2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2015-12-03 21:13:37 +01:00
|
|
|
#include <errno.h>
|
2014-12-27 17:44:04 +01:00
|
|
|
#include <fcntl.h>
|
2018-12-23 19:23:58 +01:00
|
|
|
#include <linux/fs.h>
|
|
|
|
|
#include <linux/loop.h>
|
2015-12-03 21:13:37 +01:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
2016-02-19 00:34:30 +01:00
|
|
|
#include <sys/file.h>
|
2018-12-06 07:30:35 +01:00
|
|
|
#include <sys/ioctl.h>
|
2015-12-03 21:13:37 +01:00
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <unistd.h>
|
2016-11-18 23:31:01 +01:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2014-12-19 18:42:50 +01:00
|
|
|
#include "btrfs-util.h"
|
2015-10-26 20:39:23 +01:00
|
|
|
#include "chattr-util.h"
|
2014-12-27 17:44:04 +01:00
|
|
|
#include "copy.h"
|
2015-10-26 20:07:55 +01:00
|
|
|
#include "dirent-util.h"
|
2017-11-14 23:25:13 +01:00
|
|
|
#include "dissect-image.h"
|
2018-11-30 22:08:41 +01:00
|
|
|
#include "env-file.h"
|
2016-11-18 23:34:39 +01:00
|
|
|
#include "env-util.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
2015-10-26 21:16:26 +01:00
|
|
|
#include "fs-util.h"
|
2015-12-03 21:13:37 +01:00
|
|
|
#include "hashmap.h"
|
2017-11-14 23:25:13 +01:00
|
|
|
#include "hostname-util.h"
|
|
|
|
|
#include "id128-util.h"
|
2015-12-03 21:13:37 +01:00
|
|
|
#include "lockfile-util.h"
|
|
|
|
|
#include "log.h"
|
2017-11-14 23:25:13 +01:00
|
|
|
#include "loop-util.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "machine-image.h"
|
2016-11-18 23:31:01 +01:00
|
|
|
#include "macro.h"
|
2015-01-14 23:09:02 +01:00
|
|
|
#include "mkdir.h"
|
2019-03-14 13:14:33 +01:00
|
|
|
#include "nulstr-util.h"
|
2018-03-26 16:32:40 +02:00
|
|
|
#include "os-util.h"
|
2015-09-09 18:51:23 +02:00
|
|
|
#include "path-util.h"
|
2015-04-04 11:52:57 +02:00
|
|
|
#include "rm-rf.h"
|
2015-10-26 22:31:05 +01:00
|
|
|
#include "string-table.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "string-util.h"
|
2015-09-09 18:51:23 +02:00
|
|
|
#include "strv.h"
|
2015-12-03 21:13:37 +01:00
|
|
|
#include "time-util.h"
|
2015-09-09 18:51:23 +02:00
|
|
|
#include "utf8.h"
|
2015-10-26 20:26:23 +01:00
|
|
|
#include "xattr-util.h"
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
static const char* const image_search_path[_IMAGE_CLASS_MAX] = {
|
2018-04-17 11:08:54 +02:00
|
|
|
[IMAGE_MACHINE] = "/etc/machines\0" /* only place symlinks here */
|
|
|
|
|
"/run/machines\0" /* and here too */
|
|
|
|
|
"/var/lib/machines\0" /* the main place for images */
|
|
|
|
|
"/var/lib/container\0" /* legacy */
|
2018-04-05 15:39:43 +02:00
|
|
|
"/usr/local/lib/machines\0"
|
|
|
|
|
"/usr/lib/machines\0",
|
|
|
|
|
|
2018-04-17 11:08:54 +02:00
|
|
|
[IMAGE_PORTABLE] = "/etc/portables\0" /* only place symlinks here */
|
|
|
|
|
"/run/portables\0" /* and here too */
|
|
|
|
|
"/var/lib/portables\0" /* the main place for images */
|
2018-04-05 15:39:43 +02:00
|
|
|
"/usr/local/lib/portables\0"
|
|
|
|
|
"/usr/lib/portables\0",
|
|
|
|
|
};
|
2014-12-19 20:07:23 +01:00
|
|
|
|
2018-08-27 07:01:46 +02:00
|
|
|
static Image *image_free(Image *i) {
|
|
|
|
|
assert(i);
|
2018-04-16 21:38:24 +02:00
|
|
|
|
2014-12-19 18:42:50 +01:00
|
|
|
free(i->name);
|
|
|
|
|
free(i->path);
|
2017-11-14 23:25:13 +01:00
|
|
|
|
|
|
|
|
free(i->hostname);
|
|
|
|
|
strv_free(i->machine_info);
|
|
|
|
|
strv_free(i->os_release);
|
|
|
|
|
|
2016-10-17 00:28:30 +02:00
|
|
|
return mfree(i);
|
2014-12-19 18:42:50 +01:00
|
|
|
}
|
|
|
|
|
|
2018-08-27 07:01:46 +02:00
|
|
|
DEFINE_TRIVIAL_REF_UNREF_FUNC(Image, image, image_free);
|
2018-11-28 14:54:44 +01:00
|
|
|
DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(image_hash_ops, char, string_hash_func, string_compare_func,
|
|
|
|
|
Image, image_unref);
|
2018-04-16 21:38:24 +02:00
|
|
|
|
2015-09-09 18:51:23 +02:00
|
|
|
static char **image_settings_path(Image *image) {
|
|
|
|
|
_cleanup_strv_free_ char **l = NULL;
|
|
|
|
|
const char *fn, *s;
|
|
|
|
|
unsigned i = 0;
|
|
|
|
|
|
|
|
|
|
assert(image);
|
|
|
|
|
|
|
|
|
|
l = new0(char*, 4);
|
|
|
|
|
if (!l)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
fn = strjoina(image->name, ".nspawn");
|
|
|
|
|
|
2019-07-11 19:14:16 +02:00
|
|
|
FOREACH_STRING(s, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
|
|
|
|
|
l[i] = path_join(s, fn);
|
2015-09-09 18:51:23 +02:00
|
|
|
if (!l[i])
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
i++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
l[i] = file_in_same_dir(image->path, fn);
|
|
|
|
|
if (!l[i])
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2018-03-22 16:53:26 +01:00
|
|
|
return TAKE_PTR(l);
|
2015-09-09 18:51:23 +02:00
|
|
|
}
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
static char *image_roothash_path(Image *image) {
|
|
|
|
|
const char *fn;
|
|
|
|
|
|
|
|
|
|
assert(image);
|
|
|
|
|
|
|
|
|
|
fn = strjoina(image->name, ".roothash");
|
|
|
|
|
|
|
|
|
|
return file_in_same_dir(image->path, fn);
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
static int image_new(
|
2014-12-19 18:42:50 +01:00
|
|
|
ImageType t,
|
2014-12-26 18:59:26 +01:00
|
|
|
const char *pretty,
|
2014-12-19 18:42:50 +01:00
|
|
|
const char *path,
|
2014-12-26 18:59:26 +01:00
|
|
|
const char *filename,
|
2014-12-19 18:42:50 +01:00
|
|
|
bool read_only,
|
2014-12-25 03:19:19 +01:00
|
|
|
usec_t crtime,
|
2014-12-19 18:42:50 +01:00
|
|
|
usec_t mtime,
|
2014-12-19 20:07:23 +01:00
|
|
|
Image **ret) {
|
2014-12-19 18:42:50 +01:00
|
|
|
|
|
|
|
|
_cleanup_(image_unrefp) Image *i = NULL;
|
|
|
|
|
|
|
|
|
|
assert(t >= 0);
|
|
|
|
|
assert(t < _IMAGE_TYPE_MAX);
|
2014-12-26 18:59:26 +01:00
|
|
|
assert(pretty);
|
|
|
|
|
assert(filename);
|
2014-12-19 20:07:23 +01:00
|
|
|
assert(ret);
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
i = new0(Image, 1);
|
2014-12-19 18:42:50 +01:00
|
|
|
if (!i)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2018-04-16 21:38:24 +02:00
|
|
|
i->n_ref = 1;
|
2014-12-19 18:42:50 +01:00
|
|
|
i->type = t;
|
|
|
|
|
i->read_only = read_only;
|
2014-12-25 03:19:19 +01:00
|
|
|
i->crtime = crtime;
|
2014-12-19 18:42:50 +01:00
|
|
|
i->mtime = mtime;
|
2015-01-19 17:01:15 +01:00
|
|
|
i->usage = i->usage_exclusive = (uint64_t) -1;
|
2014-12-28 02:05:28 +01:00
|
|
|
i->limit = i->limit_exclusive = (uint64_t) -1;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2014-12-26 18:59:26 +01:00
|
|
|
i->name = strdup(pretty);
|
2014-12-19 18:42:50 +01:00
|
|
|
if (!i->name)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2019-06-20 20:07:01 +02:00
|
|
|
i->path = path_join(path, filename);
|
2014-12-26 18:59:26 +01:00
|
|
|
if (!i->path)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2018-05-31 16:39:31 +02:00
|
|
|
path_simplify(i->path, false);
