From: Luca Boccassi Date: Sat, 30 May 2026 21:51:59 +0000 (+0100) Subject: tree-wide: convert dlopen_*() callers to DLOPEN_* wrapper macros X-Git-Tag: v261-rc3~17^2 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=b0ede9f9eebf3f5507e6b3cef9e1de33af7cea68;p=thirdparty%2Fsystemd.git tree-wide: convert dlopen_*() callers to DLOPEN_* wrapper macros Switch the executable-owned call sites from the plain dlopen_() helpers to the new DLOPEN_() macros, so that each binary that loads an optional library at runtime now carries its own .note.dlopen note instead of relying solely on libsystemd-shared. Each call site passes a priority reflecting whether it hard-depends on the library (required) or degrades gracefully without it (recommended). Co-developed-by: Claude Opus 4.8 --- diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index fdeaf69e174..7f8576e52a5 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -605,7 +605,7 @@ static int assess_system_call_filter( uint64_t b; int r; - r = dlopen_libseccomp(LOG_DEBUG); + r = DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) { *ret_badness = UINT64_MAX; *ret_description = NULL; @@ -2578,7 +2578,7 @@ static int get_security_info(Unit *u, ExecContext *c, CGroupContext *g, Security info->_umask = c->umask; #if HAVE_SECCOMP - if (dlopen_libseccomp(LOG_DEBUG) >= 0) { + if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) >= 0) { SET_FOREACH(key, c->syscall_archs) { const char *name; diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c index 5fd65e02f15..c16d3939aca 100644 --- a/src/bootctl/bootctl-install.c +++ b/src/bootctl/bootctl-install.c @@ -1082,7 +1082,7 @@ static int install_secure_boot_auto_enroll(InstallContext *c) { if (!c->secure_boot_certificate || !c->secure_boot_private_key) return 0; - r = dlopen_libcrypto(LOG_DEBUG); + r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/core/bpf-bind-iface.c b/src/core/bpf-bind-iface.c index 1ba643a1166..6d9ecadcec7 100644 --- a/src/core/bpf-bind-iface.c +++ b/src/core/bpf-bind-iface.c @@ -31,7 +31,7 @@ int bpf_bind_network_interface_supported(void) { if (supported >= 0) return supported; - if (dlopen_bpf(LOG_WARNING) < 0) + if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0) return (supported = false); obj = bind_iface_bpf__open(); diff --git a/src/core/bpf-restrict-fs.c b/src/core/bpf-restrict-fs.c index d28abfe4dd1..93f7b800b5b 100644 --- a/src/core/bpf-restrict-fs.c +++ b/src/core/bpf-restrict-fs.c @@ -78,7 +78,7 @@ bool bpf_restrict_fs_supported(bool initialize) { if (!initialize) return false; - if (dlopen_bpf(LOG_WARNING) < 0) + if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0) return (supported = false); r = lsm_supported("bpf"); diff --git a/src/core/bpf-restrict-fsaccess.c b/src/core/bpf-restrict-fsaccess.c index e043bf9fd66..4e0af5596af 100644 --- a/src/core/bpf-restrict-fsaccess.c +++ b/src/core/bpf-restrict-fsaccess.c @@ -168,7 +168,7 @@ bool bpf_restrict_fsaccess_supported(void) { if (supported >= 0) return supported; - if (dlopen_bpf(LOG_WARNING) < 0) + if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0) return (supported = false); r = lsm_supported("bpf"); @@ -338,7 +338,7 @@ static int restrict_fsaccess_validate_deserialized_fds(Manager *m) { assert(m); - r = dlopen_bpf(LOG_WARNING); + r = DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "bpf-restrict-fsaccess: Failed to load libbpf for FD validation, aborting."); diff --git a/src/core/bpf-restrict-ifaces.c b/src/core/bpf-restrict-ifaces.c index e30d15cd256..9ca144a334e 100644 --- a/src/core/bpf-restrict-ifaces.c +++ b/src/core/bpf-restrict-ifaces.c @@ -86,7 +86,7 @@ int bpf_restrict_ifaces_supported(void) { if (supported >= 0) return supported; - if (dlopen_bpf(LOG_WARNING) < 0) + if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0) return (supported = false); r = prepare_restrict_ifaces_bpf(NULL, true, NULL, &obj); diff --git a/src/core/bpf-socket-bind.c b/src/core/bpf-socket-bind.c index b4bf37b41e0..3751d624308 100644 --- a/src/core/bpf-socket-bind.c +++ b/src/core/bpf-socket-bind.c @@ -125,7 +125,7 @@ int bpf_socket_bind_supported(void) { _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL; int r; - if (dlopen_bpf(LOG_WARNING) < 0) + if (DLOPEN_BPF(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0) return false; r = prepare_socket_bind_bpf(/* unit= */ NULL, /* allow_rules= */ NULL, /* deny_rules= */ NULL, &obj); diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 7c16ffc7f03..f6d44a16295 