From 0460aa5c0862cfc39d05ddfece35ba4f7b6cd929 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 15 Sep 2017 16:42:09 +0200 Subject: [PATCH] execute: improve and augment execution log messages Let's generate friendly messages for more cases, and make slight adjustments to the existing messages. --- src/core/execute.c | 50 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index e2d84fe..9e1add3 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -2399,7 +2399,7 @@ static int exec_child( r = reset_signal_mask(); if (r < 0) { *exit_status = EXIT_SIGNAL_MASK; - *error_message = strdup("Failed to reset signal mask"); + *error_message = strdup("Failed to set process signal mask"); /* If strdup fails, here and below, we will just print the generic error message. */ return r; } @@ -2417,13 +2417,14 @@ static int exec_child( r = close_remaining_fds(params, runtime, dcreds, user_lookup_fd, socket_fd, fds, n_fds); if (r < 0) { *exit_status = EXIT_FDS; - *error_message = strdup("Failed to close remaining fds"); + *error_message = strdup("Failed to close unwanted file descriptors"); return r; } if (!context->same_pgrp) if (setsid() < 0) { *exit_status = EXIT_SETSID; + *error_message = strdup("Failed to create new process session"); return -errno; } @@ -2435,7 +2436,7 @@ static int exec_child( cmdline = exec_command_line(argv); if (!cmdline) { - *exit_status = EXIT_CONFIRM; + *exit_status = EXIT_MEMORY; return -ENOMEM; } @@ -2446,7 +2447,7 @@ static int exec_child( return 0; } *exit_status = EXIT_CONFIRM; - *error_message = strdup("Execution cancelled"); + *error_message = strdup("Execution cancelled by the user"); return -ECANCELED; } } @@ -2532,21 +2533,21 @@ static int exec_child( r = setup_input(context, params, socket_fd, named_iofds); if (r < 0) { *exit_status = EXIT_STDIN; - *error_message = strdup("Failed to set up stdin"); + *error_message = strdup("Failed to set up standard input"); return r; } r = setup_output(unit, context, params, STDOUT_FILENO, socket_fd, named_iofds, basename(command->path), uid, gid, &journal_stream_dev, &journal_stream_ino); if (r < 0) { *exit_status = EXIT_STDOUT; - *error_message = strdup("Failed to set up stdout"); + *error_message = strdup("Failed to set up standard output"); return r; } r = setup_output(unit, context, params, STDERR_FILENO, socket_fd, named_iofds, basename(command->path), uid, gid, &journal_stream_dev, &journal_stream_ino); if (r < 0) { *exit_status = EXIT_STDERR; - *error_message = strdup("Failed to set up stderr"); + *error_message = strdup("Failed to set up standard error output"); return r; } @@ -2575,7 +2576,7 @@ static int exec_child( log_close(); } else if (r < 0) { *exit_status = EXIT_OOM_ADJUST; - *error_message = strdup("Failed to write /proc/self/oom_score_adj"); + *error_message = strdup("Failed to adjust OOM setting"); return -errno; } } @@ -2583,6 +2584,7 @@ static int exec_child( if (context->nice_set) if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) { *exit_status = EXIT_NICE; + *error_message = strdup("Failed to set up process scheduling priority (nice level"); return -errno; } @@ -2598,6 +2600,7 @@ static int exec_child( ¶m); if (r < 0) { *exit_status = EXIT_SETSCHEDULER; + *error_message = strdup("Failed to set up CPU scheduling"); return -errno; } } @@ -2605,18 +2608,21 @@ static int exec_child( if (context->cpuset) if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) { *exit_status = EXIT_CPUAFFINITY; + *error_message = strdup("Failed to set up CPU affinity"); return -errno; } if (context->ioprio_set) if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) { *exit_status = EXIT_IOPRIO; + *error_message = strdup("Failed to set up IO scheduling priority"); return -errno; } if (context->timer_slack_nsec != NSEC_INFINITY) if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) { *exit_status = EXIT_TIMERSLACK; + *error_message = strdup("Failed to set up timer slack"); return -errno; } @@ -2624,6 +2630,7 @@ static int exec_child( r = safe_personality(context->personality); if (r < 0) { *exit_status = EXIT_PERSONALITY; + *error_message = strdup("Failed to set up execution domain (personality)"); return r; } } @@ -2640,6 +2647,7 @@ static int exec_child( r = chown_terminal(STDIN_FILENO, uid); if (r < 0) { *exit_status = EXIT_STDIN; + *error_message = strdup("Failed to change ownership of terminal"); return r; } } @@ -2651,6 +2659,7 @@ static int