On Wed, Apr 15, 2015 at 10:47:39AM +0200, Ronny Chevalier wrote: > On Wed, Apr 15, 2015 at 3:51 AM, Zbigniew Jędrzejewski-Szmek > <zbys...@kemper.freedesktop.org> wrote: > > src/core/selinux-access.c | 31 ++++++++++++++++++++----- > > src/libsystemd/sd-device/device-private.h | 2 - > > src/systemctl/systemctl.c | 11 +++++---- > > src/udev/udev-builtin-usb_id.c | 36 > > +++++++++++------------------- > > 4 files changed, 45 insertions(+), 35 deletions(-) > > > > New commits: > > commit 17af49f24812a6dd1b3f0732e33ea5dae9e32b29 > > Author: Zbigniew Jędrzejewski-Szmek <zbys...@in.waw.pl> > > Date: Mon Feb 23 20:06:00 2015 -0500 > > > > selinux: use different log priorites for log messages > > > > When selinux calls our callback with a log message, it specifies the > > type as AVC or INFO/WARNING/ERROR. The question is how to map this to > > audit types and/or log priorities. SELINUX_AVC maps to AUDIT_USER_AVC > > reasonably, but for the other messages we have no idea, hence we use > > AUDIT_USER_AVC for everything. When not using audit logging, we can > > map those selinux levels to LOG_INFO/WARNING/ERROR etc. > > > > Also update comment which was not valid anymore in light of journald > > sucking in audit logs, and was actually wrong from the beginning — > > libselinux uses the callback for everything, not just avcs. > > > > This stemmed out of https://bugzilla.redhat.com/show_bug.cgi?id=1195330, > > but does not solve it. > > > > diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c > > index a8c9a4b..7058b78 100644 > > --- a/src/core/selinux-access.c > > +++ b/src/core/selinux-access.c > > @@ -80,17 +80,33 @@ static int audit_callback( > > return 0; > > } > > > > +static int callback_type_to_priority(int type) { > > + switch(type) { > > + case SELINUX_ERROR: return LOG_ERR; > > + case SELINUX_WARNING: return LOG_WARNING; > > + case SELINUX_INFO: return LOG_INFO; > > + case SELINUX_AVC: > > + default: return LOG_NOTICE; > > + } > > +} > > + > > /* > > - Any time an access gets denied this callback will be called > > - code copied from dbus. If audit is turned on the messages will go as > > - user_avc's into the /var/log/audit/audit.log, otherwise they will be > > - sent to syslog. > > + libselinux uses this callback when access gets denied or other > > + events happen. If audit is turned on, messages will be reported > > + using audit netlink, otherwise they will be logged using the usual > > + channels. > > + > > + Code copied from dbus and modified. > > */ > > _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) { > > va_list ap; > > > > #ifdef HAVE_AUDIT > > - if (get_audit_fd() >= 0) { > > + int fd; > > + > > + fd = get_audit_fd(); > > + > > + if (fd >= 0) { > > _cleanup_free_ char *buf = NULL; > > int r; > > > > @@ -99,14 +115,15 @@ _printf_(2, 3) static int log_callback(int type, const > > char *fmt, ...) { > > va_end(ap); > > > > if (r >= 0) { > > - audit_log_user_avc_message(get_audit_fd(), > > AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0); > > + audit_log_user_avc_message(fd, AUDIT_USER_AVC, > > buf, NULL, NULL, NULL, 0); > > return 0; > > } > > } > > #endif > > > > va_start(ap, fmt); > > - log_internalv(LOG_AUTH | LOG_INFO, 0, __FILE__, __LINE__, > > __FUNCTION__, fmt, ap); > > + log_internalv(LOG_AUTH | callback_type_to_priority(type), > > + 0, __FILE__, __LINE__, __FUNCTION__, fmt, ap); > > va_end(ap); > > > > return 0; > > > > commit 40acc203c043fd419f3c045dc6f116c3a28411d8 > > Author: Zbigniew Jędrzejewski-Szmek <zbys...@in.waw.pl> > > Date: Tue Apr 14 20:47:20 2015 -0500 > > > > systemctl: avoid bumping NOFILE rlimit unless needed > > > > We actually only use the journal when showing status. Move setrlimit > > call > > so it is only called for status. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1184712 > > > > diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c > > index 75d709d..4e702fb 100644 > > --- a/src/systemctl/systemctl.c > > +++ b/src/systemctl/systemctl.c > > @@ -4466,6 +4466,12 @@ static int show(sd_bus *bus, char **args) { > > if (show_properties) > > pager_open_if_enabled(); > > > > + if (show_status) > > + /* Increase max number of open files to 16K if we can, we > > + * might needs this when browsing journal files, which > > might > > + * be split up into many files. */ > > + setrlimit_closest(RLIMIT_NOFILE, > > &RLIMIT_MAKE_CONST(16384)); > > + > > /* If no argument is specified inspect the manager itself */ > > > > if (show_properties && strv_length(args) <= 1) > > @@ -7164,11 +7170,6 @@ found: > > } > > } > > > > - /* Increase max number of open files to 16K if we can, we > > - * might needs this when browsing journal files, which might > > - * be split up into many files. */ > > - setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384)); > > - > > return verb->dispatch(bus, argv + optind); > > } > > > > > > commit 813a71a206f9f8dc7f824299e94404f8bfdafd91 > > Author: Zbigniew Jędrzejewski-Szmek <zbys...