return 0;
}
-static int setup_userns(uid_t uid, gid_t gid) {
- int r;
-
- /* mkfs programs tend to keep ownership intact when bootstrapping themselves from a root directory.
- * However, we'd like for the files to be owned by root instead, so we fork off a user namespace and
- * inside of it, map the uid/gid of the root directory to root in the user namespace. mkfs programs
- * will pick up on this and the files will be owned by root in the generated filesystem. */
-
- r = write_string_filef("/proc/self/uid_map", WRITE_STRING_FILE_DISABLE_BUFFER,
- UID_FMT " " UID_FMT " " UID_FMT, 0u, uid, 1u);
- if (r < 0)
- return log_error_errno(r,
- "Failed to write mapping for "UID_FMT" to /proc/self/uid_map: %m",
- uid);
-
- r = write_string_file("/proc/self/setgroups", "deny", WRITE_STRING_FILE_DISABLE_BUFFER);
- if (r < 0)
- return log_error_errno(r, "Failed to write 'deny' to /proc/self/setgroups: %m");
-
- r = write_string_filef("/proc/self/gid_map", WRITE_STRING_FILE_DISABLE_BUFFER,
- GID_FMT " " GID_FMT " " GID_FMT, 0u, gid, 1u);
- if (r < 0)
- return log_error_errno(r,
- "Failed to write mapping for "GID_FMT" to /proc/self/gid_map: %m",
- gid);
-
- return 0;
-}
-
static int do_mcopy(const char *node, const char *root) {
_cleanup_free_ char *mcopy = NULL;
_cleanup_strv_free_ char **argv = NULL;
_cleanup_close_ int rfd = -EBADF;
_cleanup_free_ DirectoryEntries *de = NULL;
- struct stat st;
int r;
assert(node);
if (strv_extend(&argv, "::") < 0)
return log_oom();
- if (fstat(rfd, &st) < 0)
- return log_error_errno(errno, "Failed to stat '%s': %m", root);
-
- r = safe_fork("(mcopy)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_NEW_USERNS|FORK_CLOSE_ALL_FDS, NULL);
+ r = safe_fork("(mcopy)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS, NULL);
if (r < 0)
return r;
if (r == 0) {
- r = setup_userns(st.st_uid, st.st_gid);
- if (r < 0)
- _exit(EXIT_FAILURE);
-
/* Avoid failures caused by mismatch in expectations between mkfs.vfat and mcopy by disabling
* the stricter mcopy checks using MTOOLS_SKIP_CHECK. */
execve(mcopy, argv, STRV_MAKE("MTOOLS_SKIP_CHECK=1"));
_cleanup_strv_free_ char **argv = NULL;
_cleanup_(unlink_and_freep) char *protofile = NULL;
char vol_id[CONST_MAX(SD_ID128_UUID_STRING_MAX, 8U + 1U)] = {};
- struct stat st;
int r;
assert(node);
if (extra_mkfs_args && strv_extend_strv(&argv, extra_mkfs_args, false) < 0)
return log_oom();
- if (root && stat(root, &st) < 0)
- return log_error_errno(errno, "Failed to stat %s: %m", root);
-
- r = safe_fork("(mkfs)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS|(root ? FORK_NEW_USERNS : 0), NULL);
+ r = safe_fork("(mkfs)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS, NULL);
if (r < 0)
return r;
if (r == 0) {
/* Child */
- if (root) {
- r = setup_userns(st.st_uid, st.st_gid);
- if (r < 0)
- _exit(EXIT_FAILURE);
- }
-
execvp(mkfs, argv);
log_error_errno(errno, "Failed to execute %s: %m", mkfs);
# 2. Testing with root, root2, home, and swap
- cat >"$defs/root.conf" <<EOF
