010 | &m->polkit_registry, |
| | 1011 | error); |
| | 1012 | if (r < 0) |
| | 1013 | return r; |
| | 1014 | if (r == 0) |
| | 1015 | return 1; /* Will call us back */ |
| | 1016 | } |
| | 1017 | |
| | 1018 | r = image_clean_pool_operation(m, mode, &operation); |
| | 1019 | if (r < 0) |
| | 1020 | return log_debug_errno(r, "Failed to clean pool of images: %m"); |
| | 1021 | |
| | 1022 | operation_attach_bus_reply(operation, message); |
| | 1023 | operation->done = clean_pool_done; |
| | 1024 | return 1; |
| | 1025 | } |
| | 1026 | |
| | 1027 | static int method_set_pool_limit(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1028 | Manager *m = userdata; |
| | 1029 | uint64_t limit; |
| | 1030 | int r; |
| | 1031 | |
| | 1032 | assert(message); |
| | 1033 | |
| | 1034 | r = sd_bus_message_read(message, "t", &limit); |
| | 1035 | if (r < 0) |
| | 1036 | return r; |
| | 1037 | if (!FILE_SIZE_VALID_OR_INFINITY(limit)) |
| | 1038 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range"); |
| | 1039 | |
| | 1040 | if (m->runtime_scope != RUNTIME_SCOPE_USER) { |
| | 1041 | const char *details[] = { |
| | 1042 | "verb", "set_pool_limit", |
| | 1043 | NULL |
| | 1044 | }; |
| | 1045 | |
| | 1046 | r = bus_verify_polkit_async( |
| | 1047 | message, |
| | 1048 | "org.freedesktop.machine1.manage-machines", |
| | 1049 | details, |
| | 1050 | &m->polkit_registry, |
| | 1051 | error); |
| | 1052 | if (r < 0) |
| | 1053 | return r; |
| | 1054 | if (r == 0) |
| | 1055 | return 1; /* Will call us back */ |
| | 1056 | } |
| | 1057 | |
| | 1058 | /* Set up the machine directory if necessary */ |
| | 1059 | r = setup_machine_directory(error, /* use_btrfs_subvol= */ true, /* use_btrfs_quota= */ true); |
| | 1060 | if (r < 0) |
| | 1061 | return r; |
| | 1062 | |
| | 1063 | r = image_set_pool_limit(m->runtime_scope, IMAGE_MACHINE, limit); |
| | 1064 | if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) |
| | 1065 | return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Quota is only supported on btrfs."); |
| | 1066 | if (r < 0) |
| | 1067 | return sd_bus_error_set_errnof(error, r, "Failed to adjust quota limit: %m"); |
| | 1068 | |
| | 1069 | return sd_bus_reply_method_return(message, NULL); |
| | 1070 | } |
| | 1071 | |
| | 1072 | static int method_set_image_limit(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1073 | return redirect_method_to_image(message, userdata, error, bus_image_method_set_limit); |
| | 1074 | } |
| | 1075 | |
| | 1076 | static int method_map_from_machine_user(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1077 | Manager *m = userdata; |
| | 1078 | const char *name; |
| | 1079 | Machine *machine; |
| | 1080 | uint32_t uid; |
| | 1081 | uid_t converted; |
| | 1082 | int r; |
| | 1083 | |
| | 1084 | r = sd_bus_message_read(message, "su", &name, &uid); |
| | 1085 | if (r < 0) |
| | 1086 | return r; |
| | 1087 | |
| | 1088 | if (!uid_is_valid(uid)) |
| | 1089 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid); |
| | 1090 | |
| | 1091 | machine = hashmap_get(m->machines, name); |
| | 1092 | if (!machine) |
| | 1093 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name); |
| | 1094 | |
| | 1095 | if (machine->class != MACHINE_CONTAINER) |
| | 1096 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines."); |
| | 1097 | |
| | 1098 | r = machine_translate_uid(machine, uid, &converted); |
