shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-25 10:04:04 +03:00
Code

sysctl: downgrade message when we have no permission

Browse Source 
We need to run sysctl also in containers, because the network
subtree is namespaces and may legitimately be writable. But logging
all "errors" at notice level creates unwanted noise.

Also downgrade message about missing sysctls to log_info. This might also be
relatively common when configuration is targeted at different kernel
versions. With log_debug it'll still end up in the logs, but isn't really worth
of "notice" most of the time.

https://bugzilla.redhat.com/show_bug.cgi?id=1609806
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2020-01-16 14:45:28 +01:00
parent b2ae4d9eb8
commit 32458cc968
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/sysctl/sysctl.c
View File

@ -11,6 +11,7 @@
#include "conf-files.h" #include "conf-files.h"
#include "def.h" #include "def.h"
#include "errno-util.h"
#include "fd-util.h" #include "fd-util.h"
#include "fileio.h" #include "fileio.h"
#include "hashmap.h" #include "hashmap.h"
@ -85,13 +86,15 @@ static int apply_all(OrderedHashmap *sysctl_options) {
k = sysctl_write(option->key, option->value); k = sysctl_write(option->key, option->value);
if (k < 0) { if (k < 0) {
/* If the sysctl is not available in the kernel or we are running with reduced /* If the sysctl is not available in the kernel or we are running with reduced
* privileges and cannot write it, then log about the issue at LOG_NOTICE level, and * privileges and cannot write it, then log about the issue, and proceed without
* proceed without failing. (EROFS is treated as a permission problem here, since * failing. (EROFS is treated as a permission problem here, since that's how
* that's how container managers usually protected their sysctls.) In all other cases * container managers usually protected their sysctls.) In all other cases log an
* log an error and make the tool fail. */ * error and make the tool fail. */
if (IN_SET(k, -EPERM, -EACCES, -EROFS, -ENOENT) || option->ignore_failure) if (option->ignore_failure || k == -EROFS || ERRNO_IS_PRIVILEGE(k))
log_notice_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key); log_debug_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key);
else if (k == -ENOENT)
log_info_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key);
else { else {
log_error_errno(k, "Couldn't write '%s' to '%s': %m", option->value, option->key); log_error_errno(k, "Couldn't write '%s' to '%s': %m", option->value, option->key);
if (r == 0) if (r == 0)