diff --git a/coccinelle/macros.h b/coccinelle/macros.h index f44b3f2d26f..adfea5fbec4 100644 --- a/coccinelle/macros.h +++ b/coccinelle/macros.h @@ -43,7 +43,7 @@ // src/basic/umask-util.h #define _cleanup_umask_ -#define RUN_WITH_UMASK(mask) \ +#define WITH_UMASK(mask) \ for (_cleanup_umask_ mode_t _saved_umask_ = umask(mask) | S_IFMT; \ FLAGS_SET(_saved_umask_, S_IFMT); \ _saved_umask_ &= 0777) diff --git a/src/basic/umask-util.h b/src/basic/umask-util.h index 90d18f70ba4..6f0e1cc2b24 100644 --- a/src/basic/umask-util.h +++ b/src/basic/umask-util.h @@ -15,12 +15,12 @@ static inline void umaskp(mode_t *u) { /* We make use of the fact here that the umask() concept is using only the lower 9 bits of mode_t, although * mode_t has space for the file type in the bits further up. We simply OR in the file type mask S_IFMT to - * distinguish the first and the second iteration of the RUN_WITH_UMASK() loop, so that we can run the first - * one, and exit on the second. */ + * distinguish the first and the second iteration of the WITH_UMASK() loop, so that we can run the first one, + * and exit on the second. */ assert_cc((S_IFMT & 0777) == 0); -#define RUN_WITH_UMASK(mask) \ +#define WITH_UMASK(mask) \ for (_cleanup_umask_ mode_t _saved_umask_ = umask(mask) | S_IFMT; \ FLAGS_SET(_saved_umask_, S_IFMT); \ _saved_umask_ &= 0777) diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index 44a5a371b90..7721c3d2e38 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -828,7 +828,7 @@ static int copy_file_with_version_check(const char *from, const char *to, bool f if (r < 0) return log_oom(); - RUN_WITH_UMASK(0000) { + WITH_UMASK(0000) { fd_to = open(t, O_WRONLY|O_CREAT|O_CLOEXEC|O_EXCL|O_NOFOLLOW, 0644); if (fd_to < 0) return log_error_errno(errno, "Failed to open \"%s\" for writing: %m", t); @@ -2073,7 +2073,7 @@ static int install_random_seed(const char *esp) { /* Let's write this variable with an umask in effect, so that unprivileged users can't see the token * and possibly get identification information or too much insight into the kernel's entropy pool * state. */ - RUN_WITH_UMASK(0077) { + WITH_UMASK(0077) { r = efi_set_variable(EFI_LOADER_VARIABLE(LoaderSystemToken), buffer, sizeof(buffer)); if (r < 0) { if (!arg_graceful) @@ -2147,7 +2147,7 @@ static int verb_install(int argc, char *argv[], void *userdata) { const char *arch = arg_arch_all ? "" : get_efi_arch(); - RUN_WITH_UMASK(0002) { + WITH_UMASK(0002) { if (install) { /* Don't create any of these directories when we are just updating. When we update * we'll drop-in our files (unless there are newer ones already), but we won't create diff --git a/src/core/dbus.c b/src/core/dbus.c index 0bf2391b039..c6024a061eb 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -941,7 +941,7 @@ int bus_init_private(Manager *m) { if (fd < 0) return log_error_errno(errno, "Failed to allocate private socket: %m"); - RUN_WITH_UMASK(0077) + WITH_UMASK(0077) r = bind(fd, &sa.sa, sa_len); if (r < 0) return log_error_errno(errno, "Failed to bind private socket: %m"); diff --git a/src/core/main.c b/src/core/main.c index 9c1de3624cb..25a558b6cf4 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1376,7 +1376,7 @@ static int write_container_id(void) { if (isempty(c)) return 0; - RUN_WITH_UMASK(0022) + WITH_UMASK(0022) r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE); if (r < 0) return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m"); diff --git a/src/core/manager.c b/src/core/manager.c index 598604d6945..e9b7b26160f 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -1103,7 +1103,7 @@ static int manager_setup_cgroups_agent(Manager *m) { (void) sockaddr_un_unlink(&sa.un); /* Only allow root to connect to this socket */ - RUN_WITH_UMASK(0077) + WITH_UMASK(0077) r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)); if (r < 0) return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path); @@ -3674,7 +3674,7 @@ static int manager_run_environment_generators(Manager *m) { if (!generator_path_any((const char* const*) paths)) return 0; - RUN_WITH_UMASK(0022) + WITH_UMASK(0022) r = execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL, m->transient_environment, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID); @@ -3776,7 +3776,7 @@ static int manager_run_generators(Manager *m) { goto finish; } - RUN_WITH_UMASK(0022) + WITH_UMASK(0022) (void) execute_directories( (const char* const*) paths, DEFAULT_TIMEOUT_USEC, diff --git a/src/core/namespace.c b/src/core/namespace.c index 4920716f348..7082cd19d89 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -2708,7 +2708,7 @@ static int make_tmp_prefix(const char *prefix) { if (errno != ENOENT) return -errno; - RUN_WITH_UMASK(000) + WITH_UMASK(000) r = mkdir_parents(prefix, 0755); if (r < 0) return r; @@ -2765,7 +2765,7 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch if (r < 0) return r; - RUN_WITH_UMASK(0077) + WITH_UMASK(0077) if (!mkdtemp(x)) { if (errno == EROFS || ERRNO_IS_DISK_SPACE(errno)) rw = false; @@ -2778,7 +2778,7 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch if (!y) return -ENOMEM; - RUN_WITH_UMASK(0000) + WITH_UMASK(0000) if (mkdir(y, 0777 | S_ISVTX) < 0) return -errno; @@ -2792,7 +2792,7 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch /* Trouble: we failed to create the directory. Instead of failing, let's simulate /tmp being * read-only. This way the service will get the EROFS result as if it was writing to the real * file system. */ - RUN_WITH_UMASK(0000) + WITH_UMASK(0000) r = mkdir_p(RUN_SYSTEMD_EMPTY, 0500); if (r < 0) return r; diff --git a/src/core/unit.c b/src/core/unit.c index b052402cfb3..b7cca3e2871 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4469,7 +4469,7 @@ int unit_make_transient(Unit *u) { /* Let's open the file we'll write the transient settings into. This file is kept open as long as we are * creating the transient, and is closed in unit_load(), as soon as we start loading the file. */ - RUN_WITH_UMASK(0022) { + WITH_UMASK(0022) { f = fopen(path, "we"); if (!f) return -errno; diff --git a/src/home/homework-directory.c b/src/home/homework-directory.c index 6dc3df55a85..d3bc5474298 100644 --- a/src/home/homework-directory.c +++ b/src/home/homework-directory.c @@ -130,7 +130,7 @@ int home_create_directory_or_subvolume(UserRecord *h, HomeSetup *setup, UserReco switch (user_record_storage(h)) { case USER_SUBVOLUME: - RUN_WITH_UMASK(0077) + WITH_UMASK(0077) r = btrfs_subvol_make(d); if (r >= 0) { diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 1ad5ddd5032..0b1b9c6861b 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -687,7 +687,7 @@ static int create_socket(char **ret) { return r; sa_len = r; - RUN_WITH_UMASK(0177) + WITH_UMASK(0177) if (bind(fd, &sa.sa, sa_len) < 0) return -errno; diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c index c2902d35082..9b7270ae535 100644 --- a/src/shared/base-filesystem.c +++ b/src/shared/base-filesystem.c @@ -178,7 +178,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { continue; } - RUN_WITH_UMASK(0000) + WITH_UMASK(0000) r = mkdirat(fd, table[i].dir, table[i].mode); if (r < 0) { log_full_errno(IN_SET(errno, EEXIST, EROFS) || table[i].ignore_failure ? LOG_DEBUG : LOG_ERR, errno, diff --git a/src/shared/copy.c b/src/shared/copy.c index e6265e2c966..e2ce4b29074 100644 --- a/src/shared/copy.c +++ b/src/shared/copy.c @@ -1357,7 +1357,7 @@ int copy_file_full( if (r < 0) return r; - RUN_WITH_UMASK(0000) { + WITH_UMASK(0000) { if (copy_flags & COPY_MAC_CREATE) { r = mac_selinux_create_file_prepare(to, S_IFREG); if (r < 0) diff --git a/src/shared/machine-id-setup.c b/src/shared/machine-id-setup.c index 2e33a23cb92..0bdaba00e64 100644 --- a/src/shared/machine-id-setup.c +++ b/src/shared/machine-id-setup.c @@ -89,7 +89,7 @@ int machine_id_setup(const char *root, bool force_transient, sd_id128_t machine_ etc_machine_id = prefix_roota(root, "/etc/machine-id"); - RUN_WITH_UMASK(0000) { + WITH_UMASK(0000) { /* We create this 0444, to indicate that this isn't really * something you should ever modify. Of course, since the file * will be owned by root it doesn't matter much, but maybe @@ -166,7 +166,7 @@ int machine_id_setup(const char *root, bool force_transient, sd_id128_t machine_ run_machine_id = prefix_roota(root, "/run/machine-id"); - RUN_WITH_UMASK(0022) + WITH_UMASK(0022) r = id128_write(run_machine_id, ID128_FORMAT_PLAIN, machine_id); if (r < 0) { (void) unlink(run_machine_id); diff --git a/src/shared/reboot-util.c b/src/shared/reboot-util.c index 7fa3ff98b69..b1104055683 100644 --- a/src/shared/reboot-util.c +++ b/src/shared/reboot-util.c @@ -42,7 +42,7 @@ int update_reboot_parameter_and_warn(const char *parameter, bool keep) { return 0; } - RUN_WITH_UMASK(0022) { + WITH_UMASK(0022) { r = write_string_file("/run/systemd/reboot-param", parameter, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); if (r < 0) diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c index 8094ad76434..5195ca410c9 100644 --- a/src/shared/socket-label.c +++ b/src/shared/socket-label.c @@ -101,7 +101,7 @@ int socket_address_listen( (void) mkdir_parents_label(p, directory_mode); /* Enforce the right access mode for the socket */ - RUN_WITH_UMASK(~socket_mode) { + WITH_UMASK(~socket_mode) { r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size); if (r == -EADDRINUSE) { /* Unlink and try again */ diff --git a/src/shared/varlink.c b/src/shared/varlink.c index 4d2cfee4918..7ff81973e1c 100644 --- a/src/shared/varlink.c +++ b/src/shared/varlink.c @@ -2326,7 +2326,7 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t (void) sockaddr_un_unlink(&sockaddr.un); - RUN_WITH_UMASK(~m & 0777) { + WITH_UMASK(~m & 0777) { r = mac_selinux_bind(fd, &sockaddr.sa, sockaddr_len); if (r < 0) return r; diff --git a/src/test/test-install-file.c b/src/test/test-install-file.c index 71127755074..8206eb01a2f 100644 --- a/src/test/test-install-file.c +++ b/src/test/test-install-file.c @@ -17,7 +17,7 @@ TEST(install_file) { assert_se(a = path_join(p, "foo")); assert_se(b = path_join(p, "bar")); - RUN_WITH_UMASK(0077) + WITH_UMASK(0077) assert_se(write_string_file(a, "wups", WRITE_STRING_FILE_CREATE) >= 0); assert_se(lstat(a, &stat1) >= 0); diff --git a/src/test/test-umask-util.c b/src/test/test-umask-util.c index df3ae98f505..bd5bc9cb437 100644 --- a/src/test/test-umask-util.c +++ b/src/test/test-umask-util.c @@ -12,7 +12,7 @@ int main(int argc, char *argv[]) { u = umask(0111); n = 0; - RUN_WITH_UMASK(0123) { + WITH_UMASK(0123) { assert_se(umask(000) == 0123); n++; } @@ -20,7 +20,7 @@ int main(int argc, char *argv[]) { assert_se(n == 1); assert_se(umask(u) == 0111); - RUN_WITH_UMASK(0135) { + WITH_UMASK(0135) { assert_se(umask(000) == 0135); n++; } @@ -28,7 +28,7 @@ int main(int argc, char *argv[]) { assert_se(n == 2); assert_se(umask(0111) == u); - RUN_WITH_UMASK(0315) { + WITH_UMASK(0315) { assert_se(umask(000) == 0315); n++; break; diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index f156d90073d..efe0e107b14 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -1499,7 +1499,7 @@ static int create_file(Item *i, const char *path) { if (dir_fd < 0) return dir_fd; - RUN_WITH_UMASK(0000) { + WITH_UMASK(0000) { mac_selinux_create_file_prepare(path, S_IFREG); fd = RET_NERRNO(openat(dir_fd, bn, O_CREAT|O_EXCL|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode)); mac_selinux_create_file_clear(); @@ -1572,7 +1572,7 @@ static int truncate_file(Item *i, const char *path) { if (fd == -ENOENT) { creation = CREATION_NORMAL; /* Didn't work without O_CREATE, try again with */ - RUN_WITH_UMASK(0000) { + WITH_UMASK(0000) { mac_selinux_create_file_prepare(path, S_IFREG); fd = RET_NERRNO(openat(dir_fd, bn, O_CREAT|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode)); mac_selinux_create_file_clear(); @@ -1716,14 +1716,14 @@ static int create_directory_or_subvolume( subvol = false; else { - RUN_WITH_UMASK((~mode) & 0777) + WITH_UMASK((~mode) & 0777) r = btrfs_subvol_make_fd(pfd, bn); } } else r = 0; if (!subvol || ERRNO_IS_NOT_SUPPORTED(r)) - RUN_WITH_UMASK(0000) + WITH_UMASK(0000) r = mkdirat_label(pfd, bn, mode); creation = r >= 0 ? CREATION_NORMAL : CREATION_EXISTING; @@ -1869,7 +1869,7 @@ static int create_device(Item *i, mode_t file_type) { if (dfd < 0) return dfd; - RUN_WITH_UMASK(0000) { + WITH_UMASK(0000) { mac_selinux_create_file_prepare(i->path, file_type); r = RET_NERRNO(mknodat(dfd, bn, i->mode | file_type, i->major_minor)); mac_selinux_create_file_clear(); @@ -1900,7 +1900,7 @@ static int create_device(Item *i, mode_t file_type) { if (i->append_or_force) { fd = safe_close(fd); - RUN_WITH_UMASK(0000) { + WITH_UMASK(0000) { mac_selinux_create_file_prepare(i->path, file_type); r = mknodat_atomic(dfd, bn, i->mode | file_type, i->major_minor); mac_selinux_create_file_clear(); @@ -1971,7 +1971,7 @@ static int create_fifo(Item *i) { if (pfd < 0) return pfd; - RUN_WITH_UMASK(0000) { + WITH_UMASK(0000) { mac_selinux_create_file_prepare(i->path, S_IFIFO); r = RET_NERRNO(mkfifoat(pfd, bn, i->mode)); mac_selinux_create_file_clear(); @@ -1996,7 +1996,7 @@ static int create_fifo(Item *i) { if (i->append_or_force) { fd = safe_close(fd); - RUN_WITH_UMASK(0000) { + WITH_UMASK(0000) { mac_selinux_create_file_prepare(i->path, S_IFIFO); r = mkfifoat_atomic(pfd, bn, i->mode); mac_selinux_create_file_clear(); @@ -2378,7 +2378,7 @@ static int mkdir_parents_rm_if_wrong_type(mode_t child_mode, const char *path) { if (r == -ENOENT) r = rm_if_wrong_type_safe(S_IFDIR, parent_fd, &parent_st, t, AT_SYMLINK_NOFOLLOW); if (r == -ENOENT) { - RUN_WITH_UMASK(0000) + WITH_UMASK(0000) r = mkdirat_label(parent_fd, t, 0755); if (r < 0) { _cleanup_free_ char *parent_name = NULL; @@ -2416,7 +2416,7 @@ static int mkdir_parents_item(Item *i, mode_t child_mode) { if (r < 0 && r != -ENOENT) return r; } else - RUN_WITH_UMASK(0000) + WITH_UMASK(0000) (void) mkdir_parents_label(i->path, 0755); return 0; diff --git a/src/userdb/userdbd-manager.c b/src/userdb/userdbd-manager.c index ff2607f8fe2..81d3f6407c9 100644 --- a/src/userdb/userdbd-manager.c +++ b/src/userdb/userdbd-manager.c @@ -277,7 +277,7 @@ int manager_startup(Manager *m) { (void) sockaddr_un_unlink(&sockaddr.un); - RUN_WITH_UMASK(0000) + WITH_UMASK(0000) if (bind(m->listen_fd, &sockaddr.sa, SOCKADDR_UN_LEN(sockaddr.un)) < 0) return log_error_errno(errno, "Failed to bind socket: %m");