static int mount_unified_cgroups(const char *dest) { const char *p; int r; assert(dest); p = prefix_roota(dest, "/sys/fs/cgroup"); (void) mkdir_p(p, 0755); r = path_is_mount_point(p, dest, AT_SYMLINK_FOLLOW); if (r < 0) return log_error_errno(r, "Failed to determine if %s is mounted already: %m", p); if (r > 0) { p = prefix_roota(dest, "/sys/fs/cgroup/cgroup.procs"); if (access(p, F_OK) >= 0) return 0; if (errno != ENOENT) return log_error_errno(errno, "Failed to determine if mount point %s contains the unified cgroup hierarchy: %m", p); log_error("%s is already mounted but not a unified cgroup hierarchy. Refusing.", p); return -EINVAL; } return mount_verbose(LOG_ERR, "cgroup", p, "cgroup2", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL); }
static void print_welcome(void) { _cleanup_free_ char *pretty_name = NULL; const char *os_release = NULL; static bool done = false; int r; if (done) return; os_release = prefix_roota(arg_root, "/etc/os-release"); r = parse_env_file(os_release, NEWLINE, "PRETTY_NAME", &pretty_name, NULL); if (r == -ENOENT) { os_release = prefix_roota(arg_root, "/usr/lib/os-release"); r = parse_env_file(os_release, NEWLINE, "PRETTY_NAME", &pretty_name, NULL); } if (r < 0 && r != -ENOENT) log_warning_errno(r, "Failed to read os-release file: %m"); printf("\nWelcome to your new installation of %s!\nPlease configure a few basic system settings:\n\n", isempty(pretty_name) ? "Linux" : pretty_name); press_any_key(); done = true; }
static int process_hostname(void) { const char *etc_hostname; int r; etc_hostname = prefix_roota("/etc/hostname"); if (faccessat(AT_FDCWD, etc_hostname, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) return 0; r = prompt_hostname(); if (r < 0) return r; if (isempty(arg_hostname)) return 0; mkdir_parents(etc_hostname, 0755); r = write_string_file(etc_hostname, arg_hostname); if (r < 0) { log_error("Failed to write %s: %s", etc_hostname, strerror(-r)); return r; } log_info("%s written.", etc_hostname); return 0; }
static int process_machine_id(void) { const char *etc_machine_id; char id[SD_ID128_STRING_MAX]; int r; etc_machine_id = prefix_roota("/etc/machine-id"); if (faccessat(AT_FDCWD, etc_machine_id, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) return 0; if (!arg_root) return 0; if (sd_id128_equal(arg_machine_id, SD_ID128_NULL)) return 0; mkdir_parents(etc_machine_id, 0755); r = write_string_file(etc_machine_id, sd_id128_to_string(arg_machine_id, id)); if (r < 0) { log_error("Failed to write machine id: %s", strerror(-r)); return r; } log_info("%s written.", etc_machine_id); return 0; }
static int prompt_root_password(void) { const char *msg1, *msg2, *etc_shadow; int r; if (arg_root_password) return 0; if (!arg_prompt_root_password) return 0; etc_shadow = prefix_roota("/etc/shadow"); if (faccessat(AT_FDCWD, etc_shadow, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) return 0; print_welcome(); putchar('\n'); msg1 = strappenda(draw_special_char(DRAW_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip): "); msg2 = strappenda(draw_special_char(DRAW_TRIANGULAR_BULLET), " Please enter new root password again: "); for (;;) { _cleanup_free_ char *a = NULL, *b = NULL; r = ask_password_tty(msg1, 0, false, NULL, &a); if (r < 0) { log_error("Failed to query root password: %s", strerror(-r)); return r; } if (isempty(a)) { log_warning("No password entered, skipping."); break; } r = ask_password_tty(msg2, 0, false, NULL, &b); if (r < 0) { log_error("Failed to query root password: %s", strerror(-r)); clear_string(a); return r; } if (!streq(a, b)) { log_error("Entered passwords did not match, please try again."); clear_string(a); clear_string(b); continue; } clear_string(b); arg_root_password = a; a = NULL; break; } return 0; }
