]>
Commit | Line | Data |
---|---|---|
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ | |
2 | ||
3 | #include <errno.h> | |
4 | #include <fcntl.h> | |
5 | #include <linux/fs.h> | |
6 | #include <linux/loop.h> | |
7 | #include <linux/magic.h> | |
8 | #include <stdio.h> | |
9 | #include <stdlib.h> | |
10 | #include <sys/file.h> | |
11 | #include <sys/ioctl.h> | |
12 | #include <sys/stat.h> | |
13 | #include <unistd.h> | |
14 | ||
15 | #include "alloc-util.h" | |
16 | #include "btrfs-util.h" | |
17 | #include "chase.h" | |
18 | #include "chattr-util.h" | |
19 | #include "copy.h" | |
20 | #include "dirent-util.h" | |
21 | #include "discover-image.h" | |
22 | #include "dissect-image.h" | |
23 | #include "env-file.h" | |
24 | #include "env-util.h" | |
25 | #include "fd-util.h" | |
26 | #include "fs-util.h" | |
27 | #include "hashmap.h" | |
28 | #include "hostname-setup.h" | |
29 | #include "id128-util.h" | |
30 | #include "lock-util.h" | |
31 | #include "log.h" | |
32 | #include "loop-util.h" | |
33 | #include "macro.h" | |
34 | #include "mkdir.h" | |
35 | #include "nulstr-util.h" | |
36 | #include "os-util.h" | |
37 | #include "path-util.h" | |
38 | #include "rm-rf.h" | |
39 | #include "stat-util.h" | |
40 | #include "string-table.h" | |
41 | #include "string-util.h" | |
42 | #include "strv.h" | |
43 | #include "time-util.h" | |
44 | #include "utf8.h" | |
45 | #include "xattr-util.h" | |
46 | ||
47 | static const char* const image_search_path[_IMAGE_CLASS_MAX] = { | |
48 | [IMAGE_MACHINE] = "/etc/machines\0" /* only place symlinks here */ | |
49 | "/run/machines\0" /* and here too */ | |
50 | "/var/lib/machines\0" /* the main place for images */ | |
51 | "/var/lib/container\0" /* legacy */ | |
52 | "/usr/local/lib/machines\0" | |
53 | "/usr/lib/machines\0", | |
54 | ||
55 | [IMAGE_PORTABLE] = "/etc/portables\0" /* only place symlinks here */ | |
56 | "/run/portables\0" /* and here too */ | |
57 | "/var/lib/portables\0" /* the main place for images */ | |
58 | "/usr/local/lib/portables\0" | |
59 | "/usr/lib/portables\0", | |
60 | ||
61 | [IMAGE_EXTENSION] = "/etc/extensions\0" /* only place symlinks here */ | |
62 | "/run/extensions\0" /* and here too */ | |
63 | "/var/lib/extensions\0" /* the main place for images */ | |
64 | "/usr/local/lib/extensions\0" | |
65 | "/usr/lib/extensions\0", | |
66 | }; | |
67 | ||
68 | static Image *image_free(Image *i) { | |
69 | assert(i); | |
70 | ||
71 | free(i->name); | |
72 | free(i->path); | |
73 | ||
74 | free(i->hostname); | |
75 | strv_free(i->machine_info); | |
76 | strv_free(i->os_release); | |
77 | strv_free(i->extension_release); | |
78 | ||
79 | return mfree(i); | |
80 | } | |
81 | ||
82 | DEFINE_TRIVIAL_REF_UNREF_FUNC(Image, image, image_free); | |
83 | DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(image_hash_ops, char, string_hash_func, string_compare_func, | |
84 | Image, image_unref); | |
85 | ||
86 | static char **image_settings_path(Image *image) { | |
87 | _cleanup_strv_free_ char **l = NULL; | |
88 | _cleanup_free_ char *fn = NULL; | |
89 | size_t i = 0; | |
90 | int r; | |
91 | ||
92 | assert(image); | |
93 | ||
94 | l = new0(char*, 4); | |
95 | if (!l) | |
96 | return NULL; | |
97 | ||
98 | fn = strjoin(image->name, ".nspawn"); | |
99 | if (!fn) | |
100 | return NULL; | |
101 | ||
102 | FOREACH_STRING(s, "/etc/systemd/nspawn", "/run/systemd/nspawn") { | |
103 | l[i] = path_join(s, fn); | |
104 | if (!l[i]) | |
105 | return NULL; | |
106 | ||
107 | i++; | |
108 | } | |
109 | ||
110 | r = file_in_same_dir(image->path, fn, l + i); | |
111 | if (r == -ENOMEM) | |
112 | return NULL; | |
113 | if (r < 0) | |
114 | log_debug_errno(r, "Failed to generate .nspawn settings path from image path, ignoring: %m"); | |
115 | ||
116 | strv_uniq(l); | |
117 | ||
118 | return TAKE_PTR(l); | |
119 | } | |
120 | ||
121 | static int image_roothash_path(Image *image, char **ret) { | |
122 | _cleanup_free_ char *fn = NULL; | |
123 | ||
124 | assert(image); | |
125 | ||
126 | fn = strjoin(image->name, ".roothash"); | |
127 | if (!fn) | |
128 | return -ENOMEM; | |
129 | ||
130 | return file_in_same_dir(image->path, fn, ret); | |
131 | } | |
132 | ||
133 | static int image_new( | |
134 | ImageType t, | |
135 | ImageClass c, | |
136 | const char *pretty, | |
137 | const char *path, | |
138 | const char *filename, | |
139 | bool read_only, | |
140 | usec_t crtime, | |
141 | usec_t mtime, | |
142 | Image **ret) { | |
143 | ||
144 | _cleanup_(image_unrefp) Image *i = NULL; | |
145 | ||
146 | assert(t >= 0); | |
147 | assert(t < _IMAGE_TYPE_MAX); | |
148 | assert(pretty); | |
149 | assert(filename); | |
150 | assert(ret); | |
151 | ||
152 | i = new(Image, 1); | |
153 | if (!i) | |
154 | return -ENOMEM; | |
155 | ||
156 | *i = (Image) { | |
157 | .n_ref = 1, | |
158 | .type = t, | |
159 | .class = c, | |
160 | .read_only = read_only, | |
161 | .crtime = crtime, | |
162 | .mtime = mtime, | |
163 | .usage = UINT64_MAX, | |
164 | .usage_exclusive = UINT64_MAX, | |
165 | .limit = UINT64_MAX, | |
166 | .limit_exclusive = UINT64_MAX, | |
167 | }; | |
168 | ||
169 | i->name = strdup(pretty); | |
170 | if (!i->name) | |
171 | return -ENOMEM; | |
172 | ||
173 | i->path = path_join(path, filename); | |
174 | if (!i->path) | |
175 | return -ENOMEM; | |
176 | ||
177 | path_simplify(i->path); | |
178 | ||
