picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
48,100 Commits 2 Branches 0 Tags 166 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
Lennart Poettering 6dd16814a5
Merge pull request #17079 from keszybz/late-exec-resolution 
Resolve executable paths before execution, use fexecve()
 2020-12-03 14:58:20 +01:00
Yu Watanabe db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Zbigniew Jędrzejewski-Szmek ceedbf8185 meson: add option for fexecve use 
There are downsides to using fexecve:

when fexecve is used (for normal executables), /proc/pid/status shows Name: 3,
which means that ps -C foobar doesn't work. pidof works, because it checks
/proc/self/cmdline. /proc/self/exe also shows the correct link, but requires
privileges to read. /proc/self/comm also shows "3".

I think this can be considered a kernel deficiency: when O_CLOEXEC is used, this
"3" is completely meaningless. It could be any number. The kernel should use
argv[0] instead, which at least has *some* meaning.

I think the approach with fexecve/execveat is instersting, so let's provide it
as opt-in.
 2020-11-06 15:20:34 +01:00
Zbigniew Jędrzejewski-Szmek 3f51bbff55 shared/exec-util: fall back to execve() also on permission errors 2020-11-06 15:20:34 +01:00
Zbigniew Jędrzejewski-Szmek 8939eeae52 shared/exec-util: use our own execveat() wrapper instead of fexecve() 
For scripts, when we call fexecve(), on new kernels glibc calls execveat(),
which fails with ENOENT, and then we fall back to execve() which succeeds:
[pid 63039] execveat(3, "", ["/home/zbyszek/src/systemd/test/test-path-util/script.sh", "--version"], 0x7ffefa3633f0 /* 0 vars */, AT_EMPTY_PATH) = -1 ENOENT (No such file or directory)
[pid 63039] execve("/home/zbyszek/src/systemd/test/test-path-util/script.sh", ["/home/zbyszek/src/systemd/test/test-path-util/script.sh", "--version"], 0x7ffefa3633f0 /* 0 vars */) = 0

But on older kernels glibc (some versions?) implement a fallback which falls
into the same trap with bash $0:
[pid 13534] execve("/proc/self/fd/3", ["/home/test/systemd/test/test-path-util/script.sh", "--version"], 0x7fff84995870 /* 0 vars */) = 0

We don't want that, so let's call execveat() ourselves. Then we can do the
execve() fallback as we want.
 2020-11-06 15:20:34 +01:00
Zbigniew Jędrzejewski-Szmek a6d9111c67 core/execute: fall back to execve() for scripts 
fexecve() fails with ENOENT and we need a fallback. Add appropriate test.
 2020-11-06 15:14:13 +01:00
Zbigniew Jędrzejewski-Szmek b83d505087 core: use fexecve() to spawn children 
We base the smack/selinux setup on the executable. Let's open the file
once and use the same fd for that setup and the subsequent execve.
 2020-11-06 15:13:01 +01:00
Anita Zhang b3d593673c core: add ExecStartXYZEx= with dbus support for executable prefixes 
Closes #11654
 2019-05-30 20:41:42 -07:00
Ben Boeckel 5238e95759 codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
Matthias Klumpp 4b05f0c9d9 core: Allow to configure execute_directories execution behavior 
This adds a new bitfield to `execute_directories()` which allows to
configure whether to ignore non-zero exit statuses of binaries run and
whether to allow parallel execution of commands.
In case errors are not ignored, the exit status of the failed script
will now be returned for error reposrting purposes or other further
future use.
 2019-02-18 16:16:02 +01:00
Chris Down e92aaed30e tree-wide: Remove O_CLOEXEC from fdopen 
fdopen doesn't accept "e", it's ignored. Let's not mislead people into
believing that it actually sets O_CLOEXEC.

From `man 3 fdopen`:

> e (since glibc 2.7):
> Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen()

As mentioned by @jlebon in #11131.
 2018-12-12 20:47:40 +01:00
Zbigniew Jędrzejewski-Szmek 871fa294ff Merge pull request #10935 from poettering/rlimit-nofile-safe 
Merged by hand to resolve a trivial conflict in TODO.
 2018-12-06 17:19:21 +01:00
Lennart Poettering 686d13b9f2 util-lib: split out env file parsing code into env-file.c 
It's quite complex, let's split this out.

No code changes, just some file rearranging.
 2018-12-02 13:22:29 +01:00
Lennart Poettering e4de72876e util-lib: split out all temporary file related calls into tmpfiles-util.c 
This splits out a bunch of functions from fileio.c that have to do with
temporary files. Simply to make the header files a bit shorter, and to
group things more nicely.

No code changes, just some rearranging of source files.
 2018-12-02 13:22:29 +01:00
Lennart Poettering 595225af7a tree-wide: invoke rlimit_nofile_safe() before various exec{v,ve,l}() invocations 
Whenever we invoke external, foreign code from code that has
RLIMIT_NOFILE's soft limit bumped to high values, revert it to 1024
first. This is a safety precaution for compatibility with programs using
select() which cannot operate with fds > 1024.

This commit adds the call to rlimit_nofile_safe() to all invocations of
exec{v,ve,l}() and friends that either are in code that we know runs
with RLIMIT_NOFILE bumped up (which is PID 1 and all journal code for
starters) or that is part of shared code that might end up there.

The calls are placed as early as we can in processes invoking a flavour
of execve(), but after the last time we do fd manipulations, so that we
can still take benefit of the high fd limits for that.
 2018-12-01 12:50:45 +01:00
Zbigniew Jędrzejewski-Szmek d284b82b3e Move various files that don't need to be in basic/ to shared/ 
This doesn't have much effect on the final build, because we link libbasic.a
into libsystemd-shared.so, so in the end, all the object built from basic/
end up in libsystemd-shared. And when the static library is linked into binaries,
any objects that are included in it but are not used are trimmed. Hence, the
size of output artifacts doesn't change:

$ du -sb /var/tmp/inst*
54181861	/var/tmp/inst1    (old)
54207441	/var/tmp/inst1s   (old split-usr)
54182477	/var/tmp/inst2    (new)
54208041	/var/tmp/inst2s   (new split-usr)

(The negligible change in size is because libsystemd-shared.so is bigger
by a few hundred bytes. I guess it's because symbols are named differently
or something like that.)

The effect is on the build process, in particular partial builds. This change
effectively moves the requirements on some build steps toward the leaves of the
dependency tree. Two effects:
- when building items that do not depend on libsystemd-shared, we
  build less stuff for libbasic.a (which wouldn't be used anyway,
  so it's a net win).
- when building items that do depend on libshared, we reduce libbasic.a as a
  synchronization point, possibly allowing better parallelism.

Method:
1. copy list of .h files from src/basic/meson.build to /tmp/basic
2. $ for i in $(grep '.h$' /tmp/basic); do echo $i; git --no-pager grep "include \"$i\"" src/basic/ 'src/lib*' 'src/nss-*' 'src/journal/sd-journal.c' |grep -v "${i%.h}.c";echo ;done | less
 2018-11-20 07:27:37 +01:00
Renamed from src/basic/exec-util.c (Browse further)