user is notified (graphically via Plymouth – if available – as well
as in text form on the console), and the system is turned off after a
10s delay. The feature can be disabled by passing
- systemd.battery-check=0 through the kernel command line.
+ systemd.battery_check=0 through the kernel command line.
* The 'passwdqc' library is now supported as an alternative to the
'pwquality' library and can be selected at build time.
interfaces. The Kind= setting in .netdev file accepts "ipoib". And
systemd.netdev files gained the [IPoIB] section.
- * systemd-networkd and systemd-udevd now support net.ifname-policy=
+ * systemd-networkd and systemd-udevd now support net.ifname_policy=
option on the kernel command-line. This is implemented through the
systemd-network-generator service that automatically generates
appropriate .link, .network, and .netdev files.
- Invalid characters in interface names are replaced with "_".
The new version of the net naming scheme is "v249". The previous
- scheme can be selected via the "net.naming-scheme=v247" kernel
+ scheme can be selected via the "net.naming_scheme=v247" kernel
command line parameter.
* sd-bus' sd_bus_is_ready() and sd_bus_is_open() calls now accept a
bridge. Since this is a naming scheme incompatibility on systems that
possess hardware like this it has been introduced as new naming
scheme "v247". The previous scheme can be selected via the
- "net.naming-scheme=v245" kernel command line parameter.
+ "net.naming_scheme=v245" kernel command line parameter.
* ConditionFirstBoot= semantics have been modified to be safe towards
abnormal system power-off during first boot. Specifically, the
added, which may be used to turn off automatic activation of swap
devices listed in /etc/fstab.
- * New kernel command line options systemd.condition-needs-update= and
- systemd.condition-first-boot= have been added, which override the
+ * New kernel command line options systemd.condition_needs_update= and
+ systemd.condition_first_boot= have been added, which override the
result of the ConditionNeedsUpdate= and ConditionFirstBoot=
conditions.
- * A new kernel command line option systemd.clock-usec= has been added
+ * A new kernel command line option systemd.clock_usec= has been added
that allows setting the system clock to the specified time in µs
since Jan 1st, 1970 early during boot. This is in particular useful
in order to make test cases more reliable.
multiple containers whose names all begin with the same prefix. Since
this changes the primary interface names pointing to containers if
truncation happens, the old scheme may still be requested by
- selecting an older naming scheme, via the net.naming-scheme= kernel
+ selecting an older naming scheme, via the net.naming_scheme= kernel
command line option.
* PrivateUsers= in service files now works in services run by the
Moreover, the "en" prefix was dropped from the ID_NET_NAME_ONBOARD
udev property.
- Those two changes form a new net.naming-policy-scheme= entry.
- Distributions which want to preserve naming stability may want to set
- the -Ddefault-net-naming-scheme= configuration option.
+ Those two changes form a new net.naming_scheme= entry. Distributions
+ which want to preserve naming stability may want to set the
+ -Ddefault-net-naming-scheme= configuration option.
* systemd-networkd now supports MACsec, nlmon, IPVTAP and Xfrm
interfaces natively.
name as argument.
* systemd-udevd's network naming logic now understands a new
- net.naming-scheme= kernel command line switch, which may be used to
+ net.naming_scheme= kernel command line switch, which may be used to
pick a specific version of the naming scheme. This helps stabilizing
interface names even as systemd/udev are updated and the naming logic
is improved.
when determining stable network interface names. This may be used to revert
to naming schemes of older udev versions, in order to provide more stable
naming across updates. This environment variable takes precedence over the
- kernel command line option `net.naming-scheme=`, except if the value is
+ kernel command line option `net.naming_scheme=`, except if the value is
prefixed with `:` in which case the kernel command line option takes
precedence, if it is specified as well.
