]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/fs-util.c
567f4af1cad04064c01b742b4107d8ccf90bc6ce
1 /* SPDX-License-Identifier: LGPL-2.1+ */
9 #include <linux/magic.h>
13 #include "alloc-util.h"
14 #include "dirent-util.h"
22 #include "parse-util.h"
23 #include "path-util.h"
24 #include "process-util.h"
25 #include "stat-util.h"
26 #include "stdio-util.h"
27 #include "string-util.h"
29 #include "time-util.h"
30 #include "user-util.h"
33 int unlink_noerrno ( const char * path
) {
44 int rmdir_parents ( const char * path
, const char * stop
) {
53 /* Skip trailing slashes */
54 while ( l
> 0 && path
[ l
- 1 ] == '/' )
60 /* Skip last component */
61 while ( l
> 0 && path
[ l
- 1 ] != '/' )
64 /* Skip trailing slashes */
65 while ( l
> 0 && path
[ l
- 1 ] == '/' )
75 if ( path_startswith ( stop
, t
)) {
91 int rename_noreplace ( int olddirfd
, const char * oldpath
, int newdirfd
, const char * newpath
) {
95 ret
= renameat2 ( olddirfd
, oldpath
, newdirfd
, newpath
, RENAME_NOREPLACE
);
99 /* renameat2() exists since Linux 3.15, btrfs added support for it later.
100 * If it is not implemented, fallback to another method. */
101 if (! IN_SET ( errno
, EINVAL
, ENOSYS
))
104 /* The link()/unlink() fallback does not work on directories. But
105 * renameat() without RENAME_NOREPLACE gives the same semantics on
106 * directories, except when newpath is an *empty* directory. This is
108 ret
= fstatat ( olddirfd
, oldpath
, & buf
, AT_SYMLINK_NOFOLLOW
);
109 if ( ret
>= 0 && S_ISDIR ( buf
. st_mode
)) {
110 ret
= renameat ( olddirfd
, oldpath
, newdirfd
, newpath
);
111 return ret
>= 0 ? 0 : - errno
;
114 /* If it is not a directory, use the link()/unlink() fallback. */
115 ret
= linkat ( olddirfd
, oldpath
, newdirfd
, newpath
, 0 );
119 ret
= unlinkat ( olddirfd
, oldpath
, 0 );
121 /* backup errno before the following unlinkat() alters it */
123 ( void ) unlinkat ( newdirfd
, newpath
, 0 );
131 int readlinkat_malloc ( int fd
, const char * p
, char ** ret
) {
146 n
= readlinkat ( fd
, p
, c
, l
- 1 );
153 if (( size_t ) n
< l
- 1 ) {
164 int readlink_malloc ( const char * p
, char ** ret
) {
165 return readlinkat_malloc ( AT_FDCWD
, p
, ret
);
168 int readlink_value ( const char * p
, char ** ret
) {
169 _cleanup_free_
char * link
= NULL
;
173 r
= readlink_malloc ( p
, & link
);
177 value
= basename ( link
);
181 value
= strdup ( value
);
190 int readlink_and_make_absolute ( const char * p
, char ** r
) {
191 _cleanup_free_
char * target
= NULL
;
198 j
= readlink_malloc ( p
, & target
);
202 k
= file_in_same_dir ( p
, target
);
210 int chmod_and_chown ( const char * path
, mode_t mode
, uid_t uid
, gid_t gid
) {
213 /* Under the assumption that we are running privileged we
214 * first change the access mode and only then hand out
215 * ownership to avoid a window where access is too open. */
217 if ( mode
!= MODE_INVALID
)
218 if ( chmod ( path
, mode
) < 0 )
221 if ( uid
!= UID_INVALID
|| gid
!= GID_INVALID
)
222 if ( chown ( path
, uid
, gid
) < 0 )
228 int fchmod_and_chown ( int fd
, mode_t mode
, uid_t uid
, gid_t gid
) {
229 /* Under the assumption that we are running privileged we
230 * first change the access mode and only then hand out
231 * ownership to avoid a window where access is too open. */
233 if ( mode
!= MODE_INVALID
)
234 if ( fchmod ( fd
, mode
