Compare commits
19 Commits
a7a50eb5fb
...
fde1179520
Author | SHA1 | Date |
---|---|---|
Muhammad Nuzaihan Bin Kamal Luddin | fde1179520 | |
Antonio Alvarez Feijoo | fb4c82b643 | |
Daan De Meyer | 4d9ccdc9ae | |
Antonio Alvarez Feijoo | bf39626d61 | |
Muhammad Nuzaihan Bin Kamal Luddin | 5507ec986f | |
Muhammad Nuzaihan Bin Kamal Luddin | fee8a01942 | |
Muhammad Nuzaihan Bin Kamal Luddin | 2e9b9408d2 | |
Muhammad Nuzaihan Bin Kamal Luddin | f8599ea6fb | |
Muhammad Nuzaihan Bin Kamal Luddin | 18b5e47238 | |
Muhammad Nuzaihan Bin Kamal Luddin | a7847d744e | |
Muhammad Nuzaihan Bin Kamal Luddin | 04031c10f8 | |
Muhammad Nuzaihan Bin Kamal Luddin | 84831eff33 | |
Muhammad Nuzaihan Bin Kamal Luddin | a7a4b22282 | |
Muhammad Nuzaihan Bin Kamal Luddin | 7f8faa1b9a | |
Muhammad Nuzaihan Bin Kamal Luddin | bfed004837 | |
Muhammad Nuzaihan Bin Kamal Luddin | 1e79a8f8d6 | |
Muhammad Nuzaihan Bin Kamal Luddin | 18e8f0f1ce | |
Muhammad Nuzaihan Bin Kamal Luddin | 4d041317df | |
Muhammad Nuzaihan Bin Kamal Luddin | 9ea2a332c5 |
|
@ -922,9 +922,9 @@
|
||||||
target for some other supplement definition. A target cannot have more than one supplement partition
|
target for some other supplement definition. A target cannot have more than one supplement partition
|
||||||
associated with it.</para>
|
associated with it.</para>
|
||||||
|
|
||||||
<para>For example, distributions can use this to implement <variable>$BOOT</variable> as defined in
|
<para>For example, distributions can use this to implement <varname>$BOOT</varname> as defined in
|
||||||
the <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification/">Boot Loader
|
the <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification/">Boot Loader
|
||||||
Specification</ulink>. Distributions may prefer to use the ESP as <variable>$BOOT</variable> whenever
|
Specification</ulink>. Distributions may prefer to use the ESP as <varname>$BOOT</varname> whenever
|
||||||
possible, but to adhere to the spec XBOOTLDR must sometimes be used instead. So, they should create
|
possible, but to adhere to the spec XBOOTLDR must sometimes be used instead. So, they should create
|
||||||
two definitions: the first defining an ESP big enough to hold just the bootloader, and a second for
|
two definitions: the first defining an ESP big enough to hold just the bootloader, and a second for
|
||||||
the XBOOTLDR that's sufficiently large to hold kernels and configured as a supplement for the ESP.
|
the XBOOTLDR that's sufficiently large to hold kernels and configured as a supplement for the ESP.
