Compare commits
42 Commits
2a536b9497
...
cd0f94d18a
Author | SHA1 | Date |
---|---|---|
Daan De Meyer | cd0f94d18a | |
Daan De Meyer | c24cfff558 | |
Daan De Meyer | f15e6f0699 | |
Daan De Meyer | 5f25417acb | |
Daan De Meyer | 4bfd8c825d | |
Daan De Meyer | a54b191d59 | |
Daan De Meyer | 3f32239f32 | |
Daan De Meyer | 7f7c1fab74 | |
Daan De Meyer | c07852ab72 | |
Daan De Meyer | 4b7514d10c | |
Daan De Meyer | 9ebec661f9 | |
Yu Watanabe | 5b2926d941 | |
Ani Sinha | 4b356c90dc | |
Léane GRASSER | f28e16d14e | |
Yu Watanabe | 9e05e33871 | |
Lennart Poettering | 95116bdfd5 | |
Lennart Poettering | 2bd290ca02 | |
Yu Watanabe | 1e9fb1d456 | |
Yu Watanabe | 56c761f8c6 | |
Yu Watanabe | b76730f3fe | |
Yu Watanabe | 3dda236c5c | |
Zbigniew Jędrzejewski-Szmek | 5598454a3f | |
Yu Watanabe | 2994ca354b | |
Yu Watanabe | eb14b993bb | |
Christian Hesse | c946b13575 | |
Lennart Poettering | e39cbb1442 | |
Marco Tomaschett | bc4a027f9c | |
Lennart Poettering | d209e197f8 | |
Antonio Alvarez Feijoo | 9ed090230e | |
Luca Boccassi | 9bf6ffe166 | |
Lennart Poettering | 47c5ca237b | |
Lennart Poettering | 7f8a4f12df | |
Lennart Poettering | e412fc5e04 | |
Lennart Poettering | cc6baba720 | |
Lennart Poettering | 3ae48d071c | |
Antonio Alvarez Feijoo | 2ccacdd57c | |
Yu Watanabe | d99198819c | |
Tobias Zimmermann | f70e5620b6 | |
Zbigniew Jędrzejewski-Szmek | 3127c71bf4 | |
Yuri Chornoivan | b153eebfb2 | |
Zbigniew Jędrzejewski-Szmek | 2c06e40ae9 | |
Zbigniew Jędrzejewski-Szmek | 5ca9149464 |
|
@ -37,7 +37,7 @@ jobs:
|
||||||
VALIDATE_GITHUB_ACTIONS: true
|
VALIDATE_GITHUB_ACTIONS: true
|
||||||
|
|
||||||
- name: Check that tabs are not used in Python code
|
- name: Check that tabs are not used in Python code
|
||||||
run: sh -c '! git grep -P "\\t" -- src/ukify/ukify.py'
|
run: sh -c '! git grep -P "\\t" -- src/ukify/ukify.py test/integration-test-wrapper.py'
|
||||||
|
|
||||||
- name: Install ruff and mypy
|
- name: Install ruff and mypy
|
||||||
run: |
|
run: |
|
||||||
|
@ -47,14 +47,14 @@ jobs:
|
||||||
- name: Run mypy
|
- name: Run mypy
|
||||||
run: |
|
run: |
|
||||||
python3 -m mypy --version
|
python3 -m mypy --version
|
||||||
python3 -m mypy src/ukify/ukify.py
|
python3 -m mypy src/ukify/ukify.py test/integration-test-wrapper.py
|
||||||
|
|
||||||
- name: Run ruff check
|
- name: Run ruff check
|
||||||
run: |
|
run: |
|
||||||
ruff --version
|
ruff --version
|
||||||
ruff check src/ukify/ukify.py
|
ruff check src/ukify/ukify.py test/integration-test-wrapper.py
|
||||||
|
|
||||||
- name: Run ruff format
|
- name: Run ruff format
|
||||||
run: |
|
run: |
|
||||||
ruff --version
|
ruff --version
|
||||||
ruff format --check src/ukify/ukify.py
|
ruff format --check src/ukify/ukify.py test/integration-test-wrapper.py
|
||||||
|
|
|
@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
|
||||||
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
|
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
|
||||||
KEYBOARD_KEY_c01b7=audio # My Music (F12)
|
KEYBOARD_KEY_c01b7=audio # My Music (F12)
|
||||||
|
|
||||||
|
# Logitech MX Keys for Mac
|
||||||
|
evdev:input:b0003v046Dp4092*
|
||||||
|
KEYBOARD_KEY_70035=102nd # '<' key
|
||||||
|
KEYBOARD_KEY_70064=grave # '^' key
|
||||||
|
|
||||||
###########################################################
|
###########################################################
|
||||||
# Maxdata
|
# Maxdata
|
||||||
###########################################################
|
###########################################################
|
||||||
|
|
|
@ -953,6 +953,15 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
|
||||||
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
|
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
|
||||||
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
||||||
|
|
||||||
|
#########################################
|
||||||
|
# Pine64
|
||||||
|
#########################################
|
||||||
|
|
||||||
|
# PineTab2
|
||||||
|
|
||||||
|
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
|
||||||
|
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
# Pipo
|
# Pipo
|
||||||
#########################################
|
#########################################
|
||||||
|
|
|
@ -391,7 +391,7 @@
|
||||||
<title>Exit status</title>
|
<title>Exit status</title>
|
||||||
<para>On success, 0 is returned; otherwise, a non-zero failure
|
<para>On success, 0 is returned; otherwise, a non-zero failure
|
||||||
code is returned. Not finding any matching core dumps is treated as
|
code is returned. Not finding any matching core dumps is treated as
|
||||||
failure.
|
failure unless JSON output is enabled.
|
||||||
</para>
|
</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
|
|
@ -265,32 +265,11 @@
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Options</title>
|
<title>Unlocking</title>
|
||||||
|
|
||||||
<para>The following options are understood:</para>
|
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
|
||||||
|
|
||||||
<variablelist>
|
<variablelist>
|
||||||
<varlistentry>
|
|
||||||
<term><option>--password</option></term>
|
|
||||||
|
|
||||||
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
|
||||||
<command>cryptsetup luksAddKey</command>, however may be combined with
|
|
||||||
<option>--wipe-slot=</option> in one call, see below.</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><option>--recovery-key</option></term>
|
|
||||||
|
|
||||||
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
|
||||||
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
|
||||||
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
|
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
|
||||||
|
|
||||||
|
@ -328,7 +307,45 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Simple Enrollment</title>
|
||||||
|
|
||||||
|
<para>The following options are understood that may be used to enroll simple user input based
|
||||||
|
unlocking:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--password</option></term>
|
||||||
|
|
||||||
|
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
||||||
|
<command>cryptsetup luksAddKey</command>, however may be combined with
|
||||||
|
<option>--wipe-slot=</option> in one call, see below.</para>
|
||||||
|
|
||||||
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--recovery-key</option></term>
|
||||||
|
|
||||||
|
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
||||||
|
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
||||||
|
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>PKCS#11 Enrollment</title>
|
||||||
|
|
||||||
|
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
|
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
|
||||||
|
|
||||||
|
@ -361,7 +378,15 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>FIDO2 Enrollment</title>
|
||||||
|
|
||||||
|
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
|
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
|
||||||
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
|
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
|
||||||
|
@ -461,7 +486,15 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>TPM2 Enrollment</title>
|
||||||
|
|
||||||
|
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
|
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
|
||||||
|
|
||||||
|
@ -636,7 +669,15 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Other Options</title>
|
||||||
|
|
||||||
|
<para>The following additional options are understood:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
|
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ Environment=
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
Packages=
|
Packages=
|
||||||
|
clangd
|
||||||
compiler-rt
|
compiler-rt
|
||||||
gdb
|
gdb
|
||||||
git-core
|
git-core
|
||||||
|
|
|
@ -15,6 +15,7 @@ Environment=
|
||||||
[Content]
|
[Content]
|
||||||
Packages=
|
Packages=
|
||||||
apt
|
apt
|
||||||
|
clangd
|
||||||
erofs-utils
|
erofs-utils
|
||||||
git-core
|
git-core
|
||||||
libclang-rt-dev
|
libclang-rt-dev
|
||||||
|
|
|
@ -12,6 +12,7 @@ Environment=
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
Packages=
|
Packages=
|
||||||
|
clang
|
||||||
diffutils
|
diffutils
|
||||||
erofs-utils
|
erofs-utils
|
||||||
gcc-c++
|
gcc-c++
|
||||||
|
|
|
@ -57,6 +57,8 @@ wrap=(
|
||||||
delv
|
delv
|
||||||
dhcpd
|
dhcpd
|
||||||
dig
|
dig
|
||||||
|
dnf
|
||||||
|
dnf5
|
||||||
dmsetup
|
dmsetup
|
||||||
dnsmasq
|
dnsmasq
|
||||||
findmnt
|
findmnt
|
||||||
|
|
4
po/fr.po
4
po/fr.po
|
@ -12,7 +12,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
"PO-Revision-Date: 2024-11-23 10:38+0000\n"
|
||||||
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
|
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
|
||||||
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
|
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
|
||||||
"main/fr/>\n"
|
"main/fr/>\n"
|
||||||
|
@ -1258,7 +1258,7 @@ msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
msgstr "Gérer les fonctionnalités en option"
|
msgstr "Gérer les fonctionnalités facultatives"
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
|
|
10
po/uk.po
10
po/uk.po
|
@ -9,8 +9,8 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
"PO-Revision-Date: 2024-11-21 19:38+0000\n"
|
||||||
"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n"
|
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
|
||||||
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
|
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
|
||||||
"systemd/main/uk/>\n"
|
"systemd/main/uk/>\n"
|
||||||
"Language: uk\n"
|
"Language: uk\n"
|
||||||
|
@ -120,11 +120,11 @@ msgstr "Для оновлення домашньої теки користува
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:53
|
#: src/home/org.freedesktop.home1.policy:53
|
||||||
msgid "Update your home area"
|
msgid "Update your home area"
|
||||||
msgstr "Оновіть свій домашній простір"
|
msgstr "Оновлення домашньої області"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:54
|
#: src/home/org.freedesktop.home1.policy:54
|
||||||
msgid "Authentication is required to update your home area."
