Compare commits

...

25 Commits

Author SHA1 Message Date
Ivan Kruglov 00f70071bd
Merge cf9cafd47d into bbec1c87d3 2024-11-26 21:34:16 +02:00
gerblesh bbec1c87d3 sysext: set SELinux context for hierarchies and workdir 2024-11-26 17:47:32 +00:00
Yu Watanabe f29a07f3fc man: several more assorted fixes
Continuation of 4ebbb5bfe8.
Closes #35307.
2024-11-26 17:28:14 +01:00
Luca Boccassi 0566bd9643
machine: increase timeouts in attempt to fix #35115 (#35117)
An attempt to fix https://github.com/systemd/systemd/issues/35115
2024-11-26 16:12:56 +00:00
Lennart Poettering 7b4b3a8f7b sd-varlink: fix bug when enqueuing messages with fds asynchronously
When determining the poll events to wait for we need to take the queue
of pending messages that carry fds into account. Otherwise we might end
up not waking up if such an fd-carrying message is enqueued
asynchronously (i.e. not from a dispatch callback).
2024-11-26 16:06:53 +00:00
Ivan Kruglov cf9cafd47d core: introduce io.systemd.Unit.Start method 2024-11-22 17:50:30 +01:00
Ivan Kruglov 8026e73267 core: mac_selinux_access_check_varlink() 2024-11-22 17:48:37 +01:00
Ivan Kruglov 028b710a62 core: add SocketContext to io.systemd.Unit.List output 2024-11-21 10:26:37 +01:00
Ivan Kruglov 81f57a5f27 core: add ServiceContext to io.systemd.Unit.List output 2024-11-21 10:26:37 +01:00
Ivan Kruglov 22d696e9c5 core: add TimerContext to io.systemd.Unit.List output 2024-11-21 10:26:37 +01:00
Ivan Kruglov a29e6372f8 core: add SwapContext to io.systemd.Unit.List output 2024-11-21 10:26:37 +01:00
Ivan Kruglov 8a9c8cf9c9 core: add ScopeContext to io.systemd.Unit.List output 2024-11-21 10:26:37 +01:00
Ivan Kruglov afee7cf9fb core: add PathContext to io.systemd.Unit.List output 2024-11-21 10:26:37 +01:00
Ivan Kruglov 0ee37d25b6 core: add Mount and AutoMount contextes to io.systemd.Unit.List output 2024-11-21 10:26:37 +01:00
Ivan Kruglov 7ce36166d8 core: add KillContext to io.systemd.Unit.List output 2024-11-21 10:26:37 +01:00
Ivan Kruglov 42431acd53 core: add ExecContext to io.systemd.Unit.List output 2024-11-21 10:26:37 +01:00
Ivan Kruglov e544d9bd97 core: add CGroupContext to io.systemd.Unit.List output 2024-11-20 12:15:18 +01:00
Ivan Kruglov 03364f5df8 core: simple tests for io.systemd.Unit.List 2024-11-20 12:15:18 +01:00
Ivan Kruglov 52718e8d4f core: skeleton for io.system.Unit interface and io.systemd.Unit.List method 2024-11-20 12:14:04 +01:00
Ivan Kruglov 49236c1480 nsflags: namespace_flags_to_strv() 2024-11-20 12:13:36 +01:00
Daan De Meyer bf43cdb767 core: Expose Manager object information via varlink
Let's extend pid1's varlink interface and add a Describe method to
get the global Manager object information as a JSON object
(io.systemd.Manager.Describe).

Because the new varlink interface should be available on both the
user managers and the system manager, we also make the necessary
changes to expose a varlink server on user managers.
2024-11-20 12:04:25 +01:00
Ivan Kruglov a3fe412c35 log: log_get_target_max_level() 2024-11-20 10:40:58 +01:00
Ivan Kruglov 53c95a9d53 meson: introduce PROJECT_VERSION_STR and use it in udev 2024-11-20 10:40:58 +01:00
Ivan Kruglov 3aa3f130c1 machine: add debug for systemd-nspawn@.service 2024-11-19 19:12:32 +01:00
Ivan Kruglov df18408ac6 machine: increase timeouts in attempt to fix #35115 2024-11-19 18:04:27 +01:00
42 changed files with 4084 additions and 86 deletions

View File

@ -128,7 +128,8 @@
<para>If <option>-keep-download=yes</option> is specified the image will be downloaded and stored in
a read-only subvolume/directory in the image directory that is named after the specified URL and its
HTTP etag. A writable snapshot is then taken from this subvolume, and named after the specified local
HTTP etag (see <ulink url="https://en.wikipedia.org/wiki/HTTP_ETag">HTTP ETag</ulink> for more
information). A writable snapshot is then taken from this subvolume, and named after the specified local
name. This behavior ensures that creating multiple instances of the same URL is efficient, as
multiple downloads are not necessary. In order to create only the read-only image, and avoid creating
its writable snapshot, specify <literal>-</literal> as local name.</para>

View File

@ -28,7 +28,9 @@
<title>Description</title>
<para><command>pam_systemd_loadkey</command> reads a NUL-separated password list from the kernel keyring,
and sets the last password in the list as the PAM authtok.</para>
and sets the last password in the list as the PAM authtok, which can be used by e.g.
<citerefentry project='man-pages'><refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<para>The password list is supposed to be stored in the "user" keyring of the root user,
by an earlier call to

View File

@ -61,7 +61,10 @@
<literal>systemd-run0</literal> PAM stack.</para>
<para>Note that <command>run0</command> is implemented as an alternative multi-call invocation of
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>. That is,
<command>run0</command> is a symbolic link to <command>systemd-run</command> executable file, and it
behaves as <command>run0</command> if it is invoked through the symbolic link, otherwise behaves as
<command>systemd-run</command>.</para>
</refsect1>
<refsect1>

View File

@ -41,8 +41,10 @@
<refsect1>
<title>Kernel Command Line</title>
<para><filename>systemd-rfkill</filename> understands the
following kernel command line parameter:</para>
<para>
<command>systemd-rfkill</command> understands the following kernel command line parameter. See also
<citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
<variablelist class='kernel-commandline-options'>
<varlistentry>

View File

@ -394,9 +394,9 @@
<listitem><para>SBAT metadata associated with the UKI or addon. SBAT policies are useful to revoke
whole groups of UKIs or addons with a single, static policy update that does not take space in
DBX/MOKX. If not specified manually, a default metadata entry consisting of
<literal>uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/</literal>
<programlisting>uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/</programlisting>
for UKIs and
<literal>uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html</literal>
<programlisting>uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html</programlisting>
for addons will be used, to ensure it is always possible to revoke them. For more information on
SBAT see <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">Shim documentation</ulink>.
</para>

View File

@ -27,6 +27,8 @@ conf = configuration_data()
conf.set_quoted('PROJECT_URL', 'https://systemd.io/')
conf.set('PROJECT_VERSION', project_major_version,
description : 'Numerical project version (used where a simple number is expected)')
conf.set_quoted('PROJECT_VERSION_STR', project_major_version,
description: 'Stringified project version (used where a simple string is expected)')
conf.set_quoted('PROJECT_VERSION_FULL', meson.project_version(), description : 'Full project version')
# This is to be used instead of meson.source_root(), as the latter will return

View File

@ -289,7 +289,8 @@ int write_string_file_full(
const char *fn,
const char *line,
WriteStringFileFlags flags,
const struct timespec *ts) {
const struct timespec *ts,
const char *label_fn) {
bool call_label_ops_post = false, made_file = false;
_cleanup_fclose_ FILE *f = NULL;
@ -321,7 +322,8 @@ int write_string_file_full(
mode_t mode = write_string_file_flags_to_mode(flags);
if (FLAGS_SET(flags, WRITE_STRING_FILE_LABEL|WRITE_STRING_FILE_CREATE)) {
r = label_ops_pre(dir_fd, fn, mode);
const char *lookup = label_fn ? label_fn : fn;
r = label_ops_pre(dir_fd, lookup, mode);
if (r < 0)
goto fail;

