static int builtin_uaccess(sd_device *dev, int argc, char *argv[], bool test) { const char *path = NULL, *seat; bool changed_acl = false; uid_t uid; int r; umask(0022); /* don't muck around with ACLs when the system is not running systemd */ if (!logind_running()) return 0; r = sd_device_get_devname(dev, &path); if (r < 0) { log_device_error_errno(dev, r, "Failed to get device name: %m"); goto finish; } if (sd_device_get_property_value(dev, "ID_SEAT", &seat) < 0) seat = "seat0"; r = sd_seat_get_active(seat, NULL, &uid); if (r < 0) { if (IN_SET(r, -ENXIO, -ENODATA)) /* No active session on this seat */ r = 0; else log_device_error_errno(dev, r, "Failed to determine active user on seat %s: %m", seat); goto finish; } r = devnode_acl(path, true, false, 0, true, uid); if (r < 0) { log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL: %m"); goto finish; } changed_acl = true; r = 0; finish: if (path && !changed_acl) { int k; /* Better be safe than sorry and reset ACL */ k = devnode_acl(path, true, false, 0, false, 0); if (k < 0) { log_device_full(dev, k == -ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL: %m"); if (r >= 0) r = k; } } return r; }
/** * udev_device_get_devnode: * @udev_device: udev device * * Retrieve the device node file name belonging to the udev device. * The path is an absolute path, and starts with the device directory. * * Returns: the device node file name of the udev device, or #NULL if no device node exists **/ _public_ const char *udev_device_get_devnode(struct udev_device *udev_device) { const char *devnode; int r; assert_return_errno(udev_device, NULL, EINVAL); r = sd_device_get_devname(udev_device->device, &devnode); if (r < 0) { errno = -r; return NULL; } return devnode; }
static int fsck_progress_socket(void) { static const union sockaddr_union sa = { .un.sun_family = AF_UNIX, .un.sun_path = "/run/systemd/fsck.progress", }; int fd, r; fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd < 0) return log_warning_errno(errno, "socket(): %m"); if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) { r = log_full_errno(errno == ECONNREFUSED || errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno, "Failed to connect to progress socket %s, ignoring: %m", sa.un.sun_path); safe_close(fd); return r; } return fd; } int main(int argc, char *argv[]) { _cleanup_close_pair_ int progress_pipe[2] = { -1, -1 }; _cleanup_(sd_device_unrefp) sd_device *dev = NULL; const char *device, *type; bool root_directory; siginfo_t status; struct stat st; int r; pid_t pid; if (argc > 2) { log_error("This program expects one or no arguments."); return EXIT_FAILURE; } log_set_target(LOG_TARGET_AUTO); log_parse_environment(); log_open(); umask(0022); r = parse_proc_cmdline(parse_proc_cmdline_item); if (r < 0) log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m"); test_files(); if (!arg_force && arg_skip) { r = 0; goto finish; } if (argc > 1) { device = argv[1]; if (stat(device, &st) < 0) { r = log_error_errno(errno, "Failed to stat %s: %m", device); goto finish; } if (!S_ISBLK(st.st_mode)) { log_error("%s is not a block device.", device); r = -EINVAL; goto finish; } r = sd_device_new_from_devnum(&dev, 'b', st.st_rdev); if (r < 0) { log_error_errno(r, "Failed to detect device %s: %m", device); goto finish; } root_directory = false; } else { struct timespec times[2]; /* Find root device */ if (stat("/", &st) < 0) { r = log_error_errno(errno, "Failed to stat() the root directory: %m"); goto finish; } /* Virtual root devices don't need an fsck */ if (major(st.st_dev) == 0) { log_debug("Root directory is virtual or btrfs, skipping check."); r = 0; goto finish; } /* check if we are already writable */ times[0] = st.st_atim; times[1] = st.st_mtim; if (utimensat(AT_FDCWD, "/", times, 0) == 0) { log_info("Root directory is writable, skipping check."); r = 0; goto finish; } r = sd_device_new_from_devnum(&dev, 'b', st.st_dev); if (r < 0) { log_error_errno(r, "Failed to detect root device: %m"); goto finish; } r = sd_device_get_devname(dev, &device); if (r < 0) { log_error_errno(r, "Failed to detect device node of root directory: %m"); goto finish; } root_directory = true; } r = sd_device_get_property_value(dev, "ID_FS_TYPE", &type); if (r >= 0) { r = fsck_exists(type); if (r < 0) log_warning_errno(r, "Couldn't detect if fsck.