Merge pull request #23021 from fbuihuu/tmpfiles-fix-precedence-with-plus-sign

Tmpfiles fix precedence with plus sign
shared/install: fix crash when reenable is called without --root
2026-04-25 08:25:12 +02:00 · 2022-04-16 01:36:51 +09:00 · 2022-04-15 18:26:07 +02:00 · 2022-04-15 17:51:26 +02:00 · 2022-04-15 20:11:58 +09:00 · 2022-04-15 17:44:51 +09:00
8 changed files with 127 additions and 61 deletions
--- a/src/libsystemd/sd-netlink/sd-netlink.c
+++ b/src/libsystemd/sd-netlink/sd-netlink.c
@ -270,7 +270,7 @@ int sd_netlink_sendv(
                        return -ENOMEM;
        }
-        for (unsigned i = 0; i < msgcount; i++) {
+        for (size_t i = 0; i < msgcount; i++) {
                assert_return(!messages[i]->sealed, -EPERM);
                netlink_seal_message(nl, messages[i]);
--- a/src/network/networkctl.c
+++ b/src/network/networkctl.c
@ -2491,11 +2491,11 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) {
        pager_open(arg_pager_flags);
        table = table_new("link",
-                          "chassis id",
+                          "chassis-id",
-                          "system name",
+                          "system-name",
                          "caps",
-                          "port id",
+                          "port-id",
-                          "port description");
+                          "port-description");
        if (!table)
                return log_oom();
@ -2504,24 +2504,9 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) {
        table_set_header(table, arg_legend);
        assert_se(cell = table_get_cell(table, 0, 0));
        table_set_minimum_width(table, cell, 16);
        assert_se(cell = table_get_cell(table, 0, 1));
        table_set_minimum_width(table, cell, 17);
        assert_se(cell = table_get_cell(table, 0, 2));
        table_set_minimum_width(table, cell, 16);
        assert_se(cell = table_get_cell(table, 0, 3));
        table_set_minimum_width(table, cell, 11);
        assert_se(cell = table_get_cell(table, 0, 4));
        table_set_minimum_width(table, cell, 17);
        assert_se(cell = table_get_cell(table, 0, 5));
        table_set_minimum_width(table, cell, 16);
        for (int i = 0; i < c; i++) {
                _cleanup_fclose_ FILE *f = NULL;
@ -2534,9 +2519,9 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) {
                }
                for (;;) {
                        _cleanup_free_ char *cid = NULL, *pid = NULL, *sname = NULL, *pdesc = NULL, *capabilities = NULL;
                        const char *chassis_id = NULL, *port_id = NULL, *system_name = NULL, *port_description = NULL;
                        _cleanup_(sd_lldp_neighbor_unrefp) sd_lldp_neighbor *n = NULL;
                        _cleanup_free_ char *capabilities = NULL;
                        uint16_t cc;
                        r = next_lldp_neighbor(f, &n);
@ -2552,30 +2537,6 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) {
                        (void) sd_lldp_neighbor_get_system_name(n, &system_name);
                        (void) sd_lldp_neighbor_get_port_description(n, &port_description);
                        if (chassis_id) {
                                cid = ellipsize(chassis_id, 17, 100);
                                if (cid)
                                        chassis_id = cid;
                        }
                        if (port_id) {
                                pid = ellipsize(port_id, 17, 100);
                                if (pid)
                                        port_id = pid;
                        }
                        if (system_name) {
                                sname = ellipsize(system_name, 16, 100);
                                if (sname)
                                        system_name = sname;
                        }
                        if (port_description) {
                                pdesc = ellipsize(port_description, 16, 100);
                                if (pdesc)
                                        port_description = pdesc;
                        }
                        if (sd_lldp_neighbor_get_enabled_capabilities(n, &cc) >= 0) {
                                capabilities = lldp_capabilities_to_string(cc);
                                all |= cc;
--- a/src/shared/firewall-util-nft.c
+++ b/src/shared/firewall-util-nft.c
@ -29,13 +29,16 @@
 #define UDP_DPORT_OFFSET 2
-static int nfnl_netlink_sendv(sd_netlink *nfnl,
+static int nfnl_netlink_sendv(
-                              sd_netlink_message *messages[],
+                sd_netlink *nfnl,
                sd_netlink_message **messages,
                size_t msgcount) {
        _cleanup_free_ uint32_t *serial = NULL;
        size_t i;
        int r;
        assert(nfnl);
        assert(messages);
        assert(msgcount > 0);
        r = sd_netlink_sendv(nfnl, messages, msgcount, &serial);
@ -43,7 +46,7 @@ static int nfnl_netlink_sendv(sd_netlink *nfnl,
                return r;
        r = 0;
-        for (i = 1; i < msgcount - 1; i++) {
+        for (size_t i = 1; i < msgcount - 1; i++) {
                int tmp;
                /* If message is an error, this returns embedded errno */
--- a/src/shared/install.c
+++ b/src/shared/install.c
@ -2825,7 +2825,7 @@ static int normalize_linked_files(
                        return r;
                const char *p = NULL;
-                if (i && i->path)
+                if (i && i->path && i->root)
                        /* Use startswith here, because we know that paths are normalized, and
                         * path_startswith() would give us a relative path, but we need an absolute path
                         * relative to i->root.
