From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Thu, 29 Mar 2018 14:19:33 +0000 (+0200)
Subject: tmpfiles: add a new return code for "operational failure" when processing
X-Git-Tag: v239~436^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bb9947be2fa308d198b63b30e494ade5d68e5109;p=thirdparty%2Fsystemd.git

tmpfiles: add a new return code for "operational failure" when processing

Things can fail, and we have no control over it:
- file system issues (immutable bits, file system errors, MAC refusals, etc)
- kernel refusing certain arguments when writing to /proc/sys or /sys
Let's add a new code for the case where we parsed configuration but failed
to execute it because of external errors.
---

diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
index a6ae5e4f979..7c64dfaf586 100644
--- a/man/systemd-tmpfiles.xml
+++ b/man/systemd-tmpfiles.xml
@@ -225,11 +225,15 @@
   <refsect1>
     <title>Exit status</title>
 
-    <para>On success, 0 is returned. If the configuration was invalid (invalid syntax, missing
-    arguments, â¦), so some lines had to be ignored, but no other errors occurred,
+    <para>On success, 0 is returned. If the configuration was syntactically invalid (syntax errors,
+    missing arguments, â¦), so some lines had to be ignored, but no other errors occurred,
     <constant>65</constant> is returned (<constant>EX_DATAERR</constant> from
-    <filename>/usr/include/sysexits.h</filename>). Otherwise, <constant>1</constant> is returned
-    (<constant>EXIT_FAILURE</constant> from <filename>/usr/include/stdlib.h</filename>).
+    <filename>/usr/include/sysexits.h</filename>). If the configuration was syntactically valid, but
+    could not be executed (lack of permissions, creation of files in missing directories, invalid
+    contents when writing to <filename>/sys/</filename> values, â¦), <constant>73</constant> is
+    returned (<constant>EX_DATAERR</constant> from <filename>/usr/include/sysexits.h</filename>).
+    Otherwise, <constant>1</constant> is returned (<constant>EXIT_FAILURE</constant> from
+    <filename>/usr/include/stdlib.h</filename>).
     </para>
   </refsect1>
 
diff --git a/src/basic/fd-util.h b/src/basic/fd-util.h
index 007580b48f4..a87d8bdb417 100644
--- a/src/basic/fd-util.h
+++ b/src/basic/fd-util.h
@@ -98,6 +98,10 @@ int acquire_data_fd(const void *data, size_t size, unsigned flags);
 #define ERRNO_IS_DISCONNECT(r) \
         IN_SET(r, ENOTCONN, ECONNRESET, ECONNREFUSED, ECONNABORTED, EPIPE, ENETUNREACH)
 
+/* Resource exhaustion, could be our fault or general system trouble */
+#define ERRNO_IS_RESOURCE(r) \
+        IN_SET(r, ENOMEM, EMFILE, ENFILE)
+
 int fd_move_above_stdio(int fd);
 
 int rearrange_stdio(int original_input_fd, int original_output_fd, int original_error_fd);
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 61e76570b15..9bb6a4f7e61 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -1292,7 +1292,7 @@ static int write_one_file(Item *i, const char *path) {
 
         fd = safe_close(fd);
 
-done:
+ done:
         if (stat(path, &st) < 0)
                 return log_error_errno(errno, "stat(%s) failed: %m", path);
 
@@ -2728,7 +2728,7 @@ static int read_config_files(char **config_dirs, char **args, bool *invalid_conf
 }
 
 int main(int argc, char *argv[]) {
-        int r, k;
+        int r, k, r_process = 0;
         ItemArray *a;
         Iterator iterator;
         _cleanup_strv_free_ char **config_dirs = NULL;
@@ -2775,7 +2775,7 @@ int main(int argc, char *argv[]) {
 
                 t = strv_join(config_dirs, "\n\t");
                 if (t)
-                        log_debug("Looking for configuration files in (higher priority first:\n\t%s", t);
+                        log_debug("Looking for configuration files in (higher priority first):\n\t%s", t);
         }
 
         /* If command line arguments are specified along with --replace, read all
@@ -2791,22 +2791,20 @@ int main(int argc, char *argv[]) {
         if (r < 0)
                 goto finish;
 
-
-
         /* The non-globbing ones usually create things, hence we apply
          * them first */
         ORDERED_HASHMAP_FOREACH(a, items, iterator) {
                 k = process_item_array(a);
-                if (k < 0 && r == 0)
-                        r = k;
+                if (k < 0 && r_process == 0)
+                        r_process = k;
         }
 
         /* The globbing ones usually alter things, hence we apply them
          * second. */
         ORDERED_HASHMAP_FOREACH(a, globs, iterator) {
                 k = process_item_array(a);
-                if (k < 0 && r == 0)
-                        r = k;
+                if (k < 0 && r_process == 0)
+                        r_process = k;
         }
 
 finish:
@@ -2821,10 +2819,12 @@ finish:
 
         mac_selinux_finish();
 
-        if (r < 0)
+        if (r < 0 || ERRNO_IS_RESOURCE(-r_process))
                 return EXIT_FAILURE;
         else if (invalid_config)
                 return EX_DATAERR;
+        else if (r_process < 0)
+                return EX_CANTCREAT;
         else
                 return EXIT_SUCCESS;
 }
