Compare commits
18 Commits
2d68d5aeaf
...
fc654af69f
Author | SHA1 | Date |
---|---|---|
colin-foster-in-advantage | fc654af69f | |
Martin Srebotnjak | 69af4849aa | |
Jiri Grönroos | 18d4e0be89 | |
Dmytro Markevych | 7d7b89a015 | |
Léane GRASSER | 8a92365f79 | |
Lennart Poettering | f6793bbcf0 | |
Mike Yuan | f87863a8ff | |
Antonio Alvarez Feijoo | 58c3c2886d | |
Daan De Meyer | dbbe895807 | |
Yu Watanabe | 52b0351a15 | |
Luca Boccassi | fe077a1a58 | |
Mike Yuan | b718b86e1b | |
Mike Yuan | d911778877 | |
Mike Yuan | eea9d3eb10 | |
Mike Yuan | 579ce77ead | |
Colin Foster | b5171f0f48 | |
Colin Foster | b4e82f27c7 | |
Colin Foster | 857a9a6d74 |
|
@ -2546,6 +2546,17 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>BOOTP=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. The DHCPv4 client can be configured to communicate with BOOP servers that
|
||||
don't accept Option 53, DHCP Message Type. In this configuration, a BOOTP Request is sent without
|
||||
any options by default. A BOOTP reply that contains Option 1: Subnet Mask is expected.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v257"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<!-- How to use the DHCP lease -->
|
||||
|
||||
<varlistentry>
|
||||
|
|
18
po/fi.po
18
po/fi.po
|
@ -3,12 +3,13 @@
|
|||
# Finnish translation of systemd.
|
||||
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
|
||||
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
|
||||
# Jiri Grönroos <jiri.gronroos@iki.fi>, 2024.
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||
"PO-Revision-Date: 2024-09-12 13:43+0000\n"
|
||||
"Last-Translator: Ricky Tigg <ricky.tigg@gmail.com>\n"
|
||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||
"Last-Translator: Jiri Grönroos <jiri.gronroos@iki.fi>\n"
|
||||
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
|
||||
"main/fi/>\n"
|
||||
"Language: fi\n"
|
||||
|
@ -16,7 +17,7 @@ msgstr ""
|
|||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Plural-Forms: nplurals=2; plural=n != 1;\n"
|
||||
"X-Generator: Weblate 5.7.2\n"
|
||||
"X-Generator: Weblate 5.8.2\n"
|
||||
|
||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||
msgid "Send passphrase back to system"
|
||||
|
@ -112,14 +113,12 @@ msgid "Authentication is required to update a user's home area."
|
|||
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:53
|
||||
#, fuzzy
|
||||
msgid "Update your home area"
|
||||
msgstr "Päivitä kotialue"
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:54
|
||||
#, fuzzy
|
||||
msgid "Authentication is required to update your home area."
|
||||
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
|
||||
msgstr "Todennus vaaditaan kotialueen päivittämiseksi."
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:63
|
||||
msgid "Resize a home area"
|
||||
|
@ -1174,14 +1173,11 @@ msgstr "Todennus vaaditaan vanhojen järjestelmäpäivitysten puhdistamiseen."
|
|||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||
msgid "Manage optional features"
|
||||
msgstr ""
|
||||
msgstr "Hallitse valinnaisia ominaisuuksia"
|
||||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||
#, fuzzy
|
||||
msgid "Authentication is required to manage optional features"
|
||||
msgstr ""
|
||||
"Todennus vaaditaan aktiivisten istuntojen, käyttäjien ja paikkojen "
|
||||
"hallintaan."
|
||||
msgstr "Todennus vaaditaan valinnaisten ominaisuuksien hallintaan"
|
||||
|
||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||
msgid "Set system time"
|
||||
|
|
6
po/fr.po
6
po/fr.po
|
@ -12,7 +12,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
|
||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
|
||||
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
|
||||
"main/fr/>\n"
|
||||
|
@ -360,8 +360,8 @@ msgid ""
|
|||
"Authentication is required to set the statically configured local hostname, "
|
||||
"as well as the pretty hostname."
|
||||
msgstr ""
|
||||
"Une authentification est requise pour définir le nom d'hôte local de manière "
|
||||
"statique, ainsi que le nom d'hôte familier."
|
||||
"Une authentification est requise pour définir le nom d'hôte local configuré "
|
||||
"de manière statique, ainsi que le nom d'hôte convivial."
|
||||
|
||||
#: src/hostname/org.freedesktop.hostname1.policy:41
|
||||
msgid "Set machine information"
|
||||
|
|
15
po/sl.po
15
po/sl.po
|
@ -7,7 +7,7 @@ msgstr ""
|
|||
"Project-Id-Version: systemd\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||
"PO-Revision-Date: 2024-08-26 19:38+0000\n"
|
||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||
"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
|
||||
"Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
|
||||
"systemd/main/sl/>\n"
|
||||
|
@ -17,7 +17,7 @@ msgstr ""
|
|||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
|
||||
"n%100==4 ? 2 : 3;\n"
|
||||
"X-Generator: Weblate 5.7\n"
|
||||
"X-Generator: Weblate 5.8.2\n"
|
||||
|
||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||
msgid "Send passphrase back to system"
|
||||
|
@ -125,16 +125,13 @@ msgstr ""
|
|||
"območja."
