tree-wide: hook up image dissection policy logic everywhere

author: Lennart Poettering <lennart@poettering.net> 2022-11-30 18:43:18 +0100
committer: Lennart Poettering <lennart@poettering.net> 2023-04-05 20:45:30 +0200
commit: 84be0c710d9d562f6d2cf986cc2a8ff4c98a138b (patch)
tree: b374ebea1d604154fa0e004560f428c7f111352c /src/dissect
parent: dissect: add image dissection policy framework (diff)
download: systemd-84be0c710d9d562f6d2cf986cc2a8ff4c98a138b.tar.xz
systemd-84be0c710d9d562f6d2cf986cc2a8ff4c98a138b.zip
1 files changed, 19 insertions, 1 deletions
diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c
index ff00c4f567..b3f20e193e 100644
--- a/src/dissect/dissect.c
+++ b/src/dissect/dissect.c
@@ -83,6 +83,7 @@ static bool arg_rmdir = false;
 static bool arg_in_memory = false;
 static char **arg_argv = NULL;
 static char *arg_loop_ref = NULL;
+static ImagePolicy* arg_image_policy = NULL;
 
 STATIC_DESTRUCTOR_REGISTER(arg_image, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_path, freep);
@@ -126,6 +127,8 @@ static int help(void) {
                "                          'base64:'\n"
                "     --verity-data=PATH   Specify data file with hash tree for verity if it is\n"
                "                          not embedded in IMAGE\n"
+               "     --image-policy=POLICY\n"
+               "                          Specify image dissection policy\n"
                "     --json=pretty|short|off\n"
                "                          Generate JSON output\n"
                "     --loop-ref=NAME      Set reference string for loopback device\n"
@@ -221,6 +224,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_ATTACH,
                 ARG_DETACH,
                 ARG_LOOP_REF,
+                ARG_IMAGE_POLICY,
         };
 
         static const struct option options[] = {
@@ -250,6 +254,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "json",          required_argument, NULL, ARG_JSON          },
                 { "discover",      no_argument,       NULL, ARG_DISCOVER      },
                 { "loop-ref",      required_argument, NULL, ARG_LOOP_REF      },
+                { "image-policy",  required_argument, NULL, ARG_IMAGE_POLICY  },
                 {}
         };
 
@@ -457,6 +462,18 @@ static int parse_argv(int argc, char *argv[]) {
                                 return r;
                         break;
 
+                case ARG_IMAGE_POLICY: {
+                        _cleanup_(image_policy_freep) ImagePolicy *p = NULL;
+
+                        r = image_policy_from_string(optarg, &p);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse image policy: %s", optarg);
+
+                        image_policy_free(arg_image_policy);
+                        arg_image_policy = TAKE_PTR(p);
+                        break;
+                }
+
                 case '?':
                         return -EINVAL;
 
@@ -1750,7 +1767,8 @@ static int run(int argc, char *argv[]) {
         r = dissect_loop_device_and_warn(
                         d,
                         &arg_verity_settings,
-                        NULL,
+                        /* mount_options= */ NULL,
+                        arg_image_policy,
                         arg_flags,
                         &m);
         if (r < 0)
author	Lennart Poettering <lennart@poettering.net>	2022-11-30 18:43:18 +0100
committer	Lennart Poettering <lennart@poettering.net>	2023-04-05 20:45:30 +0200
commit	84be0c710d9d562f6d2cf986cc2a8ff4c98a138b (patch)
tree	b374ebea1d604154fa0e004560f428c7f111352c /src/dissect
parent	dissect: add image dissection policy framework (diff)
download	systemd-84be0c710d9d562f6d2cf986cc2a8ff4c98a138b.tar.xz systemd-84be0c710d9d562f6d2cf986cc2a8ff4c98a138b.zip