after_script:
- $CI_MANAGERS/fedora.sh CLEANUP
+ - name: Fedora Latest (clang ASan+UBSan)
+ language: bash
+ env:
+ - FEDORA_RELEASE="latest"
+ - CONT_NAME="systemd-fedora-$FEDORA_RELEASE"
+ - DOCKER_EXEC="docker exec -ti $CONT_NAME"
+ before_install:
+ - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
+ - docker --version
+ install:
+ - $CI_MANAGERS/fedora.sh SETUP
+ script:
+ - set -e
+ - $CI_MANAGERS/fedora.sh RUN_CLANG_ASAN
+ - set +e
+ after_script:
+ - $CI_MANAGERS/fedora.sh CLEANUP
+
- stage: Coverity
language: bash
env:
<a href="https://in.waw.pl/systemd-github-state/systemd-systemd-issues.svg"><img align="right" src="https://in.waw.pl/systemd-github-state/systemd-systemd-issues-small.svg" alt="Count of open issues over time"></a>
<a href="https://in.waw.pl/systemd-github-state/systemd-systemd-pull-requests.svg"><img align="right" src="https://in.waw.pl/systemd-github-state/systemd-systemd-pull-requests-small.svg" alt="Count of open pull requests over time"></a>
-[![Build Status](https://semaphoreci.com/api/v1/projects/28a5a3ca-3c56-4078-8b5e-7ed6ef912e14/443470/shields_badge.svg)](https://semaphoreci.com/systemd/systemd)<br/>
+[![Semaphore CI Build Status](https://semaphoreci.com/api/v1/projects/28a5a3ca-3c56-4078-8b5e-7ed6ef912e14/443470/shields_badge.svg)](https://semaphoreci.com/systemd/systemd)<br/>
[![Coverity Scan Status](https://scan.coverity.com/projects/350/badge.svg)](https://scan.coverity.com/projects/350)<br/>
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1369/badge)](https://bestpractices.coreinfrastructure.org/projects/1369)<br/>
-[![Build Status](https://travis-ci.org/systemd/systemd.svg?branch=master)](https://travis-ci.org/systemd/systemd)<br/>
-[![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/systemd/systemd.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/systemd/systemd/context:cpp)
+[![Travis CI Build Status](https://travis-ci.org/systemd/systemd.svg?branch=master)](https://travis-ci.org/systemd/systemd)<br/>
+[![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/systemd/systemd.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/systemd/systemd/context:cpp)<br/>
+[![CentOS CI Build Status](https://ci.centos.org/buildStatus/icon?job=systemd-pr-build)](https://ci.centos.org/job/systemd-pr-build/)
## Details
Features:
+* when importing an fs tree with machined, optionally apply userns-rec-chown
+
+* when importing an fs tree with machined, complain if image is not an OS
+
* when we fork off generators and such, lower LIMIT_NOFILE soft limit to 1K
+* Maybe introduce a helper safe_exec() or so, which is to execve() which
+ safe_fork() is to fork(). And then make revert the RLIMIT_NOFILE soft limit
+ to 1K implicitly, unless explicitly opted-out.
+
* rework seccomp/nnp logic that that even if User= is used in combination with
a seccomp option we don't have to set NNP. For that, change uid first whil
keeping CAP_SYS_ADMIN, then apply seccomp, the drop cap.
<citerefentry project='die-net'><refentrytitle>automake</refentrytitle><manvolnum>1</manvolnum></citerefentry>-based
projects:</para>
- <programlisting>DISTCHECK_CONFIGURE_FLAGS = \
+ <programlisting>AM_DISTCHECK_CONFIGURE_FLAGS = \
--with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)</programlisting>
<para>Finally, unit files should be installed in the system with an automake excerpt like the following:</para>
applicable to SIT tunnels.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>ISATAP=</varname></term>
+ <listitem>
+ <para>Takes a boolean. If set, configures the tunnel as Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel.
+ Only applicable to SIT tunnels. When unset, the kernel's default will be used.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><varname>SerializeTunneledPackets=</varname></term>
<listitem>
Defaults to unset.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>InvertRule=</varname></term>
+ <listitem>
+ <para>A boolean. Specifies wheather the rule to be inverted. Defaults to false.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>MulticastToUnicast=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Multicast to unicast works on top of the multicast snooping feature of
+ the bridge. Which means unicast copies are only delivered to hosts which are interested in it.
+ When unset, the kernel's default will be used.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><varname>HairPin=</varname></term>
<listitem>
cgroup controller name (eg. <option>cpu</option>), verifying that it is
available for use on the system. For example, a particular controller
may not be available if it was disabled on the kernel command line with
- <literal>cgroup_disable=</literal><replaceable>controller</replaceable>.
- Multiple controllers may be passed with a space separating them; in
- this case the condition will only pass if all listed controllers are
- available for use. Controllers unknown to systemd are ignored. Valid
- controllers are <option>cpu</option>, <option>cpuacct</option>,
- <option>io</option>, <option>blkio</option>, <option>memory</option>,
+ <varname>cgroup_disable=controller</varname>. Multiple controllers may
+ be passed with a space separating them; in this case the condition will
+ only pass if all listed controllers are available for use. Controllers
+ unknown to systemd are ignored. Valid controllers are
+ <option>cpu</option>, <option>cpuacct</option>, <option>io</option>,
+ <option>blkio</option>, <option>memory</option>,
<option>devices</option>, and <option>pids</option>.</para>
<para>If multiple conditions are specified, the unit will be
['ETHTOOL_LINK_MODE_1000baseX_Full_BIT', 'linux/ethtool.h'],
['ETHTOOL_LINK_MODE_2500baseT_Full_BIT', 'linux/ethtool.h'],
['ETHTOOL_LINK_MODE_FEC_NONE_BIT', 'linux/ethtool.h'],
+ ['FRA_TUN_ID', 'linux/fib_rules.h'],
+ ['FRA_SUPPRESS_PREFIXLEN', 'linux/fib_rules.h'],
['FRA_PAD', 'linux/fib_rules.h'],
['FRA_L3MDEV', 'linux/fib_rules.h'],
['FRA_UID_RANGE', 'linux/fib_rules.h'],
error('POSIX caps headers not found')
endif
foreach header : ['crypt.h',
- 'linux/btrfs.h',
+ 'linux/btrfs_tree.h',
'linux/fou.h',
'linux/memfd.h',
'linux/vm_sockets.h',
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: https://github.com/systemd/systemd/issues\n"
-"POT-Creation-Date: 2016-04-23 14:24+0200\n"
-"PO-Revision-Date: 2017-10-10 19:54+0200\n"
+"POT-Creation-Date: 2018-11-26 03:25+0000\n"
+"PO-Revision-Date: 2018-12-03 15:52+0100\n"
"Last-Translator: Daniel Rusek <mail@asciiwolf.com>\n"
+"Language-Team: Czech\n"
"Language: cs\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? "
-"1 : 2);\n"
-"Language-Team: \n"
-"X-Generator: Poedit 2.0.3\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
+"|| n%100>=20) ? 1 : 2);\n"
+"X-Generator: Poedit 2.2\n"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:1
+#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
msgstr "Odeslat heslo zpět do systému"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:2
-msgid "Authentication is required to send the entered passphrase back to the system."
+#: src/core/org.freedesktop.systemd1.policy.in:23
+msgid ""
+"Authentication is required to send the entered passphrase back to the system."
msgstr "Pro odeslání zadaného hesla do systému je vyžadováno ověření."
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:3
+#: src/core/org.freedesktop.systemd1.policy.in:33
msgid "Manage system services or other units"
msgstr "Spravovat systémové služby nebo další jednotky"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:4
+#: src/core/org.freedesktop.systemd1.policy.in:34
msgid "Authentication is required to manage system services or other units."
-msgstr "Pro správu systémových služeb nebo dalších jednotek je vyžadováno ověření."
+msgstr ""
+"Pro správu systémových služeb nebo dalších jednotek je vyžadováno ověření."
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:5
+#: src/core/org.freedesktop.systemd1.policy.in:43
msgid "Manage system service or unit files"
msgstr "Spravovat systémové služby nebo soubory jednotek"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:6
+#: src/core/org.freedesktop.systemd1.policy.in:44
msgid "Authentication is required to manage system service or unit files."
-msgstr "Pro správu systémových služeb nebo souborů jednotek je vyžadováno ověření."
+msgstr ""
+"Pro správu systémových služeb nebo souborů jednotek je vyžadováno ověření."
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:7
+#: src/core/org.freedesktop.systemd1.policy.in:54
msgid "Set or unset system and service manager environment variables"
msgstr "Nastavit nebo rušit proměnné správce systému a služeb"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:8
+#: src/core/org.freedesktop.systemd1.policy.in:55
msgid ""
-"Authentication is required to set or unset system and service manager environment variables."
-msgstr "Pro nastavení nebo rušení proměnných správce systému a služeb je vyžadováno ověření."
+"Authentication is required to set or unset system and service manager "
+"environment variables."
+msgstr ""
+"Pro nastavení nebo rušení proměnných správce systému a služeb je vyžadováno "
+"ověření."
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:9
+#: src/core/org.freedesktop.systemd1.policy.in:64
msgid "Reload the systemd state"
msgstr "Znovu načíst stav systemd"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:10
+#: src/core/org.freedesktop.systemd1.policy.in:65
msgid "Authentication is required to reload the systemd state."
msgstr "Pro znovu načtení stavu systemd je vyžadováno ověření."
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
+#: src/hostname/org.freedesktop.hostname1.policy:20
msgid "Set host name"
msgstr "Nastavit název stroje"
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
+#: src/hostname/org.freedesktop.hostname1.policy:21
msgid "Authentication is required to set the local host name."
msgstr "Pro nastavení lokálního názvu stroje je vyžadováno ověření."
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
+#: src/hostname/org.freedesktop.hostname1.policy:30
msgid "Set static host name"
msgstr "Nastavit statický název stroje"
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
+#: src/hostname/org.freedesktop.hostname1.policy:31
msgid ""
-"Authentication is required to set the statically configured local host name, as well as the "
-"pretty host name."
+"Authentication is required to set the statically configured local host name, "
+"as well as the pretty host name."
msgstr ""
-"Pro nastavení staticky konfigurovaného názvu lokálního stroje, stejně tak pro změnu "
-"uživatelsky přívětivého jména je vyžadováno ověření."
+"Pro nastavení staticky konfigurovaného názvu lokálního stroje, stejně tak "
+"pro změnu uživatelsky přívětivého jména je vyžadováno ověření."
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5
+#: src/hostname/org.freedesktop.hostname1.policy:41
msgid "Set machine information"
msgstr "Nastavit informace o stroji"
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:6
+#: src/hostname/org.freedesktop.hostname1.policy:42
msgid "Authentication is required to set local machine information."
msgstr "Pro nastavení informací o stroji je vyžadováno ověření."
-#: ../src/import/org.freedesktop.import1.policy.in.h:1
+#: src/hostname/org.freedesktop.hostname1.policy:51
+msgid "Get product UUID"
+msgstr "Získat UUID produktu"
+
+#: src/hostname/org.freedesktop.hostname1.policy:52
+msgid "Authentication is required to get product UUID."
+msgstr "Pro získání UUID produktu je vyžadováno ověření."
+
+#: src/import/org.freedesktop.import1.policy:22
msgid "Import a VM or container image"
msgstr "Importovat obraz virtuální stroje nebo kontejneru"
-#: ../src/import/org.freedesktop.import1.policy.in.h:2
+#: src/import/org.freedesktop.import1.policy:23
msgid "Authentication is required to import a VM or container image"
-msgstr "Pro import obrazu virtuálního stroje nebo kontejneru je vyžadováno ověření"
+msgstr ""
+"Pro import obrazu virtuálního stroje nebo kontejneru je vyžadováno ověření"
-#: ../src/import/org.freedesktop.import1.policy.in.h:3
+#: src/import/org.freedesktop.import1.policy:32
msgid "Export a VM or container image"
msgstr "Exportovat obraz virtuálního stroje nebo kontejneru"
-#: ../src/import/org.freedesktop.import1.policy.in.h:4
+#: src/import/org.freedesktop.import1.policy:33
msgid "Authentication is required to export a VM or container image"
-msgstr "Pro export obrazu virtuálního stroje nebo kontejneru je vyžadováno ověření"
+msgstr ""
+"Pro export obrazu virtuálního stroje nebo kontejneru je vyžadováno ověření"
-#: ../src/import/org.freedesktop.import1.policy.in.h:5
+#: src/import/org.freedesktop.import1.policy:42
msgid "Download a VM or container image"
msgstr "Stáhnout obraz virtuálního stroje nebo kontejneru"
-#: ../src/import/org.freedesktop.import1.policy.in.h:6
+#: src/import/org.freedesktop.import1.policy:43
msgid "Authentication is required to download a VM or container image"
-msgstr "Pro stažení obrazu virtuálního stroje nebo kontejneru je vyžadováno ověření"
+msgstr ""
+"Pro stažení obrazu virtuálního stroje nebo kontejneru je vyžadováno ověření"
-#: ../src/locale/org.freedesktop.locale1.policy.in.h:1
+#: src/locale/org.freedesktop.locale1.policy:22
msgid "Set system locale"
msgstr "Nastavit lokalizaci systému"
-#: ../src/locale/org.freedesktop.locale1.policy.in.h:2
+#: src/locale/org.freedesktop.locale1.policy:23
msgid "Authentication is required to set the system locale."
msgstr "Pro nastavení lokalizace systému je vyžadováno ověření."
-#: ../src/locale/org.freedesktop.locale1.policy.in.h:3
+#: src/locale/org.freedesktop.locale1.policy:33
msgid "Set system keyboard settings"
msgstr "Nastavit systémovou konfiguraci klávesnice"
-#: ../src/locale/org.freedesktop.locale1.policy.in.h:4
+#: src/locale/org.freedesktop.locale1.policy:34
msgid "Authentication is required to set the system keyboard settings."
msgstr "Pro nastavení systémové konfigurace klávesnice je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:1
+#: src/login/org.freedesktop.login1.policy:22
msgid "Allow applications to inhibit system shutdown"
msgstr "Povolit aplikacím zakázat vypnutí systému"
-#: ../src/login/org.freedesktop.login1.policy.in.h:2
-msgid "Authentication is required for an application to inhibit system shutdown."
+#: src/login/org.freedesktop.login1.policy:23
+msgid ""
+"Authentication is required for an application to inhibit system shutdown."
msgstr "Pro povolení aplikacím zakázat vypnutí systému je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:3
+#: src/login/org.freedesktop.login1.policy:33
msgid "Allow applications to delay system shutdown"
msgstr "Povolit aplikacím odložit vypnutí systému"
-#: ../src/login/org.freedesktop.login1.policy.in.h:4
+#: src/login/org.freedesktop.login1.policy:34
msgid "Authentication is required for an application to delay system shutdown."
msgstr "Pro povolení aplikacím odložit vypnutí systému je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:5
+#: src/login/org.freedesktop.login1.policy:44
msgid "Allow applications to inhibit system sleep"
msgstr "Povolit aplikacím zakázat uspání systému"
-#: ../src/login/org.freedesktop.login1.policy.in.h:6
+#: src/login/org.freedesktop.login1.policy:45
msgid "Authentication is required for an application to inhibit system sleep."
msgstr "Pro povolení aplikacím zakázat uspání systému je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:7
+#: src/login/org.freedesktop.login1.policy:55
msgid "Allow applications to delay system sleep"
msgstr "Povolit aplikacím odložit uspání systému"
-#: ../src/login/org.freedesktop.login1.policy.in.h:8
+#: src/login/org.freedesktop.login1.policy:56
msgid "Authentication is required for an application to delay system sleep."
msgstr "Pro povolení aplikacím odložit uspání systému je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:9
+#: src/login/org.freedesktop.login1.policy:65
msgid "Allow applications to inhibit automatic system suspend"
msgstr "Povolit aplikacím zakázat automatické vypnutí systému"
-#: ../src/login/org.freedesktop.login1.policy.in.h:10
-msgid "Authentication is required for an application to inhibit automatic system suspend."
-msgstr "Pro povolení aplikacím zakázat automatické vypnutí systému je vyžadováno ověření."
+#: src/login/org.freedesktop.login1.policy:66
+msgid ""
+"Authentication is required for an application to inhibit automatic system "
+"suspend."
+msgstr ""
+"Pro povolení aplikacím zakázat automatické vypnutí systému je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:11
+#: src/login/org.freedesktop.login1.policy:75
msgid "Allow applications to inhibit system handling of the power key"
-msgstr "Povolit aplikacím zakázat chovaní systému na stisknutí vypínacího tlačítka"
+msgstr ""
+"Povolit aplikacím zakázat chovaní systému na stisknutí vypínacího tlačítka"
-#: ../src/login/org.freedesktop.login1.policy.in.h:12
+#: src/login/org.freedesktop.login1.policy:76
msgid ""
-"Authentication is required for an application to inhibit system handling of the power key."
+"Authentication is required for an application to inhibit system handling of "
+"the power key."
msgstr ""
-"Pro povolení aplikacím zakázat chovaní systému na stisknutí vypínacího tlačítka je "
-"vyžadováno ověření."
+"Pro povolení aplikacím zakázat chovaní systému na stisknutí vypínacího "
+"tlačítka je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:13
+#: src/login/org.freedesktop.login1.policy:86
msgid "Allow applications to inhibit system handling of the suspend key"
-msgstr "Povolit aplikacím zakázat chovaní systému na stisknutí uspávacího tlačítka"
+msgstr ""
+"Povolit aplikacím zakázat chovaní systému na stisknutí uspávacího tlačítka"
-#: ../src/login/org.freedesktop.login1.policy.in.h:14
+#: src/login/org.freedesktop.login1.policy:87
msgid ""
-"Authentication is required for an application to inhibit system handling of the suspend key."
+"Authentication is required for an application to inhibit system handling of "
+"the suspend key."
msgstr ""
-"Pro povolení aplikacím zakázat chovaní systému na stisknutí uspávacího tlačítka je "
-"vyžadováno ověření."
+"Pro povolení aplikacím zakázat chovaní systému na stisknutí uspávacího "
+"tlačítka je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:15
+#: src/login/org.freedesktop.login1.policy:97
msgid "Allow applications to inhibit system handling of the hibernate key"
-msgstr "Povolit aplikacím zakázat chovaní systému na stisknutí tlačítka hibernace"
+msgstr ""
+"Povolit aplikacím zakázat chovaní systému na stisknutí tlačítka hibernace"
-#: ../src/login/org.freedesktop.login1.policy.in.h:16
+#: src/login/org.freedesktop.login1.policy:98
msgid ""
-"Authentication is required for an application to inhibit system handling of the hibernate "
-"key."
+"Authentication is required for an application to inhibit system handling of "
+"the hibernate key."
msgstr ""
-"Pro povolení aplikacím zakázat chovaní systému na stisknutí tlačítka hibernace je vyžadováno "
-"ověření."
+"Pro povolení aplikacím zakázat chovaní systému na stisknutí tlačítka "
+"hibernace je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:17
+#: src/login/org.freedesktop.login1.policy:107
msgid "Allow applications to inhibit system handling of the lid switch"
msgstr "Povolit aplikacím zakázat chovaní systému na zavření víka"
-#: ../src/login/org.freedesktop.login1.policy.in.h:18
+#: src/login/org.freedesktop.login1.policy:108
msgid ""
-"Authentication is required for an application to inhibit system handling of the lid switch."
-msgstr "Pro povolení aplikacím zakázat chovaní systému na zavření víka je vyžadováno ověření."
+"Authentication is required for an application to inhibit system handling of "
+"the lid switch."
+msgstr ""
+"Pro povolení aplikacím zakázat chovaní systému na zavření víka je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:19
+#: src/login/org.freedesktop.login1.policy:117
msgid "Allow non-logged-in user to run programs"
msgstr "Povolit nepřihlášenému uživateli spouštět programy"
-#: ../src/login/org.freedesktop.login1.policy.in.h:20
+#: src/login/org.freedesktop.login1.policy:118
msgid "Explicit request is required to run programs as a non-logged-in user."
-msgstr "Ke spuštění programů jako nepřihlášený uživatel je třeba speciální požadavek."
+msgstr ""
+"Ke spuštění programů jako nepřihlášený uživatel je třeba speciální požadavek."
-#: ../src/login/org.freedesktop.login1.policy.in.h:21
+#: src/login/org.freedesktop.login1.policy:127
msgid "Allow non-logged-in users to run programs"
msgstr "Povolit nepřihlášeným uživatelům spouštět programy"
-#: ../src/login/org.freedesktop.login1.policy.in.h:22
+#: src/login/org.freedesktop.login1.policy:128
msgid "Authentication is required to run programs as a non-logged-in user."
msgstr "Ke spuštění programů jako nepřihlášený uživatel je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:23
+#: src/login/org.freedesktop.login1.policy:137
msgid "Allow attaching devices to seats"
msgstr "Povolit připojování zařízení ke stanovištím"
-#: ../src/login/org.freedesktop.login1.policy.in.h:24
+#: src/login/org.freedesktop.login1.policy:138
msgid "Authentication is required for attaching a device to a seat."
msgstr "Pro připojování zařízení ke stanovišti je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:25
+#: src/login/org.freedesktop.login1.policy:148
msgid "Flush device to seat attachments"
msgstr "Odstranit přiřazení zařízení ke stanovištím"
-#: ../src/login/org.freedesktop.login1.policy.in.h:26
-msgid "Authentication is required for resetting how devices are attached to seats."
-msgstr "Pro reset způsobu jak jsou zařízení přiřazována ke stanovištím je vyžadováno ověření."
+#: src/login/org.freedesktop.login1.policy:149
+msgid ""
+"Authentication is required for resetting how devices are attached to seats."
+msgstr ""
+"Pro reset způsobu jak jsou zařízení přiřazována ke stanovištím je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:27
+#: src/login/org.freedesktop.login1.policy:158
msgid "Power off the system"
msgstr "Vypnout systém"
-#: ../src/login/org.freedesktop.login1.policy.in.h:28
+#: src/login/org.freedesktop.login1.policy:159
msgid "Authentication is required for powering off the system."
msgstr "Pro vypnutí systému je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:29
+#: src/login/org.freedesktop.login1.policy:169
msgid "Power off the system while other users are logged in"
msgstr "Vypnout systém, i když jsou přihlášeni další uživatelé"
-#: ../src/login/org.freedesktop.login1.policy.in.h:30
-msgid "Authentication is required for powering off the system while other users are logged in."
-msgstr "Pro vypnutí systému, když jsou přihlášeni další uživatelé je vyžadováno ověření."
+#: src/login/org.freedesktop.login1.policy:170
+msgid ""
+"Authentication is required for powering off the system while other users are "
+"logged in."
+msgstr ""
+"Pro vypnutí systému, když jsou přihlášeni další uživatelé je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:31
+#: src/login/org.freedesktop.login1.policy:180
msgid "Power off the system while an application asked to inhibit it"
msgstr "Vypnout systém, i když aplikace požádala o zákaz vypnutí"
-#: ../src/login/org.freedesktop.login1.policy.in.h:32
+#: src/login/org.freedesktop.login1.policy:181
msgid ""
-"Authentication is required for powering off the system while an application asked to inhibit "
-"it."
-msgstr "Pro vypnutí systému, když aplikace požádala o zákaz vypnutí je vyžadováno ověření."
+"Authentication is required for powering off the system while an application "
+"asked to inhibit it."
+msgstr ""
+"Pro vypnutí systému, když aplikace požádala o zákaz vypnutí je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:33
+#: src/login/org.freedesktop.login1.policy:191
msgid "Reboot the system"
msgstr "Restartovat systém"
-#: ../src/login/org.freedesktop.login1.policy.in.h:34
+#: src/login/org.freedesktop.login1.policy:192
msgid "Authentication is required for rebooting the system."
msgstr "Pro restartování systému je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:35
+#: src/login/org.freedesktop.login1.policy:202
msgid "Reboot the system while other users are logged in"
msgstr "Restartovat systém, i když jsou přihlášeni další uživatelé"
-#: ../src/login/org.freedesktop.login1.policy.in.h:36
-msgid "Authentication is required for rebooting the system while other users are logged in."
-msgstr "Pro restartování systému, když jsou přihlášeni další uživatelé je vyžadováno ověření."
+#: src/login/org.freedesktop.login1.policy:203
+msgid ""
+"Authentication is required for rebooting the system while other users are "
+"logged in."
+msgstr ""
+"Pro restartování systému, když jsou přihlášeni další uživatelé je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:37
+#: src/login/org.freedesktop.login1.policy:213
msgid "Reboot the system while an application asked to inhibit it"
msgstr "Restartovat systém, i když aplikace požádala o zákaz restartu"
-#: ../src/login/org.freedesktop.login1.policy.in.h:38
+#: src/login/org.freedesktop.login1.policy:214
msgid ""
-"Authentication is required for rebooting the system while an application asked to inhibit it."
+"Authentication is required for rebooting the system while an application "
+"asked to inhibit it."
msgstr ""
-"Pro restartování systému, když aplikace požádala o zákaz restartu je vyžadováno ověření."
+"Pro restartování systému, když aplikace požádala o zákaz restartu je "
+"vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:39
+#: src/login/org.freedesktop.login1.policy:224
msgid "Halt the system"
msgstr "Zastavit systém"
-#: ../src/login/org.freedesktop.login1.policy.in.h:40
+#: src/login/org.freedesktop.login1.policy:225
msgid "Authentication is required for halting the system."
msgstr "Pro zastavení systému je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:41
+#: src/login/org.freedesktop.login1.policy:235
msgid "Halt the system while other users are logged in"
msgstr "Zastavit systém, i když jsou přihlášeni další uživatelé"
-#: ../src/login/org.freedesktop.login1.policy.in.h:42
-msgid "Authentication is required for halting the system while other users are logged in."
-msgstr "Pro zastavení systému, když jsou přihlášeni další uživatelé je vyžadováno ověření."
+#: src/login/org.freedesktop.login1.policy:236
+msgid ""
+"Authentication is required for halting the system while other users are "
+"logged in."
+msgstr ""
+"Pro zastavení systému, když jsou přihlášeni další uživatelé je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:43
+#: src/login/org.freedesktop.login1.policy:246
msgid "Halt the system while an application asked to inhibit it"
msgstr "Zastavit systém, i když aplikace požádala o zákaz zastavení"
-#: ../src/login/org.freedesktop.login1.policy.in.h:44
+#: src/login/org.freedesktop.login1.policy:247
msgid ""
-"Authentication is required for halting the system while an application asked to inhibit it."
-msgstr "Pro zastavení systému, když aplikace požádala o zákaz zastavení je vyžadováno ověření."
+"Authentication is required for halting the system while an application asked "
+"to inhibit it."
+msgstr ""
+"Pro zastavení systému, když aplikace požádala o zákaz zastavení je "
+"vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:45
+#: src/login/org.freedesktop.login1.policy:257
msgid "Suspend the system"
msgstr "Uspat systém"
-#: ../src/login/org.freedesktop.login1.policy.in.h:46
+#: src/login/org.freedesktop.login1.policy:258
msgid "Authentication is required for suspending the system."
msgstr "Pro uspání systému je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:47
+#: src/login/org.freedesktop.login1.policy:267
msgid "Suspend the system while other users are logged in"
msgstr "Uspat systém, i když jsou přihlášeni další uživatelé"
-#: ../src/login/org.freedesktop.login1.policy.in.h:48
-msgid "Authentication is required for suspending the system while other users are logged in."
-msgstr "Pro uspání systému, když jsou přihlášeni další uživatelé je vyžadováno ověření."
+#: src/login/org.freedesktop.login1.policy:268
+msgid ""
+"Authentication is required for suspending the system while other users are "
+"logged in."
+msgstr ""
+"Pro uspání systému, když jsou přihlášeni další uživatelé je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:49
+#: src/login/org.freedesktop.login1.policy:278
msgid "Suspend the system while an application asked to inhibit it"
msgstr "Uspat systém, i když aplikace požádala o zákaz uspání"
-#: ../src/login/org.freedesktop.login1.policy.in.h:50
+#: src/login/org.freedesktop.login1.policy:279
msgid ""
-"Authentication is required for suspending the system while an application asked to inhibit "
-"it."
-msgstr "Pro uspání systému, když aplikace požádala o zákaz uspání je vyžadováno ověření."
+"Authentication is required for suspending the system while an application "
+"asked to inhibit it."
+msgstr ""
+"Pro uspání systému, když aplikace požádala o zákaz uspání je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:51
+#: src/login/org.freedesktop.login1.policy:289
msgid "Hibernate the system"
msgstr "Hibernovat systém"
-#: ../src/login/org.freedesktop.login1.policy.in.h:52
+#: src/login/org.freedesktop.login1.policy:290
msgid "Authentication is required for hibernating the system."
msgstr "Pro hibernaci systému je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:53
+#: src/login/org.freedesktop.login1.policy:299
msgid "Hibernate the system while other users are logged in"
msgstr "Hibernovat systém, i když jsou přihlášeni další uživatelé"
-#: ../src/login/org.freedesktop.login1.policy.in.h:54
-msgid "Authentication is required for hibernating the system while other users are logged in."
-msgstr "Pro hibernaci systému, když jsou přihlášeni další uživatelé je vyžadováno ověření."
+#: src/login/org.freedesktop.login1.policy:300
+msgid ""
+"Authentication is required for hibernating the system while other users are "
+"logged in."
+msgstr ""
+"Pro hibernaci systému, když jsou přihlášeni další uživatelé je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:55
+#: src/login/org.freedesktop.login1.policy:310
msgid "Hibernate the system while an application asked to inhibit it"
msgstr "Hibernovat systém, i když aplikace požádala o zákaz hibernace"
-#: ../src/login/org.freedesktop.login1.policy.in.h:56
+#: src/login/org.freedesktop.login1.policy:311
msgid ""
-"Authentication is required for hibernating the system while an application asked to inhibit "
-"it."
-msgstr "Pro hibernaci systému, když aplikace požádala o zákaz hibernace je vyžadováno ověření."
+"Authentication is required for hibernating the system while an application "
+"asked to inhibit it."
+msgstr ""
+"Pro hibernaci systému, když aplikace požádala o zákaz hibernace je "
+"vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:57
+#: src/login/org.freedesktop.login1.policy:321
msgid "Manage active sessions, users and seats"
msgstr "Spravovat aktivní sezení, uživatele a stanoviště"
-#: ../src/login/org.freedesktop.login1.policy.in.h:58
-msgid "Authentication is required for managing active sessions, users and seats."
-msgstr "Pro správu aktivních sezení, uživatelů a stanovišť je vyžadováno ověření."
+#: src/login/org.freedesktop.login1.policy:322
+msgid ""
+"Authentication is required for managing active sessions, users and seats."
