Compare commits

...

35 Commits

Author SHA1 Message Date
Yu Watanabe b971f3852e network/nexthop: fix argument name
Fixes copy-and-paste error in b5b42b516e.
2024-11-23 17:52:52 +09:00
Yu Watanabe e532319020 network: introduce address_forget() and friends and use it where applicable
No functional change, just refactoring.
2024-11-23 17:52:52 +09:00
Yu Watanabe 559cc2bef9 network/nexthop: drop outdated comment and add one debugging log
All NextHop objects are managed by Manager since
352eba2e49.
2024-11-23 17:52:52 +09:00
Yu Watanabe e5eb3ad653 network/ndisc: unref Route objects that depend on the nexthop
No functional change, as when this function is called, the set will be
freed and contained Route objects will be unref()ed anyway soon later
by nexthop_detach() -> nexthop_free().
Even though, when the routes are forgotten from the Manager, then it is
not necessary to keep them by the nexthop. Let's unref earlier.
2024-11-23 17:52:52 +09:00
Yu Watanabe c9285f3ad7 network/ndisc: constify several arguments and add several assertions
Follow-up for 0f8afaf94d.

No functional change, just for safety.
2024-11-23 17:52:52 +09:00
Yu Watanabe e85a7545af network/nexthop: do not share NextHop.nexthops and NextHop.routes with duplicated object
Otherwise, these may be freed twice.
But, fortunately, when this function is called, both are NULL.
So, this should not change any behavior. But for safety.
2024-11-23 17:52:52 +09:00
Yu Watanabe 7669f20eed network: drop outdated comment
All Route objects are managed by Manager since
8d01e44c1f.
2024-11-23 17:52:52 +09:00
Yu Watanabe 9e05e33871 networkd-test.py: fix interface state checker
After 259125d53d, network interfaces
declared by .netdev files are created after systemd-networkd sends READY
notification. So, even when networkd is started, the netdevs may not
be created yet, and 'ip' command may fail. Let's also check the return
code of the command.

This also
- drops never worked stdout checks,
- makes the test fail if the interface is not created within the timeout.
2024-11-23 17:33:43 +09:00
Lennart Poettering 95116bdfd5 nspawn: improve log message on bad incoming sd_notify() message
It's the PID that is wrong, not the UID/GID, be precise.
2024-11-23 17:33:17 +09:00
Lennart Poettering 2bd290ca02 nspawn: fix userns_mkdir() invocation
The wrong error code was logged.

But actually given that userns_mkdir() is fine with existing dirs, let's
drop the redundant conditionalization.

Follow-up for: a1fcaa1549
2024-11-23 17:33:06 +09:00
Yu Watanabe 1e9fb1d456 shutdown: propagate one more error from sync_making_progress()
No functional change, just refactoring, as anyway all errors will be
ignored by the caller.
2024-11-23 17:32:51 +09:00
Yu Watanabe 56c761f8c6
namespace-util: handle -ENOSPC by userns_acquire() gracefully in is_idmapping_supported() (#35313)
Follow-up for edae62120f.
Fixes #35311.
2024-11-23 17:32:23 +09:00
Yu Watanabe b76730f3fe shutdown: close DM block device before issuing DM_DEV_REMOVE ioctl
Otherwise, the ioctl() may fail with EBUSY.

Follow-up for b4b66b2662.
Hopefully fixes #35243.
2024-11-23 17:31:36 +09:00
Yu Watanabe 3dda236c5c basic/linux: update kernel headers from v6.12 2024-11-23 17:31:12 +09:00
Zbigniew Jędrzejewski-Szmek 5598454a3f Undeprecate commandline params forcequotacheck, fastboot, and forcefsck
Those are historical names, but there is nothing wrong with them. The files on
/ (/fastboot, /forcefsck, and /forcequotacheck) are problematic because they
require a modification of the root file system. But the commandline params work
fine. They have the obvious advantage compared to our "modern" option that they
are much easier to type without looking up the spelling in the docs. Undeprecate
them to avoid unnecessary churn.
2024-11-23 17:30:56 +09:00
Yu Watanabe 2994ca354b namespace-util: update log messages 2024-11-23 06:52:48 +09:00
Yu Watanabe eb14b993bb namespace-util: handle -ENOSPC by userns_acquire() gracefully in is_idmapping_supported()
Follow-up for edae62120f.
Fixes #35311.
2024-11-23 06:52:38 +09:00
Christian Hesse c946b13575 link README.logs from tmpfiles.d/legacy.conf only if available
The file README.logs is installed only if SysVInit support is enabled.
Thus the link should depend on it as well.
2024-11-22 18:33:20 +00:00
Lennart Poettering e39cbb1442 varlink: apparently on old kernels SO_PEERPIDFD returns EINVAL 2024-11-23 03:09:49 +09:00
Marco Tomaschett bc4a027f9c
hwdb: add support for PineTab2 to 60-sensor.hwdb (#35304)
Add accelerometer support for PineTab2
2024-11-23 03:08:06 +09:00
Lennart Poettering d209e197f8
userdbctl: two trivial fixlets (#35296)
Fixes: #35294
2024-11-22 16:06:01 +01:00
Antonio Alvarez Feijoo 9ed090230e tpm2-util: fix parameter name 2024-11-22 16:04:16 +01:00
Luca Boccassi 9bf6ffe166
man: split cryptenroll man page into sections (#35297) 2024-11-22 12:01:07 +00:00
Lennart Poettering 47c5ca237b userdbctl: respect selected disposition also when showing gid boundaries
Follow-up for: ad5de3222f
2024-11-22 11:28:30 +01:00
Lennart Poettering 7f8a4f12df userdbctl: fix counting
Fixes: #35294
2024-11-22 11:28:28 +01:00
Lennart Poettering e412fc5e04 userbdctl: show 'mapped' user range only inside of userns
Outside of userns the concept makes no sense, there cannot be users
mapped from further outside.
2024-11-22 11:28:17 +01:00
Lennart Poettering cc6baba720 cryptenroll: it's called PKCS#11, not PKCS11
In the --help text we really should use the official spelling, just like
in the man page.
2024-11-22 10:42:37 +01:00
Lennart Poettering 3ae48d071c man: add enrollment type sections to cryptenroll man page
We have the same sections in the --help text, hence we even more so
should have them in the man page.
2024-11-22 10:42:37 +01:00
Antonio Alvarez Feijoo 2ccacdd57c bash-completion: add --list-devices to systemd-cryptenroll
And also use it to list suitable block devices.
2024-11-22 10:38:19 +01:00
Yu Watanabe d99198819c core/service: service_add_fd_store() consumes passed fd
Without this change, the fd is closed twice on failure.

Fixes a bug introduced by dff9808a62.

Fixes #35288.
2024-11-22 04:15:51 +01:00
Tobias Zimmermann f70e5620b6 hwdb: Add quirk for Logitech MX Keys for Mac
The KEY_102ND and KEY_GRAVE keys are switched on the
Logitech MX Keys for Mac, so switch them back
2024-11-21 21:16:07 +01:00
Zbigniew Jędrzejewski-Szmek 3127c71bf4
Keep tmpfiles/legacy.conf even if SysVInit support is dropped (#35278) 2024-11-21 21:13:50 +01:00
Yuri Chornoivan b153eebfb2 po: Translated using Weblate (Ukrainian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/uk/
Translation: systemd/main
2024-11-22 05:02:16 +09:00
Zbigniew Jędrzejewski-Szmek 2c06e40ae9 tmpfiles: add period at end of the sentence
The license that is immediately above is properly punctuated and it looks
sloppy when our line below isn't.
2024-11-21 18:35:18 +01:00
Zbigniew Jędrzejewski-Szmek 5ca9149464 tmpfiles: narrow scope of HAVE_SYSV_COMPAT condition for legacy.conf
That file contains a bunch of entries of which only some are related to SysV.
The rest are just "traditional APIs" that need to stay. In particular,
/var/lock a.k.a. /run/lock is used by many programs (LVM, iscsi, alsactl).
Similarly, the README about /var/log is something that should stay as long as
we have people migrating from older systems or using the copiuos documentation
that mentions /var/log/messages.txt on the Internet.