) < 0 )
237 if ( uid
!= UID_INVALID
|| gid
!= GID_INVALID
)
238 if ( fchown ( fd
, uid
, gid
) < 0 )
244 int fchmod_umask ( int fd
, mode_t m
) {
249 r
= fchmod ( fd
, m
& (~ u
)) < 0 ? - errno
: 0 ;
255 int fchmod_opath ( int fd
, mode_t m
) {
256 char procfs_path
[ STRLEN ( "/proc/self/fd/" ) + DECIMAL_STR_MAX ( int )];
258 /* This function operates also on fd that might have been opened with
259 * O_PATH. Indeed fchmodat() doesn't have the AT_EMPTY_PATH flag like
260 * fchownat() does. */
262 xsprintf ( procfs_path
, "/proc/self/fd/%i" , fd
);
264 if ( chmod ( procfs_path
, m
) < 0 )
270 int fd_warn_permissions ( const char * path
, int fd
) {
273 if ( fstat ( fd
, & st
) < 0 )
276 if ( st
. st_mode
& 0111 )
277 log_warning ( "Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway." , path
);
279 if ( st
. st_mode
& 0002 )
280 log_warning ( "Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway." , path
);
282 if ( getpid_cached () == 1 && ( st
. st_mode
& 0044 ) != 0044 )
283 log_warning ( "Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway." , path
);
288 int touch_file ( const char * path
, bool parents
, usec_t stamp
, uid_t uid
, gid_t gid
, mode_t mode
) {
289 char fdpath
[ STRLEN ( "/proc/self/fd/" ) + DECIMAL_STR_MAX ( int )];
290 _cleanup_close_
int fd
= - 1 ;
295 /* Note that touch_file() does not follow symlinks: if invoked on an existing symlink, then it is the symlink
296 * itself which is updated, not its target
298 * Returns the first error we encounter, but tries to apply as much as possible. */
301 ( void ) mkdir_parents ( path
, 0755 );
303 /* Initially, we try to open the node with O_PATH, so that we get a reference to the node. This is useful in
304 * case the path refers to an existing device or socket node, as we can open it successfully in all cases, and
305 * won't trigger any driver magic or so. */
306 fd
= open ( path
, O_PATH
| O_CLOEXEC
| O_NOFOLLOW
);
311 /* if the node doesn't exist yet, we create it, but with O_EXCL, so that we only create a regular file
312 * here, and nothing else */
313 fd
= open ( path
, O_WRONLY
| O_CREAT
| O_EXCL
| O_CLOEXEC
, IN_SET ( mode
, 0 , MODE_INVALID
) ? 0644 : mode
);
318 /* Let's make a path from the fd, and operate on that. With this logic, we can adjust the access mode,
319 * ownership and time of the file node in all cases, even if the fd refers to an O_PATH object â which is
320 * something fchown(), fchmod(), futimensat() don't allow. */
321 xsprintf ( fdpath
, "/proc/self/fd/%i" , fd
);
323 if ( mode
!= MODE_INVALID
)
324 if ( chmod ( fdpath
, mode
) < 0 )
327 if ( uid_is_valid ( uid
) || gid_is_valid ( gid
))
328 if ( chown ( fdpath
, uid
, gid
) < 0 && ret
>= 0 )
331 if ( stamp
!= USEC_INFINITY
) {
332 struct timespec ts
[ 2 ];
334 timespec_store (& ts
[ 0 ], stamp
);
336 r
= utimensat ( AT_FDCWD
, fdpath
, ts
, 0 );
338 r
= utimensat ( AT_FDCWD
, fdpath
, NULL
, 0 );
339 if ( r
< 0 && ret
>= 0 )
345 int touch ( const char * path
) {
346 return touch_file ( path
, false , USEC_INFINITY
, UID_INVALID
, GID_INVALID
, MODE_INVALID
);
349 int symlink_idempotent ( const char * from
, const char * to
) {
355 if ( symlink ( from
, to
) < 0 ) {
356 _cleanup_free_
char * p
= NULL
;
361 r
= readlink_malloc ( to
, & p
);
362 if ( r
== - EINVAL
) /* Not a symlink? In that case return the original error we encountered: -EEXIST */
