Compare commits
17 Commits
bec24b132f
...
cf612c5fd5
Author | SHA1 | Date |
---|---|---|
Adrian Vovk | cf612c5fd5 | |
Adrian Vovk | 2cb9c68c3a | |
Adrian Vovk | 78e9059208 | |
Adrian Vovk | e671bdc5c3 | |
PavlNekrasov | d80a9042ca | |
Yu Watanabe | a7afe5a3e7 | |
Yu Watanabe | a65b864835 | |
Yu Watanabe | 9959681a0d | |
Daan De Meyer | b3ebd480d6 | |
Arian van Putten | 6695ff4c15 | |
Yu Watanabe | 4d6ad22f8d | |
Yu Watanabe | 099ee34ca1 | |
Yu Watanabe | a2fbe9f3f9 | |
Yu Watanabe | 7c778cecdb | |
Yu Watanabe | 46718d344f | |
Yu Watanabe | 9295c7ae09 | |
Yu Watanabe | 41afafbf2a |
2
TODO
2
TODO
|
@ -1860,7 +1860,7 @@ Features:
|
||||||
|
|
||||||
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
|
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
|
||||||
|
|
||||||
* docs: bring https://systemd.io/MY_SERVICE_CANT_GET_REATLIME up to date
|
* docs: bring https://systemd.io/MY_SERVICE_CANT_GET_REALTIME up to date
|
||||||
|
|
||||||
* add a job mode that will fail if a transaction would mean stopping
|
* add a job mode that will fail if a transaction would mean stopping
|
||||||
running units. Use this in timedated to manage the NTP service
|
running units. Use this in timedated to manage the NTP service
|
||||||
|
|
|
@ -247,4 +247,4 @@ Note that scope units created by `machined`'s `CreateMachine()` call have this f
|
||||||
|
|
||||||
### Example
|
### Example
|
||||||
|
|
||||||
Please see the [systemd-run sources](http://cgit.freedesktop.org/systemd/systemd/plain/src/run/run.c) for a relatively simple example how to create scope or service units transiently and pass properties to them.
|
Please see the [systemd-run sources](https://github.com/systemd/systemd/blob/main/src/run/run.c) for a relatively simple example how to create scope or service units transiently and pass properties to them.
|
||||||
|
|
|
@ -104,7 +104,7 @@ A: Use:
|
||||||
|
|
||||||
**Q: Whenever my service tries to acquire RT scheduling for one of its threads this is refused with EPERM even though my service is running with full privileges. This works fine on my non-systemd system!**
|
**Q: Whenever my service tries to acquire RT scheduling for one of its threads this is refused with EPERM even though my service is running with full privileges. This works fine on my non-systemd system!**
|
||||||
|
|
||||||
A: By default, systemd places all systemd daemons in their own cgroup in the "cpu" hierarchy. Unfortunately, due to a kernel limitation, this has the effect of disallowing RT entirely for the service. See [My Service Can't Get Realtime!](/MY_SERVICE_CANT_GET_REATLIME) for a longer discussion and what to do about this.
|
A: By default, systemd places all systemd daemons in their own cgroup in the "cpu" hierarchy. Unfortunately, due to a kernel limitation, this has the effect of disallowing RT entirely for the service. See [My Service Can't Get Realtime!](/MY_SERVICE_CANT_GET_REALTIME) for a longer discussion and what to do about this.
