From: Mike Yuan Date: Thu, 5 Jun 2025 21:01:09 +0000 (+0200) Subject: notify-recv: disable SO_PASSRIGHTS by default in notify_socket_prepare() X-Git-Tag: v258-rc1~301^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=718e7eb1849d6acafaf77738df808403c0e81953;p=thirdparty%2Fsystemd.git notify-recv: disable SO_PASSRIGHTS by default in notify_socket_prepare() --- diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c index 5c0ad7625f4..072cb12360a 100644 --- a/src/home/homed-manager.c +++ b/src/home/homed-manager.c @@ -1154,15 +1154,16 @@ static int manager_listen_notify(Manager *m) { assert(m); assert(!m->notify_socket_path); - r = notify_socket_prepare( + r = notify_socket_prepare_full( m->event, SD_EVENT_PRIORITY_NORMAL - 5, /* Make sure we process sd_notify() before SIGCHLD for * any worker, so that we always know the error number * of a client before it exits. */ on_notify_socket, m, + /* accept_fds = */ true, &m->notify_socket_path, - /* ret_event_source= */ NULL); + /* ret_event_source = */ NULL); if (r < 0) return log_error_errno(r, "Failed to prepare notify socket: %m"); diff --git a/src/import/importd.c b/src/import/importd.c index 2b59c965f75..b28e6445341 100644 --- a/src/import/importd.c +++ b/src/import/importd.c @@ -723,8 +723,7 @@ static int manager_new(Manager **ret) { SD_EVENT_PRIORITY_NORMAL, manager_on_notify, m, - &m->notify_socket_path, - /* ret_event_source= */ NULL); + &m->notify_socket_path); if (r < 0) return r; diff --git a/src/notify/notify.c b/src/notify/notify.c index facd1eb9eec..3035c9f6cfe 100644 --- a/src/notify/notify.c +++ b/src/notify/notify.c @@ -511,8 +511,7 @@ static int action_fork(char *const *_command) { * more interesting, "positive" information. */ on_notify_socket, &child, - &addr_string, - /* ret_event_source= */ NULL); + &addr_string); if (r < 0) return log_error_errno(r, "Failed to prepare notify socket: %m"); diff --git a/src/shared/fork-journal.c b/src/shared/fork-journal.c index 6e4a0300fff..4fac8dead17 100644 --- a/src/shared/fork-journal.c +++ b/src/shared/fork-journal.c @@ -108,11 +108,12 @@ int journal_fork(RuntimeScope scope, char * const *units, PidRef *ret_pidref) { _cleanup_(sd_event_source_disable_unrefp) sd_event_source *notify_event_source = NULL; _cleanup_(pidref_done_sigkill_wait) PidRef child = PIDREF_NULL; _cleanup_free_ char *addr_string = NULL; - r = notify_socket_prepare( + r = notify_socket_prepare_full( event, SD_EVENT_PRIORITY_NORMAL-10, /* We want the notification message from the child before the SIGCHLD */ on_child_notify, &child, + /* accept_fds = */ false, &addr_string, ¬ify_event_source); if (r < 0) diff --git a/src/shared/notify-recv.c b/src/shared/notify-recv.c index 1bc320af41b..ceee6587fa3 100644 --- a/src/shared/notify-recv.c +++ b/src/shared/notify-recv.c @@ -15,11 +15,12 @@ #include "socket-util.h" #include "strv.h" -int notify_socket_prepare( +int notify_socket_prepare_full( sd_event *event, int64_t priority, sd_event_io_handler_t handler, void *userdata, + bool accept_fds, char **ret_path, sd_event_source **ret_event_source) { @@ -48,6 +49,13 @@ int notify_socket_prepare( if (r < 0) log_debug_errno(r, "Failed to enable SO_PASSPIDFD on notification socket, ignoring: %m"); + if (!accept_fds) { + /* since kernel v6.16 */ + r = setsockopt_int(fd, SOL_SOCKET, SO_PASSRIGHTS, false); + if (r < 0) + log_debug_errno(r, "Failed to disable SO_PASSRIGHTS on notification socket, ignoring: %m"); + } + _cleanup_(sd_event_source_unrefp) sd_event_source *s = NULL; r = sd_event_add_io(event, &s, fd, EPOLLIN, handler, userdata); if (r < 0) diff --git a/src/shared/notify-recv.h b/src/shared/notify-recv.h index 4306439b6f7..e260e7ef5e7 100644 --- a/src/shared/notify-recv.h +++ b/src/shared/notify-recv.h @@ -3,14 +3,25 @@ #include "forward.h" -int notify_socket_prepare( +int notify_socket_prepare_full( sd_event *event, int64_t priority, sd_event_io_handler_t handler, void *userdata, + bool accept_fds, char **ret_path, sd_event_source **ret_event_source); +static inline int notify_socket_prepare( + sd_event *event, + int64_t priority, + sd_event_io_handler_t handler, + void *userdata, + char **ret_path) { + + return notify_socket_prepare_full(event, priority, handler, userdata, false, ret_path, NULL); +} + int notify_recv_with_fds( int fd, char **ret_text, diff --git a/src/sysupdate/sysupdate-transfer.c b/src/sysupdate/sysupdate-transfer.c index f9c87ffad7e..0916aacab28 100644 --- a/src/sysupdate/sysupdate-transfer.c +++ b/src/sysupdate/sysupdate-transfer.c @@ -1066,8 +1066,7 @@ static int run_callout( SD_EVENT_PRIORITY_NORMAL - 5, helper_on_notify, ctx, - &bind_name, - /* ret_event_source= */ NULL); + &bind_name); if (r < 0) return log_error_errno(r, "Failed to prepare notify socket: %m"); diff --git a/src/sysupdate/sysupdated.c b/src/sysupdate/sysupdated.c index 3d65d99389b..c46b2804b5b 100644 --- a/src/sysupdate/sysupdated.c +++ b/src/sysupdate/sysupdated.c @@ -1748,8 +1748,7 @@ static int manager_new(Manager **ret) { SD_EVENT_PRIORITY_NORMAL, manager_on_notify, m, - &m->notify_socket_path, - /* ret_event_source= */ NULL); + &m->notify_socket_path); if (r < 0) return r; diff --git a/src/test/test-notify-recv.c b/src/test/test-notify-recv.c index 5820048c92c..bca56df13b9 100644 --- a/src/test/test-notify-recv.c +++ b/src/test/test-notify-recv.c @@ -88,7 +88,7 @@ TEST(notify_socket_prepare) { .pidref = PIDREF_NULL, }; _cleanup_free_ char *path = NULL; - ASSERT_OK(notify_socket_prepare(e, SD_EVENT_PRIORITY_NORMAL - 10, on_recv, &c, &path, /* ret_event_source= */ NULL)); + ASSERT_OK(notify_socket_prepare_full(e, SD_EVENT_PRIORITY_NORMAL - 10, on_recv, &c, true, &path, NULL)); ASSERT_OK(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD)); diff --git a/src/udev/udev-manager.c b/src/udev/udev-manager.c index aaaabe0d318..09ab8997e10 100644 --- a/src/udev/udev-manager.c +++ b/src/udev/udev-manager.c @@ -1232,8 +1232,7 @@ static int manager_start_worker_notify(Manager *manager) { EVENT_PRIORITY_WORKER_NOTIFY, on_worker_notify, manager, - &manager->worker_notify_socket_path, - /* ret_event_source= */ NULL); + &manager->worker_notify_socket_path); if (r < 0) return log_error_errno(r, "Failed to prepare worker notification socket: %m");