X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fnspawn%2Fnspawn.c;h=0466ddbff3ebae0f1b0569da607f8adbf93d27e9;hp=3a8450ed7bc4d2f340c7e269cd2e4de58e7a98e2;hb=2822da4fb7f891e5320f02f1d00f64b72221ced4;hpb=f647962d64e844689f3e2acfce6102fc47e76df2 diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 3a8450ed7..0466ddbff 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -90,6 +90,7 @@ #include "base-filesystem.h" #include "barrier.h" #include "event-util.h" +#include "cap-list.h" #ifdef HAVE_SECCOMP #include "seccomp-util.h" @@ -302,7 +303,7 @@ static int parse_argv(int argc, char *argv[]) { free(arg_directory); arg_directory = canonicalize_file_name(optarg); if (!arg_directory) { - log_error("Invalid root directory: %m"); + log_error_errno(errno, "Invalid root directory: %m"); return -ENOMEM; } @@ -401,7 +402,6 @@ static int parse_argv(int argc, char *argv[]) { FOREACH_WORD_SEPARATOR(word, length, optarg, ",", state) { _cleanup_free_ char *t; - cap_value_t cap; t = strndup(word, length); if (!t) @@ -413,7 +413,10 @@ static int parse_argv(int argc, char *argv[]) { else minus = (uint64_t) -1; } else { - if (cap_from_name(t, &cap) < 0) { + int cap; + + cap = capability_from_name(t); + if (cap < 0) { log_error("Failed to parse capability %s.", t); return -EINVAL; } @@ -718,12 +721,12 @@ static int mount_all(const char *dest) { o) < 0) { if (mount_table[k].fatal) { - log_error("mount(%s) failed: %m", where); + log_error_errno(errno, "mount(%s) failed: %m", where); if (r == 0) r = -errno; } else - log_warning("mount(%s) failed: %m", where); + log_warning_errno(errno, "mount(%s) failed: %m", where); } } @@ -738,10 +741,8 @@ static int mount_binds(const char *dest, char **l, bool ro) { struct stat source_st, dest_st; int r; - if (stat(*x, &source_st) < 0) { - log_error("Failed to stat %s: %m", *x); - return -errno; - } + if (stat(*x, &source_st) < 0) + return log_error_errno(errno, "Failed to stat %s: %m", *x); where = strappend(dest, *y); if (!where) @@ -758,7 +759,7 @@ static int mount_binds(const char *dest, char **l, bool ro) { if (r < 0) return log_error_errno(r, "Failed to bind mount %s: %m", *x); } else { - log_error("Failed to bind mount %s: %m", *x); + log_error_errno(errno, "Failed to bind mount %s: %m", *x); return -errno; } @@ -770,18 +771,12 @@ static int mount_binds(const char *dest, char **l, bool ro) { return log_error_errno(r, "Failed to create mount point %s: %m", where); } else if (S_ISFIFO(source_st.st_mode)) { r = mkfifo(where, 0644); - if (r < 0 && errno != EEXIST) { - log_error("Failed to create mount point %s: %m", where); - - return -errno; - } + if (r < 0 && errno != EEXIST) + return log_error_errno(errno, "Failed to create mount point %s: %m", where); } else if (S_ISSOCK(source_st.st_mode)) { r = mknod(where, 0644 | S_IFSOCK, 0); - if (r < 0 && errno != EEXIST) { - log_error("Failed to create mount point %s: %m", where); - - return -errno; - } + if (r < 0 && errno != EEXIST) + return log_error_errno(errno, "Failed to create mount point %s: %m", where); } else if (S_ISREG(source_st.st_mode)) { r = touch(where); if (r < 0) @@ -791,10 +786,8 @@ static int mount_binds(const char *dest, char **l, bool ro) { return -ENOTSUP; } - if (mount(*x, where, "bind", MS_BIND, NULL) < 0) { - log_error("mount(%s) failed: %m", where); - return -errno; - } + if (mount(*x, where, "bind", MS_BIND, NULL) < 0) + return log_error_errno(errno, "mount(%s) failed: %m", where); if (ro) { r = bind_remount_recursive(where, true); @@ -818,13 +811,11 @@ static int mount_tmpfs(const char *dest) { return log_oom(); r = mkdir_label(where, 0755); - if (r < 0 && errno != EEXIST) - return log_error_errno(r, "creating mount point for tmpfs %s failed: %m", where); + if (r < 0 && r != -EEXIST) + return log_error_errno(r, "Creating mount point for tmpfs %s failed: %m", where); - if (mount("tmpfs", where, "tmpfs", MS_NODEV|MS_STRICTATIME, *o) < 0) { - log_error("tmpfs mount to %s failed: %m", where); - return -errno; - } + if (mount("tmpfs", where, "tmpfs", MS_NODEV|MS_STRICTATIME, *o) < 0) + return log_error_errno(errno, "tmpfs mount to %s failed: %m", where); } return 0; @@ -889,13 +880,13 @@ static int setup_timezone(const char *dest) { r = unlink(where); if (r < 0 && errno != ENOENT) { - log_error("Failed to remove existing timezone info %s in container: %m", where); + log_error_errno(errno, "Failed to remove existing timezone info %s in container: %m", where); return 0; } if (symlink(what, where) < 0) { - log_error("Failed to correct timezone of container: %m"); + log_error_errno(errno, "Failed to correct timezone of container: %m"); return 0; } @@ -953,15 +944,11 @@ static int setup_volatile_state(const char *directory) { p = strappenda(directory, "/var"); r = mkdir(p, 0755); - if (r < 0 && errno != EEXIST) { - log_error("Failed to create %s: %m", directory); - return -errno; - } + if (r < 0 && errno != EEXIST) + return log_error_errno(errno, "Failed to create %s: %m", directory); - if (mount("tmpfs", p, "tmpfs", MS_STRICTATIME, "mode=755") < 0) { - log_error("Failed to mount tmpfs to /var: %m"); - return -errno; - } + if (mount("tmpfs", p, "tmpfs", MS_STRICTATIME, "mode=755") < 0) + return log_error_errno(errno, "Failed to mount tmpfs to /var: %m"); return 0; } @@ -980,13 +967,11 @@ static int setup_volatile(const char *directory) { /* --volatile=yes means we mount a tmpfs to the root dir, and the original /usr to use inside it, and that read-only. */ - if (!mkdtemp(template)) { - log_error("Failed to create temporary directory: %m"); - return -errno; - } + if (!mkdtemp(template)) + return log_error_errno(errno, "Failed to create temporary directory: %m"); if (mount("tmpfs", template, "tmpfs", MS_STRICTATIME, "mode=755") < 0) { - log_error("Failed to mount tmpfs for root directory: %m"); + log_error_errno(errno, "Failed to mount tmpfs for root directory: %m"); r = -errno; goto fail; } @@ -998,13 +983,13 @@ static int setup_volatile(const char *directory) { r = mkdir(t, 0755); if (r < 0 && errno != EEXIST) { - log_error("Failed to create %s: %m", t); + log_error_errno(errno, "Failed to create %s: %m", t); r = -errno; goto fail; } if (mount(f, t, "bind", MS_BIND|MS_REC, NULL) < 0) { - log_error("Failed to create /usr bind mount: %m"); + log_error_errno(errno, "Failed to create /usr bind mount: %m"); r = -errno; goto fail; } @@ -1018,7 +1003,7 @@ static int setup_volatile(const char *directory) { } if (mount(template, directory, NULL, MS_MOVE, NULL) < 0) { - log_error("Failed to move root mount: %m"); + log_error_errno(errno, "Failed to move root mount: %m"); r = -errno; goto fail; } @@ -1075,10 +1060,10 @@ static int setup_boot_id(const char *dest) { return log_error_errno(r, "Failed to write boot id: %m"); if (mount(from, to, "bind", MS_BIND, NULL) < 0) { - log_error("Failed to bind mount boot id: %m"); + log_error_errno(errno, "Failed to bind mount boot id: %m"); r = -errno; } else if (mount(from, to, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL)) - log_warning("Failed to make boot id read-only: %m"); + log_warning_errno(errno, "Failed to make boot id read-only: %m"); unlink(from); return r; @@ -1114,10 +1099,8 @@ static int copy_devnodes(const char *dest) { if (stat(from, &st) < 0) { - if (errno != ENOENT) { - log_error("Failed to stat %s: %m", from); - return -errno; - } + if (errno != ENOENT) + return log_error_errno(errno, "Failed to stat %s: %m", from); } else if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode)) { @@ -1131,10 +1114,8 @@ static int copy_devnodes(const char *dest) { return -r; } - if (mknod(to, st.st_mode, st.st_rdev) < 0) { - log_error("mknod(%s) failed: %m", dest); - return -errno; - } + if (mknod(to, st.st_mode, st.st_rdev) < 0) + return log_error_errno(errno, "mknod(%s) failed: %m", dest); } } @@ -1148,10 +1129,8 @@ static int setup_ptmx(const char *dest) { if (!p) return log_oom(); - if (symlink("pts/ptmx", p) < 