mirror of
https://github.com/systemd/systemd
synced 2025-11-21 01:34:44 +01:00
Compare commits
No commits in common. "1df624422a23b28d0a18ae60af50a95c51c6d43a" and "cb1c039fbc5c14994cf70b0a873a70240a79fb16" have entirely different histories.
1df624422a
...
cb1c039fbc
@ -123,12 +123,8 @@ All tools:
|
|||||||
* `$SYSTEMD_NETLINK_DEFAULT_TIMEOUT` — specifies the default timeout of waiting
|
* `$SYSTEMD_NETLINK_DEFAULT_TIMEOUT` — specifies the default timeout of waiting
|
||||||
replies for netlink messages from the kernel. Defaults to 25 seconds.
|
replies for netlink messages from the kernel. Defaults to 25 seconds.
|
||||||
|
|
||||||
* `$SYSTEMD_VERITY_SHARING=` — takes a boolean. If set, overrides whether
|
* `$SYSTEMD_VERITY_SHARING=0` — if set, sharing dm-verity devices by
|
||||||
dm-verity devices shall be shared between multiple components by using a
|
using a stable `<ROOTHASH>-verity` device mapper name will be disabled.
|
||||||
stable `<ROOTHASH>-verity` device mapper name. The default for this depends
|
|
||||||
on the subsystem in question. Usually,
|
|
||||||
RootImage=/ExtensionImages=/MountImages= in unit files default to enabled,
|
|
||||||
while other uses default to disabled for this.
|
|
||||||
|
|
||||||
`systemctl`:
|
`systemctl`:
|
||||||
|
|
||||||
|
|||||||
38
meson.build
38
meson.build
@ -405,6 +405,7 @@ possible_common_cc_flags = [
|
|||||||
'-Werror=shift-overflow=2',
|
'-Werror=shift-overflow=2',
|
||||||
'-Werror=strict-flex-arrays',
|
'-Werror=strict-flex-arrays',
|
||||||
'-Werror=undef',
|
'-Werror=undef',
|
||||||
|
'-Werror=unused-variable',
|
||||||
'-Wfloat-equal',
|
'-Wfloat-equal',
|
||||||
# gperf prevents us from enabling this because it does not emit fallthrough
|
# gperf prevents us from enabling this because it does not emit fallthrough
|
||||||
# attribute with clang.
|
# attribute with clang.
|
||||||
@ -628,34 +629,33 @@ stat = find_program('stat')
|
|||||||
|
|
||||||
ln_s = ln.full_path() + ' -frsT -- "${DESTDIR:-}@0@" "${DESTDIR:-}@1@"'
|
ln_s = ln.full_path() + ' -frsT -- "${DESTDIR:-}@0@" "${DESTDIR:-}@1@"'
|
||||||
|
|
||||||
# If -Dxxx-path option is found, use that. Otherwise, use the default from the
|
# If -Dxxx-path option is found, use that. Otherwise, check in $PATH,
|
||||||
# middle column; a full path is used directly, a relative path is converted to
|
# /usr/sbin, /sbin, and fall back to the default from middle column.
|
||||||
# /usr/bin/foo or /usr/sbin/foo, depending on whether split-bin is enabled.
|
progs = [['quotaon', '/usr/sbin/quotaon' ],
|
||||||
progs = [['quotaon', 'quotaon' ],
|
['quotacheck', '/usr/sbin/quotacheck' ],
|
||||||
['quotacheck', 'quotacheck' ],
|
|
||||||
['kmod', '/usr/bin/kmod' ],
|
['kmod', '/usr/bin/kmod' ],
|
||||||
['kexec', 'kexec' ],
|
['kexec', '/usr/sbin/kexec' ],
|
||||||
['sulogin', 'sulogin' ],
|
['sulogin', '/usr/sbin/sulogin' ],
|
||||||
['swapon', 'swapon' ],
|
['swapon', '/usr/sbin/swapon' ],
|
||||||
['swapoff', 'swapoff' ],
|
['swapoff', '/usr/sbin/swapoff' ],
|
||||||
['agetty', 'agetty' ],
|
['agetty', '/usr/sbin/agetty' ],
|
||||||
['mount', '/usr/bin/mount', 'MOUNT_PATH'],
|
['mount', '/usr/bin/mount', 'MOUNT_PATH'],
|
||||||
['umount', '/usr/bin/umount', 'UMOUNT_PATH'],
|
['umount', '/usr/bin/umount', 'UMOUNT_PATH'],
|
||||||
['loadkeys', '/usr/bin/loadkeys', 'KBD_LOADKEYS'],
|
['loadkeys', '/usr/bin/loadkeys', 'KBD_LOADKEYS'],
|
||||||
['setfont', '/usr/bin/setfont', 'KBD_SETFONT'],
|
['setfont', '/usr/bin/setfont', 'KBD_SETFONT'],
|
||||||
['nologin', 'nologin', ],
|
['nologin', '/usr/sbin/nologin', ],
|
||||||
]
|
]
|
||||||
foreach prog : progs
|
foreach prog : progs
|
||||||
path = get_option(prog[0] + '-path')
|
path = get_option(prog[0] + '-path')
|
||||||
if path == ''
|
if path != ''
|
||||||
if prog[1].startswith('/')
|
|
||||||
path = prog[1]
|
|
||||||
else
|
|
||||||
path = '/usr' / (split_bin ? 'sbin' : 'bin') / prog[1]
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
message('Using @1@ for @0@'.format(prog[0], path))
|
message('Using @1@ for @0@'.format(prog[0], path))
|
||||||
|
else
|
||||||
|
exe = find_program(prog[0],
|
||||||
|
'/usr/sbin/' + prog[0],
|
||||||
|
'/sbin/' + prog[0],
|
||||||
|
required: false)
|
||||||
|
path = exe.found() ? exe.full_path() : prog[1]
|
||||||
|
endif
|
||||||
name = prog.length() > 2 ? prog[2] : prog[0].to_upper()
|
name = prog.length() > 2 ? prog[2] : prog[0].to_upper()
|
||||||
conf.set_quoted(name, path)
|
conf.set_quoted(name, path)
|
||||||
endforeach
|
endforeach
|
||||||
|
|||||||
@ -2523,8 +2523,7 @@ int setup_namespace(const NamespaceParameters *p, char **reterr_path) {
|
|||||||
DISSECT_IMAGE_GROWFS |
|
DISSECT_IMAGE_GROWFS |
|
||||||
DISSECT_IMAGE_ADD_PARTITION_DEVICES |
|
DISSECT_IMAGE_ADD_PARTITION_DEVICES |
|
||||||
DISSECT_IMAGE_PIN_PARTITION_DEVICES |
|
DISSECT_IMAGE_PIN_PARTITION_DEVICES |
|
||||||
DISSECT_IMAGE_ALLOW_USERSPACE_VERITY |
|
DISSECT_IMAGE_ALLOW_USERSPACE_VERITY;
|
||||||
DISSECT_IMAGE_VERITY_SHARE;
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(p);
|
assert(p);
|
||||||
@ -2589,7 +2588,6 @@ int setup_namespace(const NamespaceParameters *p, char **reterr_path) {
|
|||||||
dissected_image,
|
dissected_image,
|
||||||
NULL,
|
NULL,
|
||||||
p->verity,
|
p->verity,
|
||||||
p->root_image_policy,
|
|
||||||
dissect_image_flags);
|
dissect_image_flags);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to decrypt dissected image: %m");
|
return log_debug_errno(r, "Failed to decrypt dissected image: %m");
|
||||||
|
|||||||
@ -2281,7 +2281,6 @@ static int run(int argc, char *argv[]) {
|
|||||||
r = dissected_image_decrypt_interactively(
|
r = dissected_image_decrypt_interactively(
|
||||||
m, NULL,
|
m, NULL,
|
||||||
&arg_verity_settings,
|
&arg_verity_settings,
|
||||||
arg_image_policy,
|
|
||||||
arg_flags);
|
arg_flags);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|||||||
@ -497,7 +497,6 @@ static int vl_method_mount_image(
|
|||||||
di,
|
di,
|
||||||
p.password,
|
p.password,
|
||||||
&verity,
|
&verity,
|
||||||
use_policy,
|
|
||||||
dissect_flags);
|
dissect_flags);
|
||||||
if (r == -ENOKEY) /* new dm-verity userspace returns ENOKEY if the dm-verity signature key is not in
|
if (r == -ENOKEY) /* new dm-verity userspace returns ENOKEY if the dm-verity signature key is not in
|
||||||
* key chain. That's great. */
|
* key chain. That's great. */
|
||||||
|
|||||||
@ -131,25 +131,30 @@ static int can_set_coredump_receive(sd_bus *bus) {
|
|||||||
return r >= 0;
|
return r >= 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int register_machine_ex(
|
static int create_or_register_machine_ex(
|
||||||
sd_bus *bus,
|
sd_bus *bus,
|
||||||
const char *machine_name,
|
const char *machine_name,
|
||||||
const PidRef *pid,
|
const PidRef *pid,
|
||||||
const char *directory,
|
const char *directory,
|
||||||
sd_id128_t uuid,
|
sd_id128_t uuid,
|
||||||
int local_ifindex,
|
int local_ifindex,
|
||||||
|
const char *slice,
|
||||||
|
CustomMount *mounts,
|
||||||
|
unsigned n_mounts,
|
||||||
|
int kill_signal,
|
||||||
|
char **properties,
|
||||||
|
sd_bus_message *properties_message,
|
||||||
const char *service,
|
const char *service,
|
||||||
sd_bus_error *error) {
|
StartMode start_mode,
|
||||||
|
sd_bus_error *error,
|
||||||
|
bool keep_unit) {
|
||||||
|
|
||||||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(bus);
|
|
||||||
assert(machine_name);
|
|
||||||
assert(service);
|
|
||||||
assert(error);
|
assert(error);
|
||||||
|
|
||||||
r = bus_message_new_method_call(bus, &m, bus_machine_mgr, "RegisterMachineEx");
|
r = bus_message_new_method_call(bus, &m, bus_machine_mgr, keep_unit ? "RegisterMachineEx" : "CreateMachineEx");
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return bus_log_create_error(r);
|
return bus_log_create_error(r);
|
||||||
|
|
||||||
@ -204,6 +209,45 @@ static int register_machine_ex(
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return bus_log_create_error(r);
|
return bus_log_create_error(r);
|
||||||
|
|
||||||
|
if (!keep_unit) {
|
||||||
|
r = sd_bus_message_open_container(m, 'a', "(sv)");
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
|
||||||
|
if (!isempty(slice)) {
|
||||||
|
r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
}
|
||||||
|
|
||||||
|
