docs/HACKING.md

@@ -27,7 +27,7 @@ Please also have a look at our list of [code quality tools](CODE_QUALITY.md) we
 have setup for systemd, to ensure our codebase stays in good shape.
 
 Please always test your work before submitting a PR. For many of the components
-of systemd testing is straightforward as you can simply compile systemd and
+of systemd testing is straight-forward as you can simply compile systemd and
 run the relevant tool from the build directory.
 
 For some components (most importantly, systemd/PID1 itself) this is not

docs/JOURNAL_NATIVE_PROTOCOL.md

@@ -60,7 +60,7 @@ bytes however, as well as any other binary data. Keys may not include the `=`
 or newline characters (or any other control characters or non-ASCII characters)
 and may not be empty.
 
-Serialization into the datagram payload or `memfd` is straightforward: each
+Serialization into the datagram payload or `memfd` is straight-forward: each
 key/value pair is serialized via one of two methods:
 
 * The first method inserts a `=` character between key and value, and suffixes

docs/USER_NAMES.md

@@ -114,7 +114,7 @@ warning is shown if the specified user name does not qualify by the strict
 rules above.
 
 * No embedded NUL bytes (rationale: handling in C must be possible and
-  straightforward)
+  straight-forward)
 
 * No names consisting fully of digits (rationale: avoid confusion with numeric
   UID/GID specifications)

man/systemctl.xml

@@ -1145,7 +1145,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
           <listitem>
             <para>Dump the systemd manager environment block. This is the environment
             block that is passed to all processes the manager spawns. The environment
-            block will be dumped in straightforward form suitable for sourcing into
+            block will be dumped in straight-forward form suitable for sourcing into
             most shells. If no special characters or whitespace is present in the variable
             values, no escaping is performed, and the assignments have the form
             <literal>VARIABLE=value</literal>. If whitespace or characters which have

src/core/bpf-socket-bind.c

@@ -78,7 +78,8 @@ static int prepare_socket_bind_bpf(
 
         obj = socket_bind_bpf__open();
         if (!obj)
-                return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, errno, "Failed to open BPF object: %m");
+                return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, SYNTHETIC_ERRNO(ENOMEM),
+                                           "Failed to open BPF object");
 
         if (sym_bpf_map__resize(obj->maps.sd_bind_allow, MAX(allow_count, 1u)) != 0)
                 return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, errno,

src/core/restrict-ifaces.c

@@ -34,11 +34,11 @@ static int prepare_restrict_ifaces_bpf(
 
         obj = restrict_ifaces_bpf__open();
         if (!obj)
-                return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, errno, "Failed to open BPF object: %m");
+                return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOMEM), "Failed to open BPF object");
 
         r = sym_bpf_map__resize(obj->maps.sd_restrictif, MAX(set_size(restrict_network_interfaces), 1u));
         if (r != 0)
-                return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, r,
+                return log_unit_error_errno(u, r,
                                 "Failed to resize BPF map '%s': %m",
                                 sym_bpf_map__name(obj->maps.sd_restrictif));
 
@@ -46,7 +46,7 @@ static int prepare_restrict_ifaces_bpf(
 
         r = restrict_ifaces_bpf__load(obj);
         if (r != 0)
-                return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, r, "Failed to load BPF object: %m");
+                return log_unit_error_errno(u, r, "Failed to load BPF object: %m");
 
         map_fd = sym_bpf_map__fd(obj->maps.sd_restrictif);
 
@@ -61,9 +61,7 @@ static int prepare_restrict_ifaces_bpf(
                 }
 
                 if (sym_bpf_map_update_elem(map_fd, &ifindex, &dummy, BPF_ANY))
-                        return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, errno,
-                                                   "Failed to update BPF map '%s' fd: %m",
-                                                   sym_bpf_map__name(obj->maps.sd_restrictif));
+                        return log_unit_error_errno(u, errno, "Failed to update BPF map '%s' fd: %m", sym_bpf_map__name(obj->maps.sd_restrictif));
         }
 
         *ret_object = TAKE_PTR(obj);

src/home/homework-luks.c

@@ -1151,34 +1151,45 @@ static int lock_image_fd(int image_fd, const char *ip) {
          * image file, and send it to our parent. homed will keep it open to ensure no other instance of
          * homed (across the network or such) will also mount the file. */
 
-        assert(image_fd >= 0);
-        assert(ip);
-
         r = getenv_bool("SYSTEMD_LUKS_LOCK");
         if (r == -ENXIO)
                 return 0;
         if (r < 0)
                 return log_error_errno(r, "Failed to parse $SYSTEMD_LUKS_LOCK environment variable: %m");
-        if (r == 0)
-                return 0;
+        if (r > 0) {
+                struct stat st;
 