| | 1099 | if (r == -ESRCH) |
| | 1100 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "Machine '%s' has no matching user mappings.", name); |
| | 1101 | if (r < 0) |
| | 1102 | return r; |
| | 1103 | |
| | 1104 | return sd_bus_reply_method_return(message, "u", (uint32_t) converted); |
| | 1105 | } |
| | 1106 | |
| | 1107 | static int method_map_to_machine_user(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1108 | _cleanup_free_ char *o = NULL; |
| | 1109 | Manager *m = userdata; |
| | 1110 | Machine *machine; |
| | 1111 | uid_t uid, converted; |
| | 1112 | int r; |
| | 1113 | |
| | 1114 | r = sd_bus_message_read(message, "u", &uid); |
| | 1115 | if (r < 0) |
| | 1116 | return r; |
| | 1117 | if (!uid_is_valid(uid)) |
| | 1118 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid); |
| | 1119 | if (uid < 0x10000) |
| | 1120 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "User " UID_FMT " belongs to host UID range", uid); |
| | 1121 | |
| | 1122 | r = manager_find_machine_for_uid(m, uid, &machine, &converted); |
| | 1123 | if (r < 0) |
| | 1124 | return r; |
| | 1125 | if (!r) |
| | 1126 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "No matching user mapping for " UID_FMT ".", uid); |
| | 1127 | |
| | 1128 | o = machine_bus_path(machine); |
| | 1129 | if (!o) |
| | 1130 | return -ENOMEM; |
| | 1131 | |
| | 1132 | return sd_bus_reply_method_return(message, "sou", machine->name, o, (uint32_t) converted); |
| | 1133 | } |
| | 1134 | |
| | 1135 | static int method_map_from_machine_group(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1136 | Manager *m = userdata; |
| | 1137 | const char *name; |
| | 1138 | Machine *machine; |
| | 1139 | gid_t converted; |
| | 1140 | uint32_t gid; |
| | 1141 | int r; |
| | 1142 | |
| | 1143 | r = sd_bus_message_read(message, "su", &name, &gid); |
| | 1144 | if (r < 0) |
| | 1145 | return r; |
| | 1146 | |
| | 1147 | if (!gid_is_valid(gid)) |
| | 1148 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid); |
| | 1149 | |
| | 1150 | machine = hashmap_get(m->machines, name); |
| | 1151 | if (!machine) |
| | 1152 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name); |
| | 1153 | |
| | 1154 | if (machine->class != MACHINE_CONTAINER) |
| | 1155 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines."); |
| | 1156 | |
| | 1157 | r = machine_translate_gid(machine, gid, &converted); |
| | 1158 | if (r == -ESRCH) |
| | 1159 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "Machine '%s' has no matching group mappings.", name); |
| | 1160 | if (r < 0) |
| | 1161 | return r; |
| | 1162 | |
| | 1163 | return sd_bus_reply_method_return(message, "u", (uint32_t) converted); |
| | 1164 | } |
| | 1165 | |
| | 1166 | static int method_map_to_machine_group(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1167 | _cleanup_free_ char *o = NULL; |
| | 1168 | Manager *m = userdata; |
| | 1169 | Machine *machine; |
| | 1170 | gid_t gid, converted; |
| | 1171 | int r; |
| | 1172 | |
| | 1173 | r = sd_bus_message_read(message, "u", &gid); |
| | 1174 | if (r < 0) |
| | 1175 | return r; |
| | 1176 | if (!gid_is_valid(gid)) |
| | 1177 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid); |
| | 1178 | if (gid < 0x10000) |
| | 1179 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "Group " GID_FMT " belongs to host GID range", gid); |
| | 1180 | |
