static int bus_get_audit_data(
DBusConnection *connection,
const char *name,
struct auditstruct *audit,
DBusError *error) {
pid_t pid;
int r;
pid = bus_get_unix_process_id(connection, name, error);
if (pid <= 0)
return -EIO;
r = audit_loginuid_from_pid(pid, &audit->loginuid);
if (r < 0)
return r;
r = get_process_uid(pid, &audit->uid);
if (r < 0)
return r;
r = get_process_gid(pid, &audit->gid);
if (r < 0)
return r;
r = get_process_cmdline(pid, LINE_MAX, true, &audit->cmdline);
if (r < 0)
return r;
return 0;
}
static void test_get_process_comm(pid_t pid) {
struct stat st;
_cleanup_free_ char *a = NULL, *c = NULL, *d = NULL, *f = NULL, *i = NULL;
_cleanup_free_ char *env = NULL;
char path[strlen("/proc//comm") + DECIMAL_STR_MAX(pid_t)];
pid_t e;
uid_t u;
gid_t g;
dev_t h;
int r;
xsprintf(path, "/proc/"PID_FMT"/comm", pid);
if (stat(path, &st) == 0) {
assert_se(get_process_comm(pid, &a) >= 0);
log_info("PID"PID_FMT" comm: '%s'", pid, a);
} else
log_warning("%s not exist.", path);
assert_se(get_process_cmdline(pid, 0, true, &c) >= 0);
log_info("PID"PID_FMT" cmdline: '%s'", pid, c);
assert_se(get_process_cmdline(pid, 8, false, &d) >= 0);
log_info("PID"PID_FMT" cmdline truncated to 8: '%s'", pid, d);
free(d);
assert_se(get_process_cmdline(pid, 1, false, &d) >= 0);
log_info("PID"PID_FMT" cmdline truncated to 1: '%s'", pid, d);
assert_se(get_process_ppid(pid, &e) >= 0);
log_info("PID"PID_FMT" PPID: "PID_FMT, pid, e);
assert_se(pid == 1 ? e == 0 : e > 0);
assert_se(is_kernel_thread(pid) == 0 || pid != 1);
r = get_process_exe(pid, &f);
assert_se(r >= 0 || r == -EACCES);
log_info("PID"PID_FMT" exe: '%s'", pid, strna(f));
assert_se(get_process_uid(pid, &u) == 0);
log_info("PID"PID_FMT" UID: "UID_FMT, pid, u);
assert_se(u == 0 || pid != 1);
assert_se(get_process_gid(pid, &g) == 0);
log_info("PID"PID_FMT" GID: "GID_FMT, pid, g);
assert_se(g == 0 || pid != 1);
r = get_process_environ(pid, &env);
assert_se(r >= 0 || r == -EACCES);
log_info("PID"PID_FMT" strlen(environ): %zi", pid, env ? (ssize_t)strlen(env) : (ssize_t)-errno);
if (!detect_container())
assert_se(get_ctty_devnr(pid, &h) == -ENXIO || pid != 1);
getenv_for_pid(pid, "PATH", &i);
log_info("PID"PID_FMT" $PATH: '%s'", pid, strna(i));
}
static bool ignore_proc(pid_t pid, bool warn_rootfs) {
_cleanup_fclose_ FILE *f = NULL;
char c;
const char *p;
size_t count;
uid_t uid;
int r;
/* We are PID 1, let's not commit suicide */
if (pid == 1)
return true;
r = get_process_uid(pid, &uid);
if (r < 0)
return true; /* not really, but better safe than sorry */
/* Non-root processes otherwise are always subject to be killed */
if (uid != 0)
return false;
p = procfs_file_alloca(pid, "cmdline");
f = fopen(p, "re");
if (!f)
return true; /* not really, but has the desired effect */
count = fread(&c, 1, 1, f);
/* Kernel threads have an empty cmdline */
if (count <= 0)
return true;
/* Processes with argv[0][0] = '@' we ignore from the killing
* spree.