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:53
|
||||
#, fuzzy
|
||||
msgid "Update your home area"
|
||||
msgstr "Posodobite domače območje"
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:54
|
||||
#, fuzzy
|
||||
msgid "Authentication is required to update your home area."
|
||||
msgstr ""
|
||||
"Preverjanje pristnosti je potrebno za posodobitev uporabnikovega domačega "
|
||||
"območja."
|
||||
"Preverjanje pristnosti je potrebno za posodobitev vašega domačega območja."
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:63
|
||||
msgid "Resize a home area"
|
||||
|
@ -1234,14 +1231,12 @@ msgstr ""
|
|||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||
msgid "Manage optional features"
|
||||
msgstr ""
|
||||
msgstr "Upravljaj dodatne funkcionalnosti"
|
||||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||
#, fuzzy
|
||||
msgid "Authentication is required to manage optional features"
|
||||
msgstr ""
|
||||
"Preverjanje pristnosti je potrebno za upravljanje aktivnih sej, uporabnikov "
|
||||
"in delovišč."
|
||||
"Preverjanje pristnosti je potrebno za upravljanje dodatnih funkcionalnosti."
|
||||
|
||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||
msgid "Set system time"
|
||||
|
|
20
po/uk.po
20
po/uk.po
|
@ -4,12 +4,13 @@
|
|||
# Eugene Melnik <jeka7js@gmail.com>, 2014.
|
||||
# Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
|
||||
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
|
||||
# Dmytro Markevych <hotr1pak@gmail.com>, 2024.
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||
"PO-Revision-Date: 2024-08-24 10:36+0000\n"
|
||||
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
|
||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||
"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n"
|
||||
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
|
||||
"systemd/main/uk/>\n"
|
||||
"Language: uk\n"
|
||||
|
@ -18,7 +19,7 @@ msgstr ""
|
|||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
|
||||
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
|
||||
"X-Generator: Weblate 5.7\n"
|
||||
"X-Generator: Weblate 5.8.2\n"
|
||||
|
||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||
msgid "Send passphrase back to system"
|
||||
|
@ -118,14 +119,12 @@ msgid "Authentication is required to update a user's home area."
|
|||
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:53
|
||||
#, fuzzy
|
||||
msgid "Update your home area"
|
||||
msgstr "Оновлення домашньої теки"
|
||||
msgstr "Оновіть свій домашній простір"
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:54
|
||||
#, fuzzy
|
||||
msgid "Authentication is required to update your home area."
|
||||
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
|
||||
msgstr "Для оновлення домашньої області потрібна автентифікація."
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:63
|
||||
msgid "Resize a home area"
|
||||
|
@ -1212,14 +1211,11 @@ msgstr "Для вилучення застарілих оновлень сист
|
|||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||
msgid "Manage optional features"
|
||||
msgstr ""
|
||||
msgstr "Керування додатковими функціями"
|
||||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||
#, fuzzy
|
||||
msgid "Authentication is required to manage optional features"
|
||||
msgstr ""
|
||||
"Для того, щоб керувати сеансами, користувачами і робочими місцями, слід "
|
||||
"пройти розпізнавання."
|
||||
msgstr "Для керування додатковими функціями потрібна автентифікація"
|
||||
|
||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||
msgid "Set system time"
|
||||
|
|
|
@ -803,6 +803,10 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
|
|||
if (!path)
|
||||
return -ENOMEM;
|
||||
|
||||
/* Refuse cgroup paths from outside our cgroup namespace */
|
||||
if (startswith(path, "/../"))
|
||||
return -EUNATCH;
|
||||
|
||||
/* Truncate suffix indicating the process is a zombie */
|
||||
e = endswith(path, " (deleted)");
|
||||
if (e)
|
||||
|
|
|
@ -102,8 +102,8 @@ int pid_get_comm(pid_t pid, char **ret) {
|
|||
_cleanup_free_ char *escaped = NULL, *comm = NULL;
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
assert(pid >= 0);
|
||||
assert(ret);
|
||||
|
||||
if (pid == 0 || pid == getpid_cached()) {
|
||||
comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
|
||||
|
@ -143,6 +143,9 @@ int pidref_get_comm(const PidRef *pid, char **ret) {
|
|||
if (!pidref_is_set(pid))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref_is_remote(pid))
|
||||
return -EREMOTE;
|
||||
|
||||
r = pid_get_comm(pid->pid, &comm);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -289,6 +292,9 @@ int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlag
|
|||