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-05 07:26:26 +02:00
|
|
|
*ret = TAKE_PTR(i);
|
2014-12-19 20:07:23 +01:00
|
|
|
|
2014-12-19 18:42:50 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 18:01:27 +02:00
|
|
|
static int extract_pretty(const char *path, const char *suffix, char **ret) {
|
|
|
|
|
_cleanup_free_ char *name = NULL;
|
|
|
|
|
const char *p;
|
|
|
|
|
size_t n;
|
|
|
|
|
|
|
|
|
|
assert(path);
|
|
|
|
|
assert(ret);
|
|
|
|
|
|
|
|
|
|
p = last_path_component(path);
|
|
|
|
|
n = strcspn(p, "/");
|
|
|
|
|
|
|
|
|
|
name = strndup(p, n);
|
|
|
|
|
if (!name)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
if (suffix) {
|
|
|
|
|
char *e;
|
|
|
|
|
|
|
|
|
|
e = endswith(name, suffix);
|
|
|
|
|
if (!e)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
*e = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!image_name_is_valid(name))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
*ret = TAKE_PTR(name);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-26 18:59:26 +01:00
|
|
|
static int image_make(
|
|
|
|
|
const char *pretty,
|
|
|
|
|
int dfd,
|
|
|
|
|
const char *path,
|
|
|
|
|
const char *filename,
|
2018-04-06 18:53:57 +02:00
|
|
|
const struct stat *st,
|
2014-12-26 18:59:26 +01:00
|
|
|
Image **ret) {
|
|
|
|
|
|
2019-05-24 10:54:09 +02:00
|
|
|
_cleanup_free_ char *pretty_buffer = NULL, *parent = NULL;
|
2018-04-06 18:53:57 +02:00
|
|
|
struct stat stbuf;
|
2014-12-26 18:59:26 +01:00
|
|
|
bool read_only;
|
2014-12-19 18:42:50 +01:00
|
|
|
int r;
|
|
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
assert(dfd >= 0 || dfd == AT_FDCWD);
|
2019-05-22 16:31:01 +02:00
|
|
|
assert(path || dfd == AT_FDCWD);
|
2014-12-26 18:59:26 +01:00
|
|
|
assert(filename);
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2017-10-04 17:36:58 +02:00
|
|
|
/* We explicitly *do* follow symlinks here, since we want to allow symlinking trees, raw files and block
|
2018-04-06 18:53:57 +02:00
|
|
|
* devices into /var/lib/machines/, and treat them normally.
|
|
|
|
|
*
|
|
|
|
|
* This function returns -ENOENT if we can't find the image after all, and -EMEDIUMTYPE if it's not a file we
|
|
|
|
|
* recognize. */
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
if (!st) {
|
|
|
|
|
if (fstatat(dfd, filename, &stbuf, 0) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
st = &stbuf;
|
|
|
|
|
}
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2019-05-24 10:54:09 +02:00
|
|
|
if (!path) {
|
|
|
|
|
if (dfd == AT_FDCWD)
|
|
|
|
|
(void) safe_getcwd(&parent);
|
|
|
|
|
else
|
|
|
|
|
(void) fd_get_path(dfd, &parent);
|
|
|
|
|
}
|
2019-05-22 16:31:01 +02:00
|
|
|
|
2014-12-26 18:59:26 +01:00
|
|
|
read_only =
|
|
|
|
|
(path && path_startswith(path, "/usr")) ||
|
2014-12-26 19:36:25 +01:00
|
|
|
(faccessat(dfd, filename, W_OK, AT_EACCESS) < 0 && errno == EROFS);
|
2014-12-26 16:44:15 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
if (S_ISDIR(st->st_mode)) {
|
2015-01-14 02:21:51 +01:00
|
|
|
_cleanup_close_ int fd = -1;
|
|
|
|
|
unsigned file_attr = 0;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
if (!ret)
|
2018-04-06 18:53:57 +02:00
|
|
|
return 0;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-05 18:01:27 +02:00
|
|
|
if (!pretty) {
|
|
|
|
|
r = extract_pretty(filename, NULL, &pretty_buffer);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
pretty = pretty_buffer;
|
|
|
|
|
}
|
2014-12-26 18:59:26 +01:00
|
|
|
|
2015-01-14 02:21:51 +01:00
|
|
|
fd = openat(dfd, filename, O_CLOEXEC|O_NOCTTY|O_DIRECTORY);
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
/* btrfs subvolumes have inode 256 */
|
2018-04-06 18:53:57 +02:00
|
|
|
if (st->st_ino == 256) {
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2015-04-22 13:08:19 +02:00
|
|
|
r = btrfs_is_filesystem(fd);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r) {
|
2014-12-25 03:19:19 +01:00
|
|
|
BtrfsSubvolInfo info;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
/* It's a btrfs subvolume */
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2015-10-21 19:38:21 +02:00
|
|
|
r = btrfs_subvol_get_info_fd(fd, 0, &info);
|
2014-12-25 03:19:19 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2014-12-19 20:07:23 +01:00
|
|
|
|
|
|
|
|
r = image_new(IMAGE_SUBVOLUME,
|
2014-12-26 18:59:26 +01:00
|
|
|
pretty,
|
2014-12-19 20:07:23 +01:00
|
|
|
path,
|
2014-12-26 18:59:26 +01:00
|
|
|
filename,
|
|
|
|
|
info.read_only || read_only,
|
2014-12-25 03:19:19 +01:00
|
|
|
info.otime,
|
2014-12-19 20:07:23 +01:00
|
|
|
0,
|
|
|
|
|
ret);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2015-10-21 19:38:21 +02:00
|
|
|
if (btrfs_quota_scan_ongoing(fd) == 0) {
|
|
|
|
|
BtrfsQuotaInfo quota;
|
2014-12-28 02:05:28 +01:00
|
|
|
|
2015-10-21 19:38:21 +02:00
|
|
|
r = btrfs_subvol_get_subtree_quota_fd(fd, 0, "a);
|
|
|
|
|
if (r >= 0) {
|
|
|
|
|
(*ret)->usage = quota.referenced;
|
|
|
|
|
(*ret)->usage_exclusive = quota.exclusive;
|
|
|
|
|
|
|
|
|
|
(*ret)->limit = quota.referenced_max;
|
|
|
|
|
(*ret)->limit_exclusive = quota.exclusive_max;
|
|
|
|
|
}
|
2014-12-28 02:05:28 +01:00
|
|
|
}
|
|
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
return 0;
|
2014-12-19 18:42:50 +01:00
|
|
|
}
|
2014-12-19 20:07:23 +01:00
|
|
|
}
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2015-01-14 02:21:51 +01:00
|
|
|
/* If the IMMUTABLE bit is set, we consider the
|
|
|
|
|
* directory read-only. Since the ioctl is not
|
|
|
|
|
* supported everywhere we ignore failures. */
|
|
|
|
|
(void) read_attr_fd(fd, &file_attr);
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2015-01-14 02:21:51 +01:00
|
|
|
/* It's just a normal directory. */
|
2014-12-19 20:07:23 +01:00
|
|
|
r = image_new(IMAGE_DIRECTORY,
|
2014-12-26 18:59:26 +01:00
|
|
|
pretty,
|
2014-12-19 20:07:23 +01:00
|
|
|
path,
|
2014-12-26 18:59:26 +01:00
|
|
|
filename,
|
2015-01-14 02:21:51 +01:00
|
|
|
read_only || (file_attr & FS_IMMUTABLE_FL),
|
2014-12-19 20:07:23 +01:00
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
ret);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
return 0;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
} else if (S_ISREG(st->st_mode) && endswith(filename, ".raw")) {
|
2014-12-25 03:19:19 +01:00
|
|
|
usec_t crtime = 0;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2015-01-15 01:03:33 +01:00
|
|
|
/* It's a RAW disk image */
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
if (!ret)
|
2018-04-06 18:53:57 +02:00
|
|
|
return 0;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-05 18:01:27 +02:00
|
|
|
(void) fd_getcrtime_at(dfd, filename, &crtime, 0);
|
2014-12-25 03:19:19 +01:00
|
|
|
|
2018-04-05 18:01:27 +02:00
|
|
|
if (!pretty) {
|
|
|
|
|
r = extract_pretty(filename, ".raw", &pretty_buffer);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
