diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-12-13 16:27:38 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-04-05 20:52:21 +0200 |
| commit | 73740c9f842a6fda8bba9af65dff82658a9aec90 (patch) | |
| tree | 6c45c7af8e9f7dbc5563d498f4248e54b2bef6eb | |
| parent | a62e12dad12434aeecccd58e78bcae4cf1b0d730 (diff) | |
| download | systemd-73740c9f842a6fda8bba9af65dff82658a9aec90.tar.gz | |
discover-image: automaticaly pick up sysext images from /.extra/sysext
| -rw-r--r-- | src/shared/discover-image.c | 28 | ||||
| -rw-r--r-- | units/systemd-sysext.service | 1 |
2 files changed, 26 insertions, 3 deletions
diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c index 86ff5d6d93..df3d5b7765 100644 --- a/src/shared/discover-image.c +++ b/src/shared/discover-image.c @@ -28,6 +28,7 @@ #include "hashmap.h" #include "hostname-setup.h" #include "id128-util.h" +#include "initrd-util.h" #include "lock-util.h" #include "log.h" #include "loop-util.h" @@ -68,6 +69,19 @@ static const char* const image_search_path[_IMAGE_CLASS_MAX] = { "/var/lib/extensions\0", /* the main place for images */ }; +/* Inside the initrd, use a slightly different set of search path (i.e. include .extra/sysext in extension + * search dir) */ +static const char* const image_search_path_initrd[_IMAGE_CLASS_MAX] = { + /* (entries that aren't listed here will get the same search path as for the non initrd-case) */ + + [IMAGE_EXTENSION] = "/etc/extensions\0" /* only place symlinks here */ + "/run/extensions\0" /* and here too */ + "/var/lib/extensions\0" /* the main place for images */ + "/usr/local/lib/extensions\0" + "/usr/lib/extensions\0" + "/.extra/sysext\0" /* put sysext picked up by systemd-stub last, since not trusted */ +}; + static Image *image_free(Image *i) { assert(i); @@ -441,6 +455,14 @@ static int image_make( return -EMEDIUMTYPE; } +static const char *pick_image_search_path(ImageClass class) { + if (class < 0 || class >= _IMAGE_CLASS_MAX) + return NULL; + + /* Use the initrd search path if there is one, otherwise use the common one */ + return in_initrd() && image_search_path_initrd[class] ? image_search_path_initrd[class] : image_search_path[class]; +} + int image_find(ImageClass class, const char *name, const char *root, @@ -456,7 +478,7 @@ int image_find(ImageClass class, if (!image_name_is_valid(name)) return -ENOENT; - NULSTR_FOREACH(path, image_search_path[class]) { + NULSTR_FOREACH(path, pick_image_search_path(class)) { _cleanup_free_ char *resolved = NULL; _cleanup_closedir_ DIR *d = NULL; struct stat st; @@ -555,7 +577,7 @@ int image_discover( assert(class < _IMAGE_CLASS_MAX); assert(h); - NULSTR_FOREACH(path, image_search_path[class]) { + NULSTR_FOREACH(path, pick_image_search_path(class)) { _cleanup_free_ char *resolved = NULL; _cleanup_closedir_ DIR *d = NULL; @@ -1284,7 +1306,7 @@ bool image_in_search_path( assert(image); - NULSTR_FOREACH(path, image_search_path[class]) { + NULSTR_FOREACH(path, pick_image_search_path(class)) { const char *p, *q; size_t k; diff --git a/units/systemd-sysext.service b/units/systemd-sysext.service index 9a8d4ebc5f..5999d38d35 100644 --- a/units/systemd-sysext.service +++ b/units/systemd-sysext.service @@ -15,6 +15,7 @@ ConditionCapability=CAP_SYS_ADMIN ConditionDirectoryNotEmpty=|/etc/extensions ConditionDirectoryNotEmpty=|/run/extensions ConditionDirectoryNotEmpty=|/var/lib/extensions +ConditionDirectoryNotEmpty=|/.extra/sysext DefaultDependencies=no After=local-fs.target |