179 | *ret = TAKE_PTR(i); | |
180 | ||
181 | return 0; | |
182 | } | |
183 | ||
184 | static int extract_pretty(const char *path, const char *suffix, char **ret) { | |
185 | _cleanup_free_ char *name = NULL; | |
186 | const char *p; | |
187 | ||
188 | assert(path); | |
189 | assert(ret); | |
190 | ||
191 | p = last_path_component(path); | |
192 | ||
193 | name = strdupcspn(p, "/"); | |
194 | if (!name) | |
195 | return -ENOMEM; | |
196 | ||
197 | if (suffix) { | |
198 | char *e; | |
199 | ||
200 | e = endswith(name, suffix); | |
201 | if (!e) | |
202 | return -EINVAL; | |
203 | ||
204 | *e = 0; | |
205 | } | |
206 | ||
207 | if (!image_name_is_valid(name)) | |
208 | return -EINVAL; | |
209 | ||
210 | *ret = TAKE_PTR(name); | |
211 | return 0; | |
212 | } | |
213 | ||
214 | static int image_make( | |
215 | ImageClass c, | |
216 | const char *pretty, | |
217 | int dfd, | |
218 | const char *path, | |
219 | const char *filename, | |
220 | const struct stat *st, | |
221 | Image **ret) { | |
222 | ||
223 | _cleanup_free_ char *pretty_buffer = NULL, *parent = NULL; | |
224 | struct stat stbuf; | |
225 | bool read_only; | |
226 | int r; | |
227 | ||
228 | assert(dfd >= 0 || dfd == AT_FDCWD); | |
229 | assert(path || dfd == AT_FDCWD); | |
230 | assert(filename); | |
231 | ||
232 | /* We explicitly *do* follow symlinks here, since we want to allow symlinking trees, raw files and block | |
233 | * devices into /var/lib/machines/, and treat them normally. | |
234 | * | |
235 | * This function returns -ENOENT if we can't find the image after all, and -EMEDIUMTYPE if it's not a file we | |
236 | * recognize. */ | |
237 | ||
238 | if (!st) { | |
239 | if (fstatat(dfd, filename, &stbuf, 0) < 0) | |
240 | return -errno; | |
241 | ||
242 | st = &stbuf; | |
243 | } | |
244 | ||
245 | if (!path) { | |
246 | if (dfd == AT_FDCWD) | |
247 | (void) safe_getcwd(&parent); | |
248 | else | |
249 | (void) fd_get_path(dfd, &parent); | |
250 | } | |
251 | ||
252 | read_only = | |
253 | (path && path_startswith(path, "/usr")) || | |
254 | (faccessat(dfd, filename, W_OK, AT_EACCESS) < 0 && errno == EROFS); | |
255 | ||
256 | if (S_ISDIR(st->st_mode)) { | |
257 | _cleanup_close_ int fd = -EBADF; | |
258 | unsigned file_attr = 0; | |
259 | usec_t crtime = 0; | |
260 | ||
261 | if (!ret) | |
262 | return 0; | |
263 | ||
264 | if (!pretty) { | |
265 | r = extract_pretty(filename, NULL, &pretty_buffer); | |
266 | if (r < 0) | |
267 | return r; | |
268 | ||
269 | pretty = pretty_buffer; | |
270 | } | |
271 | ||
272 | fd = openat(dfd, filename, O_CLOEXEC|O_NOCTTY|O_DIRECTORY); | |
273 | if (fd < 0) | |
274 | return -errno; | |
275 | ||
276 | if (btrfs_might_be_subvol(st)) { | |
277 | ||
278 | r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC); | |
279 | if (r < 0) | |
280 | return r; | |
281 | if (r) { | |
282 | BtrfsSubvolInfo info; | |
283 | ||
284 | /* It's a btrfs subvolume */ | |
285 | ||
286 | r = btrfs_subvol_get_info_fd(fd, 0, &info); | |
287 | if (r < 0) | |
288 | return r; | |
289 | ||
290 | r = image_new(IMAGE_SUBVOLUME, | |
291 | c, | |
292 | pretty, | |
293 | path, | |
294 | filename, | |
295 | info.read_only || read_only, | |
296 | info.otime, | |
297 | 0, | |
298 | ret); | |
299 | if (r < 0) | |
300 | return r; | |
301 | ||
302 | if (btrfs_quota_scan_ongoing(fd) == 0) { | |
303 | BtrfsQuotaInfo quota; | |
304 | ||
305 | r = btrfs_subvol_get_subtree_quota_fd(fd, 0, "a); | |
306 | if (r >= 0) { | |
307 | (*ret)->usage = quota.referenced; | |
308 | (*ret)->usage_exclusive = quota.exclusive; | |
309 | ||
310 | (*ret)->limit = quota.referenced_max; | |
311 | (*ret)->limit_exclusive = quota.exclusive_max; | |
312 | } | |
313 | } | |
314 | ||
315 | return 0; | |
316 | } | |
317 | } | |
318 | ||
319 | /* Get directory creation time (not available everywhere, but that's OK */ | |
320 | (void) fd_getcrtime(fd, &crtime); | |
321 | ||
322 | /* If the IMMUTABLE bit is set, we consider the directory read-only. Since the ioctl is not | |
323 | * supported everywhere we ignore failures. */ | |
324 | (void) read_attr_fd(fd, &file_attr); | |
325 | ||
326 | /* It's just a normal directory. */ | |
327 | r = image_new(IMAGE_DIRECTORY, | |
328 | c, | |
329 | pretty, | |
330 | path, | |
331 | filename, | |
332 | read_only || (file_attr & FS_IMMUTABLE_FL), | |
333 | crtime, | |
334 | 0, /* we don't use mtime of stat() here, since it's not the time of last change of the tree, but only of the top-level dir */ | |
335 | ret); | |
336 | if (r < 0) | |
337 | return r; | |
338 | ||
339 | return 0; | |
340 | ||
341 | } else if (S_ISREG(st->st_mode) && endswith(filename, ".raw")) { | |
342 | usec_t crtime = 0; | |
343 | ||
344 | /* It's a RAW disk image */ | |
345 | ||
346 | if (!ret) | |
347 | return 0; | |
348 | ||
349 | (void) fd_getcrtime_at(dfd, filename, AT_SYMLINK_FOLLOW, &crtime); | |
350 | ||
351 | if (!pretty) { | |
352 | r = extract_pretty(filename, ".raw", &pretty_buffer); | |
353 | if (r < 0) | |
354 | return r; | |
355 | ||
356 | pretty = pretty_buffer; | |
357 | } | |
358 | ||
359 | r = image_new(IMAGE_RAW, | |
360 | c, | |
361 | pretty, | |
362 | path, | |
363 | filename, | |
364 | !(st->st_mode & 0222) || read_only, | |
365 | crtime, | |
366 | timespec_load(&st->st_mtim), | |
367 | ret); | |
368 | if (r < 0) | |
369 | return r; | |
370 | ||
371 | (*ret)->usage = (*ret)->usage_exclusive = st->st_blocks * 512; | |
