Compare commits
17 Commits
f74067dfbd
...
eecf4f7e04
Author | SHA1 | Date |
---|---|---|
Zbigniew Jędrzejewski-Szmek | eecf4f7e04 | |
Luca Boccassi | c03fbd37d6 | |
Zbigniew Jędrzejewski-Szmek | 9df91db5e0 | |
Frantisek Sumsal | 80b44b38b5 | |
Balaji Punnuru | f6f4f5fe53 | |
Lennart Poettering | df3d3bdfe8 | |
Daan De Meyer | 42f5c9a335 | |
Daan De Meyer | e5f1a3faab | |
Zbigniew Jędrzejewski-Szmek | 2807b68019 | |
Zbigniew Jędrzejewski-Szmek | a00f28c554 | |
Dan Streetman | 06c2b0c76b | |
Frantisek Sumsal | 86b52a3958 | |
Frantisek Sumsal | e4ff03935c | |
Dan Streetman | 244490f5e0 | |
Dan Streetman | 7c0d36ff5f | |
Dan Streetman | 589397a277 | |
Luca Boccassi | c5bc2c01ee |
6
NEWS
6
NEWS
|
@ -995,7 +995,7 @@ CHANGES WITH 243:
|
||||||
space if there are multiple devices with the highest priority.
|
space if there are multiple devices with the highest priority.
|
||||||
|
|
||||||
* /etc/crypttab support has learnt a new keyfile-timeout= per-device
|
* /etc/crypttab support has learnt a new keyfile-timeout= per-device
|
||||||
option that permits selecting the timout how long to wait for a
|
option that permits selecting the timeout how long to wait for a
|
||||||
device with an encryption key before asking for the password.
|
device with an encryption key before asking for the password.
|
||||||
|
|
||||||
* IOWeight= has learnt to properly set the IO weight when using the
|
* IOWeight= has learnt to properly set the IO weight when using the
|
||||||
|
@ -3520,7 +3520,7 @@ CHANGES WITH 233:
|
||||||
that is removed when the container dies. Specifically, if the source
|
that is removed when the container dies. Specifically, if the source
|
||||||
directory is specified as empty string this mechanism is selected. An
|
directory is specified as empty string this mechanism is selected. An
|
||||||
example usage is --overlay=+/var::/var, which creates an overlay
|
example usage is --overlay=+/var::/var, which creates an overlay
|
||||||
mount based on the original /var contained in the image, overlayed
|
mount based on the original /var contained in the image, overlaid
|
||||||
with a temporary directory in the host's /var/tmp. This way changes
|
with a temporary directory in the host's /var/tmp. This way changes
|
||||||
to /var are automatically flushed when the container shuts down.
|
to /var are automatically flushed when the container shuts down.
|
||||||
|
|
||||||
|
@ -6507,7 +6507,7 @@ CHANGES WITH 217:
|
||||||
* Calendar time specifications in .timer units now also
|
* Calendar time specifications in .timer units now also
|
||||||
understand the strings "semi-annually", "quarterly" and
|
understand the strings "semi-annually", "quarterly" and
|
||||||
"minutely" as shortcuts (in addition to the preexisting
|
"minutely" as shortcuts (in addition to the preexisting
|
||||||
"anually", "hourly", ...).
|
"annually", "hourly", ...).
|
||||||
|
|
||||||
* systemd-tmpfiles will now correctly create files in /dev
|
* systemd-tmpfiles will now correctly create files in /dev
|
||||||
at boot which are marked for creation only at boot. It is
|
at boot which are marked for creation only at boot. It is
|
||||||
|
|
10
TODO
10
TODO
|
@ -43,7 +43,7 @@ Features:
|
||||||
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
|
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
|
||||||
creates
|
creates
|
||||||
|
|
||||||
* homed/userdb: distuingish passwords and recovery keys in the records, since
|
* homed/userdb: distinguish passwords and recovery keys in the records, since
|
||||||
we probably want to use different PBKDF algorithms/settings for them:
|
we probably want to use different PBKDF algorithms/settings for them:
|
||||||
passwords have low entropy but recovery keys should have good entropy key
|
passwords have low entropy but recovery keys should have good entropy key
|
||||||
hence we can make them quicker to work.
|
hence we can make them quicker to work.
|
||||||
|
@ -66,7 +66,7 @@ Features:
|
||||||
systemd-makefs.service instead.
|
systemd-makefs.service instead.
|
||||||
|
|
||||||
* socket units: allow creating a udev monitor socket with ListenDevices= or so,
|
* socket units: allow creating a udev monitor socket with ListenDevices= or so,
|
||||||
with matches, then actviate app thorugh that passing socket oveer
|
with matches, then activate app through that passing socket over
|
||||||
|
|
||||||
* unify on openssl:
|
* unify on openssl:
|
||||||
- port sd_id128_get_machine_app_specific() over from khash
|
- port sd_id128_get_machine_app_specific() over from khash
|
||||||
|
@ -90,11 +90,11 @@ Features:
|
||||||
that the device paths stay the same, regardless if crypto is used or not.
|
that the device paths stay the same, regardless if crypto is used or not.
|
||||||
|
|
||||||
* systemd-repart: by default generate minimized partition tables (i.e. tables
|
* systemd-repart: by default generate minimized partition tables (i.e. tables
|
||||||
that only covere the space actually used, excluding any free space at the
|
that only cover the space actually used, excluding any free space at the
|
||||||
end), in order to maximize dd'ability. Requires libfdisk work, see
|
end), in order to maximize dd'ability. Requires libfdisk work, see
|
||||||
https://github.com/karelzak/util-linux/issues/907
|
https://github.com/karelzak/util-linux/issues/907
|
||||||
|
|
||||||
* systemd-repart: optionally, allow specifiying a path to initialize new
|
* systemd-repart: optionally, allow specifying a path to initialize new
|
||||||
partitions from, i.e. an fs image file or a source device node. This would
|
partitions from, i.e. an fs image file or a source device node. This would
|
||||||
then turn systemd-repart into a simple installer: with a few .repart files
|
then turn systemd-repart into a simple installer: with a few .repart files
|
||||||
you could replicate the host system on another device. a full installer would
|
you could replicate the host system on another device. a full installer would
|
||||||
|
@ -230,7 +230,7 @@ Features:
|
||||||
systemd --user is shut down.
|
systemd --user is shut down.
|
||||||
- logind: maybe keep a "busy fd" as long as there's a non-released session around or the user@.service
|
- logind: maybe keep a "busy fd" as long as there's a non-released session around or the user@.service
|
||||||
- maybe make automatic, read-only, time-based reflink-copies of LUKS disk images (think: time machine)
|
- maybe make automatic, read-only, time-based reflink-copies of LUKS disk images (think: time machine)
|
||||||
- distuingish destroy / remove (i.e. currently we can unregister a user, unregister+remove their home directory, but not just remove their home directory)
|
- distinguish destroy / remove (i.e. currently we can unregister a user, unregister+remove their home directory, but not just remove their home directory)
|
||||||
- in systemd's PAMName= logic: query passwords with ssh-askpassword, so that we can make "loginctl set-linger" mode work
|
- in systemd's PAMName= logic: query passwords with ssh-askpassword, so that we can make "loginctl set-linger" mode work
|
||||||
- fingerprint authentication, pattern authentication, …
|
- fingerprint authentication, pattern authentication, …
|
||||||
- make sure "classic" user records can also be managed by homed
|
- make sure "classic" user records can also be managed by homed
|
||||||
|
|
|
@ -1,6 +1,18 @@
|
||||||
@@
|
@@
|
||||||
/* Avoid running this transformation on the strempty function itself */
|
/* Avoid running this transformation on the strempty function itself and
|
||||||
position p : script:python() { p[0].current_element != "strempty" };
|
* on the "make_expression" macro in src/libsystemd/sd-bus/bus-convenience.c.
|
||||||
|
* As Coccinelle's Location object doesn't support macro "detection", use
|
||||||
|
* a pretty horrifying combo of specifying a file and a special "something_else"
|
||||||
|
* position element, which is, apparently, the default value of
|
||||||
|
* "current_element" before it's set (according to the source code), thus
|
||||||
|
* matching any "top level" position, including macros. Let's hope we never
|
||||||
|
* introduce a function called "something_else"...
|
||||||
|
*/
|
||||||
|
position p : script:python() {
|
||||||
|
not (p[0].current_element == "strempty" or
|
||||||
|
(p[0].file == "src/libsystemd/sd-bus/bus-convenience.c" and
|
||||||
|
p[0].current_element == "something_else"))
|
||||||
|
};
|
||||||
expression s;
|
expression s;
|
||||||
@@
|
@@
|
||||||
(
|
(
|
||||||
|
|
|
@ -95,7 +95,7 @@ Note that the `$BOOT` partition is not supposed to be exclusive territory of
|
||||||
this specification. This specification only defines semantics of the `/loader/`
|
this specification. This specification only defines semantics of the `/loader/`
|
||||||
directory inside the file system (see below), but it doesn't intend to define
|
directory inside the file system (see below), but it doesn't intend to define
|
||||||
ownership of the whole file system exclusively. Boot loaders, firmware, and
|
ownership of the whole file system exclusively. Boot loaders, firmware, and
|
||||||
other software implementating this specification may choose to place other
|
other software implementing this specification may choose to place other
|
||||||
files and directories in the same file system. For example, boot loaders that
|
files and directories in the same file system. For example, boot loaders that
|
||||||
implement this specification might install their own boot code into the `$BOOT`
|
implement this specification might install their own boot code into the `$BOOT`
|
||||||
partition. On systems where `$BOOT` is the ESP this is a particularly common
|
partition. On systems where `$BOOT` is the ESP this is a particularly common
|
||||||
|
|
|
@ -39,7 +39,7 @@ The purpose of this grouping is to assign different priorities to the
|
||||||
applications.
|
applications.
|
||||||
This could e.g. mean reserving memory to session processes,
|
This could e.g. mean reserving memory to session processes,
|
||||||
preferentially killing background tasks in out-of-memory situations
|
preferentially killing background tasks in out-of-memory situations
|
||||||
or assinging different memory/CPU/IO priorities to ensure that the session
|
or assigning different memory/CPU/IO priorities to ensure that the session
|
||||||
runs smoothly under load.
