From: Sven Eden Date: Tue, 13 Mar 2018 18:05:56 +0000 (+0100) Subject: Prep v236: Update build system and adapt to eloginds needs. X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=d911f1cdcb6f314a1ec33493281520627fff0d08;p=elogind.git Prep v236: Update build system and adapt to eloginds needs. --- diff --git a/meson.build b/meson.build index cd9405ad6..dc0e4e63f 100644 --- a/meson.build +++ b/meson.build @@ -730,70 +730,72 @@ conf.set('SYSTEM_GID_MAX', system_gid_max) substs.set('systemgidmax', system_gid_max) message('maximum system GID is @0@'.format(system_gid_max)) -dynamic_uid_min = get_option('dynamic-uid-min').to_int() -dynamic_uid_max = get_option('dynamic-uid-max').to_int() -conf.set('DYNAMIC_UID_MIN', dynamic_uid_min) -conf.set('DYNAMIC_UID_MAX', dynamic_uid_max) -substs.set('dynamicuidmin', dynamic_uid_min) -substs.set('dynamicuidmax', dynamic_uid_max) - -container_uid_base_min = get_option('container-uid-base-min').to_int() -container_uid_base_max = get_option('container-uid-base-max').to_int() -conf.set('CONTAINER_UID_BASE_MIN', container_uid_base_min) -conf.set('CONTAINER_UID_BASE_MAX', container_uid_base_max) -substs.set('containeruidbasemin', container_uid_base_min) -substs.set('containeruidbasemax', container_uid_base_max) - -nobody_user = get_option('nobody-user') -nobody_group = get_option('nobody-group') - -getent_result = run_command('getent', 'passwd', '65534') -if getent_result.returncode() == 0 - name = getent_result.stdout().split(':')[0] - if name != nobody_user - message('WARNING:\n' + - ' The local user with the UID 65534 does not match the configured user name "@0@" of the nobody user (its name is @1@).\n'.format(nobody_user, name) + - ' Your build will result in an user table setup that is incompatible with the local system.') - endif -endif -id_result = run_command('id', '-u', nobody_user) -if id_result.returncode() == 0 - id = id_result.stdout().to_int() - if id != 65534 - message('WARNING:\n' + - ' The local user with the configured user name "@0@" of the nobody user does not have UID 65534 (it has @1@).\n'.format(nobody_user, id) + - ' Your build will result in an user table setup that is incompatible with the local system.') - endif -endif - -getent_result = run_command('getent', 'group', '65534') -if getent_result.returncode() == 0 - name = getent_result.stdout().split(':')[0] - if name != nobody_group - message('WARNING:\n' + - ' The local group with the GID 65534 does not match the configured group name "@0@" of the nobody group (its name is @1@).\n'.format(nobody_group, name) + - ' Your build will result in an group table setup that is incompatible with the local system.') - endif -endif -id_result = run_command('id', '-g', nobody_group) -if id_result.returncode() == 0 - id = id_result.stdout().to_int() - if id != 65534 - message('WARNING:\n' + - ' The local group with the configured group name "@0@" of the nobody group does not have UID 65534 (it has @1@).\n'.format(nobody_group, id) + - ' Your build will result in an group table setup that is incompatible with the local system.') - endif -endif -if nobody_user != nobody_group and not (nobody_user == 'nobody' and nobody_group == 'nogroup') - message('WARNING:\n' + - ' The configured user name "@0@" and group name "@0@" of the nobody user/group are not equivalent.\n'.format(nobody_user, nobody_group) + - ' Please re-check that both "nobody-user" and "nobody-group" options are correctly set.') -endif - -conf.set_quoted('NOBODY_USER_NAME', nobody_user) -conf.set_quoted('NOBODY_GROUP_NAME', nobody_group) -substs.set('NOBODY_USER_NAME', nobody_user) -substs.set('NOBODY_GROUP_NAME', nobody_group) +#if 0 /// UNNEEDED by elogind +# dynamic_uid_min = get_option('dynamic-uid-min').to_int() +# dynamic_uid_max = get_option('dynamic-uid-max').to_int() +# conf.set('DYNAMIC_UID_MIN', dynamic_uid_min) +# conf.set('DYNAMIC_UID_MAX', dynamic_uid_max) +# substs.set('dynamicuidmin', dynamic_uid_min) +# substs.set('dynamicuidmax', dynamic_uid_max) +# +# container_uid_base_min = get_option('container-uid-base-min').to_int() +# container_uid_base_max = get_option('container-uid-base-max').to_int() +# conf.set('CONTAINER_UID_BASE_MIN', container_uid_base_min) +# conf.set('CONTAINER_UID_BASE_MAX', container_uid_base_max) +# substs.set('containeruidbasemin', container_uid_base_min) +# substs.set('containeruidbasemax', container_uid_base_max) +# +# nobody_user = get_option('nobody-user') +# nobody_group = get_option('nobody-group') +# +# getent_result = run_command('getent', 'passwd', '65534') +# if getent_result.returncode() == 0 +# name = getent_result.stdout().split(':')[0] +# if name != nobody_user +# message('WARNING:\n' + +# ' The local user with the UID 65534 does not match the configured user name "@0@" of the nobody user (its name is @1@).\n'.format(nobody_user, name) + +# ' Your build will result in an user table setup that is incompatible with the local system.') +# endif +# endif +# id_result = run_command('id', '-u', nobody_user) +# if id_result.returncode() == 0 +# id = id_result.stdout().to_int() +# if id != 65534 +# message('WARNING:\n' + +# ' The local user with the configured user name "@0@" of the nobody user does not have UID 65534 (it has @1@).\n'.format(nobody_user, id) + +# ' Your build will result in an user table setup that is incompatible with the local system.') +# endif +# endif +# +# getent_result = run_command('getent', 'group', '65534') +# if getent_result.returncode() == 0 +# name = getent_result.stdout().split(':')[0] +# if name != nobody_group +# message('WARNING:\n' + +# ' The local group with the GID 65534 does not match the configured group name "@0@" of the nobody group (its name is @1@).\n'.format(nobody_group, name) + +# ' Your build will result in an group table setup that is incompatible with the local system.') +# endif +# endif +# id_result = run_command('id', '-g', nobody_group) +# if id_result.returncode() == 0 +# id = id_result.stdout().to_int() +# if id != 65534 +# message('WARNING:\n' + +# ' The local group with the configured group name "@0@" of the nobody group does not have UID 65534 (it has @1@).\n'.format(nobody_group, id) + +# ' Your build will result in an group table setup that is incompatible with the local system.') +# endif +# endif +# if nobody_user != nobody_group and not (nobody_user == 'nobody' and nobody_group == 'nogroup') +# message('WARNING:\n' + +# ' The configured user name "@0@" and group name "@0@" of the nobody user/group are not equivalent.\n'.format(nobody_user, nobody_group) + +# ' Please re-check that both "nobody-user" and "nobody-group" options are correctly set.') +# endif +# +# conf.set_quoted('NOBODY_USER_NAME', nobody_user) +# conf.set_quoted('NOBODY_GROUP_NAME', nobody_group) +# substs.set('NOBODY_USER_NAME', nobody_user) +# substs.set('NOBODY_GROUP_NAME', nobody_group) +#endif // 0 tty_gid = get_option('tty-gid') conf.set('TTY_GID', tty_gid) @@ -817,8 +819,8 @@ substs.set('TTY_GID', tty_gid) # endif # # substs.set('DEV_KVM_MODE', get_option('dev-kvm-mode')) +# substs.set('GROUP_RENDER_MODE', get_option('group-render-mode')) #endif // 0 -substs.set('GROUP_RENDER_MODE', get_option('group-render-mode')) kill_user_processes = get_option('default-kill-user-processes') conf.set10('KILL_USER_PROCESSES', kill_user_processes) @@ -2664,6 +2666,9 @@ executable('elogind-uaccess-command', libshared_static], dependencies: [libacl, libudev], + install_rpath : rootlibexecdir, + install : true, + install_dir : rootlibexecdir) #endif // 0 ############################################################ @@ -2888,7 +2893,9 @@ status = [ # get_option('debug-tty')), #endif // 0 'TTY GID: @0@'.format(tty_gid), - 'users GID: @0@'.format(users_gid), +#if 0 /// UNSUPPORTED by elogind +# 'users GID: @0@'.format(users_gid), +#endif // 0 'maximum system UID: @0@'.format(system_uid_max), 'maximum system GID: @0@'.format(system_gid_max), #if 0 /// UNSUPPORTED by elogind diff --git a/src/basic/process-util.c