mirror of
https://github.com/systemd/systemd
synced 2025-11-21 01:34:44 +01:00
Compare commits
No commits in common. "1df624422a23b28d0a18ae60af50a95c51c6d43a" and "cb1c039fbc5c14994cf70b0a873a70240a79fb16" have entirely different histories.
1df624422a
...
cb1c039fbc
@ -123,12 +123,8 @@ All tools:
|
||||
* `$SYSTEMD_NETLINK_DEFAULT_TIMEOUT` — specifies the default timeout of waiting
|
||||
replies for netlink messages from the kernel. Defaults to 25 seconds.
|
||||
|
||||
* `$SYSTEMD_VERITY_SHARING=` — takes a boolean. If set, overrides whether
|
||||
dm-verity devices shall be shared between multiple components by using a
|
||||
stable `<ROOTHASH>-verity` device mapper name. The default for this depends
|
||||
on the subsystem in question. Usually,
|
||||
RootImage=/ExtensionImages=/MountImages= in unit files default to enabled,
|
||||
while other uses default to disabled for this.
|
||||
* `$SYSTEMD_VERITY_SHARING=0` — if set, sharing dm-verity devices by
|
||||
using a stable `<ROOTHASH>-verity` device mapper name will be disabled.
|
||||
|
||||
`systemctl`:
|
||||
|
||||
|
||||
38
meson.build
38
meson.build
@ -405,6 +405,7 @@ possible_common_cc_flags = [
|
||||
'-Werror=shift-overflow=2',
|
||||
'-Werror=strict-flex-arrays',
|
||||
'-Werror=undef',
|
||||
'-Werror=unused-variable',
|
||||
'-Wfloat-equal',
|
||||
# gperf prevents us from enabling this because it does not emit fallthrough
|
||||
# attribute with clang.
|
||||
@ -628,34 +629,33 @@ stat = find_program('stat')
|
||||
|
||||
ln_s = ln.full_path() + ' -frsT -- "${DESTDIR:-}@0@" "${DESTDIR:-}@1@"'
|
||||
|
||||
# If -Dxxx-path option is found, use that. Otherwise, use the default from the
|
||||
# middle column; a full path is used directly, a relative path is converted to
|
||||
# /usr/bin/foo or /usr/sbin/foo, depending on whether split-bin is enabled.
|
||||
progs = [['quotaon', 'quotaon' ],
|
||||
['quotacheck', 'quotacheck' ],
|
||||
# If -Dxxx-path option is found, use that. Otherwise, check in $PATH,
|
||||
# /usr/sbin, /sbin, and fall back to the default from middle column.
|
||||
progs = [['quotaon', '/usr/sbin/quotaon' ],
|
||||
['quotacheck', '/usr/sbin/quotacheck' ],
|
||||
['kmod', '/usr/bin/kmod' ],
|
||||
['kexec', 'kexec' ],
|
||||
['sulogin', 'sulogin' ],
|
||||
['swapon', 'swapon' ],
|
||||
['swapoff', 'swapoff' ],
|
||||
['agetty', 'agetty' ],
|
||||
['kexec', '/usr/sbin/kexec' ],
|
||||
['sulogin', '/usr/sbin/sulogin' ],
|
||||
['swapon', '/usr/sbin/swapon' ],
|
||||
['swapoff', '/usr/sbin/swapoff' ],
|
||||
['agetty', '/usr/sbin/agetty' ],
|
||||
['mount', '/usr/bin/mount', 'MOUNT_PATH'],
|
||||
['umount', '/usr/bin/umount', 'UMOUNT_PATH'],
|
||||
['loadkeys', '/usr/bin/loadkeys', 'KBD_LOADKEYS'],
|
||||
['setfont', '/usr/bin/setfont', 'KBD_SETFONT'],
|
||||
['nologin', 'nologin', ],
|
||||
['nologin', '/usr/sbin/nologin', ],
|
||||
]
|
||||
foreach prog : progs
|
||||
path = get_option(prog[0] + '-path')
|
||||
if path == ''
|
||||
if prog[1].startswith('/')
|
||||
path = prog[1]
|
||||
else
|
||||
path = '/usr' / (split_bin ? 'sbin' : 'bin') / prog[1]
|
||||
endif
|
||||
endif
|
||||
if path != ''
|
||||
message('Using @1@ for @0@'.format(prog[0], path))
|
||||
|
||||
else
|
||||
exe = find_program(prog[0],
|
||||
'/usr/sbin/' + prog[0],
|
||||
'/sbin/' + prog[0],
|
||||
required: false)
|
||||
path = exe.found() ? exe.full_path() : prog[1]
|
||||
endif
|
||||
name = prog.length() > 2 ? prog[2] : prog[0].to_upper()
|
||||
conf.set_quoted(name, path)
|
||||
endforeach
|
||||
|
||||
@ -2523,8 +2523,7 @@ int setup_namespace(const NamespaceParameters *p, char **reterr_path) {
|
||||
DISSECT_IMAGE_GROWFS |
|
||||
DISSECT_IMAGE_ADD_PARTITION_DEVICES |
|
||||
DISSECT_IMAGE_PIN_PARTITION_DEVICES |
|
||||
DISSECT_IMAGE_ALLOW_USERSPACE_VERITY |
|
||||
DISSECT_IMAGE_VERITY_SHARE;
|
||||
DISSECT_IMAGE_ALLOW_USERSPACE_VERITY;
|
||||
int r;
|
||||
|
||||
assert(p);
|
||||
@ -2589,7 +2588,6 @@ int setup_namespace(const NamespaceParameters *p, char **reterr_path) {
|
||||
dissected_image,
|
||||
NULL,
|
||||
p->verity,
|
||||
p->root_image_policy,
|
||||
dissect_image_flags);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to decrypt dissected image: %m");
|
||||
|
||||
@ -2281,7 +2281,6 @@ static int run(int argc, char *argv[]) {
|
||||
r = dissected_image_decrypt_interactively(
|
||||
m, NULL,
|
||||
&arg_verity_settings,
|
||||
arg_image_policy,
|
||||
arg_flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -497,7 +497,6 @@ static int vl_method_mount_image(
|
||||
di,
|
||||
p.password,
|
||||
&verity,
|
||||
use_policy,
|
||||
dissect_flags);
|
||||
if (r == -ENOKEY) /* new dm-verity userspace returns ENOKEY if the dm-verity signature key is not in
|
||||
* key chain. That's great. */
|
||||
|
||||
@ -131,25 +131,30 @@ static int can_set_coredump_receive(sd_bus *bus) {
|
||||
return r >= 0;
|
||||
}
|
||||
|
||||
static int register_machine_ex(
|
||||
static int create_or_register_machine_ex(
|
||||
sd_bus *bus,
|
||||
const char *machine_name,
|
||||
const PidRef *pid,
|
||||
const char *directory,
|
||||
sd_id128_t uuid,
|
||||
int local_ifindex,
|
||||
const char *slice,
|
||||
CustomMount *mounts,
|
||||
unsigned n_mounts,
|
||||
int kill_signal,
|
||||
char **properties,
|
||||
sd_bus_message *properties_message,
|
||||
const char *service,
|
||||
sd_bus_error *error) {
|
||||
StartMode start_mode,
|
||||
sd_bus_error *error,
|
||||
bool keep_unit) {
|
||||
|
||||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
||||
int r;
|
||||
|
||||
assert(bus);
|
||||
assert(machine_name);
|
||||
assert(service);
|
||||
assert(error);
|
||||
|
||||
r = bus_message_new_method_call(bus, &m, bus_machine_mgr, "RegisterMachineEx");
|
||||
r = bus_message_new_method_call(bus, &m, bus_machine_mgr, keep_unit ? "RegisterMachineEx" : "CreateMachineEx");
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
@ -204,6 +209,45 @@ static int register_machine_ex(
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
if (!keep_unit) {
|
||||
r = sd_bus_message_open_container(m, 'a', "(sv)");
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
