mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-23 10:13:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

machine: introduce io.systemd.MachineImage.{Clone, Remove} methods (#34853)

Browse Source 
This PR introduces io.systemd.MachineImage.Clone and Remove methods.
They are 1:1 mapping to DBus alternatives.
This commit is contained in:
Luca Boccassi 2024-11-02 12:06:23 +00:00 committed by GitHub
commit 89099136d7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 228 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/machine/image-dbus.c
View File

@ -67,14 +67,8 @@ int bus_image_method_remove(
return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
if (r == 0) {
errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
r = image_remove(image);
if (r < 0) {
(void) write(errno_pipe_fd[1], &r, sizeof(r));
_exit(EXIT_FAILURE);
}
_exit(EXIT_SUCCESS);
report_errno_and_exit(errno_pipe_fd[1], r);
}
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
@ -184,14 +178,8 @@ int bus_image_method_clone(
return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
if (r == 0) {
errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
r = image_clone(image, new_name, read_only);
if (r < 0) {
(void) write(errno_pipe_fd[1], &r, sizeof(r));
_exit(EXIT_FAILURE);
}
_exit(EXIT_SUCCESS);
report_errno_and_exit(errno_pipe_fd[1], r);
}
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);

180
src/machine/image-varlink.c
View File

@ -4,32 +4,36 @@
#include "sd-varlink.h"
#include "bus-polkit.h"
#include "fd-util.h"
#include "image-varlink.h"
#include "machine.h"
#include "string-util.h"
int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
struct params {
const char *image_name;
const char *new_name;
int read_only;
uint64_t limit;
};
typedef struct ImageUpdateParameters {
const char *name;
const char *new_name;
int read_only;
uint64_t limit;
} ImageUpdateParameters;
#define IMAGE_UPDATE_PARAMETERS_NULL \
(ImageUpdateParameters) { \
.read_only = -1, \
.limit = UINT64_MAX, \
}
int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
static const sd_json_dispatch_field dispatch_table[] = {
{ "name", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct params, image_name), SD_JSON_MANDATORY },
{ "newName", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct params, new_name), 0 },
{ "readOnly", SD_JSON_VARIANT_BOOLEAN, sd_json_dispatch_tristate, offsetof(struct params, read_only), 0 },
{ "limit", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_uint64, offsetof(struct params, limit), 0 },
{ "name", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(ImageUpdateParameters, name), SD_JSON_MANDATORY },
{ "newName", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(ImageUpdateParameters, new_name), 0 },
{ "readOnly", SD_JSON_VARIANT_BOOLEAN, sd_json_dispatch_tristate, offsetof(ImageUpdateParameters, read_only), 0 },
{ "limit", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_uint64, offsetof(ImageUpdateParameters, limit), 0 },
VARLINK_DISPATCH_POLKIT_FIELD,
{}
};
Manager *manager = ASSERT_PTR(userdata);
struct params p = {
.read_only = -1,
.limit = UINT64_MAX,
};
ImageUpdateParameters p = IMAGE_UPDATE_PARAMETERS_NULL;
Image *image;
int r, ret = 0;
@ -40,13 +44,13 @@ int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_var
if (r != 0)
return r;
if (!image_name_is_valid(p.image_name))
if (!image_name_is_valid(p.name))
return sd_varlink_error_invalid_parameter_name(link, "name");
if (p.new_name && !image_name_is_valid(p.new_name))
return sd_varlink_error_invalid_parameter_name(link, "newName");
r = manager_acquire_image(manager, p.image_name, &image);
r = manager_acquire_image(manager, p.name, &image);
if (r == -ENOENT)
return sd_varlink_error(link, "io.systemd.MachineImage.NoSuchImage", NULL);
if (r < 0)
@ -57,7 +61,7 @@ int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_var
manager->bus,
"org.freedesktop.machine1.manage-images",
(const char**) STRV_MAKE("image", image->name,
"verb", "update_image"),
"verb", "update"),
&manager->polkit_registry);
if (r <= 0)
return r;
