From: DaanDeMeyer Date: Sat, 27 Dec 2025 19:37:02 +0000 (+0100) Subject: dissect: Introduce --copy-ownership= to configure chown behavior X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba37ed963453467dc21b82b8841ecdbb83551a97;p=thirdparty%2Fsystemd.git dissect: Introduce --copy-ownership= to configure chown behavior Currently, if we're copying a file, we won't copy the owner UID/GID from the source. If we're copying a directory, we will copy the owner UID/GID from the source. Let's give users a bit more control over this behavior by introducing --copy-ownership= which will default to the current behavior but allows users to explicitly enable/disable copying of ownership. --- diff --git a/man/systemd-dissect.xml b/man/systemd-dissect.xml index 669cea96f4e..9368d90a528 100644 --- a/man/systemd-dissect.xml +++ b/man/systemd-dissect.xml @@ -551,6 +551,19 @@ + + + + Controls whether file ownership (user and group) is preserved when copying files + with or . Takes a boolean. If + yes, ownership is always preserved. If no, ownership is never + preserved and the current user's UID/GID is used instead. If not specified, ownership is preserved + when copying directory trees, but not when copying individual regular files. + + + + + diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index deee8f6c1d1..fc818bf020c 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -109,6 +109,7 @@ static bool arg_all = false; static uid_t arg_uid_base = UID_INVALID; static bool arg_quiet = false; static ImageFilter *arg_image_filter = NULL; +static int arg_copy_ownership = -1; STATIC_DESTRUCTOR_REGISTER(arg_image, freep); STATIC_DESTRUCTOR_REGISTER(arg_root, freep); @@ -170,6 +171,8 @@ static int help(void) { " --loop-ref=NAME Set reference string for loopback device\n" " --loop-ref-auto Derive reference string from image file name\n" " --mtree-hash=BOOL Whether to include SHA256 hash in the mtree output\n" + " --copy-ownership=BOOL\n" + " Whether to copy ownership when copying files\n" " --user Discover user images\n" " --system Discover system images\n" " --all Show hidden images too\n" @@ -306,48 +309,50 @@ static int parse_argv(int argc, char *argv[]) { ARG_USER, ARG_ALL, ARG_IMAGE_FILTER, + ARG_COPY_OWNERSHIP, }; static const struct option options[] = { - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, ARG_VERSION }, - { "no-pager", no_argument, NULL, ARG_NO_PAGER }, - { "no-legend", no_argument, NULL, ARG_NO_LEGEND }, - { "mount", no_argument, NULL, 'm' }, - { "umount", no_argument, NULL, 'u' }, - { "attach", no_argument, NULL, ARG_ATTACH }, - { "detach", no_argument, NULL, ARG_DETACH }, - { "with", no_argument, NULL, ARG_WITH }, - { "read-only", no_argument, NULL, 'r' }, - { "discard", required_argument, NULL, ARG_DISCARD }, - { "fsck", required_argument, NULL, ARG_FSCK }, - { "growfs", required_argument, NULL, ARG_GROWFS }, - { "root-hash", required_argument, NULL, ARG_ROOT_HASH }, - { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG }, - { "usr-hash", required_argument, NULL, ARG_USR_HASH }, - { "usr-hash-sig", required_argument, NULL, ARG_USR_HASH_SIG }, - { "verity-data", required_argument, NULL, ARG_VERITY_DATA }, - { "mkdir", no_argument, NULL, ARG_MKDIR }, - { "rmdir", no_argument, NULL, ARG_RMDIR }, - { "in-memory", no_argument, NULL, ARG_IN_MEMORY }, - { "list", no_argument, NULL, 'l' }, - { "mtree", no_argument, NULL, ARG_MTREE }, - { "copy-from", no_argument, NULL, 'x' }, - { "copy-to", no_argument, NULL, 