]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/machine/machined-dbus.c
projects / thirdparty / systemd.git / blob
? search:


0f1ac1776ada07faac793532f0386055f2bc82af
[thirdparty/systemd.git] / src / machine / machined-dbus.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <unistd.h>
4
5 #include "sd-bus.h"
6 #include "sd-id128.h"
7
8 #include "alloc-util.h"
9 #include "btrfs-util.h"
10 #include "bus-common-errors.h"
11 #include "bus-get-properties.h"
12 #include "bus-locator.h"
13 #include "bus-message-util.h"
14 #include "bus-object.h"
15 #include "bus-polkit.h"
16 #include "bus-util.h"
17 #include "cgroup-util.h"
18 #include "discover-image.h"
19 #include "errno-util.h"
20 #include "fd-util.h"
21 #include "fileio.h"
22 #include "format-util.h"
23 #include "hashmap.h"
24 #include "hostname-util.h"
25 #include "image.h"
26 #include "image-dbus.h"
27 #include "io-util.h"
28 #include "machine.h"
29 #include "machine-dbus.h"
30 #include "machine-pool.h"
31 #include "machined.h"
32 #include "namespace-util.h"
33 #include "operation.h"
34 #include "os-util.h"
35 #include "path-util.h"
36 #include "socket-util.h"
37 #include "string-util.h"
38 #include "strv.h"
39 #include "unit-def.h"
40 #include "user-util.h"
41
42 static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_pool_path, "s", "/var/lib/machines");
43
44 static int property_get_pool_usage(
45 sd_bus *bus,
46 const char *path,
47 const char *interface,
48 const char *property,
49 sd_bus_message *reply,
50 void *userdata,
51 sd_bus_error *error) {
52
53 _cleanup_close_ int fd = -EBADF;
54 uint64_t usage = UINT64_MAX;
55
56 assert(bus);
57 assert(reply);
58
59 fd = open("/var/lib/machines", O_RDONLY|O_CLOEXEC|O_DIRECTORY);
60 if (fd >= 0) {
61 BtrfsQuotaInfo q;
62
63 if (btrfs_subvol_get_subtree_quota_fd(fd, 0, &q) >= 0)
64 usage = q.referenced;
65 }
66
67 return sd_bus_message_append(reply, "t", usage);
68 }
69
70 static int property_get_pool_limit(
71 sd_bus *bus,
72 const char *path,
73 const char *interface,
74 const char *property,
75 sd_bus_message *reply,
76 void *userdata,
77 sd_bus_error *error) {
78
79 _cleanup_close_ int fd = -EBADF;
80 uint64_t size = UINT64_MAX;
81
82 assert(bus);
83 assert(reply);
84
85 fd = open("/var/lib/machines", O_RDONLY|O_CLOEXEC|O_DIRECTORY);
86 if (fd >= 0) {
87 BtrfsQuotaInfo q;
88
89 if (btrfs_subvol_get_subtree_quota_fd(fd, 0, &q) >= 0)
90 size = q.referenced_max;
91 }
92
93 return sd_bus_message_append(reply, "t", size);
94 }
95
96 static int method_get_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
97 _cleanup_free_ char *p = NULL;
98 Manager *m = ASSERT_PTR(userdata);
99 Machine *machine;
100 const char *name;
101 int r;
102
103 assert(message);
104
105 r = sd_bus_message_read(message, "s", &name);
106 if (r < 0)
107 return r;
108
109 machine = hashmap_get(m->machines, name);
110 if (!machine)
111 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
112
113 p = machine_bus_path(machine);
114 if (!p)
115 return -ENOMEM;
116
117 return sd_bus_reply_method_return(message, "o", p);
118 }
119
120 static int method_get_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
121 _cleanup_free_ char *p = NULL;
122 _unused_ Manager *m = ASSERT_PTR(userdata);
123 const char *name;
124 int r;
125
126 assert(message);
127
128 r = sd_bus_message_read(message, "s", &name);
129 if (r < 0)
130 return r;
131
132 r = image_find(m->runtime_scope, IMAGE_MACHINE, name, NULL, NULL);
133 if (r == -ENOENT)
134 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
135 if (r < 0)
136 return r;
137
138 p = image_bus_path(name);
139 if (!p)
140 return -ENOMEM;
141
142 return sd_bus_reply_method_return(message, "o", p);
143 }
144
145 static int method_get_machine_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) {
146 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
147 _cleanup_free_ char *p = NULL;
148 Manager *m = ASSERT_PTR(userdata);
149 Machine *machine = NULL;
150 pid_t pid;
151 int r;
152
153 assert(message);
154
155 assert_cc(sizeof(pid_t) == sizeof(uint32_t));
156
157 r = sd_bus_message_read(message, "u", &pid);
158 if (r < 0)
159 return r;
160
161 if (pid < 0)
162 return -EINVAL;
163
164 pidref = PIDREF_MAKE_FROM_PID(pid);
165
166 if (pid == 0) {
167 _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
168
169 r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID|SD_BUS_CREDS_PIDFD, &creds);
170 if (r < 0)
171 return r;
172
173 r = bus_creds_get_pidref(creds, &pidref);
174 if (r < 0)
175 return r;
176 }
177
178 r = manager_get_machine_by_pidref(m, &pidref, &machine);
179 if (r < 0)
180 return r;
181 if (r == 0)
182 return sd_bus_error_setf(error, BUS_ERROR_NO_MACHINE_FOR_PID, "PID "PID_FMT" does not belong to any known machine", pid);
183
184 p = machine_bus_path(machine);
185 if (!p)
186 return -ENOMEM;
187
188 return sd_bus_reply_method_return(message, "o", p);
189 }
190
191 static int method_list_machines(sd_bus_message *message, void *userdata, sd_bus_error *error) {
192 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
193 Manager *m = ASSERT_PTR(userdata);
194 Machine *machine;
195 int r;
196
197 assert(message);
198
199 r = sd_bus_message_new_method_return(message, &reply);
200 if (r < 0)
201 return sd_bus_error_set_errno(error, r);
202
203 r = sd_bus_message_open_container(reply, 'a', "(ssso)");
204 if (r < 0)
205 return sd_bus_error_set_errno(error, r);
206
207 HASHMAP_FOREACH(machine, m->machines) {
208 _cleanup_free_ char *p = NULL;
209
210 p = machine_bus_path(machine);
211 if (!p)
212 return -ENOMEM;
213
214 r = sd_bus_message_append(reply, "(ssso)",
215 machine->name,
216 strempty(machine_class_to_string(machine->class)),
217 machine->service,
218 p);
219 if (r < 0)
220 return sd_bus_error_set_errno(error, r);
221 }
222
223 r = sd_bus_message_close_container(reply);
224 if (r < 0)
225 return sd_bus_error_set_errno(error, r);
226
227 return sd_bus_message_send(reply);
228 }
229
230 static int machine_add_from_params(
231 Manager *manager,
232 sd_bus_message *message,
233 const char *polkit_action,
234 const char *name,
235 MachineClass c,
236 sd_id128_t id,
237 const char *service,
238 PidRef *leader_pidref,
239 PidRef *supervisor_pidref,
240 const char *root_directory,
241 const int32_t *netif,
242 size_t n_netif,
243 unsigned cid,
244 const char *ssh_address,
245 const char *ssh_private_key_path,
246 Machine **ret,