|
||||||
|
|
|
@ -702,6 +702,7 @@ env = find_program('env')
|
||||||
rsync = find_program('rsync', required : false)
|
rsync = find_program('rsync', required : false)
|
||||||
diff = find_program('diff')
|
diff = find_program('diff')
|
||||||
find = find_program('find')
|
find = find_program('find')
|
||||||
|
cp = find_program('cp')
|
||||||
|
|
||||||
ln_s = ln.full_path() + ' -frsT -- "${DESTDIR:-}@0@" "${DESTDIR:-}@1@"'
|
ln_s = ln.full_path() + ' -frsT -- "${DESTDIR:-}@0@" "${DESTDIR:-}@1@"'
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,9 @@
|
||||||
#include "sd-daemon.h"
|
#include "sd-daemon.h"
|
||||||
|
|
||||||
#include "bpf-dlopen.h"
|
#include "bpf-dlopen.h"
|
||||||
|
#if HAVE_VMLINUX_H
|
||||||
#include "bpf-link.h"
|
#include "bpf-link.h"
|
||||||
|
#endif
|
||||||
#include "build-path.h"
|
#include "build-path.h"
|
||||||
#include "common-signal.h"
|
#include "common-signal.h"
|
||||||
#include "env-util.h"
|
#include "env-util.h"
|
||||||
|
|
|
@ -304,19 +304,6 @@ static SubvolumeFlags subvolume_flags_from_string(const char *s) {
|
||||||
return flags;
|
return flags;
|
||||||
}
|
}
|
||||||
|
|
||||||
static char* subvolume_flags_to_string(SubvolumeFlags flags) {
|
|
||||||
const char *l[CONST_LOG2U(_SUBVOLUME_FLAGS_MASK + 1) + 1]; /* one string per known flag at most */
|
|
||||||
size_t m = 0;
|
|
||||||
|
|
||||||
if (FLAGS_SET(flags, SUBVOLUME_RO))
|
|
||||||
l[m++] = "ro";
|
|
||||||
|
|
||||||
assert(m < ELEMENTSOF(l));
|
|
||||||
l[m] = NULL;
|
|
||||||
|
|
||||||
return strv_join((char**) l, ",");
|
|
||||||
}
|
|
||||||
|
|
||||||
typedef struct Subvolume {
|
typedef struct Subvolume {
|
||||||
char *path;
|
char *path;
|
||||||
SubvolumeFlags flags;
|
SubvolumeFlags flags;
|
||||||
|
@ -2438,6 +2425,14 @@ static int partition_read_definition(Partition *p, const char *path, const char
|
||||||
"SizeMinBytes=/SizeMaxBytes= cannot be used with Verity=%s.",
|
"SizeMinBytes=/SizeMaxBytes= cannot be used with Verity=%s.",
|
||||||
verity_mode_to_string(p->verity));
|
verity_mode_to_string(p->verity));
|
||||||
|
|
||||||
|
if (!ordered_hashmap_isempty(p->subvolumes) && arg_offline > 0)
|
||||||
|
return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||||
|
"Subvolumes= cannot be used with --offline=yes.");
|
||||||
|
|
||||||
|
if (p->default_subvolume && arg_offline > 0)
|
||||||
|
return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||||
|
"DefaultSubvolume= cannot be used with --offline=yes.");
|
||||||
|
|
||||||
if (p->default_subvolume && !ordered_hashmap_contains(p->subvolumes, p->default_subvolume))
|
if (p->default_subvolume && !ordered_hashmap_contains(p->subvolumes, p->default_subvolume))
|
||||||
return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
|
return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
|
||||||
"DefaultSubvolume= must be one of the paths in Subvolumes=.");
|
"DefaultSubvolume= must be one of the paths in Subvolumes=.");
|
||||||
|
@ -4286,7 +4281,7 @@ static int prepare_temporary_file(Context *context, PartitionTarget *t, uint64_t
|
||||||
|
|
||||||
static bool loop_device_error_is_fatal(const Partition *p, int r) {
|
static bool loop_device_error_is_fatal(const Partition *p, int r) {
|
||||||
assert(p);
|
assert(p);
|
||||||
return arg_offline == 0 || (r != -ENOENT && !ERRNO_IS_PRIVILEGE(r));
|
return arg_offline == 0 || (r != -ENOENT && !ERRNO_IS_PRIVILEGE(r)) || !ordered_hashmap_isempty(p->subvolumes) || p->default_subvolume;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int partition_target_prepare(
|
static int partition_target_prepare(
|
||||||
|
@ -5793,38 +5788,6 @@ static int partition_populate_filesystem(Context *context, Partition *p, const c
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int append_btrfs_subvols(char ***l, OrderedHashmap *subvolumes, const char *default_subvolume) {
