]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
66cdd0f2 LP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2014 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
07630cea | 21 | #include <dirent.h> |
a8fbdf54 | 22 | #include <errno.h> |
07630cea | 23 | #include <fcntl.h> |
a8fbdf54 | 24 | #include <limits.h> |
07630cea | 25 | #include <mqueue.h> |
a8fbdf54 TA |
26 | #include <stdbool.h> |
27 | #include <stdio.h> | |
28 | #include <string.h> | |
66cdd0f2 | 29 | #include <sys/ipc.h> |
66cdd0f2 | 30 | #include <sys/msg.h> |
07630cea LP |
31 | #include <sys/sem.h> |
32 | #include <sys/shm.h> | |
66cdd0f2 | 33 | #include <sys/stat.h> |
a8fbdf54 | 34 | #include <unistd.h> |
66cdd0f2 | 35 | |
3ffd4af2 | 36 | #include "clean-ipc.h" |
cf0fbc49 | 37 | #include "dirent-util.h" |
3ffd4af2 | 38 | #include "fd-util.h" |
0d39fa9c | 39 | #include "fileio.h" |
f97b34a6 | 40 | #include "format-util.h" |
a8fbdf54 TA |
41 | #include "log.h" |
42 | #include "macro.h" | |
07630cea | 43 | #include "string-util.h" |
66cdd0f2 | 44 | #include "strv.h" |
00d9ef85 | 45 | #include "user-util.h" |
66cdd0f2 | 46 | |
00d9ef85 LP |
47 | static bool match_uid_gid(uid_t subject_uid, gid_t subject_gid, uid_t delete_uid, gid_t delete_gid) { |
48 | ||
49 | if (uid_is_valid(delete_uid) && subject_uid == delete_uid) | |
50 | return true; | |
51 | ||
52 | if (gid_is_valid(delete_gid) && subject_gid == delete_gid) | |
53 | return true; | |
54 | ||
55 | return false; | |
56 | } | |
57 | ||
98e4fcec | 58 | static int clean_sysvipc_shm(uid_t delete_uid, gid_t delete_gid, bool rm) { |
66cdd0f2 LP |
59 | _cleanup_fclose_ FILE *f = NULL; |
60 | char line[LINE_MAX]; | |
61 | bool first = true; | |
62 | int ret = 0; | |
63 | ||
64 | f = fopen("/proc/sysvipc/shm", "re"); | |
65 | if (!f) { | |
66 | if (errno == ENOENT) | |
67 | return 0; | |
68 | ||
e1427b13 | 69 | return log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m"); |
66cdd0f2 LP |
70 | } |
71 | ||
72 | FOREACH_LINE(line, f, goto fail) { | |
73 | unsigned n_attached; | |
74 | pid_t cpid, lpid; | |
75 | uid_t uid, cuid; | |
76 | gid_t gid, cgid; | |
77 | int shmid; | |
78 | ||
79 | if (first) { | |
80 | first = false; | |
81 | continue; | |
82 | } | |
83 | ||
84 | truncate_nl(line); | |
85 | ||
86 | if (sscanf(line, "%*i %i %*o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT, | |
87 | &shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8) | |
88 | continue; | |
89 | ||
90 | if (n_attached > 0) | |
91 | continue; | |
92 | ||
00d9ef85 | 93 | if (!match_uid_gid(uid, gid, delete_uid, delete_gid)) |
66cdd0f2 LP |
94 | continue; |
95 | ||
98e4fcec LP |
96 | if (!rm) |
97 | return 1; | |
98 | ||
66cdd0f2 LP |
99 | if (shmctl(shmid, IPC_RMID, NULL) < 0) { |
100 | ||
101 | /* Ignore entries that are already deleted */ | |
3742095b | 102 | if (IN_SET(errno, EIDRM, EINVAL)) |
66cdd0f2 LP |
103 | continue; |
104 | ||
94c156cd LP |