|
msgid "Authentication is required to update your home area."
|
||||||
msgstr "Для оновлення домашньої області потрібна автентифікація."
|
msgstr "Для оновлення домашньої області слід пройти розпізнавання."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:63
|
#: src/home/org.freedesktop.home1.policy:63
|
||||||
msgid "Resize a home area"
|
msgid "Resize a home area"
|
||||||
|
@ -1215,7 +1215,7 @@ msgstr "Керування додатковими функціями"
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr "Для керування додатковими функціями потрібна автентифікація"
|
msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
|
@ -38,19 +38,12 @@ __get_tpm2_devices() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
__get_block_devices() {
|
|
||||||
local i
|
|
||||||
for i in /dev/*; do
|
|
||||||
[ -b "$i" ] && printf '%s\n' "$i"
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
_systemd_cryptenroll() {
|
_systemd_cryptenroll() {
|
||||||
local comps
|
local comps
|
||||||
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
|
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
|
||||||
local -A OPTS=(
|
local -A OPTS=(
|
||||||
[STANDALONE]='-h --help --version
|
[STANDALONE]='-h --help --version
|
||||||
--password --recovery-key'
|
--password --recovery-key --list-devices'
|
||||||
[ARG]='--unlock-key-file
|
[ARG]='--unlock-key-file
|
||||||
--unlock-fido2-device
|
--unlock-fido2-device
|
||||||
--unlock-tpm2-device
|
--unlock-tpm2-device
|
||||||
|
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
comps=$(__get_block_devices)
|
comps=$(systemd-cryptenroll --list-devices)
|
||||||
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
#define AUTOFS_MIN_PROTO_VERSION 3
|
#define AUTOFS_MIN_PROTO_VERSION 3
|
||||||
#define AUTOFS_MAX_PROTO_VERSION 5
|
#define AUTOFS_MAX_PROTO_VERSION 5
|
||||||
|
|
||||||
#define AUTOFS_PROTO_SUBVERSION 5
|
#define AUTOFS_PROTO_SUBVERSION 6
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The wait_queue_token (autofs_wqt_t) is part of a structure which is passed
|
* The wait_queue_token (autofs_wqt_t) is part of a structure which is passed
|
||||||
|
|
|
@ -1121,6 +1121,9 @@ enum bpf_attach_type {
|
||||||
|
|
||||||
#define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE
|
#define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE
|
||||||
|
|
||||||
|
/* Add BPF_LINK_TYPE(type, name) in bpf_types.h to keep bpf_link_type_strs[]
|
||||||
|
* in sync with the definitions below.
|
||||||
|
*/
|
||||||
enum bpf_link_type {
|
enum bpf_link_type {
|
||||||
BPF_LINK_TYPE_UNSPEC = 0,
|
BPF_LINK_TYPE_UNSPEC = 0,
|
||||||
BPF_LINK_TYPE_RAW_TRACEPOINT = 1,
|
BPF_LINK_TYPE_RAW_TRACEPOINT = 1,
|
||||||
|
@ -2851,7 +2854,7 @@ union bpf_attr {
|
||||||
* **TCP_SYNCNT**, **TCP_USER_TIMEOUT**, **TCP_NOTSENT_LOWAT**,
|
* **TCP_SYNCNT**, **TCP_USER_TIMEOUT**, **TCP_NOTSENT_LOWAT**,
|
||||||
* **TCP_NODELAY**, **TCP_MAXSEG**, **TCP_WINDOW_CLAMP**,
|
* **TCP_NODELAY**, **TCP_MAXSEG**, **TCP_WINDOW_CLAMP**,
|
||||||
* **TCP_THIN_LINEAR_TIMEOUTS**, **TCP_BPF_DELACK_MAX**,
|
* **TCP_THIN_LINEAR_TIMEOUTS**, **TCP_BPF_DELACK_MAX**,
|
||||||
* **TCP_BPF_RTO_MIN**.
|
* **TCP_BPF_RTO_MIN**, **TCP_BPF_SOCK_OPS_CB_FLAGS**.
|
||||||
* * **IPPROTO_IP**, which supports *optname* **IP_TOS**.
|
* * **IPPROTO_IP**, which supports *optname* **IP_TOS**.
|
||||||
* * **IPPROTO_IPV6**, which supports the following *optname*\ s:
|
* * **IPPROTO_IPV6**, which supports the following *optname*\ s:
|
||||||
* **IPV6_TCLASS**, **IPV6_AUTOFLOWLABEL**.
|
* **IPV6_TCLASS**, **IPV6_AUTOFLOWLABEL**.
|
||||||
|
@ -5519,11 +5522,12 @@ union bpf_attr {
|
||||||
* **-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if
|
* **-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if
|
||||||
* invalid arguments are passed.
|
* invalid arguments are passed.
|
||||||
*
|
*
|
||||||
* void *bpf_kptr_xchg(void *map_value, void *ptr)
|
* void *bpf_kptr_xchg(void *dst, void *ptr)
|
||||||
* Description
|
* Description
|
||||||
* Exchange kptr at pointer *map_value* with *ptr*, and return the
|
* Exchange kptr at pointer *dst* with *ptr*, and return the old value.
|
||||||
* old value. *ptr* can be NULL, otherwise it must be a referenced
|
* *dst* can be map value or local kptr. *ptr* can be NULL, otherwise
|
||||||
* pointer which will be released when this helper is called.
|
* it must be a referenced pointer which will be released when this helper
|
||||||
|
* is called.
|
||||||
* Return
|
* Return
|
||||||
* The old value of kptr (which can be NULL). The returned pointer
|
* The old value of kptr (which can be NULL). The returned pointer
|
||||||
* if not NULL, is a reference which must be released using its
|
* if not NULL, is a reference which must be released using its
|
||||||
|
@ -6046,11 +6050,6 @@ enum {
|
||||||
BPF_F_MARK_ENFORCE = (1ULL << 6),
|
BPF_F_MARK_ENFORCE = (1ULL << 6),
|
||||||
};
|
};
|
||||||
|
|
||||||
/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */
|
|
||||||
enum {
|
|
||||||
BPF_F_INGRESS = (1ULL << 0),
|
|
||||||
};
|
|
||||||
|
|
||||||
/* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */
|
/* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */
|
||||||
enum {
|
enum {
|
||||||
BPF_F_TUNINFO_IPV6 = (1ULL << 0),
|
BPF_F_TUNINFO_IPV6 = (1ULL << 0),
|
||||||
|
@ -6197,10 +6196,12 @@ enum {
|
||||||
BPF_F_BPRM_SECUREEXEC = (1ULL << 0),
|
BPF_F_BPRM_SECUREEXEC = (1ULL << 0),
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Flags for bpf_redirect_map helper */
|
/* Flags for bpf_redirect and bpf_redirect_map helpers */
|
||||||
enum {
|
enum {
|
||||||
BPF_F_BROADCAST = (1ULL << 3),
|
BPF_F_INGRESS = (1ULL << 0), /* used for skb path */
|
||||||
BPF_F_EXCLUDE_INGRESS = (1ULL << 4),
|
BPF_F_BROADCAST = (1ULL << 3), /* used for XDP path */
|
||||||
|
BPF_F_EXCLUDE_INGRESS = (1ULL << 4), /* used for XDP path */
|
||||||
|
#define BPF_F_REDIRECT_FLAGS (BPF_F_INGRESS | BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS)
|
||||||
};
|
};
|
||||||
|
|
||||||
#define __bpf_md_ptr(type, name) \
|
#define __bpf_md_ptr(type, name) \
|
||||||
|
@ -7080,6 +7081,7 @@ enum {
|
||||||
TCP_BPF_SYN = 1005, /* Copy the TCP header */
|
TCP_BPF_SYN = 1005, /* Copy the TCP header */
|
||||||
TCP_BPF_SYN_IP = 1006, /* Copy the IP[46] and TCP header */
|
TCP_BPF_SYN_IP = 1006, /* Copy the IP[46] and TCP header */
|
||||||
TCP_BPF_SYN_MAC = 1007, /* Copy the MAC, IP[46], and TCP header */
|
TCP_BPF_SYN_MAC = 1007, /* Copy the MAC, IP[46], and TCP header */
|
||||||
|
TCP_BPF_SOCK_OPS_CB_FLAGS = 1008, /* Get or Set TCP sock ops flags */
|
||||||
};
|
};
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
|
@ -7512,4 +7514,13 @@ struct bpf_iter_num {
|
||||||
__u64 __opaque[1];
|
__u64 __opaque[1];
|
||||||
} __attribute__((aligned(8)));
|
} __attribute__((aligned(8)));
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Flags to control BPF kfunc behaviour.