<term><varname>udev.blockdev_read_only</varname></term>
<term><varname>rd.udev.blockdev_read_only</varname></term>
<term><varname>net.ifnames=</varname></term>
- <term><varname>net.naming-scheme=</varname></term>
+ <term><varname>net.naming_scheme=</varname></term>
<listitem>
<para>Parameters understood by the device event managing
<citerefentry><refentrytitle>systemd-homed-firstboot.service</refentrytitle><manvolnum>1</manvolnum></citerefentry>
will not query the user for basic system settings, even if the system boots up for the first time and
the relevant settings are not initialized yet. Not to be confused with
- <varname>systemd.condition-first-boot=</varname> (see below), which overrides the result of the
+ <varname>systemd.condition_first_boot=</varname> (see below), which overrides the result of the
<varname>ConditionFirstBoot=</varname> unit file condition, and thus controls more than just
<filename>systemd-firstboot.service</filename> behaviour.</para>
</varlistentry>
<varlistentry>
- <term><varname>systemd.condition-needs-update=</varname></term>
+ <term><varname>systemd.condition_needs_update=</varname></term>
<listitem><para>Takes a boolean argument. If specified, overrides the result of
<varname>ConditionNeedsUpdate=</varname> unit condition checks. See
</varlistentry>
<varlistentry>
- <term><varname>systemd.condition-first-boot=</varname></term>
+ <term><varname>systemd.condition_first_boot=</varname></term>
<listitem><para>Takes a boolean argument. If specified, overrides the result of
<varname>ConditionFirstBoot=</varname> unit condition checks. See
</varlistentry>
<varlistentry>
- <term><varname>systemd.clock-usec=</varname></term>
+ <term><varname>systemd.clock_usec=</varname></term>
<listitem><para>Takes a decimal, numeric timestamp in μs since January 1st 1970, 00:00am, to set the
system clock to. The system time is set to the specified timestamp early during boot. It is not
</varlistentry>
<varlistentry>
- <term><varname>systemd.random-seed=</varname></term>
+ <term><varname>systemd.random_seed=</varname></term>
<listitem><para>Takes a base64 encoded random seed value to credit with full entropy to the kernel's
random pool during early service manager initialization. This option is useful in testing
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>systemd.battery_check=</varname></term>
+
+ <listitem><para>Accepts a boolean argument. If false the boot-time battery charge check implemented
+ by
+ <citerefentry><refentrytitle>systemd-battery-check.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ is disabled.</para>
+
+ <xi:include href="version-info.xml" xpointer="v254"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>ifname=</varname></term>
+ <term><varname>net.ifname_policy=</varname></term>
+
+ <listitem><para>Controls interface naming policies, implemented by
+ <citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v245"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>systemd.tpm2_wait=</varname></term>
+
+ <listitem><para>Controls whether to wait for a TPM2 device at boot, implemented by
+ <citerefentry><refentrytitle>systemd-tpm2-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
<variablelist class='kernel-commandline-options'>
<varlistentry>
- <term><varname>systemd.battery-check=<replaceable>BOOL</replaceable></varname></term>
+ <term><varname>systemd.battery_check=<replaceable>BOOL</replaceable></varname></term>
<listitem>
<para>Takes a boolean. If specified with false, <command>systemd-battery-check</command> command
<varlistentry>
<term><varname>ifname=</varname></term>
- <term><varname>net.ifname-policy=</varname></term>
+ <term><varname>net.ifname_policy=</varname></term>
<listitem>
<para>Translated into
<citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</listitem>
</varlistentry>
<varlistentry>
- <term><varname>net.naming-scheme=</varname></term>
+ <term><varname>net.naming_scheme=</varname></term>
<listitem>
<para>Network interfaces are renamed to give them predictable names when possible (unless
<varname>net.ifnames=0</varname> is specified, see above). With this kernel command line option it
</listitem>
</varlistentry>
<varlistentry>
- <term><varname>net.ifname-policy=<replaceable>policy1</replaceable>[,<replaceable>policy2</replaceable>,…][,<replaceable>MAC</replaceable>]</varname></term>
+ <term><varname>net.ifname_policy=<replaceable>policy1</replaceable>[,<replaceable>policy2</replaceable>,…][,<replaceable>MAC</replaceable>]</varname></term>
<listitem>
<para>Specifies naming policies applied when renaming network interfaces. Takes a list of
policies and an optional MAC address separated with comma. Each policy value must be one of
enabled.</para>
<para>Example:
- <programlisting>net.ifname-policy=keep,kernel,path,slot,onboard,01:23:45:67:89:ab
-net.ifname-policy=keep,kernel,path,slot,onboard,mac</programlisting>