247 sd_bus_error *error) {
248
249 Machine *m;
250 int r;
251
252 assert(manager);
253 assert(message);
254 assert(name);
255 assert(ret);
256
257 if (leader_pidref->pid == 1)
258 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID");
259 if (supervisor_pidref->pid == 1)
260 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid supervisor PID");
261
262 _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
263 r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
264 if (r < 0)
265 return r;
266
267 uid_t uid;
268 r = sd_bus_creds_get_euid(creds, &uid);
269 if (r < 0)
270 return r;
271
272 /* Ensure an unprivileged user cannot claim any process they don't control as their own machine */
273 if (uid != 0) {
274 r = process_is_owned_by_uid(leader_pidref, uid);
275 if (r < 0)
276 return r;
277 if (r == 0)
278 return sd_bus_error_set(error, SD_BUS_ERROR_ACCESS_DENIED, "Only root may register machines for other users");
279 }
280
281 if (manager->runtime_scope != RUNTIME_SCOPE_USER) {
282 const char *details[] = {
283 "name", name,
284 "class", machine_class_to_string(c),
285 NULL
286 };
287
288 r = bus_verify_polkit_async(
289 message,
290 polkit_action,
291 details,
292 &manager->polkit_registry,
293 error);
294 if (r < 0)
295 return r;
296 if (r == 0)
297 return 0; /* Will call us back */
298 }
299
300 r = manager_add_machine(manager, name, &m);
301 if (r < 0)
302 return r;
303
304 m->leader = TAKE_PIDREF(*leader_pidref);
305 m->supervisor = TAKE_PIDREF(*supervisor_pidref);
306 m->class = c;
307 m->id = id;
308 m->uid = uid;
309 m->vsock_cid = cid;
310
311 if (!isempty(service)) {
312 m->service = strdup(service);
313 if (!m->service) {
314 r = -ENOMEM;
315 goto fail;
316 }
317 }
318
319 if (!isempty(root_directory)) {
320 m->root_directory = strdup(root_directory);
321 if (!m->root_directory) {
322 r = -ENOMEM;
323 goto fail;
324 }
325 }
326
327 if (n_netif > 0) {
328 assert_cc(sizeof(int32_t) == sizeof(int));
329 m->netif = memdup(netif, sizeof(int32_t) * n_netif);
330 if (!m->netif) {
331 r = -ENOMEM;
332 goto fail;
333 }
334
335 m->n_netif = n_netif;
336 }
337
338 if (!isempty(ssh_address)) {
339 m->ssh_address = strdup(ssh_address);
340 if (!m->ssh_address) {
341 r = -ENOMEM;
342 goto fail;
343 }
344 }
345
346 if (!isempty(ssh_private_key_path)) {
347 m->ssh_private_key_path = strdup(ssh_private_key_path);
348 if (!m->ssh_private_key_path) {
349 r = -ENOMEM;
350 goto fail;
351 }
352 }
353
354 *ret = m;
355 return 1;
356
357 fail:
358 machine_add_to_gc_queue(m);
359 return r;
360 }
361
362 static int method_create_or_register_machine(
363 Manager *manager,
364 sd_bus_message *message,
365 const char *polkit_action,
366 Machine **ret,
367 sd_bus_error *error) {
368
369 _cleanup_(pidref_done) PidRef leader_pidref = PIDREF_NULL, supervisor_pidref = PIDREF_NULL;
370 const char *name, *service, *class, *root_directory;
371 const int32_t *netif = NULL;
372 MachineClass c;
373 uint32_t leader;
374 sd_id128_t id;
375 size_t n_netif = 0;
376 int r;
377
378 assert(manager);
379 assert(message);
380 assert(ret);
381
382 r = sd_bus_message_read(message, "s", &name);
383 if (r < 0)
384 return r;
385 if (!hostname_is_valid(name, 0))
386 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine name");
387
388 r = bus_message_read_id128(message, &id);
389 if (r < 0)
390 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine ID parameter");
391
392 r = sd_bus_message_read(message, "ssus", &service, &class, &leader, &root_directory);
393 if (r < 0)
394 return r;
395
396 if (endswith(sd_bus_message_get_member(message), "WithNetwork")) {
397 r = sd_bus_message_read_array(message, 'i', (const void**) &netif, &n_netif);
398 if (r < 0)
399 return r;
400
401 n_netif /= sizeof(int32_t);
402
403 for (size_t i = 0; i < n_netif; i++) {
404 if (netif[i] <= 0)
405 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid network interface index %i", netif[i]);
406 }
407 }
408
409 if (isempty(class))
410 c = _MACHINE_CLASS_INVALID;
411 else {
412 c = machine_class_from_string(class);
413 if (c < 0)
414 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine class parameter");
415 }
416
417 if (leader == 1)
418 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID");
419
420 if (!isempty(root_directory) && (!path_is_absolute(root_directory) || !path_is_valid(root_directory)))
421 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Root directory must be empty or an absolute path");
422
423 if (leader == 0) {
424 /* If no PID is specified, the client is the leader */
425 r = bus_query_sender_pidref(message, &leader_pidref);
426 if (r < 0)
427 return sd_bus_error_set_errnof(error, r, "Failed to pin client process: %m");
428 } else {
429 /* If a PID is specified that's the leader, but if the client process is different from it, than that's the supervisor */
430 r = pidref_set_pid(&leader_pidref, leader);
431 if (r < 0)
432 return sd_bus_error_set_errnof(error, r, "Failed to pin process " PID_FMT ": %m", (pid_t) leader);
433
434 _cleanup_(pidref_done) PidRef client_pidref = PIDREF_NULL;
435 r = bus_query_sender_pidref(message, &client_pidref);
436 if (r < 0)
437 return sd_bus_error_set_errnof(error, r, "Failed to pin client process: %m");
438
439 if (!pidref_equal(&client_pidref, &leader_pidref))
440 supervisor_pidref = TAKE_PIDREF(client_pidref);
441 }
442
443 if (hashmap_get(manager->machines, name))
444 return sd_bus_error_setf(error, BUS_ERROR_MACHINE_EXISTS, "Machine '%s' already exists", name);
445
446 return machine_add_from_params(
447 manager,
448 message,
449 polkit_action,
450 name,
451 c,
452 id,
453 service,
454 &leader_pidref,
455 &supervisor_pidref,
456 root_directory,
457 netif,
458 n_netif,
459 /* cid= */ 0,
460 /* ssh_address= */ NULL,
461 /* ssh_private_key_path= */ NULL,
462 ret,
463 error);
464 }
465
466 static int method_create_or_register_machine_ex(
467 Manager *manager,
468 sd_bus_message *message,
469 const char *polkit_action,
470 Machine **ret,
471 sd_bus_error *error) {
472
473 const char *name = NULL, *service = NULL, *class = NULL, *root_directory = NULL, *ssh_address = NULL, *ssh_private_key_path = NULL;
474 _cleanup_(pidref_done) PidRef leader_pidref = PIDREF_NULL, supervisor_pidref = PIDREF_NULL;
475 sd_id128_t id = SD_ID128_NULL;
476 const int32_t *netif = NULL;
477 size_t n_netif = 0;
478 unsigned cid = 0;
479 MachineClass c;
