]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/shared/discover-image.c
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
rename extension-release.[c|h] -> extension-util.[c|h]
[thirdparty/systemd.git] / src / shared / discover-image.c
... / ...
CommitLineData
1/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3#include <errno.h>
4#include <fcntl.h>
5#include <linux/fs.h>
6#include <linux/loop.h>
7#include <linux/magic.h>
8#include <stdio.h>
9#include <stdlib.h>
10#include <sys/file.h>
11#include <sys/ioctl.h>
12#include <sys/stat.h>
13#include <unistd.h>
14
15#include "alloc-util.h"
16#include "btrfs-util.h"
17#include "chase.h"
18#include "chattr-util.h"
19#include "copy.h"
20#include "dirent-util.h"
21#include "discover-image.h"
22#include "dissect-image.h"
23#include "env-file.h"
24#include "env-util.h"
25#include "fd-util.h"
26#include "fs-util.h"
27#include "hashmap.h"
28#include "hostname-setup.h"
29#include "id128-util.h"
30#include "lock-util.h"
31#include "log.h"
32#include "loop-util.h"
33#include "macro.h"
34#include "mkdir.h"
35#include "nulstr-util.h"
36#include "os-util.h"
37#include "path-util.h"
38#include "rm-rf.h"
39#include "stat-util.h"
40#include "string-table.h"
41#include "string-util.h"
42#include "strv.h"
43#include "time-util.h"
44#include "utf8.h"
45#include "xattr-util.h"
46
47static const char* const image_search_path[_IMAGE_CLASS_MAX] = {
48 [IMAGE_MACHINE] = "/etc/machines\0" /* only place symlinks here */
49 "/run/machines\0" /* and here too */
50 "/var/lib/machines\0" /* the main place for images */
51 "/var/lib/container\0" /* legacy */
52 "/usr/local/lib/machines\0"
53 "/usr/lib/machines\0",
54
55 [IMAGE_PORTABLE] = "/etc/portables\0" /* only place symlinks here */
56 "/run/portables\0" /* and here too */
57 "/var/lib/portables\0" /* the main place for images */
58 "/usr/local/lib/portables\0"
59 "/usr/lib/portables\0",
60
61 [IMAGE_EXTENSION] = "/etc/extensions\0" /* only place symlinks here */
62 "/run/extensions\0" /* and here too */
63 "/var/lib/extensions\0" /* the main place for images */
64 "/usr/local/lib/extensions\0"
65 "/usr/lib/extensions\0",
66};
67
68static Image *image_free(Image *i) {
69 assert(i);
70
71 free(i->name);
72 free(i->path);
73
74 free(i->hostname);
75 strv_free(i->machine_info);
76 strv_free(i->os_release);
77 strv_free(i->extension_release);
78
79 return mfree(i);
80}
81
82DEFINE_TRIVIAL_REF_UNREF_FUNC(Image, image, image_free);
83DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(image_hash_ops, char, string_hash_func, string_compare_func,
84 Image, image_unref);
85
86static char **image_settings_path(Image *image) {
87 _cleanup_strv_free_ char **l = NULL;
88 _cleanup_free_ char *fn = NULL;
89 size_t i = 0;
90 int r;
91
92 assert(image);
93
94 l = new0(char*, 4);
95 if (!l)
96 return NULL;
97
98 fn = strjoin(image->name, ".nspawn");
99 if (!fn)
100 return NULL;
101
102 FOREACH_STRING(s, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
103 l[i] = path_join(s, fn);
104 if (!l[i])
105 return NULL;
106
107 i++;
108 }
109
110 r = file_in_same_dir(image->path, fn, l + i);
111 if (r == -ENOMEM)
112 return NULL;
113 if (r < 0)
114 log_debug_errno(r, "Failed to generate .nspawn settings path from image path, ignoring: %m");
115
116 strv_uniq(l);
117
118 return TAKE_PTR(l);
119}
120
121static int image_roothash_path(Image *image, char **ret) {
122 _cleanup_free_ char *fn = NULL;
123
124 assert(image);
125
126 fn = strjoin(image->name, ".roothash");
127 if (!fn)
128 return -ENOMEM;
129
130 return file_in_same_dir(image->path, fn, ret);
131}
132
133static int image_new(
134 ImageType t,
135 ImageClass c,
136 const char *pretty,
137 const char *path,
138 const char *filename,
139 bool read_only,
140 usec_t crtime,
141 usec_t mtime,
142 Image **ret) {
143
144 _cleanup_(image_unrefp) Image *i = NULL;
145
146 assert(t >= 0);
147 assert(t < _IMAGE_TYPE_MAX);
148 assert(pretty);
149 assert(filename);
150 assert(ret);
151
152 i = new(Image, 1);
153 if (!i)
154 return -ENOMEM;
155
156 *i = (Image) {
157 .n_ref = 1,
158 .type = t,
159 .class = c,
160 .read_only = read_only,
161 .crtime = crtime,
162 .mtime = mtime,
163 .usage = UINT64_MAX,
164 .usage_exclusive = UINT64_MAX,
165 .limit = UINT64_MAX,
166 .limit_exclusive = UINT64_MAX,
167 };
168
169 i->name = strdup(pretty);
170 if (!i->name)
171 return -ENOMEM;
172
173 i->path = path_join(path, filename);
