- name: Fuzzit-Fuzzing
if: type = cron
- - name: Fuzzit-Sanity
+ - name: Fuzzit-Regression
if: type != cron
# Run Coverity periodically instead of for each commit/PR
after_script:
- $CI_MANAGERS/debian.sh CLEANUP
- - stage: Fuzzit-Sanity
- name: Continuous Fuzzing Sanity via Fuzzit (sanity)
+ - stage: Fuzzit-Regression
+ name: Continuous Fuzzing via Fuzzit (regression)
language: bash
script:
- set -e
- - $CI_MANAGERS/fuzzit.sh sanity
+ - $CI_MANAGERS/fuzzit.sh regression
- set +e
- stage: Fuzzit-Fuzzing
- name: Continuous Fuzzing Sanity via Fuzzit (fuzzing daily)
+ name: Continuous Fuzzing via Fuzzit (fuzzing daily)
language: bash
script:
- set -e
systemd System and Service Manager
-CHANGES WITH 243 in spe:
+CHANGES WITH 243:
* This release enables unprivileged programs (i.e. requiring neither
setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
been renamed to LinkLayerAddress=, and it now allows configuration of
IP addresses, too.
+ * systemd-networkd's handling of the kernel's disable_ipv6 sysctl is
+ simplified: systemd-networkd will disable the sysctl (enable IPv6) if
+ IPv6 configuration (static or DHCPv6) was found for a given
+ interface. It will not touch the sysctl otherwise.
+
+ * The order of entries is $PATH used by the user manager instance was
+ changed to put bin/ entries before the corresponding sbin/ entries.
+ It is recommended to not rely on this order, and only ever have one
+ binary with a given name in the system paths under /usr.
+
* A new tool systemd-network-generator has been added that may generate
.network, .netdev and .link files from IP configuration specified on
the kernel command line in the format used by Dracut.
* IOWeight= has learnt to properly set the IO weight when using the
BFQ scheduler officially found in kernels 5.0+.
+ * A new mailing list has been created for reporting of security issues:
+ systemd-security@redhat.com. For mode details, see
+ https://systemd.io/CONTRIBUTING#security-vulnerability-reports.
+
Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht
Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey,
Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris
Chiu, Chris Down, Christian Kellner, Clinton Roy, Connor Reeder, Daniel
Black, Daniele Medri, Dan Streetman, Dave Reisner, Dave Ross, David
- Art, David Tardon, Debarshi Ray, Dominick Grift, Donald Buczek, Douglas
- Christman, Eric DeVolder, EtherGraf, Evgeny Vereshchagin, Feldwor,
- Felix Riemann, Florian Dollinger, Francesco Pennica, Franck Bui,
- Frantisek Sumsal, Franz Pletz, frederik, Hans de Goede, Iago López
- Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob
- Unterwurzacher, Jan Klötzke, Jan Pokorný, Jan Synacek, Jeka Pats,
+ Art, David Tardon, Debarshi Ray, Dimitri John Ledkov, Dominick Grift,
+ Donald Buczek, Douglas Christman, Eric DeVolder, EtherGraf, Evgeny
+ Vereshchagin, Feldwor, Felix Riemann, Florian Dollinger, Francesco
+ Pennica, Franck Bui, Frantisek Sumsal, Franz Pletz, frederik, Hans
+ de Goede, Iago López Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer,
+ Jack, Jakob Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan
+ Pokorný, Jan Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller,
Jérémy Rosen, Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann
B. Guðmundsson, Johannes Christ, Johannes Schmitz, Jonathan Rouleau,
Jorge Niedbalski, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
Santalla, Ronan Pigott, root, RussianNeuroMancer, Sebastian Jennen,
shinygold, Shreyas Behera, Simon Schricker, Susant Sahani, Thadeu Lima
de Souza Cascardo, Theo Ouzhinski, Thiebaud Weksteen, Thomas Haller,
- Thomas Weißschuh, Tomas Mraz, Tommi Rantala, Topi Miettinen, ven,
- Wieland Hoffmann, William A. Kennington III, William Wold, Xi Ruoyao,
- Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
- Zhang Xianwei
+ Thomas Weißschuh, Tomas Mraz, Tommi Rantala, Topi Miettinen, VD-Lycos,
+ ven, Wieland Hoffmann, William A. Kennington III, William Wold, Xi
+ Ruoyao, Yuri Chornoivan, Yu Watanabe, Your Name, Zach Smith, Zbigniew
+ Jędrzejewski-Szmek, Zhang Xianwei
- – Somewhere, SOME-TI-ME
+ – Camerino, 2019-09-03
CHANGES WITH 242:
dependencies:
util-linux >= v2.27.1 required
- dbus >= 1.4.0 (strictly speaking optional, but recommended)
- NOTE: If using dbus < 1.9.18, you should override the default
- policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
+ dbus >= 1.11.0 (strictly speaking optional, but recommended)
dracut (optional)
polkit (optional)
- <command> <verb> -<TAB> should complete options, but currently does not
- systemctl add-wants,add-requires
+* systemctl status foo.service should say that it is trigger by foo.timer
+* systemctl status should know about 'systemd-analyze calendar ... --iterations='
+* systemctl list-timers foo should use .timer suffix by default
+* If timer has just OnInactiveSec=..., it should fire after a specified time
+ after being started.
Regularly:
* `1 << 3` → The boot loader honours `LoaderEntryOneShot` when set.
* `1 << 4` → The boot loader supports boot counting as described in [Automatic Boot Assessment](https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT).
* `1 << 5` → The boot loader supports looking for boot menu entries in the Extended Boot Loader Partition.
- * `1 << 6` → The boot loader spports passing a random seed to the OS.
+ * `1 << 6` → The boot loader supports passing a random seed to the OS.
* The EFI variable `LoaderRandomSeed` contains a binary random seed if set. It
is set by the boot loader to pass an entropy seed read from the ESP partition
## Filing Issues
-* We use GitHub Issues **exclusively** for tracking **bugs** and **feature** **requests** of systemd. If you are looking for help, please contact our [mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) instead.
+* We use [GitHub Issues](https://github.com/systemd/systemd/issues) **exclusively** for tracking **bugs** and **feature** **requests** of systemd. If you are looking for help, please contact [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) instead.
* We only track bugs in the **two** **most** **recently** **released** **versions** of systemd in the GitHub Issue tracker. If you are using an older version of systemd, please contact your distribution's bug tracker instead.
* When filing an issue, specify the **systemd** **version** you are experiencing the issue with. Also, indicate which **distribution** you are using.
* Please include an explanation how to reproduce the issue you are pointing out.
## Security vulnerability reports
-If you discover a security vulnerability, we'd appreciate a non-public disclosure. The issue tracker and mailing list listed above are fully public. If you need to reach systemd developers in a non-public way, report the issue in one of the "big" distributions using systemd: [Fedora](https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=systemd) (be sure to check "Security Sensitive Bug" under "Show Advanced Fields"), [Ubuntu](https://launchpad.net/ubuntu/+source/systemd/+filebug) (be sure to change "This bug contains information that is" from "Public" to "Private Security"), or [Debian](mailto:security@debian.org). Various systemd developers are active distribution maintainers and will propagate the information about the bug to other parties.
+See [reporting of security vulnerabilities](SECURITY.md).
## Posting Pull Requests
10. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
11. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
12. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released`)
-13. [After final release] Also push commits to stable, create an empty -stable branch: `git push systemd-stable origin/master:master origin/master:v${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).
+13. [After final release] Also push commits to stable, create an empty -stable branch: `git push systemd-stable origin/master:master origin/master:refs/heads/${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).
--- /dev/null
+---
+title: Reporting of security vulnerabilities
+---
+
+# Reporting of security vulnerabilities
+
+If you discover a security vulnerability, we'd appreciate a non-public disclosure. The [issue tracker](https://github.com/systemd/systemd/issues) and [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) are fully public. If you need to reach systemd developers in a non-public way, report the issue to the [systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list. The disclosure will be coordinated with distributions.
EVDEV_ABS_35=0:1960:24
EVDEV_ABS_36=113:1436:30
+# Dell XPS13 9360
+evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnDellInc.:pnXPS139360:cvr:*
+ EVDEV_ABS_00=::42
+ EVDEV_ABS_01=::60
+ EVDEV_ABS_35=::42
+ EVDEV_ABS_36=::60
+
# Dell XPS15 9550
evdev:name:SynPS/2 Synaptics TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnXPS159550*
EVDEV_ABS_00=::41
KEYBOARD_KEY_0d=down # Fn+F9 zoomout
KEYBOARD_KEY_0e=up # Fn+F10 zoomin
+###########################################################
+# System76
+###########################################################
+
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnSystem76*:pn*
+ KEYBOARD_KEY_f7=f21 # Touchpad toggle
+ KEYBOARD_KEY_f8=f21 # Touchpad toggle
+
###########################################################
# T-bao
###########################################################
sensor:modalias:acpi:KIOX000A*:dmi:bvnINSYDECorp.:bvrBYT70A.YNCHENG.WIN.007:*:svnInsyde:pnT701:*
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
+#########################################
+# GPD
+#########################################
+
+# GPD win (version 1, with the X5-Z8750 CPU)
+# Note we match all dmi fields including the BIOS date checking for all known
+# BIOS dates, since the strings are unfortunately very generic.
+# Out of a sample set of 15 similar boards only the GPDwin has board_vendor=AMI
+# and no other devices have both board_name *and* product_name set to
+# "Default string". So combined with the sensor modalias and BIOS date this
+# should be unique enough to identify the GPDwin
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd10/25/2016:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd11/18/2016:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd12/23/2016:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd12/26/2016:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd02/21/2017:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd03/20/2017:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd05/25/2017:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+ ACCEL_LOCATION=base
+
#########################################
# HP
#########################################
-# Laptops using the lis3lv02d device should have a first quirk applied
-# to them in the drivers/platform/x86/hp_accel.c in the kernel. The
-# quirk from "can play neverball" to "matches Windows 8 orientation"
-# is then applied below.
+# Most HP Laptop using the lis3lv02d device have it in the base,
+# mark these sensors as such.
sensor:modalias:platform:lis3lv02d:dmi:*svn*Hewlett-Packard*:*
- ACCEL_MOUNT_MATRIX=1, 0, 0; 0, 0, -1; 0, 1, 0
-
-# HP laptops which have the lis3lv02d device in the base, tell iio-sensor-proxy
-# about this so that the sensor is not used for display orientation
-sensor:modalias:platform:lis3lv02d:dmi:*svn*Hewlett-Packard*:*pnHPProBook4535s*
+sensor:modalias:platform:lis3lv02d:dmi:*svn*HP*:*
ACCEL_LOCATION=base
sensor:modalias:acpi:SMO8500*:dmi:*:svnHewlett-Packard:pnHPStream7Tablet:*
sensor:modalias:acpi:SMO8500*:dmi:*:svnHewlett-Packard:pnHPStream8Tablet:*
- ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
+ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
# HP Pavillion X2 10-n000nd
sensor:modalias:i2c:bmc150_accel:dmi:*:svnHewlett-Packard:pnHPPavilionx2Detachable:*:rn815D:*
sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION*:pnE3222*:*
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
+# Medion Akoya E2293 MD61130
+sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION:pnE2293MD61130:*
+ ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
+
#########################################
# MSI
#########################################
sensor:modalias:acpi:BOSC0200*:dmi:*:svnTrekStor*:pnSurfTabtwin11.6:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
+sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnPRIMEBOOKC11B:*
+ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, -1
+ ACCEL_LOCATION=display
+
+sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnPRIMEBOOKC11B:*
+ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
+ ACCEL_LOCATION=base
+
#########################################
# Umax
#########################################
touchpad:usb:v05acp0265:*
ID_INPUT_TOUCHPAD_INTEGRATION=external
+###########################################################
+# HP Elite x2 1013 G3
+###########################################################
+touchpad:usb:v044ep1221:*
+ ID_INPUT_TOUCHPAD_INTEGRATION=external
+
###########################################################
# Logitech
###########################################################
be used. If this file is empty or missing, <filename>systemd</filename> will attempt
to use the D-Bus machine ID from <filename>/var/lib/dbus/machine-id</filename>, the
value of the kernel command line option <varname>container_uuid</varname>, the KVM DMI
- <filename>product_uuid</filename> (on KVM systems), and finally a randomly generated
- UUID.</para>
+ <filename>product_uuid</filename> or the devicetree <filename>vm,uuid</filename>
+ (on KVM systems), and finally a randomly generated UUID.</para>
<para>After the machine ID is established,
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="runlevel"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- conditional="ENABLE_UTMP">
+ xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>runlevel</title>
<listitem>
<para>Stop (deactivate) one or more units specified on the command line.</para>
- <para>This command will fail if the unit does exist or if stopping of the unit is prohibited (see
+ <para>This command will fail if the unit does not exist or if stopping of the unit is prohibited (see
<varname>RefuseManualStop=</varname> in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
It will <emphasis>not</emphasis> fail if any of the commands configured to stop the unit
<varname>RuntimeDirectory=</varname> are removed when the system is rebooted.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>TimeoutCleanSec=</varname></term>
+ <listitem><para>Configures a timeout on the clean-up operation requested through <command>systemctl
+ clean …</command>, see
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+ details. Takes the usual time values and defaults to <constant>infinity</constant>, i.e. by default
+ no time-out is applied. If a time-out is configured the clean operation will be aborted forcibly when
+ the time-out is reached, potentially leaving resources on disk.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>ReadWritePaths=</varname></term>
<term><varname>ReadOnlyPaths=</varname></term>
<varlistentry>
<term><varname>LogExtraFields=</varname></term>
- <listitem><para>Configures additional log metadata fields to include in all log records generated by processes
- associated with this unit. This setting takes one or more journal field assignments in the format
- <literal>FIELD=VALUE</literal> separated by whitespace. See
- <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
- details on the journal field concept. Even though the underlying journal implementation permits binary field
- values, this setting accepts only valid UTF-8 values. To include space characters in a journal field value,
- enclose the assignment in double quotes ("). The usual specifiers are expanded in all assignments (see
- below). Note that this setting is not only useful for attaching additional metadata to log records of a unit,
- but given that all fields and values are indexed may also be used to implement cross-unit log record
- matching. Assign an empty string to reset the list.</para></listitem>
+ <listitem><para>Configures additional log metadata fields to include in all log records generated by
+ processes associated with this unit. This setting takes one or more journal field assignments in the
+ format <literal>FIELD=VALUE</literal> separated by whitespace. See
+ <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for details on the journal field concept. Even though the underlying journal implementation permits
+ binary field values, this setting accepts only valid UTF-8 values. To include space characters in a
+ journal field value, enclose the assignment in double quotes ("). <!-- " fake closing quote for emacs-->
+ The usual specifiers are expanded in all assignments (see below). Note that this setting is not only
+ useful for attaching additional metadata to log records of a unit, but given that all fields and
+ values are indexed may also be used to implement cross-unit log record matching. Assign an empty
+ string to reset the list.</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>$PATH</varname></term>
- <listitem><para>Colon-separated list of directories to use
- when launching executables. systemd uses a fixed value of
- <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
- </para></listitem>
+ <listitem><para>Colon-separated list of directories to use when launching
+ executables. <command>systemd</command> uses a fixed value of
+ <literal><filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename></literal>
+ in the system manager. When compiled for systems with "unmerged /usr" (<filename>/bin</filename> is
+ not a symlink to <filename>/usr/bin</filename>),
+ <literal>:<filename>/sbin</filename>:<filename>/bin</filename></literal> is appended. In case of the
+ the user manager, each <filename>bin/</filename> and <filename>sbin/</filename> pair is switched, so
+ that programs from <filename>/usr/bin</filename> have higher priority than programs from
+ <filename>/usr/sbin</filename>, etc. It is recommended to not rely on this in any way, and have only
+ one program with a given name in <varname>$PATH</varname>.</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>ARPIntervalSec=</varname></term>
<listitem>
- <para>Specifies the ARP link monitoring frequency in milliseconds.
- A value of 0 disables ARP monitoring. The default value is 0.
+ <para>Specifies the ARP link monitoring frequency. A value of 0 disables ARP monitoring. The
+ default value is 0, and the default unit seconds.
