From: Lennart Poettering Date: Thu, 5 Jun 2014 15:05:18 +0000 (+0200) Subject: sd-daemon: introduce sd_pid_notify() and sd_pid_notifyf() X-Git-Tag: v214~65 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=be8f4e9e8eb3b0c34a49c2e80a5c5b7dc6d175f0;hp=03da8f9459b005d5515d2c34152d43bc63f64c79;ds=sidebyside sd-daemon: introduce sd_pid_notify() and sd_pid_notifyf() sd_pid_notify() operates like sd_notify(), however operates on a different PID (for example the parent PID of a process). Make use of this in systemd-notify, so that message are sent from the PID specified with --pid= rather than the usually shortlived PID of systemd-notify itself. This should increase the likelyhood that PID 1 can identify the cgroup that the notification message was sent from properly. --- diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c index b013438de..7caa63db1 100644 --- a/src/libsystemd/sd-daemon/sd-daemon.c +++ b/src/libsystemd/sd-daemon/sd-daemon.c @@ -36,13 +36,14 @@ #include #include "util.h" +#include "path-util.h" #include "sd-daemon.h" _public_ int sd_listen_fds(int unset_environment) { - int r, fd; const char *e; - char *p = NULL; - unsigned long l; + unsigned n; + int r, fd; + pid_t pid; e = getenv("LISTEN_PID"); if (!e) { @@ -50,21 +51,12 @@ _public_ int sd_listen_fds(int unset_environment) { goto finish; } - errno = 0; - l = strtoul(e, &p, 10); - - if (errno > 0) { - r = -errno; + r = parse_pid(e, &pid); + if (r < 0) goto finish; - } - - if (!p || p == e || *p || l <= 0) { - r = -EINVAL; - goto finish; - } /* Is this for us? */ - if (getpid() != (pid_t) l) { + if (getpid() != pid) { r = 0; goto finish; } @@ -75,38 +67,17 @@ _public_ int sd_listen_fds(int unset_environment) { goto finish; } - errno = 0; - l = strtoul(e, &p, 10); - - if (errno > 0) { - r = -errno; - goto finish; - } - - if (!p || p == e || *p) { - r = -EINVAL; + r = safe_atou(e, &n); + if (r < 0) goto finish; - } - - for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) { - int flags; - flags = fcntl(fd, F_GETFD); - if (flags < 0) { - r = -errno; + for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) n; fd ++) { + r = fd_cloexec(fd, true); + if (r < 0) goto finish; - } - - if (flags & FD_CLOEXEC) - continue; - - if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) { - r = -errno; - goto finish; - } } - r = (int) l; + r = (int) n; finish: if (unset_environment) { @@ -120,8 +91,7 @@ finish: _public_ int sd_is_fifo(int fd, const char *path) { struct stat st_fd; - if (fd < 0) - return -EINVAL; + assert_return(fd >= 0, -EINVAL); if (fstat(fd, &st_fd) < 0) return -errno; @@ -151,8 +121,7 @@ _public_ int sd_is_fifo(int fd, const char *path) { _public_ int sd_is_special(int fd, const char *path) { struct stat st_fd; - if (fd < 0) - return -EINVAL; + assert_return(fd >= 0, -EINVAL); if (fstat(fd, &st_fd) < 0) return -errno; @@ -187,8 +156,8 @@ _public_ int sd_is_special(int fd, const char *path) { static int sd_is_socket_internal(int fd, int type, int listening) { struct stat st_fd; - if (fd < 0 || type < 0) - return -EINVAL; + assert_return(fd >= 0, -EINVAL); + assert_return(type >= 0, -EINVAL); if (fstat(fd, &st_fd) < 0) return -errno; @@ -238,8 +207,8 @@ union sockaddr_union { _public_ int sd_is_socket(int fd, int family, int type, int listening) { int r; - if (family < 0) - return -EINVAL; + assert_return(fd >= 0, -EINVAL); + assert_return(family >= 0, -EINVAL); r = sd_is_socket_internal(fd, type, listening); if (r <= 0) @@ -266,8 +235,8 @@ _public_ int sd_is_socket_inet(int fd, int family, int type, int listening, uint socklen_t l = sizeof(sockaddr); int r; - if (family != 0 && family != AF_INET && family != AF_INET6) - return -EINVAL; + assert_return(fd >= 0, -EINVAL); + assert_return(IN_SET(family, 0, AF_INET, AF_INET6), -EINVAL); r = sd_is_socket_internal(fd, type, listening); if (r <= 0) @@ -283,7 +252,7 @@ _public_ int sd_is_socket_inet(int fd, int family, int type, int listening, uint sockaddr.sa.sa_family != AF_INET6) return 0; - if (family > 0) + if (family != 0) if (sockaddr.sa.sa_family != family) return 0; @@ -309,6 +278,8 @@ _public_ int sd_is_socket_unix(int fd, int type, int listening, const char *path socklen_t l = sizeof(sockaddr); int r; + assert_return(fd >= 0, -EINVAL); + r = sd_is_socket_internal(fd, type, listening); if (r <= 0) return r; @@ -348,8 +319,7 @@ _public_ int sd_is_socket_unix(int fd, int type, int listening, const char *path _public_ int sd_is_mq(int fd, const char *path) { struct mq_attr attr; - if (fd < 0) - return -EINVAL; + assert_return(fd >= 0, -EINVAL); if (mq_getattr(fd, &attr) < 0) return -errno; @@ -358,8 +328,7 @@ _public_ int sd_is_mq(int fd, const char *path) { char fpath[PATH_MAX]; struct stat a, b; - if (path[0] != '/') - return -EINVAL; + assert_return(path_is_absolute(path), -EINVAL); if (fstat(fd, &a) < 0) return -errno; @@ -378,12 +347,17 @@ _public_ int sd_is_mq(int fd, const char *path) { return 1; } -_public_ int sd_notify(int unset_environment, const char *state) { - int fd = -1, r; - struct msghdr msghdr; - struct iovec iovec; - union sockaddr_union sockaddr; +_public_ int sd_pid_notify(pid_t pid, int unset_environment, const char *state) { + union sockaddr_union sockaddr = {}; + _cleanup_close_ int fd = -1; + struct msghdr msghdr = {}; + struct iovec iovec = {}; const char *e; + union { + struct cmsghdr cmsghdr; + uint8_t buf[CMSG_SPACE(sizeof(struct ucred))]; + } control = {}; + int r; if (!state) { r = -EINVAL; @@ -406,18 +380,15 @@ _public_ int sd_notify(int unset_environment, const char *state) { goto finish; } - memzero(&sockaddr, sizeof(sockaddr)); sockaddr.sa.sa_family = AF_UNIX; strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path)); if (sockaddr.un.sun_path[0] == '@') sockaddr.un.sun_path[0] = 0; - memzero(&iovec, sizeof(iovec)); iovec.iov_base = (char*) state; iovec.iov_len = strlen(state); - memzero(&msghdr, sizeof(msghdr)); msghdr.msg_name = &sockaddr; msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e); @@ -427,39 +398,90 @@ _public_ int sd_notify(int unset_environment, const char *state) { msghdr.msg_iov = &iovec; msghdr.msg_iovlen = 1; - if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) { - r = -errno; + if (pid != 0 && pid != getpid()) { + struct cmsghdr *cmsg; + struct ucred ucred = {}; + + msghdr.msg_control = &control; + msghdr.msg_controllen = sizeof(control); + + cmsg = CMSG_FIRSTHDR(&msghdr); + cmsg->cmsg_level = SOL_SOCKET; + cmsg->cmsg_type = SCM_CREDENTIALS; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred)); + + ucred.pid = pid; + ucred.uid = getuid(); + ucred.gid = getgid(); + + memcpy(CMSG_DATA(cmsg), &ucred, sizeof(struct ucred)); + msghdr.msg_controllen = cmsg->cmsg_len; + } + + /* First try with fake ucred data, as requested */ + if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) >= 