[systemd-commits] 3 commits - Makefile-man.am man/sd_bus_creds_get_pid.xml man/sd_pid_get_session.xml src/libsystemd src/shared src/test
Lennart Poettering
lennart at kemper.freedesktop.org
Wed Apr 29 12:47:22 PDT 2015
Makefile-man.am | 51 ++++++++-
man/sd_bus_creds_get_pid.xml | 203 ++++++++++++++++++++++++++----------
man/sd_pid_get_session.xml | 57 ++++++++--
src/libsystemd/sd-bus/bus-control.c | 25 +++-
src/libsystemd/sd-bus/bus-creds.c | 147 ++++++++++++++++++++------
src/libsystemd/sd-bus/bus-dump.c | 70 +++++++-----
src/libsystemd/sd-bus/bus-kernel.c | 15 +-
src/shared/audit.c | 2
src/shared/audit.h | 1
src/shared/cgroup-util.c | 20 +--
src/shared/terminal-util.c | 2
src/test/test-cgroup-util.c | 26 ++--
src/test/test-process-util.c | 5
13 files changed, 453 insertions(+), 171 deletions(-)
New commits:
commit 882f407f3133f3603b69be162940002a9a37ba48
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 29 21:45:45 2015 +0200
man: document when the various sd-login.h calls return ENXIO
diff --git a/man/sd_pid_get_session.xml b/man/sd_pid_get_session.xml
index f708d0d..b46d471 100644
--- a/man/sd_pid_get_session.xml
+++ b/man/sd_pid_get_session.xml
@@ -148,9 +148,10 @@
not all processes are part of a login session (e.g. system service
processes, user processes that are shared between multiple
sessions of the same user, or kernel threads). For processes not
- being part of a login session this function will fail. The
- returned string needs to be freed with the libc
- <citerefentry project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ being part of a login session this function will fail with
+ -ENXIO. The returned string needs to be freed with the libc
+ <citerefentry
+ project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
call after use.</para>
<para><function>sd_pid_get_unit()</function> may be used to
@@ -159,11 +160,12 @@
short string, suitable for usage in file system paths. Note that
not all processes are part of a system unit/service (e.g. user
processes, or kernel threads). For processes not being part of a
- systemd system unit this function will fail. (More specifically:
- this call will not work for processes that are part of user units,
- use <function>sd_pid_get_user_unit()</function> for that.) The
- returned string needs to be freed with the libc
- <citerefentry project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ systemd system unit this function will fail with -ENXIO (More
+ specifically: this call will not work for processes that are part
+ of user units, use <function>sd_pid_get_user_unit()</function> for
+ that.) The returned string needs to be freed with the libc
+ <citerefentry
+ project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
call after use.</para>
<para><function>sd_pid_get_user_unit()</function> may be used to
@@ -179,14 +181,16 @@
login sessions of the same user, where
<function>sd_pid_get_session()</function> will fail. For processes
not being part of a login session and not being a shared process
- of a user this function will fail.</para>
+ of a user this function will fail with -ENXIO.</para>
<para><function>sd_pid_get_machine_name()</function> may be used
to determine the name of the VM or container is a member of. The
machine name is a short string, suitable for usage in file system
paths. The returned string needs to be freed with the libc
- <citerefentry project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- call after use.</para>
+ <citerefentry
+ project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ call after use. For processes not part of a VM or containers this
+ function fails with -ENXIO.</para>
<para><function>sd_pid_get_slice()</function> may be used to
determine the slice unit the process is a member of. See
@@ -219,6 +223,37 @@
</refsect1>
<refsect1>
+ <title>Errors</title>
+
+ <para>Returned errors may indicate the following problems:</para>
+
+ <variablelist>
+
+ <varlistentry>
+ <term><constant>-ENXIO</constant></term>
+
+ <listitem><para>Given field is not specified for the described
+ process or peer.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>-ESRCH</constant></term>
+
+ <listitem><para>The specified PID does not refer to a running
+ process.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>-ENOMEM</constant></term>
+
+ <listitem><para>Memory allocation failed.</para></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
<title>Notes</title>
<para>The <function>sd_pid_get_session()</function>,
commit 52d7c4dcf157745767931d49c9fa9c73448f746a
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 29 21:44:55 2015 +0200
man: document when the sd_bus_creds_xxx() calls return ENXIO
diff --git a/Makefile-man.am b/Makefile-man.am
index 4344ffb..e297b21 100644
--- a/Makefile-man.am
+++ b/Makefile-man.am
@@ -799,16 +799,25 @@ MANPAGES_ALIAS += \
man/sd_bus_creds_get_cgroup.3 \
man/sd_bus_creds_get_cmdline.3 \
man/sd_bus_creds_get_comm.3 \
- man/sd_bus_creds_get_connection_name.3 \
+ man/sd_bus_creds_get_description.3 \
+ man/sd_bus_creds_get_egid.3 \
+ man/sd_bus_creds_get_euid.3 \
man/sd_bus_creds_get_exe.3 \
+ man/sd_bus_creds_get_fsgid.3 \
+ man/sd_bus_creds_get_fsuid.3 \
man/sd_bus_creds_get_gid.3 \
man/sd_bus_creds_get_mask.3 \
man/sd_bus_creds_get_owner_uid.3 \
+ man/sd_bus_creds_get_ppid.3 \
man/sd_bus_creds_get_selinux_context.3 \
man/sd_bus_creds_get_session.3 \
+ man/sd_bus_creds_get_sgid.3 \
man/sd_bus_creds_get_slice.3 \
+ man/sd_bus_creds_get_suid.3 \
+ man/sd_bus_creds_get_supplementary_gids.3 \
man/sd_bus_creds_get_tid.3 \
man/sd_bus_creds_get_tid_comm.3 \
+ man/sd_bus_creds_get_tty.3 \
man/sd_bus_creds_get_uid.3 \
man/sd_bus_creds_get_unique_name.3 \
man/sd_bus_creds_get_unit.3 \
@@ -870,16 +879,25 @@ man/sd_bus_creds_get_audit_session_id.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_cgroup.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_cmdline.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_comm.3: man/sd_bus_creds_get_pid.3
-man/sd_bus_creds_get_connection_name.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_description.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_egid.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_euid.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_exe.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_fsgid.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_fsuid.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_gid.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_mask.3: man/sd_bus_creds_new_from_pid.3
man/sd_bus_creds_get_owner_uid.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_ppid.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_selinux_context.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_session.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_sgid.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_slice.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_suid.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_supplementary_gids.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_tid.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_tid_comm.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_tty.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_uid.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_unique_name.3: man/sd_bus_creds_get_pid.3
