Commit Graph

1207 Commits

Author SHA1 Message Date
Lennart Poettering
a1dfd585c4 nspawn: add helper settings_network_configured()
The new helper returns whether the settings file had *any* networking
setting configured at all. We already have a similar helper
settings_private_network() which returns a similar result. The
difference is that the new helper will return true when the private
network was explicitly turned off, while the old one will only return
true if configured and enabled.

We'll reuse the helper a 2nd time later on, but even without it it makes
things a bit more readable.
2021-11-09 18:32:10 +01:00
Lennart Poettering
8c1e088ac9 nspawn: drop two entirely redundant lines 2021-11-09 18:31:24 +01:00
Luca Boccassi
8389fd19d2 Merge pull request #20138 from keszybz/coding-style-variable-decls
A coding style tweak and checking of sd_notify() calls and voidification of pager_open()
2021-11-05 13:57:30 +00:00
Lennart Poettering
aedec452b9 tree-wide: always use TAKE_FD() when calling rearrange_stdio()
rearrange_stdio() invalidates specified fds even on failure, which means
we should always invalidate the fds we pass in no matter what. Let's
make this explicit by using TAKE_FD() for that everywhere.

Note that in many places we such invalidation doesnt get us much
behaviour-wise, since we don't use the variables anymore later. But
TAKE_FD() in a way is also documentation, it encodes explicitly that the
fds are invalidated here, so I think it's a good thing to always make
this explicit here.
2021-11-03 23:05:26 +00:00
Lennart Poettering
8f03de5323 tree-wide: port various places to use TAKE_PID() 2021-11-03 16:36:09 +01:00
Zbigniew Jędrzejewski-Szmek
384c2c3239 Make pager_open() return void 2021-11-03 15:24:56 +01:00
Zbigniew Jędrzejewski-Szmek
d4341b76d0 tree-wide: drop "f" from sd_notify() calls with a static string
If we don't need to do any formatting, let's optimize things a bit.
2021-11-03 11:29:49 +01:00
Zbigniew Jędrzejewski-Szmek
4bf4f50faa tree-wide: warn when sd_notify fails with READY=1 or FDSTOREREMOVE=1
Most sd_notify() calls are like log_info() — the result is only informative
and if they fail, it's best ignore this. But if a call with READY=1 fails,
the unit may enter a failed state, so we should warn about this. Similarly
for FSTOREREMOVE=1: the manager may be left with a stale fd, at least wasting
resources.
2021-11-03 11:29:49 +01:00
Lennart Poettering
07bca16fc8 nspawn: make sure to chown() implicit source dirs for --bind= to container root UID
This makes sure that a switch like --bind=:/foo does the right thing if
user namespacing is one: the backing dir should be owned by the
container's root UID not the host's. Thus, whenever the source path is
left empty and we automatically generate a source dir as temporary
directory, ensure it's owned by the right UID.

Fixes: #20869
2021-10-29 09:16:34 +02:00
Andreas Valder
c0c8f71800 nspawn: add filesystem id mapping support to --bind and --bind-ro 2021-10-28 19:19:22 +02:00
Yu Watanabe
2db32618fe nspawn: fix build when SECCOMP is disabled
Follow-up for 20e458ae3c.
2021-10-25 19:23:55 +09:00
Yu Watanabe
20e458ae3c nspawn: ignore --suppress-sync=yes when seccomp is disabled
Follow-up for 4a4654e024.

Fixes #21090.
2021-10-22 23:43:20 +02:00
Lennart Poettering
dbf1aca619 nspawn: bump RLIMIT_NOFILE for nspawn payload similar to how host PID 1 does it for its payload
We try to pass containers roughly the same rlimits as the host gets from
the kernel. However, this means we'd set the RLIMIT_NOFILE to 4K. Which
is quite limiting though, and is something we actually departed from in
PID1: since 52d6207578 we raise the limit
substantially for all userspace.

Given that nspawn is quite often invoked without proper PID1, let's raise the
limits for container payloads the same way as we do from the real PID1
to its service payloads.
2021-10-22 23:42:55 +02:00
Yu Watanabe
241167e68a Merge pull request #21051 from poettering/nspawn-no-sync
nspawn: add --suppress-sync=yes mode for turning sync() and friends i…
2021-10-20 22:42:43 +09:00
Dimitri Papadopoulos
ba669952b2 Typos found by codespell 2021-10-20 22:20:18 +09:00
Lennart Poettering
4a4654e024 nspawn: add --suppress-sync=yes mode for turning sync() and friends into NOPs via seccomp
This is supposed to be used by package/image builders such as mkosi to
speed up building, since it allows us to suppress sync() inside a
container.

