Merge pull request #15063 from topimiettinen/execute-dont-create-tmp-dirs-if-inaccessible

Execute: don't create temp dirs if inaccessible
udev: add debug logs for delaying and delegation of events
2020-03-11 09:06:10 +01:00 · 2020-03-11 08:44:32 +01:00 · 2020-03-11 09:20:36 +09:00 · 2020-03-10 16:51:29 +02:00 · 2020-03-10 16:48:34 +02:00
6 changed files with 37 additions and 6 deletions
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@ -1125,3 +1125,19 @@ bool path_strv_contains(char **l, const char *path) {

        return false;
 }
+
+bool prefixed_path_strv_contains(char **l, const char *path) {
+        char **i, *j;
+
+        STRV_FOREACH(i, l) {
+                j = *i;
+                if (*j == '-')
+                        j++;
+                if (*j == '+')
+                        j++;
+                if (path_equal(j, path))
+                        return true;
+        }
+
+        return false;
+}
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@ -173,3 +173,4 @@ static inline const char *empty_to_root(const char *path) {
 }

 bool path_strv_contains(char **l, const char *path);
+bool prefixed_path_strv_contains(char **l, const char *path);
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -5371,7 +5371,10 @@ static int exec_runtime_make(Manager *m, const ExecContext *c, const char *id, E
        if (!c->private_network && !c->private_tmp && !c->network_namespace_path)
                return 0;

-        if (c->private_tmp) {
+        if (c->private_tmp &&
+            !(prefixed_path_strv_contains(c->inaccessible_paths, "/tmp") &&
+              (prefixed_path_strv_contains(c->inaccessible_paths, "/var/tmp") ||
+               prefixed_path_strv_contains(c->inaccessible_paths, "/var")))) {
                r = setup_tmp_dirs(id, &tmp_dir, &var_tmp_dir);
                if (r < 0)
                        return r;
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -1192,7 +1192,7 @@ static bool root_read_only(
        if (protect_system == PROTECT_SYSTEM_STRICT)
                return true;

-        if (path_strv_contains(read_only_paths, "/"))
+        if (prefixed_path_strv_contains(read_only_paths, "/"))
                return true;

        return false;
@ -1217,9 +1217,9 @@ static bool home_read_only(
        if (protect_home != PROTECT_HOME_NO)
                return true;

-        if (path_strv_contains(read_only_paths, "/home") ||
-            path_strv_contains(inaccessible_paths, "/home") ||
-            path_strv_contains(empty_directories, "/home"))
+        if (prefixed_path_strv_contains(read_only_paths, "/home") ||
+            prefixed_path_strv_contains(inaccessible_paths, "/home") ||
+            prefixed_path_strv_contains(empty_directories, "/home"))
                return true;

        for (i = 0; i < n_temporary_filesystems; i++)
--- a/src/udev/udev-rules.c
+++ b/src/udev/udev-rules.c
@ -921,7 +921,7 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp
                        op = OP_ASSIGN;
                }

-                r = rule_line_add_token(rule_line, TK_A_SECLABEL, op, value, NULL);
+                r = rule_line_add_token(rule_line, TK_A_SECLABEL, op, value, attr);
        } else if (streq(key, "RUN")) {
                if (is_match || op == OP_REMOVE)
                        return log_token_invalid_op(rules, key);
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@ -559,6 +559,14 @@ static void event_run(Manager *manager, struct event *event) {
        assert(manager);
        assert(event);

+        if (DEBUG_LOGGING) {
+                DeviceAction action;
+
+                r = device_get_action(event->dev, &action);
+                log_device_debug(event->dev, "Device (SEQNUM=%"PRIu64", ACTION=%s) ready for processing",
+                                 event->seqnum, r >= 0 ? device_action_to_string(action) : "<unknown>");
+        }
+
        HASHMAP_FOREACH(worker, manager->workers, i) {
                if (worker->state != WORKER_IDLE)
                        continue;
@ -770,6 +778,9 @@ static int is_device_busy(Manager *manager, struct event *event) {
        return false;

 set_delaying_seqnum:
+        log_device_debug(event->dev, "SEQNUM=%" PRIu64 " blocked by SEQNUM=%" PRIu64,
+                         event->seqnum, loop_event->seqnum);
+
        event->delaying_seqnum = loop_event->seqnum;
        return true;
 }
Author	SHA1	Message	Date
Zbigniew Jędrzejewski-Szmek	693040bde5	Merge pull request #15063 from topimiettinen/execute-dont-create-tmp-dirs-if-inaccessible Execute: don't create temp dirs if inaccessible	2020-03-11 09:06:10 +01:00
Uwe Kleine-König	7600dbb870	udev: add debug logs for delaying and delegation of events Up to now each uevent logs the following things at debug level: - Device is queued - Processing device - Device processed However when the device is queued it might still have to wait for earlier devices to be processed before being able to start being processed itself. When analysing logs this dependency information is quite cruicial, so add respective debug log calls.	2020-03-11 08:44:32 +01:00
Valery0xff	0335d110af	udev: fix SECLABEL{selinux} issue (#15064 ) Add SECLABEL{selinux}="some value" cause udevadm crash systemd-udevd[x]: Worker [x] terminated by signal 11 (SEGV) It happens since `25de7aa7b9` (Yu Watanabe 2019-04-25 01:21:11 +0200) when udev rules processing changed to token model. Yu forgot store attr to SECLABEL token so fix it.	2020-03-11 09:20:36 +09:00
Topi Miettinen	efa2f3a18b	execute: don't create /tmp and /var/tmp if both are inaccessible If both /tmp and either /var/tmp or whole /var are inaccessible, there's no need to create the temporary directories.	2020-03-10 16:51:29 +02:00
Topi Miettinen	de46b2be07	namespace: ignore prefix chars when comparing paths Other callers of path_strv_contains() or PATH_IN_SET() don't seem to handle paths prefixed with -+.	2020-03-10 16:48:34 +02:00