mirror of
https://github.com/systemd/systemd
synced 2025-11-11 21:04:46 +01:00
Compare commits
No commits in common. "380f0b0b5d479786b1c585326bd6f55d81de6d6a" and "307f904d6fae6c09f7f56b9ced8b4762a35b5fef" have entirely different histories.
380f0b0b5d
...
307f904d6f
2
.github/workflows/mkosi.yml
vendored
2
.github/workflows/mkosi.yml
vendored
@ -137,7 +137,7 @@ jobs:
|
|||||||
sanitizers: ""
|
sanitizers: ""
|
||||||
llvm: 0
|
llvm: 0
|
||||||
cflags: "-Og"
|
cflags: "-Og"
|
||||||
relabel: yes
|
relabel: no
|
||||||
vm: 0
|
vm: 0
|
||||||
no_qemu: 0
|
no_qemu: 0
|
||||||
no_kvm: 0
|
no_kvm: 0
|
||||||
|
|||||||
@ -63,11 +63,8 @@ NTP servers.
|
|||||||
|
|
||||||
## DNS Servers
|
## DNS Servers
|
||||||
|
|
||||||
By default, systemd-resolved uses Cloudflare, Google and Quad9 Public DNS servers
|
By default, systemd-resolved uses Cloudflare, Google, Quad9 and DNS0 Public DNS servers
|
||||||
`1.1.1.1`, `8.8.8.8`, `9.9.9.9`,
|
`1.1.1.1`, `8.8.8.8`, `9.9.9.9`, `193.110.81.0`, `1.0.0.1`, `8.8.4.4`, `149.112.112.112`, `185.253.5.0`, `2606:4700:4700::1111`, `2001:4860:4860::8888`, `2620:fe::fe`, `2a0f:fc80::`, `2606:4700:4700::1001`, `2001:4860:4860::8844`, `2620:fe::9`, `2a0f:fc81::`
|
||||||
`1.0.0.1`, `8.8.4.4`, `149.112.112.112`,
|
|
||||||
`2606:4700:4700::1111`, `2001:4860:4860::8888`, `2620:fe::fe`,
|
|
||||||
`2606:4700:4700::1001`, `2001:4860:4860::8844`, `2620:fe::9`
|
|
||||||
as fallback, if no other DNS configuration is available.
|
as fallback, if no other DNS configuration is available.
|
||||||
|
|
||||||
Use `-Ddns-servers=` to direct systemd-resolved to different fallback
|
Use `-Ddns-servers=` to direct systemd-resolved to different fallback
|
||||||
|
|||||||
@ -5,7 +5,6 @@
|
|||||||
#
|
#
|
||||||
# Match string formats:
|
# Match string formats:
|
||||||
# id-input:modalias:<modalias>
|
# id-input:modalias:<modalias>
|
||||||
# id-input:<bus>:v<vid>p<pid>:name:<name>:*
|
|
||||||
#
|
#
|
||||||
# To add local entries, create a new file
|
# To add local entries, create a new file
|
||||||
# /etc/udev/hwdb.d/61-input-id-local.hwdb
|
# /etc/udev/hwdb.d/61-input-id-local.hwdb
|
||||||
@ -48,20 +47,9 @@
|
|||||||
# id-input:modalias:input:b0003v1234pABCD*
|
# id-input:modalias:input:b0003v1234pABCD*
|
||||||
# ID_INPUT_TOUCHPAD=1
|
# ID_INPUT_TOUCHPAD=1
|
||||||
# ID_INPUT=1
|
# ID_INPUT=1
|
||||||
#
|
|
||||||
# id-input:usb:v12abp34cd:name:SomeVendor *:*
|
|
||||||
# ID_INPUT_TOUCHPAD=1
|
|
||||||
# ID_INPUT=1
|
|
||||||
#
|
|
||||||
# For technical reasons the hexadecimal vid/pid in the modalias match are
|
|
||||||
# uppercase but lowercase in the bus/vid/pid/name match.
|
|
||||||
|
|
||||||
# Sort by brand, model
|
# Sort by brand, model
|
||||||
|
|
||||||
# Any i2c device with a Mouse suffix in the name is not a pointing stick
|
|
||||||
id-input:i2c:*:name:*Mouse:
|
|
||||||
ID_INPUT_POINTINGSTICK=0
|
|
||||||
|
|
||||||
# Code Mercenaries Hard- und Software GmbH Virtual RC USB
|
# Code Mercenaries Hard- und Software GmbH Virtual RC USB
|
||||||
id-input:modalias:input:b0003v07C0p1125*
|
id-input:modalias:input:b0003v07C0p1125*
|
||||||
ID_INPUT_MOUSE=
|
ID_INPUT_MOUSE=
|
||||||
|
|||||||
@ -75,7 +75,7 @@ UDEV_TAG = Word(string.ascii_uppercase, alphanums + '_')
|
|||||||
TYPES = {'mouse': ('usb', 'bluetooth', 'ps2', '*'),
|
TYPES = {'mouse': ('usb', 'bluetooth', 'ps2', '*'),
|
||||||
'evdev': ('name', 'atkbd', 'input'),
|
'evdev': ('name', 'atkbd', 'input'),
|
||||||
'fb': ('pci', 'vmbus'),
|
'fb': ('pci', 'vmbus'),
|
||||||
'id-input': ('modalias', 'bluetooth', 'i2c', 'usb'),
|
'id-input': ('modalias'),
|
||||||
'touchpad': ('i8042', 'rmi', 'bluetooth', 'usb'),
|
'touchpad': ('i8042', 'rmi', 'bluetooth', 'usb'),
|
||||||
'joystick': ('i8042', 'rmi', 'bluetooth', 'usb'),
|
'joystick': ('i8042', 'rmi', 'bluetooth', 'usb'),
|
||||||
'keyboard': ('name', ),
|
'keyboard': ('name', ),
|
||||||
|
|||||||
@ -83,7 +83,7 @@
|
|||||||
|
|
||||||
<para>Capsule names may be chosen freely by the user, however, they must be suitable as UNIX filenames
|
<para>Capsule names may be chosen freely by the user, however, they must be suitable as UNIX filenames
|
||||||
(i.e. 255 characters max, and contain no <literal>/</literal>), and when prefixed with
|
(i.e. 255 characters max, and contain no <literal>/</literal>), and when prefixed with
|
||||||
<literal>c-</literal> be suitable as a user name matching strict POSIX rules, see <ulink
|
<literal>p-</literal> be suitable as a user name matching strict POSIX rules, see <ulink
|
||||||
url="https://systemd.io/USER_NAMES">User/Group Name Syntax</ulink> for details.</para>
|
url="https://systemd.io/USER_NAMES">User/Group Name Syntax</ulink> for details.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/>
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
||||||
|
|||||||
@ -346,6 +346,7 @@ $ ukify build \
|
|||||||
<programlisting># systemd-cryptenroll --tpm2-device=auto \
|
<programlisting># systemd-cryptenroll --tpm2-device=auto \
|
||||||
--tpm2-public-key=tpm2-pcr-public-key.pem \
|
--tpm2-public-key=tpm2-pcr-public-key.pem \
|
||||||
--tpm2-signature=tpm2-pcr-signature.json \
|
--tpm2-signature=tpm2-pcr-signature.json \
|
||||||
|
--tpm2-pcrs="" \
|
||||||
/dev/sda5</programlisting>
|
/dev/sda5</programlisting>
|
||||||
|
|
||||||
<para>And then unlock the device with the signature:</para>
|
<para>And then unlock the device with the signature:</para>
|
||||||
|
|||||||
@ -4351,7 +4351,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
|
|||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry><literal>exec-condition</literal></entry>
|
<entry><literal>exec-condition</literal></entry>
|
||||||
<entry>Service did not run because <varname>ExecCondition=</varname> failed (that is its command exited with an exit status of 1 through 254 (inclusive)).</entry>
|
<entry>Service did not run because <varname>ExecCondition=</varname> failed.</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry><literal>oom-kill</literal></entry>
|
<entry><literal>oom-kill</literal></entry>
|
||||||
|
|||||||
@ -367,7 +367,7 @@ option('dns-over-tls', type : 'combo', choices : ['auto', 'gnutls', 'openssl', '
|
|||||||
description : 'DNS-over-TLS support')
|
description : 'DNS-over-TLS support')
|
||||||
option('dns-servers', type : 'string',
|
option('dns-servers', type : 'string',
|
||||||
description : 'space-separated list of default DNS servers',
|
description : 'space-separated list of default DNS servers',
|
||||||
value : '1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 9.9.9.9#dns.quad9.net 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 149.112.112.112#dns.quad9.net 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2620:fe::fe#dns.quad9.net 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google 2620:fe::9#dns.quad9.net')
|
value : '1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 9.9.9.9#dns.quad9.net 193.110.81.0#dns0.eu 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 149.112.112.112#dns.quad9.net 185.253.5.0#dns0.eu 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2620:fe::fe#dns.quad9.net 2a0f:fc80::#dns0.eu 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google 2620:fe::9#dns.quad9.net 2a0f:fc81::#dns0.eu')
|
||||||
option('ntp-servers', type : 'string',
|
option('ntp-servers', type : 'string',
|
||||||
description : 'space-separated list of default NTP servers',
|
description : 'space-separated list of default NTP servers',
|
||||||
value : 'time1.google.com time2.google.com time3.google.com time4.google.com')
|
value : 'time1.google.com time2.google.com time3.google.com time4.google.com')
|
||||||
|
|||||||
@ -13,4 +13,4 @@ ACTION!="remove", SUBSYSTEM=="block", \
|
|||||||
OPTIONS+="watch"
|
OPTIONS+="watch"
|
||||||
|
|
||||||
# Reset access rights to each loopback device once it gets detached.
|
# Reset access rights to each loopback device once it gets detached.
|
||||||
ACTION=="change", SUBSYSTEM=="block", KERNEL=="loop*", ENV{DISK_MEDIA_CHANGE}=="1", TEST!="loop/backing_file", GROUP="disk", MODE="660"
|
SUBSYSTEM=="block", ACTION=="change", ENV{DISK_MEDIA_CHANGE}=="1", TEST!="loop/backing_file", GROUP="disk", MODE="660"
|
||||||
|
|||||||
@ -5,15 +5,4 @@ ACTION=="remove", GOTO="id_input_end"
|
|||||||
SUBSYSTEM=="input", ENV{ID_INPUT}=="", IMPORT{builtin}="input_id"
|
SUBSYSTEM=="input", ENV{ID_INPUT}=="", IMPORT{builtin}="input_id"
|
||||||
SUBSYSTEM=="input", IMPORT{builtin}="hwdb --subsystem=input --lookup-prefix=id-input:modalias:"
|
SUBSYSTEM=="input", IMPORT{builtin}="hwdb --subsystem=input --lookup-prefix=id-input:modalias:"
|
||||||
|
|
||||||
# id-input:<bus>:v<vid>p<pid>:name:<name>:*
|
|
||||||
KERNELS=="input*", ATTRS{id/bustype}=="0003", \
|
|
||||||
IMPORT{builtin}="hwdb 'id-input:usb:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:'", \
|
|
||||||
GOTO="id_input_end"
|
|
||||||
KERNELS=="input*", ATTRS{id/bustype}=="0005", \
|
|
||||||
IMPORT{builtin}="hwdb 'id-input:bluetooth:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:'", \
|
|
||||||
GOTO="id_input_end"
|
|
||||||
KERNELS=="input*", ATTRS{id/bustype}=="0018", \
|
|
||||||
IMPORT{builtin}="hwdb 'id-input:i2c:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:'", \
|
|
||||||
GOTO="id_input_end"
|
|
||||||
|
|
||||||
LABEL="id_input_end"
|
LABEL="id_input_end"
|
||||||
|
|||||||
@ -4,13 +4,40 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
#include "assert-util.h"
|
#include "assert-util.h"
|
||||||
|
#include "env-util.h"
|
||||||
#include "errno-util.h"
|
#include "errno-util.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
|
||||||
|
static bool assert_return_is_critical = BUILD_MODE_DEVELOPER;
|
||||||
|
|
||||||
/* Akin to glibc's __abort_msg; which is private and we hence cannot
|
/* Akin to glibc's __abort_msg; which is private and we hence cannot
|
||||||
* use here. */
|
* use here. */
|
||||||
static char *log_abort_msg = NULL;
|
static char *log_abort_msg = NULL;
|
||||||
|
|
||||||
|
void log_set_assert_return_is_critical(bool b) {
|
||||||
|
assert_return_is_critical = b;
|
||||||
|
}
|
||||||
|
|
||||||
|
void log_set_assert_return_is_critical_from_env(void) {
|
||||||
|
static int cached = INT_MIN;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
if (cached == INT_MIN) {
|
||||||
|
r = secure_getenv_bool("SYSTEMD_ASSERT_RETURN_IS_CRITICAL");
|
||||||
|
if (r < 0 && r != -ENXIO)
|
||||||
|
log_debug_errno(r, "Failed to parse $SYSTEMD_ASSERT_RETURN_IS_CRITICAL, ignoring: %m");
|
||||||
|
|
||||||
|
cached = r;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cached >= 0)
|
||||||
|
log_set_assert_return_is_critical(cached);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool log_get_assert_return_is_critical(void) {
|
||||||
|
return assert_return_is_critical;
|
||||||
|
}
|
||||||
|
|
||||||
static void log_assert(
|
static void log_assert(
|
||||||
int level,
|
int level,
|
||||||
const char *text,
|
const char *text,
|
||||||
@ -46,8 +73,8 @@ _noreturn_ void log_assert_failed_unreachable(const char *file, int line, const
|
|||||||
}
|
}
|
||||||
|
|
||||||
void log_assert_failed_return(const char *text, const char *file, int line, const char *func) {
|
void log_assert_failed_return(const char *text, const char *file, int line, const char *func) {
|
||||||
/* log_get_assert_return_is_critical is a weak symbol. It may be NULL. */
|
|
||||||
if (log_get_assert_return_is_critical && log_get_assert_return_is_critical())
|
if (assert_return_is_critical)
|
||||||
log_assert_failed(text, file, line, func);
|
log_assert_failed(text, file, line, func);
|
||||||
|
|
||||||
PROTECT_ERRNO;
|
PROTECT_ERRNO;
|
||||||
|
|||||||
@ -5,7 +5,9 @@
|
|||||||
|
|
||||||
/* Logging for various assertions */
|
/* Logging for various assertions */
|
||||||
|
|
||||||
bool log_get_assert_return_is_critical(void) _weak_ _pure_;
|
void log_set_assert_return_is_critical(bool b);
|
||||||
|
void log_set_assert_return_is_critical_from_env(void);
|
||||||
|
bool log_get_assert_return_is_critical(void) _pure_;
|
||||||
|
|
||||||
void log_assert_failed_return(const char *text, const char *file, int line, const char *func);
|
void log_assert_failed_return(const char *text, const char *file, int line, const char *func);
|
||||||
|
|
||||||
|
|||||||
@ -164,8 +164,9 @@ int efi_get_variable(
|
|||||||
}
|
}
|
||||||
|
|
||||||
int efi_get_variable_string(const char *variable, char **ret) {
|
int efi_get_variable_string(const char *variable, char **ret) {
|
||||||
_cleanup_free_ void *s = NULL, *x = NULL;
|
_cleanup_free_ void *s = NULL;
|
||||||
size_t ss = 0;
|
size_t ss = 0;
|
||||||
|
char *x;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(variable);
|
assert(variable);
|
||||||
@ -179,7 +180,7 @@ int efi_get_variable_string(const char *variable, char **ret) {
|
|||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
if (ret)
|
if (ret)
|
||||||
*ret = TAKE_PTR(x);
|
*ret = x;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -22,6 +22,6 @@ static struct mempool pool_name = { \
|
|||||||
.at_least = alloc_at_least, \
|
.at_least = alloc_at_least, \
|
||||||
}
|
}
|
||||||
|
|
||||||
bool mempool_enabled(void) _weak_ _pure_;
|
__attribute__((weak)) bool mempool_enabled(void);
|
||||||
|
|
||||||
void mempool_trim(struct mempool *mp);
|
void mempool_trim(struct mempool *mp);
|
||||||
|
|||||||
@ -1518,40 +1518,30 @@ int path_glob_can_match(const char *pattern, const char *prefix, char **ret) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if HAVE_SPLIT_BIN
|
|
||||||
static bool dir_is_split(const char *a, const char *b) {
|
|
||||||
int r;
|
|
||||||
|
|
||||||
r = inode_same(a, b, AT_NO_AUTOMOUNT);
|
|
||||||
if (r < 0 && r != -ENOENT) {
|
|
||||||
log_debug_errno(r, "Failed to compare \"%s\" and \"%s\", assuming split directories: %m", a, b);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return r == 0;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
const char* default_PATH(void) {
|
const char* default_PATH(void) {
|
||||||
#if HAVE_SPLIT_BIN
|
#if HAVE_SPLIT_BIN
|
||||||
static const char *default_path = NULL;
|
static int split = -1;
|
||||||
|
int r;
|
||||||
|
|
||||||
/* Return one of the three sets of paths:
|
/* Check whether /usr/sbin is not a symlink and return the appropriate $PATH.
|
||||||
* a) split /usr/s?bin, /usr/local/sbin doesn't matter.