exec_child( r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0644, uid, gid); if (r < 0) { *exit_status = EXIT_CGROUP; + *error_message = strdup("Failed to adjust control group access"); return r; } @@ -2658,14 +2667,17 @@ static int exec_child( r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0755, uid, gid); if (r < 0) { *exit_status = EXIT_CGROUP; + *error_message = strdup("Failed to adjust control group access"); return r; } } for (dt = 0; dt < _EXEC_DIRECTORY_MAX; dt++) { r = setup_exec_directory(context, params, uid, gid, dt, exit_status); - if (r < 0) + if (r < 0) { + *error_message = strdup("Failed to set up special execution directory"); return r; + } } r = build_environment( @@ -2708,6 +2720,7 @@ static int exec_child( r = setup_keyring(unit, params, uid, gid); if (r < 0) { *exit_status = EXIT_KEYRING; + *error_message = strdup("Failed to set up kernel keyring"); return r; } @@ -2744,6 +2757,7 @@ static int exec_child( r = setup_pam(context->pam_name, username, uid, gid, context->tty_path, &accum_env, fds, n_fds); if (r < 0) { *exit_status = EXIT_PAM; + *error_message = strdup("Failed to set up PAM session"); return r; } } @@ -2753,6 +2767,7 @@ static int exec_child( r = setup_netns(runtime->netns_storage_socket); if (r < 0) { *exit_status = EXIT_NETWORK; + *error_message = strdup("Failed to set up network namespacing"); return r; } } @@ -2762,19 +2777,23 @@ static int exec_child( r = apply_mount_namespace(unit, command, context, params, runtime); if (r < 0) { *exit_status = EXIT_NAMESPACE; + *error_message = strdup("Failed to set up mount namespacing"); return r; } } /* Apply just after mount namespace setup */ r = apply_working_directory(context, params, home, needs_mount_namespace, exit_status); - if (r < 0) + if (r < 0) { + *error_message = strdup("Changing to the requested working directory failed"); return r; + } /* Drop groups as early as possbile */ if (needs_setuid) { r = enforce_groups(context, gid, supplementary_gids, ngids); if (r < 0) { + *error_message = strdup("Changing group credentials failed"); *exit_status = EXIT_GROUP; return r; } @@ -2785,6 +2804,7 @@ static int exec_child( if (use_selinux && params->selinux_context_net && socket_fd >= 0) { r = mac_selinux_get_child_mls_label(socket_fd, command->path, context->selinux_context, &mac_selinux_context_net); if (r < 0) { + *error_message = strdup("Failed to determine SELinux context"); *exit_status = EXIT_SELINUX_CONTEXT; return r; } @@ -2794,6 +2814,7 @@ static int exec_child( if (context->private_users) { r = setup_private_users(uid, gid); if (r < 0) { + *error_message = strdup("Failed to set up user namespacing"); *exit_status = EXIT_USER; return r; } @@ -2809,6 +2830,7 @@ static int exec_child( if (r >= 0) r = flags_fds(fds, n_storage_fds, n_socket_fds, context->non_blocking); if (r < 0) { + *error_message = strdup("Failed to adjust passed file descriptors"); *exit_status = EXIT_FDS; return r; } @@ -2825,6 +2847,7 @@ static int exec_child( r = setrlimit_closest(i, context->rlimit[i]); if (r < 0) { + *error_message = strdup("Failed to adjust resource limits"); *exit_status = EXIT_LIMITS; return r; } @@ -2833,6 +2856,7 @@ static int exec_child( /* Set the RTPRIO resource limit to 0, but only if nothing else was explicitly requested. */ if (context->restrict_realtime && !context->rlimit[RLIMIT_RTPRIO]) { if (setrlimit(RLIMIT_RTPRIO, &RLIMIT_MAKE_CONST(0)) < 0) { + *error_message = strdup("Failed to adjust RLIMIT_RTPRIO resource limit"); *exit_status = EXIT_LIMITS; return -errno; } @@ -2915,7 +2939,7 @@ static int exec_child( r = setexeccon(exec_context); if (r < 0) { *exit_status = EXIT_SELINUX_CONTEXT; - (void) asprintf(error_message, "Failed to set SELinux context to %s", exec_context); + (void) asprintf(error_message, "Failed to change SELinux context to %s", exec_context); return r; } } @@ -2951,7 +2975,7 @@ static int exec_child( if (prctl(PR_GET_SECUREBITS) != secure_bits) if (prctl(PR_SET_SECUREBITS, secure_bits) < 0) { *exit_status = EXIT_SECUREBITS; - *error_message = strdup("Failed to set secure bits"); + *error_message = strdup("Failed to set process secure bits"); return -errno; } @@ -3031,7 +3055,7 @@ static int exec_child( r = apply_syscall_filter(unit, context, needs_ambient_hack); if (r < 0) { *exit_status = EXIT_SECCOMP; - *error_message = strdup("Failed to apply syscall filters"); + *error_message = strdup("Failed to apply system call filters"); return r; } #endif -- 2.7.4