mirror of
https://github.com/systemd/systemd
synced 2025-10-05 11:44:45 +02:00
Compare commits
13 Commits
7e7b0e2198
...
e6fda8f675
| Author | SHA1 | Date | |
|---|---|---|---|
|
e6fda8f675 | ||
|
|
d4bb2b0b4e | ||
|
|
ccd593a61c | ||
|
|
d229704743 | ||
|
|
de0b89913c | ||
|
|
965984240e | ||
|
|
c23bb96b38 | ||
|
|
24063ba16a | ||
|
|
1a71fe4ee5 | ||
|
|
4cba52cc7a | ||
|
|
fbdacd7268 | ||
|
|
7e0ed2e9a2 | ||
|
|
0e557eef37 |
2
NEWS
2
NEWS
@ -251,7 +251,7 @@ CHANGES WITH 248:
|
||||
be restored for individual services with NoExecPaths=/dev (or by allow-
|
||||
listing and excluding /dev from ExecPaths=).
|
||||
|
||||
* Permissions for /dev/vsock are now set to 0666, and /dev/vhost-vsock
|
||||
* Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
|
||||
and /dev/vhost-net are owned by the kvm group.
|
||||
|
||||
* The hardware database has been extended with a list of fingerprint
|
||||
|
||||
5
TODO
5
TODO
@ -22,6 +22,11 @@ Janitorial Clean-ups:
|
||||
|
||||
Features:
|
||||
|
||||
* systemd-repart: read LUKS encryption key from $CREDENTIALS_PATH
|
||||
|
||||
* introduce /dev/disk/root/* symlinks that allow referencing partitions on the
|
||||
disk the rootfs is on in a reasonably secure way.
|
||||
|
||||
* systemd-repart: add a switch to factory reset the partition table without
|
||||
immediately applying the new configuration again. i.e. --factory-reset=leave
|
||||
or so. (this is useful to factory reset an image, then putting it into
|
||||
|
||||
@ -26,11 +26,10 @@
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para>A unit configuration file whose name ends in
|
||||
<literal>.device</literal> encodes information about a device unit
|
||||
as exposed in the
|
||||
sysfs/<citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
device tree.</para>
|
||||
<para>A unit configuration file whose name ends in <literal>.device</literal> encodes information about a
|
||||
device unit as exposed in the
|
||||
sysfs/<citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry> device
|
||||
tree. This may be used to define dependencies between devices and other units.</para>
|
||||
|
||||
<para>This unit type has no specific options. See
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
@ -40,14 +39,10 @@
|
||||
sections. A separate [Device] section does not
|
||||
exist, since no device-specific options may be configured.</para>
|
||||
|
||||
<para>systemd will dynamically create device units for all kernel
|
||||
devices that are marked with the "systemd" udev tag (by default
|
||||
all block and network devices, and a few others). This may be used
|
||||
to define dependencies between devices and other units. To tag a
|
||||
udev device, use <literal>TAG+="systemd"</literal> in the udev
|
||||
rules file, see
|
||||
<citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details.</para>
|
||||
<para>systemd will dynamically create device units for all kernel devices that are marked with the
|
||||
<literal>systemd</literal> udev tag (by default all block and network devices, and a few others). Note
|
||||
that <emphasis>if <filename>systemd-udev.service</filename> is not running, no device units will be
|
||||
available (for example in a typical container)</emphasis>.</para>
|
||||
|
||||
<para>Device units are named after the <filename>/sys/</filename>
|
||||
and <filename>/dev/</filename> paths they control. Example: the
|
||||
@ -57,6 +52,10 @@
|
||||
name see
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
|
||||
<para>To tag a udev device, use <literal>TAG+="systemd"</literal> in the udev rules file, see
|
||||
<citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details.
|
||||
</para>
|
||||
|
||||
<para>Device units will be reloaded by systemd whenever the
|
||||
corresponding device generates a <literal>changed</literal> event.