0) { - log_error("Failed to create /dev/ptmx symlink: %m"); - return -errno; - } + if (symlink("pts/ptmx", p) < 0) + return log_error_errno(errno, "Failed to create /dev/ptmx symlink: %m"); return 0; } @@ -1167,10 +1146,8 @@ static int setup_dev_console(const char *dest, const char *console) { u = umask(0000); - if (stat("/dev/null", &st) < 0) { - log_error("Failed to stat /dev/null: %m"); - return -errno; - } + if (stat("/dev/null", &st) < 0) + return log_error_errno(errno, "Failed to stat /dev/null: %m"); r = chmod_and_chown(console, 0600, 0, 0); if (r < 0) @@ -1185,15 +1162,11 @@ static int setup_dev_console(const char *dest, const char *console) { * matter here, since we mount it over anyway). */ to = strappenda(dest, "/dev/console"); - if (mknod(to, (st.st_mode & ~07777) | 0600, st.st_rdev) < 0) { - log_error("mknod() for /dev/console failed: %m"); - return -errno; - } + if (mknod(to, (st.st_mode & ~07777) | 0600, st.st_rdev) < 0) + return log_error_errno(errno, "mknod() for /dev/console failed: %m"); - if (mount(console, to, "bind", MS_BIND, NULL) < 0) { - log_error("Bind mount for /dev/console failed: %m"); - return -errno; - } + if (mount(console, to, "bind", MS_BIND, NULL) < 0) + return log_error_errno(errno, "Bind mount for /dev/console failed: %m"); return 0; } @@ -1228,25 +1201,19 @@ static int setup_kmsg(const char *dest, int kmsg_socket) { asprintf(&to, "%s/proc/kmsg", dest) < 0) return log_oom(); - if (mkfifo(from, 0600) < 0) { - log_error("mkfifo() for /dev/kmsg failed: %m"); - return -errno; - } + if (mkfifo(from, 0600) < 0) + return log_error_errno(errno, "mkfifo() for /dev/kmsg failed: %m"); r = chmod_and_chown(from, 0600, 0, 0); if (r < 0) return log_error_errno(r, "Failed to correct access mode for /dev/kmsg: %m"); - if (mount(from, to, "bind", MS_BIND, NULL) < 0) { - log_error("Bind mount for /proc/kmsg failed: %m"); - return -errno; - } + if (mount(from, to, "bind", MS_BIND, NULL) < 0) + return log_error_errno(errno, "Bind mount for /proc/kmsg failed: %m"); fd = open(from, O_RDWR|O_NDELAY|O_CLOEXEC); - if (fd < 0) { - log_error("Failed to open fifo: %m"); - return -errno; - } + if (fd < 0) + return log_error_errno(errno, "Failed to open fifo: %m"); cmsg = CMSG_FIRSTHDR(&mh); cmsg->cmsg_level = SOL_SOCKET; @@ -1261,10 +1228,8 @@ static int setup_kmsg(const char *dest, int kmsg_socket) { k = sendmsg(kmsg_socket, &mh, MSG_DONTWAIT|MSG_NOSIGNAL); safe_close(fd); - if (k < 0) { - log_error("Failed to send FIFO fd: %m"); - return -errno; - } + if (k < 0) + return log_error_errno(errno, "Failed to send FIFO fd: %m"); /* And now make the FIFO unavailable as /dev/kmsg... */ unlink(from); @@ -1355,14 +1320,12 @@ static int setup_journal(const char *directory) { r = mkdir_p(q, 0755); if (r < 0) - log_warning("Failed to create directory %s: %m", q); + log_warning_errno(errno, "Failed to create directory %s: %m", q); return 0; } - if (unlink(p) < 0) { - log_error("Failed to remove symlink %s: %m", p); - return -errno; - } + if (unlink(p) < 0) + return log_error_errno(errno, "Failed to remove symlink %s: %m", p); } else if (r == -EINVAL) { if (arg_link_journal == LINK_GUEST && @@ -1372,12 +1335,12 @@ static int setup_journal(const char *directory) { log_error("%s already exists and is neither a symlink nor a directory", p); return r; } else { - log_error("Failed to remove %s: %m", p); + log_error_errno(errno, "Failed to remove %s: %m", p); return -errno; } } } else if (r != -ENOENT) { - log_error("readlink(%s) failed: %m", p); + log_error_errno(errno, "readlink(%s) failed: %m", p); return r; } @@ -1385,17 +1348,17 @@ static int setup_journal(const char *directory) { if (symlink(q, p) < 0) { if (arg_link_journal_try) { - log_debug("Failed to symlink %s to %s, skipping journal setup: %m", q, p); + log_debug_errno(errno, "Failed to symlink %s to %s, skipping journal setup: %m", q, p); return 0; } else { - log_error("Failed to symlink %s to %s: %m", q, p); + log_error_errno(errno, "Failed to symlink %s to %s: %m", q, p); return -errno; } } r = mkdir_p(q, 0755); if (r < 0) - log_warning("Failed to create directory %s: %m", q); + log_warning_errno(errno, "Failed to create directory %s: %m", q); return 0; } @@ -1405,10 +1368,10 @@ static int setup_journal(const char *directory) { r = mkdir(p, 0755); if (r < 0) { if (arg_link_journal_try) { - log_debug("Failed to create %s, skipping journal setup: %m", p); + log_debug_errno(errno, "Failed to create %s, skipping journal setup: %m", p); return 0; } else { - log_error("Failed to create %s: %m", p); + log_error_errno(errno, "Failed to create %s: %m", p); return r; } } @@ -1421,14 +1384,12 @@ static int setup_journal(const char *directory) { r = mkdir_p(q, 0755); if (r < 0) { - log_error("Failed to create %s: %m", q); + log_error_errno(errno, "Failed to create %s: %m", q); return r; } - if (mount(p, q, "bind", MS_BIND, NULL) < 0) { - log_error("Failed to bind mount journal from host into guest: %m"); - return -errno; - } + if (mount(p, q, "bind", MS_BIND, NULL) < 0) + return log_error_errno(errno, "Failed to bind mount journal from host into guest: %m"); return 0; } @@ -1631,16 +1592,19 @@ static int reset_audit_loginuid(void) { #define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1) #define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2) +#define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f) -static int generate_mac(struct ether_addr *mac, sd_id128_t hash_key) { - int r; - +static int generate_mac(struct ether_addr *mac, sd_id128_t hash_key, uint64_t idx) { uint8_t result[8]; size_t l, sz; - uint8_t *v; + uint8_t *v, *i; + int r; l = strlen(arg_machine); sz = sizeof(sd_id128_t) + l; + if (idx > 0) + sz += sizeof(idx); + v = alloca(sz); /* fetch some persistent data unique to the host */ @@ -1650,7 +1614,11 @@ static int generate_mac(struct ether_addr *mac, sd_id128_t hash_key) { /* combine with some data unique (on this host) to this * container instance */ - memcpy(v + sizeof(sd_id128_t), arg_machine, l); + i = mempcpy(v + sizeof(sd_id128_t), arg_machine, l); + if (idx > 0) { + idx = htole64(idx); + memcpy(i, &idx, sizeof(idx)); + } /* Let's hash the host machine ID plus the container name. We * use a fixed, but originally randomly created hash key here. */ @@ -1683,17 +1651,13 @@ static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) { snprintf(iface_name, IFNAMSIZ - 1, "%s-%s", arg_network_bridge ? "vb" : "ve", arg_machine); - r = generate_mac(&mac_container, CONTAINER_HASH_KEY); - if (r < 0) { - log_error("Failed to generate predictable MAC address for container side"); - return r; - } + r = generate_mac(&mac_container, CONTAINER_HASH_KEY, 0); + if (r < 0) + return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m"); - r = generate_mac(&mac_host, HOST_HASH_KEY); - if (r < 0) { - log_error("Failed to generate predictable MAC address for host side"); - return r; - } + r = generate_mac(&mac_host, HOST_HASH_KEY, 0); + if (r < 0) + return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m"); r = sd_rtnl_open(&rtnl, 0); if (r < 0) @@ -1752,10 +1716,8 @@ static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) { return log_error_errno(r, "Failed to add new veth interfaces: %m"); i = (int) if_nametoindex(iface_name); - if (i <= 0) { - log_error("Failed to resolve interface %s: %m", iface_name); - return -errno; - } + if (i <= 0) + return log_error_errno(errno, "Failed to resolve interface %s: %m", iface_name); *ifi = i; @@ -1777,10 +1739,8 @@ static int setup_bridge(const char veth_name[], int *ifi) { return 0; bridge = (int) if_nametoindex(arg_network_bridge); - if (bridge <= 0) { - log_error("Failed to resolve interface %s: %m", arg_network_bridge); - return -errno; - } + if (bridge <= 0) + return log_error_errno(errno, "Failed to resolve interface %s: %m", arg_network_bridge); *ifi = bridge; @@ -1817,17 +1777,13 @@ static int