pretty = pretty_buffer;
|
|
|
|
|
}
|
2014-12-25 03:19:19 +01:00
|
|
|
|
2015-01-15 01:03:33 +01:00
|
|
|
r = image_new(IMAGE_RAW,
|
2014-12-26 18:59:26 +01:00
|
|
|
pretty,
|
2014-12-19 20:07:23 +01:00
|
|
|
path,
|
2014-12-26 18:59:26 +01:00
|
|
|
filename,
|
2018-04-06 18:53:57 +02:00
|
|
|
!(st->st_mode & 0222) || read_only,
|
2014-12-25 03:19:19 +01:00
|
|
|
crtime,
|
2018-04-06 18:53:57 +02:00
|
|
|
timespec_load(&st->st_mtim),
|
2014-12-19 20:07:23 +01:00
|
|
|
ret);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
(*ret)->usage = (*ret)->usage_exclusive = st->st_blocks * 512;
|
|
|
|
|
(*ret)->limit = (*ret)->limit_exclusive = st->st_size;
|
2014-12-28 02:05:28 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
return 0;
|
2017-10-04 17:36:58 +02:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
} else if (S_ISBLK(st->st_mode)) {
|
2017-10-04 17:36:58 +02:00
|
|
|
_cleanup_close_ int block_fd = -1;
|
|
|
|
|
uint64_t size = UINT64_MAX;
|
|
|
|
|
|
|
|
|
|
/* A block device */
|
|
|
|
|
|
|
|
|
|
if (!ret)
|
2018-04-06 18:53:57 +02:00
|
|
|
return 0;
|
2017-10-04 17:36:58 +02:00
|
|
|
|
2018-04-05 18:01:27 +02:00
|
|
|
if (!pretty) {
|
|
|
|
|
r = extract_pretty(filename, NULL, &pretty_buffer);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
pretty = pretty_buffer;
|
|
|
|
|
}
|
2017-10-04 17:36:58 +02:00
|
|
|
|
|
|
|
|
block_fd = openat(dfd, filename, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY);
|
|
|
|
|
if (block_fd < 0)
|
2019-05-24 10:54:09 +02:00
|
|
|
log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
|
2017-10-04 17:36:58 +02:00
|
|
|
else {
|
2018-04-06 18:53:57 +02:00
|
|
|
/* Refresh stat data after opening the node */
|
|
|
|
|
if (fstat(block_fd, &stbuf) < 0)
|
2017-10-04 17:36:58 +02:00
|
|
|
return -errno;
|
2018-04-06 18:53:57 +02:00
|
|
|
st = &stbuf;
|
|
|
|
|
|
|
|
|
|
if (!S_ISBLK(st->st_mode)) /* Verify that what we opened is actually what we think it is */
|
2017-10-04 17:36:58 +02:00
|
|
|
return -ENOTTY;
|
|
|
|
|
|
|
|
|
|
if (!read_only) {
|
|
|
|
|
int state = 0;
|
|
|
|
|
|
|
|
|
|
if (ioctl(block_fd, BLKROGET, &state) < 0)
|
2019-05-24 10:54:09 +02:00
|
|
|
log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
|
2017-10-04 17:36:58 +02:00
|
|
|
else if (state)
|
|
|
|
|
read_only = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ioctl(block_fd, BLKGETSIZE64, &size) < 0)
|
2019-05-24 10:54:09 +02:00
|
|
|
log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path ?: strnull(parent), filename);
|
2017-10-04 17:36:58 +02:00
|
|
|
|
|
|
|
|
block_fd = safe_close(block_fd);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
r = image_new(IMAGE_BLOCK,
|
|
|
|
|
pretty,
|
|
|
|
|
path,
|
|
|
|
|
filename,
|
2018-04-06 18:53:57 +02:00
|
|
|
!(st->st_mode & 0222) || read_only,
|
2017-10-04 17:36:58 +02:00
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
ret);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2019-04-29 18:22:22 +02:00
|
|
|
if (!IN_SET(size, 0, UINT64_MAX))
|
2017-10-04 17:36:58 +02:00
|
|
|
(*ret)->usage = (*ret)->usage_exclusive = (*ret)->limit = (*ret)->limit_exclusive = size;
|
|
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
return 0;
|
2014-12-19 20:07:23 +01:00
|
|
|
}
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
return -EMEDIUMTYPE;
|
2014-12-19 20:07:23 +01:00
|
|
|
}
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
int image_find(ImageClass class, const char *name, Image **ret) {
|
2014-12-19 20:07:23 +01:00
|
|
|
const char *path;
|
|
|
|
|
int r;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
assert(class >= 0);
|
|
|
|
|
assert(class < _IMAGE_CLASS_MAX);
|
2014-12-19 20:07:23 +01:00
|
|
|
assert(name);
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
/* There are no images with invalid names */
|
|
|
|
|
if (!image_name_is_valid(name))
|
2018-04-06 18:53:57 +02:00
|
|
|
return -ENOENT;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
NULSTR_FOREACH(path, image_search_path[class]) {
|
2014-12-19 20:07:23 +01:00
|
|
|
_cleanup_closedir_ DIR *d = NULL;
|
2018-04-06 18:53:57 +02:00
|
|
|
struct stat st;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
d = opendir(path);
|
|
|
|
|
if (!d) {
|
|
|
|
|
if (errno == ENOENT)
|
|
|
|
|
continue;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
return -errno;
|
|
|
|
|
}
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
/* As mentioned above, we follow symlinks on this fstatat(), because we want to permit people to
|
|
|
|
|
* symlink block devices into the search path */
|
|
|
|
|
if (fstatat(dirfd(d), name, &st, 0) < 0) {
|
2015-01-15 01:03:33 +01:00
|
|
|
_cleanup_free_ char *raw = NULL;
|
2014-12-26 18:59:26 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
if (errno != ENOENT)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
2019-07-11 19:14:16 +02:00
|
|
|
raw = strjoin(name, ".raw");
|
2015-01-15 01:03:33 +01:00
|
|
|
if (!raw)
|
2014-12-26 18:59:26 +01:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
if (fstatat(dirfd(d), raw, &st, 0) < 0) {
|
|
|
|
|
|
|
|
|
|
if (errno == ENOENT)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!S_ISREG(st.st_mode))
|
2014-12-26 18:59:26 +01:00
|
|
|
continue;
|
2018-04-06 18:53:57 +02:00
|
|
|
|
|
|
|
|
r = image_make(name, dirfd(d), path, raw, &st, ret);
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
if (!S_ISDIR(st.st_mode) && !S_ISBLK(st.st_mode))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
r = image_make(name, dirfd(d), path, name, &st, ret);
|
2014-12-26 18:59:26 +01:00
|
|
|
}
|
2018-04-06 18:53:57 +02:00
|
|
|
if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
|
|
|
|
|
continue;
|
2014-12-19 20:07:23 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2014-12-19 18:42:50 +01:00
|
|
|
|
2018-04-17 11:14:57 +02:00
|
|
|
if (ret)
|
|
|
|
|
(*ret)->discoverable = true;
|
|
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-17 11:14:57 +02:00
|
|
|
if (class == IMAGE_MACHINE && streq(name, ".host")) {
|
|
|
|
|
r = image_make(".host", AT_FDCWD, NULL, "/", NULL, ret);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
|
(*ret)->discoverable = true;
|
|
|
|
|
|
|
|
|
|
return r;
|
|
|
|
|
}
|
2014-12-26 18:59:26 +01:00
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
return -ENOENT;
|
2014-12-19 20:07:23 +01:00
|
|
|
};
|
|
|
|
|
|
2018-04-06 18:58:28 +02:00
|
|
|
int image_from_path(const char *path, Image **ret) {
|
2018-04-17 11:14:57 +02:00
|
|
|
|
|
|
|
|
/* Note that we don't set the 'discoverable' field of the returned object, because we don't check here whether
|
|
|
|
|
* the image is in the image search path. And if it is we don't know if the path we used is actually not
|
2018-06-18 22:43:12 +02:00
|
|
|
* overridden by another, different image earlier in the search path */
