[thirdparty/systemd.git] / src / import / import-common.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <sched.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <unistd.h>

#include "alloc-util.h"
#include "btrfs-util.h"
#include "capability-util.h"
#include "dirent-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "fs-util.h"
#include "import-common.h"
#include "os-util.h"
#include "process-util.h"
#include "signal-util.h"
#include "tmpfile-util.h"
#include "util.h"

int import_make_read_only_fd(int fd) {
        int r;

        assert(fd >= 0);

        /* First, let's make this a read-only subvolume if it refers
         * to a subvolume */
        r = btrfs_subvol_set_read_only_fd(fd, true);
        if (IN_SET(r, -ENOTTY, -ENOTDIR, -EINVAL)) {
                struct stat st;

                /* This doesn't refer to a subvolume, or the file
                 * system isn't even btrfs. In that, case fall back to
                 * chmod()ing */

                r = fstat(fd, &st);
                if (r < 0)
                        return log_error_errno(errno, "Failed to stat temporary image: %m");

                /* Drop "w" flag */
                if (fchmod(fd, st.st_mode & 07555) < 0)
                        return log_error_errno(errno, "Failed to chmod() final image: %m");

                return 0;

        } else if (r < 0)
                return log_error_errno(r, "Failed to make subvolume read-only: %m");

        return 0;
}

int import_make_read_only(const char *path) {
        _cleanup_close_ int fd = 1;

        fd = open(path, O_RDONLY|O_NOCTTY|O_CLOEXEC);
        if (fd < 0)
                return log_error_errno(errno, "Failed to open %s: %m", path);

        return import_make_read_only_fd(fd);
}

int import_fork_tar_x(const char *path, pid_t *ret) {
        _cleanup_close_pair_ int pipefd[2] = { -1, -1 };
        pid_t pid;
        int r;

        assert(path);
        assert(ret);

        if (pipe2(pipefd, O_CLOEXEC) < 0)
                return log_error_errno(errno, "Failed to create pipe for tar: %m");

        r = safe_fork("(tar)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
                uint64_t retain =
                        (1ULL << CAP_CHOWN) |
                        (1ULL << CAP_FOWNER) |
                        (1ULL << CAP_FSETID) |
                        (1ULL << CAP_MKNOD) |
                        (1ULL << CAP_SETFCAP) |
                        (1ULL << CAP_DAC_OVERRIDE);

                /* Child */

                pipefd[1] = safe_close(pipefd[1]);

                r = rearrange_stdio(pipefd[0], -1, STDERR_FILENO);
                if (r < 0) {
                        log_error_errno(r, "Failed to rearrange stdin/stdout: %m");
                        _exit(EXIT_FAILURE);
                }

                if (unshare(CLONE_NEWNET) < 0)
                        log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");

                r = capability_bounding_set_drop(retain, true);
                if (r < 0)
                        log_error_errno(r, "Failed to drop capabilities, ignoring: %m");

                execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", "--xattrs", "--xattrs-include=*", NULL);
                log_error_errno(errno, "Failed to execute tar: %m");
                _exit(EXIT_FAILURE);
        }

        *ret = pid;

        return TAKE_FD(pipefd[1]);
}

int import_fork_tar_c(const char *path, pid_t *ret) {
        _cleanup_close_pair_ int pipefd[2] = { -1, -1 };
        pid_t pid;
        int r;

        assert(path);
        assert(ret);

        if (pipe2(pipefd, O_CLOEXEC) < 0)
                return log_error_errno(errno, "Failed to create pipe for tar: %m");

        r = safe_fork("(tar)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
                uint64_t retain = (1ULL << CAP_DAC_OVERRIDE);

