diff --git a/TODO b/TODO index ef8b79024d1..cd8be425e79 100644 --- a/TODO +++ b/TODO @@ -122,6 +122,18 @@ Deprecations and removals: Features: +* importd: introduce a per-user instance, that downloads into per-user DDI dirs + +* sysupdated: similar + +* portabled: similar + +* machined: implement a per-user instance, that manages per-user DDI dirs for + images. systemd-nspawn/systemd-vmspawn should probably register with both the + system and the user scoped machined instance. The former to get the machine + name registered as hostname, and the latter so that the image stuff is nicely + per-user managed. + * resolved: make resolved process DNR DHCP info * Teach systemd-ssh-generator to generated an /run/issue.d/ drop-in telling @@ -391,8 +403,6 @@ Features: the bg via vmspawn/nspawn if not done so yet and then requests a shell inside it for the invoking user. -* importd/…: define per-user dirs for container/VM images too. - * add a new specifier to unit files that figures out the DDI the unit file is from, tracing through overlayfs, DM, loopback block device. diff --git a/man/systemd-dissect.xml b/man/systemd-dissect.xml index b65a2c39f1d..191ae3394bb 100644 --- a/man/systemd-dissect.xml +++ b/man/systemd-dissect.xml @@ -503,6 +503,17 @@ + + + + + When used together with controls whether to search for + images installed system-wide or in the user's directories in $HOME. If neither + switch is specified, will search within both scopes. + + + + diff --git a/shell-completion/bash/systemd-dissect b/shell-completion/bash/systemd-dissect index 8d2b43423cb..a9fa639c3f9 100644 --- a/shell-completion/bash/systemd-dissect +++ b/shell-completion/bash/systemd-dissect @@ -29,6 +29,8 @@ _systemd_dissect() { local cur=${COMP_WORDS[COMP_CWORD]} prev_1=${COMP_WORDS[COMP_CWORD-1]} prev_2=${COMP_WORDS[COMP_CWORD-2]} words cword local -A OPTS=( [STANDALONE]='-h --help --version + --user + --system --discover --no-pager --no-legend diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index 78a830d574b..8739e130c38 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -95,6 +95,7 @@ static char *arg_loop_ref = NULL; static ImagePolicy *arg_image_policy = NULL; static bool arg_mtree_hash = true; static bool arg_via_service = false; +static RuntimeScope arg_runtime_scope = _RUNTIME_SCOPE_INVALID; STATIC_DESTRUCTOR_REGISTER(arg_image, freep); STATIC_DESTRUCTOR_REGISTER(arg_root, freep); @@ -151,6 +152,8 @@ static int help(void) { " Generate JSON output\n" " --loop-ref=NAME Set reference string for loopback device\n" " --mtree-hash=BOOL Whether to include SHA256 hash in the mtree output\n" + " --user Discover user images\n" + " --system Discover system images\n" "\n%3$sCommands:%4$s\n" " -h --help Show this help\n" " --version Show package version\n" @@ -274,6 +277,8 @@ static int parse_argv(int argc, char *argv[]) { ARG_VALIDATE, ARG_MTREE_HASH, ARG_MAKE_ARCHIVE, + ARG_SYSTEM, + ARG_USER, }; static const struct option options[] = { @@ -307,10 +312,13 @@ static int parse_argv(int argc, char *argv[]) { { "validate", no_argument, NULL, ARG_VALIDATE }, { "mtree-hash", required_argument, NULL, ARG_MTREE_HASH }, { "make-archive", no_argument, NULL, ARG_MAKE_ARCHIVE }, + { "system", no_argument, NULL, ARG_SYSTEM }, + { "user", no_argument, NULL, ARG_USER }, {} }; _cleanup_free_ char **buf = NULL; /* we use free(), not strv_free() here, as we don't copy the strings here */ + bool system_scope_requested = false, user_scope_requested = false; int c, r; assert(argc >= 0); @@ -531,7 +539,6 @@ static int parse_argv(int argc, char *argv[]) { break; case ARG_MAKE_ARCHIVE: - r = dlopen_libarchive(); if (r < 0) return log_error_errno(r, "Archive support not available (compiled without libarchive, or libarchive not installed?)."); @@ -539,6 +546,14 @@ static int parse_argv(int argc, char *argv[]) { arg_action = ACTION_MAKE_ARCHIVE; break; + case ARG_SYSTEM: + system_scope_requested = true; + break; + + case ARG_USER: + user_scope_requested = true; + break; + case '?': return -EINVAL; @@ -547,6 +562,10 @@ static int parse_argv(int argc, char *argv[]) { } } + if (system_scope_requested || user_scope_requested) + arg_runtime_scope = system_scope_requested && user_scope_requested ? _RUNTIME_SCOPE_INVALID : + system_scope_requested ? RUNTIME_SCOPE_SYSTEM : RUNTIME_SCOPE_USER; + switch (arg_action) { case ACTION_DISSECT: @@ -1851,7 +1870,7 @@ static int action_discover(void) { return log_oom(); for (ImageClass cl = 0; cl < _IMAGE_CLASS_MAX; cl++) { - r = image_discover(cl, NULL, images); + r = image_discover(arg_runtime_scope, cl, NULL, images); if (r < 0) return log_error_errno(r, "Failed to discover images: %m"); } diff --git a/src/import/export.c b/src/import/export.c index 1e82e84d7d9..346aca94460 100644 --- a/src/import/export.c +++ b/src/import/export.c @@ -25,6 +25,7 @@ static ImportCompressType arg_compress = IMPORT_COMPRESS_UNKNOWN; static ImageClass arg_class = IMAGE_MACHINE; +static RuntimeScope arg_runtime_scope = _RUNTIME_SCOPE_INVALID; static void determine_compression_from_filename(const char *p) { @@ -66,7 +67,7 @@ static int export_tar(int argc, char *argv[], void *userdata) { local = argv[1]; if (image_name_is_valid(local)) { - r = image_find(arg_class, local, NULL, &image); + r = image_find(arg_runtime_scope, arg_class, local, NULL, &image); if (r == -ENOENT) return log_error_errno(r, "Image %s not found.", local); if (r < 0) @@ -139,7 +140,7 @@ static int export_raw(int argc, char *argv[], void *userdata) { local = argv[1]; if (image_name_is_valid(local)) { - r = image_find(arg_class, local, NULL, &image); + r = image_find(arg_runtime_scope, arg_class, local, NULL, &image); if (r == -ENOENT) return log_error_errno(r, "Image %s not found.", local); if (r < 0) diff --git a/src/import/import-fs.c b/src/import/import-fs.c index