summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/basic/missing.h4
-rw-r--r--src/basic/smack-util.c117
-rw-r--r--src/basic/smack-util.h24
-rw-r--r--src/basic/util.c70
-rw-r--r--src/basic/util.h3
-rw-r--r--src/bus-proxyd/driver.c11
-rw-r--r--src/core/execute.c10
-rw-r--r--src/core/socket.c6
-rw-r--r--src/gpt-auto-generator/gpt-auto-generator.c2
-rw-r--r--src/journal/journald-server.h2
-rw-r--r--src/login/logind-core.c38
-rw-r--r--src/login/logind-dbus.c35
-rw-r--r--src/login/logind-session.c25
-rw-r--r--src/login/logind-session.h1
-rw-r--r--src/login/logind.c18
-rw-r--r--src/login/logind.h5
-rw-r--r--src/machine/machine-dbus.c8
-rw-r--r--src/machine/machinectl.c16
-rw-r--r--src/sysctl/sysctl.c4
-rw-r--r--src/udev/udev-builtin-uaccess.c4
-rw-r--r--src/udev/udev-node.c4
21 files changed, 229 insertions, 178 deletions
diff --git a/src/basic/missing.h b/src/basic/missing.h
index ed6cd80c75..34ab0254dd 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -977,7 +977,11 @@ static inline int raw_clone(unsigned long flags, void *child_stack) {
}
static inline pid_t raw_getpid(void) {
+#if defined(__alpha__)
+ return (pid_t) syscall(__NR_getxpid);
+#else
return (pid_t) syscall(__NR_getpid);
+#endif
}
#if !HAVE_DECL_RENAMEAT2
diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c
index 047aa294f4..6d5c205117 100644
--- a/src/basic/smack-util.c
+++ b/src/basic/smack-util.c
@@ -32,109 +32,93 @@
#define SMACK_FLOOR_LABEL "_"
#define SMACK_STAR_LABEL "*"
-bool mac_smack_use(void) {
#ifdef HAVE_SMACK
+bool mac_smack_use(void) {
static int cached_use = -1;
if (cached_use < 0)
cached_use = access("/sys/fs/smackfs/", F_OK) >= 0;
return cached_use;
-#else
- return false;
-#endif
}
-int mac_smack_apply(const char *path, const char *label) {
- int r = 0;
+static const char* const smack_attr_table[_SMACK_ATTR_MAX] = {
+ [SMACK_ATTR_ACCESS] = "security.SMACK64",
+ [SMACK_ATTR_EXEC] = "security.SMACK64EXEC",
+ [SMACK_ATTR_MMAP] = "security.SMACK64MMAP",
+ [SMACK_ATTR_TRANSMUTE] = "security.SMACK64TRANSMUTE",
+ [SMACK_ATTR_IPIN] = "security.SMACK64IPIN",
+ [SMACK_ATTR_IPOUT] = "security.SMACK64IPOUT",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(smack_attr, SmackAttr);
+int mac_smack_read(const char *path, SmackAttr attr, char **label) {
assert(path);
+ assert(attr >= 0 && attr < _SMACK_ATTR_MAX);
+ assert(label);
-#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
- if (label)
- r = lsetxattr(path, "security.SMACK64", label, strlen(label), 0);
- else
- r = lremovexattr(path, "security.SMACK64");
- if (r < 0)
- return -errno;
-#endif
-
- return r;
+ return getxattr_malloc(path, smack_attr_to_string(attr), label, true);
}
-int mac_smack_apply_fd(int fd, const char *label) {
- int r = 0;
-
+int mac_smack_read_fd(int fd, SmackAttr attr, char **label) {
assert(fd >= 0);
+ assert(attr >= 0 && attr < _SMACK_ATTR_MAX);
+ assert(label);
-#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
- if (label)
- r = fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
- else
- r = fremovexattr(fd, "security.SMACK64");
- if (r < 0)
- return -errno;
-#endif
-
- return r;
+ return fgetxattr_malloc(fd, smack_attr_to_string(attr), label);
}
-int mac_smack_apply_ip_out_fd(int fd, const char *label) {
- int r = 0;
+int mac_smack_apply(const char *path, SmackAttr attr, const char *label) {
+ int r;
- assert(fd >= 0);
+ assert(path);
+ assert(attr >= 0 && attr < _SMACK_ATTR_MAX);
-#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
if (label)
- r = fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
+ r = lsetxattr(path, smack_attr_to_string(attr), label, strlen(label), 0);
else
- r = fremovexattr(fd, "security.SMACK64IPOUT");
+ r = lremovexattr(path, smack_attr_to_string(attr));
if (r < 0)
return -errno;
