mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 06:25:37 +03:00
Merge pull request #26225 from qdeslandes/fix_delegate_cgroup_logs_filtering
Fix delegate cgroup logs filtering
This commit is contained in:
commit
777440f110
@ -1198,6 +1198,28 @@ int cg_path_get_unit(const char *path, char **ret) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int cg_path_get_unit_path(const char *path, char **ret) {
|
||||
_cleanup_free_ char *path_copy = NULL;
|
||||
char *unit_name;
|
||||
|
||||
assert(path);
|
||||
assert(ret);
|
||||
|
||||
path_copy = strdup(path);
|
||||
if (!path_copy)
|
||||
return -ENOMEM;
|
||||
|
||||
unit_name = (char *)skip_slices(path_copy);
|
||||
unit_name[strcspn(unit_name, "/")] = 0;
|
||||
|
||||
if (!unit_name_is_valid(cg_unescape(unit_name), UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
|
||||
return -ENXIO;
|
||||
|
||||
*ret = TAKE_PTR(path_copy);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int cg_pid_get_unit(pid_t pid, char **unit) {
|
||||
_cleanup_free_ char *cgroup = NULL;
|
||||
int r;
|
||||
|
@ -261,6 +261,7 @@ int cg_path_get_cgroupid(const char *path, uint64_t *ret);
|
||||
int cg_path_get_session(const char *path, char **session);
|
||||
int cg_path_get_owner_uid(const char *path, uid_t *uid);
|
||||
int cg_path_get_unit(const char *path, char **unit);
|
||||
int cg_path_get_unit_path(const char *path, char **unit);
|
||||
int cg_path_get_user_unit(const char *path, char **unit);
|
||||
int cg_path_get_machine_name(const char *path, char **machine);
|
||||
int cg_path_get_slice(const char *path, char **slice);
|
||||
|
@ -46,16 +46,20 @@ static int client_parse_log_filter_nulstr(const char *nulstr, size_t len, Set **
|
||||
|
||||
int client_context_read_log_filter_patterns(ClientContext *c, const char *cgroup) {
|
||||
char *deny_list_xattr, *xattr_end;
|
||||
_cleanup_free_ char *xattr = NULL;
|
||||
_cleanup_free_ char *xattr = NULL, *unit_cgroup = NULL;
|
||||
_cleanup_set_free_ Set *allow_list = NULL, *deny_list = NULL;
|
||||
int r;
|
||||
|
||||
assert(c);
|
||||
|
||||
r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, cgroup, "user.journald_log_filter_patterns", &xattr);
|
||||
r = cg_path_get_unit_path(cgroup, &unit_cgroup);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to get the unit's cgroup path for %s: %m", cgroup);
|
||||
|
||||
r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, unit_cgroup, "user.journald_log_filter_patterns", &xattr);
|
||||
if (r < 0) {
|
||||
if (!ERRNO_IS_XATTR_ABSENT(r))
|
||||
return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", cgroup);
|
||||
return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", unit_cgroup);
|
||||
|
||||
client_set_filtering_patterns(c, NULL, NULL);
|
||||
return 0;
|
||||
|
@ -63,6 +63,33 @@ TEST(path_get_unit) {
|
||||
check_p_g_u("/user.slice/user-1000.slice/user@.service/server.service", -ENXIO, NULL);
|
||||
}
|
||||
|
||||
static void check_p_g_u_p(const char *path, int code, const char *result) {
|
||||
_cleanup_free_ char *unit_path = NULL;
|
||||
int r;
|
||||
|
||||
r = cg_path_get_unit_path(path, &unit_path);
|
||||
printf("%s: %s → %s %d expected %s %d\n", __func__, path, unit_path, r, strnull(result), code);
|
||||
assert_se(r == code);
|
||||
assert_se(streq_ptr(unit_path, result));
|
||||
}
|
||||
|
||||
TEST(path_get_unit_path) {
|
||||
check_p_g_u_p("/system.slice/foobar.service/sdfdsaf", 0, "/system.slice/foobar.service");
|
||||
check_p_g_u_p("/system.slice/getty@tty5.service", 0, "/system.slice/getty@tty5.service");
|
||||
check_p_g_u_p("/system.slice/getty@tty5.service/aaa/bbb", 0, "/system.slice/getty@tty5.service");
|
||||
check_p_g_u_p("/system.slice/getty@tty5.service/", 0, "/system.slice/getty@tty5.service");
