coredump: introduce an enum to wrap dumpable constants

Two constants are described in the man page, but are not defined by a header.
The third constant is described in the kernel docs. Use explicit values to
show that those are values are defined externally.

(cherry picked from commit 76e0ab49c47965877c19772a2b3bf55f6417ca39)

diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index a55bcb9419bc52c8fc04b6a80f10c53c04c7fa91..0a379481297294b56bf6586cd0abe9ffac318734 100644 (file)
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -442,7 +442,7 @@ static int grant_user_access(int core_fd, const Context *context) {
         /* We allow access if dumpable on the command line was exactly 1, we got all the data,
          * at_secure is not set, and the uid/gid match euid/egid. */
         bool ret =
-                context->dumpable == 1 &&
+                context->dumpable == SUID_DUMP_USER &&
                 at_secure == 0 &&
                 uid != UID_INVALID && euid != UID_INVALID && uid == euid &&
                 gid != GID_INVALID && egid != GID_INVALID && gid == egid;
@@ -1090,13 +1090,13 @@ static int context_parse_iovw(Context *context, struct iovec_wrapper *iovw) {
         if (r < 0)
                 log_warning_errno(r, "Failed to parse resource limit \"%s\", ignoring: %m", context->meta[META_ARGV_RLIMIT]);
 
-        /* The value is set to contents of /proc/sys/fs/suid_dumpable, which we set to 2,
+        /* The value is set to contents of /proc/sys/fs/suid_dumpable, which we set to SUID_DUMP_SAFE (2),
          * if the process is marked as not dumpable, see PR_SET_DUMPABLE(2const). */
         if (context->meta[META_ARGV_DUMPABLE]) {
                 r = safe_atou(context->meta[META_ARGV_DUMPABLE], &context->dumpable);
                 if (r < 0)
                         return log_error_errno(r, "Failed to parse dumpable field \"%s\": %m", context->meta[META_ARGV_DUMPABLE]);
-                if (context->dumpable > 2)
+                if (context->dumpable > SUID_DUMP_SAFE)
                         log_notice("Got unexpected %%d/dumpable value %u.", context->dumpable);
         }
 
@@ -1628,7 +1628,7 @@ static int can_forward_coredump(Context *context, pid_t pid) {
          * quickly replaces it with a namespaced process and we forward the coredump to the attacker, into
          * the namespace. With %F/pidfd we can reliably check the namespace of the original process, hence we
          * can allow forwarding. */
-        if (!context->got_pidfd && context->dumpable != 1)
+        if (!context->got_pidfd && context->dumpable != SUID_DUMP_USER)
                 return false;
 
         r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &cgroup);
@@ -2016,7 +2016,7 @@ static int run(int argc, char *argv[]) {
         log_set_target_and_open(LOG_TARGET_KMSG);
 
         /* Make sure we never enter a loop */
-        (void) prctl(PR_SET_DUMPABLE, 0);
+        (void) prctl(PR_SET_DUMPABLE, SUID_DUMP_DISABLE);
 
         /* Ignore all parse errors */
         (void) parse_config();

diff --git a/src/shared/coredump-util.h b/src/shared/coredump-util.h
index 4f54bb94c003708db65a03ab0e83b1a7cca8b88f..73c74c98c781605017e0fa425eb2e9a0fdca20d2 100644 (file)
--- a/src/shared/coredump-util.h
+++ b/src/shared/coredump-util.h
@@ -25,6 +25,13 @@ typedef enum CoredumpFilter {
 /* The kernel doesn't like UINT64_MAX and returns ERANGE, use UINT32_MAX to support future new flags */
 #define COREDUMP_FILTER_MASK_ALL UINT32_MAX
 
+typedef enum SuidDumpMode {
+        SUID_DUMP_DISABLE = 0,  /* PR_SET_DUMPABLE(2const) */
+        SUID_DUMP_USER    = 1,  /* PR_SET_DUMPABLE(2const) */
+        SUID_DUMP_SAFE    = 2,  /* https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#suid-dumpable */
+        _SUID_DUMP_MODE_MAX,
+} SuidDumpMode;
+
 const char* coredump_filter_to_string(CoredumpFilter i) _const_;
 CoredumpFilter coredump_filter_from_string(const char *s) _pure_;
 int coredump_filter_mask_from_string(const char *s, uint64_t *ret);