1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 #include "alloc-util.h"
4 #include "bus-common-errors.h"
10 #include "machine-image.h"
11 #include "missing_capability.h"
13 #include "portabled-bus.h"
14 #include "portabled-image-bus.h"
15 #include "portabled-image.h"
16 #include "portabled.h"
17 #include "process-util.h"
19 #include "user-util.h"
21 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type
, image_type
, ImageType
);
23 int bus_image_common_get_os_release(
25 sd_bus_message
*message
,
26 const char *name_or_path
,
28 sd_bus_error
*error
) {
32 assert(name_or_path
|| image
);
40 r
= bus_image_acquire(m
,
44 BUS_IMAGE_AUTHENTICATE_BY_PATH
,
45 "org.freedesktop.portable1.inspect-images",
50 if (r
== 0) /* Will call us back */
53 if (!image
->metadata_valid
) {
54 r
= image_read_metadata(image
);
56 return sd_bus_error_set_errnof(error
, r
, "Failed to read image metadata: %m");
59 return bus_reply_pair_array(message
, image
->os_release
);
62 static int bus_image_method_get_os_release(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
63 return bus_image_common_get_os_release(NULL
, message
, NULL
, userdata
, error
);
66 static int append_fd(sd_bus_message
*m
, PortableMetadata
*d
) {
67 _cleanup_fclose_
FILE *f
= NULL
;
68 _cleanup_free_
char *buf
= NULL
;
76 f
= fdopen(d
->fd
, "re");
82 r
= read_full_stream(f
, &buf
, &n
);
86 return sd_bus_message_append_array(m
, 'y', buf
, n
);
89 int bus_image_common_get_metadata(
91 sd_bus_message
*message
,
92 const char *name_or_path
,
94 sd_bus_error
*error
) {
96 _cleanup_(portable_metadata_unrefp
) PortableMetadata
*os_release
= NULL
;
97 _cleanup_hashmap_free_ Hashmap
*unit_files
= NULL
;
98 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
99 _cleanup_free_ PortableMetadata
**sorted
= NULL
;
100 _cleanup_strv_free_
char **matches
= NULL
;
104 assert(name_or_path
|| image
);
112 r
= sd_bus_message_read_strv(message
, &matches
);
116 r
= bus_image_acquire(m
,
120 BUS_IMAGE_AUTHENTICATE_BY_PATH
,
121 "org.freedesktop.portable1.inspect-images",
126 if (r
== 0) /* Will call us back */
129 r
= portable_extract(
138 r
= portable_metadata_hashmap_to_sorted_array(unit_files
, &sorted
);
142 r
= sd_bus_message_new_method_return(message
, &reply
);
146 r
= sd_bus_message_append(reply
, "s", image
->path
);
150 r
= append_fd(reply
, os_release
);
154 r
= sd_bus_message_open_container(reply
, 'a', "{say}");
158 for (i
= 0; i
< hashmap_size(unit_files
); i
++) {
160 r
= sd_bus_message_open_container(reply
, 'e', "say");
164 r
= sd_bus_message_append(reply
, "s", sorted
[i
]->name
);
168 r
= append_fd(reply
, sorted
[i
]);
172 r
= sd_bus_message_close_container(reply
);
177 r
= sd_bus_message_close_container(reply
);
181 return sd_bus_send(NULL
, reply
, NULL
);
184 static int bus_image_method_get_metadata(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
185 return bus_image_common_get_metadata(NULL
, message
, NULL
, userdata
, error
);
188 static int bus_image_method_get_state(
189 sd_bus_message
*message
,
191 sd_bus_error
*error
) {
193 Image
*image
= userdata
;
200 r
= portable_get_state(
201 sd_bus_message_get_bus(message
),
209 return sd_bus_reply_method_return(message
, "s", portable_state_to_string(state
));
212 int bus_image_common_attach(
214 sd_bus_message
*message
,
