mirror of
https://github.com/systemd/systemd
synced 2026-04-23 07:24:51 +02:00
Compare commits
No commits in common. "4bb37359f68f800f6ef46fa7560a715ff5254de9" and "c8a4306e63a5387813e6e01164e5303e28dc60dc" have entirely different histories.
4bb37359f6
...
c8a4306e63
@ -27,7 +27,7 @@ Please also have a look at our list of [code quality tools](CODE_QUALITY.md) we
|
||||
have setup for systemd, to ensure our codebase stays in good shape.
|
||||
|
||||
Please always test your work before submitting a PR. For many of the components
|
||||
of systemd testing is straightforward as you can simply compile systemd and
|
||||
of systemd testing is straight-forward as you can simply compile systemd and
|
||||
run the relevant tool from the build directory.
|
||||
|
||||
For some components (most importantly, systemd/PID1 itself) this is not
|
||||
|
||||
@ -60,7 +60,7 @@ bytes however, as well as any other binary data. Keys may not include the `=`
|
||||
or newline characters (or any other control characters or non-ASCII characters)
|
||||
and may not be empty.
|
||||
|
||||
Serialization into the datagram payload or `memfd` is straightforward: each
|
||||
Serialization into the datagram payload or `memfd` is straight-forward: each
|
||||
key/value pair is serialized via one of two methods:
|
||||
|
||||
* The first method inserts a `=` character between key and value, and suffixes
|
||||
|
||||
@ -114,7 +114,7 @@ warning is shown if the specified user name does not qualify by the strict
|
||||
rules above.
|
||||
|
||||
* No embedded NUL bytes (rationale: handling in C must be possible and
|
||||
straightforward)
|
||||
straight-forward)
|
||||
|
||||
* No names consisting fully of digits (rationale: avoid confusion with numeric
|
||||
UID/GID specifications)
|
||||
|
||||
@ -1145,7 +1145,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
||||
<listitem>
|
||||
<para>Dump the systemd manager environment block. This is the environment
|
||||
block that is passed to all processes the manager spawns. The environment
|
||||
block will be dumped in straightforward form suitable for sourcing into
|
||||
block will be dumped in straight-forward form suitable for sourcing into
|
||||
most shells. If no special characters or whitespace is present in the variable
|
||||
values, no escaping is performed, and the assignments have the form
|
||||
<literal>VARIABLE=value</literal>. If whitespace or characters which have
|
||||
|
||||
@ -78,7 +78,8 @@ static int prepare_socket_bind_bpf(
|
||||
|
||||
obj = socket_bind_bpf__open();
|
||||
if (!obj)
|
||||
return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, errno, "Failed to open BPF object: %m");
|
||||
return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, SYNTHETIC_ERRNO(ENOMEM),
|
||||
"Failed to open BPF object");
|
||||
|
||||
if (sym_bpf_map__resize(obj->maps.sd_bind_allow, MAX(allow_count, 1u)) != 0)
|
||||
return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, errno,
|
||||
|
||||
@ -34,11 +34,11 @@ static int prepare_restrict_ifaces_bpf(
|
||||
|
||||
obj = restrict_ifaces_bpf__open();
|
||||
if (!obj)
|
||||
return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, errno, "Failed to open BPF object: %m");
|
||||
return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOMEM), "Failed to open BPF object");
|
||||
|
||||
r = sym_bpf_map__resize(obj->maps.sd_restrictif, MAX(set_size(restrict_network_interfaces), 1u));
|
||||
if (r != 0)
|
||||
return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, r,
|
||||
return log_unit_error_errno(u, r,
|
||||
"Failed to resize BPF map '%s': %m",
|
||||
sym_bpf_map__name(obj->maps.sd_restrictif));
|
||||
|
||||
@ -46,7 +46,7 @@ static int prepare_restrict_ifaces_bpf(
|
||||
|
||||
r = restrict_ifaces_bpf__load(obj);
|
||||
if (r != 0)
|
||||
return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, r, "Failed to load BPF object: %m");
|
||||
return log_unit_error_errno(u, r, "Failed to load BPF object: %m");
|
||||
|
||||
map_fd = sym_bpf_map__fd(obj->maps.sd_restrictif);
|
||||
|
||||
