Compare commits
14 Commits
8e6be07b2d
...
4cd204a7e5
Author | SHA1 | Date |
---|---|---|
Mike Yuan | 4cd204a7e5 | |
Tobias Zimmermann | f70e5620b6 | |
Zbigniew Jędrzejewski-Szmek | 3127c71bf4 | |
Yuri Chornoivan | b153eebfb2 | |
Zbigniew Jędrzejewski-Szmek | 2c06e40ae9 | |
Zbigniew Jędrzejewski-Szmek | 5ca9149464 | |
Mike Yuan | 18c36b1e24 | |
Mike Yuan | 43f08f534d | |
Mike Yuan | bcfcd1e5be | |
Mike Yuan | 31865c9948 | |
Mike Yuan | 30b1644d31 | |
Mike Yuan | 7ea32bf4a4 | |
Mike Yuan | 01c3b02427 | |
Mike Yuan | c5160a9e38 |
|
@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
|
|||
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
|
||||
KEYBOARD_KEY_c01b7=audio # My Music (F12)
|
||||
|
||||
# Logitech MX Keys for Mac
|
||||
evdev:input:b0003v046Dp4092*
|
||||
KEYBOARD_KEY_70035=102nd # '<' key
|
||||
KEYBOARD_KEY_70064=grave # '^' key
|
||||
|
||||
###########################################################
|
||||
# Maxdata
|
||||
###########################################################
|
||||
|
|
10
po/uk.po
10
po/uk.po
|
@ -9,8 +9,8 @@ msgid ""
|
|||
msgstr ""
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||
"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n"
|
||||
"PO-Revision-Date: 2024-11-21 19:38+0000\n"
|
||||
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
|
||||
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
|
||||
"systemd/main/uk/>\n"
|
||||
"Language: uk\n"
|
||||
|
@ -120,11 +120,11 @@ msgstr "Для оновлення домашньої теки користува
|
|||
|
||||
#: src/home/org.freedesktop.home1.policy:53
|
||||
msgid "Update your home area"
|
||||
msgstr "Оновіть свій домашній простір"
|
||||
msgstr "Оновлення домашньої області"
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:54
|
||||
msgid "Authentication is required to update your home area."
|
||||
msgstr "Для оновлення домашньої області потрібна автентифікація."
|
||||
msgstr "Для оновлення домашньої області слід пройти розпізнавання."
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:63
|
||||
msgid "Resize a home area"
|
||||
|
@ -1215,7 +1215,7 @@ msgstr "Керування додатковими функціями"
|
|||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||
msgid "Authentication is required to manage optional features"
|
||||
msgstr "Для керування додатковими функціями потрібна автентифікація"
|
||||
msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
|
||||
|
||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||
msgid "Set system time"
|
||||
|
|
|
@ -28,6 +28,7 @@
|
|||
#include "mkdir.h"
|
||||
#include "parse-util.h"
|
||||
#include "path-util.h"
|
||||
#include "pidfd-util.h"
|
||||
#include "process-util.h"
|
||||
#include "set.h"
|
||||
#include "special.h"
|
||||
|
@ -72,6 +73,28 @@ int cg_cgroupid_open(int cgroupfs_fd, uint64_t id) {
|
|||
return fd;
|
||||
}
|
||||
|
||||
int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret) {
|
||||
_cleanup_close_ int cgfd = -EBADF;
|
||||
int r;
|
||||
|
||||
cgfd = cg_cgroupid_open(cgroupfs_fd, id);
|
||||
if (cgfd < 0)
|
||||
return cgfd;
|
||||
|
||||
_cleanup_free_ char *path = NULL;
|
||||
|
||||
r = fd_get_path(cgfd, &path);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (isempty(path_startswith(path, "/sys/fs/cgroup/")))
|
||||
return -EINVAL;
|
||||
|
||||
if (ret)
|
||||
*ret = TAKE_PTR(path);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int cg_enumerate_items(const char *controller, const char *path, FILE **ret, const char *item) {
|
||||
_cleanup_free_ char *fs = NULL;
|
||||
FILE *f;
|
||||
|
@ -826,6 +849,16 @@ int cg_pidref_get_path(const char *controller, const PidRef *pidref, char **ret_
|
|||
if (!pidref_is_set(pidref))
|
||||
return -ESRCH;
|
||||
|
||||
