1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00

Merge pull request #26225 from qdeslandes/fix_delegate_cgroup_logs_filtering

Fix delegate cgroup logs filtering
This commit is contained in:
Luca Boccassi 2023-02-08 19:36:21 +00:00 committed by GitHub
commit 777440f110
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 97 additions and 5 deletions

View File

@ -1198,6 +1198,28 @@ int cg_path_get_unit(const char *path, char **ret) {
return 0;
}
int cg_path_get_unit_path(const char *path, char **ret) {
_cleanup_free_ char *path_copy = NULL;
char *unit_name;
assert(path);
assert(ret);
path_copy = strdup(path);
if (!path_copy)
return -ENOMEM;
unit_name = (char *)skip_slices(path_copy);
unit_name[strcspn(unit_name, "/")] = 0;
if (!unit_name_is_valid(cg_unescape(unit_name), UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
return -ENXIO;
*ret = TAKE_PTR(path_copy);
return 0;
}
int cg_pid_get_unit(pid_t pid, char **unit) {
_cleanup_free_ char *cgroup = NULL;
int r;

View File

@ -261,6 +261,7 @@ int cg_path_get_cgroupid(const char *path, uint64_t *ret);
int cg_path_get_session(const char *path, char **session);
int cg_path_get_owner_uid(const char *path, uid_t *uid);
int cg_path_get_unit(const char *path, char **unit);
int cg_path_get_unit_path(const char *path, char **unit);
int cg_path_get_user_unit(const char *path, char **unit);
int cg_path_get_machine_name(const char *path, char **machine);
int cg_path_get_slice(const char *path, char **slice);

View File

@ -46,16 +46,20 @@ static int client_parse_log_filter_nulstr(const char *nulstr, size_t len, Set **
int client_context_read_log_filter_patterns(ClientContext *c, const char *cgroup) {
char *deny_list_xattr, *xattr_end;
_cleanup_free_ char *xattr = NULL;
_cleanup_free_ char *xattr = NULL, *unit_cgroup = NULL;
_cleanup_set_free_ Set *allow_list = NULL, *deny_list = NULL;
int r;
assert(c);
r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, cgroup, "user.journald_log_filter_patterns", &xattr);
r = cg_path_get_unit_path(cgroup, &unit_cgroup);
if (r < 0)
return log_debug_errno(r, "Failed to get the unit's cgroup path for %s: %m", cgroup);
r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, unit_cgroup, "user.journald_log_filter_patterns", &xattr);
if (r < 0) {
if (!ERRNO_IS_XATTR_ABSENT(r))
return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", cgroup);
return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", unit_cgroup);
client_set_filtering_patterns(c, NULL, NULL);
return 0;

View File

@ -63,6 +63,33 @@ TEST(path_get_unit) {
check_p_g_u("/user.slice/user-1000.slice/user@.service/server.service", -ENXIO, NULL);
}
static void check_p_g_u_p(const char *path, int code, const char *result) {
_cleanup_free_ char *unit_path = NULL;
int r;
r = cg_path_get_unit_path(path, &unit_path);
printf("%s: %s → %s %d expected %s %d\n", __func__, path, unit_path, r, strnull(result), code);
assert_se(r == code);
assert_se(streq_ptr(unit_path, result));
}
TEST(path_get_unit_path) {
check_p_g_u_p("/system.slice/foobar.service/sdfdsaf", 0, "/system.slice/foobar.service");
check_p_g_u_p("/system.slice/getty@tty5.service", 0, "/system.slice/getty@tty5.service");
check_p_g_u_p("/system.slice/getty@tty5.service/aaa/bbb", 0, "/system.slice/getty@tty5.service");
check_p_g_u_p("/system.slice/getty@tty5.service/", 0, "/system.slice/getty@tty5.service");
check_p_g_u_p("/system.slice/getty@tty6.service/tty5", 0, "/system.slice/getty@tty6.service");
check_p_g_u_p("sadfdsafsda", -ENXIO, NULL);
check_p_g_u_p("/system.slice/getty####@tty6.service/xxx", -ENXIO, NULL);
check_p_g_u_p("/system.slice/system-waldo.slice/foobar.service/sdfdsaf", 0, "/system.slice/system-waldo.slice/foobar.service");
check_p_g_u_p("/system.slice/system-waldo.slice/_cpu.service/sdfdsaf", 0, "/system.slice/system-waldo.slice/_cpu.service");
check_p_g_u_p("/system.slice/system-waldo.slice/_cpu.service", 0, "/system.slice/system-waldo.slice/_cpu.service");
check_p_g_u_p("/user.slice/user-1000.slice/user@1000.service/server.service", 0, "/user.slice/user-1000.slice/user@1000.service");
check_p_g_u_p("/user.slice/user-1000.slice/user@.service/server.service", -ENXIO, NULL);
check_p_g_u_p("/user.slice/_user-1000.slice/user@1000.service/foobar.slice/foobar@pie.service", 0, "/user.slice/_user-1000.slice/user@1000.service");
check_p_g_u_p("/_session-2.scope/_foobar@pie.service/pa/po", 0, "/_session-2.scope");
}
static void check_p_g_u_u(const char *path, int code, const char *result) {
_cleanup_free_ char *unit = NULL;
int r;

View File

@ -0,0 +1,8 @@
[Unit]
Description=Test service for delegated logs filtering
[Service]
Type=simple
ExecStart=/usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload.sh
Delegate=yes
SyslogLevel=notice

View File

@ -0,0 +1,12 @@
#!/bin/sh
# SPDX-License-Identifier: LGPL-2.1-or-later
mkdir /sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child
/bin/sh /usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload_child.sh &
while true
do
echo "parent_process: hello, world!"
echo "parent_process: hello, people!"
sleep .15
done

View File

@ -0,0 +1,11 @@
#!/bin/sh
# SPDX-License-Identifier: LGPL-2.1-or-later
echo $$ >/sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child/cgroup.procs
while true
do
echo "child_process: hello, world!"
echo "child_process: hello, people!"
sleep .15
done

View File

@ -185,8 +185,8 @@ function add_logs_filtering_override() {
LOG_FILTER=${3:-""}
mkdir -p /etc/systemd/system/"$UNIT".d/
echo "[Service]" >/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf
echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf
echo "[Service]" >/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf
echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf
systemctl daemon-reload
}
@ -256,7 +256,14 @@ if is_xattr_supported; then
add_logs_filtering_override "logs-filtering.service" "10-allow-with-escape-char" "\x7emore~"
[[ -n $(run_service_and_fetch_logs "logs-filtering.service") ]]
add_logs_filtering_override "delegated-cgroup-filtering.service" "00-allow-all" ".*"
[[ -n $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]]
add_logs_filtering_override "delegated-cgroup-filtering.service" "01-discard-hello" "~hello"
[[ -z $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]]
rm -rf /etc/systemd/system/logs-filtering.service.d
rm -rf /etc/systemd/system/delegated-cgroup-filtering.service.d
fi
touch /testok