X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fexecute.c;h=5083af9aedec5b4011b55a3f6fbe7900d69b21cd;hb=4e6db59202ad2dbbef56a69985643390ffdd57bd;hp=85edca17e331201167d96742d3abe32825878fa7;hpb=cbb21cca098f9063b0ff5548b2c73ab517f55ea5;p=elogind.git diff --git a/src/core/execute.c b/src/core/execute.c index 85edca17e..5083af9ae 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -205,7 +205,10 @@ static int open_null_as(int flags, int nfd) { static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) { int fd, r; - union sockaddr_union sa; + union sockaddr_union sa = { + .un.sun_family = AF_UNIX, + .un.sun_path = "/run/systemd/journal/stdout", + }; assert(context); assert(output < _EXEC_OUTPUT_MAX); @@ -216,10 +219,6 @@ static int connect_logger_as(const ExecContext *context, ExecOutput output, cons if (fd < 0) return -errno; - zero(sa); - sa.un.sun_family = AF_UNIX; - strncpy(sa.un.sun_path, "/run/systemd/journal/stdout", sizeof(sa.un.sun_path)); - r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)); if (r < 0) { close_nointr_nofail(fd); @@ -938,7 +937,7 @@ static int apply_seccomp(uint32_t *syscall_filter) { int i; unsigned n; struct sock_filter *f; - struct sock_fprog prog; + struct sock_fprog prog = {}; assert(syscall_filter); @@ -970,7 +969,6 @@ static int apply_seccomp(uint32_t *syscall_filter) { memcpy(f + (ELEMENTSOF(header) + 2*n), footer, sizeof(footer)); /* Third: install the filter */ - zero(prog); prog.len = ELEMENTSOF(header) + ELEMENTSOF(footer) + 2*n; prog.filter = f; if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0) @@ -1047,6 +1045,11 @@ int exec_spawn(ExecCommand *command, if (r < 0) return r; + /* We must initialize the attributes in the parent, before we + fork, because we really need them initialized before making + the process a member of the group (which we do in both the + child and the parent), and we cannot really apply them twice + (due to 'append' style attributes) */ cgroup_attribute_apply_list(cgroup_attributes, cgroup_bondings); if (context->private_tmp && !context->tmp_dir && !context->var_tmp_dir) { @@ -1195,7 +1198,7 @@ int exec_spawn(ExecCommand *command, snprintf(t, sizeof(t), "%i", context->oom_score_adjust); char_array_0(t); - if (write_one_line_file("/proc/self/oom_score_adj", t) < 0) { + if (write_string_file("/proc/self/oom_score_adj", t) < 0) { err = -errno; r = EXIT_OOM_ADJUST; goto fail_child; @@ -1210,13 +1213,16 @@ int exec_spawn(ExecCommand *command, } if (context->cpu_sched_set) { - struct sched_param param; - - zero(param); - param.sched_priority = context->cpu_sched_priority; + struct sched_param param = { + .sched_priority = context->cpu_sched_priority, + }; - if (sched_setscheduler(0, context->cpu_sched_policy | - (context->cpu_sched_reset_on_fork ? SCHED_RESET_ON_FORK : 0), ¶m) < 0) { + r = sched_setscheduler(0, + context->cpu_sched_policy | + (context->cpu_sched_reset_on_fork ? + SCHED_RESET_ON_FORK : 0), + ¶m); + if (r < 0) { err = -errno; r = EXIT_SETSCHEDULER; goto fail_child; @@ -1266,7 +1272,12 @@ int exec_spawn(ExecCommand *command, if (cgroup_bondings && context->control_group_modify) { err = cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid); if (err >= 0) - err = cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid, context->control_group_persistent); + err = cgroup_bonding_set_task_access_list( + cgroup_bondings, + 0644, + uid, + gid, + context->control_group_persistent); if (err < 0) { r = EXIT_CGROUP; goto fail_child; @@ -1277,7 +1288,12 @@ int exec_spawn(ExecCommand *command, } if (cgroup_bondings && !set_access && context->control_group_persistent >= 0) { - err = cgroup_bonding_set_task_access_list(cgroup_bondings, (mode_t) -1, (uid_t) -1, (uid_t) -1, context->control_group_persistent); + err = cgroup_bonding_set_task_access_list( + cgroup_bondings, + (mode_t) -1, + (uid_t) -1, + (uid_t) -1, + context->control_group_persistent); if (err < 0) { r = EXIT_CGROUP; goto fail_child; @@ -1437,7 +1453,8 @@ int exec_spawn(ExecCommand *command, } } - if (!(our_env = new0(char*, 7))) { + our_env = new0(char*, 7); + if (!our_env) { err = -ENOMEM; r = EXIT_MEMORY; goto fail_child; @@ -1477,20 +1494,21 @@ int exec_spawn(ExecCommand *command, assert(n_env <= 7); - if (!(final_env = strv_env_merge( - 5, - environment, - our_env, - context->environment, - files_env, - pam_env, - NULL))) { + final_env = strv_env_merge(5, + environment, + our_env, + context->environment, + files_env, + pam_env, + NULL); + if (!final_env) { err = -ENOMEM; r = EXIT_MEMORY; goto fail_child; } - if (!(final_argv = replace_env_argv(argv, final_env))) { + final_argv = replace_env_argv(argv, final_env); + if (!final_argv) { err = -ENOMEM; r = EXIT_MEMORY; goto fail_child; @@ -1519,18 +1537,17 @@ int exec_spawn(ExecCommand *command, } log_struct_unit(LOG_DEBUG, - unit_id, - "MESSAGE=Forked %s as %lu", - command->path, (unsigned long) pid, - NULL); + unit_id, + "MESSAGE=Forked %s as %lu", + command->path, (unsigned long) pid, + NULL); /* We add the new process to the cgroup both in the child (so * that we can be sure that no user code is ever executed * outside of the cgroup) and in the parent (so that we can be * sure that when we kill the cgroup the process will be * killed too). */ - if (cgroup_bondings) - cgroup_bonding_install_list(cgroup_bondings, pid, cgroup_suffix); + cgroup_bonding_install_list(cgroup_bondings, pid, cgroup_suffix); exec_status_start(&command->exec_status, pid); @@ -1695,7 +1712,7 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { int k; bool ignore = false; char **p; - glob_t pglob; + glob_t _cleanup_globfree_ pglob = {}; int count, n; fn = *i; @@ -1706,7 +1723,6 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { } if (!path_is_absolute(fn)) { - if (ignore) continue; @@ -1715,10 +1731,8 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { } /* Filename supports globbing, take all matching files */ - zero(pglob); errno = 0; if (glob(fn, 0, NULL, &pglob) != 0) { - globfree(&pglob); if (ignore) continue; @@ -1727,7 +1741,6 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { } count = pglob.gl_pathc; if (count == 0) { - globfree(&pglob); if (ignore) continue; @@ -1735,13 +1748,12 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { return -EINVAL; } for (n = 0; n < count; n++) { - k = load_env_file(pglob.gl_pathv[n], &p); + k = load_env_file(pglob.gl_pathv[n], NULL, &p); if (k < 0) { if (ignore) continue; strv_free(r); - globfree(&pglob); return k; } @@ -1753,16 +1765,12 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { m = strv_env_merge(2, r, p); strv_free(r); strv_free(p); - - if (!m) { - globfree(&pglob); + if (!m) return -ENOMEM; - } r = m; } } - globfree(&pglob); } *l = r;