|
|
@@ -905,6 +905,7 @@ static void dispatch_message_real( |
|
|
pid_t object_pid) { |
|
|
|
|
|
char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)]; |
|
|
_cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL; |
|
|
uid_t journal_uid; |
|
|
ClientContext *o; |
|
|
|
|
|
@@ -921,20 +922,23 @@ static void dispatch_message_real( |
|
|
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID"); |
|
|
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID"); |
|
|
|
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->cmdline, "_CMDLINE"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */ |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */ |
|
|
|
|
|
IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT"); |
|
|
if (c->cmdline) |
|
|
/* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack. |
|
|
* Let's use a heap allocation for this one. */ |
|
|
cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline); |
|
|
|
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */ |
|
|
IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT"); |
|
|
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION"); |
|
|
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID"); |
|
|
|
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */ |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION"); |
|
|
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */ |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE"); |
|
|
@@ -955,13 +959,14 @@ static void dispatch_message_real( |
|
|
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID"); |
|
|
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID"); |
|
|
|
|
|
/* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */ |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, o->cmdline, "OBJECT_CMDLINE"); |
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE"); |
|
|
if (o->cmdline) |
|
|
cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline); |
|
|
|
|
|
IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE"); |
|
|
IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT"); |
|
|
|
|
|
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION"); |
|
|
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID"); |
|
|
|
|
|
@@ -1276,8 +1281,7 @@ int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void |
|
|
return log_error_errno(errno, "recvmsg() failed: %m"); |
|
|
} |
|
|
|
|
|
CMSG_FOREACH(cmsg, &msghdr) { |
|
|
|
|
|
CMSG_FOREACH(cmsg, &msghdr) |
|
|
if (cmsg->cmsg_level == SOL_SOCKET && |
|
|
cmsg->cmsg_type == SCM_CREDENTIALS && |
|
|
cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) |
|
|
@@ -1295,7 +1299,6 @@ int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void |
|
|
fds = (int*) CMSG_DATA(cmsg); |
|
|
n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int); |
|
|
} |
|
|
} |
|
|
|
|
|
/* And a trailing NUL, just in case */ |
|
|
s->buffer[n] = 0; |
|
|
|