| | 1181 | r = manager_find_machine_for_gid(m, gid, &machine, &converted); |
| | 1182 | if (r < 0) |
| | 1183 | return r; |
| | 1184 | if (!r) |
| | 1185 | return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "No matching group mapping for " GID_FMT ".", gid); |
| | 1186 | |
| | 1187 | o = machine_bus_path(machine); |
| | 1188 | if (!o) |
| | 1189 | return -ENOMEM; |
| | 1190 | |
| | 1191 | return sd_bus_reply_method_return(message, "sou", machine->name, o, (uint32_t) converted); |
| | 1192 | } |
| | 1193 | |
| | 1194 | const sd_bus_vtable manager_vtable[] = { |
| | 1195 | SD_BUS_VTABLE_START(0), |
| | 1196 | |
| | 1197 | SD_BUS_PROPERTY("PoolPath", "s", property_get_pool_path, 0, 0), |
| | 1198 | SD_BUS_PROPERTY("PoolUsage", "t", property_get_pool_usage, 0, 0), |
| | 1199 | SD_BUS_PROPERTY("PoolLimit", "t", property_get_pool_limit, 0, 0), |
| | 1200 | |
| | 1201 | SD_BUS_METHOD_WITH_ARGS("GetMachine", |
| | 1202 | SD_BUS_ARGS("s", name), |
| | 1203 | SD_BUS_RESULT("o", machine), |
| | 1204 | method_get_machine, |
| | 1205 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1206 | SD_BUS_METHOD_WITH_ARGS("GetImage", |
| | 1207 | SD_BUS_ARGS("s", name), |
| | 1208 | SD_BUS_RESULT("o", image), |
| | 1209 | method_get_image, |
| | 1210 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1211 | SD_BUS_METHOD_WITH_ARGS("GetMachineByPID", |
| | 1212 | SD_BUS_ARGS("u", pid), |
| | 1213 | SD_BUS_RESULT("o", machine), |
| | 1214 | method_get_machine_by_pid, |
| | 1215 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1216 | SD_BUS_METHOD_WITH_ARGS("ListMachines", |
| | 1217 | SD_BUS_NO_ARGS, |
| | 1218 | SD_BUS_RESULT("a(ssso)", machines), |
| | 1219 | method_list_machines, |
| | 1220 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1221 | SD_BUS_METHOD_WITH_ARGS("ListImages", |
| | 1222 | SD_BUS_NO_ARGS, |
| | 1223 | SD_BUS_RESULT("a(ssbttto)", images), |
| | 1224 | method_list_images, |
| | 1225 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1226 | SD_BUS_METHOD_WITH_ARGS("CreateMachine", |
| | 1227 | SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "a(sv)", scope_properties), |
| | 1228 | SD_BUS_RESULT("o", path), |
| | 1229 | method_create_machine, |
| | 1230 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1231 | SD_BUS_METHOD_WITH_ARGS("CreateMachineWithNetwork", |
| | 1232 | SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "ai", ifindices, "a(sv)", scope_properties), |
| | 1233 | SD_BUS_RESULT("o", path), |
| | 1234 | method_create_machine, |
| | 1235 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1236 | SD_BUS_METHOD_WITH_ARGS("CreateMachineEx", |
| | 1237 | SD_BUS_ARGS("s", name, "a(sv)", properties, "a(sv)", scope_properties), |
| | 1238 | SD_BUS_RESULT("o", path), |
| | 1239 | method_create_machine, |
| | 1240 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1241 | SD_BUS_METHOD_WITH_ARGS("RegisterMachine", |
| | 1242 | SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory), |
| | 1243 | SD_BUS_RESULT("o", path), |
| | 1244 | method_register_machine, |
| | 1245 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1246 | SD_BUS_METHOD_WITH_ARGS("RegisterMachineWithNetwork", |
| | 1247 | SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "ai", ifindices), |
| | 1248 | SD_BUS_RESULT("o", path), |
| | 1249 | method_register_machine, |
