Skip to content

Commit

Permalink
journal: install sigbus handler for journal tools too
Browse files Browse the repository at this point in the history 
This makes them robust regarding truncation. Ideally, we'd export this
as an API, but given how messy SIGBUS handling is, and the uncertain
ownership logic of signal handlers we should not do this (unless libc
one day invents a scheme how to sanely install SIGBUS handlers for
specific memory areas only). However, for now we can still make all our
own tools robust.

Note that external tools will only have read-access to the journal
anyway, where SIGBUS is much more unlikely, given that only writes are
subject to disk full problems.
  • Loading branch information
@poettering
poettering committed Jan 5, 2015
1 parent b798e7b commit 2cf4172
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 31 deletions.
49 changes: 26 additions & 23 deletions src/journal-remote/journal-gatewayd.c
View file
Expand Up @@ -31,20 +31,21 @@
#include <gnutls/gnutls.h>
#endif

#include "log.h"
#include "util.h"
#include "sd-journal.h"
#include "sd-daemon.h"
#include "sd-bus.h"
#include "log.h"
#include "util.h"
#include "bus-util.h"
#include "logs-show.h"
#include "microhttpd-util.h"
#include "build.h"
#include "fileio.h"
#include "sigbus.h"

static char *key_pem = NULL;
static char *cert_pem = NULL;
static char *trust_pem = NULL;
static char *arg_key_pem = NULL;
static char *arg_cert_pem = NULL;
static char *arg_trust_pem = NULL;

typedef struct RequestMeta {
sd_journal *journal;
Expand Down Expand Up @@ -833,7 +834,7 @@ static int request_handler(
return MHD_YES;
}

if (trust_pem) {
if (arg_trust_pem) {
r = check_permissions(connection, &code, NULL);
if (r < 0)
return code;
Expand Down Expand Up @@ -904,37 +905,37 @@ static int parse_argv(int argc, char *argv[]) {
return 0;

case ARG_KEY:
if (key_pem) {
if (arg_key_pem) {
log_error("Key file specified twice");
return -EINVAL;
}
r = read_full_file(optarg, &key_pem, NULL);
r = read_full_file(optarg, &arg_key_pem, NULL);
if (r < 0)
return log_error_errno(r, "Failed to read key file: %m");
assert(key_pem);
assert(arg_key_pem);
break;

case ARG_CERT:
if (cert_pem) {
if (arg_cert_pem) {
log_error("Certificate file specified twice");
return -EINVAL;
}
r = read_full_file(optarg, &cert_pem, NULL);
r = read_full_file(optarg, &arg_cert_pem, NULL);
if (r < 0)
return log_error_errno(r, "Failed to read certificate file: %m");
assert(cert_pem);
assert(arg_cert_pem);
break;

case ARG_TRUST:
#ifdef HAVE_GNUTLS
if (trust_pem) {
if (arg_trust_pem) {
log_error("CA certificate file specified twice");
return -EINVAL;
}
r = read_full_file(optarg, &trust_pem, NULL);
r = read_full_file(optarg, &arg_trust_pem, NULL);
if (r < 0)
return log_error_errno(r, "Failed to read CA certificate file: %m");
assert(trust_pem);
assert(arg_trust_pem);
break;
#else
log_error("Option --trust is not available.");
Expand All @@ -952,12 +953,12 @@ static int parse_argv(int argc, char *argv[]) {
return -EINVAL;
}

if (!!key_pem != !!cert_pem) {
if (!!arg_key_pem != !!arg_cert_pem) {
log_error("Certificate and key files must be specified together");
return -EINVAL;
}

if (trust_pem && !key_pem) {
if (arg_trust_pem && !arg_key_pem) {
log_error("CA certificate can only be used with certificate file");
return -EINVAL;
}
Expand All @@ -979,6 +980,8 @@ int main(int argc, char *argv[]) {
if (r == 0)
return EXIT_SUCCESS;

sigbus_install();