e74d36288af..440ae85ba16 100644 --- a/src/import/import-fs.c +++ b/src/import/import-fs.c @@ -34,6 +34,7 @@ static bool arg_sync = true; static bool arg_direct = false; static const char *arg_image_root = NULL; static ImageClass arg_class = IMAGE_MACHINE; +static RuntimeScope arg_runtime_scope = _RUNTIME_SCOPE_INVALID; typedef struct ProgressInfo { RateLimit limit; @@ -145,7 +146,7 @@ static int import_fs(int argc, char *argv[], void *userdata) { return log_oom(); if (!arg_force) { - r = image_find(arg_class, local, NULL, NULL); + r = image_find(arg_runtime_scope, arg_class, local, NULL, NULL); if (r < 0) { if (r != -ENOENT) return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local); diff --git a/src/import/import.c b/src/import/import.c index 97db0b836a4..6568c591560 100644 --- a/src/import/import.c +++ b/src/import/import.c @@ -30,6 +30,7 @@ static const char *arg_image_root = NULL; static ImportFlags arg_import_flags = IMPORT_BTRFS_SUBVOL | IMPORT_BTRFS_QUOTA | IMPORT_CONVERT_QCOW2 | IMPORT_SYNC; static uint64_t arg_offset = UINT64_MAX, arg_size_max = UINT64_MAX; static ImageClass arg_class = IMAGE_MACHINE; +static RuntimeScope arg_runtime_scope = _RUNTIME_SCOPE_INVALID; static int normalize_local(const char *local, char **ret) { _cleanup_free_ char *ll = NULL; @@ -63,7 +64,7 @@ static int normalize_local(const char *local, char **ret) { local = "imported"; if (!FLAGS_SET(arg_import_flags, IMPORT_FORCE)) { - r = image_find(arg_class, local, NULL, NULL); + r = image_find(arg_runtime_scope, arg_class, local, NULL, NULL); if (r < 0) { if (r != -ENOENT) return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local); diff --git a/src/import/importd.c b/src/import/importd.c index db081205ab7..ea8257a833d 100644 --- a/src/import/importd.c +++ b/src/import/importd.c @@ -111,6 +111,8 @@ struct Manager { bool use_btrfs_subvol; bool use_btrfs_quota; + + RuntimeScope runtime_scope; /* for now: always RUNTIME_SCOPE_SYSTEM */ }; #define TRANSFERS_MAX 64 @@ -721,6 +723,7 @@ static int manager_new(Manager **ret) { *m = (Manager) { .use_btrfs_subvol = true, .use_btrfs_quota = true, + .runtime_scope = RUNTIME_SCOPE_SYSTEM, }; r = sd_event_default(&m->event); @@ -1332,6 +1335,7 @@ static int method_cancel_transfer(sd_bus_message *msg, void *userdata, sd_bus_er static int method_list_images(sd_bus_message *msg, void *userdata, sd_bus_error *error) { _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; ImageClass class = _IMAGE_CLASS_INVALID; + Manager *m = ASSERT_PTR(userdata); int r; assert(msg); @@ -1372,7 +1376,7 @@ static int method_list_images(sd_bus_message *msg, void *userdata, sd_bus_error if (!h) return -ENOMEM; - r = image_discover(c, /* root= */ NULL, h); + r = image_discover(m->runtime_scope, c, /* root= */ NULL, h); if (r < 0) { if (class >= 0) return r; diff --git a/src/import/pull.c b/src/import/pull.c index 46055ce5e73..b2614fa8f56 100644 --- a/src/import/pull.c +++ b/src/import/pull.c @@ -33,6 +33,7 @@ static ImportFlags arg_import_flags = IMPORT_PULL_SETTINGS | IMPORT_PULL_ROOTHAS static uint64_t arg_offset = UINT64_MAX, arg_size_max = UINT64_MAX; static char *arg_checksum = NULL; static ImageClass arg_class = IMAGE_MACHINE; +static RuntimeScope arg_runtime_scope = _RUNTIME_SCOPE_INVALID; STATIC_DESTRUCTOR_REGISTER(arg_checksum, freep); @@ -66,7 +67,7 @@ static int normalize_local(const char *local, const char *url, char **ret) { local); if (!FLAGS_SET(arg_import_flags, IMPORT_FORCE)) { - r = image_find(arg_class, local, NULL, NULL); + r = image_find(arg_runtime_scope, arg_class, local, NULL, NULL); if (r < 0) { if (r != -ENOENT) return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local); diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c index 8eca1e4c958..8f18e78c7dd 100644 --- a/src/machine/image-dbus.c +++ b/src/machine/image-dbus.c @@ -178,7 +178,7 @@ int bus_image_method_clone( return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m"); if (r == 0) { errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]); - r = image_clone(image, new_name, read_only); + r = image_clone(image, new_name, read_only, m->runtime_scope); report_errno_and_exit(errno_pipe_fd[1], r); } @@ -402,6 +402,7 @@ char* image_bus_path(const char *name) { static int image_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) { _cleanup_hashmap_free_ Hashmap *images = NULL; _cleanup_strv_free_ char **l = NULL; + Manager *m = ASSERT_PTR(userdata); Image *image; int r; @@ -413,7 +414,7 @@ static int image_node_enumerator(sd_bus *bus, const char *path, void *userdata, if (!images) return -ENOMEM; - r = image_discover(IMAGE_MACHINE, NULL, images); + r = image_discover(m->runtime_scope, IMAGE_MACHINE, NULL, images); if (r < 0) return r; diff --git a/src/machine/image-varlink.c b/src/machine/image-varlink.c index 5eb636960de..1784de61465 100644 --- a/src/machine/image-varlink.c +++ b/src/machine/image-varlink.c @@ -148,7 +148,7 @@ int vl_method_clone_image(sd_varlink *link, sd_json_variant *parameters, sd_varl return log_debug_errno(r, "Failed to fork: %m"); if (r == 0) { errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]); - r = image_clone(image, p.new_name, p.read_only > 0); + r = image_clone(image, p.new_name, p.read_only > 0, manager->runtime_scope); report_errno_and_exit(errno_pipe_fd[1], r); } diff --git a/src/machine/machined-core.c b/src/machine/machined-core.c index b1468b62c65..52cb915c309 100644 --- a/src/machine/machined-core.c +++ b/src/machine/machined-core.c @@ -440,7 +440,7 @@ int manager_acquire_image(Manager *m, const char *name, Image **ret) { return log_debug_errno(r, "Failed to enable source: %m") ; _cleanup_(image_unrefp) Image *image = NULL; - r = image_find(IMAGE_MACHINE, name, NULL, &image); + r = image_find(m->runtime_scope, IMAGE_MACHINE, name, NULL, &image); if (r < 0) return