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -1313,7 +1313,7 @@ static int setup_pam( * parent process will exec() the actual daemon. We do things this way to ensure that the main PID of * the daemon is the one we initially fork()ed. */ - r = dlopen_libpam(LOG_ERR); + r = DLOPEN_LIBPAM(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -1579,7 +1579,7 @@ static bool seccomp_allows_drop_privileges(const ExecContext *c) { assert(c); /* No libseccomp, all is fine */ - if (dlopen_libseccomp(LOG_DEBUG) < 0) + if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0) return true; /* No syscall filter, we are allowed to drop privileges */ @@ -1889,7 +1889,7 @@ static int apply_restrict_filesystems(const ExecContext *c, const ExecParameters } /* We are in a new binary, so dl-open again */ - r = dlopen_bpf(LOG_DEBUG); + r = DLOPEN_BPF(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -5998,10 +5998,10 @@ int exec_invoke( } /* Load a bunch of libraries we'll possibly need later, before we turn off dlopen() */ - (void) dlopen_bpf(LOG_DEBUG); - (void) dlopen_cryptsetup(LOG_DEBUG); - (void) dlopen_libmount(LOG_DEBUG); - (void) dlopen_libseccomp(LOG_DEBUG); + (void) DLOPEN_BPF(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* Let's now disable further dlopen()ing of libraries, since we are about to do namespace * shenanigans, and do not want to mix resources from host and namespace */ diff --git a/src/core/execute.c b/src/core/execute.c index ff6ef2de045..4a95473e46f 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1576,7 +1576,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { fputc('~', f); #if HAVE_SECCOMP - if (dlopen_libseccomp(LOG_DEBUG) >= 0) { + if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) >= 0) { void *id, *val; bool first = true; HASHMAP_FOREACH_KEY(val, id, c->syscall_filter) { @@ -1995,7 +1995,7 @@ char** exec_context_get_syscall_filter(const ExecContext *c) { assert(c); #if HAVE_SECCOMP - if (dlopen_libseccomp(LOG_DEBUG) < 0) + if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0) return strv_new(NULL); void *id, *val; @@ -2064,7 +2064,7 @@ char** exec_context_get_syscall_log(const ExecContext *c) { assert(c); #if HAVE_SECCOMP - if (dlopen_libseccomp(LOG_DEBUG) < 0) + if (DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) < 0) return strv_new(NULL); void *id, *val; diff --git a/src/core/main.c b/src/core/main.c index 7815691133c..92eca9462b0 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -3690,7 +3690,7 @@ int main(int argc, char *argv[]) { } /* Building without libmount is allowed, but if it is compiled in, then we must be able to load it */ - r = dlopen_libmount(LOG_DEBUG); + r = DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0 && !ERRNO_IS_NEG_NOT_SUPPORTED(r)) { error_message = "Failed to load libmount.so"; goto finish; diff --git a/src/core/mount.c b/src/core/mount.c index 4d5cd35fae6..94aeea9f6c9 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -2408,7 +2408,7 @@ static int mount_test_startable(Unit *u) { } static bool mount_supported(void) { - return dlopen_libmount(LOG_DEBUG) >= 0; + return DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) >= 0; } static int mount_subsystem_ratelimited(Manager *m) { diff --git a/src/core/namespace.c b/src/core/namespace.c index 49635d3e952..a6ba2659e42 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -3984,7 +3984,7 @@ int refresh_extensions_in_namespace( if (r > 0) return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Target namespace is not separate, cannot reload extensions"); - (void) dlopen_cryptsetup(LOG_DEBUG); + (void) DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); extension_dir = path_join(p->private_namespace_dir, "unit-extensions"); if (!extension_dir) diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c index d06c9f02931..886b00cbf56 100644 --- a/src/core/selinux-setup.c +++ b/src/core/selinux-setup.c @@ -17,7 +17,7 @@ int mac_selinux_setup(bool *loaded_policy) { assert(loaded_policy); - r = dlopen_libselinux(LOG_DEBUG); + r = DLOPEN_LIBSELINUX(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return 0; diff --git a/src/creds/creds.c b/src/creds/creds.c index c382a0cf80a..6dc4ea9277d 100644 --- a/src/creds/creds.c +++ b/src/creds/creds.c @@ -188,7 +188,7 @@ static int is_tmpfs_with_noswap(dev_t devno) { _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; int r; - r = dlopen_libmount(LOG_DEBUG); + r = DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/cryptenroll/cryptenroll.c