'a' }, - { "json", required_argument, NULL, ARG_JSON }, - { "discover", no_argument, NULL, ARG_DISCOVER }, - { "loop-ref", required_argument, NULL, ARG_LOOP_REF }, - { "loop-ref-auto", no_argument, NULL, ARG_LOOP_REF_AUTO }, - { "image-policy", required_argument, NULL, ARG_IMAGE_POLICY }, - { "validate", no_argument, NULL, ARG_VALIDATE }, - { "mtree-hash", required_argument, NULL, ARG_MTREE_HASH }, - { "make-archive", no_argument, NULL, ARG_MAKE_ARCHIVE }, - { "shift", no_argument, NULL, ARG_SHIFT }, - { "system", no_argument, NULL, ARG_SYSTEM }, - { "user", no_argument, NULL, ARG_USER }, - { "all", no_argument, NULL, ARG_ALL }, - { "quiet", no_argument, NULL, 'q' }, - { "image-filter", required_argument, NULL, ARG_IMAGE_FILTER }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, ARG_VERSION }, + { "no-pager", no_argument, NULL, ARG_NO_PAGER }, + { "no-legend", no_argument, NULL, ARG_NO_LEGEND }, + { "mount", no_argument, NULL, 'm' }, + { "umount", no_argument, NULL, 'u' }, + { "attach", no_argument, NULL, ARG_ATTACH }, + { "detach", no_argument, NULL, ARG_DETACH }, + { "with", no_argument, NULL, ARG_WITH }, + { "read-only", no_argument, NULL, 'r' }, + { "discard", required_argument, NULL, ARG_DISCARD }, + { "fsck", required_argument, NULL, ARG_FSCK }, + { "growfs", required_argument, NULL, ARG_GROWFS }, + { "root-hash", required_argument, NULL, ARG_ROOT_HASH }, + { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG }, + { "usr-hash", required_argument, NULL, ARG_USR_HASH }, + { "usr-hash-sig", required_argument, NULL, ARG_USR_HASH_SIG }, + { "verity-data", required_argument, NULL, ARG_VERITY_DATA }, + { "mkdir", no_argument, NULL, ARG_MKDIR }, + { "rmdir", no_argument, NULL, ARG_RMDIR }, + { "in-memory", no_argument, NULL, ARG_IN_MEMORY }, + { "list", no_argument, NULL, 'l' }, + { "mtree", no_argument, NULL, ARG_MTREE }, + { "copy-from", no_argument, NULL, 'x' }, + { "copy-to", no_argument, NULL, 'a' }, + { "json", required_argument, NULL, ARG_JSON }, + { "discover", no_argument, NULL, ARG_DISCOVER }, + { "loop-ref", required_argument, NULL, ARG_LOOP_REF }, + { "loop-ref-auto", no_argument, NULL, ARG_LOOP_REF_AUTO }, + { "image-policy", required_argument, NULL, ARG_IMAGE_POLICY }, + { "validate", no_argument, NULL, ARG_VALIDATE }, + { "mtree-hash", required_argument, NULL, ARG_MTREE_HASH }, + { "make-archive", no_argument, NULL, ARG_MAKE_ARCHIVE }, + { "shift", no_argument, NULL, ARG_SHIFT }, + { "system", no_argument, NULL, ARG_SYSTEM }, + { "user", no_argument, NULL, ARG_USER }, + { "all", no_argument, NULL, ARG_ALL }, + { "quiet", no_argument, NULL, 'q' }, + { "image-filter", required_argument, NULL, ARG_IMAGE_FILTER }, + { "copy-ownership", required_argument, NULL, ARG_COPY_OWNERSHIP }, {} }; @@ -631,6 +636,12 @@ static int parse_argv(int argc, char *argv[]) { break; } + case ARG_COPY_OWNERSHIP: + r = parse_tristate_argument("--copy-ownership=", optarg, &arg_copy_ownership); + if (r < 0) + return r; + break; + case '?': return -EINVAL; @@ -1447,6 +1458,13 @@ static int action_list_or_mtree_or_copy_or_make_archive(DissectedImage *m, LoopD assert(IN_SET(arg_action, ACTION_LIST, ACTION_MTREE, ACTION_COPY_FROM, ACTION_COPY_TO, ACTION_MAKE_ARCHIVE, ACTION_SHIFT)); + /* Determine whether to copy ownership: + * --copy-ownership=yes: always try to preserve ownership + * --copy-ownership=no: never preserve ownership, use current user + * --copy-ownership=auto (default): preserve ownership for directory