480 uint64_t leader_pidfdid = 0;
481 uint32_t leader_pid = 0;
482 int r, leader_pidfd = -EBADF;
483
484 assert(manager);
485 assert(message);
486 assert(ret);
487
488 r = sd_bus_message_read(message, "s", &name);
489 if (r < 0)
490 return r;
491 if (!hostname_is_valid(name, 0))
492 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine name");
493
494 r = sd_bus_message_enter_container(message, 'a', "(sv)");
495 if (r < 0)
496 return r;
497
498 for (;;) {
499 const char *key;
500
501 r = sd_bus_message_enter_container(message, 'r', "sv");
502 if (r < 0)
503 return r;
504 if (r == 0)
505 break;
506
507 r = sd_bus_message_read(message, "s", &key);
508 if (r < 0)
509 return r;
510
511 r = sd_bus_message_enter_container(message, 'v', NULL);
512 if (r < 0)
513 return r;
514
515 if (streq(key, "Id")) {
516 r = bus_message_read_id128(message, &id);
517 if (r < 0)
518 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine ID parameter");
519 } else if (streq(key, "Service")) {
520 r = sd_bus_message_read(message, "s", &service);
521 if (r < 0)
522 return r;
523 } else if (streq(key, "Class")) {
524 r = sd_bus_message_read(message, "s", &class);
525 if (r < 0)
526 return r;
527 } else if (streq(key, "LeaderPID")) {
528 r = sd_bus_message_read(message, "u", &leader_pid);
529 if (r < 0)
530 return r;
531 } else if (streq(key, "LeaderPIDFD")) {
532 r = sd_bus_message_read(message, "h", &leader_pidfd);
533 if (r < 0)
534 return r;
535 } else if (streq(key, "LeaderPIDFDID")) {
536 r = sd_bus_message_read(message, "t", &leader_pidfdid);
537 if (r < 0)
538 return r;
539 } else if (streq(key, "RootDirectory")) {
540 r = sd_bus_message_read(message, "s", &root_directory);
541 if (r < 0)
542 return r;
543 } else if (streq(key, "NetworkInterfaces")) {
544 r = sd_bus_message_read_array(message, 'i', (const void**) &netif, &n_netif);
545 if (r < 0)
546 return r;
547
548 n_netif /= sizeof(int32_t);
549
550 for (size_t i = 0; i < n_netif; i++)
551 if (netif[i] <= 0)
552 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid network interface index %i", netif[i]);
553 } else if (streq(key, "VSockCID")) {
554 r = sd_bus_message_read(message, "u", &cid);
555 if (r < 0)
556 return r;
557
558 if (!VSOCK_CID_IS_REGULAR(cid))
559 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "JSON field 'vSockCid' is not a regular VSOCK CID.");
560 } else if (streq(key, "SSHAddress")) {
561 r = sd_bus_message_read(message, "s", &ssh_address);
562 if (r < 0)
563 return r;
564 } else if (streq(key, "SSHPrivateKeyPath")) {
565 r = sd_bus_message_read(message, "s", &ssh_private_key_path);
566 if (r < 0)
567 return r;
568 } else
569 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown property '%s'", key);
570
571 r = sd_bus_message_exit_container(message);
572 if (r < 0)
573 return r;
574
575 r = sd_bus_message_exit_container(message);
576 if (r < 0)
577 return r;
578 }
579
580 r = sd_bus_message_exit_container(message);
581 if (r < 0)
582 return r;
583
584 if (isempty(class))
585 c = _MACHINE_CLASS_INVALID;
586 else {
587 c = machine_class_from_string(class);
588 if (c < 0)
589 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine class parameter");
590 }
591
592 if (!isempty(root_directory) && (!path_is_absolute(root_directory) || !path_is_valid(root_directory)))
593 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Root directory must be empty or an absolute path");
594
595 if (hashmap_get(manager->machines, name))
596 return sd_bus_error_setf(error, BUS_ERROR_MACHINE_EXISTS, "Machine '%s' already exists", name);
597
598 /* If a PID is specified that's the leader, but if the client process is different from it, than that's the supervisor */
599 if (leader_pidfd >= 0) {
600 r = pidref_set_pidfd(&leader_pidref, leader_pidfd);
601 if (r < 0)
602 return sd_bus_error_set_errnof(error, r, "Failed to parse PIDFD %d: %m", leader_pidfd);
603
604 if (leader_pid > 0 && leader_pidref.pid != (pid_t) leader_pid)
605 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "LeaderPID and LeaderPIDFD refer to different processes");
606 if (leader_pidfdid > 0) {
607 r = pidref_acquire_pidfd_id(&leader_pidref);
608 if (r >= 0 && leader_pidref.fd_id != leader_pidfdid)
609 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "LeaderPIDFDID does not match the inode number of LeaderPIDFD");
610 }
611 } else if (leader_pid > 0 && leader_pidfdid > 0) {
612 r = pidref_set_pid_and_pidfd_id(&leader_pidref, leader_pid, leader_pidfdid);
613 if (r < 0)
614 return sd_bus_error_set_errnof(error, r, "Failed to pin process " PID_FMT " by PIDFDID %" PRIu64 ": %m", (pid_t) leader_pid, leader_pidfdid);
615 } else if (leader_pid > 0 || leader_pidfdid > 0)
616 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Both LeaderPID and LeaderPIDFDID must be specified to identify the leader process by PIDFDID");
617
618 if (pidref_is_set(&leader_pidref)) {
619 _cleanup_(pidref_done) PidRef client_pidref = PIDREF_NULL;
620 r = bus_query_sender_pidref(message, &client_pidref);
621 if (r < 0)
622 return sd_bus_error_set_errnof(error, r, "Failed to pin client process: %m");
623
624 if (!pidref_equal(&client_pidref, &leader_pidref))
625 supervisor_pidref = TAKE_PIDREF(client_pidref);
626 } else {
627 /* If no PID is specified, the client is the leader */
628 r = bus_query_sender_pidref(message, &leader_pidref);
629 if (r < 0)
630 return sd_bus_error_set_errnof(error, r, "Failed to pin client process: %m");
631 }
632
633 return machine_add_from_params(
634 manager,
635 message,
636 polkit_action,
637 name,
638 c,
639 id,
640 service,
641 &leader_pidref,
642 &supervisor_pidref,
643 root_directory,
644 netif,
645 n_netif,
646 cid,
647 ssh_address,
648 ssh_private_key_path,
649 ret,
650 error);
651 }
652
653 static int method_create_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
654 Manager *manager = ASSERT_PTR(userdata);
655 Machine *m = NULL;
656 int r;
657
658 assert(message);
659
660 if (sd_bus_message_is_method_call(message, NULL, "CreateMachineEx"))
661 r = method_create_or_register_machine_ex(manager, message, "org.freedesktop.machine1.create-machines", &m, error);
662 else
663 r = method_create_or_register_machine(manager, message, "org.freedesktop.machine1.create-machine", &m, error);
664 if (r < 0)
665 return r;
666 if (r == 0)
667 return 1; /* Will call us back */
668
669 r = sd_bus_message_enter_container(message, 'a', "(sv)");
