mirror of
https://github.com/systemd/systemd
synced 2026-04-24 16:04:51 +02:00
Compare commits
No commits in common. "bd4dea76de6355778079ba4945846324cef2a043" and "b8529cf376ed537419074eb8f8dfa66e4162e482" have entirely different histories.
bd4dea76de
...
b8529cf376
4
TODO
4
TODO
@ -122,7 +122,7 @@ Features:
|
||||
* maybe add a generator that reads /proc/cmdline, looks for
|
||||
systemd.pull-raw-portable=, systemd-pull-raw-sysext= and similar switches
|
||||
that take an URL as parameter. It then generates service units for
|
||||
systemd-pull calls that download these URLs if not installed yet. usecase:
|
||||
systemd-pull calls thta download these URLs if not installed yet. usecase:
|
||||
invoke a VM or nspawn container in a way it automatically deploys/runs these
|
||||
images as OS payloads. i.e. have a generic OS image you can point to any
|
||||
payload you like, which is then downloaded, securely verified and run.
|
||||
@ -761,6 +761,8 @@ Features:
|
||||
systemd-journald writes to /var/log/journal, which could be useful when we
|
||||
doing disk usage calculations and so on.
|
||||
|
||||
* taint systemd if there are fewer than 65536 users assigned (userns) to the system.
|
||||
|
||||
* deprecate RootDirectoryStartOnly= in favour of a new ExecStart= prefix char
|
||||
|
||||
* add a new RuntimeDirectoryPreserve= mode that defines a similar lifecycle for
|
||||
|
||||
@ -943,7 +943,7 @@ Table=1234</programlisting></para>
|
||||
|
||||
<para>When <varname>Bond=</varname> is specified to a wireless interface, defaults to 3
|
||||
seconds. When the DHCPv4 client is enabled and <varname>UseMTU=</varname> in the [DHCPv4]
|
||||
section enabled, defaults to 5 seconds. Otherwise, defaults to the value specified with
|
||||
sectionis enabled, defaults to 5 seconds. Otherwise, defaults to the value specified with
|
||||
<varname>ConfigureWithoutCarrier=</varname>. When <varname>ActivationPolicy=</varname> is set
|
||||
to <literal>always-up</literal>, this is forced to <literal>yes</literal>, and ignored any
|
||||
user specified values.</para>
|
||||
|
||||
@ -121,9 +121,4 @@ ENV{DEVTYPE}=="partition", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-i
|
||||
ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}"
|
||||
ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}"
|
||||
|
||||
# by-diskseq link (if an app is told to open a path like this, they may parse
|
||||
# the diskseq number from the path, then issue BLKGETDISKSEQ to verify they really got
|
||||
# the right device, to access specific disks in a race-free fashion)
|
||||
ENV{DISKSEQ}=="?*", ENV{DEVTYPE}!="partition", SYMLINK+="disk/by-diskseq/$env{DISKSEQ}"
|
||||
|
||||
LABEL="persistent_storage_end"
|
||||
|
||||
@ -530,8 +530,6 @@ static int assess_restrict_namespaces(
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if HAVE_SECCOMP
|
||||
|
||||
static int assess_system_call_architectures(
|
||||
const struct security_assessor *a,
|
||||
const SecurityInfo *info,
|
||||
@ -539,19 +537,16 @@ static int assess_system_call_architectures(
|
||||
uint64_t *ret_badness,
|
||||
char **ret_description) {
|
||||
|
||||
uint32_t native = 0;
|
||||
char *d;
|
||||
uint64_t b;
|
||||
|
||||
assert(ret_badness);
|
||||
assert(ret_description);
|
||||
|
||||
assert_se(seccomp_arch_from_string("native", &native) >= 0);
|
||||
|
||||
if (set_isempty(info->system_call_architectures)) {
|
||||
b = 10;
|
||||
d = strdup("Service may execute system calls with all ABIs");
|
||||
} else if (set_contains(info->system_call_architectures, UINT32_TO_PTR(native + 1)) &&
|
||||
} else if (set_contains(info->system_call_architectures, "native") &&
|
||||
set_size(info->system_call_architectures) == 1) {
|
||||
b = 0;
|
||||
d = strdup("Service may execute system calls only with native ABI");
|
||||
@ -569,6 +564,8 @@ static int assess_system_call_architectures(
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if HAVE_SECCOMP
|
||||
|
||||
static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFilterSet *f, const char **ret_offending_syscall) {
|
||||
const char *syscall;
|
||||
|
||||
@ -590,7 +587,7 @@ static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFi
|
||||
if (id < 0)
|
||||
continue;
|
||||
|
||||
if (hashmap_contains(s, syscall) != allow_list) {
|
||||
if (hashmap_contains(s, syscall) == allow_list) {
|
||||
log_debug("Offending syscall filter item: %s", syscall);
|
||||
if (ret_offending_syscall)
|
||||
*ret_offending_syscall = syscall;
|
||||
@ -1479,7 +1476,6 @@ static const struct security_assessor security_assessor_table[] = {
|
||||
.assess = assess_bool,
|
||||
.offset = offsetof(SecurityInfo, restrict_address_family_other),
|
||||
},
|
||||
#if HAVE_SECCOMP
|
||||
{
|
||||
.id = "SystemCallArchitectures=",
|
||||
.json_field = "SystemCallArchitectures",
|
||||
@ -1488,6 +1484,7 @@ static const struct security_assessor security_assessor_table[] = {
|
||||
.range = 10,
|
||||
.assess = assess_system_call_architectures,
|
||||
},
|
||||
#if HAVE_SECCOMP
|
||||
{
|
||||
.id = "SystemCallFilter=~@swap",
|
||||
.json_field = "SystemCallFilter_swap",
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
BEGIN{
|
||||
print "const char *arphrd_to_name(int id) {"
|
||||
print " switch (id) {"
|
||||
print " switch(id) {"
|
||||
}
|
||||
!/^HDLC$/ {
|
||||
printf " case ARPHRD_%s: return \"%s\";\n", $1, $1
|
||||
|
||||
@ -119,6 +119,7 @@ int readlinkat_malloc(int fd, const char *p, char **ret) {
|
||||
size_t l = PATH_MAX;
|
||||
|
||||
assert(p);
|
||||
assert(ret);
|
||||
|
||||
for (;;) {
|
||||
_cleanup_free_ char *c = NULL;
|
||||
@ -134,10 +135,7 @@ int readlinkat_malloc(int fd, const char *p, char **ret) {
|
||||
|
||||
if ((size_t) n < l) {
|
||||
c[n] = 0;
|
||||
|
||||
if (ret)
|
||||
*ret = TAKE_PTR(c);
|
||||
|
||||
*ret = TAKE_PTR(c);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -162,7 +162,7 @@ struct _packed_ indirect_storage {
|
||||
unsigned n_buckets; /* number of buckets */
|
||||
|
||||
unsigned idx_lowest_entry; /* Index below which all buckets are free.
