Merge c5a35d3ea9 into f6793bbcf0

"nsenter -a" doesn't migrate the specified process into the target
cgroup (it really should). Thus the cgroup will remain in a cgroup
that is (due to cgroup ns) outside our visibility. The kernel will
report the cgroup path of such cgroups as starting with "/../". Detect
that and print a reasonably error message instead of trying to resolve
that.

man/journalctl.xml

@@ -474,8 +474,8 @@
         <term><option>-k</option></term>
         <term><option>--dmesg</option></term>
 
-        <listitem><para>Show only kernel messages. This implies <option>-b</option> and adds the match
-        <literal>_TRANSPORT=kernel</literal>.</para>
+        <listitem><para>Show only kernel messages. This adds the match <literal>_TRANSPORT=kernel</literal>.
+        This implies <option>--boot=0</option> unless explicitly specified otherwise.</para>
 
         <xi:include href="version-info.xml" xpointer="v205"/></listitem>
       </varlistentry>
@@ -809,11 +809,10 @@
         <term><option>--pager-end</option></term>
 
         <listitem><para>Immediately jump to the end of the journal inside the implied pager tool. This
-        implies <option>-n1000</option> to guarantee that the pager will not buffer logs of unbounded
-        size. This may be overridden with an explicit <option>-n</option> with some other numeric value,
-        while <option>-nall</option> will disable this cap.  Note that this option is only supported for
-        the <citerefentry
-        project='man-pages'><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+        implies <option>--lines=1000</option> and <option>--boot=0</option> unless explicitly specified
+        otherwise, to guarantee that the pager will not buffer logs of unbounded size. Note that this option
+        is only supported for the
+        <citerefentry project='man-pages'><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry>
         pager.</para>
 
         <xi:include href="version-info.xml" xpointer="v198"/></listitem>

src/basic/cgroup-util.c

@@ -803,6 +803,10 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
                 if (!path)
                         return -ENOMEM;
 
+                /* Refuse cgroup paths from outside our cgroup namespace */
+                if (startswith(path, "/../"))
+                        return -EUNATCH;
+
                 /* Truncate suffix indicating the process is a zombie */
                 e = endswith(path, " (deleted)");
                 if (e)

src/basic/process-util.c

@@ -102,8 +102,8 @@ int pid_get_comm(pid_t pid, char **ret) {
         _cleanup_free_ char *escaped = NULL, *comm = NULL;
         int r;
 
-        assert(ret);
         assert(pid >= 0);
+        assert(ret);
 
         if (pid == 0 || pid == getpid_cached()) {
                 comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
@@ -143,6 +143,9 @@ int pidref_get_comm(const PidRef *pid, char **ret) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_comm(pid->pid, &comm);
         if (r < 0)
                 return r;
@@ -289,6 +292,9 @@ int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlag
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
         if (r < 0)
                 return r;
@@ -331,6 +337,9 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char *
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_cmdline_strv(pid->pid, flags, &args);
         if (r < 0)
                 return r;
@@ -477,6 +486,9 @@ int pidref_is_kernel_thread(const PidRef *pid) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         result = pid_is_kernel_thread(pid->pid);
         if (result < 0)
                 return result;
@@ -594,6 +606,9 @@ int pidref_get_uid(const PidRef *pid, uid_t *ret) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_uid(pid->pid, &uid);
         if (r < 0)
                 return r;
@@ -794,6 +809,9 @@ int pidref_get_start_time(const PidRef *pid, usec_t *ret) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_start_time(pid->pid, ret ? &t : NULL);
         if (r < 0)
                 return r;
@@ -1093,6 +1111,9 @@ int pidref_is_my_child(const PidRef *pid) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         result = pid_is_my_child(pid->pid);
         if (result < 0)
                 return result;
@@ -1128,6 +1149,9 @@ int pidref_is_unwaited(const PidRef *pid) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         if (pid->pid == 1 || pidref_is_self(pid))
                 return true;
 
@@ -1169,6 +1193,9 @@ int pidref_is_alive(const PidRef *pidref) {
         if (!pidref_is_set(pidref))
                 return -ESRCH;
 
+        if (pidref_is_remote(pidref))
+                return -EREMOTE;
+
         result = pid_is_alive(pidref->pid);
         if (result < 0) {
                 assert(result != -ESRCH);

src/cryptenroll/cryptenroll-fido2.c

@@ -193,7 +193,7 @@ int enroll_fido2(
                 fflush(stdout);
 
                 fprintf(stderr,
-                        "\nPlease save this FIDO2 credential ID. It is required when unloocking the volume\n"
+                        "\nPlease save this FIDO2 credential ID. It is required when unlocking the volume\n"
                         "using the associated FIDO2 keyslot which we just created. To configure automatic\n"
                         "unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
                         "file, see %s for details.\n", link);

src/journal/journalctl-util.c

@@ -74,12 +74,8 @@ int journal_acquire_boot(sd_journal *j) {
 
         assert(j);
 
-        if (!arg_boot) {
-                /* Clear relevant field for safety. */
-                arg_boot_id = SD_ID128_NULL;
-                arg_boot_offset = 0;
+        if (!arg_boot)
                 return 0;
-        }
 
