Commit 44107547 authored by Chris Coulson's avatar Chris Coulson Committed by Simon McVittie
Browse files

Import Debian changes 237-3ubuntu10.9

systemd (237-3ubuntu10.9) bionic-security; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
      resolve this completely
    - CVE-2018-6954

  [ Balint Reczey ]
  * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
    - update debian/systemd.postinst
parent acee940a
systemd (237-3ubuntu10.8) bionic; urgency=medium systemd (237-3ubuntu10.9) bionic-security; urgency=medium
* debian/extra/start-udev: ignore failure to set sync parameter. [ Chris Coulson ]
On old kernels (e.g. v4.4) the file is available but appears to be * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
non-writable. Hide error messages and ignore failure to write out sync into the - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
parameters file. This does not regress https://pad.lv/1779815 since older resolve this completely
kernel did synchronous scan anyway. But it does resolve failure to start the - CVE-2018-6954
installer on old kernels. (LP: #1784454)
File: debian/extra/start-udev [ Balint Reczey ]
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=62edd5c6e963dbf1df4f4bb7556a6d3477559083 * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
- update debian/systemd.postinst
* Add conflicts with upstart and systemd-shim. (LP: #1773859)
File: debian/control -- Chris Coulson <chris.coulson@canonical.com> Thu, 15 Nov 2018 20:45:11 +0000
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=33385a01dbe44765dc24eead52d677147b2b06c9
* units: Disable journald Watchdog (LP: #1773148)
File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=622407bc2aa723a3bdf10e1de946d0d6e88fbeb6
* cryptsetup: add support for sector-size= option (LP: #1776626)
File: debian/patches/cryptsetup-add-support-for-sector-size-option-8881.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=89899133e977eb34dac4c3e9f83c59853eda66ab
* Re-add support for /etc/writable for core18. (LP: #1778936)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fdc87994ab8f7036d07c8c208ad1fbac32cbd639
* systemctl: correctly proceed to immediate shutdown if scheduling fails
(LP: #1670291)
File: debian/patches/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cdd3a0bb5f568a2500dbdff4bfcf97e3ba996fe3
* core: export environment when running generators.
Ensure that manager's environment (including e.g. PATH) is exported when
running generators. Otherwise, one is at a mercy of running without PATH which
can lead to buggy generator behaviour. (LP: #1771858)
Files:
- debian/patches/core-execute-environment_generators-with-manager-s-enviro.patch
- debian/patches/core-execute-generators-with-manager-s-environmnet.patch
- debian/patches/exec-util-in-execute_directories-support-initial-exec-env.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d494ef816ca950c9a7c2bfb07620b3df8e46ed35
* networkd: add support to set IPv6MTUBytes (LP: #1671951)
File: debian/patches/networkd-add-support-to-configure-IPv6-MTU-8664.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f4a308ea8f3f9187c97f81868a0408f9cefc96a7
* Specify Ubuntu's Vcs-Git
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b739661356fe0e47223ae28c79b4b7f7740bea3a
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 15 Nov 2018 23:15:00 +0000
systemd (237-3ubuntu10.7) bionic-security; urgency=medium
* debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
(LP: #1803391)
Author: Balint Reczey
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=18eea38c62e73158d2160e319de31e054a58b8df
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 15 Nov 2018 23:00:20 +0000
systemd (237-3ubuntu10.6) bionic-security; urgency=medium systemd (237-3ubuntu10.6) bionic-security; urgency=medium
......