|
||||
Makes "while (hashmap_steal_first())" loops
|
||||
Makes "while(hashmap_steal_first())" loops
|
||||
O(n) instead of O(n^2) for unordered hashmaps. */
|
||||
uint8_t _pad[3]; /* padding for the whole HashmapBase */
|
||||
/* The bitfields in HashmapBase complete the alignment of the whole thing. */
|
||||
|
||||
@ -63,7 +63,7 @@ char *path_make_absolute(const char *p, const char *prefix) {
|
||||
}
|
||||
|
||||
int safe_getcwd(char **ret) {
|
||||
_cleanup_free_ char *cwd = NULL;
|
||||
char *cwd;
|
||||
|
||||
cwd = get_current_dir_name();
|
||||
if (!cwd)
|
||||
@ -71,12 +71,12 @@ int safe_getcwd(char **ret) {
|
||||
|
||||
/* Let's make sure the directory is really absolute, to protect us from the logic behind
|
||||
* CVE-2018-1000001 */
|
||||
if (cwd[0] != '/')
|
||||
if (cwd[0] != '/') {
|
||||
free(cwd);
|
||||
return -ENOMEDIUM;
|
||||
}
|
||||
|
||||
if (ret)
|
||||
*ret = TAKE_PTR(cwd);
|
||||
|
||||
*ret = cwd;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1235,10 +1235,9 @@ bool hidden_or_backup_file(const char *filename) {
|
||||
assert(filename);
|
||||
|
||||
if (filename[0] == '.' ||
|
||||
STR_IN_SET(filename,
|
||||
"lost+found",
|
||||
"aquota.user",
|
||||
"aquota.group") ||
|
||||
streq(filename, "lost+found") ||
|
||||
streq(filename, "aquota.user") ||
|
||||
streq(filename, "aquota.group") ||
|
||||
endswith(filename, "~"))
|
||||
return true;
|
||||
|
||||
|
||||
@ -472,33 +472,37 @@ int get_process_capeff(pid_t pid, char **ret) {
|
||||
return r;
|
||||
}
|
||||
|
||||
static int get_process_link_contents(pid_t pid, const char *proc_file, char **ret) {
|
||||
const char *p;
|
||||
static int get_process_link_contents(const char *proc_file, char **ret) {
|
||||
int r;
|
||||
|
||||
assert(proc_file);
|
||||
assert(ret);
|
||||
|
||||
p = procfs_file_alloca(pid, proc_file);
|
||||
r = readlink_malloc(proc_file, ret);
|
||||
if (r == -ENOENT)
|
||||
return -ESRCH;
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = readlink_malloc(p, ret);
|
||||
return r == -ENOENT ? -ESRCH : r;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int get_process_exe(pid_t pid, char **ret) {
|
||||
const char *p;
|
||||
char *d;
|
||||
int r;
|
||||
|
||||
assert(pid >= 0);
|
||||
assert(ret);
|
||||
|
||||
r = get_process_link_contents(pid, "exe", ret);
|
||||
p = procfs_file_alloca(pid, "exe");
|
||||
r = get_process_link_contents(p, ret);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (ret) {
|
||||
d = endswith(*ret, " (deleted)");
|
||||
if (d)
|
||||
*d = '\0';
|
||||
}
|
||||
d = endswith(*ret, " (deleted)");
|
||||
if (d)
|
||||
*d = '\0';
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -568,17 +572,28 @@ int get_process_gid(pid_t pid, gid_t *ret) {
|
||||
}
|
||||
|
||||
int get_process_cwd(pid_t pid, char **ret) {
|
||||
const char *p;
|
||||
|
||||
assert(pid >= 0);
|
||||
assert(ret);
|
||||
|
||||
if (pid == 0 || pid == getpid_cached())
|
||||
return safe_getcwd(ret);
|
||||
|
||||
return get_process_link_contents(pid, "cwd", ret);
|
||||
p = procfs_file_alloca(pid, "cwd");
|
||||
|
||||
return get_process_link_contents(p, ret);
|
||||
}
|
||||
|
||||
int get_process_root(pid_t pid, char **ret) {
|
||||
const char *p;
|
||||
|
||||
assert(pid >= 0);
|
||||
return get_process_link_contents(pid, "root", ret);
|
||||
assert(ret);
|
||||
|
||||
p = procfs_file_alloca(pid, "root");
|
||||
|
||||
return get_process_link_contents(p, ret);
|
||||
}
|
||||
|
||||
#define ENVIRONMENT_BLOCK_MAX (5U*1024U*1024U)
|
||||
|
||||
@ -228,7 +228,7 @@ struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t leng
|
||||
({ \
|
||||
const union sockaddr_union *__sa = &(sa); \
|
||||
size_t _len; \
|
||||
switch (__sa->sa.sa_family) { \
|
||||
switch(__sa->sa.sa_family) { \
|
||||
case AF_INET: \
|
||||
_len = sizeof(struct sockaddr_in); \
|
||||
break; \
|
||||
|
||||
@ -113,4 +113,4 @@ ssize_t string_table_lookup(const char * const *table, size_t len, const char *k
|
||||
fputc_unlocked('\n', stdout); \
|
||||
} \
|
||||
funlockfile(stdout); \
|
||||
} while (false)
|
||||
} while(false)
|
||||
|
||||
@ -70,7 +70,7 @@ int getxattr_at_malloc(
|
||||
by_procfs = true; /* fgetxattr() is not going to work, go via /proc/ link right-away */
|
||||
}
|
||||
|
||||
for (;;) {
|
||||
for(;;) {
|
||||
_cleanup_free_ char *v = NULL;
|
||||
ssize_t n;
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@ static BOOLEAN verify_gpt(union GptHeaderBuffer *gpt_header_buffer, EFI_LBA lba_
|
||||
h = &gpt_header_buffer->gpt_header;
|
||||
|
||||
/* Some superficial validation of the GPT header */
|
||||
if (CompareMem(&h->Header.Signature, "EFI PART", sizeof(h->Header.Signature) != 0))
|
||||
if(CompareMem(&h->Header.Signature, "EFI PART", sizeof(h->Header.Signature) != 0))
|
||||
return FALSE;
|
||||
|
||||
if (h->Header.HeaderSize < 92 || h->Header.HeaderSize > 512)
|
||||
|
||||
@ -22,7 +22,7 @@ static int bpf_access_type(const char *acc) {
|
||||
assert(acc);
|
||||
|
||||
for (; *acc; acc++)
|
||||
switch (*acc) {
|
||||
switch(*acc) {
|
||||
case 'r':
|
||||
r |= BPF_DEVCG_ACC_READ;
|
||||
break;
|
||||
|
||||
@ -2162,7 +2162,7 @@ static int install_error(
|
||||
|
||||
for (size_t i = 0; i < n_changes; i++)
|
||||
|
||||
switch (changes[i].type_or_errno) {
|
||||
switch(changes[i].type_or_errno) {
|
||||
|
||||
case 0 ... _UNIT_FILE_CHANGE_TYPE_MAX: /* not errors */
|
||||
continue;
|
||||
|
||||
@ -82,7 +82,6 @@
|
||||
#include "terminal-util.h"
|
||||
#include "time-util.h"
|
||||
#include "transaction.h"
|
||||
#include "uid-range.h"
|
||||
#include "umask-util.h"
|
||||
#include "unit-name.h"
|
||||
#include "user-util.h"
|
||||
@ -4351,34 +4350,16 @@ int manager_dispatch_user_lookup_fd(sd_event_source *source, int fd, uint32_t re
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int short_uid_range(const char *path) {
|
||||
_cleanup_free_ UidRange *p = NULL;
|
||||
size_t n = 0;
|
||||
int r;
|
||||
|
||||
assert(path);
|
||||
|
||||
/* Taint systemd if we the UID range assigned to this environment doesn't at least cover 0…65534,
|
||||
* i.e. from root to nobody. */
|
||||
|
||||
r = uid_range_load_userns(&p, &n, path);
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r))
|
||||
return false;
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to load %s: %m", path);
|
||||
|
||||
return !uid_range_covers(p, n, 0, 65535);
|
||||
}
|
||||
|
||||
char *manager_taint_string(Manager *m) {
|
||||
_cleanup_free_ char *destination = NULL, *overflowuid = NULL, *overflowgid = NULL;
|
||||
struct utsname uts;
|
||||
char *buf, *e;
|
||||
int r;
|
||||
|
||||
/* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at
|
||||
* runtime should be tagged here. For stuff that is set during compilation, emit a warning in the
|
||||
* configuration phase. */
|
||||
/* Returns a "taint string", e.g. "local-hwclock:var-run-bad".
