diff options
author | Luca Boccassi <bluca@debian.org> | 2023-02-08 19:36:21 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-08 19:36:21 +0000 |
commit | 777440f11092eef6009476a3aefe3bf835423126 (patch) | |
tree | 6be2cf7d32042844f2382615c7fdd68f6eebeaa8 | |
parent | 667578bb119cd4a9148ce8502fd428079cea874d (diff) | |
parent | 41b7fcc5e8a66709ad5d6c7cdba1375539f7693d (diff) | |
download | systemd-777440f11092eef6009476a3aefe3bf835423126.tar.gz |
Merge pull request #26225 from qdeslandes/fix_delegate_cgroup_logs_filtering
Fix delegate cgroup logs filtering
-rw-r--r-- | src/basic/cgroup-util.c | 22 | ||||
-rw-r--r-- | src/basic/cgroup-util.h | 1 | ||||
-rw-r--r-- | src/journal/journald-client.c | 10 | ||||
-rw-r--r-- | src/test/test-cgroup-util.c | 27 | ||||
-rw-r--r-- | test/testsuite-04.units/delegated-cgroup-filtering.service | 8 | ||||
-rwxr-xr-x | test/units/delegated_cgroup_filtering_payload.sh | 12 | ||||
-rwxr-xr-x | test/units/delegated_cgroup_filtering_payload_child.sh | 11 | ||||
-rwxr-xr-x | test/units/testsuite-04.sh | 11 |
8 files changed, 97 insertions, 5 deletions
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c index a8e4a1bb2d..feda596939 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c @@ -1198,6 +1198,28 @@ int cg_path_get_unit(const char *path, char **ret) { return 0; } +int cg_path_get_unit_path(const char *path, char **ret) { + _cleanup_free_ char *path_copy = NULL; + char *unit_name; + + assert(path); + assert(ret); + + path_copy = strdup(path); + if (!path_copy) + return -ENOMEM; + + unit_name = (char *)skip_slices(path_copy); + unit_name[strcspn(unit_name, "/")] = 0; + + if (!unit_name_is_valid(cg_unescape(unit_name), UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) + return -ENXIO; + + *ret = TAKE_PTR(path_copy); + + return 0; +} + int cg_pid_get_unit(pid_t pid, char **unit) { _cleanup_free_ char *cgroup = NULL; int r; diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h index c9aae5abf6..b69f1683db 100644 --- a/src/basic/cgroup-util.h +++ b/src/basic/cgroup-util.h @@ -261,6 +261,7 @@ int cg_path_get_cgroupid(const char *path, uint64_t *ret); int cg_path_get_session(const char *path, char **session); int cg_path_get_owner_uid(const char *path, uid_t *uid); int cg_path_get_unit(const char *path, char **unit); +int cg_path_get_unit_path(const char *path, char **unit); int cg_path_get_user_unit(const char *path, char **unit); int cg_path_get_machine_name(const char *path, char **machine); int cg_path_get_slice(const char *path, char **slice); diff --git a/src/journal/journald-client.c b/src/journal/journald-client.c index 22090aa93c..5aedf4e5b6 100644 --- a/src/journal/journald-client.c +++ b/src/journal/journald-client.c @@ -46,16 +46,20 @@ static int client_parse_log_filter_nulstr(const char *nulstr, size_t len, Set ** int client_context_read_log_filter_patterns(ClientContext *c, const char *cgroup) { char *deny_list_xattr, *xattr_end; - _cleanup_free_ char *xattr = NULL; + _cleanup_free_ char *xattr = NULL, *unit_cgroup = NULL; _cleanup_set_free_ Set *allow_list = NULL, *deny_list = NULL; int r; assert(c); - r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, cgroup, "user.journald_log_filter_patterns", &xattr); + r = cg_path_get_unit_path(cgroup, &unit_cgroup); + if (r < 0) + return log_debug_errno(r, "Failed to get the unit's cgroup path for %s: %m", cgroup); + + r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, unit_cgroup, "user.journald_log_filter_patterns", &xattr); if (r < 0) { if (!ERRNO_IS_XATTR_ABSENT(r)) - return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", cgroup); + return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", unit_cgroup); client_set_filtering_patterns(c, NULL, NULL); return 0; diff --git a/src/test/test-cgroup-util.c b/src/test/test-cgroup-util.c index 0b286ed8e4..cdf911926c 100644 --- a/src/test/test-cgroup-util.c +++ b/src/test/test-cgroup-util.c @@ -63,6 +63,33 @@ TEST(path_get_unit) { check_p_g_u("/user.slice/user-1000.slice/user@.service/server.service", -ENXIO, NULL); } +static void check_p_g_u_p(const char *path, int code, const char *result) { + _cleanup_free_ char *unit_path = NULL; + int r; + + r = cg_path_get_unit_path(path, &unit_path); + printf("%s: %s → %s %d expected %s %d\n", __func__, path, unit_path, r, strnull(result), code); + assert_se(r == code); + assert_se(streq_ptr(unit_path, result)); +} + +TEST(path_get_unit_path) { + check_p_g_u_p("/system.slice/foobar.service/sdfdsaf", 