tree-wide: remove Emacs lines from all files This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.

shared: include what we use The next step of a general cleanup of our includes. This one mostly adds missing includes but there are a few removals as well.

util-lib: split out allocation calls into alloc-util.[ch]

util-lib: move string table stuff into its own string-table.[ch]

util-lib: move a number of fs operations into fs-util.[ch]

util-lib: split out file attribute calls to chattr-util.[ch]

util-lib: split xattr-related calls into xattr-util.[ch]

util-lib: introduce dirent-util.[ch] for directory entry calls Also, move a couple of more path-related functions to path-util.c.

util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.

util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.

btrfs: beef-up btrfs support with a limited understanding of quota With this change we understand more than just leaf quota groups for btrfs file systems. Specifically: - When we create a subvolume we can now optionally add the new subvolume to all qgroups its parent subvolume was member of too. Alternatively it is also possible to insert an intermediary quota group between the parent's qgroups and the subvolume's leaf qgroup, which is useful for a concept of "subtree" qgroups, that contain a subvolume and all its children. - The remove logic for subvolumes has been updated to optionally remove any leaf qgroups or "subtree" qgroups, following the logic above. - The snapshot logic for subvolumes has been updated to replicate the original qgroup setup of the source, if it follows the "subtree" design described above. It will not cover qgroup setups that introduce arbitrary qgroups, especially those orthogonal to the subvolume hierarchy. This also tries to be more graceful when setting up /var/lib/machines as btrfs. For example, if mkfs.btrfs is missing we don't even try to set it up as loopback device. Fixes #1559 Fixes #1129

machine: when removing, renaming, cloning images also care for .nspawn settings file Whenever we remove/rename/clone a machine image, make sure we do the same for the image's .nspawn settings file.

machine: clarify that /var/lib/containers is legacy

Fix permissions on /run/systemd/nspawn/locks machined is getting an EACCES when trying to create the lock file for images because the mode on /run/systemd/nspawn/locks is 0600. mkdir("/run/systemd/nspawn/locks", 0600) = -1 EEXIST (File exists) stat("/run/systemd/nspawn/locks", {st_mode=S_IFDIR|0600, st_size=40, ...}) = 0 open("/run/systemd/nspawn/locks/inode-41:256", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC, 0600) = -1 EACCES (Permission denied) This commit adjusts the mode to 0700 to correct the issue.

btrfs-util: introduce btrfs_is_filesystem() and make use of it where appropriate Let's unify the code that checks whether an fd is on btrfs a bit. (Also, rename btrfs_is_snapshot() to btrfs_is_subvol(), since that's usually how this is referred to in our code)

btrfs: add support for recursive btrfs snapshotting

btrfs: make btrfs_subvol_snapshot() parameters a flags field

btrfs: support recursively removing btrfs snapshots

machined: drop btrfs subvolumes when removing container images

util: rework rm_rf() logic - Move to its own file rm-rf.c - Change parameters into a single flags parameter - Remove "honour sticky" logic, it's unused these days

tree-wide: there is no ENOTSUP on linux Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.

util: add rename_noreplace renameat2() exists since Linux 3.15 but btrfs support for the flag RENAME_NOREPLACE was added later. This patch implements a fallback when renameat2() returns EINVAL. EINVAL is the error returned when the filesystem does not support one of the flags.

shared: the btrfs quota field is called "referenced" not "referred"

machined,machinectl: add calls for changing container/VM quotas

remove unused includes This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.

util: rework strappenda(), and rename it strjoina() After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.

machined: refer to the disk space allocated for an image to "usage" rather than "size" After all, it's closer to the "du"-reported value than to the file sizes...

nspawn,machined: change default container image location from /var/lib/container to /var/lib/machines Given that this is also the place to store raw disk images which are very much bootable with qemu/kvm it sounds like a misnomer to call the directory "container". Hence, let's change this sooner rather than later, and use the generic name, in particular since we otherwise try to use the generic "machine" preferably over the more specific "container" or "vm".

import: rename "gpt" disk image type to "raw" After all, nspawn can now dissect MBR partition levels, too, hence ".gpt" appears a misnomer. Moreover, the the .raw suffix for these files is already pretty popular (the Fedora disk images use it for example), hence sounds like an OK scheme to adopt.

nspawn: add file system locks for controlling access to container images This adds three kinds of file system locks for container images: a) a file system lock next to the actual image, in a .lck file in the same directory the image is located. This lock has the benefit of usually being located on the same NFS share as the image itself, and thus allows locking container images across NFS shares. b) a file system lock in /run, named after st_dev and st_ino of the root of the image. This lock has the advantage that it is unique even if the same image is bind mounted to two different places at the same time, as the ino/dev stays constant for them. c) a file system lock that is only taken when a new disk image is about to be created, that ensures that checking whether the name is already used across the search path, and actually placing the image is not interrupted by other code taking the name. a + b are read-write locks. When a container is booted in read-only mode a read lock is taken, otherwise a write lock. Lock b is always taken after a, to avoid ABBA problems. Lock c is mostly relevant when renaming or cloning images.

machined: use the FS_IMMUTABLE_FL file flag, if available, to implement a "read-only" concept for raw disk images, too

machined: when cloning a raw disk image, also set the NOCOW flag

machined: add support for reporting image size via btrfs quota

machinectl/machined: implement "rename", "clone", "read-only" verbs for machine images

machined: add "machinectl remove" for removing images

machined: Move image discovery logic into src/shared, so that we can make use of it from nspawn