mirror of
https://github.com/systemd/systemd
synced 2025-10-05 19:54:46 +02:00
Compare commits
17 Commits
0ccc31d964
...
7199811942
| Author | SHA1 | Date | |
|---|---|---|---|
|
7199811942 | ||
|
|
1fe7ebe8c2 | ||
|
|
f1d3241346 | ||
|
|
e62ff1856c | ||
|
|
fa32f4cd75 | ||
|
|
a6da6c9050 | ||
|
|
5115710528 | ||
|
|
dcccbe049c | ||
|
|
15b0b6cd71 | ||
|
|
23d56ae890 | ||
|
|
36c3862789 | ||
|
|
3a883e89bc | ||
|
|
4e346e10d2 | ||
|
|
de69562623 | ||
|
|
7f6086d530 | ||
|
|
5c34d85c74 | ||
|
|
5918ba9c69 |
210
NEWS
210
NEWS
@ -66,21 +66,22 @@ CHANGES WITH 258 in spe:
|
||||
|
||||
* Support for the SystemdOptions EFI variable has been removed.
|
||||
|
||||
* The meson options 'split-usr', 'rootlibdir', 'rootprefix' (deprecated
|
||||
in v255), 'default-hierarchy' (v256), and 'nscd' (v257) have been
|
||||
removed.
|
||||
* Meson options '-Dsplit-usr=', '-Drootlibdir=', '-Drootprefix='
|
||||
(deprecated in v255), '-Ddefault-hierarchy=' (deprecated in v256),
|
||||
and '-Dnscd=' (deprecated in v257) have been removed.
|
||||
|
||||
* OpenSSL is now the only supported cryptography backend for
|
||||
systemd-resolved and systemd-importd, and support for gnutls and
|
||||
gcrypt has been removed. Hence, 'gnutls' for 'dns-over-tls=' meson
|
||||
option has been deprecated. Also, the 'cryptolib' meson option has
|
||||
been deprecated. They will be removed in a future release.
|
||||
gcrypt has been removed. Hence, 'gnutls' setting for the
|
||||
'-Ddns-over-tls=' meson option has been deprecated. Also, the
|
||||
'-Dcryptolib=' meson option has been deprecated. They will be removed
|
||||
in a future release.
|
||||
|
||||
* systemd-logind's session tracking, which used to be performed via a
|
||||
FIFO installed in the client, has been fully switched to be
|
||||
pidfd-based. The fd returned by CreateSession() and related calls is
|
||||
therefore unused. Moreover, the exit of session leader process will
|
||||
immediately cause the session to be stopped.
|
||||
FIFO installed in the client, now uses PIDFDs. The file descriptor
|
||||
returned by CreateSession() and related calls is therefore unused.
|
||||
Moreover, the exit of the session leader process will immediately
|
||||
cause the session to be stopped.
|
||||
|
||||
* To work around limitations of X11's keyboard handling systemd's
|
||||
keyboard mapping hardware database (hwdb.d/60-keyboard.hwdb) so far
|
||||
@ -106,7 +107,7 @@ CHANGES WITH 258 in spe:
|
||||
through LLDP protocol, but now emits a deterministic ID,
|
||||
cryptographically derived from the machine ID as chassis ID. If you
|
||||
want to use the previous behavior, please set
|
||||
SYSTEMD_LLDP_SEND_MACHINE_ID=1 environment variable to
|
||||
SYSTEMD_LLDP_SEND_MACHINE_ID=1 environment variable for
|
||||
systemd-networkd.
|
||||
|
||||
* Support for the !! command line prefix on ExecStart= lines (and
|
||||
@ -137,11 +138,11 @@ CHANGES WITH 258 in spe:
|
||||
of the DeviceAllow= list. The latter behaviour has been removed.
|
||||
|
||||
* The command 'journalctl --follow' now exits with success on
|
||||
SIGTERM/SIGINT, or its pipe STDOUT is disconnected.
|
||||
SIGTERM/SIGINT and when the pipe it is writing to is disconnected.
|
||||
|
||||
* Support for System V style system state control has been removed:
|
||||
- The /dev/initctl device node has been removed.
|
||||
- The initctl, runlevel and telinit commands have been removed.
|
||||
- The initctl, runlevel, and telinit commands have been removed.
|
||||
- Support for system state control via the init command (e.g.
|
||||
'init 3') has been removed.
|
||||
- The units runlevel[0-6].target have been removed.
|
||||
@ -171,8 +172,8 @@ CHANGES WITH 258 in spe:
|
||||
managed by "systemd-factory-reset request" and "systemd-factory-reset
|
||||
complete".
|
||||
|
||||
* The meson option 'integration-tests' has been deprecated, and will be
|
||||
removed in a future release.
|
||||
* The meson option '-Dintegration-tests=' has been deprecated, and will
|
||||
be removed in a future release.
|
||||
|
||||
Service manager/PID1:
|
||||
|
||||
@ -214,8 +215,8 @@ CHANGES WITH 258 in spe:
|
||||
* The security rules enforced by the per-unit AttachProcesses() bus API
|
||||
call have been relaxed a bit: unprivileged clients may now use the
|
||||
call on arbitrary processes which run in any user namespace owned by
|
||||
the client's UID. Previously, a stricter rule applied, that required
|
||||
the UID of the process to move and of the client to match exactly.
|
||||
the client's UID. Previously, a stricter rule applied that required
|
||||
the UIDs of the process to move and of the client to match exactly.
|
||||
|
||||
* A new per-unit RemoveSubgroup() D-Bus API call has been added that
|
||||
makes the service manager attempt to remove a sub-cgroup of units
|
||||
@ -258,7 +259,7 @@ CHANGES WITH 258 in spe:
|
||||
|
||||
* So far the ConditionHost= condition matched against the local host
|
||||
name and machine UUID. It now also matches against the local product
|
||||
ID of the system (as provided by SMBIOS/DMI), and the boot ID.
|
||||
ID of the system (as provided by SMBIOS/DMI) and the boot ID.
|
||||
|
||||
* A new setting DelegateNamespaces= for units has been added, which
|
||||
controls which type of Linux namespaces to delegate to the invoked
|
||||
@ -297,9 +298,8 @@ CHANGES WITH 258 in spe:
|
||||
with strong resource management, and support for hierarchial job
|
||||
pools (by means of slices).
|
||||
|
||||
* ExecStart= lines (and the other ExecXYZ= lines) gained a new '|'
|
||||
special prefix that if specified causes the command line to be
|
||||
invoked via a shell.
|
||||
* ExecStart= lines (and the other ExecXYZ= lines) now support a new '|'
|
||||
prefix that causes the command line to be invoked via a shell.
|
||||
|
||||
* A basic Varlink API is now implemented in the service manager that
|
||||
can be used to determine its current state, and list units and their
|
||||
@ -371,6 +371,10 @@ CHANGES WITH 258 in spe:
|
||||
* A new PrivateBPF= switch has been added for unit files, which may be
|
||||
used to mount a private bpffs instance for the unit's processes.
|
||||
|
||||
* New user manager services systemd-nspawn@.service and
|
||||
systemd-vmspawn@.service and a machines.target unit to manage them
|
||||
have been added.
|
||||
|
||||
systemd-journald & journal-remote:
|
||||
|
||||
* journalctl's --setup-keys command now supports JSON output.
|
||||
@ -527,6 +531,9 @@ CHANGES WITH 258 in spe:
|
||||
* The DHCPv4 client in systemd-networkd now also supports BOOTP (via
|
||||
the new BOOTP= setting).
|
||||
|
||||
* The Local= setting in [Tunnel] section gained a new "dhcp_pd" value
|
||||
to allow setting the local address based on dhcp-pd addresses.
|
||||
|
||||
sd-varlink & sd-json:
|
||||
|
||||
* An API call sd_varlink_reset_fds() has been added that undoes the
|
||||
@ -739,12 +746,19 @@ CHANGES WITH 258 in spe:
|
||||
once automatic Secure Boot keys have been enrolled, i.e. whether to
|
||||
reboot or whether to shut down the system.
|
||||
|
||||
* There's a new LoaderSysFail EFI environment variable that userspace
|
||||
may set to an entry match pattern for systemd-boot. If set, and the
|
||||
system firmware reports some kind of system failure (for now this is
|
||||
pretty much only about failed firmware updates) the selected entry is
|
||||
booted into, instead of following the usual entry selection
|
||||
logic. bootctl gained a new "set-sysfail" verb to set this variable.
|
||||
* Userspace may set a new LoaderSysFail EFI variable. It is used by
|
||||
systemd-boot: when set and the system firmware reports some kind of
|
||||
system failure (for now this is pretty much only about failed
|
||||
firmware updates), systemd-boot will use the specified entry instead
|
||||
of following the usual fallback entry selection logic. bootctl gained
|
||||
a new "set-sysfail" verb to set this variable.
|
||||
|
||||
* systemd-boot will now set LoaderTpm2ActivePcrBanks EFI variable to
|
||||
let the userspace know which TPM2 PCR banks are available. This is
|
||||
more reliable then trying to figure this out through sysfs.
|
||||
|
||||
* systemd-stub will now also load global sysexts and confexts from
|
||||
ESP/loader/extensions/*.{sysext,confext}.raw.
|
||||
|
||||
systemd-nsresourced & systemd-mountfsd:
|
||||
|
||||
@ -818,16 +832,53 @@ CHANGES WITH 258 in spe:
|
||||
tweak the shell field of users bound into a container with
|
||||
--bind-user=….
|
||||
|
||||
systemd-vmspawn:
|
||||
|
||||
* A new --smbios11= switch may be used to pass an SMBIOS Type #11
|
||||
vendor string easily into the booted process. This has various uses,
|
||||
one of them is to add additional menu entries to systemd-boot for a
|
||||
specific invocation. Example:
|
||||
|
||||
--smbios11=io.systemd.boot.entries-extra:particleos-current.conf=$'title ParticleOS Current\nuki-url http://example.com/somedir/uki.efi'
|
||||
|
||||
* A new switch --grow-image= has been added taking a size in bytes. If
|
||||
specified, the image booted into is grown to the specified size if
|
||||
found to be smaller.
|
||||
|
||||
* systemd-vmspawn supports unprivileged networking now, using
|
||||
systemd-nsresourced's new API to acquire a TAP network device
|
||||
unprivileged.
|
||||
|
||||
* systemd-vmspawn now supports --slice and --property= settings,
|
||||
matching systemd-nspawn.
|
||||
|
||||
* A new --tpm-state= setting allows precise control of TPM state
|
||||
persistency.
|
||||
|
||||
* A new --notify-ready= setting can be used to specify whether to
|
||||
expect a READY=1 notification from the guest.
|
||||
|
||||
systemd-machined:
|
||||
|
||||
* systemd-machined now provides a comprehensive Varlink IPC API to its
|
||||
functionality.
|
||||
* systemd-machined now provides a comprehensive Varlink IPC API.
|
||||
|
||||
* The pidfd inode ID of a machine's leader process is now exposed as
|
||||
D-Bus property for machine objects, in addition to the PID. The inode
|
||||
ID is a 64bit unique identifier for a process that is not vulnerable
|
||||
to recycling issues.
|
||||
|
||||
* A new "org.freedesktop.machine1.register-machine" polkit action is
|
||||
used when checking for privileges to register a machine. Previously,
|
||||
"org.freedesktop.machine1.create-machine" was used for creation and
|
||||
registration operations. The policy for the new action is more
|
||||
permissive: active users are allowed to perform the action without
|
||||
authentication.
|
||||
|
||||
* systemd-machined now also tracks the "supervisor" process of a
|
||||
machine, i.e. the host process that manages the payload. This
|
||||
information is exposed through the Supervisor/SupervisorPIDFDId D-Bus
|
||||
properties and "supervisor"/supervisorProcessId" varlink properties.
|
||||
|
||||
systemd-measure, ukify, systemd-keyutil, systemd-sbsign:
|
||||
|
||||
* systemd-measure gained a new "policy-digest" verb. It's a lot like
|
||||
@ -966,22 +1017,24 @@ CHANGES WITH 258 in spe:
|
||||
|
||||
* systemd-homed gained two new bus API calls RegisterHome() and
|
||||
UnregisterHome() for registering a home locally by providing just the
|
||||
user record, without any logic to actually create the home
|
||||
directory. homectl gained "register" and "unregister" verbs exposing
|
||||
this. This is useful for registering network user accounts locally,
|
||||
i.e. where some foreign user record and home directory already exists
|
||||
on some server, and just need to be registered locally. This can be
|
||||
used like the following to make a local systemd-homed home directory
|
||||
securely accessible from some other system:
|
||||
user record, without any logic to actually create the home directory.
|
||||
homectl gained "register" and "unregister" verbs exposing this. This
|
||||
is useful for registering network user accounts locally, i.e. where
|
||||
some foreign user record and home directory already exists on some
|
||||
server, and just need to be registered locally. This can be used to
|
||||
make a local systemd-homed home directory securely accessible from
|
||||
some other system:
|
||||
|
||||
homectl update lennart --ssh-authorized-keys=… -N --storage=cifs --cifs-service="//$HOSTNAME/lennart"
|
||||
homectl get-signing-key | ssh targetsystem homectl add-signing-key --key-name="$HOSTNAME".public
|
||||
homectl inspect -E lennart | ssh targetsystem homectl register -
|
||||
ssh lennart@targetsystem
|
||||
$ homectl update lennart --ssh-authorized-keys=… -N \
|
||||
--storage=cifs --cifs-service="//$HOSTNAME/lennart"
|
||||
$ homectl get-signing-key |
|
||||
ssh targetsystem homectl add-signing-key --key-name="$HOSTNAME".public
|
||||
$ homectl inspect -E lennart |
|
||||
ssh targetsystem homectl register -
|
||||
$ ssh lennart@targetsystem
|
||||
|
||||
There's also a system credential home.register.* now that can execute
|
||||
the registration operation for a provided user record automatically
|
||||
at boot.
|
||||
There's also a new system credential 'home.register.*' that causes
|
||||
registration for the provided user record automatically at boot.