|
2018-04-17 11:14:57 +02:00
|
|
|
|
2018-04-06 18:58:28 +02:00
|
|
|
if (path_equal(path, "/"))
|
|
|
|
|
return image_make(".host", AT_FDCWD, NULL, "/", NULL, ret);
|
|
|
|
|
|
|
|
|
|
return image_make(NULL, AT_FDCWD, NULL, path, NULL, ret);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int image_find_harder(ImageClass class, const char *name_or_path, Image **ret) {
|
|
|
|
|
if (image_name_is_valid(name_or_path))
|
|
|
|
|
return image_find(class, name_or_path, ret);
|
|
|
|
|
|
|
|
|
|
return image_from_path(name_or_path, ret);
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
int image_discover(ImageClass class, Hashmap *h) {
|
2014-12-19 20:07:23 +01:00
|
|
|
const char *path;
|
|
|
|
|
int r;
|
|
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
assert(class >= 0);
|
|
|
|
|
assert(class < _IMAGE_CLASS_MAX);
|
2014-12-19 20:07:23 +01:00
|
|
|
assert(h);
|
|
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
NULSTR_FOREACH(path, image_search_path[class]) {
|
2014-12-19 20:07:23 +01:00
|
|
|
_cleanup_closedir_ DIR *d = NULL;
|
|
|
|
|
struct dirent *de;
|
|
|
|
|
|
|
|
|
|
d = opendir(path);
|
|
|
|
|
if (!d) {
|
|
|
|
|
if (errno == ENOENT)
|
2014-12-26 18:19:47 +01:00
|
|
|
continue;
|
2014-12-19 20:07:23 +01:00
|
|
|
|
|
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FOREACH_DIRENT_ALL(de, d, return -errno) {
|
|
|
|
|
_cleanup_(image_unrefp) Image *image = NULL;
|
2018-04-05 17:56:22 +02:00
|
|
|
_cleanup_free_ char *truncated = NULL;
|
2018-04-06 18:53:57 +02:00
|
|
|
const char *pretty;
|
|
|
|
|
struct stat st;
|
2014-12-19 20:07:23 +01:00
|
|
|
|
2018-04-05 17:56:22 +02:00
|
|
|
if (dot_or_dot_dot(de->d_name))
|
2014-12-19 20:07:23 +01:00
|
|
|
continue;
|
|
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
/* As mentioned above, we follow symlinks on this fstatat(), because we want to permit people
|
|
|
|
|
* to symlink block devices into the search path */
|
|
|
|
|
if (fstatat(dirfd(d), de->d_name, &st, 0) < 0) {
|
|
|
|
|
if (errno == ENOENT)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (S_ISREG(st.st_mode)) {
|
|
|
|
|
const char *e;
|
|
|
|
|
|
|
|
|
|
e = endswith(de->d_name, ".raw");
|
|
|
|
|
if (!e)
|
|
|
|
|
continue;
|
|
|
|
|
|
2018-04-05 17:56:22 +02:00
|
|
|
truncated = strndup(de->d_name, e - de->d_name);
|
|
|
|
|
if (!truncated)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
pretty = truncated;
|
2018-04-06 18:53:57 +02:00
|
|
|
} else if (S_ISDIR(st.st_mode) || S_ISBLK(st.st_mode))
|
2018-04-05 17:56:22 +02:00
|
|
|
pretty = de->d_name;
|
2018-04-06 18:53:57 +02:00
|
|
|
else
|
|
|
|
|
continue;
|
2018-04-05 17:56:22 +02:00
|
|
|
|
|
|
|
|
if (!image_name_is_valid(pretty))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (hashmap_contains(h, pretty))
|
2014-12-19 20:07:23 +01:00
|
|
|
continue;
|
|
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
r = image_make(pretty, dirfd(d), path, de->d_name, &st, &image);
|
|
|
|
|
if (IN_SET(r, -ENOENT, -EMEDIUMTYPE))
|
2014-12-19 20:07:23 +01:00
|
|
|
continue;
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2018-04-17 11:14:57 +02:00
|
|
|
image->discoverable = true;
|
|
|
|
|
|
2014-12-19 20:07:23 +01:00
|
|
|
r = hashmap_put(h, image->name, image);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
image = NULL;
|
2014-12-19 18:42:50 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
if (class == IMAGE_MACHINE && !hashmap_contains(h, ".host")) {
|
2014-12-26 18:59:26 +01:00
|
|
|
_cleanup_(image_unrefp) Image *image = NULL;
|
|
|
|
|
|
2018-04-06 18:53:57 +02:00
|
|
|
r = image_make(".host", AT_FDCWD, NULL, "/", NULL, &image);
|
2014-12-26 18:59:26 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2018-04-17 11:14:57 +02:00
|
|
|
image->discoverable = true;
|
|
|
|
|
|
2014-12-26 18:59:26 +01:00
|
|
|
r = hashmap_put(h, image->name, image);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
image = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-19 18:42:50 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-27 02:35:47 +01:00
|
|
|
int image_remove(Image *i) {
|
tree-wide: drop redundant _cleanup_ macros (#8810)
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
2018-04-25 12:31:45 +02:00
|
|
|
_cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
|
2015-09-09 18:51:23 +02:00
|
|
|
_cleanup_strv_free_ char **settings = NULL;
|
2016-12-21 12:24:11 +01:00
|
|
|
_cleanup_free_ char *roothash = NULL;
|
2015-09-09 18:51:23 +02:00
|
|
|
char **j;
|
2015-01-14 23:09:02 +01:00
|
|
|
int r;
|
|
|
|
|
|
2014-12-27 02:35:47 +01:00
|
|
|
assert(i);
|
|
|
|
|
|
2016-04-11 17:24:08 +02:00
|
|
|
if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
|
2014-12-27 02:35:47 +01:00
|
|
|
return -EROFS;
|
|
|
|
|
|
2015-09-09 18:51:23 +02:00
|
|
|
settings = image_settings_path(i);
|
|
|
|
|
if (!settings)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
roothash = image_roothash_path(i);
|
|
|
|
|
if (!roothash)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2015-01-14 23:09:02 +01:00
|
|
|
/* Make sure we don't interfere with a running nspawn */
|
|
|
|
|
r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
switch (i->type) {
|
|
|
|
|
|
|
|
|
|
case IMAGE_SUBVOLUME:
|
2017-10-04 17:42:23 +02:00
|
|
|
|
|
|
|
|
/* Let's unlink first, maybe it is a symlink? If that works we are happy. Otherwise, let's get out the
|
|
|
|
|
* big guns */
|
|
|
|
|
if (unlink(i->path) < 0) {
|
|
|
|
|
r = btrfs_subvol_remove(i->path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-09 18:51:23 +02:00
|
|
|
break;
|
2014-12-27 17:44:04 +01:00
|
|
|
|
|
|
|
|
case IMAGE_DIRECTORY:
|
2015-01-14 02:21:51 +01:00
|
|
|
/* Allow deletion of read-only directories */
|
2018-06-25 20:04:07 +02:00
|
|
|
(void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL);
|
2015-09-09 18:51:23 +02:00
|
|
|
r = rm_rf(i->path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
break;
|
2015-01-14 02:21:51 +01:00
|
|
|
|
2017-10-04 17:36:58 +02:00
|
|
|
case IMAGE_BLOCK:
|
|
|
|
|
|
|
|
|
|
/* If this is inside of /dev, then it's a real block device, hence let's not touch the device node
|
|
|
|
|
* itself (but let's remove the stuff stored alongside it). If it's anywhere else, let's try to unlink
|
|
|
|
|
* the thing (it's most likely a symlink after all). */
|
|
|
|
|
|
|
|
|
|
if (path_startswith(i->path, "/dev"))
|
|
|
|
|
break;
|
|
|
|
|
|
2017-11-19 19:06:10 +01:00
|
|
|
_fallthrough_;
|
2015-01-15 01:03:33 +01:00
|
|
|
case IMAGE_RAW:
|
2015-04-05 11:28:04 +02:00
|
|
|
if (unlink(i->path) < 0)
|
|
|
|
|
return -errno;
|
2015-09-09 18:51:23 +02:00
|
|
|
break;
|
2014-12-27 17:44:04 +01:00
|
|
|
|
|
|
|
|
default:
|
2015-03-13 14:08:00 +01:00
|
|
|
return -EOPNOTSUPP;
|
2014-12-27 17:44:04 +01:00
|
|
|
}
|
2015-09-09 18:51:23 +02:00
