|
|
923a60 |
From 0e39139e505a8310ae8530fb2463a9e8f2170d2f Mon Sep 17 00:00:00 2001
|
|
|
923a60 |
From: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
|
|
|
923a60 |
Date: Sat, 24 Sep 2016 21:56:07 +0900
|
|
|
923a60 |
Subject: [PATCH] sysctl: configure kernel parameters in the order they occur
|
|
|
923a60 |
in each sysctl configuration files (#4205)
|
|
|
923a60 |
|
|
|
923a60 |
Currently, systemd-sysctl command configures kernel parameters in each sysctl
|
|
|
923a60 |
configuration files in random order due to characteristics of iterator of
|
|
|
923a60 |
Hashmap.
|
|
|
923a60 |
|
|
|
923a60 |
However, kernel parameters need to be configured in the order they occur in
|
|
|
923a60 |
each sysctl configuration files.
|
|
|
923a60 |
|
|
|
923a60 |
- For example, consider fs.suid_coredump and kernel.core_pattern. If
|
|
|
923a60 |
fs.suid_coredump=2 is configured before kernel.core_pattern= whose default
|
|
|
923a60 |
value is "core", then kernel outputs the following message:
|
|
|
923a60 |
|
|
|
923a60 |
Unsafe core_pattern used with suid_dumpable=2. Pipe handler or fully qualified core dump path required.
|
|
|
923a60 |
|
|
|
923a60 |
Note that the security issue mentioned in this message has already been fixed
|
|
|
923a60 |
on recent kernels, so this is just a warning message on such kernels. But
|
|
|
923a60 |
it's still confusing to users that this message is output on some boot and
|
|
|
923a60 |
not output on another boot.
|
|
|
923a60 |
|
|
|
923a60 |
- I don't know but there could be other kernel parameters that are significant
|
|
|
923a60 |
in the order they are configured.
|
|
|
923a60 |
|
|
|
923a60 |
- The legacy sysctl command configures kernel parameters in the order they
|
|
|
923a60 |
occur in each sysctl configuration files. Although I didn't find any official
|
|
|
923a60 |
specification explaining this behavior of sysctl command, I don't think there
|
|
|
923a60 |
is any meaningful reason to change this behavior, in particular, to the
|
|
|
923a60 |
random one.
|
|
|
923a60 |
|
|
|
923a60 |
This commit does the change by simply using OrderedHashmap instead of
|
|
|
923a60 |
Hashmap.
|
|
|
923a60 |
|
|
|
923a60 |
(cherry picked from commit 886cf982d3018f7451f0548dadbc05bd2d583bb6)
|
|
|
923a60 |
|
|
|
923a60 |
Resolves: #1382244
|
|
|
923a60 |
---
|
|
|
923a60 |
src/sysctl/sysctl.c | 20 ++++++++++----------
|
|
|
923a60 |
1 file changed, 10 insertions(+), 10 deletions(-)
|
|
|
923a60 |
|
|
|
923a60 |
diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
|
|
|
923a60 |
index 4fb293b9b5..bb2bea7cdf 100644
|
|
|
923a60 |
--- a/src/sysctl/sysctl.c
|
|
|
923a60 |
+++ b/src/sysctl/sysctl.c
|
|
|
923a60 |
@@ -90,14 +90,14 @@ static int apply_sysctl(const char *property, const char *value) {
|
|
|
923a60 |
return r;
|
|
|
923a60 |
}
|
|
|
923a60 |
|
|
|
923a60 |
-static int apply_all(Hashmap *sysctl_options) {
|
|
|
923a60 |
- int r = 0;
|
|
|
923a60 |
+static int apply_all(OrderedHashmap *sysctl_options) {
|
|
|
923a60 |
+ int r;
|
