Merge pull request #23021 from fbuihuu/tmpfiles-fix-precedence-with-plus-sign

Tmpfiles fix precedence with plus sign
shared/install: fix crash when reenable is called without --root
2026-04-25 16:34:50 +02:00 · 2022-04-16 01:36:51 +09:00 · 2022-04-15 18:26:07 +02:00 · 2022-04-15 17:51:26 +02:00 · 2022-04-15 20:11:58 +09:00 · 2022-04-15 17:44:51 +09:00
8 changed files with 127 additions and 61 deletions
--- a/src/libsystemd/sd-netlink/sd-netlink.c
+++ b/src/libsystemd/sd-netlink/sd-netlink.c
@ -270,7 +270,7 @@ int sd_netlink_sendv(
                        return -ENOMEM;
        }

-        for (unsigned i = 0; i < msgcount; i++) {
+        for (size_t i = 0; i < msgcount; i++) {
                assert_return(!messages[i]->sealed, -EPERM);

                netlink_seal_message(nl, messages[i]);
--- a/src/network/networkctl.c
+++ b/src/network/networkctl.c
@ -2491,11 +2491,11 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) {
        pager_open(arg_pager_flags);

        table = table_new("link",
-                          "chassis id",
-                          "system name",
+                          "chassis-id",
+                          "system-name",
                          "caps",
-                          "port id",
-                          "port description");
+                          "port-id",
+                          "port-description");
        if (!table)
                return log_oom();

@ -2504,24 +2504,9 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) {

        table_set_header(table, arg_legend);

-        assert_se(cell = table_get_cell(table, 0, 0));
-        table_set_minimum_width(table, cell, 16);
-
-        assert_se(cell = table_get_cell(table, 0, 1));
-        table_set_minimum_width(table, cell, 17);
-
-        assert_se(cell = table_get_cell(table, 0, 2));
-        table_set_minimum_width(table, cell, 16);
-
        assert_se(cell = table_get_cell(table, 0, 3));
        table_set_minimum_width(table, cell, 11);

-        assert_se(cell = table_get_cell(table, 0, 4));
-        table_set_minimum_width(table, cell, 17);
-
-        assert_se(cell = table_get_cell(table, 0, 5));
-        table_set_minimum_width(table, cell, 16);
-
        for (int i = 0; i < c; i++) {
                _cleanup_fclose_ FILE *f = NULL;

@ -2534,9 +2519,9 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) {
                }

                for (;;) {
-                        _cleanup_free_ char *cid = NULL, *pid = NULL, *sname = NULL, *pdesc = NULL, *capabilities = NULL;
                        const char *chassis_id = NULL, *port_id = NULL, *system_name = NULL, *port_description = NULL;
                        _cleanup_(sd_lldp_neighbor_unrefp) sd_lldp_neighbor *n = NULL;
+                        _cleanup_free_ char *capabilities = NULL;
                        uint16_t cc;

                        r = next_lldp_neighbor(f, &n);
@ -2552,30 +2537,6 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) {
                        (void) sd_lldp_neighbor_get_system_name(n, &system_name);
                        (void) sd_lldp_neighbor_get_port_description(n, &port_description);

-                        if (chassis_id) {
-                                cid = ellipsize(chassis_id, 17, 100);
-                                if (cid)
-                                        chassis_id = cid;
-                        }
-
-                        if (port_id) {
-                                pid = ellipsize(port_id, 17, 100);
-                                if (pid)
-                                        port_id = pid;
-                        }
-
-                        if (system_name) {
-                                sname = ellipsize(system_name, 16, 100);
-                                if (sname)
-                                        system_name = sname;
-                        }
-
-                        if (port_description) {
-                                pdesc = ellipsize(port_description, 16, 100);
-                                if (pdesc)
-                                        port_description = pdesc;
-                        }
-
                        if (sd_lldp_neighbor_get_enabled_capabilities(n, &cc) >= 0) {
                                capabilities = lldp_capabilities_to_string(cc);
                                all |= cc;
--- a/src/shared/firewall-util-nft.c
+++ b/src/shared/firewall-util-nft.c
@ -29,13 +29,16 @@

 #define UDP_DPORT_OFFSET 2

-static int nfnl_netlink_sendv(sd_netlink *nfnl,
-                              sd_netlink_message *messages[],
+static int nfnl_netlink_sendv(
+                sd_netlink *nfnl,
+                sd_netlink_message **messages,
                size_t msgcount) {
+
        _cleanup_free_ uint32_t *serial = NULL;
-        size_t i;
        int r;

+        assert(nfnl);
+        assert(messages);
        assert(msgcount > 0);

        r = sd_netlink_sendv(nfnl, messages, msgcount, &serial);
@ -43,7 +46,7 @@ static int nfnl_netlink_sendv(sd_netlink *nfnl,
                return r;

        r = 0;
-        for (i = 1; i < msgcount - 1; i++) {
+        for (size_t i = 1; i < msgcount - 1; i++) {
                int tmp;