|
||||
|
||||
* homectl gained a new switch --seize= taking a boolean argument. If
|
||||
true when used together with the "create" or "register" verbs any
|
||||
@ -1112,7 +1165,8 @@ CHANGES WITH 258 in spe:
|
||||
after download. This may be used to boot directly into a disk image
|
||||
downloaded via HTTP via a kernel command line like this:
|
||||
|
||||
rd.systemd.pull=raw,machine,verify=no,blockdev:image:https://192.168.100.1:8081/image.raw root=/dev/disk/by-loop-ref/image.raw-part2
|
||||
rd.systemd.pull=raw,machine,verify=no,blockdev:image:https://192.168.100.1:8081/image.raw \
|
||||
root=/dev/disk/by-loop-ref/image.raw-part2
|
||||
|
||||
* systemd.pull=/rd.systemd.pull= also gained support for a new flag
|
||||
"bootorigin". If specified and if the system was network booted
|
||||
@ -1120,7 +1174,8 @@ CHANGES WITH 258 in spe:
|
||||
variable, see above), the URL to boot from is now automatically
|
||||
formed from the UKI network boot URL with a new suffix. Example:
|
||||
|
||||
rd.systemd.pull=raw,machine,verify=no,blockdev,bootorigin:rootdisk:image.raw.xz root=/dev/disk/by-loop-ref/rootdisk.raw-part2
|
||||
rd.systemd.pull=raw,machine,verify=no,blockdev,bootorigin:rootdisk:image.raw.xz \
|
||||
root=/dev/disk/by-loop-ref/rootdisk.raw-part2
|
||||
|
||||
* The systemd.pull=/rd.systemd.pull= switches now also support a new
|
||||
flag "runtime=", taking a boolean argument. If true the downloaded
|
||||
@ -1135,26 +1190,6 @@ CHANGES WITH 258 in spe:
|
||||
* systemd-importd gained support for downloading images compressed with
|
||||
zstd now, too. (In addition to .xz, .gz and .bz2.)
|
||||
|
||||
systemd-vmspawn:
|
||||
|
||||
* A new --smbios11= switch may be used to pass an SMBIOS Type #11
|
||||
vendor string easily into the booted process. This has various uses,
|
||||
one of them is to add additional menu entries to systemd-boot for a
|
||||
specific invocation. Example:
|
||||
|
||||
--smbios11=io.systemd.boot.entries-extra:particleos-current.conf=$'title ParticleOS Current\nuki-url http://example.com/somedir/uki.efi'
|
||||
|
||||
* A new switch --grow-image= has been added taking a size in bytes. If
|
||||
specified the image booted into is grown to the specified size if
|
||||
found to be smaller.
|
||||
|
||||
* systemd-vmspawn supports unprivileged network now, using
|
||||
systemd-nsresourced's new API to acquire a TAP network device
|
||||
unprivileged.
|
||||
|
||||
* A new --tpm-state= setting allows precise control of TPM state
|
||||
persistency.
|
||||
|
||||
Factory Reset:
|
||||
|
||||
* A new tool systemd-factory-reset has been added that may be used to
|
||||
@ -1208,6 +1243,24 @@ CHANGES WITH 258 in spe:
|
||||
partition is not automatically made used of as is, on any OS that
|
||||
supports GPT.
|
||||
|
||||
systemd-analyze:
|
||||
|
||||
* systemd-analyze gained a new "chid" verb, which shows the "Computer
|
||||
Hardware IDs" (CHIDs) of the local system. This is useful for
|
||||
preparing CHID-to-DeviceTree mappings when building UKIs.
|
||||
|
||||
* systemd-analyze gained a new "transient-settings" verb, which shows
|
||||
all unit settings one can configure dynamically via the
|
||||
"--property="/"-p" switch when invoking transient units.
|
||||
|
||||
* systemd-analyze gained a new "unit-shell" verb that invokes an
|
||||
interactive shell inside the namespaces of the main process
|
||||
of a specified unit. This is useful for debugging unit sandboxes, and
|
||||
getting an idea how things look like from the "inside" of a service.
|
||||
|
||||
* systemd-analyze gained a new "unit-gdb" verb to attach a debugger
|
||||
to a unit.
|
||||
|
||||
Other:
|
||||
|
||||
* systemd-ask-password now provides a small Varlink API to
|
||||
@ -1222,19 +1275,6 @@ CHANGES WITH 258 in spe:
|
||||
any of systemd's own service and has the intended effect of enabling
|
||||
debug logging if it gets automatically restarted.
|
||||
|
||||
* systemd-analyze gained a new "chid" verb, which shows the "Computer
|
||||
Hardware IDs" (CHIDs) of the local system. This is useful for
|
||||
preparing CHID-to-DeviceTree mappings when building UKIs.
|
||||
|
||||
* systemd-analyze gained a new "transient-settings" verb, which shows
|
||||
all unit settings one can configure dynamically via the "-p" switch
|
||||
when invoking transient units.
|
||||
|
||||
* systemd-analyze gained a new "unit-shell" verb that invokes an
|
||||
interactive shell inside the namespaces of the main process
|
||||
of a specified unit. This is useful for debugging unit sandboxes, and
|
||||
getting an idea how things look like from the "inside" of a service.
|
||||
|
||||
* The "package note" specification ELF binaries has been extended to
|
||||
cover PE binaries (i.e. UEFI binaries), too.
|
||||
|
||||
@ -1263,6 +1303,10 @@ CHANGES WITH 258 in spe:
|
||||
* systemd-detect & ConditionVirtualization= now recognize the "Arm
|
||||
Confidential Compute Architecture" (cca) confidential virtualization.
|
||||
|
||||
* systemd-detect-virt now correctly distinguishes between bare-metal
|
||||
and virtualized machines in Google Compute Engine, and will not
|
||||
report the former as virtualized.
|
||||
|
||||
* systemd-sysusers now generates Linux audit records when it adds
|
||||
system users.
|
||||
|
||||
@ -1742,7 +1786,7 @@ CHANGES WITH 257:
|
||||
exposing its functionality. This is an alternative to the
|
||||
pre-existing D-Bus interface.
|
||||
|
||||
systemd-resolved:
|
||||
systemd-resolved and resolvectl:
|
||||
|
||||
* The resolvconf command now supports '-p' switch. If specified, the
|
||||
interface will not be used as the default route for domain name
|
||||
@ -1751,6 +1795,10 @@ CHANGES WITH 257:
|
||||
* resolvectl now enables interactive polkit authorization. It gained a
|
||||
--no-ask-password option to suppress it.
|
||||
|
||||
* systemd-resolved now implements continuous mDNS querying as per
|
||||
RFC6762 §5.2. Clients can subscribe to the notification stream using
|
||||
varlink.
|
||||
|
||||
systemd-networkd and networkctl:
|
||||
|
||||
* IPv6 address labels can be also configured in a new [IPv6AddressLabel]
|
||||
@ -2282,8 +2330,8 @@ CHANGES WITH 256:
|
||||
considered obsolete and systemd by default will refuse to boot under
|
||||
it. To forcibly reenable cgroup v1 support,
|
||||
SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
|
||||
line. The meson option 'default-hierarchy=' is also deprecated, i.e.
|
||||
only cgroup v2 ('unified' hierarchy) can be selected as build-time
|
||||
line. The meson option '-Ddefault-hierarchy=' is also deprecated, and
|
||||
only cgroup v2 ('unified' hierarchy) can be selected as the build-time
|
||||
default.
|
||||
|
||||
* Support for System V service scripts is deprecated and will be
|
||||
|
||||
1
README
1
README
@ -212,6 +212,7 @@ REQUIREMENTS:
|
||||
newer though. TL;DR: turn audit off, still.
|
||||
|
||||
glibc >= 2.31
|
||||
libxcrypt or glibc (<= 2.38 built with --enable-crypt)
|
||||
libcap
|
||||
libmount >= 2.30 (from util-linux)
|
||||
(util-linux *must* be built without --enable-libmount-support-mtab)
|
||||
|
||||
@ -64,11 +64,35 @@
|
||||
<varlistentry>
|
||||
<term><varname>systemd.getty_auto=</varname></term>
|
||||
|
||||
<listitem><para>this options take an optional boolean argument, and default to yes.
|
||||
The generator is enabled by default, and a false value may be used to disable it.
|
||||
<listitem>
|
||||
<para>This kernel command line option may be used to control the execution mode of the generator.
|
||||
Takes an optional boolean argument. Since v258, this also takes comma-separated list of special
|
||||
values: <literal>credential</literal>, <literal>container</literal>, <literal>console</literal>,
|
||||
and <literal>builtin</literal>.</para>
|
||||
|
||||
<para>When <literal>credential</literal> is specified, the two credentials
|
||||
<varname>getty.ttys.serial</varname> and <varname>getty.ttys.container</varname> will be parsed.
|
||||
See System Credentials section below for more details.</para>
|
||||
|
||||
<para>When <literal>container</literal> is specified, <filename>console-getty.service</filename>
|
||||
and <filename>container-getty@.service</filename> will be enabled when the system is running in a
|
||||
container. This option will be ignored when the system is not in a container.</para>
|
||||
|
||||
<para>When <literal>console</literal> is specified, <filename>serial-getty@.service</filename> for
|
||||
active kernel consoles will be enabled. This option will be ignored when the system is running in a
|
||||
container.</para>
|
||||
|
||||
<para>When <literal>builtins</literal> is specified, <filename>serial-getty@.service</filename> for
|
||||
available virtualizer consoles will be enabled. This option will be ignored when the system is
|
||||
running in a container.</para>
|
||||
|
||||
<para>When yes, the above four options will be enabled. When no, all options are disabled and no
|
||||
service will be enabled. When the kernel command line option is specified without an argument,
|
||||
defaults to yes. The generator is enabled by default, and a false value may be used to disable it.
|
||||
</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v250"/></listitem>
|
||||
<xi:include href="version-info.xml" xpointer="v250"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
@ -80,11 +104,12 @@
|
||||
<varlistentry>
|
||||
<term><varname>$SYSTEMD_GETTY_AUTO</varname></term>
|
||||
|
||||
<listitem><para>This variable takes an optional boolean argument, and default to yes.
|
||||
The generator is enabled by default, and a false value may be used to disable it.
|
||||
</para>
|
||||
<listitem>
|
||||
<para>This environment variable may be used to control the execution mode of the generator.
|
||||
Takes the same value as <varname>systemd.getty_auto=</varname> kernel command line option.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v250"/></listitem>
|
||||
<xi:include href="version-info.xml" xpointer="v250"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
@ -93,6 +118,17 @@
|
||||
<title>System Credentials</title>
|
||||
|
||||
<variablelist class='system-credentials'>
|
||||
<varlistentry>
|
||||
<term><varname>getty.auto</varname></term>
|
||||
|
||||
<listitem>
|
||||
<para>The system credential may be used to control the execution mode of the generator.
|
||||
Takes the same value as <varname>systemd.getty_auto=</varname> kernel command line option.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v258"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>getty.ttys.serial</varname></term>
|
||||
<term><varname>getty.ttys.container</varname></term>
|
||||
@ -101,7 +137,7 @@
|
||||
TTYs. The two credentials should contain a newline-separated list of TTY names to spawn instances of
|
||||
<filename>serial-getty@.service</filename> (in case of <varname>getty.ttys.serial</varname>) and
|
||||
<filename>container-getty@.service</filename> (in case of <varname>getty.ttys.container</varname>)
|
||||
on.</para>
|
||||
on. Any lines starting with a <literal>#</literal> will be ignored.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -287,6 +287,15 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>getty.auto</varname></term>
|
||||
|
||||
<listitem><para>Used for controlling the execution mode of <filename>systemd-getty-generator</filename>. See
|
||||
<citerefentry><refentrytitle>systemd-getty-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v258"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>getty.ttys.serial</varname></term>
|
||||
<term><varname>getty.ttys.container</varname></term>
|
||||
|
||||
42
meson.build
42
meson.build
@ -685,15 +685,22 @@ conf.set('GPERF_LEN_TYPE', gperf_len_type,
|
||||
|
||||
#####################################################################
|
||||
|
||||
if not cc.has_header('sys/capability.h')
|
||||
error('POSIX caps headers not found')
|
||||
endif
|
||||
foreach header : ['crypt.h',
|
||||
foreach header : [
|
||||
'crypt.h',
|
||||
'sys/capability.h',
|
||||
]
|
||||
|
||||
if not cc.has_header(header)
|
||||
error('Header file @0@ not found.'.format(header))
|
||||
endif
|
||||
endforeach
|
||||
|
||||
foreach header : [
|
||||
'sys/sdt.h',
|
||||
'threads.h',
|
||||
'valgrind/memcheck.h',
|
||||
'valgrind/valgrind.h',
|
||||
]
|
||||
]
|
||||
|
||||
conf.set10('HAVE_' + header.underscorify().to_upper(),
|
||||
cc.has_header(header))
|
||||
@ -989,11 +996,6 @@ threads = dependency('threads')
|
||||
librt = cc.find_library('rt')
|
||||
libm = cc.find_library('m')
|
||||
libdl = cc.find_library('dl')
|
||||
libcrypt = dependency('libcrypt', 'libxcrypt', required : false)
|
||||
if not libcrypt.found()
|
||||
# fallback to use find_library() if libcrypt is provided by glibc, e.g. for LibreELEC.
|
||||
libcrypt = cc.find_library('crypt')
|
||||
endif
|
||||
libcap = dependency('libcap')
|
||||
|
||||
# On some architectures, libatomic is required. But on some installations,
|
||||
@ -1007,15 +1009,21 @@ else
|
||||
libatomic = []
|
||||
endif
|
||||
|
||||
crypt_header = conf.get('HAVE_CRYPT_H') == 1 ? '''#include <crypt.h>''' : '''#include <unistd.h>'''
|
||||
foreach ident : [
|
||||
['crypt_ra', crypt_header],
|
||||
['crypt_preferred_method', crypt_header],
|
||||
['crypt_gensalt_ra', crypt_header]]
|
||||
libcrypt = dependency('libcrypt', 'libxcrypt', required : false)
|
||||
if not libcrypt.found()
