Compare commits
10 Commits
18a74f4f2e
...
5f3d966f38
Author | SHA1 | Date |
---|---|---|
Yu Watanabe | 5f3d966f38 | |
Yu Watanabe | ec6a9b2e03 | |
Yu Watanabe | 087e46cc55 | |
Yu Watanabe | 4527f71040 | |
Yu Watanabe | 52b0351a15 | |
Luca Boccassi | fe077a1a58 | |
Mike Yuan | b718b86e1b | |
Mike Yuan | d911778877 | |
Mike Yuan | eea9d3eb10 | |
Mike Yuan | 579ce77ead |
|
@ -4397,6 +4397,15 @@ ServerAddress=192.168.0.1/24</programlisting>
|
||||||
<xi:include href="version-info.xml" xpointer="v244"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v244"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>Preference=</varname></term>
|
||||||
|
|
||||||
|
<listitem><para>Specifies the preference of the route option. Takes one of <literal>high</literal>,
|
||||||
|
<literal>medium</literal>, or <literal>low</literal>. Defaults to <literal>medium</literal>.</para>
|
||||||
|
|
||||||
|
<xi:include href="version-info.xml" xpointer="v258"/></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
|
|
@ -220,9 +220,9 @@ static int synthesize_user_creds(
|
||||||
if (ret_gid)
|
if (ret_gid)
|
||||||
*ret_gid = GID_NOBODY;
|
*ret_gid = GID_NOBODY;
|
||||||
if (ret_home)
|
if (ret_home)
|
||||||
*ret_home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/";
|
*ret_home = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : "/";
|
||||||
if (ret_shell)
|
if (ret_shell)
|
||||||
*ret_shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN;
|
*ret_shell = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : NOLOGIN;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -244,6 +244,7 @@ int get_user_creds(
|
||||||
|
|
||||||
assert(username);
|
assert(username);
|
||||||
assert(*username);
|
assert(*username);
|
||||||
|
assert((ret_home || ret_shell) || !(flags & (USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_CLEAN)));
|
||||||
|
|
||||||
if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
|
if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
|
||||||
(!ret_home && !ret_shell)) {
|
(!ret_home && !ret_shell)) {
|
||||||
|
@ -315,17 +316,14 @@ int get_user_creds(
|
||||||
|
|
||||||
if (ret_home)
|
if (ret_home)
|
||||||
/* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
|
/* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
|
||||||
*ret_home = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
|
*ret_home = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && empty_or_root(p->pw_dir)) ||
|
||||||
(empty_or_root(p->pw_dir) ||
|
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_dir) || !path_is_absolute(p->pw_dir)))
|
||||||
!path_is_valid(p->pw_dir) ||
|
? NULL : p->pw_dir;
|
||||||
!path_is_absolute(p->pw_dir))) ? NULL : p->pw_dir;
|
|
||||||
|
|
||||||
if (ret_shell)
|
if (ret_shell)
|
||||||
*ret_shell = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
|
*ret_shell = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && shell_is_placeholder(p->pw_shell)) ||
|
||||||
(isempty(p->pw_shell) ||
|
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_shell) || !path_is_absolute(p->pw_shell)))
|
||||||
!path_is_valid(p->pw_shell) ||
|
? NULL : p->pw_shell;
|
||||||
!path_is_absolute(p->pw_shell) ||
|
|
||||||
is_nologin_shell(p->pw_shell))) ? NULL : p->pw_shell;
|
|
||||||
|
|
||||||
if (patch_username)
|
if (patch_username)
|
||||||
*username = p->pw_name;
|
*username = p->pw_name;
|
||||||
|
|
|
@ -12,6 +12,8 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include "string-util.h"
|
||||||
|
|
||||||
/* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
|
/* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
|
||||||
#define HOME_UID_MIN ((uid_t) 60001)
|
#define HOME_UID_MIN ((uid_t) 60001)
|
||||||
#define HOME_UID_MAX ((uid_t) 60513)
|
#define HOME_UID_MAX ((uid_t) 60513)
|
||||||
|
@ -36,10 +38,20 @@ static inline int parse_gid(const char *s, gid_t *ret_gid) {
|
||||||
char* getlogname_malloc(void);
|
char* getlogname_malloc(void);
|
||||||