0, "/system.slice/foobar.service"); + check_p_g_u_p("/system.slice/getty@tty5.service", 0, "/system.slice/getty@tty5.service"); + check_p_g_u_p("/system.slice/getty@tty5.service/aaa/bbb", 0, "/system.slice/getty@tty5.service"); + check_p_g_u_p("/system.slice/getty@tty5.service/", 0, "/system.slice/getty@tty5.service"); + check_p_g_u_p("/system.slice/getty@tty6.service/tty5", 0, "/system.slice/getty@tty6.service"); + check_p_g_u_p("sadfdsafsda", -ENXIO, NULL); + check_p_g_u_p("/system.slice/getty####@tty6.service/xxx", -ENXIO, NULL); + check_p_g_u_p("/system.slice/system-waldo.slice/foobar.service/sdfdsaf", 0, "/system.slice/system-waldo.slice/foobar.service"); + check_p_g_u_p("/system.slice/system-waldo.slice/_cpu.service/sdfdsaf", 0, "/system.slice/system-waldo.slice/_cpu.service"); + check_p_g_u_p("/system.slice/system-waldo.slice/_cpu.service", 0, "/system.slice/system-waldo.slice/_cpu.service"); + check_p_g_u_p("/user.slice/user-1000.slice/user@1000.service/server.service", 0, "/user.slice/user-1000.slice/user@1000.service"); + check_p_g_u_p("/user.slice/user-1000.slice/user@.service/server.service", -ENXIO, NULL); + check_p_g_u_p("/user.slice/_user-1000.slice/user@1000.service/foobar.slice/foobar@pie.service", 0, "/user.slice/_user-1000.slice/user@1000.service"); + check_p_g_u_p("/_session-2.scope/_foobar@pie.service/pa/po", 0, "/_session-2.scope"); +} + static void check_p_g_u_u(const char *path, int code, const char *result) { _cleanup_free_ char *unit = NULL; int r; diff --git a/test/testsuite-04.units/delegated-cgroup-filtering.service b/test/testsuite-04.units/delegated-cgroup-filtering.service new file mode 100644 index 0000000000..2c4201a27b --- /dev/null +++ b/test/testsuite-04.units/delegated-cgroup-filtering.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test service for delegated logs filtering + +[Service] +Type=simple +ExecStart=/usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload.sh +Delegate=yes +SyslogLevel=notice diff --git a/test/units/delegated_cgroup_filtering_payload.sh b/test/units/delegated_cgroup_filtering_payload.sh new file mode 100755 index 0000000000..50d01a5d4a --- /dev/null +++ b/test/units/delegated_cgroup_filtering_payload.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# SPDX-License-Identifier: LGPL-2.1-or-later + +mkdir /sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child +/bin/sh /usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload_child.sh & + +while true +do + echo "parent_process: hello, world!" + echo "parent_process: hello, people!" + sleep .15 +done diff --git a/test/units/delegated_cgroup_filtering_payload_child.sh b/test/units/delegated_cgroup_filtering_payload_child.sh new file mode 100755 index 0000000000..b5635b58e5 --- /dev/null +++ b/test/units/delegated_cgroup_filtering_payload_child.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# SPDX-License-Identifier: LGPL-2.1-or-later + +echo $$ >/sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child/cgroup.procs + +while true +do + echo "child_process: hello, world!" + echo "child_process: hello, people!" + sleep .15 +done diff --git a/test/units/testsuite-04.sh b/test/units/testsuite-04.sh index d10a9afbf7..bab2bdc24e 100755 --- a/test/units/testsuite-04.sh +++ b/test/units/testsuite-04.sh @@ -185,8 +185,8 @@ function add_logs_filtering_override() { LOG_FILTER=${3:-""} mkdir -p /etc/systemd/system/"$UNIT".d/ - echo "[Service]" >/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf - echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf + echo "[Service]" >/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf + echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf systemctl daemon-reload } @@ -256,7 +256,14 @@ if is_xattr_supported; then add_logs_filtering_override "logs-filtering.service" "10-allow-with-escape-char" "\x7emore~" [[ -n $(run_service_and_fetch_logs "logs-filtering.service") ]] + add_logs_filtering_override "delegated-cgroup-filtering.service" "00-allow-all" ".*" + [[ -n $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]] + + add_logs_filtering_override "delegated-cgroup-filtering.service" "01-discard-hello" "~hello" + [[ -z $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]] + rm -rf /etc/systemd/system/logs-filtering.service.d + rm -rf /etc/systemd/system/delegated-cgroup-filtering.service.d fi touch /testok |