|
|
|
|
|
|
|
|
STRV_FOREACH(j, settings) {
|
|
|
|
|
if (unlink(*j) < 0 && errno != ENOENT)
|
|
|
|
|
log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", *j);
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
if (unlink(roothash) < 0 && errno != ENOENT)
|
|
|
|
|
log_debug_errno(errno, "Failed to unlink %s, ignoring: %m", roothash);
|
|
|
|
|
|
2015-09-09 18:51:23 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
static int rename_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
|
2015-09-09 18:51:23 +02:00
|
|
|
_cleanup_free_ char *rs = NULL;
|
|
|
|
|
const char *fn;
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
fn = strjoina(new_name, suffix);
|
2015-09-09 18:51:23 +02:00
|
|
|
|
|
|
|
|
rs = file_in_same_dir(path, fn);
|
|
|
|
|
if (!rs)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
return rename_noreplace(AT_FDCWD, path, AT_FDCWD, rs);
|
2014-12-27 17:44:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int image_rename(Image *i, const char *new_name) {
|
tree-wide: drop redundant _cleanup_ macros (#8810)
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
2018-04-25 12:31:45 +02:00
|
|
|
_cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT, name_lock = LOCK_FILE_INIT;
|
2016-12-21 12:24:11 +01:00
|
|
|
_cleanup_free_ char *new_path = NULL, *nn = NULL, *roothash = NULL;
|
2015-09-09 18:51:23 +02:00
|
|
|
_cleanup_strv_free_ char **settings = NULL;
|
2015-01-14 02:21:51 +01:00
|
|
|
unsigned file_attr = 0;
|
2015-09-09 18:51:23 +02:00
|
|
|
char **j;
|
2014-12-27 17:44:04 +01:00
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(i);
|
|
|
|
|
|
|
|
|
|
if (!image_name_is_valid(new_name))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2016-04-11 17:24:08 +02:00
|
|
|
if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
|
2014-12-27 17:44:04 +01:00
|
|
|
return -EROFS;
|
|
|
|
|
|
2015-09-09 18:51:23 +02:00
|
|
|
settings = image_settings_path(i);
|
|
|
|
|
if (!settings)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
roothash = image_roothash_path(i);
|
|
|
|
|
if (!roothash)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2015-01-14 23:09:02 +01:00
|
|
|
/* Make sure we don't interfere with a running nspawn */
|
|
|
|
|
r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
/* Make sure nobody takes the new name, between the time we
|
|
|
|
|
* checked it is currently unused in all search paths, and the
|
2016-05-04 11:26:17 +02:00
|
|
|
* time we take possession of it */
|
2015-01-14 23:09:02 +01:00
|
|
|
r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
r = image_find(IMAGE_MACHINE, new_name, NULL);
|
2018-04-06 18:53:57 +02:00
|
|
|
if (r >= 0)
|
2014-12-27 17:44:04 +01:00
|
|
|
return -EEXIST;
|
2018-04-06 18:53:57 +02:00
|
|
|
if (r != -ENOENT)
|
|
|
|
|
return r;
|
2014-12-27 17:44:04 +01:00
|
|
|
|
|
|
|
|
switch (i->type) {
|
|
|
|
|
|
|
|
|
|
case IMAGE_DIRECTORY:
|
2015-01-14 02:21:51 +01:00
|
|
|
/* Turn of the immutable bit while we rename the image, so that we can rename it */
|
|
|
|
|
(void) read_attr_path(i->path, &file_attr);
|
|
|
|
|
|
|
|
|
|
if (file_attr & FS_IMMUTABLE_FL)
|
2018-06-25 20:04:07 +02:00
|
|
|
(void) chattr_path(i->path, 0, FS_IMMUTABLE_FL, NULL);
|
2015-01-14 02:21:51 +01:00
|
|
|
|
2017-11-19 19:06:10 +01:00
|
|
|
_fallthrough_;
|
2015-01-14 02:21:51 +01:00
|
|
|
case IMAGE_SUBVOLUME:
|
2014-12-27 17:44:04 +01:00
|
|
|
new_path = file_in_same_dir(i->path, new_name);
|
|
|
|
|
break;
|
|
|
|
|
|
2017-10-04 17:36:58 +02:00
|
|
|
case IMAGE_BLOCK:
|
|
|
|
|
|
|
|
|
|
/* Refuse renaming raw block devices in /dev, the names are picked by udev after all. */
|
|
|
|
|
if (path_startswith(i->path, "/dev"))
|
|
|
|
|
return -EROFS;
|
|
|
|
|
|
|
|
|
|
new_path = file_in_same_dir(i->path, new_name);
|
|
|
|
|
break;
|
|
|
|
|
|
2015-01-15 01:03:33 +01:00
|
|
|
case IMAGE_RAW: {
|
2014-12-27 17:44:04 +01:00
|
|
|
const char *fn;
|
|
|
|
|
|
2015-02-03 02:05:59 +01:00
|
|
|
fn = strjoina(new_name, ".raw");
|
2014-12-27 17:44:04 +01:00
|
|
|
new_path = file_in_same_dir(i->path, fn);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
default:
|
2015-03-13 14:08:00 +01:00
|
|
|
return -EOPNOTSUPP;
|
2014-12-27 17:44:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!new_path)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
nn = strdup(new_name);
|
|
|
|
|
if (!nn)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2015-03-10 18:15:52 +01:00
|
|
|
r = rename_noreplace(AT_FDCWD, i->path, AT_FDCWD, new_path);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2014-12-27 17:44:04 +01:00
|
|
|
|
2015-01-14 02:21:51 +01:00
|
|
|
/* Restore the immutable bit, if it was set before */
|
|
|
|
|
if (file_attr & FS_IMMUTABLE_FL)
|
2018-06-25 20:04:07 +02:00
|
|
|
(void) chattr_path(new_path, FS_IMMUTABLE_FL, FS_IMMUTABLE_FL, NULL);
|
2015-01-14 02:21:51 +01:00
|
|
|
|
2017-11-24 11:33:41 +01:00
|
|
|
free_and_replace(i->path, new_path);
|
|
|
|
|
free_and_replace(i->name, nn);
|
2014-12-27 17:44:04 +01:00
|
|
|
|
2015-09-09 18:51:23 +02:00
|
|
|
STRV_FOREACH(j, settings) {
|
2016-12-21 12:24:11 +01:00
|
|
|
r = rename_auxiliary_file(*j, new_name, ".nspawn");
|
2015-09-09 18:51:23 +02:00
|
|
|
if (r < 0 && r != -ENOENT)
|
|
|
|
|
log_debug_errno(r, "Failed to rename settings file %s, ignoring: %m", *j);
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
r = rename_auxiliary_file(roothash, new_name, ".roothash");
|
|
|
|
|
if (r < 0 && r != -ENOENT)
|
|
|
|
|
log_debug_errno(r, "Failed to rename roothash file %s, ignoring: %m", roothash);
|
|
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
static int clone_auxiliary_file(const char *path, const char *new_name, const char *suffix) {
|
2015-09-09 18:51:23 +02:00
|
|
|
_cleanup_free_ char *rs = NULL;
|
|
|
|
|
const char *fn;
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
fn = strjoina(new_name, suffix);
|
2015-09-09 18:51:23 +02:00
|
|
|
|
|
|
|
|
rs = file_in_same_dir(path, fn);
|
|
|
|
|
if (!rs)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2019-03-28 17:54:04 +01:00
|
|
|
return copy_file_atomic(path, rs, 0664, 0, 0, COPY_REFLINK);
|
2015-09-09 18:51:23 +02:00
|
|
|
}
|
|
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
int image_clone(Image *i, const char *new_name, bool read_only) {
|
tree-wide: drop redundant _cleanup_ macros (#8810)
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
2018-04-25 12:31:45 +02:00
|
|
|
_cleanup_(release_lock_file) LockFile name_lock = LOCK_FILE_INIT;
|
2015-09-09 18:51:23 +02:00
|
|
|
_cleanup_strv_free_ char **settings = NULL;
|
2016-12-21 12:24:11 +01:00
|
|
|
_cleanup_free_ char *roothash = NULL;
|
2014-12-27 17:44:04 +01:00
|
|
|
const char *new_path;
|
2015-09-09 18:51:23 +02:00
|
|
|
char **j;
|
2014-12-27 17:44:04 +01:00
