# Ignore any mkosi config files with "local" in the name
/mkosi.default.d/**/*local*.conf
/tags
+.dir-locals-2.el
# Power Delivery Analyzers
usb:v1679p6003*
-usb:v0483pDF11*
ID_SIGNAL_ANALYZER=1
###########################################################
<programlisting>$ systemctl status bluetooth
● bluetooth.service - Bluetooth service
- Loaded: loaded (/usr/lib/systemd/system/bluetooth.service; enabled; vendor preset: enabled)
+ Loaded: loaded (/usr/lib/systemd/system/bluetooth.service; enabled; preset: enabled)
Active: active (running) since Wed 2017-01-04 13:54:04 EST; 1 weeks 0 days ago
Docs: man:bluetoothd(8)
Main PID: 930 (bluetoothd)
Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output error (5)
</programlisting>
- <para>The dot ("●") uses color on supported terminals to summarize the unit state at a glance. Along with
- its color, its shape varies according to its state: <literal>inactive</literal> or
- <literal>maintenance</literal> is a white circle ("○"), <literal>active</literal> is a green dot ("●"),
- <literal>deactivating</literal> is a white dot, <literal>failed</literal> or <literal>error</literal> is
- a red cross ("×"), and <literal>reloading</literal> is a green clockwise circle arrow ("↻").
- </para>
-
- <para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been loaded into
- memory. Other possible values for "Loaded:" include: <literal>error</literal> if there was a problem
- loading it, <literal>not-found</literal> if no unit file was found for this unit,
- <literal>bad-setting</literal> if an essential unit file setting could not be parsed and
- <literal>masked</literal> if the unit file has been masked. Along with showing the path to the unit file,
- this line will also show the enablement state. Enabled commands start at boot. See the full table of
- possible enablement states — including the definition of <literal>masked</literal> — in the documentation
- for the <command>is-enabled</command> command.
+ <para>The dot ("●") uses color on supported terminals to summarize the unit state at a
+ glance. Along with its color, its shape varies according to its state:
+ <literal>inactive</literal> or <literal>maintenance</literal> is a white circle ("○"),
+ <literal>active</literal> is a green dot ("●"), <literal>deactivating</literal> is a white dot,
+ <literal>failed</literal> or <literal>error</literal> is a red cross ("×"), and
+ <literal>reloading</literal> is a green clockwise circle arrow ("↻").</para>
+
+ <para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been
+ loaded into memory. Other possible values for "Loaded:" include: <literal>error</literal> if
+ there was a problem loading it, <literal>not-found</literal> if no unit file was found for this
+ unit, <literal>bad-setting</literal> if an essential unit file setting could not be parsed and
+ <literal>masked</literal> if the unit file has been masked. Along with showing the path to the
+ unit file, this line will also show the enablement state. Enabled units are included in the
+ dependency network between units, and thus are started at boot or via some other form of
+ activation. See the full table of possible enablement states — including the definition of
+ <literal>masked</literal> — in the documentation for the <command>is-enabled</command> command.
</para>
<para>The "Active:" line shows active state. The value is usually <literal>active</literal> or
- <literal>inactive</literal>. Active could mean started, bound, plugged in, etc depending on the unit type.
- The unit could also be in process of changing states, reporting a state of <literal>activating</literal> or
- <literal>deactivating</literal>. A special <literal>failed</literal> state is entered when the service
- failed in some way, such as a crash, exiting with an error code or timing out. If the failed state is
- entered the cause will be logged for later reference.</para>
+ <literal>inactive</literal>. Active could mean started, bound, plugged in, etc depending on the
+ unit type. The unit could also be in process of changing states, reporting a state of
+ <literal>activating</literal> or <literal>deactivating</literal>. A special
+ <literal>failed</literal> state is entered when the service failed in some way, such as a crash,
+ exiting with an error code or timing out. If the failed state is entered the cause will be logged
+ for later reference.</para>
</example>
</listitem>
userunitdir = prefixdir / 'lib/systemd/user'
userpresetdir = prefixdir / 'lib/systemd/user-preset'
tmpfilesdir = prefixdir / 'lib/tmpfiles.d'
+usertmpfilesdir = prefixdir / 'share/user-tmpfiles.d'
sysusersdir = prefixdir / 'lib/sysusers.d'
sysctldir = prefixdir / 'lib/sysctl.d'
binfmtdir = prefixdir / 'lib/binfmt.d'
conf.set_quoted('SYSTEM_SYSVRCND_PATH', sysvrcnd_path)
conf.set_quoted('SYSUSERS_DIR', sysusersdir)
conf.set_quoted('TMPFILES_DIR', tmpfilesdir)
