tree-wide: convert dlopen_*() callers to DLOPEN_* wrapper macros

Switch the executable-owned call sites from the plain dlopen_<lib>()
helpers to the new DLOPEN_<LIB>() macros, so that each binary that loads
an optional library at runtime now carries its own .note.dlopen note
instead of relying solely on libsystemd-shared. Each call site passes a
priority reflecting whether it hard-depends on the library (required) or
degrades gracefully without it (recommended).

Co-developed-by: Claude Opus 4.8 <noreply@anthropic.com>

diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index fdeaf69e174465f5e8ec9fc2eb11548fda0113de..7f8576e52a5f43724b7942852faa4f5a3070df86 100644 (file)
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -605,7 +605,7 @@ static int assess_system_call_filter(
         uint64_t b;
         int r;
 
-        r = dlopen_libseccomp(LOG_DEBUG);
+        r = DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0) {
                 *ret_badness = UINT64_MAX;
                 *ret_description = NULL;
@@ -2578,7 +2578,7 @@ static int get_security_info(Unit *u, ExecContext *c, CGroupContext *g, Security
                 info->_umask = c->umask;
 
 #if HAVE_SECCOMP
-                if (dlopen_libseccomp(LOG_DEBUG) >= 0) {
+                if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) >= 0) {
                         SET_FOREACH(key, c->syscall_archs) {
                                 const char *name;
 

diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
index 5fd65e02f15d9305e33816ac35616ab3bd289542..c16d3939aca7526963d7a0152e74c8314b82aa35 100644 (file)
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@@ -1082,7 +1082,7 @@ static int install_secure_boot_auto_enroll(InstallContext *c) {
         if (!c->secure_boot_certificate || !c->secure_boot_private_key)
                 return 0;
 
-        r = dlopen_libcrypto(LOG_DEBUG);
+        r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/core/bpf-bind-iface.c b/src/core/bpf-bind-iface.c
index 1ba643a1166b361a500e889ca56fdcec5980b18f..6d9ecadcec73240d0562c7248f6c46c87d5e3e4b 100644 (file)
--- a/src/core/bpf-bind-iface.c
+++ b/src/core/bpf-bind-iface.c
@@ -31,7 +31,7 @@ int bpf_bind_network_interface_supported(void) {
         if (supported >= 0)
                 return supported;
 
-        if (dlopen_bpf(LOG_WARNING) < 0)
+        if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0)
                 return (supported = false);
 
         obj = bind_iface_bpf__open();

diff --git a/src/core/bpf-restrict-fs.c b/src/core/bpf-restrict-fs.c
index d28abfe4dd1632ed178df18391b286db19c25fff..93f7b800b5b57f88b11bea34394700c8310184cc 100644 (file)
--- a/src/core/bpf-restrict-fs.c
+++ b/src/core/bpf-restrict-fs.c
@@ -78,7 +78,7 @@ bool bpf_restrict_fs_supported(bool initialize) {
         if (!initialize)
                 return false;
 
-        if (dlopen_bpf(LOG_WARNING) < 0)
+        if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0)
                 return (supported = false);
 
         r = lsm_supported("bpf");

diff --git a/src/core/bpf-restrict-fsaccess.c b/src/core/bpf-restrict-fsaccess.c
index e043bf9fd66efdb8503337319cbb40c25e278700..4e0af5596af29a40e855e6ebf9c0d9b3c673e214 100644 (file)
--- a/src/core/bpf-restrict-fsaccess.c
+++ b/src/core/bpf-restrict-fsaccess.c
@@ -168,7 +168,7 @@ bool bpf_restrict_fsaccess_supported(void) {
 
         if (supported >= 0)
                 return supported;
-        if (dlopen_bpf(LOG_WARNING) < 0)
+        if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0)
                 return (supported = false);
 
         r = lsm_supported("bpf");
@@ -338,7 +338,7 @@ static int restrict_fsaccess_validate_deserialized_fds(Manager *m) {
 
         assert(m);
 
-        r = dlopen_bpf(LOG_WARNING);
+        r = DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
                                        "bpf-restrict-fsaccess: Failed to load libbpf for FD validation, aborting.");

diff --git a/src/core/bpf-restrict-ifaces.c b/src/core/bpf-restrict-ifaces.c
index e30d15cd256ef9fb456b4efac7f54a98d53a1f2e..9ca144a334edbc678490072f34cc820dc9844f3c 100644 (file)
--- a/src/core/bpf-restrict-ifaces.c
+++ b/src/core/bpf-restrict-ifaces.c
@@ -86,7 +86,7 @@ int bpf_restrict_ifaces_supported(void) {
         if (supported >= 0)
                 return supported;
 
-        if (dlopen_bpf(LOG_WARNING) < 0)
+        if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0)
                 return (supported = false);
 
         r = prepare_restrict_ifaces_bpf(NULL, true, NULL, &obj);

diff --git a/src/core/bpf-socket-bind.c b/src/core/bpf-socket-bind.c
index b4bf37b41e0f444593caf61ddf274feaefbeb848..3751d624308642228ffdfd5b611a1bc6129ce557 100644 (file)
--- a/src/core/bpf-socket-bind.c
+++ b/src/core/bpf-socket-bind.c
@@ -125,7 +125,7 @@ int bpf_socket_bind_supported(void) {
         _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL;
         int r;
 
-        if (dlopen_bpf(LOG_WARNING) < 0)
+        if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0)
                 return false;
 
         r = prepare_socket_bind_bpf(/* unit= */ NULL, /* allow_rules= */ NULL, /* deny_rules= */ NULL, &obj);

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 7c16ffc7f030e0d27283a117f687999ef8841dfc..f6d44a162953cf385c2b4e8005fc3e819e440032 100644 (file)
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -1313,7 +1313,7 @@ static int setup_pam(
          * parent process will exec() the actual daemon. We do things this way to ensure that the main PID of
          * the daemon is the one we initially fork()ed. */
 