174 if (!i->path)
175 return -ENOMEM;
176
177 path_simplify(i->path);
178
179 *ret = TAKE_PTR(i);
180
181 return 0;
182}
183
184static int extract_pretty(const char *path, const char *suffix, char **ret) {
185 _cleanup_free_ char *name = NULL;
186 const char *p;
187
188 assert(path);
189 assert(ret);
190
191 p = last_path_component(path);
192
193 name = strdupcspn(p, "/");
194 if (!name)
195 return -ENOMEM;
196
197 if (suffix) {
198 char *e;
199
200 e = endswith(name, suffix);
201 if (!e)
202 return -EINVAL;
203
204 *e = 0;
205 }
206
207 if (!image_name_is_valid(name))
208 return -EINVAL;
209
210 *ret = TAKE_PTR(name);
211 return 0;
212}
213
214static int image_make(
215 ImageClass c,
216 const char *pretty,
217 int dfd,
218 const char *path,
219 const char *filename,
220 const struct stat *st,
221 Image **ret) {
222
223 _cleanup_free_ char *pretty_buffer = NULL, *parent = NULL;
224 struct stat stbuf;
225 bool read_only;
226 int r;
227
228 assert(dfd >= 0 || dfd == AT_FDCWD);
229 assert(path || dfd == AT_FDCWD);
230 assert(filename);
231
232 /* We explicitly *do* follow symlinks here, since we want to allow symlinking trees, raw files and block
233 * devices into /var/lib/machines/, and treat them normally.
234 *
235 * This function returns -ENOENT if we can't find the image after all, and -EMEDIUMTYPE if it's not a file we
236 * recognize. */
237
238 if (!st) {
239 if (fstatat(dfd, filename, &stbuf, 0) < 0)
240 return -errno;
241
242 st = &stbuf;
243 }
244
245 if (!path) {
246 if (dfd == AT_FDCWD)
247 (void) safe_getcwd(&parent);
248 else
249 (void) fd_get_path(dfd, &parent);
250 }
251
252 read_only =
253 (path && path_startswith(path, "/usr")) ||
254 (faccessat(dfd, filename, W_OK, AT_EACCESS) < 0 && errno == EROFS);
255
256 if (S_ISDIR(st->st_mode)) {
257 _cleanup_close_ int fd = -EBADF;
258 unsigned file_attr = 0;
259 usec_t crtime = 0;
260
261 if (!ret)
262 return 0;
263
264 if (!pretty) {
265 r = extract_pretty(filename, NULL, &pretty_buffer);
266 if (r < 0)
267 return r;
268
269 pretty = pretty_buffer;
270 }
271
272 fd = openat(dfd, filename, O_CLOEXEC|O_NOCTTY|O_DIRECTORY);
273 if (fd < 0)
274 return -errno;
275
276 if (btrfs_might_be_subvol(st)) {
277
278 r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC);
279 if (r < 0)
280 return r;
281 if (r) {
282 BtrfsSubvolInfo info;
283
284 /* It's a btrfs subvolume */
285
286 r = btrfs_subvol_get_info_fd(fd, 0, &info);
287 if (r < 0)
288 return r;
289
290 r = image_new(IMAGE_SUBVOLUME,
291 c,
292 pretty,
293 path,
294 filename,
295 info.read_only || read_only,
296 info.otime,
297 0,
298 ret);
299 if (r < 0)
300 return r;
301
302 if (btrfs_quota_scan_ongoing(fd) == 0) {
303 BtrfsQuotaInfo quota;
304
305 r = btrfs_subvol_get_subtree_quota_fd(fd, 0, &quota);
306 if (r >= 0) {
307 (*ret)->usage = quota.referenced;
308 (*ret)->usage_exclusive = quota.exclusive;
309
310 (*ret)->limit = quota.referenced_max;
311 (*ret)->limit_exclusive = quota.exclusive_max;
312 }
313 }
314
315 return 0;
316 }
317 }
318
319 /* Get directory creation time (not available everywhere, but that's OK */
320 (void) fd_getcrtime(fd, &crtime);
321
322 /* If the IMMUTABLE bit is set, we consider the directory read-only. Since the ioctl is not
323 * supported everywhere we ignore failures. */
324 (void) read_attr_fd(fd, &file_attr);
325
326 /* It's just a normal directory. */
327 r = image_new(IMAGE_DIRECTORY,
328 c,
329 pretty,
330 path,
331 filename,
332 read_only || (file_attr & FS_IMMUTABLE_FL),
333 crtime,
334 0, /* we don't use mtime of stat() here, since it's not the time of last change of the tree, but only of the top-level dir */
335 ret);
336 if (r < 0)
337 return r;
338
339 return 0;
340
341 } else if (S_ISREG(st->st_mode) && endswith(filename, ".raw")) {
342 usec_t crtime = 0;
343
344 /* It's a RAW disk image */
345
346 if (!ret)
347 return 0;
348
349 (void) fd_getcrtime_at(dfd, filename, AT_SYMLINK_FOLLOW, &crtime);
350
351 if (!pretty) {
352 r = extract_pretty(filename, ".raw", &pretty_buffer);
353 if (r < 0)
354 return r;
355
356 pretty = pretty_buffer;
357 }
358
359 r = image_new(IMAGE_RAW,
360 c,
361 pretty,
362 path,
363 filename,
364 !(st->st_mode & 0222) || read_only,
365 crtime,
366 timespec_load(&st->st_mtim),
367 ret);
368 if (r < 0)
369 return r;
370
371 (*ret)->usage = (*ret)->usage_exclusive = st->st_blocks * 512;