%s may be used for %s, proceeding: %m", type, device); else if (r == 0) { log_info("fsck.%s doesn't exist, not checking file system on %s.", type, device); goto finish; } } if (arg_show_progress) { if (pipe(progress_pipe) < 0) { r = log_error_errno(errno, "pipe(): %m"); goto finish; } } pid = fork(); if (pid < 0) { r = log_error_errno(errno, "fork(): %m"); goto finish; } if (pid == 0) { char dash_c[sizeof("-C")-1 + DECIMAL_STR_MAX(int) + 1]; int progress_socket = -1; const char *cmdline[9]; int i = 0; /* Child */ (void) reset_all_signal_handlers(); (void) reset_signal_mask(); assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); /* Close the reading side of the progress pipe */ progress_pipe[0] = safe_close(progress_pipe[0]); /* Try to connect to a progress management daemon, if there is one */ progress_socket = fsck_progress_socket(); if (progress_socket >= 0) { /* If this worked we close the progress pipe early, and just use the socket */ progress_pipe[1] = safe_close(progress_pipe[1]); xsprintf(dash_c, "-C%i", progress_socket); } else if (progress_pipe[1] >= 0) { /* Otherwise if we have the progress pipe to our own local handle, we use it */ xsprintf(dash_c, "-C%i", progress_pipe[1]); } else dash_c[0] = 0; cmdline[i++] = "/sbin/fsck"; cmdline[i++] = arg_repair; cmdline[i++] = "-T"; /* * Since util-linux v2.25 fsck uses /run/fsck/<diskname>.lock files. * The previous versions use flock for the device and conflict with * udevd, see https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5 */ cmdline[i++] = "-l"; if (!root_directory) cmdline[i++] = "-M"; if (arg_force) cmdline[i++] = "-f"; if (!isempty(dash_c)) cmdline[i++] = dash_c; cmdline[i++] = device; cmdline[i++] = NULL; execv(cmdline[0], (char**) cmdline); _exit(FSCK_OPERATIONAL_ERROR); } progress_pipe[1] = safe_close(progress_pipe[1]); (void) process_progress(progress_pipe[0]); progress_pipe[0] = -1; r = wait_for_terminate(pid, &status); if (r < 0) { log_error_errno(r, "waitid(): %m"); goto finish; } if (status.si_code != CLD_EXITED || (status.si_status & ~1)) { if (status.si_code == CLD_KILLED || status.si_code == CLD_DUMPED) log_error("fsck terminated by signal %s.", signal_to_string(status.si_status)); else if (status.si_code == CLD_EXITED) log_error("fsck failed with error code %i.", status.si_status); else log_error("fsck failed due to unknown reason."); r = -EINVAL; if (status.si_code == CLD_EXITED && (status.si_status & FSCK_SYSTEM_SHOULD_REBOOT) && root_directory) /* System should be rebooted. */ start_target(SPECIAL_REBOOT_TARGET, "replace-irreversibly"); else if (status.si_code == CLD_EXITED && (status.si_status & (FSCK_SYSTEM_SHOULD_REBOOT | FSCK_ERRORS_LEFT_UNCORRECTED))) /* Some other problem */ start_target(SPECIAL_EMERGENCY_TARGET, "replace"); else { log_warning("Ignoring error."); r = 0; } } else r = 0; if (status.si_code == CLD_EXITED && (status.si_status & FSCK_ERROR_CORRECTED)) (void) touch("/run/systemd/quotacheck"); finish: return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; }