man/sd_bus_creds_get_unit.3: man/sd_bus_creds_get_pid.3
@@ -951,12 +969,24 @@ man/sd_bus_creds_get_cmdline.html: man/sd_bus_creds_get_pid.html
man/sd_bus_creds_get_comm.html: man/sd_bus_creds_get_pid.html
$(html-alias)
-man/sd_bus_creds_get_connection_name.html: man/sd_bus_creds_get_pid.html
+man/sd_bus_creds_get_description.html: man/sd_bus_creds_get_pid.html
+ $(html-alias)
+
+man/sd_bus_creds_get_egid.html: man/sd_bus_creds_get_pid.html
+ $(html-alias)
+
+man/sd_bus_creds_get_euid.html: man/sd_bus_creds_get_pid.html
$(html-alias)
man/sd_bus_creds_get_exe.html: man/sd_bus_creds_get_pid.html
$(html-alias)
+man/sd_bus_creds_get_fsgid.html: man/sd_bus_creds_get_pid.html
+ $(html-alias)
+
+man/sd_bus_creds_get_fsuid.html: man/sd_bus_creds_get_pid.html
+ $(html-alias)
+
man/sd_bus_creds_get_gid.html: man/sd_bus_creds_get_pid.html
$(html-alias)
@@ -966,21 +996,36 @@ man/sd_bus_creds_get_mask.html: man/sd_bus_creds_new_from_pid.html
man/sd_bus_creds_get_owner_uid.html: man/sd_bus_creds_get_pid.html
$(html-alias)
+man/sd_bus_creds_get_ppid.html: man/sd_bus_creds_get_pid.html
+ $(html-alias)
+
man/sd_bus_creds_get_selinux_context.html: man/sd_bus_creds_get_pid.html
$(html-alias)
man/sd_bus_creds_get_session.html: man/sd_bus_creds_get_pid.html
$(html-alias)
+man/sd_bus_creds_get_sgid.html: man/sd_bus_creds_get_pid.html
+ $(html-alias)
+
man/sd_bus_creds_get_slice.html: man/sd_bus_creds_get_pid.html
$(html-alias)
+man/sd_bus_creds_get_suid.html: man/sd_bus_creds_get_pid.html
+ $(html-alias)
+
+man/sd_bus_creds_get_supplementary_gids.html: man/sd_bus_creds_get_pid.html
+ $(html-alias)
+
man/sd_bus_creds_get_tid.html: man/sd_bus_creds_get_pid.html
$(html-alias)
man/sd_bus_creds_get_tid_comm.html: man/sd_bus_creds_get_pid.html
$(html-alias)
+man/sd_bus_creds_get_tty.html: man/sd_bus_creds_get_pid.html
+ $(html-alias)
+
man/sd_bus_creds_get_uid.html: man/sd_bus_creds_get_pid.html
$(html-alias)
diff --git a/man/sd_bus_creds_get_pid.xml b/man/sd_bus_creds_get_pid.xml
index 2d7090b..7d68d1e 100644
--- a/man/sd_bus_creds_get_pid.xml
+++ b/man/sd_bus_creds_get_pid.xml
@@ -44,9 +44,17 @@
<refnamediv>
<refname>sd_bus_creds_get_pid</refname>
+ <refname>sd_bus_creds_get_ppid</refname>
<refname>sd_bus_creds_get_tid</refname>
<refname>sd_bus_creds_get_uid</refname>
+ <refname>sd_bus_creds_get_euid</refname>
+ <refname>sd_bus_creds_get_suid</refname>
+ <refname>sd_bus_creds_get_fsuid</refname>
<refname>sd_bus_creds_get_gid</refname>
+ <refname>sd_bus_creds_get_egid</refname>
+ <refname>sd_bus_creds_get_sgid</refname>
+ <refname>sd_bus_creds_get_fsgid</refname>
+ <refname>sd_bus_creds_get_supplementary_gids</refname>
<refname>sd_bus_creds_get_comm</refname>
<refname>sd_bus_creds_get_tid_comm</refname>
<refname>sd_bus_creds_get_exe</refname>
@@ -64,9 +72,10 @@
<refname>sd_bus_creds_get_selinux_context</refname>
<refname>sd_bus_creds_get_audit_session_id</refname>
<refname>sd_bus_creds_get_audit_login_uid</refname>
+ <refname>sd_bus_creds_get_tty</refname>
<refname>sd_bus_creds_get_unique_name</refname>
<refname>sd_bus_creds_get_well_known_names</refname>
- <refname>sd_bus_creds_get_connection_name</refname>
+ <refname>sd_bus_creds_get_description</refname>
<refpurpose>Retrieve fields from a credentials object</refpurpose>
</refnamediv>
@@ -82,13 +91,37 @@
</funcprototype>
<funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_ppid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>pid_t *<parameter>ppid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
<funcdef>int <function>sd_bus_creds_get_tid</function></funcdef>
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>pid_t *<parameter>tid</parameter></paramdef>
</funcprototype>
<funcprototype>
- <funcdef>int <function>sd_bus_creds_get_pid</function></funcdef>
+ <funcdef>int <function>sd_bus_creds_get_uid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>uid_t *<parameter>uid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_euid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>uid_t *<parameter>uid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_suid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>uid_t *<parameter>uid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_fsuid</function></funcdef>
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>uid_t *<parameter>uid</parameter></paramdef>
</funcprototype>
@@ -100,6 +133,30 @@
</funcprototype>
<funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_egid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>gid_t *<parameter>gid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_sgid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>gid_t *<parameter>gid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_fsgid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>gid_t *<parameter>gid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_supplementary_gids</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>const gid_t **<parameter>gids</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
<funcdef>int <function>sd_bus_creds_get_comm</function></funcdef>
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>comm</parameter></paramdef>
@@ -202,6 +259,12 @@
</funcprototype>
<funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_tty</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>const char **<parameter>tty</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
<funcdef>int <function>sd_bus_creds_get_unique_name</function></funcdef>
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>name</parameter></paramdef>
@@ -214,7 +277,7 @@
</funcprototype>
<funcprototype>
- <funcdef>int <function>sd_bus_creds_get_connection_name</function></funcdef>
+ <funcdef>int <function>sd_bus_creds_get_description</function></funcdef>
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>name</parameter></paramdef>
</funcprototype>
@@ -226,26 +289,43 @@
<title>Description</title>
<para>These functions return information from an
- <parameter>sd_bus_creds</parameter> object. It may be created with
+ <parameter>sd_bus_creds</parameter> credential object. Credential
+ objects may be created with
<citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- in which case it will describe the specified process, or it may be
- created by
+ in which case they describe the credentials of the process
+ identified by the specified PID, with
+ <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+ in which case they describe the credentials of a bus peer
+ identified by the specified bus name, or with
<citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- in which case it will describe the process at the other endpoint
- of a connection.
