-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
several fixes for os image handling #32907
Conversation
src/shared/discover-image.c
Outdated
return -EOPNOTSUPP; | ||
|
||
if (fd < 0) { | ||
fd = open(i->path, O_CLOEXEC|O_NOCTTY|O_DIRECTORY); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
O_NOCTTY seems unnecessary when O_DIRECTORY is specified?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
O_NOCTTY is actually not necessary, but also used in image_make()
. Let's keep the flag at least now for consistency.
return -EROFS; | ||
|
||
if (i->type != IMAGE_SUBVOLUME) | ||
return -EOPNOTSUPP; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(We usually return -ENOTTY for inappropriate fstype and such?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, in discover-image.c EOPNOTSUPP is used consistently, hence please ignore.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah. Let's fix that later consistently in another PR if necessary.
1c233f2
to
10adb30
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just some nits
@YHNdnzj Thank you for the review.
Upgrading the green label. |
@@ -132,13 +132,11 @@ machinectl show-image clone1 | |||
machinectl rename clone1 clone2 | |||
(! machinectl show-image clone1) | |||
machinectl show-image clone2 | |||
if lsattr -d /var/lib/machines >/dev/null; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was added explicitly to avoid this error:
So please drop this commit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no idea why calling lsattr prevents such error. But OK, the change is dropped now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test mounts tmpfs
on /var/log/machines
to not pollute the base image, and on older kernels you can't do chattr()
on tmpfs
, so lsattr
is used here to check if it's supported:
# lsattr -d /tmp/foo/
lsattr: Inappropriate ioctl for device While reading flags on /tmp/foo/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would probably be good to have that as a comment in the script
Otherwise, ReadOnly DBus property in org.freedesktop.machine1.Image or org.freedesktop.portable1.Image will not be updated by MarkReadOnly DBus method.
Same as the previous commit, but for SetLimit DBus method vs Limit property and friends.
Preparation for the next commit. No functional change.
…he main interface is called Previously, Image objects were only cached when reading properties or methods in the org.freedesktop.machine1.Image interface are called. This makes that, when a method in the main interface (org.freedesktop.machine1) for an image is called, also acquire the Image object from the cache, and if not cached, create Image object and put into the cache, like we do for org.freedesktop.machine1.Image. Otherwise, if some properties of an image are updated by methods in the main interface, e.g. MarkImageReadOnly(), the changes do not applied to the cached Image object, and subsequent read of proerties through the interface for the image, e.g. ReadOnly property, may provide outdated values. Follow-up for 1ddb263. Fixes systemd#32888.
Fixes a bug introduced by 1ddb263. Note, this requires the previous two commits, and cannot backport without them. Note, before the previous commit, the use-after-free could be triggered only by Rename() DBus method, and could not by RenameImage(), as we did not cache Image object when RenameImage() method is called. And machinectl always uses RenameImage(). Hence, the issue could be triggered only when Rename() DBus method is explicitly called by e.g. busctl. With the previous commit, the Image object passed to the function is always cached. Hence, the issue could be triggered even with machinectl command, and this fix is important.
Addresses: systemd/systemd#32907 (comment) (cherry picked from commit d3c14f7)
Addresses: systemd/systemd#32907 (comment) (cherry picked from commit d3c14f7)
Addresses: systemd/systemd#32907 (comment) (cherry picked from commit d3c14f7)
Addresses: systemd/systemd#32907 (comment) (cherry picked from commit d3c14f7) (cherry picked from commit 71ac20d)
Addresses: systemd/systemd#32907 (comment) (cherry picked from commit d3c14f7) (cherry picked from commit 71ac20d)
Addresses: systemd/systemd#32907 (comment) (cherry picked from commit d3c14f7) (cherry picked from commit 71ac20d)
Addresses: systemd/systemd#32907 (comment) (cherry picked from commit d3c14f7) (cherry picked from commit 71ac20d)
Fixes #32888.