[systemd-commits] 8 commits - src/core src/libsystemd src/test
Tom Gundersen
tomegun at kemper.freedesktop.org
Sun Dec 28 17:20:51 PST 2014
src/core/loopback-setup.c | 42 ++++++++++++++--------------------
src/libsystemd/sd-rtnl/rtnl-message.c | 18 ++++++++++++--
src/libsystemd/sd-rtnl/sd-rtnl.c | 4 ++-
src/test/test-loopback.c | 4 +++
4 files changed, 40 insertions(+), 28 deletions(-)
New commits:
commit 09773ef4462657bffadc568d08c962041fea9944
Author: Tom Gundersen <teg at jklm.no>
Date: Mon Dec 29 02:18:21 2014 +0100
rtnl: recv_message - don't enforce sender uid
All we care about is that the kernel (pid==0) sent the message. Verifying the sender uid
seems to break when using userns.
Reported by Stéphane Graber.
diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
index 640c0ea..36eb9f5 100644
--- a/src/libsystemd/sd-rtnl/rtnl-message.c
+++ b/src/libsystemd/sd-rtnl/rtnl-message.c
@@ -1363,10 +1363,10 @@ static int socket_recv_message(int fd, struct iovec *iov, uint32_t *_group, bool
struct ucred *ucred = (void *)CMSG_DATA(cmsg);
/* from the kernel */
- if (ucred->uid == 0 && ucred->pid == 0)
+ if (ucred->pid == 0)
auth = true;
else
- log_debug("rtnl: ignoring message from uid %u pid %u", ucred->uid, ucred->pid);
+ log_debug("rtnl: ignoring message from pid %u", ucred->pid);
} else if (cmsg->cmsg_level == SOL_NETLINK &&
cmsg->cmsg_type == NETLINK_PKTINFO &&
cmsg->cmsg_len == CMSG_LEN(sizeof(struct nl_pktinfo))) {
commit 2da780b9763424d3133881ed9f51545cc8b9b575
Author: Tom Gundersen <teg at jklm.no>
Date: Mon Dec 29 01:58:25 2014 +0100
test: loopback - parse logging env var
diff --git a/src/test/test-loopback.c b/src/test/test-loopback.c
index ab330ac..75fe053 100644
--- a/src/test/test-loopback.c
+++ b/src/test/test-loopback.c
@@ -25,11 +25,15 @@
#include <fcntl.h>
#include "loopback-setup.h"
+#include "log.h"
#include "util.h"
int main(int argc, char* argv[]) {
int r;
+ log_open();
+ log_parse_environment();
+
if ((r = loopback_setup()) < 0)
fprintf(stderr, "loopback: %s\n", strerror(-r));
commit b551ddd380c3b8ddacf86efe815654f7eb6b4952
Author: Tom Gundersen <teg at jklm.no>
Date: Mon Dec 29 01:54:04 2014 +0100
sd-rtnl: rtnl_call - don't dispatch wqueue after timeout has passed
Only a minor change as the timeout would be hit soon thereafetr at the next loop.
diff --git a/src/libsystemd/sd-rtnl/sd-rtnl.c b/src/libsystemd/sd-rtnl/sd-rtnl.c
index ae35739..7d388c9 100644
--- a/src/libsystemd/sd-rtnl/sd-rtnl.c
+++ b/src/libsystemd/sd-rtnl/sd-rtnl.c
@@ -701,6 +701,8 @@ int sd_rtnl_call(sd_rtnl *rtnl,
r = rtnl_poll(rtnl, true, left);
if (r < 0)
return r;
+ else if (r == 0)
+ return -ETIMEDOUT;
r = dispatch_wqueue(rtnl);
if (r < 0)
commit f55dc7c96ef6a8db32451a0d5f708090591a9141
Author: Tom Gundersen <teg at jklm.no>
Date: Mon Dec 29 01:50:07 2014 +0100
sd-rtnl: rtnl_poll - fix typo
This caused rtnl_poll to always return true immediately in sd_rtnl_call().
diff --git a/src/libsystemd/sd-rtnl/sd-rtnl.c b/src/libsystemd/sd-rtnl/sd-rtnl.c
index abb011e..ae35739 100644
--- a/src/libsystemd/sd-rtnl/sd-rtnl.c
+++ b/src/libsystemd/sd-rtnl/sd-rtnl.c
@@ -489,7 +489,7 @@ static int rtnl_poll(sd_rtnl *rtnl, bool need_more, uint64_t timeout_usec) {
if (need_more)
/* Caller wants more data, and doesn't care about
* what's been read or any other timeouts. */
- return e |= POLLIN;
+ e |= POLLIN;
else {
usec_t until;
/* Caller wants to process if there is something to
commit c7460cce79fd358f2745bd390bd2e7ded450ee62
Author: Tom Gundersen <teg at jklm.no>
Date: Mon Dec 29 00:24:00 2014 +0100
sd-rtnl: recv_message - drop message when peeking fails
Read the message form the socket or we will loop trying to read the
same message repeatedly.
diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
index 92f3182..640c0ea 100644
--- a/src/libsystemd/sd-rtnl/rtnl-message.c
+++ b/src/libsystemd/sd-rtnl/rtnl-message.c
@@ -1377,9 +1377,17 @@ static int socket_recv_message(int fd, struct iovec *iov, uint32_t *_group, bool
}
}
- if (!auth)
+ if (!auth) {
/* not from the kernel, ignore */
+ if (peek) {
+ /* drop the message */
+ r = recvmsg(fd, &msg, 0);
+ if (r < 0)
+ return (errno == EAGAIN || errno == EINTR) ? 0 : -errno;
+ }
+
return 0;
+ }
if (group)
*_group = group;
commit 0b2bbbdf2f77d685a12862b96e764ac5f1ef8046
Author: Tom Gundersen <teg at jklm.no>
Date: Mon Dec 29 01:49:06 2014 +0100
sd-rtnl: recv_message - don't fail on interrupt
We should just try again instead.
diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
index cfb2af3..92f3182 100644
--- a/src/libsystemd/sd-rtnl/rtnl-message.c
+++ b/src/libsystemd/sd-rtnl/rtnl-message.c
@@ -1348,8 +1348,10 @@ static int socket_recv_message(int fd, struct iovec *iov, uint32_t *_group, bool
/* no data */
if (errno == ENOBUFS)
log_debug("rtnl: kernel receive buffer overrun");
+ else if (errno == EAGAIN)
+ log_debug("rtnl: no data in socket");
- return (errno == EAGAIN) ? 0 : -errno;
+ return (errno == EAGAIN || errno == EINTR) ? 0 : -errno;
} else if (r == 0)
/* connection was closed by the kernel */
return -ECONNRESET;
commit 2263bb9a92f25571f837700cfee4fb79721baf46
Author: Tom Gundersen <teg at jklm.no>
Date: Mon Dec 29 00:19:36 2014 +0100
sd-rtnl: recv_message - log when dropping message
We drop messages received from the wrong uid/pid, log this at debug level.
diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
index 9099440..cfb2af3 100644
--- a/src/libsystemd/sd-rtnl/rtnl-message.c
+++ b/src/libsystemd/sd-rtnl/rtnl-message.c
@@ -1363,6 +1363,8 @@ static int socket_recv_message(int fd, struct iovec *iov, uint32_t *_group, bool
/* from the kernel */
if (ucred->uid == 0 && ucred->pid == 0)
auth = true;
+ else
+ log_debug("rtnl: ignoring message from uid %u pid %u", ucred->uid, ucred->pid);
} else if (cmsg->cmsg_level == SOL_NETLINK &&
cmsg->cmsg_type == NETLINK_PKTINFO &&
cmsg->cmsg_len == CMSG_LEN(sizeof(struct nl_pktinfo))) {
commit e95e909d820429ba34fa6f6f1b0109ac22743b47
Author: Tom Gundersen <teg at jklm.no>
Date: Sun Dec 28 13:38:23 2014 +0100
core: loopback - simplify check_loopback()
We no longer configure the addresses on the loopback interface, but simply bring it up
and let the kernel do the rest. Also change the check to only check if the interface
is up, rather than checking for the IPv4 loopback address.
diff --git a/src/core/loopback-setup.c b/src/core/loopback-setup.c
index ab6335c..0d7d00c 100644
--- a/src/core/loopback-setup.c
+++ b/src/core/loopback-setup.c
@@ -56,30 +56,24 @@ static int start_loopback(sd_rtnl *rtnl) {
return 0;
}
-static int check_loopback(void) {
+static bool check_loopback(sd_rtnl *rtnl) {
+ _cleanup_rtnl_message_unref_ sd_rtnl_message *req = NULL, *reply = NULL;
+ unsigned flags;
int r;
- _cleanup_close_ int fd = -1;
- union {
- struct sockaddr sa;
- struct sockaddr_in in;
- } sa = {
- .in.sin_family = AF_INET,
- .in.sin_addr.s_addr = htonl(INADDR_LOOPBACK),
- };
-
- /* If we failed to set up the loop back device, check whether
- * it might already be set up */
-
- fd = socket(AF_INET, SOCK_DGRAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0);
- if (fd < 0)
- return -errno;
-
- if (bind(fd, &sa.sa, sizeof(sa.in)) >= 0)
- r = 1;
- else
- r = errno == EADDRNOTAVAIL ? 0 : -errno;
-
- return r;
+
+ r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
+ if (r < 0)
+ return r;
+
+ r = sd_rtnl_call(rtnl, req, 0, &reply);
+ if (r < 0)
+ return r;
+
+ r = sd_rtnl_message_link_get_flags(reply, &flags);
+ if (r < 0)
+ return r;
+
+ return flags & IFF_UP;
}
int loopback_setup(void) {
@@ -92,7 +86,7 @@ int loopback_setup(void) {
r = start_loopback(rtnl);
if (r == -EPERM) {
- if (check_loopback() < 0)
+ if (!check_loopback(rtnl))
return log_warning_errno(EPERM, "Failed to configure loopback device: %m");
} else if (r < 0)
return log_warning_errno(r, "Failed to configure loopback device: %m");
More information about the systemd-commits
mailing list