if (pidref->fd >= 0) {
|
||||
uint64_t cgroup_id;
|
||||
|
||||
r = pidfd_get_cgroupid(pidref->fd, &cgroup_id);
|
||||
if (r >= 0)
|
||||
return cg_path_from_cgroupid(/* cgroupfs_fd = */ -EBADF, cgroup_id, ret_path);
|
||||
if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
|
||||
return r;
|
||||
}
|
||||
|
||||
r = cg_pid_get_path(controller, pidref->pid, &path);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
|
@ -183,6 +183,8 @@ typedef enum CGroupUnified {
|
|||
int cg_path_open(const char *controller, const char *path);
|
||||
int cg_cgroupid_open(int fsfd, uint64_t id);
|
||||
|
||||
int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret);
|
||||
|
||||
typedef enum CGroupFlags {
|
||||
CGROUP_SIGCONT = 1 << 0,
|
||||
CGROUP_IGNORE_SELF = 1 << 1,
|
||||
|
|
|
@ -72,6 +72,7 @@ basic_sources = files(
|
|||
'parse-util.c',
|
||||
'path-util.c',
|
||||
'percent-util.c',
|
||||
'pidfd-util.c',
|
||||
'pidref.c',
|
||||
'prioq.c',
|
||||
'proc-cmdline.c',
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
#pragma once
|
||||
|
||||
#include <linux/types.h>
|
||||
|
||||
#define PIDFS_IOCTL_MAGIC 0xFF
|
||||
|
||||
#ifndef PIDFD_GET_CGROUP_NAMESPACE
|
||||
# define PIDFD_GET_CGROUP_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 1)
|
||||
# define PIDFD_GET_IPC_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 2)
|
||||
# define PIDFD_GET_MNT_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 3)
|
||||
# define PIDFD_GET_NET_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 4)
|
||||
# define PIDFD_GET_PID_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 5)
|
||||
# define PIDFD_GET_PID_FOR_CHILDREN_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 6)
|
||||
# define PIDFD_GET_TIME_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 7)
|
||||
# define PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 8)
|
||||
# define PIDFD_GET_USER_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 9)
|
||||
# define PIDFD_GET_UTS_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 10)
|
||||
#endif
|
||||
|
||||
#ifndef PIDFD_GET_INFO
|
||||
struct pidfd_info {
|
||||
__u64 mask;
|
||||
__u64 cgroupid;
|
||||
__u32 pid;
|
||||
__u32 tgid;
|
||||
__u32 ppid;
|
||||
__u32 ruid;
|
||||
__u32 rgid;
|
||||
__u32 euid;
|
||||
__u32 egid;
|
||||
__u32 suid;
|
||||
__u32 sgid;
|
||||
__u32 fsuid;
|
||||
__u32 fsgid;
|
||||
__u32 spare0[1];
|
||||
};
|
||||
|
||||
#define PIDFD_GET_INFO _IOWR(PIDFS_IOCTL_MAGIC, 11, struct pidfd_info)
|
||||
#define PIDFD_INFO_PID (1UL << 0)
|
||||
#define PIDFD_INFO_CREDS (1UL << 1)
|
||||
#define PIDFD_INFO_CGROUPID (1UL << 2)
|
||||
#endif
|
|
@ -0,0 +1,161 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#include <sys/ioctl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "errno-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "fileio.h"
|
||||
#include "macro.h"
|
||||
#include "memory-util.h"
|
||||
#include "missing_magic.h"
|
||||
#include "missing_pidfd.h"
|
||||
#include "parse-util.h"
|
||||
#include "path-util.h"
|
||||
#include "pidfd-util.h"
|
||||
#include "stat-util.h"
|
||||
#include "string-util.h"
|
||||
|
||||
static bool pidfd_get_info_supported = true;
|
||||
|
||||
static bool ERRNO_IS_NEG_PIDFD_IOCTL_NOT_SUPPORTED(intmax_t r) {
|
||||
return IN_SET(r, -ENOTTY, -EINVAL);
|
||||
}
|
||||
_DEFINE_ABS_WRAPPER(PIDFD_IOCTL_NOT_SUPPORTED);
|
||||
|
||||
static int pidfd_get_pid_fdinfo(int fd, pid_t *ret) {
|
||||
char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
|
||||
_cleanup_free_ char *fdinfo = NULL;
|
||||
int r;
|
||||
|
||||
assert(fd >= 0);
|
||||
|
||||
xsprintf(path, "/proc/self/fdinfo/%i", fd);
|
||||
|
||||
r = read_full_virtual_file(path, &fdinfo, NULL);