105 | ret = log_warning_errno(errno, |
106 | "Failed to remove SysV shared memory segment %i: %m", | |
107 | shmid); | |
98e4fcec | 108 | } else { |
8a384842 | 109 | log_debug("Removed SysV shared memory segment %i.", shmid); |
98e4fcec LP |
110 | if (ret == 0) |
111 | ret = 1; | |
112 | } | |
66cdd0f2 LP |
113 | } |
114 | ||
115 | return ret; | |
116 | ||
117 | fail: | |
e1427b13 | 118 | return log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m"); |
66cdd0f2 LP |
119 | } |
120 | ||
98e4fcec | 121 | static int clean_sysvipc_sem(uid_t delete_uid, gid_t delete_gid, bool rm) { |
66cdd0f2 LP |
122 | _cleanup_fclose_ FILE *f = NULL; |
123 | char line[LINE_MAX]; | |
124 | bool first = true; | |
125 | int ret = 0; | |
126 | ||
127 | f = fopen("/proc/sysvipc/sem", "re"); | |
128 | if (!f) { | |
129 | if (errno == ENOENT) | |
130 | return 0; | |
131 | ||
e1427b13 | 132 | return log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m"); |
66cdd0f2 LP |
133 | } |
134 | ||
135 | FOREACH_LINE(line, f, goto fail) { | |
136 | uid_t uid, cuid; | |
137 | gid_t gid, cgid; | |
138 | int semid; | |
139 | ||
140 | if (first) { | |
141 | first = false; | |
142 | continue; | |
143 | } | |
144 | ||
145 | truncate_nl(line); | |
146 | ||
147 | if (sscanf(line, "%*i %i %*o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT, | |
148 | &semid, &uid, &gid, &cuid, &cgid) != 5) | |
149 | continue; | |
150 | ||
00d9ef85 | 151 | if (!match_uid_gid(uid, gid, delete_uid, delete_gid)) |
66cdd0f2 LP |
152 | continue; |
153 | ||
98e4fcec LP |
154 | if (!rm) |
155 | return 1; | |
156 | ||
66cdd0f2 LP |
157 | if (semctl(semid, 0, IPC_RMID) < 0) { |
158 | ||
159 | /* Ignore entries that are already deleted */ | |
3742095b | 160 | if (IN_SET(errno, EIDRM, EINVAL)) |
66cdd0f2 LP |
161 | continue; |
162 | ||
94c156cd LP |
163 | ret = log_warning_errno(errno, |
164 | "Failed to remove SysV semaphores object %i: %m", | |
165 | semid); | |
98e4fcec | 166 | } else { |
8a384842 | 167 | log_debug("Removed SysV semaphore %i.", semid); |
98e4fcec LP |
168 | if (ret == 0) |
169 | ret = 1; | |
170 | } | |
66cdd0f2 LP |
171 | } |
172 | ||
173 | return ret; | |
174 | ||
175 | fail: | |
e1427b13 | 176 | return log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m"); |
66cdd0f2 LP |
177 | } |
178 | ||
98e4fcec | 179 | static int clean_sysvipc_msg(uid_t delete_uid, gid_t delete_gid, bool rm) { |
66cdd0f2 LP |
180 | _cleanup_fclose_ FILE *f = NULL; |
181 | char line[LINE_MAX]; | |
182 | bool first = true; | |
183 | int ret = 0; | |
184 | ||
185 | f = fopen("/proc/sysvipc/msg", "re"); | |
186 | if (!f) { | |
187 | if (errno == ENOENT) | |
188 | return 0; | |
189 | ||
e1427b13 | 190 | return log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m"); |
66cdd0f2 LP |
191 | } |
192 | ||
193 | FOREACH_LINE(line, f, goto fail) { | |
194 | uid_t uid, cuid; | |
195 | gid_t gid, cgid; | |
196 | pid_t cpid, lpid; | |
