Compare commits

...

12 Commits

Author SHA1 Message Date
Daan De Meyer 61dbcae179 home: Prompt for auxiliary groups in homectl firstboot 2024-09-17 20:48:36 +02:00
Daan De Meyer 8be0135d40 Move show_menu() to terminal-utl.h 2024-09-17 20:48:21 +02:00
Michael Ferrari 91ea3dcf35 homed: wait for user input during firstboot
This mirrors the behavior of `systemd-firstboot` and allows bootup
messages to settle down before user input is actually processed.

See: https://github.com/systemd/systemd/issues/34448
2024-09-18 03:21:11 +09:00
PavlNekrasov d80a9042ca
Use correct error code in log message in output_waiting_jobs (#34404)
The error code `r` from the read function is being logged, but the error code `rc` from the table data insertion function should be logged instead.
2024-09-17 19:17:21 +09:00
Yu Watanabe a7afe5a3e7
Merge pull request #34443 from yuwata/network-sysctl-monitor-follow-ups
network/sysctl-monitor: several follow-ups and cleanups
2024-09-17 19:15:12 +09:00
Yu Watanabe 4d6ad22f8d network: drop unnecessary BPF related objects from Manager when disabled 2024-09-17 15:00:06 +09:00
Yu Watanabe 099ee34ca1 network/sysctl-monitor: do not allocate sysctl_shadow when eBPF is not supported
When eBPF is disabled, the hashmap will be never used. Let's not
allocate it.
2024-09-17 14:53:29 +09:00
Yu Watanabe a2fbe9f3f9 network/sysctl-monitor: fix use-after-free
Previously, manager_free() did not assign NULL to Manager.sysctl_shadow,
hence sysctl_clear_link_shadows() called by link_free() will causes
use-after-free. To fix the issue, this makes Manager.sysctl_shadow will be
set to NULL after it is freed,

Fixes a bug introduced by 6d9ef22acd.
2024-09-16 15:12:47 +09:00
Yu Watanabe 7c778cecdb network/sysctl: several cleanups for sysctl_add_monitor()
- rename rootcg -> root_cgroup_fd, to emphasize it is a fd,
- drop nested function call, and check error code.
2024-09-16 14:36:54 +09:00
Yu Watanabe 46718d344f bpf-link: introduce bpf_ring_buffer_free() and friends
Then, replace rb_free() in networkd.

Follow-up for 6d9ef22acd.
2024-09-16 14:36:54 +09:00
Yu Watanabe 9295c7ae09 network/sysctl: use wrapped free functions
No functional change, just refactoring.

Follow-up for 6d9ef22acd.
2024-09-16 14:36:54 +09:00
Yu Watanabe 41afafbf2a network/sysctl-monitor: fix sanity check in cut_last()
This also adds basic comment about the return code.

Follow-up for 6d9ef22acd.
2024-09-16 14:36:54 +09:00
14 changed files with 253 additions and 134 deletions

View File

@ -29,6 +29,7 @@
#include "fd-util.h" #include "fd-util.h"
#include "fileio.h" #include "fileio.h"
#include "fs-util.h" #include "fs-util.h"
#include "glyph-util.h"
#include "hexdecoct.h" #include "hexdecoct.h"
#include "inotify-util.h" #include "inotify-util.h"
#include "io-util.h" #include "io-util.h"
@ -255,6 +256,71 @@ int ask_string(char **ret, const char *text, ...) {
return 0; return 0;
} }
bool any_key_to_proceed(void) {
char key = 0;
bool need_nl = true;
/*
* Insert a new line here as well as to when the user inputs, as this is also used during the
* boot up sequence when status messages may be interleaved with the current program output.
* This ensures that the status messages aren't appended on the same line as this message.
*/
puts("-- Press any key to proceed --");
(void) read_one_char(stdin, &key, USEC_INFINITY, &need_nl);
if (need_nl)
putchar('\n');
return key != 'q';
}
int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage) {
unsigned break_lines, break_modulo;
size_t n, per_column, i, j;
assert(n_columns > 0);
n = strv_length(x);
per_column = DIV_ROUND_UP(n, n_columns);
break_lines = lines();
if (break_lines > 2)
break_lines--;
/* The first page gets two extra lines, since we want to show
* a title */
break_modulo = break_lines;
if (break_modulo > 3)
break_modulo -= 3;
for (i = 0; i < per_column; i++) {
for (j = 0; j < n_columns; j++) {
_cleanup_free_ char *e = NULL;
if (j * per_column + i >= n)
break;
e = ellipsize(x[j * per_column + i], width, percentage);
if (!e)
return log_oom();
printf("%4zu) %-*s", j * per_column + i + 1, (int) width, e);
}
putchar('\n');
/* on the first screen we reserve 2 extra lines for the title */
if (i % break_lines == break_modulo) {
if (!any_key_to_proceed())
return 0;
}
}
return 0;
}
int open_terminal(const char *name, int mode) { int open_terminal(const char *name, int mode) {
_cleanup_close_ int fd = -EBADF; _cleanup_close_ int fd = -EBADF;
unsigned c = 0; unsigned c = 0;

