[PATCH fstools] libfstools: support custom executable validating overlay
Rafał Miłecki
zajec5 at gmail.com
Tue Jan 4 14:46:18 PST 2022
From: Rafał Miłecki <rafal at milecki.pl>
This results in calling /usr/libexec/overlay_verify which may either
modify overlay (e.g. wipe it) or refuse it. It's needed by targets that
need to validate that "rootfs_data" doesn't come from a previous
firmware. They may provide a script that will wipe such /outdated/
overlays.
Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
---
libfstools/overlay.c | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/libfstools/overlay.c b/libfstools/overlay.c
index 6790337..281626d 100644
--- a/libfstools/overlay.c
+++ b/libfstools/overlay.c
@@ -14,6 +14,7 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
+#include <sys/wait.h>
#include <asm/byteorder.h>
@@ -36,6 +37,7 @@
#define SWITCH_JFFS2 "/tmp/.switch_jffs2"
#define OVERLAYDIR "/rom/overlay"
+#define OVERLAY_VERIFY "/usr/libexec/overlay_verify"
static bool keep_sysupgrade;
@@ -412,6 +414,33 @@ int fs_state_set(const char *dir, enum fs_state state)
return symlink(valstr, path);
}
+/*
+ * Call user custom script (if present) that may perform some extra overlay
+ * validation.
+ */
+static int overlay_verify(const char *overlay_mp)
+{
+ struct stat s;
+ pid_t pid;
+
+ if (stat(OVERLAY_VERIFY, &s))
+ return 0;
+
+ pid = fork();
+ if (!pid) {
+ execl(OVERLAY_VERIFY, OVERLAY_VERIFY, overlay_mp, NULL);
+ exit(EXIT_FAILURE);
+ } else if (pid > 0) {
+ int wstatus;
+
+ waitpid(pid, &wstatus, 0);
+
+ if (WIFEXITED(wstatus))
+ return WEXITSTATUS(wstatus);
+ }
+
+ return -1;
+}
int mount_overlay(struct volume *v)
{
@@ -432,6 +461,12 @@ int mount_overlay(struct volume *v)
if (err)
return err;
+ err = overlay_verify(overlay_mp);
+ if (err) {
+ ULOG_ERR("failed to verify overlay: %d\n", err);
+ return err;
+ }
+
/*
* Check for extroot config in overlay (rootfs_data) and if present then
* prefer it over rootfs_data.
--
2.31.1
More information about the openwrt-devel
mailing list