acl-util: fix memleak Fixes: $ ./libtool --mode execute valgrind --leak-check=full ./journalctl >/dev/null ==22309== Memcheck, a memory error detector ==22309== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==22309== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==22309== Command: /home/vagrant/elogind/.libs/lt-journalctl ==22309== Hint: You are currently not seeing messages from other users and the system. Users in groups 'adm', 'elogind-journal', 'wheel' can see all messages. Pass -q to turn off this notice. ==22309== ==22309== HEAP SUMMARY: ==22309== in use at exit: 8,680 bytes in 4 blocks ==22309== total heap usage: 5,543 allocs, 5,539 frees, 9,045,618 bytes allocated ==22309== ==22309== 488 (56 direct, 432 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 4 ==22309== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299) ==22309== by 0x6F37A0A: __new_var_obj_p (__libobj.c:36) ==22309== by 0x6F362F7: __acl_init_obj (acl_init.c:28) ==22309== by 0x6F37731: __acl_from_xattr (__acl_from_xattr.c:54) ==22309== by 0x6F36087: acl_get_file (acl_get_file.c:69) ==22309== by 0x4F15752: acl_search_groups (acl-util.c:172) ==22309== by 0x113A1E: access_check_var_log_journal (journalctl.c:1836) ==22309== by 0x113D8D: access_check (journalctl.c:1889) ==22309== by 0x115681: main (journalctl.c:2236) ==22309== ==22309== LEAK SUMMARY: ==22309== definitely lost: 56 bytes in 1 blocks ==22309== indirectly lost: 432 bytes in 1 blocks ==22309== possibly lost: 0 bytes in 0 blocks ==22309== still reachable: 8,192 bytes in 2 blocks ==22309== suppressed: 0 bytes in 0 blocks
Prep v232: Apply missing updates from upstream
acl-util: fix memleak Fixes: $ ./libtool --mode execute valgrind --leak-check=full ./journalctl >/dev/null ==22309== Memcheck, a memory error detector ==22309== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==22309== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==22309== Command: /home/vagrant/elogind/.libs/lt-journalctl ==22309== Hint: You are currently not seeing messages from other users and the system. Users in groups 'adm', 'elogind-journal', 'wheel' can see all messages. Pass -q to turn off this notice. ==22309== ==22309== HEAP SUMMARY: ==22309== in use at exit: 8,680 bytes in 4 blocks ==22309== total heap usage: 5,543 allocs, 5,539 frees, 9,045,618 bytes allocated ==22309== ==22309== 488 (56 direct, 432 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 4 ==22309== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299) ==22309== by 0x6F37A0A: __new_var_obj_p (__libobj.c:36) ==22309== by 0x6F362F7: __acl_init_obj (acl_init.c:28) ==22309== by 0x6F37731: __acl_from_xattr (__acl_from_xattr.c:54) ==22309== by 0x6F36087: acl_get_file (acl_get_file.c:69) ==22309== by 0x4F15752: acl_search_groups (acl-util.c:172) ==22309== by 0x113A1E: access_check_var_log_journal (journalctl.c:1836) ==22309== by 0x113D8D: access_check (journalctl.c:1889) ==22309== by 0x115681: main (journalctl.c:2236) ==22309== ==22309== LEAK SUMMARY: ==22309== definitely lost: 56 bytes in 1 blocks ==22309== indirectly lost: 432 bytes in 1 blocks ==22309== possibly lost: 0 bytes in 0 blocks ==22309== still reachable: 8,192 bytes in 2 blocks ==22309== suppressed: 0 bytes in 0 blocks (cherry picked from commit 29d87223d54fc13e16f444677f0a94ed0755bd88)
Prep v229: Add missing fixes from upstream [5/6] src/shared
acl-util: only set the mask if not present When we have non-owner user or group entries, we need the mask for the acl to be valid. But acl_calc_mask() calculates the mask to include all permissions, even those that were masked before. Apparently this happens when we inherit *:r-x permissions from a parent directory — the kernel sets *:r-x, mask:r--, effectively masking the executable bit. acl_calc_mask() would set the mask:r-x, effectively enabling the bit. To avoid this, be more conservative when to add the mask entry: first iterate over all entries, and do nothing if a mask. This returns the code closer to J.A.Steffens' original version in v204-90-g23ad4dd884. Should fix https://github.com/elogind/elogind/issues/1977.
Prep v228: Condense elogind source masks (5/5)
Prep v228: Apply more cosmetic changes found in upstream.
Cleaned up more unneeded types and functions. - src/shared/install.h - removed - src/basic/unit-name.[hc] - cleaned - src/core/cgroup.[hc] - cleaned - src/libelogind/libelogind.sym - cleaned - src/libelogind/sd-daemon/sd-daemon.c - cleaned - src/shared/acl-util.[hc] - cleaned - src/shared/bus-util.[hc] - cleaned - src/shared/output-mode.h - cleaned - src/shared/path-lookup.h - cleaned - src/systemd/sd-daemon.h - cleaned
Prep v221: Update and clean up build system to sync with upstream This commit replays the moving around of source files that have been done between systemd-219 and systemd-221. Further the Makefile.am is synchronized with the upstream version and then "re-cleaned". A lot of functions, that are not used anywhere in elogind have been coated into #if 0/#endif directives to further shorten the list of dependencies. All unneeded files have been removed.
acl-util: various smaller fixes to parse_acl() - Make string parameter const - Don't log some OOM errors, but not others - Don't eat up errors generated by acl_from_text() - Make sure check for success of every single strv_push() call
journalctl: rework code that checks whether we have access to /var/log/journal - fix some memory leaks on error conditions - handle all error cases properly, and log about failures - move HAVE_ACL and no-HAVE_ACL code closer to each other
acl-util: avoid freeing uninitialized pointer CID#1271344/1271345
tmpfiles: avoid creating duplicate acl entries https://bugs.freedesktop.org/show_bug.cgi?id=89202 https://bugs.debian.org/778656 Status quo ante can be restored with: getfacl -p /var/log/journal/`cat /etc/machine-id`|grep -v '^#'|sort -u|sudo setfacl --set-file=- /var/log/journal/`cat /etc/machine-id`
remove unused includes This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
shared/acl-util: add mask only when needed, always add base ACLs For ACLs to be valid, a set of entries for user, group, and other must be always present. Always add those entries. While at it, only add the mask ACL if it is actually required, i.e. when at least on ACL for non-owner group or user exists.
tmpfiles: implement augmenting of existing ACLs This is much more useful in practice (equivalent to setfacl -m).
tmpfiles: add 'a' type to set ACLs
Introduce strv_consume which takes ownership This mirrors set_consume and makes the common use a bit nicer.
journald: DO recalculate the ACL mask, but only if it doesn't exist Since 11ec7ce, journald isn't setting the ACLs properly anymore if the files had no ACLs to begin with: acl_set_fd fails with EINVAL. An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is invalid, so make sure a mask exists before trying to set the ACL.
build-sys: move acl searching code into libsystemd-acl This loop over acls is a bit too much to keep inside of another loop.