|
||||
* Only things that are detected at runtime should be tagged
|
||||
* here. For stuff that is set during compilation, emit a warning
|
||||
* in the configuration phase. */
|
||||
|
||||
assert(m);
|
||||
|
||||
@ -4389,9 +4370,7 @@ char *manager_taint_string(Manager *m) {
|
||||
"var-run-bad:"
|
||||
"overflowuid-not-65534:"
|
||||
"overflowgid-not-65534:"
|
||||
"old-kernel:"
|
||||
"short-uid-range:"
|
||||
"short-gid-range:"));
|
||||
"old-kernel:"));
|
||||
if (!buf)
|
||||
return NULL;
|
||||
|
||||
@ -4417,6 +4396,7 @@ char *manager_taint_string(Manager *m) {
|
||||
r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid);
|
||||
if (r >= 0 && !streq(overflowuid, "65534"))
|
||||
e = stpcpy(e, "overflowuid-not-65534:");
|
||||
|
||||
r = read_one_line_file("/proc/sys/kernel/overflowgid", &overflowgid);
|
||||
if (r >= 0 && !streq(overflowgid, "65534"))
|
||||
e = stpcpy(e, "overflowgid-not-65534:");
|
||||
@ -4425,11 +4405,6 @@ char *manager_taint_string(Manager *m) {
|
||||
if (strverscmp_improved(uts.release, KERNEL_BASELINE_VERSION) < 0)
|
||||
e = stpcpy(e, "old-kernel:");
|
||||
|
||||
if (short_uid_range("/proc/self/uid_map") > 0)
|
||||
e = stpcpy(e, "short-uid-range:");
|
||||
if (short_uid_range("/proc/self/gid_map") > 0)
|
||||
e = stpcpy(e, "short-gid-range:");
|
||||
|
||||
/* remove the last ':' */
|
||||
if (e != buf)
|
||||
e[-1] = 0;
|
||||
|
||||
@ -69,7 +69,7 @@ static int audit_callback(
|
||||
}
|
||||
|
||||
static int callback_type_to_priority(int type) {
|
||||
switch (type) {
|
||||
switch(type) {
|
||||
|
||||
case SELINUX_ERROR:
|
||||
return LOG_ERR;
|
||||
|
||||
@ -304,7 +304,7 @@ int mac_smack_setup(bool *loaded_policy) {
|
||||
assert(loaded_policy);
|
||||
|
||||
r = write_access2_rules("/etc/smack/accesses.d/");
|
||||
switch (r) {
|
||||
switch(r) {
|
||||
case -ENOENT:
|
||||
log_debug("Smack is not enabled in the kernel.");
|
||||
return 0;
|
||||
@ -336,7 +336,7 @@ int mac_smack_setup(bool *loaded_policy) {
|
||||
#endif
|
||||
|
||||
r = write_cipso2_rules("/etc/smack/cipso.d/");
|
||||
switch (r) {
|
||||
switch(r) {
|
||||
case -ENOENT:
|
||||
log_debug("Smack/CIPSO is not enabled in the kernel.");
|
||||
return 0;
|
||||
@ -352,7 +352,7 @@ int mac_smack_setup(bool *loaded_policy) {
|
||||
}
|
||||
|
||||
r = write_netlabel_rules("/etc/smack/netlabel.d/");
|
||||
switch (r) {
|
||||
switch(r) {
|
||||
case -ENOENT:
|
||||
log_debug("Smack/CIPSO is not enabled in the kernel.");
|
||||
return 0;
|
||||
@ -368,7 +368,7 @@ int mac_smack_setup(bool *loaded_policy) {
|
||||
}
|
||||
|
||||
r = write_onlycap_list();
|
||||
switch (r) {
|
||||
switch(r) {
|
||||
case -ENOENT:
|
||||
log_debug("Smack is not enabled in the kernel.");
|
||||
break;
|
||||
|
||||
@ -439,7 +439,7 @@ static int peer_address_compare_func(const SocketPeer *x, const SocketPeer *y) {
|
||||
if (r != 0)
|
||||
return r;
|
||||
|
||||
switch (x->peer.sa.sa_family) {
|
||||
switch(x->peer.sa.sa_family) {
|
||||
case AF_INET:
|
||||
return memcmp(&x->peer.in.sin_addr, &y->peer.in.sin_addr, sizeof(x->peer.in.sin_addr));
|
||||
case AF_INET6:
|
||||
|
||||
@ -233,7 +233,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "hA:o:F:1D:rS:U:qn:", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
case 'h':
|
||||
return verb_help(0, NULL, NULL);
|
||||
|
||||
|
||||
@ -252,23 +252,23 @@
|
||||
CASE_F_10,CASE_F_9,CASE_F_8,CASE_F_7,CASE_F_6,CASE_F_5,CASE_F_4,CASE_F_3,CASE_F_2,CASE_F_1) \
|
||||
(CASE_F,__VA_ARGS__)
|
||||
|
||||
#define IN_SET(x, ...) \
|
||||
({ \
|
||||
sd_bool _found = sd_false; \
|
||||
#define IN_SET(x, ...) \
|
||||
({ \
|
||||
sd_bool _found = sd_false; \
|
||||
/* If the build breaks in the line below, you need to extend the case macros. (We use "long double" as \
|
||||
* type for the array, in the hope that checkers such as ubsan don't complain that the initializers for \
|
||||
* the array are not representable by the base type. Ideally we'd use typeof(x) as base type, but that \
|
||||
* doesn't work, as we want to use this on bitfields and gcc refuses typeof() on bitfields.) */ \
|
||||
static const long double __assert_in_set[] _unused_ = { __VA_ARGS__ }; \
|
||||
assert_cc(ELEMENTSOF(__assert_in_set) <= 20); \
|
||||
switch (x) { \
|
||||
FOR_EACH_MAKE_CASE(__VA_ARGS__) \
|
||||
_found = sd_true; \
|
||||
break; \
|
||||
default: \
|
||||
break; \
|
||||
} \
|
||||
_found; \
|
||||
assert_cc(ELEMENTSOF(__assert_in_set) <= 20); \
|
||||
switch(x) { \
|
||||
FOR_EACH_MAKE_CASE(__VA_ARGS__) \
|
||||
_found = sd_true; \
|
||||
break; \
|
||||
default: \
|
||||
break; \
|
||||
} \
|
||||
_found; \
|
||||
})
|
||||
|
||||
/* Takes inspiration from Rust's Option::take() method: reads and returns a pointer, but at the same time
|
||||
|
||||
@ -353,7 +353,7 @@ try_acpi:
|
||||
* http://www.acpi.info/DOWNLOADS/ACPIspec50.pdf
|
||||
*/
|
||||
|
||||
switch (t) {
|
||||
switch(t) {
|
||||
|
||||
case 1: /* Desktop */
|
||||
case 3: /* Workstation */
|
||||
|
||||
@ -74,7 +74,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "ust:r:h", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
|
||||
case 'h':
|
||||
return help();
|
||||
|
||||
@ -911,7 +911,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
|
||||
while ((c = getopt_long(argc, argv, "hD:", options, NULL)) >= 0)
|
||||
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
|
||||
case 'h':
|
||||
return help();
|
||||
|
||||
@ -858,7 +858,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "ho:", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
|
||||
case 'h':
|
||||
return help();
|
||||
|
||||
@ -104,7 +104,7 @@ int journal_remote_get_writer(RemoteServer *s, const char *host, Writer **writer
|
||||
const void *key;
|
||||
int r;
|
||||
|
||||
switch (s->split_mode) {
|
||||
switch(s->split_mode) {
|
||||
case JOURNAL_WRITE_SPLIT_NONE:
|
||||
key = "one and only";
|
||||
break;
|
||||
@ -495,7 +495,7 @@ static int accept_connection(
|
||||
return log_error_errno(errno, "accept() on fd:%d failed: %m", fd);
|
||||
}
|
||||
|
||||
switch (socket_address_family(addr)) {
|
||||
switch(socket_address_family(addr)) {
|
||||
case AF_INET:
|
||||
case AF_INET6: {
|
||||
_cleanup_free_ char *a = NULL;
|
||||
|
||||
@ -24,7 +24,7 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
|
||||
|
||||
for (;;) {
|
||||
|
||||
switch (u->entry_state) {
|
||||
switch(u->entry_state) {
|
||||
case ENTRY_CURSOR: {
|
||||
u->current_cursor = mfree(u->current_cursor);
|
||||
|
||||
|
||||
@ -668,7 +668,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
opterr = 0;
|
||||
|
||||
while ((c = getopt_long(argc, argv, "hu:mM:D:", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
case 'h':
|
||||
return help();
|
||||
|
||||
|
||||
@ -772,7 +772,7 @@ static void server_cache_hostname(Server *s) {
|
||||
}
|
||||
|
||||
static bool shall_try_append_again(JournalFile *f, int r) {
|
||||
switch (r) {
|
||||
switch(r) {
|
||||
|
||||
case -E2BIG: /* Hit configured limit */
|
||||
case -EFBIG: /* Hit fs limit */
|
||||
|
||||
@ -548,7 +548,7 @@ static int dhcp6_option_parse_ia_options(sd_dhcp6_client *client, const uint8_t
|
||||
|
||||
assert(buf || buflen == 0);
|
||||
|
||||
for (size_t offset = 0; offset < buflen;) {
|
||||
for(size_t offset = 0; offset < buflen;) {
|
||||
const uint8_t *data;
|
||||
size_t data_len;
|
||||
uint16_t code;
|
||||
@ -557,7 +557,7 @@ static int dhcp6_option_parse_ia_options(sd_dhcp6_client *client, const uint8_t
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
switch (code) {
|
||||
switch(code) {
|
||||
case SD_DHCP6_OPTION_STATUS_CODE: {
|
||||
_cleanup_free_ char *msg = NULL;
|
||||
|
||||
|
||||
@ -247,7 +247,7 @@ int sd_dhcp_client_set_request_option(sd_dhcp_client *client, uint8_t option) {
