[PATCH 16/22] host/rootfs: resolve VM symlinks with /ext root

patches and low-level development discussion
 help / color / mirror / code / Atom feed

From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Subject: [PATCH 16/22] host/rootfs: resolve VM symlinks with /ext root
Date: Mon, 10 Oct 2022 23:28:56 +0000	[thread overview]
Message-ID: <20221010232909.1953738-17-hi@alyssa.is> (raw)
In-Reply-To: <20221010232909.1953738-1-hi@alyssa.is>

A goal here was to minimize the amount of C that needed to be written,
so I designed resolve_in_root as the smallest possible program that
could usefully expose RESOLVE_IN_ROOT functionality to scripts in a
generic way.

Rather than a program that does the resolution and then prints the
absolute path, I also considered a program that would chdir() to the
resulting directory and then exec a new argv.  This was an even
simpler implementation, since it didn't require any string handling at
all, but it was a bit awkward to use and only worked for directories.

resolve_in_root lives in the new tools/ directory rather than in
host/, because it will also be useful in guests that need to interact
with these Nix profiles.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/default.nix                 |  8 ++-
 host/rootfs/etc/s6-rc/ext-rc-init/up    |  8 ++-
 tools/resolve_in_root/default.nix       | 23 ++++++++
 tools/resolve_in_root/meson.build       | 10 ++++
 tools/resolve_in_root/resolve_in_root.c | 76 +++++++++++++++++++++++++
 tools/resolve_in_root/test.sh           | 11 ++++
 6 files changed, 131 insertions(+), 5 deletions(-)
 create mode 100644 tools/resolve_in_root/default.nix
 create mode 100644 tools/resolve_in_root/meson.build
 create mode 100644 tools/resolve_in_root/resolve_in_root.c
 create mode 100755 tools/resolve_in_root/test.sh

diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
index 0b08603..f5c8bcf 100644
--- a/host/rootfs/default.nix
+++ b/host/rootfs/default.nix
@@ -14,6 +14,10 @@ let
   inherit (lib) cleanSource cleanSourceWith concatMapStringsSep hasSuffix;
   inherit (nixosAllHardware.config.hardware) firmware;
 
+  resolve_in_root = import ../../tools/resolve_in_root {
+    config = config // { pkgs = pkgs.pkgsStatic; };
+  };
+
   start-vm = import ../start-vm {
     config = config // { pkgs = pkgs.pkgsStatic; };
   };
@@ -44,8 +48,8 @@ let
   foot = pkgsGui.foot.override { allowPgo = false; };
 
   packages = [
-    cloud-hypervisor e2fsprogs execline jq kmod mdevd s6 s6-linux-init s6-rc
-    socat start-vm virtiofsd
+    cloud-hypervisor e2fsprogs execline jq kmod mdevd resolve_in_root s6
+    s6-linux-init s6-rc socat start-vm virtiofsd
 
     (cryptsetup.override {
       programs = {
diff --git a/host/rootfs/etc/s6-rc/ext-rc-init/up b/host/rootfs/etc/s6-rc/ext-rc-init/up
index 53ab127..4808f28 100644
--- a/host/rootfs/etc/s6-rc/ext-rc-init/up
+++ b/host/rootfs/etc/s6-rc/ext-rc-init/up
@@ -5,9 +5,11 @@
 if { mkdir -p /run/s6-rc.ext.src }
 
 if {
-  elglob -0 dirs /ext/svc/data/*/
-  forx -E dir { $dirs }
-  backtick -E name { basename -- $dir }
+  cd /ext
+  elglob -0 glob svc/data/*
+  forx -E reldir { $glob }
+  backtick -E name { basename -- $reldir }
+  backtick -E dir { resolve_in_root . $reldir }
 