int mount_systemd_cgroup_writable( const char *dest, CGroupUnified unified_requested) { _cleanup_free_ char *own_cgroup_path = NULL; const char *root, *own; int r; assert(dest); r = cg_pid_get_path(NULL, 0, &own_cgroup_path); if (r < 0) return log_error_errno(r, "Failed to determine our own cgroup path: %m"); /* If we are living in the top-level, then there's nothing to do... */ if (path_equal(own_cgroup_path, "/")) return 0; if (unified_requested >= CGROUP_UNIFIED_ALL) { root = prefix_roota(dest, "/sys/fs/cgroup"); own = strjoina(root, own_cgroup_path); } else { if (unified_requested >= CGROUP_UNIFIED_SYSTEMD) { root = prefix_roota(dest, "/sys/fs/cgroup/unified"); own = strjoina(root, own_cgroup_path); r = mount_systemd_cgroup_writable_one(root, own); if (r < 0) return r; } root = prefix_roota(dest, "/sys/fs/cgroup/systemd"); own = strjoina(root, own_cgroup_path); } return mount_systemd_cgroup_writable_one(root, own); }
static int files_add(Hashmap *h, const char *root, const char *path, const char *suffix) { _cleanup_closedir_ DIR *dir = NULL; const char *dirpath; int r; assert(path); assert(suffix); dirpath = prefix_roota(root, path); dir = opendir(dirpath); if (!dir) { if (errno == ENOENT) return 0; return -errno; } for (;;) { struct dirent *de; char *p; errno = 0; de = readdir(dir); if (!de && errno != 0) return -errno; if (!de) break; if (!dirent_is_file_with_suffix(de, suffix)) continue; p = strjoin(dirpath, "/", de->d_name, NULL); if (!p) return -ENOMEM; r = hashmap_put(h, basename(p), p); if (r == -EEXIST) { log_debug("Skipping overridden file: %s.", p); free(p); } else if (r < 0) { free(p); return r; } else if (r == 0) { log_debug("Duplicate file %s", p); free(p); } } return 0; }
static int prompt_root_password(void) { const char *msg1, *msg2, *etc_shadow; int r; if (arg_root_password) return 0; if (!arg_prompt_root_password) return 0; etc_shadow = prefix_roota(arg_root, "/etc/shadow"); if (laccess(etc_shadow, F_OK) >= 0) return 0; print_welcome(); putchar('\n'); msg1 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip): "); msg2 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter new root password again: "); for (;;) { _cleanup_strv_free_erase_ char **a = NULL, **b = NULL; r = ask_password_tty(-1, msg1, NULL, 0, 0, NULL, &a); if (r < 0) return log_error_errno(r, "Failed to query root password: %m"); if (strv_length(a) != 1) { log_warning("Received multiple passwords, where we expected one."); return -EINVAL; } if (isempty(*a)) { log_warning("No password entered, skipping."); break; } r = ask_password_tty(-1, msg2, NULL, 0, 0, NULL, &b); if (r < 0) return log_error_errno(r, "Failed to query root password: %m"); if (!streq(*a, *b)) { log_error("Entered passwords did not match, please try again."); continue; } arg_root_password = TAKE_PTR(*a); break; } return 0; }
static int process_locale(void) { const char *etc_localeconf; char* locales[3]; unsigned i = 0; int r; etc_localeconf = prefix_roota("/etc/locale.conf"); if (faccessat(AT_FDCWD, etc_localeconf, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) return 0; if (arg_copy_locale && arg_root) { mkdir_parents(etc_localeconf, 0755); r = copy_file("/etc/locale.conf", etc_localeconf, 0, 0644); if (r != -ENOENT) { if (r < 0) { log_error("Failed to copy %s: %s", etc_localeconf, strerror(-r)); return r; } log_info("%s copied.", etc_localeconf); return 