bootspec: also optoinally validate XBOOTLDR partition with udev insteado of blkid
This commit is contained in:
Lennart Poettering
parent
18ae9ef1a5
commit
85d021023f
|
|
@ -898,6 +898,66 @@ static int verify_xbootldr_blkid(
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int verify_xbootldr_udev(
|
||||
dev_t devid,
|
||||
bool searching,
|
||||
sd_id128_t *ret_uuid) {
|
||||
|
||||
_cleanup_(sd_device_unrefp) sd_device *d = NULL;
|
||||
_cleanup_free_ char *node = NULL;
|
||||
sd_id128_t uuid = SD_ID128_NULL;
|
||||
const char *v;
|
||||
int r;
|
||||
|
||||
r = device_path_make_major_minor(S_IFBLK, devid, &node);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to format major/minor device path: %m");
|
||||
|
||||
r = sd_device_new_from_devnum(&d, 'b', devid);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to get device from device number: %m");
|
||||
|
||||
r = sd_device_get_property_value(d, "ID_PART_ENTRY_SCHEME", &v);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to get device property: %m");
|
||||
|
||||
if (streq(v, "gpt")) {
|
||||
|
||||
r = sd_device_get_property_value(d, "ID_PART_ENTRY_TYPE", &v);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to get device property: %m");
|
||||
if (!streq(v, "bc13c2ff-59e6-4262-a352-b275fd6f7172"))
|
||||
return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
|
||||
searching ? SYNTHETIC_ERRNO(EADDRNOTAVAIL) : SYNTHETIC_ERRNO(ENODEV),
|
||||
"File system \"%s\" has wrong type for extended boot loader partition.", node);
|
||||
|
||||
r = sd_device_get_property_value(d, "ID_PART_ENTRY_UUID", &v);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to get device property: %m");
|
||||
r = sd_id128_from_string(v, &uuid);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Partition \"%s\" has invalid UUID \"%s\".", node, v);
|
||||
|
||||
} else if (streq(v, "dos")) {
|
||||
|
||||
r = sd_device_get_property_value(d, "ID_PART_ENTRY_TYPE", &v);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to get device property: %m");
|
||||
if (!streq(v, "0xea"))
|
||||
return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
|
||||
searching ? SYNTHETIC_ERRNO(EADDRNOTAVAIL) : SYNTHETIC_ERRNO(ENODEV),
|
||||
"File system \"%s\" has wrong type for extended boot loader partition.", node);
|
||||
} else
|
||||
return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
|
||||
searching ? SYNTHETIC_ERRNO(EADDRNOTAVAIL) : SYNTHETIC_ERRNO(ENODEV),
|
||||
"File system \"%s\" is not on a GPT or DOS partition table.", node);
|
||||
|
||||
if (ret_uuid)
|
||||
*ret_uuid = uuid;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int verify_xbootldr(
|
||||
const char *p,
|
||||
bool searching,
|
||||
|
|
@ -934,13 +994,13 @@ static int verify_xbootldr(
|
|||
SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV),
|
||||
"Directory \"%s\" is not the root of the XBOOTLDR file system.", p);
|
||||
|
||||
/* In a container we don't have access to block devices, skip this part of the verification, we trust
|
||||
* the container manager set everything up correctly on its own. Also skip the following verification
|
||||
* for non-root user. */
|
||||
if (detect_container() > 0 || unprivileged_mode || relax_checks)
|
||||
if (detect_container() > 0 || relax_checks)
|
||||
goto finish;
|
||||
|
||||
return verify_xbootldr_blkid(st.st_dev, searching, ret_uuid);
|
||||
if (unprivileged_mode)
|
||||
return verify_xbootldr_udev(st.st_dev, searching, ret_uuid);
|
||||
else
|
||||
return verify_xbootldr_blkid(st.st_dev, searching, ret_uuid);
|
||||
|
||||
finish:
|
||||
if (ret_uuid)
|
||||
|
|
|
|||
Loading…
Reference in a new issue