if (!pidref_is_set(pid))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref_is_remote(pid))
|
||||
return -EREMOTE;
|
||||
|
||||
r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -331,6 +337,9 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char *
|
|||
if (!pidref_is_set(pid))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref_is_remote(pid))
|
||||
return -EREMOTE;
|
||||
|
||||
r = pid_get_cmdline_strv(pid->pid, flags, &args);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -477,6 +486,9 @@ int pidref_is_kernel_thread(const PidRef *pid) {
|
|||
if (!pidref_is_set(pid))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref_is_remote(pid))
|
||||
return -EREMOTE;
|
||||
|
||||
result = pid_is_kernel_thread(pid->pid);
|
||||
if (result < 0)
|
||||
return result;
|
||||
|
@ -594,6 +606,9 @@ int pidref_get_uid(const PidRef *pid, uid_t *ret) {
|
|||
if (!pidref_is_set(pid))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref_is_remote(pid))
|
||||
return -EREMOTE;
|
||||
|
||||
r = pid_get_uid(pid->pid, &uid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -794,6 +809,9 @@ int pidref_get_start_time(const PidRef *pid, usec_t *ret) {
|
|||
if (!pidref_is_set(pid))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref_is_remote(pid))
|
||||
return -EREMOTE;
|
||||
|
||||
r = pid_get_start_time(pid->pid, ret ? &t : NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -1093,6 +1111,9 @@ int pidref_is_my_child(const PidRef *pid) {
|
|||
if (!pidref_is_set(pid))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref_is_remote(pid))
|
||||
return -EREMOTE;
|
||||
|
||||
result = pid_is_my_child(pid->pid);
|
||||
if (result < 0)
|
||||
return result;
|
||||
|
@ -1128,6 +1149,9 @@ int pidref_is_unwaited(const PidRef *pid) {
|
|||
if (!pidref_is_set(pid))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref_is_remote(pid))
|
||||
return -EREMOTE;
|
||||
|
||||
if (pid->pid == 1 || pidref_is_self(pid))
|
||||
return true;
|
||||
|
||||
|
@ -1169,6 +1193,9 @@ int pidref_is_alive(const PidRef *pidref) {
|
|||
if (!pidref_is_set(pidref))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref_is_remote(pidref))
|
||||
return -EREMOTE;
|
||||
|
||||
result = pid_is_alive(pidref->pid);
|
||||
if (result < 0) {
|
||||
assert(result != -ESRCH);
|
||||
|
|
|
@ -220,9 +220,9 @@ static int synthesize_user_creds(
|
|||
if (ret_gid)
|
||||
*ret_gid = GID_NOBODY;
|
||||
if (ret_home)
|
||||
*ret_home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/";
|
||||
*ret_home = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : "/";
|
||||
if (ret_shell)
|
||||
*ret_shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN;
|
||||
*ret_shell = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : NOLOGIN;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -244,6 +244,7 @@ int get_user_creds(
|
|||
|
||||
assert(username);
|
||||
assert(*username);
|
||||
assert((ret_home || ret_shell) || !(flags & (USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_CLEAN)));
|
||||
|
||||
if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
|
||||
(!ret_home && !ret_shell)) {
|
||||
|
@ -315,17 +316,14 @@ int get_user_creds(
|
|||
|
||||
if (ret_home)
|
||||
/* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
|
||||
*ret_home = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
|
||||
(empty_or_root(p->pw_dir) ||
|
||||
!path_is_valid(p->pw_dir) ||
|
||||
!path_is_absolute(p->pw_dir))) ? NULL : p->pw_dir;
|
||||
*ret_home = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && empty_or_root(p->pw_dir)) ||
|
||||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_dir) || !path_is_absolute(p->pw_dir)))
|
||||
? NULL : p->pw_dir;
|
||||
|
||||
if (ret_shell)
|
||||
*ret_shell = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
|
||||
(isempty(p->pw_shell) ||
|
||||
!path_is_valid(p->pw_shell) ||
|
||||
!path_is_absolute(p->pw_shell) ||
|
||||
is_nologin_shell(p->pw_shell))) ? NULL : p->pw_shell;
|
||||
*ret_shell = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && shell_is_placeholder(p->pw_shell)) ||
|
||||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_shell) || !path_is_absolute(p->pw_shell)))
|
||||
? NULL : p->pw_shell;
|
||||
|
||||
if (patch_username)
|
||||
*username = p->pw_name;
|
||||
|
|
|
@ -12,6 +12,8 @@
|
|||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "string-util.h"
|
||||
|
||||
/* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
|
||||
#define HOME_UID_MIN ((uid_t) 60001)
|
||||
#define HOME_UID_MAX ((uid_t) 60513)
|
||||
|
@ -36,10 +38,20 @@ static inline int parse_gid(const char *s, gid_t *ret_gid) {
|
|||
char* getlogname_malloc(void);
|
||||
char* getusername_malloc(void);
|
||||
|
||||
