diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/core/machine-id-setup.c | 43 | ||||
-rw-r--r-- | src/core/manager.c | 14 | ||||
-rw-r--r-- | src/shared/ask-password-api.c | 14 | ||||
-rw-r--r-- | src/shared/util.c | 13 | ||||
-rw-r--r-- | src/shared/util.h | 18 | ||||
-rw-r--r-- | src/tmpfiles/tmpfiles.c | 44 |
6 files changed, 75 insertions, 71 deletions
diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c index 51074fea44..fbba3aab78 100644 --- a/src/core/machine-id-setup.c +++ b/src/core/machine-id-setup.c @@ -155,31 +155,27 @@ int machine_id_setup(void) { bool writable; struct stat st; char id[34]; /* 32 + \n + \0 */ - mode_t m; - m = umask(0000); - - /* We create this 0444, to indicate that this isn't really - * something you should ever modify. Of course, since the file - * will be owned by root it doesn't matter much, but maybe - * people look. */ + RUN_WITH_UMASK(0000) { + /* We create this 0444, to indicate that this isn't really + * something you should ever modify. Of course, since the file + * will be owned by root it doesn't matter much, but maybe + * people look. */ + + fd = open("/etc/machine-id", O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444); + if (fd >= 0) + writable = true; + else { + fd = open("/etc/machine-id", O_RDONLY|O_CLOEXEC|O_NOCTTY); + if (fd < 0) { + log_error("Cannot open /etc/machine-id: %m"); + return -errno; + } - fd = open("/etc/machine-id", O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444); - if (fd >= 0) - writable = true; - else { - fd = open("/etc/machine-id", O_RDONLY|O_CLOEXEC|O_NOCTTY); - if (fd < 0) { - umask(m); - log_error("Cannot open /etc/machine-id: %m"); - return -errno; + writable = false; } - - writable = false; } - umask(m); - if (fstat(fd, &st) < 0) { log_error("fstat() failed: %m"); r = -errno; @@ -215,10 +211,9 @@ int machine_id_setup(void) { /* Hmm, we couldn't write it? So let's write it to * /run/machine-id as a replacement */ - m = umask(0022); - r = write_string_file("/run/machine-id", id); - umask(m); - + RUN_WITH_UMASK(0022) { + r = write_string_file("/run/machine-id", id); + } if (r < 0) { log_error("Cannot write /run/machine-id: %s", strerror(-r)); diff --git a/src/core/manager.c b/src/core/manager.c index f90ccd5b5f..e26522a4dd 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -1984,7 +1984,6 @@ void manager_dispatch_bus_query_pid_done( int manager_open_serialization(Manager *m, FILE **_f) { char *path = NULL; - mode_t saved_umask; int fd; FILE *f; @@ -1998,9 +1997,9 @@ int manager_open_serialization(Manager *m, FILE **_f) { if (!path) return -ENOMEM; - saved_umask = umask(0077); - fd = mkostemp(path, O_RDWR|O_CLOEXEC); - umask(saved_umask); + RUN_WITH_UMASK(0077) { + fd = mkostemp(path, O_RDWR|O_CLOEXEC); + } if (fd < 0) { free(path); @@ -2515,7 +2514,6 @@ void manager_run_generators(Manager *m) { DIR *d = NULL; const char *generator_path; const char *argv[5]; - mode_t u; int r; assert(m); @@ -2549,9 +2547,9 @@ void manager_run_generators(Manager *m) { argv[3] = m->generator_unit_path_late; argv[4] = NULL; - u = umask(0022); - execute_directory(generator_path, d, (char**) argv); - umask(u); + RUN_WITH_UMASK(0022) { + execute_directory(generator_path, d, (char**) argv); + } trim_generator_dir(m, &m->generator_unit_path); trim_generator_dir(m, &m->generator_unit_path_early); diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 85530660dc..277efd302e 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -251,7 +251,6 @@ static int create_socket(char **name) { } sa; int one = 1, r; char *c; - mode_t u; assert(name); @@ -265,9 +264,9 @@ static int create_socket(char **name) { sa.un.sun_family = AF_UNIX; snprintf(sa.un.sun_path, sizeof(sa.un.sun_path)-1, "/run/systemd/ask-password/sck.