CID#979416. There is no real race here to fix, but lets make coverity
happy and rework the code.
Note that we still fail if the directory is removed _after_ we ran
mkdir(), so the same race is still there. Coverity is complaining, though.
Rewrite the code to make it happy.
(David: rewrote the commit-message to note that this is not a race. If I'm
wrong, blame me, not Ronny!)
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
The SELinux policy defines no context for some files. E.g.:
$ matchpathcon /run/lock/subsys /dev/mqueue
/run/lock/subsys <<none>>
/dev/mqueue <<none>>
We still need to be able to create them.
In this case selabel_lookup_raw() returns ENOENT. We should then skip
setfscreatecon(), but still return success.
It was broken since c34255bdb2 ("label: unify code to make directories,
symlinks").
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
Lets recognize the fact that startswith() returns a pointer to the tail on
success. Use it instead of hard-coding string-lengths as magic constants.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
FILE * wants cleanup_fclose().
Spotted by udev hwdb segfaulting in gnome-continuous' buildroot
construction.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
The term "priority" is misleading because higher levels have lower
priority. "Level" is clearer and shorter.
This commit touches only the textual descriptions, not function and variable
names themselves. "Priority" is used in various command-line switches and
protocol constants, so completly getting rid of "priority" is hard.
I also left "priority" in various places where the clarity suffered
when it was removed.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
We reintroduce hashmap.{h,c}, list.h and set.h verbatim from upstream,
before we punt dead code. The following is the upstream message:
This is a rewrite of the hashmap implementation. Its advantage is lower
memory usage.
It uses open addressing (entries are stored in an array, as opposed to
linked lists). Hash collisions are resolved with linear probing and
Robin Hood displacement policy. See the references in hashmap.c.
Some fun empirical findings about hashmap usage in systemd on my laptop:
- 98 % of allocated hashmaps are Sets.
- Sets contain 78 % of all entries, plain Hashmaps 17 %, and
OrderedHashmaps 5 %.
- 60 % of allocated hashmaps contain only 1 entry.
- 90 % of allocated hashmaps contain 5 or fewer entries.
- 75 % of all entries are in hashmaps that use trivial_hash_ops.
Clearly it makes sense to:
- store entries in distinct entry types. Especially for Sets - their
entries are the most numerous and they require the least information
to store an entry.
- have a way to store small numbers of entries directly in the hashmap
structs, and only allocate the usual entry arrays when the direct
storage is full.
The implementation has an optional debugging feature (enabled by
defining the ENABLE_HASHMAP_DEBUG macro), where it:
- tracks all allocated hashmaps in a linked list so that one can
easily find them in gdb,
- tracks which function/line allocated a given hashmap, and
- checks for invalid mixing of hashmap iteration and modification.
Since entries are not allocated one-by-one anymore, mempools are not
used for entries. Originally I meant to drop mempools entirely, but it's
still worth it to use them for the hashmap structs. My testing indicates
that it makes loading of units about 5 % faster (a test with 10000 units
where more than 200000 hashmaps are allocated - pure malloc: 449±4 ms,
mempools: 427±7 ms).
Here are some memory usage numbers, taken on my laptop with a more or
less normal Fedora setup after booting with SELinux disabled (SELinux
increases systemd's memory usage significantly):
systemd (PID 1) Original New Change
dirty memory (from pmap -x 1) [KiB] 2152 1264 -41 %
total heap allocations (from gdb-heap) [KiB] 1623 756 -53 %
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
Add mempool_alloc0_tile(). It's like mempool_alloc_tile(), but it
initializes the allocated tile's memory to zero.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
Normally we shouldn#t log from "library" functions, but SELinux is
weird, hence upgrade security messages uniformly to LOG_ERR when in
enforcing mode.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
APIs that query and return something cannot silently fail, they must
either return something useful, or an error. Fix that.
Also, properly rollback socket unit fd creation when something goes
wrong with the security framework.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
previously mac_smack_apply(path, NULL) would operate on the symlink
itself while mac_smack_apply(path, "foo") would follow the symlink.
Let's clean this up an always operate on the symlink, which appears to
be the safer option.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
a) always return negative errno error codes
b) always become a noop if smack is off
c) always take a NULL label as a request to remove it
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
