]> git.proxmox.com Git - systemd.git/commitdiff
New upstream version 243
authorMichael Biebl <biebl@debian.org>
Tue, 3 Sep 2019 18:03:55 +0000 (20:03 +0200)
committerMichael Biebl <biebl@debian.org>
Tue, 3 Sep 2019 18:03:55 +0000 (20:03 +0200)
81 files changed:
NEWS
README
docs/CONTRIBUTING.md
docs/SECURITY.md [new file with mode: 0644]
hwdb/60-keyboard.hwdb
hwdb/60-sensor.hwdb
hwdb/70-touchpad.hwdb
man/machine-id.xml
man/runlevel.xml
man/sd_event_set_watchdog.xml
man/systemd.exec.xml
man/systemd.unit.xml
man/udevadm.xml
meson_options.txt
semaphoreci/semaphore-runner.sh
shell-completion/bash/busctl
shell-completion/zsh/_journalctl
src/basic/env-file.c
src/basic/path-util.h
src/basic/strv.h
src/basic/user-util.c
src/basic/user-util.h
src/basic/virt.c
src/core/dbus-execute.c
src/core/dbus-service.c
src/core/dbus-socket.c
src/core/dbus-util.c
src/core/dbus-util.h
src/core/execute.c
src/core/execute.h
src/core/load-fragment-gperf.gperf.m4
src/core/load-fragment.c
src/core/load-fragment.h
src/core/machine-id-setup.c
src/core/manager.c
src/core/meson.build
src/core/mount.c
src/core/org.freedesktop.systemd1.service [deleted file]
src/core/service.c
src/core/service.h
src/core/socket.c
src/core/swap.c
src/core/unit.c
src/core/unit.h
src/environment-d-generator/environment-d-generator.c
src/hostname/hostnamed.c
src/kernel-install/90-loaderentry.install
src/libsystemd/sd-bus/sd-bus.c
src/libsystemd/sd-bus/test-bus-vtable.c
src/libsystemd/sd-bus/test-vtable-data.h
src/login/logind-dbus.c
src/login/logind-inhibit.c
src/login/logind-session-dbus.c
src/network/networkd-address.c
src/network/networkd-dhcp4.c
src/network/networkd-fdb.c
src/network/networkd-link.c
src/network/networkd-link.h
src/network/networkd-network.c
src/network/networkd-network.h
src/network/networkd-route.c
src/network/networkd-routing-policy-rule.c
src/resolve/org.freedesktop.resolve1.policy
src/resolve/resolved-bus.c
src/resolve/resolved-link-bus.c
src/shared/bus-util.c
src/shared/path-lookup.c
src/shared/path-lookup.h
src/shared/unit-file.c
src/test/test-path-lookup.c
src/test/test-unit-name.c
src/test/test-user-util.c
test/TEST-10-ISSUE-2467/test.sh
test/TEST-18-FAILUREACTION/testsuite.sh
test/TEST-33-CLEAN-UNIT/testsuite.sh
test/TEST-37-RUNTIMEDIRECTORYPRESERVE/Makefile [new symlink]
test/TEST-37-RUNTIMEDIRECTORYPRESERVE/test.sh [new file with mode: 0755]
test/TEST-37-RUNTIMEDIRECTORYPRESERVE/testsuite.sh [new file with mode: 0755]
test/test-functions
test/test-network/systemd-networkd-tests.py
units/meson.build

diff --git a/NEWS b/NEWS
index 5a2f6df9e5e436b17e94b0a005ea8f176ec81f46..de4f93a79b92b4e11ae5faa65c9df26f4ee09a7a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
 systemd System and Service Manager
 
-CHANGES WITH 243 in spe:
+CHANGES WITH 243:
 
         * This release enables unprivileged programs (i.e. requiring neither
           setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
@@ -279,6 +279,16 @@ CHANGES WITH 243 in spe:
           been renamed to LinkLayerAddress=, and it now allows configuration of
           IP addresses, too.
 