@in.waw.pl> > > Date: Tue Apr 14 12:39:40 2015 -0400 > > > > sd-device: fix typo > > > > diff --git a/src/libsystemd/sd-device/device-private.h > > b/src/libsystemd/sd-device/device-private.h > > index 7c6219c..f252481 100644 > > --- a/src/libsystemd/sd-device/device-private.h > > +++ b/src/libsystemd/sd-device/device-private.h > > @@ -37,7 +37,7 @@ void device_set_is_initialized(sd_device *device); > > void device_set_watch_handle(sd_device *device, int fd); > > void device_set_db_persist(sd_device *device); > > void device_set_devlink_priority(sd_device *device, int priority); > > -int device_ensure_usec_initialized(sd_device *devcie, sd_device > > *device_old); > > +int device_ensure_usec_initialized(sd_device *device, sd_device > > *device_old); > > int device_add_devlink(sd_device *device, const char *devlink); > > int device_add_property(sd_device *device, const char *property, const > > char *value); > > int device_add_tag(sd_device *device, const char *tag); > > > > commit 4beac74e69f87c2c8d13c10326a075b9b9ece501 > > Author: Zbigniew Jędrzejewski-Szmek <zbys...@in.waw.pl> > > Date: Mon Apr 6 15:42:18 2015 -0400 > > > > udev-builtin-usb_id: simplification > > > > diff --git a/src/udev/udev-builtin-usb_id.c b/src/udev/udev-builtin-usb_id.c > > index 25ae032..9418a6b 100644 > > --- a/src/udev/udev-builtin-usb_id.c > > +++ b/src/udev/udev-builtin-usb_id.c > > @@ -229,17 +229,17 @@ static int dev_if_packed_info(struct udev_device > > *dev, char *ifs_str, size_t len > > * is concatenated with the identification with an underscore '_'. > > */ > > static int builtin_usb_id(struct udev_device *dev, int argc, char *argv[], > > bool test) { > > - char vendor_str[64]; > > + char vendor_str[64] = ""; > > char vendor_str_enc[256]; > > const char *vendor_id; > > - char model_str[64]; > > + char model_str[64] = ""; > > char model_str_enc[256]; > > const char *product_id; > > - char serial_str[UTIL_NAME_SIZE]; > > - char packed_if_str[UTIL_NAME_SIZE]; > > - char revision_str[64]; > > - char type_str[64]; > > - char instance_str[64]; > > + char serial_str[UTIL_NAME_SIZE] = ""; > > + char packed_if_str[UTIL_NAME_SIZE] = ""; > > + char revision_str[64] = ""; > > + char type_str[64] = ""; > > + char instance_str[64] = ""; > > const char *ifnum = NULL; > > const char *driver = NULL; > > char serial[256]; > > @@ -252,14 +252,6 @@ static int builtin_usb_id(struct udev_device *dev, int > > argc, char *argv[], bool > > size_t l; > > char *s; > > > > - vendor_str[0] = '\0'; > > - model_str[0] = '\0'; > > - serial_str[0] = '\0'; > > - packed_if_str[0] = '\0'; > > - revision_str[0] = '\0'; > > - type_str[0] = '\0'; > > - instance_str[0] = '\0'; > > - > > /* shortcut, if we are called directly for a "usb_device" type */ > > if (udev_device_get_devtype(dev) != NULL && > > streq(udev_device_get_devtype(dev), "usb_device")) { > > dev_if_packed_info(dev, packed_if_str, > > sizeof(packed_if_str)); > > @@ -310,7 +302,7 @@ static int builtin_usb_id(struct udev_device *dev, int > > argc, char *argv[], bool > > dev_if_packed_info(dev_usb, packed_if_str, sizeof(packed_if_str)); > > > > /* mass storage : SCSI or ATAPI */ > > - if ((protocol == 6 || protocol == 2)) { > > + if (protocol == 6 || protocol == 2) { > > struct udev_device *dev_scsi; > > const char *scsi_model, *scsi_vendor, *scsi_type, > > *scsi_rev; > > int host, bus, target, lun; > > @@ -438,10 +430,10 @@ fallback: > > > > s = serial; > > l = strpcpyl(&s, sizeof(serial), vendor_str, "_", model_str, NULL); > > - if (serial_str[0] != '\0') > > + if (isempty(serial_str)) > > You changed the condition, it is: > > if (!isempty(serial_str)) > > And the same for the others below. Yikes. Now I really want to hide under the couch ;)
Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
