From dac3407f02116b94866224e0b5ecd46a5fa1c161 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Thu, 2 Mar 2017 19:11:37 +0100 Subject: [PATCH] Avoid strict DM interface version dependencies (#5519) Compiling against the dm-ioctl.h header as provided by the Linux kernel will embed the DM interface version number. Running an older kernel can result in an error like this on shutdown: Could not detach DM dm-11: ioctl mismatch, kernel(4.34.4), user(4.35.4) Work around this by shipping a local copy of dm-ioctl.h. We need at least the version from 3.13 for DM_DEFERRED_REMOVE [1], so bump the requirements in README accordingly. [1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c140a246dc0bc085b98eddde978060fcec1080c Fixes: #5492 --- Makefile.am | 1 + README | 2 +- src/core/umount.c | 2 +- src/shared/dissect-image.c | 2 +- src/shared/linux-3.13/dm-ioctl.h | 355 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 359 insertions(+), 3 deletions(-) create mode 100644 src/shared/linux-3.13/dm-ioctl.h diff --git a/Makefile.am b/Makefile.am index 2a5610740..65de9f16d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1018,6 +1018,7 @@ libshared_la_SOURCES = \ src/shared/gpt.h \ src/shared/udev-util.h \ src/shared/linux/auto_dev-ioctl.h \ + src/shared/linux-3.13/dm-ioctl.h \ src/shared/initreq.h \ src/shared/dns-domain.c \ src/shared/dns-domain.h \ diff --git a/README b/README index a4a649395..30b5f7187 100644 --- a/README +++ b/README @@ -35,7 +35,7 @@ LICENSE: - except src/udev/* which is (currently still) GPLv2, GPLv2+ REQUIREMENTS: - Linux kernel >= 3.12 + Linux kernel >= 3.13 Linux kernel >= 4.2 for unified cgroup hierarchy support Kernel Config Options: diff --git a/src/core/umount.c b/src/core/umount.c index 2f4b12bdb..454383e7e 100644 --- a/src/core/umount.c +++ b/src/core/umount.c @@ -19,7 +19,6 @@ #include #include -#include #include #include #include @@ -31,6 +30,7 @@ #include "escape.h" #include "fd-util.h" #include "fstab-util.h" +#include "linux-3.13/dm-ioctl.h" #include "list.h" #include "mount-setup.h" #include "path-util.h" diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 39e724c51..1c9d21566 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -20,7 +20,6 @@ #ifdef HAVE_LIBCRYPTSETUP #include #endif -#include #include #include "architecture.h" @@ -32,6 +31,7 @@ #include "fs-util.h" #include "gpt.h" #include "hexdecoct.h" +#include "linux-3.13/dm-ioctl.h" #include "mount-util.h" #include "path-util.h" #include "stat-util.h" diff --git a/src/shared/linux-3.13/dm-ioctl.h b/src/shared/linux-3.13/dm-ioctl.h new file mode 100644 index 000000000..c8a430209 --- /dev/null +++ b/src/shared/linux-3.13/dm-ioctl.h @@ -0,0 +1,355 @@ +/* + * Copyright (C) 2001 - 2003 Sistina Software (UK) Limited. + * Copyright (C) 2004 - 2009 Red Hat, Inc. All rights reserved. + * + * This file is released under the LGPL. + */ + +#ifndef _LINUX_DM_IOCTL_V4_H +#define _LINUX_DM_IOCTL_V4_H + +#include + +#define DM_DIR "mapper" /* Slashes not supported */ +#define DM_CONTROL_NODE "control" +#define DM_MAX_TYPE_NAME 16 +#define DM_NAME_LEN 128 +#define DM_UUID_LEN 129 + +/* + * A traditional ioctl interface for the device mapper. + * + * Each device can have two tables associated with it, an + * 'active' table which is the one currently used by io passing + * through the device, and an 'inactive' one which is a table + * that is being prepared as a replacement for the 'active' one. + * + * DM_VERSION: + * Just get the version information for the ioctl interface. + * + * DM_REMOVE_ALL: + * Remove all dm devices, destroy all tables. Only really used + * for debug. + * + * DM_LIST_DEVICES: + * Get a