+ runas testuser tee "$defs/root.conf" <<EOF
[Partition]
Type=root
EOF
ln -s root.conf "$defs/root2.conf"
- cat >"$defs/home.conf" <<EOF
+ runas testuser tee "$defs/home.conf" <<EOF
[Partition]
Type=home
Label=home-first
Label=home-always-too-long-xxxxxxxxxxxxxx-%v
EOF
- cat >"$defs/swap.conf" <<EOF
+ runas testuser tee "$defs/swap.conf" <<EOF
[Partition]
Type=swap
SizeMaxBytes=64M
# 3. Testing with root, root2, home, swap, and another partition
- cat >"$defs/swap.conf" <<EOF
+ runas testuser tee "$defs/swap.conf" <<EOF
[Partition]
Type=swap
SizeMaxBytes=64M
EOF
- cat >"$defs/extra.conf" <<EOF
+ runas testuser tee "$defs/extra.conf" <<EOF
[Partition]
Type=linux-generic
Label=custom_label
dd if=/dev/urandom of="$imgs/block-copy" bs=4096 count=10240
- cat >"$defs/extra2.conf" <<EOF
+ runas testuser tee "$defs/extra2.conf" <<EOF
[Partition]
Type=linux-generic
Label=block-copy
# 6. Testing Format=/Encrypt=/CopyFiles=
- cat >"$defs/extra3.conf" <<EOF
+ runas testuser tee "$defs/extra3.conf" <<EOF
[Partition]
Type=linux-generic
Label=luks-format-copy
# shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN
- cat >"$defs/root.conf" <<EOF
+ runas testuser tee "$defs/root.conf" <<EOF
[Partition]
Type=swap
SizeMaxBytes=64M
UUID=837c3d67-21b3-478e-be82-7e7f83bf96d3
EOF
- mkdir -p "$defs/root.conf.d"
- cat >"$defs/root.conf.d/override1.conf" <<EOF
+ runas testuser mkdir -p "$defs/root.conf.d"
+ runas testuser tee "$defs/root.conf.d/override1.conf" <<EOF
[Partition]
Label=label1
SizeMaxBytes=32M
EOF
- cat >"$defs/root.conf.d/override2.conf" <<EOF
+ runas testuser tee "$defs/root.conf.d/override2.conf" <<EOF
[Partition]
Label=label2
EOF
# shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN
- mkdir -p "$defs/1"
+ runas testuser mkdir -p "$defs/1"
- cat >"$defs/1/root1.conf" <<EOF
+ runas testuser tee "$defs/1/root1.conf" <<EOF
[Partition]
Type=swap
SizeMaxBytes=32M
Label=label1
EOF
- mkdir -p "$defs/2"
+ runas testuser mkdir -p "$defs/2"
- cat >"$defs/2/root2.conf" <<EOF
+ runas testuser tee "$defs/2/root2.conf" <<EOF
[Partition]
Type=swap
SizeMaxBytes=32M
# First, create a disk image and verify its in order
- cat >"$defs/esp.conf" <<EOF
+ runas testuser tee "$defs/esp.conf" <<EOF
[Partition]
Type=esp
SizeMinBytes=10M
Format=vfat
EOF
- cat >"$defs/usr.conf" <<EOF
+ runas testuser tee "$defs/usr.conf" <<EOF
[Partition]
Type=usr-${architecture}
SizeMinBytes=10M
ReadOnly=yes
EOF
- cat >"$defs/root.conf" <<EOF
+ runas testuser tee "$defs/root.conf" <<EOF
[Partition]
Type=root-${architecture}
SizeMinBytes=10M
# Then, create another image with CopyBlocks=auto
- cat >"$defs/esp.conf" <<EOF
+ runas testuser tee "$defs/esp.conf" <<EOF
[Partition]
Type=esp
CopyBlocks=auto
EOF
- cat >"$defs/usr.conf" <<EOF
+ runas testuser tee "$defs/usr.conf" <<EOF
[Partition]
Type=usr-${architecture}
ReadOnly=yes
CopyBlocks=auto
EOF
- cat >"$defs/root.conf" <<EOF
+ runas testuser tee "$defs/root.conf" <<EOF
[Partition]
