mirror of
https://github.com/systemd/systemd.git
synced 2025-01-12 13:18:14 +03:00
Merge pull request #27701 from poettering/switch-root-same-file
switch-root: use same_files() logic when checking whether new and old root dir are actually the same
This commit is contained in:
commit
24d724087f
@ -109,7 +109,7 @@ int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int
|
||||
/* Can't setns to your own userns, since then you could escalate from non-root to root in
|
||||
* your own namespace, so check if namespaces are equal before attempting to enter. */
|
||||
|
||||
r = files_same(FORMAT_PROC_FD_PATH(userns_fd), "/proc/self/ns/user", 0);
|
||||
r = inode_same_at(userns_fd, "", AT_FDCWD, "/proc/self/ns/user", AT_EMPTY_PATH);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r)
|
||||
|
@ -485,8 +485,8 @@ int path_compare(const char *a, const char *b) {
|
||||
}
|
||||
}
|
||||
|
||||
bool path_equal_or_files_same(const char *a, const char *b, int flags) {
|
||||
return path_equal(a, b) || files_same(a, b, flags) > 0;
|
||||
bool path_equal_or_inode_same(const char *a, const char *b, int flags) {
|
||||
return path_equal(a, b) || inode_same(a, b, flags) > 0;
|
||||
}
|
||||
|
||||
int path_compare_filename(const char *a, const char *b) {
|
||||
|
@ -77,7 +77,7 @@ static inline bool path_equal_filename(const char *a, const char *b) {
|
||||
return path_compare_filename(a, b) == 0;
|
||||
}
|
||||
|
||||
bool path_equal_or_files_same(const char *a, const char *b, int flags);
|
||||
bool path_equal_or_inode_same(const char *a, const char *b, int flags);
|
||||
|
||||
char* path_extend_internal(char **x, ...);
|
||||
#define path_extend(x, ...) path_extend_internal(x, __VA_ARGS__, POINTER_MAX)
|
||||
|
@ -946,7 +946,7 @@ int pid_from_same_root_fs(pid_t pid) {
|
||||
|
||||
root = procfs_file_alloca(pid, "root");
|
||||
|
||||
return files_same(root, "/proc/1/root", 0);
|
||||
return inode_same(root, "/proc/1/root", 0);
|
||||
}
|
||||
|
||||
bool is_main_thread(void) {
|
||||
|
@ -223,7 +223,7 @@ bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
|
||||
return false;
|
||||
|
||||
if (a->sockaddr.un.sun_path[0]) {
|
||||
if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, 0))
|
||||
if (!path_equal_or_inode_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, 0))
|
||||
return false;
|
||||
} else {
|
||||
if (a->size != b->size)
|
||||
|
@ -183,16 +183,18 @@ int path_is_read_only_fs(const char *path) {
|
||||
return fd_is_read_only_fs(fd);
|
||||
}
|
||||
|
||||
int files_same(const char *filea, const char *fileb, int flags) {
|
||||
int inode_same_at(int fda, const char *filea, int fdb, const char *fileb, int flags) {
|
||||
struct stat a, b;
|
||||
|
||||
assert(fda >= 0 || fda == AT_FDCWD);
|
||||
assert(filea);
|
||||
assert(fdb >= 0 || fdb == AT_FDCWD);
|
||||
assert(fileb);
|
||||
|
||||
if (fstatat(AT_FDCWD, filea, &a, flags) < 0)
|
||||
if (fstatat(fda, filea, &a, flags) < 0)
|
||||
return log_debug_errno(errno, "Cannot stat %s: %m", filea);
|
||||
|
||||
if (fstatat(AT_FDCWD, fileb, &b, flags) < 0)
|
||||
if (fstatat(fdb, fileb, &b, flags) < 0)