-        r = dlopen_libpam(LOG_ERR);
+        r = DLOPEN_LIBPAM(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -1579,7 +1579,7 @@ static bool seccomp_allows_drop_privileges(const ExecContext *c) {
         assert(c);
 
         /* No libseccomp, all is fine */
-        if (dlopen_libseccomp(LOG_DEBUG) < 0)
+        if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0)
                 return true;
 
         /* No syscall filter, we are allowed to drop privileges */
@@ -1889,7 +1889,7 @@ static int apply_restrict_filesystems(const ExecContext *c, const ExecParameters
         }
 
         /* We are in a new binary, so dl-open again */
-        r = dlopen_bpf(LOG_DEBUG);
+        r = DLOPEN_BPF(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -5998,10 +5998,10 @@ int exec_invoke(
         }
 
         /* Load a bunch of libraries we'll possibly need later, before we turn off dlopen() */
-        (void) dlopen_bpf(LOG_DEBUG);
-        (void) dlopen_cryptsetup(LOG_DEBUG);
-        (void) dlopen_libmount(LOG_DEBUG);
-        (void) dlopen_libseccomp(LOG_DEBUG);
+        (void) DLOPEN_BPF(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
 
         /* Let's now disable further dlopen()ing of libraries, since we are about to do namespace
          * shenanigans, and do not want to mix resources from host and namespace */

diff --git a/src/core/execute.c b/src/core/execute.c
index ff6ef2de0457c63511f2c10601420d20458a38b7..4a95473e46f4f0e47fcf23ac5c41e2d948058255 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1576,7 +1576,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
                         fputc('~', f);
 
 #if HAVE_SECCOMP
-                if (dlopen_libseccomp(LOG_DEBUG) >= 0) {
+                if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) >= 0) {
                         void *id, *val;
                         bool first = true;
                         HASHMAP_FOREACH_KEY(val, id, c->syscall_filter) {
@@ -1995,7 +1995,7 @@ char** exec_context_get_syscall_filter(const ExecContext *c) {
         assert(c);
 
 #if HAVE_SECCOMP
-        if (dlopen_libseccomp(LOG_DEBUG) < 0)
+        if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0)
                 return strv_new(NULL);
 
         void *id, *val;
@@ -2064,7 +2064,7 @@ char** exec_context_get_syscall_log(const ExecContext *c) {
         assert(c);
 
 #if HAVE_SECCOMP
-        if (dlopen_libseccomp(LOG_DEBUG) < 0)
+        if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0)
                 return strv_new(NULL);
 
         void *id, *val;

diff --git a/src/core/main.c b/src/core/main.c
index 7815691133c6677403713af93eaadb00d8893de6..92eca9462b0eec8faf6512bd66e3e5a65c61b2c9 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -3690,7 +3690,7 @@ int main(int argc, char *argv[]) {
         }
 
         /* Building without libmount is allowed, but if it is compiled in, then we must be able to load it */
-        r = dlopen_libmount(LOG_DEBUG);
+        r = DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0 && !ERRNO_IS_NEG_NOT_SUPPORTED(r)) {
                 error_message = "Failed to load libmount.so";
                 goto finish;

diff --git a/src/core/mount.c b/src/core/mount.c
index 4d5cd35fae60b0b7d802d3edff13cdc3a76b817f..94aeea9f6c9748dd0399d633c910886d82c41b60 100644 (file)
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -2408,7 +2408,7 @@ static int mount_test_startable(Unit *u) {
 }
 
 static bool mount_supported(void) {
-        return dlopen_libmount(LOG_DEBUG) >= 0;
+        return DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) >= 0;
 }
 
 static int mount_subsystem_ratelimited(Manager *m) {

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 49635d3e9528a07914a848ece1c3d491ca80d4bf..a6ba2659e429056ee9b2525dceb9b0f3d14c3ff0 100644 (file)
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -3984,7 +3984,7 @@ int refresh_extensions_in_namespace(
         if (r > 0)
                 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Target namespace is not separate, cannot reload extensions");
 
-        (void) dlopen_cryptsetup(LOG_DEBUG);
+        (void) DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
 
         extension_dir = path_join(p->private_namespace_dir, "unit-extensions");
         if (!extension_dir)

diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index d06c9f0293167338860e9e9018c71b843159c06f..886b00cbf564b66f8902321fc352ecbe6a03c217 100644 (file)
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -17,7 +17,7 @@ int mac_selinux_setup(bool *loaded_policy) {
 
         assert(loaded_policy);
 
-        r = dlopen_libselinux(LOG_DEBUG);
+        r = DLOPEN_LIBSELINUX(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return 0;
 

diff --git a/src/creds/creds.c b/src/creds/creds.c
index c382a0cf80a76b37bd8fa163826906c1e8092cbe..6dc4ea9277d0a216cf23c12cd4a25b9424be90ae 100644 (file)
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@@ -188,7 +188,7 @@ static int is_tmpfs_with_noswap(dev_t devno) {
         _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
         int r;
 
-        r = dlopen_libmount(LOG_DEBUG);
+        r = DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/cryptenroll/cryptenroll.c b/src/cryptenroll/cryptenroll.c
index bcc4b6cca66cd5548ef170519c2c392328baea28..eed0a11aeba7539d70b0e0d0c6e93c093aa06dd5 100644 (file)
--- a/src/cryptenroll/cryptenroll.c
+++ b/src/cryptenroll/cryptenroll.c
@@ -780,7 +780,7 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        r = dlopen_cryptsetup(LOG_ERR);
+        r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c
index 0265b2d5a0393a3e8a04398414954b1c09247cb0..0bfe0c2ec779749072165425e186a59d48302549 100644 (file)
--- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c
+++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c
@@ -38,7 +38,7 @@ _public_ int cryptsetup_token_open_pin(
         assert(pin || pin_size == 0);
         assert(token >= 0);
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 
@@ -103,7 +103,7 @@ _public_ void cryptsetup_token_dump(
 
         assert(json);
 