|
* On error fall back to the safe value with both directories as configured… */
|
||||||
* b) merged /usr/s?bin, /usr/sbin is a symlink, but /usr/local/sbin is not,
|
|
||||||
* c) fully merged, neither /usr/sbin nor /usr/local/sbin are symlinks,
|
|
||||||
*
|
|
||||||
* On error the fallback to the safe value with both directories as configured is returned.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (default_path)
|
if (split < 0)
|
||||||
return default_path;
|
STRV_FOREACH_PAIR(bin, sbin, STRV_MAKE("/usr/bin", "/usr/sbin",
|
||||||
|
"/usr/local/bin", "/usr/local/sbin")) {
|
||||||
if (dir_is_split("/usr/sbin", "/usr/bin"))
|
r = inode_same(*bin, *sbin, AT_NO_AUTOMOUNT);
|
||||||
return (default_path = DEFAULT_PATH_WITH_FULL_SBIN); /* a */
|
if (r > 0 || r == -ENOENT)
|
||||||
if (dir_is_split("/usr/local/sbin", "/usr/local/bin"))
|
continue;
|
||||||
return (default_path = DEFAULT_PATH_WITH_LOCAL_SBIN); /* b */
|
if (r < 0)
|
||||||
return (default_path = DEFAULT_PATH_WITHOUT_SBIN); /* c */
|
log_debug_errno(r, "Failed to compare \"%s\" and \"%s\", using compat $PATH: %m",
|
||||||
#else
|
*bin, *sbin);
|
||||||
return DEFAULT_PATH_WITHOUT_SBIN;
|
split = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (split < 0)
|
||||||
|
split = false;
|
||||||
|
if (split)
|
||||||
|
return DEFAULT_PATH_WITH_SBIN;
|
||||||
#endif
|
#endif
|
||||||
|
return DEFAULT_PATH_WITHOUT_SBIN;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -9,11 +9,10 @@
|
|||||||
#define PATH_MERGED_BIN(x) x "bin"
|
#define PATH_MERGED_BIN(x) x "bin"
|
||||||
#define PATH_MERGED_BIN_NULSTR(x) x "bin\0"
|
#define PATH_MERGED_BIN_NULSTR(x) x "bin\0"
|
||||||
|
|
||||||
#define DEFAULT_PATH_WITH_FULL_SBIN PATH_SPLIT_BIN("/usr/local/") ":" PATH_SPLIT_BIN("/usr/")
|
#define DEFAULT_PATH_WITH_SBIN PATH_SPLIT_BIN("/usr/local/") ":" PATH_SPLIT_BIN("/usr/")
|
||||||
#define DEFAULT_PATH_WITH_LOCAL_SBIN PATH_SPLIT_BIN("/usr/local/") ":" PATH_MERGED_BIN("/usr/")
|
|
||||||
#define DEFAULT_PATH_WITHOUT_SBIN PATH_MERGED_BIN("/usr/local/") ":" PATH_MERGED_BIN("/usr/")
|
#define DEFAULT_PATH_WITHOUT_SBIN PATH_MERGED_BIN("/usr/local/") ":" PATH_MERGED_BIN("/usr/")
|
||||||
|
|
||||||
#define DEFAULT_PATH_COMPAT DEFAULT_PATH_WITH_FULL_SBIN ":" PATH_SPLIT_BIN("/")
|
#define DEFAULT_PATH_COMPAT PATH_SPLIT_BIN("/usr/local/") ":" PATH_SPLIT_BIN("/usr/") ":" PATH_SPLIT_BIN("/")
|
||||||
|
|
||||||
const char* default_PATH(void);
|
const char* default_PATH(void);
|
||||||
|
|
||||||
|
|||||||
@ -144,16 +144,6 @@ FreezerState freezer_state_finish(FreezerState state) {
|
|||||||
return freezer_state_finish_table[state];
|
return freezer_state_finish_table[state];
|
||||||
}
|
}
|
||||||
|
|
||||||
FreezerState freezer_state_objective(FreezerState state) {
|
|
||||||
FreezerState objective;
|
|
||||||
|
|
||||||
objective = freezer_state_finish(state);
|
|
||||||
if (objective == FREEZER_FROZEN_BY_PARENT)
|
|
||||||
objective = FREEZER_FROZEN;
|
|
||||||
|
|
||||||
return objective;
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* const unit_marker_table[_UNIT_MARKER_MAX] = {
|
static const char* const unit_marker_table[_UNIT_MARKER_MAX] = {
|
||||||
[UNIT_MARKER_NEEDS_RELOAD] = "needs-reload",
|
[UNIT_MARKER_NEEDS_RELOAD] = "needs-reload",
|
||||||
[UNIT_MARKER_NEEDS_RESTART] = "needs-restart",
|
[UNIT_MARKER_NEEDS_RESTART] = "needs-restart",
|
||||||
|
|||||||
@ -325,7 +325,6 @@ UnitActiveState unit_active_state_from_string(const char *s) _pure_;
|
|||||||
const char* freezer_state_to_string(FreezerState i) _const_;
|
const char* freezer_state_to_string(FreezerState i) _const_;
|
||||||
FreezerState freezer_state_from_string(const char *s) _pure_;
|
FreezerState freezer_state_from_string(const char *s) _pure_;
|
||||||
FreezerState freezer_state_finish(FreezerState i) _const_;
|
FreezerState freezer_state_finish(FreezerState i) _const_;
|
||||||
FreezerState freezer_state_objective(FreezerState state) _const_;
|
|
||||||
|
|
||||||
const char* unit_marker_to_string(UnitMarker m) _const_;
|
const char* unit_marker_to_string(UnitMarker m) _const_;
|
||||||
UnitMarker unit_marker_from_string(const char *s) _pure_;
|
UnitMarker unit_marker_from_string(const char *s) _pure_;
|
||||||
|
|||||||
@ -114,20 +114,12 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'u':
|
case 'u':
|
||||||
if (arg_show_unit == SHOW_UNIT_USER)
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
|
||||||
"Cannot combine --unit with --user-unit.");
|
|
||||||
|
|
||||||
arg_show_unit = SHOW_UNIT_SYSTEM;
|
arg_show_unit = SHOW_UNIT_SYSTEM;
|
||||||
if (strv_push(&arg_names, optarg) < 0) /* push optarg if not empty */
|
if (strv_push(&arg_names, optarg) < 0) /* push optarg if not empty */
|
||||||
return log_oom();
|
return log_oom();
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_USER_UNIT:
|
case ARG_USER_UNIT:
|
||||||
if (arg_show_unit == SHOW_UNIT_SYSTEM)
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
|
||||||
"Cannot combine --user-unit with --unit.");
|
|
||||||
|
|
||||||
arg_show_unit = SHOW_UNIT_USER;
|
arg_show_unit = SHOW_UNIT_USER;
|
||||||
if (strv_push(&arg_names, optarg) < 0) /* push optarg if not empty */
|
if (strv_push(&arg_names, optarg) < 0) /* push optarg if not empty */
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
|||||||
@ -905,16 +905,8 @@ static int get_supplementary_groups(
|
|||||||
bool keep_groups = false;
|
bool keep_groups = false;
|
||||||
if (user && gid_is_valid(gid) && gid != 0) {
|
if (user && gid_is_valid(gid) && gid != 0) {
|
||||||
/* First step, initialize groups from /etc/groups */
|
/* First step, initialize groups from /etc/groups */
|
||||||
if (initgroups(user, gid) < 0) {
|
if (initgroups(user, gid) < 0)
|
||||||
/* If our primary gid is already the one specified in Group= (i.e. we're running in
|
return -errno;
|
||||||
* user mode), gracefully handle the case where we have no privilege to re-initgroups().
|
|
||||||
*
|
|
||||||
* Note that group memberships of the current user might have been modified, but
|
|
||||||
* the change will only take effect after re-login. It's better to continue on with
|
|
||||||
* existing credentials rather than erroring out. */
|
|
||||||
if (!ERRNO_IS_PRIVILEGE(errno) || gid != getgid())
|
|
||||||
return -errno;
|
|
||||||
}
|
|
||||||
|
|
||||||
keep_groups = true;
|
keep_groups = true;
|
||||||
}
|
}
|
||||||
@ -1238,11 +1230,6 @@ static int exec_context_get_tty_for_pam(const ExecContext *context, char **ret)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!IN_SET(context->std_input, EXEC_INPUT_TTY, EXEC_INPUT_TTY_FAIL, EXEC_INPUT_TTY_FORCE)) {
|
|
||||||
*ret = NULL;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Next, let's try to use the TTY specified in TTYPath=. */
|
/* Next, let's try to use the TTY specified in TTYPath=. */
|
||||||
const char *t = exec_context_tty_path(context);
|
const char *t = exec_context_tty_path(context);
|
||||||
if (!t) {
|
if (!t) {
|
||||||
@ -4482,12 +4469,6 @@ static void log_command_line(
|
|||||||
|
|
||||||
static bool exec_needs_cap_sys_admin(const ExecContext *context, const ExecParameters *params) {
|
static bool exec_needs_cap_sys_admin(const ExecContext *context, const ExecParameters *params) {
|
||||||
assert(context);
|
assert(context);
|
||||||
assert(params);
|
|
||||||
|
|
||||||
/* We only want to ever imply PrivateUsers= for user managers, as they're not expected to setuid() to
|
|
||||||
* other users, unlike the system manager which needs all users to be around. */
|
|
||||||
if (params->runtime_scope != RUNTIME_SCOPE_USER)
|
|
||||||
return false;
|
|
||||||
|
|
||||||
return context->private_users != PRIVATE_USERS_NO ||
|
return context->private_users != PRIVATE_USERS_NO ||
|
||||||
context->private_tmp != PRIVATE_TMP_NO ||
|
context->private_tmp != PRIVATE_TMP_NO ||
|
||||||
|
|||||||
@ -1390,7 +1390,6 @@ static int mount_start(Unit *u) {
|
|||||||
|
|
||||||
static int mount_stop(Unit *u) {
|
static int mount_stop(Unit *u) {
|
||||||
Mount *m = ASSERT_PTR(MOUNT(u));
|
Mount *m = ASSERT_PTR(MOUNT(u));
|
||||||
int r;
|
|
||||||
|
|
||||||
switch (m->state) {
|
switch (m->state) {
|
||||||
|
|
||||||
@ -1402,22 +1401,21 @@ static int mount_stop(Unit *u) {
|
|||||||
|
|
||||||
case MOUNT_MOUNTING:
|
case MOUNT_MOUNTING:
|
||||||
case MOUNT_MOUNTING_DONE:
|
case MOUNT_MOUNTING_DONE:
|
||||||
|
case MOUNT_REMOUNTING:
|
||||||
/* If we are still waiting for /bin/mount, we go directly into kill mode. */
|
/* If we are still waiting for /bin/mount, we go directly into kill mode. */
|
||||||
mount_enter_signal(m, MOUNT_UNMOUNTING_SIGTERM, MOUNT_SUCCESS);
|
mount_enter_signal(m, MOUNT_UNMOUNTING_SIGTERM, MOUNT_SUCCESS);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
case MOUNT_REMOUNTING:
|
|
||||||
case MOUNT_REMOUNTING_SIGTERM:
|
case MOUNT_REMOUNTING_SIGTERM:
|
||||||
assert(pidref_is_set(&m->control_pid));
|
/* If we are already waiting for a hung remount, convert this to the matching unmounting state */
|
||||||
|
mount_set_state(m, MOUNT_UNMOUNTING_SIGTERM);
|
||||||
|
return 0;
|
||||||
|
|
||||||
r = pidref_kill_and_sigcont(&m->control_pid, SIGKILL);
|
|
||||||
if (r < 0)
|
|
||||||
log_unit_debug_errno(u, r,
|
|
||||||
"Failed to kill remount process " PID_FMT ", ignoring: %m",
|
|
||||||
m->control_pid.pid);
|
|
||||||
|
|
||||||
_fallthrough_;
|
|
||||||
case MOUNT_REMOUNTING_SIGKILL:
|
case MOUNT_REMOUNTING_SIGKILL:
|
||||||
|
/* as above */
|
||||||
|
mount_set_state(m, MOUNT_UNMOUNTING_SIGKILL);
|
||||||
|
return 0;
|
||||||
|
|
||||||
case MOUNT_MOUNTED:
|
case MOUNT_MOUNTED:
|
||||||
mount_enter_unmounting(m);
|
mount_enter_unmounting(m);
|
||||||
return 1;
|
return 1;
|
||||||
@ -2406,6 +2404,7 @@ char* mount_get_where_escaped(const Mount *m) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
char* mount_get_what_escaped(const Mount *m) {
|
char* mount_get_what_escaped(const Mount *m) {
|
||||||
|
_cleanup_free_ char *escaped = NULL;
|
||||||
const char *s = NULL;
|
const char *s = NULL;
|
||||||
|
|
||||||
assert(m);
|
assert(m);
|
||||||
@ -2414,10 +2413,14 @@ char* mount_get_what_escaped(const Mount *m) {
|
|||||||
s = m->parameters_proc_self_mountinfo.what;
|
s = m->parameters_proc_self_mountinfo.what;
|
||||||
else if (m->from_fragment && m->parameters_fragment.what)
|
else if (m->from_fragment && m->parameters_fragment.what)
|
||||||
s = m->parameters_fragment.what;
|
s = m->parameters_fragment.what;
|
||||||
if (!s)
|
|
||||||
return strdup("");
|
|
||||||
|
|
||||||
return utf8_escape_invalid(s);
|
if (s) {
|
||||||
|
escaped = utf8_escape_invalid(s);
|
||||||
|
if (!escaped)
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
return escaped ? TAKE_PTR(escaped) : strdup("");
|
||||||
}
|
}
|
||||||
|
|
||||||
char* mount_get_options_escaped(const Mount *m) {
|
char* mount_get_options_escaped(const Mount *m) {
|
||||||
|
|||||||
@ -366,18 +366,6 @@
|
|||||||
send_interface="org.freedesktop.systemd1.Manager"
|
send_interface="org.freedesktop.systemd1.Manager"
|
||||||
send_member="SetShowStatus"/>
|
send_member="SetShowStatus"/>
|
||||||
|
|
||||||
<allow send_destination="org.freedesktop.systemd1"
|
|
||||||
send_interface="org.freedesktop.systemd1.Manager"
|
|
||||||
send_member="SetEnvironment"/>
|
|
||||||
|
|
||||||
<allow send_destination="org.freedesktop.systemd1"
|
|
||||||
send_interface="org.freedesktop.systemd1.Manager"
|
|
||||||
send_member="UnsetEnvironment"/>
|
|
||||||
|
|
||||||
<allow send_destination="org.freedesktop.systemd1"
|
|
||||||
send_interface="org.freedesktop.systemd1.Manager"
|
|
||||||
send_member="UnsetAndSetEnvironment"/>
|
|
||||||
|
|
||||||
<!-- Managed via polkit or other criteria: org.freedesktop.systemd1.Job interface -->
|
<!-- Managed via polkit or other criteria: org.freedesktop.systemd1.Job interface -->
|
||||||
|
|
||||||
<allow send_destination="org.freedesktop.systemd1"
|
<allow send_destination="org.freedesktop.systemd1"
|
||||||
|
|||||||
@ -414,7 +414,7 @@ static void service_extend_timeout(Service *s, usec_t extend_timeout_usec) {
|
|||||||
static void service_reset_watchdog(Service *s) {
|
static void service_reset_watchdog(Service *s) {
|
||||||
assert(s);
|
assert(s);
|
||||||
|
|
||||||
if (freezer_state_objective(UNIT(s)->freezer_state) != FREEZER_RUNNING) {
|
if (freezer_state_finish(UNIT(s)->freezer_state) != FREEZER_RUNNING) {
|
||||||
log_unit_debug(UNIT(s), "Service is currently %s, skipping resetting watchdog.",
|
log_unit_debug(UNIT(s), "Service is currently %s, skipping resetting watchdog.",
|
||||||
freezer_state_to_string(UNIT(s)->freezer_state));
|
freezer_state_to_string(UNIT(s)->freezer_state));
|
||||||
return;
|
return;
|
||||||
@ -1425,7 +1425,7 @@ static int service_coldplug(Unit *u) {
|
|||||||
(void) unit_setup_exec_runtime(u);
|
(void) unit_setup_exec_runtime(u);
|
||||||
|
|
||||||
if (IN_SET(s->deserialized_state, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS, SERVICE_MOUNTING) &&
|
if (IN_SET(s->deserialized_state, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS, SERVICE_MOUNTING) &&
|
||||||
freezer_state_objective(u->freezer_state) == FREEZER_RUNNING)
|
freezer_state_finish(u->freezer_state) == FREEZER_RUNNING)
|
||||||
service_start_watchdog(s);
|
service_start_watchdog(s);
|
||||||
|
|
||||||
if (UNIT_ISSET(s->accept_socket)) {
|
if (UNIT_ISSET(s->accept_socket)) {
|
||||||
@ -5643,33 +5643,18 @@ int service_determine_exec_selinux_label(Service *s, char **ret) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int service_freezer_action(Unit *u, FreezerAction action) {
|
static int service_cgroup_freezer_action(Unit *u, FreezerAction action) {
|
||||||
Service *s = ASSERT_PTR(SERVICE(u));
|
Service *s = ASSERT_PTR(SERVICE(u));
|
||||||
FreezerState old_objective, new_objective;
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
old_objective = freezer_state_objective(u->freezer_state);
|
|
||||||
|
|
||||||
r = unit_cgroup_freezer_action(u, action);
|
r = unit_cgroup_freezer_action(u, action);
|
||||||
if (r < 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
new_objective = freezer_state_objective(u->freezer_state);
|
if (action == FREEZER_FREEZE)
|
||||||
|
service_stop_watchdog(s);
|
||||||
/* Note that we cannot trivially check the retval of unit_cgroup_freezer_action() here, since
|
else if (action == FREEZER_THAW)
|
||||||
* that signals whether the operation is ongoing from *kernel's PoV*. If the freeze operation
|
service_reset_watchdog(s);
|
||||||
* is aborted, the frozen attribute of the cgroup would never have been flipped in kernel,
|
|
||||||
* and unit_cgroup_freezer_action() will happily return 0, yet the watchdog still needs to be reset;
|
|
||||||
* vice versa. */
|
|
||||||
|
|
||||||
if (old_objective != new_objective) {
|
|
||||||
if (new_objective == FREEZER_FROZEN)
|
|
||||||
service_stop_watchdog(s);
|
|
||||||
else if (new_objective == FREEZER_RUNNING)
|
|
||||||
service_reset_watchdog(s);
|
|
||||||
else
|
|
||||||
assert_not_reached();
|
|
||||||
}
|
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
@ -5811,7 +5796,7 @@ const UnitVTable service_vtable = {
|
|||||||
.live_mount = service_live_mount,
|
.live_mount = service_live_mount,
|
||||||
.can_live_mount = service_can_live_mount,
|
.can_live_mount = service_can_live_mount,
|
||||||
|
|
||||||
.freezer_action = service_freezer_action,
|
.freezer_action = service_cgroup_freezer_action,
|
||||||
|
|
||||||
.serialize = service_serialize,
|
.serialize = service_serialize,
|
||||||
.deserialize_item = service_deserialize_item,
|
.deserialize_item = service_deserialize_item,
|
||||||
|
|||||||
@ -392,8 +392,7 @@ static void timer_enter_waiting(Timer *t, bool time_change) {
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (v->base == TIMER_CALENDAR) {
|
if (v->base == TIMER_CALENDAR) {
|
||||||
bool rebase_after_boot_time = false;
|
usec_t b, rebased, random_offset = 0;
|
||||||
usec_t b, random_offset = 0;
|
|
||||||
|
|
||||||
if (t->random_offset_usec != 0)
|
if (t->random_offset_usec != 0)
|
||||||
random_offset = timer_get_fixed_delay_hash(t) % t->random_offset_usec;
|
random_offset = timer_get_fixed_delay_hash(t) % t->random_offset_usec;
|
||||||
@ -418,10 +417,8 @@ static void timer_enter_waiting(Timer *t, bool time_change) {
|
|||||||
b = t->last_trigger.realtime;
|
b = t->last_trigger.realtime;
|
||||||
else if (dual_timestamp_is_set(&UNIT(t)->inactive_exit_timestamp))
|
else if (dual_timestamp_is_set(&UNIT(t)->inactive_exit_timestamp))
|
||||||
b = UNIT(t)->inactive_exit_timestamp.realtime - random_offset;
|
b = UNIT(t)->inactive_exit_timestamp.realtime - random_offset;
|
||||||
else {
|
else
|
||||||
b = ts.realtime - random_offset;
|
b = ts.realtime - random_offset;
|
||||||
rebase_after_boot_time = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = calendar_spec_next_usec(v->calendar_spec, b, &v->next_elapse);
|
r = calendar_spec_next_usec(v->calendar_spec, b, &v->next_elapse);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@ -429,16 +426,14 @@ static void timer_enter_waiting(Timer *t, bool time_change) {
|
|||||||
|
|
||||||
v->next_elapse += random_offset;
|
v->next_elapse += random_offset;
|
||||||
|
|
||||||
if (rebase_after_boot_time) {
|
/* To make the delay due to RandomizedDelaySec= work even at boot, if the scheduled
|
||||||
/* To make the delay due to RandomizedDelaySec= work even at boot, if the scheduled
|
* time has already passed, set the time when systemd first started as the scheduled
|
||||||
* time has already passed, set the time when systemd first started as the scheduled
|
* time. Note that we base this on the monotonic timestamp of the boot, not the
|
||||||
* time. Note that we base this on the monotonic timestamp of the boot, not the
|
* realtime one, since the wallclock might have been off during boot. */
|
||||||
* realtime one, since the wallclock might have been off during boot. */
|
rebased = map_clock_usec(UNIT(t)->manager->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic,
|
||||||
usec_t rebased = map_clock_usec(UNIT(t)->manager->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic,
|
CLOCK_MONOTONIC, CLOCK_REALTIME);
|
||||||
CLOCK_MONOTONIC, CLOCK_REALTIME);
|
if (v->next_elapse < rebased)
|
||||||
if (v->next_elapse < rebased)
|
v->next_elapse = rebased;
|
||||||
v->next_elapse = rebased;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!found_realtime)
|
if (!found_realtime)
|
||||||
t->next_elapse_realtime = v->next_elapse;
|
t->next_elapse_realtime = v->next_elapse;
|
||||||
|
|||||||
@ -6436,7 +6436,9 @@ void unit_next_freezer_state(Unit *u, FreezerAction action, FreezerState *ret_ne
|
|||||||
assert_not_reached();
|
assert_not_reached();
|
||||||
}
|
}
|
||||||
|
|
||||||
objective = freezer_state_objective(next);
|
objective = freezer_state_finish(next);
|
||||||
|
if (objective == FREEZER_FROZEN_BY_PARENT)
|
||||||
|
objective = FREEZER_FROZEN;
|
||||||
assert(IN_SET(objective, FREEZER_RUNNING, FREEZER_FROZEN));
|
assert(IN_SET(objective, FREEZER_RUNNING, FREEZER_FROZEN));
|
||||||
|
|
||||||
*ret_next = next;
|
*ret_next = next;
|
||||||
|
|||||||
@ -1294,7 +1294,7 @@ static int send_iovec(const struct iovec_wrapper *iovw, int input_fd, PidRef *pi
|
|||||||
if (sendmsg(fd, &mh, MSG_NOSIGNAL) >= 0)
|
if (sendmsg(fd, &mh, MSG_NOSIGNAL) >= 0)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (IN_SET(errno, EMSGSIZE, ENOBUFS) && mh.msg_iov[0].iov_len > 0) {
|
if (errno == EMSGSIZE && mh.msg_iov[0].iov_len > 0) {
|
||||||
/* This field didn't fit? That's a pity. Given that this is
|
/* This field didn't fit? That's a pity. Given that this is
|
||||||
* just metadata, let's truncate the field at half, and try
|
* just metadata, let's truncate the field at half, and try