</para>
</listitem>
</varlistentry>
</para></listitem>
</varlistentry>
- <varlistentry>
- <term><varname>TimeoutCleanSec=</varname></term>
- <listitem><para>Configures a timeout on the clean-up operation requested through <command>systemctl
- clean …</command>, see
- <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
- details. Takes the usual time values and defaults to <constant>infinity</constant>, i.e. by default
- no time-out is applied. If a time-out is configured the clean operation will be aborted forcibly when
- the time-out is reached, potentially leaving resources on disk.</para></listitem>
- </varlistentry>
-
<varlistentry>
<term><varname>RuntimeMaxSec=</varname></term>
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
- <para>Unit files are loaded from a set of paths determined during
- compilation, described in the next section.</para>
-
- <para>Unit files can be parameterized by a single argument called the "instance name". The unit
- is then constructed based on a "template file" which serves as the definition of multiple
- services or other units. A template unit must have a single <literal>@</literal> at the end of
- the name (right before the type suffix). The name of the full unit is formed by inserting the
- instance name between <literal>@</literal> and the unit type suffix. In the unit file itself,
- the instance parameter may be referred to using <literal>%i</literal> and other specifiers, see
- below.</para>
+ <para>Unit files are loaded from a set of paths determined during compilation, described in the next
+ section.</para>
+
+ <para>Valid unit names consist of a "name prefix" and a dot and a suffix specifying the unit type. The
+ "unit prefix" must consist of one or more valid characters (ASCII letters, digits, <literal>:</literal>,
+ <literal>-</literal>, <literal>_</literal>, <literal>.</literal>, and <literal>\</literal>). The total
+ length of the unit name including the suffix must not exceed 256 characters. The type suffix must be one
+ of <literal>.service</literal>, <literal>.socket</literal>, <literal>.device</literal>,
+ <literal>.mount</literal>, <literal>.automount</literal>, <literal>.swap</literal>,
+ <literal>.target</literal>, <literal>.path</literal>, <literal>.timer</literal>,
+ <literal>.slice</literal>, or <literal>.scope</literal>.</para>
+
+ <para>Units names can be parameterized by a single argument called the "instance name". The unit is then
+ constructed based on a "template file" which serves as the definition of multiple services or other
+ units. A template unit must have a single <literal>@</literal> at the end of the name (right before the
+ type suffix). The name of the full unit is formed by inserting the instance name between
+ <literal>@</literal> and the unit type suffix. In the unit file itself, the instance parameter may be
+ referred to using <literal>%i</literal> and other specifiers, see below.</para>
<para>Unit files may contain additional options on top of those
listed here. If systemd encounters an unknown option, it will
<varname>Wants=</varname>, see below. The preferred way to create symlinks in the
<filename>.wants/</filename> or <filename>.requires/</filename> directory of a unit file is by embedding
the dependency in [Install] section of the target unit, and creating the symlink in the file system with
- the with the <command>enable</command> or <command>preset</command> commands of
+ the <command>enable</command> or <command>preset</command> commands of
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
<para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory
<term><option>-a</option></term>
<term><option>--action=<replaceable>ACTION</replaceable></option></term>
<listitem>
- <para>The action string. The special value <literal>help</literal> may be used to list
- known values.</para>
+ <para>Type of event to be simulated. Possible actions are <literal>add</literal>,
+ <literal>remove</literal>, <literal>change</literal>, <literal>move</literal>,
+ <literal>online</literal>, <literal>offline</literal>, <literal>bind</literal>,
+ and <literal>unbind</literal>. Also, the special value <literal>help</literal> can be used
+ to list the possible actions. The default value is <literal>add</literal>.</para>
</listitem>
</varlistentry>
<varlistentry>
option('dbussystemservicedir', type : 'string',
description : 'D-Bus system service directory')
option('pkgconfigdatadir', type : 'string', value : '',
- description : 'directory for ')
+ description : 'directory for arch-independent pkg-config files')
option('pkgconfiglibdir', type : 'string', value : '',
- description : 'directory for ')
+ description : 'directory for standard pkg-config files')
option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d',
description : 'directory for rpm macros ["no" disables]')
option('pamlibdir', type : 'string',
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2019-07-28 22:13+0900\n"
+"POT-Creation-Date: 2019-09-04 09:15+0900\n"
"PO-Revision-Date: 2018-10-27 07:41+0900\n"
"Last-Translator: Yu Watanabe <watanabe.yu+github@gmail.com>\n"
"Language-Team: \n"
msgstr "NTPサーバを設定するには認証が必要です。"
#: src/network/org.freedesktop.network1.policy:33
+#: src/resolve/org.freedesktop.resolve1.policy:44
msgid "Set DNS servers"
msgstr "DNSサーバの設定"
#: src/network/org.freedesktop.network1.policy:34
+#: src/resolve/org.freedesktop.resolve1.policy:45
msgid "Authentication is required to set DNS servers."
msgstr "DNSサーバを設定するには認証が必要です。"
#: src/network/org.freedesktop.network1.policy:44
+#: src/resolve/org.freedesktop.resolve1.policy:55
msgid "Set domains"
msgstr "ドメインの設定"
#: src/network/org.freedesktop.network1.policy:45
+#: src/resolve/org.freedesktop.resolve1.policy:56
msgid "Authentication is required to set domains."
msgstr "ドメインを設定するには認証が必要です。"
#: src/network/org.freedesktop.network1.policy:55
+#: src/resolve/org.freedesktop.resolve1.policy:66
msgid "Set default route"
msgstr "デフォルトルートの設定"
#: src/network/org.freedesktop.network1.policy:56
+#: src/resolve/org.freedesktop.resolve1.policy:67
msgid "Authentication is required to set default route."
msgstr "デフォルトルートを設定するには認証が必要です。"
#: src/network/org.freedesktop.network1.policy:66
+#: src/resolve/org.freedesktop.resolve1.policy:77
msgid "Enable/disable LLMNR"
msgstr "LLMNRの有効化/無効化"
#: src/network/org.freedesktop.network1.policy:67
+#: src/resolve/org.freedesktop.resolve1.policy:78
msgid "Authentication is required to enable or disable LLMNR."
msgstr "LLMNRを有効化もしくは無効化するには認証が必要です。"
#: src/network/org.freedesktop.network1.policy:77
+#: src/resolve/org.freedesktop.resolve1.policy:88
msgid "Enable/disable multicast DNS"
msgstr "マルチキャストDNSの有効化/無効化"
#: src/network/org.freedesktop.network1.policy:78
+#: src/resolve/org.freedesktop.resolve1.policy:89
msgid "Authentication is required to enable or disable multicast DNS."
msgstr "マルチキャストDNSを有効化もしくは無効化するには認証が必要です。"
#: src/network/org.freedesktop.network1.policy:88
+#: src/resolve/org.freedesktop.resolve1.policy:99
msgid "Enable/disable DNS over TLS"
msgstr "DNS over TLSの有効化/無効化"
#: src/network/org.freedesktop.network1.policy:89
+#: src/resolve/org.freedesktop.resolve1.policy:100
msgid "Authentication is required to enable or disable DNS over TLS."
msgstr "DNS over TLSを有効化もしくは無効化するには認証が必要です。"
#: src/network/org.freedesktop.network1.policy:99
+#: src/resolve/org.freedesktop.resolve1.policy:110
msgid "Enable/disable DNSSEC"
msgstr "DNSSECの有効化/無効化"
#: src/network/org.freedesktop.network1.policy:100
+#: src/resolve/org.freedesktop.resolve1.policy:111
msgid "Authentication is required to enable or disable DNSSEC."
msgstr "DNSSECを有効化もしくは無効化するには認証が必要です。"
#: src/network/org.freedesktop.network1.policy:110
+#: src/resolve/org.freedesktop.resolve1.policy:121
msgid "Set DNSSEC Negative Trust Anchors"
msgstr "DNSSEC Negative Trust Anchorsの設定"
#: src/network/org.freedesktop.network1.policy:111
+#: src/resolve/org.freedesktop.resolve1.policy:122
msgid "Authentication is required to set DNSSEC Negative Trust Anchros."
msgstr "DNSSEC Negative Trust Anchrosを設定するには認証が必要です。"
msgid "Authentication is required to unregister a DNS-SD service"
msgstr "DNS-SDサービスへの登録を解除するには認証が必要です。"
+#: src/resolve/org.freedesktop.resolve1.policy:132
+msgid "Revert name resolution settings"
+msgstr "名前解決の設定の破棄"
+
+#: src/resolve/org.freedesktop.resolve1.policy:133
+msgid "Authentication is required to reset name resolution settings."
+msgstr "名前解決の設定を破棄するには認証が必要です。"
+
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "システムの時刻設定"
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: https://github.com/systemd/systemd/issues\n"
-"POT-Creation-Date: 2019-07-29 15:34+0000\n"
-"PO-Revision-Date: 2019-07-30 20:24+0200\n"
+"POT-Creation-Date: 2019-09-03 15:30+0000\n"
+"PO-Revision-Date: 2019-09-03 19:04+0200\n"
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
"Language-Team: Polish <trans-pl@lists.fedoraproject.org>\n"
"Language: pl\n"
msgstr "Wymagane jest uwierzytelnienie, aby ustawić serwery NTP."
#: src/network/org.freedesktop.network1.policy:33
+#: src/resolve/org.freedesktop.resolve1.policy:44
msgid "Set DNS servers"
msgstr "Ustawienie serwerów DNS"
#: src/network/org.freedesktop.network1.policy:34
+#: src/resolve/org.freedesktop.resolve1.policy:45
msgid "Authentication is required to set DNS servers."
msgstr "Wymagane jest uwierzytelnienie, aby ustawić serwery DNS."
#: src/network/org.freedesktop.network1.policy:44
+#: src/resolve/org.freedesktop.resolve1.policy:55
msgid "Set domains"
msgstr "Ustawienie domen"
#: src/network/org.freedesktop.network1.policy:45
+#: src/resolve/org.freedesktop.resolve1.policy:56
msgid "Authentication is required to set domains."
msgstr "Wymagane jest uwierzytelnienie, aby ustawić domeny."
#: src/network/org.freedesktop.network1.policy:55
+#: src/resolve/org.freedesktop.resolve1.policy:66
msgid "Set default route"
msgstr "Ustawienie domyślnej trasy"
#: src/network/org.freedesktop.network1.policy:56
+#: src/resolve/org.freedesktop.resolve1.policy:67
msgid "Authentication is required to set default route."
msgstr "Wymagane jest uwierzytelnienie, aby ustawić domyślną trasę."
#: src/network/org.freedesktop.network1.policy:66
+#: src/resolve/org.freedesktop.resolve1.policy:77
msgid "Enable/disable LLMNR"
msgstr "Włączenie/wyłączenie LLMNR"
#: src/network/org.freedesktop.network1.policy:67
+#: src/resolve/org.freedesktop.resolve1.policy:78
msgid "Authentication is required to enable or disable LLMNR."
msgstr "Wymagane jest uwierzytelnienie, aby włączyć lub wyłączyć LLMNR."
#: src/network/org.freedesktop.network1.policy:77
+#: src/resolve/org.freedesktop.resolve1.policy:88
msgid "Enable/disable multicast DNS"
msgstr "Włączenie/wyłączenie multikastowego DNS"
#: src/network/org.freedesktop.network1.policy:78
+#: src/resolve/org.freedesktop.resolve1.policy:89
msgid "Authentication is required to enable or disable multicast DNS."
msgstr ""
"Wymagane jest uwierzytelnienie, aby włączyć lub wyłączyć multikastowe DNS."
#: src/network/org.freedesktop.network1.policy:88
+#: src/resolve/org.freedesktop.resolve1.policy:99
msgid "Enable/disable DNS over TLS"
msgstr "Włączenie/wyłączenie DNS przez TLS"
#: src/network/org.freedesktop.network1.policy:89
+#: src/resolve/org.freedesktop.resolve1.policy:100
msgid "Authentication is required to enable or disable DNS over TLS."
msgstr ""
"Wymagane jest uwierzytelnienie, aby włączyć lub wyłączyć DNS przez TLS."
#: src/network/org.freedesktop.network1.policy:99
+#: src/resolve/org.freedesktop.resolve1.policy:110
msgid "Enable/disable DNSSEC"
msgstr "Włączenie/wyłączenie DNSSEC"
#: src/network/org.freedesktop.network1.policy:100
+#: src/resolve/org.freedesktop.resolve1.policy:111
msgid "Authentication is required to enable or disable DNSSEC."
msgstr "Wymagane jest uwierzytelnienie, aby włączyć lub wyłączyć DNSSEC."
#: src/network/org.freedesktop.network1.policy:110
+#: src/resolve/org.freedesktop.resolve1.policy:121
msgid "Set DNSSEC Negative Trust Anchors"
msgstr "Ustawienie negatywnych kotwic zaufania DNSSEC"
#: src/network/org.freedesktop.network1.policy:111
+#: src/resolve/org.freedesktop.resolve1.policy:122
msgid "Authentication is required to set DNSSEC Negative Trust Anchros."
msgstr ""
"Wymagane jest uwierzytelnienie, aby ustawić negatywne kotwice zaufania "
msgid "Authentication is required to unregister a DNS-SD service"
msgstr "Wymagane jest uwierzytelnienie, aby wyrejestrować usługę DNS-SD"
+#: src/resolve/org.freedesktop.resolve1.policy:132
+msgid "Revert name resolution settings"
+msgstr "Przywrócenie ustawień rozwiązywania nazw"
+
+#: src/resolve/org.freedesktop.resolve1.policy:133
+msgid "Authentication is required to reset name resolution settings."
+msgstr ""
+"Wymagane jest uwierzytelnienie, aby przywrócić ustawienia rozwiązywania nazw."