- </para>
+ in which case they describe the credentials of the creator of a
+ bus.</para>
- <para><function>sd_bus_creds_get_pid()</function> will retrieve the
- PID (process identifier).</para>
+ <para><function>sd_bus_creds_get_pid()</function> will retrieve
+ the PID (process identifier). Similar,
+ <function>sd_bus_creds_get_ppid()</function> will retrieve the
+ parent PID. Note that PID 1 has no parent process, in which case
+ -ENXIO is returned.</para>
<para><function>sd_bus_creds_get_tid()</function> will retrieve the
TID (thread identifier).</para>
- <para><function>sd_bus_creds_get_uid()</function> will retrieve the
- numeric UID (user identifier).</para>
+ <para><function>sd_bus_creds_get_uid()</function> will retrieve
+ the numeric UID (user identifier). Similar,
+ <function>sd_bus_creds_get_euid()</function> returns the effective
+ UID, <function>sd_bus_creds_get_suid()</function> the saved UID
+ and <function>sd_bus_creds_get_fsuid()</function> the file system
+ UID.</para>
<para><function>sd_bus_creds_get_gid()</function> will retrieve the
- numeric GID (group identifier).</para>
+ numeric GID (group identifier). Similar,
+ <function>sd_bus_creds_get_egid()</function> returns the effective
+ GID, <function>sd_bus_creds_get_sgid()</function> the saved GID
+ and <function>sd_bus_creds_get_fsgid()</function> the file system
+ GID.</para>
+
+ <para><function>sd_bus_creds_get_supplementary_gids()</function>
+ will retrieve the supplementary GIDs list.</para>
<para><function>sd_bus_creds_get_comm()</function> will retrieve the
comm field (truncated name of the executable, as stored in
@@ -257,32 +337,36 @@
<filename>/proc/<replaceable>pid</replaceable>/task/<replaceable>tid</replaceable>/comm</filename>).
</para>
- <para><function>sd_bus_creds_get_exe()</function> will retrieve the
- path to the program (as stored in the
+ <para><function>sd_bus_creds_get_exe()</function> will retrieve
+ the path to the program executable (as stored in the
<filename>/proc/<replaceable>pid</replaceable>/exe</filename>
- link, but with <literal> (deleted)</literal> suffix removed).
- </para>
+ link, but with <literal> (deleted)</literal> suffix removed). Note
+ that kernel threads do not have an executable path, in which case
+ -ENXIO is returned.</para>
- <para><function>sd_bus_creds_get_cmdline()</function> will retrieve
- an array of command line arguments (as stored in
- <filename>/proc/<replaceable>pid</replaceable>/cmdline</filename>).
- </para>
+ <para><function>sd_bus_creds_get_cmdline()</function> will
+ retrieve an array of command line arguments (as stored in
+ <filename>/proc/<replaceable>pid</replaceable>/cmdline</filename>). Note
+ that kernel threads do not have a command line, in which case
+ -ENXIO is returned.</para>
<para><function>sd_bus_creds_get_cgroup()</function> will retrieve
the cgroup path. See <ulink
url="https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.
</para>
- <para><function>sd_bus_creds_get_unit()</function> will retrieve the
- systemd unit name (in the system instance of systemd) that the
+ <para><function>sd_bus_creds_get_unit()</function> will retrieve
+ the systemd unit name (in the system instance of systemd) that the
process is part of. See
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For
+ processes that are not part of a unit returns -ENXIO.
</para>
<para><function>sd_bus_creds_get_user_unit()</function> will
retrieve the systemd unit name (in the user instance of systemd)
that the process is part of. See
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For
+ processes that are not part of a user unit returns -ENXIO.
</para>
<para><function>sd_bus_creds_get_slice()</function> will retrieve
@@ -291,17 +375,17 @@
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
- <para><function>sd_bus_creds_get_session()</function> will retrieve
- the logind session that the process is part of. See
- <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ <para><function>sd_bus_creds_get_session()</function> will
+ retrieve the logind session that the process is part of. See
+ <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. For
+ processes that are not part of a session returns -ENXIO.
</para>
- <para><function>sd_bus_creds_get_owner_uid()</function> will retrieve
- the numeric UID (user identifier) of the user who owns the slice
- that the process is part of. See
+ <para><function>sd_bus_creds_get_owner_uid()</function> will
+ retrieve the numeric UID (user identifier) of the user who owns
+ the session that the process is part of. See
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- <!-- and
- <citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> -->.
+ For processes that are not part of a session returns -ENXIO.
</para>
<para><function>sd_bus_creds_has_effective_cap()</function> will
@@ -331,12 +415,18 @@
<para><function>sd_bus_creds_get_selinux_context()</function> will
retrieve the SELinux security context (label) of the process.</para>
- <para><function>sd_bus_creds_get_audit_session_id()</function> will
- retrieve the audit session identifier of the process.</para>
+ <para><function>sd_bus_creds_get_audit_session_id()</function>
+ will retrieve the audit session identifier of the process. Returns
+ -ENXIO for processes that are not part of an audit session.</para>
<para><function>sd_bus_creds_get_audit_login_uid()</function> will
retrieve the audit user login identifier (the identifier of the
- user who is "responsible" for the session).</para>
+ user who is "responsible" for the session). Returns -ENXIO for
+ processes that are not part of an audit session.</para>
+
+ <para><function>sd_bus_creds_get_tty()</function> will retrieve
+ the controlling TTY. Returns -ENXIO for processes that have no
+ controlling TTY.</para>
<para><function>sd_bus_creds_get_unique_name()</function> will
retrieve the D-Bus unique name. See <ulink
@@ -348,11 +438,11 @@
url="http://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-names-bus">The
D-Bus specification</ulink>.</para>
- <para><function>sd_bus_creds_get_connection_name()</function> will
+ <para><function>sd_bus_creds_get_description()</function> will
retrieve a descriptive name of the bus connection of the
peer. This name is useful to discern multiple bus connections by
the same peer, and may be altered by the peer with the
- <citerefentry><refentrytitle>sd_bus_set_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>sd_bus_set_description</refentrytitle><manvolnum>3</manvolnum></citerefentry>
call.</para>
<para>All functions that take a <parameter>const
@@ -386,34 +476,37 @@
<varlistentry>
<term><constant>-ENODATA</constant></term>
- <listitem><para>Given field is not available in
- <parameter>c</parameter>.</para>
+ <listitem><para>Given field is not available in the
+ credentials object <parameter>c</parameter>.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><constant>-ENOENT</constant></term>
+ <term><constant>-ENXIO</constant></term>
- <listitem><para>Given field is not specified for the sender.
