1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/file.h>
4 #include <sys/mount.h>
5
6 #include "alloc-util.h"
7 #include "bus-get-properties.h"
8 #include "bus-label.h"
9 #include "bus-polkit.h"
10 #include "copy.h"
11 #include "discover-image.h"
12 #include "dissect-image.h"
13 #include "fd-util.h"
14 #include "fileio.h"
15 #include "fs-util.h"
16 #include "image-dbus.h"
17 #include "io-util.h"
18 #include "loop-util.h"
19 #include "missing_capability.h"
20 #include "mount-util.h"
21 #include "os-util.h"
22 #include "process-util.h"
23 #include "raw-clone.h"
24 #include "strv.h"
25 #include "user-util.h"
26
27 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, image_type, ImageType);
28
bus_image_method_remove(sd_bus_message * message,void * userdata,sd_bus_error * error)29 int bus_image_method_remove(
30 sd_bus_message *message,
31 void *userdata,
32 sd_bus_error *error) {
33
34 _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
35 Image *image = userdata;
36 Manager *m = image->userdata;
37 pid_t child;
38 int r;
39
40 assert(message);
41 assert(image);
42
43 if (m->n_operations >= OPERATIONS_MAX)
44 return sd_bus_error_set(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
45
46 const char *details[] = {
47 "image", image->name,
48 "verb", "remove",
49 NULL
50 };
51
52 r = bus_verify_polkit_async(
53 message,
54 CAP_SYS_ADMIN,
55 "org.freedesktop.machine1.manage-images",
56 details,
57 false,
58 UID_INVALID,
59 &m->polkit_registry,
60 error);
61 if (r < 0)
62 return r;
63 if (r == 0)
64 return 1; /* Will call us back */
65
66 if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
67 return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
68
69 r = safe_fork("(sd-imgrm)", FORK_RESET_SIGNALS, &child);
70 if (r < 0)
71 return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
72 if (r == 0) {
73 errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
74
75 r = image_remove(image);
76 if (r < 0) {
77 (void) write(errno_pipe_fd[1], &r, sizeof(r));
78 _exit(EXIT_FAILURE);
79 }
80
81 _exit(EXIT_SUCCESS);
82 }
83
84 errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
85
86 r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
87 if (r < 0) {
88 (void) sigkill_wait(child);
89 return r;
90 }
91
92 errno_pipe_fd[0] = -1;
93
94 return 1;
95 }
96
bus_image_method_rename(sd_bus_message * message,void * userdata,sd_bus_error * error)97 int bus_image_method_rename(
98 sd_bus_message *message,
99 void *userdata,
100 sd_bus_error *error) {
101
102 Image *image = userdata;
103 Manager *m = image->userdata;
104 const char *new_name;
105 int r;
106
107 assert(message);
108 assert(image);
109
110 r = sd_bus_message_read(message, "s", &new_name);
111 if (r < 0)
112 return r;
113
114 if (!image_name_is_valid(new_name))
115 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
116
117 const char *details[] = {
118 "image", image->name,
119 "verb", "rename",
120 "new_name", new_name,
121 NULL
122 };
123
124 r = bus_verify_polkit_async(
125 message,
126 CAP_SYS_ADMIN,
127 "org.freedesktop.machine1.manage-images",
128 details,
129 false,
130 UID_INVALID,
131 &m->polkit_registry,
132 error);
133 if (r < 0)
134 return r;
135 if (r == 0)
136 return 1; /* Will call us back */
137
138 r = image_rename(image, new_name);
139 if (r < 0)
140 return r;
141
142 return sd_bus_reply_method_return(message, NULL);
143 }
144
bus_image_method_clone(sd_bus_message * message,void * userdata,sd_bus_error * error)145 int bus_image_method_clone(
146 sd_bus_message *message,
147 void *userdata,
148 sd_bus_error *error) {
149
150 _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