670 if (r < 0)
671 goto fail;
672
673 r = machine_start(m, message, error);
674 if (r < 0)
675 goto fail;
676
677 m->create_message = sd_bus_message_ref(message);
678 return 1;
679
680 fail:
681 machine_add_to_gc_queue(m);
682 return r;
683 }
684
685 static int method_register_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
686 Manager *manager = ASSERT_PTR(userdata);
687 _cleanup_free_ char *p = NULL;
688 Machine *m = NULL;
689 int r;
690
691 assert(message);
692
693 if (sd_bus_message_is_method_call(message, NULL, "RegisterMachineEx"))
694 r = method_create_or_register_machine_ex(manager, message, "org.freedesktop.machine1.register-machine", &m, error);
695 else
696 r = method_create_or_register_machine(manager, message, "org.freedesktop.machine1.register-machine", &m, error);
697 if (r < 0)
698 return r;
699 if (r == 0)
700 return 1; /* Will call us back */
701
702 switch (manager->runtime_scope) {
703 case RUNTIME_SCOPE_USER:
704 r = cg_pidref_get_user_unit_full(&m->leader, &m->unit, &m->subgroup);
705 break;
706
707 case RUNTIME_SCOPE_SYSTEM:
708 r = cg_pidref_get_unit_full(&m->leader, &m->unit, &m->subgroup);
709 break;
710
711 default:
712 assert_not_reached();
713 }
714 if (r < 0) {
715 r = sd_bus_error_set_errnof(error, r,
716 "Failed to determine unit of process "PID_FMT" : %m",
717 m->leader.pid);
718 goto fail;
719 }
720
721 if (!empty_or_root(m->subgroup)) {
722 /* If this is not a top-level cgroup, then we need the cgroup path to be able to watch when
723 * it empties */
724
725 r = cg_pidref_get_path(&m->leader, &m->cgroup);
726 if (r < 0) {
727 r = sd_bus_error_set_errnof(error, r,
728 "Failed to determine cgroup of process "PID_FMT" : %m",
729 m->leader.pid);
730 goto fail;
731 }
732 }
733
734 r = machine_start(m, NULL, error);
735 if (r < 0)
736 goto fail;
737
738 p = machine_bus_path(m);
739 if (!p) {
740 r = -ENOMEM;
741 goto fail;
742 }
743
744 return sd_bus_reply_method_return(message, "o", p);
745
746 fail:
747 machine_add_to_gc_queue(m);
748 return r;
749 }
750
751 static int redirect_method_to_machine(sd_bus_message *message, Manager *m, sd_bus_error *error, sd_bus_message_handler_t method) {
752 Machine *machine;
753 const char *name;
754 int r;
755
756 assert(message);
757 assert(m);
758 assert(method);
759
760 r = sd_bus_message_read(message, "s", &name);
761 if (r < 0)
762 return sd_bus_error_set_errno(error, r);
763
764 machine = hashmap_get(m->machines, name);
765 if (!machine)
766 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
767
768 return method(message, machine, error);
769 }
770
771 static int method_unregister_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
772 return redirect_method_to_machine(message, userdata, error, bus_machine_method_unregister);
773 }
774
775 static int method_terminate_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
776 return redirect_method_to_machine(message, userdata, error, bus_machine_method_terminate);
777 }
778
779 static int method_kill_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
780 return redirect_method_to_machine(message, userdata, error, bus_machine_method_kill);
781 }
782
783 static int method_get_machine_addresses(sd_bus_message *message, void *userdata, sd_bus_error *error) {
784 return redirect_method_to_machine(message, userdata, error, bus_machine_method_get_addresses);
785 }
786
787 static int method_get_machine_ssh_info(sd_bus_message *message, void *userdata, sd_bus_error *error) {
788 return redirect_method_to_machine(message, userdata, error, bus_machine_method_get_ssh_info);
789 }
790
791 static int method_get_machine_os_release(sd_bus_message *message, void *userdata, sd_bus_error *error) {
792 return redirect_method_to_machine(message, userdata, error, bus_machine_method_get_os_release);
793 }
794
795 static int method_list_images(sd_bus_message *message, void *userdata, sd_bus_error *error) {
796 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
797 Manager *m = ASSERT_PTR(userdata);
798 int r;
799
800 assert(message);
801
802 _cleanup_hashmap_free_ Hashmap *images = NULL;
803 r = image_discover(m->runtime_scope, IMAGE_MACHINE, NULL, &images);
804 if (r < 0)
805 return r;
806
807 r = sd_bus_message_new_method_return(message, &reply);
808 if (r < 0)
809 return r;
810
811 r = sd_bus_message_open_container(reply, 'a', "(ssbttto)");
812 if (r < 0)
813 return r;
814
815 Image *image;
816 HASHMAP_FOREACH(image, images) {
817 _cleanup_free_ char *p = NULL;
818
819 p = image_bus_path(image->name);
820 if (!p)
821 return -ENOMEM;
822
823 r = sd_bus_message_append(reply, "(ssbttto)",
824 image->name,
825 image_type_to_string(image->type),
826 image_is_read_only(image),
827 image->crtime,
828 image->mtime,
829 image->usage,
830 p);
831 if (r < 0)
832 return r;
833 }
834
835 r = sd_bus_message_close_container(reply);
836 if (r < 0)
837 return r;
838
839 return sd_bus_message_send(reply);
840 }
841
842 static int method_open_machine_pty(sd_bus_message *message, void *userdata, sd_bus_error *error) {
843 return redirect_method_to_machine(message, userdata, error, bus_machine_method_open_pty);
844 }
845
846 static int method_open_machine_login(sd_bus_message *message, void *userdata, sd_bus_error *error) {
847 return redirect_method_to_machine(message, userdata, error, bus_machine_method_open_login);
848 }
849
850 static int method_open_machine_shell(sd_bus_message *message, void *userdata, sd_bus_error *error) {
851 return redirect_method_to_machine(message, userdata, error, bus_machine_method_open_shell);
852 }
853
854 static int method_bind_mount_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
855 return redirect_method_to_machine(message, userdata, error, bus_machine_method_bind_mount);
856 }
857
858 static int method_copy_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
859 return redirect_method_to_machine(message, userdata, error, bus_machine_method_copy);
860 }
861
862 static int method_open_machine_root_directory(sd_bus_message *message, void *userdata, sd_bus_error *error) {
863 return redirect_method_to_machine(message, userdata, error, bus_machine_method_open_root_directory);
864 }
865
866 static int method_get_machine_uid_shift(sd_bus_message *message, void *userdata, sd_bus_error *error) {
867 return redirect_method_to_machine(message, userdata, error, bus_machine_method_get_uid_shift);
868 }
869
