[systemd-devel] [systemd-commits] 4 commits - src/core src/libsystemd src/systemctl src/udev

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Wed Apr 15 05:23:19 PDT 2015 

On Wed, Apr 15, 2015 at 10:47:39AM +0200, Ronny Chevalier wrote:
> On Wed, Apr 15, 2015 at 3:51 AM, Zbigniew Jędrzejewski-Szmek
> <zbyszek at kemper.freedesktop.org> wrote:
> >  src/core/selinux-access.c                 |   31 ++++++++++++++++++++-----
> >  src/libsystemd/sd-device/device-private.h |    2 -
> >  src/systemctl/systemctl.c                 |   11 +++++----
> >  src/udev/udev-builtin-usb_id.c            |   36 +++++++++++-------------------
> >  4 files changed, 45 insertions(+), 35 deletions(-)
> >
> > New commits:
> > commit 17af49f24812a6dd1b3f0732e33ea5dae9e32b29
> > Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> > Date:   Mon Feb 23 20:06:00 2015 -0500
> >
> >     selinux: use different log priorites for log messages
> >
> >     When selinux calls our callback with a log message, it specifies the
> >     type as AVC or INFO/WARNING/ERROR. The question is how to map this to
> >     audit types and/or log priorities. SELINUX_AVC maps to AUDIT_USER_AVC
> >     reasonably, but for the other messages we have no idea, hence we use
> >     AUDIT_USER_AVC for everything. When not using audit logging, we can
> >     map those selinux levels to LOG_INFO/WARNING/ERROR etc.
> >
> >     Also update comment which was not valid anymore in light of journald
> >     sucking in audit logs, and was actually wrong from the beginning —
> >     libselinux uses the callback for everything, not just avcs.
> >
> >     This stemmed out of https://bugzilla.redhat.com/show_bug.cgi?id=1195330,
> >     but does not solve it.
> >
> > diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
> > index a8c9a4b..7058b78 100644
> > --- a/src/core/selinux-access.c
> > +++ b/src/core/selinux-access.c
> > @@ -80,17 +80,33 @@ static int audit_callback(
> >          return 0;
> >  }
> >
> > +static int callback_type_to_priority(int type) {
> > +        switch(type) {
> > +        case SELINUX_ERROR:   return LOG_ERR;
> > +        case SELINUX_WARNING: return LOG_WARNING;
> > +        case SELINUX_INFO:    return LOG_INFO;
> > +        case SELINUX_AVC:
> > +        default:              return LOG_NOTICE;
> > +        }
> > +}
> > +
> >  /*
> > -   Any time an access gets denied this callback will be called
> > -   code copied from dbus. If audit is turned on the messages will go as
> > -   user_avc's into the /var/log/audit/audit.log, otherwise they will be
> > -   sent to syslog.
> > +   libselinux uses this callback when access gets denied or other
> > +   events happen. If audit is turned on, messages will be reported
> > +   using audit netlink, otherwise they will be logged using the usual
> > +   channels.
> > +
> > +   Code copied from dbus and modified.
> >  */
> >  _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
> >          va_list ap;
> >
> >  #ifdef HAVE_AUDIT
> > -        if (get_audit_fd() >= 0) {
> > +        int fd;
> > +
> > +        fd = get_audit_fd();
> > +
> > +        if (fd >= 0) {
> >                  _cleanup_free_ char *buf = NULL;
> >                  int r;
> >
> > @@ -99,14 +115,15 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
> >                  va_end(ap);
> >
> >                  if (r >= 0) {
> > -                        audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
> > +                        audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
> >                          return 0;
> >                  }
> >          }
> >  #endif
> >
> >          va_start(ap, fmt);
> > -        log_internalv(LOG_AUTH | LOG_INFO, 0, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
> > +        log_internalv(LOG_AUTH | callback_type_to_priority(type),
> > +                      0, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
> >          va_end(ap);
> >
> >          return 0;
> >
> > commit 40acc203c043fd419f3c045dc6f116c3a28411d8
> > Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> > Date:   Tue Apr 14 20:47:20 2015 -0500
> >
> >     systemctl: avoid bumping NOFILE rlimit unless needed
> >
> >     We actually only use the journal when showing status. Move setrlimit call
> >     so it is only called for status.
> >
> >     https://bugzilla.redhat.com/show_bug.cgi?id=1184712
> >
> > diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
> > index 75d709d..4e702fb 100644
> > --- a/src/systemctl/systemctl.c
> > +++ b/src/systemctl/systemctl.c
> > @@ -4466,6 +4466,12 @@ static int show(sd_bus *bus, char **args) {
> >          if (show_properties)
> >                  pager_open_if_enabled();
> >
> > +        if (show_status)
> > +                /* Increase max number of open files to 16K if we can, we
> > +                 * might needs this when browsing journal files, which might
