stat-util: trivial empty_or_null() tweaks

To small tweaks: /dev/null is definitely a char device. And if we have the path, to a string base comparison first.
Check ambient set against bounding set prior to applying ambient set
2020-05-29 21:23:43 +02:00 · 2020-05-29 21:23:26 +02:00 · 2020-05-29 18:32:38 +02:00
3 changed files with 22 additions and 3 deletions
--- a/3
+++ b/3
@ -41,6 +41,9 @@ Features:
 * add ConditionSecurity=tpm2
 * Remove any support for booting without /usr pre-mounted in the initrd entirely.
  Update INITRD_INTERFACE.md accordingly.
 * pid1: Move to tracking of main pid/control pid of units per pidfd
 * pid1: support new clone3() fork-into-cgroup feature
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@ -107,6 +107,18 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
        unsigned long i;
        int r;
        /* Remove capabilities requested in ambient set, but not in the bounding set */
        for (i = 0; i <= cap_last_cap(); i++) {
                if (set == 0)
                        break;
                if (FLAGS_SET(set, (UINT64_C(1) << i)) && prctl(PR_CAPBSET_READ, i) != 1) {
                        log_debug("Ambient capability %s requested but missing from bounding set,"
                                        " suppressing automatically.", capability_to_name(i));
                        set &= ~(UINT64_C(1) << i);
                }
        }
        /* Add the capabilities to the ambient set (an possibly also the inheritable set) */
        /* Check that we can use PR_CAP_AMBIENT or quit early. */
--- a/src/basic/stat-util.c
+++ b/src/basic/stat-util.c
@ -94,10 +94,10 @@ bool null_or_empty(struct stat *st) {
        if (S_ISREG(st->st_mode) && st->st_size <= 0)
                return true;
-        /* We don't want to hardcode the major/minor of /dev/null,
+        /* We don't want to hardcode the major/minor of /dev/null, hence we do a simpler "is this a character
-         * hence we do a simpler "is this a device node?" check. */
+         * device node?" check. */
-        if (S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode))
+        if (S_ISCHR(st->st_mode))
                return true;
        return false;
@ -108,6 +108,10 @@ int null_or_empty_path(const char *fn) {
        assert(fn);
        /* If we have the path, let's do an easy text comparison first. */
        if (path_equal(fn, "/dev/null"))
                return true;
        if (stat(fn, &st) < 0)
                return -errno;
Author	SHA1	Message	Date
Lennart Poettering	29da419305	stat-util: trivial empty_or_null() tweaks To small tweaks: /dev/null is definitely a char device. And if we have the path, to a string base comparison first.	2020-05-29 21:23:43 +02:00
sterlinghughes	8acb11a6a3	Check ambient set against bounding set prior to applying ambient set Fixes #15020	2020-05-29 21:23:26 +02:00
Lennart Poettering	42ba8d25ad	update TODO	2020-05-29 18:32:38 +02:00