[systemd-commits] 4 commits - CODING_STYLE TODO man/systemd-run.xml src/journal src/shared
Lennart Poettering
lennart at kemper.freedesktop.org
Wed Apr 22 13:58:57 PDT 2015
CODING_STYLE | 4 +
TODO | 2
man/systemd-run.xml | 4 -
src/journal/journalctl.c | 120 ++++++++++++++++++++++++-----------------------
src/shared/acl-util.c | 102 +++++++++++++++++++++------------------
src/shared/acl-util.h | 2
6 files changed, 127 insertions(+), 107 deletions(-)
New commits:
commit e346512c684e9efae84c6442f7e6a5781564ecde
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 22 22:54:23 2015 +0200
journalctl: rework code that checks whether we have access to /var/log/journal
- fix some memory leaks on error conditions
- handle all error cases properly, and log about failures
- move HAVE_ACL and no-HAVE_ACL code closer to each other
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index a5ed41d..666aa20 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -1524,61 +1524,76 @@ static int verify(sd_journal *j) {
return r;
}
-#ifdef HAVE_ACL
static int access_check_var_log_journal(sd_journal *j) {
+#ifdef HAVE_ACL
_cleanup_strv_free_ char **g = NULL;
- bool have_access;
+ const char* dir;
+#endif
int r;
assert(j);
- have_access = in_group("systemd-journal") > 0;
+ if (arg_quiet)
+ return 0;
- if (!have_access) {
- const char* dir;
+ /* If we are root, we should have access, don't warn. */
+ if (getuid() == 0)
+ return 0;
- if (access("/run/log/journal", F_OK) >= 0)
- dir = "/run/log/journal";
- else
- dir = "/var/log/journal";
+ /* If we are in the 'systemd-journal' group, we should have
+ * access too. */
+ r = in_group("systemd-journal");
+ if (r < 0)
+ return log_error_errno(r, "Failed to check if we are in the 'systemd-journal' group: %m");
+ if (r > 0)
+ return 0;
- /* Let's enumerate all groups from the default ACL of
- * the directory, which generally should allow access
- * to most journal files too */
- r = search_acl_groups(&g, dir, &have_access);
- if (r < 0)
- return r;
- }
+#ifdef HAVE_ACL
+ if (laccess("/run/log/journal", F_OK) >= 0)
+ dir = "/run/log/journal";
+ else
+ dir = "/var/log/journal";
- if (!have_access) {
+ /* If we are in any of the groups listed in the journal ACLs,
+ * then all is good, too. Let's enumerate all groups from the
+ * default ACL of the directory, which generally should allow
+ * access to most journal files too. */
+ r = acl_search_groups(dir, &g);
+ if (r < 0)
+ return log_error_errno(r, "Failed to search journal ACL: %m");
+ if (r > 0)
+ return 0;
- if (strv_isempty(g))
- log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
- " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
- " turn off this notice.");
- else {
- _cleanup_free_ char *s = NULL;
+ /* Print a pretty list, if there were ACLs set. */
+ if (!strv_isempty(g)) {
+ _cleanup_free_ char *s = NULL;
- r = strv_extend(&g, "systemd-journal");
- if (r < 0)
- return log_oom();
+ /* Thre are groups in the ACL, let's list them */
+ r = strv_extend(&g, "systemd-journal");
+ if (r < 0)
+ return log_oom();
- strv_sort(g);
- strv_uniq(g);
+ strv_sort(g);
+ strv_uniq(g);
- s = strv_join(g, "', '");
- if (!s)
- return log_oom();
+ s = strv_join(g, "', '");
+ if (!s)
+ return log_oom();
- log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
- " Users in groups '%s' can see all messages.\n"
- " Pass -q to turn off this notice.", s);
- }
+ log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
+ " Users in groups '%s' can see all messages.\n"
+ " Pass -q to turn off this notice.", s);
+ return 1;
}
+#endif
- return 0;
