diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-07-07 19:44:12 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-07 19:44:12 +0200 |
| commit | 2b0bf3ccf8e28f01585c249958a30fc025224d10 (patch) | |
| tree | 6e1f5e19f39d87af5ad7d8c308fc7f89e7a015ca | |
| parent | 9870cfdf7fc9411586c0b3cb46ed2b9845acded7 (diff) | |
| parent | 737ec51444c5e6fa94b6ef83893f5f4455f53f4a (diff) | |
| download | systemd-2b0bf3ccf8e28f01585c249958a30fc025224d10.tar.gz | |
Merge pull request #16301 from poettering/firstboot-image
Add --image= switch to firstboot, similar to --root= but with support for operating on disk image
| -rw-r--r-- | TODO | 8 | ||||
| -rw-r--r-- | man/systemd-firstboot.xml | 20 | ||||
| -rw-r--r-- | src/basic/namespace-util.c | 14 | ||||
| -rw-r--r-- | src/basic/namespace-util.h | 2 | ||||
| -rw-r--r-- | src/core/machine-id-setup.c | 8 | ||||
| -rw-r--r-- | src/firstboot/firstboot.c | 129 | ||||
| -rw-r--r-- | src/shared/mount-util.c | 5 | ||||
| -rw-r--r-- | src/shared/mount-util.h | 11 | ||||
| -rw-r--r-- | src/shared/tests.c | 6 | ||||
| -rw-r--r-- | src/test/test-udev.c | 13 |
10 files changed, 189 insertions, 27 deletions
@@ -49,6 +49,9 @@ Features: * nspawn: support time namespaces +* systemd-firstboot: make sure to always use chase_symlinks() before + reading/writing files + * add ConditionSecurity=tpm2 * Remove any support for booting without /usr pre-mounted in the initrd entirely. @@ -94,8 +97,9 @@ Features: this, it's useful to have one that can dump contents of them, too. * All tools that support --root= should also learn --image= so that they can - operate on disk images directly. Specifically: bootctl, firstboot, tmpfiles, - sysusers, systemctl, repart, journalctl, coredumpctl. + operate on disk images directly. Specifically: bootctl, tmpfiles, sysusers, + systemctl, repart, journalctl, coredumpctl. (Already done: systemd-nspawn, + systemd-firstboot) * seccomp: by default mask x32 ABI system wide on x86-64. it's on its way out diff --git a/man/systemd-firstboot.xml b/man/systemd-firstboot.xml index 81e62484fd..491ca6e9bf 100644 --- a/man/systemd-firstboot.xml +++ b/man/systemd-firstboot.xml @@ -99,6 +99,18 @@ </varlistentry> <varlistentry> + <term><option>--image=<replaceable>path</replaceable></option></term> + <listitem><para>Takes a path to a disk image file or block device node. If specified all operations + are applied to file system in the indicated disk image. This is similar to <option>--root=</option> + but operates on file systems stored in disk images or block devices. The disk image should either + contain just a file system or a set of file systems within a GPT partition table, following the + <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions + Specification</ulink>. For further information on supported disk images, see + <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s + switch of the same name.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>--locale=<replaceable>LOCALE</replaceable></option></term> <term><option>--locale-messages=<replaceable>LOCALE</replaceable></option></term> @@ -247,6 +259,14 @@ option should not be used lightly.</para></listitem> </varlistentry> + <varlistentry> + <term><option>--welcome=</option></term> + + <listitem><para>Takes a boolean argument. By default when prompting the user for configuration + options a brief welcome text is shown before the first question is asked. Pass false to this option + to turn off the welcome text.</para></listitem> + </varlistentry> + <xi:include href="standard-options.xml" xpointer="help" /> <xi:include href="standard-options.xml" xpointer="version" /> </variablelist> diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c index b0168ae227..b34c532604 100644 --- a/src/basic/namespace-util.c +++ b/src/basic/namespace-util.c @@ -2,6 +2,7 @@ #include <fcntl.h> #include <sys/ioctl.h> +#include <sys/mount.h> #include "fd-util.h" #include "missing_fs.h" @@ -169,3 +170,16 @@ int fd_is_network_ns(int fd) { return r == CLONE_NEWNET; } + +int detach_mount_namespace(void) { + + /* Detaches the mount namespace, disabling propagation from our namespace to the host */ + + if (unshare(CLONE_NEWNS) < 0) + return -errno; + + if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) + return -errno; + + return 0; +} diff --git a/src/basic/namespace-util.h b/src/basic/namespace-util.h index 8c17ce91b2..99d9b977ed 100644 --- a/src/basic/namespace-util.h +++ b/src/basic/namespace-util.h @@ -7,3 +7,5 @@ int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int * int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int root_fd); int fd_is_network_ns(int fd); + +int detach_mount_namespace(void); diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c index 284b77c1fc..f76b82a8a4 100644 --- a/src/core/machine-id-setup.c +++ b/src/core/machine-id-setup.c @@ -223,11 +223,9 @@ int machine_id_commit(const char *root) { return log_error_errno(r, "Can't fetch current mount namespace: %m"); /* Switch to a new mount namespace, isolate ourself and unmount etc_machine_id in our new namespace */ - if (unshare(CLONE_NEWNS) < 0) - return log_error_errno(errno, "Failed to enter new namespace: %m"); - - if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) - return log_error_errno(errno, "Couldn't make-rslave / mountpoint in our private namespace: %m"); + r = detach_mount_namespace(); + if (r < 0) + return log_error_errno(r, "Failed to set up new mount namespace: %m"); if (umount(etc_machine_id) < 0) return log_error_errno(errno, "Failed to unmount transient %s file in our private namespace: %m", etc_machine_id); diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index 0c3ef3e2a7..5c9ee779ca 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -2,6 +2,7 @@ #include <fcntl.h> #include <getopt.h> +#include <linux/loop.h> #include <unistd.h> #include "sd-id128.h" @@ -9,6 +10,7 @@ #include "alloc-util.h" #include "ask-password-api.h" #include "copy.h" +#include "dissect-image.h" #include "env-file.h" #include "fd-util.h" #include "fileio.h" @@ -17,9 +19,12 @@ #include "kbd-util.h" #include "libcrypt-util.h" #include "locale-util.h" +#include "loop-util.h" #include "main-func.h" #include "memory-util.h" #include "mkdir.h" +#include "mount-util.h" +#include "namespace-util.h" #include "os-util.h" #include "parse-util.h" #include "path-util.h" @@ -31,10 +36,12 @@ #include "terminal-util.h" #include "time-util.h" #include "tmpfile-util-label.h" +#include "tmpfile-util.h" #include "umask-util.h" #include "user-util.h" static char *arg_root = NULL; +static char *arg_image = NULL; static char *arg_locale = NULL; /* $LANG */ static char *arg_keymap = NULL; static char *arg_locale_messages = NULL; /* $LC_MESSAGES */ @@ -55,8 +62,10 @@ static bool arg_copy_root_password = false; static bool arg_force = false; static bool arg_delete_root_password = false; static bool arg_root_password_is_hashed = false; +static bool arg_welcome = true; STATIC_DESTRUCTOR_REGISTER(arg_root, freep); +STATIC_DESTRUCTOR_REGISTER(arg_image, freep); STATIC_DESTRUCTOR_REGISTER(arg_locale, freep); STATIC_DESTRUCTOR_REGISTER(arg_locale_messages, freep); STATIC_DESTRUCTOR_REGISTER(arg_keymap, freep); @@ -85,6 +94,9 @@ static void print_welcome(void) { const char *pn; int r; + if (!arg_welcome) + return; + if (done) return; @@ -826,6 +838,75 @@ static int process_kernel_cmdline(void) { return 0; } +static int setup_image(char **ret_mount_dir, LoopDevice **ret_loop_device, DecryptedImage **ret_decrypted_image) { + DissectImageFlags f = DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_VALIDATE_OS|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK; + _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; + _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL; + _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL; + _cleanup_(rmdir_and_freep) char *mount_dir = NULL; + _cleanup_free_ char *temp = NULL; + int r; + + if (!arg_image) { + *ret_mount_dir = NULL; + *ret_decrypted_image = NULL; + *ret_loop_device = NULL; + return 0; + } + + assert(!arg_root); + + r = tempfn_random_child(NULL, "firstboot", &temp); + if (r < 0) + return log_error_errno(r, "Failed to generate temporary mount directory: %m"); + + r = loop_device_make_by_path(arg_image, O_RDWR, LO_FLAGS_PARTSCAN, &d); + if (r < 0) + return log_error_errno(r, "Failed to set up loopback device: %m"); + + r = dissect_image_and_warn(d->fd, arg_image, NULL, 