|
||||||
* again. We append three dots, in order to show that this is
|
* again. We append three dots, in order to show that this is
|
||||||
|
|||||||
@ -543,7 +543,7 @@ static int resolve_filename(const char *root, char **p) {
|
|||||||
static int print_list(FILE* file, sd_journal *j, Table *t) {
|
static int print_list(FILE* file, sd_journal *j, Table *t) {
|
||||||
_cleanup_free_ char
|
_cleanup_free_ char
|
||||||
*mid = NULL, *pid = NULL, *uid = NULL, *gid = NULL,
|
*mid = NULL, *pid = NULL, *uid = NULL, *gid = NULL,
|
||||||
*sgnl = NULL, *exe = NULL, *comm = NULL,
|
*sgnl = NULL, *exe = NULL, *comm = NULL, *cmdline = NULL,
|
||||||
*filename = NULL, *truncated = NULL, *coredump = NULL;
|
*filename = NULL, *truncated = NULL, *coredump = NULL;
|
||||||
const void *d;
|
const void *d;
|
||||||
size_t l;
|
size_t l;
|
||||||
@ -568,16 +568,14 @@ static int print_list(FILE* file, sd_journal *j, Table *t) {
|
|||||||
RETRIEVE(d, l, "COREDUMP_SIGNAL", sgnl);
|
RETRIEVE(d, l, "COREDUMP_SIGNAL", sgnl);
|
||||||
RETRIEVE(d, l, "COREDUMP_EXE", exe);
|
RETRIEVE(d, l, "COREDUMP_EXE", exe);
|
||||||
RETRIEVE(d, l, "COREDUMP_COMM", comm);
|
RETRIEVE(d, l, "COREDUMP_COMM", comm);
|
||||||
|
RETRIEVE(d, l, "COREDUMP_CMDLINE", cmdline);
|
||||||
RETRIEVE(d, l, "COREDUMP_FILENAME", filename);
|
RETRIEVE(d, l, "COREDUMP_FILENAME", filename);
|
||||||
RETRIEVE(d, l, "COREDUMP_TRUNCATED", truncated);
|
RETRIEVE(d, l, "COREDUMP_TRUNCATED", truncated);
|
||||||
RETRIEVE(d, l, "COREDUMP", coredump);
|
RETRIEVE(d, l, "COREDUMP", coredump);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!pid || !uid || !gid || !sgnl || !comm) {
|
if (!pid && !uid && !gid && !sgnl && !exe && !comm && !cmdline && !filename)
|
||||||
log_warning("Found a coredump entry without mandatory fields (PID=%s, UID=%s, GID=%s, SIGNAL=%s, COMM=%s), ignoring.",
|
return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Empty coredump log entry");
|
||||||
strna(pid), strna(uid), strna(gid), strna(sgnl), strna(comm));
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
(void) parse_uid(uid, &uid_as_int);
|
(void) parse_uid(uid, &uid_as_int);
|
||||||
(void) parse_gid(gid, &gid_as_int);
|
(void) parse_gid(gid, &gid_as_int);
|
||||||
@ -616,7 +614,7 @@ static int print_list(FILE* file, sd_journal *j, Table *t) {
|
|||||||
TABLE_SIGNAL, normal_coredump ? signal_as_int : 0,
|
TABLE_SIGNAL, normal_coredump ? signal_as_int : 0,
|
||||||
TABLE_STRING, present,
|
TABLE_STRING, present,
|
||||||
TABLE_SET_COLOR, color,
|
TABLE_SET_COLOR, color,
|
||||||
TABLE_STRING, exe ?: comm,
|
TABLE_STRING, exe ?: comm ?: cmdline,
|
||||||
TABLE_SIZE, size);
|
TABLE_SIZE, size);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
|
|
||||||
#include "fileio.h"
|
#include "fileio.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "log-assert-critical.h"
|
|
||||||
|
|
||||||
/* The entry point into the fuzzer */
|
/* The entry point into the fuzzer */
|
||||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
|
||||||
|
|||||||
@ -3778,7 +3778,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_SETENV: {
|
case ARG_SETENV: {
|
||||||
_cleanup_strv_free_ char **l = NULL;
|
_cleanup_free_ char **l = NULL;
|
||||||
_cleanup_(sd_json_variant_unrefp) sd_json_variant *ne = NULL;
|
_cleanup_(sd_json_variant_unrefp) sd_json_variant *ne = NULL;
|
||||||
sd_json_variant *e;
|
sd_json_variant *e;
|
||||||
|
|
||||||
|
|||||||
@ -287,6 +287,8 @@ int vl_method_get_memberships(sd_varlink *link, sd_json_variant *parameters, sd_
|
|||||||
return sd_varlink_error(link, "io.systemd.UserDatabase.BadService", NULL);
|
return sd_varlink_error(link, "io.systemd.UserDatabase.BadService", NULL);
|
||||||
|
|
||||||
if (p.user_name) {
|
if (p.user_name) {
|
||||||
|
const char *last = NULL;
|
||||||
|
|
||||||
r = manager_get_home_by_name(m, p.user_name, &h);
|
r = manager_get_home_by_name(m, p.user_name, &h);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
@ -294,37 +296,40 @@ int vl_method_get_memberships(sd_varlink *link, sd_json_variant *parameters, sd_
|
|||||||
return sd_varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
|
return sd_varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
|
||||||
|
|
||||||
if (p.group_name) {
|
if (p.group_name) {
|
||||||
if (!strv_contains(h->record->member_of, p.group_name) &&
|
if (!strv_contains(h->record->member_of, p.group_name))
|
||||||
!user_record_matches_user_name(h->record, p.group_name))
|
|
||||||
return sd_varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
|
return sd_varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
|
||||||
|
|
||||||
return sd_varlink_replybo(
|
return sd_varlink_replybo(
|
||||||
link,
|
link,
|
||||||
SD_JSON_BUILD_PAIR_STRING("userName", h->user_name),
|
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(h->user_name)),
|
||||||
SD_JSON_BUILD_PAIR_STRING("groupName", p.group_name));
|
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(p.group_name)));
|
||||||
}
|
}
|
||||||
|
|
||||||
STRV_FOREACH(i, h->record->member_of) {
|
STRV_FOREACH(i, h->record->member_of) {
|
||||||
r = sd_varlink_notifybo(
|
if (last) {
|
||||||
link,
|
r = sd_varlink_notifybo(
|
||||||
SD_JSON_BUILD_PAIR_STRING("userName", h->user_name),
|
link,
|
||||||
SD_JSON_BUILD_PAIR_STRING("groupName", *i));
|
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(h->user_name)),
|
||||||
if (r < 0)
|
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(last)));
|
||||||
return r;
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
last = *i;
|
||||||
}
|
}
|
||||||
|
|
||||||
return sd_varlink_replybo(
|
if (last)
|
||||||
link,
|
return sd_varlink_replybo(
|
||||||
SD_JSON_BUILD_PAIR_STRING("userName", h->user_name),
|
link,
|
||||||
SD_JSON_BUILD_PAIR_STRING("groupName", h->user_name));
|
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(h->user_name)),
|
||||||
|
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(last)));
|
||||||
|
|
||||||
} else if (p.group_name) {
|
} else if (p.group_name) {
|
||||||
const char *last = NULL;
|
const char *last = NULL;
|
||||||
|
|
||||||
HASHMAP_FOREACH(h, m->homes_by_uid) {
|
HASHMAP_FOREACH(h, m->homes_by_uid) {
|
||||||
|
|
||||||
if (!strv_contains(h->record->member_of, p.group_name) &&
|
if (!strv_contains(h->record->member_of, p.group_name))
|
||||||
!user_record_matches_user_name(h->record, p.group_name))
|
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (last) {
|
if (last) {
|
||||||
@ -345,37 +350,34 @@ int vl_method_get_memberships(sd_varlink *link, sd_json_variant *parameters, sd_
|
|||||||
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(last)),
|
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(last)),
|
||||||
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(p.group_name)));
|
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(p.group_name)));
|
||||||
} else {
|
} else {
|
||||||
const char *last = NULL;
|
const char *last_user_name = NULL, *last_group_name = NULL;
|
||||||
|
|
||||||
HASHMAP_FOREACH(h, m->homes_by_uid) {
|
HASHMAP_FOREACH(h, m->homes_by_uid)
|
||||||
STRV_FOREACH(j, h->record->member_of) {
|
STRV_FOREACH(j, h->record->member_of) {
|
||||||
if (last) {
|
|
||||||
|
if (last_user_name) {
|
||||||
|
assert(last_group_name);
|
||||||
|
|
||||||
r = sd_varlink_notifybo(
|
r = sd_varlink_notifybo(
|
||||||
link,
|
link,
|
||||||
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(last)),
|
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(last_user_name)),
|
||||||
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(last)));
|
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(last_group_name)));
|
||||||
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
last = NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sd_varlink_notifybo(
|
last_user_name = h->user_name;
|
||||||
link,
|
last_group_name = *j;
|
||||||
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(h->user_name)),
|
|
||||||
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(*j)));
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
last = h->user_name;
|
if (last_user_name) {
|
||||||
}
|
assert(last_group_name);
|
||||||
|
|
||||||
if (last)
|
|
||||||
return sd_varlink_replybo(
|
return sd_varlink_replybo(
|
||||||
link,
|
link,
|
||||||
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(last)),
|
SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(last_user_name)),
|
||||||
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(last)));
|
SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(last_group_name)));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return sd_varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
|
return sd_varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
|
||||||
|
|||||||
@ -1704,52 +1704,32 @@ static int varlink_idl_validate_field_element_type(const sd_varlink_field *field
|
|||||||
|
|
||||||
case SD_VARLINK_BOOL:
|
case SD_VARLINK_BOOL:
|
||||||
if (!sd_json_variant_is_boolean(v))
|
if (!sd_json_variant_is_boolean(v))
|
||||||
return varlink_idl_log(
|
return varlink_idl_log(SYNTHETIC_ERRNO(EMEDIUMTYPE), "Field '%s' should be a bool, but it is not, refusing.", strna(field->name));
|
||||||
SYNTHETIC_ERRNO(EMEDIUMTYPE),
|
|
||||||
"Field '%s' should be a bool, but it is of type '%s', refusing.",
|
|
||||||
strna(field->name),
|
|
||||||
strna(sd_json_variant_type_to_string(sd_json_variant_type(v))));
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SD_VARLINK_INT:
|
case SD_VARLINK_INT:
|
||||||
/* Allow strings here too, since integers with > 53 bits are often passed in as strings */
|
/* Allow strings here too, since integers with > 53 bits are often passed in as strings */
|
||||||
if (!sd_json_variant_is_integer(v) && !sd_json_variant_is_unsigned(v) && !sd_json_variant_is_string(v))
|
if (!sd_json_variant_is_integer(v) && !sd_json_variant_is_unsigned(v) && !sd_json_variant_is_string(v))
|
||||||
return varlink_idl_log(
|
return varlink_idl_log(SYNTHETIC_ERRNO(EMEDIUMTYPE), "Field '%s' should be an int, but it is not, refusing.", strna(field->name));
|
||||||
SYNTHETIC_ERRNO(EMEDIUMTYPE),
|
|
||||||
"Field '%s' should be an int, but it is of type '%s', refusing.",
|
|
||||||
strna(field->name),
|
|
||||||
strna(sd_json_variant_type_to_string(sd_json_variant_type(v))));
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SD_VARLINK_FLOAT:
|
case SD_VARLINK_FLOAT:
|
||||||
if (!sd_json_variant_is_number(v))
|
if (!sd_json_variant_is_number(v))
|
||||||
return varlink_idl_log(
|
return varlink_idl_log(SYNTHETIC_ERRNO(EMEDIUMTYPE), "Field '%s' should be a float, but it is not, refusing.", strna(field->name));
|
||||||
SYNTHETIC_ERRNO(EMEDIUMTYPE),
|
|
||||||
"Field '%s' should be a float, but it is of type '%s', refusing.",
|
|
||||||
strna(field->name),
|
|
||||||
strna(sd_json_variant_type_to_string(sd_json_variant_type(v))));
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SD_VARLINK_STRING:
|
case SD_VARLINK_STRING:
|
||||||
if (!sd_json_variant_is_string(v))
|
if (!sd_json_variant_is_string(v))
|
||||||
return varlink_idl_log(
|
return varlink_idl_log(SYNTHETIC_ERRNO(EMEDIUMTYPE), "Field '%s' should be a string, but it is not, refusing.", strna(field->name));
|
||||||
SYNTHETIC_ERRNO(EMEDIUMTYPE),
|
|
||||||
"Field '%s' should be a string, but it is of type '%s', refusing.",
|
|
||||||
strna(field->name),
|
|
||||||
strna(sd_json_variant_type_to_string(sd_json_variant_type(v))));
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SD_VARLINK_OBJECT:
|
case SD_VARLINK_OBJECT:
|
||||||
if (!sd_json_variant_is_object(v))
|
if (!sd_json_variant_is_object(v))
|
||||||
return varlink_idl_log(
|
return varlink_idl_log(SYNTHETIC_ERRNO(EMEDIUMTYPE), "Field '%s' should be an object, but it is not, refusing.", strna(field->name));
|
||||||
SYNTHETIC_ERRNO(EMEDIUMTYPE),
|
|
||||||
"Field '%s' should be an object, but it is of type '%s', refusing.",
|
|
||||||
strna(field->name),
|
|
||||||
strna(sd_json_variant_type_to_string(sd_json_variant_type(v))));
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -1778,10 +1758,7 @@ static int varlink_idl_validate_field(const sd_varlink_field *field, sd_json_var
|
|||||||
sd_json_variant *i;
|
sd_json_variant *i;
|
||||||
|
|
||||||
if (!sd_json_variant_is_array(v))
|
if (!sd_json_variant_is_array(v))
|
||||||
return varlink_idl_log(
|
return varlink_idl_log(SYNTHETIC_ERRNO(EMEDIUMTYPE), "Field '%s' should be an array, but it is not, refusing.", strna(field->name));
|
||||||
SYNTHETIC_ERRNO(EMEDIUMTYPE), "Field '%s' should be an array, but it is of type '%s', refusing.",
|
|
||||||
strna(field->name),
|
|
||||||
strna(sd_json_variant_type_to_string(sd_json_variant_type(v))));
|
|
||||||
|
|
||||||
JSON_VARIANT_ARRAY_FOREACH(i, v) {
|
JSON_VARIANT_ARRAY_FOREACH(i, v) {
|
||||||
r = varlink_idl_validate_field_element_type(field, i);
|
r = varlink_idl_validate_field_element_type(field, i);
|
||||||
@ -1794,11 +1771,7 @@ static int varlink_idl_validate_field(const sd_varlink_field *field, sd_json_var
|
|||||||
sd_json_variant *e;
|
sd_json_variant *e;
|
||||||
|
|
||||||
if (!sd_json_variant_is_object(v))
|
if (!sd_json_variant_is_object(v))
|
||||||
return varlink_idl_log(
|
return varlink_idl_log(SYNTHETIC_ERRNO(EMEDIUMTYPE), "Field '%s' should be an object, but it is not, refusing.", strna(field->name));
|
||||||
SYNTHETIC_ERRNO(EMEDIUMTYPE),
|
|
||||||
"Field '%s' should be an object, but it is of type '%s', refusing.",
|
|
||||||
strna(field->name),
|
|
||||||
strna(sd_json_variant_type_to_string(sd_json_variant_type(v))));
|
|
||||||
|
|
||||||
JSON_VARIANT_OBJECT_FOREACH(k, e, v) {
|
JSON_VARIANT_OBJECT_FOREACH(k, e, v) {
|
||||||
r = varlink_idl_validate_field_element_type(field, e);
|
r = varlink_idl_validate_field_element_type(field, e);
|
||||||
|
|||||||
@ -464,8 +464,6 @@ static int help(void) {
|
|||||||
" --overlay-ro=PATH[:PATH...]:PATH\n"
|
" --overlay-ro=PATH[:PATH...]:PATH\n"
|
||||||
" Similar, but creates a read-only overlay mount\n"
|
" Similar, but creates a read-only overlay mount\n"
|
||||||
" --bind-user=NAME Bind user from host to container\n"
|
" --bind-user=NAME Bind user from host to container\n"
|
||||||
" --bind-user-shell=BOOL|PATH\n"
|
|
||||||
" Configure the shell to use for --bind-user= users\n"
|
|
||||||
"\n%3$sInput/Output:%4$s\n"
|
"\n%3$sInput/Output:%4$s\n"
|
||||||
" --console=MODE Select how stdin/stdout/stderr and /dev/console are\n"
|
" --console=MODE Select how stdin/stdout/stderr and /dev/console are\n"
|
||||||
" set up for the container.\n"
|
" set up for the container.\n"
|
||||||
|
|||||||
@ -8,7 +8,6 @@
|
|||||||
#include "errno-util.h"
|
#include "errno-util.h"
|
||||||
#include "hostname-setup.h"
|
#include "hostname-setup.h"
|
||||||
#include "hostname-util.h"
|
#include "hostname-util.h"
|
||||||
#include "in-addr-util.h"
|
|
||||||
#include "local-addresses.h"
|
#include "local-addresses.h"
|
||||||
#include "nss-util.h"
|
#include "nss-util.h"
|
||||||
#include "resolve-util.h"
|
#include "resolve-util.h"
|
||||||
@ -117,7 +116,7 @@ enum nss_status _nss_myhostname_gethostbyname4_r(
|
|||||||
r_tuple->next = r_tuple_prev;
|
r_tuple->next = r_tuple_prev;
|
||||||
r_tuple->name = r_name;
|
r_tuple->name = r_name;
|
||||||
r_tuple->family = AF_INET6;
|
r_tuple->family = AF_INET6;
|
||||||
memcpy(r_tuple->addr, LOCALADDRESS_IPV6, FAMILY_ADDRESS_SIZE(AF_INET6));
|
memcpy(r_tuple->addr, LOCALADDRESS_IPV6, 16);
|
||||||
r_tuple->scopeid = 0;
|
r_tuple->scopeid = 0;
|
||||||
|
|
||||||
idx += ALIGN(sizeof(struct gaih_addrtuple));
|
idx += ALIGN(sizeof(struct gaih_addrtuple));
|
||||||
@ -145,7 +144,7 @@ enum nss_status _nss_myhostname_gethostbyname4_r(
|
|||||||
r_tuple->name = r_name;
|
r_tuple->name = r_name;
|
||||||
r_tuple->family = a->family;
|
r_tuple->family = a->family;
|
||||||
r_tuple->scopeid = a->family == AF_INET6 && in6_addr_is_link_local(&a->address.in6) ? a->ifindex : 0;
|
r_tuple->scopeid = a->family == AF_INET6 && in6_addr_is_link_local(&a->address.in6) ? a->ifindex : 0;
|
||||||
memcpy(r_tuple->addr, &a->address, FAMILY_ADDRESS_SIZE(a->family));
|
memcpy(r_tuple->addr, &a->address, 16);
|
||||||
|
|
||||||
idx += ALIGN(sizeof(struct gaih_addrtuple));
|
idx += ALIGN(sizeof(struct gaih_addrtuple));
|
||||||
r_tuple_prev = r_tuple;
|
r_tuple_prev = r_tuple;
|
||||||
@ -264,7 +263,7 @@ static enum nss_status fill_in_hostent(
|
|||||||
*(uint32_t*) r_addr = local_address_ipv4;
|
*(uint32_t*) r_addr = local_address_ipv4;
|
||||||
idx += ALIGN(alen);
|
idx += ALIGN(alen);
|
||||||
} else if (socket_ipv6_is_enabled()) {
|
} else if (socket_ipv6_is_enabled()) {
|
||||||
memcpy(r_addr, LOCALADDRESS_IPV6, FAMILY_ADDRESS_SIZE(AF_INET6));
|
memcpy(r_addr, LOCALADDRESS_IPV6, 16);
|
||||||
idx += ALIGN(alen);
|
idx += ALIGN(alen);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -464,7 +463,7 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r(
|
|||||||
if (!socket_ipv6_is_enabled())
|
if (!socket_ipv6_is_enabled())
|
||||||
goto not_found;
|
goto not_found;
|
||||||
|
|
||||||
if (memcmp(addr, LOCALADDRESS_IPV6, FAMILY_ADDRESS_SIZE(AF_INET6)) == 0) {
|
if (memcmp(addr, LOCALADDRESS_IPV6, 16) == 0) {
|
||||||
canonical = "localhost";
|
canonical = "localhost";
|
||||||
additional_from_hostname = true;
|
additional_from_hostname = true;
|
||||||
goto found;
|
goto found;
|
||||||
|
|||||||
@ -418,7 +418,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (q.family != af)
|
if (!IN_SET(q.family, AF_INET, AF_INET6))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (q.address_size != FAMILY_ADDRESS_SIZE(q.family)) {
|
if (q.address_size != FAMILY_ADDRESS_SIZE(q.family)) {
|
||||||
|
|||||||
@ -726,7 +726,7 @@ enum nss_status _nss_systemd_getgrent_r(
|
|||||||
int *errnop) {
|
int *errnop) {
|
||||||
|
|
||||||
_cleanup_(group_record_unrefp) GroupRecord *gr = NULL;
|
_cleanup_(group_record_unrefp) GroupRecord *gr = NULL;
|
||||||
_cleanup_strv_free_ char **members = NULL;
|
_cleanup_free_ char **members = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
PROTECT_ERRNO;
|
PROTECT_ERRNO;
|
||||||
|
|||||||
@ -21,6 +21,7 @@
|
|||||||
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
|
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
|
||||||
# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
|
# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
|
||||||
# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
|
# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
|
||||||
|
# DNS0: 193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu
|
||||||
#
|
#
|
||||||
# Using DNS= configures global DNS servers and does not suppress link-specific
|
# Using DNS= configures global DNS servers and does not suppress link-specific
|
||||||
# configuration. Parallel requests will be sent to per-link DNS servers
|
# configuration. Parallel requests will be sent to per-link DNS servers
|
||||||
|
|||||||
@ -8,17 +8,17 @@
|
|||||||
#
|
#
|
||||||
# Minimum rpm version supported: 4.14.0
|
# Minimum rpm version supported: 4.14.0
|
||||||
|
|
||||||
%transfiletriggerin -P 900900 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}}/ /etc/systemd/system/
|
%transfiletriggerin -P 900900 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
|
||||||
-- This script will run after any package is initially installed or
|
-- This script will run after any package is initially installed or
|
||||||
-- upgraded. We care about the case where a package is initially
|
-- upgraded. We care about the case where a package is initially
|
||||||
-- installed, because other cases are covered by the *un scriptlets,
|
-- installed, because other cases are covered by the *un scriptlets,
|
||||||
-- so sometimes we will reload needlessly.
