diff options
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/coredump-util.c | 6 | ||||
-rw-r--r-- | src/shared/coredump-util.h | 3 | ||||
-rw-r--r-- | src/shared/creds-util.c | 18 | ||||
-rw-r--r-- | src/shared/generator.c | 46 | ||||
-rw-r--r-- | src/shared/generator.h | 10 | ||||
-rw-r--r-- | src/shared/image-policy.c | 44 | ||||
-rw-r--r-- | src/shared/image-policy.h | 2 |
7 files changed, 83 insertions, 46 deletions
diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c index bf8ea00b14..805503f366 100644 --- a/src/shared/coredump-util.c +++ b/src/shared/coredump-util.c @@ -46,7 +46,7 @@ int coredump_filter_mask_from_string(const char *s, uint64_t *ret) { } if (streq(n, "all")) { - m = UINT64_MAX; + m = COREDUMP_FILTER_MASK_ALL; continue; } @@ -158,9 +158,9 @@ int parse_auxv(int log_level, } int set_coredump_filter(uint64_t value) { - char t[STRLEN("0xFFFFFFFF")]; + char t[HEXADECIMAL_STR_MAX(uint64_t)]; - sprintf(t, "0x%"PRIx64, value); + xsprintf(t, "0x%"PRIx64, value); return write_string_file("/proc/self/coredump_filter", t, WRITE_STRING_FILE_VERIFY_ON_FAILURE|WRITE_STRING_FILE_DISABLE_BUFFER); diff --git a/src/shared/coredump-util.h b/src/shared/coredump-util.h index 99dbfde730..4f54bb94c0 100644 --- a/src/shared/coredump-util.h +++ b/src/shared/coredump-util.h @@ -22,6 +22,9 @@ typedef enum CoredumpFilter { 1u << COREDUMP_FILTER_ELF_HEADERS | \ 1u << COREDUMP_FILTER_PRIVATE_HUGE) +/* The kernel doesn't like UINT64_MAX and returns ERANGE, use UINT32_MAX to support future new flags */ +#define COREDUMP_FILTER_MASK_ALL UINT32_MAX + const char* coredump_filter_to_string(CoredumpFilter i) _const_; CoredumpFilter coredump_filter_from_string(const char *s) _pure_; int coredump_filter_mask_from_string(const char *s, uint64_t *ret); diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c index d570f49e7b..59f580775d 100644 --- a/src/shared/creds-util.c +++ b/src/shared/creds-util.c @@ -96,17 +96,21 @@ int read_credential_strings_many_internal( /* Reads a bunch of credentials into the specified buffers. If the specified buffers are already * non-NULL frees them if a credential is found. Only supports string-based credentials - * (i.e. refuses embedded NUL bytes) */ + * (i.e. refuses embedded NUL bytes). + * + * 0 is returned when some or all credentials are missing. + */ if (!first_name) return 0; r = read_credential(first_name, &b, NULL); - if (r == -ENXIO) /* no creds passed at all? propagate this */ - return r; - if (r < 0) - ret = r; - else + if (r == -ENXIO) /* No creds passed at all? Bail immediately. */ + return 0; + if (r < 0) { + if (r != -ENOENT) + ret = r; + } else free_and_replace(*first_value, b); va_list ap; @@ -127,7 +131,7 @@ int read_credential_strings_many_internal( r = read_credential(name, &bb, NULL); if (r < 0) { - if (ret >= 0) + if (ret >= 0 && r != -ENOENT) ret = r; } else free_and_replace(*value, bb); diff --git a/src/shared/generator.c b/src/shared/generator.c index 2ed4be2bf3..b16d0a0ef2 100644 --- a/src/shared/generator.c +++ b/src/shared/generator.c @@ -21,41 +21,57 @@ #include "specifier.h" #include "string-util.h" #include "time-util.h" +#include "tmpfile-util.h" #include "unit-name.h" -int generator_open_unit_file( +int generator_open_unit_file_full( const char *dir, const char *source, const char *fn, - FILE **ret) { + FILE **ret_file, + char **ret_temp_path) { _cleanup_free_ char *p = NULL; FILE *f; int r; assert(dir); - assert(fn); - assert(ret); + assert(ret_file); - p = path_join(dir, fn); - if (!p) - return log_oom(); + /* If <ret_temp_path> is specified, it creates a temporary unit file and also returns its + * temporary path. */ - r = fopen_unlocked(p, "wxe", &f); - if (r < 0) { - if (source && r == -EEXIST) - return log_error_errno(r, - "Failed to create unit file '%s', as it already exists. Duplicate entry in '%s'?", - p, source); + if (ret_temp_path) { + r = fopen_temporary(dir, &f, &p); + if (r < 0) + return log_error_errno(r, "Failed to create temporary unit file in '%s': %m", dir); + + (void) fchmod(fileno(f), 0644); - return log_error_errno(r, "Failed to create unit file '%s': %m", p); + *ret_temp_path = TAKE_PTR(p); + } else { + assert(fn); + + p = path_join(dir, fn); + if (!p) + return log_oom(); + + r = fopen_unlocked(p, "wxe", &f); + if (r < 0) { + if (source && r == -EEXIST) + return log_error_errno(r, + "Failed to create unit file '%s', as it already exists. Duplicate entry in '%s'?", + p, source); + + return log_error_errno(r, "Failed to create unit file '%s': %m", p); + } } fprintf(f, "# Automatically generated by %s\n\n", program_invocation_short_name); - *ret = f; + *ret_file = f; return 0; } diff --git a/src/shared/generator.h b/src/shared/generator.h index 111900fd45..d97d6edc67 100644 --- a/src/shared/generator.h +++ b/src/shared/generator.h @@ -6,11 +6,11 @@ #include "macro.h" #include "main-func.h" -int generator_open_unit_file( - const char *dest, - const char *source, - const char *name, - FILE **file); +int generator_open_unit_file_full(const char *dest, const char *source, const char *name, FILE **ret_file, char **ret_temp_path); + +static inline int generator_open_unit_file(const char *dest, const char *source, const char *name, FILE **ret_file) { + return generator_open_unit_file_full(dest, source, name, ret_file, NULL); +} int generator_add_symlink_full(const char *dir, const char *dst, const char *dep_type, const char *src, const char *instance); diff --git a/src/shared/image-policy.c b/src/shared/image-policy.c index bccd55406e..a831d22a04 100644 --- a/src/shared/image-policy.c +++ b/src/shared/image-policy.c @@ -33,6 +33,23 @@ static PartitionPolicy* image_policy_bsearch(const ImagePolicy *policy, Partitio partition_policy_compare); } +PartitionPolicyFlags partition_policy_flags_extend(PartitionPolicyFlags flags) { + /* If some parts of a flags field are left unspecified, let's fill in all options. */ + + /* If no protection flag is set, then this means all are set */ + if ((flags & _PARTITION_POLICY_USE_MASK) == 0) + flags |= PARTITION_POLICY_OPEN; + + /* If the gpt flags bits are not specified, set both options for each */ + if ((flags & _PARTITION_POLICY_READ_ONLY_MASK) == 0) + flags |= PARTITION_POLICY_READ_ONLY_ON|PARTITION_POLICY_READ_ONLY_OFF; + + if ((flags & _PARTITION_POLICY_GROWFS_MASK) == 0) + flags |= PARTITION_POLICY_GROWFS_ON|PARTITION_POLICY_GROWFS_OFF; + + return flags; +} + static PartitionPolicyFlags partition_policy_normalized_flags(const PartitionPolicy *policy) { PartitionPolicyFlags flags = ASSERT_PTR(policy)->flags; @@ -40,9 +57,7 @@ static PartitionPolicyFlags partition_policy_normalized_flags(const PartitionPol * unspecified, we'll fill in the appropriate "dontcare" policy instead. We'll also mask out bits * that do not make any sense for specific partition types. */ - /* If no protection flag is set, then this means all are set */ - if ((flags & _PARTITION_POLICY_USE_MASK) == 0) - flags |= PARTITION_POLICY_OPEN; + flags = partition_policy_flags_extend(flags); /* If this is a verity or verity signature designator, then mask off all protection bits, this after * all needs no protection, because it *is* the protection */ @@ -54,16 +69,9 @@ static PartitionPolicyFlags partition_policy_normalized_flags(const PartitionPol if (partition_verity_of(policy->designator) < 0) flags &= ~(PARTITION_POLICY_VERITY|PARTITION_POLICY_SIGNED); + /* If the partition must be absent, then the gpt flags don't matter */ if ((flags & _PARTITION_POLICY_USE_MASK) == PARTITION_POLICY_ABSENT) - /* If the partition must be absent, then the gpt flags don't matter */ flags &= ~(_PARTITION_POLICY_READ_ONLY_MASK|_PARTITION_POLICY_GROWFS_MASK); - else { - /* If the gpt flags bits are not specified, set both options for each */ - if ((flags & _PARTITION_POLICY_READ_ONLY_MASK) == 0) - flags |= PARTITION_POLICY_READ_ONLY_ON|PARTITION_POLICY_READ_ONLY_OFF; - if ((flags & _PARTITION_POLICY_GROWFS_MASK) == 0) - flags |= PARTITION_POLICY_GROWFS_ON|PARTITION_POLICY_GROWFS_OFF; - } return flags; } @@ -427,12 +435,16 @@ int partition_policy_flags_to_string(PartitionPolicyFlags flags, bool simplify, return 0; } +static bool partition_policy_flags_extended_equal(PartitionPolicyFlags a, PartitionPolicyFlags b) { + return partition_policy_flags_extend(a) == partition_policy_flags_extend(b); +} + static int image_policy_flags_all_match(const ImagePolicy *policy, PartitionPolicyFlags expected) { if (expected < 0) return -EINVAL; - if (image_policy_default(policy) != expected) + if (!partition_policy_flags_extended_equal(image_policy_default(policy), expected)) return false; for (PartitionDesignator d = 0; d < _PARTITION_DESIGNATOR_MAX; d++) { @@ -532,7 +544,7 @@ int image_policy_to_string(const ImagePolicy *policy, bool simplify, char **ret) return -ENOMEM; } - if (!simplify || image_policy_default(policy) != PARTITION_POLICY_IGNORE) { + if (!simplify || !partition_policy_flags_extended_equal(image_policy_default(policy), PARTITION_POLICY_IGNORE)) { _cleanup_free_ char *df = NULL; r = partition_policy_flags_to_string(image_policy_default(policy), simplify, &df); @@ -580,7 +592,7 @@ int image_policy_equivalent(const ImagePolicy *a, const ImagePolicy *b) { * redundant, and will be recognized as such by image_policy_equivalent() but not by * image_policy_equal()- */ - if (image_policy_default(a) != image_policy_default(b)) + if (!partition_policy_flags_extended_equal(image_policy_default(a), image_policy_default(b))) return false; for (PartitionDesignator d = 0; d < _PARTITION_DESIGNATOR_MAX; d++) { @@ -671,13 +683,13 @@ const ImagePolicy image_policy_allow = { }; const ImagePolicy image_policy_deny = { - /* Allow policy */ + /* Deny policy */ .n_policies = 0, .default_flags = PARTITION_POLICY_ABSENT, }; const ImagePolicy image_policy_ignore = { - /* Allow policy */ + /* Ignore policy */ .n_policies = 0, .default_flags = PARTITION_POLICY_IGNORE, }; diff --git a/src/shared/image-policy.h b/src/shared/image-policy.h index 1b3d068c72..675b061f54 100644 --- a/src/shared/image-policy.h +++ b/src/shared/image-policy.h @@ -78,6 +78,8 @@ static inline size_t image_policy_n_entries(const ImagePolicy *policy) { return policy ? policy->n_policies : 0; } +PartitionPolicyFlags partition_policy_flags_extend(PartitionPolicyFlags flags); + PartitionPolicyFlags partition_policy_flags_from_string(const char *s); int partition_policy_flags_to_string(PartitionPolicyFlags flags, bool simplify, char **ret); |