trees, + * but not for regular files (since DDI password tables are typically + * distinct from the host ones, individual file ownership is less meaningful) */ + if (arg_image) { assert(m); @@ -1509,7 +1527,12 @@ static int action_list_or_mtree_or_copy_or_make_archive(DissectedImage *m, LoopD } /* Try to copy as directory? */ - r = copy_directory_at(source_fd, NULL, AT_FDCWD, arg_target, COPY_REFLINK|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS); + r = copy_directory_at( + source_fd, /* from= */ NULL, + AT_FDCWD, arg_target, + arg_copy_ownership == 0 ? getuid() : UID_INVALID, + arg_copy_ownership == 0 ? getgid() : GID_INVALID, + COPY_REFLINK|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS); if (r >= 0) return 0; if (r != -ENOTDIR) @@ -1532,9 +1555,10 @@ static int action_list_or_mtree_or_copy_or_make_archive(DissectedImage *m, LoopD (void) copy_xattr(source_fd, NULL, target_fd, NULL, 0); (void) copy_access(source_fd, target_fd); + if (arg_copy_ownership > 0) + (void) copy_owner(source_fd, target_fd); (void) copy_times(source_fd, target_fd, 0); - /* When this is a regular file we don't copy ownership! */ return 0; } @@ -1588,9 +1612,23 @@ static int action_list_or_mtree_or_copy_or_make_archive(DissectedImage *m, LoopD if (errno != ENOENT) return log_error_errno(errno, "Failed to open destination '%s': %m", arg_target); - r = copy_tree_at(source_fd, ".", dfd, bn, UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, NULL, NULL); + r = copy_tree_at( + source_fd, ".", + dfd, bn, + arg_copy_ownership == 0 ? getuid() : UID_INVALID, + arg_copy_ownership == 0 ? getgid() : GID_INVALID, + COPY_REFLINK|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, + /* denylist= */ NULL, + /* subvolumes= */ NULL); } else - r = copy_tree_at(source_fd, ".", target_fd, ".", UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, NULL, NULL); + r = copy_tree_at( + source_fd, ".", + target_fd, ".", + arg_copy_ownership == 0 ? getuid() : UID_INVALID, + arg_copy_ownership == 0 ? getgid() : GID_INVALID, + COPY_REFLINK|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, + /* denylist= */ NULL, + /* subvolumes= */ NULL); if (r < 0) return log_error_errno(r, "Failed to copy '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image); @@ -1611,9 +1649,10 @@ static int action_list_or_mtree_or_copy_or_make_archive(DissectedImage *m, LoopD (void) copy_xattr(source_fd, NULL, target_fd, NULL, 0); (void) copy_access(source_fd, target_fd); + if (arg_copy_ownership > 0) + (void) copy_owner(source_fd, target_fd); (void) copy_times(source_fd, target_fd, 0); - /* When this is a regular file we don't copy ownership! */ return 0; } diff --git a/src/import/import-fs.c b/src/import/import-fs.c index 947bc7c9b56..46daf3acc05 100644 --- a/src/import/import-fs.c +++ b/src/import/import-fs.c @@ -223,6 +223,8 @@ static int import_fs(int argc, char *argv[], void *userdata) { r = copy_directory_at_full( fd, NULL, AT_FDCWD, dest, + /* override_uid= */ UID_INVALID, + /* override_gid= */ GID_INVALID, COPY_REFLINK| COPY_SAME_MOUNT| COPY_HARDLINKS| diff --git a/src/shared/btrfs-util.c b/src/shared/btrfs-util.c index fffe9f2b34f..9bd0a74c5fe 100644 --- a/src/shared/btrfs-util.c +++ b/src/shared/btrfs-util.c @@ -1480,6 +1480,8 @@ int btrfs_subvol_snapshot_at_full( r = copy_directory_at_full( dir_fdf, from, new_fd, subvolume, + /* override_uid= */ UID_INVALID, + /* override_gid= */ GID_INVALID, COPY_MERGE_EMPTY| COPY_REFLINK| COPY_SAME_MOUNT| diff --git a/src/shared/copy.c b/src/shared/copy.c index 05987593137..445c246359a 100644 --- a/src/shared/copy.c +++ b/src/shared/copy.c @@ -1442,6 +1442,8 @@ int copy_directory_at_full( const char *from, int dir_fdt, const char *to, + uid_t override_uid, + gid_t override_gid, CopyFlags copy_flags, copy_progress_path_t progress_path, copy_progress_bytes_t progress_bytes, @@ -1468,9 +1470,13 @@ int copy_directory_at_full( dir_fdt, to, st.st_dev, COPY_DEPTH_MAX, - UID_INVALID, GID_INVALID, + override_uid, + override_gid, copy_flags, - NULL, NULL, NULL, NULL, + /* denylist= */ NULL, + /* subvolumes= */ NULL, + /* progress_path= */ NULL, + /* progress_bytes= */ NULL, progress_path, progress_bytes, userdata); @@ -1750,6 +1756,18 @@ int copy_access(int fdf, int fdt) { return RET_NERRNO(fchmod(fdt, st.st_mode & 07777)); } +int copy_owner(int fdf, int fdt) { + struct stat st; + + assert(fdf >= 0); + assert(fdt >= 0); + + if (fstat(fdf, &st) < 0) + return -errno; + + return RET_NERRNO(fchown(fdt, st.st_uid, st.st_gid)); +} + int copy_rights_with_fallback(int fdf, int fdt, const char *patht) { struct stat st; diff --git a/src/shared/copy.h b/src/shared/copy.h index 704abdb84b7..6e4a3b177b3 100644 --- a/src/shared/copy.h +++ b/src/shared/copy.h @@ -88,9 +88,9 @@ static inline int copy_tree(const char *from, const char *to, uid_t override_uid return copy_tree_at_full(AT_FDCWD, from, AT_FDCWD, to, override_uid, override_gid, copy_flags, denylist, subvolumes, NULL, NULL, NULL); } -int copy_directory_at_full(int dir_fdf, const char *from, int dir_fdt, const char *to, CopyFlags copy_flags, copy_progress_path_t progress_path, copy_progress_bytes_t progress_bytes, void *userdata); -static inline int copy_directory_at(int dir_fdf, const char *from, int dir_fdt, const char *to, CopyFlags copy_flags) { - return copy_directory_at_full(dir_fdf, from, dir_fdt, to, copy_flags, NULL, NULL, NULL); +int copy_directory_at_full(int dir_fdf, const char *from, int dir_fdt, const char *to, uid_t override_uid, gid_t override_gid, CopyFlags copy_flags, copy_progress_path_t progress_path, copy_progress_bytes_t progress_bytes, void *userdata); +static inline int copy_directory_at(int dir_fdf, const char *from, int dir_fdt, const char *to, uid_t override_uid, gid_t override_gid, CopyFlags copy_flags) { + return copy_directory_at_full(dir_fdf, from, dir_fdt, to, override_uid, override_gid, copy_flags, NULL, NULL, NULL); } int copy_bytes_full(int fdf, int fdt, uint64_t max_bytes, CopyFlags copy_flags, void **ret_remains, size_t *ret_remains_size, copy_progress_bytes_t progress, void *userdata); @@ -100,6 +100,7 @@ static inline int copy_bytes(int fdf, int fdt, uint64_t max_bytes, CopyFlags cop int copy_times(int fdf, int fdt, CopyFlags flags); int copy_access(int fdf, int fdt); +int copy_owner(int fdf, int fdt); int copy_rights_with_fallback(int fdf, int fdt, const char *patht); static inline int copy_rights(int fdf, int fdt) { return copy_rights_with_fallback(fdf, fdt, NULL); /* no fallback */ diff --git a/src/test/test-copy.c b/src/test/test-copy.c index e1bb7ae0493..758a597fc53 100644 --- a/src/test/test-copy.c +++ b/src/test/test-copy.c @@ -560,7 +560,7 @@ TEST(copy_lock) { assert_se(mkdirat(tfd, "abc", 0755) >= 0); assert_se(write_string_file_at(tfd, "abc/def", "abc", WRITE_STRING_FILE_CREATE) >= 0); - assert_se((fd = copy_directory_at(tfd, "abc", tfd, "qed", COPY_LOCK_BSD)) >= 0); + assert_se((fd = copy_directory_at(tfd, "abc", tfd, "qed", UID_INVALID, GID_INVALID, COPY_LOCK_BSD)) >= 