14895667988

Committed 07 May 2025 08:57PM UTC coverage: 72.225% (-0.007%) from 72.232%

Build # 14895667988

Build Type

push

github

Committed by

yuwata

Commit Message

network: log_link_message_debug_errno() automatically append %m if necessary

Follow-up for d28746ef5.
Fixes CID#1609753.

Coverage Stats

0 of 1 new or added line in 1 file covered. (0.0%)

20297 existing lines in 338 files now uncovered.

297407 of 411780 relevant lines covered (72.22%)

695716.85 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

71.58

/src/login/user-runtime-dir.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <stdint.h>
#include <sys/mount.h>

#include "sd-bus.h"

#include "bus-error.h"
#include "bus-locator.h"
#include "dev-setup.h"
#include "devnum-util.h"
#include "fd-util.h"
#include "format-util.h"
#include "fs-util.h"
#include "label-util.h"
#include "limits-util.h"
#include "log.h"
#include "main-func.h"
#include "missing_magic.h"
#include "missing_syscall.h"
#include "mkdir-label.h"
#include "mount-util.h"
#include "mountpoint-util.h"
#include "path-util.h"
#include "quota-util.h"
#include "rm-rf.h"
#include "selinux-util.h"
#include "smack-util.h"
#include "stat-util.h"
#include "stdio-util.h"
#include "string-util.h"
#include "strv.h"
#include "user-util.h"
#include "userdb.h"

static int acquire_runtime_dir_properties(uint64_t *ret_size, uint64_t *ret_inodes) {
        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
        uint64_t size, inodes;
        int r;

        assert(ret_size);
        assert(ret_inodes);

        r = sd_bus_default_system(&bus);
        if (r < 0)
                return log_error_errno(r, "Failed to connect to system bus: %m");

        r = bus_get_property_trivial(bus, bus_login_mgr, "RuntimeDirectorySize", &error, 't', &size);
        if (r < 0) {
                log_warning_errno(r, "Failed to acquire runtime directory size, ignoring: %s", bus_error_message(&error, r));
                sd_bus_error_free(&error);

                size = physical_memory_scale(10U, 100U); /* 10% */
        }

        r = bus_get_property_trivial(bus, bus_login_mgr, "RuntimeDirectoryInodesMax", &error, 't', &inodes);
        if (r < 0) {
                log_warning_errno(r, "Failed to acquire number of inodes for runtime directory, ignoring: %s", bus_error_message(&error, r));
                sd_bus_error_free(&error);

                inodes = DIV_ROUND_UP(size, 4096);
        }

        *ret_size = size;
        *ret_inodes = inodes;

        return 0;
}

static int user_mkdir_runtime_path(
                const char *runtime_path,
                uid_t uid,
                gid_t gid,
                uint64_t runtime_dir_size,
                uint64_t runtime_dir_inodes) {

        int r;

        assert(runtime_path);
        assert(path_is_absolute(runtime_path));
        assert(uid_is_valid(uid));
        assert(gid_is_valid(gid));

        r = mkdir_safe_label("/run/user", 0755, 0, 0, MKDIR_WARN_MODE);
        if (r < 0)
                return log_error_errno(r, "Failed to create /run/user: %m");

        if (path_is_mount_point(runtime_path) > 0)
                log_debug("%s is already a mount point", runtime_path);
        else {
                char options[STRLEN("mode=0700,uid=,gid=,size=,nr_inodes=,smackfsroot=*")
                             + DECIMAL_STR_MAX(uid_t)
                             + DECIMAL_STR_MAX(gid_t)
                             + DECIMAL_STR_MAX(uint64_t)
                             + DECIMAL_STR_MAX(uint64_t)];

                xsprintf(options,
                         "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%" PRIu64 ",nr_inodes=%" PRIu64 "%s",
                         uid, gid, runtime_dir_size, runtime_dir_inodes,
                         mac_smack_use() ? ",smackfsroot=*" : "");

