[systemd-commits] 2 commits - TODO src/libsystemd src/notify src/shared src/systemd

Lennart Poettering lennart at kemper.freedesktop.org
Thu Jun 5 08:31:17 PDT 2014


 TODO                                 |    2 
 src/libsystemd/sd-daemon/sd-daemon.c |  213 ++++++++++++++++++-----------------
 src/notify/notify.c                  |   47 +++----
 src/shared/util.c                    |   24 ++-
 src/systemd/sd-daemon.h              |   12 +
 5 files changed, 163 insertions(+), 135 deletions(-)

New commits:
commit 2d2ebaf5152cfc232aec61aad5138adc950f4b5c
Author: Lennart Poettering <lennart at poettering.net>
Date:   Thu Jun 5 17:31:03 2014 +0200

    update TODO

diff --git a/TODO b/TODO
index 0d2690a..caf565f 100644
--- a/TODO
+++ b/TODO
@@ -38,8 +38,6 @@ Features:
 
 * tmpfiles: figure out relation between Z and m?
 
-* systemd-notify: fake ucred of msg to PID of parent, if that works, with fallback to our own if it doesn't.
-
 * machined/machinectl: sort IP addresses we return by scope and protocol
 * machined: write NSS module for looking up IP addresses for machines
 

commit be8f4e9e8eb3b0c34a49c2e80a5c5b7dc6d175f0
Author: Lennart Poettering <lennart at poettering.net>
Date:   Thu Jun 5 17:05:18 2014 +0200

    sd-daemon: introduce sd_pid_notify() and sd_pid_notifyf()
    
    sd_pid_notify() operates like sd_notify(), however operates on a
    different PID (for example the parent PID of a process).
    
    Make use of this in systemd-notify, so that message are sent from the
    PID specified with --pid= rather than the usually shortlived PID of
    systemd-notify itself.
    
    This should increase the likelyhood that PID 1 can identify the cgroup
    that the notification message was sent from properly.

diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c
index b013438..7caa63d 100644
--- a/src/libsystemd/sd-daemon/sd-daemon.c
+++ b/src/libsystemd/sd-daemon/sd-daemon.c
@@ -36,13 +36,14 @@
 #include <mqueue.h>
 
 #include "util.h"
+#include "path-util.h"
 #include "sd-daemon.h"
 
 _public_ int sd_listen_fds(int unset_environment) {
-        int r, fd;
         const char *e;
-        char *p = NULL;
-        unsigned long l;
+        unsigned n;
+        int r, fd;
+        pid_t pid;
 
         e = getenv("LISTEN_PID");
         if (!e) {
@@ -50,21 +51,12 @@ _public_ int sd_listen_fds(int unset_environment) {
                 goto finish;
         }
 
-        errno = 0;
-        l = strtoul(e, &p, 10);
-
-        if (errno > 0) {
-                r = -errno;
+        r = parse_pid(e, &pid);
+        if (r < 0)
                 goto finish;
-        }
-
-        if (!p || p == e || *p || l <= 0) {
-                r = -EINVAL;
-                goto finish;
-        }
 
         /* Is this for us? */
-        if (getpid() != (pid_t) l) {
+        if (getpid() != pid) {
                 r = 0;
                 goto finish;
         }
@@ -75,38 +67,17 @@ _public_ int sd_listen_fds(int unset_environment) {
                 goto finish;
         }
 
-        errno = 0;
-        l = strtoul(e, &p, 10);
-
-        if (errno > 0) {
-                r = -errno;
-                goto finish;
-        }
-
-        if (!p || p == e || *p) {
-                r = -EINVAL;
+        r = safe_atou(e, &n);
+        if (r < 0)
                 goto finish;
-        }
-
-        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) {
-                int flags;
 
-                flags = fcntl(fd, F_GETFD);
-                if (flags < 0) {
-                        r = -errno;
+        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) n; fd ++) {
+                r = fd_cloexec(fd, true);
+                if (r < 0)
                         goto finish;
-                }
-
-                if (flags & FD_CLOEXEC)
-                        continue;
-
-                if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) {
-                        r = -errno;
-                        goto finish;
-                }
         }
 
