[systemd-commits] 3 commits - src/dbus-socket.c src/kmsg-syslogd.c src/load-fragment-gperf.gperf.m4 src/shutdownd.c src/socket.c src/socket.h units/syslog.socket units/systemd-shutdownd.socket
Michal Schmidt
michich at kemper.freedesktop.org
Wed Nov 30 02:02:28 PST 2011
src/dbus-socket.c | 2 ++
src/kmsg-syslogd.c | 5 +----
src/load-fragment-gperf.gperf.m4 | 1 +
src/shutdownd.c | 6 ------
src/socket.c | 8 ++++++++
src/socket.h | 1 +
units/syslog.socket | 1 +
units/systemd-shutdownd.socket | 1 +
8 files changed, 15 insertions(+), 10 deletions(-)
New commits:
commit 1a2801529e916ec31d2a8cc66cd5c3b8d9ad9caa
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Wed Nov 30 09:37:13 2011 +0100
syslog: use PassCred=yes for the /dev/log socket
Both kmsg-syslogd and the real syslog service want to receive
SCM_CREDENTIALS. With socket activation it is too late to set
SO_PASSCRED in the services.
diff --git a/src/kmsg-syslogd.c b/src/kmsg-syslogd.c
index 0901a0e..7fd69f8 100644
--- a/src/kmsg-syslogd.c
+++ b/src/kmsg-syslogd.c
@@ -91,7 +91,7 @@ static int server_init(Server *s, unsigned n_sockets) {
}
for (i = 0; i < n_sockets; i++) {
- int fd, one = 1;
+ int fd;
fd = SD_LISTEN_FDS_START+i;
@@ -106,9 +106,6 @@ static int server_init(Server *s, unsigned n_sockets) {
goto fail;
}
- if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
- log_error("SO_PASSCRED failed: %m");
-
zero(ev);
ev.events = EPOLLIN;
ev.data.fd = fd;
diff --git a/units/syslog.socket b/units/syslog.socket
index 500bb7c..e74b559 100644
--- a/units/syslog.socket
+++ b/units/syslog.socket
@@ -18,6 +18,7 @@ Wants=syslog.target
[Socket]
ListenDatagram=/dev/log
SocketMode=0666
+PassCred=yes
# The service we activate on incoming traffic is
# systemd-kmsg-syslogd.service. That doesn't mean however, that this
commit 75d3fc60f88e08bf953063819a8a04b881d6db23
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Tue Nov 29 23:14:36 2011 +0100
shutdownd: use PassCred=yes in the socket unit
Since Linux 3.2 in order to receive SCM_CREDENTIALS it is not sufficient
to set SO_PASSCRED just before recvmsg(). The option has to be already
set when the sender sends the message.
With socket activation it is too late to set the option in the service.
It must be set on the socket right from the start.
See the kernel commit:
16e57262 af_unix: dont send SCM_CREDENTIALS by default
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=757628
diff --git a/src/shutdownd.c b/src/shutdownd.c
index 0ffa8b2..46856b0 100644
--- a/src/shutdownd.c
+++ b/src/shutdownd.c
@@ -173,7 +173,6 @@ int main(int argc, char *argv[]) {
};
int r = EXIT_FAILURE, n_fds;
- int one = 1;
struct shutdownd_command c;
struct pollfd pollfd[_FD_MAX];
bool exec_shutdown = false, unlink_nologin = false, failed = false;
@@ -205,11 +204,6 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
- if (setsockopt(SD_LISTEN_FDS_START, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0) {
- log_error("SO_PASSCRED failed: %m");
- return EXIT_FAILURE;
- }
-
zero(c);
zero(pollfd);
diff --git a/units/systemd-shutdownd.socket b/units/systemd-shutdownd.socket
index bc0358a..13b6c7a 100644
--- a/units/systemd-shutdownd.socket
+++ b/units/systemd-shutdownd.socket
@@ -15,3 +15,4 @@ Before=sockets.target
[Socket]
ListenDatagram=/run/systemd/shutdownd
SocketMode=0600
+PassCred=yes
commit d68af58657ce0e99594dff199fbb9b319cf6af96
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Tue Nov 29 22:15:41 2011 +0100
socket: add option for SO_PASSCRED
Add an option to enable SO_PASSCRED for unix sockets.
