summaryrefslogtreecommitdiffstats
path: root/src/shared
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/shared/base-filesystem.c2
-rw-r--r--src/shared/bus-unit-util.c6
-rw-r--r--src/shared/conf-parser.c2
-rw-r--r--src/shared/efi-loader.c11
-rwxr-xr-xsrc/shared/generate-syscall-list.py9
-rw-r--r--src/shared/keyring-util.c21
-rw-r--r--src/shared/loop-util.c2
-rw-r--r--src/shared/machine-id-setup.c2
-rw-r--r--src/shared/seccomp-util.c25
-rw-r--r--src/shared/utmp-wtmp.c1
10 files changed, 50 insertions, 31 deletions
diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
index 5b4f674..47a766e 100644
--- a/src/shared/base-filesystem.c
+++ b/src/shared/base-filesystem.c
@@ -63,7 +63,7 @@ static const BaseFilesystem table[] = {
"usr/lib64\0", "ld-linux-x86-64.so.2" },
# define KNOW_LIB64_DIRS 1
#elif defined(__ia64__)
-#elif defined(__loongarch64)
+#elif defined(__loongarch_lp64)
# define KNOW_LIB64_DIRS 1
# if defined(__loongarch_double_float)
{ "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0"
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 7666012..ff0e175 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -1282,12 +1282,12 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
if (r < 0)
return log_error_errno(r, "Failed to parse resource limit: %s", eq);
- r = sd_bus_message_append(m, "(sv)", field, "t", l.rlim_max);
+ r = sd_bus_message_append(m, "(sv)", field, "t", (uint64_t) l.rlim_max);
if (r < 0)
return bus_log_create_error(r);
sn = strjoina(field, "Soft");
- r = sd_bus_message_append(m, "(sv)", sn, "t", l.rlim_cur);
+ r = sd_bus_message_append(m, "(sv)", sn, "t", (uint64_t) l.rlim_cur);
if (r < 0)
return bus_log_create_error(r);
@@ -2030,7 +2030,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
return bus_log_create_error(r);
STRV_FOREACH_PAIR(source, destination, symlinks) {
- r = sd_bus_message_append(m, "(sst)", *source, *destination, 0);
+ r = sd_bus_message_append(m, "(sst)", *source, *destination, UINT64_C(0));
if (r < 0)
return bus_log_create_error(r);
}
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 5cb41a3..327dc38 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -463,7 +463,7 @@ int hashmap_put_stats_by_path(Hashmap **stats_by_path, const char *path, const s
return -ENOMEM;
path_copy = strdup(path);
- if (!path)
+ if (!path_copy)
return -ENOMEM;
r = hashmap_put(*stats_by_path, path_copy, st_copy);
diff --git a/src/shared/efi-loader.c b/src/shared/efi-loader.c
index 1340412..b9fe26b 100644
--- a/src/shared/efi-loader.c
+++ b/src/shared/efi-loader.c
@@ -99,7 +99,8 @@ int efi_loader_get_entries(char ***ret) {
if (r < 0)
return r;
- /* The variable contains a series of individually NUL terminated UTF-16 strings. */
+ /* The variable contains a series of individually NUL terminated UTF-16 strings. We gracefully
+ * consider the final NUL byte optional (i.e. the last string may or may not end in a NUL byte).*/
for (size_t i = 0, start = 0;; i++) {
_cleanup_free_ char *decoded = NULL;
@@ -113,6 +114,11 @@ int efi_loader_get_entries(char ***ret) {
if (!end && entries[i] != 0)
continue;
+ /* Empty string at the end of variable? That's the trailer, we are done (i.e. we have a final
+ * NUL terminator). */
+ if (end && start == i)
+ break;
+
/* We reached the end of a string, let's decode it into UTF-8 */
decoded = utf16_to_utf8(entries + start, (i - start) * sizeof(char16_t));
if (!decoded)
@@ -125,7 +131,8 @@ int efi_loader_get_entries(char ***ret) {
} else
log_debug("Ignoring invalid loader entry '%s'.", decoded);
- /* We reached the end of the variable */
+ /* Exit the loop if we reached the end of the variable (i.e. we do not have a final NUL
+ * terminator) */
if (end)
break;
diff --git a/src/shared/generate-syscall-list.py b/src/shared/generate-syscall-list.py
index 3ee19ff..c0975a0 100755
--- a/src/shared/generate-syscall-list.py
+++ b/src/shared/generate-syscall-list.py
@@ -2,15 +2,6 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
import sys
