-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
+/* SPDX-License-Identifier: LGPL-2.1+ */
/***
This file is part of systemd.
Copyright 2011 Lennart Poettering
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <errno.h>
#include <string.h>
#include <unistd.h>
+#include <stdio_ext.h>
#include "sd-messages.h"
#include "bus-error.h"
#include "bus-util.h"
#include "escape.h"
+#include "extract-word.h"
#include "fd-util.h"
#include "fileio.h"
-#include "formats-util.h"
+#include "format-util.h"
#include "hashmap.h"
#include "machine-dbus.h"
#include "machine.h"
#include "mkdir.h"
#include "parse-util.h"
+#include "process-util.h"
#include "special.h"
+#include "stdio-util.h"
#include "string-table.h"
#include "terminal-util.h"
#include "unit-name.h"
+#include "user-util.h"
#include "util.h"
-#include "extract-word.h"
Machine* machine_new(Manager *manager, MachineClass class, const char *name) {
Machine *m;
fail:
free(m->state_file);
free(m->name);
- free(m);
-
- return NULL;
+ return mfree(m);
}
void machine_free(Machine *m) {
assert(m);
while (m->operations)
- machine_operation_unref(m->operations);
+ operation_free(m->operations);
if (m->in_gc_queue)
LIST_REMOVE(gc_queue, m->manager->machine_gc_queue, m);
m->manager->host_machine = NULL;
if (m->leader > 0)
- (void) hashmap_remove_value(m->manager->machine_leaders, UINT_TO_PTR(m->leader), m);
+ (void) hashmap_remove_value(m->manager->machine_leaders, PID_TO_PTR(m->leader), m);
sd_bus_message_unref(m->create_message);
if (!m->started)
return 0;
- r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
goto fail;
if (r < 0)
goto fail;
+ (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
(void) fchmod(fileno(f), 0644);
fprintf(f,
fprintf(f, "ROOT=%s\n", escaped);
}
- if (!sd_id128_equal(m->id, SD_ID128_NULL))
+ if (!sd_id128_is_null(m->id))
fprintf(f, "ID=" SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->id));
if (m->leader != 0)
assert(m);
if (m->unit) {
-
char *sl;
sl = strjoina("/run/systemd/machines/unit:", m->unit);
if (!m->state_file)
return 0;
- r = parse_env_file(m->state_file, NEWLINE,
+ r = parse_env_file(NULL, m->state_file, NEWLINE,
"SCOPE", &m->unit,
"SCOPE_JOB", &m->scope_job,
"SERVICE", &m->service,
m->class = c;
}
- if (realtime) {
- unsigned long long l;
- if (sscanf(realtime, "%llu", &l) > 0)
- m->timestamp.realtime = l;
- }
-
- if (monotonic) {
- unsigned long long l;
- if (sscanf(monotonic, "%llu", &l) > 0)
- m->timestamp.monotonic = l;
- }
+ if (realtime)
+ timestamp_deserialize(realtime, &m->timestamp.realtime);
+ if (monotonic)
+ timestamp_deserialize(monotonic, &m->timestamp.monotonic);
if (netif) {
size_t allocated = 0, nr = 0;
int *ni = NULL;
p = netif;
- for(;;) {
+ for (;;) {
_cleanup_free_ char *word = NULL;
int ifi;
if (!escaped)
return log_oom();
- scope = strjoin("machine-", escaped, ".scope", NULL);
+ scope = strjoin("machine-", escaped, ".scope");
if (!scope)
return log_oom();
if (m->started)
return 0;
- r = hashmap_put(m->manager->machine_leaders, UINT_TO_PTR(m->leader), m);
+ r = hashmap_put(m->manager->machine_leaders, PID_TO_PTR(m->leader), m);
if (r < 0)
return r;
return r;
log_struct(LOG_INFO,
- LOG_MESSAGE_ID(SD_MESSAGE_MACHINE_START),
+ "MESSAGE_ID=" SD_MESSAGE_MACHINE_START_STR,
"NAME=%s", m->name,
"LEADER="PID_FMT, m->leader,
- LOG_MESSAGE("New machine %s.", m->name),
- NULL);
+ LOG_MESSAGE("New machine %s.", m->name));
if (!dual_timestamp_is_set(&m->timestamp))
dual_timestamp_get(&m->timestamp);
}
static int machine_stop_scope(Machine *m) {
- _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
+ _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
char *job = NULL;
int r;
if (m->started)
log_struct(LOG_INFO,
- LOG_MESSAGE_ID(SD_MESSAGE_MACHINE_STOP),
+ "MESSAGE_ID=" SD_MESSAGE_MACHINE_STOP_STR,
"NAME=%s", m->name,
"LEADER="PID_FMT, m->leader,
- LOG_MESSAGE("Machine %s terminated.", m->name),
- NULL);
+ LOG_MESSAGE("Machine %s terminated.", m->name));
machine_unlink(m);
machine_add_to_gc_queue(m);
