If the image name is different from the filename then show it in the
output, since it's relevant for finding sysext/confext release files.
(Image name is typically the filename without the ".raw" suffix and
similar).
So far, if some component mounts a DDI in some local mount namespace we
created a temporary mountpoint in /tmp/ for that. Let's instead use the
same directory inode in /run/ instead. This is safe, since if everything
runs in a local mount namespace (with propagation on /run/ off) then
they shouldn't fight for the inode. And it relieves us from having to
clean up the directory after use. Morever, it allows us to run without
/tmp/ mounted.
This only moves dissect-image.c and the dissec tool over. More stuff is
moved over later.
We had both uid-range.h and uid-alloc-range.h. The latter now contains helpers
like {uid,gid}_is_{system,dynamic,container}(), uid_for_system_journal(), so
the existing name is outdated. I think the uid-range.[ch] should stay separate
because it has a bunch of helpers for parsing and printing of uid ranges. So
let's rename as in $subject to better reflect the contents of the file and make
the two sets of files harder to confuse.
It's pointless showing info that isn#t going to survive the current
invocation, hence hide it.
The "partition number" column is more useful since it kinda shows the
same information, but without the device node name prefixed that is
local to the currentl invocation.
These tests are already done at two places, let's unify them in one
place, and tweak them slightly (specifically: require for considering a
DDI bootable in UEFI we also need need an init system inside).
This reworks the image discovery logic, and conceptually allows DDIs
that are both confext and sysext to exist. Previously we'd only extract
one type of exension data from a DDI, with this we allow to extract both
if both exist.
This doesn't add support for true "multi-modal" DDIs, that qualify as
various things at once, it just lays some ground work that ensures we at
least can dissect such images.
This reworks 484d26dac1 quite a bit.
This changes systemd-dissect's JSON output, but given the
version with the fields it changes/dops has never been released (as the
above patch was merged post-v254) this shouldn't be an issue.
The ioctl() failure we handle gracefully, hence also reflect that in the
JSON output.
(While we are at it, bring JSON output into same order as textual
output, i.e. move uuid down a bit.)
This adds support for the new fsmount() logic of the kernel: we'll first
create an unattached fsmount fd, and then in a second step attach this
to some real file system inode – as opposed to attaching file system
directly. The benefit of this is that we can pass the open fsmount fds
over some sockets if need be, to isolate the mounting code from the
attaching code.
The subvolumes set is a set of source inodes similar to how the
denylist hashmap contains source inodes as keys. It indicates
directories in the source tree that should become subvolumes in
the target tree.
--copy-to, --copy-from, --list and --mtree are useful for image directories
as well as image files, so for those verbs, let's check if we were passed
a directory and skip all the image file setup if that's the case.
If we don't find a single useful partition table, refusing dissection.
(Except in systemd-dissect, when we are supposed to show DDI
information, in that case allow this to run and show general DDI
information, i.e. size, UUID and name at least)
This allows unprivileged validation of DDIs. Only superficial structure,
i.e. not mounting or so. This becomes particularly handy in the
integration tests, and to validate image policies.
Chasing symlinks is a core function that's used in a lot of places
so it deservers a less verbose names so let's rename it to chase()
and chaseat().
We also slightly change the pattern used for the chaseat() helpers
so we get chase_and_openat() and similar.
Let's avoid any ambiguities around paths, and make them absolute when
accepting them, like we do in most our tools now. This makes us
independent of the current working directory and allows us to change it
without issues or pass around the paths elsewhere if need be.
Let's invoke dissected_image_decrypt_interactively() at once place only,
instead of in each function separately.
No actual changes, just some minor refactoring.
When attaching a loopback file this allows us to set an explicit name
for it. This is useful since it allows a caller to pre-select a string
that is directly attached to the loopback file. Via udev rules we'l
later make the device accessible through this name.
Note that "lo_file_name" is supposed to carry a file name of the backing
file, but the kernel actually does not care or enforce any of that, it
just stores the filename and returns it later. This makes it so useful,
as userspace has total control of that field.
"lo_file_name" should not be confused with the sysattr
"loop/backing_file" which is actually maintained by the kernel itself,
and always shows the file to the backing inode without userspace having
direct control over the returned string. Because the sysattr is
generated by the kernel it is subject to file system namespacing and
everything, while "lo_file_name" is not, it's really just a string
passed through the kernel.
Sometimes it is useful attaching DDIs without mounting them. We could
use "losetup" for that, but doing this in systemd-dissect has various
benefits:
1. we superficially validate the DDI first
2. we set the sector size depending on what we determine
3. we synchronously create the per-partition block devices
With this change we'll install a symlink /sbin/mount.ddi →
systemd-dissect. If invoked that way we'll do the equivalent of
systemd-dissect --mount.
This makes DDIs mountable directly via the "mount" command, by
specifying the "-t ddi" pseudo file system type. Moreover you can now
mount DDIs directly via /etc/fstab, by specifying "ddi" in the file
system column (3rd column).