r = append_controller_property(bus, m);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = append_machine_properties(
|
||||||
|
m,
|
||||||
|
mounts,
|
||||||
|
n_mounts,
|
||||||
|
kill_signal,
|
||||||
|
start_mode == START_BOOT && can_set_coredump_receive(bus) > 0);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
if (properties_message) {
|
||||||
|
r = sd_bus_message_copy(m, properties_message, true);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
}
|
||||||
|
|
||||||
|
r = bus_append_unit_property_assignment_many(m, UNIT_SERVICE, properties);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = sd_bus_message_close_container(m);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
}
|
||||||
|
|
||||||
return sd_bus_call(bus, m, 0, error, NULL);
|
return sd_bus_call(bus, m, 0, error, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -214,31 +258,44 @@ int register_machine(
|
|||||||
const char *directory,
|
const char *directory,
|
||||||
sd_id128_t uuid,
|
sd_id128_t uuid,
|
||||||
int local_ifindex,
|
int local_ifindex,
|
||||||
const char *service) {
|
const char *slice,
|
||||||
|
CustomMount *mounts,
|
||||||
|
unsigned n_mounts,
|
||||||
|
int kill_signal,
|
||||||
|
char **properties,
|
||||||
|
sd_bus_message *properties_message,
|
||||||
|
const char *service,
|
||||||
|
StartMode start_mode,
|
||||||
|
RegisterMachineFlags flags) {
|
||||||
|
|
||||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(bus);
|
assert(bus);
|
||||||
assert(machine_name);
|
|
||||||
assert(service);
|
|
||||||
|
|
||||||
r = register_machine_ex(
|
r = create_or_register_machine_ex(
|
||||||
bus,
|
bus,
|
||||||
machine_name,
|
machine_name,
|
||||||
pid,
|
pid,
|
||||||
directory,
|
directory,
|
||||||
uuid,
|
uuid,
|
||||||
local_ifindex,
|
local_ifindex,
|
||||||
|
slice,
|
||||||
|
mounts,
|
||||||
|
n_mounts,
|
||||||
|
kill_signal,
|
||||||
|
properties,
|
||||||
|
properties_message,
|
||||||
service,
|
service,
|
||||||
&error);
|
start_mode,
|
||||||
|
&error,
|
||||||
|
FLAGS_SET(flags, REGISTER_MACHINE_KEEP_UNIT));
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
return 0;
|
return 0;
|
||||||
if (!sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD))
|
if (!sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD))
|
||||||
return log_error_errno(r, "Failed to register machine: %s", bus_error_message(&error, r));
|
return log_error_errno(r, "Failed to register machine: %s", bus_error_message(&error, r));
|
||||||
|
|
||||||
sd_bus_error_free(&error);
|
sd_bus_error_free(&error);
|
||||||
|
if (FLAGS_SET(flags, REGISTER_MACHINE_KEEP_UNIT)) {
|
||||||
r = bus_call_method(
|
r = bus_call_method(
|
||||||
bus,
|
bus,
|
||||||
bus_machine_mgr,
|
bus_machine_mgr,
|
||||||
@ -253,6 +310,65 @@ int register_machine(
|
|||||||
pidref_is_set(pid) ? (uint32_t) pid->pid : 0,
|
pidref_is_set(pid) ? (uint32_t) pid->pid : 0,
|
||||||
strempty(directory),
|
strempty(directory),
|
||||||
local_ifindex > 0 ? 1 : 0, local_ifindex);
|
local_ifindex > 0 ? 1 : 0, local_ifindex);
|
||||||
|
} else {
|
||||||
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
||||||
|
|
||||||
|
r = bus_message_new_method_call(bus, &m, bus_machine_mgr, "CreateMachineWithNetwork");
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
|
||||||
|
r = sd_bus_message_append(
|
||||||
|
m,
|
||||||
|
"sayssusai",
|
||||||
|
machine_name,
|
||||||
|
SD_BUS_MESSAGE_APPEND_ID128(uuid),
|
||||||
|
service,
|
||||||
|
"container",
|
||||||
|
pidref_is_set(pid) ? (uint32_t) pid->pid : 0,
|
||||||
|
strempty(directory),
|
||||||
|
local_ifindex > 0 ? 1 : 0, local_ifindex);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
|
||||||
|
r = sd_bus_message_open_container(m, 'a', "(sv)");
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
|
||||||
|
if (!isempty(slice)) {
|
||||||
|
r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
}
|
||||||
|
|
||||||
|
r = append_controller_property(bus, m);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = append_machine_properties(
|
||||||
|
m,
|
||||||
|
mounts,
|
||||||
|
n_mounts,
|
||||||
|
kill_signal,
|
||||||
|
start_mode == START_BOOT && can_set_coredump_receive(bus) > 0);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
if (properties_message) {
|
||||||
|
r = sd_bus_message_copy(m, properties_message, true);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
}
|
||||||
|
|
||||||
|
r = bus_append_unit_property_assignment_many(m, UNIT_SERVICE, properties);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = sd_bus_message_close_container(m);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
|
||||||
|
r = sd_bus_call(bus, m, 0, &error, NULL);
|
||||||
|
}
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to register machine: %s", bus_error_message(&error, r));
|
return log_error_errno(r, "Failed to register machine: %s", bus_error_message(&error, r));
|
||||||
|
|
||||||
|
|||||||
@ -4,6 +4,10 @@
|
|||||||
#include "forward.h"
|
#include "forward.h"
|
||||||
#include "nspawn-settings.h"
|
#include "nspawn-settings.h"
|
||||||
|
|
||||||
|
typedef enum RegisterMachineFlags {
|
||||||
|
REGISTER_MACHINE_KEEP_UNIT = 1 << 0,
|
||||||
|
} RegisterMachineFlags;
|
||||||
|
|
||||||
int register_machine(
|
int register_machine(
|
||||||
sd_bus *bus,
|
sd_bus *bus,
|
||||||
const char *machine_name,
|
const char *machine_name,
|
||||||
@ -11,7 +15,14 @@ int register_machine(
|
|||||||
const char *directory,
|
const char *directory,
|
||||||
sd_id128_t uuid,
|
sd_id128_t uuid,
|
||||||
int local_ifindex,
|
int local_ifindex,
|
||||||
const char *service);
|
const char *slice,
|
||||||
|
CustomMount *mounts, unsigned n_mounts,
|
||||||
|
int kill_signal,
|
||||||
|
char **properties,
|
||||||
|
sd_bus_message *properties_message,
|
||||||
|
const char *service,
|
||||||
|
StartMode start_mode,
|
||||||
|
RegisterMachineFlags flags);
|
||||||
int unregister_machine(sd_bus *bus, const char *machine_name);
|
int unregister_machine(sd_bus *bus, const char *machine_name);
|
||||||
|
|
||||||
typedef enum AllocateScopeFlags {
|
typedef enum AllocateScopeFlags {
|
||||||
|
|||||||
@ -18,7 +18,6 @@
|
|||||||
#include "sd-event.h"
|
#include "sd-event.h"
|
||||||
#include "sd-id128.h"
|
#include "sd-id128.h"
|
||||||
#include "sd-netlink.h"
|
#include "sd-netlink.h"
|
||||||
#include "sd-path.h"
|
|
||||||
|
|
||||||
#include "alloc-util.h"
|
#include "alloc-util.h"
|
||||||
#include "barrier.h"
|
#include "barrier.h"
|
||||||
@ -4937,29 +4936,12 @@ static int load_settings(void) {
|
|||||||
if (FLAGS_SET(arg_settings_mask, _SETTINGS_MASK_ALL))
|
if (FLAGS_SET(arg_settings_mask, _SETTINGS_MASK_ALL))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* We first look in the admin's directories in /etc/ and /run/ */
|
/* We first look in the admin's directories in /etc and /run */
|
||||||
static const uint64_t lookup_dir_system[] = {
|
if (arg_privileged)
|
||||||
SD_PATH_SYSTEM_CONFIGURATION,
|
FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
|
||||||
SD_PATH_SYSTEM_RUNTIME,
|
|
||||||
_SD_PATH_INVALID,
|
|
||||||
};
|
|
||||||
static const uint64_t lookup_dir_user[] = {
|
|
||||||
SD_PATH_USER_CONFIGURATION,
|
|
||||||
SD_PATH_USER_RUNTIME,
|
|
||||||
_SD_PATH_INVALID,
|
|
||||||
};
|
|
||||||
|
|
||||||
const uint64_t *q = arg_privileged ? lookup_dir_system : lookup_dir_user;
|
|
||||||
for (; *q != _SD_PATH_INVALID; q++) {
|
|
||||||
_cleanup_free_ char *cd = NULL;
|
|
||||||
r = sd_path_lookup(*q, "systemd/nspawn", &cd);
|
|
||||||
if (r < 0) {
|
|
||||||
log_warning_errno(r, "Failed to determine settings directory, ignoring: %m");
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
_cleanup_free_ char *j = NULL;
|
_cleanup_free_ char *j = NULL;
|
||||||
j = path_join(cd, arg_settings_filename);
|
|
||||||
|
j = path_join(i, arg_settings_filename);
|
||||||
if (!j)
|
if (!j)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
|
||||||
@ -4967,8 +4949,6 @@ static int load_settings(void) {
|
|||||||
if (f) {
|
if (f) {
|
||||||
p = TAKE_PTR(j);
|
p = TAKE_PTR(j);
|
||||||
|
|
||||||
log_debug("Found settings file: %s", p);
|
|
||||||
|
|
||||||
/* By default, we trust configuration from /etc and /run */
|
/* By default, we trust configuration from /etc and /run */
|
||||||
if (arg_settings_trusted < 0)
|
if (arg_settings_trusted < 0)