const char* default_root_shell_at(int rfd);
|
||||
const char* default_root_shell(const char *root);
|
||||
|
||||
bool is_nologin_shell(const char *shell);
|
||||
|
||||
static inline bool shell_is_placeholder(const char *shell) {
|
||||
return isempty(shell) || is_nologin_shell(shell);
|
||||
}
|
||||
|
||||
typedef enum UserCredsFlags {
|
||||
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
|
||||
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
|
||||
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
|
||||
USER_CREDS_SUPPRESS_PLACEHOLDER = 1 << 3, /* suppress home and/or shell fields if value is placeholder (root/empty/nologin) */
|
||||
} UserCredsFlags;
|
||||
|
||||
int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
|
||||
|
@ -125,10 +137,6 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg);
|
|||
int putsgent_sane(const struct sgrp *sg, FILE *stream);
|
||||
#endif
|
||||
|
||||
bool is_nologin_shell(const char *shell);
|
||||
const char* default_root_shell_at(int rfd);
|
||||
const char* default_root_shell(const char *root);
|
||||
|
||||
int is_this_me(const char *username);
|
||||
|
||||
const char* get_home_root(void);
|
||||
|
|
|
@ -855,9 +855,6 @@ static int get_fixed_user(
|
|||
assert(user_or_uid);
|
||||
assert(ret_username);
|
||||
|
||||
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
|
||||
* (i.e. are "/" or "/bin/nologin"). */
|
||||
|
||||
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -1883,7 +1880,10 @@ static int build_environment(
|
|||
}
|
||||
}
|
||||
|
||||
if (home && set_user_login_env) {
|
||||
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
|
||||
* (i.e. are "/" or "/bin/nologin"). */
|
||||
|
||||
if (home && set_user_login_env && !empty_or_root(home)) {
|
||||
x = strjoin("HOME=", home);
|
||||
if (!x)
|
||||
return -ENOMEM;
|
||||
|
@ -1892,7 +1892,7 @@ static int build_environment(
|
|||
our_env[n_env++] = x;
|
||||
}
|
||||
|
||||
if (shell && set_user_login_env) {
|
||||
if (shell && set_user_login_env && !shell_is_placeholder(shell)) {
|
||||
x = strjoin("SHELL=", shell);
|
||||
if (!x)
|
||||
return -ENOMEM;
|
||||
|
@ -3471,20 +3471,16 @@ static int apply_working_directory(
|
|||
const ExecContext *context,
|
||||
const ExecParameters *params,
|
||||
ExecRuntime *runtime,
|
||||
const char *home,
|
||||
int *exit_status) {
|
||||
const char *home) {
|
||||
|
||||
const char *wd;
|
||||
int r;
|
||||
|
||||
assert(context);
|
||||
assert(exit_status);
|
||||
|
||||
if (context->working_directory_home) {
|
||||
if (!home) {
|
||||
*exit_status = EXIT_CHDIR;
|
||||
if (!home)
|
||||
return -ENXIO;
|
||||
}
|
||||
|
||||
wd = home;
|
||||
} else
|
||||
|
@ -3503,13 +3499,7 @@ static int apply_working_directory(
|
|||
if (r >= 0)
|
||||
r = RET_NERRNO(fchdir(dfd));
|
||||
}
|
||||
|
||||
if (r < 0 && !context->working_directory_missing_ok) {
|
||||
*exit_status = EXIT_CHDIR;
|
||||
return r;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return context->working_directory_missing_ok ? 0 : r;
|
||||
}
|
||||
|
||||
static int apply_root_directory(
|
||||
|
@ -3785,7 +3775,7 @@ static int acquire_home(const ExecContext *c, const char **home, char **ret_buf)
|
|||
if (!c->working_directory_home)
|
||||
return 0;
|
||||
|
||||
if (c->dynamic_user)
|
||||
if (c->dynamic_user || (c->user && is_this_me(c->user) <= 0))
|
||||
return -EADDRNOTAVAIL;
|
||||
|
||||
r = get_home_dir(ret_buf);
|
||||
|
@ -4543,7 +4533,7 @@ int exec_invoke(
|
|||
r = acquire_home(context, &home, &home_buffer);
|
||||
if (r < 0) {
|
||||
*exit_status = EXIT_CHDIR;
|
||||
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for user: %m");
|
||||
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for the invoking user: %m");
|
||||
}
|
||||
|
||||
/* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
|
||||
|
@ -5382,9 +5372,11 @@ int exec_invoke(
|
|||
* running this service might have the correct privilege to change to the working directory. Also, it
|
||||
* is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
|
||||
* the cwd cannot be used to pin directories outside of the sandbox. */
|
||||
r = apply_working_directory(context, params, runtime, home, exit_status);
|
||||
if (r < 0)
|
||||
r = apply_working_directory(context, params, runtime, home);
|
||||
if (r < 0) {
|
||||
*exit_status = EXIT_CHDIR;
|
||||
return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
|
||||
}
|
||||
|
||||
if (needs_sandboxing) {
|
||||
/* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to
|
||||
|
|
|
@ -193,7 +193,7 @@ int enroll_fido2(
|
|||
fflush(stdout);
|
||||
|
||||
fprintf(stderr,
|
||||
"\nPlease save this FIDO2 credential ID. It is required when unloocking the volume\n"
|
||||