|
||||
return log_debug_errno(errno, "Cannot stat %s: %m", fileb);
|
||||
|
||||
return stat_inode_same(&a, &b);
|
||||
|
@ -37,7 +37,11 @@ static inline int null_or_empty_path(const char *fn) {
|
||||
|
||||
int path_is_read_only_fs(const char *path);
|
||||
|
||||
int files_same(const char *filea, const char *fileb, int flags);
|
||||
int inode_same_at(int fda, const char *filea, int fdb, const char *fileb, int flags);
|
||||
|
||||
static inline int inode_same(const char *filea, const char *fileb, int flags) {
|
||||
return inode_same_at(AT_FDCWD, filea, AT_FDCWD, fileb, flags);
|
||||
}
|
||||
|
||||
/* The .f_type field of struct statfs is really weird defined on
|
||||
* different archs. Let's give its type a name. */
|
||||
|
@ -891,7 +891,7 @@ int running_in_chroot(void) {
|
||||
if (getpid_cached() == 1)
|
||||
return false; /* We're PID 1, we can't be in a chroot. */
|
||||
|
||||
r = files_same("/proc/1/root", "/", 0);
|
||||
r = inode_same("/proc/1/root", "/", 0);
|
||||
if (r == -ENOENT) {
|
||||
r = proc_mounted();
|
||||
if (r == 0) {
|
||||
|
@ -2671,7 +2671,7 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
|
||||
LIST_FOREACH(port, p, s->ports)
|
||||
if (p->fd < 0 &&
|
||||
p->type == SOCKET_FIFO &&
|
||||
path_equal_or_files_same(p->path, value, 0)) {
|
||||
path_equal_or_inode_same(p->path, value, 0)) {
|
||||
p->fd = fdset_remove(fds, fd);
|
||||
found = true;
|
||||
break;
|
||||
@ -2699,7 +2699,7 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
|
||||
LIST_FOREACH(port, p, s->ports)
|
||||
if (p->fd < 0 &&
|
||||
p->type == SOCKET_SPECIAL &&
|
||||
path_equal_or_files_same(p->path, value, 0)) {
|
||||
path_equal_or_inode_same(p->path, value, 0)) {
|
||||
p->fd = fdset_remove(fds, fd);
|
||||
found = true;
|
||||
break;
|
||||
@ -2821,7 +2821,7 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
|
||||
LIST_FOREACH(port, p, s->ports)
|
||||
if (p->fd < 0 &&
|
||||
p->type == SOCKET_USB_FUNCTION &&
|
||||
path_equal_or_files_same(p->path, value, 0)) {
|
||||
path_equal_or_inode_same(p->path, value, 0)) {
|
||||
p->fd = fdset_remove(fds, fd);
|
||||
found = true;
|
||||
break;
|
||||
|
@ -814,7 +814,7 @@ static int find_loop_device(const char *backing_file, sd_device **ret) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (files_same(s, backing_file, 0) <= 0)
|
||||
if (inode_same(s, backing_file, 0) <= 0)
|
||||
continue;
|
||||
|
||||
*ret = sd_device_ref(dev);
|
||||
|
@ -493,7 +493,7 @@ static int chroot_unit_symlinks_equivalent(
|
||||
if (!a || !b)
|
||||
return log_oom();
|
||||
|
||||
r = path_equal_or_files_same(a, b, 0);
|
||||
r = path_equal_or_inode_same(a, b, 0);
|
||||
if (r != 0)
|
||||
return r;
|
||||
|
||||
|
@ -438,7 +438,7 @@ int rm_rf(const char *path, RemoveFlags flags) {
|
||||
|
||||
/* We refuse to clean the root file system with this call. This is extra paranoia to never cause a
|
||||
* really seriously broken system. */
|
||||
if (path_equal_or_files_same(path, "/", AT_SYMLINK_NOFOLLOW))
|
||||
if (path_equal_or_inode_same(path, "/", AT_SYMLINK_NOFOLLOW))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EPERM),