                /* Child */

                pipefd[0] = safe_close(pipefd[0]);

                r = rearrange_stdio(-1, pipefd[1], STDERR_FILENO);
                if (r < 0) {
                        log_error_errno(r, "Failed to rearrange stdin/stdout: %m");
                        _exit(EXIT_FAILURE);
                }

                if (unshare(CLONE_NEWNET) < 0)
                        log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");

                r = capability_bounding_set_drop(retain, true);
                if (r < 0)
                        log_error_errno(r, "Failed to drop capabilities, ignoring: %m");

                execlp("tar", "tar", "-C", path, "-c", "--xattrs", "--xattrs-include=*", ".", NULL);
                log_error_errno(errno, "Failed to execute tar: %m");
                _exit(EXIT_FAILURE);
        }

        *ret = pid;

        return TAKE_FD(pipefd[0]);
}

int import_mangle_os_tree(const char *path) {
        _cleanup_closedir_ DIR *d = NULL, *cd = NULL;
        _cleanup_free_ char *child = NULL, *t = NULL;
        const char *joined;
        struct dirent *de;
        int r;

        assert(path);

        /* Some tarballs contain a single top-level directory that contains the actual OS directory tree. Try to
         * recognize this, and move the tree one level up. */

        r = path_is_os_tree(path);
        if (r < 0)
                return log_error_errno(r, "Failed to determine whether '%s' is an OS tree: %m", path);
        if (r > 0) {
                log_debug("Directory tree '%s' is a valid OS tree.", path);
                return 0;
        }

        log_debug("Directory tree '%s' is not recognizable as OS tree, checking whether to rearrange it.", path);

        d = opendir(path);
        if (!d)
                return log_error_errno(r, "Failed to open directory '%s': %m", path);

        errno = 0;
        de = readdir_no_dot(d);
        if (!de) {
                if (errno != 0)
                        return log_error_errno(errno, "Failed to iterate through directory '%s': %m", path);

                log_debug("Directory '%s' is empty, leaving it as it is.", path);
                return 0;
        }

        child = strdup(de->d_name);
        if (!child)
                return log_oom();

        errno = 0;
        de = readdir_no_dot(d);
        if (de) {
                if (errno != 0)
                        return log_error_errno(errno, "Failed to iterate through directory '%s': %m", path);

                log_debug("Directory '%s' does not look like a directory tree, and has multiple children, leaving as it is.", path);
                return 0;
        }

        joined = strjoina(path, "/", child);
        r = path_is_os_tree(joined);
        if (r == -ENOTDIR) {
                log_debug("Directory '%s' does not look like a directory tree, and contains a single regular file only, leaving as it is.", path);
                return 0;
        }
        if (r < 0)
                return log_error_errno(r, "Failed to determine whether '%s' is an OS tree: %m", joined);
        if (r == 0) {
                log_debug("Neither '%s' nor '%s' is a valid OS tree, leaving them as they are.", path, joined);
                return 0;
        }

        /* Nice, we have checked now:
         *
         * 1. The top-level directory does not qualify as OS tree
         * 1. The top-level directory only contains one item
         * 2. That item is a directory
         * 3. And that directory qualifies as OS tree
         *
         * Let's now rearrange things, moving everything in the inner directory one level up */

        cd = xopendirat(dirfd(d), child, O_NOFOLLOW);
        if (!cd)
                return log_error_errno(errno, "Can't open directory '%s': %m", joined);

        log_info("Rearranging '%s', moving OS tree one directory up.", joined);

        /* Let's rename the child to an unguessable name so that we can be sure all files contained in it can be
         * safely moved up and won't collide with the name. */
        r = tempfn_random(child, NULL, &t);
        if (r < 0)
                return log_oom();
        r = rename_noreplace(dirfd(d), child, dirfd(d), t);
        if (r < 0)
                return log_error_errno(r, "Unable to rename '%s' to '%s/%s': %m", joined, path, t);