+
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Ustawienie czasu systemu"
--- /dev/null
+# do not edit this file, it will be overwritten on update
+
+ACTION=="remove", GOTO="fido_id_end"
+
+SUBSYSTEM=="hidraw", IMPORT{program}="fido_id"
+
+LABEL="fido_id_end"
60-cdrom_id.rules
60-drm.rules
60-evdev.rules
+ 60-fido-id.rules
60-input-id.rules
60-persistent-alsa.rules
60-persistent-input.rules
# create autopkgtest LXC image; this sometimes fails with "Unable to fetch
# GPG key from keyserver", so retry a few times
for retry in $(seq 5); do
- sudo lxc-create -n $CONTAINER -t download -- -d $DISTRO -r $RELEASE -a $ARCH && break
+ sudo lxc-create -n $CONTAINER -t download -- -d $DISTRO -r $RELEASE -a $ARCH --keyserver hkp://keyserver.ubuntu.com:80 && break
sleep $((retry*retry))
done
__get_busnames() {
local mode=$1
local a b
- busctl $mode list --no-legend --no-pager 2>/dev/null |
+ COLUMNS=65535 busctl $mode list --no-legend --no-pager 2>/dev/null |
{ while read a b; do echo " $a"; done; };
}
#compdef bootctl -*- shell-script -*-
# SPDX-License-Identifier: LGPL-2.1+
+__bootctl() {
+ bootctl --no-pager $@ 2>/dev/null
+}
+
+_bootctl_comp_ids() {
+ local expl
+ local -a ids
+ __bootctl list | while read a b; do
+ if [[ "$a" == "id:" ]]; then
+ ids+="$b"
+ fi
+ done
+ _wanted id expl 'boot id' compadd "$@" -a ids
+}
+
+_bootctl_set-default() {
+ _bootctl_comp_ids
+}
+
+_bootctl_set-oneshot() {
+ _bootctl_comp_ids
+}
+
(( $+functions[_bootctl_commands] )) || _bootctl_commands()
{
local -a _bootctl_cmds
"install:Install systemd-boot to the ESP and EFI variables"
"update:Update systemd-boot in the ESP and EFI variables"
"remove:Remove systemd-boot from the ESP and EFI variables"
+ "random-seed:Initialize random seed in ESP and EFI variables"
+ "is-installed:Test whether systemd-boot is installed in the ESP"
+ "set-default:Set the default boot loader entry"
+ "set-oneshot:Set the default boot loader entry only for the next boot"
)
if (( CURRENT == 1 )); then
_describe -t commands 'bootctl command' _bootctl_cmds || compadd "$@"
_arguments \
{-h,--help}'[Prints a short help text and exits.]' \
'--version[Prints a short version string and exits.]' \
- '--path=[Path to the EFI System Partition (ESP)]:path:_directories' \
+ '--esp-path=[Path to the EFI System Partition (ESP)]:path:_directories' \
+ '--boot-path=[Path to the $BOOT partition]:path:_directories' \
+ {-p,--print-esp-path}'[Print path to the EFI system partition]' \
+ {-x,--print-boot-path}'[Print path to the $BOOT partition]' \
'--no-variables[Do not touch EFI variables]' \
+ '--no-pager[Do not pipe output into a pager]' \
'*::bootctl command:_bootctl_commands'
'(--directory -D -M --machine --root --file)'{-D+,--directory=}'[Show journal files from directory]:directories:_directories' \
'(--directory -D -M --machine --root --file)--root=[Operate on catalog hierarchy under specified directory]:directories:_directories' \
'(--directory -D -M --machine --root)*--file=[Operate on specified journal files]:file:_files' \
- '--new-id128[Generate a new 128 Bit ID]' \
- '--header[Show journal header information]' \
'--disk-usage[Show total disk usage]' \
- '--list-catalog[List messages in catalog]' \
'--dump-catalog[Dump messages in catalog]' \
- '--update-catalog[Update binary catalog database]' \
- '--setup-keys[Generate a new FSS key pair]' \
+ '--flush[Flush all journal data from /run into /var]' \
'--force[Force recreation of the FSS keys]' \
+ '--header[Show journal header information]' \
'--interval=[Time interval for changing the FSS sealing key]:time interval' \
- '--verify[Verify journal file consistency]' \
+ '--list-catalog[List messages in catalog]' \
+ '--new-id128[Generate a new 128 Bit ID]' \
+ '--rotate[Request immediate rotation of the journal files]' \
+ '--setup-keys[Generate a new FSS key pair]' \
+ '--sync[Synchronize unwritten journal messages to disk]' \
+ '--update-catalog[Update binary catalog database]' \
+ '--vacuum-files=[Leave only the specified number of journal files]:integer' \
+ '--vacuum-size=[Reduce disk usage below specified size]:bytes' \
+ '--vacuum-time=[Remove journal files older than specified time]:time' \
'--verify-key=[Specify FSS verification key]:FSS key' \
+ '--verify[Verify journal file consistency]' \
'*::default: _journalctl_none'
free_and_replace(value, expanded_value);
+ log_debug("%s:%u: setting %s=%s", filename, line, key, value);
+
return load_env_file_push(filename, line, key, value, env, n_pushed);
}
if (unit)
log_syntax(unit, LOG_WARNING, filename, line, 0,
- "%s has %04o mode that is too permissive, please adjust the access mode.",
+ "%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
filename, st->st_mode & 07777);
else
- log_warning("%s has %04o mode that is too permissive, please adjust the access mode.",
+ log_warning("%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
filename, st->st_mode & 07777);
return 0;
}
#include "time-util.h"
#define PATH_SPLIT_SBIN_BIN(x) x "sbin:" x "bin"
+#define PATH_SPLIT_BIN_SBIN(x) x "bin:" x "sbin"
#define PATH_SPLIT_SBIN_BIN_NULSTR(x) x "sbin\0" x "bin\0"
#define PATH_NORMAL_SBIN_BIN(x) x "bin"
+#define PATH_NORMAL_BIN_SBIN(x) x "bin"
#define PATH_NORMAL_SBIN_BIN_NULSTR(x) x "bin\0"
#if HAVE_SPLIT_BIN
# define PATH_SBIN_BIN(x) PATH_SPLIT_SBIN_BIN(x)
+# define PATH_BIN_SBIN(x) PATH_SPLIT_BIN_SBIN(x)
# define PATH_SBIN_BIN_NULSTR(x) PATH_SPLIT_SBIN_BIN_NULSTR(x)
#else
# define PATH_SBIN_BIN(x) PATH_NORMAL_SBIN_BIN(x)
+# define PATH_BIN_SBIN(x) PATH_NORMAL_BIN_SBIN(x)
# define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x)
#endif
#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/")
+#define DEFAULT_USER_PATH_NORMAL PATH_BIN_SBIN("/usr/local/") ":" PATH_BIN_SBIN("/usr/")
#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/")
#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/")
+#define DEFAULT_USER_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_BIN_SBIN("/")
#define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/")
#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/")
#if HAVE_SPLIT_USR
# define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR
+# define DEFAULT_USER_PATH DEFAULT_USER_PATH_SPLIT_USR
# define DEFAULT_PATH_NULSTR DEFAULT_PATH_SPLIT_USR_NULSTR
#else
# define DEFAULT_PATH DEFAULT_PATH_NORMAL
+# define DEFAULT_USER_PATH DEFAULT_USER_PATH_NORMAL
# define DEFAULT_PATH_NULSTR DEFAULT_PATH_NORMAL_NULSTR
#endif
_found; \
})
+#define ENDSWITH_SET(p, ...) \
+ ({ \
+ const char *_p = (p); \
+ char *_found = NULL, **_i; \
+ STRV_FOREACH(_i, STRV_MAKE(__VA_ARGS__)) { \
+ _found = endswith(_p, *_i); \
+ if (_found) \
+ break; \
+ } \
+ _found; \
+ })
+
#define FOREACH_STRING(x, y, ...) \
for (char **_l = STRV_MAKE(({ x = y; }), ##__VA_ARGS__); \
x; \
return fd;
}
-bool valid_user_group_name(const char *u) {
+bool valid_user_group_name_full(const char *u, bool strict) {
const char *i;
long sz;
/* Checks if the specified name is a valid user/group name. Also see POSIX IEEE Std 1003.1-2008, 2016 Edition,
* 3.437. We are a bit stricter here however. Specifically we deviate from POSIX rules:
*
- * - We don't allow any dots (this would break chown syntax which permits dots as user/group name separator)
* - We require that names fit into the appropriate utmp field
* - We don't allow empty user names
+ * - No dots or digits in the first character
+ *
+ * If strict==true, additionally:
+ * - We don't allow any dots (this conflicts with chown syntax which permits dots as user/group name separator)
*
* Note that other systems are even more restrictive, and don't permit underscores or uppercase characters.
*/
u[0] != '_')
return false;
+ bool warned = false;
+
for (i = u+1; *i; i++) {
- if (!(*i >= 'a' && *i <= 'z') &&
- !(*i >= 'A' && *i <= 'Z') &&
- !(*i >= '0' && *i <= '9') &&
- !IN_SET(*i, '_', '-'))
- return false;
+ if (((*i >= 'a' && *i <= 'z') ||
+ (*i >= 'A' && *i <= 'Z') ||
+ (*i >= '0' && *i <= '9') ||
+ IN_SET(*i, '_', '-')))
+ continue;
+
+ if (*i == '.' && !strict) {
+ if (!warned) {
+ log_warning("Bad user or group name \"%s\", accepting for compatibility.", u);
+ warned = true;
+ }
+
+ continue;
+ }
+
+ return false;
}
sz = sysconf(_SC_LOGIN_NAME_MAX);
return true;
}
-bool valid_user_group_name_or_id(const char *u) {
+bool valid_user_group_name_or_id_full(const char *u, bool strict) {
- /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the right
- * range, and not the invalid user ids. */
+ /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the
+ * right range, and not the invalid user ids. */
if (isempty(u))
return false;
- if (valid_user_group_name(u))
+ if (valid_user_group_name_full(u, strict))
return true;
return parse_uid(u, NULL) >= 0;
return access("/proc/self/uid_map", F_OK) >= 0;
}
-bool valid_user_group_name(const char *u);
-bool valid_user_group_name_or_id(const char *u);
+bool valid_user_group_name_full(const char *u, bool strict);
+bool valid_user_group_name_or_id_full(const char *u, bool strict);
+static inline bool valid_user_group_name(const char *u) {
+ return valid_user_group_name_full(u, true);
+}
+static inline bool valid_user_group_name_or_id(const char *u) {
+ return valid_user_group_name_or_id_full(u, true);
+}
+static inline bool valid_user_group_name_compat(const char *u) {
+ return valid_user_group_name_full(u, false);
+}
+static inline bool valid_user_group_name_or_id_compat(const char *u) {
+ return valid_user_group_name_or_id_full(u, false);
+}
bool valid_gecos(const char *d);
bool valid_home(const char *p);
const char *vendor;
int id;
} dmi_vendor_table[] = {
- { "KVM", VIRTUALIZATION_KVM },
- { "QEMU", VIRTUALIZATION_QEMU },
- /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
- { "VMware", VIRTUALIZATION_VMWARE },
- { "VMW", VIRTUALIZATION_VMWARE },
- { "innotek GmbH", VIRTUALIZATION_ORACLE },
- { "Xen", VIRTUALIZATION_XEN },
- { "Bochs", VIRTUALIZATION_BOCHS },
- { "Parallels", VIRTUALIZATION_PARALLELS },
+ { "KVM", VIRTUALIZATION_KVM },
+ { "QEMU", VIRTUALIZATION_QEMU },
+ { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */
+ { "VMW", VIRTUALIZATION_VMWARE },
+ { "innotek GmbH", VIRTUALIZATION_ORACLE },
+ { "Oracle Corporation", VIRTUALIZATION_ORACLE },
+ { "Xen", VIRTUALIZATION_XEN },
+ { "Bochs", VIRTUALIZATION_BOCHS },
+ { "Parallels", VIRTUALIZATION_PARALLELS },
/* https://wiki.freebsd.org/bhyve */
- { "BHYVE", VIRTUALIZATION_BHYVE },
+ { "BHYVE", VIRTUALIZATION_BHYVE },
};
unsigned i;
int r;
flags |= UNIT_PRIVATE;
if (streq(name, "User"))
- return bus_set_transient_user(u, name, &c->user, message, flags, error);
+ return bus_set_transient_user_compat(u, name, &c->user, message, flags, error);
if (streq(name, "Group"))
- return bus_set_transient_user(u, name, &c->group, message, flags, error);
+ return bus_set_transient_user_compat(u, name, &c->group, message, flags, error);
if (streq(name, "TTYPath"))
return bus_set_transient_path(u, name, &c->tty_path, message, flags, error);
if (r < 0)
return r;
- STRV_FOREACH(p, l) {
- if (!isempty(*p) && !valid_user_group_name_or_id(*p))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid supplementary group names");
- }
+ STRV_FOREACH(p, l)
+ if (!isempty(*p) && !valid_user_group_name_or_id_compat(*p))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+ "Invalid supplementary group names");
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
if (strv_isempty(l)) {
return bus_set_transient_fdname(u, name, &s->fdname, message, flags, error);
if (streq(name, "SocketUser"))
- return bus_set_transient_user(u, name, &s->user, message, flags, error);
+ return bus_set_transient_user_compat(u, name, &s->user, message, flags, error);
if (streq(name, "SocketGroup"))
- return bus_set_transient_user(u, name, &s->group, message, flags, error);
+ return bus_set_transient_user_compat(u, name, &s->group, message, flags, error);
if (streq(name, "BindIPv6Only"))
return bus_set_transient_bind_ipv6_only(u, name, &s->bind_ipv6_only, message, flags, error);
BUS_DEFINE_SET_TRANSIENT(mode_t, "u", uint32_t, mode_t, "%040o");
BUS_DEFINE_SET_TRANSIENT(unsigned, "u", uint32_t, unsigned, "%" PRIu32);
-BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user, valid_user_group_name_or_id);
+BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user_compat, valid_user_group_name_or_id_compat);
BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(path, path_is_absolute);
int bus_set_transient_string(
int bus_set_transient_mode_t(Unit *u, const char *name, mode_t *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
int bus_set_transient_unsigned(Unit *u, const char *name, unsigned *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
-int bus_set_transient_user(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
+int bus_set_transient_user_compat(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
int bus_set_transient_path(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
int bus_set_transient_string(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
int bus_set_transient_bool(Unit *u, const char *name, bool *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
`$1.WorkingDirectory, config_parse_working_directory, 0, offsetof($1, exec_context)
$1.RootDirectory, config_parse_unit_path_printf, true, offsetof($1, exec_context.root_directory)
$1.RootImage, config_parse_unit_path_printf, true, offsetof($1, exec_context.root_image)
-$1.User, config_parse_user_group, 0, offsetof($1, exec_context.user)
-$1.Group, config_parse_user_group, 0, offsetof($1, exec_context.group)
-$1.SupplementaryGroups, config_parse_user_group_strv, 0, offsetof($1, exec_context.supplementary_groups)
+$1.User, config_parse_user_group_compat, 0, offsetof($1, exec_context.user)
+$1.Group, config_parse_user_group_compat, 0, offsetof($1, exec_context.group)
+$1.SupplementaryGroups, config_parse_user_group_strv_compat, 0, offsetof($1, exec_context.supplementary_groups)
$1.Nice, config_parse_exec_nice, 0, offsetof($1, exec_context)
$1.OOMScoreAdjust, config_parse_exec_oom_score_adjust, 0, offsetof($1, exec_context)
$1.IOSchedulingClass, config_parse_exec_io_class, 0, offsetof($1, exec_context)
Socket.ExecStopPre, config_parse_exec, SOCKET_EXEC_STOP_PRE, offsetof(Socket, exec_command)
Socket.ExecStopPost, config_parse_exec, SOCKET_EXEC_STOP_POST, offsetof(Socket, exec_command)
Socket.TimeoutSec, config_parse_sec_fix_0, 0, offsetof(Socket, timeout_usec)
-Socket.SocketUser, config_parse_user_group, 0, offsetof(Socket, user)
-Socket.SocketGroup, config_parse_user_group, 0, offsetof(Socket, group)
+Socket.SocketUser, config_parse_user_group_compat, 0, offsetof(Socket, user)
+Socket.SocketGroup, config_parse_user_group_compat, 0, offsetof(Socket, group)
Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode)
Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept)
return 0;
}
-int config_parse_user_group(
+int config_parse_user_group_compat(
const char *unit,
const char *filename,
unsigned line,
return -ENOEXEC;
}
- if (!valid_user_group_name_or_id(k)) {
+ if (!valid_user_group_name_or_id_compat(k)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
return -ENOEXEC;
}
return free_and_replace(*user, k);
}
-int config_parse_user_group_strv(
+int config_parse_user_group_strv_compat(
