Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame^] | 1 | From dea374e898a749a0474b72b2015cca9009b1432b Mon Sep 17 00:00:00 2001 |
| 2 | From: Lennart Poettering <lennart@poettering.net> |
| 3 | Date: Wed, 13 Sep 2017 10:31:40 +0200 |
| 4 | Subject: [PATCH] main: skip many initialization steps when running in --test |
| 5 | mode |
| 6 | |
| 7 | Most importantly, don't collect open socket activation fds when in |
| 8 | --test mode. This specifically created a problem because we invoke |
| 9 | pager_open() beforehand (which these days makes copies of the original |
| 10 | stdout/stderr in order to be able to restore them when the pager goes |
| 11 | away) and we might mistakenly the fd copies it creates as socket |
| 12 | activation fds. |
| 13 | |
| 14 | Fixes: #6383 |
| 15 | |
| 16 | Upstream-Status: Backport |
| 17 | |
| 18 | Signed-off-by: Catalin Enache <catalin.enache@windriver.com> |
| 19 | --- |
| 20 | src/core/main.c | 108 +++++++++++++++++++++++++++++--------------------------- |
| 21 | 1 file changed, 56 insertions(+), 52 deletions(-) |
| 22 | |
| 23 | diff --git a/src/core/main.c b/src/core/main.c |
| 24 | index 11ac9cf..d1a53a5 100644 |
| 25 | --- a/src/core/main.c |
| 26 | +++ b/src/core/main.c |
| 27 | @@ -1679,20 +1679,22 @@ int main(int argc, char *argv[]) { |
| 28 | log_close(); |
| 29 | |
| 30 | /* Remember open file descriptors for later deserialization */ |
| 31 | - r = fdset_new_fill(&fds); |
| 32 | - if (r < 0) { |
| 33 | - log_emergency_errno(r, "Failed to allocate fd set: %m"); |
| 34 | - error_message = "Failed to allocate fd set"; |
| 35 | - goto finish; |
| 36 | - } else |
| 37 | - fdset_cloexec(fds, true); |
| 38 | + if (arg_action == ACTION_RUN) { |
| 39 | + r = fdset_new_fill(&fds); |
| 40 | + if (r < 0) { |
| 41 | + log_emergency_errno(r, "Failed to allocate fd set: %m"); |
| 42 | + error_message = "Failed to allocate fd set"; |
| 43 | + goto finish; |
| 44 | + } else |
| 45 | + fdset_cloexec(fds, true); |
| 46 | |
| 47 | - if (arg_serialization) |
| 48 | - assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0); |
| 49 | + if (arg_serialization) |
| 50 | + assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0); |
| 51 | |
| 52 | - if (arg_system) |
| 53 | - /* Become a session leader if we aren't one yet. */ |
| 54 | - setsid(); |
| 55 | + if (arg_system) |
| 56 | + /* Become a session leader if we aren't one yet. */ |
| 57 | + setsid(); |
| 58 | + } |
| 59 | |
| 60 | /* Move out of the way, so that we won't block unmounts */ |
| 61 | assert_se(chdir("/") == 0); |
| 62 | @@ -1762,56 +1764,58 @@ int main(int argc, char *argv[]) { |
| 63 | arg_action == ACTION_TEST ? " test" : "", getuid(), t); |
| 64 | } |
| 65 | |
| 66 | - if (arg_system && !skip_setup) { |
| 67 | - if (arg_show_status > 0) |
| 68 | - status_welcome(); |
| 69 | + if (arg_action == ACTION_RUN) { |
| 70 | + if (arg_system && !skip_setup) { |
| 71 | + if (arg_show_status > 0) |
| 72 | + status_welcome(); |
| 73 | |
| 74 | - hostname_setup(); |
| 75 | - machine_id_setup(NULL, arg_machine_id, NULL); |
| 76 | - loopback_setup(); |
| 77 | - bump_unix_max_dgram_qlen(); |
| 78 | + hostname_setup(); |
| 79 | + machine_id_setup(NULL, arg_machine_id, NULL); |
| 80 | + loopback_setup(); |
| 81 | + bump_unix_max_dgram_qlen(); |
| 82 | |
| 83 | - test_usr(); |
| 84 | - } |
| 85 | + test_usr(); |
| 86 | + } |
| 87 | |
| 88 | - if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY) |