151 Image *image = userdata;
152 Manager *m = image->userdata;
153 const char *new_name;
154 int r, read_only;
155 pid_t child;
156
157 assert(message);
158 assert(image);
159 assert(m);
160
161 if (m->n_operations >= OPERATIONS_MAX)
162 return sd_bus_error_set(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
163
164 r = sd_bus_message_read(message, "sb", &new_name, &read_only);
165 if (r < 0)
166 return r;
167
168 if (!image_name_is_valid(new_name))
169 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
170
171 const char *details[] = {
172 "image", image->name,
173 "verb", "clone",
174 "new_name", new_name,
175 NULL
176 };
177
178 r = bus_verify_polkit_async(
179 message,
180 CAP_SYS_ADMIN,
181 "org.freedesktop.machine1.manage-images",
182 details,
183 false,
184 UID_INVALID,
185 &m->polkit_registry,
186 error);
187 if (r < 0)
188 return r;
189 if (r == 0)
190 return 1; /* Will call us back */
191
192 if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
193 return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
194
195 r = safe_fork("(sd-imgclone)", FORK_RESET_SIGNALS, &child);
196 if (r < 0)
197 return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
198 if (r == 0) {
199 errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
200
201 r = image_clone(image, new_name, read_only);
202 if (r < 0) {
203 (void) write(errno_pipe_fd[1], &r, sizeof(r));
204 _exit(EXIT_FAILURE);
205 }
206
207 _exit(EXIT_SUCCESS);
208 }
209
210 errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
211
212 r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
213 if (r < 0) {
214 (void) sigkill_wait(child);
215 return r;
216 }
217
218 errno_pipe_fd[0] = -1;
219
220 return 1;
221 }
222
bus_image_method_mark_read_only(sd_bus_message * message,void * userdata,sd_bus_error * error)223 int bus_image_method_mark_read_only(
224 sd_bus_message *message,
225 void *userdata,
226 sd_bus_error *error) {
227
228 Image *image = userdata;
229 Manager *m = image->userdata;
230 int read_only, r;
231
232 assert(message);
233
234 r = sd_bus_message_read(message, "b", &read_only);
235 if (r < 0)
236 return r;
237
238 const char *details[] = {
239 "image", image->name,
240 "verb", "mark_read_only",
241 "read_only", one_zero(read_only),
242 NULL
243 };
244
245 r = bus_verify_polkit_async(
246 message,
247 CAP_SYS_ADMIN,
248 "org.freedesktop.machine1.manage-images",
249 details,
250 false,
251 UID_INVALID,
252 &m->polkit_registry,
253 error);
254 if (r < 0)
255 return r;
256 if (r == 0)
257 return 1; /* Will call us back */
258
259 r = image_read_only(image, read_only);
260 if (r < 0)
261 return r;
262
263 return sd_bus_reply_method_return(message, NULL);
264 }
265
bus_image_method_set_limit(sd_bus_message * message,void * userdata,sd_bus_error * error)266 int bus_image_method_set_limit(
267 sd_bus_message *message,
268 void *userdata,
269 sd_bus_error *error) {
270
271 Image *image = userdata;
272 Manager *m = image->userdata;
273 uint64_t limit;
274 int r;
275
276 assert(message);
277
278 r = sd_bus_message_read(message, "t", &limit);
279 if (r < 0)
280 return r;
281 if (!FILE_SIZE_VALID_OR_INFINITY(limit))
282 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
283
284 const char *details[] = {
285 "machine", image->name,
286 "verb", "set_limit",
287 NULL
288 };
289
290 r = bus_verify_polkit_async(
291 message,
292 CAP_SYS_ADMIN,
293 "org.freedesktop.machine1.manage-images",
294 details,
295 false,
296 UID_INVALID,
297 &m->polkit_registry,
298 error);
299 if (r < 0)
300 return r;
301 if (r == 0)
302 return 1; /* Will call us back */
303