|
||||||
|
|
||||||
**Q: My service is ordered after `network.target` but at boot it is still called before the network is up. What's going on?**
|
**Q: My service is ordered after `network.target` but at boot it is still called before the network is up. What's going on?**
|
||||||
|
|
||||||
|
|
|
@ -36,23 +36,22 @@ struct str {
|
||||||
static long cut_last(u32 i, struct str *str) {
|
static long cut_last(u32 i, struct str *str) {
|
||||||
char *s;
|
char *s;
|
||||||
|
|
||||||
|
/* Sanity check for the preverifier */
|
||||||
|
if (i >= str->l)
|
||||||
|
return 1; /* exit from the loop */
|
||||||
|
|
||||||
i = str->l - i - 1;
|
i = str->l - i - 1;
|
||||||
s = str->s + i;
|
s = str->s + i;
|
||||||
|
|
||||||
/* Sanity check for the preverifier */
|
|
||||||
if (i >= str->l)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
if (*s == 0)
|
if (*s == 0)
|
||||||
return 0;
|
return 0; /* continue */
|
||||||
|
|
||||||
if (*s == '\n' || *s == '\r' || *s == ' ' || *s == '\t') {
|
if (*s == '\n' || *s == '\r' || *s == ' ' || *s == '\t') {
|
||||||
*s = 0;
|
*s = 0;
|
||||||
|
return 0; /* continue */
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1; /* exit from the loop */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Cut off trailing whitespace and newlines */
|
/* Cut off trailing whitespace and newlines */
|
||||||
|
|
|
@ -221,7 +221,7 @@ int link_set_ipv6ll_stable_secret(Link *link) {
|
||||||
}
|
}
|
||||||
|
|
||||||
return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret",
|
return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret",
|
||||||
IN6_ADDR_TO_STRING(&a), &link->manager->sysctl_shadow);
|
IN6_ADDR_TO_STRING(&a), manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
|
int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
|
||||||
|
@ -232,7 +232,7 @@ int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
|
||||||
if (mode == link->ipv6ll_address_gen_mode)
|
if (mode == link->ipv6ll_address_gen_mode)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = {
|
static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = {
|
||||||
|
|
|
@ -604,7 +604,9 @@ int manager_new(Manager **ret, bool test_mode) {
|
||||||
.duid_product_uuid.type = DUID_TYPE_UUID,
|
.duid_product_uuid.type = DUID_TYPE_UUID,
|
||||||
.dhcp_server_persist_leases = true,
|
.dhcp_server_persist_leases = true,
|
||||||
.ip_forwarding = { -1, -1, },
|
.ip_forwarding = { -1, -1, },
|
||||||
|
#if HAVE_VMLINUX_H
|
||||||
.cgroup_fd = -EBADF,
|
.cgroup_fd = -EBADF,
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
*ret = TAKE_PTR(m);
|
*ret = TAKE_PTR(m);
|
||||||
|
@ -624,8 +626,6 @@ Manager* manager_free(Manager *m) {
|
||||||
HASHMAP_FOREACH(link, m->links_by_index)
|
HASHMAP_FOREACH(link, m->links_by_index)
|
||||||
(void) link_stop_engines(link, true);
|
(void) link_stop_engines(link, true);
|
||||||
|
|
||||||
hashmap_free(m->sysctl_shadow);
|
|
||||||
|
|
||||||
m->request_queue = ordered_set_free(m->request_queue);
|
m->request_queue = ordered_set_free(m->request_queue);
|
||||||
m->remove_request_queue = ordered_set_free(m->remove_request_queue);
|
m->remove_request_queue = ordered_set_free(m->remove_request_queue);
|
||||||
|
|
||||||
|
|
|
@ -122,12 +122,14 @@ struct Manager {
|
||||||
|
|
||||||
/* sysctl */
|
/* sysctl */
|
||||||
int ip_forwarding[2];
|
int ip_forwarding[2];
|
||||||
|
#if HAVE_VMLINUX_H
|
||||||
Hashmap *sysctl_shadow;
|
Hashmap *sysctl_shadow;
|
||||||
sd_event_source *sysctl_event_source;