View File

@ -78,6 +78,8 @@ int chvt(int vt);
int read_one_char(FILE *f, char *ret, usec_t timeout, bool *need_nl); int read_one_char(FILE *f, char *ret, usec_t timeout, bool *need_nl);
int ask_char(char *ret, const char *replies, const char *text, ...) _printf_(3, 4); int ask_char(char *ret, const char *replies, const char *text, ...) _printf_(3, 4);
int ask_string(char **ret, const char *text, ...) _printf_(2, 3); int ask_string(char **ret, const char *text, ...) _printf_(2, 3);
bool any_key_to_proceed(void);
int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage);
int vt_disallocate(const char *name); int vt_disallocate(const char *name);

View File

@ -93,20 +93,6 @@ STATIC_DESTRUCTOR_REGISTER(arg_root_shell, freep);
STATIC_DESTRUCTOR_REGISTER(arg_kernel_cmdline, freep); STATIC_DESTRUCTOR_REGISTER(arg_kernel_cmdline, freep);
STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
static bool press_any_key(void) {
char k = 0;
bool need_nl = true;
puts("-- Press any key to proceed --");
(void) read_one_char(stdin, &k, USEC_INFINITY, &need_nl);
if (need_nl)
putchar('\n');
return k != 'q';
}
static void print_welcome(int rfd) { static void print_welcome(int rfd) {
_cleanup_free_ char *pretty_name = NULL, *os_name = NULL, *ansi_color = NULL; _cleanup_free_ char *pretty_name = NULL, *os_name = NULL, *ansi_color = NULL;
static bool done = false; static bool done = false;
@ -141,57 +127,11 @@ static void print_welcome(int rfd) {
printf("\nPlease configure your system!\n\n"); printf("\nPlease configure your system!\n\n");
press_any_key(); any_key_to_proceed();
done = true; done = true;
} }
static int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage) {
unsigned break_lines, break_modulo;
size_t n, per_column, i, j;
assert(n_columns > 0);
n = strv_length(x);
per_column = DIV_ROUND_UP(n, n_columns);
break_lines = lines();
if (break_lines > 2)
break_lines--;
/* The first page gets two extra lines, since we want to show
* a title */
break_modulo = break_lines;
if (break_modulo > 3)
break_modulo -= 3;
for (i = 0; i < per_column; i++) {
for (j = 0; j < n_columns; j++) {
_cleanup_free_ char *e = NULL;
if (j * per_column + i >= n)
break;
e = ellipsize(x[j * per_column + i], width, percentage);
if (!e)
return log_oom();
printf("%4zu) %-*s", j * per_column + i + 1, (int) width, e);
}
putchar('\n');
/* on the first screen we reserve 2 extra lines for the title */
if (i % break_lines == break_modulo) {
if (!press_any_key())
return 0;
}
}
return 0;
}
static int prompt_loop(const char *text, char **l, unsigned percentage, bool (*is_valid)(const char *name), char **ret) { static int prompt_loop(const char *text, char **l, unsigned percentage, bool (*is_valid)(const char *name), char **ret) {
int r; int r;