|
||||
# fallback to use find_library() if libcrypt is provided by glibc, e.g. for LibreELEC.
|
||||
libcrypt = cc.find_library('crypt')
|
||||
endif
|
||||
|
||||
have = cc.has_function(ident[0], prefix : ident[1], args : '-D_GNU_SOURCE',
|
||||
foreach func : [
|
||||
'crypt_ra', # since libxcrypt-4.0.0
|
||||
'crypt_gensalt_ra', # since libxcrypt-4.0.0
|
||||
'crypt_preferred_method', # since libxcrypt-4.4.0
|
||||
]
|
||||
|
||||
have = cc.has_function(func, prefix : '''#include <crypt.h>''', args : '-D_GNU_SOURCE',
|
||||
dependencies : libcrypt)
|
||||
conf.set10('HAVE_' + ident[0].to_upper(), have)
|
||||
conf.set10('HAVE_' + func.to_upper(), have)
|
||||
endforeach
|
||||
|
||||
bpf_framework = get_option('bpf-framework')
|
||||
|
||||
@ -82,7 +82,7 @@ int verb_unit_shell(int argc, char *argv[], void *userdata) {
|
||||
"(unit-shell-ns)",
|
||||
"(unit-shell)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds */ 0,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
pidns_fd,
|
||||
mntns_fd,
|
||||
|
||||
@ -291,7 +291,7 @@ static int files_add(
|
||||
|
||||
if (need_stat) {
|
||||
/* If we need to have stat, skip the entry. */
|
||||
log_debug_errno(SYNTHETIC_ERRNO(ENOENT), "Failed to chase '%s/%s', ignoring: %m",
|
||||
log_debug_errno(SYNTHETIC_ERRNO(ENOENT), "Failed to chase '%s/%s', ignoring.",
|
||||
root, skip_leading_slash(original_path));
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -1777,7 +1777,7 @@ int vt_restore(int fd) {
|
||||
assert(fd >= 0);
|
||||
|
||||
if (!isatty_safe(fd))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ENOTTY), "Asked to restore the VT for an fd that does not refer to a terminal: %m");
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ENOTTY), "Asked to restore the VT for an fd that does not refer to a terminal.");
|
||||
|
||||
if (ioctl(fd, KDSETMODE, KD_TEXT) < 0)
|
||||
RET_GATHER(ret, log_debug_errno(errno, "Failed to set VT to text mode, ignoring: %m"));
|
||||
@ -1804,7 +1804,7 @@ int vt_release(int fd, bool restore) {
|
||||
* VT-switching modes. */
|
||||
|
||||
if (!isatty_safe(fd))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ENOTTY), "Asked to release the VT for an fd that does not refer to a terminal: %m");
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ENOTTY), "Asked to release the VT for an fd that does not refer to a terminal.");
|
||||
|
||||
if (ioctl(fd, VT_RELDISP, 1) < 0)
|
||||
return -errno;
|
||||
|
||||
@ -236,7 +236,7 @@ static int acquire_boot_count_path(
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to extract filename from LoaderBootCountPath '%s': %m", path);
|
||||
if (r == 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL), "LoaderBootCountPath '%s' refers to the root directory: %m", path);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL), "LoaderBootCountPath '%s' refers to the root directory.", path);
|
||||
if (strlen(last) > (size_t) r)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "LoaderBootCountPath '%s' refers to directory path, refusing.", path);
|
||||
|
||||
|
||||
@ -22,6 +22,28 @@
|
||||
#define STUB_PAYLOAD_GUID \
|
||||
{ 0x55c5d1f8, 0x04cd, 0x46b5, { 0x8a, 0x20, 0xe5, 0x6c, 0xbb, 0x30, 0x52, 0xd0 } }
|
||||
|
||||
typedef struct {
|
||||
const void *addr;
|
||||
size_t len;
|
||||
const EFI_DEVICE_PATH *device_path;
|
||||
} ValidationContext;
|
||||
|
||||
static bool validate_payload(
|
||||
const void *ctx, const EFI_DEVICE_PATH *device_path, const void *file_buffer, size_t file_size) {
|
||||
|
||||
const ValidationContext *payload = ASSERT_PTR(ctx);
|
||||
|
||||
if (device_path != payload->device_path)
|
||||
return false;
|
||||
|
||||
/* Security arch (1) protocol does not provide a file buffer. Instead we are supposed to fetch the payload
|
||||
* ourselves, which is not needed as we already have everything in memory and the device paths match. */
|
||||
if (file_buffer && (file_buffer != payload->addr || file_size != payload->len))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static EFI_STATUS load_via_boot_services(
|
||||
EFI_HANDLE parent,
|
||||
EFI_LOADED_IMAGE_PROTOCOL* parent_loaded_image,
|
||||
@ -43,6 +65,19 @@ static EFI_STATUS load_via_boot_services(
|
||||
|
||||
_cleanup_free_ EFI_DEVICE_PATH* file_path = device_path_replace_node(parent_loaded_image->FilePath, NULL, &device_node.Header);
|
||||
|
||||
/* When running with shim < v16 and booting a UKI directly from it, without a second stage loader,
|
||||
* the shim verify protocol needs to be called or it will raise a security violation when starting
|
||||
* the image (e.g.: Fedora Cloud Base UKI). TODO: drop once support for shim < v16 is not needed. */
|
||||
if (!shim_loader_available())
|
||||
install_security_override(
|
||||
validate_payload,
|
||||
&(ValidationContext) {
|
||||
.addr = kernel->iov_base,
|
||||
.len = kernel->iov_len,
|
||||
.device_path = file_path,
|
||||
});
|
||||
|
||||
|
||||
err = BS->LoadImage(/* BootPolicy= */false,
|
||||
parent,
|
||||
file_path,
|
||||
@ -50,6 +85,9 @@ static EFI_STATUS load_via_boot_services(
|
||||
kernel->iov_len,
|
||||
&kernel_image);
|
||||
|
||||
if (!shim_loader_available())
|
||||
uninstall_security_override();
|
||||
|
||||
if (err != EFI_SUCCESS)
|
||||
return log_error_status(EFI_LOAD_ERROR, "Error loading inner kernel with shim: %m");
|
||||
|
||||
@ -131,7 +169,7 @@ EFI_STATUS linux_exec(
|
||||
*
|
||||
* See https://github.com/rhboot/shim/blob/main/README.md#shim-loader-protocol
|
||||
*/
|
||||
if (secure_boot_enabled() && shim_loader_available())
|
||||
if (secure_boot_enabled() && (shim_loader_available() || (shim_loaded() && security_override_available())))
|
||||
return load_via_boot_services(
|
||||
parent,
|
||||
parent_loaded_image,
|
||||
|
||||
@ -366,8 +366,8 @@ static void pe_locate_sections(
|
||||
n_section_table,
|
||||
section_names,
|
||||
validate_base,
|
||||
/* device_base */ NULL,
|
||||
/* device */ NULL,
|
||||
/* device_table = */ NULL,
|
||||
/* device = */ NULL,
|
||||
sections);
|
||||
|
||||
/* It doesn't make sense not to provide validate_base here */
|
||||
@ -386,8 +386,8 @@ static void pe_locate_sections(
|
||||
n_section_table,
|
||||
hwid_section_names,
|
||||
validate_base,
|
||||
/* device_table */ NULL,
|
||||
/* device */ NULL,
|
||||
/* device_table = */ NULL,
|
||||
/* device = */ NULL,
|
||||
hwids_section);
|
||||
|
||||
if (PE_SECTION_VECTOR_IS_SET(hwids_section)) {
|
||||
|
||||
@ -120,7 +120,7 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path, bool
|
||||
|
||||
err = open_directory(root_dir, path, &dir);
|
||||
if (err != EFI_SUCCESS)
|
||||
return log_error_status(err, "Failed opening keys directory %ls: %m", path);
|
||||
return log_error_status(err, "Failed to open keys directory %ls: %m", path);
|
||||
|
||||
struct {
|
||||
const char16_t *name;
|
||||
@ -140,7 +140,7 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path, bool
|
||||
FOREACH_ELEMENT(sb_var, sb_vars) {
|
||||
err = file_read(dir, sb_var->filename, 0, 0, &sb_var->buffer, &sb_var->size);
|
||||
if (err != EFI_SUCCESS && sb_var->required) {
|
||||
log_error_status(err, "Failed reading file %ls\\%ls: %m", path, sb_var->filename);
|
||||
log_error_status(err, "Failed to read file %ls\\%ls: %m", path, sb_var->filename);
|
||||
goto out_deallocate;
|
||||
}
|
||||
if (streq16(sb_var->name, u"PK") && sb_var->size > 20) {
|
||||
@ -161,7 +161,7 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path, bool
|
||||
}
|
||||
|
||||
if (need_custom_mode && !custom_mode_enabled()) {
|
||||
err = set_custom_mode(/* enable */ true);
|
||||
err = set_custom_mode(/* enable = */ true);
|
||||
if (err != EFI_SUCCESS) {
|
||||
log_error_status(err, "Failed to enable custom mode: %m");
|
||||
goto out_deallocate;
|
||||
@ -262,6 +262,7 @@ static EFIAPI EFI_STATUS security2_hook(
|
||||
* of their spec. But there is little else we can do to circumvent secure boot short of implementing our own
|
||||
* PE loader. We could replace the firmware instances with our own instance using
|
||||
* ReinstallProtocolInterface(), but some firmware will still use the old ones. */
|
||||
// TODO: now that there is a custom PE loader, this can be dropped once shim < v16 is no longer supported.
|
||||
void install_security_override(security_validator_t validator, const void *validator_ctx) {
|
||||
EFI_STATUS err;
|
||||
|
||||
@ -292,6 +293,14 @@ void install_security_override(security_validator_t validator, const void *valid
|
||||
}
|
||||
}
|
||||
|
||||
bool security_override_available(void) {
|
||||
EFI_SECURITY_ARCH_PROTOCOL *security;
|
||||
EFI_SECURITY2_ARCH_PROTOCOL *security2;
|
||||
|
||||
return BS->LocateProtocol(MAKE_GUID_PTR(EFI_SECURITY_ARCH_PROTOCOL), NULL, (void **) &security) == EFI_SUCCESS &&
|
||||
BS->LocateProtocol(MAKE_GUID_PTR(EFI_SECURITY2_ARCH_PROTOCOL), NULL, (void **) &security2) == EFI_SUCCESS;
|
||||
}
|
||||
|
||||
void uninstall_security_override(void) {
|
||||
if (security_override.original_hook)
|
||||
security_override.security->FileAuthenticationState = security_override.original_hook;
|
||||
|
||||
@ -31,6 +31,7 @@ typedef bool (*security_validator_t)(
|
||||
|
||||
void install_security_override(security_validator_t validator, const void *validator_ctx);
|
||||
void uninstall_security_override(void);
|
||||
bool security_override_available(void);
|
||||
|
||||
const char* secure_boot_enroll_to_string(secure_boot_enroll e) _const_;
|
||||
const char* secure_boot_enroll_action_to_string(secure_boot_enroll_action e) _const_;
|
||||
|
||||
@ -34,7 +34,7 @@ static int random_seed_verify_permissions(int fd, mode_t expected_type) {
|
||||
|
||||
if (((st.st_mode ^ expected_type) & S_IFMT) != 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EBADF),
|
||||
"Unexpected inode type when validating random seed access mode on %s: %m", full_path);
|
||||
"Unexpected inode type when validating random seed access mode on '%s'.", full_path);
|
||||
|
||||
if ((st.st_mode & 0007) == 0) /* All world bits are off? Then all is good */
|
||||
return 0;
|
||||
|
||||
@ -211,7 +211,7 @@ int bpf_restrict_ifaces_supported(void) {
|
||||
|
||||
int bpf_restrict_ifaces_install(Unit *u) {
|
||||
return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||
"restrict-interfaces: Failed to install; BPF programs built from source code are not supported: %m");
|
||||
"restrict-interfaces: Failed to install; BPF programs built from source code are not supported.");
|
||||
}
|
||||
|
||||
int bpf_restrict_ifaces_serialize(Unit *u, FILE *f, FDSet *fds) {
|
||||
|
||||
@ -921,7 +921,7 @@ int bus_init_private(Manager *m) {
|
||||
r = sockaddr_un_set_path(&sa.un, p);
|
||||
}
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed set socket path for private bus: %m");
|
||||
return log_error_errno(r, "Failed to set socket path for private bus: %m");
|
||||
sa_len = r;
|
||||
|
||||
(void) sockaddr_un_unlink(&sa.un);
|
||||
|
||||
@ -2791,7 +2791,7 @@ static int apply_exec_quotas(
|
||||
#define MAX_PROJ_ID_RETRIES 10
|
||||
for (unsigned attempt = 0;; attempt++) {
|
||||
if (attempt >= MAX_PROJ_ID_RETRIES)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EBUSY), "Failed to generate unique project ID for %s: %m", target_dir);
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EBUSY), "Failed to generate unique project ID for '%s'.", target_dir);
|
||||
|
||||
/* Check if project quotas are supported */
|
||||
struct dqblk req;
|
||||
@ -4608,7 +4608,7 @@ static int setup_delegated_namespaces(
|
||||
exec_namespace_is_delegated(context, params, have_cap_sys_admin, CLONE_NEWPID) == delegate) {
|
||||
if (params->pidref_transport_fd < 0) {
|
||||
*reterr_exit_status = EXIT_NAMESPACE;
|
||||
return log_error_errno(SYNTHETIC_ERRNO(ENOTCONN), "PidRef socket is not set up: %m");
|
||||
return log_error_errno(SYNTHETIC_ERRNO(ENOTCONN), "PidRef socket is not set up.");
|
||||
}
|
||||
|
||||
/* If we had CAP_SYS_ADMIN prior to joining the user namespace, then we are privileged and don't need
|
||||
|
||||
@ -1199,7 +1199,7 @@ void job_add_to_run_queue(Job *j) {
|
||||
|
||||
r = prioq_put(j->manager->run_queue, j, &j->run_queue_idx);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed put job in run queue, ignoring: %m");
|
||||
log_warning_errno(r, "Failed to put job in run queue, ignoring: %m");
|
||||
else
|
||||
j->in_run_queue = true;
|
||||
|
||||
|
||||
@ -1421,7 +1421,7 @@ static int os_release_status(void) {
|
||||
}
|
||||
}
|
||||
|
||||
if (support_end && os_release_support_ended(support_end, /* quiet */ false, NULL) > 0)
|
||||
if (support_end && os_release_support_ended(support_end, /* quiet = */ false, /* ret_eol = */ NULL) > 0)
|
||||
/* pretty_name may include the version already, so we'll print the version only if we
|
||||
* have it and we're not using pretty_name. */
|
||||
status_printf(ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL, 0,
|
||||
|
||||
@ -79,7 +79,7 @@ int mac_selinux_setup(bool *loaded_policy) {
|
||||
if (enforce > 0) {
|
||||
if (!initialized)
|
||||
return log_struct_errno(LOG_EMERG, SYNTHETIC_ERRNO(EIO),
|
||||
LOG_MESSAGE("Failed to load SELinux policy :%m"),
|
||||
LOG_MESSAGE("Failed to load SELinux policy."),
|
||||
LOG_MESSAGE_ID(SD_MESSAGE_SELINUX_FAILED_STR));
|
||||
|
||||
log_notice("Failed to load new SELinux policy. Continuing with old policy.");
|
||||
|
||||
@ -393,7 +393,7 @@ static void service_extend_event_source_timeout(Service *s, sd_event_source *sou
|
||||
if (r < 0) {
|
||||
const char *desc;
|
||||
(void) sd_event_source_get_description(s->timer_event_source, &desc);
