picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
46484 commits 2 branches 0 tags 166 MiB
Commit graph

126 commits

Author SHA1 Message Date
Lennart Poettering 64a5384fd2 coredump: don't convert s → µs twice 
We already append 000000 early on when parsing the cmdline args, let's
not do that a second time.

Fixes: #16919
 2020-09-02 08:11:07 +02:00
Lennart Poettering b519529104
Merge pull request #16841 from keszybz/acl-util-bitmask 
Use a bitmask in fd_add_uid_acl_permission()
 2020-08-31 16:45:13 +02:00
fangxiuning c53aafb7b5
tree-wide: drop pointless zero initialization (#16884) 
tree-wide: drop pointless zero initialization
 2020-08-28 17:45:54 +02:00
Zbigniew Jędrzejewski-Szmek 567aeb5801 shared/acl-util: convert rd,wr,ex to a bitmask 
I find this version much more readable.

Add replacement defines so that when acl/libacl.h is not available, the
ACL_{READ,WRITE,EXECUTE} constants are also defined. Those constants were
declared in the kernel headers already in 1da177e4c3f41524e886b7f1b8a0c1f,
so they should be the same pretty much everywhere.
 2020-08-27 10:20:12 +02:00
Lennart Poettering 9db59d9283 acl-util: beef up add_acls_for_user() 
Let's add support for controlling r/w/x bits separetely. This is useful
for using it to control access to directories, where r + x shall be
enabled.
 2020-08-25 18:39:45 +02:00
Lennart Poettering d81be4e752 coredump: port to use common add_acls_for_user() 
It's line-by-line the same logic, hence use the common implementation.
 2020-07-21 22:58:40 +02:00
Lennart Poettering d80b051cea tree-wide: add new HAVE_COMPRESSION compile time flag 
let's simplify the checks for ZSTD/LZ4/XZ

As suggested:

https://github.com/systemd/systemd/pull/16096#discussion_r440705585
 2020-06-25 15:02:45 +02:00
Lennart Poettering 4f9ff96a55 conf-parser: return mtime in config_parse() and friends 
This is a follow-up for 9f83091e3c.

Instead of reading the mtime off the configuration files after reading,
let's do so before reading, but with the fd we read the data from. This
is not only cleaner (as it allows us to save one stat()), but also has
the benefit that we'll detect changes that happen while we read the
files.

This also reworks unit file drop-ins to use the common code for
determining drop-in mtime, instead of reading system clock for that.
 2020-06-02 19:32:20 +02:00
Lennart Poettering fb29cdbef2 tree-wide: make sure our control buffers are properly aligned 
We always need to make them unions with a "struct cmsghdr" in them, so
that things properly aligned. Otherwise we might end up at an unaligned
address and the counting goes all wrong, possibly making the kernel
refuse our buffers.

Also, let's make sure we initialize the control buffers to zero when
sending, but leave them uninitialized when reading.

Both the alignment and the initialization thing is mentioned in the
cmsg(3) man page.
 2020-05-07 14:39:44 +02:00
Norbert Lange ef5924aa31 coredump: add zstandard support for coredumps 
this will hook libzstd into coredump,
using this format as default.
 2020-05-04 10:59:43 +02:00
Lennart Poettering dac556fa7b tree-wide: use cmsg_find() helper at various places where appropriate 2020-04-23 19:41:15 +02:00
Lennart Poettering 3691bcf3c5 tree-wide: use recvmsg_safe() at various places 
Let's be extra careful whenever we return from recvmsg() and see
MSG_CTRUNC set. This generally means we ran into a programming error, as
we didn't size the control buffer large enough. It's an error condition
we should at least log about, or propagate up. Hence do that.

This is particularly important when receiving fds, since for those the
control data can be of any size. In particular on stream sockets that's
nasty, because if we miss an fd because of control data truncation we
cannot recover, we might not even realize that we are one off.

(Also, when failing early, if there's any chance the socket might be
AF_UNIX let's close all received fds, all the time. We got this right
most of the time, but there were a few cases missing. God, UNIX is hard
to use)
 2020-04-23 09:41:47 +02:00
Vito Caputo b46c3e4913 *: use _cleanup_close_ with fdopen() where trivial 
Also convert these to use take_fdopen().
 2020-03-31 06:48:03 -07:00
Yu Watanabe f5947a5e92 tree-wide: drop missing.h 2019-10-31 17:57:03 +09:00
Franck Bui 2a3bebd02a coredump: (void)ify all calls of iovw_put_string_field() where we ignore failure on purpose 
All those calls are dealing with optional metadata.
 2019-07-16 17:41:07 +02:00
Franck Bui f46c706bdd coredump: gather all process metadata in iovecs first and then cache them 
Now we first gather all process metadata and populate the process info cache
with them. In this way, the cache only references metadata recorded in iovecs[]
so there's no need to bother freeing (part of) cached metadata later.

The other advantage is that the coredump handler mode and the service mode are
more similar as the cache is populated in the same way for both cases.