                _cleanup_free_ char *d = strdup(runtime_path);
                if (!d)
                        return log_oom();

                r = mkdir_label(runtime_path, 0700);
                if (r < 0 && r != -EEXIST)
                        return log_error_errno(r, "Failed to create %s: %m", runtime_path);

                _cleanup_(rmdir_and_freep) char *destroy = TAKE_PTR(d); /* auto-destroy */

                r = mount_nofollow_verbose(LOG_DEBUG, "tmpfs", runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, options);
                if (r < 0) {
                        if (!ERRNO_IS_PRIVILEGE(r))
                                return log_error_errno(r, "Failed to mount per-user tmpfs directory %s: %m", runtime_path);

                        log_debug_errno(r,
                                        "Failed to mount per-user tmpfs directory %s.\n"
                                        "Assuming containerized execution, ignoring: %m", runtime_path);

                        r = chmod_and_chown(runtime_path, 0700, uid, gid);
                        if (r < 0)
                                return log_error_errno(r, "Failed to change ownership and mode of \"%s\": %m", runtime_path);
                }

                destroy = mfree(destroy); /* deactivate auto-destroy */

                r = label_fix(runtime_path, 0);
                if (r < 0)
                        log_warning_errno(r, "Failed to fix label of \"%s\", ignoring: %m", runtime_path);
        }

        return 0;
}

static int do_mount(UserRecord *ur) {
        int r;

        assert(ur);

        if (!uid_is_valid(ur->uid) || !gid_is_valid(user_record_gid(ur)))
                return log_error_errno(SYNTHETIC_ERRNO(ENOMSG), "User '%s' lacks UID or GID, refusing.", ur->user_name);

        uint64_t runtime_dir_size, runtime_dir_inodes;
        r = acquire_runtime_dir_properties(&runtime_dir_size, &runtime_dir_inodes);
        if (r < 0)
                return r;

        char runtime_path[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];
        xsprintf(runtime_path, "/run/user/" UID_FMT, ur->uid);

        log_debug("Will mount %s owned by "UID_FMT":"GID_FMT, runtime_path, ur->uid, user_record_gid(ur));
        return user_mkdir_runtime_path(runtime_path, ur->uid, user_record_gid(ur), runtime_dir_size, runtime_dir_inodes);
}

static int user_remove_runtime_path(const char *runtime_path) {
        int r;

        assert(runtime_path);
        assert(path_is_absolute(runtime_path));

        r = rm_rf(runtime_path, 0);
        if (r < 0)
                log_debug_errno(r, "Failed to remove runtime directory %s (before unmounting), ignoring: %m", runtime_path);

        /* Ignore cases where the directory isn't mounted, as that's quite possible, if we lacked the permissions to
         * mount something */
        r = RET_NERRNO(umount2(runtime_path, MNT_DETACH));
        if (r < 0 && !IN_SET(r, -EINVAL, -ENOENT))
                log_debug_errno(r, "Failed to unmount user runtime directory %s, ignoring: %m", runtime_path);

        r = rm_rf(runtime_path, REMOVE_ROOT);
        if (r < 0 && r != -ENOENT)
                return log_error_errno(r, "Failed to remove runtime directory %s (after unmounting): %m", runtime_path);

        return 0;
}

static int do_umount(const char *user) {
        char runtime_path[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];
        uid_t uid;
        int r;

        /* The user may be already removed. So, first try to parse the string by parse_uid(),
         * and if it fails, fall back to get_user_creds(). */
        if (parse_uid(user, &uid) < 0) {
                r = get_user_creds(&user, &uid, NULL, NULL, NULL, 0);
                if (r < 0)
                        return log_error_errno(r,
                                               r == -ESRCH ? "No such user \"%s\"" :
                                               r == -ENOMSG ? "UID \"%s\" is invalid or has an invalid main group"
                                                            : "Failed to look up user \"%s\": %m",
                                               user);
        }

        xsprintf(runtime_path, "/run/user/" UID_FMT, uid);

        log_debug("Will remove %s", runtime_path);
        return user_remove_runtime_path(runtime_path);
}

static int apply_tmpfs_quota(
                char **paths,
                uid_t uid,
                uint64_t limit,
                uint32_t scale) {