|
||||
log_unit_warning_errno(UNIT(s), r, "Failed to set timeout time for event source '%s', ignoring %m", strna(desc));
|
||||
log_unit_warning_errno(UNIT(s), r, "Failed to set timeout time for event source '%s', ignoring: %m", strna(desc));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1578,7 +1578,7 @@ static int socket_address_listen_in_cgroup(
|
||||
|
||||
r = unit_setup_exec_runtime(UNIT(s));
|
||||
if (r < 0)
|
||||
return log_unit_error_errno(UNIT(s), r, "Failed acquire runtime: %m");
|
||||
return log_unit_error_errno(UNIT(s), r, "Failed to acquire runtime: %m");
|
||||
|
||||
if (s->exec_context.network_namespace_path &&
|
||||
s->exec_runtime &&
|
||||
|
||||
@ -188,7 +188,7 @@ int enroll_password(
|
||||
}
|
||||
}
|
||||
|
||||
r = check_password_quality(new_password, /* old */ NULL, /* user */ NULL, &error);
|
||||
r = check_password_quality(new_password, /* old = */ NULL, /* user = */ NULL, &error);
|
||||
if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
|
||||
log_warning("Password quality check is not supported, proceeding anyway.");
|
||||
else if (r < 0)
|
||||
|
||||
@ -1556,7 +1556,7 @@ static int action_list_or_mtree_or_copy_or_make_archive(DissectedImage *m, LoopD
|
||||
* the mounts are done in a mount namespace there's not going to be a collision here */
|
||||
r = get_common_dissect_directory(&t);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed generate private mount directory: %m");
|
||||
return log_error_errno(r, "Failed to generate private mount directory: %m");
|
||||
|
||||
r = dissected_image_mount_and_warn(
|
||||
m,
|
||||
|
||||
@ -824,7 +824,7 @@ static int prompt_root_password(int rfd) {
|
||||
break;
|
||||
}
|
||||
|
||||
r = check_password_quality(*a, /* old */ NULL, "root", &error);
|
||||
r = check_password_quality(*a, /* old = */ NULL, "root", &error);
|
||||
if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
|
||||
log_warning("Password quality check is not supported, proceeding anyway.");
|
||||
else if (r < 0)
|
||||
|
||||
@ -21,17 +21,27 @@
|
||||
#include "unit-name.h"
|
||||
#include "virt.h"
|
||||
|
||||
static const char *arg_dest = NULL;
|
||||
static bool arg_enabled = true;
|
||||
typedef enum {
|
||||
GETTY_SOURCE_NONE = 0,
|
||||
GETTY_SOURCE_CREDENTIAL = 1 << 0,
|
||||
GETTY_SOURCE_CONTAINER = 1 << 1,
|
||||
GETTY_SOURCE_CONSOLE = 1 << 2,
|
||||
GETTY_SOURCE_BUILTIN = 1 << 3,
|
||||
GETTY_SOURCE_ALL = GETTY_SOURCE_CREDENTIAL | GETTY_SOURCE_CONTAINER | GETTY_SOURCE_CONSOLE | GETTY_SOURCE_BUILTIN,
|
||||
} GettySourceFlag;
|
||||
|
||||
static int add_getty_impl(const char *tty, const char *type, const char *unit_path) {
|
||||
static const char *arg_dest = NULL;
|
||||
static GettySourceFlag arg_getty_sources = GETTY_SOURCE_ALL;
|
||||
|
||||
static int add_getty_impl(const char *tty, const char *path, const char *type, const char *unit_path) {
|
||||
int r;
|
||||
|
||||
assert(type);
|
||||
assert(path);
|
||||
assert(unit_path);
|
||||
|
||||
if (!filename_is_valid(tty)) {
|
||||
log_debug("Invalid %s tty device specified, ignoring: %s", type, tty);
|
||||
log_debug("Invalid %s tty device specified, ignoring: %s", type, path);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -45,17 +55,23 @@ static int add_getty_impl(const char *tty, const char *type, const char *unit_pa
|
||||
return generator_add_symlink_full(arg_dest, "getty.target", "wants", unit_path, instance);
|
||||
}
|
||||
|
||||
static int add_serial_getty(const char *tty) {
|
||||
tty = skip_dev_prefix(ASSERT_PTR(tty));
|
||||
return add_getty_impl(tty, "serial", SYSTEM_DATA_UNIT_DIR "/serial-getty@.service");
|
||||
static int add_serial_getty(const char *path) {
|
||||
const char *tty = skip_dev_prefix(ASSERT_PTR(path));
|
||||
return add_getty_impl(tty, path, "serial", SYSTEM_DATA_UNIT_DIR "/serial-getty@.service");
|
||||
}
|
||||
|
||||
static int add_container_getty(const char *tty) {
|
||||
if (is_path(tty))
|
||||
/* Check if it is actually a pty. */
|
||||
tty = path_startswith(skip_dev_prefix(tty), "pts/");
|
||||
static int add_container_getty(const char *tty_or_path) {
|
||||
const char *tty;
|
||||
|
||||
return add_getty_impl(tty, "container", SYSTEM_DATA_UNIT_DIR "/container-getty@.service");
|
||||
assert(tty_or_path);
|
||||
|
||||
if (is_path(tty_or_path))
|
||||
/* Check if it is actually a pty. */
|
||||
tty = path_startswith(skip_dev_prefix(tty_or_path), "pts/");
|
||||
else
|
||||
tty = tty_or_path;
|
||||
|
||||
return add_getty_impl(tty, tty_or_path, "container", SYSTEM_DATA_UNIT_DIR "/container-getty@.service");
|
||||
}
|
||||
|
||||
static int verify_tty(const char *path) {
|
||||
@ -159,24 +175,101 @@ static int add_credential_gettys(void) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int parse_getty_sources(const char *s, GettySourceFlag *ret) {
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
|
||||
if (isempty(s)) {
|
||||
*ret = GETTY_SOURCE_ALL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = parse_boolean(s);
|
||||
if (r >= 0) {
|
||||
*ret = r ? GETTY_SOURCE_ALL : GETTY_SOURCE_NONE;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct {
|
||||
GettySourceFlag flag;
|
||||
const char *str;
|
||||
} table[] = {
|
||||
{ GETTY_SOURCE_CREDENTIAL, "credential", },
|
||||
{ GETTY_SOURCE_CONTAINER, "container", },
|
||||
{ GETTY_SOURCE_CONSOLE, "console", },
|
||||
{ GETTY_SOURCE_BUILTIN, "builtin", },
|
||||
};
|
||||
|
||||
GettySourceFlag flags = 0;
|
||||
for (const char *p = s;;) {
|
||||
_cleanup_free_ char *word = NULL;
|
||||
|
||||
r = extract_first_word(&p, &word, ",", /* flags = */ 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
break;
|
||||
|
||||
bool found = false;
|
||||
FOREACH_ELEMENT(i, table)
|
||||
if (streq(word, i->str)) {
|
||||
flags |= i->flag;
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!found)
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
*ret = flags;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
|
||||
int r;
|
||||
|
||||
assert(key);
|
||||
|
||||
if (proc_cmdline_key_streq(key, "systemd.getty_auto")) {
|
||||
r = value ? parse_boolean(value) : 1;
|
||||
r = parse_getty_sources(value, &arg_getty_sources);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to parse getty_auto switch \"%s\", ignoring: %m", value);
|
||||
else
|
||||
arg_enabled = r;
|
||||
log_warning_errno(r, "Failed to parse systemd.getty_auto= kernel command line option, ignoring: %s", value);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void parse_env(void) {
|
||||
_cleanup_free_ char *value = NULL;
|
||||
int r;
|
||||
|
||||
r = getenv_for_pid(1, "SYSTEMD_GETTY_AUTO", &value);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to parse $SYSTEMD_GETTY_AUTO environment variable, ignoring: %m");
|
||||
else if (r > 0) {
|
||||
r = parse_getty_sources(value, &arg_getty_sources);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to parse $SYSTEMD_GETTY_AUTO environment variable, ignoring: %s", value);
|
||||
}
|
||||
}
|
||||
|
||||
static void parse_credentials(void) {
|
||||
_cleanup_free_ char *value = NULL;
|
||||
int r;
|
||||
|
||||
r = read_credential_with_decryption("getty.auto", (void**) &value, /* ret_size = */ NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to read credential 'getty.auto', ignoring: %m");
|
||||
else if (r > 0) {
|
||||
r = parse_getty_sources(value, &arg_getty_sources);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Invalid 'getty.auto' credential, ignoring: %s", value);
|
||||
}
|
||||
}
|
||||
|
||||
static int run(const char *dest, const char *dest_early, const char *dest_late) {
|
||||
_cleanup_free_ char *getty_auto = NULL;
|
||||
int r;
|
||||
|
||||
assert_se(arg_dest = dest);
|
||||
@ -190,32 +283,31 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
|
||||
|
||||
r = getenv_for_pid(1, "SYSTEMD_GETTY_AUTO", &getty_auto);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to parse $SYSTEMD_GETTY_AUTO environment variable, ignoring: %m");
|
||||
else if (r > 0) {
|
||||
r = parse_boolean(getty_auto);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to parse $SYSTEMD_GETTY_AUTO value \"%s\", ignoring: %m", getty_auto);
|
||||
else
|
||||
arg_enabled = r;
|
||||
}
|
||||
parse_env();
|
||||
parse_credentials();
|
||||
|
||||
if (!arg_enabled) {
|
||||
if (arg_getty_sources == GETTY_SOURCE_NONE) {
|
||||
log_debug("Disabled, exiting.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (FLAGS_SET(arg_getty_sources, GETTY_SOURCE_CREDENTIAL)) {
|
||||
r = add_credential_gettys();
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (detect_container() > 0)
|
||||
if (detect_container() > 0) {
|
||||
/* Add console shell and look at $container_ttys, but don't do add any
|
||||
* further magic if we are in a container. */
|
||||
if (FLAGS_SET(arg_getty_sources, GETTY_SOURCE_CONTAINER))
|
||||
return run_container();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Automatically add in a serial getty on all active kernel consoles */
|
||||
if (FLAGS_SET(arg_getty_sources, GETTY_SOURCE_CONSOLE)) {
|
||||
_cleanup_strv_free_ char **consoles = NULL;
|
||||
r = get_kernel_consoles(&consoles);
|
||||
if (r < 0)
|
||||
@ -234,8 +326,10 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
/* Automatically add a serial getty to each available virtualizer console. */
|
||||
if (FLAGS_SET(arg_getty_sources, GETTY_SOURCE_BUILTIN))
|
||||
FOREACH_STRING(j,
|
||||
"hvc0",
|
||||
"xvc0",
|
||||
|
||||
@ -135,7 +135,7 @@ static int add_pkcs11_encrypted_key(
|
||||
|
||||
r = sd_json_variant_append_array(&l, e);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed append PKCS#11 encrypted key: %m");
|
||||
return log_error_errno(r, "Failed to append PKCS#11 encrypted key: %m");
|
||||
|
||||
r = sd_json_variant_set_field(&w, "pkcs11EncryptedKey", l);
|
||||
if (r < 0)
|
||||
|
||||
@ -31,7 +31,7 @@ static int add_privileged(sd_json_variant **v, const char *hashed) {
|
||||
|
||||
r = sd_json_variant_append_array(&l, e);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed append recovery key: %m");
|
||||
return log_error_errno(r, "Failed to append recovery key: %m");
|
||||
|
||||
r = sd_json_variant_set_field(&w, "recoveryKey", l);
|
||||
if (r < 0)
|
||||
|
||||
@ -2623,7 +2623,7 @@ static int acquire_group_list(char ***ret) {
|
||||
if (r == -ESRCH)
|
||||
break;
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed acquire next group: %m");
|
||||
return log_debug_errno(r, "Failed to acquire next group: %m");
|
||||
|
||||
if (group_record_disposition(gr) == USER_REGULAR) {
|
||||
_cleanup_(user_record_unrefp) UserRecord *ur = NULL;
|
||||
@ -5227,7 +5227,7 @@ static int verb_list_signing_keys(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_free_ void *der = NULL;
|
||||
int n = i2d_PUBKEY(key, (unsigned char**) &der);
|
||||
if (n < 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to encode key as DER: %m");
|
||||
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to encode key as DER.");
|
||||
|
||||
ssize_t m = base64mem(der, MIN(n, 64), &h);
|
||||
if (m < 0)
|
||||
|
||||
@ -49,7 +49,7 @@ int home_setup_cifs(
|
||||
|
||||
r = parse_cifs_service(h->cifs_service, &chost, &cservice, &cdir);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed parse CIFS service specification: %m");
|
||||
return log_error_errno(r, "Failed to parse CIFS service specification: %m");
|
||||
|
||||
/* Just the host and service part, without the directory */
|
||||
chost_and_service = strjoin("//", chost, "/", cservice);
|
||||
|
||||
@ -415,7 +415,7 @@ int home_setup_fscrypt(
|
||||
FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_REOPEN_LOG,
|
||||
NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed install encryption key in user's keyring: %m");
|
||||
return log_error_errno(r, "Failed to install encryption key in user's keyring: %m");
|
||||
if (r == 0) {
|
||||
/* Child */
|
||||
|
||||
|
||||
@ -1227,7 +1227,7 @@ static int open_image_file(
|
||||
if (!S_ISREG(st.st_mode) && !S_ISBLK(st.st_mode))
|
||||
return log_error_errno(
|
||||
S_ISDIR(st.st_mode) ? SYNTHETIC_ERRNO(EISDIR) : SYNTHETIC_ERRNO(EBADFD),
|
||||
"Image file %s is not a regular file or block device: %m", ip);
|
||||
"Image file %s is not a regular file or block device.", ip);
|
||||
|
||||
/* Locking block devices doesn't really make sense, as this might interfere with
|
||||
* udev's workings, and these locks aren't network propagated anyway, hence not what
|
||||
@ -2731,7 +2731,7 @@ static int prepare_resize_partition(
|
||||
|
||||
r = sd_id128_from_string(disk_uuid_as_string, &disk_uuid);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed parse disk UUID: %m");
|
||||
return log_error_errno(r, "Failed to parse disk UUID: %m");
|
||||
|
||||
r = fdisk_get_partitions(c, &t);
|
||||
if (r < 0)
|
||||
|
||||
@ -63,7 +63,7 @@ int user_record_check_password_quality(
|
||||
continue;
|
||||
|
||||
/* If there are no old passwords, let's call check_password_quality() without any. */
|
||||
r = check_password_quality(*pp, /* old */ NULL, hr->user_name, &auxerror);
|
||||
r = check_password_quality(*pp, /* old = */ NULL, hr->user_name, &auxerror);
|
||||
if (r <= 0)
|
||||
goto error;
|
||||
}
|
||||
|
||||
@ -636,7 +636,7 @@ static const char* fallback_chassis_by_acpi(Context *c) {
|
||||
|
||||
r = device_get_sysattr_unsigned(c->device_acpi, "pm_profile", &t);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed read/parse ACPI PM profile, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to read/parse ACPI PM profile, ignoring: %m");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