@ -86,3 +90,143 @@ int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_var
return sd_varlink_reply(link, NULL);
}
int vl_method_clone_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
static const sd_json_dispatch_field dispatch_table[] = {
{ "name", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(ImageUpdateParameters, name), SD_JSON_MANDATORY },
{ "newName", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(ImageUpdateParameters, new_name), SD_JSON_MANDATORY },
{ "readOnly", SD_JSON_VARIANT_BOOLEAN, sd_json_dispatch_tristate, offsetof(ImageUpdateParameters, read_only), 0 },
VARLINK_DISPATCH_POLKIT_FIELD,
{}
};
Manager *manager = ASSERT_PTR(userdata);
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
ImageUpdateParameters p = IMAGE_UPDATE_PARAMETERS_NULL;
Image *image;
pid_t child;
int r;
assert(link);
assert(parameters);
if (manager->n_operations >= OPERATIONS_MAX)
return sd_varlink_error(link, "io.systemd.MachineImage.TooManyOperations", NULL);
r = sd_varlink_dispatch(link, parameters, dispatch_table, &p);
if (r != 0)
return r;
if (!image_name_is_valid(p.name))
return sd_varlink_error_invalid_parameter_name(link, "name");
if (!image_name_is_valid(p.new_name))
return sd_varlink_error_invalid_parameter_name(link, "newName");
r = manager_acquire_image(manager, p.name, &image);
if (r == -ENOENT)
return sd_varlink_error(link, "io.systemd.MachineImage.NoSuchImage", NULL);
if (r < 0)
return r;
r = varlink_verify_polkit_async(
link,
manager->bus,
"org.freedesktop.machine1.manage-images",
(const char**) STRV_MAKE("image", image->name,
"verb", "clone",
"new_name", p.new_name),
&manager->polkit_registry);
if (r <= 0)
return r;
if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
return log_debug_errno(errno, "Failed to open pipe: %m");
r = safe_fork("(sd-imgclone)", FORK_RESET_SIGNALS, &child);
if (r < 0)
return log_debug_errno(r, "Failed to fork: %m");
if (r == 0) {
errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
r = image_clone(image, p.new_name, p.read_only > 0);
report_errno_and_exit(errno_pipe_fd[1], r);
}
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
r = operation_new_with_varlink_reply(manager, /* machine= */ NULL, child, link, errno_pipe_fd[0], /* ret= */ NULL);
if (r < 0) {
sigkill_wait(child);
return r;
}
TAKE_FD(errno_pipe_fd[0]);
return 1;
}
int vl_method_remove_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
static const sd_json_dispatch_field dispatch_table[] = {
{ "name", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, 0, SD_JSON_MANDATORY },
VARLINK_DISPATCH_POLKIT_FIELD,
{}
};
Manager *manager = ASSERT_PTR(userdata);
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
const char *image_name;
Image *image;
pid_t child;
int r;
assert(link);
assert(parameters);
if (manager->n_operations >= OPERATIONS_MAX)
return sd_varlink_error(link, "io.systemd.MachineImage.TooManyOperations", NULL);
r = sd_varlink_dispatch(link, parameters, dispatch_table, &image_name);
if (r != 0)
return r;
if (!image_name_is_valid(image_name))
return sd_varlink_error_invalid_parameter_name(link, "name");
r = manager_acquire_image(manager, image_name, &image);
if (r == -ENOENT)
return sd_varlink_error(link, "io.systemd.MachineImage.NoSuchImage", NULL);
if (r < 0)
return r;
r = varlink_verify_polkit_async(
link,
manager->bus,
"org.freedesktop.machine1.manage-images",
(const char**) STRV_MAKE("image", image->name,
"verb", "remove"),
&manager->polkit_registry);
if (r <= 0)
return r;
if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
return log_debug_errno(errno, "Failed to open pipe: %m");
r = safe_fork("(sd-imgrm)", FORK_RESET_SIGNALS, &child);
if (r < 0)
return log_debug_errno(r, "Failed to fork: %m");
if (r == 0) {
errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
r = image_remove(image);
report_errno_and_exit(errno_pipe_fd[1], r);
}
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
r = operation_new_with_varlink_reply(manager, /* machine= */ NULL, child, link, errno_pipe_fd[0], /* ret= */ NULL);
if (r < 0) {
sigkill_wait(child);
return r;
}
TAKE_FD(errno_pipe_fd[0]);
return 1;
}