|
|
||||||
Subvolume *subvolume;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(l);
|
|
||||||
|
|
||||||
ORDERED_HASHMAP_FOREACH(subvolume, subvolumes) {
|
|
||||||
_cleanup_free_ char *s = NULL, *f = NULL;
|
|
||||||
|
|
||||||
s = strdup(subvolume->path);
|
|
||||||
if (!s)
|
|
||||||
return log_oom();
|
|
||||||
|
|
||||||
f = subvolume_flags_to_string(subvolume->flags);
|
|
||||||
if (!f)
|
|
||||||
return log_oom();
|
|
||||||
|
|
||||||
if (streq_ptr(subvolume->path, default_subvolume) &&
|
|
||||||
!strextend_with_separator(&f, ",", "default"))
|
|
||||||
return log_oom();
|
|
||||||
|
|
||||||
if (!isempty(f) && !strextend_with_separator(&s, ":", f))
|
|
||||||
return log_oom();
|
|
||||||
|
|
||||||
r = strv_extend_many(l, "--subvol", s);
|
|
||||||
if (r < 0)
|
|
||||||
return log_oom();
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int finalize_extra_mkfs_options(const Partition *p, const char *root, char ***ret) {
|
static int finalize_extra_mkfs_options(const Partition *p, const char *root, char ***ret) {
|
||||||
_cleanup_strv_free_ char **sv = NULL;
|
_cleanup_strv_free_ char **sv = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
@ -5838,18 +5801,6 @@ static int finalize_extra_mkfs_options(const Partition *p, const char *root, cha
|
||||||
"Failed to determine mkfs command line options for '%s': %m",
|
"Failed to determine mkfs command line options for '%s': %m",
|
||||||
p->format);
|
p->format);
|
||||||
|
|
||||||
if (partition_needs_populate(p) && root && streq(p->format, "btrfs")) {
|
|
||||||
r = append_btrfs_subvols(&sv, p->subvolumes, p->default_subvolume);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
if (p->suppressing) {
|
|
||||||
r = append_btrfs_subvols(&sv, p->suppressing->subvolumes, NULL);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
*ret = TAKE_PTR(sv);
|
*ret = TAKE_PTR(sv);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -414,3 +414,61 @@ int manager_parse_config_file(Manager *m) {
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int config_parse_refuse_record_types(
|
||||||
|
const char *unit,
|
||||||
|
const char *filename,
|
||||||
|
unsigned line,
|
||||||
|
const char *section,
|
||||||
|
unsigned section_line,
|
||||||
|
const char *lvalue,
|
||||||
|
int ltype,
|
||||||
|
const char *rvalue,
|
||||||
|
void *data,
|
||||||
|
void *userdata) {
|
||||||
|
|
||||||
|
Manager *m = ASSERT_PTR(userdata);
|
||||||
|
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(filename);
|
||||||
|
assert(lvalue);
|
||||||
|
assert(rvalue);
|
||||||
|
|
||||||
|
if (isempty(rvalue)) {
|
||||||
|
data = mfree(data);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
r = free_and_strdup_warn(data, empty_to_null(rvalue));
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
char* record_type_string;
|
||||||
|
int refused_record_type;
|
||||||
|
|
||||||
|
/* Get int values of DNS type for example "AAAA" string to get int value and store in Set */
|
||||||
|
Set *refused_records = NULL;
|
||||||
|
|
||||||
|
for (;;) {
|
||||||
|
r = extract_first_word(data, &record_type_string, ",", 0);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
if (r == 0)
|
||||||
|
break;
|
||||||
|
|
||||||
|
refused_record_type = dns_type_from_string(record_type_string);
|
||||||
|
/* log error of invalid dns type */
|
||||||
|
if (refused_record_type == _DNS_TYPE_INVALID)
|
||||||
|
log_error("dns type is invalid");
|
||||||
|
|
||||||
|
r = set_ensure_put(&refused_records, NULL, INT_TO_PTR(refused_record_type));
|
||||||
|
if (r == -ENOMEM)
|
||||||
|
return log_oom();
|
||||||
|
}
|
||||||
|
|
||||||
|
m->refuse_record_types = refused_records;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
|
@ -480,6 +480,14 @@ int dns_query_new(
|
||||||
|
|
||||||
assert(m);
|
assert(m);
|
||||||
|
|
||||||
|