0); assert_se(faccessat(tfd, "qed", F_OK, 0) >= 0); assert_se(faccessat(tfd, "qed/def", F_OK, 0) >= 0); assert_se(xopenat_lock(tfd, "qed", 0, LOCK_BSD, LOCK_EX|LOCK_NB) == -EAGAIN); diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 55b7c08924d..ebd0260892b 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -1497,7 +1497,7 @@ static int prepare_ns(const char *process_name) { /* Copy unit files to make them accessible even when unprivileged. */ ASSERT_OK(get_testdata_dir("test-execute/", &unit_dir)); - ASSERT_OK(copy_directory_at(AT_FDCWD, unit_dir, AT_FDCWD, PRIVATE_UNIT_DIR, COPY_MERGE_EMPTY)); + ASSERT_OK(copy_directory_at(AT_FDCWD, unit_dir, AT_FDCWD, PRIVATE_UNIT_DIR, UID_INVALID, GID_INVALID, COPY_MERGE_EMPTY)); /* Mount tmpfs on the following directories to make not StateDirectory= or friends disturb the host. */ ASSERT_OK_OR(get_build_exec_dir(&build_dir), -ENOEXEC); diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh index ad8b14139c8..07e0d1a8a04 100755 --- a/test/units/TEST-50-DISSECT.dissect.sh +++ b/test/units/TEST-50-DISSECT.dissect.sh @@ -1050,6 +1050,45 @@ echo abc >abc systemd-dissect --copy-to /tmp/img abc /abc test -f /tmp/img/abc +# Test --copy-ownership= option +rm -rf /tmp/copychown-test +mkdir -p /tmp/copychown-test/srcdir +echo "test file" >/tmp/copychown-test/srcdir/testfile +chown 1234:5678 /tmp/copychown-test/srcdir/testfile +chown 1234:5678 /tmp/copychown-test/srcdir + +# Test --copy-ownership=yes preserves ownership for regular files +systemd-dissect --copy-from /tmp/img etc/os-release /tmp/copychown-test/os-release-chown-yes --copy-ownership=yes +test "$(stat -c %u:%g /tmp/copychown-test/os-release-chown-yes)" = "0:0" + +# Test --copy-ownership=no uses current user for regular files +systemd-dissect --copy-from /tmp/img etc/os-release /tmp/copychown-test/os-release-chown-no --copy-ownership=no +test "$(stat -c %u:%g /tmp/copychown-test/os-release-chown-no)" = "0:0" + +# Test --copy-ownership=auto (default) does not preserve ownership for regular files +systemd-dissect --copy-from /tmp/img etc/os-release /tmp/copychown-test/os-release-chown-auto +test "$(stat -c %u:%g /tmp/copychown-test/os-release-chown-auto)" = "0:0" + +# Test --copy-ownership=yes preserves ownership for directories +systemd-dissect --copy-to /tmp/img /tmp/copychown-test/srcdir /copychown-dir-yes --copy-ownership=yes +test "$(stat -c %u:%g /tmp/img/copychown-dir-yes)" = "1234:5678" +test "$(stat -c %u:%g /tmp/img/copychown-dir-yes/testfile)" = "1234:5678" +rm -rf /tmp/img/copychown-dir-yes + +# Test --copy-ownership=no overrides ownership for directories +systemd-dissect --copy-to /tmp/img /tmp/copychown-test/srcdir /copychown-dir-no --copy-ownership=no +test "$(stat -c %u:%g /tmp/img/copychown-dir-no)" = "0:0" +test "$(stat -c %u:%g /tmp/img/copychown-dir-no/testfile)" = "0:0" +rm -rf /tmp/img/copychown-dir-no + +# Test --copy-ownership=auto (default) preserves ownership for directories +systemd-dissect --copy-to /tmp/img /tmp/copychown-test/srcdir /copychown-dir-auto +test "$(stat -c %u:%g /tmp/img/copychown-dir-auto)" = "1234:5678" +test "$(stat -c %u:%g /tmp/img/copychown-dir-auto/testfile)" = "1234:5678" +rm -rf /tmp/img/copychown-dir-auto + +rm -rf /tmp/copychown-test + # Test for dissect tool support with systemd-sysext mkdir -p /run/extensions/ testkit/usr/lib/extension-release.d/ echo "ID=_any" >testkit/usr/lib/extension-release.d/extension-release.testkit