if (!isempty(slice)) {
|
||||
r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
|
||||
r = append_controller_property(bus, m);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = append_machine_properties(
|
||||
m,
|
||||
mounts,
|
||||
n_mounts,
|
||||
kill_signal,
|
||||
start_mode == START_BOOT && can_set_coredump_receive(bus) > 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (properties_message) {
|
||||
r = sd_bus_message_copy(m, properties_message, true);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
|
||||
r = bus_append_unit_property_assignment_many(m, UNIT_SERVICE, properties);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_bus_message_close_container(m);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
|
||||
return sd_bus_call(bus, m, 0, error, NULL);
|
||||
}
|
||||
|
||||
@ -214,31 +258,44 @@ int register_machine(
|
||||
const char *directory,
|
||||
sd_id128_t uuid,
|
||||
int local_ifindex,
|
||||
const char *service) {
|
||||
const char *slice,
|
||||
CustomMount *mounts,
|
||||
unsigned n_mounts,
|
||||
int kill_signal,
|
||||
char **properties,
|
||||
sd_bus_message *properties_message,
|
||||
const char *service,
|
||||
StartMode start_mode,
|
||||
RegisterMachineFlags flags) {
|
||||
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
int r;
|
||||
|
||||
assert(bus);
|
||||
assert(machine_name);
|
||||
assert(service);
|
||||
|
||||
r = register_machine_ex(
|
||||
r = create_or_register_machine_ex(
|
||||
bus,
|
||||
machine_name,
|
||||
pid,
|
||||
directory,
|
||||
uuid,
|
||||
local_ifindex,
|
||||
slice,
|
||||
mounts,
|
||||
n_mounts,
|
||||
kill_signal,
|
||||
properties,
|
||||
properties_message,
|
||||
service,
|
||||
&error);
|
||||
start_mode,
|
||||
&error,
|
||||
FLAGS_SET(flags, REGISTER_MACHINE_KEEP_UNIT));
|
||||
if (r >= 0)
|
||||
return 0;
|
||||
if (!sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD))
|
||||
return log_error_errno(r, "Failed to register machine: %s", bus_error_message(&error, r));
|
||||
|
||||
sd_bus_error_free(&error);
|
||||
|
||||
if (FLAGS_SET(flags, REGISTER_MACHINE_KEEP_UNIT)) {
|
||||
r = bus_call_method(
|
||||
bus,
|
||||
bus_machine_mgr,
|
||||
@ -253,6 +310,65 @@ int register_machine(
|
||||
pidref_is_set(pid) ? (uint32_t) pid->pid : 0,
|
||||
strempty(directory),
|
||||
local_ifindex > 0 ? 1 : 0, local_ifindex);
|
||||
} else {
|
||||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
||||
|
||||
r = bus_message_new_method_call(bus, &m, bus_machine_mgr, "CreateMachineWithNetwork");
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
r = sd_bus_message_append(
|
||||
m,
|
||||
"sayssusai",
|
||||
machine_name,
|
||||
SD_BUS_MESSAGE_APPEND_ID128(uuid),
|
||||
service,
|
||||
"container",
|
||||
pidref_is_set(pid) ? (uint32_t) pid->pid : 0,
|
||||
strempty(directory),
|
||||
local_ifindex > 0 ? 1 : 0, local_ifindex);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
r = sd_bus_message_open_container(m, 'a', "(sv)");
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
if (!isempty(slice)) {
|
||||
r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
|
||||
r = append_controller_property(bus, m);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = append_machine_properties(
|
||||
m,
|
||||
mounts,
|
||||
n_mounts,
|
||||
kill_signal,
|
||||
start_mode == START_BOOT && can_set_coredump_receive(bus) > 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (properties_message) {
|
||||
r = sd_bus_message_copy(m, properties_message, true);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
|
||||
r = bus_append_unit_property_assignment_many(m, UNIT_SERVICE, properties);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_bus_message_close_container(m);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
r = sd_bus_call(bus, m, 0, &error, NULL);
|
||||
}
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to register machine: %s", bus_error_message(&error, r));
|
||||
|
||||
|
||||
@ -4,6 +4,10 @@
|
||||
#include "forward.h"
|
||||
#include "nspawn-settings.h"
|
||||
|
||||
typedef enum RegisterMachineFlags {
|
||||
REGISTER_MACHINE_KEEP_UNIT = 1 << 0,
|
||||
} RegisterMachineFlags;
|
||||
|
||||
int register_machine(
|
||||
sd_bus *bus,
|
||||
const char *machine_name,
|
||||
@ -11,7 +15,14 @@ int register_machine(
|
||||
const char *directory,
|
||||
sd_id128_t uuid,
|
||||
int local_ifindex,
|
||||
const char *service);
|
||||
const char *slice,
|
||||
CustomMount *mounts, unsigned n_mounts,
|
||||
int kill_signal,
|
||||
char **properties,
|
||||
sd_bus_message *properties_message,
|
||||
const char *service,
|
||||
StartMode start_mode,
|
||||
RegisterMachineFlags flags);
|
||||
int unregister_machine(sd_bus *bus, const char *machine_name);
|
||||
|
||||
typedef enum AllocateScopeFlags {
|
||||
|
||||
@ -18,7 +18,6 @@
|
||||
#include "sd-event.h"
|
||||
#include "sd-id128.h"
|
||||
#include "sd-netlink.h"
|
||||
#include "sd-path.h"
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "barrier.h"
|
||||
@ -4937,29 +4936,12 @@ static int load_settings(void) {
|
||||
if (FLAGS_SET(arg_settings_mask, _SETTINGS_MASK_ALL))
|
||||
return 0;
|
||||
|
||||
/* We first look in the admin's directories in /etc/ and /run/ */
|
||||
static const uint64_t lookup_dir_system[] = {
|
||||
SD_PATH_SYSTEM_CONFIGURATION,
|
||||
SD_PATH_SYSTEM_RUNTIME,
|
||||
_SD_PATH_INVALID,
|
||||
};
|
||||
static const uint64_t lookup_dir_user[] = {
|
||||
SD_PATH_USER_CONFIGURATION,
|
||||
SD_PATH_USER_RUNTIME,
|
||||
_SD_PATH_INVALID,
|
||||
};
|
||||
|
||||
const uint64_t *q = arg_privileged ? lookup_dir_system : lookup_dir_user;
|
||||
for (; *q != _SD_PATH_INVALID; q++) {
|
||||
_cleanup_free_ char *cd = NULL;
|
||||
r = sd_path_lookup(*q, "systemd/nspawn", &cd);
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Failed to determine settings directory, ignoring: %m");
|
||||
continue;
|
||||
}
|
||||
|
||||
/* We first look in the admin's directories in /etc and /run */
|
||||
if (arg_privileged)
|
||||
FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
|
||||
_cleanup_free_ char *j = NULL;
|
||||
j = path_join(cd, arg_settings_filename);