372 | (*ret)->limit = (*ret)->limit_exclusive = st->st_size; | |
373 | ||
374 | return 0; | |
375 | ||
376 | } else if (S_ISBLK(st->st_mode)) { | |
377 | _cleanup_close_ int block_fd = -EBADF; | |
378 | uint64_t size = UINT64_MAX; | |
379 | ||
380 | /* A block device */ | |
381 | ||
382 | if (!ret) | |
383 | return 0; | |
384 | ||
385 | if (!pretty) { | |
386 | r = extract_pretty(filename, NULL, &pretty_buffer); | |
387 | if (r < 0) | |
388 | return r; | |
389 | ||
390 | pretty = pretty_buffer; | |
391 | } | |
392 | ||
393 | block_fd = openat(dfd, filename, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY); | |
394 | if (block_fd < 0) | |
395 | log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path ?: strnull(parent), filename); | |
396 | else { | |
397 | /* Refresh stat data after opening the node */ | |
398 | if (fstat(block_fd, &stbuf) < 0) | |
399 | return -errno; | |
400 | st = &stbuf; | |
401 | ||
402 | if (!S_ISBLK(st->st_mode)) /* Verify that what we opened is actually what we think it is */ | |
403 | return -ENOTTY; | |
404 | ||
405 | if (!read_only) { | |
406 | int state = 0; | |
407 | ||
408 | if (ioctl(block_fd, BLKROGET, &state) < 0) | |
409 | log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path ?: strnull(parent), filename); | |
410 | else if (state) | |
411 | read_only = true; | |
412 | } | |
413 | ||
414 | if (ioctl(block_fd, BLKGETSIZE64, &size) < 0) | |
415 | log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path ?: strnull(parent), filename); | |
416 | ||
417 | block_fd = safe_close(block_fd); | |
418 | } | |
419 | ||
420 | r = image_new(IMAGE_BLOCK, | |
421 | c, | |
422 | pretty, | |
423 | path, | |
424 | filename, | |
425 | !(st->st_mode & 0222) || read_only, | |
426 | 0, | |
427 | 0, | |
428 | ret); | |
429 | if (r < 0) | |
430 | return r; | |
431 | ||
432 | if (!IN_SET(size, 0, UINT64_MAX)) | |
433 | (*ret)->usage = (*ret)->usage_exclusive = (*ret)->limit = (*ret)->limit_exclusive = size; | |
434 | ||
435 | return 0; | |
436 | } | |
437 | ||
438 | return -EMEDIUMTYPE; | |
439 | } | |
440 | ||
441 | int image_find(ImageClass class, | |
442 | const char *name, | |
443 | const char *root, | |
444 | Image **ret) { | |
445 | ||
446 | int r; | |
447 | ||
448 | assert(class >= 0); | |
449 | assert(class < _IMAGE_CLASS_MAX); | |
450 | assert(name); | |
451 | ||
452 | /* There are no images with invalid names */ | |
453 | if (!image_name_is_valid(name)) | |
454 | return -ENOENT; | |
455 | ||
456 | NULSTR_FOREACH(path, image_search_path[class]) { | |
457 | _cleanup_free_ char *resolved = NULL; | |
458 | _cleanup_closedir_ DIR *d = NULL; | |
459 | struct stat st; | |
460 | int flags; | |
461 | ||
462 | r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d); | |
463 | if (r == -ENOENT) | |
464 | continue; | |
465 | if (r < 0) | |
466 | return r; | |
467 | ||
468 | /* As mentioned above, we follow symlinks on this fstatat(), because we want to permit people | |
469 | * to symlink block devices into the search path. (For now, we disable that when operating | |
470 | * relative to some root directory.) */ | |
471 | flags = root ? AT_SYMLINK_NOFOLLOW : 0; | |
472 | if (fstatat(dirfd(d), name, &st, flags) < 0) { | |
473 | _cleanup_free_ char *raw = NULL; | |
474 | ||
475 | if (errno != ENOENT) | |
476 | return -errno; | |
477 | ||
478 | raw = strjoin(name, ".raw"); | |
479 | if (!raw) | |
480 | return -ENOMEM; | |
481 | ||
482 | if (fstatat(dirfd(d), raw, &st, flags) < 0) { | |
483 | if (errno == ENOENT) | |
484 | continue; | |
485 | ||
486 | return -errno; | |
487 | } | |
488 | ||
489 | if (!S_ISREG(st.st_mode)) | |
490 | continue; | |
491 | ||
492 | r = image_make(class, name, dirfd(d), resolved, raw, &st, ret); | |
493 | ||
494 | } else { | |
495 | if (!S_ISDIR(st.st_mode) && !S_ISBLK(st.st_mode)) | |
496 | continue; | |
497 | ||
498 | r = image_make(class, name, dirfd(d), resolved, name, &st, ret); | |
499 | } | |
500 | if (IN_SET(r, -ENOENT, -EMEDIUMTYPE)) | |
501 | continue; | |
502 | if (r < 0) | |
503 | return r; | |
504 | ||
505 | if (ret) | |
506 | (*ret)->discoverable = true; | |
507 | ||
508 | return 1; | |
509 | } | |
510 | ||
511 | if (class == IMAGE_MACHINE && streq(name, ".host")) { | |
512 | r = image_make(class, ".host", AT_FDCWD, NULL, empty_to_root(root), NULL, ret); | |
513 | if (r < 0) | |
514 | return r; | |
515 | ||
516 | if (ret) | |
517 | (*ret)->discoverable = true; | |
518 | ||
519 | return r; | |
520 | } | |
521 | ||
522 | return -ENOENT; | |
523 | }; | |
524 | ||
525 | int image_from_path(const char *path, Image **ret) { | |
526 | ||
527 | /* Note that we don't set the 'discoverable' field of the returned object, because we don't check here whether | |
528 | * the image is in the image search path. And if it is we don't know if the path we used is actually not | |
529 | * overridden by another, different image earlier in the search path */ | |
530 | ||
531 | if (path_equal(path, "/")) | |
532 | return image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, "/", NULL, ret); | |
533 | ||
534 | return image_make(_IMAGE_CLASS_INVALID, NULL, AT_FDCWD, NULL, path, NULL, ret); | |
535 | } | |
536 | ||
537 | int image_find_harder(ImageClass class, const char *name_or_path, const char *root, Image **ret) { | |
538 | if (image_name_is_valid(name_or_path)) | |