log_debug_errno(r, "Failed to find image: %m"); @@ -467,7 +467,7 @@ int rename_image_and_update_cache(Manager *m, Image *image, const char* new_name /* The image is cached with its name, hence it is necessary to remove from the cache before renaming. */ assert_se(hashmap_remove_value(m->image_cache, image->name, image)); - r = image_rename(image, new_name); + r = image_rename(image, new_name, m->runtime_scope); if (r < 0) { image = image_unref(image); return r; diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c index f4915f67da4..fc50d3f1471 100644 --- a/src/machine/machined-dbus.c +++ b/src/machine/machined-dbus.c @@ -123,7 +123,7 @@ static int method_get_image(sd_bus_message *message, void *userdata, sd_bus_erro if (r < 0) return r; - r = image_find(IMAGE_MACHINE, name, NULL, NULL); + r = image_find(m->runtime_scope, IMAGE_MACHINE, name, NULL, NULL); if (r == -ENOENT) return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name); if (r < 0) @@ -476,7 +476,7 @@ static int method_list_images(sd_bus_message *message, void *userdata, sd_bus_er if (!images) return -ENOMEM; - r = image_discover(IMAGE_MACHINE, NULL, images); + r = image_discover(m->runtime_scope, IMAGE_MACHINE, NULL, images); if (r < 0) return r; @@ -753,7 +753,7 @@ static int method_clean_pool(sd_bus_message *message, void *userdata, sd_bus_err goto child_fail; } - r = image_discover(IMAGE_MACHINE, NULL, images); + r = image_discover(m->runtime_scope, IMAGE_MACHINE, NULL, images); if (r < 0) goto child_fail; diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c index e0e27c44964..104b841dd5e 100644 --- a/src/machine/machined-varlink.c +++ b/src/machine/machined-varlink.c @@ -641,6 +641,7 @@ static int list_image_one_and_maybe_read_metadata(sd_varlink *link, Image *image } static int vl_method_list_images(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) { + Manager *m = ASSERT_PTR(userdata); struct params { const char *image_name; AcquireMetadata acquire_metadata; @@ -667,7 +668,7 @@ static int vl_method_list_images(sd_varlink *link, sd_json_variant *parameters, if (!image_name_is_valid(p.image_name)) return sd_varlink_error_invalid_parameter_name(link, "name"); - r = image_find(IMAGE_MACHINE, p.image_name, /* root = */ NULL, &found); + r = image_find(m->runtime_scope, IMAGE_MACHINE, p.image_name, /* root = */ NULL, &found); if (r == -ENOENT) return sd_varlink_error(link, "io.systemd.MachineImage.NoSuchImage", NULL); if (r < 0) @@ -683,7 +684,7 @@ static int vl_method_list_images(sd_varlink *link, sd_json_variant *parameters, if (!images) return -ENOMEM; - r = image_discover(IMAGE_MACHINE, /* root = */ NULL, images); + r = image_discover(m->runtime_scope, IMAGE_MACHINE, /* root = */ NULL, images); if (r < 0) return log_debug_errno(r, "Failed to discover images: %m"); diff --git a/src/machine/machined.c b/src/machine/machined.c index a0c4ef751ae..3a235aa0d40 100644 --- a/src/machine/machined.c +++ b/src/machine/machined.c @@ -40,10 +40,14 @@ static int manager_new(Manager **ret) { assert(ret); - m = new0(Manager, 1); + m = new(Manager, 1); if (!m) return -ENOMEM; + *m = (Manager) { + .runtime_scope = RUNTIME_SCOPE_SYSTEM, + }; + m->machines = hashmap_new(&machine_hash_ops); if (!m->machines) return -ENOMEM; diff --git a/src/machine/machined.h b/src/machine/machined.h index 3d1f5026997..758678a2059 100644 --- a/src/machine/machined.h +++ b/src/machine/machined.h @@ -42,6 +42,8 @@ struct Manager { sd_varlink_server *varlink_userdb_server; sd_varlink_server *varlink_machine_server; + + RuntimeScope runtime_scope; /* for now: always RUNTIME_SCOPE_SYSTEM */ }; int manager_add_machine(Manager *m, const char *name, Machine **ret); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 66a8771eea6..1b452014e34 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -3167,7 +3167,8 @@ static int determine_names(void) { if (arg_machine) { _cleanup_(image_unrefp) Image *i = NULL; - r = image_find(IMAGE_MACHINE, arg_machine, NULL, &i); + r = image_find(arg_privileged ? RUNTIME_SCOPE_SYSTEM : RUNTIME_SCOPE_USER, + IMAGE_MACHINE, arg_machine, NULL, &i); if (r == -ENOENT) return log_error_errno(r, "No image for machine '%s'.", arg_machine); if (r < 0) diff --git a/src/portable/portable.c b/src/portable/portable.c index 18a8060a9f8..61c13abe12d 100644 --- a/src/portable/portable.c +++ b/src/portable/portable.c @@ -173,6 +173,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(portable_metadata_hash_ops, char, PortableMetadata, portable_metadata_unref); static int extract_now( + RuntimeScope scope, const char *where, char **matches, const char *image_name, @@ -199,6 +200,7 @@ static int extract_now( * parent. To handle both cases in one call this function also gets a 'socket_fd' parameter, which when >= 0 is * used to send the data to the parent. */ + assert(scope < _RUNTIME_SCOPE_MAX); assert(where); /* First, find os-release/extension-release and send it upstream (or just save it). */ @@ -248,7 +250,7 @@ static int extract_now( /* Then, send unit file data to the parent (or/and add it to the hashmap). For that we use our usual unit * discovery logic. Note that we force looking inside of /lib/systemd/system/ for units too, as the * image might have a legacy split-usr layout. */ - r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, LOOKUP_PATHS_SPLIT_USR, where); + r = lookup_paths_init(&paths, scope, LOOKUP_PATHS_SPLIT_USR, where); if (r < 0) return log_debug_errno(r, "Failed to acquire lookup paths: %m"); @@ -348,6 +350,7 @@ static int extract_now( } static int portable_extract_by_path( + RuntimeScope scope, const char *path, bool path_is_extension, bool relax_extension_release_check, @@ -381,7 +384,7 @@ static int portable_extract_by_path( if (r < 0) return log_error_errno(r, "Failed to extract image name from path '%s': %m", path); - r = extract_now(path, matches, image_name, path_is_extension, /* relax_extension_release_check= */ false, -1, &os_release, &unit_files); + r = extract_now(scope, path, matches, image_name, path_is_extension, /* relax_extension_release_check= */ false, -1, &os_release, &unit_files); if (r < 0) return r; @@ -458,7 +461,7 @@ static int portable_extract_by_path( goto child_finish; } - r = extract_now(tmpdir, matches, m->image_name, path_is_extension, relax_extension_release_check, seq[1], NULL, NULL); + r = extract_now(scope, tmpdir, matches, m->image_name, path_is_extension, relax_extension_release_check, seq[1], NULL, NULL); child_finish: _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); @@ -549,6 +552,7 @@ static int portable_extract_by_path( } static int extract_image_and_extensions( + RuntimeScope scope, const char *name_or_path, char **matches, char **extension_image_paths, @@ -595,7 +599,7 @@ static int extract_image_and_extensions( name_or_path = result.path; } - r = image_find_harder(IMAGE_PORTABLE, name_or_path, /* root= */ NULL, &image); + r = image_find_harder(scope, IMAGE_PORTABLE, name_or_path, /* root= */ NULL, &image); if (r < 0) return r; @@ -633,7 +637,7 @@ static int extract_image_and_extensions( path = ext_result.path; } - r = image_find_harder(IMAGE_PORTABLE, path, NULL, &new); + r = image_find_harder(scope, IMAGE_PORTABLE, path, NULL, &new); if (r < 0) return r; @@ -645,6 +649,7 @@ static int extract_image_and_extensions( } r = portable_extract_by_path( + scope, image->path, /* path_is_extension= */ false, /* relax_extension_release_check= */ false, @@ -687,6 +692,7 @@ static int extract_image_and_extensions( const char *e; r = portable_extract_by_path( + scope, ext->path, /* path_is_extension= */ true, relax_extension_release_check, @@ -754,6 +760,7 @@ static int extract_image_and_extensions( } int portable_extract( + RuntimeScope scope, const char *name_or_path, char **matches, char **extension_image_paths, @@ -775,6 +782,7 @@ int portable_extract( assert(name_or_path); r = extract_image_and_extensions( + scope, name_or_path, matches, extension_image_paths, @@ -1426,6 +1434,7 @@ static int image_target_path( } static int install_image( + RuntimeScope scope, const char *image_path, PortableFlags flags, PortableChange **changes, @@ -1434,13 +1443,14 @@ static int install_image( _cleanup_free_ char *target = NULL; int r; + assert(scope < _RUNTIME_SCOPE_MAX); assert(image_path); /* If the image is outside of the image search also link it into it, so that it can be found with * short image names and is listed among the images. If we are operating in mixed mode, the image is * copied instead. */ - if (image_in_search_path(IMAGE_PORTABLE, NULL, image_path)) + if (image_in_search_path(scope, IMAGE_PORTABLE, NULL, image_path)) return 0; r = image_target_path(image_path, flags, &target); @@ -1485,6 +1495,7 @@ static int install_image( } static int install_image_and_extensions( + RuntimeScope scope, const Image *image, OrderedHashmap *extension_images, PortableFlags flags, @@ -1497,12 +1508,12 @@ static int install_image_and_extensions( assert(image); ORDERED_HASHMAP_FOREACH(ext, extension_images) { - r = install_image(ext->path, flags, changes, n_changes); + r = install_image(scope, ext->path, flags, changes, n_changes); if (r < 0) return r; } - r = install_image(image->path, flags, changes, n_changes); + r = install_image(scope, image->path, flags, changes, n_changes); if (r < 0) return r; @@ -1595,6 +1606,7 @@ static void log_portable_verb( } int portable_attach( + RuntimeScope scope, sd_bus *bus, const char *name_or_path, char **matches, @@ -1615,7 +1627,10 @@ int portable_attach( PortableMetadata *item; int r; + assert(scope < _RUNTIME_SCOPE_MAX); + r = extract_image_and_extensions( + scope, name_or_path, matches, extension_image_paths, @@ -1672,13 +1687,13 @@ int portable_attach( strempty(extensions_joined)); } - r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, /* flags= */ 0, NULL); + r = lookup_paths_init(&paths, scope, /* flags= */ 0, NULL); if (r < 0) return r; if (!FLAGS_SET(flags, PORTABLE_REATTACH) && !FLAGS_SET(flags, PORTABLE_FORCE_ATTACH)) HASHMAP_FOREACH(item, unit_files) { - r = unit_file_exists(RUNTIME_SCOPE_SYSTEM, &paths, item->name); + r = unit_file_exists(scope, &paths, item->name); if (r < 0) return sd_bus_error_set_errnof(error, r, "Failed to determine whether unit '%s' exists on the host: %m", item->name); if (r > 0) @@ -1700,7 +1715,7 @@ int portable_attach( /* We don't care too much for the image symlink/copy, it's just a convenience thing, it's not necessary for * proper operation otherwise. */ - (void) install_image_and_extensions(image, extension_images, flags, changes, n_changes); + (void) install_image_and_extensions(scope, image, extension_images, flags, changes, n_changes); log_portable_verb( "attached", @@ -1844,6 +1859,7 @@ static int test_chroot_dropin( } int portable_detach( + RuntimeScope scope, sd_bus *bus, const char *name_or_path, char **extension_image_paths, @@ -1857,12 +1873,12 @@ int portable_detach( _cleanup_free_ char *extensions = NULL; _cleanup_closedir_ DIR *d = NULL; const char *where, *item; - int ret = 0; - int r; + int r, ret = 0; + assert(scope < _RUNTIME_SCOPE_MAX); assert(name_or_path); - r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, /* flags= */ 0, NULL); + r = lookup_paths_init(&paths, scope, /* flags= */ 0, NULL); if (r < 0) return r; @@ -1930,7 +1946,7 @@ int portable_detach( if (r == 0) break; - if (path_is_absolute(image) && !image_in_search_path(IMAGE_PORTABLE, NULL, image)) { + if (path_is_absolute(image) && !image_in_search_path(scope, IMAGE_PORTABLE, NULL, image)) { r = set_ensure_consume(&markers, &path_hash_ops_free, TAKE_PTR(image)); if (r < 0) return r; @@ -2031,6 +2047,7 @@ not_found: } static int