various: turn off SO_PASSRIGHTS where fds are not expected

diff --git a/src/core/manager.c b/src/core/manager.c
index d794a2518f00e99bfceac6be05a993168950178c..53c62afaae640e8efdbe638b2b018f893d628a20 100644 (file)
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1136,6 +1136,10 @@ static int manager_setup_user_lookup_fd(Manager *m) {
                 if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, m->user_lookup_fds) < 0)
                         return log_error_errno(errno, "Failed to allocate user lookup socket: %m");
 
+                r = setsockopt_int(m->user_lookup_fds[0], SOL_SOCKET, SO_PASSRIGHTS, false);
+                if (r < 0 && !ERRNO_IS_NEG_NOT_SUPPORTED(r))
+                        log_warning_errno(r, "Failed to turn off SO_PASSRIGHTS on user lookup socket, ignoring: %m");
+
                 (void) fd_increase_rxbuf(m->user_lookup_fds[0], MANAGER_SOCKET_RCVBUF_SIZE);
         }
 
@@ -1176,7 +1180,11 @@ static int manager_setup_handoff_timestamp_fd(Manager *m) {
 
                 r = setsockopt_int(m->handoff_timestamp_fds[0], SOL_SOCKET, SO_PASSCRED, true);
                 if (r < 0)
-                        return log_error_errno(r, "SO_PASSCRED failed: %m");
+                        return log_error_errno(r, "Failed to enable SO_PASSCRED on handoff timestamp socket: %m");
+
+                r = setsockopt_int(m->handoff_timestamp_fds[0], SOL_SOCKET, SO_PASSRIGHTS, false);
+                if (r < 0 && !ERRNO_IS_NEG_NOT_SUPPORTED(r))
+                        log_warning_errno(r, "Failed to turn off SO_PASSRIGHTS on handoff timestamp socket, ignoring: %m");
 
                 /* Mark the receiving socket as O_NONBLOCK (but leave sending side as-is) */
                 r = fd_nonblock(m->handoff_timestamp_fds[0], true);
@@ -1223,7 +1231,7 @@ static int manager_setup_pidref_transport_fd(Manager *m) {
 
                 r = setsockopt_int(m->pidref_transport_fds[0], SOL_SOCKET, SO_PASSPIDFD, true);
                 if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
-                        log_debug("SO_PASSPIDFD is not supported for pidref socket, ignoring.");
+                        log_debug_errno(r, "SO_PASSPIDFD is not supported for pidref socket, ignoring.");
                 else if (r < 0)
                         log_warning_errno(r, "Failed to enable SO_PASSPIDFD for pidref socket, ignoring: %m");
 

diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index c7da314118aac8c7c96651e6579d3ef2f28dfb1f..45fc3257fff9476376048549f242fbf7084cc3af 100644 (file)
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -647,10 +647,6 @@ int stdout_stream_install(Manager *m, int fd, StdoutStream **ret) {
         if (r < 0)
                 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Failed to determine peer credentials: %m");
 
-        r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true);
-        if (r < 0)
-                return log_error_errno(r, "SO_PASSCRED failed: %m");
-
         if (mac_selinux_use()) {
                 r = getpeersec(fd, &stream->label);
                 if (r < 0 && r != -EOPNOTSUPP)
@@ -918,6 +914,14 @@ int manager_open_stdout_socket(Manager *m, const char *stdout_socket) {
         } else
                 (void) fd_nonblock(m->stdout_fd, true);
 
+        r = setsockopt_int(m->stdout_fd, SOL_SOCKET, SO_PASSCRED, true);
+        if (r < 0)
+                return log_error_errno(r, "Failed to enable SO_PASSCRED: %m");
+
+        r = setsockopt_int(m->stdout_fd, SOL_SOCKET, SO_PASSRIGHTS, false);
+        if (r < 0)
+                log_debug_errno(r, "Failed to turn off SO_PASSRIGHTS, ignoring: %m");
+
         r = sd_event_add_io(m->event, &m->stdout_event_source, m->stdout_fd, EPOLLIN, stdout_stream_new, m);
         if (r < 0)
                 return log_error_errno(r, "Failed to add stdout server fd to event source: %m");

diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
index f441476f1d6e0d6c2e3961ffbd8931b85aed6074..ca204f25f5ec6be9f50c0db4fbaf96aef6616b62 100644 (file)
--- a/src/journal/journald-syslog.c
+++ b/src/journal/journald-syslog.c
@@ -504,17 +504,22 @@ int manager_open_syslog_socket(Manager *m, const char *syslog_socket) {
 
         r = setsockopt_int(m->syslog_fd, SOL_SOCKET, SO_PASSCRED, true);
         if (r < 0)
-                return log_error_errno(r, "SO_PASSCRED failed: %m");
+                return log_error_errno(r, "Failed to enable SO_PASSCRED: %m");
+
+        r = setsockopt_int(m->syslog_fd, SOL_SOCKET, SO_PASSRIGHTS, false);
+        if (r < 0)
+                log_debug_errno(r, "Failed to turn off SO_PASSRIGHTS, ignoring: %m");
 
         if (mac_selinux_use()) {
                 r = setsockopt_int(m->syslog_fd, SOL_SOCKET, SO_PASSSEC, true);
                 if (r < 0)
-                        log_full_errno(ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r, "SO_PASSSEC failed, ignoring: %m");
+                        log_full_errno(ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
+                                       "Failed to enable SO_PASSSEC, ignoring: %m");
         }
 
         r = setsockopt_int(m->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, true);
         if (r < 0)
-                return log_error_errno(r, "SO_TIMESTAMP failed: %m");
+                return log_error_errno(r, "Failed to enable SO_TIMESTAMP: %m");
 
         r = sd_event_add_io(m->event, &m->syslog_event_source, m->syslog_fd, EPOLLIN, manager_process_datagram, m);
         if (r < 0)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 36b74954829d55f1f096c4b09c65582c81eddbea..4edd092d3dee0979b81337ee0a9f230ab101aeaf 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3716,6 +3716,10 @@ static int setup_notify_child(const void *directory) {
         if (r < 0)
                 log_debug_errno(r, "Failed to enable SO_PASSPIDFD, ignoring: %m");
 
+        r = setsockopt_int(fd, SOL_SOCKET, SO_PASSRIGHTS, false);
+        if (r < 0)
+                log_debug_errno(r, "Failed to turn off SO_PASSRIGHTS, ignoring: %m");
+
         return TAKE_FD(fd);
 }
 

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 33ed81fbb57f95e9044bd61196304266b04f6a19..5b0cc14be81dca0d6124427d914a52cbec6af112 100644 (file)
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -819,6 +819,8 @@ static int create_socket(const char *askpwdir, char **ret) {
         if (r < 0)
                 return r;
 
+        (void) setsockopt_int(fd, SOL_SOCKET, SO_PASSRIGHTS, false);
+
         *ret = TAKE_PTR(path);
         return TAKE_FD(fd);
 }

diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c
index eeaa0c01f3ee4d754245b397f416cbe789ba96de..fbd0834d16892db27bc9895b0310e90550d4a176 100644 (file)
--- a/src/udev/udev-ctrl.c
+++ b/src/udev/udev-ctrl.c
@@ -59,6 +59,10 @@ int udev_ctrl_new_from_fd(UdevCtrl **ret, int fd) {
         if (r < 0)
                 log_warning_errno(r, "Failed to set SO_PASSCRED, ignoring: %m");
 
+        r = setsockopt_int(fd >= 0 ? fd : sock, SOL_SOCKET, SO_PASSRIGHTS, false);
+        if (r < 0)
+                log_debug_errno(r, "Failed to turn off SO_PASSRIGHTS, ignoring: %m");
+
         uctrl = new(UdevCtrl, 1);
         if (!uctrl)
                 return -ENOMEM;

diff --git a/units/syslog.socket b/units/syslog.socket
index 26b691c105b9c52491c7586e7624b16df1853423..383bc7a067481b9b4d7575bcb7d93d766c2d0404 100644 (file)
--- a/units/syslog.socket
+++ b/units/syslog.socket
@@ -27,6 +27,7 @@ ListenDatagram=/run/systemd/journal/syslog
 SocketMode=0666
 PassCredentials=yes
 PassSecurity=yes
+AcceptFileDescriptors=no
 ReceiveBuffer=8M
 
 # The default syslog implementation should make syslog.service a