bash completion: various machinectl/portablectl fixes (#40719)

Bumps the actions group with 1 update: [super-linter/super-linter](https://github.com/super-linter/super-linter).


Updates `super-linter/super-linter` from 8.4.0 to 8.5.0
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](12562e48d7...61abc07d75)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/dependabot.yml

@@ -12,14 +12,20 @@ updates:
           - "*"
         exclude-patterns:
           - "systemd/mkosi"
+    cooldown:
+      default-days: 7
     open-pull-requests-limit: 2
   - package-ecosystem: "pip"
     directory: "/.github/workflows"
     schedule:
       interval: "monthly"
+    cooldown:
+      default-days: 7
     open-pull-requests-limit: 2
   - package-ecosystem: "docker"
     directory: "/.clusterfuzzlite"
     schedule:
       interval: "monthly"
+    cooldown:
+      default-days: 7
     open-pull-requests-limit: 2

.github/workflows/build-test.yml

@@ -52,6 +52,8 @@ jobs:
     steps:
       - name: Repository checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
       - name: Setup python
         uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
         with:

.github/workflows/codeql.yml

@@ -43,6 +43,8 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      with:
+        persist-credentials: false
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30

.github/workflows/coverage.yml

@@ -25,6 +25,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
       - uses: systemd/mkosi@66d51024b7149f40be4702e84275c936373ace97
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space

.github/workflows/coverity.yml

@@ -23,6 +23,8 @@ jobs:
     steps:
       - name: Repository checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
       # Reuse the setup phase of the unit test script to avoid code duplication
       - name: Install build dependencies
         run: |

.github/workflows/development-freeze.yml

@@ -33,6 +33,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Development Freezer
         uses: redhat-plumbers-in-action/devel-freezer@ad766eafd555b28d2cb8e27937835983f9c3d173

.github/workflows/differential-shellcheck.yml

@@ -26,6 +26,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Differential ShellCheck
         uses: redhat-plumbers-in-action/differential-shellcheck@d965e66ec0b3b2f821f75c8eff9b12442d9a7d1e

.github/workflows/gather-pr-metadata.yml

@@ -17,6 +17,8 @@ jobs:
     steps:
       - name: Repository checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
 
       - id: metadata
         name: Gather Pull Request Metadata

.github/workflows/issue-labeler.yml

@@ -21,6 +21,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
 
       - name: Parse issue form
         uses: stefanbuck/github-issue-parser@1e5bdee70d4b3e066a33aa0669ab782943825f94

.github/workflows/labeler.yml

@@ -32,6 +32,8 @@ jobs:
     - name: Repository checkout
       uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       if: github.event_name == 'pull_request'
+      with:
+        persist-credentials: false
 
     - name: Label PR based on policy in labeler.yml
       uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b

.github/workflows/linter.yml

@@ -27,9 +27,10 @@ jobs:
         with:
           # We need a full repo clone
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Lint Code Base
-        uses: super-linter/super-linter/slim@12562e48d7059cf666c43a4ecb0d3b5a2b31bd9e
+        uses: super-linter/super-linter/slim@61abc07d755095a68f4987d1c2c3d1d64408f1f9
         env:
           DEFAULT_BRANCH: main
           MULTI_STATUS: false

.github/workflows/mkosi.yml

@@ -167,6 +167,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
       - uses: systemd/mkosi@66d51024b7149f40be4702e84275c936373ace97
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space

.github/workflows/unit-tests-musl.yml

@@ -21,6 +21,8 @@ jobs:
     steps:
       - name: Repository checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
 
       - name: Install build dependencies
         uses: jirutka/setup-alpine@v1

.github/workflows/unit-tests.yml

@@ -41,6 +41,8 @@ jobs:
     steps:
       - name: Repository checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
       - name: Install build dependencies
         run: |
           # Drop XDG_* stuff from /etc/environment, so we don't get the user

shell-completion/bash/machinectl

@@ -25,33 +25,43 @@ __contains_word() {
 }
 
 __get_machines() {
+    local mode=$1; shift 1
     local a b
-    { machinectl list-images --full --no-legend --no-pager 2>/dev/null; machinectl list --full --max-addresses=0 --no-legend --no-pager 2>/dev/null; echo ".host"; } |
+    { machinectl $mode list-images --full --no-legend --no-pager 2>/dev/null; machinectl $mode list --full --max-addresses=0 --no-legend --no-pager 2>/dev/null; echo ".host"; } |
         { while read -r a b; do echo " $a"; done; } |
         sort -u
 }
 