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(i);
|
|
|
|
|
|
|
|
|
|
if (!image_name_is_valid(new_name))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2015-09-09 18:51:23 +02:00
|
|
|
settings = image_settings_path(i);
|
|
|
|
|
if (!settings)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
roothash = image_roothash_path(i);
|
|
|
|
|
if (!roothash)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2015-01-14 23:09:02 +01:00
|
|
|
/* Make sure nobody takes the new name, between the time we
|
|
|
|
|
* checked it is currently unused in all search paths, and the
|
2016-05-04 11:26:17 +02:00
|
|
|
* time we take possession of it */
|
2015-01-14 23:09:02 +01:00
|
|
|
r = image_name_lock(new_name, LOCK_EX|LOCK_NB, &name_lock);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2018-04-05 15:39:43 +02:00
|
|
|
r = image_find(IMAGE_MACHINE, new_name, NULL);
|
2018-04-06 18:53:57 +02:00
|
|
|
if (r >= 0)
|
2014-12-27 17:44:04 +01:00
|
|
|
return -EEXIST;
|
2018-04-06 18:53:57 +02:00
|
|
|
if (r != -ENOENT)
|
|
|
|
|
return r;
|
2014-12-27 17:44:04 +01:00
|
|
|
|
|
|
|
|
switch (i->type) {
|
|
|
|
|
|
|
|
|
|
case IMAGE_SUBVOLUME:
|
|
|
|
|
case IMAGE_DIRECTORY:
|
2016-04-29 20:06:20 +02:00
|
|
|
/* If we can we'll always try to create a new btrfs subvolume here, even if the source is a plain
|
2017-02-24 18:14:02 +01:00
|
|
|
* directory. */
|
2016-04-29 20:06:20 +02:00
|
|
|
|
2015-02-03 02:05:59 +01:00
|
|
|
new_path = strjoina("/var/lib/machines/", new_name);
|
2014-12-27 17:44:04 +01:00
|
|
|
|
2016-11-21 20:02:43 +01:00
|
|
|
r = btrfs_subvol_snapshot(i->path, new_path,
|
|
|
|
|
(read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) |
|
|
|
|
|
BTRFS_SNAPSHOT_FALLBACK_COPY |
|
|
|
|
|
BTRFS_SNAPSHOT_FALLBACK_DIRECTORY |
|
|
|
|
|
BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE |
|
|
|
|
|
BTRFS_SNAPSHOT_RECURSIVE |
|
|
|
|
|
BTRFS_SNAPSHOT_QUOTA);
|
|
|
|
|
if (r >= 0)
|
2016-04-29 20:06:20 +02:00
|
|
|
/* Enable "subtree" quotas for the copy, if we didn't copy any quota from the source. */
|
2016-04-29 19:26:54 +02:00
|
|
|
(void) btrfs_subvol_auto_qgroup(new_path, 0, true);
|
2015-10-21 19:38:21 +02:00
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
break;
|
|
|
|
|
|
2015-01-15 01:03:33 +01:00
|
|
|
case IMAGE_RAW:
|
2015-02-03 02:05:59 +01:00
|
|
|
new_path = strjoina("/var/lib/machines/", new_name, ".raw");
|
2014-12-27 17:44:04 +01:00
|
|
|
|
2019-03-28 17:54:04 +01:00
|
|
|
r = copy_file_atomic(i->path, new_path, read_only ? 0444 : 0644, FS_NOCOW_FL, FS_NOCOW_FL, COPY_REFLINK|COPY_CRTIME);
|
2014-12-27 17:44:04 +01:00
|
|
|
break;
|
|
|
|
|
|
2017-10-04 17:36:58 +02:00
|
|
|
case IMAGE_BLOCK:
|
2014-12-27 17:44:04 +01:00
|
|
|
default:
|
2015-03-13 14:08:00 +01:00
|
|
|
return -EOPNOTSUPP;
|
2014-12-27 17:44:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2015-09-09 18:51:23 +02:00
|
|
|
STRV_FOREACH(j, settings) {
|
2016-12-21 12:24:11 +01:00
|
|
|
r = clone_auxiliary_file(*j, new_name, ".nspawn");
|
2015-09-09 18:51:23 +02:00
|
|
|
if (r < 0 && r != -ENOENT)
|
|
|
|
|
log_debug_errno(r, "Failed to clone settings %s, ignoring: %m", *j);
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-21 12:24:11 +01:00
|
|
|
r = clone_auxiliary_file(roothash, new_name, ".roothash");
|
|
|
|
|
if (r < 0 && r != -ENOENT)
|
|
|
|
|
log_debug_errno(r, "Failed to clone root hash file %s, ignoring: %m", roothash);
|
|
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int image_read_only(Image *i, bool b) {
|
tree-wide: drop redundant _cleanup_ macros (#8810)
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
2018-04-25 12:31:45 +02:00
|
|
|
_cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
|
2014-12-27 17:44:04 +01:00
|
|
|
int r;
|
2017-11-14 23:25:13 +01:00
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
assert(i);
|
|
|
|
|
|
2016-04-11 17:24:08 +02:00
|
|
|
if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
|
2014-12-27 17:44:04 +01:00
|
|
|
return -EROFS;
|
|
|
|
|
|
2015-01-14 23:09:02 +01:00
|
|
|
/* Make sure we don't interfere with a running nspawn */
|
|
|
|
|
r = image_path_lock(i->path, LOCK_EX|LOCK_NB, &global_lock, &local_lock);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
switch (i->type) {
|
|
|
|
|
|
|
|
|
|
case IMAGE_SUBVOLUME:
|
2015-10-21 19:38:21 +02:00
|
|
|
|
|
|
|
|
/* Note that we set the flag only on the top-level
|
|
|
|
|
* subvolume of the image. */
|
|
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
r = btrfs_subvol_set_read_only(i->path, b);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2015-01-14 02:21:51 +01:00
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case IMAGE_DIRECTORY:
|
|
|
|
|
/* For simple directory trees we cannot use the access
|
|
|
|
|
mode of the top-level directory, since it has an
|
|
|
|
|
effect on the container itself. However, we can
|
|
|
|
|
use the "immutable" flag, to at least make the
|
|
|
|
|
top-level directory read-only. It's not as good as
|
|
|
|
|
a read-only subvolume, but at least something, and
|
2017-02-24 18:14:02 +01:00
|
|
|
we can read the value back. */
|
2015-01-14 02:21:51 +01:00
|
|
|
|
2018-06-25 20:04:07 +02:00
|
|
|
r = chattr_path(i->path, b ? FS_IMMUTABLE_FL : 0, FS_IMMUTABLE_FL, NULL);
|
2015-01-14 02:21:51 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
break;
|
|
|
|
|
|
2015-01-15 01:03:33 +01:00
|
|
|
case IMAGE_RAW: {
|
2014-12-27 17:44:04 +01:00
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
|
|
if (stat(i->path, &st) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
if (chmod(i->path, (st.st_mode & 0444) | (b ? 0000 : 0200)) < 0)
|
|
|
|
|
return -errno;
|
2015-01-08 19:15:49 +01:00
|
|
|
|
|
|
|
|
/* If the images is now read-only, it's a good time to
|
|
|
|
|
* defrag it, given that no write patterns will
|
|
|
|
|
* fragment it again. */
|
|
|
|
|
if (b)
|
|
|
|
|
(void) btrfs_defrag(i->path);
|
2014-12-27 17:44:04 +01:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-04 17:36:58 +02:00
|
|
|
case IMAGE_BLOCK: {
|
|
|
|
|
_cleanup_close_ int fd = -1;
|
|
|
|
|
struct stat st;
|
|
|
|
|
int state = b;
|
|
|
|
|
|
|
|
|
|
fd = open(i->path, O_CLOEXEC|O_RDONLY|O_NONBLOCK|O_NOCTTY);
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
if (fstat(fd, &st) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
if (!S_ISBLK(st.st_mode))
|
|
|
|
|
return -ENOTTY;
|
|
|
|
|
|
|
|
|
|
if (ioctl(fd, BLKROSET, &state) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-27 17:44:04 +01:00
|
|
|
default:
|
2015-03-13 14:08:00 +01:00
|
|
|
return -EOPNOTSUPP;
|
2014-12-27 17:44:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
2014-12-27 02:35:47 +01:00
|
|
|
}
|
|
|
|
|
|
2015-01-14 23:09:02 +01:00
|
|
|
int image_path_lock(const char *path, int operation, LockFile *global, LockFile *local) {