"\nPlease save this FIDO2 credential ID. It is required when unlocking the volume\n"
|
||||
"using the associated FIDO2 keyslot which we just created. To configure automatic\n"
|
||||
"unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
|
||||
"file, see %s for details.\n", link);
|
||||
|
|
|
@ -14,19 +14,13 @@
|
|||
|
||||
#define DHCP_CLIENT_MIN_OPTIONS_SIZE 312
|
||||
|
||||
int dhcp_message_init(
|
||||
int bootp_message_init(
|
||||
DHCPMessage *message,
|
||||
uint8_t op,
|
||||
uint32_t xid,
|
||||
uint8_t type,
|
||||
uint16_t arp_type,
|
||||
uint8_t hlen,
|
||||
const uint8_t *chaddr,
|
||||
size_t optlen,
|
||||
size_t *optoffset) {
|
||||
|
||||
size_t offset = 0;
|
||||
int r;
|
||||
const uint8_t *chaddr) {
|
||||
|
||||
assert(IN_SET(op, BOOTREQUEST, BOOTREPLY));
|
||||
assert(chaddr || hlen == 0);
|
||||
|
@ -51,6 +45,27 @@ int dhcp_message_init(
|
|||
message->xid = htobe32(xid);
|
||||
message->magic = htobe32(DHCP_MAGIC_COOKIE);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int dhcp_message_init(
|
||||
DHCPMessage *message,
|
||||
uint8_t op,
|
||||
uint32_t xid,
|
||||
uint8_t type,
|
||||
uint16_t arp_type,
|
||||
uint8_t hlen,
|
||||
const uint8_t *chaddr,
|
||||
size_t optlen,
|
||||
size_t *optoffset) {
|
||||
|
||||
size_t offset = 0;
|
||||
int r;
|
||||
|
||||
r = bootp_message_init(message, op, xid, arp_type, hlen, chaddr);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = dhcp_option_append(message, optlen, &offset, 0,
|
||||
SD_DHCP_OPTION_MESSAGE_TYPE, 1, &type);
|
||||
if (r < 0)
|
||||
|
|
|
@ -6,6 +6,14 @@
|
|||
|
||||
#include "dhcp-protocol.h"
|
||||
|
||||
int bootp_message_init(
|
||||
DHCPMessage *message,
|
||||
uint8_t op,
|
||||
uint32_t xid,
|
||||
uint16_t arp_type,
|
||||
uint8_t hlen,
|
||||
const uint8_t *chaddr);
|
||||
|
||||
int dhcp_message_init(
|
||||
DHCPMessage *message,
|
||||
uint8_t op,
|
||||
|
|
|
@ -105,6 +105,7 @@ struct sd_dhcp_client {
|
|||
int socket_priority;
|
||||
bool socket_priority_set;
|
||||
bool ipv6_acquired;
|
||||
bool bootp;
|
||||
};
|
||||
|
||||
static const uint8_t default_req_opts[] = {
|
||||
|
@ -656,6 +657,15 @@ int sd_dhcp_client_set_fallback_lease_lifetime(sd_dhcp_client *client, uint64_t
|
|||
return 0;
|
||||
}
|
||||
|
||||
int sd_dhcp_client_set_bootp(sd_dhcp_client *client, int bootp) {
|
||||
assert_return(client, -EINVAL);
|
||||
assert_return(!sd_dhcp_client_is_running(client), -EBUSY);
|
||||
|
||||
client->bootp = bootp;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void client_set_state(sd_dhcp_client *client, DHCPState state) {
|
||||
assert(client);
|
||||
|
||||
|
@ -792,7 +802,11 @@ static int client_message_init(
|
|||
packet = malloc0(size);
|
||||
if (!packet)
|
||||
return -ENOMEM;
|
||||
|
||||
if (client->bootp) {
|
||||
optoffset = 0;
|
||||
r = bootp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, client->arp_type,
|
||||
client->hw_addr.length, client->hw_addr.bytes);
|
||||
} else
|
||||
r = dhcp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, type,
|
||||
client->arp_type, client->hw_addr.length, client->hw_addr.bytes,
|
||||
optlen, &optoffset);
|
||||
|
@ -825,6 +839,7 @@ static int client_message_init(
|
|||
if (client->request_broadcast || client->arp_type != ARPHRD_ETHER)
|
||||
packet->dhcp.flags = htobe16(0x8000);
|
||||
|
||||
if (!client->bootp) {
|
||||
/* Some DHCP servers will refuse to issue an DHCP lease if the Client
|
||||
Identifier option is not set */
|
||||
r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
|
||||
|
@ -833,6 +848,7 @@ static int client_message_init(
|
|||
client->client_id.raw);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
/* RFC2131 section 3.5:
|
||||
in its initial DHCPDISCOVER or DHCPREQUEST message, a
|
||||
|
@ -1061,6 +1077,22 @@ static int client_send_discover(sd_dhcp_client *client) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
/* RFC1542 section 3.5:
|
||||
if the client has no information to communicate to the server,
|
||||
the octet immediately following the magic cookie SHOULD be set
|
||||
to the "End" tag (255) and the remaining octets of the 'vend'
|
||||
field SHOULD be set to zero.
|
||||
*/
|
||||
/* Use this RFC, along with the fact that some BOOTP servers require
|
||||
a 64-byte vend field, to suggest that we always zero and send 64
|
||||
bytes in the options field.
|
||||
*/
|
||||
if (client->bootp)
|
||||
if (optoffset < 64 && optlen >= 64) {
|
||||
memset(&discover->dhcp.options[optoffset], 0, optlen - optoffset);
|
||||
optoffset = 64;
|
||||
}
|
||||
|
||||
/* We currently ignore:
|
||||
The client SHOULD wait a random time between one and ten seconds to
|
||||
desynchronize the use of DHCP at startup.