|
-- so sometimes we will reload needlessly.
|
||||||
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload-restart"))
|
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload-restart"))
|
||||||
|
|
||||||
%transfiletriggerin -P 900899 -p <lua> -- {{USER_DATA_UNIT_DIR}}/ /etc/systemd/user/
|
%transfiletriggerin -P 900899 -p <lua> -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
|
||||||
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart"))
|
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart"))
|
||||||
|
|
||||||
%transfiletriggerpostun -P 1000100 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}}/ /etc/systemd/system/
|
%transfiletriggerpostun -P 1000100 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
|
||||||
-- On removal, we need to run daemon-reload after any units have been
|
-- On removal, we need to run daemon-reload after any units have been
|
||||||
-- removed.
|
-- removed.
|
||||||
-- On upgrade, we need to run daemon-reload after any new unit files
|
-- On upgrade, we need to run daemon-reload after any new unit files
|
||||||
@ -26,53 +26,53 @@ assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart"))
|
|||||||
-- executed.
|
-- executed.
|
||||||
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload"))
|
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload"))
|
||||||
|
|
||||||
%transfiletriggerpostun -P 1000100 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}}/ /etc/systemd/system/
|
%transfiletriggerpostun -P 1000100 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
|
||||||
-- Execute daemon-reload in user managers.
|
-- Execute daemon-reload in user managers.
|
||||||
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload"))
|
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload"))
|
||||||
|
|
||||||
%transfiletriggerpostun -P 10000 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}}/ /etc/systemd/system/
|
%transfiletriggerpostun -P 10000 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
|
||||||
-- We restart remaining system services that should be restarted here.
|
-- We restart remaining system services that should be restarted here.
|
||||||
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart"))
|
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart"))
|
||||||
|
|
||||||
%transfiletriggerpostun -P 9999 -p <lua> -- {{USER_DATA_UNIT_DIR}}/ /etc/systemd/user/
|
%transfiletriggerpostun -P 9999 -p <lua> -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
|
||||||
-- We restart remaining user services that should be restarted here.
|
-- We restart remaining user services that should be restarted here.
|
||||||
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-restart"))
|
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-restart"))
|
||||||
|
|
||||||
%transfiletriggerin -P 1000700 -p <lua> -- {{SYSUSERS_DIR}}/
|
%transfiletriggerin -P 1000700 -p <lua> -- {{SYSUSERS_DIR}}
|
||||||
-- This script will process files installed in {{SYSUSERS_DIR}} to create
|
-- This script will process files installed in {{SYSUSERS_DIR}} to create
|
||||||
-- specified users automatically. The priority is set such that it
|
-- specified users automatically. The priority is set such that it
|
||||||
-- will run before the tmpfiles file trigger.
|
-- will run before the tmpfiles file trigger.
|
||||||
assert(rpm.execute("systemd-sysusers"))
|
assert(rpm.execute("systemd-sysusers"))
|
||||||
|
|
||||||
%transfiletriggerin -P 1000700 udev -p <lua> -- {{UDEV_HWDB_DIR}}/
|
%transfiletriggerin -P 1000700 udev -p <lua> -- {{UDEV_HWDB_DIR}}
|
||||||
-- This script will automatically invoke hwdb update if files have been
|
-- This script will automatically invoke hwdb update if files have been
|
||||||
-- installed or updated in {{UDEV_HWDB_DIR}}.
|
-- installed or updated in {{UDEV_HWDB_DIR}}.
|
||||||
assert(rpm.execute("systemd-hwdb", "update"))
|
assert(rpm.execute("systemd-hwdb", "update"))
|
||||||
|
|
||||||
%transfiletriggerin -P 1000700 -p <lua> -- {{SYSTEMD_CATALOG_DIR}}/
|
%transfiletriggerin -P 1000700 -p <lua> -- {{SYSTEMD_CATALOG_DIR}}
|
||||||
-- This script will automatically invoke journal catalog update if files
|
-- This script will automatically invoke journal catalog update if files
|
||||||
-- have been installed or updated in {{SYSTEMD_CATALOG_DIR}}.
|
-- have been installed or updated in {{SYSTEMD_CATALOG_DIR}}.
|
||||||
assert(rpm.execute("journalctl", "--update-catalog"))
|
assert(rpm.execute("journalctl", "--update-catalog"))
|
||||||
|
|
||||||
%transfiletriggerin -P 1000700 -p <lua> -- {{BINFMT_DIR}}/
|
%transfiletriggerin -P 1000700 -p <lua> -- {{BINFMT_DIR}}
|
||||||
-- This script will automatically apply binfmt rules if files have been
|
-- This script will automatically apply binfmt rules if files have been
|
||||||
-- installed or updated in {{BINFMT_DIR}}.
|
-- installed or updated in {{BINFMT_DIR}}.
|
||||||
if posix.access("/run/systemd/system") then
|
if posix.access("/run/systemd/system") then
|
||||||
assert(rpm.execute("{{LIBEXECDIR}}/systemd-binfmt"))
|
assert(rpm.execute("{{LIBEXECDIR}}/systemd-binfmt"))
|
||||||
end
|
end
|
||||||
|
|
||||||
%transfiletriggerin -P 1000600 -p <lua> -- {{TMPFILES_DIR}}/
|
%transfiletriggerin -P 1000600 -p <lua> -- {{TMPFILES_DIR}}
|
||||||
-- This script will process files installed in {{TMPFILES_DIR}} to create
|
-- This script will process files installed in {{TMPFILES_DIR}} to create
|
||||||
-- tmpfiles automatically. The priority is set such that it will run
|
-- tmpfiles automatically. The priority is set such that it will run
|
||||||
-- after the sysusers file trigger, but before any other triggers.
|
-- after the sysusers file trigger, but before any other triggers.
|
||||||
assert(rpm.execute("systemd-tmpfiles", "--create"))
|
assert(rpm.execute("systemd-tmpfiles", "--create"))
|
||||||
|
|
||||||
%transfiletriggerin -P 1000600 udev -p <lua> -- {{UDEV_RULES_DIR}}/
|
%transfiletriggerin -P 1000600 udev -p <lua> -- {{UDEV_RULES_DIR}}
|
||||||
-- This script will automatically update udev with new rules if files
|
-- This script will automatically update udev with new rules if files
|
||||||
-- have been installed or updated in {{UDEV_RULES_DIR}}.
|
-- have been installed or updated in {{UDEV_RULES_DIR}}.
|
||||||
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "mark-reload-system-units", "systemd-udevd.service"))
|
assert(rpm.execute("{{SYSTEMD_UPDATE_HELPER_PATH}}", "mark-reload-system-units", "systemd-udevd.service"))
|
||||||
|
|
||||||
%transfiletriggerin -P 1000500 -p <lua> -- {{SYSCTL_DIR}}/
|
%transfiletriggerin -P 1000500 -p <lua> -- {{SYSCTL_DIR}}
|
||||||
-- This script will automatically apply sysctl rules if files have been
|
-- This script will automatically apply sysctl rules if files have been
|
||||||
-- installed or updated in {{SYSCTL_DIR}}.
|
-- installed or updated in {{SYSCTL_DIR}}.
|
||||||
if posix.access("/run/systemd/system") then
|
if posix.access("/run/systemd/system") then
|
||||||
|
|||||||
@ -9,17 +9,17 @@
|
|||||||
#
|
#
|
||||||
# Minimum rpm version supported: 4.14.0
|
# Minimum rpm version supported: 4.14.0
|
||||||
|
|
||||||
%transfiletriggerin -P 900900 -- {{SYSTEM_DATA_UNIT_DIR}}/ /etc/systemd/system/
|
%transfiletriggerin -P 900900 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
|
||||||
# This script will run after any package is initially installed or
|
# This script will run after any package is initially installed or
|
||||||
# upgraded. We care about the case where a package is initially
|
# upgraded. We care about the case where a package is initially
|
||||||
# installed, because other cases are covered by the *un scriptlets,
|
# installed, because other cases are covered by the *un scriptlets,
|
||||||
# so sometimes we will reload needlessly.
|
# so sometimes we will reload needlessly.
|
||||||
{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || :
|
{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || :
|
||||||
|
|
||||||
%transfiletriggerin -P 900899 -- {{USER_DATA_UNIT_DIR}}/ /etc/systemd/user/
|
%transfiletriggerin -P 900899 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
|
||||||
{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload-restart || :
|
{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload-restart || :
|
||||||
|
|
||||||
%transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}}/ /etc/systemd/system/
|
%transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
|
||||||
# On removal, we need to run daemon-reload after any units have been
|
# On removal, we need to run daemon-reload after any units have been
|
||||||
# removed.
|
# removed.
|
||||||
# On upgrade, we need to run daemon-reload after any new unit files
|
# On upgrade, we need to run daemon-reload after any new unit files
|
||||||
@ -27,35 +27,35 @@
|
|||||||
# executed.
|
# executed.
|
||||||
{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || :
|
{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || :
|
||||||
|
|
||||||
%transfiletriggerpostun -P 1000099 -- {{USER_DATA_UNIT_DIR}}/ /etc/systemd/user/
|
%transfiletriggerpostun -P 1000099 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
|
||||||
# Execute daemon-reload in user managers.
|
# Execute daemon-reload in user managers.
|
||||||
{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload || :
|
{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload || :
|
||||||
|
|
||||||
%transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}}/ /etc/systemd/system/
|
%transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
|
||||||
# We restart remaining system services that should be restarted here.
|
# We restart remaining system services that should be restarted here.
|
||||||
{{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || :
|
{{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || :
|
||||||
|
|
||||||
%transfiletriggerpostun -P 9999 -- {{USER_DATA_UNIT_DIR}}/ /etc/systemd/user/
|
%transfiletriggerpostun -P 9999 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
|
||||||
# We restart remaining user services that should be restarted here.
|
# We restart remaining user services that should be restarted here.
|
||||||
{{SYSTEMD_UPDATE_HELPER_PATH}} user-restart || :
|
{{SYSTEMD_UPDATE_HELPER_PATH}} user-restart || :
|
||||||
|
|
||||||
%transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}}/
|
%transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}}
|
||||||
# This script will process files installed in {{SYSUSERS_DIR}} to create
|
# This script will process files installed in {{SYSUSERS_DIR}} to create
|
||||||
# specified users automatically. The priority is set such that it
|
# specified users automatically. The priority is set such that it
|
||||||
# will run before the tmpfiles file trigger.
|
# will run before the tmpfiles file trigger.
|
||||||
systemd-sysusers || :
|
systemd-sysusers || :
|
||||||
|
|
||||||
%transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}}/
|
%transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}}
|
||||||
# This script will automatically invoke hwdb update if files have been
|
# This script will automatically invoke hwdb update if files have been
|
||||||
# installed or updated in {{UDEV_HWDB_DIR}}.
|
# installed or updated in {{UDEV_HWDB_DIR}}.
|
||||||
systemd-hwdb update || :
|
systemd-hwdb update || :
|
||||||
|
|
||||||
%transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}}/
|
%transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}}
|
||||||
# This script will automatically invoke journal catalog update if files
|
# This script will automatically invoke journal catalog update if files
|
||||||
# have been installed or updated in {{SYSTEMD_CATALOG_DIR}}.
|
# have been installed or updated in {{SYSTEMD_CATALOG_DIR}}.
|
||||||
journalctl --update-catalog || :
|
journalctl --update-catalog || :
|
||||||
|
|
||||||
%transfiletriggerin -P 1000700 -- {{BINFMT_DIR}}/
|
%transfiletriggerin -P 1000700 -- {{BINFMT_DIR}}
|
||||||
# This script will automatically apply binfmt rules if files have been
|
# This script will automatically apply binfmt rules if files have been
|
||||||
# installed or updated in {{BINFMT_DIR}}.
|
# installed or updated in {{BINFMT_DIR}}.
|
||||||
if test -d "/run/systemd/system"; then
|
if test -d "/run/systemd/system"; then
|
||||||
@ -64,7 +64,7 @@ if test -d "/run/systemd/system"; then
|
|||||||
{{LIBEXECDIR}}/systemd-binfmt || :
|
{{LIBEXECDIR}}/systemd-binfmt || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%transfiletriggerin -P 1000600 -- {{TMPFILES_DIR}}/
|
%transfiletriggerin -P 1000600 -- {{TMPFILES_DIR}}
|
||||||
# This script will process files installed in {{TMPFILES_DIR}} to create
|
# This script will process files installed in {{TMPFILES_DIR}} to create
|
||||||
# tmpfiles automatically. The priority is set such that it will run
|
# tmpfiles automatically. The priority is set such that it will run
|
||||||
# after the sysusers file trigger, but before any other triggers.
|
# after the sysusers file trigger, but before any other triggers.
|
||||||
@ -72,12 +72,12 @@ if test -d "/run/systemd/system"; then
|
|||||||
systemd-tmpfiles --create || :
|
systemd-tmpfiles --create || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}}/
|
%transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}}
|
||||||
# This script will automatically update udev with new rules if files
|
# This script will automatically update udev with new rules if files
|
||||||
# have been installed or updated in {{UDEV_RULES_DIR}}.
|
# have been installed or updated in {{UDEV_RULES_DIR}}.
|
||||||
{{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units systemd-udevd.service || :
|
{{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units systemd-udevd.service || :
|
||||||
|
|
||||||
%transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}}/
|
%transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}}
|
||||||
# This script will automatically apply sysctl rules if files have been
|
# This script will automatically apply sysctl rules if files have been
|
||||||
# installed or updated in {{SYSCTL_DIR}}.
|
# installed or updated in {{SYSCTL_DIR}}.
|
||||||
if test -d "/run/systemd/system"; then
|
if test -d "/run/systemd/system"; then
|
||||||
|
|||||||
@ -1133,8 +1133,6 @@ static int ask_password_credential(const AskPasswordRequest *req, AskPasswordFla
|
|||||||
r = read_credential(req->credential, (void**) &buffer, &size);
|
r = read_credential(req->credential, (void**) &buffer, &size);
|
||||||
if (IN_SET(r, -ENXIO, -ENOENT)) /* No credentials passed or this credential not defined? */
|
if (IN_SET(r, -ENXIO, -ENOENT)) /* No credentials passed or this credential not defined? */
|
||||||
return -ENOKEY;
|
return -ENOKEY;
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
l = strv_parse_nulstr(buffer, size);
|
l = strv_parse_nulstr(buffer, size);
|
||||||
if (!l)
|
if (!l)
|
||||||
|
|||||||
@ -49,8 +49,6 @@ DLSYM_PROTOTYPE(ring_buffer__free) = NULL;
|
|||||||
DLSYM_PROTOTYPE(ring_buffer__new) = NULL;
|
DLSYM_PROTOTYPE(ring_buffer__new) = NULL;
|
||||||
DLSYM_PROTOTYPE(ring_buffer__poll) = NULL;
|
DLSYM_PROTOTYPE(ring_buffer__poll) = NULL;
|
||||||
|
|
||||||
static void* bpf_dl = NULL;
|
|
||||||
|
|
||||||
/* new symbols available from libbpf 0.7.0 */
|
/* new symbols available from libbpf 0.7.0 */
|
||||||
int (*sym_bpf_map_create)(enum bpf_map_type, const char *, __u32, __u32, __u32, const struct bpf_map_create_opts *);
|
int (*sym_bpf_map_create)(enum bpf_map_type, const char *, __u32, __u32, __u32, const struct bpf_map_create_opts *);
|
||||||
struct bpf_map* (*sym_bpf_object__next_map)(const struct bpf_object *obj, const struct bpf_map *map);
|
struct bpf_map* (*sym_bpf_object__next_map)(const struct bpf_object *obj, const struct bpf_map *map);
|
||||||
@ -73,8 +71,8 @@ static int bpf_print_func(enum libbpf_print_level level, const char *fmt, va_lis
|
|||||||
}
|
}
|
||||||
|
|
||||||
int dlopen_bpf_full(int log_level) {
|
int dlopen_bpf_full(int log_level) {
|
||||||
_cleanup_(dlclosep) void *dl = NULL;
|
|
||||||
static int cached = 0;
|
static int cached = 0;
|
||||||
|
void *dl;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (cached != 0)
|
if (cached != 0)
|
||||||
@ -179,8 +177,6 @@ int dlopen_bpf_full(int log_level) {
|
|||||||
|
|
||||||
REENABLE_WARNING;
|
REENABLE_WARNING;
|
||||||
|
|
||||||
bpf_dl = TAKE_PTR(dl);
|
|
||||||
|
|
||||||
return cached = true;
|
return cached = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -567,7 +567,6 @@ static int image_make(
|
|||||||
static int pick_image_search_path(
|
static int pick_image_search_path(
|
||||||
RuntimeScope scope,
|
RuntimeScope scope,
|
||||||
ImageClass class,
|
ImageClass class,
|
||||||
const char *root,
|
|
||||||
char ***ret) {
|
char ***ret) {
|
||||||
|
|
||||||
int r;
|
int r;
|
||||||
@ -584,11 +583,11 @@ static int pick_image_search_path(
|
|||||||
if (scope < 0) {
|
if (scope < 0) {
|
||||||
_cleanup_strv_free_ char **a = NULL, **b = NULL;
|
_cleanup_strv_free_ char **a = NULL, **b = NULL;
|
||||||
|
|
||||||
r = pick_image_search_path(RUNTIME_SCOPE_USER, class, root, &a);
|
r = pick_image_search_path(RUNTIME_SCOPE_USER, class, &a);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
r = pick_image_search_path(RUNTIME_SCOPE_SYSTEM, class, root, &b);
|
r = pick_image_search_path(RUNTIME_SCOPE_SYSTEM, class, &b);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
@ -604,15 +603,8 @@ static int pick_image_search_path(
|
|||||||
|
|
||||||
case RUNTIME_SCOPE_SYSTEM: {
|
case RUNTIME_SCOPE_SYSTEM: {
|
||||||
const char *ns;
|
const char *ns;
|
||||||
bool is_initrd;
|
|
||||||
|
|
||||||
r = chase_and_access("/etc/initrd-release", root, CHASE_PREFIX_ROOT, F_OK, /* ret_path= */ NULL);
|
|
||||||
if (r < 0 && r != -ENOENT)
|
|
||||||
return r;
|
|
||||||
is_initrd = r >= 0;
|
|
||||||
|
|
||||||
/* Use the initrd search path if there is one, otherwise use the common one */
|
/* Use the initrd search path if there is one, otherwise use the common one */
|
||||||
ns = is_initrd && image_search_path_initrd[class] ?
|
ns = in_initrd() && image_search_path_initrd[class] ?
