unit-file: tighten unit file discovery checks

Only accept DT_REG/DT_LNK/DT_DIR entries, ignore all others.

Only accpet DT_REG/DT_LNK for file names that are valid unit file names.

Only accept DT_DIR for filenames that are valid unit file names which
are suffixed by .d, .wants, .requires

This doesn't really fix any bugs, but tightens what we insert into the
lookup tables.

src/basic/chase-symlinks.c

@@ -0,0 +1,552 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <linux/magic.h>
+
+#include "alloc-util.h"
+#include "chase-symlinks.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "glyph-util.h"
+#include "log.h"
+#include "path-util.h"
+#include "string-util.h"
+#include "user-util.h"
+
+bool unsafe_transition(const struct stat *a, const struct stat *b) {
+        /* Returns true if the transition from a to b is safe, i.e. that we never transition from unprivileged to
+         * privileged files or directories. Why bother? So that unprivileged code can't symlink to privileged files
+         * making us believe we read something safe even though it isn't safe in the specific context we open it in. */
+
+        if (a->st_uid == 0) /* Transitioning from privileged to unprivileged is always fine */
+                return false;
+
+        return a->st_uid != b->st_uid; /* Otherwise we need to stay within the same UID */
+}
+
+static int log_unsafe_transition(int a, int b, const char *path, unsigned flags) {
+        _cleanup_free_ char *n1 = NULL, *n2 = NULL, *user_a = NULL, *user_b = NULL;
+        struct stat st;
+
+        if (!FLAGS_SET(flags, CHASE_WARN))
+                return -ENOLINK;
+
+        (void) fd_get_path(a, &n1);
+        (void) fd_get_path(b, &n2);
+
+        if (fstat(a, &st) == 0)
+                user_a = uid_to_name(st.st_uid);
+        if (fstat(b, &st) == 0)
+                user_b = uid_to_name(st.st_uid);
+
+        return log_warning_errno(SYNTHETIC_ERRNO(ENOLINK),
+                                 "Detected unsafe path transition %s (owned by %s) %s %s (owned by %s) during canonicalization of %s.",
+                                 strna(n1), strna(user_a), special_glyph(SPECIAL_GLYPH_ARROW), strna(n2), strna(user_b), path);
+}
+
+static int log_autofs_mount_point(int fd, const char *path, unsigned flags) {
+        _cleanup_free_ char *n1 = NULL;
+
+        if (!FLAGS_SET(flags, CHASE_WARN))
+                return -EREMOTE;
+
+        (void) fd_get_path(fd, &n1);
+
+        return log_warning_errno(SYNTHETIC_ERRNO(EREMOTE),
+                                 "Detected autofs mount point %s during canonicalization of %s.",
+                                 strna(n1), path);
+}
+
+int chase_symlinks(const char *path, const char *original_root, unsigned flags, char **ret_path, int *ret_fd) {
+        _cleanup_free_ char *buffer = NULL, *done = NULL, *root = NULL;
+        _cleanup_close_ int fd = -1;
+        unsigned max_follow = CHASE_SYMLINKS_MAX; /* how many symlinks to follow before giving up and returning ELOOP */
+        bool exists = true, append_trail_slash = false;
+        struct stat previous_stat;
+        const char *todo;
+        int r;
+
+        assert(path);
+
+        /* Either the file may be missing, or we return an fd to the final object, but both make no sense */
+        if ((flags & CHASE_NONEXISTENT) && ret_fd)
+                return -EINVAL;
+
+        if ((flags & CHASE_STEP) && ret_fd)
+                return -EINVAL;
+
+        if (isempty(path))
+                return -EINVAL;
+
+        /* This is a lot like canonicalize_file_name(), but takes an additional "root" parameter, that allows following
+         * symlinks relative to a root directory, instead of the root of the host.
+         *
+         * Note that "root" primarily matters if we encounter an absolute symlink. It is also used when following
+         * relative symlinks to ensure they cannot be used to "escape" the root directory. The path parameter passed is
+         * assumed to be already prefixed by it, except if the CHASE_PREFIX_ROOT flag is set, in which case it is first
+         * prefixed accordingly.
+         *
+         * Algorithmically this operates on two path buffers: "done" are the components of the path we already
+         * processed and resolved symlinks, "." and ".." of. "todo" are the components of the path we still need to
+         * process. On each iteration, we move one component from "todo" to "done", processing it's special meaning
+         * each time. The "todo" path always starts with at least one slash, the "done" path always ends in no
+         * slash. We always keep an O_PATH fd to the component we are currently processing, thus keeping lookup races
+         * to a minimum.
+         *
+         * Suggested usage: whenever you want to canonicalize a path, use this function. Pass the absolute path you got
+         * as-is: fully qualified and relative to your host's root. Optionally, specify the root parameter to tell this
+         * function what to do when encountering a symlink with an absolute path as directory: prefix it by the
+         * specified path.
+         *
+         * There are five ways to invoke this function:
+         *
+         * 1. Without CHASE_STEP or ret_fd: in this case the path is resolved and the normalized path is
+         *    returned in `ret_path`. The return value is < 0 on error. If CHASE_NONEXISTENT is also set, 0
+         *    is returned if the file doesn't exist, > 0 otherwise. If CHASE_NONEXISTENT is not set, >= 0 is
+         *    returned if the destination was found, -ENOENT if it wasn't.
+         *
+         * 2. With ret_fd: in this case the destination is opened after chasing it as O_PATH and this file
+         *    descriptor is returned as return value. This is useful to open files relative to some root
+         *    directory. Note that the returned O_PATH file descriptors must be converted into a regular one (using
+         *    fd_reopen() or such) before it can be used for reading/writing. ret_fd may not be combined with
+         *    CHASE_NONEXISTENT.
+         *
+         * 3. With CHASE_STEP: in this case only a single step of the normalization is executed, i.e. only the first
+         *    symlink or ".." component of the path is resolved, and the resulting path is returned. This is useful if
+         *    a caller wants to trace the path through the file system verbosely. Returns < 0 on error, > 0 if the
+         *    path is fully normalized, and == 0 for each normalization step. This may be combined with
+         *    CHASE_NONEXISTENT, in which case 1 is returned when a component is not found.
+         *
+         * 4. With CHASE_SAFE: in this case the path must not contain unsafe transitions, i.e. transitions from
+         *    unprivileged to privileged files or directories. In such cases the return value is -ENOLINK. If
+         *    CHASE_WARN is also set, a warning describing the unsafe transition is emitted.
+         *
+         * 5. With CHASE_NO_AUTOFS: in this case if an autofs mount point is encountered, path normalization
+         *    is aborted and -EREMOTE is returned. If CHASE_WARN is also set, a warning showing the path of
+         *    the mount point is emitted.
+         */
+
+        /* A root directory of "/" or "" is identical to none */
+        if (empty_or_root(original_root))
+                original_root = NULL;
+
+        if (!original_root && !ret_path && !(flags & (CHASE_NONEXISTENT|CHASE_NO_AUTOFS|CHASE_SAFE|CHASE_STEP)) && ret_fd) {
+                /* Shortcut the ret_fd case if the caller isn't interested in the actual path and has no root set
+                 * and doesn't care about any of the other special features we provide either. */
+                r = open(path, O_PATH|O_CLOEXEC|((flags & CHASE_NOFOLLOW) ? O_NOFOLLOW : 0));
+                if (r < 0)
+                        return -errno;
+
+                *ret_fd = r;
+                return 0;
+        }
+
+        if (original_root) {
+                r = path_make_absolute_cwd(original_root, &root);
+                if (r < 0)
+                        return r;
+
+                /* Simplify the root directory, so that it has no duplicate slashes and nothing at the
+                 * end. While we won't resolve the root path we still simplify it. Note that dropping the
+                 * trailing slash should not change behaviour, since when opening it we specify O_DIRECTORY
+                 * anyway. Moreover at the end of this function after processing everything we'll always turn
+                 * the empty string back to "/". */
+                delete_trailing_chars(root, "/");
+                path_simplify(root);
+
+                if (flags & CHASE_PREFIX_ROOT) {
+                        /* We don't support relative paths in combination with a root directory */
+                        if (!path_is_absolute(path))
+                                return -EINVAL;
+
+                        path = prefix_roota(root, path);
+                }
+        }
+
+        r = path_make_absolute_cwd(path, &buffer);
+        if (r < 0)
+                return r;
+
+        fd = open(root ?: "/", O_CLOEXEC|O_DIRECTORY|O_PATH);
+        if (fd < 0)
+                return -errno;
+
+        if (flags & CHASE_SAFE)
+                if (fstat(fd, &previous_stat) < 0)
+                        return -errno;
+
+        if (flags & CHASE_TRAIL_SLASH)
+                append_trail_slash = endswith(buffer, "/") || endswith(buffer, "/.");
+
+        if (root) {
+                /* If we are operating on a root directory, let's take the root directory as it is. */
+
+                todo = path_startswith(buffer, root);
+                if (!todo)
+                        return log_full_errno(flags & CHASE_WARN ? LOG_WARNING : LOG_DEBUG,
+                                              SYNTHETIC_ERRNO(ECHRNG),
+                                              "Specified path '%s' is outside of specified root directory '%s', refusing to resolve.",
+                                              path, root);
+
+                done = strdup(root);
+        } else {
+                todo = buffer;
+                done = strdup("/");
+        }
+
+        for (;;) {
+                _cleanup_free_ char *first = NULL;
+                _cleanup_close_ int child = -1;
+                struct stat st;
+                const char *e;
+
+                r = path_find_first_component(&todo, true, &e);
+                if (r < 0)
+                        return r;
+                if (r == 0) { /* We reached the end. */
+                        if (append_trail_slash)
+                                if (!strextend(&done, "/"))
+                                        return -ENOMEM;
+                        break;
+                }
+
+                first = strndup(e, r);
+                if (!first)
+                        return -ENOMEM;
+
+                /* Two dots? Then chop off the last bit of what we already found out. */
+                if (path_equal(first, "..")) {
+                        _cleanup_free_ char *parent = NULL;
+                        _cleanup_close_ int fd_parent = -1;
+
+                        /* If we already are at the top, then going up will not change anything. This is in-line with
+                         * how the kernel handles this. */
+                        if (empty_or_root(done))
+                                continue;
+
+                        parent = dirname_malloc(done);
+                        if (!parent)
+                                return -ENOMEM;
+
+                        /* Don't allow this to leave the root dir.  */
+                        if (root &&
+                            path_startswith(done, root) &&
+                            !path_startswith(parent, root))
+                                continue;
+
+                        free_and_replace(done, parent);
+
+                        if (flags & CHASE_STEP)
+                                goto chased_one;
+
+                        fd_parent = openat(fd, "..", O_CLOEXEC|O_NOFOLLOW|O_PATH);
+                        if (fd_parent < 0)
+                                return -errno;
+
+                        if (flags & CHASE_SAFE) {
+                                if (fstat(fd_parent, &st) < 0)
+                                        return -errno;
+
+                                if (unsafe_transition(&previous_stat, &st))
+                                        return log_unsafe_transition(fd, fd_parent, path, flags);
+
+                                previous_stat = st;
+                        }
+
+                        safe_close(fd);
+                        fd = TAKE_FD(fd_parent);
+
+                        continue;
+                }
+
+                /* Otherwise let's see what this is. */
+                child = openat(fd, first, O_CLOEXEC|O_NOFOLLOW|O_PATH);
+                if (child < 0) {
+                        if (errno == ENOENT &&
+                            (flags & CHASE_NONEXISTENT) &&
+                            (isempty(todo) || path_is_safe(todo))) {
+                                /* If CHASE_NONEXISTENT is set, and the path does not exist, then
+                                 * that's OK, return what we got so far. But don't allow this if the
+                                 * remaining path contains "../" or something else weird. */
+
+                                if (!path_extend(&done, first, todo))
+                                        return -ENOMEM;
+
+                                exists = false;
+                                break;
+                        }
+
+                        return -errno;
+                }
+
+                if (fstat(child, &st) < 0)
+                        return -errno;
+                if ((flags & CHASE_SAFE) &&
+                    unsafe_transition(&previous_stat, &st))
+                        return log_unsafe_transition(fd, child, path, flags);
+
+                previous_stat = st;
+
+                if ((flags & CHASE_NO_AUTOFS) &&
+                    fd_is_fs_type(child, AUTOFS_SUPER_MAGIC) > 0)
+                        return log_autofs_mount_point(child, path, flags);
+
+                if (S_ISLNK(st.st_mode) && !((flags & CHASE_NOFOLLOW) && isempty(todo))) {
+                        _cleanup_free_ char *destination = NULL;
+
+                        /* This is a symlink, in this case read the destination. But let's make sure we
+                         * don't follow symlinks without bounds. */
+                        if (--max_follow <= 0)
+                                return -ELOOP;
+
+                        r = readlinkat_malloc(fd, first, &destination);
+                        if (r < 0)
+                                return r;
+                        if (isempty(destination))
+                                return -EINVAL;
+
+                        if (path_is_absolute(destination)) {
+
+                                /* An absolute destination. Start the loop from the beginning, but use the root
+                                 * directory as base. */
+
+                                safe_close(fd);
+                                fd = open(root ?: "/", O_CLOEXEC|O_DIRECTORY|O_PATH);
+                                if (fd < 0)
+                                        return -errno;
+
+                                if (flags & CHASE_SAFE) {
+                                        if (fstat(fd, &st) < 0)
+                                                return -errno;
+
+                                        if (unsafe_transition(&previous_stat, &st))
+                                                return log_unsafe_transition(child, fd, path, flags);
+
+                                        previous_stat = st;
+                                }
+
+                                /* Note that we do not revalidate the root, we take it as is. */
+                                r = free_and_strdup(&done, empty_to_root(root));
+                                if (r < 0)
+                                        return r;
+                        }
+
+                        /* Prefix what's left to do with what we just read, and start the loop again, but
+                         * remain in the current directory. */
+                        if (!path_extend(&destination, todo))
+                                return -ENOMEM;
+
+                        free_and_replace(buffer, destination);
+                        todo = buffer;
+
+                        if (flags & CHASE_STEP)
+                                goto chased_one;
+
+                        continue;
+                }
+
+                /* If this is not a symlink, then let's just add the name we read to what we already verified. */
+                if (!path_extend(&done, first))
+                        return -ENOMEM;
+
+                /* And iterate again, but go one directory further down. */
+                safe_close(fd);
+                fd = TAKE_FD(child);
+        }
+
+        if (ret_path)
+                *ret_path = TAKE_PTR(done);
+
+        if (ret_fd) {
+                /* Return the O_PATH fd we currently are looking to the caller. It can translate it to a
+                 * proper fd by opening /proc/self/fd/xyz. */
+
+                assert(fd >= 0);
+                *ret_fd = TAKE_FD(fd);
+        }
+
+        if (flags & CHASE_STEP)
+                return 1;
+
+        return exists;
+
+chased_one:
+        if (ret_path) {
+                const char *e;
+
+                /* todo may contain slashes at the beginning. */
+                r = path_find_first_component(&todo, true, &e);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        *ret_path = TAKE_PTR(done);
+                else {
+                        char *c;
+
+                        c = path_join(done, e);
+                        if (!c)
+                                return -ENOMEM;
+
+                        *ret_path = c;
+                }
+        }
+
+        return 0;
+}
+
+int chase_symlinks_and_open(
+                const char *path,
+                const char *root,
+                unsigned chase_flags,
+                int open_flags,
+                char **ret_path) {
+
+        _cleanup_close_ int path_fd = -1;
+        _cleanup_free_ char *p = NULL;
+        int r;
+
+        if (chase_flags & CHASE_NONEXISTENT)
+                return -EINVAL;
+
+        if (empty_or_root(root) && !ret_path && (chase_flags & (CHASE_NO_AUTOFS|CHASE_SAFE)) == 0) {
+                /* Shortcut this call if none of the special features of this call are requested */
+                r = open(path, open_flags);
+                if (r < 0)
+                        return -errno;
+
+                return r;
+        }
+
+        r = chase_symlinks(path, root, chase_flags, ret_path ? &p : NULL, &path_fd);
+        if (r < 0)
+                return r;
+        assert(path_fd >= 0);
+
+        r = fd_reopen(path_fd, open_flags);
+        if (r < 0)
+                return r;
+
+        if (ret_path)
+                *ret_path = TAKE_PTR(p);
+
+        return r;
+}
+
+int chase_symlinks_and_opendir(
+                const char *path,
+                const char *root,
+                unsigned chase_flags,
+                char **ret_path,
+                DIR **ret_dir) {
+
+        _cleanup_close_ int path_fd = -1;
+        _cleanup_free_ char *p = NULL;
+        DIR *d;
+        int r;
+
+        if (!ret_dir)
+                return -EINVAL;
+        if (chase_flags & CHASE_NONEXISTENT)
+                return -EINVAL;
+
+        if (empty_or_root(root) && !ret_path && (chase_flags & (CHASE_NO_AUTOFS|CHASE_SAFE)) == 0) {
+                /* Shortcut this call if none of the special features of this call are requested */
+                d = opendir(path);
+                if (!d)
+                        return -errno;
+
+                *ret_dir = d;
+                return 0;
+        }
+
+        r = chase_symlinks(path, root, chase_flags, ret_path ? &p : NULL, &path_fd);
+        if (r < 0)
+                return r;
+        assert(path_fd >= 0);
+
+        d = opendir(FORMAT_PROC_FD_PATH(path_fd));
+        if (!d)
+                return -errno;
+
+        if (ret_path)
+                *ret_path = TAKE_PTR(p);
+
+        *ret_dir = d;
+        return 0;
+}
+
+int chase_symlinks_and_stat(
+                const char *path,
+                const char *root,
+                unsigned chase_flags,
+                char **ret_path,
+                struct stat *ret_stat,
+                int *ret_fd) {
+
+        _cleanup_close_ int path_fd = -1;
+        _cleanup_free_ char *p = NULL;
+        int r;
+
+        assert(path);
+        assert(ret_stat);
+
+        if (chase_flags & CHASE_NONEXISTENT)
+                return -EINVAL;
+
+        if (empty_or_root(root) && !ret_path && (chase_flags & (CHASE_NO_AUTOFS|CHASE_SAFE)) == 0) {
+                /* Shortcut this call if none of the special features of this call are requested */
+                if (stat(path, ret_stat) < 0)
+                        return -errno;
+
+                return 1;
+        }
+
+        r = chase_symlinks(path, root, chase_flags, ret_path ? &p : NULL, &path_fd);
+        if (r < 0)
+                return r;
+        assert(path_fd >= 0);
+
+        if (fstat(path_fd, ret_stat) < 0)
+                return -errno;
+
+        if (ret_path)
+                *ret_path = TAKE_PTR(p);
+        if (ret_fd)
+                *ret_fd = TAKE_FD(path_fd);
+
+        return 1;
+}
+
+int chase_symlinks_and_fopen_unlocked(
+                const char *path,
+                const char *root,
+                unsigned chase_flags,
+                const char *open_flags,
+                char **ret_path,
+                FILE **ret_file) {
+
+        _cleanup_free_ char *final_path = NULL;
+        _cleanup_close_ int fd = -1;
+        int mode_flags, r;
+
+        assert(path);
+        assert(open_flags);
+        assert(ret_file);
+
+        mode_flags = fopen_mode_to_flags(open_flags);
+        if (mode_flags < 0)
+                return mode_flags;
+
+        fd = chase_symlinks_and_open(path, root, chase_flags, mode_flags, ret_path ? &final_path : NULL);
+        if (fd < 0)
+                return fd;
+
+        r = take_fdopen_unlocked(&fd, open_flags, ret_file);
+        if (r < 0)
+                return r;
+
+        if (ret_path)
+                *ret_path = TAKE_PTR(final_path);
+
+        return 0;
+}