870 static int redirect_method_to_image(sd_bus_message *message, Manager *m, sd_bus_error *error, sd_bus_message_handler_t method) {
871 const char *name;
872 Image *i;
873 int r;
874
875 assert(message);
876 assert(m);
877 assert(method);
878
879 r = sd_bus_message_read(message, "s", &name);
880 if (r < 0)
881 return r;
882
883 if (!image_name_is_valid(name))
884 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", name);
885
886 r = manager_acquire_image(m, name, &i);
887 if (r == -ENOENT)
888 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
889 if (r < 0)
890 return r;
891
892 return method(message, i, error);
893 }
894
895 static int method_remove_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
896 return redirect_method_to_image(message, userdata, error, bus_image_method_remove);
897 }
898
899 static int method_rename_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
900 return redirect_method_to_image(message, userdata, error, bus_image_method_rename);
901 }
902
903 static int method_clone_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
904 return redirect_method_to_image(message, userdata, error, bus_image_method_clone);
905 }
906
907 static int method_mark_image_read_only(sd_bus_message *message, void *userdata, sd_bus_error *error) {
908 return redirect_method_to_image(message, userdata, error, bus_image_method_mark_read_only);
909 }
910
911 static int method_get_image_hostname(sd_bus_message *message, void *userdata, sd_bus_error *error) {
912 return redirect_method_to_image(message, userdata, error, bus_image_method_get_hostname);
913 }
914
915 static int method_get_image_machine_id(sd_bus_message *message, void *userdata, sd_bus_error *error) {
916 return redirect_method_to_image(message, userdata, error, bus_image_method_get_machine_id);
917 }
918
919 static int method_get_image_machine_info(sd_bus_message *message, void *userdata, sd_bus_error *error) {
920 return redirect_method_to_image(message, userdata, error, bus_image_method_get_machine_info);
921 }
922
923 static int method_get_image_os_release(sd_bus_message *message, void *userdata, sd_bus_error *error) {
924 return redirect_method_to_image(message, userdata, error, bus_image_method_get_os_release);
925 }
926
927 static int clean_pool_done(Operation *operation, int child_error, sd_bus_error *error) {
928 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
929 _cleanup_fclose_ FILE *file = NULL;
930 int r;
931
932 assert(operation);
933 assert(operation->message);
934 assert(operation->extra_fd >= 0);
935
936 file = take_fdopen(&operation->extra_fd, "r");
937 if (!file)
938 return log_debug_errno(errno, "Failed to take opened tmp file's fd: %m");
939
940 r = clean_pool_read_first_entry(file, child_error, error);
941 if (r < 0)
942 return r;
943
944 r = sd_bus_message_new_method_return(operation->message, &reply);
945 if (r < 0)
946 return r;
947
948 r = sd_bus_message_open_container(reply, 'a', "(st)");
949 if (r < 0)
950 return r;
951
952 /* On success the resulting temporary file will contain a list of image names that were removed followed by
953 * their size on disk. Let's read that and turn it into a bus message. */
954 for (;;) {
955 _cleanup_free_ char *name = NULL;
956 uint64_t usage;
957
958 r = clean_pool_read_next_entry(file, &name, &usage);
959 if (r < 0)
960 return r;
961 if (r == 0)
962 break;
963
964 r = sd_bus_message_append(reply, "(st)", name, usage);
965 if (r < 0)
966 return r;
967 }
968
969 r = sd_bus_message_close_container(reply);
970 if (r < 0)
971 return r;
972
973 return sd_bus_message_send(reply);
974 }
975
976 static int method_clean_pool(sd_bus_message *message, void *userdata, sd_bus_error *error) {
977 ImageCleanPoolMode mode;
978 Manager *m = userdata;
979 Operation *operation;
980 const char *mm;
981 int r;
982
983 assert(message);
984
985 if (m->n_operations >= OPERATIONS_MAX)
986 return sd_bus_error_set(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
987
988 r = sd_bus_message_read(message, "s", &mm);
989 if (r < 0)
990 return r;
991
992 if (streq(mm, "all"))
993 mode = IMAGE_CLEAN_POOL_REMOVE_ALL;
994 else if (streq(mm, "hidden"))
995 mode = IMAGE_CLEAN_POOL_REMOVE_HIDDEN;
996 else
997 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown mode '%s'.", mm);
998
999 if (m->runtime_scope != RUNTIME_SCOPE_USER) {
1000 const char *details[] = {
1001 "verb", "clean_pool",
1002 "mode", mm,
1003 NULL
1004 };
1005
1006 r = bus_verify_polkit_async(
1007 message,
1008 "org.freedesktop.machine1.manage-machines",
1009 details,
1010 &m->polkit_registry,
1011 error);
1012 if (r < 0)
1013 return r;
1014 if (r == 0)
1015 return 1; /* Will call us back */
1016 }
1017
1018 r = image_clean_pool_operation(m, mode, &operation);
1019 if (r < 0)
1020 return log_debug_errno(r, "Failed to clean pool of images: %m");
1021
1022 operation_attach_bus_reply(operation, message);
1023 operation->done = clean_pool_done;
1024 return 1;
1025 }
1026
1027 static int method_set_pool_limit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1028 Manager *m = userdata;
1029 uint64_t limit;
1030 int r;
1031
1032 assert(message);
1033
1034 r = sd_bus_message_read(message, "t", &limit);
1035 if (r < 0)
1036 return r;
1037 if (!FILE_SIZE_VALID_OR_INFINITY(limit))
1038 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
1039
1040 if (m->runtime_scope != RUNTIME_SCOPE_USER) {
1041 const char *details[] = {
1042 "verb", "set_pool_limit",
1043 NULL
1044 };
1045
1046 r = bus_verify_polkit_async(
1047 message,
1048 "org.freedesktop.machine1.manage-machines",
1049 details,
1050 &m->polkit_registry,
1051 error);
1052 if (r < 0)
1053 return r;
1054 if (r == 0)
1055 return 1; /* Will call us back */
1056 }
1057
1058 /* Set up the machine directory if necessary */
1059 r = setup_machine_directory(error, /* use_btrfs_subvol= */ true, /* use_btrfs_quota= */ true);
1060 if (r < 0)
1061 return r;
1062
1063 r = image_set_pool_limit(m->runtime_scope, IMAGE_MACHINE, limit);
1064 if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
1065 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Quota is only supported on btrfs.");
1066 if (r < 0)
1067 return sd_bus_error_set_errnof(error, r, "Failed to adjust quota limit: %m");
1068
1069 return sd_bus_reply_method_return(message, NULL);
1070 }
1071
