Compare commits
13 Commits
a8c9824d2a
...
3f64046cda
Author | SHA1 | Date |
---|---|---|
Lennart Poettering | 3f64046cda | |
Lennart Poettering | 721bb6ed08 | |
Nicholas Narsing | a2af7e5c7e | |
Yu Watanabe | 9b966cee43 | |
Yu Watanabe | b6766fb114 | |
Yu Watanabe | fb282d4e25 | |
Zbigniew Jędrzejewski-Szmek | d08a529518 | |
Zbigniew Jędrzejewski-Szmek | 4ea0782649 | |
Zbigniew Jędrzejewski-Szmek | ddd8e23dc9 | |
Zbigniew Jędrzejewski-Szmek | 08554d4725 | |
Zbigniew Jędrzejewski-Szmek | 604b163a31 | |
Zbigniew Jędrzejewski-Szmek | 890e5a4d29 | |
Zbigniew Jędrzejewski-Szmek | da012db02d |
|
@ -10,12 +10,11 @@ systemd provides support for automatically reverting back to the previous
|
||||||
version of the OS or kernel in case the system consistently fails to boot. This
|
version of the OS or kernel in case the system consistently fails to boot. This
|
||||||
support is built into various of its components. When used together these
|
support is built into various of its components. When used together these
|
||||||
components provide a complete solution on UEFI systems, built as add-on to the
|
components provide a complete solution on UEFI systems, built as add-on to the
|
||||||
[Boot Loader
|
[Boot Loader Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION).
|
||||||
Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION). However, the
|
However, the different components may also be used independently, and in
|
||||||
different components may also be used independently, and in combination with
|
combination with other software, to implement similar schemes, for example with
|
||||||
other software, to implement similar schemes, for example with other boot
|
other boot loaders or for non-UEFI systems. Here's a brief overview of the
|
||||||
loaders or for non-UEFI systems. Here's a brief overview of the complete set of
|
complete set of components:
|
||||||
components:
|
|
||||||
|
|
||||||
* The
|
* The
|
||||||
[`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)
|
[`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)
|
||||||
|
@ -45,11 +44,10 @@ components:
|
||||||
|
|
||||||
* The `boot-complete.target` target unit (see
|
* The `boot-complete.target` target unit (see
|
||||||
[`systemd.special(7)`](https://www.freedesktop.org/software/systemd/man/systemd.special.html))
|
[`systemd.special(7)`](https://www.freedesktop.org/software/systemd/man/systemd.special.html))
|
||||||
serves as a generic extension point both for units that shall be considered
|
serves as a generic extension point both for units that are necessary to
|
||||||
necessary to consider a boot successful on one side (example:
|
consider a boot successful (example: `systemd-boot-check-no-failures.service`
|
||||||
`systemd-boot-check-no-failures.service` as described above), and units that
|
as described above), and units that want to act only if the boot is
|
||||||
want to act only if the boot is successful on the other (example:
|
successful (example: `systemd-bless-boot.service` as described above).
|
||||||
`systemd-bless-boot.service` as described above).