| | 1250 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1251 | SD_BUS_METHOD_WITH_ARGS("RegisterMachineEx", |
| | 1252 | SD_BUS_ARGS("s", name, "a(sv)", properties), |
| | 1253 | SD_BUS_RESULT("o", path), |
| | 1254 | method_register_machine, |
| | 1255 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1256 | SD_BUS_METHOD_WITH_ARGS("UnregisterMachine", |
| | 1257 | SD_BUS_ARGS("s", name), |
| | 1258 | SD_BUS_NO_RESULT, |
| | 1259 | method_unregister_machine, |
| | 1260 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1261 | SD_BUS_METHOD_WITH_ARGS("TerminateMachine", |
| | 1262 | SD_BUS_ARGS("s", id), |
| | 1263 | SD_BUS_NO_RESULT, |
| | 1264 | method_terminate_machine, |
| | 1265 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1266 | SD_BUS_METHOD_WITH_ARGS("KillMachine", |
| | 1267 | SD_BUS_ARGS("s", name, "s", whom, "i", signal), |
| | 1268 | SD_BUS_NO_RESULT, |
| | 1269 | method_kill_machine, |
| | 1270 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1271 | SD_BUS_METHOD_WITH_ARGS("GetMachineAddresses", |
| | 1272 | SD_BUS_ARGS("s", name), |
| | 1273 | SD_BUS_RESULT("a(iay)", addresses), |
| | 1274 | method_get_machine_addresses, |
| | 1275 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1276 | SD_BUS_METHOD_WITH_ARGS("GetMachineSSHInfo", |
| | 1277 | SD_BUS_ARGS("s", name), |
| | 1278 | SD_BUS_RESULT("s", ssh_address, "s", ssh_private_key_path), |
| | 1279 | method_get_machine_ssh_info, |
| | 1280 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1281 | SD_BUS_METHOD_WITH_ARGS("GetMachineOSRelease", |
| | 1282 | SD_BUS_ARGS("s", name), |
| | 1283 | SD_BUS_RESULT("a{ss}", fields), |
| | 1284 | method_get_machine_os_release, |
| | 1285 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1286 | SD_BUS_METHOD_WITH_ARGS("OpenMachinePTY", |
| | 1287 | SD_BUS_ARGS("s", name), |
| | 1288 | SD_BUS_RESULT("h", pty, "s", pty_path), |
| | 1289 | method_open_machine_pty, |
| | 1290 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1291 | SD_BUS_METHOD_WITH_ARGS("OpenMachineLogin", |
| | 1292 | SD_BUS_ARGS("s", name), |
| | 1293 | SD_BUS_RESULT("h", pty, "s", pty_path), |
| | 1294 | method_open_machine_login, |
| | 1295 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1296 | SD_BUS_METHOD_WITH_ARGS("OpenMachineShell", |
| | 1297 | SD_BUS_ARGS("s", name, "s", user, "s", path, "as", args, "as", environment), |
| | 1298 | SD_BUS_RESULT("h", pty, "s", pty_path), |
| | 1299 | method_open_machine_shell, |
| | 1300 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1301 | SD_BUS_METHOD_WITH_ARGS("BindMountMachine", |
| | 1302 | SD_BUS_ARGS("s", name, "s", source, "s", destination, "b", read_only, "b", mkdir), |
| | 1303 | SD_BUS_NO_RESULT, |
| | 1304 | method_bind_mount_machine, |
| | 1305 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1306 | SD_BUS_METHOD_WITH_ARGS("CopyFromMachine", |
| | 1307 | SD_BUS_ARGS("s", name, "s", source, "s", destination), |
| | 1308 | SD_BUS_NO_RESULT, |
| | 1309 | method_copy_machine, |
| | 1310 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1311 | SD_BUS_METHOD_WITH_ARGS("CopyToMachine", |
| | 1312 | SD_BUS_ARGS("s", name, "s", source, "s", destination), |
| | 1313 | SD_BUS_NO_RESULT, |
| | 1314 | method_copy_machine, |
| | 1315 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1316 | SD_BUS_METHOD_WITH_ARGS("CopyFromMachineWithFlags", |