+        * systemd-networkd's handling of the kernel's disable_ipv6 sysctl is
+          simplified: systemd-networkd will disable the sysctl (enable IPv6) if
+          IPv6 configuration (static or DHCPv6) was found for a given
+          interface. It will not touch the sysctl otherwise.
+
+        * The order of entries is $PATH used by the user manager instance was
+          changed to put bin/ entries before the corresponding sbin/ entries.
+          It is recommended to not rely on this order, and only ever have one
+          binary with a given name in the system paths under /usr.
+
         * A new tool systemd-network-generator has been added that may generate
           .network, .netdev and .link files from IP configuration specified on
           the kernel command line in the format used by Dracut.
@@ -432,17 +442,22 @@ CHANGES WITH 243 in spe:
         * IOWeight= has learnt to properly set the IO weight when using the
           BFQ scheduler officially found in kernels 5.0+.
 
+        * A new mailing list has been created for reporting of security issues:
+          systemd-security@redhat.com. For mode details, see
+          https://systemd.io/CONTRIBUTING#security-vulnerability-reports.
+
         Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht
         Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey,
         Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris
         Chiu, Chris Down, Christian Kellner, Clinton Roy, Connor Reeder, Daniel
         Black, Daniele Medri, Dan Streetman, Dave Reisner, Dave Ross, David
-        Art, David Tardon, Debarshi Ray, Dominick Grift, Donald Buczek, Douglas
-        Christman, Eric DeVolder, EtherGraf, Evgeny Vereshchagin, Feldwor,
-        Felix Riemann, Florian Dollinger, Francesco Pennica, Franck Bui,
-        Frantisek Sumsal, Franz Pletz, frederik, Hans de Goede, Iago López
-        Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob
-        Unterwurzacher, Jan Klötzke, Jan Pokorný, Jan Synacek, Jeka Pats,
+        Art, David Tardon, Debarshi Ray, Dimitri John Ledkov, Dominick Grift,
+        Donald Buczek, Douglas Christman, Eric DeVolder, EtherGraf, Evgeny
+        Vereshchagin, Feldwor, Felix Riemann, Florian Dollinger, Francesco
+        Pennica, Franck Bui, Frantisek Sumsal, Franz Pletz, frederik, Hans
+        de Goede, Iago López Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer,
+        Jack, Jakob Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan
+        Pokorný, Jan Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller,
         Jérémy Rosen, Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann
         B. Guðmundsson, Johannes Christ, Johannes Schmitz, Jonathan Rouleau,
         Jorge Niedbalski, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
@@ -456,12 +471,12 @@ CHANGES WITH 243 in spe:
         Santalla, Ronan Pigott, root, RussianNeuroMancer, Sebastian Jennen,
         shinygold, Shreyas Behera, Simon Schricker, Susant Sahani, Thadeu Lima
         de Souza Cascardo, Theo Ouzhinski, Thiebaud Weksteen, Thomas Haller,
-        Thomas Weißschuh, Tomas Mraz, Tommi Rantala, Topi Miettinen, ven,
-        Wieland Hoffmann, William A. Kennington III, William Wold, Xi Ruoyao,
-        Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
-        Zhang Xianwei
+        Thomas Weißschuh, Tomas Mraz, Tommi Rantala, Topi Miettinen, VD-Lycos,
+        ven, Wieland Hoffmann, William A. Kennington III, William Wold, Xi
+        Ruoyao, Yuri Chornoivan, Yu Watanabe, Your Name, Zach Smith, Zbigniew
+        Jędrzejewski-Szmek, Zhang Xianwei
 
-        – Somewhere, SOME-TI-ME
+        – Camerino, 2019-09-03
 
 CHANGES WITH 242:
 
diff --git a/README b/README
index fcf20ed9f8c95f73a570453c93704d0c424e88af..98da2d6dcbdd3267c7a1b596afb00a4b684b66ff 100644 (file)
--- a/README
+++ b/README
@@ -173,9 +173,7 @@ REQUIREMENTS:
         dependencies:
 
         util-linux >= v2.27.1 required
-        dbus >= 1.4.0 (strictly speaking optional, but recommended)
-                NOTE: If using dbus < 1.9.18, you should override the default
-                policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
+        dbus >= 1.11.0 (strictly speaking optional, but recommended)
         dracut (optional)
         polkit (optional)
 
index f40d9a010a6412dda4f5e68ef2e5696f8c6c7162..565acdd1cba9a0062b9440aa8c8148e0371a195f 100644 (file)
@@ -8,7 +8,7 @@ We welcome contributions from everyone. However, please follow the following gui
 
