shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-09 12:58:26 +03:00
Code

Merge pull request #31364 from bluca/vpick_ext

Browse Source 
core: add support for vpick for ExtensionImages=/ExtensionDirectories=
This commit is contained in:
Luca Boccassi 2024-02-19 11:15:54 +00:00 committed by GitHub
commit 034569150f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 85 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
man/systemd-dissect.xml
View File

@ -124,9 +124,7 @@
project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For
details see below.</para> details see below.</para>
<para>In place of the image path a <literal>.v/</literal> versioned directory may be specified, see <xi:include href="vpick.xml" xpointer="image"/>
<citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

8
man/systemd-nspawn.xml
View File

@ -217,9 +217,7 @@
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry> <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
section "Files and Directories" for the precise search path.</para> section "Files and Directories" for the precise search path.</para>
<para>In place of the directory path a <literal>.v/</literal> versioned directory may be specified, see <xi:include href="vpick.xml" xpointer="directory"/>
<citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.</para>
<para>If neither <option>--directory=</option>, <option>--image=</option>, nor <para>If neither <option>--directory=</option>, <option>--image=</option>, nor
<option>--machine=</option> are specified, the current directory will be used. May not be specified <option>--machine=</option> are specified, the current directory will be used. May not be specified
@ -317,9 +315,7 @@
<para>Any other partitions, such as foreign partitions or swap partitions are not mounted. May not be specified <para>Any other partitions, such as foreign partitions or swap partitions are not mounted. May not be specified
together with <option>--directory=</option>, <option>--template=</option>.</para> together with <option>--directory=</option>, <option>--template=</option>.</para>
<para>In place of the image path a <literal>.v/</literal> versioned directory may be specified, see <xi:include href="vpick.xml" xpointer="image"/>
<citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.</para>
<xi:include href="version-info.xml" xpointer="v211"/></listitem> <xi:include href="version-info.xml" xpointer="v211"/></listitem>
</varlistentry> </varlistentry>

12
man/systemd.exec.xml
View File

@ -155,9 +155,7 @@
<programlisting>BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout</programlisting> <programlisting>BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout</programlisting>
</example> </example>
<para>In place of the directory path a <literal>.v/</literal> versioned directory may be specified, <xi:include href="vpick.xml" xpointer="directory"/>
see <citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.</para>
<xi:include href="system-or-user-ns.xml" xpointer="singular"/></listitem> <xi:include href="system-or-user-ns.xml" xpointer="singular"/></listitem>
</varlistentry> </varlistentry>
@ -195,9 +193,7 @@
<citerefentry><refentrytitle>systemd-soft-reboot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>), <citerefentry><refentrytitle>systemd-soft-reboot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
in case the service is configured to survive it.</para> in case the service is configured to survive it.</para>
<para>In place of the image path a <literal>.v/</literal> versioned directory may be specified, see <xi:include href="vpick.xml" xpointer="image"/>
<citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.</para>
<xi:include href="system-only.xml" xpointer="singular"/> <xi:include href="system-only.xml" xpointer="singular"/>
@ -555,6 +551,8 @@
<varname>PrivateDevices=</varname> below, as it may change the setting of <varname>PrivateDevices=</varname> below, as it may change the setting of
<varname>DevicePolicy=</varname>.</para> <varname>DevicePolicy=</varname>.</para>
<xi:include href="vpick.xml" xpointer="image"/>
<xi:include href="system-only.xml" xpointer="singular"/> <xi:include href="system-only.xml" xpointer="singular"/>
<xi:include href="version-info.xml" xpointer="v248"/></listitem> <xi:include href="version-info.xml" xpointer="v248"/></listitem>
@ -590,6 +588,8 @@
<para>Note that usage from user units requires overlayfs support in unprivileged user namespaces, <para>Note that usage from user units requires overlayfs support in unprivileged user namespaces,
which was first introduced in kernel v5.11.</para> which was first introduced in kernel v5.11.</para>
<xi:include href="vpick.xml" xpointer="directory"/>
<xi:include href="system-or-user-ns.xml" xpointer="singular"/> <xi:include href="system-or-user-ns.xml" xpointer="singular"/>
<xi:include href="version-info.xml" xpointer="v251"/></listitem> <xi:include href="version-info.xml" xpointer="v251"/></listitem>