const char *unit,
const char *filename,
unsigned line,
return -ENOEXEC;
}
- if (!valid_user_group_name_or_id(k)) {
+ if (!valid_user_group_name_or_id_compat(k)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
return -ENOEXEC;
}
CONFIG_PARSER_PROTOTYPE(config_parse_working_directory);
CONFIG_PARSER_PROTOTYPE(config_parse_fdname);
CONFIG_PARSER_PROTOTYPE(config_parse_sec_fix_0);
-CONFIG_PARSER_PROTOTYPE(config_parse_user_group);
-CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv);
+CONFIG_PARSER_PROTOTYPE(config_parse_user_group_compat);
+CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv_compat);
CONFIG_PARSER_PROTOTYPE(config_parse_restrict_namespaces);
CONFIG_PARSER_PROTOTYPE(config_parse_bind_paths);
CONFIG_PARSER_PROTOTYPE(config_parse_exec_keyring_mode);
log_info("Initializing machine ID from KVM UUID.");
return 0;
}
+ /* on POWER, it's exported here instead */
+ if (id128_read("/sys/firmware/devicetree/base/vm,uuid", ID128_UUID, ret) >= 0) {
+ log_info("Initializing machine ID from KVM UUID.");
+ return 0;
+ }
}
}
}
int manager_default_environment(Manager *m) {
+ int r;
+
assert(m);
m->transient_environment = strv_free(m->transient_environment);
* /proc/self/environ valid; it is used for tagging
* the init process inside containers. */
m->transient_environment = strv_new("PATH=" DEFAULT_PATH);
+ if (!m->transient_environment)
+ return log_oom();
/* Import locale variables LC_*= from configuration */
(void) locale_setup(&m->transient_environment);
- } else
+ } else {
+ _cleanup_free_ char *k = NULL;
+
/* The user manager passes its own environment
- * along to its children. */
+ * along to its children, except for $PATH. */
m->transient_environment = strv_copy(environ);
+ if (!m->transient_environment)
+ return log_oom();
- if (!m->transient_environment)
- return log_oom();
+ k = strdup("PATH=" DEFAULT_USER_PATH);
+ if (!k)
+ return log_oom();
+
+ r = strv_env_replace(&m->transient_environment, k);
+ if (r < 0)
+ return log_oom();
+ TAKE_PTR(k);
+ }
sanitize_environment(m->transient_environment);
manager_preset_all(m);
- r = lookup_paths_reduce(&m->lookup_paths);
- if (r < 0)
- log_warning_errno(r, "Failed to reduce unit file paths, ignoring: %m");
+ lookup_paths_log(&m->lookup_paths);
{
/* This block is (optionally) done with the reloading counter bumped */
(void) manager_run_environment_generators(m);
(void) manager_run_generators(m);
- r = lookup_paths_reduce(&m->lookup_paths);
- if (r < 0)
- log_warning_errno(r, "Failed to reduce unit file paths, ignoring: %m");
+ lookup_paths_log(&m->lookup_paths);
/* We flushed out generated files, for which we don't watch mtime, so we should flush the old map. */
manager_free_unit_name_maps(m);
install_data('org.freedesktop.systemd1.conf',
install_dir : dbuspolicydir)
-install_data('org.freedesktop.systemd1.service',
- install_dir : dbussystemservicedir)
policy = configure_file(
input : 'org.freedesktop.systemd1.policy.in',
m->exec_runtime = exec_runtime_unref(m->exec_runtime, true);
- exec_context_destroy_runtime_directory(&m->exec_context, UNIT(m)->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+ unit_destroy_runtime_directory(UNIT(m), &m->exec_context);
unit_unref_uid_gid(UNIT(m), true);
.active_state = mount_active_state,
.sub_state_to_string = mount_sub_state_to_string,
+ .will_restart = unit_will_restart_default,
+
.may_gc = mount_may_gc,
.sigchld_event = mount_sigchld_event,
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1+
-#
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-[D-BUS Service]
-Name=org.freedesktop.systemd1
-Exec=/bin/false
-User=root
return true;
if (s->state == SERVICE_AUTO_RESTART)
return true;
- if (!UNIT(s)->job)
- return false;
- if (UNIT(s)->job->type == JOB_START)
- return true;
- return false;
+ return unit_will_restart_default(u);
}
static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart) {
/* We want fresh tmpdirs in case service is started again immediately */
s->exec_runtime = exec_runtime_unref(s->exec_runtime, true);
- if (s->exec_context.runtime_directory_preserve_mode == EXEC_PRESERVE_NO ||
- (s->exec_context.runtime_directory_preserve_mode == EXEC_PRESERVE_RESTART && !service_will_restart(UNIT(s))))
- /* Also, remove the runtime directory */
- exec_context_destroy_runtime_directory(&s->exec_context, UNIT(s)->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+ /* Also, remove the runtime directory */
+ unit_destroy_runtime_directory(UNIT(s), &s->exec_context);
/* Get rid of the IPC bits of the user */
unit_unref_uid_gid(UNIT(s), true);
s->exec_runtime = exec_runtime_unref(s->exec_runtime, true);
- exec_context_destroy_runtime_directory(&s->exec_context, UNIT(s)->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+ unit_destroy_runtime_directory(UNIT(s), &s->exec_context);
unit_unref_uid_gid(UNIT(s), true);
.active_state = socket_active_state,
.sub_state_to_string = socket_sub_state_to_string,
+ .will_restart = unit_will_restart_default,
+
.may_gc = socket_may_gc,
.sigchld_event = socket_sigchld_event,
s->exec_runtime = exec_runtime_unref(s->exec_runtime, true);
- exec_context_destroy_runtime_directory(&s->exec_context, UNIT(s)->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+ unit_destroy_runtime_directory(UNIT(s), &s->exec_context);
unit_unref_uid_gid(UNIT(s), true);
.active_state = swap_active_state,
.sub_state_to_string = swap_sub_state_to_string,
+ .will_restart = unit_will_restart_default,
+
.may_gc = swap_may_gc,
.sigchld_event = swap_sigchld_event,
int unit_start(Unit *u) {
UnitActiveState state;
Unit *following;
- int r;
assert(u);
* still be useful to speed up activation in case there is some hold-off time, but we don't want to
* recheck the condition in that case. */
if (state != UNIT_ACTIVATING &&
- !unit_test_condition(u)) {
-
- /* Let's also check the start limit here. Normally, the start limit is only checked by the
- * .start() method of the unit type after it did some additional checks verifying everything
- * is in order (so that those other checks can propagate errors properly). However, if a
- * condition check doesn't hold we don't get that far but we should still ensure we are not
- * called in a tight loop without a rate limit check enforced, hence do the check here. Note
- * that ECOMM is generally not a reason for a job to fail, unlike most other errors here,
- * hence the chance is big that any triggering unit for us will trigger us again. Note this
- * condition check is a bit different from the condition check inside the per-unit .start()
- * function, as this one will not change the unit's state in any way (and we shouldn't here,
- * after all the condition failed). */
-
- r = unit_test_start_limit(u);
- if (r < 0)
- return r;
-
+ !unit_test_condition(u))
return log_unit_debug_errno(u, SYNTHETIC_ERRNO(ECOMM), "Starting requested but condition failed. Not starting unit.");
- }
/* If the asserts failed, fail the entire job */
if (state != UNIT_ACTIVATING &&
return false;
}
+bool unit_will_restart_default(Unit *u) {
+ assert(u);
+
+ if (!u->job)
+ return false;
+ if (u->job->type == JOB_START)
+ return true;
+
+ return false;
+}
+
bool unit_will_restart(Unit *u) {
assert(u);
return 0;
}
+void unit_destroy_runtime_directory(Unit *u, const ExecContext *context) {
+ if (context->runtime_directory_preserve_mode == EXEC_PRESERVE_NO ||
+ (context->runtime_directory_preserve_mode == EXEC_PRESERVE_RESTART && !unit_will_restart(u)))
+ exec_context_destroy_runtime_directory(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+}
+
int unit_clean(Unit *u, ExecCleanMask mask) {
UnitActiveState state;
bool unit_stop_pending(Unit *u) _pure_;
bool unit_inactive_or_pending(Unit *u) _pure_;
bool unit_active_or_pending(Unit *u);
+bool unit_will_restart_default(Unit *u);
bool unit_will_restart(Unit *u);
int unit_add_default_target_dependency(Unit *u, Unit *target);
int unit_test_trigger_loaded(Unit *u);
+void unit_destroy_runtime_directory(Unit *u, const ExecContext *context);
int unit_clean(Unit *u, ExecCleanMask mask);
int unit_can_clean(Unit *u, ExecCleanMask *ret_mask);
if (r < 0)
return r;
+ if (DEBUG_LOGGING) {
+ _cleanup_free_ char *t;
+
+ t = strv_join(dirs, "\n\t");
+ log_debug("Looking for environment.d files in (higher priority first):\n\t%s", strna(t));
+ }
+
*ret = TAKE_PTR(dirs);
return 0;
}
* that in case of failure, a partial update is better than none. */
STRV_FOREACH(i, files) {
+ log_debug("Reading %s…", *i);
+
r = merge_env_file(&env, NULL, *i);
if (r == -ENOMEM)
return r;
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_(unlink_tempfilep) char name[] = "/tmp/fuzz-catalog.XXXXXX";
_cleanup_close_ int fd = -1;
- _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+ _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL;
if (!getenv("SYSTEMD_LOG_LEVEL"))
log_set_max_level(LOG_CRIT);
- assert_se(h = hashmap_new(&catalog_hash_ops));
+ assert_se(h = ordered_hashmap_new(&catalog_hash_ops));
fd = mkostemp_safe(name);
assert_se(fd >= 0);
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include <linux/hid.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "fido_id/fido_id_desc.h"
+#include "fuzz.h"
+#include "log.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ /* We don't want to fill the logs with messages about parse errors.
+ * Disable most logging if not running standalone */
+ if (!getenv("SYSTEMD_LOG_LEVEL"))
+ log_set_max_level(LOG_CRIT);
+
+ if (size > HID_MAX_DESCRIPTOR_SIZE)
+ return 0;
+ (void) is_fido_security_token_desc(data, size);
+
+ return 0;
+}
--- /dev/null
+"\xfe"
+"\x00"
+"\x01"
+"\xf1"
+"\xd0"
+"\xf1\xd0\x00\x01"
[['src/fuzz/fuzz-time-util.c'],
[libshared],
[]],
+
+ [['src/fuzz/fuzz-fido-id-desc.c',
+ 'src/udev/fido_id/fido_id_desc.c'],
+ [],
+ []]
]
return r;
r = id128_read("/sys/class/dmi/id/product_uuid", ID128_UUID, &c->uuid);
+ if (r == -ENOENT)
+ r = id128_read("/sys/firmware/devicetree/base/vm,uuid", ID128_UUID, &c->uuid);
if (r < 0)
log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r,
"Failed to read product UUID, ignoring: %m");
}
static int finish_item(
- Hashmap *h,
+ OrderedHashmap *h,
sd_id128_t id,
const char *language,
char *payload, size_t payload_size) {
strcpy(i->language, language);
}
- prev = hashmap_get(h, i);
+ prev = ordered_hashmap_get(h, i);
if (prev) {
/* Already have such an item, combine them */
combined = combine_entries(payload, prev);
if (!combined)
return log_oom();
- if (hashmap_update(h, i, combined) < 0)
+ if (ordered_hashmap_update(h, i, combined) < 0)
return log_oom();
combined = NULL;
} else {
if (!combined)
return log_oom();
- if (hashmap_put(h, i, combined) < 0)
+ if (ordered_hashmap_put(h, i, combined) < 0)
return log_oom();
i = NULL;
combined = NULL;
return 0;
}
-int catalog_import_file(Hashmap *h, const char *path) {
+int catalog_import_file(OrderedHashmap *h, const char *path) {
_cleanup_fclose_ FILE *f = NULL;
_cleanup_free_ char *payload = NULL;
size_t payload_size = 0, payload_allocated = 0;
_cleanup_strv_free_ char **files = NULL;
char **f;
_cleanup_(strbuf_cleanupp) struct strbuf *sb = NULL;
- _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+ _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL;
_cleanup_free_ CatalogItem *items = NULL;
ssize_t offset;
char *payload;
int r;
int64_t sz;
- h = hashmap_new(&catalog_hash_ops);
+ h = ordered_hashmap_new(&catalog_hash_ops);
sb = strbuf_new();
if (!h || !sb)
return log_oom();
return log_error_errno(r, "Failed to import file '%s': %m", *f);
}
- if (hashmap_size(h) <= 0) {
+ if (ordered_hashmap_size(h) <= 0) {
log_info("No items in catalog.");
return 0;
} else
- log_debug("Found %u items in catalog.", hashmap_size(h));
+ log_debug("Found %u items in catalog.", ordered_hashmap_size(h));
- items = new(CatalogItem, hashmap_size(h));
+ items = new(CatalogItem, ordered_hashmap_size(h));
if (!items)
return log_oom();
n = 0;
- HASHMAP_FOREACH_KEY(payload, i, h, j) {
+ ORDERED_HASHMAP_FOREACH_KEY(payload, i, h, j) {
log_debug("Found " SD_ID128_FORMAT_STR ", language %s",
SD_ID128_FORMAT_VAL(i->id),
isempty(i->language) ? "C" : i->language);
items[n++] = *i;
}
- assert(n == hashmap_size(h));
+ assert(n == ordered_hashmap_size(h));
typesafe_qsort(items, n, catalog_compare_func);
strbuf_complete(sb);
#include "hashmap.h"
#include "strbuf.h"
-int catalog_import_file(Hashmap *h, const char *path);
+int catalog_import_file(OrderedHashmap *h, const char *path);
int catalog_update(const char* database, const char* root, const char* const* dirs);
int catalog_get(const char* database, sd_id128_t id, char **data);
int catalog_list(FILE *f, const char* database, bool oneline);
NULL
};
-static Hashmap* test_import(const char* contents, ssize_t size, int code) {
+static OrderedHashmap* test_import(const char* contents, ssize_t size, int code) {
_cleanup_(unlink_tempfilep) char name[] = "/tmp/test-catalog.XXXXXX";
_cleanup_close_ int fd;
- Hashmap *h;
+ OrderedHashmap *h;
if (size < 0)
size = strlen(contents);
- assert_se(h = hashmap_new(&catalog_hash_ops));
+ assert_se(h = ordered_hashmap_new(&catalog_hash_ops));
fd = mkostemp_safe(name);
assert_se(fd >= 0);
}
static void test_catalog_import_invalid(void) {
- _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+ _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL;
h = test_import("xxx", -1, -EINVAL);
- assert_se(hashmap_isempty(h));
+ assert_se(ordered_hashmap_isempty(h));
}
static void test_catalog_import_badid(void) {
- _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+ _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL;
const char *input =
"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededede\n" \
"Subject: message\n" \
}
static void test_catalog_import_one(void) {
- _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+ _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL;
char *payload;
Iterator j;
"payload\n";
h = test_import(input, -1, 0);
- assert_se(hashmap_size(h) == 1);
+ assert_se(ordered_hashmap_size(h) == 1);
- HASHMAP_FOREACH(payload, h, j) {
+ ORDERED_HASHMAP_FOREACH(payload, h, j) {
printf("expect: %s\n", expect);
printf("actual: %s\n", payload);
assert_se(streq(expect, payload));
}
static void test_catalog_import_merge(void) {
- _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+ _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL;
char *payload;
Iterator j;
"override payload\n";
h = test_import(input, -1, 0);
- assert_se(hashmap_size(h) == 1);
+ assert_se(ordered_hashmap_size(h) == 1);
- HASHMAP_FOREACH(payload, h, j) {
+ ORDERED_HASHMAP_FOREACH(payload, h, j) {
assert_se(streq(combined, payload));
}
}
static void test_catalog_import_merge_no_body(void) {
- _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+ _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL;
char *payload;
Iterator j;
"payload\n";
h = test_import(input, -1, 0);
- assert_se(hashmap_size(h) == 1);
+ assert_se(ordered_hashmap_size(h) == 1);
- HASHMAP_FOREACH(payload, h, j) {
+ ORDERED_HASHMAP_FOREACH(payload, h, j) {
assert_se(streq(combined, payload));
}
}
PRETTY_NAME="Linux $KERNEL_VERSION"
fi
-declare -a BOOT_OPTIONS
-
if [[ -f /etc/kernel/cmdline ]]; then
read -r -d '' -a BOOT_OPTIONS < /etc/kernel/cmdline
-fi
+elif [[ -f /usr/lib/kernel/cmdline ]]; then