-        if (flock(image_fd, LOCK_EX|LOCK_NB) < 0) {
+                if (fstat(image_fd, &st) < 0)
+                        return log_error_errno(errno, "Failed to stat image file: %m");
+                if (S_ISBLK(st.st_mode)) {
+                        /* Locking block devices doesn't really make sense, as this might interfere with
+                         * udev's workings, and these locks aren't network propagated anyway, hence not what
+                         * we are after here. */
+                        log_debug("Not locking image file '%s', since it's a block device.", ip);
+                        return 0;
+                }
+                r = stat_verify_regular(&st);
+                if (r < 0)
+                        return log_error_errno(r, "Image file to lock is not a regular file: %m");
 
-                if (errno == EWOULDBLOCK)
-                        log_error_errno(errno, "Image file '%s' already locked, can't use.", ip);
-                else
-                        log_error_errno(errno, "Failed to lock image file '%s': %m", ip);
+                if (flock(image_fd, LOCK_EX|LOCK_NB) < 0) {
 
-                return errno != EWOULDBLOCK ? -errno : -EADDRINUSE; /* Make error recognizable */
+                        if (errno == EWOULDBLOCK)
+                                log_error_errno(errno, "Image file '%s' already locked, can't use.", ip);
+                        else
+                                log_error_errno(errno, "Failed to lock image file '%s': %m", ip);
+
+                        return errno != EWOULDBLOCK ? -errno : -EADDRINUSE; /* Make error recognizable */
+                }
+
+                log_info("Successfully locked image file '%s'.", ip);
+
+                /* Now send it to our parent to keep safe while the home dir is active */
+                r = sd_pid_notify_with_fds(0, false, "SYSTEMD_LUKS_LOCK_FD=1", &image_fd, 1);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to send LUKS lock fd to parent, ignoring: %m");
         }
 
-        log_info("Successfully locked image file '%s'.", ip);
-
-        /* Now send it to our parent to keep safe while the home dir is active */
-        r = sd_pid_notify_with_fds(0, false, "SYSTEMD_LUKS_LOCK_FD=1", &image_fd, 1);
-        if (r < 0)
-                log_warning_errno(r, "Failed to send LUKS lock fd to parent, ignoring: %m");
-
         return 0;
 }
 
@@ -1192,8 +1203,6 @@ static int open_image_file(
         const char *ip;
         int r;
 
-        assert(h || force_image_path);
-
         ip = force_image_path ?: user_record_image_path(h);
 
         image_fd = open(ip, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
@@ -1207,14 +1216,9 @@ static int open_image_file(
                                 S_ISDIR(st.st_mode) ? SYNTHETIC_ERRNO(EISDIR) : SYNTHETIC_ERRNO(EBADFD),
                                 "Image file %s is not a regular file or block device: %m", ip);
 
-        /* Locking block devices doesn't really make sense, as this might interfere with
-         * udev's workings, and these locks aren't network propagated anyway, hence not what
-         * we are after here. */
-        if (S_ISREG(st.st_mode)) {
-                r = lock_image_fd(image_fd, ip);
-                if (r < 0)
-                        return r;
-        }
+        r = lock_image_fd(image_fd, ip);
+        if (r < 0)
+                return r;
 
         if (ret_stat)
                 *ret_stat = st;
@@ -2200,10 +2204,12 @@ int home_create_luks(
 
                 /* Let's place the home directory on a real device, i.e. an USB stick or such */
 
-                setup->image_fd = open_image_file(h, ip, &st);
+                setup->image_fd = open(ip, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
                 if (setup->image_fd < 0)
-                        return setup->image_fd;
+                        return log_error_errno(errno, "Failed to open device %s: %m", ip);
 
+                if (fstat(setup->image_fd, &st) < 0)
+                        return log_error_errno(errno, "Failed to stat device %s: %m", ip);
                 if (!S_ISBLK(st.st_mode))
                         return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Device is not a block device, refusing.");
 

src/import/import.c

@@ -91,7 +91,7 @@ static int open_source(const char *path, const char *local, int *ret_open_fd) {
         if (path) {
                 open_fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
                 if (open_fd < 0)
-                        return log_error_errno(errno, "Failed to open source file '%s': %m", path);
+                        return log_error_errno(errno, "Failed to open raw image to import: %m");
 
                 retval = open_fd;