|
||||
if (r == -ENOENT)
|
||||
return proc_fd_enoent_errno();
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
char *p = find_line_startswith(fdinfo, "Pid:");
|
||||
if (!p)
|
||||
return -ENOTTY; /* not a pidfd? */
|
||||
|
||||
p = skip_leading_chars(p, /* bad = */ NULL);
|
||||
p[strcspn(p, WHITESPACE)] = 0;
|
||||
|
||||
if (streq(p, "0"))
|
||||
return -EREMOTE; /* PID is in foreign PID namespace? */
|
||||
if (streq(p, "-1"))
|
||||
return -ESRCH; /* refers to reaped process? */
|
||||
|
||||
return parse_pid(p, ret);
|
||||
}
|
||||
|
||||
static int pidfd_get_pid_ioctl(int fd, pid_t *ret) {
|
||||
struct pidfd_info info = { .mask = PIDFD_INFO_PID };
|
||||
|
||||
assert(fd >= 0);
|
||||
|
||||
if (ioctl(fd, PIDFD_GET_INFO, &info) < 0)
|
||||
return -errno;
|
||||
|
||||
assert(FLAGS_SET(info.mask, PIDFD_INFO_PID));
|
||||
|
||||
if (ret)
|
||||
*ret = info.pid;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int pidfd_get_pid(int fd, pid_t *ret) {
|
||||
int r;
|
||||
|
||||
/* Converts a pidfd into a pid. We try ioctl(PIDFD_GET_INFO) (kernel 6.13+) first,
|
||||
* /proc/self/fdinfo/ as fallback. Well known errors:
|
||||
*
|
||||
* -EBADF → fd invalid
|
||||
* -ESRCH → fd valid, but process is already reaped
|
||||
*
|
||||
* pidfd_get_pid_fdinfo() might additionally fail for other reasons:
|
||||
*
|
||||
* -ENOSYS → /proc/ not mounted
|
||||
* -ENOTTY → fd valid, but not a pidfd
|
||||
* -EREMOTE → fd valid, but pid is in another namespace we cannot translate to the local one
|
||||
*/
|
||||
|
||||
assert(fd >= 0);
|
||||
|
||||
if (pidfd_get_info_supported) {
|
||||
r = pidfd_get_pid_ioctl(fd, ret);
|
||||
if (!ERRNO_IS_NEG_PIDFD_IOCTL_NOT_SUPPORTED(r))
|
||||
return r;
|
||||
|
||||
pidfd_get_info_supported = false;
|
||||
}
|
||||
|
||||
return pidfd_get_pid_fdinfo(fd, ret);
|
||||
}
|
||||
|
||||
int pidfd_verify_pid(int pidfd, pid_t pid) {
|
||||
pid_t current_pid;
|
||||
int r;
|
||||
|
||||
assert(pidfd >= 0);
|
||||
assert(pid > 0);
|
||||
|
||||
r = pidfd_get_pid(pidfd, ¤t_pid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
return current_pid != pid ? -ESRCH : 0;
|
||||
}
|
||||
|
||||
int pidfd_get_cgroupid(int fd, uint64_t *ret) {
|
||||
struct pidfd_info info = { .mask = PIDFD_INFO_CGROUP };
|
||||
|
||||
assert(fd >= 0);
|
||||
|
||||
if (!pidfd_get_info_supported)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
if (ioctl(fd, PIDFD_GET_INFO, &info) < 0) {
|
||||
if (ERRNO_IS_PIDFD_IOCTL_NOT_SUPPORTED(errno)) {
|
||||
pidfd_get_info_supported = false;
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
|
||||
return -errno;
|
||||
}
|
||||
|
||||
if (!FLAGS_SET(info.mask, PIDFD_INFO_CGROUP))
|
||||
return -ENODATA;
|
||||
|
||||
if (ret)
|
||||
*ret = info.cgroupid;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int pidfd_get_inode_id(int fd, uint64_t *ret) {
|
||||
static int cached_supported = -1;
|
||||
int r;
|
||||
|
||||
assert(fd >= 0);
|
||||
|
||||
if (cached_supported < 0) {
|
||||
cached_supported = fd_is_fs_type(fd, PID_FS_MAGIC);
|
||||
if (cached_supported < 0)
|
||||
return cached_supported;
|
||||
}
|
||||
if (cached_supported == 0)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
struct stat st;
|
||||
|
||||
if (fstat(fd, &st) < 0)
|
||||
return -errno;
|
||||
|
||||
if (ret)
|
||||
*ret = (uint64_t) st.st_ino;
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
#pragma once
|
||||
|
||||
#include <stdint.h>
|
||||
#if HAVE_PIDFD_OPEN
|
||||
#include <sys/pidfd.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
|
||||
int pidfd_get_pid(int fd, pid_t *ret);
|
||||
int pidfd_verify_pid(int pidfd, pid_t pid);
|
||||
|
||||
int pidfd_get_cgroupid(int fd, uint64_t *ret);