|
||||||
image_search_path_initrd[class] :
|
image_search_path_initrd[class] :
|
||||||
image_search_path[class];
|
image_search_path[class];
|
||||||
if (!ns)
|
if (!ns)
|
||||||
@ -719,7 +711,7 @@ int image_find(RuntimeScope scope,
|
|||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
_cleanup_strv_free_ char **search = NULL;
|
_cleanup_strv_free_ char **search = NULL;
|
||||||
r = pick_image_search_path(scope, class, root, &search);
|
r = pick_image_search_path(scope, class, &search);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
@ -910,7 +902,7 @@ int image_discover(
|
|||||||
assert(images);
|
assert(images);
|
||||||
|
|
||||||
_cleanup_strv_free_ char **search = NULL;
|
_cleanup_strv_free_ char **search = NULL;
|
||||||
r = pick_image_search_path(scope, class, root, &search);
|
r = pick_image_search_path(scope, class, &search);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
@ -1805,7 +1797,7 @@ bool image_in_search_path(
|
|||||||
assert(image);
|
assert(image);
|
||||||
|
|
||||||
_cleanup_strv_free_ char **search = NULL;
|
_cleanup_strv_free_ char **search = NULL;
|
||||||
r = pick_image_search_path(scope, class, root, &search);
|
r = pick_image_search_path(scope, class, &search);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|||||||
@ -4405,6 +4405,8 @@ int verity_dissect_and_mount(
|
|||||||
_cleanup_strv_free_ char **extension_release = NULL;
|
_cleanup_strv_free_ char **extension_release = NULL;
|
||||||
ImageClass class = IMAGE_SYSEXT;
|
ImageClass class = IMAGE_SYSEXT;
|
||||||
|
|
||||||
|
assert(!isempty(extension_release_data->os_release_id));
|
||||||
|
|
||||||
r = load_extension_release_pairs(dest, required_class >= 0 ? required_class : IMAGE_SYSEXT, dissected_image->image_name, relax_extension_release_check, &extension_release);
|
r = load_extension_release_pairs(dest, required_class >= 0 ? required_class : IMAGE_SYSEXT, dissected_image->image_name, relax_extension_release_check, &extension_release);
|
||||||
if (r == -ENOENT) {
|
if (r == -ENOENT) {
|
||||||
if (required_class >= 0)
|
if (required_class >= 0)
|
||||||
|
|||||||
@ -1,31 +0,0 @@
|
|||||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
||||||
|
|
||||||
#include "env-util.h"
|
|
||||||
#include "log.h"
|
|
||||||
#include "log-assert-critical.h"
|
|
||||||
|
|
||||||
static bool assert_return_is_critical = BUILD_MODE_DEVELOPER;
|
|
||||||
|
|
||||||
void log_set_assert_return_is_critical(bool b) {
|
|
||||||
assert_return_is_critical = b;
|
|
||||||
}
|
|
||||||
|
|
||||||
void log_set_assert_return_is_critical_from_env(void) {
|
|
||||||
static int cached = INT_MIN;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
if (cached == INT_MIN) {
|
|
||||||
r = secure_getenv_bool("SYSTEMD_ASSERT_RETURN_IS_CRITICAL");
|
|
||||||
if (r < 0 && r != -ENXIO)
|
|
||||||
log_debug_errno(r, "Failed to parse $SYSTEMD_ASSERT_RETURN_IS_CRITICAL, ignoring: %m");
|
|
||||||
|
|
||||||
cached = r;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cached >= 0)
|
|
||||||
log_set_assert_return_is_critical(cached);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool log_get_assert_return_is_critical(void) {
|
|
||||||
return assert_return_is_critical;
|
|
||||||
}
|
|
||||||
@ -1,7 +0,0 @@
|
|||||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
||||||
#pragma once
|
|
||||||
|
|
||||||
#include "forward.h"
|
|
||||||
|
|
||||||
void log_set_assert_return_is_critical(bool b);
|
|
||||||
void log_set_assert_return_is_critical_from_env(void);
|
|
||||||
@ -34,14 +34,14 @@ static int check_etc_passwd_collisions(
|
|||||||
if (r == -ENOENT)
|
if (r == -ENOENT)
|
||||||
return 0; /* no user database? then no user, hence no collision */
|
return 0; /* no user database? then no user, hence no collision */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to open /etc/passwd of machine: %m");
|
return log_error_errno(r, "Failed to open /etc/passwd of container: %m");
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
struct passwd *pw;
|
struct passwd *pw;
|
||||||
|
|
||||||
r = fgetpwent_sane(f, &pw);
|
r = fgetpwent_sane(f, &pw);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to iterate through /etc/passwd of machine: %m");
|
return log_error_errno(r, "Failed to iterate through /etc/passwd of container: %m");
|
||||||
if (r == 0) /* EOF */
|
if (r == 0) /* EOF */
|
||||||
return 0; /* no collision */
|
return 0; /* no collision */
|
||||||
|
|
||||||
@ -69,14 +69,14 @@ static int check_etc_group_collisions(
|
|||||||
if (r == -ENOENT)
|
if (r == -ENOENT)
|
||||||
return 0; /* no group database? then no group, hence no collision */
|
return 0; /* no group database? then no group, hence no collision */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to open /etc/group of machine: %m");
|
return log_error_errno(r, "Failed to open /etc/group of container: %m");
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
struct group *gr;
|
struct group *gr;
|
||||||
|
|
||||||
r = fgetgrent_sane(f, &gr);
|
r = fgetgrent_sane(f, &gr);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to iterate through /etc/group of machine: %m");
|
return log_error_errno(r, "Failed to iterate through /etc/group of container: %m");
|
||||||
if (r == 0)
|
if (r == 0)
|
||||||
return 0; /* no collision */
|
return 0; /* no collision */
|
||||||
|
|
||||||
@ -115,14 +115,14 @@ static int convert_user(
|
|||||||
return r;
|
return r;
|
||||||
if (r > 0)
|
if (r > 0)
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EBUSY),
|
return log_error_errno(SYNTHETIC_ERRNO(EBUSY),
|
||||||
"Sorry, the user '%s' already exists in the machine.", u->user_name);
|
"Sorry, the user '%s' already exists in the container.", u->user_name);
|
||||||
|
|
||||||
r = check_etc_group_collisions(directory, g->group_name, GID_INVALID);
|
r = check_etc_group_collisions(directory, g->group_name, GID_INVALID);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
if (r > 0)
|
if (r > 0)
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EBUSY),
|
return log_error_errno(SYNTHETIC_ERRNO(EBUSY),
|
||||||
"Sorry, the group '%s' already exists in the machine.", g->group_name);
|
"Sorry, the group '%s' already exists in the container.", g->group_name);
|
||||||
|
|
||||||
h = path_join("/run/host/home/", u->user_name);
|
h = path_join("/run/host/home/", u->user_name);
|
||||||
if (!h)
|
if (!h)
|
||||||
@ -149,7 +149,7 @@ static int convert_user(
|
|||||||
SD_JSON_BUILD_PAIR_CONDITION(!strv_isempty(u->hashed_password), "hashedPassword", SD_JSON_BUILD_VARIANT(hp)),
|
SD_JSON_BUILD_PAIR_CONDITION(!strv_isempty(u->hashed_password), "hashedPassword", SD_JSON_BUILD_VARIANT(hp)),
|
||||||
SD_JSON_BUILD_PAIR_CONDITION(!!ssh, "sshAuthorizedKeys", SD_JSON_BUILD_VARIANT(ssh))))));
|
SD_JSON_BUILD_PAIR_CONDITION(!!ssh, "sshAuthorizedKeys", SD_JSON_BUILD_VARIANT(ssh))))));
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to build machine user record: %m");
|
return log_error_errno(r, "Failed to build container user record: %m");
|
||||||
|
|
||||||
r = group_record_build(
|
r = group_record_build(
|
||||||
&converted_group,
|
&converted_group,
|
||||||
@ -159,7 +159,7 @@ static int convert_user(
|
|||||||
SD_JSON_BUILD_PAIR_CONDITION(g->disposition >= 0, "disposition", SD_JSON_BUILD_STRING(user_disposition_to_string(g->disposition))),
|
SD_JSON_BUILD_PAIR_CONDITION(g->disposition >= 0, "disposition", SD_JSON_BUILD_STRING(user_disposition_to_string(g->disposition))),
|
||||||
SD_JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.NSpawn"))));
|
SD_JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.NSpawn"))));
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to build machine group record: %m");
|
return log_error_errno(r, "Failed to build container group record: %m");
|
||||||
|
|
||||||
*ret_converted_user = TAKE_PTR(converted_user);
|
*ret_converted_user = TAKE_PTR(converted_user);
|
||||||
*ret_converted_group = TAKE_PTR(converted_group);
|
*ret_converted_group = TAKE_PTR(converted_group);
|
||||||
@ -176,7 +176,7 @@ static int find_free_uid(const char *directory, uid_t *current_uid) {
|
|||||||
if (*current_uid > MAP_UID_MAX)
|
if (*current_uid > MAP_UID_MAX)
|
||||||
return log_error_errno(
|
return log_error_errno(
|
||||||
SYNTHETIC_ERRNO(EBUSY),
|
SYNTHETIC_ERRNO(EBUSY),
|
||||||
"No suitable available UID in range " UID_FMT "…" UID_FMT " in machine detected, can't map user.",
|
"No suitable available UID in range " UID_FMT "…" UID_FMT " in container detected, can't map user.",
|
||||||
MAP_UID_MIN, MAP_UID_MAX);
|
MAP_UID_MIN, MAP_UID_MAX);
|
||||||
|
|
||||||
r = check_etc_passwd_collisions(directory, NULL, *current_uid);
|
r = check_etc_passwd_collisions(directory, NULL, *current_uid);
|
||||||
@ -220,7 +220,7 @@ int machine_bind_user_prepare(
|
|||||||
assert(ret);
|
assert(ret);
|
||||||
|
|
||||||
/* This resolves the users specified in 'bind_user', generates a minimalized JSON user + group record
|
/* This resolves the users specified in 'bind_user', generates a minimalized JSON user + group record
|
||||||
* for it to stick in the machine, allocates a UID/GID for it, and updates the custom mount table,
|
* for it to stick in the container, allocates a UID/GID for it, and updates the custom mount table,
|
||||||
* to include an appropriate bind mount mapping.
|
* to include an appropriate bind mount mapping.
|
||||||
*
|
*
|
||||||
* This extends the passed custom_mounts/n_custom_mounts with the home directories, and allocates a
|
* This extends the passed custom_mounts/n_custom_mounts with the home directories, and allocates a
|
||||||
@ -265,13 +265,13 @@ int machine_bind_user_prepare(
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to resolve group of user '%s': %m", u->user_name);
|
return log_error_errno(r, "Failed to resolve group of user '%s': %m", u->user_name);
|
||||||
|
|
||||||
/* We want to synthesize exactly one user + group from the host into the machine. This only
|
/* We want to synthesize exactly one user + group from the host into the container. This only
|
||||||
* makes sense if the user on the host has its own private group. We can't reasonably check
|
* makes sense if the user on the host has its own private group. We can't reasonably check
|
||||||
* this, so we just check of the name of user and group match.
|
* this, so we just check of the name of user and group match.
|
||||||
*
|
*
|
||||||
* One of these days we might want to support users in a shared/common group too, but it's
|
* One of these days we might want to support users in a shared/common group too, but it's
|
||||||
* not clear to me how this would have to be mapped, precisely given that the common group
|
* not clear to me how this would have to be mapped, precisely given that the common group
|
||||||
* probably already exists in the machine. */
|
* probably already exists in the container. */
|
||||||
if (!streq(u->user_name, g->group_name))
|
if (!streq(u->user_name, g->group_name))
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||||
"Sorry, mapping users without private groups is currently not supported.");
|
"Sorry, mapping users without private groups is currently not supported.");
|
||||||
|
|||||||
@ -115,7 +115,6 @@ shared_sources = files(
|
|||||||
'libmount-util.c',
|
'libmount-util.c',
|
||||||
'local-addresses.c',
|
'local-addresses.c',
|
||||||
'locale-setup.c',
|
'locale-setup.c',
|
||||||
'log-assert-critical.c',
|
|
||||||
'logs-show.c',
|
'logs-show.c',
|
||||||
'loop-util.c',
|
'loop-util.c',
|
||||||
'loopback-setup.c',
|
'loopback-setup.c',
|
||||||
|
|||||||
@ -400,8 +400,8 @@ int nsresource_add_netif_tap(
|
|||||||
return log_debug_errno(sd_varlink_error_to_errno(error_id, reply), "Failed to add network to user namespace: %s", error_id);
|
return log_debug_errno(sd_varlink_error_to_errno(error_id, reply), "Failed to add network to user namespace: %s", error_id);
|
||||||
|
|
||||||
static const sd_json_dispatch_field dispatch_table[] = {
|
static const sd_json_dispatch_field dispatch_table[] = {
|
||||||
{ "hostInterfaceName", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(InterfaceParams, host_interface_name), SD_JSON_MANDATORY },
|
{ "hostInterfaceName", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(InterfaceParams, host_interface_name), SD_JSON_MANDATORY },
|
||||||
{ "interfaceFileDescriptor", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_uint, offsetof(InterfaceParams, interface_fd_index), SD_JSON_MANDATORY },
|
{ "interfaceFileDescriptor", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_uint, offsetof(InterfaceParams, namespace_interface_name), SD_JSON_MANDATORY },
|
||||||
};
|
};
|
||||||
|
|
||||||
_cleanup_(interface_params_done) InterfaceParams p = {};
|
_cleanup_(interface_params_done) InterfaceParams p = {};
|
||||||
|
|||||||
@ -6,7 +6,6 @@
|
|||||||
|
|
||||||
#include "assert-util.h"
|
#include "assert-util.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "log-assert-critical.h"
|
|
||||||
#include "nss-util.h"
|
#include "nss-util.h"
|
||||||
|
|
||||||
sd_json_dispatch_flags_t nss_json_dispatch_flags = SD_JSON_ALLOW_EXTENSIONS;
|
sd_json_dispatch_flags_t nss_json_dispatch_flags = SD_JSON_ALLOW_EXTENSIONS;
|
||||||
|
|||||||
@ -449,18 +449,12 @@ int rm_rf_at(int dir_fd, const char *path, RemoveFlags flags) {
|
|||||||
if (FLAGS_SET(flags, REMOVE_MISSING_OK) && r == -ENOENT)
|
if (FLAGS_SET(flags, REMOVE_MISSING_OK) && r == -ENOENT)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (!IN_SET(r, -ENOTTY, -EINVAL, -ENOTDIR, -EPERM, -EACCES))
|
if (!IN_SET(r, -ENOTTY, -EINVAL, -ENOTDIR))
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
/* Not btrfs or not a subvolume, or permissions are not available (but might if we go via unlinkat()) */
|
/* Not btrfs or not a subvolume */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* In the next step we'll try to open the directory in order to enumerate its contents. This might
|
|
||||||
* not work due to perms, but we might still be able to delete it, hence let's try that first. */
|
|
||||||
if (FLAGS_SET(flags, REMOVE_ROOT | REMOVE_PHYSICAL))
|
|
||||||
if (unlinkat(dir_fd, path, AT_REMOVEDIR) >= 0)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
fd = openat_harder(dir_fd, path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME, flags, &old_mode);
|
fd = openat_harder(dir_fd, path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME, flags, &old_mode);
|
||||||
if (fd >= 0) {
|
if (fd >= 0) {
|
||||||
/* We have a dir */
|
/* We have a dir */
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
#include "errno-util.h"
|
#include "errno-util.h"
|
||||||
#include "forward.h"
|
#include "forward.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "log-assert-critical.h"
|
|
||||||
#include "static-destruct.h"
|
#include "static-destruct.h"
|
||||||
#include "signal-util.h"
|
#include "signal-util.h"
|
||||||
#include "stdio-util.h"
|
#include "stdio-util.h"
|
||||||
|
|||||||
@ -1662,11 +1662,9 @@ static const ImagePolicy *pick_image_policy(const Image *img) {
|
|||||||
|
|
||||||
/* If located in /.extra/ in the initrd, then it was placed there by systemd-stub, and was
|
/* If located in /.extra/ in the initrd, then it was placed there by systemd-stub, and was
|
||||||
* picked up from an untrusted ESP. Thus, require a stricter policy by default for them. (For the
|
* picked up from an untrusted ESP. Thus, require a stricter policy by default for them. (For the
|
||||||
* other directories we assume the appropriate level of trust was already established.)