|
||||
|
||||
j = path_join(i, arg_settings_filename);
|
||||
if (!j)
|
||||
return log_oom();
|
||||
|
||||
@ -4967,8 +4949,6 @@ static int load_settings(void) {
|
||||
if (f) {
|
||||
p = TAKE_PTR(j);
|
||||
|
||||
log_debug("Found settings file: %s", p);
|
||||
|
||||
/* By default, we trust configuration from /etc and /run */
|
||||
if (arg_settings_trusted < 0)
|
||||
arg_settings_trusted = true;
|
||||
@ -4999,9 +4979,6 @@ static int load_settings(void) {
|
||||
if (!f && errno != ENOENT)
|
||||
return log_error_errno(errno, "Failed to open %s: %m", p);
|
||||
|
||||
if (f)
|
||||
log_debug("Found settings file: %s", p);
|
||||
|
||||
/* By default, we do not trust configuration from /var/lib/machines */
|
||||
if (arg_settings_trusted < 0)
|
||||
arg_settings_trusted = false;
|
||||
@ -5380,10 +5357,10 @@ static int run_container(
|
||||
(void) sd_bus_set_allow_interactive_authorization(system_bus, arg_ask_password);
|
||||
}
|
||||
|
||||
/* Scope allocation happens on the user bus if we are unpriv, otherwise system bus. */
|
||||
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *user_bus = NULL;
|
||||
_cleanup_(sd_bus_unrefp) sd_bus *runtime_bus = NULL;
|
||||
|
||||
if (arg_register || !arg_keep_unit) {
|
||||
if (!arg_keep_unit) {
|
||||
if (arg_privileged)
|
||||
runtime_bus = sd_bus_ref(system_bus);
|
||||
else {
|
||||
@ -5397,22 +5374,7 @@ static int run_container(
|
||||
|
||||
runtime_bus = sd_bus_ref(user_bus);
|
||||
}
|
||||
}
|
||||
|
||||
/* Scope allocation happens on the user bus if we are unpriv, otherwise system bus. */
|
||||
if (arg_keep_unit) {
|
||||
/* If we are not supposed to allocate a unit, then let's move the process now, so that we can
|
||||
* register things while being in the right cgroup location already. Otherwise, let's move
|
||||
* the process later, once we have unit and hence cgroup. */
|
||||
r = create_subcgroup(
|
||||
pid,
|
||||
arg_keep_unit,
|
||||
arg_uid_shift,
|
||||
userns_fd,
|
||||
arg_userns_mode);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else {
|
||||
/* When a new scope is created for this container, then we'll be registered as its controller, in which
|
||||
* case PID 1 will send us a friendly RequestStop signal, when it is asked to terminate the
|
||||
* scope. Let's hook into that, and cleanly shut down the container, and print a friendly message. */
|
||||
@ -5431,8 +5393,22 @@ static int run_container(
|
||||
return log_error_errno(r, "Failed to request RequestStop match: %m");
|
||||
}
|
||||
|
||||
if (arg_keep_unit) {
|
||||
/* If we are not supposed to allocate a unit, then let's move the process now, so that we can
|
||||
* register things while being in the right cgroup location already. Otherwise, let's move
|
||||
* the process later, once we have unit and hence cgroup. */
|
||||
r = create_subcgroup(
|
||||
pid,
|
||||
arg_keep_unit,
|
||||
arg_uid_shift,
|
||||
userns_fd,
|
||||
arg_userns_mode);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
bool scope_allocated = false;
|
||||
if (!arg_keep_unit) {
|
||||
if (!arg_keep_unit && (!arg_register || !arg_privileged)) {
|
||||
AllocateScopeFlags flags = ALLOCATE_SCOPE_ALLOW_PIDFD;
|
||||
r = allocate_scope(
|
||||
runtime_bus,
|
||||
@ -5451,8 +5427,10 @@ static int run_container(
|
||||
scope_allocated = true;
|
||||
}
|
||||
|
||||
bool registered_system = false, registered_runtime = false;
|
||||
bool registered = false;
|
||||
if (arg_register) {
|
||||
RegisterMachineFlags flags = 0;
|
||||
SET_FLAG(flags, REGISTER_MACHINE_KEEP_UNIT, arg_keep_unit || !arg_privileged);
|
||||
r = register_machine(
|
||||
system_bus,
|
||||
arg_machine,
|
||||
@ -5460,32 +5438,18 @@ static int run_container(
|
||||
arg_directory,
|
||||
arg_uuid,
|
||||
ifi,
|
||||
arg_container_service_name);
|
||||
if (r < 0) {
|
||||
if (arg_privileged) /* if privileged the request to register definitely failed */
|
||||
arg_slice,
|
||||
arg_custom_mounts, arg_n_custom_mounts,
|
||||
arg_kill_signal,
|
||||
arg_property,
|
||||
arg_property_message,
|
||||
arg_container_service_name,
|
||||
arg_start_mode,
|
||||
flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
log_notice_errno(r, "Failed to register machine in system context, will try in user context.");
|
||||
} else
|
||||
registered_system = true;
|
||||
|
||||
if (!arg_privileged) {
|
||||
r = register_machine(
|
||||
runtime_bus,
|
||||
arg_machine,
|
||||
pid,
|
||||
arg_directory,
|
||||
arg_uuid,
|
||||
ifi,
|
||||
arg_container_service_name);
|
||||
if (r < 0) {
|
||||
if (!registered_system) /* neither registration worked: fail */
|
||||
return r;
|
||||
|
||||
log_notice_errno(r, "Failed to register machine in user context, but succeeded in system context, will proceed.");
|
||||
} else
|
||||
registered_runtime = true;
|
||||
}
|
||||
registered = true;
|
||||
}
|
||||
|
||||
if (arg_keep_unit && (arg_slice || arg_property))
|
||||
@ -5697,10 +5661,8 @@ static int run_container(
|
||||
r = wait_for_container(pid, &container_status);
|
||||
|
||||
/* Tell machined that we are gone. */
|
||||
if (registered_system)
|
||||
if (registered)
|
||||
(void) unregister_machine(system_bus, arg_machine);
|
||||
if (registered_runtime)
|
||||
(void) unregister_machine(runtime_bus, arg_machine);
|
||||
|
||||
if (r < 0)
|
||||
/* We failed to wait for the container, or the container exited abnormally. */
|
||||
@ -6339,7 +6301,6 @@ static int run(int argc, char *argv[]) {
|
||||
dissected_image,
|
||||
NULL,
|
||||
&arg_verity_settings,
|
||||
arg_image_policy ?: &image_policy_container,
|
||||
dissect_image_flags);
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
|
||||
@ -2547,7 +2547,6 @@ static int decrypt_partition(
|
||||
DissectedPartition *m,
|
||||
const char *passphrase,
|
||||
DissectImageFlags flags,
|
||||
PartitionPolicyFlags policy_flags,
|
||||
DecryptedImage *d) {
|
||||
|
||||
_cleanup_free_ char *node = NULL, *name = NULL;
|
||||
@ -2567,9 +2566,6 @@ static int decrypt_partition(
|
||||
if (!passphrase)
|
||||
return -ENOKEY;
|
||||
|
||||
