git: 5d045d556b1c - main - syslogd: Ignore getaddrinfo() errors if -ss is specified

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Thu, 19 Sep 2024 10:02:27 UTC 
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=5d045d556b1cfeb1487d49017b536afb3df105d3

commit 5d045d556b1cfeb1487d49017b536afb3df105d3
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-09-19 10:00:33 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-09-19 10:01:37 +0000

    syslogd: Ignore getaddrinfo() errors if -ss is specified
    
    This can arise if the jail doesn't have networking configured, and if
    -ss is specified, syslogd won't listen on port 514 anyway.
    
    Add a regression test case for this as well.
    
    PR:             238006
    MFC after:      1 month
---
 usr.sbin/syslogd/syslogd.c             |  8 ++++++++
 usr.sbin/syslogd/tests/syslogd_test.sh | 34 +++++++++++++++++++++++++++++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index 7770e97e7a2d..12fa61b01bad 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c
@@ -548,6 +548,14 @@ addsock(const char *name, const char *serv, mode_t mode)
 	if (serv == NULL)
 		serv = "syslog";
 	error = getaddrinfo(name, serv, &hints, &res0);
+	if (error == EAI_NONAME && name == NULL && SecureMode > 1) {
+		/*
+		 * If we're in secure mode, we won't open inet sockets anyway.
+		 * This failure can arise legitimately when running in a jail
+		 * without networking.
+		 */
+		return;
+	}
 	if (error) {
 		asprintf(&msgbuf, "getaddrinfo failed for %s%s: %s",
 		    name == NULL ? "" : name, serv,
diff --git a/usr.sbin/syslogd/tests/syslogd_test.sh b/usr.sbin/syslogd/tests/syslogd_test.sh
index e4927868e47f..08e6d76b9ba6 100644
--- a/usr.sbin/syslogd/tests/syslogd_test.sh
+++ b/usr.sbin/syslogd/tests/syslogd_test.sh
@@ -22,7 +22,13 @@ readonly SYSLOGD_LOCAL_PRIVSOCKET="${PWD}/logpriv.sock"
 # Start a private syslogd instance.
 syslogd_start()
 {
-    syslogd \
+    local jail
+
+    if [ "$1" = "-j" ]; then
+        jail="jexec $2"
+        shift 2
+    fi
+    $jail syslogd \
         -b ":${SYSLOGD_UDP_PORT}" \
         -C \
         -d \
@@ -288,6 +294,31 @@ pipe_action_cleanup()
     syslogd_stop
 }
 
+atf_test_case "jail_noinet" "cleanup"
+jail_noinet_head()
+{
+    atf_set descr "syslogd -ss can be run in a jail without INET support"
+    atf_set require.user root
+}
+jail_noinet_body()
+{
+    local logfile
+
+    atf_check jail -c name=syslogd_noinet persist
+
+    logfile="${PWD}/jail_noinet.log"
+    printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}"
+    syslogd_start -j syslogd_noinet -ss
+
+    syslogd_log -p user.debug -t "test" -h "${SYSLOGD_LOCAL_SOCKET}" \
+        "hello, world"
+    atf_check -s exit:0 -o match:"test: hello, world" cat "${logfile}"
+}
+jail_noinet_cleanup()
+{
+    jail -r syslogd_noinet
+}
+
 atf_init_test_cases()
 {
     atf_add_test_case "basic"
@@ -296,4 +327,5 @@ atf_init_test_cases()
     atf_add_test_case "host_filter"
     atf_add_test_case "prop_filter"
     atf_add_test_case "pipe_action"
+    atf_add_test_case "jail_noinet"
 }