|
 |
ac3a84 |
From 2f79547e8bbb5434a84c0b07c30fff63b351590c Mon Sep 17 00:00:00 2001
|
|
|
ac3a84 |
From: Luca Boccassi <bluca@debian.org>
|
|
|
ac3a84 |
Date: Thu, 10 Nov 2022 15:47:19 +0000
|
|
|
ac3a84 |
Subject: [PATCH] tmpfiles: log at info level when some allowed failures occur
|
|
|
ac3a84 |
|
|
|
ac3a84 |
In provision.conf we ship:
|
|
|
ac3a84 |
|
|
|
ac3a84 |
d- /root :0700 root :root -
|
|
|
ac3a84 |
d- /root/.ssh :0700 root :root -
|
|
|
ac3a84 |
|
|
|
ac3a84 |
These are allowed to fail, for example on a read-only filesystem. But they still
|
|
|
ac3a84 |
log at error level, which is annoying and gets flagged. Tune those specific errors
|
|
|
ac3a84 |
down to info.
|
|
|
ac3a84 |
|
|
|
ac3a84 |
There are likely more that could be tuned down, but the important thing is to cover
|
|
|
ac3a84 |
the tmpfiles.d that we ship right now.
|
|
|
ac3a84 |
|
|
|
ac3a84 |
Before:
|
|
|
ac3a84 |
|
|
|
ac3a84 |
$ echo -e "d- /root :0700 root :root - \nd- /root/.ssh :0700 root :root -" | SYSTEMD_LOG_LEVEL=err build/systemd-tmpfiles --root=/tmp/img --create -
|
|
|
ac3a84 |
Failed to create directory or subvolume "/tmp/img/root": Read-only file system
|
|
|
ac3a84 |
Failed to open path '/tmp/img/root': No such file or directory
|
|
|
ac3a84 |
$
|
|
|
ac3a84 |
|
|
|
ac3a84 |
After:
|
|
|
ac3a84 |
|
|
|
ac3a84 |
$ echo -e "d- /root :0700 root :root - \nd- /root/.ssh :0700 root :root -" | SYSTEMD_LOG_LEVEL=err build/systemd-tmpfiles --root=/tmp/img --create -
|
|
|
ac3a84 |
$
|
|
|
ac3a84 |
|
|
|
ac3a84 |
(cherry picked from commit 244c2a8344c01e94cd9bdf835de998b89bc53179)
|
|
|
ac3a84 |
|
|
|
ac3a84 |
Related: #2138081
|
|
|
ac3a84 |
---
|
|
|
ac3a84 |
src/tmpfiles/tmpfiles.c | 49 +++++++++++++++++++++++++++--------------
|
|
|
ac3a84 |
1 file changed, 33 insertions(+), 16 deletions(-)
|
|
|
ac3a84 |
|
|
|
ac3a84 |
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
|
|
|
ac3a84 |
index 784b895577..18bb75715b 100644
|
|
|
ac3a84 |
--- a/src/tmpfiles/tmpfiles.c
|
|
|
ac3a84 |
+++ b/src/tmpfiles/tmpfiles.c
|
|
|
ac3a84 |
@@ -961,22 +961,34 @@ shortcut:
|
|
|
ac3a84 |
return label_fix_full(fd, /* inode_path= */ NULL, /* label_path= */ path, 0);
|
|
|
ac3a84 |
}
|
|
|
ac3a84 |
|
|
|
ac3a84 |
-static int path_open_parent_safe(const char *path) {
|
|
|
ac3a84 |
+static int path_open_parent_safe(const char *path, bool allow_failure) {
|
|
|
ac3a84 |
_cleanup_free_ char *dn = NULL;
|
|
|
ac3a84 |
int r, fd;
|
|
|
ac3a84 |
|
|
|
ac3a84 |
if (!path_is_normalized(path))
|
|
|
ac3a84 |
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to open parent of '%s': path not normalized.", path);
|
|
|
ac3a84 |
+ return log_full_errno(allow_failure ? LOG_INFO : LOG_ERR,
|
|
|
ac3a84 |
+ SYNTHETIC_ERRNO(EINVAL),
|
|
|
ac3a84 |
+ "Failed to open parent of '%s': path not normalized%s.",
|
|
|
ac3a84 |
+ path,
|
|
|
ac3a84 |
+ allow_failure ? ", ignoring" : "");
|
|
|
ac3a84 |
|
|
|
ac3a84 |
r = path_extract_directory(path, &dn;;
|
|
|
ac3a84 |
if (r < 0)
|
|
|
ac3a84 |
- return log_error_errno(r, "Unable to determine parent directory of '%s': %m", path);
|
|
|
ac3a84 |
+ return log_full_errno(allow_failure ? LOG_INFO : LOG_ERR,
|
|
|
ac3a84 |
+ r,
|
|
|
ac3a84 |
+ "Unable to determine parent directory of '%s'%s: %m",
|
|
|
ac3a84 |
+ path,