if (!FLAGS_SET(policy_flags, PARTITION_POLICY_ENCRYPTED))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ERFKILL), "Attempted to unlock partition via LUKS, but it's prohibited.");
|
||||
|
||||
r = dlopen_cryptsetup();
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -2676,8 +2672,6 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(char *, dm_deferred_remove_clean);
|
||||
static int validate_signature_userspace(const VeritySettings *verity, DissectImageFlags flags) {
|
||||
int r;
|
||||
|
||||
/* Returns > 0 if signature checks out, == 0 if not, < 0 on unexpected errors */
|
||||
|
||||
if (!FLAGS_SET(flags, DISSECT_IMAGE_ALLOW_USERSPACE_VERITY)) {
|
||||
log_debug("Userspace dm-verity signature authentication disabled via flag.");
|
||||
return 0;
|
||||
@ -2784,8 +2778,7 @@ static int do_crypt_activate_verity(
|
||||
struct crypt_device *cd,
|
||||
const char *name,
|
||||
const VeritySettings *verity,
|
||||
DissectImageFlags flags,
|
||||
PartitionPolicyFlags policy_flags) {
|
||||
DissectImageFlags flags) {
|
||||
|
||||
bool check_signature;
|
||||
int r, k;
|
||||
@ -2794,7 +2787,7 @@ static int do_crypt_activate_verity(
|
||||
assert(name);
|
||||
assert(verity);
|
||||
|
||||
if (verity->root_hash_sig && FLAGS_SET(policy_flags, PARTITION_POLICY_SIGNED)) {
|
||||
if (verity->root_hash_sig) {
|
||||
r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIGNATURE");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIGNATURE");
|
||||
@ -2804,6 +2797,7 @@ static int do_crypt_activate_verity(
|
||||
check_signature = false;
|
||||
|
||||
if (check_signature) {
|
||||
|
||||
#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
|
||||
/* First, if we have support for signed keys in the kernel, then try that first. */
|
||||
r = sym_crypt_activate_by_signed_key(
|
||||
@ -2814,18 +2808,10 @@ static int do_crypt_activate_verity(
|
||||
verity->root_hash_sig,
|
||||
verity->root_hash_sig_size,
|
||||
CRYPT_ACTIVATE_READONLY);
|
||||
if (r >= 0) {
|
||||
log_debug("Verity activation via kernel signature logic worked.");
|
||||
return 0;
|
||||
}
|
||||
if (r >= 0)
|
||||
return r;
|
||||
|
||||
log_debug_errno(r, "Validation of dm-verity signature failed via the kernel, trying userspace validation instead: %m");
|
||||
|
||||
/* Let's mangle ENOKEY → EDESTADDRREQ, so that we return a clear, recognizable error if
|
||||
* there's a signature we don't recognize, that is distinct from the LUKS/encryption
|
||||
* -ENOKEY, which means "password required, but I have none". */
|
||||
if (r == -ENOKEY)
|
||||
r = -EDESTADDRREQ;
|
||||
#else
|
||||
log_debug("Activation of verity device with signature requested, but not supported via the kernel by %s due to missing crypt_activate_by_signed_key(), trying userspace validation instead.",
|
||||
program_invocation_short_name);
|
||||
@ -2839,36 +2825,18 @@ static int do_crypt_activate_verity(
|
||||
* as the device-mapper is finicky around concurrent activations of the same volume */
|
||||
k = validate_signature_userspace(verity, flags);
|
||||
if (k < 0)
|
||||
return k;
|
||||
if (k == 0) {
|
||||
log_debug("Activation of signed Verity volume worked neither via the kernel nor in userspace, can't activate.");
|
||||
return r < 0 ? r : k;
|
||||
if (k == 0)
|
||||
return log_debug_errno(r < 0 ? r : SYNTHETIC_ERRNO(ENOKEY),
|
||||
"Activation of signed Verity volume worked neither via the kernel nor in userspace, can't activate.");
|
||||
}
|
||||
|
||||
/* So if we had a signature and we're supposed to exclusively allow
|
||||
* signature-based activation, then return the error now */
|
||||
if (!FLAGS_SET(policy_flags, PARTITION_POLICY_VERITY))
|
||||
return r < 0 ? r : -EDESTADDRREQ;
|
||||
|
||||
log_debug("Activation of signed Verity volume without validating signature is permitted by policy. Continuing.");
|
||||
} else
|
||||
log_debug("Verity activation via userspace signature logic worked, activating by root hash.");
|
||||
|
||||
/* Otherwise let's see what signature-less activation results in. */
|
||||
|
||||
} else if (!FLAGS_SET(policy_flags, PARTITION_POLICY_VERITY))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ERFKILL),
|
||||
"No-signature activation of Verity volume not allowed by policy, refusing.");
|
||||
|
||||
r = sym_crypt_activate_by_volume_key(
|
||||
return sym_crypt_activate_by_volume_key(
|
||||
cd,
|
||||
name,
|
||||
verity->root_hash,
|
||||
verity->root_hash_size,
|
||||
CRYPT_ACTIVATE_READONLY);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Activation of Verity via root hash failed: %m");
|
||||
|
||||
log_debug("Activation of Verity via root hash succeeded.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
static usec_t verity_timeout(void) {
|
||||
@ -2895,11 +2863,10 @@ static usec_t verity_timeout(void) {
|
||||
|
||||
static int verity_partition(
|
||||
PartitionDesignator designator,
|
||||
DissectedPartition *m, /* data partition */
|
||||
DissectedPartition *v, /* verity partition */
|
||||
DissectedPartition *m,
|
||||
DissectedPartition *v,
|
||||
const VeritySettings *verity,
|
||||
DissectImageFlags flags,
|
||||
PartitionPolicyFlags policy_flags,
|
||||
DecryptedImage *d) {
|
||||
|
||||
_cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
|
||||
@ -2926,11 +2893,6 @@ static int verity_partition(
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(policy_flags & (PARTITION_POLICY_VERITY|PARTITION_POLICY_SIGNED))) {
|
||||
log_debug("Attempted to unlock partition via Verity, but it's prohibited, skipping.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = dlopen_cryptsetup();
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -2982,7 +2944,7 @@ static int verity_partition(
|
||||
goto check; /* The device already exists. Let's check it. */
|
||||
|
||||
/* The symlink to the device node does not exist yet. Assume not activated, and let's activate it. */
|
||||
r = do_crypt_activate_verity(cd, name, verity, flags, policy_flags);
|
||||
r = do_crypt_activate_verity(cd, name, verity, flags);
|
||||
if (r >= 0)
|
||||
goto try_open; /* The device is activated. Let's open it. */
|
||||
/* libdevmapper can return EINVAL when the device is already in the activation stage.