return 0;
}
-bool machine_check_gc(Machine *m, bool drop_not_started) {
+bool machine_may_gc(Machine *m, bool drop_not_started) {
assert(m);
if (m->class == MACHINE_HOST)
- return true;
+ return false;
if (drop_not_started && !m->started)
- return false;
+ return true;
if (m->scope_job && manager_job_is_active(m->manager, m->scope_job))
- return true;
+ return false;
if (m->unit && manager_unit_is_active(m->manager, m->unit))
- return true;
+ return false;
- return false;
+ return true;
}
void machine_add_to_gc_queue(Machine *m) {
return 0;
}
- /* Otherwise make PID 1 do it for us, for the entire cgroup */
+ /* Otherwise, make PID 1 do it for us, for the entire cgroup */
return manager_kill_unit(m->manager, m->unit, signo, NULL);
}
}
}
-MachineOperation *machine_operation_unref(MachineOperation *o) {
- if (!o)
- return NULL;
+void machine_release_unit(Machine *m) {
+ assert(m);
- sd_event_source_unref(o->event_source);
+ if (!m->unit)
+ return;
- safe_close(o->errno_fd);
+ (void) hashmap_remove(m->manager->machine_units, m->unit);
+ m->unit = mfree(m->unit);
+}
+
+int machine_get_uid_shift(Machine *m, uid_t *ret) {
+ char p[STRLEN("/proc//uid_map") + DECIMAL_STR_MAX(pid_t) + 1];
+ uid_t uid_base, uid_shift, uid_range;
+ gid_t gid_base, gid_shift, gid_range;
+ _cleanup_fclose_ FILE *f = NULL;
+ int k;
- if (o->pid > 1)
- (void) kill(o->pid, SIGKILL);
+ assert(m);
+ assert(ret);
- sd_bus_message_unref(o->message);
+ /* Return the base UID/GID of the specified machine. Note that this only works for containers with simple
+ * mappings. In most cases setups should be simple like this, and administrators should only care about the
+ * basic offset a container has relative to the host. This is what this function exposes.
+ *
+ * If we encounter any more complex mappings we politely refuse this with ENXIO. */
- if (o->machine) {
- LIST_REMOVE(operations, o->machine->operations, o);
- o->machine->n_operations--;
+ if (m->class == MACHINE_HOST) {
+ *ret = 0;
+ return 0;
}
- free(o);
- return NULL;
-}
+ if (m->class != MACHINE_CONTAINER)
+ return -EOPNOTSUPP;
-void machine_release_unit(Machine *m) {
- assert(m);
+ xsprintf(p, "/proc/" PID_FMT "/uid_map", m->leader);
+ f = fopen(p, "re");
+ if (!f) {
+ if (errno == ENOENT) {
+ /* If the file doesn't exist, user namespacing is off in the kernel, return a zero mapping hence. */
+ *ret = 0;
+ return 0;
+ }
- if (!m->unit)
- return;
+ return -errno;
+ }
- (void) hashmap_remove(m->manager->machine_units, m->unit);
- m->unit = mfree(m->unit);
+ /* Read the first line. There's at least one. */
+ errno = 0;
+ k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT "\n", &uid_base, &uid_shift, &uid_range);
+ if (k != 3) {
+ if (ferror(f))
+ return -errno;
+
+ return -EBADMSG;
+ }
+
+ /* Not a mapping starting at 0? Then it's a complex mapping we can't expose here. */
+ if (uid_base != 0)
+ return -ENXIO;
+ /* Insist that at least the nobody user is mapped, everything else is weird, and hence complex, and we don't support it */
+ if (uid_range < UID_NOBODY)
+ return -ENXIO;
+
+ /* If there's more than one line, then we don't support this mapping. */
+ if (fgetc(f) != EOF)
+ return -ENXIO;
+
+ fclose(f);
+
+ xsprintf(p, "/proc/" PID_FMT "/gid_map", m->leader);
+ f = fopen(p, "re");
+ if (!f)
+ return -errno;
+
+ /* Read the first line. There's at least one. */
+ errno = 0;
+ k = fscanf(f, GID_FMT " " GID_FMT " " GID_FMT "\n", &gid_base, &gid_shift, &gid_range);
+ if (k != 3) {
+ if (ferror(f))
+ return -errno;
+
+ return -EBADMSG;
+ }
+
+ /* If there's more than one line, then we don't support this file. */
+ if (fgetc(f) != EOF)
+ return -ENXIO;
+
+ /* If the UID and GID mapping doesn't match, we don't support this mapping. */
+ if (uid_base != (uid_t) gid_base)
+ return -ENXIO;
+ if (uid_shift != (uid_t) gid_shift)
+ return -ENXIO;
+ if (uid_range != (uid_t) gid_range)
+ return -ENXIO;
+
+ *ret = uid_shift;
+ return 0;
}
static const char* const machine_class_table[_MACHINE_CLASS_MAX] = {