|
|
||||||
|
|
||||||
* The
|
* The
|
||||||
[`kernel-install(8)`](https://www.freedesktop.org/software/systemd/man/kernel-install.html)
|
[`kernel-install(8)`](https://www.freedesktop.org/software/systemd/man/kernel-install.html)
|
||||||
|
|
|
@ -111,6 +111,7 @@ sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100CHI*
|
||||||
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT300CHI*
|
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT300CHI*
|
||||||
ACCEL_MOUNT_MATRIX=0, -1, 0; 1, 0, 0; 0, 0, 1
|
ACCEL_MOUNT_MATRIX=0, -1, 0; 1, 0, 0; 0, 0, 1
|
||||||
|
|
||||||
|
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnM80TA*
|
||||||
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100TA*
|
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100TA*
|
||||||
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT200TA*
|
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT200TA*
|
||||||
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
|
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
|
||||||
|
|
|
@ -8778,7 +8778,7 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Scope Unit Objects</title>
|
<title>Scope Unit Objects</title>
|
||||||
|
|
||||||
<para>All slice unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
|
<para>All scope unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
|
||||||
interface (described here) in addition to the generic
|
interface (described here) in addition to the generic
|
||||||
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
|
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
|
||||||
|
|
||||||
|
|
|
@ -34,6 +34,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
||||||
printf("%s [OPTIONS...] COMMAND\n"
|
printf("%s [OPTIONS...] COMMAND\n"
|
||||||
"\n%sMark the boot process as good or bad.%s\n"
|
"\n%sMark the boot process as good or bad.%s\n"
|
||||||
"\nCommands:\n"
|
"\nCommands:\n"
|
||||||
|
" status Show status of current boot loader entry\n"
|
||||||
" good Mark this boot as good\n"
|
" good Mark this boot as good\n"
|
||||||
" bad Mark this boot as bad\n"
|
" bad Mark this boot as bad\n"
|
||||||
" indeterminate Undo any marking as good or bad\n"
|
" indeterminate Undo any marking as good or bad\n"
|
||||||
|
|
|
@ -46,7 +46,7 @@ int print_qr_code(
|
||||||
_cleanup_(dlclosep) void *dl = NULL;
|
_cleanup_(dlclosep) void *dl = NULL;
|
||||||
_cleanup_free_ char *url = NULL;
|
_cleanup_free_ char *url = NULL;
|
||||||
_cleanup_fclose_ FILE *f = NULL;
|
_cleanup_fclose_ FILE *f = NULL;
|
||||||
size_t url_size = 0, i;
|
size_t url_size = 0;
|
||||||
unsigned x, y;
|
unsigned x, y;
|
||||||
QRcode* qr;
|
QRcode* qr;
|
||||||
int r;
|
int r;
|
||||||
|
@ -79,7 +79,7 @@ int print_qr_code(
|
||||||
|
|
||||||
fputs("fss://", f);
|
fputs("fss://", f);
|
||||||
|
|
||||||
for (i = 0; i < seed_size; i++) {
|
for (size_t i = 0; i < seed_size; i++) {
|
||||||
if (i > 0 && i % 3 == 0)
|
if (i > 0 && i % 3 == 0)
|
||||||
fputc('-', f);
|
fputc('-', f);
|
||||||
fprintf(f, "%02x", ((uint8_t*) seed)[i]);
|
fprintf(f, "%02x", ((uint8_t*) seed)[i]);
|
||||||
|
|
|
@ -1790,7 +1790,7 @@ static int add_syslog_identifier(sd_journal *j) {
|
||||||
|
|
||||||
static int setup_keys(void) {
|
static int setup_keys(void) {
|
||||||
#if HAVE_GCRYPT
|
#if HAVE_GCRYPT
|
||||||
size_t mpk_size, seed_size, state_size, i;
|
size_t mpk_size, seed_size, state_size;
|
||||||
_cleanup_(unlink_and_freep) char *k = NULL;
|
_cleanup_(unlink_and_freep) char *k = NULL;
|
||||||
_cleanup_free_ char *p = NULL;
|
_cleanup_free_ char *p = NULL;
|
||||||
uint8_t *mpk, *seed, *state;
|
uint8_t *mpk, *seed, *state;
|
||||||
|
@ -1902,52 +1902,49 @@ static int setup_keys(void) {
|
||||||
|
|
||||||
k = mfree(k);
|
k = mfree(k);
|
||||||
|
|
||||||
|
_cleanup_free_ char *hn = NULL;
|
||||||
|
|
||||||
if (on_tty()) {
|
if (on_tty()) {
|
||||||
|
hn = gethostname_malloc();
|
||||||
|
if (hn)
|
||||||
|
hostname_cleanup(hn);
|
||||||
|
|
||||||
|
char tsb[FORMAT_TIMESPAN_MAX];
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
