rpms/at
5
0
Fork 0
Code Issues Pull Requests Releases Activity
4fe15d5740
at/at-3.1.16-noabort.patch
Tomas Mraz 7ca7f064c8 make atd less abort prone
2014-11-06 16:16:42 +01:00

158 lines
4.9 KiB
Diff
Raw Blame History

diff -up at-3.1.16/atd.c.noabort at-3.1.16/atd.c
--- at-3.1.16/atd.c.noabort 2014-10-02 11:08:26.000000000 +0200
+++ at-3.1.16/atd.c 2014-11-06 16:07:54.851652541 +0100
@@ -221,7 +221,7 @@ static int set_selinux_context(const cha
security_context_t user_context=NULL;
security_context_t file_context=NULL;
struct av_decision avd;
- int retval=-1;
+ int retval=0;
char *seuser=NULL;
char *level=NULL;
@@ -230,12 +230,9 @@ static int set_selinux_context(const cha
free(seuser);
free(level);
if (retval) {
- if (security_getenforce()==1) {
- perr("execle: couldn't get security context for user %s\n", name);
- } else {
- syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
- return -1;
- }
+ lerr("execle: couldn't get security context for user %s\n", name);
+ retval = -1;
+ goto err;
}
}
@@ -246,8 +243,11 @@ static int set_selinux_context(const cha
* the user cron job. It performs an entrypoint
* permission check for this purpose.
*/
- if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
- perr("fgetfilecon FAILED %s", filename);
+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) {
+ lerr("fgetfilecon FAILED %s", filename);
+ retval = -1;
+ goto err;
+ }
retval = security_compute_av(user_context,
file_context,
@@ -256,25 +256,21 @@ static int set_selinux_context(const cha
&avd);
freecon(file_context);
if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
- if (security_getenforce()==1) {
- perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
- } else {
- syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
- retval = -1;
- goto err;
- }
+ lerr("Not allowed to set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ goto err;
}
if (setexeccon(user_context) < 0) {
- if (security_getenforce()==1) {
- perr("Could not set exec context to %s for user %s\n", user_context,name);
- retval = -1;
- } else {
- syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
- }
+ lerr("Could not set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ goto err;
}
err:
- freecon(user_context);
- return 0;
+ if (retval < 0 && security_getenforce() != 1)
+ retval = 0;
+ if (user_context)
+ freecon(user_context);
+ return retval;
}
#endif
@@ -347,9 +343,12 @@ run_file(const char *filename, uid_t uid
*/
pid = fork();
- if (pid == -1)
- perr("Cannot fork");
-
+ if (pid == -1) {
+ lerr("Cannot fork for job execution");
+ free(mailname);
+ free(newname);
+ return;
+ }
else if (pid != 0) {
free(mailname);
free(newname);
@@ -667,15 +666,19 @@ run_loop()
* up.
*/
- if (stat(".", &buf) == -1)
- perr("Cannot stat " ATJOB_DIR);
+ if (stat(".", &buf) == -1) {
+ lerr("Cannot stat " ATJOB_DIR);
+ return next_job;
+ }
if (nothing_to_do && buf.st_mtime <= last_chg)
return next_job;
last_chg = buf.st_mtime;
- if ((spool = opendir(".")) == NULL)
- perr("Cannot read " ATJOB_DIR);
+ if ((spool = opendir(".")) == NULL) {
+ lerr("Cannot read " ATJOB_DIR);
+ return next_job;
+ }
run_batch = 0;
nothing_to_do = 1;
diff -up at-3.1.16/daemon.c.noabort at-3.1.16/daemon.c
--- at-3.1.16/daemon.c.noabort 2014-09-30 08:29:02.000000000 +0200
+++ at-3.1.16/daemon.c 2014-11-06 15:37:22.109277583 +0100
@@ -83,6 +83,22 @@ perr(const char *fmt,...)
}
void
+lerr(const char *fmt,...)
+{
+ char buf[1024];
+ va_list args;
+
+ va_start(args, fmt);
+ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+
+ if (daemon_debug) {
+ perror(buf);
+ } else
+ syslog(LOG_ERR, "%s: %m", buf);
+}
+
+void
pabort(const char *fmt,...)
{
char buf[1024];
diff -up at-3.1.16/daemon.h.noabort at-3.1.16/daemon.h
--- at-3.1.16/daemon.h.noabort 2014-09-30 08:29:02.000000000 +0200
+++ at-3.1.16/daemon.h 2014-11-06 15:36:10.461660104 +0100
@@ -13,5 +13,8 @@ __attribute__((noreturn))
#endif
perr (const char *fmt, ...);
+void
+lerr (const char *fmt, ...);
+
extern int daemon_debug;
extern int daemon_foreground;
Reference in New Issue View Git Blame Copy Permalink