cgroup-util: fix is_valid check to pass for unified cgroup hierchy. #29
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It appears in /proc/self/cgroup as `0::/'
Contributor
|
duplicate of PR #19 |
ghost
restored the
This was referenced Sep 23, 2020
bluca
pushed a commit
that referenced
this pull request
Oct 12, 2022
This wrapper is used in situations where we don't care about *San reports,
we just want to make things work. However, with enabled LSan we might
trigger some bogus reports we're definitely not interested in, causing
unexpected test fails.
Spotted on C8S in TEST-34-DYNAMICUSERMIGRATE:
```
[10654.804162] testsuite-34.sh[56]: + systemctl start testservice-34-check-writable.service
Starting testservice-34-check-writable.service...
[10655.055969] bash[546]: + set -o pipefail
[10655.056127] bash[546]: + declare -a writable_dirs
[10655.056234] bash[546]: + readarray -t writable_dirs
[10655.060838] bash[548]: ++ find / '(' -path /var/tmp -o -path /tmp -o -path /proc -o -path /dev/mqueue -o -path /dev/shm -o -path /sys/fs/bpf -o -path /dev/.lxc -o -path /sys/devices/system/cpu ')' -prune -o -type d -writable -print
[10655.061534] bash[549]: ++ sort -u
[10655.688740] bash[547]: =================================================================
[10655.689075] bash[547]: ==547==ERROR: LeakSanitizer: detected memory leaks
[10655.689246] bash[547]: Direct leak of 112 byte(s) in 1 object(s) allocated from:
[10655.743851] bash[547]: #0 0x7ffff752d364 (/usr/lib64/clang/14.0.0/lib/libclang_rt.asan-powerpc64le.so+0x13d364) (BuildId: 321f4ed1caea6a1a4c37f9272e07275cf16f034d)
[10655.744060] bash[547]: #1 0x1000b5d20 in xmalloc (/usr/bin/bash+0xb5d20) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744224] bash[547]: #2 0x100083338 (/usr/bin/bash+0x83338) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744393] bash[547]: #3 0x10008847c (/usr/bin/bash+0x8847c) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744552] bash[547]: #4 0x1000af6ec in redirection_expand (/usr/bin/bash+0xaf6ec) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744728] bash[547]: #5 0x1000b005c (/usr/bin/bash+0xb005c) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744886] bash[547]: #6 0x1000b1388 in do_redirections (/usr/bin/bash+0xb1388) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745051] bash[547]: #7 0x100050484 (/usr/bin/bash+0x50484) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745208] bash[547]: #8 0x100052160 in execute_command_internal (/usr/bin/bash+0x52160) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745376] bash[547]: #9 0x100052a10 in execute_command_internal (/usr/bin/bash+0x52a10) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745536] bash[547]: #10 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745711] bash[547]: #11 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745870] bash[547]: #12 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746038] bash[547]: #13 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746198] bash[547]: #14 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746367] bash[547]: #15 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746548] bash[547]: #16 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746741] bash[547]: #17 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746897] bash[547]: #18 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747067] bash[547]: #19 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747227] bash[547]: #20 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747414] bash[547]: #21 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747573] bash[547]: #22 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747741] bash[547]: #23 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747896] bash[547]: #24 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748064] bash[547]: #25 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748225] bash[547]: #26 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748390] bash[547]: #27 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748553] bash[547]: #28 0x1000bf91c in parse_and_execute (/usr/bin/bash+0xbf91c) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748717] bash[547]: #29 0x1000311ec (/usr/bin/bash+0x311ec) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748883] bash[547]: Direct leak of 17 byte(s) in 1 object(s) allocated from:
...
```
valentindavid
pushed a commit
to valentindavid/systemd
that referenced
this pull request
Aug 8, 2023
This wrapper is used in situations where we don't care about *San reports,
we just want to make things work. However, with enabled LSan we might
trigger some bogus reports we're definitely not interested in, causing
unexpected test fails.