        _cleanup_set_free_ Set *processed = NULL;
        int r;

        assert(uid_is_valid(uid));

        STRV_FOREACH(p, paths) {
                _cleanup_close_ int fd = open(*p, O_DIRECTORY|O_CLOEXEC);
                if (fd < 0) {
                        log_warning_errno(errno, "Failed to open '%s' in order to set quota, ignoring: %m", *p);
                        continue;
                }

                struct stat st;
                if (fstat(fd, &st) < 0) {
                        log_warning_errno(errno, "Failed to stat '%s' in order to set quota, ignoring: %m", *p);
                        continue;
                }

                /* Cover for bind mounted or symlinked /var/tmp/ + /tmp/ */
                if (set_contains(processed, DEVNUM_TO_PTR(st.st_dev))) {
                        log_debug("Not setting quota on '%s', since already processed.", *p);
                        continue;
                }

                /* Remember we already dealt with this fs, even if the subsequent operation fails, since
                 * there's no point in appyling quota twice, regardless if it succeeds or not. */
                if (set_ensure_put(&processed, /* hash_ops= */ NULL, DEVNUM_TO_PTR(st.st_dev)) < 0)
                        return log_oom();

                struct statfs sfs;
                if (fstatfs(fd, &sfs) < 0) {
                        log_warning_errno(errno, "Failed to statfs '%s' in order to set quota, ignoring: %m", *p);
                        continue;
                }

                if (!is_fs_type(&sfs, TMPFS_MAGIC)) {
                        log_debug("Not setting quota on '%s', since not tmpfs.", *p);
                        continue;
                }

                struct dqblk req;
                r = RET_NERRNO(quotactl_fd(fd, QCMD_FIXED(Q_GETQUOTA, USRQUOTA), uid, &req));
                if (r == -ESRCH)
                        zero(req);
                else if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) {
                        log_debug_errno(r, "No UID quota support on %s, not setting quota: %m", *p);
                        continue;
                } else if (ERRNO_IS_NEG_PRIVILEGE(r)) {
                        log_debug_errno(r, "Lacking privileges to query UID quota on %s, not setting quota: %m", *p);
                        continue;
                } else if (r < 0) {
                        log_warning_errno(r, "Failed to query disk quota on %s for UID " UID_FMT ", ignoring: %m", *p, uid);
                        continue;
                }

                uint64_t v =
                        (scale == 0) ? 0 :
                        (scale == UINT32_MAX) ? UINT64_MAX :
                        (uint64_t) ((double) (sfs.f_blocks * sfs.f_frsize) * scale / UINT32_MAX);

                v = MIN(v, limit);
                v /= QIF_DQBLKSIZE;

                if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS) && v == req.dqb_bhardlimit) {
                        /* Shortcut things if everything is set up properly already */
                        log_debug("Configured quota on '%s' already matches the intended setting, not updating quota.", *p);
                        continue;
                }

                req.dqb_valid = QIF_BLIMITS;
                req.dqb_bsoftlimit = req.dqb_bhardlimit = v;

                r = RET_NERRNO(quotactl_fd(fd, QCMD_FIXED(Q_SETQUOTA, USRQUOTA), uid, &req));
                if (r == -ESRCH) {
                        log_debug_errno(r, "Not setting UID quota on %s since UID quota is not supported: %m", *p);
                        continue;
                } else if (ERRNO_IS_NEG_PRIVILEGE(r)) {
                        log_debug_errno(r, "Lacking privileges to set UID quota on %s, skipping: %m", *p);
                        continue;
                } else if (r < 0) {
                        log_warning_errno(r, "Failed to set disk quota limit to '%s' on %s for UID " UID_FMT ", ignoring: %m", FORMAT_BYTES(v), *p, uid);
                        continue;
                }

