]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
b6e676ce | 2 | |
618234a5 | 3 | #include <sched.h> |
b6e676ce LP |
4 | #include <sys/prctl.h> |
5 | #include <sys/stat.h> | |
6 | #include <unistd.h> | |
7 | ||
e21b7229 | 8 | #include "alloc-util.h" |
b6e676ce | 9 | #include "btrfs-util.h" |
430f0182 | 10 | #include "capability-util.h" |
e21b7229 | 11 | #include "dirent-util.h" |
3ffd4af2 | 12 | #include "fd-util.h" |
e21b7229 LP |
13 | #include "fileio.h" |
14 | #include "fs-util.h" | |
3ffd4af2 | 15 | #include "import-common.h" |
e21b7229 | 16 | #include "os-util.h" |
dccca82b | 17 | #include "process-util.h" |
24882e06 | 18 | #include "signal-util.h" |
e4de7287 | 19 | #include "tmpfile-util.h" |
618234a5 | 20 | #include "util.h" |
b6e676ce LP |
21 | |
22 | int import_make_read_only_fd(int fd) { | |
23 | int r; | |
24 | ||
25 | assert(fd >= 0); | |
26 | ||
27 | /* First, let's make this a read-only subvolume if it refers | |
28 | * to a subvolume */ | |
29 | r = btrfs_subvol_set_read_only_fd(fd, true); | |
4c701096 | 30 | if (IN_SET(r, -ENOTTY, -ENOTDIR, -EINVAL)) { |
b6e676ce LP |
31 | struct stat st; |
32 | ||
33 | /* This doesn't refer to a subvolume, or the file | |
34 | * system isn't even btrfs. In that, case fall back to | |
35 | * chmod()ing */ | |
36 | ||
37 | r = fstat(fd, &st); | |
38 | if (r < 0) | |
39 | return log_error_errno(errno, "Failed to stat temporary image: %m"); | |
40 | ||
41 | /* Drop "w" flag */ | |
42 | if (fchmod(fd, st.st_mode & 07555) < 0) | |
43 | return log_error_errno(errno, "Failed to chmod() final image: %m"); | |
44 | ||
45 | return 0; | |
46 | ||
47 | } else if (r < 0) | |
48 | return log_error_errno(r, "Failed to make subvolume read-only: %m"); | |
49 | ||
50 | return 0; | |
51 | } | |
52 | ||
53 | int import_make_read_only(const char *path) { | |
54 | _cleanup_close_ int fd = 1; | |
55 | ||
56 | fd = open(path, O_RDONLY|O_NOCTTY|O_CLOEXEC); | |
57 | if (fd < 0) | |
58 | return log_error_errno(errno, "Failed to open %s: %m", path); | |
59 | ||
60 | return import_make_read_only_fd(fd); | |
61 | } | |
62 | ||
587fec42 | 63 | int import_fork_tar_x(const char *path, pid_t *ret) { |
b6e676ce LP |
64 | _cleanup_close_pair_ int pipefd[2] = { -1, -1 }; |
65 | pid_t pid; | |
66 | int r; | |
67 | ||
68 | assert(path); | |
69 | assert(ret); | |
70 | ||
71 | if (pipe2(pipefd, O_CLOEXEC) < 0) | |
72 | return log_error_errno(errno, "Failed to create pipe for tar: %m"); | |
73 | ||
b6e1fff1 | 74 | r = safe_fork("(tar)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); |
4c253ed1 | 75 | if (r < 0) |
b6e1fff1 | 76 | return r; |
4c253ed1 | 77 | if (r == 0) { |
b6e676ce LP |
78 | uint64_t retain = |
79 | (1ULL << CAP_CHOWN) | | |
80 | (1ULL << CAP_FOWNER) | | |
81 | (1ULL << CAP_FSETID) | | |
82 | (1ULL << CAP_MKNOD) | | |
83 | (1ULL << CAP_SETFCAP) | | |
84 | (1ULL << CAP_DAC_OVERRIDE); | |
85 | ||
86 | /* Child */ | |
87 | ||
b6e676ce LP |
88 | pipefd[1] = safe_close(pipefd[1]); |
89 | ||
2b33ab09 | 90 | r = rearrange_stdio(pipefd[0], -1, STDERR_FILENO); |
046a82c1 | 91 | if (r < 0) { |
2b33ab09 | 92 | log_error_errno(r, "Failed to rearrange stdin/stdout: %m"); |
b6e676ce LP |
93 | _exit(EXIT_FAILURE); |
94 | } | |
95 | ||
b6e676ce LP |
96 | if (unshare(CLONE_NEWNET) < 0) |
