[systemd-commits] 4 commits - src/resolve src/shared src/systemctl
Zbigniew Jędrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Mon Feb 23 21:18:07 PST 2015
src/resolve/resolved-bus.c | 6 ++-
src/shared/acl-util.c | 79 +++++++++++++++++++++++++++++++++++++++++++--
src/shared/acl-util.h | 4 ++
src/systemctl/systemctl.c | 51 +++++++++++++++--------------
4 files changed, 112 insertions(+), 28 deletions(-)
New commits:
commit 8527b07be1c5211b50a1a6496585952857a25c73
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sat Feb 7 11:35:37 2015 -0500
systemctl: support auditd.service better
We would print the filename header before trying to open the file. But since
the header was printed to stdout, and the error to stderr, the error would appear
on the terminal before the header. It is cleaner to open the file first, then
and only then print the header.
Also exit on first error. We shouldn't report success if we were unable to open
a file.
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 85c5000..4da4113 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -4514,6 +4514,23 @@ static int init_home_and_lookup_paths(char **user_home, char **user_runtime, Loo
return 0;
}
+static int cat_file(const char *filename, bool newline) {
+ _cleanup_close_ int fd;
+
+ fd = open(filename, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+ if (fd < 0)
+ return -errno;
+
+ printf("%s%s# %s%s\n",
+ newline ? "\n" : "",
+ ansi_highlight_blue(),
+ filename,
+ ansi_highlight_off());
+ fflush(stdout);
+
+ return copy_bytes(fd, STDOUT_FILENO, (off_t) -1, false);
+}
+
static int cat(sd_bus *bus, char **args) {
_cleanup_free_ char *user_home = NULL;
_cleanup_free_ char *user_runtime = NULL;
@@ -4559,32 +4576,15 @@ static int cat(sd_bus *bus, char **args) {
puts("");
if (fragment_path) {
- printf("%s# %s%s\n",
- ansi_highlight_blue(),
- fragment_path,
- ansi_highlight_off());
- fflush(stdout);
-
- r = copy_file_fd(fragment_path, STDOUT_FILENO, false);
- if (r < 0) {
- log_warning_errno(r, "Failed to cat %s: %m", fragment_path);
- continue;
- }
+ r = cat_file(fragment_path, false);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to cat %s: %m", fragment_path);
}
STRV_FOREACH(path, dropin_paths) {
- printf("%s%s# %s%s\n",
- isempty(fragment_path) && path == dropin_paths ? "" : "\n",
- ansi_highlight_blue(),
- *path,
- ansi_highlight_off());
- fflush(stdout);
-
- r = copy_file_fd(*path, STDOUT_FILENO, false);
- if (r < 0) {
- log_warning_errno(r, "Failed to cat %s: %m", *path);
- continue;
- }
+ r = cat_file(*path, path == dropin_paths);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to cat %s: %m", *path);
}
}
commit d028e01814a405e83c400c60545785d35dba2a17
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sat Feb 7 11:16:04 2015 -0500
systemctl: check validity of PID we received
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 4e90f68..85c5000 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -2851,6 +2851,9 @@ static int check_inhibitors(sd_bus *bus, enum action a) {
if (!sv)
return log_oom();
+ if ((pid_t) pid < 0)
+ return log_error_errno(ERANGE, "Bad PID %"PRIu32": %m", pid);
+
if (!strv_contains(sv,
a == ACTION_HALT ||
a == ACTION_POWEROFF ||
@@ -2862,7 +2865,7 @@ static int check_inhibitors(sd_bus *bus, enum action a) {
user = uid_to_name(uid);
log_warning("Operation inhibited by \"%s\" (PID "PID_FMT" \"%s\", user %s), reason is \"%s\".",
- who, pid, strna(comm), strna(user), why);
+ who, (pid_t) pid, strna(comm), strna(user), why);
c++;
}
commit 657dbed29af59d519587aedf9f4a6ab921b0668c
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Fri Feb 6 11:30:19 2015 -0500
resolved: use == for comparing unsigned against zero
diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 03c8478..fba2afc 100644
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -183,7 +183,7 @@ static void bus_method_resolve_hostname_complete(DnsQuery *q) {
}
}
- if (added <= 0) {
+ if (added == 0) {
if (!cname) {
r = sd_bus_reply_method_errorf(q->request, BUS_ERROR_NO_SUCH_RR, "'%s' does not have any RR of requested type", q->request_hostname);
goto finish;
@@ -220,6 +220,8 @@ static void bus_method_resolve_hostname_complete(DnsQuery *q) {
added++;
}
+ // what about the cache?