539 | return image_find(class, name_or_path, root, ret); | |
540 | ||
541 | return image_from_path(name_or_path, ret); | |
542 | } | |
543 | ||
544 | int image_discover( | |
545 | ImageClass class, | |
546 | const char *root, | |
547 | Hashmap *h) { | |
548 | ||
549 | int r; | |
550 | ||
551 | assert(class >= 0); | |
552 | assert(class < _IMAGE_CLASS_MAX); | |
553 | assert(h); | |
554 | ||
555 | NULSTR_FOREACH(path, image_search_path[class]) { | |
556 | _cleanup_free_ char *resolved = NULL; | |
557 | _cleanup_closedir_ DIR *d = NULL; | |
558 | ||
559 | r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d); | |
560 | if (r == -ENOENT) | |
561 | continue; | |
562 | if (r < 0) | |
563 | return r; | |
564 | ||
565 | FOREACH_DIRENT_ALL(de, d, return -errno) { | |
566 | _cleanup_(image_unrefp) Image *image = NULL; | |
567 | _cleanup_free_ char *truncated = NULL; | |
568 | const char *pretty; | |
569 | struct stat st; | |
570 | int flags; | |
571 | ||
572 | if (dot_or_dot_dot(de->d_name)) | |
573 | continue; | |
574 | ||
575 | /* As mentioned above, we follow symlinks on this fstatat(), because we want to | |
576 | * permit people to symlink block devices into the search path. */ | |
577 | flags = root ? AT_SYMLINK_NOFOLLOW : 0; | |
578 | if (fstatat(dirfd(d), de->d_name, &st, flags) < 0) { | |
579 | if (errno == ENOENT) | |
580 | continue; | |
581 | ||
582 | return -errno; | |
583 | } | |
584 | ||
585 | if (S_ISREG(st.st_mode)) { | |
586 | const char *e; | |
587 | ||
588 | e = endswith(de->d_name, ".raw"); | |
589 | if (!e) | |
590 | continue; | |
591 | ||
592 | truncated = strndup(de->d_name, e - de->d_name); | |
593 | if (!truncated) | |
594 | return -ENOMEM; | |
595 | ||
596 | pretty = truncated; | |
597 | } else if (S_ISDIR(st.st_mode) || S_ISBLK(st.st_mode)) | |
598 | pretty = de->d_name; | |
599 | else | |
600 | continue; | |
601 | ||
602 | if (!image_name_is_valid(pretty)) | |
603 | continue; | |
604 | ||
605 | if (hashmap_contains(h, pretty)) | |
606 | continue; | |
607 | ||
608 | r = image_make(class, pretty, dirfd(d), resolved, de->d_name, &st, &image); | |
609 | if (IN_SET(r, -ENOENT, -EMEDIUMTYPE)) | |
610 | continue; | |
611 | if (r < 0) | |
612 | return r; | |
613 | ||
614 | image->discoverable = true; | |
615 | ||
616 | r = hashmap_put(h, image->name, image); | |
617 | if (r < 0) | |
618 | return r; | |
619 | ||
620 | image = NULL; | |
621 | } | |
622 | } | |
623 | ||
624 | if (class == IMAGE_MACHINE && !hashmap_contains(h, ".host")) { | |
625 | _cleanup_(image_unrefp) Image *image = NULL; | |
626 | ||
627 | r = image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, empty_to_root("/"), NULL, &image); | |
628 | if (r < 0) | |
629 | return r; | |
630 | ||
631 | image->discoverable = true; | |
632 | ||
633 | r = hashmap_put(h, image->name, image); | |
634 | if (r < 0) | |
635 | return r; | |
636 | ||
637 | image = NULL; | |
638 | } | |
639 | ||
640 | return 0; | |
641 | } | |
642 | ||
643 | int image_remove(Image *i) { | |
644 | _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT; | |
645 | _cleanup_strv_free_ char **settings = NULL; | |
646 | _cleanup_free_ char *roothash = NULL; | |
647 | int r; | |
648 | ||
649 | assert(i); | |
650 | ||
651 | if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i)) | |
652 | return -EROFS; | |
653 | ||
654 | settings = image_settings_path(i); | |
655 | if (!settings) | |
656 | return -ENOMEM; | |
657 | ||
658 | r = image_roothash_path(i, &roothash); | |
659 | if (r < 0) | |
660 | return r; | |
661 | ||
662 | /* Make sure we don't interfere with a running nspawn */ | |
663 | r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock); | |
664 | if (r < 0) | |
665 | return r; | |
666 | ||
667 | switch (i->type) { | |
668 | ||
669 | case IMAGE_SUBVOLUME: | |
670 | ||
671 | /* Let's unlink first, maybe it is a symlink? If that works we are happy. Otherwise, let's get out the | |
672 | * big guns */ | |
673 | if (unlink(i->path) < 0) { | |
674 | r = btrfs_subvol_remove(i->path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); | |
675 | if (r < 0) | |
676 | return r; | |
677 | } | |
678 | ||
679 | break; | |
680 | ||
681 | case IMAGE_DIRECTORY: | |
682 | /* Allow deletion of read-only directories */ | |
683 | (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL); | |
684 | r = rm_rf(i->path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME); | |
685 | if (r < 0) | |
686 | return r; | |
687 | ||
688 | break; | |
689 | ||
690 | case IMAGE_BLOCK: | |
691 | ||
692 | /* If this is inside of /dev, then it's a real block device, hence let's not touch the device node | |
693 | * itself (but let's remove the stuff stored alongside it). If it's anywhere else, let's try to unlink | |
694 | * the thing (it's most likely a symlink after all). */ | |
695 | ||
696 | if (path_startswith(i->path, "/dev")) | |
697 | break; | |
698 | ||
699 | _fallthrough_; | |
700 | case IMAGE_RAW: | |
701 | if (unlink(i->path) < 0) | |
702 | return -errno; | |
703 | break; | |
704 | ||
705 | default: | |
706 | return -EOPNOTSUPP; | |
707 | } | |
708 | ||
709 | STRV_FOREACH(j, settings) | |
710 | if (unlink(*j) < 0 && errno != ENOENT) | |
711 | log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", *j); | |
712 | ||
713 | if (unlink(roothash) < 0 && errno != ENOENT) | |
714 | log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", roothash); | |