364 if ( r
< 0 ) /* Any other error? In that case propagate it as is */
367 if (! streq ( p
, from
)) /* Not the symlink we want it to be? In that case, propagate the original -EEXIST */
374 int symlink_atomic ( const char * from
, const char * to
) {
375 _cleanup_free_
char * t
= NULL
;
381 r
= tempfn_random ( to
, NULL
, & t
);
385 if ( symlink ( from
, t
) < 0 )
388 if ( rename ( t
, to
) < 0 ) {
396 int mknod_atomic ( const char * path
, mode_t mode
, dev_t dev
) {
397 _cleanup_free_
char * t
= NULL
;
402 r
= tempfn_random ( path
, NULL
, & t
);
406 if ( mknod ( t
, mode
, dev
) < 0 )
409 if ( rename ( t
, path
) < 0 ) {
417 int mkfifo_atomic ( const char * path
, mode_t mode
) {
418 _cleanup_free_
char * t
= NULL
;
423 r
= tempfn_random ( path
, NULL
, & t
);
427 if ( mkfifo ( t
, mode
) < 0 )
430 if ( rename ( t
, path
) < 0 ) {
438 int get_files_in_directory ( const char * path
, char *** list
) {
439 _cleanup_closedir_
DIR * d
= NULL
;
441 size_t bufsize
= 0 , n
= 0 ;
442 _cleanup_strv_free_
char ** l
= NULL
;
446 /* Returns all files in a directory in *list, and the number
447 * of files as return value. If list is NULL returns only the
454 FOREACH_DIRENT_ALL ( de
, d
, return - errno
) {
455 dirent_ensure_type ( d
, de
);
457 if (! dirent_is_file ( de
))
461 /* one extra slot is needed for the terminating NULL */
462 if (! GREEDY_REALLOC ( l
, bufsize
, n
+ 2 ))
465 l
[ n
] = strdup ( de
-> d_name
);
480 static int getenv_tmp_dir ( const char ** ret_path
) {
486 /* We use the same order of environment variables python uses in tempfile.gettempdir():
487 * https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir */
488 FOREACH_STRING ( n
, "TMPDIR" , "TEMP" , "TMP" ) {
491 e
= secure_getenv ( n
);
494 if (! path_is_absolute ( e
)) {
498 if (! path_is_normalized ( e
)) {
515 /* Remember first error, to make this more debuggable */
527 static int tmp_dir_internal ( const char * def
, const char ** ret
) {
534 r
= getenv_tmp_dir (& e
);
540 k
= is_dir ( def
, true );
544 return r
< 0 ? r
: k
;
550 int var_tmp_dir ( const char ** ret
) {
552 /* Returns the location for "larger" temporary files, that is backed by physical storage if available, and thus
553 * even might survive a boot: /var/tmp. If $TMPDIR (or related environment variables) are set, its value is
554 * returned preferably however. Note that both this function and tmp_dir() below are affected by $TMPDIR,
555 * making it a variable that overrides all temporary file storage locations. */
557 return tmp_dir_internal ( "/var/tmp" , ret
);
560 int tmp_dir ( const char ** ret
) {
562 /* Similar to var_tmp_dir() above, but returns the location for "smaller" temporary files, which is usually
563 * backed by an in-memory file system: /tmp. */
565 return tmp_dir_internal ( "/tmp" , ret
);
568 int unlink_or_warn ( const char * filename
) {
569 if ( unlink ( filename
) < 0 && errno
!= ENOENT
)
570 /* If the file doesn't exist and the fs simply was read-only (in which
571 * case unlink() returns EROFS even if the file doesn't exist), don't
573 if ( errno
!= EROFS
|| access ( filename
, F_OK
) >= 0 )
574 return log_error_errno ( errno
, "Failed to remove \" %s \" : %m" , filename
);
579 int inotify_add_watch_fd ( int fd
, int what
, uint32_t mask
) {
580 char path
