static int builtin_uaccess(sd_device *dev, int argc, char *argv[], bool test) {
const char *path = NULL, *seat;
bool changed_acl = false;
uid_t uid;
int r;
umask(0022);
/* don't muck around with ACLs when the system is not running systemd */
if (!logind_running())
return 0;
r = sd_device_get_devname(dev, &path);
if (r < 0) {
log_device_error_errno(dev, r, "Failed to get device name: %m");
goto finish;
}
if (sd_device_get_property_value(dev, "ID_SEAT", &seat) < 0)
seat = "seat0";
r = sd_seat_get_active(seat, NULL, &uid);
if (r < 0) {
if (IN_SET(r, -ENXIO, -ENODATA))
/* No active session on this seat */
r = 0;
else
log_device_error_errno(dev, r, "Failed to determine active user on seat %s: %m", seat);
goto finish;
}
r = devnode_acl(path, true, false, 0, true, uid);
if (r < 0) {
log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL: %m");
goto finish;
}
changed_acl = true;
r = 0;
finish:
if (path && !changed_acl) {
int k;
/* Better be safe than sorry and reset ACL */
k = devnode_acl(path, true, false, 0, false, 0);
if (k < 0) {
log_device_full(dev, k == -ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL: %m");
if (r >= 0)
r = k;
}
}
return r;
}
/**
* udev_device_get_devnode:
* @udev_device: udev device
*
* Retrieve the device node file name belonging to the udev device.
* The path is an absolute path, and starts with the device directory.
*
* Returns: the device node file name of the udev device, or #NULL if no device node exists
**/
_public_ const char *udev_device_get_devnode(struct udev_device *udev_device)
{
const char *devnode;
int r;
assert_return_errno(udev_device, NULL, EINVAL);
r = sd_device_get_devname(udev_device->device, &devnode);
if (r < 0) {
errno = -r;
return NULL;
}
return devnode;
}
static int fsck_progress_socket(void) {
static const union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
.un.sun_path = "/run/systemd/fsck.progress",
};
int fd, r;
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0)
return log_warning_errno(errno, "socket(): %m");
if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
r = log_full_errno(errno == ECONNREFUSED || errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
errno, "Failed to connect to progress socket %s, ignoring: %m", sa.un.sun_path);
safe_close(fd);
return r;
}
return fd;
}
int main(int argc, char *argv[]) {
_cleanup_close_pair_ int progress_pipe[2] = { -1, -1 };
_cleanup_(sd_device_unrefp) sd_device *dev = NULL;
const char *device, *type;
bool root_directory;
siginfo_t status;
struct stat st;
int r;
pid_t pid;
if (argc > 2) {
log_error("This program expects one or no arguments.");
return EXIT_FAILURE;
}
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
log_open();
umask(0022);
r = parse_proc_cmdline(parse_proc_cmdline_item);
if (r < 0)
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
test_files();
if (!arg_force && arg_skip) {
r = 0;
goto finish;
}
if (argc > 1) {
device = argv[1];
if (stat(device, &st) < 0) {
r = log_error_errno(errno, "Failed to stat %s: %m", device);
goto finish;
}
if (!S_ISBLK(st.st_mode)) {
log_error("%s is not a block device.", device);
r = -EINVAL;
goto finish;
}
r = sd_device_new_from_devnum(&dev, 'b', st.st_rdev);
if (r < 0) {
log_error_errno(r, "Failed to detect device %s: %m", device);
goto finish;
}
root_directory = false;
} else {
struct timespec times[2];
/* Find root device */
if (stat("/", &st) < 0) {
r = log_error_errno(errno, "Failed to stat() the root directory: %m");
goto finish;
}
/* Virtual root devices don't need an fsck */
if (major(st.st_dev) == 0) {
log_debug("Root directory is virtual or btrfs, skipping check.");
r = 0;
goto finish;
}
/* check if we are already writable */
times[0] = st.st_atim;
times[1] = st.st_mtim;
if (utimensat(AT_FDCWD, "/", times, 0) == 0) {