372 (*ret)->limit = (*ret)->limit_exclusive = st->st_size;
373
374 return 0;
375
376 } else if (S_ISBLK(st->st_mode)) {
377 _cleanup_close_ int block_fd = -EBADF;
378 uint64_t size = UINT64_MAX;
379
380 /* A block device */
381
382 if (!ret)
383 return 0;
384
385 if (!pretty) {
386 r = extract_pretty(filename, NULL, &pretty_buffer);
387 if (r < 0)
388 return r;
389
390 pretty = pretty_buffer;
391 }
392
393 block_fd = openat(dfd, filename, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY);
394 if (block_fd < 0)
395 log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
396 else {
397 /* Refresh stat data after opening the node */
398 if (fstat(block_fd, &stbuf) < 0)
399 return -errno;
400 st = &stbuf;
401
402 if (!S_ISBLK(st->st_mode)) /* Verify that what we opened is actually what we think it is */
403 return -ENOTTY;
404
405 if (!read_only) {
406 int state = 0;
407
408 if (ioctl(block_fd, BLKROGET, &state) < 0)
409 log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
410 else if (state)
411 read_only = true;
412 }
413
414 if (ioctl(block_fd, BLKGETSIZE64, &size) < 0)
415 log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
416
417 block_fd = safe_close(block_fd);
418 }
419
420 r = image_new(IMAGE_BLOCK,
421 c,
422 pretty,
423 path,
424 filename,
425 !(st->st_mode & 0222) || read_only,
426 0,
427 0,
428 ret);
429 if (r < 0)
430 return r;
431
432 if (!IN_SET(size, 0, UINT64_MAX))
433 (*ret)->usage = (*ret)->usage_exclusive = (*ret)->limit = (*ret)->limit_exclusive = size;
434
435 return 0;
436 }
437
438 return -EMEDIUMTYPE;
439}
440
441int image_find(ImageClass class,
442 const char *name,
443 const char *root,
444 Image **ret) {
445
446 int r;
447
448 assert(class >= 0);
449 assert(class < _IMAGE_CLASS_MAX);
450 assert(name);
451
452 /* There are no images with invalid names */
453 if (!image_name_is_valid(name))
454 return -ENOENT;
455
456 NULSTR_FOREACH(path, image_search_path[class]) {
457 _cleanup_free_ char *resolved = NULL;
458 _cleanup_closedir_ DIR *d = NULL;
459 struct stat st;
460 int flags;
461
462 r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d);
463 if (r == -ENOENT)
464 continue;
465 if (r < 0)
466 return r;
467
468 /* As mentioned above, we follow symlinks on this fstatat(), because we want to permit people
469 * to symlink block devices into the search path. (For now, we disable that when operating
470 * relative to some root directory.) */
471 flags = root ? AT_SYMLINK_NOFOLLOW : 0;
472 if (fstatat(dirfd(d), name, &st, flags) < 0) {
473 _cleanup_free_ char *raw = NULL;
474
475 if (errno != ENOENT)
476 return -errno;
477
478 raw = strjoin(name, ".raw");
479 if (!raw)
480 return -ENOMEM;
481
482 if (fstatat(dirfd(d), raw, &st, flags) < 0) {
483 if (errno == ENOENT)
484 continue;
485
486 return -errno;
487 }
488
489 if (!S_ISREG(st.st_mode))
490 continue;
491
492 r = image_make(class, name, dirfd(d), resolved, raw, &st, ret);
493
494 } else {
495 if (!S_ISDIR(st.st_mode) && !S_ISBLK(st.st_mode))
496 continue;
497
498 r = image_make(class, name, dirfd(d), resolved, name, &st, ret);
499 }
500 if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
501 continue;
502 if (r < 0)
503 return r;
504
505 if (ret)
506 (*ret)->discoverable = true;
507
508 return 1;
509 }
510
511 if (class == IMAGE_MACHINE && streq(name, ".host")) {
512 r = image_make(class, ".host", AT_FDCWD, NULL, empty_to_root(root), NULL, ret);
513 if (r < 0)
514 return r;
515
516 if (ret)
517 (*ret)->discoverable = true;
518
519 return r;
520 }
521
522 return -ENOENT;
523};
524
525int image_from_path(const char *path, Image **ret) {
526
527 /* Note that we don't set the 'discoverable' field of the returned object, because we don't check here whether
528 * the image is in the image search path. And if it is we don't know if the path we used is actually not
529 * overridden by another, different image earlier in the search path */
530
531 if (path_equal(path, "/"))
532 return image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, "/", NULL, ret);
533
534 return image_make(_IMAGE_CLASS_INVALID, NULL, AT_FDCWD, NULL, path, NULL, ret);
535}
536
537int image_find_harder(ImageClass class, const char *name_or_path, const char *root, Image **ret) {
538 if (image_name_is_valid(name_or_path))
539 return image_find(class, name_or_path, root, ret);
540
541 return image_from_path(name_or_path, ret);
542}
543
544int image_discover(