|
||||||
|
* - BPF_F_PAD_ZEROS: Pad destination buffer with zeros. (See the respective
|
||||||
|
* helper documentation for details.)
|
||||||
|
*/
|
||||||
|
enum bpf_kfunc_flags {
|
||||||
|
BPF_F_PAD_ZEROS = (1ULL << 0),
|
||||||
|
};
|
||||||
|
|
||||||
#endif /* __LINUX_BPF_H__ */
|
#endif /* __LINUX_BPF_H__ */
|
||||||
|
|
|
@ -28,6 +28,23 @@
|
||||||
#define _BITUL(x) (_UL(1) << (x))
|
#define _BITUL(x) (_UL(1) << (x))
|
||||||
#define _BITULL(x) (_ULL(1) << (x))
|
#define _BITULL(x) (_ULL(1) << (x))
|
||||||
|
|
||||||
|
#if !defined(__ASSEMBLY__)
|
||||||
|
/*
|
||||||
|
* Missing __asm__ support
|
||||||
|
*
|
||||||
|
* __BIT128() would not work in the __asm__ code, as it shifts an
|
||||||
|
* 'unsigned __init128' data type as direct representation of
|
||||||
|
* 128 bit constants is not supported in the gcc compiler, as
|
||||||
|
* they get silently truncated.
|
||||||
|
*
|
||||||
|
* TODO: Please revisit this implementation when gcc compiler
|
||||||
|
* starts representing 128 bit constants directly like long
|
||||||
|
* and unsigned long etc. Subsequently drop the comment for
|
||||||
|
* GENMASK_U128() which would then start supporting __asm__ code.
|
||||||
|
*/
|
||||||
|
#define _BIT128(x) ((unsigned __int128)(1) << (x))
|
||||||
|
#endif
|
||||||
|
|
||||||
#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1)
|
#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1)
|
||||||
#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))
|
#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))
|
||||||
|
|
||||||
|
|
|
@ -2531,4 +2531,20 @@ struct ethtool_link_settings {
|
||||||
* __u32 map_lp_advertising[link_mode_masks_nwords];
|
* __u32 map_lp_advertising[link_mode_masks_nwords];
|
||||||
*/
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* enum phy_upstream - Represents the upstream component a given PHY device
|
||||||
|
* is connected to, as in what is on the other end of the MII bus. Most PHYs
|
||||||
|
* will be attached to an Ethernet MAC controller, but in some cases, there's
|
||||||
|
* an intermediate PHY used as a media-converter, which will driver another
|
||||||
|
* MII interface as its output.
|
||||||
|
* @PHY_UPSTREAM_MAC: Upstream component is a MAC (a switch port,
|
||||||
|
* or ethernet controller)
|
||||||
|
* @PHY_UPSTREAM_PHY: Upstream component is a PHY (likely a media converter)
|
||||||
|
*/
|
||||||
|
enum phy_upstream {
|
||||||
|
PHY_UPSTREAM_MAC,
|
||||||
|
PHY_UPSTREAM_PHY,
|
||||||
|
};
|
||||||
|
|
||||||
#endif /* _LINUX_ETHTOOL_H */
|
#endif /* _LINUX_ETHTOOL_H */
|
||||||
|
|
|
@ -67,6 +67,7 @@ enum {
|
||||||
FRA_IP_PROTO, /* ip proto */
|
FRA_IP_PROTO, /* ip proto */
|
||||||
FRA_SPORT_RANGE, /* sport */
|
FRA_SPORT_RANGE, /* sport */
|
||||||
FRA_DPORT_RANGE, /* dport */
|
FRA_DPORT_RANGE, /* dport */
|
||||||
|
FRA_DSCP, /* dscp */
|
||||||
__FRA_MAX
|
__FRA_MAX
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -230,8 +230,8 @@ struct tpacket_hdr_v1 {
|
||||||
* ts_first_pkt:
|
* ts_first_pkt:
|
||||||
* Is always the time-stamp when the block was opened.
|
* Is always the time-stamp when the block was opened.
|
||||||
* Case a) ZERO packets
|
* Case a) ZERO packets
|
||||||
* No packets to deal with but atleast you know the
|
* No packets to deal with but at least you know
|
||||||
* time-interval of this block.
|
* the time-interval of this block.
|
||||||
* Case b) Non-zero packets
|
* Case b) Non-zero packets
|
||||||
* Use the ts of the first packet in the block.
|
* Use the ts of the first packet in the block.
|
||||||
*
|
*
|
||||||
|
@ -265,7 +265,8 @@ enum tpacket_versions {
|
||||||
- struct tpacket_hdr
|
- struct tpacket_hdr
|
||||||
- pad to TPACKET_ALIGNMENT=16
|
- pad to TPACKET_ALIGNMENT=16
|
||||||
- struct sockaddr_ll
|
- struct sockaddr_ll
|
||||||
- Gap, chosen so that packet data (Start+tp_net) alignes to TPACKET_ALIGNMENT=16
|
- Gap, chosen so that packet data (Start+tp_net) aligns to
|
||||||
|
TPACKET_ALIGNMENT=16
|
||||||
- Start+tp_mac: [ Optional MAC header ]
|
- Start+tp_mac: [ Optional MAC header ]
|
||||||
- Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16.
|
- Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16.
|
||||||
- Pad to align to TPACKET_ALIGNMENT=16
|
- Pad to align to TPACKET_ALIGNMENT=16
|
||||||
|
|
|
@ -141,7 +141,7 @@ struct in_addr {
|
||||||
*/
|
*/
|
||||||
#define IP_PMTUDISC_INTERFACE 4
|
#define IP_PMTUDISC_INTERFACE 4
|
||||||
/* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get
|
/* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get
|
||||||
* fragmented if they exeed the interface mtu
|
* fragmented if they exceed the interface mtu
|
||||||
*/
|
*/
|
||||||
#define IP_PMTUDISC_OMIT 5
|
#define IP_PMTUDISC_OMIT 5
|
||||||
|
|
||||||
|
|
|
@ -140,25 +140,6 @@
|
||||||
|
|
||||||
#endif /* _NETINET_IN_H */
|
#endif /* _NETINET_IN_H */
|
||||||
|
|
||||||
/* Coordinate with glibc netipx/ipx.h header. */
|
|
||||||
#if defined(__NETIPX_IPX_H)
|
|
||||||
|
|
||||||
#define __UAPI_DEF_SOCKADDR_IPX 0
|
|
||||||
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 0
|
|
||||||
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 0
|
|
||||||
#define __UAPI_DEF_IPX_CONFIG_DATA 0
|
|
||||||
#define __UAPI_DEF_IPX_ROUTE_DEF 0
|
|
||||||
|
|
||||||
#else /* defined(__NETIPX_IPX_H) */
|
|
||||||
|
|
||||||
#define __UAPI_DEF_SOCKADDR_IPX 1
|
|
||||||
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
|
|
||||||
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
|
|
||||||
#define __UAPI_DEF_IPX_CONFIG_DATA 1
|
|
||||||
#define __UAPI_DEF_IPX_ROUTE_DEF 1
|
|
||||||
|
|
||||||
#endif /* defined(__NETIPX_IPX_H) */
|
|
||||||
|
|
||||||
/* Definitions for xattr.h */
|
/* Definitions for xattr.h */
|
||||||
#if defined(_SYS_XATTR_H)
|
#if defined(_SYS_XATTR_H)
|
||||||
#define __UAPI_DEF_XATTR 0
|
#define __UAPI_DEF_XATTR 0
|
||||||
|
@ -240,23 +221,6 @@
|
||||||
#define __UAPI_DEF_IP6_MTUINFO 1
|
#define __UAPI_DEF_IP6_MTUINFO 1
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Definitions for ipx.h */
|
|
||||||
#ifndef __UAPI_DEF_SOCKADDR_IPX
|
|
||||||
#define __UAPI_DEF_SOCKADDR_IPX 1
|
|
||||||
#endif
|
|
||||||
#ifndef __UAPI_DEF_IPX_ROUTE_DEFINITION
|
|
||||||
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
|
|
||||||
#endif
|
|
||||||
#ifndef __UAPI_DEF_IPX_INTERFACE_DEFINITION
|
|
||||||
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
|
|
||||||
#endif
|
|
||||||
#ifndef __UAPI_DEF_IPX_CONFIG_DATA
|
|
||||||
#define __UAPI_DEF_IPX_CONFIG_DATA 1
|
|
||||||
#endif
|
|
||||||
#ifndef __UAPI_DEF_IPX_ROUTE_DEF
|
|
||||||
#define __UAPI_DEF_IPX_ROUTE_DEF 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Definitions for xattr.h */
|
/* Definitions for xattr.h */
|
||||||
#ifndef __UAPI_DEF_XATTR
|
#ifndef __UAPI_DEF_XATTR
|
||||||
#define __UAPI_DEF_XATTR 1
|
#define __UAPI_DEF_XATTR 1
|
||||||
|
|
|
@ -436,7 +436,7 @@ enum nft_set_elem_flags {
|
||||||
* @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data)
|
* @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data)
|
||||||
* @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes)
|
* @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes)
|
||||||
* @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32)
|
* @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32)
|
||||||
* @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64)
|
* @NFTA_SET_ELEM_TIMEOUT: timeout value, zero means never times out (NLA_U64)
|
||||||
* @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64)
|
* @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64)
|
||||||
* @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY)
|
* @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY)
|
||||||
* @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes)
|
* @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes)
|
||||||
|
@ -1694,7 +1694,7 @@ enum nft_flowtable_flags {
|
||||||
*
|
*
|
||||||
* @NFTA_FLOWTABLE_TABLE: name of the table containing the expression (NLA_STRING)
|
* @NFTA_FLOWTABLE_TABLE: name of the table containing the expression (NLA_STRING)
|
||||||
* @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING)
|
* @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING)
|
||||||
* @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32)
|
* @NFTA_FLOWTABLE_HOOK: netfilter hook configuration (NLA_NESTED)
|
||||||
* @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32)
|
* @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32)
|
||||||
* @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64)
|
* @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64)
|
||||||
* @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32)
|
* @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32)
|
||||||
|
|
|
@ -16,10 +16,15 @@ struct nhmsg {
|
||||||
struct nexthop_grp {
|
struct nexthop_grp {
|
||||||
__u32 id; /* nexthop id - must exist */
|
__u32 id; /* nexthop id - must exist */
|
||||||
__u8 weight; /* weight of this nexthop */
|
__u8 weight; /* weight of this nexthop */
|
||||||
__u8 resvd1;
|
__u8 weight_high; /* high order bits of weight */
|
||||||
__u16 resvd2;
|
__u16 resvd2;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static __inline__ __u16 nexthop_grp_weight(const struct nexthop_grp *entry)
|
||||||
|
{
|
||||||
|
return ((entry->weight_high << 8) | entry->weight) + 1;
|
||||||
|
}
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