        FOREACH_DIRENT_ALL(de, cd, return log_error_errno(errno, "Failed to iterate through directory '%s': %m", joined)) {
                if (dot_or_dot_dot(de->d_name))
                        continue;

                r = rename_noreplace(dirfd(cd), de->d_name, dirfd(d), de->d_name);
                if (r < 0)
                        return log_error_errno(r, "Unable to move '%s/%s/%s' to '%s/%s': %m", path, t, de->d_name, path, de->d_name);
        }

        if (unlinkat(dirfd(d), t, AT_REMOVEDIR) < 0)
                return log_error_errno(errno, "Failed to remove temporary directory '%s/%s': %m", path, t);

        log_info("Successfully rearranged OS tree.");

        return 0;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
b6e676ce	2
618234a5	3	#include <sched.h>
b6e676ce LP	4	#include <sys/prctl.h>
	5	#include <sys/stat.h>
	6	#include <unistd.h>
	7
e21b7229	8	#include "alloc-util.h"
b6e676ce	9	#include "btrfs-util.h"
430f0182	10	#include "capability-util.h"
e21b7229	11	#include "dirent-util.h"
3ffd4af2	12	#include "fd-util.h"
e21b7229 LP	13	#include "fileio.h"
e21b7229 LP	14	#include "fs-util.h"
3ffd4af2	15	#include "import-common.h"
e21b7229	16	#include "os-util.h"
dccca82b	17	#include "process-util.h"
24882e06	18	#include "signal-util.h"
e4de7287	19	#include "tmpfile-util.h"
618234a5	20	#include "util.h"
b6e676ce LP	21
	22	int import_make_read_only_fd(int fd) {
	23	int r;
	24
	25	assert(fd >= 0);
	26
	27	/* First, let's make this a read-only subvolume if it refers
	28	* to a subvolume */
	29	r = btrfs_subvol_set_read_only_fd(fd, true);
4c701096	30	if (IN_SET(r, -ENOTTY, -ENOTDIR, -EINVAL)) {
b6e676ce LP	31	struct stat st;
	32
	33	/* This doesn't refer to a subvolume, or the file
	34	* system isn't even btrfs. In that, case fall back to
	35	* chmod()ing */
	36
	37	r = fstat(fd, &st);
	38	if (r < 0)
	39	return log_error_errno(errno, "Failed to stat temporary image: %m");
	40
	41	/* Drop "w" flag */
	42	if (fchmod(fd, st.st_mode & 07555) < 0)
	43	return log_error_errno(errno, "Failed to chmod() final image: %m");
	44
	45	return 0;
	46
	47	} else if (r < 0)
	48	return log_error_errno(r, "Failed to make subvolume read-only: %m");
	49
	50	return 0;
	51	}
	52
	53	int import_make_read_only(const char *path) {
	54	_cleanup_close_ int fd = 1;
	55
	56	fd = open(path, O_RDONLY\|O_NOCTTY\|O_CLOEXEC);
	57	if (fd < 0)
	58	return log_error_errno(errno, "Failed to open %s: %m", path);
	59
	60	return import_make_read_only_fd(fd);
	61	}
	62
587fec42	63	int import_fork_tar_x(const char path, pid_t ret) {
b6e676ce LP	64	_cleanup_close_pair_ int pipefd[2] = { -1, -1 };
	65	pid_t pid;
	66	int r;
	67
	68	assert(path);
	69	assert(ret);
	70
	71	if (pipe2(pipefd, O_CLOEXEC) < 0)
	72	return log_error_errno(errno, "Failed to create pipe for tar: %m");
	73
b6e1fff1	74	r = safe_fork("(tar)", FORK_RESET_SIGNALS\|FORK_DEATHSIG\|FORK_LOG, &pid);
4c253ed1	75	if (r < 0)
b6e1fff1	76	return r;
4c253ed1	77	if (r == 0) {
b6e676ce LP	78	uint64_t retain =
	79	(1ULL << CAP_CHOWN) \|
	80	(1ULL << CAP_FOWNER) \|
