From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Wed, 28 May 2025 16:31:13 +0000 (+0200)
Subject: Define helper to call PR_SET_DUMPABLE
X-Git-Tag: v258-rc1~448^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9ce8e3e449def92c75ada41b7d10c5bc3946be77;p=thirdparty%2Fsystemd.git

Define helper to call PR_SET_DUMPABLE
---

diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 2507e1b6030..55a0b704e3d 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -3,7 +3,6 @@
 #include <elf.h>
 #include <stdio.h>
 #include <sys/mount.h>
-#include <sys/prctl.h>
 #include <sys/statvfs.h>
 #include <sys/xattr.h>
 #include <unistd.h>
@@ -2024,7 +2023,7 @@ static int run(int argc, char *argv[]) {
         log_set_target_and_open(LOG_TARGET_KMSG);
 
         /* Make sure we never enter a loop */
-        (void) prctl(PR_SET_DUMPABLE, SUID_DUMP_DISABLE);
+        (void) set_dumpable(SUID_DUMP_DISABLE);
 
         /* Ignore all parse errors */
         (void) parse_config();
diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c
index 9d18cf13010..37dfb2c91a5 100644
--- a/src/shared/coredump-util.c
+++ b/src/shared/coredump-util.c
@@ -1,9 +1,11 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include <elf.h>
+#include <sys/prctl.h>
 
 #include "alloc-util.h"
 #include "coredump-util.h"
+#include "errno-util.h"
 #include "extract-word.h"
 #include "fileio.h"
 #include "log.h"
@@ -14,6 +16,11 @@
 #include "unaligned.h"
 #include "virt.h"
 
+int set_dumpable(SuidDumpMode mode) {
+        /* Cast mode explicitly to long, because prctl wants longs but is varargs. */
+        return RET_NERRNO(prctl(PR_SET_DUMPABLE, (long) mode));
+}
+
 static const char *const coredump_filter_table[_COREDUMP_FILTER_MAX] = {
         [COREDUMP_FILTER_PRIVATE_ANONYMOUS]   = "private-anonymous",
         [COREDUMP_FILTER_SHARED_ANONYMOUS]    = "shared-anonymous",
diff --git a/src/shared/coredump-util.h b/src/shared/coredump-util.h
index f774425b293..76e37155371 100644
--- a/src/shared/coredump-util.h
+++ b/src/shared/coredump-util.h
@@ -35,6 +35,8 @@ typedef enum SuidDumpMode {
         _SUID_DUMP_MODE_MAX,
 } SuidDumpMode;
 
+int set_dumpable(SuidDumpMode mode);
+
 const char* coredump_filter_to_string(CoredumpFilter i) _const_;
 CoredumpFilter coredump_filter_from_string(const char *s) _pure_;
 int coredump_filter_mask_from_string(const char *s, uint64_t *ret);
diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c
index edc2e82d362..fd06b55ab1d 100644
--- a/src/shared/elf-util.c
+++ b/src/shared/elf-util.c
@@ -6,12 +6,12 @@
 #include <elfutils/libdwelf.h>
 #include <elfutils/libdwfl.h>
 #include <libelf.h>
-#include <sys/prctl.h>
 #include <sys/resource.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "coredump-util.h"
 #include "dlfcn-util.h"
 #include "elf-util.h"
 #include "errno-util.h"
@@ -826,7 +826,7 @@ int parse_elf_object(int fd, const char *executable, const char *root, bool fork
         if (r == 0) {
                 /* We want to avoid loops, given this can be called from systemd-coredump */
                 if (fork_disable_dump) {
-                        r = RET_NERRNO(prctl(PR_SET_DUMPABLE, 0));
+                        r = set_dumpable(SUID_DUMP_DISABLE);
                         if (r < 0)
                                 report_errno_and_exit(error_pipe[1], r);
                 }
diff --git a/src/shared/tests.c b/src/shared/tests.c
index 66e1ae88cd6..7284d00e23e 100644
--- a/src/shared/tests.c
+++ b/src/shared/tests.c
@@ -16,6 +16,7 @@
 #include "bus-wait-for-jobs.h"
 #include "cgroup-setup.h"
 #include "cgroup-util.h"
+#include "coredump-util.h"
 #include "env-file.h"
 #include "env-util.h"
 #include "fd-util.h"
@@ -433,7 +434,8 @@ int assert_signal_internal(void) {
 
         if (r == 0) {
                 /* Speed things up by never even attempting to generate a coredump */
-                (void) prctl(PR_SET_DUMPABLE, 0);
+                (void) set_dumpable(SUID_DUMP_DISABLE);
+
                 /* But still set an rlimit just in case */
                 (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(0));
                 return 0;