diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-02-07 14:33:06 +0900 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-02-07 14:39:49 +0900 |
| commit | f3f2d02e9731e65eb15c26980305cd47e028f4fc (patch) | |
| tree | a9658f0e205450dd16279d9881ed301fb3d0ab95 | |
| parent | e955a7f460adadf54da7bfb62f04cbff16ca5941 (diff) | |
| download | systemd-f3f2d02e9731e65eb15c26980305cd47e028f4fc.tar.gz | |
tree-wide: set FORK_RLIMIT_NOFILE_SAFE flag
No functional changes, just refactoring.
| -rw-r--r-- | src/fsck/fsck.c | 5 | ||||
| -rw-r--r-- | src/import/pull-common.c | 5 | ||||
| -rw-r--r-- | src/journal-remote/journal-remote-main.c | 4 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/bus-socket.c | 5 | ||||
| -rw-r--r-- | src/nspawn/nspawn-setuid.c | 5 | ||||
| -rw-r--r-- | src/shared/exec-util.c | 9 | ||||
| -rw-r--r-- | src/udev/udev-event.c | 4 |
7 files changed, 8 insertions, 29 deletions
diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c index 37fdfa540f..e25c5d5efa 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c @@ -27,7 +27,6 @@ #include "path-util.h" #include "proc-cmdline.h" #include "process-util.h" -#include "rlimit-util.h" #include "signal-util.h" #include "socket-util.h" #include "special.h" @@ -346,7 +345,7 @@ static int run(int argc, char *argv[]) { pipe(progress_pipe) < 0) return log_error_errno(errno, "pipe(): %m"); - r = safe_fork("(fsck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); + r = safe_fork("(fsck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid); if (r < 0) return r; if (r == 0) { @@ -395,8 +394,6 @@ static int run(int argc, char *argv[]) { cmdline[i++] = device; cmdline[i++] = NULL; - (void) rlimit_nofile_safe(); - execv(cmdline[0], (char**) cmdline); _exit(FSCK_OPERATIONAL_ERROR); } diff --git a/src/import/pull-common.c b/src/import/pull-common.c index 6980f12a79..c8a3bf370e 100644 --- a/src/import/pull-common.c +++ b/src/import/pull-common.c @@ -16,7 +16,6 @@ #include "process-util.h" #include "pull-common.h" #include "pull-job.h" -#include "rlimit-util.h" #include "rm-rf.h" #include "signal-util.h" #include "siphash24.h" @@ -415,7 +414,7 @@ static int verify_gpg( gpg_home_created = true; - r = safe_fork("(gpg)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); + r = safe_fork("(gpg)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid); if (r < 0) return r; if (r == 0) { @@ -446,8 +445,6 @@ static int verify_gpg( _exit(EXIT_FAILURE); } - (void) rlimit_nofile_safe(); - cmd[k++] = strjoina("--homedir=", gpg_home); /* We add the user keyring only to the command line arguments, if it's around since gpg fails diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c index 29f05891f5..7df264fb53 100644 --- a/src/journal-remote/journal-remote-main.c +++ b/src/journal-remote/journal-remote-main.c @@ -85,7 +85,7 @@ static int spawn_child(const char* child, char** argv) { if (pipe(fd) < 0) return log_error_errno(errno, "Failed to create pager pipe: %m"); - r = safe_fork("(remote)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &child_pid); + r = safe_fork("(remote)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &child_pid); if (r < 0) { safe_close_pair(fd); return r; @@ -101,8 +101,6 @@ static int spawn_child(const char* child, char** argv) { _exit(EXIT_FAILURE); } - (void) rlimit_nofile_safe(); - execvp(child, argv); log_error_errno(errno, "Failed to exec child %s: %m", child); _exit(EXIT_FAILURE); diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c index 253f41c636..64037e4fe0 100644 --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c @@ -22,7 +22,6 @@ #include "memory-util.h" #include "path-util.h" #include "process-util.h" -#include "rlimit-util.h" #include "signal-util.h" #include "stdio-util.h" #include "string-util.h" @@ -995,7 +994,7 @@ int bus_socket_exec(sd_bus *b) { if (r < 0) return -errno; - r = safe_fork_full("(sd-busexec)", s+1, 1, FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS, &b->busexec_pid); + r = safe_fork_full("(sd-busexec)", s+1, 1, FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE, &b->busexec_pid); if (r < 0) { safe_close_pair(s); return r; @@ -1008,8 +1007,6 @@ int bus_socket_exec(sd_bus *b) { if (r < 0) _exit(EXIT_FAILURE); - (void) rlimit_nofile_safe(); - if (b->exec_argv) execvp(b->exec_path, b->exec_argv); else diff --git a/src/nspawn/nspawn-setuid.c b/src/nspawn/nspawn-setuid.c index e396d66441..5772d96b2f 100644 --- a/src/nspawn/nspawn-setuid.c +++ b/src/nspawn/nspawn-setuid.c @@ -12,7 +12,6 @@ #include "mkdir.h" #include "nspawn-setuid.h" #include "process-util.h" -#include "rlimit-util.h" #include "signal-util.h" #include "string-util.h" #include "strv.h" @@ -29,7 +28,7 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) { if (pipe2(pipe_fds, O_CLOEXEC) < 0) return log_error_errno(errno, "Failed to allocate pipe: %m"); - r = safe_fork("(getent)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); + r = safe_fork("(getent)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid); if (r < 0) { safe_close_pair(pipe_fds); return r; @@ -44,8 +43,6 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) { (void) close_all_fds(NULL, 0); - (void) rlimit_nofile_safe(); - execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env); execle("/bin/getent", "getent", database, key, NULL, &empty_env); _exit(EXIT_FAILURE); diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c index f5283f9df4..7ed2cce76b 100644 --- a/src/shared/exec-util.c +++ b/src/shared/exec-util.c @@ -20,7 +20,6 @@ #include "missing_syscall.h" #include "path-util.h" #include "process-util.h" -#include "rlimit-util.h" #include "serialize.h" #include "set.h" #include "signal-util.h" @@ -43,7 +42,7 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b return 0; } - r = safe_fork("(direxec)", FORK_DEATHSIG|FORK_LOG, &_pid); + r = safe_fork("(direxec)", FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &_pid); if (r < 0) return r; if (r == 0) { @@ -55,8 +54,6 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b _exit(EXIT_FAILURE); } - (void) rlimit_nofile_safe(); - if (set_systemd_exec_pid) { r = setenv_systemd_exec_pid(false); if (r < 0) @@ -493,7 +490,7 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret r = safe_fork_full(name, except, n_except, - FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG, + FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_RLIMIT_NOFILE_SAFE, ret_pid); if (r < 0) return r; @@ -537,8 +534,6 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret } } - (void) rlimit_nofile_safe(); - /* Count arguments */ va_start(ap, path); for (n = 0; va_arg(ap, char*); n++) diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c index 6d47a2a49d..ec4ad30824 100644 --- a/src/udev/udev-event.c +++ b/src/udev/udev-event.c @@ -23,7 +23,6 @@ #include "parse-util.h" #include "path-util.h" #include "process-util.h" -#include "rlimit-util.h" #include "signal-util.h" #include "stdio-util.h" #include "string-util.h" @@ -811,7 +810,7 @@ int udev_event_spawn( log_device_debug(event->dev, "Starting '%s'", cmd); - r = safe_fork("(spawn)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); + r = safe_fork("(spawn)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid); if (r < 0) return log_device_error_errno(event->dev, r, "Failed to fork() to execute command '%s': %m", cmd); @@ -820,7 +819,6 @@ int udev_event_spawn( _exit(EXIT_FAILURE); (void) close_all_fds(NULL, 0); - (void) rlimit_nofile_safe(); DEVICE_TRACE_POINT(spawn_exec, event->dev, cmd); |