The "kernel" policy, which keeps kernel names declared to be
"persistent", now works again as documented.
- * kernel-install script now optionally takes a path to an initrd file,
- and passes it to all plugins.
+ * kernel-install script now optionally takes the paths to one or more
+ initrd files, and passes them to all plugins.
* The mincore() system call has been dropped from the @system-service
system call filter group, as it is pretty exotic and may potentially
parse backslashes inside quotes literally, matching the behaviour of
POSIX shells.
+ * udevadm trigger, udevadm control, udevadm settle and udevadm monitor
+ now automatically become NOPs when run in a chroot() environment.
+
+ * The tmpfiles.d/ "C" line type will now copy directory trees not only
+ when the destination is so far missing, but also if it already exists
+ as a directory and is empty. This is useful to cater for systems
+ where directory trees are put together from multiple separate mount
+ points but otherwise empty.
+
+ * A new function sd_bus_close_unref() (and the associated
+ sd_bus_close_unrefp()) has been added to libsystemd, that combines
+ sd_bus_close() and sd_bus_unref() in one.
+
+ * udevadm control learnt a new option for --ping for testing whether a
+ systemd-udevd instance is running and reacting.
+
+ Contributions from: Aaron Plattner, Alex Mayer, Ayman Bagabas,
+ Beniamino Galvani, bl33pbl0p, Burt P, Chris Down, Chris Lamb, Chris
+ Morin, Claudius Ellsel, dana, Daniel Axtens, Daniele Medri, Dave
+ Reisner, dcanuhe, Dimitri John Ledkov, Evgeny Vereshchagin, Fabrice
+ Fontaine, Filipe Brandenburger, Franck Bui, Frantisek Sumsal, howl,
+ ikelos, James Hilliard, Jani Uusitalo, Jan Janssen, Jonathan Roemer,
+ Jonathon Kowalski, Joost Heitbrink, Jörg Thalheim, Lennart Poettering,
+ Louis Taylor, Lucas Werkmeister, Marc-Antoine Perennou, marvelousblack,
+ Michael Biebl, Michael Sloan, Michal Sekletar, Mike Auty, Mike Gilbert,
+ Mikhail Kasimov, Niklas Hambüchen, Patrick Williams, Paul Seyfert,
+ Philip Withnall, rogerjames99, Ronnie P. Thomas, Ryan Gonzalez, Sam
+ Morris, Susant Sahani, Taro Yamada, Thomas Haller, Topi Miettinen,
+ YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zsergeant77
+
+ — Berlin, 2018-XX-XX
+
CHANGES WITH 240:
* NoNewPrivileges=yes has been set for all long-running services
file descriptors currently enforced (fs.file-max, fs.nr_open,
RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
and keep only the latter two. A set of build-time options
- (-Dbump-proc-sys-fs-file-max=no and -Dbump-proc-sys-fs-nr-open=no)
+ (-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false)
has been added to revert this change in behaviour, which might be
an option for systems that turn off memcg in the kernel.
This command does the following:
-1. It dissects the image, checks and validates the `/etc/os-release` data of
- the image, and looks for all included unit files.
+1. It dissects the image, checks and validates the `/etc/os-release`
+ (or `/usr/lib/os-release`, see below) data of the image, and looks for
+ all included unit files.
2. It copies out all unit files with a suffix of `.service`, `.socket`,
`.target`, `.timer` and `.path`. whose name begins with the image's name
image. (The implementation will check a couple of other paths too, but it's
recommended to use these two paths.)
-4. The image must contain an os-release file, either in /etc/os-release or
- /usr/lib/os-release. The file should follow the standard format.
+4. The image must contain an os-release file, either in `/etc/os-release` or
+ `/usr/lib/os-release`. The file should follow the standard format.
+
+5. The image must contain the files `/etc/resolv.conf` and `/etc/machine-id`
+ (empty files are ok), they will be bind mounted from the host at runtime.
Note that generally images created by tools such as `debootstrap`, `dnf
--installroot=` or `mkosi` qualify for all of the above in one way or
EVDEV_ABS_35=916:6077:55
EVDEV_ABS_36=653:5395:116
+# Lenovo Yoga 500-14IBD, 80N4
+evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnLENOVO:*pvrLenovoYoga500-14IBD*
+ EVDEV_ABS_00=117:3952:36
+ EVDEV_ABS_01=105:1960:26
+ EVDEV_ABS_35=117:3952:36
+ EVDEV_ABS_36=105:1960:26
+
#########################################
# Razer
#########################################
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnGIGABYTE:pnU2442:*
KEYBOARD_KEY_a0=! # mute
+###########################################################
+# Gemini
+###########################################################
+
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnGeminiDevices:pnNC14V1006:*
+ KEYBOARD_KEY_9c=enter
+
###########################################################
# Genius
###########################################################
KEYBOARD_KEY_73=slash # Slash key
KEYBOARD_KEY_f8=wlan # Wireless HW switch button
+# HP Stream 7
+# The ACPI tables contains a gpio-keys entry for a non connected GPIO
+# causing spurious events, map this to unknown to disable it
+# older kernels use "ev:23" newer kernels "ev:3"
+evdev:name:gpio-keys:phys:gpio-keys/input0:ev:3:dmi:*:svnHewlett-Packard:pnHPStream7Tablet:*
+evdev:name:gpio-keys:phys:gpio-keys/input0:ev:23:dmi:*:svnHewlett-Packard:pnHPStream7Tablet:*
+ KEYBOARD_KEY_0=unknown
+
##########################################################
# Huawei
##########################################################
# Logitech MX Master
# Horiz wheel has 14 stops, angle is rounded up
+mouse:usb:v046dp4060:name:Logitech MX Master:
mouse:usb:v046dp4041:name:Logitech MX Master:
MOUSE_DPI=1000@166
MOUSE_WHEEL_CLICK_ANGLE=15
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>bootparam</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>dracut.cmdline</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-debug-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.)
Takes a unit-less value in seconds, or a time span value such
as "5min 20s". Pass 0 to disable the timeout logic. The
- default value is set from the manager configuration file's
- <varname>DefaultTimeoutStartSec=</varname>
- variable.</para></listitem>
+ default value is set from <varname>DefaultTimeoutStartSec=</varname> option in
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ </para></listitem>
</varlistentry>
</variablelist>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
</varlistentry>
</variablelist>
- <para>If the exclamation mark is used, this line is only safe of
+ <para>If the exclamation mark is used, this line is only safe to
execute during boot, and can break a running system. Lines
without the exclamation mark are presumed to be safe to execute
at any time, e.g. on package upgrades.