|
||||||
arg_settings_trusted = true;
|
arg_settings_trusted = true;
|
||||||
@ -4999,9 +4979,6 @@ static int load_settings(void) {
|
|||||||
if (!f && errno != ENOENT)
|
if (!f && errno != ENOENT)
|
||||||
return log_error_errno(errno, "Failed to open %s: %m", p);
|
return log_error_errno(errno, "Failed to open %s: %m", p);
|
||||||
|
|
||||||
if (f)
|
|
||||||
log_debug("Found settings file: %s", p);
|
|
||||||
|
|
||||||
/* By default, we do not trust configuration from /var/lib/machines */
|
/* By default, we do not trust configuration from /var/lib/machines */
|
||||||
if (arg_settings_trusted < 0)
|
if (arg_settings_trusted < 0)
|
||||||
arg_settings_trusted = false;
|
arg_settings_trusted = false;
|
||||||
@ -5380,10 +5357,10 @@ static int run_container(
|
|||||||
(void) sd_bus_set_allow_interactive_authorization(system_bus, arg_ask_password);
|
(void) sd_bus_set_allow_interactive_authorization(system_bus, arg_ask_password);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Scope allocation happens on the user bus if we are unpriv, otherwise system bus. */
|
||||||
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *user_bus = NULL;
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *user_bus = NULL;
|
||||||
_cleanup_(sd_bus_unrefp) sd_bus *runtime_bus = NULL;
|
_cleanup_(sd_bus_unrefp) sd_bus *runtime_bus = NULL;
|
||||||
|
if (!arg_keep_unit) {
|
||||||
if (arg_register || !arg_keep_unit) {
|
|
||||||
if (arg_privileged)
|
if (arg_privileged)
|
||||||
runtime_bus = sd_bus_ref(system_bus);
|
runtime_bus = sd_bus_ref(system_bus);
|
||||||
else {
|
else {
|
||||||
@ -5397,22 +5374,7 @@ static int run_container(
|
|||||||
|
|
||||||
runtime_bus = sd_bus_ref(user_bus);
|
runtime_bus = sd_bus_ref(user_bus);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* Scope allocation happens on the user bus if we are unpriv, otherwise system bus. */
|
|
||||||
if (arg_keep_unit) {
|
|
||||||
/* If we are not supposed to allocate a unit, then let's move the process now, so that we can
|
|
||||||
* register things while being in the right cgroup location already. Otherwise, let's move
|
|
||||||
* the process later, once we have unit and hence cgroup. */
|
|
||||||
r = create_subcgroup(
|
|
||||||
pid,
|
|
||||||
arg_keep_unit,
|
|
||||||
arg_uid_shift,
|
|
||||||
userns_fd,
|
|
||||||
arg_userns_mode);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
} else {
|
|
||||||
/* When a new scope is created for this container, then we'll be registered as its controller, in which
|
/* When a new scope is created for this container, then we'll be registered as its controller, in which
|
||||||
* case PID 1 will send us a friendly RequestStop signal, when it is asked to terminate the
|
* case PID 1 will send us a friendly RequestStop signal, when it is asked to terminate the
|
||||||
* scope. Let's hook into that, and cleanly shut down the container, and print a friendly message. */
|
* scope. Let's hook into that, and cleanly shut down the container, and print a friendly message. */
|
||||||
@ -5431,8 +5393,22 @@ static int run_container(
|
|||||||
return log_error_errno(r, "Failed to request RequestStop match: %m");
|
return log_error_errno(r, "Failed to request RequestStop match: %m");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (arg_keep_unit) {
|
||||||
|
/* If we are not supposed to allocate a unit, then let's move the process now, so that we can
|
||||||
|
* register things while being in the right cgroup location already. Otherwise, let's move
|
||||||
|
* the process later, once we have unit and hence cgroup. */
|
||||||
|
r = create_subcgroup(
|
||||||
|
pid,
|
||||||
|
arg_keep_unit,
|
||||||
|
arg_uid_shift,
|
||||||
|
userns_fd,
|
||||||
|
arg_userns_mode);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
bool scope_allocated = false;
|
bool scope_allocated = false;
|
||||||
if (!arg_keep_unit) {
|
if (!arg_keep_unit && (!arg_register || !arg_privileged)) {
|
||||||
AllocateScopeFlags flags = ALLOCATE_SCOPE_ALLOW_PIDFD;
|
AllocateScopeFlags flags = ALLOCATE_SCOPE_ALLOW_PIDFD;
|
||||||
r = allocate_scope(
|
r = allocate_scope(
|
||||||
runtime_bus,
|
runtime_bus,
|
||||||
@ -5451,8 +5427,10 @@ static int run_container(
|
|||||||
scope_allocated = true;
|
scope_allocated = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool registered_system = false, registered_runtime = false;
|
bool registered = false;
|
||||||
if (arg_register) {
|
if (arg_register) {
|
||||||
|
RegisterMachineFlags flags = 0;
|
||||||
|
SET_FLAG(flags, REGISTER_MACHINE_KEEP_UNIT, arg_keep_unit || !arg_privileged);
|
||||||
r = register_machine(
|
r = register_machine(
|
||||||
system_bus,
|
system_bus,
|
||||||
arg_machine,
|
arg_machine,
|
||||||
@ -5460,32 +5438,18 @@ static int run_container(
|
|||||||
arg_directory,
|
arg_directory,
|
||||||
arg_uuid,
|
arg_uuid,
|
||||||
ifi,
|
ifi,
|
||||||
arg_container_service_name);
|
arg_slice,
|
||||||
if (r < 0) {
|
arg_custom_mounts, arg_n_custom_mounts,
|
||||||
if (arg_privileged) /* if privileged the request to register definitely failed */
|
arg_kill_signal,
|
||||||
|
arg_property,
|
||||||
|
arg_property_message,
|
||||||
|
arg_container_service_name,
|
||||||
|
arg_start_mode,
|
||||||
|
flags);
|
||||||
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
log_notice_errno(r, "Failed to register machine in system context, will try in user context.");
|
registered = true;
|
||||||
} else
|
|
||||||
registered_system = true;
|
|
||||||
|
|
||||||
if (!arg_privileged) {
|
|
||||||
r = register_machine(
|
|
||||||
runtime_bus,
|
|
||||||
arg_machine,
|
|
||||||
pid,
|
|
||||||
arg_directory,
|
|
||||||
arg_uuid,
|
|
||||||
ifi,
|
|
||||||
arg_container_service_name);
|
|
||||||
if (r < 0) {
|
|
||||||
if (!registered_system) /* neither registration worked: fail */
|
|
||||||
return r;
|
|
||||||
|
|
||||||
log_notice_errno(r, "Failed to register machine in user context, but succeeded in system context, will proceed.");
|
|
||||||
} else
|
|
||||||
registered_runtime = true;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (arg_keep_unit && (arg_slice || arg_property))
|
if (arg_keep_unit && (arg_slice || arg_property))
|
||||||
@ -5697,10 +5661,8 @@ static int run_container(
|
|||||||
r = wait_for_container(pid, &container_status);
|
r = wait_for_container(pid, &container_status);
|
||||||
|
|
||||||
/* Tell machined that we are gone. */
|
/* Tell machined that we are gone. */
|
||||||
if (registered_system)
|
if (registered)
|
||||||
(void) unregister_machine(system_bus, arg_machine);
|
(void) unregister_machine(system_bus, arg_machine);
|
||||||
if (registered_runtime)
|
|
||||||
(void) unregister_machine(runtime_bus, arg_machine);
|
|
||||||
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
/* We failed to wait for the container, or the container exited abnormally. */
|
/* We failed to wait for the container, or the container exited abnormally. */
|
||||||
@ -6339,7 +6301,6 @@ static int run(int argc, char *argv[]) {
|
|||||||
dissected_image,
|
dissected_image,
|
||||||
NULL,
|
NULL,
|
||||||
&arg_verity_settings,
|
&arg_verity_settings,
|
||||||
arg_image_policy ?: &image_policy_container,
|
|
||||||
dissect_image_flags);
|
dissect_image_flags);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto finish;
|
goto finish;
|
||||||
|
|||||||
@ -2547,7 +2547,6 @@ static int decrypt_partition(
|
|||||||
DissectedPartition *m,
|
DissectedPartition *m,
|
||||||
const char *passphrase,
|
const char *passphrase,
|
||||||
DissectImageFlags flags,
|
DissectImageFlags flags,
|
||||||
PartitionPolicyFlags policy_flags,
|
|
||||||
DecryptedImage *d) {
|
DecryptedImage *d) {
|
||||||
|
|
||||||
_cleanup_free_ char *node = NULL, *name = NULL;
|
_cleanup_free_ char *node = NULL, *name = NULL;
|
||||||
@ -2567,9 +2566,6 @@ static int decrypt_partition(
|
|||||||
if (!passphrase)
|
if (!passphrase)
|
||||||
return -ENOKEY;
|
return -ENOKEY;
|
||||||
|
|
||||||
if (!FLAGS_SET(policy_flags, PARTITION_POLICY_ENCRYPTED))
|
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(ERFKILL), "Attempted to unlock partition via LUKS, but it's prohibited.");
|
|
||||||
|
|
||||||
r = dlopen_cryptsetup();
|
r = dlopen_cryptsetup();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
