X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fmain.c;h=921476a042c7d9be0f0b82ee18042f84eb1cf074;hb=245802dd89ccf10de446faff5577e041d5372062;hp=1c2453c9b1871e21fcf781e7849e14e80a93b2be;hpb=dd7c30c36a8235652e7c1ad8e6082f32ff6de2f9;p=elogind.git diff --git a/src/core/main.c b/src/core/main.c index 1c2453c9b..921476a04 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -67,6 +67,7 @@ #include "selinux-setup.h" #include "ima-setup.h" #include "fileio.h" +#include "smack-setup.h" static enum { ACTION_RUN, @@ -106,20 +107,21 @@ _noreturn_ static void crash(int sig) { if (!arg_dump_core) log_error("Caught <%s>, not dumping core.", signal_to_string(sig)); else { - struct sigaction sa; + struct sigaction sa = { + .sa_handler = nop_handler, + .sa_flags = SA_NOCLDSTOP|SA_RESTART, + }; pid_t pid; /* We want to wait for the core process, hence let's enable SIGCHLD */ - zero(sa); - sa.sa_handler = nop_handler; - sa.sa_flags = SA_NOCLDSTOP|SA_RESTART; assert_se(sigaction(SIGCHLD, &sa, NULL) == 0); - if ((pid = fork()) < 0) + pid = fork(); + if (pid < 0) log_error("Caught <%s>, cannot fork for core dump: %s", signal_to_string(sig), strerror(errno)); else if (pid == 0) { - struct rlimit rl; + struct rlimit rl = {}; /* Enable default signal handler for core dump */ zero(sa); @@ -127,7 +129,6 @@ _noreturn_ static void crash(int sig) { assert_se(sigaction(sig, &sa, NULL) == 0); /* Don't limit the core dump size */ - zero(rl); rl.rlim_cur = RLIM_INFINITY; rl.rlim_max = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &rl); @@ -146,7 +147,8 @@ _noreturn_ static void crash(int sig) { int r; /* Order things nicely. */ - if ((r = wait_for_terminate(pid, &status)) < 0) + r = wait_for_terminate(pid, &status); + if (r < 0) log_error("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r)); else if (status.si_code != CLD_DUMPED) log_error("Caught <%s>, core dump failed.", signal_to_string(sig)); @@ -159,16 +161,16 @@ _noreturn_ static void crash(int sig) { chvt(arg_crash_chvt); if (arg_crash_shell) { - struct sigaction sa; + struct sigaction sa = { + .sa_handler = SIG_IGN, + .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART, + }; pid_t pid; log_info("Executing crash shell in 10s..."); sleep(10); /* Let the kernel reap children for us */ - zero(sa); - sa.sa_handler = SIG_IGN; - sa.sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART; assert_se(sigaction(SIGCHLD, &sa, NULL) == 0); pid = fork(); @@ -190,12 +192,10 @@ _noreturn_ static void crash(int sig) { } static void install_crash_handler(void) { - struct sigaction sa; - - zero(sa); - - sa.sa_handler = crash; - sa.sa_flags = SA_NODEFER; + struct sigaction sa = { + .sa_handler = crash, + .sa_flags = SA_NODEFER, + }; sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1); } @@ -681,8 +681,8 @@ static int parse_config_file(void) { { "Manager", "DefaultStandardOutput", config_parse_output, 0, &arg_default_std_output }, { "Manager", "DefaultStandardError", config_parse_output, 0, &arg_default_std_error }, { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers }, - { "Manager", "RuntimeWatchdogSec", config_parse_usec, 0, &arg_runtime_watchdog }, - { "Manager", "ShutdownWatchdogSec", config_parse_usec, 0, &arg_shutdown_watchdog }, + { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog }, + { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog }, { "Manager", "CapabilityBoundingSet", config_parse_bounding_set, 0, &arg_capability_bounding_set_drop }, { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec }, { "Manager", "DefaultLimitCPU", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CPU]}, @@ -704,7 +704,7 @@ static int parse_config_file(void) { { NULL, NULL, NULL, 0, NULL } }; - FILE *f; + FILE _cleanup_fclose_ *f; const char *fn; int r; @@ -722,8 +722,6 @@ static int parse_config_file(void) { if (r < 0) log_warning("Failed to parse configuration file: %s", strerror(-r)); - fclose(f); - return 0; } @@ -1309,19 +1307,13 @@ int main(int argc, char *argv[]) { /* Determine if this is a reexecution or normal bootup. We do * the full command line parsing much later, so let's just * have a quick peek here. */ - for (j = 1; j < argc; j++) - if (streq(argv[j], "--deserialize")) { - skip_setup = true; - break; - } + if (strv_find(argv+1, "--deserialize")) + skip_setup = true; /* If we have switched root, do all the special setup * things */ - for (j = 1; j < argc; j++) - if (streq(argv[j], "--switched-root")) { - skip_setup = false; - break; - } + if (strv_find(argv+1, "--switched-root")) + skip_setup = false; /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we are then @@ -1357,10 +1349,13 @@ int main(int argc, char *argv[]) { } if (!skip_setup) { + mount_setup_early(); if (selinux_setup(&loaded_policy) < 0) goto finish; if (ima_setup() < 0) goto finish; + if (smack_setup() < 0) + goto finish; } if (label_init(NULL) < 0) @@ -1433,7 +1428,7 @@ int main(int argc, char *argv[]) { /* Mount /proc, /sys and friends, so that /proc/cmdline and * /proc/$PID/fd is available. */ - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { + if (getpid() == 1) { r = mount_setup(loaded_policy); if (r < 0) goto finish; @@ -1575,10 +1570,9 @@ int main(int argc, char *argv[]) { /* Make sure we leave a core dump without panicing the * kernel. */ - if (getpid() == 1) + if (getpid() == 1) { install_crash_handler(); - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { r = mount_cgroup_controllers(arg_join_controllers); if (r < 0) goto finish; @@ -1732,17 +1726,28 @@ int main(int argc, char *argv[]) { } r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job); - if (r < 0) { - log_error("Failed to start default target: %s", bus_error(&error, r)); + if (r == -EPERM) { + log_error("Default target could not be isolated, starting instead: %s", bus_error(&error, r)); + dbus_error_free(&error); + + r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job); + if (r < 0) { + log_error("Failed to start default target: %s", bus_error(&error, r)); + dbus_error_free(&error); + goto finish; + } + } else if (r < 0) { + log_error("Failed to isolate default target: %s", bus_error(&error, r)); dbus_error_free(&error); goto finish; } + m->default_unit_job_id = default_unit_job->id; after_startup = now(CLOCK_MONOTONIC); log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG, "Loaded units and determined initial transaction in %s.", - format_timespan(timespan, sizeof(timespan), after_startup - before_startup)); + format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 0)); if (arg_action == ACTION_TEST) { printf("-> By jobs:\n");