- This will be returned by <function>sd_bus_get_unit()</function>,
+ <listitem><para>Given field is not specified for the described
+ process or peer. This will be returned by
+ <function>sd_bus_get_unit()</function>,
<function>sd_bus_get_user_unit()</function>,
<function>sd_bus_get_slice()</function>,
<function>sd_bus_get_session()</function>, and
- <function>sd_bus_get_name_creds_uid()</function> if the sender is not
- part of a systemd system unit, systemd user unit, systemd
- slice, logind session, or a systemd user session.</para>
+ <function>sd_bus_get_owner_uid()</function> if the process is
+ not part of a systemd system unit, systemd user unit, systemd
+ slice, or logind session. It will also be returned by
+ <function>sd_bus_creds_get_exe()</function> and
+ <function>sd_bus_creds_get_cmdline()</function> for kernel
+ threads (since these aren't started from an executable binary
+ or have a command line),
+ <function>sd_bus_creds_get_audit_session_id()</function> and
+ <function>sd_bus_creds_get_audit_login_uid()</function> when
+ the process is not part of an audit session, and
+ <function>sd_bus_creds_get_tty()</function> if the process has
+ no controlling TTY.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term><constant>-ENXIO</constant></term>
-
- <listitem><para>An error occurred in parsing cgroup paths.
- <filename>libsystemd</filename> might be out of sync with
- the running systemd version.</para></listitem>
- </varlistentry>
-
- <varlistentry>
<term><constant>-EINVAL</constant></term>
<listitem><para>Specified pointer parameter is <constant>NULL</constant>.
commit cfeaa44a09756a93a881f786678973d9b1e382db
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Apr 29 21:40:54 2015 +0200
sd-bus: properly handle creds that are known but undefined for a process
A number of fields do not apply to all processes, including: there a
processes without a controlling tty, without parent process, without
service, user services or session. To distuingish these cases from the
case where we simply don't have the data, always return ENXIO for them,
while returning ENODATA for the case where we really lack the
information.
Also update the credentials dumping code to show this properly. Fields
that are known but do not apply are now shown as "n/a".
Note that this also changes some of the calls in process-util.c and
cgroup-util.c to return ENXIO for these cases.
diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
index ca31807..fa4c281 100644
--- a/src/libsystemd/sd-bus/bus-control.c
+++ b/src/libsystemd/sd-bus/bus-control.c
@@ -423,9 +423,24 @@ static int bus_populate_creds_from_items(
c->mask |= SD_BUS_CREDS_TID;
}
- if (mask & SD_BUS_CREDS_PPID && item->pids.ppid > 0) {
- c->ppid = (pid_t) item->pids.ppid;
- c->mask |= SD_BUS_CREDS_PPID;
+ if (mask & SD_BUS_CREDS_PPID) {
+ if (item->pids.ppid > 0) {
+ c->ppid = (pid_t) item->pids.ppid;
+ c->mask |= SD_BUS_CREDS_PPID;
+ } else if (item->pids.pid == 1) {
+ /* The structure doesn't
+ * really distuingish the case
+ * where a process has no
+ * parent and where we don't
+ * know it because it could
+ * not be translated due to
+ * namespaces. However, we
+ * know that PID 1 has no
+ * parent process, hence let's
+ * patch that in, manually. */
+ c->ppid = 0;
+ c->mask |= SD_BUS_CREDS_PPID;
+ }
}
break;
@@ -565,12 +580,12 @@ static int bus_populate_creds_from_items(
break;
case KDBUS_ITEM_AUDIT:
- if (mask & SD_BUS_CREDS_AUDIT_SESSION_ID && (uint32_t) item->audit.sessionid != (uint32_t) -1) {
+ if (mask & SD_BUS_CREDS_AUDIT_SESSION_ID) {
c->audit_session_id = (uint32_t) item->audit.sessionid;
c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
}
- if (mask & SD_BUS_CREDS_AUDIT_LOGIN_UID && (uid_t) item->audit.loginuid != UID_INVALID) {
+ if (mask & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
c->audit_login_uid = (uid_t) item->audit.loginuid;
c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
}
diff --git a/src/libsystemd/sd-bus/bus-creds.c b/src/libsystemd/sd-bus/bus-creds.c
index 8d02885..ed9bf52 100644
--- a/src/libsystemd/sd-bus/bus-creds.c
+++ b/src/libsystemd/sd-bus/bus-creds.c
@@ -302,6 +302,12 @@ _public_ int sd_bus_creds_get_ppid(sd_bus_creds *c, pid_t *ppid) {
if (!(c->mask & SD_BUS_CREDS_PPID))
return -ENODATA;
+ /* PID 1 has no parent process. Let's distuingish the case of
+ * not knowing and not having a parent process by the returned
+ * error code. */
+ if (c->ppid == 0)
+ return -ENXIO;
+
*ppid = c->ppid;
return 0;
}
@@ -360,7 +366,9 @@ _public_ int sd_bus_creds_get_exe(sd_bus_creds *c, const char **ret) {
if (!(c->mask & SD_BUS_CREDS_EXE))
return -ENODATA;
- assert(c->exe);
+ if (!c->exe)
+ return -ENXIO;
+
*ret = c->exe;
return 0;
}
@@ -510,8 +518,8 @@ _public_ int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline) {
if (!(c->mask & SD_BUS_CREDS_CMDLINE))
return -ENODATA;
- assert_return(c->cmdline, -ESRCH);
- assert(c->cmdline);
+ if (!c->cmdline)
+ return -ENXIO;
if (!c->cmdline_array) {
c->cmdline_array = strv_parse_nulstr(c->cmdline, c->cmdline_size);
@@ -530,6 +538,9 @@ _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessio
if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
return -ENODATA;
+ if (c->audit_session_id == AUDIT_SESSION_INVALID)
+ return -ENXIO;