View File

@ -51,12 +51,13 @@ int write_string_stream_full(FILE *f, const char *line, WriteStringFileFlags fla
static inline int write_string_stream(FILE *f, const char *line, WriteStringFileFlags flags) {
return write_string_stream_full(f, line, flags, /* ts= */ NULL);
}
int write_string_file_full(int dir_fd, const char *fn, const char *line, WriteStringFileFlags flags, const struct timespec *ts);
int write_string_file_full(int dir_fd, const char *fn, const char *line, WriteStringFileFlags flags, const struct timespec *ts, const char *label_fn);
static inline int write_string_file(const char *fn, const char *line, WriteStringFileFlags flags) {
return write_string_file_full(AT_FDCWD, fn, line, flags, /* ts= */ NULL);
return write_string_file_full(AT_FDCWD, fn, line, flags, /* ts= */ NULL, /*label_fn=*/ NULL);
}
static inline int write_string_file_at(int dir_fd, const char *fn, const char *line, WriteStringFileFlags flags) {
return write_string_file_full(dir_fd, fn, line, flags, /* ts= */ NULL);
return write_string_file_full(dir_fd, fn, line, flags, /* ts= */ NULL, /*label_fn=*/ NULL);
}
int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4);

View File

@ -1471,6 +1471,12 @@ int log_get_max_level(void) {
return log_max_level;
}
int log_get_target_max_level(LogTarget target) {
assert(target >= 0);
assert(target < _LOG_TARGET_SINGLE_MAX);
return log_target_max_level[target];
}
void log_show_color(bool b) {
show_color = b;
}

View File

@ -59,6 +59,7 @@ void log_settle_target(void);
int log_set_max_level(int level);
int log_set_max_level_from_string(const char *e);
int log_get_max_level(void) _pure_;
int log_get_target_max_level(LogTarget target);
int log_max_levels_to_string(int level, char **ret);
void log_set_facility(int facility);

View File

@ -3,13 +3,19 @@
#include "sd-varlink.h"
#include "core-varlink.h"
#include "format-util.h"
#include "json-util.h"
#include "manager-varlink.h"
#include "mkdir-label.h"
#include "strv.h"
#include "unit-varlink.h"
#include "user-util.h"
#include "varlink-internal.h"
#include "varlink-serialize.h"
#include "varlink-io.systemd.Unit.h"
#include "varlink-io.systemd.UserDatabase.h"
#include "varlink-io.systemd.ManagedOOM.h"
#include "varlink-io.systemd.Manager.h"
#include "varlink-util.h"
typedef struct LookupParameters {
@ -579,15 +585,31 @@ int manager_setup_varlink_server(Manager *m) {
if (m->varlink_server)
return 0;
if (!MANAGER_IS_SYSTEM(m))
return -EINVAL;
sd_varlink_server_flags_t flags = SD_VARLINK_SERVER_INHERIT_USERDATA;
if (MANAGER_IS_SYSTEM(m))
flags |= SD_VARLINK_SERVER_ACCOUNT_UID;
r = sd_varlink_server_new(&s, SD_VARLINK_SERVER_ACCOUNT_UID|SD_VARLINK_SERVER_INHERIT_USERDATA);
r = sd_varlink_server_new(&s, flags);
if (r < 0)
return log_debug_errno(r, "Failed to allocate varlink server object: %m");
sd_varlink_server_set_userdata(s, m);
r = sd_varlink_server_add_interface_many(s,
&vl_interface_io_systemd_Manager,
&vl_interface_io_systemd_Unit);
if (r < 0)
return log_debug_errno(r, "Failed to add interfaces to varlink server: %m");
r = sd_varlink_server_bind_method_many(
s,
"io.systemd.Manager.Describe", vl_method_describe_manager,
"io.systemd.Unit.List", vl_method_list_units,
"io.systemd.Unit.Start", vl_method_start_unit);
if (r < 0)
return log_debug_errno(r, "Failed to register varlink methods: %m");
if (MANAGER_IS_SYSTEM(m)) {
r = sd_varlink_server_add_interface_many(
s,
&vl_interface_io_systemd_UserDatabase,
@ -607,6 +629,7 @@ int manager_setup_varlink_server(Manager *m) {
r = sd_varlink_server_bind_disconnect(s, vl_disconnect);
if (r < 0)
return log_debug_errno(r, "Failed to register varlink disconnect handler: %m");
}
r = sd_varlink_server_attach_event(s, m->event, EVENT_PRIORITY_IPC);
if (r < 0)
@ -630,22 +653,22 @@ static int manager_varlink_init_system(Manager *m) {
bool fresh = r > 0;
if (!MANAGER_IS_TEST_RUN(m)) {
(void) mkdir_p_label("/run/systemd/userdb", 0755);
FOREACH_STRING(dir,
"/run/systemd/userdb",
"/run/systemd/unit") {
r = mkdir_p_label(dir, 0755);
if (r < 0)
log_debug_errno(r, "Failed to create dir '%s', ignoring: %m", dir);
}
FOREACH_STRING(address, "/run/systemd/userdb/io.systemd.DynamicUser", VARLINK_ADDR_PATH_MANAGED_OOM_SYSTEM) {
if (!fresh) {
FOREACH_STRING(address,
"/run/systemd/userdb/io.systemd.DynamicUser",
VARLINK_ADDR_PATH_MANAGED_OOM_SYSTEM,
"/run/systemd/io.systemd.Manager",
"/run/systemd/unit/io.systemd.Unit") {
/* We might have got sockets through deserialization. Do not bind to them twice. */
bool found = false;
LIST_FOREACH(sockets, ss, m->varlink_server->sockets)
if (path_equal(ss->address, address)) {
found = true;
break;
}
if (found)
if (!fresh && varlink_server_contains_socket(m->varlink_server, address))
continue;
}
r = sd_varlink_server_listen_address(m->varlink_server, address, 0666);
if (r < 0)
@ -657,6 +680,8 @@ static int manager_varlink_init_system(Manager *m) {
}
static int manager_varlink_init_user(Manager *m) {
int r;
assert(m);
if (!MANAGER_IS_USER(m))
@ -665,6 +690,34 @@ static int manager_varlink_init_user(Manager *m) {
if (MANAGER_IS_TEST_RUN(m))
return 0;
r = manager_setup_varlink_server(m);
if (r < 0)
return log_error_errno(r, "Failed to set up varlink server: %m");
bool fresh = r > 0;
FOREACH_STRING(a,
"systemd/io.systemd.Manager",
"systemd/unit/io.systemd.Unit") {
_cleanup_free_ char *address = NULL, *dir = NULL;
address = path_join(m->prefix[EXEC_DIRECTORY_RUNTIME], a);
if (!address)
return -ENOMEM;
/* We might have got sockets through deserialization. Do not bind to them twice. */
if (fresh || !varlink_server_contains_socket(m->varlink_server, address)) {
r = path_extract_directory(address, &dir);
if (r < 0)
log_debug_errno(r, "Failed to extract directory from path '%s', ignoring: %m", address);
r = mkdir_p_label(dir, 0755);
if (r < 0)
log_debug_errno(r, "Failed to create dir '%s', ignoring: %m", dir);
r = sd_varlink_server_listen_address(m->varlink_server, address, 0666);
if (r < 0)
return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address);
}
}
return manager_varlink_managed_oom_connect(m);
}

View File

@ -497,7 +497,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
if (r < 0)
return r;
} else if ((val = startswith(l, "varlink-server-socket-address="))) {
if (!m->varlink_server && MANAGER_IS_SYSTEM(m)) {
if (!m->varlink_server) {
r = manager_setup_varlink_server(m);
if (r < 0) {
log_warning_errno(r, "Failed to setup varlink server, ignoring: %m");

