fs-util,tmpfiles: fix error handling of fchmod_opath()

When 4dfaa528d45 was first commited its callers relied on `errno` instead of the return value for error reporting. Which worked fine, since internally under all conditions base were set — even if ugly and not inline with our coding style. Things then got broken in f8606626ed3c2582e06543550d58fe9886cdca5f where suddenly additional syscalls might end up being done in the function, thus corrupting `errno`.
systemd-user: move pam snippet default location to /usr/lib/pam.d
2025-09-25 14:54:45 +02:00 · 2020-09-10 12:47:50 +02:00 · 2020-09-10 12:47:07 +02:00 · 2020-09-10 12:45:54 +02:00
5 changed files with 40 additions and 16 deletions
--- a/16
+++ b/16
@ -85,6 +85,22 @@ CHANGES WITH 247 in spe:
          this is not caused by systemd/udev changes, but result of a kernel
          behaviour change.

+        * Since PAM 1.2.0 (2015) configuration snippets may be placed in
+          /usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
+          latter it takes precedence over the former, similar to how most of
+          systemd's own configuration is handled. Given that PAM stack
+          definitions are primarily put together by OS vendors/distributions
+          (though possibly overriden by users), this systemd release moves its
+          own PAM stack configuration for the "systemd-user" PAM service (i.e.
+          for the PAM session invoked by the per-user user@.service instance)
+          from /etc/pam.d/ to /usr/lib/pam.d/. We recommend moving all
+          packages' vendor versions of their PAM stack definitions from
+          /etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
+          desired the location to which systemd installs its PAM stack
+          configuration file may be changed via the "pamconfdir" meson variable
+          at build time, optionally undoing ths change of default paths
+          introduced with systemd 247.
+
 CHANGES WITH 246:

        * The service manager gained basic support for cgroup v2 freezer. Units
--- a/meson.build
+++ b/meson.build
@ -201,7 +201,7 @@ endif

 pamconfdir = get_option('pamconfdir')
 if pamconfdir == ''
-        pamconfdir = join_paths(sysconfdir, 'pam.d')
+        pamconfdir = join_paths(prefixdir, 'lib/pam.d')
 endif

 memory_accounting_default = get_option('memory-accounting-default')
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@ -229,6 +229,7 @@ int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) {
 int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) {
        bool do_chown, do_chmod;
        struct stat st;
+        int r;

        /* Change ownership and access mode of the specified fd. Tries to do so safely, ensuring that at no
         * point in time the access mode is above the old access mode under the old ownership or the new
@ -259,18 +260,22 @@ int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) {
        if (do_chown && do_chmod) {
                mode_t minimal = st.st_mode & mode; /* the subset of the old and the new mask */

-                if (((minimal ^ st.st_mode) & 07777) != 0)
-                        if (fchmod_opath(fd, minimal & 07777) < 0)
-                                return -errno;
+                if (((minimal ^ st.st_mode) & 07777) != 0) {
+                        r = fchmod_opath(fd, minimal & 07777);
+                        if (r < 0)
+                                return r;
+                }
        }

        if (do_chown)
                if (fchownat(fd, "", uid, gid, AT_EMPTY_PATH) < 0)
                        return -errno;

-        if (do_chmod)
-                if (fchmod_opath(fd, mode & 07777) < 0)
-                        return -errno;
+        if (do_chmod) {
+                r = fchmod_opath(fd, mode & 07777);
+                if (r < 0)
+                        return r;
+        }

        return do_chown || do_chmod;
 }
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@ -1231,15 +1231,15 @@ static int verb_status(int argc, char *argv[], void *userdata) {
                printf("  Secure Boot: %sd\n", enable_disable(is_efi_secure_boot()));
                printf("   Setup Mode: %s\n", is_efi_secure_boot_setup_mode() ? "setup" : "user");

-                r = efi_get_reboot_to_firmware();
-                if (r > 0)
+                k = efi_get_reboot_to_firmware();
+                if (k > 0)
                        printf(" Boot into FW: %sactive%s\n", ansi_highlight_yellow(), ansi_normal());
-                else if (r == 0)
+                else if (k == 0)
                        printf(" Boot into FW: supported\n");
-                else if (r == -EOPNOTSUPP)
+                else if (k == -EOPNOTSUPP)
                        printf(" Boot into FW: not supported\n");
                else {
-                        errno = -r;
+                        errno = -k;
                        printf(" Boot into FW: %sfailed%s (%m)\n", ansi_highlight_red(), ansi_normal());
                }
                printf("\n");
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@ -836,6 +836,7 @@ static int fd_set_perms(Item *i, int fd, const char *path, const struct stat *st
        struct stat stbuf;
        mode_t new_mode;
        bool do_chown;
+        int r;

        assert(i);
        assert(fd);
@ -881,8 +882,9 @@ static int fd_set_perms(Item *i, int fd, const char *path, const struct stat *st
                                log_debug("\"%s\" matches temporary mode %o already.", path, m);
                        else {
                                log_debug("Temporarily changing \"%s\" to mode %o.", path, m);
-                                if (fchmod_opath(fd, m) < 0)
-                                        return log_error_errno(errno, "fchmod() of %s failed: %m", path);
+                                r = fchmod_opath(fd, m);
+                                if (r < 0)
+                                        return log_error_errno(r, "fchmod() of %s failed: %m", path);
                        }
                }
        }
@ -913,8 +915,9 @@ static int fd_set_perms(Item *i, int fd, const char *path, const struct stat *st
                                log_debug("\"%s\" matches mode %o already.", path, new_mode);
                        else {
                                log_debug("Changing \"%s\" to mode %o.", path, new_mode);
-                                if (fchmod_opath(fd, new_mode) < 0)
-                                        return log_error_errno(errno, "fchmod() of %s failed: %m", path);
+                                r = fchmod_opath(fd, new_mode);
+                                if (r < 0)
+                                        return log_error_errno(r, "fchmod() of %s failed: %m", path);
                        }
                }
        }