| | 1317 | SD_BUS_ARGS("s", name, "s", source, "s", destination, "t", flags), |
| | 1318 | SD_BUS_NO_RESULT, |
| | 1319 | method_copy_machine, |
| | 1320 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1321 | SD_BUS_METHOD_WITH_ARGS("CopyToMachineWithFlags", |
| | 1322 | SD_BUS_ARGS("s", name, "s", source, "s", destination, "t", flags), |
| | 1323 | SD_BUS_NO_RESULT, |
| | 1324 | method_copy_machine, |
| | 1325 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1326 | SD_BUS_METHOD_WITH_ARGS("OpenMachineRootDirectory", |
| | 1327 | SD_BUS_ARGS("s", name), |
| | 1328 | SD_BUS_RESULT("h", fd), |
| | 1329 | method_open_machine_root_directory, |
| | 1330 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1331 | SD_BUS_METHOD_WITH_ARGS("GetMachineUIDShift", |
| | 1332 | SD_BUS_ARGS("s", name), |
| | 1333 | SD_BUS_RESULT("u", shift), |
| | 1334 | method_get_machine_uid_shift, |
| | 1335 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1336 | SD_BUS_METHOD_WITH_ARGS("RemoveImage", |
| | 1337 | SD_BUS_ARGS("s", name), |
| | 1338 | SD_BUS_NO_RESULT, |
| | 1339 | method_remove_image, |
| | 1340 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1341 | SD_BUS_METHOD_WITH_ARGS("RenameImage", |
| | 1342 | SD_BUS_ARGS("s", name, "s", new_name), |
| | 1343 | SD_BUS_NO_RESULT, |
| | 1344 | method_rename_image, |
| | 1345 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1346 | SD_BUS_METHOD_WITH_ARGS("CloneImage", |
| | 1347 | SD_BUS_ARGS("s", name, "s", new_name, "b", read_only), |
| | 1348 | SD_BUS_NO_RESULT, |
| | 1349 | method_clone_image, |
| | 1350 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1351 | SD_BUS_METHOD_WITH_ARGS("MarkImageReadOnly", |
| | 1352 | SD_BUS_ARGS("s", name, "b", read_only), |
| | 1353 | SD_BUS_NO_RESULT, |
| | 1354 | method_mark_image_read_only, |
| | 1355 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1356 | SD_BUS_METHOD_WITH_ARGS("GetImageHostname", |
| | 1357 | SD_BUS_ARGS("s", name), |
| | 1358 | SD_BUS_RESULT("s", hostname), |
| | 1359 | method_get_image_hostname, |
| | 1360 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1361 | SD_BUS_METHOD_WITH_ARGS("GetImageMachineID", |
| | 1362 | SD_BUS_ARGS("s", name), |
| | 1363 | SD_BUS_RESULT("ay", id), |
| | 1364 | method_get_image_machine_id, |
| | 1365 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1366 | SD_BUS_METHOD_WITH_ARGS("GetImageMachineInfo", |
| | 1367 | SD_BUS_ARGS("s", name), |
| | 1368 | SD_BUS_RESULT("a{ss}", machine_info), |
| | 1369 | method_get_image_machine_info, |
| | 1370 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1371 | SD_BUS_METHOD_WITH_ARGS("GetImageOSRelease", |
| | 1372 | SD_BUS_ARGS("s", name), |
| | 1373 | SD_BUS_RESULT("a{ss}", os_release), |
| | 1374 | method_get_image_os_release, |
| | 1375 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1376 | SD_BUS_METHOD_WITH_ARGS("SetPoolLimit", |
| | 1377 | SD_BUS_ARGS("t", size), |
| | 1378 | SD_BUS_NO_RESULT, |
| | 1379 | method_set_pool_limit, |
| | 1380 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1381 | SD_BUS_METHOD_WITH_ARGS("SetImageLimit", |
| | 1382 | SD_BUS_ARGS("s", name, "t", size), |
| | 1383 | SD_BUS_NO_RESULT, |
| | 1384 | method_set_image_limit, |
| | 1385 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1386 | SD_BUS_METHOD_WITH_ARGS("CleanPool", |
| | 1387 | SD_BUS_ARGS("s", mode), |
| | 1388 | SD_BUS_RESULT("a(st)",images), |
