Compare commits

..

17 Commits

Author SHA1 Message Date
Adrian Vovk cf612c5fd5
repart: Add tests for supplement partitions 2024-09-17 14:06:51 -04:00
Adrian Vovk 2cb9c68c3a
repart: Add SupplementFor= logic
This was designed to deal with $BOOT, as defined by the Boot Loader
Specification, but it was made a generic mechanism because it is useful
elsewhere too. See the updated man page for usage examples, motivation,
and an explanation of how this works.
2024-09-17 14:06:50 -04:00
Adrian Vovk 78e9059208
repart: Consider existing partitions when placing
Fixes an oversight in `context_allocate_partitions` that makes it
succeed in cases where it should fail. Essentially, there was nothing
actually enforcing SizeMinBytes= and PaddingMinBytes= for partitions
that exist, only for new partitions. This behavior is inconsistent with
the docs, which state that existing partitions will be grown to at least
the specified minimum size, and that "If the backing device does not
provide enough space to fulfill the constraints placing the partition
will fail".
2024-09-17 14:06:49 -04:00
Adrian Vovk e671bdc5c3
strv: Fixup STRV_FOREACH_PAIR macro
The macro didn't properly parenthesize a caller-controlled argument.
For example: `STRV_FOREACH_PAIR(a, b, something ?: something_else)`
would expand to `typeof(*something ?: something_else)`, which would
cause compile failures
2024-09-17 14:06:26 -04:00
PavlNekrasov d80a9042ca
Use correct error code in log message in output_waiting_jobs (#34404)
The error code `r` from the read function is being logged, but the error code `rc` from the table data insertion function should be logged instead.
2024-09-17 19:17:21 +09:00
Yu Watanabe a7afe5a3e7
Merge pull request #34443 from yuwata/network-sysctl-monitor-follow-ups
network/sysctl-monitor: several follow-ups and cleanups
2024-09-17 19:15:12 +09:00
Yu Watanabe a65b864835 docs: fix typo in filename: REATLIME -> REALTIME 2024-09-17 10:21:54 +02:00
Yu Watanabe 9959681a0d test/repart: fix mkfs checker
Follow-up for 27cacec939.
2024-09-17 10:15:21 +02:00
Daan De Meyer b3ebd480d6 Fix generator logging
log_setup() overrides the previously set log target again so we
can't use it in log_setup_generator().

Follow-up for aa976d8788
2024-09-17 15:10:39 +09:00
Arian van Putten 6695ff4c15 CONTROL_GROUP_INTERFACE: fix link to systemd-run code 2024-09-17 15:09:48 +09:00
Yu Watanabe 4d6ad22f8d network: drop unnecessary BPF related objects from Manager when disabled 2024-09-17 15:00:06 +09:00
Yu Watanabe 099ee34ca1 network/sysctl-monitor: do not allocate sysctl_shadow when eBPF is not supported
When eBPF is disabled, the hashmap will be never used. Let's not
allocate it.
2024-09-17 14:53:29 +09:00
Yu Watanabe a2fbe9f3f9 network/sysctl-monitor: fix use-after-free
Previously, manager_free() did not assign NULL to Manager.sysctl_shadow,
hence sysctl_clear_link_shadows() called by link_free() will causes
use-after-free. To fix the issue, this makes Manager.sysctl_shadow will be
set to NULL after it is freed,

Fixes a bug introduced by 6d9ef22acd.
2024-09-16 15:12:47 +09:00
Yu Watanabe 7c778cecdb network/sysctl: several cleanups for sysctl_add_monitor()
- rename rootcg -> root_cgroup_fd, to emphasize it is a fd,
- drop nested function call, and check error code.
2024-09-16 14:36:54 +09:00
Yu Watanabe 46718d344f bpf-link: introduce bpf_ring_buffer_free() and friends
Then, replace rb_free() in networkd.

Follow-up for 6d9ef22acd.
2024-09-16 14:36:54 +09:00
Yu Watanabe 9295c7ae09 network/sysctl: use wrapped free functions
No functional change, just refactoring.

Follow-up for 6d9ef22acd.
2024-09-16 14:36:54 +09:00
Yu Watanabe 41afafbf2a network/sysctl-monitor: fix sanity check in cut_last()
This also adds basic comment about the return code.