@ -2676,8 +2672,6 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(char *, dm_deferred_remove_clean);
|
|||||||
static int validate_signature_userspace(const VeritySettings *verity, DissectImageFlags flags) {
|
static int validate_signature_userspace(const VeritySettings *verity, DissectImageFlags flags) {
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
/* Returns > 0 if signature checks out, == 0 if not, < 0 on unexpected errors */
|
|
||||||
|
|
||||||
if (!FLAGS_SET(flags, DISSECT_IMAGE_ALLOW_USERSPACE_VERITY)) {
|
if (!FLAGS_SET(flags, DISSECT_IMAGE_ALLOW_USERSPACE_VERITY)) {
|
||||||
log_debug("Userspace dm-verity signature authentication disabled via flag.");
|
log_debug("Userspace dm-verity signature authentication disabled via flag.");
|
||||||
return 0;
|
return 0;
|
||||||
@ -2784,8 +2778,7 @@ static int do_crypt_activate_verity(
|
|||||||
struct crypt_device *cd,
|
struct crypt_device *cd,
|
||||||
const char *name,
|
const char *name,
|
||||||
const VeritySettings *verity,
|
const VeritySettings *verity,
|
||||||
DissectImageFlags flags,
|
DissectImageFlags flags) {
|
||||||
PartitionPolicyFlags policy_flags) {
|
|
||||||
|
|
||||||
bool check_signature;
|
bool check_signature;
|
||||||
int r, k;
|
int r, k;
|
||||||
@ -2794,7 +2787,7 @@ static int do_crypt_activate_verity(
|
|||||||
assert(name);
|
assert(name);
|
||||||
assert(verity);
|
assert(verity);
|
||||||
|
|
||||||
if (verity->root_hash_sig && FLAGS_SET(policy_flags, PARTITION_POLICY_SIGNED)) {
|
if (verity->root_hash_sig) {
|
||||||
r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIGNATURE");
|
r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIGNATURE");
|
||||||
if (r < 0 && r != -ENXIO)
|
if (r < 0 && r != -ENXIO)
|
||||||
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIGNATURE");
|
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIGNATURE");
|
||||||
@ -2804,6 +2797,7 @@ static int do_crypt_activate_verity(
|
|||||||
check_signature = false;
|
check_signature = false;
|
||||||
|
|
||||||
if (check_signature) {
|
if (check_signature) {
|
||||||
|
|
||||||
#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
|
#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
|
||||||
/* First, if we have support for signed keys in the kernel, then try that first. */
|
/* First, if we have support for signed keys in the kernel, then try that first. */
|
||||||
r = sym_crypt_activate_by_signed_key(
|
r = sym_crypt_activate_by_signed_key(
|
||||||
@ -2814,18 +2808,10 @@ static int do_crypt_activate_verity(
|
|||||||
verity->root_hash_sig,
|
verity->root_hash_sig,
|
||||||
verity->root_hash_sig_size,
|
verity->root_hash_sig_size,
|
||||||
CRYPT_ACTIVATE_READONLY);
|
CRYPT_ACTIVATE_READONLY);
|
||||||
if (r >= 0) {
|
if (r >= 0)
|
||||||
log_debug("Verity activation via kernel signature logic worked.");
|
return r;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
log_debug_errno(r, "Validation of dm-verity signature failed via the kernel, trying userspace validation instead: %m");
|
log_debug_errno(r, "Validation of dm-verity signature failed via the kernel, trying userspace validation instead: %m");
|
||||||
|
|
||||||
/* Let's mangle ENOKEY → EDESTADDRREQ, so that we return a clear, recognizable error if
|
|
||||||
* there's a signature we don't recognize, that is distinct from the LUKS/encryption
|
|
||||||
* -ENOKEY, which means "password required, but I have none". */
|
|
||||||
if (r == -ENOKEY)
|
|
||||||
r = -EDESTADDRREQ;
|
|
||||||
#else
|
#else
|
||||||
log_debug("Activation of verity device with signature requested, but not supported via the kernel by %s due to missing crypt_activate_by_signed_key(), trying userspace validation instead.",
|
log_debug("Activation of verity device with signature requested, but not supported via the kernel by %s due to missing crypt_activate_by_signed_key(), trying userspace validation instead.",
|
||||||
program_invocation_short_name);
|
program_invocation_short_name);
|
||||||
@ -2839,36 +2825,18 @@ static int do_crypt_activate_verity(
|
|||||||
* as the device-mapper is finicky around concurrent activations of the same volume */
|
* as the device-mapper is finicky around concurrent activations of the same volume */
|
||||||
k = validate_signature_userspace(verity, flags);
|
k = validate_signature_userspace(verity, flags);
|
||||||
if (k < 0)
|
if (k < 0)
|
||||||
return k;
|
return r < 0 ? r : k;
|
||||||
if (k == 0) {
|
if (k == 0)
|
||||||
log_debug("Activation of signed Verity volume worked neither via the kernel nor in userspace, can't activate.");
|
return log_debug_errno(r < 0 ? r : SYNTHETIC_ERRNO(ENOKEY),
|
||||||
|
"Activation of signed Verity volume worked neither via the kernel nor in userspace, can't activate.");
|
||||||
|
}
|
||||||
|
|
||||||
/* So if we had a signature and we're supposed to exclusively allow
|
return sym_crypt_activate_by_volume_key(
|
||||||
* signature-based activation, then return the error now */
|
|
||||||
if (!FLAGS_SET(policy_flags, PARTITION_POLICY_VERITY))
|
|
||||||
return r < 0 ? r : -EDESTADDRREQ;
|
|
||||||
|
|
||||||
log_debug("Activation of signed Verity volume without validating signature is permitted by policy. Continuing.");
|
|
||||||
} else
|
|
||||||
log_debug("Verity activation via userspace signature logic worked, activating by root hash.");
|
|
||||||
|
|
||||||
/* Otherwise let's see what signature-less activation results in. */
|
|
||||||
|
|
||||||
} else if (!FLAGS_SET(policy_flags, PARTITION_POLICY_VERITY))
|
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(ERFKILL),
|
|
||||||
"No-signature activation of Verity volume not allowed by policy, refusing.");
|
|
||||||
|
|
||||||
r = sym_crypt_activate_by_volume_key(
|
|
||||||
cd,
|
cd,
|
||||||
name,
|
name,
|
||||||
verity->root_hash,
|
verity->root_hash,
|
||||||
verity->root_hash_size,
|
verity->root_hash_size,
|
||||||
CRYPT_ACTIVATE_READONLY);
|
CRYPT_ACTIVATE_READONLY);
|
||||||
if (r < 0)
|
|
||||||
return log_debug_errno(r, "Activation of Verity via root hash failed: %m");
|
|
||||||
|
|
||||||
log_debug("Activation of Verity via root hash succeeded.");
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static usec_t verity_timeout(void) {
|
static usec_t verity_timeout(void) {
|
||||||
@ -2895,11 +2863,10 @@ static usec_t verity_timeout(void) {
|
|||||||
|
|
||||||
static int verity_partition(
|
static int verity_partition(
|
||||||
PartitionDesignator designator,
|
PartitionDesignator designator,
|
||||||
DissectedPartition *m, /* data partition */
|
DissectedPartition *m,
|
||||||
DissectedPartition *v, /* verity partition */
|
DissectedPartition *v,
|
||||||
const VeritySettings *verity,
|
const VeritySettings *verity,
|
||||||
DissectImageFlags flags,
|
DissectImageFlags flags,
|
||||||
PartitionPolicyFlags policy_flags,
|
|
||||||
DecryptedImage *d) {
|
DecryptedImage *d) {
|
||||||
|
|
||||||
_cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
|
_cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
|
||||||
@ -2926,11 +2893,6 @@ static int verity_partition(
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(policy_flags & (PARTITION_POLICY_VERITY|PARTITION_POLICY_SIGNED))) {
|
|
||||||
log_debug("Attempted to unlock partition via Verity, but it's prohibited, skipping.");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = dlopen_cryptsetup();
|
r = dlopen_cryptsetup();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
@ -2982,7 +2944,7 @@ static int verity_partition(
|
|||||||
goto check; /* The device already exists. Let's check it. */
|
goto check; /* The device already exists. Let's check it. */
|
||||||
|
|
||||||
/* The symlink to the device node does not exist yet. Assume not activated, and let's activate it. */
|
/* The symlink to the device node does not exist yet. Assume not activated, and let's activate it. */
|
||||||
r = do_crypt_activate_verity(cd, name, verity, flags, policy_flags);
|
r = do_crypt_activate_verity(cd, name, verity, flags);
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
goto try_open; /* The device is activated. Let's open it. */
|
goto try_open; /* The device is activated. Let's open it. */
|
||||||
/* libdevmapper can return EINVAL when the device is already in the activation stage.
|
/* libdevmapper can return EINVAL when the device is already in the activation stage.