215 const char *name_or_path
,
217 sd_bus_error
*error
) {
219 _cleanup_strv_free_
char **matches
= NULL
;
220 PortableChange
*changes
= NULL
;
221 PortableFlags flags
= 0;
222 const char *profile
, *copy_mode
;
223 size_t n_changes
= 0;
227 assert(name_or_path
|| image
);
234 r
= sd_bus_message_read_strv(message
, &matches
);
238 r
= sd_bus_message_read(message
, "sbs", &profile
, &runtime
, ©_mode
);
242 if (streq(copy_mode
, "symlink"))
243 flags
|= PORTABLE_PREFER_SYMLINK
;
244 else if (streq(copy_mode
, "copy"))
245 flags
|= PORTABLE_PREFER_COPY
;
246 else if (!isempty(copy_mode
))
247 return sd_bus_reply_method_errorf(message
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown copy mode '%s'", copy_mode
);
250 flags
|= PORTABLE_RUNTIME
;
252 r
= bus_image_acquire(m
,
256 BUS_IMAGE_AUTHENTICATE_ALL
,
257 "org.freedesktop.portable1.attach-images",
262 if (r
== 0) /* Will call us back */
266 sd_bus_message_get_bus(message
),
277 r
= reply_portable_changes(message
, changes
, n_changes
);
280 portable_changes_free(changes
, n_changes
);
284 static int bus_image_method_attach(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
285 return bus_image_common_attach(NULL
, message
, NULL
, userdata
, error
);
288 static int bus_image_method_detach(
289 sd_bus_message
*message
,
291 sd_bus_error
*error
) {
293 PortableChange
*changes
= NULL
;
294 Image
*image
= userdata
;
295 Manager
*m
= image
->userdata
;
296 size_t n_changes
= 0;
303 r
= sd_bus_message_read(message
, "b", &runtime
);
307 r
= bus_verify_polkit_async(
310 "org.freedesktop.portable1.attach-images",
319 return 1; /* Will call us back */
322 sd_bus_message_get_bus(message
),
324 runtime
? PORTABLE_RUNTIME
: 0,
331 r
= reply_portable_changes(message
, changes
, n_changes
);
334 portable_changes_free(changes
, n_changes
);
338 int bus_image_common_remove(
340 sd_bus_message
*message
,
341 const char *name_or_path
,
343 sd_bus_error
*error
) {
345 _cleanup_close_pair_
int errno_pipe_fd
[2] = { -1, -1 };
346 _cleanup_(sigkill_waitp
) pid_t child
= 0;
351 assert(name_or_path
|| image
);
358 if (m
->n_operations
>= OPERATIONS_MAX
)
359 return sd_bus_error_setf(error
, SD_BUS_ERROR_LIMITS_EXCEEDED
, "Too many ongoing operations.");
361 r
= bus_image_acquire(m
,
365 BUS_IMAGE_AUTHENTICATE_ALL
,
366 "org.freedesktop.portable1.manage-images",
372 return 1; /* Will call us back */
374 r
= portable_get_state(
375 sd_bus_message_get_bus(message
),
383 if (state
!= PORTABLE_DETACHED
)
384 return sd_bus_error_set_errnof(error
, EBUSY
, "Image '%s' is not detached, refusing.", image
->path
);
386 if (pipe2(errno_pipe_fd
, O_CLOEXEC
|O_NONBLOCK
) < 0)
387 return sd_bus_error_set_errnof(error
, errno
, "Failed to create pipe: %m");
389 r
= safe_fork("(sd-imgrm)", FORK_RESET_SIGNALS
, &child
);
391 return sd_bus_error_set_errnof(error
, r
, "Failed to fork(): %m");
393 errno_pipe_fd
[0] = safe_close(errno_pipe_fd
[0]);
395 r
= image_remove(image
);
397 (void) write(errno_pipe_fd
[1], &r
, sizeof(r
));
404 errno_pipe_fd
[1] = safe_close(errno_pipe_fd
[1]);
406 r
= operation_new(m
, child
, message
, errno_pipe_fd
[0], NULL
);
411 errno_pipe_fd
[0] = -1;
416 static int bus_image_method_remove(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
417 return bus_image_common_remove(NULL
, message
, NULL