|
||||
@ -3076,7 +3038,7 @@ static int verity_partition(
|
||||
*/
|
||||
sym_crypt_free(cd);
|
||||
cd = NULL;
|
||||
return verity_partition(designator, m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, policy_flags, d);
|
||||
return verity_partition(designator, m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
|
||||
}
|
||||
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EBUSY), "All attempts to activate verity device %s failed.", name);
|
||||
@ -3098,26 +3060,23 @@ int dissected_image_decrypt(
|
||||
DissectedImage *m,
|
||||
const char *passphrase,
|
||||
const VeritySettings *verity,
|
||||
const ImagePolicy *policy,
|
||||
DissectImageFlags flags) {
|
||||
|
||||
#if HAVE_LIBCRYPTSETUP
|
||||
_cleanup_(decrypted_image_unrefp) DecryptedImage *d = NULL;
|
||||
#endif
|
||||
int r;
|
||||
#endif
|
||||
|
||||
assert(m);
|
||||
assert(!verity || verity->root_hash || verity->root_hash_size == 0);
|
||||
|
||||
/* Returns:
|
||||
*
|
||||
* = 0 → There was nothing to decrypt/setup
|
||||
* > 0 → Decrypted/setup successfully
|
||||
* -ENOKEY → dm-crypt: there's something to decrypt but no decryption key was supplied
|
||||
* -EKEYREJECTED → dm-crypt: Passed key was not correct
|
||||
* -EDESTADDRREQ → dm-verity: there's something to setup but no signature was supplied
|
||||
* -EBUSY → dm-verity: Generic Verity error (kernel is not very explanatory)
|
||||
* -ERFKILL → image policy not compatible with request
|
||||
* = 0 → There was nothing to decrypt
|
||||
* > 0 → Decrypted successfully
|
||||
* -ENOKEY → There's something to decrypt but no key was supplied
|
||||
* -EKEYREJECTED → Passed key was not correct
|
||||
* -EBUSY → Generic Verity error (kernel is not very explanatory)
|
||||
*/
|
||||
|
||||
if (verity && verity->root_hash && verity->root_hash_size < sizeof(sd_id128_t))
|
||||
@ -3126,10 +3085,6 @@ int dissected_image_decrypt(
|
||||
if (!m->encrypted && !m->verity_ready)
|
||||
return 0;
|
||||
|
||||
r = secure_getenv_bool("SYSTEMD_VERITY_SHARING");
|
||||
if (r >= 0)
|
||||
SET_FLAG(flags, DISSECT_IMAGE_VERITY_SHARE, r);
|
||||
|
||||
#if HAVE_LIBCRYPTSETUP
|
||||
r = decrypted_image_new(&d);
|
||||
if (r < 0)
|
||||
@ -3142,15 +3097,15 @@ int dissected_image_decrypt(
|
||||
if (!p->found)
|
||||
continue;
|
||||
|
||||
PartitionPolicyFlags fl = image_policy_get_exhaustively(policy, i);
|
||||
|
||||
r = decrypt_partition(p, passphrase, flags, fl, d);
|
||||
r = decrypt_partition(p, passphrase, flags, d);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
k = partition_verity_hash_of(i);
|
||||
if (k >= 0) {
|
||||
r = verity_partition(i, p, m->partitions + k, verity, flags, fl, d);
|
||||
flags |= getenv_bool("SYSTEMD_VERITY_SHARING") != 0 ? DISSECT_IMAGE_VERITY_SHARE : 0;
|
||||
|
||||
r = verity_partition(i, p, m->partitions + k, verity, flags, d);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
@ -3163,6 +3118,7 @@ int dissected_image_decrypt(
|
||||
}
|
||||
|
||||
m->decrypted_image = TAKE_PTR(d);
|
||||
|
||||
return 1;
|
||||
#else
|
||||
return -EOPNOTSUPP;
|
||||
@ -3173,7 +3129,6 @@ int dissected_image_decrypt_interactively(
|
||||
DissectedImage *m,
|
||||
const char *passphrase,
|
||||
const VeritySettings *verity,
|
||||
const ImagePolicy *image_policy,
|
||||
DissectImageFlags flags) {
|
||||
|
||||
_cleanup_strv_free_erase_ char **z = NULL;
|
||||
@ -3183,17 +3138,13 @@ int dissected_image_decrypt_interactively(
|
||||
n--;
|
||||
|
||||
for (;;) {
|
||||
r = dissected_image_decrypt(m, passphrase, verity, image_policy, flags);
|
||||
r = dissected_image_decrypt(m, passphrase, verity, flags);
|
||||
if (r >= 0)
|
||||
return r;
|
||||
if (r == -EKEYREJECTED)
|
||||
log_error_errno(r, "Incorrect passphrase, try again!");
|
||||
else if (r == -EDESTADDRREQ)
|
||||
return log_error_errno(r, "Image lacks recognized signature.");
|
||||
else if (r == -ERFKILL)
|
||||
return log_error_errno(r, "Unlocking of Verity/LUKS volumes not permitted by policy.");
|
||||
else if (r != -ENOKEY)
|
||||
return log_error_errno(r, "Failed to decrypt/set up image: %m");
|
||||
return log_error_errno(r, "Failed to decrypt image: %m");
|
||||
|
||||
if (--n < 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EKEYREJECTED),
|
||||
@ -4324,7 +4275,7 @@ int mount_image_privately_interactively(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = dissected_image_decrypt_interactively(dissected_image, NULL, &verity, image_policy, flags);
|
||||
r = dissected_image_decrypt_interactively(dissected_image, NULL, &verity, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -4428,8 +4379,7 @@ int verity_dissect_and_mount(
|
||||
(relax_extension_release_check ? DISSECT_IMAGE_RELAX_EXTENSION_CHECK : 0) |
|
||||
DISSECT_IMAGE_ADD_PARTITION_DEVICES |
|
||||
DISSECT_IMAGE_PIN_PARTITION_DEVICES |
|
||||
DISSECT_IMAGE_ALLOW_USERSPACE_VERITY |
|
||||
DISSECT_IMAGE_VERITY_SHARE;
|
||||
DISSECT_IMAGE_ALLOW_USERSPACE_VERITY;
|
||||
|
||||
/* Note that we don't use loop_device_make here, as the FD is most likely O_PATH which would not be
|
||||
* accepted by LOOP_CONFIGURE, so just let loop_device_make_by_path reopen it as a regular FD. */
|
||||
@ -4476,7 +4426,6 @@ int verity_dissect_and_mount(
|
||||
dissected_image,
|
||||
NULL,
|
||||
verity,
|
||||
image_policy,
|
||||
dissect_image_flags);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to decrypt dissected image: %m");
|
||||
|
||||
@ -171,8 +171,8 @@ void dissected_image_close(DissectedImage *m);
|
||||
DissectedImage* dissected_image_unref(DissectedImage *m);
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC(DissectedImage*, dissected_image_unref);
|
||||
|
||||
int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const VeritySettings *verity, const ImagePolicy *image_policy, DissectImageFlags flags);
|
||||
int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const VeritySettings *verity, const ImagePolicy *image_policy, DissectImageFlags flags);
|
||||
int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags);
|
||||
int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags);
|
||||
int dissected_image_mount(DissectedImage *m, const char *where, uid_t uid_shift, uid_t uid_range, int userns_fd, DissectImageFlags flags);
|
||||
int dissected_image_mount_and_warn(DissectedImage *m, const char *where, uid_t uid_shift, uid_t uid_range, int userns_fd, DissectImageFlags flags);
|
||||
|
||||
|
||||
@ -92,145 +92,145 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE(
|
||||
|
||||
/* CPU Control
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPU%20Control */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#CPUWeight=weight"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUWeight=weight"),
|
||||
SD_VARLINK_DEFINE_FIELD(CPUWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#CPUWeight=weight"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUWeight=weight"),
|
||||
SD_VARLINK_DEFINE_FIELD(StartupCPUWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#CPUQuota="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUQuota="),
|
||||
SD_VARLINK_DEFINE_FIELD(CPUQuotaPerSecUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#CPUQuotaPeriodSec="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUQuotaPeriodSec="),
|
||||
SD_VARLINK_DEFINE_FIELD(CPUQuotaPeriodUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#AllowedCPUs="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedCPUs="),
|
||||
SD_VARLINK_DEFINE_FIELD(AllowedCPUs, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#AllowedCPUs="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedCPUs="),
|
||||
SD_VARLINK_DEFINE_FIELD(StartupAllowedCPUs, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
|
||||
/* Memory Accounting and Control
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Memory%20Accounting%20and%20Control */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryAccounting="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryAccounting="),
|
||||