         /* Take a shortcut and use the current boot_id, which we can do very quickly.
          * We can do this only when the logs are coming from the current machine,

src/journal/journalctl.c

@@ -45,7 +45,7 @@ bool arg_no_tail = false;
 bool arg_truncate_newline = false;
 bool arg_quiet = false;
 bool arg_merge = false;
-bool arg_boot = false;
+int arg_boot = -1; /* tristate */
 sd_id128_t arg_boot_id = {};
 int arg_boot_offset = 0;
 bool arg_dmesg = false;
@@ -452,12 +452,6 @@ static int parse_argv(int argc, char *argv[]) {
 
                 case 'e':
                         arg_pager_flags |= PAGER_JUMP_TO_END;
-
-                        if (arg_lines == ARG_LINES_DEFAULT)
-                                arg_lines = 1000;
-
-                        arg_boot = true;
-
                         break;
 
                 case 'f':
@@ -563,7 +557,7 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case 'k':
-                        arg_boot = arg_dmesg = true;
+                        arg_dmesg = true;
                         break;
 
                 case ARG_SYSTEM:
@@ -987,11 +981,19 @@ static int parse_argv(int argc, char *argv[]) {
         if (arg_no_tail)
                 arg_lines = ARG_LINES_ALL;
 
-        if (arg_follow && !arg_since_set && arg_lines == ARG_LINES_DEFAULT)
-                arg_lines = 10;
+        if (arg_lines == ARG_LINES_DEFAULT) {
+                if (arg_follow && !arg_since_set)
+                        arg_lines = 10;
+                else if (FLAGS_SET(arg_pager_flags, PAGER_JUMP_TO_END))
+                        arg_lines = 1000;
+        }
 
-        if (arg_follow && !arg_merge && !arg_boot) {
-                arg_boot = true;
+        if (arg_boot < 0)
+                /* Show the current boot if -f/--follow, -k/--dmesg, or -e/--pager-end is specified unless
+                 * -m/--merge is specified. */
+                arg_boot = !arg_merge && (arg_follow || arg_dmesg || FLAGS_SET(arg_pager_flags, PAGER_JUMP_TO_END));
+        if (!arg_boot) {
+                /* Clear the boot ID and offset if -b/--boot is unspecified for safety. */
                 arg_boot_id = SD_ID128_NULL;
                 arg_boot_offset = 0;
         }

src/journal/journalctl.h

@@ -50,7 +50,7 @@ extern bool arg_no_tail;
 extern bool arg_truncate_newline;
 extern bool arg_quiet;
 extern bool arg_merge;
-extern bool arg_boot;
+extern int arg_boot;
 extern sd_id128_t arg_boot_id;
 extern int arg_boot_offset;
 extern bool arg_dmesg;

src/shared/killall.c

@@ -46,13 +46,17 @@ static bool argv_has_at(pid_t pid) {
         return c == '@';
 }
 
-static bool is_survivor_cgroup(const PidRef *pid) {
+static bool is_in_survivor_cgroup(const PidRef *pid) {
         _cleanup_free_ char *cgroup_path = NULL;
         int r;
 
         assert(pidref_is_set(pid));
 
         r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path);
+        if (r == -EUNATCH) {
+                log_warning_errno(r, "Process " PID_FMT " appears to originate in foreign namespace, ignoring.", pid->pid);
+                return true;
+        }
         if (r < 0) {
                 log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid);
                 return false;
@@ -86,7 +90,7 @@ static bool ignore_proc(const PidRef *pid, bool warn_rootfs) {
                 return true; /* also ignore processes where we can't determine this */
 
         /* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */
-        if (is_survivor_cgroup(pid))
+        if (is_in_survivor_cgroup(pid))
                 return true;
 
         r = pidref_get_uid(pid, &uid);

src/test/test-audit-util.c

@@ -7,24 +7,26 @@ TEST(audit_loginuid_from_pid) {
         _cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
         int r;
 
-        assert_se(pidref_set_self(&self) >= 0);
-        assert_se(pidref_set_pid(&pid1, 1) >= 0);
+        ASSERT_OK(pidref_set_self(&self));
+        ASSERT_OK(pidref_set_pid(&pid1, 1));
 
         uid_t uid;
         r = audit_loginuid_from_pid(&self, &uid);
-        assert_se(r >= 0 || r == -ENODATA);
+        if (r != -ENODATA)
+                ASSERT_OK(r);
         if (r >= 0)
                 log_info("self audit login uid: " UID_FMT, uid);
 
-        assert_se(audit_loginuid_from_pid(&pid1, &uid) == -ENODATA);
+        ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA);
 
         uint32_t sessionid;
         r = audit_session_from_pid(&self, &sessionid);
-        assert_se(r >= 0 || r == -ENODATA);
+        if (r != -ENODATA)
+                ASSERT_OK(r);
         if (r >= 0)
                 log_info("self audit session id: %" PRIu32, sessionid);
 
-        assert_se(audit_session_from_pid(&pid1, &sessionid) == -ENODATA);
+        ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA);
 }
 
 static int intro(void) {