/var/lock/subsys is only used by sysvinit, and our code to support /forcefsck,
/fastboot, and /forcequotacheck is conditionalized on HAVE_SYSV_COMPAT, so
conditionalize those here on HAVE_SYSV_COMPAT too.
2024-11-21 18:32:46 +01:00
55 changed files with 424 additions and 335 deletions

View File

@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
KEYBOARD_KEY_c01b6=images # My Pictures (F11) KEYBOARD_KEY_c01b6=images # My Pictures (F11)
KEYBOARD_KEY_c01b7=audio # My Music (F12) KEYBOARD_KEY_c01b7=audio # My Music (F12)
# Logitech MX Keys for Mac
evdev:input:b0003v046Dp4092*
KEYBOARD_KEY_70035=102nd # '<' key
KEYBOARD_KEY_70064=grave # '^' key
########################################################### ###########################################################
# Maxdata # Maxdata
########################################################### ###########################################################

View File

@ -953,6 +953,15 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:* sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
#########################################
# Pine64
#########################################
# PineTab2
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
######################################### #########################################
# Pipo # Pipo
######################################### #########################################

View File

@ -265,32 +265,11 @@
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Options</title> <title>Unlocking</title>
<para>The following options are understood:</para> <para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
<variablelist> <variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term> <term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
@ -328,7 +307,45 @@
<xi:include href="version-info.xml" xpointer="v256"/></listitem> <xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Simple Enrollment</title>
<para>The following options are understood that may be used to enroll simple user input based
unlocking:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PKCS#11 Enrollment</title>
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term> <term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
@ -361,7 +378,15 @@
<xi:include href="version-info.xml" xpointer="v248"/></listitem> <xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FIDO2 Enrollment</title>
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term> <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
<listitem><para>Specify COSE algorithm used in credential generation. The default value is <listitem><para>Specify COSE algorithm used in credential generation. The default value is
@ -461,7 +486,15 @@
<xi:include href="version-info.xml" xpointer="v249"/></listitem> <xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>TPM2 Enrollment</title>
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term> <term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
@ -636,7 +669,15 @@
<xi:include href="version-info.xml" xpointer="v255"/></listitem> <xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Other Options</title>
<para>The following additional options are understood:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term> <term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>

View File

@ -9,8 +9,8 @@ msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n" "PO-Revision-Date: 2024-11-21 19:38+0000\n"
"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
"systemd/main/uk/>\n" "systemd/main/uk/>\n"
"Language: uk\n" "Language: uk\n"
@ -120,11 +120,11 @@ msgstr "Для оновлення домашньої теки користува
#: src/home/org.freedesktop.home1.policy:53 #: src/home/org.freedesktop.home1.policy:53
msgid "Update your home area" msgid "Update your home area"
msgstr "Оновіть свій домашній простір" msgstr "Оновлення домашньої області"
#: src/home/org.freedesktop.home1.policy:54 #: src/home/org.freedesktop.home1.policy:54
msgid "Authentication is required to update your home area." msgid "Authentication is required to update your home area."
msgstr "Для оновлення домашньої області потрібна автентифікація." msgstr "Для оновлення домашньої області слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:63 #: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area" msgid "Resize a home area"
@ -1215,7 +1215,7 @@ msgstr "Керування додатковими функціями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "Для керування додатковими функціями потрібна автентифікація" msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -38,19 +38,12 @@ __get_tpm2_devices() {
done done
} }
__get_block_devices() {
local i
for i in /dev/*; do
[ -b "$i" ] && printf '%s\n' "$i"
done
}
_systemd_cryptenroll() { _systemd_cryptenroll() {
local comps local comps
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
local -A OPTS=( local -A OPTS=(
[STANDALONE]='-h --help --version [STANDALONE]='-h --help --version
--password --recovery-key' --password --recovery-key --list-devices'
[ARG]='--unlock-key-file [ARG]='--unlock-key-file
--unlock-fido2-device --unlock-fido2-device
--unlock-tpm2-device --unlock-tpm2-device
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
return 0 return 0
fi fi
comps=$(__get_block_devices) comps=$(systemd-cryptenroll --list-devices)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0 return 0
} }

View File

@ -21,7 +21,7 @@
#define AUTOFS_MIN_PROTO_VERSION 3 #define AUTOFS_MIN_PROTO_VERSION 3
#define AUTOFS_MAX_PROTO_VERSION 5 #define AUTOFS_MAX_PROTO_VERSION 5
#define AUTOFS_PROTO_SUBVERSION 5 #define AUTOFS_PROTO_SUBVERSION 6
/* /*
* The wait_queue_token (autofs_wqt_t) is part of a structure which is passed * The wait_queue_token (autofs_wqt_t) is part of a structure which is passed

View File

@ -1121,6 +1121,9 @@ enum bpf_attach_type {
#define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE #define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE
/* Add BPF_LINK_TYPE(type, name) in bpf_types.h to keep bpf_link_type_strs[]
* in sync with the definitions below.
*/
enum bpf_link_type { enum bpf_link_type {
BPF_LINK_TYPE_UNSPEC = 0, BPF_LINK_TYPE_UNSPEC = 0,
BPF_LINK_TYPE_RAW_TRACEPOINT = 1, BPF_LINK_TYPE_RAW_TRACEPOINT = 1,
@ -2851,7 +2854,7 @@ union bpf_attr {
* **TCP_SYNCNT**, **TCP_USER_TIMEOUT**, **TCP_NOTSENT_LOWAT**, * **TCP_SYNCNT**, **TCP_USER_TIMEOUT**, **TCP_NOTSENT_LOWAT**,
* **TCP_NODELAY**, **TCP_MAXSEG**, **TCP_WINDOW_CLAMP**, * **TCP_NODELAY**, **TCP_MAXSEG**, **TCP_WINDOW_CLAMP**,
* **TCP_THIN_LINEAR_TIMEOUTS**, **TCP_BPF_DELACK_MAX**, * **TCP_THIN_LINEAR_TIMEOUTS**, **TCP_BPF_DELACK_MAX**,
* **TCP_BPF_RTO_MIN**. * **TCP_BPF_RTO_MIN**, **TCP_BPF_SOCK_OPS_CB_FLAGS**.
* * **IPPROTO_IP**, which supports *optname* **IP_TOS**. * * **IPPROTO_IP**, which supports *optname* **IP_TOS**.
* * **IPPROTO_IPV6**, which supports the following *optname*\ s: * * **IPPROTO_IPV6**, which supports the following *optname*\ s:
* **IPV6_TCLASS**, **IPV6_AUTOFLOWLABEL**. * **IPV6_TCLASS**, **IPV6_AUTOFLOWLABEL**.
@ -5519,11 +5522,12 @@ union bpf_attr {
* **-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if * **-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if
* invalid arguments are passed. * invalid arguments are passed.
* *
* void *bpf_kptr_xchg(void *map_value, void *ptr) * void *bpf_kptr_xchg(void *dst, void *ptr)
* Description * Description
* Exchange kptr at pointer *map_value* with *ptr*, and return the * Exchange kptr at pointer *dst* with *ptr*, and return the old value.
* old value. *ptr* can be NULL, otherwise it must be a referenced * *dst* can be map value or local kptr. *ptr* can be NULL, otherwise
* pointer which will be released when this helper is called. * it must be a referenced pointer which will be released when this helper
* is called.
* Return * Return
* The old value of kptr (which can be NULL). The returned pointer * The old value of kptr (which can be NULL). The returned pointer
* if not NULL, is a reference which must be released using its * if not NULL, is a reference which must be released using its
@ -6046,11 +6050,6 @@ enum {
BPF_F_MARK_ENFORCE = (1ULL << 6), BPF_F_MARK_ENFORCE = (1ULL << 6),
}; };
/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */
enum {
BPF_F_INGRESS = (1ULL << 0),
};
/* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */ /* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */
enum { enum {
BPF_F_TUNINFO_IPV6 = (1ULL << 0), BPF_F_TUNINFO_IPV6 = (1ULL << 0),
@ -6197,10 +6196,12 @@ enum {
BPF_F_BPRM_SECUREEXEC = (1ULL << 0), BPF_F_BPRM_SECUREEXEC = (1ULL << 0),
}; };
/* Flags for bpf_redirect_map helper */ /* Flags for bpf_redirect and bpf_redirect_map helpers */
enum { enum {
BPF_F_BROADCAST = (1ULL << 3), BPF_F_INGRESS = (1ULL << 0), /* used for skb path */
BPF_F_EXCLUDE_INGRESS = (1ULL << 4), BPF_F_BROADCAST = (1ULL << 3), /* used for XDP path */
BPF_F_EXCLUDE_INGRESS = (1ULL << 4), /* used for XDP path */
#define BPF_F_REDIRECT_FLAGS (BPF_F_INGRESS | BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS)
}; };
#define __bpf_md_ptr(type, name) \ #define __bpf_md_ptr(type, name) \
@ -7080,6 +7081,7 @@ enum {
TCP_BPF_SYN = 1005, /* Copy the TCP header */ TCP_BPF_SYN = 1005, /* Copy the TCP header */
TCP_BPF_SYN_IP = 1006, /* Copy the IP[46] and TCP header */ TCP_BPF_SYN_IP = 1006, /* Copy the IP[46] and TCP header */
TCP_BPF_SYN_MAC = 1007, /* Copy the MAC, IP[46], and TCP header */ TCP_BPF_SYN_MAC = 1007, /* Copy the MAC, IP[46], and TCP header */
TCP_BPF_SOCK_OPS_CB_FLAGS = 1008, /* Get or Set TCP sock ops flags */
}; };
enum { enum {
@ -7512,4 +7514,13 @@ struct bpf_iter_num {
__u64 __opaque[1]; __u64 __opaque[1];
} __attribute__((aligned(8))); } __attribute__((aligned(8)));
/*
* Flags to control BPF kfunc behaviour.
* - BPF_F_PAD_ZEROS: Pad destination buffer with zeros. (See the respective
* helper documentation for details.)
*/
enum bpf_kfunc_flags {
BPF_F_PAD_ZEROS = (1ULL << 0),
};
#endif /* __LINUX_BPF_H__ */ #endif /* __LINUX_BPF_H__ */

View File

@ -28,6 +28,23 @@
#define _BITUL(x) (_UL(1) << (x)) #define _BITUL(x) (_UL(1) << (x))
#define _BITULL(x) (_ULL(1) << (x)) #define _BITULL(x) (_ULL(1) << (x))
#if !defined(__ASSEMBLY__)
/*
* Missing __asm__ support
*
* __BIT128() would not work in the __asm__ code, as it shifts an
* 'unsigned __init128' data type as direct representation of
* 128 bit constants is not supported in the gcc compiler, as
* they get silently truncated.
*
* TODO: Please revisit this implementation when gcc compiler
* starts representing 128 bit constants directly like long
* and unsigned long etc. Subsequently drop the comment for
* GENMASK_U128() which would then start supporting __asm__ code.
*/
#define _BIT128(x) ((unsigned __int128)(1) << (x))
#endif
#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1) #define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1)
#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) #define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))