-        if (dlopen_cryptsetup(LOG_DEBUG) < 0)
+        if (DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED) < 0)
                 return;
 
         r = parse_luks2_fido2_data(cd, json, &rp_id, &salt, &salt_size, &cid, &cid_size, &required);
@@ -170,7 +170,7 @@ _public_ int cryptsetup_token_validate(
 
         assert(json);
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c
index 9a279ddbb7e099ef05d3dcafd9951b7e4c1d3255..63be8a7c64a76fc29cd96b0bc8c2bb410db9c057 100644 (file)
--- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c
+++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c
@@ -37,7 +37,7 @@ _public_ int cryptsetup_token_open_pin(
         assert(pin || pin_size == 0);
         assert(token >= 0);
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 
@@ -95,7 +95,7 @@ _public_ void cryptsetup_token_dump(
         _cleanup_free_ void *pkcs11_key = NULL;
         Pkcs11RsaPadding rsa_padding = PKCS11_RSA_PADDING_PKCS1V15;
 
-        if (dlopen_cryptsetup(LOG_DEBUG) < 0)
+        if (DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED) < 0)
                 return;
 
         r = parse_luks2_pkcs11_data(cd, json, &pkcs11_uri, &pkcs11_key, &pkcs11_key_size, &rsa_padding);
@@ -125,7 +125,7 @@ _public_ int cryptsetup_token_validate(
         sd_json_variant *w;
         _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
index ad14942622fef2feaf3608401ef78e55d1c30f15..70113268b6102294c99dcdd3b8666b3d8edf6705 100644 (file)
--- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
+++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
@@ -61,7 +61,7 @@ _public_ int cryptsetup_token_open_pin(
         assert(ret_password);
         assert(ret_password_len);
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 
@@ -191,7 +191,7 @@ _public_ void cryptsetup_token_dump(
 
         assert(json);
 
-        if (dlopen_cryptsetup(LOG_DEBUG) < 0)
+        if (DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED) < 0)
                 return;
 
         r = sd_json_parse(json, SD_JSON_PARSE_MUST_BE_OBJECT, &v, /* reterr_line= */ NULL, /* reterr_column= */ NULL);
@@ -283,7 +283,7 @@ _public_ int cryptsetup_token_validate(
 
         assert(json);
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 0f0d96372eb5de127d63aeef6817c7a49dfc3900..39562019e483bcfbae285121ab04ad53a2cc9717 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -538,7 +538,7 @@ static int parse_one_option(const char *option) {
 #if HAVE_OPENSSL
                 _cleanup_strv_free_ char **l = NULL;
 
-                r = dlopen_libcrypto(LOG_ERR);
+                r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
                 if (r < 0)
                         return r;
 
@@ -2881,7 +2881,7 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        r = dlopen_cryptsetup(LOG_ERR);
+        r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c
index c79609f583c5a7ec9f719c0a71fe7d22004a3b78..d30749117cea14ee3717aa2fed4c4d0cfed3389e 100644 (file)
--- a/src/dissect/dissect.c
+++ b/src/dissect/dissect.c
@@ -493,7 +493,7 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 OPTION_LONG("make-archive", NULL, "Convert the DDI to an archive file"):
-                        r = dlopen_libarchive(LOG_ERR);
+                        r = DLOPEN_LIBARCHIVE(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
                         if (r < 0)
                                 return r;
 

diff --git a/src/growfs/growfs.c b/src/growfs/growfs.c
index 30d371200d47ffeb95391ae33cd953fcd41b268e..ee8f8eebd205ac827852731a79b3bb5a3f387f18 100644 (file)
--- a/src/growfs/growfs.c
+++ b/src/growfs/growfs.c
@@ -33,7 +33,7 @@ static int resize_crypt_luks_device(dev_t devno, const char *fstype, dev_t main_
         uint64_t size;
         int r;
 
-        r = dlopen_cryptsetup(LOG_ERR);
+        r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/home/homectl.c b/src/home/homectl.c
index a90b517416c0d04aae908b0bdd3e08bb5ba3e757..95c5e101ed0ac82fddfc31ec0f96cc50811981ba 100644 (file)
--- a/src/home/homectl.c
+++ b/src/home/homectl.c
@@ -2482,7 +2482,7 @@ static int verb_list_signing_keys(int argc, char *argv[], uintptr_t _data, void
                         /* Let's decode the PEM key to DER (so that we lose prefix/suffix), then truncate it
                          * for display reasons. */
 
-                        r = dlopen_libcrypto(LOG_DEBUG);
+                        r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
                         if (r < 0)
                                 return r;
 

diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c
index 0fcf7b9395e9195e41cfb1a704ca38dc090e1614..8ae56476d631234bfd631ee9c924c41bd7b68f45 100644 (file)
--- a/src/home/homed-manager.c
+++ b/src/home/homed-manager.c
@@ -1537,7 +1537,7 @@ int manager_startup(Manager *m) {
 
         assert(m);
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/home/homework-fscrypt.c b/src/home/homework-fscrypt.c
index 432f5d8678a88af3653b733b03480abaa3411b0e..6f51f49328954430342c444ea89674c7ad75475a 100644 (file)
--- a/src/home/homework-fscrypt.c
+++ b/src/home/homework-fscrypt.c
@@ -232,7 +232,7 @@ static int fscrypt_slot_try_v1(
         assert(encrypted_size > 0);
         assert(match_key_descriptor);
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -331,7 +331,7 @@ static int fscrypt_slot_try_v2(
         assert(iovec_is_set(tag));
         assert(match_key_descriptor);
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -700,7 +700,7 @@ static int fscrypt_slot_set(
         size_t encrypted_size;
         ssize_t ss;
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -813,7 +813,7 @@ int home_create_fscrypt(
         assert(setup);
         assert(ret_home);
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c
index 9cd0f2dc00438413062b95a1392b7b774dd5c08f..4a56551b9cf47d46e110b26e90d10ad39911a6be 100644 (file)
--- a/src/home/homework-luks.c
+++ b/src/home/homework-luks.c
@@ -146,7 +146,7 @@ static int probe_file_system_by_fd(
         assert(ret_fstype);
         assert(ret_uuid);
 