const char *syscall;
NULSTR_FOREACH(syscall, f->value) {
- bool b;
+ int id;
if (syscall[0] == '@') {
const SyscallFilterSet *g;
- assert_se(g = syscall_filter_set_find(syscall));
- b = syscall_names_in_filter(s, whitelist, g);
- } else {
- int id;
- /* Let's see if the system call actually exists on this platform, before complaining */
- id = seccomp_syscall_resolve_name(syscall);
- if (id < 0)
- continue;
+ assert_se(g = syscall_filter_set_find(syscall));
+ if (syscall_names_in_filter(s, whitelist, g))
+ return true; /* bad! */
- b = set_contains(s, syscall);
+ continue;
}
- if (whitelist == b) {
+ /* Let's see if the system call actually exists on this platform, before complaining */
+ id = seccomp_syscall_resolve_name(syscall);
+ if (id < 0)
+ continue;
+
+ if (set_contains(s, syscall) == whitelist) {
log_debug("Offending syscall filter item: %s", syscall);
return true; /* bad! */
}
typedef void (*free_func_t)(void *p);
+/* If for some reason more than 4M are allocated on the stack, let's abort immediately. It's better than
+ * proceeding and smashing the stack limits. Note that by default RLIMIT_STACK is 8M on Linux. */
+#define ALLOCA_MAX (4U*1024U*1024U)
+
#define new(t, n) ((t*) malloc_multiply(sizeof(t), (n)))
#define new0(t, n) ((t*) calloc((n) ?: 1, sizeof(t)))
-#define newa(t, n) \
- ({ \
- assert(!size_multiply_overflow(sizeof(t), n)); \
- (t*) alloca(sizeof(t)*(n)); \
+#define newa(t, n) \
+ ({ \
+ size_t _n_ = n; \
+ assert(!size_multiply_overflow(sizeof(t), _n_)); \
+ assert(sizeof(t)*_n_ <= ALLOCA_MAX); \
+ (t*) alloca(sizeof(t)*_n_); \
})
-#define newa0(t, n) \
- ({ \
- assert(!size_multiply_overflow(sizeof(t), n)); \
- (t*) alloca0(sizeof(t)*(n)); \
+#define newa0(t, n) \
+ ({ \
+ size_t _n_ = n; \
+ assert(!size_multiply_overflow(sizeof(t), _n_)); \
+ assert(sizeof(t)*_n_ <= ALLOCA_MAX); \
+ (t*) alloca0(sizeof(t)*_n_); \
})
#define newdup(t, p, n) ((t*) memdup_multiply(p, sizeof(t), (n)))
#define memdupa(p, l) \
({ \
void *_q_; \
- _q_ = alloca(l); \
- memcpy(_q_, p, l); \
+ size_t _l_ = l; \
+ assert(_l_ <= ALLOCA_MAX); \
+ _q_ = alloca(_l_); \
+ memcpy(_q_, p, _l_); \
})
#define memdupa_suffix0(p, l) \
({ \
void *_q_; \
- _q_ = alloca(l + 1); \
- ((uint8_t*) _q_)[l] = 0; \
- memcpy(_q_, p, l); \
+ size_t _l_ = l; \
+ assert(_l_ <= ALLOCA_MAX); \
+ _q_ = alloca(_l_ + 1); \
+ ((uint8_t*) _q_)[_l_] = 0; \
+ memcpy(_q_, p, _l_); \
})
static inline void freep(void *p) {
({ \
char *_new_; \
size_t _len_ = n; \
+ assert(_len_ <= ALLOCA_MAX); \
_new_ = alloca(_len_); \
(void *) memset(_new_, 0, _len_); \
})
({ \
void *_ptr_; \
size_t _mask_ = (align) - 1; \
- _ptr_ = alloca((size) + _mask_); \
+ size_t _size_ = size; \
+ assert(_size_ <= ALLOCA_MAX); \
+ _ptr_ = alloca(_size_ + _mask_); \
(void*)(((uintptr_t)_ptr_ + _mask_) & ~_mask_); \
})
#define alloca0_align(size, align) \
({ \
void *_new_; \
- size_t _size_ = (size); \
- _new_ = alloca_align(_size_, (align)); \
- (void*)memset(_new_, 0, _size_); \
+ size_t _xsize_ = (size); \
+ _new_ = alloca_align(_xsize_, (align)); \
+ (void*)memset(_new_, 0, _xsize_); \
})
/* Takes inspiration from Rusts's Option::take() method: reads and returns a pointer, but at the same time resets it to
return 0;
}
-int in_addr_prefix_from_string_internal(
+int in_addr_prefix_from_string(
const char *p,
- bool use_default_prefixlen,
int family,
union in_addr_union *ret_prefix,
unsigned char *ret_prefixlen) {
r = in_addr_parse_prefixlen(family, e+1, &k);
if (r < 0)
return r;
- } else if (use_default_prefixlen) {
- if (family == AF_INET) {
- r = in4_addr_default_prefixlen(&buffer.in, &k);
- if (r < 0)
- return r;
- } else
- k = 0;
} else
k = FAMILY_ADDRESS_SIZE(family) * 8;
int in_addr_prefix_from_string_auto_internal(
const char *p,
- bool use_default_prefixlen,
+ InAddrPrefixLenMode mode,
int *ret_family,
union in_addr_union *ret_prefix,
unsigned char *ret_prefixlen) {
r = in_addr_parse_prefixlen(family, e+1, &k);
if (r < 0)
return r;
- } else if (use_default_prefixlen) {
- if (family == AF_INET) {
- r = in4_addr_default_prefixlen(&buffer.in, &k);
- if (r < 0)
- return r;
- } else
- k = 0;
} else
- k = FAMILY_ADDRESS_SIZE(family) * 8;
+ switch (mode) {
+ case PREFIXLEN_FULL:
+ k = FAMILY_ADDRESS_SIZE(family) * 8;
+ break;
+ case PREFIXLEN_REFUSE:
+ return -ENOANO; /* To distinguish this error from others. */
+ case PREFIXLEN_LEGACY:
+ if (family == AF_INET) {
+ r = in4_addr_default_prefixlen(&buffer.in, &k);
+ if (r < 0)
+ return r;
+ } else
+ k = 0;
+ break;
+ default:
+ assert_not_reached("Invalid prefixlen mode");
+ }
if (ret_family)
*ret_family = family;
int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen);
int in_addr_prefix_covers(int family, const union in_addr_union *prefix, unsigned char prefixlen, const union in_addr_union *address);
int in_addr_parse_prefixlen(int family, const char *p, unsigned char *ret);
-int in_addr_prefix_from_string_internal(const char *p, bool use_default_prefixlen, int family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen);
-int in_addr_prefix_from_string_auto_internal(const char *p, bool use_default_prefixlen, int *ret_family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen);
-static inline int in_addr_prefix_from_string(const char *p, int family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen) {
- return in_addr_prefix_from_string_internal(p, false, family, ret_prefix, ret_prefixlen);
-}
+int in_addr_prefix_from_string(const char *p, int family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen);
+
+typedef enum InAddrPrefixLenMode {
+ PREFIXLEN_FULL, /* Default to prefixlen of address size, 32 for IPv4 or 128 for IPv6, if not specified. */
+ PREFIXLEN_REFUSE, /* Fail with -ENOANO if prefixlen is not specified. */
+ PREFIXLEN_LEGACY, /* Default to legacy default prefixlen calculation from address if not specified. */
+} InAddrPrefixLenMode;
+
+int in_addr_prefix_from_string_auto_internal(const char *p, InAddrPrefixLenMode mode, int *ret_family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen);
static inline int in_addr_prefix_from_string_auto(const char *p, int *ret_family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen) {
- return in_addr_prefix_from_string_auto_internal(p, false, ret_family, ret_prefix, ret_prefixlen);
-}
-static inline int in_addr_default_prefix_from_string(const char *p, int family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen) {
- return in_addr_prefix_from_string_internal(p, true, family, ret_prefix, ret_prefixlen);
-}
-static inline int in_addr_default_prefix_from_string_auto(const char *p, int *ret_family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen) {
- return in_addr_prefix_from_string_auto_internal(p, true, ret_family, ret_prefix, ret_prefixlen);
+ return in_addr_prefix_from_string_auto_internal(p, PREFIXLEN_FULL, ret_family, ret_prefix, ret_prefixlen);
}
static inline size_t FAMILY_ADDRESS_SIZE(int family) {
_ret = _path; \
else { \
_l = strlen(_root) + 1 + strlen(_path) + 1; \
