From: Mike Yuan <me@yhndnzj.com>
Date: Fri, 6 Jun 2025 20:00:52 +0000 (+0200)
Subject: various: turn off SO_PASSRIGHTS where fds are not expected
X-Git-Tag: v258-rc1~301^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F37759%2Fhead;p=thirdparty%2Fsystemd.git

various: turn off SO_PASSRIGHTS where fds are not expected
---

diff --git a/src/core/manager.c b/src/core/manager.c
index d794a2518f0..53c62afaae6 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1136,6 +1136,10 @@ static int manager_setup_user_lookup_fd(Manager *m) {
                 if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, m->user_lookup_fds) < 0)
                         return log_error_errno(errno, "Failed to allocate user lookup socket: %m");
 
+                r = setsockopt_int(m->user_lookup_fds[0], SOL_SOCKET, SO_PASSRIGHTS, false);
+                if (r < 0 && !ERRNO_IS_NEG_NOT_SUPPORTED(r))
+                        log_warning_errno(r, "Failed to turn off SO_PASSRIGHTS on user lookup socket, ignoring: %m");
+
                 (void) fd_increase_rxbuf(m->user_lookup_fds[0], MANAGER_SOCKET_RCVBUF_SIZE);
         }
 
@@ -1176,7 +1180,11 @@ static int manager_setup_handoff_timestamp_fd(Manager *m) {
 
                 r = setsockopt_int(m->handoff_timestamp_fds[0], SOL_SOCKET, SO_PASSCRED, true);
                 if (r < 0)
-                        return log_error_errno(r, "SO_PASSCRED failed: %m");
+                        return log_error_errno(r, "Failed to enable SO_PASSCRED on handoff timestamp socket: %m");
+
+                r = setsockopt_int(m->handoff_timestamp_fds[0], SOL_SOCKET, SO_PASSRIGHTS, false);
+                if (r < 0 && !ERRNO_IS_NEG_NOT_SUPPORTED(r))
+                        log_warning_errno(r, "Failed to turn off SO_PASSRIGHTS on handoff timestamp socket, ignoring: %m");
 
                 /* Mark the receiving socket as O_NONBLOCK (but leave sending side as-is) */
                 r = fd_nonblock(m->handoff_timestamp_fds[0], true);
@@ -1223,7 +1231,7 @@ static int manager_setup_pidref_transport_fd(Manager *m) {
 
                 r = setsockopt_int(m->pidref_transport_fds[0], SOL_SOCKET, SO_PASSPIDFD, true);
                 if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
-                        log_debug("SO_PASSPIDFD is not supported for pidref socket, ignoring.");
+                        log_debug_errno(r, "SO_PASSPIDFD is not supported for pidref socket, ignoring.");
                 else if (r < 0)
                         log_warning_errno(r, "Failed to enable SO_PASSPIDFD for pidref socket, ignoring: %m");
 
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index c7da314118a..45fc3257fff 100644
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -647,10 +647,6 @@ int stdout_stream_install(Manager *m, int fd, StdoutStream **ret) {
         if (r < 0)
                 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Failed to determine peer credentials: %m");
 
-        r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true);
-        if (r < 0)
-                return log_error_errno(r, "SO_PASSCRED failed: %m");
-
         if (mac_selinux_use()) {
                 r = getpeersec(fd, &stream->label);
                 if (r < 0 && r != -EOPNOTSUPP)
@@ -918,6 +914,14 @@ int manager_open_stdout_socket(Manager *m, const char *stdout_socket) {
         } else
                 (void) fd_nonblock(m->stdout_fd, true);
 
