summaryrefslogtreecommitdiffstats
path: root/src/shared/dissect-image.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/shared/dissect-image.h18
1 files changed, 17 insertions, 1 deletions
diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h
index 15c0bf7..e31fd54 100644
--- a/src/shared/dissect-image.h
+++ b/src/shared/dissect-image.h
@@ -87,6 +87,8 @@ typedef enum DissectImageFlags {
DISSECT_IMAGE_DISKSEQ_DEVNODE = 1 << 23, /* Prefer /dev/disk/by-diskseq/… device nodes */
DISSECT_IMAGE_ALLOW_EMPTY = 1 << 24, /* Allow that no usable partitions is present */
DISSECT_IMAGE_TRY_ATOMIC_MOUNT_EXCHANGE = 1 << 25, /* Try to mount the image beneath the specified mountpoint, rather than on top of it, and then umount the top */
+ DISSECT_IMAGE_ALLOW_USERSPACE_VERITY = 1 << 26, /* Allow userspace verity keyring in /etc/verity.d/ and related dirs */
+ DISSECT_IMAGE_ALLOW_INTERACTIVE_AUTH = 1 << 27, /* Allow interactive authorization when going through mountfsd */
} DissectImageFlags;
struct DissectedImage {
@@ -102,6 +104,7 @@ struct DissectedImage {
DecryptedImage *decrypted_image;
uint32_t sector_size;
+ uint64_t image_size;
char *image_name;
sd_id128_t image_uuid;
@@ -161,6 +164,7 @@ int dissect_image_file_and_warn(const char *path, const VeritySettings *verity,
int dissect_loop_device(LoopDevice *loop, const VeritySettings *verity, const MountOptions *mount_options, const ImagePolicy *image_policy, DissectImageFlags flags, DissectedImage **ret);
int dissect_loop_device_and_warn(LoopDevice *loop, const VeritySettings *verity, const MountOptions *mount_options, const ImagePolicy *image_policy, DissectImageFlags flags, DissectedImage **ret);
+void dissected_image_close(DissectedImage *m);
DissectedImage* dissected_image_unref(DissectedImage *m);
DEFINE_TRIVIAL_CLEANUP_FUNC(DissectedImage*, dissected_image_unref);
@@ -169,7 +173,7 @@ int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphr
int dissected_image_mount(DissectedImage *m, const char *dest, uid_t uid_shift, uid_t uid_range, int userns_fd, DissectImageFlags flags);
int dissected_image_mount_and_warn(DissectedImage *m, const char *where, uid_t uid_shift, uid_t uid_range, int userns_fd, DissectImageFlags flags);
-int dissected_image_acquire_metadata(DissectedImage *m, DissectImageFlags extra_flags);
+int dissected_image_acquire_metadata(DissectedImage *m, int userns_fd, DissectImageFlags extra_flags);
Architecture dissected_image_architecture(DissectedImage *m);
@@ -196,6 +200,14 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(DecryptedImage*, decrypted_image_unref);
int dissected_image_relinquish(DissectedImage *m);
int verity_settings_load(VeritySettings *verity, const char *image, const char *root_hash_path, const char *root_hash_sig_path);
+
+static inline bool verity_settings_set(const VeritySettings *settings) {
+ return settings &&
+ (settings->root_hash_size > 0 ||
+ (settings->root_hash_sig_size > 0 ||
+ settings->data_path));
+}
+
void verity_settings_done(VeritySettings *verity);
static inline bool verity_settings_data_covers(const VeritySettings *verity, PartitionDesignator d) {
@@ -228,3 +240,7 @@ static inline const char *dissected_partition_fstype(const DissectedPartition *m
return m->decrypted_node ? m->decrypted_fstype : m->fstype;
}
+
+int get_common_dissect_directory(char **ret);
+
+int mountfsd_mount_image(const char *path, int userns_fd, const ImagePolicy *image_policy, DissectImageFlags flags, DissectedImage **ret);