+msgstr ""
+"Pro správu aktivních sezení, uživatelů a stanovišť je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:59
+#: src/login/org.freedesktop.login1.policy:331
msgid "Lock or unlock active sessions"
msgstr "Zamknout nebo odemknout aktivní sezení"
-#: ../src/login/org.freedesktop.login1.policy.in.h:60
+#: src/login/org.freedesktop.login1.policy:332
msgid "Authentication is required to lock or unlock active sessions."
msgstr "Pro zamčení nebo odemčení aktivních sezení je vyžadováno ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:61
+#: src/login/org.freedesktop.login1.policy:341
msgid "Allow indication to the firmware to boot to setup interface"
msgstr "Povolit indikaci firmwaru bootovat instalační prostředí"
-#: ../src/login/org.freedesktop.login1.policy.in.h:62
-msgid "Authentication is required to indicate to the firmware to boot to setup interface."
-msgstr "K povolení indikace firmwaru bootovat instalační prostředí je vyžadováno ověření."
+#: src/login/org.freedesktop.login1.policy:342
+msgid ""
+"Authentication is required to indicate to the firmware to boot to setup "
+"interface."
+msgstr ""
+"K povolení indikace firmwaru bootovat instalační prostředí je vyžadováno "
+"ověření."
-#: ../src/login/org.freedesktop.login1.policy.in.h:63
+#: src/login/org.freedesktop.login1.policy:352
msgid "Set a wall message"
msgstr "Nastavit zprávu všem uživatelům"
-#: ../src/login/org.freedesktop.login1.policy.in.h:64
+#: src/login/org.freedesktop.login1.policy:353
msgid "Authentication is required to set a wall message"
msgstr "K nastavení zprávy všem uživatelům je vyžadováno ověření"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:1
+#: src/machine/org.freedesktop.machine1.policy:22
msgid "Log into a local container"
msgstr "Přihlásit se do lokálního kontejneru"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:2
+#: src/machine/org.freedesktop.machine1.policy:23
msgid "Authentication is required to log into a local container."
msgstr "Pro přihlášení do lokálního kontejneru je vyžadováno ověření."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:3
+#: src/machine/org.freedesktop.machine1.policy:32
msgid "Log into the local host"
msgstr "Přihlásit se na lokální stroj"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:4
+#: src/machine/org.freedesktop.machine1.policy:33
msgid "Authentication is required to log into the local host."
msgstr "Pro přihlášení k lokálnímu stroji je vyžadováno ověření."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:5
+#: src/machine/org.freedesktop.machine1.policy:42
msgid "Acquire a shell in a local container"
msgstr "Získat shell v lokálním kontejneru"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:6
+#: src/machine/org.freedesktop.machine1.policy:43
msgid "Authentication is required to acquire a shell in a local container."
msgstr "Pro získání shellu v lokálním kontejneru je vyžadováno ověření."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:7
+#: src/machine/org.freedesktop.machine1.policy:53
msgid "Acquire a shell on the local host"
msgstr "Získat shell na lokálním stroji"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:8
+#: src/machine/org.freedesktop.machine1.policy:54
msgid "Authentication is required to acquire a shell on the local host."
msgstr "Pro získání shellu na lokálním stroji je vyžadováno ověření."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:9
+#: src/machine/org.freedesktop.machine1.policy:64
msgid "Acquire a pseudo TTY in a local container"
msgstr "Získat pseudo TTY v lokálním kontejneru"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:10
-msgid "Authentication is required to acquire a pseudo TTY in a local container."
+#: src/machine/org.freedesktop.machine1.policy:65
+msgid ""
+"Authentication is required to acquire a pseudo TTY in a local container."
msgstr "Pro získání pseudo TTY v lokálním kontejneru je vyžadováno ověření."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:11
+#: src/machine/org.freedesktop.machine1.policy:74
msgid "Acquire a pseudo TTY on the local host"
msgstr "Získat pseudo TTY na lokálním stroji"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:12
+#: src/machine/org.freedesktop.machine1.policy:75
msgid "Authentication is required to acquire a pseudo TTY on the local host."
msgstr "Pro získání pseudo TTY na lokálním stroji je vyžadováno ověření."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:13
+#: src/machine/org.freedesktop.machine1.policy:84
msgid "Manage local virtual machines and containers"
msgstr "Spravovat lokální virtuální stroje a kontejnery"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:14
-msgid "Authentication is required to manage local virtual machines and containers."
-msgstr "Pro správu lokálních virtuálních strojů a kontejnerů je vyžadováno ověření."
+#: src/machine/org.freedesktop.machine1.policy:85
+msgid ""
+"Authentication is required to manage local virtual machines and containers."
+msgstr ""
+"Pro správu lokálních virtuálních strojů a kontejnerů je vyžadováno ověření."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:15
+#: src/machine/org.freedesktop.machine1.policy:95
msgid "Manage local virtual machine and container images"
msgstr "Spravovat lokální obrazy virtuálních strojů a kontejnerů"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:16
-msgid "Authentication is required to manage local virtual machine and container images."
-msgstr "Pro správu obrazů lokálních virtuálních strojů a kontejnerů je vyžadováno ověření."
+#: src/machine/org.freedesktop.machine1.policy:96
+msgid ""
+"Authentication is required to manage local virtual machine and container "
+"images."
+msgstr ""
+"Pro správu obrazů lokálních virtuálních strojů a kontejnerů je vyžadováno "
+"ověření."
+
+#: src/portable/org.freedesktop.portable1.policy:13
+msgid "Inspect a portable service image"
+msgstr "Prohlédnout obraz přenosné služby"
+
+#: src/portable/org.freedesktop.portable1.policy:14
+msgid "Authentication is required to inspect a portable service image."
+msgstr "Pro prohlížení obrazu přenosné služby je vyžadováno ověření."
+
+#: src/portable/org.freedesktop.portable1.policy:23
+msgid "Attach or detach a portable service image"
+msgstr "Připojit nebo odpojit obraz přenosné služby"
+
+#: src/portable/org.freedesktop.portable1.policy:24
+msgid ""
+"Authentication is required to attach or detach a portable service image."
+msgstr ""
+"Pro připojení nebo odpojení obrazu přenosné služby je vyžadováno ověření."
+
+#: src/portable/org.freedesktop.portable1.policy:34
+msgid "Delete or modify portable service image"
+msgstr "Odstranit nebo upravit obraz přenosné služby"
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:1
+#: src/portable/org.freedesktop.portable1.policy:35
+msgid ""
+"Authentication is required to delete or modify a portable service image."
+msgstr ""
+"Pro odstranění nebo úpravu obrazu přenosné služby je vyžadováno ověření."
+
+#: src/resolve/org.freedesktop.resolve1.policy:22
+msgid "Register a DNS-SD service"
+msgstr "Registrovat službu DNS-SD"
+
+#: src/resolve/org.freedesktop.resolve1.policy:23
+msgid "Authentication is required to register a DNS-SD service"
+msgstr "Pro registraci služby DNS-SD je vyžadováno ověření"
+
+#: src/resolve/org.freedesktop.resolve1.policy:33
+msgid "Unregister a DNS-SD service"
+msgstr "Zrušit registraci služby DNS-SD"
+
+#: src/resolve/org.freedesktop.resolve1.policy:34
+msgid "Authentication is required to unregister a DNS-SD service"
+msgstr "Pro zrušení registrace služby DNS-SD je vyžadováno ověření"
+
+#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Nastavit systémový čas"
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:2
+#: src/timedate/org.freedesktop.timedate1.policy:23
msgid "Authentication is required to set the system time."
msgstr "Pro nastavení systémového času je vyžadováno ověření."
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:3
+#: src/timedate/org.freedesktop.timedate1.policy:33
msgid "Set system timezone"
msgstr "Nastavit systémovou časovou zónu"
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:4
+#: src/timedate/org.freedesktop.timedate1.policy:34
msgid "Authentication is required to set the system timezone."
msgstr "Pro nastavení systémové časové zóny je vyžadováno ověření."
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:5
+#: src/timedate/org.freedesktop.timedate1.policy:43
msgid "Set RTC to local timezone or UTC"
msgstr "Nastavit RTC na lokální časovou zónu nebo UTC"
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:6
-msgid "Authentication is required to control whether the RTC stores the local or UTC time."
+#: src/timedate/org.freedesktop.timedate1.policy:44
+msgid ""
+"Authentication is required to control whether the RTC stores the local or "
+"UTC time."
msgstr ""
-"Pro kontrolu jestli RTC ukládá lokální časovou zónu nebo UTC čas je vyžadováno ověření."
+"Pro kontrolu jestli RTC ukládá lokální časovou zónu nebo UTC čas je "
+"vyžadováno ověření."
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:7
+#: src/timedate/org.freedesktop.timedate1.policy:53
msgid "Turn network time synchronization on or off"
msgstr "Zapnout nebo vypnout synchronizaci s časem ze sítě"
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:8
+#: src/timedate/org.freedesktop.timedate1.policy:54
msgid ""
-"Authentication is required to control whether network time synchronization shall be enabled."
+"Authentication is required to control whether network time synchronization "
+"shall be enabled."
msgstr "Pro kontrolu synchronizace času ze sítě je vyžadováno ověření."
-#: ../src/core/dbus-unit.c:458
+#: src/core/dbus-unit.c:326
msgid "Authentication is required to start '$(unit)'."
msgstr "Pro spuštění „$(unit)” je vyžadováno ověření."
-#: ../src/core/dbus-unit.c:459
+#: src/core/dbus-unit.c:327
msgid "Authentication is required to stop '$(unit)'."
msgstr "Pro vypnutí „$(unit)” je vyžadováno ověření."
-#: ../src/core/dbus-unit.c:460
+#: src/core/dbus-unit.c:328
msgid "Authentication is required to reload '$(unit)'."
msgstr "Pro znovu načtení „$(unit)” je vyžadováno ověření."
-#: ../src/core/dbus-unit.c:461 ../src/core/dbus-unit.c:462
+#: src/core/dbus-unit.c:329 src/core/dbus-unit.c:330
msgid "Authentication is required to restart '$(unit)'."
msgstr "Pro restart „$(unit)” je vyžadováno ověření."
-#: ../src/core/dbus-unit.c:569
-msgid "Authentication is required to kill '$(unit)'."
-msgstr "Pro ukončení „$(unit)” je vyžadováno ověření."
+#: src/core/dbus-unit.c:437
+msgid ""
+"Authentication is required to send a UNIX signal to the processes of "
+"'$(unit)'."
+msgstr "Pro odeslání UNIX signálu procesům „$(unit)” je vyžadováno ověření."
-#: ../src/core/dbus-unit.c:600
+#: src/core/dbus-unit.c:468
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr "Pro resetování chybného stavu „$(unit)” je vyžadováno ověření."
-#: ../src/core/dbus-unit.c:633
+#: src/core/dbus-unit.c:501
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Pro nastavení vlastností na „$(unit)” je vyžadováno ověření."
+
+#~ msgid "Authentication is required to kill '$(unit)'."
+#~ msgstr "Pro ukončení „$(unit)” je vyžadováno ověření."
ACTION=="change", SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST=="block", ATTR{block/*/uevent}="change"
# watch metadata changes, caused by tools closing the device node which was opened for writing
-ACTION!="remove", SUBSYSTEM=="block", KERNEL=="loop*|nvme*|sd*|vd*|xvd*|pmem*|mmcblk*", OPTIONS+="watch"
+ACTION!="remove", SUBSYSTEM=="block", KERNEL=="loop*|nvme*|sd*|vd*|xvd*|pmem*|mmcblk*|dasd*", OPTIONS+="watch"
if (!joined)
return log_oom();
- r = safe_fork("(activate)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &child_pid);
+ r = safe_fork("(activate)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &child_pid);
if (r < 0)
return r;
if (r == 0) {
#include "in-addr-util.h"
#include "locale-util.h"
#include "macro.h"
+#include "missing.h"
#include "parse-util.h"
#include "path-util.h"
#include "pretty-print.h"
-#include "seccomp-util.h"
+#if HAVE_SECCOMP
+# include "seccomp-util.h"
+#endif
#include "set.h"
#include "stdio-util.h"
#include "strv.h"
return 0;
}
+#if HAVE_SECCOMP
+
static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterSet *f) {
const char *syscall;
assert_se(g = syscall_filter_set_find(syscall));
b = syscall_names_in_filter(s, whitelist, g);
} else {
-#if HAVE_SECCOMP
int id;
/* Let's see if the system call actually exists on this platform, before complaining */
id = seccomp_syscall_resolve_name(syscall);
if (id < 0)
continue;
-#endif
b = set_contains(s, syscall);
}
return 0;
}
+#endif
+
static int assess_ip_address_allow(
const struct security_assessor *a,
const struct security_info *info,
.range = 10,
.assess = assess_system_call_architectures,
},
+#if HAVE_SECCOMP
{
.id = "SystemCallFilter=~@swap",
.url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#SystemCallFilter=",
.assess = assess_system_call_filter,
.parameter = SYSCALL_FILTER_SET_RESOURCES,
},
+#endif
{
.id = "IPAddressDeny=",
.url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#IPAddressDeny=",
int r;
if (!FLAGS_SET(flags, ANALYZE_SECURITY_SHORT)) {
- details_table = table_new("", "NAME", "DESCRIPTION", "WEIGHT", "BADNESS", "RANGE", "EXPOSURE");
+ details_table = table_new(" ", "name", "description", "weight", "badness", "range", "exposure");
if (!details_table)
return log_oom();
assert(bus);
if (strv_length(units) != 1) {
- overview_table = table_new("UNIT", "EXPOSURE", "PREDICATE", "HAPPY");
+ overview_table = table_new("unit", "exposure", "predicate", "happy");
if (!overview_table)
return log_oom();
}
+++ /dev/null
-#pragma once
-
-#include "macro.h"
-#include "missing.h"
-#include "sparse-endian.h"
-
-/* Stolen from btrfs' ctree.h */
-
-struct btrfs_timespec {
- le64_t sec;
- le32_t nsec;
-} _packed_;
-
-struct btrfs_disk_key {
- le64_t objectid;
- uint8_t type;
- le64_t offset;
-} _packed_;
-
-struct btrfs_inode_item {
- le64_t generation;
- le64_t transid;
- le64_t size;
- le64_t nbytes;
- le64_t block_group;
- le32_t nlink;
- le32_t uid;
- le32_t gid;
- le32_t mode;
- le64_t rdev;
- le64_t flags;
- le64_t sequence;
- le64_t reserved[4];
- struct btrfs_timespec atime;
- struct btrfs_timespec ctime;
- struct btrfs_timespec mtime;
- struct btrfs_timespec otime;
-} _packed_;
-
-struct btrfs_root_item {
- struct btrfs_inode_item inode;
- le64_t generation;
- le64_t root_dirid;
- le64_t bytenr;
- le64_t byte_limit;
- le64_t bytes_used;
- le64_t last_snapshot;
- le64_t flags;
- le32_t refs;
- struct btrfs_disk_key drop_progress;
- uint8_t drop_level;
- uint8_t level;
- le64_t generation_v2;
- uint8_t uuid[BTRFS_UUID_SIZE];
- uint8_t parent_uuid[BTRFS_UUID_SIZE];
- uint8_t received_uuid[BTRFS_UUID_SIZE];
- le64_t ctransid;
- le64_t otransid;
- le64_t stransid;
- le64_t rtransid;
- struct btrfs_timespec ctime;
- struct btrfs_timespec otime;
- struct btrfs_timespec stime;
- struct btrfs_timespec rtime;
- le64_t reserved[8];
-} _packed_;
-
-#define BTRFS_ROOT_SUBVOL_RDONLY (1ULL << 0)
-
-struct btrfs_qgroup_info_item {
- le64_t generation;
- le64_t rfer;
- le64_t rfer_cmpr;
- le64_t excl;
- le64_t excl_cmpr;
-} _packed_;
-
-#define BTRFS_QGROUP_LIMIT_MAX_RFER (1ULL << 0)
-#define BTRFS_QGROUP_LIMIT_MAX_EXCL (1ULL << 1)
-#define BTRFS_QGROUP_LIMIT_RSV_RFER (1ULL << 2)
-#define BTRFS_QGROUP_LIMIT_RSV_EXCL (1ULL << 3)
-#define BTRFS_QGROUP_LIMIT_RFER_CMPR (1ULL << 4)
-#define BTRFS_QGROUP_LIMIT_EXCL_CMPR (1ULL << 5)
-
-struct btrfs_qgroup_limit_item {
- le64_t flags;
- le64_t max_rfer;
- le64_t max_excl;
- le64_t rsv_rfer;
- le64_t rsv_excl;
-} _packed_;
-
-struct btrfs_root_ref {
- le64_t dirid;
- le64_t sequence;
- le16_t name_len;
-} _packed_;
#include <sys/sysmacros.h>
#include <unistd.h>
-#if HAVE_LINUX_BTRFS_H
-#include <linux/btrfs.h>
-#endif
-
#include "alloc-util.h"
#include "blockdev-util.h"
-#include "btrfs-ctree.h"
#include "btrfs-util.h"
#include "chattr-util.h"
#include "copy.h"
#include <sys/types.h>
#include "macro.h"
+#include "missing_capability.h"
#include "util.h"
#define CAP_ALL (uint64_t) -1
#include <uchar.h>
#include "string-util.h"
-#include "missing.h"
+#include "missing_type.h"
/* What characters are special in the shell? */
/* must be escaped outside and inside double-quotes */
if (f) {
PROTECT_ERRNO;
- assert_se(fclose_nointr(f) != EBADF);
+ assert_se(fclose_nointr(f) != -EBADF);
}
return NULL;
return draw_table[code >= _SPECIAL_GLYPH_FIRST_SMILEY ? emoji_enabled() : is_locale_utf8()][code];
}
-void locale_variables_free(char*l[_VARIABLE_LC_MAX]) {
+void locale_variables_free(char *l[_VARIABLE_LC_MAX]) {
LocaleVariable i;
if (!l)
#pragma once
#include <assert.h>
+#include <errno.h>
#include <inttypes.h>
#include <stdbool.h>
#include <sys/param.h>
audit-util.h
blockdev-util.c
blockdev-util.h
- btrfs-ctree.h
btrfs-util.c
btrfs-util.h
build.h
memfd-util.h
mempool.c
mempool.h
+ missing_audit.h
+ missing_btrfs.h
+ missing_btrfs_tree.h
+ missing_capability.h
+ missing_ethtool.h
+ missing_fcntl.h
+ missing_fib_rules.h
+ missing_fou.h
+ missing_fs.h
+ missing_if_bridge.h
+ missing_if_link.h
+ missing_if_tunnel.h
+ missing_input.h
+ missing_keyctl.h
+ missing_magic.h
+ missing_mman.h
+ missing_network.h
+ missing_prctl.h
+ missing_random.h
+ missing_resource.h
+ missing_sched.h
+ missing_securebits.h
+ missing_socket.h
+ missing_stat.h
+ missing_stdlib.h
missing_syscall.h
+ missing_timerfd.h
+ missing_type.h
+ missing_vxcan.h
mkdir-label.c
mkdir.c
mkdir.h
refcnt.h
replace-var.c
replace-var.h
+ rlimit-util.c
+ rlimit-util.h
rm-rf.c
rm-rf.h
- securebits.h
selinux-util.c
selinux-util.h
set.h
/* Missing glibc definitions to access certain kernel APIs */
-#include <errno.h>
-#include <fcntl.h>
-#include <inttypes.h>
-#include <linux/audit.h>
-#include <linux/capability.h>
-#include <linux/falloc.h>
-#include <linux/input.h>
-#include <linux/oom.h>
-#include <net/ethernet.h>
-#include <stdlib.h>
-#include <sys/resource.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/syscall.h>
-#include <uchar.h>
-#include <unistd.h>
-
-#if WANT_LINUX_STAT_H
-#include <linux/stat.h>
-#endif
-
-#if HAVE_AUDIT
-#include <libaudit.h>
-#endif
-
-#ifdef ARCH_MIPS
-#include <asm/sgidefs.h>
-#endif
-
-#if HAVE_LINUX_BTRFS_H
-#include <linux/btrfs.h>
-#endif
-
-#if HAVE_LINUX_VM_SOCKETS_H
-#include <linux/vm_sockets.h>
-#else
-#define VMADDR_CID_ANY -1U
-struct sockaddr_vm {
- unsigned short svm_family;
- unsigned short svm_reserved1;
- unsigned int svm_port;
- unsigned int svm_cid;
- unsigned char svm_zero[sizeof(struct sockaddr) -
- sizeof(unsigned short) -
- sizeof(unsigned short) -
- sizeof(unsigned int) -
- sizeof(unsigned int)];
-};
-#endif /* !HAVE_LINUX_VM_SOCKETS_H */
-
-#ifndef RLIMIT_RTTIME
-#define RLIMIT_RTTIME 15
-#endif
-
-/* If RLIMIT_RTTIME is not defined, then we cannot use RLIMIT_NLIMITS as is */
-#define _RLIMIT_MAX (RLIMIT_RTTIME+1 > RLIMIT_NLIMITS ? RLIMIT_RTTIME+1 : RLIMIT_NLIMITS)
-
-#ifndef F_LINUX_SPECIFIC_BASE
-#define F_LINUX_SPECIFIC_BASE 1024
-#endif
-
-#ifndef F_SETPIPE_SZ
-#define F_SETPIPE_SZ (F_LINUX_SPECIFIC_BASE + 7)
-#endif
-
-#ifndef F_GETPIPE_SZ
-#define F_GETPIPE_SZ (F_LINUX_SPECIFIC_BASE + 8)
-#endif
-
-#ifndef F_ADD_SEALS
-#define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9)
-#define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10)
-
-#define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */
-#define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */
-#define F_SEAL_GROW 0x0004 /* prevent file from growing */
-#define F_SEAL_WRITE 0x0008 /* prevent writes */
-#endif
-
-#ifndef F_OFD_GETLK
-#define F_OFD_GETLK 36
-#define F_OFD_SETLK 37
-#define F_OFD_SETLKW 38
-#endif
-
-#ifndef MFD_ALLOW_SEALING
-#define MFD_ALLOW_SEALING 0x0002U
-#endif
-
-#ifndef MFD_CLOEXEC
-#define MFD_CLOEXEC 0x0001U
-#endif
-
-#ifndef IP_FREEBIND
-#define IP_FREEBIND 15
-#endif
-
-#ifndef OOM_SCORE_ADJ_MIN
-#define OOM_SCORE_ADJ_MIN (-1000)
-#endif
-
-#ifndef OOM_SCORE_ADJ_MAX
-#define OOM_SCORE_ADJ_MAX 1000
-#endif
-
-#ifndef AUDIT_SERVICE_START
-#define AUDIT_SERVICE_START 1130 /* Service (daemon) start */
-#endif
-
-#ifndef AUDIT_SERVICE_STOP
-#define AUDIT_SERVICE_STOP 1131 /* Service (daemon) stop */
-#endif
-
-#ifndef TIOCVHANGUP
-#define TIOCVHANGUP 0x5437
-#endif
-
-#ifndef IP_TRANSPARENT
-#define IP_TRANSPARENT 19
-#endif
-
-#ifndef SOL_NETLINK
-#define SOL_NETLINK 270
-#endif
-
-#ifndef NETLINK_LIST_MEMBERSHIPS
-#define NETLINK_LIST_MEMBERSHIPS 9
-#endif
-
-#ifndef SOL_SCTP
-#define SOL_SCTP 132
-#endif
-
-#ifndef GRND_NONBLOCK
-#define GRND_NONBLOCK 0x0001
-#endif
-
-#ifndef GRND_RANDOM
-#define GRND_RANDOM 0x0002
-#endif
-
-#ifndef FS_NOCOW_FL
-#define FS_NOCOW_FL 0x00800000
-#endif
-
-#ifndef BTRFS_IOCTL_MAGIC
-#define BTRFS_IOCTL_MAGIC 0x94
-#endif
-
-#ifndef BTRFS_PATH_NAME_MAX
-#define BTRFS_PATH_NAME_MAX 4087
-#endif
-
-#ifndef BTRFS_DEVICE_PATH_NAME_MAX
-#define BTRFS_DEVICE_PATH_NAME_MAX 1024
-#endif
-
-#ifndef BTRFS_FSID_SIZE
-#define BTRFS_FSID_SIZE 16
-#endif
-
-#ifndef BTRFS_UUID_SIZE
-#define BTRFS_UUID_SIZE 16
-#endif
-
-#ifndef BTRFS_SUBVOL_RDONLY
-#define BTRFS_SUBVOL_RDONLY (1ULL << 1)