list of all the dm device names. + * + * DM_DEV_CREATE: + * Create a new device, neither the 'active' or 'inactive' table + * slots will be filled. The device will be in suspended state + * after creation, however any io to the device will get errored + * since it will be out-of-bounds. + * + * DM_DEV_REMOVE: + * Remove a device, destroy any tables. + * + * DM_DEV_RENAME: + * Rename a device or set its uuid if none was previously supplied. + * + * DM_SUSPEND: + * This performs both suspend and resume, depending which flag is + * passed in. + * Suspend: This command will not return until all pending io to + * the device has completed. Further io will be deferred until + * the device is resumed. + * Resume: It is no longer an error to issue this command on an + * unsuspended device. If a table is present in the 'inactive' + * slot, it will be moved to the active slot, then the old table + * from the active slot will be _destroyed_. Finally the device + * is resumed. + * + * DM_DEV_STATUS: + * Retrieves the status for the table in the 'active' slot. + * + * DM_DEV_WAIT: + * Wait for a significant event to occur to the device. This + * could either be caused by an event triggered by one of the + * targets of the table in the 'active' slot, or a table change. + * + * DM_TABLE_LOAD: + * Load a table into the 'inactive' slot for the device. The + * device does _not_ need to be suspended prior to this command. + * + * DM_TABLE_CLEAR: + * Destroy any table in the 'inactive' slot (ie. abort). + * + * DM_TABLE_DEPS: + * Return a set of device dependencies for the 'active' table. + * + * DM_TABLE_STATUS: + * Return the targets status for the 'active' table. + * + * DM_TARGET_MSG: + * Pass a message string to the target at a specific offset of a device. + * + * DM_DEV_SET_GEOMETRY: + * Set the geometry of a device by passing in a string in this format: + * + * "cylinders heads sectors_per_track start_sector" + * + * Beware that CHS geometry is nearly obsolete and only provided + * for compatibility with dm devices that can be booted by a PC + * BIOS. See struct hd_geometry for range limits. Also note that + * the geometry is erased if the device size changes. + */ + +/* + * All ioctl arguments consist of a single chunk of memory, with + * this structure at the start. If a uuid is specified any + * lookup (eg. for a DM_INFO) will be done on that, *not* the + * name. + */ +struct dm_ioctl { + /* + * The version number is made up of three parts: + * major - no backward or forward compatibility, + * minor - only backwards compatible, + * patch - both backwards and forwards compatible. + * + * All clients of the ioctl interface should fill in the + * version number of the interface that they were + * compiled with. + * + * All recognised ioctl commands (ie. those that don't + * return -ENOTTY) fill out this field, even if the + * command failed. + */ + __u32 version[3]; /* in/out */ + __u32 data_size; /* total size of data passed in + * including this struct */ + + __u32 data_start; /* offset to start of data + * relative to start of this struct */ + + __u32 target_count; /* in/out */ + __s32 open_count; /* out */ + __u32 flags; /* in/out */ + + /* + * event_nr holds either the event number (input and output) or the + * udev cookie value (input only). + * The DM_DEV_WAIT ioctl takes an event number as input. + * The DM_SUSPEND, DM_DEV_REMOVE and DM_DEV_RENAME ioctls + * use the field as a cookie to return in the DM_COOKIE + * variable with the uevents they issue. + * For output, the ioctls return the event number, not the cookie. + */ + __u32 event_nr; /* in/out */ + __u32 padding; + + __u64 dev; /* in/out */ + + char name[DM_NAME_LEN]; /* device name */ + char uuid[DM_UUID_LEN]; /* unique identifier for + * the block device */ + char data[7]; /* padding or data */ +}; + +/* + * Used to specify tables. These structures appear after the + * dm_ioctl. + */ +struct dm_target_spec { + __u64 sector_start; + __u64 length; + __s32 status; /* used when reading from kernel only */ + + /* + * Location of the next dm_target_spec. + * - When specifying targets on a DM_TABLE_LOAD command, this value is + * the number of bytes from the start of the "current" dm_target_spec + * to the start of the "next" dm_target_spec. + * - When retrieving targets on a DM_TABLE_STATUS command, this value + * is the number of bytes from the start of the first dm_target_spec + * (that follows the dm_ioctl struct) to the start of the "next" + * dm_target_spec. + */ + __u32 next; + + char target_type[DM_MAX_TYPE_NAME]; + + /* + * Parameter string starts immediately after this object. + * Be careful to add padding after string to ensure correct + * alignment of subsequent dm_target_spec. + */ +}; + +/* + * Used to retrieve the target dependencies. + */ +struct dm_target_deps { + __u32 count; /* Array size */ + __u32 padding; /* unused */ + __u64 dev[0]; /* out */ +}; + +/* + * Used to get a list of all dm devices. + */ +struct dm_name_list { + __u64 dev; + __u32 next; /* offset to the next record from + the _start_ of this */ + char name[0]; +}; + +/* + * Used to retrieve the target versions + */ +struct dm_target_versions { + __u32 next; + __u32 version[3]; + + char name[0]; +}; + +/* + * Used to pass message to a target + */ +struct dm_target_msg { + __u64 sector; /* Device sector */ + + char message[0]; +}; + +/* + * If you change this make sure you make the corresponding change + * to dm-ioctl.c:lookup_ioctl() + */ +enum { + /* Top level cmds */ + DM_VERSION_CMD = 0, + DM_REMOVE_ALL_CMD, + DM_LIST_DEVICES_CMD, + + /* device level cmds */ + DM_DEV_CREATE_CMD, + DM_DEV_REMOVE_CMD, + DM_DEV_RENAME_CMD, + DM_DEV_SUSPEND_CMD, + DM_DEV_STATUS_CMD, + DM_DEV_WAIT_CMD, + + /* Table level cmds */ + DM_TABLE_LOAD_CMD, + DM_TABLE_CLEAR_CMD, + DM_TABLE_DEPS_CMD, + DM_TABLE_STATUS_CMD, + + /* Added later */ + DM_LIST_VERSIONS_CMD, + DM_TARGET_MSG_CMD, + DM_DEV_SET_GEOMETRY_CMD +}; + +#define DM_IOCTL 0xfd + +#define DM_VERSION _IOWR(DM_IOCTL, DM_VERSION_CMD, struct dm_ioctl) +#define DM_REMOVE_ALL _IOWR(DM_IOCTL, DM_REMOVE_ALL_CMD, struct dm_ioctl) +#define DM_LIST_DEVICES _IOWR(DM_IOCTL, DM_LIST_DEVICES_CMD, struct dm_ioctl) + +#define DM_DEV_CREATE _IOWR(DM_IOCTL, DM_DEV_CREATE_CMD, struct dm_ioctl) +#define DM_DEV_REMOVE _IOWR(DM_IOCTL, DM_DEV_REMOVE_CMD, struct dm_ioctl) +#define DM_DEV_RENAME _IOWR(DM_IOCTL, DM_DEV_RENAME_CMD, struct dm_ioctl) +#define DM_DEV_SUSPEND _IOWR(DM_IOCTL, DM_DEV_SUSPEND_CMD, struct dm_ioctl) +#define DM_DEV_STATUS _IOWR(DM_IOCTL, DM_DEV_STATUS_CMD, struct dm_ioctl) +#define DM_DEV_WAIT _IOWR(DM_IOCTL, DM_DEV_WAIT_CMD, struct dm_ioctl) + +#define DM_TABLE_LOAD _IOWR(DM_IOCTL, DM_TABLE_LOAD_CMD, struct dm_ioctl) +#define DM_TABLE_CLEAR _IOWR(DM_IOCTL, DM_TABLE_CLEAR_CMD, struct dm_ioctl) +#define DM_TABLE_DEPS _IOWR(DM_IOCTL, DM_TABLE_DEPS_CMD, struct dm_ioctl) +#define DM_TABLE_STATUS _IOWR(DM_IOCTL, DM_TABLE_STATUS_CMD, struct dm_ioctl) + +#define DM_LIST_VERSIONS _IOWR(DM_IOCTL, DM_LIST_VERSIONS_CMD, struct dm_ioctl) + +#define DM_TARGET_MSG _IOWR(DM_IOCTL, DM_TARGET_MSG_CMD, struct dm_ioctl) +#define DM_DEV_SET_GEOMETRY _IOWR(DM_IOCTL, DM_DEV_SET_GEOMETRY_CMD, struct dm_ioctl) + +#define DM_VERSION_MAJOR 4 +#define DM_VERSION_MINOR 27 +#define DM_VERSION_PATCHLEVEL 0 +#define DM_VERSION_EXTRA "-ioctl (2013-10-30)" + +/* Status bits */ +#define DM_READONLY_FLAG (1 << 0) /* In/Out */ +#define DM_SUSPEND_FLAG (1 << 1) /* In/Out */ +#define DM_PERSISTENT_DEV_FLAG (1 << 3) /* In */ + +/* + * Flag passed into ioctl STATUS command to get table information + * rather than current status. + */ +#define DM_STATUS_TABLE_FLAG (1 << 4) /* In */ + +/* + * Flags that indicate whether a table is present in either of + * the two table slots that a device has. + */ +#define DM_ACTIVE_PRESENT_FLAG (1 << 5) /* Out */ +#define DM_INACTIVE_PRESENT_FLAG (1 << 6) /* Out */ + +/* + * Indicates that the buffer passed in wasn't big enough for the + * results. + */ +#define DM_BUFFER_FULL_FLAG (1 << 8) /* Out */ + +/* + * This flag is now ignored. + */ +#define DM_SKIP_BDGET_FLAG (1 << 9) /* In */ + +/* + * Set this to avoid attempting to freeze any filesystem when suspending. + */ +#define DM_SKIP_LOCKFS_FLAG (1 << 10) /* In */ + +/* + * Set this to suspend without flushing queued ios. + * Also disables flushing uncommitted changes in the thin target before + * generating statistics for DM_TABLE_STATUS and DM_DEV_WAIT. + */ +#define DM_NOFLUSH_FLAG (1 << 11) /* In */ + +/* + * If set, any table information returned will relate to the inactive + * table instead of the live one. Always check DM_INACTIVE_PRESENT_FLAG + * is set before using the data returned. + */ +#define DM_QUERY_INACTIVE_TABLE_FLAG (1 << 12) /* In */ + +/* + * If set, a uevent was generated for which the caller may need to wait. + */ +#define DM_UEVENT_GENERATED_FLAG (1 << 13) /* Out */ + +/* + * If set, rename changes the uuid not the name. Only permitted + * if no uuid was previously supplied: an existing uuid cannot be changed. + */ +#define DM_UUID_FLAG (1 << 14) /* In */ + +/* + * If set, all buffers are wiped after use. Use when sending + * or requesting sensitive data such as an encryption key. + */ +#define DM_SECURE_DATA_FLAG (1 << 15) /* In */ + +/* + * If set, a message generated output data. + */ +#define DM_DATA_OUT_FLAG (1 << 16) /* Out */ + +/* + * If set with DM_DEV_REMOVE or DM_REMOVE_ALL this indicates that if + * the device cannot be removed immediately because it is still in use + * it should instead be scheduled for removal when it gets closed. + * + * On return from DM_DEV_REMOVE, DM_DEV_STATUS or other ioctls, this + * flag indicates that the device is scheduled to be removed when it + * gets closed. + */ +#define DM_DEFERRED_REMOVE (1 << 17) /* In/Out */ + +#endif /* _LINUX_DM_IOCTL_H */ -- 2.12.0 From 29bb43cc46412366fc939c66331a916de07bfac4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 18 Jun 2017 16:07:57 -0400 Subject: [PATCH 1/4] resolved: simplify alloc size calculation The allocation size was calculated in a complicated way, and for values close to the page size we would actually allocate less than requested. Reported by Chris Coulson . CVE-2017-9445 --- src/resolve/resolved-dns-packet.c | 8 +------- src/resolve/resolved-dns-packet.h | 2 -- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 652970284..2034e3c8c 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { assert(ret); - if (mtu <= UDP_PACKET_HEADER_SIZE) - a = DNS_PACKET_SIZE_START; - else - a = mtu - UDP_PACKET_HEADER_SIZE; - - if (a < DNS_PACKET_HEADER_SIZE) - a = DNS_PACKET_HEADER_SIZE; + a = MAX(mtu, DNS_PACKET_HEADER_SIZE); /* round up to next page size */ a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h index 2c92392e4..3abcaf8cf 100644 --- a/src/resolve/resolved-dns-packet.h +++ b/src/resolve/resolved-dns-packet.h @@ -66,8 +66,6 @@ struct DnsPacketHeader { /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 -#define