+ <programlisting>net.ifname_policy=keep,kernel,path,slot,onboard,01:23:45:67:89:ab
+net.ifname_policy=keep,kernel,path,slot,onboard,mac</programlisting>
This is mostly equivalent to creating the following .link files:
<programlisting># 91-name-policy-with-mac.link
[Match]
<citerefentry project='man-pages'><refentrytitle>touch</refentrytitle><manvolnum>1</manvolnum></citerefentry>
on it.</para>
- <para>Note that if the <varname>systemd.condition-needs-update=</varname> kernel command line option is
+ <para>Note that if the <varname>systemd.condition_needs_update=</varname> kernel command line option is
used it overrides the <varname>ConditionNeedsUpdate=</varname> unit condition checks. In that case
<filename>systemd-update-done.service</filename> will not reset the condition state until a follow-up
reboot where the kernel switch is not specified anymore.</para>
implemented version, but it is also possible to set one of the older versions to preserve
compatibility. This may be useful for example for distributions, which may introduce new versions of
systemd in stable releases without changing the naming scheme. The naming scheme may also be overridden
- using the <varname>net.naming-scheme=</varname> kernel command line switch, see
+ using the <varname>net.naming_scheme=</varname> kernel command line switch, see
<citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
Available naming schemes are described below.</para>
<title>History</title>
<para>The following "naming schemes" have been defined (which may be chosen at system boot-up time via
- the <varname>net.naming-scheme=</varname> kernel command line switch, see above):</para>
+ the <varname>net.naming_scheme=</varname> kernel command line switch, see above):</para>
<variablelist>
<varlistentry>
to make sure they run before the stamp file's modification time gets reset indicating a completed
update.</para>
- <para>If the <varname>systemd.condition-needs-update=</varname> option is specified on the kernel
+ <para>If the <varname>systemd.condition_needs_update=</varname> option is specified on the kernel
command line (taking a boolean), it will override the result of this condition check, taking
precedence over any file modification time checks. If the kernel command line option is used,
<filename>systemd-update-done.service</filename> will not have immediate effect on any following
<varname>Wants=</varname>. This ensures that in a case of an aborted first boot, these units will
be re-run during the next system startup.</para>
- <para>If the <varname>systemd.condition-first-boot=</varname> option is specified on the kernel
+ <para>If the <varname>systemd.condition_first_boot=</varname> option is specified on the kernel
command line (taking a boolean), it will override the result of this condition check, taking
precedence over <filename>/etc/machine-id</filename> existence checks.</para>
'default LLMNR mode' : default_llmnr,
'default DNS servers' : dns_servers.split(' '),
'default NTP servers' : ntp_servers.split(' '),
- 'default net.naming-scheme value' : default_net_naming_scheme,
- 'default KillUserProcesses value' : kill_user_processes,
+ 'default net.naming_scheme= value': default_net_naming_scheme,
+ 'default KillUserProcesses= value': kill_user_processes,
'default locale' : default_locale,
'default nspawn locale' : nspawn_locale,
'default status unit format' : status_unit_format_default,
choices : ['legacy', 'hybrid', 'unified'], deprecated : true,
description : '''This option is deprecated and will be removed in a future release''')
option('extra-net-naming-schemes', type : 'string',
- description : 'comma-separated list of extra net.naming-scheme= definitions')
+ description : 'comma-separated list of extra net.naming_scheme= definitions')
option('default-net-naming-scheme', type : 'string', value : 'latest',
- description : 'default net.naming-scheme= value')
+ description : 'default net.naming_scheme= value')
option('status-unit-format-default', type : 'combo',
choices : ['auto', 'description', 'name', 'combined'],
description : 'use unit name or description in messages by default')
return parse_boolean(e);
}
-int getenv_bool_secure(const char *p) {
+int secure_getenv_bool(const char *p) {
const char *e;
e = secure_getenv(p);
return parse_boolean(e);
}
-int getenv_uint64_secure(const char *p, uint64_t *ret) {
+int secure_getenv_uint64(const char *p, uint64_t *ret) {
const char *e;
assert(p);
char *strv_env_pairs_get(char **l, const char *name) _pure_;
int getenv_bool(const char *p);
-int getenv_bool_secure(const char *p);
+int secure_getenv_bool(const char *p);
-int getenv_uint64_secure(const char *p, uint64_t *ret);
+int secure_getenv_uint64(const char *p, uint64_t *ret);
/* Like setenv, but calls unsetenv if value == NULL. */
int set_unset_env(const char *name, const char *value, bool overwrite);
* This can be overridden by setting SYSTEMD_IN_INITRD=0|1.