203
src/core/manager-varlink.c Normal file
View File

@ -0,0 +1,203 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <sys/prctl.h>
#include "build.h"
#include "confidential-virt.h"
#include "json-util.h"
#include "manager-varlink.h"
#include "manager.h"
#include "syslog-util.h"
#include "taint.h"
#include "version.h"
#include "varlink-common.h"
#include "virt.h"
#include "watchdog.h"
static int manager_environment_build_json(sd_json_variant **ret, const char *name, void *userdata) {
_cleanup_strv_free_ char **l = NULL;
Manager *m = ASSERT_PTR(userdata);
int r;
assert(ret);
r = manager_get_effective_environment(m, &l);
if (r < 0)
return r;
if (strv_isempty(l))
return 0;
return sd_json_variant_new_array_strv(ret, l);
}
static int log_level_build_json(sd_json_variant **ret, const char *name, void *userdata, int log_max_level) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
int r;
assert(ret);
assert(log_max_level >= 0);
for (int log_target = 0; log_target < _LOG_TARGET_SINGLE_MAX; log_target++) {
_cleanup_free_ char *log_level_string = NULL;
int target_max_level = log_get_target_max_level(log_target);
const char *log_target_string = log_target_to_string(log_target);
int log_level = MIN(log_max_level, target_max_level);
r = log_level_to_string_alloc(log_level, &log_level_string);
if (r < 0)
return r;
r = sd_json_variant_set_field_string(&v, log_target_string, log_level_string);
if (r < 0)
return r;
}
*ret = TAKE_PTR(v);
return 0;
}
static int log_level_build_context_json(sd_json_variant **ret, const char *name, void *userdata) {
Manager *m = ASSERT_PTR(userdata);
int log_level = m->log_level_overridden ? m->original_log_level : log_get_max_level();
return log_level_build_json(ret, name, userdata, log_level);
}
static int log_level_build_runtime_json(sd_json_variant **ret, const char *name, void *userdata) {
Manager *m = ASSERT_PTR(userdata);
if (!m->log_level_overridden)
return 0;
return log_level_build_json(ret, name, userdata, log_get_max_level());
}
static int manager_context_build_json(sd_json_variant **ret, const char *name, void *userdata) {
Manager *m = ASSERT_PTR(userdata);
return sd_json_buildo(ASSERT_PTR(ret),
SD_JSON_BUILD_PAIR_STRING("Version", GIT_VERSION),
SD_JSON_BUILD_PAIR_STRING("Architecture", architecture_to_string(uname_architecture())),
SD_JSON_BUILD_PAIR_STRING("Features", systemd_features),
SD_JSON_BUILD_PAIR_BOOLEAN("ShowStatus", show_status_on(MANAGER_IS_USER(m) ? _SHOW_STATUS_INVALID : m->show_status)),
SD_JSON_BUILD_PAIR_STRV("UnitPath", m->lookup_paths.search_path),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("LogLevel", log_level_build_context_json, m),
SD_JSON_BUILD_PAIR_STRING("LogTarget", log_target_to_string(m->log_target_overridden ? m->original_log_target : log_get_target())),
JSON_BUILD_PAIR_STRV_NON_EMPTY("Environment", m->transient_environment),
SD_JSON_BUILD_PAIR_STRING("DefaultStandardOutput", exec_output_to_string(m->defaults.std_output)),
SD_JSON_BUILD_PAIR_STRING("DefaultStandardError", exec_output_to_string(m->defaults.std_error)),
JSON_BUILD_PAIR_FINITE_USEC("RuntimeWatchdogUSec", manager_get_watchdog(m, WATCHDOG_RUNTIME)),
JSON_BUILD_PAIR_FINITE_USEC("RuntimeWatchdogPreUSec", manager_get_watchdog(m, WATCHDOG_PRETIMEOUT)),
JSON_BUILD_PAIR_STRING_NON_EMPTY("RuntimeWatchdogPreGovernor", m->watchdog_pretimeout_governor),
JSON_BUILD_PAIR_FINITE_USEC("RebootWatchdogUSec", manager_get_watchdog(m, WATCHDOG_REBOOT)),
JSON_BUILD_PAIR_FINITE_USEC("KExecWatchdogUSec", manager_get_watchdog(m, WATCHDOG_KEXEC)),
SD_JSON_BUILD_PAIR_BOOLEAN("ServiceWatchdogs", m->service_watchdogs),
JSON_BUILD_PAIR_FINITE_USEC("DefaultTimerAccuracyUSec", m->defaults.timer_accuracy_usec),
JSON_BUILD_PAIR_FINITE_USEC("DefaultTimeoutStartUSec", m->defaults.timeout_start_usec),
JSON_BUILD_PAIR_FINITE_USEC("DefaultTimeoutStopUSec", m->defaults.timeout_stop_usec),
JSON_BUILD_PAIR_FINITE_USEC("DefaultTimeoutAbortUSec", manager_default_timeout_abort_usec(m)),
JSON_BUILD_PAIR_FINITE_USEC("DefaultDeviceTimeoutUSec", m->defaults.device_timeout_usec),
JSON_BUILD_PAIR_FINITE_USEC("DefaultRestartUSec", m->defaults.restart_usec),
JSON_BUILD_PAIR_RATELIMIT("DefaultStartLimit", &m->defaults.start_limit),
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultCPUAccounting", m->defaults.cpu_accounting),
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultBlockIOAccounting", m->defaults.blockio_accounting),
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultIOAccounting", m->defaults.io_accounting),
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultIPAccounting", m->defaults.ip_accounting),
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultMemoryAccounting", m->defaults.memory_accounting),
SD_JSON_BUILD_PAIR_BOOLEAN("DefaultTasksAccounting", m->defaults.tasks_accounting),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitCPU", rlimit_build_json, m->defaults.rlimit[RLIMIT_CPU]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitFSIZE", rlimit_build_json, m->defaults.rlimit[RLIMIT_FSIZE]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitDATA", rlimit_build_json, m->defaults.rlimit[RLIMIT_DATA]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitSTACK", rlimit_build_json, m->defaults.rlimit[RLIMIT_STACK]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitCORE", rlimit_build_json, m->defaults.rlimit[RLIMIT_CORE]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitRSS", rlimit_build_json, m->defaults.rlimit[RLIMIT_RSS]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitNOFILE", rlimit_build_json, m->defaults.rlimit[RLIMIT_NOFILE]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitAS", rlimit_build_json, m->defaults.rlimit[RLIMIT_AS]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitNPROC", rlimit_build_json, m->defaults.rlimit[RLIMIT_NPROC]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitMEMLOCK", rlimit_build_json, m->defaults.rlimit[RLIMIT_MEMLOCK]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitLOCKS", rlimit_build_json, m->defaults.rlimit[RLIMIT_LOCKS]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitSIGPENDING", rlimit_build_json, m->defaults.rlimit[RLIMIT_SIGPENDING]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitMSGQUEUE", rlimit_build_json, m->defaults.rlimit[RLIMIT_MSGQUEUE]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitNICE", rlimit_build_json, m->defaults.rlimit[RLIMIT_NICE]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitRTPRIO", rlimit_build_json, m->defaults.rlimit[RLIMIT_RTPRIO]),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("DefaultLimitRTTIME", rlimit_build_json, m->defaults.rlimit[RLIMIT_RTTIME]),
SD_JSON_BUILD_PAIR_UNSIGNED("DefaultTasksMax", cgroup_tasks_max_resolve(&m->defaults.tasks_max)),
JSON_BUILD_PAIR_FINITE_USEC("DefaultMemoryPressureThresholdUSec", m->defaults.memory_pressure_threshold_usec),
SD_JSON_BUILD_PAIR_STRING("DefaultMemoryPressureWatch", cgroup_pressure_watch_to_string(m->defaults.memory_pressure_watch)),
JSON_BUILD_PAIR_FINITE_USEC("TimerSlackNSec", (uint64_t) prctl(PR_GET_TIMERSLACK)),
SD_JSON_BUILD_PAIR_STRING("DefaultOOMPolicy", oom_policy_to_string(m->defaults.oom_policy)),
SD_JSON_BUILD_PAIR_INTEGER("DefaultOOMScoreAdjust", m->defaults.oom_score_adjust),
SD_JSON_BUILD_PAIR_STRING("CtrlAltDelBurstAction", emergency_action_to_string(m->cad_burst_action)));
}
static int manager_runtime_build_json(sd_json_variant **ret, const char *name, void *userdata) {
Manager *m = ASSERT_PTR(userdata);
dual_timestamp watchdog_last_ping = {
.monotonic = watchdog_get_last_ping(CLOCK_MONOTONIC),
.realtime = watchdog_get_last_ping(CLOCK_REALTIME),
};
_cleanup_strv_free_ char **taints = NULL;
taints = taint_strv();
if (!taints)
return -ENOMEM;
return sd_json_buildo(ASSERT_PTR(ret),
SD_JSON_BUILD_PAIR_STRING("Virtualization", virtualization_to_string(detect_virtualization())),
SD_JSON_BUILD_PAIR_STRING("ConfidentialVirtualization", confidential_virtualization_to_string(detect_confidential_virtualization())),
SD_JSON_BUILD_PAIR_STRV("Taints", taints),
JSON_BUILD_PAIR_STRING_NON_EMPTY("ConfirmSpawn", manager_get_confirm_spawn(m)),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("FirmwareTimestamp", &m->timestamps[MANAGER_TIMESTAMP_FIRMWARE]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("LoaderTimestamp", &m->timestamps[MANAGER_TIMESTAMP_LOADER]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("KernelTimestamp", &m->timestamps[MANAGER_TIMESTAMP_KERNEL]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("UserspaceTimestamp", &m->timestamps[MANAGER_TIMESTAMP_USERSPACE]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("FinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_FINISH]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("SecurityStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_SECURITY_START]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("SecurityFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_SECURITY_FINISH]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("GeneratorsStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_GENERATORS_START]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("GeneratorsFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_GENERATORS_FINISH]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("UnitsLoadStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD_START]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("UnitsLoadFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD_FINISH]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("UnitsLoadTimestamp", &m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDSecurityStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_SECURITY_START]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDSecurityFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_SECURITY_FINISH]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDGeneratorsStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_GENERATORS_START]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDGeneratorsFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_GENERATORS_FINISH]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDUnitsLoadStartTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_START]),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("InitRDUnitsLoadFinishTimestamp", &m->timestamps[MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH]),
SD_JSON_BUILD_PAIR_CONDITION(m->show_status_overridden != _SHOW_STATUS_INVALID, "ShowStatus", SD_JSON_BUILD_BOOLEAN(manager_get_show_status_on(m))),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("LogLevel", log_level_build_runtime_json, m),
SD_JSON_BUILD_PAIR_CONDITION(m->log_target_overridden, "LogTarget", SD_JSON_BUILD_STRING(log_target_to_string(log_get_target()))),
SD_JSON_BUILD_PAIR_UNSIGNED("NNames", hashmap_size(m->units)),
SD_JSON_BUILD_PAIR_UNSIGNED("NFailedUnits", set_size(m->failed_units)),
SD_JSON_BUILD_PAIR_UNSIGNED("NJobs", hashmap_size(m->jobs)),
SD_JSON_BUILD_PAIR_UNSIGNED("NInstalledJobs", m->n_installed_jobs),
SD_JSON_BUILD_PAIR_UNSIGNED("NFailedJobs", m->n_failed_jobs),
SD_JSON_BUILD_PAIR_REAL("Progress", manager_get_progress(m)),
JSON_BUILD_PAIR_CALLBACK_NON_NULL("Environment", manager_environment_build_json, m),
JSON_BUILD_PAIR_STRING_NON_EMPTY("WatchdogDevice", watchdog_get_device()),
JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL("WatchdogLastPingTimestamp", &watchdog_last_ping),
JSON_BUILD_PAIR_STRING_NON_EMPTY("ControlGroup", m->cgroup_root),
SD_JSON_BUILD_PAIR_STRING("SystemState", manager_state_to_string(manager_state(m))),
SD_JSON_BUILD_PAIR_UNSIGNED("ExitCode", m->return_value));
}
int vl_method_describe_manager(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
Manager *manager = ASSERT_PTR(userdata);
int r;
assert(parameters);
if (sd_json_variant_elements(parameters) > 0)
return sd_varlink_error_invalid_parameter(link, parameters);
r = sd_json_buildo(&v,
SD_JSON_BUILD_PAIR_CALLBACK("Context", manager_context_build_json, manager),
SD_JSON_BUILD_PAIR_CALLBACK("Runtime", manager_runtime_build_json, manager));
if (r < 0)
return log_error_errno(r, "Failed to build manager JSON data: %m");
return sd_varlink_reply(link, v);
}