char* getusername_malloc(void);
|
char* getusername_malloc(void);
|
||||||
|
|
||||||
|
const char* default_root_shell_at(int rfd);
|
||||||
|
const char* default_root_shell(const char *root);
|
||||||
|
|
||||||
|
bool is_nologin_shell(const char *shell);
|
||||||
|
|
||||||
|
static inline bool shell_is_placeholder(const char *shell) {
|
||||||
|
return isempty(shell) || is_nologin_shell(shell);
|
||||||
|
}
|
||||||
|
|
||||||
typedef enum UserCredsFlags {
|
typedef enum UserCredsFlags {
|
||||||
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
|
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
|
||||||
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
|
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
|
||||||
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
|
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
|
||||||
|
USER_CREDS_SUPPRESS_PLACEHOLDER = 1 << 3, /* suppress home and/or shell fields if value is placeholder (root/empty/nologin) */
|
||||||
} UserCredsFlags;
|
} UserCredsFlags;
|
||||||
|
|
||||||
int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
|
int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
|
||||||
|
@ -125,10 +137,6 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg);
|
||||||
int putsgent_sane(const struct sgrp *sg, FILE *stream);
|
int putsgent_sane(const struct sgrp *sg, FILE *stream);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
bool is_nologin_shell(const char *shell);
|
|
||||||
const char* default_root_shell_at(int rfd);
|
|
||||||
const char* default_root_shell(const char *root);
|
|
||||||
|
|
||||||
int is_this_me(const char *username);
|
int is_this_me(const char *username);
|
||||||
|
|
||||||
const char* get_home_root(void);
|
const char* get_home_root(void);
|
||||||
|
|
|
@ -855,9 +855,6 @@ static int get_fixed_user(
|
||||||
assert(user_or_uid);
|
assert(user_or_uid);
|
||||||
assert(ret_username);
|
assert(ret_username);
|
||||||
|
|
||||||
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
|
|
||||||
* (i.e. are "/" or "/bin/nologin"). */
|
|
||||||
|
|
||||||
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
|
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -1883,7 +1880,10 @@ static int build_environment(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (home && set_user_login_env) {
|
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
|
||||||
|
* (i.e. are "/" or "/bin/nologin"). */
|
||||||
|
|
||||||
|
if (home && set_user_login_env && !empty_or_root(home)) {
|
||||||
x = strjoin("HOME=", home);
|
x = strjoin("HOME=", home);
|
||||||
if (!x)
|
if (!x)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
@ -1892,7 +1892,7 @@ static int build_environment(
|
||||||
our_env[n_env++] = x;
|
our_env[n_env++] = x;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (shell && set_user_login_env) {
|
if (shell && set_user_login_env && !shell_is_placeholder(shell)) {
|
||||||
x = strjoin("SHELL=", shell);
|
x = strjoin("SHELL=", shell);
|
||||||
if (!x)
|
if (!x)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
@ -3471,20 +3471,16 @@ static int apply_working_directory(
|
||||||
const ExecContext *context,
|
const ExecContext *context,
|
||||||
const ExecParameters *params,
|
const ExecParameters *params,
|
||||||
ExecRuntime *runtime,
|
ExecRuntime *runtime,
|
||||||
const char *home,
|
const char *home) {
|
||||||
int *exit_status) {
|
|
||||||
|
|
||||||
const char *wd;
|
const char *wd;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(context);
|
assert(context);
|
||||||
assert(exit_status);
|
|
||||||
|
|
||||||
if (context->working_directory_home) {
|
if (context->working_directory_home) {
|
||||||
if (!home) {
|
if (!home)
|
||||||
*exit_status = EXIT_CHDIR;
|
|
||||||
return -ENXIO;
|
return -ENXIO;
|
||||||
}
|
|
||||||
|
|
||||||
wd = home;
|
wd = home;
|
||||||
} else
|
} else
|
||||||
|
@ -3503,13 +3499,7 @@ static int apply_working_directory(
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