parse_interface(struct udev *udev, const char *name) { int ifi; ifi = (int) if_nametoindex(name); - if (ifi <= 0) { - log_error("Failed to resolve interface %s: %m", name); - return -errno; - } + if (ifi <= 0) + return log_error_errno(errno, "Failed to resolve interface %s: %m", name); sprintf(ifi_str, "n%i", ifi); d = udev_device_new_from_device_id(udev, ifi_str); - if (!d) { - log_error("Failed to get udev device for interface %s: %m", name); - return -errno; - } + if (!d) + return log_error_errno(errno, "Failed to get udev device for interface %s: %m", name); if (udev_device_get_is_initialized(d) <= 0) { log_error("Network interface %s is not initialized yet.", name); @@ -1886,6 +1842,7 @@ static int move_network_interfaces(pid_t pid) { static int setup_macvlan(pid_t pid) { _cleanup_udev_unref_ struct udev *udev = NULL; _cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL; + unsigned idx = 0; char **i; int r; @@ -1908,12 +1865,17 @@ static int setup_macvlan(pid_t pid) { STRV_FOREACH(i, arg_network_macvlan) { _cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL; _cleanup_free_ char *n = NULL; + struct ether_addr mac; int ifi; ifi = parse_interface(udev, *i); if (ifi < 0) return ifi; + r = generate_mac(&mac, MACVLAN_HASH_KEY, idx++); + if (r < 0) + return log_error_errno(r, "Failed to create MACVLAN MAC address: %m"); + r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0); if (r < 0) return log_error_errno(r, "Failed to allocate netlink message: %m"); @@ -1932,6 +1894,10 @@ static int setup_macvlan(pid_t pid) { if (r < 0) return log_error_errno(r, "Failed to add netlink interface name: %m"); + r = sd_rtnl_message_append_ether_addr(m, IFLA_ADDRESS, &mac); + if (r < 0) + return log_error_errno(r, "Failed to add netlink MAC address: %m"); + r = sd_rtnl_message_append_u32(m, IFLA_NET_NS_PID, pid); if (r < 0) return log_error_errno(r, "Failed to add netlink namespace field: %m"); @@ -2057,15 +2023,11 @@ static int setup_image(char **device_path, int *loop_nr) { assert(loop_nr); fd = open(arg_image, O_CLOEXEC|(arg_read_only ? O_RDONLY : O_RDWR)|O_NONBLOCK|O_NOCTTY); - if (fd < 0) { - log_error("Failed to open %s: %m", arg_image); - return -errno; - } + if (fd < 0) + return log_error_errno(errno, "Failed to open %s: %m", arg_image); - if (fstat(fd, &st) < 0) { - log_error("Failed to stat %s: %m", arg_image); - return -errno; - } + if (fstat(fd, &st) < 0) + return log_error_errno(errno, "Failed to stat %s: %m", arg_image); if (S_ISBLK(st.st_mode)) { char *p; @@ -2085,43 +2047,33 @@ static int setup_image(char **device_path, int *loop_nr) { } if (!S_ISREG(st.st_mode)) { - log_error("%s is not a regular file or block device: %m", arg_image); + log_error_errno(errno, "%s is not a regular file or block device: %m", arg_image); return -EINVAL; } control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK); - if (control < 0) { - log_error("Failed to open /dev/loop-control: %m"); - return -errno; - } + if (control < 0) + return log_error_errno(errno, "Failed to open /dev/loop-control: %m"); nr = ioctl(control, LOOP_CTL_GET_FREE); - if (nr < 0) { - log_error("Failed to allocate loop device: %m"); - return -errno; - } + if (nr < 0) + return log_error_errno(errno, "Failed to allocate loop device: %m"); if (asprintf(&loopdev, "/dev/loop%i", nr) < 0) return log_oom(); loop = open(loopdev, O_CLOEXEC|(arg_read_only ? O_RDONLY : O_RDWR)|O_NONBLOCK|O_NOCTTY); - if (loop < 0) { - log_error("Failed to open loop device %s: %m", loopdev); - return -errno; - } + if (loop < 0) + return log_error_errno(errno, "Failed to open loop device %s: %m", loopdev); - if (ioctl(loop, LOOP_SET_FD, fd) < 0) { - log_error("Failed to set loopback file descriptor on %s: %m", loopdev); - return -errno; - } + if (ioctl(loop, LOOP_SET_FD, fd) < 0) + return log_error_errno(errno, "Failed to set loopback file descriptor on %s: %m", loopdev); if (arg_read_only) info.lo_flags |= LO_FLAGS_READ_ONLY; - if (ioctl(loop, LOOP_SET_STATUS64, &info) < 0) { - log_error("Failed to set loopback settings on %s: %m", loopdev); - return -errno; - } + if (ioctl(loop, LOOP_SET_STATUS64, &info) < 0) + return log_error_errno(errno, "Failed to set loopback settings on %s: %m", loopdev); *device_path = loopdev; loopdev = NULL; @@ -2142,7 +2094,14 @@ static int dissect_image( bool *secondary) { #ifdef HAVE_BLKID - int home_nr = -1, root_nr = -1, secondary_root_nr = -1, srv_nr = -1; + int home_nr = -1, srv_nr = -1; +#ifdef GPT_ROOT_NATIVE + int root_nr = -1; +#endif +#ifdef GPT_ROOT_SECONDARY + int secondary_root_nr = -1; +#endif + _cleanup_free_ char *home = NULL, *root = NULL, *secondary_root = NULL, *srv = NULL; _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL; _cleanup_udev_device_unref_ struct udev_device *d = NULL; @@ -2171,7 +2130,7 @@ static int dissect_image( if (errno == 0) return log_oom(); - log_error("Failed to set device on blkid probe: %m"); + log_error_errno(errno, "Failed to set device on blkid probe: %m"); return -errno; } @@ -2187,7 +2146,7 @@ static int dissect_image( } else if (r != 0) { if (errno == 0) errno = EIO; - log_error("Failed to probe: %m"); + log_error_errno(errno, "Failed to probe: %m"); return -errno; } @@ -2212,10 +2171,8 @@ static int dissect_image( if (!udev) return log_oom(); - if (fstat(fd, &st) < 0) { - log_error("Failed to stat block device: %m"); - return -errno; - } + if (fstat(fd, &st) < 0) + return log_error_errno(errno, "Failed to stat block device: %m"); d = udev_device_new_from_devnum(udev, 'b', st.st_rdev); if (!d) @@ -2249,7 +2206,7 @@ static int dissect_image( if (!errno) errno = ENOMEM; - log_error("Failed to get partition device of %s: %m", arg_image); + log_error_errno(errno, "Failed to get partition device of %s: %m", arg_image); return -errno; } @@ -2404,7 +2361,7 @@ static int mount_device(const char *what, const char *where, const char *directo if (!b) { if (errno == 0) return log_oom(); - log_error("Failed to allocate prober for %s: %m", what); + log_error_errno(errno, "Failed to allocate prober for %s: %m", what); return -errno; } @@ -2419,7 +2376,7 @@ static int mount_device(const char *what, const char *where, const char *directo } else if (r != 0) { if (errno == 0) errno = EIO; - log_error("Failed to probe %s: %m", what); + log_error_errno(errno, "Failed to probe %s: %m", what); return -errno; } @@ -2436,10 +2393,8 @@ static int mount_device(const char *what, const char *where, const char *directo return -ENOTSUP; } - if (mount(what, p, fstype, MS_NODEV|(rw ? 0 : MS_RDONLY), NULL) < 0) { - log_error("Failed to mount %s: %m", what); - return -errno; - } + if (mount(what, p, fstype, MS_NODEV|(rw ? 0 : MS_RDONLY), NULL) < 0) + return log_error_errno(errno, "Failed to mount %s: %m", what); return 0; #else @@ -2488,19 +2443,19 @@ static void loop_remove(int nr, int *image_fd) { if (image_fd && *image_fd >= 0) { r = ioctl(*image_fd, LOOP_CLR_FD); if (r < 0) - log_warning("Failed to close loop image: %m"); + log_warning_errno(errno, "Failed to close loop image: %m"); *image_fd = safe_close(*image_fd); } control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK); if (control < 0) { - log_warning("Failed to open /dev/loop-control: %m"); + log_warning_errno(errno, "Failed to open /dev/loop-control: %m"); return; } r = ioctl(control, LOOP_CTL_REMOVE, nr); if (r < 0) - log_warning("Failed to remove loop %d: %m", nr); + log_warning_errno(errno, "Failed to remove loop %d: %m", nr); } static int spawn_getent(const char *database, const char *key, pid_t *rpid) { @@ -2511,16 +2466,13 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) { assert(key); assert(rpid); - if (pipe2(pipe_fds, O_CLOEXEC) < 0) { - log_error("Failed to allocate pipe: %m"); - return -errno; - } + if (pipe2(pipe_fds, O_CLOEXEC) < 0) + return log_error_errno(errno, "Failed to allocate pipe: %m"); pid = fork(); - if (pid < 0) { - log_error("Failed to fork getent child: %m"); - return -errno; - } else if (pid == 0) { + if (pid < 0) + return log_error_errno(errno, "Failed to fork getent child: %m"); + else if (pid == 0) { int nullfd; char *empty_env = NULL; @@ -2579,20 +2531,14 @@ static int change_uid_gid(char **_home) { if (!arg_user || streq(arg_user, "root") || streq(arg_user, "0")) { /* Reset everything fully to 0, just in case */ - if (setgroups(0, NULL) < 0) { - log_error("setgroups() failed: %m"); - return -errno; - } + if (setgroups(0, NULL) < 0) + return log_error_errno(errno, "setgroups() failed: %m"); - if (setresgid(0, 0, 0) < 0) { - log_error("setregid() failed: %m"); - return -errno; - } + if (setresgid(0, 0, 0) < 0) + return log_error_errno(errno, "setregid() failed: %m"); - if (setresuid(0, 0, 0) < 0) { - log_error("setreuid() failed: %m"); - return -errno; - } + if (setresuid(0, 0, 0) < 0) + return log_error_errno(errno, "setreuid() failed: %m"); *_home = NULL; return 0; @@ -2615,13 +2561,13 @@ static int change_uid_gid(char **_home) { return -ESRCH; } - log_error("Failed to read from getent: %m"); + log_error_errno(errno, "Failed to read from getent: %m"); return -errno; } truncate_nl(line); - wait_for_terminate_and_warn("getent passwd", pid); + wait_for_terminate_and_warn("getent passwd", pid, true); x = strchr(line, ':'); if (!x) { @@ -2699,13 +2645,13 @@ static int change_uid_gid(char **_home) { return -ESRCH; } - log_error("Failed to read from getent: %m"); + log_error_errno(errno, "Failed to read from getent: %m"); return -errno; } truncate_nl(line); - wait_for_terminate_and_warn("getent initgroups", pid); + wait_for_terminate_and_warn("getent initgroups", pid, true); /* Skip over the username and subsequent separator whitespace */ x = line; @@ -2740,20 +2686,14 @@ static int change_uid_gid(char **_home) { fchown(STDOUT_FILENO, uid, gid); fchown(STDERR_FILENO, uid, gid); - if (setgroups(n_uids, uids) < 0) { - log_error("Failed to set auxiliary groups: %m"); - return -errno; - } + if (setgroups(n_uids, uids) < 0) + return log_error_errno(errno, "Failed to set auxiliary groups: %m"); - if (setresgid(gid, gid, gid) < 0) { - log_error("setregid() failed: %m"); - return -errno; - } + if (setresgid(gid, gid, gid) < 0) + return log_error_errno(errno, "setregid() failed: %m"); - if (setresuid(uid, uid, uid) < 0) { - log_error("setreuid() failed: %m"); - return -errno; - } + if (setresuid(uid, uid, uid) < 0) + return log_error_errno(errno, "setreuid() failed: %m"); if (_home) { *_home = home; @@ -2950,7 +2890,7 @@ int main(int argc, char *argv[]) { char template[] = "/tmp/nspawn-root-XXXXXX"; if (!mkdtemp(template)) { - log_error("Failed to create temporary directory: %m"); + log_error_errno(errno, "Failed to create temporary directory: %m"); r = -errno; goto finish; } @@ -2978,13 +2918,13 @@ int main(int argc, char *argv[]) { master = posix_openpt(O_RDWR|O_NOCTTY|O_CLOEXEC|O_NDELAY); if (master < 0) { - log_error("Failed to acquire pseudo tty: %m"); + log_error_errno(errno, "Failed to acquire pseudo tty: %m"); goto finish; } console = ptsname(master); if (!console) { - log_error("Failed to determine tty name: %m"); + log_error_errno(errno, "Failed to determine tty name: %m"); goto finish; } @@ -2993,12 +2933,12 @@ int main(int argc, char *argv[]) { arg_machine, arg_image ? arg_image : arg_directory); if (unlockpt(master) < 0) { - log_error("Failed to unlock tty: %m"); + log_error_errno(errno, "Failed to unlock tty: %m"); goto finish; } if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) { - log_error("Failed to create kmsg socket pair: %m"); + log_error_errno(errno, "Failed to create kmsg socket pair: %m"); goto finish; } @@ -3032,13 +2972,13 @@ int main(int argc, char *argv[]) { * give it a chance to call wait() and terminate. */ r = sigprocmask(SIG_UNBLOCK, &mask_chld, NULL); if (r < 0) { - log_error("Failed to change the signal mask: %m"); + log_error_errno(errno, "Failed to change the signal mask: %m"); goto finish; } r = sigaction(SIGCHLD, &sa, NULL); if (r < 0) { - log_error("Failed to install SIGCHLD handler: %m"); + log_error_errno(errno, "Failed to install SIGCHLD handler: %m"); goto finish; } @@ -3047,9 +2987,9 @@ int main(int argc, char *argv[]) { (arg_private_network ? CLONE_NEWNET : 0), NULL); if (pid < 0) { if (errno == EINVAL) - log_error("clone() failed, do you have namespace support enabled in your kernel? (You need UTS, IPC, PID and NET namespacing built in): %m"); + log_error_errno(errno, "clone() failed, do you have namespace support enabled in your kernel? (You need UTS, IPC, PID and NET namespacing built in): %m"); else - log_error("clone() failed: %m"); + log_error_errno(errno, "clone() failed: %m"); r = pid; goto finish; @@ -3103,12 +3043,12 @@ int main(int argc, char *argv[]) { if (dup2(STDIN_FILENO, STDOUT_FILENO) != STDOUT_FILENO || dup2(STDIN_FILENO, STDERR_FILENO) != STDERR_FILENO) { - log_error("Failed to duplicate console: %m"); + log_error_errno(errno, "Failed to duplicate console: %m"); _exit(EXIT_FAILURE); } if (setsid() < 0) { - log_error("setsid() failed: %m"); + log_error_errno(errno, "setsid() failed: %m"); _exit(EXIT_FAILURE); } @@ -3116,7 +3056,7 @@ int main(int argc, char *argv[]) { _exit(EXIT_FAILURE); if (prctl(PR_SET_PDEATHSIG, SIGKILL) < 0) { - log_error("PR_SET_PDEATHSIG failed: %m"); + log_error_errno(errno, "PR_SET_PDEATHSIG failed: %m"); _exit(EXIT_FAILURE); } @@ -3124,7 +3064,7 @@ int main(int argc, char *argv[]) { * receive mounts from the real root, but don't * propagate mounts to the real root. */ if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) { - log_error("MS_SLAVE|MS_REC failed: %m"); + log_error_errno(errno, "MS_SLAVE|MS_REC failed: %m"); _exit(EXIT_FAILURE); } @@ -3136,7 +3076,7 @@ int main(int argc, char *argv[]) { /* Turn directory into bind mount */ if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) { - log_error("Failed to make bind mount: %m"); + log_error_errno(errno, "Failed to make bind mount: %m"); _exit(EXIT_FAILURE); } @@ -3208,22 +3148,22 @@ int main(int argc, char *argv[]) { (void)barrier_place(&barrier); if (chdir(arg_directory) < 0) { - log_error("chdir(%s) failed: %m", arg_directory); + log_error_errno(errno, "chdir(%s) failed: %m", arg_directory); _exit(EXIT_FAILURE); } if (mount(arg_directory, "/", NULL, MS_MOVE, NULL) < 0) { - log_error("mount(MS_MOVE) failed: %m"); + log_error_errno(errno, "mount(MS_MOVE) failed: %m"); _exit(EXIT_FAILURE); } if (chroot(".") < 0) { - log_error("chroot() failed: %m"); + log_error_errno(errno, "chroot() failed: %m"); _exit(EXIT_FAILURE); } if (chdir("/") < 0) { - log_error("chdir() failed: %m"); + log_error_errno(errno, "chdir() failed: %m"); _exit(EXIT_FAILURE); } @@ -3233,7 +3173,7 @@ int main(int argc, char *argv[]) { loopback_setup(); if (drop_capabilities() < 0) { - log_error("drop_capabilities() failed: %m"); + log_error_errno(errno, "drop_capabilities() failed: %m"); _exit(EXIT_FAILURE); } @@ -3275,12 +3215,12 @@ int main(int argc, char *argv[]) { if (arg_personality != 0xffffffffLU) { if (personality(arg_personality) < 0) { - log_error("personality() failed: %m"); + log_error_errno(errno, "personality() failed: %m"); _exit(EXIT_FAILURE); } } else if (secondary) { if (personality(PER_LINUX32) < 0) { - log_error("personality() failed: %m"); + log_error_errno(errno, "personality() failed: %m"); _exit(EXIT_FAILURE); } } @@ -3288,7 +3228,7 @@ int main(int argc, char *argv[]) { #ifdef HAVE_SELINUX if (arg_selinux_context) if (setexeccon((security_context_t) arg_selinux_context) < 0) { - log_error("setexeccon(\"%s\") failed: %m", arg_selinux_context); + log_error_errno(errno, "setexeccon(\"%s\") failed: %m", arg_selinux_context); _exit(EXIT_FAILURE); } #endif @@ -3336,7 +3276,7 @@ int main(int argc, char *argv[]) { execle("/bin/sh", "-sh", NULL, env_use); } - log_error("execv() failed: %m"); + log_error_errno(errno, "execv() failed: %m"); _exit(EXIT_FAILURE); }