View File

@ -2434,6 +2434,8 @@ static int create_interactively(void) {
return 0; return 0;
} }
any_key_to_proceed();
r = acquire_bus(&bus); r = acquire_bus(&bus);
if (r < 0) if (r < 0)
return r; return r;
@ -2461,7 +2463,7 @@ static int create_interactively(void) {
continue; continue;
} }
r = userdb_by_name(username, USERDB_SUPPRESS_SHADOW, /* ret= */ NULL); r = userdb_by_name(username, USERDB_SUPPRESS_SHADOW|USERDB_EXCLUDE_DYNAMIC_USER, /* ret= */ NULL);
if (r == -ESRCH) if (r == -ESRCH)
break; break;
if (r < 0) if (r < 0)
@ -2474,6 +2476,109 @@ static int create_interactively(void) {
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to set userName field: %m"); return log_error_errno(r, "Failed to set userName field: %m");
_cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL;
_cleanup_strv_free_ char **available = NULL, **groups = NULL;
r = groupdb_all(USERDB_SUPPRESS_SHADOW|USERDB_EXCLUDE_DYNAMIC_USER, &iterator);
if (r == -ENOLINK)
log_debug_errno(r, "No entries found. (Didn't check via Varlink.)");
else if (r == -ESRCH)
log_debug_errno(r, "No entries found.");
else if (r < 0)
return log_error_errno(r, "Failed to enumerate groups: %m");
else {
for (;;) {
_cleanup_(group_record_unrefp) GroupRecord *gr = NULL;
r = groupdb_iterator_get(iterator, &gr);
if (r == -ESRCH)
break;
if (r < 0)
return log_error_errno(r, "Failed acquire next group: %m");
if (!IN_SET(group_record_disposition(gr), USER_REGULAR, USER_SYSTEM))
continue;
if (group_record_disposition(gr) == USER_REGULAR) {
_cleanup_(user_record_unrefp) UserRecord *ur = NULL;
r = userdb_by_name(gr->group_name, USERDB_SUPPRESS_SHADOW|USERDB_EXCLUDE_DYNAMIC_USER, &ur);
if (r < 0 && r != -ESRCH)
return log_error_errno(r, "Failed to check if matching user exists for group '%s': %m", gr->group_name);
if (r >= 0 && user_record_disposition(ur) == USER_REGULAR)
continue;
}
r = strv_extend(&available, gr->group_name);
if (r < 0)
return log_oom();
}
}
for (;;) {
_cleanup_free_ char *s = NULL;
unsigned u;
r = ask_string(&s,
"%s Please enter an auxiliary group for user %s (empty to continue, \"list\" to list available groups): ",
special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), username);
if (r < 0)
return log_error_errno(r, "Failed to query user for auxiliary group: %m");
if (isempty(s))
break;
if (streq(s, "list")) {
r = show_menu(available, /*n_columns=*/ 3, /*width=*/ 20, /*percentage=*/ 60);
if (r < 0)
return r;
putchar('\n');
continue;
};
r = safe_atou(s, &u);
if (r >= 0) {
if (u <= 0 || u > strv_length(available)) {
log_error("Specified entry number out of range.");
continue;
}
log_info("Selected '%s'.", available[u-1]);
r = strv_extend(&groups, available[u-1]);
if (r < 0)
return log_oom();
continue;
}
if (!valid_user_group_name(s, /* flags= */ 0)) {
log_notice("Specified group name is not a valid UNIX group name, try again: %s", s);
continue;
}
r = groupdb_by_name(s, USERDB_SUPPRESS_SHADOW|USERDB_EXCLUDE_DYNAMIC_USER, /*ret=*/ NULL);
if (r == -ESRCH) {
log_notice("Specified auxiliary group does not exist, try again: %s", s);
continue;
}
if (r < 0)
return log_error_errno(r, "Failed to check if specified group '%s' already exists: %m", s);
r = strv_extend(&groups, s);
if (r < 0)
return log_oom();
}
if (groups) {
r = sd_json_variant_set_field_strv(&arg_identity_extra, "memberOf", groups);
if (r < 0)
return log_error_errno(r, "Failed to set memberOf field: %m");
}
return create_home_common(/* input= */ NULL); return create_home_common(/* input= */ NULL);
} }