...@@ -9,10 +9,8 @@ Uploaders: Michael Biebl <biebl@debian.org>, ...@@ -9,10 +9,8 @@ Uploaders: Michael Biebl <biebl@debian.org>,
Martin Pitt <mpitt@debian.org> Martin Pitt <mpitt@debian.org>
Standards-Version: 4.1.3 Standards-Version: 4.1.3
Rules-Requires-Root: no Rules-Requires-Root: no
Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd -b ubuntu-bionic Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git
Vcs-Browser: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd Vcs-Browser: https://salsa.debian.org/systemd-team/systemd
XS-Vcs-Debian-Git: https://salsa.debian.org/systemd-team/systemd.git
XS-Vcs-Debian-Browser: https://salsa.debian.org/systemd-team/systemd
Homepage: https://www.freedesktop.org/wiki/Software/systemd Homepage: https://www.freedesktop.org/wiki/Software/systemd
Build-Depends: debhelper (>= 10.4~), Build-Depends: debhelper (>= 10.4~),
pkg-config, pkg-config,
...@@ -78,7 +76,6 @@ Depends: ${shlibs:Depends}, ...@@ -78,7 +76,6 @@ Depends: ${shlibs:Depends},
mount (>= 2.26), mount (>= 2.26),
adduser, adduser,
procps, procps,
Conflicts: systemd-shim, upstart
Breaks: apparmor (<< 2.9.2-1), Breaks: apparmor (<< 2.9.2-1),
systemd-shim (<< 10-3~), systemd-shim (<< 10-3~),
ifupdown (<< 0.8.5~), ifupdown (<< 0.8.5~),
...@@ -209,7 +206,7 @@ Depends: ${shlibs:Depends}, ...@@ -209,7 +206,7 @@ Depends: ${shlibs:Depends},
systemd (= ${binary:Version}), systemd (= ${binary:Version}),
libpam-runtime (>= 1.0.1-6), libpam-runtime (>= 1.0.1-6),
dbus, dbus,
systemd-sysv systemd-shim (>= 10-3~) | systemd-sysv
Description: system and service manager - PAM module Description: system and service manager - PAM module
This package contains the PAM module which registers user sessions in This package contains the PAM module which registers user sessions in
the systemd control group hierarchy for logind. the systemd control group hierarchy for logind.
......
...@@ -11,7 +11,7 @@ fi ...@@ -11,7 +11,7 @@ fi
# This covers the same case as lib/modprobe.d/scsi-mod-scan-sync.conf # This covers the same case as lib/modprobe.d/scsi-mod-scan-sync.conf
# in the event that scsi_mod is built in to the kernel, not a module: # in the event that scsi_mod is built in to the kernel, not a module:
if [ -f /sys/module/scsi_mod/parameters/scan ]; then if [ -f /sys/module/scsi_mod/parameters/scan ]; then
echo sync > /sys/module/scsi_mod/parameters/scan >/dev/null || : echo sync > /sys/module/scsi_mod/parameters/scan
fi fi
SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never
......
From 8948b3415d762245ebf5e19d80b97d4d8cc208c1 Mon Sep 17 00:00:00 2001 Description: core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 17 Oct 2018 18:36:24 +0200 This should be much better than fgets(), as we can read substantially
Subject: [PATCH] =?UTF-8?q?core:=20when=20deserializing=20state=20always?= longer lines and overly long lines result in proper errors.
=?UTF-8?q?=20use=20read=5Fline(=E2=80=A6,=20LONG=5FLINE=5FMAX,=20?=
=?UTF-8?q?=E2=80=A6)?= Fixes a vulnerability discovered by Jann Horn at Google.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8 CVE-2018-15686
Content-Transfer-Encoding: 8bit
Origin: upstream, https://github.com/poettering/systemd/commit/8948b3415d762245ebf5e19d80b97d4d8cc208c1
This should be much better than fgets(), as we can read substantially Bug-Ubuntu: https://launchpad.net/bugs/1796402
longer lines and overly long lines result in proper errors.
Fixes a vulnerability discovered by Jann Horn at Google.
CVE-2018-15686
LP: #1796402
https://bugzilla.redhat.com/show_bug.cgi?id=1639071
---
src/core/job.c | 19 +++++++++++--------
src/core/manager.c | 41 ++++++++++++++++++++---------------------
src/core/unit.c | 34 ++++++++++++++++++----------------
src/core/unit.h | 2 +-
4 files changed, 50 insertions(+), 46 deletions(-)
--- a/src/core/job.c --- a/src/core/job.c
+++ b/src/core/job.c +++ b/src/core/job.c
