]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/clean-ipc.c
2 This file is part of systemd.
4 Copyright 2014 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
35 #include "clean-ipc.h"
36 #include "dirent-util.h"
39 #include "formats-util.h"
42 #include "string-util.h"
44 #include "user-util.h"
46 static bool match_uid_gid(uid_t subject_uid
, gid_t subject_gid
, uid_t delete_uid
, gid_t delete_gid
) {
48 if (uid_is_valid(delete_uid
) && subject_uid
== delete_uid
)
51 if (gid_is_valid(delete_gid
) && subject_gid
== delete_gid
)
57 static int clean_sysvipc_shm(uid_t delete_uid
, gid_t delete_gid
) {
58 _cleanup_fclose_
FILE *f
= NULL
;
63 f
= fopen("/proc/sysvipc/shm", "re");
68 return log_warning_errno(errno
, "Failed to open /proc/sysvipc/shm: %m");
71 FOREACH_LINE(line
, f
, goto fail
) {
85 if (sscanf(line
, "%*i %i %*o %*u " PID_FMT
" " PID_FMT
" %u " UID_FMT
" " GID_FMT
" " UID_FMT
" " GID_FMT
,
86 &shmid
, &cpid
, &lpid
, &n_attached
, &uid
, &gid
, &cuid
, &cgid
) != 8)
92 if (!match_uid_gid(uid
, gid
, delete_uid
, delete_gid
))
95 if (shmctl(shmid
, IPC_RMID
, NULL
) < 0) {
97 /* Ignore entries that are already deleted */
98 if (errno
== EIDRM
|| errno
== EINVAL
)
101 ret
= log_warning_errno(errno
,
102 "Failed to remove SysV shared memory segment %i: %m",
110 return log_warning_errno(errno
, "Failed to read /proc/sysvipc/shm: %m");
113 static int clean_sysvipc_sem(uid_t delete_uid
, gid_t delete_gid
) {
114 _cleanup_fclose_
FILE *f
= NULL
;
119 f
= fopen("/proc/sysvipc/sem", "re");
124 return log_warning_errno(errno
, "Failed to open /proc/sysvipc/sem: %m");
127 FOREACH_LINE(line
, f
, goto fail
) {
139 if (sscanf(line
, "%*i %i %*o %*u " UID_FMT
" " GID_FMT
" " UID_FMT
" " GID_FMT
,
140 &semid
, &uid
, &gid
, &cuid
, &cgid
) != 5)
143 if (!match_uid_gid(uid
, gid
, delete_uid
, delete_gid
))
146 if (semctl(semid
, 0, IPC_RMID
) < 0) {
148 /* Ignore entries that are already deleted */
149 if (errno
== EIDRM
|| errno
== EINVAL
)
152 ret
= log_warning_errno(errno
,
153 "Failed to remove SysV semaphores object %i: %m",
161 return log_warning_errno(errno
, "Failed to read /proc/sysvipc/sem: %m");
164 static int clean_sysvipc_msg(uid_t delete_uid
, gid_t delete_gid
) {
165 _cleanup_fclose_
FILE *f
= NULL
;
170 f
= fopen("/proc/sysvipc/msg", "re");
175 return log_warning_errno(errno
, "Failed to open /proc/sysvipc/msg: %m");
178 FOREACH_LINE(line
, f
, goto fail
) {
191 if (sscanf(line
, "%*i %i %*o %*u %*u " PID_FMT
" " PID_FMT
" " UID_FMT
" " GID_FMT
" " UID_FMT
" " GID_FMT
,
192 &msgid
, &cpid
, &lpid
, &uid
, &gid
, &cuid
, &cgid
) != 7)
195 if (!match_uid_gid(uid
, gid
, delete_uid
, delete_gid
))
198 if (msgctl(msgid
, IPC_RMID
, NULL
) < 0) {
200 /* Ignore entries that are already deleted */
201 if (errno
== EIDRM
|| errno
== EINVAL
)
204 ret
= log_warning_errno(errno
,
205 "Failed to remove SysV message queue %i: %m",
213 return log_warning_errno(errno
, "Failed to read /proc/sysvipc/msg: %m");
216 static int clean_posix_shm_internal(DIR *dir
, uid_t uid
, gid_t gid
) {
222 FOREACH_DIRENT_ALL(de
, dir
, goto fail
) {
225 if (STR_IN_SET(de
->d_name
, "..", "."))
