dev_t esp_devid = 0, xbootldr_devid = 0;
int r, k;
- r = acquire_esp(/* unprivileged_mode= */ geteuid() != 0, /* graceful= */ false, NULL, NULL, NULL, &esp_uuid, &esp_devid);
+ r = acquire_esp(/* unprivileged_mode= */ -1, /* graceful= */ false, NULL, NULL, NULL, &esp_uuid, &esp_devid);
if (arg_print_esp_path) {
if (r == -EACCES) /* If we couldn't acquire the ESP path, log about access errors (which is the only
* error the find_esp_and_warn() won't log on its own) */
puts(arg_esp_path);
}
- r = acquire_xbootldr(/* unprivileged_mode= */ geteuid() != 0, &xbootldr_uuid, &xbootldr_devid);
+ r = acquire_xbootldr(/* unprivileged_mode= */ -1, &xbootldr_uuid, &xbootldr_devid);
if (arg_print_dollar_boot_path) {
if (r == -EACCES)
return log_error_errno(r, "Failed to determine XBOOTLDR partition: %m");
* Here we're interested in the latter but not the former, hence request the mode, and log about
* EACCES. */
- r = acquire_esp(/* unprivileged_mode= */ geteuid() != 0, /* graceful= */ false, NULL, NULL, NULL, NULL, &esp_devid);
+ r = acquire_esp(/* unprivileged_mode= */ -1, /* graceful= */ false, NULL, NULL, NULL, NULL, &esp_devid);
if (r == -EACCES) /* We really need the ESP path for this call, hence also log about access errors */
return log_error_errno(r, "Failed to determine ESP location: %m");
if (r < 0)
return r;
- r = acquire_xbootldr(/* unprivileged_mode= */ geteuid() != 0, NULL, &xbootldr_devid);
+ r = acquire_xbootldr(/* unprivileged_mode= */ -1, NULL, &xbootldr_devid);
if (r == -EACCES)
return log_error_errno(r, "Failed to determine XBOOTLDR partition: %m");
if (r < 0)
static int verify_esp_blkid(
dev_t devid,
- bool searching,
+ VerifyESPFlags flags,
uint32_t *ret_part,
uint64_t *ret_pstart,
uint64_t *ret_psize,
#if HAVE_BLKID
_cleanup_(blkid_free_probep) blkid_probe b = NULL;
_cleanup_free_ char *node = NULL;
+ bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING);
const char *v;
int r;
static int verify_esp_udev(
dev_t devid,
- bool searching,
+ VerifyESPFlags flags,
uint32_t *ret_part,
uint64_t *ret_pstart,
uint64_t *ret_psize,
sd_id128_t *ret_uuid) {
+ bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING);
_cleanup_(sd_device_unrefp) sd_device *d = NULL;
sd_id128_t uuid = SD_ID128_NULL;
uint64_t pstart = 0, psize = 0;
static int verify_fsroot_dir(
int dir_fd,
const char *path,
- bool searching,
- bool unprivileged_mode,
+ VerifyESPFlags flags,
dev_t *ret_dev) {
+ bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING),
+ unprivileged_mode = FLAGS_SET(flags, VERIFY_ESP_UNPRIVILEGED_MODE);
_cleanup_free_ char *f = NULL;
STRUCT_NEW_STATX_DEFINE(sxa);
STRUCT_NEW_STATX_DEFINE(sxb);
relax_checks ||
detect_container() > 0;
- r = verify_fsroot_dir(pfd, p, searching, unprivileged_mode, relax_checks ? NULL : &devid);
+ r = verify_fsroot_dir(pfd, p, flags, relax_checks ? NULL : &devid);
if (r < 0)
return r;
* however blkid can't work if we have no privileges to access block devices directly, which is why
* we use udev in that case. */
if (unprivileged_mode)
- r = verify_esp_udev(devid, searching, ret_part, ret_pstart, ret_psize, ret_uuid);
+ r = verify_esp_udev(devid, flags, ret_part, ret_pstart, ret_psize, ret_uuid);
else
- r = verify_esp_blkid(devid, searching, ret_part, ret_pstart, ret_psize, ret_uuid);
+ r = verify_esp_blkid(devid, flags, ret_part, ret_pstart, ret_psize, ret_uuid);
if (r < 0)
return r;
int find_esp_and_warn_at(
int rfd,
const char *path,
- bool unprivileged_mode,
+ int unprivileged_mode,
char **ret_path,
uint32_t *ret_part,
uint64_t *ret_pstart,
sd_id128_t *ret_uuid,
dev_t *ret_devid) {
- VerifyESPFlags flags = (unprivileged_mode ? VERIFY_ESP_UNPRIVILEGED_MODE : 0);
+ VerifyESPFlags flags;
int r;
/* This logs about all errors except:
assert(rfd >= 0 || rfd == AT_FDCWD);
+ if (unprivileged_mode < 0)
+ unprivileged_mode = geteuid() != 0;
+ flags = unprivileged_mode > 0 ? VERIFY_ESP_UNPRIVILEGED_MODE : 0;
+
r = dir_fd_is_root_or_cwd(rfd);
if (r < 0)
return log_error_errno(r, "Failed to check if directory file descriptor is root: %m");
int find_esp_and_warn(
const char *root,
const char *path,
- bool unprivileged_mode,
+ int unprivileged_mode,
char **ret_path,
uint32_t *ret_part,
uint64_t *ret_pstart,
static int verify_xbootldr_blkid(
