Merge 5507ec986f into fb4c82b643

```
In file included from ../src/nsresourced/nsresourced-manager.c:9:
../src/shared/bpf-link.h:5:10: fatal error: bpf/libbpf.h: No such file or directory
    5 | #include <bpf/libbpf.h>
      |          ^~~~~~~~~~~~~~
```

Follow-up for 46718d344f

man/repart.d.xml

@@ -922,9 +922,9 @@
         target for some other supplement definition. A target cannot have more than one supplement partition
         associated with it.</para>
 
-        <para>For example, distributions can use this to implement <variable>$BOOT</variable> as defined in
+        <para>For example, distributions can use this to implement <varname>$BOOT</varname> as defined in
         the <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification/">Boot Loader
-        Specification</ulink>. Distributions may prefer to use the ESP as <variable>$BOOT</variable> whenever
+        Specification</ulink>. Distributions may prefer to use the ESP as <varname>$BOOT</varname> whenever
         possible, but to adhere to the spec XBOOTLDR must sometimes be used instead. So, they should create
         two definitions: the first defining an ESP big enough to hold just the bootloader, and a second for
         the XBOOTLDR that's sufficiently large to hold kernels and configured as a supplement for the ESP.

meson.build

@@ -702,6 +702,7 @@ env = find_program('env')
 rsync = find_program('rsync', required : false)
 diff = find_program('diff')
 find = find_program('find')
+cp = find_program('cp')
 
 ln_s = ln.full_path() + ' -frsT -- "${DESTDIR:-}@0@" "${DESTDIR:-}@1@"'
 

src/nsresourced/nsresourced-manager.c

@@ -6,7 +6,9 @@
 #include "sd-daemon.h"
 
 #include "bpf-dlopen.h"
+#if HAVE_VMLINUX_H
 #include "bpf-link.h"
+#endif
 #include "build-path.h"
 #include "common-signal.h"
 #include "env-util.h"

src/partition/repart.c

@@ -304,19 +304,6 @@ static SubvolumeFlags subvolume_flags_from_string(const char *s) {
         return flags;
 }
 
-static char* subvolume_flags_to_string(SubvolumeFlags flags) {
-        const char *l[CONST_LOG2U(_SUBVOLUME_FLAGS_MASK + 1) + 1]; /* one string per known flag at most */
-        size_t m = 0;
-
-        if (FLAGS_SET(flags, SUBVOLUME_RO))
-                l[m++] = "ro";
-
-        assert(m < ELEMENTSOF(l));
-        l[m] = NULL;
-
-        return strv_join((char**) l, ",");
-}
-
 typedef struct Subvolume {
         char *path;
         SubvolumeFlags flags;
@@ -2438,6 +2425,14 @@ static int partition_read_definition(Partition *p, const char *path, const char
                                   "SizeMinBytes=/SizeMaxBytes= cannot be used with Verity=%s.",
                                   verity_mode_to_string(p->verity));
 
+        if (!ordered_hashmap_isempty(p->subvolumes) && arg_offline > 0)
+                return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                  "Subvolumes= cannot be used with --offline=yes.");
+
+        if (p->default_subvolume && arg_offline > 0)
+                return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                  "DefaultSubvolume= cannot be used with --offline=yes.");
+
         if (p->default_subvolume && !ordered_hashmap_contains(p->subvolumes, p->default_subvolume))
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "DefaultSubvolume= must be one of the paths in Subvolumes=.");
@@ -4286,7 +4281,7 @@ static int prepare_temporary_file(Context *context, PartitionTarget *t, uint64_t
 
 static bool loop_device_error_is_fatal(const Partition *p, int r) {
         assert(p);
-        return arg_offline == 0 || (r != -ENOENT && !ERRNO_IS_PRIVILEGE(r));
+        return arg_offline == 0 || (r != -ENOENT && !ERRNO_IS_PRIVILEGE(r)) || !ordered_hashmap_isempty(p->subvolumes) || p->default_subvolume;
 }
 
 static int partition_target_prepare(
@@ -5793,38 +5788,6 @@ static int partition_populate_filesystem(Context *context, Partition *p, const c
         return 0;
 }
 
-static int append_btrfs_subvols(char ***l, OrderedHashmap *subvolumes, const char *default_subvolume) {
-        Subvolume *subvolume;
-        int r;
-
-        assert(l);
-
-        ORDERED_HASHMAP_FOREACH(subvolume, subvolumes) {
-                _cleanup_free_ char *s = NULL, *f = NULL;
-
-                s = strdup(subvolume->path);
-                if (!s)
-                        return log_oom();
-
-                f = subvolume_flags_to_string(subvolume->flags);
-                if (!f)
-                        return log_oom();
-
-                if (streq_ptr(subvolume->path, default_subvolume) &&
-                    !strextend_with_separator(&f, ",", "default"))
-                        return log_oom();
-
-                if (!isempty(f) && !strextend_with_separator(&s, ":", f))
-                        return log_oom();
-
-                r = strv_extend_many(l, "--subvol", s);
-                if (r < 0)
-                        return log_oom();
-        }
-
-        return 0;
-}
-
 static int finalize_extra_mkfs_options(const Partition *p, const char *root, char ***ret) {
         _cleanup_strv_free_ char **sv = NULL;
         int r;
@@ -5838,18 +5801,6 @@ static int finalize_extra_mkfs_options(const Partition *p, const char *root, cha
                                        "Failed to determine mkfs command line options for '%s': %m",
                                        p->format);
 
