#include "apparmor-util.h"
#include "architecture.h"
#include "audit-util.h"
+#include "battery-util.h"
#include "blockdev-util.h"
#include "cap-list.h"
#include "cgroup-util.h"
#include "compare-operator.h"
#include "condition.h"
+#include "confidential-virt.h"
#include "cpu-set-util.h"
#include "creds-util.h"
#include "efi-api.h"
+#include "efi-loader.h"
#include "env-file.h"
#include "env-util.h"
#include "extract-word.h"
#include "string-util.h"
#include "tomoyo-util.h"
#include "tpm2-util.h"
-#include "udev-util.h"
-#include "uid-alloc-range.h"
+#include "uid-classification.h"
#include "user-util.h"
#include "virt.h"
}
static int condition_test_credential(Condition *c, char **env) {
- int (*gd)(const char **ret);
int r;
assert(c);
if (!credential_name_valid(c->parameter)) /* credentials with invalid names do not exist */
return false;
- FOREACH_POINTER(gd, get_credentials_dir, get_encrypted_credentials_dir) {
+ int (*gd)(const char **ret);
+ FOREACH_ARGUMENT(gd, get_credentials_dir, get_encrypted_credentials_dir) {
_cleanup_free_ char *j = NULL;
const char *cd;
/* The os-release spec mandates env-var-like key names */
if (r == 0 || isempty(word) || !env_name_is_valid(key))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
- "Failed to parse parameter, key/value format expected: %m");
+ "Failed to parse parameter, key/value format expected.");
/* Do not allow whitespace after the separator, as that's not a valid os-release format */
operator = parse_compare_operator(&word, COMPARE_ALLOW_FNMATCH|COMPARE_EQUAL_BY_STRING);
if (operator < 0 || isempty(word) || strchr(WHITESPACE, *word) != NULL)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
- "Failed to parse parameter, key/value format expected: %m");
+ "Failed to parse parameter, key/value format expected.");
r = parse_os_release(NULL, key, &actual_value);
if (r < 0)
/* Read actual value from sysfs */
if (!filename_is_valid(field))
- return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid SMBIOS field name");
+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid SMBIOS field name.");
const char *p = strjoina("/sys/class/dmi/id/", field);
r = read_virtual_file(p, SIZE_MAX, &actual_value, NULL);
end = strrchr(arg, ')');
if (!end || *(end + 1) != '\0')
- return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Malformed ConditionFirmware=%s: %m", c->parameter);
+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Malformed ConditionFirmware=%s.", c->parameter);
smbios_arg = strndup(arg, end - arg);
if (!smbios_arg)
return is_efi_secure_boot();
if (streq(c->parameter, "tpm2"))
return has_tpm2();
+ if (streq(c->parameter, "cvm"))
+ return detect_confidential_virtualization() > 0;
+ if (streq(c->parameter, "measured-uki"))
+ return efi_measured_uki(LOG_DEBUG);
return false;
}
assert(c->parameter);
assert(c->type == CONDITION_NEEDS_UPDATE);
- r = proc_cmdline_get_bool("systemd.condition-needs-update", &b);
+ r = proc_cmdline_get_bool("systemd.condition_needs_update", /* flags = */ 0, &b);
if (r < 0)
- log_debug_errno(r, "Failed to parse systemd.condition-needs-update= kernel command line argument, ignoring: %m");
+ log_debug_errno(r, "Failed to parse systemd.condition_needs_update= kernel command line argument, ignoring: %m");
if (r > 0)
return b;
assert(c->parameter);
assert(c->type == CONDITION_PATH_IS_MOUNT_POINT);
- return path_is_mount_point(c->parameter, NULL, AT_SYMLINK_FOLLOW) > 0;
+ return path_is_mount_point_full(c->parameter, /* root = */ NULL, AT_SYMLINK_FOLLOW) > 0;
}
static int condition_test_path_is_read_write(Condition *c, char **env) {
"io";
p = c->parameter;
- r = extract_many_words(&p, ":", 0, &first, &second, NULL);
+ r = extract_many_words(&p, ":", 0, &first, &second);
if (r <= 0)
return log_debug_errno(r < 0 ? r : SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s: %m", c->parameter);
/* If only one parameter is passed, then we look at the global system pressure rather than a specific cgroup. */
slice = strstrip(first);
if (!slice)
- return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s: %m", c->parameter);
+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s.", c->parameter);
r = cg_all_unified();
if (r < 0)
/* If a value including a specific timespan (in the intervals allowed by the kernel),
* parse it, otherwise we assume just a plain percentage that will be checked if it is
* smaller or equal to the current pressure average over 5 minutes. */
- r = extract_many_words(&value, "/", 0, &third, &fourth, NULL);
+ r = extract_many_words(&value, "/", 0, &third, &fourth);
if (r <= 0)
return log_debug_errno(r < 0 ? r : SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s: %m", c->parameter);
if (r == 1)
timespan = skip_leading_chars(fourth, NULL);
if (!timespan)
- return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s: %m", c->parameter);
+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s.", c->parameter);
if (startswith(timespan, "10sec"))
current = &pressure.avg10;
else if (startswith(timespan, "5min"))
current = &pressure.avg300;
else
- return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s: %m", c->parameter);
+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s.", c->parameter);
}
value = strstrip(third);
if (!value)
- return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s: %m", c->parameter);
+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s.", c->parameter);
r = parse_permyriad(value);
if (r < 0)
int triggered = -1;
- assert(!!logger == !!to_string);
-
/* If the condition list is empty, then it is true */
if (!first)
return true;
projects / thirdparty / systemd.git / blobdiff