This does what Debian's eatmydata tool does, but for a container, and
via seccomp (instead of LD_PRELOAD).
2021-10-20 11:35:15 +02:00
Yu Watanabe
0522729e19 tree-wide: use AF_NETLINK instead of PF_NETLINK 2021-10-18 22:46:37 +02:00
Lennart Poettering
2f82562bad alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
Let's define two helpers strdupa_safe() + strndupa_safe() which do the
same as their non-safe counterparts, except that they abort if called
with allocations larger than ALLOCA_MAX.

This should ensure that all our alloca() based allocations are subject
to this limit.

afaics glibc offers three alloca() based APIs: alloca() itself,
strndupa() + strdupa(). With this we have now replacements for all of
them, that take the limit into account.
2021-10-14 15:57:52 +02:00
Lennart Poettering
01bebba3de basic: move chase_symlinks_and_fopen_unlocked() → chase-symlinks.[ch] 2021-10-05 19:37:30 +01:00
Lennart Poettering
f435195925 basic: spit out chase_symlinks() from fs-util.[ch] → chase-symlinks.[ch] 2021-10-05 16:14:37 +02:00
Lennart Poettering
88b3300fdc dissect-image: load embedded verity signature info from image
This adds support for actually using embedded signature data from
partitions.
2021-09-28 17:02:54 +02:00
Lennart Poettering
8ee9615e10 dissect-image: discover verity signature partitions
This doesn't make use of the discovered partitions yet, but it finds
them at least.
2021-09-28 17:02:27 +02:00
Frantisek Sumsal
d7ac09520b tree-wide: mark set-but-not-used variables as unused to make LLVM happy
LLVM 13 introduced `-Wunused-but-set-variable` diagnostic flag, which
trips over some intentionally set-but-not-used variables or variables
attached to cleanup handlers with side effects (`_cleanup_umask_`,
`_cleanup_(notify_on_cleanup)`, `_cleanup_(restore_sigsetp)`, etc.):

```
../src/basic/process-util.c:1257:46: error: variable 'saved_ssp' set but not used [-Werror,-Wunused-but-set-variable]
        _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL;
                                                     ^
                                                     1 error generated.
```
2021-09-15 13:09:45 +02:00
Yu Watanabe
594c383554 cgroup-util: use string_hash_ops_free 2021-09-11 20:29:34 +09:00
Lennart Poettering
c3c88d67c0 dissect-image: rename verity flag booleans
Let's make the booleans indicating verity state a bit more descriptive.

Let's rename:

    can_verity → has_verity: because that's really what this about
    whether verity data is included in the image. Whether we actually
    can use it is a different story.

    verity → verity_ready: this one should tell us if we have everything
    need to actually set it up, hence explicitly say "ready to use" in
    the name.

No change in behaviour. Just a bit of renaming.
2021-09-10 14:14:53 +02:00
Lennart Poettering
32b9736a23 nspawn: fix type to pass to connect()
It expects a generic "struct sockaddr", not a "struct sockaddr_un".
Pass the right member of the union.

Not sure why gcc/llvm never complained about this...
2021-09-02 08:27:46 +09:00
Luca Boccassi
1f08acf406 Merge pull request #20257 from bluca/seqno
Use new diskseq block device property
2021-08-31 09:06:33 +01:00
Lennart Poettering
85b55869bc tree-wide: port everything over to new sd-id128 compund literal bliss 2021-08-20 11:09:48 +02:00
Lennart Poettering
ddb6eeafe2 tree-wide: port things over to FORMAT_PROC_FD_PATH() 2021-08-19 09:19:27 +02:00
Zbigniew Jędrzejewski-Szmek
0d2a017986 nspawn: allow --setenv=FOO as equivalent to --setenv=FOO=$FOO
systemd-socket-activate has supported such a mode since
5e65c93a43. '--setenv=FOO=$FOO' is a fairly
common use in scripts, and it's nicer to do this automatically without worrying
about quoting and whatnot.

https://github.com/systemd/mkosi/pull/765 added the same to 'mkosi --environment='.
2021-08-11 09:34:45 +02:00
Zbigniew Jędrzejewski-Szmek
4ab3d29ff0 Add implicit sentinel to strv_env_merge()
Just to make it a tiny bit nicer to use.
2021-08-11 09:11:42 +02:00
Zbigniew Jędrzejewski-Szmek
04499a70fb Drop the text argument from assert_not_reached()
In general we almost never hit those asserts in production code, so users see
them very rarely, if ever. But either way, we just need something that users
can pass to the developers.

We have quite a few of those asserts, and some have fairly nice messages, but
many are like "WTF?" or "???" or "unexpected something". The error that is
printed includes the file location, and function name. In almost all functions
there's at most one assert, so the function name alone is enough to identify
the failure for a developer. So we don't get much extra from the message, and
we might just as well drop them.

