journal: install sigbus handler for journal tools too
This makes them robust regarding truncation. Ideally, we'd export this as an API, but given how messy SIGBUS handling is, and the uncertain ownership logic of signal handlers we should not do this (unless libc one day invents a scheme how to sanely install SIGBUS handlers for specific memory areas only). However, for now we can still make all our own tools robust. Note that external tools will only have read-access to the journal anyway, where SIGBUS is much more unlikely, given that only writes are subject to disk full problems.
This commit is contained in:
Lennart Poettering
parent
b798e7baa5
commit
2cf4172a71
|
|
@ -31,20 +31,21 @@
|
|||
#include <gnutls/gnutls.h>
|
||||
#endif
|
||||
|
||||
#include "log.h"
|
||||
#include "util.h"
|
||||
#include "sd-journal.h"
|
||||
#include "sd-daemon.h"
|
||||
#include "sd-bus.h"
|
||||
#include "log.h"
|
||||
#include "util.h"
|
||||
#include "bus-util.h"
|
||||
#include "logs-show.h"
|
||||
#include "microhttpd-util.h"
|
||||
#include "build.h"
|
||||
#include "fileio.h"
|
||||
#include "sigbus.h"
|
||||
|
||||
static char *key_pem = NULL;
|
||||
static char *cert_pem = NULL;
|
||||
static char *trust_pem = NULL;
|
||||
static char *arg_key_pem = NULL;
|
||||
static char *arg_cert_pem = NULL;
|
||||
static char *arg_trust_pem = NULL;
|
||||
|
||||
typedef struct RequestMeta {
|
||||
sd_journal *journal;
|
||||
|
|
@ -833,7 +834,7 @@ static int request_handler(
|
|||
return MHD_YES;
|
||||
}
|
||||
|
||||
if (trust_pem) {
|
||||
if (arg_trust_pem) {
|
||||
r = check_permissions(connection, &code, NULL);
|
||||
if (r < 0)
|
||||
return code;
|
||||
|
|
@ -904,37 +905,37 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
return 0;
|
||||
|
||||
case ARG_KEY:
|
||||
if (key_pem) {
|
||||
if (arg_key_pem) {
|
||||
log_error("Key file specified twice");
|
||||
return -EINVAL;
|
||||
}
|
||||
r = read_full_file(optarg, &key_pem, NULL);
|
||||
r = read_full_file(optarg, &arg_key_pem, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to read key file: %m");
|
||||
assert(key_pem);
|
||||
assert(arg_key_pem);
|
||||
break;
|
||||
|
||||
case ARG_CERT:
|
||||
if (cert_pem) {
|
||||
if (arg_cert_pem) {
|
||||
log_error("Certificate file specified twice");
|
||||
return -EINVAL;
|
||||
}
|
||||
r = read_full_file(optarg, &cert_pem, NULL);
|
||||
r = read_full_file(optarg, &arg_cert_pem, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to read certificate file: %m");
|
||||
assert(cert_pem);
|
||||
assert(arg_cert_pem);
|
||||
break;
|
||||
|
||||
case ARG_TRUST:
|
||||
#ifdef HAVE_GNUTLS
|
||||
if (trust_pem) {
|
||||
if (arg_trust_pem) {
|
||||
log_error("CA certificate file specified twice");
|
||||
return -EINVAL;
|
||||
}
|
||||
r = read_full_file(optarg, &trust_pem, NULL);
|
||||
r = read_full_file(optarg, &arg_trust_pem, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to read CA certificate file: %m");
|
||||
assert(trust_pem);
|
||||
assert(arg_trust_pem);
|
||||
break;
|
||||
#else
|
||||
log_error("Option --trust is not available.");
|
||||
|
|
@ -952,12 +953,12 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!!key_pem != !!cert_pem) {
|
||||
if (!!arg_key_pem != !!arg_cert_pem) {
|
||||
log_error("Certificate and key files must be specified together");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (trust_pem && !key_pem) {
|
||||
if (arg_trust_pem && !arg_key_pem) {
|
||||
log_error("CA certificate can only be used with certificate file");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
|
@ -979,6 +980,8 @@ int main(int argc, char *argv[]) {
|
|||
if (r == 0)
|
||||
return EXIT_SUCCESS;
|
||||
|
||||
sigbus_install();
|
||||
|
||||
#ifdef HAVE_GNUTLS
|
||||
gnutls_global_set_log_function(log_func_gnutls);