0; } } r = prompt_locale(); if (r < 0) return r; if (!isempty(arg_locale)) locales[i++] = strappenda("LANG=", arg_locale); if (!isempty(arg_locale_messages) && !streq(arg_locale_messages, arg_locale)) locales[i++] = strappenda("LC_MESSAGES=", arg_locale_messages); if (i == 0) return 0; locales[i] = NULL; mkdir_parents(etc_localeconf, 0755); r = write_env_file(etc_localeconf, locales); if (r < 0) { log_error("Failed to write %s: %s", etc_localeconf, strerror(-r)); return r; } log_info("%s written.", etc_localeconf); return 0; }
static int prompt_root_password(void) { const char *msg1, *msg2, *etc_shadow; int r; if (arg_root_password) return 0; if (!arg_prompt_root_password) return 0; etc_shadow = prefix_roota(arg_root, "/etc/shadow"); if (laccess(etc_shadow, F_OK) >= 0) return 0; print_welcome(); putchar('\n'); msg1 = strjoina(special_glyph(TRIANGULAR_BULLET), " Please enter a new root password (empty to skip): "); msg2 = strjoina(special_glyph(TRIANGULAR_BULLET), " Please enter new root password again: "); for (;;) { _cleanup_string_free_erase_ char *a = NULL, *b = NULL; r = ask_password_tty(msg1, NULL, 0, 0, NULL, &a); if (r < 0) return log_error_errno(r, "Failed to query root password: %m"); if (isempty(a)) { log_warning("No password entered, skipping."); break; } r = ask_password_tty(msg2, NULL, 0, 0, NULL, &b); if (r < 0) return log_error_errno(r, "Failed to query root password: %m"); if (!streq(a, b)) { log_error("Entered passwords did not match, please try again."); continue; } arg_root_password = a; a = NULL; break; } return 0; }
static int process_timezone(void) { const char *etc_localtime, *e; int r; etc_localtime = prefix_roota("/etc/localtime"); if (faccessat(AT_FDCWD, etc_localtime, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) return 0; if (arg_copy_timezone && arg_root) { _cleanup_free_ char *p = NULL; r = readlink_malloc("/etc/localtime", &p); if (r != -ENOENT) { if (r < 0) { log_error("Failed to read host timezone: %s", strerror(-r)); return r; } mkdir_parents(etc_localtime, 0755); if (symlink(p, etc_localtime) < 0) { log_error("Failed to create %s symlink: %m", etc_localtime); return -errno; } log_info("%s copied.", etc_localtime); return 0; } } r = prompt_timezone(); if (r < 0) return r; if (isempty(arg_timezone)) return 0; e = strappenda("../usr/share/zoneinfo/", arg_timezone); mkdir_parents(etc_localtime, 0755); if (symlink(e, etc_localtime) < 0) { log_error("Failed to create %s symlink: %m", etc_localtime); return -errno; } log_info("%s written", etc_localtime); return 0; }
static int process_locale(void) { const char *etc_localeconf; char* locales[3]; unsigned i = 0; int r; etc_localeconf = prefix_roota(arg_root, "/etc/locale.conf"); if (laccess(etc_localeconf, F_OK) >= 0) return 0; if (arg_copy_locale && arg_root) { mkdir_parents(etc_localeconf, 0755); r = copy_file("/etc/locale.conf", etc_localeconf, 0, 0644, 0, COPY_REFLINK); if (r != -ENOENT) { if (r < 0) return log_error_errno(r, "Failed to copy %s: %m", etc_localeconf); log_info("%s copied.", etc_localeconf); return 0; } } r = prompt_locale(); if (r < 0) return r; if (!isempty(arg_locale)) locales[i++] = strjoina("LANG=", arg_locale); if (!isempty(arg_locale_messages) && !streq(arg_locale_messages, arg_locale)) locales[i++] = strjoina("LC_MESSAGES=", arg_locale_messages); if (i == 0) return 0; locales[i] = NULL; mkdir_parents(etc_localeconf, 0755); r = write_env_file(etc_localeconf, locales); if (r < 0) return log_error_errno(r, "Failed to write %s: %m", etc_localeconf); log_info("%s written.", etc_localeconf); return 0; }