+
*sessionid = c->audit_session_id;
return 0;
}
@@ -541,6 +552,9 @@ _public_ int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *uid) {
if (!(c->mask & SD_BUS_CREDS_AUDIT_LOGIN_UID))
return -ENODATA;
+ if (c->audit_login_uid == UID_INVALID)
+ return -ENXIO;
+
*uid = c->audit_login_uid;
return 0;
}
@@ -552,6 +566,9 @@ _public_ int sd_bus_creds_get_tty(sd_bus_creds *c, const char **ret) {
if (!(c->mask & SD_BUS_CREDS_TTY))
return -ENODATA;
+ if (!c->tty)
+ return -ENXIO;
+
*ret = c->tty;
return 0;
}
@@ -787,8 +804,10 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
if (r < 0)
return r;
- c->mask |= SD_BUS_CREDS_PPID;
- }
+ } else
+ c->ppid = 0;
+
+ c->mask |= SD_BUS_CREDS_PPID;
continue;
}
}
@@ -941,7 +960,17 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
if (missing & SD_BUS_CREDS_EXE) {
r = get_process_exe(pid, &c->exe);
- if (r < 0) {
+ if (r == -ESRCH) {
+ /* Unfortunately we cannot really distuingish
+ * the case here where the process does not
+ * exist, and /proc/$PID/exe being unreadable
+ * because $PID is a kernel thread. Hence,
+ * assume it is a kernel thread, and rely on
+ * that this case is caught with a later
+ * call. */
+ c->exe = NULL;
+ c->mask |= SD_BUS_CREDS_EXE;
+ } else if (r < 0) {
if (r != -EPERM && r != -EACCES)
return r;
} else
@@ -953,17 +982,18 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
p = procfs_file_alloca(pid, "cmdline");
r = read_full_file(p, &c->cmdline, &c->cmdline_size);
+ if (r == -ENOENT)
+ return -ESRCH;
if (r < 0) {
- if (r == -ENOENT)
- return -ESRCH;
if (r != -EPERM && r != -EACCES)
return r;
} else {
if (c->cmdline_size == 0) {
free(c->cmdline);
c->cmdline = NULL;
- } else
- c->mask |= SD_BUS_CREDS_CMDLINE;
+ }
+
+ c->mask |= SD_BUS_CREDS_CMDLINE;
}
}
@@ -974,9 +1004,9 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
return -ENOMEM;
r = read_one_line_file(p, &c->tid_comm);
+ if (r == -ENOENT)
+ return -ESRCH;
if (r < 0) {
- if (r == -ENOENT)
- return -ESRCH;
if (r != -EPERM && r != -EACCES)
return r;
} else
@@ -1005,8 +1035,12 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
if (missing & SD_BUS_CREDS_AUDIT_SESSION_ID) {
r = audit_session_from_pid(pid, &c->audit_session_id);
- if (r < 0) {
- if (r != -EOPNOTSUPP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
+ if (r == -ENXIO) {
+ /* ENXIO means: no audit session id assigned */
+ c->audit_session_id = AUDIT_SESSION_INVALID;
+ c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
+ } else if (r < 0) {
+ if (r != -EOPNOTSUPP && r != -ENOENT && r != -EPERM && r != -EACCES)
return r;
} else
c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
@@ -1014,8 +1048,12 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
if (missing & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
r = audit_loginuid_from_pid(pid, &c->audit_login_uid);
- if (r < 0) {
- if (r != -EOPNOTSUPP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
+ if (r == -ENXIO) {
+ /* ENXIO means: no audit login uid assigned */
+ c->audit_login_uid = UID_INVALID;
+ c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
+ } else if (r < 0) {
+ if (r != -EOPNOTSUPP && r != -ENOENT && r != -EPERM && r != -EACCES)
return r;
} else
c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
@@ -1023,13 +1061,28 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
if (missing & SD_BUS_CREDS_TTY) {
r = get_ctty(pid, NULL, &c->tty);
- if (r < 0) {
+ if (r == -ENXIO) {
+ /* ENXIO means: process has no controlling TTY */
+ c->tty = NULL;
+ c->mask |= SD_BUS_CREDS_TTY;
+ } else if (r < 0) {
if (r != -EPERM && r != -EACCES && r != -ENOENT)
return r;
} else
c->mask |= SD_BUS_CREDS_TTY;
}
+ /* In case only the exe path was to be read we cannot
+ * distuingish the case where the exe path was unreadable
+ * because the process was a kernel thread, or when the
+ * process didn't exist at all. Hence, let's do a final check,
+ * to be sure. */
+ if (!pid_is_alive(pid))
+ return -ESRCH;
+
+ if (tid > 0 && tid != pid && !pid_is_unwaited(tid))
+ return -ESRCH;
+
c->augmented = missing & c->mask;
return 0;
@@ -1112,14 +1165,22 @@ int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret)
}
if (c->mask & mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
- n->supplementary_gids = newdup(gid_t, c->supplementary_gids, c->n_supplementary_gids);
- if (!n->supplementary_gids)
- return -ENOMEM;
- n->n_supplementary_gids = c->n_supplementary_gids;
+ if (c->supplementary_gids) {
+ n->supplementary_gids = newdup(gid_t, c->supplementary_gids, c->n_supplementary_gids);
+ if (!n->supplementary_gids)
+ return -ENOMEM;
+ n->n_supplementary_gids = c->n_supplementary_gids;
+ } else {
+ n->supplementary_gids = NULL;
+ n->n_supplementary_gids = 0;
+ }
+
n->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
}
if (c->mask & mask & SD_BUS_CREDS_COMM) {
+ assert(c->comm);
+
n->comm = strdup(c->comm);
if (!n->comm)
return -ENOMEM;
@@ -1128,6 +1189,8 @@ int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret)
}
if (c->mask & mask & SD_BUS_CREDS_TID_COMM) {
+ assert(c->tid_comm);
+
n->tid_comm = strdup(c->tid_comm);
if (!n->tid_comm)
return -ENOMEM;
@@ -1136,23 +1199,34 @@ int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret)
}
if (c->mask & mask & SD_BUS_CREDS_EXE) {
- n->exe = strdup(c->exe);