NEXTHOP_GRP_TYPE_MPATH, /* hash-threshold nexthop group
|
NEXTHOP_GRP_TYPE_MPATH, /* hash-threshold nexthop group
|
||||||
* default type if not specified
|
* default type if not specified
|
||||||
|
@ -33,6 +38,9 @@ enum {
|
||||||
#define NHA_OP_FLAG_DUMP_STATS BIT(0)
|
#define NHA_OP_FLAG_DUMP_STATS BIT(0)
|
||||||
#define NHA_OP_FLAG_DUMP_HW_STATS BIT(1)
|
#define NHA_OP_FLAG_DUMP_HW_STATS BIT(1)
|
||||||
|
|
||||||
|
/* Response OP_FLAGS. */
|
||||||
|
#define NHA_OP_FLAG_RESP_GRP_RESVD_0 BIT(31) /* Dump clears resvd fields. */
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
NHA_UNSPEC,
|
NHA_UNSPEC,
|
||||||
NHA_ID, /* u32; id for nexthop. id == 0 means auto-assign */
|
NHA_ID, /* u32; id for nexthop. id == 0 means auto-assign */
|
||||||
|
|
|
@ -531,20 +531,24 @@ int is_idmapping_supported(const char *path) {
|
||||||
userns_fd = userns_acquire(uid_map, gid_map);
|
userns_fd = userns_acquire(uid_map, gid_map);
|
||||||
if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd))
|
if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd))
|
||||||
return false;
|
return false;
|
||||||
|
if (userns_fd == -ENOSPC) {
|
||||||
|
log_debug_errno(userns_fd, "Failed to acquire new user namespace, user.max_user_namespaces seems to be exhausted or maybe even zero, assuming ID-mapping is not supported: %m");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if (userns_fd < 0)
|
if (userns_fd < 0)
|
||||||
return log_debug_errno(userns_fd, "ID-mapping supported namespace acquire failed for '%s' : %m", path);
|
return log_debug_errno(userns_fd, "Failed to acquire new user namespace for checking if '%s' supports ID-mapping: %m", path);
|
||||||
|
|
||||||
dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
|
dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
|
||||||
if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd))
|
if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd))
|
||||||
return false;
|
return false;
|
||||||
if (dir_fd < 0)
|
if (dir_fd < 0)
|
||||||
return log_debug_errno(dir_fd, "ID-mapping supported open failed for '%s' : %m", path);
|
return log_debug_errno(dir_fd, "Failed to open '%s', cannot determine if ID-mapping is supported: %m", path);
|
||||||
|
|
||||||
mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC));
|
mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC));
|
||||||
if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL)
|
if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL)
|
||||||
return false;
|
return false;
|
||||||
if (mount_fd < 0)
|
if (mount_fd < 0)
|
||||||
return log_debug_errno(mount_fd, "ID-mapping supported open_tree failed for '%s' : %m", path);
|
return log_debug_errno(mount_fd, "Failed to open mount tree '%s', cannot determine if ID-mapping is supported: %m", path);
|
||||||
|
|
||||||
r = RET_NERRNO(mount_setattr(mount_fd, "", AT_EMPTY_PATH,
|
r = RET_NERRNO(mount_setattr(mount_fd, "", AT_EMPTY_PATH,
|
||||||
&(struct mount_attr) {
|
&(struct mount_attr) {
|
||||||
|
@ -554,7 +558,7 @@ int is_idmapping_supported(const char *path) {
|
||||||
if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL)
|
if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL)
|
||||||
return false;
|
return false;
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "ID-mapping supported setattr failed for '%s' : %m", path);
|
return log_debug_errno(r, "Failed to set mount attribute to '%s', cannot determine if ID-mapping is supported: %m", path);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -3426,14 +3426,12 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = service_add_fd_store(s, fd, fdn, do_poll);
|
r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_unit_debug_errno(u, r,
|
log_unit_debug_errno(u, r,
|
||||||
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
|
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
TAKE_FD(fd);
|
|
||||||
} else if (streq(key, "extra-fd")) {
|
} else if (streq(key, "extra-fd")) {
|
||||||
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
|
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
|
||||||
_cleanup_close_ int fd = -EBADF;
|
_cleanup_close_ int fd = -EBADF;
|
||||||
|
|
|
@ -965,7 +965,9 @@ static int dump_list(int argc, char **argv, void *userdata) {
|
||||||
if (!arg_field && n_found <= 0) {
|
if (!arg_field && n_found <= 0) {
|
||||||
if (!arg_quiet)
|
if (!arg_quiet)
|
||||||
log_notice("No coredumps found.");
|
log_notice("No coredumps found.");
|
||||||
return -ESRCH;
|
|
||||||
|
if (!sd_json_format_enabled(arg_json_format_flags))
|
||||||
|
return -ESRCH;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -193,7 +193,7 @@ static int help(void) {
|
||||||
"\n%3$sSimple Enrollment:%4$s\n"
|
"\n%3$sSimple Enrollment:%4$s\n"
|
||||||
" --password Enroll a user-supplied password\n"
|
" --password Enroll a user-supplied password\n"
|
||||||
" --recovery-key Enroll a recovery key\n"
|
" --recovery-key Enroll a recovery key\n"
|
||||||
"\n%3$sPKCS11 Enrollment:%4$s\n"
|
"\n%3$sPKCS#11 Enrollment:%4$s\n"
|
||||||
" --pkcs11-token-uri=URI\n"
|
" --pkcs11-token-uri=URI\n"
|
||||||
" Specify PKCS#11 security token URI\n"
|
" Specify PKCS#11 security token URI\n"
|
||||||
"\n%3$sFIDO2 Enrollment:%4$s\n"
|
"\n%3$sFIDO2 Enrollment:%4$s\n"
|
||||||
|
|
|
@ -98,16 +98,11 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if HAVE_SYSV_COMPAT
|
else if (streq(key, "fastboot") && !value)
|
||||||
else if (streq(key, "fastboot") && !value) {
|
|
||||||
log_warning("Please pass 'fsck.mode=skip' rather than 'fastboot' on the kernel command line.");
|
|
||||||
arg_skip = true;
|
arg_skip = true;
|
||||||
|
|
||||||
} else if (streq(key, "forcefsck") && !value) {
|
else if (streq(key, "forcefsck") && !value)
|
||||||
log_warning("Please pass 'fsck.mode=force' rather than 'forcefsck' on the kernel command line.");
|
|
||||||
arg_force = true;
|
arg_force = true;
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -75,6 +75,10 @@ static int curl_glue_socket_callback(CURL *curl, curl_socket_t s, int action, vo
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Don't configure io event source anymore when the event loop is dead already. */
|
||||||
|
if (g->event && sd_event_get_state(g->event) == SD_EVENT_FINISHED)
|
||||||
|
return 0;
|
||||||
|
|
||||||
r = hashmap_ensure_allocated(&g->ios, &trivial_hash_ops);
|
r = hashmap_ensure_allocated(&g->ios, &trivial_hash_ops);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_oom();
|
log_oom();
|
||||||
|
|
|
@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
|
||||||
|
|
||||||
int pidfd = sd_varlink_get_peer_pidfd(v);
|
int pidfd = sd_varlink_get_peer_pidfd(v);
|
||||||
if (pidfd < 0) {
|
if (pidfd < 0) {
|
||||||
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd))
|
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
|
||||||
return pidfd;
|
return pidfd;
|
||||||
|
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
|
|
@ -101,18 +101,19 @@ static int help(int argc, char *argv[], void *userdata) {
|
||||||
" -j Same as --json=pretty on tty, --json=short otherwise\n"
|
" -j Same as --json=pretty on tty, --json=short otherwise\n"
|
||||||
" --append=PATH Load specified JSON signature, and append new signature to it\n"
|
" --append=PATH Load specified JSON signature, and append new signature to it\n"
|
||||||
"\n%3$sUKI PE Section Options:%4$s %3$sUKI PE Section%4$s\n"
|
"\n%3$sUKI PE Section Options:%4$s %3$sUKI PE Section%4$s\n"
|
||||||
" --linux=PATH Path to Linux kernel image file %7$s .linux\n"
|
" --linux=PATH Path to Linux kernel image file %7$s .linux\n"
|
||||||
" --osrel=PATH Path to os-release file %7$s .osrel\n"
|
" --osrel=PATH Path to os-release file %7$s .osrel\n"
|
||||||
" --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n"
|
" --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n"
|
||||||
" --initrd=PATH Path to initrd image file %7$s .initrd\n"
|
" --initrd=PATH Path to initrd image file %7$s .initrd\n"
|
||||||
" --ucode=PATH Path to microcode image file %7$s .ucode\n"
|
" --ucode=PATH Path to microcode image file %7$s .ucode\n"
|
||||||
" --splash=PATH Path to splash bitmap file %7$s .splash\n"
|
" --splash=PATH Path to splash bitmap file %7$s .splash\n"
|
||||||
" --dtb=PATH Path to DeviceTree file %7$s .dtb\n"
|
" --dtb=PATH Path to DeviceTree file %7$s .dtb\n"
|
||||||
" --uname=PATH Path to 'uname -r' file %7$s .uname\n"
|
" --dtbauto=PATH Path to DeviceTree file for auto selection %7$s .dtbauto\n"
|
||||||
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
|
" --uname=PATH Path to 'uname -r' file %7$s .uname\n"
|
||||||
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
|
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
|
||||||
" --profile=PATH Path to profile file %7$s .profile\n"
|
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
|
||||||
" --hwids=PATH Path to HWIDs file %7$s .hwids\n"
|
" --profile=PATH Path to profile file %7$s .profile\n"
|
||||||
|
" --hwids=PATH Path to HWIDs file %7$s .hwids\n"
|
||||||
"\nSee the %2$s for details.\n",
|
"\nSee the %2$s for details.\n",
|
||||||
program_invocation_short_name,
|
program_invocation_short_name,
|
||||||
link,
|
link,
|
||||||
|
|
|
@ -2280,10 +2280,9 @@ static int copy_devnode_one(const char *dest, const char *node, bool ignore_mkno
|
||||||
r = path_extract_directory(from, &parent);
|