src/basic/chase-symlinks.h

@@ -0,0 +1,32 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <dirent.h>
+#include <stdio.h>
+
+#include "stat-util.h"
+
+enum {
+        CHASE_PREFIX_ROOT = 1 << 0, /* The specified path will be prefixed by the specified root before beginning the iteration */
+        CHASE_NONEXISTENT = 1 << 1, /* It's OK if the path doesn't actually exist. */
+        CHASE_NO_AUTOFS   = 1 << 2, /* Return -EREMOTE if autofs mount point found */
+        CHASE_SAFE        = 1 << 3, /* Return -EPERM if we ever traverse from unprivileged to privileged files or directories */
+        CHASE_TRAIL_SLASH = 1 << 4, /* Any trailing slash will be preserved */
+        CHASE_STEP        = 1 << 5, /* Just execute a single step of the normalization */
+        CHASE_NOFOLLOW    = 1 << 6, /* Do not follow the path's right-most component. With ret_fd, when the path's
+                                     * right-most component refers to symlink, return O_PATH fd of the symlink. */
+        CHASE_WARN        = 1 << 7, /* Emit an appropriate warning when an error is encountered */
+};
+
+bool unsafe_transition(const struct stat *a, const struct stat *b);
+
+/* How many iterations to execute before returning -ELOOP */
+#define CHASE_SYMLINKS_MAX 32
+
+int chase_symlinks(const char *path_with_prefix, const char *root, unsigned flags, char **ret_path, int *ret_fd);
+
+int chase_symlinks_and_open(const char *path, const char *root, unsigned chase_flags, int open_flags, char **ret_path);
+int chase_symlinks_and_opendir(const char *path, const char *root, unsigned chase_flags, char **ret_path, DIR **ret_dir);
+int chase_symlinks_and_stat(const char *path, const char *root, unsigned chase_flags, char **ret_path, struct stat *ret_stat, int *ret_fd);
+
+int chase_symlinks_and_fopen_unlocked(const char *path, const char *root, unsigned chase_flags, const char *open_flags, char **ret_path, FILE **ret_file);

src/basic/env-util.c

@@ -615,6 +615,7 @@ char *replace_env_n(const char *format, size_t n, char **env, unsigned flags) {
 
                                 word = e+1;
                                 state = WORD;
+                                nest--;
                         } else if (*e == ':') {
                                 if (flags & REPLACE_ENV_ALLOW_EXTENDED) {
                                         len = e - word - 2;

src/basic/fileio.c

@@ -13,6 +13,7 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
@@ -25,6 +26,7 @@
 #include "socket-util.h"
 #include "stdio-util.h"
 #include "string-util.h"
+#include "sync-util.h"
 #include "tmpfile-util.h"
 
 /* The maximum size of the file we'll read in one go in read_full_file() (64M). */
@@ -939,10 +941,12 @@ DIR *xopendirat(int fd, const char *name, int flags) {
         return d;
 }
 
-static int mode_to_flags(const char *mode) {
+int fopen_mode_to_flags(const char *mode) {
         const char *p;
         int flags;
 
+        assert(mode);
+
         if ((p = startswith(mode, "r+")))
                 flags = O_RDWR;
         else if ((p = startswith(mode, "r")))
@@ -995,7 +999,7 @@ int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **r
         } else {
                 int fd, mode_flags;
 
-                mode_flags = mode_to_flags(mode);
+                mode_flags = fopen_mode_to_flags(mode);
                 if (mode_flags < 0)
                         return mode_flags;
 
@@ -1135,39 +1139,6 @@ int search_and_fopen_nulstr(
         return search_and_fopen_internal(filename, mode, root, s, ret, ret_path);
 }
 
-int chase_symlinks_and_fopen_unlocked(
-                const char *path,
-                const char *root,
-                unsigned chase_flags,
-                const char *open_flags,
-                FILE **ret_file,
-                char **ret_path) {
-
-        _cleanup_close_ int fd = -1;
-        _cleanup_free_ char *final_path = NULL;
-        int mode_flags, r;
-
-        assert(path);
-        assert(open_flags);
-        assert(ret_file);
-
-        mode_flags = mode_to_flags(open_flags);
-        if (mode_flags < 0)
-                return mode_flags;
-
-        fd = chase_symlinks_and_open(path, root, chase_flags, mode_flags, ret_path ? &final_path : NULL);
-        if (fd < 0)
-                return fd;
-
-        r = take_fdopen_unlocked(&fd, open_flags, ret_file);
-        if (r < 0)
-                return r;
-
-        if (ret_path)
-                *ret_path = TAKE_PTR(final_path);
-        return 0;
-}
-
 int fflush_and_check(FILE *f) {
         assert(f);
 
@@ -1195,10 +1166,7 @@ int fflush_sync_and_check(FILE *f) {
         if (fd < 0)
                 return 0;
 
-        if (fsync(fd) < 0)
-                return -errno;
-
-        r = fsync_directory_of_file(fd);
+        r = fsync_full(fd);
         if (r < 0)
                 return r;
 

src/basic/fileio.h

@@ -91,14 +91,6 @@ int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **r
 int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **ret, char **ret_path);
 int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **ret, char **ret_path);
 
-int chase_symlinks_and_fopen_unlocked(
-                const char *path,
-                const char *root,
-                unsigned chase_flags,
-                const char *open_flags,
-                FILE **ret_file,
-                char **ret_path);
-
 int fflush_and_check(FILE *f);
 int fflush_sync_and_check(FILE *f);
 
@@ -126,3 +118,5 @@ static inline int read_nul_string(FILE *f, size_t limit, char **ret) {
 int safe_fgetc(FILE *f, char *ret);
 
 int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line);
+
+int fopen_mode_to_flags(const char *mode);

src/basic/fs-util.c

@@ -12,7 +12,6 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
-#include "locale-util.h"
 #include "log.h"
 #include "macro.h"
 #include "missing_fcntl.h"
@@ -682,535 +681,6 @@ int unlink_or_warn(const char *filename) {
         return 0;
 }
 