- _n = alloca(_l); \
+ _n = newa(char, _l); \
_p = stpcpy(_n, _root); \
while (_p > _n && _p[-1] == '/') \
_p--; \
if (_pid_ == 0) { \
_r_ = ("/proc/self/" field); \
} else { \
- _r_ = alloca(STRLEN("/proc/") + DECIMAL_STR_MAX(pid_t) + 1 + sizeof(field)); \
- sprintf((char*) _r_, "/proc/"PID_FMT"/" field, _pid_); \
+ _r_ = newa(char, STRLEN("/proc/") + DECIMAL_STR_MAX(pid_t) + 1 + sizeof(field)); \
+ sprintf((char*) _r_, "/proc/"PID_FMT"/" field, _pid_); \
} \
_r_; \
})
#include <stddef.h>
#include <string.h>
+#include "alloc-util.h"
#include "macro.h"
/* What is interpreted as whitespace? */
size_t _i_; \
for (_i_ = 0; _i_ < ELEMENTSOF(_appendees_) && _appendees_[_i_]; _i_++) \
_len_ += strlen(_appendees_[_i_]); \
- _p_ = _d_ = alloca(_len_ + 1); \
+ _p_ = _d_ = newa(char, _len_ + 1); \
for (_i_ = 0; _i_ < ELEMENTSOF(_appendees_) && _appendees_[_i_]; _i_++) \
_p_ = stpcpy(_p_, _appendees_[_i_]); \
*_p_ = 0; \
if (r < 0)
return r;
- n = path_make_absolute(v, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
- if (!n)
- return -ENOMEM;
+ if (!isempty(v)) {
+ n = path_make_absolute(v, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+ if (!n)
+ return -ENOMEM;
- path_simplify(n, true);
+ path_simplify(n, true);
- if (!path_is_normalized(n))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "PIDFile= path '%s' is not valid", n);
+ if (!path_is_normalized(n))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "PIDFile= path '%s' is not valid", n);
- e = path_startswith(n, "/var/run/");
- if (e) {
- char *z;
+ e = path_startswith(n, "/var/run/");
+ if (e) {
+ char *z;
- z = strjoin("/run/", e);
- if (!z)
- return log_oom();
+ z = strjoin("/run/", e);
+ if (!z)
+ return log_oom();
- if (!UNIT_WRITE_FLAGS_NOOP(flags))
- log_unit_notice(u, "Transient unit's PIDFile= property references path below legacy directory /var/run, updating %s → %s; please update client accordingly.", n, z);
+ if (!UNIT_WRITE_FLAGS_NOOP(flags))
+ log_unit_notice(u, "Transient unit's PIDFile= property references path below legacy directory /var/run, updating %s → %s; please update client accordingly.", n, z);
- free_and_replace(s->pid_file, z);
- } else
+ free_and_replace(n, z);
+ }
+ }
+
+ if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
free_and_replace(s->pid_file, n);
+ unit_write_settingf(u, flags, name, "%s=%s", name, strempty(s->pid_file));
+ }
return 1;
}
if (r < 0 && r != -EEXIST)
goto fail;
if (r == -EEXIST) {
- if (chmod(p, context->directories[type].mode) < 0) {
+ struct stat st;
+
+ if (stat(p, &st) < 0) {
r = -errno;
goto fail;
}
+ if (((st.st_mode ^ context->directories[type].mode) & 07777) != 0)
+ log_warning("%s \'%s\' already exists but the mode is different. "
+ "(filesystem: %o %sMode: %o)",
+ exec_directory_type_to_string(type), *rt,
+ st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777);
if (!context->dynamic_user)
continue;
}
assert(rvalue);
assert(u);
+ if (isempty(rvalue)) {
+ /* An empty assignment removes already set value. */
+ *s = mfree(*s);
+ return 0;
+ }
+
r = unit_full_printf(u, rvalue, &k);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
return log_oom();
strncpy(c, *p, arg_key_size);
- free(*p);
- *p = c;
+ free_and_replace(*p, c);
}
*ret = TAKE_PTR(passwords);
r = read_one_line_file(key_file, &passphrase);
if (r < 0) {
log_error_errno(r, "Failed to read password file '%s': %m", key_file);
- return -EAGAIN;
+ return -EAGAIN; /* log with the actual error, but return EAGAIN */
}
params.passphrase = passphrase;
r = crypt_load(cd, CRYPT_TCRYPT, ¶ms);
if (r < 0) {
- if (key_file && r == -EPERM)
- return log_error_errno(SYNTHETIC_ERRNO(EAGAIN),
- "Failed to activate using password file '%s'.",
- key_file);
- return r;
+ if (key_file && r == -EPERM) {
+ log_error_errno(r, "Failed to activate using password file '%s'. (Key data not correct?)", key_file);
+ return -EAGAIN; /* log the actual error, but return EAGAIN */
+ }
+
+ return log_error_errno(r, "Failed to load tcrypt superblock on device %s: %m", crypt_get_device_name(cd));
}
- return crypt_activate_by_volume_key(cd, name, NULL, 0, flags);
+ r = crypt_activate_by_volume_key(cd, name, NULL, 0, flags);
+ if (r < 0)
+ return log_error_errno(r, "Failed to activate tcrypt device %s: %m", crypt_get_device_name(cd));
+
+ return 0;
}
static int attach_luks_or_plain(struct crypt_device *cd,
if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
r = crypt_load(cd, CRYPT_LUKS, NULL);
- if (r < 0) {
- log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to load LUKS superblock on device %s: %m", crypt_get_device_name(cd));
if (data_device)
r = crypt_set_data_device(cd, data_device);
cipher_mode = "cbc-essiv:sha256";
}
- /* for CRYPT_PLAIN limit reads
- * from keyfile to key length, and
- * ignore keyfile-size */
+ /* for CRYPT_PLAIN limit reads from keyfile to key length, and ignore keyfile-size */
arg_keyfile_size = arg_key_size;
- /* In contrast to what the name
- * crypt_setup() might suggest this
- * doesn't actually format anything,
- * it just configures encryption
- * parameters when used for plain
- * mode. */
+ /* In contrast to what the name crypt_setup() might suggest this doesn't actually format
+ * anything, it just configures encryption parameters when used for plain mode. */
r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, ¶ms);
/* hash == NULL implies the user passed "plain" */
pass_volume_key = (params.hash == NULL);
}
-
if (r < 0)
return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
if (key_file) {
r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
- if (r < 0) {
- log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
- return -EAGAIN;
+ if (r == -EPERM) {
+ log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file);
+ return -EAGAIN; /* Log actual error, but return EAGAIN */
}
+ if (r < 0)
+ return log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
} else {
char **p;
+ r = -EINVAL;
STRV_FOREACH(p, passwords) {
if (pass_volume_key)
r = crypt_activate_by_volume_key(cd, name, *p, arg_key_size, flags);
else
r = crypt_activate_by_passphrase(cd, name, arg_key_slot, *p, strlen(*p), flags);
-
if (r >= 0)
break;
}
+ if (r == -EPERM) {
+ log_error_errno(r, "Failed to activate with specified passphrase. (Passphrase incorrect?)");
+ return -EAGAIN; /* log actual error, but return EAGAIN */
+ }
+ if (r < 0)
+ return log_error_errno(r, "Failed to activate with specified passphrase: %m");
}
return r;
/* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
- if (argc < 4) {
- log_error("attach requires at least two arguments.");
- return -EINVAL;
- }
+ if (argc < 4)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");
if (argc >= 5 &&
argv[4][0] &&
!streq(argv[4], "none")) {
if (!path_is_absolute(argv[4]))
- log_error("Password file path '%s' is not absolute. Ignoring.", argv[4]);
+ log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]);
else
key_file = argv[4];
}
flags);
if (r >= 0)
break;
- if (r == -EAGAIN) {
- key_file = NULL;
- continue;