                log_info("Successfully configured disk quota for UID " UID_FMT " on %s to %s", uid, *p, FORMAT_BYTES(v * QIF_DQBLKSIZE));
        }

        return 0;
}

static int do_tmpfs_quota(UserRecord *ur) {
        int r;

        assert(ur);

        if (user_record_is_root(ur)) {
                log_debug("Not applying tmpfs quota to root user.");
                return 0;
        }

        if (!uid_is_valid(ur->uid))
                return log_error_errno(SYNTHETIC_ERRNO(ENOMSG), "User '%s' lacks UID, refusing.", ur->user_name);

        r = apply_tmpfs_quota(STRV_MAKE("/tmp", "/var/tmp"), ur->uid, ur->tmp_limit.limit, user_record_tmp_limit_scale(ur));
        if (r < 0)
                return r;

        r = apply_tmpfs_quota(STRV_MAKE("/dev/shm"), ur->uid, ur->dev_shm_limit.limit, user_record_dev_shm_limit_scale(ur));
        if (r < 0)
                return r;

        return 0;
}

static int run(int argc, char *argv[]) {
        int r;

        log_setup();

        if (argc != 3)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "This program takes two arguments.");

        const char *verb = argv[1], *user = argv[2];

        if (!STR_IN_SET(verb, "start", "stop"))
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "First argument must be either \"start\" or \"stop\".");

        umask(0022);

        r = mac_init();
        if (r < 0)
                return r;

        if (streq(verb, "start")) {
                _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
                r = userdb_by_name(user, /* match= */ NULL, USERDB_PARSE_NUMERIC|USERDB_SUPPRESS_SHADOW, &ur);
                if (r == -ESRCH)
                        return log_error_errno(r, "User '%s' does not exist: %m", user);
                if (r < 0)
                        return log_error_errno(r, "Failed to resolve user '%s': %m", user);

                /* We do two things here: mount the per-user XDG_RUNTIME_DIR, and set up tmpfs quota on /tmp/
                 * and /dev/shm/. */

                r = 0;
                RET_GATHER(r, do_mount(ur));
                RET_GATHER(r, do_tmpfs_quota(ur));
                return r;
        }

        if (streq(verb, "stop"))
                return do_umount(user);

        assert_not_reached();
}

DEFINE_MAIN_FUNCTION(run);