Spotted on C8S in TEST-34-DYNAMICUSERMIGRATE:
```
[10654.804162] testsuite-34.sh[56]: + systemctl start testservice-34-check-writable.service
Starting testservice-34-check-writable.service...
[10655.055969] bash[546]: + set -o pipefail
[10655.056127] bash[546]: + declare -a writable_dirs
[10655.056234] bash[546]: + readarray -t writable_dirs
[10655.060838] bash[548]: ++ find / '(' -path /var/tmp -o -path /tmp -o -path /proc -o -path /dev/mqueue -o -path /dev/shm -o -path /sys/fs/bpf -o -path /dev/.lxc -o -path /sys/devices/system/cpu ')' -prune -o -type d -writable -print
[10655.061534] bash[549]: ++ sort -u
[10655.688740] bash[547]: =================================================================
[10655.689075] bash[547]: ==547==ERROR: LeakSanitizer: detected memory leaks
[10655.689246] bash[547]: Direct leak of 112 byte(s) in 1 object(s) allocated from:
[10655.743851] bash[547]: #0 0x7ffff752d364 (/usr/lib64/clang/14.0.0/lib/libclang_rt.asan-powerpc64le.so+0x13d364) (BuildId: 321f4ed1caea6a1a4c37f9272e07275cf16f034d)
[10655.744060] bash[547]: #1 0x1000b5d20 in xmalloc (/usr/bin/bash+0xb5d20) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744224] bash[547]: #2 0x100083338 (/usr/bin/bash+0x83338) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744393] bash[547]: #3 0x10008847c (/usr/bin/bash+0x8847c) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744552] bash[547]: #4 0x1000af6ec in redirection_expand (/usr/bin/bash+0xaf6ec) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744728] bash[547]: #5 0x1000b005c (/usr/bin/bash+0xb005c) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.744886] bash[547]: #6 0x1000b1388 in do_redirections (/usr/bin/bash+0xb1388) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745051] bash[547]: #7 0x100050484 (/usr/bin/bash+0x50484) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745208] bash[547]: #8 0x100052160 in execute_command_internal (/usr/bin/bash+0x52160) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745376] bash[547]: #9 0x100052a10 in execute_command_internal (/usr/bin/bash+0x52a10) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745536] bash[547]: #10 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745711] bash[547]: #11 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.745870] bash[547]: #12 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746038] bash[547]: #13 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746198] bash[547]: #14 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746367] bash[547]: systemd#15 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746548] bash[547]: systemd#16 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746741] bash[547]: systemd#17 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.746897] bash[547]: systemd#18 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747067] bash[547]: systemd#19 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747227] bash[547]: systemd#20 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747414] bash[547]: systemd#21 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747573] bash[547]: systemd#22 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747741] bash[547]: systemd#23 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.747896] bash[547]: systemd#24 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748064] bash[547]: systemd#25 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748225] bash[547]: systemd#26 0x100053e38 in execute_command (/usr/bin/bash+0x53e38) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748390] bash[547]: systemd#27 0x1000529d8 in execute_command_internal (/usr/bin/bash+0x529d8) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748553] bash[547]: systemd#28 0x1000bf91c in parse_and_execute (/usr/bin/bash+0xbf91c) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748717] bash[547]: systemd#29 0x1000311ec (/usr/bin/bash+0x311ec) (BuildId: da38eb38f6870bdc2a6ef51c52aa6ce20921fe40)
[10655.748883] bash[547]: Direct leak of 17 byte(s) in 1 object(s) allocated from:
...
