Merge pull request #9297 from yuwata/rfe-9296

timesync: ignore any errors related to timestamp file

src/basic/fs-util.c

@@ -230,6 +230,22 @@ int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) {
         return 0;
 }
 
+int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) {
+        /* Under the assumption that we are running privileged we
+         * first change the access mode and only then hand out
+         * ownership to avoid a window where access is too open. */
+
+        if (mode != MODE_INVALID)
+                if (fchmod(fd, mode) < 0)
+                        return -errno;
+
+        if (uid != UID_INVALID || gid != GID_INVALID)
+                if (fchown(fd, uid, gid) < 0)
+                        return -errno;
+
+        return 0;
+}
+
 int fchmod_umask(int fd, mode_t m) {
         mode_t u;
         int r;

src/basic/fs-util.h

@@ -31,6 +31,7 @@ int readlink_value(const char *p, char **ret);
 int readlink_and_make_absolute(const char *p, char **r);
 
 int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid);
+int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid);
 
 int fchmod_umask(int fd, mode_t mode);
 int fchmod_opath(int fd, mode_t m);

src/sysusers/sysusers.c

@@ -212,11 +212,9 @@ static int make_backup(const char *target, const char *x) {
         backup = strjoina(x, "-");
 
         /* Copy over the access mask */
-        if (fchmod(fileno(dst), st.st_mode & 07777) < 0)
+        r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid);
-                log_warning_errno(errno, "Failed to change mode on %s: %m", backup);
+        if (r < 0)
-
+                log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup);
-        if (fchown(fileno(dst), st.st_uid, st.st_gid)< 0)
-                log_warning_errno(errno, "Failed to change ownership of %s: %m", backup);
 
         ts[0] = st.st_atim;
         ts[1] = st.st_mtim;
@@ -335,13 +333,7 @@ static int sync_rights(FILE *from, FILE *to) {
         if (fstat(fileno(from), &st) < 0)
                 return -errno;
 
-        if (fchmod(fileno(to), st.st_mode & 07777) < 0)
+        return fchmod_and_chown(fileno(to), st.st_mode & 07777, st.st_uid, st.st_gid);
-                return -errno;
-
-        if (fchown(fileno(to), st.st_uid, st.st_gid) < 0)
-                return -errno;
-
-        return 0;
 }
 
 static int rename_and_apply_smack(const char *temp_path, const char *dest_path) {

src/timesync/timesyncd.c

@@ -21,6 +21,9 @@
 #include "timesyncd-manager.h"
 #include "user-util.h"
 
+#define STATE_DIR   "/var/lib/systemd/timesync"
+#define CLOCK_FILE  STATE_DIR "/clock"
+
 static int load_clock_timestamp(uid_t uid, gid_t gid) {
         _cleanup_close_ int fd = -1;
         usec_t min = TIME_EPOCH * USEC_PER_SEC;
@@ -34,7 +37,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
          * systems lacking a battery backed RTC. We also will adjust
          * the time to at least the build time of systemd. */
 
-        fd = open("/var/lib/systemd/timesync/clock", O_RDWR|O_CLOEXEC, 0644);
+        fd = open(CLOCK_FILE, O_RDWR|O_CLOEXEC, 0644);
         if (fd >= 0) {
                 struct stat st;
                 usec_t stamp;
@@ -50,24 +53,26 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
                 if (geteuid() == 0) {
                         /* Try to fix the access mode, so that we can still
                            touch the file after dropping priviliges */
-                        r = fchmod(fd, 0644);
+                        r = fchmod_and_chown(fd, 0644, uid, gid);
                         if (r < 0)
-                                return log_error_errno(errno, "Failed to change file access mode: %m");
+                                log_warning_errno(r, "Failed to chmod or chown %s, ignoring: %m", CLOCK_FILE);
-                        r = fchown(fd, uid, gid);
-                        if (r < 0)
-                                return log_error_errno(errno, "Failed to change file owner: %m");
                 }
 
         } else {
-                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid,
+                r = mkdir_safe_label(STATE_DIR, 0755, uid, gid,
                                      MKDIR_FOLLOW_SYMLINK | MKDIR_WARN_MODE);
-                if (r < 0)
+                if (r < 0) {
-                        return log_error_errno(r, "Failed to create state directory: %m");
+                        log_debug_errno(r, "Failed to create state directory, ignoring: %m");
+                        goto settime;
+                }
 
                 /* create stamp file with the compiled-in date */
-                (void) touch_file("/var/lib/systemd/timesync/clock", false, min, uid, gid, 0644);
+                r = touch_file(CLOCK_FILE, false, min, uid, gid, 0644);
+                if (r < 0)
+                        log_debug_errno(r, "Failed to create %s, ignoring: %m", CLOCK_FILE);
         }
 
+settime:
         ct = now(CLOCK_REALTIME);
         if (ct < min) {
                 struct timespec ts;
@@ -77,7 +82,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
                          format_timestamp(date, sizeof(date), min));
 
                 if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, min)) < 0)
-                        log_error_errno(errno, "Failed to restore system clock: %m");
+                        log_error_errno(errno, "Failed to restore system clock, ignoring: %m");
         }
 
         return 0;
@@ -174,8 +179,11 @@ int main(int argc, char *argv[]) {
         }
 
         /* if we got an authoritative time, store it in the file system */
-        if (m->sync)
+        if (m->sync) {
-                (void) touch("/var/lib/systemd/timesync/clock");
+                r = touch(CLOCK_FILE);
+                if (r < 0)
+                        log_debug_errno(r, "Failed to touch %s, ignoring: %m", CLOCK_FILE);
+        }
 
         sd_event_get_exit_code(m->event, &r);