[systemd-commits] 2 commits - src/libsystemd-bus src/nspawn

Lennart Poettering lennart at kemper.freedesktop.org
Wed Dec 11 15:21:02 PST 2013


 src/libsystemd-bus/bus-creds.c |   96 ++++++++++++++++++++++++++++++-----------
 src/libsystemd-bus/sd-bus.c    |    5 ++
 src/nspawn/nspawn.c            |    4 +
 3 files changed, 80 insertions(+), 25 deletions(-)

New commits:
commit 6a4abbc87721b1323ef2a2b1eab3b4b333a5c006
Author: Lennart Poettering <lennart at poettering.net>
Date:   Thu Dec 12 00:20:11 2013 +0100

    bus: when checking whether a creds object contains some field, don't use assert_return()
    
    These are not programming errors, so they shouldn't use assert_return()

diff --git a/src/libsystemd-bus/bus-creds.c b/src/libsystemd-bus/bus-creds.c
index 9d90c49..d69a316 100644
--- a/src/libsystemd-bus/bus-creds.c
+++ b/src/libsystemd-bus/bus-creds.c
@@ -157,7 +157,9 @@ _public_ int sd_bus_creds_new_from_pid(pid_t pid, uint64_t mask, sd_bus_creds **
 _public_ int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid) {
         assert_return(c, -EINVAL);
         assert_return(uid, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_UID, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_UID))
+                return -ENODATA;
 
         *uid = c->uid;
         return 0;
@@ -166,7 +168,9 @@ _public_ int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid) {
 _public_ int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid) {
         assert_return(c, -EINVAL);
         assert_return(gid, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_UID, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_UID))
+                return -ENODATA;
 
         *gid = c->gid;
         return 0;
@@ -175,7 +179,9 @@ _public_ int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid) {
 _public_ int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid) {
         assert_return(c, -EINVAL);
         assert_return(pid, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_PID, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_PID))
+                return -ENODATA;
 
         assert(c->pid > 0);
         *pid = c->pid;
@@ -185,7 +191,9 @@ _public_ int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid) {
 _public_ int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid) {
         assert_return(c, -EINVAL);
         assert_return(tid, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_TID, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_TID))
+                return -ENODATA;
 
         assert(c->tid > 0);
         *tid = c->tid;
@@ -195,7 +203,9 @@ _public_ int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid) {
 _public_ int sd_bus_creds_get_pid_starttime(sd_bus_creds *c, uint64_t *usec) {
         assert_return(c, -EINVAL);
         assert_return(usec, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_PID_STARTTIME, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_PID_STARTTIME))
+                return -ENODATA;
 
         assert(c->pid_starttime > 0);
         *usec = c->pid_starttime;
@@ -204,7 +214,9 @@ _public_ int sd_bus_creds_get_pid_starttime(sd_bus_creds *c, uint64_t *usec) {
 
 _public_ int sd_bus_creds_get_selinux_context(sd_bus_creds *c, const char **ret) {
         assert_return(c, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_SELINUX_CONTEXT, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_SELINUX_CONTEXT))
+                return -ENODATA;
 
         assert(c->label);
         *ret = c->label;
@@ -214,7 +226,9 @@ _public_ int sd_bus_creds_get_selinux_context(sd_bus_creds *c, const char **ret)
 _public_ int sd_bus_creds_get_comm(sd_bus_creds *c, const char **ret) {
         assert_return(c, -EINVAL);
         assert_return(ret, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_COMM, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_COMM))
+                return -ENODATA;
 
         assert(c->comm);
         *ret = c->comm;
@@ -224,7 +238,9 @@ _public_ int sd_bus_creds_get_comm(sd_bus_creds *c, const char **ret) {
 _public_ int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **ret) {
         assert_return(c, -EINVAL);
         assert_return(ret, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_TID_COMM, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_TID_COMM))
+                return -ENODATA;
 