static int process_keymap(void) { const char *etc_vconsoleconf; char **keymap; int r; etc_vconsoleconf = prefix_roota(arg_root, "/etc/vconsole.conf"); if (laccess(etc_vconsoleconf, F_OK) >= 0) return 0; if (arg_copy_keymap && arg_root) { mkdir_parents(etc_vconsoleconf, 0755); r = copy_file("/etc/vconsole.conf", etc_vconsoleconf, 0, 0644, 0, COPY_REFLINK); if (r != -ENOENT) { if (r < 0) return log_error_errno(r, "Failed to copy %s: %m", etc_vconsoleconf); log_info("%s copied.", etc_vconsoleconf); return 0; } } r = prompt_keymap(); if (r == -ENOENT) return 0; /* don't fail if no keymaps are installed */ if (r < 0) return r; if (isempty(arg_keymap)) return 0; keymap = STRV_MAKE(strjoina("KEYMAP=", arg_keymap)); r = mkdir_parents(etc_vconsoleconf, 0755); if (r < 0) return log_error_errno(r, "Failed to create the parent directory of %s: %m", etc_vconsoleconf); r = write_env_file(etc_vconsoleconf, keymap); if (r < 0) return log_error_errno(r, "Failed to write %s: %m", etc_vconsoleconf); log_info("%s written.", etc_vconsoleconf); return 0; }
static int process_timezone(void) { const char *etc_localtime, *e; int r; etc_localtime = prefix_roota(arg_root, "/etc/localtime"); if (laccess(etc_localtime, F_OK) >= 0) return 0; if (arg_copy_timezone && arg_root) { _cleanup_free_ char *p = NULL; r = readlink_malloc("/etc/localtime", &p); if (r != -ENOENT) { if (r < 0) return log_error_errno(r, "Failed to read host timezone: %m"); mkdir_parents(etc_localtime, 0755); if (symlink(p, etc_localtime) < 0) return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime); log_info("%s copied.", etc_localtime); return 0; } } r = prompt_timezone(); if (r < 0) return r; if (isempty(arg_timezone)) return 0; e = strjoina("../usr/share/zoneinfo/", arg_timezone); mkdir_parents(etc_localtime, 0755); if (symlink(e, etc_localtime) < 0) return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime); log_info("%s written", etc_localtime); return 0; }
static int process_machine_id(void) { const char *etc_machine_id; char id[SD_ID128_STRING_MAX]; int r; etc_machine_id = prefix_roota(arg_root, "/etc/machine-id"); if (laccess(etc_machine_id, F_OK) >= 0) return 0; if (sd_id128_is_null(arg_machine_id)) return 0; mkdir_parents(etc_machine_id, 0755); r = write_string_file(etc_machine_id, sd_id128_to_string(arg_machine_id, id), WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC); if (r < 0) return log_error_errno(r, "Failed to write machine id: %m"); log_info("%s written.", etc_machine_id); return 0; }
int take_etc_passwd_lock(const char *root) { struct flock flock = { .l_type = F_WRLCK, .l_whence = SEEK_SET, .l_start = 0, .l_len = 0, }; const char *path; int fd, r; /* This is roughly the same as lckpwdf(), but not as awful. We * don't want to use alarm() and signals, hence we implement * our own trivial version of this. * * Note that shadow-utils also takes per-database locks in * addition to lckpwdf(). However, we don't given that they * are redundant as they they invoke lckpwdf() first and keep * it during everything they do. The per-database locks are * awfully racy, and thus we just won't do them. */ if (root) path = prefix_roota(root, "/etc/.pwd.lock"); else path = "/etc/.pwd.lock"; fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600); if (fd < 0) return -errno; r = fcntl(fd, F_SETLKW, &flock); if (r < 0) { safe_close(fd); return -errno; } return fd; }
