diff options
Diffstat (limited to '')
-rw-r--r-- | src/shared/base-filesystem.c | 2 | ||||
-rw-r--r-- | src/shared/bus-unit-util.c | 6 | ||||
-rw-r--r-- | src/shared/conf-parser.c | 2 | ||||
-rw-r--r-- | src/shared/efi-loader.c | 11 | ||||
-rwxr-xr-x | src/shared/generate-syscall-list.py | 9 | ||||
-rw-r--r-- | src/shared/keyring-util.c | 21 | ||||
-rw-r--r-- | src/shared/loop-util.c | 2 | ||||
-rw-r--r-- | src/shared/machine-id-setup.c | 2 | ||||
-rw-r--r-- | src/shared/seccomp-util.c | 25 | ||||
-rw-r--r-- | src/shared/utmp-wtmp.c | 1 |
10 files changed, 50 insertions, 31 deletions
diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c index 5b4f674..47a766e 100644 --- a/src/shared/base-filesystem.c +++ b/src/shared/base-filesystem.c @@ -63,7 +63,7 @@ static const BaseFilesystem table[] = { "usr/lib64\0", "ld-linux-x86-64.so.2" }, # define KNOW_LIB64_DIRS 1 #elif defined(__ia64__) -#elif defined(__loongarch64) +#elif defined(__loongarch_lp64) # define KNOW_LIB64_DIRS 1 # if defined(__loongarch_double_float) { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index 7666012..ff0e175 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -1282,12 +1282,12 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con if (r < 0) return log_error_errno(r, "Failed to parse resource limit: %s", eq); - r = sd_bus_message_append(m, "(sv)", field, "t", l.rlim_max); + r = sd_bus_message_append(m, "(sv)", field, "t", (uint64_t) l.rlim_max); if (r < 0) return bus_log_create_error(r); sn = strjoina(field, "Soft"); - r = sd_bus_message_append(m, "(sv)", sn, "t", l.rlim_cur); + r = sd_bus_message_append(m, "(sv)", sn, "t", (uint64_t) l.rlim_cur); if (r < 0) return bus_log_create_error(r); @@ -2030,7 +2030,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con return bus_log_create_error(r); STRV_FOREACH_PAIR(source, destination, symlinks) { - r = sd_bus_message_append(m, "(sst)", *source, *destination, 0); + r = sd_bus_message_append(m, "(sst)", *source, *destination, UINT64_C(0)); if (r < 0) return bus_log_create_error(r); } diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c index 5cb41a3..327dc38 100644 --- a/src/shared/conf-parser.c +++ b/src/shared/conf-parser.c @@ -463,7 +463,7 @@ int hashmap_put_stats_by_path(Hashmap **stats_by_path, const char *path, const s return -ENOMEM; path_copy = strdup(path); - if (!path) + if (!path_copy) return -ENOMEM; r = hashmap_put(*stats_by_path, path_copy, st_copy); diff --git a/src/shared/efi-loader.c b/src/shared/efi-loader.c index 1340412..b9fe26b 100644 --- a/src/shared/efi-loader.c +++ b/src/shared/efi-loader.c @@ -99,7 +99,8 @@ int efi_loader_get_entries(char ***ret) { if (r < 0) return r; - /* The variable contains a series of individually NUL terminated UTF-16 strings. */ + /* The variable contains a series of individually NUL terminated UTF-16 strings. We gracefully + * consider the final NUL byte optional (i.e. the last string may or may not end in a NUL byte).*/ for (size_t i = 0, start = 0;; i++) { _cleanup_free_ char *decoded = NULL; @@ -113,6 +114,11 @@ int efi_loader_get_entries(char ***ret) { if (!end && entries[i] != 0) continue; + /* Empty string at the end of variable? That's the trailer, we are done (i.e. we have a final + * NUL terminator). */ + if (end && start == i) + break; + /* We reached the end of a string, let's decode it into UTF-8 */ decoded = utf16_to_utf8(entries + start, (i - start) * sizeof(char16_t)); if (!decoded) @@ -125,7 +131,8 @@ int efi_loader_get_entries(char ***ret) { } else log_debug("Ignoring invalid loader entry '%s'.", decoded); - /* We reached the end of the variable */ + /* Exit the loop if we reached the end of the variable (i.e. we do not have a final NUL + * terminator) */ if (end) break; diff --git a/src/shared/generate-syscall-list.py b/src/shared/generate-syscall-list.py index 3ee19ff..c0975a0 100755 --- a/src/shared/generate-syscall-list.py +++ b/src/shared/generate-syscall-list.py @@ -2,15 +2,6 @@ # SPDX-License-Identifier: LGPL-2.1-or-later