[systemd-commits] 5 commits - TODO src/core src/nspawn src/shared
Lennart Poettering
lennart at kemper.freedesktop.org
Wed Nov 21 15:45:31 PST 2012
TODO | 4 -
src/core/automount.c | 124 +++++++++++++++++++++++++----------------------
src/core/manager.c | 10 +++
src/core/manager.h | 2
src/core/service.c | 4 -
src/core/unit.c | 3 -
src/nspawn/nspawn.c | 17 ++++++
src/shared/dbus-common.h | 1
8 files changed, 101 insertions(+), 64 deletions(-)
New commits:
commit e42e801b55740df1e2007336c8e2cb1e538849e1
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Nov 22 00:40:45 2012 +0100
dbus: introduce _cleanup_dbus_error_free_
diff --git a/src/core/automount.c b/src/core/automount.c
index 5b1f544..5bf59df 100644
--- a/src/core/automount.c
+++ b/src/core/automount.c
@@ -40,6 +40,7 @@
#include "label.h"
#include "mkdir.h"
#include "path-util.h"
+#include "dbus-common.h"
static const UnitActiveState state_translation_table[_AUTOMOUNT_STATE_MAX] = {
[AUTOMOUNT_DEAD] = UNIT_INACTIVE,
@@ -585,7 +586,7 @@ fail:
static void automount_enter_runnning(Automount *a) {
int r;
struct stat st;
- DBusError error;
+ _cleanup_dbus_error_free_ DBusError error;
assert(a);
assert(UNIT_DEREF(a->mount));
@@ -620,7 +621,6 @@ static void automount_enter_runnning(Automount *a) {
fail:
automount_enter_dead(a, AUTOMOUNT_FAILURE_RESOURCES);
- dbus_error_free(&error);
}
static int automount_start(Unit *u) {
@@ -791,13 +791,11 @@ static void automount_fd_event(Unit *u, int fd, uint32_t events, Watch *w) {
case autofs_ptype_missing_direct:
if (packet.v5_packet.pid > 0) {
- char *p = NULL;
+ _cleanup_free_ char *p = NULL;
get_process_comm(packet.v5_packet.pid, &p);
log_debug("Got direct mount request on %s, triggered by %lu (%s)",
a->where, (unsigned long) packet.v5_packet.pid, strna(p));
- free(p);
-
} else
log_debug("Got direct mount request on %s", a->where);
diff --git a/src/shared/dbus-common.h b/src/shared/dbus-common.h
index 3b7ae16..a9a4dcc 100644
--- a/src/shared/dbus-common.h
+++ b/src/shared/dbus-common.h
@@ -224,3 +224,4 @@ const char *bus_message_get_sender_with_fallback(DBusMessage *m);
void bus_message_unrefp(DBusMessage **reply);
#define _cleanup_dbus_message_unref_ __attribute__((cleanup(bus_message_unrefp)))
+#define _cleanup_dbus_error_free_ __attribute__((cleanup(dbus_error_free)))
commit 68b29a9fca915c83b9192790ec61189430cd5de6
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Nov 22 00:38:55 2012 +0100
manager: introduce watch_init() initializer for watches
diff --git a/src/core/manager.c b/src/core/manager.c
index f932c79..72ce2f2 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1363,7 +1363,8 @@ static int process_event(Manager *m, struct epoll_event *ev) {
ssize_t k;
/* Some timer event, to be dispatched to the units */
- if ((k = read(w->fd, &v, sizeof(v))) != sizeof(v)) {
+ k = read(w->fd, &v, sizeof(v));
+ if (k != sizeof(v)) {
if (k < 0 && (errno == EINTR || errno == EAGAIN))
break;
@@ -2307,3 +2308,10 @@ bool manager_get_show_status(Manager *m) {
return plymouth_running();
}
+
+void watch_init(Watch *w) {
+ assert(w);
+
+ w->type = WATCH_INVALID;
+ w->fd = -1;
+}
diff --git a/src/core/manager.h b/src/core/manager.h
index 2214502..1644bd6 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -291,3 +291,5 @@ void manager_recheck_journal(Manager *m);
void manager_set_show_status(Manager *m, bool b);
bool manager_get_show_status(Manager *m);
+
+void watch_init(Watch *w);
diff --git a/src/core/service.c b/src/core/service.c
index aad6d66..34d24ff 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -127,9 +127,9 @@ static void service_init(Unit *u) {
s->restart_usec = DEFAULT_RESTART_USEC;
