1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include <linux/loop.h>
5 #include "sd-messages.h"
7 #include "bus-common-errors.h"
9 #include "bus-locator.h"
11 #include "conf-files.h"
13 #include "data-fd-util.h"
14 #include "constants.h"
15 #include "dirent-util.h"
16 #include "discover-image.h"
17 #include "dissect-image.h"
20 #include "errno-list.h"
22 #include "extension-util.h"
27 #include "iovec-util.h"
28 #include "locale-util.h"
29 #include "loop-util.h"
31 #include "nulstr-util.h"
33 #include "path-lookup.h"
35 #include "process-util.h"
37 #include "selinux-util.h"
39 #include "signal-util.h"
40 #include "socket-util.h"
41 #include "sort-util.h"
42 #include "string-table.h"
44 #include "tmpfile-util.h"
45 #include "user-util.h"
47 /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was
48 * dropped there by the portable service logic and b) for which image it was dropped there. */
49 #define PORTABLE_DROPIN_MARKER_BEGIN "# Drop-in created for image '"
50 #define PORTABLE_DROPIN_MARKER_END "', do not edit."
52 static bool prefix_match(const char *unit
, const char *prefix
) {
55 p
= startswith(unit
, prefix
);
59 /* Only respect prefixes followed by dash or dot or when there's a complete match */
60 return IN_SET(*p
, '-', '.', '@', 0);
63 static bool unit_match(const char *unit
, char **matches
) {
66 dot
= strrchr(unit
, '.');
70 if (!STR_IN_SET(dot
, ".service", ".socket", ".target", ".timer", ".path"))
73 /* Empty match expression means: everything */
74 if (strv_isempty(matches
))
77 /* Otherwise, at least one needs to match */
78 STRV_FOREACH(i
, matches
)
79 if (prefix_match(unit
, *i
))
85 static PortableMetadata
*portable_metadata_new(const char *name
, const char *path
, const char *selinux_label
, int fd
) {
88 m
= malloc0(offsetof(PortableMetadata
, name
) + strlen(name
) + 1);
92 /* In case of a layered attach, we want to remember which image the unit came from */
94 m
->image_path
= strdup(path
);
99 /* The metadata file might have SELinux labels, we need to carry them and reapply them */
100 if (!isempty(selinux_label
)) {
101 m
->selinux_label
= strdup(selinux_label
);
102 if (!m
->selinux_label
) {
108 strcpy(m
->name
, name
);
114 PortableMetadata
*portable_metadata_unref(PortableMetadata
*i
) {
121 free(i
->selinux_label
);
126 static int compare_metadata(PortableMetadata
*const *x
, PortableMetadata
*const *y
) {
127 return strcmp((*x
)->name
, (*y
)->name
);
130 int portable_metadata_hashmap_to_sorted_array(Hashmap
*unit_files
, PortableMetadata
***ret
) {
132 _cleanup_free_ PortableMetadata
**sorted
= NULL
;
133 PortableMetadata
*item
;
136 sorted
= new(PortableMetadata
*, hashmap_size(unit_files
));
140 HASHMAP_FOREACH(item
, unit_files
)
143 assert(k
== hashmap_size(unit_files
));
145 typesafe_qsort(sorted
, k
, compare_metadata
);
147 *ret
= TAKE_PTR(sorted
);
151 static int send_one_fd_iov_with_data_fd(
153 const struct iovec
*iov
,
157 _cleanup_close_
int data_fd
= -EBADF
;
159 assert(iov
|| iovlen
== 0);
160 assert(socket_fd
>= 0);
163 data_fd
= copy_data_fd(fd
);
167 return send_one_fd_iov(socket_fd
, data_fd
, iov
, iovlen
, 0);
170 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(portable_metadata_hash_ops
, char, string_hash_func
, string_compare_func
,
171 PortableMetadata
, portable_metadata_unref
);
173 static int extract_now(
176 const char *image_name
,
177 bool path_is_extension
,
178 bool relax_extension_release_check
,
180 PortableMetadata
**ret_os_release
,
181 Hashmap
**ret_unit_files
) {
183 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
184 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*os_release
= NULL
;
185 _cleanup_(lookup_paths_done
) LookupPaths paths
= {};
186 _cleanup_close_
int os_release_fd
= -EBADF
;
187 _cleanup_free_
char *os_release_path
= NULL
;
188 const char *os_release_id
;
191 /* Extracts the metadata from a directory tree 'where'. Extracts two kinds of information: the /etc/os-release
192 * data, and all unit files matching the specified expression. Note that this function is called in two very
193 * different but also similar contexts. When the tool gets invoked on a directory tree, we'll process it
194 * directly, and in-process, and thus can return the requested data directly, via 'ret_os_release' and
195 * 'ret_unit_files'. However, if the tool is invoked on a raw disk image — which needs to be mounted first — we
196 * are invoked in a child process with private mounts and then need to send the collected data to our
197 * parent. To handle both cases in one call this function also gets a 'socket_fd' parameter, which when >= 0 is
198 * used to send the data to the parent. */
202 /* First, find os-release/extension-release and send it upstream (or just save it). */
203 if (path_is_extension
) {
204 ImageClass
class = IMAGE_SYSEXT
;
206 r
= open_extension_release(where
, IMAGE_SYSEXT
, image_name
, relax_extension_release_check
, &os_release_path
, &os_release_fd
);
208 r
= open_extension_release(where
, IMAGE_CONFEXT
, image_name
, relax_extension_release_check
, &os_release_path
, &os_release_fd
);
210 class = IMAGE_CONFEXT
;
213 return log_error_errno(r
, "Failed to open extension release from '%s': %m", image_name
);
215 os_release_id
= strjoina((class == IMAGE_SYSEXT
) ? "/usr/lib" : "/etc", "/extension-release.d/extension-release.", image_name
);
217 os_release_id
= "/etc/os-release";
218 r
= open_os_release(where
, &os_release_path
, &os_release_fd
);
222 "Couldn't acquire %s file, ignoring: %m",
223 path_is_extension
? "extension-release " : "os-release");
225 if (socket_fd
>= 0) {
226 struct iovec iov
[] = {
227 IOVEC_MAKE_STRING(os_release_id
),
228 IOVEC_MAKE((char *)"\0", sizeof(char)),
231 r
= send_one_fd_iov_with_data_fd(socket_fd
, iov
, ELEMENTSOF(iov
), os_release_fd
);
233 return log_debug_errno(r
, "Failed to send os-release file: %m");
236 if (ret_os_release
) {
237 os_release
= portable_metadata_new(os_release_id
, NULL
, NULL
, os_release_fd
);
241 os_release_fd
= -EBADF
;
242 os_release
->source
= TAKE_PTR(os_release_path
);
246 /* Then, send unit file data to the parent (or/and add it to the hashmap). For that we use our usual unit
247 * discovery logic. Note that we force looking inside of /lib/systemd/system/ for units too, as the
248 * image might have a legacy split-usr layout. */
249 r
= lookup_paths_init(&paths
, RUNTIME_SCOPE_SYSTEM
, LOOKUP_PATHS_SPLIT_USR
, where
);
251 return log_debug_errno(r
, "Failed to acquire lookup paths: %m");
253 unit_files
= hashmap_new(&portable_metadata_hash_ops
);
257 STRV_FOREACH(i
, paths
.search_path
) {
258 _cleanup_free_
char *resolved
= NULL
;
259 _cleanup_closedir_
DIR *d
= NULL
;
261 r
= chase_and_opendir(*i
, where
, 0, &resolved
, &d
);
263 log_debug_errno(r
, "Failed to open unit path '%s', ignoring: %m", *i
);
267 FOREACH_DIRENT(de
, d
, return log_debug_errno(errno
, "Failed to read directory: %m")) {
268 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*m
= NULL
;
269 _cleanup_(mac_selinux_freep
) char *con
= NULL
;
270 _cleanup_close_
int fd
= -EBADF
;
273 if (!unit_name_is_valid(de
->d_name
, UNIT_NAME_ANY
))
276 if (!unit_match(de
->d_name
, matches
))
279 /* Filter out duplicates */
280 if (hashmap_get(unit_files
, de
->d_name
))
283 if (!IN_SET(de
->d_type
, DT_LNK
, DT_REG
))
286 fd
