[thirdparty/systemd.git] / src / import / import-common.c

/* SPDX-License-Identifier: LGPL-2.1+ */
/***
  This file is part of systemd.

  Copyright 2015 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <sched.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <unistd.h>

#include "btrfs-util.h"
#include "capability-util.h"
#include "fd-util.h"
#include "import-common.h"
#include "signal-util.h"
#include "util.h"

int import_make_read_only_fd(int fd) {
        int r;

        assert(fd >= 0);

        /* First, let's make this a read-only subvolume if it refers
         * to a subvolume */
        r = btrfs_subvol_set_read_only_fd(fd, true);
        if (IN_SET(r, -ENOTTY, -ENOTDIR, -EINVAL)) {
                struct stat st;

                /* This doesn't refer to a subvolume, or the file
                 * system isn't even btrfs. In that, case fall back to
                 * chmod()ing */

                r = fstat(fd, &st);
                if (r < 0)
                        return log_error_errno(errno, "Failed to stat temporary image: %m");

                /* Drop "w" flag */
                if (fchmod(fd, st.st_mode & 07555) < 0)
                        return log_error_errno(errno, "Failed to chmod() final image: %m");

                return 0;

        } else if (r < 0)
                return log_error_errno(r, "Failed to make subvolume read-only: %m");

        return 0;
}

int import_make_read_only(const char *path) {
        _cleanup_close_ int fd = 1;

        fd = open(path, O_RDONLY|O_NOCTTY|O_CLOEXEC);
        if (fd < 0)
                return log_error_errno(errno, "Failed to open %s: %m", path);

        return import_make_read_only_fd(fd);
}

int import_fork_tar_x(const char *path, pid_t *ret) {
        _cleanup_close_pair_ int pipefd[2] = { -1, -1 };
        pid_t pid;
        int r;

        assert(path);
        assert(ret);

        if (pipe2(pipefd, O_CLOEXEC) < 0)
                return log_error_errno(errno, "Failed to create pipe for tar: %m");

        pid = fork();
        if (pid < 0)
                return log_error_errno(errno, "Failed to fork off tar: %m");

        if (pid == 0) {
                int null_fd;
                uint64_t retain =
                        (1ULL << CAP_CHOWN) |
                        (1ULL << CAP_FOWNER) |
                        (1ULL << CAP_FSETID) |
                        (1ULL << CAP_MKNOD) |
                        (1ULL << CAP_SETFCAP) |
                        (1ULL << CAP_DAC_OVERRIDE);

                /* Child */

                (void) reset_all_signal_handlers();
                (void) reset_signal_mask();
                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);

                pipefd[1] = safe_close(pipefd[1]);

                if (dup2(pipefd[0], STDIN_FILENO) != STDIN_FILENO) {
                        log_error_errno(errno, "Failed to dup2() fd: %m");
                        _exit(EXIT_FAILURE);
                }

                if (pipefd[0] != STDIN_FILENO)
                        pipefd[0] = safe_close(pipefd[0]);

                null_fd = open("/dev/null", O_WRONLY|O_NOCTTY);
                if (null_fd < 0) {
                        log_error_errno(errno, "Failed to open /dev/null: %m");
                        _exit(EXIT_FAILURE);
                }

                if (dup2(null_fd, STDOUT_FILENO) != STDOUT_FILENO) {
                        log_error_errno(errno, "Failed to dup2() fd: %m");
                        _exit(EXIT_FAILURE);
                }

                if (null_fd != STDOUT_FILENO)
                        null_fd = safe_close(null_fd);

                stdio_unset_cloexec();

                if (unshare(CLONE_NEWNET) < 0)
                        log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");

                r = capability_bounding_set_drop(retain, true);
                if (r < 0)
                        log_error_errno(r, "Failed to drop capabilities, ignoring: %m");

                execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", "--xattrs", "--xattrs-include=*", NULL);
                log_error_errno(errno, "Failed to execute tar: %m");
                _exit(EXIT_FAILURE);
        }

        pipefd[0] = safe_close(pipefd[0]);
        r = pipefd[1];
        pipefd[1] = -1;

        *ret = pid;

        return r;
}

int import_fork_tar_c(const char *path, pid_t *ret) {
        _cleanup_close_pair_ int pipefd[2] = { -1, -1 };
        pid_t pid;
        int r;

        assert(path);
        assert(ret);

        if (pipe2(pipefd, O_CLOEXEC) < 0)
                return log_error_errno(errno, "Failed to create pipe for tar: %m");

        pid = fork();
        if (pid < 0)
                return log_error_errno(errno, "Failed to fork off tar: %m");

        if (pid == 0) {
                int null_fd;
                uint64_t retain = (1ULL << CAP_DAC_OVERRIDE);