2
man/systemd.v.xml
View File

@ -26,7 +26,7 @@
<para>In various places systemd components accept paths whose trailing components have the <para>In various places systemd components accept paths whose trailing components have the
<literal>.v/</literal> suffix, pointing to a directory. These components will then automatically look for <literal>.v/</literal> suffix, pointing to a directory. These components will then automatically look for
suitable files inside the directory, do a version comparison and open the newest file found (by suitable files inside the directory, do a version comparison and open the newest file found (by
version). Specifically, two expressions are supported:</para> version). Available since version v256. Specifically, two expressions are supported:</para>
<itemizedlist> <itemizedlist>

17
man/vpick.xml Normal file
View File

@ -0,0 +1,17 @@
<?xml version="1.0"?>
<!DOCTYPE refsect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!--
SPDX-License-Identifier: LGPL-2.1-or-later
-->
<refsect1>
<title/>
<para id="image">In place of the image path a <literal>.v/</literal> versioned directory may be specified, see
<citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.</para>
<para id="directory">In place of the directory path a <literal>.v/</literal> versioned directory may be specified,
see <citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.</para>
</refsect1>

39
src/core/namespace.c
View File

@ -47,6 +47,7 @@
#include "tmpfile-util.h" #include "tmpfile-util.h"
#include "umask-util.h" #include "umask-util.h"
#include "user-util.h" #include "user-util.h"
#include "vpick.h"
#define DEV_MOUNT_OPTIONS (MS_NOSUID|MS_STRICTATIME|MS_NOEXEC) #define DEV_MOUNT_OPTIONS (MS_NOSUID|MS_STRICTATIME|MS_NOEXEC)
@ -500,9 +501,24 @@ static int append_extensions(
/* First, prepare a mount for each image, but these won't be visible to the unit, instead /* First, prepare a mount for each image, but these won't be visible to the unit, instead
* they will be mounted in our propagate directory, and used as a source for the overlay. */ * they will be mounted in our propagate directory, and used as a source for the overlay. */
for (size_t i = 0; i < n; i++) { for (size_t i = 0; i < n; i++) {
_cleanup_(pick_result_done) PickResult result = PICK_RESULT_NULL;
_cleanup_free_ char *mount_point = NULL; _cleanup_free_ char *mount_point = NULL;
const MountImage *m = mount_images + i; const MountImage *m = mount_images + i;
r = path_pick(/* toplevel_path= */ NULL,
/* toplevel_fd= */ AT_FDCWD,
m->source,
&pick_filter_image_raw,
PICK_ARCHITECTURE|PICK_TRIES,
&result);
if (r < 0)
return r;
if (!result.path)
return log_debug_errno(
SYNTHETIC_ERRNO(ENOENT),
"No matching entry in .v/ directory %s found.",
m->source);
if (asprintf(&mount_point, "%s/%zu", extension_dir, i) < 0) if (asprintf(&mount_point, "%s/%zu", extension_dir, i) < 0)
return -ENOMEM; return -ENOMEM;
@ -524,7 +540,7 @@ static int append_extensions(
.path_malloc = TAKE_PTR(mount_point), .path_malloc = TAKE_PTR(mount_point),
.image_options_const = m->mount_options, .image_options_const = m->mount_options,
.ignore = m->ignore_enoent, .ignore = m->ignore_enoent,
.source_const = m->source, .source_malloc = TAKE_PTR(result.path),
.mode = MOUNT_EXTENSION_IMAGE, .mode = MOUNT_EXTENSION_IMAGE,
.has_prefix = true, .has_prefix = true,
}; };
@ -534,7 +550,8 @@ static int append_extensions(
* Bind mount them in the same location as the ExtensionImages, so that we * Bind mount them in the same location as the ExtensionImages, so that we
* can check that they are valid trees (extension-release.d). */ * can check that they are valid trees (extension-release.d). */
STRV_FOREACH(extension_directory, extension_directories) { STRV_FOREACH(extension_directory, extension_directories) {
_cleanup_free_ char *mount_point = NULL, *source = NULL; _cleanup_(pick_result_done) PickResult result = PICK_RESULT_NULL;
_cleanup_free_ char *mount_point = NULL;
const char *e = *extension_directory; const char *e = *extension_directory;
bool ignore_enoent = false; bool ignore_enoent = false;
@ -551,9 +568,19 @@ static int append_extensions(
if (startswith(e, "+")) if (startswith(e, "+"))
e++; e++;
source = strdup(e); r = path_pick(/* toplevel_path= */ NULL,
if (!source) /* toplevel_fd= */ AT_FDCWD,
return -ENOMEM; e,
&pick_filter_image_dir,
PICK_ARCHITECTURE|PICK_TRIES,
&result);
if (r < 0)
return r;
if (!result.path)
return log_debug_errno(
SYNTHETIC_ERRNO(ENOENT),
"No matching entry in .v/ directory %s found.",
e);
for (size_t j = 0; hierarchies && hierarchies[j]; ++j) { for (size_t j = 0; hierarchies && hierarchies[j]; ++j) {
char *prefixed_hierarchy = path_join(mount_point, hierarchies[j]); char *prefixed_hierarchy = path_join(mount_point, hierarchies[j]);
@ -571,7 +598,7 @@ static int append_extensions(
*me = (MountEntry) { *me = (MountEntry) {
.path_malloc = TAKE_PTR(mount_point), .path_malloc = TAKE_PTR(mount_point),
.source_malloc = TAKE_PTR(source), .source_malloc = TAKE_PTR(result.path),
.mode = MOUNT_EXTENSION_DIRECTORY, .mode = MOUNT_EXTENSION_DIRECTORY,
.ignore = ignore_enoent, .ignore = ignore_enoent,
.has_prefix = true, .has_prefix = true,