|
runs smoothly under load.
|
||||||
|
|
||||||
TODO: Will there be a default to place units into e.g. `apps.slice` by default
|
TODO: Will there be a default to place units into e.g. `apps.slice` by default
|
||||||
|
|
|
@ -147,7 +147,7 @@ directory-based storage mechanisms (`directory`, `subvolume` and `fscrypt`)
|
||||||
this is a bind mount, in case of `cifs` this is a CIFS network mount, and in
|
this is a bind mount, in case of `cifs` this is a CIFS network mount, and in
|
||||||
case of the LUKS2 backend a regular block device mount of the file system
|
case of the LUKS2 backend a regular block device mount of the file system
|
||||||
contained in the LUKS2 image. By requiring a mount for all cases (even for
|
contained in the LUKS2 image. By requiring a mount for all cases (even for
|
||||||
those that already are a directory) a clear logic is defined to distuingish
|
those that already are a directory) a clear logic is defined to distinguish
|
||||||
active and inactive home directories, so that the directories become
|
active and inactive home directories, so that the directories become
|
||||||
inaccessible under their regular path the instant they are
|
inaccessible under their regular path the instant they are
|
||||||
deactivated. Moreover, the `nosuid`, `nodev` and `noexec` flags configured in
|
deactivated. Moreover, the `nosuid`, `nodev` and `noexec` flags configured in
|
||||||
|
|
|
@ -95,7 +95,7 @@ services are listening there, that have special relevance:
|
||||||
2. `io.systemd.Multiplexer` → This service multiplexes client queries to all
|
2. `io.systemd.Multiplexer` → This service multiplexes client queries to all
|
||||||
other running services. It's supposed to simplify client development: in
|
other running services. It's supposed to simplify client development: in
|
||||||
order to look up or enumerate user/group records it's sufficient to talk to
|
order to look up or enumerate user/group records it's sufficient to talk to
|
||||||
one service instead of all of them in parallel. Note that it is not availabe
|
one service instead of all of them in parallel. Note that it is not available
|
||||||
during earliest boot and final shutdown phases, hence for programs running
|
during earliest boot and final shutdown phases, hence for programs running
|
||||||
in that context it is preferable to implement the parallel lookup
|
in that context it is preferable to implement the parallel lookup
|
||||||
themselves.
|
themselves.
|
||||||
|
|
|
@ -157,7 +157,7 @@ it creates ambiguity in traditional `chown` syntax (which is still accepted
|
||||||
today) that uses it to separate user and group names in the command's
|
today) that uses it to separate user and group names in the command's
|
||||||
parameter: without consulting the user/group databases it is not possible to
|
parameter: without consulting the user/group databases it is not possible to
|
||||||
determine if a `chown` invocation would change just the owning user or both the
|
determine if a `chown` invocation would change just the owning user or both the
|
||||||
owning user and group. It also allows embeddeding `@` (which is confusing to
|
owning user and group. It also allows embedding `@` (which is confusing to
|
||||||
MTAs).
|
MTAs).
|
||||||
|
|
||||||
## Common Core
|
## Common Core
|
||||||
|
|
|
@ -170,7 +170,7 @@ emergency.service | | |
|
||||||
user units. For non-graphical sessions, <filename>default.target</filename> is used. Whenever the user
|
user units. For non-graphical sessions, <filename>default.target</filename> is used. Whenever the user
|
||||||
logs into a graphical session, the login manager will start the
|
logs into a graphical session, the login manager will start the
|
||||||
<filename>graphical-session.target</filename> target that is used to pull in units required for the
|
<filename>graphical-session.target</filename> target that is used to pull in units required for the
|
||||||
grahpical session. A number of targets (shown on the right side) are started when specific hardware is
|
graphical session. A number of targets (shown on the right side) are started when specific hardware is
|
||||||
available to the user.</para>
|
available to the user.</para>
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
|
|
|
@ -50,7 +50,7 @@
|
||||||
<listitem><para>An individual LUKS2 encrypted loopback file for a user, stored in
|
<listitem><para>An individual LUKS2 encrypted loopback file for a user, stored in
|
||||||
<filename>/home/*.home</filename>. At login the file system contained in this files is mounted, after
|
<filename>/home/*.home</filename>. At login the file system contained in this files is mounted, after
|
||||||
the LUKS2 encrypted volume has been attached. The user's password is identical to the encryption
|
the LUKS2 encrypted volume has been attached. The user's password is identical to the encryption
|
||||||
passphrase of the LUKS2 volume. Access to data without preceeding user authentication is thus not
|
passphrase of the LUKS2 volume. Access to data without preceding user authentication is thus not
|
||||||
possible, even for the system administrator. This storage mechanism provides the strongest data
|
possible, even for the system administrator. This storage mechanism provides the strongest data
|
||||||
security and is thus recommended.</para></listitem>
|
security and is thus recommended.</para></listitem>
|
||||||
|
|
||||||
|
@ -267,7 +267,7 @@
|
||||||
matching the user in name and numeric UID/GID. Thus any groups listed here must be registered
|
matching the user in name and numeric UID/GID. Thus any groups listed here must be registered
|
||||||
independently, for example with <citerefentry
|
independently, for example with <citerefentry
|
||||||
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If
|
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If
|
||||||
non-existant groups that are listed there are ignored. This option may be used more than once, in
|
non-existent groups that are listed there are ignored. This option may be used more than once, in
|
||||||
which case all specified group lists are combined.</para></listitem>
|
which case all specified group lists are combined.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -467,7 +467,7 @@
|
||||||
project='man-pages'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry> or a
|
project='man-pages'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry> or a
|
||||||
similar tool. Use <option>--rlimit=LIMIT_NPROC=</option> to place a limit on the tasks actually
|
similar tool. Use <option>--rlimit=LIMIT_NPROC=</option> to place a limit on the tasks actually
|
||||||
running under the UID of the user, thus excluding any child processes that might have changed user
|
running under the UID of the user, thus excluding any child processes that might have changed user
|
||||||
identity. This controls the <varname>TasksMax=</varname> settting of the per-user systemd slice unit
|
identity. This controls the <varname>TasksMax=</varname> setting of the per-user systemd slice unit
|
||||||
<filename>user-$UID.slice</filename>. See
|
<filename>user-$UID.slice</filename>. See
|
||||||
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||||
for further details.</para></listitem>
|
for further details.</para></listitem>
|
||||||
|
@ -707,7 +707,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><command>passwd</command> <replaceable>USER</replaceable></term>
|
<term><command>passwd</command> <replaceable>USER</replaceable></term>
|
||||||
|
|
||||||
<listitem><para>Change the password of the specified home direcory/user account.</para></listitem>
|
<listitem><para>Change the password of the specified home directory/user account.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -631,7 +631,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--case-sensitive<optional>=BOOLEAN</optional></option></term>
|
<term><option>--case-sensitive<optional>=BOOLEAN</optional></option></term>
|
||||||
|
|
||||||
<listitem><para>Make pattern matching case sensitive or case insenstive.</para>
|
<listitem><para>Make pattern matching case sensitive or case insensitive.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|
|
@ -70,7 +70,7 @@
|
||||||
|
|
||||||
<para>Turning this option on by default is highly recommended for all sessions, but only if the
|
<para>Turning this option on by default is highly recommended for all sessions, but only if the
|
||||||
service managing these sessions correctly implements the aforementioned re-authentication. Note that
|
service managing these sessions correctly implements the aforementioned re-authentication. Note that
|
||||||
the re-authentication must take place from a component runing outside of the user's context, so that
|
the re-authentication must take place from a component running outside of the user's context, so that
|
||||||
it does not require access to the user's home directory for operation. Traditionally, most desktop
|
it does not require access to the user's home directory for operation. Traditionally, most desktop
|
||||||
environments do not implement screen locking this way, and need to be updated
|
environments do not implement screen locking this way, and need to be updated
|
||||||
accordingly.</para></listitem>
|
accordingly.</para></listitem>
|
||||||
|
|
|
@ -319,6 +319,7 @@ manpages = [
|
||||||
['sd_bus_message_read', '3', ['sd_bus_message_readv'], ''],
|
['sd_bus_message_read', '3', ['sd_bus_message_readv'], ''],
|
||||||
['sd_bus_message_read_array', '3', [], ''],
|
['sd_bus_message_read_array', '3', [], ''],
|
||||||
['sd_bus_message_read_basic', '3', [], ''],
|
['sd_bus_message_read_basic', '3', [], ''],
|
||||||
|
['sd_bus_message_read_strv', '3', [], ''],
|
||||||
['sd_bus_message_rewind', '3', [], ''],
|
['sd_bus_message_rewind', '3', [], ''],
|
||||||
['sd_bus_message_seal', '3', [], ''],
|
['sd_bus_message_seal', '3', [], ''],
|
||||||
['sd_bus_message_sensitive', '3', [], ''],
|
['sd_bus_message_sensitive', '3', [], ''],
|
||||||
|
|
|
@ -110,6 +110,7 @@
|
||||||
<citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
<citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
<citerefentry><refentrytitle>sd_bus_message_read_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
<citerefentry><refentrytitle>sd_bus_message_read_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
<citerefentry><refentrytitle>sd_bus_message_read_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
<citerefentry><refentrytitle>sd_bus_message_read_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
|
<citerefentry><refentrytitle>sd_bus_message_read_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
<citerefentry><refentrytitle>sd_bus_message_rewind</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
<citerefentry><refentrytitle>sd_bus_message_rewind</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
<citerefentry><refentrytitle>sd_bus_message_seal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
<citerefentry><refentrytitle>sd_bus_message_seal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
<citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
<citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
|
|
|
@ -194,7 +194,7 @@
|
||||||
|
|
||||||
<listitem><para>When set to <literal>1</literal>, this device automatically
|
<listitem><para>When set to <literal>1</literal>, this device automatically