-int inotify_add_watch_fd(int fd, int what, uint32_t mask) {
-        int wd;
-
-        /* This is like inotify_add_watch(), except that the file to watch is not referenced by a path, but by an fd */
-        wd = inotify_add_watch(fd, FORMAT_PROC_FD_PATH(what), mask);
-        if (wd < 0)
-                return -errno;
-
-        return wd;
-}
-
-int inotify_add_watch_and_warn(int fd, const char *pathname, uint32_t mask) {
-        int wd;
-
-        wd = inotify_add_watch(fd, pathname, mask);
-        if (wd < 0) {
-                if (errno == ENOSPC)
-                        return log_error_errno(errno, "Failed to add a watch for %s: inotify watch limit reached", pathname);
-
-                return log_error_errno(errno, "Failed to add a watch for %s: %m", pathname);
-        }
-
-        return wd;
-}
-
-bool unsafe_transition(const struct stat *a, const struct stat *b) {
-        /* Returns true if the transition from a to b is safe, i.e. that we never transition from unprivileged to
-         * privileged files or directories. Why bother? So that unprivileged code can't symlink to privileged files
-         * making us believe we read something safe even though it isn't safe in the specific context we open it in. */
-
-        if (a->st_uid == 0) /* Transitioning from privileged to unprivileged is always fine */
-                return false;
-
-        return a->st_uid != b->st_uid; /* Otherwise we need to stay within the same UID */
-}
-
-static int log_unsafe_transition(int a, int b, const char *path, unsigned flags) {
-        _cleanup_free_ char *n1 = NULL, *n2 = NULL, *user_a = NULL, *user_b = NULL;
-        struct stat st;
-
-        if (!FLAGS_SET(flags, CHASE_WARN))
-                return -ENOLINK;
-
-        (void) fd_get_path(a, &n1);
-        (void) fd_get_path(b, &n2);
-
-        if (fstat(a, &st) == 0)
-                user_a = uid_to_name(st.st_uid);
-        if (fstat(b, &st) == 0)
-                user_b = uid_to_name(st.st_uid);
-
-        return log_warning_errno(SYNTHETIC_ERRNO(ENOLINK),
-                                 "Detected unsafe path transition %s (owned by %s) %s %s (owned by %s) during canonicalization of %s.",
-                                 strna(n1), strna(user_a), special_glyph(SPECIAL_GLYPH_ARROW), strna(n2), strna(user_b), path);
-}
-
-static int log_autofs_mount_point(int fd, const char *path, unsigned flags) {
-        _cleanup_free_ char *n1 = NULL;
-
-        if (!FLAGS_SET(flags, CHASE_WARN))
-                return -EREMOTE;
-
-        (void) fd_get_path(fd, &n1);
-
-        return log_warning_errno(SYNTHETIC_ERRNO(EREMOTE),
-                                 "Detected autofs mount point %s during canonicalization of %s.",
-                                 strna(n1), path);
-}
-
-int chase_symlinks(const char *path, const char *original_root, unsigned flags, char **ret_path, int *ret_fd) {
-        _cleanup_free_ char *buffer = NULL, *done = NULL, *root = NULL;
-        _cleanup_close_ int fd = -1;
-        unsigned max_follow = CHASE_SYMLINKS_MAX; /* how many symlinks to follow before giving up and returning ELOOP */
-        bool exists = true, append_trail_slash = false;
-        struct stat previous_stat;
-        const char *todo;
-        int r;
-
-        assert(path);
-
-        /* Either the file may be missing, or we return an fd to the final object, but both make no sense */
-        if ((flags & CHASE_NONEXISTENT) && ret_fd)
-                return -EINVAL;
-
-        if ((flags & CHASE_STEP) && ret_fd)
-                return -EINVAL;
-
-        if (isempty(path))
-                return -EINVAL;
-
-        /* This is a lot like canonicalize_file_name(), but takes an additional "root" parameter, that allows following
-         * symlinks relative to a root directory, instead of the root of the host.
-         *
-         * Note that "root" primarily matters if we encounter an absolute symlink. It is also used when following
-         * relative symlinks to ensure they cannot be used to "escape" the root directory. The path parameter passed is
-         * assumed to be already prefixed by it, except if the CHASE_PREFIX_ROOT flag is set, in which case it is first
-         * prefixed accordingly.
-         *
-         * Algorithmically this operates on two path buffers: "done" are the components of the path we already
-         * processed and resolved symlinks, "." and ".." of. "todo" are the components of the path we still need to
-         * process. On each iteration, we move one component from "todo" to "done", processing it's special meaning
-         * each time. The "todo" path always starts with at least one slash, the "done" path always ends in no
-         * slash. We always keep an O_PATH fd to the component we are currently processing, thus keeping lookup races
-         * to a minimum.
-         *
-         * Suggested usage: whenever you want to canonicalize a path, use this function. Pass the absolute path you got
-         * as-is: fully qualified and relative to your host's root. Optionally, specify the root parameter to tell this
-         * function what to do when encountering a symlink with an absolute path as directory: prefix it by the
-         * specified path.
-         *
-         * There are five ways to invoke this function:
-         *
-         * 1. Without CHASE_STEP or ret_fd: in this case the path is resolved and the normalized path is
-         *    returned in `ret_path`. The return value is < 0 on error. If CHASE_NONEXISTENT is also set, 0
-         *    is returned if the file doesn't exist, > 0 otherwise. If CHASE_NONEXISTENT is not set, >= 0 is
-         *    returned if the destination was found, -ENOENT if it wasn't.
-         *
-         * 2. With ret_fd: in this case the destination is opened after chasing it as O_PATH and this file
-         *    descriptor is returned as return value. This is useful to open files relative to some root
-         *    directory. Note that the returned O_PATH file descriptors must be converted into a regular one (using
-         *    fd_reopen() or such) before it can be used for reading/writing. ret_fd may not be combined with
-         *    CHASE_NONEXISTENT.
-         *
-         * 3. With CHASE_STEP: in this case only a single step of the normalization is executed, i.e. only the first
-         *    symlink or ".." component of the path is resolved, and the resulting path is returned. This is useful if
-         *    a caller wants to trace the path through the file system verbosely. Returns < 0 on error, > 0 if the
-         *    path is fully normalized, and == 0 for each normalization step. This may be combined with
-         *    CHASE_NONEXISTENT, in which case 1 is returned when a component is not found.
-         *
-         * 4. With CHASE_SAFE: in this case the path must not contain unsafe transitions, i.e. transitions from
-         *    unprivileged to privileged files or directories. In such cases the return value is -ENOLINK. If
-         *    CHASE_WARN is also set, a warning describing the unsafe transition is emitted.
-         *
-         * 5. With CHASE_NO_AUTOFS: in this case if an autofs mount point is encountered, path normalization
-         *    is aborted and -EREMOTE is returned. If CHASE_WARN is also set, a warning showing the path of
-         *    the mount point is emitted.
-         */
-
-        /* A root directory of "/" or "" is identical to none */
-        if (empty_or_root(original_root))
-                original_root = NULL;
-
-        if (!original_root && !ret_path && !(flags & (CHASE_NONEXISTENT|CHASE_NO_AUTOFS|CHASE_SAFE|CHASE_STEP)) && ret_fd) {
-                /* Shortcut the ret_fd case if the caller isn't interested in the actual path and has no root set
-                 * and doesn't care about any of the other special features we provide either. */
-                r = open(path, O_PATH|O_CLOEXEC|((flags & CHASE_NOFOLLOW) ? O_NOFOLLOW : 0));
-                if (r < 0)
-                        return -errno;
-
-                *ret_fd = r;
-                return 0;
-        }
-
-        if (original_root) {
-                r = path_make_absolute_cwd(original_root, &root);
-                if (r < 0)
-                        return r;
-
-                /* Simplify the root directory, so that it has no duplicate slashes and nothing at the
-                 * end. While we won't resolve the root path we still simplify it. Note that dropping the
-                 * trailing slash should not change behaviour, since when opening it we specify O_DIRECTORY
-                 * anyway. Moreover at the end of this function after processing everything we'll always turn
-                 * the empty string back to "/". */
-                delete_trailing_chars(root, "/");
-                path_simplify(root);
-
-                if (flags & CHASE_PREFIX_ROOT) {
-                        /* We don't support relative paths in combination with a root directory */
-                        if (!path_is_absolute(path))
-                                return -EINVAL;
-
-                        path = prefix_roota(root, path);
-                }
-        }
-
-        r = path_make_absolute_cwd(path, &buffer);
-        if (r < 0)
-                return r;
-
-        fd = open(root ?: "/", O_CLOEXEC|O_DIRECTORY|O_PATH);
-        if (fd < 0)
-                return -errno;
-
-        if (flags & CHASE_SAFE)
-                if (fstat(fd, &previous_stat) < 0)
-                        return -errno;
-
-        if (flags & CHASE_TRAIL_SLASH)
-                append_trail_slash = endswith(buffer, "/") || endswith(buffer, "/.");
-
-        if (root) {
-                /* If we are operating on a root directory, let's take the root directory as it is. */
-
-                todo = path_startswith(buffer, root);
-                if (!todo)
-                        return log_full_errno(flags & CHASE_WARN ? LOG_WARNING : LOG_DEBUG,
-                                              SYNTHETIC_ERRNO(ECHRNG),
-                                              "Specified path '%s' is outside of specified root directory '%s', refusing to resolve.",
-                                              path, root);
-
-                done = strdup(root);
-        } else {
-                todo = buffer;
-                done = strdup("/");
-        }
-
-        for (;;) {
-                _cleanup_free_ char *first = NULL;
-                _cleanup_close_ int child = -1;
-                struct stat st;
-                const char *e;
-
-                r = path_find_first_component(&todo, true, &e);
-                if (r < 0)
-                        return r;
-                if (r == 0) { /* We reached the end. */
-                        if (append_trail_slash)
-                                if (!strextend(&done, "/"))
-                                        return -ENOMEM;
-                        break;
-                }
-
-                first = strndup(e, r);
-                if (!first)
-                        return -ENOMEM;
-
-                /* Two dots? Then chop off the last bit of what we already found out. */
-                if (path_equal(first, "..")) {
-                        _cleanup_free_ char *parent = NULL;
-                        _cleanup_close_ int fd_parent = -1;
-
-                        /* If we already are at the top, then going up will not change anything. This is in-line with
-                         * how the kernel handles this. */
-                        if (empty_or_root(done))
-                                continue;
-
-                        parent = dirname_malloc(done);
-                        if (!parent)
-                                return -ENOMEM;
-
-                        /* Don't allow this to leave the root dir.  */
-                        if (root &&
-                            path_startswith(done, root) &&
-                            !path_startswith(parent, root))
-                                continue;
-
-                        free_and_replace(done, parent);
-
-                        if (flags & CHASE_STEP)
-                                goto chased_one;
-
-                        fd_parent = openat(fd, "..", O_CLOEXEC|O_NOFOLLOW|O_PATH);
-                        if (fd_parent < 0)
-                                return -errno;
-
-                        if (flags & CHASE_SAFE) {
-                                if (fstat(fd_parent, &st) < 0)
-                                        return -errno;
-
-                                if (unsafe_transition(&previous_stat, &st))
-                                        return log_unsafe_transition(fd, fd_parent, path, flags);
-
-                                previous_stat = st;
-                        }
-
-                        safe_close(fd);
-                        fd = TAKE_FD(fd_parent);
-
-                        continue;
-                }
-
-                /* Otherwise let's see what this is. */
-                child = openat(fd, first, O_CLOEXEC|O_NOFOLLOW|O_PATH);
-                if (child < 0) {
-                        if (errno == ENOENT &&
-                            (flags & CHASE_NONEXISTENT) &&
-                            (isempty(todo) || path_is_safe(todo))) {
-                                /* If CHASE_NONEXISTENT is set, and the path does not exist, then
-                                 * that's OK, return what we got so far. But don't allow this if the
-                                 * remaining path contains "../" or something else weird. */
-
-                                if (!path_extend(&done, first, todo))
-                                        return -ENOMEM;
-
-                                exists = false;
-                                break;
-                        }
-
-                        return -errno;
-                }
-
-                if (fstat(child, &st) < 0)
-                        return -errno;
-                if ((flags & CHASE_SAFE) &&
-                    unsafe_transition(&previous_stat, &st))
-                        return log_unsafe_transition(fd, child, path, flags);
-
-                previous_stat = st;
-
-                if ((flags & CHASE_NO_AUTOFS) &&
-                    fd_is_fs_type(child, AUTOFS_SUPER_MAGIC) > 0)
-                        return log_autofs_mount_point(child, path, flags);
-
-                if (S_ISLNK(st.st_mode) && !((flags & CHASE_NOFOLLOW) && isempty(todo))) {
-                        _cleanup_free_ char *destination = NULL;
-
-                        /* This is a symlink, in this case read the destination. But let's make sure we
-                         * don't follow symlinks without bounds. */
-                        if (--max_follow <= 0)
-                                return -ELOOP;
-
-                        r = readlinkat_malloc(fd, first, &destination);
-                        if (r < 0)
-                                return r;
-                        if (isempty(destination))
-                                return -EINVAL;
-
-                        if (path_is_absolute(destination)) {
-
-                                /* An absolute destination. Start the loop from the beginning, but use the root
-                                 * directory as base. */
-
-                                safe_close(fd);
-                                fd = open(root ?: "/", O_CLOEXEC|O_DIRECTORY|O_PATH);
-                                if (fd < 0)
-                                        return -errno;
-
-                                if (flags & CHASE_SAFE) {
-                                        if (fstat(fd, &st) < 0)
-                                                return -errno;
-
-                                        if (unsafe_transition(&previous_stat, &st))
-                                                return log_unsafe_transition(child, fd, path, flags);
-
-                                        previous_stat = st;
-                                }
-
-                                /* Note that we do not revalidate the root, we take it as is. */
-                                r = free_and_strdup(&done, empty_to_root(root));
-                                if (r < 0)
-                                        return r;
-                        }
-
-                        /* Prefix what's left to do with what we just read, and start the loop again, but
-                         * remain in the current directory. */
-                        if (!path_extend(&destination, todo))
-                                return -ENOMEM;
-
-                        free_and_replace(buffer, destination);
-                        todo = buffer;
-
-                        if (flags & CHASE_STEP)
-                                goto chased_one;
-
-                        continue;
-                }
-
-                /* If this is not a symlink, then let's just add the name we read to what we already verified. */
-                if (!path_extend(&done, first))
-                        return -ENOMEM;
-
-                /* And iterate again, but go one directory further down. */
-                safe_close(fd);
-                fd = TAKE_FD(child);
-        }
-
-        if (ret_path)
-                *ret_path = TAKE_PTR(done);
-
-        if (ret_fd) {
-                /* Return the O_PATH fd we currently are looking to the caller. It can translate it to a
-                 * proper fd by opening /proc/self/fd/xyz. */
-
-                assert(fd >= 0);
-                *ret_fd = TAKE_FD(fd);
-        }
-
-        if (flags & CHASE_STEP)
-                return 1;
-
-        return exists;
-
-chased_one:
-        if (ret_path) {
-                const char *e;
-
-                /* todo may contain slashes at the beginning. */
-                r = path_find_first_component(&todo, true, &e);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        *ret_path = TAKE_PTR(done);
-                else {
-                        char *c;
-
-                        c = path_join(done, e);
-                        if (!c)
-                                return -ENOMEM;
-
-                        *ret_path = c;
-                }
-        }
-
-        return 0;
-}
-
-int chase_symlinks_and_open(
-                const char *path,
-                const char *root,
-                unsigned chase_flags,
-                int open_flags,
-                char **ret_path) {
-
-        _cleanup_close_ int path_fd = -1;
-        _cleanup_free_ char *p = NULL;
-        int r;
-
-        if (chase_flags & CHASE_NONEXISTENT)
-                return -EINVAL;
-
-        if (empty_or_root(root) && !ret_path && (chase_flags & (CHASE_NO_AUTOFS|CHASE_SAFE)) == 0) {
-                /* Shortcut this call if none of the special features of this call are requested */
-                r = open(path, open_flags);
-                if (r < 0)
-                        return -errno;
-
-                return r;
-        }
-
-        r = chase_symlinks(path, root, chase_flags, ret_path ? &p : NULL, &path_fd);
-        if (r < 0)
-                return r;
-        assert(path_fd >= 0);
-
-        r = fd_reopen(path_fd, open_flags);
-        if (r < 0)
-                return r;
-
-        if (ret_path)
-                *ret_path = TAKE_PTR(p);
-
-        return r;
-}
-
-int chase_symlinks_and_opendir(
-                const char *path,
-                const char *root,
-                unsigned chase_flags,
-                char **ret_path,
-                DIR **ret_dir) {
-
-        _cleanup_close_ int path_fd = -1;
-        _cleanup_free_ char *p = NULL;
-        DIR *d;
-        int r;
-
-        if (!ret_dir)
-                return -EINVAL;
-        if (chase_flags & CHASE_NONEXISTENT)
-                return -EINVAL;
-
-        if (empty_or_root(root) && !ret_path && (chase_flags & (CHASE_NO_AUTOFS|CHASE_SAFE)) == 0) {
-                /* Shortcut this call if none of the special features of this call are requested */
-                d = opendir(path);
-                if (!d)
-                        return -errno;
-
-                *ret_dir = d;
-                return 0;
-        }
-
-        r = chase_symlinks(path, root, chase_flags, ret_path ? &p : NULL, &path_fd);
-        if (r < 0)
-                return r;
-        assert(path_fd >= 0);
-
-        d = opendir(FORMAT_PROC_FD_PATH(path_fd));
-        if (!d)
-                return -errno;
-
-        if (ret_path)
-                *ret_path = TAKE_PTR(p);
-
-        *ret_dir = d;
-        return 0;
-}
-
-int chase_symlinks_and_stat(
-                const char *path,
-                const char *root,
-                unsigned chase_flags,
-                char **ret_path,
-                struct stat *ret_stat,
-                int *ret_fd) {
-
-        _cleanup_close_ int path_fd = -1;
-        _cleanup_free_ char *p = NULL;
-        int r;
-
-        assert(path);
-        assert(ret_stat);
-
-        if (chase_flags & CHASE_NONEXISTENT)
-                return -EINVAL;
-
-        if (empty_or_root(root) && !ret_path && (chase_flags & (CHASE_NO_AUTOFS|CHASE_SAFE)) == 0) {
-                /* Shortcut this call if none of the special features of this call are requested */
-                if (stat(path, ret_stat) < 0)
-                        return -errno;
-
-                return 1;
-        }
-
-        r = chase_symlinks(path, root, chase_flags, ret_path ? &p : NULL, &path_fd);
-        if (r < 0)
-                return r;
-        assert(path_fd >= 0);
-
-        if (fstat(path_fd, ret_stat) < 0)
-                return -errno;
-
-        if (ret_path)
-                *ret_path = TAKE_PTR(p);
-        if (ret_fd)
-                *ret_fd = TAKE_FD(path_fd);
-
-        return 1;
-}
-
 int access_fd(int fd, int mode) {
         /* Like access() but operates on an already open fd */
 