r = RET_NERRNO(fchdir(dfd));
|
r = RET_NERRNO(fchdir(dfd));
|
||||||
}
|
}
|
||||||
|
return context->working_directory_missing_ok ? 0 : r;
|
||||||
if (r < 0 && !context->working_directory_missing_ok) {
|
|
||||||
*exit_status = EXIT_CHDIR;
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apply_root_directory(
|
static int apply_root_directory(
|
||||||
|
@ -3785,7 +3775,7 @@ static int acquire_home(const ExecContext *c, const char **home, char **ret_buf)
|
||||||
if (!c->working_directory_home)
|
if (!c->working_directory_home)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (c->dynamic_user)
|
if (c->dynamic_user || (c->user && is_this_me(c->user) <= 0))
|
||||||
return -EADDRNOTAVAIL;
|
return -EADDRNOTAVAIL;
|
||||||
|
|
||||||
r = get_home_dir(ret_buf);
|
r = get_home_dir(ret_buf);
|
||||||
|
@ -4543,7 +4533,7 @@ int exec_invoke(
|
||||||
r = acquire_home(context, &home, &home_buffer);
|
r = acquire_home(context, &home, &home_buffer);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
*exit_status = EXIT_CHDIR;
|
*exit_status = EXIT_CHDIR;
|
||||||
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for user: %m");
|
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for the invoking user: %m");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
|
/* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
|
||||||
|
@ -5382,9 +5372,11 @@ int exec_invoke(
|
||||||
* running this service might have the correct privilege to change to the working directory. Also, it
|
* running this service might have the correct privilege to change to the working directory. Also, it
|
||||||
* is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
|
* is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
|
||||||
* the cwd cannot be used to pin directories outside of the sandbox. */
|
* the cwd cannot be used to pin directories outside of the sandbox. */
|
||||||
r = apply_working_directory(context, params, runtime, home, exit_status);
|
r = apply_working_directory(context, params, runtime, home);
|
||||||
if (r < 0)
|
if (r < 0) {
|
||||||
|
*exit_status = EXIT_CHDIR;
|
||||||
return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
|
return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
|
||||||
|
}
|
||||||
|
|
||||||
if (needs_sandboxing) {
|
if (needs_sandboxing) {
|
||||||
/* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to
|
/* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to
|
||||||
|
|
|
@ -406,7 +406,7 @@ IPv6SendRA.ReachableTimeSec, config_parse_router_uint32_msec_use
|
||||||
IPv6SendRA.RetransmitSec, config_parse_router_uint32_msec_usec, 0, offsetof(Network, router_retransmit_usec)
|
IPv6SendRA.RetransmitSec, config_parse_router_uint32_msec_usec, 0, offsetof(Network, router_retransmit_usec)
|
||||||
IPv6SendRA.Managed, config_parse_bool, 0, offsetof(Network, router_managed)
|
IPv6SendRA.Managed, config_parse_bool, 0, offsetof(Network, router_managed)
|
||||||
IPv6SendRA.OtherInformation, config_parse_bool, 0, offsetof(Network, router_other_information)
|
IPv6SendRA.OtherInformation, config_parse_bool, 0, offsetof(Network, router_other_information)
|
||||||
IPv6SendRA.RouterPreference, config_parse_router_preference, 0, 0
|
IPv6SendRA.RouterPreference, config_parse_router_preference, 0, offsetof(Network, router_preference)
|
||||||
IPv6SendRA.HopLimit, config_parse_uint8, 0, offsetof(Network, router_hop_limit)
|
IPv6SendRA.HopLimit, config_parse_uint8, 0, offsetof(Network, router_hop_limit)
|
||||||
IPv6SendRA.EmitDNS, config_parse_bool, 0, offsetof(Network, router_emit_dns)
|
IPv6SendRA.EmitDNS, config_parse_bool, 0, offsetof(Network, router_emit_dns)
|
||||||
IPv6SendRA.DNS, config_parse_radv_dns, 0, 0
|
IPv6SendRA.DNS, config_parse_radv_dns, 0, 0
|
||||||
|
@ -427,6 +427,7 @@ IPv6Prefix.RouteMetric, config_parse_prefix_metric,
|
||||||
IPv6Prefix.Token, config_parse_prefix_token, 0, 0
|
IPv6Prefix.Token, config_parse_prefix_token, 0, 0
|