|
||||||
generates a new and independent seat, which is named after the path of the
|
generates a new and independent seat, which is named after the path of the
|
||||||
device. This is set for specialized USB hubs like the Plugable devices, which when
|
device. This is set for specialized USB hubs like the Pluggable devices, which when
|
||||||
plugged in should create a hotplug seat without further configuration.</para>
|
plugged in should create a hotplug seat without further configuration.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -45,10 +45,9 @@
|
||||||
<parameter>acquired</parameter> is not <constant>NULL</constant>, the function calls
|
<parameter>acquired</parameter> is not <constant>NULL</constant>, the function calls
|
||||||
<ulink url="https://dbus.freedesktop.org/doc/dbus-specification.html#bus-messages-list-activatable-names">
|
<ulink url="https://dbus.freedesktop.org/doc/dbus-specification.html#bus-messages-list-activatable-names">
|
||||||
org.freedesktop.DBus.ListActivableNames</ulink> to retrieve the list of all names on the bus that can be
|
org.freedesktop.DBus.ListActivableNames</ulink> to retrieve the list of all names on the bus that can be
|
||||||
activated. Note that ownership of any string arrays returned by <function>sd_bus_list_names()</function>
|
activated. Note that ownership of the arrays returned by <function>sd_bus_list_names()</function> in
|
||||||
is transferred to the caller and hence, the caller is responsible for freeing any results stored by
|
<parameter>acquired</parameter> and <parameter>activatable</parameter> is transferred to the caller and
|
||||||
<function>sd_bus_list_names()</function> in <parameter>acquired</parameter> and
|
hence, the caller is responsible for freeing these arrays and their contents.</para>
|
||||||
<parameter>activatable</parameter>.</para>
|
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
|
|
|
@ -105,7 +105,8 @@
|
||||||
<para>
|
<para>
|
||||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||||
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
<citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
|
<citerefentry><refentrytitle>sd_bus_message_read_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||||
</para>
|
</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,90 @@
|
||||||
|
<?xml version='1.0'?>
|
||||||
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||||
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||||
|
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
|
||||||
|
|
||||||
|
<refentry id="sd_bus_message_read_strv">
|
||||||
|
|
||||||
|
<refentryinfo>
|
||||||
|
<title>sd_bus_message_read_strv</title>
|
||||||
|
<productname>systemd</productname>
|
||||||
|
</refentryinfo>
|
||||||
|
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>sd_bus_message_read_strv</refentrytitle>
|
||||||
|
<manvolnum>3</manvolnum>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>sd_bus_message_read_strv</refname>
|
||||||
|
|
||||||
|
<refpurpose>Access an array of strings in a message</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsynopsisdiv>
|
||||||
|
<funcsynopsis>
|
||||||
|
<funcsynopsisinfo>#include <systemd/sd-bus.h></funcsynopsisinfo>
|
||||||
|
|
||||||
|
<funcprototype>
|
||||||
|
<funcdef>int <function>sd_bus_message_read_strv</function></funcdef>
|
||||||
|
<paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
|
||||||
|
<paramdef>char ***<parameter>l</parameter></paramdef>
|
||||||
|
</funcprototype>
|
||||||
|
</funcsynopsis>
|
||||||
|
</refsynopsisdiv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
|
||||||
|
<para><function>sd_bus_message_read_strv()</function> gives access to an array of strings in message
|
||||||
|
<parameter>m</parameter>. The "read pointer" in the message must be right before an array of strings. On
|
||||||
|
success, a pointer to the <constant>NULL</constant>-terminated array of strings is returned in the output
|
||||||
|
parameter <parameter>l</parameter>. Note that ownership of this array is transferred to the caller.
|
||||||
|
Hence, the caller is responsible for freeing this array and its contents.</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Return Value</title>
|
||||||
|
|
||||||
|
<para>On success, <function>sd_bus_message_read_strv()</function> returns a non-negative integer. On
|
||||||
|
failure, it returns a negative errno-style error code.</para>
|
||||||
|
|
||||||
|
<refsect2>
|
||||||
|
<title>Errors</title>
|
||||||
|
|
||||||
|
<para>Returned errors may indicate the following problems:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><constant>-EINVAL</constant></term>
|
||||||
|
|
||||||
|
<listitem><para><parameter>m</parameter> or <parameter>l</parameter> are <constant>NULL</constant>.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><constant>-EPERM</constant></term>
|
||||||
|
|
||||||
|
<listitem><para>The message is not sealed.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><constant>-EBADMSG</constant></term>
|
||||||
|
|
||||||
|
<listitem><para>The message cannot be parsed.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect2>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See Also</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||||
|
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
|
<citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -50,7 +50,7 @@
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Return Value</title>
|
<title>Return Value</title>
|
||||||
|
|
||||||
<para>On success, theis functions return 0 or a positive integer. On failure, it returns a
|
<para>On success, this functions return 0 or a positive integer. On failure, it returns a
|
||||||
negative errno-style error code.</para>
|
negative errno-style error code.</para>
|
||||||
|
|
||||||
<refsect2>
|
<refsect2>
|
||||||
|
|
|
@ -86,7 +86,7 @@
|
||||||
|
|
||||||
<para>The <function>SD_HWDB_FOREACH_PROPERTY</function> macro combines
|
<para>The <function>SD_HWDB_FOREACH_PROPERTY</function> macro combines
|
||||||
<function>sd_hwdb_seek()</function> and <function>sd_hwdb_enumerate()</function>. No error handling is
|
<function>sd_hwdb_seek()</function> and <function>sd_hwdb_enumerate()</function>. No error handling is
|
||||||
performed and interation simply stops on error. See the example below.</para>
|
performed and iteration simply stops on error. See the example below.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
|
|
|
@ -66,7 +66,7 @@
|
||||||
file. This function caches the machine ID internally to make retrieving the machine ID a cheap operation. This ID
|
file. This function caches the machine ID internally to make retrieving the machine ID a cheap operation. This ID
|
||||||
may be used wherever a unique identifier for the local system is needed. However, it is recommended to use this ID
|
may be used wherever a unique identifier for the local system is needed. However, it is recommended to use this ID
|
||||||
as-is only in trusted environments. In untrusted environments it is recommended to derive an application specific
|
as-is only in trusted environments. In untrusted environments it is recommended to derive an application specific
|
||||||
ID from this machine ID, in an irreversable (cryptographically secure) way. To make this easy
|
ID from this machine ID, in an irreversible (cryptographically secure) way. To make this easy
|
||||||
<function>sd_id128_get_machine_app_specific()</function> is provided, see below.</para>
|
<function>sd_id128_get_machine_app_specific()</function> is provided, see below.</para>
|
||||||
|
|
||||||
<para><function>sd_id128_get_machine_app_specific()</function> is similar to
|
<para><function>sd_id128_get_machine_app_specific()</function> is similar to
|
||||||
|
|
|
@ -1634,7 +1634,7 @@ RestrictNamespaces=~cgroup net</programlisting>
|
||||||
points of the file system namespace created for each process of this unit. Other file system namespacing unit
|
points of the file system namespace created for each process of this unit. Other file system namespacing unit
|
||||||
settings (see the discussion in <varname>PrivateMounts=</varname> above) will implicitly disable mount and
|
settings (see the discussion in <varname>PrivateMounts=</varname> above) will implicitly disable mount and
|
||||||
unmount propagation from the unit's processes towards the host by changing the propagation setting of all mount
|
unmount propagation from the unit's processes towards the host by changing the propagation setting of all mount
|
||||||
points in the unit's file system namepace to <option>slave</option> first. Setting this option to
|
points in the unit's file system namespace to <option>slave</option> first. Setting this option to
|
||||||
<option>shared</option> does not reestablish propagation in that case.</para>
|
<option>shared</option> does not reestablish propagation in that case.</para>
|
||||||
|
|
||||||
<para>If not set – but file system namespaces are enabled through another file system namespace unit setting –
|
<para>If not set – but file system namespaces are enabled through another file system namespace unit setting –
|
||||||
|
|
|
@ -622,7 +622,7 @@
|
||||||
trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or if no
|
trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or if no
|
||||||
routers are found on the link. The default is to disable RA reception for bridge devices or when IP
|
routers are found on the link. The default is to disable RA reception for bridge devices or when IP
|
||||||
forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link
|
forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link
|
||||||
local adressing is disabled.</para>
|
local addressing is disabled.</para>
|
||||||
|
|
||||||
<para>Further settings for the IPv6 RA support may be configured in the
|
<para>Further settings for the IPv6 RA support may be configured in the
|
||||||
<literal>[IPv6AcceptRA]</literal> section, see below.</para>
|
<literal>[IPv6AcceptRA]</literal> section, see below.</para>
|
||||||
|
@ -1491,8 +1491,9 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>UseGateway=</varname></term>
|
<term><varname>UseGateway=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>When true (the default), the gateway will be requested from the DHCP server and added to the
|
<para>When true, the gateway will be requested from the DHCP server and added to the routing table with a
|
||||||
routing table with a metric of 1024, and a scope of "link".</para>
|
metric of 1024, and a scope of "link". When unset, the value specified with <option>UseRoutes=</option>
|
||||||
|
is used.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
@ -1624,7 +1625,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>SendDecline=</varname></term>
|
<term><varname>SendDecline=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>A boolen. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server.
|
<para>A boolean. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server.
|
||||||
After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected
|
After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected
|
||||||
the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again.
|
the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again.
|
||||||
See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>.
|
See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>.