@ -249,7 +249,7 @@ static int import_fs(int argc, char *argv[], void *userdata) {
|
||||
(arg_read_only ? INSTALL_READ_ONLY : 0) |
|
||||
(arg_sync ? INSTALL_SYNCFS : 0));
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed install directory as '%s': %m", final_path);
|
||||
return log_error_errno(r, "Failed to install directory as '%s': %m", final_path);
|
||||
|
||||
temp_path = mfree(temp_path);
|
||||
|
||||
|
||||
@ -63,14 +63,14 @@ static int parse_pull_expression(const char *v) {
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to extract option string from pull expression '%s': %m", v);
|
||||
if (r == 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No option string in pull expression '%s': %m", v);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No option string in pull expression '%s'.", v);
|
||||
|
||||
_cleanup_free_ char *local = NULL;
|
||||
r = extract_first_word(&p, &local, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to extract local name from pull expression '%s': %m", v);
|
||||
if (r == 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No local string in pull expression '%s': %m", v);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No local string in pull expression '%s'.", v);
|
||||
|
||||
_cleanup_free_ char *remote = strdup(p);
|
||||
if (!remote)
|
||||
|
||||
@ -274,7 +274,7 @@ static int import_tar(int argc, char *argv[], void *userdata) {
|
||||
return log_error_errno(r, "Cannot extract container name from filename: %m");
|
||||
if (r == O_DIRECTORY)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EISDIR),
|
||||
"Path '%s' refers to directory, but we need a regular file: %m", path);
|
||||
"Path '%s' refers to directory, but we need a regular file.", path);
|
||||
|
||||
local = fn;
|
||||
}
|
||||
@ -353,7 +353,7 @@ static int import_raw(int argc, char *argv[], void *userdata) {
|
||||
return log_error_errno(r, "Cannot extract container name from filename: %m");
|
||||
if (r == O_DIRECTORY)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EISDIR),
|
||||
"Path '%s' refers to directory, but we need a regular file: %m", path);
|
||||
"Path '%s' refers to directory, but we need a regular file.", path);
|
||||
|
||||
local = fn;
|
||||
}
|
||||
|
||||
@ -713,7 +713,7 @@ static int manager_new(Manager **ret) {
|
||||
|
||||
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
r = sd_event_set_watchdog(m->event, true);
|
||||
if (r < 0)
|
||||
|
||||
@ -682,7 +682,7 @@ static int parse_config(void) {
|
||||
{ "Upload", "TrustedCertificateFile", config_parse_path_or_ignore, 0, &arg_trust },
|
||||
{ "Upload", "NetworkTimeoutSec", config_parse_sec, 0, &arg_network_timeout_usec },
|
||||
{ "Upload", "Header", config_parse_header, 0, &arg_headers },
|
||||
{ "Upload", "Compression", config_parse_compression, /* with_level */ true, &arg_compression },
|
||||
{ "Upload", "Compression", config_parse_compression, /* with_level = */ true, &arg_compression },
|
||||
{ "Upload", "ForceCompression", config_parse_bool, 0, &arg_force_compression },
|
||||
{}
|
||||
};
|
||||
|
||||
@ -84,7 +84,7 @@ int client_context_read_log_filter_patterns(ClientContext *c, const char *cgroup
|
||||
const char *deny_list_xattr = memchr(xattr, (char)0xff, xattr_size);
|
||||
if (!deny_list_xattr)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
|
||||
"Missing delimiter in cgroup user.journald_log_filter_patterns attribute: %m");
|
||||
"Missing delimiter in cgroup user.journald_log_filter_patterns attribute.");
|
||||
|
||||
_cleanup_set_free_ Set *allow_list = NULL;
|
||||
r = client_parse_log_filter_nulstr(xattr, deny_list_xattr - xattr, &allow_list);
|
||||
|
||||
@ -377,7 +377,7 @@ int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_sig
|
||||
manager_reopen_journals(m, &old);
|
||||
|
||||
log_info("Config file reloaded.");
|
||||
(void) sd_notify(/* unset_environment */ false, NOTIFY_READY_MESSAGE);
|
||||
(void) sd_notify(/* unset_environment = */ false, NOTIFY_READY_MESSAGE);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1467,7 +1467,7 @@ int manager_relinquish_var(Manager *m) {
|
||||
|
||||
log_debug("Relinquishing %s...", m->system_storage.path);
|
||||
|
||||
(void) manager_system_journal_open(m, /* flush_requested */ false, /* relinquish_requested=*/ true);
|
||||
(void) manager_system_journal_open(m, /* flush_requested = */ false, /* relinquish_requested = */ true);
|
||||
|
||||
m->system_journal = journal_file_offline_close(m->system_journal);
|
||||
ordered_hashmap_clear(m->user_journals);
|
||||
@ -2290,7 +2290,7 @@ void manager_reopen_journals(Manager *m, const JournalConfig *old) {
|
||||
(void) manager_system_journal_open(m, /* flush_requested = */ false, /* relinquish_requested = */ false);
|
||||
|
||||
/* To make the storage related settings applied, vacuum the storage. */
|
||||
manager_vacuum(m, /* verbose */ false);
|
||||
manager_vacuum(m, /* verbose = */ false);
|
||||
}
|
||||
|
||||
int manager_new(Manager **ret) {
|
||||
|
||||
@ -61,14 +61,14 @@ int ndisc_redirect_parse(sd_ndisc *nd, sd_ndisc_redirect *rd) {
|
||||
* The ICMP Destination Address field in the redirect message does not contain a multicast address. */
|
||||
if (in6_addr_is_null(&rd->destination_address) || in6_addr_is_multicast(&rd->destination_address))
|
||||
return log_ndisc_errno(nd, SYNTHETIC_ERRNO(EBADMSG),
|
||||
"Received Redirect message with an invalid destination address, ignoring datagram: %m");
|
||||
"Received Redirect message with an invalid destination address, ignoring datagram.");
|
||||
|
||||
/* RFC 4861 section 8.1
|
||||
* The ICMP Target Address is either a link-local address (when redirected to a router) or the same
|
||||
* as the ICMP Destination Address (when redirected to the on-link destination). */
|
||||
if (!in6_addr_is_link_local(&rd->target_address) && !in6_addr_equal(&rd->target_address, &rd->destination_address))
|
||||
return log_ndisc_errno(nd, SYNTHETIC_ERRNO(EBADMSG),
|
||||
"Received Redirect message with an invalid target address, ignoring datagram: %m");
|
||||
"Received Redirect message with an invalid target address, ignoring datagram.");
|
||||
|
||||
r = ndisc_parse_options(rd->packet, &rd->options);
|
||||
if (r < 0)
|
||||
|
||||
@ -309,7 +309,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
|
||||
if (hw_addr.length != sizeof(struct ether_addr))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||
"Unsupported hardware address length %zu: %m",
|
||||
"Unsupported hardware address length %zu.",
|
||||
hw_addr.length);
|
||||
|
||||
arg_source_mac = hw_addr.ether;
|
||||
|
||||
@ -85,11 +85,11 @@ int bus_container_connect_socket(sd_bus *b) {
|
||||
if (n > 0) {
|
||||
if (n != sizeof(error_buf))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
|
||||
"Read error status of unexpected length %zd from (sd-buscntr): %m", n);
|
||||
"Read error status of unexpected length %zd from (sd-buscntr).", n);
|
||||
|
||||
if (error_buf < 0)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
|
||||
"Got unexpected error status from (sd-buscntr): %m");
|
||||
"Got unexpected error status from (sd-buscntr).");
|
||||
|
||||
if (error_buf == EINPROGRESS)
|
||||
return 1;
|
||||
|
||||
@ -3631,7 +3631,7 @@ static int process_timer(
|
||||
* again. */
|
||||
assert(s->ratelimited);
|
||||
|
||||
r = event_source_leave_ratelimit(s, /* run_callback */ true);
|
||||
r = event_source_leave_ratelimit(s, /* run_callback = */ true);
|
||||
if (r < 0)
|
||||
return r;
|
||||
else if (r == 1)
|
||||
@ -5116,7 +5116,7 @@ _public_ int sd_event_source_set_ratelimit(sd_event_source *s, uint64_t interval
|
||||
|
||||
/* When ratelimiting is configured we'll always reset the rate limit state first and start fresh,
|
||||
* non-ratelimited. */
|
||||
r = event_source_leave_ratelimit(s, /* run_callback */ false);
|
||||
r = event_source_leave_ratelimit(s, /* run_callback = */ false);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -5179,7 +5179,7 @@ _public_ int sd_event_source_leave_ratelimit(sd_event_source *s) {
|
||||
if (!s->ratelimited)
|
||||
return 0;
|
||||
|
||||
r = event_source_leave_ratelimit(s, /* run_callback */ false);
|
||||
r = event_source_leave_ratelimit(s, /* run_callback = */ false);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
||||
@ -255,7 +255,7 @@ int journal_directory_vacuum(
|
||||
|
||||
r = journal_file_empty(dirfd(d), p);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed check if %s is empty, ignoring: %m", p);
|
||||
log_debug_errno(r, "Failed to check if %s is empty, ignoring: %m", p);
|
||||
continue;
|
||||
}
|
||||
if (r > 0) {
|
||||
|
||||
@ -134,7 +134,7 @@ static int journal_corrupt_and_append(uint64_t start_offset, uint64_t step) {
|
||||
r = journal_append_message(mj, message);
|
||||
if (r < 0) {
|
||||
/* We care only about crashes or sanitizer errors,
|
||||
* failed write without any crash is a success */
|
||||
* failing to write without any crash is a success */
|
||||
log_info_errno(r, "Failed to write to the journal: %m");
|
||||
break;
|
||||
}
|
||||
|
||||
@ -3480,7 +3480,7 @@ _public_ int sd_varlink_server_add_connection_pair(
|
||||
ucred = *override_ucred;
|
||||
else {
|
||||
if (input_fd != output_fd)
|
||||
return varlink_server_log_errno(server, SYNTHETIC_ERRNO(EOPNOTSUPP), "Cannot determine peer identity of connection with separate input/output, refusing: %m");
|
||||
return varlink_server_log_errno(server, SYNTHETIC_ERRNO(EOPNOTSUPP), "Cannot determine peer identity of connection with separate input/output, refusing.");
|
||||
|
||||
r = getpeercred(input_fd, &ucred);
|
||||
if (r < 0)
|
||||
|
||||
@ -304,7 +304,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) {
|
||||
|
||||
f = fopen("/usr/share/X11/xkb/rules/base.lst", "re");
|
||||
if (!f)
|
||||
return log_error_errno(errno, "Failed to open keyboard mapping list. %m");
|
||||
return log_error_errno(errno, "Failed to open keyboard mapping list: %m");
|
||||
|
||||
if (streq(argv[0], "list-x11-keymap-models"))
|
||||
look_for = MODELS;
|
||||
|
||||
@ -734,7 +734,7 @@ static int session_dispatch_stop_on_idle(sd_event_source *source, uint64_t t, vo
|
||||
if (idle) {
|
||||
log_info("Session \"%s\" of user \"%s\" is idle, stopping.", s->id, s->user->user_record->user_name);
|
||||
|
||||
return session_stop(s, /* force */ true);
|
||||
return session_stop(s, /* force = */ true);
|
||||
}
|
||||
|
||||
r = sd_event_source_set_time(
|
||||
|
||||
@ -107,11 +107,11 @@ static int wall_message_timeout_handler(
|
||||
if (next > 0) {
|
||||
r = sd_event_source_set_time(s, n + next);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "sd_event_source_set_time() failed. %m");
|
||||
return log_error_errno(r, "sd_event_source_set_time() failed: %m");
|
||||
|
||||
r = sd_event_source_set_enabled(s, SD_EVENT_ONESHOT);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "sd_event_source_set_enabled() failed. %m");
|
||||
return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
@ -99,7 +99,7 @@ static int manager_new(Manager **ret) {
|
||||
|
||||
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
(void) sd_event_set_watchdog(m->event, true);
|
||||
|
||||
|
||||
@ -1812,7 +1812,7 @@ _public_ PAM_EXTERN int pam_sm_close_session(
|
||||
/* desktop= */ NULL,
|
||||
/* area= */ NULL,
|
||||
&debug,
|
||||
/* default_capability_bounding_set */ NULL,
|
||||
/* default_capability_bounding_set= */ NULL,
|
||||
/* default_capability_ambient_set= */ NULL) < 0)
|
||||
return PAM_SESSION_ERR;
|
||||
|
||||
|
||||
@ -94,7 +94,7 @@ int manager_new(Manager **ret) {
|
||||
|
||||
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
r = sd_event_set_watchdog(m->event, true);
|
||||
if (r < 0)
|
||||
@ -182,7 +182,7 @@ static int start_one_worker(Manager *m) {
|
||||
}
|
||||
|
||||
r = invoke_callout_binary(SYSTEMD_MOUNTWORK_PATH, STRV_MAKE("systemd-mountwork", "xxxxxxxxxxxxxxxx")); /* With some extra space rename_process() can make use of */
|
||||
log_error_errno(r, "Failed start worker process: %m");
|
||||
log_error_errno(r, "Failed to start worker process: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
|
||||
@ -1187,7 +1187,7 @@ static int run(int argc, char *argv[]) {
|
||||
if (r == -ESRCH)
|
||||
return log_error_errno(r, "Parent already died?");
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to send SIGUSR2 signal to parent. %m");
|
||||
return log_error_errno(r, "Failed to send SIGUSR2 signal to parent: %m");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -887,7 +887,7 @@ static int parse_cmdline_ip_interface(Context *context, const char *value) {
|
||||
return log_debug_errno(r < 0 ? r : SYNTHETIC_ERRNO(EINVAL), "Failed to parse interface name in ip=%s: %m", value);
|
||||
|
||||
if (isempty(ifname))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Missing interface name in ip=%s: %m", value);
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Missing interface name in ip=%s.", value);
|
||||
|
||||
r = extract_first_word(&p, &dhcp_type, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
|
||||
if (r <= 0)
|
||||
|
||||
@ -998,7 +998,7 @@ static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) {
|
||||
|
||||
if (key_len != MACSEC_KEYID_LEN)
|
||||
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
|
||||
"Invalid key length (%zu bytes), ignoring: %m", key_len);
|
||||
"Invalid key length (%zu bytes), ignoring.", key_len);
|
||||
|
||||
explicit_bzero_safe(sa->key, sa->key_len);
|
||||
free_and_replace(sa->key, key);
|
||||