#ifdef HAVE_GNUTLS
gnutls_global_set_log_function(log_func_gnutls);
log_reset_gnutls_level();
Expand Down Expand Up @@ -1008,18 +1011,18 @@ int main(int argc, char *argv[]) {
if (n > 0)
opts[opts_pos++] = (struct MHD_OptionItem)
{MHD_OPTION_LISTEN_SOCKET, SD_LISTEN_FDS_START};
if (key_pem) {
assert(cert_pem);
if (arg_key_pem) {
assert(arg_cert_pem);
opts[opts_pos++] = (struct MHD_OptionItem)
{MHD_OPTION_HTTPS_MEM_KEY, 0, key_pem};
{MHD_OPTION_HTTPS_MEM_KEY, 0, arg_key_pem};
opts[opts_pos++] = (struct MHD_OptionItem)
{MHD_OPTION_HTTPS_MEM_CERT, 0, cert_pem};
{MHD_OPTION_HTTPS_MEM_CERT, 0, arg_cert_pem};
flags |= MHD_USE_SSL;
}
if (trust_pem) {
if (arg_trust_pem) {
assert(flags & MHD_USE_SSL);
opts[opts_pos++] = (struct MHD_OptionItem)
{MHD_OPTION_HTTPS_MEM_TRUST, 0, trust_pem};
{MHD_OPTION_HTTPS_MEM_TRUST, 0, arg_trust_pem};
}

d = MHD_start_daemon(flags, 19531,
Expand Down
12 changes: 6 additions & 6 deletions src/journal-remote/journal-upload.c
View file
Expand Up @@ -26,28 +26,24 @@
#include <getopt.h>

#include "sd-daemon.h"

#include "log.h"
#include "util.h"
#include "build.h"
#include "fileio.h"
#include "mkdir.h"
#include "conf-parser.h"
#include "sigbus.h"
#include "journal-upload.h"

#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-upload.pem"
#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-upload.pem"
#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
#define DEFAULT_PORT 19532

static const char* arg_url;

static void close_fd_input(Uploader *u);

static const char* arg_url = NULL;
static const char *arg_key = NULL;
static const char *arg_cert = NULL;
static const char *arg_trust = NULL;

static const char *arg_directory = NULL;
static char **arg_file = NULL;
static const char *arg_cursor = NULL;
Expand All @@ -58,6 +54,8 @@ static bool arg_merge = false;
static int arg_follow = -1;
static const char *arg_save_state = NULL;

static void close_fd_input(Uploader *u);

#define SERVER_ANSWER_KEEP 2048

#define STATE_FILE "/var/lib/systemd/journal-upload/state"
Expand Down Expand Up @@ -792,6 +790,8 @@ int main(int argc, char **argv) {
if (r <= 0)
goto finish;

sigbus_install();

r = setup_uploader(&u, arg_url, arg_save_state);
if (r < 0)
goto cleanup;
Expand Down
6 changes: 4 additions & 2 deletions src/journal/coredumpctl.c
View file
Expand Up @@ -26,8 +26,7 @@
#include <fcntl.h>
#include <unistd.h>

#include "systemd/sd-journal.h"

#include "sd-journal.h"
#include "build.h"
#include "set.h"
#include "util.h"
Expand All @@ -38,6 +37,7 @@
#include "journal-internal.h"
#include "copy.h"
#include "compress.h"
#include "sigbus.h"

static enum {
ACTION_NONE,
Expand Down Expand Up @@ -803,6 +803,8 @@ int main(int argc, char *argv[]) {
if (arg_action == ACTION_NONE)
goto end;

sigbus_install();

r = sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY);
if (r < 0) {
log_error_errno(r, "Failed to open journal: %m");
Expand Down
2 changes: 2 additions & 0 deletions src/journal/journalctl.c
View file
Expand Up @@ -54,6 +54,7 @@
#include "pager.h"
#include "strv.h"
#include "set.h"
#include "sigbus.h"
#include "journal-internal.h"
#include "journal-def.h"
#include "journal-verify.h"
Expand Down Expand Up @@ -1723,6 +1724,7 @@ int main(int argc, char *argv[]) {
goto finish;

signal(SIGWINCH, columns_lines_cache_reset);
sigbus_install();

if (arg_action == ACTION_NEW_ID128) {
r = generate_new_id128();
Expand Down

0 comments on commit 2cf4172

Please sign in to comment.