View File

@ -0,0 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include "sd-json.h"
#include "sd-varlink.h"
int vl_method_describe_manager(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);

View File

@ -45,6 +45,7 @@ libcore_sources = files(
'load-fragment.c',
'manager-dump.c',
'manager-serialize.c',
'manager-varlink.c',
'manager.c',
'mount.c',
'namespace.c',
@ -63,7 +64,9 @@ libcore_sources = files(
'unit-dependency-atom.c',
'unit-printf.c',
'unit-serialize.c',
'unit-varlink.c',
'unit.c',
'varlink-common.c',
)
if conf.get('BPF_FRAMEWORK') == 1

View File

@ -15,6 +15,7 @@
#include "alloc-util.h"
#include "audit-fd.h"
#include "bus-creds.h"
#include "bus-util.h"
#include "errno-util.h"
#include "format-util.h"
@ -23,6 +24,7 @@
#include "selinux-util.h"
#include "stdio-util.h"
#include "strv.h"
#include "varlink-util.h"
static bool initialized = false;
@ -174,23 +176,22 @@ static int access_init(sd_bus_error *error) {
If the machine is in permissive mode it will return ok. Audit messages will
still be generated if the access would be denied in enforcing mode.
*/
int mac_selinux_access_check_internal(
sd_bus_message *message,
static int mac_selinux_access_check_implementation(
sd_bus_creds *creds,
const char *unit_path,
const char *unit_context,
const char *permission,
const char *function,
sd_bus_error *error) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
const char *tclass, *scon, *acon;
_cleanup_free_ char *cl = NULL;
_cleanup_freecon_ char *fcon = NULL;
char **cmdline = NULL;
bool enforce;
int r = 0;
int r;
assert(message);
assert(creds);
assert(permission);
assert(function);
@ -201,16 +202,6 @@ int mac_selinux_access_check_internal(
/* delay call until we checked in `access_init()` if SELinux is actually enabled */
enforce = mac_selinux_enforcing();
r = sd_bus_query_sender_creds(
message,
SD_BUS_CREDS_PID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|
SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
SD_BUS_CREDS_SELINUX_CONTEXT|
SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
&creds);
if (r < 0)
return r;
/* The SELinux context is something we really should have gotten directly from the message or sender,
* and not be an augmented field. If it was augmented we cannot use it for authorization, since this
* is racy and vulnerable. Let's add an extra check, just in case, even though this really shouldn't
@ -271,6 +262,84 @@ int mac_selinux_access_check_internal(
return enforce ? r : 0;
}
int mac_selinux_access_check_internal(
sd_bus_message *message,
const char *unit_path,
const char *unit_context,
const char *permission,
const char *function,
sd_bus_error *error) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
int r;
assert(message);
/* this is not necessary but provides an early exit if SELinux is not in use */
r = access_init(error);
if (r <= 0)
return r;
r = sd_bus_query_sender_creds(
message,
SD_BUS_CREDS_PID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|
SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
SD_BUS_CREDS_SELINUX_CONTEXT|
SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
&creds);
if (r < 0)
return r;
return mac_selinux_access_check_implementation(
creds,
unit_path,
unit_context,
permission,
function,
error);
}
int mac_selinux_access_check_varlink_internal(
sd_varlink *link,
const char *unit_path,
const char *unit_context,
const char *permission,
const char *function,
sd_bus_error *error) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
_cleanup_(pidref_done) PidRef peer = PIDREF_NULL;
int r;
assert(link);
/* this is not necessary but provides an early exit if SELinux is not in use */
r = access_init(error);
if (r <= 0)
return r;
r = varlink_get_peer_pidref(link, &peer);
if (r < 0)
return log_debug_errno(r, "Failed to get peer pidref: %m");
if (r == 0) /* if we couldn't get a pidfd this returns == 0 */
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Failed to get peer pidfd, cannot securely authenticate.");
r = bus_creds_new_from_pidref(
&creds,
&peer,
SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|
SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
SD_BUS_CREDS_SELINUX_CONTEXT|
SD_BUS_CREDS_AUGMENT /* get more bits from /proc */);
if (r < 0)
return log_debug_errno(r, "Failed to get credentials from peer: %m");
return mac_selinux_access_check_implementation(
creds,
unit_path,
unit_context,
permission,
function,
error);
}
#else /* HAVE_SELINUX */
int mac_selinux_access_check_internal(
@ -283,5 +352,13 @@ int mac_selinux_access_check_internal(
return 0;
}
int mac_selinux_access_check_varlink_internal(
sd_varlink *link,
const char *unit_path,
const char *unit_context,
const char *permission,
const char *function) {
return 0;
}
#endif /* HAVE_SELINUX */