                /* If message is an error, this returns embedded errno */
--- a/src/shared/install.c
+++ b/src/shared/install.c
@ -2825,7 +2825,7 @@ static int normalize_linked_files(
                        return r;

                const char *p = NULL;
-                if (i && i->path)
+                if (i && i->path && i->root)
                        /* Use startswith here, because we know that paths are normalized, and
                         * path_startswith() would give us a relative path, but we need an absolute path
                         * relative to i->root.
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@ -2657,7 +2657,7 @@ static int item_compare(const Item *a, const Item *b) {
        return CMP(a->type, b->type);
 }

-static bool item_compatible(Item *a, Item *b) {
+static bool item_compatible(const Item *a, const Item *b) {
        assert(a);
        assert(b);
        assert(streq(a->path, b->path));
@ -2896,6 +2896,26 @@ static int parse_age_by_from_arg(const char *age_by_str, Item *item) {
        return 0;
 }

+static bool is_duplicated_item(ItemArray *existing, const Item *i) {
+
+        assert(existing);
+        assert(i);
+
+        for (size_t n = 0; n < existing->n_items; n++) {
+                const Item *e = existing->items + n;
+
+                if (item_compatible(e, i))
+                        continue;
+
+                /* Only multiple 'w+' lines for the same path are allowed. */
+                if (e->type != WRITE_FILE || !e->append_or_force ||
+                    i->type != WRITE_FILE || !i->append_or_force)
+                        return true;
+        }
+
+        return false;
+}
+
 static int parse_line(
                const char *fname,
                unsigned line,
@ -3247,14 +3267,11 @@ static int parse_line(

        existing = ordered_hashmap_get(h, i.path);
        if (existing) {
-                size_t n;
-
-                for (n = 0; n < existing->n_items; n++) {
-                        if (!item_compatible(existing->items + n, &i) && !i.append_or_force) {
-                                log_syntax(NULL, LOG_NOTICE, fname, line, 0, "Duplicate line for path \"%s\", ignoring.", i.path);
+                if (is_duplicated_item(existing, &i)) {
+                        log_syntax(NULL, LOG_NOTICE, fname, line, 0,
+                                   "Duplicate line for path \"%s\", ignoring.", i.path);
                        return 0;
                }
-                }
        } else {
                existing = new0(ItemArray, 1);
                if (!existing)
--- a/test/test-functions
+++ b/test/test-functions
@ -1869,7 +1869,7 @@ install_pam() {
        paths+=(/lib*/security)
    fi

-    for d in /etc/pam.d /etc/security /usr/{etc,lib}/pam.d; do
+    for d in /etc/pam.d /{usr/,}etc/security /usr/{etc,lib}/pam.d; do
        [ -d "$d" ] && paths+=("$d")
    done

--- a/test/units/testsuite-22.03.sh
+++ b/test/units/testsuite-22.03.sh
@ -186,6 +186,7 @@ test ! -e /tmp/F/daemon/unsafe-symlink/exploit
 # 'w'
 #
 touch /tmp/w/overwritten
+touch /tmp/w/appended

 ### nop if the target does not exist.
 systemd-tmpfiles --create - <<EOF
@ -205,13 +206,22 @@ EOF
 test -f /tmp/w/overwritten
 test "$(< /tmp/w/overwritten)" = "old content"

-### new content is overwritten
+### old content is overwritten
 systemd-tmpfiles --create - <<EOF
 w     /tmp/w/overwritten    0644 - - - new content
 EOF
 test -f /tmp/w/overwritten
 test "$(< /tmp/w/overwritten)" = "new content"