+ /* If no ACLs were found, print a short version of the message. */
+ log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
+ " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
+ " turn off this notice.");
+
+ return 1;
}
-#endif
static int access_check(sd_journal *j) {
Iterator it;
@@ -1590,30 +1605,15 @@ static int access_check(sd_journal *j) {
if (set_isempty(j->errors)) {
if (ordered_hashmap_isempty(j->files))
log_notice("No journal files were found.");
+
return 0;
}
if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
-#ifdef HAVE_ACL
- /* If /run/log/journal or /var/log/journal exist, try
- to pring a nice notice if the user lacks access to it. */
- if (!arg_quiet && geteuid() != 0) {
- r = access_check_var_log_journal(j);
- if (r < 0)
- return r;
- }
-#else
- if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
- log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
- "group may access messages.");
- return -EACCES;
- }
-#endif
+ (void) access_check_var_log_journal(j);
- if (ordered_hashmap_isempty(j->files)) {
- log_error("No journal files were opened due to insufficient permissions.");
- r = -EACCES;
- }
+ if (ordered_hashmap_isempty(j->files))
+ r = log_error_errno(EACCES, "No journal files were opened due to insufficient permissions.");
}
SET_FOREACH(code, j->errors, it) {
@@ -1622,8 +1622,12 @@ static int access_check(sd_journal *j) {
err = -PTR_TO_INT(code);
assert(err > 0);
- if (err != EACCES)
- log_warning_errno(err, "Error was encountered while opening journal files: %m");
+ if (err == EACCES)
+ continue;
+
+ log_warning_errno(err, "Error was encountered while opening journal files: %m");
+ if (r == 0)
+ r = -err;
}
return r;
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
index 36b3f0c..466f9aa 100644
--- a/src/shared/acl-util.c
+++ b/src/shared/acl-util.c
@@ -81,17 +81,18 @@ int calc_acl_mask_if_needed(acl_t *acl_p) {
if (tag == ACL_MASK)
return 0;
- if (IN_SET(tag, ACL_USER, ACL_GROUP))
- goto calc;
+
+ if (IN_SET(tag, ACL_USER, ACL_GROUP)) {
+ if (acl_calc_mask(acl_p) < 0)
+ return -errno;
+
+ return 1;
+ }
}
if (r < 0)
return -errno;
- return 0;
-calc:
- if (acl_calc_mask(acl_p) < 0)
- return -errno;
- return 1;
+ return 0;
}
int add_base_acls_if_needed(acl_t *acl_p, const char *path) {
@@ -158,59 +159,68 @@ int add_base_acls_if_needed(acl_t *acl_p, const char *path) {
return 0;
}
-int search_acl_groups(char*** dst, const char* path, bool* belong) {
- acl_t acl;
+int acl_search_groups(const char *path, char ***ret_groups) {
+ _cleanup_strv_free_ char **g = NULL;
+ _cleanup_(acl_free) acl_t acl = NULL;
+ bool ret = false;
+ acl_entry_t entry;
+ int r;
assert(path);
- assert(belong);
acl = acl_get_file(path, ACL_TYPE_DEFAULT);
- if (acl) {
- acl_entry_t entry;
- int r;
-
- r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
- while (r > 0) {
- acl_tag_t tag;
- gid_t *gid;
- char *name;
+ if (!acl)
+ return -errno;
- r = acl_get_tag_type(entry, &tag);
- if (r < 0)
- break;
+ r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
+ for (;;) {
+ _cleanup_(acl_free_gid_tpp) gid_t *gid = NULL;
+ acl_tag_t tag;
+
+ if (r < 0)
+ return -errno;
+ if (r == 0)
+ break;
+
+ if (acl_get_tag_type(entry, &tag) < 0)
+ return -errno;
- if (tag != ACL_GROUP)
- goto next;
+ if (tag != ACL_GROUP)
+ goto next;
- gid = acl_get_qualifier(entry);
- if (!gid)
- break;
+ gid = acl_get_qualifier(entry);
+ if (!gid)
+ return -errno;
+
+ if (in_gid(*gid) > 0) {
+ if (!ret_groups)
+ return true;
- if (in_gid(*gid) > 0) {
- *belong = true;
- break;
- }
+ ret = true;
+ }
+
+ if (ret_groups) {
+ char *name;
name = gid_to_name(*gid);