= openat(dirfd(d
), de
->d_name
, O_CLOEXEC
|O_RDONLY
);
288 log_debug_errno(errno
, "Failed to open unit file '%s', ignoring: %m", de
->d_name
);
292 /* Reject empty files, just in case */
293 if (fstat(fd
, &st
) < 0) {
294 log_debug_errno(errno
, "Failed to stat unit file '%s', ignoring: %m", de
->d_name
);
298 if (st
.st_size
<= 0) {
299 log_debug("Unit file '%s' is empty, ignoring.", de
->d_name
);
304 /* The units will be copied on the host's filesystem, so if they had a SELinux label
305 * we have to preserve it. Copy it out so that it can be applied later. */
307 r
= fgetfilecon_raw(fd
, &con
);
308 if (r
< 0 && !ERRNO_IS_XATTR_ABSENT(errno
))
309 log_debug_errno(errno
, "Failed to get SELinux file context from '%s', ignoring: %m", de
->d_name
);
312 if (socket_fd
>= 0) {
313 struct iovec iov
[] = {
314 IOVEC_MAKE_STRING(de
->d_name
),
315 IOVEC_MAKE((char *)"\0", sizeof(char)),
316 IOVEC_MAKE_STRING(strempty(con
)),
319 r
= send_one_fd_iov_with_data_fd(socket_fd
, iov
, ELEMENTSOF(iov
), fd
);
321 return log_debug_errno(r
, "Failed to send unit metadata to parent: %m");
324 m
= portable_metadata_new(de
->d_name
, where
, con
, fd
);
329 m
->source
= path_join(resolved
, de
->d_name
);
333 r
= hashmap_put(unit_files
, m
->name
, m
);
335 return log_debug_errno(r
, "Failed to add unit to hashmap: %m");
341 *ret_os_release
= TAKE_PTR(os_release
);
343 *ret_unit_files
= TAKE_PTR(unit_files
);
348 static int portable_extract_by_path(
350 bool path_is_extension
,
351 bool relax_extension_release_check
,
353 const ImagePolicy
*image_policy
,
354 PortableMetadata
**ret_os_release
,
355 Hashmap
**ret_unit_files
,
356 sd_bus_error
*error
) {
358 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
359 _cleanup_(portable_metadata_unrefp
) PortableMetadata
* os_release
= NULL
;
360 _cleanup_(loop_device_unrefp
) LoopDevice
*d
= NULL
;
365 r
= loop_device_make_by_path(
368 /* sector_size= */ UINT32_MAX
,
373 _cleanup_free_
char *image_name
= NULL
;
375 /* We can't turn this into a loop-back block device, and this returns EISDIR? Then this is a directory
376 * tree and not a raw device. It's easy then. */
378 r
= path_extract_filename(path
, &image_name
);
380 return log_error_errno(r
, "Failed to extract image name from path '%s': %m", path
);
382 r
= extract_now(path
, matches
, image_name
, path_is_extension
, /* relax_extension_release_check= */ false, -1, &os_release
, &unit_files
);
387 return log_debug_errno(r
, "Failed to set up loopback device for %s: %m", path
);
389 _cleanup_(dissected_image_unrefp
) DissectedImage
*m
= NULL
;
390 _cleanup_(rmdir_and_freep
) char *tmpdir
= NULL
;
391 _cleanup_close_pair_
int seq
[2] = EBADF_PAIR
;
392 _cleanup_(sigkill_waitp
) pid_t child
= 0;
393 DissectImageFlags flags
=
394 DISSECT_IMAGE_READ_ONLY
|
395 DISSECT_IMAGE_GENERIC_ROOT
|
396 DISSECT_IMAGE_REQUIRE_ROOT
|
397 DISSECT_IMAGE_DISCARD_ON_LOOP
|
398 DISSECT_IMAGE_RELAX_VAR_CHECK
|
399 DISSECT_IMAGE_USR_NO_ROOT
|
400 DISSECT_IMAGE_ADD_PARTITION_DEVICES
|
401 DISSECT_IMAGE_PIN_PARTITION_DEVICES
|
402 DISSECT_IMAGE_ALLOW_USERSPACE_VERITY
;
404 if (path_is_extension
)
405 flags
|= DISSECT_IMAGE_VALIDATE_OS_EXT
| (relax_extension_release_check
? DISSECT_IMAGE_RELAX_EXTENSION_CHECK
: 0);
407 flags
|= DISSECT_IMAGE_VALIDATE_OS
;
409 /* We now have a loopback block device, let's fork off a child in its own mount namespace, mount it
410 * there, and extract the metadata we need. The metadata is sent from the child back to us. */
412 BLOCK_SIGNALS(SIGCHLD
);
414 r
= mkdtemp_malloc("/tmp/inspect-XXXXXX", &tmpdir
);
416 return log_debug_errno(r
, "Failed to create temporary directory: %m");
418 r
= dissect_loop_device(
421 /* mount_options= */ NULL
,
426 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Couldn't identify a suitable partition table or file system in '%s'.", path
);
427 else if (r
== -EADDRNOTAVAIL
)
428 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "No root partition for specified root hash found in '%s'.", path
);
429 else if (r
== -ENOTUNIQ
)
430 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Multiple suitable root partitions found in image '%s'.", path
);
431 else if (r
== -ENXIO
)
432 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "No suitable root partition found in image '%s'.", path
);
433 else if (r
== -EPROTONOSUPPORT
)
434 sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Device '%s' is loopback block device with partition scanning turned off, please turn it on.", path
);
438 if (socketpair(AF_UNIX
, SOCK_SEQPACKET
|SOCK_CLOEXEC
, 0, seq
) < 0)
439 return log_debug_errno(errno
, "Failed to allocated SOCK_SEQPACKET socket: %m");
441 r
= safe_fork("(sd-dissect)", FORK_RESET_SIGNALS
|FORK_DEATHSIG_SIGTERM
|FORK_NEW_MOUNTNS
|FORK_MOUNTNS_SLAVE
|FORK_LOG
, &child
);
445 seq
[0] = safe_close(seq
[0]);
447 r
= dissected_image_mount(
450 /* uid_shift= */ UID_INVALID
,
451 /* uid_range= */ UID_INVALID
,
452 /* userns_fd= */ -EBADF
,
455 log_debug_errno(r
, "Failed to mount dissected image: %m");
459 r
= extract_now(tmpdir
, matches
, m
->image_name
, path_is_extension
, relax_extension_release_check
, seq
[1], NULL
, NULL
);
462 _exit(r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
);
465 seq
[1] = safe_close(seq
[1]);
467 unit_files
= hashmap_new(&portable_metadata_hash_ops
);
472 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*add
= NULL
;
473 _cleanup_close_
int fd
= -EBADF
;
474 /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
475 * according to suggestions from the SELinux people this will change and it will probably be
476 * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
478 char iov_buffer
[PATH_MAX
+ NAME_MAX
+ 2];
479 struct iovec iov
= IOVEC_MAKE(iov_buffer
, sizeof(iov_buffer
));
481 ssize_t n
= receive_one_fd_iov(seq
[0], &iov
, 1, 0, &fd
);
485 return log_debug_errno(n
, "Failed to receive item: %m");
488 /* We can't really distinguish a zero-length datagram without any fds from EOF (both are signalled the
489 * same way by recvmsg()). Hence, accept either as end notification. */
490 if (isempty(iov_buffer
) && fd
< 0)
493 if (isempty(iov_buffer
) || fd
< 0)
494 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL
),
495 "Invalid item sent from child.");
497 /* Given recvmsg cannot be used with multiple io vectors if you don't know the size in advance,
498 * use a marker to separate the name and the optional SELinux context. */
499 char *selinux_label
= memchr(iov_buffer
, 0, n
);
500 assert(selinux_label
);
503 add
= portable_metadata_new(iov_buffer
, path
, selinux_label
, fd
);
508 /* Note that we do not initialize 'add->source' here, as the source path is not usable here as
509 * it refers to a path only valid in the short-living namespaced child process we forked
512 if (PORTABLE_METADATA_IS_UNIT(add
)) {
513 r
= hashmap_put(unit_files
, add
->name
, add
);
515 return log_debug_errno(r
, "Failed to add item to unit file list: %m");
519 } else if (PORTABLE_METADATA_IS_OS_RELEASE(add
) || PORTABLE_METADATA_IS_EXTENSION_RELEASE(add
)) {
522 os_release
= TAKE_PTR(add
);
524 assert_not_reached();
527 r
= wait_for_terminate_and_check("(sd-dissect)", child
, 0);
534 return sd_bus_error_setf(error
,
535 SD_BUS_ERROR_INVALID_ARGS
,
536 "Image '%s' lacks %s data, refusing.",
538 path_is_extension