0, NULL, f, &dissected_image); + if (r < 0) + return r; + + r = dissected_image_decrypt_interactively(dissected_image, NULL, NULL, 0, NULL, NULL, NULL, 0, f, &decrypted_image); + if (r < 0) + return r; + + r = detach_mount_namespace(); + if (r < 0) + return log_error_errno(r, "Failed to detach mount namespace: %m"); + + mount_dir = strdup(temp); + if (!mount_dir) + return log_oom(); + + r = mkdir_p(mount_dir, 0700); + if (r < 0) { + mount_dir = mfree(mount_dir); + return log_error_errno(r, "Failed to create mount point: %m"); + } + + r = dissected_image_mount(dissected_image, mount_dir, UID_INVALID, f); + if (r < 0) + return log_error_errno(r, "Failed to mount image: %m"); + + if (decrypted_image) { + r = decrypted_image_relinquish(decrypted_image); + if (r < 0) + return log_error_errno(r, "Failed to relinquish DM devices: %m"); + } + + loop_device_relinquish(d); + + arg_root = TAKE_PTR(temp); + + *ret_mount_dir = TAKE_PTR(mount_dir); + *ret_decrypted_image = TAKE_PTR(decrypted_image); + *ret_loop_device = TAKE_PTR(d); + + return 1; +} + static int help(void) { _cleanup_free_ char *link = NULL; int r; @@ -839,6 +920,7 @@ static int help(void) { " -h --help Show this help\n" " --version Show package version\n" " --root=PATH Operate on an alternate filesystem root\n" + " --image=PATH Operate on an alternate filesystem image\n" " --locale=LOCALE Set primary locale (LANG=)\n" " --locale-messages=LOCALE Set message locale (LC_MESSAGES=)\n" " --keymap=KEYMAP Set keymap\n" @@ -862,6 +944,7 @@ static int help(void) { " --setup-machine-id Generate a new random machine ID\n" " --force Overwrite existing files\n" " --delete-root-password Delete root password\n" + " --welcome=no Disable the welcome text\n" "\nSee the %s for details.\n" , program_invocation_short_name , link @@ -875,6 +958,7 @@ static int parse_argv(int argc, char *argv[]) { enum { ARG_VERSION = 0x100, ARG_ROOT, + ARG_IMAGE, ARG_LOCALE, ARG_LOCALE_MESSAGES, ARG_KEYMAP, @@ -899,12 +983,14 @@ static int parse_argv(int argc, char *argv[]) { ARG_SETUP_MACHINE_ID, ARG_FORCE, ARG_DELETE_ROOT_PASSWORD, + ARG_WELCOME, }; static const struct option options[] = { { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, ARG_VERSION }, { "root", required_argument, NULL, ARG_ROOT }, + { "image", required_argument, NULL, ARG_IMAGE }, { "locale", required_argument, NULL, ARG_LOCALE }, { "locale-messages", required_argument, NULL, ARG_LOCALE_MESSAGES }, { "keymap", required_argument, NULL, ARG_KEYMAP }, @@ -929,6 +1015,7 @@ static int parse_argv(int argc, char *argv[]) { { "setup-machine-id", no_argument, NULL, ARG_SETUP_MACHINE_ID }, { "force", no_argument, NULL, ARG_FORCE }, { "delete-root-password", no_argument, NULL, ARG_DELETE_ROOT_PASSWORD }, + { "welcome", required_argument, NULL, ARG_WELCOME }, {} }; @@ -953,6 +1040,12 @@ static int parse_argv(int argc, char *argv[]) { return r; break; + case ARG_IMAGE: + r = parse_path_argument_and_warn(optarg, false, &arg_image); + if (r < 0) + return r; + break; + case ARG_LOCALE: r = free_and_strdup(&arg_locale, optarg); if (r < 0) @@ -1086,7 +1179,6 @@ static int parse_argv(int argc, char *argv[]) { break; case ARG_SETUP_MACHINE_ID: - r = sd_id128_randomize(&arg_machine_id); if (r < 0) return log_error_errno(r, "Failed to generate randomized machine ID: %m"); @@ -1101,6 +1193,14 @@ static int parse_argv(int argc, char *argv[]) { arg_delete_root_password = true; break; + case ARG_WELCOME: + r = parse_boolean(optarg); + if (r < 0) + return log_error_errno(r, "Failed to parse --welcome= argument: %s", optarg); + + arg_welcome = r; + break; + case '?': return -EINVAL; @@ -1120,11 +1220,16 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "--delete-root-password cannot be combined with other root password options"); + if (arg_image && arg_root) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Please specify either --root= or --image=, the combination of both is not supported."); + return 1; } static int run(int argc, char *argv[]) { - bool enabled; + _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; + _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL; + _cleanup_(umount_and_rmdir_and_freep) char *unlink_dir = NULL; int r; r = parse_argv(argc, argv); @@ -1135,11 +1240,23 @@ static int run(int argc, char *argv[]) { umask(0022); - r = proc_cmdline_get_bool("systemd.firstboot", &enabled); + if (!arg_root && !arg_image) { + bool enabled; + + /* If we are called without --root=/--image= let's honour the systemd.firstboot kernel + * command line option, because we are called to provision the host with basic settings (as + * opposed to some other file system tree/image) */ + + r = proc_cmdline_get_bool("systemd.firstboot", &enabled); + if (r < 0) + return log_error_errno(r, "Failed to parse systemd.firstboot= kernel command line argument, ignoring: %m"); + if (r > 0 && !enabled) + return 0; /* disabled */ + } + + r = setup_image(&unlink_dir, &loop_device, &decrypted_image); if (r < 0) - return log_error_errno(r, "Failed to parse systemd.firstboot= kernel command line argument, ignoring: %m"); - if (r > 0 && !enabled) - return 0; /* disabled */ + return r; r = process_locale(); if (r < 0) diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c index 45fdd3b2da..b3fac13f7e 100644 --- a/src/shared/mount-util.c +++ b/src/shared/mount-util.c @@ -58,8 +58,8 @@ int umount_recursive(const char *prefix, int flags) { if (!path_startswith(path, prefix)) continue; - if (umount2(path, flags) < 0) { - r = log_debug_errno(errno, "Failed to umount %s: %m", path); + if (umount2(path, flags | UMOUNT_NOFOLLOW) < 0) { + log_debug_errno(errno, "Failed to umount %s, ignoring: %m", path); continue; } @@ -70,7 +70,6 @@ int umount_recursive(const char *prefix, int flags) { break; } - } while (again); return n; diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h index bcbd32c840..5934d71678 100644 --- a/src/shared/mount-util.h +++ b/src/shared/mount-util.h @@ -3,7 +3,9 @@ #include <mntent.h> #include <stdio.h> +#include <unistd.h> +#include "errno-util.h" #include "macro.h" /* 4MB for contents of regular files, 64k inodes for directories, symbolic links and device specials, @@ -53,3 +55,12 @@ int mount_option_mangle( char **ret_remaining_options); int mode_to_inaccessible_node(const char *runtime_dir, mode_t mode, char **dest); + +/* Useful for usage with _cleanup_(), unmounts, removes a directory and frees the pointer */ +static inline void umount_and_rmdir_and_free(char *p) { + PROTECT_ERRNO; + (void) umount_recursive(p, 0); + (void) rmdir(p); + free(p); +} +DEFINE_TRIVIAL_CLEANUP_FUNC(char*, umount_and_rmdir_and_free); diff --git a/src/shared/tests.c b/src/shared/tests.c index ecf8e8f623..ff662ecfe0 100644 --- a/src/shared/tests.c +++ b/src/shared/tests.c @@ -21,6 +21,7 @@ #include "env-util.h" #include "fs-util.h" #include "log.h" +#include "namespace-util.h" #include "path-util.h" #include "random-util.h" #include "strv.h" @@ -137,10 +138,7 @@ bool have_namespaces(void) { if (pid == 0) { /* child */ - if (unshare(CLONE_NEWNS) < 0) - _exit(EXIT_FAILURE); - - if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) + if (detach_mount_namespace() < 0) _exit(EXIT_FAILURE); _exit(EXIT_SUCCESS); diff --git a/src/test/test-udev.c b/src/test/test-udev.c index 208e7a0e96..c0b215dadc 100644 --- a/src/test/test-udev.c +++ b/src/test/test-udev.c @@ -17,6 +17,7 @@ #include "log.h" #include "main-func.h" #include "mkdir.h" +#include "namespace-util.h" #include "selinux-util.h" #include "signal-util.h" #include "string-util.h" @@ -36,15 +37,13 @@ static int fake_filesystems(void) { { "test/run", "/etc/udev/rules.d", "Failed to mount empty /etc/udev/rules.d", true }, { "test/run", UDEVLIBEXECDIR "/rules.d", "Failed to mount empty " UDEVLIBEXECDIR "/rules.d", true }, }; - unsigned i; - - if (unshare(CLONE_NEWNS) < 0) - return log_error_errno(errno, "Failed to call unshare(): %m"); + int r; - if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) - return log_error_errno(errno, "Failed to mount / as private: %m"); + r = detach_mount_namespace(); + if (r < 0) + return log_error_errno(r, "Failed to detach mount namespace: %m"); - for (i = 0; i < ELEMENTSOF(fakefss); i++) + for (size_t i = 0; i < ELEMENTSOF(fakefss); i++) if (mount(fakefss[i].src, fakefss[i].target, NULL, MS_BIND, NULL) < 0) { log_full_errno(fakefss[i].ignore_mount_error ? LOG_DEBUG : LOG_ERR, errno, "%s: %m", fakefss[i].error); if (!fakefss[i].ignore_mount_error) |