[ STRLEN ( "/proc/self/fd/" ) + DECIMAL_STR_MAX ( int ) + 1 ];
583 /* This is like inotify_add_watch(), except that the file to watch is not referenced by a path, but by an fd */
584 xsprintf ( path
, "/proc/self/fd/%i" , what
);
586 r
= inotify_add_watch ( fd
, path
, mask
);
593 static bool safe_transition ( const struct stat
* a
, const struct stat
* b
) {
594 /* Returns true if the transition from a to b is safe, i.e. that we never transition from unprivileged to
595 * privileged files or directories. Why bother? So that unprivileged code can't symlink to privileged files
596 * making us believe we read something safe even though it isn't safe in the specific context we open it in. */
598 if ( a
-> st_uid
== 0 ) /* Transitioning from privileged to unprivileged is always fine */
601 return a
-> st_uid
== b
-> st_uid
; /* Otherwise we need to stay within the same UID */
604 int chase_symlinks ( const char * path
, const char * original_root
, unsigned flags
, char ** ret
) {
605 _cleanup_free_
char * buffer
= NULL
, * done
= NULL
, * root
= NULL
;
606 _cleanup_close_
int fd
= - 1 ;
607 unsigned max_follow
= CHASE_SYMLINKS_MAX
; /* how many symlinks to follow before giving up and returning ELOOP */
608 struct stat previous_stat
;
615 /* Either the file may be missing, or we return an fd to the final object, but both make no sense */
616 if ( FLAGS_SET ( flags
, CHASE_NONEXISTENT
| CHASE_OPEN
))
619 if ( FLAGS_SET ( flags
, CHASE_STEP
| CHASE_OPEN
))
625 /* This is a lot like canonicalize_file_name(), but takes an additional "root" parameter, that allows following
626 * symlinks relative to a root directory, instead of the root of the host.
628 * Note that "root" primarily matters if we encounter an absolute symlink. It is also used when following
629 * relative symlinks to ensure they cannot be used to "escape" the root directory. The path parameter passed is
630 * assumed to be already prefixed by it, except if the CHASE_PREFIX_ROOT flag is set, in which case it is first
631 * prefixed accordingly.
633 * Algorithmically this operates on two path buffers: "done" are the components of the path we already
634 * processed and resolved symlinks, "." and ".." of. "todo" are the components of the path we still need to
635 * process. On each iteration, we move one component from "todo" to "done", processing it's special meaning
636 * each time. The "todo" path always starts with at least one slash, the "done" path always ends in no
637 * slash. We always keep an O_PATH fd to the component we are currently processing, thus keeping lookup races
640 * Suggested usage: whenever you want to canonicalize a path, use this function. Pass the absolute path you got
641 * as-is: fully qualified and relative to your host's root. Optionally, specify the root parameter to tell this
642 * function what to do when encountering a symlink with an absolute path as directory: prefix it by the
645 * There are three ways to invoke this function:
647 * 1. Without CHASE_STEP or CHASE_OPEN: in this case the path is resolved and the normalized path is returned
648 * in `ret`. The return value is < 0 on error. If CHASE_NONEXISTENT is also set 0 is returned if the file
649 * doesn't exist, > 0 otherwise. If CHASE_NONEXISTENT is not set >= 0 is returned if the destination was
650 * found, -ENOENT if it doesn't.