- }
- if (r != -EPERM)
- return log_error_errno(r, "Failed to activate: %m");
+ if (r != -EAGAIN)
+ return r;
- log_warning("Invalid passphrase.");
+ /* Passphrase not correct? Let's try again! */
+ key_file = NULL;
}
- if (arg_tries != 0 && tries >= arg_tries) {
- log_error("Too many attempts; giving up.");
- return -EPERM;
- }
+ if (arg_tries != 0 && tries >= arg_tries)
+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Too many attempts to activate; giving up.");
} else if (streq(argv[1], "detach")) {
if (r < 0)
return log_error_errno(r, "Failed to deactivate: %m");
- } else {
- log_error("Unknown verb %s.", argv[1]);
- return -EINVAL;
- }
+ } else
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", argv[1]);
return 0;
}
if (curl_easy_setopt(c, CURLOPT_FOLLOWLOCATION, 1L) != CURLE_OK)
return -EIO;
- *ret = c;
+ *ret = TAKE_PTR(c);
return 0;
}
assert(ret);
u = strdup(url);
- if (u)
+ if (!u)
return -ENOMEM;
j = new(PullJob, 1);
#include <alloca.h>
#include <stdio.h>
+#include "alloc-util.h"
#include "macro.h"
const char *audit_type_to_string(int type);
const char *_s_; \
_s_ = audit_type_to_string(type); \
if (!_s_) { \
- _s_ = alloca(STRLEN("AUDIT") + DECIMAL_STR_MAX(int)); \
+ _s_ = newa(char, STRLEN("AUDIT") + DECIMAL_STR_MAX(int)); \
sprintf((char*) _s_, "AUDIT%04i", type); \
} \
_s_; \
const char *_func = (func); \
char **_f = &(f); \
_fl = strlen(_func) + 1; \
- *_f = alloca(_fl + 10); \
+ *_f = newa(char, _fl + 10); \
memcpy(*_f, "CODE_FUNC=", 10); \
memcpy(*_f + 10, _func, _fl); \
} while (false)
identifier = strempty(identifier);
l = strlen(identifier);
- header = alloca(l + 1 + 1 + 2 + 2 + 2 + 2 + 2);
+ header = newa(char, l + 1 + 1 + 2 + 2 + 2 + 2 + 2);
memcpy(header, identifier, l);
header[l++] = '\n';
if (e <= *p || e >= *p + 16)
return 0;
- c = alloca(strlen(prefix) + (e - *p) + 2);
+ c = newa(char, strlen(prefix) + (e - *p) + 2);
t = stpcpy(c, prefix);
for (f = *p; f < e; f++) {
exit 1
}
-for initrd in "${@:${INITRD_OPTIONS_START}}"; do
+INITRD_OPTIONS=( "${@:${INITRD_OPTIONS_START}}" )
+
+for initrd in "${INITRD_OPTIONS[@]}"; do
if [[ -f "${initrd}" ]]; then
initrd_basename="$(basename ${initrd})"
cp "${initrd}" "$BOOT_DIR_ABS/${initrd_basename}" &&
fi
done
+# If no initrd option is supplied, fallback to "initrd" which is
+# the name used by dracut when generating it in its kernel-install hook
+[[ ${#INITRD_OPTIONS[@]} == 0 ]] && INITRD_OPTIONS=( initrd )
+
mkdir -p "${LOADER_ENTRY%/*}" || {
echo "Could not create loader entry directory '${LOADER_ENTRY%/*}'." >&2
exit 1
echo "machine-id $MACHINE_ID"
echo "options ${BOOT_OPTIONS[*]}"
echo "linux $BOOT_DIR/linux"
- for initrd in "${@:${INITRD_OPTIONS_START}}"; do
+ for initrd in "${INITRD_OPTIONS[@]}"; do
[[ -f $BOOT_DIR_ABS/$(basename ${initrd}) ]] && \
echo "initrd $BOOT_DIR/$(basename ${initrd})"
done
if [[ "${0##*/}" == 'installkernel' ]]; then
COMMAND='add'
+ # make install doesn't pass any parameter wrt initrd handling
+ INITRD_OPTIONS=()
else
COMMAND="$1"
shift
+ INITRD_OPTIONS=( "${@:3}" )
fi
KERNEL_VERSION="$1"
KERNEL_IMAGE="$2"
-INITRD_OPTIONS_START="3"
if [[ -f /etc/machine-id ]]; then
read MACHINE_ID < /etc/machine-id
for f in "${PLUGINS[@]}"; do
if [[ -x $f ]]; then
- "$f" add "$KERNEL_VERSION" "$BOOT_DIR_ABS" "$KERNEL_IMAGE" "${@:${INITRD_OPTIONS_START}}"
+ "$f" add "$KERNEL_VERSION" "$BOOT_DIR_ABS" "$KERNEL_IMAGE" "${INITRD_OPTIONS[@]}"
x=$?
if [[ $x == $SKIP_REMAINING ]]; then
ret=0
l = strlen(name);
sz = sizeof(sd_id128_t) + l;
- v = alloca(sz);
+ v = newa(uint8_t, sz);
/* fetch some persistent data unique to this machine */
r = sd_id128_get_machine((sd_id128_t*) v);
return 0;
/* Second, add fallback vtables registered for any of the prefixes */
- prefix = alloca(strlen(path) + 1);
+ prefix = newa(char, strlen(path) + 1);
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = object_manager_serialize_path(bus, reply, prefix, path, true, error);
if (r < 0)
if (!n) {
char *prefix;
- prefix = alloca(strlen(path) + 1);
+ prefix = newa(char, strlen(path) + 1);
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
n = hashmap_get(bus->nodes, prefix);
if (n)
if (bus->nodes_modified)
continue;
- prefix = alloca(strlen(path) + 1);
+ prefix = newa(char, strlen(path) + 1);
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names);
if (r != 0)
if (bus->nodes_modified)
return 0;
- prefix = alloca(strlen(path) + 1);
+ prefix = newa(char, strlen(path) + 1);
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = object_added_append_all_prefix(bus, m, s, prefix, path, true);
if (r < 0)
if (bus->nodes_modified)
return 0;
- prefix = alloca(strlen(path) + 1);
+ prefix = newa(char, strlen(path) + 1);
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = object_removed_append_all_prefix(bus, m, s, prefix, path, true);
if (r < 0)
if (bus->nodes_modified)
return 0;
- prefix = alloca(strlen(path) + 1);
+ prefix = newa(char, strlen(path) + 1);
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true);
if (r != 0)
return r;
n = m->n_iovec * sizeof(struct iovec);
- iov = alloca(n);
+ iov = newa(struct iovec, n);
memcpy_safe(iov, m->iovec, n);
j = 0;
* created. This takes place in mount-setup.c, so is
* guaranteed to happen very early during boot. */
- return laccess("/run/systemd/system/", F_OK) >= 0;
+ if (laccess("/run/systemd/system/", F_OK) >= 0)
+ return true;
+
+ if (errno == ENOENT)
+ return false;
+
+ return -errno;
}
_public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) {
if (r < 0)
return r;
- ORDERED_HASHMAP_FOREACH_KEY(property, value, device_src->properties_db, i) {
+ ORDERED_HASHMAP_FOREACH_KEY(value, property, device_src->properties_db, i) {
r = device_add_property_aux(device_dst, property, value, true);
if (r < 0)
return r;
}
- ORDERED_HASHMAP_FOREACH_KEY(property, value, device_src->properties, i) {
+ ORDERED_HASHMAP_FOREACH_KEY(value, property, device_src->properties, i) {
r = device_add_property_aux(device_dst, property, value, false);
if (r < 0)
return r;
assert_se(sd_event_loop(sd_device_monitor_get_event(monitor_client)) == 100);
}
+static void test_device_copy_properties(sd_device *device) {
+ _cleanup_(sd_device_unrefp) sd_device *copy = NULL;
+
+ assert_se(device_shallow_clone(device, ©) >= 0);
+ assert_se(device_copy_properties(copy, device) >= 0);
+
+ test_send_receive_one(copy, false, false, false);
+}
+
int main(int argc, char *argv[]) {
_cleanup_(sd_device_unrefp) sd_device *loopback = NULL, *sda = NULL;
int r;
test_subsystem_filter(loopback);
test_sd_device_monitor_filter_remove(loopback);
+ test_device_copy_properties(loopback);
r = sd_device_new_from_subsystem_sysname(&sda, "block", "sda");
if (r < 0) {
return 0;
}
+int sd_netlink_message_append_sockaddr_in(sd_netlink_message *m, unsigned short type, const struct sockaddr_in *data) {
+ int r;
+
+ assert_return(m, -EINVAL);
+ assert_return(!m->sealed, -EPERM);
+ assert_return(data, -EINVAL);
+
+ r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_SOCKADDR);
+ if (r < 0)
+ return r;
+