197 | int msgid; | |
198 | ||
199 | if (first) { | |
200 | first = false; | |
201 | continue; | |
202 | } | |
203 | ||
204 | truncate_nl(line); | |
205 | ||
206 | if (sscanf(line, "%*i %i %*o %*u %*u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT, | |
207 | &msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7) | |
208 | continue; | |
209 | ||
00d9ef85 | 210 | if (!match_uid_gid(uid, gid, delete_uid, delete_gid)) |
66cdd0f2 LP |
211 | continue; |
212 | ||
98e4fcec LP |
213 | if (!rm) |
214 | return 1; | |
215 | ||
66cdd0f2 LP |
216 | if (msgctl(msgid, IPC_RMID, NULL) < 0) { |
217 | ||
218 | /* Ignore entries that are already deleted */ | |
3742095b | 219 | if (IN_SET(errno, EIDRM, EINVAL)) |
66cdd0f2 LP |
220 | continue; |
221 | ||
94c156cd LP |
222 | ret = log_warning_errno(errno, |
223 | "Failed to remove SysV message queue %i: %m", | |
224 | msgid); | |
98e4fcec | 225 | } else { |
8a384842 | 226 | log_debug("Removed SysV message queue %i.", msgid); |
98e4fcec LP |
227 | if (ret == 0) |
228 | ret = 1; | |
229 | } | |
66cdd0f2 LP |
230 | } |
231 | ||
232 | return ret; | |
233 | ||
234 | fail: | |
e1427b13 | 235 | return log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m"); |
66cdd0f2 LP |
236 | } |
237 | ||
98e4fcec | 238 | static int clean_posix_shm_internal(DIR *dir, uid_t uid, gid_t gid, bool rm) { |
66cdd0f2 LP |
239 | struct dirent *de; |
240 | int ret = 0, r; | |
241 | ||
242 | assert(dir); | |
243 | ||
91f2048c | 244 | FOREACH_DIRENT_ALL(de, dir, goto fail) { |
66cdd0f2 LP |
245 | struct stat st; |
246 | ||
49bfc877 | 247 | if (dot_or_dot_dot(de->d_name)) |
66cdd0f2 LP |
248 | continue; |
249 | ||
250 | if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) { | |
251 | if (errno == ENOENT) | |
252 | continue; | |
253 | ||
3db99289 | 254 | ret = log_warning_errno(errno, "Failed to stat() POSIX shared memory segment %s: %m", de->d_name); |
66cdd0f2 LP |
255 | continue; |
256 | } | |
257 | ||
66cdd0f2 LP |
258 | if (S_ISDIR(st.st_mode)) { |
259 | _cleanup_closedir_ DIR *kid; | |
260 | ||
261 | kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW|O_NOATIME); | |
262 | if (!kid) { | |
3db99289 LP |
263 | if (errno != ENOENT) |
264 | ret = log_warning_errno(errno, "Failed to enter shared memory directory %s: %m", de->d_name); | |
66cdd0f2 | 265 | } else { |
98e4fcec | 266 | r = clean_posix_shm_internal(kid, uid, gid, rm); |
66cdd0f2 LP |
267 | if (r < 0) |
268 | ret = r; | |
269 | } | |
270 | ||
98e4fcec LP |
271 | if (!match_uid_gid(st.st_uid, st.st_gid, uid, gid)) |
272 | continue; | |
273 | ||
274 | if (!rm) | |
275 | return 1; | |
276 | ||
66cdd0f2 LP |
277 | if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) { |
278 | ||
279 | if (errno == ENOENT) | |
280 | continue; | |
281 | ||
3db99289 | 282 | ret = log_warning_errno(errno, "Failed to remove POSIX shared memory directory %s: %m", de->d_name); |
98e4fcec | 283 | } else { |