|
||||
"Attempted to remove entire root file system (\"%s\"), and we can't allow that.",
|
||||
path);
|
||||
|
@ -36,24 +36,29 @@ int switch_root(const char *new_root,
|
||||
assert(new_root);
|
||||
assert(IN_SET(mount_flags, MS_MOVE, MS_BIND));
|
||||
|
||||
if (path_equal(new_root, "/"))
|
||||
return 0;
|
||||
|
||||
/* Check if we shall remove the contents of the old root */
|
||||
old_root_fd = open("/", O_DIRECTORY|O_CLOEXEC);
|
||||
if (old_root_fd < 0)
|
||||
return log_error_errno(errno, "Failed to open root directory: %m");
|
||||
|
||||
new_root_fd = open(new_root, O_DIRECTORY|O_CLOEXEC);
|
||||
if (new_root_fd < 0)
|
||||
return log_error_errno(errno, "Failed to open target directory '%s': %m", new_root);
|
||||
|
||||
r = inode_same_at(old_root_fd, "", new_root_fd, "", AT_EMPTY_PATH);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to determine if old and new root directory are the same: %m");
|
||||
if (r > 0) {
|
||||
log_debug("Skipping switch root, as old and new root directory are the same.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
istmp = fd_is_temporary_fs(old_root_fd);
|
||||
if (istmp < 0)
|
||||
return log_error_errno(istmp, "Failed to stat root directory: %m");
|
||||
if (istmp > 0)
|
||||
log_debug("Root directory is on tmpfs, will do cleanup later.");
|
||||
|
||||
new_root_fd = open(new_root, O_DIRECTORY|O_CLOEXEC);
|
||||
if (new_root_fd < 0)
|
||||
return log_error_errno(errno, "Failed to open target directory '%s': %m", new_root);
|
||||
|
||||
if (old_root_after) {
|
||||
/* Determine where we shall place the old root after the transition */
|
||||
r = chase(old_root_after, new_root, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &resolved_old_root_after, NULL);
|
||||
|
@ -207,33 +207,33 @@ TEST(path_equal_root) {
|
||||
|
||||
/* Make sure that files_same works as expected. */
|
||||
|
||||
assert_se(files_same("/", "/", 0) > 0);
|
||||
assert_se(files_same("/", "/", AT_SYMLINK_NOFOLLOW) > 0);
|
||||
assert_se(files_same("/", "//", 0) > 0);
|
||||
assert_se(files_same("/", "//", AT_SYMLINK_NOFOLLOW) > 0);
|
||||
assert_se(inode_same("/", "/", 0) > 0);
|
||||
assert_se(inode_same("/", "/", AT_SYMLINK_NOFOLLOW) > 0);
|
||||
assert_se(inode_same("/", "//", 0) > 0);
|
||||
assert_se(inode_same("/", "//", AT_SYMLINK_NOFOLLOW) > 0);
|
||||
|
||||
assert_se(files_same("/", "/./", 0) > 0);
|
||||
assert_se(files_same("/", "/./", AT_SYMLINK_NOFOLLOW) > 0);
|
||||
assert_se(files_same("/", "/../", 0) > 0);
|
||||
assert_se(files_same("/", "/../", AT_SYMLINK_NOFOLLOW) > 0);
|
||||
assert_se(inode_same("/", "/./", 0) > 0);
|
||||
assert_se(inode_same("/", "/./", AT_SYMLINK_NOFOLLOW) > 0);
|
||||
assert_se(inode_same("/", "/../", 0) > 0);
|
||||
assert_se(inode_same("/", "/../", AT_SYMLINK_NOFOLLOW) > 0);
|
||||
|
||||
assert_se(files_same("/", "/.../", 0) == -ENOENT);
|
||||
assert_se(files_same("/", "/.../", AT_SYMLINK_NOFOLLOW) == -ENOENT);
|
||||
assert_se(inode_same("/", "/.../", 0) == -ENOENT);
|
||||
assert_se(inode_same("/", "/.../", AT_SYMLINK_NOFOLLOW) == -ENOENT);
|
||||
|
||||
