mirror of
https://github.com/systemd/systemd
synced 2024-07-21 10:17:21 +00:00
Merge pull request #28428 from ldv-alt/ERRNO_IS
treewide: cleanup use of ERRNO_IS_*(r)
This commit is contained in:
commit
167338529b
|
@ -43,11 +43,12 @@ static int boot_config_load_and_select(
|
|||
_cleanup_strv_free_ char **efi_entries = NULL;
|
||||
|
||||
r = efi_loader_get_entries(&efi_entries);
|
||||
if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r))
|
||||
log_debug_errno(r, "Boot loader reported no entries.");
|
||||
else if (r < 0)
|
||||
log_warning_errno(r, "Failed to determine entries reported by boot loader, ignoring: %m");
|
||||
else
|
||||
if (r < 0) {
|
||||
if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r))
|
||||
log_debug_errno(r, "Boot loader reported no entries.");
|
||||
else
|
||||
log_warning_errno(r, "Failed to determine entries reported by boot loader, ignoring: %m");
|
||||
} else
|
||||
(void) boot_config_augment_from_loader(config, efi_entries, /* only_auto= */ false);
|
||||
}
|
||||
|
||||
|
|
|
@ -561,12 +561,13 @@ static int manager_varlink_init_user(Manager *m) {
|
|||
return 0;
|
||||
|
||||
r = varlink_connect_address(&link, VARLINK_ADDR_PATH_MANAGED_OOM_USER);
|
||||
if (r == -ENOENT || ERRNO_IS_DISCONNECT(r)) {
|
||||
log_debug("systemd-oomd varlink unix socket not found, skipping user manager varlink setup");
|
||||
return 0;
|
||||
}
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (r == -ENOENT || ERRNO_IS_DISCONNECT(r)) {
|
||||
log_debug("systemd-oomd varlink unix socket not found, skipping user manager varlink setup");
|
||||
return 0;
|
||||
}
|
||||
return log_error_errno(r, "Failed to connect to %s: %m", VARLINK_ADDR_PATH_MANAGED_OOM_USER);
|
||||
}
|
||||
|
||||
varlink_set_userdata(link, m);
|
||||
|
||||
|
|
|
@ -5098,20 +5098,24 @@ static int exec_child(
|
|||
/* When we can't make this change due to EPERM, then let's silently skip over it. User namespaces
|
||||
* prohibit write access to this file, and we shouldn't trip up over that. */
|
||||
r = set_oom_score_adjust(context->oom_score_adjust);
|
||||
if (ERRNO_IS_PRIVILEGE(r))
|
||||
log_unit_debug_errno(unit, r, "Failed to adjust OOM setting, assuming containerized execution, ignoring: %m");
|
||||
else if (r < 0) {
|
||||
*exit_status = EXIT_OOM_ADJUST;
|
||||
return log_unit_error_errno(unit, r, "Failed to adjust OOM setting: %m");
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_PRIVILEGE(r))
|
||||
log_unit_debug_errno(unit, r, "Failed to adjust OOM setting, assuming containerized execution, ignoring: %m");
|
||||
else {
|
||||
*exit_status = EXIT_OOM_ADJUST;
|
||||
return log_unit_error_errno(unit, r, "Failed to adjust OOM setting: %m");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (context->coredump_filter_set) {
|
||||
r = set_coredump_filter(context->coredump_filter);
|
||||
if (ERRNO_IS_PRIVILEGE(r))
|
||||
log_unit_debug_errno(unit, r, "Failed to adjust coredump_filter, ignoring: %m");
|
||||
else if (r < 0)
|
||||
return log_unit_error_errno(unit, r, "Failed to adjust coredump_filter: %m");
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_PRIVILEGE(r))
|
||||
log_unit_debug_errno(unit, r, "Failed to adjust coredump_filter, ignoring: %m");
|
||||
else
|
||||
return log_unit_error_errno(unit, r, "Failed to adjust coredump_filter: %m");
|
||||
}
|
||||
}
|
||||
|
||||
if (context->nice_set) {
|
||||
|
|
|
@ -1386,14 +1386,15 @@ int socket_load_service_unit(Socket *s, int cfd, Unit **ret) {
|
|||
|
||||
if (cfd >= 0) {
|
||||
r = instance_from_socket(cfd, s->n_accepted, &instance);
|
||||
if (ERRNO_IS_DISCONNECT(r))
|
||||
/* ENOTCONN is legitimate if TCP RST was received. Other socket families might return
|
||||
* different errors. This connection is over, but the socket unit lives on. */
|
||||
return log_unit_debug_errno(UNIT(s), r,
|
||||
"Got %s on incoming socket, assuming aborted connection attempt, ignoring.",
|
||||
errno_to_name(r));
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_DISCONNECT(r))
|
||||
/* ENOTCONN is legitimate if TCP RST was received. Other socket families might return
|
||||
