X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fexecute.c;h=5083af9aedec5b4011b55a3f6fbe7900d69b21cd;hb=4e6db59202ad2dbbef56a69985643390ffdd57bd;hp=2c13d1f9f60e8a8c9d7f7e0e15844f33bebc7d2c;hpb=f73141d7657b3f60b8669bc8386413d8a8a372c6;p=elogind.git diff --git a/src/core/execute.c b/src/core/execute.c index 2c13d1f9f..5083af9ae 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -205,7 +205,10 @@ static int open_null_as(int flags, int nfd) { static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) { int fd, r; - union sockaddr_union sa; + union sockaddr_union sa = { + .un.sun_family = AF_UNIX, + .un.sun_path = "/run/systemd/journal/stdout", + }; assert(context); assert(output < _EXEC_OUTPUT_MAX); @@ -216,10 +219,6 @@ static int connect_logger_as(const ExecContext *context, ExecOutput output, cons if (fd < 0) return -errno; - zero(sa); - sa.un.sun_family = AF_UNIX; - strncpy(sa.un.sun_path, "/run/systemd/journal/stdout", sizeof(sa.un.sun_path)); - r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)); if (r < 0) { close_nointr_nofail(fd); @@ -938,7 +937,7 @@ static int apply_seccomp(uint32_t *syscall_filter) { int i; unsigned n; struct sock_filter *f; - struct sock_fprog prog; + struct sock_fprog prog = {}; assert(syscall_filter); @@ -970,7 +969,6 @@ static int apply_seccomp(uint32_t *syscall_filter) { memcpy(f + (ELEMENTSOF(header) + 2*n), footer, sizeof(footer)); /* Third: install the filter */ - zero(prog); prog.len = ELEMENTSOF(header) + ELEMENTSOF(footer) + 2*n; prog.filter = f; if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0) @@ -1047,6 +1045,11 @@ int exec_spawn(ExecCommand *command, if (r < 0) return r; + /* We must initialize the attributes in the parent, before we + fork, because we really need them initialized before making + the process a member of the group (which we do in both the + child and the parent), and we cannot really apply them twice + (due to 'append' style attributes) */ cgroup_attribute_apply_list(cgroup_attributes, cgroup_bondings); if (context->private_tmp && !context->tmp_dir && !context->var_tmp_dir) { @@ -1210,10 +1213,9 @@ int exec_spawn(ExecCommand *command, } if (context->cpu_sched_set) { - struct sched_param param; - - zero(param); - param.sched_priority = context->cpu_sched_priority; + struct sched_param param = { + .sched_priority = context->cpu_sched_priority, + }; r = sched_setscheduler(0, context->cpu_sched_policy | @@ -1270,7 +1272,12 @@ int exec_spawn(ExecCommand *command, if (cgroup_bondings && context->control_group_modify) { err = cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid); if (err >= 0) - err = cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid, context->control_group_persistent); + err = cgroup_bonding_set_task_access_list( + cgroup_bondings, + 0644, + uid, + gid, + context->control_group_persistent); if (err < 0) { r = EXIT_CGROUP; goto fail_child; @@ -1281,7 +1288,12 @@ int exec_spawn(ExecCommand *command, } if (cgroup_bondings && !set_access && context->control_group_persistent >= 0) { - err = cgroup_bonding_set_task_access_list(cgroup_bondings, (mode_t) -1, (uid_t) -1, (uid_t) -1, context->control_group_persistent); + err = cgroup_bonding_set_task_access_list( + cgroup_bondings, + (mode_t) -1, + (uid_t) -1, + (uid_t) -1, + context->control_group_persistent); if (err < 0) { r = EXIT_CGROUP; goto fail_child; @@ -1535,8 +1547,7 @@ int exec_spawn(ExecCommand *command, * outside of the cgroup) and in the parent (so that we can be * sure that when we kill the cgroup the process will be * killed too). */ - if (cgroup_bondings) - cgroup_bonding_install_list(cgroup_bondings, pid, cgroup_suffix); + cgroup_bonding_install_list(cgroup_bondings, pid, cgroup_suffix); exec_status_start(&command->exec_status, pid); @@ -1701,7 +1712,7 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { int k; bool ignore = false; char **p; - glob_t pglob; + glob_t _cleanup_globfree_ pglob = {}; int count, n; fn = *i; @@ -1712,7 +1723,6 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { } if (!path_is_absolute(fn)) { - if (ignore) continue; @@ -1721,10 +1731,8 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { } /* Filename supports globbing, take all matching files */ - zero(pglob); errno = 0; if (glob(fn, 0, NULL, &pglob) != 0) { - globfree(&pglob); if (ignore) continue; @@ -1733,7 +1741,6 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { } count = pglob.gl_pathc; if (count == 0) { - globfree(&pglob); if (ignore) continue; @@ -1747,7 +1754,6 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { continue; strv_free(r); - globfree(&pglob); return k; } @@ -1759,16 +1765,12 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { m = strv_env_merge(2, r, p); strv_free(r); strv_free(p); - - if (!m) { - globfree(&pglob); + if (!m) return -ENOMEM; - } r = m; } } - globfree(&pglob); } *l = r;