]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
b6e676ce LP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2015 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
618234a5 | 21 | #include <sched.h> |
b6e676ce LP |
22 | #include <sys/prctl.h> |
23 | #include <sys/stat.h> | |
24 | #include <unistd.h> | |
25 | ||
b6e676ce | 26 | #include "btrfs-util.h" |
430f0182 | 27 | #include "capability-util.h" |
3ffd4af2 LP |
28 | #include "fd-util.h" |
29 | #include "import-common.h" | |
24882e06 | 30 | #include "signal-util.h" |
618234a5 | 31 | #include "util.h" |
b6e676ce LP |
32 | |
33 | int import_make_read_only_fd(int fd) { | |
34 | int r; | |
35 | ||
36 | assert(fd >= 0); | |
37 | ||
38 | /* First, let's make this a read-only subvolume if it refers | |
39 | * to a subvolume */ | |
40 | r = btrfs_subvol_set_read_only_fd(fd, true); | |
4c701096 | 41 | if (IN_SET(r, -ENOTTY, -ENOTDIR, -EINVAL)) { |
b6e676ce LP |
42 | struct stat st; |
43 | ||
44 | /* This doesn't refer to a subvolume, or the file | |
45 | * system isn't even btrfs. In that, case fall back to | |
46 | * chmod()ing */ | |
47 | ||
48 | r = fstat(fd, &st); | |
49 | if (r < 0) | |
50 | return log_error_errno(errno, "Failed to stat temporary image: %m"); | |
51 | ||
52 | /* Drop "w" flag */ | |
53 | if (fchmod(fd, st.st_mode & 07555) < 0) | |
54 | return log_error_errno(errno, "Failed to chmod() final image: %m"); | |
55 | ||
56 | return 0; | |
57 | ||
58 | } else if (r < 0) | |
59 | return log_error_errno(r, "Failed to make subvolume read-only: %m"); | |
60 | ||
61 | return 0; | |
62 | } | |
63 | ||
64 | int import_make_read_only(const char *path) { | |
65 | _cleanup_close_ int fd = 1; | |
66 | ||
67 | fd = open(path, O_RDONLY|O_NOCTTY|O_CLOEXEC); | |
68 | if (fd < 0) | |
69 | return log_error_errno(errno, "Failed to open %s: %m", path); | |
70 | ||
71 | return import_make_read_only_fd(fd); | |
72 | } | |
73 | ||
587fec42 | 74 | int import_fork_tar_x(const char *path, pid_t *ret) { |
b6e676ce LP |
75 | _cleanup_close_pair_ int pipefd[2] = { -1, -1 }; |
76 | pid_t pid; | |
77 | int r; | |
78 | ||
79 | assert(path); | |
80 | assert(ret); | |
81 | ||
82 | if (pipe2(pipefd, O_CLOEXEC) < 0) | |
83 | return log_error_errno(errno, "Failed to create pipe for tar: %m"); | |
84 | ||
85 | pid = fork(); | |
86 | if (pid < 0) | |
87 | return log_error_errno(errno, "Failed to fork off tar: %m"); | |
88 | ||
89 | if (pid == 0) { | |
90 | int null_fd; | |
91 | uint64_t retain = | |
92 | (1ULL << CAP_CHOWN) | | |
93 | (1ULL << CAP_FOWNER) | | |
94 | (1ULL << CAP_FSETID) | | |
95 | (1ULL << CAP_MKNOD) | | |
96 | (1ULL << CAP_SETFCAP) | | |
97 | (1ULL << CAP_DAC_OVERRIDE); | |
98 | ||
99 | /* Child */ | |
100 | ||
ce30c8dc LP |
101 | (void) reset_all_signal_handlers(); |
102 | (void) reset_signal_mask(); | |
b6e676ce LP |
103 | assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); |
104 | ||
105 | pipefd[1] = safe_close(pipefd[1]); | |
106 | ||
107 | if (dup2(pipefd[0], STDIN_FILENO) != STDIN_FILENO) { | |
108 | log_error_errno(errno, "Failed to dup2() fd: %m"); | |
109 | _exit(EXIT_FAILURE); | |
110 | } | |
111 | ||
112 | if (pipefd[0] != STDIN_FILENO) | |
113 | pipefd[0] = safe_close(pipefd[0]); | |
114 | ||
115 | null_fd = open("/dev/null", O_WRONLY|O_NOCTTY); | |
116 | if (null_fd < 0) { | |
117 | log_error_errno(errno, "Failed to open /dev/null: %m"); | |
118 | _exit(EXIT_FAILURE); | |
119 | } | |
120 | ||