@@ -1349,172 +819,6 @@ int unlinkat_deallocate(int fd, const char *name, UnlinkDeallocateFlags flags) {
         return 0;
 }
 
-int fsync_directory_of_file(int fd) {
-        _cleanup_close_ int dfd = -1;
-        struct stat st;
-        int r;
-
-        assert(fd >= 0);
-
-        /* We only reasonably can do this for regular files and directories, or for O_PATH fds, hence check
-         * for the inode type first */
-        if (fstat(fd, &st) < 0)
-                return -errno;
-
-        if (S_ISDIR(st.st_mode)) {
-                dfd = openat(fd, "..", O_RDONLY|O_DIRECTORY|O_CLOEXEC, 0);
-                if (dfd < 0)
-                        return -errno;
-
-        } else if (!S_ISREG(st.st_mode)) { /* Regular files are OK regardless if O_PATH or not, for all other
-                                            * types check O_PATH flag */
-                int flags;
-
-                flags = fcntl(fd, F_GETFL);
-                if (flags < 0)
-                        return -errno;
-
-                if (!FLAGS_SET(flags, O_PATH)) /* If O_PATH this refers to the inode in the fs, in which case
-                                                * we can sensibly do what is requested. Otherwise this refers
-                                                * to a socket, fifo or device node, where the concept of a
-                                                * containing directory doesn't make too much sense. */
-                        return -ENOTTY;
-        }
-
-        if (dfd < 0) {
-                _cleanup_free_ char *path = NULL;
-
-                r = fd_get_path(fd, &path);
-                if (r < 0) {
-                        log_debug_errno(r, "Failed to query /proc/self/fd/%d%s: %m",
-                                        fd,
-                                        r == -ENOSYS ? ", ignoring" : "");
-
-                        if (r == -ENOSYS)
-                                /* If /proc is not available, we're most likely running in some
-                                 * chroot environment, and syncing the directory is not very
-                                 * important in that case. Let's just silently do nothing. */
-                                return 0;
-
-                        return r;
-                }
-
-                if (!path_is_absolute(path))
-                        return -EINVAL;
-
-                dfd = open_parent(path, O_CLOEXEC|O_NOFOLLOW, 0);
-                if (dfd < 0)
-                        return dfd;
-        }
-
-        if (fsync(dfd) < 0)
-                return -errno;
-
-        return 0;
-}
-
-int fsync_full(int fd) {
-        int r, q;
-
-        /* Sync both the file and the directory */
-
-        r = fsync(fd) < 0 ? -errno : 0;
-
-        q = fsync_directory_of_file(fd);
-        if (r < 0) /* Return earlier error */
-                return r;
-        if (q == -ENOTTY) /* Ignore if the 'fd' refers to a block device or so which doesn't really have a
-                           * parent dir */
-                return 0;
-        return q;
-}
-
-int fsync_path_at(int at_fd, const char *path) {
-        _cleanup_close_ int opened_fd = -1;
-        int fd;
-
-        if (isempty(path)) {
-                if (at_fd == AT_FDCWD) {
-                        opened_fd = open(".", O_RDONLY|O_DIRECTORY|O_CLOEXEC);
-                        if (opened_fd < 0)
-                                return -errno;
-
-                        fd = opened_fd;
-                } else
-                        fd = at_fd;
-        } else {
-                opened_fd = openat(at_fd, path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
-                if (opened_fd < 0)
-                        return -errno;
-
-                fd = opened_fd;
-        }
-
-        if (fsync(fd) < 0)
-                return -errno;
-
-        return 0;
-}
-
-int fsync_parent_at(int at_fd, const char *path) {
-        _cleanup_close_ int opened_fd = -1;
-
-        if (isempty(path)) {
-                if (at_fd != AT_FDCWD)
-                        return fsync_directory_of_file(at_fd);
-
-                opened_fd = open("..", O_RDONLY|O_DIRECTORY|O_CLOEXEC);
-                if (opened_fd < 0)
-                        return -errno;
-
-                if (fsync(opened_fd) < 0)
-                        return -errno;
-
-                return 0;
-        }
-
-        opened_fd = openat(at_fd, path, O_PATH|O_CLOEXEC|O_NOFOLLOW);
-        if (opened_fd < 0)
-                return -errno;
-
-        return fsync_directory_of_file(opened_fd);
-}
-
-int fsync_path_and_parent_at(int at_fd, const char *path) {
-        _cleanup_close_ int opened_fd = -1;
-
-        if (isempty(path)) {
-                if (at_fd != AT_FDCWD)
-                        return fsync_full(at_fd);
-
-                opened_fd = open(".", O_RDONLY|O_DIRECTORY|O_CLOEXEC);
-        } else
-                opened_fd = openat(at_fd, path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
-        if (opened_fd < 0)
-                return -errno;
-
-        return fsync_full(opened_fd);
-}
-
-int syncfs_path(int atfd, const char *path) {
-        _cleanup_close_ int fd = -1;
-
-        if (isempty(path)) {
-                if (atfd != AT_FDCWD)
-                        return syncfs(atfd) < 0 ? -errno : 0;
-
-                fd = open(".", O_RDONLY|O_DIRECTORY|O_CLOEXEC);
-        } else
-                fd = openat(atfd, path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
-        if (fd < 0)
-                return -errno;
-
-        if (syncfs(fd) < 0)
-                return -errno;
-
-        return 0;
-}
-
 int open_parent(const char *path, int flags, mode_t mode) {
         _cleanup_free_ char *parent = NULL;
         int fd, r;

src/basic/fs-util.h

@@ -6,7 +6,6 @@
 #include <limits.h>
 #include <stdbool.h>
 #include <stdint.h>
-#include <sys/inotify.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -67,44 +66,6 @@ int var_tmp_dir(const char **ret);
 
 int unlink_or_warn(const char *filename);
 
-#define INOTIFY_EVENT_MAX (sizeof(struct inotify_event) + NAME_MAX + 1)
-
-#define FOREACH_INOTIFY_EVENT(e, buffer, sz) \
-        for ((e) = &buffer.ev;                                \
-             (uint8_t*) (e) < (uint8_t*) (buffer.raw) + (sz); \
-             (e) = (struct inotify_event*) ((uint8_t*) (e) + sizeof(struct inotify_event) + (e)->len))
-
-union inotify_event_buffer {
-        struct inotify_event ev;
-        uint8_t raw[INOTIFY_EVENT_MAX];
-};
-
-int inotify_add_watch_fd(int fd, int what, uint32_t mask);
-int inotify_add_watch_and_warn(int fd, const char *pathname, uint32_t mask);
-
-enum {
-        CHASE_PREFIX_ROOT = 1 << 0, /* The specified path will be prefixed by the specified root before beginning the iteration */
-        CHASE_NONEXISTENT = 1 << 1, /* It's OK if the path doesn't actually exist. */
-        CHASE_NO_AUTOFS   = 1 << 2, /* Return -EREMOTE if autofs mount point found */
-        CHASE_SAFE        = 1 << 3, /* Return -EPERM if we ever traverse from unprivileged to privileged files or directories */
-        CHASE_TRAIL_SLASH = 1 << 4, /* Any trailing slash will be preserved */
-        CHASE_STEP        = 1 << 5, /* Just execute a single step of the normalization */
-        CHASE_NOFOLLOW    = 1 << 6, /* Do not follow the path's right-most component. With ret_fd, when the path's
-                                     * right-most component refers to symlink, return O_PATH fd of the symlink. */
-        CHASE_WARN        = 1 << 7, /* Emit an appropriate warning when an error is encountered */
-};
-
-bool unsafe_transition(const struct stat *a, const struct stat *b);
-
-/* How many iterations to execute before returning -ELOOP */
-#define CHASE_SYMLINKS_MAX 32
-
-int chase_symlinks(const char *path_with_prefix, const char *root, unsigned flags, char **ret_path, int *ret_fd);
-
-int chase_symlinks_and_open(const char *path, const char *root, unsigned chase_flags, int open_flags, char **ret_path);
-int chase_symlinks_and_opendir(const char *path, const char *root, unsigned chase_flags, char **ret_path, DIR **ret_dir);
-int chase_symlinks_and_stat(const char *path, const char *root, unsigned chase_flags, char **ret_path, struct stat *ret_stat, int *ret_fd);
-
 /* Useful for usage with _cleanup_(), removes a directory and frees the pointer */
 static inline char *rmdir_and_free(char *p) {
         PROTECT_ERRNO;
@@ -137,14 +98,6 @@ typedef enum UnlinkDeallocateFlags {
 
 int unlinkat_deallocate(int fd, const char *name, UnlinkDeallocateFlags flags);
 
-int fsync_directory_of_file(int fd);
-int fsync_full(int fd);
-int fsync_path_at(int at_fd, const char *path);
-int fsync_parent_at(int at_fd, const char *path);
-int fsync_path_and_parent_at(int at_fd, const char *path);
-
-int syncfs_path(int atfd, const char *path);
-
 int open_parent(const char *path, int flags, mode_t mode);
 
 int conservative_renameat(int olddirfd, const char *oldpath, int newdirfd, const char *newpath);

src/basic/glyph-util.c

@@ -0,0 +1,129 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "env-util.h"
+#include "glyph-util.h"
+#include "locale-util.h"
+#include "strv.h"
+
+bool emoji_enabled(void) {
+        static int cached_emoji_enabled = -1;
+
+        if (cached_emoji_enabled < 0) {
+                int val;
+
+                val = getenv_bool("SYSTEMD_EMOJI");
+                if (val < 0)
+                        cached_emoji_enabled =
+                                is_locale_utf8() &&
+                                !STRPTR_IN_SET(getenv("TERM"), "dumb", "linux");
+                else
+                        cached_emoji_enabled = val;
+        }
+
+        return cached_emoji_enabled;
+}
+
+const char *special_glyph(SpecialGlyph code) {
+
+        /* A list of a number of interesting unicode glyphs we can use to decorate our output. It's probably wise to be
+         * conservative here, and primarily stick to the glyphs defined in the eurlatgr font, so that display still
+         * works reasonably well on the Linux console. For details see:
+         *
+         * http://git.altlinux.org/people/legion/packages/kbd.git?p=kbd.git;a=blob;f=data/consolefonts/README.eurlatgr
+         */
+
+        static const char* const draw_table[2][_SPECIAL_GLYPH_MAX] = {
+                /* ASCII fallback */
+                [false] = {
+                        [SPECIAL_GLYPH_TREE_VERTICAL]           = "| ",
+                        [SPECIAL_GLYPH_TREE_BRANCH]             = "|-",
+                        [SPECIAL_GLYPH_TREE_RIGHT]              = "`-",
+                        [SPECIAL_GLYPH_TREE_SPACE]              = "  ",
+                        [SPECIAL_GLYPH_TRIANGULAR_BULLET]       = ">",
+                        [SPECIAL_GLYPH_BLACK_CIRCLE]            = "*",
+                        [SPECIAL_GLYPH_WHITE_CIRCLE]            = "*",
+                        [SPECIAL_GLYPH_MULTIPLICATION_SIGN]     = "x",
+                        [SPECIAL_GLYPH_CIRCLE_ARROW]            = "*",
+                        [SPECIAL_GLYPH_BULLET]                  = "*",
+                        [SPECIAL_GLYPH_MU]                      = "u",
+                        [SPECIAL_GLYPH_CHECK_MARK]              = "+",
+                        [SPECIAL_GLYPH_CROSS_MARK]              = "-",
+                        [SPECIAL_GLYPH_LIGHT_SHADE]             = "-",
+                        [SPECIAL_GLYPH_DARK_SHADE]              = "X",
+                        [SPECIAL_GLYPH_SIGMA]                   = "S",
+                        [SPECIAL_GLYPH_ARROW]                   = "->",
+                        [SPECIAL_GLYPH_ELLIPSIS]                = "...",
+                        [SPECIAL_GLYPH_EXTERNAL_LINK]           = "[LNK]",
+                        [SPECIAL_GLYPH_ECSTATIC_SMILEY]         = ":-]",
+                        [SPECIAL_GLYPH_HAPPY_SMILEY]            = ":-}",
+                        [SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY]   = ":-)",
+                        [SPECIAL_GLYPH_NEUTRAL_SMILEY]          = ":-|",
+                        [SPECIAL_GLYPH_SLIGHTLY_UNHAPPY_SMILEY] = ":-(",
+                        [SPECIAL_GLYPH_UNHAPPY_SMILEY]          = ":-{",
+                        [SPECIAL_GLYPH_DEPRESSED_SMILEY]        = ":-[",
+                        [SPECIAL_GLYPH_LOCK_AND_KEY]            = "o-,",
+                        [SPECIAL_GLYPH_TOUCH]                   = "O=",    /* Yeah, not very convincing, can you do it better? */
+                        [SPECIAL_GLYPH_RECYCLING]               = "~",
+                        [SPECIAL_GLYPH_DOWNLOAD]                = "\\",
+                        [SPECIAL_GLYPH_SPARKLES]                = "*",
+                },
+
+                /* UTF-8 */
+                [true] = {
+                        /* The following are multiple glyphs in both ASCII and in UNICODE */
+                        [SPECIAL_GLYPH_TREE_VERTICAL]           = "\342\224\202 ",            /* │  */
+                        [SPECIAL_GLYPH_TREE_BRANCH]             = "\342\224\234\342\224\200", /* ├─ */
+                        [SPECIAL_GLYPH_TREE_RIGHT]              = "\342\224\224\342\224\200", /* └─ */
+                        [SPECIAL_GLYPH_TREE_SPACE]              = "  ",                       /*    */
+
+                        /* Single glyphs in both cases */
+                        [SPECIAL_GLYPH_TRIANGULAR_BULLET]       = "\342\200\243",             /* ‣ */
+                        [SPECIAL_GLYPH_BLACK_CIRCLE]            = "\342\227\217",             /* ● */
+                        [SPECIAL_GLYPH_WHITE_CIRCLE]            = "\u25CB",                   /* ○ */
+                        [SPECIAL_GLYPH_MULTIPLICATION_SIGN]     = "\u00D7",                   /* × */
+                        [SPECIAL_GLYPH_CIRCLE_ARROW]            = "\u21BB",                   /* ↻ */
+                        [SPECIAL_GLYPH_BULLET]                  = "\342\200\242",             /* • */
+                        [SPECIAL_GLYPH_MU]                      = "\316\274",                 /* μ (actually called: GREEK SMALL LETTER MU) */
+                        [SPECIAL_GLYPH_CHECK_MARK]              = "\342\234\223",             /* ✓ */
+                        [SPECIAL_GLYPH_CROSS_MARK]              = "\342\234\227",             /* ✗ (actually called: BALLOT X) */
+                        [SPECIAL_GLYPH_LIGHT_SHADE]             = "\342\226\221",             /* ░ */
+                        [SPECIAL_GLYPH_DARK_SHADE]              = "\342\226\223",             /* ▒ */
+                        [SPECIAL_GLYPH_SIGMA]                   = "\316\243",                 /* Σ */
+
+                        /* Single glyph in Unicode, two in ASCII */
+                        [SPECIAL_GLYPH_ARROW]                   = "\342\206\222",             /* → (actually called: RIGHTWARDS ARROW) */
+
+                        /* Single glyph in Unicode, three in ASCII */
+                        [SPECIAL_GLYPH_ELLIPSIS]                = "\342\200\246",             /* … (actually called: HORIZONTAL ELLIPSIS) */
+
+                        /* Three glyphs in Unicode, five in ASCII */
+                        [SPECIAL_GLYPH_EXTERNAL_LINK]           = "[\360\237\241\225]",       /* 🡕 (actually called: NORTH EAST SANS-SERIF ARROW, enclosed in []) */
+
+                        /* These smileys are a single glyph in Unicode, and three in ASCII */
+                        [SPECIAL_GLYPH_ECSTATIC_SMILEY]         = "\360\237\230\207",         /* 😇 (actually called: SMILING FACE WITH HALO) */
+                        [SPECIAL_GLYPH_HAPPY_SMILEY]            = "\360\237\230\200",         /* 😀 (actually called: GRINNING FACE) */
+                        [SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY]   = "\360\237\231\202",         /* 🙂 (actually called: SLIGHTLY SMILING FACE) */
+                        [SPECIAL_GLYPH_NEUTRAL_SMILEY]          = "\360\237\230\220",         /* 😐 (actually called: NEUTRAL FACE) */
+                        [SPECIAL_GLYPH_SLIGHTLY_UNHAPPY_SMILEY] = "\360\237\231\201",         /* 🙁 (actually called: SLIGHTLY FROWNING FACE) */
+                        [SPECIAL_GLYPH_UNHAPPY_SMILEY]          = "\360\237\230\250",         /* 😨 (actually called: FEARFUL FACE) */
+                        [SPECIAL_GLYPH_DEPRESSED_SMILEY]        = "\360\237\244\242",         /* 🤢 (actually called: NAUSEATED FACE) */
+
+                        /* This emoji is a single character cell glyph in Unicode, and three in ASCII */
+                        [SPECIAL_GLYPH_LOCK_AND_KEY]            = "\360\237\224\220",         /* 🔐 (actually called: CLOSED LOCK WITH KEY) */
+
+                        /* This emoji is a single character cell glyph in Unicode, and two in ASCII */
+                        [SPECIAL_GLYPH_TOUCH]                   = "\360\237\221\206",         /* 👆 (actually called: BACKHAND INDEX POINTING UP) */
+
+                        /* These three emojis are single character cell glyphs in Unicode and also in ASCII. */
+                        [SPECIAL_GLYPH_RECYCLING]               = "\u267B\uFE0F ",            /* ♻️  (actually called: UNIVERSAL RECYCLNG SYMBOL) */
+                        [SPECIAL_GLYPH_DOWNLOAD]                = "\u2935\uFE0F ",            /* ⤵️  (actually called: RIGHT ARROW CURVING DOWN) */
+                        [SPECIAL_GLYPH_SPARKLES]                = "\u2728",                   /* ✨ */
+                },
+        };
+
+        if (code < 0)
+                return NULL;
+
+        assert(code < _SPECIAL_GLYPH_MAX);
+        return draw_table[code >= _SPECIAL_GLYPH_FIRST_EMOJI ? emoji_enabled() : is_locale_utf8()][code];
+}