Follow-up for 6d9ef22acd.
2024-09-16 14:36:54 +09:00
16 changed files with 91 additions and 80 deletions

2
TODO
View File

@ -1860,7 +1860,7 @@ Features:
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline * fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
* docs: bring https://systemd.io/MY_SERVICE_CANT_GET_REATLIME up to date * docs: bring https://systemd.io/MY_SERVICE_CANT_GET_REALTIME up to date
* add a job mode that will fail if a transaction would mean stopping * add a job mode that will fail if a transaction would mean stopping
running units. Use this in timedated to manage the NTP service running units. Use this in timedated to manage the NTP service

View File

@ -247,4 +247,4 @@ Note that scope units created by `machined`'s `CreateMachine()` call have this f
### Example ### Example
Please see the [systemd-run sources](http://cgit.freedesktop.org/systemd/systemd/plain/src/run/run.c) for a relatively simple example how to create scope or service units transiently and pass properties to them. Please see the [systemd-run sources](https://github.com/systemd/systemd/blob/main/src/run/run.c) for a relatively simple example how to create scope or service units transiently and pass properties to them.

View File

@ -104,7 +104,7 @@ A: Use:
**Q: Whenever my service tries to acquire RT scheduling for one of its threads this is refused with EPERM even though my service is running with full privileges. This works fine on my non-systemd system!** **Q: Whenever my service tries to acquire RT scheduling for one of its threads this is refused with EPERM even though my service is running with full privileges. This works fine on my non-systemd system!**
A: By default, systemd places all systemd daemons in their own cgroup in the "cpu" hierarchy. Unfortunately, due to a kernel limitation, this has the effect of disallowing RT entirely for the service. See [My Service Can't Get Realtime!](/MY_SERVICE_CANT_GET_REATLIME) for a longer discussion and what to do about this. A: By default, systemd places all systemd daemons in their own cgroup in the "cpu" hierarchy. Unfortunately, due to a kernel limitation, this has the effect of disallowing RT entirely for the service. See [My Service Can't Get Realtime!](/MY_SERVICE_CANT_GET_REALTIME) for a longer discussion and what to do about this.
**Q: My service is ordered after `network.target` but at boot it is still called before the network is up. What's going on?** **Q: My service is ordered after `network.target` but at boot it is still called before the network is up. What's going on?**

View File

@ -36,23 +36,22 @@ struct str {
static long cut_last(u32 i, struct str *str) { static long cut_last(u32 i, struct str *str) {
char *s; char *s;
/* Sanity check for the preverifier */
if (i >= str->l)
return 1; /* exit from the loop */
i = str->l - i - 1; i = str->l - i - 1;
s = str->s + i; s = str->s + i;
/* Sanity check for the preverifier */
if (i >= str->l)
return 1;
if (*s == 0) if (*s == 0)
return 0; return 0; /* continue */
if (*s == '\n' || *s == '\r' || *s == ' ' || *s == '\t') { if (*s == '\n' || *s == '\r' || *s == ' ' || *s == '\t') {
*s = 0; *s = 0;
return 0; /* continue */
return 0;
} }
return 1; return 1; /* exit from the loop */
} }
/* Cut off trailing whitespace and newlines */ /* Cut off trailing whitespace and newlines */

View File

@ -221,7 +221,7 @@ int link_set_ipv6ll_stable_secret(Link *link) {
} }
return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret", return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret",
IN6_ADDR_TO_STRING(&a), &link->manager->sysctl_shadow); IN6_ADDR_TO_STRING(&a), manager_get_sysctl_shadow(link->manager));
} }
int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) { int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
@ -232,7 +232,7 @@ int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
if (mode == link->ipv6ll_address_gen_mode) if (mode == link->ipv6ll_address_gen_mode)
return 0; return 0;
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, &link->manager->sysctl_shadow); return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, manager_get_sysctl_shadow(link->manager));
} }
static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = { static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = {

View File

@ -604,7 +604,9 @@ int manager_new(Manager **ret, bool test_mode) {
.duid_product_uuid.type = DUID_TYPE_UUID, .duid_product_uuid.type = DUID_TYPE_UUID,
.dhcp_server_persist_leases = true, .dhcp_server_persist_leases = true,
.ip_forwarding = { -1, -1, }, .ip_forwarding = { -1, -1, },
#if HAVE_VMLINUX_H
.cgroup_fd = -EBADF, .cgroup_fd = -EBADF,
#endif
}; };
*ret = TAKE_PTR(m); *ret = TAKE_PTR(m);
@ -624,8 +626,6 @@ Manager* manager_free(Manager *m) {
HASHMAP_FOREACH(link, m->links_by_index) HASHMAP_FOREACH(link, m->links_by_index)
(void) link_stop_engines(link, true); (void) link_stop_engines(link, true);
hashmap_free(m->sysctl_shadow);
m->request_queue = ordered_set_free(m->request_queue); m->request_queue = ordered_set_free(m->request_queue);
m->remove_request_queue = ordered_set_free(m->remove_request_queue); m->remove_request_queue = ordered_set_free(m->remove_request_queue);

View File

@ -122,12 +122,14 @@ struct Manager {
/* sysctl */ /* sysctl */
int ip_forwarding[2]; int ip_forwarding[2];
#if HAVE_VMLINUX_H
Hashmap *sysctl_shadow; Hashmap *sysctl_shadow;
sd_event_source *sysctl_event_source; sd_event_source *sysctl_event_source;
struct ring_buffer *sysctl_buffer; struct ring_buffer *sysctl_buffer;
struct sysctl_monitor_bpf *sysctl_skel; struct sysctl_monitor_bpf *sysctl_skel;
struct bpf_link *sysctl_link; struct bpf_link *sysctl_link;
int cgroup_fd; int cgroup_fd;
#endif
}; };
int manager_new(Manager **ret, bool test_mode); int manager_new(Manager **ret, bool test_mode);
@ -150,4 +152,12 @@ int manager_set_timezone(Manager *m, const char *timezone);
int manager_reload(Manager *m, sd_bus_message *message); int manager_reload(Manager *m, sd_bus_message *message);
static inline Hashmap** manager_get_sysctl_shadow(Manager *manager) {
#if HAVE_VMLINUX_H
return &ASSERT_PTR(manager)->sysctl_shadow;
#else
return NULL;
#endif
}
DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);

View File

@ -987,7 +987,7 @@ static int ndisc_router_process_reachable_time(Link *link, sd_ndisc_router *rt)
} }
/* Set the reachable time for Neighbor Solicitations. */ /* Set the reachable time for Neighbor Solicitations. */
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow); r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec); log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec);
@ -1021,7 +1021,7 @@ static int ndisc_router_process_retransmission_time(Link *link, sd_ndisc_router
} }
/* Set the retransmission time for Neighbor Solicitations. */ /* Set the retransmission time for Neighbor Solicitations. */
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow); r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec); log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec);
@ -1057,7 +1057,7 @@ static int ndisc_router_process_hop_limit(Link *link, sd_ndisc_router *rt) {
if (hop_limit <= 0) if (hop_limit <= 0)
return 0; return 0;
r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, &link->manager->sysctl_shadow); r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit); log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit);

