morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

basic,shared: move a bunch of files to src/shared/

Browse Source 
The goal is to move everything that requires selinux or smack
away from src/basic/. This means that src/basic/label.[ch] must move,
which implies btrfs-util.[ch], copy.[ch], and a bunch of other files
which form a cluster of internal use.

This is just moving text around, so there should be no functional difference.

test-blockdev-util is new, because path_is_encrypted() is moved to
blockdev-util.c, and so far we didn't have any tests for code there.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
2021-06-21 23:13:10 +02:00
parent 2d32453bc8
commit b25a930f0e
28 changed files with 152 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
src/basic/fs-util.c
View File

@@ -8,7 +8,6 @@
#include <unistd.h>
#include "alloc-util.h"
#include "blockdev-util.h"
#include "dirent-util.h"
#include "fd-util.h"
#include "fileio.h"
@@ -1504,91 +1503,6 @@ int open_parent(const char *path, int flags, mode_t mode) {
return fd;
}
static int blockdev_is_encrypted(const char *sysfs_path, unsigned depth_left) {
_cleanup_free_ char *p = NULL, *uuids = NULL;
_cleanup_closedir_ DIR *d = NULL;
int r, found_encrypted = false;
assert(sysfs_path);
if (depth_left == 0)
return -EINVAL;
p = path_join(sysfs_path, "dm/uuid");
if (!p)
return -ENOMEM;
r = read_one_line_file(p, &uuids);
if (r != -ENOENT) {
if (r < 0)
return r;
/* The DM device's uuid attribute is prefixed with "CRYPT-" if this is a dm-crypt device. */
if (startswith(uuids, "CRYPT-"))
return true;
}
/* Not a dm-crypt device itself. But maybe it is on top of one? Follow the links in the "slaves/"
* subdir. */
p = mfree(p);
p = path_join(sysfs_path, "slaves");
if (!p)
return -ENOMEM;
d = opendir(p);
if (!d) {
if (errno == ENOENT) /* Doesn't have underlying devices */
return false;
return -errno;
}
for (;;) {
_cleanup_free_ char *q = NULL;
struct dirent *de;
errno = 0;
de = readdir_no_dot(d);
if (!de) {
if (errno != 0)
return -errno;
break; /* No more underlying devices */
}
q = path_join(p, de->d_name);
if (!q)
return -ENOMEM;
r = blockdev_is_encrypted(q, depth_left - 1);
if (r < 0)
return r;
if (r == 0) /* we found one that is not encrypted? then propagate that immediately */
return false;
found_encrypted = true;
}
return found_encrypted;
}
int path_is_encrypted(const char *path) {
char p[SYS_BLOCK_PATH_MAX(NULL)];
dev_t devt;
int r;
r = get_block_device(path, &devt);
if (r < 0)
return r;
if (r == 0) /* doesn't have a block device */
return false;
xsprintf_sys_block_path(p, NULL, devt);
return blockdev_is_encrypted(p, 10 /* safety net: maximum recursion depth */);
}
int conservative_renameat(
int olddirfd, const char *oldpath,
int newdirfd, const char *newpath) {

2
src/basic/fs-util.h
View File

@@ -145,8 +145,6 @@ int syncfs_path(int atfd, const char *path);
int open_parent(const char *path, int flags, mode_t mode);
int path_is_encrypted(const char *path);
int conservative_renameat(int olddirfd, const char *oldpath, int newdirfd, const char *newpath);
static inline int conservative_rename(const char *oldpath, const char *newpath) {
return conservative_renameat(AT_FDCWD, oldpath, AT_FDCWD, newpath);

18
src/basic/meson.build
View File

@@ -15,10 +15,6 @@ basic_sources = files('''
async.h
audit-util.c
audit-util.h
blockdev-util.c
blockdev-util.h
btrfs-util.c
btrfs-util.h
build.c
build.h
bus-label.c
@@ -33,12 +29,8 @@ basic_sources = files('''
chattr-util.h
conf-files.c
conf-files.h
copy.c
copy.h
creds-util.c
creds-util.h
data-fd-util.c
data-fd-util.h
def.h
dirent-util.c
dirent-util.h
@@ -85,8 +77,6 @@ basic_sources = files('''
ioprio.h
khash.c
khash.h
label.c
label.h
limits-util.c
limits-util.h
linux/btrfs.h
@@ -157,7 +147,6 @@ basic_sources = files('''
missing_syscall.h
missing_timerfd.h
missing_type.h
mkdir-label.c
mkdir.c
mkdir.h
mountpoint-util.c
@@ -200,10 +189,6 @@ basic_sources = files('''
replace-var.h
rlimit-util.c
rlimit-util.h
rm-rf.c
rm-rf.h
selinux-util.c
selinux-util.h
set.h
sigbus.c
sigbus.h
@@ -211,9 +196,6 @@ basic_sources = files('''
signal-util.h
siphash24.c
siphash24.h
smack-util.c
smack-util.h
socket-label.c
socket-util.c
socket-util.h
sort-util.c