|
||||
assert_return(client, -EINVAL);
|
||||
assert_return(IN_SET(client->state, DHCP_STATE_INIT, DHCP_STATE_STOPPED), -EBUSY);
|
||||
|
||||
switch (option) {
|
||||
switch(option) {
|
||||
|
||||
case SD_DHCP_OPTION_PAD:
|
||||
case SD_DHCP_OPTION_OVERLOAD:
|
||||
|
||||
@ -629,7 +629,7 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void
|
||||
|
||||
assert(lease);
|
||||
|
||||
switch (code) {
|
||||
switch(code) {
|
||||
|
||||
case SD_DHCP_OPTION_IP_ADDRESS_LEASE_TIME:
|
||||
r = lease_parse_u32(option, len, &lease->lifetime, 1);
|
||||
|
||||
@ -737,7 +737,7 @@ static int parse_request(uint8_t code, uint8_t len, const void *option, void *us
|
||||
|
||||
assert(req);
|
||||
|
||||
switch (code) {
|
||||
switch(code) {
|
||||
case SD_DHCP_OPTION_IP_ADDRESS_LEASE_TIME:
|
||||
if (len == 4)
|
||||
req->lifetime = unaligned_read_be32(option);
|
||||
@ -1096,7 +1096,7 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz
|
||||
existing_lease = hashmap_get(server->bound_leases_by_client_id, &req->client_id);
|
||||
static_lease = hashmap_get(server->static_leases_by_client_id, &req->client_id);
|
||||
|
||||
switch (type) {
|
||||
switch(type) {
|
||||
|
||||
case DHCP_DISCOVER: {
|
||||
be32_t address = INADDR_ANY;
|
||||
|
||||
@ -338,7 +338,7 @@ int dhcp6_lease_add_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t opt
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
switch (subopt) {
|
||||
switch(subopt) {
|
||||
case DHCP6_NTP_SUBOPTION_SRV_ADDR:
|
||||
case DHCP6_NTP_SUBOPTION_MC_ADDR:
|
||||
if (sublen != 16)
|
||||
|
||||
@ -156,7 +156,7 @@ static void test_dhcp_identifier_set_iaid(void) {
|
||||
}
|
||||
|
||||
static int check_options(uint8_t code, uint8_t len, const void *option, void *userdata) {
|
||||
switch (code) {
|
||||
switch(code) {
|
||||
case SD_DHCP_OPTION_CLIENT_IDENTIFIER:
|
||||
{
|
||||
uint32_t iaid;
|
||||
|
||||
@ -53,7 +53,7 @@ static struct option_desc option_tests[] = {
|
||||
};
|
||||
|
||||
static const char *dhcp_type(int type) {
|
||||
switch (type) {
|
||||
switch(type) {
|
||||
case DHCP_DISCOVER:
|
||||
return "DHCPDISCOVER";
|
||||
case DHCP_OFFER:
|
||||
@ -125,7 +125,7 @@ static void test_ignore_opts(uint8_t *descoption, int *descpos, int *desclen) {
|
||||
assert_se(*descpos >= 0);
|
||||
|
||||
while (*descpos < *desclen) {
|
||||
switch (descoption[*descpos]) {
|
||||
switch(descoption[*descpos]) {
|
||||
case SD_DHCP_OPTION_PAD:
|
||||
*descpos += 1;
|
||||
break;
|
||||
|
||||
@ -29,7 +29,7 @@ static void* basic_request_handler_userdata = (void*) 0xCABCAB;
|
||||
static void basic_request_handler(sd_ipv4ll *ll, int event, void *userdata) {
|
||||
assert_se(userdata == basic_request_handler_userdata);
|
||||
|
||||
switch (event) {
|
||||
switch(event) {
|
||||
case SD_IPV4LL_EVENT_STOP:
|
||||
basic_request_handler_stop = 1;
|
||||
break;
|
||||
|
||||
@ -1,14 +1,11 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
BEGIN{
|
||||
print "const char *audit_type_to_string(int type) {"
|
||||
print " switch (type) {"
|
||||
print "const char *audit_type_to_string(int type) {\n\tswitch(type) {"
|
||||
}
|
||||
{
|
||||
printf " case AUDIT_%s: return \"%s\";\n", $1, $1
|
||||
}
|
||||
END{
|
||||
print " default: return NULL;"
|
||||
print " }"
|
||||
print "}"
|
||||
print " default: return NULL;\n\t}\n}\n"
|
||||
}
|
||||
|
||||
@ -277,7 +277,7 @@ int sd_rtnl_message_new_nexthop(sd_netlink *rtnl, sd_netlink_message **ret,
|
||||
int r;
|
||||
|
||||
assert_return(rtnl_message_type_is_nexthop(nlmsg_type), -EINVAL);
|
||||
switch (nlmsg_type) {
|
||||
switch(nlmsg_type) {
|
||||
case RTM_DELNEXTHOP:
|
||||
assert_return(nh_family == AF_UNSPEC, -EINVAL);
|
||||
_fallthrough_;
|
||||
|
||||
@ -63,7 +63,7 @@ int type_system_root_get_type_system_and_header_size(
|
||||
if (IN_SET(type, NLMSG_DONE, NLMSG_ERROR))
|
||||
nl_type = type_system_get_type(&basic_type_system, type);
|
||||
else
|
||||
switch (nl->protocol) {
|
||||
switch(nl->protocol) {
|
||||
case NETLINK_ROUTE:
|
||||
nl_type = rtnl_get_type(type);
|
||||
break;
|
||||
|
||||
@ -516,7 +516,7 @@ static int get_search(uint64_t type, char ***list) {
|
||||
|
||||
assert(list);
|
||||
|
||||
switch (type) {
|
||||
switch(type) {
|
||||
|
||||
case SD_PATH_SEARCH_BINARIES:
|
||||
return search_from_environment(list,
|
||||
|
||||
@ -285,4 +285,4 @@ static int run(int argc, char* argv[]) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run);
|
||||
DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE (run);
|
||||
|
||||
@ -165,7 +165,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "hn", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
case 'h':
|
||||
return help();
|
||||
|
||||
|
||||
@ -1,8 +1,7 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
BEGIN{
|
||||
print "const char *dns_type_to_string(int type) {"
|
||||
print " switch (type) {"
|
||||
print "const char *dns_type_to_string(int type) {\n\tswitch(type) {"
|
||||
}
|
||||
{
|
||||
printf " case DNS_TYPE_%s: return ", $1;
|
||||
@ -10,7 +9,5 @@ BEGIN{
|
||||
printf "\"%s\";\n", $1
|
||||
}
|
||||
END{
|
||||
print " default: return NULL;"
|
||||
print " }"
|
||||
print "}"
|
||||
print " default: return NULL;\n\t}\n}\n"
|
||||
}
|
||||
|
||||
@ -136,7 +136,7 @@ int resolvconf_parse_argv(int argc, char *argv[]) {
|
||||
arg_mode = _MODE_INVALID;
|
||||
|
||||
while ((c = getopt_long(argc, argv, "hadxpfm:uIi:l:Rr:vV", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
|
||||
case 'h':
|
||||
return resolvconf_help();
|
||||
|
||||
@ -2753,7 +2753,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "h46i:t:c:p:", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
|
||||
case 'h':
|
||||
return compat_help();
|
||||
@ -3048,7 +3048,7 @@ static int native_parse_argv(int argc, char *argv[]) {
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "h46i:t:c:p:", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
|
||||
case 'h':
|
||||
return native_help();
|
||||
|
||||
@ -102,7 +102,7 @@ void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool trun
|
||||
|
||||
h = DNS_PACKET_HEADER(p);
|
||||
|
||||
switch (p->protocol) {
|
||||
switch(p->protocol) {
|
||||
case DNS_PROTOCOL_LLMNR:
|
||||
assert(!truncated);
|
||||
|
||||
|
||||
@ -403,7 +403,7 @@ static DnsResourceRecord* dns_resource_record_free(DnsResourceRecord *rr) {
|
||||
assert(rr);
|
||||
|
||||
if (rr->key) {
|
||||
switch (rr->key->type) {
|
||||
switch(rr->key->type) {
|
||||
|
||||
case DNS_TYPE_SRV:
|
||||
free(rr->srv.name);
|
||||
@ -1166,7 +1166,7 @@ ssize_t dns_resource_record_payload(DnsResourceRecord *rr, void **out) {
|
||||
assert(rr);
|
||||
assert(out);
|
||||
|
||||
switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
|
||||
switch(rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
|
||||
case DNS_TYPE_SRV:
|
||||
case DNS_TYPE_PTR:
|
||||
case DNS_TYPE_NS:
|
||||
|
||||
@ -185,7 +185,7 @@ ssize_t dnstls_stream_writev(DnsStream *stream, const struct iovec *iov, size_t
|
||||
|
||||
ss = gnutls_record_uncork(stream->dnstls_data.session, 0);
|
||||
if (ss < 0)
|
||||
switch (ss) {
|
||||
switch(ss) {
|
||||
case GNUTLS_E_INTERRUPTED:
|
||||
return -EINTR;
|
||||
case GNUTLS_E_AGAIN:
|
||||
@ -209,7 +209,7 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) {
|
||||
|
||||
ss = gnutls_record_recv(stream->dnstls_data.session, buf, count);
|
||||
if (ss < 0)
|
||||
switch (ss) {
|
||||
switch(ss) {
|
||||
case GNUTLS_E_INTERRUPTED:
|
||||
return -EINTR;
|
||||
case GNUTLS_E_AGAIN:
|
||||
|
||||
@ -16,7 +16,6 @@
|
||||
#include "fd-util.h"
|
||||
#include "log.h"
|
||||
#include "macro.h"
|
||||
#include "path-util.h"
|
||||
#include "process-util.h"
|
||||
#include "resolved-dns-packet.h"
|
||||