*/
- r = getenv_bool_secure("SYSTEMD_IN_INITRD");
+ r = secure_getenv_bool("SYSTEMD_IN_INITRD");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m");
if (cached_answer >= 0)
goto out;
- r = getenv_bool_secure("SYSTEMD_UTF8");
+ r = secure_getenv_bool("SYSTEMD_UTF8");
if (r >= 0) {
cached_answer = r;
goto out;
if (saved_log_context_enabled >= 0)
return saved_log_context_enabled;
- r = getenv_bool_secure("SYSTEMD_ENABLE_LOG_CONTEXT");
+ r = secure_getenv_bool("SYSTEMD_ENABLE_LOG_CONTEXT");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_ENABLE_LOG_CONTEXT, ignoring: %m");
BACKGROUND_RED,
BACKGROUND_GREEN,
BACKGROUND_BLUE,
+ BACKGROUND_STRING_TERMINATOR,
} BackgroundColorState;
typedef struct BackgroundColorContext {
return 1; /* success! */
context->state = BACKGROUND_TEXT;
- } else {
+ } else if (c == '\x1b')
+ context->state = context->blue_bits > 0 ? BACKGROUND_STRING_TERMINATOR : BACKGROUND_TEXT;
+ else {
int d = unhexchar(c);
if (d < 0 || context->blue_bits >= sizeof(context->blue)*8)
context->state = BACKGROUND_TEXT;
}
}
break;
+
+ case BACKGROUND_STRING_TERMINATOR:
+ if (c == '\\')
+ return 1; /* success! */
+
+ context->state = c == ']' ? BACKGROUND_ESCAPE : BACKGROUND_TEXT;
+ break;
+
}
/* Reset any colors we might have picked up */
- if (context->state == BACKGROUND_TEXT) {
+ if (IN_SET(context->state, BACKGROUND_TEXT, BACKGROUND_ESCAPE)) {
/* reset color */
context->red = context->green = context->blue = 0;
context->red_bits = context->green_bits = context->blue_bits = 0;
r = fd_wait_for_event(STDIN_FILENO, POLLIN, usec_sub_unsigned(end, n));
if (r < 0)
goto finish;
+ if (r == 0) {
+ r = -EOPNOTSUPP;
+ goto finish;
+ }
ssize_t l;
l = read(STDIN_FILENO, buf, sizeof(buf) - buf_full);
log_setup();
- r = proc_cmdline_get_bool("systemd.battery-check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
+ r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
if (r < 0)
- log_warning_errno(r, "Failed to parse systemd.battery-check= kernel command line option, ignoring: %m");
+ log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m");
r = parse_argv(argc, argv);
if (r <= 0)
/* Let's check whether we are in first boot. First, check if an override was
* specified on the kernel command line. If yes, we honour that. */
- r = proc_cmdline_get_bool("systemd.condition-first-boot", /* flags = */ 0, &first_boot);
+ r = proc_cmdline_get_bool("systemd.condition_first_boot", /* flags = */ 0, &first_boot);
if (r < 0)
- log_debug_errno(r, "Failed to parse systemd.condition-first-boot= kernel command line argument, ignoring: %m");
+ log_debug_errno(r, "Failed to parse systemd.condition_first_boot= kernel command line argument, ignoring: %m");
if (r > 0)
log_full(first_boot ? LOG_INFO : LOG_DEBUG,
int r;
if (cached < 0) {
- r = getenv_bool_secure("SYSTEMD_SYSFS_CHECK");
+ r = secure_getenv_bool("SYSTEMD_SYSFS_CHECK");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_SYSFS_CHECK, ignoring: %m");
cached = r != 0;
/* Only operate on sysfs, i.e. refuse going down into /sys/fs/cgroup/ or similar places where
* things are not arranged as kobjects in kernel, and hence don't necessarily have
* kobject/attribute structure. */
- r = getenv_bool_secure("SYSTEMD_DEVICE_VERIFY_SYSFS");
+ r = secure_getenv_bool("SYSTEMD_DEVICE_VERIFY_SYSFS");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_DEVICE_VERIFY_SYSFS value: %m");
if (r != 0) {
static bool shall_use_pidfd(void) {
/* Mostly relevant for debugging, i.e. this is used in test-event.c to test the event loop once with and once without pidfd */
- return getenv_bool_secure("SYSTEMD_PIDFD") != 0;
+ return secure_getenv_bool("SYSTEMD_PIDFD") != 0;
}
_public_ int sd_event_add_child(
# .link
ifname=<interface>:<MAC>
- net.ifname-policy=policy1[,policy2,...][,<MAC>] # This is an original rule, not supported by other tools.