||||||
IPv6RoutePrefix.Route, config_parse_route_prefix, 0, 0
|
IPv6RoutePrefix.Route, config_parse_route_prefix, 0, 0
|
||||||
IPv6RoutePrefix.LifetimeSec, config_parse_route_prefix_lifetime, 0, 0
|
IPv6RoutePrefix.LifetimeSec, config_parse_route_prefix_lifetime, 0, 0
|
||||||
|
IPv6RoutePrefix.Preference, config_parse_route_prefix_preference, 0, 0
|
||||||
IPv6PREF64Prefix.Prefix, config_parse_pref64_prefix, 0, 0
|
IPv6PREF64Prefix.Prefix, config_parse_pref64_prefix, 0, 0
|
||||||
IPv6PREF64Prefix.LifetimeSec, config_parse_pref64_prefix_lifetime, 0, 0
|
IPv6PREF64Prefix.LifetimeSec, config_parse_pref64_prefix_lifetime, 0, 0
|
||||||
LLDP.MUDURL, config_parse_mud_url, 0, offsetof(Network, lldp_mudurl)
|
LLDP.MUDURL, config_parse_mud_url, 0, offsetof(Network, lldp_mudurl)
|
||||||
|
|
|
@ -1134,6 +1134,37 @@ int config_parse_route_prefix_lifetime(
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int config_parse_route_prefix_preference(
|
||||||
|
const char *unit,
|
||||||
|
const char *filename,
|
||||||
|
unsigned line,
|
||||||
|
const char *section,
|
||||||
|
unsigned section_line,
|
||||||
|
const char *lvalue,
|
||||||
|
int ltype,
|
||||||
|
const char *rvalue,
|
||||||
|
void *data,
|
||||||
|
void *userdata) {
|
||||||
|
|
||||||
|
_cleanup_(route_prefix_free_or_set_invalidp) RoutePrefix *p = NULL;
|
||||||
|
Network *network = ASSERT_PTR(userdata);
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(filename);
|
||||||
|
|
||||||
|
r = route_prefix_new_static(network, filename, section_line, &p);
|
||||||
|
if (r < 0)
|
||||||
|
return log_oom();
|
||||||
|
|
||||||
|
r = config_parse_router_preference(unit, filename, line, section, section_line,
|
||||||
|
lvalue, ltype, rvalue, &p->route.preference, NULL);
|
||||||
|
if (r <= 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
TAKE_PTR(p);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int config_parse_pref64_prefix(
|
int config_parse_pref64_prefix(
|
||||||
const char *unit,
|
const char *unit,
|
||||||
const char *filename,
|
const char *filename,
|
||||||
|
@ -1511,25 +1542,18 @@ int config_parse_router_preference(
|
||||||
void *data,
|
void *data,
|
||||||
void *userdata) {
|
void *userdata) {
|
||||||
|
|
||||||
Network *network = userdata;
|
uint8_t *preference = ASSERT_PTR(data);
|
||||||
|
|
||||||
assert(filename);
|
if (isempty(rvalue) || STR_IN_SET(rvalue, "medium", "normal", "default"))
|
||||||
assert(section);
|
*preference = SD_NDISC_PREFERENCE_MEDIUM;
|
||||||
assert(lvalue);
|
else if (streq(rvalue, "high"))
|
||||||
assert(rvalue);
|
*preference = SD_NDISC_PREFERENCE_HIGH;
|
||||||
assert(data);
|
|
||||||
|
|
||||||
if (streq(rvalue, "high"))
|
|
||||||
network->router_preference = SD_NDISC_PREFERENCE_HIGH;
|
|
||||||
else if (STR_IN_SET(rvalue, "medium", "normal", "default"))
|
|
||||||
network->router_preference = SD_NDISC_PREFERENCE_MEDIUM;
|
|
||||||
else if (streq(rvalue, "low"))
|
else if (streq(rvalue, "low"))
|
||||||
network->router_preference = SD_NDISC_PREFERENCE_LOW;
|
*preference = SD_NDISC_PREFERENCE_LOW;
|
||||||
else
|
else
|
||||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
return log_syntax_parse_error(unit, filename, line, 0, lvalue, rvalue);
|
||||||
"Invalid router preference, ignoring assignment: %s", rvalue);
|
|
||||||
|
|
||||||
return 0;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int config_parse_router_home_agent_lifetime(
|
int config_parse_router_home_agent_lifetime(
|
||||||
|
|
|
@ -86,6 +86,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_radv_dns);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_radv_search_domains);
|
CONFIG_PARSER_PROTOTYPE(config_parse_radv_search_domains);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_route_prefix);
|
CONFIG_PARSER_PROTOTYPE(config_parse_route_prefix);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_route_prefix_lifetime);
|
CONFIG_PARSER_PROTOTYPE(config_parse_route_prefix_lifetime);
|
||||||
