]>
Commit | Line | Data |
---|---|---|
b6e676ce LP |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2015 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU Lesser General Public License as published by | |
10 | the Free Software Foundation; either version 2.1 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | Lesser General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU Lesser General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
618234a5 | 22 | #include <sched.h> |
b6e676ce LP |
23 | #include <sys/prctl.h> |
24 | #include <sys/stat.h> | |
25 | #include <unistd.h> | |
26 | ||
b6e676ce LP |
27 | #include "btrfs-util.h" |
28 | #include "capability.h" | |
3ffd4af2 LP |
29 | #include "fd-util.h" |
30 | #include "import-common.h" | |
24882e06 | 31 | #include "signal-util.h" |
618234a5 | 32 | #include "util.h" |
b6e676ce LP |
33 | |
34 | int import_make_read_only_fd(int fd) { | |
35 | int r; | |
36 | ||
37 | assert(fd >= 0); | |
38 | ||
39 | /* First, let's make this a read-only subvolume if it refers | |
40 | * to a subvolume */ | |
41 | r = btrfs_subvol_set_read_only_fd(fd, true); | |
42 | if (r == -ENOTTY || r == -ENOTDIR || r == -EINVAL) { | |
43 | struct stat st; | |
44 | ||
45 | /* This doesn't refer to a subvolume, or the file | |
46 | * system isn't even btrfs. In that, case fall back to | |
47 | * chmod()ing */ | |
48 | ||
49 | r = fstat(fd, &st); | |
50 | if (r < 0) | |
51 | return log_error_errno(errno, "Failed to stat temporary image: %m"); | |
52 | ||
53 | /* Drop "w" flag */ | |
54 | if (fchmod(fd, st.st_mode & 07555) < 0) | |
55 | return log_error_errno(errno, "Failed to chmod() final image: %m"); | |
56 | ||
57 | return 0; | |
58 | ||
59 | } else if (r < 0) | |
60 | return log_error_errno(r, "Failed to make subvolume read-only: %m"); | |
61 | ||
62 | return 0; | |
63 | } | |
64 | ||
65 | int import_make_read_only(const char *path) { | |
66 | _cleanup_close_ int fd = 1; | |
67 | ||
68 | fd = open(path, O_RDONLY|O_NOCTTY|O_CLOEXEC); | |
69 | if (fd < 0) | |
70 | return log_error_errno(errno, "Failed to open %s: %m", path); | |
71 | ||
72 | return import_make_read_only_fd(fd); | |
73 | } | |
74 | ||
587fec42 | 75 | int import_fork_tar_x(const char *path, pid_t *ret) { |
b6e676ce LP |
76 | _cleanup_close_pair_ int pipefd[2] = { -1, -1 }; |
77 | pid_t pid; | |
78 | int r; | |
79 | ||
80 | assert(path); | |
81 | assert(ret); | |
82 | ||
83 | if (pipe2(pipefd, O_CLOEXEC) < 0) | |
84 | return log_error_errno(errno, "Failed to create pipe for tar: %m"); | |
85 | ||
86 | pid = fork(); | |
87 | if (pid < 0) | |
88 | return log_error_errno(errno, "Failed to fork off tar: %m"); | |
89 | ||
90 | if (pid == 0) { | |
91 | int null_fd; | |
92 | uint64_t retain = | |
93 | (1ULL << CAP_CHOWN) | | |
94 | (1ULL << CAP_FOWNER) | | |
95 | (1ULL << CAP_FSETID) | | |
96 | (1ULL << CAP_MKNOD) | | |
97 | (1ULL << CAP_SETFCAP) | | |
98 | (1ULL << CAP_DAC_OVERRIDE); | |
99 | ||
100 | /* Child */ | |
101 | ||
ce30c8dc LP |
102 | (void) reset_all_signal_handlers(); |
103 | (void) reset_signal_mask(); | |
b6e676ce LP |
104 | assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); |
105 | ||
106 | pipefd[1] = safe_close(pipefd[1]); | |
107 | ||
108 | if (dup2(pipefd[0], STDIN_FILENO) != STDIN_FILENO) { | |
109 | log_error_errno(errno, "Failed to dup2() fd: %m"); | |
110 | _exit(EXIT_FAILURE); | |
111 | } | |
112 | ||
113 | if (pipefd[0] != STDIN_FILENO) | |
114 | pipefd[0] = safe_close(pipefd[0]); | |
115 | ||
116 | null_fd = open("/dev/null", O_WRONLY|O_NOCTTY); | |
117 | if (null_fd < 0) { | |