- if (!n->exe)
- return -ENOMEM;
+ if (c->exe) {
+ n->exe = strdup(c->exe);
+ if (!n->exe)
+ return -ENOMEM;
+ } else
+ n->exe = NULL;
n->mask |= SD_BUS_CREDS_EXE;
}
if (c->mask & mask & SD_BUS_CREDS_CMDLINE) {
- n->cmdline = memdup(c->cmdline, c->cmdline_size);
- if (!n->cmdline)
- return -ENOMEM;
+ if (c->cmdline) {
+ n->cmdline = memdup(c->cmdline, c->cmdline_size);
+ if (!n->cmdline)
+ return -ENOMEM;
+
+ n->cmdline_size = c->cmdline_size;
+ } else {
+ n->cmdline = NULL;
+ n->cmdline_size = 0;
+ }
- n->cmdline_size = c->cmdline_size;
n->mask |= SD_BUS_CREDS_CMDLINE;
}
if (c->mask & mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_OWNER_UID)) {
+ assert(c->cgroup);
+
n->cgroup = strdup(c->cgroup);
if (!n->cgroup)
return -ENOMEM;
@@ -1165,6 +1239,8 @@ int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret)
}
if (c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS)) {
+ assert(c->capability);
+
n->capability = memdup(c->capability, DIV_ROUND_UP(cap_last_cap(), 32U) * 4 * 4);
if (!n->capability)
return -ENOMEM;
@@ -1173,6 +1249,8 @@ int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret)
}
if (c->mask & mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
+ assert(c->label);
+
n->label = strdup(c->label);
if (!n->label)
return -ENOMEM;
@@ -1199,6 +1277,8 @@ int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret)
}
if (c->mask & mask & SD_BUS_CREDS_UNIQUE_NAME) {
+ assert(c->unique_name);
+
n->unique_name = strdup(c->unique_name);
if (!n->unique_name)
return -ENOMEM;
@@ -1206,15 +1286,20 @@ int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret)
}
if (c->mask & mask & SD_BUS_CREDS_WELL_KNOWN_NAMES) {
- n->well_known_names = strv_copy(c->well_known_names);
- if (!n->well_known_names)
- return -ENOMEM;
+ if (strv_isempty(c->well_known_names))
+ n->well_known_names = NULL;
+ else {
+ n->well_known_names = strv_copy(c->well_known_names);
+ if (!n->well_known_names)
+ return -ENOMEM;
+ }
n->well_known_names_driver = c->well_known_names_driver;
n->well_known_names_local = c->well_known_names_local;
n->mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES;
}
if (c->mask & mask & SD_BUS_CREDS_DESCRIPTION) {
+ assert(c->description);
n->description = strdup(c->description);
if (!n->description)
return -ENOMEM;
diff --git a/src/libsystemd/sd-bus/bus-dump.c b/src/libsystemd/sd-bus/bus-dump.c
index 396bf36..47a5c6b 100644
--- a/src/libsystemd/sd-bus/bus-dump.c
+++ b/src/libsystemd/sd-bus/bus-dump.c
@@ -331,13 +331,11 @@ static void dump_capabilities(
}
int bus_creds_dump(sd_bus_creds *c, FILE *f, bool terse) {
- bool audit_sessionid_is_set = false, audit_loginuid_is_set = false;
- const char *u = NULL, *uu = NULL, *s = NULL, *sl = NULL;
uid_t owner, audit_loginuid;
uint32_t audit_sessionid;
char **cmdline = NULL, **well_known = NULL;
- const char *prefix, *color, *suffix;
- int r;
+ const char *prefix, *color, *suffix, *s;
+ int r, q, v, w;
assert(c);
@@ -362,8 +360,12 @@ int bus_creds_dump(sd_bus_creds *c, FILE *f, bool terse) {
fprintf(f, "%sPID=%s"PID_FMT"%s", prefix, color, c->pid, suffix);
if (c->mask & SD_BUS_CREDS_TID)
fprintf(f, "%sTID=%s"PID_FMT"%s", prefix, color, c->tid, suffix);
- if (c->mask & SD_BUS_CREDS_PPID)
- fprintf(f, "%sPPID=%s"PID_FMT"%s", prefix, color, c->ppid, suffix);
+ if (c->mask & SD_BUS_CREDS_PPID) {
+ if (c->ppid == 0)
+ fprintf(f, "%sPPID=%sn/a%s", prefix, color, suffix);
+ else
+ fprintf(f, "%sPPID=%s"PID_FMT"%s", prefix, color, c->ppid, suffix);
+ }
if (c->mask & SD_BUS_CREDS_TTY)
fprintf(f, "%sTTY=%s%s%s", prefix, color, strna(c->tty), suffix);
@@ -409,12 +411,13 @@ int bus_creds_dump(sd_bus_creds *c, FILE *f, bool terse) {
if (c->mask & SD_BUS_CREDS_TID_COMM)
fprintf(f, "%sTIDComm=%s%s%s", prefix, color, c->tid_comm, suffix);
if (c->mask & SD_BUS_CREDS_EXE)
- fprintf(f, "%sExe=%s%s%s", prefix, color, c->exe, suffix);
+ fprintf(f, "%sExe=%s%s%s", prefix, color, strna(c->exe), suffix);
if (terse && (c->mask & (SD_BUS_CREDS_EXE|SD_BUS_CREDS_COMM|SD_BUS_CREDS_TID_COMM)))
fputs("\n", f);
- if (sd_bus_creds_get_cmdline(c, &cmdline) >= 0) {
+ r = sd_bus_creds_get_cmdline(c, &cmdline);
+ if (r >= 0) {
char **i;
fprintf(f, "%sCommandLine=%s", prefix, color);
@@ -426,7 +429,8 @@ int bus_creds_dump(sd_bus_creds *c, FILE *f, bool terse) {
}
fprintf(f, "%s", suffix);
- }
+ } else if (r != -ENODATA)
+ fprintf(f, "%sCommandLine=%sn/a%s", prefix, color, suffix);
if (c->mask & SD_BUS_CREDS_SELINUX_CONTEXT)
fprintf(f, "%sLabel=%s%s%s", prefix, color, c->label, suffix);
@@ -438,32 +442,38 @@ int bus_creds_dump(sd_bus_creds *c, FILE *f, bool terse) {
if (c->mask & SD_BUS_CREDS_CGROUP)
fprintf(f, "%sCGroup=%s%s%s", prefix, color, c->cgroup, suffix);
- (void) sd_bus_creds_get_unit(c, &u);
- if (u)
- fprintf(f, "%sUnit=%s%s%s", prefix, color, u, suffix);
- (void) sd_bus_creds_get_user_unit(c, &uu);
- if (uu)
- fprintf(f, "%sUserUnit=%s%s%s", prefix, color, uu, suffix);
- (void) sd_bus_creds_get_slice(c, &sl);
- if (sl)
- fprintf(f, "%sSlice=%s%s%s", prefix, color, sl, suffix);
- (void) sd_bus_creds_get_session(c, &s);
- if (s)
- fprintf(f, "%sSession=%s%s%s", prefix, color, s, suffix);
-
- if (terse && ((c->mask & SD_BUS_CREDS_CGROUP) || u || uu || sl || s))
+ s = NULL;
+ r = sd_bus_creds_get_unit(c, &s);
+ if (r != -ENODATA)
