picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/basic/util.c

274 lines
7 KiB
C
Raw Normal View History

license: LGPL-2.1+ -> LGPL-2.1-or-later
2020-11-09 05:23:58 +01:00
/* SPDX-License-Identifier: LGPL-2.1-or-later */
license: add GPLv2+ license blurbs everwhere
2010-02-03 13:03:47 +01:00
initial commit
2009-11-18 00:42:52 +01:00
#include <errno.h>
util.h: order includes, as suggested by CODING_STYLE Of course, because Linux is broken we cannot actually really order it, and must keep linux/fs.h after sys/mount.h... Yay for Linux!
2015-09-19 00:53:58 +02:00
#include <fcntl.h>
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
#include <sys/mman.h>
tree-wide: whenever we include libgen.h, immediately undefine basename() Also, document in adjacent comments and in CODING_STYLE why we do that.
2015-02-11 18:50:38 +01:00
util-lib: split out allocation calls into alloc-util.[ch]
2015-10-27 03:01:06 +01:00
#include "alloc-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "build.h"
tree-wide: sort includes Sort the includes accoding to the new coding style.
2015-11-16 22:09:36 +01:00
#include "dirent-util.h"
util-lib: split out env file parsing code into env-file.c It's quite complex, let's split this out. No code changes, just some file rearranging.
2018-11-30 22:08:41 +01:00
#include "env-file.h"
Add $SYSTEMD_IN_INITRD=yes|no override for debugging
2018-09-26 07:15:55 +02:00
#include "env-util.h"
util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.
2015-10-25 13:14:12 +01:00
#include "fd-util.h"
util.h: order includes, as suggested by CODING_STYLE Of course, because Linux is broken we cannot actually really order it, and must keep linux/fs.h after sys/mount.h... Yay for Linux!
2015-09-19 00:53:58 +02:00
#include "fileio.h"
#include "hostname-util.h"
util: introduce mkdir_parents() that creates parent paths of sockets and suchlike
2010-02-12 02:01:14 +01:00
#include "log.h"
util.h: order includes, as suggested by CODING_STYLE Of course, because Linux is broken we cannot actually really order it, and must keep linux/fs.h after sys/mount.h... Yay for Linux!
2015-09-19 00:53:58 +02:00
#include "macro.h"
util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]
2015-10-26 16:18:16 +01:00
#include "parse-util.h"
tree-wide: sort includes Sort the includes accoding to the new coding style.
2015-11-16 22:09:36 +01:00
#include "stat-util.h"
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 22:58:24 +02:00
#include "string-util.h"
util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.
2015-10-23 18:52:53 +02:00
#include "util.h"
tree-wide: introduce disable_core_dumps helper and port existing users Changes the core_pattern to prevent any core dumps by the kernel. Does nothing if we're in a container environment as this is system wide setting.
2018-01-10 10:36:14 +01:00
#include "virt.h"
Systemd is causing mislabeled devices to be created and then attempting to read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e
2010-07-28 15:39:54 +02:00
util: try harder to rename the process
2011-06-30 04:16:10 +02:00
int saved_argc = 0;
char **saved_argv = NULL;
core: parse `rd.rescue` and `rd.emergency` as initrd-specific shorthands (#3488) Typing `rd.rescue` is easier than `rd.systemd.unit=rescue.target`.
2016-06-13 16:28:42 +02:00
static int saved_in_initrd = -1;
util: don't export parsed_columns
2012-09-24 14:43:07 +02:00
initctl: check for kexec_loaded when reboot is requested through initctl
2011-08-22 14:58:50 +02:00
bool kexec_loaded(void) {
util-lib: simplify kexec_loaded()
2017-10-15 23:00:54 +02:00
_cleanup_free_ char *s = NULL;
if (read_one_line_file("/sys/kernel/kexec_loaded", &s) < 0)
return false;
return s[0] == '1';
initctl: check for kexec_loaded when reboot is requested through initctl
2011-08-22 14:58:50 +02:00
}
localed: add SetX11Keyboard() and SetVConsoleKeyboard() bus calls
2011-09-28 04:25:13 +02:00
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
int prot_from_flags(int flags) {
switch (flags & O_ACCMODE) {
case O_RDONLY:
return PROT_READ;
case O_WRONLY:
return PROT_WRITE;
case O_RDWR:
return PROT_READ|PROT_WRITE;
default:
return -EINVAL;
}
util: fix build
2011-10-12 04:42:38 +02:00
}
Merge branch 'master' into journal
2011-10-12 04:29:11 +02:00
util.c: add in_initrd() in_initrd() checks, if the stat() for the device for "/" is 1, which it is for the initramfs.