|
||||||
@ -3076,7 +3038,7 @@ static int verity_partition(
|
|||||||
*/
|
*/
|
||||||
sym_crypt_free(cd);
|
sym_crypt_free(cd);
|
||||||
cd = NULL;
|
cd = NULL;
|
||||||
return verity_partition(designator, m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, policy_flags, d);
|
return verity_partition(designator, m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
|
||||||
}
|
}
|
||||||
|
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(EBUSY), "All attempts to activate verity device %s failed.", name);
|
return log_debug_errno(SYNTHETIC_ERRNO(EBUSY), "All attempts to activate verity device %s failed.", name);
|
||||||
@ -3098,26 +3060,23 @@ int dissected_image_decrypt(
|
|||||||
DissectedImage *m,
|
DissectedImage *m,
|
||||||
const char *passphrase,
|
const char *passphrase,
|
||||||
const VeritySettings *verity,
|
const VeritySettings *verity,
|
||||||
const ImagePolicy *policy,
|
|
||||||
DissectImageFlags flags) {
|
DissectImageFlags flags) {
|
||||||
|
|
||||||
#if HAVE_LIBCRYPTSETUP
|
#if HAVE_LIBCRYPTSETUP
|
||||||
_cleanup_(decrypted_image_unrefp) DecryptedImage *d = NULL;
|
_cleanup_(decrypted_image_unrefp) DecryptedImage *d = NULL;
|
||||||
#endif
|
|
||||||
int r;
|
int r;
|
||||||
|
#endif
|
||||||
|
|
||||||
assert(m);
|
assert(m);
|
||||||
assert(!verity || verity->root_hash || verity->root_hash_size == 0);
|
assert(!verity || verity->root_hash || verity->root_hash_size == 0);
|
||||||
|
|
||||||
/* Returns:
|
/* Returns:
|
||||||
*
|
*
|
||||||
* = 0 → There was nothing to decrypt/setup
|
* = 0 → There was nothing to decrypt
|
||||||
* > 0 → Decrypted/setup successfully
|
* > 0 → Decrypted successfully
|
||||||
* -ENOKEY → dm-crypt: there's something to decrypt but no decryption key was supplied
|
* -ENOKEY → There's something to decrypt but no key was supplied
|
||||||
* -EKEYREJECTED → dm-crypt: Passed key was not correct
|
* -EKEYREJECTED → Passed key was not correct
|
||||||
* -EDESTADDRREQ → dm-verity: there's something to setup but no signature was supplied
|
* -EBUSY → Generic Verity error (kernel is not very explanatory)
|
||||||
* -EBUSY → dm-verity: Generic Verity error (kernel is not very explanatory)
|
|
||||||
* -ERFKILL → image policy not compatible with request
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (verity && verity->root_hash && verity->root_hash_size < sizeof(sd_id128_t))
|
if (verity && verity->root_hash && verity->root_hash_size < sizeof(sd_id128_t))
|
||||||
@ -3126,10 +3085,6 @@ int dissected_image_decrypt(
|
|||||||
if (!m->encrypted && !m->verity_ready)
|
if (!m->encrypted && !m->verity_ready)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
r = secure_getenv_bool("SYSTEMD_VERITY_SHARING");
|
|
||||||
if (r >= 0)
|
|
||||||
SET_FLAG(flags, DISSECT_IMAGE_VERITY_SHARE, r);
|
|
||||||
|
|
||||||
#if HAVE_LIBCRYPTSETUP
|
#if HAVE_LIBCRYPTSETUP
|
||||||
r = decrypted_image_new(&d);
|
r = decrypted_image_new(&d);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@ -3142,15 +3097,15 @@ int dissected_image_decrypt(
|
|||||||
if (!p->found)
|
if (!p->found)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
PartitionPolicyFlags fl = image_policy_get_exhaustively(policy, i);
|
r = decrypt_partition(p, passphrase, flags, d);
|
||||||
|
|
||||||
r = decrypt_partition(p, passphrase, flags, fl, d);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
k = partition_verity_hash_of(i);
|
k = partition_verity_hash_of(i);
|
||||||
if (k >= 0) {
|
if (k >= 0) {
|
||||||
r = verity_partition(i, p, m->partitions + k, verity, flags, fl, d);
|
flags |= getenv_bool("SYSTEMD_VERITY_SHARING") != 0 ? DISSECT_IMAGE_VERITY_SHARE : 0;
|
||||||
|
|
||||||
|
r = verity_partition(i, p, m->partitions + k, verity, flags, d);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
@ -3163,6 +3118,7 @@ int dissected_image_decrypt(
|
|||||||
}
|
}
|
||||||
|
|
||||||
m->decrypted_image = TAKE_PTR(d);
|
m->decrypted_image = TAKE_PTR(d);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
#else
|
#else
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
@ -3173,7 +3129,6 @@ int dissected_image_decrypt_interactively(
|
|||||||
DissectedImage *m,
|
DissectedImage *m,
|
||||||
const char *passphrase,
|
const char *passphrase,
|
||||||
const VeritySettings *verity,
|
const VeritySettings *verity,
|
||||||
const ImagePolicy *image_policy,
|
|
||||||
DissectImageFlags flags) {
|
DissectImageFlags flags) {
|
||||||
|
|
||||||
_cleanup_strv_free_erase_ char **z = NULL;
|
_cleanup_strv_free_erase_ char **z = NULL;
|
||||||
@ -3183,17 +3138,13 @@ int dissected_image_decrypt_interactively(
|
|||||||
n--;
|
n--;
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
r = dissected_image_decrypt(m, passphrase, verity, image_policy, flags);
|
r = dissected_image_decrypt(m, passphrase, verity, flags);
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
return r;
|
return r;
|
||||||
if (r == -EKEYREJECTED)
|
if (r == -EKEYREJECTED)
|
||||||
log_error_errno(r, "Incorrect passphrase, try again!");
|
log_error_errno(r, "Incorrect passphrase, try again!");
|
||||||
else if (r == -EDESTADDRREQ)
|
|
||||||
return log_error_errno(r, "Image lacks recognized signature.");
|
|
||||||
else if (r == -ERFKILL)
|
|
||||||
return log_error_errno(r, "Unlocking of Verity/LUKS volumes not permitted by policy.");
|
|
||||||
else if (r != -ENOKEY)
|
else if (r != -ENOKEY)
|
||||||
return log_error_errno(r, "Failed to decrypt/set up image: %m");
|
return log_error_errno(r, "Failed to decrypt image: %m");
|
||||||
|
|
||||||
if (--n < 0)
|
if (--n < 0)
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EKEYREJECTED),
|
return log_error_errno(SYNTHETIC_ERRNO(EKEYREJECTED),
|
||||||
@ -4324,7 +4275,7 @@ int mount_image_privately_interactively(
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
r = dissected_image_decrypt_interactively(dissected_image, NULL, &verity, image_policy, flags);
|
r = dissected_image_decrypt_interactively(dissected_image, NULL, &verity, flags);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
@ -4428,8 +4379,7 @@ int verity_dissect_and_mount(
|
|||||||
(relax_extension_release_check ? DISSECT_IMAGE_RELAX_EXTENSION_CHECK : 0) |
|
(relax_extension_release_check ? DISSECT_IMAGE_RELAX_EXTENSION_CHECK : 0) |
|
||||||
DISSECT_IMAGE_ADD_PARTITION_DEVICES |
|
DISSECT_IMAGE_ADD_PARTITION_DEVICES |
|
||||||
DISSECT_IMAGE_PIN_PARTITION_DEVICES |
|
DISSECT_IMAGE_PIN_PARTITION_DEVICES |
|
||||||
DISSECT_IMAGE_ALLOW_USERSPACE_VERITY |
|
DISSECT_IMAGE_ALLOW_USERSPACE_VERITY;
|
||||||
DISSECT_IMAGE_VERITY_SHARE;
|
|
||||||
|
|
||||||
/* Note that we don't use loop_device_make here, as the FD is most likely O_PATH which would not be
|
/* Note that we don't use loop_device_make here, as the FD is most likely O_PATH which would not be
|
||||||
* accepted by LOOP_CONFIGURE, so just let loop_device_make_by_path reopen it as a regular FD. */
|
* accepted by LOOP_CONFIGURE, so just let loop_device_make_by_path reopen it as a regular FD. */
|
||||||
@ -4476,7 +4426,6 @@ int verity_dissect_and_mount(
|
|||||||
dissected_image,
|
dissected_image,
|
||||||
NULL,
|
NULL,
|
||||||
verity,
|
verity,
|
||||||
image_policy,
|
|
||||||
dissect_image_flags);
|
dissect_image_flags);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to decrypt dissected image: %m");
|
return log_debug_errno(r, "Failed to decrypt dissected image: %m");
|
||||||
|
|||||||
@ -171,8 +171,8 @@ void dissected_image_close(DissectedImage *m);
|
|||||||
DissectedImage* dissected_image_unref(DissectedImage *m);
|
DissectedImage* dissected_image_unref(DissectedImage *m);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(DissectedImage*, dissected_image_unref);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(DissectedImage*, dissected_image_unref);
|
||||||
|
|
||||||
int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const VeritySettings *verity, const ImagePolicy *image_policy, DissectImageFlags flags);
|
int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags);
|
||||||
int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const VeritySettings *verity, const ImagePolicy *image_policy, DissectImageFlags flags);
|
int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags);
|
||||||
int dissected_image_mount(DissectedImage *m, const char *where, uid_t uid_shift, uid_t uid_range, int userns_fd, DissectImageFlags flags);
|
int dissected_image_mount(DissectedImage *m, const char *where, uid_t uid_shift, uid_t uid_range, int userns_fd, DissectImageFlags flags);
|
||||||
int dissected_image_mount_and_warn(DissectedImage *m, const char *where, uid_t uid_shift, uid_t uid_range, int userns_fd, DissectImageFlags flags);
|
int dissected_image_mount_and_warn(DissectedImage *m, const char *where, uid_t uid_shift, uid_t uid_range, int userns_fd, DissectImageFlags flags);
|
||||||
|
|
||||||
|
|||||||
@ -92,145 +92,145 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE(
|
|||||||
|
|
||||||
/* CPU Control
|
/* CPU Control
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPU%20Control */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPU%20Control */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#CPUWeight=weight"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUWeight=weight"),
|
||||||
SD_VARLINK_DEFINE_FIELD(CPUWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(CPUWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#CPUWeight=weight"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUWeight=weight"),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartupCPUWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartupCPUWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#CPUQuota="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUQuota="),
|
||||||
SD_VARLINK_DEFINE_FIELD(CPUQuotaPerSecUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(CPUQuotaPerSecUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#CPUQuotaPeriodSec="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUQuotaPeriodSec="),
|
||||||
SD_VARLINK_DEFINE_FIELD(CPUQuotaPeriodUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(CPUQuotaPeriodUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#AllowedCPUs="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedCPUs="),
|
||||||
SD_VARLINK_DEFINE_FIELD(AllowedCPUs, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(AllowedCPUs, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#AllowedCPUs="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedCPUs="),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartupAllowedCPUs, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartupAllowedCPUs, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
|
|
||||||
/* Memory Accounting and Control
|
/* Memory Accounting and Control