 _machinectl() {
     local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
-    local i verb comps
+    local i verb comps mode
 
     local -A OPTS=(
         [STANDALONE]='--all -a -l --full --help -h --no-ask-password --no-legend --no-pager --version --value
-                      --mkdir --read-only --force -q --quiet'
+                      --mkdir --read-only --force -q --quiet --system --user --now -V'
-        [ARG]='--host -H --kill-whom -M --machine --property -p --signal -s --uid -E --setenv -n --lines
+        [ARG]='--host -H --kill-whom -M --machine --property -p -P --signal -s --uid -E --setenv -n --lines
-                      -o --output --verify --format --max-addresses'
+                      -o --output --verify --format --max-addresses --runner'
     )
 
     local -A VERBS=(
         [STANDALONE]='list list-images clean pull-tar pull-raw list-transfers cancel-transfer import-fs'
-        [MACHINES]='status show start stop login shell enable disable poweroff reboot terminate kill bind
+        [MACHINES]='status show start stop login shell enable disable poweroff reboot terminate kill
-                    copy-to copy-from image-status show-image clone rename read-only remove set-limit
+                    image-status show-image remove export-tar export-raw'
-                    export-tar export-raw'
+        [MACHINES_OR_FILES]='edit cat'
+        [MACHINE_ONLY]='clone rename set-limit'
+        [READONLY]='read-only'
         [FILE]='import-tar import-raw'
+        [MACHINES_AND_FILES]='copy-to copy-from bind'
     )
 
     _init_completion || return
 
+    if __contains_word "--user" ${COMP_WORDS[*]}; then
+        mode=--user
+    else
+        mode=--system
+    fi
+
     for ((i=0; i <= COMP_CWORD; i++)); do
         if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
                 ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
@@ -73,9 +83,9 @@ _machinectl() {
                 comps=$(compgen -A hostname)
                 ;;
             --machine|-M)
-                comps=$( __get_machines )
+                comps=$( __get_machines $mode )
                 ;;
-            --property|-p)
+            --property|-p|-P)
                 comps=''
                 ;;
             --output|-o)
@@ -87,6 +97,9 @@ _machinectl() {
             --format)
                 comps='uncompressed xz gzip bzip2 zstd'
                 ;;
+            --runner)
+                comps='nspawn vmspawn'
+                ;;
         esac
         COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
         return 0
@@ -104,7 +117,68 @@ _machinectl() {
         comps=''
 
     elif __contains_word "$verb" ${VERBS[MACHINES]}; then
-        comps=$( __get_machines )
+        comps=$( __get_machines $mode )
+
+    elif __contains_word "$verb" ${VERBS[MACHINES_OR_FILES]}; then
+        comps=$( __get_machines $mode )
+        compopt -o filenames
+        comps+=" $(compgen -f -- "$cur")"
+
+    elif __contains_word "$verb" ${VERBS[MACHINE_ONLY]}; then
+        local k args=0
+        for ((k=i+1; k < COMP_CWORD; k++)); do
+            if __contains_word "${COMP_WORDS[k]}" ${OPTS[ARG]}; then
+                ((k++))
+            elif [[ ${COMP_WORDS[k]} = -* ]]; then
+                continue
+            else
+                ((args++))
+            fi
+        done
+        if (( args == 0 )); then
+            comps=$( __get_machines $mode )
+        else
+            comps=''
+        fi
+
+    elif __contains_word "$verb" ${VERBS[READONLY]}; then
+        local k args=0
+        for ((k=i+1; k < COMP_CWORD; k++)); do
+            if __contains_word "${COMP_WORDS[k]}" ${OPTS[ARG]}; then
+                ((k++))
+            elif [[ ${COMP_WORDS[k]} = -* ]]; then
+                continue
+            else
+                ((args++))
+            fi
+        done
+        if (( args == 0 )); then
+            comps=$( __get_machines $mode )
+        elif (( args == 1 )); then
+            comps='true false'
+        else
+            comps=''
+        fi
+
+    elif __contains_word "$verb" ${VERBS[MACHINES_AND_FILES]}; then
+        local k args=0
+        for ((k=i+1; k < COMP_CWORD; k++)); do
+            if __contains_word "${COMP_WORDS[k]}" ${OPTS[ARG]}; then
+                ((k++))
+            elif [[ ${COMP_WORDS[k]} = -* ]]; then
+                continue
+            else
+                ((args++))
+            fi
+        done
+        if (( args == 0 )); then
+            comps=$( __get_machines $mode )
+        elif (( args <= 2 )); then
+            comps=$(compgen -f -- "$cur")
+            compopt -o filenames
+        else
+            comps=''
+        fi
 