-import os
-
-s390 = 's390' in os.uname().machine
-arm = 'arm' in os.uname().machine
for line in open(sys.argv[1]):
- if line.startswith('s390_') and not s390:
- continue
- if line.startswith('arm_') and not arm:
- continue
-
print('"{}\\0"'.format(line.strip()))
diff --git a/src/shared/keyring-util.c b/src/shared/keyring-util.c
index 655cf52..fadd90e 100644
--- a/src/shared/keyring-util.c
+++ b/src/shared/keyring-util.c
@@ -5,34 +5,31 @@
#include "missing_syscall.h"
int keyring_read(key_serial_t serial, void **ret, size_t *ret_size) {
- size_t m = 100;
+ size_t bufsize = 100;
for (;;) {
- _cleanup_(erase_and_freep) uint8_t *p = NULL;
+ _cleanup_(erase_and_freep) uint8_t *buf = NULL;
long n;
- p = new(uint8_t, m+1);
- if (!p)
+ buf = new(uint8_t, bufsize + 1);
+ if (!buf)
return -ENOMEM;
- n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0);
+ n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) buf, (unsigned long) bufsize, 0);
if (n < 0)
return -errno;
- if ((size_t) n <= m) {
- p[n] = 0; /* NUL terminate, just in case */
+ if ((size_t) n <= bufsize) {
+ buf[n] = 0; /* NUL terminate, just in case */
if (ret)
- *ret = TAKE_PTR(p);
+ *ret = TAKE_PTR(buf);
if (ret_size)
*ret_size = n;
return 0;
}
- if (m > (SIZE_MAX-1) / 2) /* overflow check */
- return -ENOMEM;
-
- m *= 2;
+ bufsize = (size_t) n;
}
}
diff --git a/src/shared/loop-util.c b/src/shared/loop-util.c
index 3396cf5..ef35e31 100644
--- a/src/shared/loop-util.c
+++ b/src/shared/loop-util.c
@@ -637,7 +637,7 @@ int loop_device_make_by_path(
else
direct = direct_flags != 0;
if (fd < 0) {
- r = -errno;
+ r = fd;
/* Retry read-only? */
if (open_flags >= 0 || !(ERRNO_IS_PRIVILEGE(r) || r == -EROFS))
diff --git a/src/shared/machine-id-setup.c b/src/shared/machine-id-setup.c
index 787c076..9ce5993 100644
--- a/src/shared/machine-id-setup.c
+++ b/src/shared/machine-id-setup.c
@@ -60,7 +60,7 @@ static int generate_machine_id(const char *root, sd_id128_t *ret) {
return 0;
}
- } else if (IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_AMAZON, VIRTUALIZATION_QEMU)) {
+ } else if (IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_AMAZON, VIRTUALIZATION_QEMU, VIRTUALIZATION_XEN)) {
/* If we are not running in a container, see if we are running in a VM that provides
* a system UUID via the SMBIOS/DMI interfaces. Such environments include QEMU/KVM
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 77cacb3..1c6bdc5 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -468,6 +468,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"fchdir\0"
"fchmod\0"
"fchmodat\0"
+ "fchmodat2\0"
"fcntl\0"
"fcntl64\0"
"fgetxattr\0"
@@ -2031,7 +2032,7 @@ int seccomp_protect_hostname(void) {
static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
/* Checks the mode_t parameter of the following system calls:
*
- * → chmod() + fchmod() + fchmodat()
+ * → chmod() + fchmod() + fchmodat() + fchmodat2()
* → open() + creat() + openat()
* → mkdir() + mkdirat()
* → mknod() + mknodat()
@@ -2074,6 +2075,28 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
else
any = true;
+#if defined(__SNR_fchmodat2)
+ r = seccomp_rule_add_exact(
+ seccomp,
+ SCMP_ACT_ERRNO(EPERM),
+ SCMP_SYS(fchmodat2),
+ 1,
+ SCMP_A2(SCMP_CMP_MASKED_EQ, m, m));
+#else
+ /* It looks like this libseccomp does not know about fchmodat2().
+ * Pretend the fchmodat2() system call is not supported at all,
+ * regardless of the kernel version. */
+ r = seccomp_rule_add_exact(
+ seccomp,
+ SCMP_ACT_ERRNO(ENOSYS),
+ __NR_fchmodat2,
+ 0);
+#endif
+ if (r < 0)
+ log_debug_errno(r, "Failed to add filter for fchmodat2: %m");
+ else
+ any = true;
+
r = seccomp_rule_add_exact(
seccomp,
SCMP_ACT_ERRNO(EPERM),
diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c
index cfeabbd..3193075 100644
--- a/src/shared/utmp-wtmp.c
+++ b/src/shared/utmp-wtmp.c
@@ -183,6 +183,7 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line
int r;
assert(id);
+ assert(ut_type != USER_PROCESS || user);
init_timestamp(&store, 0);