* `$SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=sec` — takes a timespan, which controls
the timeout waiting for the image to be configured. Defaults to 100 msec.
+* `$SYSTEMD_DISSECT_FILE_SYSTEMS=` — takes a colon-separated list of file
+ systems that may be mounted for automatically dissected disk images. If not
+ specified defaults to something like: `ext4:btrfs:xfs:vfat:erofs:squashfs`
+
* `$SYSTEMD_LOOP_DIRECT_IO` – takes a boolean, which controls whether to enable
LO_FLAGS_DIRECT_IO (i.e. direct IO + asynchronous IO) on loopback block
devices when opening them. Defaults to on, set this to "0" to disable this
what = crypto_what;
fstype = NULL;
+ } else if (fstype) {
+ r = dissect_fstype_ok(fstype);
+ if (r < 0)
+ return log_error_errno(r, "Unable to determine of dissected file system type '%s' is permitted: %m", fstype);
+ if (!r)
+ return log_error_errno(
+ SYNTHETIC_ERRNO(EIDRM),
+ "Refusing to automatically mount uncommon file system '%s' to '%s'.",
+ fstype, where);
}
r = unit_name_from_path(where, ".mount", &unit);
/* how many times to wait for the device nodes to appear */
#define N_DEVICE_NODE_LIST_ATTEMPTS 10
+int dissect_fstype_ok(const char *fstype) {
+ const char *e;
+ bool b;
+
+ /* When we automatically mount file systems, be a bit conservative by default what we are willing to
+ * mount, just as an extra safety net to not mount with badly maintained legacy file system
+ * drivers. */
+
+ e = secure_getenv("SYSTEMD_DISSECT_FILE_SYSTEMS");
+ if (e) {
+ _cleanup_strv_free_ char **l = NULL;
+
+ l = strv_split(e, ":");
+ if (!l)
+ return -ENOMEM;
+
+ b = strv_contains(l, fstype);
+ } else
+ b = STR_IN_SET(fstype,
+ "btrfs",
+ "erofs",
+ "ext4",
+ "squashfs",
+ "vfat",
+ "xfs");
+ if (b)
+ return true;
+
+ log_debug("File system type '%s' is not allowed to be mounted as result of automatic dissection.", fstype);
+ return false;
+}
+
int probe_filesystem_full(
int fd,
const char *path,
if (!fstype)
return -EAFNOSUPPORT;
+ r = dissect_fstype_ok(fstype);
+ if (r < 0)
+ return r;
+ if (!r)
+ return -EIDRM; /* Recognizable error */
/* We are looking at an encrypted partition? This either means stacked encryption, or the caller
* didn't call dissected_image_decrypt() beforehand. Let's return a recognizable error for this
* -EUCLEAN → fsck for file system failed
* -EBUSY → File system already mounted/used elsewhere (kernel)
* -EAFNOSUPPORT → File system type not supported or not known
+ * -EIDRM → File system is not among allowlisted "common" file systems
*/
if (!(m->partitions[PARTITION_ROOT].found ||
return log_error_errno(r, "File system already mounted elsewhere.");
if (r == -EAFNOSUPPORT)
return log_error_errno(r, "File system type not supported or not known.");
+ if (r == -EIDRM)
+ return log_error_errno(r, "File system is too uncommon, refused.");
if (r < 0)
return log_error_errno(r, "Failed to mount image: %m");
int mount_image_privately_interactively(const char *path, DissectImageFlags flags, char **ret_directory, LoopDevice **ret_loop_device);
int verity_dissect_and_mount(int src_fd, const char *src, const char *dest, const MountOptions *options, const char *required_host_os_release_id, const char *required_host_os_release_version_id, const char *required_host_os_release_sysext_level, const char *required_sysext_scope);
+
+int dissect_fstype_ok(const char *fstype);
projects / thirdparty / systemd.git / commitdiff
