dissect: Add more debug logging

Currently it's next to impossible to find out why dissect_image() has failed with EADDRNOTAVAIL, so let's add debug logging and use EREMOTE for the different architectures error to help out with debugging a bit.
cgroup-util: add pidref+full counter parts for cg_pid_get_user_unit()
2025-11-23 10:44:45 +01:00 · 2025-09-25 14:11:36 +02:00 · 2025-09-25 14:09:55 +02:00 · 2025-09-25 14:07:22 +02:00 · 2025-09-25 14:06:34 +02:00 · 2025-09-25 11:03:24 +02:00
9 changed files with 119 additions and 34 deletions
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@ -1157,7 +1157,7 @@ static const char* skip_user_prefix(const char *path) {
        return skip_session(e);
 }
-int cg_path_get_user_unit(const char *path, char **ret) {
+int cg_path_get_user_unit_full(const char *path, char **ret_unit, char **ret_subgroup) {
        const char *t;
        assert(path);
@ -1168,18 +1168,42 @@ int cg_path_get_user_unit(const char *path, char **ret) {
        /* And from here on it looks pretty much the same as for a system unit, hence let's use the same
         * parser. */
-        return cg_path_get_unit(t, ret);
+        return cg_path_get_unit_full(t, ret_unit, ret_subgroup);
 }
-int cg_pid_get_user_unit(pid_t pid, char **ret_unit) {
+int cg_pid_get_user_unit_full(pid_t pid, char **ret_unit, char **ret_subgroup) {
        _cleanup_free_ char *cgroup = NULL;
        int r;
        _cleanup_free_ char *cgroup = NULL;
        r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
        if (r < 0)
                return r;
-        return cg_path_get_user_unit(cgroup, ret_unit);
+        return cg_path_get_user_unit_full(cgroup, ret_unit, ret_subgroup);
 }
 int cg_pidref_get_user_unit_full(const PidRef *pidref, char **ret_unit, char **ret_subgroup) {
        int r;
        if (!pidref_is_set(pidref))
                return -ESRCH;
        if (pidref_is_remote(pidref))
                return -EREMOTE;
        _cleanup_free_ char *unit = NULL, *subgroup = NULL;
        r = cg_pid_get_user_unit_full(pidref->pid, &unit, &subgroup);
        if (r < 0)
                return r;
        r = pidref_verify(pidref);
        if (r < 0)
                return r;
        if (ret_unit)
                *ret_unit = TAKE_PTR(unit);
        if (ret_subgroup)
                *ret_subgroup = TAKE_PTR(subgroup);
        return 0;
 }
 int cg_path_get_machine_name(const char *path, char **ret_machine) {
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@ -208,7 +208,10 @@ static inline int cg_path_get_unit(const char *path, char **ret_unit) {
        return cg_path_get_unit_full(path, ret_unit, NULL);
 }
 int cg_path_get_unit_path(const char *path, char **ret_unit);
-int cg_path_get_user_unit(const char *path, char **ret_unit);
+int cg_path_get_user_unit_full(const char *path, char **ret_unit, char **ret_subgroup);
 static inline int cg_path_get_user_unit(const char *path, char **ret_unit) {
        return cg_path_get_user_unit_full(path, ret_unit, NULL);
 }
 int cg_path_get_machine_name(const char *path, char **ret_machine);
 int cg_path_get_slice(const char *path, char **ret_slice);
 int cg_path_get_user_slice(const char *path, char **ret_slice);
@ -228,7 +231,14 @@ int cg_pidref_get_unit_full(const PidRef *pidref, char **ret_unit, char **ret_su
 static inline int cg_pidref_get_unit(const PidRef *pidref, char **ret_unit) {
        return cg_pidref_get_unit_full(pidref, ret_unit, NULL);
 }
-int cg_pid_get_user_unit(pid_t pid, char **ret_unit);
+int cg_pid_get_user_unit_full(pid_t pid, char **ret_unit, char **ret_subgroup);
 static inline int cg_pid_get_user_unit(pid_t pid, char **ret_unit) {
        return cg_pid_get_unit_full(pid, ret_unit, NULL);
 }
 int cg_pidref_get_user_unit_full(const PidRef *pidref, char **ret_unit, char **ret_subgroup);
 static inline int cg_pidref_get_user_unit(const PidRef *pidref, char **ret_unit) {
        return cg_pidref_get_user_unit_full(pidref, ret_unit, NULL);
 }
 int cg_pid_get_machine_name(pid_t pid, char **ret_machine);
 int cg_pid_get_slice(pid_t pid, char **ret_slice);
 int cg_pid_get_user_slice(pid_t pid, char **ret_slice);
--- a/src/basic/tmpfile-util.c
+++ b/src/basic/tmpfile-util.c
@ -250,8 +250,7 @@ int tempfn_random_child(const char *p, const char *extra, char **ret) {