static int process_hostname(void) { const char *etc_hostname; int r; etc_hostname = prefix_roota(arg_root, "/etc/hostname"); if (faccessat(AT_FDCWD, etc_hostname, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) return 0; r = prompt_hostname(); if (r < 0) return r; if (isempty(arg_hostname)) return 0; mkdir_parents(etc_hostname, 0755); r = write_string_file(etc_hostname, arg_hostname, WRITE_STRING_FILE_CREATE); if (r < 0) return log_error_errno(r, "Failed to write %s: %m", etc_hostname); log_info("%s written.", etc_hostname); return 0; }
static int files_add( Hashmap *h, Set *masked, const char *suffix, const char *root, unsigned flags, const char *path) { _cleanup_closedir_ DIR *dir = NULL; const char *dirpath; struct dirent *de; int r; assert(h); assert((flags & CONF_FILES_FILTER_MASKED) == 0 || masked); assert(path); dirpath = prefix_roota(root, path); dir = opendir(dirpath); if (!dir) { if (errno == ENOENT) return 0; return log_debug_errno(errno, "Failed to open directory '%s': %m", dirpath); } FOREACH_DIRENT(de, dir, return -errno) { struct stat st; char *p, *key; /* Does this match the suffix? */ if (suffix && !endswith(de->d_name, suffix)) continue; /* Has this file already been found in an earlier directory? */ if (hashmap_contains(h, de->d_name)) { log_debug("Skipping overridden file '%s/%s'.", dirpath, de->d_name); continue; } /* Has this been masked in an earlier directory? */ if ((flags & CONF_FILES_FILTER_MASKED) && set_contains(masked, de->d_name)) { log_debug("File '%s/%s' is masked by previous entry.", dirpath, de->d_name); continue; } /* Read file metadata if we shall validate the check for file masks, for node types or whether the node is marked executable. */ if (flags & (CONF_FILES_FILTER_MASKED|CONF_FILES_REGULAR|CONF_FILES_DIRECTORY|CONF_FILES_EXECUTABLE)) if (fstatat(dirfd(dir), de->d_name, &st, 0) < 0) { log_debug_errno(errno, "Failed to stat '%s/%s', ignoring: %m", dirpath, de->d_name); continue; } /* Is this a masking entry? */ if ((flags & CONF_FILES_FILTER_MASKED)) if (null_or_empty(&st)) { /* Mark this one as masked */ r = set_put_strdup(masked, de->d_name); if (r < 0) return r; log_debug("File '%s/%s' is a mask.", dirpath, de->d_name); continue; } /* Does this node have the right type? */ if (flags & (CONF_FILES_REGULAR|CONF_FILES_DIRECTORY)) if (!((flags & CONF_FILES_DIRECTORY) && S_ISDIR(st.st_mode)) && !((flags & CONF_FILES_REGULAR) && S_ISREG(st.st_mode))) { log_debug("Ignoring '%s/%s', as it is not a of the right type.", dirpath, de->d_name); continue; } /* Does this node have the executable bit set? */ if (flags & CONF_FILES_EXECUTABLE) /* As requested: check if the file is marked exectuable. Note that we don't check access(X_OK) * here, as we care about whether the file is marked executable at all, and not whether it is * executable for us, because if so, such errors are stuff we should log about. */ if ((st.st_mode & 0111) == 0) { /* not executable */ log_debug("Ignoring '%s/%s', as it is not marked executable.", dirpath, de->d_name); continue; } if (flags & CONF_FILES_BASENAME) { p = strdup(de->d_name); if (!p) return -ENOMEM; key = p; } else { p = strjoin(dirpath, "/", de->d_name); if (!p) return -ENOMEM; key = basename(p); } r = hashmap_put(h, key, p); if (r < 0) { free(p); return log_debug_errno(r, "Failed to add item to hashmap: %m"); } assert(r > 0); } return 0; }
