static int exec_list(struct udev_enumerate *udev_enumerate, const char *action, Set *settle_set) { struct udev_list_entry *entry; int r; udev_list_entry_foreach(entry, udev_enumerate_get_list_entry(udev_enumerate)) { char filename[UTIL_PATH_SIZE]; const char *syspath; _cleanup_close_ int fd = -1; syspath = udev_list_entry_get_name(entry); if (verbose) printf("%s\n", syspath); if (dry_run) continue; strscpyl(filename, sizeof(filename), syspath, "/uevent", NULL); fd = open(filename, O_WRONLY|O_CLOEXEC); if (fd < 0) continue; if (settle_set) { r = set_put_strdup(settle_set, syspath); if (r < 0) return log_oom(); } if (write(fd, action, strlen(action)) < 0) log_debug_errno(errno, "error writing '%s' to '%s': %m", action, filename); }
static int link_update_dnssec_negative_trust_anchors(Link *l) { _cleanup_strv_free_ char **ntas = NULL; _cleanup_set_free_free_ Set *ns = NULL; char **i; int r; assert(l); r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas); if (r == -ENODATA) { r = 0; goto clear; } if (r < 0) goto clear; ns = set_new(&dns_name_hash_ops); if (!ns) return -ENOMEM; STRV_FOREACH(i, ntas) { r = set_put_strdup(ns, *i); if (r < 0) return r; }
static int exec_list(sd_device_enumerator *e, const char *action, Set *settle_set) { sd_device *d; int r; FOREACH_DEVICE_AND_SUBSYSTEM(e, d) { _cleanup_free_ char *filename = NULL; const char *syspath; if (sd_device_get_syspath(d, &syspath) < 0) continue; if (arg_verbose) printf("%s\n", syspath); if (arg_dry_run) continue; filename = path_join(syspath, "uevent"); if (!filename) return log_oom(); r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER); if (r < 0) { log_debug_errno(r, "Failed to write '%s' to '%s', ignoring: %m", action, filename); continue; } if (settle_set) { r = set_put_strdup(settle_set, syspath); if (r < 0) return log_oom(); } }
int set_put_strdupv(Set *s, char **l) { int n = 0, r; char **i; STRV_FOREACH(i, l) { r = set_put_strdup(s, *i); if (r < 0) return r; n += r; }
/* Retrieve existing subsystems. This function is called in a new cgroup * namespace. */ static int get_process_controllers(Set **ret) { _cleanup_set_free_free_ Set *controllers = NULL; _cleanup_fclose_ FILE *f = NULL; int r; assert(ret); controllers = set_new(&string_hash_ops); if (!controllers) return -ENOMEM; f = fopen("/proc/self/cgroup", "re"); if (!f) return errno == ENOENT ? -ESRCH : -errno; for (;;) { _cleanup_free_ char *line = NULL; char *e, *l; r = read_line(f, LONG_LINE_MAX, &line); if (r < 0) return r; if (r == 0) break; l = strchr(line, ':'); if (!l) continue; l++; e = strchr(l, ':'); if (!e) continue; *e = 0; if (STR_IN_SET(l, "", "name=systemd", "name=unified")) continue; r = set_put_strdup(controllers, l); if (r < 0) return r; } *ret = TAKE_PTR(controllers); return 0; }
/* Use this function only if you do not have direct access to /proc/self/mountinfo but the caller can open it * for you. This is the case when /proc is masked or not mounted. Otherwise, use bind_remount_recursive. */ int bind_remount_recursive_with_mountinfo( const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **blacklist, FILE *proc_self_mountinfo) { _cleanup_set_free_free_ Set *done = NULL; _cleanup_free_ char *cleaned = NULL; int r; assert(proc_self_mountinfo); /* Recursively remount a directory (and all its submounts) read-only or read-write. If the directory is already * mounted, we reuse the mount and simply mark it MS_BIND|MS_RDONLY (or remove the MS_RDONLY for read-write * operation). If it isn't we first make it one. Afterwards we apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to * all submounts we can access, too. When mounts are stacked on the same mount point we only care for each * individual "top-level" mount on each point, as we cannot influence/access the underlying mounts anyway. We * do not have any effect on future submounts that might get propagated, they migt be writable. This includes * future submounts that have been triggered via autofs. * * If the "blacklist" parameter is specified it may contain a list of subtrees to exclude from the * remount operation. Note that we'll ignore the blacklist for the top-level