 }
 int open_tmpfile_unlinkable(const char *directory, int flags) {
-        char *p;
+        int r;
        int fd, r;
        if (!directory) {
                r = tmp_dir(&directory);
@ -263,12 +262,14 @@ int open_tmpfile_unlinkable(const char *directory, int flags) {
        /* Returns an unlinked temporary file that cannot be linked into the file system anymore */
        /* Try O_TMPFILE first, if it is supported */
-        fd = open(directory, flags|O_TMPFILE|O_EXCL, S_IRUSR|S_IWUSR);
+        int fd = open(directory, flags|O_TMPFILE|O_EXCL, S_IRUSR|S_IWUSR);
        if (fd >= 0)
                return fd;
        /* Fall back to unguessable name + unlinking */
-        p = strjoina(directory, "/systemd-tmp-XXXXXX");
+        _cleanup_free_ char *p = path_join(directory, "/systemd-tmp-XXXXXX");
        if (!p)
                return -ENOMEM;
        fd = mkostemp_safe(p);
        if (fd < 0)
@ -280,8 +281,7 @@ int open_tmpfile_unlinkable(const char *directory, int flags) {
 }
 int open_tmpfile_linkable_at(int dir_fd, const char *target, int flags, char **ret_path) {
-        _cleanup_free_ char *tmp = NULL;
+        int r;
        int r, fd;
        assert(target);
        assert(ret_path);
@ -293,7 +293,7 @@ int open_tmpfile_linkable_at(int dir_fd, const char *target, int flags, char **r
         * which case "ret_path" will be returned as NULL. If not possible the temporary path name used is returned in
         * "ret_path". Use link_tmpfile() below to rename the result after writing the file in full. */
-        fd = open_parent_at(dir_fd, target, O_TMPFILE|flags, 0640);
+        int fd = open_parent_at(dir_fd, target, O_TMPFILE|flags, 0640);
        if (fd >= 0) {
                *ret_path = NULL;
                return fd;
@ -301,6 +301,7 @@ int open_tmpfile_linkable_at(int dir_fd, const char *target, int flags, char **r
        log_debug_errno(fd, "Failed to use O_TMPFILE for %s: %m", target);
        _cleanup_free_ char *tmp = NULL;
        r = tempfn_random(target, NULL, &tmp);
        if (r < 0)
                return r;
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@ -1483,7 +1483,7 @@ static int gather_pid_metadata_from_procfs(struct iovec_wrapper *iovw, Context *
        if (cg_pidref_get_unit(&context->pidref, &t) >= 0)
                (void) iovw_put_string_field_free(iovw, "COREDUMP_UNIT=", t);
-        if (cg_pid_get_user_unit(pid, &t) >= 0)
+        if (cg_pidref_get_user_unit(&context->pidref, &t) >= 0)
                (void) iovw_put_string_field_free(iovw, "COREDUMP_USER_UNIT=", t);
        if (cg_pidref_get_session(&context->pidref, &t) >= 0)
--- a/src/home/homework-luks.c
+++ b/src/home/homework-luks.c
@ -134,6 +134,7 @@ static int probe_file_system_by_fd(
                char **ret_fstype,
                sd_id128_t *ret_uuid) {
 #if HAVE_BLKID
        _cleanup_(blkid_free_probep) blkid_probe b = NULL;
        const char *fstype = NULL;
        sd_id128_t id;
@ -183,6 +184,9 @@ static int probe_file_system_by_fd(
                return r;
        *ret_uuid = id;
        return 0;
 #else
        return -EOPNOTSUPP;
 #endif
 }
 static int probe_file_system_by_path(const char *path, char **ret_fstype, sd_id128_t *ret_uuid) {
@ -663,6 +667,7 @@ static int luks_validate(
                uint64_t *ret_offset,
                uint64_t *ret_size) {
 #if HAVE_BLKID
        _cleanup_(blkid_free_probep) blkid_probe b = NULL;
        sd_id128_t found_partition_uuid = SD_ID128_NULL;
        const char *fstype = NULL, *pttype = NULL;
@ -775,6 +780,9 @@ static int luks_validate(
        *ret_partition_uuid = found_partition_uuid;
        return 0;
 #else
        return -EOPNOTSUPP;
 #endif
 }
 static int crypt_device_to_evp_cipher(struct crypt_device *cd, const EVP_CIPHER **ret) {
--- a/src/mountfsd/mountwork.c
+++ b/src/mountfsd/mountwork.c
@ -659,7 +659,7 @@ static DirectoryOwnership validate_directory_fd(int fd, uid_t peer_uid) {
        if (r < 0)
                return r;
-        fl = fd_verify_safe_flags_full(fd, O_DIRECTORY);
+        fl = fd_verify_safe_flags_full(fd, O_DIRECTORY|O_PATH);
        if (fl < 0)
                return log_debug_errno(fl, "Directory file descriptor has unsafe flags set: %m");