Dropping them makes our code a tiny bit smaller, and most importantly, improves
development experience by making it easy to insert such an assert in the code
without thinking how to phrase the argument.
2021-08-03 10:05:10 +02:00
Luca Boccassi
a36429971a dissect: use DISKSEQ when waiting for block devices
DISKSEQ is a reliable way to find out if we missed a uevent or not, as
it's monotonically increasing. If we parse an event with a smaller or
no sequence number, we know we need to wait longer. If we parse an
event with a greater sequence number, we know we missed it and the
device was reused.
2021-07-28 20:07:01 +01:00
Luca Boccassi
af55491028 Merge pull request #20186 from keszybz/coverity-fixes
Coverity fixes
2021-07-09 21:15:08 +01:00
Frantisek Sumsal
2f0927626a tree-wide: coccinelle fixes
Yet another batch of Coccinelle fixes.
2021-07-09 20:54:22 +01:00
Zbigniew Jędrzejewski-Szmek
12d729b2ec nspawn: inline one iterator variable declaration 2021-07-09 15:07:40 +02:00
Zbigniew Jędrzejewski-Szmek
e437538f35 tree-wide: make cunescape*() functions return ssize_t
Strictly speaking, we are returning the size of a memory chunk of
arbitrary size, so ssize_t is more appropriate than int.
2021-07-09 15:07:40 +02:00
Yu Watanabe
387f695526 tree-wide: "a" -> "an" 2021-06-30 23:33:00 +09:00
Yu Watanabe
d3d1559435 nspawn: replace strextend_with_separator() -> strextendf_with_separator()
Fixes a bug introduced by cfea7618f2.

Before this commit:
mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=,sys.id:sys.role:systemd.nspawn.container.fs:s0,
After this commit:
mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=sys.id:sys.role:systemd.nspawn.container.fs:s0

Fixes #19976.
2021-06-21 21:14:20 +09:00
Yu Watanabe
7802194ac0 tree-wide: add missing whitespace at the end of comments 2021-06-15 14:09:29 +09:00
Yu Watanabe
27fce94ae6 nspawn: path_is_read_only_fs() may return negative errno
And we usually assume /sys is not read only on error.
2021-06-12 03:19:08 +09:00
Yu Watanabe
0ac655a63b tree-wide: use sd_device_new_from_ifindex/ifname() 2021-06-12 03:19:08 +09:00
Yu Watanabe
f6e491547d netlink: move resolve_ifname() or friends to netlink-util.[ch] 2021-06-12 03:19:08 +09:00
Yu Watanabe
130298ba10 util: expose urlsafe_base64char() 2021-06-04 01:48:50 +09:00
Lennart Poettering
bfc0cc1a25 userdb: make most loading of JSON user record data "permissive"
We want user records to be extensible, hence we shouldn't complain about
fields we can't parse. In particular we want them to be extensible for
our own future extensions.

Some code already turned the permissive flag when parsing the JSON data,
but most did not. Fix that. A few select cases remain where the bit is
not set: where we just gnerated the JSON data ourselves, and thus can be
reasonably sure that if we can't parse it it's our immediate programming
error and not just us processing a user record from some other tool or a
newer version of ourselves.
2021-06-01 13:32:31 +02:00
Yu Watanabe
cfea7618f2 nspawn: use strextendf_with_separator() 2021-05-20 21:57:04 +09:00
Yu Watanabe
354dadb30f nspawn: fix build failure
This fixes a conflict between #19555 and #19653.
2021-05-20 10:04:14 +02:00
Lennart Poettering
d99c2df2df Merge pull request #19555 from poettering/nspawn-bind-user
nspawn: add --bind-user= feature for binding  host user+homedir into a container
2021-05-20 07:33:51 +02:00
Lennart Poettering
2f89304490 nspawn: add new --bind-user= option for binding a host user into the container
This new option does three things for a host user specified via
--bind-user=:

1. Bind mount the home directory from the host directory into
   /run/host/home/<username>

2. Install an additional user namepace UID/GID mapping mapping the host
   UID/GID of the host user to an unused one from the container in the range
   60514…60577.

3. Synthesize a user/group record for the user/group under the same name
   as on the host, with minimized information, and the UID/GID set to
   the mapped UID/GID. This data is written to /run/host/userdb/ where
   nss-system will pick it up.

This should make sharing users and home directories from host into the
container pretty seamless, under some conditions:

1. User namespacing must be used.

2. The host UID/GID of the user/group cannot be in the range assigned to
   the container (kernel already refuses this, as this would mean two
   host UIDs/GIDs might end up being mapped to the same continer
   UID/GID.

3. There's a free UID/GID in the aforementioned range in the container,
   and the name of the user/group is not used in the container.

4. Container payload is new enough to include an nss-systemd version
   that picks up records from /run/host/userdb/
2021-05-19 17:46:59 +02:00
Lennart Poettering
91181e075b nspawn: export userns_mkdir() + userns_lchown() so that it can be used elsewhere in nspawn 2021-05-19 17:33:25 +02:00