From: Zbigniew Jędrzejewski-Szmek Date: Mon, 21 Jun 2021 21:13:10 +0000 (+0200) Subject: basic,shared: move a bunch of files to src/shared/ X-Git-Tag: v249-rc2~23^2~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b25a930f0e2ebe77bc8b0f0acfac8a3b27ef1f0a;p=thirdparty%2Fsystemd.git basic,shared: move a bunch of files to src/shared/ The goal is to move everything that requires selinux or smack away from src/basic/. This means that src/basic/label.[ch] must move, which implies btrfs-util.[ch], copy.[ch], and a bunch of other files which form a cluster of internal use. This is just moving text around, so there should be no functional difference. test-blockdev-util is new, because path_is_encrypted() is moved to blockdev-util.c, and so far we didn't have any tests for code there. --- diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c index 5fe8fbab986..bcec603f886 100644 --- a/src/basic/fs-util.c +++ b/src/basic/fs-util.c @@ -8,7 +8,6 @@ #include #include "alloc-util.h" -#include "blockdev-util.h" #include "dirent-util.h" #include "fd-util.h" #include "fileio.h" @@ -1504,91 +1503,6 @@ int open_parent(const char *path, int flags, mode_t mode) { return fd; } -static int blockdev_is_encrypted(const char *sysfs_path, unsigned depth_left) { - _cleanup_free_ char *p = NULL, *uuids = NULL; - _cleanup_closedir_ DIR *d = NULL; - int r, found_encrypted = false; - - assert(sysfs_path); - - if (depth_left == 0) - return -EINVAL; - - p = path_join(sysfs_path, "dm/uuid"); - if (!p) - return -ENOMEM; - - r = read_one_line_file(p, &uuids); - if (r != -ENOENT) { - if (r < 0) - return r; - - /* The DM device's uuid attribute is prefixed with "CRYPT-" if this is a dm-crypt device. */ - if (startswith(uuids, "CRYPT-")) - return true; - } - - /* Not a dm-crypt device itself. But maybe it is on top of one? Follow the links in the "slaves/" - * subdir. */ - - p = mfree(p); - p = path_join(sysfs_path, "slaves"); - if (!p) - return -ENOMEM; - - d = opendir(p); - if (!d) { - if (errno == ENOENT) /* Doesn't have underlying devices */ - return false; - - return -errno; - } - - for (;;) { - _cleanup_free_ char *q = NULL; - struct dirent *de; - - errno = 0; - de = readdir_no_dot(d); - if (!de) { - if (errno != 0) - return -errno; - - break; /* No more underlying devices */ - } - - q = path_join(p, de->d_name); - if (!q) - return -ENOMEM; - - r = blockdev_is_encrypted(q, depth_left - 1); - if (r < 0) - return r; - if (r == 0) /* we found one that is not encrypted? then propagate that immediately */ - return false; - - found_encrypted = true; - } - - return found_encrypted; -} - -int path_is_encrypted(const char *path) { - char p[SYS_BLOCK_PATH_MAX(NULL)]; - dev_t devt; - int r; - - r = get_block_device(path, &devt); - if (r < 0) - return r; - if (r == 0) /* doesn't have a block device */ - return false; - - xsprintf_sys_block_path(p, NULL, devt); - - return blockdev_is_encrypted(p, 10 /* safety net: maximum recursion depth */); -} - int conservative_renameat( int olddirfd, const char *oldpath, int newdirfd, const char *newpath) { diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h index 85bdea64df1..7f15b558ca8 100644 --- a/src/basic/fs-util.h +++ b/src/basic/fs-util.h @@ -145,8 +145,6 @@ int syncfs_path(int atfd, const char *path); int open_parent(const char *path, int flags, mode_t mode); -int path_is_encrypted(const char *path); - int conservative_renameat(int olddirfd, const char *oldpath, int newdirfd, const char *newpath); static inline int conservative_rename(const char *oldpath, const char *newpath) { return conservative_renameat(AT_FDCWD, oldpath, AT_FDCWD, newpath); diff --git a/src/basic/meson.build b/src/basic/meson.build index 95122213682..f7beafa0221 100644 --- a/src/basic/meson.build +++ b/src/basic/meson.build @@ -15,10 +15,6 @@ basic_sources = files(''' async.h audit-util.c audit-util.h - blockdev-util.c - blockdev-util.h - btrfs-util.c - btrfs-util.h build.c build.h bus-label.c @@ -33,12 +29,8 @@ basic_sources = files(''' chattr-util.h conf-files.c