? "extension-release" : "os-release");
541 *ret_unit_files
= TAKE_PTR(unit_files
);
544 *ret_os_release
= TAKE_PTR(os_release
);
549 static int extract_image_and_extensions(
550 const char *name_or_path
,
552 char **extension_image_paths
,
553 bool validate_extension
,
554 bool relax_extension_release_check
,
555 const ImagePolicy
*image_policy
,
557 OrderedHashmap
**ret_extension_images
,
558 OrderedHashmap
**ret_extension_releases
,
559 PortableMetadata
**ret_os_release
,
560 Hashmap
**ret_unit_files
,
561 char ***ret_valid_prefixes
,
562 sd_bus_error
*error
) {
564 _cleanup_free_
char *id
= NULL
, *version_id
= NULL
, *sysext_level
= NULL
, *confext_level
= NULL
;
565 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*os_release
= NULL
;
566 _cleanup_ordered_hashmap_free_ OrderedHashmap
*extension_images
= NULL
, *extension_releases
= NULL
;
567 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
568 _cleanup_strv_free_
char **valid_prefixes
= NULL
;
569 _cleanup_(image_unrefp
) Image
*image
= NULL
;
573 assert(name_or_path
);
575 r
= image_find_harder(IMAGE_PORTABLE
, name_or_path
, NULL
, &image
);
579 if (!strv_isempty(extension_image_paths
)) {
580 extension_images
= ordered_hashmap_new(&image_hash_ops
);
581 if (!extension_images
)
584 if (ret_extension_releases
) {
585 extension_releases
= ordered_hashmap_new(&portable_metadata_hash_ops
);
586 if (!extension_releases
)
590 STRV_FOREACH(p
, extension_image_paths
) {
591 _cleanup_(image_unrefp
) Image
*new = NULL
;
593 r
= image_find_harder(IMAGE_PORTABLE
, *p
, NULL
, &new);
597 r
= ordered_hashmap_put(extension_images
, new->name
, new);
604 r
= portable_extract_by_path(
606 /* path_is_extension= */ false,
607 /* relax_extension_release_check= */ false,
616 /* If we are layering extension images on top of a runtime image, check that the os-release and
617 * extension-release metadata match, otherwise reject it immediately as invalid, or it will fail when
618 * the units are started. Also, collect valid portable prefixes if caller requested that. */
619 if (validate_extension
|| ret_valid_prefixes
) {
620 _cleanup_free_
char *prefixes
= NULL
;
622 r
= parse_env_file_fd(os_release
->fd
, os_release
->name
,
624 "VERSION_ID", &version_id
,
625 "SYSEXT_LEVEL", &sysext_level
,
626 "CONFEXT_LEVEL", &confext_level
,
627 "PORTABLE_PREFIXES", &prefixes
);
631 return sd_bus_error_set_errnof(error
, SYNTHETIC_ERRNO(ESTALE
), "Image %s os-release metadata lacks the ID field", name_or_path
);
634 valid_prefixes
= strv_split(prefixes
, WHITESPACE
);
640 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
641 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*extension_release_meta
= NULL
;
642 _cleanup_hashmap_free_ Hashmap
*extra_unit_files
= NULL
;
643 _cleanup_strv_free_
char **extension_release
= NULL
;
646 r
= portable_extract_by_path(
648 /* path_is_extension= */ true,
649 relax_extension_release_check
,
652 &extension_release_meta
,
658 r
= hashmap_move(unit_files
, extra_unit_files
);
662 if (!validate_extension
&& !ret_valid_prefixes
&& !ret_extension_releases
)
665 r
= load_env_file_pairs_fd(extension_release_meta
->fd
, extension_release_meta
->name
, &extension_release
);
669 if (validate_extension
) {
670 r
= extension_release_validate(ext
->path
, id
, version_id
, sysext_level
, "portable", extension_release
, IMAGE_SYSEXT
);
672 r
= extension_release_validate(ext
->path
, id
, version_id
, confext_level
, "portable", extension_release
, IMAGE_CONFEXT
);
675 return sd_bus_error_set_errnof(error
, SYNTHETIC_ERRNO(ESTALE
), "Image %s extension-release metadata does not match the root's", ext
->path
);
677 return sd_bus_error_set_errnof(error
, r
, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext
->path
);
680 e
= strv_env_pairs_get(extension_release
, "PORTABLE_PREFIXES");
682 _cleanup_strv_free_
char **l
= NULL
;
684 l
= strv_split(e
, WHITESPACE
);
688 r
= strv_extend_strv(&valid_prefixes
, l
, true);
693 if (ret_extension_releases
) {
694 r
= ordered_hashmap_put(extension_releases
, ext
->name
, extension_release_meta
);
697 TAKE_PTR(extension_release_meta
);
701 strv_sort(valid_prefixes
);
704 *ret_image
= TAKE_PTR(image
);
705 if (ret_extension_images
)
706 *ret_extension_images
= TAKE_PTR(extension_images
);
707 if (ret_extension_releases
)
708 *ret_extension_releases
= TAKE_PTR(extension_releases
);
710 *ret_os_release
= TAKE_PTR(os_release
);
712 *ret_unit_files
= TAKE_PTR(unit_files
);
713 if (ret_valid_prefixes
)
714 *ret_valid_prefixes
= TAKE_PTR(valid_prefixes
);
719 int portable_extract(
720 const char *name_or_path
,
722 char **extension_image_paths
,
723 const ImagePolicy
*image_policy
,
725 PortableMetadata
**ret_os_release
,
726 OrderedHashmap
**ret_extension_releases
,
727 Hashmap
**ret_unit_files
,
728 char ***ret_valid_prefixes
,
729 sd_bus_error
*error
) {
731 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*os_release
= NULL
;
732 _cleanup_ordered_hashmap_free_ OrderedHashmap
*extension_images
= NULL
, *extension_releases
= NULL
;
733 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
734 _cleanup_strv_free_
char **valid_prefixes
= NULL
;
735 _cleanup_(image_unrefp
) Image
*image
= NULL
;
738 assert(name_or_path
);
740 r
= extract_image_and_extensions(
743 extension_image_paths
,
744 /* validate_extension= */ false,
745 /* relax_extension_release_check= */ FLAGS_SET(flags
, PORTABLE_FORCE_EXTENSION
),
752 ret_valid_prefixes
? &valid_prefixes
: NULL
,
757 if (hashmap_isempty(unit_files
)) {
758 _cleanup_free_
char *extensions
= strv_join(extension_image_paths
, ", ");
762 return sd_bus_error_setf(error
,
763 SD_BUS_ERROR_INVALID_ARGS
,
764 "Couldn't find any matching unit files in image '%s%s%s', refusing.",
766 isempty(extensions
) ? "" : "' or any of its extensions '",
767 isempty(extensions
) ? "" : extensions
);
771 *ret_os_release
= TAKE_PTR(os_release
);
772 if (ret_extension_releases
)
773 *ret_extension_releases
= TAKE_PTR(extension_releases
);
775 *ret_unit_files
= TAKE_PTR(unit_files
);
776 if (ret_valid_prefixes
)
777 *ret_valid_prefixes
= TAKE_PTR(valid_prefixes
);
782 static int unit_file_is_active(
785 sd_bus_error
*error
) {
787 static const char *const active_states
[] = {
799 /* If we are looking at a plain or instance things are easy, we can just query the state */
800 if (unit_name_is_valid(name
, UNIT_NAME_PLAIN
|UNIT_NAME_INSTANCE
)) {
801 _cleanup_free_
char *path
= NULL
, *buf
= NULL
;
803 path
= unit_dbus_path_from_name(name
);
807 r
= sd_bus_get_property_string(
809 "org.freedesktop.systemd1",
811 "org.freedesktop.systemd1.Unit",
816 return log_debug_errno(r
, "Failed to retrieve unit state: %s", bus_error_message(error
, r
));
818 return strv_contains((char**) active_states
, buf
);
821 /* Otherwise we need to enumerate. But let's build the most restricted query we can */
822 if (unit_name_is_valid(name
, UNIT_NAME_TEMPLATE
)) {
823 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*m
= NULL
, *reply
= NULL
;
824 const char *at
, *prefix
, *joined
;
826 r
= bus_message_new_method_call(bus
, &m
, bus_systemd_mgr
, "ListUnitsByPatterns");
830 r
= sd_bus_message_append_strv(m
, (char**) active_states
);
834 at
= strchr(name
, '@');
837 prefix
= strndupa_safe(name
, at
+ 1 - name
);
838 joined
= strjoina(prefix
, "*", at
+ 1);
840 r
= sd_bus_message_append_strv(m