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <stdint.h>
4	#include <sys/mount.h>
5
6	#include "sd-bus.h"
7
8	#include "bus-error.h"
9	#include "bus-locator.h"
10	#include "dev-setup.h"
11	#include "devnum-util.h"
12	#include "fd-util.h"
13	#include "format-util.h"
14	#include "fs-util.h"
15	#include "label-util.h"
16	#include "limits-util.h"
17	#include "log.h"
18	#include "main-func.h"
19	#include "missing_magic.h"
20	#include "missing_syscall.h"
21	#include "mkdir-label.h"
22	#include "mount-util.h"
23	#include "mountpoint-util.h"
24	#include "path-util.h"
25	#include "quota-util.h"
26	#include "rm-rf.h"
27	#include "selinux-util.h"
28	#include "smack-util.h"
29	#include "stat-util.h"
30	#include "stdio-util.h"
31	#include "string-util.h"
32	#include "strv.h"
33	#include "user-util.h"
34	#include "userdb.h"
35
36	static int acquire_runtime_dir_properties(uint64_t ret_size, uint64_t ret_inodes) {	169✔
UNCOV 37	_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;	×
38	_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;	169✔
39	uint64_t size, inodes;	169✔
40	int r;	169✔
41
42	assert(ret_size);	169✔
43	assert(ret_inodes);	169✔
44
45	r = sd_bus_default_system(&bus);	169✔
46	if (r < 0)	169✔
UNCOV 47	return log_error_errno(r, "Failed to connect to system bus: %m");	×
48
49	r = bus_get_property_trivial(bus, bus_login_mgr, "RuntimeDirectorySize", &error, 't', &size);	169✔
50	if (r < 0) {	169✔
51	log_warning_errno(r, "Failed to acquire runtime directory size, ignoring: %s", bus_error_message(&error, r));	×
UNCOV 52	sd_bus_error_free(&error);	×
53
UNCOV 54	size = physical_memory_scale(10U, 100U); /* 10% */	×
55	}
56
57	r = bus_get_property_trivial(bus, bus_login_mgr, "RuntimeDirectoryInodesMax", &error, 't', &inodes);	169✔
58	if (r < 0) {	169✔
59	log_warning_errno(r, "Failed to acquire number of inodes for runtime directory, ignoring: %s", bus_error_message(&error, r));	×
UNCOV 60	sd_bus_error_free(&error);	×
61
UNCOV 62	inodes = DIV_ROUND_UP(size, 4096);	×
63	}
64
65	*ret_size = size;	169✔
66	*ret_inodes = inodes;	169✔
67
68	return 0;	169✔
69	}
70
71	static int user_mkdir_runtime_path(	169✔
72	const char *runtime_path,
73	uid_t uid,
74	gid_t gid,
75	uint64_t runtime_dir_size,
76	uint64_t runtime_dir_inodes) {
77
78	int r;	169✔
79
80	assert(runtime_path);	169✔
81	assert(path_is_absolute(runtime_path));	169✔
82	assert(uid_is_valid(uid));	169✔
83	assert(gid_is_valid(gid));	169✔
84
85	r = mkdir_safe_label("/run/user", 0755, 0, 0, MKDIR_WARN_MODE);	169✔
86	if (r < 0)	169✔
UNCOV 87	return log_error_errno(r, "Failed to create /run/user: %m");	×
88
89	if (path_is_mount_point(runtime_path) > 0)	169✔
UNCOV 90	log_debug("%s is already a mount point", runtime_path);	×
91	else {
92	char options[STRLEN("mode=0700,uid=,gid=,size=,nr_inodes=,smackfsroot=*")	169✔
93	+ DECIMAL_STR_MAX(uid_t)
94	+ DECIMAL_STR_MAX(gid_t)
95	+ DECIMAL_STR_MAX(uint64_t)
96	+ DECIMAL_STR_MAX(uint64_t)];
97
98	xsprintf(options,	338✔
99	"mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%" PRIu64 ",nr_inodes=%" PRIu64 "%s",
100	uid, gid, runtime_dir_size, runtime_dir_inodes,
101	mac_smack_use() ? ",smackfsroot=*" : "");
102
103	_cleanup_free_ char *d = strdup(runtime_path);	169✔
