#include <sys/poll.h>
#include <linux/seccomp-bpf.h>
#include <glob.h>
+#include <libgen.h>
#ifdef HAVE_PAM
#include <security/pam_appl.h>
/* First step: If we need to keep capabilities but
* drop privileges we need to make sure we keep our
- * caps, whiel we drop privileges. */
+ * caps, while we drop privileges. */
if (uid != 0) {
- int sb = context->secure_bits|SECURE_KEEP_CAPS;
+ int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
if (prctl(PR_GET_SECUREBITS) != sb)
if (prctl(PR_SET_SECUREBITS, sb) < 0)
zero(param);
param.sched_priority = context->cpu_sched_priority;
- if (sched_setscheduler(0, context->cpu_sched_policy |
- (context->cpu_sched_reset_on_fork ? SCHED_RESET_ON_FORK : 0), ¶m) < 0) {
+ r = sched_setscheduler(0,
+ context->cpu_sched_policy |
+ (context->cpu_sched_reset_on_fork ?
+ SCHED_RESET_ON_FORK : 0),
+ ¶m);
+ if (r < 0) {
err = -errno;
r = EXIT_SETSCHEDULER;
goto fail_child;
}
}
- if (!(our_env = new0(char*, 7))) {
+ our_env = new0(char*, 7);
+ if (!our_env) {
err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
assert(n_env <= 7);
- if (!(final_env = strv_env_merge(
- 5,
- environment,
- our_env,
- context->environment,
- files_env,
- pam_env,
- NULL))) {
+ final_env = strv_env_merge(5,
+ environment,
+ our_env,
+ context->environment,
+ files_env,
+ pam_env,
+ NULL);
+ if (!final_env) {
err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
- if (!(final_argv = replace_env_argv(argv, final_env))) {
+ final_argv = replace_env_argv(argv, final_env);
+ if (!final_argv) {
err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
log_struct_unit(LOG_DEBUG,
- unit_id,
- "MESSAGE=Forked %s as %lu",
- command->path, (unsigned long) pid,
- NULL);
+ unit_id,
+ "MESSAGE=Forked %s as %lu",
+ command->path, (unsigned long) pid,
+ NULL);
/* We add the new process to the cgroup both in the child (so
* that we can be sure that no user code is ever executed
}
void exec_context_tmp_dirs_done(ExecContext *c) {
- assert(c);
+ char* dirs[] = {c->tmp_dir ? c->tmp_dir : c->var_tmp_dir,
+ c->tmp_dir ? c->var_tmp_dir : NULL,
+ NULL};
+ char **dirp;
- if (c->tmp_dir) {
- rm_rf_dangerous(c->tmp_dir, false, true, false);
- free(c->tmp_dir);
- c->tmp_dir = NULL;
- }
+ for(dirp = dirs; *dirp; dirp++) {
+ char *dir;
+ int r;
- if (c->var_tmp_dir) {
- rm_rf_dangerous(c->var_tmp_dir, false, true, false);
- free(c->var_tmp_dir);
- c->var_tmp_dir = NULL;
+ r = rm_rf_dangerous(*dirp, false, true, false);
+ dir = dirname(*dirp);
+ if (r < 0)
+ log_warning("Failed to remove content of temporary directory %s: %s",
+ dir, strerror(-r));
+ else {
+ r = rmdir(dir);
+ if (r < 0)
+ log_warning("Failed to remove temporary directory %s: %s",
+ dir, strerror(-r));
+ }
+
+ free(*dirp);
}
+
+ c->tmp_dir = c->var_tmp_dir = NULL;
}
void exec_context_done(ExecContext *c, bool reloading_or_reexecuting) {
if (c->secure_bits)
fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
prefix,
- (c->secure_bits & SECURE_KEEP_CAPS) ? " keep-caps" : "",
- (c->secure_bits & SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
- (c->secure_bits & SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
- (c->secure_bits & SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
- (c->secure_bits & SECURE_NOROOT) ? " noroot" : "",
- (c->secure_bits & SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
+ (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
+ (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
+ (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
+ (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
+ (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
+ (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
if (c->capability_bounding_set_drop) {
unsigned long l;
~ianmdlvl / elogind.git / blobdiff