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Memory%20Accounting%20and%20Control */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Memory%20Accounting%20and%20Control */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryAccounting="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryAccounting="),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemoryAccounting, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(MemoryAccounting, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemoryMin, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(MemoryMin, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(DefaultMemoryMin, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(DefaultMemoryMin, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(MemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(DefaultMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(DefaultMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemorySwapMax=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemorySwapMax=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartupMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartupMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(DefaultStartupMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(DefaultStartupMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryHigh=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryHigh=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemoryHigh, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(MemoryHigh, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryHigh=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryHigh=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartupMemoryHigh, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartupMemoryHigh, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMax=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMax=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemoryMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(MemoryMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMax=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMax=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartupMemoryMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartupMemoryMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemorySwapMax=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemorySwapMax=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemorySwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(MemorySwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemorySwapMax=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemorySwapMax=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartupMemorySwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartupMemorySwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryZSwapMax=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryZSwapMax=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemoryZSwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(MemoryZSwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryZSwapMax=bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryZSwapMax=bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartupMemoryZSwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartupMemoryZSwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryZSwapWriteback="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryZSwapWriteback="),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemoryZSwapWriteback, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(MemoryZSwapWriteback, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#AllowedMemoryNodes="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedMemoryNodes="),
|
||||||
SD_VARLINK_DEFINE_FIELD(AllowedMemoryNodes, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(AllowedMemoryNodes, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#AllowedMemoryNodes="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedMemoryNodes="),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartupAllowedMemoryNodes, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartupAllowedMemoryNodes, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
|
|
||||||
/* Process Accounting and Control
|
/* Process Accounting and Control
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Process%20Accounting%20and%20Control */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Process%20Accounting%20and%20Control */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#TasksAccounting="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#TasksAccounting="),
|
||||||
SD_VARLINK_DEFINE_FIELD(TasksAccounting, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(TasksAccounting, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#TasksMax=N"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#TasksMax=N"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(TasksMax, CGroupTasksMax, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(TasksMax, CGroupTasksMax, SD_VARLINK_NULLABLE),
|
||||||
|
|
||||||
/* IO Accounting and Control
|
/* IO Accounting and Control
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IO%20Accounting%20and%20Control */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IO%20Accounting%20and%20Control */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOAccounting="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOAccounting="),
|
||||||
SD_VARLINK_DEFINE_FIELD(IOAccounting, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(IOAccounting, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOWeight=weight"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOWeight=weight"),
|
||||||
SD_VARLINK_DEFINE_FIELD(IOWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(IOWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOWeight=weight"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOWeight=weight"),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartupIOWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartupIOWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IODeviceWeight=device%20weight"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IODeviceWeight=device%20weight"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IODeviceWeight, CGroupIODeviceWeight, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IODeviceWeight, CGroupIODeviceWeight, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOReadBandwidthMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOReadBandwidthMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOWriteBandwidthMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOWriteBandwidthMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOReadIOPSMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOReadIOPSMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOWriteIOPSMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOWriteIOPSMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IODeviceLatencyTargetSec=device%20target"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IODeviceLatencyTargetSec=device%20target"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IODeviceLatencyTargetUSec, CGroupIODeviceLatency, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IODeviceLatencyTargetUSec, CGroupIODeviceLatency, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
|
|
||||||
/* Network Accounting and Control
|
/* Network Accounting and Control
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Network%20Accounting%20and%20Control */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Network%20Accounting%20and%20Control */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPAccounting="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAccounting="),
|
||||||
SD_VARLINK_DEFINE_FIELD(IPAccounting, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(IPAccounting, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IPAddressAllow, CGroupAddressPrefix, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IPAddressAllow, CGroupAddressPrefix, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IPAddressDeny, CGroupAddressPrefix, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IPAddressDeny, CGroupAddressPrefix, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#SocketBindAllow=bind-rule"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#SocketBindAllow=bind-rule"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(SocketBindAllow, CGroupSocketBind, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(SocketBindAllow, CGroupSocketBind, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#SocketBindAllow=bind-rule"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#SocketBindAllow=bind-rule"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(SocketBindDeny, CGroupSocketBind, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(SocketBindDeny, CGroupSocketBind, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#RestrictNetworkInterfaces="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#RestrictNetworkInterfaces="),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(RestrictNetworkInterfaces, CGroupRestrictNetworkInterfaces, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(RestrictNetworkInterfaces, CGroupRestrictNetworkInterfaces, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#NFTSet=family:table:set"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#NFTSet=family:table:set"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(NFTSet, CGroupNFTSet, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(NFTSet, CGroupNFTSet, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
|
|
||||||
/* BPF programs
|
/* BPF programs
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#BPF%20Programs */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#BPF%20Programs */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"),
|
||||||
SD_VARLINK_DEFINE_FIELD(IPIngressFilterPath, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(IPIngressFilterPath, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"),
|
||||||
SD_VARLINK_DEFINE_FIELD(IPEgressFilterPath, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(IPEgressFilterPath, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#BPFProgram=type:program-path"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#BPFProgram=type:program-path"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(BPFProgram, CGroupBPFProgram, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(BPFProgram, CGroupBPFProgram, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
|
|
||||||
/* Device Access
|
/* Device Access
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Device%20Access */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Device%20Access */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DeviceAllow="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DeviceAllow="),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DeviceAllow, CGroupDeviceAllow, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DeviceAllow, CGroupDeviceAllow, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DevicePolicy=auto%7Cclosed%7Cstrict"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DevicePolicy=auto%7Cclosed%7Cstrict"),
|
||||||
SD_VARLINK_DEFINE_FIELD(DevicePolicy, SD_VARLINK_STRING, 0),
|
SD_VARLINK_DEFINE_FIELD(DevicePolicy, SD_VARLINK_STRING, 0),
|
||||||
|
|
||||||
/* Control Group Management
|
/* Control Group Management
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Control%20Group%20Management */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Control%20Group%20Management */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#Delegate="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Delegate="),
|
||||||
SD_VARLINK_DEFINE_FIELD(Delegate, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(Delegate, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DelegateSubgroup="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DelegateSubgroup="),
|
||||||
SD_VARLINK_DEFINE_FIELD(DelegateSubgroup, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(DelegateSubgroup, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DisableControllers="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DisableControllers="),
|
||||||
SD_VARLINK_DEFINE_FIELD(DelegateControllers, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(DelegateControllers, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DisableControllers="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DisableControllers="),
|
||||||
SD_VARLINK_DEFINE_FIELD(DisableControllers, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(DisableControllers, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
|
|
||||||
/* Memory Pressure Control
|
/* Memory Pressure Control
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Memory%20Pressure%20Control */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Memory%20Pressure%20Control */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"),
|
||||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMSwap, SD_VARLINK_STRING, 0),
|
SD_VARLINK_DEFINE_FIELD(ManagedOOMSwap, SD_VARLINK_STRING, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"),
|
||||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressure, SD_VARLINK_STRING, 0),
|
SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressure, SD_VARLINK_STRING, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMMemoryPressureLimit="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMMemoryPressureLimit="),
