]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/clean-ipc.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
18 #include "clean-ipc.h"
19 #include "dirent-util.h"
22 #include "format-util.h"
25 #include "string-util.h"
27 #include "user-util.h"
29 static bool match_uid_gid(uid_t subject_uid
, gid_t subject_gid
, uid_t delete_uid
, gid_t delete_gid
) {
31 if (uid_is_valid(delete_uid
) && subject_uid
== delete_uid
)
34 if (gid_is_valid(delete_gid
) && subject_gid
== delete_gid
)
40 static int clean_sysvipc_shm(uid_t delete_uid
, gid_t delete_gid
, bool rm
) {
41 _cleanup_fclose_
FILE *f
= NULL
;
45 f
= fopen("/proc/sysvipc/shm", "re");
50 return log_warning_errno(errno
, "Failed to open /proc/sysvipc/shm: %m");
54 _cleanup_free_
char *line
= NULL
;
61 r
= read_line(f
, LONG_LINE_MAX
, &line
);
63 return log_warning_errno(errno
, "Failed to read /proc/sysvipc/shm: %m");
72 if (sscanf(line
, "%*i %i %*o %*u " PID_FMT
" " PID_FMT
" %u " UID_FMT
" " GID_FMT
" " UID_FMT
" " GID_FMT
,
73 &shmid
, &cpid
, &lpid
, &n_attached
, &uid
, &gid
, &cuid
, &cgid
) != 8)
79 if (!match_uid_gid(uid
, gid
, delete_uid
, delete_gid
))
85 if (shmctl(shmid
, IPC_RMID
, NULL
) < 0) {
87 /* Ignore entries that are already deleted */
88 if (IN_SET(errno
, EIDRM
, EINVAL
))
91 ret
= log_warning_errno(errno
,
92 "Failed to remove SysV shared memory segment %i: %m",
95 log_debug("Removed SysV shared memory segment %i.", shmid
);
104 static int clean_sysvipc_sem(uid_t delete_uid
, gid_t delete_gid
, bool rm
) {
105 _cleanup_fclose_
FILE *f
= NULL
;
109 f
= fopen("/proc/sysvipc/sem", "re");
114 return log_warning_errno(errno
, "Failed to open /proc/sysvipc/sem: %m");
118 _cleanup_free_
char *line
= NULL
;
123 r
= read_line(f
, LONG_LINE_MAX
, &line
);
125 return log_warning_errno(r
, "Failed to read /proc/sysvipc/sem: %m");
134 if (sscanf(line
, "%*i %i %*o %*u " UID_FMT
" " GID_FMT
" " UID_FMT
" " GID_FMT
,
135 &semid
, &uid
, &gid
, &cuid
, &cgid
) != 5)
138 if (!match_uid_gid(uid
, gid
, delete_uid
, delete_gid
))
144 if (semctl(semid
, 0, IPC_RMID
) < 0) {
146 /* Ignore entries that are already deleted */
147 if (IN_SET(errno
, EIDRM
, EINVAL
))
150 ret
= log_warning_errno(errno
,
151 "Failed to remove SysV semaphores object %i: %m",
154 log_debug("Removed SysV semaphore %i.", semid
);
163 static int clean_sysvipc_msg(uid_t delete_uid
, gid_t delete_gid
, bool rm
) {
164 _cleanup_fclose_
FILE *f
= NULL
;
168 f
= fopen("/proc/sysvipc/msg", "re");
173 return log_warning_errno(errno
, "Failed to open /proc/sysvipc/msg: %m");
177 _cleanup_free_
char *line
= NULL
;
183 r
= read_line(f
, LONG_LINE_MAX
, &line
);
185 return log_warning_errno(r
, "Failed to read /proc/sysvipc/msg: %m");
194 if (sscanf(line
, "%*i %i %*o %*u %*u " PID_FMT
" " PID_FMT
" " UID_FMT
" " GID_FMT
" " UID_FMT
" " GID_FMT
,
195 &msgid
, &cpid
, &lpid
, &uid
, &gid
, &cuid
, &cgid
) != 7)
198 if (!match_uid_gid(uid
, gid
, delete_uid
, delete_gid
))
204 if (msgctl(msgid
, IPC_RMID
, NULL
) < 0) {
206 /* Ignore entries that are already deleted */
207 if (IN_SET(errno
, EIDRM
, EINVAL
))
210 ret
= log_warning_errno(errno
,
211 "Failed to remove SysV message queue %i: %m",
214 log_debug("Removed SysV message queue %i.", msgid
);
223 static int clean_posix_shm_internal(DIR *dir
, uid_t uid
, gid_t gid
, bool rm
) {
229 FOREACH_DIRENT_ALL(de
, dir
, goto fail
) {
232 if (dot_or_dot_dot(de
->d_name
))
