diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-12-02 15:05:49 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-04-05 20:49:48 +0200 |
commit | 598fd4da1cf9665834110583fd9133073cc12481 (patch) | |
tree | e367ec67874d9c34a8da78403b69a028a9ec191f /src/shared/dissect-image.c | |
parent | dee4a6237ab5913a6cac3f2afa5ba6ae1f35080a (diff) | |
download | systemd-598fd4da1cf9665834110583fd9133073cc12481.tar.gz |
dissect: disallow empty partition tables
If we don't find a single useful partition table, refusing dissection.
(Except in systemd-dissect, when we are supposed to show DDI
information, in that case allow this to run and show general DDI
information, i.e. size, UUID and name at least)
Diffstat (limited to 'src/shared/dissect-image.c')
-rw-r--r-- | src/shared/dissect-image.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 9cc8d43147..97414d2c8f 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1485,6 +1485,8 @@ static int dissect_image( } } + bool any = false; + /* After we discovered all partitions let's see if the verity requirements match the policy. (Note: * we don't check encryption requirements here, because we haven't probed the file system yet, hence * don't know if this is encrypted or not) */ @@ -1492,6 +1494,8 @@ static int dissect_image( PartitionDesignator vi, si; PartitionPolicyFlags found_flags; + any = any || m->partitions[di].found; + vi = partition_verity_of(di); si = partition_verity_sig_of(di); @@ -1513,6 +1517,9 @@ static int dissect_image( } } + if (!any && !FLAGS_SET(flags, DISSECT_IMAGE_ALLOW_EMPTY)) + return -ENOMSG; + r = dissected_image_probe_filesystems(m, fd, policy); if (r < 0) return r; @@ -1605,6 +1612,9 @@ static int dissect_log_error(int r, const char *name, const VeritySettings *veri case -ERFKILL: return log_error_errno(r, "%s: image does not match image policy.", name); + case -ENOMSG: + return log_error_errno(r, "%s: no suitable partitions found.", name); + default: return log_error_errno(r, "Failed to dissect image '%s': %m", name); } |