|
||||||
|
|
|
@ -199,7 +199,7 @@
|
||||||
option is used without <varname>RemainAfterExit=</varname> the service will never enter
|
option is used without <varname>RemainAfterExit=</varname> the service will never enter
|
||||||
<literal>active</literal> unit state, but directly transition from <literal>activating</literal>
|
<literal>active</literal> unit state, but directly transition from <literal>activating</literal>
|
||||||
to <literal>deactivating</literal> or <literal>dead</literal> since no process is configured that
|
to <literal>deactivating</literal> or <literal>dead</literal> since no process is configured that
|
||||||
shall run continously. In particular this means that after a service of this type ran (and which
|
shall run continuously. In particular this means that after a service of this type ran (and which
|
||||||
has <varname>RemainAfterExit=</varname> not set) it will not show up as started afterwards, but
|
has <varname>RemainAfterExit=</varname> not set) it will not show up as started afterwards, but
|
||||||
as dead.</para></listitem>
|
as dead.</para></listitem>
|
||||||
|
|
||||||
|
@ -568,7 +568,7 @@
|
||||||
|
|
||||||
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
|
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
|
||||||
the start time to be extended beyond <varname>TimeoutStartSec=</varname>. The first receipt of this message
|
the start time to be extended beyond <varname>TimeoutStartSec=</varname>. The first receipt of this message
|
||||||
must occur before <varname>TimeoutStartSec=</varname> is exceeded, and once the start time has exended beyond
|
must occur before <varname>TimeoutStartSec=</varname> is exceeded, and once the start time has extended beyond
|
||||||
<varname>TimeoutStartSec=</varname>, the service manager will allow the service to continue to start, provided
|
<varname>TimeoutStartSec=</varname>, the service manager will allow the service to continue to start, provided
|
||||||
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service
|
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service
|
||||||
startup status is finished by <literal>READY=1</literal>. (see
|
startup status is finished by <literal>READY=1</literal>. (see
|
||||||
|
@ -595,7 +595,7 @@
|
||||||
|
|
||||||
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
|
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
|
||||||
the stop time to be extended beyond <varname>TimeoutStopSec=</varname>. The first receipt of this message
|
the stop time to be extended beyond <varname>TimeoutStopSec=</varname>. The first receipt of this message
|
||||||
must occur before <varname>TimeoutStopSec=</varname> is exceeded, and once the stop time has exended beyond
|
must occur before <varname>TimeoutStopSec=</varname> is exceeded, and once the stop time has extended beyond
|
||||||
<varname>TimeoutStopSec=</varname>, the service manager will allow the service to continue to stop, provided
|
<varname>TimeoutStopSec=</varname>, the service manager will allow the service to continue to stop, provided
|
||||||
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself
|
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself
|
||||||
(see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
|
(see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
|
||||||
|
@ -624,7 +624,7 @@
|
||||||
<para>If a service of <varname>Type=notify</varname> handles <constant>SIGABRT</constant> itself (instead of relying
|
<para>If a service of <varname>Type=notify</varname> handles <constant>SIGABRT</constant> itself (instead of relying
|
||||||
on the kernel to write a core dump) it can send <literal>EXTEND_TIMEOUT_USEC=…</literal> to
|
on the kernel to write a core dump) it can send <literal>EXTEND_TIMEOUT_USEC=…</literal> to
|
||||||
extended the abort time beyond <varname>TimeoutAbortSec=</varname>. The first receipt of this message
|
extended the abort time beyond <varname>TimeoutAbortSec=</varname>. The first receipt of this message
|
||||||
must occur before <varname>TimeoutAbortSec=</varname> is exceeded, and once the abort time has exended beyond
|
must occur before <varname>TimeoutAbortSec=</varname> is exceeded, and once the abort time has extended beyond
|
||||||
<varname>TimeoutAbortSec=</varname>, the service manager will allow the service to continue to abort, provided
|
<varname>TimeoutAbortSec=</varname>, the service manager will allow the service to continue to abort, provided
|
||||||
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself
|
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself
|
||||||
(see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
|
(see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
|
||||||
|
@ -650,7 +650,7 @@
|
||||||
|
|
||||||
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
|
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
|
||||||
the runtime to be extended beyond <varname>RuntimeMaxSec=</varname>. The first receipt of this message
|
the runtime to be extended beyond <varname>RuntimeMaxSec=</varname>. The first receipt of this message
|
||||||
must occur before <varname>RuntimeMaxSec=</varname> is exceeded, and once the runtime has exended beyond
|
must occur before <varname>RuntimeMaxSec=</varname> is exceeded, and once the runtime has extended beyond
|
||||||
<varname>RuntimeMaxSec=</varname>, the service manager will allow the service to continue to run, provided
|
<varname>RuntimeMaxSec=</varname>, the service manager will allow the service to continue to run, provided
|
||||||
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service
|
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service
|
||||||
shutdown is achieved by <literal>STOPPING=1</literal> (or termination). (see
|
shutdown is achieved by <literal>STOPPING=1</literal> (or termination). (see
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Make sure noone can read the files we generate but us
|
# Make sure no one can read the files we generate but us
|
||||||
umask 077
|
umask 077
|
||||||
|
|
||||||
# Destroy any old key on the Yubikey (careful!)
|
# Destroy any old key on the Yubikey (careful!)
|
||||||
|
@ -40,7 +40,7 @@ shred -u plaintext.bin plaintext.base64
|
||||||
rm pubkey.pem
|
rm pubkey.pem
|
||||||
|
|
||||||
# Test: Let's run systemd-cryptsetup to test if this all worked. The option string should contain the full
|
# Test: Let's run systemd-cryptsetup to test if this all worked. The option string should contain the full
|
||||||
# PKCS#11 URI we have in the clipboard, it tells the tool how to decypher the encrypted LUKS key.
|
# PKCS#11 URI we have in the clipboard, it tells the tool how to decipher the encrypted LUKS key.
|
||||||
sudo systemd-cryptsetup attach mytest /dev/sdXn /etc/encrypted-luks-key.bin 'pkcs11-uri=pkcs11:…'
|
sudo systemd-cryptsetup attach mytest /dev/sdXn /etc/encrypted-luks-key.bin 'pkcs11-uri=pkcs11:…'
|
||||||
|
|
||||||
# If that worked, let's now add the same line persistently to /etc/crypttab, for the future.
|
# If that worked, let's now add the same line persistently to /etc/crypttab, for the future.
|
||||||
|
|
|
@ -692,28 +692,30 @@ int unlink_or_warn(const char *filename) {
|
||||||
|
|
||||||
int inotify_add_watch_fd(int fd, int what, uint32_t mask) {
|
int inotify_add_watch_fd(int fd, int what, uint32_t mask) {
|
||||||
char path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
|
char path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
|
||||||
int r;
|
int wd;
|
||||||
|
|
||||||
/* This is like inotify_add_watch(), except that the file to watch is not referenced by a path, but by an fd */
|
/* This is like inotify_add_watch(), except that the file to watch is not referenced by a path, but by an fd */
|
||||||
xsprintf(path, "/proc/self/fd/%i", what);
|
xsprintf(path, "/proc/self/fd/%i", what);
|
||||||
|
|
||||||
r = inotify_add_watch(fd, path, mask);
|
wd = inotify_add_watch(fd, path, mask);
|
||||||
if (r < 0)
|
if (wd < 0)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
return r;
|
return wd;
|
||||||
}
|
}
|
||||||
|
|
||||||
int inotify_add_watch_and_warn(int fd, const char *pathname, uint32_t mask) {
|
int inotify_add_watch_and_warn(int fd, const char *pathname, uint32_t mask) {
|
||||||
|
int wd;
|
||||||
|
|
||||||
if (inotify_add_watch(fd, pathname, mask) < 0) {
|
wd = inotify_add_watch(fd, pathname, mask);
|
||||||
|
if (wd < 0) {
|
||||||
if (errno == ENOSPC)
|
if (errno == ENOSPC)
|
||||||
return log_error_errno(errno, "Failed to add a watch for %s: inotify watch limit reached", pathname);
|
return log_error_errno(errno, "Failed to add a watch for %s: inotify watch limit reached", pathname);
|
||||||
|
|
||||||
return log_error_errno(errno, "Failed to add a watch for %s: %m", pathname);
|
return log_error_errno(errno, "Failed to add a watch for %s: %m", pathname);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return wd;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool unsafe_transition(const struct stat *a, const struct stat *b) {
|
static bool unsafe_transition(const struct stat *a, const struct stat *b) {
|
||||||
|
|
|
@ -1201,7 +1201,7 @@ static VOID config_entry_parse_tries(
|
||||||
}
|
}
|
||||||
|
|
||||||
new_factor = factor * 10;
|
new_factor = factor * 10;
|
||||||
if (new_factor < factor) /* overflow chck */
|
if (new_factor < factor) /* overflow check */
|
||||||
return;
|
return;
|
||||||
|
|
||||||
factor = new_factor;
|
factor = new_factor;
|
||||||
|
|
|