*
* http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons */
if (c == '@' && warn_rootfs) {
_cleanup_free_ char *comm = NULL;
r = pid_from_same_root_fs(pid);
if (r < 0)
return true;
get_process_comm(pid, &comm);
if (r)
log_notice("Process " PID_FMT " (%s) has been been marked to be excluded from killing. It is "
"running from the root file system, and thus likely to block re-mounting of the "
"root file system to read-only. Please consider moving it into an initrd file "
"system instead.", pid, strna(comm));
return true;
} else if (c == '@')
return true;
return false;
}
static void client_context_read_uid_gid(ClientContext *c, const struct ucred *ucred) {
assert(c);
assert(pid_is_valid(c->pid));
/* The ucred data passed in is always the most current and accurate, if we have any. Use it. */
if (ucred && uid_is_valid(ucred->uid))
c->uid = ucred->uid;
else
(void) get_process_uid(c->pid, &c->uid);
if (ucred && gid_is_valid(ucred->gid))
c->gid = ucred->gid;
else
(void) get_process_gid(c->pid, &c->gid);
}
static bool ignore_proc(pid_t pid) {
_cleanup_fclose_ FILE *f = NULL;
char c;
const char *p;
size_t count;
uid_t uid;
int r;
/* We are PID 1, let's not commit suicide */
if (pid == 1)
return true;
r = get_process_uid(pid, &uid);
if (r < 0)
return true; /* not really, but better safe than sorry */
/* Non-root processes otherwise are always subject to be killed */
if (uid != 0)
return false;
p = procfs_file_alloca(pid, "cmdline");
f = fopen(p, "re");
if (!f)
return true; /* not really, but has the desired effect */
count = fread(&c, 1, 1, f);
/* Kernel threads have an empty cmdline */
if (count <= 0)
return true;
/* Processes with argv[0][0] = '@' we ignore from the killing
* spree.
*
* http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons */
if (count == 1 && c == '@')
return true;
return false;
}
static void test_get_process_comm(void) {
struct stat st;
_cleanup_free_ char *a = NULL, *c = NULL, *d = NULL, *f = NULL, *i = NULL, *cwd = NULL, *root = NULL;
_cleanup_free_ char *env = NULL;
pid_t e;
uid_t u;
gid_t g;
dev_t h;
int r;
pid_t me;
if (stat("/proc/1/comm", &st) == 0) {
assert_se(get_process_comm(1, &a) >= 0);
log_info("pid1 comm: '%s'", a);
} else
log_warning("/proc/1/comm does not exist.");
assert_se(get_process_cmdline(1, 0, true, &c) >= 0);
log_info("pid1 cmdline: '%s'", c);
assert_se(get_process_cmdline(1, 8, false, &d) >= 0);
log_info("pid1 cmdline truncated: '%s'", d);
assert_se(get_process_ppid(1, &e) >= 0);
log_info("pid1 ppid: "PID_FMT, e);
assert_se(e == 0);
assert_se(is_kernel_thread(1) == 0);
r = get_process_exe(1, &f);
assert_se(r >= 0 || r == -EACCES);
log_info("pid1 exe: '%s'", strna(f));
assert_se(get_process_uid(1, &u) == 0);
log_info("pid1 uid: "UID_FMT, u);
assert_se(u == 0);
assert_se(get_process_gid(1, &g) == 0);
log_info("pid1 gid: "GID_FMT, g);
assert_se(g == 0);
me = getpid();
r = get_process_cwd(me, &cwd);
assert_se(r >= 0 || r == -EACCES);
log_info("pid1 cwd: '%s'", cwd);
r = get_process_root(me, &root);
assert_se(r >= 0 || r == -EACCES);
log_info("pid1 root: '%s'", root);
r = get_process_environ(me, &env);
assert_se(r >= 0 || r == -EACCES);
log_info("self strlen(environ): '%zu'", strlen(env));
if (!detect_container())
assert_se(get_ctty_devnr(1, &h) == -ENXIO);
getenv_for_pid(1, "PATH", &i);
log_info("pid1 $PATH: '%s'", strna(i));
}