+conf.set_quoted('USER_TMPFILES_DIR', usertmpfilesdir)
conf.set_quoted('UDEVLIBEXECDIR', udevlibexecdir)
conf.set_quoted('UDEV_HWDB_DIR', udevhwdbdir)
conf.set_quoted('UDEV_RULES_DIR', udevrulesdir)
Set *system_call_architectures;
bool system_call_filter_allow_list;
- Hashmap *system_call_filter;
+ Set *system_call_filter;
mode_t _umask;
} SecurityInfo;
strv_free(i->supplementary_groups);
set_free(i->system_call_architectures);
-
- hashmap_free(i->system_call_filter);
+ set_free(i->system_call_filter);
return mfree(i);
}
return 0;
}
-static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFilterSet *f, const char **ret_offending_syscall) {
+static bool syscall_names_in_filter(Set *s, bool allow_list, const SyscallFilterSet *f, const char **ret_offending_syscall) {
const char *syscall;
NULSTR_FOREACH(syscall, f->value) {
- int id;
-
if (syscall[0] == '@') {
const SyscallFilterSet *g;
}
/* Let's see if the system call actually exists on this platform, before complaining */
- id = seccomp_syscall_resolve_name(syscall);
- if (id < 0)
+ if (seccomp_syscall_resolve_name(syscall) < 0)
continue;
- if (hashmap_contains(s, syscall) != allow_list) {
+ if (set_contains(s, syscall) == allow_list) {
log_debug("Offending syscall filter item: %s", syscall);
if (ret_offending_syscall)
*ret_offending_syscall = syscall;
uint64_t b;
int r;
- if (!info->system_call_filter_allow_list && hashmap_isempty(info->system_call_filter)) {
+ if (!info->system_call_filter_allow_list && set_isempty(info->system_call_filter)) {
r = free_and_strdup(&d, "Service does not filter system calls");
b = 10;
} else {
if (r == 0)
break;
- /* The actual ExecContext stores the system call id as the map value, which we don't
- * need. So we assign NULL to all values here. */
- r = hashmap_put_strdup(&info->system_call_filter, name, NULL);
+ /* ignore errno or action after colon */
+ r = set_put_strndup(&info->system_call_filter, name, strchrnul(name, ':') - name);
if (r < 0)
return r;
}
if (set_put_strdup(&info->system_call_architectures, name) < 0)
return log_oom();
}
-#endif
info->system_call_filter_allow_list = c->syscall_allow_list;
- if (c->syscall_filter) {
- info->system_call_filter = hashmap_copy(c->syscall_filter);
- if (!info->system_call_filter)
+
+ void *id, *num;
+ HASHMAP_FOREACH_KEY(num, id, c->syscall_filter) {
+ _cleanup_free_ char *name = NULL;
+
+ if (info->system_call_filter_allow_list && PTR_TO_INT(num) >= 0)
+ continue;
+
+ name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, PTR_TO_INT(id) - 1);
+ if (!name)
+ continue;
+
+ if (set_ensure_consume(&info->system_call_filter, &string_hash_ops_free, TAKE_PTR(name)) < 0)
return log_oom();
}
+#endif
}
if (g) {
return r;
}
-int _set_put_strdup_full(Set **s, const struct hash_ops *hash_ops, const char *p HASHMAP_DEBUG_PARAMS) {
+int _set_put_strndup_full(Set **s, const struct hash_ops *hash_ops, const char *p, size_t n HASHMAP_DEBUG_PARAMS) {
char *c;
int r;
if (r < 0)
return r;
- if (set_contains(*s, (char*) p))
- return 0;
+ if (n == SIZE_MAX) {
+ if (set_contains(*s, (char*) p))
+ return 0;
- c = strdup(p);
+ c = strdup(p);
+ } else
+ c = strndup(p, n);
if (!c)
return -ENOMEM;
assert(s);
STRV_FOREACH(i, l) {
- r = _set_put_strdup_full(s, hash_ops, *i HASHMAP_DEBUG_PASS_ARGS);
+ r = _set_put_strndup_full(s, hash_ops, *i, SIZE_MAX HASHMAP_DEBUG_PASS_ARGS);
if (r < 0)
return r;
int set_consume(Set *s, void *value);
-int _set_put_strdup_full(Set **s, const struct hash_ops *hash_ops, const char *p HASHMAP_DEBUG_PARAMS);
-#define set_put_strdup_full(s, hash_ops, p) _set_put_strdup_full(s, hash_ops, p HASHMAP_DEBUG_SRC_ARGS)
-#define set_put_strdup(s, p) set_put_strdup_full(s, &string_hash_ops_free, p)
+int _set_put_strndup_full(Set **s, const struct hash_ops *hash_ops, const char *p, size_t n HASHMAP_DEBUG_PARAMS);
+#define set_put_strndup_full(s, hash_ops, p, n) _set_put_strndup_full(s, hash_ops, p, n HASHMAP_DEBUG_SRC_ARGS)
+#define set_put_strdup_full(s, hash_ops, p) set_put_strndup_full(s, hash_ops, p, SIZE_MAX)
+#define set_put_strndup(s, p, n) set_put_strndup_full(s, &string_hash_ops_free, p, n)
+#define set_put_strdup(s, p) set_put_strndup(s, p, SIZE_MAX)
+
int _set_put_strdupv_full(Set **s, const struct hash_ops *hash_ops, char **l HASHMAP_DEBUG_PARAMS);
#define set_put_strdupv_full(s, hash_ops, l) _set_put_strdupv_full(s, hash_ops, l HASHMAP_DEBUG_SRC_ARGS)
#define set_put_strdupv(s, l) set_put_strdupv_full(s, &string_hash_ops_free, l)
t = b;
}
- n = MIN((size_t) k, l);
+ n = MIN((size_t) k, l-1);
l -= n;
p += n;
/* We have to use the correct order here:
*
- * → First, try to detect Oracle Virtualbox and Amazon EC2 Nitro, even if they use KVM, as well as Xen even if
- * it cloaks as Microsoft Hyper-V. Attempt to detect uml at this stage also since it runs as a user-process
- * nested inside other VMs. Also check for Xen now, because Xen PV mode does not override CPUID when nested
- * inside another hypervisor.
