From 5e5e11b8744fbe9dcd87a2d165f342dc9bcd4008 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 17 Aug 2020 18:19:30 +0200 Subject: [PATCH 1/5] homed: downgrade quota message in containers quota syscalls and operations are typically prohibited in containers. Let's not make noise about that, needlessly. --- src/home/homed-manager.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c index 7d951bee3b..54761175c3 100644 --- a/src/home/homed-manager.c +++ b/src/home/homed-manager.c @@ -512,6 +512,8 @@ static int search_quota(uid_t uid, const char *exclude_quota_path) { if (r < 0) { if (ERRNO_IS_NOT_SUPPORTED(r)) log_debug_errno(r, "No UID quota support on %s, ignoring.", where); + else if (ERRNO_IS_PRIVILEGE(r)) + log_debug_errno(r, "UID quota support for %s prohibited, ignoring.", where); else log_warning_errno(r, "Failed to query quota on %s, ignoring: %m", where); From a2a8a509cd56955c0ce42ba0650d163e0d3eeb82 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 17 Aug 2020 19:54:38 +0200 Subject: [PATCH 2/5] homework: sync everything to disk before we rename LUKS loopback file into place This how this works on Linux: when atomically creating a file we need to fully populate it under a temporary name and then when we are fully done, sync it and the directory it is contained in, before renaming it to the final name. --- src/home/homework-luks.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index 1eb08e1423..7ce59c8bf3 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -2174,8 +2174,22 @@ int home_create_luks( goto fail; } + /* Sync everything to disk before we move things into place under the final name. */ + if (fsync(image_fd) < 0) { + r = log_error_errno(r, "Failed to synchronize image to disk: %m"); + goto fail; + } + if (disk_uuid_path) (void) ioctl(image_fd, BLKRRPART, 0); + else { + /* If we operate on a file, sync the contaning directory too. */ + r = fsync_directory_of_file(image_fd); + if (r < 0) { + log_error_errno(r, "Failed to synchronize directory of image file to disk: %m"); + goto fail; + } + } /* Let's close the image fd now. If we are operating on a real block device this will release the BSD * lock that ensures udev doesn't interfere with what we are doing */ From 6d7b47eb3eb71b37c768e588173f2c8169e953e7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 17 Aug 2020 20:20:47 +0200 Subject: [PATCH 3/5] homework: correct error passed into log message --- src/home/homework-luks.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index 7ce59c8bf3..fea00091f6 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -1110,7 +1110,9 @@ int home_prepare_luks( if (fstat(fd, &st) < 0) return log_error_errno(errno, "Failed to fstat() image file: %m"); if (!S_ISREG(st.st_mode) && !S_ISBLK(st.st_mode)) - return log_error_errno(errno, "Image file %s is not a regular file or block device: %m", ip); + return log_error_errno( + S_ISDIR(st.st_mode) ? SYNTHETIC_ERRNO(EISDIR) : SYNTHETIC_ERRNO(EBADFD), + "Image file %s is not a regular file or block device: %m", ip); r = luks_validate(fd, user_record_user_name_and_realm(h), h->partition_uuid, &found_partition_uuid, &offset, &size); if (r < 0) From df14bda2b5de8ea022a915774c5a4e4660e421b6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 17 Aug 2020 22:09:04 +0200 Subject: [PATCH 4/5] homework: explicitly close cryptsetup context, to not keep loopback device busy The cryptsetup context pins the loop device even after deactivation. Let's explicitly release the context to make sure the subsequent loopback device detaching works cleanly. --- src/home/homework-luks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index fea00091f6..d97fcbe07a 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -2166,6 +2166,9 @@ int home_create_luks( goto fail; } + crypt_free(cd); + cd = NULL; + dm_activated = false; loop = loop_device_unref(loop); From 64dc138d1ebbe11eda7872522263a35237916183 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 17 Aug 2020 22:07:55 +0200 Subject: [PATCH 5/5] homework: downgrade chattr failure log message NOCOW is a btrfs-only thing hence don't log louder than necessary if we don't have it. --- src/home/homework-luks.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index d97fcbe07a..1fcf17806e 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -2017,7 +2017,8 @@ int home_create_luks( r = chattr_fd(image_fd, FS_NOCOW_FL, FS_NOCOW_FL, NULL); if (r < 0) - log_warning_errno(r, "Failed to set file attributes on %s, ignoring: %m", temporary_image_path); + log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r, + "Failed to set file attributes on %s, ignoring: %m", temporary_image_path); r = home_truncate(h, image_fd, temporary_image_path, host_size); if (r < 0)