[systemd-commits] 3 commits - src/core src/nspawn src/shared
Lennart Poettering
lennart at kemper.freedesktop.org
Tue Aug 26 12:16:41 PDT 2014
src/core/execute.c | 6 ++----
src/core/main.c | 7 ++-----
src/nspawn/nspawn.c | 4 +---
src/shared/util.c | 30 +++++++++++++++++++++++-------
src/shared/util.h | 1 +
5 files changed, 29 insertions(+), 19 deletions(-)
New commits:
commit 1b6d7fa742e303611dff8d7ebfa86ee5fb8b7dc7
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Aug 26 21:11:35 2014 +0200
util: make use of newly added reset_signal_mask() call wherever appropriate
diff --git a/src/core/execute.c b/src/core/execute.c
index b5b2247..066efd6 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1301,7 +1301,6 @@ int exec_spawn(ExecCommand *command,
int dont_close[n_fds + 3];
uid_t uid = (uid_t) -1;
gid_t gid = (gid_t) -1;
- sigset_t ss;
int i, err;
/* child */
@@ -1319,9 +1318,8 @@ int exec_spawn(ExecCommand *command,
if (context->ignore_sigpipe)
ignore_signals(SIGPIPE, -1);
- assert_se(sigemptyset(&ss) == 0);
- if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
- err = -errno;
+ err = reset_signal_mask();
+ if (err < 0) {
r = EXIT_SIGNAL_MASK;
goto fail_child;
}
diff --git a/src/core/main.c b/src/core/main.c
index bd148b1..95ab40f 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1834,7 +1834,6 @@ finish:
if (reexecute) {
const char **args;
unsigned i, args_size;
- sigset_t ss;
/* Close and disarm the watchdog, so that the new
* instance can reinitialize it, but doesn't get
@@ -1918,12 +1917,10 @@ finish:
args[i++] = NULL;
assert(i <= args_size);
- /* reenable any blocked signals, especially important
+ /* Reenable any blocked signals, especially important
* if we switch from initial ramdisk to init=... */
reset_all_signal_handlers();
-
- assert_se(sigemptyset(&ss) == 0);
- assert_se(sigprocmask(SIG_SETMASK, &ss, NULL) == 0);
+ reset_signal_mask();
if (switch_root_init) {
args[0] = switch_root_init;
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 2c71855..56d9cc6 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3156,9 +3156,7 @@ int main(int argc, char *argv[]) {
kmsg_socket_pair[0] = safe_close(kmsg_socket_pair[0]);
reset_all_signal_handlers();
-
- assert_se(sigemptyset(&mask) == 0);
- assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
+ reset_signal_mask();
k = open_terminal(console, O_RDWR);
if (k != STDIN_FILENO) {
diff --git a/src/shared/util.c b/src/shared/util.c
index 98c0716..fdcf571 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -3890,16 +3890,13 @@ void execute_directory(const char *directory, DIR *d, usec_t timeout, char *argv
_cleanup_hashmap_free_free_ Hashmap *pids = NULL;
_cleanup_closedir_ DIR *_d = NULL;
struct dirent *de;
- sigset_t ss;
/* We fork this all off from a child process so that
* we can somewhat cleanly make use of SIGALRM to set
* a time limit */
reset_all_signal_handlers();
-
- assert_se(sigemptyset(&ss) == 0);
- assert_se(sigprocmask(SIG_SETMASK, &ss, NULL) == 0);
+ reset_signal_mask();
assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
commit 1dedb74a2e1d840b531b76b01a76979f3b57456b
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Aug 26 21:04:21 2014 +0200
util: reset signals when we fork off agents
If we invoke agents, we should make sure we actually can kill them
again. I mean, it's probably not our job to cleanup the signals if our
tools are invoked in weird contexts, but at least we should make sure,
that the subprocesses we invoke and intend to control work as intended.
Also see:
http://lists.freedesktop.org/archives/systemd-devel/2014-August/022460.html
diff --git a/src/shared/util.c b/src/shared/util.c
index 4af2d3c..98c0716 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -959,6 +959,18 @@ int reset_all_signal_handlers(void) {
return r;
}
+int reset_signal_mask(void) {
+ sigset_t ss;
+
+ if (sigemptyset(&ss) < 0)
+ return -errno;
+
+ if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0)
+ return -errno;
+
+ return 0;
+}
+
char *strstrip(char *s) {
char *e;
@@ -5131,6 +5143,12 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa
/* Don't leak fds to the agent */
close_all_fds(except, n_except);
+ /* Make sure we actually can kill the agent, if we need to, in
+ * case somebody invoked us from a shell script that trapped
+ * SIGTERM or so... */
+ reset_all_signal_handlers();
+ reset_signal_mask();
+
stdout_is_tty = isatty(STDOUT_FILENO);
stderr_is_tty = isatty(STDERR_FILENO);
diff --git a/src/shared/util.h b/src/shared/util.h
index cd947db..ea87c96 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -274,6 +274,7 @@ int readlink_and_make_absolute(const char *p, char **r);
int readlink_and_canonicalize(const char *p, char **r);
int reset_all_signal_handlers(void);
+int reset_signal_mask(void);
char *strstrip(char *s);
char *delete_chars(char *s, const char *bad);
commit 24a5d6b04e17d447cf122f02a8a2dedd843cce45
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Aug 26 21:03:20 2014 +0200
util: make sure reset_all_signal_handlers() continues with all other signal handlers when one sigaction() fails
After all, we usually don't check for failures here, and it is better to
do as much as we can...
diff --git a/src/shared/util.c b/src/shared/util.c
index fc6f668..4af2d3c 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -937,7 +937,7 @@ int readlink_and_canonicalize(const char *p, char **r) {
}
int reset_all_signal_handlers(void) {
- int sig;
+ int sig, r = 0;
for (sig = 1; sig < _NSIG; sig++) {
struct sigaction sa = {
@@ -945,17 +945,18 @@ int reset_all_signal_handlers(void) {
.sa_flags = SA_RESTART,
};
+ /* These two cannot be caught... */
if (sig == SIGKILL || sig == SIGSTOP)
continue;
/* On Linux the first two RT signals are reserved by
* glibc, and sigaction() will return EINVAL for them. */
if ((sigaction(sig, &sa, NULL) < 0))
- if (errno != EINVAL)
- return -errno;
+ if (errno != EINVAL && r == 0)
+ r = -errno;
}
- return 0;
+ return r;
}
char *strstrip(char *s) {
More information about the systemd-commits
mailing list