     elif __contains_word "$verb" ${VERBS[FILE]}; then
         if (( COMP_CWORD == i + 1 )); then # first argument after verb

shell-completion/bash/portablectl

@@ -37,7 +37,7 @@ _portablectl() {
     local -A OPTS=(
         [STANDALONE]='-q --quiet --runtime --no-reload --cat --no-pager --no-legend
                               --no-ask-password --enable --now -h --help --version
-                              --clean --no-block --force'
+                              --clean --no-block --force --user --system'
         [ARG]='-p --profile --copy -H --host -M --machine --extension'
     )
 

src/network/meson.build

@@ -87,6 +87,7 @@ systemd_networkd_extract_sources = files(
         'networkd-state-file.c',
         'networkd-sysctl.c',
         'networkd-util.c',
+        'networkd-varlink-metrics.c',
         'networkd-wifi.c',
         'networkd-wiphy.c',
         'networkd-wwan.c',

src/network/networkd-manager.c

@@ -44,6 +44,7 @@
 #include "networkd-serialize.h"
 #include "networkd-speed-meter.h"
 #include "networkd-state-file.h"
+#include "networkd-varlink-metrics.h"
 #include "networkd-wifi.h"
 #include "networkd-wiphy.h"
 #include "networkd-wwan-bus.h"
@@ -212,13 +213,14 @@ static int manager_connect_udev(Manager *m) {
         return 0;
 }
 
-static int manager_listen_fds(Manager *m, int *ret_rtnl_fd, int *ret_varlink_fd, int *ret_resolve_hook_fd) {
+static int manager_listen_fds(Manager *m, int *ret_rtnl_fd, int *ret_varlink_fd, int *ret_varlink_metrics_fd, int *ret_resolve_hook_fd) {
         _cleanup_strv_free_ char **names = NULL;
-        int n, rtnl_fd = -EBADF, varlink_fd = -EBADF, resolve_hook_fd = -EBADF;
+        int n, rtnl_fd = -EBADF, varlink_fd = -EBADF, varlink_metrics_fd = -EBADF, resolve_hook_fd = -EBADF;
 
         assert(m);
         assert(ret_rtnl_fd);
         assert(ret_varlink_fd);
+        assert(ret_varlink_metrics_fd);
         assert(ret_resolve_hook_fd);
 
         n = sd_listen_fds_with_names(/* unset_environment= */ true, &names);
@@ -243,6 +245,11 @@ static int manager_listen_fds(Manager *m, int *ret_rtnl_fd, int *ret_varlink_fd,
                         continue;
                 }
 
+                if (streq(names[i], "varlink-metrics")) {
+                        varlink_metrics_fd = fd;
+                        continue;
+                }
+
                 if (streq(names[i], "resolve-hook")) {
                         resolve_hook_fd = fd;
                         continue;
@@ -263,6 +270,7 @@ static int manager_listen_fds(Manager *m, int *ret_rtnl_fd, int *ret_varlink_fd,
 
         *ret_rtnl_fd = rtnl_fd;
         *ret_varlink_fd = varlink_fd;
+        *ret_varlink_metrics_fd = varlink_metrics_fd;
         *ret_resolve_hook_fd = resolve_hook_fd;
 
         return 0;
@@ -557,7 +565,7 @@ static int manager_set_keep_configuration(Manager *m) {
 }
 
 int manager_setup(Manager *m) {
-        _cleanup_close_ int rtnl_fd = -EBADF, varlink_fd = -EBADF, resolve_hook_fd = -EBADF;
+        _cleanup_close_ int rtnl_fd = -EBADF, varlink_fd = -EBADF, varlink_metrics_fd = -EBADF, resolve_hook_fd = -EBADF;
         int r;
 
         assert(m);
@@ -581,7 +589,7 @@ int manager_setup(Manager *m) {
         if (r < 0)
                 return r;
 
-        r = manager_listen_fds(m, &rtnl_fd, &varlink_fd, &resolve_hook_fd);
+        r = manager_listen_fds(m, &rtnl_fd, &varlink_fd, &varlink_metrics_fd, &resolve_hook_fd);
         if (r < 0)
                 return r;
 
@@ -604,6 +612,10 @@ int manager_setup(Manager *m) {
         if (r < 0)
                 return r;
 