, STRV_MAKE(joined
));
844 r
= sd_bus_call(bus
, m
, 0, error
, &reply
);
846 return log_debug_errno(r
, "Failed to list units: %s", bus_error_message(error
, r
));
848 r
= sd_bus_message_enter_container(reply
, SD_BUS_TYPE_ARRAY
, "(ssssssouso)");
852 r
= sd_bus_message_enter_container(reply
, SD_BUS_TYPE_STRUCT
, "ssssssouso");
862 static int portable_changes_add(
863 PortableChange
**changes
,
865 int type_or_errno
, /* PORTABLE_COPY, PORTABLE_SYMLINK, … if positive, or errno if negative */
867 const char *source
) {
869 _cleanup_free_
char *p
= NULL
, *s
= NULL
;
874 assert(!changes
== !n_changes
);
876 if (type_or_errno
>= 0)
877 assert(type_or_errno
< _PORTABLE_CHANGE_TYPE_MAX
);
879 assert(type_or_errno
>= -ERRNO_MAX
);
884 c
= reallocarray(*changes
, *n_changes
+ 1, sizeof(PortableChange
));
889 r
= path_simplify_alloc(path
, &p
);
893 r
= path_simplify_alloc(source
, &s
);
897 c
[(*n_changes
)++] = (PortableChange
) {
898 .type_or_errno
= type_or_errno
,
900 .source
= TAKE_PTR(s
),
906 static int portable_changes_add_with_prefix(
907 PortableChange
**changes
,
912 const char *source
) {
914 _cleanup_free_
char *path_buf
= NULL
, *source_buf
= NULL
;
917 assert(!changes
== !n_changes
);
923 path_buf
= path_join(prefix
, path
);
930 source_buf
= path_join(prefix
, source
);
938 return portable_changes_add(changes
, n_changes
, type_or_errno
, path
, source
);
941 void portable_changes_free(PortableChange
*changes
, size_t n_changes
) {
944 assert(changes
|| n_changes
== 0);
946 for (i
= 0; i
< n_changes
; i
++) {
947 free(changes
[i
].path
);
948 free(changes
[i
].source
);
954 static const char *root_setting_from_image(ImageType type
) {
955 return IN_SET(type
, IMAGE_DIRECTORY
, IMAGE_SUBVOLUME
) ? "RootDirectory=" : "RootImage=";
958 static const char *extension_setting_from_image(ImageType type
) {
959 return IN_SET(type
, IMAGE_DIRECTORY
, IMAGE_SUBVOLUME
) ? "ExtensionDirectories=" : "ExtensionImages=";
962 static int make_marker_text(const char *image_path
, OrderedHashmap
*extension_images
, char **ret_text
) {
963 _cleanup_free_
char *text
= NULL
, *escaped_image_path
= NULL
;
969 escaped_image_path
= xescape(image_path
, ":");
970 if (!escaped_image_path
)
973 /* If the image is layered, include all layers in the marker as a colon-separated
974 * list of paths, so that we can do exact matches on removal. */
975 text
= strjoin(PORTABLE_DROPIN_MARKER_BEGIN
, escaped_image_path
);
979 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
980 _cleanup_free_
char *escaped
= NULL
;
982 escaped
= xescape(ext
->path
, ":");
986 if (!strextend(&text
, ":", escaped
))
990 if (!strextend(&text
, PORTABLE_DROPIN_MARKER_END
"\n"))
993 *ret_text
= TAKE_PTR(text
);
997 static int append_release_log_fields(
999 const PortableMetadata
*release
,
1001 const char *field_name
) {
1003 static const char *const field_versions
[_IMAGE_CLASS_MAX
][4]= {
1004 [IMAGE_PORTABLE
] = { "IMAGE_VERSION", "VERSION_ID", "BUILD_ID", NULL
},
1005 [IMAGE_SYSEXT
] = { "SYSEXT_IMAGE_VERSION", "SYSEXT_VERSION_ID", "SYSEXT_BUILD_ID", NULL
},
1006 [IMAGE_CONFEXT
] = { "CONFEXT_IMAGE_VERSION", "CONFEXT_VERSION_ID", "CONFEXT_BUILD_ID", NULL
},
1008 static const char *const field_ids
[_IMAGE_CLASS_MAX
][3]= {
1009 [IMAGE_PORTABLE
] = { "IMAGE_ID", "ID", NULL
},
1010 [IMAGE_SYSEXT
] = { "SYSEXT_IMAGE_ID", "SYSEXT_ID", NULL
},
1011 [IMAGE_CONFEXT
] = { "CONFEXT_IMAGE_ID", "CONFEXT_ID", NULL
},
1013 _cleanup_strv_free_
char **fields
= NULL
;
1014 const char *id
= NULL
, *version
= NULL
;
1017 assert(IN_SET(type
, IMAGE_PORTABLE
, IMAGE_SYSEXT
, IMAGE_CONFEXT
));
1018 assert(!strv_isempty((char *const *)field_ids
[type
]));
1019 assert(!strv_isempty((char *const *)field_versions
[type
]));
1024 return 0; /* Nothing to do. */
1026 r
= load_env_file_pairs_fd(release
->fd
, release
->name
, &fields
);
1028 return log_debug_errno(r
, "Failed to parse '%s': %m", release
->name
);
1030 /* Find an ID first, in order of preference from more specific to less specific: IMAGE_ID -> ID */
1031 id
= strv_find_first_field((char *const *)field_ids
[type
], fields
);
1033 /* Then the version, same logic, prefer the more specific one */
1034 version
= strv_find_first_field((char *const *)field_versions
[type
], fields
);
1036 /* If there's no valid version to be found, simply omit it. */
1037 if (!id
&& !version
)
1040 if (!strextend(text
,
1045 id
&& version
? "_" : "",
1053 static int install_chroot_dropin(
1054 const char *image_path
,
1056 OrderedHashmap
*extension_images
,
1057 OrderedHashmap
*extension_releases
,
1058 const PortableMetadata
*m
,
1059 const PortableMetadata
*os_release
,
1060 const char *dropin_dir
,
1061 PortableFlags flags
,
1063 PortableChange
**changes
,
1064 size_t *n_changes
) {
1066 _cleanup_free_
char *text
= NULL
, *dropin
= NULL
;
1073 dropin
= path_join(dropin_dir
, "20-portable.conf");
1077 r
= make_marker_text(image_path
, extension_images
, &text
);
1079 return log_debug_errno(r
, "Failed to generate marker string for portable drop-in: %m");
1081 if (endswith(m
->name
, ".service")) {
1082 const char *root_type
;
1083 _cleanup_free_
char *base_name
= NULL
;
1086 root_type
= root_setting_from_image(type
);
1088 r
= path_extract_filename(m
->image_path
?: image_path
, &base_name
);
1090 return log_debug_errno(r
, "Failed to extract basename from '%s': %m", m
->image_path
?: image_path
);
1092 if (!strextend(&text
,
1095 root_type
, image_path
, "\n"
1096 "Environment=PORTABLE=", base_name
, "\n"
1097 "LogExtraFields=PORTABLE=", base_name
, "\n"))
1100 /* If we have a single image then PORTABLE= will point to it, so we add
1101 * PORTABLE_NAME_AND_VERSION= with the os-release fields and we are done. But if we have
1102 * extensions, PORTABLE= will point to the image where the current unit was found in. So we
1103 * also list PORTABLE_ROOT= and PORTABLE_ROOT_NAME_AND_VERSION= for the base image, and
1104 * PORTABLE_EXTENSION= and PORTABLE_EXTENSION_NAME_AND_VERSION= for each extension, so that
1105 * all needed metadata is available. */
1106 if (ordered_hashmap_isempty(extension_images
))
1107 r
= append_release_log_fields(&text
, os_release
, IMAGE_PORTABLE
, "PORTABLE_NAME_AND_VERSION");
1109 _cleanup_free_
char *root_base_name
= NULL
;
1111 r
= path_extract_filename(image_path
, &root_base_name
);
1113 return log_debug_errno(r
, "Failed to extract basename from '%s': %m", image_path
);
1115 if (!strextend(&text
,
1116 "Environment=PORTABLE_ROOT=", root_base_name
, "\n",
1117 "LogExtraFields=PORTABLE_ROOT=", root_base_name
, "\n"))
1120 r
= append_release_log_fields(&text
, os_release
, IMAGE_PORTABLE
, "PORTABLE_ROOT_NAME_AND_VERSION");
1125 if (m
->image_path
&& !path_equal(m
->image_path
, image_path
))
1126 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
1127 _cleanup_free_
char *extension_base_name
= NULL
;
1129 r
= path_extract_filename(ext
->path
, &extension_base_name
);
1131 return log_debug_errno(r
, "Failed to extract basename from '%s': %m", ext
->path
);
1133 if (!strextend(&text
,
1135 extension_setting_from_image(ext
->type
),
1137 /* With --force tell PID1 to avoid enforcing that the image <name> and
1138 * extension-release.<name> have to match. */
1139 !IN_SET(type
, IMAGE_DIRECTORY
, IMAGE_SUBVOLUME
) &&
1140 FLAGS_SET(flags
, PORTABLE_FORCE_EXTENSION
) ?
