diff options
Diffstat (limited to 'src/shared/discover-image.c')
| -rw-r--r-- | src/shared/discover-image.c | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c index d0b3245a27..ac6a8033dd 100644 --- a/src/shared/discover-image.c +++ b/src/shared/discover-image.c @@ -28,6 +28,7 @@ #include "hashmap.h" #include "hostname-setup.h" #include "id128-util.h" +#include "initrd-util.h" #include "lock-util.h" #include "log.h" #include "loop-util.h" @@ -73,6 +74,19 @@ static const char* const image_search_path[_IMAGE_CLASS_MAX] = { "/usr/lib/confexts\0", }; +/* Inside the initrd, use a slightly different set of search path (i.e. include .extra/sysext in extension + * search dir) */ +static const char* const image_search_path_initrd[_IMAGE_CLASS_MAX] = { + /* (entries that aren't listed here will get the same search path as for the non initrd-case) */ + + [IMAGE_EXTENSION] = "/etc/extensions\0" /* only place symlinks here */ + "/run/extensions\0" /* and here too */ + "/var/lib/extensions\0" /* the main place for images */ + "/usr/local/lib/extensions\0" + "/usr/lib/extensions\0" + "/.extra/sysext\0" /* put sysext picked up by systemd-stub last, since not trusted */ +}; + static Image *image_free(Image *i) { assert(i); @@ -446,6 +460,14 @@ static int image_make( return -EMEDIUMTYPE; } +static const char *pick_image_search_path(ImageClass class) { + if (class < 0 || class >= _IMAGE_CLASS_MAX) + return NULL; + + /* Use the initrd search path if there is one, otherwise use the common one */ + return in_initrd() && image_search_path_initrd[class] ? image_search_path_initrd[class] : image_search_path[class]; +} + int image_find(ImageClass class, const char *name, const char *root, @@ -461,7 +483,7 @@ int image_find(ImageClass class, if (!image_name_is_valid(name)) return -ENOENT; - NULSTR_FOREACH(path, image_search_path[class]) { + NULSTR_FOREACH(path, pick_image_search_path(class)) { _cleanup_free_ char *resolved = NULL; _cleanup_closedir_ DIR *d = NULL; struct stat st; @@ -560,7 +582,7 @@ int image_discover( assert(class < _IMAGE_CLASS_MAX); assert(h); - NULSTR_FOREACH(path, image_search_path[class]) { + NULSTR_FOREACH(path, pick_image_search_path(class)) { _cleanup_free_ char *resolved = NULL; _cleanup_closedir_ DIR *d = NULL; @@ -1138,7 +1160,7 @@ int image_set_limit(Image *i, uint64_t referenced_max) { return btrfs_subvol_set_subtree_quota_limit(i->path, 0, referenced_max); } -int image_read_metadata(Image *i) { +int image_read_metadata(Image *i, const ImagePolicy *image_policy) { _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT; int r; @@ -1219,7 +1241,9 @@ int image_read_metadata(Image *i) { r = dissect_loop_device( d, - NULL, NULL, + /* verity= */ NULL, + /* mount_options= */ NULL, + image_policy, DISSECT_IMAGE_GENERIC_ROOT | DISSECT_IMAGE_REQUIRE_ROOT | DISSECT_IMAGE_RELAX_VAR_CHECK | @@ -1287,7 +1311,7 @@ bool image_in_search_path( assert(image); - NULSTR_FOREACH(path, image_search_path[class]) { + NULSTR_FOREACH(path, pick_image_search_path(class)) { const char *p, *q; size_t k; |