304 r = image_set_limit(image, limit);
305 if (r < 0)
306 return r;
307
308 return sd_bus_reply_method_return(message, NULL);
309 }
310
bus_image_method_get_hostname(sd_bus_message * message,void * userdata,sd_bus_error * error)311 int bus_image_method_get_hostname(
312 sd_bus_message *message,
313 void *userdata,
314 sd_bus_error *error) {
315
316 Image *image = userdata;
317 int r;
318
319 if (!image->metadata_valid) {
320 r = image_read_metadata(image);
321 if (r < 0)
322 return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
323 }
324
325 return sd_bus_reply_method_return(message, "s", image->hostname);
326 }
327
bus_image_method_get_machine_id(sd_bus_message * message,void * userdata,sd_bus_error * error)328 int bus_image_method_get_machine_id(
329 sd_bus_message *message,
330 void *userdata,
331 sd_bus_error *error) {
332
333 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
334 Image *image = userdata;
335 int r;
336
337 if (!image->metadata_valid) {
338 r = image_read_metadata(image);
339 if (r < 0)
340 return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
341 }
342
343 r = sd_bus_message_new_method_return(message, &reply);
344 if (r < 0)
345 return r;
346
347 if (sd_id128_is_null(image->machine_id)) /* Add an empty array if the ID is zero */
348 r = sd_bus_message_append(reply, "ay", 0);
349 else
350 r = sd_bus_message_append_array(reply, 'y', image->machine_id.bytes, 16);
351 if (r < 0)
352 return r;
353
354 return sd_bus_send(NULL, reply, NULL);
355 }
356
bus_image_method_get_machine_info(sd_bus_message * message,void * userdata,sd_bus_error * error)357 int bus_image_method_get_machine_info(
358 sd_bus_message *message,
359 void *userdata,
360 sd_bus_error *error) {
361
362 Image *image = userdata;
363 int r;
364
365 if (!image->metadata_valid) {
366 r = image_read_metadata(image);
367 if (r < 0)
368 return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
369 }
370
371 return bus_reply_pair_array(message, image->machine_info);
372 }
373
bus_image_method_get_os_release(sd_bus_message * message,void * userdata,sd_bus_error * error)374 int bus_image_method_get_os_release(
375 sd_bus_message *message,
376 void *userdata,
377 sd_bus_error *error) {
378
379 Image *image = userdata;
380 int r;
381
382 if (!image->metadata_valid) {
383 r = image_read_metadata(image);
384 if (r < 0)
385 return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
386 }
387
388 return bus_reply_pair_array(message, image->os_release);
389 }
390
image_flush_cache(sd_event_source * s,void * userdata)391 static int image_flush_cache(sd_event_source *s, void *userdata) {
392 Manager *m = userdata;
393
394 assert(s);
395 assert(m);
396
397 hashmap_clear(m->image_cache);
398 return 0;
399 }
400
image_object_find(sd_bus * bus,const char * path,const char * interface,void * userdata,void ** found,sd_bus_error * error)401 static int image_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
402 _cleanup_free_ char *e = NULL;
403 Manager *m = userdata;
404 Image *image = NULL;
405 const char *p;
406 int r;
407
408 assert(bus);
409 assert(path);
410 assert(interface);
411 assert(found);
412
413 p = startswith(path, "/org/freedesktop/machine1/image/");
414 if (!p)
415 return 0;
416
417 e = bus_label_unescape(p);
418 if (!e)
419 return -ENOMEM;
420
421 image = hashmap_get(m->image_cache, e);
422 if (image) {
423 *found = image;
424 return 1;
425 }
426
427 if (!m->image_cache_defer_event) {
428 r = sd_event_add_defer(m->event, &m->image_cache_defer_event, image_flush_cache, m);
429 if (r < 0)
430 return r;
431
432 r = sd_event_source_set_priority(m->image_cache_defer_event, SD_EVENT_PRIORITY_IDLE);