View File

@ -34,13 +34,7 @@ static struct sysctl_monitor_bpf* sysctl_monitor_bpf_free(struct sysctl_monitor_
return NULL; return NULL;
} }
static struct ring_buffer* rb_free(struct ring_buffer *rb) {
sym_ring_buffer__free(rb);
return NULL;
}
DEFINE_TRIVIAL_CLEANUP_FUNC(struct sysctl_monitor_bpf *, sysctl_monitor_bpf_free); DEFINE_TRIVIAL_CLEANUP_FUNC(struct sysctl_monitor_bpf *, sysctl_monitor_bpf_free);
DEFINE_TRIVIAL_CLEANUP_FUNC(struct ring_buffer *, rb_free);
static int sysctl_event_handler(void *ctx, void *data, size_t data_sz) { static int sysctl_event_handler(void *ctx, void *data, size_t data_sz) {
struct sysctl_write_event *we = ASSERT_PTR(data); struct sysctl_write_event *we = ASSERT_PTR(data);
@ -99,10 +93,10 @@ static int on_ringbuf_io(sd_event_source *s, int fd, uint32_t revents, void *use
int sysctl_add_monitor(Manager *manager) { int sysctl_add_monitor(Manager *manager) {
_cleanup_(sysctl_monitor_bpf_freep) struct sysctl_monitor_bpf *obj = NULL; _cleanup_(sysctl_monitor_bpf_freep) struct sysctl_monitor_bpf *obj = NULL;
_cleanup_(bpf_link_freep) struct bpf_link *sysctl_link = NULL; _cleanup_(bpf_link_freep) struct bpf_link *sysctl_link = NULL;
_cleanup_(rb_freep) struct ring_buffer *sysctl_buffer = NULL; _cleanup_(bpf_ring_buffer_freep) struct ring_buffer *sysctl_buffer = NULL;
_cleanup_close_ int cgroup_fd = -EBADF, rootcg = -EBADF; _cleanup_close_ int cgroup_fd = -EBADF, root_cgroup_fd = -EBADF;
_cleanup_free_ char *cgroup = NULL; _cleanup_free_ char *cgroup = NULL;
int idx = 0, r; int idx = 0, r, fd;
assert(manager); assert(manager);
@ -116,9 +110,9 @@ int sysctl_add_monitor(Manager *manager) {
if (r < 0) if (r < 0)
return log_warning_errno(r, "Failed to get cgroup path, ignoring: %m."); return log_warning_errno(r, "Failed to get cgroup path, ignoring: %m.");
rootcg = cg_path_open(SYSTEMD_CGROUP_CONTROLLER, "/"); root_cgroup_fd = cg_path_open(SYSTEMD_CGROUP_CONTROLLER, "/");
if (rootcg < 0) if (root_cgroup_fd < 0)
return log_warning_errno(rootcg, "Failed to open cgroup, ignoring: %m."); return log_warning_errno(root_cgroup_fd, "Failed to open cgroup, ignoring: %m.");
obj = sysctl_monitor_bpf__open_and_load(); obj = sysctl_monitor_bpf__open_and_load();
if (!obj) { if (!obj) {
@ -133,21 +127,27 @@ int sysctl_add_monitor(Manager *manager) {
if (sym_bpf_map_update_elem(sym_bpf_map__fd(obj->maps.cgroup_map), &idx, &cgroup_fd, BPF_ANY)) if (sym_bpf_map_update_elem(sym_bpf_map__fd(obj->maps.cgroup_map), &idx, &cgroup_fd, BPF_ANY))
return log_warning_errno(errno, "Failed to update cgroup map: %m"); return log_warning_errno(errno, "Failed to update cgroup map: %m");
sysctl_link = sym_bpf_program__attach_cgroup(obj->progs.sysctl_monitor, rootcg); sysctl_link = sym_bpf_program__attach_cgroup(obj->progs.sysctl_monitor, root_cgroup_fd);
r = bpf_get_error_translated(sysctl_link); r = bpf_get_error_translated(sysctl_link);
if (r < 0) { if (r < 0) {
log_info_errno(r, "Unable to attach sysctl monitor BPF program to cgroup, ignoring: %m."); log_info_errno(r, "Unable to attach sysctl monitor BPF program to cgroup, ignoring: %m.");
return 0; return 0;
} }
sysctl_buffer = sym_ring_buffer__new( fd = sym_bpf_map__fd(obj->maps.written_sysctls);
sym_bpf_map__fd(obj->maps.written_sysctls), if (fd < 0)
sysctl_event_handler, &manager->sysctl_shadow, NULL); return log_warning_errno(fd, "Failed to get fd of sysctl maps: %m");
sysctl_buffer = sym_ring_buffer__new(fd, sysctl_event_handler, &manager->sysctl_shadow, NULL);
if (!sysctl_buffer) if (!sysctl_buffer)
return log_warning_errno(errno, "Failed to create ring buffer: %m"); return log_warning_errno(errno, "Failed to create ring buffer: %m");
fd = sym_ring_buffer__epoll_fd(sysctl_buffer);
if (fd < 0)
return log_warning_errno(fd, "Failed to get poll fd of ring buffer: %m");