View File

@ -2,13 +2,19 @@
#pragma once
#include "sd-bus.h"
#include "sd-varlink.h"
#include "manager.h"
int mac_selinux_access_check_internal(sd_bus_message *message, const char *unit_path, const char *unit_label, const char *permission, const char *function, sd_bus_error *error);
int mac_selinux_access_check_varlink_internal(sd_varlink *link, const char *unit_path, const char *unit_context, const char *permission, const char *function, sd_bus_error *error);
#define mac_selinux_access_check(message, permission, error) \
mac_selinux_access_check_internal((message), NULL, NULL, (permission), __func__, (error))
#define mac_selinux_unit_access_check(unit, message, permission, error) \
mac_selinux_access_check_internal((message), (unit)->fragment_path, (unit)->access_selinux_context, (permission), __func__, (error))
#define mac_selinux_access_check_varlink(unit, link, permission, error) \
mac_selinux_access_check_varlink_internal((link), (unit)->fragment_path, (unit)->access_selinux_context, (permission), __func__, (error))

1878
src/core/unit-varlink.c Normal file

File diff suppressed because it is too large Load Diff

7
src/core/unit-varlink.h Normal file
View File

@ -0,0 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include "sd-varlink.h"
int vl_method_list_units(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);
int vl_method_start_unit(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);

42
src/core/varlink-common.c Normal file
View File

@ -0,0 +1,42 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "json-util.h"
#include "rlimit-util.h"
#include "varlink-common.h"
int rlimit_build_json(sd_json_variant **ret, const char *name, void *userdata) {
const struct rlimit *rl = userdata;
struct rlimit buf = {};
int r;
assert(ret);
assert(name);
if (!rl) {
const char *p;
int z;
/* Skip over any prefix, such as "Default" */
assert_se(p = strstrafter(name, "Limit"));
z = rlimit_from_string(p);
assert(z >= 0 && z < _RLIMIT_MAX);
r = getrlimit(z, &buf);
if (r < 0) {
log_debug_errno(errno, "Failed to getrlimit(%s), ignoring: %m", name);
return 0;
}
rl = &buf;
}
if (rl->rlim_cur == RLIM_INFINITY && rl->rlim_max == RLIM_INFINITY)
return 0;
/* rlim_t might have different sizes, let's map RLIMIT_INFINITY to UINT64_MAX, so that it is the same
* on all archs */
return sd_json_buildo(ret,
JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("soft", rl->rlim_cur, RLIM_INFINITY),
JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("hard", rl->rlim_max, RLIM_INFINITY));
}

View File

@ -0,0 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include "sd-json.h"
#include "sd-varlink.h"
int rlimit_build_json(sd_json_variant **ret, const char *name, void *userdata);

View File

@ -144,7 +144,7 @@ sd_bus_creds* bus_creds_new(void) {
return c;
}
static int bus_creds_new_from_pidref(sd_bus_creds **ret, PidRef *pidref, uint64_t mask) {
int bus_creds_new_from_pidref(sd_bus_creds **ret, PidRef *pidref, uint64_t mask) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
int r;

View File

@ -86,3 +86,4 @@ void bus_creds_done(sd_bus_creds *c);
int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, PidRef *pidref, pid_t tid);
int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret);
int bus_creds_new_from_pidref(sd_bus_creds **ret, PidRef *pidref, uint64_t mask);

View File

@ -1698,7 +1698,8 @@ _public_ int sd_varlink_get_events(sd_varlink *v) {
ret |= EPOLLIN;
if (!v->write_disconnected &&
v->output_buffer_size > 0)
(v->output_queue ||
v->output_buffer_size > 0))
ret |= EPOLLOUT;
return ret;

View File

@ -185,6 +185,7 @@ shared_sources = files(
'varlink-io.systemd.Machine.c',
'varlink-io.systemd.MachineImage.c',
'varlink-io.systemd.ManagedOOM.c',
'varlink-io.systemd.Manager.c',
'varlink-io.systemd.MountFileSystem.c',
'varlink-io.systemd.NamespaceResource.c',
'varlink-io.systemd.Network.c',
@ -192,6 +193,7 @@ shared_sources = files(
'varlink-io.systemd.PCRLock.c',
'varlink-io.systemd.Resolve.c',
'varlink-io.systemd.Resolve.Monitor.c',
'varlink-io.systemd.Unit.c',
'varlink-io.systemd.UserDatabase.c',
'varlink-io.systemd.oom.c',
'varlink-io.systemd.service.c',

View File

@ -7,6 +7,7 @@
#include "namespace-util.h"
#include "nsflags.h"
#include "string-util.h"
#include "strv.h"
int namespace_flags_from_string(const char *name, unsigned long *ret) {
unsigned long flags = 0;
@ -42,17 +43,19 @@ int namespace_flags_from_string(const char *name, unsigned long *ret) {
}
int namespace_flags_to_string(unsigned long flags, char **ret) {
_cleanup_strv_free_ char **l = NULL;
_cleanup_free_ char *s = NULL;
unsigned i;
int r;
for (i = 0; namespace_info[i].proc_name; i++) {
if ((flags & namespace_info[i].clone_flag) != namespace_info[i].clone_flag)
continue;
r = namespace_flags_to_strv(flags, &l);
if (r < 0)
return r;
if (!strextend_with_separator(&s, " ", namespace_info[i].proc_name))
s = strv_join(l, NULL);
if (!s)
return -ENOMEM;
}
if (ret)
*ret = TAKE_PTR(s);
return 0;
@ -65,3 +68,23 @@ const char* namespace_single_flag_to_string(unsigned long flag) {
return NULL;
}
int namespace_flags_to_strv(unsigned long flags, char ***ret) {
_cleanup_strv_free_ char **s = NULL;
unsigned i;
int r;
for (i = 0; namespace_info[i].proc_name; i++) {
if ((flags & namespace_info[i].clone_flag) != namespace_info[i].clone_flag)
continue;
r = strv_extend(&s, namespace_info[i].proc_name);
if (r < 0)
return r;
}
if (ret)
*ret = TAKE_PTR(s);
return 0;
}

View File

@ -20,4 +20,5 @@
int namespace_flags_from_string(const char *name, unsigned long *ret);
int namespace_flags_to_string(unsigned long flags, char **ret);
int namespace_flags_to_strv(unsigned long flags, char ***ret);
const char* namespace_single_flag_to_string(unsigned long flag);

View File

@ -19,3 +19,17 @@ SD_VARLINK_DEFINE_STRUCT_TYPE(
SD_VARLINK_DEFINE_FIELD(pidfdId, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Boot ID of the system the inode number belongs to"),
SD_VARLINK_DEFINE_FIELD(bootId, SD_VARLINK_INT, SD_VARLINK_NULLABLE));
SD_VARLINK_DEFINE_STRUCT_TYPE(
RateLimit,
SD_VARLINK_FIELD_COMMENT("The ratelimit interval"),
SD_VARLINK_DEFINE_FIELD(intervalUSec, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("The ratelimit burst"),
SD_VARLINK_DEFINE_FIELD(burst, SD_VARLINK_INT, 0));
SD_VARLINK_DEFINE_STRUCT_TYPE(
ResourceLimit,
SD_VARLINK_FIELD_COMMENT("The soft resource limit"),
SD_VARLINK_DEFINE_FIELD(soft, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("The hard resource limit"),
SD_VARLINK_DEFINE_FIELD(hard, SD_VARLINK_INT, SD_VARLINK_NULLABLE));

View File

@ -5,3 +5,5 @@
extern const sd_varlink_symbol vl_type_Timestamp;
extern const sd_varlink_symbol vl_type_ProcessId;
extern const sd_varlink_symbol vl_type_RateLimit;
extern const sd_varlink_symbol vl_type_ResourceLimit;