r = path_extract_directory(from, &parent);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to extract directory from %s: %m", from);
|
return log_error_errno(r, "Failed to extract directory from %s: %m", from);
|
||||||
if (!path_equal(parent, "/dev/")) {
|
r = userns_mkdir(dest, parent, 0755, 0, 0);
|
||||||
if (userns_mkdir(dest, parent, 0755, 0, 0) < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to create directory %s: %m", parent);
|
return log_error_errno(r, "Failed to create directory %s: %m", parent);
|
||||||
}
|
|
||||||
|
|
||||||
if (mknod(to, st.st_mode, st.st_rdev) < 0) {
|
if (mknod(to, st.st_mode, st.st_rdev) < 0) {
|
||||||
r = -errno; /* Save the original error code. */
|
r = -errno; /* Save the original error code. */
|
||||||
|
@ -4654,7 +4653,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
|
||||||
|
|
||||||
ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
|
ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
|
||||||
if (!ucred || ucred->pid != inner_child_pid) {
|
if (!ucred || ucred->pid != inner_child_pid) {
|
||||||
log_debug("Received notify message without valid credentials. Ignoring.");
|
log_debug("Received notify message from process that is not the payload's PID 1. Ignoring.");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -36,14 +36,9 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
|
||||||
arg_skip = true;
|
arg_skip = true;
|
||||||
else
|
else
|
||||||
log_warning("Invalid quotacheck.mode= value, ignoring: %s", value);
|
log_warning("Invalid quotacheck.mode= value, ignoring: %s", value);
|
||||||
}
|
|
||||||
|
|
||||||
#if HAVE_SYSV_COMPAT
|
} else if (streq(key, "forcequotacheck") && !value)
|
||||||
else if (streq(key, "forcequotacheck") && !value) {
|
|
||||||
log_warning("Please use 'quotacheck.mode=force' rather than 'forcequotacheck' on the kernel command line. Proceeding anyway.");
|
|
||||||
arg_force = true;
|
arg_force = true;
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
|
||||||
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
||||||
|
|
||||||
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
||||||
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
|
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
|
||||||
|
|
||||||
/* Default to PCR 7 only */
|
/* Default to PCR 7 only */
|
||||||
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
||||||
|
|
|
@ -98,15 +98,17 @@ static int delete_dm(DeviceMapper *m) {
|
||||||
assert(major(m->devnum) != 0);
|
assert(major(m->devnum) != 0);
|
||||||
assert(m->path);
|
assert(m->path);
|
||||||
|
|
||||||
|
fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
|
||||||
|
if (fd < 0)
|
||||||
|
log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
|
||||||
|
else {
|
||||||
|
(void) sync_with_progress(fd);
|
||||||
|
fd = safe_close(fd);
|
||||||
|
}
|
||||||
|
|
||||||
fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC);
|
fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return -errno;
|
return log_debug_errno(errno, "Failed to open /dev/mapper/control: %m");
|
||||||
|
|
||||||
_cleanup_close_ int block_fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
|
|
||||||
if (block_fd < 0)
|
|
||||||
log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
|
|
||||||
else
|
|
||||||
(void) sync_with_progress(block_fd);
|
|
||||||
|
|
||||||
return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) {
|
return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) {
|
||||||
.version = {
|
.version = {
|
||||||
|
|
|
@ -211,10 +211,8 @@ static int sync_making_progress(unsigned long long *prev_dirty) {
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
errno = 0;
|
errno = 0;
|
||||||
if (sscanf(line, "%*s %llu %*s", &ull) != 1) {
|
if (sscanf(line, "%*s %llu %*s", &ull) != 1)
|
||||||
log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field, ignoring: %m");
|
return log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field: %m");
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
val += ull;
|
val += ull;
|
||||||
}
|
}
|
||||||
|
|
|
@ -467,7 +467,7 @@ class SignTool:
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def from_string(name) -> type['SignTool']:
|
def from_string(name: str) -> type['SignTool']:
|
||||||
if name == 'pesign':
|
if name == 'pesign':
|
||||||
return PeSign
|
return PeSign
|
||||||
elif name == 'sbsign':
|
elif name == 'sbsign':
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
#include "user-util.h"
|
#include "user-util.h"
|
||||||
#include "userdb.h"
|
#include "userdb.h"
|
||||||
#include "verbs.h"
|
#include "verbs.h"
|
||||||
|
#include "virt.h"
|
||||||
|
|
||||||
static enum {
|
static enum {
|
||||||
OUTPUT_CLASSIC,
|
OUTPUT_CLASSIC,
|
||||||
|
@ -139,10 +140,16 @@ static int show_user(UserRecord *ur, Table *table) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool test_show_mapped(void) {
|
||||||
|
/* Show mapped user range only in environments where user mapping is a thing. */
|
||||||
|
return running_in_userns() > 0;
|
||||||
|
}
|
||||||
|
|
||||||
static const struct {
|
static const struct {
|
||||||
uid_t first, last;
|
uid_t first, last;
|
||||||
const char *name;
|
const char *name;
|
||||||
UserDisposition disposition;
|
UserDisposition disposition;
|
||||||
|
bool (*test)(void);
|
||||||
} uid_range_table[] = {
|
} uid_range_table[] = {
|
||||||
{
|
{
|
||||||
.first = 1,
|
.first = 1,
|
||||||
|
@ -175,11 +182,12 @@ static const struct {
|
||||||
.last = MAP_UID_MAX,
|
.last = MAP_UID_MAX,
|
||||||
.name = "mapped",
|
.name = "mapped",
|
||||||
.disposition = USER_REGULAR,
|
.disposition = USER_REGULAR,
|
||||||
|
.test = test_show_mapped,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
int r;
|
int r, n_added = 0;
|
||||||
|
|
||||||
assert(table);
|
assert(table);
|
||||||
|
|
||||||
|
@ -192,6 +200,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if (i->test && !i->test())
|
||||||
|
continue;
|
||||||
|
|
||||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||||
" begin ", i->name, " users ",
|
" begin ", i->name, " users ",
|
||||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||||
|
@ -249,9 +260,11 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
|
|
||||||
|
n_added += 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ELEMENTSOF(uid_range_table) * 2;
|
return n_added;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
||||||
|
@ -565,16 +578,22 @@ static int show_group(GroupRecord *gr, Table *table) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||||
int r;
|
int r, n_added = 0;
|
||||||
|
|
||||||
assert(table);
|
assert(table);
|
||||||
|
|
||||||
FOREACH_ELEMENT(i, uid_range_table) {
|
FOREACH_ELEMENT(i, uid_range_table) {
|
||||||
_cleanup_free_ char *name = NULL, *comment = NULL;
|
_cleanup_free_ char *name = NULL, *comment = NULL;
|
||||||
|
|
||||||
|
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
|
||||||
|
continue;
|
||||||
|
|
||||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if (i->test && !i->test())
|
||||||
|
continue;
|
||||||
|
|
||||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||||
" begin ", i->name, " groups ",
|
" begin ", i->name, " groups ",
|
||||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||||
|
@ -626,9 +645,11 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||||
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
|
|
||||||
|
n_added += 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ELEMENTSOF(uid_range_table) * 2;
|
return n_added;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
integration_tests += [
|
integration_tests += [
|
||||||
integration_test_template + {
|
integration_test_template + {
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
|
'coredump-exclude-regex' : '/(bash|python3.[0-9]+|systemd-executor)$',
|
||||||
'cmdline' : integration_test_template['cmdline'] + [
|
'cmdline' : integration_test_template['cmdline'] + [
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@ integration_tests += [
|
||||||
integration_test_template + {
|
integration_test_template + {
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
'unit' : files('TEST-16-EXTEND-TIMEOUT.service'),
|
'unit' : files('TEST-16-EXTEND-TIMEOUT.service'),
|
||||||
'coredump-exclude-regex' : '/(bash|sleep),
|
'coredump-exclude-regex' : '/(bash|sleep)$',
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -4,5 +4,6 @@ integration_tests += [
|
||||||
integration_test_template + {
|
integration_test_template + {
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
'vm' : true,
|
'vm' : true,
|
||||||
|
'coredump-exclude-regex' : '/(sleep|udevadm)$',
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
|
@ -3,5 +3,6 @@
|
||||||
integration_tests += [
|
integration_tests += [
|
||||||
integration_test_template + {
|
integration_test_template + {
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
|
'coredump-exclude-regex' : '/(sleep|bash|systemd-notify)$',
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
|
@ -5,6 +5,7 @@ integration_tests += [
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
'storage': 'persistent',
|
'storage': 'persistent',
|
||||||
'vm' : true,
|
'vm' : true,
|
||||||
|
'coredump-exclude-regex' : '/(test-usr-dump|test-dump|bash)$',
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -1,19 +1,18 @@
|
||||||
#!/usr/bin/python3
|
#!/usr/bin/python3
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
|
||||||
'''Test wrapper command for driving integration tests.
