static void test_netns(void) {
_cleanup_close_pipe_ int s[2] = { -1, -1 };
pid_t pid1, pid2, pid3;
int r, n = 0;
siginfo_t si;
if (geteuid() > 0)
return;
assert_se(socketpair(AF_UNIX, SOCK_DGRAM, 0, s) >= 0);
pid1 = fork();
assert_se(pid1 >= 0);
if (pid1 == 0) {
r = setup_netns(s);
assert_se(r >= 0);
_exit(r);
}
pid2 = fork();
assert_se(pid2 >= 0);
if (pid2 == 0) {
r = setup_netns(s);
assert_se(r >= 0);
exit(r);
}
pid3 = fork();
assert_se(pid3 >= 0);
if (pid3 == 0) {
r = setup_netns(s);
assert_se(r >= 0);
exit(r);
}
r = wait_for_terminate(pid1, &si);
assert_se(r >= 0);
assert_se(si.si_code == CLD_EXITED);
n += si.si_status;
r = wait_for_terminate(pid2, &si);
assert_se(r >= 0);
assert_se(si.si_code == CLD_EXITED);
n += si.si_status;
r = wait_for_terminate(pid3, &si);
assert_se(r >= 0);
assert_se(si.si_code == CLD_EXITED);
n += si.si_status;
assert_se(n == 1);
}
TarPull* tar_pull_unref(TarPull *i) {
if (!i)
return NULL;
if (i->tar_pid > 1) {
(void) kill_and_sigcont(i->tar_pid, SIGKILL);
(void) wait_for_terminate(i->tar_pid, NULL);
}
pull_job_unref(i->tar_job);
pull_job_unref(i->settings_job);
pull_job_unref(i->checksum_job);
pull_job_unref(i->signature_job);
curl_glue_unref(i->glue);
sd_event_unref(i->event);
if (i->temp_path) {
(void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
free(i->temp_path);
}
if (i->settings_temp_path) {
(void) unlink(i->settings_temp_path);
free(i->settings_temp_path);
}
free(i->final_path);
free(i->settings_path);
free(i->image_root);
free(i->local);
return mfree(i);
}
TarImport* tar_import_unref(TarImport *i) {
if (!i)
return NULL;
if (i->tar_pid > 1) {
(void) kill_and_sigcont(i->tar_pid, SIGKILL);
(void) wait_for_terminate(i->tar_pid, NULL);
}
import_job_unref(i->tar_job);
import_job_unref(i->checksum_job);
import_job_unref(i->signature_job);
curl_glue_unref(i->glue);
sd_event_unref(i->event);
if (i->temp_path) {
(void) btrfs_subvol_remove(i->temp_path);
(void) rm_rf_dangerous(i->temp_path, false, true, false);
free(i->temp_path);
}
free(i->final_path);
free(i->image_root);
free(i->local);
free(i);
return NULL;
}
TarExport *tar_export_unref(TarExport *e) {
if (!e)
return NULL;
sd_event_source_unref(e->output_event_source);
if (e->tar_pid > 1) {
(void) kill_and_sigcont(e->tar_pid, SIGKILL);
(void) wait_for_terminate(e->tar_pid, NULL);
}
if (e->temp_path) {
(void) btrfs_subvol_remove(e->temp_path, BTRFS_REMOVE_QUOTA);
free(e->temp_path);
}
import_compress_free(&e->compress);
sd_event_unref(e->event);
safe_close(e->tar_fd);
free(e->buffer);
free(e->path);
free(e);
return NULL;
}
TarImport* tar_import_unref(TarImport *i) {
if (!i)
return NULL;
sd_event_source_unref(i->input_event_source);
if (i->tar_pid > 1) {
(void) kill_and_sigcont(i->tar_pid, SIGKILL);
(void) wait_for_terminate(i->tar_pid, NULL);
}
if (i->temp_path) {
(void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
free(i->temp_path);
}
import_compress_free(&i->compress);
sd_event_unref(i->event);
safe_close(i->tar_fd);
free(i->final_path);
free(i->image_root);
free(i->local);
free(i);
return NULL;
}
static void test_getpid_cached(void) {
siginfo_t si;
pid_t a, b, c, d, e, f, child;
a = raw_getpid();
b = getpid_cached();
c = getpid();
assert_se(a == b && a == c);
child = fork();
assert_se(child >= 0);
if (child == 0) {
/* In child */
a = raw_getpid();
b = getpid_cached();
c = getpid();
assert_se(a == b && a == c);
_exit(EXIT_SUCCESS);
}
d = raw_getpid();
e = getpid_cached();
f = getpid();
assert_se(a == d && a == e && a == f);
assert_se(wait_for_terminate(child, &si) >= 0);
assert_se(si.si_status == 0);
assert_se(si.si_code == CLD_EXITED);
}
static void test_rename_process_multi(void) {
pid_t pid;
pid = fork();
assert_se(pid >= 0);
if (pid > 0) {
siginfo_t si;
assert_se(wait_for_terminate(pid, &si) >= 0);
assert_se(si.si_code == CLD_EXITED);
assert_se(si.si_status == EXIT_SUCCESS);
return;
}
/* child */
test_rename_process_now("one", 1);
test_rename_process_now("more", 0); /* longer than "one", hence truncated */
(void) setresuid(99, 99, 99); /* change uid when running privileged */
test_rename_process_now("time!", 0);
test_rename_process_now("0", 1); /* shorter than "one", should fit */
test_rename_process_one("", -EINVAL);
test_rename_process_one(NULL, -EINVAL);