SD_VARLINK_DEFINE_FIELD(MemoryAccounting, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(MemoryMin, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(DefaultMemoryMin, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(MemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(DefaultMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemorySwapMax=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemorySwapMax=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(StartupMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(DefaultStartupMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryHigh=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryHigh=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(MemoryHigh, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryHigh=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryHigh=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(StartupMemoryHigh, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMax=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMax=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(MemoryMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryMax=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMax=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(StartupMemoryMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemorySwapMax=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemorySwapMax=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(MemorySwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemorySwapMax=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemorySwapMax=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(StartupMemorySwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryZSwapMax=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryZSwapMax=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(MemoryZSwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryZSwapMax=bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryZSwapMax=bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD(StartupMemoryZSwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryZSwapWriteback="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryZSwapWriteback="),
|
||||
SD_VARLINK_DEFINE_FIELD(MemoryZSwapWriteback, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#AllowedMemoryNodes="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedMemoryNodes="),
|
||||
SD_VARLINK_DEFINE_FIELD(AllowedMemoryNodes, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#AllowedMemoryNodes="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedMemoryNodes="),
|
||||
SD_VARLINK_DEFINE_FIELD(StartupAllowedMemoryNodes, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
|
||||
/* Process Accounting and Control
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Process%20Accounting%20and%20Control */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#TasksAccounting="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#TasksAccounting="),
|
||||
SD_VARLINK_DEFINE_FIELD(TasksAccounting, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#TasksMax=N"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#TasksMax=N"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(TasksMax, CGroupTasksMax, SD_VARLINK_NULLABLE),
|
||||
|
||||
/* IO Accounting and Control
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IO%20Accounting%20and%20Control */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOAccounting="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOAccounting="),
|
||||
SD_VARLINK_DEFINE_FIELD(IOAccounting, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOWeight=weight"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOWeight=weight"),
|
||||
SD_VARLINK_DEFINE_FIELD(IOWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOWeight=weight"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOWeight=weight"),
|
||||
SD_VARLINK_DEFINE_FIELD(StartupIOWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IODeviceWeight=device%20weight"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IODeviceWeight=device%20weight"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IODeviceWeight, CGroupIODeviceWeight, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOReadBandwidthMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOWriteBandwidthMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOReadIOPSMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOWriteIOPSMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IODeviceLatencyTargetSec=device%20target"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IODeviceLatencyTargetSec=device%20target"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IODeviceLatencyTargetUSec, CGroupIODeviceLatency, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
|
||||
/* Network Accounting and Control
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Network%20Accounting%20and%20Control */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPAccounting="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAccounting="),
|
||||
SD_VARLINK_DEFINE_FIELD(IPAccounting, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IPAddressAllow, CGroupAddressPrefix, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(IPAddressDeny, CGroupAddressPrefix, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#SocketBindAllow=bind-rule"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#SocketBindAllow=bind-rule"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(SocketBindAllow, CGroupSocketBind, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#SocketBindAllow=bind-rule"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#SocketBindAllow=bind-rule"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(SocketBindDeny, CGroupSocketBind, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#RestrictNetworkInterfaces="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#RestrictNetworkInterfaces="),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(RestrictNetworkInterfaces, CGroupRestrictNetworkInterfaces, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#NFTSet=family:table:set"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#NFTSet=family:table:set"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(NFTSet, CGroupNFTSet, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
|
||||
/* BPF programs
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#BPF%20Programs */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"),
|
||||
SD_VARLINK_DEFINE_FIELD(IPIngressFilterPath, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"),
|
||||
SD_VARLINK_DEFINE_FIELD(IPEgressFilterPath, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#BPFProgram=type:program-path"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#BPFProgram=type:program-path"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(BPFProgram, CGroupBPFProgram, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
|
||||
/* Device Access
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Device%20Access */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DeviceAllow="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DeviceAllow="),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DeviceAllow, CGroupDeviceAllow, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DevicePolicy=auto%7Cclosed%7Cstrict"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DevicePolicy=auto%7Cclosed%7Cstrict"),
|
||||
SD_VARLINK_DEFINE_FIELD(DevicePolicy, SD_VARLINK_STRING, 0),
|
||||
|
||||
/* Control Group Management
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Control%20Group%20Management */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#Delegate="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Delegate="),
|
||||
SD_VARLINK_DEFINE_FIELD(Delegate, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DelegateSubgroup="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DelegateSubgroup="),
|
||||
SD_VARLINK_DEFINE_FIELD(DelegateSubgroup, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DisableControllers="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DisableControllers="),
|
||||
SD_VARLINK_DEFINE_FIELD(DelegateControllers, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#DisableControllers="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DisableControllers="),
|
||||
SD_VARLINK_DEFINE_FIELD(DisableControllers, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
|
||||
/* Memory Pressure Control
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Memory%20Pressure%20Control */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"),
|
||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMSwap, SD_VARLINK_STRING, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"),
|
||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressure, SD_VARLINK_STRING, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMMemoryPressureLimit="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMMemoryPressureLimit="),
|
||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressureLimit, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMMemoryPressureDurationSec="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMMemoryPressureDurationSec="),
|
||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressureDurationUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#ManagedOOMPreference=none%7Cavoid%7Comit"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMPreference=none%7Cavoid%7Comit"),
|
||||
SD_VARLINK_DEFINE_FIELD(ManagedOOMPreference, SD_VARLINK_STRING, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryPressureWatch="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryPressureWatch="),
|
||||
SD_VARLINK_DEFINE_FIELD(MemoryPressureWatch, SD_VARLINK_STRING, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.resource-control.html#MemoryPressureThresholdSec="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryPressureThresholdSec="),
|
||||
SD_VARLINK_DEFINE_FIELD(MemoryPressureThresholdUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
|
||||
/* Others */
|
||||
@ -259,107 +259,107 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE(
|
||||
|
||||
/* [Unit] Section Options
|
||||
* https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#%5BUnit%5D%20Section%20Options */
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Description="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Description="),
|
||||
SD_VARLINK_DEFINE_FIELD(Description, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Documentation="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Documentation="),
|
||||
SD_VARLINK_DEFINE_FIELD(Documentation, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Wants="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Wants="),
|
||||
SD_VARLINK_DEFINE_FIELD(Wants, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#WantedBy="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#WantedBy="),
|
||||
SD_VARLINK_DEFINE_FIELD(WantedBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Requires="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Requires="),
|
||||
SD_VARLINK_DEFINE_FIELD(Requires, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#WantedBy="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#WantedBy="),
|
||||
SD_VARLINK_DEFINE_FIELD(RequiredBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Requisite="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Requisite="),
|
||||
SD_VARLINK_DEFINE_FIELD(Requisite, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Requisite="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Requisite="),
|
||||
SD_VARLINK_DEFINE_FIELD(RequisiteOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#BindsTo="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#BindsTo="),
|
||||
SD_VARLINK_DEFINE_FIELD(BindsTo, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#BindsTo="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#BindsTo="),
|
||||
SD_VARLINK_DEFINE_FIELD(BoundBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PartOf="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PartOf="),
|
||||
SD_VARLINK_DEFINE_FIELD(PartOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PartOf="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PartOf="),
|
||||
SD_VARLINK_DEFINE_FIELD(ConsistsOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Upholds="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Upholds="),
|
||||
SD_VARLINK_DEFINE_FIELD(Upholds, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#WantedBy="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#WantedBy="),
|
||||
SD_VARLINK_DEFINE_FIELD(UpheldBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Conflicts="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Conflicts="),
|
||||
SD_VARLINK_DEFINE_FIELD(Conflicts, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("The ConflictedBy= dependencies of this unit"),
|
||||
SD_VARLINK_DEFINE_FIELD(ConflictedBy, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Before="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Before="),
|
||||
SD_VARLINK_DEFINE_FIELD(Before, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#Before="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Before="),
|
||||
SD_VARLINK_DEFINE_FIELD(After, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#OnFailure="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#OnFailure="),
|
||||
SD_VARLINK_DEFINE_FIELD(OnFailure, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("The OnFailureOf= dependencies of this unit"),
|
||||
SD_VARLINK_DEFINE_FIELD(OnFailureOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#OnSuccess="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#OnSuccess="),
|
||||
SD_VARLINK_DEFINE_FIELD(OnSuccess, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("The OnSuccessOf= dependencies of this unit"),
|
||||
SD_VARLINK_DEFINE_FIELD(OnSuccessOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PropagatesReloadTo="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PropagatesReloadTo="),
|
||||
SD_VARLINK_DEFINE_FIELD(PropagatesReloadTo, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PropagatesReloadTo="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PropagatesReloadTo="),
|
||||
SD_VARLINK_DEFINE_FIELD(ReloadPropagatedFrom, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PropagatesStopTo="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PropagatesStopTo="),
|
||||
SD_VARLINK_DEFINE_FIELD(PropagatesStopTo, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#PropagatesStopTo="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PropagatesStopTo="),
|
||||
SD_VARLINK_DEFINE_FIELD(StopPropagatedFrom, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JoinsNamespaceOf="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JoinsNamespaceOf="),
|
||||
SD_VARLINK_DEFINE_FIELD(JoinsNamespaceOf, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#RequiresMountsFor="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#RequiresMountsFor="),
|
||||
SD_VARLINK_DEFINE_FIELD(RequiresMountsFor, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#WantsMountsFor="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#WantsMountsFor="),
|
||||
SD_VARLINK_DEFINE_FIELD(WantsMountsFor, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#OnSuccessJobMode="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#OnSuccessJobMode="),
|
||||
SD_VARLINK_DEFINE_FIELD(OnSuccessJobMode, SD_VARLINK_STRING, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#OnSuccessJobMode="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#OnSuccessJobMode="),
|
||||
SD_VARLINK_DEFINE_FIELD(OnFailureJobMode, SD_VARLINK_STRING, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#IgnoreOnIsolate="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#IgnoreOnIsolate="),
|
||||
SD_VARLINK_DEFINE_FIELD(IgnoreOnIsolate, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#StopWhenUnneeded="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#StopWhenUnneeded="),
|
||||
SD_VARLINK_DEFINE_FIELD(StopWhenUnneeded, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#RefuseManualStart="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#RefuseManualStart="),
|
||||
SD_VARLINK_DEFINE_FIELD(RefuseManualStart, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#RefuseManualStart="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#RefuseManualStart="),
|
||||
SD_VARLINK_DEFINE_FIELD(RefuseManualStop, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#AllowIsolate="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#AllowIsolate="),
|
||||
SD_VARLINK_DEFINE_FIELD(AllowIsolate, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#DefaultDependencies="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#DefaultDependencies="),
|
||||
SD_VARLINK_DEFINE_FIELD(DefaultDependencies, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#SurviveFinalKillSignal="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#SurviveFinalKillSignal="),
|
||||
SD_VARLINK_DEFINE_FIELD(SurviveFinalKillSignal, SD_VARLINK_BOOL, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#CollectMode="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#CollectMode="),
|
||||
SD_VARLINK_DEFINE_FIELD(CollectMode, SD_VARLINK_STRING, 0),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#FailureAction="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#FailureAction="),
|
||||
SD_VARLINK_DEFINE_FIELD(FailureAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#FailureAction="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#FailureAction="),
|
||||