         assert(c->tid_comm);
         *ret = c->tid_comm;
@@ -234,7 +250,9 @@ _public_ int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **ret) {
 _public_ int sd_bus_creds_get_exe(sd_bus_creds *c, const char **ret) {
         assert_return(c, -EINVAL);
         assert_return(ret, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_EXE, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_EXE))
+                return -ENODATA;
 
         assert(c->exe);
         *ret = c->exe;
@@ -244,7 +262,9 @@ _public_ int sd_bus_creds_get_exe(sd_bus_creds *c, const char **ret) {
 _public_ int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **ret) {
         assert_return(c, -EINVAL);
         assert_return(ret, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_CGROUP, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_CGROUP))
+                return -ENODATA;
 
         assert(c->cgroup);
         *ret = c->cgroup;
@@ -256,7 +276,9 @@ _public_ int sd_bus_creds_get_unit(sd_bus_creds *c, const char **ret) {
 
         assert_return(c, -EINVAL);
         assert_return(ret, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_UNIT, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_UNIT))
+                return -ENODATA;
 
         assert(c->cgroup);
 
@@ -275,7 +297,9 @@ _public_ int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **ret) {
 
         assert_return(c, -EINVAL);
         assert_return(ret, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_USER_UNIT, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_USER_UNIT))
+                return -ENODATA;
 
         assert(c->cgroup);
 
@@ -294,7 +318,9 @@ _public_ int sd_bus_creds_get_slice(sd_bus_creds *c, const char **ret) {
 
         assert_return(c, -EINVAL);
         assert_return(ret, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_SLICE, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_SLICE))
+                return -ENODATA;
 
         assert(c->cgroup);
 
@@ -313,7 +339,9 @@ _public_ int sd_bus_creds_get_session(sd_bus_creds *c, const char **ret) {
 
         assert_return(c, -EINVAL);
         assert_return(ret, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_SESSION, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_SESSION))
+                return -ENODATA;
 
         assert(c->cgroup);
 
@@ -330,7 +358,9 @@ _public_ int sd_bus_creds_get_session(sd_bus_creds *c, const char **ret) {
 _public_ int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid) {
         assert_return(c, -EINVAL);
         assert_return(uid, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_OWNER_UID, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_OWNER_UID))
+                return -ENODATA;
 
         assert(c->cgroup);
 
@@ -340,7 +370,9 @@ _public_ int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid) {
 _public_ int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline) {
         assert_return(c, -EINVAL);
         assert_return(c->cmdline, -ESRCH);
-        assert_return(c->mask & SD_BUS_CREDS_CMDLINE, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_CMDLINE))
+                return -ENODATA;
 
         assert(c->cmdline);
 
@@ -357,7 +389,9 @@ _public_ int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline) {
 _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessionid) {
         assert_return(c, -EINVAL);
         assert_return(sessionid, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
+                return -ENODATA;
 
         *sessionid = c->audit_session_id;
         return 0;
@@ -366,7 +400,9 @@ _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessio
 _public_ int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *uid) {
         assert_return(c, -EINVAL);
         assert_return(uid, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_AUDIT_LOGIN_UID, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_AUDIT_LOGIN_UID))
+                return -ENODATA;
 
         *uid = c->audit_login_uid;
         return 0;
@@ -375,7 +411,9 @@ _public_ int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *uid) {
 _public_ int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **unique_name) {
         assert_return(c, -EINVAL);
         assert_return(unique_name, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_UNIQUE_NAME, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_UNIQUE_NAME))
+                return -ENODATA;
 
         *unique_name = c->unique_name;
         return 0;
@@ -384,7 +422,9 @@ _public_ int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **unique_n
 _public_ int sd_bus_creds_get_well_known_names(sd_bus_creds *c, char ***well_known_names) {
         assert_return(c, -EINVAL);
         assert_return(well_known_names, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_WELL_KNOWN_NAMES, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_WELL_KNOWN_NAMES))
+                return -ENODATA;
 
