]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/nspawn/nspawn-register.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
6 #include "bus-locator.h"
7 #include "bus-unit-util.h"
9 #include "bus-wait-for-jobs.h"
10 #include "nspawn-register.h"
12 #include "stat-util.h"
16 static int append_machine_properties(
27 r
= sd_bus_message_append(m
, "(sv)", "DevicePolicy", "s", "closed");
29 return bus_log_create_error(r
);
31 /* If you make changes here, also make sure to update systemd-nspawn@.service, to keep the device policies in
32 * sync regardless if we are run with or without the --keep-unit switch. */
33 r
= sd_bus_message_append(m
, "(sv)", "DeviceAllow", "a(ss)", 2,
34 /* Allow the container to
35 * access and create the API
36 * device nodes, so that
37 * PrivateDevices= in the
40 "/dev/net/tun", "rwm",
41 /* Allow the container
42 * access to ptys. However,
44 * container to ever create
45 * these device nodes. */
48 return bus_log_create_error(r
);
50 for (j
= 0; j
< n_mounts
; j
++) {
51 CustomMount
*cm
= mounts
+ j
;
53 if (cm
->type
!= CUSTOM_MOUNT_BIND
)
56 r
= is_device_node(cm
->source
);
58 /* The bind source might only appear as the image is put together, hence don't complain */
59 log_debug_errno(r
, "Bind mount source %s not found, ignoring: %m", cm
->source
);
63 return log_error_errno(r
, "Failed to stat %s: %m", cm
->source
);
66 r
= sd_bus_message_append(m
, "(sv)", "DeviceAllow", "a(ss)", 1,
67 cm
->source
, cm
->read_only
? "r" : "rw");
69 return log_error_errno(r
, "Failed to append message arguments: %m");
73 if (kill_signal
!= 0) {
74 r
= sd_bus_message_append(m
, "(sv)", "KillSignal", "i", kill_signal
);
76 return bus_log_create_error(r
);
78 r
= sd_bus_message_append(m
, "(sv)", "KillMode", "s", "mixed");
80 return bus_log_create_error(r
);
86 static int append_controller_property(sd_bus
*bus
, sd_bus_message
*m
) {
93 r
= sd_bus_get_unique_name(bus
, &unique
);
95 return log_error_errno(r
, "Failed to get unique name: %m");
97 r
= sd_bus_message_append(m
, "(sv)", "Controller", "s", unique
);
99 return bus_log_create_error(r
);
104 int register_machine(
106 const char *machine_name
,
108 const char *directory
,
116 sd_bus_message
*properties_message
,
118 const char *service
) {
120 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
129 "RegisterMachineWithNetwork",
134 SD_BUS_MESSAGE_APPEND_ID128(uuid
),
139 local_ifindex
> 0 ? 1 : 0, local_ifindex
);
141 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*m
= NULL
;
143 r
= bus_message_new_method_call(bus
, &m
, bus_machine_mgr
, "CreateMachineWithNetwork");
145 return bus_log_create_error(r
);
147 r
= sd_bus_message_append(
151 SD_BUS_MESSAGE_APPEND_ID128(uuid
),
156 local_ifindex
> 0 ? 1 : 0, local_ifindex
);
158 return bus_log_create_error(r
);
160 r
= sd_bus_message_open_container(m
, 'a', "(sv)");
162 return bus_log_create_error(r
);
164 if (!isempty(slice
)) {
165 r
= sd_bus_message_append(m
, "(sv)", "Slice", "s", slice
);
167 return bus_log_create_error(r
);
170 r
= append_controller_property(bus
, m
);
174 r
= append_machine_properties(
182 if (properties_message
) {
183 r
= sd_bus_message_copy(m
, properties_message
, true);
185 return bus_log_create_error(r
);
188 r
= bus_append_unit_property_assignment_many(m
, UNIT_SERVICE
, properties
);
192 r
= sd_bus_message_close_container(m
);
194 return bus_log_create_error(r
