diff options
author | Luca Boccassi <bluca@debian.org> | 2025-01-17 20:49:49 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2025-01-17 20:49:49 +0100 |
commit | 27c947ec3dfe8de97510983324fa61cec57baf9a (patch) | |
tree | f0b7cd1f00535de68820c260f1e3bec113a10876 | |
parent | escape: make 'bad' parameter optional (diff) | |
parent | nspawn: assorted coding style fixes (diff) | |
download | systemd-main.tar.xz systemd-main.zip |
-rw-r--r-- | src/import/pull-common.c | 15 | ||||
-rw-r--r-- | src/nspawn/nspawn-cgroup.c | 10 | ||||
-rw-r--r-- | src/nspawn/nspawn-mount.c | 72 | ||||
-rw-r--r-- | src/nspawn/nspawn.c | 2 |
4 files changed, 41 insertions, 58 deletions
diff --git a/src/import/pull-common.c b/src/import/pull-common.c index 9a2ced002b..b566e52b56 100644 --- a/src/import/pull-common.c +++ b/src/import/pull-common.c @@ -22,6 +22,7 @@ #include "siphash24.h" #include "string-util.h" #include "strv.h" +#include "tmpfile-util.h" #include "web-util.h" #define FILENAME_ESCAPE "/.#\"\'" @@ -378,9 +379,9 @@ static int verify_gpg( const void *signature, size_t signature_size) { _cleanup_close_pair_ int gpg_pipe[2] = EBADF_PAIR; - char sig_file_path[] = "/tmp/sigXXXXXX", gpg_home[] = "/tmp/gpghomeXXXXXX"; + _cleanup_(rm_rf_physical_and_freep) char *gpg_home = NULL; + char sig_file_path[] = "/tmp/sigXXXXXX"; _cleanup_(sigkill_waitp) pid_t pid = 0; - bool gpg_home_created = false; int r; assert(payload || payload_size == 0); @@ -404,13 +405,12 @@ static int verify_gpg( } } - if (!mkdtemp(gpg_home)) { - r = log_error_errno(errno, "Failed to create temporary home for gpg: %m"); + r = mkdtemp_malloc("/tmp/gpghomeXXXXXX", &gpg_home); + if (r < 0) { + log_error_errno(r, "Failed to create temporary home for gpg: %m"); goto finish; } - gpg_home_created = true; - r = safe_fork_full("(gpg)", (int[]) { gpg_pipe[0], -EBADF, STDERR_FILENO }, NULL, 0, @@ -485,9 +485,6 @@ finish: if (signature_size > 0) (void) unlink(sig_file_path); - if (gpg_home_created) - (void) rm_rf(gpg_home, REMOVE_ROOT|REMOVE_PHYSICAL); - return r; } diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c index 4f28b4a225..6d6a8a814b 100644 --- a/src/nspawn/nspawn-cgroup.c +++ b/src/nspawn/nspawn-cgroup.c @@ -18,6 +18,7 @@ #include "rm-rf.h" #include "string-util.h" #include "strv.h" +#include "tmpfile-util.h" #include "user-util.h" static int chown_cgroup_path(const char *path, uid_t uid_shift) { @@ -48,8 +49,9 @@ static int chown_cgroup_path(const char *path, uid_t uid_shift) { } int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { + _cleanup_(rmdir_and_freep) char *tree = NULL; _cleanup_free_ char *cgroup = NULL; - char tree[] = "/tmp/unifiedXXXXXX", pid_string[DECIMAL_STR_MAX(pid) + 1]; + char pid_string[DECIMAL_STR_MAX(pid) + 1]; bool undo_mount = false; const char *fn; int r, unified_controller; @@ -70,8 +72,9 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { return log_error_errno(r, "Failed to get control group of " PID_FMT ": %m", pid); /* In order to access the unified hierarchy we need to mount it */ - if (!mkdtemp(tree)) - return log_error_errno(errno, "Failed to generate temporary mount point for unified hierarchy: %m"); + r = mkdtemp_malloc("/tmp/unifiedXXXXXX", &tree); + if (r < 0) + return log_error_errno(r, "Failed to generate temporary mount point for unified hierarchy: %m"); if (unified_controller > 0) r = mount_nofollow_verbose(LOG_ERR, "cgroup", tree, "cgroup", @@ -107,7 +110,6 @@ finish: if (undo_mount) (void) umount_verbose(LOG_ERR, tree, UMOUNT_NOFOLLOW); - (void) rmdir(tree); return r; } diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index d5370c22b9..f64d6b48a6 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -127,18 +127,15 @@ static char *resolve_source_path(const char *dest, const char *source) { } static int allocate_temporary_source(CustomMount *m) { + int r; + assert(m); assert(!m->source); assert(!m->rm_rf_tmpdir); - m->rm_rf_tmpdir = strdup("/var/tmp/nspawn-temp-XXXXXX"); - if (!m->rm_rf_tmpdir) - return log_oom(); - - if (!mkdtemp(m->rm_rf_tmpdir)) { - m->rm_rf_tmpdir = mfree(m->rm_rf_tmpdir); - return log_error_errno(errno, "Failed to acquire temporary directory: %m"); - } + r = mkdtemp_malloc("/var/tmp/nspawn-temp-XXXXXX", &m->rm_rf_tmpdir); + if (r < 0) + return log_error_errno(r, "Failed to acquire temporary directory: %m"); m->source = path_join(m->rm_rf_tmpdir, "src"); if (!m->source) @@ -153,7 +150,7 @@ static int allocate_temporary_source(CustomMount *m) { int custom_mount_prepare_all(const char *dest, CustomMount *l, size_t n) { int r; - /* Prepare all custom mounts. This will make source we know all temporary directories. This is called in the + /* Prepare all custom mounts. This will make sure we know all temporary directories. This is called in the * parent process, so that we know the temporary directories to remove on exit before we fork off the * children. */ @@ -162,9 +159,7 @@ int custom_mount_prepare_all(const char *dest, CustomMount *l, size_t n) { /* Order the custom mounts, and make sure we have a working directory */ typesafe_qsort(l, n, custom_mount_compare); - for (size_t i = 0; i < n; i++) { - CustomMount *m = l + i; - + FOREACH_ARRAY(m, l, n) { /* /proc we mount in the inner child, i.e. when we acquired CLONE_NEWPID. All other mounts we mount * already in the outer child, so that the mounts are already established before CLONE_NEWPID and in * particular CLONE_NEWUSER. This also means any custom mounts below /proc also need to be mounted in @@ -1101,7 +1096,7 @@ static int setup_volatile_state_after_remount_idmap(const char *directory, uid_t static int setup_volatile_yes(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) { bool tmpfs_mounted = false, bind_mounted = false; - char template[] = "/tmp/nspawn-volatile-XXXXXX"; + _cleanup_(rmdir_and_freep) char *template = NULL; _cleanup_free_ char *buf = NULL, *bindir = NULL; const char *f, *t, *options; struct stat st; @@ -1130,8 +1125,9 @@ static int setup_volatile_yes(const char *directory, uid_t uid_shift, const char return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Error starting image: if --volatile=yes is used /bin must be a symlink (for merged /usr support) or non-existent (in which case a symlink is created automatically)."); - if (!mkdtemp(template)) - return log_error_errno(errno, "Failed to create temporary directory: %m"); + r = mkdtemp_malloc("/tmp/nspawn-volatile-XXXXXX", &template); + if (r < 0) + return log_error_errno(r, "Failed to create temporary directory: %m"); options = "mode=0755" TMPFS_LIMITS_ROOTFS; r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); @@ -1182,13 +1178,12 @@ fail: if (tmpfs_mounted) (void) umount_verbose(LOG_ERR, template, UMOUNT_NOFOLLOW); - (void) rmdir(template); return