|
|
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
|
LockFile t = LOCK_FILE_INIT;
|
|
|
|
|
struct stat st;
|
2019-07-25 12:58:01 +02:00
|
|
|
bool exclusive;
|
2015-01-14 23:09:02 +01:00
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(path);
|
|
|
|
|
assert(global);
|
|
|
|
|
assert(local);
|
|
|
|
|
|
2019-07-25 12:58:01 +02:00
|
|
|
/* Locks an image path. This actually creates two locks: one "local" one, next to the image path
|
|
|
|
|
* itself, which might be shared via NFS. And another "global" one, in /run, that uses the
|
|
|
|
|
* device/inode number. This has the benefit that we can even lock a tree that is a mount point,
|
|
|
|
|
* correctly. */
|
2015-01-14 23:09:02 +01:00
|
|
|
|
|
|
|
|
if (!path_is_absolute(path))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2019-07-25 12:58:01 +02:00
|
|
|
switch (operation & (LOCK_SH|LOCK_EX)) {
|
|
|
|
|
case LOCK_SH:
|
|
|
|
|
exclusive = false;
|
|
|
|
|
break;
|
|
|
|
|
case LOCK_EX:
|
|
|
|
|
exclusive = true;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-18 23:34:39 +01:00
|
|
|
if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
|
|
|
|
|
*local = *global = (LockFile) LOCK_FILE_INIT;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-25 12:58:01 +02:00
|
|
|
/* Prohibit taking exclusive locks on the host image. We can't allow this, since we ourselves are
|
|
|
|
|
* running off it after all, and we don't want any images to manipulate the host image. We make an
|
|
|
|
|
* exception for shared locks however: we allow those (and make them NOPs since there's no point in
|
|
|
|
|
* taking them if there can't be exclusive locks). Strictly speaking these are questionable as well,
|
|
|
|
|
* since it means changes made to the host might propagate to the container as they happen (and a
|
|
|
|
|
* shared lock kinda suggests that no changes happen at all while it is in place), but it's too
|
|
|
|
|
* useful not to allow read-only containers off the host root, hence let's support this, and trust
|
|
|
|
|
* the user to do the right thing with this. */
|
|
|
|
|
if (path_equal(path, "/")) {
|
|
|
|
|
if (exclusive)
|
|
|
|
|
return -EBUSY;
|
|
|
|
|
|
|
|
|
|
*local = *global = (LockFile) LOCK_FILE_INIT;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-11-18 23:34:39 +01:00
|
|
|
|
2015-01-14 23:09:02 +01:00
|
|
|
if (stat(path, &st) >= 0) {
|
2017-10-04 17:36:58 +02:00
|
|
|
if (S_ISBLK(st.st_mode))
|
|
|
|
|
r = asprintf(&p, "/run/systemd/nspawn/locks/block-%u:%u", major(st.st_rdev), minor(st.st_rdev));
|
|
|
|
|
else if (S_ISDIR(st.st_mode) || S_ISREG(st.st_mode))
|
|
|
|
|
r = asprintf(&p, "/run/systemd/nspawn/locks/inode-%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino);
|
|
|
|
|
else
|
|
|
|
|
return -ENOTTY;
|
|
|
|
|
|
|
|
|
|
if (r < 0)
|
2015-01-14 23:09:02 +01:00
|
|
|
return -ENOMEM;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-25 12:58:01 +02:00
|
|
|
/* For block devices we don't need the "local" lock, as the major/minor lock above should be
|
|
|
|
|
* sufficient, since block devices are host local anyway. */
|
|
|
|
|
if (!path_startswith(path, "/dev/")) {
|
2017-10-04 17:36:58 +02:00
|
|
|
r = make_lock_file_for(path, operation, &t);
|
2018-03-28 12:57:21 +02:00
|
|
|
if (r < 0) {
|
2019-07-25 12:58:01 +02:00
|
|
|
if (!exclusive && r == -EROFS)
|
2018-03-28 17:07:42 +02:00
|
|
|
log_debug_errno(r, "Failed to create shared lock for '%s', ignoring: %m", path);
|
2018-03-28 12:57:21 +02:00
|
|
|
else
|
|
|
|
|
return r;
|
|
|
|
|
}
|
2017-10-04 17:36:58 +02:00
|
|
|
}
|
2015-01-14 23:09:02 +01:00
|
|
|
|
|
|
|
|
if (p) {
|
2019-03-27 11:33:50 +01:00
|
|
|
(void) mkdir_p("/run/systemd/nspawn/locks", 0700);
|
2015-01-14 23:09:02 +01:00
|
|
|
|
|
|
|
|
r = make_lock_file(p, operation, global);
|
|
|
|
|
if (r < 0) {
|
|
|
|
|
release_lock_file(&t);
|
|
|
|
|
return r;
|
|
|
|
|
}
|
2016-11-18 23:31:01 +01:00
|
|
|
} else
|
|
|
|
|
*global = (LockFile) LOCK_FILE_INIT;
|
2015-01-14 23:09:02 +01:00
|
|
|
|
|
|
|
|
*local = t;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-10 15:55:58 +01:00
|
|
|
int image_set_limit(Image *i, uint64_t referenced_max) {
|
2015-02-24 23:50:37 +01:00
|
|
|
assert(i);
|
|
|
|
|
|
2016-04-11 17:24:08 +02:00
|
|
|
if (IMAGE_IS_VENDOR(i) || IMAGE_IS_HOST(i))
|
2015-02-24 23:50:37 +01:00
|
|
|
return -EROFS;
|
|
|
|
|
|
|
|
|
|
if (i->type != IMAGE_SUBVOLUME)
|
2015-03-13 14:08:00 +01:00
|
|
|
return -EOPNOTSUPP;
|
2015-02-24 23:50:37 +01:00
|
|
|
|
2015-10-21 19:38:21 +02:00
|
|
|
/* We set the quota both for the subvolume as well as for the
|
|
|
|
|
* subtree. The latter is mostly for historical reasons, since
|
|
|
|
|
* we didn't use to have a concept of subtree quota, and hence
|
|
|
|
|
* only modified the subvolume quota. */
|
|
|
|
|
|
|
|
|
|
(void) btrfs_qgroup_set_limit(i->path, 0, referenced_max);
|
|
|
|
|
(void) btrfs_subvol_auto_qgroup(i->path, 0, true);
|
|
|
|
|
return btrfs_subvol_set_subtree_quota_limit(i->path, 0, referenced_max);
|
2015-02-24 23:50:37 +01:00
|
|
|
}
|
|
|
|
|
|
2017-11-14 23:25:13 +01:00
|
|
|
int image_read_metadata(Image *i) {
|
tree-wide: drop redundant _cleanup_ macros (#8810)
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
2018-04-25 12:31:45 +02:00
|
|
|
_cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT;
|
2017-11-14 23:25:13 +01:00
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(i);
|
|
|
|
|
|
|
|
|
|
r = image_path_lock(i->path, LOCK_SH|LOCK_NB, &global_lock, &local_lock);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
switch (i->type) {
|
|
|
|
|
|
|
|
|
|
case IMAGE_SUBVOLUME:
|
|
|
|
|
case IMAGE_DIRECTORY: {
|
|
|
|
|
_cleanup_strv_free_ char **machine_info = NULL, **os_release = NULL;
|
|
|
|
|
sd_id128_t machine_id = SD_ID128_NULL;
|
|
|
|
|
_cleanup_free_ char *hostname = NULL;
|
|
|
|
|
_cleanup_free_ char *path = NULL;
|
|
|
|
|
|
2019-10-24 10:33:20 +02:00
|
|
|
r = chase_symlinks("/etc/hostname", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
|
2017-11-14 23:25:13 +01:00
|
|
|
if (r < 0 && r != -ENOENT)
|
|
|
|
|
log_debug_errno(r, "Failed to chase /etc/hostname in image %s: %m", i->name);
|
|
|
|
|
else if (r >= 0) {
|
|
|
|
|
r = read_etc_hostname(path, &hostname);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
log_debug_errno(errno, "Failed to read /etc/hostname of image %s: %m", i->name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
path = mfree(path);
|
|
|
|
|
|
2019-10-24 10:33:20 +02:00
|
|
|
r = chase_symlinks("/etc/machine-id", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
|
2017-11-14 23:25:13 +01:00
|
|
|
if (r < 0 && r != -ENOENT)
|
|
|
|
|
log_debug_errno(r, "Failed to chase /etc/machine-id in image %s: %m", i->name);
|
|
|
|
|
else if (r >= 0) {
|
|
|
|
|
_cleanup_close_ int fd = -1;
|
|
|