portable_get_state_internal( + RuntimeScope scope, sd_bus *bus, const char *name_or_path, char **extension_image_paths, @@ -2045,10 +2062,11 @@ static int portable_get_state_internal( const char *where; int r; + assert(scope < _RUNTIME_SCOPE_MAX); assert(name_or_path); assert(ret); - r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, /* flags= */ 0, NULL); + r = lookup_paths_init(&paths, scope, /* flags= */ 0, NULL); if (r < 0) return r; @@ -2084,7 +2102,7 @@ static int portable_get_state_internal( if (r == 0) continue; - r = unit_file_lookup_state(RUNTIME_SCOPE_SYSTEM, &paths, de->d_name, &state); + r = unit_file_lookup_state(scope, &paths, de->d_name, &state); if (r < 0) return log_debug_errno(r, "Failed to determine unit file state of '%s': %m", de->d_name); if (!IN_SET(state, UNIT_FILE_STATIC, UNIT_FILE_DISABLED, UNIT_FILE_LINKED, UNIT_FILE_LINKED_RUNTIME)) @@ -2109,6 +2127,7 @@ static int portable_get_state_internal( } int portable_get_state( + RuntimeScope scope, sd_bus *bus, const char *name_or_path, char **extension_image_paths, @@ -2125,12 +2144,19 @@ int portable_get_state( /* We look for matching units twice: once in the regular directories, and once in the runtime directories — but * the latter only if we didn't find anything in the former. */ - r = portable_get_state_internal(bus, name_or_path, extension_image_paths, flags & ~PORTABLE_RUNTIME, &state, error); + r = portable_get_state_internal( + scope, + bus, + name_or_path, + extension_image_paths, + flags & ~PORTABLE_RUNTIME, + &state, + error); if (r < 0) return r; if (state == PORTABLE_DETACHED) { - r = portable_get_state_internal(bus, name_or_path, extension_image_paths, flags | PORTABLE_RUNTIME, &state, error); + r = portable_get_state_internal(scope, bus, name_or_path, extension_image_paths, flags | PORTABLE_RUNTIME, &state, error); if (r < 0) return r; } diff --git a/src/portable/portable.h b/src/portable/portable.h index 281b57e321d..03977159f08 100644 --- a/src/portable/portable.h +++ b/src/portable/portable.h @@ -6,6 +6,7 @@ #include "dissect-image.h" #include "hashmap.h" #include "macro.h" +#include "runtime-scope.h" #include "set.h" #include "string-util.h" @@ -69,12 +70,12 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(PortableMetadata*, portable_metadata_unref); int portable_metadata_hashmap_to_sorted_array(Hashmap *unit_files, PortableMetadata ***ret); -int portable_extract(const char *image, char **matches, char **extension_image_paths, const ImagePolicy *image_policy, PortableFlags flags, PortableMetadata **ret_os_release, OrderedHashmap **ret_extension_releases, Hashmap **ret_unit_files, char ***ret_valid_prefixes, sd_bus_error *error); +int portable_extract(RuntimeScope scope, const char *image, char **matches, char **extension_image_paths, const ImagePolicy *image_policy, PortableFlags flags, PortableMetadata **ret_os_release, OrderedHashmap **ret_extension_releases, Hashmap **ret_unit_files, char ***ret_valid_prefixes, sd_bus_error *error); -int portable_attach(sd_bus *bus, const char *name_or_path, char **matches, const char *profile, char **extension_images, const ImagePolicy* image_policy, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); -int portable_detach(sd_bus *bus, const char *name_or_path, char **extension_image_paths, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); +int portable_attach(RuntimeScope scope, sd_bus *bus, const char *name_or_path, char **matches, const char *profile, char **extension_images, const ImagePolicy* image_policy, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); +int portable_detach(RuntimeScope scope, sd_bus *bus, const char *name_or_path, char **extension_image_paths, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); -int portable_get_state(sd_bus *bus, const char *name_or_path, char **extension_image_paths, PortableFlags flags, PortableState *ret, sd_bus_error *error); +int portable_get_state(RuntimeScope scope, sd_bus *bus, const char *name_or_path, char **extension_image_paths, PortableFlags flags, PortableState *ret, sd_bus_error *error); int portable_get_profiles(char ***ret); diff --git a/src/portable/portabled-bus.c b/src/portable/portabled-bus.c index 4f239e2b125..0476796dbe4 100644 --- a/src/portable/portabled-bus.c +++ b/src/portable/portabled-bus.c @@ -165,6 +165,7 @@ static int method_list_images(sd_bus_message *message, void *userdata, sd_bus_er return r; r = portable_get_state( + m->runtime_scope, sd_bus_message_get_bus(message), image->path, NULL, @@ -225,6 +226,7 @@ static int method_get_image_metadata(sd_bus_message *message, void *userdata, sd static int method_get_image_state(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_strv_free_ char **extension_images = NULL; + Manager *m = ASSERT_PTR(userdata); const char *name_or_path; PortableState state; int r; @@ -254,6 +256,7 @@ static int method_get_image_state(sd_bus_message *message, void *userdata, sd_bu } r = portable_get_state( + m->runtime_scope, sd_bus_message_get_bus(message), name_or_path, extension_images, @@ -330,6 +333,7 @@ static int method_detach_image(sd_bus_message *message, void *userdata, sd_bus_e return 1; /* Will call us back */ r = portable_detach( + m->runtime_scope, sd_bus_message_get_bus(message), name_or_path, extension_images, diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c index 0ca04d3a0b9..ab0e44e038f 100644 --- a/src/portable/portabled-image-bus.c +++ b/src/portable/portabled-image-bus.c @@ -114,10 +114,8 @@ int bus_image_common_get_metadata( assert(name_or_path || image); assert(message); - if (!m) { - assert(image); - m = image->userdata; - } + if (!m) + m = ASSERT_PTR(ASSERT_PTR(image)->userdata); bool have_exti = sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions"); @@ -160,6 +158,7 @@ int bus_image_common_get_metadata( return 