|
"""Test wrapper command for driving integration tests."""
|
||||||
'''
|
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
|
import re
|
||||||
import shlex
|
import shlex
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
import textwrap
|
import textwrap
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
|
|
||||||
EMERGENCY_EXIT_DROPIN = """\
|
EMERGENCY_EXIT_DROPIN = """\
|
||||||
[Unit]
|
[Unit]
|
||||||
Wants=emergency-exit.service
|
Wants=emergency-exit.service
|
||||||
|
@ -34,7 +33,61 @@ ExecStart=false
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def dump_coredumps(args: argparse.Namespace, journal_file: Path) -> bool:
|
||||||
|
# Collect executable paths of all coredumps and filter out the expected ones.
|
||||||
|
# The following are excluded:
|
||||||
|
# sleep/bash - intentional SIGABRT caused by TEST-57
|
||||||
|
# systemd-notify - intermittent (and intentional) SIGABRT caused by TEST-59
|
||||||
|
# test-execute - intentional coredump in TEST-02
|
||||||
|
# test(-usr)?-dump - intentional coredumps from systemd-coredump tests in TEST-74
|
||||||
|
if args.coredump_exclude_regex:
|
||||||
|
exclude_regex = re.compile(args.coredump_exclude_regex)
|
||||||
|
else:
|
||||||
|
exclude_regex = None
|
||||||
|
|
||||||
|
coredumps = json.loads(
|
||||||
|
subprocess.run(
|
||||||
|
[
|
||||||
|
args.mkosi,
|
||||||
|
'--directory', os.fspath(args.meson_source_dir),
|
||||||
|
'--extra-search-path', os.fspath(args.meson_build_dir),
|
||||||
|
'sandbox',
|
||||||
|
'coredumpctl',
|
||||||
|
'--file', journal_file,
|
||||||
|
'--json=short',
|
||||||
|
],
|
||||||
|
check=True,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
text=True,
|
||||||
|
).stdout
|
||||||
|
) # fmt: skip
|
||||||
|
|
||||||
|
coredumps = [
|
||||||
|
coredump for coredump in coredumps if not exclude_regex or not exclude_regex.search(coredump['exe'])
|
||||||
|
]
|
||||||
|
|
||||||
|
if not coredumps:
|
||||||
|
return False
|
||||||
|
|
||||||
|
subprocess.run(
|
||||||
|
[
|
||||||
|
args.mkosi,
|
||||||
|
'--directory', os.fspath(args.meson_source_dir),
|
||||||
|
'--extra-search-path', os.fspath(args.meson_build_dir),
|
||||||
|
'sandbox',
|
||||||
|
'coredumpctl',
|
||||||
|
'--file', journal_file,
|
||||||
|
'--no-pager',
|
||||||
|
'info',
|
||||||
|
*(coredump['exe'] for coredump in coredumps),
|
||||||
|
],
|
||||||
|
check=True,
|
||||||
|
) # fmt: skip
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
|
|
||||||
|
def main() -> None:
|
||||||
parser = argparse.ArgumentParser(description=__doc__)
|
parser = argparse.ArgumentParser(description=__doc__)
|
||||||
parser.add_argument('--mkosi', required=True)
|
parser.add_argument('--mkosi', required=True)
|
||||||
parser.add_argument('--meson-source-dir', required=True, type=Path)
|
parser.add_argument('--meson-source-dir', required=True, type=Path)
|
||||||
|
@ -46,34 +99,44 @@ def main():
|
||||||
parser.add_argument('--slow', action=argparse.BooleanOptionalAction)
|
parser.add_argument('--slow', action=argparse.BooleanOptionalAction)
|
||||||
parser.add_argument('--vm', action=argparse.BooleanOptionalAction)
|
parser.add_argument('--vm', action=argparse.BooleanOptionalAction)
|
||||||
parser.add_argument('--exit-code', required=True, type=int)
|
parser.add_argument('--exit-code', required=True, type=int)
|
||||||
parser.add_argument('mkosi_args', nargs="*")
|
parser.add_argument('--coredump-exclude-regex', required=True)
|
||||||
|
parser.add_argument('mkosi_args', nargs='*')
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
if not bool(int(os.getenv("SYSTEMD_INTEGRATION_TESTS", "0"))):
|
if not bool(int(os.getenv('SYSTEMD_INTEGRATION_TESTS', '0'))):
|
||||||
print(f"SYSTEMD_INTEGRATION_TESTS=1 not found in environment, skipping {args.name}", file=sys.stderr)
|
print(
|
||||||
|
f'SYSTEMD_INTEGRATION_TESTS=1 not found in environment, skipping {args.name}',
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
exit(77)
|
exit(77)
|
||||||
|
|
||||||
if args.slow and not bool(int(os.getenv("SYSTEMD_SLOW_TESTS", "0"))):
|
if args.slow and not bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '0'))):
|
||||||
print(f"SYSTEMD_SLOW_TESTS=1 not found in environment, skipping {args.name}", file=sys.stderr)
|
print(
|
||||||
|
f'SYSTEMD_SLOW_TESTS=1 not found in environment, skipping {args.name}',
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
exit(77)
|
exit(77)
|
||||||
|
|
||||||
if args.vm and bool(int(os.getenv("TEST_NO_QEMU", "0"))):
|
if args.vm and bool(int(os.getenv('TEST_NO_QEMU', '0'))):
|
||||||
print(f"TEST_NO_QEMU=1, skipping {args.name}", file=sys.stderr)
|
print(f'TEST_NO_QEMU=1, skipping {args.name}', file=sys.stderr)
|
||||||
exit(77)
|
exit(77)
|
||||||
|
|
||||||
for s in os.getenv("TEST_SKIP", "").split():
|
for s in os.getenv('TEST_SKIP', '').split():
|
||||||
if s in args.name:
|
if s in args.name:
|
||||||
print(f"Skipping {args.name} due to TEST_SKIP", file=sys.stderr)
|
print(f'Skipping {args.name} due to TEST_SKIP', file=sys.stderr)
|
||||||
exit(77)
|
exit(77)
|
||||||
|
|
||||||
keep_journal = os.getenv("TEST_SAVE_JOURNAL", "fail")
|
keep_journal = os.getenv('TEST_SAVE_JOURNAL', 'fail')
|
||||||
shell = bool(int(os.getenv("TEST_SHELL", "0")))
|
shell = bool(int(os.getenv('TEST_SHELL', '0')))
|
||||||
|
|
||||||
if shell and not sys.stderr.isatty():
|
if shell and not sys.stderr.isatty():
|
||||||
print(f"--interactive must be passed to meson test to use TEST_SHELL=1", file=sys.stderr)
|
print(
|
||||||
|
'--interactive must be passed to meson test to use TEST_SHELL=1',
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
name = args.name + (f"-{i}" if (i := os.getenv("MESON_TEST_ITERATION")) else "")
|
name = args.name + (f'-{i}' if (i := os.getenv('MESON_TEST_ITERATION')) else '')
|
||||||
|
|
||||||
dropin = textwrap.dedent(
|
dropin = textwrap.dedent(
|
||||||
"""\
|
"""\
|
||||||
|
@ -84,14 +147,14 @@ def main():
|
||||||
|
|
||||||
if not shell:
|
if not shell:
|
||||||
dropin += textwrap.dedent(
|
dropin += textwrap.dedent(
|
||||||
f"""
|
"""
|
||||||
[Unit]
|
[Unit]
|
||||||
SuccessAction=exit
|
SuccessAction=exit
|
||||||
SuccessActionExitStatus=123
|
SuccessActionExitStatus=123
|
||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
|
|
||||||
if os.getenv("TEST_MATCH_SUBTEST"):
|
if os.getenv('TEST_MATCH_SUBTEST'):
|
||||||
dropin += textwrap.dedent(
|
dropin += textwrap.dedent(
|
||||||
f"""
|
f"""
|
||||||
[Service]
|
[Service]
|
||||||
|
@ -99,7 +162,7 @@ def main():
|
||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
|
|
||||||
if os.getenv("TEST_MATCH_TESTCASE"):
|
if os.getenv('TEST_MATCH_TESTCASE'):
|
||||||
dropin += textwrap.dedent(
|
dropin += textwrap.dedent(
|
||||||
f"""
|
f"""
|
||||||
[Service]
|
[Service]
|
||||||
|
@ -107,7 +170,9 @@ def main():
|
||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
|
|
||||||
journal_file = None
|
journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute()
|
||||||
|
journal_file.unlink(missing_ok=True)
|
||||||
|
|
||||||
if not sys.stderr.isatty():