715 | ||
716 | return 0; | |
717 | } | |
718 | ||
719 | static int rename_auxiliary_file(const char *path, const char *new_name, const char *suffix) { | |
720 | _cleanup_free_ char *fn = NULL, *rs = NULL; | |
721 | int r; | |
722 | ||
723 | fn = strjoin(new_name, suffix); | |
724 | if (!fn) | |
725 | return -ENOMEM; | |
726 | ||
727 | r = file_in_same_dir(path, fn, &rs); | |
728 | if (r < 0) | |
729 | return r; | |
730 | ||
731 | return rename_noreplace(AT_FDCWD, path, AT_FDCWD, rs); | |
732 | } | |
733 | ||
734 | int image_rename(Image *i, const char *new_name) { | |
735 | _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT, name_lock = LOCK_FILE_INIT; | |
736 | _cleanup_free_ char *new_path = NULL, *nn = NULL, *roothash = NULL; | |
737 | _cleanup_strv_free_ char **settings = NULL; | |
738 | unsigned file_attr = 0; | |
739 | int r; | |
740 | ||
741 | assert(i); | |
742 | ||
743 | if (!image_name_is_valid(new_name)) | |
744 | return -EINVAL; | |
745 | ||
746 | if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i)) | |
747 | return -EROFS; | |
748 | ||
749 | settings = image_settings_path(i); | |
750 | if (!settings) | |
751 | return -ENOMEM; | |
752 | ||
753 | r = image_roothash_path(i, &roothash); | |
754 | if (r < 0) | |
755 | return r; | |
756 | ||
757 | /* Make sure we don't interfere with a running nspawn */ | |
758 | r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock); | |
759 | if (r < 0) | |
760 | return r; | |
761 | ||
762 | /* Make sure nobody takes the new name, between the time we | |
763 | * checked it is currently unused in all search paths, and the | |
764 | * time we take possession of it */ | |
765 | r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock); | |
766 | if (r < 0) | |
767 | return r; | |
768 | ||
769 | r = image_find(IMAGE_MACHINE, new_name, NULL, NULL); | |
770 | if (r >= 0) | |
771 | return -EEXIST; | |
772 | if (r != -ENOENT) | |
773 | return r; | |
774 | ||
775 | switch (i->type) { | |
776 | ||
777 | case IMAGE_DIRECTORY: | |
778 | /* Turn of the immutable bit while we rename the image, so that we can rename it */ | |
779 | (void) read_attr_path(i->path, &file_attr); | |
780 | ||
781 | if (file_attr & FS_IMMUTABLE_FL) | |
782 | (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL); | |
783 | ||
784 | _fallthrough_; | |
785 | case IMAGE_SUBVOLUME: | |
786 | r = file_in_same_dir(i->path, new_name, &new_path); | |
787 | break; | |
788 | ||
789 | case IMAGE_BLOCK: | |
790 | ||
791 | /* Refuse renaming raw block devices in /dev, the names are picked by udev after all. */ | |
792 | if (path_startswith(i->path, "/dev")) | |
793 | return -EROFS; | |
794 | ||
795 | r = file_in_same_dir(i->path, new_name, &new_path); | |
796 | break; | |
797 | ||
798 | case IMAGE_RAW: { | |
799 | const char *fn; | |
800 | ||
801 | fn = strjoina(new_name, ".raw"); | |
802 | ||
803 | r = file_in_same_dir(i->path, fn, &new_path); | |
804 | break; | |
805 | } | |
806 | ||
807 | default: | |
808 | return -EOPNOTSUPP; | |
809 | } | |
810 | if (r < 0) | |
811 | return r; | |
812 | ||
813 | nn = strdup(new_name); | |
814 | if (!nn) | |
815 | return -ENOMEM; | |
816 | ||
817 | r = rename_noreplace(AT_FDCWD, i->path, AT_FDCWD, new_path); | |
818 | if (r < 0) | |
819 | return r; | |
820 | ||
821 | /* Restore the immutable bit, if it was set before */ | |
822 | if (file_attr & FS_IMMUTABLE_FL) | |
823 | (void) chattr_path(new_path, FS_IMMUTABLE_FL, FS_IMMUTABLE_FL, NULL); | |
824 | ||
825 | free_and_replace(i->path, new_path); | |
826 | free_and_replace(i->name, nn); | |
827 | ||
828 | STRV_FOREACH(j, settings) { | |
829 | r = rename_auxiliary_file(*j, new_name, ".nspawn"); | |
830 | if (r < 0 && r != -ENOENT) | |
831 | log_debug_errno(r, "Failed to rename settings file %s, ignoring: %m", *j); | |
832 | } | |
833 | ||
834 | r = rename_auxiliary_file(roothash, new_name, ".roothash"); | |
835 | if (r < 0 && r != -ENOENT) | |
836 | log_debug_errno(r, "Failed to rename roothash file %s, ignoring: %m", roothash); | |
837 | ||
838 | return 0; | |
839 | } | |
840 | ||
841 | static int clone_auxiliary_file(const char *path, const char *new_name, const char *suffix) { | |
842 | _cleanup_free_ char *fn = NULL, *rs = NULL; | |
843 | int r; | |
844 | ||
845 | fn = strjoin(new_name, suffix); | |
846 | if (!fn) | |
847 | return -ENOMEM; | |
848 | ||
849 | r = file_in_same_dir(path, fn, &rs); | |
850 | if (r < 0) | |
851 | return r; | |
852 | ||
853 | return copy_file_atomic(path, rs, 0664, COPY_REFLINK); | |
854 | } | |
855 | ||
856 | int image_clone(Image *i, const char *new_name, bool read_only) { | |
857 | _cleanup_(release_lock_file) LockFile name_lock = LOCK_FILE_INIT; | |
858 | _cleanup_strv_free_ char **settings = NULL; | |
859 | _cleanup_free_ char *roothash = NULL; | |
860 | const char *new_path; | |
861 | int r; | |
862 | ||
863 | assert(i); | |
864 | ||
865 | if (!image_name_is_valid(new_name)) | |
866 | return -EINVAL; | |
867 | ||
868 | settings = image_settings_path(i); | |
869 | if (!settings) | |
870 | return -ENOMEM; | |
871 | ||
872 | r = image_roothash_path(i, &roothash); | |
873 | if (r < 0) | |
874 | return r; | |
875 | ||
876 | /* Make sure nobody takes the new name, between the time we | |
877 | * checked it is currently unused in all search paths, and the | |