dev_t devid,
- bool searching,
+ VerifyESPFlags flags,
sd_id128_t *ret_uuid) {
sd_id128_t uuid = SD_ID128_NULL;
#if HAVE_BLKID
+ bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING);
_cleanup_(blkid_free_probep) blkid_probe b = NULL;
_cleanup_free_ char *node = NULL;
const char *type, *v;
static int verify_xbootldr_udev(
dev_t devid,
- bool searching,
+ VerifyESPFlags flags,
sd_id128_t *ret_uuid) {
+ bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING);
_cleanup_(sd_device_unrefp) sd_device *d = NULL;
sd_id128_t uuid = SD_ID128_NULL;
const char *node, *type, *v;
static int verify_xbootldr(
int rfd,
const char *path,
- bool searching,
- bool unprivileged_mode,
+ VerifyESPFlags flags,
char **ret_path,
sd_id128_t *ret_uuid,
dev_t *ret_devid) {
_cleanup_free_ char *p = NULL;
_cleanup_close_ int pfd = -EBADF;
- bool relax_checks;
+ bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING),
+ unprivileged_mode = FLAGS_SET(flags, VERIFY_ESP_UNPRIVILEGED_MODE),
+ relax_checks;
dev_t devid = 0;
int r;
getenv_bool("SYSTEMD_RELAX_XBOOTLDR_CHECKS") > 0 ||
detect_container() > 0;
- r = verify_fsroot_dir(pfd, p, searching, unprivileged_mode, relax_checks ? NULL : &devid);
+ r = verify_fsroot_dir(pfd, p, flags, relax_checks ? NULL : &devid);
if (r < 0)
return r;
goto finish;
if (unprivileged_mode)
- r = verify_xbootldr_udev(devid, searching, ret_uuid);
+ r = verify_xbootldr_udev(devid, flags, ret_uuid);
else
- r = verify_xbootldr_blkid(devid, searching, ret_uuid);
+ r = verify_xbootldr_blkid(devid, flags, ret_uuid);
if (r < 0)
return r;
int find_xbootldr_and_warn_at(
int rfd,
const char *path,
- bool unprivileged_mode,
+ int unprivileged_mode,
char **ret_path,
sd_id128_t *ret_uuid,
dev_t *ret_devid) {
+ VerifyESPFlags flags = 0;
int r;
/* Similar to find_esp_and_warn(), but finds the XBOOTLDR partition. Returns the same errors. */
assert(rfd >= 0 || rfd == AT_FDCWD);
+ if (unprivileged_mode < 0)
+ unprivileged_mode = geteuid() != 0;
+ if (unprivileged_mode)
+ flags |= VERIFY_ESP_UNPRIVILEGED_MODE;
+
if (path)
- return verify_xbootldr(rfd, path, /* searching= */ false, unprivileged_mode, ret_path, ret_uuid, ret_devid);
+ return verify_xbootldr(rfd, path, flags, ret_path, ret_uuid, ret_devid);
path = getenv("SYSTEMD_XBOOTLDR_PATH");
if (path) {
return 0;
}
- r = verify_xbootldr(rfd, "/boot", /* searching= */ true, unprivileged_mode, ret_path, ret_uuid, ret_devid);
+ r = verify_xbootldr(rfd, "/boot", flags | VERIFY_ESP_SEARCHING, ret_path, ret_uuid, ret_devid);
if (r < 0) {
if (!IN_SET(r, -ENOENT, -EADDRNOTAVAIL, -ENOTDIR)) /* This one is not it */
return r;
int find_xbootldr_and_warn(
const char *root,
const char *path,
- bool unprivileged_mode,
+ int unprivileged_mode,
char **ret_path,
sd_id128_t *ret_uuid,
dev_t *ret_devid) {
#include "sd-id128.h"
-int find_esp_and_warn_at(int rfd, const char *path, bool unprivileged_mode, char **ret_path, uint32_t *ret_part, uint64_t *ret_pstart, uint64_t *ret_psize, sd_id128_t *ret_uuid, dev_t *ret_devid);
-int find_esp_and_warn(const char *root, const char *path, bool unprivileged_mode, char **ret_path, uint32_t *ret_part, uint64_t *ret_pstart, uint64_t *ret_psize, sd_id128_t *ret_uuid, dev_t *ret_devid);
+int find_esp_and_warn_at(int rfd, const char *path, int unprivileged_mode, char **ret_path, uint32_t *ret_part, uint64_t *ret_pstart, uint64_t *ret_psize, sd_id128_t *ret_uuid, dev_t *ret_devid);
+int find_esp_and_warn(const char *root, const char *path, int unprivileged_mode, char **ret_path, uint32_t *ret_part, uint64_t *ret_pstart, uint64_t *ret_psize, sd_id128_t *ret_uuid, dev_t *ret_devid);
-int find_xbootldr_and_warn_at(int rfd, const char *path, bool unprivileged_mode, char **ret_path, sd_id128_t *ret_uuid, dev_t *ret_devid);
-int find_xbootldr_and_warn(const char *root, const char *path, bool unprivileged_mode, char **ret_path, sd_id128_t *ret_uuid, dev_t *ret_devid);
+int find_xbootldr_and_warn_at(int rfd, const char *path, int unprivileged_mode, char **ret_path, sd_id128_t *ret_uuid, dev_t *ret_devid);
+int find_xbootldr_and_warn(const char *root, const char *path, int unprivileged_mode, char **ret_path, sd_id128_t *ret_uuid, dev_t *ret_devid);
projects / thirdparty / systemd.git / commitdiff