s->type = _SERVICE_TYPE_INVALID;
- s->watchdog_watch.type = WATCH_INVALID;
+ watch_init(&s->watchdog_watch);
+ watch_init(&s->timer_watch);
- s->timer_watch.type = WATCH_INVALID;
#ifdef HAVE_SYSV_COMPAT
s->sysv_start_priority = -1;
s->sysv_start_priority_from_rcnd = -1;
diff --git a/src/core/unit.c b/src/core/unit.c
index 99e1c27..82dd617 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1580,7 +1580,8 @@ int unit_watch_timer(Unit *u, usec_t delay, Watch *w) {
} else if (w->type == WATCH_INVALID) {
ours = true;
- if ((fd = timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK|TFD_CLOEXEC)) < 0)
+ fd = timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK|TFD_CLOEXEC);
+ if (fd < 0)
return -errno;
} else
assert_not_reached("Invalid watch type");
commit 0b2665c33de93d576047bf55ecff9e1435033f54
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Nov 21 03:10:49 2012 +0100
automount: modernizations
diff --git a/src/core/automount.c b/src/core/automount.c
index b1619a6..5b1f544 100644
--- a/src/core/automount.c
+++ b/src/core/automount.c
@@ -132,7 +132,8 @@ int automount_add_one_mount_link(Automount *a, Mount *m) {
if (path_equal(a->where, m->where))
return 0;
- if ((r = unit_add_two_dependencies(UNIT(a), UNIT_AFTER, UNIT_REQUIRES, UNIT(m), true)) < 0)
+ r = unit_add_two_dependencies(UNIT(a), UNIT_AFTER, UNIT_REQUIRES, UNIT(m), true);
+ if (r < 0)
return r;
return 0;
@@ -144,9 +145,11 @@ static int automount_add_mount_links(Automount *a) {
assert(a);
- LIST_FOREACH(units_by_type, other, UNIT(a)->manager->units_by_type[UNIT_MOUNT])
- if ((r = automount_add_one_mount_link(a, MOUNT(other))) < 0)
+ LIST_FOREACH(units_by_type, other, UNIT(a)->manager->units_by_type[UNIT_MOUNT]) {
+ r = automount_add_one_mount_link(a, MOUNT(other));
+ if (r < 0)
return r;
+ }
return 0;
}
@@ -179,7 +182,8 @@ static int automount_verify(Automount *a) {
return -EINVAL;
}
- if (!(e = unit_name_from_path(a->where, ".automount")))
+ e = unit_name_from_path(a->where, ".automount");
+ if (!e)
return -ENOMEM;
b = unit_has_name(UNIT(a), e);
@@ -201,19 +205,23 @@ static int automount_load(Unit *u) {
assert(u->load_state == UNIT_STUB);
/* Load a .automount file */
- if ((r = unit_load_fragment_and_dropin_optional(u)) < 0)
+ r = unit_load_fragment_and_dropin_optional(u);
+ if (r < 0)
return r;
if (u->load_state == UNIT_LOADED) {
Unit *x;
- if (!a->where)
- if (!(a->where = unit_name_to_path(u->id)))
+ if (!a->where) {
+ a->where = unit_name_to_path(u->id);
+ if (!a->where)
return -ENOMEM;
+ }
path_kill_slashes(a->where);
- if ((r = automount_add_mount_links(a)) < 0)
+ r = automount_add_mount_links(a);
+ if (r < 0)
return r;
r = unit_load_related_unit(u, ".mount", &x);
@@ -226,9 +234,11 @@ static int automount_load(Unit *u) {
if (r < 0)
return r;
- if (UNIT(a)->default_dependencies)
- if ((r = automount_add_default_dependencies(a)) < 0)
+ if (UNIT(a)->default_dependencies) {
+ r = automount_add_default_dependencies(a);
+ if (r < 0)
return r;
+ }
}
return automount_verify(a);
@@ -263,7 +273,8 @@ static int automount_coldplug(Unit *u) {
if (a->deserialized_state != a->state) {
- if ((r = open_dev_autofs(u->manager)) < 0)
+ r = open_dev_autofs(u->manager);
+ if (r < 0)
return r;
if (a->deserialized_state == AUTOMOUNT_WAITING ||
@@ -271,7 +282,8 @@ static int automount_coldplug(Unit *u) {
assert(a->pipe_fd >= 0);
- if ((r = unit_watch_fd(UNIT(a), a->pipe_fd, EPOLLIN, &a->pipe_watch)) < 0)
+ r = unit_watch_fd(UNIT(a), a->pipe_fd, EPOLLIN, &a->pipe_watch);
+ if (r < 0)
return r;
}
@@ -316,7 +328,8 @@ static int open_dev_autofs(Manager *m) {
label_fix("/dev/autofs", false, false);
- if ((m->dev_autofs_fd = open("/dev/autofs", O_CLOEXEC|O_RDONLY)) < 0) {