433 if (r < 0)
434 return r;
435 }
436
437 r = sd_event_source_set_enabled(m->image_cache_defer_event, SD_EVENT_ONESHOT);
438 if (r < 0)
439 return r;
440
441 r = image_find(IMAGE_MACHINE, e, NULL, &image);
442 if (r == -ENOENT)
443 return 0;
444 if (r < 0)
445 return r;
446
447 image->userdata = m;
448
449 r = hashmap_ensure_put(&m->image_cache, &image_hash_ops, image->name, image);
450 if (r < 0) {
451 image_unref(image);
452 return r;
453 }
454
455 *found = image;
456 return 1;
457 }
458
image_bus_path(const char * name)459 char *image_bus_path(const char *name) {
460 _cleanup_free_ char *e = NULL;
461
462 assert(name);
463
464 e = bus_label_escape(name);
465 if (!e)
466 return NULL;
467
468 return strjoin("/org/freedesktop/machine1/image/", e);
469 }
470
image_node_enumerator(sd_bus * bus,const char * path,void * userdata,char *** nodes,sd_bus_error * error)471 static int image_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
472 _cleanup_hashmap_free_ Hashmap *images = NULL;
473 _cleanup_strv_free_ char **l = NULL;
474 Image *image;
475 int r;
476
477 assert(bus);
478 assert(path);
479 assert(nodes);
480
481 images = hashmap_new(&image_hash_ops);
482 if (!images)
483 return -ENOMEM;
484
485 r = image_discover(IMAGE_MACHINE, NULL, images);
486 if (r < 0)
487 return r;
488
489 HASHMAP_FOREACH(image, images) {
490 char *p;
491
492 p = image_bus_path(image->name);
493 if (!p)
494 return -ENOMEM;
495
496 r = strv_consume(&l, p);
497 if (r < 0)
498 return r;
499 }
500
501 *nodes = TAKE_PTR(l);
502
503 return 1;
504 }
505
506 const sd_bus_vtable image_vtable[] = {
507 SD_BUS_VTABLE_START(0),
508 SD_BUS_PROPERTY("Name", "s", NULL, offsetof(Image, name), 0),
509 SD_BUS_PROPERTY("Path", "s", NULL, offsetof(Image, path), 0),
510 SD_BUS_PROPERTY("Type", "s", property_get_type, offsetof(Image, type), 0),
511 SD_BUS_PROPERTY("ReadOnly", "b", bus_property_get_bool, offsetof(Image, read_only), 0),
512 SD_BUS_PROPERTY("CreationTimestamp", "t", NULL, offsetof(Image, crtime), 0),
513 SD_BUS_PROPERTY("ModificationTimestamp", "t", NULL, offsetof(Image, mtime), 0),
514 SD_BUS_PROPERTY("Usage", "t", NULL, offsetof(Image, usage), 0),
515 SD_BUS_PROPERTY("Limit", "t", NULL, offsetof(Image, limit), 0),
516 SD_BUS_PROPERTY("UsageExclusive", "t", NULL, offsetof(Image, usage_exclusive), 0),
517 SD_BUS_PROPERTY("LimitExclusive", "t", NULL, offsetof(Image, limit_exclusive), 0),
518 SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, SD_BUS_VTABLE_UNPRIVILEGED),
519 SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, SD_BUS_VTABLE_UNPRIVILEGED),
520 SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, SD_BUS_VTABLE_UNPRIVILEGED),
521 SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, SD_BUS_VTABLE_UNPRIVILEGED),
522 SD_BUS_METHOD("SetLimit", "t", NULL, bus_image_method_set_limit, SD_BUS_VTABLE_UNPRIVILEGED),
523 SD_BUS_METHOD("GetHostname", NULL, "s", bus_image_method_get_hostname, SD_BUS_VTABLE_UNPRIVILEGED),
524 SD_BUS_METHOD("GetMachineID", NULL, "ay", bus_image_method_get_machine_id, SD_BUS_VTABLE_UNPRIVILEGED),
525 SD_BUS_METHOD("GetMachineInfo", NULL, "a{ss}", bus_image_method_get_machine_info, SD_BUS_VTABLE_UNPRIVILEGED),
526 SD_BUS_METHOD("GetOSRelease", NULL, "a{ss}", bus_image_method_get_os_release, SD_BUS_VTABLE_UNPRIVILEGED),
527 SD_BUS_VTABLE_END
528 };
529
530 const BusObjectImplementation image_object = {
531 "/org/freedesktop/machine1/image",
532 "org.freedesktop.machine1.Image",
533 .fallback_vtables = BUS_FALLBACK_VTABLES({image_vtable, image_object_find}),
534 .node_enumerator = image_node_enumerator,
535 };
536