|
||||
|
@ -1509,16 +1541,18 @@ static int client_parse_message(
|
|||
}
|
||||
|
||||
r = dhcp_option_parse(message, len, dhcp_lease_parse_options, lease, &error_message);
|
||||
if (r < 0)
|
||||
if (r == -ENOMSG && client->bootp)
|
||||
r = DHCP_ACK; /* BOOTP messages don't have a DHCP message type option */
|
||||
else if (r < 0)
|
||||
return log_dhcp_client_errno(client, r, "Failed to parse DHCP options, ignoring: %m");
|
||||
|
||||
switch (client->state) {
|
||||
case DHCP_STATE_SELECTING:
|
||||
if (r == DHCP_ACK) {
|
||||
if (!client->rapid_commit)
|
||||
if (!client->rapid_commit && !client->bootp)
|
||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||
"received unexpected ACK, ignoring.");
|
||||
if (!lease->rapid_commit)
|
||||
if (!lease->rapid_commit && !client->bootp)
|
||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||
"received rapid ACK without Rapid Commit option, ignoring.");
|
||||
} else if (r == DHCP_OFFER) {
|
||||
|
@ -1561,11 +1595,17 @@ static int client_parse_message(
|
|||
lease->next_server = message->siaddr;
|
||||
lease->address = message->yiaddr;
|
||||
|
||||
if (client->bootp)
|
||||
lease->lifetime = USEC_INFINITY;
|
||||
|
||||
if (lease->server_address == 0 && !client->bootp)
|
||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||
"received lease lacks server address, ignoring.");
|
||||
|
||||
if (lease->address == 0 ||
|
||||
lease->server_address == 0 ||
|
||||
lease->lifetime == 0)
|
||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||
"received lease lacks address, server address or lease lifetime, ignoring.");
|
||||
"received lease lacks address or lease lifetime, ignoring.");
|
||||
|
||||
r = dhcp_lease_set_default_subnet_mask(lease);
|
||||
if (r < 0)
|
||||
|
@ -1601,7 +1641,7 @@ static int client_handle_offer_or_rapid_ack(sd_dhcp_client *client, DHCPMessage
|
|||
|
||||
dhcp_lease_unref_and_replace(client->lease, lease);
|
||||
|
||||
if (client->lease->rapid_commit) {
|
||||
if (client->lease->rapid_commit || client->bootp) {
|
||||
log_dhcp_client(client, "ACK");
|
||||
return SD_DHCP_CLIENT_EVENT_IP_ACQUIRE;
|
||||
}
|
||||
|
@ -2007,8 +2047,8 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, s
|
|||
if (r < 0)
|
||||
return 0; /* invalid message, let's ignore it */
|
||||
|
||||
if (client->lease->rapid_commit)
|
||||
/* got a successful rapid commit */
|
||||
if (client->lease->rapid_commit || client->bootp)
|
||||
/* got a successful rapid commit or bootp reply */
|
||||
return client_enter_bound(client, r);
|
||||
|
||||
return client_enter_requesting(client);
|
||||
|
@ -2225,7 +2265,7 @@ int sd_dhcp_client_send_release(sd_dhcp_client *client) {
|
|||
size_t optoffset, optlen;
|
||||
int r;
|
||||
|
||||
if (!sd_dhcp_client_is_running(client) || !client->lease)
|
||||
if (!sd_dhcp_client_is_running(client) || !client->lease || client->bootp)
|
||||
return 0; /* do nothing */
|
||||
|
||||
r = client_message_init(client, &release, DHCP_RELEASE, &optlen, &optoffset);
|
||||
|
|
|
@ -532,6 +532,145 @@ static void test_addr_acq(sd_event *e) {
|
|||
xid = 0;
|
||||
}
|
||||
|
||||
static uint8_t test_addr_bootp_reply[] = {
|
||||
0x45, 0x00, 0x01, 0x48, 0x00, 0x00, 0x40, 0x00,
|
||||
0xff, 0x11, 0x70, 0xa3, 0x0a, 0x00, 0x00, 0x02,
|
||||
0xff, 0xff, 0xff, 0xff, 0x00, 0x43, 0x00, 0x44,
|
||||
0x01, 0x2c, 0x2b, 0x91, 0x02, 0x01, 0x06, 0x00,
|
||||
0x69, 0xd3, 0x79, 0x11, 0x17, 0x00, 0x80, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x0a, 0x46, 0x00, 0x02,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x50, 0x2d, 0xf4, 0x1f, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x63, 0x82, 0x53, 0x63, 0x01, 0x04, 0xff, 0x00,
|
||||
0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
};
|
||||
|
||||
static int test_bootp_acquired(sd_dhcp_client *client, int event,
|
||||
void *userdata) {
|
||||
sd_event *e = userdata;
|
||||
sd_dhcp_lease *lease;
|
||||
struct in_addr addr;
|
||||
|
||||
assert_se(client);
|
||||
assert_se(IN_SET(event, SD_DHCP_CLIENT_EVENT_IP_ACQUIRE, SD_DHCP_CLIENT_EVENT_SELECTING));
|
||||
|
||||
assert_se(sd_dhcp_client_get_lease(client, &lease) >= 0);
|
||||
assert_se(lease);
|
||||
|
||||
assert_se(sd_dhcp_lease_get_address(lease, &addr) >= 0);
|
||||
assert_se(memcmp(&addr.s_addr, &test_addr_bootp_reply[44],
|
||||
sizeof(addr.s_addr)) == 0);
|
||||
|
