dissect: optionally, validate that the image we dissect is a valid OS image
We already do this kind of validation in nspawn when we operate on a plain directory, let's also do this on raw images under the same condition: that we are about too boot the image. Also, do this when we are about to read OS metadata from it.
This commit is contained in:
parent
4960ce43ff
commit
03bcb6d408
|
@ -2883,7 +2883,9 @@ static int outer_child(
|
|||
* makes sure ESP partitions and userns are compatible. */
|
||||
|
||||
r = dissected_image_mount(dissected_image, directory, arg_uid_shift,
|
||||
DISSECT_IMAGE_MOUNT_ROOT_ONLY|DISSECT_IMAGE_DISCARD_ON_LOOP|(arg_read_only ? DISSECT_IMAGE_READ_ONLY : 0));
|
||||
DISSECT_IMAGE_MOUNT_ROOT_ONLY|DISSECT_IMAGE_DISCARD_ON_LOOP|
|
||||
(arg_read_only ? DISSECT_IMAGE_READ_ONLY : 0)|
|
||||
(arg_start_mode == START_BOOT ? DISSECT_IMAGE_VALIDATE_OS : 0));
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
|
|
@ -779,6 +779,14 @@ int dissected_image_mount(DissectedImage *m, const char *where, uid_t uid_shift,
|
|||
r = mount_partition(m->partitions + PARTITION_ROOT, where, NULL, uid_shift, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (flags & DISSECT_IMAGE_VALIDATE_OS) {
|
||||
r = path_is_os_tree(where);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return -EMEDIUMTYPE;
|
||||
}
|
||||
}
|
||||
|
||||
if ((flags & DISSECT_IMAGE_MOUNT_ROOT_ONLY))
|
||||
|
@ -1278,7 +1286,7 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
|
|||
if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
|
||||
_exit(EXIT_FAILURE);
|
||||
|
||||
r = dissected_image_mount(m, t, UID_INVALID, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_MOUNT_ROOT_ONLY);
|
||||
r = dissected_image_mount(m, t, UID_INVALID, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_MOUNT_ROOT_ONLY|DISSECT_IMAGE_VALIDATE_OS);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to mount dissected image: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
|
|
|
@ -62,6 +62,7 @@ typedef enum DissectImageFlags {
|
|||
DISSECT_IMAGE_REQUIRE_ROOT = 1 << 5, /* Don't accept disks without root partition */
|
||||
DISSECT_IMAGE_MOUNT_ROOT_ONLY = 1 << 6, /* Mount only the root partition */
|
||||
DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY = 1 << 7, /* Mount only non-root partitions */
|
||||
DISSECT_IMAGE_VALIDATE_OS = 1 << 8, /* Refuse mounting images that aren't identifyable as OS images */
|
||||
} DissectImageFlags;
|
||||
|
||||
struct DissectedImage {
|
||||
|
|
Loading…
Reference in New Issue