```
(cherry picked from commit b8dd276)
teknoraver
added a commit
to teknoraver/systemd
that referenced
this pull request
Jul 16, 2025
Subtest TEST-07-PID1.private-bpf.sh fails with EPERM on Ubuntu 6.8 kernel: ``` root@H:~# uname -a Linux H 6.8.0-63-generic systemd#66-Ubuntu SMP PREEMPT_DYNAMIC Fri Jun 13 20:09:49 UTC 2025 aarch64 aarch64 aarch64 GNU/Linux root@H:~# systemd-run --wait -p PrivateUsers=yes -p PrivateMounts=yes -p DelegateNamespaces=mnt -p PrivateBPF=yes true Running as unit: run-r28cb45a5d2b2445796424307a8aa822b.service; invocation ID: beae8781e23343ce90dc128ee70e8c35 Finished with result: exit-code Main processes terminated with: code=exited, status=226/NAMESPACE Service runtime: 14ms CPU time consumed: 6ms Memory peak: 2.4M (swap: 0B) ``` Kernel 6.11 is the first know working, so check against this one: ``` root@H:~# uname -a Linux H 6.11.0-29-generic systemd#29~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Jun 26 13:59:03 UTC 2 aarch64 aarch64 aarch64 GNU/Linux root@H:~# systemd-run --wait -p PrivateUsers=yes -p PrivateMounts=yes -p DelegateNamespaces=mnt -p PrivateBPF=yes true Running as unit: run-p1147-i13989.service; invocation ID: f14c406d325e44939c8d2a18d5102e23 Finished with result: success Main processes terminated with: code=exited, status=0/SUCCESS Service runtime: 22ms CPU time consumed: 7ms Memory peak: 2.3M (swap: 0B) ```
teknoraver
added a commit
to teknoraver/systemd
that referenced
this pull request
Jul 16, 2025
Subtest TEST-07-PID1.private-bpf.sh fails with `status=226/NAMESPACE` on Ubuntu 6.8 kernel: ``` root@H:~# uname -a Linux H 6.8.0-63-generic systemd#66-Ubuntu SMP PREEMPT_DYNAMIC Fri Jun 13 20:09:49 UTC 2025 aarch64 aarch64 aarch64 GNU/Linux root@H:~# systemd-run --wait -p PrivateUsers=yes -p PrivateMounts=yes -p DelegateNamespaces=mnt -p PrivateBPF=yes true Running as unit: run-r28cb45a5d2b2445796424307a8aa822b.service; invocation ID: beae8781e23343ce90dc128ee70e8c35 Finished with result: exit-code Main processes terminated with: code=exited, status=226/NAMESPACE Service runtime: 14ms CPU time consumed: 6ms Memory peak: 2.4M (swap: 0B) ``` The reason is `fsconfig()` returning `EPERM` when running inside a container, even in a privileged one. ``` [pid 4175] fsconfig(3, FSCONFIG_SET_STRING, "delegate_cmds", "0x0", 0) = 0 [pid 4175] fsconfig(3, FSCONFIG_SET_STRING, "delegate_maps", "0x0", 0) = 0 [pid 4175] fsconfig(3, FSCONFIG_SET_STRING, "delegate_progs", "0x0", 0) = 0 [pid 4175] fsconfig(3, FSCONFIG_SET_STRING, "delegate_attachs", "0x0", 0) = 0 [pid 4175] fsconfig(3, FSCONFIG_CMD_CREATE, NULL, NULL, 0) = -1 EPERM (Operation not permitted) ``` Kernel 6.11 is the first know working, so check against this one: ``` root@H:~# uname -a Linux H 6.11.0-29-generic systemd#29~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Jun 26 13:59:03 UTC 2 aarch64 aarch64 aarch64 GNU/Linux root@H:~# systemd-run --wait -p PrivateUsers=yes -p PrivateMounts=yes -p DelegateNamespaces=mnt -p PrivateBPF=yes true Running as unit: run-p1147-i13989.service; invocation ID: f14c406d325e44939c8d2a18d5102e23 Finished with result: success Main processes terminated with: code=exited, status=0/SUCCESS Service runtime: 22ms CPU time consumed: 7ms Memory peak: 2.3M (swap: 0B) ```