* different errors. This connection is over, but the socket unit lives on. */
|
||||
return log_unit_debug_errno(UNIT(s), r,
|
||||
"Got %s on incoming socket, assuming aborted connection attempt, ignoring.",
|
||||
errno_to_name(r));
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
/* For accepting sockets, we don't know how the instance will be called until we get a connection and
|
||||
|
@ -2377,10 +2378,11 @@ static void socket_enter_running(Socket *s, int cfd_in) {
|
|||
}
|
||||
|
||||
r = socket_load_service_unit(s, cfd, &service);
|
||||
if (ERRNO_IS_DISCONNECT(r))
|
||||
return;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_DISCONNECT(r))
|
||||
return;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
r = unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, service,
|
||||
false, UNIT_DEPENDENCY_IMPLICIT);
|
||||
|
@ -2390,10 +2392,11 @@ static void socket_enter_running(Socket *s, int cfd_in) {
|
|||
s->n_accepted++;
|
||||
|
||||
r = service_set_socket_fd(SERVICE(service), cfd, s, p, s->selinux_context_from_net);
|
||||
if (ERRNO_IS_DISCONNECT(r))
|
||||
return;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_DISCONNECT(r))
|
||||
return;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
TAKE_FD(cfd); /* We passed ownership of the fd to the service now. Forget it here. */
|
||||
s->n_connections++;
|
||||
|
|
|
@ -483,14 +483,15 @@ static void analyze_coredump_file(
|
|||
r = -errno;
|
||||
} else
|
||||
r = access_fd(fd, R_OK);
|
||||
if (ERRNO_IS_PRIVILEGE(r)) {
|
||||
*ret_state = "inaccessible";
|
||||
*ret_color = ansi_highlight_yellow();
|
||||
*ret_size = UINT64_MAX;
|
||||
return;
|
||||
}
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_PRIVILEGE(r)) {
|
||||
*ret_state = "inaccessible";
|
||||
*ret_color = ansi_highlight_yellow();
|
||||
*ret_size = UINT64_MAX;
|
||||
return;
|
||||
}
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (fstat(fd, &st) < 0)
|
||||
goto error;
|
||||
|
|
|
@ -1728,10 +1728,11 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
|
|||
found_some
|
||||
? "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking."
|
||||
: "No TPM2 metadata enrolled in LUKS2 header, falling back to traditional unlocking.");
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking.");
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking.");
|
||||
return r;
|
||||
}
|
||||
|
||||
found_some = true;
|
||||
|
||||
|
|
|
@ -285,10 +285,11 @@ int home_resize_directory(
|
|||
return r;
|
||||
|
||||
r = home_update_quota_auto(h, NULL);
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r))
|
||||
return -ESOCKTNOSUPPORT; /* make recognizable */
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r))
|
||||
return -ESOCKTNOSUPPORT; /* make recognizable */
|
||||
return r;
|
||||
}
|
||||
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home);
|
||||
if (r < 0)
|
||||
|
|
|
@ -498,10 +498,11 @@ static int acquire_open_luks_device(
|
|||
return r;
|
||||
|
||||
r = sym_crypt_init_by_name(&cd, setup->dm_name);
|
||||
if ((ERRNO_IS_DEVICE_ABSENT(r) || r == -EINVAL) && graceful)
|
||||
return 0;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if ((ERRNO_IS_DEVICE_ABSENT(r) || r == -EINVAL) && graceful)
|
||||
return 0;
|
||||
return log_error_errno(r, "Failed to initialize cryptsetup context for %s: %m", setup->dm_name);
|
||||
}
|
||||
|
||||
cryptsetup_enable_logging(cd);
|
||||
|
||||
|
@ -1638,11 +1639,12 @@ int home_deactivate_luks(UserRecord *h, HomeSetup *setup) {
|
|||
cryptsetup_enable_logging(setup->crypt_device);
|
||||
|
||||
r = sym_crypt_deactivate_by_name(setup->crypt_device, setup->dm_name, 0);
|
||||
if (ERRNO_IS_DEVICE_ABSENT(r) || r == -EINVAL)
|
||||
log_debug_errno(r, "LUKS device %s is already detached.", setup->dm_node);
|
||||
else if (r < 0)
|
||||
return log_info_errno(r, "LUKS device %s couldn't be deactivated: %m", setup->dm_node);
|
||||
else {
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_DEVICE_ABSENT(r) || r == -EINVAL)
|
||||
log_debug_errno(r, "LUKS device %s is already detached.", setup->dm_node);
|
||||
else
|
||||
return log_info_errno(r, "LUKS device %s couldn't be deactivated: %m", setup->dm_node);