+ r = add_rtattr(m, type, data, sizeof(struct sockaddr_in));
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
+int sd_netlink_message_append_sockaddr_in6(sd_netlink_message *m, unsigned short type, const struct sockaddr_in6 *data) {
+ int r;
+
+ assert_return(m, -EINVAL);
+ assert_return(!m->sealed, -EPERM);
+ assert_return(data, -EINVAL);
+
+ r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_SOCKADDR);
+ if (r < 0)
+ return r;
+
+ r = add_rtattr(m, type, data, sizeof(struct sockaddr_in6));
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data) {
int r;
[WGPEER_A_FLAGS] = { .type = NETLINK_TYPE_U32 },
[WGPEER_A_PRESHARED_KEY] = { .size = WG_KEY_LEN },
[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] = { .type = NETLINK_TYPE_U16 },
- [WGPEER_A_ENDPOINT] = { /* either size of sockaddr_in or sockaddr_in6 depending on address family */ },
+ [WGPEER_A_ENDPOINT] = { .type = NETLINK_TYPE_SOCKADDR },
[WGPEER_A_ALLOWEDIPS] = { .type = NETLINK_TYPE_NESTED, .type_system = &genl_wireguard_allowedip_type_system },
};
NETLINK_TYPE_CACHE_INFO,
NETLINK_TYPE_NESTED, /* NLA_NESTED */
NETLINK_TYPE_UNION,
+ NETLINK_TYPE_SOCKADDR,
};
typedef enum NLMatchType {
if (r < 0)
return r;
if (r == 0) {
- log_error("Machine image '%s' does not exist.", argv[1]);
+ log_error("Machine image '%s' does not exist.", argv[i]);
return -ENXIO;
}
if (r < 0)
return r;
if (r == 0) {
- log_error("Machine image '%s' does not exist.", argv[1]);
+ log_error("Machine image '%s' does not exist.", argv[i]);
return -ENXIO;
}
l = strlen(ifname);
sz = sizeof(sd_id128_t) + l;
- v = alloca(sz);
+ v = newa(uint8_t, sz);
/* fetch some persistent data unique to the machine */
r = sd_id128_get_machine((sd_id128_t*) v);
if (r < 0)
goto cancel;
- if (!start) {
+ if (!*mask_start) {
r = sd_netlink_message_append_data(message, WGPEER_A_PRESHARED_KEY, &peer->preshared_key, WG_KEY_LEN);
if (r < 0)
goto cancel;
goto cancel;
if (peer->endpoint.sa.sa_family == AF_INET)
- r = sd_netlink_message_append_data(message, WGPEER_A_ENDPOINT, &peer->endpoint.in, sizeof(peer->endpoint.in));
+ r = sd_netlink_message_append_sockaddr_in(message, WGPEER_A_ENDPOINT, &peer->endpoint.in);
else if (peer->endpoint.sa.sa_family == AF_INET6)
- r = sd_netlink_message_append_data(message, WGPEER_A_ENDPOINT, &peer->endpoint.in6, sizeof(peer->endpoint.in6));
+ r = sd_netlink_message_append_sockaddr_in6(message, WGPEER_A_ENDPOINT, &peer->endpoint.in6);
if (r < 0)
goto cancel;
}
#include "alloc-util.h"
#include "conf-parser.h"
#include "firewall-util.h"
+#include "missing_network.h"
#include "netlink-util.h"
#include "networkd-address.h"
#include "networkd-manager.h"
return r;
/* Address=address/prefixlen */
- r = in_addr_default_prefix_from_string_auto(rvalue, &f, &buffer, &prefixlen);
+ r = in_addr_prefix_from_string_auto_internal(rvalue, PREFIXLEN_REFUSE, &f, &buffer, &prefixlen);
+ if (r == -ENOANO) {
+ log_syntax(unit, LOG_ERR, filename, line, r,
+ "An address '%s' is specified without prefix length. "
+ "The behavior of parsing addresses without prefix length will be changed in the future release. "
+ "Please specify prefix length explicitly.", rvalue);
+
+ r = in_addr_prefix_from_string_auto_internal(rvalue, PREFIXLEN_LEGACY, &f, &buffer, &prefixlen);
+ }
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid address '%s', ignoring assignment: %m", rvalue);
return 0;
#include "alloc-util.h"
#include "conf-parser.h"
+#include "missing_if_bridge.h"
#include "netlink-util.h"
#include "networkd-brvlan.h"
#include "networkd-link.h"
#include "hashmap.h"
#include "hostname-util.h"
+#include "missing_network.h"
#include "network-internal.h"
#include "networkd-link.h"
#include "networkd-manager.h"
return r;
LIST_FOREACH(addresses, ad, link->network->static_addresses) {
- r = address_configure(ad, link, address_handler, false);
+ bool update;
+
+ update = address_get(link, ad->family, &ad->in_addr, ad->prefixlen, NULL) > 0;
+
+ r = address_configure(ad, link, address_handler, update);
if (r < 0) {
log_link_warning_errno(link, r, "Could not set addresses: %m");
link_enter_failed(link);
#include "sd-ndisc.h"
+#include "missing_network.h"
#include "networkd-ndisc.h"
#include "networkd-route.h"
#include "strv.h"
if (idx > 0)
sz += sizeof(idx);
- v = alloca(sz);
+ v = newa(uint8_t, sz);
/* fetch some persistent data unique to the host */
r = sd_id128_get_machine((sd_id128_t*) v);
if (rrsig->rrsig.signature_size != key_size * 2)
return -EINVAL;
- q = alloca(key_size*2 + 1);
+ q = newa(uint8_t, key_size*2 + 1);
q[0] = 0x04; /* Prepend 0x04 to indicate an uncompressed key */
memcpy(q+1, dnskey->dnskey.key, key_size*2);
char *p;
p = STARTSWITH_SET(*entry, "default:", "d:");
- if (!p)
- p = *entry;
-
- r = strv_push(&d, p);
+ if (p)
+ r = strv_push(&d, p);
+ else
+ r = strv_push(&a, *entry);
if (r < 0)
return r;
}
execvp(pager_args[0], pager_args);
log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
- "Failed execute %s, using fallback pagers: %m", pager_args[0]);
+ "Failed to execute '%s', using fallback pagers: %m", pager_args[0]);
}
/* Debian's alternatives command for pagers is
}
execlp(exe, exe, NULL);
log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
- "Failed execute %s, using next fallback pager: %m", exe);
+ "Failed to execute '%s', using next fallback pager: %m", exe);
}
r = loop_write(exe_name_pipe[1], "(built-in)", strlen("(built-in") + 1, false);
int sd_netlink_message_append_data(sd_netlink_message *m, unsigned short type, const void *data, size_t len);
int sd_netlink_message_append_in_addr(sd_netlink_message *m, unsigned short type, const struct in_addr *data);
int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short type, const struct in6_addr *data);
+int sd_netlink_message_append_sockaddr_in(sd_netlink_message *m, unsigned short type, const struct sockaddr_in *data);
+int sd_netlink_message_append_sockaddr_in6(sd_netlink_message *m, unsigned short type, const struct sockaddr_in6 *data);
int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data);
int sd_netlink_message_append_cache_info(sd_netlink_message *m, unsigned short type, const struct ifa_cacheinfo *info);
#include "barrier.h"
#include "util.h"
#include "tests.h"
+#include "virt.h"
/* 20ms to test deadlocks; All timings use multiples of this constant as
* alarm/sleep timers. If this timeout is too small for slow machines to perform
TEST_BARRIER_WAIT_SUCCESS(pid2));
int main(int argc, char *argv[]) {
+ int v;
test_setup_logging(LOG_INFO);
if (!slow_tests_enabled())
return log_tests_skipped("slow tests are disabled");
+ /*
+ * This test uses real-time alarms and sleeps to test for CPU races
+ * explicitly. This is highly fragile if your system is under load. We
+ * already increased the BASE_TIME value to make the tests more robust,
+ * but that just makes the test take significantly longer. Given the recent
+ * issues when running the test in a virtualized environments, limit it
+ * to bare metal machines only, to minimize false-positives in CIs.