conf-files.h - copy.c - copy.h creds-util.c creds-util.h - data-fd-util.c - data-fd-util.h def.h dirent-util.c dirent-util.h @@ -85,8 +77,6 @@ basic_sources = files(''' ioprio.h khash.c khash.h - label.c - label.h limits-util.c limits-util.h linux/btrfs.h @@ -157,7 +147,6 @@ basic_sources = files(''' missing_syscall.h missing_timerfd.h missing_type.h - mkdir-label.c mkdir.c mkdir.h mountpoint-util.c @@ -200,10 +189,6 @@ basic_sources = files(''' replace-var.h rlimit-util.c rlimit-util.h - rm-rf.c - rm-rf.h - selinux-util.c - selinux-util.h set.h sigbus.c sigbus.h @@ -211,9 +196,6 @@ basic_sources = files(''' signal-util.h siphash24.c siphash24.h - smack-util.c - smack-util.h - socket-label.c socket-util.c socket-util.h sort-util.c diff --git a/src/home/homework.c b/src/home/homework.c index 073d12e50e1..bdd9ac649e5 100644 --- a/src/home/homework.c +++ b/src/home/homework.c @@ -3,6 +3,7 @@ #include #include +#include "blockdev-util.h" #include "chown-recursive.h" #include "copy.h" #include "fd-util.h" diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c index 16e61e1e89c..378774fe8b5 100644 --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c @@ -22,7 +22,6 @@ #include "path-util.h" #include "process-util.h" #include "rlimit-util.h" -#include "selinux-util.h" #include "signal-util.h" #include "stdio-util.h" #include "string-util.h" diff --git a/src/basic/blockdev-util.c b/src/shared/blockdev-util.c similarity index 76% rename from src/basic/blockdev-util.c rename to src/shared/blockdev-util.c index 676ad9351b2..4d545dfa581 100644 --- a/src/basic/blockdev-util.c +++ b/src/shared/blockdev-util.c @@ -256,3 +256,88 @@ int blockdev_partscan_enabled(int fd) { return !FLAGS_SET(ull, GENHD_FL_NO_PART_SCAN); } + +static int blockdev_is_encrypted(const char *sysfs_path, unsigned depth_left) { + _cleanup_free_ char *p = NULL, *uuids = NULL; + _cleanup_closedir_ DIR *d = NULL; + int r, found_encrypted = false; + + assert(sysfs_path); + + if (depth_left == 0) + return -EINVAL; + + p = path_join(sysfs_path, "dm/uuid"); + if (!p) + return -ENOMEM; + + r = read_one_line_file(p, &uuids); + if (r != -ENOENT) { + if (r < 0) + return r; + + /* The DM device's uuid attribute is prefixed with "CRYPT-" if this is a dm-crypt device. */ + if (startswith(uuids, "CRYPT-")) + return true; + } + + /* Not a dm-crypt device itself. But maybe it is on top of one? Follow the links in the "slaves/" + * subdir. */ + + p = mfree(p); + p = path_join(sysfs_path, "slaves"); + if (!p) + return -ENOMEM; + + d = opendir(p); + if (!d) { + if (errno == ENOENT) /* Doesn't have underlying devices */ + return false; + + return -errno; + } + + for (;;) { + _cleanup_free_ char *q = NULL; + struct dirent *de; + + errno = 0; + de = readdir_no_dot(d); + if (!de) { + if (errno != 0) + return -errno; + + break; /* No more underlying devices */ + } + + q = path_join(p, de->d_name); + if (!q) + return -ENOMEM; + + r = blockdev_is_encrypted(q, depth_left - 1); + if (r < 0) + return r; + if (r == 0) /* we found one that is not encrypted? then propagate that immediately */ + return false; + + found_encrypted = true; + } + + return found_encrypted; +} + +int path_is_encrypted(const char *path) { + char p[SYS_BLOCK_PATH_MAX(NULL)]; + dev_t devt; + int r; + + r = get_block_device(path, &devt); + if (r < 0) + return r; + if (r == 0) /* doesn't have a block device */ + return false; + + xsprintf_sys_block_path(p, NULL, devt); + + return blockdev_is_encrypted(p, 10 /* safety net: maximum recursion depth */); +} diff --git a/src/basic/blockdev-util.h b/src/shared/blockdev-util.h similarity index 95% rename from src/basic/blockdev-util.h rename to src/shared/blockdev-util.h index 10048ff3139..56c50cecba1 100644 --- a/src/basic/blockdev-util.h +++ b/src/shared/blockdev-util.h @@ -22,3 +22,5 @@ int get_block_device_harder(const char *path, dev_t *dev); int lock_whole_block_device(dev_t devt, int operation); int blockdev_partscan_enabled(int fd); + +int path_is_encrypted(const char *path); diff --git a/src/basic/btrfs-util.c b/src/shared/btrfs-util.c similarity index 100% rename from src/basic/btrfs-util.c rename to src/shared/btrfs-util.c diff --git a/src/basic/btrfs-util.h b/src/shared/btrfs-util.h similarity index 100% rename from src/basic/btrfs-util.h rename to src/shared/btrfs-util.h diff --git a/src/shared/condition.c b/src/shared/condition.c index b86312548d0..55fb6366735 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -17,6 +17,7 @@ #include "apparmor-util.h" #include "architecture.h" #include "audit-util.h" +#include "blockdev-util.h" #include "cap-list.h" #include "cgroup-util.h" #include "condition.h" diff --git a/src/basic/copy.c b/src/shared/copy.c similarity index 100% rename from src/basic/copy.c rename to src/shared/copy.c diff --git a/src/basic/copy.h b/src/shared/copy.h similarity index 100% rename from src/basic/copy.h rename to src/shared/copy.h diff --git a/src/basic/data-fd-util.c b/src/shared/data-fd-util.c similarity index 100% rename from src/basic/data-fd-util.c rename to src/shared/data-fd-util.c diff --git a/src/basic/data-fd-util.h b/src/shared/data-fd-util.h similarity index 100% rename from src/basic/data-fd-util.h rename to src/shared/data-fd-util.h diff --git a/src/basic/label.c b/src/shared/label.c similarity index 100% rename from src/basic/label.c rename to src/shared/label.c diff --git a/src/basic/label.h b/src/shared/label.h similarity index 100% rename from src/basic/label.h rename to src/shared/label.h diff --git a/src/shared/meson.build b/src/shared/meson.build index 9de167f4cf3..5008cda500a 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -17,6 +17,8 @@ shared_sources = files(''' bitmap.c bitmap.h blkid-util.h + blockdev-util.c + blockdev-util.h bond-util.c bond-util.h boot-timestamps.c @@ -29,6 +31,8 @@ shared_sources = files(''' bpf-program.h bridge-util.c bridge-util.h + btrfs-util.c + btrfs-util.h bus-get-properties.c bus-get-properties.h bus-locator.c @@ -71,6 +75,8 @@ shared_sources = files(''' condition.h conf-parser.c conf-parser.h + copy.c + copy.h coredump-util.c coredump-util.h cpu-set-util.c @@ -78,6 +84,8 @@ shared_sources = files(''' cryptsetup-util.c cryptsetup-util.h daemon-util.h + data-fd-util.c + data-fd-util.h dev-setup.c dev-setup.h device-nodes.c @@ -161,6 +169,8 @@ shared_sources = files(''' kbd-util.h killall.c killall.h + label.c + label.h libcrypt-util.c libcrypt-util.h libfido2-util.c @@ -190,6 +200,7 @@ shared_sources = files(''' macvlan-util.c macvlan-util.h main-func.h + mkdir-label.c mkfs-util.c mkfs-util.h module-util.h @@ -235,15 +246,22 @@ shared_sources = files(''' resize-fs.h resolve-util.c resolve-util.h + rm-rf.c + rm-rf.h seccomp-util.h securebits-util.c securebits-util.h + selinux-util.c + selinux-util.h serialize.c serialize.h service-util.c service-util.h sleep-config.c sleep-config.h + smack-util.c + smack-util.h + socket-label.c socket-netlink.c socket-netlink.h spawn-ask-password-agent.c diff --git a/src/basic/mkdir-label.c b/src/shared/mkdir-label.c similarity index 100% rename from src/basic/mkdir-label.c rename to src/shared/mkdir-label.c diff --git a/src/basic/rm-rf.c b/src/shared/rm-rf.c similarity index 100% rename from src/basic/rm-rf.c rename to src/shared/rm-rf.c diff --git a/src/basic/rm-rf.h b/src/shared/rm-rf.h similarity index 100% rename from src/basic/rm-rf.h rename to src/shared/rm-rf.h diff --git a/src/basic/selinux-util.c b/src/shared/selinux-util.c similarity index 100% rename from src/basic/selinux-util.c rename to src/shared/selinux-util.c diff --git a/src/basic/selinux-util.h b/src/shared/selinux-util.h similarity index 100% rename from src/basic/selinux-util.h rename to src/shared/selinux-util.h diff --git a/src/basic/smack-util.c b/src/shared/smack-util.c similarity index 100% rename from src/basic/smack-util.c rename to src/shared/smack-util.c diff --git a/src/basic/smack-util.h b/src/shared/smack-util.h similarity index 100% rename from src/basic/smack-util.h rename to src/shared/smack-util.h diff --git