1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 23:21:22 +03:00

manager: rework manager_taint_string()

When I see stpcpy, my brain bleeds. This function was too complicated
for it's own good.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2022-04-06 12:26:50 +02:00
parent 8dc3c2f197
commit 83fe5d8a78
2 changed files with 27 additions and 44 deletions

View File

@ -4370,71 +4370,54 @@ static int short_uid_range(const char *path) {
return !uid_range_covers(p, n, 0, 65535); return !uid_range_covers(p, n, 0, 65535);
} }
char *manager_taint_string(Manager *m) { char* manager_taint_string(const Manager *m) {
_cleanup_free_ char *destination = NULL, *overflowuid = NULL, *overflowgid = NULL; /* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at
struct utsname uts; * runtime should be tagged here. For stuff that is known during compilation, emit a warning in the
char *buf, *e;
int r;
/* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at
* runtime should be tagged here. For stuff that is set during compilation, emit a warning in the
* configuration phase. */ * configuration phase. */
assert(m); assert(m);
buf = new(char, sizeof("split-usr:" const char* stage[11] = {};
"cgroups-missing:" size_t n = 0;
"cgroupsv1:"
"local-hwclock:"
"var-run-bad:"
"overflowuid-not-65534:"
"overflowgid-not-65534:"
"old-kernel:"
"short-uid-range:"
"short-gid-range:"));
if (!buf)
return NULL;
e = buf;
buf[0] = 0;
if (m->taint_usr) if (m->taint_usr)
e = stpcpy(e, "split-usr:"); stage[n++] = "split-usr";
if (access("/proc/cgroups", F_OK) < 0) if (access("/proc/cgroups", F_OK) < 0)
e = stpcpy(e, "cgroups-missing:"); stage[n++] = "cgroups-missing";
if (cg_all_unified() == 0) if (cg_all_unified() == 0)
e = stpcpy(e, "cgroupsv1:"); stage[n++] = "cgroupsv1";
if (clock_is_localtime(NULL) > 0) if (clock_is_localtime(NULL) > 0)
e = stpcpy(e, "local-hwclock:"); stage[n++] = "local-hwclock";
r = readlink_malloc("/var/run", &destination); _cleanup_free_ char *destination = NULL;
if (r < 0 || !PATH_IN_SET(destination, "../run", "/run")) if (readlink_malloc("/var/run", &destination) < 0 ||
e = stpcpy(e, "var-run-bad:"); !PATH_IN_SET(destination, "../run", "/run"))
stage[n++] = "var-run-bad";
r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid); _cleanup_free_ char *overflowuid = NULL, *overflowgid = NULL;
if (r >= 0 && !streq(overflowuid, "65534")) if (read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid) >= 0 &&
e = stpcpy(e, "overflowuid-not-65534:"); !streq(overflowuid, "65534"))
r = read_one_line_file("/proc/sys/kernel/overflowgid", &overflowgid); stage[n++] = "overflowuid-not-65534";
if (r >= 0 && !streq(overflowgid, "65534")) if (read_one_line_file("/proc/sys/kernel/overflowgid", &overflowgid) >= 0 &&
e = stpcpy(e, "overflowgid-not-65534:"); !streq(overflowgid, "65534"))
stage[n++] = "overflowgid-not-65534";
struct utsname uts;
assert_se(uname(&uts) >= 0); assert_se(uname(&uts) >= 0);
if (strverscmp_improved(uts.release, KERNEL_BASELINE_VERSION) < 0) if (strverscmp_improved(uts.release, KERNEL_BASELINE_VERSION) < 0)
e = stpcpy(e, "old-kernel:"); stage[n++] = "old-kernel";
if (short_uid_range("/proc/self/uid_map") > 0) if (short_uid_range("/proc/self/uid_map") > 0)
e = stpcpy(e, "short-uid-range:"); stage[n++] = "short-uid-range";
if (short_uid_range("/proc/self/gid_map") > 0) if (short_uid_range("/proc/self/gid_map") > 0)
e = stpcpy(e, "short-gid-range:"); stage[n++] = "short-gid-range";
/* remove the last ':' */ assert(n < ELEMENTSOF(stage) - 1); /* One extra for NULL terminator */
if (e != buf)
e[-1] = 0;
return buf; return strv_join((char**) stage, ":");
} }
void manager_ref_console(Manager *m) { void manager_ref_console(Manager *m) {

View File

@ -551,7 +551,7 @@ int manager_ref_uid(Manager *m, uid_t uid, bool clean_ipc);
void manager_unref_gid(Manager *m, gid_t gid, bool destroy_now); void manager_unref_gid(Manager *m, gid_t gid, bool destroy_now);
int manager_ref_gid(Manager *m, gid_t gid, bool clean_ipc); int manager_ref_gid(Manager *m, gid_t gid, bool clean_ipc);
char *manager_taint_string(Manager *m); char* manager_taint_string(const Manager *m);
void manager_ref_console(Manager *m); void manager_ref_console(Manager *m);
void manager_unref_console(Manager *m); void manager_unref_console(Manager *m);