@ -61,9 +61,7 @@ static int prepare_restrict_ifaces_bpf(
|
||||
}
|
||||
|
||||
if (sym_bpf_map_update_elem(map_fd, &ifindex, &dummy, BPF_ANY))
|
||||
return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, errno,
|
||||
"Failed to update BPF map '%s' fd: %m",
|
||||
sym_bpf_map__name(obj->maps.sd_restrictif));
|
||||
return log_unit_error_errno(u, errno, "Failed to update BPF map '%s' fd: %m", sym_bpf_map__name(obj->maps.sd_restrictif));
|
||||
}
|
||||
|
||||
*ret_object = TAKE_PTR(obj);
|
||||
|
||||
@ -1151,16 +1151,26 @@ static int lock_image_fd(int image_fd, const char *ip) {
|
||||
* image file, and send it to our parent. homed will keep it open to ensure no other instance of
|
||||
* homed (across the network or such) will also mount the file. */
|
||||
|
||||
assert(image_fd >= 0);
|
||||
assert(ip);
|
||||
|
||||
r = getenv_bool("SYSTEMD_LUKS_LOCK");
|
||||
if (r == -ENXIO)
|
||||
return 0;
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse $SYSTEMD_LUKS_LOCK environment variable: %m");
|
||||
if (r == 0)
|
||||
if (r > 0) {
|
||||
struct stat st;
|
||||
|
||||
if (fstat(image_fd, &st) < 0)
|
||||
return log_error_errno(errno, "Failed to stat image file: %m");
|
||||
if (S_ISBLK(st.st_mode)) {
|
||||
/* Locking block devices doesn't really make sense, as this might interfere with
|
||||
* udev's workings, and these locks aren't network propagated anyway, hence not what
|
||||
* we are after here. */
|
||||
log_debug("Not locking image file '%s', since it's a block device.", ip);
|
||||
return 0;
|
||||
}
|
||||
r = stat_verify_regular(&st);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Image file to lock is not a regular file: %m");
|
||||
|
||||
if (flock(image_fd, LOCK_EX|LOCK_NB) < 0) {
|
||||
|
||||
@ -1178,6 +1188,7 @@ static int lock_image_fd(int image_fd, const char *ip) {
|
||||
r = sd_pid_notify_with_fds(0, false, "SYSTEMD_LUKS_LOCK_FD=1", &image_fd, 1);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to send LUKS lock fd to parent, ignoring: %m");
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -1192,8 +1203,6 @@ static int open_image_file(
|
||||
const char *ip;
|
||||
int r;
|
||||
|
||||
assert(h || force_image_path);
|
||||
|
||||
ip = force_image_path ?: user_record_image_path(h);
|
||||
|
||||
image_fd = open(ip, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
|
||||
@ -1207,14 +1216,9 @@ static int open_image_file(
|
||||
S_ISDIR(st.st_mode) ? SYNTHETIC_ERRNO(EISDIR) : SYNTHETIC_ERRNO(EBADFD),
|
||||
"Image file %s is not a regular file or block device: %m", ip);
|
||||
|
||||
/* Locking block devices doesn't really make sense, as this might interfere with
|
||||
* udev's workings, and these locks aren't network propagated anyway, hence not what
|
||||
* we are after here. */
|
||||
if (S_ISREG(st.st_mode)) {
|
||||
r = lock_image_fd(image_fd, ip);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (ret_stat)
|
||||
*ret_stat = st;
|
||||
@ -2200,10 +2204,12 @@ int home_create_luks(
|
||||
|
||||
/* Let's place the home directory on a real device, i.e. an USB stick or such */
|
||||
|
||||
setup->image_fd = open_image_file(h, ip, &st);
|
||||
setup->image_fd = open(ip, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
|
||||
if (setup->image_fd < 0)
|
||||
return setup->image_fd;
|
||||
return log_error_errno(errno, "Failed to open device %s: %m", ip);
|
||||
|
||||
if (fstat(setup->image_fd, &st) < 0)
|
||||
return log_error_errno(errno, "Failed to stat device %s: %m", ip);
|
||||
if (!S_ISBLK(st.st_mode))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Device is not a block device, refusing.");
|
||||
|
||||
|
||||
@ -91,7 +91,7 @@ static int open_source(const char *path, const char *local, int *ret_open_fd) {
|
||||
if (path) {
|
||||
open_fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
|
||||
if (open_fd < 0)
|
||||
return log_error_errno(errno, "Failed to open source file '%s': %m", path);
|
||||
return log_error_errno(errno, "Failed to open raw image to import: %m");
|
||||
|
||||
retval = open_fd;
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user