-        r = dlopen_libblkid(LOG_DEBUG);
+        r = DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -529,7 +529,7 @@ static int acquire_open_luks_device(
         assert(setup);
         assert(!setup->crypt_device);
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -684,7 +684,7 @@ static int luks_validate(
         assert(ret_size);
         assert(sector_size > 0);
 
-        r = dlopen_libblkid(LOG_DEBUG);
+        r = DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -805,7 +805,7 @@ static int crypt_device_to_evp_cipher(struct crypt_device *cd, const EVP_CIPHER
         assert(cd);
         assert(ret);
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -1293,7 +1293,7 @@ int home_setup_luks(
         assert(setup);
         assert(user_record_storage(h) == USER_LUKS);
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -1594,7 +1594,7 @@ int home_activate_luks(
         assert(setup);
         assert(ret_home);
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -2211,11 +2211,11 @@ int home_create_luks(
         assert(setup->image_fd < 0);
         assert(ret_home);
 
-        r = dlopen_fdisk(LOG_DEBUG);
+        r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -3250,11 +3250,11 @@ int home_resize_luks(
         assert(user_record_storage(h) == USER_LUKS);
         assert(setup);
 
-        r = dlopen_fdisk(LOG_DEBUG);
+        r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -3712,7 +3712,7 @@ int home_passwd_luks(
         assert(user_record_storage(h) == USER_LUKS);
         assert(setup);
 
-        r = dlopen_cryptsetup(LOG_DEBUG);
+        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/home/homework.c b/src/home/homework.c
index eecb91511c2af75228c1bf71226496bddd466f48..a5fca5a11884d7353a73f9acd39cce26c74f2ee6 100644 (file)
--- a/src/home/homework.c
+++ b/src/home/homework.c
@@ -1328,7 +1328,7 @@ static int determine_default_storage(UserStorage *ret) {
                         if (r < 0)
                                 log_warning_errno(r, "Failed to determine if %s is encrypted, ignoring: %m", get_home_root());
 
-                        r = dlopen_cryptsetup(LOG_DEBUG);
+                        r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
                         if (r < 0)
                                 log_info("Not using '%s' storage, since libcryptsetup could not be loaded.", user_storage_to_string(USER_LUKS));
                         else {

diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
index 6e24924e91cfc0ffe8bc5a331a7f44c37c2af29a..abb75b9d92839bd951d042ea469574818338bcbd 100644 (file)
--- a/src/home/pam_systemd_home.c
+++ b/src/home/pam_systemd_home.c
@@ -786,11 +786,11 @@ _public_ PAM_EXTERN int pam_sm_authenticate(
         bool debug = false;
         int r;
 
-        r = dlopen_libpam(LOG_DEBUG);
+        r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return PAM_SERVICE_ERR;
 
-        (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */
+        (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */
 
         pam_log_setup();
 
@@ -853,11 +853,11 @@ _public_ PAM_EXTERN int pam_sm_open_session(
         bool debug = false;
         int r;
 
-        r = dlopen_libpam(LOG_DEBUG);
+        r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return PAM_SERVICE_ERR;
 
-        (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */
+        (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */
 
         pam_log_setup();
 
@@ -912,11 +912,11 @@ _public_ PAM_EXTERN int pam_sm_close_session(
         bool debug = false;
         int r;
 
-        r = dlopen_libpam(LOG_DEBUG);
+        r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return PAM_SERVICE_ERR;
 
-        (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */
+        (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */
 
         pam_log_setup();
 
@@ -979,11 +979,11 @@ _public_ PAM_EXTERN int pam_sm_acct_mgmt(
         usec_t t;
         int r;
 
-        r = dlopen_libpam(LOG_DEBUG);
+        r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return PAM_SERVICE_ERR;
 
-        (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */
+        (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */
 
         pam_log_setup();
 
@@ -1100,11 +1100,11 @@ _public_ PAM_EXTERN int pam_sm_chauthtok(
         bool debug = false;
         int r;
 
-        r = dlopen_libpam(LOG_DEBUG);
+        r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return PAM_SERVICE_ERR;
 
-        (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */
+        (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */
 
         pam_log_setup();
 

diff --git a/src/imds/imdsd.c b/src/imds/imdsd.c
index e58e06b7b12d3ddaec7c1aacafb193b7f5a0b1b4..9959567f5f350e46299ffe66ada70b9e3aaa1424 100644 (file)
--- a/src/imds/imdsd.c
+++ b/src/imds/imdsd.c
@@ -3065,7 +3065,7 @@ static int run(int argc, char* argv[]) {
         if (r <= 0)
                 return r;
 
-        r = dlopen_curl(LOG_DEBUG);
+        r = DLOPEN_CURL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/import/import-common.c b/src/import/import-common.c
index 840eac210f8697a27e4a1d6016f1155c8f2b6bd3..c7465147c46b8483daca535fc45757e977b5630e 100644 (file)
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -32,7 +32,7 @@ int import_fork_tar_x(int tree_fd, int userns_fd, PidRef *ret_pid) {
         assert(tree_fd >= 0);
         assert(ret_pid);
 
