Compare commits
No commits in common. "332f38d084c68c3d524c086f4d7843a2fd048ba8" and "9d5dac4dce8721eaa14800039d8a31428c072d13" have entirely different histories.
332f38d084
...
9d5dac4dce
8
TODO
8
TODO
|
@ -19,14 +19,6 @@ Janitorial Clean-ups:
|
|||
|
||||
Features:
|
||||
|
||||
* journalctl --image= which is like --root= but operates on disk images
|
||||
|
||||
* when systemd-nspawn and suchlike dissect an OS image, and there are multiple
|
||||
root partitions, do an strverscmp() on the partition label and boot
|
||||
first. That is inspired how sd-boot figures out which kernel to boot, and
|
||||
thus allows defining OS images which can be A/B updated and we default to the
|
||||
newest version automatically, both in nspawn and in sd-boot
|
||||
|
||||
* drop sd_bus_message_set_priority() from sd-bus API and documentation as much
|
||||
as we can, it's a kdbus left-over and unlikely to come back on AF_UNIX, since
|
||||
it's not really implementable there.
|
||||
|
|
|
@ -1646,41 +1646,6 @@ static int apply_lock_personality(const Unit* u, const ExecContext *c) {
|
|||
|
||||
#endif
|
||||
|
||||
static int apply_protect_hostname(const Unit *u, const ExecContext *c, int *ret_exit_status) {
|
||||
int r;
|
||||
|
||||
assert(u);
|
||||
assert(c);
|
||||
|
||||
if (!c->protect_hostname)
|
||||
return 0;
|
||||
|
||||
if (ns_type_supported(NAMESPACE_UTS)) {
|
||||
if (unshare(CLONE_NEWUTS) < 0) {
|
||||
if (!ERRNO_IS_NOT_SUPPORTED(errno) && !ERRNO_IS_PRIVILEGE(errno)) {
|
||||
*ret_exit_status = EXIT_NAMESPACE;
|
||||
return log_unit_error_errno(u, errno, "Failed to set up UTS namespacing: %m");
|
||||
}
|
||||
|
||||
log_unit_warning(u, "ProtectHostname=yes is configured, but UTS namespace setup is prohibited (container manager?), ignoring namespace setup.");
|
||||
}
|
||||
} else
|
||||
log_unit_warning(u, "ProtectHostname=yes is configured, but the kernel does not support UTS namespaces, ignoring namespace setup.");
|
||||
|
||||
#if HAVE_SECCOMP
|
||||
if (skip_seccomp_unavailable(u, "ProtectHostname="))
|
||||
return 0;
|
||||
|
||||
r = seccomp_protect_hostname();
|
||||
if (r < 0) {
|
||||
*ret_exit_status = EXIT_SECCOMP;
|
||||
return log_unit_error_errno(u, r, "Failed to apply hostname restrictions: %m");
|
||||
}
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void do_idle_pipe_dance(int idle_pipe[static 4]) {
|
||||
assert(idle_pipe);
|
||||
|
||||
|
@ -3631,10 +3596,25 @@ static int exec_child(
|
|||
}
|
||||
}
|
||||
|
||||
if (needs_sandboxing) {
|
||||
r = apply_protect_hostname(unit, context, exit_status);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (context->protect_hostname) {
|
||||
if (ns_type_supported(NAMESPACE_UTS)) {
|
||||
if (unshare(CLONE_NEWUTS) < 0) {
|
||||
if (!ERRNO_IS_NOT_SUPPORTED(errno) && !ERRNO_IS_PRIVILEGE(errno)) {
|
||||
*exit_status = EXIT_NAMESPACE;
|
||||
return log_unit_error_errno(unit, errno, "Failed to set up UTS namespacing: %m");
|
||||
}
|
||||
|
||||
log_unit_warning(unit, "ProtectHostname=yes is configured, but UTS namespace setup is prohibited (container manager?), ignoring namespace setup.");
|
||||
}
|
||||
} else
|
||||
log_unit_warning(unit, "ProtectHostname=yes is configured, but the kernel does not support UTS namespaces, ignoring namespace setup.");
|
||||
#if HAVE_SECCOMP
|
||||
r = seccomp_protect_hostname();
|
||||
if (r < 0) {
|
||||
*exit_status = EXIT_SECCOMP;
|
||||
return log_unit_error_errno(unit, r, "Failed to apply hostname restrictions: %m");
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Drop groups as early as possible.
