From: Zbigniew Jędrzejewski-Szmek Date: Wed, 8 Jan 2020 08:58:57 +0000 (+0100) Subject: Merge pull request #14494 from poettering/container-interface X-Git-Tag: v245-rc1~172 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af6a2a1e57defc45656ace94837ad985d1aee462;hp=53dc5fbc41af3d558b5282ecaa049c31e2a0a296;p=thirdparty%2Fsystemd.git Merge pull request #14494 from poettering/container-interface Let's import the container interface description text from the fdo wiki --- diff --git a/man/systemd-networkd-wait-online.service.xml b/man/systemd-networkd-wait-online.service.xml index 51b865dc0b1..96fcb5fb48e 100644 --- a/man/systemd-networkd-wait-online.service.xml +++ b/man/systemd-networkd-wait-online.service.xml @@ -97,7 +97,7 @@ - SECS + SECS Fail the service if the network is not online by the time the timeout elapses. A timeout of 0 disables the diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml index 126be320f67..70b4b27d7b3 100644 --- a/man/systemd.net-naming-scheme.xml +++ b/man/systemd.net-naming-scheme.xml @@ -99,8 +99,8 @@ ID_NET_NAME_ONBOARD=prefixonumber - This name is set based on the ordering information given by the firmware for - on-board devices. The name consists of the prefix, letter o, and a number + This name is set based on the numeric ordering information given by the firmware + for on-board devices. The name consists of the prefix, letter o, and a number specified by the firmware. This is only available for PCI devices. @@ -108,8 +108,9 @@ ID_NET_LABEL_ONBOARD=prefix label - This property is set based on label given by the firmware for on-board devices. The - name consists of the prefix concatenated with the label. This is only available for PCI devices. + This property is set based on textual label given by the firmware for on-board + devices. The name consists of the prefix concatenated with the label. This is only available for + PCI devices. @@ -126,15 +127,15 @@ ID_NET_NAME_SLOT=prefix[Pdomain]sslot[ffunction][nport_name|ddev_port] + ID_NET_NAME_SLOT=prefixvslot ID_NET_NAME_SLOT=prefix[Pdomain]sslot[ffunction][nport_name|ddev_port]bnumber ID_NET_NAME_SLOT=prefix[Pdomain]sslot[ffunction][nport_name|ddev_port]uport…[cconfig][iinterface] ID_NET_NAME_SLOT=prefix[Pdomain]sslot[ffunction][nport_name|ddev_port]vslot This property describes the slot position. Different schemes are used depending on - the bus type, as described in the table below. In all cases, PCI slot information must be known. In - case of USB, BCMA, and SR-VIO devices, the full name consists of the prefix, PCI slot identifier, - and USB or BCMA or SR-VIO slot identifier. The first two parts are denoted as "…" in the table - below. + the bus type, as described in the table below. In case of USB, BCMA, and SR-VIO devices, the full + name consists of the prefix, PCI slot identifier, and USB or BCMA or SR-VIO slot identifier. The + first two parts are denoted as "…" in the table below. Slot naming schemes @@ -153,6 +154,11 @@ PCI slot number + + prefix vslot + VIO slot number (IBM PowerVM) + + … bnumber Broadcom bus (BCMA) core number @@ -182,11 +188,11 @@ For USB devices the full chain of port numbers of hubs is composed. If the name gets longer than the maximum number of 15 characters, the name is not exported. The usual USB configuration number 1 and interface number 0 values are suppressed. - SR-IOV virtual devices are named based on the name of the parent interface, with a suffix of v and the virtual device number, with any leading zeros removed. The bus - number is ignored. This device type is found in IBM PowerVMs. + number is ignored. + diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 4cd25201737..4299583fe7e 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -1216,7 +1216,9 @@ Gateway= - As in the [Network] section. + Takes the gateway address or special value dhcp. If + dhcp, then the gateway address provided by DHCP (or in the IPv6 case, + provided by IPv6 RA) is used. diff --git a/meson.build b/meson.build index 004f01521cb..3b3786bbdb5 100644 --- a/meson.build +++ b/meson.build @@ -2762,7 +2762,7 @@ if conf.get('ENABLE_NETWORKD') == 1 link_with : [libnetworkd_core, libsystemd_network, libudev_static, - libshared], + networkd_link_with], dependencies : [threads], install_rpath : rootlibexecdir, install : true, @@ -2772,7 +2772,7 @@ if conf.get('ENABLE_NETWORKD') == 1 systemd_networkd_wait_online_sources, include_directories : includes, link_with : [libnetworkd_core, - libshared], + networkd_link_with], install_rpath : rootlibexecdir, install : true, install_dir : rootlibexecdir) @@ -2781,7 +2781,7 @@ if conf.get('ENABLE_NETWORKD') == 1 networkctl_sources, include_directories : includes, link_with : [libsystemd_network, - libshared], + networkd_link_with], install_rpath : rootlibexecdir, install : true, install_dir : rootbindir) @@ -2790,7 +2790,7 @@ if conf.get('ENABLE_NETWORKD') == 1 executable('systemd-network-generator', network_generator_sources, include_directories : includes, - link_with : [libshared], + link_with : [networkd_link_with], install_rpath : rootlibexecdir, install : true, install_dir : rootlibexecdir) @@ -3296,6 +3296,7 @@ foreach tuple : [ ['trace logging', conf.get('LOG_TRACE') == 1], ['link-udev-shared', get_option('link-udev-shared')], ['link-systemctl-shared', get_option('link-systemctl-shared')], + ['link-networkd-shared', get_option('link-networkd-shared')], ] if tuple.length() >= 2 diff --git a/meson_options.txt b/meson_options.txt index 8a1143a7ec4..4d641c36712 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -16,6 +16,8 @@ option('link-udev-shared', type : 'boolean', description : 'link systemd-udev and its helpers to libsystemd-shared.so') option('link-systemctl-shared', type: 'boolean', description : 'link systemctl against libsystemd-shared.so') +option('link-networkd-shared', type: 'boolean', + description : 'link systemd-networkd and its helpers to libsystemd-shared.so') option('static-libsystemd', type : 'combo', choices : ['false', 'true', 'pic', 'no-pic'], description : '''install a static library for libsystemd''') diff --git a/shell-completion/zsh/_systemctl.in b/shell-completion/zsh/_systemctl.in index 67c1c2b327a..66bf03d0587 100644 --- a/shell-completion/zsh/_systemctl.in +++ b/shell-completion/zsh/_systemctl.in @@ -3,8 +3,10 @@ (( $+functions[_systemctl_commands] )) || _systemctl_commands() { - local -a _systemctl_cmds - _systemctl_cmds=( + local expl i + + local -a unit_commands=( + # Unit Commands "list-sockets:List sockets" "list-timers:List timers" "list-units:List units" @@ -16,9 +18,6 @@ "try-restart:Restart one or more units if active" "reload-or-restart:Reload one or more units if possible, otherwise start or restart" "force-reload:Reload one or more units if possible, otherwise restart if active" - "hibernate:Hibernate the system" - "hybrid-sleep:Hibernate and suspend the system" - "suspend-then-hibernate:Suspend the system for a period of time, and then hibernate it" "try-reload-or-restart:Reload one or more units if possible, otherwise restart if active" "isolate:Start one unit and stop all others" "kill:Send signal to processes of a unit" @@ -27,32 +26,64 @@ "status:Show runtime status of one or more units" "show:Show properties of one or more units/jobs or the manager" "cat:Show the source unit files and drop-ins" + "set-property:Sets one or more properties of a unit" + "help:Show documentation for specified units" "reset-failed:Reset failed state for all, one, or more units" + "list-dependencies:Show unit dependency tree" + "clean:Remove configuration, state, cache, logs or runtime data of units" + ) + + local -a machine_commands=( + # Machine Commands + "list-machines:List the host and all running local containers" + ) + + local -a unit_file_commands=( + # Unit File Commands "list-unit-files:List installed unit files" "enable:Enable one or more unit files" "disable:Disable one or more unit files" - "add-wants:Add Wants= dependencies to a unit" - "add-requires:Add Requires= dependencies to a unit" "reenable:Reenable one or more unit files" "preset:Enable/disable one or more unit files based on preset configuration" "preset-all:Enable/disable all unit files based on preset configuration" - "set-default:Set the default target" - "get-default:Query the default target" - "edit:Edit one or more unit files" - "is-system-running:Query overall status of the system" - "help:Show documentation for specified units" - "list-dependencies:Show unit dependency tree" + "is-enabled:Check whether unit files are enabled" "mask:Mask one or more units" "unmask:Unmask one or more units" "link:Link one or more units files into the search path" - "is-enabled:Check whether unit files are enabled" + "revert:Revert unit files to their vendor versions" + "add-wants:Add Wants= dependencies to a unit" + "add-requires:Add Requires= dependencies to a unit" + "set-default:Set the default target" + "get-default:Query the default target" + "edit:Edit one or more unit files" + ) + + local -a job_commands=( + # Job Commands "list-jobs:List jobs" "cancel:Cancel all, one, or more jobs" + ) + + local -a environment_commands=( + # Environment Commands "show-environment:Dump environment" "set-environment:Set one or more environment variables" "unset-environment:Unset one or more environment variables" + "import-environment:Import environment variables set on the client" + ) + + local -a manager_state_commands=( + # Manager State Commands "daemon-reload:Reload systemd manager configuration" "daemon-reexec:Reexecute systemd manager" + "log-level:Get or set the log level" + "log-target:Get or set the log target" + "service-watchdogs:Get or set the state of software watchdogs" + ) + + local -a system_commands=( + # System Commands + "is-system-running:Query overall status of the system" "default:Enter system default mode" "rescue:Enter system rescue mode" "emergency:Enter system emergency mode" @@ -63,14 +94,29 @@ "kexec:Shut down and reboot the system with kexec" "exit:Ask for user instance termination" "switch-root:Change root directory" - "revert:Revert unit files to their vendor versions" - "set-property:Sets one or more properties of a