dissect: disallow empty partition tables

If we don't find a single useful partition table, refusing dissection.

(Except in systemd-dissect, when we are supposed to show DDI
information, in that case allow this to run and show general DDI
information, i.e. size, UUID and name at least)

diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c
index f89a9dff2040cba5bcf1232864a9112c86bf6caa..b53c2cc3571cef6fb2f564e8045a091603eeeda1 100644 (file)
--- a/src/dissect/dissect.c
+++ b/src/dissect/dissect.c
@@ -501,7 +501,8 @@ static int parse_argv(int argc, char *argv[]) {
                 if (r < 0)
                         return r;
 
-                arg_flags |= DISSECT_IMAGE_READ_ONLY;
+                /* when dumping image info be even more liberal than otherwise, do not even require a single valid partition */
+                arg_flags |= DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_ALLOW_EMPTY;
                 break;
 
         case ACTION_MOUNT:

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 9cc8d4314768a75e491eabd95cc72018fb462b04..97414d2c8f9750b718a4e005746162d95649af30 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -1485,6 +1485,8 @@ static int dissect_image(
                 }
         }
 
+        bool any = false;
+
         /* After we discovered all partitions let's see if the verity requirements match the policy. (Note:
          * we don't check encryption requirements here, because we haven't probed the file system yet, hence
          * don't know if this is encrypted or not) */
@@ -1492,6 +1494,8 @@ static int dissect_image(
                 PartitionDesignator vi, si;
                 PartitionPolicyFlags found_flags;
 
+                any = any || m->partitions[di].found;
+
                 vi = partition_verity_of(di);
                 si = partition_verity_sig_of(di);
 
@@ -1513,6 +1517,9 @@ static int dissect_image(
                 }
         }
 
+        if (!any && !FLAGS_SET(flags, DISSECT_IMAGE_ALLOW_EMPTY))
+                return -ENOMSG;
+
         r = dissected_image_probe_filesystems(m, fd, policy);
         if (r < 0)
                 return r;
@@ -1605,6 +1612,9 @@ static int dissect_log_error(int r, const char *name, const VeritySettings *veri
         case -ERFKILL:
                 return log_error_errno(r, "%s: image does not match image policy.", name);
 
+        case -ENOMSG:
+                return log_error_errno(r, "%s: no suitable partitions found.", name);
+
         default:
                 return log_error_errno(r, "Failed to dissect image '%s': %m", name);
         }

diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h
index 3043a3d9e565438ef46414c49c2bf9a09b42ad6a..a55ad63d2d004f04fcc1c12cc81d66b25857d476 100644 (file)
--- a/src/shared/dissect-image.h
+++ b/src/shared/dissect-image.h
@@ -80,6 +80,7 @@ typedef enum DissectImageFlags {
         DISSECT_IMAGE_PIN_PARTITION_DEVICES    = 1 << 21, /* Open dissected partitions and decrypted partitions and pin them by fd */
         DISSECT_IMAGE_RELAX_SYSEXT_CHECK       = 1 << 22, /* Don't insist that the extension-release file name matches the image name */
         DISSECT_IMAGE_DISKSEQ_DEVNODE          = 1 << 23, /* Prefer /dev/disk/by-diskseq/… device nodes */
+        DISSECT_IMAGE_ALLOW_EMPTY              = 1 << 24, /* Allow that no usable partitions is present */
 } DissectImageFlags;
 
 struct DissectedImage {