|
|
|
|
|
|
|
fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
log_debug_errno(errno, "Failed to open %s: %m", path);
|
|
|
|
|
else {
|
|
|
|
|
r = id128_read_fd(fd, ID128_PLAIN, &machine_id);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
log_debug_errno(r, "Image %s contains invalid machine ID.", i->name);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
path = mfree(path);
|
|
|
|
|
|
2019-10-24 10:33:20 +02:00
|
|
|
r = chase_symlinks("/etc/machine-info", i->path, CHASE_PREFIX_ROOT|CHASE_TRAIL_SLASH, &path, NULL);
|
2017-11-14 23:25:13 +01:00
|
|
|
if (r < 0 && r != -ENOENT)
|
|
|
|
|
log_debug_errno(r, "Failed to chase /etc/machine-info in image %s: %m", i->name);
|
|
|
|
|
else if (r >= 0) {
|
2018-11-12 14:04:47 +01:00
|
|
|
r = load_env_file_pairs(NULL, path, &machine_info);
|
2017-11-14 23:25:13 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
log_debug_errno(r, "Failed to parse machine-info data of %s: %m", i->name);
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-26 16:32:40 +02:00
|
|
|
r = load_os_release_pairs(i->path, &os_release);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
log_debug_errno(r, "Failed to read os-release in image, ignoring: %m");
|
2017-11-14 23:25:13 +01:00
|
|
|
|
|
|
|
|
free_and_replace(i->hostname, hostname);
|
|
|
|
|
i->machine_id = machine_id;
|
|
|
|
|
strv_free_and_replace(i->machine_info, machine_info);
|
|
|
|
|
strv_free_and_replace(i->os_release, os_release);
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case IMAGE_RAW:
|
|
|
|
|
case IMAGE_BLOCK: {
|
|
|
|
|
_cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
|
|
|
|
|
_cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
|
|
|
|
|
|
2018-12-23 19:23:58 +01:00
|
|
|
r = loop_device_make_by_path(i->path, O_RDONLY, LO_FLAGS_PARTSCAN, &d);
|
2017-11-14 23:25:13 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
dissect: introduce new recognizable partition types for /var and /var/tmp
This has been requested many times before. Let's add it finally.
GPT auto-discovery for /var is a bit more complex than for other
partition types: the other partitions can to some degree be shared
between multiple OS installations on the same disk (think: swap, /home,
/srv). However, /var is inherently something bound to an installation,
i.e. specific to its identity, or actually *is* its identity, and hence
something that cannot be shared.
To deal with this this new code is particularly careful when it comes to
/var: it will not mount things blindly, but insist that the UUID of the
partition matches a hashed version of the machine-id of the
installation, so that each installation has a very specific /var
associated with it, and would never use any other. (We actually use
HMAC-SHA256 on the GPT partition type for /var, keyed by the machine-id,
since machine-id is something we want to keep somewhat private).
Setting the right UUID for installations takes extra care. To make
things a bit simpler to set up, we avoid this safety check for nspawn
and RootImage= in unit files, under the assumption that such container
and service images unlikely will have multiple installations on them.
The check is hence only required when booting full machines, i.e. in
in systemd-gpt-auto-generator.
To help with putting together images for full machines, PR #14368
introduces a repartition tool that can automatically fill in correctly
calculated UUIDs on first boot if images have the var partition UUID
initialized to all zeroes. With that in place systems can be put
together in a way that on first boot the machine ID is determined and
the partition table automatically adjusted to have the /var partition
with the right UUID.
2019-12-18 12:22:40 +01:00
|
|
|
r = dissect_image(d->fd, NULL, 0, DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_RELAX_VAR_CHECK, &m);
|
2017-11-14 23:25:13 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
r = dissected_image_acquire_metadata(m);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
free_and_replace(i->hostname, m->hostname);
|
|
|
|
|
i->machine_id = m->machine_id;
|
|
|
|
|
strv_free_and_replace(i->machine_info, m->machine_info);
|
|
|
|
|
strv_free_and_replace(i->os_release, m->os_release);
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
i->metadata_valid = true;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-14 23:09:02 +01:00
|
|
|
int image_name_lock(const char *name, int operation, LockFile *ret) {
|
|
|
|
|
assert(name);
|
|
|
|
|
assert(ret);
|
|
|
|
|
|
|
|
|
|
/* Locks an image name, regardless of the precise path used. */
|
|
|
|
|
|
|
|
|
|
if (!image_name_is_valid(name))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2016-11-18 23:34:39 +01:00
|
|
|
if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) {
|
|
|
|
|
*ret = (LockFile) LOCK_FILE_INIT;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-14 23:09:02 +01:00
|
|
|
if (streq(name, ".host"))
|
|
|
|
|
return -EBUSY;
|
|
|
|
|
|
2019-03-27 11:33:50 +01:00
|
|
|
const char *p = strjoina("/run/systemd/nspawn/locks/name-", name);
|
|
|
|
|
(void) mkdir_p("/run/systemd/nspawn/locks", 0700);
|
2015-01-14 23:09:02 +01:00
|
|
|
return make_lock_file(p, operation, ret);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool image_name_is_valid(const char *s) {
|
|
|
|
|
if (!filename_is_valid(s))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
if (string_has_cc(s, NULL))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
if (!utf8_is_valid(s))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
/* Temporary files for atomically creating new files */
|
|
|
|
|
if (startswith(s, ".#"))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-17 11:08:54 +02:00
|
|
|
bool image_in_search_path(ImageClass class, const char *image) {
|
|
|
|
|
const char *path;
|
|
|
|
|
|
|
|
|
|
assert(image);
|
|
|
|
|
|
|
|
|
|
NULSTR_FOREACH(path, image_search_path[class]) {
|
|
|
|
|
const char *p;
|
|
|
|
|
size_t k;
|
|
|
|
|
|
|
|
|
|
p = path_startswith(image, path);
|
|
|
|
|
if (!p)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* Make sure there's a filename following */
|
|
|
|
|
k = strcspn(p, "/");
|
|
|
|
|
if (k == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
p += k;
|
|
|
|
|
|
|
|
|
|
/* Accept trailing slashes */
|
|
|
|
|
if (p[strspn(p, "/")] == 0)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-19 18:42:50 +01:00
|
|
|
static const char* const image_type_table[_IMAGE_TYPE_MAX] = {
|
|
|
|
|
[IMAGE_DIRECTORY] = "directory",
|
|
|
|
|
[IMAGE_SUBVOLUME] = "subvolume",
|
2015-01-15 01:03:33 +01:00
|
|
|
[IMAGE_RAW] = "raw",
|
2017-10-04 17:36:58 +02:00
|
|
|
[IMAGE_BLOCK] = "block",
|
2014-12-19 18:42:50 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
DEFINE_STRING_TABLE_LOOKUP(image_type, ImageType);
|