diff options
author | Luca Boccassi <bluca@debian.org> | 2023-03-01 22:53:16 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-01 22:53:16 +0000 |
commit | f05f2334eec97baea0a6a9b21b7fa8701711f987 (patch) | |
tree | aefaa4dfdb9b84c3b34da8215643bf793639e878 | |
parent | 1406bd66e4dbb5dd0130d9327ffd588652cbe228 (diff) | |
parent | 4c27749b8c6b24ef7481ba183ae1fca3749afbf7 (diff) | |
download | systemd-f05f2334eec97baea0a6a9b21b7fa8701711f987.tar.gz |
Merge pull request #26632 from poettering/dissect-arch-nspawn
dissect: determine arch from DDI and use it for nspawn
-rw-r--r-- | src/dissect/dissect.c | 3 | ||||
-rw-r--r-- | src/nspawn/nspawn.c | 23 | ||||
-rw-r--r-- | src/shared/dissect-image.c | 14 | ||||
-rw-r--r-- | src/shared/dissect-image.h | 2 |
4 files changed, 32 insertions, 10 deletions
diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index a6a5b9e210..f08e745a55 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -603,6 +603,9 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) { printf(" Sec. Size: %" PRIu32 "\n", m->sector_size); + printf(" Arch.: %s\n", + strna(architecture_to_string(dissected_image_architecture(m)))); + if (arg_json_format_flags & JSON_FORMAT_OFF) putc('\n', stdout); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 5065c77fbb..f3a8593ec5 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -233,6 +233,7 @@ static size_t arg_n_credentials = 0; static char **arg_bind_user = NULL; static bool arg_suppress_sync = false; static char *arg_settings_filename = NULL; +static Architecture arg_architecture = _ARCHITECTURE_INVALID; STATIC_DESTRUCTOR_REGISTER(arg_directory, freep); STATIC_DESTRUCTOR_REGISTER(arg_template, freep); @@ -3222,7 +3223,6 @@ static int patch_sysctl(void) { static int inner_child( Barrier *barrier, const char *directory, - bool secondary, int fd_inner_socket, FDSet *fds, char **os_release_pairs) { @@ -3402,11 +3402,16 @@ static int inner_child( r = safe_personality(arg_personality); if (r < 0) return log_error_errno(r, "personality() failed: %m"); - } else if (secondary) { +#ifdef ARCHITECTURE_SECONDARY + } else if (arg_architecture == ARCHITECTURE_SECONDARY) { r = safe_personality(PER_LINUX32); if (r < 0) return log_error_errno(r, "personality() failed: %m"); - } +#endif + } else if (arg_architecture >= 0 && arg_architecture != native_architecture()) + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), + "Selected architecture '%s' not supported locally, refusing.", + architecture_to_string(arg_architecture)); r = setrlimit_closest_all((const struct rlimit *const*) arg_rlimit, &which_failed); if (r < 0) @@ -3636,7 +3641,6 @@ static int outer_child( Barrier *barrier, const char *directory, DissectedImage *dissected_image, - bool secondary, int fd_outer_socket, int fd_inner_socket, FDSet *fds, @@ -4032,7 +4036,7 @@ static int outer_child( return log_error_errno(r, "Failed to join network namespace: %m"); } - r = inner_child(barrier, directory, secondary, fd_inner_socket, fds, os_release_pairs); + r = inner_child(barrier, directory, fd_inner_socket, fds, os_release_pairs); if (r < 0) _exit(EXIT_FAILURE); @@ -4743,7 +4747,6 @@ static int load_oci_bundle(void) { static int run_container( DissectedImage *dissected_image, - bool secondary, FDSet *fds, char veth_name[IFNAMSIZ], bool *veth_created, struct ExposeArgs *expose_args, @@ -4845,7 +4848,6 @@ static int run_container( r = outer_child(&barrier, arg_directory, dissected_image, - secondary, fd_outer_socket_pair[1], fd_inner_socket_pair[1], fds, @@ -5430,8 +5432,7 @@ static int cant_be_in_netns(void) { } static int run(int argc, char *argv[]) { - bool secondary = false, remove_directory = false, remove_image = false, - veth_created = false, remove_tmprootdir = false; + bool remove_directory = false, remove_image = false, veth_created = false, remove_tmprootdir = false; _cleanup_close_ int master = -EBADF; _cleanup_fdset_free_ FDSet *fds = NULL; int r, n_fd_passed, ret = EXIT_SUCCESS; @@ -5792,6 +5793,9 @@ static int run(int argc, char *argv[]) { /* Now that we mounted the image, let's try to remove it again, if it is ephemeral */ if (remove_image && unlink(arg_image) >= 0) remove_image = false; + + if (arg_architecture < 0) + arg_architecture = dissected_image_architecture(dissected_image); } r = custom_mount_prepare_all(arg_directory, arg_custom_mounts, arg_n_custom_mounts); @@ -5827,7 +5831,6 @@ static int run(int argc, char *argv[]) { } for (;;) { r = run_container(dissected_image, - secondary, fds, veth_name, &veth_created, &expose_args, &master, diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index b20e21cce2..9636fd8d48 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -3156,6 +3156,20 @@ finish: return r; } +Architecture dissected_image_architecture(DissectedImage *img) { + assert(img); + + if (img->partitions[PARTITION_ROOT].found && + img->partitions[PARTITION_ROOT].architecture >= 0) + return img->partitions[PARTITION_ROOT].architecture; + + if (img->partitions[PARTITION_USR].found && + img->partitions[PARTITION_USR].architecture >= 0) + return img->partitions[PARTITION_USR].architecture; + + return _ARCHITECTURE_INVALID; +} + int dissect_loop_device( LoopDevice *loop, const VeritySettings *verity, diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h index 3efe784ee9..6b90895216 100644 --- a/src/shared/dissect-image.h +++ b/src/shared/dissect-image.h @@ -160,6 +160,8 @@ int dissected_image_mount_and_warn(DissectedImage *m, const char *where, uid_t u int dissected_image_acquire_metadata(DissectedImage *m, DissectImageFlags extra_flags); +Architecture dissected_image_architecture(DissectedImage *m); + DecryptedImage* decrypted_image_ref(DecryptedImage *p); DecryptedImage* decrypted_image_unref(DecryptedImage *p); DEFINE_TRIVIAL_CLEANUP_FUNC(DecryptedImage*, decrypted_image_unref); |