|
||||
check_p_g_u_p("/system.slice/getty@tty6.service/tty5", 0, "/system.slice/getty@tty6.service");
|
||||
check_p_g_u_p("sadfdsafsda", -ENXIO, NULL);
|
||||
check_p_g_u_p("/system.slice/getty####@tty6.service/xxx", -ENXIO, NULL);
|
||||
check_p_g_u_p("/system.slice/system-waldo.slice/foobar.service/sdfdsaf", 0, "/system.slice/system-waldo.slice/foobar.service");
|
||||
check_p_g_u_p("/system.slice/system-waldo.slice/_cpu.service/sdfdsaf", 0, "/system.slice/system-waldo.slice/_cpu.service");
|
||||
check_p_g_u_p("/system.slice/system-waldo.slice/_cpu.service", 0, "/system.slice/system-waldo.slice/_cpu.service");
|
||||
check_p_g_u_p("/user.slice/user-1000.slice/user@1000.service/server.service", 0, "/user.slice/user-1000.slice/user@1000.service");
|
||||
check_p_g_u_p("/user.slice/user-1000.slice/user@.service/server.service", -ENXIO, NULL);
|
||||
check_p_g_u_p("/user.slice/_user-1000.slice/user@1000.service/foobar.slice/foobar@pie.service", 0, "/user.slice/_user-1000.slice/user@1000.service");
|
||||
check_p_g_u_p("/_session-2.scope/_foobar@pie.service/pa/po", 0, "/_session-2.scope");
|
||||
}
|
||||
|
||||
static void check_p_g_u_u(const char *path, int code, const char *result) {
|
||||
_cleanup_free_ char *unit = NULL;
|
||||
int r;
|
||||
|
@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=Test service for delegated logs filtering
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload.sh
|
||||
Delegate=yes
|
||||
SyslogLevel=notice
|
12
test/units/delegated_cgroup_filtering_payload.sh
Executable file
12
test/units/delegated_cgroup_filtering_payload.sh
Executable file
@ -0,0 +1,12 @@
|
||||
#!/bin/sh
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
mkdir /sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child
|
||||
/bin/sh /usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload_child.sh &
|
||||
|
||||
while true
|
||||
do
|
||||
echo "parent_process: hello, world!"
|
||||
echo "parent_process: hello, people!"
|
||||
sleep .15
|
||||
done
|
11
test/units/delegated_cgroup_filtering_payload_child.sh
Executable file
11
test/units/delegated_cgroup_filtering_payload_child.sh
Executable file
@ -0,0 +1,11 @@
|
||||
#!/bin/sh
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
echo $$ >/sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child/cgroup.procs
|
||||
|
||||
while true
|
||||
do
|
||||
echo "child_process: hello, world!"
|
||||
echo "child_process: hello, people!"
|
||||
sleep .15
|
||||
done
|
@ -185,8 +185,8 @@ function add_logs_filtering_override() {
|
||||
LOG_FILTER=${3:-""}
|
||||
|
||||
mkdir -p /etc/systemd/system/"$UNIT".d/
|
||||
echo "[Service]" >/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf
|
||||
echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf
|
||||
echo "[Service]" >/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf
|
||||
echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf
|
||||
systemctl daemon-reload
|
||||
}
|
||||
|
||||
@ -256,7 +256,14 @@ if is_xattr_supported; then
|
||||
add_logs_filtering_override "logs-filtering.service" "10-allow-with-escape-char" "\x7emore~"
|
||||
[[ -n $(run_service_and_fetch_logs "logs-filtering.service") ]]
|
||||
|
||||
add_logs_filtering_override "delegated-cgroup-filtering.service" "00-allow-all" ".*"
|
||||
[[ -n $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]]
|
||||
|
||||
add_logs_filtering_override "delegated-cgroup-filtering.service" "01-discard-hello" "~hello"
|
||||
[[ -z $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]]
|
||||
|
||||
rm -rf /etc/systemd/system/logs-filtering.service.d
|
||||
rm -rf /etc/systemd/system/delegated-cgroup-filtering.service.d
|
||||
fi
|
||||
|
||||
touch /testok
|
||||
|
Loading…
Reference in New Issue
Block a user