summaryrefslogtreecommitdiff
path: root/src/machine/image-dbus.c
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: hook up image dissection policy logic everywhereLennart Poettering2023-04-051-4/+4
|
* tree-wide: introduce PIPE_EBADF macroYu Watanabe2022-12-201-2/+2
|
* tree-wide: use -EBADF also in pipe initializersZbigniew Jędrzejewski-Szmek2022-12-191-2/+2
| | | | In some places, initialization is dropped when unnecesary.
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-191-2/+2
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* tree-wide: use ASSERT_PTR moreDavid Tardon2022-09-131-10/+5
|
* machined: use one_zero() on one more occasionLennart Poettering2022-02-181-1/+1
|
* machined: sd-bus expects 'int', not 'bool' when returning unmarshalled booleansLennart Poettering2022-02-181-2/+1
| | | | | Fixes: #22555 Follow-up for: #22160
* machined: provide more details to polkit authLudwig Nussel2022-01-181-6/+40
|
* tree-wide: sd_bus_error_setf → set_bus_error_setZbigniew Jędrzejewski-Szmek2021-04-071-3/+3
| | | | strdup() is more efficient than asprintf().
* Move os-util.[ch] to basic/Zbigniew Jędrzejewski-Szmek2021-02-221-0/+1
| | | | parse_os_release() will be used basic/hostname-util.c later on.
* shared: rename machine-image.[ch] → discover-image.[ch]Lennart Poettering2021-02-031-1/+1
| | | | | | | | | | The old name originates when this was used to discover "machine" images, as managed by machined/machinectl. But nowadays this is also used by portable services and system extensions, hence let's use a more generic name for this API. Taking inspiration from "dissect-image.[ch]", let's call this "discover-image.[ch]". This is pure renaming, no other changes.
* machine: Use hashmap_ensure_putSusant Sahani2021-01-201-5/+1
|
* machine-image: properly support searching for images below some --root= pathLennart Poettering2021-01-191-2/+2
| | | | | systemd-sysext supports --root= for everything but the image discovery. Fix that.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* tree-wide: define iterator inside of the macroZbigniew Jędrzejewski-Szmek2020-09-081-2/+1
|
* shared: split out property get helpersLennart Poettering2020-06-301-1/+1
| | | | No code changes, just some refactoring.
* machined: convert to the new scheme and add --bus-introspectZbigniew Jędrzejewski-Szmek2020-05-051-26/+33
|
* shared: split out polkit stuff from bus-util.c → bus-polkit.cLennart Poettering2020-01-221-0/+1
| | | | | | It's enough, complex stuff to warrant its own source file. No other changes, just splitting out.
* tree-wide: get rid of strappend()Lennart Poettering2019-07-121-1/+1
| | | | | It's a special case of strjoin(), so no need to keep both. In particular as typing strjoin() is even shoert than strappend().
* Merge pull request #10935 from poettering/rlimit-nofile-safeZbigniew Jędrzejewski-Szmek2018-12-061-1/+1
|\ | | | | | | Merged by hand to resolve a trivial conflict in TODO.
| * machined: prefix child process name with 'sd'Lennart Poettering2018-12-011-1/+1
| | | | | | | | | | | | So far we followed to rule that child processes we fork off without execve() are named "(sd-xyz)", but one child process didn't follow this. Correct that.
* | lockfile: drop unnecessary headers from lockfile-util.hYu Watanabe2018-12-061-0/+1
| |
* | machine-image: introduce image_hash_ops and use itYu Watanabe2018-12-021-4/+4
|/
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* machine-image: rework error handlingLennart Poettering2018-05-241-1/+3
| | | | | | | | | | | Let's rework error handling a bit in image_find() and friends: when we can't find an image, return -ENOENT rather than 0. That's better as before we violated the usual rule in our codebase that return parameters are initialized when the return value is >= 0 and otherwise not touched. This also makes enumeration and validation a bit more strict: we'll only accept ".raw" as suffix for regular files, and filter out this suffix handling on directories/subvolumes, where it makes no sense.