8a384842 | 284 | log_debug("Removed POSIX shared memory directory %s", de->d_name); |
98e4fcec LP |
285 | if (ret == 0) |
286 | ret = 1; | |
287 | } | |
66cdd0f2 LP |
288 | } else { |
289 | ||
98e4fcec LP |
290 | if (!match_uid_gid(st.st_uid, st.st_gid, uid, gid)) |
291 | continue; | |
292 | ||
293 | if (!rm) | |
294 | return 1; | |
295 | ||
66cdd0f2 LP |
296 | if (unlinkat(dirfd(dir), de->d_name, 0) < 0) { |
297 | ||
298 | if (errno == ENOENT) | |
299 | continue; | |
300 | ||
3db99289 | 301 | ret = log_warning_errno(errno, "Failed to remove POSIX shared memory segment %s: %m", de->d_name); |
98e4fcec | 302 | } else { |
8a384842 | 303 | log_debug("Removed POSIX shared memory segment %s", de->d_name); |
98e4fcec LP |
304 | if (ret == 0) |
305 | ret = 1; | |
306 | } | |
66cdd0f2 LP |
307 | } |
308 | } | |
309 | ||
310 | return ret; | |
311 | ||
312 | fail: | |
3db99289 | 313 | return log_warning_errno(errno, "Failed to read /dev/shm: %m"); |
66cdd0f2 LP |
314 | } |
315 | ||
98e4fcec | 316 | static int clean_posix_shm(uid_t uid, gid_t gid, bool rm) { |
66cdd0f2 LP |
317 | _cleanup_closedir_ DIR *dir = NULL; |
318 | ||
319 | dir = opendir("/dev/shm"); | |
320 | if (!dir) { | |
321 | if (errno == ENOENT) | |
322 | return 0; | |
323 | ||
e1427b13 | 324 | return log_warning_errno(errno, "Failed to open /dev/shm: %m"); |
66cdd0f2 LP |
325 | } |
326 | ||
98e4fcec | 327 | return clean_posix_shm_internal(dir, uid, gid, rm); |
66cdd0f2 LP |
328 | } |
329 | ||
98e4fcec | 330 | static int clean_posix_mq(uid_t uid, gid_t gid, bool rm) { |
66cdd0f2 LP |
331 | _cleanup_closedir_ DIR *dir = NULL; |
332 | struct dirent *de; | |
333 | int ret = 0; | |
334 | ||
335 | dir = opendir("/dev/mqueue"); | |
336 | if (!dir) { | |
337 | if (errno == ENOENT) | |
338 | return 0; | |
339 | ||
e1427b13 | 340 | return log_warning_errno(errno, "Failed to open /dev/mqueue: %m"); |
66cdd0f2 LP |
341 | } |
342 | ||
91f2048c | 343 | FOREACH_DIRENT_ALL(de, dir, goto fail) { |
66cdd0f2 LP |
344 | struct stat st; |
345 | char fn[1+strlen(de->d_name)+1]; | |
346 | ||
49bfc877 | 347 | if (dot_or_dot_dot(de->d_name)) |
66cdd0f2 LP |
348 | continue; |
349 | ||
350 | if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) { | |
351 | if (errno == ENOENT) | |
352 | continue; | |
353 | ||
94c156cd LP |
354 | ret = log_warning_errno(errno, |
355 | "Failed to stat() MQ segment %s: %m", | |
356 | de->d_name); | |
66cdd0f2 LP |
357 | continue; |
358 | } | |
359 | ||
00d9ef85 | 360 | if (!match_uid_gid(st.st_uid, st.st_gid, uid, gid)) |
66cdd0f2 LP |
361 | continue; |
362 | ||
98e4fcec LP |
363 | if (!rm) |
364 | return 1; | |
365 | ||
66cdd0f2 LP |
366 | fn[0] = '/'; |
367 | strcpy(fn+1, de->d_name); | |
368 | ||
369 | if (mq_unlink(fn) < 0) { | |
370 | if (errno == ENOENT) | |
371 | continue; | |
372 | ||
94c156cd LP |
373 | ret = log_warning_errno(errno, |
374 | "Failed to unlink POSIX message queue %s: %m", | |