|
sd_event_source *sysctl_event_source;
|
||||||
struct ring_buffer *sysctl_buffer;
|
struct ring_buffer *sysctl_buffer;
|
||||||
struct sysctl_monitor_bpf *sysctl_skel;
|
struct sysctl_monitor_bpf *sysctl_skel;
|
||||||
struct bpf_link *sysctl_link;
|
struct bpf_link *sysctl_link;
|
||||||
int cgroup_fd;
|
int cgroup_fd;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
int manager_new(Manager **ret, bool test_mode);
|
int manager_new(Manager **ret, bool test_mode);
|
||||||
|
@ -150,4 +152,12 @@ int manager_set_timezone(Manager *m, const char *timezone);
|
||||||
|
|
||||||
int manager_reload(Manager *m, sd_bus_message *message);
|
int manager_reload(Manager *m, sd_bus_message *message);
|
||||||
|
|
||||||
|
static inline Hashmap** manager_get_sysctl_shadow(Manager *manager) {
|
||||||
|
#if HAVE_VMLINUX_H
|
||||||
|
return &ASSERT_PTR(manager)->sysctl_shadow;
|
||||||
|
#else
|
||||||
|
return NULL;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
|
||||||
|
|
|
@ -987,7 +987,7 @@ static int ndisc_router_process_reachable_time(Link *link, sd_ndisc_router *rt)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Set the reachable time for Neighbor Solicitations. */
|
/* Set the reachable time for Neighbor Solicitations. */
|
||||||
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow);
|
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec);
|
log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec);
|
||||||
|
|
||||||
|
@ -1021,7 +1021,7 @@ static int ndisc_router_process_retransmission_time(Link *link, sd_ndisc_router
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Set the retransmission time for Neighbor Solicitations. */
|
/* Set the retransmission time for Neighbor Solicitations. */
|
||||||
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow);
|
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec);
|
log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec);
|
||||||
|
|
||||||
|
@ -1057,7 +1057,7 @@ static int ndisc_router_process_hop_limit(Link *link, sd_ndisc_router *rt) {
|
||||||
if (hop_limit <= 0)
|
if (hop_limit <= 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, &link->manager->sysctl_shadow);
|
r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, manager_get_sysctl_shadow(link->manager));
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit);
|
log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit);
|
||||||
|
|
||||||
|
|
|
@ -34,13 +34,7 @@ static struct sysctl_monitor_bpf* sysctl_monitor_bpf_free(struct sysctl_monitor_
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct ring_buffer* rb_free(struct ring_buffer *rb) {
|
|
||||||
sym_ring_buffer__free(rb);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(struct sysctl_monitor_bpf *, sysctl_monitor_bpf_free);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(struct sysctl_monitor_bpf *, sysctl_monitor_bpf_free);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(struct ring_buffer *, rb_free);
|
|
||||||
|
|
||||||
static int sysctl_event_handler(void *ctx, void *data, size_t data_sz) {
|
static int sysctl_event_handler(void *ctx, void *data, size_t data_sz) {
|
||||||
struct sysctl_write_event *we = ASSERT_PTR(data);
|
struct sysctl_write_event *we = ASSERT_PTR(data);
|
||||||
|
@ -99,10 +93,10 @@ static int on_ringbuf_io(sd_event_source *s, int fd, uint32_t revents, void *use
|
||||||
int sysctl_add_monitor(Manager *manager) {
|
int sysctl_add_monitor(Manager *manager) {
|
||||||