|
"\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
|
||||||
"\n"
|
"\n"
|
||||||
"The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
|
"The %ssecret sealing key%s has been written to the following local file.\n"
|
||||||
"the following local file. This key file is automatically updated when the\n"
|
"This key file is automatically updated when the sealing key is advanced.\n"
|
||||||
"sealing key is advanced. It should not be used on multiple hosts.\n"
|
"It should not be used on multiple hosts.\n"
|
||||||
"\n"
|
"\n"
|
||||||
"\t%s\n"
|
"\t%s\n"
|
||||||
"\n"
|
"\n"
|
||||||
|
"The sealing key is automatically changed every %s.\n"
|
||||||
|
"\n"
|
||||||
"Please write down the following %ssecret verification key%s. It should be stored\n"
|
"Please write down the following %ssecret verification key%s. It should be stored\n"
|
||||||
"at a safe location and should not be saved locally on disk.\n"
|
"in a safe location and should not be saved locally on disk.\n"
|
||||||
"\n\t%s",
|
"\n\t%s",
|
||||||
|
hn ?: "", hn ? "/" : "", SD_ID128_FORMAT_VAL(machine),
|
||||||
ansi_highlight(), ansi_normal(),
|
ansi_highlight(), ansi_normal(),
|
||||||
p,
|
p,
|
||||||
|
format_timespan(tsb, sizeof(tsb), arg_interval, 0),
|
||||||
ansi_highlight(), ansi_normal(),
|
ansi_highlight(), ansi_normal(),
|
||||||
ansi_highlight_red());
|
ansi_highlight_red());
|
||||||
fflush(stderr);
|
fflush(stderr);
|
||||||
}
|
}
|
||||||
for (i = 0; i < seed_size; i++) {
|
|
||||||
|
for (size_t i = 0; i < seed_size; i++) {
|
||||||
if (i > 0 && i % 3 == 0)
|
if (i > 0 && i % 3 == 0)
|
||||||
putchar('-');
|
putchar('-');
|
||||||
printf("%02x", ((uint8_t*) seed)[i]);
|
printf("%02x", ((uint8_t*) seed)[i]);
|
||||||
}
|
}
|
||||||
|
|
||||||
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
|
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
|
||||||
|
|
||||||
if (on_tty()) {
|
if (on_tty()) {
|
||||||
_cleanup_free_ char *hn = NULL;
|
fprintf(stderr, "%s", ansi_normal());
|
||||||
char tsb[FORMAT_TIMESPAN_MAX];
|
|
||||||
|
|
||||||
fprintf(stderr,
|
|
||||||
"%s\n"
|
|
||||||
"The sealing key is automatically changed every %s.\n",
|
|
||||||
ansi_normal(),
|
|
||||||
format_timespan(tsb, sizeof(tsb), arg_interval, 0));
|
|
||||||
|
|
||||||
hn = gethostname_malloc();
|
|
||||||
if (hn) {
|
|
||||||
hostname_cleanup(hn);
|
|
||||||
fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
|
|
||||||
} else
|
|
||||||
fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
|
|
||||||
|
|
||||||
#if HAVE_QRENCODE
|
#if HAVE_QRENCODE
|
||||||
(void) print_qr_code(stderr,
|
(void) print_qr_code(stderr,
|
||||||
"\nTo transfer the verification key to your phone please scan the QR code below:\n\n",
|
"\nTo transfer the verification key to your phone scan the QR code below:\n",
|
||||||
seed, seed_size,
|
seed, seed_size,
|
||||||
n, arg_interval,
|
n, arg_interval,
|
||||||
hn, machine);
|
hn, machine);
|
||||||
|
|
|
@ -487,7 +487,7 @@ static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, Link
|
||||||
r = sd_netlink_message_get_errno(m);
|
r = sd_netlink_message_get_errno(m);
|
||||||
if (r < 0 && r != -EADDRNOTAVAIL)
|
if (r < 0 && r != -EADDRNOTAVAIL)
|
||||||
log_link_message_warning_errno(link, m, r, "Could not drop address");
|
log_link_message_warning_errno(link, m, r, "Could not drop address");
|
||||||
else
|
else if (r >= 0)
|
||||||
(void) manager_rtnl_process_address(rtnl, m, link->manager);
|
(void) manager_rtnl_process_address(rtnl, m, link->manager);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
|
|
@ -1365,7 +1365,14 @@ static int link_request_set_addresses(Link *link) {
|
||||||
assert(link->network);
|
assert(link->network);
|
||||||
assert(link->state != _LINK_STATE_INVALID);
|
assert(link->state != _LINK_STATE_INVALID);
|
||||||
|
|
||||||
|
if (link->address_remove_messages != 0) {
|
||||||
|
log_link_debug(link, "Removing old addresses, new addresses will be configured later.");
|
||||||
|