|
* other directories we assume the appropriate level of trust was already established already. */
|
||||||
* With --root= we default to the regular policy, though. (To change that, the check would need
|
|
||||||
* to prepend (or cut away) arg_root.) */
|
|
||||||
|
|
||||||
if (in_initrd() && !arg_root) {
|
if (in_initrd()) {
|
||||||
if (path_startswith(img->path, "/.extra/sysext/"))
|
if (path_startswith(img->path, "/.extra/sysext/"))
|
||||||
return &image_policy_sysext_strict;
|
return &image_policy_sysext_strict;
|
||||||
if (path_startswith(img->path, "/.extra/global_sysext/"))
|
if (path_startswith(img->path, "/.extra/global_sysext/"))
|
||||||
@ -1862,19 +1860,13 @@ static int merge_subprocess(
|
|||||||
if (force)
|
if (force)
|
||||||
log_debug("Force mode enabled, skipping version validation.");
|
log_debug("Force mode enabled, skipping version validation.");
|
||||||
else {
|
else {
|
||||||
bool is_initrd;
|
|
||||||
r = chase_and_access("/etc/initrd-release", arg_root, CHASE_PREFIX_ROOT, F_OK, /* ret_path= */ NULL);
|
|
||||||
if (r < 0 && r != -ENOENT)
|
|
||||||
return log_error_errno(r, "Failed to check for /etc/initrd-release: %m");
|
|
||||||
is_initrd = r >= 0;
|
|
||||||
|
|
||||||
r = extension_release_validate(
|
r = extension_release_validate(
|
||||||
img->name,
|
img->name,
|
||||||
host_os_release_id,
|
host_os_release_id,
|
||||||
host_os_release_id_like,
|
host_os_release_id_like,
|
||||||
host_os_release_version_id,
|
host_os_release_version_id,
|
||||||
host_os_release_api_level,
|
host_os_release_api_level,
|
||||||
is_initrd ? "initrd" : "system",
|
in_initrd() ? "initrd" : "system",
|
||||||
image_extension_release(img, image_class),
|
image_extension_release(img, image_class),
|
||||||
image_class);
|
image_class);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
|||||||
@ -44,7 +44,7 @@ int verb_add_dependency(int argc, char *argv[], void *userdata) {
|
|||||||
else
|
else
|
||||||
assert_not_reached();
|
assert_not_reached();
|
||||||
|
|
||||||
if (install_client_side() != INSTALL_CLIENT_SIDE_NO) {
|
if (install_client_side()) {
|
||||||
InstallChange *changes = NULL;
|
InstallChange *changes = NULL;
|
||||||
size_t n_changes = 0;
|
size_t n_changes = 0;
|
||||||
|
|
||||||
|
|||||||
@ -96,28 +96,8 @@ static int parse_shutdown_time_spec(const char *t, usec_t *ret) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (s <= n) {
|
while (s <= n)
|
||||||
/* The specified time is today, but in the past. We need to schedule it for tomorrow
|
s += USEC_PER_DAY;
|
||||||
* at the same time. Adding USEC_PER_DAY would be wrong across DST changes, so just
|
|
||||||
* let mktime() normalise it. */
|
|
||||||
int requested_hour = tm.tm_hour;
|
|
||||||
int requested_min = tm.tm_min;
|
|
||||||
|
|
||||||
tm.tm_mday++;
|
|
||||||
tm.tm_isdst = -1;
|
|
||||||
r = mktime_or_timegm_usec(&tm, /* utc= */ false, &s);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
if (tm.tm_hour != requested_hour || tm.tm_min != requested_min) {
|
|
||||||
log_warning("Requested shutdown time %02d:%02d does not exist. "
|
|
||||||
"Rescheduling to %02d:%02d.",
|
|
||||||
requested_hour,
|
|
||||||
requested_min,
|
|
||||||
tm.tm_hour,
|
|
||||||
tm.tm_min);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
*ret = s;
|
*ret = s;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -370,8 +370,7 @@ int verb_edit(int argc, char *argv[], void *userdata) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (!arg_no_reload &&
|
if (!arg_no_reload && !install_client_side()) {
|
||||||
install_client_side() == INSTALL_CLIENT_SIDE_NO) {
|
|
||||||
r = daemon_reload(ACTION_RELOAD, /* graceful= */ false);
|
r = daemon_reload(ACTION_RELOAD, /* graceful= */ false);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|||||||
@ -103,7 +103,7 @@ int verb_enable(int argc, char *argv[], void *userdata) {
|
|||||||
|
|
||||||
/* If the operation was fully executed by the SysV compat, let's finish early */
|
/* If the operation was fully executed by the SysV compat, let's finish early */
|
||||||
if (strv_isempty(names)) {
|
if (strv_isempty(names)) {
|
||||||
if (arg_no_reload || install_client_side() != INSTALL_CLIENT_SIDE_NO)
|
if (arg_no_reload || install_client_side())
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
r = daemon_reload(ACTION_RELOAD, /* graceful= */ false);
|
r = daemon_reload(ACTION_RELOAD, /* graceful= */ false);
|
||||||
@ -119,7 +119,41 @@ int verb_enable(int argc, char *argv[], void *userdata) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (install_client_side() == INSTALL_CLIENT_SIDE_NO) {
|
if (install_client_side()) {
|
||||||
|
UnitFileFlags flags;
|
||||||
|
InstallChange *changes = NULL;
|
||||||
|
size_t n_changes = 0;
|
||||||
|
|
||||||
|
CLEANUP_ARRAY(changes, n_changes, install_changes_free);
|
||||||
|
|
||||||
|
flags = unit_file_flags_from_args();
|
||||||
|
|
||||||
|
if (streq(verb, "enable")) {
|
||||||
|
r = unit_file_enable(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
||||||
|
carries_install_info = r;
|
||||||
|
} else if (streq(verb, "disable")) {
|
||||||
|
r = unit_file_disable(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
||||||
|
carries_install_info = r;
|
||||||
|
} else if (streq(verb, "reenable")) {
|
||||||
|
r = unit_file_reenable(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
||||||
|
carries_install_info = r;
|
||||||
|
} else if (streq(verb, "link"))
|
||||||
|
r = unit_file_link(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
||||||
|
else if (streq(verb, "preset"))
|
||||||
|
r = unit_file_preset(arg_runtime_scope, flags, arg_root, names, arg_preset_mode, &changes, &n_changes);
|
||||||
|
else if (streq(verb, "mask"))
|
||||||
|
r = unit_file_mask(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
||||||
|
else if (streq(verb, "unmask"))
|
||||||
|
r = unit_file_unmask(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
||||||
|
else if (streq(verb, "revert"))
|
||||||
|
r = unit_file_revert(arg_runtime_scope, arg_root, names, &changes, &n_changes);
|
||||||
|
else
|
||||||
|
assert_not_reached();
|
||||||
|
|
||||||
|
install_changes_dump(r, verb, changes, n_changes, arg_quiet);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
} else {
|
||||||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
|
||||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||||
bool expect_carries_install_info = false;
|
bool expect_carries_install_info = false;
|
||||||
@ -241,40 +275,6 @@ int verb_enable(int argc, char *argv[], void *userdata) {
|
|||||||
if (warn_trigger_operation && !arg_quiet && !arg_no_warn)
|
if (warn_trigger_operation && !arg_quiet && !arg_no_warn)
|
||||||
STRV_FOREACH(unit, names)
|
STRV_FOREACH(unit, names)
|
||||||
warn_triggering_units(bus, *unit, warn_trigger_operation, warn_trigger_ignore_masked);
|
warn_triggering_units(bus, *unit, warn_trigger_operation, warn_trigger_ignore_masked);
|
||||||
} else {
|
|
||||||
UnitFileFlags flags;
|
|
||||||
InstallChange *changes = NULL;
|
|
||||||
size_t n_changes = 0;
|
|
||||||
|
|
||||||
CLEANUP_ARRAY(changes, n_changes, install_changes_free);
|
|
||||||
|
|
||||||
flags = unit_file_flags_from_args();
|
|
||||||
|
|
||||||
if (streq(verb, "enable")) {
|
|
||||||
r = unit_file_enable(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
|
||||||
carries_install_info = r;
|
|
||||||
} else if (streq(verb, "disable")) {
|
|
||||||
r = unit_file_disable(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
|
||||||
carries_install_info = r;
|
|
||||||
} else if (streq(verb, "reenable")) {
|
|
||||||
r = unit_file_reenable(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
|
||||||
carries_install_info = r;
|
|
||||||
} else if (streq(verb, "link"))
|
|
||||||
r = unit_file_link(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
|
||||||
else if (streq(verb, "preset"))
|
|
||||||
r = unit_file_preset(arg_runtime_scope, flags, arg_root, names, arg_preset_mode, &changes, &n_changes);
|
|
||||||
else if (streq(verb, "mask"))
|
|
||||||
r = unit_file_mask(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
|
||||||
else if (streq(verb, "unmask"))
|
|
||||||
r = unit_file_unmask(arg_runtime_scope, flags, arg_root, names, &changes, &n_changes);
|
|
||||||
else if (streq(verb, "revert"))
|
|
||||||
r = unit_file_revert(arg_runtime_scope, arg_root, names, &changes, &n_changes);
|
|
||||||
else
|
|
||||||
assert_not_reached();
|
|
||||||
|
|
||||||
install_changes_dump(r, verb, changes, n_changes, arg_quiet);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (carries_install_info == 0 && !ignore_carries_install_info)
|
if (carries_install_info == 0 && !ignore_carries_install_info)
|
||||||
@ -334,7 +334,7 @@ int verb_enable(int argc, char *argv[], void *userdata) {
|
|||||||
if (arg_now) {
|
if (arg_now) {
|
||||||
_cleanup_strv_free_ char **new_args = NULL;
|
_cleanup_strv_free_ char **new_args = NULL;
|
||||||
const char *start_verb;
|
const char *start_verb;
|
||||||
bool accept_path, prohibit_templates, dead_ok = false;
|
bool accept_path, prohibit_templates;
|
||||||
|
|
||||||
if (streq(verb, "enable")) {
|
if (streq(verb, "enable")) {
|
||||||
start_verb = "start";
|
start_verb = "start";
|
||||||
@ -344,7 +344,6 @@ int verb_enable(int argc, char *argv[], void *userdata) {
|
|||||||
start_verb = "stop";
|
start_verb = "stop";
|
||||||
accept_path = false;
|
accept_path = false;
|
||||||
prohibit_templates = false;
|
prohibit_templates = false;
|
||||||
dead_ok = true; /* If the service is not running anyway, no need to stop it. */
|
|
||||||
} else if (streq(verb, "reenable")) {
|
} else if (streq(verb, "reenable")) {
|
||||||
/* Note that we use try-restart here. This matches the semantics of reenable better,
|
/* Note that we use try-restart here. This matches the semantics of reenable better,
|
||||||
* and allows us to glob template units. */
|
* and allows us to glob template units. */
|
||||||
@ -355,20 +354,9 @@ int verb_enable(int argc, char *argv[], void *userdata) {
|
|||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
"--now can only be used with verb enable, disable, reenable, or mask.");
|
"--now can only be used with verb enable, disable, reenable, or mask.");
|
||||||
|
|
||||||
switch (install_client_side()) {
|
if (install_client_side())
|
||||||
case INSTALL_CLIENT_SIDE_NO:
|
return log_error_errno(SYNTHETIC_ERRNO(EREMOTE),
|
||||||
break;
|
"--now cannot be used when systemd is not running or in conjunction with --root=/--global, refusing.");
|
||||||
case INSTALL_CLIENT_SIDE_OVERRIDE:
|
|
||||||
case INSTALL_CLIENT_SIDE_OFFLINE:
|
|
||||||
case INSTALL_CLIENT_SIDE_NOT_BOOTED:
|
|
||||||
if (!dead_ok)
|
|
||||||
log_warning("Cannot %s unit with --now when systemd is not running, ignoring.", start_verb);
|
|
||||||
return 0;
|
|
||||||
case INSTALL_CLIENT_SIDE_ARG_ROOT:
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EREMOTE), "--now cannot be used with --root=.");
|
|
||||||
case INSTALL_CLIENT_SIDE_GLOBAL_SCOPE:
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EREMOTE), "--now cannot be used with --global.");
|
|
||||||
}
|
|
||||||
|
|
||||||
assert(bus);
|
assert(bus);
|
||||||
|
|
||||||
|
|||||||
@ -82,7 +82,7 @@ int verb_is_enabled(int argc, char *argv[], void *userdata) {
|
|||||||
not_found = r == 0; /* Doesn't have SysV support or SYSV_UNIT_NOT_FOUND */
|
not_found = r == 0; /* Doesn't have SysV support or SYSV_UNIT_NOT_FOUND */
|
||||||
enabled = r == SYSV_UNIT_ENABLED;
|
enabled = r == SYSV_UNIT_ENABLED;
|
||||||
|
|
||||||
if (install_client_side() != INSTALL_CLIENT_SIDE_NO)
|
if (install_client_side())
|
||||||
STRV_FOREACH(name, names) {
|
STRV_FOREACH(name, names) {
|
||||||
UnitFileState state;
|
UnitFileState state;
|
||||||
|
|
||||||
|
|||||||
@ -180,7 +180,7 @@ int verb_list_unit_files(int argc, char *argv[], void *userdata) {
|
|||||||
unsigned c = 0;
|
unsigned c = 0;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (install_client_side() != INSTALL_CLIENT_SIDE_NO) {
|
if (install_client_side()) {
|
||||||
unsigned n_units;
|
unsigned n_units;
|
||||||
|
|
||||||
r = unit_file_get_list(arg_runtime_scope, arg_root, arg_states, strv_skip(argv, 1), &h);
|
r = unit_file_get_list(arg_runtime_scope, arg_root, arg_states, strv_skip(argv, 1), &h);
|
||||||
|
|||||||
@ -19,7 +19,7 @@ int verb_preset_all(int argc, char *argv[], void *userdata) {
|
|||||||
if (should_bypass("SYSTEMD_PRESET"))
|
if (should_bypass("SYSTEMD_PRESET"))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (install_client_side() != INSTALL_CLIENT_SIDE_NO) {
|
if (install_client_side()) {
|
||||||
InstallChange *changes = NULL;
|
InstallChange *changes = NULL;
|
||||||
size_t n_changes = 0;
|
size_t n_changes = 0;
|
||||||
|
|
||||||
|
|||||||
@ -58,7 +58,7 @@ static void emit_cmdline_warning(void) {
|
|||||||
static int determine_default(char **ret_name) {
|
static int determine_default(char **ret_name) {
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (install_client_side() != INSTALL_CLIENT_SIDE_NO) {
|
if (install_client_side()) {
|
||||||
r = unit_file_get_default(arg_runtime_scope, arg_root, ret_name);
|
r = unit_file_get_default(arg_runtime_scope, arg_root, ret_name);
|
||||||
if (r == -ERFKILL)
|
if (r == -ERFKILL)
|
||||||
return log_error_errno(r, "Failed to get default target: Unit file is masked.");
|
return log_error_errno(r, "Failed to get default target: Unit file is masked.");
|
||||||
@ -116,7 +116,7 @@ int verb_set_default(int argc, char *argv[], void *userdata) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to mangle unit name: %m");
|
return log_error_errno(r, "Failed to mangle unit name: %m");
|
||||||
|
|
||||||
if (install_client_side() != INSTALL_CLIENT_SIDE_NO) {
|
if (install_client_side()) {
|
||||||
InstallChange *changes = NULL;
|
InstallChange *changes = NULL;
|
||||||
size_t n_changes = 0;
|
size_t n_changes = 0;
|
||||||
|
|
||||||
|
|||||||
@ -523,7 +523,7 @@ int unit_find_paths(
|
|||||||
|
|
||||||
/* Go via the bus to acquire the path, unless we are explicitly told not to, or when the unit name is a template */
|
/* Go via the bus to acquire the path, unless we are explicitly told not to, or when the unit name is a template */
|
||||||
if (!force_client_side &&
|
if (!force_client_side &&
|
||||||
install_client_side() == INSTALL_CLIENT_SIDE_NO &&
|
!install_client_side() &&
|
||||||
!unit_name_is_valid(unit_name, UNIT_NAME_TEMPLATE)) {
|
!unit_name_is_valid(unit_name, UNIT_NAME_TEMPLATE)) {
|
||||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||||
_cleanup_free_ char *load_state = NULL, *dbus_path = NULL;
|
_cleanup_free_ char *load_state = NULL, *dbus_path = NULL;
|
||||||
@ -880,27 +880,26 @@ bool output_show_unit(const UnitInfo *u, char **patterns) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
InstallClientSide install_client_side(void) {
|
bool install_client_side(void) {
|
||||||
/* Decides whether to execute enable/disable/… client-side offline operation rather than
|
/* Decides when to execute enable/disable/... operations client-side rather than server-side. */
|
||||||
* server-side. */
|
|
||||||
|
if (running_in_chroot_or_offline())
|
||||||
|
return true;
|
||||||
|
|
||||||
|
if (sd_booted() <= 0)
|
||||||
|
return true;
|
||||||
|
|
||||||
|
if (!isempty(arg_root))
|
||||||
|
return true;
|
||||||
|
|
||||||
|
if (arg_runtime_scope == RUNTIME_SCOPE_GLOBAL)
|
||||||
|
return true;
|
||||||
|
|
||||||
/* Unsupported environment variable, mostly for debugging purposes */
|
/* Unsupported environment variable, mostly for debugging purposes */
|
||||||
if (getenv_bool("SYSTEMCTL_INSTALL_CLIENT_SIDE") > 0)
|
if (getenv_bool("SYSTEMCTL_INSTALL_CLIENT_SIDE") > 0)
|
||||||
return INSTALL_CLIENT_SIDE_OVERRIDE;
|
return true;
|
||||||
|
|
||||||
if (!isempty(arg_root))
|
return false;
|
||||||
return INSTALL_CLIENT_SIDE_ARG_ROOT;
|
|
||||||
|
|
||||||
if (running_in_chroot_or_offline())
|
|
||||||
return INSTALL_CLIENT_SIDE_OFFLINE;
|
|
||||||
|
|
||||||
if (sd_booted() <= 0)
|
|
||||||
return INSTALL_CLIENT_SIDE_NOT_BOOTED;
|
|
||||||
|
|
||||||
if (arg_runtime_scope == RUNTIME_SCOPE_GLOBAL)
|
|
||||||
return INSTALL_CLIENT_SIDE_GLOBAL_SCOPE;
|
|
||||||
|
|
||||||
return INSTALL_CLIENT_SIDE_NO;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int output_table(Table *table) {
|
int output_table(Table *table) {
|
||||||
|
|||||||
@ -69,16 +69,7 @@ int unit_get_dependencies(sd_bus *bus, const char *name, char ***ret);
|
|||||||
const char* unit_type_suffix(const char *unit);
|
const char* unit_type_suffix(const char *unit);
|
||||||
bool output_show_unit(const UnitInfo *u, char **patterns);
|
bool output_show_unit(const UnitInfo *u, char **patterns);
|
||||||
|
|
||||||
typedef enum InstallClientSide {
|
bool install_client_side(void);
|
||||||
INSTALL_CLIENT_SIDE_NO = 0,
|
|
||||||
INSTALL_CLIENT_SIDE_OVERRIDE,
|
|
||||||
INSTALL_CLIENT_SIDE_ARG_ROOT,
|
|
||||||
INSTALL_CLIENT_SIDE_OFFLINE,
|
|
||||||
INSTALL_CLIENT_SIDE_NOT_BOOTED,
|
|
||||||
INSTALL_CLIENT_SIDE_GLOBAL_SCOPE,
|
|
||||||
} InstallClientSide;
|
|
||||||
|
|
||||||
InstallClientSide install_client_side(void);
|
|
||||||
|
|
||||||
int output_table(Table *table);
|
int output_table(Table *table);
|
||||||
|
|
||||||
|
|||||||
@ -445,8 +445,8 @@ def main() -> None:
|
|||||||
summary = Summary.get(args)
|
summary = Summary.get(args)
|
||||||
|
|
||||||
# Keep list in sync with TEST-06-SELINUX.sh
|
# Keep list in sync with TEST-06-SELINUX.sh
|
||||||
if args.name == 'TEST-06-SELINUX' and summary.distribution not in ('centos', 'fedora', 'opensuse'):
|
if args.name == 'TEST-06-SELINUX' and summary.distribution not in ('fedora', 'centos'):
|
||||||
print('Skipping TEST-06-SELINUX, only enabled for CentOS/Fedora/openSUSE', file=sys.stderr)
|
print('Skipping TEST-06-SELINUX, only enabled for Fedora/CentOS', file=sys.stderr)
|
||||||
exit(77)
|
exit(77)
|
||||||
|
|
||||||
if shell and not sys.stdin.isatty():
|
if shell and not sys.stdin.isatty():
|
||||||
|
|||||||
@ -81,10 +81,10 @@ valgrind_cmd = ''
|
|||||||
enable_debug = True
|
enable_debug = True
|
||||||
env = {}
|
env = {}
|
||||||
wait_online_env = {}
|
wait_online_env = {}
|
||||||
asan_options = os.getenv('ASAN_OPTIONS')
|
asan_options = None
|
||||||
lsan_options = os.getenv('LSAN_OPTIONS')
|
lsan_options = None
|
||||||
ubsan_options = os.getenv('UBSAN_OPTIONS')
|
ubsan_options = None
|
||||||
with_coverage = os.getenv('COVERAGE_BUILD_DIR') != None
|
with_coverage = False
|
||||||
show_journal = True # When true, show journal on stopping networkd.
|
show_journal = True # When true, show journal on stopping networkd.
|
||||||
|
|
||||||
active_units = []
|
active_units = []
|
||||||
@ -487,19 +487,7 @@ def create_service_dropin(service, command, additional_settings=None):
|
|||||||
if ubsan_options:
|
if ubsan_options:
|
||||||
drop_in += [f'Environment=UBSAN_OPTIONS="{ubsan_options}"']
|
drop_in += [f'Environment=UBSAN_OPTIONS="{ubsan_options}"']
|
||||||
if asan_options or lsan_options or ubsan_options:
|
if asan_options or lsan_options or ubsan_options:
|
||||||
# Disable system call filter when running with sanitizers, as they seem to call filtered syscall at
|
drop_in += ['SystemCallFilter=']