1
src/home/homework.c
View File

@@ -3,6 +3,7 @@
#include <stddef.h>
#include <sys/mount.h>
#include "blockdev-util.h"
#include "chown-recursive.h"
#include "copy.h"
#include "fd-util.h"

1
src/libsystemd/sd-bus/bus-socket.c
View File

@@ -22,7 +22,6 @@
#include "path-util.h"
#include "process-util.h"
#include "rlimit-util.h"
#include "selinux-util.h"
#include "signal-util.h"
#include "stdio-util.h"
#include "string-util.h"

85
src/basic/blockdev-util.c → src/shared/blockdev-util.c
View File

@@ -256,3 +256,88 @@ int blockdev_partscan_enabled(int fd) {
return !FLAGS_SET(ull, GENHD_FL_NO_PART_SCAN);
}
static int blockdev_is_encrypted(const char *sysfs_path, unsigned depth_left) {
_cleanup_free_ char *p = NULL, *uuids = NULL;
_cleanup_closedir_ DIR *d = NULL;
int r, found_encrypted = false;
assert(sysfs_path);
if (depth_left == 0)
return -EINVAL;
p = path_join(sysfs_path, "dm/uuid");
if (!p)
return -ENOMEM;
r = read_one_line_file(p, &uuids);
if (r != -ENOENT) {
if (r < 0)
return r;
/* The DM device's uuid attribute is prefixed with "CRYPT-" if this is a dm-crypt device. */
if (startswith(uuids, "CRYPT-"))
return true;
}
/* Not a dm-crypt device itself. But maybe it is on top of one? Follow the links in the "slaves/"
* subdir. */
p = mfree(p);
p = path_join(sysfs_path, "slaves");
if (!p)
return -ENOMEM;
d = opendir(p);
if (!d) {
if (errno == ENOENT) /* Doesn't have underlying devices */
return false;
return -errno;
}
for (;;) {
_cleanup_free_ char *q = NULL;
struct dirent *de;
errno = 0;
de = readdir_no_dot(d);
if (!de) {
if (errno != 0)
return -errno;
break; /* No more underlying devices */
}
q = path_join(p, de->d_name);
if (!q)
return -ENOMEM;
r = blockdev_is_encrypted(q, depth_left - 1);
if (r < 0)
return r;
if (r == 0) /* we found one that is not encrypted? then propagate that immediately */
return false;
found_encrypted = true;
}
return found_encrypted;
}
int path_is_encrypted(const char *path) {
char p[SYS_BLOCK_PATH_MAX(NULL)];
dev_t devt;
int r;
r = get_block_device(path, &devt);
if (r < 0)
return r;
if (r == 0) /* doesn't have a block device */
return false;
xsprintf_sys_block_path(p, NULL, devt);
return blockdev_is_encrypted(p, 10 /* safety net: maximum recursion depth */);
}

2
src/basic/blockdev-util.h → src/shared/blockdev-util.h
View File

@@ -22,3 +22,5 @@ int get_block_device_harder(const char *path, dev_t *dev);
int lock_whole_block_device(dev_t devt, int operation);
int blockdev_partscan_enabled(int fd);
int path_is_encrypted(const char *path);

0
src/basic/btrfs-util.c → src/shared/btrfs-util.c
View File

0
src/basic/btrfs-util.h → src/shared/btrfs-util.h
View File

1
src/shared/condition.c
View File

@@ -17,6 +17,7 @@
#include "apparmor-util.h"
#include "architecture.h"
#include "audit-util.h"
#include "blockdev-util.h"
#include "cap-list.h"
#include "cgroup-util.h"
#include "condition.h"

0
src/basic/copy.c → src/shared/copy.c
View File

0
src/basic/copy.h → src/shared/copy.h
View File

0
src/basic/data-fd-util.c → src/shared/data-fd-util.c
View File

0
src/basic/data-fd-util.h → src/shared/data-fd-util.h
View File

0
src/basic/label.c → src/shared/label.c
View File

0
src/basic/label.h → src/shared/label.h
View File

18
src/shared/meson.build
View File

@@ -17,6 +17,8 @@ shared_sources = files('''
bitmap.c
bitmap.h
blkid-util.h
blockdev-util.c
blockdev-util.h
bond-util.c
bond-util.h
boot-timestamps.c
@@ -29,6 +31,8 @@ shared_sources = files('''
bpf-program.h
bridge-util.c
bridge-util.h
btrfs-util.c
btrfs-util.h
bus-get-properties.c
bus-get-properties.h
bus-locator.c
@@ -71,6 +75,8 @@ shared_sources = files('''
condition.h
conf-parser.c
conf-parser.h
copy.c
copy.h
coredump-util.c
coredump-util.h
cpu-set-util.c
@@ -78,6 +84,8 @@ shared_sources = files('''
cryptsetup-util.c
cryptsetup-util.h
daemon-util.h
data-fd-util.c
data-fd-util.h
dev-setup.c
dev-setup.h
device-nodes.c
@@ -161,6 +169,8 @@ shared_sources = files('''
kbd-util.h
killall.c
killall.h
label.c
label.h
libcrypt-util.c
libcrypt-util.h
libfido2-util.c
@@ -190,6 +200,7 @@ shared_sources = files('''
macvlan-util.c
macvlan-util.h
main-func.h
mkdir-label.c
mkfs-util.c
mkfs-util.h
module-util.h
@@ -235,15 +246,22 @@ shared_sources = files('''
resize-fs.h
resolve-util.c
resolve-util.h
rm-rf.c
rm-rf.h
seccomp-util.h
securebits-util.c
securebits-util.h
selinux-util.c
selinux-util.h
serialize.c
serialize.h
service-util.c
service-util.h
sleep-config.c
sleep-config.h
smack-util.c
smack-util.h
socket-label.c
socket-netlink.c
socket-netlink.h
spawn-ask-password-agent.c

