diff options
| author | Lennart Poettering <lennart@poettering.net> | 2018-06-14 10:22:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-06-14 10:22:11 +0200 |
| commit | c7e6744fa8a1f7fe6254c8731f164799e82154fc (patch) | |
| tree | 8470326c74e7a7b96acc715a93d5c0aabe737c7a | |
| parent | locale-util: on overlayfs FTW_MOUNT causes nftw(3) to not list *any* files (diff) | |
| parent | timesync: ignore any errors related to timestamp file (diff) | |
| download | systemd-c7e6744fa8a1f7fe6254c8731f164799e82154fc.tar.xz systemd-c7e6744fa8a1f7fe6254c8731f164799e82154fc.zip | |
Merge pull request #9297 from yuwata/rfe-9296
timesync: ignore any errors related to timestamp file
| -rw-r--r-- | src/basic/fs-util.c | 16 | ||||
| -rw-r--r-- | src/basic/fs-util.h | 1 | ||||
| -rw-r--r-- | src/sysusers/sysusers.c | 16 | ||||
| -rw-r--r-- | src/timesync/timesyncd.c | 34 |
4 files changed, 42 insertions, 25 deletions
diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c index ab6ccf7c86..c4e2ebf9b8 100644 --- a/src/basic/fs-util.c +++ b/src/basic/fs-util.c @@ -230,6 +230,22 @@ int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) { return 0; } +int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) { + /* Under the assumption that we are running privileged we + * first change the access mode and only then hand out + * ownership to avoid a window where access is too open. */ + + if (mode != MODE_INVALID) + if (fchmod(fd, mode) < 0) + return -errno; + + if (uid != UID_INVALID || gid != GID_INVALID) + if (fchown(fd, uid, gid) < 0) + return -errno; + + return 0; +} + int fchmod_umask(int fd, mode_t m) { mode_t u; int r; diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h index 4d0ed641b4..9129d1c88b 100644 --- a/src/basic/fs-util.h +++ b/src/basic/fs-util.h @@ -31,6 +31,7 @@ int readlink_value(const char *p, char **ret); int readlink_and_make_absolute(const char *p, char **r); int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid); +int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid); int fchmod_umask(int fd, mode_t mode); int fchmod_opath(int fd, mode_t m); diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index ccb3fca8f2..bf148913bb 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -212,11 +212,9 @@ static int make_backup(const char *target, const char *x) { backup = strjoina(x, "-"); /* Copy over the access mask */ - if (fchmod(fileno(dst), st.st_mode & 07777) < 0) - log_warning_errno(errno, "Failed to change mode on %s: %m", backup); - - if (fchown(fileno(dst), st.st_uid, st.st_gid)< 0) - log_warning_errno(errno, "Failed to change ownership of %s: %m", backup); + r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid); + if (r < 0) + log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup); ts[0] = st.st_atim; ts[1] = st.st_mtim; @@ -335,13 +333,7 @@ static int sync_rights(FILE *from, FILE *to) { if (fstat(fileno(from), &st) < 0) return -errno; - if (fchmod(fileno(to), st.st_mode & 07777) < 0) - return -errno; - - if (fchown(fileno(to), st.st_uid, st.st_gid) < 0) - return -errno; - - return 0; + return fchmod_and_chown(fileno(to), st.st_mode & 07777, st.st_uid, st.st_gid); } static int rename_and_apply_smack(const char *temp_path, const char *dest_path) { diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c index dbecfb6ce8..9973e2df08 100644 --- a/src/timesync/timesyncd.c +++ b/src/timesync/timesyncd.c @@ -21,6 +21,9 @@ #include "timesyncd-manager.h" #include "user-util.h" +#define STATE_DIR "/var/lib/systemd/timesync" +#define CLOCK_FILE STATE_DIR "/clock" + static int load_clock_timestamp(uid_t uid, gid_t gid) { _cleanup_close_ int fd = -1; usec_t min = TIME_EPOCH * USEC_PER_SEC; @@ -34,7 +37,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) { * systems lacking a battery backed RTC. We also will adjust * the time to at least the build time of systemd. */ - fd = open("/var/lib/systemd/timesync/clock", O_RDWR|O_CLOEXEC, 0644); + fd = open(CLOCK_FILE, O_RDWR|O_CLOEXEC, 0644); if (fd >= 0) { struct stat st; usec_t stamp; @@ -50,24 +53,26 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) { if (geteuid() == 0) { /* Try to fix the access mode, so that we can still touch the file after dropping priviliges */ - r = fchmod(fd, 0644); - if (r < 0) - return log_error_errno(errno, "Failed to change file access mode: %m"); - r = fchown(fd, uid, gid); + r = fchmod_and_chown(fd, 0644, uid, gid); if (r < 0) - return log_error_errno(errno, "Failed to change file owner: %m"); + log_warning_errno(r, "Failed to chmod or chown %s, ignoring: %m", CLOCK_FILE); } } else { - r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, + r = mkdir_safe_label(STATE_DIR, 0755, uid, gid, MKDIR_FOLLOW_SYMLINK | MKDIR_WARN_MODE); - if (r < 0) - return log_error_errno(r, "Failed to create state directory: %m"); + if (r < 0) { + log_debug_errno(r, "Failed to create state directory, ignoring: %m"); + goto settime; + } /* create stamp file with the compiled-in date */ - (void) touch_file("/var/lib/systemd/timesync/clock", false, min, uid, gid, 0644); + r = touch_file(CLOCK_FILE, false, min, uid, gid, 0644); + if (r < 0) + log_debug_errno(r, "Failed to create %s, ignoring: %m", CLOCK_FILE); } +settime: ct = now(CLOCK_REALTIME); if (ct < min) { struct timespec ts; @@ -77,7 +82,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) { format_timestamp(date, sizeof(date), min)); if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, min)) < 0) - log_error_errno(errno, "Failed to restore system clock: %m"); + log_error_errno(errno, "Failed to restore system clock, ignoring: %m"); } return 0; @@ -174,8 +179,11 @@ int main(int argc, char *argv[]) { } /* if we got an authoritative time, store it in the file system */ - if (m->sync) - (void) touch("/var/lib/systemd/timesync/clock"); + if (m->sync) { + r = touch(CLOCK_FILE); + if (r < 0) + log_debug_errno(r, "Failed to touch %s, ignoring: %m", CLOCK_FILE); + } sd_event_get_exit_code(m->event, &r); |