[systemd-devel] [systemd-commits] 4 commits - src/core src/libsystemd src/systemctl src/udev
Ronny Chevalier
chevalier.ronny at gmail.com
Wed Apr 15 01:47:39 PDT 2015
On Wed, Apr 15, 2015 at 3:51 AM, Zbigniew Jędrzejewski-Szmek
<zbyszek at kemper.freedesktop.org> wrote:
> src/core/selinux-access.c | 31 ++++++++++++++++++++-----
> src/libsystemd/sd-device/device-private.h | 2 -
> src/systemctl/systemctl.c | 11 +++++----
> src/udev/udev-builtin-usb_id.c | 36 +++++++++++-------------------
> 4 files changed, 45 insertions(+), 35 deletions(-)
>
> New commits:
> commit 17af49f24812a6dd1b3f0732e33ea5dae9e32b29
> Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> Date: Mon Feb 23 20:06:00 2015 -0500
>
> selinux: use different log priorites for log messages
>
> When selinux calls our callback with a log message, it specifies the
> type as AVC or INFO/WARNING/ERROR. The question is how to map this to
> audit types and/or log priorities. SELINUX_AVC maps to AUDIT_USER_AVC
> reasonably, but for the other messages we have no idea, hence we use
> AUDIT_USER_AVC for everything. When not using audit logging, we can
> map those selinux levels to LOG_INFO/WARNING/ERROR etc.
>
> Also update comment which was not valid anymore in light of journald
> sucking in audit logs, and was actually wrong from the beginning —
> libselinux uses the callback for everything, not just avcs.
>
> This stemmed out of https://bugzilla.redhat.com/show_bug.cgi?id=1195330,
> but does not solve it.
>
> diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
> index a8c9a4b..7058b78 100644
> --- a/src/core/selinux-access.c
> +++ b/src/core/selinux-access.c
> @@ -80,17 +80,33 @@ static int audit_callback(
> return 0;
> }
>
> +static int callback_type_to_priority(int type) {
> + switch(type) {
> + case SELINUX_ERROR: return LOG_ERR;
> + case SELINUX_WARNING: return LOG_WARNING;
> + case SELINUX_INFO: return LOG_INFO;
> + case SELINUX_AVC:
> + default: return LOG_NOTICE;
> + }
> +}
> +
> /*
> - Any time an access gets denied this callback will be called
> - code copied from dbus. If audit is turned on the messages will go as
> - user_avc's into the /var/log/audit/audit.log, otherwise they will be
> - sent to syslog.
> + libselinux uses this callback when access gets denied or other
> + events happen. If audit is turned on, messages will be reported
> + using audit netlink, otherwise they will be logged using the usual
> + channels.
> +
> + Code copied from dbus and modified.
> */
> _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
> va_list ap;
>
> #ifdef HAVE_AUDIT
> - if (get_audit_fd() >= 0) {
> + int fd;
> +
> + fd = get_audit_fd();
> +
> + if (fd >= 0) {
> _cleanup_free_ char *buf = NULL;
> int r;
>
> @@ -99,14 +115,15 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
> va_end(ap);
>
> if (r >= 0) {
> - audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
> + audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
> return 0;
> }
> }
> #endif
>
> va_start(ap, fmt);
> - log_internalv(LOG_AUTH | LOG_INFO, 0, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
> + log_internalv(LOG_AUTH | callback_type_to_priority(type),
> + 0, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
> va_end(ap);
>
> return 0;
>
> commit 40acc203c043fd419f3c045dc6f116c3a28411d8
> Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> Date: Tue Apr 14 20:47:20 2015 -0500
>
> systemctl: avoid bumping NOFILE rlimit unless needed
>
> We actually only use the journal when showing status. Move setrlimit call
> so it is only called for status.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1184712
>
> diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
> index 75d709d..4e702fb 100644
> --- a/src/systemctl/systemctl.c
> +++ b/src/systemctl/systemctl.c
> @@ -4466,6 +4466,12 @@ static int show(sd_bus *bus, char **args) {
> if (show_properties)
> pager_open_if_enabled();
>
> + if (show_status)
> + /* Increase max number of open files to 16K if we can, we
> + * might needs this when browsing journal files, which might
> + * be split up into many files. */
> + setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
> +
> /* If no argument is specified inspect the manager itself */
>
> if (show_properties && strv_length(args) <= 1)
> @@ -7164,11 +7170,6 @@ found:
> }
> }
>
> - /* Increase max number of open files to 16K if we can, we
> - * might needs this when browsing journal files, which might
> - * be split up into many files. */
> - setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
> -
> return verb->dispatch(bus, argv + optind);
> }
>
>
> commit 813a71a206f9f8dc7f824299e94404f8bfdafd91
> Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> Date: Tue Apr 14 12:39:40 2015 -0400
>
> sd-device: fix typo
>
> diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h
> index 7c6219c..f252481 100644
> --- a/src/libsystemd/sd-device/device-private.h
> +++ b/src/libsystemd/sd-device/device-private.h
> @@ -37,7 +37,7 @@ void device_set_is_initialized(sd_device *device);
> void device_set_watch_handle(sd_device *device, int fd);
> void device_set_db_persist(sd_device *device);
> void device_set_devlink_priority(sd_device *device, int priority);
> -int device_ensure_usec_initialized(sd_device *devcie, sd_device *device_old);
> +int device_ensure_usec_initialized(sd_device *device, sd_device *device_old);
> int device_add_devlink(sd_device *device, const char *devlink);
> int device_add_property(sd_device *device, const char *property, const char *value);
> int device_add_tag(sd_device *device, const char *tag);
>
> commit 4beac74e69f87c2c8d13c10326a075b9b9ece501
> Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> Date: Mon Apr 6 15:42:18 2015 -0400
>
> udev-builtin-usb_id: simplification
>
> diff --git a/src/udev/udev-builtin-usb_id.c b/src/udev/udev-builtin-usb_id.c
> index 25ae032..9418a6b 100644
> --- a/src/udev/udev-builtin-usb_id.c
> +++ b/src/udev/udev-builtin-usb_id.c
> @@ -229,17 +229,17 @@ static int dev_if_packed_info(struct udev_device *dev, char *ifs_str, size_t len
> * is concatenated with the identification with an underscore '_'.