_exit(EXIT_SUCCESS);
}
void polkit_agent_close(void) {
if (agent_pid <= 0)
return;
/* Inform agent that we are done */
kill(agent_pid, SIGTERM);
kill(agent_pid, SIGCONT);
(void) wait_for_terminate(agent_pid, NULL);
agent_pid = 0;
}
void pager_close(void) {
if (pager_pid <= 0)
return;
/* Inform pager that we are done */
fclose(stdout);
kill(pager_pid, SIGCONT);
(void) wait_for_terminate(pager_pid, NULL);
pager_pid = 0;
}
int show_man_page(const char *desc, bool null_stdio) {
const char *args[4] = { "man", NULL, NULL, NULL };
char *e = NULL;
pid_t pid;
size_t k;
int r;
siginfo_t status;
k = strlen(desc);
if (desc[k-1] == ')')
e = strrchr(desc, '(');
if (e) {
char *page = NULL, *section = NULL;
page = strndupa(desc, e - desc);
section = strndupa(e + 1, desc + k - e - 2);
args[1] = section;
args[2] = page;
} else
args[1] = desc;
pid = fork();
if (pid < 0)
return log_error_errno(errno, "Failed to fork: %m");
if (pid == 0) {
/* Child */
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
if (null_stdio) {
r = make_null_stdio();
if (r < 0) {
log_error_errno(r, "Failed to kill stdio: %m");
_exit(EXIT_FAILURE);
}
}
execvp(args[0], (char**) args);
log_error_errno(errno, "Failed to execute man: %m");
_exit(EXIT_FAILURE);
}
r = wait_for_terminate(pid, &status);
if (r < 0)
return r;
log_debug("Exit code %i status %i", status.si_code, status.si_status);
return status.si_status;
}
void ask_password_agent_close(void) {
if (agent_pid <= 0)
return;
/* Inform agent that we are done */
(void) kill(agent_pid, SIGTERM);
(void) kill(agent_pid, SIGCONT);
(void) wait_for_terminate(agent_pid, NULL);
agent_pid = 0;
}
static int found_override(const char *top, const char *bottom) {
_cleanup_free_ char *dest = NULL;
int k;
pid_t pid;
assert(top);
assert(bottom);
if (null_or_empty_path(top) > 0) {
notify_override_masked(top, bottom);
return 0;
}
k = readlink_malloc(top, &dest);
if (k >= 0) {
if (equivalent(dest, bottom) > 0)
notify_override_equivalent(top, bottom);
else
notify_override_redirected(top, bottom);
return 0;
}
notify_override_overridden(top, bottom);
if (!arg_diff)
return 0;
putchar('\n');
fflush(stdout);
pid = fork();
if (pid < 0) {
log_error("Failed to fork off diff: %m");
return -errno;
} else if (pid == 0) {
execlp("diff", "diff", "-us", "--", bottom, top, NULL);
log_error("Failed to execute diff: %m");
_exit(1);
}
wait_for_terminate(pid, NULL);
putchar('\n');
return 0;
}
static void test_rename_process_one(const char *p, int ret) {
siginfo_t si;
pid_t pid;
pid = fork();
assert_se(pid >= 0);
if (pid == 0) {
/* child */
test_rename_process_now(p, ret);
_exit(EXIT_SUCCESS);
}
assert_se(wait_for_terminate(pid, &si) >= 0);
assert_se(si.si_code == CLD_EXITED);
assert_se(si.si_status == EXIT_SUCCESS);
}
static void test_safe_fork(void) {
siginfo_t status;
pid_t pid;
int r;
BLOCK_SIGNALS(SIGCHLD);
r = safe_fork("(test-child)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_NULL_STDIO|FORK_REOPEN_LOG, &pid);
assert_se(r >= 0);
if (r == 0) {
/* child */
usleep(100 * USEC_PER_MSEC);
_exit(88);
}
assert_se(wait_for_terminate(pid, &status) >= 0);
assert_se(status.si_code == CLD_EXITED);
assert_se(status.si_status == 88);
}
DkrPull* dkr_pull_unref(DkrPull *i) {
if (!i)
return NULL;
if (i->tar_pid > 1) {
(void) kill_and_sigcont(i->tar_pid, SIGKILL);
(void) wait_for_terminate(i->tar_pid, NULL);
}
pull_job_unref(i->images_job);
pull_job_unref(i->tags_job);
pull_job_unref(i->ancestry_job);
pull_job_unref(i->json_job);
pull_job_unref(i->layer_job);
curl_glue_unref(i->glue);
sd_event_unref(i->event);
if (i->temp_path) {
(void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
free(i->temp_path);
}
free(i->name);
free(i->reference);
free(i->id);
free(i->response_token);
free(i->response_registries);
strv_free(i->ancestry);
free(i->final_path);
free(i->index_url);
free(i->image_root);
free(i->local);
free(i);
return NULL;
}
int main(int argc, char *argv[]) {
const char *cmdline[9];
int i = 0, r = EXIT_FAILURE, q;
pid_t pid;
siginfo_t status;
struct udev *udev = NULL;
struct udev_device *udev_device = NULL;
const char *device;
bool root_directory;
int progress_pipe[2] = { -1, -1 };
char dash_c[2+10+1];
if (argc > 2) {
log_error("This program expects one or no arguments.");
return EXIT_FAILURE;
}