+ read -r -d '' -a BOOT_OPTIONS < /usr/lib/kernel/cmdline
+else
+ declare -a BOOT_OPTIONS
-if ! [[ ${BOOT_OPTIONS[*]} ]]; then
read -r -d '' -a line < /proc/cmdline
for i in "${line[@]}"; do
[[ "${i#initrd=*}" != "$i" ]] && continue
done
fi
-if ! [[ ${BOOT_OPTIONS[*]} ]]; then
- echo "Could not determine the kernel command line parameters." >&2
- echo "Please specify the kernel command line in /etc/kernel/cmdline!" >&2
- exit 1
-fi
-
if [[ -f /etc/kernel/tries ]]; then
read -r TRIES </etc/kernel/tries
if ! [[ "$TRIES" =~ ^[0-9]+$ ]] ; then
b->bus_client = true;
b->is_user = true;
- /* We don't do any per-method access control on the user
- * bus. */
+ /* We don't do any per-method access control on the user bus. */
b->trusted = true;
b->is_local = true;
#define DEFAULT_BUS_PATH "unix:path=/run/dbus/system_bus_socket"
+static struct context c = {};
+static int happy_finder_object = 0;
+
+static int happy_finder(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+ assert(userdata);
+ assert(userdata == &c);
+
+#ifndef __cplusplus
+ log_info("%s called", __func__);
+#endif
+
+ happy_finder_object++;
+ *found = &happy_finder_object;
+ return 1; /* found */
+}
+
static void test_vtable(void) {
sd_bus *bus = NULL;
- struct context c = {};
int r;
assert(sd_bus_new(&bus) >= 0);
assert(sd_bus_add_object_vtable(bus, NULL, "/foo", "org.freedesktop.systemd.testVtable221",
(const sd_bus_vtable *)vtable_format_221, &c) >= 0);
+ assert(sd_bus_add_fallback_vtable(bus, NULL, "/fallback", "org.freedesktop.systemd.testVtable2", test_vtable_2, happy_finder, &c) >= 0);
+
assert(sd_bus_set_address(bus, DEFAULT_BUS_PATH) >= 0);
r = sd_bus_start(bus);
assert(r == 0 || /* success */
r == -ENOENT /* dbus is inactive */ );
#ifndef __cplusplus
- _cleanup_free_ char *s = NULL;
+ _cleanup_free_ char *s, *s2;
assert_se(introspect_path(bus, "/foo", NULL, false, true, NULL, &s, NULL) == 1);
fputs(s, stdout);
+
+ assert_se(introspect_path(bus, "/fallback", NULL, false, true, NULL, &s2, NULL) == 1);
+ fputs(s2, stdout);
+
+ assert_se(happy_finder_object == 1);
#endif
sd_bus_unref(bus);
static const sd_bus_vtable test_vtable_2[] = {
SD_BUS_VTABLE_START(0),
- SD_BUS_METHOD("AlterSomething", "s", "s", handler, 0),
+ SD_BUS_METHOD("AlterSomething", "s", "s", handler, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("Exit", "", "", handler, 0),
SD_BUS_METHOD_WITH_OFFSET("AlterSomething2", "s", "s", handler, 200, 0),
SD_BUS_METHOD_WITH_OFFSET("Exit2", "", "", handler, 200, 0),
return network_link_get_string(ifindex, "TIMEZONE", ret);
}
+_public_ int sd_network_link_get_dhcp4_address(int ifindex, char **ret) {
+ return network_link_get_string(ifindex, "DHCP4_ADDRESS", ret);
+}
+
_public_ int sd_network_link_get_dns(int ifindex, char ***ret) {
return network_link_get_strv(ifindex, "DNS", ret);
}
if (r < 0)
return log_error_errno(r, "Failed to add message to set: %m");
- /* We overide any previously requested brightness here: we coalesce writes, and the newest
+ /* We override any previously requested brightness here: we coalesce writes, and the newest
* requested brightness is the one we'll put into effect. */
existing->brightness = brightness;
existing->again = true; /* request another iteration of the writer when the current one is
Session *session;
assert(m);
- assert(message);
assert(ret);
if (SEAT_IS_SELF(name)) /* the caller's own session */
sd_event_source_unref(i->event_source);
safe_close(i->fifo_fd);
+ hashmap_remove(i->manager->inhibitors, i->id);
+
/* Note that we don't remove neither the state file nor the fifo path here, since we want both to
* survive daemon restarts */
free(i->state_file);
free(i->fifo_path);
- hashmap_remove(i->manager->inhibitors, i->id);
-
return mfree(i);
}
return -ENOMEM;
message = sd_bus_get_current_message(bus);
- if (!message)
- return 0;
r = manager_get_session_from_creds(m, message, e, error, &session);
if (r == -ENXIO) {
if (!sa->key_file)
return 0;
+ (void) warn_file_is_world_accessible(sa->key_file, NULL, NULL, 0);
+
r = read_full_file_full(sa->key_file, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX, (char **) &key, &key_len);
if (r < 0)
return log_netdev_error_errno(netdev, r,
STRV_FOREACH(f, files) {
r = netdev_load_one(manager, *f);
if (r < 0)
- return r;
+ log_error_errno(r, "Failed to load %s, ignoring: %m", *f);
}
return 0;
assert(dest);
+ (void) warn_file_is_world_accessible(filename, NULL, NULL, 0);
+
r = read_full_file_full(filename, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64, &key, &key_len);
if (r < 0)
return r;
int ifindex) {
_cleanup_free_ struct local_address *local = NULL;
+ _cleanup_free_ char *dhcp4_address = NULL;
int r, n, i;
assert(rtnl);
if (n < 0)
return n;
+ (void) sd_network_link_get_dhcp4_address(ifindex, &dhcp4_address);
+
for (i = 0; i < n; i++) {
_cleanup_free_ char *pretty = NULL;
if (r < 0)
return r;
+ if (dhcp4_address && streq(pretty, dhcp4_address)) {
+ _cleanup_free_ char *p = NULL;
+
+ p = pretty;
+ pretty = strjoin(pretty , " (DHCP4)");
+ if (!pretty)
+ return log_oom();
+ }
+
if (ifindex <= 0) {
char name[IF_NAMESIZE+1];
assert(link->manager->rtnl);
assert(callback);
- if (address->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) {
- log_link_warning(link, "An IPv6 address is requested, but IPv6 is disabled by sysctl, ignoring.");
- return 0;
- }
-
/* If this is a new address, then refuse adding more than the limit */
if (address_get(link, address->family, &address->in_addr, address->prefixlen, NULL) <= 0 &&
set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX)
assert(link);
assert(link->dhcp_lease);
- log_link_warning(link, "DHCP lease lost");
+ log_link_info(link, "DHCP lease lost");
link->dhcp4_configured = false;
assert(link->manager);
assert(fdb_entry);
- if (fdb_entry->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) {
- log_link_warning(link, "An IPv6 fdb entry is requested, but IPv6 is disabled by sysctl, ignoring.");
- return 0;
- }
-
/* create new RTM message */
r = sd_rtnl_message_new_neigh(link->manager->rtnl, &req, RTM_NEWNEIGH, link->ifindex, PF_BRIDGE);
if (r < 0)
return &link->manager->duid;
}
-int link_sysctl_ipv6_enabled(Link *link) {
- _cleanup_free_ char *value = NULL;
- int r;
-
- assert(link);
- assert(link->ifname);
-
- if (link->sysctl_ipv6_enabled >= 0)
- return link->sysctl_ipv6_enabled;
-
- const char *ifname = link->ifname; /* work around bogus gcc warning */
- r = sysctl_read_ip_property(AF_INET6, ifname, "disable_ipv6", &value);
- if (r < 0)
- return log_link_warning_errno(link, r,
- "Failed to read net.ipv6.conf.%s.disable_ipv6 sysctl property: %m",
- ifname);
-
- link->sysctl_ipv6_enabled = value[0] == '0';
- return link->sysctl_ipv6_enabled;
-}
-
static bool link_dhcp6_enabled(Link *link) {
assert(link);
if (link->iftype == ARPHRD_CAN)
return false;
- if (link_sysctl_ipv6_enabled(link) == 0)
- return false;
-
return link->network->dhcp & ADDRESS_FAMILY_IPV6;
}
if (link->network->bond)
return false;
- if (link_sysctl_ipv6_enabled(link) == 0)
- return false;
-
return link->network->link_local & ADDRESS_FAMILY_IPV6;
}
if (link->network->bond)
return false;
- if (link_sysctl_ipv6_enabled(link) == 0)
- return false;
-
if (link->iftype == ARPHRD_CAN)
return false;
/* DHCPv6 client will not be started if no IPv6 link-local address is configured. */
- return link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
+ if (link_ipv6ll_enabled(link))
+ return true;
+
+ if (network_has_static_ipv6_configurations(link->network))
+ return true;
+
+ return false;
}
static bool link_radv_enabled(Link *link) {
if (link->network->ip_forward == _ADDRESS_FAMILY_INVALID)
return false;
- if (link_sysctl_ipv6_enabled(link) == 0)
- return false;
-
return link->network->ip_forward & ADDRESS_FAMILY_IPV6;
}
return link->network->ipv6_privacy_extensions;
}
-static int link_enable_ipv6(Link *link) {
- bool disabled;
+static int link_update_ipv6_sysctl(Link *link) {
+ bool enabled;
int r;
if (link->flags & IFF_LOOPBACK)
return 0;
- disabled = !link_ipv6_enabled(link);
+ enabled = link_ipv6_enabled(link);
+ if (enabled) {
+ r = sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Cannot enable IPv6: %m");
- r = sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", disabled);
- if (r < 0)
- log_link_warning_errno(link, r, "Cannot %s IPv6: %m", enable_disable(!disabled));
- else
- log_link_info(link, "IPv6 successfully %sd", enable_disable(!disabled));
+ log_link_info(link, "IPv6 successfully enabled");
+ }
return 0;
}
.state = LINK_STATE_PENDING,
.ifindex = ifindex,
.iftype = iftype,
- .sysctl_ipv6_enabled = -1,
.n_dns = (unsigned) -1,
.dns_default_route = -1,
if (r < 0)
return log_link_error_errno(link, r, "Could not allocate RTM_SETLINK message: %m");
- /* If IPv6 not configured (no static IPv6 address and IPv6LL autoconfiguration is disabled)
- * for this interface, then disable IPv6 else enable it. */
- (void) link_enable_ipv6(link);
-
/* IPv6 protocol requires a minimum MTU of IPV6_MTU_MIN(1280) bytes
* on the interface. Bump up MTU bytes to IPV6_MTU_MIN. */
if (link_ipv6_enabled(link) && mtu < IPV6_MIN_MTU) {
return r;
}
+ /* If IPv6 configured that is static IPv6 address and IPv6LL autoconfiguration is enabled
+ * for this interface, then enable IPv6 */
+ (void) link_update_ipv6_sysctl(link);
+
r = link_set_proxy_arp(link);
if (r < 0)
return r;
struct rtnl_link_stats64 stats_old, stats_new;
bool stats_updated;
- int sysctl_ipv6_enabled;
/* All kinds of DNS configuration */
struct in_addr_data *dns;
uint32_t link_get_ipv6_accept_ra_route_table(Link *link);
int link_request_set_routes(Link *link);
-int link_sysctl_ipv6_enabled(Link *link);
-
#define ADDRESS_FMT_VAL(address) \
be32toh((address).s_addr) >> 24, \
(be32toh((address).s_addr) >> 16) & 0xFFu, \
if (network->link_local < 0)
network->link_local = network->bridge ? ADDRESS_FAMILY_NO : ADDRESS_FAMILY_IPV6;
+ if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) {
+ if (network->ipv6_accept_ra > 0) {
+ log_warning("%s: IPv6AcceptRA= is enabled by the .network file but IPv6 link local addressing is disabled. "
+ "Disabling IPv6AcceptRA=.", network->filename);
+ network->ipv6_accept_ra = false;
+ }
+
+ if (FLAGS_SET(network->dhcp, ADDRESS_FAMILY_IPV6)) {
+ log_warning("%s: DHCPv6 client is enabled by the .network file but IPv6 link local addressing is disabled. "
+ "Disabling DHCPv6 client.", network->filename);
+ SET_FLAG(network->dhcp, ADDRESS_FAMILY_IPV6, false);
+ }
+
+ if (network->router_prefix_delegation != RADV_PREFIX_DELEGATION_NONE) {
+ log_warning("%s: IPv6PrefixDelegation= is enabled but IPv6 link local addressing is disabled. "
+ "Disabling IPv6PrefixDelegation=.", network->filename);
+ network->router_prefix_delegation = RADV_PREFIX_DELEGATION_NONE;
+ }
+ }
+
if (FLAGS_SET(network->link_local, ADDRESS_FAMILY_FALLBACK_IPV4) &&
!FLAGS_SET(network->dhcp, ADDRESS_FAMILY_IPV4)) {
log_warning("%s: fallback assignment of IPv4 link local address is enabled but DHCPv4 is disabled. "
STRV_FOREACH(f, files) {
r = network_load_one(manager, *f);
if (r < 0)
- return r;
+ log_error_errno(r, "Failed to load %s, ignoring: %m", *f);
}
return 0;
return 0;
}
-bool network_has_static_ipv6_addresses(Network *network) {
+bool network_has_static_ipv6_configurations(Network *network) {
Address *address;
+ Route *route;
+ FdbEntry *fdb;
+ Neighbor *neighbor;
assert(network);
- LIST_FOREACH(addresses, address, network->static_addresses) {
+ LIST_FOREACH(addresses, address, network->static_addresses)
if (address->family == AF_INET6)
return true;
- }
+
+ LIST_FOREACH(routes, route, network->static_routes)
+ if (route->family == AF_INET6)
+ return true;
+
+ LIST_FOREACH(static_fdb_entries, fdb, network->static_fdb_entries)
+ if (fdb->family == AF_INET6)
+ return true;
+
+ LIST_FOREACH(neighbors, neighbor, network->neighbors)
+ if (neighbor->family == AF_INET6)
+ return true;
+
+ if (!LIST_IS_EMPTY(network->address_labels))
+ return true;
+
+ if (!LIST_IS_EMPTY(network->static_prefixes))
+ return true;
return false;
}
int network_apply(Network *network, Link *link);
void network_apply_anonymize_if_set(Network *network);
-bool network_has_static_ipv6_addresses(Network *network);
+bool network_has_static_ipv6_configurations(Network *network);
CONFIG_PARSER_PROTOTYPE(config_parse_stacked_netdev);
CONFIG_PARSER_PROTOTYPE(config_parse_tunnel);
assert(IN_SET(route->family, AF_INET, AF_INET6));
assert(callback);
- if (route->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) {
- log_link_warning(link, "An IPv6 route is requested, but IPv6 is disabled by sysctl, ignoring.");
- return 0;
- }
-
if (route_get(link, route->family, &route->dst, route->dst_prefixlen, &route->gw, route->tos, route->priority, route->table, NULL) <= 0 &&
set_size(link->routes) >= routes_max())
return log_link_error_errno(link, SYNTHETIC_ERRNO(E2BIG),
assert(link->manager);
assert(link->manager->rtnl);
- if (rule->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) {
- log_link_warning(link, "An IPv6 routing policy rule is requested, but IPv6 is disabled by sysctl, ignoring.");
- return 0;
- }
-
r = sd_rtnl_message_new_routing_policy_rule(link->manager->rtnl, &m, RTM_NEWRULE, rule->family);
if (r < 0)
return log_error_errno(r, "Could not allocate RTM_NEWRULE message: %m");
<action id="org.freedesktop.network1.revert-ntp">
<description gettext-domain="systemd">Revert NTP settings</description>
- <message gettext-domain="systemd">Authentication is required to revert NTP settings.</message>
+ <message gettext-domain="systemd">Authentication is required to reset NTP settings.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<action id="org.freedesktop.network1.revert-dns">
<description gettext-domain="systemd">Revert DNS settings</description>
- <message gettext-domain="systemd">Authentication is required to revert DNS settings.</message>
+ <message gettext-domain="systemd">Authentication is required to reset DNS settings.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
static int move_file(PStoreEntry *pe, const char *subdir) {
_cleanup_free_ char *ifd_path = NULL, *ofd_path = NULL;
+ _cleanup_free_ void *field = NULL;
const char *suffix, *message;
struct iovec iovec[2];
int n_iovec = 0, r;
iovec[n_iovec++] = IOVEC_MAKE_STRING(message);
if (pe->content_size > 0) {
- _cleanup_free_ void *field = NULL;
size_t field_size;
field_size = strlen("FILE=") + pe->content_size;
/* Move file from pstore to external storage */
r = mkdir_parents(ofd_path, 0755);
if (r < 0)
- return log_error_errno(r, "Failed to create directoy %s: %m", ofd_path);
+ return log_error_errno(r, "Failed to create directory %s: %m", ofd_path);
r = copy_file_atomic(ifd_path, ofd_path, 0600, 0, 0, COPY_REPLACE);
if (r < 0)
return log_error_errno(r, "Failed to copy_file_atomic: %s to %s", ifd_path, ofd_path);
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>
+ <action id="org.freedesktop.resolve1.set-dns-servers">
+ <description gettext-domain="systemd">Set DNS servers</description>
+ <message gettext-domain="systemd">Authentication is required to set DNS servers.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+ </action>
+
+ <action id="org.freedesktop.resolve1.set-domains">