652 * 2. With CHASE_OPEN: in this case the destination is opened after chasing it as O_PATH and this file
653 * descriptor is returned as return value. This is useful to open files relative to some root
654 * directory. Note that the returned O_PATH file descriptors must be converted into a regular one (using
655 * fd_reopen() or such) before it can be used for reading/writing. CHASE_OPEN may not be combined with
658 * 3. With CHASE_STEP: in this case only a single step of the normalization is executed, i.e. only the first
659 * symlink or ".." component of the path is resolved, and the resulting path is returned. This is useful if
660 * a caller wants to trace the a path through the file system verbosely. Returns < 0 on error, > 0 if the
661 * path is fully normalized, and == 0 for each normalization step. This may be combined with
662 * CHASE_NONEXISTENT, in which case 1 is returned when a component is not found.
666 /* A root directory of "/" or "" is identical to none */
667 if ( empty_or_root ( original_root
))
668 original_root
= NULL
;
670 if (! original_root
&& ! ret
&& ( flags
& ( CHASE_NONEXISTENT
| CHASE_NO_AUTOFS
| CHASE_SAFE
| CHASE_OPEN
| CHASE_STEP
)) == CHASE_OPEN
) {
671 /* Shortcut the CHASE_OPEN case if the caller isn't interested in the actual path and has no root set
672 * and doesn't care about any of the other special features we provide either. */
673 r
= open ( path
, O_PATH
| O_CLOEXEC
);
681 r
= path_make_absolute_cwd ( original_root
, & root
);
685 if ( flags
& CHASE_PREFIX_ROOT
) {
687 /* We don't support relative paths in combination with a root directory */
688 if (! path_is_absolute ( path
))
691 path
= prefix_roota ( root
, path
);
695 r
= path_make_absolute_cwd ( path
, & buffer
);
699 fd
= open ( "/" , O_CLOEXEC
| O_NOFOLLOW
| O_PATH
);
703 if ( flags
& CHASE_SAFE
) {
704 if ( fstat ( fd
, & previous_stat
) < 0 )
710 _cleanup_free_
char * first
= NULL
;
711 _cleanup_close_
int child
= - 1 ;
715 /* Determine length of first component in the path */
716 n
= strspn ( todo
, "/" ); /* The slashes */
717 m
= n
+ strcspn ( todo
+ n
, "/" ); /* The entire length of the component */
719 /* Extract the first component. */
720 first
= strndup ( todo
, m
);
726 /* Empty? Then we reached the end. */
730 /* Just a single slash? Then we reached the end. */
731 if ( path_equal ( first
, "/" )) {
732 /* Preserve the trailing slash */
734 if ( flags
& CHASE_TRAIL_SLASH
)
735 if (! strextend (& done
, "/" , NULL
))
741 /* Just a dot? Then let's eat this up. */
742 if ( path_equal ( first
, "/." ))
745 /* Two dots? Then chop off the last bit of what we already found out. */
746 if ( path_equal ( first
, "/.." )) {
747 _cleanup_free_
char * parent
= NULL
;
748 _cleanup_close_
int fd_parent
= - 1 ;
750 /* If we already are at the top, then going up will not change anything. This is in-line with
751 * how the kernel handles this. */
752 if ( empty_or_root ( done
))
755 parent
= dirname_malloc ( done
);
759 /* Don't allow this to leave the root dir. */
761 path_startswith ( done
, root
) &&
762 ! path_startswith ( parent
, root
))
765 free_and_replace ( done
, parent
);
767 if ( flags
& CHASE_STEP
)
770 fd_parent
= openat ( fd
, ".." , O_CLOEXEC
| O_NOFOLLOW
| O_PATH
);
774 if ( flags
& CHASE_SAFE
) {
775 if ( fstat ( fd_parent
, & st
) < 0 )