-#endif
- return r;
+ return 0;
}
-int mac_smack_apply_ip_in_fd(int fd, const char *label) {
- int r = 0;
+int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) {
+ int r;
assert(fd >= 0);
+ assert(attr >= 0 && attr < _SMACK_ATTR_MAX);
-#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
if (label)
- r = fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
+ r = fsetxattr(fd, smack_attr_to_string(attr), label, strlen(label), 0);
else
- r = fremovexattr(fd, "security.SMACK64IPIN");
+ r = fremovexattr(fd, smack_attr_to_string(attr));
if (r < 0)
return -errno;
-#endif
- return r;
+ return 0;
}
int mac_smack_apply_pid(pid_t pid, const char *label) {
-
-#ifdef HAVE_SMACK
const char *p;
-#endif
int r = 0;
assert(label);
-#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
@@ -142,21 +126,16 @@ int mac_smack_apply_pid(pid_t pid, const char *label) {
r = write_string_file(p, label, 0);
if (r < 0)
return r;
-#endif
return r;
}
int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
-
-#ifdef HAVE_SMACK
struct stat st;
-#endif
int r = 0;
assert(path);
-#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
@@ -202,7 +181,37 @@ int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
r = log_debug_errno(errno, "Unable to fix SMACK label of %s: %m", path);
}
-#endif
return r;
}
+
+
+#else
+bool mac_smack_use(void) {
+ return false;
+}
+
+int mac_smack_read(const char *path, SmackAttr attr, char **label) {
+ return -EOPNOTSUPP;
+}
+
+int mac_smack_read_fd(int fd, SmackAttr attr, char **label) {
+ return -EOPNOTSUPP;
+}
+
+int mac_smack_apply(const char *path, SmackAttr attr, const char *label) {
+ return 0;
+}
+
+int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) {
+ return 0;
+}
+
+int mac_smack_apply_pid(pid_t pid, const char *label) {
+ return 0;
+}
+
+int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
+ return 0;
+}
+#endif
diff --git a/src/basic/smack-util.h b/src/basic/smack-util.h
index 50f55b1f4b..1052cecf4c 100644
--- a/src/basic/smack-util.h
+++ b/src/basic/smack-util.h
@@ -25,12 +25,28 @@
#include <stdbool.h>
+#include "macro.h"
+
+typedef enum SmackAttr {
+ SMACK_ATTR_ACCESS = 0,
+ SMACK_ATTR_EXEC = 1,
+ SMACK_ATTR_MMAP = 2,
+ SMACK_ATTR_TRANSMUTE = 3,
+ SMACK_ATTR_IPIN = 4,
+ SMACK_ATTR_IPOUT = 5,
+ _SMACK_ATTR_MAX,
+ _SMACK_ATTR_INVALID = -1,
+} SmackAttr;
+
bool mac_smack_use(void);
int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
-int mac_smack_apply(const char *path, const char *label);
-int mac_smack_apply_fd(int fd, const char *label);
+const char* smack_attr_to_string(SmackAttr i) _const_;
+SmackAttr smack_attr_from_string(const char *s) _pure_;
+int mac_smack_read(const char *path, SmackAttr attr, char **label);
+int mac_smack_read_fd(int fd, SmackAttr attr, char **label);
+int mac_smack_apply(const char *path, SmackAttr attr, const char *label);
+int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label);
+
int mac_smack_apply_pid(pid_t pid, const char *label);
-int mac_smack_apply_ip_in_fd(int fd, const char *label);
-int mac_smack_apply_ip_out_fd(int fd, const char *label);
diff --git a/src/basic/util.c b/src/basic/util.c
index a968e2156d..af58dc3766 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -6603,3 +6603,73 @@ int reset_uid_gid(void) {
return 0;
}
+
+int getxattr_malloc(const char *path, const char *name, char **value, bool allow_symlink) {
+ char *v;
+ size_t l;
+ ssize_t n;
+
+ assert(path);
+ assert(name);
+ assert(value);
+
+ for (l = 100; ; l = (size_t) n + 1) {
+ v = new0(char, l);
+ if (!v)
+ return -ENOMEM;
+
+ if (allow_symlink)
+ n = lgetxattr(path, name, v, l);
+ else
+ n = getxattr(path, name, v, l);
+
+ if (n >= 0 && (size_t) n < l) {
+ *value = v;
+ return n;
+ }
+
+ free(v);
+
+ if (n < 0 && errno != ERANGE)
+ return -errno;
