diff options
author | Franck Bui <fbui@suse.com> | 2016-09-29 19:44:34 +0200 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-10-21 18:29:52 -0400 |
commit | f4cced93a1df9cbbd06cc954bd7b18610c054eae (patch) | |
tree | 2d8a5faffb1f3c371eff90fb8311b65426caa4df /src/core | |
parent | 8eebcd4903192c2f52ecf6caac9371ba6f09c4f1 (diff) |
pid1: don't return any error in manager_dispatch_notify_fd() (#4240)
If manager_dispatch_notify_fd() fails and returns an error then the handling of
service notifications will be disabled entirely leading to a compromised system.
For example pid1 won't be able to receive the WATCHDOG messages anymore and
will kill all services supposed to send such messages.
(cherry picked from commit 9987750e7a4c62e0eb8473603150596ba7c3a015)
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/manager.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/core/manager.c b/src/core/manager.c index b3a55e4ed6..85bf858992 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -1642,10 +1642,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); if (n < 0) { - if (errno == EAGAIN || errno == EINTR) - return 0; + if (!IN_SET(errno, EAGAIN, EINTR)) + log_error("Failed to receive notification message: %m"); - return -errno; + /* It's not an option to return an error here since it + * would disable the notification handler entirely. Services + * wouldn't be able to send the WATCHDOG message for + * example... */ + return 0; } CMSG_FOREACH(cmsg, &msghdr) { @@ -1668,7 +1672,8 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r = fdset_new_array(&fds, fd_array, n_fds); if (r < 0) { close_many(fd_array, n_fds); - return log_oom(); + log_oom(); + return 0; } } |