> */
> static int builtin_usb_id(struct udev_device *dev, int argc, char *argv[], bool test) {
> - char vendor_str[64];
> + char vendor_str[64] = "";
> char vendor_str_enc[256];
> const char *vendor_id;
> - char model_str[64];
> + char model_str[64] = "";
> char model_str_enc[256];
> const char *product_id;
> - char serial_str[UTIL_NAME_SIZE];
> - char packed_if_str[UTIL_NAME_SIZE];
> - char revision_str[64];
> - char type_str[64];
> - char instance_str[64];
> + char serial_str[UTIL_NAME_SIZE] = "";
> + char packed_if_str[UTIL_NAME_SIZE] = "";
> + char revision_str[64] = "";
> + char type_str[64] = "";
> + char instance_str[64] = "";
> const char *ifnum = NULL;
> const char *driver = NULL;
> char serial[256];
> @@ -252,14 +252,6 @@ static int builtin_usb_id(struct udev_device *dev, int argc, char *argv[], bool
> size_t l;
> char *s;
>
> - vendor_str[0] = '\0';
> - model_str[0] = '\0';
> - serial_str[0] = '\0';
> - packed_if_str[0] = '\0';
> - revision_str[0] = '\0';
> - type_str[0] = '\0';
> - instance_str[0] = '\0';
> -
> /* shortcut, if we are called directly for a "usb_device" type */
> if (udev_device_get_devtype(dev) != NULL && streq(udev_device_get_devtype(dev), "usb_device")) {
> dev_if_packed_info(dev, packed_if_str, sizeof(packed_if_str));
> @@ -310,7 +302,7 @@ static int builtin_usb_id(struct udev_device *dev, int argc, char *argv[], bool
> dev_if_packed_info(dev_usb, packed_if_str, sizeof(packed_if_str));
>
> /* mass storage : SCSI or ATAPI */
> - if ((protocol == 6 || protocol == 2)) {
> + if (protocol == 6 || protocol == 2) {
> struct udev_device *dev_scsi;
> const char *scsi_model, *scsi_vendor, *scsi_type, *scsi_rev;
> int host, bus, target, lun;
> @@ -438,10 +430,10 @@ fallback:
>
> s = serial;
> l = strpcpyl(&s, sizeof(serial), vendor_str, "_", model_str, NULL);
> - if (serial_str[0] != '\0')
> + if (isempty(serial_str))
You changed the condition, it is:
if (!isempty(serial_str))
And the same for the others below.
> l = strpcpyl(&s, l, "_", serial_str, NULL);
>
> - if (instance_str[0] != '\0')
> + if (isempty(instance_str))
> strpcpyl(&s, l, "-", instance_str, NULL);
>
> udev_builtin_add_property(dev, test, "ID_VENDOR", vendor_str);
> @@ -452,14 +444,14 @@ fallback:
> udev_builtin_add_property(dev, test, "ID_MODEL_ID", product_id);
> udev_builtin_add_property(dev, test, "ID_REVISION", revision_str);
> udev_builtin_add_property(dev, test, "ID_SERIAL", serial);
> - if (serial_str[0] != '\0')
> + if (isempty(serial_str))
> udev_builtin_add_property(dev, test, "ID_SERIAL_SHORT", serial_str);
> - if (type_str[0] != '\0')
> + if (isempty(type_str))
> udev_builtin_add_property(dev, test, "ID_TYPE", type_str);
> - if (instance_str[0] != '\0')
> + if (isempty(instance_str))
> udev_builtin_add_property(dev, test, "ID_INSTANCE", instance_str);
> udev_builtin_add_property(dev, test, "ID_BUS", "usb");
> - if (packed_if_str[0] != '\0')
> + if (isempty(packed_if_str))
> udev_builtin_add_property(dev, test, "ID_USB_INTERFACES", packed_if_str);
> if (ifnum != NULL)
> udev_builtin_add_property(dev, test, "ID_USB_INTERFACE_NUM", ifnum);
>
>
> _______________________________________________
> systemd-commits mailing list
> systemd-commits at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-commits
>
More information about the systemd-devel
mailing list