545 ImageClass class,
546 const char *root,
547 Hashmap *h) {
548
549 int r;
550
551 assert(class >= 0);
552 assert(class < _IMAGE_CLASS_MAX);
553 assert(h);
554
555 NULSTR_FOREACH(path, image_search_path[class]) {
556 _cleanup_free_ char *resolved = NULL;
557 _cleanup_closedir_ DIR *d = NULL;
558
559 r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d);
560 if (r == -ENOENT)
561 continue;
562 if (r < 0)
563 return r;
564
565 FOREACH_DIRENT_ALL(de, d, return -errno) {
566 _cleanup_(image_unrefp) Image *image = NULL;
567 _cleanup_free_ char *truncated = NULL;
568 const char *pretty;
569 struct stat st;
570 int flags;
571
572 if (dot_or_dot_dot(de->d_name))
573 continue;
574
575 /* As mentioned above, we follow symlinks on this fstatat(), because we want to
576 * permit people to symlink block devices into the search path. */
577 flags = root ? AT_SYMLINK_NOFOLLOW : 0;
578 if (fstatat(dirfd(d), de->d_name, &st, flags) < 0) {
579 if (errno == ENOENT)
580 continue;
581
582 return -errno;
583 }
584
585 if (S_ISREG(st.st_mode)) {
586 const char *e;
587
588 e = endswith(de->d_name, ".raw");
589 if (!e)
590 continue;
591
592 truncated = strndup(de->d_name, e - de->d_name);
593 if (!truncated)
594 return -ENOMEM;
595
596 pretty = truncated;
597 } else if (S_ISDIR(st.st_mode) || S_ISBLK(st.st_mode))
598 pretty = de->d_name;
599 else
600 continue;
601
602 if (!image_name_is_valid(pretty))
603 continue;
604
605 if (hashmap_contains(h, pretty))
606 continue;
607
608 r = image_make(class, pretty, dirfd(d), resolved, de->d_name, &st, &image);
609 if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
610 continue;
611 if (r < 0)
612 return r;
613
614 image->discoverable = true;
615
616 r = hashmap_put(h, image->name, image);
617 if (r < 0)
618 return r;
619
620 image = NULL;
621 }
622 }
623
624 if (class == IMAGE_MACHINE && !hashmap_contains(h, ".host")) {
625 _cleanup_(image_unrefp) Image *image = NULL;
626
627 r = image_make(IMAGE_MACHINE, ".host", AT_FDCWD, NULL, empty_to_root("/"), NULL, &image);
628 if (r < 0)
629 return r;
630
631 image->discoverable = true;
632
633 r = hashmap_put(h, image->name, image);
634 if (r < 0)
635 return r;
636
637 image = NULL;
638 }
639
640 return 0;
641}
642
643int image_remove(Image *i) {
644 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
645 _cleanup_strv_free_ char **settings = NULL;
646 _cleanup_free_ char *roothash = NULL;
647 int r;
648
649 assert(i);
650
651 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
652 return -EROFS;
653
654 settings = image_settings_path(i);
655 if (!settings)
656 return -ENOMEM;
657
658 r = image_roothash_path(i, &roothash);
659 if (r < 0)
660 return r;
661
662 /* Make sure we don't interfere with a running nspawn */
663 r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
664 if (r < 0)
665 return r;
666
667 switch (i->type) {
668
669 case IMAGE_SUBVOLUME:
670
671 /* Let's unlink first, maybe it is a symlink? If that works we are happy. Otherwise, let's get out the
672 * big guns */
673 if (unlink(i->path) < 0) {
674 r = btrfs_subvol_remove(i->path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
675 if (r < 0)
676 return r;
677 }
678
679 break;
680
681 case IMAGE_DIRECTORY:
682 /* Allow deletion of read-only directories */
683 (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL);
684 r = rm_rf(i->path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
685 if (r < 0)
686 return r;
687
688 break;
689
690 case IMAGE_BLOCK:
691
692 /* If this is inside of /dev, then it's a real block device, hence let's not touch the device node
693 * itself (but let's remove the stuff stored alongside it). If it's anywhere else, let's try to unlink
694 * the thing (it's most likely a symlink after all). */
695
696 if (path_startswith(i->path, "/dev"))
697 break;
698
699 _fallthrough_;
700 case IMAGE_RAW:
701 if (unlink(i->path) < 0)
702 return -errno;
703 break;
704
705 default:
706 return -EOPNOTSUPP;
707 }
708
709 STRV_FOREACH(j, settings)
710 if (unlink(*j) < 0 && errno != ENOENT)
711 log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", *j);
712
713 if (unlink(roothash) < 0 && errno != ENOENT)
714 log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", roothash);
715
716 return 0;
717}
718
719static int rename_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
720 _cleanup_free_ char *fn = NULL, *rs = NULL;
721 int r;
722