0) { + r = 1; goto finish; } - r = 1; + /* If that failed, try with our own instead */ + if (msghdr.msg_control) { + msghdr.msg_control = NULL; + msghdr.msg_controllen = 0; + + if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) >= 0) { + r = 1; + goto finish; + } + } + + r = -errno; finish: if (unset_environment) unsetenv("NOTIFY_SOCKET"); - if (fd >= 0) - close(fd); - return r; } +_public_ int sd_notify(int unset_environment, const char *state) { + return sd_pid_notify(0, unset_environment, state); +} + +_public_ int sd_pid_notifyf(pid_t pid, int unset_environment, const char *format, ...) { + _cleanup_free_ char *p = NULL; + int r; + + if (format) { + va_list ap; + + va_start(ap, format); + r = vasprintf(&p, format, ap); + va_end(ap); + + if (r < 0 || !p) + return -ENOMEM; + } + + return sd_pid_notify(pid, unset_environment, p); +} + _public_ int sd_notifyf(int unset_environment, const char *format, ...) { - va_list ap; - char *p = NULL; + _cleanup_free_ char *p = NULL; int r; - va_start(ap, format); - r = vasprintf(&p, format, ap); - va_end(ap); + if (format) { + va_list ap; - if (r < 0 || !p) - return -ENOMEM; + va_start(ap, format); + r = vasprintf(&p, format, ap); + va_end(ap); - r = sd_notify(unset_environment, p); - free(p); + if (r < 0 || !p) + return -ENOMEM; + } - return r; + return sd_pid_notify(0, unset_environment, p); } _public_ int sd_booted(void) { @@ -476,10 +498,9 @@ _public_ int sd_booted(void) { } _public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) { - unsigned long long ll; - unsigned long l; const char *e; - char *p = NULL; + uint64_t u; + pid_t pid; int r; e = getenv("WATCHDOG_PID"); @@ -488,19 +509,12 @@ _public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) { goto finish; } - errno = 0; - l = strtoul(e, &p, 10); - if (errno > 0) { - r = -errno; - goto finish; - } - if (!p || p == e || *p || l <= 0) { - r = -EINVAL; + r = parse_pid(e, &pid); + if (r < 0) goto finish; - } /* Is this for us? */ - if (getpid() != (pid_t) l) { + if (getpid() != pid) { r = 0; goto finish; } @@ -511,19 +525,16 @@ _public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) { goto finish; } - errno = 0; - ll = strtoull(e, &p, 10); - if (errno > 0) { - r = -errno; + r = safe_atou64(e, &u); + if (r < 0) goto finish; - } - if (!p || p == e || *p || ll <= 0) { + if (u <= 0) { r = -EINVAL; goto finish; } if (usec) - *usec = ll; + *usec = u; r = 1; diff --git a/src/notify/notify.c b/src/notify/notify.c index 68133c408..0b7f3b12f 100644 --- a/src/notify/notify.c +++ b/src/notify/notify.c @@ -147,25 +147,25 @@ static int parse_argv(int argc, char *argv[]) { } int main(int argc, char* argv[]) { - char* our_env[4], **final_env = NULL; + _cleanup_free_ char *status = NULL, *cpid = NULL, *n = NULL; + _cleanup_strv_free_ char **final_env = NULL; + char* our_env[4]; unsigned i = 0; - char *status = NULL, *cpid = NULL, *n = NULL; - int r, retval = EXIT_FAILURE; + int r; log_parse_environment(); log_open(); r = parse_argv(argc, argv); - if (r <= 0) { - retval = r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; + if (r <= 0) goto finish; - } if (arg_booted) return sd_booted() <= 0; if (arg_readahead) { - if ((r = sd_readahead(arg_readahead)) < 0) { + r = sd_readahead(arg_readahead); + if (r < 0) { log_error("Failed to issue read-ahead control command: %s", strerror(-r)); goto finish; } @@ -175,8 +175,9 @@ int main(int argc, char* argv[]) { our_env[i++] = (char*) "READY=1"; if (arg_status) { - if (!