+        r = manager_varlink_metrics_init(m, TAKE_FD(varlink_metrics_fd));
+        if (r < 0)
+                return r;
+
         r = manager_varlink_init_resolve_hook(m, TAKE_FD(resolve_hook_fd));
         if (r < 0)
                 return r;
@@ -760,6 +772,7 @@ Manager* manager_free(Manager *m) {
 
         m->varlink_server = sd_varlink_server_unref(m->varlink_server);
         m->varlink_resolve_hook_server = sd_varlink_server_unref(m->varlink_resolve_hook_server);
+        m->varlink_metrics_server = sd_varlink_server_unref(m->varlink_metrics_server);
         m->query_filter_subscriptions = set_free(m->query_filter_subscriptions);
         hashmap_free(m->polkit_registry);
         sd_bus_flush_close_unref(m->bus);

src/network/networkd-manager.h

@@ -23,6 +23,7 @@ typedef struct Manager {
         sd_bus *bus;
         sd_varlink_server *varlink_server;
         sd_varlink_server *varlink_resolve_hook_server;
+        sd_varlink_server *varlink_metrics_server;
         Set *query_filter_subscriptions;
         sd_device_monitor *device_monitor;
         Hashmap *polkit_registry;

src/network/networkd-resolve-hook.c

@@ -245,7 +245,7 @@ int manager_varlink_init_resolve_hook(Manager *m, int fd) {
                 r = sd_varlink_server_listen_address(s, "/run/systemd/resolve.hook/io.systemd.Network",
                                                      0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755);
                 if (ERRNO_IS_NEG_PRIVILEGE(r)) {
-                        log_info_errno(r, "Failed to bind to systemd-resolved hook varlink socket, ignoring: %m");
+                        log_warning_errno(r, "Failed to bind to systemd-resolved hook varlink socket, ignoring: %m");
                         return 0;
                 }
         } else