1141 ":x-systemd.relax-extension-release-check\n" :
1143 /* In PORTABLE= we list the 'main' image name for this unit
1144 * (the image where the unit was extracted from), but we are
1145 * stacking multiple images, so list those too. */
1146 "LogExtraFields=PORTABLE_EXTENSION=", extension_base_name
, "\n"))
1149 /* Look for image/version identifiers in the extension release files. We
1150 * look for all possible IDs, but typically only 1 or 2 will be set, so
1151 * the number of fields added shouldn't be too large. We prefix the DDI
1152 * name to the value, so that we can add the same field multiple times and
1153 * still be able to identify what applies to what. */
1154 r
= append_release_log_fields(&text
,
1155 ordered_hashmap_get(extension_releases
, ext
->name
),
1157 "PORTABLE_EXTENSION_NAME_AND_VERSION");
1161 r
= append_release_log_fields(&text
,
1162 ordered_hashmap_get(extension_releases
, ext
->name
),
1164 "PORTABLE_EXTENSION_NAME_AND_VERSION");
1170 r
= write_string_file(dropin
, text
, WRITE_STRING_FILE_CREATE
|WRITE_STRING_FILE_ATOMIC
|WRITE_STRING_FILE_SYNC
);
1172 return log_debug_errno(r
, "Failed to write '%s': %m", dropin
);
1174 (void) portable_changes_add(changes
, n_changes
, PORTABLE_WRITE
, dropin
, NULL
);
1177 *ret_dropin
= TAKE_PTR(dropin
);
1182 static int install_profile_dropin(
1183 const char *image_path
,
1184 const PortableMetadata
*m
,
1185 const char *dropin_dir
,
1186 const char *profile
,
1187 PortableFlags flags
,
1189 PortableChange
**changes
,
1190 size_t *n_changes
) {
1192 _cleanup_free_
char *dropin
= NULL
, *from
= NULL
;
1202 r
= find_portable_profile(profile
, m
->name
, &from
);
1205 return log_debug_errno(errno
, "Profile '%s' is not accessible: %m", profile
);
1207 log_debug_errno(errno
, "Skipping link to profile '%s', as it does not exist: %m", profile
);
1211 dropin
= path_join(dropin_dir
, "10-profile.conf");
1215 if (flags
& PORTABLE_PREFER_COPY
) {
1217 r
= copy_file_atomic(from
, dropin
, 0644, COPY_REFLINK
|COPY_FSYNC
);
1219 return log_debug_errno(r
, "Failed to copy %s %s %s: %m", from
, special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
), dropin
);
1221 (void) portable_changes_add(changes
, n_changes
, PORTABLE_COPY
, dropin
, from
);
1225 if (symlink(from
, dropin
) < 0)
1226 return log_debug_errno(errno
, "Failed to link %s %s %s: %m", from
, special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
), dropin
);
1228 (void) portable_changes_add(changes
, n_changes
, PORTABLE_SYMLINK
, dropin
, from
);
1232 *ret_dropin
= TAKE_PTR(dropin
);
1237 static const char *attached_path(const LookupPaths
*paths
, PortableFlags flags
) {
1242 if (flags
& PORTABLE_RUNTIME
)
1243 where
= paths
->runtime_attached
;
1245 where
= paths
->persistent_attached
;
1251 static int attach_unit_file(
1252 const LookupPaths
*paths
,
1253 const char *image_path
,
1255 OrderedHashmap
*extension_images
,
1256 OrderedHashmap
*extension_releases
,
1257 const PortableMetadata
*m
,
1258 const PortableMetadata
*os_release
,
1259 const char *profile
,
1260 PortableFlags flags
,
1261 PortableChange
**changes
,
1262 size_t *n_changes
) {
1264 _cleanup_(unlink_and_freep
) char *chroot_dropin
= NULL
, *profile_dropin
= NULL
;
1265 _cleanup_(rmdir_and_freep
) char *dropin_dir
= NULL
;
1266 _cleanup_free_
char *path
= NULL
;
1273 assert(PORTABLE_METADATA_IS_UNIT(m
));
1275 where
= attached_path(paths
, flags
);
1277 (void) mkdir_parents(where
, 0755);
1278 if (mkdir(where
, 0755) < 0) {
1279 if (errno
!= EEXIST
)
1280 return log_debug_errno(errno
, "Failed to create attach directory %s: %m", where
);
1282 (void) portable_changes_add(changes
, n_changes
, PORTABLE_MKDIR
, where
, NULL
);
1284 path
= path_join(where
, m
->name
);
1288 dropin_dir
= strjoin(path
, ".d");
1292 if (mkdir(dropin_dir
, 0755) < 0) {
1293 if (errno
!= EEXIST
)
1294 return log_debug_errno(errno
, "Failed to create drop-in directory %s: %m", dropin_dir
);
1296 (void) portable_changes_add(changes
, n_changes
, PORTABLE_MKDIR
, dropin_dir
, NULL
);
1298 /* We install the drop-ins first, and the actual unit file last to achieve somewhat atomic behaviour if PID 1
1299 * is reloaded while we are creating things here: as long as only the drop-ins exist the unit doesn't exist at
1302 r
= install_chroot_dropin(image_path
, type
, extension_images
, extension_releases
, m
, os_release
, dropin_dir
, flags
, &chroot_dropin
, changes
, n_changes
);
1306 r
= install_profile_dropin(image_path
, m
, dropin_dir
, profile
, flags
, &profile_dropin
, changes
, n_changes
);
1310 if ((flags
& PORTABLE_PREFER_SYMLINK
) && m
->source
) {
1312 if (symlink(m
->source
, path
) < 0)
1313 return log_debug_errno(errno
, "Failed to symlink unit file '%s': %m", path
);
1315 (void) portable_changes_add(changes
, n_changes
, PORTABLE_SYMLINK
, path
, m
->source
);
1318 _cleanup_(unlink_and_freep
) char *tmp
= NULL
;
1319 _cleanup_close_
int fd
= -EBADF
;
1321 (void) mac_selinux_create_file_prepare_label(path
, m
->selinux_label
);
1323 fd
= open_tmpfile_linkable(path
, O_WRONLY
|O_CLOEXEC
, &tmp
);
1324 mac_selinux_create_file_clear(); /* Clear immediately in case of errors */
1326 return log_debug_errno(fd
, "Failed to create unit file '%s': %m", path
);
1328 r
= copy_bytes(m
->fd
, fd
, UINT64_MAX
, COPY_REFLINK
);
1330 return log_debug_errno(r
, "Failed to copy unit file '%s': %m", path
);
1332 if (fchmod(fd
, 0644) < 0)
1333 return log_debug_errno(errno
, "Failed to change unit file access mode for '%s': %m", path
);
1335 r
= link_tmpfile(fd
, tmp
, path
, LINK_TMPFILE_SYNC
);
1337 return log_debug_errno(r
, "Failed to install unit file '%s': %m", path
);
1341 (void) portable_changes_add(changes
, n_changes
, PORTABLE_COPY
, path
, m
->source
);
1344 /* All is established now, now let's disable any rollbacks */
1345 chroot_dropin
= mfree(chroot_dropin
);
1346 profile_dropin
= mfree(profile_dropin
);
1347 dropin_dir
= mfree(dropin_dir
);
1352 static int image_target_path(
1353 const char *image_path
,
1354 PortableFlags flags
,
1357 const char *fn
, *where
;
1358 char *joined
= NULL
;
1363 fn
= last_path_component(image_path
);
1365 if (flags
& PORTABLE_RUNTIME
)
1366 where
= "/run/portables/";
1368 where
= "/etc/portables/";
1370 joined
= strjoin(where
, fn
);
1378 static int install_image(
1379 const char *image_path
,
1380 PortableFlags flags
,
1381 PortableChange
**changes
,
1382 size_t *n_changes
) {
1384 _cleanup_free_
char *target
= NULL
;
1389 /* If the image is outside of the image search also link it into it, so that it can be found with
1390 * short image names and is listed among the images. If we are operating in mixed mode, the image is
1391 * copied instead. */
1393 if (image_in_search_path(IMAGE_PORTABLE
, NULL
, image_path
))
1396 r
= image_target_path(image_path
, flags
, &target
);
1398 return log_debug_errno(r
, "Failed to generate image symlink path: %m");
1400 (void) mkdir_parents(target
, 0755);
1402 if (flags
& PORTABLE_MIXED_COPY_LINK
) {
1403 r
= copy_tree(image_path
,
1407 COPY_REFLINK
| COPY_FSYNC
| COPY_FSYNC_FULL