#include "resolved-dns-question.h"
|
||||
@ -331,41 +330,16 @@ static void test_dns_stream(bool tls) {
|
||||
|
||||
static void try_isolate_network(void) {
|
||||
_cleanup_close_ int socket_fd = -1;
|
||||
int r;
|
||||
|
||||
/* First test if CLONE_NEWUSER/CLONE_NEWNET can actually work for us, i.e. we can open the namespaces
|
||||
* and then still access the build dir we are run from. We do that in a child process since it's
|
||||
* nasty if we have to go back from the namespace once we entered it and realized it cannot work. */
|
||||
r = safe_fork("(usernstest)", FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
|
||||
if (r == 0) { /* child */
|
||||
_cleanup_free_ char *rt = NULL, *d = NULL;
|
||||
|
||||
if (unshare(CLONE_NEWUSER | CLONE_NEWNET) < 0) {
|
||||
log_warning_errno(errno, "test-resolved-stream: Can't create user and network ns, running on host: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
assert_se(get_process_exe(0, &rt) >= 0);
|
||||
assert_se(path_extract_directory(rt, &d) >= 0);
|
||||
|
||||
if (access(d, F_OK) < 0) {
|
||||
log_warning_errno(errno, "test-resolved-stream: Can't access /proc/self/exe from user/network ns, running on host: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
_exit(EXIT_SUCCESS);
|
||||
}
|
||||
if (r == -EPROTO) /* EPROTO means nonzero exit code of child, i.e. the tests in the child failed */
|
||||
if (unshare(CLONE_NEWUSER | CLONE_NEWNET) < 0) {
|
||||
log_warning("test-resolved-stream: Can't create user and network ns, running on host");
|
||||
return;
|
||||
assert_se(r > 0);
|
||||
|
||||
/* Now that we know that the unshare() is safe, let's actually do it */
|
||||
assert_se(unshare(CLONE_NEWUSER | CLONE_NEWNET) >= 0);
|
||||
}
|
||||
|
||||
/* Bring up the loopback interfaceon the newly created network namespace */
|
||||
struct ifreq req = { .ifr_ifindex = 1 };
|
||||
assert_se((socket_fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0)) >= 0);
|
||||
assert_se(ioctl(socket_fd, SIOCGIFNAME, &req) >= 0);
|
||||
assert_se(ioctl(socket_fd,SIOCGIFNAME,&req) >= 0);
|
||||
assert_se(ioctl(socket_fd, SIOCGIFFLAGS, &req) >= 0);
|
||||
assert_se(FLAGS_SET(req.ifr_flags, IFF_LOOPBACK));
|
||||
req.ifr_flags |= IFF_UP;
|
||||
|
||||
@ -1074,7 +1074,7 @@ int config_parse_warn_compat(
|
||||
|
||||
Disabled reason = ltype;
|
||||
|
||||
switch (reason) {
|
||||
switch(reason) {
|
||||
|
||||
case DISABLED_CONFIGURATION:
|
||||
log_syntax(unit, LOG_DEBUG, filename, line, 0,
|
||||
|
||||
@ -393,7 +393,7 @@ int ethtool_get_permanent_hw_addr(int *ethtool_fd, const char *ifname, struct hw
|
||||
if (dest != _v) \
|
||||
updated = true; \
|
||||
dest = _v; \
|
||||
} while (false)
|
||||
} while(false)
|
||||
|
||||
#define UPDATE_WITH_MAX(dest, max, val, updated) \
|
||||
do { \
|
||||
@ -404,7 +404,7 @@ int ethtool_get_permanent_hw_addr(int *ethtool_fd, const char *ifname, struct hw
|
||||
if (dest != _v) \
|
||||
updated = true; \
|
||||
dest = _v; \
|
||||
} while (false)
|
||||
} while(false)
|
||||
|
||||
int ethtool_set_wol(
|
||||
int *ethtool_fd,
|
||||
|
||||
@ -108,7 +108,7 @@ int in_addr_prefixes_reduce(Set *prefixes) {
|
||||
struct in_addr_prefix *p;
|
||||
|
||||
SET_FOREACH(p, prefixes)
|
||||
switch (p->family) {
|
||||
switch(p->family) {
|
||||
case AF_INET:
|
||||
assert(p->prefixlen <= 32);
|
||||
if (p->prefixlen == 0)
|
||||
@ -147,7 +147,7 @@ int in_addr_prefixes_reduce(Set *prefixes) {
|
||||
if (p->prefixlen == 0)
|
||||
continue;
|
||||
|
||||
switch (p->family) {
|
||||
switch(p->family) {
|
||||
case AF_INET:
|
||||
prefixlens = ipv4_prefixlens;
|
||||
n = &ipv4_n_prefixlens;
|
||||
|
||||
@ -330,7 +330,7 @@ void unit_file_dump_changes(int r, const char *verb, const UnitFileChange *chang
|
||||
for (size_t i = 0; i < n_changes; i++) {
|
||||
assert(verb || changes[i].type_or_errno >= 0);
|
||||
|
||||
switch (changes[i].type_or_errno) {
|
||||
switch(changes[i].type_or_errno) {
|
||||
case UNIT_FILE_SYMLINK:
|
||||
if (!quiet)
|
||||
log_info("Created symlink %s %s %s.",
|
||||
|
||||
@ -281,7 +281,7 @@ static int process_special_field(JournalImporter *imp, char *line) {
|
||||
int journal_importer_process_data(JournalImporter *imp) {
|
||||
int r;
|
||||
|
||||
switch (imp->state) {
|
||||
switch(imp->state) {
|
||||
case IMPORTER_STATE_LINE: {
|
||||
char *line, *sep;
|
||||
size_t n = 0;
|
||||
|
||||
@ -531,7 +531,7 @@ int mode_to_inaccessible_node(
|
||||
if (!runtime_dir)
|
||||
runtime_dir = "/run";
|
||||
|
||||
switch (mode & S_IFMT) {
|
||||
switch(mode & S_IFMT) {
|
||||
case S_IFREG:
|
||||
node = "/systemd/inaccessible/reg";
|
||||
break;
|
||||
|
||||
@ -107,7 +107,7 @@ const char* seccomp_arch_to_string(uint32_t c) {
|
||||
* Names used here should be the same as those used for ConditionArchitecture=,
|
||||
* except for "subarchitectures" like x32. */
|
||||
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
case SCMP_ARCH_NATIVE:
|
||||
return "native";
|
||||
case SCMP_ARCH_X86:
|
||||
|
||||
@ -58,7 +58,7 @@ int service_parse_argv(
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
|
||||
case 'h':
|
||||
return help(argv[0], service, description, bus_objects);
|
||||
|
||||
@ -48,26 +48,23 @@ char* setup_fake_runtime_dir(void) {
|
||||
|
||||
static void load_testdata_env(void) {
|
||||
static bool called = false;
|
||||
_cleanup_free_ char *s = NULL, *d = NULL, *envpath = NULL;
|
||||
_cleanup_free_ char *s = NULL;
|
||||
_cleanup_free_ char *envpath = NULL;
|
||||
_cleanup_strv_free_ char **pairs = NULL;
|
||||
int r;
|
||||
|
||||
if (called)
|
||||
return;
|
||||
called = true;
|
||||
|
||||
assert_se(readlink_and_make_absolute("/proc/self/exe", &s) >= 0);
|
||||
assert_se(path_extract_directory(s, &d) >= 0);
|
||||
assert_se(envpath = path_join(d, "systemd-runtest.env"));
|
||||
dirname(s);
|
||||
|
||||
r = load_env_file_pairs(NULL, envpath, &pairs);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Reading %s failed: %m", envpath);
|
||||
envpath = path_join(s, "systemd-runtest.env");
|
||||
if (load_env_file_pairs(NULL, envpath, &pairs) < 0)
|
||||
return;
|
||||
}
|
||||
|
||||
STRV_FOREACH_PAIR(k, v, pairs)
|
||||
assert_se(setenv(*k, *v, 0) >= 0);
|
||||
setenv(*k, *v, 0);
|
||||
}
|
||||
|
||||
int get_testdata_dir(const char *suffix, char **ret) {
|
||||
|
||||
@ -79,7 +79,7 @@ bool udev_available(void);
|
||||
(void) sd_device_get_syspath(_d, &_p); \
|
||||
(void) sd_device_get_subsystem(_d, &_s); \
|
||||
STAP_PROBEV(udev, name, device_action_to_string(_a), _n, _p, _s __VA_OPT__(,) __VA_ARGS__);\
|
||||
} while (false);
|
||||
} while(false);
|
||||
#else
|
||||
#define DEVICE_TRACE_POINT(name, dev, ...) ((void) 0)
|
||||
#endif
|
||||
|
||||
@ -5,13 +5,8 @@
|
||||
#include <string.h>
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "errno-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "format-util.h"
|
||||
#include "macro.h"
|
||||
#include "path-util.h"
|
||||
#include "sort-util.h"
|
||||
#include "stat-util.h"
|
||||
#include "uid-range.h"
|
||||
#include "user-util.h"
|
||||
|
||||
@ -22,12 +17,12 @@ static bool uid_range_intersect(UidRange *range, uid_t start, uid_t nr) {
|
||||
range->start + range->nr >= start;
|
||||
}
|
||||
|
||||
static void uid_range_coalesce(UidRange **p, size_t *n) {
|
||||
static void uid_range_coalesce(UidRange **p, unsigned *n) {
|
||||
assert(p);
|
||||
assert(n);
|
||||
|
||||
for (size_t i = 0; i < *n; i++) {
|
||||
for (size_t j = i + 1; j < *n; j++) {
|
||||
for (unsigned i = 0; i < *n; i++) {
|
||||
for (unsigned j = i + 1; j < *n; j++) {
|
||||
UidRange *x = (*p)+i, *y = (*p)+j;
|
||||
|
||||
if (uid_range_intersect(x, y->start, y->nr)) {
|
||||
@ -59,7 +54,7 @@ static int uid_range_compare(const UidRange *a, const UidRange *b) {