> > +                 * be split up into many files. */
> > +                setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
> > +
> >          /* If no argument is specified inspect the manager itself */
> >
> >          if (show_properties && strv_length(args) <= 1)
> > @@ -7164,11 +7170,6 @@ found:
> >                  }
> >          }
> >
> > -        /* Increase max number of open files to 16K if we can, we
> > -         * might needs this when browsing journal files, which might
> > -         * be split up into many files. */
> > -        setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
> > -
> >          return verb->dispatch(bus, argv + optind);
> >  }
> >
> >
> > commit 813a71a206f9f8dc7f824299e94404f8bfdafd91
> > Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> > Date:   Tue Apr 14 12:39:40 2015 -0400
> >
> >     sd-device: fix typo
> >
> > diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h
> > index 7c6219c..f252481 100644
> > --- a/src/libsystemd/sd-device/device-private.h
> > +++ b/src/libsystemd/sd-device/device-private.h
> > @@ -37,7 +37,7 @@ void device_set_is_initialized(sd_device *device);
> >  void device_set_watch_handle(sd_device *device, int fd);
> >  void device_set_db_persist(sd_device *device);
> >  void device_set_devlink_priority(sd_device *device, int priority);
> > -int device_ensure_usec_initialized(sd_device *devcie, sd_device *device_old);
> > +int device_ensure_usec_initialized(sd_device *device, sd_device *device_old);
> >  int device_add_devlink(sd_device *device, const char *devlink);
> >  int device_add_property(sd_device *device, const char *property, const char *value);
> >  int device_add_tag(sd_device *device, const char *tag);
> >
> > commit 4beac74e69f87c2c8d13c10326a075b9b9ece501
> > Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> > Date:   Mon Apr 6 15:42:18 2015 -0400
> >
> >     udev-builtin-usb_id: simplification
> >
> > diff --git a/src/udev/udev-builtin-usb_id.c b/src/udev/udev-builtin-usb_id.c
> > index 25ae032..9418a6b 100644
> > --- a/src/udev/udev-builtin-usb_id.c
> > +++ b/src/udev/udev-builtin-usb_id.c
> > @@ -229,17 +229,17 @@ static int dev_if_packed_info(struct udev_device *dev, char *ifs_str, size_t len
> >   *     is concatenated with the identification with an underscore '_'.
> >   */
> >  static int builtin_usb_id(struct udev_device *dev, int argc, char *argv[], bool test) {
> > -        char vendor_str[64];
> > +        char vendor_str[64] = "";
> >          char vendor_str_enc[256];
> >          const char *vendor_id;
> > -        char model_str[64];
> > +        char model_str[64] = "";
> >          char model_str_enc[256];
> >          const char *product_id;
> > -        char serial_str[UTIL_NAME_SIZE];
> > -        char packed_if_str[UTIL_NAME_SIZE];
> > -        char revision_str[64];
> > -        char type_str[64];
> > -        char instance_str[64];
> > +        char serial_str[UTIL_NAME_SIZE] = "";
> > +        char packed_if_str[UTIL_NAME_SIZE] = "";
> > +        char revision_str[64] = "";
> > +        char type_str[64] = "";
> > +        char instance_str[64] = "";
> >          const char *ifnum = NULL;
> >          const char *driver = NULL;
> >          char serial[256];
> > @@ -252,14 +252,6 @@ static int builtin_usb_id(struct udev_device *dev, int argc, char *argv[], bool
> >          size_t l;
> >          char *s;
> >
> > -        vendor_str[0] = '\0';
> > -        model_str[0] = '\0';
> > -        serial_str[0] = '\0';
> > -        packed_if_str[0] = '\0';
> > -        revision_str[0] = '\0';
> > -        type_str[0] = '\0';
> > -        instance_str[0] = '\0';
> > -
> >          /* shortcut, if we are called directly for a "usb_device" type */
> >          if (udev_device_get_devtype(dev) != NULL && streq(udev_device_get_devtype(dev), "usb_device")) {
> >                  dev_if_packed_info(dev, packed_if_str, sizeof(packed_if_str));
> > @@ -310,7 +302,7 @@ static int builtin_usb_id(struct udev_device *dev, int argc, char *argv[], bool
> >          dev_if_packed_info(dev_usb, packed_if_str, sizeof(packed_if_str));
> >
> >          /* mass storage : SCSI or ATAPI */
> > -        if ((protocol == 6 || protocol == 2)) {
> > +        if (protocol == 6 || protocol == 2) {
> >                  struct udev_device *dev_scsi;
> >                  const char *scsi_model, *scsi_vendor, *scsi_type, *scsi_rev;
> >                  int host, bus, target, lun;
> > @@ -438,10 +430,10 @@ fallback:
> >
> >          s = serial;
> >          l = strpcpyl(&s, sizeof(serial), vendor_str, "_", model_str, NULL);
> > -        if (serial_str[0] != '\0')
> > +        if (isempty(serial_str))
> 
> You changed the condition, it is:
> 
> if (!isempty(serial_str))
> 
> And the same for the others below.
Yikes. Now I really want to hide under the couch ;)

Zbyszek

More information about the systemd-devel mailing list