-        r = (int) l;
+        r = (int) n;
 
 finish:
         if (unset_environment) {
@@ -120,8 +91,7 @@ finish:
 _public_ int sd_is_fifo(int fd, const char *path) {
         struct stat st_fd;
 
-        if (fd < 0)
-                return -EINVAL;
+        assert_return(fd >= 0, -EINVAL);
 
         if (fstat(fd, &st_fd) < 0)
                 return -errno;
@@ -151,8 +121,7 @@ _public_ int sd_is_fifo(int fd, const char *path) {
 _public_ int sd_is_special(int fd, const char *path) {
         struct stat st_fd;
 
-        if (fd < 0)
-                return -EINVAL;
+        assert_return(fd >= 0, -EINVAL);
 
         if (fstat(fd, &st_fd) < 0)
                 return -errno;
@@ -187,8 +156,8 @@ _public_ int sd_is_special(int fd, const char *path) {
 static int sd_is_socket_internal(int fd, int type, int listening) {
         struct stat st_fd;
 
-        if (fd < 0 || type < 0)
-                return -EINVAL;
+        assert_return(fd >= 0, -EINVAL);
+        assert_return(type >= 0, -EINVAL);
 
         if (fstat(fd, &st_fd) < 0)
                 return -errno;
@@ -238,8 +207,8 @@ union sockaddr_union {
 _public_ int sd_is_socket(int fd, int family, int type, int listening) {
         int r;
 
-        if (family < 0)
-                return -EINVAL;
+        assert_return(fd >= 0, -EINVAL);
+        assert_return(family >= 0, -EINVAL);
 
         r = sd_is_socket_internal(fd, type, listening);
         if (r <= 0)
@@ -266,8 +235,8 @@ _public_ int sd_is_socket_inet(int fd, int family, int type, int listening, uint
         socklen_t l = sizeof(sockaddr);
         int r;
 
-        if (family != 0 && family != AF_INET && family != AF_INET6)
-                return -EINVAL;
+        assert_return(fd >= 0, -EINVAL);
+        assert_return(IN_SET(family, 0, AF_INET, AF_INET6), -EINVAL);
 
         r = sd_is_socket_internal(fd, type, listening);
         if (r <= 0)
@@ -283,7 +252,7 @@ _public_ int sd_is_socket_inet(int fd, int family, int type, int listening, uint
             sockaddr.sa.sa_family != AF_INET6)
                 return 0;
 
-        if (family > 0)
+        if (family != 0)
                 if (sockaddr.sa.sa_family != family)
                         return 0;
 
@@ -309,6 +278,8 @@ _public_ int sd_is_socket_unix(int fd, int type, int listening, const char *path
         socklen_t l = sizeof(sockaddr);
         int r;
 
+        assert_return(fd >= 0, -EINVAL);
+
         r = sd_is_socket_internal(fd, type, listening);
         if (r <= 0)
                 return r;
@@ -348,8 +319,7 @@ _public_ int sd_is_socket_unix(int fd, int type, int listening, const char *path
 _public_ int sd_is_mq(int fd, const char *path) {
         struct mq_attr attr;
 
-        if (fd < 0)
-                return -EINVAL;
+        assert_return(fd >= 0, -EINVAL);
 
         if (mq_getattr(fd, &attr) < 0)
                 return -errno;
@@ -358,8 +328,7 @@ _public_ int sd_is_mq(int fd, const char *path) {
                 char fpath[PATH_MAX];
                 struct stat a, b;
 
-                if (path[0] != '/')
-                        return -EINVAL;
+                assert_return(path_is_absolute(path), -EINVAL);
 
                 if (fstat(fd, &a) < 0)
                         return -errno;
@@ -378,12 +347,17 @@ _public_ int sd_is_mq(int fd, const char *path) {
         return 1;
 }
 