|
||||
return CMP(a->nr, b->nr);
|
||||
}
|
||||
|
||||
int uid_range_add(UidRange **p, size_t *n, uid_t start, uid_t nr) {
|
||||
int uid_range_add(UidRange **p, unsigned *n, uid_t start, uid_t nr) {
|
||||
bool found = false;
|
||||
UidRange *x;
|
||||
|
||||
@ -69,10 +64,7 @@ int uid_range_add(UidRange **p, size_t *n, uid_t start, uid_t nr) {
|
||||
if (nr <= 0)
|
||||
return 0;
|
||||
|
||||
if (start > UINT32_MAX - nr) /* overflow check */
|
||||
return -ERANGE;
|
||||
|
||||
for (size_t i = 0; i < *n; i++) {
|
||||
for (unsigned i = 0; i < *n; i++) {
|
||||
x = (*p) + i;
|
||||
if (uid_range_intersect(x, start, nr)) {
|
||||
found = true;
|
||||
@ -108,7 +100,7 @@ int uid_range_add(UidRange **p, size_t *n, uid_t start, uid_t nr) {
|
||||
return *n;
|
||||
}
|
||||
|
||||
int uid_range_add_str(UidRange **p, size_t *n, const char *s) {
|
||||
int uid_range_add_str(UidRange **p, unsigned *n, const char *s) {
|
||||
uid_t start, nr;
|
||||
const char *t;
|
||||
int r;
|
||||
@ -146,18 +138,15 @@ int uid_range_add_str(UidRange **p, size_t *n, const char *s) {
|
||||
return uid_range_add(p, n, start, nr);
|
||||
}
|
||||
|
||||
int uid_range_next_lower(const UidRange *p, size_t n, uid_t *uid) {
|
||||
int uid_range_next_lower(const UidRange *p, unsigned n, uid_t *uid) {
|
||||
uid_t closest = UID_INVALID, candidate;
|
||||
|
||||
assert(p);
|
||||
assert(uid);
|
||||
|
||||
if (*uid == 0)
|
||||
return -EBUSY;
|
||||
|
||||
candidate = *uid - 1;
|
||||
|
||||
for (size_t i = 0; i < n; i++) {
|
||||
for (unsigned i = 0; i < n; i++) {
|
||||
uid_t begin, end;
|
||||
|
||||
begin = p[i].start;
|
||||
@ -179,62 +168,13 @@ int uid_range_next_lower(const UidRange *p, size_t n, uid_t *uid) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
bool uid_range_covers(const UidRange *p, size_t n, uid_t start, uid_t nr) {
|
||||
assert(p || n == 0);
|
||||
bool uid_range_contains(const UidRange *p, unsigned n, uid_t uid) {
|
||||
assert(p);
|
||||
assert(uid);
|
||||
|
||||
if (nr == 0) /* empty range? always covered... */
|
||||
return true;
|
||||
|
||||
if (start > UINT32_MAX - nr) /* range overflows? definitely not covered... */
|
||||
return false;
|
||||
|
||||
for (size_t i = 0; i < n; i++)
|
||||
if (start >= p[i].start && start + nr <= p[i].start + p[i].nr)
|
||||
for (unsigned i = 0; i < n; i++)
|
||||
if (uid >= p[i].start && uid < p[i].start + p[i].nr)
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
int uid_range_load_userns(UidRange **p, size_t *n, const char *path) {
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
int r;
|
||||
|
||||
/* If 'path' is NULL loads the UID range of the userns namespace we run. Otherwise load the data from
|
||||
* the specified file (which can be either uid_map or gid_map, in case caller needs to deal with GID
|
||||
* maps).
|
||||
*
|
||||
* To simplify things this will modify the passed array in case of later failure. */
|
||||
|
||||
if (!path)
|
||||
path = "/proc/self/uid_map";
|
||||
|
||||
f = fopen(path, "re");
|
||||
if (!f) {
|
||||
r = -errno;
|
||||
|
||||
if (r == -ENOENT && path_startswith(path, "/proc/") && proc_mounted() > 0)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
for (;;) {
|
||||
uid_t uid_base, uid_shift, uid_range;
|
||||
int k;
|
||||
|
||||
errno = 0;
|
||||
k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT "\n", &uid_base, &uid_shift, &uid_range);
|
||||
if (k == EOF) {
|
||||
if (ferror(f))
|
||||
return errno_or_else(EIO);
|
||||
|
||||
return 0;
|
||||
}
|
||||
if (k != 3)
|
||||
return -EBADMSG;
|
||||
|
||||
r = uid_range_add(p, n, uid_base, uid_range);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,14 +8,8 @@ typedef struct UidRange {
|
||||
uid_t start, nr;
|
||||
} UidRange;
|
||||
|
||||
int uid_range_add(UidRange **p, size_t *n, uid_t start, uid_t nr);
|
||||
int uid_range_add_str(UidRange **p, size_t *n, const char *s);
|
||||
int uid_range_add(UidRange **p, unsigned *n, uid_t start, uid_t nr);
|
||||
int uid_range_add_str(UidRange **p, unsigned *n, const char *s);
|
||||
|
||||
int uid_range_next_lower(const UidRange *p, size_t n, uid_t *uid);
|
||||
bool uid_range_covers(const UidRange *p, size_t n, uid_t start, uid_t nr);
|
||||
|
||||
static inline bool uid_range_contains(const UidRange *p, size_t n, uid_t uid) {
|
||||
return uid_range_covers(p, n, uid, 1);
|
||||
}
|
||||
|
||||
int uid_range_load_userns(UidRange **p, size_t *n, const char *path);
|
||||
int uid_range_next_lower(const UidRange *p, unsigned n, uid_t *uid);
|
||||
bool uid_range_contains(const UidRange *p, unsigned n, uid_t uid);
|
||||
|
||||
@ -352,7 +352,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
case 'h':
|
||||
return help();
|
||||
|
||||
|
||||
@ -104,7 +104,7 @@ static Set *database_users = NULL, *database_groups = NULL;
|
||||
|
||||
static uid_t search_uid = UID_INVALID;
|
||||
static UidRange *uid_range = NULL;
|
||||
static size_t n_uid_range = 0;
|
||||
static unsigned n_uid_range = 0;
|
||||
|
||||
static UGIDAllocationRange login_defs = {};
|
||||
static bool login_defs_need_warning = false;
|
||||
|
||||
@ -163,7 +163,7 @@ TEST(auto_erase_memory) {
|
||||
assert_se(MALLOC_SIZEOF_SAFE(f) >= sizeof(*f) * n); \
|
||||
assert_se(malloc_usable_size(f) >= sizeof(*f) * n); \
|
||||
assert_se(__builtin_object_size(f, 0) >= sizeof(*f) * n); \
|
||||
} while (false)
|
||||
} while(false)
|
||||
|
||||
TEST(malloc_size_safe) {
|
||||
_cleanup_free_ uint32_t *f = NULL;
|
||||
|
||||
@ -3,26 +3,15 @@
|
||||
#include <stddef.h>
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "errno-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "fileio.h"
|
||||
#include "fs-util.h"
|
||||
#include "tests.h"
|
||||
#include "tmpfile-util.h"
|
||||
#include "uid-range.h"
|
||||
#include "user-util.h"
|
||||
#include "util.h"
|
||||
#include "virt.h"
|
||||
|
||||
TEST(uid_range) {
|
||||
int main(int argc, char *argv[]) {
|
||||
_cleanup_free_ UidRange *p = NULL;
|
||||
size_t n = 0;
|
||||
unsigned n = 0;
|
||||
uid_t search;
|
||||
|
||||
assert_se(uid_range_covers(p, n, 0, 0));
|
||||
assert_se(!uid_range_covers(p, n, 0, 1));
|
||||
assert_se(!uid_range_covers(p, n, 100, UINT32_MAX));
|
||||
|
||||
assert_se(uid_range_add_str(&p, &n, "500-999") >= 0);
|
||||
assert_se(n == 1);
|
||||
assert_se(p[0].start == 500);
|
||||
@ -33,17 +22,6 @@ TEST(uid_range) {
|
||||
assert_se(uid_range_contains(p, n, 999));
|
||||
assert_se(!uid_range_contains(p, n, 1000));
|
||||
|
||||
assert_se(!uid_range_covers(p, n, 100, 150));
|
||||
assert_se(!uid_range_covers(p, n, 400, 200));
|
||||
assert_se(!uid_range_covers(p, n, 499, 1));
|
||||
assert_se(uid_range_covers(p, n, 500, 1));
|
||||
assert_se(uid_range_covers(p, n, 501, 10));
|
||||
assert_se(uid_range_covers(p, n, 999, 1));
|
||||
assert_se(!uid_range_covers(p, n, 999, 2));
|
||||
assert_se(!uid_range_covers(p, n, 1000, 1));
|
||||
assert_se(!uid_range_covers(p, n, 1000, 100));
|
||||
assert_se(!uid_range_covers(p, n, 1001, 100));
|
||||
|
||||
search = UID_INVALID;
|
||||
assert_se(uid_range_next_lower(p, n, &search));
|
||||
assert_se(search == 999);
|
||||
@ -91,49 +69,6 @@ TEST(uid_range) {
|
||||
assert_se(n == 1);
|
||||
assert_se(p[0].start == 20);
|
||||
assert_se(p[0].nr == 1983);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
TEST(load_userns) {
|
||||
_cleanup_(unlink_and_freep) char *fn = NULL;
|
||||
_cleanup_free_ UidRange *p = NULL;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
size_t n = 0;
|
||||
int r;
|
||||
|
||||
r = uid_range_load_userns(&p, &n, NULL);
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r))
|
||||
return;
|
||||
|
||||
assert_se(r >= 0);
|
||||
assert_se(uid_range_contains(p, n, getuid()));
|
||||
|
||||