||||
assert_se(sd_dhcp_lease_get_netmask(lease, &addr) >= 0);
|
||||
assert_se(memcmp(&addr.s_addr, &test_addr_bootp_reply[270],
|
||||
sizeof(addr.s_addr)) == 0);
|
||||
|
||||
if (verbose)
|
||||
log_info(" BOOTP address acquired");
|
||||
|
||||
sd_event_exit(e, 0);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int test_bootp_recv_request(size_t size, DHCPMessage *request) {
|
||||
uint16_t udp_check = 0;
|
||||
int res;
|
||||
|
||||
xid = request->xid;
|
||||
|
||||
if (verbose)
|
||||
log_info(" recv BOOTP Request 0x%08x", be32toh(xid));
|
||||
|
||||
callback_recv = NULL;
|
||||
|
||||
memcpy(&test_addr_bootp_reply[26], &udp_check, sizeof(udp_check));
|
||||
memcpy(&test_addr_bootp_reply[32], &xid, sizeof(xid));
|
||||
memcpy(&test_addr_bootp_reply[56], hw_addr.bytes, hw_addr.length);
|
||||
|
||||
res = write(test_fd[1], test_addr_bootp_reply,
|
||||
sizeof(test_addr_bootp_reply));
|
||||
assert_se(res == sizeof(test_addr_bootp_reply));
|
||||
|
||||
if (verbose)
|
||||
log_info(" sent BOOTP Reply");
|
||||
|
||||
return 0;
|
||||
};
|
||||
|
||||
static void test_acquire_bootp(sd_event *e) {
|
||||
sd_dhcp_client *client;
|
||||
int res, r;
|
||||
|
||||
if (verbose)
|
||||
log_info("* %s", __func__);
|
||||
|
||||
r = sd_dhcp_client_new(&client, false);
|
||||
assert_se(r >= 0);
|
||||
assert_se(client);
|
||||
|
||||
r = sd_dhcp_client_attach_event(client, e, 0);
|
||||
assert_se(r >= 0);
|
||||
|
||||
r = sd_dhcp_client_set_bootp(client, true);
|
||||
assert_se(r >= 0);
|
||||
|
||||
assert_se(sd_dhcp_client_set_ifindex(client, 42) >= 0);
|
||||
assert_se(sd_dhcp_client_set_mac(client, hw_addr.bytes, bcast_addr.bytes, hw_addr.length, ARPHRD_ETHER) >= 0);
|
||||
|
||||
assert_se(sd_dhcp_client_set_callback(client, test_bootp_acquired, e) >= 0);
|
||||
|
||||
callback_recv = test_bootp_recv_request;
|
||||
|
||||
assert_se(sd_event_add_time_relative(e, NULL, CLOCK_BOOTTIME,
|
||||
30 * USEC_PER_SEC, 0,
|
||||
NULL, INT_TO_PTR(-ETIMEDOUT)) >= 0);
|
||||
|
||||
res = sd_dhcp_client_start(client);
|
||||
assert_se(IN_SET(res, 0, -EINPROGRESS));
|
||||
|
||||
assert_se(sd_event_loop(e) >= 0);
|
||||
|
||||
assert_se(sd_dhcp_client_set_callback(client, NULL, NULL) >= 0);
|
||||
assert_se(sd_dhcp_client_stop(client) >= 0);
|
||||
sd_dhcp_client_unref(client);
|
||||
|
||||
test_fd[1] = safe_close(test_fd[1]);
|
||||
|
||||
callback_recv = NULL;
|
||||
xid = 0;
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
_cleanup_(sd_event_unrefp) sd_event *e;
|
||||
|
||||
|
@ -549,6 +688,10 @@ int main(int argc, char *argv[]) {
|
|||
test_discover_message(e);
|
||||
test_addr_acq(e);
|
||||
|
||||
sd_event_unref(e);
|
||||
assert_se(sd_event_new(&e) >= 0);
|
||||
test_acquire_bootp(e);
|
||||
|
||||
#if HAVE_VALGRIND_VALGRIND_H
|
||||
/* Make sure the async_close thread has finished.
|
||||
* valgrind would report some of the phread_* structures
|
||||
|
|
|
@ -1477,6 +1477,10 @@ static int dhcp4_configure(Link *link) {
|
|||
if (r < 0)
|
||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to allocate DHCPv4 client: %m");
|
||||
|
||||
r = sd_dhcp_client_set_bootp(link->dhcp_client, link->network->dhcp_send_bootp);
|
||||
if (r < 0)
|
||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to set BOOTP flag: %m");
|
||||
|
||||
r = sd_dhcp_client_attach_event(link->dhcp_client, link->manager->event, 0);
|
||||
if (r < 0)
|
||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to attach event to DHCPv4 client: %m");
|
||||
|
|
|
@ -244,6 +244,7 @@ DHCPv4.QuickAck, config_parse_bool,
|
|||
DHCPv4.RequestOptions, config_parse_dhcp_request_options, AF_INET, 0
|
||||
DHCPv4.Anonymize, config_parse_bool, 0, offsetof(Network, dhcp_anonymize)
|
||||
DHCPv4.SendHostname, config_parse_dhcp_send_hostname, AF_INET, 0
|
||||
DHCPv4.BOOTP, config_parse_bool, 0, offsetof(Network, dhcp_send_bootp)
|
||||
DHCPv4.Hostname, config_parse_hostname, 0, offsetof(Network, dhcp_hostname)
|
||||
DHCPv4.Label, config_parse_dhcp_label, 0, offsetof(Network, dhcp_label)
|
||||
DHCPv4.RequestBroadcast, config_parse_tristate, 0, offsetof(Network, dhcp_broadcast)
|
||||
|
|
|
@ -179,6 +179,7 @@ struct Network {
|
|||
OrderedHashmap *dhcp_client_send_vendor_options;
|
||||
char *dhcp_netlabel;
|
||||
NFTSetContext dhcp_nft_set_context;
|
||||
bool dhcp_send_bootp;
|
||||
|
||||
/* DHCPv6 Client support */
