diff options
Diffstat (limited to 'src/shared')
| -rw-r--r-- | src/shared/dropin.c | 38 | ||||
| -rw-r--r-- | src/shared/seccomp-util.c | 68 |
2 files changed, 71 insertions, 35 deletions
diff --git a/src/shared/dropin.c b/src/shared/dropin.c index 3917eb8f23..15ccd1b6ca 100644 --- a/src/shared/dropin.c +++ b/src/shared/dropin.c @@ -43,11 +43,10 @@ int drop_in_file(const char *dir, const char *unit, unsigned level, const char *name, char **_p, char **_q) { + char prefix[DECIMAL_STR_MAX(unsigned)]; _cleanup_free_ char *b = NULL; char *p, *q; - char prefix[DECIMAL_STR_MAX(unsigned)]; - assert(unit); assert(name); assert(_p); @@ -128,9 +127,10 @@ static int unit_file_find_dir( assert(path); r = chase_symlinks(path, original_root, 0, &chased); + if (r == -ENOENT) /* Ignore -ENOENT, after all most units won't have a drop-in dir */ + return 0; if (r < 0) - return log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, - r, "Failed to canonicalize path %s: %m", path); + return log_full_errno(LOG_WARNING, r, "Failed to canonicalize path %s: %m", path); r = strv_push(dirs, chased); if (r < 0) @@ -148,16 +148,14 @@ static int unit_file_find_dirs( const char *suffix, char ***dirs) { - _cleanup_free_ char *path = NULL; + char *path; int r; assert(unit_path); assert(name); assert(suffix); - path = strjoin(unit_path, "/", name, suffix); - if (!path) - return log_oom(); + path = strjoina(unit_path, "/", name, suffix); if (!unit_path_cache || set_get(unit_path_cache, path)) { r = unit_file_find_dir(original_root, path, dirs); @@ -166,22 +164,15 @@ static int unit_file_find_dirs( } if (unit_name_is_valid(name, UNIT_NAME_INSTANCE)) { - _cleanup_free_ char *template = NULL, *p = NULL; /* Also try the template dir */ + _cleanup_free_ char *template = NULL; + r = unit_name_template(name, &template); if (r < 0) return log_error_errno(r, "Failed to generate template from unit name: %m"); - p = strjoin(unit_path, "/", template, suffix); - if (!p) - return log_oom(); - - if (!unit_path_cache || set_get(unit_path_cache, p)) { - r = unit_file_find_dir(original_root, p, dirs); - if (r < 0) - return r; - } + return unit_file_find_dirs(original_root, unit_path_cache, unit_path, template, suffix, dirs); } return 0; @@ -194,27 +185,30 @@ int unit_file_find_dropin_paths( const char *dir_suffix, const char *file_suffix, Set *names, - char ***paths) { + char ***ret) { _cleanup_strv_free_ char **dirs = NULL, **ans = NULL; Iterator i; char *t, **p; int r; - assert(paths); + assert(ret); SET_FOREACH(t, names, i) STRV_FOREACH(p, lookup_path) unit_file_find_dirs(original_root, unit_path_cache, *p, t, dir_suffix, &dirs); - if (strv_isempty(dirs)) + if (strv_isempty(dirs)) { + *ret = NULL; return 0; + } r = conf_files_list_strv(&ans, file_suffix, NULL, (const char**) dirs); if (r < 0) return log_warning_errno(r, "Failed to sort the list of configuration files: %m"); - *paths = ans; + *ret = ans; ans = NULL; + return 1; } diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index e35f18471c..451669d9d5 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -36,31 +36,72 @@ const uint32_t seccomp_local_archs[] = { -#if defined(__i386__) || defined(__x86_64__) + /* Note: always list the native arch we are compiled as last, so that users can blacklist seccomp(), but our own calls to it still succeed */ + +#if defined(__x86_64__) && defined(__ILP32__) SCMP_ARCH_X86, SCMP_ARCH_X86_64, + SCMP_ARCH_X32, /* native */ +#elif defined(__x86_64__) && !defined(__ILP32__) + SCMP_ARCH_X86, SCMP_ARCH_X32, - -#elif defined(__arm__) || defined(__aarch64__) + SCMP_ARCH_X86_64, /* native */ +#elif defined(__i386__) + SCMP_ARCH_X86, +#elif defined(__aarch64__) SCMP_ARCH_ARM, - SCMP_ARCH_AARCH64, - -#elif defined(__mips__) || defined(__mips64__) + SCMP_ARCH_AARCH64, /* native */ +#elif defined(__arm__) + SCMP_ARCH_ARM, +#elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 + SCMP_ARCH_MIPSEL, + SCMP_ARCH_MIPS, /* native */ +#elif defined(__mips__) && __BYTE_ORDER == __LITTLE_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 SCMP_ARCH_MIPS, - SCMP_ARCH_MIPS64, + SCMP_ARCH_MIPSEL, /* native */ +#elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI64 + SCMP_ARCH_MIPSEL, + SCMP_ARCH_MIPS, + SCMP_ARCH_MIPSEL64N32, SCMP_ARCH_MIPS64N32, + SCMP_ARCH_MIPSEL64, + SCMP_ARCH_MIPS64, /* native */ +#elif defined(__mips__) && __BYTE_ORDER == __LITTLE_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI64 + SCMP_ARCH_MIPS, SCMP_ARCH_MIPSEL, + SCMP_ARCH_MIPS64N32, + SCMP_ARCH_MIPSEL64N32, + SCMP_ARCH_MIPS64, + SCMP_ARCH_MIPSEL64, /* native */ +#elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_NABI32 + SCMP_ARCH_MIPSEL, + SCMP_ARCH_MIPS, SCMP_ARCH_MIPSEL64, + SCMP_ARCH_MIPS64, SCMP_ARCH_MIPSEL64N32, - -#elif defined(__powerpc__) || defined(__powerpc64__) + SCMP_ARCH_MIPS64N32, /* native */ +#elif defined(__mips__) && __BYTE_ORDER == __LITTLE_ENDIAN && _MIPS_SIM == _MIPS_SIM_NABI32 + SCMP_ARCH_MIPS, + SCMP_ARCH_MIPSEL, + SCMP_ARCH_MIPS64, + SCMP_ARCH_MIPSEL64, + SCMP_ARCH_MIPS64N32, + SCMP_ARCH_MIPSEL64N32, /* native */ +#elif defined(__powerpc64__) && __BYTE_ORDER == __BIG_ENDIAN SCMP_ARCH_PPC, - SCMP_ARCH_PPC64, SCMP_ARCH_PPC64LE, - -#elif defined(__s390__) || defined(__s390x__) + SCMP_ARCH_PPC64, /* native */ +#elif defined(__powerpc64__) && __BYTE_ORDER == __LITTLE_ENDIAN + SCMP_ARCH_PPC, + SCMP_ARCH_PPC64, + SCMP_ARCH_PPC64LE, /* native */ +#elif defined(__powerpc__) + SCMP_ARCH_PPC, +#elif defined(__s390x__) + SCMP_ARCH_S390, + SCMP_ARCH_S390X, /* native */ +#elif defined(__s390__) SCMP_ARCH_S390, - SCMP_ARCH_S390X, #endif (uint32_t) -1 }; @@ -344,6 +385,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "mknodat\0" "mmap2\0" "mmap\0" + "munmap\0" "newfstatat\0" "open\0" "openat\0" |