+
+ if (allow_symlink)
+ n = lgetxattr(path, name, NULL, 0);
+ else
+ n = getxattr(path, name, NULL, 0);
+ if (n < 0)
+ return -errno;
+ }
+}
+
+int fgetxattr_malloc(int fd, const char *name, char **value) {
+ char *v;
+ size_t l;
+ ssize_t n;
+
+ assert(fd >= 0);
+ assert(name);
+ assert(value);
+
+ for (l = 100; ; l = (size_t) n + 1) {
+ v = new0(char, l);
+ if (!v)
+ return -ENOMEM;
+
+ n = fgetxattr(fd, name, v, l);
+
+ if (n >= 0 && (size_t) n < l) {
+ *value = v;
+ return n;
+ }
+
+ free(v);
+
+ if (n < 0 && errno != ERANGE)
+ return -errno;
+
+ n = fgetxattr(fd, name, NULL, 0);
+ if (n < 0)
+ return -errno;
+ }
+}
diff --git a/src/basic/util.h b/src/basic/util.h
index 88c44273d4..0a0fba9012 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -919,3 +919,6 @@ int parse_mode(const char *s, mode_t *ret);
int mount_move_root(const char *path);
int reset_uid_gid(void);
+
+int getxattr_malloc(const char *path, const char *name, char **value, bool allow_symlink);
+int fgetxattr_malloc(int fd, const char *name, char **value);
diff --git a/src/bus-proxyd/driver.c b/src/bus-proxyd/driver.c
index 951f515808..fa4aee691a 100644
--- a/src/bus-proxyd/driver.c
+++ b/src/bus-proxyd/driver.c
@@ -35,6 +35,7 @@
#include "driver.h"
#include "proxy.h"
#include "synthesize.h"
+#include "env-util.h"
static int get_creds_by_name(sd_bus *bus, const char *name, uint64_t mask, sd_bus_creds **_creds, sd_bus_error *error) {
_cleanup_bus_creds_unref_ sd_bus_creds *c = NULL;
@@ -694,9 +695,13 @@ int bus_proxy_process_driver(Proxy *p, sd_bus *a, sd_bus *b, sd_bus_message *m,
if (!s)
return synthetic_reply_method_errno(m, -ENOMEM, NULL);
- r = strv_extend(&args, s);
- if (r < 0)
- return synthetic_reply_method_errno(m, r, NULL);
+ if (!env_assignment_is_valid(s)) {
+ log_warning("UpdateActivationEnvironment() called with invalid assignment, discarding: %s", s);
+ } else {
+ r = strv_extend(&args, s);
+ if (r < 0)
+ return synthetic_reply_method_errno(m, r, NULL);
+ }
r = sd_bus_message_exit_container(m);
if (r < 0)
diff --git a/src/core/execute.c b/src/core/execute.c
index 21721dc240..f14ae4d8a6 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1719,7 +1719,15 @@ static int exec_child(
}
#ifdef SMACK_DEFAULT_PROCESS_LABEL
else {
- r = mac_smack_apply_pid(0, SMACK_DEFAULT_PROCESS_LABEL);
+ _cleanup_free_ char *exec_label = NULL;
+
+ r = mac_smack_read(command->path, SMACK_ATTR_EXEC, &exec_label);
+ if (r < 0 && r != -ENODATA && r != -EOPNOTSUPP) {
+ *exit_status = EXIT_SMACK_PROCESS_LABEL;
+ return r;
+ }
+
+ r = mac_smack_apply_pid(0, exec_label ? : SMACK_DEFAULT_PROCESS_LABEL);
if (r < 0) {
*exit_status = EXIT_SMACK_PROCESS_LABEL;
return r;
diff --git a/src/core/socket.c b/src/core/socket.c
index 87631f8753..a387057473 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -923,13 +923,13 @@ static void socket_apply_socket_options(Socket *s, int fd) {
log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
if (s->smack_ip_in) {
- r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
+ r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
if (r < 0)
log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
}
if (s->smack_ip_out) {
- r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
+ r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
if (r < 0)
log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
}
@@ -946,7 +946,7 @@ static void socket_apply_fifo_options(Socket *s, int fd) {
log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
if (s->smack) {
- r = mac_smack_apply_fd(fd, s->smack);
+ r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
if (r < 0)
log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
}
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index 50acb7595c..9d889c17d8 100644