|
|
|
ac3a84 |
+ allow_failure ? ", ignoring" : "");
|
|
|
ac3a84 |
|
|
|
ac3a84 |
- r = chase_symlinks(dn, arg_root, CHASE_SAFE|CHASE_WARN, NULL, &fd;;
|
|
|
ac3a84 |
+ r = chase_symlinks(dn, arg_root, allow_failure ? CHASE_SAFE : CHASE_SAFE|CHASE_WARN, NULL, &fd;;
|
|
|
ac3a84 |
if (r == -ENOLINK) /* Unsafe symlink: already covered by CHASE_WARN */
|
|
|
ac3a84 |
return r;
|
|
|
ac3a84 |
if (r < 0)
|
|
|
ac3a84 |
- return log_error_errno(r, "Failed to open path '%s': %m", dn);
|
|
|
ac3a84 |
+ return log_full_errno(allow_failure ? LOG_INFO : LOG_ERR,
|
|
|
ac3a84 |
+ r,
|
|
|
ac3a84 |
+ "Failed to open path '%s'%s: %m",
|
|
|
ac3a84 |
+ dn,
|
|
|
ac3a84 |
+ allow_failure ? ", ignoring" : "");
|
|
|
ac3a84 |
|
|
|
ac3a84 |
return fd;
|
|
|
ac3a84 |
}
|
|
|
ac3a84 |
@@ -1431,7 +1443,7 @@ static int write_one_file(Item *i, const char *path, CreationMode creation) {
|
|
|
ac3a84 |
|
|
|
ac3a84 |
/* Validate the path and keep the fd on the directory for opening the file so we're sure that it
|
|
|
ac3a84 |
* can't be changed behind our back. */
|
|
|
ac3a84 |
- dir_fd = path_open_parent_safe(path);
|
|
|
ac3a84 |
+ dir_fd = path_open_parent_safe(path, i->allow_failure);
|
|
|
ac3a84 |
if (dir_fd < 0)
|
|
|
ac3a84 |
return dir_fd;
|
|
|
ac3a84 |
|
|
|
ac3a84 |
@@ -1481,7 +1493,7 @@ static int create_file(Item *i, const char *path) {
|
|
|
ac3a84 |
|
|
|
ac3a84 |
/* Validate the path and keep the fd on the directory for opening the file so we're sure that it
|
|
|
ac3a84 |
* can't be changed behind our back. */
|
|
|
ac3a84 |
- dir_fd = path_open_parent_safe(path);
|
|
|
ac3a84 |
+ dir_fd = path_open_parent_safe(path, i->allow_failure);
|
|
|
ac3a84 |
if (dir_fd < 0)
|
|
|
ac3a84 |
return dir_fd;
|
|
|
ac3a84 |
|
|
|
ac3a84 |
@@ -1549,7 +1561,7 @@ static int truncate_file(Item *i, const char *path) {
|
|
|
ac3a84 |
|
|
|
ac3a84 |
/* Validate the path and keep the fd on the directory for opening the file so we're sure that it
|
|
|
ac3a84 |
* can't be changed behind our back. */
|
|
|
ac3a84 |
- dir_fd = path_open_parent_safe(path);
|
|
|
ac3a84 |
+ dir_fd = path_open_parent_safe(path, i->allow_failure);
|
|
|
ac3a84 |
if (dir_fd < 0)
|
|
|
ac3a84 |
return dir_fd;
|
|
|
ac3a84 |
|
|
|
ac3a84 |
@@ -1628,7 +1640,7 @@ static int copy_files(Item *i) {
|
|
|
ac3a84 |
|
|
|
ac3a84 |
/* Validate the path and use the returned directory fd for copying the target so we're sure that the
|
|
|
ac3a84 |
* path can't be changed behind our back. */
|
|
|
ac3a84 |
- dfd = path_open_parent_safe(i->path);
|
|
|
ac3a84 |
+ dfd = path_open_parent_safe(i->path, i->allow_failure);
|
|
|
ac3a84 |
if (dfd < 0)
|
|
|
ac3a84 |
return dfd;
|
|
|
ac3a84 |
|
|
|
ac3a84 |
@@ -1664,6 +1676,7 @@ static int create_directory_or_subvolume(
|
|
|
ac3a84 |
const char *path,
|
|
|
ac3a84 |
mode_t mode,
|
|
|
ac3a84 |
bool subvol,
|
|
|
ac3a84 |
+ bool allow_failure,
|
|
|
ac3a84 |
struct stat *ret_st,
|
|
|
ac3a84 |
CreationMode *ret_creation) {
|
|
|
ac3a84 |
|
|
|
ac3a84 |
@@ -1679,7 +1692,7 @@ static int create_directory_or_subvolume(
|
|
|
ac3a84 |
if (r < 0)
|
|
|
ac3a84 |
return log_error_errno(r, "Failed to extract filename from path '%s': %m", path);
|
|
|
ac3a84 |
|
|
|
ac3a84 |
- pfd = path_open_parent_safe(path);
|
|
|
ac3a84 |