|
||||
|
||||
int pidfd_get_inode_id(int fd, uint64_t *ret);
|
|
@ -1,36 +1,14 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#if HAVE_PIDFD_OPEN
|
||||
#include <sys/pidfd.h>
|
||||
#endif
|
||||
|
||||
#include "errno-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "missing_magic.h"
|
||||
#include "missing_syscall.h"
|
||||
#include "missing_wait.h"
|
||||
#include "parse-util.h"
|
||||
#include "pidfd-util.h"
|
||||
#include "pidref.h"
|
||||
#include "process-util.h"
|
||||
#include "signal-util.h"
|
||||
#include "stat-util.h"
|
||||
|
||||
static int pidfd_inode_ids_supported(void) {
|
||||
static int cached = -1;
|
||||
|
||||
if (cached >= 0)
|
||||
return cached;
|
||||
|
||||
_cleanup_close_ int fd = pidfd_open(getpid_cached(), 0);
|
||||
if (fd < 0) {
|
||||
if (ERRNO_IS_NOT_SUPPORTED(errno))
|
||||
return (cached = false);
|
||||
|
||||
return -errno;
|
||||
}
|
||||
|
||||
return (cached = fd_is_fs_type(fd, PID_FS_MAGIC));
|
||||
}
|
||||
|
||||
int pidref_acquire_pidfd_id(PidRef *pidref) {
|
||||
int r;
|
||||
|
@ -49,19 +27,14 @@ int pidref_acquire_pidfd_id(PidRef *pidref) {
|
|||
if (pidref->fd_id > 0)
|
||||
return 0;
|
||||
|
||||
r = pidfd_inode_ids_supported();
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
struct stat st;
|
||||
|
||||
if (fstat(pidref->fd, &st) < 0)
|
||||
return log_debug_errno(errno, "Failed to get inode number of pidfd for pid " PID_FMT ": %m",
|
||||
r = pidfd_get_inode_id(pidref->fd, &pidref->fd_id);
|
||||
if (r < 0) {
|
||||
if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
|
||||
log_debug_errno(r, "Failed to get inode number of pidfd for pid " PID_FMT ": %m",
|
||||
pidref->pid);
|
||||
return r;
|
||||
}
|
||||
|
||||
pidref->fd_id = (uint64_t) st.st_ino;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -1874,59 +1874,6 @@ int get_oom_score_adjust(int *ret) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
int pidfd_get_pid(int fd, pid_t *ret) {
|
||||
char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
|
||||
_cleanup_free_ char *fdinfo = NULL;
|
||||
int r;
|
||||
|
||||
/* Converts a pidfd into a pid. Well known errors:
|
||||
*
|
||||
* -EBADF → fd invalid
|
||||
* -ENOSYS → /proc/ not mounted
|
||||
* -ENOTTY → fd valid, but not a pidfd
|
||||
* -EREMOTE → fd valid, but pid is in another namespace we cannot translate to the local one
|
||||
* -ESRCH → fd valid, but process is already reaped
|
||||
*/
|
||||
|
||||
assert(fd >= 0);
|
||||
|
||||
xsprintf(path, "/proc/self/fdinfo/%i", fd);
|
||||
|
||||
r = read_full_virtual_file(path, &fdinfo, NULL);
|
||||
if (r == -ENOENT)
|
||||
return proc_fd_enoent_errno();
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
char *p = find_line_startswith(fdinfo, "Pid:");
|
||||
if (!p)
|
||||
return -ENOTTY; /* not a pidfd? */
|
||||
|
||||
p = skip_leading_chars(p, /* bad = */ NULL);
|
||||
p[strcspn(p, WHITESPACE)] = 0;
|
||||
|
||||
if (streq(p, "0"))
|
||||
return -EREMOTE; /* PID is in foreign PID namespace? */
|
||||
if (streq(p, "-1"))
|
||||
return -ESRCH; /* refers to reaped process? */
|
||||
|
||||
return parse_pid(p, ret);
|
||||
}
|
||||
|
||||
int pidfd_verify_pid(int pidfd, pid_t pid) {
|
||||
pid_t current_pid;
|
||||
int r;
|
||||
|
||||
assert(pidfd >= 0);
|
||||
assert(pid > 0);
|
||||
|
||||
r = pidfd_get_pid(pidfd, ¤t_pid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
return current_pid != pid ? -ESRCH : 0;
|
||||
}
|
||||
|
||||
static int rlimit_to_nice(rlim_t limit) {
|
||||
if (limit <= 1)
|
||||
return PRIO_MAX-1; /* i.e. 19 */
|
||||
|
|
|
@ -251,9 +251,6 @@ assert_cc(TASKS_MAX <= (unsigned long) PID_T_MAX);
|
|||
/* Like TAKE_PTR() but for pid_t, resetting them to 0 */