|
|
923a60 |
char *property, *value;
|
|
|
923a60 |
Iterator i;
|
|
|
923a60 |
|
|
|
923a60 |
assert(sysctl_options);
|
|
|
923a60 |
|
|
|
923a60 |
- HASHMAP_FOREACH_KEY(value, property, sysctl_options, i) {
|
|
|
923a60 |
+ ORDERED_HASHMAP_FOREACH_KEY(value, property, sysctl_options, i) {
|
|
|
923a60 |
int k;
|
|
|
923a60 |
|
|
|
923a60 |
k = apply_sysctl(property, value);
|
|
|
923a60 |
@@ -107,7 +107,7 @@ static int apply_all(Hashmap *sysctl_options) {
|
|
|
923a60 |
return r;
|
|
|
923a60 |
}
|
|
|
923a60 |
|
|
|
923a60 |
-static int parse_file(Hashmap *sysctl_options, const char *path, bool ignore_enoent) {
|
|
|
923a60 |
+static int parse_file(OrderedHashmap *sysctl_options, const char *path, bool ignore_enoent) {
|
|
|
923a60 |
_cleanup_fclose_ FILE *f = NULL;
|
|
|
923a60 |
int r;
|
|
|
923a60 |
|
|
|
923a60 |
@@ -171,13 +171,13 @@ static int parse_file(Hashmap *sysctl_options, const char *path, bool ignore_eno
|
|
|
923a60 |
}
|
|
|
923a60 |
|
|
|
923a60 |
found:
|
|
|
923a60 |
- existing = hashmap_get2(sysctl_options, p, &v);
|
|
|
923a60 |
+ existing = ordered_hashmap_get2(sysctl_options, p, &v);
|
|
|
923a60 |
if (existing) {
|
|
|
923a60 |
if (streq(value, existing))
|
|
|
923a60 |
continue;
|
|
|
923a60 |
|
|
|
923a60 |
log_debug("Overwriting earlier assignment of %s in file '%s'.", p, path);
|
|
|
923a60 |
- free(hashmap_remove(sysctl_options, p));
|
|
|
923a60 |
+ free(ordered_hashmap_remove(sysctl_options, p));
|
|
|
923a60 |
free(v);
|
|
|
923a60 |
}
|
|
|
923a60 |
|
|
|
923a60 |
@@ -191,7 +191,7 @@ found:
|
|
|
923a60 |
return log_oom();
|
|
|
923a60 |
}
|
|
|
923a60 |
|
|
|
923a60 |
- k = hashmap_put(sysctl_options, property, new_value);
|
|
|
923a60 |
+ k = ordered_hashmap_put(sysctl_options, property, new_value);
|
|
|
923a60 |
if (k < 0) {
|
|
|
923a60 |
log_error_errno(k, "Failed to add sysctl variable %s to hashmap: %m", property);
|
|
|
923a60 |
free(property);
|
|
|
923a60 |
@@ -277,7 +277,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|
|
923a60 |
|
|
|
923a60 |
int main(int argc, char *argv[]) {
|
|
|
923a60 |
int r = 0, k;
|
|
|
923a60 |
- Hashmap *sysctl_options;
|
|
|
923a60 |
+ OrderedHashmap *sysctl_options;
|
|
|
923a60 |
|
|
|
923a60 |
r = parse_argv(argc, argv);
|
|
|
923a60 |
if (r <= 0)
|
|
|
923a60 |
@@ -289,7 +289,7 @@ int main(int argc, char *argv[]) {
|
|
|
923a60 |
|
|
|
923a60 |
umask(0022);
|
|
|
923a60 |
|
|
|
923a60 |
- sysctl_options = hashmap_new(&string_hash_ops);
|
|
|
923a60 |
+ sysctl_options = ordered_hashmap_new(&string_hash_ops);
|
|
|
923a60 |
if (!sysctl_options) {
|
|
|
923a60 |
r = log_oom();
|
|
|
923a60 |
goto finish;
|
|
|
923a60 |
@@ -331,7 +331,7 @@ int main(int argc, char *argv[]) {
|
|
|
923a60 |
r = k;
|
|
|
923a60 |
|
|
|
923a60 |
finish:
|
|
|
923a60 |
- hashmap_free_free_free(sysctl_options);
|
|
|
923a60 |
+ ordered_hashmap_free_free_free(sysctl_options);
|
|
|
923a60 |
strv_free(arg_prefixes);
|
|
|
923a60 |
|
|
|
923a60 |
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|