-#endif
-
-#ifndef BTRFS_SUBVOL_NAME_MAX
-#define BTRFS_SUBVOL_NAME_MAX 4039
-#endif
-
-#ifndef BTRFS_INO_LOOKUP_PATH_MAX
-#define BTRFS_INO_LOOKUP_PATH_MAX 4080
-#endif
-
-#ifndef BTRFS_SEARCH_ARGS_BUFSIZE
-#define BTRFS_SEARCH_ARGS_BUFSIZE (4096 - sizeof(struct btrfs_ioctl_search_key))
-#endif
-
-#ifndef BTRFS_QGROUP_LEVEL_SHIFT
-#define BTRFS_QGROUP_LEVEL_SHIFT 48
-#endif
-
-#if !HAVE_LINUX_BTRFS_H
-#define BTRFS_IOC_QGROUP_ASSIGN _IOW(BTRFS_IOCTL_MAGIC, 41, \
- struct btrfs_ioctl_qgroup_assign_args)
-#define BTRFS_IOC_QGROUP_CREATE _IOW(BTRFS_IOCTL_MAGIC, 42, \
- struct btrfs_ioctl_qgroup_create_args)
-#define BTRFS_IOC_QUOTA_RESCAN _IOW(BTRFS_IOCTL_MAGIC, 44, \
- struct btrfs_ioctl_quota_rescan_args)
-#define BTRFS_IOC_QUOTA_RESCAN_STATUS _IOR(BTRFS_IOCTL_MAGIC, 45, \
- struct btrfs_ioctl_quota_rescan_args)
-
-struct btrfs_ioctl_quota_rescan_args {
- __u64 flags;
- __u64 progress;
- __u64 reserved[6];
-};
-
-struct btrfs_ioctl_qgroup_assign_args {
- __u64 assign;
- __u64 src;
- __u64 dst;
-};
-
-struct btrfs_ioctl_qgroup_create_args {
- __u64 create;
- __u64 qgroupid;
-};
-
-struct btrfs_ioctl_vol_args {
- int64_t fd;
- char name[BTRFS_PATH_NAME_MAX + 1];
-};
-
-struct btrfs_qgroup_limit {
- __u64 flags;
- __u64 max_rfer;
- __u64 max_excl;
- __u64 rsv_rfer;
- __u64 rsv_excl;
-};
-
-struct btrfs_qgroup_inherit {
- __u64 flags;
- __u64 num_qgroups;
- __u64 num_ref_copies;
- __u64 num_excl_copies;
- struct btrfs_qgroup_limit lim;
- __u64 qgroups[0];
-};
-
-struct btrfs_ioctl_qgroup_limit_args {
- __u64 qgroupid;
- struct btrfs_qgroup_limit lim;
-};
-
-struct btrfs_ioctl_vol_args_v2 {
- __s64 fd;
- __u64 transid;
- __u64 flags;
- union {
- struct {
- __u64 size;
- struct btrfs_qgroup_inherit *qgroup_inherit;
- };
- __u64 unused[4];
- };
- char name[BTRFS_SUBVOL_NAME_MAX + 1];
-};
-
-struct btrfs_ioctl_dev_info_args {
- uint64_t devid; /* in/out */
- uint8_t uuid[BTRFS_UUID_SIZE]; /* in/out */
- uint64_t bytes_used; /* out */
- uint64_t total_bytes; /* out */
- uint64_t unused[379]; /* pad to 4k */
- char path[BTRFS_DEVICE_PATH_NAME_MAX]; /* out */
-};
-
-struct btrfs_ioctl_fs_info_args {
- uint64_t max_id; /* out */
- uint64_t num_devices; /* out */
- uint8_t fsid[BTRFS_FSID_SIZE]; /* out */
- uint64_t reserved[124]; /* pad to 1k */
-};
-
-struct btrfs_ioctl_ino_lookup_args {
- __u64 treeid;
- __u64 objectid;
- char name[BTRFS_INO_LOOKUP_PATH_MAX];
-};
-
-struct btrfs_ioctl_search_key {
- /* which root are we searching. 0 is the tree of tree roots */
- __u64 tree_id;
-
- /* keys returned will be >= min and <= max */
- __u64 min_objectid;
- __u64 max_objectid;
-
- /* keys returned will be >= min and <= max */
- __u64 min_offset;
- __u64 max_offset;
-
- /* max and min transids to search for */
- __u64 min_transid;
- __u64 max_transid;
-
- /* keys returned will be >= min and <= max */
- __u32 min_type;
- __u32 max_type;
-
- /*
- * how many items did userland ask for, and how many are we
- * returning
- */
- __u32 nr_items;
-
- /* align to 64 bits */
- __u32 unused;
-
- /* some extra for later */
- __u64 unused1;
- __u64 unused2;
- __u64 unused3;
- __u64 unused4;
-};
-
-struct btrfs_ioctl_search_header {
- __u64 transid;
- __u64 objectid;
- __u64 offset;
- __u32 type;
- __u32 len;
-};
-
-struct btrfs_ioctl_search_args {
- struct btrfs_ioctl_search_key key;
- char buf[BTRFS_SEARCH_ARGS_BUFSIZE];
-};
-
-struct btrfs_ioctl_clone_range_args {
- __s64 src_fd;
- __u64 src_offset, src_length;
- __u64 dest_offset;
-};
-
-#define BTRFS_QUOTA_CTL_ENABLE 1
-#define BTRFS_QUOTA_CTL_DISABLE 2
-#define BTRFS_QUOTA_CTL_RESCAN__NOTUSED 3
-struct btrfs_ioctl_quota_ctl_args {
- __u64 cmd;
- __u64 status;
-};
-#endif /* !HAVE_LINUX_BTRFS_H */
-
-#ifndef BTRFS_IOC_DEFRAG
-#define BTRFS_IOC_DEFRAG _IOW(BTRFS_IOCTL_MAGIC, 2, \
- struct btrfs_ioctl_vol_args)
-#endif
-
-#ifndef BTRFS_IOC_RESIZE
-#define BTRFS_IOC_RESIZE _IOW(BTRFS_IOCTL_MAGIC, 3, \
- struct btrfs_ioctl_vol_args)
-#endif
-
-#ifndef BTRFS_IOC_CLONE
-#define BTRFS_IOC_CLONE _IOW(BTRFS_IOCTL_MAGIC, 9, int)
-#endif
-
-#ifndef BTRFS_IOC_CLONE_RANGE
-#define BTRFS_IOC_CLONE_RANGE _IOW(BTRFS_IOCTL_MAGIC, 13, \
- struct btrfs_ioctl_clone_range_args)
-#endif
-
-#ifndef BTRFS_IOC_SUBVOL_CREATE
-#define BTRFS_IOC_SUBVOL_CREATE _IOW(BTRFS_IOCTL_MAGIC, 14, \
- struct btrfs_ioctl_vol_args)
-#endif
-
-#ifndef BTRFS_IOC_SNAP_DESTROY
-#define BTRFS_IOC_SNAP_DESTROY _IOW(BTRFS_IOCTL_MAGIC, 15, \
- struct btrfs_ioctl_vol_args)
-#endif
-
-#ifndef BTRFS_IOC_TREE_SEARCH
-#define BTRFS_IOC_TREE_SEARCH _IOWR(BTRFS_IOCTL_MAGIC, 17, \
- struct btrfs_ioctl_search_args)
-#endif
-
-#ifndef BTRFS_IOC_INO_LOOKUP
-#define BTRFS_IOC_INO_LOOKUP _IOWR(BTRFS_IOCTL_MAGIC, 18, \
- struct btrfs_ioctl_ino_lookup_args)
-#endif
-
-#ifndef BTRFS_IOC_SNAP_CREATE_V2
-#define BTRFS_IOC_SNAP_CREATE_V2 _IOW(BTRFS_IOCTL_MAGIC, 23, \
- struct btrfs_ioctl_vol_args_v2)
-#endif
-
-#ifndef BTRFS_IOC_SUBVOL_GETFLAGS
-#define BTRFS_IOC_SUBVOL_GETFLAGS _IOR(BTRFS_IOCTL_MAGIC, 25, __u64)
-#endif
-
-#ifndef BTRFS_IOC_SUBVOL_SETFLAGS
-#define BTRFS_IOC_SUBVOL_SETFLAGS _IOW(BTRFS_IOCTL_MAGIC, 26, __u64)
-#endif
-
-#ifndef BTRFS_IOC_DEV_INFO
-#define BTRFS_IOC_DEV_INFO _IOWR(BTRFS_IOCTL_MAGIC, 30, \
- struct btrfs_ioctl_dev_info_args)
-#endif
-
-#ifndef BTRFS_IOC_FS_INFO
-#define BTRFS_IOC_FS_INFO _IOR(BTRFS_IOCTL_MAGIC, 31, \
- struct btrfs_ioctl_fs_info_args)
-#endif
-
-#ifndef BTRFS_IOC_DEVICES_READY
-#define BTRFS_IOC_DEVICES_READY _IOR(BTRFS_IOCTL_MAGIC, 39, \
- struct btrfs_ioctl_vol_args)
-#endif
-
-#ifndef BTRFS_IOC_QUOTA_CTL
-#define BTRFS_IOC_QUOTA_CTL _IOWR(BTRFS_IOCTL_MAGIC, 40, \
- struct btrfs_ioctl_quota_ctl_args)
-#endif
-
-#ifndef BTRFS_IOC_QGROUP_LIMIT
-#define BTRFS_IOC_QGROUP_LIMIT _IOR(BTRFS_IOCTL_MAGIC, 43, \
- struct btrfs_ioctl_qgroup_limit_args)
-#endif
-
-#ifndef BTRFS_IOC_QUOTA_RESCAN_WAIT
-#define BTRFS_IOC_QUOTA_RESCAN_WAIT _IO(BTRFS_IOCTL_MAGIC, 46)
-#endif
-
-#ifndef BTRFS_FIRST_FREE_OBJECTID
-#define BTRFS_FIRST_FREE_OBJECTID 256
-#endif
-
-#ifndef BTRFS_LAST_FREE_OBJECTID
-#define BTRFS_LAST_FREE_OBJECTID -256ULL
-#endif
-
-#ifndef BTRFS_ROOT_TREE_OBJECTID
-#define BTRFS_ROOT_TREE_OBJECTID 1
-#endif
-
-#ifndef BTRFS_QUOTA_TREE_OBJECTID
-#define BTRFS_QUOTA_TREE_OBJECTID 8ULL
-#endif
-
-#ifndef BTRFS_ROOT_ITEM_KEY
-#define BTRFS_ROOT_ITEM_KEY 132
-#endif
-
-#ifndef BTRFS_QGROUP_STATUS_KEY
-#define BTRFS_QGROUP_STATUS_KEY 240
-#endif
-
-#ifndef BTRFS_QGROUP_INFO_KEY
-#define BTRFS_QGROUP_INFO_KEY 242
-#endif
-
-#ifndef BTRFS_QGROUP_LIMIT_KEY
-#define BTRFS_QGROUP_LIMIT_KEY 244
-#endif
-
-#ifndef BTRFS_QGROUP_RELATION_KEY
-#define BTRFS_QGROUP_RELATION_KEY 246
-#endif
-
-#ifndef BTRFS_ROOT_BACKREF_KEY
-#define BTRFS_ROOT_BACKREF_KEY 144
-#endif
-
-#ifndef BTRFS_SUPER_MAGIC
-#define BTRFS_SUPER_MAGIC 0x9123683E
-#endif
-
-#ifndef CGROUP_SUPER_MAGIC
-#define CGROUP_SUPER_MAGIC 0x27e0eb
-#endif
-
-#ifndef CGROUP2_SUPER_MAGIC
-#define CGROUP2_SUPER_MAGIC 0x63677270
-#endif
-
-#ifndef CLONE_NEWCGROUP
-#define CLONE_NEWCGROUP 0x02000000
-#endif
-
-#ifndef TMPFS_MAGIC
-#define TMPFS_MAGIC 0x01021994
-#endif
-
-#ifndef MQUEUE_MAGIC
-#define MQUEUE_MAGIC 0x19800202
-#endif
-
-#ifndef SECURITYFS_MAGIC
-#define SECURITYFS_MAGIC 0x73636673
-#endif
-
-#ifndef TRACEFS_MAGIC
-#define TRACEFS_MAGIC 0x74726163
-#endif
-
-#ifndef BPF_FS_MAGIC
-#define BPF_FS_MAGIC 0xcafe4a11
-#endif
-
-#ifndef OCFS2_SUPER_MAGIC
-#define OCFS2_SUPER_MAGIC 0x7461636f
-#endif
-
-#ifndef MS_MOVE
-#define MS_MOVE 8192
-#endif
-
-#ifndef MS_REC
-#define MS_REC 16384
-#endif
-
-#ifndef MS_PRIVATE
-#define MS_PRIVATE (1<<18)
-#endif
-
-#ifndef MS_REC
-#define MS_REC (1<<19)
-#endif
-
-#ifndef MS_SHARED
-#define MS_SHARED (1<<20)
-#endif
-
-#ifndef MS_RELATIME
-#define MS_RELATIME (1<<21)
-#endif
-
-#ifndef MS_KERNMOUNT
-#define MS_KERNMOUNT (1<<22)
-#endif
-
-#ifndef MS_I_VERSION
-#define MS_I_VERSION (1<<23)
-#endif
-
-#ifndef MS_STRICTATIME
-#define MS_STRICTATIME (1<<24)
-#endif
-
-#ifndef MS_LAZYTIME
-#define MS_LAZYTIME (1<<25)
-#endif
-
-#ifndef SCM_SECURITY
-#define SCM_SECURITY 0x03
-#endif
-
-#ifndef PR_SET_NO_NEW_PRIVS
-#define PR_SET_NO_NEW_PRIVS 38
-#endif
-
-#ifndef PR_SET_CHILD_SUBREAPER
-#define PR_SET_CHILD_SUBREAPER 36
-#endif
-
-#ifndef PR_SET_MM_ARG_START
-#define PR_SET_MM_ARG_START 8
-#endif
-
-#ifndef PR_SET_MM_ARG_END
-#define PR_SET_MM_ARG_END 9
-#endif
-
-#ifndef PR_SET_MM_ENV_START
-#define PR_SET_MM_ENV_START 10
-#endif
-
-#ifndef PR_SET_MM_ENV_END
-#define PR_SET_MM_ENV_END 11
-#endif
-
-#ifndef EFIVARFS_MAGIC
-#define EFIVARFS_MAGIC 0xde5e81e4
-#endif
-
-#ifndef SMACK_MAGIC
-#define SMACK_MAGIC 0x43415d53
-#endif
-
-#ifndef DM_DEFERRED_REMOVE
-#define DM_DEFERRED_REMOVE (1 << 17)
-#endif
-
-#ifndef MAX_HANDLE_SZ
-#define MAX_HANDLE_SZ 128
-#endif
-
-#if ! HAVE_SECURE_GETENV
-# if HAVE___SECURE_GETENV
-# define secure_getenv __secure_getenv
-# else
-# error "neither secure_getenv nor __secure_getenv are available"
-# endif
-#endif
-
-#ifndef CIFS_MAGIC_NUMBER
-# define CIFS_MAGIC_NUMBER 0xFF534D42
-#endif
-
-#ifndef TFD_TIMER_CANCEL_ON_SET
-# define TFD_TIMER_CANCEL_ON_SET (1 << 1)
-#endif
-
-#ifndef SO_REUSEPORT
-# define SO_REUSEPORT 15
-#endif
-
-#ifndef SO_PEERGROUPS
-# define SO_PEERGROUPS 59
-#endif
-
-#ifndef EVIOCREVOKE
-# define EVIOCREVOKE _IOW('E', 0x91, int)
-#endif
-
-#ifndef EVIOCSMASK
-
-struct input_mask {
- uint32_t type;
- uint32_t codes_size;
- uint64_t codes_ptr;
-};
-
-#define EVIOCSMASK _IOW('E', 0x93, struct input_mask)
-#endif
-
-#ifndef DRM_IOCTL_SET_MASTER
-# define DRM_IOCTL_SET_MASTER _IO('d', 0x1e)
-#endif
-
-#ifndef DRM_IOCTL_DROP_MASTER
-# define DRM_IOCTL_DROP_MASTER _IO('d', 0x1f)
-#endif
-
-/* The precise definition of __O_TMPFILE is arch specific; use the
- * values defined by the kernel (note: some are hexa, some are octal,
- * duplicated as-is from the kernel definitions):
- * - alpha, parisc, sparc: each has a specific value;
- * - others: they use the "generic" value.
- */
-
-#ifndef __O_TMPFILE
-#if defined(__alpha__)
-#define __O_TMPFILE 0100000000
-#elif defined(__parisc__) || defined(__hppa__)
-#define __O_TMPFILE 0400000000
-#elif defined(__sparc__) || defined(__sparc64__)
-#define __O_TMPFILE 0x2000000
-#else
-#define __O_TMPFILE 020000000
-#endif
-#endif
-
-/* a horrid kludge trying to make sure that this will fail on old kernels */
-#ifndef O_TMPFILE
-#define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
-#endif
-
-#ifndef BPF_XOR
-#define BPF_XOR 0xa0
-#endif
-
-/* Note that LOOPBACK_IFINDEX is currently not exported by the
- * kernel/glibc, but hardcoded internally by the kernel. However, as
- * it is exported to userspace indirectly via rtnetlink and the
- * ioctls, and made use of widely we define it here too, in a way that
- * is compatible with the kernel's internal definition. */
-#ifndef LOOPBACK_IFINDEX
-#define LOOPBACK_IFINDEX 1
-#endif
-
-#ifndef MAX_AUDIT_MESSAGE_LENGTH
-#define MAX_AUDIT_MESSAGE_LENGTH 8970
-#endif
-
-#ifndef AUDIT_NLGRP_MAX
-#define AUDIT_NLGRP_READLOG 1
-#endif
-
-#ifndef CAP_MAC_OVERRIDE
-#define CAP_MAC_OVERRIDE 32
-#endif
-
-#ifndef CAP_MAC_ADMIN
-#define CAP_MAC_ADMIN 33
-#endif
-
-#ifndef CAP_SYSLOG
-#define CAP_SYSLOG 34
-#endif
-
-#ifndef CAP_WAKE_ALARM
-#define CAP_WAKE_ALARM 35
-#endif
-
-#ifndef CAP_BLOCK_SUSPEND
-#define CAP_BLOCK_SUSPEND 36
-#endif
-
-#ifndef CAP_AUDIT_READ
-#define CAP_AUDIT_READ 37
-#endif
-
-#ifndef RENAME_NOREPLACE
-#define RENAME_NOREPLACE (1 << 0)
-#endif
-
-#ifndef KCMP_FILE
-#define KCMP_FILE 0
-#endif
-
-#ifndef INPUT_PROP_POINTING_STICK
-#define INPUT_PROP_POINTING_STICK 0x05
-#endif
-
-#ifndef INPUT_PROP_ACCELEROMETER
-#define INPUT_PROP_ACCELEROMETER 0x06
-#endif
-
-#ifndef BTN_DPAD_UP
-#define BTN_DPAD_UP 0x220
-#define BTN_DPAD_RIGHT 0x223
-#endif
-
-#ifndef KEY_ALS_TOGGLE
-#define KEY_ALS_TOGGLE 0x230
-#endif
-
-typedef int32_t key_serial_t;
-
-#ifndef KEYCTL_JOIN_SESSION_KEYRING
-#define KEYCTL_JOIN_SESSION_KEYRING 1
-#endif
-
-#ifndef KEYCTL_CHOWN
-#define KEYCTL_CHOWN 4
-#endif
-
-#ifndef KEYCTL_SETPERM
-#define KEYCTL_SETPERM 5
-#endif
-
-#ifndef KEYCTL_DESCRIBE
-#define KEYCTL_DESCRIBE 6
-#endif
-
-#ifndef KEYCTL_LINK
-#define KEYCTL_LINK 8
-#endif
-
-#ifndef KEYCTL_READ
-#define KEYCTL_READ 11
-#endif
-
-#ifndef KEYCTL_SET_TIMEOUT
-#define KEYCTL_SET_TIMEOUT 15
-#endif
-
-#ifndef KEY_POS_VIEW
-#define KEY_POS_VIEW 0x01000000
-#define KEY_POS_READ 0x02000000
-#define KEY_POS_WRITE 0x04000000
-#define KEY_POS_SEARCH 0x08000000
-#define KEY_POS_LINK 0x10000000
-#define KEY_POS_SETATTR 0x20000000
-
-#define KEY_USR_VIEW 0x00010000
-#define KEY_USR_READ 0x00020000
-#define KEY_USR_WRITE 0x00040000
-#define KEY_USR_SEARCH 0x00080000
-#define KEY_USR_LINK 0x00100000
-#define KEY_USR_SETATTR 0x00200000
-
-#define KEY_GRP_VIEW 0x00000100
-#define KEY_GRP_READ 0x00000200
-#define KEY_GRP_WRITE 0x00000400
-#define KEY_GRP_SEARCH 0x00000800
-#define KEY_GRP_LINK 0x00001000
-#define KEY_GRP_SETATTR 0x00002000
-
-#define KEY_OTH_VIEW 0x00000001
-#define KEY_OTH_READ 0x00000002
-#define KEY_OTH_WRITE 0x00000004
-#define KEY_OTH_SEARCH 0x00000008
-#define KEY_OTH_LINK 0x00000010
-#define KEY_OTH_SETATTR 0x00000020
-#endif
-
-#ifndef KEY_SPEC_USER_KEYRING
-#define KEY_SPEC_USER_KEYRING -4
-#endif
-
-#ifndef KEY_SPEC_SESSION_KEYRING
-#define KEY_SPEC_SESSION_KEYRING -3
-#endif
-
-#ifndef PR_CAP_AMBIENT
-#define PR_CAP_AMBIENT 47
-#endif
-
-#ifndef PR_CAP_AMBIENT_IS_SET
-#define PR_CAP_AMBIENT_IS_SET 1
-#endif
-
-#ifndef PR_CAP_AMBIENT_RAISE
-#define PR_CAP_AMBIENT_RAISE 2
-#endif
-
-#ifndef PR_CAP_AMBIENT_CLEAR_ALL
-#define PR_CAP_AMBIENT_CLEAR_ALL 4
-#endif
-
-#if !HAVE_CHAR32_T
-#define char32_t uint32_t
-#endif
-
-#if !HAVE_CHAR16_T
-#define char16_t uint16_t
-#endif
-
-#ifndef ETHERTYPE_LLDP
-#define ETHERTYPE_LLDP 0x88cc
-#endif
-
-#ifndef SOL_ALG
-#define SOL_ALG 279
-#endif
-
-#ifndef AF_VSOCK
-#define AF_VSOCK 40
-#endif
-
-#ifndef EXT4_IOC_RESIZE_FS
-# define EXT4_IOC_RESIZE_FS _IOW('f', 16, __u64)
-#endif
-
-#ifndef NSFS_MAGIC
-#define NSFS_MAGIC 0x6e736673
-#endif
-
-#ifndef NS_GET_NSTYPE
-#define NS_GET_NSTYPE _IO(0xb7, 0x3)
-#endif
-
-#ifndef FALLOC_FL_KEEP_SIZE
-#define FALLOC_FL_KEEP_SIZE 0x01
-#endif
-
-#ifndef FALLOC_FL_PUNCH_HOLE
-#define FALLOC_FL_PUNCH_HOLE 0x02
-#endif
-
-#ifndef PF_KTHREAD
-#define PF_KTHREAD 0x00200000
-#endif
-
-#if ! HAVE_STRUCT_STATX
-struct statx_timestamp {
- int64_t tv_sec;
- uint32_t tv_nsec;
- uint32_t __reserved;
-};
-struct statx {
- uint32_t stx_mask;
- uint32_t stx_blksize;
- uint64_t stx_attributes;
- uint32_t stx_nlink;
- uint32_t stx_uid;
- uint32_t stx_gid;
- uint16_t stx_mode;
- uint16_t __spare0[1];
- uint64_t stx_ino;
- uint64_t stx_size;
- uint64_t stx_blocks;
- uint64_t stx_attributes_mask;
- struct statx_timestamp stx_atime;
- struct statx_timestamp stx_btime;
- struct statx_timestamp stx_ctime;
- struct statx_timestamp stx_mtime;
- uint32_t stx_rdev_major;
- uint32_t stx_rdev_minor;
- uint32_t stx_dev_major;
- uint32_t stx_dev_minor;
- uint64_t __spare2[14];
-};
-#endif
-
-#ifndef STATX_BTIME
-#define STATX_BTIME 0x00000800U
-#endif
-
-#ifndef AT_STATX_DONT_SYNC
-#define AT_STATX_DONT_SYNC 0x4000
-#endif
-
-/* The maximum thread/process name length including trailing NUL byte. This mimics the kernel definition of the same
- * name, which we need in userspace at various places but is not defined in userspace currently, neither under this
- * name nor any other. */
-#ifndef TASK_COMM_LEN
-#define TASK_COMM_LEN 16
-#endif
-
+#include "missing_audit.h"
+#include "missing_btrfs_tree.h"
+#include "missing_capability.h"
+#include "missing_fcntl.h"
+#include "missing_fs.h"
+#include "missing_input.h"
+#include "missing_magic.h"
+#include "missing_mman.h"
#include "missing_network.h"
+#include "missing_prctl.h"
+#include "missing_random.h"
+#include "missing_resource.h"
+#include "missing_sched.h"
+#include "missing_socket.h"
+#include "missing_stdlib.h"
+#include "missing_timerfd.h"
+#include "missing_type.h"
+
#include "missing_syscall.h"
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <linux/audit.h>
+
+#if HAVE_AUDIT
+#include <libaudit.h>
+#endif
+
+#ifndef AUDIT_SERVICE_START
+#define AUDIT_SERVICE_START 1130 /* Service (daemon) start */
+#endif
+
+#ifndef AUDIT_SERVICE_STOP
+#define AUDIT_SERVICE_STOP 1131 /* Service (daemon) stop */
+#endif
+
+#ifndef MAX_AUDIT_MESSAGE_LENGTH
+#define MAX_AUDIT_MESSAGE_LENGTH 8970
+#endif
+
+#ifndef AUDIT_NLGRP_MAX
+#define AUDIT_NLGRP_READLOG 1
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+/* Old btrfs.h requires stddef.h to be included before btrfs.h */
+#include <stddef.h>
+
+#include <linux/btrfs.h>
+
+/* linux@57254b6ebce4ceca02d9c8b615f6059c56c19238 (3.11) */
+#ifndef BTRFS_IOC_QUOTA_RESCAN_WAIT
+#define BTRFS_IOC_QUOTA_RESCAN_WAIT _IO(BTRFS_IOCTL_MAGIC, 46)
+#endif
+
+/* linux@83288b60bf6668933689078973136e0c9d387b38 (4.7) */
+#ifndef BTRFS_QGROUP_LIMIT_MAX_RFER
+#define BTRFS_QGROUP_LIMIT_MAX_RFER (1ULL << 0)
+#define BTRFS_QGROUP_LIMIT_MAX_EXCL (1ULL << 1)
+#define BTRFS_QGROUP_LIMIT_RSV_RFER (1ULL << 2)
+#define BTRFS_QGROUP_LIMIT_RSV_EXCL (1ULL << 3)
+#define BTRFS_QGROUP_LIMIT_RFER_CMPR (1ULL << 4)
+#define BTRFS_QGROUP_LIMIT_EXCL_CMPR (1ULL << 5)
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <linux/types.h>
+
+#include "missing_btrfs.h"
+
+/* linux@db6711600e27c885aed89751f04e727f3af26715 (4.7) */
+#if HAVE_LINUX_BTRFS_TREE_H
+#include <linux/btrfs_tree.h>
+#else
+#define BTRFS_ROOT_TREE_OBJECTID 1
+#define BTRFS_QUOTA_TREE_OBJECTID 8
+#define BTRFS_FIRST_FREE_OBJECTID 256
+#define BTRFS_LAST_FREE_OBJECTID -256ULL
+
+#define BTRFS_ROOT_ITEM_KEY 132
+#define BTRFS_ROOT_BACKREF_KEY 144
+#define BTRFS_QGROUP_STATUS_KEY 240
+#define BTRFS_QGROUP_INFO_KEY 242
+#define BTRFS_QGROUP_LIMIT_KEY 244
+#define BTRFS_QGROUP_RELATION_KEY 246
+
+struct btrfs_disk_key {
+ __le64 objectid;
+ __u8 type;
+ __le64 offset;
+} __attribute__ ((__packed__));
+
+struct btrfs_timespec {
+ __le64 sec;
+ __le32 nsec;
+} __attribute__ ((__packed__));
+
+struct btrfs_inode_item {
+ __le64 generation;
+ __le64 transid;
+ __le64 size;
+ __le64 nbytes;
+ __le64 block_group;
+ __le32 nlink;
+ __le32 uid;
+ __le32 gid;
+ __le32 mode;
+ __le64 rdev;
+ __le64 flags;
+ __le64 sequence;
+ __le64 reserved[4];
+ struct btrfs_timespec atime;
+ struct btrfs_timespec ctime;
+ struct btrfs_timespec mtime;
+ struct btrfs_timespec otime;
+} __attribute__ ((__packed__));
+
+#define BTRFS_ROOT_SUBVOL_RDONLY (1ULL << 0)
+
+struct btrfs_root_item {
+ struct btrfs_inode_item inode;
+ __le64 generation;
+ __le64 root_dirid;
+ __le64 bytenr;
+ __le64 byte_limit;
+ __le64 bytes_used;
+ __le64 last_snapshot;
+ __le64 flags;
+ __le32 refs;
+ struct btrfs_disk_key drop_progress;
+ __u8 drop_level;
+ __u8 level;
+
+ __le64 generation_v2;
+ __u8 uuid[BTRFS_UUID_SIZE];
+ __u8 parent_uuid[BTRFS_UUID_SIZE];
+ __u8 received_uuid[BTRFS_UUID_SIZE];
+ __le64 ctransid; /* updated when an inode changes */
+ __le64 otransid; /* trans when created */
+ __le64 stransid; /* trans when sent. non-zero for received subvol */
+ __le64 rtransid; /* trans when received. non-zero for received subvol */
+ struct btrfs_timespec ctime;
+ struct btrfs_timespec otime;
+ struct btrfs_timespec stime;
+ struct btrfs_timespec rtime;
+ __le64 reserved[8]; /* for future */
+} __attribute__ ((__packed__));
+
+struct btrfs_root_ref {
+ __le64 dirid;
+ __le64 sequence;
+ __le16 name_len;
+} __attribute__ ((__packed__));
+
+#define BTRFS_QGROUP_LEVEL_SHIFT 48
+
+struct btrfs_qgroup_info_item {
+ __le64 generation;
+ __le64 rfer;
+ __le64 rfer_cmpr;
+ __le64 excl;
+ __le64 excl_cmpr;
+} __attribute__ ((__packed__));
+
+struct btrfs_qgroup_limit_item {
+ __le64 flags;
+ __le64 max_rfer;
+ __le64 max_excl;
+ __le64 rsv_rfer;
+ __le64 rsv_excl;
+} __attribute__ ((__packed__));
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <linux/capability.h>
+
+/* 3a101b8de0d39403b2c7e5c23fd0b005668acf48 (3.16) */
+#ifndef CAP_AUDIT_READ
+#define CAP_AUDIT_READ 37
+
+#undef CAP_LAST_CAP
+#define CAP_LAST_CAP CAP_AUDIT_READ
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <fcntl.h>
+
+#ifndef F_LINUX_SPECIFIC_BASE
+#define F_LINUX_SPECIFIC_BASE 1024
+#endif
+
+#ifndef F_SETPIPE_SZ
+#define F_SETPIPE_SZ (F_LINUX_SPECIFIC_BASE + 7)
+#endif
+
+#ifndef F_GETPIPE_SZ
+#define F_GETPIPE_SZ (F_LINUX_SPECIFIC_BASE + 8)
+#endif
+
+#ifndef F_ADD_SEALS
+#define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9)
+#define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10)
+
+#define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */
+#define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */
+#define F_SEAL_GROW 0x0004 /* prevent file from growing */
+#define F_SEAL_WRITE 0x0008 /* prevent writes */
+#endif
+
+#ifndef F_OFD_GETLK
+#define F_OFD_GETLK 36
+#define F_OFD_SETLK 37
+#define F_OFD_SETLKW 38
+#endif
+
+#ifndef MAX_HANDLE_SZ
+#define MAX_HANDLE_SZ 128
+#endif
+
+/* The precise definition of __O_TMPFILE is arch specific; use the
+ * values defined by the kernel (note: some are hexa, some are octal,
+ * duplicated as-is from the kernel definitions):
+ * - alpha, parisc, sparc: each has a specific value;
+ * - others: they use the "generic" value.
