1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2015 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
27 #include "bus-error.h"
29 #include "nspawn-register.h"
32 const char *machine_name
,
34 const char *directory
,
44 _cleanup_bus_error_free_ sd_bus_error error
= SD_BUS_ERROR_NULL
;
45 _cleanup_bus_flush_close_unref_ sd_bus
*bus
= NULL
;
48 r
= sd_bus_default_system(&bus
);
50 return log_error_errno(r
, "Failed to open system bus: %m");
53 r
= sd_bus_call_method(
55 "org.freedesktop.machine1",
56 "/org/freedesktop/machine1",
57 "org.freedesktop.machine1.Manager",
58 "RegisterMachineWithNetwork",
63 SD_BUS_MESSAGE_APPEND_ID128(uuid
),
68 local_ifindex
> 0 ? 1 : 0, local_ifindex
);
70 _cleanup_bus_message_unref_ sd_bus_message
*m
= NULL
;
74 r
= sd_bus_message_new_method_call(
77 "org.freedesktop.machine1",
78 "/org/freedesktop/machine1",
79 "org.freedesktop.machine1.Manager",
80 "CreateMachineWithNetwork");
82 return bus_log_create_error(r
);
84 r
= sd_bus_message_append(
88 SD_BUS_MESSAGE_APPEND_ID128(uuid
),
93 local_ifindex
> 0 ? 1 : 0, local_ifindex
);
95 return bus_log_create_error(r
);
97 r
= sd_bus_message_open_container(m
, 'a', "(sv)");
99 return bus_log_create_error(r
);
101 if (!isempty(slice
)) {
102 r
= sd_bus_message_append(m
, "(sv)", "Slice", "s", slice
);
104 return bus_log_create_error(r
);
107 r
= sd_bus_message_append(m
, "(sv)", "DevicePolicy", "s", "strict");
109 return bus_log_create_error(r
);
111 /* If you make changes here, also make sure to update
112 * systemd-nspawn@.service, to keep the device
113 * policies in sync regardless if we are run with or
114 * without the --keep-unit switch. */
115 r
= sd_bus_message_append(m
, "(sv)", "DeviceAllow", "a(ss)", 9,
116 /* Allow the container to
117 * access and create the API
118 * device nodes, so that
119 * PrivateDevices= in the
125 "/dev/random", "rwm",
126 "/dev/urandom", "rwm",
128 "/dev/net/tun", "rwm",
129 /* Allow the container
130 * access to ptys. However,
132 * container to ever create
133 * these device nodes. */
134 "/dev/pts/ptmx", "rw",
137 return bus_log_create_error(r
);
139 for (j
= 0; j
< n_mounts
; j
++) {
140 CustomMount
*cm
= mounts
+ j
;
142 if (cm
->type
!= CUSTOM_MOUNT_BIND
)
145 r
= is_device_node(cm
->source
);
147 return log_error_errno(r
, "Failed to stat %s: %m", cm
->source
);
150 r
= sd_bus_message_append(m
, "(sv)", "DeviceAllow", "a(ss)", 1,
151 cm
->source
, cm
->read_only
? "r" : "rw");
153 return log_error_errno(r
, "Failed to append message arguments: %m");
157 if (kill_signal
!= 0) {
158 r
= sd_bus_message_append(m
, "(sv)", "KillSignal", "i", kill_signal
);
160 return bus_log_create_error(r
);
162 r
= sd_bus_message_append(m
, "(sv)", "KillMode", "s", "mixed");
164 return bus_log_create_error(r
);
167 STRV_FOREACH(i
, properties
) {
168 r
= sd_bus_message_open_container(m
, 'r', "sv");
170 return bus_log_create_error(r
);
172 r
= bus_append_unit_property_assignment(m
, *i
);
176 r
= sd_bus_message_close_container(m
);
178 return bus_log_create_error(r
);
181 r
= sd_bus_message_close_container(m
);
183 return bus_log_create_error(r
);
185 r
= sd_bus_call(bus
, m
, 0, &error
, NULL
);
189 log_error("Failed to register machine: %s", bus_error_message(&error
, r
));
196 int terminate_machine(pid_t pid
) {
197 _cleanup_bus_error_free_ sd_bus_error error
= SD_BUS_ERROR_NULL
;
198 _cleanup_bus_message_unref_ sd_bus_message
*reply
= NULL
;
199 _cleanup_bus_flush_close_unref_ sd_bus
*bus
= NULL
;
203 r
= sd_bus_default_system(&bus
);
205 return log_error_errno(r
, "Failed to open system bus: %m");
207 r
= sd_bus_call_method(
209 "org.freedesktop.machine1",
210 "/org/freedesktop/machine1",
211 "org.freedesktop.machine1.Manager",
218 /* Note that the machine might already have been
219 * cleaned up automatically, hence don't consider it a
220 * failure if we cannot get the machine object. */
221 log_debug("Failed to get machine: %s", bus_error_message(&error
, r
));
225 r
= sd_bus_message_read(reply
, "o", &path
);
227 return bus_log_parse_error(r
);
229 r
= sd_bus_call_method(
231 "org.freedesktop.machine1",
233 "org.freedesktop.machine1.Machine",
239 log_debug("Failed to terminate machine: %s", bus_error_message(&error
, r
));