+ <description gettext-domain="systemd">Set domains</description>
+ <message gettext-domain="systemd">Authentication is required to set domains.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+ </action>
+
+ <action id="org.freedesktop.resolve1.set-default-route">
+ <description gettext-domain="systemd">Set default route</description>
+ <message gettext-domain="systemd">Authentication is required to set default route.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+ </action>
+
+ <action id="org.freedesktop.resolve1.set-llmnr">
+ <description gettext-domain="systemd">Enable/disable LLMNR</description>
+ <message gettext-domain="systemd">Authentication is required to enable or disable LLMNR.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+ </action>
+
+ <action id="org.freedesktop.resolve1.set-mdns">
+ <description gettext-domain="systemd">Enable/disable multicast DNS</description>
+ <message gettext-domain="systemd">Authentication is required to enable or disable multicast DNS.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+ </action>
+
+ <action id="org.freedesktop.resolve1.set-dns-over-tls">
+ <description gettext-domain="systemd">Enable/disable DNS over TLS</description>
+ <message gettext-domain="systemd">Authentication is required to enable or disable DNS over TLS.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+ </action>
+
+ <action id="org.freedesktop.resolve1.set-dnssec">
+ <description gettext-domain="systemd">Enable/disable DNSSEC</description>
+ <message gettext-domain="systemd">Authentication is required to enable or disable DNSSEC.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+ </action>
+
+ <action id="org.freedesktop.resolve1.set-dnssec-negative-trust-anchors">
+ <description gettext-domain="systemd">Set DNSSEC Negative Trust Anchors</description>
+ <message gettext-domain="systemd">Authentication is required to set DNSSEC Negative Trust Anchros.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+ </action>
+
+ <action id="org.freedesktop.resolve1.revert">
+ <description gettext-domain="systemd">Revert name resolution settings</description>
+ <message gettext-domain="systemd">Authentication is required to reset name resolution settings.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+ </action>
+
</policyconfig>
if (m->mdns_support != RESOLVE_SUPPORT_YES)
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Support for MulticastDNS is disabled");
- r = bus_verify_polkit_async(message, CAP_SYS_ADMIN,
- "org.freedesktop.resolve1.register-service",
- NULL, false, UID_INVALID,
- &m->polkit_registry, error);
- if (r < 0)
- return r;
- if (r == 0)
- return 1; /* Polkit will call us back */
-
service = new0(DnssdService, 1);
if (!service)
return log_oom();
if (r < 0)
return r;
+ r = bus_verify_polkit_async(message, CAP_SYS_ADMIN,
+ "org.freedesktop.resolve1.register-service",
+ NULL, false, UID_INVALID,
+ &m->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
r = hashmap_ensure_allocated(&m->dnssd_services, &string_hash_ops);
if (r < 0)
return r;
SD_BUS_METHOD("ResolveAddress", "iiayt", "a(is)t", bus_method_resolve_address, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("ResolveRecord", "isqqt", "a(iqqay)t", bus_method_resolve_record, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("ResolveService", "isssit", "a(qqqsa(iiay)s)aayssst", bus_method_resolve_service, SD_BUS_VTABLE_UNPRIVILEGED),
- SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, 0),
- SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, 0),
- SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, 0),
+ SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("GetLink", "i", "o", bus_method_get_link, SD_BUS_VTABLE_UNPRIVILEGED),
- SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, 0),
- SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
- SD_BUS_METHOD("SetLinkDefaultRoute", "ib", NULL, bus_method_set_link_default_route, 0),
- SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
- SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
- SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, 0),
- SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
- SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
- SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
+ SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetLinkDefaultRoute", "ib", NULL, bus_method_set_link_default_route, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("RegisterService", "sssqqqaa{say}", "o", bus_method_register_service, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("UnregisterService", "o", NULL, bus_method_unregister_service, SD_BUS_VTABLE_UNPRIVILEGED),
if (ERRNO_IS_DISCONNECT(-r)) {
usec_t usec;
- /* UDP connection failure get reported via ICMP and then are possible delivered to us on the next
- * recvmsg(). Treat this like a lost packet. */
+ /* UDP connection failures get reported via ICMP and then are possibly delivered to us on the
+ * next recvmsg(). Treat this like a lost packet. */
log_debug_errno(r, "Connection failure for DNS UDP packet: %m");
assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
t->answer_errno = -r;
return 0;
}
+ if (r == 0)
+ /* Spurious wakeup without any data */
+ return 0;
r = dns_packet_validate_reply(p);
if (r < 0) {
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <net/if.h>
+#include <netinet/in.h>
+#include <sys/capability.h>
#include "alloc-util.h"
#include "bus-common-errors.h"
#include "resolved-link-bus.h"
#include "resolved-resolv-conf.h"
#include "strv.h"
+#include "user-util.h"
static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported);
static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string);
if (r < 0)
return r;
+ r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+ "org.freedesktop.resolve1.set-dns-servers",
+ NULL, true, UID_INVALID,
+ &l->manager->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
dns_server_mark_all(l->dns_servers);
for (i = 0; i < n; i++) {
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Root domain is not suitable as search domain");
}
- dns_search_domain_mark_all(l->search_domains);
-
r = sd_bus_message_rewind(message, false);
if (r < 0)
return r;
+ r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+ "org.freedesktop.resolve1.set-domains",
+ NULL, true, UID_INVALID,
+ &l->manager->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
+ dns_search_domain_mark_all(l->search_domains);
+
for (;;) {
DnsSearchDomain *d;
const char *name;
if (r < 0)
return r;
+ r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+ "org.freedesktop.resolve1.set-default-route",
+ NULL, true, UID_INVALID,
+ &l->manager->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
if (l->default_route != b) {
l->default_route = b;
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid LLMNR setting: %s", llmnr);
}
+ r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+ "org.freedesktop.resolve1.set-llmnr",
+ NULL, true, UID_INVALID,
+ &l->manager->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
l->llmnr_support = mode;
link_allocate_scopes(l);
link_add_rrs(l, false);
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid MulticastDNS setting: %s", mdns);
}
+ r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+ "org.freedesktop.resolve1.set-mdns",
+ NULL, true, UID_INVALID,
+ &l->manager->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
l->mdns_support = mode;
link_allocate_scopes(l);
link_add_rrs(l, false);
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSOverTLS setting: %s", dns_over_tls);
}
+ r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+ "org.freedesktop.resolve1.set-dns-over-tls",
+ NULL, true, UID_INVALID,
+ &l->manager->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
link_set_dns_over_tls_mode(l, mode);
(void) link_save_user(l);
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSSEC setting: %s", dnssec);
}
+ r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+ "org.freedesktop.resolve1.set-dnssec",
+ NULL, true, UID_INVALID,
+ &l->manager->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
link_set_dnssec_mode(l, mode);
(void) link_save_user(l);
if (r < 0)
return r;
+ ns = set_new(&dns_name_hash_ops);
+ if (!ns)
+ return -ENOMEM;
+
r = sd_bus_message_read_strv(message, &ntas);
if (r < 0)
return r;
if (r < 0)
return r;
if (r == 0)
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid negative trust anchor domain: %s", *i);
- }
-
- ns = set_new(&dns_name_hash_ops);
- if (!ns)
- return -ENOMEM;
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+ "Invalid negative trust anchor domain: %s", *i);
- STRV_FOREACH(i, ntas) {
r = set_put_strdup(ns, *i);
if (r < 0)
return r;
}
+ r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+ "org.freedesktop.resolve1.set-dnssec-negative-trust-anchors",
+ NULL, true, UID_INVALID,
+ &l->manager->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
set_free_free(l->dnssec_negative_trust_anchors);
l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
if (r < 0)
return r;
+ r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+ "org.freedesktop.resolve1.revert",
+ NULL, true, UID_INVALID,
+ &l->manager->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* Polkit will call us back */
+
link_flush_settings(l);
link_allocate_scopes(l);
link_add_rrs(l, false);
SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0),
SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported, 0, 0),
- SD_BUS_METHOD("SetDNS", "a(iay)", NULL, bus_link_method_set_dns_servers, 0),
- SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, 0),
- SD_BUS_METHOD("SetDefaultRoute", "b", NULL, bus_link_method_set_default_route, 0),
- SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, 0),
- SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, 0),
- SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, 0),
- SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, 0),
- SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, 0),
- SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, 0),
+ SD_BUS_METHOD("SetDNS", "a(iay)", NULL, bus_link_method_set_dns_servers, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetDefaultRoute", "b", NULL, bus_link_method_set_default_route, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_VTABLE_END
};
assert(ret);
- /* Match like sd_bus_open_system(), but with the "watch_bind" feature and the Connected() signal turned on. */
+ /* Match like sd_bus_open_system(), but with the "watch_bind" feature and the Connected() signal
+ * turned on. */
r = sd_bus_new(&bus);
if (r < 0)
if (r < 0)
return r;
- r = sd_bus_set_trusted(bus, true);
- if (r < 0)
- return r;
-
r = sd_bus_negotiate_creds(bus, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS);
if (r < 0)
return r;
assert(m);
- /* Reply to the specified message with a message containing a dictionary put together from the specified
- * strv */
+ /* Reply to the specified message with a message containing a dictionary put together from the
+ * specified strv */
r = sd_bus_message_new_method_return(m, &reply);
if (r < 0)
return -ENOMEM;
*p = (LookupPaths) {
- .search_path = strv_uniq(paths),
+ .search_path = strv_uniq(TAKE_PTR(paths)),
.persistent_config = TAKE_PTR(persistent_config),
.runtime_config = TAKE_PTR(runtime_config),
.temporary_dir = TAKE_PTR(tempdir),
};
- paths = NULL;
return 0;
}
p->temporary_dir = mfree(p->temporary_dir);
}
-int lookup_paths_reduce(LookupPaths *p) {
- _cleanup_free_ struct stat *stats = NULL;
- size_t n_stats = 0, allocated = 0;
- size_t c = 0;
- int r;
-
+void lookup_paths_log(LookupPaths *p) {
assert(p);
- /* Drop duplicates and non-existing directories from the search path. We figure out whether two directories are
- * the same by comparing their device and inode numbers. */
-
- if (!p->search_path)
- return 0;
-
- while (p->search_path[c]) {
- struct stat st;
- size_t k;
-
- /* Never strip the transient and control directories from the path */
- if (path_equal_ptr(p->search_path[c], p->transient) ||
- path_equal_ptr(p->search_path[c], p->persistent_control) ||
- path_equal_ptr(p->search_path[c], p->runtime_control)) {
- c++;
- continue;
- }
-
- r = chase_symlinks_and_stat(p->search_path[c], p->root_dir, 0, NULL, &st);
- if (r == -ENOENT)
- goto remove_item;
- if (r < 0) {
- /* If something we don't grok happened, let's better leave it in. */
- log_debug_errno(r, "Failed to chase and stat %s: %m", p->search_path[c]);
- c++;
- continue;
- }
-
- for (k = 0; k < n_stats; k++)
- if (stats[k].st_dev == st.st_dev &&
- stats[k].st_ino == st.st_ino)
- break;
-
- if (k < n_stats) /* Is there already an entry with the same device/inode? */
- goto remove_item;
-
- if (!GREEDY_REALLOC(stats, allocated, n_stats+1))
- return -ENOMEM;
-
- stats[n_stats++] = st;
- c++;
- continue;
-
- remove_item:
- free(p->search_path[c]);
- memmove(p->search_path + c,
- p->search_path + c + 1,
- (strv_length(p->search_path + c + 1) + 1) * sizeof(char*));
- }
-
if (strv_isempty(p->search_path)) {
log_debug("Ignoring unit files.");
p->search_path = strv_free(p->search_path);
_cleanup_free_ char *t;
t = strv_join(p->search_path, "\n\t");
- if (!t)
- return -ENOMEM;
-
- log_debug("Looking for unit files in (higher priority first):\n\t%s", t);
+ log_debug("Looking for unit files in (higher priority first):\n\t%s", strna(t));
}
-
- return 0;
}
int lookup_paths_mkdir_generator(LookupPaths *p) {
bool path_is_user_data_dir(const char *path);
bool path_is_user_config_dir(const char *path);
-int lookup_paths_reduce(LookupPaths *p);
+void lookup_paths_log(LookupPaths *p);
int lookup_paths_mkdir_generator(LookupPaths *p);
void lookup_paths_trim_generator(LookupPaths *p);
if (!lookup_paths_mtime_exclude(lp, *dir))
mtime = MAX(mtime, timespec_load(&st.st_mtim));
- FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) {
+ FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) {
char *filename;
_cleanup_free_ char *_filename_free = NULL, *simplified = NULL;
const char *suffix, *dst = NULL;
+ bool valid_unit_name;
+
+ valid_unit_name = unit_name_is_valid(de->d_name, UNIT_NAME_ANY);
+
+ /* We only care about valid units and dirs with certain suffixes, let's ignore the
+ * rest. */
+ if (!valid_unit_name &&
+ !ENDSWITH_SET(de->d_name, ".wants", ".requires", ".d"))
+ continue;
filename = path_join(*dir, de->d_name);
if (!filename)
} else
_filename_free = filename; /* Make sure we free the filename. */
- if (!unit_name_is_valid(de->d_name, UNIT_NAME_ANY))
+ if (!valid_unit_name)
continue;
assert_se(suffix = strrchr(de->d_name, '.'));
* IP addresses */
int sd_network_link_get_dns(int ifindex, char ***ret);
+/* Get DHCP4 address for a given link. This is string representations of
+ * IPv4 address */
+int sd_network_link_get_dhcp4_address(int ifindex, char **ret);
+
/* Get NTP entries for a given link. These are domain names or string
* representations of IP addresses */
int sd_network_link_get_ntp(int ifindex, char ***ret);
[['src/test/test-local-addresses.c'],
[],
[]],
+
+ [['src/test/test-fido-id-desc.c',
+ 'src/udev/fido_id/fido_id_desc.c'],
+ [],
+ []],
]
############################################################
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "fido_id/fido_id_desc.h"