+ */
+
+#ifndef __O_TMPFILE
+#if defined(__alpha__)
+#define __O_TMPFILE 0100000000
+#elif defined(__parisc__) || defined(__hppa__)
+#define __O_TMPFILE 0400000000
+#elif defined(__sparc__) || defined(__sparc64__)
+#define __O_TMPFILE 0x2000000
+#else
+#define __O_TMPFILE 020000000
+#endif
+#endif
+
+/* a horrid kludge trying to make sure that this will fail on old kernels */
+#ifndef O_TMPFILE
+#define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
+#endif
#include <linux/types.h>
+#if !HAVE_FRA_TUN_ID /* linux@e7030878fc8448492b6e5cecd574043f63271298 (4.3) */
+#define FRA_TUN_ID 12
+#endif
+
+#if !HAVE_FRA_SUPPRESS_PREFIXLEN /* linux@6ef94cfafba159d6b1a902ccb3349ac6a34ff6ad, 73f5698e77219bfc3ea1903759fe8e20ab5b285e (3.12) */
+#define FRA_SUPPRESS_IFGROUP 13
+#define FRA_SUPPRESS_PREFIXLEN 14
+#endif
+
#if !HAVE_FRA_PAD /* linux@b46f6ded906ef0be52a4881ba50a084aeca64d7e (4.7) */
#define FRA_PAD 18
#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+/* linux/fs.h */
+#ifndef RENAME_NOREPLACE /* 0a7c3937a1f23f8cb5fc77ae01661e9968a51d0c (3.15) */
+#define RENAME_NOREPLACE (1 << 0)
+#endif
+
+/* linux/fs.h or sys/mount.h */
+#ifndef MS_MOVE
+#define MS_MOVE 8192
+#endif
+
+#ifndef MS_REC
+#define MS_REC 16384
+#endif
+
+#ifndef MS_PRIVATE
+#define MS_PRIVATE (1<<18)
+#endif
+
+#ifndef MS_SLAVE
+#define MS_SLAVE (1<<19)
+#endif
+
+#ifndef MS_SHARED
+#define MS_SHARED (1<<20)
+#endif
+
+#ifndef MS_RELATIME
+#define MS_RELATIME (1<<21)
+#endif
+
+#ifndef MS_KERNMOUNT
+#define MS_KERNMOUNT (1<<22)
+#endif
+
+#ifndef MS_I_VERSION
+#define MS_I_VERSION (1<<23)
+#endif
+
+#ifndef MS_STRICTATIME
+#define MS_STRICTATIME (1<<24)
+#endif
+
+#ifndef MS_LAZYTIME
+#define MS_LAZYTIME (1<<25)
+#endif
+
+/* Not exposed yet. Defined at fs/ext4/ext4.h */
+#ifndef EXT4_IOC_RESIZE_FS
+#define EXT4_IOC_RESIZE_FS _IOW('f', 16, __u64)
+#endif
+
+/* Not exposed yet. Defined at fs/cifs/cifsglob.h */
+#ifndef CIFS_MAGIC_NUMBER
+#define CIFS_MAGIC_NUMBER 0xFF534D42
+#endif
+
+/* linux/nsfs.h */
+#ifndef NS_GET_NSTYPE /* d95fa3c76a66b6d76b1e109ea505c55e66360f3c (4.11) */
+#define NS_GET_NSTYPE _IO(0xb7, 0x3)
+#endif
#if !HAVE_IN6_ADDR_GEN_MODE_RANDOM /* linux@cc9da6cc4f56e05cc9e591459fe0192727ff58b3 (4.5) */
#define IN6_ADDR_GEN_MODE_RANDOM 3
#endif
-#endif
+#endif /* !HAVE_IFLA_INET6_ADDR_GEN_MODE */
#if !HAVE_IFLA_IPVLAN_MODE /* linux@2ad7bf3638411cb547f2823df08166c13ab04269 (3.19) */
enum {
#define IPVLAN_MODE_L3S 2
#define IPVLAN_MODE_MAX 3
#endif
-#if !HAVE_IFLA_IPVLAN_FLAGS /* linux@a190d04db93710ae166749055b6985397c6d13f5, fe89aa6b250c1011ccf425fbb7998e96bd54263f (4.15) */
+#if !HAVE_IFLA_IPVLAN_FLAGS /* linux@a190d04db93710ae166749055b6985397c6d13f5 (4.15) */
#define IFLA_IPVLAN_FLAGS 2
#undef IFLA_IPVLAN_MAX
#define IFLA_IPVLAN_MAX 2
+#endif
+#endif /* !HAVE_IFLA_IPVLAN_MODE */
+/* linux@a190d04db93710ae166749055b6985397c6d13f5 (4.15) */
+#ifndef IPVLAN_F_PRIVATE
#define IPVLAN_F_PRIVATE 0x01
-#define IPVLAN_F_VEPA 0x02
#endif
+
+/* linux@fe89aa6b250c1011ccf425fbb7998e96bd54263f (4.15) */
+#ifndef IPVLAN_F_VEPA
+#define IPVLAN_F_VEPA 0x02
#endif
#if !HAVE_IFLA_PHYS_PORT_ID /* linux@66cae9ed6bc46b8cc57a9693f99f69926f3cc7ef (3.12) */
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <linux/input.h>
+#include <linux/types.h>
+
+/* linux@c7dc65737c9a607d3e6f8478659876074ad129b8 (3.12) */
+#ifndef EVIOCREVOKE
+#define EVIOCREVOKE _IOW('E', 0x91, int)
+#endif
+
+/* linux@06a16293f71927f756dcf37558a79c0b05a91641 (4.4) */
+#ifndef EVIOCSMASK
+struct input_mask {
+ __u32 type;
+ __u32 codes_size;
+ __u64 codes_ptr;
+};
+
+#define EVIOCGMASK _IOR('E', 0x92, struct input_mask)
+#define EVIOCSMASK _IOW('E', 0x93, struct input_mask)
+#endif
+
+/* linux@7611392fe8ff95ecae528b01a815ae3d72ca6b95 (3.17) */
+#ifndef INPUT_PROP_POINTING_STICK
+#define INPUT_PROP_POINTING_STICK 0x05
+#endif
+
+/* linux@500d4160abe9a2e88b12e319c13ae3ebd1e18108 (4.0) */
+#ifndef INPUT_PROP_ACCELEROMETER
+#define INPUT_PROP_ACCELEROMETER 0x06
+#endif
+
+/* linux@d09bbfd2a8408a995419dff0d2ba906013cf4cc9 (3.11) */
+#ifndef BTN_DPAD_UP
+#define BTN_DPAD_UP 0x220
+#define BTN_DPAD_DOWN 0x221
+#define BTN_DPAD_LEFT 0x222
+#define BTN_DPAD_RIGHT 0x223
+#endif
+
+/* linux@358f24704f2f016af7d504b357cdf32606091d07 (3.13) */
+#ifndef KEY_ALS_TOGGLE
+#define KEY_ALS_TOGGLE 0x230
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <linux/keyctl.h>
+
+#ifndef KEYCTL_JOIN_SESSION_KEYRING
+#define KEYCTL_JOIN_SESSION_KEYRING 1
+#endif
+
+#ifndef KEYCTL_CHOWN
+#define KEYCTL_CHOWN 4
+#endif
+
+#ifndef KEYCTL_SETPERM
+#define KEYCTL_SETPERM 5
+#endif
+
+#ifndef KEYCTL_DESCRIBE
+#define KEYCTL_DESCRIBE 6
+#endif
+
+#ifndef KEYCTL_LINK
+#define KEYCTL_LINK 8
+#endif
+
+#ifndef KEYCTL_READ
+#define KEYCTL_READ 11
+#endif
+
+#ifndef KEYCTL_SET_TIMEOUT
+#define KEYCTL_SET_TIMEOUT 15
+#endif
+
+#ifndef KEY_SPEC_USER_KEYRING
+#define KEY_SPEC_USER_KEYRING -4
+#endif
+
+#ifndef KEY_SPEC_SESSION_KEYRING
+#define KEY_SPEC_SESSION_KEYRING -3
+#endif
+
+/* From linux/key.h */
+#ifndef KEY_POS_VIEW
+
+typedef int32_t key_serial_t;
+
+#define KEY_POS_VIEW 0x01000000
+#define KEY_POS_READ 0x02000000
+#define KEY_POS_WRITE 0x04000000
+#define KEY_POS_SEARCH 0x08000000
+#define KEY_POS_LINK 0x10000000
+#define KEY_POS_SETATTR 0x20000000
+#define KEY_POS_ALL 0x3f000000
+
+#define KEY_USR_VIEW 0x00010000
+#define KEY_USR_READ 0x00020000
+#define KEY_USR_WRITE 0x00040000
+#define KEY_USR_SEARCH 0x00080000
+#define KEY_USR_LINK 0x00100000
+#define KEY_USR_SETATTR 0x00200000
+#define KEY_USR_ALL 0x003f0000
+
+#define KEY_GRP_VIEW 0x00000100
+#define KEY_GRP_READ 0x00000200
+#define KEY_GRP_WRITE 0x00000400
+#define KEY_GRP_SEARCH 0x00000800
+#define KEY_GRP_LINK 0x00001000
+#define KEY_GRP_SETATTR 0x00002000
+#define KEY_GRP_ALL 0x00003f00
+
+#define KEY_OTH_VIEW 0x00000001
+#define KEY_OTH_READ 0x00000002
+#define KEY_OTH_WRITE 0x00000004
+#define KEY_OTH_SEARCH 0x00000008
+#define KEY_OTH_LINK 0x00000010
+#define KEY_OTH_SETATTR 0x00000020
+#define KEY_OTH_ALL 0x0000003f
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <linux/magic.h>
+
+/* 62aa81d7c4c24b90fdb61da70ac0dbbc414f9939 (4.13) */
+#ifndef OCFS2_SUPER_MAGIC
+#define OCFS2_SUPER_MAGIC 0x7461636f
+#endif
+
+/* 67e9c74b8a873408c27ac9a8e4c1d1c8d72c93ff (4.5) */
+#ifndef CGROUP2_SUPER_MAGIC
+#define CGROUP2_SUPER_MAGIC 0x63677270
+#endif
+
+/* 4282d60689d4f21b40692029080440cc58e8a17d (4.1) */
+#ifndef TRACEFS_MAGIC
+#define TRACEFS_MAGIC 0x74726163
+#endif
+
+/* e149ed2b805fefdccf7ccdfc19eca22fdd4514ac (3.19) */
+#ifndef NSFS_MAGIC
+#define NSFS_MAGIC 0x6e736673
+#endif
+
+/* b2197755b2633e164a439682fb05a9b5ea48f706 (4.4) */
+#ifndef BPF_FS_MAGIC
+#define BPF_FS_MAGIC 0xcafe4a11
+#endif
+
+/* Not exposed yet (4.20). Defined at ipc/mqueue.c */
+#ifndef MQUEUE_MAGIC
+#define MQUEUE_MAGIC 0x19800202
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <sys/mman.h>
+
+#ifndef MFD_ALLOW_SEALING
+#define MFD_ALLOW_SEALING 0x0002U
+#endif
+
+#ifndef MFD_CLOEXEC
+#define MFD_CLOEXEC 0x0001U
+#endif
#include <linux/loop.h>
#include <linux/rtnetlink.h>
+#include <net/ethernet.h>
#include "missing_ethtool.h"
#include "missing_fib_rules.h"
#define NET_NAME_RENAMED 4
#endif
+/* netlink.h */
+#ifndef NETLINK_LIST_MEMBERSHIPS /* b42be38b2778eda2237fc759e55e3b698b05b315 (4.2) */
+#define NETLINK_LIST_MEMBERSHIPS 9
+#endif
+
/* rtnetlink.h */
#ifndef RTA_PREF
#define RTA_PREF 20
#ifndef RTA_EXPIRES
#define RTA_EXPIRES 23
#endif
+
+/* Note that LOOPBACK_IFINDEX is currently not exported by the
+ * kernel/glibc, but hardcoded internally by the kernel. However, as
+ * it is exported to userspace indirectly via rtnetlink and the
+ * ioctls, and made use of widely we define it here too, in a way that
+ * is compatible with the kernel's internal definition. */
+#ifndef LOOPBACK_IFINDEX
+#define LOOPBACK_IFINDEX 1
+#endif
+
+/* Not exposed yet. Similar values are defined in net/ethernet.h */
+#ifndef ETHERTYPE_LLDP
+#define ETHERTYPE_LLDP 0x88cc
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <linux/prctl.h>
+
+/* 58319057b7847667f0c9585b9de0e8932b0fdb08 (4.3) */
+#ifndef PR_CAP_AMBIENT
+#define PR_CAP_AMBIENT 47
+
+#define PR_CAP_AMBIENT_IS_SET 1
+#define PR_CAP_AMBIENT_RAISE 2
+#define PR_CAP_AMBIENT_LOWER 3
+#define PR_CAP_AMBIENT_CLEAR_ALL 4
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#if USE_SYS_RANDOM_H
+# include <sys/random.h>
+#else
+# include <linux/random.h>
+#endif
+
+#ifndef GRND_NONBLOCK
+#define GRND_NONBLOCK 0x0001
+#endif
+
+#ifndef GRND_RANDOM
+#define GRND_RANDOM 0x0002
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <sys/resource.h>
+
+#ifndef RLIMIT_RTTIME
+#define RLIMIT_RTTIME 15
+#endif
+
+/* If RLIMIT_RTTIME is not defined, then we cannot use RLIMIT_NLIMITS as is */
+#define _RLIMIT_MAX (RLIMIT_RTTIME+1 > RLIMIT_NLIMITS ? RLIMIT_RTTIME+1 : RLIMIT_NLIMITS)
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <sched.h>
+
+#ifndef CLONE_NEWCGROUP
+#define CLONE_NEWCGROUP 0x02000000
+#endif
+
+/* Not exposed yet. Defined at include/linux/sched.h */
+#ifndef PF_KTHREAD
+#define PF_KTHREAD 0x00200000
+#endif
+
+/* The maximum thread/process name length including trailing NUL byte. This mimics the kernel definition of the same
+ * name, which we need in userspace at various places but is not defined in userspace currently, neither under this
+ * name nor any other. */
+/* Not exposed yet. Defined at include/linux/sched.h */
+#ifndef TASK_COMM_LEN
+#define TASK_COMM_LEN 16
+#endif
--- /dev/null
+#pragma once
+
+#include <linux/securebits.h>
+
+/* 746bf6d64275be0c65b0631d8a72b16f1454cfa1 (4.3) */
+#ifndef SECURE_NO_CAP_AMBIENT_RAISE
+#define SECURE_NO_CAP_AMBIENT_RAISE 6
+#define SECURE_NO_CAP_AMBIENT_RAISE_LOCKED 7 /* make bit-6 immutable */
+#define SECBIT_NO_CAP_AMBIENT_RAISE (issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE))
+#define SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED (issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE_LOCKED))
+
+#undef SECURE_ALL_BITS
+#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \
+ issecure_mask(SECURE_NO_SETUID_FIXUP) | \
+ issecure_mask(SECURE_KEEP_CAPS) | \
+ issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE))
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <sys/socket.h>
+
+#if HAVE_LINUX_VM_SOCKETS_H
+#include <linux/vm_sockets.h>
+#else
+#define VMADDR_CID_ANY -1U
+struct sockaddr_vm {
+ unsigned short svm_family;
+ unsigned short svm_reserved1;
+ unsigned int svm_port;
+ unsigned int svm_cid;
+ unsigned char svm_zero[sizeof(struct sockaddr) -
+ sizeof(unsigned short) -
+ sizeof(unsigned short) -
+ sizeof(unsigned int) -
+ sizeof(unsigned int)];
+};
+#endif /* !HAVE_LINUX_VM_SOCKETS_H */
+
+#ifndef AF_VSOCK
+#define AF_VSOCK 40
+#endif
+
+#ifndef SO_REUSEPORT
+#define SO_REUSEPORT 15
+#endif
+
+#ifndef SO_PEERGROUPS
+#define SO_PEERGROUPS 59
+#endif
+
+#ifndef SOL_NETLINK
+#define SOL_NETLINK 270
+#endif
+
+#ifndef SOL_ALG
+#define SOL_ALG 279
+#endif
+
+/* Not exposed yet. Defined in include/linux/socket.h. */
+#ifndef SOL_SCTP
+#define SOL_SCTP 132
+#endif
+
+/* Not exposed yet. Defined in include/linux/socket.h */
+#ifndef SCM_SECURITY
+#define SCM_SECURITY 0x03
+#endif
+
+/* netinet/in.h */
+#ifndef IP_FREEBIND
+#define IP_FREEBIND 15
+#endif
+
+#ifndef IP_TRANSPARENT
+#define IP_TRANSPARENT 19
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <linux/types.h>
+#include <sys/stat.h>
+
+#if WANT_LINUX_STAT_H
+#include <linux/stat.h>
+#endif
+
+/* a528d35e8bfcc521d7cb70aaf03e1bd296c8493f (4.11) */
+#if !HAVE_STRUCT_STATX
+struct statx_timestamp {
+ __s64 tv_sec;
+ __u32 tv_nsec;
+ __s32 __reserved;
+};
+struct statx {
+ __u32 stx_mask;
+ __u32 stx_blksize;
+ __u64 stx_attributes;
+ __u32 stx_nlink;
+ __u32 stx_uid;
+ __u32 stx_gid;
+ __u16 stx_mode;
+ __u16 __spare0[1];
+ __u64 stx_ino;
+ __u64 stx_size;
+ __u64 stx_blocks;
+ __u64 stx_attributes_mask;
+ struct statx_timestamp stx_atime;
+ struct statx_timestamp stx_btime;
+ struct statx_timestamp stx_ctime;
+ struct statx_timestamp stx_mtime;
+ __u32 stx_rdev_major;
+ __u32 stx_rdev_minor;
+ __u32 stx_dev_major;
+ __u32 stx_dev_minor;
+ __u64 __spare2[14];
+};
+#endif
+
+/* a528d35e8bfcc521d7cb70aaf03e1bd296c8493f (4.11) */
+#ifndef STATX_BTIME
+#define STATX_BTIME 0x00000800U
+#endif
+
+/* a528d35e8bfcc521d7cb70aaf03e1bd296c8493f (4.11) */
+#ifndef AT_STATX_DONT_SYNC
+#define AT_STATX_DONT_SYNC 0x4000
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <stdlib.h>
+
+/* stdlib.h */
+#if !HAVE_SECURE_GETENV
+# if HAVE___SECURE_GETENV
+# define secure_getenv __secure_getenv
+# else
+# error "neither secure_getenv nor __secure_getenv are available"
+# endif
+#endif
/* Missing glibc definitions to access certain kernel APIs */
+#include <fcntl.h>
+#include <sys/syscall.h>
#include <sys/types.h>
+#include <unistd.h>
+
+#ifdef ARCH_MIPS
+#include <asm/sgidefs.h>
+#endif
+
+#include "missing_keyctl.h"
+#include "missing_stat.h"
+
+/* linux/kcmp.h */
+#ifndef KCMP_FILE /* 3f4994cfc15f38a3159c6e3a4b3ab2e1481a6b02 (3.19) */
+#define KCMP_FILE 0
+#endif
#if !HAVE_PIVOT_ROOT
static inline int missing_pivot_root(const char *new_root, const char *put_old) {
/* ======================================================================= */
#if !HAVE_KEYCTL
-static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4,unsigned long arg5) {
+static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) {
# ifdef __NR_keyctl
return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
# else
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <sys/timerfd.h>
+
+#ifndef TFD_TIMER_CANCEL_ON_SET
+#define TFD_TIMER_CANCEL_ON_SET (1 << 1)
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include <uchar.h>
+
+#if !HAVE_CHAR32_T
+#define char32_t uint32_t
+#endif
+
+#if !HAVE_CHAR16_T
+#define char16_t uint16_t
+#endif
#include <errno.h>
#include <inttypes.h>
+#include <linux/oom.h>
#include <locale.h>
#include <stdio.h>
#include <stdlib.h>
#include "missing.h"
#include "process-util.h"
#include "raw-clone.h"
+#include "rlimit-util.h"
#include "signal-util.h"
#include "stat-util.h"
#include "string-table.h"
}
}
+ if (flags & FORK_RLIMIT_NOFILE_SAFE) {
+ r = rlimit_nofile_safe();
+ if (r < 0) {
+ log_full_errno(prio, r, "Failed to lower RLIMIT_NOFILE's soft limit to 1K: %m");
+ _exit(EXIT_FAILURE);
+ }
+ }
+
if (ret_pid)
*ret_pid = getpid_cached();
safe_close_above_stdio(fd);
}
+ (void) rlimit_nofile_safe();
+
/* Count arguments */
va_start(ap, path);
for (n = 0; va_arg(ap, char*); n++)
int must_be_root(void);
typedef enum ForkFlags {
- FORK_RESET_SIGNALS = 1 << 0,
- FORK_CLOSE_ALL_FDS = 1 << 1,
- FORK_DEATHSIG = 1 << 2,
- FORK_NULL_STDIO = 1 << 3,
- FORK_REOPEN_LOG = 1 << 4,
- FORK_LOG = 1 << 5,
- FORK_WAIT = 1 << 6,
- FORK_NEW_MOUNTNS = 1 << 7,
- FORK_MOUNTNS_SLAVE = 1 << 8,
+ FORK_RESET_SIGNALS = 1 << 0, /* Reset all signal handlers and signal mask */
+ FORK_CLOSE_ALL_FDS = 1 << 1, /* Close all open file descriptors in the child, except for 0,1,2 */
+ FORK_DEATHSIG = 1 << 2, /* Set PR_DEATHSIG in the child */
+ FORK_NULL_STDIO = 1 << 3, /* Connect 0,1,2 to /dev/null */
+ FORK_REOPEN_LOG = 1 << 4, /* Reopen log connection */
+ FORK_LOG = 1 << 5, /* Log above LOG_DEBUG log level about failures */
+ FORK_WAIT = 1 << 6, /* Wait until child exited */
+ FORK_NEW_MOUNTNS = 1 << 7, /* Run child in its own mount namespace */
+ FORK_MOUNTNS_SLAVE = 1 << 8, /* Make child's mount namespace MS_SLAVE */
+ FORK_RLIMIT_NOFILE_SAFE = 1 << 9, /* Set RLIMIT_NOFILE soft limit to 1K for select() compat */
} ForkFlags;
int safe_fork_full(const char *name, const int except_fds[], size_t n_except_fds, ForkFlags flags, pid_t *ret_pid);
#include <elf.h>
#include <errno.h>
#include <fcntl.h>
-#include <linux/random.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
return 0;
}
+
+int rlimit_nofile_safe(void) {
+ struct rlimit rl;
+
+ /* Resets RLIMIT_NOFILE's soft limit FD_SETSIZE (i.e. 1024), for compatibility with software still using
+ * select() */
+
+ if (getrlimit(RLIMIT_NOFILE, &rl) < 0)
+ return log_debug_errno(errno, "Failed to query RLIMIT_NOFILE: %m");
+
+ if (rl.rlim_cur <= FD_SETSIZE)
+ return 0;
+
+ rl.rlim_cur = FD_SETSIZE;
+ if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
+ return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur);
+
+ return 1;
+}
#define RLIMIT_MAKE_CONST(lim) ((struct rlimit) { lim, lim })
int rlimit_nofile_bump(int limit);
+int rlimit_nofile_safe(void);
+++ /dev/null
-#pragma once
-
-/* This is minimal version of Linux' linux/securebits.h header file,
- * which is licensed GPL2 */
-
-#define SECUREBITS_DEFAULT 0x00000000
-
-/* When set UID 0 has no special privileges. When unset, we support
- inheritance of root-permissions and suid-root executable under
- compatibility mode. We raise the effective and inheritable bitmasks
- *of the executable file* if the effective uid of the new process is
- 0. If the real uid is 0, we raise the effective (legacy) bit of the
- executable file. */
-#define SECURE_NOROOT 0
-#define SECURE_NOROOT_LOCKED 1 /* make bit-0 immutable */
-
-/* When set, setuid to/from uid 0 does not trigger capability-"fixup".
- When unset, to provide compatibility with old programs relying on
- set*uid to gain/lose privilege, transitions to/from uid 0 cause
- capabilities to be gained/lost. */
-#define SECURE_NO_SETUID_FIXUP 2
-#define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */
-
-/* When set, a process can retain its capabilities even after
- transitioning to a non-root user (the set-uid fixup suppressed by
- bit 2). Bit-4 is cleared when a process calls exec(); setting both
- bit 4 and 5 will create a barrier through exec that no exec()'d
- child can use this feature again. */
-#define SECURE_KEEP_CAPS 4
-#define SECURE_KEEP_CAPS_LOCKED 5 /* make bit-4 immutable */
-
-/* Each securesetting is implemented using two bits. One bit specifies
- whether the setting is on or off. The other bit specify whether the
- setting is locked or not. A setting which is locked cannot be
- changed from user-level. */
-#define issecure_mask(X) (1 << (X))
-#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
-
-#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \
- issecure_mask(SECURE_NO_SETUID_FIXUP) | \
- issecure_mask(SECURE_KEEP_CAPS))
-#define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1)
}
}
-int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
+int sockaddr_pretty(
+ const struct sockaddr *_sa,
+ socklen_t salen,
+ bool translate_ipv6,
+ bool include_port,
+ char **ret) {
+
union sockaddr_union *sa = (union sockaddr_union*) _sa;
char *p;
int r;
case AF_UNIX:
if (salen <= offsetof(struct sockaddr_un, sun_path) ||
- (sa->un.sun_path[0] == 0 && salen == offsetof(struct sockaddr_un, sun_path) + 1)) {
+ (sa->un.sun_path[0] == 0 && salen == offsetof(struct sockaddr_un, sun_path) + 1))
/* The name must have at least one character (and the leading NUL does not count) */
-
p = strdup("<unnamed>");
- if (!p)
- return -ENOMEM;
-
- } else {
+ else {
+ /* Note that we calculate the path pointer here through the .un_buffer[] field, in order to
+ * outtrick bounds checking tools such as ubsan, which are too smart for their own good: on
+ * Linux the kernel may return sun_path[] data one byte longer than the declared size of the
+ * field. */
+ char *path = (char*) sa->un_buffer + offsetof(struct sockaddr_un, sun_path);
size_t path_len = salen - offsetof(struct sockaddr_un, sun_path);
- if (sa->un.sun_path[0] == 0) {
+ if (path[0] == 0) {
/* Abstract socket. When parsing address information from, we
* explicitly reject overly long paths and paths with embedded NULs.
* But we might get such a socket from the outside. Let's return
_cleanup_free_ char *e = NULL;
- e = cescape_length(sa->un.sun_path + 1, path_len - 1);
+ e = cescape_length(path + 1, path_len - 1);
if (!e)
return -ENOMEM;
p = strjoin("@", e);
} else {
- if (sa->un.sun_path[path_len - 1] == '\0')
+ if (path[path_len - 1] == '\0')
/* We expect a terminating NUL and don't print it */
path_len --;
- p = cescape_length(sa->un.sun_path, path_len);
+ p = cescape_length(path, path_len);
}
- if (!p)
- return -ENOMEM;
}
+ if (!p)
+ return -ENOMEM;
break;
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
+#include <inttypes.h>
+#include <linux/netlink.h>
+#include <linux/if_infiniband.h>
+#include <linux/if_packet.h>
#include <netinet/ether.h>
#include <netinet/in.h>
#include <stdbool.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
-#include <linux/netlink.h>
-#include <linux/if_infiniband.h>
-#include <linux/if_packet.h>
#include "macro.h"
-#include "missing.h"
-#include "util.h"
+#include "missing_socket.h"
+#include "sparse-endian.h"
union sockaddr_union {
/* The minimal, abstract version */
#define ANSI_MAGENTA "\x1B[0;35m"
#define ANSI_CYAN "\x1B[0;36m"
#define ANSI_WHITE "\x1B[0;37m"
+#define ANSI_GREY "\x1B[0;2;37m"
/* Bold/highlighted */
#define ANSI_HIGHLIGHT_BLACK "\x1B[0;1;30m"
DEFINE_ANSI_FUNC(highlight_blue, HIGHLIGHT_BLUE);
DEFINE_ANSI_FUNC(highlight_magenta, HIGHLIGHT_MAGENTA);
DEFINE_ANSI_FUNC(normal, NORMAL);
+DEFINE_ANSI_FUNC(grey, GREY);
DEFINE_ANSI_FUNC_UNDERLINE(underline, UNDERLINE, NORMAL);
DEFINE_ANSI_FUNC_UNDERLINE(highlight_underline, HIGHLIGHT_UNDERLINE, HIGHLIGHT);
#include "io-util.h"
#include "log.h"
#include "macro.h"
+#include "missing_timerfd.h"
#include "parse-util.h"
#include "path-util.h"
#include "process-util.h"
}
int slice_build_parent_slice(const char *slice, char **ret);
-int slice_build_subslice(const char *slice, const char*name, char **subslice);
+int slice_build_subslice(const char *slice, const char *name, char **subslice);
bool slice_name_is_valid(const char *name);
#include <uchar.h>
#include "macro.h"
-#include "missing.h"
+#include "missing_type.h"
#define UTF8_REPLACEMENT_CHARACTER "\xef\xbf\xbd"
#define UTF8_BYTE_ORDER_MARK "\xef\xbb\xbf"
#include "format-util.h"
#include "macro.h"
-#include "missing.h"
#include "time-util.h"
size_t page_size(void) _pure_;
json_variant_dump(v,
(arg_json == JSON_PRETTY ? JSON_FORMAT_PRETTY : JSON_FORMAT_NEWLINE) |
- colors_enabled() * JSON_FORMAT_COLOR,
+ JSON_FORMAT_COLOR_AUTO,
f, NULL);
}
#include "bus-error.h"
#include "bus-util.h"
#include "dbus-automount.h"
+#include "dbus-unit.h"
#include "fd-util.h"
#include "format-util.h"
#include "io-util.h"
AutomountState old_state;
assert(a);
+ if (a->state != state)
+ bus_unit_send_pending_change_signal(UNIT(a), false);
+
old_state = a->state;
a->state = state;
#include "bpf-program.h"
#include "fd-util.h"
#include "ip-address-access.h"
+#include "missing_syscall.h"
#include "unit.h"
enum {
if (is_local_root) /* Make sure we don't try to display messages with an empty path. */
path = "/";
- /* We generally ignore errors caused by read-only mounted
- * cgroup trees (assuming we are running in a container then),
- * and missing cgroups, i.e. EROFS and ENOENT. */
+ /* We generally ignore errors caused by read-only mounted cgroup trees (assuming we are running in a container
+ * then), and missing cgroups, i.e. EROFS and ENOENT. */
- if (apply_mask & CGROUP_MASK_CPU) {
- bool has_weight, has_shares;
-
- has_weight = cgroup_context_has_cpu_weight(c);
- has_shares = cgroup_context_has_cpu_shares(c);
+ /* In fully unified mode these attributes don't exist on the host cgroup root. On legacy the weights exist, but
+ * setting the weight makes very little sense on the host root cgroup, as there are no other cgroups at this
+ * level. The quota exists there too, but any attempt to write to it is refused with EINVAL. Inside of
+ * containers we want to leave control of these to the container manager (and if cgroupsv2 delegation is used
+ * we couldn't even write to them if we wanted to). */
+ if ((apply_mask & CGROUP_MASK_CPU) && !is_local_root) {
if (cg_all_unified() > 0) {
+ uint64_t weight;
- /* In fully unified mode these attributes don't exist on the host cgroup root, and inside of
- * containers we want to leave control of these to the container manager (and if delegation is
- * used we couldn't even write to them if we wanted to). */
- if (!is_local_root) {
- uint64_t weight;
-
- if (has_weight)
- weight = cgroup_context_cpu_weight(c, state);
- else if (has_shares) {
- uint64_t shares;
+ if (cgroup_context_has_cpu_weight(c))
+ weight = cgroup_context_cpu_weight(c, state);
+ else if (cgroup_context_has_cpu_shares(c)) {
+ uint64_t shares;
- shares = cgroup_context_cpu_shares(c, state);
- weight = cgroup_cpu_shares_to_weight(shares);
+ shares = cgroup_context_cpu_shares(c, state);
+ weight = cgroup_cpu_shares_to_weight(shares);
- log_cgroup_compat(u, "Applying [Startup]CPUShares %" PRIu64 " as [Startup]CPUWeight %" PRIu64 " on %s",
- shares, weight, path);
- } else
- weight = CGROUP_WEIGHT_DEFAULT;
+ log_cgroup_compat(u, "Applying [Startup]CPUShares=%" PRIu64 " as [Startup]CPUWeight=%" PRIu64 " on %s",
+ shares, weight, path);
+ } else
+ weight = CGROUP_WEIGHT_DEFAULT;
- cgroup_apply_unified_cpu_weight(u, weight);
- cgroup_apply_unified_cpu_quota(u, c->cpu_quota_per_sec_usec);
- }
+ cgroup_apply_unified_cpu_weight(u, weight);
+ cgroup_apply_unified_cpu_quota(u, c->cpu_quota_per_sec_usec);
} else {
- /* Setting the weight makes very little sense on the host root cgroup, as there are no other
- * cgroups at this level. And for containers we want to leave management of this to the
- * container manager */
- if (!is_local_root) {
- uint64_t shares;
-
- if (has_weight) {
- uint64_t weight;
+ uint64_t shares;
- weight = cgroup_context_cpu_weight(c, state);
- shares = cgroup_cpu_weight_to_shares(weight);
+ if (cgroup_context_has_cpu_weight(c)) {
+ uint64_t weight;
- log_cgroup_compat(u, "Applying [Startup]CPUWeight %" PRIu64 " as [Startup]CPUShares %" PRIu64 " on %s",
- weight, shares, path);
- } else if (has_shares)
- shares = cgroup_context_cpu_shares(c, state);
- else
- shares = CGROUP_CPU_SHARES_DEFAULT;
+ weight = cgroup_context_cpu_weight(c, state);
+ shares = cgroup_cpu_weight_to_shares(weight);
- cgroup_apply_legacy_cpu_shares(u, shares);
- }
+ log_cgroup_compat(u, "Applying [Startup]CPUWeight=%" PRIu64 " as [Startup]CPUShares=%" PRIu64 " on %s",
+ weight, shares, path);
+ } else if (cgroup_context_has_cpu_shares(c))
+ shares = cgroup_context_cpu_shares(c, state);
+ else
+ shares = CGROUP_CPU_SHARES_DEFAULT;
- /* The "cpu" quota attribute is available on the host root, hence manage it there. But in
- * containers let's leave this to the container manager. */
- if (is_host_root || !is_local_root)
- cgroup_apply_legacy_cpu_quota(u, c->cpu_quota_per_sec_usec);
+ cgroup_apply_legacy_cpu_shares(u, shares);
+ cgroup_apply_legacy_cpu_quota(u, c->cpu_quota_per_sec_usec);
}
}
blkio_weight = cgroup_context_blkio_weight(c, state);
weight = cgroup_weight_blkio_to_io(blkio_weight);
- log_cgroup_compat(u, "Applying [Startup]BlockIOWeight %" PRIu64 " as [Startup]IOWeight %" PRIu64,
+ log_cgroup_compat(u, "Applying [Startup]BlockIOWeight=%" PRIu64 " as [Startup]IOWeight=%" PRIu64,
blkio_weight, weight);
} else
weight = CGROUP_WEIGHT_DEFAULT;
LIST_FOREACH(device_weights, w, c->blockio_device_weights) {
weight = cgroup_weight_blkio_to_io(w->weight);
- log_cgroup_compat(u, "Applying BlockIODeviceWeight %" PRIu64 " as IODeviceWeight %" PRIu64 " for %s",
+ log_cgroup_compat(u, "Applying BlockIODeviceWeight=%" PRIu64 " as IODeviceWeight=%" PRIu64 " for %s",
w->weight, weight, w->path);
cgroup_apply_io_device_weight(u, w->path, weight);
limits[CGROUP_IO_RBPS_MAX] = b->rbps;
limits[CGROUP_IO_WBPS_MAX] = b->wbps;
- log_cgroup_compat(u, "Applying BlockIO{Read|Write}Bandwidth %" PRIu64 " %" PRIu64 " as IO{Read|Write}BandwidthMax for %s",
+ log_cgroup_compat(u, "Applying BlockIO{Read|Write}Bandwidth=%" PRIu64 " %" PRIu64 " as IO{Read|Write}BandwidthMax= for %s",
b->rbps, b->wbps, b->path);
cgroup_apply_io_device_limit(u, b->path, limits);
io_weight = cgroup_context_io_weight(c, state);
weight = cgroup_weight_io_to_blkio(cgroup_context_io_weight(c, state));
- log_cgroup_compat(u, "Applying [Startup]IOWeight %" PRIu64 " as [Startup]BlockIOWeight %" PRIu64,
+ log_cgroup_compat(u, "Applying [Startup]IOWeight=%" PRIu64 " as [Startup]BlockIOWeight=%" PRIu64,
io_weight, weight);
} else if (has_blockio)
weight = cgroup_context_blkio_weight(c, state);
LIST_FOREACH(device_weights, w, c->io_device_weights) {
weight = cgroup_weight_io_to_blkio(w->weight);
- log_cgroup_compat(u, "Applying IODeviceWeight %" PRIu64 " as BlockIODeviceWeight %" PRIu64 " for %s",
+ log_cgroup_compat(u, "Applying IODeviceWeight=%" PRIu64 " as BlockIODeviceWeight=%" PRIu64 " for %s",
w->weight, weight, w->path);
cgroup_apply_blkio_device_weight(u, w->path, weight);
CGroupIODeviceLimit *l;
LIST_FOREACH(device_limits, l, c->io_device_limits) {
- log_cgroup_compat(u, "Applying IO{Read|Write}Bandwidth %" PRIu64 " %" PRIu64 " as BlockIO{Read|Write}BandwidthMax for %s",
+ log_cgroup_compat(u, "Applying IO{Read|Write}Bandwidth=%" PRIu64 " %" PRIu64 " as BlockIO{Read|Write}BandwidthMax= for %s",
l->limits[CGROUP_IO_RBPS_MAX], l->limits[CGROUP_IO_WBPS_MAX], l->path);
cgroup_apply_blkio_device_limit(u, l->path, l->limits[CGROUP_IO_RBPS_MAX], l->limits[CGROUP_IO_WBPS_MAX]);
}
}
- if (apply_mask & CGROUP_MASK_MEMORY) {
+ /* In unified mode 'memory' attributes do not exist on the root cgroup. In legacy mode 'memory.limit_in_bytes'
+ * exists on the root cgroup, but any writes to it are refused with EINVAL. And if we run in a container we
+ * want to leave control to the container manager (and if proper cgroupsv2 delegation is used we couldn't even
+ * write to this if we wanted to.) */
+ if ((apply_mask & CGROUP_MASK_MEMORY) && !is_local_root) {
if (cg_all_unified() > 0) {
- /* In unified mode 'memory' attributes do not exist on the root cgroup. And if we run in a
- * container we want to leave control to the container manager (and if proper delegation is
- * used we couldn't even write to this if we wanted to. */
- if (!is_local_root) {
- uint64_t max, swap_max = CGROUP_LIMIT_MAX;
-
- if (cgroup_context_has_unified_memory_config(c)) {
- max = c->memory_max;
- swap_max = c->memory_swap_max;
- } else {
- max = c->memory_limit;
-
- if (max != CGROUP_LIMIT_MAX)
- log_cgroup_compat(u, "Applying MemoryLimit=%" PRIu64 " as MemoryMax=", max);
- }
+ uint64_t max, swap_max = CGROUP_LIMIT_MAX;
+
+ if (cgroup_context_has_unified_memory_config(c)) {