|
||||
#define TAKE_PID(pid) TAKE_GENERIC(pid, pid_t, 0)
|
||||
|
||||
int pidfd_get_pid(int fd, pid_t *ret);
|
||||
int pidfd_verify_pid(int pidfd, pid_t pid);
|
||||
|
||||
int setpriority_closest(int priority);
|
||||
|
||||
_noreturn_ void freeze(void);
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#include <sys/epoll.h>
|
||||
#if HAVE_PIDFD_OPEN
|
||||
#include <sys/pidfd.h>
|
||||
#endif
|
||||
#include <sys/timerfd.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
|
@ -31,6 +28,7 @@
|
|||
#include "origin-id.h"
|
||||
#include "path-util.h"
|
||||
#include "prioq.h"
|
||||
#include "pidfd-util.h"
|
||||
#include "process-util.h"
|
||||
#include "psi-util.h"
|
||||
#include "set.h"
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
#include "macro.h"
|
||||
#include "parse-util.h"
|
||||
#include "path-util.h"
|
||||
#include "pidfd-util.h"
|
||||
#include "process-util.h"
|
||||
#include "socket-util.h"
|
||||
#include "stdio-util.h"
|
||||
|
|
|
@ -525,49 +525,20 @@ int userns_info_add_cgroup(UserNamespaceInfo *userns, uint64_t cgroup_id) {
|
|||
}
|
||||
|
||||
static int userns_destroy_cgroup(uint64_t cgroup_id) {
|
||||
_cleanup_close_ int cgroup_fd = -EBADF, parent_fd = -EBADF;
|
||||
_cleanup_free_ char *path = NULL;
|
||||
int r;
|
||||
|
||||
cgroup_fd = cg_cgroupid_open(/* cgroupfsfd= */ -EBADF, cgroup_id);
|
||||
if (cgroup_fd == -ESTALE) {
|
||||
log_debug_errno(cgroup_fd, "Control group %" PRIu64 " already gone, ignoring: %m", cgroup_id);
|
||||
r = cg_path_from_cgroupid(/* cgroupfs_fd = */ -EBADF, cgroup_id, &path);
|
||||
if (r == -ESTALE) {
|
||||
log_debug_errno(r, "Control group %" PRIu64 " already gone, ignoring.", cgroup_id);
|
||||
return 0;
|
||||
}
|
||||
if (cgroup_fd < 0)
|
||||
return log_debug_errno(errno, "Failed to open cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
|
||||
|
||||
_cleanup_free_ char *path = NULL;
|
||||
r = fd_get_path(cgroup_fd, &path);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to get path of cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
|
||||
|
||||
const char *e = path_startswith(path, "/sys/fs/cgroup/");
|
||||
if (!e)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Got cgroup path that doesn't start with /sys/fs/cgroup/, refusing: %s", path);
|
||||
if (isempty(e))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Got root cgroup path, which can't be right, refusing.");
|
||||
log_debug("Destroying cgroup %" PRIu64 " (%s)", cgroup_id, path);
|
||||
|
||||
log_debug("Path of cgroup %" PRIu64 " is: %s", cgroup_id, path);
|
||||
|
||||
_cleanup_free_ char *fname = NULL;
|
||||
r = path_extract_filename(path, &fname);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to extract name of cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
|
||||
|
||||
parent_fd = openat(cgroup_fd, "..", O_CLOEXEC|O_DIRECTORY);
|
||||
if (parent_fd < 0)
|
||||
return log_debug_errno(errno, "Failed to open parent cgroup of %" PRIu64 ", ignoring: %m", cgroup_id);
|
||||
|
||||
/* Safety check, never leave cgroupfs */
|
||||
r = fd_is_fs_type(parent_fd, CGROUP2_SUPER_MAGIC);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to determine if parent directory of cgroup %" PRIu64 " is still a cgroup, ignoring: %m", cgroup_id);
|
||||
if (!r)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Parent directory of cgroup %" PRIu64 " is not a cgroup, refusing.", cgroup_id);
|
||||
|
||||
cgroup_fd = safe_close(cgroup_fd);
|
||||
|
||||
r = rm_rf_child(parent_fd, fname, REMOVE_ONLY_DIRECTORIES|REMOVE_PHYSICAL|REMOVE_CHMOD);
|
||||
r = rm_rf(path, REMOVE_ROOT|REMOVE_ONLY_DIRECTORIES|REMOVE_CHMOD);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to remove delegated cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