+ m->dev_autofs_fd = open("/dev/autofs", O_CLOEXEC|O_RDONLY);
+ if (m->dev_autofs_fd < 0) {
log_error("Failed to open /dev/autofs: %s", strerror(errno));
return -errno;
}
@@ -336,15 +349,12 @@ static int open_dev_autofs(Manager *m) {
static int open_ioctl_fd(int dev_autofs_fd, const char *where, dev_t devid) {
struct autofs_dev_ioctl *param;
size_t l;
- int r;
assert(dev_autofs_fd >= 0);
assert(where);
l = sizeof(struct autofs_dev_ioctl) + strlen(where) + 1;
-
- if (!(param = malloc(l)))
- return -ENOMEM;
+ param = alloca(l);
init_autofs_dev_ioctl(param);
param->size = l;
@@ -352,22 +362,14 @@ static int open_ioctl_fd(int dev_autofs_fd, const char *where, dev_t devid) {
param->openmount.devid = devid;
strcpy(param->path, where);
- if (ioctl(dev_autofs_fd, AUTOFS_DEV_IOCTL_OPENMOUNT, param) < 0) {
- r = -errno;
- goto finish;
- }
+ if (ioctl(dev_autofs_fd, AUTOFS_DEV_IOCTL_OPENMOUNT, param) < 0)
+ return -errno;
- if (param->ioctlfd < 0) {
- r = -EIO;
- goto finish;
- }
+ if (param->ioctlfd < 0)
+ return -EIO;
fd_cloexec(param->ioctlfd, true);
- r = param->ioctlfd;
-
-finish:
- free(param);
- return r;
+ return param->ioctlfd;
}
static int autofs_protocol(int dev_autofs_fd, int ioctl_fd) {
@@ -444,7 +446,8 @@ int automount_send_ready(Automount *a, int status) {
if (set_isempty(a->tokens))
return 0;
- if ((ioctl_fd = open_ioctl_fd(UNIT(a)->manager->dev_autofs_fd, a->where, a->dev_id)) < 0) {
+ ioctl_fd = open_ioctl_fd(UNIT(a)->manager->dev_autofs_fd, a->where, a->dev_id);
+ if (ioctl_fd < 0) {
r = ioctl_fd;
goto fail;
}
@@ -465,10 +468,11 @@ int automount_send_ready(Automount *a, int status) {
* if you pass a positive status code here, the kernel will
* freeze! Yay! */
- if ((k = autofs_send_ready(UNIT(a)->manager->dev_autofs_fd,
- ioctl_fd,
- token,
- status)) < 0)
+ k = autofs_send_ready(UNIT(a)->manager->dev_autofs_fd,
+ ioctl_fd,
+ token,
+ status);
+ if (k < 0)
r = k;
}
@@ -493,7 +497,8 @@ static void automount_enter_waiting(Automount *a) {
if (a->tokens)
set_clear(a->tokens);
- if ((dev_autofs_fd = open_dev_autofs(UNIT(a)->manager)) < 0) {
+ dev_autofs_fd = open_dev_autofs(UNIT(a)->manager);
+ if (dev_autofs_fd < 0) {
r = dev_autofs_fd;
goto fail;
}
@@ -530,15 +535,18 @@ static void automount_enter_waiting(Automount *a) {
goto fail;
}
- if ((ioctl_fd = open_ioctl_fd(dev_autofs_fd, a->where, st.st_dev)) < 0) {
+ ioctl_fd = open_ioctl_fd(dev_autofs_fd, a->where, st.st_dev);
+ if (ioctl_fd < 0) {
r = ioctl_fd;
goto fail;
}
- if ((r = autofs_protocol(dev_autofs_fd, ioctl_fd)) < 0)
+ r = autofs_protocol(dev_autofs_fd, ioctl_fd);
+ if (r < 0)
goto fail;
- if ((r = autofs_set_timeout(dev_autofs_fd, ioctl_fd, 300)) < 0)
+ r = autofs_set_timeout(dev_autofs_fd, ioctl_fd, 300);
+ if (r < 0)
goto fail;
/* Autofs fun fact:
@@ -550,7 +558,8 @@ static void automount_enter_waiting(Automount *a) {
close_nointr_nofail(ioctl_fd);
ioctl_fd = -1;
- if ((r = unit_watch_fd(UNIT(a), p[0], EPOLLIN, &a->pipe_watch)) < 0)
+ r = unit_watch_fd(UNIT(a), p[0], EPOLLIN, &a->pipe_watch);
+ if (r < 0)
goto fail;
a->pipe_fd = p[0];
@@ -618,7 +627,6 @@ static int automount_start(Unit *u) {
Automount *a = AUTOMOUNT(u);
assert(a);
-
assert(a->state == AUTOMOUNT_DEAD || a->state == AUTOMOUNT_FAILED);
if (path_is_mount_point(a->where, false)) {
@@ -638,7 +646,6 @@ static int automount_stop(Unit *u) {
Automount *a = AUTOMOUNT(u);
assert(a);
-
assert(a->state == AUTOMOUNT_WAITING || a->state == AUTOMOUNT_RUNNING);
automount_enter_dead(a, AUTOMOUNT_SUCCESS);
@@ -664,7 +671,8 @@ static int automount_serialize(Unit *u, FILE *f, FDSet *fds) {
if (a->pipe_fd >= 0) {
int copy;
- if ((copy = fdset_put_dup(fds, a->pipe_fd)) < 0)