+ * → First, try to detect Oracle Virtualbox, Amazon EC2 Nitro, and Parallels, even if they use KVM,
+ * as well as Xen even if it cloaks as Microsoft Hyper-V. Attempt to detect uml at this stage also
+ * since it runs as a user-process nested inside other VMs. Also check for Xen now, because Xen PV
+ * mode does not override CPUID when nested inside another hypervisor.
*
- * → Second, try to detect from CPUID, this will report KVM for whatever software is used even if info in DMI is
- * overwritten.
+ * → Second, try to detect from CPUID, this will report KVM for whatever software is used even if
+ * info in DMI is overwritten.
*
* → Third, try to detect from DMI. */
dmi = detect_vm_dmi();
- if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN, VIRTUALIZATION_AMAZON)) {
+ if (IN_SET(dmi,
+ VIRTUALIZATION_ORACLE,
+ VIRTUALIZATION_XEN,
+ VIRTUALIZATION_AMAZON,
+ VIRTUALIZATION_PARALLELS)) {
v = dmi;
goto finish;
}
h = &gpt_header_buffer->gpt_header;
/* Some superficial validation of the GPT header */
- if (CompareMem(&h->Header.Signature, "EFI PART", sizeof(h->Header.Signature) != 0))
+ if (CompareMem(&h->Header.Signature, "EFI PART", sizeof(h->Header.Signature)) != 0)
return FALSE;
if (h->Header.HeaderSize < 92 || h->Header.HeaderSize > 512)
r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
if (r == -ENOMEM)
return log_oom();
- if (r <= 0 || isempty(p)) {
+ if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to extract device path and weight from '%s', ignoring.", rvalue);
return 0;
}
+ if (r == 0 || isempty(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0,
+ "Invalid device path or weight specified in '%s', ignoring.", rvalue);
+ return 0;
+ }
r = unit_path_printf(userdata, path, &resolved);
if (r < 0) {
r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
if (r == -ENOMEM)
return log_oom();
- if (r <= 0 || isempty(p)) {
+ if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to extract device path and latency from '%s', ignoring.", rvalue);
return 0;
}
+ if (r == 0 || isempty(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0,
+ "Invalid device path or latency specified in '%s', ignoring.", rvalue);
+ return 0;
+ }
r = unit_path_printf(userdata, path, &resolved);
if (r < 0) {
r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
if (r == -ENOMEM)
return log_oom();
- if (r <= 0 || isempty(p)) {
+ if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
return 0;
}
+ if (r == 0 || isempty(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0,
+ "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue);
+ return 0;
+ }
r = unit_path_printf(userdata, path, &resolved);
if (r < 0) {
r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
if (r == -ENOMEM)
return log_oom();
- if (r <= 0 || isempty(p)) {
+ if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to extract device node and weight from '%s', ignoring.", rvalue);
return 0;
}
+ if (r == 0 || isempty(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0,
+ "Invalid device node or weight specified in '%s', ignoring.", rvalue);
+ return 0;
+ }
r = unit_path_printf(userdata, path, &resolved);
if (r < 0) {
r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
if (r == -ENOMEM)
return log_oom();
- if (r <= 0 || isempty(p)) {
+ if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
return 0;
}
+ if (r == 0 || isempty(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0,
+ "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue);
+ return 0;
+ }
r = unit_path_printf(userdata, path, &resolved);
if (r < 0) {
r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
if (r == -ENOMEM)
return log_oom();
- if (r <= 0 || !p) {
- log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
+ if (r < 0) {
+ log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract credential name, ignoring: %s", rvalue);
+ return 0;
+ }
+ if (r == 0 || isempty(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", rvalue);
return 0;
}
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
- log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
+ log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
return 0;
}
void *userdata) {
_cleanup_free_ char *resolved = NULL, *word = NULL;
CGroupContext *c = data;
+ const char *p = rvalue;
Unit *u = userdata;
int attach_type, r;
return 0;
}
- r = extract_first_word(&rvalue, &word, ":", 0);
+ r = extract_first_word(&p, &word, ":", 0);
if (r == -ENOMEM)
return log_oom();
- if (r <= 0 || isempty(rvalue)) {
+ if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse foreign BPF program, ignoring: %s", rvalue);