src/network/networkd-varlink-metrics.c

@@ -0,0 +1,200 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "sd-varlink.h"
+
+#include "argv-util.h"
+#include "errno-util.h"
+#include "fd-util.h"
+#include "hashmap.h"
+#include "metrics.h"
+#include "network-util.h"
+#include "networkd-link.h"
+#include "networkd-manager.h"
+#include "networkd-varlink-metrics.h"
+
+#define METRIC_IO_SYSTEMD_NETWORK_PREFIX "io.systemd.Network."
+
+typedef const char* (*link_metric_extractor_t)(const Link *link);
+
+static int link_metric_build_json(
+                MetricFamilyContext *context,
+                link_metric_extractor_t extractor,
+                void *userdata) {
+
+        Manager *manager = ASSERT_PTR(userdata);
+        Link *link;
+        int r;
+
+        assert(context);
+        assert(extractor);
+
+        HASHMAP_FOREACH(link, manager->links_by_index) {
+                r = metric_build_send_string(context, link->ifname, extractor(link), /* fields= */ NULL);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static const char* link_get_address_state(const Link *l) {
+        return link_address_state_to_string(ASSERT_PTR(l)->address_state);
+}
+
+static const char* link_get_admin_state(const Link *l) {
+        return link_state_to_string(ASSERT_PTR(l)->state);
+}
+
+static const char* link_get_carrier_state(const Link *l) {
+        return link_carrier_state_to_string(ASSERT_PTR(l)->carrier_state);
+}
+
+static const char* link_get_ipv4_address_state(const Link *l) {
+        return link_address_state_to_string(ASSERT_PTR(l)->ipv4_address_state);
+}
+
+static const char* link_get_ipv6_address_state(const Link *l) {
+        return link_address_state_to_string(ASSERT_PTR(l)->ipv6_address_state);
+}
+
+static const char* link_get_oper_state(const Link *l) {
+        return link_operstate_to_string(ASSERT_PTR(l)->operstate);
+}
+
+static int link_address_state_build_json(MetricFamilyContext *ctx, void *userdata) {
+        return link_metric_build_json(ctx, link_get_address_state, userdata);
+}
+
+static int link_admin_state_build_json(MetricFamilyContext *ctx, void *userdata) {
+        return link_metric_build_json(ctx, link_get_admin_state, userdata);
+}
+
+static int link_carrier_state_build_json(MetricFamilyContext *ctx, void *userdata) {
+        return link_metric_build_json(ctx, link_get_carrier_state, userdata);
+}
+
+static int link_ipv4_address_state_build_json(MetricFamilyContext *ctx, void *userdata) {
+        return link_metric_build_json(ctx, link_get_ipv4_address_state, userdata);
+}
+
+static int link_ipv6_address_state_build_json(MetricFamilyContext *ctx, void *userdata) {
+        return link_metric_build_json(ctx, link_get_ipv6_address_state, userdata);
+}
+
+static int link_oper_state_build_json(MetricFamilyContext *ctx, void *userdata) {
+        return link_metric_build_json(ctx, link_get_oper_state, userdata);
+}
+
+static int managed_interfaces_build_json(MetricFamilyContext *context, void *userdata) {
+        Manager *manager = ASSERT_PTR(userdata);
+        Link *link;
+        uint64_t count = 0;
+
+        assert(context);
+
+        HASHMAP_FOREACH(link, manager->links_by_index)
+                if (link->network)
+                        count++;
+
+        return metric_build_send_unsigned(context, /* object= */ NULL, count, /* fields= */ NULL);
+}
+
+/* Keep metrics ordered alphabetically */
+static const MetricFamily network_metric_family_table[] = {
+        {
+                .name = METRIC_IO_SYSTEMD_NETWORK_PREFIX "addressState",
+                .description = "Per interface metric: address state",
+                .type = METRIC_FAMILY_TYPE_STRING,
+                .generate = link_address_state_build_json,
+        },
+        {
+                .name = METRIC_IO_SYSTEMD_NETWORK_PREFIX "adminState",
+                .description = "Per interface metric: admin state",
+                .type = METRIC_FAMILY_TYPE_STRING,
+                .generate = link_admin_state_build_json,
+        },
+        {
+                .name = METRIC_IO_SYSTEMD_NETWORK_PREFIX "carrierState",
+                .description = "Per interface metric: carrier state",
+                .type = METRIC_FAMILY_TYPE_STRING,
+                .generate = link_carrier_state_build_json,
+        },
+        {
+                .name = METRIC_IO_SYSTEMD_NETWORK_PREFIX "ipv4AddressState",
+                .description = "Per interface metric: IPv4 address state",
+                .type = METRIC_FAMILY_TYPE_STRING,
+                .generate = link_ipv4_address_state_build_json,
+        },
+        {
+                .name = METRIC_IO_SYSTEMD_NETWORK_PREFIX "ipv6AddressState",
+                .description = "Per interface metric: IPv6 address state",
+                .type = METRIC_FAMILY_TYPE_STRING,
+                .generate = link_ipv6_address_state_build_json,
+        },
+        {
+                .name = METRIC_IO_SYSTEMD_NETWORK_PREFIX "managedInterfaces",
+                .description = "Number of network interfaces managed by systemd-networkd",
+                .type = METRIC_FAMILY_TYPE_GAUGE,
+                .generate = managed_interfaces_build_json,
+        },
+        {
+                .name = METRIC_IO_SYSTEMD_NETWORK_PREFIX "operationalState",
+                .description = "Per interface metric: operational state",
+                .type = METRIC_FAMILY_TYPE_STRING,
+                .generate = link_oper_state_build_json,
+        },
+        {}
+};
+
+static int vl_method_metrics_describe(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
+        return metrics_method_describe(network_metric_family_table, link, parameters, flags, userdata);
+}
+
+static int vl_method_metrics_list(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
+        return metrics_method_list(network_metric_family_table, link, parameters, flags, userdata);
+}
+
+int manager_varlink_metrics_init(Manager *m, int fd) {
+        _unused_ _cleanup_close_ int fd_close = fd; /* take possession */
+        int r;
+
+        assert(m);
+
+        if (m->varlink_metrics_server)
+                return 0;
+
+        if (fd < 0 && invoked_by_systemd()) {
+                log_debug("systemd-networkd-varlink-metrics.socket seems to be disabled, not installing metrics varlink server.");
+                return 0;
+        }
+
+        _cleanup_(sd_varlink_server_unrefp) sd_varlink_server *s = NULL;
+        r = metrics_setup_varlink_server(
+                        &s,
+                        SD_VARLINK_SERVER_INHERIT_USERDATA,
+                        m->event,
+                        SD_EVENT_PRIORITY_NORMAL,
+                        vl_method_metrics_list,
+                        vl_method_metrics_describe,
+                        m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to set up metrics varlink server: %m");
+
+        if (fd < 0) {
+                r = sd_varlink_server_listen_address(
+                                s,
+                                "/run/systemd/report/io.systemd.Network",
+                                0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755);
+                if (ERRNO_IS_NEG_PRIVILEGE(r)) {
+                        log_warning_errno(r, "Failed to bind to metrics varlink socket, ignoring: %m");
+                        return 0;
+                }
+        } else
+                r = sd_varlink_server_listen_fd(s, fd);
+        if (r < 0)
+                return log_error_errno(r, "Failed to bind to metrics varlink socket: %m");
+
+        TAKE_FD(fd_close);
+        m->varlink_metrics_server = TAKE_PTR(s);
+        return 0;
+}

src/network/networkd-varlink-metrics.h

@@ -0,0 +1,6 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include "networkd-forward.h"
+
+int manager_varlink_metrics_init(Manager *m, int fd);