+ pfd = path_open_parent_safe(path, allow_failure);
|
|
|
ac3a84 |
if (pfd < 0)
|
|
|
ac3a84 |
return pfd;
|
|
|
ac3a84 |
|
|
|
ac3a84 |
@@ -1720,7 +1733,11 @@ static int create_directory_or_subvolume(
|
|
|
ac3a84 |
|
|
|
ac3a84 |
/* Then look at the original error */
|
|
|
ac3a84 |
if (r < 0)
|
|
|
ac3a84 |
- return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", path);
|
|
|
ac3a84 |
+ return log_full_errno(allow_failure ? LOG_INFO : LOG_ERR,
|
|
|
ac3a84 |
+ r,
|
|
|
ac3a84 |
+ "Failed to create directory or subvolume \"%s\"%s: %m",
|
|
|
ac3a84 |
+ path,
|
|
|
ac3a84 |
+ allow_failure ? ", ignoring" : "");
|
|
|
ac3a84 |
|
|
|
ac3a84 |
return log_error_errno(errno, "Failed to open directory/subvolume we just created '%s': %m", path);
|
|
|
ac3a84 |
}
|
|
|
ac3a84 |
@@ -1748,7 +1765,7 @@ static int create_directory(Item *i, const char *path) {
|
|
|
ac3a84 |
assert(i);
|
|
|
ac3a84 |
assert(IN_SET(i->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY));
|
|
|
ac3a84 |
|
|
|
ac3a84 |
- fd = create_directory_or_subvolume(path, i->mode, /* subvol= */ false, &st, &creation);
|
|
|
ac3a84 |
+ fd = create_directory_or_subvolume(path, i->mode, /* subvol= */ false, i->allow_failure, &st, &creation);
|
|
|
ac3a84 |
if (fd == -EEXIST)
|
|
|
ac3a84 |
return 0;
|
|
|
ac3a84 |
if (fd < 0)
|
|
|
ac3a84 |
@@ -1766,7 +1783,7 @@ static int create_subvolume(Item *i, const char *path) {
|
|
|
ac3a84 |
assert(i);
|
|
|
ac3a84 |
assert(IN_SET(i->type, CREATE_SUBVOLUME, CREATE_SUBVOLUME_NEW_QUOTA, CREATE_SUBVOLUME_INHERIT_QUOTA));
|
|
|
ac3a84 |
|
|
|
ac3a84 |
- fd = create_directory_or_subvolume(path, i->mode, /* subvol = */ true, &st, &creation);
|
|
|
ac3a84 |
+ fd = create_directory_or_subvolume(path, i->mode, /* subvol = */ true, i->allow_failure, &st, &creation);
|
|
|
ac3a84 |
if (fd == -EEXIST)
|
|
|
ac3a84 |
return 0;
|
|
|
ac3a84 |
if (fd < 0)
|
|
|
ac3a84 |
@@ -1845,7 +1862,7 @@ static int create_device(Item *i, mode_t file_type) {
|
|
|
ac3a84 |
|
|
|
ac3a84 |
/* Validate the path and use the returned directory fd for copying the target so we're sure that the
|
|
|
ac3a84 |
* path can't be changed behind our back. */
|
|
|
ac3a84 |
- dfd = path_open_parent_safe(i->path);
|
|
|
ac3a84 |
+ dfd = path_open_parent_safe(i->path, i->allow_failure);
|
|
|
ac3a84 |
if (dfd < 0)
|
|
|
ac3a84 |
return dfd;
|
|
|
ac3a84 |
|
|
|
ac3a84 |
@@ -1947,7 +1964,7 @@ static int create_fifo(Item *i) {
|
|
|
ac3a84 |
if (r == O_DIRECTORY)
|
|
|
ac3a84 |
return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "Cannot open path '%s' for creating FIFO, is a directory.", i->path);
|
|
|
ac3a84 |
|
|
|
ac3a84 |
- pfd = path_open_parent_safe(i->path);
|
|
|
ac3a84 |
+ pfd = path_open_parent_safe(i->path, i->allow_failure);
|
|
|
ac3a84 |
if (pfd < 0)
|
|
|
ac3a84 |
return pfd;
|
|
|
ac3a84 |
|
|
|
ac3a84 |
@@ -2032,7 +2049,7 @@ static int create_symlink(Item *i) {
|
|
|
ac3a84 |
if (r == O_DIRECTORY)
|
|
|
ac3a84 |
return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "Cannot open path '%s' for creating FIFO, is a directory.", i->path);
|
|
|
ac3a84 |
|
|
|
ac3a84 |
- pfd = path_open_parent_safe(i->path);
|
|
|
ac3a84 |
+ pfd = path_open_parent_safe(i->path, i->allow_failure);
|
|
|
ac3a84 |
if (pfd < 0)
|
|
|
ac3a84 |
return pfd;
|
|
|
ac3a84 |
|