|
||||
bool dhcp6_use_address;
|
||||
|
|
|
@ -2297,7 +2297,8 @@ static int start_transient_scope(sd_bus *bus) {
|
|||
uid_t uid;
|
||||
gid_t gid;
|
||||
|
||||
r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell, USER_CREDS_CLEAN|USER_CREDS_PREFER_NSS);
|
||||
r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell,
|
||||
USER_CREDS_CLEAN|USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_PREFER_NSS);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);
|
||||
|
||||
|
|
|
@ -46,13 +46,17 @@ static bool argv_has_at(pid_t pid) {
|
|||
return c == '@';
|
||||
}
|
||||
|
||||
static bool is_survivor_cgroup(const PidRef *pid) {
|
||||
static bool is_in_survivor_cgroup(const PidRef *pid) {
|
||||
_cleanup_free_ char *cgroup_path = NULL;
|
||||
int r;
|
||||
|
||||
assert(pidref_is_set(pid));
|
||||
|
||||
r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path);
|
||||
if (r == -EUNATCH) {
|
||||
log_warning_errno(r, "Process " PID_FMT " appears to originate in foreign namespace, ignoring.", pid->pid);
|
||||
return true;
|
||||
}
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid);
|
||||
return false;
|
||||
|
@ -86,7 +90,7 @@ static bool ignore_proc(const PidRef *pid, bool warn_rootfs) {
|
|||
return true; /* also ignore processes where we can't determine this */
|
||||
|
||||
/* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */
|
||||
if (is_survivor_cgroup(pid))
|
||||
if (is_in_survivor_cgroup(pid))
|
||||
return true;
|
||||
|
||||
r = pidref_get_uid(pid, &uid);
|
||||
|
|
|
@ -147,6 +147,9 @@ int sd_dhcp_client_set_socket_priority(
|
|||
int sd_dhcp_client_set_fallback_lease_lifetime(
|
||||
sd_dhcp_client *client,
|
||||
uint64_t fallback_lease_lifetime);
|
||||
int sd_dhcp_client_set_bootp(
|
||||
sd_dhcp_client *client,
|
||||
int bootp);
|
||||
|
||||
int sd_dhcp_client_add_option(sd_dhcp_client *client, sd_dhcp_option *v);
|
||||
int sd_dhcp_client_add_vendor_option(sd_dhcp_client *client, sd_dhcp_option *v);
|
||||
|
|
|
@ -7,24 +7,26 @@ TEST(audit_loginuid_from_pid) {
|
|||
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
|
||||
int r;
|
||||
|
||||
assert_se(pidref_set_self(&self) >= 0);
|
||||
assert_se(pidref_set_pid(&pid1, 1) >= 0);
|
||||
ASSERT_OK(pidref_set_self(&self));
|
||||
ASSERT_OK(pidref_set_pid(&pid1, 1));
|
||||
|
||||
uid_t uid;
|
||||
r = audit_loginuid_from_pid(&self, &uid);
|
||||
assert_se(r >= 0 || r == -ENODATA);
|
||||
if (r != -ENODATA)
|
||||
ASSERT_OK(r);
|
||||
if (r >= 0)
|
||||
log_info("self audit login uid: " UID_FMT, uid);
|
||||
|
||||
assert_se(audit_loginuid_from_pid(&pid1, &uid) == -ENODATA);
|
||||
ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA);
|
||||
|
||||
uint32_t sessionid;
|
||||
r = audit_session_from_pid(&self, &sessionid);
|
||||
assert_se(r >= 0 || r == -ENODATA);
|
||||
if (r != -ENODATA)
|
||||
ASSERT_OK(r);
|
||||
if (r >= 0)
|
||||
log_info("self audit session id: %" PRIu32, sessionid);
|
||||
|
||||
assert_se(audit_session_from_pid(&pid1, &sessionid) == -ENODATA);
|
||||
ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA);
|
||||
}
|
||||
|
||||
static int intro(void) {
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
#!/usr/bin/env bash
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
# shellcheck source=test/units/util.sh
|
||||
. "$(dirname "$0")"/util.sh
|
||||
|
||||
(! systemd-run --wait -p DynamicUser=yes \
|
||||
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
|
||||
-p WorkingDirectory='~' true)
|
||||
|
||||
assert_eq "$(systemd-run --pipe --uid=root -p WorkingDirectory='~' pwd)" "/root"
|
||||
assert_eq "$(systemd-run --pipe --uid=nobody -p WorkingDirectory='~' pwd)" "/"
|
||||
assert_eq "$(systemd-run --pipe --uid=testuser -p WorkingDirectory='~' pwd)" "/home/testuser"
|
||||
|
||||
(! systemd-run --wait -p DynamicUser=yes -p User=testuser \
|
||||
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
|
||||
-p WorkingDirectory='~' true)
|
|
@ -16,6 +16,7 @@ ConditionDirectoryNotEmpty=|/run/confexts
|
|||
ConditionDirectoryNotEmpty=|/var/lib/confexts
|
||||
ConditionDirectoryNotEmpty=|/usr/local/lib/confexts
|
||||
ConditionDirectoryNotEmpty=|/usr/lib/confexts
|
||||
ConditionDirectoryNotEmpty=|/.extra/confext
|
||||
|
||||
DefaultDependencies=no
|
||||
After=local-fs.target
|
||||
|
|
Loading…
Reference in New Issue