778 if (! safe_transition (& previous_stat
, & st
))
785 fd
= TAKE_FD ( fd_parent
);
790 /* Otherwise let's see what this is. */
791 child
= openat ( fd
, first
+ n
, O_CLOEXEC
| O_NOFOLLOW
| O_PATH
);
794 if ( errno
== ENOENT
&&
795 ( flags
& CHASE_NONEXISTENT
) &&
796 ( isempty ( todo
) || path_is_normalized ( todo
))) {
798 /* If CHASE_NONEXISTENT is set, and the path does not exist, then that's OK, return
799 * what we got so far. But don't allow this if the remaining path contains "../ or "./"
800 * or something else weird. */
802 /* If done is "/", as first also contains slash at the head, then remove this redundant slash. */
803 if ( streq_ptr ( done
, "/" ))
806 if (! strextend (& done
, first
, todo
, NULL
))
816 if ( fstat ( child
, & st
) < 0 )
818 if (( flags
& CHASE_SAFE
) &&
819 ! safe_transition (& previous_stat
, & st
))
824 if (( flags
& CHASE_NO_AUTOFS
) &&
825 fd_is_fs_type ( child
, AUTOFS_SUPER_MAGIC
) > 0 )
828 if ( S_ISLNK ( st
. st_mode
)) {
831 _cleanup_free_
char * destination
= NULL
;
833 /* This is a symlink, in this case read the destination. But let's make sure we don't follow
834 * symlinks without bounds. */
835 if (-- max_follow
<= 0 )
838 r
= readlinkat_malloc ( fd
, first
+ n
, & destination
);
841 if ( isempty ( destination
))
844 if ( path_is_absolute ( destination
)) {
846 /* An absolute destination. Start the loop from the beginning, but use the root
847 * directory as base. */
850 fd
= open ( root
?: "/" , O_CLOEXEC
| O_NOFOLLOW
| O_PATH
);
854 if ( flags
& CHASE_SAFE
) {
855 if ( fstat ( fd
, & st
) < 0 )
858 if (! safe_transition (& previous_stat
, & st
))
866 /* Note that we do not revalidate the root, we take it as is. */
875 /* Prefix what's left to do with what we just read, and start the loop again, but
876 * remain in the current directory. */
877 joined
= strjoin ( destination
, todo
);
879 joined
= strjoin ( "/" , destination
, todo
);
884 todo
= buffer
= joined
;
886 if ( flags
& CHASE_STEP
)
892 /* If this is not a symlink, then let's just add the name we read to what we already verified. */
894 done
= TAKE_PTR ( first
);
896 /* If done is "/", as first also contains slash at the head, then remove this redundant slash. */
897 if ( streq ( done
, "/" ))
900 if (! strextend (& done
, first
, NULL
))
904 /* And iterate again, but go one directory further down. */
910 /* Special case, turn the empty string into "/", to indicate the root directory. */
917 * ret
= TAKE_PTR ( done
);
919 if ( flags
& CHASE_OPEN
) {
920 /* Return the O_PATH fd we currently are looking to the caller. It can translate it to a proper fd by
921 * opening /proc/self/fd/xyz. */
927 if ( flags
& CHASE_STEP
)
936 c
= strjoin ( strempty ( done
), todo
);
946 int chase_symlinks_and_open (
949 unsigned chase_flags
,
953 _cleanup_close_
int path_fd
= - 1 ;
954 _cleanup_free_
char * p
= NULL
;
957 if ( chase_flags
& CHASE_NONEXISTENT
)
960 if ( empty_or_root ( root
) && ! ret_path
&& ( chase_flags
& ( CHASE_NO_AUTOFS
| CHASE_SAFE
)) == 0 ) {
961 /* Shortcut this call if none of the special features of this call are requested */
962 r
= open ( path
, open_flags
);
969 path_fd
= chase_symlinks ( path
, root
, chase_flags
| CHASE_OPEN
, ret_path
? & p
: NULL
);
973 r
= fd_reopen ( path_fd
, open_flags
);
978 * ret_path
= TAKE_PTR ( p
);