View File

@ -2531,4 +2531,20 @@ struct ethtool_link_settings {
* __u32 map_lp_advertising[link_mode_masks_nwords]; * __u32 map_lp_advertising[link_mode_masks_nwords];
*/ */
}; };
/**
* enum phy_upstream - Represents the upstream component a given PHY device
* is connected to, as in what is on the other end of the MII bus. Most PHYs
* will be attached to an Ethernet MAC controller, but in some cases, there's
* an intermediate PHY used as a media-converter, which will driver another
* MII interface as its output.
* @PHY_UPSTREAM_MAC: Upstream component is a MAC (a switch port,
* or ethernet controller)
* @PHY_UPSTREAM_PHY: Upstream component is a PHY (likely a media converter)
*/
enum phy_upstream {
PHY_UPSTREAM_MAC,
PHY_UPSTREAM_PHY,
};
#endif /* _LINUX_ETHTOOL_H */ #endif /* _LINUX_ETHTOOL_H */

View File

@ -67,6 +67,7 @@ enum {
FRA_IP_PROTO, /* ip proto */ FRA_IP_PROTO, /* ip proto */
FRA_SPORT_RANGE, /* sport */ FRA_SPORT_RANGE, /* sport */
FRA_DPORT_RANGE, /* dport */ FRA_DPORT_RANGE, /* dport */
FRA_DSCP, /* dscp */
__FRA_MAX __FRA_MAX
}; };

View File

@ -230,8 +230,8 @@ struct tpacket_hdr_v1 {
* ts_first_pkt: * ts_first_pkt:
* Is always the time-stamp when the block was opened. * Is always the time-stamp when the block was opened.
* Case a) ZERO packets * Case a) ZERO packets
* No packets to deal with but atleast you know the * No packets to deal with but at least you know
* time-interval of this block. * the time-interval of this block.
* Case b) Non-zero packets * Case b) Non-zero packets
* Use the ts of the first packet in the block. * Use the ts of the first packet in the block.
* *
@ -265,7 +265,8 @@ enum tpacket_versions {
- struct tpacket_hdr - struct tpacket_hdr
- pad to TPACKET_ALIGNMENT=16 - pad to TPACKET_ALIGNMENT=16
- struct sockaddr_ll - struct sockaddr_ll
- Gap, chosen so that packet data (Start+tp_net) alignes to TPACKET_ALIGNMENT=16 - Gap, chosen so that packet data (Start+tp_net) aligns to
TPACKET_ALIGNMENT=16
- Start+tp_mac: [ Optional MAC header ] - Start+tp_mac: [ Optional MAC header ]
- Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16. - Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16.
- Pad to align to TPACKET_ALIGNMENT=16 - Pad to align to TPACKET_ALIGNMENT=16

View File

@ -141,7 +141,7 @@ struct in_addr {
*/ */
#define IP_PMTUDISC_INTERFACE 4 #define IP_PMTUDISC_INTERFACE 4
/* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get /* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get
* fragmented if they exeed the interface mtu * fragmented if they exceed the interface mtu
*/ */
#define IP_PMTUDISC_OMIT 5 #define IP_PMTUDISC_OMIT 5

View File

@ -140,25 +140,6 @@
#endif /* _NETINET_IN_H */ #endif /* _NETINET_IN_H */
/* Coordinate with glibc netipx/ipx.h header. */
#if defined(__NETIPX_IPX_H)
#define __UAPI_DEF_SOCKADDR_IPX 0
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 0
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 0
#define __UAPI_DEF_IPX_CONFIG_DATA 0
#define __UAPI_DEF_IPX_ROUTE_DEF 0
#else /* defined(__NETIPX_IPX_H) */
#define __UAPI_DEF_SOCKADDR_IPX 1
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
#define __UAPI_DEF_IPX_CONFIG_DATA 1
#define __UAPI_DEF_IPX_ROUTE_DEF 1
#endif /* defined(__NETIPX_IPX_H) */
/* Definitions for xattr.h */ /* Definitions for xattr.h */
#if defined(_SYS_XATTR_H) #if defined(_SYS_XATTR_H)
#define __UAPI_DEF_XATTR 0 #define __UAPI_DEF_XATTR 0
@ -240,23 +221,6 @@
#define __UAPI_DEF_IP6_MTUINFO 1 #define __UAPI_DEF_IP6_MTUINFO 1
#endif #endif
/* Definitions for ipx.h */
#ifndef __UAPI_DEF_SOCKADDR_IPX
#define __UAPI_DEF_SOCKADDR_IPX 1
#endif
#ifndef __UAPI_DEF_IPX_ROUTE_DEFINITION
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
#endif
#ifndef __UAPI_DEF_IPX_INTERFACE_DEFINITION
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
#endif
#ifndef __UAPI_DEF_IPX_CONFIG_DATA
#define __UAPI_DEF_IPX_CONFIG_DATA 1
#endif
#ifndef __UAPI_DEF_IPX_ROUTE_DEF
#define __UAPI_DEF_IPX_ROUTE_DEF 1
#endif
/* Definitions for xattr.h */ /* Definitions for xattr.h */
#ifndef __UAPI_DEF_XATTR #ifndef __UAPI_DEF_XATTR
#define __UAPI_DEF_XATTR 1 #define __UAPI_DEF_XATTR 1

View File

@ -436,7 +436,7 @@ enum nft_set_elem_flags {
* @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data) * @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data)
* @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes) * @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes)
* @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32) * @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32)
* @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64) * @NFTA_SET_ELEM_TIMEOUT: timeout value, zero means never times out (NLA_U64)
* @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64) * @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64)
* @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY) * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY)
* @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes) * @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes)
@ -1694,7 +1694,7 @@ enum nft_flowtable_flags {
* *
* @NFTA_FLOWTABLE_TABLE: name of the table containing the expression (NLA_STRING) * @NFTA_FLOWTABLE_TABLE: name of the table containing the expression (NLA_STRING)
* @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING) * @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING)
* @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32) * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration (NLA_NESTED)
* @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32) * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32)
* @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64) * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64)
* @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32) * @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32)

View File

@ -16,10 +16,15 @@ struct nhmsg {
struct nexthop_grp { struct nexthop_grp {
__u32 id; /* nexthop id - must exist */ __u32 id; /* nexthop id - must exist */
__u8 weight; /* weight of this nexthop */ __u8 weight; /* weight of this nexthop */
__u8 resvd1; __u8 weight_high; /* high order bits of weight */
__u16 resvd2; __u16 resvd2;
}; };
static __inline__ __u16 nexthop_grp_weight(const struct nexthop_grp *entry)
{
return ((entry->weight_high << 8) | entry->weight) + 1;
}
enum { enum {
NEXTHOP_GRP_TYPE_MPATH, /* hash-threshold nexthop group NEXTHOP_GRP_TYPE_MPATH, /* hash-threshold nexthop group
* default type if not specified * default type if not specified
@ -33,6 +38,9 @@ enum {
#define NHA_OP_FLAG_DUMP_STATS BIT(0) #define NHA_OP_FLAG_DUMP_STATS BIT(0)
#define NHA_OP_FLAG_DUMP_HW_STATS BIT(1) #define NHA_OP_FLAG_DUMP_HW_STATS BIT(1)
/* Response OP_FLAGS. */
#define NHA_OP_FLAG_RESP_GRP_RESVD_0 BIT(31) /* Dump clears resvd fields. */
enum { enum {
NHA_UNSPEC, NHA_UNSPEC,
NHA_ID, /* u32; id for nexthop. id == 0 means auto-assign */ NHA_ID, /* u32; id for nexthop. id == 0 means auto-assign */

View File

@ -531,20 +531,24 @@ int is_idmapping_supported(const char *path) {
userns_fd = userns_acquire(uid_map, gid_map); userns_fd = userns_acquire(uid_map, gid_map);
if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd)) if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd))
return false; return false;
if (userns_fd == -ENOSPC) {
log_debug_errno(userns_fd, "Failed to acquire new user namespace, user.max_user_namespaces seems to be exhausted or maybe even zero, assuming ID-mapping is not supported: %m");
return false;
}
if (userns_fd < 0) if (userns_fd < 0)
return log_debug_errno(userns_fd, "ID-mapping supported namespace acquire failed for '%s' : %m", path); return log_debug_errno(userns_fd, "Failed to acquire new user namespace for checking if '%s' supports ID-mapping: %m", path);
dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW)); dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd)) if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd))
return false; return false;
if (dir_fd < 0) if (dir_fd < 0)
return log_debug_errno(dir_fd, "ID-mapping supported open failed for '%s' : %m", path); return log_debug_errno(dir_fd, "Failed to open '%s', cannot determine if ID-mapping is supported: %m", path);
mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC)); mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC));
if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL) if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL)
return false; return false;
if (mount_fd < 0) if (mount_fd < 0)
return log_debug_errno(mount_fd, "ID-mapping supported open_tree failed for '%s' : %m", path); return log_debug_errno(mount_fd, "Failed to open mount tree '%s', cannot determine if ID-mapping is supported: %m", path);
r = RET_NERRNO(mount_setattr(mount_fd, "", AT_EMPTY_PATH, r = RET_NERRNO(mount_setattr(mount_fd, "", AT_EMPTY_PATH,
&(struct mount_attr) { &(struct mount_attr) {
@ -554,7 +558,7 @@ int is_idmapping_supported(const char *path) {
if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL) if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL)
return false; return false;
if (r < 0) if (r < 0)
return log_debug_errno(r, "ID-mapping supported setattr failed for '%s' : %m", path); return log_debug_errno(r, "Failed to set mount attribute to '%s', cannot determine if ID-mapping is supported: %m", path);
return true; return true;
} }