a/src/basic/socket-label.c b/src/shared/socket-label.c similarity index 100% rename from src/basic/socket-label.c rename to src/shared/socket-label.c diff --git a/src/test/meson.build b/src/test/meson.build index 03f08673bb9..cf49990b83e 100644 --- a/src/test/meson.build +++ b/src/test/meson.build @@ -146,6 +146,8 @@ tests += [ [['src/test/test-utf8.c']], + [['src/test/test-blockdev-util.c']], + [['src/test/test-dev-setup.c']], [['src/test/test-capability.c'], diff --git a/src/test/test-blockdev-util.c b/src/test/test-blockdev-util.c new file mode 100644 index 00000000000..ab5169c43ad --- /dev/null +++ b/src/test/test-blockdev-util.c @@ -0,0 +1,43 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "blockdev-util.h" +#include "errno-util.h" +#include "tests.h" + +static void test_path_is_encrypted_one(const char *p, int expect) { + int r; + + r = path_is_encrypted(p); + if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) /* This might fail, if btrfs is used and we run in a + * container. In that case we cannot resolve the device node paths that + * BTRFS_IOC_DEV_INFO returns, because the device nodes are unlikely to exist in + * the container. But if we can't stat() them we cannot determine the dev_t of + * them, and thus cannot figure out if they are enrypted. Hence let's just ignore + * ENOENT here. Also skip the test if we lack privileges. */ + return; + assert_se(r >= 0); + + log_info("%s encrypted: %s", p, yes_no(r)); + + assert_se(expect < 0 || ((r > 0) == (expect > 0))); +} + +static void test_path_is_encrypted(void) { + int booted = sd_booted(); /* If this is run in build environments such as koji, /dev might be a + * reguar fs. Don't assume too much if not running under systemd. */ + + log_info("/* %s (sd_booted=%d) */", __func__, booted); + + test_path_is_encrypted_one("/home", -1); + test_path_is_encrypted_one("/var", -1); + test_path_is_encrypted_one("/", -1); + test_path_is_encrypted_one("/proc", false); + test_path_is_encrypted_one("/sys", false); + test_path_is_encrypted_one("/dev", booted > 0 ? false : -1); +} + +int main(int argc, char **argv) { + test_setup_logging(LOG_INFO); + + test_path_is_encrypted(); +} diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c index a0f91c35d13..08bebcf0e81 100644 --- a/src/test/test-fs-util.c +++ b/src/test/test-fs-util.c @@ -805,38 +805,6 @@ static void test_chmod_and_chown(void) { assert_se(S_ISLNK(st.st_mode)); } -static void test_path_is_encrypted_one(const char *p, int expect) { - int r; - - r = path_is_encrypted(p); - if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) /* This might fail, if btrfs is used and we run in a - * container. In that case we cannot resolve the device node paths that - * BTRFS_IOC_DEV_INFO returns, because the device nodes are unlikely to exist in - * the container. But if we can't stat() them we cannot determine the dev_t of - * them, and thus cannot figure out if they are enrypted. Hence let's just ignore - * ENOENT here. Also skip the test if we lack privileges. */ - return; - assert_se(r >= 0); - - log_info("%s encrypted: %s", p, yes_no(r)); - - assert_se(expect < 0 || ((r > 0) == (expect > 0))); -} - -static void test_path_is_encrypted(void) { - int booted = sd_booted(); /* If this is run in build environments such as koji, /dev might be a - * reguar fs. Don't assume too much if not running under systemd. */ - - log_info("/* %s (sd_booted=%d) */", __func__, booted); - - test_path_is_encrypted_one("/home", -1); - test_path_is_encrypted_one("/var", -1); - test_path_is_encrypted_one("/", -1); - test_path_is_encrypted_one("/proc", false); - test_path_is_encrypted_one("/sys", false); - test_path_is_encrypted_one("/dev", booted > 0 ? false : -1); -} - static void create_binary_file(const char *p, const void *data, size_t l) { _cleanup_close_ int fd = -1; @@ -914,7 +882,6 @@ int main(int argc, char *argv[]) { test_fsync_directory_of_file(); test_rename_noreplace(); test_chmod_and_chown(); - test_path_is_encrypted(); test_conservative_rename(); return 0;