+ max = c->memory_max;
+ swap_max = c->memory_swap_max;
+ } else {
+ max = c->memory_limit;
- cgroup_apply_unified_memory_limit(u, "memory.min", c->memory_min);
- cgroup_apply_unified_memory_limit(u, "memory.low", c->memory_low);
- cgroup_apply_unified_memory_limit(u, "memory.high", c->memory_high);
- cgroup_apply_unified_memory_limit(u, "memory.max", max);
- cgroup_apply_unified_memory_limit(u, "memory.swap.max", swap_max);
+ if (max != CGROUP_LIMIT_MAX)
+ log_cgroup_compat(u, "Applying MemoryLimit=%" PRIu64 " as MemoryMax=", max);
}
- } else {
- /* In legacy mode 'memory' exists on the host root, but in container mode we want to leave it
- * to the container manager around us */
- if (is_host_root || !is_local_root) {
- char buf[DECIMAL_STR_MAX(uint64_t) + 1];
- uint64_t val;
+ cgroup_apply_unified_memory_limit(u, "memory.min", c->memory_min);
+ cgroup_apply_unified_memory_limit(u, "memory.low", c->memory_low);
+ cgroup_apply_unified_memory_limit(u, "memory.high", c->memory_high);
+ cgroup_apply_unified_memory_limit(u, "memory.max", max);
+ cgroup_apply_unified_memory_limit(u, "memory.swap.max", swap_max);
- if (cgroup_context_has_unified_memory_config(c)) {
- val = c->memory_max;
- log_cgroup_compat(u, "Applying MemoryMax=%" PRIi64 " as MemoryLimit=", val);
- } else
- val = c->memory_limit;
+ } else {
+ char buf[DECIMAL_STR_MAX(uint64_t) + 1];
+ uint64_t val;
- if (val == CGROUP_LIMIT_MAX)
- strncpy(buf, "-1\n", sizeof(buf));
- else
- xsprintf(buf, "%" PRIu64 "\n", val);
+ if (cgroup_context_has_unified_memory_config(c)) {
+ val = c->memory_max;
+ log_cgroup_compat(u, "Applying MemoryMax=%" PRIi64 " as MemoryLimit=", val);
+ } else
+ val = c->memory_limit;
- (void) set_attribute_and_warn(u, "memory", "memory.limit_in_bytes", buf);
- }
+ if (val == CGROUP_LIMIT_MAX)
+ strncpy(buf, "-1\n", sizeof(buf));
+ else
+ xsprintf(buf, "%" PRIu64 "\n", val);
+
+ (void) set_attribute_and_warn(u, "memory", "memory.limit_in_bytes", buf);
}
}
- /* On cgroupsv2 we can apply BPF everywhre. On cgroupsv1 we apply it everywhere except for the root of
+ /* On cgroupsv2 we can apply BPF everywhere. On cgroupsv1 we apply it everywhere except for the root of
* containers, where we leave this to the manager */
if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) &&
(is_host_root || cg_all_unified() > 0 || !is_local_root)) {
r = procfs_tasks_set_limit(TASKS_MAX);
else
r = 0;
-
if (r < 0)
log_unit_full(u, LOG_LEVEL_CGROUP_WRITE(r), r,
"Failed to write to tasks limit sysctls: %m");
#include "alloc-util.h"
#include "dbus-job.h"
+#include "dbus-unit.h"
#include "dbus.h"
#include "job.h"
#include "log.h"
assert(j);
+ /* Make sure that any change signal on the unit is reflected before we send out the change signal on the job */
+ bus_unit_send_pending_change_signal(j->unit, true);
+
if (j->in_dbus_queue) {
LIST_REMOVE(dbus_queue, j->manager->dbus_job_queue, j);
j->in_dbus_queue = false;
j->sent_dbus_new_signal = true;
}
+void bus_job_send_pending_change_signal(Job *j, bool including_new) {
+ assert(j);
+
+ if (!j->in_dbus_queue)
+ return;
+
+ if (!j->sent_dbus_new_signal && !including_new)
+ return;
+
+ if (MANAGER_IS_RELOADING(j->unit->manager))
+ return;
+
+ bus_job_send_change_signal(j);
+}
+
static int send_removed_signal(sd_bus *bus, void *userdata) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
_cleanup_free_ char *p = NULL;
if (!j->sent_dbus_new_signal)
bus_job_send_change_signal(j);
+ /* Make sure that any change signal on the unit is reflected before we send out the change signal on the job */
+ bus_unit_send_pending_change_signal(j->unit, true);
+
r = bus_foreach_bus(j->manager, j->bus_track, send_removed_signal, j);
if (r < 0)
log_debug_errno(r, "Failed to send job remove signal for %u: %m", j->id);
int bus_job_method_get_waiting_jobs(sd_bus_message *message, void *userdata, sd_bus_error *error);
void bus_job_send_change_signal(Job *j);
+void bus_job_send_pending_change_signal(Job *j, bool including_new);
void bus_job_send_removed_signal(Job *j);
int bus_job_coldplug_bus_track(Job *j);
SD_BUS_PROPERTY("AssertResult", "b", bus_property_get_bool, offsetof(Unit, assert_result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
BUS_PROPERTY_DUAL_TIMESTAMP("ConditionTimestamp", offsetof(Unit, condition_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
BUS_PROPERTY_DUAL_TIMESTAMP("AssertTimestamp", offsetof(Unit, assert_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
- SD_BUS_PROPERTY("Conditions", "a(sbbsi)", property_get_conditions, offsetof(Unit, conditions), 0),
- SD_BUS_PROPERTY("Asserts", "a(sbbsi)", property_get_conditions, offsetof(Unit, asserts), 0),
+ SD_BUS_PROPERTY("Conditions", "a(sbbsi)", property_get_conditions, offsetof(Unit, conditions), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
+ SD_BUS_PROPERTY("Asserts", "a(sbbsi)", property_get_conditions, offsetof(Unit, asserts), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
SD_BUS_PROPERTY("LoadError", "(ss)", property_get_load_error, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Transient", "b", bus_property_get_bool, offsetof(Unit, transient), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Perpetual", "b", bus_property_get_bool, offsetof(Unit, perpetual), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("SuccessAction", "s", property_get_emergency_action, offsetof(Unit, success_action), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("SuccessActionExitStatus", "i", bus_property_get_int, offsetof(Unit, success_action_exit_status), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("RebootArgument", "s", NULL, offsetof(Unit, reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST),
- SD_BUS_PROPERTY("InvocationID", "ay", bus_property_get_id128, offsetof(Unit, invocation_id), 0),
- SD_BUS_PROPERTY("CollectMode", "s", property_get_collect_mode, offsetof(Unit, collect_mode), 0),
+ SD_BUS_PROPERTY("InvocationID", "ay", bus_property_get_id128, offsetof(Unit, invocation_id), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+ SD_BUS_PROPERTY("CollectMode", "s", property_get_collect_mode, offsetof(Unit, collect_mode), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Refs", "as", property_get_refs, 0, 0),
SD_BUS_METHOD("Start", "s", "o", method_start, SD_BUS_VTABLE_UNPRIVILEGED),
u->sent_dbus_new_signal = true;
}
+void bus_unit_send_pending_change_signal(Unit *u, bool including_new) {
+
+ /* Sends out any pending change signals, but only if they really are pending. This call is used when we are
+ * about to change state in order to force out a PropertiesChanged signal beforehand if there was one pending
+ * so that clients can follow the full state transition */
+
+ if (!u->in_dbus_queue) /* If not enqueued, don't bother */
+ return;
+
+ if (!u->sent_dbus_new_signal && !including_new) /* If the unit was never announced, don't bother, it's fine if
+ * the unit appears in the new state right-away (except if the
+ * caller explicitly asked us to send it anyway) */
+ return;
+
+ if (MANAGER_IS_RELOADING(u->manager)) /* Don't generate unnecessary PropertiesChanged signals for the same unit
+ * when we are reloading. */
+ return;
+
+ bus_unit_send_change_signal(u);
+}
+
static int send_removed_signal(sd_bus *bus, void *userdata) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
_cleanup_free_ char *p = NULL;
if (!path)
return -ENOMEM;
+ /* Before we send the method reply, force out the announcement JobNew for this job */
+ bus_job_send_pending_change_signal(j, true);
+
return sd_bus_reply_method_return(message, "o", path);
}
extern const sd_bus_vtable bus_unit_cgroup_vtable[];
void bus_unit_send_change_signal(Unit *u);
+void bus_unit_send_pending_change_signal(Unit *u, bool including_new);
void bus_unit_send_removed_signal(Unit *u);
int bus_unit_method_start_generic(sd_bus_message *message, Unit *u, JobType job_type, bool reload_if_possible, sd_bus_error *error);
#include "alloc-util.h"
#include "bus-error.h"
#include "dbus-device.h"
+#include "dbus-unit.h"
#include "device-private.h"
#include "device-util.h"
#include "device.h"
DeviceState old_state;
assert(d);
+ if (d->state != state)
+ bus_unit_send_pending_change_signal(UNIT(d), false);
+
old_state = d->state;
d->state = state;
#if HAVE_SECCOMP
#include "seccomp-util.h"
#endif
-#include "securebits.h"
#include "securebits-util.h"
#include "selinux-util.h"
#include "signal-util.h"
#include "cgroup-util.h"
#include "fdset.h"
#include "list.h"
-#include "missing.h"
+#include "missing_resource.h"
#include "namespace.h"
#include "nsflags.h"
job_add_to_gc_queue(j);
+ job_add_to_dbus_queue(j); /* announce this job to clients */
+ unit_add_to_dbus_queue(j->unit); /* The Job property of the unit has changed now */
+
return j;
}
free(l);
}
-void job_dump(Job *j, FILE*f, const char *prefix) {
+void job_dump(Job *j, FILE *f, const char *prefix) {
assert(j);
assert(f);
Job* job_install(Job *j);
int job_install_deserialized(Job *j);
void job_uninstall(Job *j);
-void job_dump(Job *j, FILE*f, const char *prefix);
+void job_dump(Job *j, FILE *f, const char *prefix);
int job_serialize(Job *j, FILE *f);
int job_deserialize(Job *j, FILE *f);
int job_coldplug(Job *j);
#if HAVE_SECCOMP
#include "seccomp-util.h"
#endif
-#include "securebits.h"
#include "securebits-util.h"
#include "signal-util.h"
#include "stat-util.h"
else if (pid == 0) {
(void) setsid();
(void) make_console_stdio();
+ (void) rlimit_nofile_safe();
(void) execle("/bin/sh", "/bin/sh", NULL, environ);
log_emergency_errno(errno, "execle() failed: %m");
/* Reenable any blocked signals, especially important if we switch from initial ramdisk to init=... */
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
+ (void) rlimit_nofile_safe();
if (switch_root_init) {
args[0] = switch_root_init;
#include "alloc-util.h"
#include "dbus-mount.h"
+#include "dbus-unit.h"
#include "device.h"
#include "escape.h"
#include "exit-status.h"
MountState old_state;
assert(m);
+ if (m->state != state)
+ bus_unit_send_pending_change_signal(UNIT(m), false);
+
old_state = m->state;
m->state = state;
#include "bus-error.h"
#include "bus-util.h"
#include "dbus-path.h"
+#include "dbus-unit.h"
#include "fd-util.h"
#include "fs-util.h"
#include "glob-util.h"
PathState old_state;
assert(p);
+ if (p->state != state)
+ bus_unit_send_pending_change_signal(UNIT(p), false);
+
old_state = p->state;
p->state = state;
#include "alloc-util.h"
#include "dbus-scope.h"
+#include "dbus-unit.h"
#include "load-dropin.h"
#include "log.h"
#include "scope.h"
ScopeState old_state;
assert(s);
+ if (s->state != state)
+ bus_unit_send_pending_change_signal(UNIT(s), false);
+
old_state = s->state;
s->state = state;
#include "bus-kernel.h"
#include "bus-util.h"
#include "dbus-service.h"
+#include "dbus-unit.h"
#include "def.h"
#include "env-util.h"
#include "escape.h"
assert(s);
+ if (s->state != state)
+ bus_unit_send_pending_change_signal(UNIT(s), false);
+
table = s->type == SERVICE_IDLE ? state_translation_table_idle : state_translation_table;
old_state = s->state;
#include "parse-util.h"
#include "process-util.h"
#include "reboot-util.h"
+#include "rlimit-util.h"
#include "signal-util.h"
#include "string-util.h"
#include "switch-root.h"
arguments[2] = NULL;
execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments, NULL);
+ (void) rlimit_nofile_safe();
+
if (can_initrd) {
r = switch_root_initramfs();
if (r >= 0) {
argv[0] = (char*) "/shutdown";
- setsid();
- make_console_stdio();
+ (void) setsid();
+ (void) make_console_stdio();
log_info("Successfully changed into root pivot.\n"
"Returning to initrd...");
#include "alloc-util.h"
#include "dbus-slice.h"
+#include "dbus-unit.h"
#include "log.h"
#include "serialize.h"
#include "slice.h"
SliceState old_state;
assert(t);
+ if (t->state != state)
+ bus_unit_send_pending_change_signal(UNIT(t), false);
+
old_state = t->state;
t->state = state;
#include "bus-util.h"
#include "copy.h"
#include "dbus-socket.h"
+#include "dbus-unit.h"
#include "def.h"
#include "exit-status.h"
#include "fd-util.h"
SocketState old_state;
assert(s);
+ if (s->state != state)
+ bus_unit_send_pending_change_signal(UNIT(s), false);
+
old_state = s->state;
s->state = state;
#include "alloc-util.h"
#include "dbus-swap.h"
+#include "dbus-unit.h"
#include "device-private.h"
#include "device-util.h"
#include "device.h"
assert(s);
+ if (s->state != state)
+ bus_unit_send_pending_change_signal(UNIT(s), false);
+
old_state = s->state;
s->state = state;
/* SPDX-License-Identifier: LGPL-2.1+ */
#include "dbus-target.h"
+#include "dbus-unit.h"
#include "log.h"
#include "serialize.h"
#include "special.h"
TargetState old_state;
assert(t);
+ if (t->state != state)
+ bus_unit_send_pending_change_signal(UNIT(t), false);
+
old_state = t->state;
t->state = state;
#include "bus-error.h"
#include "bus-util.h"
#include "dbus-timer.h"
+#include "dbus-unit.h"
#include "fs-util.h"
#include "parse-util.h"
#include "random-util.h"
TimerState old_state;
assert(t);
+ if (t->state != state)
+ bus_unit_send_pending_change_signal(UNIT(t), false);
+
old_state = t->state;
t->state = state;
dual_timestamp_get(&u->condition_timestamp);
u->condition_result = unit_condition_test_list(u, u->conditions, condition_type_to_string);
+ unit_add_to_dbus_queue(u);
+
return u->condition_result;
}
dual_timestamp_get(&u->assert_timestamp);
u->assert_result = unit_condition_test_list(u, u->asserts, assert_type_to_string);
+ unit_add_to_dbus_queue(u);
+
return u->assert_result;
}
m = u->manager;
+ /* Let's enqueue the change signal early. In case this unit has a job associated we want that this unit is in
+ * the bus queue, so that any job change signal queued will force out the unit change signal first. */
+ unit_add_to_dbus_queue(u);
+
/* Update timestamps for state changes */
if (!MANAGER_IS_RELOADING(m)) {
dual_timestamp_get(&u->state_change_timestamp);
}
}
- unit_add_to_dbus_queue(u);
unit_add_to_gc_queue(u);
}
r = unit_ref_uid_gid(u, uid, gid);
if (r > 0)
- bus_unit_send_change_signal(u);
+ unit_add_to_dbus_queue(u);
}
int unit_set_invocation_id(Unit *u, sd_id128_t id) {
if (r < 0)
return log_unit_error_errno(u, r, "Failed to set invocation ID for unit: %m");
+ unit_add_to_dbus_queue(u);
return 0;
}
fork_name = strjoina("(", arg_debugger, ")");
- r = safe_fork(fork_name, FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+ r = safe_fork(fork_name, FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
goto finish;
if (r == 0) {
fflush(stdout);
- r = safe_fork("(diff)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+ r = safe_fork("(diff)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
#include "path-util.h"
#include "proc-cmdline.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "signal-util.h"
#include "socket-util.h"
#include "special.h"
cmdline[i++] = device;
cmdline[i++] = NULL;
+ (void) rlimit_nofile_safe();
+
execv(cmdline[0], (char**) cmdline);
_exit(FSCK_OPERATIONAL_ERROR);
}
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <linux/sockios.h>
+#include <sys/ioctl.h>
#include "fd-util.h"
#include "fuzz.h"
/* SPDX-License-Identifier: LGPL-2.1+ */
-#include <netinet/icmp6.h>
#include <arpa/inet.h>
+#include <netinet/icmp6.h>
+#include <unistd.h>
#include "alloc-util.h"
#include "icmp6-util.h"
#include "hostname-util.h"
#include "id128-util.h"
#include "main-func.h"
+#include "missing_capability.h"
#include "os-util.h"
#include "parse-util.h"
#include "path-util.h"
#include "process-util.h"
#include "pull-common.h"
#include "pull-job.h"
+#include "rlimit-util.h"
#include "rm-rf.h"
#include "signal-util.h"
#include "siphash24.h"
_exit(EXIT_FAILURE);
}
+ (void) rlimit_nofile_safe();
+
cmd[k++] = strjoina("--homedir=", gpg_home);
/* We add the user keyring only to the command line
_exit(EXIT_FAILURE);
}
+ (void) rlimit_nofile_safe();
+
execvp(child, argv);
log_error_errno(errno, "Failed to exec child %s: %m", child);
_exit(EXIT_FAILURE);
void process_audit_string(Server *s, int type, const char *data, size_t size);
-int server_open_audit(Server*s);
+int server_open_audit(Server *s);
}
}
-int server_open_native_socket(Server*s) {
+int server_open_native_socket(Server *s) {
static const union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
int main(int argc, char *argv[]) {
unsigned n = 0;
- _cleanup_(sd_journal_closep) sd_journal*j = NULL;
+ _cleanup_(sd_journal_closep) sd_journal *j = NULL;
test_setup_logging(LOG_DEBUG);
#include "util.h"
int main(int argc, char *argv[]) {
- _cleanup_(sd_journal_closep) sd_journal*j = NULL;
+ _cleanup_(sd_journal_closep) sd_journal *j = NULL;
_cleanup_free_ char *t;
test_setup_logging(LOG_DEBUG);
#include "in-addr-util.h"
#include "lldp-internal.h"
#include "lldp-neighbor.h"
+#include "missing.h"
#include "unaligned.h"
static void lldp_neighbor_id_hash_func(const LLDPNeighborID *id, struct siphash *state) {
#include "fd-util.h"
#include "lldp-network.h"
+#include "missing.h"
#include "socket-util.h"
int lldp_network_bind_raw_socket(int ifindex) {
#include <arpa/inet.h>
#include <linux/sockios.h>
+#include <sys/ioctl.h>
#include "sd-lldp.h"
#include "macro.h"
#include "socket-util.h"
#include "tests.h"
+#include "util.h"
#include "virt.h"
static struct ether_addr mac_addr = {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply_unique = NULL, *reply = NULL;
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
- const char *unique = NULL;
+ const char *unique;
pid_t pid = 0;
int r;
if (!BUS_IS_OPEN(bus->state))
return -ENOTCONN;
- /* Only query the owner if the caller wants to know it or if
- * the caller just wants to check whether a name exists */
- if ((mask & SD_BUS_CREDS_UNIQUE_NAME) || mask == 0) {
+ /* If the name is unique anyway, we can use it directly */
+ unique = name[0] == ':' ? name : NULL;
+
+ /* Only query the owner if the caller wants to know it and the name is not unique anyway, or if the caller just
+ * wants to check whether a name exists */
+ if ((FLAGS_SET(mask, SD_BUS_CREDS_UNIQUE_NAME) && !unique) || mask == 0) {
r = sd_bus_call_method(
bus,
"org.freedesktop.DBus",
if (mask != 0) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
bool need_pid, need_uid, need_selinux, need_separate_calls;
+
c = bus_creds_new();
if (!c)
return -ENOMEM;
NULL,
&reply,
"s",
- unique ? unique : name);
+ unique ?: name);
if (r < 0)
return r;
&error,
&reply,
"s",
- unique ? unique : name);
+ unique ?: name);
if (r < 0) {
if (!sd_bus_error_has_name(&error, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown"))
return r;
if (r < 0)
return r;
- c->label = strndup(p, sz);
+ c->label = memdup_suffix0(p, sz);
if (!c->label)
return -ENOMEM;
/* SPDX-License-Identifier: LGPL-2.1+ */
+#include <sys/time.h>
+
#include "alloc-util.h"
#include "bus-dump.h"
#include "bus-internal.h"
#include "bus-slot.h"
#include "bus-type.h"
#include "bus-util.h"
+#include "missing_capability.h"
#include "set.h"
#include "string-util.h"
#include "strv.h"
#include "missing.h"
#include "path-util.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "selinux-util.h"
#include "signal-util.h"
#include "stdio-util.h"
if (rearrange_stdio(s[1], s[1], STDERR_FILENO) < 0)
_exit(EXIT_FAILURE);
+ (void) rlimit_nofile_safe();
+
if (b->exec_argv)
execvp(b->exec_path, b->exec_argv);
else {
#include "bus-util.h"
#include "def.h"
#include "fd-util.h"
+#include "missing_resource.h"
#include "time-util.h"
#include "util.h"
return r;
}
-static void* client1(void*p) {
+static void* client1(void *p) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
return 1;
}
-static void* client2(void*p) {
+static void* client2(void *p) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
#include <ctype.h>
#include <net/if.h>
+#include <sys/ioctl.h>
#include <sys/types.h>
#include "sd-device.h"
};
static const struct NLType rtnl_prot_info_bridge_port_types[] = {
- [IFLA_BRPORT_STATE] = { .type = NETLINK_TYPE_U8 },
- [IFLA_BRPORT_COST] = { .type = NETLINK_TYPE_U32 },
- [IFLA_BRPORT_PRIORITY] = { .type = NETLINK_TYPE_U16 },
- [IFLA_BRPORT_MODE] = { .type = NETLINK_TYPE_U8 },
- [IFLA_BRPORT_GUARD] = { .type = NETLINK_TYPE_U8 },
- [IFLA_BRPORT_PROTECT] = { .type = NETLINK_TYPE_U8 },
- [IFLA_BRPORT_FAST_LEAVE] = { .type = NETLINK_TYPE_U8 },
- [IFLA_BRPORT_LEARNING] = { .type = NETLINK_TYPE_U8 },
- [IFLA_BRPORT_UNICAST_FLOOD] = { .type = NETLINK_TYPE_U8 },
- [IFLA_BRPORT_PROXYARP] = { .type = NETLINK_TYPE_U8 },
- [IFLA_BRPORT_LEARNING_SYNC] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_STATE] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_COST] = { .type = NETLINK_TYPE_U32 },
+ [IFLA_BRPORT_PRIORITY] = { .type = NETLINK_TYPE_U16 },
+ [IFLA_BRPORT_MODE] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_GUARD] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_PROTECT] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_FAST_LEAVE] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_LEARNING] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_UNICAST_FLOOD] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_PROXYARP] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_LEARNING_SYNC] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_PROXYARP_WIFI] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_ROOT_ID] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_BRIDGE_ID] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_DESIGNATED_PORT] = { .type = NETLINK_TYPE_U16 },
+ [IFLA_BRPORT_DESIGNATED_COST] = { .type = NETLINK_TYPE_U16 },
+ [IFLA_BRPORT_ID] = { .type = NETLINK_TYPE_U16 },
+ [IFLA_BRPORT_NO] = { .type = NETLINK_TYPE_U16 },
+ [IFLA_BRPORT_TOPOLOGY_CHANGE_ACK] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_CONFIG_PENDING] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_MESSAGE_AGE_TIMER] = { .type = NETLINK_TYPE_U64 },
+ [IFLA_BRPORT_FORWARD_DELAY_TIMER] = { .type = NETLINK_TYPE_U64 },
+ [IFLA_BRPORT_HOLD_TIMER] = { .type = NETLINK_TYPE_U64 },
+ [IFLA_BRPORT_FLUSH] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_MULTICAST_ROUTER] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_PAD] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_MCAST_FLOOD] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_MCAST_TO_UCAST] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_VLAN_TUNNEL] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_BCAST_FLOOD] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_GROUP_FWD_MASK] = { .type = NETLINK_TYPE_U16 },
+ [IFLA_BRPORT_NEIGH_SUPPRESS] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_ISOLATED] = { .type = NETLINK_TYPE_U8 },
+ [IFLA_BRPORT_BACKUP_PORT] = { .type = NETLINK_TYPE_U32 },
};
static const NLTypeSystem rtnl_prot_info_type_systems[] = {
return 0;
}
+int sd_rtnl_message_routing_policy_rule_set_flags(sd_netlink_message *m, unsigned flags) {
+ struct rtmsg *routing_policy_rule;
+
+ assert_return(m, -EINVAL);
+ assert_return(m->hdr, -EINVAL);
+ assert_return(rtnl_message_type_is_routing_policy_rule(m->hdr->nlmsg_type), -EINVAL);
+
+ routing_policy_rule = NLMSG_DATA(m->hdr);
+ routing_policy_rule->rtm_flags |= flags;
+
+ return 0;
+}
+
+int sd_rtnl_message_routing_policy_rule_get_flags(sd_netlink_message *m, unsigned *flags) {
+ struct rtmsg *routing_policy_rule;
+
+ assert_return(m, -EINVAL);
+ assert_return(m->hdr, -EINVAL);
+ assert_return(rtnl_message_type_is_routing_policy_rule(m->hdr->nlmsg_type), -EINVAL);
+
+ routing_policy_rule = NLMSG_DATA(m->hdr);
+ *flags = routing_policy_rule->rtm_flags;
+
+ return 0;
+}
+
int sd_rtnl_message_routing_policy_rule_set_rtm_type(sd_netlink_message *m, unsigned char type) {
struct rtmsg *routing_policy_rule;
#include "macro.h"
#include "socket-util.h"
#include "string-util.h"
+#include "time-util.h"
#define TEST_TIMEOUT_USEC (20*USEC_PER_SEC)
return dispatch_verb(argc, argv, verbs, bus);
}
-static int run(int argc, char*argv[]) {
+static int run(int argc, char *argv[]) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
int r;
#include "locale-util.h"
#include "macro.h"
#include "main-func.h"
+#include "missing_capability.h"
#include "path-util.h"
#include "selinux-util.h"
#include "signal-util.h"
if (r < 0)
return log_error_errno(r, "Could not get active inhibitors: %s", bus_error_message(&error, r));
- table = table_new("WHO", "UID", "USER", "PID", "COMM", "WHAT", "WHY", "MODE");
+ table = table_new("who", "uid", "user", "pid", "comm", "what", "why", "mode");
if (!table)
return log_oom();
if (fd < 0)
return log_error_errno(fd, "Failed to inhibit: %s", bus_error_message(&error, fd));
- r = safe_fork("(inhibit)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+ r = safe_fork("(inhibit)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
table_set_header(table, arg_legend);
- r = table_print(table, NULL);
+ if (OUTPUT_MODE_IS_JSON(arg_output))
+ r = table_print_json(table, NULL, output_mode_to_json_format_flags(arg_output) | JSON_FORMAT_COLOR_AUTO);
+ else
+ r = table_print(table, NULL);
if (r < 0)
return log_error_errno(r, "Failed to show table: %m");
}
if (r < 0)
return bus_log_parse_error(r);
- table = table_new("SESSION", "UID", "USER", "SEAT", "TTY");
+ table = table_new("session", "uid", "user", "seat", "tty");
if (!table)
return log_oom();
if (r < 0)
return bus_log_parse_error(r);
- table = table_new("UID", "USER");
+ table = table_new("uid", "user");
if (!table)
return log_oom();
if (r < 0)
return bus_log_parse_error(r);
- table = table_new("SEAT");
+ table = table_new("seat");
if (!table)
return log_oom();
if (arg_output < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Unknown output '%s'.", optarg);
+
+ if (OUTPUT_MODE_IS_JSON(arg_output))
+ arg_legend = false;
+
break;
case ARG_NO_PAGER:
#include "alloc-util.h"
#include "fd-util.h"
#include "logind-button.h"
+#include "missing_input.h"
#include "string-util.h"
#include "util.h"
};
Button* button_new(Manager *m, const char *name);
-void button_free(Button*b);
+void button_free(Button *b);
int button_open(Button *b);
int button_set_seat(Button *b, const char *sn);
int button_check_switches(Button *b);
#include "format-util.h"
#include "fs-util.h"
#include "logind.h"
+#include "missing_capability.h"
#include "mkdir.h"
#include "path-util.h"
#include "process-util.h"
#include "bus-util.h"
#include "logind-seat.h"
#include "logind.h"
+#include "missing_capability.h"
#include "strv.h"
#include "user-util.h"
#include "util.h"
#include "logind-session-device.h"
#include "logind-session.h"
#include "logind.h"
+#include "missing_capability.h"
#include "signal-util.h"
#include "stat-util.h"
#include "strv.h"
#include <fcntl.h>
#include <linux/input.h>
#include <string.h>
+#include <stdint.h>
#include <sys/ioctl.h>
#include <sys/types.h>
+/* Old drm.h may needs to be included after stdint.h and sys/types.h */
+#include <drm/drm.h>
+
#include "sd-device.h"
#include "alloc-util.h"
#include "format-util.h"
#include "logind-user.h"
#include "logind.h"
+#include "missing_capability.h"
#include "signal-util.h"
#include "strv.h"
#include "user-util.h"
printf("%u inhibitors\n", n);
}
-int main(int argc, char*argv[]) {
+int main(int argc, char *argv[]) {
_cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
int fd1, fd2;
int r;
#include "io-util.h"
#include "loop-util.h"
#include "machine-image.h"
+#include "missing_capability.h"
#include "mount-util.h"
#include "process-util.h"
#include "raw-clone.h"
if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
- r = safe_fork("(imgclone)", FORK_RESET_SIGNALS, &child);
+ r = safe_fork("(sd-imgclone)", FORK_RESET_SIGNALS, &child);
if (r < 0)
return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
if (r == 0) {
#include "local-addresses.h"
#include "machine-dbus.h"
#include "machine.h"
+#include "missing_capability.h"
#include "mkdir.h"
#include "os-util.h"
#include "path-util.h"
table_set_header(table, arg_legend);
- r = table_print(table, NULL);
+ if (OUTPUT_MODE_IS_JSON(arg_output))
+ r = table_print_json(table, NULL, output_mode_to_json_format_flags(arg_output) | JSON_FORMAT_COLOR_AUTO);
+ else
+ r = table_print(table, NULL);
if (r < 0)
return log_error_errno(r, "Failed to show table: %m");
}
if (r < 0)
return log_error_errno(r, "Could not get machines: %s", bus_error_message(&error, r));
- table = table_new("MACHINE", "CLASS", "SERVICE", "OS", "VERSION", "ADDRESSES");
+ table = table_new("machine", "class", "service", "os", "version", "addresses");
if (!table)
return log_oom();
if (r < 0)
return log_error_errno(r, "Could not get images: %s", bus_error_message(&error, r));
- table = table_new("NAME", "TYPE", "RO", "USAGE", "CREATED", "MODIFIED");
+ table = table_new("name", "type", "ro", "usage", "created", "modified");
if (!table)
return log_oom();
if (arg_output < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Unknown output '%s'.", optarg);
+
+ if (OUTPUT_MODE_IS_JSON(arg_output))
+ arg_legend = false;
break;
case ARG_NO_PAGER:
return dispatch_verb(argc, argv, verbs, bus);
}
-static int run(int argc, char*argv[]) {
+static int run(int argc, char *argv[]) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
int r;
#include "machine-image.h"
#include "machine-pool.h"
#include "machined.h"
+#include "missing_capability.h"
#include "path-util.h"
#include "process-util.h"
#include "stdio-util.h"
#endif
#include "in-addr-util.h"
-#include "missing.h"
+#include "missing_fou.h"
#include "netdev/netdev.h"
typedef enum FooOverUDPEncapType {
#include <linux/if_link.h>
-#include "missing.h"
+#include "missing_if_link.h"
#include "netdev/netdev.h"
typedef enum IPVlanMode {
Tunnel.IPv6RapidDeploymentPrefix, config_parse_6rd_prefix, 0, 0
Tunnel.ERSPANIndex, config_parse_uint32, 0, offsetof(Tunnel, erspan_index)
Tunnel.SerializeTunneledPackets, config_parse_tristate, 0, offsetof(Tunnel, erspan_sequence)
+Tunnel.ISATAP, config_parse_tristate, 0, offsetof(Tunnel, isatap)
FooOverUDP.Protocol, config_parse_uint8, 0, offsetof(FouTunnel, fou_protocol)
FooOverUDP.Encapsulation, config_parse_fou_encap_type, 0, offsetof(FouTunnel, fou_encap_type)
FooOverUDP.Port, config_parse_ip_port, 0, offsetof(FouTunnel, port)
r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_6RD_PREFIX, &t->sixrd_prefix);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_6RD_PREFIX attribute: %m");
+
/* u16 is deliberate here, even though we're passing a netmask that can never be >128. The kernel is
* expecting to receive the prefixlen as a u16.