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@ -2657,7 +2657,7 @@ static int item_compare(const Item *a, const Item *b) {
        return CMP(a->type, b->type);
 }
-static bool item_compatible(Item *a, Item *b) {
+static bool item_compatible(const Item *a, const Item *b) {
        assert(a);
        assert(b);
        assert(streq(a->path, b->path));
@ -2896,6 +2896,26 @@ static int parse_age_by_from_arg(const char *age_by_str, Item *item) {
        return 0;
 }
 static bool is_duplicated_item(ItemArray *existing, const Item *i) {
        assert(existing);
        assert(i);
        for (size_t n = 0; n < existing->n_items; n++) {
                const Item *e = existing->items + n;
                if (item_compatible(e, i))
                        continue;
                /* Only multiple 'w+' lines for the same path are allowed. */
                if (e->type != WRITE_FILE || !e->append_or_force ||
                    i->type != WRITE_FILE || !i->append_or_force)
                        return true;
        }
        return false;
 }
 static int parse_line(
                const char *fname,
                unsigned line,
@ -3247,14 +3267,11 @@ static int parse_line(
        existing = ordered_hashmap_get(h, i.path);
        if (existing) {
-                size_t n;
+                if (is_duplicated_item(existing, &i)) {
-
+                        log_syntax(NULL, LOG_NOTICE, fname, line, 0,
-                for (n = 0; n < existing->n_items; n++) {
+                                   "Duplicate line for path \"%s\", ignoring.", i.path);
                        if (!item_compatible(existing->items + n, &i) && !i.append_or_force) {
                                log_syntax(NULL, LOG_NOTICE, fname, line, 0, "Duplicate line for path \"%s\", ignoring.", i.path);
                        return 0;
                }
                }
        } else {
                existing = new0(ItemArray, 1);
                if (!existing)
--- a/test/test-functions
+++ b/test/test-functions
@ -1869,7 +1869,7 @@ install_pam() {
        paths+=(/lib*/security)
    fi
-    for d in /etc/pam.d /etc/security /usr/{etc,lib}/pam.d; do
+    for d in /etc/pam.d /{usr/,}etc/security /usr/{etc,lib}/pam.d; do
        [ -d "$d" ] && paths+=("$d")
    done
--- a/test/units/testsuite-22.03.sh
+++ b/test/units/testsuite-22.03.sh
@ -186,6 +186,7 @@ test ! -e /tmp/F/daemon/unsafe-symlink/exploit
 # 'w'
 #
 touch /tmp/w/overwritten
 touch /tmp/w/appended
 ### nop if the target does not exist.
 systemd-tmpfiles --create - <<EOF
@ -205,13 +206,22 @@ EOF
 test -f /tmp/w/overwritten
 test "$(< /tmp/w/overwritten)" = "old content"
-### new content is overwritten
+### old content is overwritten
 systemd-tmpfiles --create - <<EOF
 w     /tmp/w/overwritten    0644 - - - new content
 EOF
 test -f /tmp/w/overwritten
 test "$(< /tmp/w/overwritten)" = "new content"
 ### append lines
 systemd-tmpfiles --create - <<EOF
 w+    /tmp/w/appended    0644 - - - 1
 w+    /tmp/w/appended    0644 - - - 2\n
 w+    /tmp/w/appended    0644 - - - 3
 EOF
 test -f /tmp/w/appended
 test "$(< /tmp/w/appended)" = "$(echo -ne '12\n3')"