log_info("Root directory is writable, skipping check.");
r = 0;
goto finish;
}
r = sd_device_new_from_devnum(&dev, 'b', st.st_dev);
if (r < 0) {
log_error_errno(r, "Failed to detect root device: %m");
goto finish;
}
r = sd_device_get_devname(dev, &device);
if (r < 0) {
log_error_errno(r, "Failed to detect device node of root directory: %m");
goto finish;
}
root_directory = true;
}
r = sd_device_get_property_value(dev, "ID_FS_TYPE", &type);
if (r >= 0) {
r = fsck_exists(type);
if (r < 0)
log_warning_errno(r, "Couldn't detect if fsck.%s may be used for %s, proceeding: %m", type, device);
else if (r == 0) {
log_info("fsck.%s doesn't exist, not checking file system on %s.", type, device);
goto finish;
}
}
if (arg_show_progress) {
if (pipe(progress_pipe) < 0) {
r = log_error_errno(errno, "pipe(): %m");
goto finish;
}
}
pid = fork();
if (pid < 0) {
r = log_error_errno(errno, "fork(): %m");
goto finish;
}
if (pid == 0) {
char dash_c[sizeof("-C")-1 + DECIMAL_STR_MAX(int) + 1];
int progress_socket = -1;
const char *cmdline[9];
int i = 0;
/* Child */
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
/* Close the reading side of the progress pipe */
progress_pipe[0] = safe_close(progress_pipe[0]);
/* Try to connect to a progress management daemon, if there is one */
progress_socket = fsck_progress_socket();
if (progress_socket >= 0) {
/* If this worked we close the progress pipe early, and just use the socket */
progress_pipe[1] = safe_close(progress_pipe[1]);
xsprintf(dash_c, "-C%i", progress_socket);
} else if (progress_pipe[1] >= 0) {
/* Otherwise if we have the progress pipe to our own local handle, we use it */
xsprintf(dash_c, "-C%i", progress_pipe[1]);
} else
dash_c[0] = 0;
cmdline[i++] = "/sbin/fsck";
cmdline[i++] = arg_repair;
cmdline[i++] = "-T";
/*
* Since util-linux v2.25 fsck uses /run/fsck/<diskname>.lock files.
* The previous versions use flock for the device and conflict with
* udevd, see https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5
*/
cmdline[i++] = "-l";
if (!root_directory)
cmdline[i++] = "-M";
if (arg_force)
cmdline[i++] = "-f";
if (!isempty(dash_c))
cmdline[i++] = dash_c;
cmdline[i++] = device;
cmdline[i++] = NULL;
execv(cmdline[0], (char**) cmdline);
_exit(FSCK_OPERATIONAL_ERROR);
}
progress_pipe[1] = safe_close(progress_pipe[1]);
(void) process_progress(progress_pipe[0]);
progress_pipe[0] = -1;
r = wait_for_terminate(pid, &status);
if (r < 0) {
log_error_errno(r, "waitid(): %m");
goto finish;
}
if (status.si_code != CLD_EXITED || (status.si_status & ~1)) {
if (status.si_code == CLD_KILLED || status.si_code == CLD_DUMPED)
log_error("fsck terminated by signal %s.", signal_to_string(status.si_status));
else if (status.si_code == CLD_EXITED)
log_error("fsck failed with error code %i.", status.si_status);
else
log_error("fsck failed due to unknown reason.");
r = -EINVAL;
if (status.si_code == CLD_EXITED && (status.si_status & FSCK_SYSTEM_SHOULD_REBOOT) && root_directory)
/* System should be rebooted. */
start_target(SPECIAL_REBOOT_TARGET, "replace-irreversibly");
else if (status.si_code == CLD_EXITED && (status.si_status & (FSCK_SYSTEM_SHOULD_REBOOT | FSCK_ERRORS_LEFT_UNCORRECTED)))
/* Some other problem */
start_target(SPECIAL_EMERGENCY_TARGET, "replace");
else {
log_warning("Ignoring error.");
r = 0;
}
} else
r = 0;
if (status.si_code == CLD_EXITED && (status.si_status & FSCK_ERROR_CORRECTED))
(void) touch("/run/systemd/quotacheck");
finish:
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
static int node_permissions_apply(sd_device *dev, bool apply,
mode_t mode, uid_t uid, gid_t gid,
Hashmap *seclabel_list) {
const char *devnode, *subsystem, *id_filename = NULL;
struct stat stats;
dev_t devnum;
int r = 0;
assert(dev);