src/basic/glyph-util.h

@@ -0,0 +1,56 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <errno.h>
+#include <stdbool.h>
+
+#include "macro.h"
+
+typedef enum SpecialGlyph {
+        SPECIAL_GLYPH_TREE_VERTICAL,
+        SPECIAL_GLYPH_TREE_BRANCH,
+        SPECIAL_GLYPH_TREE_RIGHT,
+        SPECIAL_GLYPH_TREE_SPACE,
+        SPECIAL_GLYPH_TRIANGULAR_BULLET,
+        SPECIAL_GLYPH_BLACK_CIRCLE,
+        SPECIAL_GLYPH_WHITE_CIRCLE,
+        SPECIAL_GLYPH_MULTIPLICATION_SIGN,
+        SPECIAL_GLYPH_CIRCLE_ARROW,
+        SPECIAL_GLYPH_BULLET,
+        SPECIAL_GLYPH_MU,
+        SPECIAL_GLYPH_CHECK_MARK,
+        SPECIAL_GLYPH_CROSS_MARK,
+        SPECIAL_GLYPH_ARROW,
+        SPECIAL_GLYPH_ELLIPSIS,
+        SPECIAL_GLYPH_LIGHT_SHADE,
+        SPECIAL_GLYPH_DARK_SHADE,
+        SPECIAL_GLYPH_SIGMA,
+        SPECIAL_GLYPH_EXTERNAL_LINK,
+        _SPECIAL_GLYPH_FIRST_EMOJI,
+        SPECIAL_GLYPH_ECSTATIC_SMILEY = _SPECIAL_GLYPH_FIRST_EMOJI,
+        SPECIAL_GLYPH_HAPPY_SMILEY,
+        SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY,
+        SPECIAL_GLYPH_NEUTRAL_SMILEY,
+        SPECIAL_GLYPH_SLIGHTLY_UNHAPPY_SMILEY,
+        SPECIAL_GLYPH_UNHAPPY_SMILEY,
+        SPECIAL_GLYPH_DEPRESSED_SMILEY,
+        SPECIAL_GLYPH_LOCK_AND_KEY,
+        SPECIAL_GLYPH_TOUCH,
+        SPECIAL_GLYPH_RECYCLING,
+        SPECIAL_GLYPH_DOWNLOAD,
+        SPECIAL_GLYPH_SPARKLES,
+        _SPECIAL_GLYPH_MAX,
+        _SPECIAL_GLYPH_INVALID = -EINVAL,
+} SpecialGlyph;
+
+const char *special_glyph(SpecialGlyph code) _const_;
+
+bool emoji_enabled(void);
+
+static inline const char *special_glyph_check_mark(bool b) {
+        return b ? special_glyph(SPECIAL_GLYPH_CHECK_MARK) : special_glyph(SPECIAL_GLYPH_CROSS_MARK);
+}
+
+static inline const char *special_glyph_check_mark_space(bool b) {
+        return b ? special_glyph(SPECIAL_GLYPH_CHECK_MARK) : " ";
+}

src/basic/inotify-util.c

@@ -0,0 +1,29 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "fd-util.h"
+#include "inotify-util.h"
+
+int inotify_add_watch_fd(int fd, int what, uint32_t mask) {
+        int wd;
+
+        /* This is like inotify_add_watch(), except that the file to watch is not referenced by a path, but by an fd */
+        wd = inotify_add_watch(fd, FORMAT_PROC_FD_PATH(what), mask);
+        if (wd < 0)
+                return -errno;
+
+        return wd;
+}
+
+int inotify_add_watch_and_warn(int fd, const char *pathname, uint32_t mask) {
+        int wd;
+
+        wd = inotify_add_watch(fd, pathname, mask);
+        if (wd < 0) {
+                if (errno == ENOSPC)
+                        return log_error_errno(errno, "Failed to add a watch for %s: inotify watch limit reached", pathname);
+
+                return log_error_errno(errno, "Failed to add a watch for %s: %m", pathname);
+        }
+
+        return wd;
+}

src/basic/inotify-util.h

@@ -0,0 +1,22 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <inttypes.h>
+#include <limits.h>
+#include <stddef.h>
+#include <sys/inotify.h>
+
+#define INOTIFY_EVENT_MAX (offsetof(struct inotify_event, name) + NAME_MAX + 1)
+
+#define FOREACH_INOTIFY_EVENT(e, buffer, sz) \
+        for ((e) = &buffer.ev;                                \
+             (uint8_t*) (e) < (uint8_t*) (buffer.raw) + (sz); \
+             (e) = (struct inotify_event*) ((uint8_t*) (e) + sizeof(struct inotify_event) + (e)->len))
+
+union inotify_event_buffer {
+        struct inotify_event ev;
+        uint8_t raw[INOTIFY_EVENT_MAX];
+};
+
+int inotify_add_watch_fd(int fd, int what, uint32_t mask);
+int inotify_add_watch_and_warn(int fd, const char *pathname, uint32_t mask);

src/basic/locale-util.c

@@ -317,129 +317,6 @@ out:
         return (bool) cached_answer;
 }
 
-bool emoji_enabled(void) {
-        static int cached_emoji_enabled = -1;
-
-        if (cached_emoji_enabled < 0) {
-                int val;
-
-                val = getenv_bool("SYSTEMD_EMOJI");
-                if (val < 0)
-                        cached_emoji_enabled =
-                                is_locale_utf8() &&
-                                !STRPTR_IN_SET(getenv("TERM"), "dumb", "linux");
-                else
-                        cached_emoji_enabled = val;
-        }
-
-        return cached_emoji_enabled;
-}
-
-const char *special_glyph(SpecialGlyph code) {
-
-        /* A list of a number of interesting unicode glyphs we can use to decorate our output. It's probably wise to be
-         * conservative here, and primarily stick to the glyphs defined in the eurlatgr font, so that display still
-         * works reasonably well on the Linux console. For details see:
-         *
-         * http://git.altlinux.org/people/legion/packages/kbd.git?p=kbd.git;a=blob;f=data/consolefonts/README.eurlatgr
-         */
-
-        static const char* const draw_table[2][_SPECIAL_GLYPH_MAX] = {
-                /* ASCII fallback */
-                [false] = {
-                        [SPECIAL_GLYPH_TREE_VERTICAL]           = "| ",
-                        [SPECIAL_GLYPH_TREE_BRANCH]             = "|-",
-                        [SPECIAL_GLYPH_TREE_RIGHT]              = "`-",
-                        [SPECIAL_GLYPH_TREE_SPACE]              = "  ",
-                        [SPECIAL_GLYPH_TRIANGULAR_BULLET]       = ">",
-                        [SPECIAL_GLYPH_BLACK_CIRCLE]            = "*",
-                        [SPECIAL_GLYPH_WHITE_CIRCLE]            = "*",
-                        [SPECIAL_GLYPH_MULTIPLICATION_SIGN]     = "x",
-                        [SPECIAL_GLYPH_CIRCLE_ARROW]            = "*",
-                        [SPECIAL_GLYPH_BULLET]                  = "*",
-                        [SPECIAL_GLYPH_MU]                      = "u",
-                        [SPECIAL_GLYPH_CHECK_MARK]              = "+",
-                        [SPECIAL_GLYPH_CROSS_MARK]              = "-",
-                        [SPECIAL_GLYPH_LIGHT_SHADE]             = "-",
-                        [SPECIAL_GLYPH_DARK_SHADE]              = "X",
-                        [SPECIAL_GLYPH_SIGMA]                   = "S",
-                        [SPECIAL_GLYPH_ARROW]                   = "->",
-                        [SPECIAL_GLYPH_ELLIPSIS]                = "...",
-                        [SPECIAL_GLYPH_EXTERNAL_LINK]           = "[LNK]",
-                        [SPECIAL_GLYPH_ECSTATIC_SMILEY]         = ":-]",
-                        [SPECIAL_GLYPH_HAPPY_SMILEY]            = ":-}",
-                        [SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY]   = ":-)",
-                        [SPECIAL_GLYPH_NEUTRAL_SMILEY]          = ":-|",
-                        [SPECIAL_GLYPH_SLIGHTLY_UNHAPPY_SMILEY] = ":-(",
-                        [SPECIAL_GLYPH_UNHAPPY_SMILEY]          = ":-{",
-                        [SPECIAL_GLYPH_DEPRESSED_SMILEY]        = ":-[",
-                        [SPECIAL_GLYPH_LOCK_AND_KEY]            = "o-,",
-                        [SPECIAL_GLYPH_TOUCH]                   = "O=",    /* Yeah, not very convincing, can you do it better? */
-                        [SPECIAL_GLYPH_RECYCLING]               = "~",
-                        [SPECIAL_GLYPH_DOWNLOAD]                = "\\",
-                        [SPECIAL_GLYPH_SPARKLES]                = "*",
-                },
-
-                /* UTF-8 */
-                [true] = {
-                        /* The following are multiple glyphs in both ASCII and in UNICODE */
-                        [SPECIAL_GLYPH_TREE_VERTICAL]           = "\342\224\202 ",            /* │  */
-                        [SPECIAL_GLYPH_TREE_BRANCH]             = "\342\224\234\342\224\200", /* ├─ */
-                        [SPECIAL_GLYPH_TREE_RIGHT]              = "\342\224\224\342\224\200", /* └─ */
-                        [SPECIAL_GLYPH_TREE_SPACE]              = "  ",                       /*    */
-
-                        /* Single glyphs in both cases */
-                        [SPECIAL_GLYPH_TRIANGULAR_BULLET]       = "\342\200\243",             /* ‣ */
-                        [SPECIAL_GLYPH_BLACK_CIRCLE]            = "\342\227\217",             /* ● */
-                        [SPECIAL_GLYPH_WHITE_CIRCLE]            = "\u25CB",                   /* ○ */
-                        [SPECIAL_GLYPH_MULTIPLICATION_SIGN]     = "\u00D7",                   /* × */
-                        [SPECIAL_GLYPH_CIRCLE_ARROW]            = "\u21BB",                   /* ↻ */
-                        [SPECIAL_GLYPH_BULLET]                  = "\342\200\242",             /* • */
-                        [SPECIAL_GLYPH_MU]                      = "\316\274",                 /* μ (actually called: GREEK SMALL LETTER MU) */
-                        [SPECIAL_GLYPH_CHECK_MARK]              = "\342\234\223",             /* ✓ */
-                        [SPECIAL_GLYPH_CROSS_MARK]              = "\342\234\227",             /* ✗ (actually called: BALLOT X) */
-                        [SPECIAL_GLYPH_LIGHT_SHADE]             = "\342\226\221",             /* ░ */
-                        [SPECIAL_GLYPH_DARK_SHADE]              = "\342\226\223",             /* ▒ */
-                        [SPECIAL_GLYPH_SIGMA]                   = "\316\243",                 /* Σ */
-
-                        /* Single glyph in Unicode, two in ASCII */
-                        [SPECIAL_GLYPH_ARROW]                   = "\342\206\222",             /* → (actually called: RIGHTWARDS ARROW) */
-
-                        /* Single glyph in Unicode, three in ASCII */
-                        [SPECIAL_GLYPH_ELLIPSIS]                = "\342\200\246",             /* … (actually called: HORIZONTAL ELLIPSIS) */
-
-                        /* Three glyphs in Unicode, five in ASCII */
-                        [SPECIAL_GLYPH_EXTERNAL_LINK]           = "[\360\237\241\225]",       /* 🡕 (actually called: NORTH EAST SANS-SERIF ARROW, enclosed in []) */
-
-                        /* These smileys are a single glyph in Unicode, and three in ASCII */
-                        [SPECIAL_GLYPH_ECSTATIC_SMILEY]         = "\360\237\230\207",         /* 😇 (actually called: SMILING FACE WITH HALO) */
-                        [SPECIAL_GLYPH_HAPPY_SMILEY]            = "\360\237\230\200",         /* 😀 (actually called: GRINNING FACE) */
-                        [SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY]   = "\360\237\231\202",         /* 🙂 (actually called: SLIGHTLY SMILING FACE) */
-                        [SPECIAL_GLYPH_NEUTRAL_SMILEY]          = "\360\237\230\220",         /* 😐 (actually called: NEUTRAL FACE) */
-                        [SPECIAL_GLYPH_SLIGHTLY_UNHAPPY_SMILEY] = "\360\237\231\201",         /* 🙁 (actually called: SLIGHTLY FROWNING FACE) */
-                        [SPECIAL_GLYPH_UNHAPPY_SMILEY]          = "\360\237\230\250",         /* 😨 (actually called: FEARFUL FACE) */
-                        [SPECIAL_GLYPH_DEPRESSED_SMILEY]        = "\360\237\244\242",         /* 🤢 (actually called: NAUSEATED FACE) */
-
-                        /* This emoji is a single character cell glyph in Unicode, and three in ASCII */
-                        [SPECIAL_GLYPH_LOCK_AND_KEY]            = "\360\237\224\220",         /* 🔐 (actually called: CLOSED LOCK WITH KEY) */
-
-                        /* This emoji is a single character cell glyph in Unicode, and two in ASCII */
-                        [SPECIAL_GLYPH_TOUCH]                   = "\360\237\221\206",         /* 👆 (actually called: BACKHAND INDEX POINTING UP) */
-
-                        /* These three emojis are single character cell glyphs in Unicode and also in ASCII. */
-                        [SPECIAL_GLYPH_RECYCLING]               = "\u267B\uFE0F ",            /* ♻️  (actually called: UNIVERSAL RECYCLNG SYMBOL) */
-                        [SPECIAL_GLYPH_DOWNLOAD]                = "\u2935\uFE0F ",            /* ⤵️  (actually called: RIGHT ARROW CURVING DOWN) */
-                        [SPECIAL_GLYPH_SPARKLES]                = "\u2728",                   /* ✨ */
-                },
-        };
-
-        if (code < 0)
-                return NULL;
-
-        assert(code < _SPECIAL_GLYPH_MAX);
-        return draw_table[code >= _SPECIAL_GLYPH_FIRST_EMOJI ? emoji_enabled() : is_locale_utf8()][code];
-}
-
 void locale_variables_free(char *l[_VARIABLE_LC_MAX]) {
         if (!l)
                 return;