static int node_permissions_apply(sd_device *dev, bool apply, mode_t mode, uid_t uid, gid_t gid, Hashmap *seclabel_list) { const char *devnode, *subsystem, *id_filename = NULL; struct stat stats; dev_t devnum; int r = 0; assert(dev); r = sd_device_get_devname(dev, &devnode); if (r < 0) return log_device_debug_errno(dev, r, "Failed to get devname: %m"); r = sd_device_get_subsystem(dev, &subsystem); if (r < 0) return log_device_debug_errno(dev, r, "Failed to get subsystem: %m"); r = sd_device_get_devnum(dev, &devnum); if (r < 0) return log_device_debug_errno(dev, r, "Failed to get devnum: %m"); (void) device_get_id_filename(dev, &id_filename); if (streq(subsystem, "block")) mode |= S_IFBLK; else mode |= S_IFCHR; if (lstat(devnode, &stats) < 0) return log_device_debug_errno(dev, errno, "cannot stat() node '%s' (%m)", devnode); if (((stats.st_mode & S_IFMT) != (mode & S_IFMT)) || (stats.st_rdev != devnum)) return log_device_debug_errno(dev, EEXIST, "Found node '%s' with non-matching devnum %s, skip handling", devnode, id_filename); if (apply) { bool selinux = false, smack = false; const char *name, *label; Iterator i; if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) { log_device_debug(dev, "Setting permissions %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid); if (chmod(devnode, mode) < 0) r = log_device_warning_errno(dev, errno, "Failed to set mode of %s to %#o: %m", devnode, mode); if (chown(devnode, uid, gid) < 0) r = log_device_warning_errno(dev, errno, "Failed to set owner of %s to uid=%u, gid=%u: %m", devnode, uid, gid); } else log_device_debug(dev, "Preserve permissions of %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid); /* apply SECLABEL{$module}=$label */ HASHMAP_FOREACH_KEY(label, name, seclabel_list, i) { int q; if (streq(name, "selinux")) { selinux = true; q = mac_selinux_apply(devnode, label); if (q < 0) log_device_error_errno(dev, q, "SECLABEL: failed to set SELinux label '%s': %m", label); else log_device_debug(dev, "SECLABEL: set SELinux label '%s'", label); } else if (streq(name, "smack")) { smack = true; q = mac_smack_apply(devnode, SMACK_ATTR_ACCESS, label); if (q < 0) log_device_error_errno(dev, q, "SECLABEL: failed to set SMACK label '%s': %m", label); else log_device_debug(dev, "SECLABEL: set SMACK label '%s'", label); } else log_device_error(dev, "SECLABEL: unknown subsystem, ignoring '%s'='%s'", name, label); } /* set the defaults */ if (!selinux) (void) mac_selinux_fix(devnode, LABEL_IGNORE_ENOENT); if (!smack) (void) mac_smack_apply(devnode, SMACK_ATTR_ACCESS, NULL); }
/* find device node of device with highest priority */ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, char **ret) { _cleanup_closedir_ DIR *dir = NULL; _cleanup_free_ char *target = NULL; struct dirent *dent; int r, priority = 0; assert(!add || dev); assert(stackdir); assert(ret); if (add) { const char *devnode; r = device_get_devlink_priority(dev, &priority); if (r < 0) return r; r = sd_device_get_devname(dev, &devnode); if (r < 0) return r; target = strdup(devnode); if (!target) return -ENOMEM; } dir = opendir(stackdir); if (!dir) { if (target) { *ret = TAKE_PTR(target); return 0; } return -errno; } FOREACH_DIRENT_ALL(dent, dir, break) { _cleanup_(sd_device_unrefp) sd_device *dev_db = NULL; const char *devnode, *id_filename; int db_prio = 0; if (dent->d_name[0] == '\0') break; if (dent->d_name[0] == '.') continue; log_device_debug(dev, "Found '%s' claiming '%s'", dent->d_name, stackdir); if (device_get_id_filename(dev, &id_filename) < 0) continue; /* did we find ourself? */ if (streq(dent->d_name, id_filename)) continue; if (sd_device_new_from_device_id(&dev_db, dent->d_name) < 0) continue; if (sd_device_get_devname(dev_db, &devnode) < 0) continue; if (device_get_devlink_priority(dev_db, &db_prio) < 0) continue; if (target && db_prio <= priority) continue; log_device_debug(dev_db, "Device claims priority %i for '%s'", db_prio, stackdir); r = free_and_strdup(&target, devnode); if (r < 0) return r; priority = db_prio; } if (!target) return -ENOENT; *ret = TAKE_PTR(target); return 0; }