path. */ cleaned = strdup(prefix); if (!cleaned) return -ENOMEM; path_simplify(cleaned, false); done = set_new(&path_hash_ops); if (!done) return -ENOMEM; for (;;) { _cleanup_set_free_free_ Set *todo = NULL; bool top_autofs = false; char *x; unsigned long orig_flags; todo = set_new(&path_hash_ops); if (!todo) return -ENOMEM; rewind(proc_self_mountinfo); for (;;) { _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL; int k; k = fscanf(proc_self_mountinfo, "%*s " /* (1) mount id */ "%*s " /* (2) parent id */ "%*s " /* (3) major:minor */ "%*s " /* (4) root */ "%ms " /* (5) mount point */ "%*s" /* (6) mount options (superblock) */ "%*[^-]" /* (7) optional fields */ "- " /* (8) separator */ "%ms " /* (9) file system type */ "%*s" /* (10) mount source */ "%*s" /* (11) mount options (bind mount) */ "%*[^\n]", /* some rubbish at the end */ &path, &type); if (k != 2) { if (k == EOF) break; continue; } r = cunescape(path, UNESCAPE_RELAX, &p); if (r < 0) return r; if (!path_startswith(p, cleaned)) continue; /* Ignore this mount if it is blacklisted, but only if it isn't the top-level mount we shall * operate on. */ if (!path_equal(cleaned, p)) { bool blacklisted = false; char **i; STRV_FOREACH(i, blacklist) { if (path_equal(*i, cleaned)) continue; if (!path_startswith(*i, cleaned)) continue; if (path_startswith(p, *i)) { blacklisted = true; log_debug("Not remounting %s blacklisted by %s, called for %s", p, *i, cleaned); break; } } if (blacklisted) continue; } /* Let's ignore autofs mounts. If they aren't * triggered yet, we want to avoid triggering * them, as we don't make any guarantees for * future submounts anyway. If they are * already triggered, then we will find * another entry for this. */ if (streq(type, "autofs")) { top_autofs = top_autofs || path_equal(cleaned, p); continue; } if (!set_contains(done, p)) { r = set_consume(todo, p); p = NULL; if (r == -EEXIST) continue; if (r < 0) return r; } } /* If we have no submounts to process anymore and if * the root is either already done, or an autofs, we * are done */ if (set_isempty(todo) && (top_autofs || set_contains(done, cleaned))) return 0; if (!set_contains(done, cleaned) && !set_contains(todo, cleaned)) { /* The prefix directory itself is not yet a mount, make it one. */ if (mount(cleaned, cleaned, NULL, MS_BIND|MS_REC, NULL) < 0) return -errno; orig_flags = 0; (void) get_mount_flags(cleaned, &orig_flags); orig_flags &= ~MS_RDONLY; if (mount(NULL, cleaned, NULL, (orig_flags & ~flags_mask)|MS_BIND|MS_REMOUNT|new_flags, NULL) < 0) return -errno; log_debug("Made top-level directory %s a mount point.", prefix); r = set_put_strdup(done, cleaned); if (r < 0) return r; } while ((x = set_steal_first(todo))) { r = set_consume(done, x); if (IN_SET(r, 0, -EEXIST)) continue; if (r < 0) return r; /* Deal with mount points that are obstructed by a later mount */ r = path_is_mount_point(x, NULL, 0); if (IN_SET(r, 0, -ENOENT)) continue; if (IN_SET(r, -EACCES, -EPERM)) { /* Even if root user invoke this, submounts under private FUSE or NFS mount points * may not be acceessed. E.g., * * $ bindfs --no-allow-other ~/mnt/mnt ~/mnt/mnt * $ bindfs --no-allow-other ~/mnt ~/mnt * * Then, root user cannot access the mount point ~/mnt/mnt. * In such cases, the submounts are ignored, as we have no way to manage them. */ log_debug_errno(r, "Failed to determine '%s' is mount point or not, ignoring: %m", x); continue; } if (r < 0) return r; /* Try to reuse the original flag set */ orig_flags = 0; (void) get_mount_flags(x, &orig_flags); orig_flags &= ~MS_RDONLY; if (mount(NULL, x, NULL, (orig_flags & ~flags_mask)|MS_BIND|MS_REMOUNT|new_flags, NULL) < 0) return -errno; log_debug("Remounted %s read-only.", x); } }