...@@ -35,19 +22,19 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071 ...@@ -35,19 +22,19 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
#include "macro.h" #include "macro.h"
@@ -1067,24 +1068,26 @@ @@ -1067,24 +1068,26 @@
} }
int job_deserialize(Job *j, FILE *f) { int job_deserialize(Job *j, FILE *f) {
+ int r; + int r;
+ +
assert(j); assert(j);
assert(f); assert(f);
for (;;) { for (;;) {
- char line[LINE_MAX], *l, *v; - char line[LINE_MAX], *l, *v;
+ _cleanup_free_ char *line = NULL; + _cleanup_free_ char *line = NULL;
+ char *l, *v; + char *l, *v;
size_t k; size_t k;
- if (!fgets(line, sizeof(line), f)) { - if (!fgets(line, sizeof(line), f)) {
- if (feof(f)) - if (feof(f))
- return 0; - return 0;
...@@ -58,28 +45,28 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071 ...@@ -58,28 +45,28 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
+ return log_error_errno(r, "Failed to read serialization line: %m"); + return log_error_errno(r, "Failed to read serialization line: %m");
+ if (r == 0) + if (r == 0)
+ return 0; + return 0;
- char_array_0(line); - char_array_0(line);
l = strstrip(line); l = strstrip(line);
/* End marker */ /* End marker */
- if (l[0] == 0) - if (l[0] == 0)
+ if (isempty(l)) + if (isempty(l))
return 0; return 0;
k = strcspn(l, "="); k = strcspn(l, "=");
--- a/src/core/unit.c --- a/src/core/unit.c
+++ b/src/core/unit.c +++ b/src/core/unit.c
@@ -3346,21 +3346,19 @@ @@ -3346,21 +3346,19 @@
rt = (ExecRuntime**) ((uint8_t*) u + offset); rt = (ExecRuntime**) ((uint8_t*) u + offset);
for (;;) { for (;;) {
- char line[LINE_MAX], *l, *v; - char line[LINE_MAX], *l, *v;
+ _cleanup_free_ char *line = NULL; + _cleanup_free_ char *line = NULL;
CGroupIPAccountingMetric m; CGroupIPAccountingMetric m;
+ char *l, *v; + char *l, *v;
size_t k; size_t k;
- if (!fgets(line, sizeof(line), f)) { - if (!fgets(line, sizeof(line), f)) {
- if (feof(f)) - if (feof(f))
- return 0; - return 0;
...@@ -90,7 +77,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071 ...@@ -90,7 +77,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
+ return log_error_errno(r, "Failed to read serialization line: %m"); + return log_error_errno(r, "Failed to read serialization line: %m");
+ if (r == 0) /* eof */ + if (r == 0) /* eof */
+ break; + break;
- char_array_0(line); - char_array_0(line);
l = strstrip(line); l = strstrip(line);
- -
...@@ -98,24 +85,24 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071 ...@@ -98,24 +85,24 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
- if (isempty(l)) - if (isempty(l))
+ if (isempty(l)) /* End marker */ + if (isempty(l)) /* End marker */
break; break;
k = strcspn(l, "="); k = strcspn(l, "=");
@@ -3637,23 +3635,27 @@ @@ -3637,23 +3635,27 @@
return 0; return 0;
} }
-void unit_deserialize_skip(FILE *f) { -void unit_deserialize_skip(FILE *f) {
+int unit_deserialize_skip(FILE *f) { +int unit_deserialize_skip(FILE *f) {
+ int r; + int r;
assert(f); assert(f);
/* Skip serialized data for this unit. We don't know what it is. */ /* Skip serialized data for this unit. We don't know what it is. */
for (;;) { for (;;) {
- char line[LINE_MAX], *l; - char line[LINE_MAX], *l;
+ _cleanup_free_ char *line = NULL; + _cleanup_free_ char *line = NULL;
+ char *l; + char *l;
- if (!fgets(line, sizeof line, f)) - if (!fgets(line, sizeof line, f))
- return; - return;
+ r = read_line(f, LONG_LINE_MAX, &line); + r = read_line(f, LONG_LINE_MAX, &line);
...@@ -123,38 +110,38 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071 ...@@ -123,38 +110,38 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
+ return log_error_errno(r, "Failed to read serialization line: %m"); + return log_error_errno(r, "Failed to read serialization line: %m");
+ if (r == 0) + if (r == 0)
+ return 0; + return 0;
- char_array_0(line); - char_array_0(line);
l = strstrip(line); l = strstrip(line);
/* End marker */ /* End marker */
if (isempty(l)) if (isempty(l))
- return; - return;
+ return 1; + return 1;
} }
} }
--- a/src/core/unit.h --- a/src/core/unit.h