+ copy = fdset_put_dup(fds, a->pipe_fd);
+ if (copy < 0)
return copy;
unit_serialize_item_format(u, f, "pipe-fd", "%i", copy);
@@ -683,7 +691,8 @@ static int automount_deserialize_item(Unit *u, const char *key, const char *valu
if (streq(key, "state")) {
AutomountState state;
- if ((state = automount_state_from_string(value)) < 0)
+ state = automount_state_from_string(value);
+ if (state < 0)
log_debug("Failed to parse state value %s", value);
else
a->deserialized_state = state;
@@ -713,7 +722,8 @@ static int automount_deserialize_item(Unit *u, const char *key, const char *valu
if (!(a->tokens = set_new(trivial_hash_func, trivial_compare_func)))
return -ENOMEM;
- if ((r = set_put(a->tokens, UINT_TO_PTR(token))) < 0)
+ r = set_put(a->tokens, UINT_TO_PTR(token));
+ if (r < 0)
return r;
}
} else if (streq(key, "pipe-fd")) {
@@ -770,7 +780,8 @@ static void automount_fd_event(Unit *u, int fd, uint32_t events, Watch *w) {
goto fail;
}
- if ((l = loop_read(a->pipe_fd, &packet, sizeof(packet), true)) != sizeof(packet)) {
+ l = loop_read(a->pipe_fd, &packet, sizeof(packet), true);
+ if (l != sizeof(packet)) {
log_error("Invalid read from pipe: %s", l < 0 ? strerror(-l) : "short read");
goto fail;
}
@@ -790,13 +801,14 @@ static void automount_fd_event(Unit *u, int fd, uint32_t events, Watch *w) {
} else
log_debug("Got direct mount request on %s", a->where);
- if (!a->tokens)
- if (!(a->tokens = set_new(trivial_hash_func, trivial_compare_func))) {
- log_error("Failed to allocate token set.");
- goto fail;
- }
+ r = set_ensure_allocated(&a->tokens, trivial_hash_func, trivial_compare_func);
+ if (r < 0) {
+ log_error("Failed to allocate token set.");
+ goto fail;
+ }
- if ((r = set_put(a->tokens, UINT_TO_PTR(packet.v5_packet.wait_queue_token))) < 0) {
+ r = set_put(a->tokens, UINT_TO_PTR(packet.v5_packet.wait_queue_token));
+ if (r < 0) {
log_error("Failed to remember token: %s", strerror(-r));
goto fail;
}
commit 98ef27df896f36f0407eaa7ed9e295203b9c271b
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Nov 21 03:10:26 2012 +0100
update TODO
diff --git a/TODO b/TODO
index 85b6e9b..cf0d92d 100644
--- a/TODO
+++ b/TODO
@@ -383,7 +383,7 @@ Features:
* Add pretty name for seats in logind
-* ConditionSecurity= should learn about IMA
+* ConditionSecurity= should learn about IMA and SMACK
* Auke: merge Auke's bootchart
commit 3c957acf86b9ec482a527528987b2462a32e0d07
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Nov 21 02:58:55 2012 +0100
nspawn: reset supplementary and main group id before entering nspawn
diff --git a/TODO b/TODO
index 4a49f49..85b6e9b 100644
--- a/TODO
+++ b/TODO
@@ -180,8 +180,6 @@ Features:
* nspawn: implement personality changes a la linux32(8)
-* nspawn: reset all aux groups
-
* cryptsetup-generator: warn if the password files are world-readable
* cryptsetup-generator: add RequiresMountsFor= to cryptseup service files referencing a file, similar for devices
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 244ebb8..59171ab 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1327,6 +1327,23 @@ int main(int argc, char *argv[]) {
log_error("setreuid() failed: %m");
goto child_fail;
}
+ } else {
+ /* Reset everything fully to 0, just in case */
+
+ if (setgroups(0, NULL) < 0) {
+ log_error("setgroups() failed: %m");
+ goto child_fail;
+ }
+
+ if (setresgid(0, 0, 0) < 0) {
+ log_error("setregid() failed: %m");
+ goto child_fail;
+ }
+
+ if (setresuid(0, 0, 0) < 0) {
+ log_error("setreuid() failed: %m");
+ goto child_fail;
+ }
}
if ((asprintf((char**)(envp + 3), "HOME=%s", home ? home: "/root") < 0) ||
More information about the systemd-commits
mailing list