static int do_execute(char **directories, usec_t timeout, char *argv[]) { _cleanup_hashmap_free_free_ Hashmap *pids = NULL; _cleanup_set_free_free_ Set *seen = NULL; char **directory; /* We fork this all off from a child process so that we can * somewhat cleanly make use of SIGALRM to set a time limit */ (void) reset_all_signal_handlers(); (void) reset_signal_mask(); assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); pids = hashmap_new(NULL); if (!pids) return log_oom(); seen = set_new(&string_hash_ops); if (!seen) return log_oom(); STRV_FOREACH(directory, directories) { _cleanup_closedir_ DIR *d; struct dirent *de; d = opendir(*directory); if (!d) { if (errno == ENOENT) continue; return log_error_errno(errno, "Failed to open directory %s: %m", *directory); } FOREACH_DIRENT(de, d, break) { _cleanup_free_ char *path = NULL; pid_t pid; int r; if (!dirent_is_file(de)) continue; if (set_contains(seen, de->d_name)) { log_debug("%1$s/%2$s skipped (%2$s was already seen).", *directory, de->d_name); continue; } r = set_put_strdup(seen, de->d_name); if (r < 0) return log_oom(); path = strjoin(*directory, "/", de->d_name, NULL); if (!path) return log_oom(); if (null_or_empty_path(path)) { log_debug("%s is empty (a mask).", path); continue; } pid = fork(); if (pid < 0) { log_error_errno(errno, "Failed to fork: %m"); continue; } else if (pid == 0) { char *_argv[2]; assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); if (!argv) { _argv[0] = path; _argv[1] = NULL; argv = _argv; } else argv[0] = path; execv(path, argv); return log_error_errno(errno, "Failed to execute %s: %m", path); } log_debug("Spawned %s as " PID_FMT ".", path, pid); r = hashmap_put(pids, PID_TO_PTR(pid), path); if (r < 0) return log_oom(); path = NULL; } }
static int files_add( Hashmap *h, Set *masked, const char *suffix, const char *root, unsigned flags, const char *path) { _cleanup_closedir_ DIR *dir = NULL; const char *dirpath; struct dirent *de; int r; assert(h); assert((flags & CONF_FILES_FILTER_MASKED) == 0 || masked); assert(path); dirpath = prefix_roota(root, path); dir = opendir(dirpath); if (!dir) { if (errno == ENOENT) return 0; return log_debug_errno(errno, "Failed to open directory '%s': %m", dirpath); } FOREACH_DIRENT(de, dir, return -errno) { struct stat st; char *p, *key; /* Does this match the suffix? */ if (suffix && !endswith(de->d_name, suffix)) continue; /* Has this file already been found in an earlier directory? */ if (hashmap_contains(h, de->d_name)) { log_debug("Skipping overridden file '%s/%s'.", dirpath, de->d_name); continue; } /* Has this been masked in an earlier directory? */ if ((flags & CONF_FILES_FILTER_MASKED) && set_contains(masked, de->d_name)) { log_debug("File '%s/%s' is masked by previous entry.", dirpath, de->d_name); continue; } /* Read file metadata if we shall validate the check for file masks, for node types or whether the node is marked executable. */ if (flags & (CONF_FILES_FILTER_MASKED|CONF_FILES_REGULAR|CONF_FILES_DIRECTORY|CONF_FILES_EXECUTABLE)) if (fstatat(dirfd(dir), de->d_name, &st, 0) < 0) { log_debug_errno(errno, "Failed to stat '%s/%s', ignoring: %m", dirpath, de->d_name); continue; } /* Is this a masking entry? */ if ((flags & CONF_FILES_FILTER_MASKED)) if (null_or_empty(&st)) { /* Mark this one as masked */ r = set_put_strdup(masked, de->d_name); if (r < 0) return r; log_debug("File '%s/%s' is a mask.", dirpath, de->d_name); continue; } /* Does this node have the right type? */ if (flags & (CONF_FILES_REGULAR|CONF_FILES_DIRECTORY)) if (!((flags & CONF_FILES_DIRECTORY) && S_ISDIR(st.st_mode)) && !((flags & CONF_FILES_REGULAR) && S_ISREG(st.st_mode))) { log_debug("Ignoring '%s/%s', as it is not a of the right type.", dirpath, de->d_name); continue; } /* Does this node have the executable bit set? */ if (flags & CONF_FILES_EXECUTABLE) /* As requested: check if the file is marked exectuable. Note that we don't check access(X_OK) * here, as we care about whether the file is marked executable at all, and not whether it is * executable for us, because if so, such errors are stuff we should log about. */ if ((st.st_mode & 0111) == 0) { /* not executable */ log_debug("Ignoring '%s/%s', as it is not marked executable.", dirpath, de->d_name); continue; } if (flags & CONF_FILES_BASENAME) { p = strdup(de->d_name); if (!p) return -ENOMEM; key = p; } else { p = strjoin(dirpath, "/", de->d_name); if (!p) return -ENOMEM; key = basename(p); } r = hashmap_put(h, key, p); if (r < 0) { free(p); return log_debug_errno(r, "Failed to add item to hashmap: %m"); } assert(r > 0); } return 0; }