+
/* If we didn't find anything, then let's restart the
* query, this time with the cname */
if (added <= 0) {
@@ -398,7 +400,7 @@ static void bus_method_resolve_address_complete(DnsQuery *q) {
}
}
- if (added <= 0) {
+ if (added == 0) {
_cleanup_free_ char *ip = NULL;
in_addr_to_string(q->request_family, &q->request_address, &ip);
commit 1c73f3bc29111a00738569c9d40a989b161a0624
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Mon Feb 23 23:19:54 2015 -0500
tmpfiles: avoid creating duplicate acl entries
https://bugs.freedesktop.org/show_bug.cgi?id=89202
https://bugs.debian.org/778656
Status quo ante can be restored with:
getfacl -p /var/log/journal/`cat /etc/machine-id`|grep -v '^#'|sort -u|sudo setfacl --set-file=- /var/log/journal/`cat /etc/machine-id`
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
index 34707e6..36dc824 100644
--- a/src/shared/acl-util.c
+++ b/src/shared/acl-util.c
@@ -281,6 +281,77 @@ int parse_acl(char *text, acl_t *acl_access, acl_t *acl_default, bool want_mask)
return 0;
}
+static int acl_entry_equal(acl_entry_t a, acl_entry_t b) {
+ acl_tag_t tag_a, tag_b;
+
+ if (acl_get_tag_type(a, &tag_a) < 0)
+ return -errno;
+
+ if (acl_get_tag_type(b, &tag_b) < 0)
+ return -errno;
+
+ if (tag_a != tag_b)
+ return false;
+
+ switch (tag_a) {
+ case ACL_USER_OBJ:
+ case ACL_GROUP_OBJ:
+ case ACL_MASK:
+ case ACL_OTHER:
+ /* can have only one of those */
+ return true;
+ case ACL_USER: {
+ _cleanup_(acl_free_uid_tpp) uid_t *uid_a, *uid_b;
+
+ uid_a = acl_get_qualifier(a);
+ if (!uid_a)
+ return -errno;
+
+ uid_b = acl_get_qualifier(b);
+ if (!uid_b)
+ return -errno;
+
+ return *uid_a == *uid_b;
+ }
+ case ACL_GROUP: {
+ _cleanup_(acl_free_gid_tpp) gid_t *gid_a, *gid_b;
+
+ gid_a = acl_get_qualifier(a);
+ if (!gid_a)
+ return -errno;
+
+ gid_b = acl_get_qualifier(b);
+ if (!gid_b)
+ return -errno;
+
+ return *gid_a == *gid_b;
+ }
+ default:
+ assert_not_reached("Unknown acl tag type");
+ }
+}
+
+static int find_acl_entry(acl_t acl, acl_entry_t entry, acl_entry_t *out) {
+ acl_entry_t i;
+ int r;
+
+ for (r = acl_get_entry(acl, ACL_FIRST_ENTRY, &i);
+ r > 0;
+ r = acl_get_entry(acl, ACL_NEXT_ENTRY, &i)) {
+
+ r = acl_entry_equal(i, entry);
+ if (r < 0)
+ return r;
+ if (r > 0) {
+ *out = i;
+ return 1;
+ }
+ }
+ if (r < 0)
+ return -errno;
+ return 0;
+}
+
int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl) {
_cleanup_(acl_freep) acl_t old;
acl_entry_t i;
@@ -296,8 +367,12 @@ int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl) {
acl_entry_t j;
- if (acl_create_entry(&old, &j) < 0)
- return -errno;
+ r = find_acl_entry(old, i, &j);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ if (acl_create_entry(&old, &j) < 0)
+ return -errno;
if (acl_copy_entry(j, i) < 0)
return -errno;
diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h
index 90e88ff..fdb9006 100644
--- a/src/shared/acl-util.h
+++ b/src/shared/acl-util.h
@@ -41,5 +41,9 @@ int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl);
DEFINE_TRIVIAL_CLEANUP_FUNC(acl_t, acl_free);
#define acl_free_charp acl_free
DEFINE_TRIVIAL_CLEANUP_FUNC(char*, acl_free_charp);
+#define acl_free_uid_tp acl_free
+DEFINE_TRIVIAL_CLEANUP_FUNC(uid_t*, acl_free_uid_tp);
+#define acl_free_gid_tp acl_free
+DEFINE_TRIVIAL_CLEANUP_FUNC(gid_t*, acl_free_gid_tp);
#endif
More information about the systemd-commits
mailing list