, userdata
, error
);
420 int bus_image_common_mark_read_only(
422 sd_bus_message
*message
,
423 const char *name_or_path
,
425 sd_bus_error
*error
) {
430 assert(name_or_path
|| image
);
437 r
= sd_bus_message_read(message
, "b", &read_only
);
441 r
= bus_image_acquire(m
,
445 BUS_IMAGE_AUTHENTICATE_ALL
,
446 "org.freedesktop.portable1.manage-images",
452 return 1; /* Will call us back */
454 r
= image_read_only(image
, read_only
);
458 return sd_bus_reply_method_return(message
, NULL
);
461 static int bus_image_method_mark_read_only(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
462 return bus_image_common_mark_read_only(NULL
, message
, NULL
, userdata
, error
);
465 int bus_image_common_set_limit(
467 sd_bus_message
*message
,
468 const char *name_or_path
,
470 sd_bus_error
*error
) {
476 assert(name_or_path
|| image
);
483 r
= sd_bus_message_read(message
, "t", &limit
);
486 if (!FILE_SIZE_VALID_OR_INFINITY(limit
))
487 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "New limit out of range");
489 r
= bus_image_acquire(m
,
493 BUS_IMAGE_AUTHENTICATE_ALL
,
494 "org.freedesktop.portable1.manage-images",
500 return 1; /* Will call us back */
502 r
= image_set_limit(image
, limit
);
506 return sd_bus_reply_method_return(message
, NULL
);
509 static int bus_image_method_set_limit(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
510 return bus_image_common_set_limit(NULL
, message
, NULL
, userdata
, error
);
513 const sd_bus_vtable image_vtable
[] = {
514 SD_BUS_VTABLE_START(0),
515 SD_BUS_PROPERTY("Name", "s", NULL
, offsetof(Image
, name
), 0),
516 SD_BUS_PROPERTY("Path", "s", NULL
, offsetof(Image
, path
), 0),
517 SD_BUS_PROPERTY("Type", "s", property_get_type
, offsetof(Image
, type
), 0),
518 SD_BUS_PROPERTY("ReadOnly", "b", bus_property_get_bool
, offsetof(Image
, read_only
), 0),
519 SD_BUS_PROPERTY("CreationTimestamp", "t", NULL
, offsetof(Image
, crtime
), 0),
520 SD_BUS_PROPERTY("ModificationTimestamp", "t", NULL
, offsetof(Image
, mtime
), 0),
521 SD_BUS_PROPERTY("Usage", "t", NULL
, offsetof(Image
, usage
), 0),
522 SD_BUS_PROPERTY("Limit", "t", NULL
, offsetof(Image
, limit
), 0),
523 SD_BUS_PROPERTY("UsageExclusive", "t", NULL
, offsetof(Image
, usage_exclusive
), 0),
524 SD_BUS_PROPERTY("LimitExclusive", "t", NULL
, offsetof(Image
, limit_exclusive
), 0),
525 SD_BUS_METHOD("GetOSRelease", NULL
, "a{ss}", bus_image_method_get_os_release
, SD_BUS_VTABLE_UNPRIVILEGED
),
526 SD_BUS_METHOD("GetMedatadata", "as", "saya{say}", bus_image_method_get_metadata
, SD_BUS_VTABLE_UNPRIVILEGED
),
527 SD_BUS_METHOD("GetState", NULL
, "s", bus_image_method_get_state
, SD_BUS_VTABLE_UNPRIVILEGED
),
528 SD_BUS_METHOD("Attach", "assbs", "a(sss)", bus_image_method_attach
, SD_BUS_VTABLE_UNPRIVILEGED
),
529 SD_BUS_METHOD("Detach", "b", "a(sss)", bus_image_method_detach
, SD_BUS_VTABLE_UNPRIVILEGED
),
530 SD_BUS_METHOD("Remove", NULL
, NULL
, bus_image_method_remove
, SD_BUS_VTABLE_UNPRIVILEGED
),
531 SD_BUS_METHOD("MarkReadOnly", "b", NULL
, bus_image_method_mark_read_only
, SD_BUS_VTABLE_UNPRIVILEGED
),
532 SD_BUS_METHOD("SetLimit", "t", NULL
, bus_image_method_set_limit
, SD_BUS_VTABLE_UNPRIVILEGED
),
536 int bus_image_path(Image
*image
, char **ret
) {
540 if (!image
->discoverable
)
543 return sd_bus_path_encode("/org/freedesktop/portable1/image", image
