core: add support for vpick for ExtensionImages=

2024-07-21 18:24:38 +00:00 · 2024-02-16 21:45:42 +00:00 · 2024-02-16 21:45:42 +00:00 · 5e79dd96a8
parent 7fa428cf44
commit 5e79dd96a8
3 changed files with 31 additions and 1 deletions
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@ -551,6 +551,8 @@
        <varname>PrivateDevices=</varname> below, as it may change the setting of
        <varname>DevicePolicy=</varname>.</para>

+        <xi:include href="vpick.xml" xpointer="image"/>
+
        <xi:include href="system-only.xml" xpointer="singular"/>

        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -47,6 +47,7 @@
 #include "tmpfile-util.h"
 #include "umask-util.h"
 #include "user-util.h"
+#include "vpick.h"

 #define DEV_MOUNT_OPTIONS (MS_NOSUID|MS_STRICTATIME|MS_NOEXEC)

@ -500,9 +501,24 @@ static int append_extensions(
        /* First, prepare a mount for each image, but these won't be visible to the unit, instead
         * they will be mounted in our propagate directory, and used as a source for the overlay. */
        for (size_t i = 0; i < n; i++) {
+                _cleanup_(pick_result_done) PickResult result = PICK_RESULT_NULL;
                _cleanup_free_ char *mount_point = NULL;
                const MountImage *m = mount_images + i;

+                r = path_pick(/* toplevel_path= */ NULL,
+                              /* toplevel_fd= */ AT_FDCWD,
+                              m->source,
+                              &pick_filter_image_raw,
+                              PICK_ARCHITECTURE|PICK_TRIES,
+                              &result);
+                if (r < 0)
+                        return r;
+                if (!result.path)
+                        return log_debug_errno(
+                                        SYNTHETIC_ERRNO(ENOENT),
+                                        "No matching entry in .v/ directory %s found.",
+                                        m->source);
+
                if (asprintf(&mount_point, "%s/%zu", extension_dir, i) < 0)
                        return -ENOMEM;

@ -524,7 +540,7 @@ static int append_extensions(
                        .path_malloc = TAKE_PTR(mount_point),
                        .image_options_const = m->mount_options,
                        .ignore = m->ignore_enoent,
-                        .source_const = m->source,
+                        .source_malloc = TAKE_PTR(result.path),
                        .mode = MOUNT_EXTENSION_IMAGE,
                        .has_prefix = true,
                };
--- a/test/units/testsuite-50.sh
+++ b/test/units/testsuite-50.sh
@ -435,6 +435,18 @@ EOF
 systemctl start testservice-50e.service
 systemctl is-active testservice-50e.service

+# Check vpick support in ExtensionImages=
+VBASE="vtest$RANDOM"
+VDIR="/tmp/${VBASE}.v"
+mkdir "$VDIR"
+
+ln -s /usr/share/app0.raw "$VDIR/${VBASE}_0.raw"
+ln -s /usr/share/app1.raw "$VDIR/${VBASE}_1.raw"
+
+systemd-run -P -p ExtensionImages="$VDIR" bash -c '/opt/script1.sh | grep ID'
+
+rm -rf "$VDIR"
+
 # ExtensionDirectories will set up an overlay
 mkdir -p "${image_dir}/app0" "${image_dir}/app1" "${image_dir}/app-nodistro" "${image_dir}/service-scoped-test"
 (! systemd-run -P --property ExtensionDirectories="${image_dir}/nonexistent" --property RootImage="${image}.raw" cat /opt/script0.sh)