+ */
+ v = detect_virtualization();
+ if (IN_SET(v, -EPERM, -EACCES))
+ return log_tests_skipped("Cannot detect virtualization");
+
+ if (v != VIRTUALIZATION_NONE)
+ return log_tests_skipped("This test requires a baremetal machine");
+
test_barrier_sync();
test_barrier_wait_next();
test_barrier_wait_next_twice();
(void) unsetenv("USER");
(void) unsetenv("LOGNAME");
(void) unsetenv("SHELL");
+ (void) unsetenv("HOME");
can_unshare = have_namespaces();
#include <netinet/in.h>
+#include "log.h"
#include "in-addr-util.h"
-static void test_in_addr_prefix_from_string(const char *p, int family, int ret, const union in_addr_union *u, unsigned char prefixlen, bool use_default) {
+static void test_in_addr_prefix_from_string(
+ const char *p,
+ int family,
+ int ret,
+ const union in_addr_union *u,
+ unsigned char prefixlen,
+ int ret_refuse,
+ unsigned char prefixlen_refuse,
+ int ret_legacy,
+ unsigned char prefixlen_legacy) {
+
union in_addr_union q;
unsigned char l;
- int r;
+ int f, r;
- r = in_addr_prefix_from_string_internal(p, use_default, family, &q, &l);
+ r = in_addr_prefix_from_string(p, family, &q, &l);
assert_se(r == ret);
- if (r >= 0) {
- int f;
+ if (r < 0)
+ return;
+
+ assert_se(in_addr_equal(family, &q, u));
+ assert_se(l == prefixlen);
+
+ r = in_addr_prefix_from_string_auto(p, &f, &q, &l);
+ assert_se(r >= 0);
+
+ assert_se(f == family);
+ assert_se(in_addr_equal(family, &q, u));
+ assert_se(l == prefixlen);
+
+ r = in_addr_prefix_from_string_auto_internal(p, PREFIXLEN_REFUSE, &f, &q, &l);
+ assert_se(r == ret_refuse);
+ if (r >= 0) {
+ assert_se(f == family);
assert_se(in_addr_equal(family, &q, u));
- assert_se(l == prefixlen);
+ assert_se(l == prefixlen_refuse);
+ }
- r = in_addr_prefix_from_string_auto_internal(p, use_default, &f, &q, &l);
- assert_se(r >= 0);
+ r = in_addr_prefix_from_string_auto_internal(p, PREFIXLEN_LEGACY, &f, &q, &l);
+ assert_se(r == ret_legacy);
+ if (r >= 0) {
assert_se(f == family);
assert_se(in_addr_equal(family, &q, u));
- assert_se(l == prefixlen);
+ assert_se(l == prefixlen_legacy);
}
}
int main(int argc, char *argv[]) {
- test_in_addr_prefix_from_string("", AF_INET, -EINVAL, NULL, 0, false);
- test_in_addr_prefix_from_string("/", AF_INET, -EINVAL, NULL, 0, false);
- test_in_addr_prefix_from_string("/8", AF_INET, -EINVAL, NULL, 0, false);
- test_in_addr_prefix_from_string("1.2.3.4", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 32, false);
- test_in_addr_prefix_from_string("1.2.3.4/0", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 0, false);
- test_in_addr_prefix_from_string("1.2.3.4/1", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 1, false);
- test_in_addr_prefix_from_string("1.2.3.4/2", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 2, false);
- test_in_addr_prefix_from_string("1.2.3.4/32", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 32, false);
- test_in_addr_prefix_from_string("1.2.3.4/33", AF_INET, -ERANGE, NULL, 0, false);
- test_in_addr_prefix_from_string("1.2.3.4/-1", AF_INET, -ERANGE, NULL, 0, false);
- test_in_addr_prefix_from_string("::1", AF_INET, -EINVAL, NULL, 0, false);
-
- test_in_addr_prefix_from_string("", AF_INET6, -EINVAL, NULL, 0, false);
- test_in_addr_prefix_from_string("/", AF_INET6, -EINVAL, NULL, 0, false);
- test_in_addr_prefix_from_string("/8", AF_INET6, -EINVAL, NULL, 0, false);
- test_in_addr_prefix_from_string("::1", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 128, false);
- test_in_addr_prefix_from_string("::1/0", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 0, false);
- test_in_addr_prefix_from_string("::1/1", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 1, false);
- test_in_addr_prefix_from_string("::1/2", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 2, false);
- test_in_addr_prefix_from_string("::1/32", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 32, false);
- test_in_addr_prefix_from_string("::1/33", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 33, false);
- test_in_addr_prefix_from_string("::1/64", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 64, false);
- test_in_addr_prefix_from_string("::1/128", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 128, false);
- test_in_addr_prefix_from_string("::1/129", AF_INET6, -ERANGE, NULL, 0, false);
- test_in_addr_prefix_from_string("::1/-1", AF_INET6, -ERANGE, NULL, 0, false);
-
- test_in_addr_prefix_from_string("", AF_INET, -EINVAL, NULL, 0, true);
- test_in_addr_prefix_from_string("/", AF_INET, -EINVAL, NULL, 0, true);
- test_in_addr_prefix_from_string("/8", AF_INET, -EINVAL, NULL, 0, true);
- test_in_addr_prefix_from_string("1.2.3.4", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 8, true);
- test_in_addr_prefix_from_string("1.2.3.4/0", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 0, true);
- test_in_addr_prefix_from_string("1.2.3.4/1", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 1, true);
- test_in_addr_prefix_from_string("1.2.3.4/2", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 2, true);
- test_in_addr_prefix_from_string("1.2.3.4/32", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 32, true);
- test_in_addr_prefix_from_string("1.2.3.4/33", AF_INET, -ERANGE, NULL, 0, true);
- test_in_addr_prefix_from_string("1.2.3.4/-1", AF_INET, -ERANGE, NULL, 0, true);
- test_in_addr_prefix_from_string("::1", AF_INET, -EINVAL, NULL, 0, true);
-
- test_in_addr_prefix_from_string("", AF_INET6, -EINVAL, NULL, 0, true);
- test_in_addr_prefix_from_string("/", AF_INET6, -EINVAL, NULL, 0, true);
- test_in_addr_prefix_from_string("/8", AF_INET6, -EINVAL, NULL, 0, true);
- test_in_addr_prefix_from_string("::1", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 0, true);
- test_in_addr_prefix_from_string("::1/0", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 0, true);
- test_in_addr_prefix_from_string("::1/1", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 1, true);
- test_in_addr_prefix_from_string("::1/2", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 2, true);
- test_in_addr_prefix_from_string("::1/32", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 32, true);
- test_in_addr_prefix_from_string("::1/33", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 33, true);
- test_in_addr_prefix_from_string("::1/64", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 64, true);