return 0;
}
+ if (r == 0 || isempty(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax in %s=, ignoring: %s", lvalue, rvalue);
+ return 0;
+ }
attach_type = bpf_cgroup_attach_type_from_string(word);
if (attach_type < 0) {
return 0;
}
- r = unit_path_printf(u, rvalue, &resolved);
+ r = unit_path_printf(u, p, &resolved);
if (r < 0) {
- log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
+ log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %s", p, rvalue);
return 0;
}
write_container_id();
}
- if (arg_watchdog_device) {
- r = watchdog_set_device(arg_watchdog_device);
- if (r < 0)
- log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device);
- }
+ r = watchdog_set_device(arg_watchdog_device);
+ if (r < 0)
+ log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device);
} else {
_cleanup_free_ char *p = NULL;
arg_reboot_watchdog = 10 * USEC_PER_MINUTE;
arg_kexec_watchdog = 0;
arg_pretimeout_watchdog = 0;
- arg_early_core_pattern = NULL;
- arg_watchdog_device = NULL;
+ arg_early_core_pattern = mfree(arg_early_core_pattern);
+ arg_watchdog_device = mfree(arg_watchdog_device);
arg_watchdog_pretimeout_governor = mfree(arg_watchdog_pretimeout_governor);
arg_default_environment = strv_free(arg_default_environment);
#include <linux/loop.h>
#include <sched.h>
#include <stdio.h>
+#include <sys/file.h>
#include <sys/mount.h>
#include <unistd.h>
#include <linux/fs.h>
r = label_fix_container(dev, "/dev", 0);
if (r < 0) {
- log_debug_errno(errno, "Failed to fix label of '%s' as /dev: %m", dev);
+ log_debug_errno(r, "Failed to fix label of '%s' as /dev: %m", dev);
goto fail;
}
tmpfiles_dir=${prefix}/lib/tmpfiles.d
tmpfilesdir=${tmpfiles_dir}
+user_tmpfiles_dir=${prefix}/share/user-tmpfiles.d
+
sysusers_dir=${rootprefix}/lib/sysusers.d
sysusersdir=${sysusers_dir}
if (truncated)
log_struct(LOG_INFO,
- LOG_MESSAGE("Core file was truncated to %zu bytes.", max_size),
- "SIZE_LIMIT=%zu", max_size,
+ LOG_MESSAGE("Core file was truncated to %"PRIu64" bytes.", max_size),
+ "SIZE_LIMIT=%"PRIu64, max_size,
"MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR);
r = fix_permissions(fd, tmp, fn, context, uid);
#include <getopt.h>
#include <linux/loop.h>
#include <stdio.h>
+#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
# define UNALIGNED_P(p) (((size_t) p) % sizeof(uint32_t) != 0)
# endif
#else
-# define UNALIGNED_P(p) false
+# define UNALIGNED_P(p) sd_false
#endif
/* This array contains the bytes used to pad the buffer to the next
}
int home_deactivate_luks(UserRecord *h, HomeSetup *setup) {
- bool we_detached;
+ bool we_detached = false;
int r;
assert(h);
r = acquire_open_luks_device(h, setup, /* graceful= */ true);
if (r < 0)
return log_error_errno(r, "Failed to initialize cryptsetup context for %s: %m", setup->dm_name);
- if (r == 0) {
+ if (r == 0)
log_debug("LUKS device %s has already been detached.", setup->dm_name);
- we_detached = false;
- }
}
if (setup->crypt_device) {
cryptsetup_enable_logging(setup->crypt_device);
r = sym_crypt_deactivate_by_name(setup->crypt_device, setup->dm_name, 0);
- if (ERRNO_IS_DEVICE_ABSENT(r) || r == -EINVAL) {
+ if (ERRNO_IS_DEVICE_ABSENT(r) || r == -EINVAL)
log_debug_errno(r, "LUKS device %s is already detached.", setup->dm_node);
- we_detached = false;
- } else if (r < 0)
+ else if (r < 0)
return log_info_errno(r, "LUKS device %s couldn't be deactivated: %m", setup->dm_node);
else {
log_info("LUKS device detaching completed.");
}
#else
-int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) {
+_noreturn_ int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) {
assert_not_reached();
}
# kernel's install.sh invokes us as
# /sbin/installkernel <version> <vmlinuz> <map> <installation-dir>
# We ignore the last two arguments.
- set -- "$1"
+ set -- "${1:?}" "${2:?}"
else
COMMAND="$1"
[ $# -ge 1 ] && shift
break;
default:
- log_debug("Ignoring option DHCP option %"PRIu8" while parsing.", code);
+ log_debug("Ignoring DHCP option %"PRIu8" while parsing.", code);
break;
}
assert_return(device, -EINVAL);
r = device_read_db(device);
+ if (r == -ENOENT)
+ /* The device may be already removed or renamed. */
+ return false;
if (r < 0)
return r;
event_close_inode_data_fds(e);
- if (event_next_pending(e) || e->need_process_child)
+ if (event_next_pending(e) || e->need_process_child || !LIST_IS_EMPTY(e->inotify_data_buffered))
goto pending;
e->state = SD_EVENT_ARMED;
assert_se(sd_event_loop(e) >= 0);
}
+struct inotify_process_buffered_data_context {
+ const char *path[2];
+ unsigned i;
+};
+
+static int inotify_process_buffered_data_handler(sd_event_source *s, const struct inotify_event *ev, void *userdata) {