View File

@ -0,0 +1,224 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "build.h"
#include "varlink-idl-common.h"
#include "varlink-io.systemd.Manager.h"
static SD_VARLINK_DEFINE_STRUCT_TYPE(
LogLevelStruct,
SD_VARLINK_FIELD_COMMENT("'console' target log level"),
SD_VARLINK_DEFINE_FIELD(console, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("'kmsg' target log level"),
SD_VARLINK_DEFINE_FIELD(kmsg, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("'syslog' target log level"),
SD_VARLINK_DEFINE_FIELD(syslog, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("'journal' target log level"),
SD_VARLINK_DEFINE_FIELD(journal, SD_VARLINK_STRING, 0));
/* The split between ManagerContext and ManagerRuntime follows the rule:
* - Context is what cannot change once configuration is loaded. You can think about context settings as constants.
* - Runtime is changable settings at runtime, in other words - variables. */
static SD_VARLINK_DEFINE_STRUCT_TYPE(
ManagerContext,
SD_VARLINK_FIELD_COMMENT("The version string of the running systemd instance"),
SD_VARLINK_DEFINE_FIELD(Version, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("A short ID string describing the architecture the systemd instance is running on"),
SD_VARLINK_DEFINE_FIELD(Architecture, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("The features that have been enabled and disabled for this build"),
SD_VARLINK_DEFINE_FIELD(Features, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("Whether systemd will show status messages on the system console"),
SD_VARLINK_DEFINE_FIELD(ShowStatus, SD_VARLINK_BOOL, 0),
SD_VARLINK_FIELD_COMMENT("The unit search path"),
SD_VARLINK_DEFINE_FIELD(UnitPath, SD_VARLINK_STRING, SD_VARLINK_ARRAY),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#LogColor="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(LogLevel, LogLevelStruct, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html#LogColor="),
SD_VARLINK_DEFINE_FIELD(LogTarget, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html#ManagerEnvironment="),
SD_VARLINK_DEFINE_FIELD(Environment, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultStandardOutput="),
SD_VARLINK_DEFINE_FIELD(DefaultStandardOutput, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultStandardError="),
SD_VARLINK_DEFINE_FIELD(DefaultStandardError, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#RuntimeWatchdogSec="),
SD_VARLINK_DEFINE_FIELD(RuntimeWatchdogUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#RuntimeWatchdogPreSec="),
SD_VARLINK_DEFINE_FIELD(RuntimeWatchdogPreUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#RuntimeWatchdogPreGovernor="),
SD_VARLINK_DEFINE_FIELD(RuntimeWatchdogPreGovernor, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#RebootWatchdogSec="),
SD_VARLINK_DEFINE_FIELD(RebootWatchdogUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#KExecWatchdogSec="),
SD_VARLINK_DEFINE_FIELD(KExecWatchdogUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#ServiceWatchdogs="),
SD_VARLINK_DEFINE_FIELD(ServiceWatchdogs, SD_VARLINK_BOOL, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultTimerAccuracySec="),
SD_VARLINK_DEFINE_FIELD(DefaultTimerAccuracyUSec, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultTimeoutStartSec="),
SD_VARLINK_DEFINE_FIELD(DefaultTimeoutStartUSec, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultTimeoutStopSec="),
SD_VARLINK_DEFINE_FIELD(DefaultTimeoutStopUSec, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultTimeoutAbortSec="),
SD_VARLINK_DEFINE_FIELD(DefaultTimeoutAbortUSec, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultDeviceTimeoutSec="),
SD_VARLINK_DEFINE_FIELD(DefaultDeviceTimeoutUSec, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultRestartSec="),
SD_VARLINK_DEFINE_FIELD(DefaultRestartUSec, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultStartLimit="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultStartLimit, RateLimit, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultCPUAccounting="),
SD_VARLINK_DEFINE_FIELD(DefaultCPUAccounting, SD_VARLINK_BOOL, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultBlockIOAccounting="),
SD_VARLINK_DEFINE_FIELD(DefaultBlockIOAccounting, SD_VARLINK_BOOL, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultIOAccounting="),
SD_VARLINK_DEFINE_FIELD(DefaultIOAccounting, SD_VARLINK_BOOL, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultIPAccounting="),
SD_VARLINK_DEFINE_FIELD(DefaultIPAccounting, SD_VARLINK_BOOL, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultMemoryAccounting="),
SD_VARLINK_DEFINE_FIELD(DefaultMemoryAccounting, SD_VARLINK_BOOL, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultTasksAccounting="),
SD_VARLINK_DEFINE_FIELD(DefaultTasksAccounting, SD_VARLINK_BOOL, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitCPU="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitCPU, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitFSIZE="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitFSIZE, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitDATA="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitDATA, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitSTACK="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitSTACK, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitCORE="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitCORE, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitRSS="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitRSS, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitNOFILE="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitNOFILE, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitAS="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitAS, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitNPROC="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitNPROC, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitMEMLOCK="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitMEMLOCK, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitLOCKS="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitLOCKS, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitSIGPENDING="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitSIGPENDING, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitMSGQUEUE="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitMSGQUEUE, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitNICE="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitNICE, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitRTPRIO="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitRTPRIO, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultLimitRTTIME="),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(DefaultLimitRTTIME, ResourceLimit, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultTasksMax="),
SD_VARLINK_DEFINE_FIELD(DefaultTasksMax, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultMemoryPressureThresholdUSec="),
SD_VARLINK_DEFINE_FIELD(DefaultMemoryPressureThresholdUSec, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultMemoryPressureWatch="),
SD_VARLINK_DEFINE_FIELD(DefaultMemoryPressureWatch, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#TimerSlackNSec="),
SD_VARLINK_DEFINE_FIELD(TimerSlackNSec, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultOOMPolicy="),
SD_VARLINK_DEFINE_FIELD(DefaultOOMPolicy, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#DefaultOOMScoreAdjust="),
SD_VARLINK_DEFINE_FIELD(DefaultOOMScoreAdjust, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/"PROJECT_VERSION_STR"/systemd-system.conf.html#CtrlAltDelBurstAction="),
SD_VARLINK_DEFINE_FIELD(CtrlAltDelBurstAction, SD_VARLINK_STRING, 0));
static SD_VARLINK_DEFINE_STRUCT_TYPE(
ManagerRuntime,
SD_VARLINK_FIELD_COMMENT("A short ID string describing the virtualization technology the system runs in"),
SD_VARLINK_DEFINE_FIELD(Virtualization, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("A short ID string describing the confidential virtualization technology the system runs in"),
SD_VARLINK_DEFINE_FIELD(ConfidentialVirtualization, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("An array of strings describing the taints applied to the running system"),
SD_VARLINK_DEFINE_FIELD(Taints, SD_VARLINK_STRING, SD_VARLINK_ARRAY),
SD_VARLINK_FIELD_COMMENT("The console on which systemd asks for confirmation when spawning processes"),
SD_VARLINK_DEFINE_FIELD(ConfirmSpawn, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the firmware first began execution"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(FirmwareTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the boot loader first began execution"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(LoaderTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the kernel first began execution"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(KernelTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the initrd first began execution"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(InitRDTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the initrd first began execution"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(UserspaceTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the system finished booting up"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(FinishTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager started uploading security policies to the kernel"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(SecurityStartTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager finished uploading security policies to the kernel"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(SecurityFinishTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager started executing generators"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(GeneratorsStartTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager finished executing generators"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(GeneratorsFinishTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager first started loading units"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(UnitsLoadStartTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager first finished loading units"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(UnitsLoadFinishTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager last started loading units"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(UnitsLoadTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager started uploading security policies to the kernel in the initrd"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(InitRDSecurityStartTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager finished uploading security policies to the kernel in the initrd"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(InitRDSecurityFinishTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager started executing generators in the initrd"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(InitRDGeneratorsStartTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager finished executing generators in the initrd"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(InitRDGeneratorsFinishTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager first started loading units in the initrd"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(InitRDUnitsLoadStartTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the manager first finished loading units in the initrd"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(InitRDUnitsLoadFinishTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("The current show status of the manager"),
SD_VARLINK_DEFINE_FIELD(ShowStatus, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("The current log level of the manager"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(LogLevel, LogLevelStruct, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("The current log target of the manager"),
SD_VARLINK_DEFINE_FIELD(LogTarget, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("The amount of unique unit names currently loaded"),
SD_VARLINK_DEFINE_FIELD(NNames, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("The amount of failed units"),
SD_VARLINK_DEFINE_FIELD(NFailedUnits, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("The amount of currently queued jobs"),
SD_VARLINK_DEFINE_FIELD(NJobs, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("The total amount of queued jobs"),
SD_VARLINK_DEFINE_FIELD(NInstalledJobs, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("The total amount of failed jobs"),
SD_VARLINK_DEFINE_FIELD(NFailedJobs, SD_VARLINK_INT, 0),
SD_VARLINK_FIELD_COMMENT("Boot progress as a floating point value between 0.0 and 1.0"),
SD_VARLINK_DEFINE_FIELD(Progress, SD_VARLINK_FLOAT, 0),
SD_VARLINK_FIELD_COMMENT("The manager environment variables"),
SD_VARLINK_DEFINE_FIELD(Environment, SD_VARLINK_STRING, SD_VARLINK_ARRAY),
SD_VARLINK_FIELD_COMMENT("The hardware watchdog device currently in use"),
SD_VARLINK_DEFINE_FIELD(WatchdogDevice, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Timestamp when the hardware watchdog was last pinged"),
SD_VARLINK_DEFINE_FIELD_BY_TYPE(WatchdogLastPingTimestamp, Timestamp, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Root of the control group hierarchy that the manager is running in"),
SD_VARLINK_DEFINE_FIELD(ControlGroup, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Current state of the system"),
SD_VARLINK_DEFINE_FIELD(SystemState, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("Exit code of the manager"),
SD_VARLINK_DEFINE_FIELD(ExitCode, SD_VARLINK_INT, 0));
static SD_VARLINK_DEFINE_METHOD(
Describe,
SD_VARLINK_FIELD_COMMENT("Configuration of the manager"),
SD_VARLINK_DEFINE_OUTPUT_BY_TYPE(Context, ManagerContext, 0),
SD_VARLINK_FIELD_COMMENT("Runtime information of the manager"),
SD_VARLINK_DEFINE_OUTPUT_BY_TYPE(Runtime, ManagerRuntime, 0));
SD_VARLINK_DEFINE_INTERFACE(
io_systemd_Manager,
"io.systemd.Manager",
&vl_method_Describe,
&vl_type_ManagerContext,
&vl_type_ManagerRuntime,
&vl_type_Timestamp,
&vl_type_ResourceLimit,
&vl_type_RateLimit,
&vl_type_LogLevelStruct);