r = sd_event_add_io(manager->event, &manager->sysctl_event_source, r = sd_event_add_io(manager->event, &manager->sysctl_event_source,
sym_ring_buffer__epoll_fd(sysctl_buffer), EPOLLIN, on_ringbuf_io, sysctl_buffer); fd, EPOLLIN, on_ringbuf_io, sysctl_buffer);
if (r < 0) if (r < 0)
return log_warning_errno(r, "Failed to watch sysctl event ringbuffer: %m"); return log_warning_errno(r, "Failed to watch sysctl event ringbuffer: %m");
@ -163,23 +163,11 @@ void sysctl_remove_monitor(Manager *manager) {
assert(manager); assert(manager);
manager->sysctl_event_source = sd_event_source_disable_unref(manager->sysctl_event_source); manager->sysctl_event_source = sd_event_source_disable_unref(manager->sysctl_event_source);
manager->sysctl_buffer = bpf_ring_buffer_free(manager->sysctl_buffer);
if (manager->sysctl_buffer) { manager->sysctl_link = bpf_link_free(manager->sysctl_link);
sym_ring_buffer__free(manager->sysctl_buffer); manager->sysctl_skel = sysctl_monitor_bpf_free(manager->sysctl_skel);
manager->sysctl_buffer = NULL;
}
if (manager->sysctl_link) {
sym_bpf_link__destroy(manager->sysctl_link);
manager->sysctl_link = NULL;
}
if (manager->sysctl_skel) {
sysctl_monitor_bpf__destroy(manager->sysctl_skel);
manager->sysctl_skel = NULL;
}
manager->cgroup_fd = safe_close(manager->cgroup_fd); manager->cgroup_fd = safe_close(manager->cgroup_fd);
manager->sysctl_shadow = hashmap_free(manager->sysctl_shadow);
} }
int sysctl_clear_link_shadows(Link *link) { int sysctl_clear_link_shadows(Link *link) {
@ -222,13 +210,13 @@ static void manager_set_ip_forwarding(Manager *manager, int family) {
return; /* keep */ return; /* keep */
/* First, set the default value. */ /* First, set the default value. */
r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, &manager->sysctl_shadow); r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, manager_get_sysctl_shadow(manager));
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to %s the default %s forwarding: %m", log_warning_errno(r, "Failed to %s the default %s forwarding: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
/* Then, set the value to all interfaces. */ /* Then, set the value to all interfaces. */
r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, &manager->sysctl_shadow); r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, manager_get_sysctl_shadow(manager));
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m", log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
@ -273,7 +261,7 @@ static int link_update_ipv6_sysctl(Link *link) {
if (!link_ipv6_enabled(link)) if (!link_ipv6_enabled(link))
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_proxy_arp(Link *link) { static int link_set_proxy_arp(Link *link) {
@ -286,7 +274,7 @@ static int link_set_proxy_arp(Link *link) {
if (link->network->proxy_arp < 0) if (link->network->proxy_arp < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_proxy_arp_pvlan(Link *link) { static int link_set_proxy_arp_pvlan(Link *link) {
@ -299,7 +287,7 @@ static int link_set_proxy_arp_pvlan(Link *link) {
if (link->network->proxy_arp_pvlan < 0) if (link->network->proxy_arp_pvlan < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, manager_get_sysctl_shadow(link->manager));
} }
int link_get_ip_forwarding(Link *link, int family) { int link_get_ip_forwarding(Link *link, int family) {
@ -341,7 +329,7 @@ static int link_set_ip_forwarding_impl(Link *link, int family) {
if (t < 0) if (t < 0)
return 0; /* keep */ return 0; /* keep */
r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, &link->manager->sysctl_shadow); r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m", return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
@ -418,7 +406,7 @@ static int link_set_ipv4_rp_filter(Link *link) {