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
log_open();
umask(0022);
parse_proc_cmdline();
test_files();
if (!arg_force && arg_skip)
return 0;
if (argc > 1) {
device = argv[1];
root_directory = false;
} else {
struct stat st;
struct timespec times[2];
/* Find root device */
if (stat("/", &st) < 0) {
log_error("Failed to stat() the root directory: %m");
goto finish;
}
/* Virtual root devices don't need an fsck */
if (major(st.st_dev) == 0)
return 0;
/* check if we are already writable */
times[0] = st.st_atim;
times[1] = st.st_mtim;
if (utimensat(AT_FDCWD, "/", times, 0) == 0) {
log_info("Root directory is writable, skipping check.");
return 0;
}
if (!(udev = udev_new())) {
log_oom();
goto finish;
}
if (!(udev_device = udev_device_new_from_devnum(udev, 'b', st.st_dev))) {
log_error("Failed to detect root device.");
goto finish;
}
if (!(device = udev_device_get_devnode(udev_device))) {
log_error("Failed to detect device node of root directory.");
goto finish;
}
root_directory = true;
}
if (arg_show_progress)
if (pipe(progress_pipe) < 0) {
log_error("pipe(): %m");
goto finish;
}
cmdline[i++] = "/sbin/fsck";
cmdline[i++] = "-a";
cmdline[i++] = "-T";
cmdline[i++] = "-l";
if (!root_directory)
cmdline[i++] = "-M";
if (arg_force)
cmdline[i++] = "-f";
if (progress_pipe[1] >= 0) {
snprintf(dash_c, sizeof(dash_c), "-C%i", progress_pipe[1]);
char_array_0(dash_c);
cmdline[i++] = dash_c;
}
cmdline[i++] = device;
cmdline[i++] = NULL;
pid = fork();
if (pid < 0) {
log_error("fork(): %m");
goto finish;
} else if (pid == 0) {
/* Child */
if (progress_pipe[0] >= 0)
close_nointr_nofail(progress_pipe[0]);
execv(cmdline[0], (char**) cmdline);
_exit(8); /* Operational error */
}
if (progress_pipe[1] >= 0) {
close_nointr_nofail(progress_pipe[1]);
progress_pipe[1] = -1;
}
if (progress_pipe[0] >= 0) {
process_progress(progress_pipe[0]);
progress_pipe[0] = -1;
}
q = wait_for_terminate(pid, &status);
if (q < 0) {
log_error("waitid(): %s", strerror(-q));
goto finish;
}
if (status.si_code != CLD_EXITED || (status.si_status & ~1)) {
if (status.si_code == CLD_KILLED || status.si_code == CLD_DUMPED)
log_error("fsck terminated by signal %s.", signal_to_string(status.si_status));
else if (status.si_code == CLD_EXITED)
log_error("fsck failed with error code %i.", status.si_status);
else
log_error("fsck failed due to unknown reason.");
if (status.si_code == CLD_EXITED && (status.si_status & 2) && root_directory)
/* System should be rebooted. */
start_target(SPECIAL_REBOOT_TARGET, false);
else if (status.si_code == CLD_EXITED && (status.si_status & 6))
/* Some other problem */
start_target(SPECIAL_EMERGENCY_TARGET, true);
else {
r = EXIT_SUCCESS;
log_warning("Ignoring error.");
}
} else
r = EXIT_SUCCESS;
if (status.si_code == CLD_EXITED && (status.si_status & 1))
touch("/run/systemd/quotacheck");
finish:
if (udev_device)
udev_device_unref(udev_device);
if (udev)
udev_unref(udev);
close_pipe(progress_pipe);
return r;
}
static void test_get_process_cmdline_harder(void) {
char path[] = "/tmp/test-cmdlineXXXXXX";
_cleanup_close_ int fd = -1;
_cleanup_free_ char *line = NULL;
pid_t pid;
if (geteuid() != 0)
return;
#ifdef HAVE_VALGRIND_VALGRIND_H
/* valgrind patches open(/proc//cmdline)
* so, test_get_process_cmdline_harder fails always
* See https://github.com/systemd/systemd/pull/3555#issuecomment-226564908 */
if (RUNNING_ON_VALGRIND)
return;
#endif
pid = fork();
if (pid > 0) {
siginfo_t si;
(void) wait_for_terminate(pid, &si);
assert_se(si.si_code == CLD_EXITED);
assert_se(si.si_status == 0);
return;
}
assert_se(pid == 0);
assert_se(unshare(CLONE_NEWNS) >= 0);
fd = mkostemp(path, O_CLOEXEC);
assert_se(fd >= 0);
assert_se(mount(path, "/proc/self/cmdline", "bind", MS_BIND, NULL) >= 0);
assert_se(unlink(path) >= 0);
assert_se(prctl(PR_SET_NAME, "testa") >= 0);
assert_se(get_process_cmdline(getpid(), 0, false, &line) == -ENOENT);
assert_se(get_process_cmdline(getpid(), 0, true, &line) >= 0);
assert_se(streq(line, "[testa]"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 1, true, &line) >= 0);
assert_se(streq(line, ""));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 2, true, &line) >= 0);
assert_se(streq(line, "["));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 3, true, &line) >= 0);
