From nobody Thu Feb 01 21:26:09 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TQsQp0NNYz58hP2; Thu, 1 Feb 2024 21:26:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TQsQn5cxYz4WK0; Thu, 1 Feb 2024 21:26:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706822769; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TnUK5IGKPHL9nQQEGMLyoFB3rA6ldgZUCPBz7P7aHqA=; b=NgP/WglNzqoYkZhrmjNl3WPbVoPMWBaCF0J7e2XuqFcFOW12SaqrxU62w8mT0BTRoDjd8F 3Zpo2VFHNapmdyhORnIclG7j12B37zj4ayNl/RxGveC7OdU9W2OZKWGXV6RGSBEp14aJOr vT3GT8QMhanGRzoqR9TM8X6i2iE/yEJ2hX548sq2B2k9i8jU+Xdlgpwpri5MSN09Gsbou1 ScWyh+b8h16e/vfQyK9ft6mo57OsjBPMHxnNKZtEb7Zv3Z8pJd2W0woB0y+NV/M34GhjV5 KTniVFmHd8JCw4HuaPiUkEFZX23XjXdcA+HrbJezSyvBjnEc5T2VI24UTwaP6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706822769; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TnUK5IGKPHL9nQQEGMLyoFB3rA6ldgZUCPBz7P7aHqA=; b=MowkToBohpm9UtaqhySqu6LZatRgxulAMYDSaVx7SwCjI7aGPdXZmTrIRZ0CLIjVH9RRCO +NA0cmK+Y8ziGS7fD9j8U7wAKBmJVgUhBopaxYYjV5SulRTG85atY/us63Cdhg4qkwIwXQ /4l9sFp7TPhPWOMvqBtb3QWehC/fJpcS5RA7li3Pvihy+GdND5fFeV2igY6IwEBFs8OGsh vpX6sB8EY8DeXy9LaE6OLWYyq2vvSkLeYxnyjLsvNSAIHGUeYMZvBi1c5lhZZIjKRfZrjG jOLoDCzHD6wFtxe2muTpvQ4Z3ycDk4HggDp/Qx6JrPn7ZlUMdRWy4o5HLxF6xg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706822769; a=rsa-sha256; cv=none; b=sxBIzBzeW9ZDw4IHD700sd+B1906hKBrRLvu0agqLIahGyhM0Pjs64/JhwG89wHpStbfpG cwEIjuJu+LCjWH3XY8s6lVOSIGxF4wqD+8ZzEvUV0CT7KCBZfRhBP8Il7xEUjm5H8vqKGc kB3GxYb4psEqyWzV5GgJzFktMA3DNsSBGP6O7BhKX7iPv7Oa98O2HGgn3N1MTV5S0K0Ii9 uu80I+R1vlj6j/NiBfZbZ8SoKiFfsZwBgUGpdS4O9DoVK8uJiN14utAF/ioyBSJJ5Cas3H npPQRMAqAfps331KdWPOLrRIWaTGtdQMwEGcChtT+2y8aPT+R8ATlCo5q3PY/g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TQsQn4hlcz1HgR; Thu, 1 Feb 2024 21:26:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 411LQ9AS070545; Thu, 1 Feb 2024 21:26:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 411LQ9PT070542; Thu, 1 Feb 2024 21:26:09 GMT (envelope-from git) Date: Thu, 1 Feb 2024 21:26:09 GMT Message-Id: <202402012126.411LQ9PT070542@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 0a366bb44e65 - stable/13 - setusercontext(): Better error messages when priority is not set correctly List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 0a366bb44e65efeed9568b47c673ddc648a4d7e2 Auto-Submitted: auto-generated The branch stable/13 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=0a366bb44e65efeed9568b47c673ddc648a4d7e2 commit 0a366bb44e65efeed9568b47c673ddc648a4d7e2 Author: Olivier Certner AuthorDate: 2023-05-29 16:39:04 +0000 Commit: Olivier Certner CommitDate: 2024-02-01 21:23:37 +0000 setusercontext(): Better error messages when priority is not set correctly Polish the syslog messages to contain readily useful information. Behavior of capability 'priority' is inconsistent with what is done for all other contexts: 'umask', 'cpumask', resource limits, etc., where an absence of capability means to inherit the value. It is currently preserved for compatibility, but is subject to change on a future major release. Reviewed by: emaste, kib (older version) Approved by: emaste (mentor) MFC after: 3 days Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40349 (cherry picked from commit d988621b0c25209866ed5a98b1a8b20269935761) Approved by: markj (mentor) --- lib/libutil/login_class.c | 51 +++++++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c index 33a2189277ca..9c3285736f3b 100644 --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -474,9 +474,7 @@ setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags) int setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags) { - rlim_t p; login_cap_t *llc = NULL; - struct rtprio rtp; int error; if (lc == NULL) { @@ -493,30 +491,49 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in /* Set the process priority */ if (flags & LOGIN_SETPRIORITY) { - p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI); + const rlim_t def_val = LOGIN_DEFPRI, err_val = INT64_MIN; + rlim_t p = login_getcapnum(lc, "priority", def_val, err_val); + int rc; + + if (p == err_val) { + /* Invariant: 'lc' != NULL. */ + syslog(LOG_WARNING, + "%s%s%sLogin class '%s': " + "Invalid priority specification: '%s'", + pwd ? "Login '" : "", + pwd ? pwd->pw_name : "", + pwd ? "': " : "", + lc->lc_class, + login_getcapstr(lc, "priority", "", "")); + /* Reset the priority, as if the capability was not present. */ + p = def_val; + } if (p > PRIO_MAX) { + struct rtprio rtp; + rtp.type = RTP_PRIO_IDLE; p += RTP_PRIO_MIN - (PRIO_MAX + 1); rtp.prio = p > RTP_PRIO_MAX ? RTP_PRIO_MAX : p; - if (rtprio(RTP_SET, 0, &rtp)) - syslog(LOG_WARNING, "rtprio '%s' (%s): %m", - pwd ? pwd->pw_name : "-", - lc ? lc->lc_class : LOGIN_DEFCLASS); + rc = rtprio(RTP_SET, 0, &rtp); } else if (p < PRIO_MIN) { + struct rtprio rtp; + rtp.type = RTP_PRIO_REALTIME; p += RTP_PRIO_MAX - (PRIO_MIN - 1); rtp.prio = p < RTP_PRIO_MIN ? RTP_PRIO_MIN : p; - if (rtprio(RTP_SET, 0, &rtp)) - syslog(LOG_WARNING, "rtprio '%s' (%s): %m", - pwd ? pwd->pw_name : "-", - lc ? lc->lc_class : LOGIN_DEFCLASS); - } else { - if (setpriority(PRIO_PROCESS, 0, (int)p) != 0) - syslog(LOG_WARNING, "setpriority '%s' (%s): %m", - pwd ? pwd->pw_name : "-", - lc ? lc->lc_class : LOGIN_DEFCLASS); - } + rc = rtprio(RTP_SET, 0, &rtp); + } else + rc = setpriority(PRIO_PROCESS, 0, (int)p); + + if (rc != 0) + syslog(LOG_WARNING, + "%s%s%sLogin class '%s': " + "Setting priority failed: %m", + pwd ? "Login '" : "", + pwd ? pwd->pw_name : "", + pwd ? "': " : "", + lc ? lc->lc_class : ""); } /* Setup the user's group permissions */