2
src/machine/image-varlink.h
View File

@ -4,3 +4,5 @@
#include "sd-varlink.h"
int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);
int vl_method_clone_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);
int vl_method_remove_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);

4
src/machine/machined-varlink.c
View File

@ -774,7 +774,9 @@ static int manager_varlink_init_machine(Manager *m) {
"io.systemd.Machine.Terminate", vl_method_terminate,
"io.systemd.Machine.Kill", vl_method_kill,
"io.systemd.MachineImage.List", vl_method_list_images,
"io.systemd.MachineImage.Update", vl_method_update_image);
"io.systemd.MachineImage.Update", vl_method_update_image,
"io.systemd.MachineImage.Clone", vl_method_clone_image,
"io.systemd.MachineImage.Remove", vl_method_remove_image);
if (r < 0)
return log_error_errno(r, "Failed to register varlink methods: %m");

15
src/machine/operation.c
View File

@ -154,3 +154,18 @@ Operation *operation_free(Operation *o) {
return mfree(o);
}
_noreturn_ void report_errno_and_exit(int errno_fd, int r) {
if (r >= 0)
_exit(EXIT_SUCCESS);
assert(errno_fd >= 0);
ssize_t n = write(errno_fd, &r, sizeof(r));
if (n < 0)
log_debug_errno(errno, "Failed to write operation's errno: %m");
if (n != sizeof(r))
log_debug_errno(SYNTHETIC_ERRNO(EIO), "Sent unexpectedly short message");
_exit(EXIT_FAILURE);
}

2
src/machine/operation.h
View File

@ -39,3 +39,5 @@ static inline int operation_new_with_bus_reply(Manager *manager, Machine *machin
static inline int operation_new_with_varlink_reply(Manager *manager, Machine *machine, pid_t child, sd_varlink *link, int errno_fd, Operation **ret) {
return operation_new(manager, machine, child, /* message = */ NULL, link, errno_fd, ret);
}
void report_errno_and_exit(int errno_fd, int r);

