diff options
author | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-01-21 18:32:44 +0000 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-01-21 18:32:44 +0000 |
commit | 4beda31698655b8cbc203c98baaf65d884b667ef (patch) | |
tree | a4839d223af5066897edd6d25ab2f77901116a91 /src | |
parent | 988172cecfeb56d87ccbf22cba94064c21f7bd5c (diff) | |
download | systemd-4beda31698655b8cbc203c98baaf65d884b667ef.tar.gz |
dissect: split verity_dissect_and_mount helper out for reuse
Diffstat (limited to 'src')
-rw-r--r-- | src/core/namespace.c | 66 | ||||
-rw-r--r-- | src/shared/dissect-image.c | 73 | ||||
-rw-r--r-- | src/shared/dissect-image.h | 2 |
3 files changed, 77 insertions, 64 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c index 12d9e4c867..db9a12319d 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -962,75 +962,13 @@ static int mount_run(const MountEntry *m) { } static int mount_images(const MountEntry *m) { - _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; - _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL; - _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL; - _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT; - DissectImageFlags dissect_image_flags; int r; assert(m); - r = verity_settings_load(&verity, mount_entry_source(m), NULL, NULL); - if (r < 0) - return log_debug_errno(r, "Failed to load root hash: %m"); - - dissect_image_flags = - (m->read_only ? DISSECT_IMAGE_READ_ONLY : 0) | - (verity.data_path ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0); - - r = loop_device_make_by_path( - mount_entry_source(m), - m->read_only ? O_RDONLY : -1 /* < 0 means writable if possible, read-only as fallback */, - verity.data_path ? 0 : LO_FLAGS_PARTSCAN, - &loop_device); - if (r < 0) - return log_debug_errno(r, "Failed to create loop device for image: %m"); - - r = dissect_image( - loop_device->fd, - &verity, - m->image_options, - dissect_image_flags, - &dissected_image); - /* No partition table? Might be a single-filesystem image, try again */ - if (!verity.data_path && r == -ENOPKG) - r = dissect_image( - loop_device->fd, - &verity, - m->image_options, - dissect_image_flags|DISSECT_IMAGE_NO_PARTITION_TABLE, - &dissected_image); - if (r < 0) - return log_debug_errno(r, "Failed to dissect image: %m"); - - r = dissected_image_decrypt( - dissected_image, - NULL, - &verity, - dissect_image_flags, - &decrypted_image); - if (r < 0) - return log_debug_errno(r, "Failed to decrypt dissected image: %m"); - - r = mkdir_p_label(mount_entry_path(m), 0755); - if (r < 0) - return log_debug_errno(r, "Failed to create destination directory %s: %m", mount_entry_path(m)); - r = umount_recursive(mount_entry_path(m), 0); - if (r < 0) - return log_debug_errno(r, "Failed to umount under destination directory %s: %m", mount_entry_path(m)); - - r = dissected_image_mount(dissected_image, mount_entry_path(m), UID_INVALID, dissect_image_flags); + r = verity_dissect_and_mount(mount_entry_source(m), mount_entry_path(m), m->image_options); if (r < 0) - return log_debug_errno(r, "Failed to mount image: %m"); - - if (decrypted_image) { - r = decrypted_image_relinquish(decrypted_image); - if (r < 0) - return log_debug_errno(r, "Failed to relinquish decrypted image: %m"); - } - - loop_device_relinquish(loop_device); + return log_debug_errno(r, "Failed to mount image %s on %s: %m", mount_entry_source(m), mount_entry_path(m)); return 1; } diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index f2634139f7..1643ae73be 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -2554,4 +2554,77 @@ static const char *const partition_designator_table[] = { [PARTITION_VAR] = "var", }; +int verity_dissect_and_mount(const char *src, const char *dest, const MountOptions *options) { + _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; + _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL; + _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL; + _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT; + DissectImageFlags dissect_image_flags; + int r; + + assert(src); + assert(dest); + + r = verity_settings_load(&verity, src, NULL, NULL); + if (r < 0) + return log_debug_errno(r, "Failed to load root hash: %m"); + + dissect_image_flags = verity.data_path ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0; + + r = loop_device_make_by_path( + src, + -1, + verity.data_path ? 0 : LO_FLAGS_PARTSCAN, + &loop_device); + if (r < 0) + return log_debug_errno(r, "Failed to create loop device for image: %m"); + + r = dissect_image( + loop_device->fd, + &verity, + options, + dissect_image_flags, + &dissected_image); + /* No partition table? Might be a single-filesystem image, try again */ + if (!verity.data_path && r == -ENOPKG) + r = dissect_image( + loop_device->fd, + &verity, + options, + dissect_image_flags|DISSECT_IMAGE_NO_PARTITION_TABLE, + &dissected_image); + if (r < 0) + return log_debug_errno(r, "Failed to dissect image: %m"); + + r = dissected_image_decrypt( + dissected_image, + NULL, + &verity, + dissect_image_flags, + &decrypted_image); + if (r < 0) + return log_debug_errno(r, "Failed to decrypt dissected image: %m"); + + r = mkdir_p_label(dest, 0755); + if (r < 0) + return log_debug_errno(r, "Failed to create destination directory %s: %m", dest); + r = umount_recursive(dest, 0); + if (r < 0) + return log_debug_errno(r, "Failed to umount under destination directory %s: %m", dest); + + r = dissected_image_mount(dissected_image, dest, UID_INVALID, dissect_image_flags); + if (r < 0) + return log_debug_errno(r, "Failed to mount image: %m"); + + if (decrypted_image) { + r = decrypted_image_relinquish(decrypted_image); + if (r < 0) + return log_debug_errno(r, "Failed to relinquish decrypted image: %m"); + } + + loop_device_relinquish(loop_device); + + return 0; +} + DEFINE_STRING_TABLE_LOOKUP(partition_designator, PartitionDesignator); diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h index 3b30e08f90..5466de5042 100644 --- a/src/shared/dissect-image.h +++ b/src/shared/dissect-image.h @@ -161,3 +161,5 @@ bool dissected_image_can_do_verity(const DissectedImage *image, PartitionDesigna bool dissected_image_has_verity(const DissectedImage *image, PartitionDesignator d); int mount_image_privately_interactively(const char *path, DissectImageFlags flags, char **ret_directory, LoopDevice **ret_loop_device, DecryptedImage **ret_decrypted_image); + +int verity_dissect_and_mount(const char *src, const char *dest, const MountOptions *options); |