1072 static int method_set_image_limit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1073 return redirect_method_to_image(message, userdata, error, bus_image_method_set_limit);
1074 }
1075
1076 static int method_map_from_machine_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1077 Manager *m = userdata;
1078 const char *name;
1079 Machine *machine;
1080 uint32_t uid;
1081 uid_t converted;
1082 int r;
1083
1084 r = sd_bus_message_read(message, "su", &name, &uid);
1085 if (r < 0)
1086 return r;
1087
1088 if (!uid_is_valid(uid))
1089 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
1090
1091 machine = hashmap_get(m->machines, name);
1092 if (!machine)
1093 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
1094
1095 if (machine->class != MACHINE_CONTAINER)
1096 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
1097
1098 r = machine_translate_uid(machine, uid, &converted);
1099 if (r == -ESRCH)
1100 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "Machine '%s' has no matching user mappings.", name);
1101 if (r < 0)
1102 return r;
1103
1104 return sd_bus_reply_method_return(message, "u", (uint32_t) converted);
1105 }
1106
1107 static int method_map_to_machine_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1108 _cleanup_free_ char *o = NULL;
1109 Manager *m = userdata;
1110 Machine *machine;
1111 uid_t uid, converted;
1112 int r;
1113
1114 r = sd_bus_message_read(message, "u", &uid);
1115 if (r < 0)
1116 return r;
1117 if (!uid_is_valid(uid))
1118 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
1119 if (uid < 0x10000)
1120 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "User " UID_FMT " belongs to host UID range", uid);
1121
1122 r = manager_find_machine_for_uid(m, uid, &machine, &converted);
1123 if (r < 0)
1124 return r;
1125 if (!r)
1126 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "No matching user mapping for " UID_FMT ".", uid);
1127
1128 o = machine_bus_path(machine);
1129 if (!o)
1130 return -ENOMEM;
1131
1132 return sd_bus_reply_method_return(message, "sou", machine->name, o, (uint32_t) converted);
1133 }
1134
1135 static int method_map_from_machine_group(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1136 Manager *m = userdata;
1137 const char *name;
1138 Machine *machine;
1139 gid_t converted;
1140 uint32_t gid;
1141 int r;
1142
1143 r = sd_bus_message_read(message, "su", &name, &gid);
1144 if (r < 0)
1145 return r;
1146
1147 if (!gid_is_valid(gid))
1148 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
1149
1150 machine = hashmap_get(m->machines, name);
1151 if (!machine)
1152 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
1153
1154 if (machine->class != MACHINE_CONTAINER)
1155 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
1156
1157 r = machine_translate_gid(machine, gid, &converted);
1158 if (r == -ESRCH)
1159 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "Machine '%s' has no matching group mappings.", name);
1160 if (r < 0)
1161 return r;
1162
1163 return sd_bus_reply_method_return(message, "u", (uint32_t) converted);
1164 }
1165
1166 static int method_map_to_machine_group(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1167 _cleanup_free_ char *o = NULL;
1168 Manager *m = userdata;
1169 Machine *machine;
1170 gid_t gid, converted;
1171 int r;
1172
1173 r = sd_bus_message_read(message, "u", &gid);
1174 if (r < 0)
1175 return r;
1176 if (!gid_is_valid(gid))
1177 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
1178 if (gid < 0x10000)
1179 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "Group " GID_FMT " belongs to host GID range", gid);
1180
1181 r = manager_find_machine_for_gid(m, gid, &machine, &converted);
1182 if (r < 0)
1183 return r;
1184 if (!r)
1185 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "No matching group mapping for " GID_FMT ".", gid);
1186
1187 o = machine_bus_path(machine);
1188 if (!o)
1189 return -ENOMEM;
1190
1191 return sd_bus_reply_method_return(message, "sou", machine->name, o, (uint32_t) converted);
1192 }
1193
1194 const sd_bus_vtable manager_vtable[] = {
1195 SD_BUS_VTABLE_START(0),
1196
1197 SD_BUS_PROPERTY("PoolPath", "s", property_get_pool_path, 0, 0),
1198 SD_BUS_PROPERTY("PoolUsage", "t", property_get_pool_usage, 0, 0),
1199 SD_BUS_PROPERTY("PoolLimit", "t", property_get_pool_limit, 0, 0),
1200
1201 SD_BUS_METHOD_WITH_ARGS("GetMachine",
1202 SD_BUS_ARGS("s", name),
1203 SD_BUS_RESULT("o", machine),
1204 method_get_machine,
1205 SD_BUS_VTABLE_UNPRIVILEGED),
1206 SD_BUS_METHOD_WITH_ARGS("GetImage",
1207 SD_BUS_ARGS("s", name),
1208 SD_BUS_RESULT("o", image),
1209 method_get_image,
1210 SD_BUS_VTABLE_UNPRIVILEGED),
1211 SD_BUS_METHOD_WITH_ARGS("GetMachineByPID",
1212 SD_BUS_ARGS("u", pid),
1213 SD_BUS_RESULT("o", machine),
1214 method_get_machine_by_pid,
1215 SD_BUS_VTABLE_UNPRIVILEGED),
1216 SD_BUS_METHOD_WITH_ARGS("ListMachines",
1217 SD_BUS_NO_ARGS,
1218 SD_BUS_RESULT("a(ssso)", machines),
1219 method_list_machines,
1220 SD_BUS_VTABLE_UNPRIVILEGED),
1221 SD_BUS_METHOD_WITH_ARGS("ListImages",
1222 SD_BUS_NO_ARGS,
1223 SD_BUS_RESULT("a(ssbttto)", images),
1224 method_list_images,
1225 SD_BUS_VTABLE_UNPRIVILEGED),
1226 SD_BUS_METHOD_WITH_ARGS("CreateMachine",
1227 SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "a(sv)", scope_properties),
1228 SD_BUS_RESULT("o", path),
1229 method_create_machine,
1230 SD_BUS_VTABLE_UNPRIVILEGED),
1231 SD_BUS_METHOD_WITH_ARGS("CreateMachineWithNetwork",
1232 SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "ai", ifindices, "a(sv)", scope_properties),
1233 SD_BUS_RESULT("o", path),
1234 method_create_machine,
1235 SD_BUS_VTABLE_UNPRIVILEGED),
1236 SD_BUS_METHOD_WITH_ARGS("CreateMachineEx",
1237 SD_BUS_ARGS("s", name, "a(sv)", properties, "a(sv)", scope_properties),
1238 SD_BUS_RESULT("o", path),
1239 method_create_machine,
1240 SD_BUS_VTABLE_UNPRIVILEGED),
1241 SD_BUS_METHOD_WITH_ARGS("RegisterMachine",
1242 SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory),
1243 SD_BUS_RESULT("o", path),
1244 method_register_machine,
1245 SD_BUS_VTABLE_UNPRIVILEGED),
1246 SD_BUS_METHOD_WITH_ARGS("RegisterMachineWithNetwork",
1247 SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "ai", ifindices),
1248 SD_BUS_RESULT("o", path),
1249 method_register_machine,
1250 SD_BUS_VTABLE_UNPRIVILEGED),
1251 SD_BUS_METHOD_WITH_ARGS("RegisterMachineEx",
1252 SD_BUS_ARGS("s", name, "a(sv)", properties),
1253 SD_BUS_RESULT("o", path),
1254 method_register_machine,