assert_se(streq(line, "[."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 4, true, &line) >= 0);
assert_se(streq(line, "[.."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 5, true, &line) >= 0);
assert_se(streq(line, "[..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 6, true, &line) >= 0);
assert_se(streq(line, "[...]"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 7, true, &line) >= 0);
assert_se(streq(line, "[t...]"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 8, true, &line) >= 0);
assert_se(streq(line, "[testa]"));
line = mfree(line);
assert_se(write(fd, "\0\0\0\0\0\0\0\0\0", 10) == 10);
assert_se(get_process_cmdline(getpid(), 0, false, &line) == -ENOENT);
assert_se(get_process_cmdline(getpid(), 0, true, &line) >= 0);
assert_se(streq(line, "[testa]"));
line = mfree(line);
assert_se(write(fd, "foo\0bar\0\0\0\0\0", 10) == 10);
assert_se(get_process_cmdline(getpid(), 0, false, &line) >= 0);
assert_se(streq(line, "foo bar"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 0, true, &line) >= 0);
assert_se(streq(line, "foo bar"));
line = mfree(line);
assert_se(write(fd, "quux", 4) == 4);
assert_se(get_process_cmdline(getpid(), 0, false, &line) >= 0);
assert_se(streq(line, "foo bar quux"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 0, true, &line) >= 0);
assert_se(streq(line, "foo bar quux"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 1, true, &line) >= 0);
assert_se(streq(line, ""));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 2, true, &line) >= 0);
assert_se(streq(line, "."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 3, true, &line) >= 0);
assert_se(streq(line, ".."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 4, true, &line) >= 0);
assert_se(streq(line, "..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 5, true, &line) >= 0);
assert_se(streq(line, "f..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 6, true, &line) >= 0);
assert_se(streq(line, "fo..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 7, true, &line) >= 0);
assert_se(streq(line, "foo..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 8, true, &line) >= 0);
assert_se(streq(line, "foo..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 9, true, &line) >= 0);
assert_se(streq(line, "foo b..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 10, true, &line) >= 0);
assert_se(streq(line, "foo ba..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 11, true, &line) >= 0);
assert_se(streq(line, "foo bar..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 12, true, &line) >= 0);
assert_se(streq(line, "foo bar..."));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 13, true, &line) >= 0);
assert_se(streq(line, "foo bar quux"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 14, true, &line) >= 0);
assert_se(streq(line, "foo bar quux"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 1000, true, &line) >= 0);
assert_se(streq(line, "foo bar quux"));
line = mfree(line);
assert_se(ftruncate(fd, 0) >= 0);
assert_se(prctl(PR_SET_NAME, "aaaa bbbb cccc") >= 0);
assert_se(get_process_cmdline(getpid(), 0, false, &line) == -ENOENT);
assert_se(get_process_cmdline(getpid(), 0, true, &line) >= 0);
assert_se(streq(line, "[aaaa bbbb cccc]"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 10, true, &line) >= 0);
assert_se(streq(line, "[aaaa...]"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 11, true, &line) >= 0);
assert_se(streq(line, "[aaaa...]"));
line = mfree(line);
assert_se(get_process_cmdline(getpid(), 12, true, &line) >= 0);
assert_se(streq(line, "[aaaa b...]"));
line = mfree(line);
safe_close(fd);
_exit(0);
}
int bus_container_connect_kernel(sd_bus *b) {
_cleanup_close_pair_ int pair[2] = { -1, -1 };
_cleanup_close_ int pidnsfd = -1, mntnsfd = -1, rootfd = -1;
union {
struct cmsghdr cmsghdr;
uint8_t buf[CMSG_SPACE(sizeof(int))];
} control = {};
struct msghdr mh = {
.msg_control = &control,
.msg_controllen = sizeof(control),
};
struct cmsghdr *cmsg;
pid_t leader, child;
siginfo_t si;
int r;
_cleanup_close_ int fd = -1;
assert(b);
assert(b->input_fd < 0);
assert(b->output_fd < 0);
r = container_get_leader(b->machine, &leader);
if (r < 0)
return r;
r = namespace_open(leader, &pidnsfd, &mntnsfd, &rootfd);