link->request_static_addresses = true;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* Reset all *_configured flags we are configuring. */
|
/* Reset all *_configured flags we are configuring. */
|
||||||
|
link->request_static_addresses = false;
|
||||||
link->addresses_configured = false;
|
link->addresses_configured = false;
|
||||||
link->addresses_ready = false;
|
link->addresses_ready = false;
|
||||||
link->neighbors_configured = false;
|
link->neighbors_configured = false;
|
||||||
|
@ -2884,6 +2891,35 @@ static int link_drop_foreign_config(Link *link) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int remove_static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(m);
|
||||||
|
assert(link);
|
||||||
|
assert(link->ifname);
|
||||||
|
assert(link->address_remove_messages > 0);
|
||||||
|
|
||||||
|
link->address_remove_messages--;
|
||||||
|
|
||||||
|
if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
|
||||||
|
return 1;
|
||||||
|
|
||||||
|
r = sd_netlink_message_get_errno(m);
|
||||||
|
if (r < 0 && r != -EADDRNOTAVAIL)
|
||||||
|
log_link_message_warning_errno(link, m, r, "Could not drop address");
|
||||||
|
else if (r >= 0)
|
||||||
|
(void) manager_rtnl_process_address(rtnl, m, link->manager);
|
||||||
|
|
||||||
|
if (link->address_remove_messages == 0 && link->request_static_addresses) {
|
||||||
|
link_set_state(link, LINK_STATE_CONFIGURING);
|
||||||
|
r = link_request_set_addresses(link);
|
||||||
|
if (r < 0)
|
||||||
|
link_enter_failed(link);
|
||||||
|
}
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
static int link_drop_config(Link *link) {
|
static int link_drop_config(Link *link) {
|
||||||
Address *address, *pool_address;
|
Address *address, *pool_address;
|
||||||
Neighbor *neighbor;
|
Neighbor *neighbor;
|
||||||
|
@ -2896,18 +2932,19 @@ static int link_drop_config(Link *link) {
|
||||||
if (address->family == AF_INET6 && in_addr_is_link_local(AF_INET6, &address->in_addr) == 1 && link_ipv6ll_enabled(link))
|
if (address->family == AF_INET6 && in_addr_is_link_local(AF_INET6, &address->in_addr) == 1 && link_ipv6ll_enabled(link))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
r = address_remove(address, link, NULL);
|
r = address_remove(address, link, remove_static_address_handler);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
link->address_remove_messages++;
|
||||||
|
|
||||||
/* If this address came from an address pool, clean up the pool */
|
/* If this address came from an address pool, clean up the pool */
|
||||||
LIST_FOREACH(addresses, pool_address, link->pool_addresses) {
|
LIST_FOREACH(addresses, pool_address, link->pool_addresses)
|
||||||
if (address_equal(address, pool_address)) {
|
if (address_equal(address, pool_address)) {
|
||||||
LIST_REMOVE(addresses, link->pool_addresses, pool_address);
|
LIST_REMOVE(addresses, link->pool_addresses, pool_address);
|
||||||
address_free(pool_address);
|
address_free(pool_address);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
SET_FOREACH(neighbor, link->neighbors, i) {
|
SET_FOREACH(neighbor, link->neighbors, i) {
|
||||||
|
|
|
@ -75,6 +75,7 @@ typedef struct Link {
|
||||||
LinkAddressState address_state;
|
LinkAddressState address_state;
|
||||||
|
|
||||||
unsigned address_messages;
|
unsigned address_messages;
|
||||||
|
unsigned address_remove_messages;
|
||||||
unsigned address_label_messages;
|
unsigned address_label_messages;
|
||||||
unsigned neighbor_messages;
|
unsigned neighbor_messages;
|
||||||
unsigned route_messages;
|
unsigned route_messages;
|
||||||
|
@ -111,6 +112,7 @@ typedef struct Link {
|
||||||
sd_ipv4ll *ipv4ll;
|
sd_ipv4ll *ipv4ll;
|
||||||
bool ipv4ll_address_configured:1;
|
bool ipv4ll_address_configured:1;
|
||||||
|
|
||||||
|
bool request_static_addresses:1;
|
||||||
bool addresses_configured:1;
|
bool addresses_configured:1;
|
||||||
bool addresses_ready:1;
|
bool addresses_ready:1;
|
||||||
bool neighbors_configured:1;
|
bool neighbors_configured:1;
|
||||||
|
|
|