723 fn = strjoin(new_name, suffix);
724 if (!fn)
725 return -ENOMEM;
726
727 r = file_in_same_dir(path, fn, &rs);
728 if (r < 0)
729 return r;
730
731 return rename_noreplace(AT_FDCWD, path, AT_FDCWD, rs);
732}
733
734int image_rename(Image *i, const char *new_name) {
735 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT, name_lock = LOCK_FILE_INIT;
736 _cleanup_free_ char *new_path = NULL, *nn = NULL, *roothash = NULL;
737 _cleanup_strv_free_ char **settings = NULL;
738 unsigned file_attr = 0;
739 int r;
740
741 assert(i);
742
743 if (!image_name_is_valid(new_name))
744 return -EINVAL;
745
746 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
747 return -EROFS;
748
749 settings = image_settings_path(i);
750 if (!settings)
751 return -ENOMEM;
752
753 r = image_roothash_path(i, &roothash);
754 if (r < 0)
755 return r;
756
757 /* Make sure we don't interfere with a running nspawn */
758 r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
759 if (r < 0)
760 return r;
761
762 /* Make sure nobody takes the new name, between the time we
763 * checked it is currently unused in all search paths, and the
764 * time we take possession of it */
765 r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock);
766 if (r < 0)
767 return r;
768
769 r = image_find(IMAGE_MACHINE, new_name, NULL, NULL);
770 if (r >= 0)
771 return -EEXIST;
772 if (r != -ENOENT)
773 return r;
774
775 switch (i->type) {
776
777 case IMAGE_DIRECTORY:
778 /* Turn of the immutable bit while we rename the image, so that we can rename it */
779 (void) read_attr_path(i->path, &file_attr);
780
781 if (file_attr & FS_IMMUTABLE_FL)
782 (void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL);
783
784 _fallthrough_;
785 case IMAGE_SUBVOLUME:
786 r = file_in_same_dir(i->path, new_name, &new_path);
787 break;
788
789 case IMAGE_BLOCK:
790
791 /* Refuse renaming raw block devices in /dev, the names are picked by udev after all. */
792 if (path_startswith(i->path, "/dev"))
793 return -EROFS;
794
795 r = file_in_same_dir(i->path, new_name, &new_path);
796 break;
797
798 case IMAGE_RAW: {
799 const char *fn;
800
801 fn = strjoina(new_name, ".raw");
802
803 r = file_in_same_dir(i->path, fn, &new_path);
804 break;
805 }
806
807 default:
808 return -EOPNOTSUPP;
809 }
810 if (r < 0)
811 return r;
812
813 nn = strdup(new_name);
814 if (!nn)
815 return -ENOMEM;
816
817 r = rename_noreplace(AT_FDCWD, i->path, AT_FDCWD, new_path);
818 if (r < 0)
819 return r;
820
821 /* Restore the immutable bit, if it was set before */
822 if (file_attr & FS_IMMUTABLE_FL)
823 (void) chattr_path(new_path, FS_IMMUTABLE_FL, FS_IMMUTABLE_FL, NULL);
824
825 free_and_replace(i->path, new_path);
826 free_and_replace(i->name, nn);
827
828 STRV_FOREACH(j, settings) {
829 r = rename_auxiliary_file(*j, new_name, ".nspawn");
830 if (r < 0 && r != -ENOENT)
831 log_debug_errno(r, "Failed to rename settings file %s, ignoring: %m", *j);
832 }
833
834 r = rename_auxiliary_file(roothash, new_name, ".roothash");
835 if (r < 0 && r != -ENOENT)
836 log_debug_errno(r, "Failed to rename roothash file %s, ignoring: %m", roothash);
837
838 return 0;
839}
840
841static int clone_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
842 _cleanup_free_ char *fn = NULL, *rs = NULL;
843 int r;
844
845 fn = strjoin(new_name, suffix);
846 if (!fn)
847 return -ENOMEM;
848
849 r = file_in_same_dir(path, fn, &rs);
850 if (r < 0)
851 return r;
852
853 return copy_file_atomic(path, rs, 0664, COPY_REFLINK);
854}
855
856int image_clone(Image *i, const char *new_name, bool read_only) {
857 _cleanup_(release_lock_file) LockFile name_lock = LOCK_FILE_INIT;
858 _cleanup_strv_free_ char **settings = NULL;
859 _cleanup_free_ char *roothash = NULL;
860 const char *new_path;
861 int r;
862
863 assert(i);
864
865 if (!image_name_is_valid(new_name))
866 return -EINVAL;
867
868 settings = image_settings_path(i);
869 if (!settings)
870 return -ENOMEM;
871
872 r = image_roothash_path(i, &roothash);
873 if (r < 0)
874 return r;
875
876 /* Make sure nobody takes the new name, between the time we
877 * checked it is currently unused in all search paths, and the
878 * time we take possession of it */
879 r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock);
880 if (r < 0)
881 return r;
882
883 r = image_find(IMAGE_MACHINE, new_name, NULL, NULL);
884 if (r >= 0)
885 return -EEXIST;
886 if (r != -ENOENT)
887 return r;
888