878 | * time we take possession of it */ | |
879 | r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock); | |
880 | if (r < 0) | |
881 | return r; | |
882 | ||
883 | r = image_find(IMAGE_MACHINE, new_name, NULL, NULL); | |
884 | if (r >= 0) | |
885 | return -EEXIST; | |
886 | if (r != -ENOENT) | |
887 | return r; | |
888 | ||
889 | switch (i->type) { | |
890 | ||
891 | case IMAGE_SUBVOLUME: | |
892 | case IMAGE_DIRECTORY: | |
893 | /* If we can we'll always try to create a new btrfs subvolume here, even if the source is a plain | |
894 | * directory. */ | |
895 | ||
896 | new_path = strjoina("/var/lib/machines/", new_name); | |
897 | ||
898 | r = btrfs_subvol_snapshot(i->path, new_path, | |
899 | (read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) | | |
900 | BTRFS_SNAPSHOT_FALLBACK_COPY | | |
901 | BTRFS_SNAPSHOT_FALLBACK_DIRECTORY | | |
902 | BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE | | |
903 | BTRFS_SNAPSHOT_RECURSIVE | | |
904 | BTRFS_SNAPSHOT_QUOTA); | |
905 | if (r >= 0) | |
906 | /* Enable "subtree" quotas for the copy, if we didn't copy any quota from the source. */ | |
907 | (void) btrfs_subvol_auto_qgroup(new_path, 0, true); | |
908 | ||
909 | break; | |
910 | ||
911 | case IMAGE_RAW: | |
912 | new_path = strjoina("/var/lib/machines/", new_name, ".raw"); | |
913 | ||
914 | r = copy_file_atomic_full(i->path, new_path, read_only ? 0444 : 0644, FS_NOCOW_FL, FS_NOCOW_FL, | |
915 | COPY_REFLINK|COPY_CRTIME, NULL, NULL); | |
916 | break; | |
917 | ||
918 | case IMAGE_BLOCK: | |
919 | default: | |
920 | return -EOPNOTSUPP; | |
921 | } | |
922 | ||
923 | if (r < 0) | |
924 | return r; | |
925 | ||
926 | STRV_FOREACH(j, settings) { | |
927 | r = clone_auxiliary_file(*j, new_name, ".nspawn"); | |
928 | if (r < 0 && r != -ENOENT) | |
929 | log_debug_errno(r, "Failed to clone settings %s, ignoring: %m", *j); | |
930 | } | |
931 | ||
932 | r = clone_auxiliary_file(roothash, new_name, ".roothash"); | |
933 | if (r < 0 && r != -ENOENT) | |
934 | log_debug_errno(r, "Failed to clone root hash file %s, ignoring: %m", roothash); | |
935 | ||
936 | return 0; | |
937 | } | |
938 | ||
939 | int image_read_only(Image *i, bool b) { | |
940 | _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT; | |
941 | int r; | |
942 | ||
943 | assert(i); | |
944 | ||
945 | if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i)) | |
946 | return -EROFS; | |
947 | ||
948 | /* Make sure we don't interfere with a running nspawn */ | |
949 | r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock); | |
950 | if (r < 0) | |
951 | return r; | |
952 | ||
953 | switch (i->type) { | |
954 | ||
955 | case IMAGE_SUBVOLUME: | |
956 | ||
957 | /* Note that we set the flag only on the top-level | |
958 | * subvolume of the image. */ | |
959 | ||
960 | r = btrfs_subvol_set_read_only(i->path, b); | |
961 | if (r < 0) | |
962 | return r; | |
963 | ||
964 | break; | |
965 | ||
966 | case IMAGE_DIRECTORY: | |
967 | /* For simple directory trees we cannot use the access | |
968 | mode of the top-level directory, since it has an | |
969 | effect on the container itself. However, we can | |
970 | use the "immutable" flag, to at least make the | |
971 | top-level directory read-only. It's not as good as | |
972 | a read-only subvolume, but at least something, and | |
973 | we can read the value back. */ | |
974 | ||
975 | r = chattr_path(i->path, b ? FS_IMMUTABLE_FL : 0, FS_IMMUTABLE_FL, NULL); | |
976 | if (r < 0) | |
977 | return r; | |
978 | ||
979 | break; | |
980 | ||
981 | case IMAGE_RAW: { | |
982 | struct stat st; | |
983 | ||
984 | if (stat(i->path, &st) < 0) | |
985 | return -errno; | |
986 | ||
987 | if (chmod(i->path, (st.st_mode & 0444) | (b ? 0000 : 0200)) < 0) | |
988 | return -errno; | |
989 | ||
990 | /* If the images is now read-only, it's a good time to | |
991 | * defrag it, given that no write patterns will | |
992 | * fragment it again. */ | |
993 | if (b) | |
994 | (void) btrfs_defrag(i->path); | |
995 | break; | |
996 | } | |
997 | ||
998 | case IMAGE_BLOCK: { | |
999 | _cleanup_close_ int fd = -EBADF; | |
1000 | struct stat st; | |
1001 | int state = b; | |
1002 | ||
1003 | fd = open(i->path, O_CLOEXEC|O_RDONLY|O_NONBLOCK|O_NOCTTY); | |
1004 | if (fd < 0) | |
1005 | return -errno; | |
1006 | ||
1007 | if (fstat(fd, &st) < 0) | |
1008 | return -errno; | |
1009 | if (!S_ISBLK(st.st_mode)) | |
1010 | return -ENOTTY; | |
1011 | ||
1012 | if (ioctl(fd, BLKROSET, &state) < 0) | |
1013 | return -errno; | |
1014 | ||
1015 | break; | |
1016 | } | |
1017 | ||
1018 | default: | |
1019 | return -EOPNOTSUPP; | |
1020 | } | |
1021 | ||
1022 | return 0; | |
1023 | } | |
1024 | ||
1025 | int image_path_lock(const char *path, int operation, LockFile *global, LockFile *local) { | |
1026 | _cleanup_free_ char *p = NULL; | |
1027 | LockFile t = LOCK_FILE_INIT; | |
1028 | struct stat st; | |
1029 | bool exclusive; | |
1030 | int r; | |
1031 | ||
1032 | assert(path); | |
1033 | assert(global); | |
1034 | assert(local); | |
1035 | ||
1036 | /* Locks an image path. This actually creates two locks: one "local" one, next to the image path | |
1037 | * itself, which might be shared via NFS. And another "global" one, in /run, that uses the | |
1038 | * device/inode number. This has the benefit that we can even lock a tree that is a mount point, | |
1039 | * correctly. */ | |