|
||||||
# the very end of the execution and stuck the process. See issue #39567.
|
|
||||||
drop_in += [
|
|
||||||
'LockPersonality=no',
|
|
||||||
'ProtectClock=no',
|
|
||||||
'ProtectKernelLogs=no',
|
|
||||||
'RestrictAddressFamilies=',
|
|
||||||
'RestrictNamespaces=no',
|
|
||||||
'RestrictRealtime=no',
|
|
||||||
'RestrictSUIDSGID=no',
|
|
||||||
'SystemCallArchitectures=',
|
|
||||||
'SystemCallFilter=',
|
|
||||||
]
|
|
||||||
if use_valgrind or asan_options or lsan_options or ubsan_options:
|
if use_valgrind or asan_options or lsan_options or ubsan_options:
|
||||||
drop_in += ['MemoryDenyWriteExecute=no']
|
drop_in += ['MemoryDenyWriteExecute=no']
|
||||||
if use_valgrind:
|
if use_valgrind:
|
||||||
|
|||||||
@ -104,12 +104,10 @@ diff /tmp/expected /tmp/output
|
|||||||
|
|
||||||
# test that LogLevelMax can also suppress logging about services, not only by services
|
# test that LogLevelMax can also suppress logging about services, not only by services
|
||||||
systemctl start silent-success
|
systemctl start silent-success
|
||||||
journalctl --sync
|
|
||||||
[[ -z "$(journalctl -b -q -u silent-success.service)" ]]
|
[[ -z "$(journalctl -b -q -u silent-success.service)" ]]
|
||||||
|
|
||||||
# Test syslog identifiers exclusion
|
# Test syslog identifiers exclusion
|
||||||
systemctl start verbose-success.service
|
systemctl start verbose-success.service
|
||||||
journalctl --sync
|
|
||||||
[[ -n "$(journalctl -b -q -u verbose-success.service -t systemd)" ]]
|
[[ -n "$(journalctl -b -q -u verbose-success.service -t systemd)" ]]
|
||||||
[[ -n "$(journalctl -b -q -u verbose-success.service -t bash)" ]]
|
[[ -n "$(journalctl -b -q -u verbose-success.service -t bash)" ]]
|
||||||
[[ -n "$(journalctl -b -q -u verbose-success.service -T systemd)" ]]
|
[[ -n "$(journalctl -b -q -u verbose-success.service -T systemd)" ]]
|
||||||
|
|||||||
@ -4,8 +4,8 @@ set -eux
|
|||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
. /etc/os-release
|
. /etc/os-release
|
||||||
if ! [[ "$ID" =~ centos|fedora|opensuse ]]; then
|
if ! [[ "$ID" =~ centos|fedora ]]; then
|
||||||
echo "Skipping because only CentOS, Fedora and openSUSE support SELinux tests" >>/skipped
|
echo "Skipping because only CentOS and Fedora support SELinux tests" >>/skipped
|
||||||
exit 77
|
exit 77
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@ -72,7 +72,7 @@ assert_eq "$(systemctl show "$UNIT_NAME.socket" -P SubState)" "listening"
|
|||||||
|
|
||||||
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
||||||
wait_for_start
|
wait_for_start
|
||||||
wait %%
|
kill %%
|
||||||
|
|
||||||
touch "/tmp/$UNIT_NAME/flag"
|
touch "/tmp/$UNIT_NAME/flag"
|
||||||
systemctl start "$UNIT_NAME-conflict2.service"
|
systemctl start "$UNIT_NAME-conflict2.service"
|
||||||
@ -80,7 +80,7 @@ wait_for_stop
|
|||||||
|
|
||||||
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
||||||
wait_for_start
|
wait_for_start
|
||||||
wait %%
|
kill %%
|
||||||
(! systemctl -q is-active "$UNIT_NAME-conflict2.service")
|
(! systemctl -q is-active "$UNIT_NAME-conflict2.service")
|
||||||
|
|
||||||
# DeferTrigger=yes
|
# DeferTrigger=yes
|
||||||
@ -99,7 +99,7 @@ assert_eq "$(systemctl show "$UNIT_NAME-conflict1.service" -P SubState)" "start"
|
|||||||
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
||||||
timeout 30 bash -c "until [[ \$(systemctl show '$UNIT_NAME.socket' -P SubState) == 'deferred' ]]; do sleep .5; done"
|
timeout 30 bash -c "until [[ \$(systemctl show '$UNIT_NAME.socket' -P SubState) == 'deferred' ]]; do sleep .5; done"
|
||||||
(! systemctl -q is-active "$UNIT_NAME.service")
|
(! systemctl -q is-active "$UNIT_NAME.service")
|
||||||
wait %%
|
kill %%
|
||||||
assert_eq "$(systemctl show "$UNIT_NAME-conflict1.service" -P SubState)" "start"
|
assert_eq "$(systemctl show "$UNIT_NAME-conflict1.service" -P SubState)" "start"
|
||||||
|
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
@ -122,7 +122,7 @@ wait_for_stop
|
|||||||
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
||||||
timeout 30 bash -c "until [[ \$(systemctl show '$UNIT_NAME.socket' -P SubState) == 'deferred' ]]; do sleep .5; done"
|
timeout 30 bash -c "until [[ \$(systemctl show '$UNIT_NAME.socket' -P SubState) == 'deferred' ]]; do sleep .5; done"
|
||||||
(! systemctl -q is-active "$UNIT_NAME.service")
|
(! systemctl -q is-active "$UNIT_NAME.service")
|
||||||
wait %%
|
kill %%
|
||||||
|
|
||||||
rm "/tmp/$UNIT_NAME/flag"
|
rm "/tmp/$UNIT_NAME/flag"
|
||||||
timeout 30 bash -c "while systemctl -q is-active '$UNIT_NAME-conflict2.service'; do sleep .2; done"
|
timeout 30 bash -c "while systemctl -q is-active '$UNIT_NAME-conflict2.service'; do sleep .2; done"
|
||||||
@ -138,7 +138,7 @@ assert_eq "$(systemctl show "$UNIT_NAME-conflict1.service" -P SubState)" "start"
|
|||||||
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
|
||||||
timeout 30 bash -c "until [[ \$(systemctl show '$UNIT_NAME.socket' -P SubState) == 'deferred' ]]; do sleep .5; done"
|
timeout 30 bash -c "until [[ \$(systemctl show '$UNIT_NAME.socket' -P SubState) == 'deferred' ]]; do sleep .5; done"
|
||||||
(! systemctl -q is-active "$UNIT_NAME.service")
|
(! systemctl -q is-active "$UNIT_NAME.service")
|
||||||
wait %%
|
kill %%
|
||||||
|
|
||||||
echo "DeferTriggerMaxSec=20s" >>/run/systemd/system/"$UNIT_NAME.socket"
|
echo "DeferTriggerMaxSec=20s" >>/run/systemd/system/"$UNIT_NAME.socket"
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|||||||
@ -50,7 +50,6 @@ trap 'touch /terminate; kill 0' RTMIN+3
|
|||||||
trap 'touch /poweroff' RTMIN+4
|
trap 'touch /poweroff' RTMIN+4
|
||||||
trap 'touch /reboot' INT
|
trap 'touch /reboot' INT
|
||||||
trap 'touch /trap' TRAP
|
trap 'touch /trap' TRAP
|
||||||
trap 'exit 0' TERM
|
|
||||||
trap 'kill $PID' EXIT
|
trap 'kill $PID' EXIT
|
||||||
|
|
||||||
# We need to wait for the sleep process asynchronously in order to allow
|
# We need to wait for the sleep process asynchronously in order to allow
|
||||||
@ -328,7 +327,6 @@ ip address add 192.0.2.1/24 dev hoge
|
|||||||
PID=0
|
PID=0
|
||||||
|
|
||||||
trap 'kill 0' RTMIN+3
|
trap 'kill 0' RTMIN+3
|
||||||
trap 'exit 0' TERM
|
|
||||||
trap 'kill $PID' EXIT
|
trap 'kill $PID' EXIT
|
||||||
|
|
||||||
# We need to wait for the sleep process asynchronously in order to allow
|
# We need to wait for the sleep process asynchronously in order to allow
|
||||||
@ -443,14 +441,9 @@ varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.OpenR
|
|||||||
|
|
||||||
# Terminating machine, otherwise acquiring image metadata by io.systemd.MachineImage.List may fail in the below.
|
# Terminating machine, otherwise acquiring image metadata by io.systemd.MachineImage.List may fail in the below.
|
||||||
machinectl terminate long-running
|
machinectl terminate long-running
|
||||||
# Wait for the container to stop, otherwise acquiring image metadata by io.systemd.MachineImage.List below
|
# wait for the container being stopped, otherwise acquiring image metadata by io.systemd.MachineImage.List may fail in the below.
|
||||||
# may fail.
|
timeout 30 bash -c "while machinectl status long-running &>/dev/null; do sleep .5; done"
|
||||||
#
|
systemctl kill --signal=KILL systemd-nspawn@long-running.service || :
|
||||||
# We need to wait until the systemd-nspawn process is completely stopped, as the lock is held for almost the
|
|
||||||
# entire life of the process (see the run() function in nspawn.c). This means that the machine gets
|
|
||||||
# unregistered _before_ this lock is lifted which makes `machinectl status` return non-zero EC earlier than
|
|
||||||
# we need.
|
|
||||||
timeout 30 bash -xec 'until [[ "$(systemctl show -P ActiveState systemd-nspawn@long-running.service)" == inactive ]]; do sleep .5; done'
|
|
||||||
|
|
||||||
# test io.systemd.MachineImage.List
|
# test io.systemd.MachineImage.List
|
||||||
varlinkctl --more call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{}' | grep 'long-running'
|
varlinkctl --more call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{}' | grep 'long-running'
|
||||||
|
|||||||
@ -9,6 +9,18 @@ set -o pipefail
|
|||||||
# shellcheck source=test/units/util.sh
|
# shellcheck source=test/units/util.sh
|
||||||
. "$(dirname "$0")"/util.sh
|
. "$(dirname "$0")"/util.sh
|
||||||
|
|
||||||
|
# Requires kernel built with certain kconfigs, as listed in README:
|
||||||
|
# https://oracle.github.io/kconfigs/?config=UTS_RELEASE&config=DM_VERITY_VERIFY_ROOTHASH_SIG&config=DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING&config=DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING&config=IMA_ARCH_POLICY&config=INTEGRITY_MACHINE_KEYRING
|
||||||
|
if grep -q "$(openssl x509 -noout -subject -in /usr/share/mkosi.crt | sed 's/^.*CN=//')" /proc/keys && \
|
||||||
|
( . /etc/os-release; [ "$ID" != "centos" ] || systemd-analyze compare-versions "$VERSION_ID" ge 10 ) && \
|
||||||
|
( . /etc/os-release; [ "$ID" != "debian" ] || systemd-analyze compare-versions "$VERSION_ID" ge 13 ) && \
|
||||||
|
( . /etc/os-release; [ "$ID" != "ubuntu" ] || systemd-analyze compare-versions "$VERSION_ID" ge 24.04 ) && \
|
||||||
|
systemd-analyze compare-versions "$(cryptsetup --version | sed 's/^cryptsetup \([0-9]*\.[0-9]*\.[0-9]*\) .*/\1/')" ge 2.3.0; then
|
||||||
|
verity_sig_supported=1
|
||||||
|
else
|
||||||
|
verity_sig_supported=0
|
||||||
|
fi
|
||||||
|
|
||||||
systemd-dissect --json=short "$MINIMAL_IMAGE.raw" | \
|
systemd-dissect --json=short "$MINIMAL_IMAGE.raw" | \
|
||||||
grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"'
|
grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"'
|
||||||
systemd-dissect "$MINIMAL_IMAGE.raw" | grep -q -F "MARKER=1"
|
systemd-dissect "$MINIMAL_IMAGE.raw" | grep -q -F "MARKER=1"
|
||||||
@ -72,7 +84,7 @@ if [[ "$verity_count" -lt 1 ]]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
# Ensure the kernel is verifying the signature if the mkosi key is in the keyring
|
# Ensure the kernel is verifying the signature if the mkosi key is in the keyring
|
||||||
if [ "$VERITY_SIG_SUPPORTED" -eq 1 ]; then
|
if [ "$verity_sig_supported" -eq 1 ]; then
|
||||||
veritysetup status "$(cat "$MINIMAL_IMAGE.roothash")-verity" | grep -q "verified (with signature)"
|
veritysetup status "$(cat "$MINIMAL_IMAGE.roothash")-verity" | grep -q "verified (with signature)"
|
||||||
fi
|
fi
|
||||||
systemd-dissect --umount "$IMAGE_DIR/mount"
|
systemd-dissect --umount "$IMAGE_DIR/mount"
|
||||||
@ -460,8 +472,8 @@ RootImage=$MINIMAL_IMAGE.raw
|
|||||||
ExtensionImages=/tmp/app0.raw /tmp/app1.raw:nosuid
|
ExtensionImages=/tmp/app0.raw /tmp/app1.raw:nosuid
|
||||||
# Relevant only for sanitizer runs
|
# Relevant only for sanitizer runs
|
||||||
UnsetEnvironment=LD_PRELOAD
|
UnsetEnvironment=LD_PRELOAD
|
||||||
ExecStart=bash -o pipefail -c '/opt/script0.sh | grep ID'
|
ExecStart=bash -c '/opt/script0.sh | grep ID'
|
||||||
ExecStart=bash -o pipefail -c '/opt/script1.sh | grep ID'
|
ExecStart=bash -c '/opt/script1.sh | grep ID'
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=yes
|
RemainAfterExit=yes
|
||||||
EOF
|
EOF
|
||||||
@ -478,7 +490,7 @@ mkdir "$VDIR" "$EMPTY_VDIR"
|
|||||||
ln -s /tmp/app0.raw "$VDIR/${VBASE}_0.raw"
|
ln -s /tmp/app0.raw "$VDIR/${VBASE}_0.raw"
|
||||||
ln -s /tmp/app1.raw "$VDIR/${VBASE}_1.raw"
|
ln -s /tmp/app1.raw "$VDIR/${VBASE}_1.raw"
|
||||||
|
|
||||||
systemd-run -P -p ExtensionImages="$VDIR -$EMPTY_VDIR -$NONEXISTENT_VDIR" bash -o pipefail -c '/opt/script1.sh | grep ID'
|
systemd-run -P -p ExtensionImages="$VDIR -$EMPTY_VDIR -$NONEXISTENT_VDIR" bash -c '/opt/script1.sh | grep ID'
|
||||||
|
|
||||||
rm -rf "$VDIR" "$EMPTY_VDIR"
|
rm -rf "$VDIR" "$EMPTY_VDIR"
|
||||||
|
|
||||||
@ -575,7 +587,7 @@ EnvironmentFile=-/usr/lib/systemd/systemd-asan-env
|
|||||||
PrivateTmp=disconnected
|
PrivateTmp=disconnected
|
||||||
BindPaths=/tmp/markers/
|
BindPaths=/tmp/markers/
|
||||||
ExtensionDirectories=-${VDIR}
|
ExtensionDirectories=-${VDIR}
|
||||||
ExecStart=bash -o pipefail -x -c ' \\
|
ExecStart=bash -x -c ' \\
|
||||||
trap "{ \\
|
trap "{ \\
|
||||||
systemd-notify --reloading; \\
|
systemd-notify --reloading; \\
|
||||||
(ls /etc | grep marker || echo no-marker) >/tmp/markers/50g; \\
|
(ls /etc | grep marker || echo no-marker) >/tmp/markers/50g; \\
|
||||||
@ -616,7 +628,7 @@ EnvironmentFile=-/usr/lib/systemd/systemd-asan-env
|
|||||||
PrivateTmp=disconnected
|
PrivateTmp=disconnected
|
||||||
BindPaths=/tmp/markers/
|
BindPaths=/tmp/markers/
|
||||||
ExtensionImages=-$VDIR2
|
ExtensionImages=-$VDIR2
|
||||||
ExecStart=bash -o pipefail -x -c ' \\
|
ExecStart=bash -x -c ' \\
|
||||||
trap "{ \\
|
trap "{ \\
|
||||||
systemd-notify --reloading; \\
|
systemd-notify --reloading; \\
|
||||||
(ls /etc | grep marker || echo no-marker) >/tmp/markers/50h; \\
|
(ls /etc | grep marker || echo no-marker) >/tmp/markers/50h; \\
|
||||||
@ -654,7 +666,7 @@ BindPaths=/tmp/markers/
|
|||||||
RootImage=$MINIMAL_IMAGE.raw
|
RootImage=$MINIMAL_IMAGE.raw
|
||||||
ExtensionDirectories=-${VDIR}
|
ExtensionDirectories=-${VDIR}
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
ExecStart=bash -x -o pipefail -c ' \
|
ExecStart=bash -x -c ' \
|
||||||
trap '"'"' \
|
trap '"'"' \
|
||||||
now=\$\$(grep "^now" /proc/timer_list | cut -d" " -f3 | rev | cut -c 4- | rev); \
|
now=\$\$(grep "^now" /proc/timer_list | cut -d" " -f3 | rev | cut -c 4- | rev); \
|
||||||
stdbuf -o1K printf "RELOADING=1\\nMONOTONIC_USEC=\$\${now}\\n" | socat -t 5 - UNIX-SENDTO:\$\$NOTIFY_SOCKET; \
|
stdbuf -o1K printf "RELOADING=1\\nMONOTONIC_USEC=\$\${now}\\n" | socat -t 5 - UNIX-SENDTO:\$\$NOTIFY_SOCKET; \
|
||||||
@ -689,7 +701,7 @@ BindPaths=/tmp/markers/
|
|||||||
RootDirectory=/tmp/vpickminimg
|
RootDirectory=/tmp/vpickminimg
|
||||||
ExtensionDirectories=-${VDIR}
|
ExtensionDirectories=-${VDIR}
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
ExecStart=bash -x -o pipefail -c ' \
|
ExecStart=bash -x -c ' \
|
||||||
trap '"'"' \
|
trap '"'"' \
|
||||||
now=\$\$(grep "^now" /proc/timer_list | cut -d" " -f3 | rev | cut -c 4- | rev); \
|
now=\$\$(grep "^now" /proc/timer_list | cut -d" " -f3 | rev | cut -c 4- | rev); \
|
||||||
stdbuf -o1K printf "RELOADING=1\\nMONOTONIC_USEC=\$\${now}\\n" | socat -t 5 - UNIX-SENDTO:\$\$NOTIFY_SOCKET; \
|
stdbuf -o1K printf "RELOADING=1\\nMONOTONIC_USEC=\$\${now}\\n" | socat -t 5 - UNIX-SENDTO:\$\$NOTIFY_SOCKET; \
|
||||||
@ -719,7 +731,7 @@ RootImage=$MINIMAL_IMAGE.raw
|
|||||||
ExtensionImages=-$VDIR2 /tmp/app0.raw
|
ExtensionImages=-$VDIR2 /tmp/app0.raw
|
||||||
PrivateUsers=yes
|
PrivateUsers=yes
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
ExecStart=bash -x -o pipefail -c ' \
|
ExecStart=bash -x -c ' \
|
||||||
trap '"'"' \
|
trap '"'"' \
|
||||||
now=\$\$(grep "^now" /proc/timer_list | cut -d" " -f3 | rev | cut -c 4- | rev); \
|
now=\$\$(grep "^now" /proc/timer_list | cut -d" " -f3 | rev | cut -c 4- | rev); \
|
||||||
stdbuf -o1K printf "RELOADING=1\\nMONOTONIC_USEC=\$\${now}\\n" | socat -t 5 - UNIX-SENDTO:\$\$NOTIFY_SOCKET; \
|
stdbuf -o1K printf "RELOADING=1\\nMONOTONIC_USEC=\$\${now}\\n" | socat -t 5 - UNIX-SENDTO:\$\$NOTIFY_SOCKET; \
|
||||||
@ -734,7 +746,7 @@ EOF
|
|||||||
systemctl start testservice-50k.service
|
systemctl start testservice-50k.service
|
||||||
systemctl is-active testservice-50k.service
|
systemctl is-active testservice-50k.service
|
||||||
# Ensure the kernel is verifying the signature if the mkosi key is in the keyring
|
# Ensure the kernel is verifying the signature if the mkosi key is in the keyring
|
||||||
if [ "$VERITY_SIG_SUPPORTED" -eq 1 ]; then
|
if [ "$verity_sig_supported" -eq 1 ]; then
|
||||||
veritysetup status "$(cat "$MINIMAL_IMAGE.roothash")-verity" | grep -q "verified (with signature)"
|
veritysetup status "$(cat "$MINIMAL_IMAGE.roothash")-verity" | grep -q "verified (with signature)"
|
||||||
fi
|
fi
|
||||||
# First reload should pick up the v1 marker
|
# First reload should pick up the v1 marker
|
||||||
|
|||||||
@ -25,27 +25,10 @@ at_exit() {
|
|||||||
done < <(find "${IMAGE_DIR}" -mindepth 1 -maxdepth 1 -type d)
|
done < <(find "${IMAGE_DIR}" -mindepth 1 -maxdepth 1 -type d)
|
||||||
|
|
||||||
rm -rf "$IMAGE_DIR"
|
rm -rf "$IMAGE_DIR"
|
||||||
|
|
||||||
loginctl disable-linger testuser
|
|
||||||
}
|
}
|
||||||
|
|
||||||
trap at_exit EXIT
|
trap at_exit EXIT
|
||||||
|
|
||||||
# For unprivileged tests
|
|
||||||
loginctl enable-linger testuser
|
|
||||||
|
|
||||||
# Requires kernel built with certain kconfigs, as listed in README:
|
|
||||||
# https://oracle.github.io/kconfigs/?config=UTS_RELEASE&config=DM_VERITY_VERIFY_ROOTHASH_SIG&config=DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING&config=DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING&config=IMA_ARCH_POLICY&config=INTEGRITY_MACHINE_KEYRING
|
|
||||||
if grep -q "$(openssl x509 -noout -subject -in /usr/share/mkosi.crt | sed 's/^.*CN=//')" /proc/keys && \
|
|
||||||
( . /etc/os-release; [ "$ID" != "centos" ] || systemd-analyze compare-versions "$VERSION_ID" ge 10 ) && \
|
|
||||||
( . /etc/os-release; [ "$ID" != "debian" ] || [ -z "${VERSION_ID:-}" ] || systemd-analyze compare-versions "$VERSION_ID" ge 13 ) && \
|
|
||||||