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -250,7 +250,7 @@ static int add_automount(
const char *description,
usec_t timeout) {
- _cleanup_free_ char *unit = NULL, *lnk = NULL, *crypto_what = NULL;
+ _cleanup_free_ char *unit = NULL, *lnk = NULL;
_cleanup_free_ char *opt, *p = NULL;
_cleanup_fclose_ FILE *f = NULL;
int r;
diff --git a/src/journal/journald-server.h b/src/journal/journald-server.h
index 559d100131..d954c5190d 100644
--- a/src/journal/journald-server.h
+++ b/src/journal/journald-server.h
@@ -144,7 +144,7 @@ typedef struct Server {
#define N_IOVEC_META_FIELDS 20
#define N_IOVEC_KERNEL_FIELDS 64
#define N_IOVEC_UDEV_FIELDS 32
-#define N_IOVEC_OBJECT_FIELDS 11
+#define N_IOVEC_OBJECT_FIELDS 12
void server_dispatch_message(Server *s, struct iovec *iovec, unsigned n, unsigned m, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len, const char *unit_id, int priority, pid_t object_pid);
void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) _printf_(3,4);
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 96a20e27b9..6c05c11dbd 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -183,44 +183,6 @@ int manager_add_button(Manager *m, const char *name, Button **_button) {
return 0;
}
-int manager_watch_busname(Manager *m, const char *name) {
- char *n;
- int r;
-
- assert(m);
- assert(name);
-
- if (set_get(m->busnames, (char*) name))
- return 0;
-
- n = strdup(name);
- if (!n)
- return -ENOMEM;
-
- r = set_put(m->busnames, n);
- if (r < 0) {
- free(n);
- return r;
- }
-
- return 0;
-}
-
-void manager_drop_busname(Manager *m, const char *name) {
- Session *session;
- Iterator i;
-
- assert(m);
- assert(name);
-
- /* keep it if the name still owns a controller */
- HASHMAP_FOREACH(session, m->sessions, i)
- if (session_is_controller(session, name))
- return;
-
- free(set_remove(m->busnames, (char*) name));
-}
-
int manager_process_seat_device(Manager *m, struct udev_device *d) {
Device *device;
int r;
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index b0cd85e985..1647bb293a 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -2652,41 +2652,6 @@ int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error
return 0;
}
-int match_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
- const char *name, *old, *new;
- Manager *m = userdata;
- Session *session;
- Iterator i;
- int r;
- char *key;
-
- assert(message);
- assert(m);
-
- r = sd_bus_message_read(message, "sss", &name, &old, &new);
- if (r < 0) {
- bus_log_parse_error(r);
- return r;
- }
-
- if (isempty(old) || !isempty(new))
- return 0;
-
- key = set_remove(m->busnames, (char*) old);
- if (!key)
- return 0;
-
- /* Drop all controllers owned by this name */
-
- free(key);
-
- HASHMAP_FOREACH(session, m->sessions, i)
- if (session_is_controller(session, old))
- session_drop_controller(session);
-
- return 0;
-}
-
int manager_send_changed(Manager *manager, const char *property, ...) {
char **l;
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 9a2da7906e..fc92f7f73b 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -1120,7 +1120,18 @@ static void session_release_controller(Session *s, bool notify) {
session_device_free(sd);
s->controller = NULL;
- manager_drop_busname(s->manager, name);
+ s->track = sd_bus_track_unref(s->track);
+}
+
+static int on_bus_track(sd_bus_track *track, void *userdata) {
+ Session *s = userdata;
+
+ assert(track);
+ assert(s);
+
+ session_drop_controller(s);
+
+ return 0;
}
int session_set_controller(Session *s, const char *sender, bool force) {
@@ -1139,8 +1150,13 @@ int session_set_controller(Session *s, const char *sender, bool force) {
if (!name)
return -ENOMEM;
- r = manager_watch_busname(s->manager, name);
- if (r)
+ s->track = sd_bus_track_unref(s->track);