teknoraver
added a commit
to teknoraver/systemd
that referenced
this pull request
Jul 16, 2025
Subtest TEST-07-PID1.private-bpf.sh fails with `status=226/NAMESPACE` on Ubuntu 6.8 kernel: ``` root@H:~# uname -a Linux H 6.8.0-63-generic systemd#66-Ubuntu SMP PREEMPT_DYNAMIC Fri Jun 13 20:09:49 UTC 2025 aarch64 aarch64 aarch64 GNU/Linux root@H:~# systemd-run --wait -p PrivateUsers=yes -p PrivateMounts=yes -p DelegateNamespaces=mnt -p PrivateBPF=yes true Running as unit: run-r28cb45a5d2b2445796424307a8aa822b.service; invocation ID: beae8781e23343ce90dc128ee70e8c35 Finished with result: exit-code Main processes terminated with: code=exited, status=226/NAMESPACE Service runtime: 14ms CPU time consumed: 6ms Memory peak: 2.4M (swap: 0B) ``` The reason is `fsconfig()` returning `EPERM` when running inside a container, even in a privileged one. ``` [pid 4175] fsconfig(3, FSCONFIG_SET_STRING, "delegate_cmds", "0x0", 0) = 0 [pid 4175] fsconfig(3, FSCONFIG_SET_STRING, "delegate_maps", "0x0", 0) = 0 [pid 4175] fsconfig(3, FSCONFIG_SET_STRING, "delegate_progs", "0x0", 0) = 0 [pid 4175] fsconfig(3, FSCONFIG_SET_STRING, "delegate_attachs", "0x0", 0) = 0 [pid 4175] fsconfig(3, FSCONFIG_CMD_CREATE, NULL, NULL, 0) = -1 EPERM (Operation not permitted) ``` Kernel 6.11 is the first know working, so check against this one: ``` root@H:~# uname -a Linux H 6.11.0-29-generic systemd#29~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Jun 26 13:59:03 UTC 2 aarch64 aarch64 aarch64 GNU/Linux root@H:~# systemd-run --wait -p PrivateUsers=yes -p PrivateMounts=yes -p DelegateNamespaces=mnt -p PrivateBPF=yes true Running as unit: run-p1147-i13989.service; invocation ID: f14c406d325e44939c8d2a18d5102e23 Finished with result: success Main processes terminated with: code=exited, status=0/SUCCESS Service runtime: 22ms CPU time consumed: 7ms Memory peak: 2.3M (swap: 0B) ```
bluca
added a commit
to bluca/systemd
that referenced
this pull request
Aug 16, 2025
When check_access() was added, the callback data parameter was changed from a pointer to a double pointer, resulting in a crash when it is accessed when logging an error: #0 __internal_syscall_cancel (a1=a1@entry=0, a2=a2@entry=0, a3=a3@entry=140726176497168, a4=a4@entry=4, a5=a5@entry=0, a6=a6@entry=0, nr=247) at ./nptl/cancellation.c:44 #1 0x00007f5d0ec996ad in __syscall_cancel (a1=a1@entry=0, a2=a2@entry=0, a3=a3@entry=140726176497168, a4=a4@entry=4, a5=a5@entry=0, a6=a6@entry=0, nr=247) at ./nptl/cancellation.c:75 #2 0x00007f5d0ed047ab in __waitid (idtype=idtype@entry=P_ALL, id=id@entry=0, infop=infop@entry=0x7ffd5dc2be10, options=options@entry=4) at ../sysdeps/unix/sysv/linux/waitid.c:29 #3 0x00007f5d0f044412 in freeze () at ../src/basic/process-util.c:2039 #4 0x00005568f181bc2a in freeze_or_exit_or_reboot () at ../src/core/crash-handler.c:55 #5 0x00005568f181be82 in crash (sig=<optimized out>, siginfo=<optimized out>, context=<optimized out>) at ../src/core/crash-handler.c:184 #6 <signal handler called> #7 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76 #8 0x00007f5d0ec6e300 in __printf_buffer (buf=buf@entry=0x7ffd5dc2ca90, format=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", ap=0x7ffd5dc2d3d0, mode_flags=2) at ./stdio-common/vfprintf-process-arg.c:435 #9 0x00007f5d0ec91daf in __vsnprintf_internal (string=string@entry=0x7ffd5dc2cb70 "", maxlen=maxlen@entry=2048, format=format@entry=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", args=args@entry=0x7ffd5dc2d3d0, mode_flags=mode_flags@entry=2) at ./libio/vsnprintf.c:96 #10 0x00007f5d0ed27044 in ___vsnprintf_chk (s=s@entry=0x7ffd5dc2cb70 "", maxlen=maxlen@entry=2048, flag=flag@entry=1, slen=slen@entry=2048, format=format@entry=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", ap=ap@entry=0x7ffd5dc2d3d0) at ./debug/vsnprintf_chk.c:34 #11 0x00007f5d0f02de59 in vsnprintf (__s=0x7ffd5dc2cb70 "", __n=2048, __fmt=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", __ap=0x7ffd5dc2d3d0) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:100 #12 log_internalv (level=7, error=-9, file=0x7f5d0f196643 "src/libsystemd/sd-varlink/sd-varlink.c", line=2853, func=0x7f5d0f1d5ca0 <__func__.62> "sd_varlink_get_peer_uid", format=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", ap=0x7ffd5dc2d3d0) at ../src/basic/log.c:865 #13 0x00007f5d0f02ded5 in log_internalv (level=<optimized out>, error=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>, format=<optimized out>, ap=0x7ffd5dc2d3d0) at ../src/basic/log.c:868 #14 0x00007f5d0f02df67 in log_internal (level=<optimized out>, error=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>, format=<optimized out>) at ../src/basic/log.c:882 #15 0x00007f5d0f10a135 in sd_varlink_get_peer_uid (v=0x7f5d0f5ab110 <__func__.44>, ret=ret@entry=0x7ffd5dc2d4f0) at ../src/libsystemd/sd-varlink/sd-varlink.c:2853 #16 0x00007f5d0f50c29e in audit_callback (auditdata=0x7ffd5dc2d698, cls=<optimized out>, msgbuf=0x55692366e77d "", msgbufsize=995) at ../src/core/selinux-access.c:65 #17 0x00007f5d0f716079 in avc_suppl_audit (ptr=0x7ffd5dc2d698, class=95, buf=<optimized out>, len=<optimized out>) at ./src/avc_internal.h:101 #18 avc_audit (ssid=0x5569237f2890, tsid=0x556922d7f4b0, tclass=<optimized out>, requested=<optimized out>, avd=<optimized out>, result=0, a=0x7ffd5dc2d698) at ./src/avc.c:721 #19 0x00007f5d0f716367 in avc_has_perm (ssid=0x5569237f2890, tsid=0x556922d7f4b0, tclass=tclass@entry=95, requested=4, aeref=aeref@entry=0x0, auditdata=auditdata@entry=0x7ffd5dc2d698) at ./src/avc.c:836 #20 0x00007f5d0f718b0a in selinux_check_access (scon=scon@entry=0x55692384cbc0 "system_u:system_r:policykit_t:s0", tcon=tcon@entry=0x556922c98a20 "system_u:object_r:systemd_networkd_unit_t:s0", class=class@entry=0x7f5d0f580b9e "service", perm=perm@entry=0x7f5d0f580cc0 "status", aux=aux@entry=0x7ffd5dc2d698) at ./src/checkAccess.c:64 #21 0x00007f5d0f50bf7e in check_access (scon=0x55692384cbc0 "system_u:system_r:policykit_t:s0", tcon=0x556922c98a20 "system_u:object_r:systemd_networkd_unit_t:s0", tclass=0x7f5d0f580b9e "service", permission=permission@entry=0x7f5d0f580cc0 "status", audit_info=<optimized out>, audit_info@entry=0x7ffd5dc2d720, error=error@entry=0x7ffd5dc2d880) at ../src/core/selinux-access.c:229 #22 0x00007f5d0f5100a1 in mac_selinux_access_check_bus_internal (message=<optimized out>, unit=<optimized