if (r < 0)
return r;
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0)
return -errno;
child = fork();
if (child < 0)
return -errno;
if (child == 0) {
pid_t grandchild;
pair[0] = safe_close(pair[0]);
r = namespace_enter(pidnsfd, mntnsfd, rootfd);
if (r < 0)
_exit(EXIT_FAILURE);
/* We just changed PID namespace, however it will only
* take effect on the children we now fork. Hence,
* let's fork another time, and connect from this
* grandchild, so that kdbus only sees the credentials
* of this process which comes from within the
* container, and not outside of it */
grandchild = fork();
if (grandchild < 0)
_exit(EXIT_FAILURE);
if (grandchild == 0) {
fd = open(b->kernel, O_RDWR|O_NOCTTY|O_CLOEXEC);
if (fd < 0)
_exit(EXIT_FAILURE);
cmsg = CMSG_FIRSTHDR(&mh);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
mh.msg_controllen = cmsg->cmsg_len;
if (sendmsg(pair[1], &mh, MSG_NOSIGNAL) < 0)
_exit(EXIT_FAILURE);
_exit(EXIT_SUCCESS);
}
r = wait_for_terminate(grandchild, &si);
if (r < 0)
_exit(EXIT_FAILURE);
if (si.si_code != CLD_EXITED)
_exit(EXIT_FAILURE);
_exit(si.si_status);
}
pair[1] = safe_close(pair[1]);
r = wait_for_terminate(child, &si);
if (r < 0)
return r;
if (si.si_code != CLD_EXITED)
return -EIO;
if (si.si_status != EXIT_SUCCESS)
return -EIO;
if (recvmsg(pair[0], &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) < 0)
return -errno;
for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg))
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
int *fds;
unsigned n_fds;
fds = (int*) CMSG_DATA(cmsg);
n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
if (n_fds != 1) {
close_many(fds, n_fds);
return -EIO;
}
fd = fds[0];
}
b->input_fd = b->output_fd = fd;
fd = -1;
return bus_kernel_take_fd(b);
}
int main(int argc, char *argv[]) {
const char *cmdline[9];
int i = 0, r = EXIT_FAILURE, q;
pid_t pid;
siginfo_t status;
_cleanup_udev_unref_ struct udev *udev = NULL;
_cleanup_udev_device_unref_ struct udev_device *udev_device = NULL;
const char *device, *type;
bool root_directory;
int progress_pipe[2] = { -1, -1 };
char dash_c[2+10+1];
struct stat st;
if (argc > 2) {
log_error("This program expects one or no arguments.");
return EXIT_FAILURE;
}
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
log_open();
umask(0022);
q = parse_proc_cmdline(parse_proc_cmdline_item);
if (q < 0)
log_warning_errno(q, "Failed to parse kernel command line, ignoring: %m");
test_files();
if (!arg_force && arg_skip)
return 0;
udev = udev_new();
if (!udev) {
log_oom();
return EXIT_FAILURE;
}
if (argc > 1) {
device = argv[1];
root_directory = false;
if (stat(device, &st) < 0) {
log_error_errno(errno, "Failed to stat '%s': %m", device);
return EXIT_FAILURE;
}
udev_device = udev_device_new_from_devnum(udev, 'b', st.st_rdev);
if (!udev_device) {
log_error("Failed to detect device %s", device);
return EXIT_FAILURE;
}
} else {
struct timespec times[2];
/* Find root device */
if (stat("/", &st) < 0) {
log_error_errno(errno, "Failed to stat() the root directory: %m");
return EXIT_FAILURE;
}
/* Virtual root devices don't need an fsck */
if (major(st.st_dev) == 0)
return EXIT_SUCCESS;
/* check if we are already writable */
times[0] = st.st_atim;
times[1] = st.st_mtim;
if (utimensat(AT_FDCWD, "/", times, 0) == 0) {
log_info("Root directory is writable, skipping check.");
return EXIT_SUCCESS;
}
udev_device = udev_device_new_from_devnum(udev, 'b', st.st_dev);
if (!udev_device) {
log_error("Failed to detect root device.");
return EXIT_FAILURE;
}
device = udev_device_get_devnode(udev_device);
if (!device) {
log_error("Failed to detect device node of root directory.");
return EXIT_FAILURE;
}
root_directory = true;
}
type = udev_device_get_property_value(udev_device, "ID_FS_TYPE");
if (type) {
r = fsck_exists(type);
if (r == -ENOENT) {
log_info("fsck.%s doesn't exist, not checking file system on %s", type, device);
return EXIT_SUCCESS;
} else if (r < 0)
log_warning_errno(r, "fsck.%s cannot be used for %s: %m", type, device);
}
if (arg_show_progress)
if (pipe(progress_pipe) < 0) {
log_error_errno(errno, "pipe(): %m");
return EXIT_FAILURE;
}
cmdline[i++] = "/sbin/fsck";
cmdline[i++] = arg_repair;
cmdline[i++] = "-T";
/*
* Since util-linux v2.25 fsck uses /run/fsck/<diskname>.lock files.