235 if (fstatat(dirfd(dir
), de
->d_name
, &st
, AT_SYMLINK_NOFOLLOW
) < 0) {
239 ret
= log_warning_errno(errno
, "Failed to stat() POSIX shared memory segment %s: %m", de
->d_name
);
243 if (S_ISDIR(st
.st_mode
)) {
244 _cleanup_closedir_
DIR *kid
;
246 kid
= xopendirat(dirfd(dir
), de
->d_name
, O_NOFOLLOW
|O_NOATIME
);
249 ret
= log_warning_errno(errno
, "Failed to enter shared memory directory %s: %m", de
->d_name
);
251 r
= clean_posix_shm_internal(kid
, uid
, gid
, rm
);
256 if (!match_uid_gid(st
.st_uid
, st
.st_gid
, uid
, gid
))
262 if (unlinkat(dirfd(dir
), de
->d_name
, AT_REMOVEDIR
) < 0) {
267 ret
= log_warning_errno(errno
, "Failed to remove POSIX shared memory directory %s: %m", de
->d_name
);
269 log_debug("Removed POSIX shared memory directory %s", de
->d_name
);
275 if (!match_uid_gid(st
.st_uid
, st
.st_gid
, uid
, gid
))
281 if (unlinkat(dirfd(dir
), de
->d_name
, 0) < 0) {
286 ret
= log_warning_errno(errno
, "Failed to remove POSIX shared memory segment %s: %m", de
->d_name
);
288 log_debug("Removed POSIX shared memory segment %s", de
->d_name
);
298 return log_warning_errno(errno
, "Failed to read /dev/shm: %m");
301 static int clean_posix_shm(uid_t uid
, gid_t gid
, bool rm
) {
302 _cleanup_closedir_
DIR *dir
= NULL
;
304 dir
= opendir("/dev/shm");
309 return log_warning_errno(errno
, "Failed to open /dev/shm: %m");
312 return clean_posix_shm_internal(dir
, uid
, gid
, rm
);
315 static int clean_posix_mq(uid_t uid
, gid_t gid
, bool rm
) {
316 _cleanup_closedir_
DIR *dir
= NULL
;
320 dir
= opendir("/dev/mqueue");
325 return log_warning_errno(errno
, "Failed to open /dev/mqueue: %m");
328 FOREACH_DIRENT_ALL(de
, dir
, goto fail
) {
330 char fn
[1+strlen(de
->d_name
)+1];
332 if (dot_or_dot_dot(de
->d_name
))
335 if (fstatat(dirfd(dir
), de
->d_name
, &st
, AT_SYMLINK_NOFOLLOW
) < 0) {
339 ret
= log_warning_errno(errno
,
340 "Failed to stat() MQ segment %s: %m",
345 if (!match_uid_gid(st
.st_uid
, st
.st_gid
, uid
, gid
))
352 strcpy(fn
+1, de
->d_name
);
354 if (mq_unlink(fn
) < 0) {
358 ret
= log_warning_errno(errno
,
359 "Failed to unlink POSIX message queue %s: %m",
362 log_debug("Removed POSIX message queue %s", fn
);
371 return log_warning_errno(errno
, "Failed to read /dev/mqueue: %m");
374 int clean_ipc_internal(uid_t uid
, gid_t gid
, bool rm
) {
377 /* If 'rm' is true, clean all IPC objects owned by either the specified UID or the specified GID. Return the
378 * last error encountered or == 0 if no matching IPC objects have been found or > 0 if matching IPC objects
379 * have been found and have been removed.
381 * If 'rm' is false, just search for IPC objects owned by either the specified UID or the specified GID. In
382 * this case we return < 0 on error, > 0 if we found a matching object, == 0 if we didn't.
384 * As special rule: if UID/GID is specified as root we'll silently not clean up things, and always claim that
385 * there are IPC objects for it. */
400 /* Anything to do? */
401 if (!uid_is_valid(uid
) && !gid_is_valid(gid
))
404 r
= clean_sysvipc_shm(uid
, gid
, rm
);
412 r
= clean_sysvipc_sem(uid
, gid
, rm
);
420 r
= clean_sysvipc_msg(uid
, gid
, rm
);
428 r
= clean_posix_shm(uid
, gid
, rm
);
436 r
= clean_posix_mq(uid
, gid
, rm
);
447 int clean_ipc_by_uid(uid_t uid
) {
448 return clean_ipc_internal(uid
, GID_INVALID
, true);
451 int clean_ipc_by_gid(gid_t gid
) {
452 return clean_ipc_internal(UID_INVALID
, gid
, true);