1040 | ||
1041 | if (!path_is_absolute(path)) | |
1042 | return -EINVAL; | |
1043 | ||
1044 | switch (operation & (LOCK_SH|LOCK_EX)) { | |
1045 | case LOCK_SH: | |
1046 | exclusive = false; | |
1047 | break; | |
1048 | case LOCK_EX: | |
1049 | exclusive = true; | |
1050 | break; | |
1051 | default: | |
1052 | return -EINVAL; | |
1053 | } | |
1054 | ||
1055 | if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) { | |
1056 | *local = *global = (LockFile) LOCK_FILE_INIT; | |
1057 | return 0; | |
1058 | } | |
1059 | ||
1060 | /* Prohibit taking exclusive locks on the host image. We can't allow this, since we ourselves are | |
1061 | * running off it after all, and we don't want any images to manipulate the host image. We make an | |
1062 | * exception for shared locks however: we allow those (and make them NOPs since there's no point in | |
1063 | * taking them if there can't be exclusive locks). Strictly speaking these are questionable as well, | |
1064 | * since it means changes made to the host might propagate to the container as they happen (and a | |
1065 | * shared lock kinda suggests that no changes happen at all while it is in place), but it's too | |
1066 | * useful not to allow read-only containers off the host root, hence let's support this, and trust | |
1067 | * the user to do the right thing with this. */ | |
1068 | if (path_equal(path, "/")) { | |
1069 | if (exclusive) | |
1070 | return -EBUSY; | |
1071 | ||
1072 | *local = *global = (LockFile) LOCK_FILE_INIT; | |
1073 | return 0; | |
1074 | } | |
1075 | ||
1076 | if (stat(path, &st) >= 0) { | |
1077 | if (S_ISBLK(st.st_mode)) | |
1078 | r = asprintf(&p, "/run/systemd/nspawn/locks/block-%u:%u", major(st.st_rdev), minor(st.st_rdev)); | |
1079 | else if (S_ISDIR(st.st_mode) || S_ISREG(st.st_mode)) | |
1080 | r = asprintf(&p, "/run/systemd/nspawn/locks/inode-%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino); | |
1081 | else | |
1082 | return -ENOTTY; | |
1083 | if (r < 0) | |
1084 | return -ENOMEM; | |
1085 | } | |
1086 | ||
1087 | /* For block devices we don't need the "local" lock, as the major/minor lock above should be | |
1088 | * sufficient, since block devices are host local anyway. */ | |
1089 | if (!path_startswith(path, "/dev/")) { | |
1090 | r = make_lock_file_for(path, operation, &t); | |
1091 | if (r < 0) { | |
1092 | if (!exclusive && r == -EROFS) | |
1093 | log_debug_errno(r, "Failed to create shared lock for '%s', ignoring: %m", path); | |
1094 | else | |
1095 | return r; | |
1096 | } | |
1097 | } | |
1098 | ||
1099 | if (p) { | |
1100 | (void) mkdir_p("/run/systemd/nspawn/locks", 0700); | |
1101 | ||
1102 | r = make_lock_file(p, operation, global); | |
1103 | if (r < 0) { | |
1104 | release_lock_file(&t); | |
1105 | return r; | |
1106 | } | |
1107 | } else | |
1108 | *global = (LockFile) LOCK_FILE_INIT; | |
1109 | ||
1110 | *local = t; | |
1111 | return 0; | |
1112 | } | |
1113 | ||
1114 | int image_set_limit(Image *i, uint64_t referenced_max) { | |
1115 | assert(i); | |
1116 | ||
1117 | if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i)) | |
1118 | return -EROFS; | |
1119 | ||
1120 | if (i->type != IMAGE_SUBVOLUME) | |
1121 | return -EOPNOTSUPP; | |
1122 | ||
1123 | /* We set the quota both for the subvolume as well as for the | |
1124 | * subtree. The latter is mostly for historical reasons, since | |
1125 | * we didn't use to have a concept of subtree quota, and hence | |
1126 | * only modified the subvolume quota. */ | |
1127 | ||
1128 | (void) btrfs_qgroup_set_limit(i->path, 0, referenced_max); | |
1129 | (void) btrfs_subvol_auto_qgroup(i->path, 0, true); | |
1130 | return btrfs_subvol_set_subtree_quota_limit(i->path, 0, referenced_max); | |
1131 | } | |
1132 | ||
1133 | int image_read_metadata(Image *i) { | |
1134 | _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT; | |
1135 | int r; | |
1136 | ||
1137 | assert(i); | |
1138 | ||
1139 | r = image_path_lock(i->path, LOCK_SH|LOCK_NB, &global_lock, &local_lock); | |
1140 | if (r < 0) | |
1141 | return r; | |
1142 | ||
1143 | switch (i->type) { | |
1144 | ||
1145 | case IMAGE_SUBVOLUME: | |
1146 | case IMAGE_DIRECTORY: { | |
1147 | _cleanup_strv_free_ char **machine_info = NULL, **os_release = NULL, **extension_release = NULL; | |
1148 | sd_id128_t machine_id = SD_ID128_NULL; | |
1149 | _cleanup_free_ char *hostname = NULL; | |
1150 | _cleanup_free_ char *path = NULL; | |
1151 | ||
1152 | r = chase("/etc/hostname", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL); | |
1153 | if (r < 0 && r != -ENOENT) | |
1154 | log_debug_errno(r, "Failed to chase /etc/hostname in image %s: %m", i->name); | |
1155 | else if (r >= 0) { | |
1156 | r = read_etc_hostname(path, &hostname); | |
1157 | if (r < 0) | |
1158 | log_debug_errno(errno, "Failed to read /etc/hostname of image %s: %m", i->name); | |
1159 | } | |
1160 | ||
1161 | path = mfree(path); | |
1162 | ||
1163 | r = chase("/etc/machine-id", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL); | |
1164 | if (r < 0 && r != -ENOENT) | |
1165 | log_debug_errno(r, "Failed to chase /etc/machine-id in image %s: %m", i->name); | |
1166 | else if (r >= 0) { | |
1167 | _cleanup_close_ int fd = -EBADF; | |
1168 | ||
1169 | fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY); | |
1170 | if (fd < 0) | |
1171 | log_debug_errno(errno, "Failed to open %s: %m", path); | |