View File

@ -3426,14 +3426,12 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
return 0; return 0;
} }
r = service_add_fd_store(s, fd, fdn, do_poll); r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
if (r < 0) { if (r < 0) {
log_unit_debug_errno(u, r, log_unit_debug_errno(u, r,
"Failed to store deserialized fd '%s', ignoring: %m", fdn); "Failed to store deserialized fd '%s', ignoring: %m", fdn);
return 0; return 0;
} }
TAKE_FD(fd);
} else if (streq(key, "extra-fd")) { } else if (streq(key, "extra-fd")) {
_cleanup_free_ char *fdv = NULL, *fdn = NULL; _cleanup_free_ char *fdv = NULL, *fdn = NULL;
_cleanup_close_ int fd = -EBADF; _cleanup_close_ int fd = -EBADF;

View File

@ -193,7 +193,7 @@ static int help(void) {
"\n%3$sSimple Enrollment:%4$s\n" "\n%3$sSimple Enrollment:%4$s\n"
" --password Enroll a user-supplied password\n" " --password Enroll a user-supplied password\n"
" --recovery-key Enroll a recovery key\n" " --recovery-key Enroll a recovery key\n"
"\n%3$sPKCS11 Enrollment:%4$s\n" "\n%3$sPKCS#11 Enrollment:%4$s\n"
" --pkcs11-token-uri=URI\n" " --pkcs11-token-uri=URI\n"
" Specify PKCS#11 security token URI\n" " Specify PKCS#11 security token URI\n"
"\n%3$sFIDO2 Enrollment:%4$s\n" "\n%3$sFIDO2 Enrollment:%4$s\n"

View File

@ -98,16 +98,11 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
} }
} }
#if HAVE_SYSV_COMPAT else if (streq(key, "fastboot") && !value)
else if (streq(key, "fastboot") && !value) {
log_warning("Please pass 'fsck.mode=skip' rather than 'fastboot' on the kernel command line.");
arg_skip = true; arg_skip = true;
} else if (streq(key, "forcefsck") && !value) { else if (streq(key, "forcefsck") && !value)
log_warning("Please pass 'fsck.mode=force' rather than 'forcefsck' on the kernel command line.");
arg_force = true; arg_force = true;
}
#endif
return 0; return 0;
} }

View File

@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
int pidfd = sd_varlink_get_peer_pidfd(v); int pidfd = sd_varlink_get_peer_pidfd(v);
if (pidfd < 0) { if (pidfd < 0) {
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd)) if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
return pidfd; return pidfd;
pid_t pid; pid_t pid;

View File

@ -1129,6 +1129,23 @@ void log_address_debug(const Address *address, const char *str, const Link *link
address->family == AF_INET ? strna(address->label) : ""); address->family == AF_INET ? strna(address->label) : "");
} }
static void address_forget(Link *link, Address *address, bool removed_by_us, const char *msg) {
assert(link);
assert(address);
assert(msg);
Request *req;
if (address_get_request(link, address, &req) >= 0)
address_enter_removed(req->userdata);
if (!address->link && address_get(link, address, &address) < 0)
return;
address_enter_removed(address);
log_address_debug(address, msg, link);
(void) address_drop(address, removed_by_us);
}
static int address_set_netlink_message(const Address *address, sd_netlink_message *m, Link *link) { static int address_set_netlink_message(const Address *address, sd_netlink_message *m, Link *link) {
uint32_t flags; uint32_t flags;
int r; int r;
@ -1181,16 +1198,8 @@ static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, Remov
(r == -EADDRNOTAVAIL || !address->link) ? LOG_DEBUG : LOG_WARNING, (r == -EADDRNOTAVAIL || !address->link) ? LOG_DEBUG : LOG_WARNING,
r, "Could not drop address"); r, "Could not drop address");
if (address->link) {
/* If the address cannot be removed, then assume the address is already removed. */ /* If the address cannot be removed, then assume the address is already removed. */
log_address_debug(address, "Forgetting", link); address_forget(link, address, /* removed_by_us = */ true, "Forgetting");
Request *req;
if (address_get_request(link, address, &req) >= 0)
address_enter_removed(req->userdata);
(void) address_drop(address, /* removed_by_us = */ true);
}
} }
return 1; return 1;
@ -1775,14 +1784,7 @@ int link_request_static_addresses(Link *link) {
} }
int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) { int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) {
_cleanup_(address_unrefp) Address *tmp = NULL; int r;
struct ifa_cacheinfo cinfo;
Link *link;
uint16_t type;
Address *address = NULL;
Request *req = NULL;
bool is_new = false, update_dhcp4;
int ifindex, r;
assert(rtnl); assert(rtnl);
assert(message); assert(message);
@ -1796,6 +1798,7 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
uint16_t type;
r = sd_netlink_message_get_type(message, &type); r = sd_netlink_message_get_type(message, &type);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "rtnl: could not get message type, ignoring: %m"); log_warning_errno(r, "rtnl: could not get message type, ignoring: %m");
@ -1805,6 +1808,7 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
int ifindex;
r = sd_rtnl_message_addr_get_ifindex(message, &ifindex); r = sd_rtnl_message_addr_get_ifindex(message, &ifindex);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m"); log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m");
@ -1814,6 +1818,7 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
Link *link;
r = link_get_by_index(m, ifindex, &link); r = link_get_by_index(m, ifindex, &link);
if (r < 0) { if (r < 0) {
/* when enumerating we might be out of sync, but we will get the address again, so just /* when enumerating we might be out of sync, but we will get the address again, so just
@ -1823,6 +1828,7 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
_cleanup_(address_unrefp) Address *tmp = NULL;
r = address_new(&tmp); r = address_new(&tmp);
if (r < 0) if (r < 0)
return log_oom(); return log_oom();
@ -1890,28 +1896,22 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message,
assert_not_reached(); assert_not_reached();
} }
update_dhcp4 = tmp->family == AF_INET6; /* Then, find the managed Address object corresponding to the received address. */
Address *address = NULL;
/* Then, find the managed Address and Request objects corresponding to the received address. */
(void) address_get(link, tmp, &address); (void) address_get(link, tmp, &address);
(void) address_get_request(link, tmp, &req);
if (type == RTM_DELADDR) { if (type == RTM_DELADDR) {
if (address) { if (address)
bool removed_by_us = FLAGS_SET(address->state, NETWORK_CONFIG_STATE_REMOVING); address_forget(link, address,
/* removed_by_us = */ FLAGS_SET(address->state, NETWORK_CONFIG_STATE_REMOVING),
address_enter_removed(address); "Forgetting removed");
log_address_debug(address, "Forgetting removed", link); else
(void) address_drop(address, removed_by_us);
} else
log_address_debug(tmp, "Kernel removed unknown", link); log_address_debug(tmp, "Kernel removed unknown", link);
if (req)
address_enter_removed(req->userdata);
goto finalize; goto finalize;
} }
bool is_new = false;
if (!address) { if (!address) {
/* If we did not know the address, then save it. */ /* If we did not know the address, then save it. */
r = address_attach(link, tmp); r = address_attach(link, tmp);
@ -1931,6 +1931,8 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message,
} }
/* Also update information that cannot be obtained through netlink notification. */ /* Also update information that cannot be obtained through netlink notification. */
Request *req = NULL;
(void) address_get_request(link, tmp, &req);
if (req && req->waiting_reply) { if (req && req->waiting_reply) {
Address *a = ASSERT_PTR(req->userdata); Address *a = ASSERT_PTR(req->userdata);
@ -1978,6 +1980,7 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message,
} else if (r < 0) } else if (r < 0)
log_link_debug_errno(link, r, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m"); log_link_debug_errno(link, r, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m");
struct ifa_cacheinfo cinfo;
r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo); r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo);
if (r >= 0) if (r >= 0)
address_set_lifetime(m, address, &cinfo); address_set_lifetime(m, address, &cinfo);
@ -2000,7 +2003,7 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message,
link_enter_failed(link); link_enter_failed(link);
finalize: finalize:
if (update_dhcp4) { if (tmp->family == AF_INET6) {
r = dhcp4_update_ipv6_connectivity(link); r = dhcp4_update_ipv6_connectivity(link);
if (r < 0) { if (r < 0) {
log_link_warning_errno(link, r, "Failed to notify IPv6 connectivity to DHCPv4 client: %m"); log_link_warning_errno(link, r, "Failed to notify IPv6 connectivity to DHCPv4 client: %m");

View File

@ -705,10 +705,6 @@ Manager* manager_free(Manager *m) {
sd_netlink_unref(m->genl); sd_netlink_unref(m->genl);
sd_resolve_unref(m->resolve); sd_resolve_unref(m->resolve);
/* reject (e.g. unreachable) type routes are managed by Manager, but may be referenced by a
* link. E.g., DHCP6 with prefix delegation creates unreachable routes, and they are referenced
* by the upstream link. And the links may be referenced by netlink slots. Hence, two
* set_free() must be called after the above sd_netlink_unref(). */
m->routes = set_free(m->routes); m->routes = set_free(m->routes);
m->nexthops_by_id = hashmap_free(m->nexthops_by_id); m->nexthops_by_id = hashmap_free(m->nexthops_by_id);