|
||||
Other units can use <varname>ReloadPropagatedFrom=</varname> to react
|
||||
|
||||
@ -31,20 +31,20 @@ __get_machines() {
|
||||
|
||||
_systemd_run() {
|
||||
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
|
||||
local OPTS='-h --help --version --user --system --scope --unit --description --slice
|
||||
-r --remain-after-exit --send-sighup -H --host -M --machine --service-type
|
||||
--on-active --on-boot --on-startup --on-unit-active --on-unit-inactive
|
||||
--on-calendar --timer-property --path-property --socket-property -t --pty
|
||||
-q --quiet --no-block --uid --gid --nice -E --setenv -p --property
|
||||
--no-ask-password --wait -P --pipe -G --collect --working-directory
|
||||
-d --same-dir -S --shell'
|
||||
local OPTS='--no-ask-password --scope -u --unit -p --property --description --slice --slice-inherit
|
||||
-r --remain-after-exit --send-sighup --service-type --uid --gid --nice
|
||||
--working-directory -d --same-dir -E --setenv -t --pty -P --pipe -S --shell -q --quiet
|
||||
--on-active --on-boot --on-startup --on-unit-active --on-unit-inactive --on-calendar
|
||||
--on-clock-change --on-timezone-change --path-property --socket-property
|
||||
--timer-property --no-block --wait -G --collect --user --system -H --host -M --machine
|
||||
-h --help --version'
|
||||
|
||||
local mode=--system
|
||||
local i
|
||||
local opts_with_values=(
|
||||
--unit --description --slice --service-type -H --host -M --machine -p --property --on-active
|
||||
--on-boot --on-startup --on-unit-active --on-unit-inactive --on-calendar --timer-property
|
||||
--path-property --socket-property --uid --gid --nice -E --setenv --working-directory
|
||||
--unit -p --property --slice --description --service-type --uid --gid --nice --working-directory
|
||||
-E --setenv --on-active --on-boot --on-startup --on-unit-active --on-unit-inactive --on-calendar
|
||||
--path-property --socket-property --timer-property -H --host -M --machine
|
||||
)
|
||||
for (( i=1; i <= COMP_CWORD; i++ )); do
|
||||
if [[ ${COMP_WORDS[i]} != -* ]]; then
|
||||
|
||||
@ -23,13 +23,25 @@ __systemctl() {
|
||||
}
|
||||
|
||||
_arguments \
|
||||
{-G,--collect}'[Unload the transient unit after it completed]' \
|
||||
'--description=[Description for unit]:description' \
|
||||
'--gid=[Run as system group]:group:_groups' \
|
||||
{-h,--help}'[Show help message]' \
|
||||
'--version[Show package version]' \
|
||||
'--user[Run as user unit]' \
|
||||
{-H+,--host=}'[Operate on remote host]:[user@]host:_sd_hosts_or_user_at_host' \
|
||||
{-M+,--machine=}'[Operate on local container]:machines:_sd_machines' \
|
||||
'--scope[Run this as scope rather than service]' \
|
||||
'--unit=[Run under the specified unit name]:unit name' \
|
||||
'--nice=[Nice level]:nice level' \
|
||||
'--no-ask-password[Do not query the user for authentication]' \
|
||||
'--no-block[Do not synchronously wait for the unit start operation to finish]' \
|
||||
'--on-active=[Run after SEC seconds]:SEC' \
|
||||
'--on-boot=[Run SEC seconds after machine was booted up]:SEC' \
|
||||
'--on-calendar=[Realtime timer]:SPEC' \
|
||||
'--on-clock-change[Defines a trigger based on system clock jumps]' \
|
||||
'--on-startup=[Run SEC seconds after systemd was first started]:SEC' \
|
||||
'--on-timezone-change[Defines a trigger based on system timezone changes]' \
|
||||
'--on-unit-active=[Run SEC seconds after the last activation]:SEC' \
|
||||
'--on-unit-inactive=[Run SEC seconds after the last deactivation]:SEC' \
|
||||
'--path-property=[Set path unit property]:NAME=VALUE' \
|
||||
{-P,--pipe}'[Inherit standard input, output, and error]' \
|
||||
{-p+,--property=}'[Set unit property]:NAME=VALUE:(( \
|
||||
CPUAccounting= MemoryAccounting= BlockIOAccounting= SendSIGHUP= \
|
||||
SendSIGKILL= MemoryLimit= CPUShares= BlockIOWeight= User= Group= \
|
||||
@ -45,21 +57,24 @@ _arguments \
|
||||
ReadOnlyPaths= InaccessiblePaths= EnvironmentFile= \
|
||||
ProtectSystem= ProtectHome= RuntimeDirectory= PassEnvironment= \
|
||||
))' \
|
||||
'--description=[Description for unit]:description' \
|
||||
'--slice=[Run in the specified slice]:slices:__systemd-run_slices' \
|
||||
{-t,--pty}'[The service connects to the terminal]' \
|
||||
{-q,--quiet}'[Suppresses additional informational output]' \
|
||||
{-r,--remain-after-exit}'[Leave service around until explicitly stopped]' \
|
||||
{-d,--same-dir}'[Run on the current working directory]' \
|
||||
'--scope[Run this as scope rather than service]' \
|
||||
'--send-sighup[Send SIGHUP when terminating]' \
|
||||
'--service-type=[Service type]:type:(simple forking oneshot dbus notify idle)' \
|
||||
'--uid=[Run as system user]:user:_users' \