r; } static int setup_volatile_overlay(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) { _cleanup_free_ char *buf = NULL, *escaped_directory = NULL, *escaped_upper = NULL, *escaped_work = NULL; - char template[] = "/tmp/nspawn-volatile-XXXXXX"; + _cleanup_(rmdir_and_freep) char *template = NULL; const char *upper, *work, *options; bool tmpfs_mounted = false; int r; @@ -1197,8 +1192,9 @@ static int setup_volatile_overlay(const char *directory, uid_t uid_shift, const /* --volatile=overlay means we mount an overlayfs to the root dir. */ - if (!mkdtemp(template)) - return log_error_errno(errno, "Failed to create temporary directory: %m"); + r = mkdtemp_malloc("/tmp/nspawn-volatile-XXXXXX", &template); + if (r < 0) + return log_error_errno(r, "Failed to create temporary directory: %m"); options = "mode=0755" TMPFS_LIMITS_ROOTFS; r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); @@ -1243,7 +1239,6 @@ finish: if (tmpfs_mounted) (void) umount_verbose(LOG_ERR, template, UMOUNT_NOFOLLOW); - (void) rmdir(template); return r; } @@ -1322,8 +1317,7 @@ int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s int setup_pivot_root(const char *directory, const char *pivot_root_new, const char *pivot_root_old) { _cleanup_free_ char *directory_pivot_root_new = NULL; _cleanup_free_ char *pivot_tmp_pivot_root_old = NULL; - char pivot_tmp[] = "/tmp/nspawn-pivot-XXXXXX"; - bool remove_pivot_tmp = false; + _cleanup_(rmdir_and_freep) char *pivot_tmp = NULL; int r; assert(directory); @@ -1364,43 +1358,33 @@ int setup_pivot_root(const char *directory, const char *pivot_root_new, const ch /* Remount directory_pivot_root_new to make it movable. */ r = mount_nofollow_verbose(LOG_ERR, directory_pivot_root_new, directory_pivot_root_new, NULL, MS_BIND, NULL); if (r < 0) - goto done; + return r; if (pivot_root_old) { - if (!mkdtemp(pivot_tmp)) { - r = log_error_errno(errno, "Failed to create temporary directory: %m"); - goto done; - } + r = mkdtemp_malloc("/tmp/nspawn-pivot-XXXXXX", &pivot_tmp); + if (r < 0) + return log_error_errno(r, "Failed to create temporary directory: %m"); - remove_pivot_tmp = true; pivot_tmp_pivot_root_old = path_join(pivot_tmp, pivot_root_old); - if (!pivot_tmp_pivot_root_old) { - r = log_oom(); - goto done; - } + if (!pivot_tmp_pivot_root_old) + return log_oom(); r = mount_nofollow_verbose(LOG_ERR, directory_pivot_root_new, pivot_tmp, NULL, MS_MOVE, NULL); if (r < 0) - goto done; + return r; r = mount_nofollow_verbose(LOG_ERR, directory, pivot_tmp_pivot_root_old, NULL, MS_MOVE, NULL); if (r < 0) - goto done; + return r; r = mount_nofollow_verbose(LOG_ERR, pivot_tmp, directory, NULL, MS_MOVE, NULL); - if (r < 0) - goto done; - } else { + } else r = mount_nofollow_verbose(LOG_ERR, directory_pivot_root_new, directory, NULL, MS_MOVE, NULL); - if (r < 0) - goto done; - } -done: - if (remove_pivot_tmp) - (void) rmdir(pivot_tmp); + if (r < 0) + return r; - return r; + return 0; } #define NSPAWN_PRIVATE_FULLY_VISIBLE_PROCFS "/run/host/proc" diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 7ceda0b30c..5ab04b121a 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -3437,7 +3437,7 @@ static int inner_child( return r; } - r = mount_all(NULL, + r = mount_all(/* dest= */ NULL, arg_mount_settings | MOUNT_IN_USERNS, arg_uid_shift, arg_selinux_apifs_context); |