97 | log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m"); | |
98 | ||
a103496c | 99 | r = capability_bounding_set_drop(retain, true); |
b6e676ce LP |
100 | if (r < 0) |
101 | log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); | |
102 | ||
2944758c | 103 | execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", "--xattrs", "--xattrs-include=*", NULL); |
b6e676ce LP |
104 | log_error_errno(errno, "Failed to execute tar: %m"); |
105 | _exit(EXIT_FAILURE); | |
106 | } | |
107 | ||
b6e676ce LP |
108 | *ret = pid; |
109 | ||
c10d6bdb | 110 | return TAKE_FD(pipefd[1]); |
b6e676ce | 111 | } |
587fec42 LP |
112 | |
113 | int import_fork_tar_c(const char *path, pid_t *ret) { | |
114 | _cleanup_close_pair_ int pipefd[2] = { -1, -1 }; | |
115 | pid_t pid; | |
116 | int r; | |
117 | ||
118 | assert(path); | |
119 | assert(ret); | |
120 | ||
121 | if (pipe2(pipefd, O_CLOEXEC) < 0) | |
122 | return log_error_errno(errno, "Failed to create pipe for tar: %m"); | |
123 | ||
b6e1fff1 | 124 | r = safe_fork("(tar)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); |
4c253ed1 | 125 | if (r < 0) |
b6e1fff1 | 126 | return r; |
4c253ed1 | 127 | if (r == 0) { |
587fec42 LP |
128 | uint64_t retain = (1ULL << CAP_DAC_OVERRIDE); |
129 | ||
130 | /* Child */ | |
131 | ||
587fec42 LP |
132 | pipefd[0] = safe_close(pipefd[0]); |
133 | ||
2b33ab09 | 134 | r = rearrange_stdio(-1, pipefd[1], STDERR_FILENO); |
046a82c1 | 135 | if (r < 0) { |
2b33ab09 | 136 | log_error_errno(r, "Failed to rearrange stdin/stdout: %m"); |
587fec42 LP |
137 | _exit(EXIT_FAILURE); |
138 | } | |
139 | ||
587fec42 LP |
140 | if (unshare(CLONE_NEWNET) < 0) |
141 | log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m"); | |
142 | ||
a103496c | 143 | r = capability_bounding_set_drop(retain, true); |
587fec42 LP |
144 | if (r < 0) |
145 | log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); | |
146 | ||
2944758c | 147 | execlp("tar", "tar", "-C", path, "-c", "--xattrs", "--xattrs-include=*", ".", NULL); |
587fec42 LP |
148 | log_error_errno(errno, "Failed to execute tar: %m"); |
149 | _exit(EXIT_FAILURE); | |
150 | } | |
151 | ||
587fec42 LP |
152 | *ret = pid; |
153 | ||
c10d6bdb | 154 | return TAKE_FD(pipefd[0]); |
587fec42 | 155 | } |
e21b7229 LP |
156 | |
157 | int import_mangle_os_tree(const char *path) { | |
158 | _cleanup_closedir_ DIR *d = NULL, *cd = NULL; | |
159 | _cleanup_free_ char *child = NULL, *t = NULL; | |
160 | const char *joined; | |
161 | struct dirent *de; | |
162 | int r; | |
163 | ||
164 | assert(path); | |
165 | ||
166 | /* Some tarballs contain a single top-level directory that contains the actual OS directory tree. Try to | |
167 | * recognize this, and move the tree one level up. */ | |
168 | ||
169 | r = path_is_os_tree(path); | |
170 | if (r < 0) | |
171 | return log_error_errno(r, "Failed to determine whether '%s' is an OS tree: %m", path); | |
172 | if (r > 0) { | |
173 | log_debug("Directory tree '%s' is a valid OS tree.", path); | |
174 | return 0; | |
175 | } | |
176 | ||
177 | log_debug("Directory tree '%s' is not recognizable as OS tree, checking whether to rearrange it.", path); | |
178 | ||
179 | d = opendir(path); | |
180 | if (!d) | |