-        r = dlopen_libarchive(LOG_DEBUG);
+        r = DLOPEN_LIBARCHIVE(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -99,7 +99,7 @@ int import_fork_tar_c(int tree_fd, int userns_fd, PidRef *ret_pid) {
         assert(tree_fd >= 0);
         assert(ret_pid);
 
-        r = dlopen_libarchive(LOG_DEBUG);
+        r = DLOPEN_LIBARCHIVE(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/import/pull-job.c b/src/import/pull-job.c
index 31d6d34af6bc7766c1dab995cd7546338b80f357..7d83c994ff50a35f3746de84296563468f6a537f 100644 (file)
--- a/src/import/pull-job.c
+++ b/src/import/pull-job.c
@@ -282,7 +282,7 @@ static int pull_job_open_disk(PullJob *j) {
         }
 
         if (j->calc_checksum) {
-                r = dlopen_libcrypto(LOG_ERR);
+                r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
                 if (r < 0)
                         return r;
 

diff --git a/src/integritysetup/integritysetup.c b/src/integritysetup/integritysetup.c
index bdf1b25473bd4c08bb1087d6b892b38868b526bf..619c3b10db50d1ea55c362e371714ee6aa0d5623 100644 (file)
--- a/src/integritysetup/integritysetup.c
+++ b/src/integritysetup/integritysetup.c
@@ -204,7 +204,7 @@ static int run(int argc, char *argv[]) {
 
         log_setup();
 
-        r = dlopen_cryptsetup(LOG_ERR);
+        r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index e70fc4f6dbf376fa44c3741a84fafd690054b019..9b1085bb4cd8a4abf0275995ab58ebd624ebbe94 100644 (file)
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -1258,7 +1258,7 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        r = dlopen_microhttpd(LOG_ERR);
+        r = DLOPEN_MICROHTTPD(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index 614ec61be907df74a2ab334c427a1eaa3d70a109..2100190bda035e0c84d36bdccf427e9e7e1c57c8 100644 (file)
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -466,7 +466,7 @@ static int setup_microhttpd_server(RemoteServer *s,
 #if HAVE_MICROHTTPD
         int r;
 
-        r = dlopen_microhttpd(LOG_ERR);
+        r = DLOPEN_MICROHTTPD(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index f4b698ae415d61e14ee68c24221fe19df00cf8a8..2eb47d21300d234dcddb2598c9b79d0d13d3b8d8 100644 (file)
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -879,7 +879,7 @@ static int run(int argc, char **argv) {
         if (r <= 0)
                 return r;
 
-        r = dlopen_curl(LOG_DEBUG);
+        r = DLOPEN_CURL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/keyutil/keyutil.c b/src/keyutil/keyutil.c
index ab8e3eee982335cd1a22213da8440dec5752edd6..c54f347079ee4d8f022034400ac6a0ba43a83884 100644 (file)
--- a/src/keyutil/keyutil.c
+++ b/src/keyutil/keyutil.c
@@ -233,7 +233,7 @@ static int verb_extract_public(int argc, char *argv[], uintptr_t _data, void *us
                                 return r;
                 }
 
-                r = dlopen_libcrypto(LOG_ERR);
+                r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
                 if (r < 0)
                         return r;
 

diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index b6f7ddd38c214107eb11b0ce1e514c832838c9fd..9bdd147db4d08874d0de8b8816ea669384a23ad5 100644 (file)
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -1748,7 +1748,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
 
         assert(pamh);
 
-        r = dlopen_libpam(LOG_DEBUG);
+        r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return PAM_SERVICE_ERR;
 
@@ -1847,7 +1847,7 @@ _public_ PAM_EXTERN int pam_sm_close_session(
 
         assert(pamh);
 
-        r = dlopen_libpam(LOG_DEBUG);
+        r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return PAM_SERVICE_ERR;
 

diff --git a/src/login/pam_systemd_loadkey.c b/src/login/pam_systemd_loadkey.c
index 9d44863b02bd1eccf325eaed43897a677943df35..c93dedf5ea88d832b0861a35625928becec214c8 100644 (file)
--- a/src/login/pam_systemd_loadkey.c
+++ b/src/login/pam_systemd_loadkey.c
@@ -19,7 +19,7 @@ _public_ PAM_EXTERN int pam_sm_authenticate(
 
         assert(pamh);
 
-        r = dlopen_libpam(LOG_DEBUG);
+        r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return PAM_SERVICE_ERR;
 

diff --git a/src/measure/measure-tool.c b/src/measure/measure-tool.c
index e7a3be6d643b1840009b25cfcd10bfdab53e7f3e..70971c11adb742a5992c63b0d751fd136c4cea0a 100644 (file)
--- a/src/measure/measure-tool.c
+++ b/src/measure/measure-tool.c
@@ -176,7 +176,7 @@ static int parse_argv(int argc, char *argv[], char ***ret_args) {
                             "Select TPM bank (SHA1, SHA256, SHA384, SHA512)"): {
                         const EVP_MD *implementation;
 
-                        r = dlopen_libcrypto(LOG_ERR);
+                        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
                         if (r < 0)
                                 return r;
 
@@ -1122,7 +1122,7 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/network/networkd-sysctl.c b/src/network/networkd-sysctl.c
index c59cb2a5d708c2d6d914010b8585253a34c6ce59..ab4c03609a2bf0fcf13089af819f90b33a96754f 100644 (file)
--- a/src/network/networkd-sysctl.c
+++ b/src/network/networkd-sysctl.c
@@ -108,7 +108,7 @@ int manager_install_sysctl_monitor(Manager *manager) {
 
         assert(manager);
 