--- a/src/repart/repart.c
+++ b/src/repart/repart.c
@ -4271,6 +4271,7 @@ static bool context_changed(const Context *context) {
 }
 static int context_wipe_range(Context *context, uint64_t offset, uint64_t size) {
 #if HAVE_BLKID
        _cleanup_(blkid_free_probep) blkid_probe probe = NULL;
        int r;
@ -4312,6 +4313,10 @@ static int context_wipe_range(Context *context, uint64_t offset, uint64_t size)
        }
        return 0;
 #else
        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                               "Cannot wipe partition signatures, libblkid support is not compiled in.");
 #endif
 }
 static int context_wipe_partition(Context *context, Partition *p) {
@ -7361,6 +7366,7 @@ static int resolve_copy_blocks_auto_candidate(
                dev_t restrict_devno,
                sd_id128_t *ret_uuid) {
 #if HAVE_BLKID
        _cleanup_(blkid_free_probep) blkid_probe b = NULL;
        _cleanup_close_ int fd = -EBADF;
        _cleanup_free_ char *p = NULL;
@ -7473,6 +7479,10 @@ static int resolve_copy_blocks_auto_candidate(
                *ret_uuid = u;
        return true;
 #else
        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                               "Cannot check partition type UUID and device location, libblkid support is not compiled in.");
 #endif
 }
 static int resolve_copy_blocks_auto_candidate_harder(
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@ -1440,23 +1440,31 @@ static int dissect_image(
                }
        }
        /* Verity found but no matching rootfs? Something is off, refuse. */
        if (!m->partitions[PARTITION_ROOT].found &&
                (m->partitions[PARTITION_ROOT_VERITY].found ||
                 m->partitions[PARTITION_ROOT_VERITY_SIG].found))
-                        return -EADDRNOTAVAIL; /* Verity found but no matching rootfs? Something is off, refuse. */
+                        return log_debug_errno(
                                        SYNTHETIC_ERRNO(EADDRNOTAVAIL),
                                        "Found root verity hash partition without matching root data partition");
        /* Hmm, we found a signature partition but no Verity data? Something is off. */
        if (m->partitions[PARTITION_ROOT_VERITY_SIG].found && !m->partitions[PARTITION_ROOT_VERITY].found)
-                return -EADDRNOTAVAIL;
+                return log_debug_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL),
                                       "Found root verity signature partition without matching root verity hash partition");
        /* as above */
        if (!m->partitions[PARTITION_USR].found &&
                (m->partitions[PARTITION_USR_VERITY].found ||
                 m->partitions[PARTITION_USR_VERITY_SIG].found))
-                        return -EADDRNOTAVAIL; /* as above */
+                        return log_debug_errno(
                                        SYNTHETIC_ERRNO(EADDRNOTAVAIL),
                                        "Found usr verity hash partition without matching usr data partition");
        /* as above */
        if (m->partitions[PARTITION_USR_VERITY_SIG].found && !m->partitions[PARTITION_USR_VERITY].found)
-                return -EADDRNOTAVAIL;
+                return log_debug_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL),
                                       "Found usr verity signature partition without matching usr verity hash partition");
        /* If root and /usr are combined then insist that the architecture matches */
        if (m->partitions[PARTITION_ROOT].found &&
@ -1464,7 +1472,10 @@ static int dissect_image(
            (m->partitions[PARTITION_ROOT].architecture >= 0 &&
             m->partitions[PARTITION_USR].architecture >= 0 &&
             m->partitions[PARTITION_ROOT].architecture != m->partitions[PARTITION_USR].architecture))
-                return -EADDRNOTAVAIL;
+                return log_debug_errno(SYNTHETIC_ERRNO(EREMOTE),
                                       "Found root and usr partitions with different architectures (%s vs %s)",
                                       architecture_to_string(m->partitions[PARTITION_ROOT].architecture),