889 switch (i->type) {
890
891 case IMAGE_SUBVOLUME:
892 case IMAGE_DIRECTORY:
893 /* If we can we'll always try to create a new btrfs subvolume here, even if the source is a plain
894 * directory. */
895
896 new_path = strjoina("/var/lib/machines/", new_name);
897
898 r = btrfs_subvol_snapshot(i->path, new_path,
899 (read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) |
900 BTRFS_SNAPSHOT_FALLBACK_COPY |
901 BTRFS_SNAPSHOT_FALLBACK_DIRECTORY |
902 BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE |
903 BTRFS_SNAPSHOT_RECURSIVE |
904 BTRFS_SNAPSHOT_QUOTA);
905 if (r >= 0)
906 /* Enable "subtree" quotas for the copy, if we didn't copy any quota from the source. */
907 (void) btrfs_subvol_auto_qgroup(new_path, 0, true);
908
909 break;
910
911 case IMAGE_RAW:
912 new_path = strjoina("/var/lib/machines/", new_name, ".raw");
913
914 r = copy_file_atomic_full(i->path, new_path, read_only ? 0444 : 0644, FS_NOCOW_FL, FS_NOCOW_FL,
915 COPY_REFLINK|COPY_CRTIME, NULL, NULL);
916 break;
917
918 case IMAGE_BLOCK:
919 default:
920 return -EOPNOTSUPP;
921 }
922
923 if (r < 0)
924 return r;
925
926 STRV_FOREACH(j, settings) {
927 r = clone_auxiliary_file(*j, new_name, ".nspawn");
928 if (r < 0 && r != -ENOENT)
929 log_debug_errno(r, "Failed to clone settings %s, ignoring: %m", *j);
930 }
931
932 r = clone_auxiliary_file(roothash, new_name, ".roothash");
933 if (r < 0 && r != -ENOENT)
934 log_debug_errno(r, "Failed to clone root hash file %s, ignoring: %m", roothash);
935
936 return 0;
937}
938
939int image_read_only(Image *i, bool b) {
940 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
941 int r;
942
943 assert(i);
944
945 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
946 return -EROFS;
947
948 /* Make sure we don't interfere with a running nspawn */
949 r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
950 if (r < 0)
951 return r;
952
953 switch (i->type) {
954
955 case IMAGE_SUBVOLUME:
956
957 /* Note that we set the flag only on the top-level
958 * subvolume of the image. */
959
960 r = btrfs_subvol_set_read_only(i->path, b);
961 if (r < 0)
962 return r;
963
964 break;
965
966 case IMAGE_DIRECTORY:
967 /* For simple directory trees we cannot use the access
968 mode of the top-level directory, since it has an
969 effect on the container itself. However, we can
970 use the "immutable" flag, to at least make the
971 top-level directory read-only. It's not as good as
972 a read-only subvolume, but at least something, and
973 we can read the value back. */
974
975 r = chattr_path(i->path, b ? FS_IMMUTABLE_FL : 0, FS_IMMUTABLE_FL, NULL);
976 if (r < 0)
977 return r;
978
979 break;
980
981 case IMAGE_RAW: {
982 struct stat st;
983
984 if (stat(i->path, &st) < 0)
985 return -errno;
986
987 if (chmod(i->path, (st.st_mode & 0444) | (b ? 0000 : 0200)) < 0)
988 return -errno;
989
990 /* If the images is now read-only, it's a good time to
991 * defrag it, given that no write patterns will
992 * fragment it again. */
993 if (b)
994 (void) btrfs_defrag(i->path);
995 break;
996 }
997
998 case IMAGE_BLOCK: {
999 _cleanup_close_ int fd = -EBADF;
1000 struct stat st;
1001 int state = b;
1002
1003 fd = open(i->path, O_CLOEXEC|O_RDONLY|O_NONBLOCK|O_NOCTTY);
1004 if (fd < 0)
1005 return -errno;
1006
1007 if (fstat(fd, &st) < 0)
1008 return -errno;
1009 if (!S_ISBLK(st.st_mode))
1010 return -ENOTTY;
1011
1012 if (ioctl(fd, BLKROSET, &state) < 0)
1013 return -errno;
1014
1015 break;
1016 }
1017
1018 default:
1019 return -EOPNOTSUPP;
1020 }
1021
1022 return 0;
1023}
1024
1025int image_path_lock(const char *path, int operation, LockFile *global, LockFile *local) {
1026 _cleanup_free_ char *p = NULL;
1027 LockFile t = LOCK_FILE_INIT;
1028 struct stat st;
1029 bool exclusive;
1030 int r;
1031
1032 assert(path);
1033 assert(global);
1034 assert(local);
1035
1036 /* Locks an image path. This actually creates two locks: one "local" one, next to the image path
1037 * itself, which might be shared via NFS. And another "global" one, in /run, that uses the
1038 * device/inode number. This has the benefit that we can even lock a tree that is a mount point,
1039 * correctly. */
1040
1041 if (!path_is_absolute(path))
1042 return -EINVAL;
1043
1044 switch (operation & (LOCK_SH|LOCK_EX)) {
1045 case LOCK_SH:
1046 exclusive = false;
1047 break;
1048 case LOCK_EX:
1049 exclusive = true;
1050 break;
1051 default:
1052 return -EINVAL;