|
||||
|
|
|
@ -52,12 +52,9 @@ static int parse_argv(
|
|||
else if (please_suspend)
|
||||
*please_suspend = k;
|
||||
|
||||
} else if (streq(argv[i], "debug")) {
|
||||
if (debug)
|
||||
*debug = true;
|
||||
|
||||
} else if ((v = startswith(argv[i], "debug="))) {
|
||||
int k;
|
||||
|
||||
k = parse_boolean(v);
|
||||
if (k < 0)
|
||||
pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring: %s", v);
|
||||
|
|
|
@ -82,10 +82,6 @@ enum {
|
|||
DHCP6_NTP_SUBOPTION_SRV_FQDN = 3,
|
||||
};
|
||||
|
||||
/*
|
||||
* RFC 8415, RFC 5007 and RFC 7653 status codes:
|
||||
* https://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml#dhcpv6-parameters-5
|
||||
*/
|
||||
enum {
|
||||
DHCP6_STATUS_SUCCESS = 0,
|
||||
DHCP6_STATUS_UNSPEC_FAIL = 1,
|
||||
|
@ -94,23 +90,7 @@ enum {
|
|||
DHCP6_STATUS_NOT_ON_LINK = 4,
|
||||
DHCP6_STATUS_USE_MULTICAST = 5,
|
||||
DHCP6_STATUS_NO_PREFIX_AVAIL = 6,
|
||||
DHCP6_STATUS_UNKNOWN_QUERY_TYPE = 7,
|
||||
DHCP6_STATUS_MALFORMED_QUERY = 8,
|
||||
DHCP6_STATUS_NOT_CONFIGURED = 9,
|
||||
DHCP6_STATUS_NOT_ALLOWED = 10,
|
||||
DHCP6_STATUS_QUERY_TERMINATED = 11,
|
||||
DHCP6_STATUS_DATA_MISSING = 12,
|
||||
DHCP6_STATUS_CATCHUP_COMPLETE = 13,
|
||||
DHCP6_STATUS_NOT_SUPPORTED = 14,
|
||||
DHCP6_STATUS_TLS_CONNECTION_REFUSED = 15,
|
||||
DHCP6_STATUS_ADDRESS_IN_USE = 16,
|
||||
DHCP6_STATUS_CONFIGURATION_CONFLICT = 17,
|
||||
DHCP6_STATUS_MISSING_BINDING_INFORMATION = 18,
|
||||
DHCP6_STATUS_OUTDATED_BINDING_INFORMATION = 19,
|
||||
DHCP6_STATUS_SERVER_SHUTTING_DOWN = 20,
|
||||
DHCP6_STATUS_DNS_UPDATE_NOT_SUPPORTED = 21,
|
||||
DHCP6_STATUS_EXCESSIVE_TIME_SKEW = 22,
|
||||
_DHCP6_STATUS_MAX = 23,
|
||||
_DHCP6_STATUS_MAX = 7,
|
||||
};
|
||||
|
||||
enum {
|
||||
|
|
|
@ -113,22 +113,6 @@ const char * dhcp6_message_status_table[_DHCP6_STATUS_MAX] = {
|
|||
[DHCP6_STATUS_NOT_ON_LINK] = "Not on link",
|
||||
[DHCP6_STATUS_USE_MULTICAST] = "Use multicast",
|
||||
[DHCP6_STATUS_NO_PREFIX_AVAIL] = "No prefix available",
|
||||
[DHCP6_STATUS_UNKNOWN_QUERY_TYPE] = "Unknown query type",
|
||||
[DHCP6_STATUS_MALFORMED_QUERY] = "Malformed query",
|
||||
[DHCP6_STATUS_NOT_CONFIGURED] = "Not configured",
|
||||
[DHCP6_STATUS_NOT_ALLOWED] = "Not allowed",
|
||||
[DHCP6_STATUS_QUERY_TERMINATED] = "Query terminated",
|
||||
[DHCP6_STATUS_DATA_MISSING] = "Data missing",
|
||||
[DHCP6_STATUS_CATCHUP_COMPLETE] = "Catch up complete",
|
||||
[DHCP6_STATUS_NOT_SUPPORTED] = "Not supported",
|
||||
[DHCP6_STATUS_TLS_CONNECTION_REFUSED] = "TLS connection refused",
|
||||
[DHCP6_STATUS_ADDRESS_IN_USE] = "Address in use",
|
||||
[DHCP6_STATUS_CONFIGURATION_CONFLICT] = "Configuration conflict",
|
||||
[DHCP6_STATUS_MISSING_BINDING_INFORMATION] = "Missing binding information",
|
||||
[DHCP6_STATUS_OUTDATED_BINDING_INFORMATION] = "Outdated binding information",
|
||||
[DHCP6_STATUS_SERVER_SHUTTING_DOWN] = "Server shutting down",
|
||||
[DHCP6_STATUS_DNS_UPDATE_NOT_SUPPORTED] = "DNS update not supported",
|
||||
[DHCP6_STATUS_EXCESSIVE_TIME_SKEW] = "Excessive time skew",
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(dhcp6_message_status, int);
|
||||
|
|
Loading…
Reference in New Issue