View File

@ -0,0 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include "sd-varlink-idl.h"
extern const sd_varlink_interface vl_interface_io_systemd_Manager;

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include "sd-varlink-idl.h"
extern const sd_varlink_interface vl_interface_io_systemd_Unit;

View File

@ -1,6 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "parse-util.h"
#include "path-util.h"
#include "varlink-internal.h"
#include "varlink-serialize.h"
@ -83,3 +84,14 @@ int varlink_server_deserialize_one(sd_varlink_server *s, const char *value, FDSe
LIST_PREPEND(sockets, s->sockets, TAKE_PTR(ss));
return 0;
}
int varlink_server_contains_socket(sd_varlink_server *s, const char *address) {
assert(s);
assert(address);
LIST_FOREACH(sockets, ss, s->sockets)
if (path_equal(ss->address, address))
return true;
return false;
}

View File

@ -9,3 +9,5 @@
int varlink_server_serialize(sd_varlink_server *s, FILE *f, FDSet *fds);
int varlink_server_deserialize_one(sd_varlink_server *s, const char *value, FDSet *fds);
int varlink_server_contains_socket(sd_varlink_server *s, const char *address);

View File

@ -1,5 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <errno.h>
#include <fcntl.h>
#include <getopt.h>
#include <linux/loop.h>
@ -45,6 +46,7 @@
#include "process-util.h"
#include "rm-rf.h"
#include "sort-util.h"
#include "selinux-util.h"
#include "string-table.h"
#include "string-util.h"
#include "terminal-util.h"
@ -899,6 +901,7 @@ static int resolve_mutable_directory(
_cleanup_free_ char *path = NULL, *resolved_path = NULL, *dir_name = NULL;
const char *root = arg_root, *base = MUTABLE_EXTENSIONS_BASE_DIR;
int r;
_cleanup_close_ int atfd = -EBADF;
assert(hierarchy);
assert(ret_resolved_mutable_directory);
@ -943,6 +946,14 @@ static int resolve_mutable_directory(
r = mkdir_p(path_in_root, 0700);
if (r < 0)
return log_error_errno(r, "Failed to create a directory '%s': %m", path_in_root);
atfd = open(path_in_root, O_DIRECTORY|O_CLOEXEC);
if (atfd < 0)
return log_error_errno(errno, "Failed to open directory '%s': %m", path_in_root);
r = mac_selinux_fix_full(atfd, NULL, hierarchy, 0);
if (r < 0)
return log_error_errno(r, "Failed to fix SELinux label for '%s': %m", path_in_root);
}
r = chase(path, root, CHASE_PREFIX_ROOT, &resolved_path, NULL);
@ -1289,6 +1300,7 @@ static int mount_overlayfs_with_op(
int r;
const char *top_layer = NULL;
_cleanup_close_ int atfd = -EBADF;
assert(op);
assert(overlay_path);
@ -1301,10 +1313,28 @@ static int mount_overlayfs_with_op(
if (r < 0)
return log_error_errno(r, "Failed to make directory '%s': %m", meta_path);
atfd = open(meta_path, O_DIRECTORY|O_CLOEXEC);
if (atfd < 0)
return log_error_errno(errno, "Failed to open directory '%s': %m", meta_path);
r = mac_selinux_fix_full(atfd, NULL, op->hierarchy, 0);
if (r < 0)
return log_error_errno(r, "Failed to fix SELinux label for '%s': %m", meta_path);
if (op->upper_dir && op->work_dir) {
r = mkdir_p(op->work_dir, 0700);
if (r < 0)
return log_error_errno(r, "Failed to make directory '%s': %m", op->work_dir);
_cleanup_close_ int dfd = -EBADF;
dfd = open(op->work_dir, O_DIRECTORY|O_CLOEXEC);
if (dfd < 0)
return log_error_errno(errno, "Failed to open directory '%s': %m", op->work_dir);
r = mac_selinux_fix_full(dfd, NULL, op->hierarchy, 0);
if (r < 0)
return log_error_errno(r, "Failed to fix SELinux label for '%s': %m", op->work_dir);
top_layer = op->upper_dir;
} else {
assert(!strv_isempty(op->lower_dirs));
@ -1325,7 +1355,7 @@ static int mount_overlayfs_with_op(
return 0;
}
static int write_extensions_file(ImageClass image_class, char **extensions, const char *meta_path) {
static int write_extensions_file(ImageClass image_class, char **extensions, const char *meta_path, const char *hierarchy) {
_cleanup_free_ char *f = NULL, *buf = NULL;
int r;
@ -1343,14 +1373,15 @@ static int write_extensions_file(ImageClass image_class, char **extensions, cons
if (!buf)
return log_oom();
r = write_string_file(f, buf, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MKDIR_0755);
const char *hierarchy_path = path_join(hierarchy, image_class_info[image_class].dot_directory_name, image_class_info[image_class].short_identifier_plural);
r = write_string_file_full(AT_FDCWD,f, buf, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MKDIR_0755|WRITE_STRING_FILE_LABEL, NULL, hierarchy_path);
if (r < 0)
return log_error_errno(r, "Failed to write extension meta file '%s': %m", f);
return 0;
}
static int write_dev_file(ImageClass image_class, const char *meta_path, const char *overlay_path) {
static int write_dev_file(ImageClass image_class, const char *meta_path, const char *overlay_path, const char *hierarchy) {
_cleanup_free_ char *f = NULL;
struct stat st;
int r;
@ -1372,14 +1403,15 @@ static int write_dev_file(ImageClass image_class, const char *meta_path, const c
/* Modifying the underlying layers while the overlayfs is mounted is technically undefined, but at
* least it won't crash or deadlock, as per the kernel docs about overlayfs:
* https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html#changes-to-underlying-filesystems */
r = write_string_file(f, FORMAT_DEVNUM(st.st_dev), WRITE_STRING_FILE_CREATE);
const char *hierarchy_path = path_join(hierarchy, image_class_info[image_class].dot_directory_name, image_class_info[image_class].short_identifier_plural);
r = write_string_file_full(AT_FDCWD, f, FORMAT_DEVNUM(st.st_dev), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_LABEL, NULL, hierarchy_path);
if (r < 0)
return log_error_errno(r, "Failed to write '%s': %m", f);
return 0;
}
static int write_work_dir_file(ImageClass image_class, const char *meta_path, const char *work_dir) {
static int write_work_dir_file(ImageClass image_class, const char *meta_path, const char *work_dir, const char* hierarchy) {
_cleanup_free_ char *escaped_work_dir_in_root = NULL, *f = NULL;
char *work_dir_in_root = NULL;
int r;
@ -1406,7 +1438,8 @@ static int write_work_dir_file(ImageClass image_class, const char *meta_path, co
escaped_work_dir_in_root = cescape(work_dir_in_root);
if (!escaped_work_dir_in_root)
return log_oom();
r = write_string_file(f, escaped_work_dir_in_root, WRITE_STRING_FILE_CREATE);
const char *hierarchy_path = path_join(hierarchy, image_class_info[image_class].dot_directory_name, "work_dir");
r = write_string_file_full(AT_FDCWD, f, escaped_work_dir_in_root, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_LABEL, NULL, hierarchy_path);
if (r < 0)
return log_error_errno(r, "Failed to write '%s': %m", f);
@ -1418,8 +1451,10 @@ static int store_info_in_meta(
char **extensions,
const char *meta_path,
const char *overlay_path,
const char *work_dir) {
const char *work_dir,
const char *hierarchy) {
_cleanup_free_ char *f = NULL;
_cleanup_close_ int atfd = -EBADF;
int r;
assert(extensions);
@ -1427,15 +1462,32 @@ static int store_info_in_meta(
assert(overlay_path);
/* work_dir may be NULL */
r = write_extensions_file(image_class, extensions, meta_path);
f = path_join(meta_path, image_class_info[image_class].dot_directory_name);
if (!f)
return log_oom();
r = mkdir_p(f, 0755);
if (r < 0)
return r;
r = write_dev_file(image_class, meta_path, overlay_path);
atfd = open(f, O_DIRECTORY|O_CLOEXEC);
if (atfd < 0)
return log_error_errno(errno, "Failed to open directory '%s': %m", f);
r = mac_selinux_fix_full(atfd, NULL, hierarchy, 0);
if (r < 0)
return log_error_errno(r, "Failed to fix SELinux label for '%s': %m", hierarchy);
r = write_extensions_file(image_class, extensions, meta_path, hierarchy);
if (r < 0)
return r;
r = write_work_dir_file(image_class, meta_path, work_dir);
r = write_dev_file(image_class, meta_path, overlay_path, hierarchy);
if (r < 0)
return r;
r = write_work_dir_file(image_class, meta_path, work_dir, hierarchy);
if (r < 0)
return r;
@ -1501,6 +1553,8 @@ static int merge_hierarchy(
assert(overlay_path);
assert(workspace_path);
mac_selinux_init();
r = determine_used_extensions(hierarchy, paths, &used_paths, &extensions_used);
if (r < 0)
return r;
@ -1528,7 +1582,7 @@ static int merge_hierarchy(
if (r < 0)
return r;
r = store_info_in_meta(image_class, extensions, meta_path, overlay_path, op->work_dir);
r = store_info_in_meta(image_class, extensions, meta_path, overlay_path, op->work_dir, op->hierarchy);
if (r < 0)
return r;

