tmpfiles: add a new return code for "operational failure" when proces…

…sing Things can fail, and we have no control over it: - file system issues (immutable bits, file system errors, MAC refusals, etc) - kernel refusing certain arguments when writing to /proc/sys or /sys Let's add a new code for the case where we parsed configuration but failed to execute it because of external errors. (cherry picked from commit bb9947b)
systemd · Apr 9, 2018 · 6fdb437 · 6fdb437
1 parent 2ecc5e8
commit 6fdb437
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 14 deletions.
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
@@ -225,11 +225,15 @@
   <refsect1>
     <title>Exit status</title>
 
-    <para>On success, 0 is returned. If the configuration was invalid (invalid syntax, missing
-    arguments, …), so some lines had to be ignored, but no other errors occurred,
+    <para>On success, 0 is returned. If the configuration was syntactically invalid (syntax errors,
+    missing arguments, …), so some lines had to be ignored, but no other errors occurred,
     <constant>65</constant> is returned (<constant>EX_DATAERR</constant> from
-    <filename>/usr/include/sysexits.h</filename>). Otherwise, <constant>1</constant> is returned
-    (<constant>EXIT_FAILURE</constant> from <filename>/usr/include/stdlib.h</filename>).
+    <filename>/usr/include/sysexits.h</filename>). If the configuration was syntactically valid, but
+    could not be executed (lack of permissions, creation of files in missing directories, invalid
+    contents when writing to <filename>/sys/</filename> values, …), <constant>73</constant> is
+    returned (<constant>EX_DATAERR</constant> from <filename>/usr/include/sysexits.h</filename>).
+    Otherwise, <constant>1</constant> is returned (<constant>EXIT_FAILURE</constant> from
+    <filename>/usr/include/stdlib.h</filename>).
     </para>
   </refsect1>
 

diff --git a/src/basic/fd-util.h b/src/basic/fd-util.h
@@ -98,6 +98,10 @@ int acquire_data_fd(const void *data, size_t size, unsigned flags);
 #define ERRNO_IS_DISCONNECT(r) \
         IN_SET(r, ENOTCONN, ECONNRESET, ECONNREFUSED, ECONNABORTED, EPIPE, ENETUNREACH)
 
+/* Resource exhaustion, could be our fault or general system trouble */
+#define ERRNO_IS_RESOURCE(r) \
+        IN_SET(r, ENOMEM, EMFILE, ENFILE)
+
 int fd_move_above_stdio(int fd);
 
 int rearrange_stdio(int original_input_fd, int original_output_fd, int original_error_fd);

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
@@ -1293,7 +1293,7 @@ static int write_one_file(Item *i, const char *path) {
 
         fd = safe_close(fd);
 
-done:
+ done:
         if (stat(path, &st) < 0)
                 return log_error_errno(errno, "stat(%s) failed: %m", path);
 
@@ -2729,7 +2729,7 @@ static int read_config_files(char **config_dirs, char **args, bool *invalid_conf
 }
 
 int main(int argc, char *argv[]) {
-        int r, k;
+        int r, k, r_process = 0;
         ItemArray *a;
         Iterator iterator;
         _cleanup_strv_free_ char **config_dirs = NULL;
@@ -2776,7 +2776,7 @@ int main(int argc, char *argv[]) {
 
                 t = strv_join(config_dirs, "\n\t");
                 if (t)
-                        log_debug("Looking for configuration files in (higher priority first:\n\t%s", t);
+                        log_debug("Looking for configuration files in (higher priority first):\n\t%s", t);
         }
 
         /* If command line arguments are specified along with --replace, read all
@@ -2792,22 +2792,20 @@ int main(int argc, char *argv[]) {
         if (r < 0)
                 goto finish;
 
-
-
         /* The non-globbing ones usually create things, hence we apply
          * them first */
         ORDERED_HASHMAP_FOREACH(a, items, iterator) {
                 k = process_item_array(a);
-                if (k < 0 && r == 0)
-                        r = k;
+                if (k < 0 && r_process == 0)
+                        r_process = k;
         }
 
         /* The globbing ones usually alter things, hence we apply them
          * second. */
         ORDERED_HASHMAP_FOREACH(a, globs, iterator) {
                 k = process_item_array(a);
-                if (k < 0 && r == 0)
-                        r = k;
+                if (k < 0 && r_process == 0)
+                        r_process = k;
         }
 
 finish:
@@ -2822,10 +2820,12 @@ int main(int argc, char *argv[]) {
 
         mac_selinux_finish();
 
-        if (r < 0)
+        if (r < 0 || ERRNO_IS_RESOURCE(-r_process))
                 return EXIT_FAILURE;
         else if (invalid_config)
                 return EX_DATAERR;
+        else if (r_process < 0)
+                return EX_CANTCREAT;
         else
                 return EXIT_SUCCESS;
 }