|
||||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressureLimit, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressureLimit, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMMemoryPressureDurationSec="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMMemoryPressureDurationSec="),
|
||||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressureDurationUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressureDurationUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMPreference=none%7Cavoid%7Comit"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMPreference=none%7Cavoid%7Comit"),
|
||||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMPreference, SD_VARLINK_STRING, 0),
|
SD_VARLINK_DEFINE_FIELD(ManagedOOMPreference, SD_VARLINK_STRING, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryPressureWatch="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryPressureWatch="),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemoryPressureWatch, SD_VARLINK_STRING, 0),
|
SD_VARLINK_DEFINE_FIELD(MemoryPressureWatch, SD_VARLINK_STRING, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryPressureThresholdSec="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryPressureThresholdSec="),
|
||||||
SD_VARLINK_DEFINE_FIELD(MemoryPressureThresholdUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(MemoryPressureThresholdUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
|
|
||||||
/* Others */
|
/* Others */
|
||||||
@ -259,107 +259,107 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE(
|
|||||||
|
|
||||||
/* [Unit] Section Options
|
/* [Unit] Section Options
|
||||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#%5BUnit%5D%20Section%20Options */
|
* https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#%5BUnit%5D%20Section%20Options */
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Description="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Description="),
|
||||||
SD_VARLINK_DEFINE_FIELD(Description, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(Description, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Documentation="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Documentation="),
|
||||||
SD_VARLINK_DEFINE_FIELD(Documentation, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(Documentation, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Wants="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Wants="),
|
||||||
SD_VARLINK_DEFINE_FIELD(Wants, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(Wants, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#WantedBy="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#WantedBy="),
|
||||||
SD_VARLINK_DEFINE_FIELD(WantedBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(WantedBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Requires="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Requires="),
|
||||||
SD_VARLINK_DEFINE_FIELD(Requires, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(Requires, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#WantedBy="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#WantedBy="),
|
||||||
SD_VARLINK_DEFINE_FIELD(RequiredBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(RequiredBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Requisite="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Requisite="),
|
||||||
SD_VARLINK_DEFINE_FIELD(Requisite, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(Requisite, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Requisite="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Requisite="),
|
||||||
SD_VARLINK_DEFINE_FIELD(RequisiteOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(RequisiteOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#BindsTo="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#BindsTo="),
|
||||||
SD_VARLINK_DEFINE_FIELD(BindsTo, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(BindsTo, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#BindsTo="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#BindsTo="),
|
||||||
SD_VARLINK_DEFINE_FIELD(BoundBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(BoundBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PartOf="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PartOf="),
|
||||||
SD_VARLINK_DEFINE_FIELD(PartOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(PartOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PartOf="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PartOf="),
|
||||||
SD_VARLINK_DEFINE_FIELD(ConsistsOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(ConsistsOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Upholds="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Upholds="),
|
||||||
SD_VARLINK_DEFINE_FIELD(Upholds, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(Upholds, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#WantedBy="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#WantedBy="),
|
||||||
SD_VARLINK_DEFINE_FIELD(UpheldBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(UpheldBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Conflicts="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Conflicts="),
|
||||||
SD_VARLINK_DEFINE_FIELD(Conflicts, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(Conflicts, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("The ConflictedBy= dependencies of this unit"),
|
SD_VARLINK_FIELD_COMMENT("The ConflictedBy= dependencies of this unit"),
|
||||||
SD_VARLINK_DEFINE_FIELD(ConflictedBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(ConflictedBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Before="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Before="),
|
||||||
SD_VARLINK_DEFINE_FIELD(Before, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(Before, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Before="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Before="),
|
||||||
SD_VARLINK_DEFINE_FIELD(After, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(After, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#OnFailure="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#OnFailure="),
|
||||||
SD_VARLINK_DEFINE_FIELD(OnFailure, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(OnFailure, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("The OnFailureOf= dependencies of this unit"),
|
SD_VARLINK_FIELD_COMMENT("The OnFailureOf= dependencies of this unit"),
|
||||||
SD_VARLINK_DEFINE_FIELD(OnFailureOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(OnFailureOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#OnSuccess="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#OnSuccess="),
|
||||||
SD_VARLINK_DEFINE_FIELD(OnSuccess, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(OnSuccess, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("The OnSuccessOf= dependencies of this unit"),
|
SD_VARLINK_FIELD_COMMENT("The OnSuccessOf= dependencies of this unit"),
|
||||||
SD_VARLINK_DEFINE_FIELD(OnSuccessOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(OnSuccessOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PropagatesReloadTo="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PropagatesReloadTo="),
|
||||||
SD_VARLINK_DEFINE_FIELD(PropagatesReloadTo, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(PropagatesReloadTo, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PropagatesReloadTo="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PropagatesReloadTo="),
|
||||||
SD_VARLINK_DEFINE_FIELD(ReloadPropagatedFrom, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(ReloadPropagatedFrom, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PropagatesStopTo="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PropagatesStopTo="),
|
||||||
SD_VARLINK_DEFINE_FIELD(PropagatesStopTo, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(PropagatesStopTo, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PropagatesStopTo="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PropagatesStopTo="),
|
||||||
SD_VARLINK_DEFINE_FIELD(StopPropagatedFrom, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StopPropagatedFrom, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JoinsNamespaceOf="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JoinsNamespaceOf="),
|
||||||
SD_VARLINK_DEFINE_FIELD(JoinsNamespaceOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(JoinsNamespaceOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#RequiresMountsFor="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#RequiresMountsFor="),
|
||||||
SD_VARLINK_DEFINE_FIELD(RequiresMountsFor, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(RequiresMountsFor, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#WantsMountsFor="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#WantsMountsFor="),
|
||||||
SD_VARLINK_DEFINE_FIELD(WantsMountsFor, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(WantsMountsFor, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#OnSuccessJobMode="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#OnSuccessJobMode="),
|
||||||
SD_VARLINK_DEFINE_FIELD(OnSuccessJobMode, SD_VARLINK_STRING, 0),
|
SD_VARLINK_DEFINE_FIELD(OnSuccessJobMode, SD_VARLINK_STRING, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#OnSuccessJobMode="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#OnSuccessJobMode="),
|
||||||
SD_VARLINK_DEFINE_FIELD(OnFailureJobMode, SD_VARLINK_STRING, 0),
|
SD_VARLINK_DEFINE_FIELD(OnFailureJobMode, SD_VARLINK_STRING, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#IgnoreOnIsolate="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#IgnoreOnIsolate="),
|
||||||
SD_VARLINK_DEFINE_FIELD(IgnoreOnIsolate, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(IgnoreOnIsolate, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#StopWhenUnneeded="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#StopWhenUnneeded="),
|
||||||
SD_VARLINK_DEFINE_FIELD(StopWhenUnneeded, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(StopWhenUnneeded, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#RefuseManualStart="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#RefuseManualStart="),
|
||||||
SD_VARLINK_DEFINE_FIELD(RefuseManualStart, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(RefuseManualStart, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#RefuseManualStart="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#RefuseManualStart="),
|
||||||
SD_VARLINK_DEFINE_FIELD(RefuseManualStop, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(RefuseManualStop, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#AllowIsolate="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#AllowIsolate="),
|
||||||
SD_VARLINK_DEFINE_FIELD(AllowIsolate, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(AllowIsolate, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#DefaultDependencies="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#DefaultDependencies="),
|
||||||
SD_VARLINK_DEFINE_FIELD(DefaultDependencies, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(DefaultDependencies, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#SurviveFinalKillSignal="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#SurviveFinalKillSignal="),
|
||||||
SD_VARLINK_DEFINE_FIELD(SurviveFinalKillSignal, SD_VARLINK_BOOL, 0),
|
SD_VARLINK_DEFINE_FIELD(SurviveFinalKillSignal, SD_VARLINK_BOOL, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#CollectMode="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#CollectMode="),
|
||||||
SD_VARLINK_DEFINE_FIELD(CollectMode, SD_VARLINK_STRING, 0),
|
SD_VARLINK_DEFINE_FIELD(CollectMode, SD_VARLINK_STRING, 0),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#FailureAction="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#FailureAction="),
|
||||||
SD_VARLINK_DEFINE_FIELD(FailureAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(FailureAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#FailureAction="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#FailureAction="),