104	if (!d)	169✔
UNCOV 105	return log_oom();	×
106
107	r = mkdir_label(runtime_path, 0700);	169✔
108	if (r < 0 && r != -EEXIST)	169✔
UNCOV 109	return log_error_errno(r, "Failed to create %s: %m", runtime_path);	×
110
UNCOV 111	_cleanup_(rmdir_and_freep) char destroy = TAKE_PTR(d); / auto-destroy */	×
112
113	r = mount_nofollow_verbose(LOG_DEBUG, "tmpfs", runtime_path, "tmpfs", MS_NODEV\|MS_NOSUID, options);	169✔
114	if (r < 0) {	169✔
115	if (!ERRNO_IS_PRIVILEGE(r))	×
UNCOV 116	return log_error_errno(r, "Failed to mount per-user tmpfs directory %s: %m", runtime_path);	×
117
UNCOV 118	log_debug_errno(r,	×
119	"Failed to mount per-user tmpfs directory %s.\n"
120	"Assuming containerized execution, ignoring: %m", runtime_path);
121
122	r = chmod_and_chown(runtime_path, 0700, uid, gid);	×
123	if (r < 0)	×
UNCOV 124	return log_error_errno(r, "Failed to change ownership and mode of \"%s\": %m", runtime_path);	×
125	}
126
127	destroy = mfree(destroy); /* deactivate auto-destroy */	169✔
128
129	r = label_fix(runtime_path, 0);	169✔
130	if (r < 0)	169✔
131	log_warning_errno(r, "Failed to fix label of \"%s\", ignoring: %m", runtime_path);	169✔
132	}
133
134	return 0;
135	}
136
137	static int do_mount(UserRecord *ur) {	169✔
138	int r;	169✔
139
140	assert(ur);	169✔
141
142	if (!uid_is_valid(ur->uid) \|\| !gid_is_valid(user_record_gid(ur)))	169✔
UNCOV 143	return log_error_errno(SYNTHETIC_ERRNO(ENOMSG), "User '%s' lacks UID or GID, refusing.", ur->user_name);	×
144
145	uint64_t runtime_dir_size, runtime_dir_inodes;	169✔
146	r = acquire_runtime_dir_properties(&runtime_dir_size, &runtime_dir_inodes);	169✔
147	if (r < 0)	169✔
148	return r;
149
150	char runtime_path[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];	169✔
151	xsprintf(runtime_path, "/run/user/" UID_FMT, ur->uid);	169✔
152
153	log_debug("Will mount %s owned by "UID_FMT":"GID_FMT, runtime_path, ur->uid, user_record_gid(ur));	169✔
154	return user_mkdir_runtime_path(runtime_path, ur->uid, user_record_gid(ur), runtime_dir_size, runtime_dir_inodes);	169✔
155	}
156
157	static int user_remove_runtime_path(const char *runtime_path) {	169✔
158	int r;	169✔
159
160	assert(runtime_path);	169✔
161	assert(path_is_absolute(runtime_path));	169✔
162
163	r = rm_rf(runtime_path, 0);	169✔
164	if (r < 0)	169✔
UNCOV 165	log_debug_errno(r, "Failed to remove runtime directory %s (before unmounting), ignoring: %m", runtime_path);	×
166
167	/* Ignore cases where the directory isn't mounted, as that's quite possible, if we lacked the permissions to
168	* mount something */
169	r = RET_NERRNO(umount2(runtime_path, MNT_DETACH));	169✔
170	if (r < 0 && !IN_SET(r, -EINVAL, -ENOENT))	×
UNCOV 171	log_debug_errno(r, "Failed to unmount user runtime directory %s, ignoring: %m", runtime_path);	×
172
173	r = rm_rf(runtime_path, REMOVE_ROOT);	169✔
174	if (r < 0 && r != -ENOENT)	169✔
UNCOV 175	return log_error_errno(r, "Failed to remove runtime directory %s (after unmounting): %m", runtime_path);	×
176
177	return 0;
178	}
179
180	static int do_umount(const char *user) {	169✔
181	char runtime_path[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];	169✔
182	uid_t uid;	169✔
183	int r;	169✔
184
185	/* The user may be already removed. So, first try to parse the string by parse_uid(),