118 | log_error_errno(errno, "Failed to open /dev/null: %m"); | |
119 | _exit(EXIT_FAILURE); | |
120 | } | |
121 | ||
122 | if (dup2(null_fd, STDOUT_FILENO) != STDOUT_FILENO) { | |
123 | log_error_errno(errno, "Failed to dup2() fd: %m"); | |
124 | _exit(EXIT_FAILURE); | |
125 | } | |
126 | ||
127 | if (null_fd != STDOUT_FILENO) | |
128 | null_fd = safe_close(null_fd); | |
129 | ||
130 | fd_cloexec(STDIN_FILENO, false); | |
131 | fd_cloexec(STDOUT_FILENO, false); | |
132 | fd_cloexec(STDERR_FILENO, false); | |
133 | ||
134 | if (unshare(CLONE_NEWNET) < 0) | |
135 | log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m"); | |
136 | ||
137 | r = capability_bounding_set_drop(~retain, true); | |
138 | if (r < 0) | |
139 | log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); | |
140 | ||
141 | execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", NULL); | |
142 | log_error_errno(errno, "Failed to execute tar: %m"); | |
143 | _exit(EXIT_FAILURE); | |
144 | } | |
145 | ||
146 | pipefd[0] = safe_close(pipefd[0]); | |
147 | r = pipefd[1]; | |
148 | pipefd[1] = -1; | |
149 | ||
150 | *ret = pid; | |
151 | ||
152 | return r; | |
153 | } | |
587fec42 LP |
154 | |
155 | int import_fork_tar_c(const char *path, pid_t *ret) { | |
156 | _cleanup_close_pair_ int pipefd[2] = { -1, -1 }; | |
157 | pid_t pid; | |
158 | int r; | |
159 | ||
160 | assert(path); | |
161 | assert(ret); | |
162 | ||
163 | if (pipe2(pipefd, O_CLOEXEC) < 0) | |
164 | return log_error_errno(errno, "Failed to create pipe for tar: %m"); | |
165 | ||
166 | pid = fork(); | |
167 | if (pid < 0) | |
168 | return log_error_errno(errno, "Failed to fork off tar: %m"); | |
169 | ||
170 | if (pid == 0) { | |
171 | int null_fd; | |
172 | uint64_t retain = (1ULL << CAP_DAC_OVERRIDE); | |
173 | ||
174 | /* Child */ | |
175 | ||
ce30c8dc LP |
176 | (void) reset_all_signal_handlers(); |
177 | (void) reset_signal_mask(); | |
587fec42 LP |
178 | assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); |
179 | ||
180 | pipefd[0] = safe_close(pipefd[0]); | |
181 | ||
182 | if (dup2(pipefd[1], STDOUT_FILENO) != STDOUT_FILENO) { | |
183 | log_error_errno(errno, "Failed to dup2() fd: %m"); | |
184 | _exit(EXIT_FAILURE); | |
185 | } | |
186 | ||
187 | if (pipefd[1] != STDOUT_FILENO) | |
188 | pipefd[1] = safe_close(pipefd[1]); | |
189 | ||
190 | null_fd = open("/dev/null", O_RDONLY|O_NOCTTY); | |
191 | if (null_fd < 0) { | |
192 | log_error_errno(errno, "Failed to open /dev/null: %m"); | |
193 | _exit(EXIT_FAILURE); | |
194 | } | |
195 | ||
196 | if (dup2(null_fd, STDIN_FILENO) != STDIN_FILENO) { | |
197 | log_error_errno(errno, "Failed to dup2() fd: %m"); | |
198 | _exit(EXIT_FAILURE); | |
199 | } | |
200 | ||
201 | if (null_fd != STDIN_FILENO) | |
202 | null_fd = safe_close(null_fd); | |
203 | ||
204 | fd_cloexec(STDIN_FILENO, false); | |
205 | fd_cloexec(STDOUT_FILENO, false); | |
206 | fd_cloexec(STDERR_FILENO, false); | |
207 | ||
208 | if (unshare(CLONE_NEWNET) < 0) | |
209 | log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m"); | |
210 | ||
211 | r = capability_bounding_set_drop(~retain, true); | |
212 | if (r < 0) | |
213 | log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); | |
214 | ||
cca3a6b1 | 215 | execlp("tar", "tar", "-C", path, "-c", ".", NULL); |
587fec42 LP |
216 | log_error_errno(errno, "Failed to execute tar: %m"); |
217 | _exit(EXIT_FAILURE); | |
218 | } | |
219 | ||
220 | pipefd[1] = safe_close(pipefd[1]); | |
221 | r = pipefd[0]; | |
222 | pipefd[0] = -1; | |
223 | ||
224 | *ret = pid; | |
225 | ||
226 | return r; | |
227 | } |