|
||||
'--gid=[Run as system group]:group:_groups' \
|
||||
'--nice=[Nice level]:nice level' \
|
||||
'--setenv=[Set environment]:NAME=VALUE' \
|
||||
'--on-active=[Run after SEC seconds]:SEC' \
|
||||
'--on-boot=[Run SEC seconds after machine was booted up]:SEC' \
|
||||
'--on-startup=[Run SEC seconds after systemd was first started]:SEC' \
|
||||
'--on-unit-active=[Run SEC seconds after the last activation]:SEC' \
|
||||
'--on-unit-inactive=[Run SEC seconds after the last deactivation]:SEC' \
|
||||
'--on-calendar=[Realtime timer]:SPEC' \
|
||||
{-E+,--setenv=}'[Set environment]:NAME=VALUE' \
|
||||
{-S,--shell}'[requests an interactive shell in the current working directory]' \
|
||||
'--slice=[Run in the specified slice]:slices:__systemd-run_slices' \
|
||||
'--slice-inherit[Run in the inherited slice]' \
|
||||
'--socket-property=[Set socket unit property]:NAME=VALUE' \
|
||||
'--system[Run as system unit]' \
|
||||
'--timer-property=[Set timer unit property]:NAME=VALUE' \
|
||||
'--uid=[Run as system user]:user:_users' \
|
||||
{-u+,--unit=}'[Run under the specified unit name]:unit name' \
|
||||
'--user[Run as user unit]' \
|
||||
'--version[Show package version]' \
|
||||
'--wait=[Wait until service stopped again]' \
|
||||
'--working-directory=[Run with the specified working directory]' \
|
||||
'*::command:_command'
|
||||
|
||||
@ -252,11 +252,14 @@ int log_open(void) {
|
||||
|
||||
/* Do not call from library code. */
|
||||
|
||||
/* If we don't use the console we close it here, to not get
|
||||
* killed by SAK. If we don't use syslog we close it here so
|
||||
* that we are not confused by somebody deleting the socket in
|
||||
* the fs, and to make sure we don't use it if prohibit_ipc is
|
||||
* set. If we don't use /dev/kmsg we still keep it open,
|
||||
/* This function is often called in preparation for logging. Let's make sure we don't clobber errno,
|
||||
* so that a call to a logging function immediately following a log_open() call can still easily
|
||||
* reference an error that happened immediately before the log_open() call. */
|
||||
PROTECT_ERRNO;
|
||||
|
||||
/* If we don't use the console, we close it here to not get killed by SAK. If we don't use syslog, we
|
||||
* close it here too, so that we are not confused by somebody deleting the socket in the fs, and to
|
||||
* make sure we don't use it if prohibit_ipc is set. If we don't use /dev/kmsg we still keep it open,
|
||||
* because there is no reason to close it. */
|
||||
|
||||
if (log_target == LOG_TARGET_NULL) {
|
||||
|
||||
@ -1467,7 +1467,11 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret
|
||||
|
||||
/* Spawns a temporary TTY agent, making sure it goes away when we go away */
|
||||
|
||||
r = safe_fork_full(name, except, n_except, FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS, ret_pid);
|
||||
r = safe_fork_full(name,
|
||||
except,
|
||||
n_except,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG,
|
||||
ret_pid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0)
|
||||
|
||||
@ -1007,7 +1007,7 @@ static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord
|
||||
|
||||
r = safe_fork_full("(sd-homework)",
|
||||
(int[]) { stdin_fd, stdout_fd }, 2,
|
||||
FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG, &pid);
|
||||
FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_REOPEN_LOG, &pid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
@ -1838,7 +1838,9 @@ int home_killall(Home *h) {
|
||||
assert(h->uid > 0); /* We never should be UID 0 */
|
||||
|
||||
/* Let's kill everything matching the specified UID */
|
||||
r = safe_fork("(sd-killer)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG, NULL);
|
||||
r = safe_fork("(sd-killer)",
|
||||
FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
|
||||
NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
|
||||
@ -324,7 +324,9 @@ int home_prepare_fscrypt(
|
||||
/* Also install the access key in the user's own keyring */
|
||||
|
||||
if (uid_is_valid(h->uid)) {
|
||||
r = safe_fork("(sd-addkey)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
|
||||
r = safe_fork("(sd-addkey)",
|
||||
FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_REOPEN_LOG,
|
||||
NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed install encryption key in user's keyring: %m");
|
||||
if (r == 0) {
|
||||
|
||||
@ -199,12 +199,15 @@ static int run_fsck(const char *node, const char *fstype) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = safe_fork("(fsck)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &fsck_pid);
|
||||
r = safe_fork("(fsck)",
|
||||
FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
|