diff --git a/src/dbus-socket.c b/src/dbus-socket.c
index 2a1a17d..37ab7eb 100644
--- a/src/dbus-socket.c
+++ b/src/dbus-socket.c
@@ -51,6 +51,7 @@
" <property name=\"FreeBind\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"Transparent\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"Broadcast\" type=\"b\" access=\"read\"/>\n" \
+ " <property name=\"PassCred\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"Mark\" type=\"i\" access=\"read\"/>\n" \
" <property name=\"MaxConnections\" type=\"u\" access=\"read\"/>\n" \
" <property name=\"NAccepted\" type=\"u\" access=\"read\"/>\n" \
@@ -113,6 +114,7 @@ DBusHandlerResult bus_socket_message_handler(Unit *u, DBusConnection *c, DBusMes
{ "org.freedesktop.systemd1.Socket", "FreeBind", bus_property_append_bool, "b", &u->socket.free_bind },
{ "org.freedesktop.systemd1.Socket", "Transparent", bus_property_append_bool, "b", &u->socket.transparent },
{ "org.freedesktop.systemd1.Socket", "Broadcast", bus_property_append_bool, "b", &u->socket.broadcast },
+ { "org.freedesktop.systemd1.Socket", "PassCred", bus_property_append_bool, "b", &u->socket.pass_cred },
{ "org.freedesktop.systemd1.Socket", "Mark", bus_property_append_int, "i", &u->socket.mark },
{ "org.freedesktop.systemd1.Socket", "MaxConnections", bus_property_append_unsigned, "u", &u->socket.max_connections },
{ "org.freedesktop.systemd1.Socket", "NConnections", bus_property_append_unsigned, "u", &u->socket.n_connections },
diff --git a/src/load-fragment-gperf.gperf.m4 b/src/load-fragment-gperf.gperf.m4
index 41797d2..84ae28c 100644
--- a/src/load-fragment-gperf.gperf.m4
+++ b/src/load-fragment-gperf.gperf.m4
@@ -177,6 +177,7 @@ Socket.PipeSize, config_parse_size, 0,
Socket.FreeBind, config_parse_bool, 0, offsetof(Socket, free_bind)
Socket.Transparent, config_parse_bool, 0, offsetof(Socket, transparent)
Socket.Broadcast, config_parse_bool, 0, offsetof(Socket, broadcast)
+Socket.PassCred, config_parse_bool, 0, offsetof(Socket, pass_cred)
Socket.TCPCongestion, config_parse_string, 0, offsetof(Socket, tcp_congestion)
Socket.MessageQueueMaxMessages, config_parse_long, 0, offsetof(Socket, mq_maxmsg)
Socket.MessageQueueMessageSize, config_parse_long, 0, offsetof(Socket, mq_msgsize)
diff --git a/src/socket.c b/src/socket.c
index 7ddf326..0864cce 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -406,6 +406,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
"%sFreeBind: %s\n"
"%sTransparent: %s\n"
"%sBroadcast: %s\n"
+ "%sPassCred: %s\n"
"%sTCPCongestion: %s\n",
prefix, socket_state_to_string(s->state),
prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
@@ -416,6 +417,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
prefix, yes_no(s->free_bind),
prefix, yes_no(s->transparent),
prefix, yes_no(s->broadcast),
+ prefix, yes_no(s->pass_cred),
prefix, strna(s->tcp_congestion));
if (s->control_pid > 0)
@@ -657,6 +659,12 @@ static void socket_apply_socket_options(Socket *s, int fd) {
log_warning("SO_BROADCAST failed: %m");
}
+ if (s->pass_cred) {
+ int one = 1;
+ if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
+ log_warning("SO_PASSCRED failed: %m");
+ }
+
if (s->priority >= 0)
if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
log_warning("SO_PRIORITY failed: %m");
diff --git a/src/socket.h b/src/socket.h
index fd13ac4..fbd29da 100644
--- a/src/socket.h
+++ b/src/socket.h
@@ -118,6 +118,7 @@ struct Socket {
bool free_bind;
bool transparent;
bool broadcast;
+ bool pass_cred;
int priority;
int mark;
size_t receive_buffer;
More information about the systemd-commits
mailing list