| 89 | - watchdog_set_timeout(&arg_runtime_watchdog); |
| 90 | + if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY) |
| 91 | + watchdog_set_timeout(&arg_runtime_watchdog); |
| 92 | |
| 93 | - if (arg_timer_slack_nsec != NSEC_INFINITY) |
| 94 | - if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0) |
| 95 | - log_error_errno(errno, "Failed to adjust timer slack: %m"); |
| 96 | + if (arg_timer_slack_nsec != NSEC_INFINITY) |
| 97 | + if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0) |
| 98 | + log_error_errno(errno, "Failed to adjust timer slack: %m"); |
| 99 | |
| 100 | - if (arg_system && !cap_test_all(arg_capability_bounding_set)) { |
| 101 | - r = capability_bounding_set_drop_usermode(arg_capability_bounding_set); |
| 102 | - if (r < 0) { |
| 103 | - log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m"); |
| 104 | - error_message = "Failed to drop capability bounding set of usermode helpers"; |
| 105 | - goto finish; |
| 106 | - } |
| 107 | - r = capability_bounding_set_drop(arg_capability_bounding_set, true); |
| 108 | - if (r < 0) { |
| 109 | - log_emergency_errno(r, "Failed to drop capability bounding set: %m"); |
| 110 | - error_message = "Failed to drop capability bounding set"; |
| 111 | - goto finish; |
| 112 | + if (arg_system && !cap_test_all(arg_capability_bounding_set)) { |
| 113 | + r = capability_bounding_set_drop_usermode(arg_capability_bounding_set); |
| 114 | + if (r < 0) { |
| 115 | + log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m"); |
| 116 | + error_message = "Failed to drop capability bounding set of usermode helpers"; |
| 117 | + goto finish; |
| 118 | + } |
| 119 | + r = capability_bounding_set_drop(arg_capability_bounding_set, true); |
| 120 | + if (r < 0) { |
| 121 | + log_emergency_errno(r, "Failed to drop capability bounding set: %m"); |
| 122 | + error_message = "Failed to drop capability bounding set"; |
| 123 | + goto finish; |
| 124 | + } |
| 125 | } |
| 126 | - } |
| 127 | |
| 128 | - if (arg_syscall_archs) { |
| 129 | - r = enforce_syscall_archs(arg_syscall_archs); |
| 130 | - if (r < 0) { |
| 131 | - error_message = "Failed to set syscall architectures"; |
| 132 | - goto finish; |
| 133 | + if (arg_syscall_archs) { |
| 134 | + r = enforce_syscall_archs(arg_syscall_archs); |
| 135 | + if (r < 0) { |
| 136 | + error_message = "Failed to set syscall architectures"; |
| 137 | + goto finish; |
| 138 | + } |
| 139 | } |
| 140 | - } |
| 141 | |
| 142 | - if (!arg_system) |
| 143 | - /* Become reaper of our children */ |
| 144 | - if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) |
| 145 | - log_warning_errno(errno, "Failed to make us a subreaper: %m"); |
| 146 | + if (!arg_system) |
| 147 | + /* Become reaper of our children */ |
| 148 | + if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) |
| 149 | + log_warning_errno(errno, "Failed to make us a subreaper: %m"); |
| 150 | |
| 151 | - if (arg_system) |
| 152 | - /* Bump up RLIMIT_NOFILE for systemd itself */ |
| 153 | - (void) bump_rlimit_nofile(&saved_rlimit_nofile); |
| 154 | + if (arg_system) |
| 155 | + /* Bump up RLIMIT_NOFILE for systemd itself */ |
| 156 | + (void) bump_rlimit_nofile(&saved_rlimit_nofile); |
| 157 | + } |
| 158 | |
| 159 | r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, arg_action == ACTION_TEST, &m); |
| 160 | if (r < 0) { |
| 161 | -- |
| 162 | 2.10.2 |
| 163 | |