{% if LINK_SHELL_EXTRA_DROPIN %}
|
||||
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
{% if LINK_SSH_PROXY_DROPIN %}
|
||||
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Copy systemd-stub provided metadata such as PCR signature and public key file
|
||||
# from initrd into /run/, so that it will survive the initrd stage
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
{% if LINK_SSHD_USERDB_DROPIN %}
|
||||
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
d /etc/credstore 0700 root root
|
||||
d /etc/credstore.encrypted 0700 root root
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
L /etc/os-release - - - - ../usr/lib/os-release
|
||||
L+ /etc/mtab - - - - ../proc/self/mounts
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
Q /home 0755 - - -
|
||||
q /srv 0755 - - -
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Set the NOCOW attribute for directories of journal files. This flag
|
||||
# is inherited by their new files and sub-directories. Matters only
|
||||
|
|
|
@ -5,10 +5,11 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# These files are considered legacy and are unnecessary on legacy-free
|
||||
# systems.
|
||||
# The functionality provided by these files and directories has been replaced
|
||||
# by newer interfaces. Their use is discouraged on legacy-free systems. This
|
||||
# configuration is provided to maintain backward compatibility.
|
||||
|
||||
d /run/lock 0755 root root -
|
||||
L /var/lock - - - - ../run/lock
|
||||
|
@ -16,15 +17,15 @@ L /var/lock - - - - ../run/lock
|
|||
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
||||
{% endif %}
|
||||
|
||||
{% if HAVE_SYSV_COMPAT %}
|
||||
# /run/lock/subsys is used for serializing SysV service execution, and
|
||||
# hence without use on SysV-less systems.
|
||||
|
||||
d /run/lock/subsys 0755 root root -
|
||||
|
||||
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
|
||||
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
|
||||
# 'quotacheck.mode=force'
|
||||
|
||||
r! /forcefsck
|
||||
r! /fastboot
|
||||
r! /forcequotacheck
|
||||
{% endif %}
|
||||
|
|
|
@ -35,7 +35,7 @@ in_files = [
|
|||
['20-systemd-stub.conf', 'ENABLE_EFI'],
|
||||
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
|
||||
['etc.conf'],
|
||||
['legacy.conf', 'HAVE_SYSV_COMPAT'],
|
||||
['legacy.conf'],
|
||||
['static-nodes-permissions.conf'],
|
||||
['systemd.conf'],
|
||||
['var.conf'],
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
Q /var/lib/portables 0700
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Provision additional login messages from credentials, if they are set. Note
|
||||
# that these lines are NOPs if the credentials are not set or if the files
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
d$ /run/systemd/netif 0755 systemd-network systemd-network -
|
||||
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
Q /var/lib/machines 0700 - - -
|
||||
|
||||
|
|
|
@ -5,6 +5,6 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Exclude namespace mountpoints created with PrivateTmp=yes
|
||||
x /tmp/systemd-private-%b-*
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
d /run/user 0755 root root -
|
||||
{% if ENABLE_UTMP %}
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Clear tmp directories separately, to make them easier to override
|
||||
q /tmp 1777 root root 10d
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
q /var 0755 - - -
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Make sure these are created by default so that nobody else can
|
||||
# or empty them at startup
|
||||
|
|
Loading…
Reference in New Issue