out>, permission=0x7f5d0f580cc0 "status", function=0x7f5d0f5ab110 <__func__.44> "method_get_unit_by_pidfd", error=0x7ffd5dc2d880) at ../src/core/selinux-access.c:329 #23 0x00007f5d0f4a024b in method_get_unit_by_pidfd (message=0x5569236d9010, userdata=<optimized out>, error=0x7ffd5dc2d880) at ../src/core/dbus-manager.c:657 #24 0x00007f5d0f0c9bd0 in method_callbacks_run (bus=0x5569238684e0, m=0x5569236d9010, c=<optimized out>, require_fallback=false, found_object=0x7ffd5dc2d947) at ../src/libsystemd/sd-bus/bus-objects.c:413 #25 object_find_and_run (bus=bus@entry=0x5569238684e0, m=m@entry=0x5569236d9010, p=<optimized out>, require_fallback=require_fallback@entry=false, found_object=found_object@entry=0x7ffd5dc2d947) at ../src/libsystemd/sd-bus/bus-objects.c:1323 #26 0x00007f5d0f0cafa2 in bus_process_object (bus=0x5569238684e0, m=0x5569236d9010) at ../src/libsystemd/sd-bus/bus-objects.c:1443 systemd#27 0x00007f5d0f0d8c3e in process_message (bus=0x5569238684e0, m=0x5569236d9010) at ../src/libsystemd/sd-bus/sd-bus.c:3006 systemd#28 process_running (bus=0x5569238684e0, ret=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3048 systemd#29 bus_process_internal (bus=bus@entry=0x5569238684e0, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3275 systemd#30 0x00007f5d0f0d9099 in sd_bus_process (bus=bus@entry=0x5569238684e0, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3302 systemd#31 0x00007f5d0f0db3ec in io_callback (s=<optimized out>, fd=<optimized out>, revents=<optimized out>, userdata=0x5569238684e0) at ../src/libsystemd/sd-bus/sd-bus.c:3643 systemd#32 0x00007f5d0f0a53d9 in source_dispatch (s=s@entry=0x5569236dea60) at ../src/libsystemd/sd-event/sd-event.c:4163 systemd#33 0x00007f5d0f0a563d in sd_event_dispatch (e=<optimized out>, e@entry=0x5569232f6c00) at ../src/libsystemd/sd-event/sd-event.c:4782 systemd#34 0x00007f5d0f0a6d38 in sd_event_run (e=<optimized out>, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:4843 systemd#35 0x00007f5d0f4f7871 in manager_loop (m=m@entry=0x5569232f8250) at ../src/core/manager.c:3310 systemd#36 0x00005568f181517d in invoke_main_loop (m=0x5569232f8250, saved_rlimit_nofile=0x7ffd5dc2dcb0, saved_rlimit_memlock=0x7ffd5dc2dca0, ret_retval=<synthetic pointer>, ret_fds=0x7ffd5dc2dc78, ret_switch_root_dir=<synthetic pointer>, ret_switch_root_init=<synthetic pointer>, ret_error_message=0x7ffd5dc2dc90) at ../src/core/main.c:2140 systemd#37 main (argc=<optimized out>, argv=0x7ffd5dc2dfe8) at ../src/core/main.c:3351 Follow-up for fe3f2ac
yuwata
pushed a commit
that referenced
this pull request
Aug 17, 2025
When check_access() was added, the callback data parameter was changed from a pointer to a double pointer, resulting in a crash when it is accessed when logging an error: #0 __internal_syscall_cancel (a1=a1@entry=0, a2=a2@entry=0, a3=a3@entry=140726176497168, a4=a4@entry=4, a5=a5@entry=0, a6=a6@entry=0, nr=247) at ./nptl/cancellation.c:44 #1 0x00007f5d0ec996ad in __syscall_cancel (a1=a1@entry=0, a2=a2@entry=0, a3=a3@entry=140726176497168, a4=a4@entry=4, a5=a5@entry=0, a6=a6@entry=0, nr=247) at ./nptl/cancellation.c:75 #2 0x00007f5d0ed047ab in __waitid (idtype=idtype@entry=P_ALL, id=id@entry=0, infop=infop@entry=0x7ffd5dc2be10, options=options@entry=4) at ../sysdeps/unix/sysv/linux/waitid.c:29 #3 0x00007f5d0f044412 in freeze () at ../src/basic/process-util.c:2039 #4 0x00005568f181bc2a in freeze_or_exit_or_reboot () at ../src/core/crash-handler.c:55 #5 0x00005568f181be82 in crash (sig=<optimized out>, siginfo=<optimized out>, context=<optimized out>) at ../src/core/crash-handler.c:184 #6 <signal handler called> #7 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76 #8 0x00007f5d0ec6e300 in __printf_buffer (buf=buf@entry=0x7ffd5dc2ca90, format=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", ap=0x7ffd5dc2d3d0, mode_flags=2) at ./stdio-common/vfprintf-process-arg.c:435 #9 0x00007f5d0ec91daf in __vsnprintf_internal (string=string@entry=0x7ffd5dc2cb70 "", maxlen=maxlen@entry=2048, format=format@entry=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", args=args@entry=0x7ffd5dc2d3d0, mode_flags=mode_flags@entry=2) at ./libio/vsnprintf.c:96 #10 0x00007f5d0ed27044 in ___vsnprintf_chk (s=s@entry=0x7ffd5dc2cb70 "", maxlen=maxlen@entry=2048, flag=flag@entry=1, slen=slen@entry=2048, format=format@entry=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", ap=ap@entry=0x7ffd5dc2d3d0) at ./debug/vsnprintf_chk.c:34 #11 0x00007f5d0f02de59 in vsnprintf (__s=0x7ffd5dc2cb70 "", __n=2048, __fmt=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", __ap=0x7ffd5dc2d3d0) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:100 #12 log_internalv (level=7, error=-9, file=0x7f5d0f196643 "src/libsystemd/sd-varlink/sd-varlink.c", line=2853, func=0x7f5d0f1d5ca0 <__func__.62> "sd_varlink_get_peer_uid", format=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m", ap=0x7ffd5dc2d3d0) at ../src/basic/log.c:865 #13 0x00007f5d0f02ded5 in log_internalv (level=<optimized out>, error=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>, format=<optimized out>, ap=0x7ffd5dc2d3d0) at ../src/basic/log.c:868 #14 0x00007f5d0f02df67 in log_internal (level=<optimized out>, error=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>, format=<optimized out>) at ../src/basic/log.c:882 #15 0x00007f5d0f10a135 in sd_varlink_get_peer_uid (v=0x7f5d0f5ab110 <__func__.44>, ret=ret@entry=0x7ffd5dc2d4f0) at ../src/libsystemd/sd-varlink/sd-varlink.c:2853 #16 0x00007f5d0f50c29e in audit_callback (auditdata=0x7ffd5dc2d698, cls=<optimized out>, msgbuf=0x55692366e77d "", msgbufsize=995) at ../src/core/selinux-access.c:65 #17 0x00007f5d0f716079 in avc_suppl_audit (ptr=0x7ffd5dc2d698, class=95, buf=<optimized out>, len=<optimized out>) at ./src/avc_internal.h:101 #18 avc_audit (ssid=0x5569237f2890, tsid=0x556922d7f4b0, tclass=<optimized out>, requested=<optimized out>, avd=<optimized out>, result=0, a=0x7ffd5dc2d698) at ./src/avc.c:721 #19 0x00007f5d0f716367 in avc_has_perm (ssid=0x5569237f2890, tsid=0x556922d7f4b0, tclass=tclass@entry=95, requested=4, aeref=aeref@entry=0x0, auditdata=auditdata@entry=0x7ffd5dc2d698) at ./src/avc.c:836 #20 0x00007f5d0f718b0a in selinux_check_access (scon=scon@entry=0x55692384cbc0 "system_u:system_r:policykit_t:s0", tcon=tcon@entry=0x556922c98a20 "system_u:object_r:systemd_networkd_unit_t:s0", class=class@entry=0x7f5d0f580b9e "service", perm=perm@entry=0x7f5d0f580cc0 "status", aux=aux@entry=0x7ffd5dc2d698) at ./src/checkAccess.c:64 #21 0x00007f5d0f50bf7e in check_access (scon=0x55692384cbc0 "system_u:system_r:policykit_t:s0", tcon=0x556922c98a20 "system_u:object_r:systemd_networkd_unit_t:s0", tclass=0x7f5d0f580b9e "service", permission=permission@entry=0x7f5d0f580cc0 "status", audit_info=<optimized out>, audit_info@entry=0x7ffd5dc2d720, error=error@entry=0x7ffd5dc2d880) at ../src/core/selinux-access.c:229 #22 0x00007f5d0f5100a1 in mac_selinux_access_check_bus_internal (message=<optimized out>, unit=<optimized out>, permission=0x7f5d0f580cc0 "status", function=0x7f5d0f5ab110 <__func__.44> "method_get_unit_by_pidfd", error=0x7ffd5dc2d880) at ../src/core/selinux-access.c:329 #23 0x00007f5d0f4a024b in method_get_unit_by_pidfd (message=0x5569236d9010, userdata=<optimized out>, error=0x7ffd5dc2d880) at ../src/core/dbus-manager.c:657 #24 0x00007f5d0f0c9bd0 in method_callbacks_run (bus=0x5569238684e0, m=0x5569236d9010, c=<optimized out>, require_fallback=false, found_object=0x7ffd5dc2d947) at ../src/libsystemd/sd-bus/bus-objects.c:413 #25 object_find_and_run (bus=bus@entry=0x5569238684e0, m=m@entry=0x5569236d9010, p=<optimized out>, require_fallback=require_fallback@entry=false, found_object=found_object@entry=0x7ffd5dc2d947) at ../src/libsystemd/sd-bus/bus-objects.c:1323 #26 0x00007f5d0f0cafa2 in bus_process_object (bus=0x5569238684e0, m=0x5569236d9010) at ../src/libsystemd/sd-bus/bus-objects.c:1443 #27 0x00007f5d0f0d8c3e in process_message (bus=0x5569238684e0, m=0x5569236d9010) at ../src/libsystemd/sd-bus/sd-bus.c:3006 #28 process_running (bus=0x5569238684e0, ret=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3048 #29 bus_process_internal (bus=bus@entry=0x5569238684e0, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3275 #30 0x00007f5d0f0d9099 in sd_bus_process (bus=bus@entry=0x5569238684e0, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3302 #31 0x00007f5d0f0db3ec in io_callback (s=<optimized out>, fd=<optimized out>, revents=<optimized out>, userdata=0x5569238684e0) at ../src/libsystemd/sd-bus/sd-bus.c:3643 #32 0x00007f5d0f0a53d9 in source_dispatch (s=s@entry=0x5569236dea60) at ../src/libsystemd/sd-event/sd-event.c:4163 #33 0x00007f5d0f0a563d in sd_event_dispatch (e=<optimized out>, e@entry=0x5569232f6c00) at ../src/libsystemd/sd-event/sd-event.c:4782 #34 0x00007f5d0f0a6d38 in sd_event_run (e=<optimized out>, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:4843 #35 0x00007f5d0f4f7871 in manager_loop (m=m@entry=0x5569232f8250) at ../src/core/manager.c:3310 #36 0x00005568f181517d in invoke_main_loop (m=0x5569232f8250, saved_rlimit_nofile=0x7ffd5dc2dcb0, saved_rlimit_memlock=0x7ffd5dc2dca0, ret_retval=<synthetic pointer>, ret_fds=0x7ffd5dc2dc78, ret_switch_root_dir=<synthetic pointer>, ret_switch_root_init=<synthetic pointer>, ret_error_message=0x7ffd5dc2dc90) at ../src/core/main.c:2140 #37 main (argc=<optimized out>, argv=0x7ffd5dc2dfe8) at ../src/core/main.c:3351 Follow-up for fe3f2ac
lionheartyu
added a commit
to lionheartyu/systemd_
that referenced
this pull request
Dec 8, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It appears in /proc/self/cgroup as `0::/'