static int process_root_password(void) { static const char table[] = "abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "0123456789" "./"; struct spwd item = { .sp_namp = (char*) "root", .sp_min = -1, .sp_max = -1, .sp_warn = -1, .sp_inact = -1, .sp_expire = -1, .sp_flag = (unsigned long) -1, /* this appears to be what everybody does ... */ }; _cleanup_close_ int lock = -1; char salt[3+16+1+1]; uint8_t raw[16]; unsigned i; char *j; const char *etc_shadow; int r; etc_shadow = prefix_roota(arg_root, "/etc/shadow"); if (faccessat(AT_FDCWD, etc_shadow, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) return 0; mkdir_parents(etc_shadow, 0755); lock = take_password_lock(arg_root); if (lock < 0) return lock; if (arg_copy_root_password && arg_root) { struct spwd *p; errno = 0; p = getspnam("root"); if (p || errno != ENOENT) { if (!p) { if (!errno) errno = EIO; log_error_errno(errno, "Failed to find shadow entry for root: %m"); return -errno; } r = write_root_shadow(etc_shadow, p); if (r < 0) return log_error_errno(r, "Failed to write %s: %m", etc_shadow); log_info("%s copied.", etc_shadow); return 0; } } r = prompt_root_password(); if (r < 0) return r; if (!arg_root_password) return 0; r = dev_urandom(raw, 16); if (r < 0) return log_error_errno(r, "Failed to get salt: %m"); /* We only bother with SHA512 hashed passwords, the rest is legacy, and we don't do legacy. */ assert_cc(sizeof(table) == 64 + 1); j = stpcpy(salt, "$6$"); for (i = 0; i < 16; i++) j[i] = table[raw[i] & 63]; j[i++] = '$'; j[i] = 0; errno = 0; item.sp_pwdp = crypt(arg_root_password, salt); if (!item.sp_pwdp) { if (!errno) errno = -EINVAL; log_error_errno(errno, "Failed to encrypt password: %m"); return -errno; } item.sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY); r = write_root_shadow(etc_shadow, &item); if (r < 0) return log_error_errno(r, "Failed to write %s: %m", etc_shadow); log_info("%s written.", etc_shadow); return 0; } static void help(void) { printf("%s [OPTIONS...]\n\n" "Configures basic settings of the system.\n\n" " -h --help Show this help\n" " --version Show package version\n" " --root=PATH Operate on an alternate filesystem root\n" " --locale=LOCALE Set primary locale (LANG=)\n" " --locale-messages=LOCALE Set message locale (LC_MESSAGES=)\n" " --timezone=TIMEZONE Set timezone\n" " --hostname=NAME Set host name\n" " --machine-ID=ID Set machine ID\n" " --root-password=PASSWORD Set root password\n" " --root-password-file=FILE Set root password from file\n" " --prompt-locale Prompt the user for locale settings\n" " --prompt-timezone Prompt the user for timezone\n" " --prompt-hostname Prompt the user for hostname\n" " --prompt-root-password Prompt the user for root password\n" " --prompt Prompt for all of the above\n" " --copy-locale Copy locale from host\n" " --copy-timezone Copy timezone from host\n" " --copy-root-password Copy root password from host\n" " --copy Copy locale, timezone, root password\n" " --setup-machine-id Generate a new random machine ID\n" , program_invocation_short_name); }
/* Mount legacy cgroup hierarchy when cgroup namespaces are unsupported. */ static int mount_legacy_cgns_unsupported( const char *dest, CGroupUnified unified_requested, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context) { _cleanup_set_free_free_ Set *controllers = NULL; const char *cgroup_root; int r; cgroup_root = prefix_roota(dest, "/sys/fs/cgroup"); (void) mkdir_p(cgroup_root, 0755); /* Mount a tmpfs to /sys/fs/cgroup if it's not mounted there yet. */ r = path_is_mount_point(cgroup_root, dest, AT_SYMLINK_FOLLOW); if (r < 0) return log_error_errno(r, "Failed to determine if /sys/fs/cgroup is already mounted: %m"); if (r == 0) { _cleanup_free_ char *options = NULL; r = tmpfs_patch_options("mode=755", uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &options); if (r < 0) return log_oom(); r = mount_verbose(LOG_ERR, "tmpfs", cgroup_root, "tmpfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, options); if (r < 0) return r; } r = cg_all_unified(); if (r < 0) return r; if (r > 0) goto skip_controllers; r = cg_kernel_controllers(&controllers); if (r < 0) return log_error_errno(r, "Failed to determine cgroup controllers: %m"); for (;;) { _cleanup_free_ char *controller = NULL, *origin = NULL, *combined = NULL; controller = set_steal_first(controllers); if (!controller) break; origin = prefix_root("/sys/fs/cgroup/", controller); if (!origin) return log_oom(); r = readlink_malloc(origin, &combined); if (r == -EINVAL) { /* Not a symbolic link, but directly a single cgroup hierarchy */ r = mount_legacy_cgroup_hierarchy(dest, controller, controller, true); if (r < 0) return r; } else if (r < 0) return log_error_errno(r, "Failed to read link %s: %m", origin); else { _cleanup_free_ char *target = NULL; target = prefix_root(dest, origin); if (!target) return log_oom(); /* A symbolic link, a combination of controllers in one hierarchy */ if (!filename_is_valid(combined)) { log_warning("Ignoring invalid combined hierarchy %s.", combined); continue; } r = mount_legacy_cgroup_hierarchy(dest, combined, combined, true); if (r < 0) return r; r = symlink_idempotent(combined, target, false); if (r == -EINVAL) return log_error_errno(r, "Invalid existing symlink for combined hierarchy: %m"); if (r < 0) return log_error_errno(r, "Failed to create symlink for combined hierarchy: %m"); } } skip_controllers: if (unified_requested >= CGROUP_UNIFIED_SYSTEMD) { r = mount_legacy_cgroup_hierarchy(dest, SYSTEMD_CGROUP_CONTROLLER_HYBRID, "unified", false); if (r < 0) return r; } r = mount_legacy_cgroup_hierarchy(dest, SYSTEMD_CGROUP_CONTROLLER_LEGACY, "systemd", false); if (r < 0) return r; return mount_verbose(LOG_ERR, NULL, cgroup_root, NULL, MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); }
int take_etc_passwd_lock(const char *root) { struct flock flock = { .l_type = F_WRLCK, .l_whence = SEEK_SET, .l_start = 0, .l_len = 0, }; const char *path; int fd, r; /* This is roughly the same as lckpwdf(), but not as awful. We * don't want to use alarm() and signals, hence we implement * our own trivial version of this. * * Note that shadow-utils also takes per-database locks in * addition to lckpwdf(). However, we don't given that they * are redundant as they invoke lckpwdf() first and keep * it during everything they do. The per-database locks are * awfully racy, and thus we just won't do them. */ if (root) path = prefix_roota(root, "/etc/.pwd.lock"); else path = "/etc/.pwd.lock"; fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600); if (fd < 0) return -errno; r = fcntl(fd, F_SETLKW, &flock); if (r < 0) { safe_close(fd); return -errno; } return fd; } bool valid_user_group_name(const char *u) { const char *i; long sz; /* Checks if the specified name is a valid user/group name. */ if (isempty(u)) return false; if (!(u[0] >= 'a' && u[0] <= 'z') && !(u[0] >= 'A' && u[0] <= 'Z') && u[0] != '_') return false; for (i = u+1; *i; i++) { if (!(*i >= 'a' && *i <= 'z') && !(*i >= 'A' && *i <= 'Z') && !