1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

Merge pull request #31960 from YHNdnzj/capsule-followup

Some follow-ups for capsule
This commit is contained in:
Yu Watanabe 2024-03-27 02:34:43 +09:00 committed by GitHub
commit 5c7292fa80
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 42 additions and 51 deletions

View File

@ -13,6 +13,7 @@
#include "bus-type.h"
#include "bus-util.h"
#include "busctl-introspect.h"
#include "capsule-util.h"
#include "escape.h"
#include "fd-util.h"
#include "fileio.h"
@ -28,7 +29,6 @@
#include "parse-util.h"
#include "path-util.h"
#include "pretty-print.h"
#include "capsule-util.h"
#include "runtime-scope.h"
#include "set.h"
#include "sort-util.h"

View File

@ -280,6 +280,8 @@ static int pin_capsule_socket(const char *capsule, const char *suffix, uid_t *re
assert(capsule);
assert(suffix);
assert(ret_uid);
assert(ret_gid);
p = path_join("/run/capsules", capsule, suffix);
if (!p)
@ -291,7 +293,7 @@ static int pin_capsule_socket(const char *capsule, const char *suffix, uid_t *re
return r;
if (fstat(inode_fd, &st) < 0)
return -errno;
return negative_errno();
/* Paranoid safety check */
if (uid_is_system(st.st_uid) || gid_is_system(st.st_gid))
@ -303,67 +305,28 @@ static int pin_capsule_socket(const char *capsule, const char *suffix, uid_t *re
return TAKE_FD(inode_fd);
}
int bus_connect_capsule_systemd(const char *capsule, sd_bus **ret_bus) {
_cleanup_(sd_bus_close_unrefp) sd_bus *bus = NULL;
static int bus_set_address_capsule(sd_bus *bus, const char *capsule, const char *suffix, int *ret_pin_fd) {
_cleanup_close_ int inode_fd = -EBADF;
_cleanup_free_ char *pp = NULL;
uid_t uid;
gid_t gid;
int r;
assert(capsule);
assert(ret_bus);
r = capsule_name_is_valid(capsule);
if (r < 0)
return r;
if (r == 0)
return -EINVAL;
/* Connects to a capsule's user bus. We need to do so under the capsule's UID/GID, otherwise the
* the service manager might refuse our connection. Hence fake it. */
inode_fd = pin_capsule_socket(capsule, "systemd/private", &uid, &gid);
if (inode_fd < 0)
return inode_fd;
pp = bus_address_escape(FORMAT_PROC_FD_PATH(inode_fd));
if (!pp)
return -ENOMEM;
r = sd_bus_new(&bus);
if (r < 0)
return r;
if (asprintf(&bus->address, "unix:path=%s,uid=" UID_FMT ",gid=" GID_FMT, pp, uid, gid) < 0)
return -ENOMEM;
r = sd_bus_start(bus);
if (r < 0)
return r;
*ret_bus = TAKE_PTR(bus);
return 0;
}
int bus_set_address_capsule_bus(sd_bus *bus, const char *capsule, int *ret_pin_fd) {
_cleanup_free_ char *pp = NULL;
_cleanup_close_ int inode_fd = -EBADF;
uid_t uid;
gid_t gid;
int r;
assert(bus);
assert(capsule);
assert(suffix);
assert(ret_pin_fd);
/* Connects to a capsule's user bus. We need to do so under the capsule's UID/GID, otherwise
* the service manager might refuse our connection. Hence fake it. */
r = capsule_name_is_valid(capsule);
if (r < 0)
return r;
if (r == 0)
return -EINVAL;
inode_fd = pin_capsule_socket(capsule, "bus", &uid, &gid);
inode_fd = pin_capsule_socket(capsule, suffix, &uid, &gid);
if (inode_fd < 0)
return inode_fd;
@ -378,6 +341,34 @@ int bus_set_address_capsule_bus(sd_bus *bus, const char *capsule, int *ret_pin_f
return 0;
}
int bus_set_address_capsule_bus(sd_bus *bus, const char *capsule, int *ret_pin_fd) {
return bus_set_address_capsule(bus, capsule, "bus", ret_pin_fd);
}
int bus_connect_capsule_systemd(const char *capsule, sd_bus **ret_bus) {
_cleanup_(sd_bus_close_unrefp) sd_bus *bus = NULL;
_cleanup_close_ int inode_fd = -EBADF;
int r;
assert(capsule);
assert(ret_bus);
r = sd_bus_new(&bus);
if (r < 0)
return r;
r = bus_set_address_capsule(bus, capsule, "systemd/private", &inode_fd);
if (r < 0)
return r;
r = sd_bus_start(bus);
if (r < 0)
return r;
*ret_bus = TAKE_PTR(bus);
return 0;
}
int bus_connect_capsule_bus(const char *capsule, sd_bus **ret_bus) {
_cleanup_(sd_bus_close_unrefp) sd_bus *bus = NULL;
_cleanup_close_ int inode_fd = -EBADF;

View File

@ -8,6 +8,7 @@
#include "build.h"
#include "bus-util.h"
#include "capsule-util.h"
#include "dissect-image.h"
#include "install.h"
#include "main-func.h"
@ -18,7 +19,6 @@
#include "path-util.h"
#include "pretty-print.h"
#include "process-util.h"
#include "capsule-util.h"
#include "reboot-util.h"
#include "rlimit-util.h"
#include "sigbus.h"

View File

@ -7,6 +7,8 @@ units = [
{ 'file' : 'blockdev@.target' },
{ 'file' : 'bluetooth.target' },
{ 'file' : 'boot-complete.target' },
{ 'file' : 'capsule@.service.in' },
{ 'file' : 'capsule.slice' },
{ 'file' : 'console-getty.service.in' },
{ 'file' : 'container-getty@.service.in' },
{
@ -746,8 +748,6 @@ units = [
{ 'file' : 'user-runtime-dir@.service.in' },
{ 'file' : 'user.slice' },
{ 'file' : 'user@.service.in' },
{ 'file' : 'capsule@.service.in' },
{ 'file' : 'capsule.slice' },
{
'file' : 'var-lib-machines.mount',
'conditions' : ['ENABLE_MACHINED'],

View File

@ -5,13 +5,13 @@ units = [
'background.slice',
'basic.target',
'bluetooth.target',
'capsule@.target',
'default.target',
'exit.target',
'graphical-session-pre.target',
'graphical-session.target',
'paths.target',
'printer.target',
'capsule@.target',
'session.slice',
'shutdown.target',
'smartcard.target',