dissect: optionally, validate that the image we dissect is a valid OS image

We already do this kind of validation in nspawn when we operate on a plain directory, let's also do this on raw images under the same condition: that we are about too boot the image. Also, do this when we are about to read OS metadata from it.
2018-03-23 20:39:32 +01:00 · 2018-03-23 20:39:32 +01:00 · 03bcb6d408
parent 4960ce43ff
commit 03bcb6d408
3 changed files with 13 additions and 2 deletions
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@ -2883,7 +2883,9 @@ static int outer_child(
                 * makes sure ESP partitions and userns are compatible. */

                r = dissected_image_mount(dissected_image, directory, arg_uid_shift,
-                                          DISSECT_IMAGE_MOUNT_ROOT_ONLY|DISSECT_IMAGE_DISCARD_ON_LOOP|(arg_read_only ? DISSECT_IMAGE_READ_ONLY : 0));
+                                          DISSECT_IMAGE_MOUNT_ROOT_ONLY|DISSECT_IMAGE_DISCARD_ON_LOOP|
+                                          (arg_read_only ? DISSECT_IMAGE_READ_ONLY : 0)|
+                                          (arg_start_mode == START_BOOT ? DISSECT_IMAGE_VALIDATE_OS : 0));
                if (r < 0)
                        return r;
        }
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@ -779,6 +779,14 @@ int dissected_image_mount(DissectedImage *m, const char *where, uid_t uid_shift,
                r = mount_partition(m->partitions + PARTITION_ROOT, where, NULL, uid_shift, flags);
                if (r < 0)
                        return r;
+
+                if (flags & DISSECT_IMAGE_VALIDATE_OS) {
+                        r = path_is_os_tree(where);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                return -EMEDIUMTYPE;
+                }
        }

        if ((flags & DISSECT_IMAGE_MOUNT_ROOT_ONLY))
@ -1278,7 +1286,7 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
                if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
                        _exit(EXIT_FAILURE);

-                r = dissected_image_mount(m, t, UID_INVALID, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_MOUNT_ROOT_ONLY);
+                r = dissected_image_mount(m, t, UID_INVALID, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_MOUNT_ROOT_ONLY|DISSECT_IMAGE_VALIDATE_OS);
                if (r < 0) {
                        log_debug_errno(r, "Failed to mount dissected image: %m");
                        _exit(EXIT_FAILURE);
--- a/src/shared/dissect-image.h
+++ b/src/shared/dissect-image.h
@ -62,6 +62,7 @@ typedef enum DissectImageFlags {
        DISSECT_IMAGE_REQUIRE_ROOT        = 1 << 5,  /* Don't accept disks without root partition */
        DISSECT_IMAGE_MOUNT_ROOT_ONLY     = 1 << 6,  /* Mount only the root partition */
        DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY = 1 << 7,  /* Mount only non-root partitions */
+        DISSECT_IMAGE_VALIDATE_OS         = 1 << 8,  /* Refuse mounting images that aren't identifyable as OS images */
 } DissectImageFlags;

 struct DissectedImage {