186	* and if it fails, fall back to get_user_creds(). */
187	if (parse_uid(user, &uid) < 0) {	169✔
188	r = get_user_creds(&user, &uid, NULL, NULL, NULL, 0);	×
189	if (r < 0)	×
UNCOV 190	return log_error_errno(r,	×
191	r == -ESRCH ? "No such user \"%s\"" :
192	r == -ENOMSG ? "UID \"%s\" is invalid or has an invalid main group"
193	: "Failed to look up user \"%s\": %m",
194	user);
195	}
196
197	xsprintf(runtime_path, "/run/user/" UID_FMT, uid);	169✔
198
199	log_debug("Will remove %s", runtime_path);	169✔
200	return user_remove_runtime_path(runtime_path);	169✔
201	}
202
203	static int apply_tmpfs_quota(	222✔
204	char **paths,
205	uid_t uid,
206	uint64_t limit,
207	uint32_t scale) {
208
209	_cleanup_set_free_ Set *processed = NULL;	222✔
210	int r;	222✔
211
212	assert(uid_is_valid(uid));	222✔
213
214	STRV_FOREACH(p, paths) {	555✔
215	_cleanup_close_ int fd = open(*p, O_DIRECTORY\|O_CLOEXEC);	666✔
216	if (fd < 0) {	333✔
217	log_warning_errno(errno, "Failed to open '%s' in order to set quota, ignoring: %m", *p);	×
UNCOV 218	continue;	×
219	}
220
221	struct stat st;	333✔
222	if (fstat(fd, &st) < 0) {	333✔
223	log_warning_errno(errno, "Failed to stat '%s' in order to set quota, ignoring: %m", *p);	×
UNCOV 224	continue;	×
225	}
226
227	/* Cover for bind mounted or symlinked /var/tmp/ + /tmp/ */
228	if (set_contains(processed, DEVNUM_TO_PTR(st.st_dev))) {	333✔
229	log_debug("Not setting quota on '%s', since already processed.", *p);	×
UNCOV 230	continue;	×
231	}
232
233	/* Remember we already dealt with this fs, even if the subsequent operation fails, since
234	* there's no point in appyling quota twice, regardless if it succeeds or not. */
235	if (set_ensure_put(&processed, /* hash_ops= */ NULL, DEVNUM_TO_PTR(st.st_dev)) < 0)	333✔
UNCOV 236	return log_oom();	×
237
238	struct statfs sfs;	333✔
239	if (fstatfs(fd, &sfs) < 0) {	333✔
240	log_warning_errno(errno, "Failed to statfs '%s' in order to set quota, ignoring: %m", *p);	×
UNCOV 241	continue;	×
242	}
243
244	if (!is_fs_type(&sfs, TMPFS_MAGIC)) {	333✔
245	log_debug("Not setting quota on '%s', since not tmpfs.", *p);	111✔
246	continue;	111✔
247	}
248
249	struct dqblk req;	222✔
250	r = RET_NERRNO(quotactl_fd(fd, QCMD_FIXED(Q_GETQUOTA, USRQUOTA), uid, &req));	222✔
251	if (r == -ESRCH)	124✔
UNCOV 252	zero(req);	×
253	else if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) {	222✔
254	log_debug_errno(r, "No UID quota support on %s, not setting quota: %m", *p);	×
UNCOV 255	continue;	×
256	} else if (ERRNO_IS_NEG_PRIVILEGE(r)) {	222✔
257	log_debug_errno(r, "Lacking privileges to query UID quota on %s, not setting quota: %m", *p);	124✔
258	continue;	124✔
259	} else if (r < 0) {	98✔
260	log_warning_errno(r, "Failed to query disk quota on %s for UID " UID_FMT ", ignoring: %m", *p, uid);	×
UNCOV 261	continue;	×
262	}
263
264	uint64_t v =	196✔
265	(scale == 0) ? 0 :	98✔
266	(scale == UINT32_MAX) ? UINT64_MAX :	98✔
267	(uint64_t) ((double) (sfs.f_blocks * sfs.f_frsize) * scale / UINT32_MAX);	98✔
268
269	v = MIN(v, limit);	98✔
270	v /= QIF_DQBLKSIZE;	98✔
271
272	if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS) && v == req.dqb_bhardlimit) {	98✔