1053 }
1054
1055 if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
1056 *local = *global = (LockFile) LOCK_FILE_INIT;
1057 return 0;
1058 }
1059
1060 /* Prohibit taking exclusive locks on the host image. We can't allow this, since we ourselves are
1061 * running off it after all, and we don't want any images to manipulate the host image. We make an
1062 * exception for shared locks however: we allow those (and make them NOPs since there's no point in
1063 * taking them if there can't be exclusive locks). Strictly speaking these are questionable as well,
1064 * since it means changes made to the host might propagate to the container as they happen (and a
1065 * shared lock kinda suggests that no changes happen at all while it is in place), but it's too
1066 * useful not to allow read-only containers off the host root, hence let's support this, and trust
1067 * the user to do the right thing with this. */
1068 if (path_equal(path, "/")) {
1069 if (exclusive)
1070 return -EBUSY;
1071
1072 *local = *global = (LockFile) LOCK_FILE_INIT;
1073 return 0;
1074 }
1075
1076 if (stat(path, &st) >= 0) {
1077 if (S_ISBLK(st.st_mode))
1078 r = asprintf(&p, "/run/systemd/nspawn/locks/block-%u:%u", major(st.st_rdev), minor(st.st_rdev));
1079 else if (S_ISDIR(st.st_mode) || S_ISREG(st.st_mode))
1080 r = asprintf(&p, "/run/systemd/nspawn/locks/inode-%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino);
1081 else
1082 return -ENOTTY;
1083 if (r < 0)
1084 return -ENOMEM;
1085 }
1086
1087 /* For block devices we don't need the "local" lock, as the major/minor lock above should be
1088 * sufficient, since block devices are host local anyway. */
1089 if (!path_startswith(path, "/dev/")) {
1090 r = make_lock_file_for(path, operation, &t);
1091 if (r < 0) {
1092 if (!exclusive && r == -EROFS)
1093 log_debug_errno(r, "Failed to create shared lock for '%s', ignoring: %m", path);
1094 else
1095 return r;
1096 }
1097 }
1098
1099 if (p) {
1100 (void) mkdir_p("/run/systemd/nspawn/locks", 0700);
1101
1102 r = make_lock_file(p, operation, global);
1103 if (r < 0) {
1104 release_lock_file(&t);
1105 return r;
1106 }
1107 } else
1108 *global = (LockFile) LOCK_FILE_INIT;
1109
1110 *local = t;
1111 return 0;
1112}
1113
1114int image_set_limit(Image *i, uint64_t referenced_max) {
1115 assert(i);
1116
1117 if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
1118 return -EROFS;
1119
1120 if (i->type != IMAGE_SUBVOLUME)
1121 return -EOPNOTSUPP;
1122
1123 /* We set the quota both for the subvolume as well as for the
1124 * subtree. The latter is mostly for historical reasons, since
1125 * we didn't use to have a concept of subtree quota, and hence
1126 * only modified the subvolume quota. */
1127
1128 (void) btrfs_qgroup_set_limit(i->path, 0, referenced_max);
1129 (void) btrfs_subvol_auto_qgroup(i->path, 0, true);
1130 return btrfs_subvol_set_subtree_quota_limit(i->path, 0, referenced_max);
1131}
1132
1133int image_read_metadata(Image *i) {
1134 _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
1135 int r;
1136
1137 assert(i);
1138
1139 r = image_path_lock(i->path, LOCK_SH|LOCK_NB, &global_lock, &local_lock);
1140 if (r < 0)
1141 return r;
1142
1143 switch (i->type) {
1144
1145 case IMAGE_SUBVOLUME:
1146 case IMAGE_DIRECTORY: {
1147 _cleanup_strv_free_ char **machine_info = NULL, **os_release = NULL, **extension_release = NULL;
1148 sd_id128_t machine_id = SD_ID128_NULL;
1149 _cleanup_free_ char *hostname = NULL;
1150 _cleanup_free_ char *path = NULL;
1151
1152 r = chase("/etc/hostname", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
1153 if (r < 0 && r != -ENOENT)
1154 log_debug_errno(r, "Failed to chase /etc/hostname in image %s: %m", i->name);
1155 else if (r >= 0) {
1156 r = read_etc_hostname(path, &hostname);
1157 if (r < 0)
1158 log_debug_errno(errno, "Failed to read /etc/hostname of image %s: %m", i->name);
1159 }
1160
1161 path = mfree(path);
1162
1163 r = chase("/etc/machine-id", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
1164 if (r < 0 && r != -ENOENT)
1165 log_debug_errno(r, "Failed to chase /etc/machine-id in image %s: %m", i->name);
1166 else if (r >= 0) {
1167 _cleanup_close_ int fd = -EBADF;
1168
1169 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
1170 if (fd < 0)
1171 log_debug_errno(errno, "Failed to open %s: %m", path);
1172 else {
1173 r = id128_read_fd(fd, ID128_FORMAT_PLAIN, &machine_id);
