b11b5f
From ffe4233155085b479c69abe844a34de212b8e5e1 Mon Sep 17 00:00:00 2001
b11b5f
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
b11b5f
Date: Thu, 16 Jan 2020 14:45:28 +0100
b11b5f
Subject: [PATCH] sysctl: downgrade message when we have no permission
b11b5f
b11b5f
We need to run sysctl also in containers, because the network
b11b5f
subtree is namespaces and may legitimately be writable. But logging
b11b5f
all "errors" at notice level creates unwanted noise.
b11b5f
b11b5f
Also downgrade message about missing sysctls to log_info. This might also be
b11b5f
relatively common when configuration is targeted at different kernel
b11b5f
versions. With log_debug it'll still end up in the logs, but isn't really worth
b11b5f
of "notice" most of the time.
b11b5f
b11b5f
https://bugzilla.redhat.com/show_bug.cgi?id=1609806
b11b5f
(cherry picked from commit 32458cc9687c1b60ff0f22c0e71da93ce78b1534)
b11b5f
b11b5f
Resolves: #2158160
b11b5f
---
b11b5f
 src/sysctl/sysctl.c | 16 +++++++++-------
b11b5f
 1 file changed, 9 insertions(+), 7 deletions(-)
b11b5f
b11b5f
diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
b11b5f
index 4c85d6887f..dc14e1aaf1 100644
b11b5f
--- a/src/sysctl/sysctl.c
b11b5f
+++ b/src/sysctl/sysctl.c
b11b5f
@@ -82,13 +82,15 @@ static int apply_all(OrderedHashmap *sysctl_options) {
b11b5f
                 k = sysctl_write(option->key, option->value);
b11b5f
                 if (k < 0) {
b11b5f
                         /* If the sysctl is not available in the kernel or we are running with reduced
b11b5f
-                         * privileges and cannot write it, then log about the issue at LOG_NOTICE level, and
b11b5f
-                         * proceed without failing. (EROFS is treated as a permission problem here, since
b11b5f
-                         * that's how container managers usually protected their sysctls.) In all other cases
b11b5f
-                         * log an error and make the tool fail. */
b11b5f
-
b11b5f
-                        if (IN_SET(k, -EPERM, -EACCES, -EROFS, -ENOENT) || option->ignore_failure)
b11b5f
-                                log_notice_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key);
b11b5f
+                         * privileges and cannot write it, then log about the issue, and proceed without
b11b5f
+                         * failing. (EROFS is treated as a permission problem here, since that's how
b11b5f
+                         * container managers usually protected their sysctls.) In all other cases log an
b11b5f
+                         * error and make the tool fail. */
b11b5f
+
b11b5f
+                        if (option->ignore_failure || k == -EROFS || ERRNO_IS_PRIVILEGE(k))
b11b5f
+                                log_debug_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key);
b11b5f
+                        else if (k == -ENOENT)
b11b5f
+                                log_info_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key);
b11b5f
                         else {
b11b5f
                                 log_error_errno(k, "Couldn't write '%s' to '%s': %m", option->value, option->key);
b11b5f
                                 if (r == 0)