|
||||
} else {
|
||||
log_info("LUKS device detaching completed.");
|
||||
we_detached = true;
|
||||
}
|
||||
|
|
|
@ -828,13 +828,14 @@ int manager_read_efi_boot_loader_entries(Manager *m) {
|
|||
return 0;
|
||||
|
||||
r = efi_loader_get_entries(&m->efi_boot_loader_entries);
|
||||
if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r)) {
|
||||
log_debug_errno(r, "Boot loader reported no entries.");
|
||||
m->efi_boot_loader_entries_set = true;
|
||||
return 0;
|
||||
}
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r)) {
|
||||
log_debug_errno(r, "Boot loader reported no entries.");
|
||||
m->efi_boot_loader_entries_set = true;
|
||||
return 0;
|
||||
}
|
||||
return log_error_errno(r, "Failed to determine entries reported by boot loader: %m");
|
||||
}
|
||||
|
||||
m->efi_boot_loader_entries_set = true;
|
||||
return 1;
|
||||
|
|
|
@ -206,10 +206,11 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_list, char **sy
|
|||
return r;
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return log_error_errno(r, "Failed to install seccomp filter: %m");
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return log_error_errno(r, "Failed to install seccomp filter: %m");
|
||||
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
SECCOMP_FOREACH_LOCAL_ARCH(arch) {
|
||||
|
@ -242,10 +243,11 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_list, char **sy
|
|||
}
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return log_error_errno(r, "Failed to install seccomp audit filter: %m");
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return log_error_errno(r, "Failed to install seccomp audit filter: %m");
|
||||
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -3412,10 +3412,11 @@ static int inner_child(
|
|||
if (is_seccomp_available()) {
|
||||
|
||||
r = seccomp_load(arg_seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return log_error_errno(r, "Failed to install seccomp filter: %m");
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return log_error_errno(r, "Failed to install seccomp filter: %m");
|
||||
log_debug_errno(r, "Failed to install seccomp filter: %m");
|
||||
}
|
||||
}
|
||||
} else
|
||||
#endif
|
||||
|
@ -3825,19 +3826,20 @@ static int outer_child(
|
|||
arg_uid_shift != 0) {
|
||||
|
||||
r = remount_idmap(directory, arg_uid_shift, arg_uid_range, UID_INVALID, REMOUNT_IDMAPPING_HOST_ROOT);
|
||||
if (r == -EINVAL || ERRNO_IS_NOT_SUPPORTED(r)) {
|
||||
/* This might fail because the kernel or file system doesn't support idmapping. We
|
||||
* can't really distinguish this nicely, nor do we have any guarantees about the
|
||||
* error codes we see, could be EOPNOTSUPP or EINVAL. */
|
||||
if (arg_userns_ownership != USER_NAMESPACE_OWNERSHIP_AUTO)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||
"ID mapped mounts are apparently not available, sorry.");
|
||||
if (r < 0) {
|
||||
if (r == -EINVAL || ERRNO_IS_NOT_SUPPORTED(r)) {
|
||||
/* This might fail because the kernel or file system doesn't support idmapping. We
|
||||
* can't really distinguish this nicely, nor do we have any guarantees about the
|
||||
* error codes we see, could be EOPNOTSUPP or EINVAL. */
|
||||
if (arg_userns_ownership != USER_NAMESPACE_OWNERSHIP_AUTO)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||
"ID mapped mounts are apparently not available, sorry.");
|
||||
|
||||
log_debug("ID mapped mounts are apparently not available on this kernel or for the selected file system, reverting to recursive chown()ing.");
|
||||
arg_userns_ownership = USER_NAMESPACE_OWNERSHIP_CHOWN;
|
||||
} else if (r < 0)
|
||||
return log_error_errno(r, "Failed to set up ID mapped mounts: %m");
|
||||
else {
|
||||
log_debug("ID mapped mounts are apparently not available on this kernel or for the selected file system, reverting to recursive chown()ing.");
|
||||
arg_userns_ownership = USER_NAMESPACE_OWNERSHIP_CHOWN;
|
||||
} else
|
||||
return log_error_errno(r, "Failed to set up ID mapped mounts: %m");
|
||||
} else {
|
||||
log_debug("ID mapped mounts available, making use of them.");
|
||||
idmap = true;