-_public_ int sd_notify(int unset_environment, const char *state) {
-        int fd = -1, r;
-        struct msghdr msghdr;
-        struct iovec iovec;
-        union sockaddr_union sockaddr;
+_public_ int sd_pid_notify(pid_t pid, int unset_environment, const char *state) {
+        union sockaddr_union sockaddr = {};
+        _cleanup_close_ int fd = -1;
+        struct msghdr msghdr = {};
+        struct iovec iovec = {};
         const char *e;
+        union {
+                struct cmsghdr cmsghdr;
+                uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
+        } control = {};
+        int r;
 
         if (!state) {
                 r = -EINVAL;
@@ -406,18 +380,15 @@ _public_ int sd_notify(int unset_environment, const char *state) {
                 goto finish;
         }
 
-        memzero(&sockaddr, sizeof(sockaddr));
         sockaddr.sa.sa_family = AF_UNIX;
         strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path));
 
         if (sockaddr.un.sun_path[0] == '@')
                 sockaddr.un.sun_path[0] = 0;
 
-        memzero(&iovec, sizeof(iovec));
         iovec.iov_base = (char*) state;
         iovec.iov_len = strlen(state);
 
-        memzero(&msghdr, sizeof(msghdr));
         msghdr.msg_name = &sockaddr;
         msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e);
 
@@ -427,39 +398,90 @@ _public_ int sd_notify(int unset_environment, const char *state) {
         msghdr.msg_iov = &iovec;
         msghdr.msg_iovlen = 1;
 
-        if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) {
-                r = -errno;
+        if (pid != 0 && pid != getpid()) {
+                struct cmsghdr *cmsg;
+                struct ucred ucred = {};
+
+                msghdr.msg_control = &control;
+                msghdr.msg_controllen = sizeof(control);
+
+                cmsg = CMSG_FIRSTHDR(&msghdr);
+                cmsg->cmsg_level = SOL_SOCKET;
+                cmsg->cmsg_type = SCM_CREDENTIALS;
+                cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
+
+                ucred.pid = pid;
+                ucred.uid = getuid();
+                ucred.gid = getgid();
+
+                memcpy(CMSG_DATA(cmsg), &ucred, sizeof(struct ucred));
+                msghdr.msg_controllen = cmsg->cmsg_len;
+        }
+
+        /* First try with fake ucred data, as requested */
+        if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) >= 0) {
+                r = 1;
                 goto finish;
         }
 
-        r = 1;
+        /* If that failed, try with our own instead */
+        if (msghdr.msg_control) {
+                msghdr.msg_control = NULL;
+                msghdr.msg_controllen = 0;
+
+                if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) >= 0) {
+                        r = 1;
+                        goto finish;
+                }
+        }
+
+        r = -errno;
 
 finish:
         if (unset_environment)
                 unsetenv("NOTIFY_SOCKET");
 
-        if (fd >= 0)
-                close(fd);
-
         return r;
 }
 
+_public_ int sd_notify(int unset_environment, const char *state) {
+        return sd_pid_notify(0, unset_environment, state);
+}
+
+_public_ int sd_pid_notifyf(pid_t pid, int unset_environment, const char *format, ...) {
+        _cleanup_free_ char *p = NULL;
+        int r;
+
+        if (format) {
+                va_list ap;
+
+                va_start(ap, format);
+                r = vasprintf(&p, format, ap);
+                va_end(ap);
+
+                if (r < 0 || !p)
+                        return -ENOMEM;
+        }
+
+        return sd_pid_notify(pid, unset_environment, p);
+}
+
 _public_ int sd_notifyf(int unset_environment, const char *format, ...) {
-        va_list ap;
-        char *p = NULL;
+        _cleanup_free_ char *p = NULL;
         int r;
 
-        va_start(ap, format);
-        r = vasprintf(&p, format, ap);
-        va_end(ap);
+        if (format) {
+                va_list ap;
 