983 int chase_symlinks_and_opendir (
986 unsigned chase_flags
,
990 char procfs_path
[ STRLEN ( "/proc/self/fd/" ) + DECIMAL_STR_MAX ( int )];
991 _cleanup_close_
int path_fd
= - 1 ;
992 _cleanup_free_
char * p
= NULL
;
997 if ( chase_flags
& CHASE_NONEXISTENT
)
1000 if ( empty_or_root ( root
) && ! ret_path
&& ( chase_flags
& ( CHASE_NO_AUTOFS
| CHASE_SAFE
)) == 0 ) {
1001 /* Shortcut this call if none of the special features of this call are requested */
1010 path_fd
= chase_symlinks ( path
, root
, chase_flags
| CHASE_OPEN
, ret_path
? & p
: NULL
);
1014 xsprintf ( procfs_path
, "/proc/self/fd/%i" , path_fd
);
1015 d
= opendir ( procfs_path
);
1020 * ret_path
= TAKE_PTR ( p
);
1026 int chase_symlinks_and_stat (
1029 unsigned chase_flags
,
1031 struct stat
* ret_stat
) {
1033 _cleanup_close_
int path_fd
= - 1 ;
1034 _cleanup_free_
char * p
= NULL
;
1039 if ( chase_flags
& CHASE_NONEXISTENT
)
1042 if ( empty_or_root ( root
) && ! ret_path
&& ( chase_flags
& ( CHASE_NO_AUTOFS
| CHASE_SAFE
)) == 0 ) {
1043 /* Shortcut this call if none of the special features of this call are requested */
1044 if ( stat ( path
, ret_stat
) < 0 )
1050 path_fd
= chase_symlinks ( path
, root
, chase_flags
| CHASE_OPEN
, ret_path
? & p
: NULL
);
1054 if ( fstat ( path_fd
, ret_stat
) < 0 )
1058 * ret_path
= TAKE_PTR ( p
);
1060 if ( chase_flags
& CHASE_OPEN
)
1061 return TAKE_FD ( path_fd
);
1066 int access_fd ( int fd
, int mode
) {
1067 char p
[ STRLEN ( "/proc/self/fd/" ) + DECIMAL_STR_MAX ( fd
) + 1 ];
1070 /* Like access() but operates on an already open fd */
1072 xsprintf ( p
, "/proc/self/fd/%i" , fd
);
1073 r
= access ( p
, mode
);
1080 void unlink_tempfilep ( char (* p
)[]) {
1081 /* If the file is created with mkstemp(), it will (almost always)
1082 * change the suffix. Treat this as a sign that the file was
1083 * successfully created. We ignore both the rare case where the
1084 * original suffix is used and unlink failures. */
1085 if (! endswith (* p
, ".XXXXXX" ))
1086 ( void ) unlink_noerrno (* p
);
1089 int unlinkat_deallocate ( int fd
, const char * name
, int flags
) {
1090 _cleanup_close_
int truncate_fd
= - 1 ;
1094 /* Operates like unlinkat() but also deallocates the file contents if it is a regular file and there's no other
1095 * link to it. This is useful to ensure that other processes that might have the file open for reading won't be
1096 * able to keep the data pinned on disk forever. This call is particular useful whenever we execute clean-up
1097 * jobs ("vacuuming"), where we want to make sure the data is really gone and the disk space released and
1098 * returned to the free pool.
1100 * Deallocation is preferably done by FALLOC_FL_PUNCH_HOLE|FALLOC_FL_KEEP_SIZE (đ) if supported, which means
1101 * the file won't change size. That's a good thing since we shouldn't needlessly trigger SIGBUS in other
1102 * programs that have mmap()ed the file. (The assumption here is that changing file contents to all zeroes
1103 * underneath those programs is the better choice than simply triggering SIGBUS in them which truncation does.)
1104 * However if hole punching is not implemented in the kernel or file system we'll fall back to normal file
1105 * truncation (đĒ), as our goal of deallocating the data space trumps our goal of being nice to readers (đ).