src/shared/bootspec.c

@@ -519,7 +519,7 @@ int boot_loader_read_conf(BootConfig *config, FILE *file, const char *path) {
 
                 if (streq(field, "preferred"))
                         r = free_and_strdup(&config->preferred_pattern, p);
-                if (streq(field, "default"))
+                else if (streq(field, "default"))
                         r = free_and_strdup(&config->default_pattern, p);
                 else if (STR_IN_SET(field, "timeout", "editor", "auto-entries", "auto-firmware",
                                     "auto-poweroff", "auto-reboot", "beep", "reboot-for-bitlocker",

test/networkd-test.py

@@ -64,11 +64,12 @@ def setUpModule():
     # Ensure we don't mess with an existing networkd config
     for u in [
         'systemd-networkd.socket',
-        'systemd-networkd-varlink.socket',
         'systemd-networkd-resolve-hook.socket',
+        'systemd-networkd-varlink.socket',
+        'systemd-networkd-varlink-metrics.socket',
         'systemd-networkd.service',
-        'systemd-resolved-varlink.socket',
         'systemd-resolved-monitor.socket',
+        'systemd-resolved-varlink.socket',
         'systemd-resolved.service',
     ]:
         if subprocess.call(['systemctl', 'is-active', '--quiet', u]) == 0:
@@ -91,7 +92,8 @@ def setUpModule():
         subprocess.call(['useradd', '--system', '--no-create-home', 'systemd-network'])
 
     for d in ['/etc/systemd/network', '/run/systemd/network',
-              '/run/systemd/netif', '/run/systemd/resolve', '/run/systemd/resolve.hook']:
+              '/run/systemd/netif', '/run/systemd/report',
+              '/run/systemd/resolve', '/run/systemd/resolve.hook']:
         subprocess.check_call(["mount", "-m", "-t", "tmpfs", "none", d])
         tmpmounts.append(d)
     if os.path.isdir('/run/systemd/resolve'):
@@ -279,8 +281,9 @@ Gateway=192.168.250.1
 
     def tearDown(self):
         subprocess.check_call(['systemctl', 'stop', 'systemd-networkd.socket'])
-        subprocess.check_call(['systemctl', 'stop', 'systemd-networkd-varlink.socket'])
         subprocess.check_call(['systemctl', 'stop', 'systemd-networkd-resolve-hook.socket'])
+        subprocess.check_call(['systemctl', 'stop', 'systemd-networkd-varlink.socket'])
+        subprocess.check_call(['systemctl', 'stop', 'systemd-networkd-varlink-metrics.socket'])
         subprocess.check_call(['systemctl', 'stop', 'systemd-networkd.service'])
         subprocess.check_call(['ip', 'link', 'del', 'mybridge'])
         subprocess.check_call(['ip', 'link', 'del', 'port1'])
@@ -376,8 +379,9 @@ class ClientTestBase(NetworkdTestingUtilities):
     def tearDown(self):
         self.shutdown_iface()
         subprocess.call(['systemctl', 'stop', 'systemd-networkd.socket'])
-        subprocess.call(['systemctl', 'stop', 'systemd-networkd-varlink.socket'])
         subprocess.call(['systemctl', 'stop', 'systemd-networkd-resolve-hook.socket'])
+        subprocess.call(['systemctl', 'stop', 'systemd-networkd-varlink.socket'])
+        subprocess.call(['systemctl', 'stop', 'systemd-networkd-varlink-metrics.socket'])
         subprocess.call(['systemctl', 'stop', 'systemd-networkd.service'])
         subprocess.call(['ip', 'link', 'del', 'dummy0'],
                         stderr=subprocess.DEVNULL)
@@ -935,10 +939,12 @@ class NetworkdClientTest(ClientTestBase, unittest.TestCase):
 set -eu
 mkdir -p /run/systemd/network
 mkdir -p /run/systemd/netif
+mkdir -p /run/systemd/report
 mkdir -p /run/systemd/resolve.hook
 mkdir -p /var/lib/systemd/network
 mount -t tmpfs none /run/systemd/network
 mount -t tmpfs none /run/systemd/netif
+mount -t tmpfs none /run/systemd/report
 mount -t tmpfs none /run/systemd/resolve.hook
 mount -t tmpfs none /var/lib/systemd/network
 [ ! -e /run/dbus ] || mount -t tmpfs none /run/dbus
@@ -989,6 +995,7 @@ exec $(systemctl cat systemd-networkd.service | sed -n '/^ExecStart=/ {{ s/^.*=/
                                '-p', 'InaccessibleDirectories=-/etc/systemd/network',
                                '-p', 'InaccessibleDirectories=-/run/systemd/network',
                                '-p', 'InaccessibleDirectories=-/run/systemd/netif',
+                               '-p', 'InaccessibleDirectories=-/run/systemd/report',
                                '-p', 'InaccessibleDirectories=-/run/systemd/resolve.hook',
                                '-p', 'InaccessibleDirectories=-/var/lib/systemd/network',
                                '--service-type=notify', script])