-        r = dlopen_bpf(LOG_DEBUG);
+        r = DLOPEN_BPF(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
                 return log_debug_errno(r, "sysctl monitor disabled, as BPF support is not available.");
         if (r < 0)

diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c
index bd28a67e6b14caabc74db49729e86f11b2631acd..0f206bd7067c6d85abd71d1f871b69bf8de8bba6 100644 (file)
--- a/src/nspawn/nspawn-oci.c
+++ b/src/nspawn/nspawn-oci.c
@@ -1826,7 +1826,7 @@ static int oci_seccomp(const char *name, sd_json_variant *v, sd_json_dispatch_fl
         if (r < 0)
                 return json_log(def, flags, r, "Unknown default action: %s", sd_json_variant_string(def));
 
-        r = dlopen_libseccomp(LOG_DEBUG);
+        r = DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return json_log(def, flags, r, "No support for libseccomp: %m");
 

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index cb78f1ccfb31496d28d7242f27c217950a425656..bbd5f411d413c14a79e2775d8257daea0c5a118d 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -6146,9 +6146,9 @@ static int run(int argc, char *argv[]) {
         if (arg_cleanup)
                 return do_cleanup();
 
-        (void) dlopen_libmount(LOG_DEBUG);
-        (void) dlopen_libseccomp(LOG_DEBUG);
-        (void) dlopen_libselinux(LOG_DEBUG);
+        (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_LIBSELINUX(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
 
         r = cg_has_legacy();
         if (r < 0)

diff --git a/src/nsresourced/userns-restrict.c b/src/nsresourced/userns-restrict.c
index bc7bac6942df686e2573dffdeff79b2dfcc6412d..1b82c797f09ee45b80d86c2effdba37a560c4611 100644 (file)
--- a/src/nsresourced/userns-restrict.c
+++ b/src/nsresourced/userns-restrict.c
@@ -68,7 +68,7 @@ int userns_restrict_install(
         if (r == 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "bpf-lsm not supported, can't lock down user namespace.");
 
-        r = dlopen_bpf(LOG_DEBUG);
+        r = DLOPEN_BPF(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/pcrextend/pcrextend.c b/src/pcrextend/pcrextend.c
index ac432aaac579b1ff5ad16327045c6ad9419f1ce5..d5d4a23d51a77662f6b704e599f3000266fd6c76 100644 (file)
--- a/src/pcrextend/pcrextend.c
+++ b/src/pcrextend/pcrextend.c
@@ -90,7 +90,7 @@ static int parse_argv(int argc, char *argv[], char ***ret_args) {
                 OPTION_LONG("bank", "DIGEST", "Select TPM PCR bank (SHA1, SHA256)"): {
                         const EVP_MD *implementation;
 
-                        r = dlopen_libcrypto(LOG_ERR);
+                        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
                         if (r < 0)
                                 return r;
 

diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c
index 247c36cca15c99bd2eedf58ac2035775ce382d7f..5aba4e966bb836bc832bc7cbf64cb5f2cf52d4bc 100644 (file)
--- a/src/pcrlock/pcrlock.c
+++ b/src/pcrlock/pcrlock.c
@@ -5481,7 +5481,7 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/portable/portable.c b/src/portable/portable.c
index f9f47f2e0fd89e52c765cee18a00d1b893f147a4..a98c1162d95e78545968ddfb300e1e4e1b8ccf2d 100644 (file)
--- a/src/portable/portable.c
+++ b/src/portable/portable.c
@@ -610,8 +610,8 @@ static int portable_extract_by_path(
                  * there, and extract the metadata we need. The metadata is sent from the child back to us. */
 
                 /* Load some libraries before we fork workers off that want to use them */
-                (void) dlopen_cryptsetup(LOG_DEBUG);
-                (void) dlopen_libmount(LOG_DEBUG);
+                (void) DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+                (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
 
                 r = mkdtemp_malloc("/tmp/inspect-XXXXXX", &tmpdir);
                 if (r < 0)

diff --git a/src/repart/repart.c b/src/repart/repart.c
index a9d6d8efec95cda53fbc095bc1f2cf10d55813bb..53204e94db92ebb685591ca3506f028d4fa630f2 100644 (file)
--- a/src/repart/repart.c
+++ b/src/repart/repart.c
@@ -3101,7 +3101,7 @@ static int partition_read_definition(
                                   "Cannot format %s filesystem without source files, refusing.", p->format);
 
         if (p->verity != VERITY_OFF || p->encrypt != ENCRYPT_OFF) {
-                r = dlopen_cryptsetup(LOG_DEBUG);
+                r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
                 if (r < 0)
                         return log_syntax(NULL, LOG_ERR, path, 1, r,
                                           "libcryptsetup not found, Verity=/Encrypt= are not supported: %m");
@@ -4708,7 +4708,7 @@ static int context_wipe_range(Context *context, uint64_t offset, uint64_t size)
         assert(offset != UINT64_MAX);
         assert(size != UINT64_MAX);
 
-        r = dlopen_libblkid(LOG_ERR);
+        r = DLOPEN_LIBBLKID(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 
@@ -5400,7 +5400,7 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
         assert(p);
         assert(p->encrypt != ENCRYPT_OFF);
 
-        r = dlopen_cryptsetup(LOG_ERR);
+        r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -5939,7 +5939,7 @@ static int partition_format_verity_hash(
 
         (void) partition_hint(p, node, &hint);
 
-        r = dlopen_cryptsetup(LOG_ERR);
+        r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -6041,7 +6041,7 @@ static int sign_verity_roothash(
         assert(iovec_is_set(roothash));
         assert(ret_signature);
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -7128,7 +7128,7 @@ static int partition_populate_filesystem(Context *context, Partition *p, const c
          * appear in the host namespace. Hence we fork a child that has its own file system namespace and
          * detached mount propagation. */
 
-        (void) dlopen_libmount(LOG_DEBUG);
+        (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
 
         r = pidref_safe_fork(
                         "(sd-copy)",
@@ -8720,7 +8720,7 @@ static int resolve_copy_blocks_auto_candidate(
                 return log_error_errno(r, "Failed to open block device " DEVNUM_FORMAT_STR ": %m",
                                        DEVNUM_FORMAT_VAL(whole_devno));
 