(*i >= '0' && *i <= '9') && *i != '_' && *i != '-') return false; } sz = sysconf(_SC_LOGIN_NAME_MAX); assert_se(sz > 0); if ((size_t) (i-u) > (size_t) sz) return false; if ((size_t) (i-u) > UT_NAMESIZE - 1) return false; return true; } bool valid_user_group_name_or_id(const char *u) { /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the right * range, and not the invalid user ids. */ if (isempty(u)) return false; if (valid_user_group_name(u)) return true; return parse_uid(u, NULL) >= 0; } bool valid_gecos(const char *d) { if (!d) return false; if (!utf8_is_valid(d)) return false; if (string_has_cc(d, NULL)) return false; /* Colons are used as field separators, and hence not OK */ if (strchr(d, ':')) return false; return true; } bool valid_home(const char *p) { if (isempty(p)) return false; if (!utf8_is_valid(p)) return false; if (string_has_cc(p, NULL)) return false; if (!path_is_absolute(p)) return false; if (!path_is_safe(p)) return false; /* Colons are used as field separators, and hence not OK */ if (strchr(p, ':')) return false; return true; }
int take_etc_passwd_lock(const char *root) { struct flock flock = { .l_type = F_WRLCK, .l_whence = SEEK_SET, .l_start = 0, .l_len = 0, }; const char *path; int fd, r; /* This is roughly the same as lckpwdf(), but not as awful. We * don't want to use alarm() and signals, hence we implement * our own trivial version of this. * * Note that shadow-utils also takes per-database locks in * addition to lckpwdf(). However, we don't given that they * are redundant as they invoke lckpwdf() first and keep * it during everything they do. The per-database locks are * awfully racy, and thus we just won't do them. */ if (root) path = prefix_roota(root, "/etc/.pwd.lock"); else path = "/etc/.pwd.lock"; fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600); if (fd < 0) return -errno; r = fcntl(fd, F_SETLKW, &flock); if (r < 0) { safe_close(fd); return -errno; } return fd; } bool valid_user_group_name(const char *u) { const char *i; long sz; /* Checks if the specified name is a valid user/group name. */ if (isempty(u)) return false; if (!(u[0] >= 'a' && u[0] <= 'z') && !(u[0] >= 'A' && u[0] <= 'Z') && u[0] != '_') return false; for (i = u+1; *i; i++) { if (!(*i >= 'a' && *i <= 'z') && !(*i >= 'A' && *i <= 'Z') && !(*i >= '0' && *i <= '9') && *i != '_' && *i != '-') return false; } sz = sysconf(_SC_LOGIN_NAME_MAX); assert_se(sz > 0); if ((size_t) (i-u) > (size_t) sz) return false; if ((size_t) (i-u) > UT_NAMESIZE - 1) return false; return true; } bool valid_user_group_name_or_id(const char *u) { /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the right * range, and not the invalid user ids. */ if (isempty(u)) return false; if (valid_user_group_name(u)) return true; return parse_uid(u, NULL) >= 0; } bool valid_gecos(const char *d) { if (!d) return false; if (!utf8_is_valid(d)) return false; if (string_has_cc(d, NULL)) return false; /* Colons are used as field separators, and hence not OK */ if (strchr(d, ':')) return false; return true; } bool valid_home(const char *p) { if (isempty(p)) return false; if (!utf8_is_valid(p)) return false; if (string_has_cc(p, NULL)) return false; if (!path_is_absolute(p)) return false; if (!path_is_safe(p)) return false; /* Colons are used as field separators, and hence not OK */ if (strchr(p, ':')) return false; return true; } int maybe_setgroups(size_t size, const gid_t *list) { int r; /* Check if setgroups is allowed before we try to drop all the auxiliary groups */ if (size == 0) { /* Dropping all aux groups? */ _cleanup_free_ char *setgroups_content = NULL; bool can_setgroups; r = read_one_line_file("/proc/self/setgroups", &setgroups_content); if (r == -ENOENT) /* Old kernels don't have /proc/self/setgroups, so assume we can use setgroups */ can_setgroups = true; else if (r < 0) return r; else can_setgroups = streq(setgroups_content, "allow"); if (!can_setgroups) { log_debug("Skipping setgroups(), /proc/self/setgroups is set to 'deny'"); return 0; } } if (setgroups(size, list) < 0) return -errno; return 0; }