test/test-network/systemd-networkd-tests.py

@@ -425,8 +425,9 @@ def clear_udev_rules():
 def save_active_units():
     for u in [
             'systemd-networkd.socket',
-            'systemd-networkd-varlink.socket',
             'systemd-networkd-resolve-hook.socket',
+            'systemd-networkd-varlink.socket',
+            'systemd-networkd-varlink-metrics.socket',
             'systemd-networkd.service',
             'systemd-resolved-monitor.socket',
             'systemd-resolved-varlink.socket',
@@ -447,12 +448,16 @@ def restore_active_units():
         call('systemctl stop systemd-networkd.socket')
         has_network_socket = True
 
+    if 'systemd-networkd-resolve-hook.socket' in active_units:
+        call('systemctl stop systemd-networkd-resolve-hook.socket')
+        has_network_socket = True
+
     if 'systemd-networkd-varlink.socket' in active_units:
         call('systemctl stop systemd-networkd-varlink.socket')
         has_network_socket = True
 
-    if 'systemd-networkd-resolve-hook.socket' in active_units:
+    if 'systemd-networkd-varlink-metrics.socket' in active_units:
-        call('systemctl stop systemd-networkd-resolve-hook.socket')
+        call('systemctl stop systemd-networkd-varlink-metrics.socket')
         has_network_socket = True
 
     if 'systemd-resolved-monitor.socket' in active_units:
@@ -521,9 +526,10 @@ def setup_system_units():
         for unit in [
                 'systemd-networkd.service',
                 'systemd-networkd.socket',
-                'systemd-networkd-varlink.socket',
-                'systemd-networkd-resolve-hook.socket',
                 'systemd-networkd-persistent-storage.service',
+                'systemd-networkd-resolve-hook.socket',
+                'systemd-networkd-varlink.socket',
+                'systemd-networkd-varlink-metrics.socket',
                 'systemd-resolved.service',
                 'systemd-timesyncd.service',
                 'systemd-udevd.service',
@@ -548,14 +554,6 @@ def setup_system_units():
     create_service_dropin('systemd-timesyncd', timesyncd_bin)
 
     # TODO: also run udevd with sanitizers, valgrind, or coverage
-    create_unit_dropin(
-        'systemd-udevd.service',
-        [
-            '[Service]',
-            'ExecStart=',
-            f'ExecStart=@{udevadm_bin} systemd-udevd',
-        ]
-    )
     create_unit_dropin(
         'systemd-networkd.socket',
         [
@@ -563,20 +561,6 @@ def setup_system_units():
             'StartLimitIntervalSec=0',
         ]
     )
-    create_unit_dropin(
-        'systemd-networkd-varlink.socket',
-        [
-            '[Unit]',
-            'StartLimitIntervalSec=0',
-        ]
-    )
-    create_unit_dropin(
-        'systemd-networkd-resolve-hook.socket',
-        [
-            '[Unit]',
-            'StartLimitIntervalSec=0',
-        ]
-    )
     create_unit_dropin(
         'systemd-networkd-persistent-storage.service',
         [
@@ -590,6 +574,35 @@ def setup_system_units():
             'Environment=SYSTEMD_LOG_LEVEL=debug' if enable_debug else '',
         ]
     )
+    create_unit_dropin(
+        'systemd-networkd-resolve-hook.socket',
+        [
+            '[Unit]',
+            'StartLimitIntervalSec=0',
+        ]
+    )
+    create_unit_dropin(
+        'systemd-networkd-varlink.socket',
+        [
+            '[Unit]',
+            'StartLimitIntervalSec=0',
+        ]
+    )
+    create_unit_dropin(
+        'systemd-networkd-varlink-metrics.socket',
+        [
+            '[Unit]',
+            'StartLimitIntervalSec=0',
+        ]
+    )
+    create_unit_dropin(
+        'systemd-udevd.service',
+        [
+            '[Service]',
+            'ExecStart=',
+            f'ExecStart=@{udevadm_bin} systemd-udevd',
+        ]
+    )
 
     check_output('systemctl daemon-reload')
     print(check_output('systemctl cat systemd-networkd.service'))
@@ -608,9 +621,10 @@ def clear_system_units():
 
