Add EINVAL to the list of ignored errnos, since acl_from_text() returns
EINVAL if it can't translate the given string.
~# cat /tmp/tmpfiles-test.conf
a+ /tmp/foo - - - - default:group:foo:rwx
~# build/systemd-tmpfiles /tmp/tmpfiles-test.conf --create --graceful
Failed to parse ACL "default:group:foo:rwx", ignoring: Invalid argument
Resolves: #29742
This is like --cat-config, but omits the comments and empty lines.
The name is incoungrous with --cat-config, but I don't see a nice way to
call it that wouldn't be annoyingly long.
pager_open() is moved to cat_config() to remove some lines from run().
"static inline" makes sense in .h files. But in .c files it's useless
decoration, the compiler should just make its own decisions there, and
it can do that.
hence, replace all remaining uses of "static line" by a simple" static"
in all .c files (but keep them in .h files, where they make sense)
The subvolumes set is a set of source inodes similar to how the
denylist hashmap contains source inodes as keys. It indicates
directories in the source tree that should become subvolumes in
the target tree.
Given that ERRNO_IS_NOT_SUPPORTED() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the arguments passed to ERRNO_IS_NOT_SUPPORTED() are the
values returned by btrfs_subvol_make_fd() which is not expected to
return any positive values, but let's be consistent anyway and move
ERRNO_IS_NOT_SUPPORTED() invocations to the branches where
the return values are known to be negative.
By default, label_ops is initialized with a NULL pointer which translates
to noop labelling operations. In mac_selinux_init() and the new mac_smack_init(),
we initialize label_ops with a MAC specific LabelOps pointer.
We also introduce mac_init() to initialize any configured MACs and replace all
usages of mac_selinux_init() with mac_init().
Let's use the same common directory as the unit logic uses.
This means we have less to clean up, and opens the door to eventually
allow unprivileged operation of the
mount_image_privately_interactively() logic.
According to setfacl(1), "the character X stands for
the execute permission if the file is a directory
or already has execute permission for some user."
After this commit, parse_acl() would return 3 acl
objects. The newly-added acl_exec object contains
entries that are subject to conditionalized execute
bit mangling. In tmpfiles, we would iterate the acl_exec
object, check the permission of the target files,
and remove the execute bit if necessary.
Here's an example entry:
A /tmp/test - - - - u:test:rwX
Closes#25114
Chasing symlinks is a core function that's used in a lot of places
so it deservers a less verbose names so let's rename it to chase()
and chaseat().
We also slightly change the pattern used for the chaseat() helpers
so we get chase_and_openat() and similar.
In various tools and services we have a per-system and per-user concept.
So far we sometimes used a boolean indicating whether we are in system
mode, or a reversed boolean indicating whether we are in user mode, or
the LookupScope enum used by the lookup path logic.
Let's address that, in introduce a common enum for this, we can use all
across the board.
This is mostly just search/replace, no actual code changes.
Although this slightly more verbose it makes it much easier to reason
about. The code that produces the tests heavily benefits from this.
Test lists are also now sorted by test name.
Starting with commit 2f3b873a49, when the path contains a specifier
and the argument is omitted, tmpfiles used to perform specifier
expansions twice: first specifier expansion was applied to the path
itself, and afterwards the result of the first expansion was used
in the constructed argument and expanded once again.
Resolves: #26244
Fixes: 2f3b873a49 ("tmpfiles: copy/link /usr/share/factory/ files when the source argument is omitted")
Make sure the argument of "C" type undergoes specifier expansion
before it's checked for validity. In particular, starting with
commit ce610af143, the check for path existence used to fail
in case of presence of any specifier in the argument.
Also, starting with commit 2f3b873a49, when the path contains
a specifier and the argument is omitted, tmpfiles used to perform
specifier expansions twice: first specifier expansion was applied
to the path itself, and afterwards the result of the first expansion
was used in the constructed argument and expanded once again.
Finally, starting with commit 849958d1ba, when the argument begins
with %h specifier, tmpfiles used to complain that the source path
is not absolute.
Resolves: #25381
Fixes: ce610af143 ('tmpfiles: in C lines, make missing source graceful error')
Fixes: 2f3b873a49 ('tmpfiles: copy/link /usr/share/factory/ files when the source argument is omitted')
Fixes: 849958d1ba ('tmpfiles: add new "C" line for copying files or directories')
When built with ACL support, we might be processing a tmpfiles
entry where there's no cause for us to call parse_acls_from_arg,
then we get to the end of parse_line without having ever populated
i.{acl_access, acl_default}.
Then we pass a null pointer into acl_free().
From UBSAN w/ GCC 13.0.0_pre20230101:
```
$ systemd-tmpfiles --clean
/var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer
#0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44
#1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855
#2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158
#3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897
#4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985
#5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157
#6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218
#7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289)
#8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344)
#9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900)
```
-1 was used everywhere, but -EBADF or -EBADFD started being used in various
places. Let's make things consistent in the new style.
Note that there are two candidates:
EBADF 9 Bad file descriptor
EBADFD 77 File descriptor in bad state
Since we're initializating the fd, we're just assigning a value that means
"no fd yet", so it's just a bad file descriptor, and the first errno fits
better. If instead we had a valid file descriptor that became invalid because
of some operation or state change, the other errno would fit better.
In some places, initialization is dropped if unnecessary.