|
||||
@ -66,7 +66,7 @@ static int get_config_files_by_name(
|
||||
_cleanup_free_ char *path = NULL;
|
||||
int r;
|
||||
|
||||
assert(name);
|
||||
assert(filename_is_valid(name));
|
||||
assert(ret_path);
|
||||
|
||||
STRV_FOREACH(i, NETWORK_DIRS) {
|
||||
@ -520,12 +520,15 @@ int verb_edit(int argc, char *argv[], void *userdata) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!filename_is_valid(*name))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid config filename: %s", *name);
|
||||
|
||||
if (ENDSWITH_SET(*name, ".network", ".netdev"))
|
||||
reload |= RELOAD_NETWORKD;
|
||||
else if (endswith(*name, ".link"))
|
||||
reload |= RELOAD_UDEVD;
|
||||
else
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid network config name '%s'.", *name);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Network config of unknown type: %s", *name);
|
||||
|
||||
r = get_config_files_by_name(*name, /* allow_masked = */ false, &path, &dropins);
|
||||
if (r == -ERFKILL)
|
||||
@ -642,6 +645,9 @@ int verb_cat(int argc, char *argv[], void *userdata) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!filename_is_valid(*name) || !ENDSWITH_SET(*name, ".network", ".netdev", ".link"))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid network config name: %s", *name);
|
||||
|
||||
_cleanup_strv_free_ char **dropins = NULL;
|
||||
_cleanup_free_ char *path = NULL;
|
||||
|
||||
@ -682,13 +688,16 @@ int verb_mask(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_free_ char *config_path = NULL, *symlink_path = NULL;
|
||||
ReloadFlags reload;
|
||||
|
||||
if (!filename_is_valid(*name))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid config filename: %s", *name);
|
||||
|
||||
/* We update the real 'flags' at last, since the operation can be skipped. */
|
||||
if (ENDSWITH_SET(*name, ".network", ".netdev"))
|
||||
reload = RELOAD_NETWORKD;
|
||||
else if (endswith(*name, ".link"))
|
||||
reload = RELOAD_UDEVD;
|
||||
else
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid network config name '%s'.", *name);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Network config of unknown type: %s", *name);
|
||||
|
||||
r = get_config_files_by_name(*name, /* allow_masked = */ true, &config_path, /* ret_dropins = */ NULL);
|
||||
if (r == -ENOENT)
|
||||
@ -739,12 +748,15 @@ int verb_unmask(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_free_ char *path = NULL;
|
||||
ReloadFlags reload;
|
||||
|
||||
if (!filename_is_valid(*name))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid config filename: %s", *name);
|
||||
|
||||
if (ENDSWITH_SET(*name, ".network", ".netdev"))
|
||||
reload = RELOAD_NETWORKD;
|
||||
else if (endswith(*name, ".link"))
|
||||
reload = RELOAD_UDEVD;
|
||||
else
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid network config name '%s'.", *name);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Network config of unknown type: %s", *name);
|
||||
|
||||
r = get_config_files_by_name(*name, /* allow_masked = */ true, &path, /* ret_dropins = */ NULL);
|
||||
if (r == -ENOENT) {
|
||||
|
||||
@ -1693,7 +1693,7 @@ static int dhcp4_configure(Link *link) {
|
||||
if (link->network->dhcp_fallback_lease_lifetime_usec > 0) {
|
||||
r = sd_dhcp_client_set_fallback_lease_lifetime(link->dhcp_client, link->network->dhcp_fallback_lease_lifetime_usec);
|
||||
if (r < 0)
|
||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed set to lease lifetime: %m");
|
||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to set fallback lease lifetime: %m");
|
||||
}
|
||||
|
||||
return dhcp4_set_client_identifier(link);
|
||||
|
||||
@ -539,7 +539,7 @@ int manager_setup(Manager *m) {
|
||||
|
||||
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
r = sd_event_add_post(m->event, NULL, manager_post_handler, m);
|
||||
if (r < 0)
|
||||
|
||||
@ -272,8 +272,7 @@ int link_update_monitor(Link *l) {
|
||||
else {
|
||||
r = parse_operational_state_range(required_operstate, &l->required_operstate);
|
||||
if (r < 0)
|
||||
ret = log_link_debug_errno(l, SYNTHETIC_ERRNO(EINVAL),
|
||||
"Failed to parse required operational state, ignoring: %m");
|
||||
ret = log_link_debug_errno(l, r, "Failed to parse required operational state, ignoring: %m");
|
||||
}
|
||||
|
||||
r = network_link_get_operational_state(l->ifindex, &l->operational_state);
|
||||
|
||||
@ -685,7 +685,7 @@ int mount_all(const char *dest,
|
||||
|
||||
log_debug_errno(r, "Failed to create directory %s: %m", where);
|
||||
|
||||
/* If we failed mkdir() or chown() due to the root directory being read only,
|
||||
/* If mkdir() or chown() failed due to the root directory being read only,
|
||||
* attempt to mount this fs anyway and let mount_verbose log any errors */
|
||||
if (r != -EROFS)
|
||||
continue;
|
||||
|
||||
@ -1011,7 +1011,7 @@ static int network_iface_pair_parse(const char* iftype, char ***l, const char *p
|
||||
return log_error_errno(r, "Failed to extract first word in %s parameter: %m", iftype);
|
||||
if (r == 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Short read while reading %s parameter: %m", iftype);
|
||||
"Short read while reading %s parameter.", iftype);
|
||||
if (!ifname_valid(a))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"%s, interface name not valid: %s", iftype, a);
|
||||
|
||||
@ -1366,7 +1366,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
} else {
|
||||
r = read_full_file(optarg, (char**) &p, &l);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed parse root hash signature file '%s': %m", optarg);
|
||||
return log_error_errno(r, "Failed to parse root hash signature file '%s': %m", optarg);
|
||||
}
|
||||
|
||||
free_and_replace(arg_verity_settings.root_hash_sig, p);
|
||||
@ -5583,7 +5583,7 @@ static int run_container(
|
||||
|
||||
r = sd_event_add_memory_pressure(event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
/* Exit when the child exits */
|
||||
(void) sd_event_add_signal(event, NULL, SIGCHLD, on_sigchld, pid);
|
||||
|
||||
@ -114,7 +114,7 @@ int manager_new(Manager **ret) {
|
||||
|
||||
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
r = sd_event_set_watchdog(m->event, true);
|
||||
if (r < 0)
|
||||
@ -230,7 +230,7 @@ static int start_one_worker(Manager *m) {
|
||||
}
|
||||
|
||||
r = invoke_callout_binary(SYSTEMD_NSRESOURCEWORK_PATH, STRV_MAKE("systemd-nsresourcework", "xxxxxxxxxxxxxxxx")); /* With some extra space rename_process() can make use of */
|
||||
log_error_errno(r, "Failed start worker process: %m");
|
||||
log_error_errno(r, "Failed to start worker process: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
|
||||
@ -2069,7 +2069,7 @@ static int run(int argc, char *argv[]) {
|
||||
if (r == -ESRCH)
|
||||
return log_error_errno(r, "Parent already died?");
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to send SIGUSR2 signal to parent. %m");
|
||||
return log_error_errno(r, "Failed to send SIGUSR2 signal to parent: %m");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ static int make_inner_hash_map(void) {
|
||||
MOUNTS_MAX,
|
||||
NULL);
|
||||
if (fd < 0)
|
||||
return log_debug_errno(errno, "Failed allocate inner BPF map: %m");
|
||||
return log_debug_errno(errno, "Failed to allocate inner BPF map: %m");
|
||||
|
||||
return fd;
|
||||
}
|
||||
|
||||
@ -527,13 +527,13 @@ int oomd_system_context_acquire(const char *proc_meminfo_path, OomdSystemContext
|
||||
|
||||
if (mem_available > ctx.mem_total)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"MemAvailable (%" PRIu64 ") cannot be greater than MemTotal (%" PRIu64 ") %m",
|
||||
"MemAvailable (%" PRIu64 ") cannot be greater than MemTotal (%" PRIu64 ")",
|
||||
mem_available,
|
||||
ctx.mem_total);
|
||||
|
||||
if (swap_free > ctx.swap_total)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"SwapFree (%" PRIu64 ") cannot be greater than SwapTotal (%" PRIu64 ") %m",
|
||||
"SwapFree (%" PRIu64 ") cannot be greater than SwapTotal (%" PRIu64 ")",
|
||||
swap_free,
|
||||
ctx.swap_total);
|
||||
|
||||
|
||||
@ -50,7 +50,7 @@ static int manager_new(Manager **ret) {
|
||||
|
||||
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
(void) sd_event_set_watchdog(m->event, true);
|
||||
|
||||
|
||||
@ -7601,7 +7601,7 @@ static int resolve_copy_blocks_auto(
|
||||
}
|
||||
}
|
||||
} else if (errno != ENOENT)
|
||||
return log_error_errno(errno, "Failed open %s: %m", p);
|
||||
return log_error_errno(errno, "Failed to open %s: %m", p);
|
||||
else {
|
||||
r = resolve_copy_blocks_auto_candidate(devno, type, restrict_devno, &found_uuid);
|
||||
if (r < 0)
|
||||
|
||||
@ -229,7 +229,7 @@ static int manager_process_route(sd_netlink *rtnl, sd_netlink_message *mm, void
|
||||
|
||||
r = sd_netlink_message_get_type(mm, &type);
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Failed not get message type, ignoring: %m");
|
||||
log_warning_errno(r, "Failed to get rtnl message type, ignoring: %m");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -785,23 +785,23 @@ int manager_new(Manager **ret) {
|
||||
|
||||
r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGHUP | SD_EVENT_SIGNAL_PROCMASK, manager_dispatch_reload_signal, m);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed install SIGHUP handler: %m");
|
||||
return log_debug_errno(r, "Failed to install SIGHUP handler: %m");
|
||||
|
||||
r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR1 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr1, m);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed install SIGUSR1 handler: %m");
|
||||
return log_debug_errno(r, "Failed to install SIGUSR1 handler: %m");
|
||||
|
||||
r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR2 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr2, m);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed install SIGUSR2 handler: %m");
|
||||
return log_debug_errno(r, "Failed to install SIGUSR2 handler: %m");
|
||||
|
||||
r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+1) | SD_EVENT_SIGNAL_PROCMASK, manager_sigrtmin1, m);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed install SIGRTMIN+1 handler: %m");
|
||||
return log_debug_errno(r, "Failed to install SIGRTMIN+1 handler: %m");
|
||||
|
||||
r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, &m->sigrtmin18_info);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed install SIGRTMIN+18 handler: %m");
|
||||
return log_debug_errno(r, "Failed to install SIGRTMIN+18 handler: %m");
|
||||
|
||||
manager_cleanup_saved_user(m);
|
||||
|
||||
|
||||
@ -178,7 +178,7 @@ int read_credential_with_decryption(const char *name, void **ret, size_t *ret_si
|
||||
if (r >= 0)
|
||||
return 1; /* found */
|
||||
if (!IN_SET(r, -ENXIO, -ENOENT))
|
||||
return log_error_errno(r, "Failed read unencrypted credential '%s': %m", name);
|
||||
return log_error_errno(r, "Failed to read unencrypted credential '%s': %m", name);
|
||||
|
||||
r = get_encrypted_credentials_dir(&d);
|
||||
if (r == -ENXIO)
|
||||
@ -920,7 +920,7 @@ int encrypt_credential_and_warn(
|
||||
r = tpm2_load_pcr_public_key(tpm2_pubkey_path, &pubkey.iov_base, &pubkey.iov_len);
|
||||
if (r < 0) {
|
||||
if (tpm2_pubkey_path || r != -ENOENT || !sd_id128_in_set(with_key, _CRED_AUTO, _CRED_AUTO_INITRD, _CRED_AUTO_SCOPED))
|
||||
return log_error_errno(r, "Failed read TPM PCR public key: %m");
|
||||
return log_error_errno(r, "Failed to read TPM PCR public key: %m");
|
||||
|
||||
log_debug_errno(r, "Failed to read TPM2 PCR public key, proceeding without: %m");
|
||||
}
|
||||
|
||||
@ -3196,7 +3196,7 @@ int image_filter_parse(const char *s, ImageFilter **ret) {
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to extract designator: %m");
|
||||
if (r != 2 || !isempty(x))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to split: %m");
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to split: %s", word);
|
||||
|
||||
PartitionDesignator d = partition_designator_from_string(designator);
|
||||
if (d < 0)
|
||||
@ -4584,7 +4584,7 @@ int mountfsd_mount_image(
|
||||
if (image_policy) {
|
||||
r = image_policy_to_string(image_policy, /* simplify= */ false, &ps);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed format image policy to string: %m");
|
||||
return log_error_errno(r, "Failed to format image policy to string: %m");
|
||||
}
|
||||
|
||||
sd_json_variant *reply = NULL;
|
||||
|
||||
@ -103,7 +103,7 @@ static int verify_esp_blkid(
|
||||
if (r != 0)
|
||||
return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
|
||||
SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV),
|
||||
"No filesystem found on \"%s\": %m", node);
|
||||
"No filesystem found on \"%s\".", node);
|
||||
if (!streq(v, "vfat"))
|
||||
return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
|
||||
SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV),
|
||||
@ -631,7 +631,7 @@ static int verify_xbootldr_blkid(
|
||||
if (r != 0)
|
||||
return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
|
||||
searching ? SYNTHETIC_ERRNO(EADDRNOTAVAIL) : SYNTHETIC_ERRNO(EIO),
|
||||
"%s: Failed to probe PART_ENTRY_SCHEME: %m", node);
|
||||
"%s: Failed to probe PART_ENTRY_SCHEME.", node);
|
||||
if (streq(type, "gpt")) {
|
||||
|
||||
errno = 0;
|
||||
|
||||
@ -1,20 +1,6 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#if HAVE_CRYPT_H
|
||||
/* libxcrypt is a replacement for glibc's libcrypt, and libcrypt might be
|
||||
* removed from glibc at some point. As part of the removal, defines for
|
||||
* crypt(3) are dropped from unistd.h, and we must include crypt.h instead.
