fs-util,tmpfiles: fix error handling of fchmod_opath()

When 4dfaa528d45 was first commited its callers relied on `errno` instead of the return value for error reporting. Which worked fine, since internally under all conditions base were set — even if ugly and not inline with our coding style. Things then got broken in f8606626ed3c2582e06543550d58fe9886cdca5f where suddenly additional syscalls might end up being done in the function, thus corrupting `errno`.
systemd-user: move pam snippet default location to /usr/lib/pam.d
2025-09-25 14:54:45 +02:00 · 2020-09-10 12:47:50 +02:00 · 2020-09-10 12:47:07 +02:00 · 2020-09-10 12:45:54 +02:00
5 changed files with 40 additions and 16 deletions
--- a/16
+++ b/16
@ -85,6 +85,22 @@ CHANGES WITH 247 in spe:
          this is not caused by systemd/udev changes, but result of a kernel
          behaviour change.
        * Since PAM 1.2.0 (2015) configuration snippets may be placed in
          /usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
          latter it takes precedence over the former, similar to how most of
          systemd's own configuration is handled. Given that PAM stack
          definitions are primarily put together by OS vendors/distributions
          (though possibly overriden by users), this systemd release moves its
          own PAM stack configuration for the "systemd-user" PAM service (i.e.
          for the PAM session invoked by the per-user user@.service instance)
          from /etc/pam.d/ to /usr/lib/pam.d/. We recommend moving all
          packages' vendor versions of their PAM stack definitions from
          /etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
          desired the location to which systemd installs its PAM stack
          configuration file may be changed via the "pamconfdir" meson variable
          at build time, optionally undoing ths change of default paths
          introduced with systemd 247.
 CHANGES WITH 246:
        * The service manager gained basic support for cgroup v2 freezer. Units
--- a/meson.build
+++ b/meson.build
@ -201,7 +201,7 @@ endif
 pamconfdir = get_option('pamconfdir')
 if pamconfdir == ''
-        pamconfdir = join_paths(sysconfdir, 'pam.d')
+        pamconfdir = join_paths(prefixdir, 'lib/pam.d')
 endif
 memory_accounting_default = get_option('memory-accounting-default')
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@ -229,6 +229,7 @@ int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) {
 int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) {
        bool do_chown, do_chmod;
        struct stat st;
        int r;
        /* Change ownership and access mode of the specified fd. Tries to do so safely, ensuring that at no
         * point in time the access mode is above the old access mode under the old ownership or the new
@ -259,18 +260,22 @@ int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) {
        if (do_chown && do_chmod) {
                mode_t minimal = st.st_mode & mode; /* the subset of the old and the new mask */
-                if (((minimal ^ st.st_mode) & 07777) != 0)
+                if (((minimal ^ st.st_mode) & 07777) != 0) {
-                        if (fchmod_opath(fd, minimal & 07777) < 0)
+                        r = fchmod_opath(fd, minimal & 07777);
-                                return -errno;
+                        if (r < 0)
                                return r;
                }
        }
        if (do_chown)
                if (fchownat(fd, "", uid, gid, AT_EMPTY_PATH) < 0)
                        return -errno;
-        if (do_chmod)
+        if (do_chmod) {
-                if (fchmod_opath(fd, mode & 07777) < 0)
+                r = fchmod_opath(fd, mode & 07777);
-                        return -errno;
+                if (r < 0)
                        return r;
        }
        return do_chown || do_chmod;
 }
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@ -1231,15 +1231,15 @@ static int verb_status(int argc, char *argv[], void *userdata) {
                printf("  Secure Boot: %sd\n", enable_disable(is_efi_secure_boot()));
                printf("   Setup Mode: %s\n", is_efi_secure_boot_setup_mode() ? "setup" : "user");
-                r = efi_get_reboot_to_firmware();
+                k = efi_get_reboot_to_firmware();
-                if (r > 0)
+                if (k > 0)
                        printf(" Boot into FW: %sactive%s\n", ansi_highlight_yellow(), ansi_normal());
-                else if (r == 0)
+                else if (k == 0)
                        printf(" Boot into FW: supported\n");
-                else if (r == -EOPNOTSUPP)
+                else if (k == -EOPNOTSUPP)
                        printf(" Boot into FW: not supported\n");
                else {
-                        errno = -r;
+                        errno = -k;
                        printf(" Boot into FW: %sfailed%s (%m)\n", ansi_highlight_red(), ansi_normal());
                }
                printf("\n");
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@ -836,6 +836,7 @@ static int fd_set_perms(Item *i, int fd, const char *path, const struct stat *st
        struct stat stbuf;
        mode_t new_mode;
        bool do_chown;
        int r;
        assert(i);
        assert(fd);
@ -881,8 +882,9 @@ static int fd_set_perms(Item *i, int fd, const char *path, const struct stat *st
                                log_debug("\"%s\" matches temporary mode %o already.", path, m);
                        else {
                                log_debug("Temporarily changing \"%s\" to mode %o.", path, m);
-                                if (fchmod_opath(fd, m) < 0)
+                                r = fchmod_opath(fd, m);
-                                        return log_error_errno(errno, "fchmod() of %s failed: %m", path);
+                                if (r < 0)
                                        return log_error_errno(r, "fchmod() of %s failed: %m", path);
                        }
                }
        }
@ -913,8 +915,9 @@ static int fd_set_perms(Item *i, int fd, const char *path, const struct stat *st
                                log_debug("\"%s\" matches mode %o already.", path, new_mode);
                        else {
                                log_debug("Changing \"%s\" to mode %o.", path, new_mode);
-                                if (fchmod_opath(fd, new_mode) < 0)
+                                r = fchmod_opath(fd, new_mode);
-                                        return log_error_errno(errno, "fchmod() of %s failed: %m", path);
+                                if (r < 0)
                                        return log_error_errno(r, "fchmod() of %s failed: %m", path);
                        }
                }
        }