+ r = sd_bus_track_new(s->manager->bus, &s->track, on_bus_track, s);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_track_add_name(s->track, name);
+ if (r < 0)
return r;
/* When setting a session controller, we forcibly mute the VT and set
@@ -1153,7 +1169,7 @@ int session_set_controller(Session *s, const char *sender, bool force) {
* or reset the VT in case it crashed/exited, too. */
r = session_prepare_vt(s);
if (r < 0) {
- manager_drop_busname(s->manager, name);
+ s->track = sd_bus_track_unref(s->track);
return r;
}
@@ -1171,6 +1187,7 @@ void session_drop_controller(Session *s) {
if (!s->controller)
return;
+ s->track = sd_bus_track_unref(s->track);
session_release_controller(s, false);
session_save(s);
session_restore_vt(s);
diff --git a/src/login/logind-session.h b/src/login/logind-session.h
index b8565ebf51..d054c33cec 100644
--- a/src/login/logind-session.h
+++ b/src/login/logind-session.h
@@ -117,6 +117,7 @@ struct Session {
char *controller;
Hashmap *devices;
+ sd_bus_track *track;
LIST_FIELDS(Session, sessions_by_user);
LIST_FIELDS(Session, sessions_by_seat);
diff --git a/src/login/logind.c b/src/login/logind.c
index e2fb496289..49a2811842 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -76,10 +76,7 @@ static Manager *manager_new(void) {
m->user_units = hashmap_new(&string_hash_ops);
m->session_units = hashmap_new(&string_hash_ops);
- m->busnames = set_new(&string_hash_ops);
-
- if (!m->devices || !m->seats || !m->sessions || !m->users || !m->inhibitors || !m->buttons || !m->busnames ||
- !m->user_units || !m->session_units)
+ if (!m->devices || !m->seats || !m->sessions || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units)
goto fail;
m->kill_exclude_users = strv_new("root", NULL);
@@ -141,8 +138,6 @@ static void manager_free(Manager *m) {
hashmap_free(m->user_units);
hashmap_free(m->session_units);
- set_free_free(m->busnames);
-
sd_event_source_unref(m->idle_action_event_source);
sd_event_source_unref(m->inhibit_timeout_source);
sd_event_source_unref(m->scheduled_shutdown_timeout_source);
@@ -629,17 +624,6 @@ static int manager_connect_bus(Manager *m) {
r = sd_bus_add_match(m->bus,
NULL,
"type='signal',"
- "sender='org.freedesktop.DBus',"
- "interface='org.freedesktop.DBus',"
- "member='NameOwnerChanged',"
- "path='/org/freedesktop/DBus'",
- match_name_owner_changed, m);
- if (r < 0)
- return log_error_errno(r, "Failed to add match for NameOwnerChanged: %m");
-
- r = sd_bus_add_match(m->bus,
- NULL,
- "type='signal',"
"sender='org.freedesktop.systemd1',"
"interface='org.freedesktop.systemd1.Manager',"
"member='JobRemoved',"
diff --git a/src/login/logind.h b/src/login/logind.h
index ad437b72cb..ce99d75bc1 100644
--- a/src/login/logind.h
+++ b/src/login/logind.h
@@ -48,8 +48,6 @@ struct Manager {
Hashmap *inhibitors;
Hashmap *buttons;
- Set *busnames;
-
LIST_HEAD(Seat, seat_gc_queue);
LIST_HEAD(Session, session_gc_queue);
LIST_HEAD(User, user_gc_queue);
@@ -181,9 +179,6 @@ int manager_job_is_active(Manager *manager, const char *path);
/* gperf lookup function */
const struct ConfigPerfItem* logind_gperf_lookup(const char *key, unsigned length);
-int manager_watch_busname(Manager *manager, const char *name);
-void manager_drop_busname(Manager *manager, const char *name);
-
int manager_set_lid_switch_ignore(Manager *m, usec_t until);
int config_parse_tmpfs_size(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
index dc42ffdc52..7658d7146d 100644
--- a/src/machine/machine-dbus.c
+++ b/src/machine/machine-dbus.c
@@ -825,13 +825,13 @@ int bus_machine_method_copy(sd_bus_message *message, void *userdata, sd_bus_erro
if (r < 0)
return r;
- if (!path_is_absolute(src) || !path_is_safe(src))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and not contain ../.");