-        r = dlopen_libblkid(LOG_ERR);
+        r = DLOPEN_LIBBLKID(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 
@@ -11543,7 +11543,7 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        r = dlopen_fdisk(LOG_ERR);
+        r = DLOPEN_FDISK(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/report/report-upload.c b/src/report/report-upload.c
index 471bcb760600e5a0e68d2f99f2698a2cc53e628e..aea12e62a533577d2359deb30132e11ed1af5c0b 100644 (file)
--- a/src/report/report-upload.c
+++ b/src/report/report-upload.c
@@ -81,7 +81,7 @@ static int http_upload_collected(Context *context, sd_json_variant *report) {
         _cleanup_free_ char *json = NULL;
         int r;
 
-        r = dlopen_curl(LOG_DEBUG);
+        r = DLOPEN_CURL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index f33bba28ff1945181a71a2dd9def12f2adb79343..9112369a74c39345d143c771a2341ff77588d139 100644 (file)
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -709,7 +709,7 @@ int dnssec_verify_rrset(
         assert(dnskey);
         assert(result);
 
-        r = dlopen_libcrypto(LOG_DEBUG);
+        r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -1066,7 +1066,7 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
         assert(dnskey);
         assert(ds);
 
-        r = dlopen_libcrypto(LOG_DEBUG);
+        r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -1206,7 +1206,7 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
         assert(name);
         assert(ret);
 
-        r = dlopen_libcrypto(LOG_DEBUG);
+        r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/resolve/resolved-dnstls.c b/src/resolve/resolved-dnstls.c
index f59c2fa348f6759253f58a523d663fb52559e7b0..e7191f2e7f4ec265fb473a44c7941c48fc87590a 100644 (file)
--- a/src/resolve/resolved-dnstls.c
+++ b/src/resolve/resolved-dnstls.c
@@ -397,11 +397,11 @@ int dnstls_manager_init(Manager *manager) {
 
         assert(manager);
 
-        r = dlopen_libcrypto(LOG_WARNING);
+        r = DLOPEN_LIBCRYPTO(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 
-        r = dlopen_libssl(LOG_WARNING);
+        r = DLOPEN_LIBSSL(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/resolve/resolved-util.c b/src/resolve/resolved-util.c
index 094ef006985137df465aab60bafc08e5717afaee..7b591ebbb90688805527d0058df3f3dec7565b43 100644 (file)
--- a/src/resolve/resolved-util.c
+++ b/src/resolve/resolved-util.c
@@ -36,7 +36,7 @@ int resolve_system_hostname(char **full_hostname, char **first_label) {
 #if HAVE_LIBIDN2
         _cleanup_free_ char *utf8 = NULL;
 
-        if (dlopen_idn(LOG_DEBUG) >= 0) {
+        if (DLOPEN_IDN(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) >= 0) {
                 r = sym_idn2_to_unicode_8z8z(label, &utf8, 0);
                 if (r != IDN2_OK)
                         return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),

diff --git a/src/sbsign/sbsign.c b/src/sbsign/sbsign.c
index 1d690220d1b51c773a882ddf05d8fb57b1438de8..cad7cc54db02e3fc373558aeb5895e2c9167eaa1 100644 (file)
--- a/src/sbsign/sbsign.c
+++ b/src/sbsign/sbsign.c
@@ -425,7 +425,7 @@ static int verb_sign(int argc, char *argv[], uintptr_t _data, void *userdata) {
         _cleanup_(iovec_done) struct iovec signed_attributes_signature = {};
         int r;
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/shutdown/detach-swap.c b/src/shutdown/detach-swap.c
index 04efbfeb36d54c5eccfcdd4a3057948e40fa4416..585a2f85a680d5d568e8c881aad66a09dd06b975 100644 (file)
--- a/src/shutdown/detach-swap.c
+++ b/src/shutdown/detach-swap.c
@@ -36,7 +36,7 @@ int swap_list_get(const char *swaps, SwapDevice **head) {
 
         assert(head);
 
-        r = dlopen_libmount(LOG_ERR);
+        r = DLOPEN_LIBMOUNT(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c
index a3b1ba6221b66913d6f7d8157ca2ab97e640472b..ce2468fafdac09c79ca822ae4be7b06c581a0872 100644 (file)
--- a/src/sysext/sysext.c
+++ b/src/sysext/sysext.c
@@ -1676,7 +1676,7 @@ static int unmerge(
         bool need_to_reload;
         int r;
 
-        (void) dlopen_libmount(LOG_DEBUG);
+        (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
 
         r = need_reload(image_class, hierarchies, no_reload);
         if (r < 0)
@@ -2257,9 +2257,9 @@ static int merge(ImageClass image_class,
 
         int r;
 
-        (void) dlopen_cryptsetup(LOG_DEBUG);
-        (void) dlopen_libblkid(LOG_DEBUG);
-        (void) dlopen_libmount(LOG_DEBUG);
+        (void) DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
+        (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
 
         _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
         r = pidref_safe_fork("(sd-merge)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_NEW_MOUNTNS, &pidref);

diff --git a/src/sysupdate/sysupdate-partition.c b/src/sysupdate/sysupdate-partition.c
index 0b346da62d18daadf3598e5727baa67b05f555d6..6361093231dcbd92648e03bed38c6ac09b6872f7 100644 (file)
--- a/src/sysupdate/sysupdate-partition.c
+++ b/src/sysupdate/sysupdate-partition.c
@@ -161,7 +161,7 @@ int find_suitable_partition(
         POINTER_MAY_BE_NULL(partition_type);
         assert(ret);
 
-        r = dlopen_fdisk(LOG_DEBUG);
+        r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -230,7 +230,7 @@ int patch_partition(
         if (change == 0) /* Nothing to do */
                 return 0;
 