SD_VARLINK_DEFINE_FIELD(SuccessAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#FailureActionExitStatus="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#FailureActionExitStatus="),
|
||||
SD_VARLINK_DEFINE_FIELD(FailureActionExitStatus, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#FailureActionExitStatus="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#FailureActionExitStatus="),
|
||||
SD_VARLINK_DEFINE_FIELD(SuccessActionExitStatus, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JobTimeoutSec="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JobTimeoutSec="),
|
||||
SD_VARLINK_DEFINE_FIELD(JobTimeoutUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JobTimeoutSec="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JobTimeoutSec="),
|
||||
SD_VARLINK_DEFINE_FIELD(JobRunningTimeoutUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JobTimeoutAction="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JobTimeoutAction="),
|
||||
SD_VARLINK_DEFINE_FIELD(JobTimeoutAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#JobTimeoutAction="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#JobTimeoutAction="),
|
||||
SD_VARLINK_DEFINE_FIELD(JobTimeoutRebootArgument, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#StartLimitIntervalSec=interval"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#StartLimitIntervalSec=interval"),
|
||||
SD_VARLINK_DEFINE_FIELD_BY_TYPE(StartLimit, RateLimit, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#StartLimitIntervalSec=interval"),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#StartLimitIntervalSec=interval"),
|
||||
SD_VARLINK_DEFINE_FIELD(StartLimitAction, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#RebootArgument="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#RebootArgument="),
|
||||
SD_VARLINK_DEFINE_FIELD(RebootArgument, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd.unit.html#SourcePath="),
|
||||
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#SourcePath="),
|
||||
SD_VARLINK_DEFINE_FIELD(SourcePath, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
|
||||
|
||||
/* Conditions and Asserts
|
||||
|
||||
@ -1862,7 +1862,7 @@ static int merge_subprocess(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = dissected_image_decrypt(m, /* passphrase= */ NULL, &verity_settings, pick_image_policy(img), flags);
|
||||
r = dissected_image_decrypt(m, /* passphrase= */ NULL, &verity_settings, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
||||
@ -52,6 +52,10 @@ typedef void (*_sd_destroy_t)(void *userdata);
|
||||
# define _sd_pure_ __attribute__((__pure__))
|
||||
#endif
|
||||
|
||||
#ifndef _sd_const_
|
||||
# define _sd_const_ __attribute__((__const__))
|
||||
#endif
|
||||
|
||||
/* Note that strictly speaking __deprecated__ has been available before GCC 6. However, starting with GCC 6
|
||||
* it also works on enum values, which we are interested in. Since this is a developer-facing feature anyway
|
||||
* (as opposed to build engineer-facing), let's hence conditionalize this to gcc 6, given that the developers
|
||||
|
||||
@ -115,17 +115,17 @@ int sd_id128_get_invocation_app_specific(sd_id128_t app_id, sd_id128_t *ret);
|
||||
#define SD_ID128_MAKE_UUID_STR(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) \
|
||||
#a #b #c #d "-" #e #f "-" #g #h "-" #i #j "-" #k #l #m #n #o #p
|
||||
|
||||
static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
|
||||
_sd_const_ static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
|
||||
return a.qwords[0] == b.qwords[0] && a.qwords[1] == b.qwords[1];
|
||||
}
|
||||
|
||||
int sd_id128_string_equal(const char *s, sd_id128_t id);
|
||||
|
||||
static __inline__ int sd_id128_is_null(sd_id128_t a) {
|
||||
_sd_const_ static __inline__ int sd_id128_is_null(sd_id128_t a) {
|
||||
return a.qwords[0] == 0 && a.qwords[1] == 0;
|
||||
}
|
||||
|
||||
static __inline__ int sd_id128_is_allf(sd_id128_t a) {
|
||||
_sd_const_ static __inline__ int sd_id128_is_allf(sd_id128_t a) {
|
||||
return a.qwords[0] == UINT64_C(0xFFFFFFFFFFFFFFFF) && a.qwords[1] == UINT64_C(0xFFFFFFFFFFFFFFFF);
|
||||
}
|
||||
|
||||
@ -144,7 +144,7 @@ static __inline__ int sd_id128_in_setv(sd_id128_t a, va_list ap) {
|
||||
}
|
||||
}
|
||||
|
||||
static __inline__ int sd_id128_in_set_sentinel(sd_id128_t a, ...) {
|
||||
_sd_const_ static __inline__ int sd_id128_in_set_sentinel(sd_id128_t a, ...) {
|
||||
va_list ap;
|
||||
int r;
|
||||
|
||||
|
||||
@ -338,7 +338,7 @@ int sd_json_variant_unhex(sd_json_variant *v, void **ret, size_t *ret_size);
|
||||
const char* sd_json_variant_type_to_string(sd_json_variant_type_t t);
|
||||
sd_json_variant_type_t sd_json_variant_type_from_string(const char *s);
|
||||
|
||||
static __inline__ int sd_json_format_enabled(sd_json_format_flags_t flags) {
|
||||
_sd_const_ static __inline__ int sd_json_format_enabled(sd_json_format_flags_t flags) {
|
||||
return !(flags & SD_JSON_FORMAT_OFF);
|
||||
}
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
|
||||
_SD_BEGIN_DECLARATIONS;
|
||||
|
||||
__extension__ enum {
|
||||
enum {
|
||||
/* Temporary files */
|
||||
SD_PATH_TEMPORARY,
|
||||
SD_PATH_TEMPORARY_LARGE,
|
||||
@ -129,8 +129,7 @@ __extension__ enum {
|
||||
SD_PATH_USER_CREDENTIAL_STORE_ENCRYPTED,
|
||||
SD_PATH_USER_SEARCH_CREDENTIAL_STORE_ENCRYPTED,
|
||||
|
||||
_SD_PATH_MAX,
|
||||
_SD_PATH_INVALID = UINT64_MAX
|
||||
_SD_PATH_MAX
|
||||
};
|
||||
|
||||
int sd_path_lookup(uint64_t type, const char *suffix, char **ret);
|
||||
|
||||
@ -2101,6 +2101,12 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
if (strv_length(arg_extra_drives) > 0) {
|
||||
r = strv_extend_many(&cmdline, "-device", "virtio-scsi-pci,id=scsi");
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
if (kernel) {
|
||||
r = strv_extend_many(&cmdline, "-kernel", kernel);
|
||||
if (r < 0)
|
||||
@ -2249,7 +2255,7 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
|
||||
if (strv_extend(&cmdline, "-device") < 0)
|
||||
return log_oom();
|
||||
|
||||
if (strv_extendf(&cmdline, "virtio-blk-pci,drive=vmspawn_extra_%zu,serial=%s", i++, escaped_drive_fn) < 0)
|
||||
if (strv_extendf(&cmdline, "scsi-hd,drive=vmspawn_extra_%zu,serial=%s", i++, escaped_drive_fn) < 0)
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
|
||||
@ -69,12 +69,12 @@ mv "$MINIMAL_IMAGE.fooverity" "$MINIMAL_IMAGE.verity"
|
||||
mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash"
|
||||
|
||||
mkdir -p "$IMAGE_DIR/mount" "$IMAGE_DIR/mount2"
|
||||
SYSTEMD_VERITY_SHARING=1 systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount"
|
||||
systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount"
|
||||
grep -q -F -f "$OS_RELEASE" "$IMAGE_DIR/mount/usr/lib/os-release"
|
||||
grep -q -F -f "$OS_RELEASE" "$IMAGE_DIR/mount/etc/os-release"
|
||||
grep -q -F "MARKER=1" "$IMAGE_DIR/mount/usr/lib/os-release"
|
||||
# Verity volume should be shared (opened only once)
|
||||
SYSTEMD_VERITY_SHARING=1 systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount2"
|
||||
systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount2"
|
||||
verity_count=$(find /dev/mapper/ -name "*verity*" | wc -l)
|
||||
# In theory we should check that count is exactly one. In practice, libdevmapper
|
||||
# randomly and unpredictably fails with an unhelpful EINVAL when a device is open
|
||||
|
||||
@ -60,23 +60,8 @@ if (SYSTEMD_LOG_TARGET=console varlinkctl call \
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# This should work without the key
|
||||
systemd-dissect --image-policy='root=verity:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
||||
systemd-dissect --image-policy='root=verity+signed:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
||||
|
||||
# This should fail before we install the key
|
||||
(! systemd-dissect --image-policy='root=signed:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null)
|
||||
|
||||
# Install key in keychain
|
||||
mkdir -p /run/verity.d
|
||||
cp /tmp/test-50-unpriv-cert.crt /run/verity.d/
|
||||
|
||||
# This should work now
|
||||
systemd-dissect --image-policy='root=signed:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
||||
|
||||
# This should still work
|
||||
systemd-dissect --image-policy='root=verity:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
||||
systemd-dissect --image-policy='root=verity+signed:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null
|
||||
cp /tmp/test-50-unpriv-cert.crt /run/verity.d
|
||||
|
||||
# Now run unpriv again, should be OK now.
|
||||
runas testuser systemd-dissect /var/tmp/unpriv.raw
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user