+#include "macro.h"
+
+static void test_is_fido_security_token_desc__fido(void) {
+ static const uint8_t FIDO_HID_DESC_1[] = {
+ 0x06, 0xd0, 0xf1, 0x09, 0x01, 0xa1, 0x01, 0x09, 0x20, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75,
+ 0x08, 0x95, 0x40, 0x81, 0x02, 0x09, 0x21, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75, 0x08, 0x95,
+ 0x40, 0x91, 0x02, 0xc0,
+ };
+ assert_se(is_fido_security_token_desc(FIDO_HID_DESC_1, sizeof(FIDO_HID_DESC_1)) > 0);
+
+ static const uint8_t FIDO_HID_DESC_2[] = {
+ 0x05, 0x01, 0x09, 0x06, 0xa1, 0x01, 0x05, 0x07, 0x19, 0xe0, 0x29, 0xe7, 0x15, 0x00, 0x25,
+ 0x01, 0x75, 0x01, 0x95, 0x08, 0x81, 0x02, 0x95, 0x01, 0x75, 0x08, 0x81, 0x01, 0x95, 0x05,
+ 0x75, 0x01, 0x05, 0x08, 0x19, 0x01, 0x29, 0x05, 0x91, 0x02, 0x95, 0x01, 0x75, 0x03, 0x91,
+ 0x01, 0x95, 0x06, 0x75, 0x08, 0x15, 0x00, 0x25, 0x65, 0x05, 0x07, 0x19, 0x00, 0x29, 0x65,
+ 0x81, 0x00, 0x09, 0x03, 0x75, 0x08, 0x95, 0x08, 0xb1, 0x02, 0xc0,
+ 0x06, 0xd0, 0xf1, 0x09, 0x01, 0xa1, 0x01, 0x09, 0x20, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75,
+ 0x08, 0x95, 0x40, 0x81, 0x02, 0x09, 0x21, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75, 0x08, 0x95,
+ 0x40, 0x91, 0x02, 0xc0,
+ };
+ assert_se(is_fido_security_token_desc(FIDO_HID_DESC_2, sizeof(FIDO_HID_DESC_2)) > 0);
+}
+
+static void test_is_fido_security_token_desc__non_fido(void) {
+ /* Wrong usage page */
+ static const uint8_t NON_FIDO_HID_DESC_1[] = {
+ 0x06, 0xd0, 0xf0, 0x09, 0x01, 0xa1, 0x01, 0x09, 0x20, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75,
+ 0x08, 0x95, 0x40, 0x81, 0x02, 0x09, 0x21, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75, 0x08, 0x95,
+ 0x40, 0x91, 0x02, 0xc0,
+ };
+ assert_se(is_fido_security_token_desc(NON_FIDO_HID_DESC_1, sizeof(NON_FIDO_HID_DESC_1)) == 0);
+
+ /* Wrong usage */
+ static const uint8_t NON_FIDO_HID_DESC_2[] = {
+ 0x06, 0xd0, 0xf1, 0x09, 0x02, 0xa1, 0x01, 0x09, 0x20, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75,
+ 0x08, 0x95, 0x40, 0x81, 0x02, 0x09, 0x21, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75, 0x08, 0x95,
+ 0x40, 0x91, 0x02, 0xc0,
+ };
+ assert_se(is_fido_security_token_desc(NON_FIDO_HID_DESC_2, sizeof(NON_FIDO_HID_DESC_2)) == 0);
+
+ static const uint8_t NON_FIDO_HID_DESC_3[] = {
+ 0x05, 0x01, 0x09, 0x06, 0xa1, 0x01, 0x05, 0x07, 0x19, 0xe0, 0x29, 0xe7, 0x15, 0x00, 0x25,
+ 0x01, 0x75, 0x01, 0x95, 0x08, 0x81, 0x02, 0x95, 0x01, 0x75, 0x08, 0x81, 0x01, 0x95, 0x05,
+ 0x75, 0x01, 0x05, 0x08, 0x19, 0x01, 0x29, 0x05, 0x91, 0x02, 0x95, 0x01, 0x75, 0x03, 0x91,
+ 0x01, 0x95, 0x06, 0x75, 0x08, 0x15, 0x00, 0x25, 0x65, 0x05, 0x07, 0x19, 0x00, 0x29, 0x65,
+ 0x81, 0x00, 0x09, 0x03, 0x75, 0x08, 0x95, 0x08, 0xb1, 0x02, 0xc0,
+ };
+ assert_se(is_fido_security_token_desc(NON_FIDO_HID_DESC_3, sizeof(NON_FIDO_HID_DESC_3)) == 0);
+}
+
+static void test_is_fido_security_token_desc__invalid(void) {
+ /* Size coded on 1 byte, but no byte given */
+ static const uint8_t INVALID_HID_DESC_1[] = { 0x01 };
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_1, sizeof(INVALID_HID_DESC_1)) < 0);
+
+ /* Size coded on 2 bytes, but only 1 byte given */
+ static const uint8_t INVALID_HID_DESC_2[] = { 0x02, 0x01 };
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_2, sizeof(INVALID_HID_DESC_2)) < 0);
+
+ /* Size coded on 4 bytes, but only 3 bytes given */
+ static const uint8_t INVALID_HID_DESC_3[] = { 0x03, 0x01, 0x02, 0x03 };
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_3, sizeof(INVALID_HID_DESC_3)) < 0);
+
+ /* Long item without a size byte */
+ static const uint8_t INVALID_HID_DESC_4[] = { 0xfe };
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_4, sizeof(INVALID_HID_DESC_4)) < 0);
+
+ /* Usage pages are coded on at most 2 bytes */
+ static const uint8_t INVALID_HID_DESC_5[] = { 0x07, 0x01, 0x02, 0x03, 0x04 };
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_5, sizeof(INVALID_HID_DESC_5)) < 0);
+}
+
+int main(int argc, char *argv[]) {
+ test_is_fido_security_token_desc__fido();
+ test_is_fido_security_token_desc__non_fido();
+ test_is_fido_security_token_desc__invalid();
+
+ return EXIT_SUCCESS;
+}
assert_se(unsetenv("SYSTEMD_UNIT_PATH") == 0);
assert_se(lookup_paths_init(&lp_without_env, scope, 0, NULL) >= 0);
assert_se(!strv_isempty(lp_without_env.search_path));
- assert_se(lookup_paths_reduce(&lp_without_env) >= 0);
+ lookup_paths_log(&lp_without_env);
systemd_unit_path = strjoina(template, "/systemd-unit-path");
assert_se(setenv("SYSTEMD_UNIT_PATH", systemd_unit_path, 1) == 0);
assert_se(lookup_paths_init(&lp_with_env, scope, 0, NULL) == 0);
assert_se(strv_length(lp_with_env.search_path) == 1);
assert_se(streq(lp_with_env.search_path[0], systemd_unit_path));
- assert_se(lookup_paths_reduce(&lp_with_env) >= 0);
- assert_se(strv_isempty(lp_with_env.search_path));
+ lookup_paths_log(&lp_with_env);
+ assert_se(strv_equal(lp_with_env.search_path, STRV_MAKE(systemd_unit_path)));
assert_se(rm_rf(template, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
}
assert_se(!unit_name_is_valid("foo@.service", UNIT_NAME_INSTANCE));
assert_se( unit_name_is_valid("foo@.service", UNIT_NAME_TEMPLATE));
assert_se( unit_name_is_valid("foo@.service", UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE));
+ assert_se( unit_name_is_valid(".test.service", UNIT_NAME_PLAIN));
+ assert_se( unit_name_is_valid(".test@.service", UNIT_NAME_TEMPLATE));
+ assert_se( unit_name_is_valid("_strange::::.service", UNIT_NAME_ANY));
assert_se(!unit_name_is_valid(".service", UNIT_NAME_ANY));
assert_se(!unit_name_is_valid("", UNIT_NAME_ANY));
assert_se(PTR_TO_UID(UID_TO_PTR(1000)) == 1000);
}
+static void test_valid_user_group_name_compat(void) {
+ log_info("/* %s */", __func__);
+
+ assert_se(!valid_user_group_name_compat(NULL));
+ assert_se(!valid_user_group_name_compat(""));
+ assert_se(!valid_user_group_name_compat("1"));
+ assert_se(!valid_user_group_name_compat("65535"));
+ assert_se(!valid_user_group_name_compat("-1"));
+ assert_se(!valid_user_group_name_compat("-kkk"));
+ assert_se(!valid_user_group_name_compat("rööt"));
+ assert_se(!valid_user_group_name_compat("."));
+ assert_se(!valid_user_group_name_compat(".eff"));
+ assert_se(!valid_user_group_name_compat("foo\nbar"));
+ assert_se(!valid_user_group_name_compat("0123456789012345678901234567890123456789"));
+ assert_se(!valid_user_group_name_or_id_compat("aaa:bbb"));
+ assert_se(!valid_user_group_name_compat("."));
+ assert_se(!valid_user_group_name_compat(".1"));
+ assert_se(!valid_user_group_name_compat(".65535"));
+ assert_se(!valid_user_group_name_compat(".-1"));
+ assert_se(!valid_user_group_name_compat(".-kkk"));
+ assert_se(!valid_user_group_name_compat(".rööt"));
+ assert_se(!valid_user_group_name_or_id_compat(".aaa:bbb"));
+
+ assert_se(valid_user_group_name_compat("root"));
+ assert_se(valid_user_group_name_compat("lennart"));
+ assert_se(valid_user_group_name_compat("LENNART"));
+ assert_se(valid_user_group_name_compat("_kkk"));
+ assert_se(valid_user_group_name_compat("kkk-"));
+ assert_se(valid_user_group_name_compat("kk-k"));
+ assert_se(valid_user_group_name_compat("eff.eff"));
+ assert_se(valid_user_group_name_compat("eff."));
+
+ assert_se(valid_user_group_name_compat("some5"));
+ assert_se(!valid_user_group_name_compat("5some"));
+ assert_se(valid_user_group_name_compat("INNER5NUMBER"));
+}
+
static void test_valid_user_group_name(void) {
log_info("/* %s */", __func__);
assert_se(!valid_user_group_name("-kkk"));
assert_se(!valid_user_group_name("rööt"));
assert_se(!valid_user_group_name("."));
- assert_se(!valid_user_group_name("eff.eff"));
+ assert_se(!valid_user_group_name(".eff"));
assert_se(!valid_user_group_name("foo\nbar"));
assert_se(!valid_user_group_name("0123456789012345678901234567890123456789"));
assert_se(!valid_user_group_name_or_id("aaa:bbb"));
+ assert_se(!valid_user_group_name("."));
+ assert_se(!valid_user_group_name(".1"));
+ assert_se(!valid_user_group_name(".65535"));
+ assert_se(!valid_user_group_name(".-1"));
+ assert_se(!valid_user_group_name(".-kkk"));
+ assert_se(!valid_user_group_name(".rööt"));
+ assert_se(!valid_user_group_name_or_id(".aaa:bbb"));
assert_se(valid_user_group_name("root"));
assert_se(valid_user_group_name("lennart"));
assert_se(valid_user_group_name("_kkk"));
assert_se(valid_user_group_name("kkk-"));
assert_se(valid_user_group_name("kk-k"));
+ assert_se(!valid_user_group_name("eff.eff"));
+ assert_se(!valid_user_group_name("eff."));
assert_se(valid_user_group_name("some5"));
assert_se(!valid_user_group_name("5some"));
assert_se(valid_user_group_name("INNER5NUMBER"));
}
+static void test_valid_user_group_name_or_id_compat(void) {
+ log_info("/* %s */", __func__);
+
+ assert_se(!valid_user_group_name_or_id_compat(NULL));
+ assert_se(!valid_user_group_name_or_id_compat(""));
+ assert_se(valid_user_group_name_or_id_compat("0"));
+ assert_se(valid_user_group_name_or_id_compat("1"));
+ assert_se(valid_user_group_name_or_id_compat("65534"));
+ assert_se(!valid_user_group_name_or_id_compat("65535"));
+ assert_se(valid_user_group_name_or_id_compat("65536"));
+ assert_se(!valid_user_group_name_or_id_compat("-1"));
+ assert_se(!valid_user_group_name_or_id_compat("-kkk"));
+ assert_se(!valid_user_group_name_or_id_compat("rööt"));
+ assert_se(!valid_user_group_name_or_id_compat("."));
+ assert_se(!valid_user_group_name_or_id_compat(".eff"));
+ assert_se(valid_user_group_name_or_id_compat("eff.eff"));
+ assert_se(valid_user_group_name_or_id_compat("eff."));
+ assert_se(!valid_user_group_name_or_id_compat("foo\nbar"));
+ assert_se(!valid_user_group_name_or_id_compat("0123456789012345678901234567890123456789"));
+ assert_se(!valid_user_group_name_or_id_compat("aaa:bbb"));
+
+ assert_se(valid_user_group_name_or_id_compat("root"));
+ assert_se(valid_user_group_name_or_id_compat("lennart"));
+ assert_se(valid_user_group_name_or_id_compat("LENNART"));
+ assert_se(valid_user_group_name_or_id_compat("_kkk"));
+ assert_se(valid_user_group_name_or_id_compat("kkk-"));
+ assert_se(valid_user_group_name_or_id_compat("kk-k"));
+
+ assert_se(valid_user_group_name_or_id_compat("some5"));
+ assert_se(!valid_user_group_name_or_id_compat("5some"));
+ assert_se(valid_user_group_name_or_id_compat("INNER5NUMBER"));
+}
+
static void test_valid_user_group_name_or_id(void) {
log_info("/* %s */", __func__);
assert_se(!valid_user_group_name_or_id("-kkk"));
assert_se(!valid_user_group_name_or_id("rööt"));
assert_se(!valid_user_group_name_or_id("."));
+ assert_se(!valid_user_group_name_or_id(".eff"));
assert_se(!valid_user_group_name_or_id("eff.eff"));
+ assert_se(!valid_user_group_name_or_id("eff."));
assert_se(!valid_user_group_name_or_id("foo\nbar"));
assert_se(!valid_user_group_name_or_id("0123456789012345678901234567890123456789"));
assert_se(!valid_user_group_name_or_id("aaa:bbb"));
test_parse_uid();
test_uid_ptr();
+ test_valid_user_group_name_compat();
test_valid_user_group_name();
+ test_valid_user_group_name_or_id_compat();
test_valid_user_group_name_or_id();
test_valid_gecos();
test_valid_home();
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+/*
+ * Identifies FIDO CTAP1 ("U2F")/CTAP2 security tokens based on the usage declared in their report
+ * descriptor and outputs suitable environment variables.
+ *
+ * Inspired by Andrew Lutomirski's 'u2f-hidraw-policy.c'
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/hid.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "device-internal.h"
+#include "device-private.h"
+#include "device-util.h"
+#include "fd-util.h"
+#include "fido_id_desc.h"
+#include "log.h"
+#include "macro.h"
+#include "main-func.h"
+#include "path-util.h"
+#include "string-util.h"
+#include "udev-util.h"
+
+static int run(int argc, char **argv) {
+ _cleanup_(sd_device_unrefp) struct sd_device *device = NULL;
+ _cleanup_free_ char *desc_path = NULL;
+ _cleanup_close_ int fd = -1;
+
+ struct sd_device *hid_device;
+ const char *sys_path;
+ uint8_t desc[HID_MAX_DESCRIPTOR_SIZE];
+ ssize_t desc_len;
+
+ int r;
+
+ log_set_target(LOG_TARGET_AUTO);
+ udev_parse_config();
+ log_parse_environment();
+ log_open();
+
+ if (argc > 2)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Usage: hidraw_id [SYSFS_PATH]");
+
+ if (argc == 1) {
+ r = device_new_from_strv(&device, environ);
+ if (r < 0)
+ return log_error_errno(r, "Failed to get current device from environment: %m");
+ } else {
+ r = sd_device_new_from_syspath(&device, argv[1]);
+ if (r < 0)
+ return log_error_errno(r, "Failed to get device from syspath: %m");
+ }
+
+ r = sd_device_get_parent(device, &hid_device);
+ if (r < 0)
+ return log_device_error_errno(device, r, "Failed to get parent HID device: %m");
+
+ r = sd_device_get_syspath(hid_device, &sys_path);
+ if (r < 0)
+ return log_device_error_errno(hid_device, r, "Failed to get syspath for HID device: %m");
+
+ desc_path = path_join(sys_path, "report_descriptor");
+ if (!desc_path)
+ return log_oom();
+
+ fd = open(desc_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
+ if (fd < 0)
+ return log_device_error_errno(hid_device, errno,
+ "Failed to open report descriptor at '%s': %m", desc_path);
+
+ desc_len = read(fd, desc, sizeof(desc));
+ if (desc_len < 0)
+ return log_device_error_errno(hid_device, errno,
+ "Failed to read report descriptor at '%s': %m", desc_path);
+ if (desc_len == 0)
+ return log_device_debug_errno(hid_device, SYNTHETIC_ERRNO(EINVAL),
+ "Empty report descriptor at '%s'.", desc_path);
+
+ r = is_fido_security_token_desc(desc, desc_len);
+ if (r < 0)
+ return log_device_debug_errno(hid_device, r,
+ "Failed to parse report descriptor at '%s'.", desc_path);
+ if (r > 0) {
+ printf("ID_FIDO_TOKEN=1\n");
+ printf("ID_SECURITY_TOKEN=1\n");
+ }
+
+ return 0;
+}
+
+DEFINE_MAIN_FUNCTION(run);
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+/* Inspired by Andrew Lutomirski's 'u2f-hidraw-policy.c' */
+
+#include <errno.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "fido_id_desc.h"
+
+#define HID_RPTDESC_FIRST_BYTE_LONG_ITEM 0xfeu
+#define HID_RPTDESC_TYPE_GLOBAL 0x1u
+#define HID_RPTDESC_TYPE_LOCAL 0x2u
+#define HID_RPTDESC_TAG_USAGE_PAGE 0x0u
+#define HID_RPTDESC_TAG_USAGE 0x0u
+
+/*
+ * HID usage for FIDO CTAP1 ("U2F") and CTAP2 security tokens.
+ * https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-u2f_hid.h-v1.0-ps-20141009.txt
+ * https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#usb-discovery
+ * https://www.usb.org/sites/default/files/hutrr48.pdf
+ */
+#define FIDO_FULL_USAGE_CTAPHID 0xf1d00001u
+
+/*
+ * Parses a HID report descriptor and identifies FIDO CTAP1 ("U2F")/CTAP2 security tokens based on their
+ * declared usage.
+ * A positive return value indicates that the report descriptor belongs to a FIDO security token.
+ * https://www.usb.org/sites/default/files/documents/hid1_11.pdf (Section 6.2.2)
+ */
+int is_fido_security_token_desc(const uint8_t *desc, size_t desc_len) {
+ uint32_t usage = 0;
+
+ for (size_t pos = 0; pos < desc_len; ) {
+ uint8_t tag, type, size_code;
+ size_t size;
+ uint32_t value;
+
+ /* Report descriptors consists of short items (1-5 bytes) and long items (3-258 bytes). */
+ if (desc[pos] == HID_RPTDESC_FIRST_BYTE_LONG_ITEM) {
+ /* No long items are defined in the spec; skip them.