b/src/cryptenroll/cryptenroll.c index bcc4b6cca66..eed0a11aeba 100644 --- a/src/cryptenroll/cryptenroll.c +++ b/src/cryptenroll/cryptenroll.c @@ -780,7 +780,7 @@ static int run(int argc, char *argv[]) { if (r <= 0) return r; - r = dlopen_cryptsetup(LOG_ERR); + r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c index 0265b2d5a03..0bfe0c2ec77 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c @@ -38,7 +38,7 @@ _public_ int cryptsetup_token_open_pin( assert(pin || pin_size == 0); assert(token >= 0); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; @@ -103,7 +103,7 @@ _public_ void cryptsetup_token_dump( assert(json); - if (dlopen_cryptsetup(LOG_DEBUG) < 0) + if (DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED) < 0) return; r = parse_luks2_fido2_data(cd, json, &rp_id, &salt, &salt_size, &cid, &cid_size, &required); @@ -170,7 +170,7 @@ _public_ int cryptsetup_token_validate( assert(json); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c index 9a279ddbb7e..63be8a7c64a 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c @@ -37,7 +37,7 @@ _public_ int cryptsetup_token_open_pin( assert(pin || pin_size == 0); assert(token >= 0); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; @@ -95,7 +95,7 @@ _public_ void cryptsetup_token_dump( _cleanup_free_ void *pkcs11_key = NULL; Pkcs11RsaPadding rsa_padding = PKCS11_RSA_PADDING_PKCS1V15; - if (dlopen_cryptsetup(LOG_DEBUG) < 0) + if (DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED) < 0) return; r = parse_luks2_pkcs11_data(cd, json, &pkcs11_uri, &pkcs11_key, &pkcs11_key_size, &rsa_padding); @@ -125,7 +125,7 @@ _public_ int cryptsetup_token_validate( sd_json_variant *w; _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c index ad14942622f..70113268b61 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c @@ -61,7 +61,7 @@ _public_ int cryptsetup_token_open_pin( assert(ret_password); assert(ret_password_len); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; @@ -191,7 +191,7 @@ _public_ void cryptsetup_token_dump( assert(json); - if (dlopen_cryptsetup(LOG_DEBUG) < 0) + if (DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED) < 0) return; r = sd_json_parse(json, SD_JSON_PARSE_MUST_BE_OBJECT, &v, /* reterr_line= */ NULL, /* reterr_column= */ NULL); @@ -283,7 +283,7 @@ _public_ int cryptsetup_token_validate( assert(json); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 0f0d96372eb..39562019e48 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -538,7 +538,7 @@ static int parse_one_option(const char *option) { #if HAVE_OPENSSL _cleanup_strv_free_ char **l = NULL; - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -2881,7 +2881,7 @@ static int run(int argc, char *argv[]) { if (r <= 0) return r; - r = dlopen_cryptsetup(LOG_ERR); + r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index c79609f583c..d30749117ce 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -493,7 +493,7 @@ static int parse_argv(int argc, char *argv[]) { break; OPTION_LONG("make-archive", NULL, "Convert the DDI to an archive file"): - r = dlopen_libarchive(LOG_ERR); + r = DLOPEN_LIBARCHIVE(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/growfs/growfs.c b/src/growfs/growfs.c index 30d371200d4..ee8f8eebd20 100644 --- a/src/growfs/growfs.c +++ b/src/growfs/growfs.c @@ -33,7 +33,7 @@ static int resize_crypt_luks_device(dev_t devno, const char *fstype, dev_t main_ uint64_t size; int r; - r = dlopen_cryptsetup(LOG_ERR); + r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/home/homectl.c b/src/home/homectl.c index a90b517416c..95c5e101ed0 100644 --- a/src/home/homectl.c +++ b/src/home/homectl.c @@ -2482,7 +2482,7 @@ static int verb_list_signing_keys(int argc, char *argv[], uintptr_t _data, void /* Let's decode the PEM key to DER (so that we lose prefix/suffix), then truncate it * for display reasons. */ - r = dlopen_libcrypto(LOG_DEBUG); + r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c index 0fcf7b9395e..8ae56476d63 100644 --- a/src/home/homed-manager.c +++ b/src/home/homed-manager.c @@ -1537,7 +1537,7 @@ int manager_startup(Manager *m) { assert(m); - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/home/homework-fscrypt.c b/src/home/homework-fscrypt.c index 432f5d8678a..6f51f493289 100644 --- a/src/home/homework-fscrypt.c +++ b/src/home/homework-fscrypt.c @@ -232,7 +232,7 @@ static int fscrypt_slot_try_v1( assert(encrypted_size > 0); assert(match_key_descriptor); - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -331,7 +331,7 @@ static int fscrypt_slot_try_v2( assert(iovec_is_set(tag)); assert(match_key_descriptor); - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -700,7 +700,7 @@ static int fscrypt_slot_set( size_t encrypted_size; ssize_t ss; - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -813,7 +813,7 @@ int home_create_fscrypt( assert(setup); assert(ret_home); - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index 9cd0f2dc004..4a56551b9cf 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -146,7 +146,7 @@ static int probe_file_system_by_fd( assert(ret_fstype); assert(ret_uuid); - r = dlopen_libblkid(LOG_DEBUG); + r = DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -529,7 +529,7 @@ static int acquire_open_luks_device( assert(setup); assert(!setup->crypt_device); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -684,7 +684,7 @@ static int luks_validate( assert(ret_size); assert(sector_size > 0); - r = dlopen_libblkid(LOG_DEBUG); + r = DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -805,7 +805,7 @@ static int crypt_device_to_evp_cipher(struct crypt_device *cd, const EVP_CIPHER assert(cd); assert(ret); - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -1293,7 +1293,7 @@ int home_setup_luks( assert(setup); assert(user_record_storage(h) == USER_LUKS); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -1594,7 +1594,7 @@ int home_activate_luks( assert(setup); assert(ret_home); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -2211,11 +2211,11 @@ int home_create_luks( assert(setup->image_fd < 0); assert(ret_home); - r = dlopen_fdisk(LOG_DEBUG); + r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -3250,11 +3250,11 @@ int home_resize_luks( assert(user_record_storage(h) == USER_LUKS); assert(setup); - r = dlopen_fdisk(LOG_DEBUG); + r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -3712,7 +3712,7 @@ int home_passwd_luks( assert(user_record_storage(h) == USER_LUKS); assert(setup); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/home/homework.c b/src/home/homework.c index eecb91511c2..a5fca5a1188 100644 --- a/src/home/homework.c +++ b/src/home/homework.c @@ -1328,7 +1328,7 @@ static int determine_default_storage(UserStorage *ret) { if (r < 0) log_warning_errno(r, "Failed to determine if %s is encrypted, ignoring: %m", get_home_root()); - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) log_info("Not using '%s' storage, since libcryptsetup could not be loaded.", user_storage_to_string(USER_LUKS)); else { diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c index 6e24924e91c..abb75b9d928 100644 --- a/src/home/pam_systemd_home.c +++ b/src/home/pam_systemd_home.c @@ -786,11 +786,11 @@ _public_ PAM_EXTERN int pam_sm_authenticate( bool debug = false; int r; - r = dlopen_libpam(LOG_DEBUG); + r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return PAM_SERVICE_ERR; - (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */ + (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */ pam_log_setup(); @@ -853,11 +853,11 @@ _public_ PAM_EXTERN int pam_sm_open_session( bool debug = false; int r; - r = dlopen_libpam(LOG_DEBUG); + r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return PAM_SERVICE_ERR; - (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */ + (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */ pam_log_setup(); @@ -912,11 +912,11 @@ _public_ PAM_EXTERN int pam_sm_close_session( bool debug = false; int r; - r = dlopen_libpam(LOG_DEBUG); + r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return PAM_SERVICE_ERR; - (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */ + (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */ pam_log_setup(); @@ -979,11 +979,11 @@ _public_ PAM_EXTERN int pam_sm_acct_mgmt( usec_t t; int r; - r = dlopen_libpam(LOG_DEBUG); + r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return PAM_SERVICE_ERR; - (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */ + (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */ pam_log_setup(); @@ -1100,11 +1100,11 @@ _public_ PAM_EXTERN int pam_sm_chauthtok( bool debug = false; int r; - r = dlopen_libpam(LOG_DEBUG); + r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return PAM_SERVICE_ERR; - (void) dlopen_libintl(LOG_DEBUG); /* best-effort: messages won't be translated if this fails */ + (void) DLOPEN_LIBINTL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); /* best-effort: messages won't be translated if this fails */ pam_log_setup(); diff --git a/src/imds/imdsd.c b/src/imds/imdsd.c index e58e06b7b12..9959567f5f3 100644 --- a/src/imds/imdsd.c +++ b/src/imds/imdsd.c @@ -3065,7 +3065,7 @@ static int run(int argc, char* argv[]) { if (r <= 0) return r; - r = dlopen_curl(LOG_DEBUG); + r = DLOPEN_CURL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/import/import-common.c b/src/import/import-common.c index 840eac210f8..c7465147c46 100644 --- a/src/import/import-common.c +++ b/src/import/import-common.c @@ -32,7 +32,7 @@ int import_fork_tar_x(int tree_fd, int userns_fd, PidRef *ret_pid) { assert(tree_fd >= 0); assert(ret_pid); - r = dlopen_libarchive(LOG_DEBUG); + r = DLOPEN_LIBARCHIVE(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -99,7 +99,7 @@ int import_fork_tar_c(int tree_fd, int userns_fd, PidRef *ret_pid) { assert(tree_fd >= 0); assert(ret_pid); - r = dlopen_libarchive(LOG_DEBUG); + r = DLOPEN_LIBARCHIVE(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/import/pull-job.c b/src/import/pull-job.c index 31d6d34af6b..7d83c994ff5 100644 --- a/src/import/pull-job.c +++ b/src/import/pull-job.c @@ -282,7 +282,7 @@ static int pull_job_open_disk(PullJob *j) { } if (j->calc_checksum) { - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/integritysetup/integritysetup.c b/src/integritysetup/integritysetup.c index bdf1b25473b..619c3b10db5 100644 --- a/src/integritysetup/integritysetup.c +++ b/src/integritysetup/integritysetup.c @@ -204,7 +204,7 @@ static int run(int argc, char *argv[]) { log_setup(); - r = dlopen_cryptsetup(LOG_ERR); + r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c index e70fc4f6dbf..9b1085bb4cd 100644 --- a/src/journal-remote/journal-gatewayd.c +++ b/src/journal-remote/journal-gatewayd.c @@ -1258,7 +1258,7 @@ static int run(int argc, char *argv[]) { if (r <= 0) return r; - r = dlopen_microhttpd(LOG_ERR); + r = DLOPEN_MICROHTTPD(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c index 614ec61be90..2100190bda0 100644 --- a/src/journal-remote/journal-remote-main.c +++ b/src/journal-remote/journal-remote-main.c @@ -466,7 +466,7 @@ static int setup_microhttpd_server(RemoteServer *s, #if HAVE_MICROHTTPD int r; - r = dlopen_microhttpd(LOG_ERR); + r = DLOPEN_MICROHTTPD(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c index f4b698ae415..2eb47d21300 100644 --- a/src/journal-remote/journal-upload.c +++ b/src/journal-remote/journal-upload.c @@ -879,7 +879,7 @@ static int run(int argc, char **argv) { if (r <= 0) return r; - r = dlopen_curl(LOG_DEBUG); + r = DLOPEN_CURL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/keyutil/keyutil.c b/src/keyutil/keyutil.c index ab8e3eee982..c54f347079e 100644 --- a/src/keyutil/keyutil.c +++ b/src/keyutil/keyutil.c @@ -233,7 +233,7 @@ static int verb_extract_public(int argc, char *argv[], uintptr_t _data, void *us return r; } - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index b6f7ddd38c2..9bdd147db4d 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -1748,7 +1748,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( assert(pamh); - r = dlopen_libpam(LOG_DEBUG); + r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return PAM_SERVICE_ERR; @@ -1847,7 +1847,7 @@ _public_ PAM_EXTERN int pam_sm_close_session( assert(pamh); - r = dlopen_libpam(LOG_DEBUG); + r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return PAM_SERVICE_ERR; diff --git a/src/login/pam_systemd_loadkey.c b/src/login/pam_systemd_loadkey.c index 9d44863b02b..c93dedf5ea8 100644 --- a/src/login/pam_systemd_loadkey.c +++ b/src/login/pam_systemd_loadkey.c @@ -19,7 +19,7 @@ _public_ PAM_EXTERN int pam_sm_authenticate( assert(pamh); - r = dlopen_libpam(LOG_DEBUG); + r = DLOPEN_LIBPAM(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return PAM_SERVICE_ERR; diff --git a/src/measure/measure-tool.c b/src/measure/measure-tool.c index e7a3be6d643..70971c11adb 100644 --- a/src/measure/measure-tool.c +++ b/src/measure/measure-tool.c @@ -176,7 +176,7 @@ static int parse_argv(int argc, char *argv[], char ***ret_args) { "Select TPM bank (SHA1, SHA256, SHA384, SHA512)"): { const EVP_MD *implementation; - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; @@ -1122,7 +1122,7 @@ static int run(int argc, char *argv[]) { if (r <= 0) return r; - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/network/networkd-sysctl.c b/src/network/networkd-sysctl.c index c59cb2a5d70..ab4c03609a2 100644 --- a/src/network/networkd-sysctl.c +++ b/src/network/networkd-sysctl.c @@ -108,7 +108,7 @@ int