From: Lennart Poettering Date: Tue, 26 Aug 2025 15:00:17 +0000 (+0200) Subject: nspawn: support .nspawn files in per-user mode X-Git-Tag: v259-rc1~338^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e75f4778279e476ac04ab580eb8388eed1656cf;p=thirdparty%2Fsystemd.git nspawn: support .nspawn files in per-user mode --- diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index afe7ebd500c..f1ed036b622 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -18,6 +18,7 @@ #include "sd-event.h" #include "sd-id128.h" #include "sd-netlink.h" +#include "sd-path.h" #include "alloc-util.h" #include "barrier.h" @@ -4936,30 +4937,49 @@ static int load_settings(void) { if (FLAGS_SET(arg_settings_mask, _SETTINGS_MASK_ALL)) return 0; - /* We first look in the admin's directories in /etc and /run */ - if (arg_privileged) - FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") { - _cleanup_free_ char *j = NULL; + /* We first look in the admin's directories in /etc/ and /run/ */ + static const uint64_t lookup_dir_system[] = { + SD_PATH_SYSTEM_CONFIGURATION, + SD_PATH_SYSTEM_RUNTIME, + _SD_PATH_INVALID, + }; + static const uint64_t lookup_dir_user[] = { + SD_PATH_USER_CONFIGURATION, + SD_PATH_USER_RUNTIME, + _SD_PATH_INVALID, + }; - j = path_join(i, arg_settings_filename); - if (!j) - return log_oom(); + const uint64_t *q = arg_privileged ? lookup_dir_system : lookup_dir_user; + for (; *q != _SD_PATH_INVALID; q++) { + _cleanup_free_ char *cd = NULL; + r = sd_path_lookup(*q, "systemd/nspawn", &cd); + if (r < 0) { + log_warning_errno(r, "Failed to determine settings directory, ignoring: %m"); + continue; + } - f = fopen(j, "re"); - if (f) { - p = TAKE_PTR(j); + _cleanup_free_ char *j = NULL; + j = path_join(cd, arg_settings_filename); + if (!j) + return log_oom(); - /* By default, we trust configuration from /etc and /run */ - if (arg_settings_trusted < 0) - arg_settings_trusted = true; + f = fopen(j, "re"); + if (f) { + p = TAKE_PTR(j); - break; - } + log_debug("Found settings file: %s", p); + + /* By default, we trust configuration from /etc and /run */ + if (arg_settings_trusted < 0) + arg_settings_trusted = true; - if (errno != ENOENT) - return log_error_errno(errno, "Failed to open %s: %m", j); + break; } + if (errno != ENOENT) + return log_error_errno(errno, "Failed to open %s: %m", j); + } + if (!f) { /* After that, let's look for a file next to the * actual image we shall boot. */ @@ -4979,6 +4999,9 @@ static int load_settings(void) { if (!f && errno != ENOENT) return log_error_errno(errno, "Failed to open %s: %m", p); + if (f) + log_debug("Found settings file: %s", p); + /* By default, we do not trust configuration from /var/lib/machines */ if (arg_settings_trusted < 0) arg_settings_trusted = false; diff --git a/src/systemd/sd-path.h b/src/systemd/sd-path.h index 58726f731ce..eb42e31a689 100644 --- a/src/systemd/sd-path.h +++ b/src/systemd/sd-path.h @@ -21,7 +21,7 @@ _SD_BEGIN_DECLARATIONS; -enum { +__extension__ enum { /* Temporary files */ SD_PATH_TEMPORARY, SD_PATH_TEMPORARY_LARGE, @@ -129,7 +129,8 @@ enum { SD_PATH_USER_CREDENTIAL_STORE_ENCRYPTED, SD_PATH_USER_SEARCH_CREDENTIAL_STORE_ENCRYPTED, - _SD_PATH_MAX + _SD_PATH_MAX, + _SD_PATH_INVALID = UINT64_MAX }; int sd_path_lookup(uint64_t type, const char *suffix, char **ret);