| | 1389 | method_clean_pool, |
| | 1390 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1391 | SD_BUS_METHOD_WITH_ARGS("MapFromMachineUser", |
| | 1392 | SD_BUS_ARGS("s", name, "u", uid_inner), |
| | 1393 | SD_BUS_RESULT("u", uid_outer), |
| | 1394 | method_map_from_machine_user, |
| | 1395 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1396 | SD_BUS_METHOD_WITH_ARGS("MapToMachineUser", |
| | 1397 | SD_BUS_ARGS("u", uid_outer), |
| | 1398 | SD_BUS_RESULT("s", machine_name, "o", machine_path, "u", uid_inner), |
| | 1399 | method_map_to_machine_user, |
| | 1400 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1401 | SD_BUS_METHOD_WITH_ARGS("MapFromMachineGroup", |
| | 1402 | SD_BUS_ARGS("s", name, "u", gid_inner), |
| | 1403 | SD_BUS_RESULT("u", gid_outer), |
| | 1404 | method_map_from_machine_group, |
| | 1405 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1406 | SD_BUS_METHOD_WITH_ARGS("MapToMachineGroup", |
| | 1407 | SD_BUS_ARGS("u", gid_outer), |
| | 1408 | SD_BUS_RESULT("s", machine_name, "o", machine_path, "u", gid_inner), |
| | 1409 | method_map_to_machine_group, |
| | 1410 | SD_BUS_VTABLE_UNPRIVILEGED), |
| | 1411 | |
| | 1412 | SD_BUS_SIGNAL_WITH_ARGS("MachineNew", |
| | 1413 | SD_BUS_ARGS("s", machine, "o", path), |
| | 1414 | 0), |
| | 1415 | SD_BUS_SIGNAL_WITH_ARGS("MachineRemoved", |
| | 1416 | SD_BUS_ARGS("s", machine, "o", path), |
| | 1417 | 0), |
| | 1418 | |
| | 1419 | SD_BUS_VTABLE_END |
| | 1420 | }; |
| | 1421 | |
| | 1422 | const BusObjectImplementation manager_object = { |
| | 1423 | "/org/freedesktop/machine1", |
| | 1424 | "org.freedesktop.machine1.Manager", |
| | 1425 | .vtables = BUS_VTABLES(manager_vtable), |
| | 1426 | .children = BUS_IMPLEMENTATIONS( &machine_object, |
| | 1427 | &image_object ), |
| | 1428 | }; |
| | 1429 | |
| | 1430 | int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1431 | const char *path, *result, *unit; |
| | 1432 | Manager *m = ASSERT_PTR(userdata); |
| | 1433 | Machine *machine; |
| | 1434 | uint32_t id; |
| | 1435 | int r; |
| | 1436 | |
| | 1437 | assert(message); |
| | 1438 | |
| | 1439 | r = sd_bus_message_read(message, "uoss", &id, &path, &unit, &result); |
| | 1440 | if (r < 0) { |
| | 1441 | bus_log_parse_error(r); |
| | 1442 | return 0; |
| | 1443 | } |
| | 1444 | |
| | 1445 | machine = hashmap_get(m->machines_by_unit, unit); |
| | 1446 | if (!machine) |
| | 1447 | return 0; |
| | 1448 | |
| | 1449 | if (streq_ptr(path, machine->scope_job)) { |
| | 1450 | machine->scope_job = mfree(machine->scope_job); |
| | 1451 | |
| | 1452 | if (machine->started) { |
| | 1453 | if (streq(result, "done")) |
| | 1454 | machine_send_create_reply(machine, NULL); |
| | 1455 | else { |
| | 1456 | _cleanup_(sd_bus_error_free) sd_bus_error e = SD_BUS_ERROR_NULL; |
| | 1457 | |
| | 1458 | sd_bus_error_setf(&e, BUS_ERROR_JOB_FAILED, "Start job for unit %s failed with '%s'", unit, result); |
| | 1459 | |
| | 1460 | machine_send_create_reply(machine, &e); |
| | 1461 | } |
| | 1462 | } |
| | 1463 | |
| | 1464 | machine_save(machine); |
| | 1465 | } |
| | 1466 | |
| | 1467 | machine_add_to_gc_queue(machine); |
| | 1468 | return 0; |
| | 1469 | } |
| | 1470 | |
| | 1471 | int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1472 | _cleanup_free_ char *unit = NULL; |
| | 1473 | const char *path; |
| | 1474 | Manager *m = ASSERT_PTR(userdata); |