-        r = dlopen_fdisk(LOG_DEBUG);
+        r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/sysupdate/sysupdate-resource.c b/src/sysupdate/sysupdate-resource.c
index a91741a49f10f68bf6464138ece239f75df019ed..e234b3c914808122acb3f8400d0b613fce3a071d 100644 (file)
--- a/src/sysupdate/sysupdate-resource.c
+++ b/src/sysupdate/sysupdate-resource.c
@@ -234,7 +234,7 @@ static int resource_load_from_blockdev(Resource *rr) {
 
         assert(rr);
 
-        r = dlopen_fdisk(LOG_DEBUG);
+        r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/test/test-bpf-restrict-fsaccess.c b/src/test/test-bpf-restrict-fsaccess.c
index 0d4e18671aa3e1e24c20af124a4a384952fc26ec..80d448815cf0035ea9aa7a42ca8da683f23306c8 100644 (file)
--- a/src/test/test-bpf-restrict-fsaccess.c
+++ b/src/test/test-bpf-restrict-fsaccess.c
@@ -107,7 +107,7 @@ static int do_attach(void) {
         struct stat st;
         int r;
 
-        r = dlopen_bpf(LOG_ERR);
+        r = DLOPEN_BPF(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return log_error_errno(r, "Failed to dlopen libbpf: %m");
 

diff --git a/src/test/test-bpf-token.c b/src/test/test-bpf-token.c
index f991f92601271a7b8e2c2bcf22d69e20a545296b..f7156f7ff537ac46db97f88b96a6ab473c7b3122 100644 (file)
--- a/src/test/test-bpf-token.c
+++ b/src/test/test-bpf-token.c
@@ -11,7 +11,7 @@ static int run(int argc, char *argv[]) {
 #if HAVE_LIBBPF
         int r;
 
-        r = dlopen_bpf(LOG_ERR);
+        r = DLOPEN_BPF(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index fa2b21f73a0f046af5662d198b10f445e314a16b..2c7ac181095788039e689aeaa5575065a494678d 100644 (file)
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -1267,7 +1267,7 @@ static int parse_acl_cond_exec(
         assert(cond_exec);
         assert(ret);
 
-        r = dlopen_libacl(LOG_DEBUG);
+        r = DLOPEN_LIBACL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 
@@ -1386,7 +1386,7 @@ static int path_set_acl(
 
         assert(c);
 
-        r = dlopen_libacl(LOG_DEBUG);
+        r = DLOPEN_LIBACL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
         if (r < 0)
                 return r;
 

diff --git a/src/tpm2-setup/tpm2-setup.c b/src/tpm2-setup/tpm2-setup.c
index eb25d7fd7f54e58252619ea82a586e3b2ffe38af..ab0966f8d92dca0112316af35f80bfee1613d34b 100644 (file)
--- a/src/tpm2-setup/tpm2-setup.c
+++ b/src/tpm2-setup/tpm2-setup.c
@@ -569,7 +569,7 @@ static int run(int argc, char *argv[]) {
                 return EXIT_SUCCESS;
         }
 
-        r = dlopen_libcrypto(LOG_ERR);
+        r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/udev/udev-builtin-blkid.c b/src/udev/udev-builtin-blkid.c
index 4cd22a889fcf72b4ea232367f0d196bc277904cc..57fa7f9585d6d83abef33071279987aa378d5248 100644 (file)
--- a/src/udev/udev-builtin-blkid.c
+++ b/src/udev/udev-builtin-blkid.c
@@ -506,7 +506,7 @@ static int builtin_blkid(UdevEvent *event, int argc, char *argv[]) {
         int64_t offset = 0;
         int r;
 
-        r = dlopen_libblkid(LOG_DEBUG);
+        r = DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return log_device_debug_errno(dev, r, "blkid not available: %m");
 

diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 593eee89b8bde0a56c09ad3b872b4fb0200dc307..4cbc481c7681d3686f3539b7d1ac968607f595e2 100644 (file)
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -58,11 +58,11 @@ int run_udevd(int argc, char *argv[]) {
                 return log_error_errno(r, "Failed to create /run/udev: %m");
 
         /* Load some shared libraries before we fork any workers */
-        (void) dlopen_libacl(LOG_DEBUG);
-        (void) dlopen_libblkid(LOG_DEBUG);
-        (void) dlopen_libkmod(LOG_DEBUG);
-        (void) dlopen_libmount(LOG_DEBUG);
-        (void) dlopen_tpm2(LOG_DEBUG);
+        (void) DLOPEN_LIBACL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_LIBKMOD(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
+        (void) DLOPEN_TPM2(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED);
 
         if (arg_daemonize) {
                 pid_t pid;

diff --git a/src/validatefs/validatefs.c b/src/validatefs/validatefs.c
index 506b8198709d5dd23342f34df9cb156b9f081a2a..994fcbeb13d03fffe253834073857bff1ced0954 100644 (file)
--- a/src/validatefs/validatefs.c
+++ b/src/validatefs/validatefs.c
@@ -290,7 +290,7 @@ static int validate_gpt_metadata_one(sd_device *d, const char *path, const Valid
         assert(d);
         assert(f);
 
-        r = dlopen_libblkid(LOG_ERR);
+        r = DLOPEN_LIBBLKID(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;
 

diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c
index e9ce2bdfecb695d694c191a5e66c09ac56ccd102..42e5356b11524d77fcc2f958703a4705875d80d9 100644 (file)
--- a/src/veritysetup/veritysetup.c
+++ b/src/veritysetup/veritysetup.c
@@ -491,7 +491,7 @@ static int run(int argc, char *argv[]) {
 
         log_setup();
 
-        r = dlopen_cryptsetup(LOG_ERR);
+        r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED);
         if (r < 0)
                 return r;