||||
&fsck_pid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
/* Child */
|
||||
execl("/sbin/fsck", "/sbin/fsck", "-aTl", node, NULL);
|
||||
log_open();
|
||||
log_error_errno(errno, "Failed to execute fsck: %m");
|
||||
_exit(FSCK_OPERATIONAL_ERROR);
|
||||
}
|
||||
@ -2351,12 +2354,15 @@ static int ext4_offline_resize_fs(HomeSetup *setup, uint64_t new_size, bool disc
|
||||
log_info("Temporary unmounting of file system completed.");
|
||||
|
||||
/* resize2fs requires that the file system is force checked first, do so. */
|
||||
r = safe_fork("(e2fsck)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &fsck_pid);
|
||||
r = safe_fork("(e2fsck)",
|
||||
FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
|
||||
&fsck_pid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
/* Child */
|
||||
execlp("e2fsck" ,"e2fsck", "-fp", setup->dm_node, NULL);
|
||||
log_open();
|
||||
log_error_errno(errno, "Failed to execute e2fsck: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
@ -2380,12 +2386,15 @@ static int ext4_offline_resize_fs(HomeSetup *setup, uint64_t new_size, bool disc
|
||||
return log_oom();
|
||||
|
||||
/* Resize the thing */
|
||||
r = safe_fork("(e2resize)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR, &resize_pid);
|
||||
r = safe_fork("(e2resize)",
|
||||
FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
|
||||
&resize_pid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
/* Child */
|
||||
execlp("resize2fs" ,"resize2fs", setup->dm_node, size_str, NULL);
|
||||
log_open();
|
||||
log_error_errno(errno, "Failed to execute resize2fs: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
@ -137,7 +137,7 @@ static int brightness_writer_fork(BrightnessWriter *w) {
|
||||
assert(w->child == 0);
|
||||
assert(!w->child_event_source);
|
||||
|
||||
r = safe_fork("(sd-bright)", FORK_DEATHSIG|FORK_NULL_STDIO|FORK_CLOSE_ALL_FDS|FORK_LOG, &w->child);
|
||||
r = safe_fork("(sd-bright)", FORK_DEATHSIG|FORK_NULL_STDIO|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_REOPEN_LOG, &w->child);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
|
||||
@ -433,6 +433,14 @@ int dns_query_new(
|
||||
} else {
|
||||
bool good = false;
|
||||
|
||||
/* This (primarily) checks two things:
|
||||
*
|
||||
* 1. That the question is not empty
|
||||
* 2. That all RR keys in the question objects are for the same domain
|
||||
*
|
||||
* Or in other words, a single DnsQuery object may be used to look up A+AAAA combination for
|
||||
* the same domain name, or SRV+TXT (for DNS-SD services), but not for unrelated lookups. */
|
||||
|
||||
if (dns_question_size(question_utf8) > 0) {
|
||||
r = dns_question_is_valid_for_query(question_utf8);
|
||||
if (r < 0)
|
||||
@ -982,12 +990,12 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
|
||||
r = dns_question_cname_redirect(q->question_idna, cname, &nq_idna);
|
||||
if (r < 0)
|
||||
return r;
|
||||
else if (r > 0)
|
||||
if (r > 0)
|
||||
log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q->question_idna), dns_question_first_name(nq_idna));
|
||||
|
||||
k = dns_question_is_equal(q->question_idna, q->question_utf8);
|
||||
if (k < 0)
|
||||
return r;
|
||||
return k;
|
||||
if (k > 0) {
|
||||
/* Same question? Shortcut new question generation */
|
||||
nq_utf8 = dns_question_ref(nq_idna);
|
||||
@ -996,7 +1004,7 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
|
||||
k = dns_question_cname_redirect(q->question_utf8, cname, &nq_utf8);
|
||||
if (k < 0)
|
||||
return k;
|
||||
else if (k > 0)
|
||||
if (k > 0)
|
||||
log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q->question_utf8), dns_question_first_name(nq_utf8));
|
||||
}
|
||||
|
||||
@ -1032,6 +1040,8 @@ int dns_query_process_cname(DnsQuery *q) {
|
||||
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *cname = NULL;
|
||||
DnsQuestion *question;
|
||||
DnsResourceRecord *rr;
|
||||
bool full_match = true;
|
||||
DnsResourceKey *k;
|
||||
int r;
|
||||
|
||||
assert(q);
|
||||
@ -1041,13 +1051,44 @@ int dns_query_process_cname(DnsQuery *q) {
|
||||
|
||||
question = dns_query_question_for_protocol(q, q->answer_protocol);
|
||||
|
||||
/* Small reminder: our question will consist of one or more RR keys that match in name, but not in
|
||||
* record type. Specifically, when we do an address lookup the question will typically consist of one
|
||||
* A and one AAAA key lookup for the same domain name. When we get a response from a server we need
|
||||
* to check if the answer answers all our questions to use it. Note that a response of CNAME/DNAME
|
||||
* can answer both an A and the AAAA question for us, but an A/AAAA response only the relevant
|
||||
* type.
