diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-01-16 14:45:28 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-01-16 14:45:50 +0100 |
| commit | 32458cc9687c1b60ff0f22c0e71da93ce78b1534 (patch) | |
| tree | 60b494f34e98936c54bb4ff6c31192b4d4c7d522 /src/sysctl | |
| parent | b2ae4d9eb85f80d639733e0ff140c5fa8cae71ab (diff) | |
| download | systemd-32458cc9687c1b60ff0f22c0e71da93ce78b1534.tar.gz | |
sysctl: downgrade message when we have no permission
We need to run sysctl also in containers, because the network
subtree is namespaces and may legitimately be writable. But logging
all "errors" at notice level creates unwanted noise.
Also downgrade message about missing sysctls to log_info. This might also be
relatively common when configuration is targeted at different kernel
versions. With log_debug it'll still end up in the logs, but isn't really worth
of "notice" most of the time.
https://bugzilla.redhat.com/show_bug.cgi?id=1609806
Diffstat (limited to 'src/sysctl')
| -rw-r--r-- | src/sysctl/sysctl.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c index 1ced48b4db..afef0a222b 100644 --- a/src/sysctl/sysctl.c +++ b/src/sysctl/sysctl.c @@ -11,6 +11,7 @@ #include "conf-files.h" #include "def.h" +#include "errno-util.h" #include "fd-util.h" #include "fileio.h" #include "hashmap.h" @@ -85,13 +86,15 @@ static int apply_all(OrderedHashmap *sysctl_options) { k = sysctl_write(option->key, option->value); if (k < 0) { /* If the sysctl is not available in the kernel or we are running with reduced - * privileges and cannot write it, then log about the issue at LOG_NOTICE level, and - * proceed without failing. (EROFS is treated as a permission problem here, since - * that's how container managers usually protected their sysctls.) In all other cases - * log an error and make the tool fail. */ - - if (IN_SET(k, -EPERM, -EACCES, -EROFS, -ENOENT) || option->ignore_failure) - log_notice_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key); + * privileges and cannot write it, then log about the issue, and proceed without + * failing. (EROFS is treated as a permission problem here, since that's how + * container managers usually protected their sysctls.) In all other cases log an + * error and make the tool fail. */ + + if (option->ignore_failure || k == -EROFS || ERRNO_IS_PRIVILEGE(k)) + log_debug_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key); + else if (k == -ENOENT) + log_info_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key); else { log_error_errno(k, "Couldn't write '%s' to '%s': %m", option->value, option->key); if (r == 0) |