                                       architecture_to_string(m->partitions[PARTITION_USR].architecture));
        if (!m->partitions[PARTITION_ROOT].found &&
            !m->partitions[PARTITION_USR].found &&
@ -1532,39 +1543,58 @@ static int dissect_image(
        /* Check if we have a root fs if we are told to do check. /usr alone is fine too, but only if appropriate flag for that is set too */
        if (FLAGS_SET(flags, DISSECT_IMAGE_REQUIRE_ROOT) &&
            !(m->partitions[PARTITION_ROOT].found || (m->partitions[PARTITION_USR].found && FLAGS_SET(flags, DISSECT_IMAGE_USR_NO_ROOT))))
-                return -ENXIO;
+                return log_debug_errno(SYNTHETIC_ERRNO(ENXIO), "Root or usr partition requested but found neither");
        if (m->partitions[PARTITION_ROOT_VERITY].found) {
                /* We only support one verity partition per image, i.e. can't do for both /usr and root fs */
                if (m->partitions[PARTITION_USR_VERITY].found)
-                        return -ENOTUNIQ;
+                        return log_debug_errno(SYNTHETIC_ERRNO(ENOTUNIQ), "Found both root and usr verity enabled partitions which is not supported");
                /* We don't support verity enabled root with a split out /usr. Neither with nor without
                 * verity there. (Note that we do support verity-less root with verity-full /usr, though.) */
                if (m->partitions[PARTITION_USR].found)
-                        return -EADDRNOTAVAIL;
+                        return log_debug_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL), "Found verity enabled root partition with split usr partition which is not supported");
        }
        if (verity) {
                /* If a verity designator is specified, then insist that the matching partition exists */
                if (verity->designator >= 0 && !m->partitions[verity->designator].found)
-                        return -EADDRNOTAVAIL;
+                        return log_debug_errno(
                                SYNTHETIC_ERRNO(EADDRNOTAVAIL),
                                "Explicit %s verity designator was specified but did not find %s partition",
                                partition_designator_to_string(verity->designator),
                                partition_designator_to_string(verity->designator));
                if (verity->root_hash) {
                        /* If we have an explicit root hash and found the partitions for it, then we are ready to use
                         * Verity, set things up for it */
                        if (verity->designator < 0 || verity->designator == PARTITION_ROOT) {
-                                if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
+                                if (!m->partitions[PARTITION_ROOT].found)
-                                        return -EADDRNOTAVAIL;
+                                        return log_debug_errno(
                                                        SYNTHETIC_ERRNO(EADDRNOTAVAIL),
                                                        "Verity enabled root partition was requested but did not find a root data partition");
                                if (!m->partitions[PARTITION_ROOT_VERITY].found)
                                        return log_debug_errno(
                                                        SYNTHETIC_ERRNO(EADDRNOTAVAIL),
                                                        "Verity enabled root partition was requested but did not find a root verity hash partition");
                                /* If we found a verity setup, then the root partition is necessarily read-only. */
                                m->partitions[PARTITION_ROOT].rw = false;
                        } else {
                                assert(verity->designator == PARTITION_USR);
-                                if (!m->partitions[PARTITION_USR_VERITY].found || !m->partitions[PARTITION_USR].found)
+                                if (!m->partitions[PARTITION_USR].found)
-                                        return -EADDRNOTAVAIL;
+                                        return log_debug_errno(
                                                        SYNTHETIC_ERRNO(EADDRNOTAVAIL),