   cd /run/s6-rc.ext.src
 
diff --git a/tools/resolve_in_root/default.nix b/tools/resolve_in_root/default.nix
new file mode 100644
index 0000000..f3ed081
--- /dev/null
+++ b/tools/resolve_in_root/default.nix
@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is>
+
+{ config ? import ../../nix/eval-config.nix {} }: config.pkgs.callPackage (
+{ lib, stdenv, meson, ninja }:
+
+let
+  inherit (lib) cleanSource cleanSourceWith hasSuffix;
+in
+
+stdenv.mkDerivation {
+  name = "resolve_in_root";
+
+  src = cleanSourceWith {
+    filter = name: _type: !(hasSuffix ".nix" name);
+    src = cleanSource ./.;
+  };
+
+  nativeBuildInputs = [ meson ninja ];
+
+  doCheck = true;
+}
+) { }
diff --git a/tools/resolve_in_root/meson.build b/tools/resolve_in_root/meson.build
new file mode 100644
index 0000000..a549ea6
--- /dev/null
+++ b/tools/resolve_in_root/meson.build
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is>
+
+project('resolve_in_root', 'c')
+
+add_project_arguments('-D_GNU_SOURCE', language : 'c')
+
+prog = executable('resolve_in_root', 'resolve_in_root.c', install : true)
+
+test('test', find_program('test.sh'), args : prog)
diff --git a/tools/resolve_in_root/resolve_in_root.c b/tools/resolve_in_root/resolve_in_root.c
new file mode 100644
index 0000000..ab33c91
--- /dev/null
+++ b/tools/resolve_in_root/resolve_in_root.c
@@ -0,0 +1,76 @@
+// SPDX-License-Identifier: EUPL-1.2+
+// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is>
+
+#include <assert.h>
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <sys/syscall.h>
+
+#include <linux/openat2.h>
+
+#define STRINGIZE(x) STRINGIZE2(x)
+#define STRINGIZE2(x) #x
+
+[[gnu::malloc]] [[gnu::nonnull]] char *areadlink(const char *pathname)
+{
+	char *target = NULL;
+	size_t link_size, target_size = 4096;
+
+	for (;;) {
+		free(target);
+		if (!(target = malloc(target_size)))
+			return NULL;
+		if ((link_size = readlink(pathname, target, target_size)) == -1)
+			return NULL;
+		if (link_size < target_size)
+			break;
+		if (target_size > (((size_t)-1) >> 1)) {
+			errno = ENOMEM;
+			return NULL;
+		}
+		target_size <<= 1;
+	}
+	target[link_size] = '\0';
+
+	return target;
+}
+
+int main(int argc, char **argv)
+{
+	// -1 because both paths include a null terminator.
+	char fdpath[sizeof "/proc/self/fd/" + sizeof(STRINGIZE(INT_MAX)) - 1];
+
+	char *target;
+	int rootfd, targetfd;
+	struct open_how how = { .flags = O_PATH };
+
+	// Ensure INT_MAX is actually defined, because otherwise
+	// sizeof("INT_MAX") will silently be used instead in fdpath's
+	// size.
+	(void) INT_MAX;
+
+	if (argc != 3) {
+		fprintf(stderr, "Usage: %s root dir\n", argc ? argv[0] : "resolve_in_root");
+		return 1;
+	}
+
+	if ((rootfd = syscall(SYS_openat2, AT_FDCWD, argv[1], &how, sizeof how)) == -1)
+		err(EXIT_FAILURE, "opening %s", argv[1]);
+
+	how.resolve = RESOLVE_IN_ROOT | RESOLVE_NO_MAGICLINKS | RESOLVE_NO_XDEV;
+	if ((targetfd = syscall(SYS_openat2, rootfd, argv[2], &how, sizeof how)) == -1)
+		err(EXIT_FAILURE, "opening %s with %s:/", argv[2], argv[1]);
+
+	assert(snprintf(fdpath, sizeof fdpath, "/proc/self/fd/%d", targetfd) < sizeof fdpath);
+
+	target = areadlink(fdpath);
+	if (!target)
+		err(EXIT_FAILURE, "reading %s", fdpath);
+	puts(target);
+}
diff --git a/tools/resolve_in_root/test.sh b/tools/resolve_in_root/test.sh
new file mode 100755
index 0000000..c4afe3d
--- /dev/null
+++ b/tools/resolve_in_root/test.sh
@@ -0,0 +1,11 @@
+#!/bin/sh -ue
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is>
+
+dir="$(mktemp -d)"
+trap 'rm -rf "$dir"' EXIT
+
+touch "$dir/file"
+ln -s /file "$dir/link"
+
+test "$("$1" "$dir" link)" = "$dir/file"
-- 
2.37.1

