git: 9ecbda844643 - stable/13 - syslogd: Ignore getaddrinfo() errors if -ss is specified

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Sat, 19 Oct 2024 13:18:00 UTC
The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=9ecbda844643f19aba4c1652b2f9db7c8427d336

commit 9ecbda844643f19aba4c1652b2f9db7c8427d336
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-09-19 10:00:33 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-10-19 13:17:51 +0000

    syslogd: Ignore getaddrinfo() errors if -ss is specified
    
    This can arise if the jail doesn't have networking configured, and if
    -ss is specified, syslogd won't listen on port 514 anyway.
    
    Add a regression test case for this as well.
    
    PR:             238006
    MFC after:      1 month
    
    (cherry picked from commit 5d045d556b1cfeb1487d49017b536afb3df105d3)
---
 usr.sbin/syslogd/syslogd.c             |  8 ++++++++
 usr.sbin/syslogd/tests/syslogd_test.sh | 34 +++++++++++++++++++++++++++++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index 02f8aa39afe8..e78e2327be3b 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c
@@ -3825,6 +3825,14 @@ socksetup(struct peer *pe)
 	if (pe->pe_serv == NULL)
 		pe->pe_serv = "syslog";
 	error = getaddrinfo(pe->pe_name, pe->pe_serv, &hints, &res0);
+	if (error == EAI_NONAME && pe->pe_name == NULL && SecureMode > 1) {
+		/*
+		 * If we're in secure mode, we won't open inet sockets anyway.
+		 * This failure can arise legitimately when running in a jail
+		 * without networking.
+		 */
+		return (0);
+	}
 	if (error) {
 		char *msgbuf;
 
diff --git a/usr.sbin/syslogd/tests/syslogd_test.sh b/usr.sbin/syslogd/tests/syslogd_test.sh
index e4927868e47f..08e6d76b9ba6 100644
--- a/usr.sbin/syslogd/tests/syslogd_test.sh
+++ b/usr.sbin/syslogd/tests/syslogd_test.sh
@@ -22,7 +22,13 @@ readonly SYSLOGD_LOCAL_PRIVSOCKET="${PWD}/logpriv.sock"
 # Start a private syslogd instance.
 syslogd_start()
 {
-    syslogd \
+    local jail
+
+    if [ "$1" = "-j" ]; then
+        jail="jexec $2"
+        shift 2
+    fi
+    $jail syslogd \
         -b ":${SYSLOGD_UDP_PORT}" \
         -C \
         -d \
@@ -288,6 +294,31 @@ pipe_action_cleanup()
     syslogd_stop
 }
 
+atf_test_case "jail_noinet" "cleanup"
+jail_noinet_head()
+{
+    atf_set descr "syslogd -ss can be run in a jail without INET support"
+    atf_set require.user root
+}
+jail_noinet_body()
+{
+    local logfile
+
+    atf_check jail -c name=syslogd_noinet persist
+
+    logfile="${PWD}/jail_noinet.log"
+    printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}"
+    syslogd_start -j syslogd_noinet -ss
+
+    syslogd_log -p user.debug -t "test" -h "${SYSLOGD_LOCAL_SOCKET}" \
+        "hello, world"
+    atf_check -s exit:0 -o match:"test: hello, world" cat "${logfile}"
+}
+jail_noinet_cleanup()
+{
+    jail -r syslogd_noinet
+}
+
 atf_init_test_cases()
 {
     atf_add_test_case "basic"
@@ -296,4 +327,5 @@ atf_init_test_cases()
     atf_add_test_case "host_filter"
     atf_add_test_case "prop_filter"
     atf_add_test_case "pipe_action"
+    atf_add_test_case "jail_noinet"
 }