->name
, ret
);
546 int bus_image_acquire(
548 sd_bus_message
*message
,
549 const char *name_or_path
,
551 ImageAcquireMode mode
,
552 const char *polkit_action
,
554 sd_bus_error
*error
) {
556 _cleanup_(image_unrefp
) Image
*loaded
= NULL
;
562 assert(name_or_path
|| image
);
564 assert(mode
< _BUS_IMAGE_ACQUIRE_MODE_MAX
);
565 assert(polkit_action
|| mode
== BUS_IMAGE_REFUSE_BY_PATH
);
568 /* Acquires an 'Image' object if not acquired yet, and enforces necessary authentication while doing so. */
570 if (mode
== BUS_IMAGE_AUTHENTICATE_ALL
) {
571 r
= bus_verify_polkit_async(
582 if (r
== 0) { /* Will call us back */
588 /* Already passed in? */
594 /* Let's see if this image is already cached? */
595 cached
= manager_image_cache_get(m
, name_or_path
);
601 if (image_name_is_valid(name_or_path
)) {
603 /* If it's a short name, let's search for it */
604 r
= image_find(IMAGE_PORTABLE
, name_or_path
, &loaded
);
606 return sd_bus_error_setf(error
, BUS_ERROR_NO_SUCH_PORTABLE_IMAGE
, "No image '%s' found.", name_or_path
);
608 /* other errors are handled below… */
610 /* Don't accept path if this is always forbidden */
611 if (mode
== BUS_IMAGE_REFUSE_BY_PATH
)
612 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Expected image name, not path in place of '%s'.", name_or_path
);
614 if (!path_is_absolute(name_or_path
))
615 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Image name '%s' is not valid or not a valid path.", name_or_path
);
617 if (!path_is_normalized(name_or_path
))
618 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Image path '%s' is not normalized.", name_or_path
);
620 if (mode
== BUS_IMAGE_AUTHENTICATE_BY_PATH
) {
621 r
= bus_verify_polkit_async(
632 if (r
== 0) { /* Will call us back */
638 r
= image_from_path(name_or_path
, &loaded
);
640 if (r
== -EMEDIUMTYPE
) {
641 sd_bus_error_setf(error
, BUS_ERROR_BAD_PORTABLE_IMAGE_TYPE
, "Typ of image '%s' not recognized; supported image types are directories/btrfs subvolumes, block devices, and raw disk image files with suffix '.raw'.", name_or_path
);
647 /* Add what we just loaded to the cache. This has as side-effect that the object stays in memory until the
648 * cache is purged again, i.e. at least for the current event loop iteration, which is all we need, and which
649 * means we don't actually need to ref the return object. */
650 r
= manager_image_cache_add(m
, loaded
);
658 int bus_image_object_find(
661 const char *interface
,
664 sd_bus_error
*error
) {
666 _cleanup_free_
char *e
= NULL
;
667 Manager
*m
= userdata
;
676 r
= sd_bus_path_decode(path
, "/org/freedesktop/portable1/image", &e
);
682 r
= bus_image_acquire(m
, sd_bus_get_current_message(bus
), e
, NULL
, BUS_IMAGE_REFUSE_BY_PATH
, NULL
, &image
, error
);
696 int bus_image_node_enumerator(sd_bus
*bus
, const char *path
, void *userdata
, char ***nodes
, sd_bus_error
*error
) {
697 _cleanup_hashmap_free_ Hashmap
*images
= NULL
;
698 _cleanup_strv_free_
char **l
= NULL
;
699 size_t n_allocated
= 0, n
= 0;
700 Manager
*m
= userdata
;
709 images
= hashmap_new(&image_hash_ops
);
713 r
= manager_image_cache_discover(m
, images
, error
);
717 HASHMAP_FOREACH(image
, images
, i
) {
720 r
= bus_image_path(image
, &p
);
724 if (!GREEDY_REALLOC(l
, n_allocated
, n
+2)) {
733 *nodes
= TAKE_PTR(l
);