+ net.ifname_policy=policy1[,policy2,...][,<MAC>] # This is an original rule, not supported by other tools.
# .netdev
vlan=<vlanname>:<phydevice>
assert(context);
assert(key);
- /* net.ifname-policy=policy1[,policy2,...][,<MAC>] */
+ /* net.ifname_policy=policy1[,policy2,...][,<MAC>] */
if (proc_cmdline_value_missing(key, value))
return -EINVAL;
assert(key);
- if (streq(key, "ip"))
+ if (proc_cmdline_key_streq(key, "ip"))
return parse_cmdline_ip(context, key, value);
- if (streq(key, "rd.route"))
+ if (proc_cmdline_key_streq(key, "rd.route"))
return parse_cmdline_rd_route(context, key, value);
- if (streq(key, "nameserver"))
+ if (proc_cmdline_key_streq(key, "nameserver"))
return parse_cmdline_nameserver(context, key, value);
- if (streq(key, "rd.peerdns"))
+ if (proc_cmdline_key_streq(key, "rd.peerdns"))
return parse_cmdline_rd_peerdns(context, key, value);
- if (streq(key, "vlan"))
+ if (proc_cmdline_key_streq(key, "vlan"))
return parse_cmdline_vlan(context, key, value);
- if (streq(key, "bridge"))
+ if (proc_cmdline_key_streq(key, "bridge"))
return parse_cmdline_bridge(context, key, value);
- if (streq(key, "bond"))
+ if (proc_cmdline_key_streq(key, "bond"))
return parse_cmdline_bond(context, key, value);
- if (streq(key, "ifname"))
+ if (proc_cmdline_key_streq(key, "ifname"))
return parse_cmdline_ifname(context, key, value);
- if (streq(key, "net.ifname-policy"))
+ if (proc_cmdline_key_streq(key, "net.ifname_policy"))
return parse_cmdline_ifname_policy(context, key, value);
return 0;
const char *name,
const int value,
uint64_t flag) {
+
int r;
- r = getenv_bool_secure(name);
+ r = secure_getenv_bool(name);
if (r >= 0)
return r == value ? flag : 0;
if (r != -ENXIO)
return NSS_STATUS_NOTFOUND;
/* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_passwd.pw_name))
return copy_synthesized_passwd(pwd, &root_passwd,
return NSS_STATUS_NOTFOUND;
/* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (uid == root_passwd.pw_uid)
return copy_synthesized_passwd(pwd, &root_passwd,
return NSS_STATUS_NOTFOUND;
/* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_spwd.sp_namp))
return copy_synthesized_spwd(spwd, &root_spwd, buffer, buflen, errnop);
return NSS_STATUS_NOTFOUND;
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_group.gr_name))
return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop);
return NSS_STATUS_NOTFOUND;
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (gid == root_group.gr_gid)
return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop);
return NSS_STATUS_NOTFOUND;
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_sgrp.sg_namp))
return copy_synthesized_sgrp(sgrp, &root_sgrp, buffer, buflen, errnop);
UserDBFlags flags = USERDB_EXCLUDE_NSS;
/* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */
- if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+ if (secure_getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
flags |= USERDB_EXCLUDE_DYNAMIC_USER;
return flags;
assert(c->parameter);
assert(c->type == CONDITION_NEEDS_UPDATE);
- r = proc_cmdline_get_bool("systemd.condition-needs-update", /* flags = */ 0, &b);
+ r = proc_cmdline_get_bool("systemd.condition_needs_update", /* flags = */ 0, &b);
if (r < 0)
- log_debug_errno(r, "Failed to parse systemd.condition-needs-update= kernel command line argument, ignoring: %m");
+ log_debug_errno(r, "Failed to parse systemd.condition_needs_update= kernel command line argument, ignoring: %m");
if (r > 0)
return b;
if (validate_name && !streq(embedded_name, validate_name)) {
- r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME");
+ r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NAME");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m");
if (r != 0)
if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) {
- r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER");
+ r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m");
if (r != 0)
assert(verity);
if (verity->root_hash_sig) {
- r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIGNATURE");
+ r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIGNATURE");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIGNATURE");
if (is_device_path(image))
return 0;