+ struct inotify_process_buffered_data_context *c = ASSERT_PTR(userdata);
+ const char *description;
+
+ assert_se(sd_event_source_get_description(s, &description) >= 0);
+
+ assert_se(c->i < 2);
+ assert_se(streq(c->path[c->i], description));
+ c->i++;
+
+ return 1;
+}
+
+TEST(inotify_process_buffered_data) {
+ _cleanup_(rm_rf_physical_and_freep) char *p = NULL, *q = NULL;
+ _cleanup_(sd_event_source_unrefp) sd_event_source *a = NULL, *b = NULL;
+ _cleanup_(sd_event_unrefp) sd_event *e = NULL;
+ _cleanup_free_ char *z = NULL;
+
+ /* For issue #23826 */
+
+ assert_se(sd_event_default(&e) >= 0);
+
+ assert_se(mkdtemp_malloc("/tmp/test-inotify-XXXXXX", &p) >= 0);
+ assert_se(mkdtemp_malloc("/tmp/test-inotify-XXXXXX", &q) >= 0);
+
+ struct inotify_process_buffered_data_context context = {
+ .path = { p, q },
+ };
+
+ assert_se(sd_event_add_inotify(e, &a, p, IN_CREATE, inotify_process_buffered_data_handler, &context) >= 0);
+ assert_se(sd_event_add_inotify(e, &b, q, IN_CREATE, inotify_process_buffered_data_handler, &context) >= 0);
+
+ assert_se(z = path_join(p, "aaa"));
+ assert_se(touch(z) >= 0);
+ z = mfree(z);
+ assert_se(z = path_join(q, "bbb"));
+ assert_se(touch(z) >= 0);
+ z = mfree(z);
+
+ assert_se(sd_event_run(e, 10 * USEC_PER_SEC) > 0);
+ assert_se(sd_event_prepare(e) > 0); /* issue #23826: this was 0. */
+ assert_se(sd_event_dispatch(e) > 0);
+ assert_se(sd_event_prepare(e) == 0);
+ assert_se(sd_event_wait(e, 0) == 0);
+}
+
DEFINE_TEST_MAIN(LOG_DEBUG);
char c = s[i];
if (!(c >= '0' && c <= '9') &&
- !(c >= 'a' && c <= 'z') &&
- !(c >= 'A' && c <= 'Z'))
+ !(c >= 'a' && c <= 'f') &&
+ !(c >= 'A' && c <= 'F'))
return false;
}
return false;
} else {
if (!(c >= '0' && c <= '9') &&
- !(c >= 'a' && c <= 'z') &&
- !(c >= 'A' && c <= 'Z'))
+ !(c >= 'a' && c <= 'f') &&
+ !(c >= 'A' && c <= 'F'))
return false;
}
}
if (le64toh(o->entry.items[i].object_offset) == 0 ||
!VALID64(le64toh(o->entry.items[i].object_offset))) {
error(offset,
- "Invalid entry item (%"PRIu64"/%"PRIu64" offset: "OFSfmt,
+ "Invalid entry item (%"PRIu64"/%"PRIu64") offset: "OFSfmt,
i, journal_file_entry_n_items(o),
le64toh(o->entry.items[i].object_offset));
return -EBADMSG;
return -EBADMSG;
}
+ /* Pointer might have moved, reposition */
+ r = journal_file_move_to_object(f, OBJECT_DATA, q, &u);
+ if (r < 0)
+ return r;
+
r = journal_file_move_to_entry_by_offset_for_data(f, u, p, DIRECTION_DOWN, NULL, NULL);
if (r < 0)
return r;
case 'b':
boot_id_set = true;
r = sd_id128_from_string(word + 2, &boot_id);
+ if (r < 0)
+ return r;
break;
case 'm':
static int l2tp_get_local_address(NetDev *netdev, union in_addr_union *ret) {
Link *link = NULL;
L2tpTunnel *t;
- Address *a;
+ Address *a = NULL;
int r;
assert(netdev);
if (!sa->key_file)
return 0;
- (void) warn_file_is_world_accessible(sa->key_file, NULL, NULL, 0);
-
r = read_full_file_full(
AT_FDCWD, sa->key_file, UINT64_MAX, SIZE_MAX,
READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX | READ_FULL_FILE_WARN_WORLD_READABLE | READ_FULL_FILE_CONNECT_SOCKET,
assert(dest);
- (void) warn_file_is_world_accessible(filename, NULL, NULL, 0);
-
r = read_full_file_full(
AT_FDCWD, filename, UINT64_MAX, SIZE_MAX,
READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_WARN_WORLD_READABLE | READ_FULL_FILE_CONNECT_SOCKET,
if (info->has_tx_queues || info->has_rx_queues) {
r = table_add_many(table,
TABLE_EMPTY,
- TABLE_STRING, "Queue Length (Tx/Rx):");
+ TABLE_STRING, "Number of Queues (Tx/Rx):");
if (r < 0)
return table_log_add_error(r);
r = table_add_cell_stringf(table, NULL, "%" PRIu32 "/%" PRIu32, info->tx_queues, info->rx_queues);
settings->userns_mode = USER_NAMESPACE_PICK;
settings->uid_shift = UID_INVALID;
settings->uid_range = UINT32_C(0x10000);
+ } else if (streq(rvalue, "identity")) {
+ /* identity: User namespacing on, UID range is 0:65536 */
+ settings->userns_mode = USER_NAMESPACE_FIXED;
+ settings->uid_shift = 0;
+ settings->uid_range = UINT32_C(0x10000);
} else {
const char *range, *shift;
uid_t sh, rn;
* quadruplet, consisting of host and container UID + GID. */
for (size_t i = 0; i < n_bind_user_uid; i++) {
- uid_t payload_uid = bind_user_uid[i*2+offset],
- host_uid = bind_user_uid[i*2+offset+1];
+ uid_t payload_uid = bind_user_uid[i*4+offset],
+ host_uid = bind_user_uid[i*4+offset+1];
assert(previous_uid <= payload_uid);
assert(payload_uid < arg_uid_range);
sd_bus_error_setf(&error, _BUS_ERROR_DNS "NXDOMAIN", "'%s' not found", dns_query_string(q));
else {
const char *rc, *n;
- char p[DECIMAL_STR_MAX(q->answer_rcode)];
-