r = sd_device_get_devname(dev, &devnode);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get devname: %m");
r = sd_device_get_subsystem(dev, &subsystem);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get subsystem: %m");
r = sd_device_get_devnum(dev, &devnum);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get devnum: %m");
(void) device_get_id_filename(dev, &id_filename);
if (streq(subsystem, "block"))
mode |= S_IFBLK;
else
mode |= S_IFCHR;
if (lstat(devnode, &stats) < 0)
return log_device_debug_errno(dev, errno, "cannot stat() node '%s' (%m)", devnode);
if (((stats.st_mode & S_IFMT) != (mode & S_IFMT)) || (stats.st_rdev != devnum))
return log_device_debug_errno(dev, EEXIST, "Found node '%s' with non-matching devnum %s, skip handling",
devnode, id_filename);
if (apply) {
bool selinux = false, smack = false;
const char *name, *label;
Iterator i;
if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
log_device_debug(dev, "Setting permissions %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
if (chmod(devnode, mode) < 0)
r = log_device_warning_errno(dev, errno, "Failed to set mode of %s to %#o: %m", devnode, mode);
if (chown(devnode, uid, gid) < 0)
r = log_device_warning_errno(dev, errno, "Failed to set owner of %s to uid=%u, gid=%u: %m", devnode, uid, gid);
} else
log_device_debug(dev, "Preserve permissions of %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
/* apply SECLABEL{$module}=$label */
HASHMAP_FOREACH_KEY(label, name, seclabel_list, i) {
int q;
if (streq(name, "selinux")) {
selinux = true;
q = mac_selinux_apply(devnode, label);
if (q < 0)
log_device_error_errno(dev, q, "SECLABEL: failed to set SELinux label '%s': %m", label);
else
log_device_debug(dev, "SECLABEL: set SELinux label '%s'", label);
} else if (streq(name, "smack")) {
smack = true;
q = mac_smack_apply(devnode, SMACK_ATTR_ACCESS, label);
if (q < 0)
log_device_error_errno(dev, q, "SECLABEL: failed to set SMACK label '%s': %m", label);
else
log_device_debug(dev, "SECLABEL: set SMACK label '%s'", label);
} else
log_device_error(dev, "SECLABEL: unknown subsystem, ignoring '%s'='%s'", name, label);
}
/* set the defaults */
if (!selinux)
(void) mac_selinux_fix(devnode, LABEL_IGNORE_ENOENT);
if (!smack)
(void) mac_smack_apply(devnode, SMACK_ATTR_ACCESS, NULL);
}
/* find device node of device with highest priority */
static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, char **ret) {
_cleanup_closedir_ DIR *dir = NULL;
_cleanup_free_ char *target = NULL;
struct dirent *dent;
int r, priority = 0;
assert(!add || dev);
assert(stackdir);
assert(ret);
if (add) {
const char *devnode;
r = device_get_devlink_priority(dev, &priority);
if (r < 0)
return r;
r = sd_device_get_devname(dev, &devnode);
if (r < 0)
return r;
target = strdup(devnode);
if (!target)
return -ENOMEM;
}
dir = opendir(stackdir);
if (!dir) {
if (target) {
*ret = TAKE_PTR(target);
return 0;
}
return -errno;
}
FOREACH_DIRENT_ALL(dent, dir, break) {
_cleanup_(sd_device_unrefp) sd_device *dev_db = NULL;
const char *devnode, *id_filename;
int db_prio = 0;
if (dent->d_name[0] == '\0')
break;
if (dent->d_name[0] == '.')
continue;
log_device_debug(dev, "Found '%s' claiming '%s'", dent->d_name, stackdir);
if (device_get_id_filename(dev, &id_filename) < 0)
continue;
/* did we find ourself? */
if (streq(dent->d_name, id_filename))
continue;
if (sd_device_new_from_device_id(&dev_db, dent->d_name) < 0)
continue;
if (sd_device_get_devname(dev_db, &devnode) < 0)
continue;
if (device_get_devlink_priority(dev_db, &db_prio) < 0)
continue;
if (target && db_prio <= priority)
continue;
log_device_debug(dev_db, "Device claims priority %i for '%s'", db_prio, stackdir);
r = free_and_strdup(&target, devnode);
if (r < 0)
return r;
priority = db_prio;
}
if (!target)
return -ENOENT;
*ret = TAKE_PTR(target);
return 0;
}