@ -1061,7 +1061,7 @@ int bus_foreach_bus(
|
||||||
/* Send to all direct buses, unconditionally */
|
/* Send to all direct buses, unconditionally */
|
||||||
SET_FOREACH(b, m->private_buses, i) {
|
SET_FOREACH(b, m->private_buses, i) {
|
||||||
|
|
||||||
/* Don't bother with enqueing these messages to clients that haven't started yet */
|
/* Don't bother with enqueuing these messages to clients that haven't started yet */
|
||||||
if (sd_bus_is_ready(b) <= 0)
|
if (sd_bus_is_ready(b) <= 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
|
|
@ -2566,7 +2566,7 @@ static bool insist_on_sandboxing(
|
||||||
assert(n_bind_mounts == 0 || bind_mounts);
|
assert(n_bind_mounts == 0 || bind_mounts);
|
||||||
|
|
||||||
/* Checks whether we need to insist on fs namespacing. i.e. whether we have settings configured that
|
/* Checks whether we need to insist on fs namespacing. i.e. whether we have settings configured that
|
||||||
* would alter the view on the file system beyond making things read-only or invisble, i.e. would
|
* would alter the view on the file system beyond making things read-only or invisible, i.e. would
|
||||||
* rearrange stuff in a way we cannot ignore gracefully. */
|
* rearrange stuff in a way we cannot ignore gracefully. */
|
||||||
|
|
||||||
if (context->n_temporary_filesystems > 0)
|
if (context->n_temporary_filesystems > 0)
|
||||||
|
|
|
@ -516,12 +516,20 @@ static bool job_is_runnable(Job *j) {
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
HASHMAP_FOREACH_KEY(v, other, j->unit->dependencies[UNIT_AFTER], i)
|
HASHMAP_FOREACH_KEY(v, other, j->unit->dependencies[UNIT_AFTER], i)
|
||||||
if (other->job && job_compare(j, other->job, UNIT_AFTER) > 0)
|
if (other->job && job_compare(j, other->job, UNIT_AFTER) > 0) {
|
||||||
|
log_unit_debug(j->unit,
|
||||||
|
"starting held back, waiting for: %s",
|
||||||
|
other->id);
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
HASHMAP_FOREACH_KEY(v, other, j->unit->dependencies[UNIT_BEFORE], i)
|
HASHMAP_FOREACH_KEY(v, other, j->unit->dependencies[UNIT_BEFORE], i)
|
||||||
if (other->job && job_compare(j, other->job, UNIT_BEFORE) > 0)
|
if (other->job && job_compare(j, other->job, UNIT_BEFORE) > 0) {
|
||||||
|
log_unit_debug(j->unit,
|
||||||
|
"stopping held back, waiting for: %s",
|
||||||
|
other->id);
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -313,9 +313,9 @@ static int manager_check_ask_password(Manager *m) {
|
||||||
m->ask_password_inotify_fd, EPOLLIN,
|
m->ask_password_inotify_fd, EPOLLIN,
|
||||||
manager_dispatch_ask_password_fd, m);
|
manager_dispatch_ask_password_fd, m);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_error_errno(errno, "Failed to add event source for /run/systemd/ask-password: %m");
|
log_error_errno(r, "Failed to add event source for /run/systemd/ask-password: %m");
|
||||||
manager_close_ask_password(m);
|
manager_close_ask_password(m);
|
||||||
return -errno;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
(void) sd_event_source_set_description(m->ask_password_event_source, "manager-ask-password");
|
(void) sd_event_source_set_description(m->ask_password_event_source, "manager-ask-password");
|
||||||
|
|
|
@ -2860,13 +2860,13 @@ bool unit_job_is_applicable(Unit *u, JobType j) {
|
||||||
case JOB_START:
|
case JOB_START:
|
||||||
case JOB_NOP:
|
case JOB_NOP:
|
||||||
/* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not
|
/* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not
|
||||||
* startable by us but may appear due to external events, and it thus makes sense to permit enqueing
|
* startable by us but may appear due to external events, and it thus makes sense to permit enqueuing
|
||||||
* jobs for it. */
|
* jobs for it. */
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
case JOB_STOP:
|
case JOB_STOP:
|
||||||
/* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to
|
/* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to
|
||||||
* external events), hence it makes no sense to permit enqueing such a request either. */
|
* external events), hence it makes no sense to permit enqueuing such a request either. */
|
||||||
return !u->perpetual;
|
return !u->perpetual;
|
||||||
|
|
||||||
case JOB_RESTART:
|
case JOB_RESTART:
|
||||||
|
|
|
@ -883,8 +883,9 @@ int unit_can_clean(Unit *u, ExecCleanMask *ret_mask);
|
||||||
#define log_unit_full(unit, level, error, ...) \
|
#define log_unit_full(unit, level, error, ...) \
|
||||||
({ \
|
({ \
|
||||||
const Unit *_u = (unit); \
|
const Unit *_u = (unit); \
|
||||||
_u ? log_object_internal(level, error, PROJECT_FILE, __LINE__, __func__, _u->manager->unit_log_field, _u->id, _u->manager->invocation_log_field, _u->invocation_id_string, ##__VA_ARGS__) : \
|
(log_get_max_level() < LOG_PRI(level)) ? -ERRNO_VALUE(error) : \
|
||||||
log_internal(level, error, PROJECT_FILE, __LINE__, __func__, ##__VA_ARGS__); \
|
_u ? log_object_internal(level, error, PROJECT_FILE, __LINE__, __func__, _u->manager->unit_log_field, _u->id, _u->manager->invocation_log_field, _u->invocation_id_string, ##__VA_ARGS__) : \
|
||||||
|
log_internal(level, error, PROJECT_FILE, __LINE__, __func__, ##__VA_ARGS__); \
|
||||||
})
|
})
|
||||||
|
|
||||||
#define log_unit_debug(unit, ...) log_unit_full(unit, LOG_DEBUG, 0, ##__VA_ARGS__)
|
#define log_unit_debug(unit, ...) log_unit_full(unit, LOG_DEBUG, 0, ##__VA_ARGS__)
|
||||||
|
|
|
@ -1521,7 +1521,7 @@ static int home_may_change_password(
|
||||||
|
|
||||||
r = user_record_test_password_change_required(h->record);
|
r = user_record_test_password_change_required(h->record);
|
||||||
if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED))
|
if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED))
|
||||||
return 0; /* expired in some form, but chaning is allowed */
|
return 0; /* expired in some form, but changing is allowed */
|
||||||
if (IN_SET(r, -EKEYREJECTED, -EROFS))
|
if (IN_SET(r, -EKEYREJECTED, -EROFS))
|
||||||
return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
|
return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
|
|
@ -1038,10 +1038,9 @@ static int home_remove(UserRecord *h) {
|
||||||
|
|
||||||
if (deleted)
|
if (deleted)
|
||||||
log_info("Everything completed.");
|
log_info("Everything completed.");
|
||||||
else {
|
else
|
||||||
log_notice("Nothing to remove.");
|
return log_notice_errno(SYNTHETIC_ERRNO(EALREADY),
|
||||||
return -EALREADY;
|
"Nothing to remove.");
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -351,7 +351,7 @@ static int help(void) {
|
||||||
" -p --priority=RANGE Show entries with the specified priority\n"
|
" -p --priority=RANGE Show entries with the specified priority\n"
|
||||||
" --facility=FACILITY... Show entries with the specified facilities\n"
|
" --facility=FACILITY... Show entries with the specified facilities\n"
|
||||||
" -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
|
" -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
|
||||||
" --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n"
|
" --case-sensitive[=BOOL] Force case sensitive or insensitive matching\n"
|
||||||
" -e --pager-end Immediately jump to the end in the pager\n"
|
" -e --pager-end Immediately jump to the end in the pager\n"
|
||||||
" -f --follow Follow the journal\n"
|
" -f --follow Follow the journal\n"
|
||||||
" -n --lines[=INTEGER] Number of journal entries to show\n"
|
" -n --lines[=INTEGER] Number of journal entries to show\n"
|
||||||
|
|
|
@ -141,8 +141,8 @@ int sd_dhcp_lease_get_servers(
|
||||||
return (int) lease->smtp_server_size;
|
return (int) lease->smtp_server_size;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
log_debug("Uknown DHCP lease info item %d.", what);
|
return log_debug_errno(SYNTHETIC_ERRNO(ENXIO),
|
||||||
return -ENXIO;
|
"Unknown DHCP lease info item %d.", what);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1162,8 +1162,8 @@ int sd_dhcp_server_set_servers(
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
log_debug("Uknown DHCP lease info item %d.", what);
|
return log_debug_errno(SYNTHETIC_ERRNO(ENXIO),
|
||||||
return -ENXIO;
|
"Unknown DHCP lease info item %d.", what);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*n_a == n_addresses &&
|
if (*n_a == n_addresses &&
|
||||||
|
|
|
@ -106,7 +106,7 @@ _public_ struct udev *udev_unref(struct udev *udev) {
|
||||||
assert(udev->n_ref > 0);
|
assert(udev->n_ref > 0);
|
||||||
udev->n_ref--;
|
udev->n_ref--;
|
||||||
if (udev->n_ref > 0)
|
if (udev->n_ref > 0)
|
||||||
/* This is different from our convetion, but let's keep backward
|
/* This is different from our convention, but let's keep backward
|
||||||
* compatibility. So, do not use DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC()
|
* compatibility. So, do not use DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC()
|
||||||
* macro to define this function. */
|
* macro to define this function. */
|
||||||
return udev;
|
return udev;
|
||||||
|
|
|
@ -128,7 +128,7 @@ static int link_push_uplink_to_dhcp_server(
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
assert_not_reached("Uknown DHCP lease info item");
|
assert_not_reached("Unknown DHCP lease info item");
|
||||||
}
|
}
|
||||||
|
|
||||||
char **a;
|
char **a;
|
||||||
|
|
|
@ -325,78 +325,77 @@ static int link_set_dhcp_routes(Link *link) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!link->network->dhcp_use_gateway)
|
if (link->network->dhcp_use_gateway) {
|
||||||
return 0;
|
r = sd_dhcp_lease_get_router(link->dhcp_lease, &router);
|
||||||