* The previous versions use flock for the device and conflict with
* udevd, see https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5
*/
cmdline[i++] = "-l";
if (!root_directory)
cmdline[i++] = "-M";
if (arg_force)
cmdline[i++] = "-f";
if (progress_pipe[1] >= 0) {
snprintf(dash_c, sizeof(dash_c), "-C%i", progress_pipe[1]);
char_array_0(dash_c);
cmdline[i++] = dash_c;
}
cmdline[i++] = device;
cmdline[i++] = NULL;
pid = fork();
if (pid < 0) {
log_error_errno(errno, "fork(): %m");
goto finish;
} else if (pid == 0) {
/* Child */
if (progress_pipe[0] >= 0)
safe_close(progress_pipe[0]);
execv(cmdline[0], (char**) cmdline);
_exit(8); /* Operational error */
}
progress_pipe[1] = safe_close(progress_pipe[1]);
if (progress_pipe[0] >= 0) {
process_progress(progress_pipe[0]);
progress_pipe[0] = -1;
}
q = wait_for_terminate(pid, &status);
if (q < 0) {
log_error_errno(q, "waitid(): %m");
goto finish;
}
if (status.si_code != CLD_EXITED || (status.si_status & ~1)) {
if (status.si_code == CLD_KILLED || status.si_code == CLD_DUMPED)
log_error("fsck terminated by signal %s.", signal_to_string(status.si_status));
else if (status.si_code == CLD_EXITED)
log_error("fsck failed with error code %i.", status.si_status);
else
log_error("fsck failed due to unknown reason.");
if (status.si_code == CLD_EXITED && (status.si_status & 2) && root_directory)
/* System should be rebooted. */
start_target(SPECIAL_REBOOT_TARGET);
else if (status.si_code == CLD_EXITED && (status.si_status & 6))
/* Some other problem */
start_target(SPECIAL_EMERGENCY_TARGET);
else {
r = EXIT_SUCCESS;
log_warning("Ignoring error.");
}
} else
r = EXIT_SUCCESS;
if (status.si_code == CLD_EXITED && (status.si_status & 1))
touch("/run/systemd/quotacheck");
finish:
safe_close_pair(progress_pipe);
return r;
}
static int fsck_progress_socket(void) {
static const union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
.un.sun_path = "/run/systemd/fsck.progress",
};
int fd, r;
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0)
return log_warning_errno(errno, "socket(): %m");
if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
r = log_full_errno(errno == ECONNREFUSED || errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
errno, "Failed to connect to progress socket %s, ignoring: %m", sa.un.sun_path);
safe_close(fd);
return r;
}
return fd;
}
int main(int argc, char *argv[]) {
_cleanup_close_pair_ int progress_pipe[2] = { -1, -1 };
_cleanup_(sd_device_unrefp) sd_device *dev = NULL;
const char *device, *type;
bool root_directory;
siginfo_t status;
struct stat st;
int r;
pid_t pid;
if (argc > 2) {
log_error("This program expects one or no arguments.");
return EXIT_FAILURE;
}
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
log_open();
umask(0022);
r = parse_proc_cmdline(parse_proc_cmdline_item);
if (r < 0)
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
test_files();
if (!arg_force && arg_skip) {
r = 0;
goto finish;
}
if (argc > 1) {
device = argv[1];
if (stat(device, &st) < 0) {
r = log_error_errno(errno, "Failed to stat %s: %m", device);
goto finish;
}
if (!S_ISBLK(st.st_mode)) {
log_error("%s is not a block device.", device);
r = -EINVAL;
goto finish;
}
r = sd_device_new_from_devnum(&dev, 'b', st.st_rdev);
if (r < 0) {
log_error_errno(r, "Failed to detect device %s: %m", device);
goto finish;
}
root_directory = false;
} else {
struct timespec times[2];
/* Find root device */
if (stat("/", &st) < 0) {
r = log_error_errno(errno, "Failed to stat() the root directory: %m");
goto finish;
}
/* Virtual root devices don't need an fsck */
if (major(st.st_dev) == 0) {
log_debug("Root directory is virtual or btrfs, skipping check.");
r = 0;
goto finish;
}
/* check if we are already writable */
times[0] = st.st_atim;
times[1] = st.st_mtim;
if (utimensat(AT_FDCWD, "/", times, 0) == 0) {
log_info("Root directory is writable, skipping check.");
r = 0;
goto finish;
}
r = sd_device_new_from_devnum(&dev, 'b', st.st_dev);
if (r < 0) {
log_error_errno(r, "Failed to detect root device: %m");
goto finish;
}
r = sd_device_get_devname(dev, &device);
if (r < 0) {
log_error_errno(r, "Failed to detect device node of root directory: %m");
goto finish;
}
root_directory = true;
}
r = sd_device_get_property_value(dev, "ID_FS_TYPE", &type);
if (r >= 0) {
r = fsck_exists(type);
if (r < 0)
log_warning_errno(r, "Couldn't detect if fsck.%s may be used for %s, proceeding: %m", type, device);
else if (r == 0) {
log_info("fsck.%s doesn't exist, not checking file system on %s.", type, device);
goto finish;
}
}
if (arg_show_progress) {
if (pipe(progress_pipe) < 0) {
r = log_error_errno(errno, "pipe(): %m");
goto finish;
}
}
pid = fork();
if (pid < 0) {
r = log_error_errno(errno, "fork(): %m");
goto finish;
}
if (pid == 0) {
char dash_c[sizeof("-C")-1 + DECIMAL_STR_MAX(int) + 1];
int progress_socket = -1;
const char *cmdline[9];
int i = 0;
/* Child */
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
/* Close the reading side of the progress pipe */
progress_pipe[0] = safe_close(progress_pipe[0]);
/* Try to connect to a progress management daemon, if there is one */
progress_socket = fsck_progress_socket();
if (progress_socket >= 0) {
/* If this worked we close the progress pipe early, and just use the socket */
progress_pipe[1] = safe_close(progress_pipe[1]);
xsprintf(dash_c, "-C%i", progress_socket);
} else if (progress_pipe[1] >= 0) {
/* Otherwise if we have the progress pipe to our own local handle, we use it */
xsprintf(dash_c, "-C%i", progress_pipe[1]);
} else
dash_c[0] = 0;
cmdline[i++] = "/sbin/fsck";
cmdline[i++] = arg_repair;
cmdline[i++] = "-T";
/*
* Since util-linux v2.25 fsck uses /run/fsck/<diskname>.lock files.