if (link->network->ipv4_rp_filter < 0) if (link->network->ipv4_rp_filter < 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_privacy_extensions(Link *link) { static int link_set_ipv6_privacy_extensions(Link *link) {
@ -438,7 +426,7 @@ static int link_set_ipv6_privacy_extensions(Link *link) {
if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL) if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_accept_ra(Link *link) { static int link_set_ipv6_accept_ra(Link *link) {
@ -448,7 +436,7 @@ static int link_set_ipv6_accept_ra(Link *link) {
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", &link->manager->sysctl_shadow); return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_dad_transmits(Link *link) { static int link_set_ipv6_dad_transmits(Link *link) {
@ -461,7 +449,7 @@ static int link_set_ipv6_dad_transmits(Link *link) {
if (link->network->ipv6_dad_transmits < 0) if (link->network->ipv6_dad_transmits < 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_hop_limit(Link *link) { static int link_set_ipv6_hop_limit(Link *link) {
@ -474,7 +462,7 @@ static int link_set_ipv6_hop_limit(Link *link) {
if (link->network->ipv6_hop_limit <= 0) if (link->network->ipv6_hop_limit <= 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_retransmission_time(Link *link) { static int link_set_ipv6_retransmission_time(Link *link) {
@ -493,7 +481,7 @@ static int link_set_ipv6_retransmission_time(Link *link) {
if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX) if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX)
return 0; return 0;
return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, &link->manager->sysctl_shadow); return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_proxy_ndp(Link *link) { static int link_set_ipv6_proxy_ndp(Link *link) {
@ -510,7 +498,7 @@ static int link_set_ipv6_proxy_ndp(Link *link) {
else else
v = !set_isempty(link->network->ipv6_proxy_ndp_addresses); v = !set_isempty(link->network->ipv6_proxy_ndp_addresses);
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, manager_get_sysctl_shadow(link->manager));
} }
int link_set_ipv6_mtu(Link *link, int log_level) { int link_set_ipv6_mtu(Link *link, int log_level) {
@ -538,7 +526,7 @@ int link_set_ipv6_mtu(Link *link, int log_level) {
mtu = link->mtu; mtu = link->mtu;
} }
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, &link->manager->sysctl_shadow); return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv4_accept_local(Link *link) { static int link_set_ipv4_accept_local(Link *link) {
@ -551,7 +539,7 @@ static int link_set_ipv4_accept_local(Link *link) {
if (link->network->ipv4_accept_local < 0) if (link->network->ipv4_accept_local < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv4_route_localnet(Link *link) { static int link_set_ipv4_route_localnet(Link *link) {
@ -564,7 +552,7 @@ static int link_set_ipv4_route_localnet(Link *link) {
if (link->network->ipv4_route_localnet < 0) if (link->network->ipv4_route_localnet < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv4_promote_secondaries(Link *link) { static int link_set_ipv4_promote_secondaries(Link *link) {
@ -579,7 +567,7 @@ static int link_set_ipv4_promote_secondaries(Link *link) {
* otherwise. The way systemd-networkd works is that the new IP of a lease is added as a * otherwise. The way systemd-networkd works is that the new IP of a lease is added as a
* secondary IP and when the primary one expires it relies on the kernel to promote the * secondary IP and when the primary one expires it relies on the kernel to promote the
* secondary IP. See also https://github.com/systemd/systemd/issues/7163 */ * secondary IP. See also https://github.com/systemd/systemd/issues/7163 */
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, manager_get_sysctl_shadow(link->manager));
} }
int link_set_sysctl(Link *link) { int link_set_sysctl(Link *link) {

