diff options
author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2022-11-21 20:41:22 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-11-23 09:20:10 +0100 |
commit | d91a5f6481d35e28148fe46bc490bb4f34656947 (patch) | |
tree | b987878eebcc46eeb68b70060eb02af1f300beb7 /src/shared/find-esp.c | |
parent | 0dce448bbc97c861520c287b01d632b887442925 (diff) | |
download | systemd-d91a5f6481d35e28148fe46bc490bb4f34656947.tar.gz |
find-esp: Relax filesystem root directory check
When relaxed checks are requested, let's not require the efi/xbootldr
directory to be the root of the filesystem. When building images, image
builders might install all efi/xbootldr files to a regular directory
first before packing them up into a partition. To allow bootctl to be
used in such scenarios to install systemd-boot, we need to relax the
fsroot check.
Diffstat (limited to 'src/shared/find-esp.c')
-rw-r--r-- | src/shared/find-esp.c | 61 |
1 files changed, 30 insertions, 31 deletions
diff --git a/src/shared/find-esp.c b/src/shared/find-esp.c index fa234c8b5f..a4cd4b26b1 100644 --- a/src/shared/find-esp.c +++ b/src/shared/find-esp.c @@ -353,8 +353,9 @@ static int verify_esp( dev_t *ret_devid, VerifyESPFlags flags) { - bool relax_checks, searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING), + bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING), unprivileged_mode = FLAGS_SET(flags, VERIFY_ESP_UNPRIVILEGED_MODE); + struct statfs sfs; dev_t devid = 0; int r; @@ -367,39 +368,36 @@ static int verify_esp( * -EACESS → if 'unprivileged_mode' is set, and we have trouble accessing the thing */ - relax_checks = - getenv_bool("SYSTEMD_RELAX_ESP_CHECKS") > 0 || - FLAGS_SET(flags, VERIFY_ESP_RELAX_CHECKS); + /* Non-root user can only check the status, so if an error occurred in the following, it does not + * cause any issues. Let's also, silence the error messages. */ - /* Non-root user can only check the status, so if an error occurred in the following, it does not cause any - * issues. Let's also, silence the error messages. */ - - if (!relax_checks) { - struct statfs sfs; + if (getenv_bool("SYSTEMD_RELAX_ESP_CHECKS") > 0 || FLAGS_SET(flags, VERIFY_ESP_RELAX_CHECKS)) + /* If relaxed checks are requested, don't require the ESP directory to be the root of the + * filesystem so that image builders can install the bootloader to a regular directory before + * packing that directory up into its own partition. */ + goto finish; - if (statfs(p, &sfs) < 0) - /* If we are searching for the mount point, don't generate a log message if we can't find the path */ - return log_full_errno((searching && errno == ENOENT) || - (unprivileged_mode && errno == EACCES) ? LOG_DEBUG : LOG_ERR, errno, - "Failed to check file system type of \"%s\": %m", p); + if (statfs(p, &sfs) < 0) + /* If we are searching for the mount point, don't generate a log message if we can't + * find the path */ + return log_full_errno((searching && errno == ENOENT) || (unprivileged_mode && errno == EACCES) ? LOG_DEBUG : LOG_ERR, + errno, + "Failed to check file system type of \"%s\": %m", + p); - if (!F_TYPE_EQUAL(sfs.f_type, MSDOS_SUPER_MAGIC)) - return log_full_errno(searching ? LOG_DEBUG : LOG_ERR, - SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV), - "File system \"%s\" is not a FAT EFI System Partition (ESP) file system.", p); - } - - relax_checks = - relax_checks || - detect_container() > 0; + if (!F_TYPE_EQUAL(sfs.f_type, MSDOS_SUPER_MAGIC)) + return log_full_errno(searching ? LOG_DEBUG : LOG_ERR, + SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV), + "File system \"%s\" is not a FAT EFI System Partition (ESP) file system.", + p); - r = verify_fsroot_dir(p, searching, unprivileged_mode, relax_checks ? NULL : &devid); + r = verify_fsroot_dir(p, searching, unprivileged_mode, detect_container() > 0 ? NULL : &devid); if (r < 0) return r; /* In a container we don't have access to block devices, skip this part of the verification, we trust * the container manager set everything up correctly on its own. */ - if (relax_checks) + if (detect_container() > 0) goto finish; /* If we are unprivileged we ask udev for the metadata about the partition. If we are privileged we @@ -705,21 +703,22 @@ static int verify_xbootldr( sd_id128_t *ret_uuid, dev_t *ret_devid) { - bool relax_checks; dev_t devid = 0; int r; assert(p); - relax_checks = - getenv_bool("SYSTEMD_RELAX_XBOOTLDR_CHECKS") > 0 || - detect_container() > 0; + /* If relaxed checks are requested, don't require the XBOOTLDR directory to be the root of the + * filesystem so that image builders can install the bootloader to a regular directory before + * packing that directory up into its own partition. */ + if (getenv_bool("SYSTEMD_RELAX_XBOOTLDR_CHECKS") > 0) + goto finish; - r = verify_fsroot_dir(p, searching, unprivileged_mode, relax_checks ? NULL : &devid); + r = verify_fsroot_dir(p, searching, unprivileged_mode, detect_container() > 0 ? NULL : &devid); if (r < 0) return r; - if (relax_checks) + if (detect_container() > 0) goto finish; if (unprivileged_mode) |