1; r = portable_extract( + m->runtime_scope, image->path, matches, extension_images, @@ -264,6 +263,7 @@ static int bus_image_method_get_state( _cleanup_strv_free_ char **extension_images = NULL; Image *image = ASSERT_PTR(userdata); + Manager *m = ASSERT_PTR(image->userdata); PortableState state; int r; @@ -288,6 +288,7 @@ static int bus_image_method_get_state( } r = portable_get_state( + m->runtime_scope, sd_bus_message_get_bus(message), image->path, extension_images, @@ -385,6 +386,7 @@ int bus_image_common_attach( return 1; r = portable_attach( + m->runtime_scope, sd_bus_message_get_bus(message), image->path, matches, @@ -463,6 +465,7 @@ static int bus_image_method_detach( return 1; /* Will call us back */ r = portable_detach( + m->runtime_scope, sd_bus_message_get_bus(message), image->path, extension_images, @@ -513,6 +516,7 @@ int bus_image_common_remove( return 1; /* Will call us back */ r = portable_get_state( + m->runtime_scope, sd_bus_message_get_bus(message), image->path, NULL, @@ -716,6 +720,7 @@ int bus_image_common_reattach( return 1; r = portable_detach( + m->runtime_scope, sd_bus_message_get_bus(message), image->path, extension_images, @@ -727,6 +732,7 @@ int bus_image_common_reattach( return r; r = portable_attach( + m->runtime_scope, sd_bus_message_get_bus(message), image->path, matches, @@ -1039,7 +1045,7 @@ int bus_image_acquire( if (image_name_is_valid(name_or_path)) { /* If it's a short name, let's search for it */ - r = image_find(IMAGE_PORTABLE, name_or_path, NULL, &loaded); + r = image_find(m->runtime_scope, IMAGE_PORTABLE, name_or_path, NULL, &loaded); if (r == -ENOENT) return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PORTABLE_IMAGE, "No image '%s' found.", name_or_path); diff --git a/src/portable/portabled-image.c b/src/portable/portabled-image.c index 6d2839125f2..50e0e7a99cb 100644 --- a/src/portable/portabled-image.c +++ b/src/portable/portabled-image.c @@ -91,7 +91,7 @@ int manager_image_cache_discover(Manager *m, Hashmap *images, sd_bus_error *erro /* A wrapper around image_discover() (for finding images in search path) and portable_discover_attached() (for * finding attached images). */ - r = image_discover(IMAGE_PORTABLE, NULL, images); + r = image_discover(m->runtime_scope, IMAGE_PORTABLE, NULL, images); if (r < 0) return r; diff --git a/src/portable/portabled.c b/src/portable/portabled.c index 766999ff0de..6d7c3b534f4 100644 --- a/src/portable/portabled.c +++ b/src/portable/portabled.c @@ -28,10 +28,14 @@ static int manager_new(Manager **ret) { assert(ret); - m = new0(Manager, 1); + m = new(Manager, 1); if (!m) return -ENOMEM; + *m = (Manager) { + .runtime_scope = RUNTIME_SCOPE_SYSTEM, + }; + r = sd_event_default(&m->event); if (r < 0) return r; diff --git a/src/portable/portabled.h b/src/portable/portabled.h index 71ec41d4f1b..8503451ccce 100644 --- a/src/portable/portabled.h +++ b/src/portable/portabled.h @@ -7,6 +7,7 @@ #include "bus-object.h" #include "hashmap.h" #include "list.h" +#include "runtime-scope.h" typedef struct Manager Manager; @@ -23,6 +24,8 @@ struct Manager { LIST_HEAD(Operation, operations); unsigned n_operations; + + RuntimeScope runtime_scope; /* for now always RUNTIME_SCOPE_SYSTEM */ }; extern const BusObjectImplementation manager_object; diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c index 674811ca354..53e98214128 100644 --- a/src/shared/discover-image.c +++ b/src/shared/discover-image.c @@ -12,6 +12,8 @@ #include #include +#include "sd-path.h" + #include "alloc-util.h" #include "blockdev-util.h" #include "btrfs-util.h" @@ -553,12 +555,95 @@ static int image_make( return -EMEDIUMTYPE; } -static const char *pick_image_search_path(ImageClass class) { - if (class < 0 || class >= _IMAGE_CLASS_MAX) - return NULL; +static int pick_image_search_path( + RuntimeScope scope, + ImageClass class, + char ***ret) { - /* Use the initrd search path if there is one, otherwise use the common one */ - return in_initrd() && image_search_path_initrd[class] ? image_search_path_initrd[class] : image_search_path[class]; + int r; + + assert(scope < _RUNTIME_SCOPE_MAX && scope != RUNTIME_SCOPE_GLOBAL); + assert(class < _IMAGE_CLASS_MAX); + assert(ret); + + if (class < 0) { + *ret = NULL; + return 0; + } + + if (scope < 0) { + _cleanup_strv_free_ char **a = NULL, **b = NULL; + + r = pick_image_search_path(RUNTIME_SCOPE_USER, class, &a); + if (r < 0) + return r; + + r = pick_image_search_path(RUNTIME_SCOPE_SYSTEM, class, &b); + if (r < 0) + return r; + + r = strv_extend_strv(&a, b, /* filter_duplicates= */ false); + if (r < 0) + return r; + + *ret = TAKE_PTR(a); + return 0; + } + + switch (scope) { + + case RUNTIME_SCOPE_SYSTEM: { + const char *ns; + /* Use the initrd search path if there is one, otherwise use the common one */ + ns = in_initrd() && image_search_path_initrd[class] ? + image_search_path_initrd[class] : + image_search_path[class]; + if (!ns) + break; + + _cleanup_strv_free_ char **search = strv_split_nulstr(ns); + if (!search) + return -ENOMEM; + + *ret = TAKE_PTR(search); + return 0; + } + + case RUNTIME_SCOPE_USER: { + if (class != IMAGE_MACHINE) + break; + + static const uint64_t dirs[] = { + SD_PATH_USER_RUNTIME, + SD_PATH_USER_STATE_PRIVATE, + SD_PATH_USER_LIBRARY_PRIVATE, + }; + + _cleanup_strv_free_ char **search = NULL; + FOREACH_ELEMENT(d, dirs) { + _cleanup_free_ char *p = NULL; + + r = sd_path_lookup(*d, "machines", &p); + if (r == -ENXIO) /* No XDG_RUNTIME_DIR set */ + continue; + if (r < 0) + return r; + + r = strv_consume(&search, TAKE_PTR(p)); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(search); + return 0; + } + + default: + assert_not_reached(); + } + + *ret = NULL; + return 0; } static char **make_possible_filenames(ImageClass class, const char *image_name) { @@ -592,7 +677,8 @@ static char **make_possible_filenames(ImageClass