/* The same for path_equal_or_files_same. */
|
||||
|
||||
assert_se(path_equal_or_files_same("/", "/", 0));
|
||||
assert_se(path_equal_or_files_same("/", "/", AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(path_equal_or_files_same("/", "//", 0));
|
||||
assert_se(path_equal_or_files_same("/", "//", AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(path_equal_or_inode_same("/", "/", 0));
|
||||
assert_se(path_equal_or_inode_same("/", "/", AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(path_equal_or_inode_same("/", "//", 0));
|
||||
assert_se(path_equal_or_inode_same("/", "//", AT_SYMLINK_NOFOLLOW));
|
||||
|
||||
assert_se(path_equal_or_files_same("/", "/./", 0));
|
||||
assert_se(path_equal_or_files_same("/", "/./", AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(path_equal_or_files_same("/", "/../", 0));
|
||||
assert_se(path_equal_or_files_same("/", "/../", AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(path_equal_or_inode_same("/", "/./", 0));
|
||||
assert_se(path_equal_or_inode_same("/", "/./", AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(path_equal_or_inode_same("/", "/../", 0));
|
||||
assert_se(path_equal_or_inode_same("/", "/../", AT_SYMLINK_NOFOLLOW));
|
||||
|
||||
assert_se(!path_equal_or_files_same("/", "/.../", 0));
|
||||
assert_se(!path_equal_or_files_same("/", "/.../", AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(!path_equal_or_inode_same("/", "/.../", 0));
|
||||
assert_se(!path_equal_or_inode_same("/", "/.../", AT_SYMLINK_NOFOLLOW));
|
||||
}
|
||||
|
||||
TEST(find_executable_full) {
|
||||
|
@ -106,7 +106,7 @@ TEST(specifier_real_path) {
|
||||
puts(strnull(w));
|
||||
|
||||
/* /dev/initctl should normally be a symlink to /run/initctl */
|
||||
if (files_same("/dev/initctl", "/run/initctl", 0) > 0)
|
||||
if (inode_same("/dev/initctl", "/run/initctl", 0) > 0)
|
||||
assert_se(streq(w, "p=/dev/initctl y=/run/initctl Y=/run w=/dev/tty W=/dev"));
|
||||
}
|
||||
|
||||
|
@ -42,7 +42,7 @@ TEST(null_or_empty_path_with_root) {
|
||||
assert_se(null_or_empty_path_with_root("/foobar/barbar/dev/null", "/foobar/barbar/") == 1);
|
||||
}
|
||||
|
||||
TEST(files_same) {
|
||||
TEST(inode_same) {
|
||||
_cleanup_close_ int fd = -EBADF;
|
||||
_cleanup_(unlink_tempfilep) char name[] = "/tmp/test-files_same.XXXXXX";
|
||||
_cleanup_(unlink_tempfilep) char name_alias[] = "/tmp/test-files_same.alias";
|
||||
@ -51,10 +51,10 @@ TEST(files_same) {
|
||||
assert_se(fd >= 0);
|
||||
assert_se(symlink(name, name_alias) >= 0);
|
||||
|
||||
assert_se(files_same(name, name, 0));
|
||||
assert_se(files_same(name, name, AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(files_same(name, name_alias, 0));
|
||||
assert_se(!files_same(name, name_alias, AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(inode_same(name, name, 0));
|
||||
assert_se(inode_same(name, name, AT_SYMLINK_NOFOLLOW));
|
||||
assert_se(inode_same(name, name_alias, 0));
|
||||
assert_se(!inode_same(name, name_alias, AT_SYMLINK_NOFOLLOW));
|
||||
}
|
||||
|
||||
TEST(is_symlink) {
|
||||
|
Loading…
Reference in New Issue
Block a user