| | 1475 | Machine *machine; |
| | 1476 | int r; |
| | 1477 | |
| | 1478 | assert(message); |
| | 1479 | |
| | 1480 | path = sd_bus_message_get_path(message); |
| | 1481 | if (!path) |
| | 1482 | return 0; |
| | 1483 | |
| | 1484 | r = unit_name_from_dbus_path(path, &unit); |
| | 1485 | if (r == -EINVAL) /* not for a unit */ |
| | 1486 | return 0; |
| | 1487 | if (r < 0) { |
| | 1488 | log_oom(); |
| | 1489 | return 0; |
| | 1490 | } |
| | 1491 | |
| | 1492 | machine = hashmap_get(m->machines_by_unit, unit); |
| | 1493 | if (!machine) |
| | 1494 | return 0; |
| | 1495 | |
| | 1496 | machine_add_to_gc_queue(machine); |
| | 1497 | return 0; |
| | 1498 | } |
| | 1499 | |
| | 1500 | int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1501 | const char *path, *unit; |
| | 1502 | Manager *m = ASSERT_PTR(userdata); |
| | 1503 | Machine *machine; |
| | 1504 | int r; |
| | 1505 | |
| | 1506 | assert(message); |
| | 1507 | |
| | 1508 | r = sd_bus_message_read(message, "so", &unit, &path); |
| | 1509 | if (r < 0) { |
| | 1510 | bus_log_parse_error(r); |
| | 1511 | return 0; |
| | 1512 | } |
| | 1513 | |
| | 1514 | machine = hashmap_get(m->machines_by_unit, unit); |
| | 1515 | if (!machine) |
| | 1516 | return 0; |
| | 1517 | |
| | 1518 | machine_add_to_gc_queue(machine); |
| | 1519 | return 0; |
| | 1520 | } |
| | 1521 | |
| | 1522 | int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error) { |
| | 1523 | Manager *m = ASSERT_PTR(userdata); |
| | 1524 | Machine *machine; |
| | 1525 | int b, r; |
| | 1526 | |
| | 1527 | assert(message); |
| | 1528 | |
| | 1529 | r = sd_bus_message_read(message, "b", &b); |
| | 1530 | if (r < 0) { |
| | 1531 | bus_log_parse_error(r); |
| | 1532 | return 0; |
| | 1533 | } |
| | 1534 | if (b) |
| | 1535 | return 0; |
| | 1536 | |
| | 1537 | /* systemd finished reloading, let's recheck all our machines */ |
| | 1538 | log_debug("System manager has been reloaded, rechecking machines..."); |
| | 1539 | |
| | 1540 | HASHMAP_FOREACH(machine, m->machines) |
| | 1541 | machine_add_to_gc_queue(machine); |
| | 1542 | |
| | 1543 | return 0; |
| | 1544 | } |
| | 1545 | |
| | 1546 | int manager_unref_unit( |
| | 1547 | Manager *m, |
| | 1548 | const char *unit, |
| | 1549 | sd_bus_error *error) { |
| | 1550 | |
| | 1551 | assert(m); |
| | 1552 | assert(unit); |
| | 1553 | |
| | 1554 | return bus_call_method(m->api_bus, bus_systemd_mgr, "UnrefUnit", error, NULL, "s", unit); |
| | 1555 | } |
| | 1556 | |
| | 1557 | int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) { |
| | 1558 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; |
| | 1559 | int r; |
| | 1560 | |
| | 1561 | assert(manager); |
| | 1562 | assert(unit); |
| | 1563 | |
| | 1564 | r = bus_call_method(manager->api_bus, bus_systemd_mgr, "StopUnit", error, &reply, "ss", unit, "fail"); |
| | 1565 | if (r < 0) { |
| | 1566 | if (sd_bus_error_has_names(error, BUS_ERROR_NO_SUCH_UNIT, |
| | 1567 | BUS_ERROR_LOAD_FAILED)) { |
| | 1568 | |
| | 1569 | if (job) |
| | 1570 | *job = NULL; |
| | 1571 | |
| | 1572 | sd_bus_error_free(error); |
| | 1573 | return 0; |
| | 1574 | } |
| | 1575 | |
| | 1576 | return r; |
| | 1577 | } |
| | 1578 | |
| | 1579 | if (job) { |
| | 1580 | const char *j; |
| | 1581 | char *copy; |
| | 1582 | |
| | 1583 | r = sd_bus_message_read(reply, "o", &j); |
| | 1584 | if (r < 0) |
| | 1585 | return r; |