+++ b/src/core/unit.h +++ b/src/core/unit.h
@@ -689,7 +689,7 @@ @@ -689,7 +689,7 @@
int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs); int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs);
int unit_deserialize(Unit *u, FILE *f, FDSet *fds); int unit_deserialize(Unit *u, FILE *f, FDSet *fds);
-void unit_deserialize_skip(FILE *f); -void unit_deserialize_skip(FILE *f);
+int unit_deserialize_skip(FILE *f); +int unit_deserialize_skip(FILE *f);
int unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value); int unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value);
int unit_serialize_item_escaped(Unit *u, FILE *f, const char *key, const char *value); int unit_serialize_item_escaped(Unit *u, FILE *f, const char *key, const char *value);
--- a/src/core/manager.c --- a/src/core/manager.c
+++ b/src/core/manager.c +++ b/src/core/manager.c
@@ -2841,22 +2841,19 @@ @@ -2841,22 +2841,19 @@
m->n_reloading++; m->n_reloading++;
for (;;) { for (;;) {
- char line[LINE_MAX]; - char line[LINE_MAX];
+ _cleanup_free_ char *line = NULL; + _cleanup_free_ char *line = NULL;
const char *val, *l; const char *val, *l;
- if (!fgets(line, sizeof(line), f)) { - if (!fgets(line, sizeof(line), f)) {
- if (feof(f)) - if (feof(f))
- r = 0; - r = 0;
...@@ -168,23 +155,23 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071 ...@@ -168,23 +155,23 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
} }
+ if (r == 0) + if (r == 0)
+ break; + break;
- char_array_0(line); - char_array_0(line);
l = strstrip(line); l = strstrip(line);
- -
- if (l[0] == 0) - if (l[0] == 0)
+ if (isempty(l)) /* end marker */ + if (isempty(l)) /* end marker */
break; break;
if ((val = startswith(l, "current-job-id="))) { if ((val = startswith(l, "current-job-id="))) {
@@ -3004,28 +3001,30 @@ @@ -3004,28 +3001,30 @@
for (;;) { for (;;) {
Unit *u; Unit *u;
- char name[UNIT_NAME_MAX+2]; - char name[UNIT_NAME_MAX+2];
+ _cleanup_free_ char *line = NULL; + _cleanup_free_ char *line = NULL;
const char* unit_name; const char* unit_name;
/* Start marker */ /* Start marker */
- if (!fgets(name, sizeof(name), f)) { - if (!fgets(name, sizeof(name), f)) {
- if (feof(f)) - if (feof(f))
...@@ -199,11 +186,11 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071 ...@@ -199,11 +186,11 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
} }
+ if (r == 0) + if (r == 0)
+ break; + break;
- char_array_0(name); - char_array_0(name);
- unit_name = strstrip(name); - unit_name = strstrip(name);
+ unit_name = strstrip(line); + unit_name = strstrip(line);
r = manager_load_unit(m, unit_name, NULL, NULL, &u); r = manager_load_unit(m, unit_name, NULL, NULL, &u);
if (r < 0) { if (r < 0) {
log_notice_errno(r, "Failed to load unit \"%s\", skipping deserialization: %m", unit_name); log_notice_errno(r, "Failed to load unit \"%s\", skipping deserialization: %m", unit_name);
...@@ -217,14 +204,14 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071 ...@@ -217,14 +204,14 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
+ +
continue; continue;
} }
@@ -3038,9 +3037,6 @@ @@ -3038,9 +3037,6 @@
} }
finish: finish:
- if (ferror(f)) - if (ferror(f))
- r = -EIO; - r = -EIO;
- -
assert(m->n_reloading > 0); assert(m->n_reloading > 0);
m->n_reloading--; m->n_reloading--;
From 5de6cce58b3e8b79239b6e83653459d91af6e57c Mon Sep 17 00:00:00 2001 Description: chown-recursive: let's rework the recursive logic to use O_PATH
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Oct 2018 11:26:59 +0200
Subject: [PATCH] chown-recursive: let's rework the recursive logic to use
O_PATH
That way we can pin a specific inode and analyze it and manipulate it That way we can pin a specific inode and analyze it and manipulate it
without it being swapped out beneath our hands. without it being swapped out beneath our hands.
Fixes a vulnerability originally found by Jann Horn from Google. Fixes a vulnerability originally found by Jann Horn from Google.