_cleanup_(sysctl_monitor_bpf_freep) struct sysctl_monitor_bpf *obj = NULL;
|
_cleanup_(sysctl_monitor_bpf_freep) struct sysctl_monitor_bpf *obj = NULL;
|
||||||
_cleanup_(bpf_link_freep) struct bpf_link *sysctl_link = NULL;
|
_cleanup_(bpf_link_freep) struct bpf_link *sysctl_link = NULL;
|
||||||
_cleanup_(rb_freep) struct ring_buffer *sysctl_buffer = NULL;
|
_cleanup_(bpf_ring_buffer_freep) struct ring_buffer *sysctl_buffer = NULL;
|
||||||
_cleanup_close_ int cgroup_fd = -EBADF, rootcg = -EBADF;
|
_cleanup_close_ int cgroup_fd = -EBADF, root_cgroup_fd = -EBADF;
|
||||||
_cleanup_free_ char *cgroup = NULL;
|
_cleanup_free_ char *cgroup = NULL;
|
||||||
int idx = 0, r;
|
int idx = 0, r, fd;
|
||||||
|
|
||||||
assert(manager);
|
assert(manager);
|
||||||
|
|
||||||
|
@ -116,9 +110,9 @@ int sysctl_add_monitor(Manager *manager) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_warning_errno(r, "Failed to get cgroup path, ignoring: %m.");
|
return log_warning_errno(r, "Failed to get cgroup path, ignoring: %m.");
|
||||||
|
|
||||||
rootcg = cg_path_open(SYSTEMD_CGROUP_CONTROLLER, "/");
|
root_cgroup_fd = cg_path_open(SYSTEMD_CGROUP_CONTROLLER, "/");
|
||||||
if (rootcg < 0)
|
if (root_cgroup_fd < 0)
|
||||||
return log_warning_errno(rootcg, "Failed to open cgroup, ignoring: %m.");
|
return log_warning_errno(root_cgroup_fd, "Failed to open cgroup, ignoring: %m.");
|
||||||
|
|
||||||
obj = sysctl_monitor_bpf__open_and_load();
|
obj = sysctl_monitor_bpf__open_and_load();
|
||||||
if (!obj) {
|
if (!obj) {
|
||||||
|
@ -133,21 +127,27 @@ int sysctl_add_monitor(Manager *manager) {
|
||||||
if (sym_bpf_map_update_elem(sym_bpf_map__fd(obj->maps.cgroup_map), &idx, &cgroup_fd, BPF_ANY))
|
if (sym_bpf_map_update_elem(sym_bpf_map__fd(obj->maps.cgroup_map), &idx, &cgroup_fd, BPF_ANY))
|
||||||
return log_warning_errno(errno, "Failed to update cgroup map: %m");
|
return log_warning_errno(errno, "Failed to update cgroup map: %m");
|
||||||
|
|
||||||
sysctl_link = sym_bpf_program__attach_cgroup(obj->progs.sysctl_monitor, rootcg);
|
sysctl_link = sym_bpf_program__attach_cgroup(obj->progs.sysctl_monitor, root_cgroup_fd);
|
||||||
r = bpf_get_error_translated(sysctl_link);
|
r = bpf_get_error_translated(sysctl_link);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_info_errno(r, "Unable to attach sysctl monitor BPF program to cgroup, ignoring: %m.");
|
log_info_errno(r, "Unable to attach sysctl monitor BPF program to cgroup, ignoring: %m.");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
sysctl_buffer = sym_ring_buffer__new(
|
fd = sym_bpf_map__fd(obj->maps.written_sysctls);
|
||||||
sym_bpf_map__fd(obj->maps.written_sysctls),
|
if (fd < 0)
|
||||||
sysctl_event_handler, &manager->sysctl_shadow, NULL);
|
return log_warning_errno(fd, "Failed to get fd of sysctl maps: %m");
|
||||||
|
|
||||||
|
sysctl_buffer = sym_ring_buffer__new(fd, sysctl_event_handler, &manager->sysctl_shadow, NULL);
|
||||||
if (!sysctl_buffer)
|
if (!sysctl_buffer)
|
||||||
return log_warning_errno(errno, "Failed to create ring buffer: %m");
|
return log_warning_errno(errno, "Failed to create ring buffer: %m");
|
||||||
|
|
||||||
|
fd = sym_ring_buffer__epoll_fd(sysctl_buffer);
|
||||||
|
if (fd < 0)
|
||||||
|
return log_warning_errno(fd, "Failed to get poll fd of ring buffer: %m");
|
||||||
|
|
||||||
r = sd_event_add_io(manager->event, &manager->sysctl_event_source,
|
r = sd_event_add_io(manager->event, &manager->sysctl_event_source,
|
||||||
sym_ring_buffer__epoll_fd(sysctl_buffer), EPOLLIN, on_ringbuf_io, sysctl_buffer);