|
||||
*
|
||||
* Hence we first check of the answers we collected are sufficient to answer all our questions
|
||||
* directly. If one question wasn't answered we go on, waiting for more replies. However, if there's
|
||||
* a CNAME/DNAME response we use it, and redirect to it, regardless if it was a response to the A or
|
||||
* the AAAA query.*/
|
||||
|
||||
DNS_QUESTION_FOREACH(k, question) {
|
||||
bool match = false;
|
||||
|
||||
DNS_ANSWER_FOREACH(rr, q->answer) {
|
||||
r = dns_question_matches_rr(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
|
||||
r = dns_resource_key_match_rr(k, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0)
|
||||
return DNS_QUERY_MATCH; /* The answer matches directly, no need to follow cnames */
|
||||
if (r > 0) {
|
||||
match = true; /* Yay, we found an RR that matches the key we are looking for */
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!match) {
|
||||
/* Hmm. :-( there's no response for this key. This doesn't match. */
|
||||
full_match = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (full_match)
|
||||
return DNS_QUERY_MATCH; /* The answer can answer our question in full, no need to follow CNAMEs/DNAMEs */
|
||||
|
||||
/* Let's see if there is a CNAME/DNAME to match. This case is simpler: we accept the CNAME/DNAME that
|
||||
* matches any of our questions. */
|
||||
DNS_ANSWER_FOREACH(rr, q->answer) {
|
||||
r = dns_question_matches_cname_or_dname(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -1056,7 +1097,7 @@ int dns_query_process_cname(DnsQuery *q) {
|
||||
}
|
||||
|
||||
if (!cname)
|
||||
return DNS_QUERY_NOMATCH; /* No match and no cname to follow */
|
||||
return DNS_QUERY_NOMATCH; /* No match and no CNAME/DNAME to follow */
|
||||
|
||||
if (q->flags & SD_RESOLVED_NO_CNAME)
|
||||
return -ELOOP;
|
||||
|
||||
@ -45,7 +45,14 @@ struct DnsQuery {
|
||||
* that even on classic DNS some labels might use UTF8 encoding. Specifically, DNS-SD service names
|
||||
* (in contrast to their domain suffixes) use UTF-8 encoding even on DNS. Thus, the difference
|
||||
* between these two fields is mostly relevant only for explicit *hostname* lookups as well as the
|
||||
* domain suffixes of service lookups. */
|
||||
* domain suffixes of service lookups.
|
||||
*
|
||||
* Note that questions may consist of multiple RR keys at once, but they must be for the same domain
|
||||
* name. This is used for A+AAAA and TXT+SRV lookups: we'll allocate a single DnsQuery object for
|
||||
* them instead of two separate ones. That allows us minor optimizations with response handling:
|
||||
* CNAME/DNAMEs of the first reply we get can already be used to follow the CNAME/DNAME chain for
|
||||
* both, and we can take benefit of server replies that oftentimes put A responses into AAAA queries
|
||||
* and vice versa (in the additional section). */
|
||||
DnsQuestion *question_idna;
|
||||
DnsQuestion *question_utf8;
|
||||
|
||||
|
||||
@ -1287,6 +1287,7 @@ static int run_fsck(const char *node, const char *fstype) {
|
||||
if (r == 0) {
|
||||
/* Child */
|
||||
execl("/sbin/fsck", "/sbin/fsck", "-aT", node, NULL);
|
||||
log_open();
|
||||
log_debug_errno(errno, "Failed to execl() fsck: %m");
|
||||
_exit(FSCK_OPERATIONAL_ERROR);
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user