- rc = dns_rcode_to_string(q->answer_rcode);
- if (!rc) {
- xsprintf(p, "%i", q->answer_rcode);
- rc = p;
- }
+ rc = FORMAT_DNS_RCODE(q->answer_rcode);
n = strjoina(_BUS_ERROR_DNS, rc);
sd_bus_error_setf(&error, n, "Could not resolve '%s', server or network returned error %s", dns_query_string(q), rc);
}
if (found_rcode >= 0) {
log_debug("RCODE %s cache hit for %s",
- dns_rcode_to_string(found_rcode),
+ FORMAT_DNS_RCODE(found_rcode),
dns_resource_key_to_string(key, key_str, sizeof(key_str)));
if (ret_rcode)
#include "memory-util.h"
#include "resolved-dns-packet.h"
#include "set.h"
+#include "stdio-util.h"
#include "string-table.h"
#include "strv.h"
#include "unaligned.h"
int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
assert(p);
+ assert(p->rindex <= p->size);
- if (p->rindex + sz > p->size)
+ if (sz > p->size - p->rindex)
return -EMSGSIZE;
if (ret)
if (memchr(d, 0, c))
return -EBADMSG;
- t = strndup(d, c);
+ t = memdup_suffix0(d, c);
if (!t)
return -ENOMEM;
_cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
int r;
- while (p->rindex < rewinder.saved_rindex + size) {
+ while (p->rindex - rewinder.saved_rindex < size) {
r = dns_packet_read_type_window(p, types, NULL);
if (r < 0)
return r;
+ assert(p->rindex >= rewinder.saved_rindex);
+
/* don't read past end of current RR */
- if (p->rindex > rewinder.saved_rindex + size)
+ if (p->rindex - rewinder.saved_rindex > size)
return -EBADMSG;
}
- if (p->rindex != rewinder.saved_rindex + size)
+ if (p->rindex - rewinder.saved_rindex != size)
return -EBADMSG;
if (start)
if (r < 0)
return r;
- if (p->rindex + rdlength > p->size)
+ if (rdlength > p->size - p->rindex)
return -EBADMSG;
offset = p->rindex;
} else {
DnsTxtItem *last = NULL;
- while (p->rindex < offset + rdlength) {
+ while (p->rindex - offset < rdlength) {
DnsTxtItem *i;
const void *data;
size_t sz;
if (r < 0)
return r;
- if (rdlength + offset < p->rindex)
+ if (rdlength < p->rindex - offset)
return -EBADMSG;
r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
if (r < 0)
return r;
+ if (rdlength < p->rindex - offset)
+ return -EBADMSG;
+
r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
/* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
if (r < 0)
return r;
+ if (rdlength < p->rindex - offset)
+ return -EBADMSG;
+
r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
/* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
if (r < 0)
return r;
- if (rdlength + offset < p->rindex)
+ if (rdlength < p->rindex - offset)
return -EBADMSG;
r = dns_packet_read_memdup(p,
}
if (r < 0)
return r;
- if (p->rindex != offset + rdlength)
+ if (p->rindex - offset != rdlength)
return -EBADMSG;
if (ret)
};
DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
+const char *format_dns_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]) {
+ const char *p = dns_rcode_to_string(i);
+ if (p)
+ return p;
+
+ return snprintf_ok(buf, DECIMAL_STR_MAX(int), "%i", i);
+}
+
static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
[DNS_PROTOCOL_DNS] = "dns",
[DNS_PROTOCOL_MDNS] = "mdns",
const char* dns_rcode_to_string(int i) _const_;
int dns_rcode_from_string(const char *s) _pure_;
+const char *format_dns_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]);
+#define FORMAT_DNS_RCODE(i) format_dns_rcode(i, (char [DECIMAL_STR_MAX(int)]) {})
const char* dns_protocol_to_string(DnsProtocol p) _const_;
DnsProtocol dns_protocol_from_string(const char *s) _pure_;
case DNS_TRANSACTION_RCODE_FAILURE:
if (!IN_SET(dt->answer_rcode, DNS_RCODE_NXDOMAIN, DNS_RCODE_SERVFAIL)) {
- log_debug("Auxiliary DNSSEC RR query failed with rcode=%s.", dns_rcode_to_string(dt->answer_rcode));
+ log_debug("Auxiliary DNSSEC RR query failed with rcode=%s.", FORMAT_DNS_RCODE(dt->answer_rcode));
goto fail;
}
log_debug("Processing incoming packet of size %zu on transaction %" PRIu16" (rcode=%s).",
p->size,
- t->id, dns_rcode_to_string(DNS_PACKET_RCODE(p)));
+ t->id, FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)));
switch (t->scope->protocol) {
return;
/* Give up, accept the rcode */
- log_debug("Server returned error: %s", dns_rcode_to_string(DNS_PACKET_RCODE(p)));
+ log_debug("Server returned error: %s", FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)));
break;
}
t->clamp_feature_level_servfail < 0) {
t->clamp_feature_level_servfail = t->current_feature_level;
log_debug("Server returned error %s, retrying transaction.",
- dns_rcode_to_string(DNS_PACKET_RCODE(p)));
+ FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)));
} else {
/* Reduce this feature level by one and try again. */
switch (t->current_feature_level) {