|
fd, EPOLLIN, on_ringbuf_io, sysctl_buffer);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_warning_errno(r, "Failed to watch sysctl event ringbuffer: %m");
|
return log_warning_errno(r, "Failed to watch sysctl event ringbuffer: %m");
|
||||||
|
|
||||||
|
@ -163,23 +163,11 @@ void sysctl_remove_monitor(Manager *manager) {
|
||||||
assert(manager);
|
assert(manager);
|
||||||
|
|
||||||
manager->sysctl_event_source = sd_event_source_disable_unref(manager->sysctl_event_source);
|
manager->sysctl_event_source = sd_event_source_disable_unref(manager->sysctl_event_source);
|
||||||
|
manager->sysctl_buffer = bpf_ring_buffer_free(manager->sysctl_buffer);
|
||||||
if (manager->sysctl_buffer) {
|
manager->sysctl_link = bpf_link_free(manager->sysctl_link);
|
||||||
sym_ring_buffer__free(manager->sysctl_buffer);
|
manager->sysctl_skel = sysctl_monitor_bpf_free(manager->sysctl_skel);
|
||||||
manager->sysctl_buffer = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (manager->sysctl_link) {
|
|
||||||
sym_bpf_link__destroy(manager->sysctl_link);
|
|
||||||
manager->sysctl_link = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (manager->sysctl_skel) {
|
|
||||||
sysctl_monitor_bpf__destroy(manager->sysctl_skel);
|
|
||||||
manager->sysctl_skel = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
manager->cgroup_fd = safe_close(manager->cgroup_fd);
|
manager->cgroup_fd = safe_close(manager->cgroup_fd);
|
||||||
|
manager->sysctl_shadow = hashmap_free(manager->sysctl_shadow);
|
||||||
}
|
}
|
||||||
|
|
||||||
int sysctl_clear_link_shadows(Link *link) {
|
int sysctl_clear_link_shadows(Link *link) {
|
||||||
|
@ -222,13 +210,13 @@ static void manager_set_ip_forwarding(Manager *manager, int family) {
|
||||||
return; /* keep */
|
return; /* keep */
|
||||||
|
|
||||||
/* First, set the default value. */
|
/* First, set the default value. */
|
||||||
r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, &manager->sysctl_shadow);
|
r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, manager_get_sysctl_shadow(manager));
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_warning_errno(r, "Failed to %s the default %s forwarding: %m",
|
log_warning_errno(r, "Failed to %s the default %s forwarding: %m",
|
||||||
enable_disable(t), af_to_ipv4_ipv6(family));
|
enable_disable(t), af_to_ipv4_ipv6(family));
|
||||||
|
|
||||||
/* Then, set the value to all interfaces. */
|
/* Then, set the value to all interfaces. */
|
||||||
r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, &manager->sysctl_shadow);
|
r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, manager_get_sysctl_shadow(manager));
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m",
|
log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m",
|
||||||
enable_disable(t), af_to_ipv4_ipv6(family));
|
enable_disable(t), af_to_ipv4_ipv6(family));
|
||||||
|
@ -273,7 +261,7 @@ static int link_update_ipv6_sysctl(Link *link) {
|
||||||
if (!link_ipv6_enabled(link))
|
if (!link_ipv6_enabled(link))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_proxy_arp(Link *link) {
|
static int link_set_proxy_arp(Link *link) {
|
||||||
|
@ -286,7 +274,7 @@ static int link_set_proxy_arp(Link *link) {
|
||||||
if (link->network->proxy_arp < 0)
|
if (link->network->proxy_arp < 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_proxy_arp_pvlan(Link *link) {
|
static int link_set_proxy_arp_pvlan(Link *link) {
|
||||||
|
@ -299,7 +287,7 @@ static int link_set_proxy_arp_pvlan(Link *link) {