View File

@ -215,7 +215,7 @@ static int ndisc_remove_unused_nexthops(Link *link) {
#define NDISC_NEXTHOP_APP_ID SD_ID128_MAKE(76,d2,0f,1f,76,1e,44,d1,97,3a,52,5c,05,68,b5,0d) #define NDISC_NEXTHOP_APP_ID SD_ID128_MAKE(76,d2,0f,1f,76,1e,44,d1,97,3a,52,5c,05,68,b5,0d)
static uint32_t ndisc_generate_nexthop_id(NextHop *nexthop, Link *link, sd_id128_t app_id, uint64_t trial) { static uint32_t ndisc_generate_nexthop_id(const NextHop *nexthop, Link *link, sd_id128_t app_id, uint64_t trial) {
assert(nexthop); assert(nexthop);
assert(link); assert(link);
@ -232,7 +232,7 @@ static uint32_t ndisc_generate_nexthop_id(NextHop *nexthop, Link *link, sd_id128
return (uint32_t) ((result & 0xffffffff) ^ (result >> 32)); return (uint32_t) ((result & 0xffffffff) ^ (result >> 32));
} }
static bool ndisc_nexthop_equal(NextHop *a, NextHop *b) { static bool ndisc_nexthop_equal(const NextHop *a, const NextHop *b) {
assert(a); assert(a);
assert(b); assert(b);
@ -250,9 +250,11 @@ static bool ndisc_nexthop_equal(NextHop *a, NextHop *b) {
return true; return true;
} }
static bool ndisc_take_nexthop_id(NextHop *nexthop, NextHop *existing, Manager *manager) { static bool ndisc_take_nexthop_id(NextHop *nexthop, const NextHop *existing, Manager *manager) {
assert(nexthop); assert(nexthop);
assert(nexthop->id == 0);
assert(existing); assert(existing);
assert(existing->id > 0);
assert(manager); assert(manager);
if (!ndisc_nexthop_equal(nexthop, existing)) if (!ndisc_nexthop_equal(nexthop, existing))
@ -300,7 +302,7 @@ static int ndisc_nexthop_find_id(NextHop *nexthop, Link *link) {
return false; return false;
} }
static int ndisc_nexthop_new(Route *route, Link *link, NextHop **ret) { static int ndisc_nexthop_new(const Route *route, Link *link, NextHop **ret) {
_cleanup_(nexthop_unrefp) NextHop *nexthop = NULL; _cleanup_(nexthop_unrefp) NextHop *nexthop = NULL;
int r; int r;

View File

@ -247,6 +247,23 @@ static void log_neighbor_debug(const Neighbor *neighbor, const char *str, const
IN_ADDR_TO_STRING(neighbor->dst_addr.family, &neighbor->dst_addr.address)); IN_ADDR_TO_STRING(neighbor->dst_addr.family, &neighbor->dst_addr.address));
} }
static void neighbor_forget(Link *link, Neighbor *neighbor, const char *msg) {
assert(link);
assert(neighbor);
assert(msg);
Request *req;
if (neighbor_get_request(link, neighbor, &req) >= 0)
neighbor_enter_removed(req->userdata);
if (!neighbor->link && neighbor_get(link, neighbor, &neighbor) < 0)
return;
neighbor_enter_removed(neighbor);
log_neighbor_debug(neighbor, "Forgetting", link);
neighbor_detach(neighbor);
}
static int neighbor_configure(Neighbor *neighbor, Link *link, Request *req) { static int neighbor_configure(Neighbor *neighbor, Link *link, Request *req) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r; int r;
@ -421,16 +438,8 @@ static int neighbor_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, Remo
(r == -ESRCH || !neighbor->link) ? LOG_DEBUG : LOG_WARNING, (r == -ESRCH || !neighbor->link) ? LOG_DEBUG : LOG_WARNING,
r, "Could not remove neighbor"); r, "Could not remove neighbor");
if (neighbor->link) {
/* If the neighbor cannot be removed, then assume the neighbor is already removed. */ /* If the neighbor cannot be removed, then assume the neighbor is already removed. */
log_neighbor_debug(neighbor, "Forgetting", link); neighbor_forget(link, neighbor, "Forgetting");
Request *req;
if (neighbor_get_request(link, neighbor, &req) >= 0)
neighbor_enter_removed(req->userdata);
neighbor_detach(neighbor);
}
} }
return 1; return 1;
@ -529,13 +538,7 @@ int link_drop_static_neighbors(Link *link) {
} }
int manager_rtnl_process_neighbor(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) { int manager_rtnl_process_neighbor(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) {
_cleanup_(neighbor_unrefp) Neighbor *tmp = NULL; int r;
Neighbor *neighbor = NULL;
Request *req = NULL;
uint16_t type, state;
bool is_new = false;
int ifindex, r;
Link *link;
assert(rtnl); assert(rtnl);
assert(message); assert(message);
@ -549,6 +552,7 @@ int manager_rtnl_process_neighbor(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
uint16_t type;
r = sd_netlink_message_get_type(message, &type); r = sd_netlink_message_get_type(message, &type);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "rtnl: could not get message type, ignoring: %m"); log_warning_errno(r, "rtnl: could not get message type, ignoring: %m");
@ -558,6 +562,7 @@ int manager_rtnl_process_neighbor(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
uint16_t state;
r = sd_rtnl_message_neigh_get_state(message, &state); r = sd_rtnl_message_neigh_get_state(message, &state);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "rtnl: received neighbor message with invalid state, ignoring: %m"); log_warning_errno(r, "rtnl: received neighbor message with invalid state, ignoring: %m");
@ -566,6 +571,7 @@ int manager_rtnl_process_neighbor(sd_netlink *rtnl, sd_netlink_message *message,
/* Currently, we are interested in only static neighbors. */ /* Currently, we are interested in only static neighbors. */
return 0; return 0;
int ifindex;
r = sd_rtnl_message_neigh_get_ifindex(message, &ifindex); r = sd_rtnl_message_neigh_get_ifindex(message, &ifindex);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m"); log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m");
@ -575,12 +581,14 @@ int manager_rtnl_process_neighbor(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
Link *link;
r = link_get_by_index(m, ifindex, &link); r = link_get_by_index(m, ifindex, &link);
if (r < 0) if (r < 0)
/* when enumerating we might be out of sync, but we will get the neighbor again. Also, /* when enumerating we might be out of sync, but we will get the neighbor again. Also,
* kernel sends messages about neighbors after a link is removed. So, just ignore it. */ * kernel sends messages about neighbors after a link is removed. So, just ignore it. */
return 0; return 0;
_cleanup_(neighbor_unrefp) Neighbor *tmp = NULL;
r = neighbor_new(&tmp); r = neighbor_new(&tmp);
if (r < 0) if (r < 0)
return log_oom(); return log_oom();
@ -604,25 +612,20 @@ int manager_rtnl_process_neighbor(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
/* Then, find the managed Neighbor and Request objects corresponding to the netlink notification. */ /* Then, find the managed Neighbor object corresponding to the netlink notification. */
Neighbor *neighbor = NULL;
(void) neighbor_get(link, tmp, &neighbor); (void) neighbor_get(link, tmp, &neighbor);
(void) neighbor_get_request(link, tmp, &req);
if (type == RTM_DELNEIGH) { if (type == RTM_DELNEIGH) {
if (neighbor) { if (neighbor)
neighbor_enter_removed(neighbor); neighbor_forget(link, neighbor, "Forgetting removed");
log_neighbor_debug(neighbor, "Forgetting removed", link); else
neighbor_detach(neighbor);
} else
log_neighbor_debug(tmp, "Kernel removed unknown", link); log_neighbor_debug(tmp, "Kernel removed unknown", link);
if (req)
neighbor_enter_removed(req->userdata);
return 0; return 0;
} }
/* If we did not know the neighbor, then save it. */ /* If we did not know the neighbor, then save it. */
bool is_new = false;
if (!neighbor) { if (!neighbor) {
r = neighbor_attach(link, tmp); r = neighbor_attach(link, tmp);
if (r < 0) { if (r < 0) {
@ -634,6 +637,8 @@ int manager_rtnl_process_neighbor(sd_netlink *rtnl, sd_netlink_message *message,
} }
/* Also update information that cannot be obtained through netlink notification. */ /* Also update information that cannot be obtained through netlink notification. */
Request *req = NULL;
(void) neighbor_get_request(link, tmp, &req);
if (req && req->waiting_reply) { if (req && req->waiting_reply) {
Neighbor *n = ASSERT_PTR(req->userdata); Neighbor *n = ASSERT_PTR(req->userdata);