|
||||||
SD_VARLINK_DEFINE_FIELD(SuccessAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(SuccessAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#FailureActionExitStatus="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#FailureActionExitStatus="),
|
||||||
SD_VARLINK_DEFINE_FIELD(FailureActionExitStatus, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(FailureActionExitStatus, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#FailureActionExitStatus="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#FailureActionExitStatus="),
|
||||||
SD_VARLINK_DEFINE_FIELD(SuccessActionExitStatus, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(SuccessActionExitStatus, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JobTimeoutSec="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JobTimeoutSec="),
|
||||||
SD_VARLINK_DEFINE_FIELD(JobTimeoutUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(JobTimeoutUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JobTimeoutSec="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JobTimeoutSec="),
|
||||||
SD_VARLINK_DEFINE_FIELD(JobRunningTimeoutUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(JobRunningTimeoutUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JobTimeoutAction="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JobTimeoutAction="),
|
||||||
SD_VARLINK_DEFINE_FIELD(JobTimeoutAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(JobTimeoutAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JobTimeoutAction="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JobTimeoutAction="),
|
||||||
SD_VARLINK_DEFINE_FIELD(JobTimeoutRebootArgument, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(JobTimeoutRebootArgument, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#StartLimitIntervalSec=interval"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#StartLimitIntervalSec=interval"),
|
||||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(StartLimit, RateLimit, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD_BY_TYPE(StartLimit, RateLimit, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#StartLimitIntervalSec=interval"),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#StartLimitIntervalSec=interval"),
|
||||||
SD_VARLINK_DEFINE_FIELD(StartLimitAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(StartLimitAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#RebootArgument="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#RebootArgument="),
|
||||||
SD_VARLINK_DEFINE_FIELD(RebootArgument, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(RebootArgument, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#SourcePath="),
|
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#SourcePath="),
|
||||||
SD_VARLINK_DEFINE_FIELD(SourcePath, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
SD_VARLINK_DEFINE_FIELD(SourcePath, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||||
|
|
||||||
/* Conditions and Asserts
|
/* Conditions and Asserts
|
||||||
|
|||||||
@ -1862,7 +1862,7 @@ static int merge_subprocess(
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
r = dissected_image_decrypt(m, /* passphrase= */ NULL, &verity_settings, pick_image_policy(img), flags);
|
r = dissected_image_decrypt(m, /* passphrase= */ NULL, &verity_settings, flags);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|||||||
@ -52,6 +52,10 @@ typedef void (*_sd_destroy_t)(void *userdata);
|
|||||||
# define _sd_pure_ __attribute__((__pure__))
|
# define _sd_pure_ __attribute__((__pure__))
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef _sd_const_
|
||||||
|
# define _sd_const_ __attribute__((__const__))
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Note that strictly speaking __deprecated__ has been available before GCC 6. However, starting with GCC 6
|
/* Note that strictly speaking __deprecated__ has been available before GCC 6. However, starting with GCC 6
|
||||||
* it also works on enum values, which we are interested in. Since this is a developer-facing feature anyway
|
* it also works on enum values, which we are interested in. Since this is a developer-facing feature anyway
|
||||||
* (as opposed to build engineer-facing), let's hence conditionalize this to gcc 6, given that the developers
|
* (as opposed to build engineer-facing), let's hence conditionalize this to gcc 6, given that the developers
|
||||||
|
|||||||
@ -115,17 +115,17 @@ int sd_id128_get_invocation_app_specific(sd_id128_t app_id, sd_id128_t *ret);
|
|||||||
#define SD_ID128_MAKE_UUID_STR(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) \
|
#define SD_ID128_MAKE_UUID_STR(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) \
|
||||||
#a #b #c #d "-" #e #f "-" #g #h "-" #i #j "-" #k #l #m #n #o #p
|
#a #b #c #d "-" #e #f "-" #g #h "-" #i #j "-" #k #l #m #n #o #p
|
||||||
|
|
||||||
static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
|
_sd_const_ static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
|
||||||
return a.qwords[0] == b.qwords[0] && a.qwords[1] == b.qwords[1];
|
return a.qwords[0] == b.qwords[0] && a.qwords[1] == b.qwords[1];
|
||||||
}
|
}
|
||||||
|
|
||||||
int sd_id128_string_equal(const char *s, sd_id128_t id);
|
int sd_id128_string_equal(const char *s, sd_id128_t id);
|
||||||
|
|
||||||
static __inline__ int sd_id128_is_null(sd_id128_t a) {
|
_sd_const_ static __inline__ int sd_id128_is_null(sd_id128_t a) {
|
||||||
return a.qwords[0] == 0 && a.qwords[1] == 0;
|
return a.qwords[0] == 0 && a.qwords[1] == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static __inline__ int sd_id128_is_allf(sd_id128_t a) {
|
_sd_const_ static __inline__ int sd_id128_is_allf(sd_id128_t a) {
|
||||||
return a.qwords[0] == UINT64_C(0xFFFFFFFFFFFFFFFF) && a.qwords[1] == UINT64_C(0xFFFFFFFFFFFFFFFF);
|
return a.qwords[0] == UINT64_C(0xFFFFFFFFFFFFFFFF) && a.qwords[1] == UINT64_C(0xFFFFFFFFFFFFFFFF);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -144,7 +144,7 @@ static __inline__ int sd_id128_in_setv(sd_id128_t a, va_list ap) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static __inline__ int sd_id128_in_set_sentinel(sd_id128_t a, ...) {
|
_sd_const_ static __inline__ int sd_id128_in_set_sentinel(sd_id128_t a, ...) {
|
||||||
va_list ap;
|
va_list ap;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
|||||||
@ -338,7 +338,7 @@ int sd_json_variant_unhex(sd_json_variant *v, void **ret, size_t *ret_size);
|
|||||||
const char* sd_json_variant_type_to_string(sd_json_variant_type_t t);
|
const char* sd_json_variant_type_to_string(sd_json_variant_type_t t);
|
||||||
sd_json_variant_type_t sd_json_variant_type_from_string(const char *s);
|
sd_json_variant_type_t sd_json_variant_type_from_string(const char *s);
|
||||||
|
|
||||||
static __inline__ int sd_json_format_enabled(sd_json_format_flags_t flags) {
|
_sd_const_ static __inline__ int sd_json_format_enabled(sd_json_format_flags_t flags) {
|
||||||
return !(flags & SD_JSON_FORMAT_OFF);
|
return !(flags & SD_JSON_FORMAT_OFF);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -21,7 +21,7 @@
|
|||||||
|
|
||||||
_SD_BEGIN_DECLARATIONS;
|
_SD_BEGIN_DECLARATIONS;
|
||||||
|
|
||||||
__extension__ enum {
|
enum {
|
||||||
/* Temporary files */
|
/* Temporary files */
|
||||||
SD_PATH_TEMPORARY,
|
SD_PATH_TEMPORARY,
|
||||||
SD_PATH_TEMPORARY_LARGE,
|
SD_PATH_TEMPORARY_LARGE,
|
||||||
@ -129,8 +129,7 @@ __extension__ enum {
|
|||||||
SD_PATH_USER_CREDENTIAL_STORE_ENCRYPTED,
|
SD_PATH_USER_CREDENTIAL_STORE_ENCRYPTED,
|
||||||
SD_PATH_USER_SEARCH_CREDENTIAL_STORE_ENCRYPTED,
|
SD_PATH_USER_SEARCH_CREDENTIAL_STORE_ENCRYPTED,
|
||||||
|
|
||||||
_SD_PATH_MAX,
|
_SD_PATH_MAX
|
||||||
_SD_PATH_INVALID = UINT64_MAX
|
|
||||||
};
|
};
|
||||||
|
|
||||||
int sd_path_lookup(uint64_t type, const char *suffix, char **ret);
|
int sd_path_lookup(uint64_t type, const char *suffix, char **ret);
|
||||||
|
|||||||
@ -2101,6 +2101,12 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
|
|||||||
return log_oom();
|
return log_oom();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (strv_length(arg_extra_drives) > 0) {
|
||||||
|
r = strv_extend_many(&cmdline, "-device", "virtio-scsi-pci,id=scsi");
|
||||||
|
if (r < 0)
|
||||||
|
return log_oom();
|
||||||
|
}
|
||||||
|
|
||||||
if (kernel) {
|
if (kernel) {
|
||||||
r = strv_extend_many(&cmdline, "-kernel", kernel);
|
r = strv_extend_many(&cmdline, "-kernel", kernel);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@ -2249,7 +2255,7 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
|
|||||||
if (strv_extend(&cmdline, "-device") < 0)
|
if (strv_extend(&cmdline, "-device") < 0)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
|
||||||
if (strv_extendf(&cmdline, "virtio-blk-pci,drive=vmspawn_extra_%zu,serial=%s", i++, escaped_drive_fn) < 0)
|
if (strv_extendf(&cmdline, "scsi-hd,drive=vmspawn_extra_%zu,serial=%s", i++, escaped_drive_fn) < 0)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -69,12 +69,12 @@ mv "$MINIMAL_IMAGE.fooverity" "$MINIMAL_IMAGE.verity"
|
|||||||
mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash"
|
mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash"
|
||||||
|
|
||||||
mkdir -p "$IMAGE_DIR/mount" "$IMAGE_DIR/mount2"
|
mkdir -p "$IMAGE_DIR/mount" "$IMAGE_DIR/mount2"
|
||||||
SYSTEMD_VERITY_SHARING=1 systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount"
|
systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount"
|
||||||
grep -q -F -f "$OS_RELEASE" "$IMAGE_DIR/mount/usr/lib/os-release"
|
grep -q -F -f "$OS_RELEASE" "$IMAGE_DIR/mount/usr/lib/os-release"
|
||||||
grep -q -F -f "$OS_RELEASE" "$IMAGE_DIR/mount/etc/os-release"
|
grep -q -F -f "$OS_RELEASE" "$IMAGE_DIR/mount/etc/os-release"
|
||||||
grep -q -F "MARKER=1" "$IMAGE_DIR/mount/usr/lib/os-release"
|
grep -q -F "MARKER=1" "$IMAGE_DIR/mount/usr/lib/os-release"
|
||||||
# Verity volume should be shared (opened only once)
|
# Verity volume should be shared (opened only once)
|
||||||
SYSTEMD_VERITY_SHARING=1 systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount2"
|
systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount2"
|
||||||
verity_count=$(find /dev/mapper/ -name "*verity*" | wc -l)
|
verity_count=$(find /dev/mapper/ -name "*verity*" | wc -l)
|
||||||
# In theory we should check that count is exactly one. In practice, libdevmapper
|
# In theory we should check that count is exactly one. In practice, libdevmapper
|
||||||
# randomly and unpredictably fails with an unhelpful EINVAL when a device is open
|
# randomly and unpredictably fails with an unhelpful EINVAL when a device is open
|
||||||
|
|||||||
@ -60,23 +60,8 @@ if (SYSTEMD_LOG_TARGET=console varlinkctl call \
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# This should work without the key
|
|
||||||
systemd-dissect --image-policy='root=verity:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
|
||||||
systemd-dissect --image-policy='root=verity+signed:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
|
||||||
|
|
||||||
# This should fail before we install the key
|
|
||||||
(! systemd-dissect --image-policy='root=signed:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null)
|
|
||||||
|
|
||||||
# Install key in keychain
|
# Install key in keychain
|
||||||
mkdir -p /run/verity.d
|
cp /tmp/test-50-unpriv-cert.crt /run/verity.d
|
||||||
cp /tmp/test-50-unpriv-cert.crt /run/verity.d/
|
|
||||||
|
|
||||||
# This should work now
|
|
||||||
systemd-dissect --image-policy='root=signed:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
|
||||||
|
|
||||||
# This should still work
|
|
||||||
systemd-dissect --image-policy='root=verity:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
|
||||||
systemd-dissect --image-policy='root=verity+signed:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
|
||||||
|
|
||||||
# Now run unpriv again, should be OK now.
|
# Now run unpriv again, should be OK now.
|
||||||
runas testuser systemd-dissect /var/tmp/unpriv.raw
|
runas testuser systemd-dissect /var/tmp/unpriv.raw
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user