next prev parent reply	other threads:[~2022-10-10 23:32 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-10 23:28 [PATCH 00/22] Implement managing VMs with Nix Alyssa Ross
2022-10-10 23:28 ` [PATCH 01/22] host/start-vm: use MAP_SHARED memory for VMs Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 02/22] host/start-vm: implement shared directories Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 03/22] host/rootfs: generate virtiofsd services Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 04/22] Documentation: explain VM shared directories Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 05/22] vm-lib/make-vm.nix: support " Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 06/22] img/app: add support for testing virtiofs Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 07/22] img/app: don't block app startup on network online Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 08/22] img/app: auto-mount virtiofs0 filesystem Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 09/22] vm/app/mg.nix: init Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 10/22] vm/app/mg.nix: open virtio filesystem in dired Alyssa Ross
2023-02-26 19:17   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 11/22] host/rootfs: move ext mounting to s6-rc service Alyssa Ross
2022-11-14  1:14   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 12/22] host/rootfs: automatically grow user partition Alyssa Ross
2022-11-14  1:14   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 13/22] host/rootfs: use a bigger test ext partition Alyssa Ross
2022-11-14  1:14   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 14/22] host/initramfs/extfs.nix: tar2ext4 -> mkfs.ext4 -d Alyssa Ross
2022-11-14  1:14   ` Alyssa Ross
2022-10-10 23:28 ` [PATCH 15/22] host/start-vm: resolve VM symlinks with /ext root Alyssa Ross
2022-10-10 23:28 ` Alyssa Ross [this message]
2022-10-10 23:28 ` [PATCH 17/22] Documentation: explain /ext symlink resolution Alyssa Ross
2022-10-10 23:28 ` [PATCH 18/22] host/start-vm: increase memory size to 512M Alyssa Ross
2022-10-10 23:28 ` [PATCH 19/22] vm/app/nix: add Alyssa Ross
2022-10-10 23:29 ` [PATCH 20/22] vm-lib/make-vms.nix: add Alyssa Ross
2022-10-10 23:29 ` [PATCH 21/22] host/initramfs/extfs.nix: add example Nix-built VM Alyssa Ross
2022-10-10 23:29 ` [PATCH 22/22] Documentation: add how-to guide for Nix-built VMs Alyssa Ross
2022-10-10 23:29 ` [PATCH v2 0/6] Introduce a shared base for application VMs Alyssa Ross
2022-10-10 23:37   ` Alyssa Ross
2022-10-10 23:29 ` [PATCH v2 1/6] host/start-vm: support multiple block devices Alyssa Ross
2022-10-10 23:29 ` [PATCH v2 2/6] scripts/make-gpt.sh: add support for labels Alyssa Ross
2022-10-10 23:29 ` [PATCH v2 3/6] vm: build GPT images Alyssa Ross
2022-10-10 23:29 ` [PATCH v2 4/6] host/start-vm: boot using partition label Alyssa Ross
2022-10-10 23:29 ` [PATCH v2 5/6] release: rename from "img" Alyssa Ross
2022-10-10 23:29 ` [PATCH v2 6/6] img/app: extract from appvm-{lynx,catgirl} Alyssa Ross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221010232909.1953738-17-hi@alyssa.is \
    --to=hi@alyssa.is \
    --cc=devel@spectrum-os.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://spectrum-os.org/git/crosvm
	https://spectrum-os.org/git/doc
	https://spectrum-os.org/git/mktuntap
	https://spectrum-os.org/git/nixpkgs
	https://spectrum-os.org/git/spectrum
	https://spectrum-os.org/git/ucspi-vsock
	https://spectrum-os.org/git/www

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).