1172 | else { | |
1173 | r = id128_read_fd(fd, ID128_FORMAT_PLAIN, &machine_id); | |
1174 | if (r < 0) | |
1175 | log_debug_errno(r, "Image %s contains invalid machine ID.", i->name); | |
1176 | } | |
1177 | } | |
1178 | ||
1179 | path = mfree(path); | |
1180 | ||
1181 | r = chase("/etc/machine-info", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL); | |
1182 | if (r < 0 && r != -ENOENT) | |
1183 | log_debug_errno(r, "Failed to chase /etc/machine-info in image %s: %m", i->name); | |
1184 | else if (r >= 0) { | |
1185 | r = load_env_file_pairs(NULL, path, &machine_info); | |
1186 | if (r < 0) | |
1187 | log_debug_errno(r, "Failed to parse machine-info data of %s: %m", i->name); | |
1188 | } | |
1189 | ||
1190 | r = load_os_release_pairs(i->path, &os_release); | |
1191 | if (r < 0) | |
1192 | log_debug_errno(r, "Failed to read os-release in image, ignoring: %m"); | |
1193 | ||
1194 | r = load_extension_release_pairs(i->path, i->name, /* relax_extension_release_check= */ false, &extension_release); | |
1195 | if (r < 0) | |
1196 | log_debug_errno(r, "Failed to read extension-release in image, ignoring: %m"); | |
1197 | ||
1198 | free_and_replace(i->hostname, hostname); | |
1199 | i->machine_id = machine_id; | |
1200 | strv_free_and_replace(i->machine_info, machine_info); | |
1201 | strv_free_and_replace(i->os_release, os_release); | |
1202 | strv_free_and_replace(i->extension_release, extension_release); | |
1203 | ||
1204 | break; | |
1205 | } | |
1206 | ||
1207 | case IMAGE_RAW: | |
1208 | case IMAGE_BLOCK: { | |
1209 | _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; | |
1210 | _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; | |
1211 | ||
1212 | r = loop_device_make_by_path(i->path, O_RDONLY, /* sector_size= */ UINT32_MAX, LO_FLAGS_PARTSCAN, LOCK_SH, &d); | |
1213 | if (r < 0) | |
1214 | return r; | |
1215 | ||
1216 | r = dissect_loop_device( | |
1217 | d, | |
1218 | NULL, NULL, | |
1219 | DISSECT_IMAGE_GENERIC_ROOT | | |
1220 | DISSECT_IMAGE_REQUIRE_ROOT | | |
1221 | DISSECT_IMAGE_RELAX_VAR_CHECK | | |
1222 | DISSECT_IMAGE_READ_ONLY | | |
1223 | DISSECT_IMAGE_USR_NO_ROOT | | |
1224 | DISSECT_IMAGE_ADD_PARTITION_DEVICES | | |
1225 | DISSECT_IMAGE_PIN_PARTITION_DEVICES, | |
1226 | &m); | |
1227 | if (r < 0) | |
1228 | return r; | |
1229 | ||
1230 | r = dissected_image_acquire_metadata(m, | |
1231 | DISSECT_IMAGE_VALIDATE_OS | | |
1232 | DISSECT_IMAGE_VALIDATE_OS_EXT); | |
1233 | if (r < 0) | |
1234 | return r; | |
1235 | ||
1236 | free_and_replace(i->hostname, m->hostname); | |
1237 | i->machine_id = m->machine_id; | |
1238 | strv_free_and_replace(i->machine_info, m->machine_info); | |
1239 | strv_free_and_replace(i->os_release, m->os_release); | |
1240 | strv_free_and_replace(i->extension_release, m->extension_release); | |
1241 | ||
1242 | break; | |
1243 | } | |
1244 | ||
1245 | default: | |
1246 | return -EOPNOTSUPP; | |
1247 | } | |
1248 | ||
1249 | i->metadata_valid = true; | |
1250 | ||
1251 | return 0; | |
1252 | } | |
1253 | ||
1254 | int image_name_lock(const char *name, int operation, LockFile *ret) { | |
1255 | const char *p; | |
1256 | ||
1257 | assert(name); | |
1258 | assert(ret); | |
1259 | ||
1260 | /* Locks an image name, regardless of the precise path used. */ | |
1261 | ||
1262 | if (streq(name, ".host")) | |
1263 | return -EBUSY; | |
1264 | ||
1265 | if (!image_name_is_valid(name)) | |
1266 | return -EINVAL; | |
1267 | ||
1268 | if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) { | |
1269 | *ret = (LockFile) LOCK_FILE_INIT; | |
1270 | return 0; | |
1271 | } | |
1272 | ||
1273 | (void) mkdir_p("/run/systemd/nspawn/locks", 0700); | |
1274 | ||
1275 | p = strjoina("/run/systemd/nspawn/locks/name-", name); | |
1276 | return make_lock_file(p, operation, ret); | |
1277 | } | |
1278 | ||
1279 | bool image_in_search_path( | |
1280 | ImageClass class, | |
1281 | const char *root, | |
1282 | const char *image) { | |
1283 | ||
1284 | assert(image); | |
1285 | ||
1286 | NULSTR_FOREACH(path, image_search_path[class]) { | |
1287 | const char *p, *q; | |
1288 | size_t k; | |
1289 | ||
1290 | if (!empty_or_root(root)) { | |
1291 | q = path_startswith(path, root); | |
1292 | if (!q) | |
1293 | continue; | |
1294 | } else | |
1295 | q = path; | |
1296 | ||
1297 | p = path_startswith(q, path); | |
1298 | if (!p) | |
1299 | continue; | |
1300 | ||
1301 | /* Make sure there's a filename following */ | |
1302 | k = strcspn(p, "/"); | |
1303 | if (k == 0) | |
1304 | continue; | |
1305 | ||
1306 | p += k; | |
1307 | ||
1308 | /* Accept trailing slashes */ | |
1309 | if (p[strspn(p, "/")] == 0) | |
1310 | return true; | |
1311 | ||
1312 | } | |
1313 | ||
1314 | return false; | |
1315 | } | |
1316 | ||
1317 | static const char* const image_type_table[_IMAGE_TYPE_MAX] = { | |
1318 | [IMAGE_DIRECTORY] = "directory", | |
1319 | [IMAGE_SUBVOLUME] = "subvolume", | |
1320 | [IMAGE_RAW] = "raw", | |
1321 | [IMAGE_BLOCK] = "block", | |
1322 | }; | |
1323 | ||
1324 | DEFINE_STRING_TABLE_LOOKUP(image_type, ImageType); | |
1325 | ||
1326 | static const char* const image_class_table[_IMAGE_CLASS_MAX] = { | |
1327 | [IMAGE_MACHINE] = "machine", | |
1328 | [IMAGE_PORTABLE] = "portable", | |
1329 | [IMAGE_EXTENSION] = "extension", | |
1330 | }; | |
1331 | ||
1332 | DEFINE_STRING_TABLE_LOOKUP(image_class, ImageClass); |