| COPY_SYNCFS
,
1408 /* denylist= */ NULL
,
1409 /* subvolumes= */ NULL
);
1411 return log_debug_errno(
1413 "Failed to copy %s %s %s: %m",
1415 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
),
1419 if (symlink(image_path
, target
) < 0)
1420 return log_debug_errno(
1422 "Failed to link %s %s %s: %m",
1424 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
),
1428 (void) portable_changes_add(
1431 (flags
& PORTABLE_MIXED_COPY_LINK
) ? PORTABLE_COPY
: PORTABLE_SYMLINK
,
1437 static int install_image_and_extensions(
1439 OrderedHashmap
*extension_images
,
1440 PortableFlags flags
,
1441 PortableChange
**changes
,
1442 size_t *n_changes
) {
1449 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
1450 r
= install_image(ext
->path
, flags
, changes
, n_changes
);
1455 r
= install_image(image
->path
, flags
, changes
, n_changes
);
1462 static bool prefix_matches_compatible(char **matches
, char **valid_prefixes
) {
1463 /* Checks if all 'matches' are included in the list of 'valid_prefixes' */
1465 STRV_FOREACH(m
, matches
)
1466 if (!strv_contains(valid_prefixes
, *m
))
1472 static void log_portable_verb(
1474 const char *message_id
,
1475 const char *image_path
,
1476 const char *profile
,
1477 OrderedHashmap
*extension_images
,
1478 char **extension_image_paths
,
1479 PortableFlags flags
) {
1481 _cleanup_free_
char *root_base_name
= NULL
, *extensions_joined
= NULL
;
1482 _cleanup_strv_free_
char **extension_base_names
= NULL
;
1489 assert(!extension_images
|| !extension_image_paths
);
1491 /* Use the same structured metadata as it is attached to units via LogExtraFields=. The main image
1492 * is logged as PORTABLE_ROOT= and extensions, if any, as individual PORTABLE_EXTENSION= fields. */
1494 r
= path_extract_filename(image_path
, &root_base_name
);
1496 log_debug_errno(r
, "Failed to extract basename from '%s', ignoring: %m", image_path
);
1498 ORDERED_HASHMAP_FOREACH(ext
, extension_images
) {
1499 _cleanup_free_
char *extension_base_name
= NULL
;
1501 r
= path_extract_filename(ext
->path
, &extension_base_name
);
1503 log_debug_errno(r
, "Failed to extract basename from '%s', ignoring: %m", ext
->path
);
1507 r
= strv_extendf(&extension_base_names
, "PORTABLE_EXTENSION=%s", extension_base_name
);
1511 if (!strextend_with_separator(&extensions_joined
, ", ", ext
->path
))
1515 STRV_FOREACH(e
, extension_image_paths
) {
1516 _cleanup_free_
char *extension_base_name
= NULL
;
1518 r
= path_extract_filename(*e
, &extension_base_name
);
1520 log_debug_errno(r
, "Failed to extract basename from '%s', ignoring: %m", *e
);
1524 r
= strv_extendf(&extension_base_names
, "PORTABLE_EXTENSION=%s", extension_base_name
);
1528 if (!strextend_with_separator(&extensions_joined
, ", ", *e
))
1532 LOG_CONTEXT_PUSH_STRV(extension_base_names
);
1534 log_struct(LOG_INFO
,
1535 LOG_MESSAGE("Successfully %s%s '%s%s%s%s%s'",
1537 FLAGS_SET(flags
, PORTABLE_RUNTIME
) ? " ephemeral" : "",
1539 isempty(extensions_joined
) ? "" : "' and its extension(s) '",
1540 strempty(extensions_joined
),
1541 isempty(profile
) ? "" : "' using profile '",
1544 "PORTABLE_ROOT=%s", strna(root_base_name
));
1547 int portable_attach(
1549 const char *name_or_path
,
1551 const char *profile
,
1552 char **extension_image_paths
,
1553 const ImagePolicy
*image_policy
,
1554 PortableFlags flags
,
1555 PortableChange
**changes
,
1557 sd_bus_error
*error
) {
1559 _cleanup_ordered_hashmap_free_ OrderedHashmap
*extension_images
= NULL
, *extension_releases
= NULL
;
1560 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*os_release
= NULL
;
1561 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
1562 _cleanup_(lookup_paths_done
) LookupPaths paths
= {};
1563 _cleanup_strv_free_
char **valid_prefixes
= NULL
;
1564 _cleanup_(image_unrefp
) Image
*image
= NULL
;
1565 PortableMetadata
*item
;
1568 r
= extract_image_and_extensions(
1571 extension_image_paths
,
1572 /* validate_extension= */ true,
1573 /* relax_extension_release_check= */ FLAGS_SET(flags
, PORTABLE_FORCE_EXTENSION
),
1577 &extension_releases
,
1585 if (valid_prefixes
&& !prefix_matches_compatible(matches
, valid_prefixes
)) {
1586 _cleanup_free_
char *matches_joined
= NULL
, *extensions_joined
= NULL
, *valid_prefixes_joined
= NULL
;
1588 matches_joined
= strv_join(matches
, "', '");
1589 if (!matches_joined
)
1592 extensions_joined
= strv_join(extension_image_paths
, ", ");
1593 if (!extensions_joined
)
1596 valid_prefixes_joined
= strv_join(valid_prefixes
, ", ");
1597 if (!valid_prefixes_joined
)
1600 return sd_bus_error_setf(
1602 SD_BUS_ERROR_INVALID_ARGS
,
1603 "Selected matches '%s' are not compatible with portable service image '%s%s%s', refusing. (Acceptable prefix matches are: %s)",
1606 isempty(extensions_joined
) ? "" : "' or any of its extensions '",
1607 strempty(extensions_joined
),
1608 valid_prefixes_joined
);
1611 if (hashmap_isempty(unit_files
)) {
1612 _cleanup_free_
char *extensions_joined
= strv_join(extension_image_paths
, ", ");
1613 if (!extensions_joined
)
1616 return sd_bus_error_setf(
1618 SD_BUS_ERROR_INVALID_ARGS
,
1619 "Couldn't find any matching unit files in image '%s%s%s', refusing.",
1621 isempty(extensions_joined
) ? "" : "' or any of its extensions '",
1622 strempty(extensions_joined
));
1625 r
= lookup_paths_init(&paths
, RUNTIME_SCOPE_SYSTEM
, /* flags= */ 0, NULL
);
1629 if (!FLAGS_SET(flags
, PORTABLE_REATTACH
) && !FLAGS_SET(flags
, PORTABLE_FORCE_ATTACH
))
1630 HASHMAP_FOREACH(item
, unit_files
) {
1631 r
= unit_file_exists(RUNTIME_SCOPE_SYSTEM
, &paths
, item
->name
);
1633 return sd_bus_error_set_errnof(error
, r
, "Failed to determine whether unit '%s' exists on the host: %m", item
->name
);
1635 return sd_bus_error_setf(error
, BUS_ERROR_UNIT_EXISTS
, "Unit file '%s' exists on the host already, refusing.", item
->name
);
1637 r
= unit_file_is_active(bus
, item
->name
, error
);
1641 return sd_bus_error_setf(error
, BUS_ERROR_UNIT_EXISTS
, "Unit file '%s' is active already, refusing.", item
->name
);
1644 HASHMAP_FOREACH(item
, unit_files
) {
1645 r
= attach_unit_file(&paths
, image
->path
, image
->type
, extension_images
, extension_releases
,
1646 item
, os_release
, profile
, flags
, changes
, n_changes
);
1648 return sd_bus_error_set_errnof(error
, r
, "Failed to attach unit '%s': %m", item
->name
);
1651 /* We don't care too much for the image symlink/copy, it's just a convenience thing, it's not necessary for
1652 * proper operation otherwise. */
1653 (void) install_image_and_extensions(image
, extension_images
, flags
, changes
, n_changes
);
1657 "MESSAGE_ID=" SD_MESSAGE_PORTABLE_ATTACHED_STR
,
1661 /* extension_image_paths= */ NULL
,
1667 static bool marker_matches_images(const char *marker
, const char *name_or_path
, char **extension_image_paths
) {
1668 _cleanup_strv_free_
char **root_and_extensions
= NULL
;
1673 assert(name_or_path
);
1675 /* If extensions were used when attaching, the marker will be a colon-separated
1676 * list of images/paths. We enforce strict 1:1 matching, so that we are sure
1677 * we are detaching exactly what was attached.