DNS_PACKET_SIZE_START 512 - struct DnsPacket { int n_ref; DnsProtocol protocol; -- 2.13.1 From cd3d8a7ebc01cd6913eaa9a591f7d606038a7588 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 27 Jun 2017 14:20:00 -0400 Subject: [PATCH 2/4] resolved: do not allocate packets with minimum size dns_packet_new() is sometimes called with mtu == 0, and in that case we should allocate more than the absolute minimum (which is the dns packet header size), otherwise we have to resize immediately again after appending the first data to the packet. This partially reverts the previous commit. --- src/resolve/resolved-dns-packet.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 2034e3c8c..9d806ab33 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -28,6 +28,9 @@ #define EDNS0_OPT_DO (1<<15) +#define DNS_PACKET_SIZE_START 512 +assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE) + typedef struct DnsPacketRewinder { DnsPacket *packet; size_t saved_rindex; @@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { assert(ret); - a = MAX(mtu, DNS_PACKET_HEADER_SIZE); + /* When dns_packet_new() is called with mtu == 0, allocate more than the + * absolute minimum (which is the dns packet header size), to avoid + * resizing immediately again after appending the first data to the packet. + */ + if (mtu < UDP_PACKET_HEADER_SIZE) + a = DNS_PACKET_SIZE_START; + else + a = MAX(mtu, DNS_PACKET_HEADER_SIZE); /* round up to next page size */ a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); -- 2.13.1 From a03fc1acd66d23e239f2545e9a6887c7d0aad7c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 27 Jun 2017 16:59:06 -0400 Subject: [PATCH 3/4] resolved: define various packet sizes as unsigned This seems like the right thing to do, and apparently at least some compilers warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX. --- src/resolve/resolved-dns-packet.c | 2 +- src/resolve/resolved-dns-packet.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 9d806ab33..e2285b440 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -28,7 +28,7 @@ #define EDNS0_OPT_DO (1<<15) -#define DNS_PACKET_SIZE_START 512 +#define DNS_PACKET_SIZE_START 512u assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE) typedef struct DnsPacketRewinder { diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h index 3abcaf8cf..5dff272fd 100644 --- a/src/resolve/resolved-dns-packet.h +++ b/src/resolve/resolved-dns-packet.h @@ -58,13 +58,13 @@ struct DnsPacketHeader { /* The various DNS protocols deviate in how large a packet can grow, but the TCP transport has a 16bit size field, hence that appears to be the absolute maximum. */ -#define DNS_PACKET_SIZE_MAX 0xFFFF +#define DNS_PACKET_SIZE_MAX 0xFFFFu /* RFC 1035 say 512 is the maximum, for classic unicast DNS */ -#define DNS_PACKET_UNICAST_SIZE_MAX 512 +#define DNS_PACKET_UNICAST_SIZE_MAX 512u /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ -#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 +#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096u struct DnsPacket { int n_ref; -- 2.13.1 From 3e7d14d78c4d15ec7789299216cbf5c58e61547b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 3 Jun 2017 05:41:17 -0400 Subject: [PATCH] sd-bus: silence format warnings in kdbus code (#6072) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The code is mostly correct, but gcc is trying to outsmart us, and emits a warning for a "llu vs lu" mismatch, even though they are the same size (on alpha): src/libsystemd/sd-bus/bus-control.c: In function ‘kernel_get_list’: src/libsystemd/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=] if (asprintf(&n, ":1.