- if (!name) {
- acl_free(acl);
- return log_oom();
- }
-
- r = strv_consume(dst, name);
- if (r < 0) {
- acl_free(acl);
- return log_oom();
- }
-
- next:
- r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
+ if (!name)
+ return -ENOMEM;
+
+ r = strv_consume(&g, name);
+ if (r < 0)
+ return r;
}
- acl_free(acl);
+ next:
+ r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
}
- return 0;
+ if (ret_groups) {
+ *ret_groups = g;
+ g = NULL;
+ }
+
+ return ret;
}
int parse_acl(char *text, acl_t *acl_access, acl_t *acl_default, bool want_mask) {
diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h
index fdb9006..c8bcc26 100644
--- a/src/shared/acl-util.h
+++ b/src/shared/acl-util.h
@@ -32,7 +32,7 @@
int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry);
int calc_acl_mask_if_needed(acl_t *acl_p);
int add_base_acls_if_needed(acl_t *acl_p, const char *path);
-int search_acl_groups(char*** dst, const char* path, bool* belong);
+int acl_search_groups(const char* path, char ***ret_groups);
int parse_acl(char *text, acl_t *acl_access, acl_t *acl_default, bool want_mask);
int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl);
commit 0a0215783159b9c3a3652b231df36dbff08e0ac5
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 22 22:24:48 2015 +0200
update TODO
diff --git a/TODO b/TODO
index f87af7d..74e804f 100644
--- a/TODO
+++ b/TODO
@@ -46,6 +46,8 @@ Before 220:
Features:
+* nspawn: as soon as networkd has a bus interface, hook up --network-interface= with networkd, to trigger netdev creation should an interface be missing
+
* networkd: make DHCP server IP range configurable, including only with a single IP address
* rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring
commit 85fb80317b543601cdcf44b0a59da9cdabcbffa1
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 22 22:24:24 2015 +0200
man: fix example in systemd-run(1)
Reported by Holger Reif.
diff --git a/man/systemd-run.xml b/man/systemd-run.xml
index febcdb0..629bc4a 100644
--- a/man/systemd-run.xml
+++ b/man/systemd-run.xml
@@ -346,11 +346,11 @@ Sep 08 07:37:21 bupkis env[19948]: BOOT_IMAGE=/vmlinuz-3.11.0-0.rc5.git6.2.fc20.
Mon Dec 8 20:44:24 KST 2014
Running as unit run-71.timer.
Will run as unit run-71.service.
-# journalctl -b -u run-73.timer
+# journalctl -b -u run-71.timer
-- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. --
Dec 08 20:44:38 container systemd[1]: Starting /bin/touch /tmp/foo.
Dec 08 20:44:38 container systemd[1]: Started /bin/touch /tmp/foo.
-# journalctl -b -u run-73.service
+# journalctl -b -u run-71.service
-- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. --
Dec 08 20:44:48 container systemd[1]: Starting /bin/touch /tmp/foo...
Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo.</programlisting>
commit 2708526c4ade0473b95f6c93d21f6d516b89a924
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 22 20:25:06 2015 +0200
CODING_STYLE: document that we prefer /* comments */ over // comments
diff --git a/CODING_STYLE b/CODING_STYLE
index a295ca7..70f45be 100644
--- a/CODING_STYLE
+++ b/CODING_STYLE
@@ -1,6 +1,10 @@
- 8ch indent, no tabs, except for files in man/ which are 2ch indent,
and still no tabs
+- We prefer /* comments */ over // comments, please. This is not C++, after
+ all. (Yes we know that C99 supports both kinds of comments, but still,
+ please!)
+
- Don't break code lines too eagerly. We do *not* force line breaks at
80ch, all of today's screens should be much larger than that. But
then again, don't overdo it, ~140ch should be enough really.
More information about the systemd-commits
mailing list