1678 * For each image, starting with the root, we look for a token in the marker,
1679 * and return a negative answer on any non-matching combination. */
1681 root_and_extensions
= strv_new(name_or_path
);
1682 if (!root_and_extensions
)
1685 r
= strv_extend_strv(&root_and_extensions
, extension_image_paths
, false);
1689 STRV_FOREACH(image_name_or_path
, root_and_extensions
) {
1690 _cleanup_free_
char *image
= NULL
;
1692 r
= extract_first_word(&marker
, &image
, ":", EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
1694 return log_debug_errno(r
, "Failed to parse marker: %s", marker
);
1698 a
= last_path_component(image
);
1700 if (image_name_is_valid(*image_name_or_path
)) {
1701 const char *e
, *underscore
;
1703 /* We shall match against an image name. In that case let's compare the last component, and optionally
1704 * allow either a suffix of ".raw" or a series of "/".
1705 * But allow matching on a different version of the same image, when a "_" is used as a separator. */
1706 underscore
= strchr(*image_name_or_path
, '_');
1708 if (strneq(a
, *image_name_or_path
, underscore
- *image_name_or_path
))
1713 e
= startswith(a
, *image_name_or_path
);
1717 if(!(e
[strspn(e
, "/")] == 0 || streq(e
, ".raw")))
1720 const char *b
, *underscore
;
1723 /* We shall match against a path. Let's ignore any prefix here though, as often there are many ways to
1724 * reach the same file. However, in this mode, let's validate any file suffix.
1725 * But also ensure that we don't fail if both components don't have a '/' at all
1726 * (strcspn returns the full length of the string in that case, which might not
1727 * match as the versions might differ). */
1729 l
= strcspn(a
, "/");
1730 b
= last_path_component(*image_name_or_path
);
1732 if ((a
[l
] != '/') != !strchr(b
, '/')) /* One is a directory, the other is not */
1735 if (a
[l
] != 0 && strcspn(b
, "/") != l
)
1738 underscore
= strchr(b
, '_');
1741 else { /* Either component could be versioned */
1742 underscore
= strchr(a
, '_');
1747 if (!strneq(a
, b
, l
))
1755 static int test_chroot_dropin(
1759 const char *name_or_path
,
1760 char **extension_image_paths
,
1761 char **ret_marker
) {
1763 _cleanup_free_
char *line
= NULL
, *marker
= NULL
;
1764 _cleanup_fclose_
FILE *f
= NULL
;
1765 _cleanup_close_
int fd
= -EBADF
;
1766 const char *p
, *e
, *k
;
1773 /* We recognize unis created from portable images via the drop-in we created for them */
1775 p
= strjoina(fname
, ".d/20-portable.conf");
1776 fd
= openat(dirfd(d
), p
, O_RDONLY
|O_CLOEXEC
);
1778 if (errno
== ENOENT
)
1781 return log_debug_errno(errno
, "Failed to open %s/%s: %m", where
, p
);
1784 r
= take_fdopen_unlocked(&fd
, "r", &f
);
1786 return log_debug_errno(r
, "Failed to convert file handle: %m");
1788 r
= read_line(f
, LONG_LINE_MAX
, &line
);
1790 return log_debug_errno(r
, "Failed to read from %s/%s: %m", where
, p
);
1792 e
= startswith(line
, PORTABLE_DROPIN_MARKER_BEGIN
);
1796 k
= endswith(e
, PORTABLE_DROPIN_MARKER_END
);
1800 marker
= strndup(e
, k
- e
);
1807 r
= marker_matches_images(marker
, name_or_path
, extension_image_paths
);
1810 *ret_marker
= TAKE_PTR(marker
);
1815 int portable_detach(
1817 const char *name_or_path
,
1818 char **extension_image_paths
,
1819 PortableFlags flags
,
1820 PortableChange
**changes
,
1822 sd_bus_error
*error
) {
1824 _cleanup_(lookup_paths_done
) LookupPaths paths
= {};
1825 _cleanup_set_free_ Set
*unit_files
= NULL
, *markers
= NULL
;
1826 _cleanup_free_
char *extensions
= NULL
;
1827 _cleanup_closedir_
DIR *d
= NULL
;
1828 const char *where
, *item
;
1832 assert(name_or_path
);
1834 r
= lookup_paths_init(&paths
, RUNTIME_SCOPE_SYSTEM
, /* flags= */ 0, NULL
);
1838 where
= attached_path(&paths
, flags
);
1842 if (errno
== ENOENT
)
1845 return log_debug_errno(errno
, "Failed to open '%s' directory: %m", where
);
1848 FOREACH_DIRENT(de
, d
, return log_debug_errno(errno
, "Failed to enumerate '%s' directory: %m", where
)) {
1849 _cleanup_free_
char *marker
= NULL
, *unit_name
= NULL
;
1852 /* When a portable service is enabled with "portablectl --copy=symlink --enable --now attach",
1853 * and is disabled with "portablectl --enable --now detach", which calls DisableUnitFilesWithFlags
1854 * DBus method, the main unit file is removed, but its drop-ins are not. Hence, here we need
1855 * to list both main unit files and drop-in directories (without the main unit files). */
1857 dot
= endswith(de
->d_name
, ".d");
1859 unit_name
= strndup(de
->d_name
, dot
- de
->d_name
);
1861 unit_name
= strdup(de
->d_name
);
1865 if (!unit_name_is_valid(unit_name
, UNIT_NAME_ANY
))
1868 /* Filter out duplicates */
1869 if (set_contains(unit_files
, unit_name
))
1872 if (dot
? !IN_SET(de
->d_type
, DT_LNK
, DT_DIR
) : !IN_SET(de
->d_type
, DT_LNK
, DT_REG
))
1875 r
= test_chroot_dropin(d
, where
, unit_name
, name_or_path
, extension_image_paths
, &marker
);
1881 if (!FLAGS_SET(flags
, PORTABLE_REATTACH
) && !FLAGS_SET(flags
, PORTABLE_FORCE_ATTACH
)) {
1882 r
= unit_file_is_active(bus
, unit_name
, error
);
1886 return sd_bus_error_setf(error
, BUS_ERROR_UNIT_EXISTS
, "Unit file '%s' is active, can't detach.", unit_name
);
1889 r
= set_ensure_consume(&unit_files
, &string_hash_ops_free
, TAKE_PTR(unit_name
));
1891 return log_oom_debug();
1893 for (const char *p
= marker
;;) {
1894 _cleanup_free_
char *image
= NULL
;
1896 r
= extract_first_word(&p
, &image
, ":", EXTRACT_UNESCAPE_SEPARATORS
|EXTRACT_RETAIN_ESCAPE
);
1898 return log_debug_errno(r
, "Failed to parse marker: %s", p
);
1902 if (path_is_absolute(image
) && !image_in_search_path(IMAGE_PORTABLE
, NULL
, image
)) {
1903 r
= set_ensure_consume(&markers
, &path_hash_ops_free
, TAKE_PTR(image
));
1910 if (set_isempty(unit_files
))
1913 SET_FOREACH(item
, unit_files
) {
1914 _cleanup_free_
char *md
= NULL
;
1916 if (unlinkat(dirfd(d
), item
, 0) < 0) {
1917 log_debug_errno(errno
, "Can't remove unit file %s/%s: %m", where
, item