	81	(1ULL << CAP_FSETID) \|
	82	(1ULL << CAP_MKNOD) \|
	83	(1ULL << CAP_SETFCAP) \|
	84	(1ULL << CAP_DAC_OVERRIDE);
	85
	86	/* Child */
	87
b6e676ce LP	88	pipefd[1] = safe_close(pipefd[1]);
b6e676ce LP	89
2b33ab09	90	r = rearrange_stdio(pipefd[0], -1, STDERR_FILENO);
046a82c1	91	if (r < 0) {
2b33ab09	92	log_error_errno(r, "Failed to rearrange stdin/stdout: %m");
b6e676ce LP	93	_exit(EXIT_FAILURE);
	94	}
	95
b6e676ce LP	96	if (unshare(CLONE_NEWNET) < 0)
	97	log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
	98
a103496c	99	r = capability_bounding_set_drop(retain, true);
b6e676ce LP	100	if (r < 0)
	101	log_error_errno(r, "Failed to drop capabilities, ignoring: %m");
	102
2944758c	103	execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", "--xattrs", "--xattrs-include=*", NULL);
b6e676ce LP	104	log_error_errno(errno, "Failed to execute tar: %m");
	105	_exit(EXIT_FAILURE);
	106	}
	107
b6e676ce LP	108	*ret = pid;
b6e676ce LP	109
c10d6bdb	110	return TAKE_FD(pipefd[1]);
b6e676ce	111	}
587fec42 LP	112
	113	int import_fork_tar_c(const char path, pid_t ret) {
	114	_cleanup_close_pair_ int pipefd[2] = { -1, -1 };
	115	pid_t pid;
	116	int r;
	117
	118	assert(path);
	119	assert(ret);
	120
	121	if (pipe2(pipefd, O_CLOEXEC) < 0)
	122	return log_error_errno(errno, "Failed to create pipe for tar: %m");
	123
b6e1fff1	124	r = safe_fork("(tar)", FORK_RESET_SIGNALS\|FORK_DEATHSIG\|FORK_LOG, &pid);
4c253ed1	125	if (r < 0)
b6e1fff1	126	return r;
4c253ed1	127	if (r == 0) {
587fec42 LP	128	uint64_t retain = (1ULL << CAP_DAC_OVERRIDE);
	129
	130	/* Child */
	131
587fec42 LP	132	pipefd[0] = safe_close(pipefd[0]);
587fec42 LP	133
2b33ab09	134	r = rearrange_stdio(-1, pipefd[1], STDERR_FILENO);
046a82c1	135	if (r < 0) {
2b33ab09	136	log_error_errno(r, "Failed to rearrange stdin/stdout: %m");
587fec42 LP	137	_exit(EXIT_FAILURE);
	138	}
	139
587fec42 LP	140	if (unshare(CLONE_NEWNET) < 0)
	141	log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
	142
a103496c	143	r = capability_bounding_set_drop(retain, true);
587fec42 LP	144	if (r < 0)
	145	log_error_errno(r, "Failed to drop capabilities, ignoring: %m");
	146
2944758c	147	execlp("tar", "tar", "-C", path, "-c", "--xattrs", "--xattrs-include=*", ".", NULL);
587fec42 LP	148	log_error_errno(errno, "Failed to execute tar: %m");
	149	_exit(EXIT_FAILURE);
	150	}
	151
587fec42 LP	152	*ret = pid;
587fec42 LP	153
c10d6bdb	154	return TAKE_FD(pipefd[0]);
587fec42	155	}
e21b7229 LP	156
	157	int import_mangle_os_tree(const char *path) {
	158	_cleanup_closedir_ DIR d = NULL, cd = NULL;
	159	_cleanup_free_ char child = NULL, t = NULL;
	160	const char *joined;
	161	struct dirent *de;
	162	int r;
	163
	164	assert(path);
	165
	166	/* Some tarballs contain a single top-level directory that contains the actual OS directory tree. Try to
	167	* recognize this, and move the tree one level up. */
	168
	169	r = path_is_os_tree(path);
	170	if (r < 0)
	171	return log_error_errno(r, "Failed to determine whether '%s' is an OS tree: %m", path);
	172	if (r > 0) {
	173	log_debug("Directory tree '%s' is a valid OS tree.", path);