View File

@ -261,6 +261,8 @@ static int nexthop_dup(const NextHop *src, NextHop **ret) {
dest->network = NULL; dest->network = NULL;
dest->section = NULL; dest->section = NULL;
dest->group = NULL; dest->group = NULL;
dest->nexthops = NULL;
dest->routes = NULL;
HASHMAP_FOREACH(nhg, src->group) { HASHMAP_FOREACH(nhg, src->group) {
_cleanup_free_ struct nexthop_grp *g = NULL; _cleanup_free_ struct nexthop_grp *g = NULL;
@ -491,8 +493,11 @@ static void nexthop_forget_dependents(NextHop *nexthop, Manager *manager) {
/* If a nexthop is removed, the kernel silently removes routes that depend on the removed nexthop. /* If a nexthop is removed, the kernel silently removes routes that depend on the removed nexthop.
* Let's forget them. */ * Let's forget them. */
Route *route; for (;;) {
SET_FOREACH(route, nexthop->routes) { _cleanup_(route_unrefp) Route *route = set_steal_first(nexthop->routes);
if (!route)
break;
Request *req; Request *req;
if (route_get_request(manager, route, &req) >= 0) if (route_get_request(manager, route, &req) >= 0)
route_enter_removed(req->userdata); route_enter_removed(req->userdata);
@ -501,6 +506,26 @@ static void nexthop_forget_dependents(NextHop *nexthop, Manager *manager) {
log_route_debug(route, "Forgetting silently removed", manager); log_route_debug(route, "Forgetting silently removed", manager);
route_detach(route); route_detach(route);
} }
nexthop->routes = set_free(nexthop->routes);
}
static void nexthop_forget(Manager *manager, NextHop *nexthop, const char *msg) {
assert(manager);
assert(nexthop);
assert(msg);
Request *req;
if (nexthop_get_request_by_id(manager, nexthop->id, &req) >= 0)
nexthop_enter_removed(req->userdata);
if (!nexthop->manager && nexthop_get_by_id(manager, nexthop->id, &nexthop) < 0)
return;
nexthop_enter_removed(nexthop);
log_nexthop_debug(nexthop, msg, manager);
nexthop_forget_dependents(nexthop, nexthop->manager);
nexthop_detach(nexthop);
} }
static int nexthop_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, RemoveRequest *rreq) { static int nexthop_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, RemoveRequest *rreq) {
@ -518,18 +543,8 @@ static int nexthop_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, Remov
(r == -ENOENT || !nexthop->manager) ? LOG_DEBUG : LOG_WARNING, (r == -ENOENT || !nexthop->manager) ? LOG_DEBUG : LOG_WARNING,
r, "Could not drop nexthop, ignoring"); r, "Could not drop nexthop, ignoring");
nexthop_forget_dependents(nexthop, manager);
if (nexthop->manager) {
/* If the nexthop cannot be removed, then assume the nexthop is already removed. */ /* If the nexthop cannot be removed, then assume the nexthop is already removed. */
log_nexthop_debug(nexthop, "Forgetting", manager); nexthop_forget(manager, nexthop, "Forgetting");
Request *req;
if (nexthop_get_request_by_id(manager, nexthop->id, &req) >= 0)
nexthop_enter_removed(req->userdata);
nexthop_detach(nexthop);
}
} }
return 1; return 1;
@ -962,20 +977,6 @@ int link_drop_nexthops(Link *link, bool only_static) {
return r; return r;
} }
static void nexthop_forget_one(NextHop *nexthop) {
assert(nexthop);
assert(nexthop->manager);
Request *req;
if (nexthop_get_request_by_id(nexthop->manager, nexthop->id, &req) >= 0)
nexthop_enter_removed(req->userdata);
nexthop_enter_removed(nexthop);
log_nexthop_debug(nexthop, "Forgetting silently removed", nexthop->manager);
nexthop_forget_dependents(nexthop, nexthop->manager);
nexthop_detach(nexthop);
}
void link_forget_nexthops(Link *link) { void link_forget_nexthops(Link *link) {
assert(link); assert(link);
assert(link->manager); assert(link->manager);
@ -992,7 +993,7 @@ void link_forget_nexthops(Link *link) {
if (nexthop->family != AF_INET) if (nexthop->family != AF_INET)
continue; continue;
nexthop_forget_one(nexthop); nexthop_forget(link->manager, nexthop, "Forgetting silently removed");
} }
/* Remove all group nexthops their all members are removed in the above. */ /* Remove all group nexthops their all members are removed in the above. */
@ -1013,7 +1014,7 @@ void link_forget_nexthops(Link *link) {
if (!hashmap_isempty(nexthop->group)) if (!hashmap_isempty(nexthop->group))
continue; /* At least one group member still exists. */ continue; /* At least one group member still exists. */
nexthop_forget_one(nexthop); nexthop_forget(link->manager, nexthop, "Forgetting silently removed");
} }
} }
@ -1077,11 +1078,6 @@ static int nexthop_update_group(NextHop *nexthop, sd_netlink_message *message) {
} }
int manager_rtnl_process_nexthop(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) { int manager_rtnl_process_nexthop(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) {
uint16_t type;
uint32_t id, ifindex;
NextHop *nexthop = NULL;
Request *req = NULL;
bool is_new = false;
int r; int r;
assert(rtnl); assert(rtnl);
@ -1096,6 +1092,7 @@ int manager_rtnl_process_nexthop(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
uint16_t type;
r = sd_netlink_message_get_type(message, &type); r = sd_netlink_message_get_type(message, &type);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "rtnl: could not get message type, ignoring: %m"); log_warning_errno(r, "rtnl: could not get message type, ignoring: %m");
@ -1105,6 +1102,7 @@ int manager_rtnl_process_nexthop(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
uint32_t id;
r = sd_netlink_message_read_u32(message, NHA_ID, &id); r = sd_netlink_message_read_u32(message, NHA_ID, &id);
if (r == -ENODATA) { if (r == -ENODATA) {
log_warning_errno(r, "rtnl: received nexthop message without NHA_ID attribute, ignoring: %m"); log_warning_errno(r, "rtnl: received nexthop message without NHA_ID attribute, ignoring: %m");
@ -1117,25 +1115,20 @@ int manager_rtnl_process_nexthop(sd_netlink *rtnl, sd_netlink_message *message,
return 0; return 0;
} }
NextHop *nexthop = NULL;
(void) nexthop_get_by_id(m, id, &nexthop); (void) nexthop_get_by_id(m, id, &nexthop);
(void) nexthop_get_request_by_id(m, id, &req);
if (type == RTM_DELNEXTHOP) { if (type == RTM_DELNEXTHOP) {
if (nexthop) { if (nexthop)
nexthop_enter_removed(nexthop); nexthop_forget(m, nexthop, "Forgetting removed");
log_nexthop_debug(nexthop, "Forgetting removed", m); else
nexthop_forget_dependents(nexthop, m);
nexthop_detach(nexthop);
} else
log_nexthop_debug(&(const NextHop) { .id = id }, "Kernel removed unknown", m); log_nexthop_debug(&(const NextHop) { .id = id }, "Kernel removed unknown", m);
if (req)
nexthop_enter_removed(req->userdata);
return 0; return 0;
} }
/* If we did not know the nexthop, then save it. */ /* If we did not know the nexthop, then save it. */
bool is_new = false;
if (!nexthop) { if (!nexthop) {
r = nexthop_add_new(m, id, &nexthop); r = nexthop_add_new(m, id, &nexthop);
if (r < 0) { if (r < 0) {
@ -1147,6 +1140,8 @@ int manager_rtnl_process_nexthop(sd_netlink *rtnl, sd_netlink_message *message,
} }
/* Also update information that cannot be obtained through netlink notification. */ /* Also update information that cannot be obtained through netlink notification. */
Request *req = NULL;
(void) nexthop_get_request_by_id(m, id, &req);
if (req && req->waiting_reply) { if (req && req->waiting_reply) {
NextHop *n = ASSERT_PTR(req->userdata); NextHop *n = ASSERT_PTR(req->userdata);
@ -1182,6 +1177,7 @@ int manager_rtnl_process_nexthop(sd_netlink *rtnl, sd_netlink_message *message,
else else
nexthop->blackhole = r; nexthop->blackhole = r;
uint32_t ifindex;
r = sd_netlink_message_read_u32(message, NHA_OIF, &ifindex); r = sd_netlink_message_read_u32(message, NHA_OIF, &ifindex);
if (r == -ENODATA) if (r == -ENODATA)
nexthop->ifindex = 0; nexthop->ifindex = 0;
@ -1192,10 +1188,12 @@ int manager_rtnl_process_nexthop(sd_netlink *rtnl, sd_netlink_message *message,
else else
nexthop->ifindex = (int) ifindex; nexthop->ifindex = (int) ifindex;
/* All blackhole or group nexthops are managed by Manager. Note that the linux kernel does not /* The linux kernel does not set NHA_OID attribute when NHA_BLACKHOLE or NHA_GROUP is set.
* set NHA_OID attribute when NHA_BLACKHOLE or NHA_GROUP is set. Just for safety. */ * But let's check that for safety. */
if (!nexthop_bound_to_link(nexthop)) if (!nexthop_bound_to_link(nexthop) && nexthop->ifindex != 0) {
log_debug("rtnl: received blackhole or group nexthop with NHA_OIF attribute, ignoring the attribute.");
nexthop->ifindex = 0; nexthop->ifindex = 0;
}
nexthop_enter_configured(nexthop); nexthop_enter_configured(nexthop);
if (req) if (req)

View File

@ -22,7 +22,7 @@ typedef int (*nexthop_netlink_handler_t)(
sd_netlink_message *m, sd_netlink_message *m,
Request *req, Request *req,
Link *link, Link *link,
NextHop *address); NextHop *nexthop);
struct NextHop { struct NextHop {
Network *network; Network *network;

