getty-generator: allow configuring additional gettys via credentials

2026-04-14 00:14:32 +09:00 · 2023-06-23 22:50:34 +02:00
parent 51235f2fe6
commit cdd133b3dd
3 changed files with 82 additions and 1 deletions
--- a/man/systemd-getty-generator.xml
+++ b/man/systemd-getty-generator.xml
@@ -85,11 +85,29 @@
    </variablelist>
  </refsect1>

+  <refsect1>
+    <title>System Credentials</title>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>getty.ttys.serial</varname></term>
+        <term><varname>getty.ttys.container</varname></term>
+
+        <listitem><para>These system credentials may be used to spawn additional login prompts on selected
+        TTYs. The two credentials should contain a newline-separated list of TTY names to spawn instances of
+        <filename>serial-getty@.service</filename> (in case of <varname>getty.ttys.serial</varname>) and
+        <filename>container-getty@.service</filename> (in case of <varname>getty.ttys.container</varname>)
+        on.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd.system-credentials</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>agetty</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
--- a/man/systemd.system-credentials.xml
+++ b/man/systemd.system-credentials.xml
@@ -207,6 +207,14 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><varname>getty.ttys.serial</varname></term>
+        <term><varname>getty.ttys.container</varname></term>
+
+        <listitem><para>Used for spawning additional login prompts, see
+        <citerefentry><refentrytitle>systemd-getty-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details.</para></listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><varname>vmm.notify_socket</varname></term>
        <listitem>
--- a/src/getty-generator/getty-generator.c
+++ b/src/getty-generator/getty-generator.c
@@ -5,6 +5,7 @@
 #include <unistd.h>

 #include "alloc-util.h"
+#include "creds-util.h"
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
@@ -13,8 +14,8 @@
 #include "mkdir-label.h"
 #include "parse-util.h"
 #include "path-util.h"
-#include "process-util.h"
 #include "proc-cmdline.h"
+#include "process-util.h"
 #include "strv.h"
 #include "terminal-util.h"
 #include "unit-name.h"
@@ -141,6 +142,56 @@ static int run_container(void) {
        }
 }

+static int add_credential_gettys(void) {
+        static const struct {
+                const char *credential_name;
+                int (*func)(const char *tty);
+        } table[] = {
+                { "getty.ttys.serial",    add_serial_getty     },
+                { "getty.ttys.container", add_container_getty  },
+        };
+        int r;
+
+        FOREACH_ARRAY(t, table, ELEMENTSOF(table)) {
+                _cleanup_free_ char *b = NULL;
+                size_t sz = 0;
+
+                r = read_credential_with_decryption(t->credential_name, (void*) &b, &sz);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
+                _cleanup_fclose_ FILE *f = NULL;
+                f = fmemopen_unlocked(b, sz, "r");
+                if (!f)
+                        return log_oom();
+
+                for (;;) {
+                        _cleanup_free_ char *tty = NULL;
+                        char *s;
+
+                        r = read_line(f, PATH_MAX, &tty);
+                        if (r == 0)
+                                break;
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to parse credential %s: %m", t->credential_name);
+                                break;
+                        }
+
+                        s = strstrip(tty);
+                        if (startswith(s, "#"))
+                                continue;
+
+                        r = t->func(s);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        return 0;
+}
+
 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
        int r;

@@ -183,6 +234,10 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
                return 0;
        }

+        r = add_credential_gettys();
+        if (r < 0)
+                return r;
+
        if (detect_container() > 0)
                /* Add console shell and look at $container_ttys, but don't do add any
                 * further magic if we are in a container. */