|
if not sys.stderr.isatty():
|
||||||
dropin += textwrap.dedent(
|
dropin += textwrap.dedent(
|
||||||
"""
|
"""
|
||||||
|
@ -115,9 +180,6 @@ def main():
|
||||||
FailureAction=exit
|
FailureAction=exit
|
||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
|
|
||||||
journal_file = (args.meson_build_dir / (f"test/journal/{name}.journal")).absolute()
|
|
||||||
journal_file.unlink(missing_ok=True)
|
|
||||||
elif not shell:
|
elif not shell:
|
||||||
dropin += textwrap.dedent(
|
dropin += textwrap.dedent(
|
||||||
"""
|
"""
|
||||||
|
@ -136,87 +198,93 @@ def main():
|
||||||
*(['--forward-journal', journal_file] if journal_file else []),
|
*(['--forward-journal', journal_file] if journal_file else []),
|
||||||
*(
|
*(
|
||||||
[
|
[
|
||||||
'--credential',
|
'--credential', f'systemd.extra-unit.emergency-exit.service={shlex.quote(EMERGENCY_EXIT_SERVICE)}', # noqa: E501
|
||||||
f"systemd.extra-unit.emergency-exit.service={shlex.quote(EMERGENCY_EXIT_SERVICE)}",
|
'--credential', f'systemd.unit-dropin.emergency.target={shlex.quote(EMERGENCY_EXIT_DROPIN)}',
|
||||||
'--credential',
|
|
||||||
f"systemd.unit-dropin.emergency.target={shlex.quote(EMERGENCY_EXIT_DROPIN)}",
|
|
||||||
]
|
]
|
||||||
if not sys.stderr.isatty()
|
if not sys.stderr.isatty()
|
||||||
else []
|
else []
|
||||||
),
|
),
|
||||||
'--credential',
|
'--credential', f'systemd.unit-dropin.{args.unit}={shlex.quote(dropin)}',
|
||||||
f"systemd.unit-dropin.{args.unit}={shlex.quote(dropin)}",
|
|
||||||
'--runtime-network=none',
|
'--runtime-network=none',
|
||||||
'--runtime-scratch=no',
|
'--runtime-scratch=no',
|
||||||
*args.mkosi_args,
|
*args.mkosi_args,
|
||||||
'--qemu-firmware', args.firmware,
|
'--qemu-firmware',
|
||||||
*(['--qemu-kvm', 'no'] if int(os.getenv("TEST_NO_KVM", "0")) else []),
|
args.firmware,
|
||||||
|
*(['--qemu-kvm', 'no'] if int(os.getenv('TEST_NO_KVM', '0')) else []),
|
||||||
'--kernel-command-line-extra',
|
'--kernel-command-line-extra',
|
||||||
' '.join([
|
' '.join(
|
||||||
'systemd.hostname=H',
|
[
|
||||||
f"SYSTEMD_UNIT_PATH=/usr/lib/systemd/tests/testdata/{args.name}.units:/usr/lib/systemd/tests/testdata/units:",
|
'systemd.hostname=H',
|
||||||
*([f"systemd.unit={args.unit}"] if not shell else []),
|
f'SYSTEMD_UNIT_PATH=/usr/lib/systemd/tests/testdata/{args.name}.units:/usr/lib/systemd/tests/testdata/units:',
|
||||||
'systemd.mask=systemd-networkd-wait-online.service',
|
*([f'systemd.unit={args.unit}'] if not shell else []),
|
||||||
*(
|
'systemd.mask=systemd-networkd-wait-online.service',
|
||||||
[
|
*(
|
||||||
"systemd.mask=serial-getty@.service",
|
[
|
||||||
"systemd.show_status=error",
|
'systemd.mask=serial-getty@.service',
|
||||||
"systemd.crash_shell=0",
|
'systemd.show_status=error',
|
||||||
"systemd.crash_action=poweroff",
|
'systemd.crash_shell=0',
|
||||||
]
|
'systemd.crash_action=poweroff',
|
||||||
if not sys.stderr.isatty()
|
]
|
||||||
else []
|
if not sys.stderr.isatty()
|
||||||
),
|
else []
|
||||||
]),
|
),
|
||||||
|
]
|
||||||
|
),
|
||||||
'--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}",
|
'--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}",
|
||||||
*(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []),
|
*(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []),
|
||||||
'qemu' if args.vm or os.getuid() != 0 else 'boot',
|
'qemu' if args.vm or os.getuid() != 0 else 'boot',
|
||||||
]
|
] # fmt: skip
|
||||||
|
|
||||||
result = subprocess.run(cmd)
|
result = subprocess.run(cmd)
|
||||||
|
|
||||||
# On Debian/Ubuntu we get a lot of random QEMU crashes. Retry once, and then skip if it fails again.
|
# On Debian/Ubuntu we get a lot of random QEMU crashes. Retry once, and then skip if it fails again.
|
||||||
if args.vm and result.returncode == 247 and args.exit_code != 247:
|
if args.vm and result.returncode == 247 and args.exit_code != 247:
|
||||||
journal_file.unlink(missing_ok=True)
|
if journal_file:
|
||||||
|
journal_file.unlink(missing_ok=True)
|
||||||
result = subprocess.run(cmd)
|
result = subprocess.run(cmd)
|
||||||
if args.vm and result.returncode == 247 and args.exit_code != 247:
|
if args.vm and result.returncode == 247 and args.exit_code != 247:
|
||||||
print(f"Test {args.name} failed due to QEMU crash (error 247), ignoring", file=sys.stderr)
|
print(
|
||||||
|
f'Test {args.name} failed due to QEMU crash (error 247), ignoring',
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
exit(77)
|
exit(77)
|
||||||
|
|
||||||
if journal_file and (keep_journal == "0" or (result.returncode in (args.exit_code, 77) and keep_journal == "fail")):
|
coredumps = dump_coredumps(args, journal_file)
|
||||||
|
|
||||||
|
if keep_journal == '0' or (
|
||||||
|
keep_journal == 'fail' and result.returncode in (args.exit_code, 77) and not coredumps
|
||||||
|
):
|
||||||
journal_file.unlink(missing_ok=True)
|
journal_file.unlink(missing_ok=True)
|
||||||
|
|
||||||
if shell or result.returncode in (args.exit_code, 77):
|
if shell or (result.returncode in (args.exit_code, 77) and not coredumps):
|
||||||
exit(0 if shell or result.returncode == args.exit_code else 77)
|
exit(0 if shell or result.returncode == args.exit_code else 77)
|
||||||
|
|
||||||
if journal_file:
|
ops = []
|
||||||
ops = []
|
|
||||||
|
|
||||||
if os.getenv("GITHUB_ACTIONS"):
|
if os.getenv('GITHUB_ACTIONS'):
|
||||||
id = os.environ["GITHUB_RUN_ID"]
|
id = os.environ['GITHUB_RUN_ID']
|
||||||
iteration = os.environ["GITHUB_RUN_ATTEMPT"]
|
iteration = os.environ['GITHUB_RUN_ATTEMPT']
|
||||||
j = json.loads(
|
j = json.loads(
|
||||||
subprocess.run(
|
subprocess.run(
|
||||||
[
|
[
|
||||||
args.mkosi,
|
args.mkosi,
|
||||||
"--directory", os.fspath(args.meson_source_dir),
|
'--directory', os.fspath(args.meson_source_dir),
|
||||||
"--json",
|
'--json',
|
||||||
"summary",
|
'summary',
|
||||||
],
|
],
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
text=True,
|
text=True,
|
||||||
).stdout
|
).stdout
|
||||||
)
|
) # fmt: skip
|
||||||
distribution = j["Images"][-1]["Distribution"]
|
distribution = j['Images'][-1]['Distribution']
|
||||||
release = j["Images"][-1]["Release"]
|
release = j['Images'][-1]['Release']
|
||||||
artifact = f"ci-mkosi-{id}-{iteration}-{distribution}-{release}-failed-test-journals"
|
artifact = f'ci-mkosi-{id}-{iteration}-{distribution}-{release}-failed-test-journals'
|
||||||
ops += [f"gh run download {id} --name {artifact} -D ci/{artifact}"]
|
ops += [f'gh run download {id} --name {artifact} -D ci/{artifact}']
|
||||||
journal_file = Path(f"ci/{artifact}/test/journal/{name}.journal")
|
journal_file = Path(f'ci/{artifact}/test/journal/{name}.journal')
|
||||||
|
|
||||||
ops += [f"journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info"]
|
ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info']
|
||||||
|
|
||||||
print("Test failed, relevant logs can be viewed with: \n\n"
|
print("Test failed, relevant logs can be viewed with: \n\n" f"{(' && '.join(ops))}\n", file=sys.stderr)
|
||||||
f"{(' && '.join(ops))}\n", file=sys.stderr)