import sys -import os - -s390 = 's390' in os.uname().machine -arm = 'arm' in os.uname().machine for line in open(sys.argv[1]): - if line.startswith('s390_') and not s390: - continue - if line.startswith('arm_') and not arm: - continue - print('"{}\\0"'.format(line.strip())) diff --git a/src/shared/keyring-util.c b/src/shared/keyring-util.c index 655cf52..fadd90e 100644 --- a/src/shared/keyring-util.c +++ b/src/shared/keyring-util.c @@ -5,34 +5,31 @@ #include "missing_syscall.h" int keyring_read(key_serial_t serial, void **ret, size_t *ret_size) { - size_t m = 100; + size_t bufsize = 100; for (;;) { - _cleanup_(erase_and_freep) uint8_t *p = NULL; + _cleanup_(erase_and_freep) uint8_t *buf = NULL; long n; - p = new(uint8_t, m+1); - if (!p) + buf = new(uint8_t, bufsize + 1); + if (!buf) return -ENOMEM; - n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0); + n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) buf, (unsigned long) bufsize, 0); if (n < 0) return -errno; - if ((size_t) n <= m) { - p[n] = 0; /* NUL terminate, just in case */ + if ((size_t) n <= bufsize) { + buf[n] = 0; /* NUL terminate, just in case */ if (ret) - *ret = TAKE_PTR(p); + *ret = TAKE_PTR(buf); if (ret_size) *ret_size = n; return 0; } - if (m > (SIZE_MAX-1) / 2) /* overflow check */ - return -ENOMEM; - - m *= 2; + bufsize = (size_t) n; } } diff --git a/src/shared/loop-util.c b/src/shared/loop-util.c index 3396cf5..ef35e31 100644 --- a/src/shared/loop-util.c +++ b/src/shared/loop-util.c @@ -637,7 +637,7 @@ int loop_device_make_by_path( else direct = direct_flags != 0; if (fd < 0) { - r = -errno; + r = fd; /* Retry read-only? */ if (open_flags >= 0 || !(ERRNO_IS_PRIVILEGE(r) || r == -EROFS)) diff --git a/src/shared/machine-id-setup.c b/src/shared/machine-id-setup.c index 787c076..9ce5993 100644 --- a/src/shared/machine-id-setup.c +++ b/src/shared/machine-id-setup.c @@ -60,7 +60,7 @@ static int generate_machine_id(const char *root, sd_id128_t *ret) { return 0; } - } else if (IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_AMAZON, VIRTUALIZATION_QEMU)) { + } else if (IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_AMAZON, VIRTUALIZATION_QEMU, VIRTUALIZATION_XEN)) { /* If we are not running in a container, see if we are running in a VM that provides * a system UUID via the SMBIOS/DMI interfaces. Such environments include QEMU/KVM diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 77cacb3..1c6bdc5 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -468,6 +468,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "fchdir\0" "fchmod\0" "fchmodat\0" + "fchmodat2\0" "fcntl\0" "fcntl64\0" "fgetxattr\0" @@ -2031,7 +2032,7 @@ int seccomp_protect_hostname(void) { static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) { /* Checks the mode_t parameter of the following system calls: * - * → chmod() + fchmod() + fchmodat() + * → chmod() + fchmod() + fchmodat() + fchmodat2() * → open() + creat() + openat() * → mkdir() + mkdirat() * → mknod() + mknodat() @@ -2074,6 +2075,28 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) { else any = true; +#if defined(__SNR_fchmodat2) + r = seccomp_rule_add_exact( + seccomp, + SCMP_ACT_ERRNO(EPERM), + SCMP_SYS(fchmodat2), + 1, + SCMP_A2(SCMP_CMP_MASKED_EQ, m, m)); +#else + /* It looks like this libseccomp does not know about fchmodat2(). + * Pretend the fchmodat2() system call is not supported at all, + * regardless of the kernel version. */ + r = seccomp_rule_add_exact( + seccomp, + SCMP_ACT_ERRNO(ENOSYS), + __NR_fchmodat2, + 0); +#endif + if (r < 0) + log_debug_errno(r, "Failed to add filter for fchmodat2: %m"); + else + any = true; + r = seccomp_rule_add_exact( seccomp, SCMP_ACT_ERRNO(EPERM), diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c index cfeabbd..3193075 100644 --- a/src/shared/utmp-wtmp.c +++ b/src/shared/utmp-wtmp.c @@ -183,6 +183,7 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line int r; assert(id); + assert(ut_type != USER_PROCESS || user); init_timestamp(&store, 0); |