It also renames the array indexes so it becomes clear which metadata are passed
by the kernel and which ones are retrieved from the runtime environment.
 2019-07-16 17:40:35 +02:00
Franck Bui f8540bde72 coredump: use 'input_fd' name for the pipe fd passed by the kernel everywhere 
'input_fd' variable name is used mostly everywhere except in process_socket()
where it's named 'coredump_fd', which is pretty confusing since 'coredump_fd'
is used for the coredump filename in submit_coredump().

So let's use 'input_fd' consistently as name for the pipe fd passed by the
kernel.

No functional changes.
 2019-07-16 17:39:19 +02:00
Lennart Poettering b910cc72c0 tree-wide: get rid of strappend() 
It's a special case of strjoin(), so no need to keep both. In particular
as typing strjoin() is even shoert than strappend().
 2019-07-12 14:31:12 +09:00
Franck Bui 9a43538896 coredump: make use of the iovec-array helpers 
Previous code was allocating an array of iovecs big enough to store all the
fields added later by various functions.

This forced us to calculate the size of the array in advance which is too error
prone if for example one wants to add new fields or simply rework the
code. Various assertions were added to make sure there's no overflow but it's
still more code for no good reasons.

Instead, this patch switches to the new iovec array handling interface so the
array is grown dynamically when needed.

The other contraint was that some iovecs were supposed to be freed whereas some
others were not. This makes the code hard to (re)organize. The new code always
allocates fields so it becomes easier to rework the code.
 2019-06-28 08:24:09 +02:00
Franck Bui 11e6d9714e journal-import: extract helpers for handling arrays of iovec and make them available for others 2019-06-27 19:14:23 +02:00
Franck Bui 554c76b662 coredump: drop 2 useless assertions 2019-06-27 19:01:32 +02:00
Franck Bui 51d3783d87 coredump: slighlty simplify stack trace generation logic 
The main advantage is to avoid the code duplication used to build MESSAGE=
field.

No functional changes.
 2019-06-27 19:01:32 +02:00
Franck Bui 2705fcd63b coredump: fix the check on the number of passed args in backtrace mode 
In backtrace mode, '--backtrace' option should also be counted.
 2019-06-27 19:01:32 +02:00
Franck Bui aaeb25224d coredump: gather_pid_metadata() doesn't return 1 anymore 
Since commit 92e92d71fa, gather_pid_metadata()
returns only 0 or a negative value.
 2019-06-27 19:01:32 +02:00
Franck Bui 30a0554ebd coredump: rename set_iovec_field_free() into set_iovec_string_field_free() 
It's more in line with its counterpart set_iovec_string_field().

Also move the definition to io-util next to set_iovec_string_field().
 2019-06-27 19:01:28 +02:00
Franck Bui 47cf786c0a coredump: rely on /proc exclusively to get the name of the crashing process 
I couldn't see any reason why the kernel could provide COMM to the coredump
handler via the core_pattern command line but could not make it available in
/proc. So let's assume that this info is always available in /proc.

For "backtrace" mode (when --backtrace option is passed), I assumed that the
crashing process still exists at the time systemd-coredump is called.

Also changing the core_pattern line is an API breakage for any users of the
backtrace mode but given that systemd-coredump is installed in
/usr/lib/systemd, it's a private tool which has no internal users. At least no
one complained when the hostname was added to the core_pattern line
(f45b801551)...

Indeed it's much easier to get it from /proc since the kernel substitutes '%e'
specifier with multiple strings if the process name contains spaces (!).
 2019-06-26 11:17:23 +02:00
Franck Bui 57ae8f9936 coredump: fix one memleak in backtrace mode 
Journal importer internal structures need to be freed.
 2019-06-26 11:17:23 +02:00
Franck Bui 274fa94132 coredump: make use of STRINGIFY 2019-06-26 11:17:23 +02:00
Zbigniew Jędrzejewski-Szmek 09c1dceef1 basic/process-util: convert bool arg to flags 
In preparation for the next commit…
 2019-05-22 10:15:49 +02:00
Zbigniew Jędrzejewski-Szmek bc28751ed2 Rework cmdline printing to use unicode 
The functions to retrieve and print process cmdlines were based on the
assumption that they contain printable ASCII, and everything else
should be filtered out. That assumption doesn't hold in today's world,
where people are free to use unicode everywhere.

This replaces the custom cmdline reading code with a more generic approach
using utf8_escape_non_printable_full().
For kernel threads, truncation is done on the parenthesized name, so we'll
get "[worker]", "[worker…]", …, "[w…]", "[…", "…" as we reduce the number of
available columns.

This implementation is most likely slower for very long cmdlines, but I don't
think this is very important. The common case is to have short commandlines,
and should print those properly. Absurdly long cmdlines are the exception,
which needs to be handled correctly and safely, but speed is not too important.