|
||||
*
|
||||
* Newer versions of glibc (v2.0+) already ship crypt.h with a definition
|
||||
* of crypt(3) as well, so we simply include it if it is present. MariaDB,
|
||||
* MySQL, PostgreSQL, Perl and some other wide-spread packages do it the
|
||||
* same way since ages without any problems.
|
||||
*/
|
||||
# include <crypt.h>
|
||||
#else
|
||||
# include <unistd.h>
|
||||
#endif
|
||||
|
||||
#include <crypt.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "alloc-util.h"
|
||||
|
||||
@ -127,7 +127,7 @@ int check_password_quality(
|
||||
|
||||
check_reason = sym_passwdqc_check(¶ms->qc, password, old, &pw);
|
||||
} else
|
||||
check_reason = sym_passwdqc_check(¶ms->qc, password, old, /* pw */ NULL);
|
||||
check_reason = sym_passwdqc_check(¶ms->qc, password, old, /* pw = */ NULL);
|
||||
|
||||
if (check_reason) {
|
||||
if (ret_error) {
|
||||
|
||||
@ -1538,7 +1538,7 @@ int seccomp_protect_syslog(void) {
|
||||
0);
|
||||
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to add syslog() rule for architecture %s, skipping %m", seccomp_arch_to_string(arch));
|
||||
log_debug_errno(r, "Failed to add syslog() rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch));
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -1546,7 +1546,7 @@ int seccomp_protect_syslog(void) {
|
||||
if (ERRNO_IS_NEG_SECCOMP_FATAL(r))
|
||||
return r;
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to install syslog protection rules for architecture %s, skipping %m",
|
||||
log_debug_errno(r, "Failed to install syslog protection rules for architecture %s, skipping: %m",
|
||||
seccomp_arch_to_string(arch));
|
||||
}
|
||||
|
||||
|
||||
@ -1141,7 +1141,7 @@ static int tpm2_credit_random(Tpm2Context *c) {
|
||||
|
||||
r = random_write_entropy(-1, buffer->buffer, buffer->size, /* credit= */ false);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed wo write entropy to kernel: %m");
|
||||
return log_debug_errno(r, "Failed to write entropy to kernel: %m");
|
||||
|
||||
done += buffer->size;
|
||||
rps = LESS_BY(rps, buffer->size);
|
||||
|
||||
@ -57,11 +57,11 @@ int varlink_server_deserialize_one(sd_varlink_server *s, const char *value, FDSe
|
||||
|
||||
if (v[n] != ' ')
|
||||
return varlink_server_log_errno(s, SYNTHETIC_ERRNO(EINVAL),
|
||||
"Failed to deserialize sd_varlink_server_socket: %s: %m", value);
|
||||
"Failed to deserialize sd_varlink_server_socket: %s", value);
|
||||
v = startswith(v + n + 1, "varlink-server-socket-fd=");
|
||||
if (!v)
|
||||
return varlink_server_log_errno(s, SYNTHETIC_ERRNO(EINVAL),
|
||||
"Failed to deserialize VarlinkServerSocket fd %s: %m", value);
|
||||
"Failed to deserialize VarlinkServerSocket fd: %s", value);
|
||||
|
||||
n = strcspn(v, " ");
|
||||
buf = strndupa_safe(v, n);
|
||||
@ -71,7 +71,7 @@ int varlink_server_deserialize_one(sd_varlink_server *s, const char *value, FDSe
|
||||
return varlink_server_log_errno(s, fd, "Unable to parse VarlinkServerSocket varlink-server-socket-fd=%s: %m", buf);
|
||||
if (!fdset_contains(fds, fd))
|
||||
return varlink_server_log_errno(s, SYNTHETIC_ERRNO(EBADF),
|
||||
"VarlinkServerSocket varlink-server-socket-fd= has unknown fd %d: %m", fd);
|
||||
"VarlinkServerSocket varlink-server-socket-fd= has unknown fd: %d", fd);
|
||||
|
||||
ss = new(VarlinkServerSocket, 1);
|
||||
if (!ss)
|
||||
|
||||
@ -254,7 +254,7 @@ static int need_reload(
|
||||
const char *extension_reload_manager = NULL;
|
||||
int b;
|
||||
|
||||
r = load_extension_release_pairs(arg_root, image_class, *extension, /* relax_extension_release_check */ true, &extension_release);
|
||||
r = load_extension_release_pairs(arg_root, image_class, *extension, /* relax_extension_release_check = */ true, &extension_release);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to parse extension-release metadata of %s, ignoring: %m", *extension);
|
||||
continue;
|
||||
@ -1547,7 +1547,7 @@ static int store_info_in_meta(
|
||||
|
||||
/* Make sure the top-level dir has an mtime marking the point we established the merge */
|
||||
if (utimensat(AT_FDCWD, meta_path, NULL, AT_SYMLINK_NOFOLLOW) < 0)
|
||||
return log_error_errno(r, "Failed fix mtime of '%s': %m", meta_path);
|
||||
return log_error_errno(r, "Failed to fix mtime of '%s': %m", meta_path);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -1731,7 +1731,7 @@ static int merge_subprocess(
|
||||
return log_error_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(arg_root));
|
||||
if (isempty(host_os_release_id))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"'ID' field not found or empty in 'os-release' data of OS tree '%s': %m",
|
||||
"'ID' field not found or empty in 'os-release' data of OS tree '%s'.",
|
||||
empty_to_root(arg_root));
|
||||
|
||||
/* Let's now mount all images */
|
||||
|
||||
@ -327,7 +327,7 @@ static int download_manifest(
|
||||
|
||||
manifest = fdopen(pfd[0], "r");
|
||||
if (!manifest)
|
||||
return log_error_errno(errno, "Failed allocate FILE object for manifest file: %m");
|
||||
return log_error_errno(errno, "Failed to allocate FILE object for manifest file: %m");
|
||||
|
||||
TAKE_FD(pfd[0]);
|
||||
|
||||
|
||||
@ -409,7 +409,7 @@ static int config_parse_resource_ptype(
|
||||
r = gpt_partition_type_from_string(rvalue, &rr->partition_type);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||
"Failed parse partition type, ignoring: %s", rvalue);
|
||||
"Failed to parse partition type, ignoring: %s", rvalue);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -437,7 +437,7 @@ static int config_parse_partition_uuid(
|
||||
r = sd_id128_from_string(rvalue, &t->partition_uuid);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||
"Failed parse partition UUID, ignoring: %s", rvalue);
|
||||
"Failed to parse partition UUID, ignoring: %s", rvalue);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -465,7 +465,7 @@ static int config_parse_partition_flags(
|
||||
r = safe_atou64(rvalue, &t->partition_flags);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||
"Failed parse partition flags, ignoring: %s", rvalue);
|
||||
"Failed to parse partition flags, ignoring: %s", rvalue);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -1738,7 +1738,7 @@ static int manager_new(Manager **ret) {
|
||||
|
||||
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
r = sd_bus_default_system(&m->bus);
|
||||
if (r < 0)
|
||||
|
||||
@ -249,12 +249,12 @@ static int test_bpf_cgroup_programs(Manager *m, const char *unit_name, const Tes
|
||||
ASSERT_OK(unit_patch_contexts(u));
|
||||
r = unit_start(u, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Unit start failed %m");
|
||||
return log_error_errno(r, "Unit start failed: %m");
|
||||
|
||||
while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED)) {
|
||||
r = sd_event_run(m->event, UINT64_MAX);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Event run failed %m");
|
||||
return log_error_errno(r, "Event run failed: %m");
|
||||
}
|
||||
|
||||
cld_code = SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code;
|
||||
|
||||
@ -41,12 +41,12 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch
|
||||
ASSERT_OK(unit_patch_contexts(u));
|
||||
r = unit_start(u, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Unit start failed %m");
|
||||
return log_error_errno(r, "Unit start failed: %m");
|
||||
|
||||
while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED)) {
|
||||
r = sd_event_run(m->event, UINT64_MAX);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Event run failed %m");
|
||||
return log_error_errno(r, "Event run failed: %m");
|
||||
}
|
||||
|
||||
cld_code = SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code;
|
||||
|
||||
@ -192,11 +192,11 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
r = btrfs_subvol_remove("/xxxquotatest", BTRFS_REMOVE_QUOTA|BTRFS_REMOVE_RECURSIVE);
|
||||
if (r < 0)
|
||||
log_error_errno(r, "Failed remove subvolume: %m");
|
||||
log_error_errno(r, "Failed to remove subvolume: %m");
|
||||
|
||||
r = btrfs_subvol_remove("/xxxquotatest2", BTRFS_REMOVE_QUOTA|BTRFS_REMOVE_RECURSIVE);
|
||||
if (r < 0)
|
||||
log_error_errno(r, "Failed remove subvolume: %m");
|
||||
log_error_errno(r, "Failed to remove subvolume: %m");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1,10 +1,6 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#if HAVE_CRYPT_H
|
||||
# include <crypt.h>
|
||||
#else
|
||||
# include <unistd.h>
|
||||
#endif
|
||||
#include <crypt.h>
|
||||
|
||||
#include "libcrypt-util.h"
|
||||
#include "strv.h"
|
||||
|
||||
@ -90,7 +90,7 @@ static void* thread_func(void *ptr) {
|
||||
DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_ADD_PARTITION_DEVICES|DISSECT_IMAGE_PIN_PARTITION_DEVICES,
|
||||
&dissected);
|
||||
if (r < 0)
|
||||
log_error_errno(r, "Failed dissect loopback device %s: %m", loop->node);
|
||||
log_error_errno(r, "Failed to dissect loopback device %s: %m", loop->node);
|
||||
assert_se(r >= 0);
|
||||
|
||||
log_info("Dissected loop device %s", loop->node);
|
||||
|
||||
@ -80,12 +80,12 @@ static int test_socket_bind(
|
||||
ASSERT_OK(unit_patch_contexts(u));
|
||||
r = unit_start(u, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Unit start failed %m");
|
||||
return log_error_errno(r, "Unit start failed: %m");
|
||||
|
||||
while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED)) {
|
||||
r = sd_event_run(m->event, UINT64_MAX);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Event run failed %m");
|
||||
return log_error_errno(r, "Event run failed: %m");
|
||||
}
|
||||
|
||||
cld_code = SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code;
|
||||
|
||||
@ -1143,7 +1143,7 @@ int manager_new(Manager **ret) {
|
||||
|
||||
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
r = sd_event_set_watchdog(m->event, true);
|
||||
if (r < 0)
|
||||
|
||||
@ -661,7 +661,7 @@ static int link_generate_new_hw_addr(Link *link, struct hw_addr_data *ret) {
|
||||
memcpy(p, &result, len);
|
||||
if (!hw_addr_is_valid(link, &hw_addr))
|
||||
return log_link_warning_errno(link, SYNTHETIC_ERRNO(EINVAL),
|
||||
"Could not generate valid persistent MAC address: %m");
|
||||
"Could not generate valid persistent MAC address.");
|
||||
}
|
||||
|
||||
finalize:
|
||||
|
||||
@ -539,7 +539,7 @@ static int get_device_firmware_node_sun(sd_device *dev, uint32_t *ret) {
|
||||
if (r < 0)
|
||||
return log_device_debug_errno(dev, r, "Failed to parse firmware_node/sun '%s', ignoring: %m", attr);
|
||||
if (sun == 0)
|
||||
return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), "firmware_node/sun == 0, ignoring: %m");
|
||||
return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), "firmware_node/sun == 0, ignoring.");
|
||||
|
||||
*ret = sun;
|
||||
return 0;
|
||||
|
||||
@ -861,7 +861,7 @@ static int event_enter_locked(Event *event, const char *whole_disk) {
|
||||
if (isempty(whole_disk))
|
||||
return log_device_warning_errno(
|
||||
dev, SYNTHETIC_ERRNO(EBADMSG),
|
||||
"Unexpected notify message received, skipping event (SEQNUM=%"PRIu64", ACTION=%s): %m",
|
||||
"Unexpected notify message received, skipping event (SEQNUM=%"PRIu64", ACTION=%s).",
|
||||
event->seqnum, strna(device_action_to_string(event->action)));
|
||||
|
||||
_cleanup_free_ char *whole_disk_copy = strdup(whole_disk);
|
||||
|
||||
@ -954,7 +954,7 @@ static int parse_token(
|
||||
if (is_case_insensitive)
|
||||
return log_line_invalid_prefix(rule_line, key);
|
||||
|
||||
r = rule_line_add_token(rule_line, TK_M_PROGRAM, op, value, NULL, /* is_case_insensitive */ false, token_str);
|
||||
r = rule_line_add_token(rule_line, TK_M_PROGRAM, op, value, NULL, /* is_case_insensitive = */ false, token_str);
|
||||
} else if (streq(key, "IMPORT")) {
|
||||
if (isempty(attr))
|
||||
return log_line_invalid_attr(rule_line, key);
|
||||
|
||||
@ -490,7 +490,7 @@ static int display_user(int argc, char *argv[], void *userdata) {
|
||||
if (r == -EHOSTDOWN)
|
||||
return log_error_errno(r, "Selected user database service is not available for this request.");
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed acquire next user: %m");
|
||||
return log_error_errno(r, "Failed to acquire next user: %m");
|
||||
|
||||
if (draw_separator && arg_output == OUTPUT_FRIENDLY)
|
||||
putchar('\n');
|
||||
@ -830,7 +830,7 @@ static int display_group(int argc, char *argv[], void *userdata) {