);
196 r
= sd_bus_call(bus
, m
, 0, &error
, NULL
);
200 return log_error_errno(r
, "Failed to register machine: %s", bus_error_message(&error
, r
));
205 int unregister_machine(
207 const char *machine_name
) {
209 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
214 r
= bus_call_method(bus
, bus_machine_mgr
, "UnregisterMachine", &error
, NULL
, "s", machine_name
);
216 log_debug("Failed to unregister machine: %s", bus_error_message(&error
, r
));
223 const char *machine_name
,
230 sd_bus_message
*properties_message
) {
232 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*m
= NULL
, *reply
= NULL
;
233 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
234 _cleanup_(bus_wait_for_jobs_freep
) BusWaitForJobs
*w
= NULL
;
235 _cleanup_free_
char *scope
= NULL
;
236 const char *description
, *object
;
241 r
= bus_wait_for_jobs_new(bus
, &w
);
243 return log_error_errno(r
, "Could not watch job: %m");
245 r
= unit_name_mangle_with_suffix(machine_name
, "as machine name", 0, ".scope", &scope
);
247 return log_error_errno(r
, "Failed to mangle scope name: %m");
249 r
= bus_message_new_method_call(bus
, &m
, bus_systemd_mgr
, "StartTransientUnit");
251 return bus_log_create_error(r
);
253 r
= sd_bus_message_append(m
, "ss", scope
, "fail");
255 return bus_log_create_error(r
);
258 r
= sd_bus_message_open_container(m
, 'a', "(sv)");
260 return bus_log_create_error(r
);
262 description
= strjoina("Container ", machine_name
);
264 r
= sd_bus_message_append(m
, "(sv)(sv)(sv)(sv)(sv)(sv)",
265 "PIDs", "au", 1, pid
,
266 "Description", "s", description
,
268 "CollectMode", "s", "inactive-or-failed",
270 "Slice", "s", isempty(slice
) ? SPECIAL_MACHINE_SLICE
: slice
);
272 return bus_log_create_error(r
);
274 r
= append_controller_property(bus
, m
);
278 if (properties_message
) {
279 r
= sd_bus_message_copy(m
, properties_message
, true);
281 return bus_log_create_error(r
);
284 r
= append_machine_properties(
292 r
= bus_append_unit_property_assignment_many(m
, UNIT_SCOPE
, properties
);
296 r
= sd_bus_message_close_container(m
);
298 return bus_log_create_error(r
);
300 /* No auxiliary units */
301 r
= sd_bus_message_append(
306 return bus_log_create_error(r
);
308 r
= sd_bus_call(bus
, m
, 0, &error
, &reply
);
310 return log_error_errno(r
, "Failed to allocate scope: %s", bus_error_message(&error
, r
));
312 r
= sd_bus_message_read(reply
, "o", &object
);
314 return bus_log_parse_error(r
);
316 r
= bus_wait_for_jobs_one(w
, object
, false);
325 const char *machine_name
) {
327 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
328 _cleanup_free_
char *scope
= NULL
;
331 r
= unit_name_mangle_with_suffix(machine_name
, "to terminate", 0, ".scope", &scope
);
333 return log_error_errno(r
, "Failed to mangle scope name: %m");
335 r
= bus_call_method(bus
, bus_systemd_mgr
, "AbandonScope", &error
, NULL
, "s", scope
);
337 log_debug_errno(r
, "Failed to abandon scope '%s', ignoring: %s", scope
, bus_error_message(&error
, r
));
338 sd_bus_error_free(&error
);
352 log_debug_errno(r
, "Failed to SIGKILL scope '%s', ignoring: %s", scope
, bus_error_message(&error
, r
));
353 sd_bus_error_free(&error
);
356 r
= bus_call_method(bus
, bus_systemd_mgr
, "UnrefUnit", &error
, NULL
, "s", scope
);
358 log_debug_errno(r
, "Failed to drop reference to scope '%s', ignoring: %s", scope
, bus_error_message(&error
, r
));