* The previous versions use flock for the device and conflict with
* udevd, see https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5
*/
cmdline[i++] = "-l";
if (!root_directory)
cmdline[i++] = "-M";
if (arg_force)
cmdline[i++] = "-f";
if (!isempty(dash_c))
cmdline[i++] = dash_c;
cmdline[i++] = device;
cmdline[i++] = NULL;
execv(cmdline[0], (char**) cmdline);
_exit(FSCK_OPERATIONAL_ERROR);
}
progress_pipe[1] = safe_close(progress_pipe[1]);
(void) process_progress(progress_pipe[0]);
progress_pipe[0] = -1;
r = wait_for_terminate(pid, &status);
if (r < 0) {
log_error_errno(r, "waitid(): %m");
goto finish;
}
if (status.si_code != CLD_EXITED || (status.si_status & ~1)) {
if (status.si_code == CLD_KILLED || status.si_code == CLD_DUMPED)
log_error("fsck terminated by signal %s.", signal_to_string(status.si_status));
else if (status.si_code == CLD_EXITED)
log_error("fsck failed with error code %i.", status.si_status);
else
log_error("fsck failed due to unknown reason.");
r = -EINVAL;
if (status.si_code == CLD_EXITED && (status.si_status & FSCK_SYSTEM_SHOULD_REBOOT) && root_directory)
/* System should be rebooted. */
start_target(SPECIAL_REBOOT_TARGET, "replace-irreversibly");
else if (status.si_code == CLD_EXITED && (status.si_status & (FSCK_SYSTEM_SHOULD_REBOOT | FSCK_ERRORS_LEFT_UNCORRECTED)))
/* Some other problem */
start_target(SPECIAL_EMERGENCY_TARGET, "replace");
else {
log_warning("Ignoring error.");
r = 0;
}
} else
r = 0;
if (status.si_code == CLD_EXITED && (status.si_status & FSCK_ERROR_CORRECTED))
(void) touch("/run/systemd/quotacheck");
finish:
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
static int setup_machine_raw(uint64_t size, sd_bus_error *error) {
_cleanup_free_ char *tmp = NULL;
_cleanup_close_ int fd = -1;
struct statvfs ss;
pid_t pid = 0;
siginfo_t si;
int r;
/* We want to be able to make use of btrfs-specific file
* system features, in particular subvolumes, reflinks and
* quota. Hence, if we detect that /var/lib/machines.raw is
* not located on btrfs, let's create a loopback file, place a
* btrfs file system into it, and mount it to
* /var/lib/machines. */
fd = open("/var/lib/machines.raw", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
if (fd >= 0) {
r = fd;
fd = -1;
return r;
}
if (errno != ENOENT)
return sd_bus_error_set_errnof(error, errno, "Failed to open /var/lib/machines.raw: %m");
r = tempfn_xxxxxx("/var/lib/machines.raw", NULL, &tmp);
if (r < 0)
return r;
(void) mkdir_p_label("/var/lib", 0755);
fd = open(tmp, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0600);
if (fd < 0)
return sd_bus_error_set_errnof(error, errno, "Failed to create /var/lib/machines.raw: %m");
if (fstatvfs(fd, &ss) < 0) {
r = sd_bus_error_set_errnof(error, errno, "Failed to determine free space on /var/lib/machines.raw: %m");
goto fail;
}
if (ss.f_bsize * ss.f_bavail < VAR_LIB_MACHINES_FREE_MIN) {
r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "Not enough free disk space to set up /var/lib/machines.");
goto fail;
}
if (ftruncate(fd, size) < 0) {
r = sd_bus_error_set_errnof(error, errno, "Failed to enlarge /var/lib/machines.raw: %m");
goto fail;
}
pid = fork();
if (pid < 0) {
r = sd_bus_error_set_errnof(error, errno, "Failed to fork mkfs.btrfs: %m");
goto fail;
}
if (pid == 0) {
/* Child */
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
fd = safe_close(fd);
execlp("mkfs.btrfs", "-Lvar-lib-machines", tmp, NULL);
if (errno == ENOENT)
return 99;
_exit(EXIT_FAILURE);
}
r = wait_for_terminate(pid, &si);
if (r < 0) {
sd_bus_error_set_errnof(error, r, "Failed to wait for mkfs.btrfs: %m");
goto fail;
}
pid = 0;
if (si.si_code != CLD_EXITED) {
r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "mkfs.btrfs died abnormally.");
goto fail;
}
if (si.si_status == 99) {
r = sd_bus_error_set_errnof(error, ENOENT, "Cannot set up /var/lib/machines, mkfs.btrfs is missing");
goto fail;
}
if (si.si_status != 0) {
r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "mkfs.btrfs failed with error code %i", si.si_status);
goto fail;
}
