1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00

Merge pull request #7572 from poettering/taint-manager

"taint" logic improvements and other minor fixes
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-12-07 21:06:28 +01:00 committed by GitHub
commit ba60adc623
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 75 additions and 33 deletions

13
TODO
View File

@ -33,8 +33,7 @@ Features:
systemd-journald writes to /var/log/journal, which could be useful when we
doing disk usage calculations and so on.
* taint systemd if the overflowuid/overflowgid is not 65534, and if there are
fewer than 65536 users assigned to the system.
* taint systemd if there are fewer than 65536 users assigned to the system.
* deprecate PermissionsStartOnly= and RootDirectoryStartOnly= in favour of the ExecStart= prefix chars
@ -49,8 +48,6 @@ Features:
* support projid-based quota in machinectl for containers, and then drop
implicit btrfs loopback magic in machined
* let's log the "tainted" string at boot
* Add NetworkNamespacePath= to specify a path to a network namespace
* maybe use SOURCE_DATE_EPOCH (i.e. the env var the reproducible builds folks
@ -117,9 +114,6 @@ Features:
* expose IO accounting data on the bus, show it in systemd-run --wait and log
about it in the resource log message
* rework unbase64 code to drop whitespace automatically, so that we don't have
to drop it first.
* add "systemctl purge" for flushing out configuration, state, logs, ... of a
unit when it is stopped
@ -196,8 +190,6 @@ Features:
partition, that is mounted to / and is writable, and where the actual root's
/usr is mounted into.
* .mount and .swap units: add Format=yes|no option that formats the partition before mounting/enabling it, implicitly
* gpt-auto logic: support encrypted swap, add kernel cmdline option to force it, and honour a gpt bit about it, plus maybe a configuration file
* drop nss-myhostname in favour of nss-resolve?
@ -413,8 +405,6 @@ Features:
* figure out a nice way how we can let the admin know what child/sibling unit causes cgroup membership for a specific unit
* mount_cgroup_controllers(): symlinks need to get the label applied
* For timer units: add some mechanisms so that timer units that trigger immediately on boot do not have the services
they run added to the initial transaction and thus confuse Type=idle.
@ -728,7 +718,6 @@ Features:
https://github.com/systemd/systemd/pull/272#issuecomment-113153176
- should optionally support receiving WATCHDOG=1 messages from its payload
PID 1...
- should send out sd_notify("WATCHDOG=1") messages
- optionally automatically add FORWARD rules to iptables whenever nspawn is
running, remove them when shut down.
- maybe make copying of /etc/resolv.conf optional, and skip it if --read-only

View File

@ -27,7 +27,6 @@
#include "architecture.h"
#include "build.h"
#include "bus-common-errors.h"
#include "clock-util.h"
#include "dbus-execute.h"
#include "dbus-job.h"
#include "dbus-manager.h"
@ -140,33 +139,18 @@ static int property_get_tainted(
void *userdata,
sd_bus_error *error) {
char buf[sizeof("split-usr:cgroups-missing:local-hwclock:var-run-bad:")] = "", *e = buf;
_cleanup_free_ char *destination = NULL;
_cleanup_free_ char *s = NULL;
Manager *m = userdata;
int r;
assert(bus);
assert(reply);
assert(m);
if (m->taint_usr)
e = stpcpy(e, "split-usr:");
s = manager_taint_string(m);
if (!s)
return log_oom();
if (access("/proc/cgroups", F_OK) < 0)
e = stpcpy(e, "cgroups-missing:");
if (clock_is_localtime(NULL) > 0)
e = stpcpy(e, "local-hwclock:");
r = readlink_malloc("/var/run", &destination);
if (r < 0 || !PATH_IN_SET(destination, "../run", "/run"))
e = stpcpy(e, "var-run-bad:");
/* remove the last ':' */
if (e != buf)
e[-1] = 0;
return sd_bus_message_append(reply, "s", buf);
return sd_bus_message_append(reply, "s", s);
}
static int property_get_log_target(