View File

@ -16,6 +16,7 @@
#include "varlink-io.systemd.Journal.h"
#include "varlink-io.systemd.Machine.h"
#include "varlink-io.systemd.MachineImage.h"
#include "varlink-io.systemd.Manager.h"
#include "varlink-io.systemd.ManagedOOM.h"
#include "varlink-io.systemd.MountFileSystem.h"
#include "varlink-io.systemd.NamespaceResource.h"
@ -24,6 +25,7 @@
#include "varlink-io.systemd.PCRLock.h"
#include "varlink-io.systemd.Resolve.h"
#include "varlink-io.systemd.Resolve.Monitor.h"
#include "varlink-io.systemd.Unit.h"
#include "varlink-io.systemd.UserDatabase.h"
#include "varlink-io.systemd.oom.h"
#include "varlink-io.systemd.service.h"
@ -193,6 +195,10 @@ TEST(parse_format) {
print_separator();
test_parse_format_one(&vl_interface_io_systemd_MachineImage);
print_separator();
test_parse_format_one(&vl_interface_io_systemd_Manager);
print_separator();
test_parse_format_one(&vl_interface_io_systemd_Unit);
print_separator();
test_parse_format_one(&vl_interface_xyz_test);
}

View File

@ -292,7 +292,7 @@ int udev_ctrl_start(UdevCtrl *uctrl, udev_ctrl_handler_t callback, void *userdat
int udev_ctrl_send(UdevCtrl *uctrl, UdevCtrlMessageType type, const void *data) {
UdevCtrlMessageWire ctrl_msg_wire = {
.version = "udev-" STRINGIFY(PROJECT_VERSION),
.version = "udev-" PROJECT_VERSION_STR,
.magic = UDEV_CTRL_MAGIC,
.type = type,
};

View File

@ -19,6 +19,6 @@ int lock_main(int argc, char *argv[], void *userdata);
static inline int print_version(void) {
/* Dracut relies on the version being a single integer */
puts(STRINGIFY(PROJECT_VERSION));
puts(PROJECT_VERSION_STR);
return 0;
}

View File

@ -29,7 +29,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
timespec_load_nsec(ts)) < 0)
return log_oom();
r = write_string_file_full(AT_FDCWD, path, message, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_LABEL, ts);
r = write_string_file_full(AT_FDCWD, path, message, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_LABEL, ts, NULL);
if (r == -EROFS)
log_debug_errno(r, "Cannot create \"%s\", file system is read-only.", path);
else if (r < 0)

View File

@ -22,6 +22,11 @@ trap at_exit EXIT
systemctl service-log-level systemd-machined debug
systemctl service-log-level systemd-importd debug
# per request in https://github.com/systemd/systemd/pull/35117
systemctl edit --runtime --stdin 'systemd-nspawn@.service' --drop-in=debug.conf <<EOF
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
EOF
# Mount temporary directory over /var/lib/machines to not pollute the image
mkdir -p /var/lib/machines
@ -278,13 +283,13 @@ varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List
# sending TRAP signal
rm -f /var/lib/machines/long-running/trap
varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.Kill '{"name":"long-running", "whom": "leader", "signal": 5}'
timeout 30 bash -c "until test -e /var/lib/machines/long-running/trap; do sleep .5; done"
timeout 120 bash -c "until test -e /var/lib/machines/long-running/trap; do sleep .5; done"
# test io.systemd.Machine.Terminate
long_running_machine_start
rm -f /var/lib/machines/long-running/terminate
varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.Terminate '{"name":"long-running"}'
timeout 10 bash -c "until test -e /var/lib/machines/long-running/terminate; do sleep .5; done"
timeout 30 bash -c "until test -e /var/lib/machines/long-running/terminate; do sleep .5; done"
timeout 30 bash -c "while varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{\"name\":\"long-running\"}'; do sleep 0.5; done"
# test io.systemd.Machine.Register
@ -356,7 +361,7 @@ journalctl --sync
machinectl terminate container-without-os-release
machinectl terminate long-running
# wait for the container being stopped, otherwise acquiring image metadata by io.systemd.MachineImage.List may fail in the below.
timeout 10 bash -c "while machinectl status long-running &>/dev/null; do sleep .5; done"
timeout 30 bash -c "while machinectl status long-running &>/dev/null; do sleep .5; done"
systemctl kill --signal=KILL systemd-nspawn@long-running.service || :
(ip addr show lo | grep -q 192.168.1.100) || ip address add 192.168.1.100/24 dev lo

View File

@ -160,3 +160,24 @@ done
varlinkctl info /run/systemd/io.systemd.Hostname
varlinkctl introspect /run/systemd/io.systemd.Hostname io.systemd.Hostname
varlinkctl call /run/systemd/io.systemd.Hostname io.systemd.Hostname.Describe '{}'
# test io.systemd.Manager
varlinkctl info /run/systemd/io.systemd.Manager
varlinkctl introspect /run/systemd/io.systemd.Manager io.systemd.Manager
varlinkctl call /run/systemd/io.systemd.Manager io.systemd.Manager.Describe '{}'
# test io.system.Unit
varlinkctl info /run/systemd/unit/io.systemd.Unit
varlinkctl introspect /run/systemd/unit/io.systemd.Unit io.systemd.Unit
varlinkctl --more call /run/systemd/unit/io.systemd.Unit io.systemd.Unit.List '{}'
# test io.systemd.Manager in user manager
systemctl start user@4711
varlinkctl info /run/user/4711/systemd/io.systemd.Manager
varlinkctl introspect /run/user/4711/systemd/io.systemd.Manager
varlinkctl call /run/user/4711/systemd/io.systemd.Manager io.systemd.Manager.Describe '{}'
# test io.systemd.Unit in user manager
varlinkctl info /run/user/4711/systemd/unit/io.systemd.Unit
varlinkctl introspect /run/user/4711/systemd/unit/io.systemd.Unit
varlinkctl --more call /run/user/4711/systemd/unit/io.systemd.Unit io.systemd.Unit.List '{}'