* machine-image: introduce two different classes of imagesLennart Poettering2018-05-241-2/+2
| | | | | | | | | | This distuingishes two different classes of images, one for the purpose of npsawn-like containers, i.e. "machines", and one for portable services. This distinction is mostly about search paths. We look for machine images in /var/lib/machines and for portable images in /var/lib/portables.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* tree-wide: use TAKE_PTR() and TAKE_FD() macrosYu Watanabe2018-04-051-2/+1
|
* tree-wide: introduce new safe_fork() helper and port everything overLennart Poettering2017-12-251-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new safe_fork() wrapper around fork() and makes use of it everywhere. The new wrapper does a couple of things we previously did manually and separately in a safer, more correct and automatic way: 1. Optionally resets signal handlers/mask in the child 2. Sets a name on all processes we fork off right after forking off (and the patch assigns useful names for all processes we fork off now, following a systematic naming scheme: always enclosed in () – in order to indicate that these are not proper, exec()ed processes, but only forked off children, and if the process is long-running with only our own code, without execve()'ing something else, it gets am "sd-" prefix.) 3. Optionally closes all file descriptors in the child 4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe way so that the parent dying before this happens being handled safely. 5. Optionally reopens the logs 6. Optionally connects stdin/stdout/stderr to /dev/null 7. Debug logs about the forked off processes.
* Add set/hashmap helpers for non-trivial freeing and use where straighforwardZbigniew Jędrzejewski-Szmek2017-11-281-4/+1
| | | | | | A macro is needed because otherwise we couldn't ensure type safety. Some simple tests are included. No functional change intended.
* machine: remove unused variablesYu Watanabe2017-11-251-1/+0
|
* machined: port machined's bus APIs to use new image metadata APILennart Poettering2017-11-201-122/+51
| | | | | | | Let's rework the D-Bus APIs GetImageOSRelease() to use the new internal metadata API, to query what it needs to know. Augment it with GetImageHostname(), GetImageMachineID(), GetImageMachineInfo(), that expose the other new APIS.
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* machine-image: add partial discovery of block devices as imagesLennart Poettering2017-10-261-0/+1
| | | | | | | | | | | | | | This adds some basic discovery of block device images for nspawn and friends. Note that this doesn't add searching for block devices using udev, but instead expects users to symlink relevant block devices into /var/lib/machines. Discovery is hence done exactly like for dir/subvol/raw file images, except that what is found may be a (symlink to) a block device. For now, we do not support cloning these images, but removal, renaming and read-only flags are supported to the point where that makes sense. Fixe: #6990
* Fix includes (#5980)Matija Skala2017-05-191-0/+1
| | | Needed on musl.
* copy: change the various copy_xyz() calls to take a unified flags parameterLennart Poettering2017-02-171-1/+1
| | | | | | | | This adds a unified "copy_flags" parameter to all copy_xyz() function calls, replacing the various boolean flags so far used. This should make many invocations more readable as it is clear what behaviour is precisely requested. This also prepares ground for adding support for more modes later on.
* Merge pull request #4879 from poettering/systemdZbigniew Jędrzejewski-Szmek2017-01-141-1/+1
|\
| * dissect: make using a generic partition as root partition optionalLennart Poettering2016-12-211-1/+1
| | | | | | | | | | | | | | | | | | | | In preparation for reusing the image dissector in the GPT auto-discovery logic, only optionally fail the dissection when we can't identify a root partition. In the GPT auto-discovery we are completely fine with any kind of root, given that we run when it is already mounted and all we do is find some additional auxiliary partitions on the same disk.
| * dissect: optionally, only look for GPT partition tables, nothing elseLennart Poettering2016-12-201-1/+1
| | | | | | | | | | This is useful for reusing the dissector logic in the gpt-auto-discovery logic: there we really don't want to use MBR or naked file systems as root device.