*/
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_6RD_PREFIXLEN attribute: %m");
}
+ if (t->isatap >= 0) {
+ uint16_t flags = 0;
+
+ SET_FLAG(flags, SIT_ISATAP, t->isatap);
+
+ r = sd_netlink_message_append_u16(m, IFLA_IPTUN_FLAGS, flags);
+ if (r < 0)
+ return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLAGS attribute: %m");
+ }
+
return r;
}
assert(t);
t->pmtudisc = true;
+ t->isatap = -1;
}
static void vti_init(NetDev *n) {
int ipv6_flowlabel;
int allow_localremote;
int erspan_sequence;
+ int isatap;
unsigned ttl;
unsigned tos;
#include "env-file.h"
#include "fd-util.h"
#include "fileio.h"
+#include "missing_network.h"
#include "netlink-util.h"
#include "network-internal.h"
#include "networkd-ipv6-proxy-ndp.h"
r = sd_netlink_message_append_u8(req, IFLA_BRPORT_UNICAST_FLOOD, link->network->unicast_flood);
if (r < 0)
return log_link_error_errno(link, r, "Could not append IFLA_BRPORT_UNICAST_FLOOD attribute: %m");
+ }
+ if (link->network->multicast_to_unicast >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_MCAST_TO_UCAST, link->network->multicast_to_unicast);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Could not append IFLA_BRPORT_MCAST_TO_UCAST attribute: %m");
}
if (link->network->cost != 0) {
if (r < 0)
return log_link_error_errno(link, r, "Could not append IFLA_BRPORT_COST attribute: %m");
}
+
if (link->network->priority != LINK_BRIDGE_PORT_PRIORITY_INVALID) {
r = sd_netlink_message_append_u16(req, IFLA_BRPORT_PRIORITY, link->network->priority);
if (r < 0)
#include "env-file.h"
#include "fd-util.h"
#include "hostname-util.h"
+#include "missing_network.h"
#include "networkd-lldp-tx.h"
#include "networkd-manager.h"
#include "parse-util.h"
RoutingPolicyRule.IPProtocol, config_parse_routing_policy_rule_ip_protocol, 0, 0
RoutingPolicyRule.SourcePort, config_parse_routing_policy_rule_port_range, 0, 0
RoutingPolicyRule.DestinationPort, config_parse_routing_policy_rule_port_range, 0, 0
+RoutingPolicyRule.InvertRule, config_parse_routing_policy_rule_invert, 0, 0
Route.Gateway, config_parse_gateway, 0, 0
Route.Destination, config_parse_destination, 0, 0
Route.Source, config_parse_destination, 0, 0
Bridge.FastLeave, config_parse_tristate, 0, offsetof(Network, fast_leave)
Bridge.AllowPortToBeRoot, config_parse_tristate, 0, offsetof(Network, allow_port_to_be_root)
Bridge.UnicastFlood, config_parse_tristate, 0, offsetof(Network, unicast_flood)
+Bridge.MulticastToUnicast, config_parse_tristate, 0, offsetof(Network, multicast_to_unicast)
Bridge.Priority, config_parse_bridge_port_priority, 0, offsetof(Network, priority)
BridgeFDB.MACAddress, config_parse_fdb_hwaddr, 0, 0
BridgeFDB.VLANId, config_parse_fdb_vlan_id, 0, 0
#include "fd-util.h"
#include "hostname-util.h"
#include "in-addr-util.h"
+#include "missing_network.h"
#include "network-internal.h"
#include "networkd-manager.h"
#include "networkd-network.h"
.fast_leave = -1,
.allow_port_to_be_root = -1,
.unicast_flood = -1,
+ .multicast_to_unicast = -1,
.priority = LINK_BRIDGE_PORT_PRIORITY_INVALID,
.lldp_mode = LLDP_MODE_ROUTERS_ONLY,
int fast_leave;
int allow_port_to_be_root;
int unicast_flood;
+ int multicast_to_unicast;
uint32_t cost;
uint16_t priority;
#include "alloc-util.h"
#include "conf-parser.h"
#include "in-addr-util.h"
+#include "missing_network.h"
#include "netlink-util.h"
#include "networkd-manager.h"
#include "networkd-route.h"
return log_error_errno(r, "Could not append FRA_DPORT_RANGE attribute: %m");
}
+ if (rule->invert_rule) {
+ r = sd_rtnl_message_routing_policy_rule_set_flags(m, FIB_RULE_INVERT);
+ if (r < 0)
+ return log_error_errno(r, "Could not append FIB_RULE_INVERT attribute: %m");
+ }
+
rule->link = link;
r = netlink_call_async(link->manager->rtnl, NULL, m,
return 0;
}
+int config_parse_routing_policy_rule_invert(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL;
+ Network *network = userdata;
+ int r;
+
+ assert(filename);
+ assert(section);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ r = routing_policy_rule_new_static(network, filename, section_line, &n);
+ if (r < 0)
+ return r;
+
+ r = parse_boolean(rvalue);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse RPDB rule invert, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ n->invert_rule = r;
+
+ n = NULL;
+
+ return 0;
+}
+
static int routing_policy_rule_read_full_file(const char *state_file, char **ret) {
_cleanup_free_ char *s = NULL;
size_t size;
#include "in-addr-util.h"
#include "conf-parser.h"
+#include "missing_fib_rules.h"
typedef struct RoutingPolicyRule RoutingPolicyRule;
Link *link;
NetworkConfigSection *section;
+ bool invert_rule;
+
uint8_t tos;
uint8_t protocol;
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_device);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_port_range);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_ip_protocol);
+CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_invert);
#include "alloc-util.h"
#include "ether-addr-util.h"
#include "lockfile-util.h"
+#include "missing_network.h"
#include "netlink-util.h"
#include "nspawn-network.h"
#include "siphash24.h"
#include "conf-parser.h"
#include "macro.h"
+#include "missing_resource.h"
#include "nspawn-expose-ports.h"
#include "nspawn-mount.h"
#include "mkdir.h"
#include "nspawn-setuid.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "signal-util.h"
#include "string-util.h"
#include "strv.h"
close_all_fds(NULL, 0);
+ (void) rlimit_nofile_safe();
+
execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env);
execle("/bin/getent", "getent", database, key, NULL, &empty_env);
_exit(EXIT_FAILURE);
#include <errno.h>
#include <getopt.h>
#include <grp.h>
+#include <linux/fs.h>
#include <linux/loop.h>
#include <pwd.h>
#include <sched.h>
#include <stdlib.h>
#include <string.h>
#include <sys/file.h>
-#include <sys/mount.h>
#include <sys/personality.h>
#include <sys/prctl.h>
#include <sys/types.h>
if (access(mkfs, X_OK) != 0)
return log_error_errno(errno, "%s is not executable: %m", mkfs);
- r = safe_fork("(fsck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+ r = safe_fork("(mkfs)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
if (r < 0)
return log_error_errno(r, "Failed to list images: %s", bus_error_message(&error, r));
- table = table_new("NAME", "TYPE", "RO", "CRTIME", "MTIME", "USAGE", "STATE");
+ table = table_new("name", "type", "ro", "crtime", "mtime", "usage", "state");
if (!table)
return log_oom();
#include "fd-util.h"
#include "io-util.h"
#include "machine-image.h"
+#include "missing_capability.h"
#include "portable.h"
#include "portabled-bus.h"
#include "portabled-image-bus.h"
#include "fileio.h"
#include "io-util.h"
#include "machine-image.h"
+#include "missing_capability.h"
#include "portable.h"
#include "portabled-bus.h"
#include "portabled-image-bus.h"
return 0;
}
- r = safe_fork("(quotacheck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
+ r = safe_fork("(quotacheck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_WAIT|FORK_LOG, NULL);
if (r < 0)
return r;
if (r == 0) {
static int add_symlink(const char *service, const char *where) {
const char *from, *to;
- int r;
assert(service);
assert(where);
(void) mkdir_parents_label(to, 0755);
- r = symlink(from, to);
- if (r < 0) {
+ if (symlink(from, to) < 0) {
if (errno == EEXIST)
return 0;
return 1;
}
+static int check_executable(const char *path) {
+ assert(path);
+
+ if (access(path, X_OK) < 0) {
+ if (errno == ENOENT)
+ return log_debug_errno(errno, "%s does not exist, skipping.", path);
+ if (errno == EACCES)
+ return log_info_errno(errno, "%s is not marked executable, skipping.", path);
+
+ return log_warning_errno(errno, "Couldn't determine if %s exists and is executable, skipping: %m", path);
+ }
+
+ return 0;
+}
+
static int run(int argc, char *argv[]) {
int r = 0, k = 0;
if (argc > 1)
arg_dest = argv[1];
- if (access(RC_LOCAL_SCRIPT_PATH_START, X_OK) < 0)
- log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
- RC_LOCAL_SCRIPT_PATH_START " is not executable: %m");
- else {
+ if (check_executable(RC_LOCAL_SCRIPT_PATH_START) >= 0) {
log_debug("Automatically adding rc-local.service.");
r = add_symlink("rc-local.service", "multi-user.target");
}
- if (access(RC_LOCAL_SCRIPT_PATH_STOP, X_OK) < 0)
- log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
- RC_LOCAL_SCRIPT_PATH_STOP " is not executable: %m");
- else {
+ if (check_executable(RC_LOCAL_SCRIPT_PATH_STOP) >= 0) {
log_debug("Automatically adding halt-local.service.");
k = add_symlink("halt-local.service", "final.target");
log_debug("Remounting %s", me->mnt_dir);
- r = safe_fork("(remount)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+ r = safe_fork("(remount)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Expected interface name as argument.");
- r = ifname_mangle(argv[optind], false);
+ r = ifname_mangle(argv[optind]);
if (r <= 0)
return r;
#include "gcrypt-util.h"
#include "in-addr-util.h"
#include "main-func.h"
+#include "missing_network.h"
#include "netlink-util.h"
#include "pager.h"
#include "parse-util.h"
return ifi;
}
-int ifname_mangle(const char *s, bool allow_loopback) {
+int ifname_mangle(const char *s) {
_cleanup_free_ char *iface = NULL;
const char *dot;
- int r;
+ int ifi;
assert(s);
- if (arg_ifname) {
- assert(arg_ifindex >= 0);
-
- if (!allow_loopback && arg_ifindex == LOOPBACK_IFINDEX)
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
- "Interface can't be the loopback interface (lo). Sorry.");
-
- return 1;
- }
-
dot = strchr(s, '.');
if (dot) {
+ log_debug("Ignoring protocol specifier '%s'.", dot + 1);
iface = strndup(s, dot - s);
- if (!iface)
- return log_oom();
- log_debug("Ignoring protocol specifier '%s'.", dot + 1);
- } else {
+ } else
iface = strdup(s);
- if (!iface)
- return log_oom();
- }
+ if (!iface)
+ return log_oom();
- if (parse_ifindex(iface, &r) < 0) {
- r = if_nametoindex(iface);
- if (r <= 0) {
+ if (parse_ifindex(iface, &ifi) < 0) {
+ ifi = if_nametoindex(iface);
+ if (ifi <= 0) {
if (errno == ENODEV && arg_ifindex_permissive) {
log_debug("Interface '%s' not found, but -f specified, ignoring.", iface);
return 0; /* done */
}
}
- if (!allow_loopback && r == LOOPBACK_IFINDEX)
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
- "Interface can't be the loopback interface (lo). Sorry.");
+ if (arg_ifindex > 0 && arg_ifindex != ifi) {
+ log_error("Specified multiple different interfaces. Refusing.");
+ return -EINVAL;
+ }
- arg_ifindex = r;
- arg_ifname = TAKE_PTR(iface);
+ arg_ifindex = ifi;
+ free_and_replace(arg_ifname, iface);
return 1;
}
if (flags == 0)
return;
- fputs("\n-- Information acquired via", stdout);
+ printf("\n%s-- Information acquired via", ansi_grey());
if (flags != 0)
printf(" protocol%s%s%s%s%s",
assert_se(format_timespan(rtt_str, sizeof(rtt_str), rtt, 100));
- printf(" in %s", rtt_str);
+ printf(" in %s.%s\n"
+ "%s-- Data is authenticated: %s%s\n",
+ rtt_str, ansi_normal(),
+ ansi_grey(), yes_no(flags & SD_RESOLVED_AUTHENTICATED), ansi_normal());
+}
+
+static void print_ifindex_comment(int printed_so_far, int ifindex) {
+ char ifname[IF_NAMESIZE];
- fputc('.', stdout);
- fputc('\n', stdout);
+ if (ifindex <= 0)
+ return;
- printf("-- Data is authenticated: %s\n", yes_no(flags & SD_RESOLVED_AUTHENTICATED));
+ if (!if_indextoname(ifindex, ifname))
+ log_warning_errno(errno, "Failed to resolve interface name for index %i, ignoring: %m", ifindex);
+ else
+ printf("%*s%s-- link: %s%s",
+ 60 > printed_so_far ? 60 - printed_so_far : 0, " ", /* Align comment to the 60th column */
+ ansi_grey(), ifname, ansi_normal());
}
static int resolve_host(sd_bus *bus, const char *name) {
while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
_cleanup_free_ char *pretty = NULL;
- char ifname[IF_NAMESIZE] = "";
- int ifindex, family;
+ int ifindex, family, k;
const void *a;
size_t sz;
return -EINVAL;
}
- if (ifindex > 0 && !if_indextoname(ifindex, ifname))
- log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
-
r = in_addr_ifindex_to_string(family, a, ifindex, &pretty);
if (r < 0)
return log_error_errno(r, "Failed to print address for %s: %m", name);
- printf("%*s%s %s%s%s\n",
- (int) strlen(name), c == 0 ? name : "", c == 0 ? ":" : " ",
- pretty,
- isempty(ifname) ? "" : "%", ifname);
+ k = printf("%*s%s %s%s%s",
+ (int) strlen(name), c == 0 ? name : "", c == 0 ? ":" : " ",
+ ansi_highlight(), pretty, ansi_normal());
+
+ print_ifindex_comment(k, ifindex);
+ fputc('\n', stdout);
c++;
}
_cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_free_ char *pretty = NULL;
- char ifname[IF_NAMESIZE] = "";
uint64_t flags;
unsigned c = 0;
usec_t ts;
if (r < 0)
return log_oom();
- if (ifindex > 0 && !if_indextoname(ifindex, ifname))
- return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
-
- log_debug("Resolving %s%s%s.", pretty, isempty(ifname) ? "" : "%", ifname);
+ log_debug("Resolving %s.", pretty);
r = sd_bus_message_new_method_call(
bus,
while ((r = sd_bus_message_enter_container(reply, 'r', "is")) > 0) {
const char *n;
+ int k;
assert_cc(sizeof(int) == sizeof(int32_t));
if (r < 0)
return r;
- ifname[0] = 0;
- if (ifindex > 0 && !if_indextoname(ifindex, ifname))
- log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
+ k = printf("%*s%s %s%s%s",
+ (int) strlen(pretty), c == 0 ? pretty : "",
+ c == 0 ? ":" : " ",
+ ansi_highlight(), n, ansi_normal());
- printf("%*s%*s%*s%s %s\n",
- (int) strlen(pretty), c == 0 ? pretty : "",
- isempty(ifname) ? 0 : 1, c > 0 || isempty(ifname) ? "" : "%",
- (int) strlen(ifname), c == 0 ? ifname : "",
- c == 0 ? ":" : " ",
- n);
+ print_ifindex_comment(k, ifindex);
+ fputc('\n', stdout);
c++;
}
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
_cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
int r;
- char ifname[IF_NAMESIZE] = "";
r = dns_packet_new(&p, DNS_PROTOCOL_DNS, 0, DNS_PACKET_SIZE_MAX);
if (r < 0)
fwrite(data, 1, k, stdout);
} else {
const char *s;
+ int k;
s = dns_resource_record_to_string(rr);
if (!s)
return log_oom();
- if (ifindex > 0 && !if_indextoname(ifindex, ifname))
- log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
-
- printf("%s%s%s\n", s, isempty(ifname) ? "" : " # interface ", ifname);
+ k = printf("%s", s);
+ print_ifindex_comment(k, ifindex);
+ fputc('\n', stdout);
}
return 0;
while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
_cleanup_free_ char *pretty = NULL;
- char ifname[IF_NAMESIZE] = "";
- int ifindex, family;
+ int ifindex, family, k;
const void *a;
assert_cc(sizeof(int) == sizeof(int32_t));
return -EINVAL;
}
- if (ifindex > 0 && !if_indextoname(ifindex, ifname))
- log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
-
- r = in_addr_to_string(family, a, &pretty);
+ r = in_addr_ifindex_to_string(family, a, ifindex, &pretty);
if (r < 0)
return log_error_errno(r, "Failed to print address for %s: %m", name);
- printf("%*s%s%s%s\n", (int) indent, "", pretty, isempty(ifname) ? "" : "%s", ifname);
+ k = printf("%*s%s", (int) indent, "", pretty);
+ print_ifindex_comment(k, ifindex);
+ fputc('\n', stdout);
}
if (r < 0)
return bus_log_parse_error(r);
assert(bus);
- if (argc <= 1)
- return status_all(bus, STATUS_DNS);
+ if (argc >= 2) {
+ r = ifname_mangle(argv[1]);
+ if (r < 0)
+ return r;
+ }
- r = ifname_mangle(argv[1], false);
- if (r < 0)
- return r;
+ if (arg_ifindex <= 0)
+ return status_all(bus, STATUS_DNS);
- if (argc == 2)
+ if (argc < 3)
return status_ifindex(bus, arg_ifindex, NULL, STATUS_DNS, NULL);
r = sd_bus_message_new_method_call(
assert(bus);
- if (argc <= 1)
- return status_all(bus, STATUS_DOMAIN);
+ if (argc >= 2) {
+ r = ifname_mangle(argv[1]);
+ if (r < 0)
+ return r;
+ }
- r = ifname_mangle(argv[1], false);
- if (r < 0)
- return r;
+ if (arg_ifindex <= 0)
+ return status_all(bus, STATUS_DOMAIN);
- if (argc == 2)
+ if (argc < 3)
return status_ifindex(bus, arg_ifindex, NULL, STATUS_DOMAIN, NULL);
r = sd_bus_message_new_method_call(
assert(bus);
- if (argc <= 1)
- return status_all(bus, STATUS_LLMNR);
+ if (argc >= 2) {
+ r = ifname_mangle(argv[1]);
+ if (r < 0)
+ return r;
+ }
- r = ifname_mangle(argv[1], false);
- if (r < 0)
- return r;
+ if (arg_ifindex <= 0)
+ return status_all(bus, STATUS_LLMNR);
- if (argc == 2)
+ if (argc < 3)
return status_ifindex(bus, arg_ifindex, NULL, STATUS_LLMNR, NULL);
r = sd_bus_call_method(bus,
assert(bus);
- if (argc <= 1)
- return status_all(bus, STATUS_MDNS);
+ if (argc >= 2) {
+ r = ifname_mangle(argv[1]);
+ if (r < 0)
+ return r;
+ }
- r = ifname_mangle(argv[1], false);
- if (r < 0)
- return r;
+ if (arg_ifindex <= 0)
+ return status_all(bus, STATUS_MDNS);
- if (argc == 2)
+ if (argc < 3)
return status_ifindex(bus, arg_ifindex, NULL, STATUS_MDNS, NULL);
r = sd_bus_call_method(bus,
assert(bus);
- if (argc <= 1)
- return status_all(bus, STATUS_PRIVATE);
+ if (argc >= 2) {
+ r = ifname_mangle(argv[1]);
+ if (r < 0)
+ return r;
+ }
- r = ifname_mangle(argv[1], false);
- if (r < 0)
- return r;
+ if (arg_ifindex <= 0)
+ return status_all(bus, STATUS_PRIVATE);
- if (argc == 2)
+ if (argc < 3)
return status_ifindex(bus, arg_ifindex, NULL, STATUS_PRIVATE, NULL);
r = sd_bus_call_method(bus,
assert(bus);
- if (argc <= 1)
- return status_all(bus, STATUS_DNSSEC);
+ if (argc >= 2) {
+ r = ifname_mangle(argv[1]);
+ if (r < 0)
+ return r;
+ }
- r = ifname_mangle(argv[1], false);
- if (r < 0)
- return r;
+ if (arg_ifindex <= 0)
+ return status_all(bus, STATUS_DNSSEC);
- if (argc == 2)
+ if (argc < 3)
return status_ifindex(bus, arg_ifindex, NULL, STATUS_DNSSEC, NULL);
r = sd_bus_call_method(bus,
assert(bus);
- if (argc <= 1)
- return status_all(bus, STATUS_NTA);
+ if (argc >= 2) {
+ r = ifname_mangle(argv[1]);
+ if (r < 0)
+ return r;
+ }
- r = ifname_mangle(argv[1], false);
- if (r < 0)
- return r;
+ if (arg_ifindex <= 0)
+ return status_all(bus, STATUS_NTA);
- if (argc == 2)
+ if (argc < 3)
return status_ifindex(bus, arg_ifindex, NULL, STATUS_NTA, NULL);
/* If only argument is the empty string, then call SetLinkDNSSECNegativeTrustAnchors()
assert(bus);
- r = ifname_mangle(argv[1], false);
- if (r < 0)
- return r;
+ if (argc >= 2) {
+ r = ifname_mangle(argv[1]);
+ if (r < 0)
+ return r;
+ }
+
+ if (arg_ifindex <= 0)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Interface argument required.");
r = sd_bus_call_method(bus,
"org.freedesktop.resolve1",
break;
case 'i':
- arg_ifname = mfree(arg_ifname);
- r = ifname_mangle(optarg, true);
+ r = ifname_mangle(optarg);
if (r < 0)
return r;
break;
if (arg_ifindex <= 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"--set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnsovertls=, --set-dnssec=, --set-nta= and --revert require --interface=.");
-
- if (arg_ifindex == LOOPBACK_IFINDEX)
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
- "Interface can't be the loopback interface (lo). Sorry.");
}
return 1 /* work to do */;
break;
case 'i':
- arg_ifname = mfree(arg_ifname);
- r = ifname_mangle(optarg, true);
+ r = ifname_mangle(optarg);
if (r < 0)
return r;
break;
{ "dnsovertls", VERB_ANY, 3, 0, verb_dns_over_tls },
{ "dnssec", VERB_ANY, 3, 0, verb_dnssec },
{ "nta", VERB_ANY, VERB_ANY, 0, verb_nta },
- { "revert", 2, 2, 0, verb_revert_link },
+ { "revert", VERB_ANY, 2, 0, verb_revert_link },
{}
};
extern char **arg_set_domain;
extern bool arg_ifindex_permissive;
-int ifname_mangle(const char *s, bool allow_loopback);
+int ifname_mangle(const char *s);
#include "bus-common-errors.h"
#include "bus-util.h"
#include "dns-domain.h"
+#include "missing_capability.h"
#include "resolved-bus.h"
#include "resolved-def.h"
#include "resolved-dns-synthesize.h"
if (type == SOCK_DGRAM) {
/* Set IP_RECVERR or IPV6_RECVERR to get ICMP error feedback. See discussion in #10345. */
- r = setsockopt_int(fd, SOL_IP, sa.sa.sa_family == AF_INET ? IP_RECVERR : IPV6_RECVERR, true);
- if (r < 0)
- return r;
+
+ if (sa.sa.sa_family == AF_INET) {
+ r = setsockopt_int(fd, IPPROTO_IP, IP_RECVERR, true);
+ if (r < 0)
+ return r;
+
+ r = setsockopt_int(fd, IPPROTO_IP, IP_PKTINFO, true);
+ if (r < 0)
+ return r;
+
+ } else if (sa.sa.sa_family == AF_INET6) {
+ r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_RECVERR, true);
+ if (r < 0)
+ return r;
+
+ r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, true);
+ if (r < 0)
+ return r;
+ }
}
if (ret_socket_address)
/* SPDX-License-Identifier: LGPL-2.1+ */
#include "fd-util.h"