|
|
||||||
|
|
||||||
# 0 also means we failed so translate that to a non-zero exit code to mark the test as failed.
|
# 0 also means we failed so translate that to a non-zero exit code to mark the test as failed.
|
||||||
exit(result.returncode or 1)
|
exit(result.returncode or 1)
|
||||||
|
|
|
@ -297,6 +297,7 @@ integration_test_template = {
|
||||||
'qemu-args' : [],
|
'qemu-args' : [],
|
||||||
'exit-code' : 123,
|
'exit-code' : 123,
|
||||||
'vm' : false,
|
'vm' : false,
|
||||||
|
'coredump-exclude-regex' : '',
|
||||||
}
|
}
|
||||||
testdata_subdirs = [
|
testdata_subdirs = [
|
||||||
'auxv',
|
'auxv',
|
||||||
|
@ -391,6 +392,7 @@ foreach integration_test : integration_tests
|
||||||
'--storage', integration_test['storage'],
|
'--storage', integration_test['storage'],
|
||||||
'--firmware', integration_test['firmware'],
|
'--firmware', integration_test['firmware'],
|
||||||
'--exit-code', integration_test['exit-code'].to_string(),
|
'--exit-code', integration_test['exit-code'].to_string(),
|
||||||
|
'--coredump-exclude-regex', integration_test['coredump-exclude-regex'],
|
||||||
]
|
]
|
||||||
|
|
||||||
if 'unit' in integration_test
|
if 'unit' in integration_test
|
||||||
|
|
|
@ -960,10 +960,13 @@ exec $(systemctl cat systemd-networkd.service | sed -n '/^ExecStart=/ {{ s/^.*=/
|
||||||
|
|
||||||
# wait until devices got created
|
# wait until devices got created
|
||||||
for _ in range(50):
|
for _ in range(50):
|
||||||
out = subprocess.check_output(['ip', 'a', 'show', 'dev', self.if_router])
|
if subprocess.run(['ip', 'link', 'show', 'dev', self.if_router],
|
||||||
if b'state UP' in out and b'scope global' in out:
|
stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL).returncode == 0:
|
||||||
break
|
break
|
||||||
time.sleep(0.1)
|
time.sleep(0.1)
|
||||||
|
else:
|
||||||
|
subprocess.call(['ip', 'link', 'show', 'dev', self.if_router])
|
||||||
|
self.fail('Timed out waiting for {ifr} created.'.format(ifr=self.if_router))
|
||||||
|
|
||||||
def shutdown_iface(self):
|
def shutdown_iface(self):
|
||||||
'''Remove test interface and stop DHCP server'''
|
'''Remove test interface and stop DHCP server'''
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
{% if LINK_SHELL_EXTRA_DROPIN %}
|
{% if LINK_SHELL_EXTRA_DROPIN %}
|
||||||
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
{% if LINK_SSH_PROXY_DROPIN %}
|
{% if LINK_SSH_PROXY_DROPIN %}
|
||||||
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Copy systemd-stub provided metadata such as PCR signature and public key file
|
# Copy systemd-stub provided metadata such as PCR signature and public key file
|
||||||
# from initrd into /run/, so that it will survive the initrd stage
|
# from initrd into /run/, so that it will survive the initrd stage
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
{% if LINK_SSHD_USERDB_DROPIN %}
|
{% if LINK_SSHD_USERDB_DROPIN %}
|
||||||
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf
|
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
d /etc/credstore 0700 root root
|
d /etc/credstore 0700 root root
|
||||||
d /etc/credstore.encrypted 0700 root root
|
d /etc/credstore.encrypted 0700 root root
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
L /etc/os-release - - - - ../usr/lib/os-release
|
L /etc/os-release - - - - ../usr/lib/os-release
|
||||||
L+ /etc/mtab - - - - ../proc/self/mounts
|
L+ /etc/mtab - - - - ../proc/self/mounts
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
Q /home 0755 - - -
|
Q /home 0755 - - -
|
||||||
q /srv 0755 - - -
|
q /srv 0755 - - -
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Set the NOCOW attribute for directories of journal files. This flag
|
# Set the NOCOW attribute for directories of journal files. This flag
|
||||||
# is inherited by their new files and sub-directories. Matters only
|
# is inherited by their new files and sub-directories. Matters only
|
||||||
|
|
|
@ -5,26 +5,28 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# These files are considered legacy and are unnecessary on legacy-free
|
# The functionality provided by these files and directories has been replaced
|
||||||
# systems.
|
# by newer interfaces. Their use is discouraged on legacy-free systems. This
|
||||||
|
# configuration is provided to maintain backward compatibility.
|
||||||
|
|
||||||
d /run/lock 0755 root root -
|
d /run/lock 0755 root root -
|
||||||
L /var/lock - - - - ../run/lock
|
L /var/lock - - - - ../run/lock
|
||||||
|
|
||||||
|
{% if HAVE_SYSV_COMPAT %}
|
||||||
{% if CREATE_LOG_DIRS %}
|
{% if CREATE_LOG_DIRS %}
|
||||||
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# /run/lock/subsys is used for serializing SysV service execution, and
|
# /run/lock/subsys is used for serializing SysV service execution, and
|
||||||
# hence without use on SysV-less systems.
|
# hence without use on SysV-less systems.
|
||||||
|
|
||||||
d /run/lock/subsys 0755 root root -
|
d /run/lock/subsys 0755 root root -
|
||||||
|
|
||||||
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
|
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
|
||||||
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
|
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
|
||||||
# 'quotacheck.mode=force'
|
# 'quotacheck.mode=force'
|
||||||
|
|
||||||
r! /forcefsck
|
r! /forcefsck
|
||||||
r! /fastboot
|
r! /fastboot
|
||||||
r! /forcequotacheck
|
r! /forcequotacheck
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -35,7 +35,7 @@ in_files = [
|
||||||
['20-systemd-stub.conf', 'ENABLE_EFI'],
|
['20-systemd-stub.conf', 'ENABLE_EFI'],
|
||||||
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
|
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
|
||||||
['etc.conf'],
|
['etc.conf'],
|
||||||
['legacy.conf', 'HAVE_SYSV_COMPAT'],
|
['legacy.conf'],
|
||||||
['static-nodes-permissions.conf'],
|
['static-nodes-permissions.conf'],
|
||||||
['systemd.conf'],
|
['systemd.conf'],
|
||||||
['var.conf'],
|
['var.conf'],
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
Q /var/lib/portables 0700
|
Q /var/lib/portables 0700
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Provision additional login messages from credentials, if they are set. Note
|
# Provision additional login messages from credentials, if they are set. Note
|
||||||
# that these lines are NOPs if the credentials are not set or if the files
|
# that these lines are NOPs if the credentials are not set or if the files
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
d$ /run/systemd/netif 0755 systemd-network systemd-network -
|
d$ /run/systemd/netif 0755 systemd-network systemd-network -
|
||||||
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -
|
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
Q /var/lib/machines 0700 - - -
|
Q /var/lib/machines 0700 - - -
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,6 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Exclude namespace mountpoints created with PrivateTmp=yes
|
# Exclude namespace mountpoints created with PrivateTmp=yes
|
||||||
x /tmp/systemd-private-%b-*
|
x /tmp/systemd-private-%b-*
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
d /run/user 0755 root root -
|
d /run/user 0755 root root -
|
||||||
{% if ENABLE_UTMP %}
|
{% if ENABLE_UTMP %}
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Clear tmp directories separately, to make them easier to override
|
# Clear tmp directories separately, to make them easier to override
|
||||||
q /tmp 1777 root root 10d
|
q /tmp 1777 root root 10d
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
q /var 0755 - - -
|
q /var 0755 - - -
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Make sure these are created by default so that nobody else can
|
# Make sure these are created by default so that nobody else can
|
||||||
# or empty them at startup
|
# or empty them at startup
|
||||||
|
|
Loading…
Reference in New Issue