View File

@ -36,23 +36,22 @@ struct str {
static long cut_last(u32 i, struct str *str) { static long cut_last(u32 i, struct str *str) {
char *s; char *s;
/* Sanity check for the preverifier */
if (i >= str->l)
return 1; /* exit from the loop */
i = str->l - i - 1; i = str->l - i - 1;
s = str->s + i; s = str->s + i;
/* Sanity check for the preverifier */
if (i >= str->l)
return 1;
if (*s == 0) if (*s == 0)
return 0; return 0; /* continue */
if (*s == '\n' || *s == '\r' || *s == ' ' || *s == '\t') { if (*s == '\n' || *s == '\r' || *s == ' ' || *s == '\t') {
*s = 0; *s = 0;
return 0; /* continue */
return 0;
} }
return 1; return 1; /* exit from the loop */
} }
/* Cut off trailing whitespace and newlines */ /* Cut off trailing whitespace and newlines */

View File

@ -221,7 +221,7 @@ int link_set_ipv6ll_stable_secret(Link *link) {
} }
return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret", return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret",
IN6_ADDR_TO_STRING(&a), &link->manager->sysctl_shadow); IN6_ADDR_TO_STRING(&a), manager_get_sysctl_shadow(link->manager));
} }
int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) { int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
@ -232,7 +232,7 @@ int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
if (mode == link->ipv6ll_address_gen_mode) if (mode == link->ipv6ll_address_gen_mode)
return 0; return 0;
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, &link->manager->sysctl_shadow); return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, manager_get_sysctl_shadow(link->manager));
} }
static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = { static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = {

View File

@ -604,7 +604,9 @@ int manager_new(Manager **ret, bool test_mode) {
.duid_product_uuid.type = DUID_TYPE_UUID, .duid_product_uuid.type = DUID_TYPE_UUID,
.dhcp_server_persist_leases = true, .dhcp_server_persist_leases = true,
.ip_forwarding = { -1, -1, }, .ip_forwarding = { -1, -1, },
#if HAVE_VMLINUX_H
.cgroup_fd = -EBADF, .cgroup_fd = -EBADF,
#endif
}; };
*ret = TAKE_PTR(m); *ret = TAKE_PTR(m);
@ -624,8 +626,6 @@ Manager* manager_free(Manager *m) {
HASHMAP_FOREACH(link, m->links_by_index) HASHMAP_FOREACH(link, m->links_by_index)
(void) link_stop_engines(link, true); (void) link_stop_engines(link, true);
hashmap_free(m->sysctl_shadow);
m->request_queue = ordered_set_free(m->request_queue); m->request_queue = ordered_set_free(m->request_queue);
m->remove_request_queue = ordered_set_free(m->remove_request_queue); m->remove_request_queue = ordered_set_free(m->remove_request_queue);

View File

@ -122,12 +122,14 @@ struct Manager {
/* sysctl */ /* sysctl */
int ip_forwarding[2]; int ip_forwarding[2];
#if HAVE_VMLINUX_H
Hashmap *sysctl_shadow; Hashmap *sysctl_shadow;
sd_event_source *sysctl_event_source; sd_event_source *sysctl_event_source;
struct ring_buffer *sysctl_buffer; struct ring_buffer *sysctl_buffer;
struct sysctl_monitor_bpf *sysctl_skel; struct sysctl_monitor_bpf *sysctl_skel;
struct bpf_link *sysctl_link; struct bpf_link *sysctl_link;
int cgroup_fd; int cgroup_fd;
#endif
}; };
int manager_new(Manager **ret, bool test_mode); int manager_new(Manager **ret, bool test_mode);
@ -150,4 +152,12 @@ int manager_set_timezone(Manager *m, const char *timezone);
int manager_reload(Manager *m, sd_bus_message *message); int manager_reload(Manager *m, sd_bus_message *message);
static inline Hashmap** manager_get_sysctl_shadow(Manager *manager) {
#if HAVE_VMLINUX_H
return &ASSERT_PTR(manager)->sysctl_shadow;
#else
return NULL;
#endif
}
DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);