|
||||
}
|
||||
|
|
|
@ -6484,10 +6484,11 @@ static int parse_efi_variable_factory_reset(void) {
|
|||
return 0;
|
||||
|
||||
r = efi_get_variable_string(EFI_SYSTEMD_VARIABLE(FactoryReset), &value);
|
||||
if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r))
|
||||
return 0;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r))
|
||||
return 0;
|
||||
return log_error_errno(r, "Failed to read EFI variable FactoryReset: %m");
|
||||
}
|
||||
|
||||
r = parse_boolean(value);
|
||||
if (r < 0)
|
||||
|
@ -6504,10 +6505,11 @@ static int remove_efi_variable_factory_reset(void) {
|
|||
int r;
|
||||
|
||||
r = efi_set_variable(EFI_SYSTEMD_VARIABLE(FactoryReset), NULL, 0);
|
||||
if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r))
|
||||
return 0;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r))
|
||||
return 0;
|
||||
return log_error_errno(r, "Failed to remove EFI variable FactoryReset: %m");
|
||||
}
|
||||
|
||||
log_info("Successfully unset EFI variable FactoryReset.");
|
||||
return 0;
|
||||
|
|
|
@ -2079,7 +2079,7 @@ int dns_transaction_go(DnsTransaction *t) {
|
|||
dns_transaction_complete(t, DNS_TRANSACTION_RR_TYPE_UNSUPPORTED);
|
||||
return 0;
|
||||
}
|
||||
if (t->scope->protocol == DNS_PROTOCOL_LLMNR && ERRNO_IS_DISCONNECT(r)) {
|
||||
if (t->scope->protocol == DNS_PROTOCOL_LLMNR && r < 0 && ERRNO_IS_DISCONNECT(r)) {
|
||||
/* On LLMNR, if we cannot connect to a host via TCP when doing reverse lookups. This means we cannot
|
||||
* answer this request with this protocol. */
|
||||
dns_transaction_complete(t, DNS_TRANSACTION_NOT_FOUND);
|
||||
|
|
|
@ -1565,14 +1565,16 @@ int btrfs_subvol_snapshot_at_full(
|
|||
return -EISDIR;
|
||||
|
||||
r = btrfs_subvol_make_fd(new_fd, subvolume);
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r) && (flags & BTRFS_SNAPSHOT_FALLBACK_DIRECTORY)) {
|
||||
/* If the destination doesn't support subvolumes, then use a plain directory, if that's requested. */
|
||||
if (mkdirat(new_fd, subvolume, 0755) < 0)
|
||||
return -errno;
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r) && (flags & BTRFS_SNAPSHOT_FALLBACK_DIRECTORY)) {
|
||||
/* If the destination doesn't support subvolumes, then use a plain directory, if that's requested. */
|
||||
if (mkdirat(new_fd, subvolume, 0755) < 0)
|
||||
return -errno;
|
||||
|
||||
plain_directory = true;
|
||||
} else if (r < 0)
|
||||
return r;
|
||||
plain_directory = true;
|
||||
} else
|
||||
return r;
|
||||
}
|
||||
|
||||
if (FLAGS_SET(flags, BTRFS_SNAPSHOT_LOCK_BSD)) {
|
||||
subvolume_fd = xopenat_lock(new_fd, subvolume,
|
||||
|
|
|
@ -1092,10 +1092,11 @@ int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilter
|
|||
return log_debug_errno(r, "Failed to add filter set: %m");
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to install filter set for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -1153,11 +1154,12 @@ int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* filter
|
|||
}
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to install system call filter for architecture %s, skipping: %m",
|
||||
seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -1358,10 +1360,11 @@ int seccomp_restrict_namespaces(unsigned long retain) {
|
|||
continue;
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to install namespace restriction rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -1401,10 +1404,11 @@ int seccomp_protect_sysctl(void) {
|
|||
}
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to install sysctl protection rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -1433,10 +1437,11 @@ int seccomp_protect_syslog(void) {
|
|||
}
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to install syslog protection rules for architecture %s, skipping %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -1603,10 +1608,11 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
|
|||
}
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to install socket family rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -1682,10 +1688,11 @@ int seccomp_restrict_realtime_full(int error_code) {
|
|||
}
