| From dea374e898a749a0474b72b2015cca9009b1432b Mon Sep 17 00:00:00 2001 |
| From: Lennart Poettering <lennart@poettering.net> |
| Date: Wed, 13 Sep 2017 10:31:40 +0200 |
| Subject: [PATCH] main: skip many initialization steps when running in --test |
| mode |
| |
| Most importantly, don't collect open socket activation fds when in |
| --test mode. This specifically created a problem because we invoke |
| pager_open() beforehand (which these days makes copies of the original |
| stdout/stderr in order to be able to restore them when the pager goes |
| away) and we might mistakenly the fd copies it creates as socket |
| activation fds. |
| |
| Fixes: #6383 |
| |
| Upstream-Status: Backport |
| |
| Signed-off-by: Catalin Enache <catalin.enache@windriver.com> |
| --- |
| src/core/main.c | 108 +++++++++++++++++++++++++++++--------------------------- |
| 1 file changed, 56 insertions(+), 52 deletions(-) |
| |
| diff --git a/src/core/main.c b/src/core/main.c |
| index 11ac9cf..d1a53a5 100644 |
| --- a/src/core/main.c |
| +++ b/src/core/main.c |
| @@ -1679,20 +1679,22 @@ int main(int argc, char *argv[]) { |
| log_close(); |
| |
| /* Remember open file descriptors for later deserialization */ |
| - r = fdset_new_fill(&fds); |
| - if (r < 0) { |
| - log_emergency_errno(r, "Failed to allocate fd set: %m"); |
| - error_message = "Failed to allocate fd set"; |
| - goto finish; |
| - } else |
| - fdset_cloexec(fds, true); |
| + if (arg_action == ACTION_RUN) { |
| + r = fdset_new_fill(&fds); |
| + if (r < 0) { |
| + log_emergency_errno(r, "Failed to allocate fd set: %m"); |
| + error_message = "Failed to allocate fd set"; |
| + goto finish; |
| + } else |
| + fdset_cloexec(fds, true); |
| |
| - if (arg_serialization) |
| - assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0); |
| + if (arg_serialization) |
| + assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0); |
| |
| - if (arg_system) |
| - /* Become a session leader if we aren't one yet. */ |
| - setsid(); |
| + if (arg_system) |
| + /* Become a session leader if we aren't one yet. */ |
| + setsid(); |
| + } |
| |
| /* Move out of the way, so that we won't block unmounts */ |
| assert_se(chdir("/") == 0); |
| @@ -1762,56 +1764,58 @@ int main(int argc, char *argv[]) { |
| arg_action == ACTION_TEST ? " test" : "", getuid(), t); |
| } |
| |
| - if (arg_system && !skip_setup) { |
| - if (arg_show_status > 0) |
| - status_welcome(); |
| + if (arg_action == ACTION_RUN) { |
| + if (arg_system && !skip_setup) { |
| + if (arg_show_status > 0) |
| + status_welcome(); |
| |
| - hostname_setup(); |
| - machine_id_setup(NULL, arg_machine_id, NULL); |
| - loopback_setup(); |
| - bump_unix_max_dgram_qlen(); |
| + hostname_setup(); |
| + machine_id_setup(NULL, arg_machine_id, NULL); |
| + loopback_setup(); |
| + bump_unix_max_dgram_qlen(); |
| |
| - test_usr(); |
| - } |
| + test_usr(); |
| + } |
| |
| - if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY) |
| - watchdog_set_timeout(&arg_runtime_watchdog); |
| + if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY) |
| + watchdog_set_timeout(&arg_runtime_watchdog); |
| |
| - if (arg_timer_slack_nsec != NSEC_INFINITY) |
| - if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0) |
| - log_error_errno(errno, "Failed to adjust timer slack: %m"); |
| + if (arg_timer_slack_nsec != NSEC_INFINITY) |
| + if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0) |
| + log_error_errno(errno, "Failed to adjust timer slack: %m"); |
| |
| - if (arg_system && !cap_test_all(arg_capability_bounding_set)) { |
| - r = capability_bounding_set_drop_usermode(arg_capability_bounding_set); |
| - if (r < 0) { |
| - log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m"); |
| - error_message = "Failed to drop capability bounding set of usermode helpers"; |
| - goto finish; |
| - } |
| - r = capability_bounding_set_drop(arg_capability_bounding_set, true); |
| - if (r < 0) { |
| - log_emergency_errno(r, "Failed to drop capability bounding set: %m"); |
| - error_message = "Failed to drop capability bounding set"; |
| - goto finish; |
| + if (arg_system && !cap_test_all(arg_capability_bounding_set)) { |
| + r = capability_bounding_set_drop_usermode(arg_capability_bounding_set); |
| + if (r < 0) { |
| + log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m"); |
| + error_message = "Failed to drop capability bounding set of usermode helpers"; |
| + goto finish; |
| + } |
| + r = capability_bounding_set_drop(arg_capability_bounding_set, true); |
| + if (r < 0) { |
| + log_emergency_errno(r, "Failed to drop capability bounding set: %m"); |
| + error_message = "Failed to drop capability bounding set"; |
| + goto finish; |
| + } |
| } |
| - } |
| |
| - if (arg_syscall_archs) { |
| - r = enforce_syscall_archs(arg_syscall_archs); |
| - if (r < 0) { |
| - error_message = "Failed to set syscall architectures"; |
| - goto finish; |
| + if (arg_syscall_archs) { |
| + r = enforce_syscall_archs(arg_syscall_archs); |
| + if (r < 0) { |
| + error_message = "Failed to set syscall architectures"; |
| + goto finish; |
| + } |
| } |
| - } |
| |
| - if (!arg_system) |
| - /* Become reaper of our children */ |
| - if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) |
| - log_warning_errno(errno, "Failed to make us a subreaper: %m"); |
| + if (!arg_system) |
| + /* Become reaper of our children */ |
| + if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) |
| + log_warning_errno(errno, "Failed to make us a subreaper: %m"); |
| |
| - if (arg_system) |
| - /* Bump up RLIMIT_NOFILE for systemd itself */ |
| - (void) bump_rlimit_nofile(&saved_rlimit_nofile); |
| + if (arg_system) |
| + /* Bump up RLIMIT_NOFILE for systemd itself */ |
| + (void) bump_rlimit_nofile(&saved_rlimit_nofile); |
| + } |
| |
| r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, arg_action == ACTION_TEST, &m); |
| if (r < 0) { |
| -- |
| 2.10.2 |
| |