|
if (IN_SET(r, 0, -ENODATA))
|
||||||
|
log_link_info(link, "DHCP: No gateway received from DHCP server.");
|
||||||
|
else if (r < 0)
|
||||||
|
log_link_warning_errno(link, r, "DHCP error: could not get gateway: %m");
|
||||||
|
else if (in4_addr_is_null(&router[0]))
|
||||||
|
log_link_info(link, "DHCP: Received gateway is null.");
|
||||||
|
|
||||||
r = sd_dhcp_lease_get_router(link->dhcp_lease, &router);
|
/* According to RFC 3442: If the DHCP server returns both a Classless Static Routes option and
|
||||||
if (IN_SET(r, 0, -ENODATA))
|
a Router option, the DHCP client MUST ignore the Router option. */
|
||||||
log_link_info(link, "DHCP: No gateway received from DHCP server.");
|
if (classless_route && static_route)
|
||||||
else if (r < 0)
|
log_link_warning(link, "Classless static routes received from DHCP server: ignoring static-route option and router option");
|
||||||
log_link_warning_errno(link, r, "DHCP error: could not get gateway: %m");
|
|
||||||
else if (in4_addr_is_null(&router[0]))
|
|
||||||
log_link_info(link, "DHCP: Received gateway is null.");
|
|
||||||
|
|
||||||
/* According to RFC 3442: If the DHCP server returns both a Classless Static Routes option and
|
if (r > 0 && !classless_route && !in4_addr_is_null(&router[0])) {
|
||||||
a Router option, the DHCP client MUST ignore the Router option. */
|
_cleanup_(route_freep) Route *route = NULL, *route_gw = NULL;
|
||||||
if (classless_route && static_route)
|
|
||||||
log_link_warning(link, "Classless static routes received from DHCP server: ignoring static-route option and router option");
|
|
||||||
|
|
||||||
if (r > 0 && !classless_route && !in4_addr_is_null(&router[0])) {
|
r = route_new(&route_gw);
|
||||||
_cleanup_(route_freep) Route *route = NULL, *route_gw = NULL;
|
if (r < 0)
|
||||||
|
return log_link_error_errno(link, r, "Could not allocate route: %m");
|
||||||
|
|
||||||
r = route_new(&route_gw);
|
/* The dhcp netmask may mask out the gateway. Add an explicit
|
||||||
if (r < 0)
|
* route for the gw host so that we can route no matter the
|
||||||
return log_link_error_errno(link, r, "Could not allocate route: %m");
|
* netmask or existing kernel route tables. */
|
||||||
|
route_gw->family = AF_INET;
|
||||||
|
route_gw->dst.in = router[0];
|
||||||
|
route_gw->dst_prefixlen = 32;
|
||||||
|
route_gw->prefsrc.in = address;
|
||||||
|
route_gw->scope = RT_SCOPE_LINK;
|
||||||
|
route_gw->protocol = RTPROT_DHCP;
|
||||||
|
route_gw->priority = link->network->dhcp_route_metric;
|
||||||
|
route_gw->table = table;
|
||||||
|
route_gw->mtu = link->network->dhcp_route_mtu;
|
||||||
|
|
||||||
/* The dhcp netmask may mask out the gateway. Add an explicit
|
r = dhcp_route_configure(&route_gw, link);
|
||||||
* route for the gw host so that we can route no matter the
|
if (r < 0)
|
||||||
* netmask or existing kernel route tables. */
|
return log_link_error_errno(link, r, "Could not set host route: %m");
|
||||||
route_gw->family = AF_INET;
|
|
||||||
route_gw->dst.in = router[0];
|
|
||||||
route_gw->dst_prefixlen = 32;
|
|
||||||
route_gw->prefsrc.in = address;
|
|
||||||
route_gw->scope = RT_SCOPE_LINK;
|
|
||||||
route_gw->protocol = RTPROT_DHCP;
|
|
||||||
route_gw->priority = link->network->dhcp_route_metric;
|
|
||||||
route_gw->table = table;
|
|
||||||
route_gw->mtu = link->network->dhcp_route_mtu;
|
|
||||||
|
|
||||||
r = dhcp_route_configure(&route_gw, link);
|
r = route_new(&route);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_error_errno(link, r, "Could not set host route: %m");
|
return log_link_error_errno(link, r, "Could not allocate route: %m");
|
||||||
|
|
||||||
r = route_new(&route);
|
route->family = AF_INET;
|
||||||
if (r < 0)
|
route->gw.in = router[0];
|
||||||
return log_link_error_errno(link, r, "Could not allocate route: %m");
|
route->prefsrc.in = address;
|
||||||
|
route->protocol = RTPROT_DHCP;
|
||||||
|
route->priority = link->network->dhcp_route_metric;
|
||||||
|
route->table = table;
|
||||||
|
route->mtu = link->network->dhcp_route_mtu;
|
||||||
|
|
||||||
route->family = AF_INET;
|
r = dhcp_route_configure(&route, link);
|
||||||
route->gw.in = router[0];
|
if (r < 0)
|
||||||
route->prefsrc.in = address;
|
return log_link_error_errno(link, r, "Could not set router: %m");
|
||||||
route->protocol = RTPROT_DHCP;
|
}
|
||||||
route->priority = link->network->dhcp_route_metric;
|
|
||||||
route->table = table;
|
|
||||||
route->mtu = link->network->dhcp_route_mtu;
|
|
||||||
|
|
||||||
r = dhcp_route_configure(&route, link);
|
Route *rt;
|
||||||
if (r < 0)
|
LIST_FOREACH(routes, rt, link->network->static_routes) {
|
||||||
return log_link_error_errno(link, r, "Could not set router: %m");
|
if (!rt->gateway_from_dhcp)
|
||||||
}
|
continue;
|
||||||
|
|
||||||
Route *rt;
|
if (rt->family != AF_INET)
|
||||||
LIST_FOREACH(routes, rt, link->network->static_routes) {
|
continue;
|
||||||
if (!rt->gateway_from_dhcp)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
if (rt->family != AF_INET)
|
rt->gw.in = router[0];
|
||||||
continue;
|
|
||||||
|
|
||||||
rt->gw.in = router[0];
|
r = route_configure(rt, link, dhcp4_route_handler);
|
||||||
|
if (r < 0)
|
||||||
r = route_configure(rt, link, dhcp4_route_handler);
|
return log_link_error_errno(link, r, "Could not set gateway: %m");
|
||||||
if (r < 0)
|
if (r > 0)
|
||||||
return log_link_error_errno(link, r, "Could not set gateway: %m");
|
link->dhcp4_messages++;
|
||||||
if (r > 0)
|
}
|
||||||
link->dhcp4_messages++;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return link_set_dns_routes(link, &address);
|
return link_set_dns_routes(link, &address);
|
||||||
|
|
|
@ -164,7 +164,7 @@ DHCPv4.UseMTU, config_parse_bool,
|
||||||
DHCPv4.UseHostname, config_parse_bool, 0, offsetof(Network, dhcp_use_hostname)
|
DHCPv4.UseHostname, config_parse_bool, 0, offsetof(Network, dhcp_use_hostname)
|
||||||
DHCPv4.UseDomains, config_parse_dhcp_use_domains, 0, offsetof(Network, dhcp_use_domains)
|
DHCPv4.UseDomains, config_parse_dhcp_use_domains, 0, offsetof(Network, dhcp_use_domains)
|
||||||
DHCPv4.UseRoutes, config_parse_bool, 0, offsetof(Network, dhcp_use_routes)
|
DHCPv4.UseRoutes, config_parse_bool, 0, offsetof(Network, dhcp_use_routes)
|
||||||
DHCPv4.UseGateway, config_parse_bool, 0, offsetof(Network, dhcp_use_gateway)
|
DHCPv4.UseGateway, config_parse_tristate, 0, offsetof(Network, dhcp_use_gateway)
|
||||||
DHCPv4.RequestOptions, config_parse_dhcp_request_options, 0, 0
|
DHCPv4.RequestOptions, config_parse_dhcp_request_options, 0, 0
|
||||||
DHCPv4.Anonymize, config_parse_bool, 0, offsetof(Network, dhcp_anonymize)
|
DHCPv4.Anonymize, config_parse_bool, 0, offsetof(Network, dhcp_anonymize)
|
||||||
DHCPv4.SendHostname, config_parse_bool, 0, offsetof(Network, dhcp_send_hostname)
|
DHCPv4.SendHostname, config_parse_bool, 0, offsetof(Network, dhcp_send_hostname)
|
||||||
|
|
|
@ -267,6 +267,9 @@ int network_verify(Network *network) {
|
||||||
network->dhcp_use_mtu = false;
|
network->dhcp_use_mtu = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (network->dhcp_use_gateway < 0)
|
||||||
|
network->dhcp_use_gateway = network->dhcp_use_routes;
|
||||||
|
|
||||||
if (network->dhcp_critical >= 0) {
|
if (network->dhcp_critical >= 0) {
|
||||||
if (network->keep_configuration >= 0)
|
if (network->keep_configuration >= 0)
|
||||||
log_warning("%s: Both KeepConfiguration= and deprecated CriticalConnection= are set. "
|
log_warning("%s: Both KeepConfiguration= and deprecated CriticalConnection= are set. "
|
||||||
|
@ -385,7 +388,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
|
||||||
.dhcp_use_dns = true,
|
.dhcp_use_dns = true,
|
||||||
.dhcp_use_hostname = true,
|
.dhcp_use_hostname = true,
|
||||||
.dhcp_use_routes = true,
|
.dhcp_use_routes = true,
|
||||||
.dhcp_use_gateway = true,
|
.dhcp_use_gateway = -1,
|
||||||
/* NOTE: this var might be overwritten by network_apply_anonymize_if_set */
|
/* NOTE: this var might be overwritten by network_apply_anonymize_if_set */
|
||||||
.dhcp_send_hostname = true,
|
.dhcp_send_hostname = true,
|
||||||
.dhcp_send_release = true,
|
.dhcp_send_release = true,
|
||||||
|
|
|
@ -110,7 +110,7 @@ struct Network {
|
||||||
bool dhcp_use_sip;
|
bool dhcp_use_sip;
|
||||||
bool dhcp_use_mtu;
|
bool dhcp_use_mtu;
|
||||||
bool dhcp_use_routes;
|
bool dhcp_use_routes;
|
||||||
bool dhcp_use_gateway;
|
int dhcp_use_gateway;
|
||||||
bool dhcp_use_timezone;
|
bool dhcp_use_timezone;
|
||||||
bool rapid_commit;
|
bool rapid_commit;
|
||||||
bool dhcp_use_hostname;
|
bool dhcp_use_hostname;
|
||||||
|
|
|
@ -51,7 +51,7 @@
|
||||||
* cgrouspv1 crap: kernel, kernelTCP, swapiness, disableOOMKiller, swap, devices, leafWeight
|
* cgrouspv1 crap: kernel, kernelTCP, swapiness, disableOOMKiller, swap, devices, leafWeight
|
||||||
* general: it shouldn't leak lower level abstractions this obviously
|
* general: it shouldn't leak lower level abstractions this obviously
|
||||||
* unmanagable cgroups stuff: realtimeRuntime/realtimePeriod
|
* unmanagable cgroups stuff: realtimeRuntime/realtimePeriod
|
||||||
* needs to say what happense when some option is not specified, i.e. which defautls apply
|
* needs to say what happense when some option is not specified, i.e. which defaults apply
|
||||||
* no architecture? no personality?
|
* no architecture? no personality?
|
||||||
* seccomp example and logic is simply broken: there's no constant "SCMP_ACT_ERRNO".
|
* seccomp example and logic is simply broken: there's no constant "SCMP_ACT_ERRNO".