1255 SD_BUS_VTABLE_UNPRIVILEGED),
1256 SD_BUS_METHOD_WITH_ARGS("UnregisterMachine",
1257 SD_BUS_ARGS("s", name),
1258 SD_BUS_NO_RESULT,
1259 method_unregister_machine,
1260 SD_BUS_VTABLE_UNPRIVILEGED),
1261 SD_BUS_METHOD_WITH_ARGS("TerminateMachine",
1262 SD_BUS_ARGS("s", id),
1263 SD_BUS_NO_RESULT,
1264 method_terminate_machine,
1265 SD_BUS_VTABLE_UNPRIVILEGED),
1266 SD_BUS_METHOD_WITH_ARGS("KillMachine",
1267 SD_BUS_ARGS("s", name, "s", whom, "i", signal),
1268 SD_BUS_NO_RESULT,
1269 method_kill_machine,
1270 SD_BUS_VTABLE_UNPRIVILEGED),
1271 SD_BUS_METHOD_WITH_ARGS("GetMachineAddresses",
1272 SD_BUS_ARGS("s", name),
1273 SD_BUS_RESULT("a(iay)", addresses),
1274 method_get_machine_addresses,
1275 SD_BUS_VTABLE_UNPRIVILEGED),
1276 SD_BUS_METHOD_WITH_ARGS("GetMachineSSHInfo",
1277 SD_BUS_ARGS("s", name),
1278 SD_BUS_RESULT("s", ssh_address, "s", ssh_private_key_path),
1279 method_get_machine_ssh_info,
1280 SD_BUS_VTABLE_UNPRIVILEGED),
1281 SD_BUS_METHOD_WITH_ARGS("GetMachineOSRelease",
1282 SD_BUS_ARGS("s", name),
1283 SD_BUS_RESULT("a{ss}", fields),
1284 method_get_machine_os_release,
1285 SD_BUS_VTABLE_UNPRIVILEGED),
1286 SD_BUS_METHOD_WITH_ARGS("OpenMachinePTY",
1287 SD_BUS_ARGS("s", name),
1288 SD_BUS_RESULT("h", pty, "s", pty_path),
1289 method_open_machine_pty,
1290 SD_BUS_VTABLE_UNPRIVILEGED),
1291 SD_BUS_METHOD_WITH_ARGS("OpenMachineLogin",
1292 SD_BUS_ARGS("s", name),
1293 SD_BUS_RESULT("h", pty, "s", pty_path),
1294 method_open_machine_login,
1295 SD_BUS_VTABLE_UNPRIVILEGED),
1296 SD_BUS_METHOD_WITH_ARGS("OpenMachineShell",
1297 SD_BUS_ARGS("s", name, "s", user, "s", path, "as", args, "as", environment),
1298 SD_BUS_RESULT("h", pty, "s", pty_path),
1299 method_open_machine_shell,
1300 SD_BUS_VTABLE_UNPRIVILEGED),
1301 SD_BUS_METHOD_WITH_ARGS("BindMountMachine",
1302 SD_BUS_ARGS("s", name, "s", source, "s", destination, "b", read_only, "b", mkdir),
1303 SD_BUS_NO_RESULT,
1304 method_bind_mount_machine,
1305 SD_BUS_VTABLE_UNPRIVILEGED),
1306 SD_BUS_METHOD_WITH_ARGS("CopyFromMachine",
1307 SD_BUS_ARGS("s", name, "s", source, "s", destination),
1308 SD_BUS_NO_RESULT,
1309 method_copy_machine,
1310 SD_BUS_VTABLE_UNPRIVILEGED),
1311 SD_BUS_METHOD_WITH_ARGS("CopyToMachine",
1312 SD_BUS_ARGS("s", name, "s", source, "s", destination),
1313 SD_BUS_NO_RESULT,
1314 method_copy_machine,
1315 SD_BUS_VTABLE_UNPRIVILEGED),
1316 SD_BUS_METHOD_WITH_ARGS("CopyFromMachineWithFlags",
1317 SD_BUS_ARGS("s", name, "s", source, "s", destination, "t", flags),
1318 SD_BUS_NO_RESULT,
1319 method_copy_machine,
1320 SD_BUS_VTABLE_UNPRIVILEGED),
1321 SD_BUS_METHOD_WITH_ARGS("CopyToMachineWithFlags",
1322 SD_BUS_ARGS("s", name, "s", source, "s", destination, "t", flags),
1323 SD_BUS_NO_RESULT,
1324 method_copy_machine,
1325 SD_BUS_VTABLE_UNPRIVILEGED),
1326 SD_BUS_METHOD_WITH_ARGS("OpenMachineRootDirectory",
1327 SD_BUS_ARGS("s", name),
1328 SD_BUS_RESULT("h", fd),
1329 method_open_machine_root_directory,
1330 SD_BUS_VTABLE_UNPRIVILEGED),
1331 SD_BUS_METHOD_WITH_ARGS("GetMachineUIDShift",
1332 SD_BUS_ARGS("s", name),
1333 SD_BUS_RESULT("u", shift),
1334 method_get_machine_uid_shift,
1335 SD_BUS_VTABLE_UNPRIVILEGED),
1336 SD_BUS_METHOD_WITH_ARGS("RemoveImage",
1337 SD_BUS_ARGS("s", name),
1338 SD_BUS_NO_RESULT,
1339 method_remove_image,
1340 SD_BUS_VTABLE_UNPRIVILEGED),
1341 SD_BUS_METHOD_WITH_ARGS("RenameImage",
1342 SD_BUS_ARGS("s", name, "s", new_name),
1343 SD_BUS_NO_RESULT,
1344 method_rename_image,
1345 SD_BUS_VTABLE_UNPRIVILEGED),
1346 SD_BUS_METHOD_WITH_ARGS("CloneImage",
1347 SD_BUS_ARGS("s", name, "s", new_name, "b", read_only),
1348 SD_BUS_NO_RESULT,
1349 method_clone_image,
1350 SD_BUS_VTABLE_UNPRIVILEGED),
1351 SD_BUS_METHOD_WITH_ARGS("MarkImageReadOnly",
1352 SD_BUS_ARGS("s", name, "b", read_only),
1353 SD_BUS_NO_RESULT,
1354 method_mark_image_read_only,
1355 SD_BUS_VTABLE_UNPRIVILEGED),
1356 SD_BUS_METHOD_WITH_ARGS("GetImageHostname",
1357 SD_BUS_ARGS("s", name),
1358 SD_BUS_RESULT("s", hostname),
1359 method_get_image_hostname,
1360 SD_BUS_VTABLE_UNPRIVILEGED),
1361 SD_BUS_METHOD_WITH_ARGS("GetImageMachineID",
1362 SD_BUS_ARGS("s", name),
1363 SD_BUS_RESULT("ay", id),
1364 method_get_image_machine_id,
1365 SD_BUS_VTABLE_UNPRIVILEGED),
1366 SD_BUS_METHOD_WITH_ARGS("GetImageMachineInfo",
1367 SD_BUS_ARGS("s", name),
1368 SD_BUS_RESULT("a{ss}", machine_info),
1369 method_get_image_machine_info,
1370 SD_BUS_VTABLE_UNPRIVILEGED),
1371 SD_BUS_METHOD_WITH_ARGS("GetImageOSRelease",
1372 SD_BUS_ARGS("s", name),
1373 SD_BUS_RESULT("a{ss}", os_release),
1374 method_get_image_os_release,
1375 SD_BUS_VTABLE_UNPRIVILEGED),
1376 SD_BUS_METHOD_WITH_ARGS("SetPoolLimit",
1377 SD_BUS_ARGS("t", size),
1378 SD_BUS_NO_RESULT,
1379 method_set_pool_limit,
1380 SD_BUS_VTABLE_UNPRIVILEGED),
1381 SD_BUS_METHOD_WITH_ARGS("SetImageLimit",
1382 SD_BUS_ARGS("s", name, "t", size),
1383 SD_BUS_NO_RESULT,
1384 method_set_image_limit,
1385 SD_BUS_VTABLE_UNPRIVILEGED),
1386 SD_BUS_METHOD_WITH_ARGS("CleanPool",
1387 SD_BUS_ARGS("s", mode),
1388 SD_BUS_RESULT("a(st)",images),
1389 method_clean_pool,
1390 SD_BUS_VTABLE_UNPRIVILEGED),
1391 SD_BUS_METHOD_WITH_ARGS("MapFromMachineUser",
1392 SD_BUS_ARGS("s", name, "u", uid_inner),
1393 SD_BUS_RESULT("u", uid_outer),
1394 method_map_from_machine_user,
1395 SD_BUS_VTABLE_UNPRIVILEGED),
1396 SD_BUS_METHOD_WITH_ARGS("MapToMachineUser",
1397 SD_BUS_ARGS("u", uid_outer),
1398 SD_BUS_RESULT("s", machine_name, "o", machine_path, "u", uid_inner),
1399 method_map_to_machine_user,
1400 SD_BUS_VTABLE_UNPRIVILEGED),
1401 SD_BUS_METHOD_WITH_ARGS("MapFromMachineGroup",
1402 SD_BUS_ARGS("s", name, "u", gid_inner),
1403 SD_BUS_RESULT("u", gid_outer),
1404 method_map_from_machine_group,
1405 SD_BUS_VTABLE_UNPRIVILEGED),
1406 SD_BUS_METHOD_WITH_ARGS("MapToMachineGroup",
1407 SD_BUS_ARGS("u", gid_outer),
1408 SD_BUS_RESULT("s", machine_name, "o", machine_path, "u", gid_inner),
1409 method_map_to_machine_group,
1410 SD_BUS_VTABLE_UNPRIVILEGED),
1411
1412 SD_BUS_SIGNAL_WITH_ARGS("MachineNew",
1413 SD_BUS_ARGS("s", machine, "o", path),
1414 0),
1415 SD_BUS_SIGNAL_WITH_ARGS("MachineRemoved",
1416 SD_BUS_ARGS("s", machine, "o", path),
1417 0),
1418
1419 SD_BUS_VTABLE_END
1420 };
1421
1422 const BusObjectImplementation manager_object = {
1423 "/org/freedesktop/machine1",
1424 "org.freedesktop.machine1.Manager",
1425 .vtables = BUS_VTABLES(manager_vtable),