Type=root-${architecture}
CopyBlocks=auto
# Operate on an image with unaligned partition.
- cat >"$defs/root.conf" <<EOF
+ runas testuser tee "$defs/root.conf" <<EOF
[Partition]
Type=root-${architecture}
EOF
# shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN
- cat >"$defs/test.conf" <<EOF
+ runas testuser tee "$defs/test.conf" <<EOF
[Partition]
Type=root
EOF
# shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN
- cat >"$defs/root.conf" <<EOF
+ runas testuser tee "$defs/root.conf" <<EOF
[Partition]
Type=root
SizeMinBytes=10G
SizeMaxBytes=120G
EOF
- cat >"$imgs/partscript" <<EOF
+ runas testuser tee "$imgs/partscript" <<EOF
label: gpt
label-id: C9FFE979-A415-C449-B729-78C7AA664B10
unit: sectors
assert_in "$imgs/zzz2 : start= 524328, size= 24641456, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\"" "$output"
# 3. Multiple partitions with Priority= (small disk)
- cat >"$defs/root.conf" <<EOF
+ runas testuser tee "$defs/root.conf" <<EOF
[Partition]
Type=root
SizeMinBytes=10G
Priority=100
EOF
- cat >"$defs/usr.conf" <<EOF
+ runas testuser tee "$defs/usr.conf" <<EOF
[Partition]
Type=usr
SizeMinBytes=10M
# Test image with zero UUID.
- cat >"$defs/root.conf" <<EOF
+ runas testuser tee "$defs/root.conf" <<EOF
[Partition]
Type=root-${architecture}
UUID=null
# shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN
- cat >"$defs/verity-data.conf" <<EOF
+ runas testuser tee "$defs/verity-data.conf" <<EOF
[Partition]
Type=root-${architecture}
CopyFiles=${defs}
VerityMatchKey=root
EOF
- cat >"$defs/verity-hash.conf" <<EOF
+ runas testuser tee "$defs/verity-hash.conf" <<EOF
[Partition]
Type=root-${architecture}-verity
Verity=hash
VerityMatchKey=root
EOF
- cat >"$defs/verity-sig.conf" <<EOF
+ runas testuser tee "$defs/verity-sig.conf" <<EOF
[Partition]
Type=root-${architecture}-verity-sig
Verity=signature
EOF
# Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents
- cat >> "$defs/verity.openssl.cnf" <<EOF
+ runas testuser tee > "$defs/verity.openssl.cnf" <<EOF
[ req ]
prompt = no
distinguished_name = req_distinguished_name
# shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs' '$root'" RETURN
- touch "$root/abc"
- mkdir "$root/usr"
- touch "$root/usr/def"
+ runas testuser touch "$root/abc"
+ runas testuser mkdir "$root/usr"
+ runas testuser touch "$root/usr/def"
- cat >"$defs/00-root.conf" <<EOF
+ runas testuser tee "$defs/00-root.conf" <<EOF
[Partition]
Type=root-${architecture}
CopyFiles=/
EOF
- cat >"$defs/10-usr.conf" <<EOF
+ runas testuser tee "$defs/10-usr.conf" <<EOF
[Partition]
Type=usr-${architecture}
CopyFiles=/usr:/
continue
fi
- cat >"$defs/root-$format.conf" <<EOF
+ tee "$defs/root-$format.conf" <<EOF
[Partition]
Type=root-${architecture}
Format=${format}
done
if ! command -v mksquashfs >/dev/null; then
- cat >"$defs/root-squashfs.conf" <<EOF
+ tee "$defs/root-squashfs.conf" <<EOF
[Partition]
Type=root-${architecture}
Format=squashfs
# shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN
- cat > "$defs/a.conf" <<EOF
+ tee "$defs/a.conf" <<EOF
[Partition]
Type=root
SizeMaxBytes=15M
SizeMinBytes=15M
EOF
- cat > "$defs/b.conf" <<EOF
+ tee "$defs/b.conf" <<EOF
[Partition]
Type=linux-generic
Weight=250
EOF
- cat > "$defs/c.conf" <<EOF
+ tee "$defs/c.conf" <<EOF
[Partition]
Type=linux-generic
Weight=750
projects / thirdparty / systemd.git / commitdiff