375 | fn); | |
98e4fcec | 376 | } else { |
8a384842 | 377 | log_debug("Removed POSIX message queue %s", fn); |
98e4fcec LP |
378 | if (ret == 0) |
379 | ret = 1; | |
380 | } | |
66cdd0f2 LP |
381 | } |
382 | ||
383 | return ret; | |
384 | ||
385 | fail: | |
e1427b13 | 386 | return log_warning_errno(errno, "Failed to read /dev/mqueue: %m"); |
66cdd0f2 LP |
387 | } |
388 | ||
98e4fcec | 389 | int clean_ipc_internal(uid_t uid, gid_t gid, bool rm) { |
66cdd0f2 LP |
390 | int ret = 0, r; |
391 | ||
98e4fcec LP |
392 | /* If 'rm' is true, clean all IPC objects owned by either the specified UID or the specified GID. Return the |
393 | * last error encountered or == 0 if no matching IPC objects have been found or > 0 if matching IPC objects | |
394 | * have been found and have been removed. | |
395 | * | |
396 | * If 'rm' is false, just search for IPC objects owned by either the specified UID or the specified GID. In | |
397 | * this case we return < 0 on error, > 0 if we found a matching object, == 0 if we didn't. | |
398 | * | |
399 | * As special rule: if UID/GID is specified as root we'll silently not clean up things, and always claim that | |
400 | * there are IPC objects for it. */ | |
401 | ||
402 | if (uid == 0) { | |
403 | if (!rm) | |
404 | return 1; | |
405 | ||
406 | uid = UID_INVALID; | |
407 | } | |
408 | if (gid == 0) { | |
409 | if (!rm) | |
410 | return 1; | |
411 | ||
412 | gid = GID_INVALID; | |
413 | } | |
414 | ||
00d9ef85 LP |
415 | /* Anything to do? */ |
416 | if (!uid_is_valid(uid) && !gid_is_valid(gid)) | |
66cdd0f2 LP |
417 | return 0; |
418 | ||
98e4fcec LP |
419 | r = clean_sysvipc_shm(uid, gid, rm); |
420 | if (r != 0) { | |
421 | if (!rm) | |
422 | return r; | |
423 | if (ret == 0) | |
424 | ret = r; | |
425 | } | |
66cdd0f2 | 426 | |
98e4fcec LP |
427 | r = clean_sysvipc_sem(uid, gid, rm); |
428 | if (r != 0) { | |
429 | if (!rm) | |
430 | return r; | |
431 | if (ret == 0) | |
432 | ret = r; | |
433 | } | |
66cdd0f2 | 434 | |
98e4fcec LP |
435 | r = clean_sysvipc_msg(uid, gid, rm); |
436 | if (r != 0) { | |
437 | if (!rm) | |
438 | return r; | |
439 | if (ret == 0) | |
440 | ret = r; | |
441 | } | |
66cdd0f2 | 442 | |
98e4fcec LP |
443 | r = clean_posix_shm(uid, gid, rm); |
444 | if (r != 0) { | |
445 | if (!rm) | |
446 | return r; | |
447 | if (ret == 0) | |
448 | ret = r; | |
449 | } | |
66cdd0f2 | 450 | |
98e4fcec LP |
451 | r = clean_posix_mq(uid, gid, rm); |
452 | if (r != 0) { | |
453 | if (!rm) | |
454 | return r; | |
455 | if (ret == 0) | |
456 | ret = r; | |
457 | } | |
66cdd0f2 LP |
458 | |
459 | return ret; | |
460 | } | |
00d9ef85 LP |
461 | |
462 | int clean_ipc_by_uid(uid_t uid) { | |
98e4fcec | 463 | return clean_ipc_internal(uid, GID_INVALID, true); |
00d9ef85 LP |
464 | } |
465 | ||
466 | int clean_ipc_by_gid(gid_t gid) { | |
98e4fcec | 467 | return clean_ipc_internal(UID_INVALID, gid, true); |
00d9ef85 | 468 | } |