32
src/shared/varlink-io.systemd.MachineImage.c
View File

@ -53,19 +53,35 @@ static SD_VARLINK_DEFINE_METHOD_FULL(
SD_VARLINK_FIELD_COMMENT("OS release information of an image. It contains an array of key value pairs read from the os-release(5) file in the image."),
SD_VARLINK_DEFINE_OUTPUT(OSRelease, SD_VARLINK_STRING, SD_VARLINK_NULLABLE|SD_VARLINK_ARRAY));
#define VARLINK_DEFINE_IMAGE_LOOKUP_AND_POLKIT_FIELDS \
SD_VARLINK_FIELD_COMMENT("The name of an image"), \
SD_VARLINK_DEFINE_INPUT(name, SD_VARLINK_STRING, 0), \
VARLINK_DEFINE_POLKIT_INPUT
static SD_VARLINK_DEFINE_METHOD(
Update,
SD_VARLINK_FIELD_COMMENT("The name of a image to update."),
SD_VARLINK_DEFINE_INPUT(name, SD_VARLINK_STRING, 0),
VARLINK_DEFINE_IMAGE_LOOKUP_AND_POLKIT_FIELDS,
SD_VARLINK_FIELD_COMMENT("If non-null the new name of the image"),
SD_VARLINK_DEFINE_INPUT(newName, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("If non-null value of the read-only flag of the image"),
SD_VARLINK_DEFINE_INPUT(readOnly, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("If non-null value of image quota limit"),
SD_VARLINK_DEFINE_INPUT(limit, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
VARLINK_DEFINE_POLKIT_INPUT);
SD_VARLINK_DEFINE_INPUT(limit, SD_VARLINK_INT, SD_VARLINK_NULLABLE));
static SD_VARLINK_DEFINE_METHOD(
Clone,
VARLINK_DEFINE_IMAGE_LOOKUP_AND_POLKIT_FIELDS,
SD_VARLINK_FIELD_COMMENT("The new name of the image"),
SD_VARLINK_DEFINE_INPUT(newName, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("If non-null value of the read-only flag of the image"),
SD_VARLINK_DEFINE_INPUT(readOnly, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE));
static SD_VARLINK_DEFINE_METHOD(
Remove,
VARLINK_DEFINE_IMAGE_LOOKUP_AND_POLKIT_FIELDS);
static SD_VARLINK_DEFINE_ERROR(NoSuchImage);
static SD_VARLINK_DEFINE_ERROR(TooManyOperations);
SD_VARLINK_DEFINE_INTERFACE(
io_systemd_MachineImage,
@ -76,5 +92,11 @@ SD_VARLINK_DEFINE_INTERFACE(
&vl_method_List,
SD_VARLINK_SYMBOL_COMMENT("Update image allowing to rename or toggle read-only flag"),
&vl_method_Update,
SD_VARLINK_SYMBOL_COMMENT("Clone image"),
&vl_method_Clone,
SD_VARLINK_SYMBOL_COMMENT("Remove image"),
&vl_method_Remove,
SD_VARLINK_SYMBOL_COMMENT("No matching image exists"),
&vl_error_NoSuchImage);
&vl_error_NoSuchImage,
SD_VARLINK_SYMBOL_COMMENT("Too many ongoing background operations"),
&vl_error_TooManyOperations);

21
test/units/TEST-13-NSPAWN.machined.sh
View File

@ -360,12 +360,12 @@ timeout 10 bash -c "while machinectl status long-running &>/dev/null; do sleep .
systemctl kill --signal=KILL systemd-nspawn@long-running.service || :
(ip addr show lo | grep -q 192.168.1.100) || ip address add 192.168.1.100/24 dev lo
(! varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host"}' | grep 'addresses')
varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host", "acquireMetadata": "yes"}' | grep 'addresses'
(! varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host"}' | grep 'OSRelease')
varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host", "acquireMetadata": "yes"}' | grep 'OSRelease'
(! varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host"}' | grep 'acquireUIDShift')
varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host", "acquireMetadata": "yes"}' | grep 'UIDShift'
(! varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host"}' | grep 'addresses')
varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host", "acquireMetadata": "yes"}' | grep 'addresses'
(! varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host"}' | grep 'OSRelease')
varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host", "acquireMetadata": "yes"}' | grep 'OSRelease'
(! varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host"}' | grep 'acquireUIDShift')
varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host", "acquireMetadata": "yes"}' | grep 'UIDShift'
# test io.systemd.MachineImage.List
varlinkctl --more call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{}' | grep 'long-running'
@ -381,3 +381,12 @@ varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineI
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.Update '{"name":"long-running-renamed", "newName": "long-running", "readOnly": false}'
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running"}'
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running"}' | jq '.readOnly' | grep 'false'
# test io.systemd.MachineImage.Clone
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.Clone '{"name":"long-running", "newName": "long-running-cloned", "readOnly": true}'
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running-cloned"}'
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running-cloned"}' | jq '.readOnly' | grep 'true'
# test io.systemd.MachineImage.Remove
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.Remove '{"name":"long-running-cloned"}'
(! varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running-cloned"}')