0
src/basic/mkdir-label.c → src/shared/mkdir-label.c
View File

0
src/basic/rm-rf.c → src/shared/rm-rf.c
View File

0
src/basic/rm-rf.h → src/shared/rm-rf.h
View File

0
src/basic/selinux-util.c → src/shared/selinux-util.c
View File

0
src/basic/selinux-util.h → src/shared/selinux-util.h
View File

0
src/basic/smack-util.c → src/shared/smack-util.c
View File

0
src/basic/smack-util.h → src/shared/smack-util.h
View File

0
src/basic/socket-label.c → src/shared/socket-label.c
View File

2
src/test/meson.build
View File

@@ -146,6 +146,8 @@ tests += [
[['src/test/test-utf8.c']],
[['src/test/test-blockdev-util.c']],
[['src/test/test-dev-setup.c']],
[['src/test/test-capability.c'],

43
src/test/test-blockdev-util.c Normal file
View File

@@ -0,0 +1,43 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "blockdev-util.h"
#include "errno-util.h"
#include "tests.h"
static void test_path_is_encrypted_one(const char *p, int expect) {
int r;
r = path_is_encrypted(p);
if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) /* This might fail, if btrfs is used and we run in a
* container. In that case we cannot resolve the device node paths that
* BTRFS_IOC_DEV_INFO returns, because the device nodes are unlikely to exist in
* the container. But if we can't stat() them we cannot determine the dev_t of
* them, and thus cannot figure out if they are enrypted. Hence let's just ignore
* ENOENT here. Also skip the test if we lack privileges. */
return;
assert_se(r >= 0);
log_info("%s encrypted: %s", p, yes_no(r));
assert_se(expect < 0 || ((r > 0) == (expect > 0)));
}
static void test_path_is_encrypted(void) {
int booted = sd_booted(); /* If this is run in build environments such as koji, /dev might be a
* reguar fs. Don't assume too much if not running under systemd. */
log_info("/* %s (sd_booted=%d) */", __func__, booted);
test_path_is_encrypted_one("/home", -1);
test_path_is_encrypted_one("/var", -1);
test_path_is_encrypted_one("/", -1);
test_path_is_encrypted_one("/proc", false);
test_path_is_encrypted_one("/sys", false);
test_path_is_encrypted_one("/dev", booted > 0 ? false : -1);
}
int main(int argc, char **argv) {
test_setup_logging(LOG_INFO);
test_path_is_encrypted();
}

33
src/test/test-fs-util.c
View File

@@ -805,38 +805,6 @@ static void test_chmod_and_chown(void) {
assert_se(S_ISLNK(st.st_mode));
}
static void test_path_is_encrypted_one(const char *p, int expect) {
int r;
r = path_is_encrypted(p);
if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) /* This might fail, if btrfs is used and we run in a
* container. In that case we cannot resolve the device node paths that
* BTRFS_IOC_DEV_INFO returns, because the device nodes are unlikely to exist in
* the container. But if we can't stat() them we cannot determine the dev_t of
* them, and thus cannot figure out if they are enrypted. Hence let's just ignore
* ENOENT here. Also skip the test if we lack privileges. */
return;
assert_se(r >= 0);
log_info("%s encrypted: %s", p, yes_no(r));
assert_se(expect < 0 || ((r > 0) == (expect > 0)));
}
static void test_path_is_encrypted(void) {
int booted = sd_booted(); /* If this is run in build environments such as koji, /dev might be a
* reguar fs. Don't assume too much if not running under systemd. */
log_info("/* %s (sd_booted=%d) */", __func__, booted);
test_path_is_encrypted_one("/home", -1);
test_path_is_encrypted_one("/var", -1);
test_path_is_encrypted_one("/", -1);
test_path_is_encrypted_one("/proc", false);
test_path_is_encrypted_one("/sys", false);
test_path_is_encrypted_one("/dev", booted > 0 ? false : -1);
}
static void create_binary_file(const char *p, const void *data, size_t l) {
_cleanup_close_ int fd = -1;
@@ -914,7 +882,6 @@ int main(int argc, char *argv[]) {
test_fsync_directory_of_file();
test_rename_noreplace();
test_chmod_and_chown();
test_path_is_encrypted();
test_conservative_rename();
return 0;