+ if (!path_is_absolute(src))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute.");
if (isempty(dest))
dest = src;
- else if (!path_is_absolute(dest) || !path_is_safe(dest))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and not contain ../.");
+ else if (!path_is_absolute(dest))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute.");
r = bus_verify_polkit_async(
message,
diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c
index 7cb6ce77ac..66ed41087c 100644
--- a/src/machine/machinectl.c
+++ b/src/machine/machinectl.c
@@ -1073,6 +1073,8 @@ static int terminate_machine(int argc, char *argv[], void *userdata) {
static int copy_files(int argc, char *argv[], void *userdata) {
_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
+ _cleanup_free_ char *abs_host_path = NULL;
+ char *dest, *host_path, *container_path;
sd_bus *bus = userdata;
bool copy_from;
int r;
@@ -1082,6 +1084,16 @@ static int copy_files(int argc, char *argv[], void *userdata) {
polkit_agent_open_if_enabled();
copy_from = streq(argv[0], "copy-from");
+ dest = argv[3] ?: argv[2];
+ host_path = copy_from ? dest : argv[2];
+ container_path = copy_from ? argv[2] : dest;
+
+ if (!path_is_absolute(host_path)) {
+ abs_host_path = path_make_absolute_cwd(host_path);
+ if (!abs_host_path)
+ return log_oom();
+ host_path = abs_host_path;
+ }
r = sd_bus_call_method(
bus,
@@ -1093,8 +1105,8 @@ static int copy_files(int argc, char *argv[], void *userdata) {
NULL,
"sss",
argv[1],
- argv[2],
- argv[3]);
+ copy_from ? container_path : host_path,
+ copy_from ? host_path : container_path);
if (r < 0) {
log_error("Failed to copy: %s", bus_error_message(&error, -r));
return r;
diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
index fe277a2015..618844382f 100644
--- a/src/sysctl/sysctl.c
+++ b/src/sysctl/sysctl.c
@@ -51,8 +51,8 @@ static int apply_all(Hashmap *sysctl_options) {
k = sysctl_write(property, value);
if (k < 0) {
- log_full_errno(k == -ENOENT ? LOG_DEBUG : LOG_WARNING, k,
- "Failed to write '%s' to '%s': %m", value, property);
+ log_full_errno(k == -ENOENT ? LOG_INFO : LOG_WARNING, k,
+ "Couldn't write '%s' to '%s', ignoring: %m", value, property);
if (r == 0 && k != -ENOENT)
r = k;
diff --git a/src/udev/udev-builtin-uaccess.c b/src/udev/udev-builtin-uaccess.c
index 99bb91ae57..43bab8af63 100644
--- a/src/udev/udev-builtin-uaccess.c
+++ b/src/udev/udev-builtin-uaccess.c
@@ -56,7 +56,7 @@ static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool
r = devnode_acl(path, true, false, 0, true, uid);
if (r < 0) {
- log_error_errno(r, "Failed to apply ACL on %s: %m", path);
+ log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
goto finish;
}
@@ -70,7 +70,7 @@ finish:
/* Better be safe than sorry and reset ACL */
k = devnode_acl(path, true, false, 0, false, 0);
if (k < 0) {
- log_error_errno(k, "Failed to apply ACL on %s: %m", path);
+ log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
if (r >= 0)
r = k;
}
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index d824172b89..e730fb45f1 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -309,7 +309,7 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
} else if (streq(name, "smack")) {
smack = true;
- r = mac_smack_apply(devnode, label);
+ r = mac_smack_apply(devnode, SMACK_ATTR_ACCESS, label);
if (r < 0)
log_error_errno(r, "SECLABEL: failed to set SMACK label '%s': %m", label);
else
@@ -323,7 +323,7 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
if (!selinux)
mac_selinux_fix(devnode, true, false);
if (!smack)
- mac_smack_apply(devnode, NULL);
+ mac_smack_apply(devnode, SMACK_ATTR_ACCESS, NULL);
}
/* always update timestamp when we re-use the node, like on media change events */
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-16 18:50:49 +0000