2012-05-16 14:22:40 +02:00
bool in_initrd(void) {
util: add extra safety check to in_initrd() initrds can only be on tmpfs or ramfs, so check for that
2012-07-10 18:46:26 +02:00
struct statfs s;
Add $SYSTEMD_IN_INITRD=yes|no override for debugging
2018-09-26 07:15:55 +02:00
int r;
util: rework in_initrd() logic Checking the device major/minor is not a good idea. Let's replace this with an explicit flag file, which we model after /etc/os-release and call /etc/initrd-release.
2012-05-21 20:00:58 +02:00
core: parse `rd.rescue` and `rd.emergency` as initrd-specific shorthands (#3488) Typing `rd.rescue` is easier than `rd.systemd.unit=rescue.target`.
2016-06-13 16:28:42 +02:00
if (saved_in_initrd >= 0)
return saved_in_initrd;
util: add extra safety check to in_initrd() initrds can only be on tmpfs or ramfs, so check for that
2012-07-10 18:46:26 +02:00
/* We make two checks here:
*
* 1. the flag file /etc/initrd-release must exist
* 2. the root file system must be a memory file system
*
* The second check is extra paranoia, since misdetecting an
tree-wide: remove consecutive duplicate words in comments
2016-10-02 19:37:21 +02:00
* initrd can have bad consequences due the initrd
util: add extra safety check to in_initrd() initrds can only be on tmpfs or ramfs, so check for that
2012-07-10 18:46:26 +02:00
* emptying when transititioning to the main systemd.
*/
Add $SYSTEMD_IN_INITRD=yes|no override for debugging
2018-09-26 07:15:55 +02:00
r = getenv_bool_secure("SYSTEMD_IN_INITRD");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m");
if (r >= 0)
saved_in_initrd = r > 0;
else
saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0 &&
statfs("/", &s) >= 0 &&
is_temporary_fs(&s);
util.c: add in_initrd() in_initrd() checks, if the stat() for the device for "/" is 1, which it is for the initramfs.
2012-05-16 14:22:40 +02:00
core: parse `rd.rescue` and `rd.emergency` as initrd-specific shorthands (#3488) Typing `rd.rescue` is easier than `rd.systemd.unit=rescue.target`.
2016-06-13 16:28:42 +02:00
return saved_in_initrd;
}
void in_initrd_force(bool value) {
saved_in_initrd = value;
util.c: add in_initrd() in_initrd() checks, if the stat() for the device for "/" is 1, which it is for the initramfs.
2012-05-16 14:22:40 +02:00
}
logind: optionally handle power, sleep and lid switch events This takes handling of chassis power and sleep keys as well as the lid switch over from acpid. This logic is enabled by default for power and sleep keys, but not for the lid switch. If a graphical session is in the foreground no action is taken under the assumption that the graphical session does this.
2012-05-30 15:01:51 +02:00
unit: add ConditionACPower=
2012-12-25 16:29:51 +01:00
int on_ac_power(void) {
bool found_offline = false, found_online = false;
_cleanup_closedir_ DIR *d = NULL;
tree-wide: replace all readdir cycles with FOREACH_DIRENT{,_ALL} (#4853)
2016-12-09 10:04:30 +01:00
struct dirent *de;
unit: add ConditionACPower=
2012-12-25 16:29:51 +01:00
d = opendir("/sys/class/power_supply");
if (!d)
shared/util: assume ac when /sys/class/power_supply is missing On s390 (at least) /sys/class/power_supply is not present. We should treat this like if this directory was empty, and not an error.
2015-03-04 01:07:28 +01:00
return errno == ENOENT ? true : -errno;
unit: add ConditionACPower=
2012-12-25 16:29:51 +01:00
tree-wide: replace all readdir cycles with FOREACH_DIRENT{,_ALL} (#4853)
2016-12-09 10:04:30 +01:00
FOREACH_DIRENT(de, d, return -errno) {
unit: add ConditionACPower=
2012-12-25 16:29:51 +01:00
_cleanup_close_ int fd = -1, device = -1;
char contents[6];
ssize_t n;
device = openat(dirfd(d), de->d_name, O_DIRECTORY|O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (device < 0) {
tree-wide: use IN_SET where possible In addition to the changes from #6933 this handles cases that could be matched with the included cocci file.