                /* Child */

                (void) reset_all_signal_handlers();
                (void) reset_signal_mask();
                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);

                pipefd[0] = safe_close(pipefd[0]);

                if (dup2(pipefd[1], STDOUT_FILENO) != STDOUT_FILENO) {
                        log_error_errno(errno, "Failed to dup2() fd: %m");
                        _exit(EXIT_FAILURE);
                }

                if (pipefd[1] != STDOUT_FILENO)
                        pipefd[1] = safe_close(pipefd[1]);

                null_fd = open("/dev/null", O_RDONLY|O_NOCTTY);
                if (null_fd < 0) {
                        log_error_errno(errno, "Failed to open /dev/null: %m");
                        _exit(EXIT_FAILURE);
                }

                if (dup2(null_fd, STDIN_FILENO) != STDIN_FILENO) {
                        log_error_errno(errno, "Failed to dup2() fd: %m");
                        _exit(EXIT_FAILURE);
                }

                if (null_fd != STDIN_FILENO)
                        null_fd = safe_close(null_fd);

                stdio_unset_cloexec();

                if (unshare(CLONE_NEWNET) < 0)
                        log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");

                r = capability_bounding_set_drop(retain, true);
                if (r < 0)
                        log_error_errno(r, "Failed to drop capabilities, ignoring: %m");

                execlp("tar", "tar", "-C", path, "-c", "--xattrs", "--xattrs-include=*", ".", NULL);
                log_error_errno(errno, "Failed to execute tar: %m");
                _exit(EXIT_FAILURE);
        }

        pipefd[1] = safe_close(pipefd[1]);
        r = pipefd[0];
        pipefd[0] = -1;

        *ret = pid;