+### append lines
+systemd-tmpfiles --create - <<EOF
+w+    /tmp/w/appended    0644 - - - 1
+w+    /tmp/w/appended    0644 - - - 2\n
+w+    /tmp/w/appended    0644 - - - 3
+EOF
+test -f /tmp/w/appended
+test "$(< /tmp/w/appended)" = "$(echo -ne '12\n3')"
+
 ### writing into an 'exotic' file should be allowed.
 systemd-tmpfiles --create - <<EOF
 w     /dev/null    - - - - new content
--- a/test/units/testsuite-22.13.sh
+++ b/test/units/testsuite-22.13.sh
@ -0,0 +1,75 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# Tests for configuration directory and file precedences
+#
+set -eux
+
+rm -f  /{usr/lib,etc}/tmpfiles.d/{L,w}-*.conf
+rm -fr /tmp/precedence/{L,w}
+
+mkdir -p /{usr/lib,etc}/tmpfiles.d
+mkdir -p /tmp/precedence/{L,w}
+
+#
+# 'L'
+#
+ln -s /dev/null /tmp/precedence/L
+
+# Overwrite the existing symlink
+cat >/usr/lib/tmpfiles.d/L-z.conf<<EOF
+L+ /tmp/precedence/L - - - - /usr/lib/tmpfiles.d/L-z.conf
+EOF
+
+systemd-tmpfiles --create
+test "$(readlink /tmp/precedence/L)" = "/usr/lib/tmpfiles.d/L-z.conf"
+
+# Files in /etc should override those in /usr
+cat >/etc/tmpfiles.d/L-z.conf<<EOF
+L+ /tmp/precedence/L - - - - /etc/tmpfiles.d/L-z.conf
+EOF
+
+systemd-tmpfiles --create
+test "$(readlink /tmp/precedence/L)" = "/etc/tmpfiles.d/L-z.conf"
+
+# /usr/…/L-a.conf has higher prio than /etc/…/L-z.conf
+cat >/usr/lib/tmpfiles.d/L-a.conf<<EOF
+L+ /tmp/precedence/L - - - - /usr/lib/tmpfiles.d/L-a.conf
+EOF
+
+systemd-tmpfiles --create
+test "$(readlink /tmp/precedence/L)" = "/usr/lib/tmpfiles.d/L-a.conf"
+
+# Files in /etc should override those in /usr
+cat >/etc/tmpfiles.d/L-a.conf<<EOF
+L+ /tmp/precedence/L - - - - /etc/tmpfiles.d/L-a.conf
+EOF
+
+systemd-tmpfiles --create
+test "$(readlink /tmp/precedence/L)" = "/etc/tmpfiles.d/L-a.conf"
+
+#
+# 'w'
+#
+touch /tmp/precedence/w/f
+
+# Multiple configuration files specifying 'w+' for the same path is allowed.
+for i in a c; do
+    cat >/usr/lib/tmpfiles.d/w-$i.conf<<EOF
+w+ /tmp/precedence/w/f - - - - /usr/lib/tmpfiles.d/w-$i.conf\n
+EOF
+    cat >/etc/tmpfiles.d/w-$i.conf<<EOF
+w+ /tmp/precedence/w/f - - - - /etc/tmpfiles.d/w-$i.conf\n
+EOF
+done
+
+cat >/usr/lib/tmpfiles.d/w-b.conf<<EOF
+w+ /tmp/precedence/w/f - - - - /usr/lib/tmpfiles.d/w-b.conf\n
+EOF
+
+systemd-tmpfiles --create
+cmp /tmp/precedence/w/f <<EOF
+/etc/tmpfiles.d/w-a.conf
+/usr/lib/tmpfiles.d/w-b.conf
+/etc/tmpfiles.d/w-c.conf
+EOF
Author	SHA1	Message	Date
Yu Watanabe	7be87278a3	Merge pull request #23021 from fbuihuu/tmpfiles-fix-precedence-with-plus-sign Tmpfiles fix precedence with plus sign	2022-04-16 01:36:51 +09:00
Zbigniew Jędrzejewski-Szmek	6e961aeb26	shared/install: fix crash when reenable is called without --root	2022-04-15 18:26:07 +02:00
Simon Ellmann	27cd31c0b2	networkctl: obey --full with lldp command Do not ellipsize output when -l or --full is handed to networkctl lldp. Fixes #22806.	2022-04-15 17:51:26 +02:00
Yu Watanabe	3e02a6a33e	Merge pull request #23090 from yuwata/firewall-util-cleanups firewall-util: cleanups	2022-04-15 20:11:58 +09:00
Yu Watanabe	012f32d808	firewall-util: inline iterator and add several missing assertions	2022-04-15 17:44:51 +09:00
Yu Watanabe	cc41c084cd	sd-netlink: use correct type of iterator	2022-04-15 17:37:52 +09:00
Franck Bui	a6aafd6ab6	tmpfiles: constify item_compatible() parameters	2022-04-11 11:22:39 +02:00
Franck Bui	eef72224a8	test: adapt install_pam() for openSUSE limits.conf is installed in /usr/etc/security for openSUSE.	2022-04-11 11:22:39 +02:00
Franck Bui	402f2b3ce8	test: add test checking tmpfiles conf file precedence	2022-04-11 11:22:39 +02:00
Franck Bui	9f55d48ba5	test tmpfiles: add a test for 'w+'	2022-04-11 11:22:39 +02:00
Franck Bui	9af74e0f59	tmpfiles.d: only 'w+' can have multiple lines for the same path Since d0ea5c5e39dce60efbce6d86534eb9ca253440b0, all lines specifying actions that recreate a file system object (such as 'f+, 'L+', etc ...) on the same path were allowed. This had the bad side effect to break the tmpfiles configuration file sorting for files defining such lines. For example: # cat /etc/tmpfiles.d/a.conf f+ /tmp/file - - - - a.conf # cat /etc/tmpfiles.d/z.conf f+ /tmp/file - - - - z.conf # systemd-tmpfiles --create /etc/tmpfiles.d/{a,z}.conf # cat /tmp/file z.conf Even though "a.conf" sorts lexicographically before "z.conf", the content of /tmp/file was the result of the action defined in "z.conf" This patch restores the old logic - if multiple files specify the same path, the entry in the file with the lexicographically earliest name will be applied.	2022-04-11 11:22:27 +02:00