View File

@ -460,6 +460,23 @@ void log_route_debug(const Route *route, const char *str, Manager *manager) {
strna(proto), strna(scope), strna(route_type_to_string(route->type)), strna(flags)); strna(proto), strna(scope), strna(route_type_to_string(route->type)), strna(flags));
} }
static void route_forget(Manager *manager, Route *route, const char *msg) {
assert(manager);
assert(route);
assert(msg);
Request *req;
if (route_get_request(manager, route, &req) >= 0)
route_enter_removed(req->userdata);
if (!route->manager && route_get(manager, route, &route) < 0)
return;
route_enter_removed(route);
log_route_debug(route, msg, manager);
route_detach(route);
}
static int route_set_netlink_message(const Route *route, sd_netlink_message *m) { static int route_set_netlink_message(const Route *route, sd_netlink_message *m) {
int r; int r;
@ -564,16 +581,8 @@ static int route_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, RemoveR
LOG_DEBUG : LOG_WARNING, LOG_DEBUG : LOG_WARNING,
r, "Could not drop route, ignoring"); r, "Could not drop route, ignoring");
if (route->manager) {
/* If the route cannot be removed, then assume the route is already removed. */ /* If the route cannot be removed, then assume the route is already removed. */
log_route_debug(route, "Forgetting", manager); route_forget(manager, route, "Forgetting");
Request *req;
if (route_get_request(manager, route, &req) >= 0)
route_enter_removed(req->userdata);
route_detach(route);
}
} }
return 1; return 1;
@ -1088,7 +1097,6 @@ static int process_route_one(
Route *tmp, Route *tmp,
const struct rta_cacheinfo *cacheinfo) { const struct rta_cacheinfo *cacheinfo) {
Request *req = NULL;
Route *route = NULL; Route *route = NULL;
Link *link = NULL; Link *link = NULL;
bool is_new = false, update_dhcp4; bool is_new = false, update_dhcp4;
@ -1099,13 +1107,15 @@ static int process_route_one(
assert(IN_SET(type, RTM_NEWROUTE, RTM_DELROUTE)); assert(IN_SET(type, RTM_NEWROUTE, RTM_DELROUTE));
(void) route_get(manager, tmp, &route); (void) route_get(manager, tmp, &route);
(void) route_get_request(manager, tmp, &req);
(void) route_get_link(manager, tmp, &link); (void) route_get_link(manager, tmp, &link);
update_dhcp4 = link && tmp->family == AF_INET6 && tmp->dst_prefixlen == 0; update_dhcp4 = link && tmp->family == AF_INET6 && tmp->dst_prefixlen == 0;
switch (type) { switch (type) {
case RTM_NEWROUTE: case RTM_NEWROUTE: {
Request *req = NULL;
(void) route_get_request(manager, tmp, &req);
if (!route) { if (!route) {
if (!manager->manage_foreign_routes && !(req && req->waiting_reply)) { if (!manager->manage_foreign_routes && !(req && req->waiting_reply)) {
route_enter_configured(tmp); route_enter_configured(tmp);
@ -1159,20 +1169,14 @@ static int process_route_one(
(void) route_setup_timer(route, cacheinfo); (void) route_setup_timer(route, cacheinfo);
break; break;
}
case RTM_DELROUTE: case RTM_DELROUTE:
if (route) { if (route)
route_enter_removed(route); route_forget(manager, route, "Forgetting removed");
log_route_debug(route, "Forgetting removed", manager); else
route_detach(route);
} else
log_route_debug(tmp, log_route_debug(tmp,
manager->manage_foreign_routes ? "Kernel removed unknown" : "Ignoring received", manager->manage_foreign_routes ? "Kernel removed unknown" : "Ignoring received",
manager); manager);
if (req)
route_enter_removed(req->userdata);
break; break;
default: default:
@ -1574,13 +1578,7 @@ void link_forget_routes(Link *link) {
if (!IN_SET(route->type, RTN_UNICAST, RTN_BROADCAST, RTN_ANYCAST, RTN_MULTICAST)) if (!IN_SET(route->type, RTN_UNICAST, RTN_BROADCAST, RTN_ANYCAST, RTN_MULTICAST))
continue; continue;
Request *req; route_forget(link->manager, route, "Forgetting silently removed");
if (route_get_request(link->manager, route, &req) >= 0)
route_enter_removed(req->userdata);
route_enter_removed(route);
log_route_debug(route, "Forgetting silently removed", link->manager);
route_detach(route);
} }
} }

View File

@ -550,6 +550,23 @@ static void log_routing_policy_rule_debug(const RoutingPolicyRule *rule, const c
strna(rule->iif), strna(rule->oif), strna(table)); strna(rule->iif), strna(rule->oif), strna(table));
} }
static void routing_policy_rule_forget(Manager *manager, RoutingPolicyRule *rule, const char *msg) {
assert(manager);
assert(rule);
assert(msg);
Request *req;
if (routing_policy_rule_get_request(manager, rule, rule->family, &req) >= 0)
routing_policy_rule_enter_removed(req->userdata);
if (!rule->manager && routing_policy_rule_get(manager, rule, rule->family, &rule) < 0)
return;
routing_policy_rule_enter_removed(rule);
log_routing_policy_rule_debug(rule, "Forgetting", NULL, manager);
routing_policy_rule_detach(rule);
}
static int routing_policy_rule_set_netlink_message(const RoutingPolicyRule *rule, sd_netlink_message *m) { static int routing_policy_rule_set_netlink_message(const RoutingPolicyRule *rule, sd_netlink_message *m) {
int r; int r;
@ -708,16 +725,8 @@ static int routing_policy_rule_remove_handler(sd_netlink *rtnl, sd_netlink_messa
(r == -ENOENT || !rule->manager) ? LOG_DEBUG : LOG_WARNING, (r == -ENOENT || !rule->manager) ? LOG_DEBUG : LOG_WARNING,
r, "Could not drop routing policy rule, ignoring"); r, "Could not drop routing policy rule, ignoring");
if (rule->manager) {
/* If the rule cannot be removed, then assume the rule is already removed. */ /* If the rule cannot be removed, then assume the rule is already removed. */
log_routing_policy_rule_debug(rule, "Forgetting", NULL, manager); routing_policy_rule_forget(manager, rule, "Forgetting");
Request *req;
if (routing_policy_rule_get_request(manager, rule, rule->family, &req) >= 0)
routing_policy_rule_enter_removed(req->userdata);
routing_policy_rule_detach(rule);
}
} }
return 1; return 1;
@ -1046,10 +1055,6 @@ static bool routing_policy_rule_is_created_by_kernel(const RoutingPolicyRule *ru
} }
int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) { int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) {
_cleanup_(routing_policy_rule_unrefp) RoutingPolicyRule *tmp = NULL;
RoutingPolicyRule *rule = NULL;
Request *req = NULL;
uint16_t type;
int r; int r;
assert(rtnl); assert(rtnl);
@ -1063,6 +1068,7 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man
return 0; return 0;
} }
uint16_t type;
r = sd_netlink_message_get_type(message, &type); r = sd_netlink_message_get_type(message, &type);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "rtnl: could not get message type, ignoring: %m"); log_warning_errno(r, "rtnl: could not get message type, ignoring: %m");
@ -1072,6 +1078,7 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man
return 0; return 0;
} }
_cleanup_(routing_policy_rule_unrefp) RoutingPolicyRule *tmp = NULL;
r = routing_policy_rule_new(&tmp); r = routing_policy_rule_new(&tmp);
if (r < 0) { if (r < 0) {
log_oom(); log_oom();
@ -1240,23 +1247,20 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man
return 0; return 0;
} }
RoutingPolicyRule *rule = NULL;
(void) routing_policy_rule_get(m, tmp, tmp->family, &rule); (void) routing_policy_rule_get(m, tmp, tmp->family, &rule);
(void) routing_policy_rule_get_request(m, tmp, tmp->family, &req);
if (type == RTM_DELRULE) { if (type == RTM_DELRULE) {
if (rule) { if (rule)
routing_policy_rule_enter_removed(rule); routing_policy_rule_forget(m, rule, "Forgetting removed");
log_routing_policy_rule_debug(rule, "Forgetting removed", NULL, m); else
routing_policy_rule_detach(rule);
} else
log_routing_policy_rule_debug(tmp, "Kernel removed unknown", NULL, m); log_routing_policy_rule_debug(tmp, "Kernel removed unknown", NULL, m);
if (req)
routing_policy_rule_enter_removed(req->userdata);
return 0; return 0;
} }
Request *req = NULL;
(void) routing_policy_rule_get_request(m, tmp, tmp->family, &req);
bool is_new = false; bool is_new = false;
if (!rule) { if (!rule) {
if (!req && !m->manage_foreign_rules) { if (!req && !m->manage_foreign_rules) {

View File

@ -2280,10 +2280,9 @@ static int copy_devnode_one(const char *dest, const char *node, bool ignore_mkno
r = path_extract_directory(from, &parent); r = path_extract_directory(from, &parent);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to extract directory from %s: %m", from); return log_error_errno(r, "Failed to extract directory from %s: %m", from);
if (!path_equal(parent, "/dev/")) { r = userns_mkdir(dest, parent, 0755, 0, 0);
if (userns_mkdir(dest, parent, 0755, 0, 0) < 0) if (r < 0)
return log_error_errno(r, "Failed to create directory %s: %m", parent); return log_error_errno(r, "Failed to create directory %s: %m", parent);
}
if (mknod(to, st.st_mode, st.st_rdev) < 0) { if (mknod(to, st.st_mode, st.st_rdev) < 0) {
r = -errno; /* Save the original error code. */ r = -errno; /* Save the original error code. */
@ -4654,7 +4653,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
if (!ucred || ucred->pid != inner_child_pid) { if (!ucred || ucred->pid != inner_child_pid) {
log_debug("Received notify message without valid credentials. Ignoring."); log_debug("Received notify message from process that is not the payload's PID 1. Ignoring.");
return 0; return 0;
} }