|
CONFIG_PARSER_PROTOTYPE(config_parse_route_prefix_preference);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_pref64_prefix);
|
CONFIG_PARSER_PROTOTYPE(config_parse_pref64_prefix);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_pref64_prefix_lifetime);
|
CONFIG_PARSER_PROTOTYPE(config_parse_pref64_prefix_lifetime);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_router_home_agent_lifetime);
|
CONFIG_PARSER_PROTOTYPE(config_parse_router_home_agent_lifetime);
|
||||||
|
|
|
@ -2297,7 +2297,8 @@ static int start_transient_scope(sd_bus *bus) {
|
||||||
uid_t uid;
|
uid_t uid;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
|
|
||||||
r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell, USER_CREDS_CLEAN|USER_CREDS_PREFER_NSS);
|
r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell,
|
||||||
|
USER_CREDS_CLEAN|USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_PREFER_NSS);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);
|
return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);
|
||||||
|
|
||||||
|
|
|
@ -6472,6 +6472,22 @@ class NetworkdRATests(unittest.TestCase, Utilities):
|
||||||
networkctl_reload()
|
networkctl_reload()
|
||||||
self.check_router_preference('01', 100, 'high', 300, 'low')
|
self.check_router_preference('01', 100, 'high', 300, 'low')
|
||||||
|
|
||||||
|
# Use route options with preference to configure default routes.
|
||||||
|
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
|
||||||
|
f.write('LifetimeSec=1200\nPreference=low\n')
|
||||||
|
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
|
||||||
|
f.write('LifetimeSec=1200\nPreference=high\n')
|
||||||
|
networkctl_reload()
|
||||||
|
self.check_router_preference('01', 300, 'low', 100, 'high')
|
||||||
|
|
||||||
|
# Set zero lifetime again to the route options.
|
||||||
|
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
|
||||||
|
f.write('LifetimeSec=0\n')
|
||||||
|
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
|
||||||
|
f.write('LifetimeSec=0\n')
|
||||||
|
networkctl_reload()
|
||||||
|
self.check_router_preference('01', 100, 'high', 300, 'low')
|
||||||
|
|
||||||
def _test_ndisc_vs_static_route(self, manage_foreign_nexthops):
|
def _test_ndisc_vs_static_route(self, manage_foreign_nexthops):
|
||||||
if not manage_foreign_nexthops:
|
if not manage_foreign_nexthops:
|
||||||
copy_networkd_conf_dropin('networkd-manage-foreign-nexthops-no.conf')
|
copy_networkd_conf_dropin('networkd-manage-foreign-nexthops-no.conf')
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
|
||||||
|
set -eux
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
# shellcheck source=test/units/util.sh
|
||||||
|
. "$(dirname "$0")"/util.sh
|
||||||
|
|
||||||
|
(! systemd-run --wait -p DynamicUser=yes \
|
||||||
|
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
|
||||||
|
-p WorkingDirectory='~' true)
|
||||||
|
|
||||||
|
assert_eq "$(systemd-run --pipe --uid=root -p WorkingDirectory='~' pwd)" "/root"
|
||||||
|
assert_eq "$(systemd-run --pipe --uid=nobody -p WorkingDirectory='~' pwd)" "/"
|
||||||
|
assert_eq "$(systemd-run --pipe --uid=testuser -p WorkingDirectory='~' pwd)" "/home/testuser"
|
||||||
|
|
||||||
|
(! systemd-run --wait -p DynamicUser=yes -p User=testuser \
|
||||||
|
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
|
||||||
|
-p WorkingDirectory='~' true)
|
|
@ -16,6 +16,7 @@ ConditionDirectoryNotEmpty=|/run/confexts
|
||||||
ConditionDirectoryNotEmpty=|/var/lib/confexts
|
ConditionDirectoryNotEmpty=|/var/lib/confexts
|
||||||
ConditionDirectoryNotEmpty=|/usr/local/lib/confexts
|
ConditionDirectoryNotEmpty=|/usr/local/lib/confexts
|
||||||
ConditionDirectoryNotEmpty=|/usr/lib/confexts
|
ConditionDirectoryNotEmpty=|/usr/lib/confexts
|
||||||
|
ConditionDirectoryNotEmpty=|/.extra/confext
|
||||||
|
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
After=local-fs.target
|
After=local-fs.target
|
||||||
|
|
Loading…
Reference in New Issue