+#include "missing_network.h"
#include "resolved-dns-stub.h"
#include "socket-util.h"
#include "alloc-util.h"
#include "hostname-util.h"
#include "local-addresses.h"
+#include "missing_network.h"
#include "resolved-dns-synthesize.h"
int dns_synthesize_ifindex(int ifindex) {
#include "alloc-util.h"
#include "bus-util.h"
+#include "missing_capability.h"
#include "resolved-dnssd.h"
#include "resolved-dnssd-bus.h"
#include "resolved-link.h"
#include "fileio.h"
#include "hostname-util.h"
#include "io-util.h"
+#include "missing_network.h"
#include "netlink-util.h"
#include "network-internal.h"
#include "ordered-set.h"
#endif
-int main(int argc, char*argv[]) {
+int main(int argc, char *argv[]) {
test_dnssec_canonicalize();
f = fopen("/etc/hosts", "re");
if (!f) {
- assert_se(errno == -ENOENT);
+ assert_se(errno == ENOENT);
return;
}
#pragma once
#if HAVE_BLKID
-#include <blkid.h>
-#endif
+# include <blkid.h>
-#include "util.h"
+# include "macro.h"
-#if HAVE_BLKID
DEFINE_TRIVIAL_CLEANUP_FUNC(blkid_probe, blkid_free_probe);
#endif
#include "ip-protocol-list.h"
#include "list.h"
#include "locale-util.h"
+#include "missing_fs.h"
#include "mountpoint-util.h"
#include "nsflags.h"
#include "parse-util.h"
#include "fs-util.h"
#include "log.h"
#include "macro.h"
+#include "missing.h"
#include "parse-util.h"
#include "path-util.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "signal-util.h"
#include "socket-util.h"
#include "string-util.h"
#include "syslog-util.h"
#include "time-util.h"
#include "utf8.h"
-#include "rlimit-util.h"
int config_item_table_lookup(
const void *table,
return 0;
}
-static int dns_name_build_suffix_table(const char *name, const char*table[]) {
+static int dns_name_build_suffix_table(const char *name, const char *table[]) {
const char *p;
unsigned n = 0;
int r;
#include "hashmap.h"
#include "macro.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "serialize.h"
#include "set.h"
#include "signal-util.h"
_exit(EXIT_FAILURE);
}
+ (void) rlimit_nofile_safe();
+
if (!argv) {
_argv[0] = (char*) path;
_argv[1] = NULL;
/* SPDX-License-Identifier: LGPL-2.1+ */
+#include <ctype.h>
#include <stdio_ext.h>
#include "alloc-util.h"
unsigned ellipsize_percent; /* 0 … 100, where to place the ellipsis when compression is needed */
unsigned align_percent; /* 0 … 100, where to pad with spaces when expanding is needed. 0: left-aligned, 100: right-aligned */
+ bool uppercase; /* Uppercase string on display */
+
const char *color; /* ANSI color string to use for this cell. When written to terminal should not move cursor. Will automatically be reset after the cell */
char *url; /* A URL to use for a clickable hyperlink */
char *formatted; /* A cached textual representation of the cell data, before ellipsation/alignment */
Table *table_new_internal(const char *first_header, ...) {
_cleanup_(table_unrefp) Table *t = NULL;
size_t n_columns = 1;
+ const char *h;
va_list ap;
int r;
va_start(ap, first_header);
for (;;) {
- const char *h;
-
h = va_arg(ap, const char*);
if (!h)
break;
if (!t)
return NULL;
- r = table_add_cell(t, NULL, TABLE_STRING, first_header);
- if (r < 0)
- return NULL;
-
va_start(ap, first_header);
- for (;;) {
- const char *h;
+ for (h = first_header; h; h = va_arg(ap, const char*)) {
+ TableCell *cell;
- h = va_arg(ap, const char*);
- if (!h)
- break;
+ r = table_add_cell(t, &cell, TABLE_STRING, h);
+ if (r < 0) {
+ va_end(ap);
+ return NULL;
+ }
- r = table_add_cell(t, NULL, TABLE_STRING, h);
+ /* Make the table header uppercase */
+ r = table_set_uppercase(t, cell, true);
if (r < 0) {
va_end(ap);
return NULL;
if (d->ellipsize_percent != ellipsize_percent)
return false;
+ /* If a color/url/uppercase flag is set, refuse to merge */
+ if (d->color)
+ return false;
+ if (d->url)
+ return false;
+ if (d->uppercase)
+ return false;
+
k = table_data_size(type, data);
l = table_data_size(d->type, d->data);
nd->color = od->color;
nd->url = TAKE_PTR(curl);
+ nd->uppercase = od->uppercase;
table_data_unref(od);
t->data[i] = nd;
return free_and_replace(table_get_data(t, cell)->url, copy);
}
+int table_set_uppercase(Table *t, TableCell *cell, bool b) {
+ TableData *d;
+ int r;
+
+ assert(t);
+ assert(cell);
+
+ r = table_dedup_cell(t, cell);
+ if (r < 0)
+ return r;
+
+ assert_se(d = table_get_data(t, cell));
+
+ if (d->uppercase == b)
+ return 0;
+
+ d->formatted = mfree(d->formatted);
+ d->uppercase = b;
+ return 1;
+}
+
int table_update(Table *t, TableCell *cell, TableDataType type, const void *data) {
_cleanup_free_ char *curl = NULL;
TableData *nd, *od;
nd->color = od->color;
nd->url = TAKE_PTR(curl);
+ nd->uppercase = od->uppercase;
table_data_unref(od);
t->data[i] = nd;
return "";
case TABLE_STRING:
+ if (d->uppercase) {
+ char *p, *q;
+
+ d->formatted = new(char, strlen(d->string) + 1);
+ if (!d->formatted)
+ return NULL;
+
+ for (p = d->string, q = d->formatted; *p; p++, q++)
+ *q = (char) toupper((unsigned char) *p);
+ *q = 0;
+
+ return d->formatted;
+ }
+
return d->string;
case TABLE_BOOLEAN:
if (!p)
return NULL;
- if (!format_timespan(p, FORMAT_TIMESPAN_MAX, d->timestamp, 0))
+ if (!format_timespan(p, FORMAT_TIMESPAN_MAX, d->timespan, 0))
return "n/a";
d->formatted = TAKE_PTR(p);
return table_get(t, cell);
}
+
+static int table_data_to_json(TableData *d, JsonVariant **ret) {
+
+ switch (d->type) {
+
+ case TABLE_EMPTY:
+ return json_variant_new_null(ret);
+
+ case TABLE_STRING:
+ return json_variant_new_string(ret, d->string);
+
+ case TABLE_BOOLEAN:
+ return json_variant_new_boolean(ret, d->boolean);
+
+ case TABLE_TIMESTAMP:
+ if (d->timestamp == USEC_INFINITY)
+ return json_variant_new_null(ret);
+
+ return json_variant_new_unsigned(ret, d->timestamp);
+
+ case TABLE_TIMESPAN:
+ if (d->timespan == USEC_INFINITY)
+ return json_variant_new_null(ret);
+
+ return json_variant_new_unsigned(ret, d->timespan);
+
+ case TABLE_SIZE:
+ if (d->size == (size_t) -1)
+ return json_variant_new_null(ret);
+
+ return json_variant_new_unsigned(ret, d->size);
+
+ case TABLE_UINT32:
+ return json_variant_new_unsigned(ret, d->uint32);
+
+ case TABLE_UINT64:
+ return json_variant_new_unsigned(ret, d->uint64);
+
+ case TABLE_PERCENT:
+ return json_variant_new_integer(ret, d->percent);
+
+ default:
+ return -EINVAL;
+ }
+}
+
+int table_to_json(Table *t, JsonVariant **ret) {
+ JsonVariant **rows = NULL, **elements = NULL;
+ _cleanup_free_ size_t *sorted = NULL;
+ size_t n_rows, i, j, display_columns;
+ int r;
+
+ assert(t);
+
+ /* Ensure we have no incomplete rows */
+ assert(t->n_cells % t->n_columns == 0);
+
+ n_rows = t->n_cells / t->n_columns;
+ assert(n_rows > 0); /* at least the header row must be complete */
+
+ if (t->sort_map) {
+ /* If sorting is requested, let's calculate an index table we use to lookup the actual index to display with. */
+
+ sorted = new(size_t, n_rows);
+ if (!sorted) {
+ r = -ENOMEM;
+ goto finish;
+ }
+
+ for (i = 0; i < n_rows; i++)
+ sorted[i] = i * t->n_columns;
+
+ typesafe_qsort_r(sorted, n_rows, table_data_compare, t);
+ }
+
+ if (t->display_map)
+ display_columns = t->n_display_map;
+ else
+ display_columns = t->n_columns;
+ assert(display_columns > 0);
+
+ elements = new0(JsonVariant*, display_columns * 2);
+ if (!elements) {
+ r = -ENOMEM;
+ goto finish;
+ }
+
+ for (j = 0; j < display_columns; j++) {
+ TableData *d;
+
+ assert_se(d = t->data[t->display_map ? t->display_map[j] : j]);
+
+ r = table_data_to_json(d, elements + j*2);
+ if (r < 0)
+ goto finish;
+ }
+
+ rows = new0(JsonVariant*, n_rows-1);
+ if (!rows) {
+ r = -ENOMEM;
+ goto finish;
+ }
+
+ for (i = 1; i < n_rows; i++) {
+ TableData **row;
+
+ if (sorted)
+ row = t->data + sorted[i];
+ else
+ row = t->data + i * t->n_columns;
+
+ for (j = 0; j < display_columns; j++) {
+ TableData *d;
+ size_t k;
+
+ assert_se(d = row[t->display_map ? t->display_map[j] : j]);
+
+ k = j*2+1;
+ elements[k] = json_variant_unref(elements[k]);
+
+ r = table_data_to_json(d, elements + k);
+ if (r < 0)
+ goto finish;
+ }
+
+ r = json_variant_new_object(rows + i - 1, elements, display_columns * 2);
+ if (r < 0)
+ goto finish;
+ }
+
+ r = json_variant_new_array(ret, rows, n_rows - 1);
+
+finish:
+ if (rows) {
+ json_variant_unref_many(rows, n_rows-1);
+ free(rows);
+ }
+
+ if (elements) {
+ json_variant_unref_many(elements, display_columns*2);
+ free(elements);
+ }
+
+ return r;
+}
+
+int table_print_json(Table *t, FILE *f, JsonFormatFlags flags) {
+ _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
+ int r;
+
+ assert(t);
+
+ if (!f)
+ f = stdout;
+
+ r = table_to_json(t, &v);
+ if (r < 0)
+ return r;
+
+ json_variant_dump(v, flags, f, NULL);
+
+ return fflush_and_check(f);
+}
#include <stdio.h>
#include <sys/types.h>
+#include "json.h"
#include "macro.h"
typedef enum TableDataType {
int table_set_ellipsize_percent(Table *t, TableCell *cell, unsigned percent);
int table_set_color(Table *t, TableCell *cell, const char *color);
int table_set_url(Table *t, TableCell *cell, const char *color);
+int table_set_uppercase(Table *t, TableCell *cell, bool b);
int table_update(Table *t, TableCell *cell, TableDataType type, const void *data);
const void *table_get(Table *t, TableCell *cell);
const void *table_get_at(Table *t, size_t row, size_t column);
+
+int table_to_json(Table *t, JsonVariant **ret);
+int table_print_json(Table *t, FILE *f, unsigned json_flags);
#include "alloc-util.h"
#include "ip-protocol-list.h"
+#include "macro.h"
#include "parse-util.h"
#include "string-util.h"
-#include "macro.h"
static const struct ip_protocol_name* lookup_ip_protocol(register const char *str, register GPERF_LEN_TYPE len);
return 0;
}
-static int print_source(FILE *f, JsonVariant *v, unsigned flags, bool whitespace) {
+static int print_source(FILE *f, JsonVariant *v, JsonFormatFlags flags, bool whitespace) {
size_t w, k;
if (!FLAGS_SET(flags, JSON_FORMAT_SOURCE|JSON_FORMAT_PRETTY))
return 0;
}
-static int json_format(FILE *f, JsonVariant *v, unsigned flags, const char *prefix) {
+static int json_format(FILE *f, JsonVariant *v, JsonFormatFlags flags, const char *prefix) {
int r;
assert(f);
return 0;
}
-int json_variant_format(JsonVariant *v, unsigned flags, char **ret) {
+int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret) {
_cleanup_free_ char *s = NULL;
size_t sz = 0;
int r;
return (int) sz;
}
-void json_variant_dump(JsonVariant *v, unsigned flags, FILE *f, const char *prefix) {
+void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix) {
if (!v)
return;
print_source(f, v, flags, false);
+ if (((flags & (JSON_FORMAT_COLOR_AUTO|JSON_FORMAT_COLOR)) == JSON_FORMAT_COLOR_AUTO) && colors_enabled())
+ flags |= JSON_FORMAT_COLOR;
+
if (flags & JSON_FORMAT_SSE)
fputs("data: ", f);
if (flags & JSON_FORMAT_SEQ)
int json_variant_get_source(JsonVariant *v, const char **ret_source, unsigned *ret_line, unsigned *ret_column);
-enum {
- JSON_FORMAT_NEWLINE = 1 << 0, /* suffix with newline */
- JSON_FORMAT_PRETTY = 1 << 1, /* add internal whitespace to appeal to human readers */
- JSON_FORMAT_COLOR = 1 << 2, /* insert ANSI color sequences */
- JSON_FORMAT_SOURCE = 1 << 3, /* prefix with source filename/line/column */
- JSON_FORMAT_SSE = 1 << 4, /* prefix/suffix with W3C server-sent events */
- JSON_FORMAT_SEQ = 1 << 5, /* prefix/suffix with RFC 7464 application/json-seq */
-};
-
-int json_variant_format(JsonVariant *v, unsigned flags, char **ret);
-void json_variant_dump(JsonVariant *v, unsigned flags, FILE *f, const char *prefix);
+typedef enum JsonFormatFlags {
+ JSON_FORMAT_NEWLINE = 1 << 0, /* suffix with newline */
+ JSON_FORMAT_PRETTY = 1 << 1, /* add internal whitespace to appeal to human readers */
+ JSON_FORMAT_COLOR = 1 << 2, /* insert ANSI color sequences */
+ JSON_FORMAT_COLOR_AUTO = 1 << 3, /* insetr ANSI color sequences if colors_enabled() says so */
+ JSON_FORMAT_SOURCE = 1 << 4, /* prefix with source filename/line/column */
+ JSON_FORMAT_SSE = 1 << 5, /* prefix/suffix with W3C server-sent events */
+ JSON_FORMAT_SEQ = 1 << 6, /* prefix/suffix with RFC 7464 application/json-seq */
+} JsonFormatFlags;
+
+int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret);
+void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix);
int json_parse(const char *string, JsonVariant **ret, unsigned *ret_line, unsigned *ret_column);
int json_parse_continue(const char **p, JsonVariant **ret, unsigned *ret_line, unsigned *ret_column);
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
-#include <stddef.h>
-
-#include "macro.h"
-#include "missing.h"
-
typedef struct LockFile {
char *path;
int fd;
color_on = ANSI_HIGHLIGHT;
color_off = ANSI_NORMAL;
highlight_on = ANSI_HIGHLIGHT_RED;
+ } else if (priority >= LOG_DEBUG) {
+ color_on = ANSI_GREY;
+ color_off = ANSI_NORMAL;
+ highlight_on = ANSI_HIGHLIGHT_RED;
}
}
}
json_variant_dump(object,
- (mode == OUTPUT_JSON_SSE ? JSON_FORMAT_SSE :
- mode == OUTPUT_JSON_SEQ ? JSON_FORMAT_SEQ :
- mode == OUTPUT_JSON_PRETTY ? JSON_FORMAT_PRETTY :
- JSON_FORMAT_NEWLINE) |
+ output_mode_to_json_format_flags(mode) |
(FLAGS_SET(flags, OUTPUT_COLOR) ? JSON_FORMAT_COLOR : 0),
f, NULL);
static int (*output_funcs[_OUTPUT_MODE_MAX])(
FILE *f,
- sd_journal*j,
+ sd_journal *j,
OutputMode mode,
unsigned n_columns,
OutputFlags flags,
#include <stdlib.h>
#include <string.h>
#include <sys/file.h>
+#include <sys/ioctl.h>
#include <sys/stat.h>
#include <unistd.h>
#include <linux/fs.h>
reboot-util.h
resolve-util.c
resolve-util.h
- rlimit-util.c
- rlimit-util.h
seccomp-util.h
securebits-util.c
securebits-util.h
/* SPDX-License-Identifier: LGPL-2.1+ */
-#include <sched.h>
+#include <errno.h>
#include "alloc-util.h"
#include "extract-word.h"
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
-#include <sched.h>
-
-#include "missing.h"
+#include "missing_sched.h"
/* The combination of all namespace flags defined by the kernel. The right type for this isn't clear. setns() and
* unshare() expect these flags to be passed as (signed) "int", while clone() wants them as "unsigned long". The latter
#include "output-mode.h"
#include "string-table.h"
+JsonFormatFlags output_mode_to_json_format_flags(OutputMode m) {
+
+ switch (m) {
+
+ case OUTPUT_JSON_SSE:
+ return JSON_FORMAT_SSE;
+
+ case OUTPUT_JSON_SEQ:
+ return JSON_FORMAT_SEQ;
+
+ case OUTPUT_JSON_PRETTY:
+ return JSON_FORMAT_PRETTY;
+
+ default:
+ return JSON_FORMAT_NEWLINE;
+ }
+}
+
static const char *const output_mode_table[_OUTPUT_MODE_MAX] = {
[OUTPUT_SHORT] = "short",
[OUTPUT_SHORT_FULL] = "short-full",
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
+#include "json.h"
#include "macro.h"
typedef enum OutputMode {
_OUTPUT_MODE_INVALID = -1
} OutputMode;
+static inline bool OUTPUT_MODE_IS_JSON(OutputMode m) {
+ return IN_SET(m, OUTPUT_JSON, OUTPUT_JSON_PRETTY, OUTPUT_JSON_SSE, OUTPUT_JSON_SEQ);
+}
+
/* The output flags definitions are shared by the logs and process tree output. Some apply to both, some only to the
* logs output, others only to the process tree output. */
OUTPUT_NO_HOSTNAME = 1 << 9,
} OutputFlags;
+JsonFormatFlags output_mode_to_json_format_flags(OutputMode m);
+
const char* output_mode_to_string(OutputMode m) _const_;
OutputMode output_mode_from_string(const char *s) _pure_;
#include "macro.h"
#include "pager.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "signal-util.h"
#include "string-util.h"
#include "strv.h"
file = fdopen(exe_name_fd, "r");
if (!file) {
safe_close(exe_name_fd);
- return log_debug_errno(errno, "Failed to create FILE object: %m");
+ return log_error_errno(errno, "Failed to create FILE object: %m");
}
/* Find the last line */
r = read_line(file, LONG_LINE_MAX, &t);
if (r < 0)
- return r;
+ return log_error_errno(r, "Failed to read from socket: %m");
if (r == 0)
break;
return 0;
if (!is_main_thread())
- return -EPERM;
+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Pager invoked from wrong thread.");
pager = getenv("SYSTEMD_PAGER");
if (!pager)
if (pager) {
pager_args = strv_split(pager, WHITESPACE);
if (!pager_args)
- return -ENOMEM;
+ return log_oom();
/* If the pager is explicitly turned off, honour it */
if (strv_isempty(pager_args) || strv_equal(pager_args, STRV_MAKE("cat")))
if (flags & PAGER_JUMP_TO_END)
less_opts = strjoina(less_opts, " +G");
- r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pager_pid);
+ r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pager_pid);
if (r < 0)
return r;
if (r == 0) {
/* In the child start the pager */
- (void) dup2(fd[0], STDIN_FILENO);
+ if (dup2(fd[0], STDIN_FILENO) < 0) {
+ log_error_errno(errno, "Failed to duplicate file descriptor to STDIN: %m");
+ _exit(EXIT_FAILURE);
+ }
+
safe_close_pair(fd);
- if (setenv("LESS", less_opts, 1) < 0)
+ if (setenv("LESS", less_opts, 1) < 0) {
+ log_error_errno(errno, "Failed to set environment variable LESS: %m");
_exit(EXIT_FAILURE);
+ }
/* Initialize a good charset for less. This is
* particularly important if we output UTF-8
if (!less_charset && is_locale_utf8())
less_charset = "utf-8";
if (less_charset &&
- setenv("LESSCHARSET", less_charset, 1) < 0)
+ setenv("LESSCHARSET", less_charset, 1) < 0) {
+ log_error_errno(errno, "Failed to set environment variable LESSCHARSET: %m");
_exit(EXIT_FAILURE);
+ }
if (pager_args) {
- if (loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false) < 0)
+ r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false);
+ if (r < 0) {
+ log_error_errno(r, "Failed to write pager name to socket: %m");
_exit(EXIT_FAILURE);
+ }
execvp(pager_args[0], pager_args);
+ log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
+ "Failed execute %s, using fallback pagers: %m", pager_args[0]);
}
/* Debian's alternatives command for pagers is
* is similar to this one anyway, but is
* Debian-specific. */
FOREACH_STRING(exe, "pager", "less", "more") {
- if (loop_write(exe_name_pipe[1], exe, strlen(exe) + 1, false) < 0)
+ r = loop_write(exe_name_pipe[1], exe, strlen(exe) + 1, false);
+ if (r < 0) {
+ log_error_errno(r, "Failed to write pager name to socket: %m");
_exit(EXIT_FAILURE);
+ }
execlp(exe, exe, NULL);
+ log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
+ "Failed execute %s, using next fallback pager: %m", exe);
}
- if (loop_write(exe_name_pipe[1], "(built-in)", strlen("(built-in") + 1, false) < 0)
+ r = loop_write(exe_name_pipe[1], "(built-in)", strlen("(built-in") + 1, false);
+ if (r < 0) {
+ log_error_errno(r, "Failed to write pager name to socket: %m");
_exit(EXIT_FAILURE);
+ }
pager_fallback();
/* not reached */
}
} else
args[1] = desc;
- r = safe_fork("(man)", FORK_RESET_SIGNALS|FORK_DEATHSIG|(null_stdio ? FORK_NULL_STDIO : 0)|FORK_LOG, &pid);
+ r = safe_fork("(man)", FORK_RESET_SIGNALS|FORK_DEATHSIG|(null_stdio ? FORK_NULL_STDIO : 0)|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
PTY_FORWARD_IGNORE_INITIAL_VHANGUP = 4,
} PTYForwardFlags;
-typedef int (*PTYForwardHandler)(PTYForward *f, int rcode, void*userdata);
+typedef int (*PTYForwardHandler)(PTYForward *f, int rcode, void *userdata);
int pty_forward_new(sd_event *event, int master, PTYForwardFlags flags, PTYForward **f);
PTYForward *pty_forward_free(PTYForward *f);
#include "alloc-util.h"
#include "extract-word.h"
-#include "securebits.h"
#include "securebits-util.h"
#include "string-util.h"
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
-#include "securebits.h"
+#include "missing_securebits.h"
int secure_bits_to_string_alloc(int i, char **s);
int secure_bits_from_string(const char *s);
#include "env-util.h"
#include "escape.h"
#include "fileio.h"
+#include "missing.h"
#include "parse-util.h"
#include "process-util.h"
#include "serialize.h"
#include <stddef.h>
#include <stdio.h>
#include <string.h>
+#include <sys/ioctl.h>
#include <sys/utsname.h>
#include <syslog.h>
#include <unistd.h>
pid_t pid;
int r;
- r = safe_fork("(sulogin)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+ r = safe_fork("(sulogin)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
/* SPDX-License-Identifier: LGPL-2.1+ */
-/***
- Copyright © 2013 Marc-Antoine Perennou
-***/
#include <errno.h>
#include <fcntl.h>
}
static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+ const char *path, *interface, *active_state = NULL, *job_path = NULL;
WaitContext *c = userdata;
- const char *path;
+ bool is_failed;
int r;
+ /* Called whenever we get a PropertiesChanged signal. Checks if ActiveState changed to inactive/failed.