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to install realtime protection rules for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -1816,11 +1823,12 @@ int seccomp_memory_deny_write_execute(void) {
|
|||
}
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to install MemoryDenyWriteExecute= rule for architecture %s, skipping: %m",
|
||||
seccomp_arch_to_string(arch));
|
||||
}
|
||||
loaded++;
|
||||
}
|
||||
|
||||
|
@ -1889,10 +1897,11 @@ int seccomp_restrict_archs(Set *archs) {
|
|||
return r;
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to restrict system call architectures, skipping: %m");
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -1984,10 +1993,11 @@ int seccomp_lock_personality(unsigned long personality) {
|
|||
}
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to enable personality lock for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -2025,10 +2035,11 @@ int seccomp_protect_hostname(void) {
|
|||
}
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to apply hostname restrictions for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -2203,10 +2214,11 @@ int seccomp_restrict_suid_sgid(void) {
|
|||
continue;
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to apply suid/sgid restrictions for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -2348,10 +2360,11 @@ int seccomp_suppress_sync(void) {
|
|||
#endif
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
log_debug_errno(r, "Failed to apply sync() suppression for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -57,13 +57,14 @@ static int load_user(
|
|||
}
|
||||
|
||||
r = json_parse_file(NULL, j, JSON_PARSE_SENSITIVE, &privileged_v, NULL, NULL);
|
||||
if (ERRNO_IS_PRIVILEGE(r))
|
||||
have_privileged = false;
|
||||
else if (r == -ENOENT)
|
||||
have_privileged = true; /* if the privileged file doesn't exist, we are complete */
|
||||
else if (r < 0)
|
||||
return r;
|
||||
else {
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_PRIVILEGE(r))
|
||||
have_privileged = false;
|
||||
else if (r == -ENOENT)
|
||||
have_privileged = true; /* if the privileged file doesn't exist, we are complete */
|
||||
else
|
||||
return r;
|
||||
} else {
|
||||
r = json_variant_merge(&v, privileged_v);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -201,13 +202,14 @@ static int load_group(
|
|||
}
|
||||
|
||||
r = json_parse_file(NULL, j, JSON_PARSE_SENSITIVE, &privileged_v, NULL, NULL);
|
||||
if (ERRNO_IS_PRIVILEGE(r))
|
||||
have_privileged = false;
|
||||
else if (r == -ENOENT)
|
||||
have_privileged = true; /* if the privileged file doesn't exist, we are complete */
|
||||
else if (r < 0)
|
||||
return r;
|
||||
else {
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_PRIVILEGE(r))
|
||||
have_privileged = false;
|
||||
else if (r == -ENOENT)
|
||||
have_privileged = true; /* if the privileged file doesn't exist, we are complete */
|
||||
else
|
||||
return r;
|
||||
} else {
|
||||
r = json_variant_merge(&v, privileged_v);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
|
@ -28,14 +28,14 @@ int main(int argc, char *argv[]) {
|
|||
|
||||
pid_max = TASKS_MAX;
|
||||
r = procfs_get_pid_max(&pid_max);
|
||||
if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
|
||||
if (r == -ENOENT || (r < 0 && ERRNO_IS_PRIVILEGE(r)))
|
||||
return log_tests_skipped_errno(r, "can't get pid max");
|
||||
assert(r >= 0);
|
||||
log_info("kernel.pid_max: %"PRIu64, pid_max);
|
||||
|
||||
threads_max = TASKS_MAX;
|
||||
r = procfs_get_threads_max(&threads_max);
|
||||
if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
|
||||
if (r == -ENOENT || (r < 0 && ERRNO_IS_PRIVILEGE(r)))
|
||||
return log_tests_skipped_errno(r, "can't get threads max");
|
||||
assert(r >= 0);
|
||||
log_info("kernel.threads-max: %"PRIu64, threads_max);
|
||||
|
|
|
@ -1883,7 +1883,7 @@ static int create_directory_or_subvolume(
|
|||
} else
|
||||
r = 0;
|
||||
|
||||
if (!subvol || ERRNO_IS_NOT_SUPPORTED(r))
|
||||
if (!subvol || (r < 0 && ERRNO_IS_NOT_SUPPORTED(r)))
|
||||
WITH_UMASK(0000)
|
||||
r = mkdirat_label(pfd, bn, mode);
|
||||
|
||||
|
|
Loading…
Reference in a new issue