- r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIDECAR");
+ r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIDECAR");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIDECAR, ignoring: %m");
if (r == 0)
if (verity->root_hash && verity->root_hash_sig) /* Already loaded? */
return 0;
- r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_EMBEDDED");
+ r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_EMBEDDED");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_EMBEDDED, ignoring: %m");
if (r == 0)
* being used, but it measured things into a different PCR than we are configured for in
* userspace. (i.e. we expect PCR 11 being used for this by both sd-stub and us) */
- r = getenv_bool_secure("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test,
+ r = secure_getenv_bool("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test,
* for debugging purposes */
if (r >= 0)
return (cached = r);
return cache;
/* Acquire setting from the kernel command line */
- (void) proc_cmdline_get_key("net.naming-scheme", 0, &buffer);
+ (void) proc_cmdline_get_key("net.naming_scheme", 0, &buffer);
/* Also acquire it from an env var */
e = getenv("NET_NAMING_SCHEME");
* pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
* wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
* know to be good. */
- int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE");
+ int use_secure_mode = secure_getenv_bool("SYSTEMD_PAGERSECURE");
bool trust_pager = use_secure_mode >= 0;
if (use_secure_mode == -ENXIO) {
uid_t uid;
_cleanup_free_ char *s = NULL;
assert(f);
- assert(f->background_color);
+
+ if (!f->background_color)
+ return 0;
/* When we see a newline (ASCII 10) then this sets the background color to the desired one, and erase the rest
* of the line with it */
_cleanup_free_ char *s = NULL;
assert(f);
- assert(f->background_color);
+
+ if (!f->background_color)
+ return 0;
/* When we see a carriage return (ASCII 13) this this sets only the background */
} else if (!strextend(&f->osc_sequence, CHAR_TO_STR(c)))
return -ENOMEM;
} else {
- /* Otherwise, the OSC sequence is over */
-
- if (c == '\x07') {
+ /* Otherwise, the OSC sequence is over
+ *
+ * There are two allowed ways to end an OSC sequence:
+ * BEL '\x07'
+ * String Terminator (ST): <Esc>\ - "\x1b\x5c"
+ * since we cannot lookahead to see if the Esc is followed by a \
+ * we cut a corner here and assume it will be \. */
+
+ if (c == '\x07' || c == '\x1b') {
r = insert_window_title_fix(f, i+1);
if (r < 0)
return r;
if (cached_enabled < 0) {
int b;
- b = getenv_bool_secure("SYSTEMD_SECCOMP");
+ b = secure_getenv_bool("SYSTEMD_SECCOMP");
if (b != 0) {
if (b < 0 && b != -ENXIO) /* ENXIO: env var unset */
log_debug_errno(b, "Failed to parse $SYSTEMD_SECCOMP value, ignoring.");
static usec_t epoch_or_now(void) {
uint64_t epoch;
- if (getenv_uint64_secure("SOURCE_DATE_EPOCH", &epoch) >= 0) {
+ if (secure_getenv_uint64("SOURCE_DATE_EPOCH", &epoch) >= 0) {
if (epoch > UINT64_MAX/USEC_PER_SEC) /* Overflow check */
return USEC_INFINITY;
return (usec_t) epoch * USEC_PER_SEC;
assert_se(status == NSS_STATUS_SUCCESS);
assert_se(n == socket_ipv6_is_enabled() + 1);
- } else if (streq(module, "resolve") && getenv_bool_secure("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) {
+ } else if (streq(module, "resolve") && secure_getenv_bool("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) {
assert_se(status == NSS_STATUS_SUCCESS);
if (socket_ipv6_is_enabled())
assert_se(n == 2);
assert(key);
- if (proc_cmdline_key_streq(key, "systemd.tpm2-wait")) {
+ if (proc_cmdline_key_streq(key, "systemd.tpm2_wait")) {
r = value ? parse_boolean(value) : 1;
if (r < 0)
- log_warning_errno(r, "Failed to parse 'systemd.tpm2-wait' kernel command line argument, ignoring: %s", value);
+ log_warning_errno(r, "Failed to parse 'systemd.tpm2_wait=' kernel command line argument, ignoring: %s", value);
else
arg_tpm2_wait = r;
}
Documentation=man:systemd-battery-check.service(8)
ConditionVirtualization=no
ConditionDirectoryNotEmpty=/sys/class/power_supply/
-ConditionKernelCommandLine=!systemd.battery-check=0
+ConditionKernelCommandLine=!systemd.battery_check=0
AssertPathExists=/etc/initrd-release
DefaultDependencies=no
After=plymouth-start.service