-        if (partition_needs_populate(p) && root && streq(p->format, "btrfs")) {
-                r = append_btrfs_subvols(&sv, p->subvolumes, p->default_subvolume);
-                if (r < 0)
-                        return r;
-
-                if (p->suppressing) {
-                        r = append_btrfs_subvols(&sv, p->suppressing->subvolumes, NULL);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
         *ret = TAKE_PTR(sv);
         return 0;
 }

src/resolve/resolved-conf.c

@@ -414,3 +414,61 @@ int manager_parse_config_file(Manager *m) {
         return 0;
 
 }
+
+int config_parse_refuse_record_types(
+                const char *unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        Manager *m = ASSERT_PTR(userdata);
+
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+
+        if (isempty(rvalue)) {
+                data = mfree(data);
+                return 1;
+        }
+
+        r = free_and_strdup_warn(data, empty_to_null(rvalue));
+        if (r < 0)
+               return r;
+
+        char* record_type_string;
+        int refused_record_type;
+
+        /* Get int values of DNS type for example "AAAA" string to get int value and store in Set */
+        Set *refused_records = NULL;
+
+        for (;;) {
+               r = extract_first_word(data, &record_type_string, ",", 0);
+               if (r < 0)
+                      return r;
+
+               if (r == 0)
+                       break;
+
+               refused_record_type = dns_type_from_string(record_type_string);
+               /* log error of invalid dns type */
+               if (refused_record_type == _DNS_TYPE_INVALID)
+               log_error("dns type is invalid");
+
+               r = set_ensure_put(&refused_records, NULL, INT_TO_PTR(refused_record_type));
+               if (r == -ENOMEM)
+                      return log_oom();
+        }
+
+        m->refuse_record_types = refused_records;
+
+        return 1;
+}

src/resolve/resolved-dns-query.c

@@ -480,6 +480,14 @@ int dns_query_new(
 
         assert(m);
 
+        /* Check for records that is refused and refuse query for the records if matched in configuration */
+        DNS_QUESTION_FOREACH(key, question_utf8) {
+                if (set_contains(m->refuse_record_types, INT_TO_PTR(key->type))) {
+                        log_debug("Got request for %s record that is refused.", dns_type_to_string(key->type));
+                        return -ENOSYS;
+                }
+        }
+
         if (question_bypass) {
                 /* It's either a "bypass" query, or a regular one, but can't be both. */
                 if (question_utf8 || question_idna)

src/resolve/resolved-dns-stub.c

@@ -992,6 +992,13 @@ static void dns_stub_process_query(Manager *m, DnsStubListenerExtra *l, DnsStrea
                                   SD_RESOLVED_NO_SEARCH|
                                   (DNS_PACKET_DO(p) ? SD_RESOLVED_REQUIRE_PRIMARY : 0)|
                                   SD_RESOLVED_CLAMP_TTL);
+
+        /* Refuse query if there is -ENOSYS */
+        if (r == -ENOSYS) {
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_REFUSED, false);
+                return;
+        }
+
         if (r < 0) {
                 log_error_errno(r, "Failed to generate query object: %m");
                 dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);

src/resolve/resolved-gperf.gperf

@@ -33,3 +33,4 @@ Resolve.ResolveUnicastSingleLabel, config_parse_bool,                    0,
 Resolve.DNSStubListenerExtra,      config_parse_dns_stub_listener_extra, 0,                   offsetof(Manager, dns_extra_stub_listeners)
 Resolve.CacheFromLocalhost,        config_parse_bool,                    0,                   offsetof(Manager, cache_from_localhost)
 Resolve.StaleRetentionSec,         config_parse_sec,                     0,                   offsetof(Manager, stale_retention_usec)
+Resolve.RefuseRecordTypes,         config_parse_refuse_record_types,     0,                   offsetof(Manager, refuse_record_types)

src/resolve/resolved-manager.h

@@ -137,6 +137,9 @@ struct Manager {
         struct stat etc_hosts_stat;
         bool read_etc_hosts;
 
+        /* List of refused DNS Record Types*/
+        Set *refuse_record_types;
+
         OrderedSet *dns_extra_stub_listeners;
 
         /* Local DNS stub on 127.0.0.53:53 */

src/resolve/resolved.conf.in

@@ -35,3 +35,4 @@
 #ReadEtcHosts=yes
 #ResolveUnicastSingleLabel=no
 #StaleRetentionSec=0
+#RefuseRecordTypes=

src/shared/conf-parser.h

@@ -278,6 +278,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_uint32_invert_flag);
 CONFIG_PARSER_PROTOTYPE(config_parse_id128);
 CONFIG_PARSER_PROTOTYPE(config_parse_tristate);
 CONFIG_PARSER_PROTOTYPE(config_parse_string);
+CONFIG_PARSER_PROTOTYPE(config_parse_refuse_record_types);
 CONFIG_PARSER_PROTOTYPE(config_parse_dns_name);
 CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
 CONFIG_PARSER_PROTOTYPE(config_parse_path);