b/src/basic/process-util.c index 89e6f576b..1c77195e8 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ /*** This file is part of systemd. @@ -25,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -129,6 +131,8 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char * return -errno; } + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + if (max_length == 1) { /* If there's only room for one byte, return the empty string */ @@ -407,6 +411,8 @@ int is_kernel_thread(pid_t pid) { return -errno; } + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + count = fread(&c, 1, 1, f); eof = feof(f); fclose(f); @@ -491,6 +497,8 @@ static int get_process_id(pid_t pid, const char *field, uid_t *uid) { return -errno; } + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + FOREACH_LINE(line, f, return -errno) { char *l; @@ -569,6 +577,8 @@ int get_process_environ(pid_t pid, char **env) { return -errno; } + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + while ((c = fgetc(f)) != EOF) { if (!GREEDY_REALLOC(outcome, allocated, sz + 5)) return -ENOMEM; @@ -705,6 +715,67 @@ int wait_for_terminate_and_warn(const char *name, pid_t pid, bool check_exit_cod } #if 0 /// UNNEEDED by elogind +/* + * Return values: + * < 0 : wait_for_terminate_with_timeout() failed to get the state of the + * process, the process timed out, the process was terminated by a + * signal, or failed for an unknown reason. + * >=0 : The process terminated normally with no failures. + * + * Success is indicated by a return value of zero, a timeout is indicated + * by ETIMEDOUT, and all other child failure states are indicated by error + * is indicated by a non-zero value. + */ +int wait_for_terminate_with_timeout(pid_t pid, usec_t timeout) { + sigset_t mask; + int r; + usec_t until; + + assert_se(sigemptyset(&mask) == 0); + assert_se(sigaddset(&mask, SIGCHLD) == 0); + + /* Drop into a sigtimewait-based timeout. Waiting for the + * pid to exit. */ + until = now(CLOCK_MONOTONIC) + timeout; + for (;;) { + usec_t n; + siginfo_t status = {}; + struct timespec ts; + + n = now(CLOCK_MONOTONIC); + if (n >= until) + break; + + r = sigtimedwait(&mask, NULL, timespec_store(&ts, until - n)) < 0 ? -errno : 0; + /* Assuming we woke due to the child exiting. */ + if (waitid(P_PID, pid, &status, WEXITED|WNOHANG) == 0) { + if (status.si_pid == pid) { + /* This is the correct child.*/ + if (status.si_code == CLD_EXITED) + return (status.si_status == 0) ? 0 : -EPROTO; + else + return -EPROTO; + } + } + /* Not the child, check for errors and proceed appropriately */ + if (r < 0) { + switch (r) { + case -EAGAIN: + /* Timed out, child is likely hung. */ + return -ETIMEDOUT; + case -EINTR: + /* Received a different signal and should retry */ + continue; + default: + /* Return any unexpected errors */ + return r; + } + } + } + + return -EPROTO; +} + void sigkill_wait(pid_t pid) { assert(pid > 1); @@ -756,6 +827,8 @@ int getenv_for_pid(pid_t pid, const char *field, char **_value) { return -errno; } + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + l = strlen(field); r = 0; @@ -922,7 +995,7 @@ int safe_personality(unsigned long p) { * wrapper that uses errno if it is set, and uses the return value otherwise. And then it sets both errno and * the return value indicating the same issue, so that we are definitely on the safe side. * - * See https://github.com/elogind/elogind/issues/6737 */ + * See https://github.com/systemd/systemd/issues/6737 */ errno = 0; ret = personality(p); @@ -1066,6 +1139,15 @@ pid_t getpid_cached(void) { } } +int must_be_root(void) { + + if (geteuid() == 0) + return 0; + + log_error("Need to be root."); + return -EPERM; +} + #if 0 /// UNNEEDED by elogind static const char *const ioprio_class_table[] = { [IOPRIO_CLASS_NONE] = "none", diff --git a/src/basic/process-util.h b/src/basic/process-util.h index 71b473232..be4f2cfe1 100644 --- a/src/basic/process-util.h +++ b/src/basic/process-util.h @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ #pragma once /*** @@ -32,6 +33,7 @@ #include "format-util.h" //#include "ioprio.h" #include "macro.h" +//#include "time-util.h" #define procfs_file_alloca(pid, field) \ ({ \ @@ -40,7 +42,7 @@ if (_pid_ == 0) { \ _r_ = ("/proc/self/" field); \ } else { \ - _r_ = alloca(strlen("/proc/") + DECIMAL_STR_MAX(pid_t) + 1 + sizeof(field)); \ + _r_ = alloca(STRLEN("/proc/") + DECIMAL_STR_MAX(pid_t) + 1 + sizeof(field)); \ sprintf((char*) _r_, "/proc/"PID_FMT"/" field, _pid_); \ } \ _r_; \ @@ -62,8 +64,9 @@ int get_process_ppid(pid_t pid, pid_t *ppid); int wait_for_terminate(pid_t pid, siginfo_t *status); int wait_for_terminate_and_warn(const char *name, pid_t pid, bool check_exit_code); - #if 0 /// UNNEEDED by elogind +int wait_for_terminate_with_timeout(pid_t pid, usec_t timeout); + void sigkill_wait(pid_t pid); void sigkill_waitp(pid_t *pid); @@ -151,3 +154,5 @@ int ioprio_parse_priority(const char *s, int *ret); #endif // 0 pid_t getpid_cached(void); + +int must_be_root(void); diff --git a/src/basic/user-util.h b/src/basic/user-util.h index a61c0bff7..c9c96e6ae 100644 --- a/src/basic/user-util.h +++ b/src/basic/user-util.h @@ -70,6 +70,7 @@ int take_etc_passwd_lock(const char *root); #define UID_NOBODY ((uid_t) 65534U) #define GID_NOBODY ((gid_t) 65534U) +#if 0 /// UNNEEDED by elogind static inline bool uid_is_dynamic(uid_t uid) { return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX; } @@ -77,6 +78,7 @@ static inline bool uid_is_dynamic(uid_t uid) { static inline bool gid_is_dynamic(gid_t gid) { return uid_is_dynamic((uid_t) gid); } +#endif // 0 static inline bool uid_is_system(uid_t uid) { return uid <= SYSTEM_UID_MAX; diff --git a/src/test/meson.build b/src/test/meson.build index 6daef1f20..fab9c4215 100644 --- a/src/test/meson.build +++ b/src/test/meson.build @@ -276,9 +276,11 @@ tests += [ [], []], - [['src/test/test-specifier.c'], - [], - []], +#if 0 /// UNNEEDED in elogind +# [['src/test/test-specifier.c'], +# [], +# []], +#endif // 0 [['src/test/test-string-util.c'], [], diff --git a/src/test/test-specifier.c b/src/test/test-specifier.c deleted file mode 100644 index bec74c641..000000000 --- a/src/test/test-specifier.c +++ /dev/null @@ -1,66 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1+ */ -/*** - This file is part of elogind. - - Copyright 2017 Lennart Poettering - - elogind is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - elogind is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with elogind; If not, see . -***/ - -#include "alloc-util.h" -#include "log.h" -#include "specifier.h" -#include "string-util.h" -#include "strv.h" - -static void test_specifier_escape_one(const char *a, const char *b) { - _cleanup_free_ char *x = NULL; - - x = specifier_escape(a); - assert_se(streq_ptr(x, b)); -} - -static void test_specifier_escape(void) { - test_specifier_escape_one(NULL, NULL); - test_specifier_escape_one("", ""); - test_specifier_escape_one("%", "%%"); - test_specifier_escape_one("foo bar", "foo bar"); - test_specifier_escape_one("foo%bar", "foo%%bar"); - test_specifier_escape_one("%%%%%", "%%%%%%%%%%"); -} - -static void test_specifier_escape_strv_one(char **a, char **b) { - _cleanup_strv_free_ char **x = NULL; - - assert_se(specifier_escape_strv(a, &x) >= 0); - assert_se(strv_equal(x, b)); -} - -static void test_specifier_escape_strv(void) { - test_specifier_escape_strv_one(NULL, NULL); - test_specifier_escape_strv_one(STRV_MAKE(NULL), STRV_MAKE(NULL)); - test_specifier_escape_strv_one(STRV_MAKE(""), STRV_MAKE("")); - test_specifier_escape_strv_one(STRV_MAKE("foo"), STRV_MAKE("foo")); - test_specifier_escape_strv_one(STRV_MAKE("%"), STRV_MAKE("%%")); - test_specifier_escape_strv_one(STRV_MAKE("foo", "%", "foo%", "%foo", "foo%foo", "quux", "%%%"), STRV_MAKE("foo", "%%", "foo%%", "%%foo", "foo%%foo", "quux", "%%%%%%")); -} - -int main(int argc, char *argv[]) { - log_set_max_level(LOG_DEBUG); - - test_specifier_escape(); - test_specifier_escape_strv(); - - return 0; -}