View File

@ -987,7 +987,7 @@ static int ndisc_router_process_reachable_time(Link *link, sd_ndisc_router *rt)
} }
/* Set the reachable time for Neighbor Solicitations. */ /* Set the reachable time for Neighbor Solicitations. */
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow); r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec); log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec);
@ -1021,7 +1021,7 @@ static int ndisc_router_process_retransmission_time(Link *link, sd_ndisc_router
} }
/* Set the retransmission time for Neighbor Solicitations. */ /* Set the retransmission time for Neighbor Solicitations. */
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow); r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec); log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec);
@ -1057,7 +1057,7 @@ static int ndisc_router_process_hop_limit(Link *link, sd_ndisc_router *rt) {
if (hop_limit <= 0) if (hop_limit <= 0)
return 0; return 0;
r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, &link->manager->sysctl_shadow); r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit); log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit);

View File

@ -34,13 +34,7 @@ static struct sysctl_monitor_bpf* sysctl_monitor_bpf_free(struct sysctl_monitor_
return NULL; return NULL;
} }
static struct ring_buffer* rb_free(struct ring_buffer *rb) {
sym_ring_buffer__free(rb);
return NULL;
}
DEFINE_TRIVIAL_CLEANUP_FUNC(struct sysctl_monitor_bpf *, sysctl_monitor_bpf_free); DEFINE_TRIVIAL_CLEANUP_FUNC(struct sysctl_monitor_bpf *, sysctl_monitor_bpf_free);
DEFINE_TRIVIAL_CLEANUP_FUNC(struct ring_buffer *, rb_free);
static int sysctl_event_handler(void *ctx, void *data, size_t data_sz) { static int sysctl_event_handler(void *ctx, void *data, size_t data_sz) {
struct sysctl_write_event *we = ASSERT_PTR(data); struct sysctl_write_event *we = ASSERT_PTR(data);
@ -99,10 +93,10 @@ static int on_ringbuf_io(sd_event_source *s, int fd, uint32_t revents, void *use
int sysctl_add_monitor(Manager *manager) { int sysctl_add_monitor(Manager *manager) {
_cleanup_(sysctl_monitor_bpf_freep) struct sysctl_monitor_bpf *obj = NULL; _cleanup_(sysctl_monitor_bpf_freep) struct sysctl_monitor_bpf *obj = NULL;
_cleanup_(bpf_link_freep) struct bpf_link *sysctl_link = NULL; _cleanup_(bpf_link_freep) struct bpf_link *sysctl_link = NULL;
_cleanup_(rb_freep) struct ring_buffer *sysctl_buffer = NULL; _cleanup_(bpf_ring_buffer_freep) struct ring_buffer *sysctl_buffer = NULL;
_cleanup_close_ int cgroup_fd = -EBADF, rootcg = -EBADF; _cleanup_close_ int cgroup_fd = -EBADF, root_cgroup_fd = -EBADF;
_cleanup_free_ char *cgroup = NULL; _cleanup_free_ char *cgroup = NULL;
int idx = 0, r; int idx = 0, r, fd;
assert(manager); assert(manager);
@ -116,9 +110,9 @@ int sysctl_add_monitor(Manager *manager) {
if (r < 0) if (r < 0)
return log_warning_errno(r, "Failed to get cgroup path, ignoring: %m."); return log_warning_errno(r, "Failed to get cgroup path, ignoring: %m.");
rootcg = cg_path_open(SYSTEMD_CGROUP_CONTROLLER, "/"); root_cgroup_fd = cg_path_open(SYSTEMD_CGROUP_CONTROLLER, "/");
if (rootcg < 0) if (root_cgroup_fd < 0)
return log_warning_errno(rootcg, "Failed to open cgroup, ignoring: %m."); return log_warning_errno(root_cgroup_fd, "Failed to open cgroup, ignoring: %m.");
obj = sysctl_monitor_bpf__open_and_load(); obj = sysctl_monitor_bpf__open_and_load();
if (!obj) { if (!obj) {
@ -133,21 +127,27 @@ int sysctl_add_monitor(Manager *manager) {
if (sym_bpf_map_update_elem(sym_bpf_map__fd(obj->maps.cgroup_map), &idx, &cgroup_fd, BPF_ANY)) if (sym_bpf_map_update_elem(sym_bpf_map__fd(obj->maps.cgroup_map), &idx, &cgroup_fd, BPF_ANY))
return log_warning_errno(errno, "Failed to update cgroup map: %m"); return log_warning_errno(errno, "Failed to update cgroup map: %m");
sysctl_link = sym_bpf_program__attach_cgroup(obj->progs.sysctl_monitor, rootcg); sysctl_link = sym_bpf_program__attach_cgroup(obj->progs.sysctl_monitor, root_cgroup_fd);
r = bpf_get_error_translated(sysctl_link); r = bpf_get_error_translated(sysctl_link);
if (r < 0) { if (r < 0) {
log_info_errno(r, "Unable to attach sysctl monitor BPF program to cgroup, ignoring: %m."); log_info_errno(r, "Unable to attach sysctl monitor BPF program to cgroup, ignoring: %m.");
