diff options
| -rw-r--r-- | src/core/dbus.c | 46 | ||||
| -rw-r--r-- | src/journal/journald-server.c | 2 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/busctl.c | 1 | ||||
| -rw-r--r-- | src/network/networkd.c | 2 | ||||
| -rw-r--r-- | src/nspawn/nspawn.c | 8 |
5 files changed, 40 insertions, 19 deletions
diff --git a/src/core/dbus.c b/src/core/dbus.c index 86886e6d2c..057653a8b5 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -69,13 +69,37 @@ int bus_send_queued_message(Manager *m) { } static int signal_agent_released(sd_bus_message *message, void *userdata, sd_bus_error *error) { + _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; + const char *cgroup, *me; Manager *m = userdata; - const char *cgroup; + uid_t sender_uid; + sd_bus *bus; int r; assert(message); assert(m); + /* ignore recursive events sent by us on the system/user bus */ + bus = sd_bus_message_get_bus(message); + if (!sd_bus_is_server(bus)) { + r = sd_bus_get_unique_name(bus, &me); + if (r < 0) + return r; + + if (streq_ptr(sd_bus_message_get_sender(message), me)) + return 0; + } + + /* only accept org.freedesktop.systemd1.Agent from UID=0 */ + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds); + if (r < 0) + return r; + + r = sd_bus_creds_get_euid(creds, &sender_uid); + if (r < 0 || sender_uid != 0) + return 0; + + /* parse 'cgroup-empty' notification */ r = sd_bus_message_read(message, "s", &cgroup); if (r < 0) { bus_log_parse_error(r); @@ -84,19 +108,15 @@ static int signal_agent_released(sd_bus_message *message, void *userdata, sd_bus manager_notify_cgroup_empty(m, cgroup); - /* only forward to system bus if running as system instance */ - if (m->running_as != MANAGER_SYSTEM || !m->system_bus) - return 0; - - r = sd_bus_message_rewind(message, 1); - if (r < 0) - goto exit; - - r = sd_bus_send(m->system_bus, message, NULL); + /* if running as system-instance, forward under our name */ + if (m->running_as == MANAGER_SYSTEM && m->system_bus) { + r = sd_bus_message_rewind(message, 1); + if (r >= 0) + r = sd_bus_send(m->system_bus, message, NULL); + if (r < 0) + log_warning_errno(r, "Failed to forward Released message: %m"); + } -exit: - if (r < 0) - log_warning_errno(r, "Failed to forward Released message: %m"); return 0; } diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index f7402984af..46358e1c1a 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -943,7 +943,7 @@ static int system_journal_open(Server *s, bool flush_requested) { * the machine path */ if (s->storage == STORAGE_PERSISTENT) - (void) mkdir("/var/log/journal/", 0755); + (void) mkdir_p("/var/log/journal/", 0755); fn = strjoina("/var/log/journal/", ids); (void) mkdir(fn, 0755); diff --git a/src/libsystemd/sd-bus/busctl.c b/src/libsystemd/sd-bus/busctl.c index 704939c6cf..6aaaf0e5ec 100644 --- a/src/libsystemd/sd-bus/busctl.c +++ b/src/libsystemd/sd-bus/busctl.c @@ -1137,6 +1137,7 @@ static int monitor(sd_bus *bus, char *argv[], int (*dump)(sd_bus_message *m, FIL if (m) { dump(m, stdout); + fflush(stdout); if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected") > 0) { log_info("Connection terminated, exiting."); diff --git a/src/network/networkd.c b/src/network/networkd.c index 9fe8a5fa15..e6259043fa 100644 --- a/src/network/networkd.c +++ b/src/network/networkd.c @@ -103,7 +103,7 @@ int main(int argc, char *argv[]) { r = manager_rtnl_enumerate_addresses(m); if (r < 0) { - log_error_errno(r, "Could not enumerate links: %m"); + log_error_errno(r, "Could not enumerate addresses: %m"); goto out; } diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 4fa88c9e24..1ba248f6d6 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -4313,6 +4313,10 @@ static int outer_child( if (r < 0) return r; + r = determine_uid_shift(directory); + if (r < 0) + return r; + /* Turn directory into bind mount */ if (mount(directory, directory, NULL, MS_BIND|MS_REC, NULL) < 0) return log_error_errno(errno, "Failed to make bind mount: %m"); @@ -4491,10 +4495,6 @@ int main(int argc, char *argv[]) { if (r < 0) goto finish; - r = determine_uid_shift(arg_directory); - if (r < 0) - return r; - if (geteuid() != 0) { log_error("Need to be root."); r = -EPERM; |