View File

@ -36,14 +36,9 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
arg_skip = true; arg_skip = true;
else else
log_warning("Invalid quotacheck.mode= value, ignoring: %s", value); log_warning("Invalid quotacheck.mode= value, ignoring: %s", value);
}
#if HAVE_SYSV_COMPAT } else if (streq(key, "forcequotacheck") && !value)
else if (streq(key, "forcequotacheck") && !value) {
log_warning("Please use 'quotacheck.mode=force' rather than 'forcequotacheck' on the kernel command line. Proceeding anyway.");
arg_force = true; arg_force = true;
}
#endif
return 0; return 0;
} }

View File

@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret); int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret); int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags); int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
/* Default to PCR 7 only */ /* Default to PCR 7 only */
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7) #define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)

View File

@ -98,15 +98,17 @@ static int delete_dm(DeviceMapper *m) {
assert(major(m->devnum) != 0); assert(major(m->devnum) != 0);
assert(m->path); assert(m->path);
fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
if (fd < 0)
log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
else {
(void) sync_with_progress(fd);
fd = safe_close(fd);
}
fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC); fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC);
if (fd < 0) if (fd < 0)
return -errno; return log_debug_errno(errno, "Failed to open /dev/mapper/control: %m");
_cleanup_close_ int block_fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
if (block_fd < 0)
log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
else
(void) sync_with_progress(block_fd);
return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) { return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) {
.version = { .version = {

View File

@ -211,10 +211,8 @@ static int sync_making_progress(unsigned long long *prev_dirty) {
continue; continue;
errno = 0; errno = 0;
if (sscanf(line, "%*s %llu %*s", &ull) != 1) { if (sscanf(line, "%*s %llu %*s", &ull) != 1)
log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field, ignoring: %m"); return log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field: %m");
return false;
}
val += ull; val += ull;
} }

View File

@ -23,6 +23,7 @@
#include "user-util.h" #include "user-util.h"
#include "userdb.h" #include "userdb.h"
#include "verbs.h" #include "verbs.h"
#include "virt.h"
static enum { static enum {
OUTPUT_CLASSIC, OUTPUT_CLASSIC,
@ -139,10 +140,16 @@ static int show_user(UserRecord *ur, Table *table) {
return 0; return 0;
} }
static bool test_show_mapped(void) {
/* Show mapped user range only in environments where user mapping is a thing. */
return running_in_userns() > 0;
}
static const struct { static const struct {
uid_t first, last; uid_t first, last;
const char *name; const char *name;
UserDisposition disposition; UserDisposition disposition;
bool (*test)(void);
} uid_range_table[] = { } uid_range_table[] = {
{ {
.first = 1, .first = 1,
@ -175,11 +182,12 @@ static const struct {
.last = MAP_UID_MAX, .last = MAP_UID_MAX,
.name = "mapped", .name = "mapped",
.disposition = USER_REGULAR, .disposition = USER_REGULAR,
.test = test_show_mapped,
}, },
}; };
static int table_add_uid_boundaries(Table *table, const UIDRange *p) { static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
int r; int r, n_added = 0;
assert(table); assert(table);
@ -192,6 +200,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
if (!uid_range_covers(p, i->first, i->last - i->first + 1)) if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue; continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN), name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " users ", " begin ", i->name, " users ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN)); special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -249,9 +260,11 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same UID */ TABLE_INT, 1); /* sort after any other entry with the same UID */
if (r < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
n_added += 2;
} }
return ELEMENTSOF(uid_range_table) * 2; return n_added;
} }
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) { static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
@ -565,16 +578,22 @@ static int show_group(GroupRecord *gr, Table *table) {
} }
static int table_add_gid_boundaries(Table *table, const UIDRange *p) { static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
int r; int r, n_added = 0;
assert(table); assert(table);
FOREACH_ELEMENT(i, uid_range_table) { FOREACH_ELEMENT(i, uid_range_table) {
_cleanup_free_ char *name = NULL, *comment = NULL; _cleanup_free_ char *name = NULL, *comment = NULL;
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
continue;
if (!uid_range_covers(p, i->first, i->last - i->first + 1)) if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue; continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN), name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " groups ", " begin ", i->name, " groups ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN)); special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -626,9 +645,11 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same GID */ TABLE_INT, 1); /* sort after any other entry with the same GID */
if (r < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
n_added += 2;
} }
return ELEMENTSOF(uid_range_table) * 2; return n_added;
} }
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) { static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {

View File

@ -960,10 +960,13 @@ exec $(systemctl cat systemd-networkd.service | sed -n '/^ExecStart=/ {{ s/^.*=/
# wait until devices got created # wait until devices got created
for _ in range(50): for _ in range(50):
out = subprocess.check_output(['ip', 'a', 'show', 'dev', self.if_router]) if subprocess.run(['ip', 'link', 'show', 'dev', self.if_router],
if b'state UP' in out and b'scope global' in out: stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL).returncode == 0:
break break
time.sleep(0.1) time.sleep(0.1)
else:
subprocess.call(['ip', 'link', 'show', 'dev', self.if_router])
self.fail('Timed out waiting for {ifr} created.'.format(ifr=self.if_router))
def shutdown_iface(self): def shutdown_iface(self):
'''Remove test interface and stop DHCP server''' '''Remove test interface and stop DHCP server'''

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
{% if LINK_SHELL_EXTRA_DROPIN %} {% if LINK_SHELL_EXTRA_DROPIN %}
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
{% if LINK_SSH_PROXY_DROPIN %} {% if LINK_SSH_PROXY_DROPIN %}
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Copy systemd-stub provided metadata such as PCR signature and public key file # Copy systemd-stub provided metadata such as PCR signature and public key file
# from initrd into /run/, so that it will survive the initrd stage # from initrd into /run/, so that it will survive the initrd stage

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
{% if LINK_SSHD_USERDB_DROPIN %} {% if LINK_SSHD_USERDB_DROPIN %}
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
d /etc/credstore 0700 root root d /etc/credstore 0700 root root
d /etc/credstore.encrypted 0700 root root d /etc/credstore.encrypted 0700 root root

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
L /etc/os-release - - - - ../usr/lib/os-release L /etc/os-release - - - - ../usr/lib/os-release
L+ /etc/mtab - - - - ../proc/self/mounts L+ /etc/mtab - - - - ../proc/self/mounts

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
Q /home 0755 - - - Q /home 0755 - - -
q /srv 0755 - - - q /srv 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Set the NOCOW attribute for directories of journal files. This flag # Set the NOCOW attribute for directories of journal files. This flag
# is inherited by their new files and sub-directories. Matters only # is inherited by their new files and sub-directories. Matters only

View File

@ -5,26 +5,28 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# These files are considered legacy and are unnecessary on legacy-free # The functionality provided by these files and directories has been replaced
# systems. # by newer interfaces. Their use is discouraged on legacy-free systems. This
# configuration is provided to maintain backward compatibility.
d /run/lock 0755 root root - d /run/lock 0755 root root -
L /var/lock - - - - ../run/lock L /var/lock - - - - ../run/lock
{% if HAVE_SYSV_COMPAT %}
{% if CREATE_LOG_DIRS %} {% if CREATE_LOG_DIRS %}
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
{% endif %} {% endif %}
# /run/lock/subsys is used for serializing SysV service execution, and # /run/lock/subsys is used for serializing SysV service execution, and
# hence without use on SysV-less systems. # hence without use on SysV-less systems.
d /run/lock/subsys 0755 root root - d /run/lock/subsys 0755 root root -
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the # /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and # kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
# 'quotacheck.mode=force' # 'quotacheck.mode=force'
r! /forcefsck r! /forcefsck
r! /fastboot r! /fastboot
r! /forcequotacheck r! /forcequotacheck
{% endif %}

View File

@ -35,7 +35,7 @@ in_files = [
['20-systemd-stub.conf', 'ENABLE_EFI'], ['20-systemd-stub.conf', 'ENABLE_EFI'],
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'], ['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
['etc.conf'], ['etc.conf'],
['legacy.conf', 'HAVE_SYSV_COMPAT'], ['legacy.conf'],
['static-nodes-permissions.conf'], ['static-nodes-permissions.conf'],
['systemd.conf'], ['systemd.conf'],
['var.conf'], ['var.conf'],

View File

@ -1,4 +1,4 @@
# SPDX-License-Identifier: LGPL-2.1-or-later # SPDX-License-Identifier: LGPL-2.1-or-later
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
Q /var/lib/portables 0700 Q /var/lib/portables 0700

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Provision additional login messages from credentials, if they are set. Note # Provision additional login messages from credentials, if they are set. Note
# that these lines are NOPs if the credentials are not set or if the files # that these lines are NOPs if the credentials are not set or if the files

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
d$ /run/systemd/netif 0755 systemd-network systemd-network - d$ /run/systemd/netif 0755 systemd-network systemd-network -
d$ /run/systemd/netif/links 0755 systemd-network systemd-network - d$ /run/systemd/netif/links 0755 systemd-network systemd-network -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
Q /var/lib/machines 0700 - - - Q /var/lib/machines 0700 - - -

View File

@ -5,6 +5,6 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Exclude namespace mountpoints created with PrivateTmp=yes # Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-* x /tmp/systemd-private-%b-*

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
d /run/user 0755 root root - d /run/user 0755 root root -
{% if ENABLE_UTMP %} {% if ENABLE_UTMP %}

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Clear tmp directories separately, to make them easier to override # Clear tmp directories separately, to make them easier to override
q /tmp 1777 root root 10d q /tmp 1777 root root 10d

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
q /var 0755 - - - q /var 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Make sure these are created by default so that nobody else can # Make sure these are created by default so that nobody else can
# or empty them at startup # or empty them at startup