|
||||||
if (link->network->proxy_arp_pvlan < 0)
|
if (link->network->proxy_arp_pvlan < 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
int link_get_ip_forwarding(Link *link, int family) {
|
int link_get_ip_forwarding(Link *link, int family) {
|
||||||
|
@ -341,7 +329,7 @@ static int link_set_ip_forwarding_impl(Link *link, int family) {
|
||||||
if (t < 0)
|
if (t < 0)
|
||||||
return 0; /* keep */
|
return 0; /* keep */
|
||||||
|
|
||||||
r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, &link->manager->sysctl_shadow);
|
r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, manager_get_sysctl_shadow(link->manager));
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m",
|
return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m",
|
||||||
enable_disable(t), af_to_ipv4_ipv6(family));
|
enable_disable(t), af_to_ipv4_ipv6(family));
|
||||||
|
@ -418,7 +406,7 @@ static int link_set_ipv4_rp_filter(Link *link) {
|
||||||
if (link->network->ipv4_rp_filter < 0)
|
if (link->network->ipv4_rp_filter < 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_ipv6_privacy_extensions(Link *link) {
|
static int link_set_ipv6_privacy_extensions(Link *link) {
|
||||||
|
@ -438,7 +426,7 @@ static int link_set_ipv6_privacy_extensions(Link *link) {
|
||||||
if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL)
|
if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_ipv6_accept_ra(Link *link) {
|
static int link_set_ipv6_accept_ra(Link *link) {
|
||||||
|
@ -448,7 +436,7 @@ static int link_set_ipv6_accept_ra(Link *link) {
|
||||||
if (!link_is_configured_for_family(link, AF_INET6))
|
if (!link_is_configured_for_family(link, AF_INET6))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_ipv6_dad_transmits(Link *link) {
|
static int link_set_ipv6_dad_transmits(Link *link) {
|
||||||
|
@ -461,7 +449,7 @@ static int link_set_ipv6_dad_transmits(Link *link) {
|
||||||
if (link->network->ipv6_dad_transmits < 0)
|
if (link->network->ipv6_dad_transmits < 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_ipv6_hop_limit(Link *link) {
|
static int link_set_ipv6_hop_limit(Link *link) {
|
||||||
|
@ -474,7 +462,7 @@ static int link_set_ipv6_hop_limit(Link *link) {
|
||||||
if (link->network->ipv6_hop_limit <= 0)
|
if (link->network->ipv6_hop_limit <= 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_ipv6_retransmission_time(Link *link) {
|
static int link_set_ipv6_retransmission_time(Link *link) {
|
||||||
|
@ -493,7 +481,7 @@ static int link_set_ipv6_retransmission_time(Link *link) {
|
||||||
if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX)
|
if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_ipv6_proxy_ndp(Link *link) {
|
static int link_set_ipv6_proxy_ndp(Link *link) {
|
||||||
|
@ -510,7 +498,7 @@ static int link_set_ipv6_proxy_ndp(Link *link) {
|
||||||
else
|
else
|
||||||
v = !set_isempty(link->network->ipv6_proxy_ndp_addresses);
|
v = !set_isempty(link->network->ipv6_proxy_ndp_addresses);
|
||||||
|
|
||||||
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
int link_set_ipv6_mtu(Link *link, int log_level) {
|
int link_set_ipv6_mtu(Link *link, int log_level) {
|
||||||
|
@ -538,7 +526,7 @@ int link_set_ipv6_mtu(Link *link, int log_level) {
|
||||||
mtu = link->mtu;
|
mtu = link->mtu;
|
||||||
}
|
}
|
||||||
|
|
||||||
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_ipv4_accept_local(Link *link) {
|
static int link_set_ipv4_accept_local(Link *link) {
|
||||||
|
