X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fmain.c;h=bd7fc468b4109921dbfa3b3b41b143d11004ef72;hp=24d8d3e9824223c93999303e0e38b60a6a95c891;hb=e62d8c394474;hpb=8f838d8aab0c5480664de04dce0171de4f4c7b00 diff --git a/src/core/main.c b/src/core/main.c index 24d8d3e98..bd7fc468b 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -67,6 +67,7 @@ #include "selinux-setup.h" #include "ima-setup.h" #include "fileio.h" +#include "smack-setup.h" static enum { ACTION_RUN, @@ -115,8 +116,10 @@ _noreturn_ static void crash(int sig) { sa.sa_flags = SA_NOCLDSTOP|SA_RESTART; assert_se(sigaction(SIGCHLD, &sa, NULL) == 0); - if ((pid = fork()) < 0) - log_error("Caught <%s>, cannot fork for core dump: %s", signal_to_string(sig), strerror(errno)); + pid = fork(); + if (pid < 0) + log_error("Caught <%s>, cannot fork for core dump: %s", + signal_to_string(sig), strerror(errno)); else if (pid == 0) { struct rlimit rl; @@ -146,12 +149,17 @@ _noreturn_ static void crash(int sig) { int r; /* Order things nicely. */ - if ((r = wait_for_terminate(pid, &status)) < 0) - log_error("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r)); + r = wait_for_terminate(pid, &status); + if (r < 0) + log_error("Caught <%s>, waitpid() failed: %s", + signal_to_string(sig), strerror(-r)); else if (status.si_code != CLD_DUMPED) - log_error("Caught <%s>, core dump failed.", signal_to_string(sig)); + log_error("Caught <%s>, core dump failed.", + signal_to_string(sig)); else - log_error("Caught <%s>, dumped core as pid %lu.", signal_to_string(sig), (unsigned long) pid); + log_error("Caught <%s>, dumped core as pid %lu.", + signal_to_string(sig), + (unsigned long) pid); } } @@ -182,7 +190,8 @@ _noreturn_ static void crash(int sig) { _exit(1); } - log_info("Successfully spawned crash shell as pid %lu.", (unsigned long) pid); + log_info("Successfully spawned crash shell as pid %lu.", + (unsigned long) pid); } log_info("Freezing execution."); @@ -1309,19 +1318,13 @@ int main(int argc, char *argv[]) { /* Determine if this is a reexecution or normal bootup. We do * the full command line parsing much later, so let's just * have a quick peek here. */ - for (j = 1; j < argc; j++) - if (streq(argv[j], "--deserialize")) { - skip_setup = true; - break; - } + if (strv_find(argv+1, "--deserialize")) + skip_setup = true; /* If we have switched root, do all the special setup * things */ - for (j = 1; j < argc; j++) - if (streq(argv[j], "--switched-root")) { - skip_setup = false; - break; - } + if (strv_find(argv+1, "--switched-root")) + skip_setup = false; /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we are then @@ -1362,6 +1365,8 @@ int main(int argc, char *argv[]) { goto finish; if (ima_setup() < 0) goto finish; + if (smack_setup() < 0) + goto finish; } if (label_init(NULL) < 0) @@ -1434,7 +1439,7 @@ int main(int argc, char *argv[]) { /* Mount /proc, /sys and friends, so that /proc/cmdline and * /proc/$PID/fd is available. */ - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { + if (getpid() == 1) { r = mount_setup(loaded_policy); if (r < 0) goto finish; @@ -1576,10 +1581,9 @@ int main(int argc, char *argv[]) { /* Make sure we leave a core dump without panicing the * kernel. */ - if (getpid() == 1) + if (getpid() == 1) { install_crash_handler(); - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { r = mount_cgroup_controllers(arg_join_controllers); if (r < 0) goto finish; @@ -1733,11 +1737,22 @@ int main(int argc, char *argv[]) { } r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job); - if (r < 0) { - log_error("Failed to start default target: %s", bus_error(&error, r)); + if (r == -EPERM) { + log_error("Default target could not be isolated, starting instead: %s", bus_error(&error, r)); + dbus_error_free(&error); + + r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job); + if (r < 0) { + log_error("Failed to start default target: %s", bus_error(&error, r)); + dbus_error_free(&error); + goto finish; + } + } else if (r < 0) { + log_error("Failed to isolate default target: %s", bus_error(&error, r)); dbus_error_free(&error); goto finish; } + m->default_unit_job_id = default_unit_job->id; after_startup = now(CLOCK_MONOTONIC);