Fixes #12532.

v2:
- use size_t for the number of columns. This change propagates into various
  other functions that call get_process_cmdline(), increasing the size of the
  patch, but the changes are rather trivial.
 2019-05-22 10:08:17 +02:00
Lennart Poettering 0892f3f999
Merge pull request #12420 from mrc0mmand/coccinelle-tweaks 
Coccinelle improvements
 2019-04-30 11:37:19 +02:00
Frantisek Sumsal ed0cb34682 tree-wide: code improvements suggested by Coccinelle 2019-04-30 09:39:07 +02:00
Ben Boeckel 5238e95759 codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
Zbigniew Jędrzejewski-Szmek 2fe21124a6 Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek 6e5dcce4b1 Voidify more mkdir_p calls 2019-03-27 11:53:12 +01:00
Lennart Poettering 0a9707187b util: split out memcmp()/memset() related calls into memory-util.[ch] 
Just some source rearranging.
 2019-03-13 12:16:43 +01:00
Topi Miettinen a1e92eee3e Remove 'inline' attributes from static functions in .c files (#11426) 
Let the compiler perform inlining (see #11397).
 2019-01-15 08:12:28 +01:00
Zbigniew Jędrzejewski-Szmek f0136e0922 coredump: fix message when we fail to save a journald coredump 
If creation of the message failed, we'd write a bogus entry:
systemd-coredump[1400]: Cannot store coredump of 416 (systemd-journal): No space left on device
systemd-coredump[1400]: MESSAGE=Process 416 (systemd-journal) of user 0 dumped core.
systemd-coredump[1400]: Coredump diverted to
 2019-01-09 23:41:53 +01:00
Zbigniew Jędrzejewski-Szmek 084eeb865c journald: do not store the iovec entry for process commandline on stack 
This fixes a crash where we would read the commandline, whose length is under
control of the sending program, and then crash when trying to create a stack
allocation for it.

CVE-2018-16864
https://bugzilla.redhat.com/show_bug.cgi?id=1653855

The message actually doesn't get written to disk, because
journal_file_append_entry() returns -E2BIG.
 2019-01-09 23:41:53 +01:00
Zbigniew Jędrzejewski-Szmek 4f62556d71 coredump: remove duplicate MESSAGE= prefix from message 
systemd-coredump[9982]: MESSAGE=Process 771 (systemd-journal) of user 0 dumped core.
systemd-coredump[9982]: Coredump diverted to /var/lib/systemd/coredump/core...

log_dispatch() calls log_dispatch_internal() which calls write_to_journal()
which appends MESSAGE= on its own.
 2019-01-09 23:41:53 +01:00
Chris Down e92aaed30e tree-wide: Remove O_CLOEXEC from fdopen 
fdopen doesn't accept "e", it's ignored. Let's not mislead people into
believing that it actually sets O_CLOEXEC.

From `man 3 fdopen`:

> e (since glibc 2.7):
> Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen()

As mentioned by @jlebon in #11131.
 2018-12-12 20:47:40 +01:00
Lennart Poettering e4de72876e util-lib: split out all temporary file related calls into tmpfiles-util.c 
This splits out a bunch of functions from fileio.c that have to do with
temporary files. Simply to make the header files a bit shorter, and to
group things more nicely.

No code changes, just some rearranging of source files.
 2018-12-02 13:22:29 +01:00
Zbigniew Jędrzejewski-Szmek baaa35ad70 coccinelle: make use of SYNTHETIC_ERRNO 
Ideally, coccinelle would strip unnecessary braces too. But I do not see any
option in coccinelle for this, so instead, I edited the patch text using
search&replace to remove the braces. Unfortunately this is not fully automatic,
in particular it didn't deal well with if-else-if-else blocks and ifdefs, so
there is an increased likelikehood be some bugs in such spots.

I also removed part of the patch that coccinelle generated for udev, where we
returns -1 for failure. This should be fixed independently.
 2018-11-22 10:54:38 +01:00
Lennart Poettering 6bf3c61c57 log: introduce new helper call log_setup_service() 
Let's reduce the common boilerplate and have a single setup function
used by all service code to setup logging.
 2018-11-20 11:18:22 +01:00
Lennart Poettering 5e332028f2 util-lib: move main() definition macros to its own header file 
This way, we can extend the macro a bit with stuff pulled in from other
headers without this affecting everything which pulls in macro.h, which
is one of our most basic headers.

This is just refactoring, no change in behaviour, in prepartion for
later changes.
 2018-11-19 21:14:34 +01:00
Zbigniew Jędrzejewski-Szmek 4515a95ee0 coredump: define main through macro 2018-11-17 09:13:35 +01:00
Yu Watanabe 25cad95c82 fuzz: decrease DATA_SIZE_MAX 
Fixes oss-fuzz#8658.
 2018-11-12 18:08:48 +09:00
Yu Watanabe 27f931d1cd coredump: update comments 2018-11-12 17:56:20 +09:00
Yu Watanabe 9d77ca39e5 coredump: include error cause in log message 2018-10-20 01:43:13 +09:00
Lennart Poettering 7b26ea6f06 coredump: FOREACH_LINE excorcism 2018-10-18 16:23:45 +02:00