2017-09-29 00:37:23 +02:00
if (IN_SET(errno, ENOENT, ENOTDIR))
unit: add ConditionACPower=
2012-12-25 16:29:51 +01:00
continue;
return -errno;
}
fd = openat(device, "type", O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (fd < 0) {
if (errno == ENOENT)
continue;
return -errno;
}
n = read(fd, contents, sizeof(contents));
if (n < 0)
return -errno;
if (n != 6 || memcmp(contents, "Mains\n", 6))
continue;
util: replace close_nointr_nofail() by a more useful safe_close() safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-18 19:22:43 +01:00
safe_close(fd);
unit: add ConditionACPower=
2012-12-25 16:29:51 +01:00
fd = openat(device, "online", O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (fd < 0) {
if (errno == ENOENT)
continue;
return -errno;
}
n = read(fd, contents, sizeof(contents));
if (n < 0)
return -errno;
if (n != 2 || contents[1] != '\n')
return -EIO;
if (contents[0] == '1') {
found_online = true;
break;
} else if (contents[0] == '0')
found_offline = true;
else
return -EIO;
}
return found_online || !found_offline;
}
binfmt,tmpfiles,modules-load,sysctl: rework the various early-boot services that work on .d/ directories This unifies much of the logic behind them: - All four will now ofllow the rule that the earlier file and earlier assignment in the .d/ directories wins. Before, sysctl was the only outlier, where the later setting always won. - All four now support getopt() and --help on the command line. - All four can now handle specification of configuration file names on the command line to apply. The tools will automatically find them, and apply them. Previously only tmpfiles could do that. This is useful for %post scripts in RPMs and suchlike. - This fixes various error path issues in conf_files_list()
2013-02-11 23:48:36 +01:00
bus: when connecting to a container's kdbus instance, enter namespace first Previously we'd open the connection in the originating namespace, which meant most peers of the bus would not be able to make sense of the PID/UID/... identity of us since we didn't exist in the namespace they run in. However they require this identity for privilege decisions, hence disallowing access to anything from the host. Instead, when connecting to a container, create a temporary subprocess, make it join the container's namespace and then connect from there to the kdbus instance. This is similar to how we do it for socket conections already. THis also unifies the namespacing code used by machinectl and the bus APIs.
2013-12-13 22:02:47 +01:00
int container_get_leader(const char *machine, pid_t *pid) {
_cleanup_free_ char *s = NULL, *class = NULL;
const char *p;
pid_t leader;
int r;
assert(machine);
assert(pid);
sd-bus: allow connecting to the pseudo-container ".host" machined exposes the pseudo-container ".host" as a reference to the host system, and this means "machinectl login .host" and "machinectl shell .host" get your a login/shell on the host. systemd-run currently doesn't allow that. Let's fix that, and make sd-bus understand ".host" as an alias for connecting to the host system.
2018-07-17 12:23:26 +02:00
if (streq(machine, ".host")) {
*pid = 1;
return 0;
}
hostname-util: flagsify hostname_is_valid(), drop machine_name_is_valid() Let's clean up hostname_is_valid() a bit: let's turn the second boolean argument into a more explanatory flags field, and add a flag that accepts the special name ".host" as valid. This is useful for the container logic, where the special hostname ".host" refers to the "root container", i.e. the host system itself, and can be specified at various places. let's also get rid of machine_name_is_valid(). It was just an alias, which is confusing and even more so now that we have the flags param.
2020-12-11 16:40:45 +01:00
if (!hostname_is_valid(machine, 0))
machined: validate machine names at more places When enumerating machines from /run, and when accepting machine names for operations, be more strict and always validate. Note that these checks are strictly speaking unnecessary, since enumeration happens only on the trusted /run...
2015-08-23 14:33:50 +02:00
return -EINVAL;
util: rework strappenda(), and rename it strjoina() After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-02-03 02:05:59 +01:00
p = strjoina("/run/systemd/machines/", machine);
fileio: automatically add NULL sentinel to parse_env_file() Let's modernize things a bit.