273	/* Shortcut things if everything is set up properly already */
274	log_debug("Configured quota on '%s' already matches the intended setting, not updating quota.", *p);	2✔
275	continue;	2✔
276	}
277
278	req.dqb_valid = QIF_BLIMITS;	96✔
279	req.dqb_bsoftlimit = req.dqb_bhardlimit = v;	96✔
280
281	r = RET_NERRNO(quotactl_fd(fd, QCMD_FIXED(Q_SETQUOTA, USRQUOTA), uid, &req));	96✔
282	if (r == -ESRCH) {	×
283	log_debug_errno(r, "Not setting UID quota on %s since UID quota is not supported: %m", *p);	×
UNCOV 284	continue;	×
285	} else if (ERRNO_IS_NEG_PRIVILEGE(r)) {	96✔
286	log_debug_errno(r, "Lacking privileges to set UID quota on %s, skipping: %m", *p);	×
UNCOV 287	continue;	×
288	} else if (r < 0) {	96✔
289	log_warning_errno(r, "Failed to set disk quota limit to '%s' on %s for UID " UID_FMT ", ignoring: %m", FORMAT_BYTES(v), *p, uid);	×
UNCOV 290	continue;	×
291	}
292
293	log_info("Successfully configured disk quota for UID " UID_FMT " on %s to %s", uid, p, FORMAT_BYTES(v QIF_DQBLKSIZE));	96✔
294	}
295
296	return 0;
297	}
298
299	static int do_tmpfs_quota(UserRecord *ur) {	169✔
300	int r;	169✔
301
302	assert(ur);	169✔
303
304	if (user_record_is_root(ur)) {	169✔
305	log_debug("Not applying tmpfs quota to root user.");	58✔
306	return 0;	58✔
307	}
308
309	if (!uid_is_valid(ur->uid))	111✔
UNCOV 310	return log_error_errno(SYNTHETIC_ERRNO(ENOMSG), "User '%s' lacks UID, refusing.", ur->user_name);	×
311
312	r = apply_tmpfs_quota(STRV_MAKE("/tmp", "/var/tmp"), ur->uid, ur->tmp_limit.limit, user_record_tmp_limit_scale(ur));	111✔
313	if (r < 0)	111✔
314	return r;
315
316	r = apply_tmpfs_quota(STRV_MAKE("/dev/shm"), ur->uid, ur->dev_shm_limit.limit, user_record_dev_shm_limit_scale(ur));	111✔
317	if (r < 0)	111✔
UNCOV 318	return r;	×
319
320	return 0;
321	}
322
323	static int run(int argc, char *argv[]) {	338✔
324	int r;	338✔
325
326	log_setup();	338✔
327
328	if (argc != 3)	338✔
329	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),	338✔
330	"This program takes two arguments.");
331
332	const char verb = argv[1], user = argv[2];	338✔
333
334	if (!STR_IN_SET(verb, "start", "stop"))	338✔
UNCOV 335	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),	×
336	"First argument must be either \"start\" or \"stop\".");
337
338	umask(0022);	338✔
339
340	r = mac_init();	338✔
341	if (r < 0)	338✔
342	return r;
343
344	if (streq(verb, "start")) {	338✔
345	_cleanup_(user_record_unrefp) UserRecord *ur = NULL;	169✔
346	r = userdb_by_name(user, /* match= */ NULL, USERDB_PARSE_NUMERIC\|USERDB_SUPPRESS_SHADOW, &ur);	169✔
347	if (r == -ESRCH)	169✔
UNCOV 348	return log_error_errno(r, "User '%s' does not exist: %m", user);	×
349	if (r < 0)	169✔
UNCOV 350	return log_error_errno(r, "Failed to resolve user '%s': %m", user);	×
351
352	/* We do two things here: mount the per-user XDG_RUNTIME_DIR, and set up tmpfs quota on /tmp/
353	* and /dev/shm/. */
354
355	r = 0;	169✔
356	RET_GATHER(r, do_mount(ur));	169✔
357	RET_GATHER(r, do_tmpfs_quota(ur));	169✔
358	return r;	169✔
359	}
360
361	if (streq(verb, "stop"))	169✔
362	return do_umount(user);	169✔
363
UNCOV 364	assert_not_reached();	×
365	}
366
367	DEFINE_MAIN_FUNCTION(run);	338✔

systemd / systemd / 14895667988

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous