diff options
| -rw-r--r-- | src/import/pull-common.c | 15 | ||||
| -rw-r--r-- | src/nspawn/nspawn-cgroup.c | 10 | ||||
| -rw-r--r-- | src/nspawn/nspawn-mount.c | 66 |
3 files changed, 38 insertions, 53 deletions
diff --git a/src/import/pull-common.c b/src/import/pull-common.c index 9a2ced002b..b566e52b56 100644 --- a/src/import/pull-common.c +++ b/src/import/pull-common.c @@ -22,6 +22,7 @@ #include "siphash24.h" #include "string-util.h" #include "strv.h" +#include "tmpfile-util.h" #include "web-util.h" #define FILENAME_ESCAPE "/.#\"\'" @@ -378,9 +379,9 @@ static int verify_gpg( const void *signature, size_t signature_size) { _cleanup_close_pair_ int gpg_pipe[2] = EBADF_PAIR; - char sig_file_path[] = "/tmp/sigXXXXXX", gpg_home[] = "/tmp/gpghomeXXXXXX"; + _cleanup_(rm_rf_physical_and_freep) char *gpg_home = NULL; + char sig_file_path[] = "/tmp/sigXXXXXX"; _cleanup_(sigkill_waitp) pid_t pid = 0; - bool gpg_home_created = false; int r; assert(payload || payload_size == 0); @@ -404,13 +405,12 @@ static int verify_gpg( } } - if (!mkdtemp(gpg_home)) { - r = log_error_errno(errno, "Failed to create temporary home for gpg: %m"); + r = mkdtemp_malloc("/tmp/gpghomeXXXXXX", &gpg_home); + if (r < 0) { + log_error_errno(r, "Failed to create temporary home for gpg: %m"); goto finish; } - gpg_home_created = true; - r = safe_fork_full("(gpg)", (int[]) { gpg_pipe[0], -EBADF, STDERR_FILENO }, NULL, 0, @@ -485,9 +485,6 @@ finish: if (signature_size > 0) (void) unlink(sig_file_path); - if (gpg_home_created) - (void) rm_rf(gpg_home, REMOVE_ROOT|REMOVE_PHYSICAL); - return r; } diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c index 4f28b4a225..6d6a8a814b 100644 --- a/src/nspawn/nspawn-cgroup.c +++ b/src/nspawn/nspawn-cgroup.c @@ -18,6 +18,7 @@ #include "rm-rf.h" #include "string-util.h" #include "strv.h" +#include "tmpfile-util.h" #include "user-util.h" static int chown_cgroup_path(const char *path, uid_t uid_shift) { @@ -48,8 +49,9 @@ static int chown_cgroup_path(const char *path, uid_t uid_shift) { } int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { + _cleanup_(rmdir_and_freep) char *tree = NULL; _cleanup_free_ char *cgroup = NULL; - char tree[] = "/tmp/unifiedXXXXXX", pid_string[DECIMAL_STR_MAX(pid) + 1]; + char pid_string[DECIMAL_STR_MAX(pid) + 1]; bool undo_mount = false; const char *fn; int r, unified_controller; @@ -70,8 +72,9 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { return log_error_errno(r, "Failed to get control group of " PID_FMT ": %m", pid); /* In order to access the unified hierarchy we need to mount it */ - if (!mkdtemp(tree)) - return log_error_errno(errno, "Failed to generate temporary mount point for unified hierarchy: %m"); + r = mkdtemp_malloc("/tmp/unifiedXXXXXX", &tree); + if (r < 0) + return log_error_errno(r, "Failed to generate temporary mount point for unified hierarchy: %m"); if (unified_controller > 0) r = mount_nofollow_verbose(LOG_ERR, "cgroup", tree, "cgroup", @@ -107,7 +110,6 @@ finish: if (undo_mount) (void) umount_verbose(LOG_ERR, tree, UMOUNT_NOFOLLOW); - (void) rmdir(tree); return r; } diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index d5370c22b9..808380af76 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -127,18 +127,15 @@ static char *resolve_source_path(const char *dest, const char *source) { } static int allocate_temporary_source(CustomMount *m) { + int r; + assert(m); assert(!m->source); assert(!m->rm_rf_tmpdir); - m->rm_rf_tmpdir = strdup("/var/tmp/nspawn-temp-XXXXXX"); - if (!m->rm_rf_tmpdir) - return log_oom(); - - if (!mkdtemp(m->rm_rf_tmpdir)) { - m->rm_rf_tmpdir = mfree(m->rm_rf_tmpdir); - return log_error_errno(errno, "Failed to acquire temporary directory: %m"); - } + r = mkdtemp_malloc("/var/tmp/nspawn-temp-XXXXXX", &m->rm_rf_tmpdir); + if (r < 0) + return log_error_errno(r, "Failed to acquire temporary directory: %m"); m->source = path_join(m->rm_rf_tmpdir, "src"); if (!m->source) @@ -1101,7 +1098,7 @@ static int setup_volatile_state_after_remount_idmap(const char *directory, uid_t static int setup_volatile_yes(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) { bool