2018-11-12 14:18:03 +01:00
r = parse_env_file(NULL, p,
"LEADER", &s,
"CLASS", &class);
bus: when connecting to a container's kdbus instance, enter namespace first Previously we'd open the connection in the originating namespace, which meant most peers of the bus would not be able to make sense of the PID/UID/... identity of us since we didn't exist in the namespace they run in. However they require this identity for privilege decisions, hence disallowing access to anything from the host. Instead, when connecting to a container, create a temporary subprocess, make it join the container's namespace and then connect from there to the kdbus instance. This is similar to how we do it for socket conections already. THis also unifies the namespacing code used by machinectl and the bus APIs.
2013-12-13 22:02:47 +01:00
if (r == -ENOENT)
return -EHOSTDOWN;
if (r < 0)
return r;
if (!s)
return -EIO;
if (!streq_ptr(class, "container"))
return -EIO;
r = parse_pid(s, &leader);
if (r < 0)
return r;
if (leader <= 1)
return -EIO;
*pid = leader;
return 0;
}
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
int version(void) {
shared/build: make the version string definition less terrible The BLKID and ELFUTILS strings were present twice. Let's reaarange things so that each times requires definition in exactly one place. Also let's sort things a bit: the "heavy hitters" like PAM/MAC first, then crypto libs, then other libs, alphabetically, compressors, and external compat integrations. I think it's useful for users to group similar concepts together to some extent. For example, when checking what compression is available, it helps a lot to have them listed together. FDISK is renamed to LIBFDISK to make it clear that this is about he library and the executable.
2020-12-03 11:12:59 +01:00
printf("systemd " STRINGIFY(PROJECT_VERSION) " (" GIT_VERSION ")\n%s\n",
systemd_features);
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
return 0;
}
condition: extend ConditionKernelVersion= with relative version checks Now that we have str_verscmp() in our source tree anyway, let's make it generic and reuse it for ConditionKernelVersion=.
2017-12-23 15:02:58 +01:00
/* This is a direct translation of str_verscmp from boot.c */
static bool is_digit(int c) {
return c >= '0' && c <= '9';
}
static int c_order(int c) {
if (c == 0 || is_digit(c))
return 0;
if ((c >= 'a') && (c <= 'z'))
return c;
return c + 0x10000;
}
int str_verscmp(const char *s1, const char *s2) {
const char *os1, *os2;
assert(s1);
assert(s2);
os1 = s1;
os2 = s2;
while (*s1 || *s2) {
int first;
while ((*s1 && !is_digit(*s1)) || (*s2 && !is_digit(*s2))) {
int order;
order = c_order(*s1) - c_order(*s2);
if (order != 0)
return order;
s1++;
s2++;
}
while (*s1 == '0')
s1++;
while (*s2 == '0')
s2++;
first = 0;
while (is_digit(*s1) && is_digit(*s2)) {
if (first == 0)
first = *s1 - *s2;
s1++;
s2++;
}
if (is_digit(*s1))
return 1;
if (is_digit(*s2))
return -1;
if (first != 0)
return first;
}
return strcmp(os1, os2);
}
tree-wide: introduce disable_core_dumps helper and port existing users Changes the core_pattern to prevent any core dumps by the kernel. Does nothing if we're in a container environment as this is system wide setting.
2018-01-10 10:36:14 +01:00
/* Turn off core dumps but only if we're running outside of a container. */
util: minor tweaks to disable_core_dumps() First, let's rename it to disable_coredumps(), as in the rest of our codebase we spell it "coredump" rather than "core_dump", so let's stick to that. However, also log about failures to turn off core dumpling on LOG_DEBUG, because debug logging is always a good idea.
2018-01-10 18:37:54 +01:00
void disable_coredumps(void) {
int r;
if (detect_container() > 0)
return;
tree-wide: set WRITE_STRING_FILE_DISABLE_BUFFER flag when we write files under /proc or /sys
2018-11-06 13:00:07 +01:00
r = write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", WRITE_STRING_FILE_DISABLE_BUFFER);
util: minor tweaks to disable_core_dumps() First, let's rename it to disable_coredumps(), as in the rest of our codebase we spell it "coredump" rather than "core_dump", so let's stick to that. However, also log about failures to turn off core dumpling on LOG_DEBUG, because debug logging is always a good idea.
2018-01-10 18:37:54 +01:00
if (r < 0)
log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m");
tree-wide: introduce disable_core_dumps helper and port existing users Changes the core_pattern to prevent any core dumps by the kernel. Does nothing if we're in a container environment as this is system wide setting.
2018-01-10 10:36:14 +01:00
}
Reference in a new issue Copy permalink