         *well_known_names = c->well_known_names;
         return 0;
@@ -406,7 +446,9 @@ static int has_cap(sd_bus_creds *c, unsigned offset, int capability) {
 _public_ int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability) {
         assert_return(c, -EINVAL);
         assert_return(capability >= 0, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_EFFECTIVE_CAPS, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_EFFECTIVE_CAPS))
+                return -ENODATA;
 
         return has_cap(c, CAP_OFFSET_EFFECTIVE, capability);
 }
@@ -414,7 +456,9 @@ _public_ int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability) {
 _public_ int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability) {
         assert_return(c, -EINVAL);
         assert_return(capability >= 0, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_PERMITTED_CAPS, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_PERMITTED_CAPS))
+                return -ENODATA;
 
         return has_cap(c, CAP_OFFSET_PERMITTED, capability);
 }
@@ -422,7 +466,9 @@ _public_ int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability) {
 _public_ int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c, int capability) {
         assert_return(c, -EINVAL);
         assert_return(capability >= 0, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_INHERITABLE_CAPS, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_INHERITABLE_CAPS))
+                return -ENODATA;
 
         return has_cap(c, CAP_OFFSET_INHERITABLE, capability);
 }
@@ -430,7 +476,9 @@ _public_ int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c, int capability) {
 _public_ int sd_bus_creds_has_bounding_cap(sd_bus_creds *c, int capability) {
         assert_return(c, -EINVAL);
         assert_return(capability >= 0, -EINVAL);
-        assert_return(c->mask & SD_BUS_CREDS_BOUNDING_CAPS, -ENODATA);
+
+        if (!(c->mask & SD_BUS_CREDS_BOUNDING_CAPS))
+                return -ENODATA;
 
         return has_cap(c, CAP_OFFSET_BOUNDING, capability);
 }

commit 9e5548644f76e893c246d54ae613856b67b8dc1d
Author: Lennart Poettering <lennart at poettering.net>
Date:   Thu Dec 12 00:07:49 2013 +0100

    bus: connect directly via kdbus in sd_bus_open_system_container()
    
    kdbus fortunately exposes the container's busses in the host fs, hence
    we can access it directly instead of doing the namespacing dance.

diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
index f991a09..edd917e 100644
--- a/src/libsystemd-bus/sd-bus.c
+++ b/src/libsystemd-bus/sd-bus.c
@@ -1142,12 +1142,17 @@ _public_ int sd_bus_open_system_container(const char *machine, sd_bus **ret) {
 
         assert_return(machine, -EINVAL);
         assert_return(ret, -EINVAL);
+        assert_return(filename_is_safe(machine), -EINVAL);
 
         e = bus_address_escape(machine);
         if (!e)
                 return -ENOMEM;
 
+#ifdef ENABLE_KDBUS
+        p = strjoin("kernel:path=/dev/kdbus/ns/machine-", e, "/0-system/bus;x-container:machine=", e, NULL);
+#else
         p = strjoin("x-container:machine=", e, NULL);
+#endif
         if (!p)
                 return -ENOMEM;
 
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 583912f..b3ca10e 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1067,6 +1067,7 @@ int main(int argc, char *argv[]) {
         _cleanup_close_pipe_ int kmsg_socket_pair[2] = { -1, -1 };
         _cleanup_fdset_free_ FDSet *fds = NULL;
         _cleanup_free_ char *kdbus_namespace = NULL;
+        const char *ns;
 
         log_parse_environment();
         log_open();
@@ -1167,7 +1168,8 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
-        kdbus_fd = bus_kernel_create_namespace(arg_machine, &kdbus_namespace);
+        ns = strappenda("machine-", arg_machine);
+        kdbus_fd = bus_kernel_create_namespace(ns, &kdbus_namespace);
         if (r < 0)
                 log_debug("Failed to create kdbus namespace: %s", strerror(-r));
         else



More information about the systemd-commits mailing list