diff options
author | Lennart Poettering <lennart@poettering.net> | 2018-03-23 20:39:32 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2018-05-24 17:01:57 +0200 |
commit | 03bcb6d408be7308088a7233dfe864538cf055b0 (patch) | |
tree | 3ba2b01de65dbcc79679ebe67fad8f3d25ddf12b /src/shared/dissect-image.c | |
parent | 4960ce43ff8c42a8c92219d88cbcdb82ae7a1ec0 (diff) | |
download | systemd-03bcb6d408be7308088a7233dfe864538cf055b0.tar.gz systemd-03bcb6d408be7308088a7233dfe864538cf055b0.tar.bz2 systemd-03bcb6d408be7308088a7233dfe864538cf055b0.zip |
dissect: optionally, validate that the image we dissect is a valid OS image
We already do this kind of validation in nspawn when we operate on a
plain directory, let's also do this on raw images under the same
condition: that we are about too boot the image. Also, do this when we
are about to read OS metadata from it.
Diffstat (limited to 'src/shared/dissect-image.c')
-rw-r--r-- | src/shared/dissect-image.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 14e905b2d9..f63c2a0c63 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -779,6 +779,14 @@ int dissected_image_mount(DissectedImage *m, const char *where, uid_t uid_shift, r = mount_partition(m->partitions + PARTITION_ROOT, where, NULL, uid_shift, flags); if (r < 0) return r; + + if (flags & DISSECT_IMAGE_VALIDATE_OS) { + r = path_is_os_tree(where); + if (r < 0) + return r; + if (r == 0) + return -EMEDIUMTYPE; + } } if ((flags & DISSECT_IMAGE_MOUNT_ROOT_ONLY)) @@ -1278,7 +1286,7 @@ int dissected_image_acquire_metadata(DissectedImage *m) { if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) _exit(EXIT_FAILURE); - r = dissected_image_mount(m, t, UID_INVALID, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_MOUNT_ROOT_ONLY); + r = dissected_image_mount(m, t, UID_INVALID, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_MOUNT_ROOT_ONLY|DISSECT_IMAGE_VALIDATE_OS); if (r < 0) { log_debug_errno(r, "Failed to mount dissected image: %m"); _exit(EXIT_FAILURE); |