+        r = setsockopt_int(m->stdout_fd, SOL_SOCKET, SO_PASSCRED, true);
+        if (r < 0)
+                return log_error_errno(r, "Failed to enable SO_PASSCRED: %m");
+
+        r = setsockopt_int(m->stdout_fd, SOL_SOCKET, SO_PASSRIGHTS, false);
+        if (r < 0)
+                log_debug_errno(r, "Failed to turn off SO_PASSRIGHTS, ignoring: %m");
+
         r = sd_event_add_io(m->event, &m->stdout_event_source, m->stdout_fd, EPOLLIN, stdout_stream_new, m);
         if (r < 0)
                 return log_error_errno(r, "Failed to add stdout server fd to event source: %m");
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
index f441476f1d6..ca204f25f5e 100644
--- a/src/journal/journald-syslog.c
+++ b/src/journal/journald-syslog.c
@@ -504,17 +504,22 @@ int manager_open_syslog_socket(Manager *m, const char *syslog_socket) {
 
         r = setsockopt_int(m->syslog_fd, SOL_SOCKET, SO_PASSCRED, true);
         if (r < 0)
-                return log_error_errno(r, "SO_PASSCRED failed: %m");
+                return log_error_errno(r, "Failed to enable SO_PASSCRED: %m");
+
+        r = setsockopt_int(m->syslog_fd, SOL_SOCKET, SO_PASSRIGHTS, false);
+        if (r < 0)
+                log_debug_errno(r, "Failed to turn off SO_PASSRIGHTS, ignoring: %m");
 
         if (mac_selinux_use()) {
                 r = setsockopt_int(m->syslog_fd, SOL_SOCKET, SO_PASSSEC, true);
                 if (r < 0)
-                        log_full_errno(ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r, "SO_PASSSEC failed, ignoring: %m");
+                        log_full_errno(ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
+                                       "Failed to enable SO_PASSSEC, ignoring: %m");
         }
 
         r = setsockopt_int(m->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, true);
         if (r < 0)
-                return log_error_errno(r, "SO_TIMESTAMP failed: %m");
+                return log_error_errno(r, "Failed to enable SO_TIMESTAMP: %m");
 
         r = sd_event_add_io(m->event, &m->syslog_event_source, m->syslog_fd, EPOLLIN, manager_process_datagram, m);
         if (r < 0)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 36b74954829..4edd092d3de 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3716,6 +3716,10 @@ static int setup_notify_child(const void *directory) {
         if (r < 0)
                 log_debug_errno(r, "Failed to enable SO_PASSPIDFD, ignoring: %m");
 
+        r = setsockopt_int(fd, SOL_SOCKET, SO_PASSRIGHTS, false);
+        if (r < 0)
+                log_debug_errno(r, "Failed to turn off SO_PASSRIGHTS, ignoring: %m");
+
         return TAKE_FD(fd);
 }
 
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 33ed81fbb57..5b0cc14be81 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -819,6 +819,8 @@ static int create_socket(const char *askpwdir, char **ret) {
         if (r < 0)
                 return r;
 
+        (void) setsockopt_int(fd, SOL_SOCKET, SO_PASSRIGHTS, false);
+
         *ret = TAKE_PTR(path);
         return TAKE_FD(fd);
 }
diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c
index eeaa0c01f3e..fbd0834d168 100644
--- a/src/udev/udev-ctrl.c
+++ b/src/udev/udev-ctrl.c
@@ -59,6 +59,10 @@ int udev_ctrl_new_from_fd(UdevCtrl **ret, int fd) {
         if (r < 0)
                 log_warning_errno(r, "Failed to set SO_PASSCRED, ignoring: %m");
 
+        r = setsockopt_int(fd >= 0 ? fd : sock, SOL_SOCKET, SO_PASSRIGHTS, false);
+        if (r < 0)
+                log_debug_errno(r, "Failed to turn off SO_PASSRIGHTS, ignoring: %m");
+
         uctrl = new(UdevCtrl, 1);
         if (!uctrl)
                 return -ENOMEM;
diff --git a/units/syslog.socket b/units/syslog.socket
index 26b691c105b..383bc7a0674 100644
--- a/units/syslog.socket
+++ b/units/syslog.socket
@@ -27,6 +27,7 @@ ListenDatagram=/run/systemd/journal/syslog
 SocketMode=0666
 PassCredentials=yes
 PassSecurity=yes
+AcceptFileDescriptors=no
 ReceiveBuffer=8M
 
 # The default syslog implementation should make syslog.service a