return 0; return 0;
} }
sysctl_buffer = sym_ring_buffer__new( fd = sym_bpf_map__fd(obj->maps.written_sysctls);
sym_bpf_map__fd(obj->maps.written_sysctls), if (fd < 0)
sysctl_event_handler, &manager->sysctl_shadow, NULL); return log_warning_errno(fd, "Failed to get fd of sysctl maps: %m");
sysctl_buffer = sym_ring_buffer__new(fd, sysctl_event_handler, &manager->sysctl_shadow, NULL);
if (!sysctl_buffer) if (!sysctl_buffer)
return log_warning_errno(errno, "Failed to create ring buffer: %m"); return log_warning_errno(errno, "Failed to create ring buffer: %m");
fd = sym_ring_buffer__epoll_fd(sysctl_buffer);
if (fd < 0)
return log_warning_errno(fd, "Failed to get poll fd of ring buffer: %m");
r = sd_event_add_io(manager->event, &manager->sysctl_event_source, r = sd_event_add_io(manager->event, &manager->sysctl_event_source,
sym_ring_buffer__epoll_fd(sysctl_buffer), EPOLLIN, on_ringbuf_io, sysctl_buffer); fd, EPOLLIN, on_ringbuf_io, sysctl_buffer);
if (r < 0) if (r < 0)
return log_warning_errno(r, "Failed to watch sysctl event ringbuffer: %m"); return log_warning_errno(r, "Failed to watch sysctl event ringbuffer: %m");
@ -163,23 +163,11 @@ void sysctl_remove_monitor(Manager *manager) {
assert(manager); assert(manager);
manager->sysctl_event_source = sd_event_source_disable_unref(manager->sysctl_event_source); manager->sysctl_event_source = sd_event_source_disable_unref(manager->sysctl_event_source);
manager->sysctl_buffer = bpf_ring_buffer_free(manager->sysctl_buffer);
if (manager->sysctl_buffer) { manager->sysctl_link = bpf_link_free(manager->sysctl_link);
sym_ring_buffer__free(manager->sysctl_buffer); manager->sysctl_skel = sysctl_monitor_bpf_free(manager->sysctl_skel);
manager->sysctl_buffer = NULL;
}
if (manager->sysctl_link) {
sym_bpf_link__destroy(manager->sysctl_link);
manager->sysctl_link = NULL;
}
if (manager->sysctl_skel) {
sysctl_monitor_bpf__destroy(manager->sysctl_skel);
manager->sysctl_skel = NULL;
}
manager->cgroup_fd = safe_close(manager->cgroup_fd); manager->cgroup_fd = safe_close(manager->cgroup_fd);
manager->sysctl_shadow = hashmap_free(manager->sysctl_shadow);
} }
int sysctl_clear_link_shadows(Link *link) { int sysctl_clear_link_shadows(Link *link) {
@ -222,13 +210,13 @@ static void manager_set_ip_forwarding(Manager *manager, int family) {
return; /* keep */ return; /* keep */
/* First, set the default value. */ /* First, set the default value. */
r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, &manager->sysctl_shadow); r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, manager_get_sysctl_shadow(manager));
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to %s the default %s forwarding: %m", log_warning_errno(r, "Failed to %s the default %s forwarding: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
/* Then, set the value to all interfaces. */ /* Then, set the value to all interfaces. */
r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, &manager->sysctl_shadow); r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, manager_get_sysctl_shadow(manager));
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m", log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
@ -273,7 +261,7 @@ static int link_update_ipv6_sysctl(Link *link) {
if (!link_ipv6_enabled(link)) if (!link_ipv6_enabled(link))
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_proxy_arp(Link *link) { static int link_set_proxy_arp(Link *link) {
@ -286,7 +274,7 @@ static int link_set_proxy_arp(Link *link) {
if (link->network->proxy_arp < 0) if (link->network->proxy_arp < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_proxy_arp_pvlan(Link *link) { static int link_set_proxy_arp_pvlan(Link *link) {
@ -299,7 +287,7 @@ static int link_set_proxy_arp_pvlan(Link *link) {
if (link->network->proxy_arp_pvlan < 0) if (link->network->proxy_arp_pvlan < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, manager_get_sysctl_shadow(link->manager));
} }
int link_get_ip_forwarding(Link *link, int family) { int link_get_ip_forwarding(Link *link, int family) {
@ -341,7 +329,7 @@ static int link_set_ip_forwarding_impl(Link *link, int family) {
if (t < 0) if (t < 0)