(status = strappend("STATUS=", arg_status))) { - log_error("Failed to allocate STATUS string."); + status = strappend("STATUS=", arg_status); + if (!status) { + r = log_oom(); goto finish; } @@ -185,7 +186,7 @@ int main(int argc, char* argv[]) { if (arg_pid > 0) { if (asprintf(&cpid, "MAINPID="PID_FMT, arg_pid) < 0) { - log_error("Failed to allocate MAINPID string."); + r = log_oom(); goto finish; } @@ -194,34 +195,32 @@ int main(int argc, char* argv[]) { our_env[i++] = NULL; - if (!(final_env = strv_env_merge(2, our_env, argv + optind))) { - log_error("Failed to merge string sets."); + final_env = strv_env_merge(2, our_env, argv + optind); + if (!final_env) { + r = log_oom(); goto finish; } if (strv_length(final_env) <= 0) { - retval = EXIT_SUCCESS; + r = 0; goto finish; } - if (!(n = strv_join(final_env, "\n"))) { - log_error("Failed to concatenate strings."); + n = strv_join(final_env, "\n"); + if (!n) { + r = log_oom(); goto finish; } - if ((r = sd_notify(false, n)) < 0) { + r = sd_pid_notify(arg_pid, false, n); + if (r < 0) { log_error("Failed to notify init system: %s", strerror(-r)); goto finish; } - retval = r <= 0 ? EXIT_FAILURE : EXIT_SUCCESS; + if (r == 0) + r = -ENOTSUP; finish: - free(status); - free(cpid); - free(n); - - strv_free(final_env); - - return retval; + return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; } diff --git a/src/shared/util.c b/src/shared/util.c index 4a3e35f35..7a4dacd21 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -1377,17 +1377,21 @@ bool ignore_file(const char *filename) { } int fd_nonblock(int fd, bool nonblock) { - int flags; + int flags, nflags; assert(fd >= 0); - if ((flags = fcntl(fd, F_GETFL, 0)) < 0) + flags = fcntl(fd, F_GETFL, 0); + if (flags < 0) return -errno; if (nonblock) - flags |= O_NONBLOCK; + nflags = flags | O_NONBLOCK; else - flags &= ~O_NONBLOCK; + nflags = flags & ~O_NONBLOCK; + + if (nflags == flags) + return 0; if (fcntl(fd, F_SETFL, flags) < 0) return -errno; @@ -1396,17 +1400,21 @@ int fd_nonblock(int fd, bool nonblock) { } int fd_cloexec(int fd, bool cloexec) { - int flags; + int flags, nflags; assert(fd >= 0); - if ((flags = fcntl(fd, F_GETFD, 0)) < 0) + flags = fcntl(fd, F_GETFD, 0); + if (flags < 0) return -errno; if (cloexec) - flags |= FD_CLOEXEC; + nflags = flags | FD_CLOEXEC; else - flags &= ~FD_CLOEXEC; + nflags = flags & ~FD_CLOEXEC; + + if (nflags == flags) + return 0; if (fcntl(fd, F_SETFD, flags) < 0) return -errno; diff --git a/src/systemd/sd-daemon.h b/src/systemd/sd-daemon.h index 1d636df3e..351b4e59c 100644 --- a/src/systemd/sd-daemon.h +++ b/src/systemd/sd-daemon.h @@ -230,6 +230,18 @@ int sd_notify(int unset_environment, const char *state); */ int sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_(2,3); +/* + Similar to sd_notify(), but send the message on behalf of another + process, if the appropriate permissions are available. +*/ +int sd_pid_notify(pid_t pid, int unset_environment, const char *state); + +/* + Similar to sd_notifyf(), but send the message on behalf of another + process, if the appropriate permissions are available. +*/ +int sd_pid_notifyf(pid_t pid, int unset_environment, const char *format, ...) _sd_printf_(3,4); + /* Returns > 0 if the system was booted with systemd. Returns < 0 on error. Returns 0 if the system was not booted with systemd. Note