228 if (fstatat(dirfd(dir
), de
->d_name
, &st
, AT_SYMLINK_NOFOLLOW
) < 0) {
232 ret
= log_warning_errno(errno
, "Failed to stat() POSIX shared memory segment %s: %m", de
->d_name
);
236 if (!match_uid_gid(st
.st_uid
, st
.st_gid
, uid
, gid
))
239 if (S_ISDIR(st
.st_mode
)) {
240 _cleanup_closedir_
DIR *kid
;
242 kid
= xopendirat(dirfd(dir
), de
->d_name
, O_NOFOLLOW
|O_NOATIME
);
245 ret
= log_warning_errno(errno
, "Failed to enter shared memory directory %s: %m", de
->d_name
);
247 r
= clean_posix_shm_internal(kid
, uid
, gid
);
252 if (unlinkat(dirfd(dir
), de
->d_name
, AT_REMOVEDIR
) < 0) {
257 ret
= log_warning_errno(errno
, "Failed to remove POSIX shared memory directory %s: %m", de
->d_name
);
261 if (unlinkat(dirfd(dir
), de
->d_name
, 0) < 0) {
266 ret
= log_warning_errno(errno
, "Failed to remove POSIX shared memory segment %s: %m", de
->d_name
);
274 return log_warning_errno(errno
, "Failed to read /dev/shm: %m");
277 static int clean_posix_shm(uid_t uid
, gid_t gid
) {
278 _cleanup_closedir_
DIR *dir
= NULL
;
280 dir
= opendir("/dev/shm");
285 return log_warning_errno(errno
, "Failed to open /dev/shm: %m");
288 return clean_posix_shm_internal(dir
, uid
, gid
);
291 static int clean_posix_mq(uid_t uid
, gid_t gid
) {
292 _cleanup_closedir_
DIR *dir
= NULL
;
296 dir
= opendir("/dev/mqueue");
301 return log_warning_errno(errno
, "Failed to open /dev/mqueue: %m");
304 FOREACH_DIRENT_ALL(de
, dir
, goto fail
) {
306 char fn
[1+strlen(de
->d_name
)+1];
308 if (STR_IN_SET(de
->d_name
, "..", "."))
311 if (fstatat(dirfd(dir
), de
->d_name
, &st
, AT_SYMLINK_NOFOLLOW
) < 0) {
315 ret
= log_warning_errno(errno
,
316 "Failed to stat() MQ segment %s: %m",
321 if (!match_uid_gid(st
.st_uid
, st
.st_gid
, uid
, gid
))
325 strcpy(fn
+1, de
->d_name
);
327 if (mq_unlink(fn
) < 0) {
331 ret
= log_warning_errno(errno
,
332 "Failed to unlink POSIX message queue %s: %m",
340 return log_warning_errno(errno
, "Failed to read /dev/mqueue: %m");
343 int clean_ipc(uid_t uid
, gid_t gid
) {
346 /* Anything to do? */
347 if (!uid_is_valid(uid
) && !gid_is_valid(gid
))
350 /* Refuse to clean IPC of the root user */
351 if (uid
== 0 && gid
== 0)
354 r
= clean_sysvipc_shm(uid
, gid
);
358 r
= clean_sysvipc_sem(uid
, gid
);
362 r
= clean_sysvipc_msg(uid
, gid
);
366 r
= clean_posix_shm(uid
, gid
);
370 r
= clean_posix_mq(uid
, gid
);
377 int clean_ipc_by_uid(uid_t uid
) {
378 return clean_ipc(uid
, GID_INVALID
);
381 int clean_ipc_by_gid(gid_t gid
) {
382 return clean_ipc(UID_INVALID
, gid
);