}
log_debug("Server returned error %s, retrying transaction with reduced feature level %s.",
- dns_rcode_to_string(DNS_PACKET_RCODE(p)),
+ FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)),
dns_server_feature_level_to_string(t->clamp_feature_level_servfail));
}
t->clamp_feature_level_nxdomain = DNS_SERVER_FEATURE_LEVEL_UDP;
log_debug("Server returned error %s in EDNS0 mode, retrying transaction with reduced feature level %s (DVE-2018-0001 mitigation)",
- dns_rcode_to_string(DNS_PACKET_RCODE(p)),
+ FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)),
dns_server_feature_level_to_string(t->clamp_feature_level_nxdomain));
dns_transaction_retry(t, false /* use the same server */);
%_sysctldir {{SYSCTL_DIR}}
%_sysusersdir {{SYSUSERS_DIR}}
%_tmpfilesdir {{TMPFILES_DIR}}
+%_user_tmpfilesdir {{USER_TMPFILES_DIR}}
%_environmentdir {{ENVIRONMENT_DIR}}
%_modulesloaddir {{MODULESLOAD_DIR}}
%_modprobedir {{MODPROBE_DIR}}
#include <linux/blkpg.h>
#include <linux/dm-ioctl.h>
#include <linux/loop.h>
+#include <sys/file.h>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/wait.h>
int dns_service_split(const char *joined, char **_name, char **_type, char **_domain) {
_cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL;
const char *p = joined, *q = NULL, *d = NULL;
- char a[DNS_LABEL_MAX], b[DNS_LABEL_MAX], c[DNS_LABEL_MAX];
+ char a[DNS_LABEL_MAX+1], b[DNS_LABEL_MAX+1], c[DNS_LABEL_MAX+1];
int an, bn, cn, r;
unsigned x = 0;
switch (json_variant_type(v)) {
case JSON_VARIANT_REAL: {
- locale_t loc;
+ locale_t loc, old_loc;
loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t) 0);
if (loc == (locale_t) 0)
if (flags & JSON_FORMAT_COLOR)
fputs(ansi_highlight_blue(), f);
+ old_loc = uselocale(loc);
fprintf(f, "%.*e", DECIMAL_DIG, json_variant_real(v));
+ uselocale(old_loc);
if (flags & JSON_FORMAT_COLOR)
fputs(ANSI_NORMAL, f);
if (r == 0 && endswith(unit, ".slice")) {
const char *m5;
- m5 = strjoina("_SYSTEMD_SLICE=", unit);
+ m5 = strjoina("_SYSTEMD_USER_SLICE=", unit);
/* Show all messages belonging to a slice */
(void)(
.name = "@known",
.help = "All known syscalls declared in the kernel",
.value =
+ "@obsolete\0"
#include "syscall-list.h"
},
};
const char *message,
const char *username,
const char *origin_tty,
- bool (*match_tty)(const char *tty, void *userdata),
+ bool (*match_tty)(const char *tty, bool is_local, void *userdata),
void *userdata) {
return 0;
}
#include <fcntl.h>
#include <getopt.h>
#include <linux/loop.h>
+#include <sys/file.h>
#include <sys/mount.h>
#include <unistd.h>
_cleanup_(unit_file_presets_freep) UnitFilePresets presets = {};
int r;
- table = table_new("unit file", "state", "vendor preset");
+ table = table_new("unit file", "state", "preset");
if (!table)
return log_oom();
bool *ellipsized) {
const char *active_on, *active_off, *on, *off, *ss, *fs;
- const char *enable_on, *enable_off, *enable_vendor_on, *enable_vendor_off;
+ const char *enable_on, *enable_off, *preset_on, *preset_off;
_cleanup_free_ char *formatted_path = NULL;
usec_t timestamp;
const char *path;
format_active_state(i->active_state, &active_on, &active_off);
format_enable_state(i->unit_file_state, &enable_on, &enable_off);
- format_enable_state(i->unit_file_preset, &enable_vendor_on, &enable_vendor_off);
+ format_enable_state(i->unit_file_preset, &preset_on, &preset_off);
const SpecialGlyph glyph = unit_active_state_to_glyph(unit_active_state_from_string(i->active_state));
on, strna(i->load_state), off,
path,
enable_on, i->unit_file_state, enable_off,
- show_preset ? "; vendor preset: " : "",
- enable_vendor_on, show_preset ? i->unit_file_preset : "", enable_vendor_off);
+ show_preset ? "; preset: " : "",
+ preset_on, show_preset ? i->unit_file_preset : "", preset_off);
} else if (path)
printf(" Loaded: %s%s%s (%s)\n",
" --legend=BOOL Enable/disable the legend (column headers and hints)\n"
" --no-pager Do not pipe output into a pager\n"
" --no-ask-password Do not ask for system passwords\n"
- " --global Enable/disable/mask default user unit files globally\n"
- " --runtime Enable/disable/mask unit files temporarily until next\n"
- " reboot\n"
+ " --global Edit/enable/disable/mask default user unit files\n"
+ " globally\n"
+ " --runtime Edit/enable/disable/mask unit files temporarily until\n"
+ " next reboot\n"
" -f --force When enabling unit files, override existing symlinks\n"
" When shutting down, execute action immediately\n"
" --preset-mode= Apply only enable, only disable, or all presets\n"
- " --root=PATH Enable/disable/mask unit files in the specified root\n"
- " directory\n"