tmpfs_mounted = false, bind_mounted = false; - char template[] = "/tmp/nspawn-volatile-XXXXXX"; + _cleanup_(rmdir_and_freep) char *template = NULL; _cleanup_free_ char *buf = NULL, *bindir = NULL; const char *f, *t, *options; struct stat st; @@ -1130,8 +1127,9 @@ static int setup_volatile_yes(const char *directory, uid_t uid_shift, const char return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Error starting image: if --volatile=yes is used /bin must be a symlink (for merged /usr support) or non-existent (in which case a symlink is created automatically)."); - if (!mkdtemp(template)) - return log_error_errno(errno, "Failed to create temporary directory: %m"); + r = mkdtemp_malloc("/tmp/nspawn-volatile-XXXXXX", &template); + if (r < 0) + return log_error_errno(r, "Failed to create temporary directory: %m"); options = "mode=0755" TMPFS_LIMITS_ROOTFS; r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); @@ -1182,13 +1180,12 @@ fail: if (tmpfs_mounted) (void) umount_verbose(LOG_ERR, template, UMOUNT_NOFOLLOW); - (void) rmdir(template); return r; } static int setup_volatile_overlay(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) { _cleanup_free_ char *buf = NULL, *escaped_directory = NULL, *escaped_upper = NULL, *escaped_work = NULL; - char template[] = "/tmp/nspawn-volatile-XXXXXX"; + _cleanup_(rmdir_and_freep) char *template = NULL; const char *upper, *work, *options; bool tmpfs_mounted = false; int r; @@ -1197,8 +1194,9 @@ static int setup_volatile_overlay(const char *directory, uid_t uid_shift, const /* --volatile=overlay means we mount an overlayfs to the root dir. */ - if (!mkdtemp(template)) - return log_error_errno(errno, "Failed to create temporary directory: %m"); + r = mkdtemp_malloc("/tmp/nspawn-volatile-XXXXXX", &template); + if (r < 0) + return log_error_errno(r, "Failed to create temporary directory: %m"); options = "mode=0755" TMPFS_LIMITS_ROOTFS; r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); @@ -1243,7 +1241,6 @@ finish: if (tmpfs_mounted) (void) umount_verbose(LOG_ERR, template, UMOUNT_NOFOLLOW); - (void) rmdir(template); return r; } @@ -1322,8 +1319,7 @@ int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s int setup_pivot_root(const char *directory, const char *pivot_root_new, const char *pivot_root_old) { _cleanup_free_ char *directory_pivot_root_new = NULL; _cleanup_free_ char *pivot_tmp_pivot_root_old = NULL; - char pivot_tmp[] = "/tmp/nspawn-pivot-XXXXXX"; - bool remove_pivot_tmp = false; + _cleanup_(rmdir_and_freep) char *pivot_tmp = NULL; int r; assert(directory); @@ -1364,43 +1360,33 @@ int setup_pivot_root(const char *directory, const char *pivot_root_new, const ch /* Remount directory_pivot_root_new to make it movable. */ r = mount_nofollow_verbose(LOG_ERR, directory_pivot_root_new, directory_pivot_root_new, NULL, MS_BIND, NULL); if (r < 0) - goto done; + return r; if (pivot_root_old) { - if (!mkdtemp(pivot_tmp)) { - r = log_error_errno(errno, "Failed to create temporary directory: %m"); - goto done; - } + r = mkdtemp_malloc("/tmp/nspawn-pivot-XXXXXX", &pivot_tmp); + if (r < 0) + return log_error_errno(r, "Failed to create temporary directory: %m"); - remove_pivot_tmp = true; pivot_tmp_pivot_root_old = path_join(pivot_tmp, pivot_root_old); - if (!pivot_tmp_pivot_root_old) { - r = log_oom(); - goto done; - } + if (!pivot_tmp_pivot_root_old) + return log_oom(); r = mount_nofollow_verbose(LOG_ERR, directory_pivot_root_new, pivot_tmp, NULL, MS_MOVE, NULL); if (r < 0) - goto done; + return r; r = mount_nofollow_verbose(LOG_ERR, directory, pivot_tmp_pivot_root_old, NULL, MS_MOVE, NULL); if (r < 0) - goto done; + return r; r = mount_nofollow_verbose(LOG_ERR, pivot_tmp, directory, NULL, MS_MOVE, NULL); - if (r < 0) - goto done; - } else { + } else r = mount_nofollow_verbose(LOG_ERR, directory_pivot_root_new, directory, NULL, MS_MOVE, NULL); - if (r < 0) - goto done; - } -done: - if (remove_pivot_tmp) - (void) rmdir(pivot_tmp); + if (r < 0) + return r; - return r; + return 0; } #define NSPAWN_PRIVATE_FULLY_VISIBLE_PROCFS "/run/host/proc" |