manager_install_sysctl_monitor(Manager *manager) { assert(manager); - r = dlopen_bpf(LOG_DEBUG); + r = DLOPEN_BPF(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) return log_debug_errno(r, "sysctl monitor disabled, as BPF support is not available."); if (r < 0) diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c index bd28a67e6b1..0f206bd7067 100644 --- a/src/nspawn/nspawn-oci.c +++ b/src/nspawn/nspawn-oci.c @@ -1826,7 +1826,7 @@ static int oci_seccomp(const char *name, sd_json_variant *v, sd_json_dispatch_fl if (r < 0) return json_log(def, flags, r, "Unknown default action: %s", sd_json_variant_string(def)); - r = dlopen_libseccomp(LOG_DEBUG); + r = DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return json_log(def, flags, r, "No support for libseccomp: %m"); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index cb78f1ccfb3..bbd5f411d41 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -6146,9 +6146,9 @@ static int run(int argc, char *argv[]) { if (arg_cleanup) return do_cleanup(); - (void) dlopen_libmount(LOG_DEBUG); - (void) dlopen_libseccomp(LOG_DEBUG); - (void) dlopen_libselinux(LOG_DEBUG); + (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_LIBSECCOMP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_LIBSELINUX(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); r = cg_has_legacy(); if (r < 0) diff --git a/src/nsresourced/userns-restrict.c b/src/nsresourced/userns-restrict.c index bc7bac6942d..1b82c797f09 100644 --- a/src/nsresourced/userns-restrict.c +++ b/src/nsresourced/userns-restrict.c @@ -68,7 +68,7 @@ int userns_restrict_install( if (r == 0) return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "bpf-lsm not supported, can't lock down user namespace."); - r = dlopen_bpf(LOG_DEBUG); + r = DLOPEN_BPF(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/pcrextend/pcrextend.c b/src/pcrextend/pcrextend.c index ac432aaac57..d5d4a23d51a 100644 --- a/src/pcrextend/pcrextend.c +++ b/src/pcrextend/pcrextend.c @@ -90,7 +90,7 @@ static int parse_argv(int argc, char *argv[], char ***ret_args) { OPTION_LONG("bank", "DIGEST", "Select TPM PCR bank (SHA1, SHA256)"): { const EVP_MD *implementation; - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c index 247c36cca15..5aba4e966bb 100644 --- a/src/pcrlock/pcrlock.c +++ b/src/pcrlock/pcrlock.c @@ -5481,7 +5481,7 @@ static int run(int argc, char *argv[]) { if (r <= 0) return r; - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/portable/portable.c b/src/portable/portable.c index f9f47f2e0fd..a98c1162d95 100644 --- a/src/portable/portable.c +++ b/src/portable/portable.c @@ -610,8 +610,8 @@ static int portable_extract_by_path( * there, and extract the metadata we need. The metadata is sent from the child back to us. */ /* Load some libraries before we fork workers off that want to use them */ - (void) dlopen_cryptsetup(LOG_DEBUG); - (void) dlopen_libmount(LOG_DEBUG); + (void) DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); r = mkdtemp_malloc("/tmp/inspect-XXXXXX", &tmpdir); if (r < 0) diff --git a/src/repart/repart.c b/src/repart/repart.c index a9d6d8efec9..53204e94db9 100644 --- a/src/repart/repart.c +++ b/src/repart/repart.c @@ -3101,7 +3101,7 @@ static int partition_read_definition( "Cannot format %s filesystem without source files, refusing.", p->format); if (p->verity != VERITY_OFF || p->encrypt != ENCRYPT_OFF) { - r = dlopen_cryptsetup(LOG_DEBUG); + r = DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return log_syntax(NULL, LOG_ERR, path, 1, r, "libcryptsetup not found, Verity=/Encrypt= are not supported: %m"); @@ -4708,7 +4708,7 @@ static int context_wipe_range(Context *context, uint64_t offset, uint64_t size) assert(offset != UINT64_MAX); assert(size != UINT64_MAX); - r = dlopen_libblkid(LOG_ERR); + r = DLOPEN_LIBBLKID(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; @@ -5400,7 +5400,7 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta assert(p); assert(p->encrypt != ENCRYPT_OFF); - r = dlopen_cryptsetup(LOG_ERR); + r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -5939,7 +5939,7 @@ static int partition_format_verity_hash( (void) partition_hint(p, node, &hint); - r = dlopen_cryptsetup(LOG_ERR); + r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -6041,7 +6041,7 @@ static int sign_verity_roothash( assert(iovec_is_set(roothash)); assert(ret_signature); - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -7128,7 +7128,7 @@ static int partition_populate_filesystem(Context *context, Partition *p, const c * appear in the host namespace. Hence we fork a child that has its own file system namespace and * detached mount propagation. */ - (void) dlopen_libmount(LOG_DEBUG); + (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); r = pidref_safe_fork( "(sd-copy)", @@ -8720,7 +8720,7 @@ static int resolve_copy_blocks_auto_candidate( return log_error_errno(r, "Failed to open block device " DEVNUM_FORMAT_STR ": %m", DEVNUM_FORMAT_VAL(whole_devno)); - r = dlopen_libblkid(LOG_ERR); + r = DLOPEN_LIBBLKID(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; @@ -11543,7 +11543,7 @@ static int run(int argc, char *argv[]) { if (r <= 0) return r; - r = dlopen_fdisk(LOG_ERR); + r = DLOPEN_FDISK(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/report/report-upload.c b/src/report/report-upload.c index 471bcb76060..aea12e62a53 100644 --- a/src/report/report-upload.c +++ b/src/report/report-upload.c @@ -81,7 +81,7 @@ static int http_upload_collected(Context *context, sd_json_variant *report) { _cleanup_free_ char *json = NULL; int r; - r = dlopen_curl(LOG_DEBUG); + r = DLOPEN_CURL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index f33bba28ff1..9112369a74c 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -709,7 +709,7 @@ int dnssec_verify_rrset( assert(dnskey); assert(result); - r = dlopen_libcrypto(LOG_DEBUG); + r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -1066,7 +1066,7 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, assert(dnskey); assert(ds); - r = dlopen_libcrypto(LOG_DEBUG); + r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -1206,7 +1206,7 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) { assert(name); assert(ret); - r = dlopen_libcrypto(LOG_DEBUG); + r = DLOPEN_LIBCRYPTO(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/resolve/resolved-dnstls.c b/src/resolve/resolved-dnstls.c index f59c2fa348f..e7191f2e7f4 100644 --- a/src/resolve/resolved-dnstls.c +++ b/src/resolve/resolved-dnstls.c @@ -397,11 +397,11 @@ int dnstls_manager_init(Manager *manager) { assert(manager); - r = dlopen_libcrypto(LOG_WARNING); + r = DLOPEN_LIBCRYPTO(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; - r = dlopen_libssl(LOG_WARNING); + r = DLOPEN_LIBSSL(LOG_WARNING, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/resolve/resolved-util.c b/src/resolve/resolved-util.c index 094ef006985..7b591ebbb90 100644 --- a/src/resolve/resolved-util.c +++ b/src/resolve/resolved-util.c @@ -36,7 +36,7 @@ int resolve_system_hostname(char **full_hostname, char **first_label) { #if HAVE_LIBIDN2 _cleanup_free_ char *utf8 = NULL; - if (dlopen_idn(LOG_DEBUG) >= 0) { + if (DLOPEN_IDN(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED) >= 0) { r = sym_idn2_to_unicode_8z8z(label, &utf8, 0); if (r != IDN2_OK) return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN), diff --git a/src/sbsign/sbsign.c b/src/sbsign/sbsign.c index 1d690220d1b..cad7cc54db0 100644 --- a/src/sbsign/sbsign.c +++ b/src/sbsign/sbsign.c @@ -425,7 +425,7 @@ static int verb_sign(int argc, char *argv[], uintptr_t _data, void *userdata) { _cleanup_(iovec_done) struct iovec signed_attributes_signature = {}; int r; - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/shutdown/detach-swap.c b/src/shutdown/detach-swap.c index 04efbfeb36d..585a2f85a68 100644 --- a/src/shutdown/detach-swap.c +++ b/src/shutdown/detach-swap.c @@ -36,7 +36,7 @@ int swap_list_get(const char *swaps, SwapDevice **head) { assert(head); - r = dlopen_libmount(LOG_ERR); + r = DLOPEN_LIBMOUNT(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index a3b1ba6221b..ce2468fafda 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -1676,7 +1676,7 @@ static int unmerge( bool need_to_reload; int r; - (void) dlopen_libmount(LOG_DEBUG); + (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); r = need_reload(image_class, hierarchies, no_reload); if (r < 0) @@ -2257,9 +2257,9 @@ static int merge(ImageClass image_class, int r; - (void) dlopen_cryptsetup(LOG_DEBUG); - (void) dlopen_libblkid(LOG_DEBUG); - (void) dlopen_libmount(LOG_DEBUG); + (void) DLOPEN_CRYPTSETUP(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); + (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL; r = pidref_safe_fork("(sd-merge)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_NEW_MOUNTNS, &pidref); diff --git a/src/sysupdate/sysupdate-partition.c b/src/sysupdate/sysupdate-partition.c index 0b346da62d1..6361093231d 100644 --- a/src/sysupdate/sysupdate-partition.c +++ b/src/sysupdate/sysupdate-partition.c @@ -161,7 +161,7 @@ int find_suitable_partition( POINTER_MAY_BE_NULL(partition_type); assert(ret); - r = dlopen_fdisk(LOG_DEBUG); + r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -230,7 +230,7 @@ int patch_partition( if (change == 0) /* Nothing to do */ return 0; - r = dlopen_fdisk(LOG_DEBUG); + r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/sysupdate/sysupdate-resource.c b/src/sysupdate/sysupdate-resource.c index a91741a49f1..e234b3c9148 100644 --- a/src/sysupdate/sysupdate-resource.c +++ b/src/sysupdate/sysupdate-resource.c @@ -234,7 +234,7 @@ static int resource_load_from_blockdev(Resource *rr) { assert(rr); - r = dlopen_fdisk(LOG_DEBUG); + r = DLOPEN_FDISK(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/test/test-bpf-restrict-fsaccess.c b/src/test/test-bpf-restrict-fsaccess.c index 0d4e18671aa..80d448815cf 100644 --- a/src/test/test-bpf-restrict-fsaccess.c +++ b/src/test/test-bpf-restrict-fsaccess.c @@ -107,7 +107,7 @@ static int do_attach(void) { struct stat st; int r; - r = dlopen_bpf(LOG_ERR); + r = DLOPEN_BPF(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return log_error_errno(r, "Failed to dlopen libbpf: %m"); diff --git a/src/test/test-bpf-token.c b/src/test/test-bpf-token.c index f991f926012..f7156f7ff53 100644 --- a/src/test/test-bpf-token.c +++ b/src/test/test-bpf-token.c @@ -11,7 +11,7 @@ static int run(int argc, char *argv[]) { #if HAVE_LIBBPF int r; - r = dlopen_bpf(LOG_ERR); + r = DLOPEN_BPF(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index fa2b21f73a0..2c7ac181095 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -1267,7 +1267,7 @@ static int parse_acl_cond_exec( assert(cond_exec); assert(ret); - r = dlopen_libacl(LOG_DEBUG); + r = DLOPEN_LIBACL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; @@ -1386,7 +1386,7 @@ static int path_set_acl( assert(c); - r = dlopen_libacl(LOG_DEBUG); + r = DLOPEN_LIBACL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (r < 0) return r; diff --git a/src/tpm2-setup/tpm2-setup.c b/src/tpm2-setup/tpm2-setup.c index eb25d7fd7f5..ab0966f8d92 100644 --- a/src/tpm2-setup/tpm2-setup.c +++ b/src/tpm2-setup/tpm2-setup.c @@ -569,7 +569,7 @@ static int run(int argc, char *argv[]) { return EXIT_SUCCESS; } - r = dlopen_libcrypto(LOG_ERR); + r = DLOPEN_LIBCRYPTO(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/udev/udev-builtin-blkid.c b/src/udev/udev-builtin-blkid.c index 4cd22a889fc..57fa7f9585d 100644 --- a/src/udev/udev-builtin-blkid.c +++ b/src/udev/udev-builtin-blkid.c @@ -506,7 +506,7 @@ static int builtin_blkid(UdevEvent *event, int argc, char *argv[]) { int64_t offset = 0; int r; - r = dlopen_libblkid(LOG_DEBUG); + r = DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return log_device_debug_errno(dev, r, "blkid not available: %m"); diff --git a/src/udev/udevd.c b/src/udev/udevd.c index 593eee89b8b..4cbc481c768 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -58,11 +58,11 @@ int run_udevd(int argc, char *argv[]) { return log_error_errno(r, "Failed to create /run/udev: %m"); /* Load some shared libraries before we fork any workers */ - (void) dlopen_libacl(LOG_DEBUG); - (void) dlopen_libblkid(LOG_DEBUG); - (void) dlopen_libkmod(LOG_DEBUG); - (void) dlopen_libmount(LOG_DEBUG); - (void) dlopen_tpm2(LOG_DEBUG); + (void) DLOPEN_LIBACL(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_LIBBLKID(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_LIBKMOD(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_LIBMOUNT(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); + (void) DLOPEN_TPM2(LOG_DEBUG, SD_ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED); if (arg_daemonize) { pid_t pid; diff --git a/src/validatefs/validatefs.c b/src/validatefs/validatefs.c index 506b8198709..994fcbeb13d 100644 --- a/src/validatefs/validatefs.c +++ b/src/validatefs/validatefs.c @@ -290,7 +290,7 @@ static int validate_gpt_metadata_one(sd_device *d, const char *path, const Valid assert(d); assert(f); - r = dlopen_libblkid(LOG_ERR); + r = DLOPEN_LIBBLKID(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r; diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c index e9ce2bdfecb..42e5356b115 100644 --- a/src/veritysetup/veritysetup.c +++ b/src/veritysetup/veritysetup.c @@ -491,7 +491,7 @@ static int run(int argc, char *argv[]) { log_setup(); - r = dlopen_cryptsetup(LOG_ERR); + r = DLOPEN_CRYPTSETUP(LOG_ERR, SD_ELF_NOTE_DLOPEN_PRIORITY_REQUIRED); if (r < 0) return r;