+ *
+ * Signal parameters: (s interface, a{sv} changed_properties, as invalidated_properties) */
+
path = sd_bus_message_get_path(m);
if (!set_contains(c->unit_paths, path))
return 0;
- /* Check if ActiveState changed to inactive/failed */
- /* (s interface, a{sv} changed_properties, as invalidated_properties) */
- r = sd_bus_message_skip(m, "s");
+ r = sd_bus_message_read(m, "s", &interface);
if (r < 0)
return bus_log_parse_error(r);
+ if (!streq(interface, "org.freedesktop.systemd1.Unit")) /* ActiveState is on the Unit interface */
+ return 0;
+
r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "{sv}");
if (r < 0)
return bus_log_parse_error(r);
- while ((r = sd_bus_message_enter_container(m, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
+ for (;;) {
const char *s;
- r = sd_bus_message_read(m, "s", &s);
+ r = sd_bus_message_enter_container(m, SD_BUS_TYPE_DICT_ENTRY, "sv");
if (r < 0)
return bus_log_parse_error(r);
+ if (r == 0) /* end of array */
+ break;
- if (streq(s, "ActiveState")) {
- bool is_failed;
+ r = sd_bus_message_read(m, "s", &s); /* Property name */
+ if (r < 0)
+ return bus_log_parse_error(r);
- r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, "s");
+ if (streq(s, "ActiveState")) {
+ r = sd_bus_message_read(m, "v", "s", &active_state);
if (r < 0)
return bus_log_parse_error(r);
- r = sd_bus_message_read(m, "s", &s);
+ if (job_path) /* Found everything we need */
+ break;
+
+ } else if (streq(s, "Job")) {
+ uint32_t job_id;
+
+ r = sd_bus_message_read(m, "v", "(uo)", &job_id, &job_path);
if (r < 0)
return bus_log_parse_error(r);
- is_failed = streq(s, "failed");
- if (streq(s, "inactive") || is_failed) {
- log_debug("%s became %s, dropping from --wait tracking", path, s);
- free(set_remove(c->unit_paths, path));
- c->any_failed = c->any_failed || is_failed;
- } else
- log_debug("ActiveState on %s changed to %s", path, s);
+ /* There's still a job pending for this unit, let's ignore this for now, and return right-away. */
+ if (job_id != 0)
+ return 0;
+
+ if (active_state) /* Found everything we need */
+ break;
- break; /* no need to dissect the rest of the message */
} else {
- /* other property */
- r = sd_bus_message_skip(m, "v");
+ r = sd_bus_message_skip(m, "v"); /* Other property */
if (r < 0)
return bus_log_parse_error(r);
}
+
r = sd_bus_message_exit_container(m);
if (r < 0)
return bus_log_parse_error(r);
}
- if (r < 0)
- return bus_log_parse_error(r);
+
+ /* If this didn't contain the ActiveState property we can't do anything */
+ if (!active_state)
+ return 0;
+
+ is_failed = streq(active_state, "failed");
+ if (streq(active_state, "inactive") || is_failed) {
+ log_debug("%s became %s, dropping from --wait tracking", path, active_state);
+ free(set_remove(c->unit_paths, path));
+ c->any_failed = c->any_failed || is_failed;
+ } else
+ log_debug("ActiveState on %s changed to %s", path, active_state);
if (set_isempty(c->unit_paths))
sd_event_exit(c->event, EXIT_SUCCESS);
if (arg_dry_run)
return 0;
- r = safe_fork("(kexec)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+ r = safe_fork("(kexec)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
if (!arg_quiet)
log_info("Executing: %s", l);
- j = safe_fork("(sysv-install)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+ j = safe_fork("(sysv-install)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (j < 0)
return j;
if (j == 0) {
assert(paths);
- r = safe_fork("(editor)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
+ r = safe_fork("(editor)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG|FORK_WAIT, NULL);
if (r < 0)
return r;
if (r == 0) {
/* we default to allowing interactive authorization only in systemctl (not in the legacy commands) */
arg_ask_password = true;
- while ((c = getopt_long(argc, argv, "ht:p:alqfs:H:M:n:o:ir", options, NULL)) >= 0)
+ while ((c = getopt_long(argc, argv, "ht:p:alqfs:H:M:n:o:ir.::", options, NULL)) >= 0)
switch (c) {
return log_oom();
break;
+ case '.':
+ /* Output an error mimicking getopt, and print a hint afterwards */
+ log_error("%s: invalid option -- '.'", program_invocation_name);
+ log_notice("Hint: to specify units starting with a dash, use \"--\":\n"
+ " %s [OPTIONS...] {COMMAND} -- -.%s ...",
+ program_invocation_name, optarg ?: "mount");
+ _fallthrough_;
+
case '?':
return -EINVAL;
/* Hmm, so some other init system is running, we need to forward this request to
* it. For now we simply guess that it is Upstart. */
+ (void) rlimit_nofile_safe();
execv(TELINIT, argv);
return log_error_errno(SYNTHETIC_ERRNO(EIO),
#endif
}
-static int run(int argc, char*argv[]) {
+static int run(int argc, char *argv[]) {
int r;
argv_cmdline = argv[0];
int sd_rtnl_message_routing_policy_rule_get_rtm_dst_prefixlen(sd_netlink_message *m, unsigned char *len);
int sd_rtnl_message_routing_policy_rule_set_rtm_type(sd_netlink_message *m, unsigned char type);
int sd_rtnl_message_routing_policy_rule_get_rtm_type(sd_netlink_message *m, unsigned char *type);
+int sd_rtnl_message_routing_policy_rule_set_flags(sd_netlink_message *m, unsigned flags);
+int sd_rtnl_message_routing_policy_rule_get_flags(sd_netlink_message *m, unsigned *flags);
/* genl */
int sd_genl_socket_open(sd_netlink **nl);
* if you want to query the hostname (resp. the service name). */
int sd_resolve_getnameinfo(sd_resolve *resolve, sd_resolve_query **q, const struct sockaddr *sa, socklen_t salen, int flags, uint64_t get, sd_resolve_getnameinfo_handler_t callback, void *userdata);
-sd_resolve_query *sd_resolve_query_ref(sd_resolve_query* q);
-sd_resolve_query *sd_resolve_query_unref(sd_resolve_query* q);
+sd_resolve_query *sd_resolve_query_ref(sd_resolve_query *q);
+sd_resolve_query *sd_resolve_query_unref(sd_resolve_query *q);
/* Returns non-zero when the query operation specified by q has been completed. */
-int sd_resolve_query_is_done(sd_resolve_query*q);
+int sd_resolve_query_is_done(sd_resolve_query *q);
void *sd_resolve_query_get_userdata(sd_resolve_query *q);
void *sd_resolve_query_set_userdata(sd_resolve_query *q, void *userdata);
#include "string-util.h"
#include "util.h"
-int main(int argc, char*argv[]) {
+int main(int argc, char *argv[]) {
char *path;
char *c, *p;
#include "parse-util.h"
#include "strv.h"
-int main(int argc, char*argv[]) {
+int main(int argc, char *argv[]) {
_cleanup_strv_free_ char **l = NULL;
int n, i;
usec_t duration = USEC_PER_SEC / 10;
_cleanup_(table_unrefp) Table *table = NULL;
_cleanup_free_ char *formatted = NULL;
- assert_se(table = table_new("NAME", "TYPE", "RO", "USAGE", "CREATED", "MODIFIED"));
+ assert_se(table = table_new("name", "type", "ro", "usage", "created", "modified"));
assert_se(table_set_align_percent(table, TABLE_HEADER_CELL(3), 100) >= 0);
assert_se(table_add_many(table,
TABLE_STRING, "foooo",
assert_se(setenv("COLUMNS", "40", 1) >= 0);
- assert_se(t = table_new("ONE", "TWO", "THREE"));
+ assert_se(t = table_new("one", "two", "three"));
assert_se(table_set_align_percent(t, TABLE_HEADER_CELL(2), 100) >= 0);
#include "service.h"
#include "unit.h"
-int main(int argc, char*argv[]) {
+int main(int argc, char *argv[]) {
JobType a, b, c, ab, bc, ab_c, bc_a, a_bc;
const ServiceState test_states[] = { SERVICE_DEAD, SERVICE_RUNNING };
unsigned i;
#include "fd-util.h"
#include "log.h"
#include "macro.h"
+#include "missing.h"
#include "parse-util.h"
#include "process-util.h"
#include "signal-util.h"
#include "alloc-util.h"
#include "capability-util.h"
#include "macro.h"
+#include "missing.h"
#include "rlimit-util.h"
#include "string-util.h"
#include "util.h"
#include "io-util.h"
#include "log.h"
#include "macro.h"
+#include "missing_network.h"
#include "process-util.h"
#include "socket-util.h"
#include "string-util.h"
assert_se(rgid == gid);
}
-int main(int argc, char*argv[]) {
+int main(int argc, char *argv[]) {
test_uid_to_name_one(0, "root");
test_uid_to_name_one(UID_NOBODY, NOBODY_USER_NAME);
test_uid_to_name_one(0xFFFF, "65535");
#include "def.h"
#include "fileio.h"
#include "fs-util.h"
+#include "missing_syscall.h"
#include "parse-util.h"
#include "process-util.h"
#include "raw-clone.h"
#include "hashmap.h"
#include "list.h"
#include "main-func.h"
+#include "missing_capability.h"
#include "path-util.h"
#include "selinux-util.h"
#include "signal-util.h"
#include <linux/ethtool.h>
#include "conf-parser.h"
-#include "missing.h"
+#include "missing_network.h"
struct link_config;
#include "fd-util.h"
#include "link-config.h"
#include "log.h"
-#include "missing.h"
+#include "missing_network.h"
#include "netlink-util.h"
#include "network-internal.h"
#include "parse-util.h"
#include <stdlib.h>
#include <sys/ioctl.h>
-#if HAVE_LINUX_BTRFS_H
-#include <linux/btrfs.h>
-#endif
-
#include "device-util.h"
#include "fd-util.h"
#include "missing.h"
#include "socket-util.h"
#include "strxcpyx.h"
#include "udev-ctrl.h"
+#include "util.h"
/* wire protocol magic must match */
#define UDEV_CTRL_MAGIC 0xdead1dea
#include "netlink-util.h"
#include "path-util.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "signal-util.h"
#include "stdio-util.h"
#include "string-util.h"
_exit(EXIT_FAILURE);
(void) close_all_fds(NULL, 0);
+ (void) rlimit_nofile_safe();
execve(argv[0], argv, envp);
_exit(EXIT_FAILURE);
if (r < 0)
return log_error_errno(r, "Worker: Failed to enable receiving of device: %m");
- r = safe_fork(NULL, FORK_DEATHSIG, &pid);
+ r = safe_fork("(worker)", FORK_DEATHSIG, &pid);
if (r < 0) {
event->state = EVENT_QUEUED;
return log_error_errno(r, "Failed to fork() worker: %m");
return 0;
/* child */
- setsid();
+ (void) setsid();
r = set_oom_score_adjust(-1000);
if (r < 0)
#include "string-util.h"
#include "util.h"
-static int run(int argc, char*argv[]) {
+static int run(int argc, char *argv[]) {
int r, k;
if (argc != 2)
log_debug("Executing \"%s\"...", strnull(cmd));
}
- r = safe_fork("(loadkeys)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+ r = safe_fork("(loadkeys)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
log_debug("Executing \"%s\"...", strnull(cmd));
}
- r = safe_fork("(setfont)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+ r = safe_fork("(setfont)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
IPv6RapidDeploymentPrefix=
ERSPANIndex=
SerializeTunneledPackets=
+ISATAP=
[VXLAN]
UDP6ZeroChecksumRx=
ARPProxy=
HairPin = true
FastLeave = true
UnicastFlood = true
+MulticastToUnicast = true
FastLeave=
Priority=
AllowPortToBeRoot=
+MulticastToUnicast=
[Match]
KernelVersion=
Type=
SourcePort=
DestinationPort=
IPProtocol=
+InvertRule=
[IPv6PrefixDelegation]
RouterPreference=
DNSLifetimeSec=
GroupForwardMask=
GroupPolicyExtension=
HairPin=
+MulticastToUnicast=
HelloTimeSec=
HomeAddress=
Host=
InitialAdvertisedReceiveWindow=
InitialCongestionWindow=
InputKey=
+InvertRule=
KernelCommandLine=
KernelVersion=
Key=
--- /dev/null
+[Match]
+Name=test1
+
+[RoutingPolicyRule]
+TypeOfService=0x08
+Table=7
+From= 192.168.100.18
+Priority=111
+IPProtocol = tcp
+InvertRule=true
--- /dev/null
+[NetDev]
+Name=isataptun99
+Kind=sit
+
+[Tunnel]
+Local=10.65.223.238
+Remote=10.65.223.239
+ISATAP=true
HairPin = true
FastLeave = true
UnicastFlood = true
+MulticastToUnicast = true
--- /dev/null
+[Match]
+Name=dummy98
+
+[Network]
+Tunnel=isataptun99
# systemd-networkd tests
import os
-import sys
-import unittest
-import subprocess
-import time
import re
import shutil
import signal
import socket
+import subprocess
+import sys
import threading
+import time
+import unittest
from shutil import copytree
network_unit_file_path='/run/systemd/network'
with open(os.path.join(os.path.join(os.path.join('/sys/class/net/', link), dev), attribute)) as f:
return f.readline().strip()
+ def read_bridge_port_attr(self, bridge, link, attribute):
+
+ path_bridge = os.path.join('/sys/devices/virtual/net', bridge)
+ path_port = 'lower_' + link + '/brport'
+ path = os.path.join(path_bridge, path_port)
+
+ with open(os.path.join(path, attribute)) as f:
+ return f.readline().strip()
+
def link_exits(self, link):
return os.path.exists(os.path.join('/sys/class/net', link))
os.remove(pid_file)
- def search_words_in_file(self, word):
+ def search_words_in_dnsmasq_log(self, words, show_all=False):
if os.path.exists(dnsmasq_log_file):
with open (dnsmasq_log_file) as in_file:
contents = in_file.read()
- print(contents)
- for part in contents.split():
- if word in part:
+ if show_all:
+ print(contents)
+ for line in contents.split('\n'):
+ if words in line:
in_file.close()
- print("%s, %s" % (word, part))
+ print("%s, %s" % (words, line))
return True
return False
else:
subprocess.check_call('systemctl restart systemd-networkd', shell=True)
time.sleep(5)
+ print()
global ip
global port
class NetworkdNetDevTests(unittest.TestCase, Utilities):
- links =['bridge99', 'bond99', 'bond99', 'vlan99', 'test1', 'macvtap99',
- 'macvlan99', 'ipvlan99', 'vxlan99', 'veth99', 'vrf99', 'tun99',
- 'tap99', 'vcan99', 'geneve99', 'dummy98', 'ipiptun99', 'sittun99', '6rdtun99',
- 'gretap99', 'vtitun99', 'vti6tun99','ip6tnl99', 'gretun99', 'ip6gretap99',
- 'wg99', 'dropin-test', 'erspan-test']
-
- units = ['25-bridge.netdev', '25-bond.netdev', '21-vlan.netdev', '11-dummy.netdev', '21-vlan.network',
- '21-macvtap.netdev', 'macvtap.network', '21-macvlan.netdev', 'macvlan.network', 'vxlan.network',
- '25-vxlan.netdev', '25-ipvlan.netdev', 'ipvlan.network', '25-veth.netdev', '25-vrf.netdev',
- '25-tun.netdev', '25-tun.netdev', '25-vcan.netdev', '25-geneve.netdev', '25-ipip-tunnel.netdev',
- '25-ip6tnl-tunnel.netdev', '25-ip6gre-tunnel.netdev', '25-sit-tunnel.netdev', '25-6rd-tunnel.netdev',
- '25-erspan-tunnel.netdev', '25-gre-tunnel.netdev', '25-gretap-tunnel.netdev', '25-vti-tunnel.netdev',
- '25-vti6-tunnel.netdev', '12-dummy.netdev', 'gre.network', 'ipip.network', 'ip6gretap.network',
- 'gretun.network', 'ip6tnl.network', '25-tap.netdev', 'vti6.network', 'vti.network', 'gretap.network',
- 'sit.network', '25-ipip-tunnel-independent.netdev', '25-wireguard.netdev', '6rd.network', '10-dropin-test.netdev']
+ links =[
+ '6rdtun99',
+ 'bond99',
+ 'bridge99',
+ 'dropin-test',
+ 'dummy98',
+ 'erspan-test',
+ 'geneve99',
+ 'gretap99',
+ 'gretun99',
+ 'ip6gretap99',
+ 'ip6tnl99',
+ 'ipiptun99',
+ 'ipvlan99',
+ 'isataptun99',
+ 'macvlan99',
+ 'macvtap99',
+ 'sittun99',
+ 'tap99',
+ 'test1',
+ 'tun99',
+ 'vcan99',
+ 'veth99',
+ 'vlan99',
+ 'vrf99',
+ 'vti6tun99',
+ 'vtitun99',
+ 'vxlan99',
+ 'wg99']
+
+ units = [
+ '10-dropin-test.netdev',
+ '11-dummy.netdev',
+ '12-dummy.netdev',
+ '21-macvlan.netdev',
+ '21-macvtap.netdev',
+ '21-vlan.netdev',
+ '21-vlan.network',
+ '25-6rd-tunnel.netdev',
+ '25-bond.netdev',
+ '25-bridge.netdev',
+ '25-erspan-tunnel.netdev',
+ '25-geneve.netdev',
+ '25-gretap-tunnel.netdev',
+ '25-gre-tunnel.netdev',
+ '25-ip6gre-tunnel.netdev',
+ '25-ip6tnl-tunnel.netdev',
+ '25-ipip-tunnel-independent.netdev',
+ '25-ipip-tunnel.netdev',
+ '25-ipvlan.netdev',
+ '25-isatap-tunnel.netdev',
+ '25-sit-tunnel.netdev',
+ '25-tap.netdev',
+ '25-tun.netdev',
+ '25-vcan.netdev',
+ '25-veth.netdev',
+ '25-vrf.netdev',
+ '25-vti6-tunnel.netdev',
+ '25-vti-tunnel.netdev',
+ '25-vxlan.netdev',
+ '25-wireguard.netdev',
+ '6rd.network',
+ 'gre.network',
+ 'gretap.network',
+ 'gretun.network',
+ 'ip6gretap.network',
+ 'ip6tnl.network',
+ 'ipip.network',
+ 'ipvlan.network',
+ 'isatap.network',
+ 'macvlan.network',
+ 'macvtap.network',
+ 'sit.network',
+ 'vti6.network',
+ 'vti.network',
+ 'vxlan.network']
def setUp(self):
self.link_remove(self.links)
def test_dropin(self):
self.copy_unit_to_networkd_unit_path('10-dropin-test.netdev')
-
self.start_networkd()
self.assertTrue(self.link_exits('dropin-test'))
def test_vlan(self):
self.copy_unit_to_networkd_unit_path('21-vlan.netdev', '11-dummy.netdev', '21-vlan.network')
-
self.start_networkd()
self.assertTrue(self.link_exits('vlan99'))
output = subprocess.check_output(['ip', '-d', 'link', 'show', 'vlan99']).rstrip().decode('utf-8')
+ print(output)
self.assertTrue(output, 'REORDER_HDR')
self.assertTrue(output, 'LOOSE_BINDING')
self.assertTrue(output, 'GVRP')
def test_macvtap(self):
self.copy_unit_to_networkd_unit_path('21-macvtap.netdev', '11-dummy.netdev', 'macvtap.network')
-
self.start_networkd()
self.assertTrue(self.link_exits('macvtap99'))
def test_macvlan(self):
self.copy_unit_to_networkd_unit_path('21-macvlan.netdev', '11-dummy.netdev', 'macvlan.network')
-
self.start_networkd()
self.assertTrue(self.link_exits('macvlan99'))
@expectedFailureIfModuleIsNotAvailable('ipvlan')
def test_ipvlan(self):
self.copy_unit_to_networkd_unit_path('25-ipvlan.netdev', '11-dummy.netdev', 'ipvlan.network')
-
self.start_networkd()
self.assertTrue(self.link_exits('ipvlan99'))
def test_veth(self):
self.copy_unit_to_networkd_unit_path('25-veth.netdev')
-
self.start_networkd()
self.assertTrue(self.link_exits('veth99'))
def test_dummy(self):
self.copy_unit_to_networkd_unit_path('11-dummy.netdev')
-
self.start_networkd()
self.assertTrue(self.link_exits('test1'))
def test_tun(self):
self.copy_unit_to_networkd_unit_path('25-tun.netdev')
-
self.start_networkd()
self.assertTrue(self.link_exits('tun99'))
def test_tap(self):
self.copy_unit_to_networkd_unit_path('25-tap.netdev')
-
self.start_networkd()
self.assertTrue(self.link_exits('tap99'))
@expectedFailureIfModuleIsNotAvailable('vrf')
def test_vrf(self):
self.copy_unit_to_networkd_unit_path('25-vrf.netdev')
-
self.start_networkd()
self.assertTrue(self.link_exits('vrf99'))
@expectedFailureIfModuleIsNotAvailable('vcan')
def test_vcan(self):
self.copy_unit_to_networkd_unit_path('25-vcan.netdev')
-
self.start_networkd()
self.assertTrue(self.link_exits('vcan99'))
@expectedFailureIfModuleIsNotAvailable('wireguard')
def test_wireguard(self):
self.copy_unit_to_networkd_unit_path('25-wireguard.netdev')
-
self.start_networkd()
if shutil.which('wg'):
def test_geneve(self):
self.copy_unit_to_networkd_unit_path('25-geneve.netdev')
-
self.start_networkd()
self.assertTrue(self.link_exits('geneve99'))
output = subprocess.check_output(['ip', '-d', 'link', 'show', 'geneve99']).rstrip().decode('utf-8')
+ print(output)
self.assertTrue(output, '192.168.22.1')
self.assertTrue(output, '6082')
self.assertTrue(output, 'udpcsum')
self.assertTrue(self.link_exits('dummy98'))
self.assertTrue(self.link_exits('sittun99'))
+ def test_isatap_tunnel(self):
+ self.copy_unit_to_networkd_unit_path('12-dummy.netdev', '25-isatap-tunnel.netdev', 'isatap.network')
+ self.start_networkd()
+
+ self.assertTrue(self.link_exits('dummy98'))
+ self.assertTrue(self.link_exits('isataptun99'))
+
+ output = subprocess.check_output(['ip', '-d', 'link', 'show', 'isataptun99']).rstrip().decode('utf-8')
+ print(output)
+ self.assertRegex(output, "isatap ")
+
def test_6rd_tunnel(self):
self.copy_unit_to_networkd_unit_path('12-dummy.netdev', '25-6rd-tunnel.netdev', '6rd.network')
self.start_networkd()
def test_tunnel_independent(self):
self.copy_unit_to_networkd_unit_path('25-ipip-tunnel-independent.netdev')
-
self.start_networkd()
+
self.assertTrue(self.link_exits('ipiptun99'))
def test_vxlan(self):
self.copy_unit_to_networkd_unit_path('25-vxlan.netdev', 'vxlan.network','11-dummy.netdev')
-
self.start_networkd()
self.assertTrue(self.link_exits('vxlan99'))
output = subprocess.check_output(['ip', '-d', 'link', 'show', 'vxlan99']).rstrip().decode('utf-8')
+ print(output)
self.assertRegex(output, "999")
self.assertRegex(output, '5555')
self.assertRegex(output, 'l2miss')
self.assertRegex(output, 'gbp')
class NetworkdNetWorkTests(unittest.TestCase, Utilities):
- links = ['dummy98', 'test1', 'bond199']
-
- units = ['12-dummy.netdev', 'test-static.network', 'configure-without-carrier.network', '11-dummy.netdev',
- '23-primary-slave.network', '23-test1-bond199.network', '11-dummy.netdev', '23-bond199.network',
- '25-bond-active-backup-slave.netdev', '12-dummy.netdev', '23-active-slave.network',
- 'routing-policy-rule.network', '25-fibrule-port-range.network', '25-address-section.network',
- '25-address-section-miscellaneous.network', '25-route-section.network', '25-route-type.network',
- '25-route-tcp-window-settings.network', '25-route-gateway.network', '25-route-gateway-on-link.network',
- '25-address-link-section.network', '25-ipv6-address-label-section.network', '25-link-section-unmanaged.network',
- '25-sysctl.network', '25-route-reverse-order.network']
+ links = [
+ 'bond199',
+ 'dummy98',
+ 'test1']
+
+ units = [
+ '11-dummy.netdev',
+ '12-dummy.netdev',
+ '23-active-slave.network',
+ '23-bond199.network',
+ '23-primary-slave.network',
+ '23-test1-bond199.network',
+ '25-address-link-section.network',
+ '25-address-section-miscellaneous.network',
+ '25-address-section.network',
+ '25-bond-active-backup-slave.netdev',
+ '25-fibrule-invert.network',
+ '25-fibrule-port-range.network',
+ '25-ipv6-address-label-section.network',
+ '25-link-section-unmanaged.network',
+ '25-route-gateway.network',
+ '25-route-gateway-on-link.network',
+ '25-route-reverse-order.network',
+ '25-route-section.network',
+ '25-route-tcp-window-settings.network',
+ '25-route-type.network',
+ '25-sysctl.network',
+ 'configure-without-carrier.network',
+ 'routing-policy-rule.network',
+ 'test-static.network']
def setUp(self):
self.link_remove(self.links)
self.start_networkd()
self.assertTrue(self.link_exits('dummy98'))
+
output = subprocess.check_output(['networkctl', 'status', 'dummy98']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, '192.168.0.15')
self.start_networkd()
self.assertTrue(self.link_exits('test1'))
+
output = subprocess.check_output(['networkctl', 'status', 'test1']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, '192.168.0.15')
self.assertTrue(self.link_exits('dummy98'))
self.assertTrue(self.link_exits('bond199'))
+
output = subprocess.check_output(['ip', '-d', 'link', 'show', 'bond199']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, 'active_slave dummy98')
self.assertTrue(self.link_exits('test1'))
self.assertTrue(self.link_exits('bond199'))
+
output = subprocess.check_output(['ip', '-d', 'link', 'show', 'bond199']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, 'primary test1')
self.start_networkd()
self.assertTrue(self.link_exits('test1'))
+
output = subprocess.check_output(['ip', 'rule']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, '111')
self.assertRegex(output, 'oif test1')
self.assertRegex(output, 'lookup 7')
+ subprocess.call(['ip', 'rule', 'del', 'table', '7'])
+
def test_routing_policy_rule_port_range(self):
self.copy_unit_to_networkd_unit_path('25-fibrule-port-range.network', '11-dummy.netdev')
self.start_networkd()
self.assertTrue(self.link_exits('test1'))
+
output = subprocess.check_output(['ip', 'rule']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, '111')
self.assertRegex(output, 'tcp')
self.assertRegex(output, 'lookup 7')
+ subprocess.call(['ip', 'rule', 'del', 'table', '7'])
+
+ def test_routing_policy_rule_invert(self):
+ self.copy_unit_to_networkd_unit_path('25-fibrule-invert.network', '11-dummy.netdev')
+ self.start_networkd()
+
+ self.assertTrue(self.link_exits('test1'))
+
+ output = subprocess.check_output(['ip', 'rule']).rstrip().decode('utf-8')
+ print(output)
+ self.assertRegex(output, '111')
+ self.assertRegex(output, 'not.*?from.*?192.168.100.18')
+ self.assertRegex(output, 'tcp')
+ self.assertRegex(output, 'lookup 7')
+
+ subprocess.call(['ip', 'rule', 'del', 'table', '7'])
+
def test_address_preferred_lifetime_zero_ipv6(self):
self.copy_unit_to_networkd_unit_path('25-address-section-miscellaneous.network', '12-dummy.netdev')
self.start_networkd()
self.assertEqual(self.read_ipv4_sysctl_attr('dummy98', 'forwarding'),'1')
self.assertEqual(self.read_ipv4_sysctl_attr('dummy98', 'proxy_arp'), '1')
-class NetworkdNetWorkBrideTests(unittest.TestCase, Utilities):
- links = ['dummy98', 'test1', 'bridge99']
+class NetworkdNetWorkBridgeTests(unittest.TestCase, Utilities):
+ links = [
+ 'bridge99',
+ 'dummy98',
+ 'test1']
- units = ['11-dummy.netdev', '12-dummy.netdev', '26-bridge.netdev', '26-bridge-slave-interface-1.network',
- '26-bridge-slave-interface-2.network', 'bridge99.network']
+ units = [
+ '11-dummy.netdev',
+ '12-dummy.netdev',
+ '26-bridge.netdev',
+ '26-bridge-slave-interface-1.network',
+ '26-bridge-slave-interface-2.network',
+ 'bridge99.network']
def setUp(self):
self.link_remove(self.links)
output = subprocess.check_output(['bridge', '-d', 'link', 'show', 'dummy98']).rstrip().decode('utf-8')
print(output)
- self.assertRegex(output, 'cost 400')
- self.assertRegex(output, 'hairpin on')
- self.assertRegex(output, 'flood on')
- self.assertRegex(output, 'fastleave on')
+ self.assertEqual(self.read_bridge_port_attr('bridge99', 'dummy98', 'hairpin_mode'), '1')
+ self.assertEqual(self.read_bridge_port_attr('bridge99', 'dummy98', 'path_cost'), '400')
+ self.assertEqual(self.read_bridge_port_attr('bridge99', 'dummy98', 'unicast_flood'), '1')
+ self.assertEqual(self.read_bridge_port_attr('bridge99', 'dummy98', 'multicast_fast_leave'), '1')
+
+ # CONFIG_BRIDGE_IGMP_SNOOPING=y
+ if (os.path.exists('/sys/devices/virtual/net/bridge00/lower_dummy98/brport/multicast_to_unicast')):
+ self.assertEqual(self.read_bridge_port_attr('bridge99', 'dummy98', 'multicast_to_unicast'), '1')
class NetworkdNetWorkLLDPTests(unittest.TestCase, Utilities):
links = ['veth99']
- units = ['23-emit-lldp.network', '24-lldp.network', '25-veth.netdev']
+ units = [
+ '23-emit-lldp.network',
+ '24-lldp.network',
+ '25-veth.netdev']
def setUp(self):
self.link_remove(self.links)
class NetworkdNetworkRATests(unittest.TestCase, Utilities):
links = ['veth99']
- units = ['25-veth.netdev', 'ipv6-prefix.network', 'ipv6-prefix-veth.network']
+ units = [
+ '25-veth.netdev',
+ 'ipv6-prefix.network',
+ 'ipv6-prefix-veth.network']
def setUp(self):
self.link_remove(self.links)
self.assertRegex(output, '2002:da8:1:0')
class NetworkdNetworkDHCPServerTests(unittest.TestCase, Utilities):
- links = ['veth99', 'dummy98']
-
- units = ['25-veth.netdev', 'dhcp-client.network', 'dhcp-server.network', '12-dummy.netdev', '24-search-domain.network',
- 'dhcp-client-timezone-router.network', 'dhcp-server-timezone-router.network']
+ links = [
+ 'dummy98',
+ 'veth99']
+
+ units = [
+ '12-dummy.netdev',
+ '24-search-domain.network',
+ '25-veth.netdev',
+ 'dhcp-client.network',
+ 'dhcp-client-timezone-router.network',
+ 'dhcp-server.network',
+ 'dhcp-server-timezone-router.network']
def setUp(self):
self.link_remove(self.links)
self.assertTrue(self.link_exits('veth99'))
- time.sleep(5)
-
output = subprocess.check_output(['networkctl', 'status', 'veth99']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, '192.168.5.*')
self.assertRegex(output, 'Europe/Berlin')
class NetworkdNetworkDHCPClientTests(unittest.TestCase, Utilities):
- links = ['veth99', 'dummy98']
-
- units = ['25-veth.netdev', 'dhcp-server-veth-peer.network','dhcp-client-ipv6-only.network',
- 'dhcp-client-ipv4-only-ipv6-disabled.network', 'dhcp-client-ipv4-only.network',
- 'dhcp-client-ipv4-dhcp-settings.network', 'dhcp-client-anonymize.network',
- 'dhcp-client-ipv6-rapid-commit.network', 'dhcp-client-route-table.network',
- 'dhcp-v4-server-veth-peer.network', 'dhcp-client-listen-port.network',
- 'dhcp-client-route-metric.network', 'dhcp-client-critical-connection.network']
+ links = [
+ 'dummy98',
+ 'veth99']
+
+ units = [
+ '25-veth.netdev',
+ 'dhcp-client-anonymize.network',
+ 'dhcp-client-critical-connection.network',
+ 'dhcp-client-ipv4-dhcp-settings.network',
+ 'dhcp-client-ipv4-only-ipv6-disabled.network',
+ 'dhcp-client-ipv4-only.network',
+ 'dhcp-client-ipv6-only.network',
+ 'dhcp-client-ipv6-rapid-commit.network',
+ 'dhcp-client-listen-port.network',
+ 'dhcp-client-route-metric.network',
+ 'dhcp-client-route-table.network',
+ 'dhcp-server-veth-peer.network',
+ 'dhcp-v4-server-veth-peer.network']
def setUp(self):
self.link_remove(self.links)
print(output)
self.assertRegex(output, 'default.*dev veth99 proto dhcp')
- self.search_words_in_file('vendor class: SusantVendorTest')
- self.search_words_in_file('client MAC address: 12:34:56:78:9a:bc')
- self.search_words_in_file('client provides name: test-hostname')
- self.search_words_in_file('26:mtu')
+ self.assertTrue(self.search_words_in_dnsmasq_log('vendor class: SusantVendorTest', True))
+ self.assertTrue(self.search_words_in_dnsmasq_log('DHCPDISCOVER(veth-peer) 12:34:56:78:9a:bc'))
+ self.assertTrue(self.search_words_in_dnsmasq_log('client provides name: test-hostname'))
+ self.assertTrue(self.search_words_in_dnsmasq_log('26:mtu'))
def test_dhcp6_client_settings_rapidcommit_true(self):
self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv6-only.network')
output = subprocess.check_output(['ip', 'address', 'show', 'dev', 'veth99']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, '12:34:56:78:9a:bc')
-
- self.assertTrue(self.search_words_in_file('14:rapid-commit'))
+ self.assertTrue(self.search_words_in_dnsmasq_log('14:rapid-commit', True))
def test_dhcp6_client_settings_rapidcommit_false(self):
self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv6-rapid-commit.network')
output = subprocess.check_output(['ip', 'address', 'show', 'dev', 'veth99']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, '12:34:56:78:9a:bc')
-
- self.assertFalse(self.search_words_in_file('14:rapid-commit'))
+ self.assertFalse(self.search_words_in_dnsmasq_log('14:rapid-commit', True))
def test_dhcp_client_settings_anonymize(self):
self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-anonymize.network')
self.assertTrue(self.link_exits('veth99'))
self.start_dnsmasq()
- self.assertFalse(self.search_words_in_file('VendorClassIdentifier=SusantVendorTest'))
- self.assertFalse(self.search_words_in_file('test-hostname'))
- self.assertFalse(self.search_words_in_file('26:mtu'))
+
+ self.assertFalse(self.search_words_in_dnsmasq_log('VendorClassIdentifier=SusantVendorTest', True))
+ self.assertFalse(self.search_words_in_dnsmasq_log('test-hostname'))
+ self.assertFalse(self.search_words_in_dnsmasq_log('26:mtu'))
def test_dhcp_client_listen_port(self):
self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-listen-port.network')
+
dh_server = DHCPServer("dhcp_server")
dh_server.start()
def test_dhcp_route_table_id(self):
self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-v4-server-veth-peer.network', 'dhcp-client-route-table.network')
self.start_networkd()
- self.start_dnsmasq()
self.assertTrue(self.link_exits('veth99'))
+ self.start_dnsmasq()
+
output = subprocess.check_output(['ip', 'route', 'show', 'table', '12']).rstrip().decode('utf-8')
print(output)
-
self.assertRegex(output, 'veth99 proto dhcp')
self.assertRegex(output, '192.168.5.1')
def test_dhcp_route_metric(self):
self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-v4-server-veth-peer.network', 'dhcp-client-route-metric.network')
self.start_networkd()
- self.start_dnsmasq()
self.assertTrue(self.link_exits('veth99'))
+ self.start_dnsmasq()
+
output = subprocess.check_output(['ip', 'route', 'show', 'dev', 'veth99']).rstrip().decode('utf-8')
print(output)
-
self.assertRegex(output, 'metric 24')
def test_dhcp_route_criticalconnection_true(self):
self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-v4-server-veth-peer.network', 'dhcp-client-critical-connection.network')
self.start_networkd()
- self.start_dnsmasq()
self.assertTrue(self.link_exits('veth99'))
+ self.start_dnsmasq()
+
output = subprocess.check_output(['networkctl', 'status', 'veth99']).rstrip().decode('utf-8')
print(output)
-
self.assertRegex(output, '192.168.5.*')
+
# Stoping dnsmasq as networkd won't be allowed to renew the DHCP lease.
self.stop_dnsmasq(dnsmasq_pid_file)
DOCKER_EXEC="${DOCKER_EXEC:-docker exec -it $CONT_NAME}"
DOCKER_RUN="${DOCKER_RUN:-docker run}"
REPO_ROOT="${REPO_ROOT:-$PWD}"
-ADDITIONAL_DEPS=(dnf-plugins-core python2 iputils hostname libasan python3-pyparsing python3-evdev libubsan clang)
+ADDITIONAL_DEPS=(dnf-plugins-core python2 iputils hostname libasan python3-pyparsing python3-evdev libubsan clang llvm)
function info() {
echo -e "\033[33;1m$1\033[0m"
$DOCKER_EXEC ninja -v -C build
$DOCKER_EXEC ninja -C build test
;;
- RUN_ASAN)
- $DOCKER_EXEC git clean -dxff
- $DOCKER_EXEC meson --werror -Dtests=unsafe -Db_sanitize=address,undefined build
+ RUN_ASAN|RUN_CLANG_ASAN)
+ if [[ "$phase" = "RUN_CLANG_ASAN" ]]; then
+ ENV_VARS="-e CC=clang -e CXX=clang++"
+ MESON_ARGS="-Db_lundef=false" # See https://github.com/mesonbuild/meson/issues/764
+ fi
+ docker exec $ENV_VARS -it $CONT_NAME meson --werror -Dtests=unsafe -Db_sanitize=address,undefined $MESON_ARGS build
$DOCKER_EXEC ninja -v -C build
# Never remove halt_on_error from UBSAN_OPTIONS. See https://github.com/systemd/systemd/commit/2614d83aa06592aedb.