+ fprintf(f, "%sUnit=%s%s%s", prefix, color, strna(s), suffix);
+ s = NULL;
+ q = sd_bus_creds_get_user_unit(c, &s);
+ if (q != -ENODATA)
+ fprintf(f, "%sUserUnit=%s%s%s", prefix, color, strna(s), suffix);
+ s = NULL;
+ v = sd_bus_creds_get_slice(c, &s);
+ if (v != -ENODATA)
+ fprintf(f, "%sSlice=%s%s%s", prefix, color, strna(s), suffix);
+ s = NULL;
+ w = sd_bus_creds_get_session(c, &s);
+ if (w != -ENODATA)
+ fprintf(f, "%sSession=%s%s%s", prefix, color, strna(s), suffix);
+
+ if (terse && ((c->mask & SD_BUS_CREDS_CGROUP) || r != -ENODATA || q != -ENODATA || v != -ENODATA || w != -ENODATA))
fputs("\n", f);
- if (sd_bus_creds_get_audit_login_uid(c, &audit_loginuid) >= 0) {
- audit_loginuid_is_set = true;
+ r = sd_bus_creds_get_audit_login_uid(c, &audit_loginuid);
+ if (r >= 0)
fprintf(f, "%sAuditLoginUID=%s"UID_FMT"%s", prefix, color, audit_loginuid, suffix);
- }
- if (sd_bus_creds_get_audit_session_id(c, &audit_sessionid) >= 0) {
- audit_sessionid_is_set = true;
+ else if (r != -ENODATA)
+ fprintf(f, "%sAuditLoginUID=%sn/a%s", prefix, color, suffix);
+ q = sd_bus_creds_get_audit_session_id(c, &audit_sessionid);
+ if (q >= 0)
fprintf(f, "%sAuditSessionID=%s%"PRIu32"%s", prefix, color, audit_sessionid, suffix);
- }
+ else if (q != -ENODATA)
+ fprintf(f, "%sAuditSessionID=%sn/a%s", prefix, color, suffix);
- if (terse && (audit_loginuid_is_set || audit_sessionid_is_set))
+ if (terse && (r != -ENODATA || q != -ENODATA))
fputs("\n", f);
if (c->mask & SD_BUS_CREDS_UNIQUE_NAME)
diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
index a8c04b9..556b5eb 100644
--- a/src/libsystemd/sd-bus/bus-kernel.c
+++ b/src/libsystemd/sd-bus/bus-kernel.c
@@ -598,6 +598,9 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {
if (d->pids.ppid > 0) {
m->creds.ppid = (pid_t) d->pids.ppid;
m->creds.mask |= SD_BUS_CREDS_PPID & bus->creds_mask;
+ } else if (d->pids.pid == 1) {
+ m->creds.ppid = 0;
+ m->creds.mask |= SD_BUS_CREDS_PPID & bus->creds_mask;
}
break;
@@ -686,15 +689,11 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {
break;
case KDBUS_ITEM_AUDIT:
- if ((uint32_t) d->audit.sessionid != (uint32_t) -1) {
- m->creds.audit_session_id = (uint32_t) d->audit.sessionid;
- m->creds.mask |= SD_BUS_CREDS_AUDIT_SESSION_ID & bus->creds_mask;
- }
+ m->creds.audit_session_id = (uint32_t) d->audit.sessionid;
+ m->creds.mask |= SD_BUS_CREDS_AUDIT_SESSION_ID & bus->creds_mask;
- if ((uid_t) d->audit.loginuid != UID_INVALID) {
- m->creds.audit_login_uid = (uid_t) d->audit.loginuid;
- m->creds.mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID & bus->creds_mask;
- }
+ m->creds.audit_login_uid = (uid_t) d->audit.loginuid;
+ m->creds.mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID & bus->creds_mask;
break;
case KDBUS_ITEM_CAPS:
diff --git a/src/shared/audit.c b/src/shared/audit.c
index 84181d3..54148fc 100644
--- a/src/shared/audit.c
+++ b/src/shared/audit.c
@@ -46,7 +46,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id) {
if (r < 0)
return r;
- if (u == (uint32_t) -1 || u <= 0)
+ if (u == AUDIT_SESSION_INVALID || u <= 0)
return -ENXIO;
*id = u;
diff --git a/src/shared/audit.h b/src/shared/audit.h
index 781866a..6de331c 100644
--- a/src/shared/audit.h
+++ b/src/shared/audit.h
@@ -25,6 +25,7 @@
#include <stdbool.h>
#include <sys/types.h>
+#define AUDIT_SESSION_INVALID ((uint32_t) -1)
int audit_session_from_pid(pid_t pid, uint32_t *id);
int audit_loginuid_from_pid(pid_t pid, uid_t *uid);
diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c
index 5b04702..7521b8b 100644
--- a/src/shared/cgroup-util.c
+++ b/src/shared/cgroup-util.c
@@ -1150,7 +1150,7 @@ int cg_path_decode_unit(const char *cgroup, char **unit){
c = cg_unescape(c);
if (!unit_name_is_valid(c, TEMPLATE_INVALID))
- return -EINVAL;
+ return -ENXIO;
s = strdup(c);
if (!s)
@@ -1258,7 +1258,7 @@ int cg_path_get_user_unit(const char *path, char **unit) {
if (!t)
t = skip_user_manager(e);
if (!t)
- return -ENOENT;
+ return -ENXIO;
/* ... and skip more slices if there are any */
e = skip_slices(t);
@@ -1318,17 +1318,17 @@ int cg_path_get_session(const char *path, char **session) {
n = strchrnul(e, '/');
if (e == n)
- return -ENOENT;
+ return -ENXIO;
s = strndupa(e, n - e);
s = cg_unescape(s);
x = startswith(s, "session-");
if (!x)
- return -ENOENT;
+ return -ENXIO;
y = endswith(x, ".scope");
if (!y || x == y)
- return -ENOENT;
+ return -ENXIO;
if (session) {
char *r;
@@ -1369,17 +1369,17 @@ int cg_path_get_owner_uid(const char *path, uid_t *uid) {
start = startswith(slice, "user-");
if (!start)
- return -ENOENT;
+ return -ENXIO;
end = endswith(slice, ".slice");
if (!end)
- return -ENOENT;
+ return -ENXIO;
s = strndupa(start, end - start);
if (!s)
- return -ENOENT;
+ return -ENXIO;
if (parse_uid(s, &u) < 0)
- return -EIO;
+ return -ENXIO;
if (uid)
*uid = u;
@@ -1415,7 +1415,7 @@ int cg_path_get_slice(const char *p, char **slice) {
char *s;
if (!e)
- return -ENOENT;
+ return -ENXIO;
s = strndup(e, m);
if (!s)
diff --git a/src/shared/terminal-util.c b/src/shared/terminal-util.c
index f5b6590..042b88f 100644
--- a/src/shared/terminal-util.c
+++ b/src/shared/terminal-util.c
@@ -1009,7 +1009,7 @@ int get_ctty_devnr(pid_t pid, dev_t *d) {
return -EIO;
if (major(ttynr) == 0 && minor(ttynr) == 0)
- return -ENOENT;
+ return -ENXIO;
if (d)
