diff options
author | Quentin Deslandes <qdeslandes@naccy.de> | 2022-07-22 17:18:15 +0200 |
---|---|---|
committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2022-07-25 10:15:43 +0200 |
commit | e88748c17e58aad6818e64fd3071de011808165e (patch) | |
tree | 0fa58bda1d6993d81d5c1ba837147e1cd68febc3 /src/sysctl | |
parent | 3657d3a01c7e25ff86d7a4642065b367c4ff7484 (diff) | |
download | systemd-e88748c17e58aad6818e64fd3071de011808165e.tar.gz |
sysctl: add --strict option to fail if sysctl does not exists
systemd-sysctl currently fails silently under any of these conditions:
- Missing permission to write a sysctl.
- Invalid sysctl (path doesn't exists).
- Ignore failure flag ('-' in front of the sysctl name).
Because of this behaviour, configuration issues can go unnoticed as
there is no way to detect those unless going through the logs.
--strict option forces systemd-sysctl to fail if a sysctl is invalid or
if permission are insufficient. Errors on sysctl marked as "ignore
failure" will still be ignored.
Diffstat (limited to 'src/sysctl')
-rw-r--r-- | src/sysctl/sysctl.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c index e92640d948..de0e03ec95 100644 --- a/src/sysctl/sysctl.c +++ b/src/sysctl/sysctl.c @@ -28,6 +28,7 @@ static char **arg_prefixes = NULL; static bool arg_cat_config = false; +static bool arg_strict = false; static PagerFlags arg_pager_flags = 0; STATIC_DESTRUCTOR_REGISTER(arg_prefixes, strv_freep); @@ -101,13 +102,16 @@ static int sysctl_write_or_warn(const char *key, const char *value, bool ignore_ r = sysctl_write(key, value); if (r < 0) { - /* If the sysctl is not available in the kernel or we are running with reduced privileges and - * cannot write it, then log about the issue, and proceed without failing. (EROFS is treated - * as a permission problem here, since that's how container managers usually protected their - * sysctls.) In all other cases log an error and make the tool fail. */ - if (ignore_failure || r == -EROFS || ERRNO_IS_PRIVILEGE(r)) + /* Proceed without failing if ignore_failure is true. + * If the sysctl is not available in the kernel or we are running with reduced privileges and + * cannot write it, then log about the issue, and proceed without failing. Unless strict mode + * (arg_strict = true) is enabled, in which case we should fail. (EROFS is treated as a + * permission problem here, since that's how container managers usually protected their + * sysctls.) + * In all other cases log an error and make the tool fail. */ + if (ignore_failure || (!arg_strict && (r == -EROFS || ERRNO_IS_PRIVILEGE(r)))) log_debug_errno(r, "Couldn't write '%s' to '%s', ignoring: %m", value, key); - else if (r == -ENOENT) + else if (!arg_strict && r == -ENOENT) log_warning_errno(r, "Couldn't write '%s' to '%s', ignoring: %m", value, key); else return log_error_errno(r, "Couldn't write '%s' to '%s': %m", value, key); @@ -326,6 +330,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_CAT_CONFIG, ARG_PREFIX, ARG_NO_PAGER, + ARG_STRICT, }; static const struct option options[] = { @@ -334,6 +339,7 @@ static int parse_argv(int argc, char *argv[]) { { "cat-config", no_argument, NULL, ARG_CAT_CONFIG }, { "prefix", required_argument, NULL, ARG_PREFIX }, { "no-pager", no_argument, NULL, ARG_NO_PAGER }, + { "strict", no_argument, NULL, ARG_STRICT }, {} }; @@ -382,6 +388,10 @@ static int parse_argv(int argc, char *argv[]) { arg_pager_flags |= PAGER_DISABLE; break; + case ARG_STRICT: + arg_strict = true; + break; + case '?': return -EINVAL; |