src/basic/locale-util.h

@@ -2,8 +2,8 @@
 #pragma once
 
 #include <libintl.h>
-#include <stdbool.h>
 #include <locale.h>
+#include <stdbool.h>
 
 #include "macro.h"
 
@@ -39,47 +39,6 @@ void init_gettext(void);
 
 bool is_locale_utf8(void);
 
-typedef enum SpecialGlyph {
-        SPECIAL_GLYPH_TREE_VERTICAL,
-        SPECIAL_GLYPH_TREE_BRANCH,
-        SPECIAL_GLYPH_TREE_RIGHT,
-        SPECIAL_GLYPH_TREE_SPACE,
-        SPECIAL_GLYPH_TRIANGULAR_BULLET,
-        SPECIAL_GLYPH_BLACK_CIRCLE,
-        SPECIAL_GLYPH_WHITE_CIRCLE,
-        SPECIAL_GLYPH_MULTIPLICATION_SIGN,
-        SPECIAL_GLYPH_CIRCLE_ARROW,
-        SPECIAL_GLYPH_BULLET,
-        SPECIAL_GLYPH_MU,
-        SPECIAL_GLYPH_CHECK_MARK,
-        SPECIAL_GLYPH_CROSS_MARK,
-        SPECIAL_GLYPH_ARROW,
-        SPECIAL_GLYPH_ELLIPSIS,
-        SPECIAL_GLYPH_LIGHT_SHADE,
-        SPECIAL_GLYPH_DARK_SHADE,
-        SPECIAL_GLYPH_SIGMA,
-        SPECIAL_GLYPH_EXTERNAL_LINK,
-        _SPECIAL_GLYPH_FIRST_EMOJI,
-        SPECIAL_GLYPH_ECSTATIC_SMILEY = _SPECIAL_GLYPH_FIRST_EMOJI,
-        SPECIAL_GLYPH_HAPPY_SMILEY,
-        SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY,
-        SPECIAL_GLYPH_NEUTRAL_SMILEY,
-        SPECIAL_GLYPH_SLIGHTLY_UNHAPPY_SMILEY,
-        SPECIAL_GLYPH_UNHAPPY_SMILEY,
-        SPECIAL_GLYPH_DEPRESSED_SMILEY,
-        SPECIAL_GLYPH_LOCK_AND_KEY,
-        SPECIAL_GLYPH_TOUCH,
-        SPECIAL_GLYPH_RECYCLING,
-        SPECIAL_GLYPH_DOWNLOAD,
-        SPECIAL_GLYPH_SPARKLES,
-        _SPECIAL_GLYPH_MAX,
-        _SPECIAL_GLYPH_INVALID = -EINVAL,
-} SpecialGlyph;
-
-const char *special_glyph(SpecialGlyph code) _const_;
-
-bool emoji_enabled(void);
-
 const char* locale_variable_to_string(LocaleVariable i) _const_;
 LocaleVariable locale_variable_from_string(const char *s) _pure_;
 
@@ -94,11 +53,3 @@ void locale_variables_free(char* l[_VARIABLE_LC_MAX]);
 static inline void locale_variables_freep(char*(*l)[_VARIABLE_LC_MAX]) {
         locale_variables_free(*l);
 }
-
-static inline const char *special_glyph_check_mark(bool b) {
-        return b ? special_glyph(SPECIAL_GLYPH_CHECK_MARK) : special_glyph(SPECIAL_GLYPH_CROSS_MARK);
-}
-
-static inline const char *special_glyph_check_mark_space(bool b) {
-        return b ? special_glyph(SPECIAL_GLYPH_CHECK_MARK) : " ";
-}

src/basic/meson.build

@@ -25,6 +25,8 @@ basic_sources = files('''
         capability-util.h
         cgroup-util.c
         cgroup-util.h
+        chase-symlinks.c
+        chase-symlinks.h
         chattr-util.c
         chattr-util.h
         conf-files.c
@@ -58,6 +60,8 @@ basic_sources = files('''
         fs-util.h
         glob-util.c
         glob-util.h
+        glyph-util.c
+        glyph-util.h
         gunicode.c
         gunicode.h
         hash-funcs.c
@@ -70,6 +74,8 @@ basic_sources = files('''
         hostname-util.h
         in-addr-util.c
         in-addr-util.h
+        inotify-util.c
+        inotify-util.h
         io-util.c
         io-util.h
         khash.c
@@ -215,6 +221,8 @@ basic_sources = files('''
         strv.h
         strxcpyx.c
         strxcpyx.h
+        sync-util.c
+        sync-util.h
         sysctl-util.c
         sysctl-util.h
         syslog-util.c

src/basic/mkdir.c

@@ -5,6 +5,7 @@
 #include <string.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "fd-util.h"
 #include "format-util.h"
 #include "fs-util.h"

src/basic/mountpoint-util.c

@@ -5,6 +5,7 @@
 #include <sys/mount.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"

src/basic/os-util.c

@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "dirent-util.h"
 #include "env-file.h"
 #include "env-util.h"

src/basic/path-util.c

@@ -13,6 +13,7 @@
 #undef basename
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "extract-word.h"
 #include "fd-util.h"
 #include "fs-util.h"

src/basic/stat-util.c

@@ -8,10 +8,11 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "dirent-util.h"
+#include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
-#include "fs-util.h"
 #include "macro.h"
 #include "missing_fs.h"
 #include "missing_magic.h"

src/basic/sync-util.c

@@ -0,0 +1,175 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include "fd-util.h"
+#include "fs-util.h"
+#include "path-util.h"
+#include "sync-util.h"
+
+int fsync_directory_of_file(int fd) {
+        _cleanup_close_ int dfd = -1;
+        struct stat st;
+        int r;
+
+        assert(fd >= 0);
+
+        /* We only reasonably can do this for regular files and directories, or for O_PATH fds, hence check
+         * for the inode type first */
+        if (fstat(fd, &st) < 0)
+                return -errno;
+
+        if (S_ISDIR(st.st_mode)) {
+                dfd = openat(fd, "..", O_RDONLY|O_DIRECTORY|O_CLOEXEC, 0);
+                if (dfd < 0)
+                        return -errno;
+
+        } else if (!S_ISREG(st.st_mode)) { /* Regular files are OK regardless if O_PATH or not, for all other
+                                            * types check O_PATH flag */
+                int flags;
+
+                flags = fcntl(fd, F_GETFL);
+                if (flags < 0)
+                        return -errno;
+
+                if (!FLAGS_SET(flags, O_PATH)) /* If O_PATH this refers to the inode in the fs, in which case
+                                                * we can sensibly do what is requested. Otherwise this refers
+                                                * to a socket, fifo or device node, where the concept of a
+                                                * containing directory doesn't make too much sense. */
+                        return -ENOTTY;
+        }
+
+        if (dfd < 0) {
+                _cleanup_free_ char *path = NULL;
+
+                r = fd_get_path(fd, &path);
+                if (r < 0) {
+                        log_debug_errno(r, "Failed to query /proc/self/fd/%d%s: %m",
+                                        fd,
+                                        r == -ENOSYS ? ", ignoring" : "");
+
+                        if (r == -ENOSYS)
+                                /* If /proc is not available, we're most likely running in some
+                                 * chroot environment, and syncing the directory is not very
+                                 * important in that case. Let's just silently do nothing. */
+                                return 0;
+
+                        return r;
+                }
+
+                if (!path_is_absolute(path))
+                        return -EINVAL;
+
+                dfd = open_parent(path, O_CLOEXEC|O_NOFOLLOW, 0);
+                if (dfd < 0)
+                        return dfd;
+        }
+
+        if (fsync(dfd) < 0)
+                return -errno;
+
+        return 0;
+}
+
+int fsync_full(int fd) {
+        int r, q;
+
+        /* Sync both the file and the directory */
+
+        r = fsync(fd) < 0 ? -errno : 0;
+
+        q = fsync_directory_of_file(fd);
+        if (r < 0) /* Return earlier error */
+                return r;
+        if (q == -ENOTTY) /* Ignore if the 'fd' refers to a block device or so which doesn't really have a
+                           * parent dir */
+                return 0;
+        return q;
+}
+
+int fsync_path_at(int at_fd, const char *path) {
+        _cleanup_close_ int opened_fd = -1;
+        int fd;
+
+        if (isempty(path)) {
+                if (at_fd == AT_FDCWD) {
+                        opened_fd = open(".", O_RDONLY|O_DIRECTORY|O_CLOEXEC);
+                        if (opened_fd < 0)
+                                return -errno;
+
+                        fd = opened_fd;
+                } else
+                        fd = at_fd;
+        } else {
+                opened_fd = openat(at_fd, path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
+                if (opened_fd < 0)
+                        return -errno;
+
+                fd = opened_fd;
+        }
+
+        if (fsync(fd) < 0)
+                return -errno;
+
+        return 0;
+}
+
+int fsync_parent_at(int at_fd, const char *path) {
+        _cleanup_close_ int opened_fd = -1;
+
+        if (isempty(path)) {
+                if (at_fd != AT_FDCWD)
+                        return fsync_directory_of_file(at_fd);
+
+                opened_fd = open("..", O_RDONLY|O_DIRECTORY|O_CLOEXEC);
+                if (opened_fd < 0)
+                        return -errno;
+
+                if (fsync(opened_fd) < 0)
+                        return -errno;
+
+                return 0;
+        }
+
+        opened_fd = openat(at_fd, path, O_PATH|O_CLOEXEC|O_NOFOLLOW);
+        if (opened_fd < 0)
+                return -errno;
+
+        return fsync_directory_of_file(opened_fd);
+}
+
+int fsync_path_and_parent_at(int at_fd, const char *path) {
+        _cleanup_close_ int opened_fd = -1;
+
+        if (isempty(path)) {
+                if (at_fd != AT_FDCWD)
+                        return fsync_full(at_fd);
+
+                opened_fd = open(".", O_RDONLY|O_DIRECTORY|O_CLOEXEC);
+        } else
+                opened_fd = openat(at_fd, path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
+        if (opened_fd < 0)
+                return -errno;
+
+        return fsync_full(opened_fd);
+}
+
+int syncfs_path(int at_fd, const char *path) {
+        _cleanup_close_ int fd = -1;
+
+        if (isempty(path)) {
+                if (at_fd != AT_FDCWD)
+                        return syncfs(at_fd) < 0 ? -errno : 0;
+
+                fd = open(".", O_RDONLY|O_DIRECTORY|O_CLOEXEC);
+        } else
+                fd = openat(at_fd, path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
+        if (fd < 0)
+                return -errno;
+
+        if (syncfs(fd) < 0)
+                return -errno;
+
+        return 0;
+}

src/basic/sync-util.h

@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+int fsync_directory_of_file(int fd);
+int fsync_full(int fd);
+
+int fsync_path_at(int at_fd, const char *path);
+int fsync_parent_at(int at_fd, const char *path);
+int fsync_path_and_parent_at(int at_fd, const char *path);
+
+int syncfs_path(int at_fd, const char *path);

src/basic/terminal-util.c

@@ -26,6 +26,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
+#include "inotify-util.h"
 #include "io-util.h"
 #include "log.h"
 #include "macro.h"

src/basic/unit-def.h

@@ -4,7 +4,7 @@
 #include <stdbool.h>
 
 #include "errno-list.h"
-#include "locale-util.h"
+#include "glyph-util.h"
 #include "macro.h"
 
 /* The enum order is used to order unit jobs in the job queue

src/basic/unit-file.c

@@ -2,6 +2,7 @@
 
 #include "sd-id128.h"
 
+#include "chase-symlinks.h"
 #include "dirent-util.h"
 #include "fd-util.h"
 #include "fs-util.h"
@@ -274,8 +275,8 @@ int unit_file_build_name_map(
         }
 