+ * The length of the data in a long item is contained in the byte after the long
+ * item tag. The header consists of three bytes: special long item tag, length,
+ * actual tag. */
+ if (pos + 1 >= desc_len)
+ return -EINVAL;
+ pos += desc[pos + 1] + 3;
+ continue;
+ }
+
+ /* The first byte of a short item encodes tag, type and size. */
+ tag = desc[pos] >> 4; /* Bits 7 to 4 */
+ type = (desc[pos] >> 2) & 0x3; /* Bits 3 and 2 */
+ size_code = desc[pos] & 0x3; /* Bits 1 and 0 */
+ /* Size is coded as follows:
+ * 0 -> 0 bytes, 1 -> 1 byte, 2 -> 2 bytes, 3 -> 4 bytes
+ */
+ size = size_code < 3 ? size_code : 4;
+ /* Consume header byte. */
+ pos++;
+
+ /* Extract the item value coded on size bytes. */
+ if (pos + size > desc_len)
+ return -EINVAL;
+ value = 0;
+ for (size_t i = 0; i < size; i++)
+ value |= (uint32_t) desc[pos + i] << (8 * i);
+ /* Consume value bytes. */
+ pos += size;
+
+ if (type == HID_RPTDESC_TYPE_GLOBAL && tag == HID_RPTDESC_TAG_USAGE_PAGE) {
+ /* A usage page is a 16 bit value coded on at most 16 bits. */
+ if (size > 2)
+ return -EINVAL;
+ /* A usage page sets the upper 16 bits of a following usage. */
+ usage = (value & 0x0000ffffu) << 16;
+ }
+
+ if (type == HID_RPTDESC_TYPE_LOCAL && tag == HID_RPTDESC_TAG_USAGE) {
+ /* A usage is a 32 bit value, but is prepended with the current usage page if
+ * coded on less than 4 bytes (that is, at most 2 bytes). */
+ if (size == 4)
+ usage = value;
+ else
+ usage = (usage & 0xffff0000u) | (value & 0x0000ffffu);
+ if (usage == FIDO_FULL_USAGE_CTAPHID)
+ return 1;
+ }
+ }
+
+ return 0;
+}
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#pragma once
+
+#include <stddef.h>
+#include <stdint.h>
+
+int is_fido_security_token_desc(const uint8_t *desc, size_t desc_len);
foreach prog : [['ata_id/ata_id.c'],
['cdrom_id/cdrom_id.c'],
+ ['fido_id/fido_id.c',
+ 'fido_id/fido_id_desc.c',
+ 'fido_id/fido_id_desc.h'],
['scsi_id/scsi_id.c',
'scsi_id/scsi_id.h',
'scsi_id/scsi_serial.c',
} UdevRuleOperatorType;
typedef enum {
- MATCH_TYPE_EMPTY, /* empty string */
- MATCH_TYPE_PLAIN, /* no special characters */
- MATCH_TYPE_GLOB, /* shell globs ?,*,[] */
- MATCH_TYPE_SUBSYSTEM, /* "subsystem", "bus", or "class" */
+ MATCH_TYPE_EMPTY, /* empty string */
+ MATCH_TYPE_PLAIN, /* no special characters */
+ MATCH_TYPE_PLAIN_WITH_EMPTY, /* no special characters with empty string, e.g., "|foo" */
+ MATCH_TYPE_GLOB, /* shell globs ?,*,[] */
+ MATCH_TYPE_GLOB_WITH_EMPTY, /* shell globs ?,*,[] with empty string, e.g., "|foo*" */
+ MATCH_TYPE_SUBSYSTEM, /* "subsystem", "bus", or "class" */
_MATCH_TYPE_MAX,
_MATCH_TYPE_INVALID = -1
} UdevRuleMatchType;
if (type < TK_M_TEST || type == TK_M_RESULT) {
/* Convert value string to nulstr. */
- len = strlen(value);
- if (len > 1 && (value[len - 1] == '|' || strstr(value, "||"))) {
- /* In this case, just replacing '|' -> '\0' does not work... */
- _cleanup_free_ char *tmp = NULL;
- char *i, *j;
- bool v = true;
-
- tmp = strdup(value);
- if (!tmp)
- return log_oom();
-
- for (i = tmp, j = value; *i != '\0'; i++)
- if (*i == '|')
- v = true;
- else {
- if (v) {
- *j++ = '\0';
- v = false;
- }
- *j++ = *i;
- }
- j[0] = j[1] = '\0';
- } else {
- /* Simple conversion. */
- char *i;
-
- for (i = value; *i != '\0'; i++)
- if (*i == '|')
- *i = '\0';
+ bool bar = true, empty = false;
+ char *a, *b;
+
+ for (a = b = value; *a != '\0'; a++) {
+ if (*a != '|') {
+ *b++ = *a;
+ bar = false;
+ } else {
+ if (bar)
+ empty = true;
+ else
+ *b++ = '\0';
+ bar = true;
+ }
+ }
+ *b = '\0';
+ if (bar)
+ empty = true;
+
+ if (empty) {
+ if (match_type == MATCH_TYPE_GLOB)
+ match_type = MATCH_TYPE_GLOB_WITH_EMPTY;
+ if (match_type == MATCH_TYPE_PLAIN)
+ match_type = MATCH_TYPE_PLAIN_WITH_EMPTY;
}
}
}
TK_A_OWNER_ID, TK_A_GROUP_ID, TK_A_MODE_ID))
SET_FLAG(rule_line->type, LINE_HAS_DEVLINK, true);
+ else if (token->type == TK_A_OPTIONS_STATIC_NODE)
+ SET_FLAG(rule_line->type, LINE_HAS_STATIC_NODE, true);
+
else if (token->type >= _TK_A_MIN ||
IN_SET(token->type, TK_M_PROGRAM,
TK_M_IMPORT_FILE, TK_M_IMPORT_PROGRAM, TK_M_IMPORT_BUILTIN,
match = isempty(str);
break;
case MATCH_TYPE_SUBSYSTEM:
- value = "subsystem\0class\0bus\0";
+ NULSTR_FOREACH(i, "subsystem\0class\0bus\0")
+ if (streq(i, str)) {
+ match = true;
+ break;
+ }
+ break;
+ case MATCH_TYPE_PLAIN_WITH_EMPTY:
+ if (isempty(str)) {
+ match = true;
+ break;
+ }
_fallthrough_;
case MATCH_TYPE_PLAIN:
NULSTR_FOREACH(i, value)
break;
}
break;
+ case MATCH_TYPE_GLOB_WITH_EMPTY:
+ if (isempty(str)) {
+ match = true;
+ break;
+ }
+ _fallthrough_;
case MATCH_TYPE_GLOB:
NULSTR_FOREACH(i, value)
if ((fnmatch(i, str, 0) == 0)) {
return log_error_errno(errno, "Failed to chown '%s' %u %u: %m",
device_node, uid, gid);
else
- log_debug("chown '%s' %u:%u", device_node, uid, gid);
+ log_debug("chown '%s' %u:%u with mode %#o", device_node, uid, gid, mode);
(void) utimensat(AT_FDCWD, device_node, NULL, 0);
return 0;
StandardOutput=tty
StandardError=tty
ExecStart=/bin/sh -e -x -c 'rm -f /tmp/nonexistent; systemctl start test.socket; printf x > test.file; socat -t20 OPEN:test.file UNIX-CONNECT:/run/test.ctl; >/testok'
-TimeoutStartSec=10s
EOF
cat >$initdir/etc/systemd/system/test.socket <<'EOF'
systemd-run --wait -p FailureAction=poweroff true
! systemd-run --wait -p SuccessAction=poweroff false
-if test -f /firstphase ; then
+if ! test -f /firstphase ; then
echo OK > /firstphase
systemd-run --wait -p SuccessAction=reboot true
else
--- /dev/null
+../TEST-01-BASIC/Makefile
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+set -e
+TEST_DESCRIPTION="test RuntimeDirectoryPreserve=yes"
+
+. $TEST_BASE_DIR/test-functions
+
+test_setup() {
+ create_empty_image_rootdir
+
+ (
+ LOG_LEVEL=5
+ eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
+
+ setup_basic_environment
+
+ # mask some services that we do not want to run in these tests
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.service
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-resolved.service
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-machined.service
+
+ # setup the testsuite service
+ cat >$initdir/etc/systemd/system/testsuite.service <<EOF
+[Unit]
+Description=Testsuite service
+
+[Service]
+ExecStart=/bin/bash -x /testsuite.sh
+Type=oneshot
+StandardOutput=tty
+StandardError=tty
+EOF
+ cp testsuite.sh $initdir/
+
+ setup_testsuite
+ ) || return 1
+ setup_nspawn_root
+}
+
+do_test "$@"
--- /dev/null
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+set -ex
+set -o pipefail
+
+systemd-mount -p RuntimeDirectory=hoge -p RuntimeDirectoryPreserve=yes -t tmpfs tmpfs /tmp/aaa
+
+touch /run/hoge/foo
+touch /tmp/aaa/bbb
+
+systemctl restart tmp-aaa.mount
+
+test -e /run/hoge/foo
+! test -e /tmp/aaa/bbb
+
+echo OK > /testok
+
+exit 0
--- /dev/null
+\ f\ f\ f\ fÌ\ f
\ No newline at end of file
--- /dev/null
+øûøûûÜ
\ No newline at end of file
self.assertRegex(output, 'inet 10.2.3.4/16 brd 10.2.255.255 scope global dummy98')
output = check_output('ip -6 address show dummy98')
print(output)
- self.assertEqual(output, '')
+ self.assertRegex(output, 'inet6 2607:5300:203:3906::/64 scope global')
+ self.assertRegex(output, 'inet6 .* scope link')
output = check_output('ip -4 route show dev dummy98')
print(output)
self.assertEqual(output, '10.2.0.0/16 proto kernel scope link src 10.2.3.4')
output = check_output('ip -6 route show dev dummy98')
print(output)
- self.assertEqual(output, '')
+ self.assertRegex(output, 'default via 2607:5300:203:39ff:ff:ff:ff:ff proto static')
check_output('ip link del dummy98')
KERNEL=="X|attyACM0|dontknow|ttyACM0a|nothing|attyACM0", SYMLINK+="wrong2"
KERNEL=="all|dontknow|ttyACM0", SYMLINK+="right"
KERNEL=="ttyACM0a|nothing", SYMLINK+="wrong3"
+EOF
+ },
+ {
+ desc => "test multi matches 5",
+ devpath => "/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda",
+ exp_name => "found",
+ not_exp_name => "bad",
+ rules => <<EOF
+KERNEL=="sda", TAG="foo"
+TAGS=="|foo", SYMLINK+="found"
+TAGS=="|aaa", SYMLINK+="bad"
+EOF
+ },
+ {
+ desc => "test multi matches 6",
+ devpath => "/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda",
+ exp_name => "found",
+ not_exp_name => "bad",
+ rules => <<EOF
+KERNEL=="sda", TAG=""
+TAGS=="|foo", SYMLINK+="found"
+TAGS=="aaa|bbb", SYMLINK+="bad"
+EOF
+ },
+ {
+ desc => "test multi matches 7",
+ devpath => "/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda",
+ exp_name => "found",
+ not_exp_name => "bad",
+ rules => <<EOF
+KERNEL=="sda", TAG="foo"
+TAGS=="foo||bar", SYMLINK+="found"
+TAGS=="aaa||bbb", SYMLINK+="bad"
+EOF
+ },
+ {
+ desc => "test multi matches 8",
+ devpath => "/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda",
+ exp_name => "found",
+ not_exp_name => "bad",
+ rules => <<EOF
+KERNEL=="sda", TAG=""
+TAGS=="foo||bar", SYMLINK+="found"
+TAGS=="aaa|bbb", SYMLINK+="bad"
+EOF
+ },
+ {
+ desc => "test multi matches 9",
+ devpath => "/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda",
+ exp_name => "found",
+ not_exp_name => "bad",
+ rules => <<EOF
+KERNEL=="sda", TAG="foo"
+TAGS=="foo|", SYMLINK+="found"
+TAGS=="aaa|", SYMLINK+="bad"
+EOF
+ },
+ {
+ desc => "test multi matches 10",
+ devpath => "/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda",
+ exp_name => "found",
+ not_exp_name => "bad",
+ rules => <<EOF
+KERNEL=="sda", TAG=""
+TAGS=="foo|", SYMLINK+="found"
+TAGS=="aaa|bbb", SYMLINK+="bad"
EOF
},
{
install -Dt $OUT/src/shared/ $build/src/shared/libsystemd-shared-*.so
-wget -O $OUT/fuzz-json_seed_corpus.zip https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip
wget -O $OUT/fuzz-json.dict https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/json.dict
find $build -maxdepth 1 -type f -executable -name "fuzz-*" -exec mv {} $OUT \;
set -x
set -u
+# This should help to protect the systemd organization on Fuzzit from forks
+# that are activated on Travis CI.
+[[ "$TRAVIS_REPO_SLUG" = "systemd/systemd" ]] || exit 0
+
REPO_ROOT=${REPO_ROOT:-$(pwd)}
sudo bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse' >>/etc/apt/sources.list"
export SANITIZER="address -fsanitize=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr"
tools/oss-fuzz.sh
-FUZZING_TYPE=${1:-sanity}
+FUZZING_TYPE=${1:-regression}
if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then
FUZZIT_BRANCH="${TRAVIS_BRANCH}"
else
# Because we want Fuzzit to run on every pull-request and Travis/Azure doesnt support encrypted keys
# on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
-FUZZIT_API_KEY=6a8445a23c4a8ef6743ddecf8ab368300976dae9313bbe54f1cbf30801773b2a3095d4c34daab8d308b6f2e8b254c90e
+export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc
FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so"
# ASan options are borrowed almost verbatim from OSS-Fuzz
ASAN_OPTIONS=redzone=32:print_summary=1:handle_sigill=1:allocator_release_to_os_interval_ms=500:print_suppressions=0:strict_memcmp=1:allow_user_segv_handler=0:allocator_may_return_null=1:use_sigaltstack=1:handle_sigfpe=1:handle_sigbus=1:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=64:detect_odr_violation=0:handle_segv=1:fast_unwind_on_fatal=0
UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1:silence_unsigned_overflow=1
-FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT} --asan_options ${ASAN_OPTIONS} --ubsan_options ${UBSAN_OPTIONS}"
-wget -O fuzzit https://bin.fuzzit.dev/fuzzit-1.1
+FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT} -e ASAN_OPTIONS=${ASAN_OPTIONS} -e UBSAN_OPTIONS=${UBSAN_OPTIONS}"
+wget -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/latest/download/fuzzit_Linux_x86_64
chmod +x fuzzit
-./fuzzit auth ${FUZZIT_API_KEY}
-
-find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; | xargs --verbose -n1 -I%FUZZER% ./fuzzit c job ${FUZZIT_ARGS} %FUZZER%-asan-ubsan out/%FUZZER% ${FUZZIT_ADDITIONAL_FILES}
+find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; | xargs --verbose -n1 -I%FUZZER% ./fuzzit create job ${FUZZIT_ARGS} %FUZZER%-asan-ubsan out/%FUZZER% ${FUZZIT_ADDITIONAL_FILES}
export SANITIZER="memory -fsanitize-memory-track-origins"
FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT}"
tools/oss-fuzz.sh
-find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; | xargs --verbose -n1 -I%FUZZER% ./fuzzit c job ${FUZZIT_ARGS} %FUZZER%-msan out/%FUZZER% ${FUZZIT_ADDITIONAL_FILES}
+find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; | xargs --verbose -n1 -I%FUZZER% ./fuzzit create job ${FUZZIT_ARGS} %FUZZER%-msan out/%FUZZER% ${FUZZIT_ADDITIONAL_FILES}
meson.add_install_script(meson_make_symlink,
join_paths(pkgsysconfdir, 'user'),
join_paths(sysconfdir, 'xdg/systemd/user'))
-meson.add_install_script(meson_make_symlink,
- join_paths(dbussystemservicedir, 'org.freedesktop.systemd1.service'),
- join_paths(dbussessionservicedir, 'org.freedesktop.systemd1.service'))
if conf.get('HAVE_SYSV_COMPAT') == 1
foreach i : [1, 2, 3, 4, 5]
meson.add_install_script(
projects / thirdparty / systemd.git / commitdiff