%llu", name->id) < 0) { ^ src/libsystemd/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’: src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=] if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) { ^ This is hard to work around properly, because kdbus.h uses __u64 which is defined-differently-despite-being-the-same-size then uint64_t. Thus the simple solution of using %PRIu64 fails on amd64: src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=] if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) { ^~~~~~ Let's just avoid the whole issue for now by silencing the warning. After the next release, we should just get rid of the kdbus code. Fixes #5561. --- src/libsystemd/sd-bus/bus-control.c | 6 ++++++ src/libsystemd/sd-bus/bus-kernel.c | 2 ++ 2 files changed, 8 insertions(+) diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c index 9e58ffbd8..303ae0f23 100644 --- a/src/libsystemd/sd-bus/bus-control.c +++ b/src/libsystemd/sd-bus/bus-control.c @@ -264,10 +264,13 @@ static int kernel_get_list(sd_bus *bus, uint64_t flags, char ***x) { if ((flags & KDBUS_LIST_UNIQUE) && name->id != previous_id && !(name->flags & KDBUS_HELLO_ACTIVATOR)) { char *n; +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wformat" if (asprintf(&n, ":1.%llu", name->id) < 0) { r = -ENOMEM; goto fail; } +#pragma GCC diagnostic pop r = strv_consume(x, n); if (r < 0) @@ -711,10 +714,13 @@ int bus_get_name_creds_kdbus( } if (mask & SD_BUS_CREDS_UNIQUE_NAME) { +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wformat" if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) { r = -ENOMEM; goto fail; } +#pragma GCC diagnostic pop c->mask |= SD_BUS_CREDS_UNIQUE_NAME; } diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index c82caeb3f..ca6aee7c0 100644 --- a/src/libsystemd/sd-bus/bus-kernel.c +++ b/src/libsystemd/sd-bus/bus-kernel.c @@ -51,6 +51,8 @@ #include "user-util.h" #include "util.h" +#pragma GCC diagnostic ignored "-Wformat" + #define UNIQUE_NAME_MAX (3+DECIMAL_STR_MAX(uint64_t)) int bus_kernel_parse_unique_name(const char *s, uint64_t *id) { -- 2.13.2 218-Dont-enable-audit-by-default.patch\files\systemd\sys-apps - repo/gentoo.git - Official Gentoo ebuild repository (formerly known as gentoo-x86 in CVS)
Get Gentoo!
summaryrefslogtreecommitdiff
path: root/sys-apps/systemd/files/218-Dont-enable-audit-by-default.patch
blob: f44b4be85d50486bfdc1e786d6e917178702705e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Sun, 28 Dec 2014 12:49:35 +0100
Subject: Don't enable audit by default

It causes flooding of dmesg and syslog, suppressing actually important
messages.

Don't enable it for now, until a better solution is found:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html

Bug-Debian: https://bugs.debian.org/773528
---
 src/journal/journald-audit.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
index 69742fa..25ef743 100644
--- a/src/journal/journald-audit.c
+++ b/src/journal/journald-audit.c
@@ -542,10 +542,5 @@ int server_open_audit(Server *s) {
         if (r < 0)
                 return log_error_errno(r, "Failed to add audit fd to event loop: %m");
 
-        /* We are listening now, try to enable audit */
-        r = enable_audit(s->audit_fd, true);
-        if (r < 0)
-                log_warning_errno(r, "Failed to issue audit enable call: %m");
-
         return 0;
 }
 

Questions or comments?

Please feel free to contact us.
© 2001–2016 Gentoo Foundation, Inc.
Gentoo is a trademark of the Gentoo Foundation, Inc. The contents of this document, unless otherwise expressly stated, are licensed under the CC-BY-SA-3.0 license. The Gentoo Name and Logo Usage Guidelines apply.