+ " --root=PATH Edit/enable/disable/mask unit files in the specified\n"
+ " root directory\n"
" -n --lines=INTEGER Number of journal entries to show\n"
" -o --output=STRING Change journal output mode (short, short-precise,\n"
" short-iso, short-iso-precise, short-full,\n"
test_dns_service_split_one("_foo._bar", NULL, "_foo._bar", ".", 0);
test_dns_service_split_one("_meh._foo._bar", "_meh", "_foo._bar", ".", 0);
test_dns_service_split_one("Wuff\\032Wuff._foo._bar.waldo.com", "Wuff Wuff", "_foo._bar", "waldo.com", 0);
+ test_dns_service_split_one("_Q._Q-------------------------------------------------------------", NULL, "_Q._Q-------------------------------------------------------------", ".", 0);
}
static void test_dns_name_change_suffix_one(const char *name, const char *old_suffix, const char *new_suffix, int r, const char *result) {
#include <fcntl.h>
#include <linux/loop.h>
#include <pthread.h>
+#include <sys/file.h>
#include "alloc-util.h"
#include "dissect-image.h"
}
#define DELL_MODALIAS \
- "evdev:atkbd:dmi:bvnXXX:bvrYYY:bdZZZ:svnDellXXX:pnYYY"
+ "evdev:atkbd:dmi:bvnXXX:bvrYYY:bdZZZ:svnDellXXX:pnYYY:"
TEST(basic_enumerate) {
_cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
assert_se(strv_length(t) == 3);
}
+TEST(set_put_strndup) {
+ _cleanup_set_free_ Set *m = NULL;
+
+ assert_se(set_put_strndup(&m, "12345", 0) == 1);
+ assert_se(set_put_strndup(&m, "12345", 1) == 1);
+ assert_se(set_put_strndup(&m, "12345", 2) == 1);
+ assert_se(set_put_strndup(&m, "12345", 3) == 1);
+ assert_se(set_put_strndup(&m, "12345", 4) == 1);
+ assert_se(set_put_strndup(&m, "12345", 5) == 1);
+ assert_se(set_put_strndup(&m, "12345", 6) == 0);
+
+ assert_se(set_contains(m, ""));
+ assert_se(set_contains(m, "1"));
+ assert_se(set_contains(m, "12"));
+ assert_se(set_contains(m, "123"));
+ assert_se(set_contains(m, "1234"));
+ assert_se(set_contains(m, "12345"));
+
+ assert_se(set_size(m) == 6);
+}
+
TEST(set_put_strdup) {
_cleanup_set_free_ Set *m = NULL;
assert_se(set_put_strdup(&m, "bbb") == 1);
assert_se(set_put_strdup(&m, "bbb") == 0);
assert_se(set_put_strdup(&m, "aaa") == 0);
+
+ assert_se(set_contains(m, "aaa"));
+ assert_se(set_contains(m, "bbb"));
+
assert_se(set_size(m) == 2);
}
assert_se(set_put_strdupv(&m, STRV_MAKE("aaa", "aaa", "bbb", "bbb", "aaa")) == 2);
assert_se(set_put_strdupv(&m, STRV_MAKE("aaa", "aaa", "bbb", "bbb", "ccc")) == 1);
+
+ assert_se(set_contains(m, "aaa"));
+ assert_se(set_contains(m, "bbb"));
+ assert_se(set_contains(m, "ccc"));
+
assert_se(set_size(m) == 3);
}
test_format_timespan_accuracy(1);
test_format_timespan_accuracy(USEC_PER_MSEC);
test_format_timespan_accuracy(USEC_PER_SEC);
+
+ /* See issue #23928. */
+ _cleanup_free_ char *buf;
+ assert_se(buf = new(char, 5));
+ assert_se(buf == format_timespan(buf, 5, 100005, 1000));
}
TEST(verify_timezone) {
continue;
if (r < 0) {
/* FUSE, NFS mounts, SELinux might return EACCES */
- r = log_full_errno(errno == EACCES ? LOG_DEBUG : LOG_ERR, errno,
+ r = log_full_errno(r == -EACCES ? LOG_DEBUG : LOG_ERR, r,
"statx(%s/%s) failed: %m", p, de->d_name);
continue;
}
return token->op == (match ? OP_MATCH : OP_NOMATCH);
}
case TK_M_PROGRAM: {
- char buf[UDEV_PATH_SIZE], result[UDEV_LINE_SIZE];
+ char buf[UDEV_LINE_SIZE], result[UDEV_LINE_SIZE];
bool truncated;
size_t count;
}
case TK_M_IMPORT_PROGRAM: {
_cleanup_strv_free_ char **lines = NULL;
- char buf[UDEV_PATH_SIZE], result[UDEV_LINE_SIZE];
+ char buf[UDEV_LINE_SIZE], result[UDEV_LINE_SIZE];
bool truncated;
(void) udev_event_apply_format(event, token->value, buf, sizeof(buf), false, &truncated);
UdevBuiltinCommand cmd = PTR_TO_UDEV_BUILTIN_CMD(token->data);
assert(cmd >= 0 && cmd < _UDEV_BUILTIN_MAX);
unsigned mask = 1U << (int) cmd;
- char buf[UDEV_PATH_SIZE];
+ char buf[UDEV_LINE_SIZE];
bool truncated;
if (udev_builtin_run_once(cmd)) {
case TK_A_RUN_BUILTIN:
case TK_A_RUN_PROGRAM: {
_cleanup_free_ char *cmd = NULL;
- char buf[UDEV_PATH_SIZE];
+ char buf[UDEV_LINE_SIZE];
bool truncated;
if (event->run_final)
ID=$(systemd-id128 new)
systemd-cat -t "$ID" bash -c 'echo parent; (echo child) & wait' &
PID=$!
-wait %%
+wait $PID
journalctl --sync
# We can drop this grep when https://github.com/systemd/systemd/issues/13937
# has a fix.
Before=sysinit.target
Documentation=man:modprobe(8)
ConditionCapability=CAP_SYS_MODULE
+StartLimitIntervalSec=0
[Service]
Type=oneshot
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=-udevadm trigger --type=all --action=add --prioritized-subsystem=block,tpmrm
+ExecStart=-udevadm trigger --type=all --action=add --prioritized-subsystem=module,block,tpmrm,tty,net