r = running_in_userns();
|
||||
if (r == 0) {
|
||||
assert_se(n == 1);
|
||||
assert_se(p[0].start == 0);
|
||||
assert_se(p[0].nr == UINT32_MAX);
|
||||
|
||||
assert_se(uid_range_covers(p, n, 0, UINT32_MAX));
|
||||
}
|
||||
|
||||
assert_se(fopen_temporary(NULL, &f, &fn) >= 0);
|
||||
fputs("0 0 20\n"
|
||||
"100 0 20\n", f);
|
||||
assert_se(fflush_and_check(f) >= 0);
|
||||
|
||||
p = mfree(p);
|
||||
n = 0;
|
||||
|
||||
assert_se(uid_range_load_userns(&p, &n, fn) >= 0);
|
||||
|
||||
assert_se(uid_range_contains(p, n, 0));
|
||||
assert_se(uid_range_contains(p, n, 19));
|
||||
assert_se(!uid_range_contains(p, n, 20));
|
||||
|
||||
assert_se(!uid_range_contains(p, n, 99));
|
||||
assert_se(uid_range_contains(p, n, 100));
|
||||
assert_se(uid_range_contains(p, n, 119));
|
||||
assert_se(!uid_range_contains(p, n, 120));
|
||||
}
|
||||
|
||||
DEFINE_TEST_MAIN(LOG_DEBUG);
|
||||
|
||||
@ -51,7 +51,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
assert_se(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "r:", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
case 'r':
|
||||
arg_root = optarg;
|
||||
break;
|
||||
|
||||
@ -541,7 +541,7 @@ static int dvd_ram_media_update_state(Context *c) {
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Invalid format capacities length.");
|
||||
|
||||
switch (format[8] & 3) {
|
||||
switch(format[8] & 3) {
|
||||
case 1:
|
||||
/* This means that last format was interrupted or failed, blank dvd-ram discs are
|
||||
* factory formatted. Take no action here as it takes quite a while to reformat a
|
||||
|
||||
@ -61,7 +61,7 @@ int probe_smart_media(int mtd_fd, mtd_info_t* info) {
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Unexpected sector size: %i", sector_size);
|
||||
|
||||
switch (size_in_megs) {
|
||||
switch(size_in_megs) {
|
||||
case 1:
|
||||
case 2:
|
||||
spare_count = 6;
|
||||
|
||||
@ -48,7 +48,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
int c;
|
||||
|
||||
while ((c = getopt_long(argc, argv, "ust:r:Vh", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
switch(c) {
|
||||
case 'u':
|
||||
arg_update = true;
|
||||
break;
|
||||
|
||||
@ -345,7 +345,7 @@ static int query_device(QueryType query, sd_device* device) {
|
||||
|
||||
assert(device);
|
||||
|
||||
switch (query) {
|
||||
switch(query) {
|
||||
case QUERY_NAME: {
|
||||
const char *node;
|
||||
|
||||
|
||||
@ -17,7 +17,6 @@
|
||||
#include "socket-util.h"
|
||||
#include "strv.h"
|
||||
#include "terminal-util.h"
|
||||
#include "uid-range.h"
|
||||
#include "user-record-show.h"
|
||||
#include "user-util.h"
|
||||
#include "userdb.h"
|
||||
@ -168,22 +167,14 @@ static const struct {
|
||||
},
|
||||
};
|
||||
|
||||
static int table_add_uid_boundaries(
|
||||
Table *table,
|
||||
const UidRange *p,
|
||||
size_t n) {
|
||||
static int table_add_uid_boundaries(Table *table) {
|
||||
int r;
|
||||
|
||||
assert(table);
|
||||
assert(p || n == 0);
|
||||
|
||||
for (size_t i = 0; i < ELEMENTSOF(uid_range_table); i++) {
|
||||
_cleanup_free_ char *name = NULL, *comment = NULL;
|
||||
|
||||
if (n > 0 &&
|
||||
!uid_range_covers(p, n, uid_range_table[i].first, uid_range_table[i].last - uid_range_table[i].first + 1))
|
||||
continue;
|
||||
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" begin ", uid_range_table[i].name, " users ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
@ -208,7 +199,7 @@ static int table_add_uid_boundaries(
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_EMPTY,
|
||||
TABLE_INT, -1); /* sort before any other entry with the same UID */
|
||||
TABLE_INT, -1); /* sort before an other entry with the same UID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
@ -238,7 +229,7 @@ static int table_add_uid_boundaries(
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_EMPTY,
|
||||
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
||||
TABLE_INT, 1); /* sort after an other entry with the same UID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
}
|
||||
@ -246,104 +237,6 @@ static int table_add_uid_boundaries(
|
||||
return ELEMENTSOF(uid_range_table) * 2;
|
||||
}
|
||||
|
||||
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
||||
_cleanup_free_ char *name = NULL;
|
||||
int r;
|
||||
|
||||
assert(table);
|
||||
assert(start <= end);
|
||||
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" begin unavailable users ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
if (!name)
|
||||
return log_oom();
|
||||
|
||||
r = table_add_many(
|
||||
table,
|
||||
TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_TOP),
|
||||
TABLE_STRING, name,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_UID, start,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_STRING, "First unavailable user",
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_EMPTY,
|
||||
TABLE_INT, -1); /* sort before an other entry with the same UID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
free(name);
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" end unavailable users ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
if (!name)
|
||||
return log_oom();
|
||||
|
||||
r = table_add_many(
|
||||
table,
|
||||
TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT),
|
||||
TABLE_STRING, name,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_UID, end,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_STRING, "Last unavailable user",
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_EMPTY,
|
||||
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
return 2;
|
||||
}
|
||||
|
||||
static int table_add_uid_map(
|
||||
Table *table,
|
||||
const UidRange *p,
|
||||
size_t n,
|
||||
int (*add_unavailable)(Table *t, uid_t start, uid_t end)) {
|
||||
|
||||
uid_t focus = 0;
|
||||
int n_added = 0, r;
|
||||
|
||||
assert(table);
|
||||
assert(p || n == 0);
|
||||
assert(add_unavailable);
|
||||
|
||||
for (size_t i = 0; i < n; i++) {
|
||||
if (focus < p[i].start) {
|
||||
r = add_unavailable(table, focus, p[i].start-1);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
n_added += r;
|
||||
}
|
||||
|
||||
if (p[i].start > UINT32_MAX - p[i].nr) { /* overflow check */
|
||||
focus = UINT32_MAX;
|
||||
break;
|
||||
}
|
||||
|
||||
focus = p[i].start + p[i].nr;
|
||||
}
|
||||
|
||||
if (focus < UINT32_MAX-1) {
|
||||
r = add_unavailable(table, focus, UINT32_MAX-1);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
n_added += r;
|
||||
}
|
||||
|
||||
return n_added;
|
||||
}
|
||||
|
||||
static int display_user(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_(table_unrefp) Table *table = NULL;
|
||||
bool draw_separator = false;
|
||||
@ -429,22 +322,12 @@ static int display_user(int argc, char *argv[], void *userdata) {
|
||||
}
|
||||
|
||||
if (table) {
|
||||
_cleanup_free_ UidRange *uid_range = NULL;
|
||||
int boundary_lines, uid_map_lines;
|
||||
size_t n_uid_range;
|
||||
int boundary_lines;
|
||||
|
||||
r = uid_range_load_userns(&uid_range, &n_uid_range, "/proc/self/uid_map");
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to load /proc/self/uid_map, ignoring: %m");
|
||||
|
||||
boundary_lines = table_add_uid_boundaries(table, uid_range, n_uid_range);
|
||||
boundary_lines = table_add_uid_boundaries(table);
|
||||
if (boundary_lines < 0)
|
||||
return boundary_lines;
|
||||
|
||||
uid_map_lines = table_add_uid_map(table, uid_range, n_uid_range, add_unavailable_uid);
|
||||
if (uid_map_lines < 0)
|
||||
return uid_map_lines;
|
||||
|
||||
if (table_get_rows(table) > 1) {
|
||||
r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend);
|
||||
if (r < 0)
|
||||
@ -452,11 +335,8 @@ static int display_user(int argc, char *argv[], void *userdata) {
|
||||
}
|
||||
|
||||
if (arg_legend) {