|
||||
if (r == -EHOSTDOWN)
|
||||
return log_error_errno(r, "Selected group database service is not available for this request.");
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed acquire next group: %m");
|
||||
return log_error_errno(r, "Failed to acquire next group: %m");
|
||||
|
||||
if (draw_separator && arg_output == OUTPUT_FRIENDLY)
|
||||
putchar('\n');
|
||||
@ -977,7 +977,7 @@ static int display_memberships(int argc, char *argv[], void *userdata) {
|
||||
if (r == -EHOSTDOWN)
|
||||
return log_error_errno(r, "Selected membership database service is not available for this request.");
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed acquire next membership: %m");
|
||||
return log_error_errno(r, "Failed to acquire next membership: %m");
|
||||
|
||||
r = show_membership(user, group, table);
|
||||
if (r < 0)
|
||||
@ -1004,7 +1004,7 @@ static int display_memberships(int argc, char *argv[], void *userdata) {
|
||||
if (r == -EHOSTDOWN)
|
||||
return log_error_errno(r, "Selected membership database service is not available for this request.");
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed acquire next membership: %m");
|
||||
return log_error_errno(r, "Failed to acquire next membership: %m");
|
||||
|
||||
r = show_membership(user, group, table);
|
||||
if (r < 0)
|
||||
|
||||
@ -103,7 +103,7 @@ int manager_new(Manager **ret) {
|
||||
|
||||
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
r = sd_event_set_watchdog(m->event, true);
|
||||
if (r < 0)
|
||||
@ -198,7 +198,7 @@ static int start_one_worker(Manager *m) {
|
||||
}
|
||||
|
||||
r = invoke_callout_binary(SYSTEMD_USERWORK_PATH, STRV_MAKE(SYSTEMD_USERWORK_PATH, "xxxxxxxxxxxxxxxx")); /* With some extra space rename_process() can make use of */
|
||||
log_error_errno(r, "Failed start worker process: %m");
|
||||
log_error_errno(r, "Failed to start worker process: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
|
||||
@ -1616,7 +1616,7 @@ static int grow_image(const char *path, uint64_t size) {
|
||||
}
|
||||
|
||||
if (ftruncate(fd, size) < 0)
|
||||
return log_error_errno(errno, "Failed grow image file '%s' from %s to %s: %m", path,
|
||||
return log_error_errno(errno, "Failed to grow image file '%s' from %s to %s: %m", path,
|
||||
FORMAT_BYTES(st.st_size), FORMAT_BYTES(size));
|
||||
|
||||
r = fsync_full(fd);
|
||||
@ -2204,7 +2204,7 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
|
||||
else if (S_ISBLK(st.st_mode))
|
||||
driver = "host_device";
|
||||
else
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Expected regular file or block device, not '%s': %m", *drive);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Expected regular file or block device, not '%s'.", *drive);
|
||||
|
||||
r = strv_extendf(&cmdline, "driver=raw,cache.direct=off,cache.no-flush=on,file.driver=%s,file.filename=%s,node-name=vmspawn_extra_%zu", driver, escaped_drive, i);
|
||||
if (r < 0)
|
||||
@ -2691,7 +2691,7 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
|
||||
|
||||
r = sd_event_add_memory_pressure(event, NULL, NULL, NULL);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
||||
log_debug_errno(r, "Failed to allocate memory pressure event source, ignoring: %m");
|
||||
|
||||
/* Exit when the child exits */
|
||||
r = event_add_child_pidref(event, /* ret= */ NULL, &child_pidref, WEXITED, on_child_exit, /* userdata= */ NULL);
|
||||
|
||||
@ -43,6 +43,7 @@ touch /usr/lib/systemd/network/donotexist.network
|
||||
(! networkctl unmask "donotexist.network")
|
||||
rm /usr/lib/systemd/network/donotexist.network
|
||||
|
||||
(! networkctl cat "/usr/lib/systemd/network/$NETWORK_NAME")
|
||||
networkctl cat "$NETWORK_NAME" | tail -n +2 | cmp - "/usr/lib/systemd/network/$NETWORK_NAME"
|
||||
|
||||
cat >new <<EOF
|
||||
@ -50,6 +51,7 @@ cat >new <<EOF
|
||||
Name=test2
|
||||
EOF
|
||||
|
||||
(! networkctl edit "/usr/lib/systemd/network/$NETWORK_NAME")
|
||||
EDITOR='mv new' script -ec 'networkctl edit --runtime "$NETWORK_NAME"' /dev/null
|
||||
(! networkctl mask --runtime "$NETWORK_NAME")
|
||||
printf '%s\n' '[Match]' 'Name=test2' | cmp - "/run/systemd/network/$NETWORK_NAME"
|
||||
|
||||
@ -20,20 +20,25 @@ trap at_exit EXIT
|
||||
|
||||
test -x "${GENERATOR_BIN:?}"
|
||||
|
||||
if in_container; then
|
||||
# Do a limited test in a container, as writing to /dev is usually restrited
|
||||
: "getty-generator: \$container_ttys env (container)"
|
||||
# In a container we allow only /dev/pts/* ptys
|
||||
PID1_ENVIRON="container_ttys=tty0 pts/0 /dev/tty0" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_none() {
|
||||
[[ "$(find "$OUT_DIR" ! -type d | wc -l)" -eq 0 ]]
|
||||
}
|
||||
|
||||
# console-getty.service is always pulled in in containers
|
||||
check_container() {
|
||||
link_endswith "$OUT_DIR/normal/getty.target.wants/console-getty.service" "/lib/systemd/system/console-getty.service"
|
||||
link_endswith "$OUT_DIR/normal/getty.target.wants/container-getty@0.service" "/lib/systemd/system/container-getty@.service"
|
||||
test ! -e "$OUT_DIR/normal/getty.target.wants/container-getty@tty0.service"
|
||||
test ! -h "$OUT_DIR/normal/getty.target.wants/container-getty@tty0.service"
|
||||
}
|
||||
|
||||
exit 0
|
||||
fi
|
||||
check_no_container() {
|
||||
local unit
|
||||
|
||||
for unit in console-getty.service container-getty@0.service container-getty@tty0.service; do
|
||||
test ! -e "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
test ! -h "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
done
|
||||
}
|
||||
|
||||
DUMMY_ACTIVE_CONSOLES=(
|
||||
"hvc99"
|
||||
@ -52,6 +57,94 @@ DUMMY_CONSOLES=(
|
||||
"${DUMMY_ACTIVE_CONSOLES[@]}"
|
||||
"${DUMMY_INACTIVE_CONSOLES[@]}"
|
||||
)
|
||||
|
||||
check_console() {
|
||||
local console unit
|
||||
|
||||
for console in "${DUMMY_ACTIVE_CONSOLES[@]}"; do
|
||||
unit="$(systemd-escape --template serial-getty@.service "$console")"
|
||||
link_endswith "$OUT_DIR/normal/getty.target.wants/$unit" "/lib/systemd/system/serial-getty@.service"
|
||||
done
|
||||
for console in "${DUMMY_INACTIVE_CONSOLES[@]}" /dev/notatty99; do
|
||||
unit="$(systemd-escape --template serial-getty@.service "$console")"
|
||||
test ! -e "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
test ! -h "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
done
|
||||
}
|
||||
|
||||
check_no_console() {
|
||||
local console unit
|
||||
|
||||
for console in "${DUMMY_CONSOLES[@]}" /dev/notatty99; do
|
||||
unit="$(systemd-escape --template serial-getty@.service "$console")"
|
||||
test ! -e "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
test ! -h "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
done
|
||||
}
|
||||
|
||||
BUILTINS=(
|
||||
"hvc0"
|
||||
"xvc0"
|
||||
"hvsi0"
|
||||
"sclp_line0"
|
||||
"ttysclp0"
|
||||
"3270/tty1"
|
||||
)
|
||||
|
||||
check_builtin() {
|
||||
local console unit
|
||||
|
||||
for console in "${BUILTINS[@]}"; do
|
||||
unit="$(systemd-escape --template serial-getty@.service "$console")"
|
||||
if [[ -e "/dev/$console" ]]; then
|
||||
link_endswith "$OUT_DIR/normal/getty.target.wants/$unit" "/lib/systemd/system/serial-getty@.service"
|
||||
else
|
||||
test ! -e "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
test ! -h "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
check_no_builtin() {
|
||||
local console unit
|
||||
|
||||
for console in "${BUILTINS[@]}"; do
|
||||
unit="$(systemd-escape --template serial-getty@.service "$console")"
|
||||
test ! -e "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
test ! -h "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
done
|
||||
}
|
||||
|
||||
if in_container; then
|
||||
# Do a limited test in a container, as writing to /dev is usually restrited
|
||||
: "getty-generator: \$container_ttys env (container)"
|
||||
# In a container we allow only /dev/pts/* ptys
|
||||
PID1_ENVIRON="container_ttys=tty0 pts/0 /dev/tty0" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_container
|
||||
check_no_console
|
||||
check_no_builtin
|
||||
|
||||
: "getty-generator: SYSTEMD_GETTY_AUTO=0 in PID1's environment (container)"
|
||||
PID1_ENVIRON="container_ttys=tty0 pts/0 /dev/tty0\0SYSTEMD_GETTY_AUTO=0" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_none
|
||||
|
||||
: "getty-generator: SYSTEMD_GETTY_AUTO=console in PID1's environment (container)"
|
||||
PID1_ENVIRON="container_ttys=tty0 pts/0 /dev/tty0\0SYSTEMD_GETTY_AUTO=console" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_none
|
||||
|
||||
: "getty-generator: SYSTEMD_GETTY_AUTO=console,builtin in PID1's environment (container)"
|
||||
PID1_ENVIRON="container_ttys=tty0 pts/0 /dev/tty0\0SYSTEMD_GETTY_AUTO=console,builtin" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_none
|
||||
|
||||
: "getty-generator: SYSTEMD_GETTY_AUTO=console,builtin,container in PID1's environment (container)"
|
||||
PID1_ENVIRON="container_ttys=tty0 pts/0 /dev/tty0\0SYSTEMD_GETTY_AUTO=console,builtin,container" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_container
|
||||
check_no_console
|
||||
check_no_builtin
|
||||
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Create a bunch of dummy consoles
|
||||
for console in "${DUMMY_CONSOLES[@]}"; do
|
||||
mknod "/dev/$console" c 4 0
|
||||
@ -66,23 +159,49 @@ mount -v --bind /tmp/dummy-active-consoles /sys/class/tty/console/active
|
||||
: "getty-generator: no arguments"
|
||||
# Sneak in an invalid value for $SYSTEMD_GETTY_AUTO to test things out
|
||||
PID1_ENVIRON="SYSTEMD_GETTY_AUTO=foo" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
for console in "${DUMMY_ACTIVE_CONSOLES[@]}"; do
|
||||
unit="$(systemd-escape --template serial-getty@.service "$console")"
|
||||
link_endswith "$OUT_DIR/normal/getty.target.wants/$unit" "/lib/systemd/system/serial-getty@.service"
|
||||
done
|
||||
for console in "${DUMMY_INACTIVE_CONSOLES[@]}" /dev/notatty99; do
|
||||
unit="$(systemd-escape --template serial-getty@.service "$console")"
|
||||
test ! -e "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
test ! -h "$OUT_DIR/normal/getty.target.wants/$unit"
|
||||
done
|
||||
check_no_container
|
||||
check_console
|
||||
check_builtin
|
||||
|
||||
: "getty-generator: systemd.getty_auto=0 on kernel cmdline"
|
||||
SYSTEMD_PROC_CMDLINE="systemd.getty_auto=foo systemd.getty_auto=0" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
[[ "$(find "$OUT_DIR" ! -type d | wc -l)" -eq 0 ]]
|
||||
check_none
|
||||
|
||||
: "getty-generator: systemd.getty_auto=container on kernel cmdline"
|
||||
SYSTEMD_PROC_CMDLINE="systemd.getty_auto=foo systemd.getty_auto=container" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_none
|
||||
|
||||
: "getty-generator: systemd.getty_auto=container,console on kernel cmdline"
|
||||
SYSTEMD_PROC_CMDLINE="systemd.getty_auto=foo systemd.getty_auto=container,console" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_no_container
|
||||
check_console
|
||||
check_no_builtin
|
||||
|
||||
: "getty-generator: systemd.getty_auto=container,builtin on kernel cmdline"
|
||||
SYSTEMD_PROC_CMDLINE="systemd.getty_auto=foo systemd.getty_auto=container,builtin" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_no_container
|
||||
check_no_console
|
||||
check_builtin
|
||||
|
||||
: "getty-generator: SYSTEMD_GETTY_AUTO=0 in PID1's environment"
|
||||
PID1_ENVIRON="SYSTEMD_GETTY_AUTO=0" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
[[ "$(find "$OUT_DIR" ! -type d | wc -l)" -eq 0 ]]
|
||||
check_none
|
||||
|
||||
: "getty-generator: SYSTEMD_GETTY_AUTO=container in PID1's environment"
|
||||
PID1_ENVIRON="SYSTEMD_GETTY_AUTO=container" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_none
|
||||
|
||||
: "getty-generator: SYSTEMD_GETTY_AUTO=container,console in PID1's environment"
|
||||
PID1_ENVIRON="SYSTEMD_GETTY_AUTO=container,console" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_no_container
|
||||
check_console
|
||||
check_no_builtin
|
||||
|
||||
: "getty-generator: SYSTEMD_GETTY_AUTO=container,builtin in PID1's environment"
|
||||
PID1_ENVIRON="SYSTEMD_GETTY_AUTO=container,builtin" run_and_list "$GENERATOR_BIN" "$OUT_DIR"
|
||||
check_no_container
|
||||
check_no_console
|
||||
check_builtin
|
||||
|
||||
# Cleanup
|
||||
umount /sys/class/tty/console/active --lazy
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user