- test_in_addr_prefix_from_string("::1/128", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 128, true);
- test_in_addr_prefix_from_string("::1/129", AF_INET6, -ERANGE, NULL, 0, true);
- test_in_addr_prefix_from_string("::1/-1", AF_INET6, -ERANGE, NULL, 0, true);
+ test_in_addr_prefix_from_string("", AF_INET, -EINVAL, NULL, 0, -EINVAL, 0, -EINVAL, 0);
+ test_in_addr_prefix_from_string("/", AF_INET, -EINVAL, NULL, 0, -EINVAL, 0, -EINVAL, 0);
+ test_in_addr_prefix_from_string("/8", AF_INET, -EINVAL, NULL, 0, -EINVAL, 0, -EINVAL, 0);
+ test_in_addr_prefix_from_string("1.2.3.4", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 32, -ENOANO, 0, 0, 8);
+ test_in_addr_prefix_from_string("1.2.3.4/0", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 0, 0, 0, 0, 0);
+ test_in_addr_prefix_from_string("1.2.3.4/1", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 1, 0, 1, 0, 1);
+ test_in_addr_prefix_from_string("1.2.3.4/2", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 2, 0, 2, 0, 2);
+ test_in_addr_prefix_from_string("1.2.3.4/32", AF_INET, 0, &(union in_addr_union) { .in = (struct in_addr) { .s_addr = htobe32(0x01020304) } }, 32, 0, 32, 0, 32);
+ test_in_addr_prefix_from_string("1.2.3.4/33", AF_INET, -ERANGE, NULL, 0, -ERANGE, 0, -ERANGE, 0);
+ test_in_addr_prefix_from_string("1.2.3.4/-1", AF_INET, -ERANGE, NULL, 0, -ERANGE, 0, -ERANGE, 0);
+ test_in_addr_prefix_from_string("::1", AF_INET, -EINVAL, NULL, 0, -EINVAL, 0, -EINVAL, 0);
+
+ test_in_addr_prefix_from_string("", AF_INET6, -EINVAL, NULL, 0, -EINVAL, 0, -EINVAL, 0);
+ test_in_addr_prefix_from_string("/", AF_INET6, -EINVAL, NULL, 0, -EINVAL, 0, -EINVAL, 0);
+ test_in_addr_prefix_from_string("/8", AF_INET6, -EINVAL, NULL, 0, -EINVAL, 0, -EINVAL, 0);
+ test_in_addr_prefix_from_string("::1", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 128, -ENOANO, 0, 0, 0);
+ test_in_addr_prefix_from_string("::1/0", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 0, 0, 0, 0, 0);
+ test_in_addr_prefix_from_string("::1/1", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 1, 0, 1, 0, 1);
+ test_in_addr_prefix_from_string("::1/2", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 2, 0, 2, 0, 2);
+ test_in_addr_prefix_from_string("::1/32", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 32, 0, 32, 0, 32);
+ test_in_addr_prefix_from_string("::1/33", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 33, 0, 33, 0, 33);
+ test_in_addr_prefix_from_string("::1/64", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 64, 0, 64, 0, 64);
+ test_in_addr_prefix_from_string("::1/128", AF_INET6, 0, &(union in_addr_union) { .in6 = IN6ADDR_LOOPBACK_INIT }, 128, 0, 128, 0, 128);
+ test_in_addr_prefix_from_string("::1/129", AF_INET6, -ERANGE, NULL, 0, -ERANGE, 0, -ERANGE, 0);
+ test_in_addr_prefix_from_string("::1/-1", AF_INET6, -ERANGE, NULL, 0, -ERANGE, 0, -ERANGE, 0);
return 0;
}
return 0;
path = a->items[0].path;
- prefix = alloca(strlen(path) + 1);
+ prefix = newa(char, strlen(path) + 1);
PATH_FOREACH_PREFIX(prefix, path) {
ItemArray *j;
static void print_all_attributes(sd_device *device, const char *key) {
const char *name, *value;
- FOREACH_DEVICE_PROPERTY(device, name, value) {
+ FOREACH_DEVICE_SYSATTR(device, name) {
size_t len;
if (skip_attribute(name))
continue;
+ if (sd_device_get_sysattr_value(device, name, &value) < 0)
+ continue;
+
/* skip any values that look like a path */
if (value[0] == '/')
continue;
Description=Test for PrivateNetwork
[Service]
-ExecStart=/bin/sh -x -c '! ip link | grep ": " | grep -Ev ": (lo|(sit0|ip6tnl0|ip6gre0)@.*):"'
+ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
Type=oneshot
PrivateNetwork=yes
default_fedora_initrd=/boot/initramfs-${KERNEL_VER}.img
default_debian_initrd=/boot/initrd.img-${KERNEL_VER}
- default_arch_initrd=/boot/initramfs-linux.img
+ default_arch_initrd=/boot/initramfs-linux-fallback.img
default_suse_initrd=/boot/initrd-${KERNEL_VER}
if [[ ! "$INITRD" ]]; then
if [[ -e "$default_fedora_initrd" ]]; then
set -x
DEFAULT_ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1
-DEFAULT_UBSAN_OPTIONS=print_stacktrace=1:print_summary=1
-DEFAULT_ENVIRONMENT="ASAN_OPTIONS=\$DEFAULT_ASAN_OPTIONS UBSAN_OPTIONS=\$DEFAULT_UBSAN_OPTIONS:halt_on_error=1"
+DEFAULT_UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
+DEFAULT_ENVIRONMENT="ASAN_OPTIONS=\$DEFAULT_ASAN_OPTIONS UBSAN_OPTIONS=\$DEFAULT_UBSAN_OPTIONS"
mount -t proc proc /proc
mount -t sysfs sysfs /sys
ret=$(($ret+1))
fi
- journald_report=$(find "$root" -name "systemd-journald.asan.log*" -exec cat {} \;)
- if [[ ! -z "$journald_report" ]]; then
+ journald_report=$(find "$root" -name "systemd-journald.asan.log*" -exec cat {} \;)
+ if [[ ! -z "$journald_report" ]]; then
printf "%s" "$journald_report"
ret=$(($ret+1))
- fi
+ fi
- pids=$("$BUILD_DIR/journalctl" -D "$root/var/log/journal" | perl -alne 'print $1 if /\[(\d+)\]:\s*SUMMARY:\s+\w+Sanitizer/')
- if [[ ! -z "$pids" ]]; then
+ pids=$(
+ "$BUILD_DIR/journalctl" -D "$root/var/log/journal" | perl -alne '
+ BEGIN {
+ %services_to_ignore = (
+ "dbus-daemon" => undef,
+ );
+ }
+ print $2 if /\s(\S*)\[(\d+)\]:\s*SUMMARY:\s+\w+Sanitizer/ && !exists $services_to_ignore{$1}'
+ )
+ if [[ ! -z "$pids" ]]; then
ret=$(($ret+1))
for pid in $pids; do
"$BUILD_DIR/journalctl" -D "$root/var/log/journal" _PID=$pid --no-pager
done
- fi
+ fi
fi
return $ret
else
dwarn "can't run systemd-nspawn, skipping"
fi
- fi
+ fi
fi
return 0
}
Name=dummy98
[Network]
-Address=192.168.42.100
+Address=192.168.42.100/24
DNS=192.168.42.1
Domains= one two three four five six seven eight nine ten
[WireGuardPeer]
PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
-Endpoint=wireguard.example.com:51820
+#Endpoint=wireguard.example.com:51820
+Endpoint=192.168.27.3:51820
PresharedKey=IIWIV17wutHv7t4cR6pOT91z6NSz/T8Arh0yaywhw3M=
PersistentKeepalive=20
Name=veth-peer
[Network]
-Address=2600::1
+Address=2600::1/0
Address=192.168.5.1/24
Name=veth-peer
[Network]
-Address=192.168.0.1
-Address=192.168.5.1
+Address=192.168.0.1/24
+Address=192.168.5.1/24
return f
+def expectedFailureIfERSPANModuleIsNotAvailable():
+ def f(func):
+ rc = subprocess.call(['ip', 'link', 'add', 'dev', 'erspan99', 'type', 'erspan', 'seq', 'key', '30', 'local', '192.168.1.4', 'remote', '192.168.1.1', 'erspan_ver', '1', 'erspan', '123'])
+ if rc == 0:
+ subprocess.call(['ip', 'link', 'del', 'erspan99'])
+ return func
+ else:
+ return unittest.expectedFailure(func)
+
+ return f
+
+def expectedFailureIfRoutingPolicyPortRangeIsNotAvailable():
+ def f(func):
+ rc = subprocess.call(['ip', 'rule', 'add', 'from', '192.168.100.19', 'sport', '1123-1150', 'dport', '3224-3290', 'table', '7'])
+ if rc == 0:
+ subprocess.call(['ip', 'rule', 'del', 'from', '192.168.100.19', 'sport', '1123-1150', 'dport', '3224-3290', 'table', '7'])
+ return func
+ else:
+ return unittest.expectedFailure(func)
+
+ return f
+
+def expectedFailureIfRoutingPolicyIPProtoIsNotAvailable():
+ def f(func):
+ rc = subprocess.call(['ip', 'rule', 'add', 'not', 'from', '192.168.100.19', 'ipproto', 'tcp', 'table', '7'])
+ if rc == 0:
+ subprocess.call(['ip', 'rule', 'del', 'not', 'from', '192.168.100.19', 'ipproto', 'tcp', 'table', '7'])
+ return func
+ else:
+ return unittest.expectedFailure(func)
+
+ return f
+
def setUpModule():
os.makedirs(network_unit_file_path, exist_ok=True)
if shutil.which('wg'):
subprocess.call('wg')
+ output = subprocess.check_output(['wg', 'show', 'wg99', 'listen-port']).rstrip().decode('utf-8')
+ self.assertTrue(output, '51820')
+ output = subprocess.check_output(['wg', 'show', 'wg99', 'fwmark']).rstrip().decode('utf-8')
+ self.assertTrue(output, '0x4d2')
+ output = subprocess.check_output(['wg', 'show', 'wg99', 'allowed-ips']).rstrip().decode('utf-8')
+ self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t192.168.26.0/24 fd31:bf08:57cb::/48')
+ output = subprocess.check_output(['wg', 'show', 'wg99', 'persistent-keepalive']).rstrip().decode('utf-8')
+ self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t20')
+ output = subprocess.check_output(['wg', 'show', 'wg99', 'endpoints']).rstrip().decode('utf-8')
+ self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t192.168.27.3:51820')
self.assertTrue(self.link_exits('wg99'))
self.assertTrue(self.link_exits('dummy98'))
self.assertTrue(self.link_exits('sittun99'))
+ @expectedFailureIfERSPANModuleIsNotAvailable()
def test_erspan_tunnel(self):
self.copy_unit_to_networkd_unit_path('25-erspan-tunnel.netdev')
self.start_networkd()
subprocess.call(['ip', 'rule', 'del', 'table', '7'])
+ @expectedFailureIfRoutingPolicyPortRangeIsNotAvailable()
def test_routing_policy_rule_port_range(self):
self.copy_unit_to_networkd_unit_path('25-fibrule-port-range.network', '11-dummy.netdev')
self.start_networkd()
subprocess.call(['ip', 'rule', 'del', 'table', '7'])
+ @expectedFailureIfRoutingPolicyIPProtoIsNotAvailable()
def test_routing_policy_rule_invert(self):
self.copy_unit_to_networkd_unit_path('25-fibrule-invert.network', '11-dummy.netdev')
self.start_networkd()
self.assertRegex(output, 'NTP: 192.168.5.1')
def test_domain(self):
- self.copy_unit_to_networkd_unit_path( '12-dummy.netdev', '24-search-domain.network')
+ self.copy_unit_to_networkd_unit_path('12-dummy.netdev', '24-search-domain.network')
self.start_networkd()
self.assertTrue(self.link_exits('dummy98'))
'dhcp-client-listen-port.network',
'dhcp-client-route-metric.network',
'dhcp-client-route-table.network',
+ 'dhcp-client.network',
'dhcp-server-veth-peer.network',
- 'dhcp-v4-server-veth-peer.network']
+ 'dhcp-v4-server-veth-peer.network',
+ 'static.network']
def setUp(self):
self.link_remove(self.links)
self.remove_log_file()
def test_dhcp_client_ipv6_only(self):
- self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network','dhcp-client-ipv6-only.network')
+ self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv6-only.network')
self.start_networkd()
self.assertTrue(self.link_exits('veth99'))
self.assertNotRegex(output, '192.168.5')
def test_dhcp_client_ipv4_only(self):
- self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network','dhcp-client-ipv4-only-ipv6-disabled.network')
+ self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv4-only-ipv6-disabled.network')
self.start_networkd()
self.assertTrue(self.link_exits('veth99'))
print(output)
self.assertRegex(output, '192.168.5.*')
+ def test_dhcp_client_reuse_address_as_static(self):
+ self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client.network')
+ self.start_networkd()
+
+ self.assertTrue(self.link_exits('veth99'))
+
+ self.start_dnsmasq()
+
+ output = subprocess.check_output(['ip', 'address', 'show', 'dev', 'veth99', 'scope', 'global']).rstrip().decode('utf-8')
+ print(output)
+ self.assertRegex(output, '192.168.5')
+ self.assertRegex(output, '2600::')
+
+ ipv4_address = re.search('192\.168\.5\.[0-9]*/24', output)
+ ipv6_address = re.search('2600::[0-9a-f:]*/128', output)
+ static_network = '\n'.join(['[Match]', 'Name=veth99', '[Network]', 'IPv6AcceptRA=no', 'Address=' + ipv4_address.group(), 'Address=' + ipv6_address.group()])
+ print(static_network)
+
+ self.remove_unit_from_networkd_path(['dhcp-client.network'])
+
+ with open(os.path.join(network_unit_file_path, 'static.network'), mode='w') as f:
+ f.write(static_network)
+
+ self.start_networkd()
+
+ self.assertTrue(self.link_exits('veth99'))
+
+ output = subprocess.check_output(['ip', '-4', 'address', 'show', 'dev', 'veth99', 'scope', 'global']).rstrip().decode('utf-8')
+ print(output)
+ self.assertRegex(output, '192.168.5')
+ self.assertRegex(output, 'valid_lft forever preferred_lft forever')
+
+ output = subprocess.check_output(['ip', '-6', 'address', 'show', 'dev', 'veth99', 'scope', 'global']).rstrip().decode('utf-8')
+ print(output)
+ self.assertRegex(output, '2600::')
+ self.assertRegex(output, 'valid_lft forever preferred_lft forever')
+
if __name__ == '__main__':
unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
verbosity=3))
set -e
set -x
-add-apt-repository ppa:pitti/systemd-semaphore -y
apt-get update
apt-get build-dep systemd -y
apt-get install -y util-linux libmount-dev libblkid-dev liblzma-dev libqrencode-dev libmicrohttpd-dev iptables-dev liblz4-dev libcurl4-gnutls-dev unifont itstool kbd cryptsetup-bin net-tools isc-dhcp-client iputils-ping strace qemu-system-x86 linux-image-virtual mount libgpg-error-dev libxkbcommon-dev python-lxml python3-lxml python3-pip libcap-dev
Before=initrd-switch-root.service
AllowIsolate=yes
Wants=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target systemd-journald.service initrd-cleanup.service
-After=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target emergency.service emergency.target
+After=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target emergency.service emergency.target initrd-cleanup.service