From: Mike Yuan <me@yhndnzj.com>
Date: Fri, 8 Dec 2023 16:06:16 +0000 (+0800)
Subject: core/executor: do destruct static variables and selinux before exiting
X-Git-Tag: v256-rc1~1538
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ba8245a77a074bf65db79a60d2b6e390d76ebde3;p=thirdparty%2Fsystemd.git

core/executor: do destruct static variables and selinux before exiting

I was wondering why I couldn't trigger the assertion in safe_fclose()
when submitting #30251. It turned out that the static destructor was
not run at all :/

Replace main() with a minimized version of main-func.h. This also
prevents emitting negative exit codes.
---

diff --git a/src/core/executor.c b/src/core/executor.c
index 51c727f3254..b2716efeeaf 100644
--- a/src/core/executor.c
+++ b/src/core/executor.c
@@ -19,9 +19,10 @@
 #include "label-util.h"
 #include "parse-util.h"
 #include "pretty-print.h"
+#include "selinux-util.h"
 #include "static-destruct.h"
 
-static FILE* arg_serialization = NULL;
+static FILE *arg_serialization = NULL;
 
 STATIC_DESTRUCTOR_REGISTER(arg_serialization, fclosep);
 
@@ -171,9 +172,8 @@ static int parse_argv(int argc, char *argv[]) {
         return 1 /* work to do */;
 }
 
-int main(int argc, char *argv[]) {
+static int run(int argc, char *argv[]) {
         _cleanup_fdset_free_ FDSet *fdset = NULL;
-        int exit_status = EXIT_SUCCESS, r;
         _cleanup_(cgroup_context_done) CGroupContext cgroup_context = {};
         _cleanup_(exec_context_done) ExecContext context = {};
         _cleanup_(exec_command_done) ExecCommand command = {};
@@ -188,15 +188,11 @@ int main(int argc, char *argv[]) {
                 .shared = &shared,
                 .dynamic_creds = &dynamic_creds,
         };
+        int exit_status = EXIT_SUCCESS, r;
 
         exec_context_init(&context);
         cgroup_context_init(&cgroup_context);
 
-        /* We use safe_fork() for spawning sd-pam helper process, which internally calls rename_process().
-         * As the last step of renaming, all saved argvs are memzero()-ed. Hence, we need to save the argv
-         * first to prevent showing "intense" cmdline. See #30352. */
-        save_argc_argv(argc, argv);
-
         /* We might be starting the journal itself, we'll be told by the caller what to do */
         log_set_always_reopen_console(true);
         log_set_prohibit_ipc(true);
@@ -258,3 +254,19 @@ int main(int argc, char *argv[]) {
 
         return exit_status;
 }
+
+int main(int argc, char *argv[]) {
+        int r;
+
+        /* We use safe_fork() for spawning sd-pam helper process, which internally calls rename_process().
+         * As the last step of renaming, all saved argvs are memzero()-ed. Hence, we need to save the argv
+         * first to prevent showing "intense" cmdline. See #30352. */
+        save_argc_argv(argc, argv);
+
+        r = run(argc, argv);
+
+        mac_selinux_finish();
+        static_destruct();
+
+        return r < 0 ? EXIT_FAILURE : r;
+}