%llu", random_ull()); - u = umask(0177); - r = bind(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)); - umask(u); + RUN_WITH_UMASK(0177) { + r = bind(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)); + } if (r < 0) { r = -errno; @@ -317,7 +316,6 @@ int ask_password_agent( int socket_fd = -1, signal_fd = -1; sigset_t mask, oldmask; struct pollfd pollfd[_FD_MAX]; - mode_t u; assert(_passphrases); @@ -327,9 +325,9 @@ int ask_password_agent( mkdir_p_label("/run/systemd/ask-password", 0755); - u = umask(0022); - fd = mkostemp(temp, O_CLOEXEC|O_CREAT|O_WRONLY); - umask(u); + RUN_WITH_UMASK(0022) { + fd = mkostemp(temp, O_CLOEXEC|O_CREAT|O_WRONLY); + } if (fd < 0) { log_error("Failed to create password file: %m"); diff --git a/src/shared/util.c b/src/shared/util.c index d861ca9f09..1bffd84d1f 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -5732,12 +5732,12 @@ int search_and_fopen_nulstr(const char *path, const char *mode, const char *sear int create_tmp_dir(char template[], char** dir_name) { int r = 0; char *d, *dt; - mode_t _cleanup_umask_ u; assert(dir_name); - u = umask(0077); - d = mkdtemp(template); + RUN_WITH_UMASK(0077) { + d = mkdtemp(template); + } if (!d) { log_error("Can't create directory %s: %m", template); return -errno; @@ -5749,9 +5749,10 @@ int create_tmp_dir(char template[], char** dir_name) { goto fail3; } - umask(0000); - r = mkdir(dt, 0777); - if (r) { + RUN_WITH_UMASK(0000) { + r = mkdir(dt, 0777); + } + if (r < 0) { log_error("Can't create directory %s: %m", dt); r = -errno; goto fail2; diff --git a/src/shared/util.h b/src/shared/util.h index 7f050758a0..69a47653aa 100644 --- a/src/shared/util.h +++ b/src/shared/util.h @@ -616,8 +616,22 @@ char *strrep(const char *s, unsigned n); void* greedy_realloc(void **p, size_t *allocated, size_t need); -static inline void reset_errno(int *saved_errno) { +static inline void _reset_errno_(int *saved_errno) { errno = *saved_errno; } -#define PROTECT_ERRNO __attribute__((cleanup(reset_errno))) int _saved_errno_ = errno +#define PROTECT_ERRNO __attribute__((cleanup(_reset_errno_))) int _saved_errno_ = errno + +struct umask_struct { + mode_t mask; + bool quit; +}; + +static inline void _reset_umask_(struct umask_struct *s) { + umask(s->mask); +}; + +#define RUN_WITH_UMASK(mask) \ + for (__attribute__((cleanup(_reset_umask_))) struct umask_struct _saved_umask_ = { umask(mask), false }; \ + !_saved_umask_.quit ; \ + _saved_umask_.quit = true) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 84f4986503..4e2519d1b5 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -454,18 +454,17 @@ static int item_set_perms(Item *i, const char *path) { static int write_one_file(Item *i, const char *path) { int r, e, fd, flags; struct stat st; - mode_t u; flags = i->type == CREATE_FILE ? O_CREAT|O_APPEND : i->type == TRUNCATE_FILE ? O_CREAT|O_TRUNC : 0; - u = umask(0); - label_context_set(path, S_IFREG); - fd = open(path, flags|O_NDELAY|O_CLOEXEC|O_WRONLY|O_NOCTTY|O_NOFOLLOW, i->mode); - e = errno; - label_context_clear(); - umask(u); - errno = e; + RUN_WITH_UMASK(0) { + label_context_set(path, S_IFREG); + fd = open(path, flags|O_NDELAY|O_CLOEXEC|O_WRONLY|O_NOCTTY|O_NOFOLLOW, i->mode); + e = errno; + label_context_clear(); + errno = e; + } if (fd < 0) { if (i->type == WRITE_FILE && errno == ENOENT) @@ -629,7 +628,6 @@ static int glob_item(Item *i, int (*action)(Item *, const char *)) { static int create_item(Item *i) { int r, e; - mode_t u; struct stat st; assert(i); @@ -658,10 +656,10 @@ static int create_item(Item *i) { case TRUNCATE_DIRECTORY: case CREATE_DIRECTORY: - u = umask(0); - mkdir_parents_label(i->path, 0755); - r = mkdir(i->path, i->mode); - umask(u); + RUN_WITH_UMASK(0000) { + mkdir_parents_label(i->path, 0755); + r = mkdir(i->path, i->mode); + } if (r < 0 && errno != EEXIST) { log_error("Failed to create directory %s: %m", i->path); @@ -686,9 +684,9 @@ static int create_item(Item *i) { case CREATE_FIFO: - u = umask(0); - r = mkfifo(i->path, i->mode); - umask(u); + RUN_WITH_UMASK(0000) { + r = mkfifo(i->path, i->mode); + } if (r < 0 && errno != EEXIST) { log_error("Failed to create fifo %s: %m", i->path); @@ -757,13 +755,13 @@ static int create_item(Item *i) { file_type = (i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR); - u = umask(0); - label_context_set(i->path, file_type); - r = mknod(i->path, i->mode | file_type, i->major_minor); - e = errno; - label_context_clear(); - umask(u); - errno = e; + RUN_WITH_UMASK(0000) { + label_context_set(i->path, file_type); + r = mknod(i->path, i->mode | file_type, i->major_minor); + e = errno; + label_context_clear(); + errno = e; + } if (r < 0 && errno != EEXIST) { log_error("Failed to create device node %s: %m", i->path); |