r = rename_noreplace(AT_FDCWD, tmp, AT_FDCWD, "/var/lib/machines.raw");
if (r < 0) {
sd_bus_error_set_errnof(error, r, "Failed to move /var/lib/machines.raw into place: %m");
goto fail;
}
r = fd;
fd = -1;
return r;
fail:
unlink_noerrno(tmp);
if (pid > 1)
kill_and_sigcont(pid, SIGKILL);
return r;
}
int bus_container_connect_socket(sd_bus *b) {
_cleanup_close_ int pidnsfd = -1, mntnsfd = -1, rootfd = -1;
pid_t leader, child;
siginfo_t si;
int r;
assert(b);
assert(b->input_fd < 0);
assert(b->output_fd < 0);
r = container_get_leader(b->machine, &leader);
if (r < 0)
return r;
r = namespace_open(leader, &pidnsfd, &mntnsfd, &rootfd);
if (r < 0)
return r;
b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (b->input_fd < 0)
return -errno;
b->output_fd = b->input_fd;
bus_socket_setup(b);
child = fork();
if (child < 0)
return -errno;
if (child == 0) {
pid_t grandchild;
r = namespace_enter(pidnsfd, mntnsfd, rootfd);
if (r < 0)
_exit(255);
/* We just changed PID namespace, however it will only
* take effect on the children we now fork. Hence,
* let's fork another time, and connect from this
* grandchild, so that SO_PEERCRED of our connection
* comes from a process from within the container, and
* not outside of it */
grandchild = fork();
if (grandchild < 0)
_exit(255);
if (grandchild == 0) {
r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
if (r < 0) {
if (errno == EINPROGRESS)
_exit(1);
_exit(255);
}
_exit(EXIT_SUCCESS);
}
r = wait_for_terminate(grandchild, &si);
if (r < 0)
_exit(255);
if (si.si_code != CLD_EXITED)
_exit(255);
_exit(si.si_status);
}
r = wait_for_terminate(child, &si);
if (r < 0)
return r;
if (si.si_code != CLD_EXITED)
return -EIO;
if (si.si_status == 1)
return 1;
if (si.si_status != EXIT_SUCCESS)
return -EIO;
return bus_socket_start_auth(b);
}
static int test_pppoe_server(sd_event *e) {
sd_netlink *rtnl;
sd_netlink_message *m;
pid_t pid;
int r, client_ifindex, server_ifindex;
r = unshare(CLONE_NEWNET);
if (r < 0 && errno == EPERM)
return EXIT_TEST_SKIP;
assert_se(r >= 0);
assert_se(sd_netlink_open(&rtnl) >= 0);
assert_se(sd_netlink_attach_event(rtnl, e, 0) >= 0);
assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0) >= 0);
assert_se(sd_netlink_message_append_string(m, IFLA_IFNAME, "pppoe-server") >= 0);
assert_se(sd_netlink_message_open_container(m, IFLA_LINKINFO) >= 0);
assert_se(sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth") >= 0);
assert_se(sd_netlink_message_open_container(m, VETH_INFO_PEER) >= 0);
assert_se(sd_netlink_message_append_string(m, IFLA_IFNAME, "pppoe-client") >= 0);
assert_se(sd_netlink_message_close_container(m) >= 0);
assert_se(sd_netlink_message_close_container(m) >= 0);
assert_se(sd_netlink_message_close_container(m) >= 0);
assert_se(sd_netlink_call(rtnl, m, 0, NULL) >= 0);
client_ifindex = (int) if_nametoindex("pppoe-client");
assert_se(client_ifindex > 0);
server_ifindex = (int) if_nametoindex("pppoe-server");
assert_se(server_ifindex > 0);
m = sd_netlink_message_unref(m);
assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, client_ifindex) >= 0);
assert_se(sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP) >= 0);
assert_se(sd_netlink_call(rtnl, m, 0, NULL) >= 0);
m = sd_netlink_message_unref(m);
assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, server_ifindex) >= 0);
assert_se(sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP) >= 0);
assert_se(sd_netlink_call(rtnl, m, 0, NULL) >= 0);
pid = fork();
assert_se(pid >= 0);
if (pid == 0) {
/* let the client send some discover messages before the server is started */
sleep(2);
/* TODO: manage pppoe-server-options */
execlp("pppoe-server", "pppoe-server", "-F",
"-I", "pppoe-server",
"-C", "Test-AC",
"-S", "Service-Default",
"-S", "Service-First-Auxiliary",
"-S", "Service-Second-Auxiliary",
NULL);
assert_not_reached("failed to execute pppoe-server. not installed?");
}
client_run("pppoe-client", e);
assert_se(kill(pid, SIGTERM) >= 0);
assert_se(wait_for_terminate(pid, NULL) >= 0);
assert_se(!sd_netlink_message_unref(m));
assert_se(!sd_netlink_unref(rtnl));
return EXIT_SUCCESS;
}