unit" + "hibernate:Hibernate the system" + "hybrid-sleep:Hibernate and suspend the system" + "suspend-then-hibernate:Suspend the system for a period of time, and then hibernate it" ) + local -a groups=( unit machine unit_file job environment manager_state system ) + local -a _systemctl_cmds + for i in $groups; do + _systemctl_cmds+=( "${(@P)${:-"${i}_commands"}}" ) + done + if (( CURRENT == 1 )); then - _describe -t commands 'systemctl command' _systemctl_cmds || compadd "$@" + _tags ${^groups//_/-}-commands + while _tags; do + for i in $groups; do + if _requested ${i//_/-}-commands; then + _describe -t ${i//_/-}-commands "${i//_/ } command" ${i}_commands \ + && ret=0 + fi + done + done else - local curcontext="$curcontext" expl + local curcontext="$curcontext" cmd="${${_systemctl_cmds[(r)$words[1]:*]%%:*}}" # Deal with any aliases diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c index 457280df9fe..dc625119355 100644 --- a/src/basic/locale-util.c +++ b/src/basic/locale-util.c @@ -342,12 +342,11 @@ const char *special_glyph(SpecialGlyph code) { [SPECIAL_GLYPH_TRIANGULAR_BULLET] = ">", [SPECIAL_GLYPH_BLACK_CIRCLE] = "*", [SPECIAL_GLYPH_BULLET] = "*", - [SPECIAL_GLYPH_ARROW] = "->", - [SPECIAL_GLYPH_MDASH] = "-", - [SPECIAL_GLYPH_ELLIPSIS] = "...", [SPECIAL_GLYPH_MU] = "u", [SPECIAL_GLYPH_CHECK_MARK] = "+", [SPECIAL_GLYPH_CROSS_MARK] = "-", + [SPECIAL_GLYPH_ARROW] = "->", + [SPECIAL_GLYPH_ELLIPSIS] = "...", [SPECIAL_GLYPH_ECSTATIC_SMILEY] = ":-]", [SPECIAL_GLYPH_HAPPY_SMILEY] = ":-}", [SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY] = ":-)", @@ -359,26 +358,34 @@ const char *special_glyph(SpecialGlyph code) { /* UTF-8 */ [true] = { + /* The following are multiple glyphs in both ASCII and in UNICODE */ [SPECIAL_GLYPH_TREE_VERTICAL] = "\342\224\202 ", /* │ */ [SPECIAL_GLYPH_TREE_BRANCH] = "\342\224\234\342\224\200", /* ├─ */ [SPECIAL_GLYPH_TREE_RIGHT] = "\342\224\224\342\224\200", /* └─ */ [SPECIAL_GLYPH_TREE_SPACE] = " ", /* */ + + /* Single glyphs in both cases */ [SPECIAL_GLYPH_TRIANGULAR_BULLET] = "\342\200\243", /* ‣ */ [SPECIAL_GLYPH_BLACK_CIRCLE] = "\342\227\217", /* ● */ [SPECIAL_GLYPH_BULLET] = "\342\200\242", /* • */ - [SPECIAL_GLYPH_ARROW] = "\342\206\222", /* → */ - [SPECIAL_GLYPH_MDASH] = "\342\200\223", /* – */ - [SPECIAL_GLYPH_ELLIPSIS] = "\342\200\246", /* … */ - [SPECIAL_GLYPH_MU] = "\316\274", /* μ */ + [SPECIAL_GLYPH_MU] = "\316\274", /* μ (actually called: GREEK SMALL LETTER MU) */ [SPECIAL_GLYPH_CHECK_MARK] = "\342\234\223", /* ✓ */ - [SPECIAL_GLYPH_CROSS_MARK] = "\342\234\227", /* ✗ */ - [SPECIAL_GLYPH_ECSTATIC_SMILEY] = "\360\237\230\207", /* 😇 */ - [SPECIAL_GLYPH_HAPPY_SMILEY] = "\360\237\230\200", /* 😀 */ - [SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY] = "\360\237\231\202", /* 🙂 */ - [SPECIAL_GLYPH_NEUTRAL_SMILEY] = "\360\237\230\220", /* 😐 */ - [SPECIAL_GLYPH_SLIGHTLY_UNHAPPY_SMILEY] = "\360\237\231\201", /* 🙁 */ - [SPECIAL_GLYPH_UNHAPPY_SMILEY] = "\360\237\230\250", /* 😨 */ - [SPECIAL_GLYPH_DEPRESSED_SMILEY] = "\360\237\244\242", /* 🤢 */ + [SPECIAL_GLYPH_CROSS_MARK] = "\342\234\227", /* ✗ (actually called: BALLOT X) */ + + /* Single glyph in Unicode, two in ASCII */ + [SPECIAL_GLYPH_ARROW] = "\342\206\222", /* → (actually called: RIGHTWARDS ARROW) */ + + /* Single glyph in Unicode, three in ASCII */ + [SPECIAL_GLYPH_ELLIPSIS] = "\342\200\246", /* … (actually called: HORIZONTAL ELLIPSIS) */ + + /* These smileys are a single glyph in Unicode, and three in ASCII */ + [SPECIAL_GLYPH_ECSTATIC_SMILEY] = "\360\237\230\207", /* 😇 (actually called: SMILING FACE WITH HALO) */ + [SPECIAL_GLYPH_HAPPY_SMILEY] = "\360\237\230\200", /* 😀 (actually called: GRINNING FACE) */ + [SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY] = "\360\237\231\202", /* 🙂 (actually called: SLIGHTLY SMILING FACE) */ + [SPECIAL_GLYPH_NEUTRAL_SMILEY] = "\360\237\230\220", /* 😐 (actually called: NEUTRAL FACE) */ + [SPECIAL_GLYPH_SLIGHTLY_UNHAPPY_SMILEY] = "\360\237\231\201", /* 🙁 (actually called: SLIGHTLY FROWNING FACE) */ + [SPECIAL_GLYPH_UNHAPPY_SMILEY] = "\360\237\230\250", /* 😨 (actually called: FEARFUL FACE) */ + [SPECIAL_GLYPH_DEPRESSED_SMILEY] = "\360\237\244\242", /* 🤢 (actually called: NAUSEATED FACE) */ }, }; diff --git a/src/basic/locale-util.h b/src/basic/locale-util.h index 78abbafd8f0..1df8ac4cb0c 100644 --- a/src/basic/locale-util.h +++ b/src/basic/locale-util.h @@ -46,12 +46,11 @@ typedef enum { SPECIAL_GLYPH_TRIANGULAR_BULLET, SPECIAL_GLYPH_BLACK_CIRCLE, SPECIAL_GLYPH_BULLET, - SPECIAL_GLYPH_ARROW, - SPECIAL_GLYPH_MDASH, - SPECIAL_GLYPH_ELLIPSIS, SPECIAL_GLYPH_MU, SPECIAL_GLYPH_CHECK_MARK, SPECIAL_GLYPH_CROSS_MARK, + SPECIAL_GLYPH_ARROW, + SPECIAL_GLYPH_ELLIPSIS, _SPECIAL_GLYPH_FIRST_SMILEY, SPECIAL_GLYPH_ECSTATIC_SMILEY = _SPECIAL_GLYPH_FIRST_SMILEY, SPECIAL_GLYPH_HAPPY_SMILEY, diff --git a/src/basic/virt.c b/src/basic/virt.c index 6ba880dbc4a..12bf77e7013 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -20,29 +20,28 @@ #include "string-util.h" #include "virt.h" +static const char *const