@ -54,7 +54,7 @@ static const char* af_to_string(int family, char *buf, size_t buf_len) {
|
||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void* open_handle(const char* dir, const char* module, int flags) {
|
static void* open_handle(const char *dir, const char *module, int flags) {
|
||||||
const char *path = NULL;
|
const char *path = NULL;
|
||||||
void *handle;
|
void *handle;
|
||||||
|
|
||||||
|
@ -63,6 +63,7 @@ static void* open_handle(const char* dir, const char* module, int flags) {
|
||||||
if (!path || access(path, F_OK) < 0)
|
if (!path || access(path, F_OK) < 0)
|
||||||
path = strjoina("libnss_", module, ".so.2");
|
path = strjoina("libnss_", module, ".so.2");
|
||||||
|
|
||||||
|
log_debug("Using %s", path);
|
||||||
handle = dlopen(path, flags);
|
handle = dlopen(path, flags);
|
||||||
if (!handle)
|
if (!handle)
|
||||||
log_error("Failed to load module %s: %s", module, dlerror());
|
log_error("Failed to load module %s: %s", module, dlerror());
|
||||||
|
@ -70,10 +71,9 @@ static void* open_handle(const char* dir, const char* module, int flags) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int print_gaih_addrtuples(const struct gaih_addrtuple *tuples) {
|
static int print_gaih_addrtuples(const struct gaih_addrtuple *tuples) {
|
||||||
const struct gaih_addrtuple *it;
|
|
||||||
int n = 0;
|
int n = 0;
|
||||||
|
|
||||||
for (it = tuples; it; it = it->next) {
|
for (const struct gaih_addrtuple *it = tuples; it; it = it->next) {
|
||||||
_cleanup_free_ char *a = NULL;
|
_cleanup_free_ char *a = NULL;
|
||||||
union in_addr_union u;
|
union in_addr_union u;
|
||||||
int r;
|
int r;
|
||||||
|
@ -147,7 +147,10 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char *
|
||||||
fname = strjoina("_nss_", module, "_gethostbyname4_r");
|
fname = strjoina("_nss_", module, "_gethostbyname4_r");
|
||||||
f = dlsym(handle, fname);
|
f = dlsym(handle, fname);
|
||||||
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
||||||
assert_se(f);
|
if (!f) {
|
||||||
|
log_info("%s not defined", fname);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
status = f(name, &pat, buffer, sizeof buffer, &errno1, &errno2, &ttl);
|
status = f(name, &pat, buffer, sizeof buffer, &errno1, &errno2, &ttl);
|
||||||
if (status == NSS_STATUS_SUCCESS) {
|
if (status == NSS_STATUS_SUCCESS) {
|
||||||
|
@ -197,7 +200,10 @@ static void test_gethostbyname3_r(void *handle, const char *module, const char *
|
||||||
fname = strjoina("_nss_", module, "_gethostbyname3_r");
|
fname = strjoina("_nss_", module, "_gethostbyname3_r");
|
||||||
f = dlsym(handle, fname);
|
f = dlsym(handle, fname);
|
||||||
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
||||||
assert_se(f);
|
if (!f) {
|
||||||
|
log_info("%s not defined", fname);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2, &ttl, &canon);
|
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2, &ttl, &canon);
|
||||||
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s ttl=%"PRIi32,
|
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s ttl=%"PRIi32,
|
||||||
|
@ -223,7 +229,10 @@ static void test_gethostbyname2_r(void *handle, const char *module, const char *
|
||||||
fname = strjoina("_nss_", module, "_gethostbyname2_r");
|
fname = strjoina("_nss_", module, "_gethostbyname2_r");
|
||||||
f = dlsym(handle, fname);
|
f = dlsym(handle, fname);
|
||||||
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
||||||
assert_se(f);
|
if (!f) {
|
||||||
|
log_info("%s not defined", fname);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2);
|
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2);
|
||||||
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s",
|
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s",
|
||||||
|
@ -247,7 +256,10 @@ static void test_gethostbyname_r(void *handle, const char *module, const char *n
|
||||||
fname = strjoina("_nss_", module, "_gethostbyname_r");
|
fname = strjoina("_nss_", module, "_gethostbyname_r");
|
||||||
f = dlsym(handle, fname);
|
f = dlsym(handle, fname);
|
||||||