         STRV_FOREACH(dir, (char**) lp->search_path) {
-                struct dirent *de;
                 _cleanup_closedir_ DIR *d = NULL;
+                struct dirent *de;
 
                 d = opendir(*dir);
                 if (!d) {
@@ -285,18 +286,53 @@ int unit_file_build_name_map(
                 }
 
                 FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) {
-                        char *filename;
                         _unused_ _cleanup_free_ char *_filename_free = NULL;
                         _cleanup_free_ char *simplified = NULL;
-                        const char *suffix, *dst = NULL;
-                        bool valid_unit_name;
-
-                        valid_unit_name = unit_name_is_valid(de->d_name, UNIT_NAME_ANY);
+                        const char *dst = NULL;
+                        char *filename;
 
                         /* We only care about valid units and dirs with certain suffixes, let's ignore the
                          * rest. */
-                        if (!valid_unit_name &&
-                            !ENDSWITH_SET(de->d_name, ".wants", ".requires", ".d"))
+
+                        if (IN_SET(de->d_type, DT_REG, DT_LNK)) {
+
+                                if (!unit_name_is_valid(de->d_name, UNIT_NAME_ANY))
+                                        continue;
+
+                                /* Accept a regular file or symlink whose name is a valid unit file name. */
+
+                        } else if (de->d_type == DT_DIR) {
+                                bool valid_dir_name = false;
+                                const char *suffix;
+
+                                /* Also accept a directory whose name is a valid unit file name ending in
+                                 * .wants/, .requires/ or .d/ */
+
+                                if (!paths) /* Skip directories early unless path_cache is requested */
+                                        continue;
+
+                                FOREACH_STRING(suffix, ".wants", ".requires", ".d") {
+                                        _cleanup_free_ char *chopped = NULL;
+                                        const char *e;
+
+                                        e = endswith(de->d_name, suffix);
+                                        if (!e)
+                                                continue;
+
+                                        chopped = strndup(de->d_name, e - de->d_name);
+                                        if (!chopped)
+                                                return log_oom();
+
+                                        if (unit_name_is_valid(chopped, UNIT_NAME_ANY) ||
+                                            unit_type_from_string(chopped) >= 0) {
+                                                valid_dir_name = true;
+                                                break;
+                                        }
+                                }
+
+                                if (!valid_dir_name)
+                                        continue;
+                        } else
                                 continue;
 
                         filename = path_join(*dir, de->d_name);
@@ -312,9 +348,8 @@ int unit_file_build_name_map(
                         } else
                                 _filename_free = filename; /* Make sure we free the filename. */
 
-                        if (!valid_unit_name)
+                        if (!IN_SET(de->d_type, DT_REG, DT_LNK))
                                 continue;
-                        assert_se(suffix = strrchr(de->d_name, '.'));
 
                         /* search_path is ordered by priority (highest first). If the name is already mapped
                          * to something (incl. itself), it means that we have already seen it, and we should

src/boot/bless-boot.c

@@ -14,6 +14,7 @@
 #include "parse-util.h"
 #include "path-util.h"
 #include "pretty-print.h"
+#include "sync-util.h"
 #include "terminal-util.h"
 #include "util.h"
 #include "verbs.h"

src/boot/bootctl.c

@@ -25,7 +25,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
-#include "locale-util.h"
+#include "glyph-util.h"
 #include "main-func.h"
 #include "mkdir.h"
 #include "pager.h"
@@ -38,6 +38,7 @@
 #include "stdio-util.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "terminal-util.h"
 #include "tmpfile-util.h"
 #include "umask-util.h"
@@ -569,13 +570,12 @@ static int copy_file_with_version_check(const char *from, const char *to, bool f
 
         (void) copy_times(fd_from, fd_to, 0);
 
-        if (fsync(fd_to) < 0) {
+        r = fsync_full(fd_to);
+        if (r < 0) {
                 (void) unlink_noerrno(t);
-                return log_error_errno(errno, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
+                return log_error_errno(r, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
         }
 
-        (void) fsync_directory_of_file(fd_to);
-
         if (renameat(AT_FDCWD, t, AT_FDCWD, to) < 0) {
                 (void) unlink_noerrno(t);
                 return log_error_errno(errno, "Failed to rename \"%s\" to \"%s\": %m", t, to);

src/busctl/busctl.c

@@ -16,8 +16,8 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "format-table.h"
+#include "glyph-util.h"
 #include "json.h"
-#include "locale-util.h"
 #include "log.h"
 #include "main-func.h"
 #include "pager.h"

src/core/cgroup.c

@@ -18,8 +18,8 @@
 #include "cgroup.h"
 #include "fd-util.h"
 #include "fileio.h"
-#include "fs-util.h"
 #include "in-addr-prefix-util.h"
+#include "inotify-util.h"
 #include "io-util.h"
 #include "ip-protocol-list.h"
 #include "limits-util.h"

src/core/dbus-manager.c

@@ -11,6 +11,7 @@
 #include "bus-common-errors.h"
 #include "bus-get-properties.h"
 #include "bus-log-control-api.h"
+#include "chase-symlinks.h"
 #include "data-fd-util.h"
 #include "dbus-cgroup.h"
 #include "dbus-execute.h"
@@ -24,7 +25,6 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "format-util.h"
-#include "fs-util.h"
 #include "install.h"
 #include "log.h"
 #include "manager-dump.h"

src/core/execute.c

@@ -44,6 +44,7 @@
 #include "cap-list.h"
 #include "capability-util.h"
 #include "cgroup-setup.h"
+#include "chase-symlinks.h"
 #include "chown-recursive.h"
 #include "cpu-set-util.h"
 #include "creds-util.h"
@@ -58,7 +59,6 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "format-util.h"
-#include "fs-util.h"
 #include "glob-util.h"
 #include "hexdecoct.h"
 #include "io-util.h"

src/core/manager.c

@@ -44,9 +44,9 @@
 #include "exit-status.h"
 #include "fd-util.h"
 #include "fileio.h"
-#include "fs-util.h"
 #include "generator-setup.h"
 #include "hashmap.h"
+#include "inotify-util.h"
 #include "install.h"
 #include "io-util.h"
 #include "label.h"

src/core/namespace.c

@@ -10,13 +10,13 @@
 
 #include "alloc-util.h"
 #include "base-filesystem.h"
+#include "chase-symlinks.h"
 #include "dev-setup.h"
 #include "env-util.h"
 #include "escape.h"
 #include "extension-release.h"
 #include "fd-util.h"
 #include "format-util.h"
-#include "fs-util.h"
 #include "label.h"
 #include "list.h"
 #include "loop-util.h"

src/core/path.c

@@ -11,8 +11,8 @@
 #include "dbus-unit.h"
 #include "escape.h"
 #include "fd-util.h"
-#include "fs-util.h"
 #include "glob-util.h"
+#include "inotify-util.h"
 #include "macro.h"
 #include "mkdir.h"
 #include "path.h"

src/core/service.c

@@ -12,6 +12,7 @@
 #include "bus-error.h"
 #include "bus-kernel.h"
 #include "bus-util.h"
+#include "chase-symlinks.h"
 #include "dbus-service.h"
 #include "dbus-unit.h"
 #include "def.h"
@@ -21,7 +22,6 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "format-util.h"
-#include "fs-util.h"
 #include "load-dropin.h"
 #include "load-fragment.h"
 #include "log.h"

src/core/socket.c

@@ -14,6 +14,7 @@
 #include "bpf-firewall.h"
 #include "bus-error.h"
 #include "bus-util.h"
+#include "chase-symlinks.h"
 #include "copy.h"
 #include "dbus-socket.h"
 #include "dbus-unit.h"
@@ -22,7 +23,6 @@
 #include "exit-status.h"
 #include "fd-util.h"
 #include "format-util.h"
-#include "fs-util.h"
 #include "in-addr-util.h"
 #include "io-util.h"
 #include "ip-protocol-list.h"

src/core/unit.c

@@ -17,6 +17,7 @@
 #include "bus-util.h"
 #include "cgroup-setup.h"
 #include "cgroup-util.h"
+#include "chase-symlinks.h"
 #include "core-varlink.h"
 #include "dbus-unit.h"
 #include "dbus.h"

src/coredump/coredump.c

@@ -48,6 +48,7 @@
 #include "string-table.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "tmpfile-util.h"
 #include "user-record.h"
 #include "user-util.h"
@@ -261,10 +262,9 @@ static int fix_permissions(
         (void) fix_acl(fd, uid);
         (void) fix_xattr(fd, context);
 
-        if (fsync(fd) < 0)
-                return log_error_errno(errno, "Failed to sync coredump %s: %m", coredump_tmpfile_name(filename));
-
-        (void) fsync_directory_of_file(fd);
+        r = fsync_full(fd);
+        if (r < 0)
+                return log_error_errno(r, "Failed to sync coredump %s: %m", coredump_tmpfile_name(filename));
 
         r = link_tmpfile(fd, filename, target);
         if (r < 0)

src/cryptenroll/cryptenroll-recovery.c

@@ -1,8 +1,8 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "cryptenroll-recovery.h"
+#include "glyph-util.h"
 #include "json.h"
-#include "locale-util.h"
 #include "memory-util.h"
 #include "qrcode-util.h"
 #include "recovery-key.h"

src/delta/delta.c

@@ -6,11 +6,12 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "dirent-util.h"
 #include "fd-util.h"
 #include "fs-util.h"
+#include "glyph-util.h"
 #include "hashmap.h"
-#include "locale-util.h"
 #include "log.h"
 #include "main-func.h"
 #include "nulstr-util.h"

src/dissect/dissect.c

@@ -8,6 +8,7 @@
 #include <sys/mount.h>
 
 #include "architecture.h"
+#include "chase-symlinks.h"
 #include "copy.h"
 #include "dissect-image.h"
 #include "fd-util.h"

src/firstboot/firstboot.c

@@ -9,6 +9,7 @@
 
 #include "alloc-util.h"
 #include "ask-password-api.h"
+#include "chase-symlinks.h"
 #include "copy.h"
 #include "creds-util.h"
 #include "dissect-image.h"
@@ -16,6 +17,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
+#include "glyph-util.h"
 #include "hostname-util.h"
 #include "kbd-util.h"
 #include "libcrypt-util.h"

src/fstab-generator/fstab-generator.c

@@ -5,9 +5,9 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "fd-util.h"
 #include "fileio.h"
-#include "fs-util.h"
 #include "fstab-util.h"
 #include "generator.h"
 #include "log.h"

src/home/homectl-recovery-key.c

@@ -1,9 +1,9 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "errno-util.h"
+#include "glyph-util.h"
 #include "homectl-recovery-key.h"
 #include "libcrypt-util.h"
-#include "locale-util.h"
 #include "memory-util.h"
 #include "qrcode-util.h"
 #include "random-util.h"

src/home/homectl.c

@@ -14,6 +14,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "format-table.h"
+#include "glyph-util.h"
 #include "home-util.h"
 #include "homectl-fido2.h"
 #include "homectl-pkcs11.h"

src/home/homed-manager.c

@@ -38,6 +38,7 @@
 #include "socket-util.h"
 #include "stat-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "tmpfile-util.h"
 #include "udev-util.h"
 #include "user-record-sign.h"

src/home/homework-luks.c

@@ -36,6 +36,7 @@
 #include "resize-fs.h"
 #include "stat-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "tmpfile-util.h"
 
 /* Round down to the nearest 4K size. Given that newer hardware generally prefers 4K sectors, let's align our

src/import/pull-job.c

@@ -7,7 +7,6 @@
 #include "alloc-util.h"
 #include "fd-util.h"
 #include "format-util.h"
-#include "fs-util.h"
 #include "gcrypt-util.h"
 #include "hexdecoct.h"
 #include "import-util.h"
@@ -18,6 +17,7 @@
 #include "pull-job.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "xattr-util.h"
 
 void pull_job_close_disk_fd(PullJob *j) {

src/journal/journalctl.c

@@ -27,6 +27,7 @@
 #include "bus-error.h"
 #include "bus-util.h"
 #include "catalog.h"
+#include "chase-symlinks.h"
 #include "chattr-util.h"
 #include "def.h"
 #include "dissect-image.h"

src/libsystemd/sd-bus/bus-dump.c

@@ -11,7 +11,7 @@
 #include "capability-util.h"
 #include "fileio.h"
 #include "format-util.h"
-#include "locale-util.h"
+#include "glyph-util.h"
 #include "macro.h"
 #include "string-util.h"
 #include "strv.h"

src/libsystemd/sd-device/sd-device.c

@@ -8,6 +8,7 @@
 #include "sd-device.h"
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "device-internal.h"
 #include "device-private.h"
 #include "device-util.h"

src/libsystemd/sd-event/event-source.h

@@ -7,8 +7,8 @@
 
 #include "sd-event.h"
 
-#include "fs-util.h"
 #include "hashmap.h"
+#include "inotify-util.h"
 #include "list.h"
 #include "prioq.h"
 #include "ratelimit.h"

src/libsystemd/sd-id128/id128-util.c

@@ -5,12 +5,12 @@
 #include <unistd.h>
 
 #include "fd-util.h"
-#include "fs-util.h"
 #include "hexdecoct.h"
 #include "id128-util.h"
 #include "io-util.h"
 #include "stdio-util.h"
 #include "string-util.h"
+#include "sync-util.h"
 
 char *id128_to_uuid_string(sd_id128_t id, char s[static ID128_UUID_STRING_MAX]) {
         unsigned n, k = 0;
@@ -167,10 +167,7 @@ int id128_write_fd(int fd, Id128Format f, sd_id128_t id, bool do_sync) {
                 return r;
 
         if (do_sync) {
-                if (fsync(fd) < 0)
-                        return -errno;
-
-                r = fsync_directory_of_file(fd);
+                r = fsync_full(fd);
                 if (r < 0)
                         return r;
         }

src/libsystemd/sd-journal/journal-file.c

@@ -32,6 +32,7 @@
 #include "stat-util.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "xattr-util.h"
 
 #define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem))
@@ -474,11 +475,9 @@ static int journal_file_refresh_header(JournalFile *f) {
 
         r = journal_file_set_online(f);
 