vm_table[_VIRTUALIZATION_MAX] = { + [VIRTUALIZATION_XEN] = "XenVMMXenVMM", + [VIRTUALIZATION_KVM] = "KVMKVMKVM", + [VIRTUALIZATION_QEMU] = "TCGTCGTCGTCG", + /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */ + [VIRTUALIZATION_VMWARE] = "VMwareVMware", + /* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */ + [VIRTUALIZATION_MICROSOFT] = "Microsoft Hv", + /* https://wiki.freebsd.org/bhyve */ + [VIRTUALIZATION_BHYVE] = "bhyve bhyve ", + [VIRTUALIZATION_QNX] = "QNXQVMBSQG", + /* https://projectacrn.org */ + [VIRTUALIZATION_ACRN] = "ACRNACRNACRN", +}; + +DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(vm, int); + static int detect_vm_cpuid(void) { /* CPUID is an x86 specific interface. */ #if defined(__i386__) || defined(__x86_64__) - static const struct { - const char *cpuid; - int id; - } cpuid_vendor_table[] = { - { "XenVMMXenVMM", VIRTUALIZATION_XEN }, - { "KVMKVMKVM", VIRTUALIZATION_KVM }, - { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU }, - /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */ - { "VMwareVMware", VIRTUALIZATION_VMWARE }, - /* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */ - { "Microsoft Hv", VIRTUALIZATION_MICROSOFT }, - /* https://wiki.freebsd.org/bhyve */ - { "bhyve bhyve ", VIRTUALIZATION_BHYVE }, - { "QNXQVMBSQG", VIRTUALIZATION_QNX }, - /* https://projectacrn.org */ - { "ACRNACRNACRN", VIRTUALIZATION_ACRN }, - }; - uint32_t eax, ebx, ecx, edx; bool hypervisor; @@ -59,7 +58,7 @@ static int detect_vm_cpuid(void) { uint32_t sig32[3]; char text[13]; } sig = {}; - unsigned j; + int v; /* There is a hypervisor, see what it is */ __cpuid(0x40000000U, eax, ebx, ecx, edx); @@ -70,11 +69,11 @@ static int detect_vm_cpuid(void) { log_debug("Virtualization found, CPUID=%s", sig.text); - for (j = 0; j < ELEMENTSOF(cpuid_vendor_table); j ++) - if (streq(sig.text, cpuid_vendor_table[j].cpuid)) - return cpuid_vendor_table[j].id; + v = vm_from_string(sig.text); + if (v < 0) + return VIRTUALIZATION_VM_OTHER; - return VIRTUALIZATION_VM_OTHER; + return v; } #endif log_debug("No virtualization found in CPUID"); @@ -142,7 +141,7 @@ static int detect_vm_dmi(void) { int id; } dmi_vendor_table[] = { { "KVM", VIRTUALIZATION_KVM }, - { "QEMU", VIRTUALIZATION_QEMU }, + { "QEMU", VIRTUALIZATION_QEMU }, { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ { "VMW", VIRTUALIZATION_VMWARE }, { "innotek GmbH", VIRTUALIZATION_ORACLE }, @@ -432,25 +431,23 @@ finish: return r; } -int detect_container(void) { - static const struct { - const char *value; - int id; - } value_table[] = { - { "lxc", VIRTUALIZATION_LXC }, - { "lxc-libvirt", VIRTUALIZATION_LXC_LIBVIRT }, - { "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN }, - { "docker", VIRTUALIZATION_DOCKER }, - { "podman", VIRTUALIZATION_PODMAN }, - { "rkt", VIRTUALIZATION_RKT }, - { "wsl", VIRTUALIZATION_WSL }, - }; +static const char *const container_table[_VIRTUALIZATION_MAX] = { + [VIRTUALIZATION_LXC] = "lxc", + [VIRTUALIZATION_LXC_LIBVIRT] = "lxc-libvirt", + [VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn", + [VIRTUALIZATION_DOCKER] = "docker", + [VIRTUALIZATION_PODMAN] = "podman", + [VIRTUALIZATION_RKT] = "rkt", + [VIRTUALIZATION_WSL] = "wsl", +}; + +DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(container, int); +int detect_container(void) { static thread_local int cached_found = _VIRTUALIZATION_INVALID; _cleanup_free_ char *m = NULL; _cleanup_free_ char *o = NULL; const char *e = NULL; - unsigned j; int r; if (cached_found >= 0) @@ -532,13 +529,9 @@ int detect_container(void) { goto finish; translate_name: - for (j = 0; j < ELEMENTSOF(value_table); j++) - if (streq(e, value_table[j].value)) { - r = value_table[j].id; - goto finish; - } - - r = VIRTUALIZATION_CONTAINER_OTHER; + r = container_from_string(e); + if (r < 0) + r = VIRTUALIZATION_CONTAINER_OTHER; finish: log_debug("Found container virtualization %s.", virtualization_to_string(r)); diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index 84293364b47..e1a1a685279 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -1958,7 +1958,7 @@ static VOID config_entry_add_linux( continue; } - if (strcmpa((CHAR8 *)"VERSION_ID", key) == 0) { + if (strcmpa((CHAR8 *)"VERSION", key) == 0) { FreePool(os_version); os_version = stra_to_str(value); continue; diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c index 4aac903aa6c..af3bd234504 100644 --- a/src/gpt-auto-generator/gpt-auto-generator.c +++ b/src/gpt-auto-generator/gpt-auto-generator.c @@ -443,6 +443,19 @@ static int add_automount( return generator_add_symlink(arg_dest, SPECIAL_LOCAL_FS_TARGET, "wants", unit); } +static const char *esp_or_xbootldr_options(const DissectedPartition *p) { + assert(p); + + /* if we probed vfat or have no idea about the file system then assume these file systems are vfat + * and thus understand "umask=0077". If we detected something else then don't specify any options and + * use kernel defaults. */ + + if (!p->fstype || streq(p->fstype, "vfat")) + return "umask=0077"; + + return NULL; +} + static int add_xbootldr(DissectedPartition *p) { int r; @@ -472,7 +485,7 @@ static int add_xbootldr(DissectedPartition *p) { "/boot", p->fstype, true, - "umask=0077", + esp_or_xbootldr_options(p), "Boot Loader Partition", 120 * USEC_PER_SEC); } @@ -546,7 +559,7 @@ static int add_esp(DissectedPartition *p, bool has_xbootldr) { esp_path, p->fstype, true, - "umask=0077", + esp_or_xbootldr_options(p), "EFI System Partition Automount", 120 * USEC_PER_SEC); } diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c index aa10d0c3a42..a91db5df5f1 100644 --- a/src/libsystemd/sd-netlink/netlink-util.c +++ b/src/libsystemd/sd-netlink/netlink-util.c @@ -124,6 +124,49 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const return 0; } +int rtnl_set_link_alternative_names_by_ifname(sd_netlink **rtnl, const char *ifname, char * const *alternative_names) { + _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL; + int r; + + assert(rtnl); + assert(ifname); + + if (strv_isempty(alternative_names)) + return 0; + + if (!*rtnl) { + r = sd_netlink_open(rtnl); + if (r < 0) + return r; + } + + r = sd_rtnl_message_new_link(*rtnl, &message, RTM_NEWLINKPROP, 0); + if (r < 0) + return r; + + r = sd_netlink_message_append_string(message, IFLA_IFNAME, ifname); + if (r < 0) + return r; + + r = sd_netlink_message_open_container(message, IFLA_PROP_LIST); + if (r < 0) + return r; + + r = sd_netlink_message_append_strv(message, IFLA_ALT_IFNAME, alternative_names); + if (r < 0) + return r; + + r = sd_netlink_message_close_container(message); + if (r < 0) + return r; + + r = sd_netlink_call(*rtnl, message, 0, NULL); + if (r < 0) + return r; + + return 0; +} + int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret) { _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL; int r; diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h index 17827868411..7b007a61c23 100644 --- a/src/libsystemd/sd-netlink/netlink-util.h +++ b/src/libsystemd/sd-netlink/netlink-util.h @@ -50,6 +50,7 @@ static inline bool rtnl_message_type_is_qdisc(uint16_t type) { int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name); int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu); int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names); +int rtnl_set_link_alternative_names_by_ifname(sd_netlink **rtnl, const char *ifname, char * const *alternative_names); int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret); int rtnl_log_parse_error(int r); diff --git a/src/libsystemd/sd-netlink/rtnl-message.c b/src/libsystemd/sd-netlink/rtnl-message.c index 71d2bf0f8b7..182a6667460 100644 --- a/src/libsystemd/sd-netlink/rtnl-message.c +++ b/src/libsystemd/sd-netlink/rtnl-message.c @@ -512,8 +512,8 @@ int sd_rtnl_message_new_link(sd_netlink *rtnl, sd_netlink_message **ret, if (nlmsg_type == RTM_NEWLINK) (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL; - else if (nlmsg_type == RTM_NEWLINK) - (*ret)->hdr->nlmsg_flags |= NLM_F_EXCL | NLM_F_CREATE | NLM_F_APPEND; + else if (nlmsg_type == RTM_NEWLINKPROP) + (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL | NLM_F_APPEND; ifi = NLMSG_DATA((*ret)->hdr); diff --git a/src/login/71-seat.rules.in b/src/login/71-seat.rules.in index 2bbd18363e6..2a9ddb93aa7 100644 --- a/src/login/71-seat.rules.in +++ b/src/login/71-seat.rules.in @@ -32,9 +32,12 @@ SUBSYSTEM=="pci", ENV{ID_PCI_CLASS_FROM_DATABASE}=="Display controller", \ SUBSYSTEM=="drm", KERNEL=="card[0-9]*", TAG+="seat", TAG+="master-of-seat" SUBSYSTEM=="usb", ATTR{bDeviceClass}=="09", TAG+="seat" -# 'Plugable' USB hub, sound, network, graphics adapter +# 'Plugable UD-160' USB hub, sound, network, graphics adapter SUBSYSTEM=="usb", ATTR{idVendor}=="2230", ATTR{idProduct}=="000[13]", ENV{ID_AUTOSEAT}="1" +# 'Plugable UD-PRO8' USB hub, sound, network, graphics adapter +SUBSYSTEM=="usb", ATTR{idVendor}=="1a40", ATTR{idProduct}=="0201", ENV{ID_AUTOSEAT}="1" + # qemu (version 2.4+) has a PCI-PCI bridge (-device pci-bridge-seat) to group # devices belonging to one seat. See: # http://git.qemu.org/?p=qemu.git;a=blob;f=docs/multiseat.txt diff --git a/src/network/meson.build b/src/network/meson.build index 8b9ab8e9eb3..7cb1bb5a388 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -146,6 +146,15 @@ network_generator_sources = files(''' network_include_dir = [includes, include_directories(['.', 'netdev', 'tc'])] if conf.get('ENABLE_NETWORKD') == 1 + if get_option('link-networkd-shared') + networkd_link_with = [libshared] + else + networkd_link_with = [libsystemd_static, + libshared_static, + libjournal_client, + libbasic_gcrypt] + endif + networkd_gperf_c = custom_target( 'networkd-gperf.c', input : 'networkd-gperf.gperf', @@ -172,7 +181,7 @@ if conf.get('ENABLE_NETWORKD') == 1 networkd_network_gperf_c, netdev_gperf_c, include_directories : network_include_dir, - link_with : [libshared]) + link_with : [networkd_link_with]) install_data('org.freedesktop.network1.conf', install_dir : dbuspolicydir) @@ -198,7 +207,7 @@ if conf.get('ENABLE_NETWORKD') == 1 [libnetworkd_core, libudev_static, libsystemd_network, - libshared], + networkd_link_with], [threads], [], network_include_dir], @@ -208,7 +217,7 @@ if conf.get('ENABLE_NETWORKD') == 1 [libnetworkd_core, libudev_static, libsystemd_network, - libshared], + networkd_link_with], [threads], [], network_include_dir], @@ -225,7 +234,7 @@ if conf.get('ENABLE_NETWORKD') == 1 [libnetworkd_core, libudev_static, libsystemd_network, - libshared], + networkd_link_with], [threads], '', '', [], network_include_dir], @@ -239,17 +248,16 @@ if conf.get('ENABLE_NETWORKD') == 1 test_tables_h], [libnetworkd_core, libudev_static, - libudev_core, libsystemd_network, - libshared], + networkd_link_with], [threads], '', '', [], - [network_include_dir] + libudev_core_includes], + [network_include_dir]], [['src/network/generator/test-network-generator.c', 'src/network/generator/network-generator.c', 'src/network/generator/network-generator.h'], - [libshared], + [networkd_link_with], [], '', '', [], network_include_dir], ] endif diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c index 66d83e76bfa..70377ad6bb5 100644 --- a/src/network/networkd-dhcp4.c +++ b/src/network/networkd-dhcp4.c @@ -377,6 +377,23 @@ static int link_set_dhcp_routes(Link *link) { return log_link_error_errno(link, r, "Could not set router: %m"); } + Route *rt; + LIST_FOREACH(routes, rt, link->network->static_routes) { + if (!rt->gateway_from_dhcp) + continue; + + if (rt->family != AF_INET) + continue; + + rt->gw.in = router[0]; + + r = route_configure(rt, link, dhcp4_route_handler); + if (r < 0) + return log_link_error_errno(link, r, "Could not set gateway: %m"); + if (r > 0) + link->dhcp4_messages++; + } + return link_set_dns_routes(link, &address); } @@ -480,6 +497,20 @@ static int dhcp_remove_router(Link *link, sd_dhcp_lease *lease, const struct in_ if (remove_all || !set_contains(link->dhcp_routes, route)) (void) route_remove(route, link, NULL); + Route *rt; + LIST_FOREACH(routes, rt, link->network->static_routes) { + if (!rt->gateway_from_dhcp) + continue; + + if (rt->family != AF_INET) + continue; + + if (!remove_all && in4_addr_equal(router, &rt->gw.in)) + continue; + + (void) route_remove(rt, link, NULL); + } + return 0; } diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index 23d0ee675b0..f2027057c44 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1039,6 +1039,8 @@ int link_request_set_routes(Link *link) { /* First add the routes that enable us to talk to gateways, then add in the others that need a gateway. */ for (phase = 0; phase < _PHASE_MAX; phase++) LIST_FOREACH(routes, rt, link->network->static_routes) { + if (rt->gateway_from_dhcp) + continue; if ((in_addr_is_null(rt->family, &rt->gw) && ordered_set_isempty(rt->multipath_routes)) != (phase == PHASE_NON_GATEWAY)) continue; diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c index f4e4162cf12..380f5c1c61f 100644 --- a/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c @@ -695,8 +695,8 @@ int manager_rtnl_process_neighbor(sd_netlink *rtnl, sd_netlink_message *message, strnull(addr_str), strnull(lladdr_str)); (void) neighbor_free(neighbor); } else - log_link_info(link, "Kernel removed a neighbor we don't remember: %s->%s, ignoring.", - strnull(addr_str), strnull(lladdr_str)); + log_link_debug(link, "Kernel removed a neighbor we don't remember: %s->%s, ignoring.", + strnull(addr_str), strnull(lladdr_str)); break; @@ -855,9 +855,9 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, valid_str ? "for " : "forever", strempty(valid_str)); (void) address_drop(address); } else - log_link_info(link, "Kernel removed an address we don't remember: %s/%u (valid %s%s), ignoring.", - strnull(buf), prefixlen, - valid_str ? "for " : "forever", strempty(valid_str)); + log_link_debug(link, "Kernel removed an address we don't remember: %s/%u (valid %s%s), ignoring.", + strnull(buf), prefixlen, + valid_str ? "for " : "forever", strempty(valid_str)); break; diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index d1db9e4931c..fb3d6f2a841 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -169,6 +169,26 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { if (r > 0) link->ndisc_messages++; + Route *route_gw; + LIST_FOREACH(routes, route_gw, link->network->static_routes) { + if (!route_gw->gateway_from_dhcp) + continue; + + if (route_gw->family != AF_INET6) + continue; + + route_gw->gw = gateway; + + r = route_configure(route_gw, link, ndisc_netlink_route_message_handler); + if (r < 0) { + log_link_error_errno(link, r, "Could not set gateway: %m"); + link_enter_failed(link); + return r; + } + if (r > 0) + link->ndisc_messages++; + } + return 0; } diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c index ecc8d219b7d..4e90fdef185 100644 --- a/src/network/networkd-route.c +++ b/src/network/networkd-route.c @@ -998,10 +998,19 @@ int config_parse_gateway( /* we are not in an Route section, so treat * this as the special '0' section */ r = route_new_static(network, NULL, 0, &n); - } else + if (r < 0) + return r; + } else { r = route_new_static(network, filename, section_line, &n); - if (r < 0) - return r; + if (r < 0) + return r; + + if (streq(rvalue, "dhcp")) { + n->gateway_from_dhcp = true; + TAKE_PTR(n); + return 0; + } + } if (n->family == AF_UNSPEC) r = in_addr_from_string_auto(rvalue, &n->family, &n->gw); diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h index 91bba368ee2..067c65f2f78 100644 --- a/src/network/networkd-route.h +++ b/src/network/networkd-route.h @@ -48,6 +48,7 @@ struct Route { unsigned char pref; unsigned flags; int gateway_onlink; + bool gateway_from_dhcp; union in_addr_union gw; union in_addr_union dst; diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index f423f625905..6afc31d824b 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -989,6 +989,19 @@ int mount_custom( return 0; } +bool has_custom_root_mount(const CustomMount *mounts, size_t n) { + size_t i; + + for (i = 0; i < n; i++) { + const CustomMount *m = mounts + i; + + if (path_equal(m->destination, "/")) + return true; + } + + return false; +} + static int setup_volatile_state(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) { _cleanup_free_ char *buf = NULL; diff --git a/src/nspawn/nspawn-mount.h b/src/nspawn/nspawn-mount.h index aabc9e29bef..680ff350e5d 100644 --- a/src/nspawn/nspawn-mount.h +++ b/src/nspawn/nspawn-mount.h @@ -55,6 +55,7 @@ int mount_all(const char *dest, MountSettingsMask mount_settings, uid_t uid_shif int mount_sysfs(const char *dest, MountSettingsMask mount_settings); int mount_custom(const char *dest, CustomMount *mounts, size_t n, uid_t uid_shift, const char *selinux_apifs_context, MountSettingsMask mount_settings); +bool has_custom_root_mount(const CustomMount *mounts, size_t n); int setup_volatile_mode(const char *directory, VolatileMode mode, uid_t uid_shift, const char *selinux_apifs_context); diff --git a/src/nspawn/nspawn-network.c b/src/nspawn/nspawn-network.c index e91a9d36bf3..9c9cf4812e8 100644 --- a/src/nspawn/nspawn-network.c +++ b/src/nspawn/nspawn-network.c @@ -1,5 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1+ */ +#include +#include #include #include @@ -99,10 +101,34 @@ static int generate_mac( return 0; } +static int set_alternative_ifname(sd_netlink *rtnl, const char *ifname, const char *altifname) { + int r; + + assert(rtnl); + assert(ifname); + + if (!altifname) + return 0; + + if (strlen(altifname) >= ALTIFNAMSIZ) + return log_warning_errno(SYNTHETIC_ERRNO(ERANGE), + "Alternative interface name '%s' for '%s' is too long, ignoring", + altifname, ifname); + + r = rtnl_set_link_alternative_names_by_ifname(&rtnl, ifname, STRV_MAKE(altifname)); + if (r < 0) + return log_warning_errno(r, + "Failed to set alternative interface name '%s' to '%s', ignoring: %m", + altifname, ifname); + + return 0; +} + static int add_veth( sd_netlink *rtnl, pid_t pid, const char *ifname_host, + const char *altifname_host, const struct ether_addr *mac_host, const char *ifname_container, const struct ether_addr *mac_container) { @@ -168,6 +194,8 @@ static int add_veth( if (r < 0) return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container); + (void) set_alternative_ifname(rtnl, ifname_host, altifname_host); + return 0; } @@ -181,13 +209,13 @@ static char urlsafe_base64char(int x) { return table[x & 63]; } -static void shorten_ifname(char *ifname) { +static int shorten_ifname(char *ifname) { char new_ifname[IFNAMSIZ]; assert(ifname); if (strlen(ifname) < IFNAMSIZ) /* Name is short enough */ - return; + return 0; if (naming_scheme_has(NAMING_NSPAWN_LONG_HASH)) { uint64_t h; @@ -211,6 +239,7 @@ static void shorten_ifname(char *ifname) { log_warning("Network interface name '%s' has been changed to '%s' to fit length constraints.", ifname, new_ifname); strcpy(ifname, new_ifname); + return 1; } int setup_veth(const char *machine_name, @@ -221,7 +250,7 @@ int setup_veth(const char *machine_name, _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; struct ether_addr mac_host, mac_container; unsigned u; - char *n; + char *n, *a = NULL; int r; assert(machine_name); @@ -231,7 +260,9 @@ int setup_veth(const char *machine_name, /* Use two different interface name prefixes depending whether * we are in bridge mode or not. */ n = strjoina(bridge ? "vb-" : "ve-", machine_name); - shorten_ifname(n); + r = shorten_ifname(n); + if (r > 0) + a = strjoina(bridge ? "vb-" : "ve-", machine_name); r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0); if (r < 0) @@ -245,7 +276,7 @@ int setup_veth(const char *machine_name, if (r < 0) return log_error_errno(r, "Failed to connect to netlink: %m"); - r = add_veth(rtnl, pid, n, &mac_host, "host0", &mac_container); + r = add_veth(rtnl, pid, n, a, &mac_host, "host0", &mac_container); if (r < 0) return r; @@ -288,7 +319,7 @@ int setup_veth_extra( if (r < 0) return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m"); - r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container); + r = add_veth(rtnl, pid, *a, NULL, &mac_host, *b, &mac_container); if (r < 0) return r; @@ -536,7 +567,7 @@ int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) { STRV_FOREACH(i, ifaces) { _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; - _cleanup_free_ char *n = NULL; + _cleanup_free_ char *n = NULL, *a = NULL; struct ether_addr mac; int ifi; @@ -560,7 +591,12 @@ int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) { if (!n) return