/* Check for records that is refused and refuse query for the records if matched in configuration */
|
||||||
|
DNS_QUESTION_FOREACH(key, question_utf8) {
|
||||||
|
if (set_contains(m->refuse_record_types, INT_TO_PTR(key->type))) {
|
||||||
|
log_debug("Got request for %s record that is refused.", dns_type_to_string(key->type));
|
||||||
|
return -ENOSYS;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (question_bypass) {
|
if (question_bypass) {
|
||||||
/* It's either a "bypass" query, or a regular one, but can't be both. */
|
/* It's either a "bypass" query, or a regular one, but can't be both. */
|
||||||
if (question_utf8 || question_idna)
|
if (question_utf8 || question_idna)
|
||||||
|
|
|
@ -992,6 +992,13 @@ static void dns_stub_process_query(Manager *m, DnsStubListenerExtra *l, DnsStrea
|
||||||
SD_RESOLVED_NO_SEARCH|
|
SD_RESOLVED_NO_SEARCH|
|
||||||
(DNS_PACKET_DO(p) ? SD_RESOLVED_REQUIRE_PRIMARY : 0)|
|
(DNS_PACKET_DO(p) ? SD_RESOLVED_REQUIRE_PRIMARY : 0)|
|
||||||
SD_RESOLVED_CLAMP_TTL);
|
SD_RESOLVED_CLAMP_TTL);
|
||||||
|
|
||||||
|
/* Refuse query if there is -ENOSYS */
|
||||||
|
if (r == -ENOSYS) {
|
||||||
|
dns_stub_send_failure(m, l, s, p, DNS_RCODE_REFUSED, false);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_error_errno(r, "Failed to generate query object: %m");
|
log_error_errno(r, "Failed to generate query object: %m");
|
||||||
dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
|
dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
|
||||||
|
|
|
@ -33,3 +33,4 @@ Resolve.ResolveUnicastSingleLabel, config_parse_bool, 0,
|
||||||
Resolve.DNSStubListenerExtra, config_parse_dns_stub_listener_extra, 0, offsetof(Manager, dns_extra_stub_listeners)
|
Resolve.DNSStubListenerExtra, config_parse_dns_stub_listener_extra, 0, offsetof(Manager, dns_extra_stub_listeners)
|
||||||
Resolve.CacheFromLocalhost, config_parse_bool, 0, offsetof(Manager, cache_from_localhost)
|
Resolve.CacheFromLocalhost, config_parse_bool, 0, offsetof(Manager, cache_from_localhost)
|
||||||
Resolve.StaleRetentionSec, config_parse_sec, 0, offsetof(Manager, stale_retention_usec)
|
Resolve.StaleRetentionSec, config_parse_sec, 0, offsetof(Manager, stale_retention_usec)
|
||||||
|
Resolve.RefuseRecordTypes, config_parse_refuse_record_types, 0, offsetof(Manager, refuse_record_types)
|
||||||
|
|
|
@ -137,6 +137,9 @@ struct Manager {
|
||||||
struct stat etc_hosts_stat;
|
struct stat etc_hosts_stat;
|
||||||
bool read_etc_hosts;
|
bool read_etc_hosts;
|
||||||
|
|
||||||
|
/* List of refused DNS Record Types*/
|
||||||
|
Set *refuse_record_types;
|
||||||
|
|
||||||
OrderedSet *dns_extra_stub_listeners;
|
OrderedSet *dns_extra_stub_listeners;
|
||||||
|
|
||||||
/* Local DNS stub on 127.0.0.53:53 */
|
/* Local DNS stub on 127.0.0.53:53 */
|
||||||
|
|
|
@ -35,3 +35,4 @@
|
||||||
#ReadEtcHosts=yes
|
#ReadEtcHosts=yes
|
||||||
#ResolveUnicastSingleLabel=no
|
#ResolveUnicastSingleLabel=no
|
||||||
#StaleRetentionSec=0
|
#StaleRetentionSec=0
|
||||||
|
#RefuseRecordTypes=
|
||||||
|
|
|
@ -278,6 +278,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_uint32_invert_flag);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_id128);
|
CONFIG_PARSER_PROTOTYPE(config_parse_id128);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_tristate);
|
CONFIG_PARSER_PROTOTYPE(config_parse_tristate);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_string);
|
CONFIG_PARSER_PROTOTYPE(config_parse_string);
|
||||||
|
CONFIG_PARSER_PROTOTYPE(config_parse_refuse_record_types);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_dns_name);
|
CONFIG_PARSER_PROTOTYPE(config_parse_dns_name);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
|
CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_path);
|
CONFIG_PARSER_PROTOTYPE(config_parse_path);
|
||||||
|
|
Loading…
Reference in New Issue