1107 * Note that we attempt deallocation, but failure to succeed with that is not considered fatal, as long as the
1108 * primary job â to delete the file â is accomplished. */
1110 if (( flags
& AT_REMOVEDIR
) == 0 ) {
1111 truncate_fd
= openat ( fd
, name
, O_WRONLY
| O_CLOEXEC
| O_NOCTTY
| O_NOFOLLOW
| O_NONBLOCK
);
1112 if ( truncate_fd
< 0 ) {
1114 /* If this failed because the file doesn't exist propagate the error right-away. Also,
1115 * AT_REMOVEDIR wasn't set, and we tried to open the file for writing, which means EISDIR is
1116 * returned when this is a directory but we are not supposed to delete those, hence propagate
1117 * the error right-away too. */
1118 if ( IN_SET ( errno
, ENOENT
, EISDIR
))
1121 if ( errno
!= ELOOP
) /* don't complain if this is a symlink */
1122 log_debug_errno ( errno
, "Failed to open file '%s' for deallocation, ignoring: %m" , name
);
1126 if ( unlinkat ( fd
, name
, flags
) < 0 )
1129 if ( truncate_fd
< 0 ) /* Don't have a file handle, can't do more âšī¸ */
1132 if ( fstat ( truncate_fd
, & st
) < 0 ) {
1133 log_debug_errno ( errno
, "Failed to stat file '%s' for deallocation, ignoring." , name
);
1137 if (! S_ISREG ( st
. st_mode
) || st
. st_blocks
== 0 || st
. st_nlink
> 0 )
1140 /* If this is a regular file, it actually took up space on disk and there are no other links it's time to
1141 * punch-hole/truncate this to release the disk space. */
1143 bs
= MAX ( st
. st_blksize
, 512 );
1144 l
= DIV_ROUND_UP ( st
. st_size
, bs
) * bs
; /* Round up to next block size */
1146 if ( fallocate ( truncate_fd
, FALLOC_FL_PUNCH_HOLE
| FALLOC_FL_KEEP_SIZE
, 0 , l
) >= 0 )
1147 return 0 ; /* Successfully punched a hole! đ */
1149 /* Fall back to truncation */
1150 if ( ftruncate ( truncate_fd
, 0 ) < 0 ) {
1151 log_debug_errno ( errno
, "Failed to truncate file to 0, ignoring: %m" );
1158 int fsync_directory_of_file ( int fd
) {
1159 _cleanup_free_
char * path
= NULL
, * dn
= NULL
;
1160 _cleanup_close_
int dfd
= - 1 ;
1163 r
= fd_verify_regular ( fd
);
1167 r
= fd_get_path ( fd
, & path
);
1169 log_debug_errno ( r
, "Failed to query /proc/self/fd/%d%s: %m" ,
1171 r
== - EOPNOTSUPP
? ", ignoring" : "" );
1173 if ( r
== - EOPNOTSUPP
)
1174 /* If /proc is not available, we're most likely running in some
1175 * chroot environment, and syncing the directory is not very
1176 * important in that case. Let's just silently do nothing. */
1182 if (! path_is_absolute ( path
))
1185 dn
= dirname_malloc ( path
);
1189 dfd
= open ( dn
, O_RDONLY
| O_CLOEXEC
| O_DIRECTORY
);
1199 int open_parent ( const char * path
, int flags
, mode_t mode
) {
1200 _cleanup_free_
char * parent
= NULL
;
1205 if ( path_equal ( path
, "/" )) /* requesting the parent of the root dir is fishy, let's prohibit that */
1208 parent
= dirname_malloc ( path
);
1212 /* Let's insist on O_DIRECTORY since the parent of a file or directory is a directory. Except if we open an
1213 * O_TMPFILE file, because in that case we are actually create a regular file below the parent directory. */
1215 if (( flags
& O_PATH
) == O_PATH
)
1216 flags
|= O_DIRECTORY
;
1217 else if (( flags
& O_TMPFILE
) != O_TMPFILE
)
1218 flags
|= O_DIRECTORY
| O_RDONLY
;
1220 fd
= open ( parent
, flags
, mode
);