@ -551,7 +539,7 @@ static int link_set_ipv4_accept_local(Link *link) {
|
||||||
if (link->network->ipv4_accept_local < 0)
|
if (link->network->ipv4_accept_local < 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_ipv4_route_localnet(Link *link) {
|
static int link_set_ipv4_route_localnet(Link *link) {
|
||||||
|
@ -564,7 +552,7 @@ static int link_set_ipv4_route_localnet(Link *link) {
|
||||||
if (link->network->ipv4_route_localnet < 0)
|
if (link->network->ipv4_route_localnet < 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_set_ipv4_promote_secondaries(Link *link) {
|
static int link_set_ipv4_promote_secondaries(Link *link) {
|
||||||
|
@ -579,7 +567,7 @@ static int link_set_ipv4_promote_secondaries(Link *link) {
|
||||||
* otherwise. The way systemd-networkd works is that the new IP of a lease is added as a
|
* otherwise. The way systemd-networkd works is that the new IP of a lease is added as a
|
||||||
* secondary IP and when the primary one expires it relies on the kernel to promote the
|
* secondary IP and when the primary one expires it relies on the kernel to promote the
|
||||||
* secondary IP. See also https://github.com/systemd/systemd/issues/7163 */
|
* secondary IP. See also https://github.com/systemd/systemd/issues/7163 */
|
||||||
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, &link->manager->sysctl_shadow);
|
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, manager_get_sysctl_shadow(link->manager));
|
||||||
}
|
}
|
||||||
|
|
||||||
int link_set_sysctl(Link *link) {
|
int link_set_sysctl(Link *link) {
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
#include "sd-daemon.h"
|
#include "sd-daemon.h"
|
||||||
|
|
||||||
#include "bpf-dlopen.h"
|
#include "bpf-dlopen.h"
|
||||||
|
#include "bpf-link.h"
|
||||||
#include "build-path.h"
|
#include "build-path.h"
|
||||||
#include "common-signal.h"
|
#include "common-signal.h"
|
||||||
#include "env-util.h"
|
#include "env-util.h"
|
||||||
|
@ -141,8 +142,7 @@ Manager* manager_free(Manager *m) {
|
||||||
|
|
||||||
#if HAVE_VMLINUX_H
|
#if HAVE_VMLINUX_H
|
||||||
sd_event_source_disable_unref(m->userns_restrict_bpf_ring_buffer_event_source);
|
sd_event_source_disable_unref(m->userns_restrict_bpf_ring_buffer_event_source);
|
||||||
if (m->userns_restrict_bpf_ring_buffer)
|
bpf_ring_buffer_free(m->userns_restrict_bpf_ring_buffer);
|
||||||
sym_ring_buffer__free(m->userns_restrict_bpf_ring_buffer);
|
|
||||||
userns_restrict_bpf_free(m->userns_restrict_bpf);
|
userns_restrict_bpf_free(m->userns_restrict_bpf);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,7 @@ int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *li
|
||||||
return serialize_fd(f, fds, key, sym_bpf_link__fd(link));
|
return serialize_fd(f, fds, key, sym_bpf_link__fd(link));
|
||||||
}
|
}
|
||||||
|
|
||||||
struct bpf_link *bpf_link_free(struct bpf_link *link) {
|
struct bpf_link* bpf_link_free(struct bpf_link *link) {
|
||||||
/* If libbpf wasn't dlopen()ed, sym_bpf_link__destroy might be unresolved (NULL), so let's not try to
|
/* If libbpf wasn't dlopen()ed, sym_bpf_link__destroy might be unresolved (NULL), so let's not try to
|
||||||
* call it if link is NULL. link might also be a non-null "error pointer", but such a value can only
|
* call it if link is NULL. link might also be a non-null "error pointer", but such a value can only
|
||||||
* originate from a call to libbpf, but that means that libbpf is available, and we can let
|
* originate from a call to libbpf, but that means that libbpf is available, and we can let
|
||||||
|
@ -41,3 +41,10 @@ struct bpf_link *bpf_link_free(struct bpf_link *link) {
|
||||||
|
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
struct ring_buffer* bpf_ring_buffer_free(struct ring_buffer *rb) {
|
||||||
|
if (rb) /* See the comment in bpf_link_free(). */
|
||||||
|
sym_ring_buffer__free(rb);
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
|
@ -12,5 +12,8 @@ bool bpf_can_link_program(struct bpf_program *prog);
|
||||||
|
|
||||||
int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *link);
|
int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *link);
|
||||||
|
|
||||||
struct bpf_link *bpf_link_free(struct bpf_link *p);
|
struct bpf_link* bpf_link_free(struct bpf_link *p);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(struct bpf_link *, bpf_link_free);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(struct bpf_link *, bpf_link_free);
|
||||||
|
|
||||||
|
struct ring_buffer* bpf_ring_buffer_free(struct ring_buffer *rb);
|
||||||
|
DEFINE_TRIVIAL_CLEANUP_FUNC(struct ring_buffer *, bpf_ring_buffer_free);
|
||||||
|
|
|
@ -968,7 +968,9 @@ void log_setup_generator(void) {
|
||||||
|
|
||||||
/* This effectively means: journal for per-user generators, kmsg otherwise */
|
/* This effectively means: journal for per-user generators, kmsg otherwise */
|
||||||
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
|
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
|
||||||
}
|
} else
|
||||||
|
log_set_target(LOG_TARGET_AUTO);
|
||||||
|
|
||||||
log_setup();
|
log_parse_environment();
|
||||||
|
log_open();
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,17 +28,16 @@ static int output_waiting_jobs(sd_bus *bus, Table *table, uint32_t id, const cha
|
||||||
|
|
||||||
while ((r = sd_bus_message_read(reply, "(usssoo)", &other_id, &name, &type, NULL, NULL, NULL)) > 0) {
|
while ((r = sd_bus_message_read(reply, "(usssoo)", &other_id, &name, &type, NULL, NULL, NULL)) > 0) {
|
||||||
_cleanup_free_ char *row = NULL;
|
_cleanup_free_ char *row = NULL;
|
||||||
int rc;
|
|
||||||
|
|
||||||
if (asprintf(&row, "%s %u (%s/%s)", prefix, other_id, name, type) < 0)
|
if (asprintf(&row, "%s %u (%s/%s)", prefix, other_id, name, type) < 0)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
|
||||||
rc = table_add_many(table,
|
r = table_add_many(table,
|
||||||
TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT),
|
TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT),
|
||||||
TABLE_STRING, row,
|
TABLE_STRING, row,
|
||||||
TABLE_EMPTY,
|
TABLE_EMPTY,
|
||||||
TABLE_EMPTY);
|
TABLE_EMPTY);
|
||||||
if (rc < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1328,9 +1328,12 @@ testcase_compression() {
|
||||||
|
|
||||||
# TODO: add btrfs once btrfs-progs v6.11 is available in distributions.
|
# TODO: add btrfs once btrfs-progs v6.11 is available in distributions.
|
||||||
for format in squashfs erofs; do
|
for format in squashfs erofs; do
|
||||||
if ! command -v "mkfs.$format" && ! command -v mksquashfs >/dev/null; then
|
case "$format" in
|
||||||
continue
|
squashfs)
|
||||||
fi
|
command -v mksquashfs >/dev/null || continue ;;
|
||||||
|
*)
|
||||||
|
command -v "mkfs.$format" || continue ;;
|
||||||
|
esac
|
||||||
|
|
||||||
[[ "$format" == "squashfs" ]] && compression=zstd
|
[[ "$format" == "squashfs" ]] && compression=zstd
|
||||||
[[ "$format" == "erofs" ]] && compression=lz4hc
|
[[ "$format" == "erofs" ]] && compression=lz4hc
|
||||||
|
|
Loading…
Reference in New Issue