);
1919 if (errno
!= ENOENT
&& ret
>= 0)
1922 portable_changes_add_with_prefix(changes
, n_changes
, PORTABLE_UNLINK
, where
, item
, NULL
);
1924 FOREACH_STRING(suffix
, ".d/10-profile.conf", ".d/20-portable.conf") {
1925 _cleanup_free_
char *dropin
= NULL
;
1927 dropin
= strjoin(item
, suffix
);
1931 if (unlinkat(dirfd(d
), dropin
, 0) < 0) {
1932 log_debug_errno(errno
, "Can't remove drop-in %s/%s: %m", where
, dropin
);
1934 if (errno
!= ENOENT
&& ret
>= 0)
1937 portable_changes_add_with_prefix(changes
, n_changes
, PORTABLE_UNLINK
, where
, dropin
, NULL
);
1940 md
= strjoin(item
, ".d");
1944 if (unlinkat(dirfd(d
), md
, AT_REMOVEDIR
) < 0) {
1945 log_debug_errno(errno
, "Can't remove drop-in directory %s/%s: %m", where
, md
);
1947 if (errno
!= ENOENT
&& ret
>= 0)
1950 portable_changes_add_with_prefix(changes
, n_changes
, PORTABLE_UNLINK
, where
, md
, NULL
);
1953 /* Now, also drop any image symlink or copy, for images outside of the sarch path */
1954 SET_FOREACH(item
, markers
) {
1955 _cleanup_free_
char *target
= NULL
;
1957 r
= image_target_path(item
, flags
, &target
);
1959 log_debug_errno(r
, "Failed to determine image path for '%s', ignoring: %m", item
);
1963 r
= rm_rf(target
, REMOVE_ROOT
| REMOVE_PHYSICAL
| REMOVE_MISSING_OK
| REMOVE_SYNCFS
);
1965 log_debug_errno(r
, "Can't remove image '%s': %m", target
);
1970 portable_changes_add(changes
, n_changes
, PORTABLE_UNLINK
, target
, NULL
);
1973 /* Try to remove the unit file directory, if we can */
1974 if (rmdir(where
) >= 0)
1975 portable_changes_add(changes
, n_changes
, PORTABLE_UNLINK
, where
, NULL
);
1979 "MESSAGE_ID=" SD_MESSAGE_PORTABLE_DETACHED_STR
,
1981 /* profile= */ NULL
,
1982 /* extension_images= */ NULL
,
1983 extension_image_paths
,
1989 extensions
= strv_join(extension_image_paths
, ", ");
1993 r
= sd_bus_error_setf(error
,
1994 BUS_ERROR_NO_SUCH_UNIT
,
1995 "No unit files associated with '%s%s%s' found attached to the system. Image not attached?",
1997 isempty(extensions
) ? "" : "' or any of its extensions '",
1998 isempty(extensions
) ? "" : extensions
);
1999 return log_debug_errno(r
, "%s", error
->message
);
2002 static int portable_get_state_internal(
2004 const char *name_or_path
,
2005 char **extension_image_paths
,
2006 PortableFlags flags
,
2008 sd_bus_error
*error
) {
2010 _cleanup_(lookup_paths_done
) LookupPaths paths
= {};
2011 bool found_enabled
= false, found_running
= false;
2012 _cleanup_set_free_ Set
*unit_files
= NULL
;
2013 _cleanup_closedir_
DIR *d
= NULL
;
2017 assert(name_or_path
);
2020 r
= lookup_paths_init(&paths
, RUNTIME_SCOPE_SYSTEM
, /* flags= */ 0, NULL
);
2024 where
= attached_path(&paths
, flags
);
2028 if (errno
== ENOENT
) {
2029 /* If the 'attached' directory doesn't exist at all, then we know for sure this image isn't attached. */
2030 *ret
= PORTABLE_DETACHED
;
2034 return log_debug_errno(errno
, "Failed to open '%s' directory: %m", where
);
2037 FOREACH_DIRENT(de
, d
, return log_debug_errno(errno
, "Failed to enumerate '%s' directory: %m", where
)) {
2038 UnitFileState state
;
2040 if (!unit_name_is_valid(de
->d_name
, UNIT_NAME_ANY
))
2043 /* Filter out duplicates */
2044 if (set_contains(unit_files
, de
->d_name
))
2047 if (!IN_SET(de
->d_type
, DT_LNK
, DT_REG
))
2050 r
= test_chroot_dropin(d
, where
, de
->d_name
, name_or_path
, extension_image_paths
, NULL
);
2056 r
= unit_file_lookup_state(RUNTIME_SCOPE_SYSTEM
, &paths
, de
->d_name
, &state
);
2058 return log_debug_errno(r
, "Failed to determine unit file state of '%s': %m", de
->d_name
);
2059 if (!IN_SET(state
, UNIT_FILE_STATIC
, UNIT_FILE_DISABLED
, UNIT_FILE_LINKED
, UNIT_FILE_LINKED_RUNTIME
))
2060 found_enabled
= true;
2062 r
= unit_file_is_active(bus
, de
->d_name
, error
);
2066 found_running
= true;
2068 r
= set_put_strdup(&unit_files
, de
->d_name
);
2070 return log_debug_errno(r
, "Failed to add unit name '%s' to set: %m", de
->d_name
);
2073 *ret
= found_running
? (!set_isempty(unit_files
) && (flags
& PORTABLE_RUNTIME
) ? PORTABLE_RUNNING_RUNTIME
: PORTABLE_RUNNING
) :
2074 found_enabled
? (flags
& PORTABLE_RUNTIME
? PORTABLE_ENABLED_RUNTIME
: PORTABLE_ENABLED
) :
2075 !set_isempty(unit_files
) ? (flags
& PORTABLE_RUNTIME
? PORTABLE_ATTACHED_RUNTIME
: PORTABLE_ATTACHED
) : PORTABLE_DETACHED
;
2080 int portable_get_state(
2082 const char *name_or_path
,
2083 char **extension_image_paths
,
2084 PortableFlags flags
,
2086 sd_bus_error
*error
) {
2088 PortableState state
;
2091 assert(name_or_path
);
2094 /* We look for matching units twice: once in the regular directories, and once in the runtime directories — but
2095 * the latter only if we didn't find anything in the former. */
2097 r
= portable_get_state_internal(bus
, name_or_path
, extension_image_paths
, flags
& ~PORTABLE_RUNTIME
, &state
, error
);
2101 if (state
== PORTABLE_DETACHED
) {
2102 r
= portable_get_state_internal(bus
, name_or_path
, extension_image_paths
, flags
| PORTABLE_RUNTIME
, &state
, error
);
2111 int portable_get_profiles(char ***ret
) {
2114 return conf_files_list_nulstr(ret
, NULL
, NULL
, CONF_FILES_DIRECTORY
|CONF_FILES_BASENAME
|CONF_FILES_FILTER_MASKED
, PORTABLE_PROFILE_DIRS
);
2117 static const char* const portable_change_type_table
[_PORTABLE_CHANGE_TYPE_MAX
] = {
2118 [PORTABLE_COPY
] = "copy",
2119 [PORTABLE_MKDIR
] = "mkdir",
2120 [PORTABLE_SYMLINK
] = "symlink",
2121 [PORTABLE_UNLINK
] = "unlink",
2122 [PORTABLE_WRITE
] = "write",
2125 DEFINE_STRING_TABLE_LOOKUP(portable_change_type
, int);
2127 static const char* const portable_state_table
[_PORTABLE_STATE_MAX
] = {
2128 [PORTABLE_DETACHED
] = "detached",
2129 [PORTABLE_ATTACHED
] = "attached",
2130 [PORTABLE_ATTACHED_RUNTIME
] = "attached-runtime",
2131 [PORTABLE_ENABLED
] = "enabled",
2132 [PORTABLE_ENABLED_RUNTIME
] = "enabled-runtime",
2133 [PORTABLE_RUNNING
] = "running",
2134 [PORTABLE_RUNNING_RUNTIME
] = "running-runtime",
2137 DEFINE_STRING_TABLE_LOOKUP(portable_state
, PortableState
);