181 | return log_error_errno(r, "Failed to open directory '%s': %m", path); | |
182 | ||
183 | errno = 0; | |
184 | de = readdir_no_dot(d); | |
185 | if (!de) { | |
186 | if (errno != 0) | |
187 | return log_error_errno(errno, "Failed to iterate through directory '%s': %m", path); | |
188 | ||
189 | log_debug("Directory '%s' is empty, leaving it as it is.", path); | |
190 | return 0; | |
191 | } | |
192 | ||
193 | child = strdup(de->d_name); | |
194 | if (!child) | |
195 | return log_oom(); | |
196 | ||
197 | errno = 0; | |
198 | de = readdir_no_dot(d); | |
199 | if (de) { | |
200 | if (errno != 0) | |
201 | return log_error_errno(errno, "Failed to iterate through directory '%s': %m", path); | |
202 | ||
203 | log_debug("Directory '%s' does not look like a directory tree, and has multiple children, leaving as it is.", path); | |
204 | return 0; | |
205 | } | |
206 | ||
207 | joined = strjoina(path, "/", child); | |
208 | r = path_is_os_tree(joined); | |
209 | if (r == -ENOTDIR) { | |
210 | log_debug("Directory '%s' does not look like a directory tree, and contains a single regular file only, leaving as it is.", path); | |
211 | return 0; | |
212 | } | |
213 | if (r < 0) | |
214 | return log_error_errno(r, "Failed to determine whether '%s' is an OS tree: %m", joined); | |
215 | if (r == 0) { | |
216 | log_debug("Neither '%s' nor '%s' is a valid OS tree, leaving them as they are.", path, joined); | |
217 | return 0; | |
218 | } | |
219 | ||
220 | /* Nice, we have checked now: | |
221 | * | |
222 | * 1. The top-level directory does not qualify as OS tree | |
223 | * 1. The top-level directory only contains one item | |
224 | * 2. That item is a directory | |
225 | * 3. And that directory qualifies as OS tree | |
226 | * | |
227 | * Let's now rearrange things, moving everything in the inner directory one level up */ | |
228 | ||
229 | cd = xopendirat(dirfd(d), child, O_NOFOLLOW); | |
230 | if (!cd) | |
231 | return log_error_errno(errno, "Can't open directory '%s': %m", joined); | |
232 | ||
233 | log_info("Rearranging '%s', moving OS tree one directory up.", joined); | |
234 | ||
235 | /* Let's rename the child to an unguessable name so that we can be sure all files contained in it can be | |
236 | * safely moved up and won't collide with the name. */ | |
237 | r = tempfn_random(child, NULL, &t); | |
238 | if (r < 0) | |
239 | return log_oom(); | |
240 | r = rename_noreplace(dirfd(d), child, dirfd(d), t); | |
241 | if (r < 0) | |
242 | return log_error_errno(r, "Unable to rename '%s' to '%s/%s': %m", joined, path, t); | |
243 | ||
244 | FOREACH_DIRENT_ALL(de, cd, return log_error_errno(errno, "Failed to iterate through directory '%s': %m", joined)) { | |
245 | if (dot_or_dot_dot(de->d_name)) | |
246 | continue; | |
247 | ||
248 | r = rename_noreplace(dirfd(cd), de->d_name, dirfd(d), de->d_name); | |
249 | if (r < 0) | |
250 | return log_error_errno(r, "Unable to move '%s/%s/%s' to '%s/%s': %m", path, t, de->d_name, path, de->d_name); | |
251 | } | |
252 | ||
253 | if (unlinkat(dirfd(d), t, AT_REMOVEDIR) < 0) | |
254 | return log_error_errno(errno, "Failed to remove temporary directory '%s/%s': %m", path, t); | |
255 | ||
256 | log_info("Successfully rearranged OS tree."); | |
257 | ||
258 | return 0; | |
259 | } |