CVE-2018-15687 CVE-2018-15687
LP: #1796692
https://bugzilla.redhat.com/show_bug.cgi?id=1639076 Origin: upstream, https://github.com/poettering/systemd/commit/5de6cce58b3e8b79239b6e83653459d91af6e57c
--- Bug-Ubuntu: https://launchpad.net/bugs/1796692
src/core/chown-recursive.c | 146 ++++++++++++++++++-------------------
1 file changed, 70 insertions(+), 76 deletions(-)
--- a/src/core/chown-recursive.c --- a/src/core/chown-recursive.c
+++ b/src/core/chown-recursive.c +++ b/src/core/chown-recursive.c
@@ -18,18 +18,20 @@ @@ -18,18 +18,20 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>. along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/ ***/
-#include <sys/types.h> -#include <sys/types.h>
-#include <sys/stat.h> -#include <sys/stat.h>
#include <fcntl.h> #include <fcntl.h>
+#include <sys/stat.h> +#include <sys/stat.h>
+#include <sys/types.h> +#include <sys/types.h>
-#include "user-util.h" -#include "user-util.h"
-#include "macro.h" -#include "macro.h"
-#include "fd-util.h" -#include "fd-util.h"
...@@ -39,18 +33,18 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076 ...@@ -39,18 +33,18 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
+#include "stdio-util.h" +#include "stdio-util.h"
+#include "strv.h" +#include "strv.h"
+#include "user-util.h" +#include "user-util.h"
-static int chown_one(int fd, const char *name, const struct stat *st, uid_t uid, gid_t gid) { -static int chown_one(int fd, const char *name, const struct stat *st, uid_t uid, gid_t gid) {
- int r; - int r;
+static int chown_one(int fd, const struct stat *st, uid_t uid, gid_t gid) { +static int chown_one(int fd, const struct stat *st, uid_t uid, gid_t gid) {
+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1]; + char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
assert(fd >= 0); assert(fd >= 0);
assert(st); assert(st);
@@ -38,90 +40,82 @@ @@ -38,90 +40,82 @@
(!gid_is_valid(gid) || st->st_gid == gid)) (!gid_is_valid(gid) || st->st_gid == gid))
return 0; return 0;
- if (name) - if (name)
- r = fchownat(fd, name, uid, gid, AT_SYMLINK_NOFOLLOW); - r = fchownat(fd, name, uid, gid, AT_SYMLINK_NOFOLLOW);
- else - else
...@@ -60,7 +54,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076 ...@@ -60,7 +54,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
+ /* We change ownership through the /proc/self/fd/%i path, so that we have a stable reference that works with + /* We change ownership through the /proc/self/fd/%i path, so that we have a stable reference that works with
+ * O_PATH. (Note: fchown() and fchmod() do not work with O_PATH, the kernel refuses that. */ + * O_PATH. (Note: fchown() and fchmod() do not work with O_PATH, the kernel refuses that. */
+ xsprintf(procfs_path, "/proc/self/fd/%i", fd); + xsprintf(procfs_path, "/proc/self/fd/%i", fd);
- /* The linux kernel alters the mode in some cases of chown(). Let's undo this. */ - /* The linux kernel alters the mode in some cases of chown(). Let's undo this. */
- if (name) { - if (name) {
- if (!S_ISLNK(st->st_mode)) - if (!S_ISLNK(st->st_mode))
...@@ -72,7 +66,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076 ...@@ -72,7 +66,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
- if (r < 0) - if (r < 0)
+ if (chown(procfs_path, uid, gid) < 0) + if (chown(procfs_path, uid, gid) < 0)
return -errno; return -errno;
+ /* The linux kernel alters the mode in some cases of chown(). Let's undo this. We do this only for non-symlinks + /* The linux kernel alters the mode in some cases of chown(). Let's undo this. We do this only for non-symlinks
+ * however. That's because for symlinks the access mode is ignored anyway and because on some kernels/file + * however. That's because for symlinks the access mode is ignored anyway and because on some kernels/file
+ * systems trying to change the access mode will succeed but has no effect while on others it actively + * systems trying to change the access mode will succeed but has no effect while on others it actively
...@@ -83,16 +77,16 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076 ...@@ -83,16 +77,16 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
+ +
return 1; return 1;
} }
static int chown_recursive_internal(int fd, const struct stat *st, uid_t uid, gid_t gid) { static int chown_recursive_internal(int fd, const struct stat *st, uid_t uid, gid_t gid) {
+ _cleanup_closedir_ DIR *d = NULL; + _cleanup_closedir_ DIR *d = NULL;
bool changed = false; bool changed = false;
+ struct dirent *de; + struct dirent *de;
int r; int r;
assert(fd >= 0); assert(fd >= 0);
assert(st); assert(st);
- if (S_ISDIR(st->st_mode)) { - if (S_ISDIR(st->st_mode)) {
- _cleanup_closedir_ DIR *d = NULL; - _cleanup_closedir_ DIR *d = NULL;
- struct dirent *de; - struct dirent *de;
...@@ -114,7 +108,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076 ...@@ -114,7 +108,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
+ safe_close(fd); + safe_close(fd);
+ return -errno; + return -errno;
+ } + }
- if (fstatat(dirfd(d), de->d_name, &fst, AT_SYMLINK_NOFOLLOW) < 0) { - if (fstatat(dirfd(d), de->d_name, &fst, AT_SYMLINK_NOFOLLOW) < 0) {
- r = -errno; - r = -errno;
- goto finish;