*d = (dev_t) ttynr;
diff --git a/src/test/test-cgroup-util.c b/src/test/test-cgroup-util.c
index aca4f86..fff9ec2 100644
--- a/src/test/test-cgroup-util.c
+++ b/src/test/test-cgroup-util.c
@@ -40,11 +40,11 @@ static void test_path_decode_unit(void) {
check_p_d_u("getty at tty2.service", 0, "getty at tty2.service");
check_p_d_u("getty at tty2.service/", 0, "getty at tty2.service");
check_p_d_u("getty at tty2.service/xxx", 0, "getty at tty2.service");
- check_p_d_u("getty at .service/", -EINVAL, NULL);
- check_p_d_u("getty at .service", -EINVAL, NULL);
+ check_p_d_u("getty at .service/", -ENXIO, NULL);
+ check_p_d_u("getty at .service", -ENXIO, NULL);
check_p_d_u("getty.service", 0, "getty.service");
- check_p_d_u("getty", -EINVAL, NULL);
- check_p_d_u("getty/waldo", -EINVAL, NULL);
+ check_p_d_u("getty", -ENXIO, NULL);
+ check_p_d_u("getty/waldo", -ENXIO, NULL);
check_p_d_u("_cpu.service", 0, "cpu.service");
}
@@ -64,12 +64,12 @@ static void test_path_get_unit(void) {
check_p_g_u("/system.slice/getty at tty5.service/aaa/bbb", 0, "getty at tty5.service");
check_p_g_u("/system.slice/getty at tty5.service/", 0, "getty at tty5.service");
check_p_g_u("/system.slice/getty at tty6.service/tty5", 0, "getty at tty6.service");
- check_p_g_u("sadfdsafsda", -EINVAL, NULL);
- check_p_g_u("/system.slice/getty####@tty6.service/xxx", -EINVAL, NULL);
+ check_p_g_u("sadfdsafsda", -ENXIO, NULL);
+ check_p_g_u("/system.slice/getty####@tty6.service/xxx", -ENXIO, NULL);
check_p_g_u("/system.slice/system-waldo.slice/foobar.service/sdfdsaf", 0, "foobar.service");
check_p_g_u("/system.slice/system-waldo.slice/_cpu.service/sdfdsaf", 0, "cpu.service");
check_p_g_u("/user.slice/user-1000.slice/user at 1000.service/server.service", 0, "user at 1000.service");
- check_p_g_u("/user.slice/user-1000.slice/user at .service/server.service", -EINVAL, NULL);
+ check_p_g_u("/user.slice/user-1000.slice/user at .service/server.service", -ENXIO, NULL);
}
static void check_p_g_u_u(const char *path, int code, const char *result) {
@@ -87,15 +87,15 @@ static void test_path_get_user_unit(void) {
check_p_g_u_u("/user.slice/user-1000.slice/session-2.scope/waldo.slice/foobar.service", 0, "foobar.service");
check_p_g_u_u("/user.slice/user-1002.slice/session-2.scope/foobar.service/waldo", 0, "foobar.service");
check_p_g_u_u("/user.slice/user-1000.slice/session-2.scope/foobar.service/waldo/uuuux", 0, "foobar.service");
- check_p_g_u_u("/user.slice/user-1000.slice/session-2.scope/waldo/waldo/uuuux", -EINVAL, NULL);
+ check_p_g_u_u("/user.slice/user-1000.slice/session-2.scope/waldo/waldo/uuuux", -ENXIO, NULL);
check_p_g_u_u("/user.slice/user-1000.slice/session-2.scope/foobar at pie.service/pa/po", 0, "foobar at pie.service");
check_p_g_u_u("/session-2.scope/foobar at pie.service/pa/po", 0, "foobar at pie.service");
check_p_g_u_u("/xyz.slice/xyz-waldo.slice/session-77.scope/foobar at pie.service/pa/po", 0, "foobar at pie.service");
- check_p_g_u_u("/meh.service", -ENOENT, NULL);
+ check_p_g_u_u("/meh.service", -ENXIO, NULL);
check_p_g_u_u("/session-3.scope/_cpu.service", 0, "cpu.service");
check_p_g_u_u("/user.slice/user-1000.slice/user at 1000.service/server.service", 0, "server.service");
check_p_g_u_u("/user.slice/user-1000.slice/user at 1000.service/foobar.slice/foobar at pie.service", 0, "foobar at pie.service");
- check_p_g_u_u("/user.slice/user-1000.slice/user at .service/server.service", -ENOENT, NULL);
+ check_p_g_u_u("/user.slice/user-1000.slice/user at .service/server.service", -ENXIO, NULL);
}
static void check_p_g_s(const char *path, int code, const char *result) {
@@ -108,8 +108,8 @@ static void check_p_g_s(const char *path, int code, const char *result) {
static void test_path_get_session(void) {
check_p_g_s("/user.slice/user-1000.slice/session-2.scope/foobar.service", 0, "2");
check_p_g_s("/session-3.scope", 0, "3");
- check_p_g_s("/session-.scope", -ENOENT, NULL);
- check_p_g_s("", -ENOENT, NULL);
+ check_p_g_s("/session-.scope", -ENXIO, NULL);
+ check_p_g_s("", -ENXIO, NULL);
}
static void check_p_g_o_u(const char *path, int code, uid_t result) {
@@ -122,7 +122,7 @@ static void check_p_g_o_u(const char *path, int code, uid_t result) {
static void test_path_get_owner_uid(void) {
check_p_g_o_u("/user.slice/user-1000.slice/session-2.scope/foobar.service", 0, 1000);
check_p_g_o_u("/user.slice/user-1006.slice", 0, 1006);
- check_p_g_o_u("", -ENOENT, 0);
+ check_p_g_o_u("", -ENXIO, 0);
}
static void test_get_paths(void) {
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 1de100c..e4e2efe 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -44,9 +44,8 @@ static void test_get_process_comm(void) {
if (stat("/proc/1/comm", &st) == 0) {
assert_se(get_process_comm(1, &a) >= 0);
log_info("pid1 comm: '%s'", a);
- } else {
+ } else
log_warning("/proc/1/comm does not exist.");
- }
assert_se(get_process_cmdline(1, 0, true, &c) >= 0);
log_info("pid1 cmdline: '%s'", c);
@@ -87,7 +86,7 @@ static void test_get_process_comm(void) {
log_info("self strlen(environ): '%zu'", strlen(env));
if (!detect_container(NULL))
- assert_se(get_ctty_devnr(1, &h) == -ENOENT);
+ assert_se(get_ctty_devnr(1, &h) == -ENXIO);
getenv_for_pid(1, "PATH", &i);
log_info("pid1 $PATH: '%s'", strna(i));
More information about the systemd-commits
mailing list