|
||||||
* spec should say what to do with unknown props
|
* spec should say what to do with unknown props
|
||||||
|
|
|
@ -151,7 +151,7 @@ int bind_remount_recursive_with_mountinfo(
|
||||||
* operation). If it isn't we first make it one. Afterwards we apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to
|
* operation). If it isn't we first make it one. Afterwards we apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to
|
||||||
* all submounts we can access, too. When mounts are stacked on the same mount point we only care for each
|
* all submounts we can access, too. When mounts are stacked on the same mount point we only care for each
|
||||||
* individual "top-level" mount on each point, as we cannot influence/access the underlying mounts anyway. We
|
* individual "top-level" mount on each point, as we cannot influence/access the underlying mounts anyway. We
|
||||||
* do not have any effect on future submounts that might get propagated, they migt be writable. This includes
|
* do not have any effect on future submounts that might get propagated, they might be writable. This includes
|
||||||
* future submounts that have been triggered via autofs.
|
* future submounts that have been triggered via autofs.
|
||||||
*
|
*
|
||||||
* If the "blacklist" parameter is specified it may contain a list of subtrees to exclude from the
|
* If the "blacklist" parameter is specified it may contain a list of subtrees to exclude from the
|
||||||
|
|
|
@ -1334,7 +1334,7 @@ int varlink_invoke(Varlink *v, const char *method, JsonVariant *parameters) {
|
||||||
if (v->state == VARLINK_DISCONNECTED)
|
if (v->state == VARLINK_DISCONNECTED)
|
||||||
return -ENOTCONN;
|
return -ENOTCONN;
|
||||||
|
|
||||||
/* We allow enqueing multiple method calls at once! */
|
/* We allow enqueuing multiple method calls at once! */
|
||||||
if (!IN_SET(v->state, VARLINK_IDLE_CLIENT, VARLINK_AWAITING_REPLY))
|
if (!IN_SET(v->state, VARLINK_IDLE_CLIENT, VARLINK_AWAITING_REPLY))
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
|
|
@ -124,7 +124,7 @@ usec_t watchdog_runtime_wait(void) {
|
||||||
if (!timestamp_is_set(watchdog_timeout))
|
if (!timestamp_is_set(watchdog_timeout))
|
||||||
return USEC_INFINITY;
|
return USEC_INFINITY;
|
||||||
|
|
||||||
/* Sleep half the watchdog timeout since the last succesful ping at most */
|
/* Sleep half the watchdog timeout since the last successful ping at most */
|
||||||
if (timestamp_is_set(watchdog_last_ping)) {
|
if (timestamp_is_set(watchdog_last_ping)) {
|
||||||
ntime = now(clock_boottime_or_monotonic());
|
ntime = now(clock_boottime_or_monotonic());
|
||||||
assert(ntime >= watchdog_last_ping);
|
assert(ntime >= watchdog_last_ping);
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
|
|
||||||
_SD_BEGIN_DECLARATIONS;
|
_SD_BEGIN_DECLARATIONS;
|
||||||
|
|
||||||
/* Neightbor Discovery Options, RFC 4861, Section 4.6 and
|
/* Neighbor Discovery Options, RFC 4861, Section 4.6 and
|
||||||
* https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-5 */
|
* https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-5 */
|
||||||
enum {
|
enum {
|
||||||
SD_NDISC_OPTION_SOURCE_LL_ADDRESS = 1,
|
SD_NDISC_OPTION_SOURCE_LL_ADDRESS = 1,
|
||||||
|
|
|
@ -1058,7 +1058,8 @@ static void verify_one(
|
||||||
r = unit_file_verify_alias(i, alias, &alias2);
|
r = unit_file_verify_alias(i, alias, &alias2);
|
||||||
log_info_errno(r, "alias %s ← %s: %d/%m (expected %d)%s%s%s",
|
log_info_errno(r, "alias %s ← %s: %d/%m (expected %d)%s%s%s",
|
||||||
i->name, alias, r, expected,
|
i->name, alias, r, expected,
|
||||||
alias2 ? " [" : "", alias2 ?: "", alias2 ? "]" : "");
|
alias2 ? " [" : "", strempty(alias2),
|
||||||
|
alias2 ? "]" : "");
|
||||||
assert(r == expected);
|
assert(r == expected);
|
||||||
|
|
||||||
/* This is is test for "instance propagation". This propagation matters mostly for WantedBy= and
|
/* This is is test for "instance propagation". This propagation matters mostly for WantedBy= and
|
||||||
|
|
|
@ -30,7 +30,7 @@ static void test_proc_cmdline_override(void) {
|
||||||
log_info("/* %s */", __func__);
|
log_info("/* %s */", __func__);
|
||||||
|
|
||||||
assert_se(putenv((char*) "SYSTEMD_PROC_CMDLINE=foo_bar=quux wuff-piep=tuet zumm some_arg_with_space='foo bar' and_one_more=\"zzz aaa\"") == 0);
|
assert_se(putenv((char*) "SYSTEMD_PROC_CMDLINE=foo_bar=quux wuff-piep=tuet zumm some_arg_with_space='foo bar' and_one_more=\"zzz aaa\"") == 0);
|
||||||
assert_se(putenv((char*) "SYSTEMD_EFI_OPTIONS=differnt") == 0);
|
assert_se(putenv((char*) "SYSTEMD_EFI_OPTIONS=different") == 0);
|
||||||
|
|
||||||
/* First test if the overrides for /proc/cmdline still work */
|
/* First test if the overrides for /proc/cmdline still work */
|
||||||
_cleanup_free_ char *line = NULL, *value = NULL;
|
_cleanup_free_ char *line = NULL, *value = NULL;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -e
|
set -e
|
||||||
TEST_DESCRIPTION="Test that KillMode=mixed does not leave left over proccesses with ExecStopPost="
|
TEST_DESCRIPTION="Test that KillMode=mixed does not leave left over processes with ExecStopPost="
|
||||||
. $TEST_BASE_DIR/test-functions
|
. $TEST_BASE_DIR/test-functions
|
||||||
|
|
||||||
do_test "$@" 47
|
do_test "$@" 47
|
||||||
|
|
|
@ -234,6 +234,7 @@ run_qemu() {
|
||||||
|
|
||||||
CONSOLE=ttyS0
|
CONSOLE=ttyS0
|
||||||
|
|
||||||
|
rm -f "$initdir"/{testok,failed,skipped}
|
||||||
# make sure the initdir is not mounted to avoid concurrent access
|
# make sure the initdir is not mounted to avoid concurrent access
|
||||||
cleanup_initdir
|
cleanup_initdir
|
||||||
umount_loopback
|
umount_loopback
|
||||||
|
@ -362,6 +363,7 @@ $QEMU_OPTIONS \
|
||||||
# success), or 1 if nspawn is not available.
|
# success), or 1 if nspawn is not available.
|
||||||
run_nspawn() {
|
run_nspawn() {
|
||||||
[[ -d /run/systemd/system ]] || return 1
|
[[ -d /run/systemd/system ]] || return 1
|
||||||
|
rm -f "$initdir"/{testok,failed,skipped}
|
||||||
|
|
||||||
local _nspawn_cmd=(
|
local _nspawn_cmd=(
|
||||||
--register=no
|
--register=no
|
||||||
|
@ -2014,7 +2016,6 @@ test_setup() {
|
||||||
|
|
||||||
test_run() {
|
test_run() {
|
||||||
mount_initdir
|
mount_initdir
|
||||||
rm -f "$initdir"/{testok,failed,skipped}
|
|
||||||
|
|
||||||
if [ -z "$TEST_NO_QEMU" ]; then
|
if [ -z "$TEST_NO_QEMU" ]; then
|
||||||
if run_qemu "$1"; then
|
if run_qemu "$1"; then
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
[Match]
|
|
||||||
Name=veth99
|
|
||||||
|
|
||||||
[Network]
|
|
||||||
DHCP=ipv4
|
|
||||||
IPv6AcceptRA=false
|
|
||||||
|
|
||||||
[DHCPv4]
|
|
||||||
UseGateway=no
|
|
|
@ -4,6 +4,3 @@ Name=veth99
|
||||||
[Network]
|
[Network]
|
||||||
DHCP=ipv4
|
DHCP=ipv4
|
||||||
IPv6AcceptRA=false
|
IPv6AcceptRA=false
|
||||||
|
|
||||||
[DHCPv4]
|
|
||||||
UseRoutes=no
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
[DHCPv4]
|
||||||
|
RoutesToDNS=no
|
|
@ -0,0 +1,2 @@
|
||||||
|
[DHCPv4]
|
||||||
|
RoutesToDNS=yes
|
|
@ -0,0 +1,2 @@
|
||||||
|
[DHCPv4]
|
||||||
|
UseGateway=no
|
|
@ -0,0 +1,2 @@
|
||||||
|
[DHCPv4]
|
||||||
|
UseGateway=yes
|
|
@ -0,0 +1,2 @@
|
||||||
|
[DHCPv4]
|
||||||
|
UseRoutes=no
|
|
@ -0,0 +1,2 @@
|
||||||
|
[DHCPv4]
|
||||||
|
UseRoutes=yes
|
|
@ -3,6 +3,7 @@
|
||||||
# systemd-networkd tests
|
# systemd-networkd tests
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
|
import itertools
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
import shutil
|
import shutil
|
||||||
|
@ -2921,8 +2922,7 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
|
||||||
'dhcp-client-ipv4-dhcp-settings.network',
|
'dhcp-client-ipv4-dhcp-settings.network',
|
||||||
'dhcp-client-ipv4-only-ipv6-disabled.network',
|
'dhcp-client-ipv4-only-ipv6-disabled.network',
|
||||||
'dhcp-client-ipv4-only.network',
|
'dhcp-client-ipv4-only.network',
|
||||||
'dhcp-client-ipv4-use-gateway-no.network',
|
'dhcp-client-ipv4-use-routes-use-gateway.network',
|
||||||
'dhcp-client-ipv4-use-routes-no.network',
|
|
||||||
'dhcp-client-ipv6-only.network',
|
'dhcp-client-ipv6-only.network',
|
||||||
'dhcp-client-ipv6-rapid-commit.network',
|
'dhcp-client-ipv6-rapid-commit.network',
|
||||||
'dhcp-client-keep-configuration-dhcp-on-stop.network',
|
'dhcp-client-keep-configuration-dhcp-on-stop.network',
|
||||||
|
@ -2937,7 +2937,6 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
|
||||||
'dhcp-client-use-dns-no.network',
