Merge pull request #18798 from poettering/getenv-list-fixes

various follow-ups for ExtensionImages= PR
update TODO
2025-10-02 18:24:46 +02:00 · 2021-02-25 17:00:54 +01:00 · 2021-02-25 15:51:13 +01:00 · 2021-02-25 14:40:53 +01:00 · 2021-02-25 13:38:20 +01:00 · 2021-02-25 13:36:43 +01:00
6 changed files with 29 additions and 28 deletions
--- a/5
+++ b/5
@ -20,6 +20,11 @@ CHANGES WITH 248:
          The SYSEXT_LEVEL= field in os-release(5) may be used to specify the
          supported system extension level.

+        * A new ExtensionImages= unit setting can be used to apply the same
+          system extension image concept from systemd-sysext to the namespaced
+          file hierarchy of specific services, following the same rules and
+          constraints.
+
        * A new configuration file /etc/veritytab may be used to configure
          dm-verity integrity protection for block devices. Each line is in the
          format "volume-name data-device hash-device roothash options",
--- a/3
+++ b/3
@ -20,6 +20,9 @@ Janitorial Clean-ups:

 Features:

+* whenever we receive fds via SCM_RIGHTS make sure none got dropped due to the
+  reception limit the kernel silently enforces.
+
 * add an Open= setting to service unit files that can open arbitrary file
  system paths at service startup time and pass them to the service process via
  our usual socket activation protocol. If passed path refers to AF_UNIX
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@ -813,11 +813,9 @@ int getenv_path_list(const char *name, char ***ret_paths) {
        assert(name);
        assert(ret_paths);

-        *ret_paths = NULL;
-
        e = secure_getenv(name);
        if (!e)
-                return 0;
+                return -ENXIO;

        r = strv_split_full(&l, e, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
        if (r < 0)
@ -842,5 +840,5 @@ int getenv_path_list(const char *name, char ***ret_paths) {
                                       "No paths specified, refusing.");

        *ret_paths = TAKE_PTR(l);
-        return 0;
+        return 1;
 }
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -1554,9 +1554,12 @@ static int apply_mounts(
         * /proc. For example, this is the case with the option: 'InaccessiblePaths=/proc'. */
        proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
        if (!proc_self_mountinfo) {
+                r = -errno;
+
                if (error_path)
                        *error_path = strdup("/proc/self/mountinfo");
-                return log_debug_errno(errno, "Failed to open /proc/self/mountinfo: %m");
+
+                return log_debug_errno(r, "Failed to open /proc/self/mountinfo: %m");
        }

        /* First round, establish all mounts we need */
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@ -1631,10 +1631,6 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
                        return log_error_errno(r, "Failed to parse argument: %m");

                STRV_FOREACH_PAIR(first, second, l) {
-                        /* Format is either 'root:foo' or 'foo' (root is implied) */
-                        if (!isempty(*second) && partition_designator_from_string(*first) < 0)
-                                return bus_log_create_error(-EINVAL);
-
                        r = sd_bus_message_append(m, "(ss)",
                                                  !isempty(*second) ? *first : "root",
                                                  !isempty(*second) ? *second : *first);
@ -1683,14 +1679,14 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con

                        r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
                        if (r < 0)
-                                return r;
+                                return log_error_errno(r, "Failed to parse MountImages= property: %s", eq);
                        if (r == 0)
                                break;

                        q = tuple;
                        r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &first, &second, NULL);
                        if (r < 0)
-                                return r;
+                                return log_error_errno(r, "Failed to parse MountImages= property: %s", eq);
                        if (r == 0)
                                continue;

@ -1722,7 +1718,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con

                                r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
                                if (r < 0)
-                                        return r;
+                                        return log_error_errno(r, "Failed to parse MountImages= property: %s", eq);
                                if (r == 0)
                                        break;
                                /* Single set of options, applying to the root partition/single filesystem */
@ -1734,9 +1730,6 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
                                        break;
                                }