return 0; /* keep */ return 0; /* keep */
r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, &link->manager->sysctl_shadow); r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m", return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
@ -418,7 +406,7 @@ static int link_set_ipv4_rp_filter(Link *link) {
if (link->network->ipv4_rp_filter < 0) if (link->network->ipv4_rp_filter < 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_privacy_extensions(Link *link) { static int link_set_ipv6_privacy_extensions(Link *link) {
@ -438,7 +426,7 @@ static int link_set_ipv6_privacy_extensions(Link *link) {
if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL) if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_accept_ra(Link *link) { static int link_set_ipv6_accept_ra(Link *link) {
@ -448,7 +436,7 @@ static int link_set_ipv6_accept_ra(Link *link) {
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", &link->manager->sysctl_shadow); return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_dad_transmits(Link *link) { static int link_set_ipv6_dad_transmits(Link *link) {
@ -461,7 +449,7 @@ static int link_set_ipv6_dad_transmits(Link *link) {
if (link->network->ipv6_dad_transmits < 0) if (link->network->ipv6_dad_transmits < 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_hop_limit(Link *link) { static int link_set_ipv6_hop_limit(Link *link) {
@ -474,7 +462,7 @@ static int link_set_ipv6_hop_limit(Link *link) {
if (link->network->ipv6_hop_limit <= 0) if (link->network->ipv6_hop_limit <= 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_retransmission_time(Link *link) { static int link_set_ipv6_retransmission_time(Link *link) {
@ -493,7 +481,7 @@ static int link_set_ipv6_retransmission_time(Link *link) {
if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX) if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX)
return 0; return 0;
return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, &link->manager->sysctl_shadow); return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_proxy_ndp(Link *link) { static int link_set_ipv6_proxy_ndp(Link *link) {
@ -510,7 +498,7 @@ static int link_set_ipv6_proxy_ndp(Link *link) {
else else
v = !set_isempty(link->network->ipv6_proxy_ndp_addresses); v = !set_isempty(link->network->ipv6_proxy_ndp_addresses);
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, manager_get_sysctl_shadow(link->manager));
} }
int link_set_ipv6_mtu(Link *link, int log_level) { int link_set_ipv6_mtu(Link *link, int log_level) {
@ -538,7 +526,7 @@ int link_set_ipv6_mtu(Link *link, int log_level) {
mtu = link->mtu; mtu = link->mtu;
} }
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, &link->manager->sysctl_shadow); return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv4_accept_local(Link *link) { static int link_set_ipv4_accept_local(Link *link) {
@ -551,7 +539,7 @@ static int link_set_ipv4_accept_local(Link *link) {
if (link->network->ipv4_accept_local < 0) if (link->network->ipv4_accept_local < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv4_route_localnet(Link *link) { static int link_set_ipv4_route_localnet(Link *link) {
@ -564,7 +552,7 @@ static int link_set_ipv4_route_localnet(Link *link) {
if (link->network->ipv4_route_localnet < 0) if (link->network->ipv4_route_localnet < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv4_promote_secondaries(Link *link) { static int link_set_ipv4_promote_secondaries(Link *link) {
@ -579,7 +567,7 @@ static int link_set_ipv4_promote_secondaries(Link *link) {
* otherwise. The way systemd-networkd works is that the new IP of a lease is added as a * otherwise. The way systemd-networkd works is that the new IP of a lease is added as a
* secondary IP and when the primary one expires it relies on the kernel to promote the * secondary IP and when the primary one expires it relies on the kernel to promote the
* secondary IP. See also https://github.com/systemd/systemd/issues/7163 */ * secondary IP. See also https://github.com/systemd/systemd/issues/7163 */
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, manager_get_sysctl_shadow(link->manager));
} }
int link_set_sysctl(Link *link) { int link_set_sysctl(Link *link) {