                                                        "Verity enabled usr partition was requested but did not find a usr data partition");
                                if (!m->partitions[PARTITION_USR_VERITY].found)
                                        return log_debug_errno(
                                                        SYNTHETIC_ERRNO(EADDRNOTAVAIL),
                                                        "Verity enabled usr partition was requested but did not find a usr verity hash partition");
                                m->partitions[PARTITION_USR].rw = false;
                        }
@ -1697,7 +1727,10 @@ int dissect_log_error(int log_level, int r, const char *name, const VeritySettin
                return log_full_errno(log_level, r, "%s: The image does not pass os-release/extension-release validation.", name);
        case -EADDRNOTAVAIL:
-                return log_full_errno(log_level, r, "%s: No root partition for specified root hash found.", name);
+                return log_full_errno(log_level, r, "%s: No root/usr partition for specified root/usr hash found.", name);
        case -EREMOTE:
                return log_full_errno(log_level, r, "%s: Found root and usr partitions with different architectures", name);
        case -ENOTUNIQ:
                return log_full_errno(log_level, r, "%s: Multiple suitable root partitions found in image.", name);
@ -4750,7 +4783,7 @@ int mountfsd_mount_directory(
        if (r < 0)
                return log_error_errno(r, "Failed to enable varlink fd passing for write: %m");
-        _cleanup_close_ int directory_fd = open(path, O_DIRECTORY|O_RDONLY|O_CLOEXEC);
+        _cleanup_close_ int directory_fd = open(path, O_DIRECTORY|O_RDONLY|O_CLOEXEC|O_PATH);
        if (directory_fd < 0)
                return log_error_errno(errno, "Failed to open '%s': %m", path);
--- a/src/shared/loop-util.c
+++ b/src/shared/loop-util.c
@ -1064,9 +1064,8 @@ int loop_device_refresh_size(LoopDevice *d, uint64_t offset, uint64_t size) {
        VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info));
 #endif
-        if (size == UINT64_MAX && offset == UINT64_MAX)
+        if ((size == UINT64_MAX || info.lo_sizelimit == size) &&
-                return 0;
+            (offset == UINT64_MAX || info.lo_offset == offset))
        if (info.lo_sizelimit == size && info.lo_offset == offset)
                return 0;
        if (size != UINT64_MAX)
Author	SHA1	Message	Date
Daan De Meyer	2c4263f987	dissect: Add more debug logging Currently it's next to impossible to find out why dissect_image() has failed with EADDRNOTAVAIL, so let's add debug logging and use EREMOTE for the different architectures error to help out with debugging a bit.	2025-09-25 14:11:36 +02:00
Lennart Poettering	015025cba2	cgroup-util: add pidref+full counter parts for cg_pid_get_user_unit() This completes the set of functions for getting the user unit of a process, mirroring the four functions we already have for the system unit.	2025-09-25 14:09:55 +02:00
Lennart Poettering	ece4df0293	tmpfile: minor modernizations	2025-09-25 14:07:22 +02:00
Lennart Poettering	1a00afe0ff	mountfsd: slightly relax restrictions on dir fds to mount When establishing a idmapped mount for a directory with foreign mapping we so far insisted in the dir being properly opened (i.e. via a non-O_PATH fd) being passed to mountfsd. This is problematic however, since the client might not actually be able to open the dir (which after all is owned by the foreign UID, not by the user). Hence, let's relax the rules, and accept an O_PATH fd too (which the client can get even without privs). This should be safe, since the load-bearing security check is whether the dir has a parent owned by the client's UID, and for that check O_PATH or not O_PATH is not relevant.	2025-09-25 14:06:34 +02:00
Antonio Alvarez Feijoo	e77566fbca	libblkid: fix build with blkid disabled Prompted by c349edfe49dc2c4b8a79e5d08ecf7c8e93c4c909, but it didn't work before.	2025-09-25 11:03:24 +02:00
Lennart Poettering	ec3139db8b	loop-util: fully suppress unnecessary size changes Typically we set the offset argument to UINT64_MAX in most calls, but this caused us to not detect no-change invocations. Fix that.	2025-09-25 08:49:25 +02:00