121 | if (dup2(null_fd, STDOUT_FILENO) != STDOUT_FILENO) { | |
122 | log_error_errno(errno, "Failed to dup2() fd: %m"); | |
123 | _exit(EXIT_FAILURE); | |
124 | } | |
125 | ||
126 | if (null_fd != STDOUT_FILENO) | |
127 | null_fd = safe_close(null_fd); | |
128 | ||
913f38e4 | 129 | stdio_unset_cloexec(); |
b6e676ce LP |
130 | |
131 | if (unshare(CLONE_NEWNET) < 0) | |
132 | log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m"); | |
133 | ||
a103496c | 134 | r = capability_bounding_set_drop(retain, true); |
b6e676ce LP |
135 | if (r < 0) |
136 | log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); | |
137 | ||
2944758c | 138 | execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", "--xattrs", "--xattrs-include=*", NULL); |
b6e676ce LP |
139 | log_error_errno(errno, "Failed to execute tar: %m"); |
140 | _exit(EXIT_FAILURE); | |
141 | } | |
142 | ||
143 | pipefd[0] = safe_close(pipefd[0]); | |
144 | r = pipefd[1]; | |
145 | pipefd[1] = -1; | |
146 | ||
147 | *ret = pid; | |
148 | ||
149 | return r; | |
150 | } | |
587fec42 LP |
151 | |
152 | int import_fork_tar_c(const char *path, pid_t *ret) { | |
153 | _cleanup_close_pair_ int pipefd[2] = { -1, -1 }; | |
154 | pid_t pid; | |
155 | int r; | |
156 | ||
157 | assert(path); | |
158 | assert(ret); | |
159 | ||
160 | if (pipe2(pipefd, O_CLOEXEC) < 0) | |
161 | return log_error_errno(errno, "Failed to create pipe for tar: %m"); | |
162 | ||
163 | pid = fork(); | |
164 | if (pid < 0) | |
165 | return log_error_errno(errno, "Failed to fork off tar: %m"); | |
166 | ||
167 | if (pid == 0) { | |
168 | int null_fd; | |
169 | uint64_t retain = (1ULL << CAP_DAC_OVERRIDE); | |
170 | ||
171 | /* Child */ | |
172 | ||
ce30c8dc LP |
173 | (void) reset_all_signal_handlers(); |
174 | (void) reset_signal_mask(); | |
587fec42 LP |
175 | assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); |
176 | ||
177 | pipefd[0] = safe_close(pipefd[0]); | |
178 | ||
179 | if (dup2(pipefd[1], STDOUT_FILENO) != STDOUT_FILENO) { | |
180 | log_error_errno(errno, "Failed to dup2() fd: %m"); | |
181 | _exit(EXIT_FAILURE); | |
182 | } | |
183 | ||
184 | if (pipefd[1] != STDOUT_FILENO) | |
185 | pipefd[1] = safe_close(pipefd[1]); | |
186 | ||
187 | null_fd = open("/dev/null", O_RDONLY|O_NOCTTY); | |
188 | if (null_fd < 0) { | |
189 | log_error_errno(errno, "Failed to open /dev/null: %m"); | |
190 | _exit(EXIT_FAILURE); | |
191 | } | |
192 | ||
193 | if (dup2(null_fd, STDIN_FILENO) != STDIN_FILENO) { | |
194 | log_error_errno(errno, "Failed to dup2() fd: %m"); | |
195 | _exit(EXIT_FAILURE); | |
196 | } | |
197 | ||
198 | if (null_fd != STDIN_FILENO) | |
199 | null_fd = safe_close(null_fd); | |
200 | ||
913f38e4 | 201 | stdio_unset_cloexec(); |
587fec42 LP |
202 | |
203 | if (unshare(CLONE_NEWNET) < 0) | |
204 | log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m"); | |
205 | ||
a103496c | 206 | r = capability_bounding_set_drop(retain, true); |
587fec42 LP |
207 | if (r < 0) |
208 | log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); | |
209 | ||
2944758c | 210 | execlp("tar", "tar", "-C", path, "-c", "--xattrs", "--xattrs-include=*", ".", NULL); |
587fec42 LP |
211 | log_error_errno(errno, "Failed to execute tar: %m"); |
212 | _exit(EXIT_FAILURE); | |
213 | } | |
214 | ||
215 | pipefd[1] = safe_close(pipefd[1]); | |
216 | r = pipefd[0]; | |
217 | pipefd[0] = -1; | |
218 | ||
219 | *ret = pid; | |
220 | ||
221 | return r; | |
222 | } |