 ### writing into an 'exotic' file should be allowed.
 systemd-tmpfiles --create - <<EOF
 w     /dev/null    - - - - new content
--- a/test/units/testsuite-22.13.sh
+++ b/test/units/testsuite-22.13.sh
@ -0,0 +1,75 @@
 #!/bin/bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 #
 # Tests for configuration directory and file precedences
 #
 set -eux
 rm -f  /{usr/lib,etc}/tmpfiles.d/{L,w}-*.conf
 rm -fr /tmp/precedence/{L,w}
 mkdir -p /{usr/lib,etc}/tmpfiles.d
 mkdir -p /tmp/precedence/{L,w}
 #
 # 'L'
 #
 ln -s /dev/null /tmp/precedence/L
 # Overwrite the existing symlink
 cat >/usr/lib/tmpfiles.d/L-z.conf<<EOF
 L+ /tmp/precedence/L - - - - /usr/lib/tmpfiles.d/L-z.conf
 EOF
 systemd-tmpfiles --create
 test "$(readlink /tmp/precedence/L)" = "/usr/lib/tmpfiles.d/L-z.conf"
 # Files in /etc should override those in /usr
 cat >/etc/tmpfiles.d/L-z.conf<<EOF
 L+ /tmp/precedence/L - - - - /etc/tmpfiles.d/L-z.conf
 EOF
 systemd-tmpfiles --create
 test "$(readlink /tmp/precedence/L)" = "/etc/tmpfiles.d/L-z.conf"
 # /usr/…/L-a.conf has higher prio than /etc/…/L-z.conf
 cat >/usr/lib/tmpfiles.d/L-a.conf<<EOF
 L+ /tmp/precedence/L - - - - /usr/lib/tmpfiles.d/L-a.conf
 EOF
 systemd-tmpfiles --create
 test "$(readlink /tmp/precedence/L)" = "/usr/lib/tmpfiles.d/L-a.conf"
 # Files in /etc should override those in /usr
 cat >/etc/tmpfiles.d/L-a.conf<<EOF
 L+ /tmp/precedence/L - - - - /etc/tmpfiles.d/L-a.conf
 EOF
 systemd-tmpfiles --create
 test "$(readlink /tmp/precedence/L)" = "/etc/tmpfiles.d/L-a.conf"
 #
 # 'w'
 #
 touch /tmp/precedence/w/f
 # Multiple configuration files specifying 'w+' for the same path is allowed.
 for i in a c; do
    cat >/usr/lib/tmpfiles.d/w-$i.conf<<EOF
 w+ /tmp/precedence/w/f - - - - /usr/lib/tmpfiles.d/w-$i.conf\n
 EOF
    cat >/etc/tmpfiles.d/w-$i.conf<<EOF
 w+ /tmp/precedence/w/f - - - - /etc/tmpfiles.d/w-$i.conf\n
 EOF
 done
 cat >/usr/lib/tmpfiles.d/w-b.conf<<EOF
 w+ /tmp/precedence/w/f - - - - /usr/lib/tmpfiles.d/w-b.conf\n
 EOF
 systemd-tmpfiles --create
 cmp /tmp/precedence/w/f <<EOF
 /etc/tmpfiles.d/w-a.conf
 /usr/lib/tmpfiles.d/w-b.conf
 /etc/tmpfiles.d/w-c.conf
 EOF
Author	SHA1	Message	Date
Yu Watanabe	7be87278a3	Merge pull request #23021 from fbuihuu/tmpfiles-fix-precedence-with-plus-sign Tmpfiles fix precedence with plus sign	2022-04-16 01:36:51 +09:00
Zbigniew Jędrzejewski-Szmek	6e961aeb26	shared/install: fix crash when reenable is called without --root	2022-04-15 18:26:07 +02:00
Simon Ellmann	27cd31c0b2	networkctl: obey --full with lldp command Do not ellipsize output when -l or --full is handed to networkctl lldp. Fixes #22806.	2022-04-15 17:51:26 +02:00
Yu Watanabe	3e02a6a33e	Merge pull request #23090 from yuwata/firewall-util-cleanups firewall-util: cleanups	2022-04-15 20:11:58 +09:00
Yu Watanabe	012f32d808	firewall-util: inline iterator and add several missing assertions	2022-04-15 17:44:51 +09:00
Yu Watanabe	cc41c084cd	sd-netlink: use correct type of iterator	2022-04-15 17:37:52 +09:00
Franck Bui	a6aafd6ab6	tmpfiles: constify item_compatible() parameters	2022-04-11 11:22:39 +02:00
Franck Bui	eef72224a8	test: adapt install_pam() for openSUSE limits.conf is installed in /usr/etc/security for openSUSE.	2022-04-11 11:22:39 +02:00
Franck Bui	402f2b3ce8	test: add test checking tmpfiles conf file precedence	2022-04-11 11:22:39 +02:00
Franck Bui	9f55d48ba5	test tmpfiles: add a test for 'w+'	2022-04-11 11:22:39 +02:00
Franck Bui	9af74e0f59	tmpfiles.d: only 'w+' can have multiple lines for the same path Since d0ea5c5e39dce60efbce6d86534eb9ca253440b0, all lines specifying actions that recreate a file system object (such as 'f+, 'L+', etc ...) on the same path were allowed. This had the bad side effect to break the tmpfiles configuration file sorting for files defining such lines. For example: # cat /etc/tmpfiles.d/a.conf f+ /tmp/file - - - - a.conf # cat /etc/tmpfiles.d/z.conf f+ /tmp/file - - - - z.conf # systemd-tmpfiles --create /etc/tmpfiles.d/{a,z}.conf # cat /tmp/file z.conf Even though "a.conf" sorts lexicographically before "z.conf", the content of /tmp/file was the result of the action defined in "z.conf" This patch restores the old logic - if multiple files specify the same path, the entry in the file with the lexicographically earliest name will be applied.	2022-04-11 11:22:27 +02:00