	174	return 0;
	175	}
	176
	177	log_debug("Directory tree '%s' is not recognizable as OS tree, checking whether to rearrange it.", path);
	178
	179	d = opendir(path);
	180	if (!d)
	181	return log_error_errno(r, "Failed to open directory '%s': %m", path);
	182
	183	errno = 0;
	184	de = readdir_no_dot(d);
	185	if (!de) {
	186	if (errno != 0)
	187	return log_error_errno(errno, "Failed to iterate through directory '%s': %m", path);
	188
	189	log_debug("Directory '%s' is empty, leaving it as it is.", path);
	190	return 0;
	191	}
	192
	193	child = strdup(de->d_name);
	194	if (!child)
	195	return log_oom();
	196
	197	errno = 0;
	198	de = readdir_no_dot(d);
	199	if (de) {
	200	if (errno != 0)
	201	return log_error_errno(errno, "Failed to iterate through directory '%s': %m", path);
	202
	203	log_debug("Directory '%s' does not look like a directory tree, and has multiple children, leaving as it is.", path);
	204	return 0;
	205	}
	206
	207	joined = strjoina(path, "/", child);
	208	r = path_is_os_tree(joined);
	209	if (r == -ENOTDIR) {
	210	log_debug("Directory '%s' does not look like a directory tree, and contains a single regular file only, leaving as it is.", path);
	211	return 0;
	212	}
	213	if (r < 0)
	214	return log_error_errno(r, "Failed to determine whether '%s' is an OS tree: %m", joined);
	215	if (r == 0) {
	216	log_debug("Neither '%s' nor '%s' is a valid OS tree, leaving them as they are.", path, joined);
	217	return 0;
	218	}
	219
220	/* Nice, we have checked now:
221	*
222	* 1. The top-level directory does not qualify as OS tree
223	* 1. The top-level directory only contains one item
224	* 2. That item is a directory
225	* 3. And that directory qualifies as OS tree
226	*
227	* Let's now rearrange things, moving everything in the inner directory one level up */
228
229	cd = xopendirat(dirfd(d), child, O_NOFOLLOW);
230	if (!cd)
231	return log_error_errno(errno, "Can't open directory '%s': %m", joined);
232
233	log_info("Rearranging '%s', moving OS tree one directory up.", joined);
234
235	/* Let's rename the child to an unguessable name so that we can be sure all files contained in it can be
236	* safely moved up and won't collide with the name. */
237	r = tempfn_random(child, NULL, &t);
238	if (r < 0)
239	return log_oom();
240	r = rename_noreplace(dirfd(d), child, dirfd(d), t);
241	if (r < 0)
242	return log_error_errno(r, "Unable to rename '%s' to '%s/%s': %m", joined, path, t);
243
244	FOREACH_DIRENT_ALL(de, cd, return log_error_errno(errno, "Failed to iterate through directory '%s': %m", joined)) {
245	if (dot_or_dot_dot(de->d_name))
246	continue;
247
248	r = rename_noreplace(dirfd(cd), de->d_name, dirfd(d), de->d_name);
249	if (r < 0)
250	return log_error_errno(r, "Unable to move '%s/%s/%s' to '%s/%s': %m", path, t, de->d_name, path, de->d_name);
251	}
252
253	if (unlinkat(dirfd(d), t, AT_REMOVEDIR) < 0)
254	return log_error_errno(errno, "Failed to remove temporary directory '%s/%s': %m", path, t);
255
256	log_info("Successfully rearranged OS tree.");
257
258	return 0;
259	}