| | 1586 | |
| | 1587 | copy = strdup(j); |
| | 1588 | if (!copy) |
| | 1589 | return -ENOMEM; |
| | 1590 | |
| | 1591 | *job = copy; |
| | 1592 | } |
| | 1593 | |
| | 1594 | return 1; |
| | 1595 | } |
| | 1596 | |
| | 1597 | int manager_kill_unit(Manager *manager, const char *unit, const char *subgroup, int signo, sd_bus_error *reterr_error) { |
| | 1598 | assert(manager); |
| | 1599 | assert(unit); |
| | 1600 | |
| | 1601 | if (empty_or_root(subgroup)) |
| | 1602 | return bus_call_method(manager->api_bus, bus_systemd_mgr, "KillUnit", reterr_error, NULL, "ssi", unit, "all", signo); |
| | 1603 | |
| | 1604 | return bus_call_method(manager->api_bus, bus_systemd_mgr, "KillUnitSubgroup", reterr_error, NULL, "sssi", unit, "cgroup", subgroup, signo); |
| | 1605 | } |
| | 1606 | |
| | 1607 | int manager_unit_is_active(Manager *manager, const char *unit, sd_bus_error *reterr_error) { |
| | 1608 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; |
| | 1609 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; |
| | 1610 | _cleanup_free_ char *path = NULL; |
| | 1611 | const char *state; |
| | 1612 | int r; |
| | 1613 | |
| | 1614 | assert(manager); |
| | 1615 | assert(unit); |
| | 1616 | |
| | 1617 | path = unit_dbus_path_from_name(unit); |
| | 1618 | if (!path) |
| | 1619 | return -ENOMEM; |
| | 1620 | |
| | 1621 | r = sd_bus_get_property( |
| | 1622 | manager->api_bus, |
| | 1623 | "org.freedesktop.systemd1", |
| | 1624 | path, |
| | 1625 | "org.freedesktop.systemd1.Unit", |
| | 1626 | "ActiveState", |
| | 1627 | &error, |
| | 1628 | &reply, |
| | 1629 | "s"); |
| | 1630 | if (r < 0) { |
| | 1631 | if (bus_error_is_connection(&error)) |
| | 1632 | return true; |
| | 1633 | |
| | 1634 | if (sd_bus_error_has_names(&error, BUS_ERROR_NO_SUCH_UNIT, |
| | 1635 | BUS_ERROR_LOAD_FAILED)) |
| | 1636 | return false; |
| | 1637 | |
| | 1638 | sd_bus_error_move(reterr_error, &error); |
| | 1639 | return r; |
| | 1640 | } |
| | 1641 | |
| | 1642 | r = sd_bus_message_read(reply, "s", &state); |
| | 1643 | if (r < 0) |
| | 1644 | return -EINVAL; |
| | 1645 | |
| | 1646 | return !STR_IN_SET(state, "inactive", "failed"); |
| | 1647 | } |
| | 1648 | |
| | 1649 | int manager_job_is_active(Manager *manager, const char *path, sd_bus_error *reterr_error) { |
| | 1650 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; |
| | 1651 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; |
| | 1652 | int r; |
| | 1653 | |
| | 1654 | assert(manager); |
| | 1655 | assert(path); |
| | 1656 | |
| | 1657 | r = sd_bus_get_property( |
| | 1658 | manager->api_bus, |
| | 1659 | "org.freedesktop.systemd1", |
| | 1660 | path, |
| | 1661 | "org.freedesktop.systemd1.Job", |
| | 1662 | "State", |
| | 1663 | &error, |
| | 1664 | &reply, |
| | 1665 | "s"); |
| | 1666 | if (r < 0) { |
| | 1667 | if (bus_error_is_connection(&error)) |
| | 1668 | return true; |
| | 1669 | |
| | 1670 | if (sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_OBJECT)) |
| | 1671 | return false; |
| | 1672 | |
| | 1673 | sd_bus_error_move(reterr_error, &error); |
| | 1674 | return r; |
| | 1675 | } |
| | 1676 | |
| | 1677 | /* We don't actually care about the state really. The fact |
| | 1678 | * that we could read the job state is enough for us */ |
| | 1679 | |
| | 1680 | return true; |
| | 1681 | } |
projects / thirdparty / systemd.git / blame_incremental