     rm_unit('systemd-networkd.service')
     rm_unit('systemd-networkd.socket')
-    rm_unit('systemd-networkd-varlink.socket')
-    rm_unit('systemd-networkd-resolve-hook.socket')
     rm_unit('systemd-networkd-persistent-storage.service')
+    rm_unit('systemd-networkd-resolve-hook.socket')
+    rm_unit('systemd-networkd-varlink.socket')
+    rm_unit('systemd-networkd-varlink-metrics.socket')
     rm_unit('systemd-resolved.service')
     rm_unit('systemd-timesyncd.service')
     rm_unit('systemd-udevd.service')
@@ -995,13 +1009,15 @@ def stop_networkd(show_logs=True, check_failed=True):
 
     if check_failed:
         check_output('systemctl stop systemd-networkd.socket')
-        check_output('systemctl stop systemd-networkd-varlink.socket')
         check_output('systemctl stop systemd-networkd-resolve-hook.socket')
+        check_output('systemctl stop systemd-networkd-varlink.socket')
+        check_output('systemctl stop systemd-networkd-varlink-metrics.socket')
         check_output('systemctl stop systemd-networkd.service')
     else:
         call('systemctl stop systemd-networkd.socket')
-        call('systemctl stop systemd-networkd-varlink.socket')
         call('systemctl stop systemd-networkd-resolve-hook.socket')
+        call('systemctl stop systemd-networkd-varlink.socket')
+        call('systemctl stop systemd-networkd-varlink-metrics.socket')
         call('systemctl stop systemd-networkd.service')
 
     if show_logs:

test/units/TEST-74-AUX-UTILS.varlinkctl.sh

@@ -245,3 +245,9 @@ systemd-run --wait --pipe --user --machine testuser@ \
 
 # test report
 systemd-report
+
+# test io.systemd.Network Metrics
+varlinkctl info /run/systemd/report/io.systemd.Network
+varlinkctl list-methods /run/systemd/report/io.systemd.Network
+varlinkctl --more call /run/systemd/report/io.systemd.Network io.systemd.Metrics.List {}
+varlinkctl --more call /run/systemd/report/io.systemd.Network io.systemd.Metrics.Describe {}

units/meson.build

@@ -497,12 +497,16 @@ units = [
           'file' : 'systemd-networkd-persistent-storage.service',
           'conditions' : ['ENABLE_NETWORKD'],
         },
+        {
+          'file' : 'systemd-networkd-resolve-hook.socket',
+          'conditions' : ['ENABLE_NETWORKD'],
+        },
         {
           'file' : 'systemd-networkd-varlink.socket',
           'conditions' : ['ENABLE_NETWORKD'],
         },
         {
-          'file' : 'systemd-networkd-resolve-hook.socket',
+          'file' : 'systemd-networkd-varlink-metrics.socket',
           'conditions' : ['ENABLE_NETWORKD'],
         },
         {

units/systemd-networkd-varlink-metrics.socket

@@ -0,0 +1,25 @@
+#  SPDX-License-Identifier: LGPL-2.1-or-later
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Network Management Metrics Varlink Socket
+Documentation=man:systemd-networkd.service(8)
+ConditionCapability=CAP_NET_ADMIN
+DefaultDependencies=no
+Before=sockets.target shutdown.target
+Conflicts=shutdown.target
+
+[Socket]
+ListenStream=/run/systemd/report/io.systemd.Network
+FileDescriptorName=varlink-metrics
+SocketMode=0666
+Service=systemd-networkd.service
+
+[Install]
+WantedBy=sockets.target

units/systemd-networkd.service.in

@@ -46,7 +46,7 @@ RestrictRealtime=yes
 RestrictSUIDSGID=yes
 RuntimeDirectory=systemd/netif
 RuntimeDirectoryPreserve=yes
-Sockets=systemd-networkd.socket systemd-networkd-varlink.socket systemd-networkd-resolve-hook.socket
+Sockets=systemd-networkd.socket systemd-networkd-varlink.socket systemd-networkd-varlink-metrics.socket systemd-networkd-resolve-hook.socket
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service bpf
@@ -56,7 +56,7 @@ User=systemd-network
 
 [Install]
 WantedBy=multi-user.target
-Also=systemd-networkd.socket systemd-networkd-varlink.socket systemd-networkd-resolve-hook.socket
+Also=systemd-networkd.socket systemd-networkd-varlink.socket systemd-networkd-varlink-metrics.socket systemd-networkd-resolve-hook.socket
 Alias=dbus-org.freedesktop.network1.service
 
 # The output from this generator is used by udevd and networkd. Enable it by