        return r;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
b6e676ce LP	2	/***
	3	This file is part of systemd.
	4
	5	Copyright 2015 Lennart Poettering
	6
	7	systemd is free software; you can redistribute it and/or modify it
	8	under the terms of the GNU Lesser General Public License as published by
	9	the Free Software Foundation; either version 2.1 of the License, or
	10	(at your option) any later version.
	11
	12	systemd is distributed in the hope that it will be useful, but
	13	WITHOUT ANY WARRANTY; without even the implied warranty of
	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	15	Lesser General Public License for more details.
	16
	17	You should have received a copy of the GNU Lesser General Public License
	18	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	19	***/
	20
618234a5	21	#include <sched.h>
b6e676ce LP	22	#include <sys/prctl.h>
	23	#include <sys/stat.h>
	24	#include <unistd.h>
	25
b6e676ce	26	#include "btrfs-util.h"
430f0182	27	#include "capability-util.h"
3ffd4af2 LP	28	#include "fd-util.h"
3ffd4af2 LP	29	#include "import-common.h"
24882e06	30	#include "signal-util.h"
618234a5	31	#include "util.h"
b6e676ce LP	32
	33	int import_make_read_only_fd(int fd) {
	34	int r;
	35
	36	assert(fd >= 0);
	37
	38	/* First, let's make this a read-only subvolume if it refers
	39	* to a subvolume */
	40	r = btrfs_subvol_set_read_only_fd(fd, true);
4c701096	41	if (IN_SET(r, -ENOTTY, -ENOTDIR, -EINVAL)) {
b6e676ce LP	42	struct stat st;
	43
	44	/* This doesn't refer to a subvolume, or the file
	45	* system isn't even btrfs. In that, case fall back to
	46	* chmod()ing */
	47
	48	r = fstat(fd, &st);
	49	if (r < 0)
	50	return log_error_errno(errno, "Failed to stat temporary image: %m");
	51
	52	/* Drop "w" flag */
	53	if (fchmod(fd, st.st_mode & 07555) < 0)
	54	return log_error_errno(errno, "Failed to chmod() final image: %m");
	55
	56	return 0;
	57
	58	} else if (r < 0)
	59	return log_error_errno(r, "Failed to make subvolume read-only: %m");
	60
	61	return 0;
	62	}
	63
	64	int import_make_read_only(const char *path) {
	65	_cleanup_close_ int fd = 1;
	66
	67	fd = open(path, O_RDONLY\|O_NOCTTY\|O_CLOEXEC);
	68	if (fd < 0)
	69	return log_error_errno(errno, "Failed to open %s: %m", path);
	70
	71	return import_make_read_only_fd(fd);
	72	}
	73
587fec42	74	int import_fork_tar_x(const char path, pid_t ret) {
b6e676ce LP	75	_cleanup_close_pair_ int pipefd[2] = { -1, -1 };
	76	pid_t pid;
	77	int r;
	78
	79	assert(path);
	80	assert(ret);
	81
	82	if (pipe2(pipefd, O_CLOEXEC) < 0)
	83	return log_error_errno(errno, "Failed to create pipe for tar: %m");
	84
	85	pid = fork();
	86	if (pid < 0)
	87	return log_error_errno(errno, "Failed to fork off tar: %m");
	88
	89	if (pid == 0) {
	90	int null_fd;
	91	uint64_t retain =
	92	(1ULL << CAP_CHOWN) \|
	93	(1ULL << CAP_FOWNER) \|
	94	(1ULL << CAP_FSETID) \|
	95	(1ULL << CAP_MKNOD) \|
	96	(1ULL << CAP_SETFCAP) \|
	97	(1ULL << CAP_DAC_OVERRIDE);
	98
	99	/* Child */
	100
ce30c8dc LP	101	(void) reset_all_signal_handlers();
ce30c8dc LP	102	(void) reset_signal_mask();
b6e676ce LP	103	assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
	104
	105	pipefd[1] = safe_close(pipefd[1]);
	106
	107	if (dup2(pipefd[0], STDIN_FILENO) != STDIN_FILENO) {
	108	log_error_errno(errno, "Failed to dup2() fd: %m");
	109	_exit(EXIT_FAILURE);
	110	}
	111
	112	if (pipefd[0] != STDIN_FILENO)
	113	pipefd[0] = safe_close(pipefd[0]);
	114
	115	null_fd = open("/dev/null", O_WRONLY\|O_NOCTTY);
	116	if (null_fd < 0) {
	117	log_error_errno(errno, "Failed to open /dev/null: %m");
	118	_exit(EXIT_FAILURE);
	119	}
	120
	121	if (dup2(null_fd, STDOUT_FILENO) != STDOUT_FILENO) {
	122	log_error_errno(errno, "Failed to dup2() fd: %m");
	123	_exit(EXIT_FAILURE);
	124	}
	125
	126	if (null_fd != STDOUT_FILENO)
	127	null_fd = safe_close(null_fd);
	128
913f38e4	129	stdio_unset_cloexec();
b6e676ce LP	130
	131	if (unshare(CLONE_NEWNET) < 0)
	132	log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
	133
a103496c	134	r = capability_bounding_set_drop(retain, true);
b6e676ce LP	135	if (r < 0)
	136	log_error_errno(r, "Failed to drop capabilities, ignoring: %m");
	137
2944758c	138	execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", "--xattrs", "--xattrs-include=*", NULL);
b6e676ce LP	139	log_error_errno(errno, "Failed to execute tar: %m");
	140	_exit(EXIT_FAILURE);
	141	}
	142
	143	pipefd[0] = safe_close(pipefd[0]);
	144	r = pipefd[1];
	145	pipefd[1] = -1;
	146
	147	*ret = pid;
	148
	149	return r;
	150	}
587fec42 LP	151
	152	int import_fork_tar_c(const char path, pid_t ret) {
	153	_cleanup_close_pair_ int pipefd[2] = { -1, -1 };
	154	pid_t pid;
	155	int r;
	156
	157	assert(path);
	158	assert(ret);
	159
	160	if (pipe2(pipefd, O_CLOEXEC) < 0)
	161	return log_error_errno(errno, "Failed to create pipe for tar: %m");
	162
	163	pid = fork();
	164	if (pid < 0)
	165	return log_error_errno(errno, "Failed to fork off tar: %m");
	166
	167	if (pid == 0) {
	168	int null_fd;
	169	uint64_t retain = (1ULL << CAP_DAC_OVERRIDE);
	170
	171	/* Child */
	172
ce30c8dc LP	173	(void) reset_all_signal_handlers();
ce30c8dc LP	174	(void) reset_signal_mask();
587fec42 LP	175	assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
	176
	177	pipefd[0] = safe_close(pipefd[0]);
	178
	179	if (dup2(pipefd[1], STDOUT_FILENO) != STDOUT_FILENO) {
	180	log_error_errno(errno, "Failed to dup2() fd: %m");
	181	_exit(EXIT_FAILURE);
	182	}
	183
	184	if (pipefd[1] != STDOUT_FILENO)
	185	pipefd[1] = safe_close(pipefd[1]);
	186
	187	null_fd = open("/dev/null", O_RDONLY\|O_NOCTTY);
	188	if (null_fd < 0) {
	189	log_error_errno(errno, "Failed to open /dev/null: %m");
	190	_exit(EXIT_FAILURE);
	191	}
	192
	193	if (dup2(null_fd, STDIN_FILENO) != STDIN_FILENO) {
	194	log_error_errno(errno, "Failed to dup2() fd: %m");
	195	_exit(EXIT_FAILURE);
	196	}
	197
	198	if (null_fd != STDIN_FILENO)
	199	null_fd = safe_close(null_fd);
	200
913f38e4	201	stdio_unset_cloexec();
587fec42 LP	202
	203	if (unshare(CLONE_NEWNET) < 0)
	204	log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
	205
a103496c	206	r = capability_bounding_set_drop(retain, true);
587fec42 LP	207	if (r < 0)
	208	log_error_errno(r, "Failed to drop capabilities, ignoring: %m");
	209
2944758c	210	execlp("tar", "tar", "-C", path, "-c", "--xattrs", "--xattrs-include=*", ".", NULL);
587fec42 LP	211	log_error_errno(errno, "Failed to execute tar: %m");
	212	_exit(EXIT_FAILURE);
	213	}
	214
	215	pipefd[1] = safe_close(pipefd[1]);
	216	r = pipefd[0];
	217	pipefd[0] = -1;
	218
	219	*ret = pid;
	220
	221	return r;
	222	}