|
'dhcp-client-use-dns-no.network',
|
||||||
'dhcp-client-use-dns-yes.network',
|
'dhcp-client-use-dns-yes.network',
|
||||||
'dhcp-client-use-domains.network',
|
'dhcp-client-use-domains.network',
|
||||||
'dhcp-client-use-routes-no.network',
|
|
||||||
'dhcp-client-vrf.network',
|
'dhcp-client-vrf.network',
|
||||||
'dhcp-client-with-ipv4ll-fallback-with-dhcp-server.network',
|
'dhcp-client-with-ipv4ll-fallback-with-dhcp-server.network',
|
||||||
'dhcp-client-with-ipv4ll-fallback-without-dhcp-server.network',
|
'dhcp-client-with-ipv4ll-fallback-without-dhcp-server.network',
|
||||||
|
@ -2946,7 +2945,6 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
|
||||||
'dhcp-server-decline.network',
|
'dhcp-server-decline.network',
|
||||||
'dhcp-server-veth-peer.network',
|
'dhcp-server-veth-peer.network',
|
||||||
'dhcp-v4-server-veth-peer.network',
|
'dhcp-v4-server-veth-peer.network',
|
||||||
'dhcp-client-use-domains.network',
|
|
||||||
'static.network']
|
'static.network']
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
@ -3027,8 +3025,23 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
|
||||||
self.assertRegex(output, r'192.168.5.7 proto dhcp scope link src 192.168.5.181 metric 1024')
|
self.assertRegex(output, r'192.168.5.7 proto dhcp scope link src 192.168.5.181 metric 1024')
|
||||||
self.assertRegex(output, r'192.168.5.8 proto dhcp scope link src 192.168.5.181 metric 1024')
|
self.assertRegex(output, r'192.168.5.8 proto dhcp scope link src 192.168.5.181 metric 1024')
|
||||||
|
|
||||||
def test_dhcp_client_ipv4_use_routes_no(self):
|
def test_dhcp_client_ipv4_use_routes_gateway(self):
|
||||||
copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv4-use-routes-no.network')
|
for (routes, gateway, dnsroutes) in itertools.product([True, False, None], repeat=3):
|
||||||
|
self.setUp()
|
||||||
|
with self.subTest(routes=routes, gateway=gateway, dnsroutes=dnsroutes):
|
||||||
|
self._test_dhcp_client_ipv4_use_routes_gateway(routes, gateway, dnsroutes)
|
||||||
|
self.tearDown()
|
||||||
|
|
||||||
|
def _test_dhcp_client_ipv4_use_routes_gateway(self, routes, gateway, dnsroutes):
|
||||||
|
testunit = 'dhcp-client-ipv4-use-routes-use-gateway.network'
|
||||||
|
testunits = ['25-veth.netdev', 'dhcp-server-veth-peer.network', testunit]
|
||||||
|
if routes != None:
|
||||||
|
testunits.append(f'{testunit}.d/use-routes-{routes}.conf');
|
||||||
|
if gateway != None:
|
||||||
|
testunits.append(f'{testunit}.d/use-gateway-{gateway}.conf');
|
||||||
|
if dnsroutes != None:
|
||||||
|
testunits.append(f'{testunit}.d/use-dns-routes-{dnsroutes}.conf');
|
||||||
|
copy_unit_to_networkd_unit_path(*testunits, dropins=False)
|
||||||
|
|
||||||
start_networkd()
|
start_networkd()
|
||||||
self.wait_online(['veth-peer:carrier'])
|
self.wait_online(['veth-peer:carrier'])
|
||||||
|
@ -3037,22 +3050,31 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
|
||||||
|
|
||||||
output = check_output('ip route show dev veth99')
|
output = check_output('ip route show dev veth99')
|
||||||
print(output)
|
print(output)
|
||||||
self.assertNotRegex(output, r'192.168.5.5')
|
|
||||||
self.assertRegex(output, r'default via 192.168.5.1 proto dhcp src 192.168.5.181 metric 1024')
|
|
||||||
self.assertRegex(output, r'192.168.5.1 proto dhcp scope link src 192.168.5.181 metric 1024')
|
|
||||||
|
|
||||||
def test_dhcp_client_ipv4_use_gateway_no(self):
|
# UseRoutes= defaults to true
|
||||||
copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv4-use-gateway-no.network')
|
useroutes = routes in [True, None]
|
||||||
|
# UseGateway= defaults to useroutes
|
||||||
|
usegateway = useroutes if gateway == None else gateway
|
||||||
|
|
||||||
start_networkd()
|
# Check UseRoutes=
|
||||||
self.wait_online(['veth-peer:carrier'])
|
if useroutes:
|
||||||
start_dnsmasq(additional_options='--dhcp-option=option:dns-server,192.168.5.6,192.168.5.7', lease_time='2m')
|
self.assertRegex(output, r'192.168.5.0/24 via 192.168.5.5 proto dhcp src 192.168.5.181 metric 1024')
|
||||||
self.wait_online(['veth99:routable', 'veth-peer:routable'])
|
else:
|
||||||
|
self.assertNotRegex(output, r'192.168.5.5')
|
||||||
|
|
||||||
output = check_output('ip route show dev veth99')
|
# Check UseGateway=
|
||||||
print(output)
|
if usegateway:
|
||||||
self.assertRegex(output, r'192.168.5.0/24 via 192.168.5.5 proto dhcp src 192.168.5.181 metric 1024')
|
self.assertRegex(output, r'default via 192.168.5.1 proto dhcp src 192.168.5.181 metric 1024')
|
||||||
self.assertNotRegex(output, r'default via 192.168.5.1')
|
else:
|
||||||
|
self.assertNotRegex(output, r'default via 192.168.5.1')
|
||||||
|
|
||||||
|
# Check RoutesToDNS=, which defaults to false
|
||||||
|
if dnsroutes:
|
||||||
|
self.assertRegex(output, r'192.168.5.6 proto dhcp scope link src 192.168.5.181 metric 1024')
|
||||||
|
self.assertRegex(output, r'192.168.5.7 proto dhcp scope link src 192.168.5.181 metric 1024')
|
||||||
|
else:
|
||||||
|
self.assertNotRegex(output, r'192.168.5.6')
|
||||||
|
self.assertNotRegex(output, r'192.168.5.7')
|
||||||
|
|
||||||
def test_dhcp_client_ipv4_ipv6(self):
|
def test_dhcp_client_ipv4_ipv6(self):
|
||||||
copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv6-only.network',
|
copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv6-only.network',
|
||||||
|
|
|
@ -119,13 +119,13 @@ machinectl remove scratch4
|
||||||
! test -f /var/lib/machines/scratch4
|
! test -f /var/lib/machines/scratch4
|
||||||
! machinectl image-status scratch4
|
! machinectl image-status scratch4
|
||||||
|
|
||||||
# Test import-tar hypen/stdin pipe behavior
|
# Test import-tar hyphen/stdin pipe behavior
|
||||||
cat /var/tmp/scratch.tar.gz | machinectl import-tar - scratch5
|
cat /var/tmp/scratch.tar.gz | machinectl import-tar - scratch5
|
||||||
test -d /var/lib/machines/scratch5
|
test -d /var/lib/machines/scratch5
|
||||||
machinectl image-status scratch5
|
machinectl image-status scratch5
|
||||||
diff -r /var/tmp/scratch/ /var/lib/machines/scratch5
|
diff -r /var/tmp/scratch/ /var/lib/machines/scratch5
|
||||||
|
|
||||||
# Test export-tar hypen/stdout pipe behavior
|
# Test export-tar hyphen/stdout pipe behavior
|
||||||
mkdir -p /var/tmp/extract
|
mkdir -p /var/tmp/extract
|
||||||
machinectl export-tar scratch5 - | tar xvf - -C /var/tmp/extract/
|
machinectl export-tar scratch5 - | tar xvf - -C /var/tmp/extract/
|
||||||
diff -r /var/tmp/scratch/ /var/tmp/extract/
|
diff -r /var/tmp/scratch/ /var/tmp/extract/
|
||||||
|
|
|
@ -163,7 +163,7 @@ TEMPLATE = '''\
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>D-Bus interfaces</title>
|
<title>D-Bus interfaces</title>
|
||||||
|
|
||||||
<para>Interaces exposed over D-Bus.</para>
|
<para>Interfaces exposed over D-Bus.</para>
|
||||||
|
|
||||||
<variablelist id='dbus-interface' />
|
<variablelist id='dbus-interface' />
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
|
@ -279,7 +279,7 @@ def process(page):
|
||||||
subst_output(xml, pl)
|
subst_output(xml, pl)
|
||||||
|
|
||||||
out_text = etree.tostring(xml, encoding='unicode')
|
out_text = etree.tostring(xml, encoding='unicode')
|
||||||
# massage format to avoid some lxml whitespace handling idiosyncracies
|
# massage format to avoid some lxml whitespace handling idiosyncrasies
|
||||||
# https://bugs.launchpad.net/lxml/+bug/526799
|
# https://bugs.launchpad.net/lxml/+bug/526799
|
||||||
out_text = (src[:src.find('<refentryinfo')] +
|
out_text = (src[:src.find('<refentryinfo')] +
|
||||||
out_text[out_text.find('<refentryinfo'):] +
|
out_text[out_text.find('<refentryinfo'):] +
|
||||||
|
|
|
@ -36,7 +36,7 @@ else
|
||||||
FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"
|
FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Because we want Fuzzit to run on every pull-request and Travis/Azure doesnt support encrypted keys
|
# Because we want Fuzzit to run on every pull-request and Travis/Azure doesn't support encrypted keys
|
||||||
# on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
|
# on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
|
||||||
export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc
|
export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc
|
||||||
FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so"
|
FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so"
|
||||||
|
|
Loading…
Reference in New Issue