|
||||
log_reset_gnutls_level();
|
||||
|
|
@ -1008,18 +1011,18 @@ int main(int argc, char *argv[]) {
|
|||
if (n > 0)
|
||||
opts[opts_pos++] = (struct MHD_OptionItem)
|
||||
{MHD_OPTION_LISTEN_SOCKET, SD_LISTEN_FDS_START};
|
||||
if (key_pem) {
|
||||
assert(cert_pem);
|
||||
if (arg_key_pem) {
|
||||
assert(arg_cert_pem);
|
||||
opts[opts_pos++] = (struct MHD_OptionItem)
|
||||
{MHD_OPTION_HTTPS_MEM_KEY, 0, key_pem};
|
||||
{MHD_OPTION_HTTPS_MEM_KEY, 0, arg_key_pem};
|
||||
opts[opts_pos++] = (struct MHD_OptionItem)
|
||||
{MHD_OPTION_HTTPS_MEM_CERT, 0, cert_pem};
|
||||
{MHD_OPTION_HTTPS_MEM_CERT, 0, arg_cert_pem};
|
||||
flags |= MHD_USE_SSL;
|
||||
}
|
||||
if (trust_pem) {
|
||||
if (arg_trust_pem) {
|
||||
assert(flags & MHD_USE_SSL);
|
||||
opts[opts_pos++] = (struct MHD_OptionItem)
|
||||
{MHD_OPTION_HTTPS_MEM_TRUST, 0, trust_pem};
|
||||
{MHD_OPTION_HTTPS_MEM_TRUST, 0, arg_trust_pem};
|
||||
}
|
||||
|
||||
d = MHD_start_daemon(flags, 19531,
|
||||
|
|
|
|||
|
|
@ -26,13 +26,13 @@
|
|||
#include <getopt.h>
|
||||
|
||||
#include "sd-daemon.h"
|
||||
|
||||
#include "log.h"
|
||||
#include "util.h"
|
||||
#include "build.h"
|
||||
#include "fileio.h"
|
||||
#include "mkdir.h"
|
||||
#include "conf-parser.h"
|
||||
#include "sigbus.h"
|
||||
#include "journal-upload.h"
|
||||
|
||||
#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-upload.pem"
|
||||
|
|
@ -40,14 +40,10 @@
|
|||
#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
|
||||
#define DEFAULT_PORT 19532
|
||||
|
||||
static const char* arg_url;
|
||||
|
||||
static void close_fd_input(Uploader *u);
|
||||
|
||||
static const char* arg_url = NULL;
|
||||
static const char *arg_key = NULL;
|
||||
static const char *arg_cert = NULL;
|
||||
static const char *arg_trust = NULL;
|
||||
|
||||
static const char *arg_directory = NULL;
|
||||
static char **arg_file = NULL;
|
||||
static const char *arg_cursor = NULL;
|
||||
|
|
@ -58,6 +54,8 @@ static bool arg_merge = false;
|
|||
static int arg_follow = -1;
|
||||
static const char *arg_save_state = NULL;
|
||||
|
||||
static void close_fd_input(Uploader *u);
|
||||
|
||||
#define SERVER_ANSWER_KEEP 2048
|
||||
|
||||
#define STATE_FILE "/var/lib/systemd/journal-upload/state"
|
||||
|
|
@ -792,6 +790,8 @@ int main(int argc, char **argv) {
|
|||
if (r <= 0)
|
||||
goto finish;
|
||||
|
||||
sigbus_install();
|
||||
|
||||
r = setup_uploader(&u, arg_url, arg_save_state);
|
||||
if (r < 0)
|
||||
goto cleanup;
|
||||
|
|
|
|||
|
|
@ -26,8 +26,7 @@
|
|||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "systemd/sd-journal.h"
|
||||
|
||||
#include "sd-journal.h"
|
||||
#include "build.h"
|
||||
#include "set.h"
|
||||
#include "util.h"
|
||||
|
|
@ -38,6 +37,7 @@
|
|||
#include "journal-internal.h"
|
||||
#include "copy.h"
|
||||
#include "compress.h"
|
||||
#include "sigbus.h"
|
||||
|
||||
static enum {
|
||||
ACTION_NONE,
|
||||
|
|
@ -803,6 +803,8 @@ int main(int argc, char *argv[]) {
|
|||
if (arg_action == ACTION_NONE)
|
||||
goto end;
|
||||
|
||||
sigbus_install();
|
||||
|
||||
r = sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY);
|
||||
if (r < 0) {
|
||||
log_error_errno(r, "Failed to open journal: %m");
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@
|
|||
#include "pager.h"
|
||||
#include "strv.h"
|
||||
#include "set.h"
|
||||
#include "sigbus.h"
|
||||
#include "journal-internal.h"
|
||||
#include "journal-def.h"
|
||||
#include "journal-verify.h"
|
||||
|
|
@ -1723,6 +1724,7 @@ int main(int argc, char *argv[]) {
|
|||
goto finish;
|
||||
|
||||
signal(SIGWINCH, columns_lines_cache_reset);
|
||||
sigbus_install();
|
||||
|
||||
if (arg_action == ACTION_NEW_ID128) {
|
||||
r = generate_new_id128();
|
||||
|
|
|
|||
Loading…
Reference in a new issue