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
||||||
assert_se(f);
|
if (!f) {
|
||||||
|
log_info("%s not defined", fname);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
status = f(name, &host, buffer, sizeof buffer, &errno1, &errno2);
|
status = f(name, &host, buffer, sizeof buffer, &errno1, &errno2);
|
||||||
log_info("%s(\"%s\") → status=%s%-20serrno=%d/%s h_errno=%d/%s",
|
log_info("%s(\"%s\") → status=%s%-20serrno=%d/%s h_errno=%d/%s",
|
||||||
|
@ -279,8 +291,10 @@ static void test_gethostbyaddr2_r(void *handle,
|
||||||
|
|
||||||
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
|
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
|
||||||
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
|
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
|
||||||
if (!f)
|
if (!f) {
|
||||||
|
log_info("%s not defined", fname);
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
|
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
|
||||||
|
|
||||||
|
@ -314,8 +328,10 @@ static void test_gethostbyaddr_r(void *handle,
|
||||||
|
|
||||||
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
|
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
|
||||||
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
|
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
|
||||||
if (!f)
|
if (!f) {
|
||||||
|
log_info("%s not defined", fname);
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
|
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
|
||||||
|
|
||||||
|
@ -388,14 +404,13 @@ static int make_addresses(struct local_address **addresses) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int test_one_module(const char* dir,
|
static int test_one_module(const char *dir,
|
||||||
const char *module,
|
const char *module,
|
||||||
char **names,
|
char **names,
|
||||||
struct local_address *addresses,
|
struct local_address *addresses,
|
||||||
int n_addresses) {
|
int n_addresses) {
|
||||||
void *handle;
|
void *handle;
|
||||||
char **name;
|
char **name;
|
||||||
int i;
|
|
||||||
|
|
||||||
log_info("======== %s ========", module);
|
log_info("======== %s ========", module);
|
||||||
|
|
||||||
|
@ -406,7 +421,7 @@ static int test_one_module(const char* dir,
|
||||||
STRV_FOREACH(name, names)
|
STRV_FOREACH(name, names)
|
||||||
test_byname(handle, module, *name);
|
test_byname(handle, module, *name);
|
||||||
|
|
||||||
for (i = 0; i < n_addresses; i++)
|
for (int i = 0; i < n_addresses; i++)
|
||||||
test_byaddr(handle, module,
|
test_byaddr(handle, module,
|
||||||
&addresses[i].address,
|
&addresses[i].address,
|
||||||
FAMILY_ADDRESS_SIZE(addresses[i].family),
|
FAMILY_ADDRESS_SIZE(addresses[i].family),
|
||||||
|
|
|
@ -98,9 +98,6 @@ static void test_syscall_filter_set_find(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void test_filter_sets(void) {
|
static void test_filter_sets(void) {
|
||||||
unsigned i;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
log_info("/* %s */", __func__);
|
log_info("/* %s */", __func__);
|
||||||
|
|
||||||
if (!is_seccomp_available()) {
|
if (!is_seccomp_available()) {
|
||||||
|
@ -112,7 +109,7 @@ static void test_filter_sets(void) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
|
for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
|
||||||
log_info("Testing %s", syscall_filter_sets[i].name);
|
log_info("Testing %s", syscall_filter_sets[i].name);
|
||||||
|
@ -121,7 +118,7 @@ static void test_filter_sets(void) {
|
||||||
assert_se(pid >= 0);
|
assert_se(pid >= 0);
|
||||||
|
|
||||||
if (pid == 0) { /* Child? */
|
if (pid == 0) { /* Child? */
|
||||||
int fd;
|
int fd, r;
|
||||||
|
|
||||||
/* If we look at the default set (or one that includes it), allow-list instead of deny-list */
|
/* If we look at the default set (or one that includes it), allow-list instead of deny-list */
|
||||||
if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE))
|
if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE))
|
||||||
|
|
Loading…
Reference in New Issue