View File

@ -6,6 +6,7 @@
#include "sd-daemon.h" #include "sd-daemon.h"
#include "bpf-dlopen.h" #include "bpf-dlopen.h"
#include "bpf-link.h"
#include "build-path.h" #include "build-path.h"
#include "common-signal.h" #include "common-signal.h"
#include "env-util.h" #include "env-util.h"
@ -141,8 +142,7 @@ Manager* manager_free(Manager *m) {
#if HAVE_VMLINUX_H #if HAVE_VMLINUX_H
sd_event_source_disable_unref(m->userns_restrict_bpf_ring_buffer_event_source); sd_event_source_disable_unref(m->userns_restrict_bpf_ring_buffer_event_source);
if (m->userns_restrict_bpf_ring_buffer) bpf_ring_buffer_free(m->userns_restrict_bpf_ring_buffer);
sym_ring_buffer__free(m->userns_restrict_bpf_ring_buffer);
userns_restrict_bpf_free(m->userns_restrict_bpf); userns_restrict_bpf_free(m->userns_restrict_bpf);
#endif #endif

View File

@ -41,3 +41,10 @@ struct bpf_link *bpf_link_free(struct bpf_link *link) {
return NULL; return NULL;
} }
struct ring_buffer* bpf_ring_buffer_free(struct ring_buffer *rb) {
if (rb) /* See the comment in bpf_link_free(). */
sym_ring_buffer__free(rb);
return NULL;
}

View File

@ -14,3 +14,6 @@ int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *li
struct bpf_link* bpf_link_free(struct bpf_link *p); struct bpf_link* bpf_link_free(struct bpf_link *p);
DEFINE_TRIVIAL_CLEANUP_FUNC(struct bpf_link *, bpf_link_free); DEFINE_TRIVIAL_CLEANUP_FUNC(struct bpf_link *, bpf_link_free);
struct ring_buffer* bpf_ring_buffer_free(struct ring_buffer *rb);
DEFINE_TRIVIAL_CLEANUP_FUNC(struct ring_buffer *, bpf_ring_buffer_free);

View File

@ -28,17 +28,16 @@ static int output_waiting_jobs(sd_bus *bus, Table *table, uint32_t id, const cha
while ((r = sd_bus_message_read(reply, "(usssoo)", &other_id, &name, &type, NULL, NULL, NULL)) > 0) { while ((r = sd_bus_message_read(reply, "(usssoo)", &other_id, &name, &type, NULL, NULL, NULL)) > 0) {
_cleanup_free_ char *row = NULL; _cleanup_free_ char *row = NULL;
int rc;
if (asprintf(&row, "%s %u (%s/%s)", prefix, other_id, name, type) < 0) if (asprintf(&row, "%s %u (%s/%s)", prefix, other_id, name, type) < 0)
return log_oom(); return log_oom();
rc = table_add_many(table, r = table_add_many(table,
TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT), TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT),
TABLE_STRING, row, TABLE_STRING, row,
TABLE_EMPTY, TABLE_EMPTY,
TABLE_EMPTY); TABLE_EMPTY);
if (rc < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
} }