|
||||
size_t k;
|
||||
|
||||
k = table_get_rows(table) - 1 - boundary_lines - uid_map_lines;
|
||||
if (k > 0)
|
||||
printf("\n%zu users listed.\n", k);
|
||||
if (table_get_rows(table) > 1)
|
||||
printf("\n%zu users listed.\n", table_get_rows(table) - 1 - boundary_lines);
|
||||
else
|
||||
printf("No users.\n");
|
||||
}
|
||||
@ -531,22 +411,14 @@ static int show_group(GroupRecord *gr, Table *table) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int table_add_gid_boundaries(
|
||||
Table *table,
|
||||
const UidRange *p,
|
||||
size_t n) {
|
||||
static int table_add_gid_boundaries(Table *table) {
|
||||
int r;
|
||||
|
||||
assert(table);
|
||||
assert(p || n == 0);
|
||||
|
||||
for (size_t i = 0; i < ELEMENTSOF(uid_range_table); i++) {
|
||||
_cleanup_free_ char *name = NULL, *comment = NULL;
|
||||
|
||||
if (n > 0 &&
|
||||
!uid_range_covers(p, n, uid_range_table[i].first, uid_range_table[i].last))
|
||||
continue;
|
||||
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" begin ", uid_range_table[i].name, " groups ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
@ -568,7 +440,7 @@ static int table_add_gid_boundaries(
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_STRING, comment,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_INT, -1); /* sort before any other entry with the same GID */
|
||||
TABLE_INT, -1); /* sort before an other entry with the same GID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
@ -595,7 +467,7 @@ static int table_add_gid_boundaries(
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_STRING, comment,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
||||
TABLE_INT, 1); /* sort after an other entry with the same GID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
}
|
||||
@ -603,57 +475,6 @@ static int table_add_gid_boundaries(
|
||||
return ELEMENTSOF(uid_range_table) * 2;
|
||||
}
|
||||
|
||||
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
||||
_cleanup_free_ char *name = NULL;
|
||||
int r;
|
||||
|
||||
assert(table);
|
||||
assert(start <= end);
|
||||
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" begin unavailable groups ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
if (!name)
|
||||
return log_oom();
|
||||
|
||||
r = table_add_many(
|
||||
table,
|
||||
TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_TOP),
|
||||
TABLE_STRING, name,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_GID, start,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_STRING, "First unavailable group",
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_INT, -1); /* sort before any other entry with the same GID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
free(name);
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" end unavailable groups ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
if (!name)
|
||||
return log_oom();
|
||||
|
||||
r = table_add_many(
|
||||
table,
|
||||
TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT),
|
||||
TABLE_STRING, name,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_EMPTY,
|
||||
TABLE_GID, end,
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_STRING, "Last unavailable group",
|
||||
TABLE_SET_COLOR, ansi_grey(),
|
||||
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
return 2;
|
||||
}
|
||||
|
||||
static int display_group(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_(table_unrefp) Table *table = NULL;
|
||||
bool draw_separator = false;
|
||||
@ -738,22 +559,12 @@ static int display_group(int argc, char *argv[], void *userdata) {
|
||||
}
|
||||
|
||||
if (table) {
|
||||
_cleanup_free_ UidRange *gid_range = NULL;
|
||||
int boundary_lines, gid_map_lines;
|
||||
size_t n_gid_range;
|
||||
int boundary_lines;
|
||||
|
||||
r = uid_range_load_userns(&gid_range, &n_gid_range, "/proc/self/gid_map");
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to load /proc/self/gid_map, ignoring: %m");
|
||||
|
||||
boundary_lines = table_add_gid_boundaries(table, gid_range, n_gid_range);
|
||||
boundary_lines = table_add_gid_boundaries(table);
|
||||
if (boundary_lines < 0)
|
||||
return boundary_lines;
|
||||
|
||||
gid_map_lines = table_add_uid_map(table, gid_range, n_gid_range, add_unavailable_gid);
|
||||
if (gid_map_lines < 0)
|
||||
return gid_map_lines;
|
||||
|
||||
if (table_get_rows(table) > 1) {
|
||||
r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend);
|
||||
if (r < 0)
|
||||
@ -761,11 +572,8 @@ static int display_group(int argc, char *argv[], void *userdata) {
|
||||
}
|
||||
|
||||
if (arg_legend) {
|
||||
size_t k;
|
||||
|
||||
k = table_get_rows(table) - 1 - boundary_lines - gid_map_lines;
|
||||
if (k > 0)
|
||||
printf("\n%zu groups listed.\n", k);
|
||||
if (table_get_rows(table) > 1)
|
||||
printf("\n%zu groups listed.\n", table_get_rows(table) - 1 - boundary_lines);
|
||||
else
|
||||
printf("No groups.\n");
|
||||
}
|
||||
|
||||
@ -17,9 +17,7 @@
|
||||
#include "terminal-util.h"
|
||||
|
||||
static uint32_t arg_activate_flags = CRYPT_ACTIVATE_READONLY;
|
||||
static char *arg_root_hash_signature = NULL;
|
||||
|
||||
STATIC_DESTRUCTOR_REGISTER(arg_root_hash_signature, freep);
|
||||
static const char *arg_root_hash_signature = NULL;
|
||||
|
||||
static int help(void) {
|
||||
_cleanup_free_ char *link = NULL;
|
||||
@ -41,17 +39,13 @@ static int help(void) {
|
||||
}
|
||||
|
||||
static int save_roothashsig_option(const char *option, bool strict) {
|
||||
int r;
|
||||
|
||||
if (path_is_absolute(option) || startswith(option, "base64:")) {
|
||||
if (!HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||
"Activation of verity device with signature requested, but cryptsetup does not support crypt_activate_by_signed_key().");
|
||||
|
||||
r = free_and_strdup_warn(&arg_root_hash_signature, option);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
arg_root_hash_signature = option;
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -66,10 +60,10 @@ static int parse_options(const char *options) {
|
||||
int r;
|
||||
|
||||
/* backward compatibility with the obsolete ROOTHASHSIG positional argument */
|
||||
r = save_roothashsig_option(options, /* strict= */ false);
|
||||
r = save_roothashsig_option(options, false);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0) {
|
||||
if (r == 1) {
|
||||
log_warning("Usage of ROOTHASHSIG positional argument is deprecated. "
|
||||
"Please use the option root-hash-signature=%s instead.", options);
|
||||
return 0;
|
||||
@ -105,7 +99,7 @@ static int parse_options(const char *options) {
|
||||
arg_activate_flags |= CRYPT_ACTIVATE_PANIC_ON_CORRUPTION;
|
||||
#endif
|
||||
else if ((val = startswith(word, "root-hash-signature="))) {
|
||||
r = save_roothashsig_option(val, /* strict= */ true);
|
||||
r = save_roothashsig_option(val, true);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
||||
@ -575,14 +575,14 @@ systemd-analyze security --threshold=90 --offline=true \
|
||||
--root=/tmp/img/ testfile.service
|
||||
|
||||
# The strict profile adds a lot of sanboxing options
|
||||
systemd-analyze security --threshold=25 --offline=true \
|
||||
systemd-analyze security --threshold=20 --offline=true \
|
||||
--security-policy=/tmp/testfile.json \
|
||||
--profile=strict \
|
||||
--root=/tmp/img/ testfile.service
|
||||
|
||||
set +e
|
||||
# The trusted profile doesn't add any sanboxing options
|
||||
systemd-analyze security --threshold=25 --offline=true \
|
||||
systemd-analyze security --threshold=20 --offline=true \
|
||||
--security-policy=/tmp/testfile.json \
|
||||
--profile=/usr/lib/systemd/portable/profile/trusted/service.conf \
|
||||
--root=/tmp/img/ testfile.service \
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user