-                                if (partition_designator_from_string(partition) < 0)
-                                        return bus_log_create_error(-EINVAL);
-
                                r = sd_bus_message_append(m, "(ss)", partition, mount_options);
                                if (r < 0)
                                        return bus_log_create_error(r);
@ -1792,14 +1785,14 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con

                        r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
                        if (r < 0)
-                                return r;
+                                return log_error_errno(r, "Failed to parse ExtensionImages= property: %s", eq);
                        if (r == 0)
                                break;

                        q = tuple;
                        r = extract_first_word(&q, &source, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS);
                        if (r < 0)
-                                return r;
+                                return log_error_errno(r, "Failed to parse ExtensionImages= property: %s", eq);
                        if (r == 0)
                                continue;

@ -1826,7 +1819,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con

                                r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
                                if (r < 0)
-                                        return r;
+                                        return log_error_errno(r, "Failed to parse ExtensionImages= property: %s", eq);
                                if (r == 0)
                                        break;
                                /* Single set of options, applying to the root partition/single filesystem */
@ -1838,9 +1831,6 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
                                        break;
                                }

-                                if (partition_designator_from_string(partition) < 0)
-                                        return bus_log_create_error(-EINVAL);
-
                                r = sd_bus_message_append(m, "(ss)", partition, mount_options);
                                if (r < 0)
                                        return bus_log_create_error(r);
--- a/src/shared/extension-release.c
+++ b/src/shared/extension-release.c
@ -79,16 +79,18 @@ int extension_release_validate(
 }

 int parse_env_extension_hierarchies(char ***ret_hierarchies) {
+        _cleanup_free_ char **l = NULL;
        int r;

-        r = getenv_path_list("SYSTEMD_SYSEXT_HIERARCHIES", ret_hierarchies);
-        if (r < 0)
-                return log_debug_errno(r, "Failed to parse SYSTEMD_SYSEXT_HIERARCHIES environment variable : %m");
-        if (!*ret_hierarchies) {
-                *ret_hierarchies = strv_new("/usr", "/opt");
-                if (!*ret_hierarchies)
+        r = getenv_path_list("SYSTEMD_SYSEXT_HIERARCHIES", &l);
+        if (r == -ENXIO) {
+                /* Default when unset */
+                l = strv_new("/usr", "/opt");
+                if (!l)
                        return -ENOMEM;
-        }
+        } else if (r < 0)
+                return r;

+        *ret_hierarchies = TAKE_PTR(l);
        return 0;
 }
Author	SHA1	Message	Date
Lennart Poettering	584e9ba962	Merge pull request #18798 from poettering/getenv-list-fixes various follow-ups for ExtensionImages= PR	2021-02-25 17:00:54 +01:00
Lennart Poettering	7ed72cfac7	update TODO	2021-02-25 15:51:13 +01:00
Luca Boccassi	873b5cbd1e	NEWS: mention ExtensionImages	2021-02-25 14:40:53 +01:00
Lennart Poettering	de4abc3f46	bus-unit-util: generate proper log message when we fail to parse properties	2021-02-25 13:38:20 +01:00
Lennart Poettering	2a7865cc43	bus-unit-util: don't validate partition designator client side When we parse properties set via "systemctl set-property" we should validate to the point where the data we pass over the bus makes rough sense, but we shouldn't needlessly check whether specified enum values are among the known enum values. The server side checks that anyway again, and it's kinda nice if an older systemctl can be used to talk to a newer systemd.	2021-02-25 13:36:43 +01:00
Lennart Poettering	d60e3b405d	namespace: return correct error code	2021-02-25 13:36:32 +01:00
Lennart Poettering	33d31c0e60	env-util: fix parameter handling of parse_env_extension_hierarchies() + getenv_path_list() Our coding style dictates we should not clobber return parameters on failure, and always initialize them on success. Do so here. This changes getenv_path_list() to return ENXIO if the env var is not set, which is similar to how we handle this in getenv_bool(). This drops debug logging from parse_env_extension_hierarchies(), since it's done anyway in getenv_path_list() Follow-up for: #18018	2021-02-25 13:24:53 +01:00