1174 if (r < 0)
1175 log_debug_errno(r, "Image %s contains invalid machine ID.", i->name);
1176 }
1177 }
1178
1179 path = mfree(path);
1180
1181 r = chase("/etc/machine-info", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
1182 if (r < 0 && r != -ENOENT)
1183 log_debug_errno(r, "Failed to chase /etc/machine-info in image %s: %m", i->name);
1184 else if (r >= 0) {
1185 r = load_env_file_pairs(NULL, path, &machine_info);
1186 if (r < 0)
1187 log_debug_errno(r, "Failed to parse machine-info data of %s: %m", i->name);
1188 }
1189
1190 r = load_os_release_pairs(i->path, &os_release);
1191 if (r < 0)
1192 log_debug_errno(r, "Failed to read os-release in image, ignoring: %m");
1193
1194 r = load_extension_release_pairs(i->path, i->name, /* relax_extension_release_check= */ false, &extension_release);
1195 if (r < 0)
1196 log_debug_errno(r, "Failed to read extension-release in image, ignoring: %m");
1197
1198 free_and_replace(i->hostname, hostname);
1199 i->machine_id = machine_id;
1200 strv_free_and_replace(i->machine_info, machine_info);
1201 strv_free_and_replace(i->os_release, os_release);
1202 strv_free_and_replace(i->extension_release, extension_release);
1203
1204 break;
1205 }
1206
1207 case IMAGE_RAW:
1208 case IMAGE_BLOCK: {
1209 _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
1210 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
1211
1212 r = loop_device_make_by_path(i->path, O_RDONLY, /* sector_size= */ UINT32_MAX, LO_FLAGS_PARTSCAN, LOCK_SH, &d);
1213 if (r < 0)
1214 return r;
1215
1216 r = dissect_loop_device(
1217 d,
1218 NULL, NULL,
1219 DISSECT_IMAGE_GENERIC_ROOT |
1220 DISSECT_IMAGE_REQUIRE_ROOT |
1221 DISSECT_IMAGE_RELAX_VAR_CHECK |
1222 DISSECT_IMAGE_READ_ONLY |
1223 DISSECT_IMAGE_USR_NO_ROOT |
1224 DISSECT_IMAGE_ADD_PARTITION_DEVICES |
1225 DISSECT_IMAGE_PIN_PARTITION_DEVICES,
1226 &m);
1227 if (r < 0)
1228 return r;
1229
1230 r = dissected_image_acquire_metadata(m,
1231 DISSECT_IMAGE_VALIDATE_OS |
1232 DISSECT_IMAGE_VALIDATE_OS_EXT);
1233 if (r < 0)
1234 return r;
1235
1236 free_and_replace(i->hostname, m->hostname);
1237 i->machine_id = m->machine_id;
1238 strv_free_and_replace(i->machine_info, m->machine_info);
1239 strv_free_and_replace(i->os_release, m->os_release);
1240 strv_free_and_replace(i->extension_release, m->extension_release);
1241
1242 break;
1243 }
1244
1245 default:
1246 return -EOPNOTSUPP;
1247 }
1248
1249 i->metadata_valid = true;
1250
1251 return 0;
1252}
1253
1254int image_name_lock(const char *name, int operation, LockFile *ret) {
1255 const char *p;
1256
1257 assert(name);
1258 assert(ret);
1259
1260 /* Locks an image name, regardless of the precise path used. */
1261
1262 if (streq(name, ".host"))
1263 return -EBUSY;
1264
1265 if (!image_name_is_valid(name))
1266 return -EINVAL;
1267
1268 if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
1269 *ret = (LockFile) LOCK_FILE_INIT;
1270 return 0;
1271 }
1272
1273 (void) mkdir_p("/run/systemd/nspawn/locks", 0700);
1274
1275 p = strjoina("/run/systemd/nspawn/locks/name-", name);
1276 return make_lock_file(p, operation, ret);
1277}
1278
1279bool image_in_search_path(
1280 ImageClass class,
1281 const char *root,
1282 const char *image) {
1283
1284 assert(image);
1285
1286 NULSTR_FOREACH(path, image_search_path[class]) {
1287 const char *p, *q;
1288 size_t k;
1289
1290 if (!empty_or_root(root)) {
1291 q = path_startswith(path, root);
1292 if (!q)
1293 continue;
1294 } else
1295 q = path;
1296
1297 p = path_startswith(q, path);
1298 if (!p)
1299 continue;
1300
1301 /* Make sure there's a filename following */
1302 k = strcspn(p, "/");
1303 if (k == 0)
1304 continue;
1305
1306 p += k;
1307
1308 /* Accept trailing slashes */
1309 if (p[strspn(p, "/")] == 0)
1310 return true;
1311
1312 }
1313
1314 return false;
1315}
1316
1317static const char* const image_type_table[_IMAGE_TYPE_MAX] = {
1318 [IMAGE_DIRECTORY] = "directory",
1319 [IMAGE_SUBVOLUME] = "subvolume",
1320 [IMAGE_RAW] = "raw",
1321 [IMAGE_BLOCK] = "block",
1322};
1323
1324DEFINE_STRING_TABLE_LOOKUP(image_type, ImageType);
1325
1326static const char* const image_class_table[_IMAGE_CLASS_MAX] = {
1327 [IMAGE_MACHINE] = "machine",
1328 [IMAGE_PORTABLE] = "portable",
1329 [IMAGE_EXTENSION] = "extension",
1330};
1331
1332DEFINE_STRING_TABLE_LOOKUP(image_class, ImageClass);
Unnamed repository; edit this file 'description' to name the repository.