-        /* Sync the online state to disk */
-        (void) fsync(f->fd);
-
-        /* We likely just created a new file, also sync the directory this file is located in. */
-        (void) fsync_directory_of_file(f->fd);
+        /* Sync the online state to disk; likely just created a new file, also sync the directory this file
+         * is located in. */
+        (void) fsync_full(f->fd);
 
         return r;
 }

src/libsystemd/sd-journal/sd-journal.c

@@ -25,6 +25,7 @@
 #include "hashmap.h"
 #include "hostname-util.h"
 #include "id128-util.h"
+#include "inotify-util.h"
 #include "io-util.h"
 #include "journal-def.h"
 #include "journal-file.h"

src/libsystemd/sd-network/sd-network.c

@@ -10,6 +10,7 @@
 #include "env-file.h"
 #include "fd-util.h"
 #include "fs-util.h"
+#include "inotify-util.h"
 #include "macro.h"
 #include "parse-util.h"
 #include "stdio-util.h"

src/login/sysfs-show.c

@@ -6,7 +6,7 @@
 
 #include "alloc-util.h"
 #include "device-enumerator-private.h"
-#include "locale-util.h"
+#include "glyph-util.h"
 #include "path-util.h"
 #include "string-util.h"
 #include "sysfs-show.h"

src/mount/mount-tool.c

@@ -9,6 +9,7 @@
 #include "bus-locator.h"
 #include "bus-unit-util.h"
 #include "bus-wait-for-jobs.h"
+#include "chase-symlinks.h"
 #include "device-util.h"
 #include "dirent-util.h"
 #include "escape.h"

src/nspawn/nspawn-bind-user.c

@@ -1,9 +1,9 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
+#include "chase-symlinks.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "format-util.h"
-#include "fs-util.h"
 #include "nspawn-bind-user.h"
 #include "nspawn.h"
 #include "path-util.h"
@@ -24,7 +24,7 @@ static int check_etc_passwd_collisions(
         assert(directory);
         assert(name || uid_is_valid(uid));
 
-        r = chase_symlinks_and_fopen_unlocked("/etc/passwd", directory, CHASE_PREFIX_ROOT, "re", &f, NULL);
+        r = chase_symlinks_and_fopen_unlocked("/etc/passwd", directory, CHASE_PREFIX_ROOT, "re", NULL, &f);
         if (r == -ENOENT)
                 return 0; /* no user database? then no user, hence no collision */
         if (r < 0)
@@ -57,7 +57,7 @@ static int check_etc_group_collisions(
         assert(directory);
         assert(name || gid_is_valid(gid));
 
-        r = chase_symlinks_and_fopen_unlocked("/etc/group", directory, CHASE_PREFIX_ROOT, "re", &f, NULL);
+        r = chase_symlinks_and_fopen_unlocked("/etc/group", directory, CHASE_PREFIX_ROOT, "re", NULL, &f);
         if (r == -ENOENT)
                 return 0; /* no group database? then no group, hence no collision */
         if (r < 0)

src/nspawn/nspawn-mount.c

@@ -4,6 +4,7 @@
 #include <linux/magic.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "escape.h"
 #include "fd-util.h"
 #include "format-util.h"

src/nspawn/nspawn.c

@@ -33,6 +33,7 @@
 #include "cap-list.h"
 #include "capability-util.h"
 #include "cgroup-util.h"
+#include "chase-symlinks.h"
 #include "copy.h"
 #include "cpu-set-util.h"
 #include "creds-util.h"

src/partition/repart.c

@@ -22,6 +22,7 @@
 #include "blkid-util.h"
 #include "blockdev-util.h"
 #include "btrfs-util.h"
+#include "chase-symlinks.h"
 #include "conf-files.h"
 #include "conf-parser.h"
 #include "cryptsetup-util.h"
@@ -34,12 +35,12 @@
 #include "format-table.h"
 #include "format-util.h"
 #include "fs-util.h"
+#include "glyph-util.h"
 #include "gpt.h"
 #include "hexdecoct.h"
 #include "id128-util.h"
 #include "json.h"
 #include "list.h"
-#include "locale-util.h"
 #include "loop-util.h"
 #include "main-func.h"
 #include "mkdir.h"
@@ -61,6 +62,7 @@
 #include "string-table.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "terminal-util.h"
 #include "tpm2-util.h"
 #include "user-util.h"

src/portable/portable.c

@@ -4,6 +4,7 @@
 
 #include "bus-common-errors.h"
 #include "bus-error.h"
+#include "chase-symlinks.h"
 #include "conf-files.h"
 #include "copy.h"
 #include "data-fd-util.h"

src/portable/portablectl.c

@@ -10,6 +10,7 @@
 #include "bus-locator.h"
 #include "bus-unit-util.h"
 #include "bus-wait-for-jobs.h"
+#include "chase-symlinks.h"
 #include "def.h"
 #include "dirent-util.h"
 #include "env-file.h"
@@ -24,8 +25,8 @@
 #include "parse-argument.h"
 #include "parse-util.h"
 #include "path-util.h"
-#include "pretty-print.h"
 #include "portable.h"
+#include "pretty-print.h"
 #include "spawn-polkit-agent.h"
 #include "string-util.h"
 #include "strv.h"

src/random-seed/random-seed.c

@@ -25,6 +25,7 @@
 #include "parse-util.h"
 #include "random-util.h"
 #include "string-util.h"
+#include "sync-util.h"
 #include "util.h"
 #include "xattr-util.h"
 

src/shared/ask-password-api.c

@@ -26,8 +26,8 @@
 #include "fileio.h"
 #include "format-util.h"
 #include "fs-util.h"
+#include "glyph-util.h"
 #include "io-util.h"
-#include "locale-util.h"
 #include "log.h"
 #include "macro.h"
 #include "memory-util.h"

src/shared/bus-unit-procs.c

@@ -1,9 +1,9 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "bus-unit-procs.h"
+#include "glyph-util.h"
 #include "hashmap.h"
 #include "list.h"
-#include "locale-util.h"
 #include "macro.h"
 #include "path-util.h"
 #include "process-util.h"

src/shared/copy.c

@@ -29,6 +29,7 @@
 #include "stdio-util.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "time-util.h"
 #include "tmpfile-util.h"
 #include "umask-util.h"

src/shared/discover-image.c

@@ -14,6 +14,7 @@
 
 #include "alloc-util.h"
 #include "btrfs-util.h"
+#include "chase-symlinks.h"
 #include "chattr-util.h"
 #include "copy.h"
 #include "dirent-util.h"

src/shared/dissect-image.c

@@ -24,6 +24,7 @@
 #include "ask-password-api.h"
 #include "blkid-util.h"
 #include "blockdev-util.h"
+#include "chase-symlinks.h"
 #include "conf-files.h"
 #include "copy.h"
 #include "cryptsetup-util.h"

src/shared/dropin.c

@@ -6,13 +6,13 @@
 #include <stdlib.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "conf-files.h"
 #include "dirent-util.h"
 #include "dropin.h"
 #include "escape.h"
 #include "fd-util.h"
 #include "fileio-label.h"
-#include "fs-util.h"
 #include "hashmap.h"
 #include "log.h"
 #include "macro.h"

src/shared/format-table.c

@@ -12,10 +12,10 @@
 #include "format-table.h"
 #include "format-util.h"
 #include "fs-util.h"
+#include "glyph-util.h"
 #include "gunicode.h"
 #include "id128-util.h"
 #include "in-addr-util.h"
-#include "locale-util.h"
 #include "memory-util.h"
 #include "pager.h"
 #include "parse-util.h"

src/shared/install-file.c

@@ -10,6 +10,7 @@
 #include "install-file.h"
 #include "missing_syscall.h"
 #include "rm-rf.h"
+#include "sync-util.h"
 
 int fs_make_very_read_only(int fd) {
         struct stat st;

src/shared/install.c

@@ -10,6 +10,7 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "conf-files.h"
 #include "conf-parser.h"
 #include "def.h"

src/shared/libfido2-util.c

@@ -7,7 +7,7 @@
 #include "ask-password-api.h"
 #include "dlfcn-util.h"
 #include "format-table.h"
-#include "locale-util.h"
+#include "glyph-util.h"
 #include "log.h"
 #include "memory-util.h"
 #include "random-util.h"

src/shared/logs-show.c

@@ -15,6 +15,7 @@
 #include "alloc-util.h"
 #include "fd-util.h"
 #include "format-util.h"
+#include "glyph-util.h"
 #include "hashmap.h"
 #include "hostname-util.h"
 #include "id128-util.h"

src/shared/machine-id-setup.c

@@ -9,7 +9,6 @@
 
 #include "alloc-util.h"
 #include "fd-util.h"
-#include "fs-util.h"
 #include "id128-util.h"
 #include "io-util.h"
 #include "log.h"
@@ -23,6 +22,7 @@
 #include "process-util.h"
 #include "stat-util.h"
 #include "string-util.h"
+#include "sync-util.h"
 #include "umask-util.h"
 #include "util.h"
 #include "virt.h"

src/shared/mount-util.c

@@ -10,6 +10,7 @@
 #include <linux/fs.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "dissect-image.h"
 #include "exec-util.h"
 #include "extract-word.h"

src/shared/specifier.c

@@ -10,6 +10,7 @@
 
 #include "alloc-util.h"
 #include "architecture.h"
+#include "chase-symlinks.h"
 #include "fd-util.h"
 #include "format-util.h"
 #include "fs-util.h"

src/shared/switch-root.c

@@ -9,8 +9,8 @@
 #include <unistd.h>
 
 #include "base-filesystem.h"
+#include "chase-symlinks.h"
 #include "fd-util.h"
-#include "fs-util.h"
 #include "log.h"
 #include "missing_syscall.h"
 #include "mkdir.h"

src/shared/user-record.c

@@ -3,6 +3,7 @@
 #include <sys/mount.h>
 
 #include "cgroup-util.h"
+#include "chase-symlinks.h"
 #include "dns-domain.h"
 #include "env-util.h"
 #include "fd-util.h"
@@ -54,7 +55,7 @@ int read_login_defs(UGIDAllocationRange *ret_defs, const char *path, const char
         if (!path)
                 path = "/etc/login.defs";
 
-        r = chase_symlinks_and_fopen_unlocked(path, root, CHASE_PREFIX_ROOT, "re", &f, NULL);
+        r = chase_symlinks_and_fopen_unlocked(path, root, CHASE_PREFIX_ROOT, "re", NULL, &f);
         if (r == -ENOENT)
                 goto assign;
         if (r < 0)

src/shutdown/umount.c

@@ -23,7 +23,6 @@
 #include "device-util.h"
 #include "escape.h"
 #include "fd-util.h"
-#include "fs-util.h"
 #include "fstab-util.h"
 #include "libmount-util.h"
 #include "mount-setup.h"
@@ -34,6 +33,7 @@
 #include "signal-util.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "umount.h"
 #include "util.h"
 #include "virt.h"

src/sysext/sysext.c

@@ -6,6 +6,7 @@
 #include <unistd.h>
 
 #include "capability-util.h"
+#include "chase-symlinks.h"
 #include "discover-image.h"
 #include "dissect-image.h"
 #include "env-util.h"

src/systemctl/systemctl-util.c

@@ -10,6 +10,7 @@
 #include "bus-locator.h"
 #include "bus-map-properties.h"
 #include "bus-unit-util.h"
+#include "chase-symlinks.h"
 #include "dropin.h"
 #include "env-util.h"
 #include "exit-status.h"

src/sysusers/sysusers.c

@@ -29,6 +29,7 @@
 #include "specifier.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "tmpfile-util-label.h"
 #include "uid-range.h"
 #include "user-record.h"

src/test/test-chase-symlinks.c

@@ -1,8 +1,8 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #include <getopt.h>
 
+#include "chase-symlinks.h"
 #include "fd-util.h"
-#include "fs-util.h"
 #include "log.h"
 #include "main-func.h"
 

src/test/test-copy.c

@@ -4,6 +4,7 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "copy.h"
 #include "fd-util.h"
 #include "fileio.h"

src/test/test-env-util.c

@@ -217,7 +217,7 @@ static void test_replace_env2(bool extended) {
                 "BAR=bar",
                 NULL
         };
-        _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL;
+        _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL, *y = NULL;
         unsigned flags = REPLACE_ENV_ALLOW_EXTENDED*extended;
 
         t = replace_env("FOO=${FOO:-${BAR}}", (char**) env, flags);
@@ -237,6 +237,9 @@ static void test_replace_env2(bool extended) {
 
         x = replace_env("XXX=${XXX:+${BAR}post}", (char**) env, flags);
         assert_se(streq(x, extended ? "XXX=" : "XXX=${XXX:+barpost}"));
+
+        y = replace_env("FOO=${FOO}between${BAR:-baz}", (char**) env, flags);
+        assert_se(streq(y, extended ? "FOO=foobetweenbar" : "FOO=foobetween${BAR:-baz}"));
 }
 
 static void test_replace_env_argv(void) {

src/test/test-fs-util.c

@@ -3,6 +3,7 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "copy.h"
 #include "fd-util.h"
 #include "fileio.h"
@@ -16,6 +17,7 @@
 #include "stdio-util.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sync-util.h"
 #include "tests.h"
 #include "tmpfile-util.h"
 #include "umask-util.h"

src/test/test-locale-util.c

@@ -1,5 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
+#include "glyph-util.h"
 #include "kbd-util.h"
 #include "locale-util.h"
 #include "macro.h"

src/timesync/wait-sync.c

@@ -14,7 +14,7 @@
 #include "sd-event.h"
 
 #include "fd-util.h"
-#include "fs-util.h"
+#include "inotify-util.h"
 #include "main-func.h"
 #include "signal-util.h"
 #include "time-util.h"

src/tmpfiles/offline-passwd.c

@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
+#include "chase-symlinks.h"
 #include "fd-util.h"
-#include "fs-util.h"
 #include "offline-passwd.h"
 #include "path-util.h"
 #include "user-util.h"

src/tmpfiles/tmpfiles.c

@@ -21,6 +21,7 @@
 #include "alloc-util.h"
 #include "btrfs-util.h"
 #include "capability-util.h"
+#include "chase-symlinks.h"
 #include "chattr-util.h"
 #include "conf-files.h"
 #include "copy.h"

src/tty-ask-password-agent/tty-ask-password-agent.c

@@ -24,8 +24,8 @@
 #include "exit-status.h"
 #include "fd-util.h"
 #include "fileio.h"
-#include "fs-util.h"
 #include "hashmap.h"
+#include "inotify-util.h"
 #include "io-util.h"
 #include "macro.h"
 #include "main-func.h"

src/udev/udev-builtin-net_id.c

@@ -23,11 +23,11 @@
 #include <linux/pci_regs.h>
 
 #include "alloc-util.h"
+#include "chase-symlinks.h"
 #include "device-util.h"
 #include "dirent-util.h"
 #include "fd-util.h"
 #include "fileio.h"
-#include "fs-util.h"
 #include "netif-naming-scheme.h"
 #include "parse-util.h"
 #include "proc-cmdline.h"

src/udev/udevd.c

@@ -40,6 +40,7 @@
 #include "format-util.h"
 #include "fs-util.h"
 #include "hashmap.h"
+#include "inotify-util.h"
 #include "io-util.h"
 #include "limits-util.h"
 #include "list.h"

src/volatile-root/volatile-root.c

@@ -4,8 +4,8 @@
 
 #include "alloc-util.h"
 #include "blockdev-util.h"
+#include "chase-symlinks.h"
 #include "escape.h"
-#include "fs-util.h"
 #include "main-func.h"
 #include "mkdir.h"
 #include "mount-util.h"