View File

@ -2375,6 +2375,7 @@ int main(int argc, char *argv[]) {
r = manager_startup(m, arg_serialization, fds);
if (r < 0) {
log_error_errno(r, "Failed to fully start up daemon: %m");
error_message = "Failed to start up manager";
goto finish;
}
@ -2394,6 +2395,14 @@ int main(int argc, char *argv[]) {
"Loaded units and determined initial transaction in %s.",
format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
if (arg_system) {
_cleanup_free_ char *taint;
taint = manager_taint_string(m);
if (!isempty(taint))
log_notice("System is tainted: %s", taint);
}
if (arg_action == ACTION_TEST) {
printf("-> By units:\n");
manager_dump_units(m, stdout, "\t");

View File

@ -48,6 +48,7 @@
#include "bus-kernel.h"
#include "bus-util.h"
#include "clean-ipc.h"
#include "clock-util.h"
#include "dbus-job.h"
#include "dbus-manager.h"
#include "dbus-unit.h"
@ -3866,6 +3867,60 @@ int manager_dispatch_user_lookup_fd(sd_event_source *source, int fd, uint32_t re
return 0;
}
char *manager_taint_string(Manager *m) {
_cleanup_free_ char *destination = NULL, *overflowuid = NULL, *overflowgid = NULL;
char *buf, *e;
int r;
assert(m);
buf = new(char, sizeof("split-usr:"
"cgroups-missing:"
"local-hwclock:"
"var-run-bad:"
"weird-nobody-user:"
"weird-nobody-group:"
"overflowuid-not-65534:"
"overflowgid-not-65534:"));
if (!buf)
return NULL;
e = buf;
if (m->taint_usr)
e = stpcpy(e, "split-usr:");
if (access("/proc/cgroups", F_OK) < 0)
e = stpcpy(e, "cgroups-missing:");
if (clock_is_localtime(NULL) > 0)
e = stpcpy(e, "local-hwclock:");
r = readlink_malloc("/var/run", &destination);
if (r < 0 || !PATH_IN_SET(destination, "../run", "/run"))
e = stpcpy(e, "var-run-bad:");
if (!streq(NOBODY_USER_NAME, "nobody"))
e = stpcpy(e, "weird-nobody-user:");
if (!streq(NOBODY_GROUP_NAME, "nobody"))
e = stpcpy(e, "weird-nobody-group:");
r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid);
if (r >= 0 && !streq(overflowuid, "65534"))
e = stpcpy(e, "overflowuid-not-65534:");
r = read_one_line_file("/proc/sys/kernel/overflowgid", &overflowgid);
if (r >= 0 && !streq(overflowgid, "65534"))
e = stpcpy(e, "overflowgid-not-65534:");
/* remove the last ':' */
if (e != buf)
e[-1] = 0;
return buf;
}
static const char *const manager_state_table[_MANAGER_STATE_MAX] = {
[MANAGER_INITIALIZING] = "initializing",
[MANAGER_STARTING] = "starting",

View File

@ -435,6 +435,8 @@ void manager_deserialize_uid_refs_one(Manager *m, const char *value);
void manager_serialize_gid_refs(Manager *m, FILE *f);
void manager_deserialize_gid_refs_one(Manager *m, const char *value);
char *manager_taint_string(Manager *m);
const char *manager_state_to_string(ManagerState m) _const_;
ManagerState manager_state_from_string(const char *s) _pure_;

View File

@ -3642,6 +3642,8 @@ static int run(int master,
if (r < 0)
return log_error_errno(r, "Failed to get default event source: %m");
(void) sd_event_set_watchdog(event, true);
if (bus) {
r = sd_bus_attach_event(bus, event, 0);
if (r < 0)

View File

@ -21,6 +21,7 @@ KillMode=mixed
Type=notify
RestartForceExitStatus=133
SuccessExitStatus=133
WatchdogSec=3min
Slice=machine.slice
Delegate=yes
TasksMax=16384