-        if (r < 0 || !p)
-                return -ENOMEM;
+                va_start(ap, format);
+                r = vasprintf(&p, format, ap);
+                va_end(ap);
 
-        r = sd_notify(unset_environment, p);
-        free(p);
+                if (r < 0 || !p)
+                        return -ENOMEM;
+        }
 
-        return r;
+        return sd_pid_notify(0, unset_environment, p);
 }
 
 _public_ int sd_booted(void) {
@@ -476,10 +498,9 @@ _public_ int sd_booted(void) {
 }
 
 _public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) {
-        unsigned long long ll;
-        unsigned long l;
         const char *e;
-        char *p = NULL;
+        uint64_t u;
+        pid_t pid;
         int r;
 
         e = getenv("WATCHDOG_PID");
@@ -488,19 +509,12 @@ _public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) {
                 goto finish;
         }
 
-        errno = 0;
-        l = strtoul(e, &p, 10);
-        if (errno > 0) {
-                r = -errno;
-                goto finish;
-        }
-        if (!p || p == e || *p || l <= 0) {
-                r = -EINVAL;
+        r = parse_pid(e, &pid);
+        if (r < 0)
                 goto finish;
-        }
 
         /* Is this for us? */
-        if (getpid() != (pid_t) l) {
+        if (getpid() != pid) {
                 r = 0;
                 goto finish;
         }
@@ -511,19 +525,16 @@ _public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) {
                 goto finish;
         }
 
-        errno = 0;
-        ll = strtoull(e, &p, 10);
-        if (errno > 0) {
-                r = -errno;
+        r = safe_atou64(e, &u);
+        if (r < 0)
                 goto finish;
-        }
-        if (!p || p == e || *p || ll <= 0) {
+        if (u <= 0) {
                 r = -EINVAL;
                 goto finish;
         }
 
         if (usec)
-                *usec = ll;
+                *usec = u;
 
         r = 1;
 
diff --git a/src/notify/notify.c b/src/notify/notify.c
index 68133c4..0b7f3b1 100644
--- a/src/notify/notify.c
+++ b/src/notify/notify.c
@@ -147,25 +147,25 @@ static int parse_argv(int argc, char *argv[]) {
 }
 
 int main(int argc, char* argv[]) {
-        char* our_env[4], **final_env = NULL;
+        _cleanup_free_ char *status = NULL, *cpid = NULL, *n = NULL;
+        _cleanup_strv_free_ char **final_env = NULL;
+        char* our_env[4];
         unsigned i = 0;
-        char *status = NULL, *cpid = NULL, *n = NULL;
-        int r, retval = EXIT_FAILURE;
+        int r;
 
         log_parse_environment();
         log_open();
 
         r = parse_argv(argc, argv);
-        if (r <= 0) {
-                retval = r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+        if (r <= 0)
                 goto finish;
-        }
 
         if (arg_booted)
                 return sd_booted() <= 0;
 
         if (arg_readahead) {
-                if ((r = sd_readahead(arg_readahead)) < 0) {
+                r = sd_readahead(arg_readahead);
+                if (r < 0) {
                         log_error("Failed to issue read-ahead control command: %s", strerror(-r));
                         goto finish;
                 }
@@ -175,8 +175,9 @@ int main(int argc, char* argv[]) {
                 our_env[i++] = (char*) "READY=1";
 
         if (arg_status) {
-                if (!(status = strappend("STATUS=", arg_status))) {
-                        log_error("Failed to allocate STATUS string.");
+                status = strappend("STATUS=", arg_status);
+                if (!status) {
+                        r = log_oom();
                         goto finish;
                 }
 
@@ -185,7 +186,7 @@ int main(int argc, char* argv[]) {
 
         if (arg_pid > 0) {
                 if (asprintf(&cpid, "MAINPID="PID_FMT, arg_pid) < 0) {
-                        log_error("Failed to allocate MAINPID string.");
+                        r = log_oom();
                         goto finish;
                 }
 
@@ -194,34 +195,32 @@ int main(int argc, char* argv[]) {
 
         our_env[i++] = NULL;
 