class, const char *image_name) return TAKE_PTR(l); } -int image_find(ImageClass class, +int image_find(RuntimeScope scope, + ImageClass class, const char *name, const char *root, Image **ret) { @@ -602,6 +688,7 @@ int image_find(ImageClass class, * some root directory.) */ int open_flags = root ? O_NOFOLLOW : 0, r; + assert(scope < _RUNTIME_SCOPE_MAX && scope != RUNTIME_SCOPE_GLOBAL); assert(class >= 0); assert(class < _IMAGE_CLASS_MAX); assert(name); @@ -614,11 +701,16 @@ int image_find(ImageClass class, if (!names) return -ENOMEM; - NULSTR_FOREACH(path, pick_image_search_path(class)) { + _cleanup_strv_free_ char **search = NULL; + r = pick_image_search_path(scope, class, &search); + if (r < 0) + return r; + + STRV_FOREACH(path, search) { _cleanup_free_ char *resolved = NULL; _cleanup_closedir_ DIR *d = NULL; - r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d); + r = chase_and_opendir(*path, root, CHASE_PREFIX_ROOT, &resolved, &d); if (r == -ENOENT) continue; if (r < 0) @@ -722,7 +814,7 @@ int image_find(ImageClass class, } } - if (class == IMAGE_MACHINE && streq(name, ".host")) { + if (scope == RUNTIME_SCOPE_SYSTEM && class == IMAGE_MACHINE && streq(name, ".host")) { r = image_make(class, ".host", /* dir_fd= */ AT_FDCWD, @@ -771,14 +863,21 @@ int image_from_path(const char *path, Image **ret) { ret); } -int image_find_harder(ImageClass class, const char *name_or_path, const char *root, Image **ret) { +int image_find_harder( + RuntimeScope scope, + ImageClass class, + const char *name_or_path, + const char *root, + Image **ret) { + if (image_name_is_valid(name_or_path)) - return image_find(class, name_or_path, root, ret); + return image_find(scope, class, name_or_path, root, ret); return image_from_path(name_or_path, ret); } int image_discover( + RuntimeScope scope, ImageClass class, const char *root, Hashmap *h) { @@ -788,15 +887,21 @@ int image_discover( * some root directory.) */ int open_flags = root ? O_NOFOLLOW : 0, r; + assert(scope < _RUNTIME_SCOPE_MAX && scope != RUNTIME_SCOPE_GLOBAL); assert(class >= 0); assert(class < _IMAGE_CLASS_MAX); assert(h); - NULSTR_FOREACH(path, pick_image_search_path(class)) { + _cleanup_strv_free_ char **search = NULL; + r = pick_image_search_path(scope, class, &search); + if (r < 0) + return r; + + STRV_FOREACH(path, search) { _cleanup_free_ char *resolved = NULL; _cleanup_closedir_ DIR *d = NULL; - r = chase_and_opendir(path, root, CHASE_PREFIX_ROOT, &resolved, &d); + r = chase_and_opendir(*path, root, CHASE_PREFIX_ROOT, &resolved, &d); if (r == -ENOENT) continue; if (r < 0) @@ -946,7 +1051,7 @@ int image_discover( } } - if (class == IMAGE_MACHINE && !hashmap_contains(h, ".host")) { + if (scope == RUNTIME_SCOPE_SYSTEM && class == IMAGE_MACHINE && !hashmap_contains(h, ".host")) { _cleanup_(image_unrefp) Image *image = NULL; r = image_make(IMAGE_MACHINE, @@ -1063,7 +1168,7 @@ static int rename_auxiliary_file(const char *path, const char *new_name, const c return rename_noreplace(AT_FDCWD, path, AT_FDCWD, rs); } -int image_rename(Image *i, const char *new_name) { +int image_rename(Image *i, const char *new_name, RuntimeScope scope) { _cleanup_(release_lock_file) LockFile global_lock = LOCK_FILE_INIT, local_lock = LOCK_FILE_INIT, name_lock = LOCK_FILE_INIT; _cleanup_free_ char *new_path = NULL, *nn = NULL, *roothash = NULL; _cleanup_strv_free_ char **settings = NULL; @@ -1098,7 +1203,7 @@ int image_rename(Image *i, const char *new_name) { if (r < 0) return r; - r = image_find(IMAGE_MACHINE, new_name, NULL, NULL); + r = image_find(scope, IMAGE_MACHINE, new_name, NULL, NULL); if (r >= 0) return -EEXIST; if (r != -ENOENT) @@ -1185,7 +1290,7 @@ static int clone_auxiliary_file(const char *path, const char *new_name, const ch return copy_file_atomic(path, rs, 0664, COPY_REFLINK); } -int image_clone(Image *i, const char *new_name, bool read_only) { +int image_clone(Image *i, const char *new_name, bool read_only, RuntimeScope scope) { _cleanup_(release_lock_file) LockFile name_lock = LOCK_FILE_INIT; _cleanup_strv_free_ char **settings = NULL; _cleanup_free_ char *roothash = NULL; @@ -1212,7 +1317,7 @@ int image_clone(Image *i, const char *new_name, bool read_only) { if (r < 0) return r; - r = image_find(IMAGE_MACHINE, new_name, NULL, NULL); + r = image_find(scope, IMAGE_MACHINE, new_name, NULL, NULL); if (r >= 0) return -EEXIST; if (r != -ENOENT) @@ -1646,24 +1751,35 @@ int image_name_lock(const char *name, int operation, LockFile *ret) { } bool image_in_search_path( + RuntimeScope scope, ImageClass class, const char *root, const char *image) { + int r; + + assert(scope < _RUNTIME_SCOPE_MAX && scope != RUNTIME_SCOPE_GLOBAL); + assert(class >= 0); + assert(class < _IMAGE_CLASS_MAX); assert(image); - NULSTR_FOREACH(path, pick_image_search_path(class)) { + _cleanup_strv_free_ char **search = NULL; + r = pick_image_search_path(scope, class, &search); + if (r < 0) + return r; + + STRV_FOREACH(path, search) { const char *p, *q; size_t k; if (!empty_or_root(root)) { - q = path_startswith(path, root); + q = path_startswith(*path, root); if (!q) continue; } else - q = path; + q = *path; - p = path_startswith(q, path); + p = path_startswith(q, *path); if (!p) continue; diff --git a/src/shared/discover-image.h b/src/shared/discover-image.h index b20b586ae04..c1fdf15d155 100644 --- a/src/shared/discover-image.h +++ b/src/shared/discover-image.h @@ -13,6 +13,7 @@ #include "macro.h" #include "os-util.h" #include "path-util.h" +#include "runtime-scope.h" #include "string-util.h" #include "time-util.h" @@ -60,14 +61,14 @@ Image *image_ref(Image *i); DEFINE_TRIVIAL_CLEANUP_FUNC(Image*, image_unref); -int image_find(ImageClass class, const char *name, const char *root, Image **ret); +int image_find(RuntimeScope scope, ImageClass class, const char *name, const char *root, Image **ret); int image_from_path(const char *path, Image **ret); -int image_find_harder(ImageClass class, const char *name_or_path, const char *root, Image **ret); -int image_discover(ImageClass class, const char *root, Hashmap *map); +int image_find_harder(RuntimeScope scope, ImageClass class, const char *name_or_path, const char *root, Image **ret); +int image_discover(RuntimeScope scope, ImageClass class, const char *root, Hashmap *map); int image_remove(Image *i); -int image_rename(Image *i, const char *new_name); -int image_clone(Image *i, const char *new_name, bool read_only); +int image_rename(Image *i, const char *new_name, RuntimeScope scope); +int image_clone(Image *i, const char *new_name, bool read_only, RuntimeScope scope); int image_read_only(Image *i, bool b); const char* image_type_to_string(ImageType t) _const_; @@ -80,7 +81,7 @@ int image_set_limit(Image *i, uint64_t referenced_max); int image_read_metadata(Image *i, const ImagePolicy *image_policy); -bool image_in_search_path(ImageClass class, const char *root, const char *image); +bool image_in_search_path(RuntimeScope scope, ImageClass class, const char *root, const char *image); static inline char **image_extension_release(Image *image, ImageClass class) { assert(image); diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index 6401fc4c0ff..9b1839d43a9 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -2031,7 +2031,7 @@ static int image_discover_and_read_metadata( if (!images) return log_oom(); - r = image_discover(image_class, arg_root, images); + r = image_discover(RUNTIME_SCOPE_SYSTEM, image_class, arg_root, images); if (r < 0) return log_error_errno(r, "Failed to discover images: %m"); @@ -2278,7 +2278,7 @@ static int verb_list(int argc, char **argv, void *userdata) { if (!images) return log_oom(); - r = image_discover(arg_image_class, arg_root, images); + r = image_discover(RUNTIME_SCOPE_SYSTEM, arg_image_class, arg_root, images); if (r < 0) return log_error_errno(r, "Failed to discover images: %m"); @@ -2339,7 +2339,7 @@ static int vl_method_list(sd_varlink *link, sd_json_variant *parameters, sd_varl if (!images) return -ENOMEM; - r = image_discover(image_class, arg_root, images); + r = image_discover(RUNTIME_SCOPE_SYSTEM, image_class, arg_root, images); if (r < 0) return r; diff --git a/src/sysupdate/sysupdated.c b/src/sysupdate/sysupdated.c index 7dda16b8b5a..58967930f77 100644 --- a/src/sysupdate/sysupdated.c +++ b/src/sysupdate/sysupdated.c @@ -46,6 +46,8 @@ typedef struct Manager { Hashmap *polkit_registry; sd_event_source *notify_event; + + RuntimeScope runtime_scope; /* For now only RUNTIME_SCOPE_SYSTEM */ } Manager; /* Forward declare so that jobs can call it on exit */ @@ -1730,10 +1732,14 @@ static int manager_new(Manager **ret) { assert(ret); - m = new0(Manager, 1); + m = new(Manager, 1); if (!m) return -ENOMEM; + *m = (Manager) { + .runtime_scope = RUNTIME_SCOPE_SYSTEM, + }; + r = sd_event_default(&m->event); if (r < 0) return r; @@ -1795,7 +1801,7 @@ static int manager_enumerate_image_class(Manager *m, TargetClass class) { if (!images) return -ENOMEM; - r = image_discover((ImageClass) class, NULL, images); + r = image_discover(m->runtime_scope, (ImageClass) class, NULL, images); if (r < 0) return r; diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c index 1c49aff4a3b..d2a9a6ee019 100644 --- a/src/vmspawn/vmspawn.c +++ b/src/vmspawn/vmspawn.c @@ -2236,7 +2236,8 @@ static int determine_names(void) { if (arg_machine) { _cleanup_(image_unrefp) Image *i = NULL; - r = image_find(IMAGE_MACHINE, arg_machine, NULL, &i); + r = image_find(arg_privileged ? RUNTIME_SCOPE_SYSTEM : RUNTIME_SCOPE_USER, + IMAGE_MACHINE, arg_machine, NULL, &i); if (r == -ENOENT) return log_error_errno(r, "No image for machine '%s'.", arg_machine); if (r < 0) diff --git a/test/units/TEST-13-NSPAWN.nspawn.sh b/test/units/TEST-13-NSPAWN.nspawn.sh index 3120d98bf4d..f5615755820 100755 --- a/test/units/TEST-13-NSPAWN.nspawn.sh +++ b/test/units/TEST-13-NSPAWN.nspawn.sh @@ -1129,7 +1129,7 @@ testcase_unpriv() { local tmpdir name tmpdir="$(mktemp -d /var/tmp/TEST-13-NSPAWN.unpriv.XXX)" - name="unpriv-${tmpdir##*.}" + name="unprv-${tmpdir##*.}" trap 'rm -fr ${tmpdir@Q} || true; rm -f /run/verity.d/test-13-nspawn-${name@Q} || true' RETURN ERR create_dummy_ddi "$tmpdir" "$name" chown --recursive testuser: "$tmpdir" @@ -1141,6 +1141,17 @@ testcase_unpriv() { -- \ systemd-nspawn --pipe --private-network --register=no --keep-unit --image="$tmpdir/$name.raw" echo hello >"$tmpdir/stdout.txt" echo hello | cmp "$tmpdir/stdout.txt" - + + # Make sure per-user search path logic works + systemd-run --pipe --uid=testuser mkdir -p /home/testuser/.local/state/machines + systemd-run --pipe --uid=testuser ln -s "$tmpdir/$name.raw" /home/testuser/.local/state/machines/"x$name.raw" + systemd-run \ + --pipe \ + --uid=testuser \ + --property=Delegate=yes \ + -- \ + systemd-nspawn --pipe --private-network --register=no --keep-unit --machine="x$name" echo hello >"$tmpdir/stdout.txt" + echo hello | cmp "$tmpdir/stdout.txt" - } testcase_fuse() { diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh index a7122855d9c..fc33d91f0fa 100755 --- a/test/units/TEST-50-DISSECT.dissect.sh +++ b/test/units/TEST-50-DISSECT.dissect.sh @@ -615,6 +615,10 @@ grep -q -F '{"name":"b","type":"raw","class":"portable","ro":false,"path":"/run/ grep -q -F '{"name":"c","type":"raw","class":"sysext","ro":false,"path":"/run/extensions/c.raw"' /tmp/discover.json rm /tmp/discover.json /run/machines/a.raw /run/portables/b.raw /run/extensions/c.raw +systemd-dissect --discover --system +systemd-dissect --discover --user +systemd-dissect --discover --system --user + LOOP="$(systemd-dissect --attach --loop-ref=waldo "$MINIMAL_IMAGE.raw")" # Wait until the symlinks we want to test are established