Compare commits

...

3 Commits

Author SHA1 Message Date
Lennart Poettering f1eb0ccd9e update TODO 2020-05-10 10:19:12 +02:00
Lennart Poettering 622e1cdb31 fs-util: beef up path_is_encrypted() to deal with LVM block devices
Let's iterate through the slaves/ directory to find backing devices of
the block devices we care about.
2020-05-10 09:23:30 +02:00
Benjamin Robin 20c3acfaad tree-wide: Replace assert() by assert_se() when there is side effect 2020-05-10 09:23:12 +02:00
5 changed files with 90 additions and 17 deletions

17
TODO
View File

@ -22,6 +22,14 @@ Janitorial Clean-ups:
Features: Features:
* random-util: make user of new GRND_INSECURE flag wherever possible
* nspawn: support time namespaces
* pid1: Move to tracking of main pid/control pid of units per pidfd
* pid1: support new clone3() fork-into-cgroup feature
* All tools that support --root= should also learn --image= so that they can * All tools that support --root= should also learn --image= so that they can
operate on disk images directly. Specifically: bootctl, firstboot, tmpfiles, operate on disk images directly. Specifically: bootctl, firstboot, tmpfiles,
sysusers, systemctl, repart, journalctl, coredumpctl. sysusers, systemctl, repart, journalctl, coredumpctl.
@ -45,8 +53,9 @@ Features:
resize to diskSize if possible, but leave a certain amount (configured by a resize to diskSize if possible, but leave a certain amount (configured by a
new value diskLeaveFreeSize) of space free on the backing fs. new value diskLeaveFreeSize) of space free on the backing fs.
* homed: permit multiple private keys to be used locally, and pick the right * homed: permit multiple user record signing keys to be used locally, and pick
one for signing records automatically depending on a pre-existing signature the right one for signing records automatically depending on a pre-existing
signature
* homed: add a way to "adopt" a home directory, i.e. strip foreign signatures * homed: add a way to "adopt" a home directory, i.e. strip foreign signatures
and insert a local signature instead. and insert a local signature instead.
@ -59,6 +68,8 @@ Features:
though: if noone is logged in (or no other user even exists yet), how do you though: if noone is logged in (or no other user even exists yet), how do you
unlock the volume in order to create the first user and add the first pw. unlock the volume in order to create the first user and add the first pw.
* homed: support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt
* busctl: maybe expose a verb "ping" for pinging a dbus service to see if it * busctl: maybe expose a verb "ping" for pinging a dbus service to see if it
exists and responds. exists and responds.
@ -169,7 +180,7 @@ Features:
* userdb: allow existence checks * userdb: allow existence checks
* pid: activation by journal search expression * pid1: activation by journal search expression
* when switching root from initrd to host, set the machine_id env var so that * when switching root from initrd to host, set the machine_id env var so that
if the host has no machine ID set yet we continue to use the random one the if the host has no machine ID set yet we continue to use the random one the

View File

@ -1491,9 +1491,77 @@ int open_parent(const char *path, int flags, mode_t mode) {
return fd; return fd;
} }
static int blockdev_is_encrypted(const char *sysfs_path, unsigned depth_left) {
_cleanup_free_ char *p = NULL, *uuids = NULL;
_cleanup_closedir_ DIR *d = NULL;
int r, found_encrypted = false;
assert(sysfs_path);
if (depth_left == 0)
return -EINVAL;
p = path_join(sysfs_path, "dm/uuid");
if (!p)
return -ENOMEM;
r = read_one_line_file(p, &uuids);
if (r != -ENOENT) {
if (r < 0)
return r;
/* The DM device's uuid attribute is prefixed with "CRYPT-" if this is a dm-crypt device. */
if (startswith(uuids, "CRYPT-"))
return true;
}
/* Not a dm-crypt device itself. But maybe it is on top of one? Follow the links in the "slaves/"
* subdir. */
p = mfree(p);
p = path_join(sysfs_path, "slaves");
if (!p)
return -ENOMEM;
d = opendir(p);
if (!d) {
if (errno == ENOENT) /* Doesn't have slaves */
return false;
return -errno;
}
for (;;) {
_cleanup_free_ char *q = NULL;
struct dirent *de;
errno = 0;
de = readdir_no_dot(d);
if (!de) {
if (errno != 0)
return -errno;
break; /* No more slaves */
}
q = path_join(p, de->d_name);
if (!q)
return -ENOMEM;
r = blockdev_is_encrypted(q, depth_left - 1);
if (r < 0)
return r;
if (r == 0) /* we found one that is not encrypted? then propagate that immediately */
return false;
found_encrypted = true;
}
return found_encrypted;
}
int path_is_encrypted(const char *path) { int path_is_encrypted(const char *path) {
_cleanup_free_ char *uuids = NULL; char p[SYS_BLOCK_PATH_MAX(NULL)];
char p[SYS_BLOCK_PATH_MAX("/dm/uuid")];
dev_t devt; dev_t devt;
int r; int r;
@ -1503,13 +1571,7 @@ int path_is_encrypted(const char *path) {
if (r == 0) /* doesn't have a block device */ if (r == 0) /* doesn't have a block device */
return false; return false;
xsprintf_sys_block_path(p, "/dm/uuid", devt); xsprintf_sys_block_path(p, NULL, devt);
r = read_one_line_file(p, &uuids);
if (r == -ENOENT)
return false;
if (r < 0)
return r;
/* The DM device's uuid attribute is prefixed with "CRYPT-" if this is a dm-crypt device. */ return blockdev_is_encrypted(p, 10 /* safety net: maximum recursion depth */);
return !!startswith(uuids, "CRYPT-");
} }

View File

@ -2777,7 +2777,7 @@ void unit_unwatch_pid(Unit *u, pid_t pid) {
if (m == 0) { if (m == 0) {
/* The array is now empty, remove the entire entry */ /* The array is now empty, remove the entire entry */
assert(hashmap_remove(u->manager->watch_pids, PID_TO_PTR(-pid)) == array); assert_se(hashmap_remove(u->manager->watch_pids, PID_TO_PTR(-pid)) == array);
free(array); free(array);
} }
} }

View File

@ -220,8 +220,8 @@ static int import_fs(int argc, char *argv[], void *userdata) {
finish: finish:
/* Put old signal handlers into place */ /* Put old signal handlers into place */
assert(sigaction(SIGINT, &old_sigint_sa, NULL) >= 0); assert_se(sigaction(SIGINT, &old_sigint_sa, NULL) >= 0);
assert(sigaction(SIGTERM, &old_sigterm_sa, NULL) >= 0); assert_se(sigaction(SIGTERM, &old_sigterm_sa, NULL) >= 0);
return 0; return 0;
} }

View File

@ -20,7 +20,7 @@ static void test_parse_sleep_config(void) {
_cleanup_(free_sleep_configp) SleepConfig *sleep_config = NULL; _cleanup_(free_sleep_configp) SleepConfig *sleep_config = NULL;
log_info("/* %s */", __func__); log_info("/* %s */", __func__);
assert(parse_sleep_config(&sleep_config) == 0); assert_se(parse_sleep_config(&sleep_config) == 0);
_cleanup_free_ char *sum, *sus, *him, *his, *hym, *hys; _cleanup_free_ char *sum, *sus, *him, *his, *hym, *hys;