View File

@ -6,6 +6,7 @@
#include "sd-daemon.h" #include "sd-daemon.h"
#include "bpf-dlopen.h" #include "bpf-dlopen.h"
#include "bpf-link.h"
#include "build-path.h" #include "build-path.h"
#include "common-signal.h" #include "common-signal.h"
#include "env-util.h" #include "env-util.h"
@ -141,8 +142,7 @@ Manager* manager_free(Manager *m) {
#if HAVE_VMLINUX_H #if HAVE_VMLINUX_H
sd_event_source_disable_unref(m->userns_restrict_bpf_ring_buffer_event_source); sd_event_source_disable_unref(m->userns_restrict_bpf_ring_buffer_event_source);
if (m->userns_restrict_bpf_ring_buffer) bpf_ring_buffer_free(m->userns_restrict_bpf_ring_buffer);
sym_ring_buffer__free(m->userns_restrict_bpf_ring_buffer);
userns_restrict_bpf_free(m->userns_restrict_bpf); userns_restrict_bpf_free(m->userns_restrict_bpf);
#endif #endif

View File

@ -31,7 +31,7 @@ int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *li
return serialize_fd(f, fds, key, sym_bpf_link__fd(link)); return serialize_fd(f, fds, key, sym_bpf_link__fd(link));
} }
struct bpf_link *bpf_link_free(struct bpf_link *link) { struct bpf_link* bpf_link_free(struct bpf_link *link) {
/* If libbpf wasn't dlopen()ed, sym_bpf_link__destroy might be unresolved (NULL), so let's not try to /* If libbpf wasn't dlopen()ed, sym_bpf_link__destroy might be unresolved (NULL), so let's not try to
* call it if link is NULL. link might also be a non-null "error pointer", but such a value can only * call it if link is NULL. link might also be a non-null "error pointer", but such a value can only
* originate from a call to libbpf, but that means that libbpf is available, and we can let * originate from a call to libbpf, but that means that libbpf is available, and we can let
@ -41,3 +41,10 @@ struct bpf_link *bpf_link_free(struct bpf_link *link) {
return NULL; return NULL;
} }
struct ring_buffer* bpf_ring_buffer_free(struct ring_buffer *rb) {
if (rb) /* See the comment in bpf_link_free(). */
sym_ring_buffer__free(rb);
return NULL;
}

View File

@ -12,5 +12,8 @@ bool bpf_can_link_program(struct bpf_program *prog);
int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *link); int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *link);
struct bpf_link *bpf_link_free(struct bpf_link *p); struct bpf_link* bpf_link_free(struct bpf_link *p);
DEFINE_TRIVIAL_CLEANUP_FUNC(struct bpf_link *, bpf_link_free); DEFINE_TRIVIAL_CLEANUP_FUNC(struct bpf_link *, bpf_link_free);
struct ring_buffer* bpf_ring_buffer_free(struct ring_buffer *rb);
DEFINE_TRIVIAL_CLEANUP_FUNC(struct ring_buffer *, bpf_ring_buffer_free);

View File

@ -968,7 +968,9 @@ void log_setup_generator(void) {
/* This effectively means: journal for per-user generators, kmsg otherwise */ /* This effectively means: journal for per-user generators, kmsg otherwise */
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG); log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
} } else
log_set_target(LOG_TARGET_AUTO);
log_setup(); log_parse_environment();
log_open();
} }

View File

@ -28,17 +28,16 @@ static int output_waiting_jobs(sd_bus *bus, Table *table, uint32_t id, const cha
while ((r = sd_bus_message_read(reply, "(usssoo)", &other_id, &name, &type, NULL, NULL, NULL)) > 0) { while ((r = sd_bus_message_read(reply, "(usssoo)", &other_id, &name, &type, NULL, NULL, NULL)) > 0) {
_cleanup_free_ char *row = NULL; _cleanup_free_ char *row = NULL;
int rc;
if (asprintf(&row, "%s %u (%s/%s)", prefix, other_id, name, type) < 0) if (asprintf(&row, "%s %u (%s/%s)", prefix, other_id, name, type) < 0)
return log_oom(); return log_oom();
rc = table_add_many(table, r = table_add_many(table,
TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT), TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT),
TABLE_STRING, row, TABLE_STRING, row,
TABLE_EMPTY, TABLE_EMPTY,
TABLE_EMPTY); TABLE_EMPTY);
if (rc < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
} }

View File

@ -1328,9 +1328,12 @@ testcase_compression() {
# TODO: add btrfs once btrfs-progs v6.11 is available in distributions. # TODO: add btrfs once btrfs-progs v6.11 is available in distributions.
for format in squashfs erofs; do for format in squashfs erofs; do
if ! command -v "mkfs.$format" && ! command -v mksquashfs >/dev/null; then case "$format" in
continue squashfs)
fi command -v mksquashfs >/dev/null || continue ;;
*)
command -v "mkfs.$format" || continue ;;
esac
[[ "$format" == "squashfs" ]] && compression=zstd [[ "$format" == "squashfs" ]] && compression=zstd
[[ "$format" == "erofs" ]] && compression=lz4hc [[ "$format" == "erofs" ]] && compression=lz4hc