25
test/units/testsuite-50.sh
View File

@ -435,6 +435,18 @@ EOF
systemctl start testservice-50e.service systemctl start testservice-50e.service
systemctl is-active testservice-50e.service systemctl is-active testservice-50e.service
# Check vpick support in ExtensionImages=
VBASE="vtest$RANDOM"
VDIR="/tmp/${VBASE}.v"
mkdir "$VDIR"
ln -s /usr/share/app0.raw "$VDIR/${VBASE}_0.raw"
ln -s /usr/share/app1.raw "$VDIR/${VBASE}_1.raw"
systemd-run -P -p ExtensionImages="$VDIR" bash -c '/opt/script1.sh | grep ID'
rm -rf "$VDIR"
# ExtensionDirectories will set up an overlay # ExtensionDirectories will set up an overlay
mkdir -p "${image_dir}/app0" "${image_dir}/app1" "${image_dir}/app-nodistro" "${image_dir}/service-scoped-test" mkdir -p "${image_dir}/app0" "${image_dir}/app1" "${image_dir}/app-nodistro" "${image_dir}/service-scoped-test"
(! systemd-run -P --property ExtensionDirectories="${image_dir}/nonexistent" --property RootImage="${image}.raw" cat /opt/script0.sh) (! systemd-run -P --property ExtensionDirectories="${image_dir}/nonexistent" --property RootImage="${image}.raw" cat /opt/script0.sh)
@ -467,6 +479,19 @@ RemainAfterExit=yes
EOF EOF
systemctl start testservice-50f.service systemctl start testservice-50f.service
systemctl is-active testservice-50f.service systemctl is-active testservice-50f.service
# Check vpick support in ExtensionDirectories=
VBASE="vtest$RANDOM"
VDIR="/tmp/${VBASE}.v"
mkdir "$VDIR"
ln -s "${image_dir}/app0" "$VDIR/${VBASE}_0"
ln -s "${image_dir}/app1" "$VDIR/${VBASE}_1"
systemd-run -P --property ExtensionDirectories="$VDIR" cat /opt/script1.sh | grep -q -F "extension-release.app2"
rm -rf "$VDIR"
systemd-dissect --umount "${image_dir}/app0" systemd-dissect --umount "${image_dir}/app0"
systemd-dissect --umount "${image_dir}/app1" systemd-dissect --umount "${image_dir}/app1"