1426 .children = BUS_IMPLEMENTATIONS( &machine_object,
1427 &image_object ),
1428 };
1429
1430 int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1431 const char *path, *result, *unit;
1432 Manager *m = ASSERT_PTR(userdata);
1433 Machine *machine;
1434 uint32_t id;
1435 int r;
1436
1437 assert(message);
1438
1439 r = sd_bus_message_read(message, "uoss", &id, &path, &unit, &result);
1440 if (r < 0) {
1441 bus_log_parse_error(r);
1442 return 0;
1443 }
1444
1445 machine = hashmap_get(m->machines_by_unit, unit);
1446 if (!machine)
1447 return 0;
1448
1449 if (streq_ptr(path, machine->scope_job)) {
1450 machine->scope_job = mfree(machine->scope_job);
1451
1452 if (machine->started) {
1453 if (streq(result, "done"))
1454 machine_send_create_reply(machine, NULL);
1455 else {
1456 _cleanup_(sd_bus_error_free) sd_bus_error e = SD_BUS_ERROR_NULL;
1457
1458 sd_bus_error_setf(&e, BUS_ERROR_JOB_FAILED, "Start job for unit %s failed with '%s'", unit, result);
1459
1460 machine_send_create_reply(machine, &e);
1461 }
1462 }
1463
1464 machine_save(machine);
1465 }
1466
1467 machine_add_to_gc_queue(machine);
1468 return 0;
1469 }
1470
1471 int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1472 _cleanup_free_ char *unit = NULL;
1473 const char *path;
1474 Manager *m = ASSERT_PTR(userdata);
1475 Machine *machine;
1476 int r;
1477
1478 assert(message);
1479
1480 path = sd_bus_message_get_path(message);
1481 if (!path)
1482 return 0;
1483
1484 r = unit_name_from_dbus_path(path, &unit);
1485 if (r == -EINVAL) /* not for a unit */
1486 return 0;
1487 if (r < 0) {
1488 log_oom();
1489 return 0;
1490 }
1491
1492 machine = hashmap_get(m->machines_by_unit, unit);
1493 if (!machine)
1494 return 0;
1495
1496 machine_add_to_gc_queue(machine);
1497 return 0;
1498 }
1499
1500 int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1501 const char *path, *unit;
1502 Manager *m = ASSERT_PTR(userdata);
1503 Machine *machine;
1504 int r;
1505
1506 assert(message);
1507
1508 r = sd_bus_message_read(message, "so", &unit, &path);
1509 if (r < 0) {
1510 bus_log_parse_error(r);
1511 return 0;
1512 }
1513
1514 machine = hashmap_get(m->machines_by_unit, unit);
1515 if (!machine)
1516 return 0;
1517
1518 machine_add_to_gc_queue(machine);
1519 return 0;
1520 }
1521
1522 int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error) {
1523 Manager *m = ASSERT_PTR(userdata);
1524 Machine *machine;
1525 int b, r;
1526
1527 assert(message);
1528
1529 r = sd_bus_message_read(message, "b", &b);
1530 if (r < 0) {
1531 bus_log_parse_error(r);
1532 return 0;
1533 }
1534 if (b)
1535 return 0;
1536
1537 /* systemd finished reloading, let's recheck all our machines */
1538 log_debug("System manager has been reloaded, rechecking machines...");
1539
1540 HASHMAP_FOREACH(machine, m->machines)
1541 machine_add_to_gc_queue(machine);
1542
1543 return 0;
1544 }
1545
1546 int manager_unref_unit(
1547 Manager *m,
1548 const char *unit,
1549 sd_bus_error *error) {
1550
1551 assert(m);
1552 assert(unit);
1553
1554 return bus_call_method(m->api_bus, bus_systemd_mgr, "UnrefUnit", error, NULL, "s", unit);
1555 }
1556
1557 int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
1558 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
1559 int r;
1560
1561 assert(manager);
1562 assert(unit);
1563
1564 r = bus_call_method(manager->api_bus, bus_systemd_mgr, "StopUnit", error, &reply, "ss", unit, "fail");
1565 if (r < 0) {
1566 if (sd_bus_error_has_names(error, BUS_ERROR_NO_SUCH_UNIT,
1567 BUS_ERROR_LOAD_FAILED)) {
1568
1569 if (job)
1570 *job = NULL;
1571
1572 sd_bus_error_free(error);
1573 return 0;
1574 }
1575
1576 return r;
1577 }
1578
1579 if (job) {
1580 const char *j;
1581 char *copy;
1582
1583 r = sd_bus_message_read(reply, "o", &j);
1584 if (r < 0)
1585 return r;
1586
1587 copy = strdup(j);
1588 if (!copy)
1589 return -ENOMEM;
1590
1591 *job = copy;
1592 }
1593
1594 return 1;
1595 }
1596
1597 int manager_kill_unit(Manager *manager, const char *unit, const char *subgroup, int signo, sd_bus_error *reterr_error) {
1598 assert(manager);
1599 assert(unit);
1600
1601 if (empty_or_root(subgroup))
1602 return bus_call_method(manager->api_bus, bus_systemd_mgr, "KillUnit", reterr_error, NULL, "ssi", unit, "all", signo);
1603
1604 return bus_call_method(manager->api_bus, bus_systemd_mgr, "KillUnitSubgroup", reterr_error, NULL, "sssi", unit, "cgroup", subgroup, signo);
1605 }
1606
1607 int manager_unit_is_active(Manager *manager, const char *unit, sd_bus_error *reterr_error) {
1608 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1609 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
1610 _cleanup_free_ char *path = NULL;
1611 const char *state;
1612 int r;
1613
1614 assert(manager);
1615 assert(unit);
1616
1617 path = unit_dbus_path_from_name(unit);
1618 if (!path)
1619 return -ENOMEM;
1620
1621 r = sd_bus_get_property(
1622 manager->api_bus,
1623 "org.freedesktop.systemd1",
1624 path,
1625 "org.freedesktop.systemd1.Unit",
1626 "ActiveState",
1627 &error,
1628 &reply,
1629 "s");
1630 if (r < 0) {
1631 if (bus_error_is_connection(&error))
1632 return true;
1633
1634 if (sd_bus_error_has_names(&error, BUS_ERROR_NO_SUCH_UNIT,
1635 BUS_ERROR_LOAD_FAILED))
1636 return false;
1637
1638 sd_bus_error_move(reterr_error, &error);
1639 return r;
1640 }
1641
1642 r = sd_bus_message_read(reply, "s", &state);
1643 if (r < 0)
1644 return -EINVAL;
1645
1646 return !STR_IN_SET(state, "inactive", "failed");
1647 }
1648
1649 int manager_job_is_active(Manager *manager, const char *path, sd_bus_error *reterr_error) {
1650 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1651 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
1652 int r;
1653
1654 assert(manager);
1655 assert(path);
1656
1657 r = sd_bus_get_property(
1658 manager->api_bus,
1659 "org.freedesktop.systemd1",
1660 path,
1661 "org.freedesktop.systemd1.Job",
1662 "State",
1663 &error,
1664 &reply,
1665 "s");
1666 if (r < 0) {
1667 if (bus_error_is_connection(&error))
1668 return true;
1669
1670 if (sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_OBJECT))
1671 return false;
1672
1673 sd_bus_error_move(reterr_error, &error);
1674 return r;
1675 }
1676
1677 /* We don't actually care about the state really. The fact
1678 * that we could read the job state is enough for us */
1679
1680 return true;
1681 }
Unnamed repository; edit this file 'description' to name the repository.