* | machined: remove unused variable (#4993)Thomas H. P. Andersen2016-12-291-1/+0
|/
* nspawn/dissect: automatically discover dm-verity verity partitionsLennart Poettering2016-12-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for discovering and making use of properly tagged dm-verity data integrity partitions. This extends both systemd-nspawn and systemd-dissect with a new --root-hash= switch that takes the root hash to use for the root partition, and is otherwise fully automatic. Verity partitions are discovered automatically by GPT table type UUIDs, as listed in https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/ (which I updated prior to this change, to include new UUIDs for this purpose. mkosi with https://github.com/systemd/mkosi/pull/39 applied may generate images that carry the necessary integrity data. With that PR and this commit, the following simply lines suffice to boot up an integrity-protected container image: ``` # mkdir test # cd test # mkosi --verity # systemd-nspawn -i ./image.raw -bn ``` Note that mkosi writes the image file to "image.raw" next to a a file "image.roothash" that contains the root hash. systemd-nspawn will look for that file and use it if it exists, in case --root-hash= is not specified explicitly.
* dissect: add support for encrypted imagesLennart Poettering2016-12-071-1/+1
| | | | | | | | | | | | | | | This adds support to the image dissector to deal with encrypted images (only LUKS). Given that we now have a neatly isolated image dissector codebase, let's add a new feature to it: support for automatically dealing with encrypted images. This is then exposed in systemd-dissect and nspawn. It's pretty basic: only support for passphrase-based encryption. In order to ensure that "systemd-dissect --mount" results in mount points whose backing LUKS DM devices are cleaned up automatically we use the DM_DEV_REMOVE ioctl() directly on the device (in DM_DEFERRED_REMOVE mode). libgcryptsetup at the moment doesn't provide a proper API for this. Thankfully, the ioctl() API is pretty easy to use.
* machined: add API for querying the OS release of a machine imageLennart Poettering2016-12-071-0/+165
| | | | | | | | | | This adds a bus call GetImageOSRelease() to the Manager interface that retrieves the /etc/os-release file of a machine image. It matches the existing GetMachineOSRelease() call, however operates on a disk image rather than a running container. The backend for this call on .raw images is implemented via the generalized image dissector, which makes this scheme relatively easy to implement.
* machined: "machinectl clean" can take a while, do it asynchronously from a ↵Lennart Poettering2016-06-241-2/+2
| | | | | | | | | | | | | | background process This is a follow-up to 5d2036b5f3506bd0ff07042aee8d69c26db32298, and also makes the "machinectl clean" verb asynchronous, after all it's little more than a series of image removals. The changes required to make this happen are a bit more comprehensive as we need to pass information about deleted images back to the client, as well as information about the image we failed on if we failed on one. Hence, create a temporary file in /tmp, serialize that data into, and read it from the parent after the operation is complete.
* machined: rework copy-from/copy-to operation to use generic Operation objectLennart Poettering2016-05-021-2/+2
| | | | | With this all potentially slow operations are done out-of-process, asynchronously, using the same "Operation" object.
* machined: also make image removal operation asynchronousLennart Poettering2016-05-021-3/+32
| | | | | If we remove a directory image (i.e. not a btrfs snapshot) then things might get quite expensive, hence run this asynchronous in a forked off process, too.
* util: rework sigkill_wait() to not require pid_t pointerLennart Poettering2016-05-021-1/+1
| | | | | | Let's make sigkill_wait() take a normal pid_t, and add sigkill_waitp() that takes a pointer (which is useful for usage in _cleanup_), following the usual logic we have for this.
* machined: run clone operation asynchronously in the backgroundLennart Poettering2016-05-021-5/+35
| | | | | | | | | | | | | Cloning an image can be slow, if the image is not on a btrfs subvolume, hence let's make sure we do this asynchronously in a child process, so that machined isn't blocked as long as we process the client request. This adds a new, generic "Operation" object to machined, that is used to track these kind of background processes. This is inspired by the MachineOperation object that already exists to make copy operations asynchronous. A later patch will rework the MachineOperation logic to use the generic Operation instead.
* machined: generate a nicer error when the user tries "machinectl clone" on ↵Lennart Poettering2016-04-251-0/+2
| | | | | | | | | non-btrfs file systems (#3117) Fixes: #2060 (Of course, in the long run, we should probably add a copy-based fall-back. But given how slow that is, this probably requires some asynchronous forking logic like the CopyFrom() and CopyTo() method calls already implement.)
View Lorry Controller Status