log_oom(); - shorten_ifname(n); + r = shorten_ifname(n); + if (r > 0) { + a = strjoin("mv-", *i); + if (!a) + return log_oom(); + } r = sd_netlink_message_append_string(m, IFLA_IFNAME, n); if (r < 0) @@ -597,6 +633,8 @@ int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) { r = sd_netlink_call(rtnl, m, 0, NULL); if (r < 0) return log_error_errno(r, "Failed to add new macvlan interfaces: %m"); + + (void) set_alternative_ifname(rtnl, n, a); } return 0; @@ -616,7 +654,7 @@ int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) { STRV_FOREACH(i, ifaces) { _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; - _cleanup_free_ char *n = NULL; + _cleanup_free_ char *n = NULL, *a = NULL; int ifi; ifi = parse_interface(*i); @@ -635,7 +673,12 @@ int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) { if (!n) return log_oom(); - shorten_ifname(n); + r = shorten_ifname(n); + if (r > 0) { + a = strjoin("iv-", *i); + if (!a) + return log_oom(); + } r = sd_netlink_message_append_string(m, IFLA_IFNAME, n); if (r < 0) @@ -668,6 +711,8 @@ int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) { r = sd_netlink_call(rtnl, m, 0, NULL); if (r < 0) return log_error_errno(r, "Failed to add new ipvlan interfaces: %m"); + + (void) set_alternative_ifname(rtnl, n, a); } return 0; diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 32294ed0029..791bdd35321 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1541,6 +1541,9 @@ static int verify_arguments(void) { if (arg_volatile_mode != VOLATILE_NO) /* Make sure all file systems contained in the image are mounted read-only if we are in volatile mode */ arg_read_only = true; + if (has_custom_root_mount(arg_custom_mounts, arg_n_custom_mounts)) + arg_read_only = true; + if (arg_keep_unit && arg_register && cg_pid_get_owner_uid(0, NULL) >= 0) /* Save the user from accidentally registering either user-$SESSION.scope or user@.service. * The latter is not technically a user session, but we don't need to labour the point. */ @@ -3438,7 +3441,8 @@ static int outer_child( if (r < 0) return r; - if (arg_read_only && arg_volatile_mode == VOLATILE_NO) { + if (arg_read_only && arg_volatile_mode == VOLATILE_NO && + !has_custom_root_mount(arg_custom_mounts, arg_n_custom_mounts)) { r = bind_remount_recursive(directory, MS_RDONLY, MS_RDONLY, NULL); if (r < 0) return log_error_errno(r, "Failed to make tree read-only: %m"); diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c index fac98ad0ead..3fcd7630db6 100644 --- a/src/shared/pkcs11-util.c +++ b/src/shared/pkcs11-util.c @@ -218,7 +218,7 @@ int pkcs11_token_login( r = asprintf(&text, "Please enter correct PIN for security token '%s' in order to unlock %s (final try):", token_label, friendly_name); - if (FLAGS_SET(token_info->flags, CKF_USER_PIN_COUNT_LOW)) + else if (FLAGS_SET(token_info->flags, CKF_USER_PIN_COUNT_LOW)) r = asprintf(&text, "PIN has been entered incorrectly previously, please enter correct PIN for security token '%s' in order to unlock %s:", token_label, friendly_name); diff --git a/src/test/test-locale-util.c b/src/test/test-locale-util.c index 28d90be8964..f49cc6371ef 100644 --- a/src/test/test-locale-util.c +++ b/src/test/test-locale-util.c @@ -81,7 +81,6 @@ static void dump_special_glyphs(void) { dump_glyph(SPECIAL_GLYPH_BLACK_CIRCLE); dump_glyph(SPECIAL_GLYPH_BULLET); dump_glyph(SPECIAL_GLYPH_ARROW); - dump_glyph(SPECIAL_GLYPH_MDASH); dump_glyph(SPECIAL_GLYPH_ELLIPSIS); dump_glyph(SPECIAL_GLYPH_MU); dump_glyph(SPECIAL_GLYPH_CHECK_MARK); diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c index e94fff2520c..169d6ce8f7c 100644 --- a/src/udev/udev-builtin-net_id.c +++ b/src/udev/udev-builtin-net_id.c @@ -330,8 +330,9 @@ static int dev_pci_slot(sd_device *dev, struct netnames *names) { char str[PATH_MAX]; _cleanup_free_ char *address = NULL; - if (dent->d_name[0] == '.') + if (dot_or_dot_dot(dent->d_name)) continue; + r = safe_atou_full(dent->d_name, 10, &i); if (r < 0 || i <= 0) continue; diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c index 6168b332d3b..b9b350d1ef7 100644 --- a/src/udev/udev-rules.c +++ b/src/udev/udev-rules.c @@ -1654,7 +1654,7 @@ static int udev_rule_apply_token_to_event( if (mode == MODE_INVALID) return token->op == OP_MATCH; - match = (((statbuf.st_mode ^ mode) & 07777) == 0); + match = (statbuf.st_mode & mode) > 0; return token->op == (match ? OP_MATCH : OP_NOMATCH); } case TK_M_PROGRAM: { diff --git a/test/TEST-43-PRIVATEUSER-UNPRIV/test.sh b/test/TEST-43-PRIVATEUSER-UNPRIV/test.sh index 49d61c6a7f9..fe20114756b 100755 --- a/test/TEST-43-PRIVATEUSER-UNPRIV/test.sh +++ b/test/TEST-43-PRIVATEUSER-UNPRIV/test.sh @@ -15,20 +15,23 @@ test_setup() { mask_supporting_services - usermod --root $initdir -d /home/nobody -s /bin/bash nobody - mkdir $initdir/home $initdir/home/nobody - # Ubuntu's equivalent is nogroup - chown nobody:nobody $initdir/home/nobody || chown nobody:nogroup $initdir/home/nobody + # Allocate user for running test case under + mkdir -p $initdir/etc/sysusers.d + cat >$initdir/etc/sysusers.d/testuser.conf <$initdir/etc/systemd/system/testsuite.service <