-        if (!(final_env = strv_env_merge(2, our_env, argv + optind))) {
-                log_error("Failed to merge string sets.");
+        final_env = strv_env_merge(2, our_env, argv + optind);
+        if (!final_env) {
+                r = log_oom();
                 goto finish;
         }
 
         if (strv_length(final_env) <= 0) {
-                retval = EXIT_SUCCESS;
+                r = 0;
                 goto finish;
         }
 
-        if (!(n = strv_join(final_env, "\n"))) {
-                log_error("Failed to concatenate strings.");
+        n = strv_join(final_env, "\n");
+        if (!n) {
+                r = log_oom();
                 goto finish;
         }
 
-        if ((r = sd_notify(false, n)) < 0) {
+        r = sd_pid_notify(arg_pid, false, n);
+        if (r < 0) {
                 log_error("Failed to notify init system: %s", strerror(-r));
                 goto finish;
         }
 
-        retval = r <= 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+        if (r == 0)
+                r = -ENOTSUP;
 
 finish:
-        free(status);
-        free(cpid);
-        free(n);
-
-        strv_free(final_env);
-
-        return retval;
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 }
diff --git a/src/shared/util.c b/src/shared/util.c
index 4a3e35f..7a4dacd 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -1377,17 +1377,21 @@ bool ignore_file(const char *filename) {
 }
 
 int fd_nonblock(int fd, bool nonblock) {
-        int flags;
+        int flags, nflags;
 
         assert(fd >= 0);
 
-        if ((flags = fcntl(fd, F_GETFL, 0)) < 0)
+        flags = fcntl(fd, F_GETFL, 0);
+        if (flags < 0)
                 return -errno;
 
         if (nonblock)
-                flags |= O_NONBLOCK;
+                nflags = flags | O_NONBLOCK;
         else
-                flags &= ~O_NONBLOCK;
+                nflags = flags & ~O_NONBLOCK;
+
+        if (nflags == flags)
+                return 0;
 
         if (fcntl(fd, F_SETFL, flags) < 0)
                 return -errno;
@@ -1396,17 +1400,21 @@ int fd_nonblock(int fd, bool nonblock) {
 }
 
 int fd_cloexec(int fd, bool cloexec) {
-        int flags;
+        int flags, nflags;
 
         assert(fd >= 0);
 
-        if ((flags = fcntl(fd, F_GETFD, 0)) < 0)
+        flags = fcntl(fd, F_GETFD, 0);
+        if (flags < 0)
                 return -errno;
 
         if (cloexec)
-                flags |= FD_CLOEXEC;
+                nflags = flags | FD_CLOEXEC;
         else
-                flags &= ~FD_CLOEXEC;
+                nflags = flags & ~FD_CLOEXEC;
+
+        if (nflags == flags)
+                return 0;
 
         if (fcntl(fd, F_SETFD, flags) < 0)
                 return -errno;
diff --git a/src/systemd/sd-daemon.h b/src/systemd/sd-daemon.h
index 1d636df..351b4e5 100644
--- a/src/systemd/sd-daemon.h
+++ b/src/systemd/sd-daemon.h
@@ -231,6 +231,18 @@ int sd_notify(int unset_environment, const char *state);
 int sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_(2,3);
 
 /*
+  Similar to sd_notify(), but send the message on behalf of another
+  process, if the appropriate permissions are available.
+*/
+int sd_pid_notify(pid_t pid, int unset_environment, const char *state);
+
+/*
+  Similar to sd_notifyf(), but send the message on behalf of another
+  process, if the appropriate permissions are available.
+*/
+int sd_pid_notifyf(pid_t pid, int unset_environment, const char *format, ...) _sd_printf_(3,4);
+
+/*
   Returns > 0 if the system was booted with systemd. Returns < 0 on
   error. Returns 0 if the system was not booted with systemd. Note
   that all of the functions above handle non-systemd boots just



More information about the systemd-commits mailing list