( . /etc/os-release; [ "$ID" != "ubuntu" ] || systemd-analyze compare-versions "$VERSION_ID" ge 24.04 ) && \
|
|
||||||
systemd-analyze compare-versions "$(cryptsetup --version | sed 's/^cryptsetup \([0-9]*\.[0-9]*\.[0-9]*\) .*/\1/')" ge 2.3.0; then
|
|
||||||
export VERITY_SIG_SUPPORTED=1
|
|
||||||
else
|
|
||||||
export VERITY_SIG_SUPPORTED=0
|
|
||||||
fi
|
|
||||||
|
|
||||||
: "Setup base images"
|
: "Setup base images"
|
||||||
|
|
||||||
export SYSTEMD_LOG_LEVEL=debug
|
export SYSTEMD_LOG_LEVEL=debug
|
||||||
@ -119,7 +102,6 @@ fi
|
|||||||
udevadm control --log-level=debug
|
udevadm control --log-level=debug
|
||||||
|
|
||||||
IMAGE_DIR="$(mktemp -d --tmpdir="" TEST-50-IMAGES.XXX)"
|
IMAGE_DIR="$(mktemp -d --tmpdir="" TEST-50-IMAGES.XXX)"
|
||||||
chmod go+rx "$IMAGE_DIR"
|
|
||||||
cp -v /usr/share/minimal* "$IMAGE_DIR/"
|
cp -v /usr/share/minimal* "$IMAGE_DIR/"
|
||||||
MINIMAL_IMAGE="$IMAGE_DIR/minimal_0"
|
MINIMAL_IMAGE="$IMAGE_DIR/minimal_0"
|
||||||
MINIMAL_IMAGE_ROOTHASH="$(<"$MINIMAL_IMAGE.roothash")"
|
MINIMAL_IMAGE_ROOTHASH="$(<"$MINIMAL_IMAGE.roothash")"
|
||||||
|
|||||||
@ -1064,13 +1064,10 @@ extension_verify_after_unmerge "$fake_root" "$hierarchy" -h
|
|||||||
fake_root=${roots_dir:+"$roots_dir/mutable-directory-with-invalid-permissions"}
|
fake_root=${roots_dir:+"$roots_dir/mutable-directory-with-invalid-permissions"}
|
||||||
hierarchy=/opt
|
hierarchy=/opt
|
||||||
extension_data_dir="$fake_root/var/lib/extensions.mutable$hierarchy"
|
extension_data_dir="$fake_root/var/lib/extensions.mutable$hierarchy"
|
||||||
extension_data_dir_usr="$fake_root/var/lib/extensions.mutable/usr"
|
|
||||||
|
|
||||||
prepare_root "$fake_root" "$hierarchy"
|
prepare_root "$fake_root" "$hierarchy"
|
||||||
prepare_extension_image "$fake_root" "$hierarchy"
|
prepare_extension_image "$fake_root" "$hierarchy"
|
||||||
prepare_extension_mutable_dir "$extension_data_dir"
|
prepare_extension_mutable_dir "$extension_data_dir"
|
||||||
prepend_trap "rm -rf ${extension_data_dir@Q}"
|
|
||||||
prepend_trap "rm -rf ${extension_data_dir_usr@Q}"
|
|
||||||
prepare_hierarchy "$fake_root" "$hierarchy"
|
prepare_hierarchy "$fake_root" "$hierarchy"
|
||||||
|
|
||||||
old_mode=$(stat --format '%#a' "$fake_root$hierarchy")
|
old_mode=$(stat --format '%#a' "$fake_root$hierarchy")
|
||||||
@ -1081,29 +1078,6 @@ chmod 0700 "$extension_data_dir"
|
|||||||
(! run_systemd_sysext "$fake_root" --mutable=yes merge)
|
(! run_systemd_sysext "$fake_root" --mutable=yes merge)
|
||||||
)
|
)
|
||||||
|
|
||||||
( init_trap
|
|
||||||
: "Check if merging fails in case of --root= being an initrd but the extension is not for it"
|
|
||||||
# Since this is really about whether --root= gets prepended for the /etc/initrd-release check,
|
|
||||||
# this also tests the more interesting reverse case that we are in the initrd and prepare
|
|
||||||
# the mounts for the final system with --root=/sysroot
|
|
||||||
fake_root=${roots_dir:+"$roots_dir/initrd-env-with-non-initrd-extension"}
|
|
||||||
hierarchy=/opt
|
|
||||||
|
|
||||||
prepare_root "$fake_root" "$hierarchy"
|
|
||||||
prepare_extension_image "$fake_root" "$hierarchy"
|
|
||||||
mkdir -p "${fake_root}/etc"
|
|
||||||
touch "${fake_root}/etc/initrd-release"
|
|
||||||
prepare_read_only_hierarchy "$fake_root" "$hierarchy"
|
|
||||||
|
|
||||||
# Should be a no-op, thus we also don't run unmerge afterwards (otherwise the test is broken)
|
|
||||||
run_systemd_sysext "$fake_root" merge
|
|
||||||
if run_systemd_sysext "$fake_root" status --json=pretty | jq -r '.[].extensions' | grep -v '^none$' ; then
|
|
||||||
echo >&2 "Extension got loaded for an initrd structure passed as --root= while the extension does not declare itself compatible with the initrd scope"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
rm "${fake_root}/etc/initrd-release"
|
|
||||||
)
|
|
||||||
|
|
||||||
} # End of run_sysext_tests
|
} # End of run_sysext_tests
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -15,11 +15,11 @@ set -o pipefail
|
|||||||
. "$(dirname "$0")"/util.sh
|
. "$(dirname "$0")"/util.sh
|
||||||
|
|
||||||
UNIT_NAME="timer-RandomizedDelaySec-$RANDOM"
|
UNIT_NAME="timer-RandomizedDelaySec-$RANDOM"
|
||||||
TARGET_TS="$(date --date="tomorrow 00:10" "+%a %Y-%m-%d %H:%M:%S %Z")"
|
TARGET_TS="$(date --date="tomorrow 00:10")"
|
||||||
TARGET_TS_S="$(date --date="$TARGET_TS" "+%s")"
|
TARGET_TS_S="$(date --date="$TARGET_TS" "+%s")"
|
||||||
# Maximum possible next elapse timestamp: $TARGET_TS (OnCalendar=) + 22 hours (RandomizedDelaySec=)
|
# Maximum possible next elapse timestamp: $TARGET_TS (OnCalendar=) + 22 hours (RandomizedDelaySec=)
|
||||||
MAX_NEXT_ELAPSE_REALTIME_S="$((TARGET_TS_S + 22 * 60 * 60))"
|
MAX_NEXT_ELAPSE_REALTIME_S="$((TARGET_TS_S + 22 * 60 * 60))"
|
||||||
MAX_NEXT_ELAPSE_REALTIME="$(date --date="@$MAX_NEXT_ELAPSE_REALTIME_S" "+%a %Y-%m-%d %H:%M:%S %Z")"
|
MAX_NEXT_ELAPSE_REALTIME="$(date --date="@$MAX_NEXT_ELAPSE_REALTIME_S")"
|
||||||
|
|
||||||
# Let's make sure to return the date & time back to the original state once we're done with our time
|
# Let's make sure to return the date & time back to the original state once we're done with our time
|
||||||
# shenigans. One way to do this would be to use hwclock, but the RTC in VMs can be unreliable or slow to
|
# shenigans. One way to do this would be to use hwclock, but the RTC in VMs can be unreliable or slow to
|
||||||
|
|||||||
@ -19,7 +19,7 @@ systemd-analyze time || :
|
|||||||
systemd-analyze critical-chain || :
|
systemd-analyze critical-chain || :
|
||||||
# blame
|
# blame
|
||||||
systemd-analyze blame
|
systemd-analyze blame
|
||||||
systemd-run --wait --user --pipe -M testuser@.host systemd-analyze blame --no-pager
|
systemd-run --wait --user --pipe -M testuser@.host systemd-analyze blame
|
||||||
(! systemd-analyze blame --global)
|
(! systemd-analyze blame --global)
|
||||||
# plot
|
# plot
|
||||||
systemd-analyze plot >/dev/null || :
|
systemd-analyze plot >/dev/null || :
|
||||||
|
|||||||
@ -15,7 +15,7 @@ fi
|
|||||||
"$SD_TPM2SETUP" --version
|
"$SD_TPM2SETUP" --version
|
||||||
"$SD_TPM2SETUP" --tpm2-device=list
|
"$SD_TPM2SETUP" --tpm2-device=list
|
||||||
"$SD_TPM2SETUP" --tpm2-device=auto
|
"$SD_TPM2SETUP" --tpm2-device=auto
|
||||||
"$SD_TPM2SETUP" --tpm2-device=/dev/tpmrm0
|
"$SD_TPM2SETUP" --tpm2-device=/dev/tpm0
|
||||||
"$SD_TPM2SETUP" --early=yes
|
"$SD_TPM2SETUP" --early=yes
|
||||||
"$SD_TPM2SETUP" --early=yes
|
"$SD_TPM2SETUP" --early=yes
|
||||||
"$SD_TPM2SETUP" --early=no
|
"$SD_TPM2SETUP" --early=no
|
||||||
|
|||||||
@ -81,11 +81,6 @@ systemd-run --wait --pipe --user --machine=testuser@ \
|
|||||||
systemd-run --wait --pipe --user --machine=testuser@ \
|
systemd-run --wait --pipe --user --machine=testuser@ \
|
||||||
bash -xec '[[ "$PWD" == /home/testuser && -n "$INVOCATION_ID" ]]'
|
bash -xec '[[ "$PWD" == /home/testuser && -n "$INVOCATION_ID" ]]'
|
||||||
|
|
||||||
# https://github.com/systemd/systemd/issues/39038
|
|
||||||
systemd-run --wait --machine=testuser@ --user -p User=testuser true
|
|
||||||
systemd-run --wait --machine=testuser@ --user -p Group=testuser true
|
|
||||||
(! systemd-run --wait --machine=testuser@ --user -p Group=testuser -p SupplementaryGroups=root true)
|
|
||||||
|
|
||||||
# PrivateTmp=yes implies PrivateUsers=yes for user manager, so skip this if we
|
# PrivateTmp=yes implies PrivateUsers=yes for user manager, so skip this if we
|
||||||
# don't have unprivileged user namespaces.
|
# don't have unprivileged user namespaces.
|
||||||
if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -ne 1 ]]; then
|
if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -ne 1 ]]; then
|
||||||
|
|||||||
@ -11,7 +11,7 @@ assert_in systemd-socket "$(cat /proc/"$PID"/comm)"
|
|||||||
assert_eq "$(echo -n hello | socat - 'TCP:localhost:1234')" hello
|
assert_eq "$(echo -n hello | socat - 'TCP:localhost:1234')" hello
|
||||||
assert_in systemd-socket "$(cat /proc/"$PID"/comm)"
|
assert_in systemd-socket "$(cat /proc/"$PID"/comm)"
|
||||||
kill "$PID"
|
kill "$PID"
|
||||||
tail --pid="$PID" -f /dev/null
|
wait "$PID" || :
|
||||||
|
|
||||||
PID=$(systemd-notify --fork -- systemd-socket-activate -l 1234 --now socat ACCEPT-FD:3 PIPE)
|
PID=$(systemd-notify --fork -- systemd-socket-activate -l 1234 --now socat ACCEPT-FD:3 PIPE)
|
||||||
for _ in {1..100}; do
|
for _ in {1..100}; do
|
||||||
@ -24,7 +24,7 @@ for _ in {1..100}; do
|
|||||||
|
|
||||||
if [[ "$(cat /proc/"$PID"/comm || :)" =~ socat ]]; then
|
if [[ "$(cat /proc/"$PID"/comm || :)" =~ socat ]]; then
|
||||||
assert_eq "$(echo -n bye | socat - 'TCP:localhost:1234')" bye
|
assert_eq "$(echo -n bye | socat - 'TCP:localhost:1234')" bye
|
||||||
tail --pid="$PID" -f /dev/null
|
wait "$PID" || :
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|||||||
@ -64,13 +64,11 @@ monitor_check_rr() (
|
|||||||
)
|
)
|
||||||
|
|
||||||
restart_resolved() {
|
restart_resolved() {
|
||||||
systemctl stop systemd-resolved-monitor.socket systemd-resolved-varlink.socket
|
|
||||||
systemctl stop systemd-resolved.service
|
systemctl stop systemd-resolved.service
|
||||||
(! systemctl is-failed systemd-resolved.service)
|
(! systemctl is-failed systemd-resolved.service)
|
||||||
# Reset the restart counter since we call this method a bunch of times
|
# Reset the restart counter since we call this method a bunch of times
|
||||||
# and can occasionally hit the default rate limit
|
# and can occasionally hit the default rate limit
|
||||||
systemctl reset-failed systemd-resolved.service
|
systemctl reset-failed systemd-resolved.service
|
||||||
systemctl start systemd-resolved-monitor.socket systemd-resolved-varlink.socket
|
|
||||||
systemctl start systemd-resolved.service
|
systemctl start systemd-resolved.service
|
||||||
systemctl service-log-level systemd-resolved.service debug
|
systemctl service-log-level systemd-resolved.service debug
|
||||||
}
|
}
|
||||||
@ -185,8 +183,8 @@ EOF
|
|||||||
chown -R knot:knot /run/knot
|
chown -R knot:knot /run/knot
|
||||||
fi
|
fi
|
||||||
systemctl start knot
|
systemctl start knot
|
||||||
# Wait for signed.test's zone DS records to get pushed to the parent zone
|
# Wait a bit for the keys to propagate
|
||||||
timeout 30s bash -xec 'until knotc zone-read test. signed.test. ds | grep -E "signed\.test\. [0-9]+ DS"; do sleep 2; done'
|
sleep 4
|
||||||
|
|
||||||
systemctl status resolved-dummy-server
|
systemctl status resolved-dummy-server
|
||||||
networkctl status
|
networkctl status
|
||||||
@ -336,7 +334,6 @@ manual_testcase_02_mdns_llmnr() {
|
|||||||
} >/run/systemd/resolved.conf.d/90-mdns-llmnr.conf
|
} >/run/systemd/resolved.conf.d/90-mdns-llmnr.conf
|
||||||
restart_resolved
|
restart_resolved
|
||||||
# make sure networkd is not running.
|
# make sure networkd is not running.
|
||||||
systemctl stop systemd-networkd.socket systemd-networkd-varlink.socket
|
|
||||||
systemctl stop systemd-networkd.service
|
systemctl stop systemd-networkd.service
|
||||||
assert_in 'no' "$(resolvectl mdns hoge)"
|
assert_in 'no' "$(resolvectl mdns hoge)"
|
||||||
assert_in 'no' "$(resolvectl llmnr hoge)"
|
assert_in 'no' "$(resolvectl llmnr hoge)"
|
||||||
@ -1371,9 +1368,7 @@ testcase_15_wait_online_dns() {
|
|||||||
resolvectl domain dns0 ""
|
resolvectl domain dns0 ""
|
||||||
|
|
||||||
# Stop systemd-resolved before calling systemd-networkd-wait-online. It should retry connections.
|
# Stop systemd-resolved before calling systemd-networkd-wait-online. It should retry connections.
|
||||||
systemctl stop systemd-resolved-monitor.socket systemd-resolved-varlink.socket
|
|
||||||
systemctl stop systemd-resolved.service
|
systemctl stop systemd-resolved.service
|
||||||
systemctl start systemd-resolved-monitor.socket systemd-resolved-varlink.socket
|
|
||||||
|
|
||||||
# Begin systemd-networkd-wait-online --dns
|
# Begin systemd-networkd-wait-online --dns
|
||||||
systemd-run -u "$unit" -p "Environment=SYSTEMD_LOG_LEVEL=debug" -p "Environment=SYSTEMD_LOG_TARGET=journal" --service-type=exec \
|
systemd-run -u "$unit" -p "Environment=SYSTEMD_LOG_LEVEL=debug" -p "Environment=SYSTEMD_LOG_TARGET=journal" --service-type=exec \
|
||||||
|
|||||||
@ -342,8 +342,7 @@ EOF
|
|||||||
bootctl remove
|
bootctl remove
|
||||||
}
|
}
|
||||||
|
|
||||||
# Order this first, as other test cases mess with the ESP and might break 'bootctl status' output
|
testcase_secureboot() {
|
||||||
testcase_00_secureboot() {
|
|
||||||
if [ ! -d /sys/firmware/efi ]; then
|
if [ ! -d /sys/firmware/efi ]; then
|
||||||
echo "Not booted with EFI, skipping secureboot tests."
|
echo "Not booted with EFI, skipping secureboot tests."
|
||||||
return 0
|
return 0
|
||||||
|
|||||||
@ -163,7 +163,7 @@ rm -f /tmp/core.{output,redirected}
|
|||||||
|
|
||||||
# Unprivileged stuff
|
# Unprivileged stuff
|
||||||
# Related issue: https://github.com/systemd/systemd/issues/26912
|
# Related issue: https://github.com/systemd/systemd/issues/26912
|
||||||
UNPRIV_CMD=(systemd-run --user --wait --pipe -M "testuser@.host" -E SYSTEMD_PAGER --)
|
UNPRIV_CMD=(systemd-run --user --wait --pipe -M "testuser@.host" --)
|
||||||
# Trigger a couple of coredumps as an unprivileged user
|
# Trigger a couple of coredumps as an unprivileged user
|
||||||
"${UNPRIV_CMD[@]}" "$MAKE_DUMP_SCRIPT" "$CORE_TEST_UNPRIV_BIN" "SIGTRAP"
|
"${UNPRIV_CMD[@]}" "$MAKE_DUMP_SCRIPT" "$CORE_TEST_UNPRIV_BIN" "SIGTRAP"
|
||||||
"${UNPRIV_CMD[@]}" "$MAKE_DUMP_SCRIPT" "$CORE_TEST_UNPRIV_BIN" "SIGABRT"
|
"${UNPRIV_CMD[@]}" "$MAKE_DUMP_SCRIPT" "$CORE_TEST_UNPRIV_BIN" "SIGABRT"
|
||||||
|
|||||||
@ -3,11 +3,11 @@
|
|||||||
set -eux
|
set -eux
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
(! journalctl -q -o short-monotonic --grep "didn't pass validation" | grep -v "test-varlink-idl")
|
(! journalctl -q -o short-monotonic --grep "didn't pass validation" | grep -v "test-varlink-idl" >>/failed)
|
||||||
|
|
||||||
# Here, the redundant '[ ]' in the pattern is required in order not to match the logged command itself.
|
# Here, the redundant '[ ]' in the pattern is required in order not to match the logged command itself.
|
||||||
(! journalctl -q -o short-monotonic --grep 'Warning: cannot close sd-bus connection[ ].*after fork')
|
(! journalctl -q -o short-monotonic --grep 'Warning: cannot close sd-bus connection[ ].*after fork' >>/failed)
|
||||||
|
|
||||||
# Check if sd-executor doesn't complain about not being able to (de)serialize stuff
|
# Check if sd-executor doesn't complain about not being able to (de)serialize stuff
|
||||||
(! journalctl -q -o short-monotonic --grep "[F]ailed to parse serialized line")
|
(! journalctl -q -o short-monotonic --grep "[F]ailed to parse serialized line" >>/failed)
|
||||||
(! journalctl -q -o short-monotonic --grep "[F]ailed to (de)?serialize \w+")
|
(! journalctl -q -o short-monotonic --grep "[F]ailed to (de)?serialize \w+" >>/failed)
|
||||||
|
|||||||
@ -323,13 +323,6 @@ EOF
|
|||||||
echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file"
|
echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file"
|
||||||
mksquashfs "$initdir" /tmp/app0.raw -noappend
|
mksquashfs "$initdir" /tmp/app0.raw -noappend
|
||||||
veritysetup format /tmp/app0.raw /tmp/app0.verity --root-hash-file /tmp/app0.roothash
|
veritysetup format /tmp/app0.raw /tmp/app0.verity --root-hash-file /tmp/app0.roothash
|
||||||
openssl smime -sign -nocerts -noattr -binary \
|
|
||||||
-in /tmp/app0.roothash \
|
|
||||||
-inkey /usr/share/mkosi.key \
|
|
||||||
-signer /usr/share/mkosi.crt \
|
|
||||||
-outform der \
|
|
||||||
-out /tmp/app0.roothash.p7s
|
|
||||||
chmod go+r /tmp/app0*
|
|
||||||
|
|
||||||
initdir="/var/tmp/conf0"
|
initdir="/var/tmp/conf0"
|
||||||
mkdir -p "$initdir/etc/extension-release.d" "$initdir/etc/systemd/system" "$initdir/opt"
|
mkdir -p "$initdir/etc/extension-release.d" "$initdir/etc/systemd/system" "$initdir/opt"
|
||||||
@ -342,13 +335,6 @@ EOF
|
|||||||
echo MARKER_1 >"$initdir/etc/systemd/system/some_file"
|
echo MARKER_1 >"$initdir/etc/systemd/system/some_file"
|
||||||
mksquashfs "$initdir" /tmp/conf0.raw -noappend
|
mksquashfs "$initdir" /tmp/conf0.raw -noappend
|
||||||
veritysetup format /tmp/conf0.raw /tmp/conf0.verity --root-hash-file /tmp/conf0.roothash
|
veritysetup format /tmp/conf0.raw /tmp/conf0.verity --root-hash-file /tmp/conf0.roothash
|
||||||
openssl smime -sign -nocerts -noattr -binary \
|
|
||||||
-in /tmp/conf0.roothash \
|
|
||||||
-inkey /usr/share/mkosi.key \
|
|
||||||
-signer /usr/share/mkosi.crt \
|
|
||||||
-outform der \
|
|
||||||
-out /tmp/conf0.roothash.p7s
|
|
||||||
chmod go+r /tmp/conf0*
|
|
||||||
|
|
||||||
initdir="/var/tmp/app1"
|
initdir="/var/tmp/app1"
|
||||||
mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt"
|
mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt"
|
||||||
|
|||||||
@ -8,7 +8,7 @@
|
|||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Generate Network Units from Kernel Command Line
|
Description=Generate network units from Kernel command line
|
||||||
Documentation=man:systemd-network-generator.service(8)
|
Documentation=man:systemd-network-generator.service(8)
|
||||||
|
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user