 ## Filing Issues
 
-* We use GitHub Issues **exclusively** for tracking **bugs** and **feature** **requests** of systemd. If you are looking for help, please contact our [mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) instead.
+* We use [GitHub Issues](https://github.com/systemd/systemd/issues) **exclusively** for tracking **bugs** and **feature** **requests** of systemd. If you are looking for help, please contact [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) instead.
 * We only track bugs in the **two** **most** **recently** **released** **versions** of systemd in the GitHub Issue tracker. If you are using an older version of systemd, please contact your distribution's bug tracker instead.
 * When filing an issue, specify the **systemd** **version** you are experiencing the issue with. Also, indicate which **distribution** you are using.
 * Please include an explanation how to reproduce the issue you are pointing out.
@@ -23,7 +23,7 @@ For older versions that are still supported by your distribution please use resp
 
 ## Security vulnerability reports
 
-If you discover a security vulnerability, we'd appreciate a non-public disclosure. The issue tracker and mailing list listed above are fully public. If you need to reach systemd developers in a non-public way, report the issue in one of the "big" distributions using systemd: [Fedora](https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=systemd) (be sure to check "Security Sensitive Bug" under "Show Advanced Fields"), [Ubuntu](https://launchpad.net/ubuntu/+source/systemd/+filebug) (be sure to change "This bug contains information that is" from "Public" to "Private Security"), or [Debian](mailto:security@debian.org). Various systemd developers are active distribution maintainers and will propagate the information about the bug to other parties.
+See [reporting of security vulnerabilities](SECURITY.md).
 
 ## Posting Pull Requests
 
diff --git a/docs/SECURITY.md b/docs/SECURITY.md
new file mode 100644 (file)
index 0000000..93847dc
--- /dev/null
@@ -0,0 +1,7 @@
+---
+title: Reporting of security vulnerabilities
+---
+
+# Reporting of security vulnerabilities
+
+If you discover a security vulnerability, we'd appreciate a non-public disclosure. The [issue tracker](https://github.com/systemd/systemd/issues) and [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) are fully public. If you need to reach systemd developers in a non-public way, report the issue to the [systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list. The disclosure will be coordinated with distributions.
index c1f1d166387b0daefc711dd52eac1942da640504..ee40e12692a1e0a36590aae7ba58079c91033bc0 100644 (file)
@@ -1475,6 +1475,14 @@ evdev:name:Sony Vaio Keys:dmi:bvn*:bvr*:bd*:svnSony*:pnVPC*:pvr*
  KEYBOARD_KEY_0d=down                                   # Fn+F9 zoomout
  KEYBOARD_KEY_0e=up                                     # Fn+F10 zoomin
 
+###########################################################
+# System76
+###########################################################
+
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnSystem76*:pn*
+ KEYBOARD_KEY_f7=f21                                    # Touchpad toggle
+ KEYBOARD_KEY_f8=f21                                    # Touchpad toggle
+
 ###########################################################
 # T-bao
 ###########################################################
index c2ac8dab24fdfd0faa974920e95b11dcbd51de04..72989a7750a2a309f295c3e6e680909511068b85 100644 (file)
@@ -258,6 +258,26 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svnEVE*:pnEveV:*
 sensor:modalias:acpi:KIOX000A*:dmi:bvnINSYDECorp.:bvrBYT70A.YNCHENG.WIN.007:*:svnInsyde:pnT701:*
  ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
 
+#########################################
+# GPD
+#########################################
+
+# GPD win (version 1, with the X5-Z8750 CPU)
+# Note we match all dmi fields including the BIOS date checking for all known
+# BIOS dates, since the strings are unfortunately very generic.
+# Out of a sample set of 15 similar boards only the GPDwin has board_vendor=AMI
+# and no other devices have both board_name *and* product_name set to
+# "Default string". So combined with the sensor modalias and BIOS date this
+# should be unique enough to identify the GPDwin
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd10/25/2016:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd11/18/2016:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd12/23/2016:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd12/26/2016:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd02/21/2017:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd03/20/2017:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd05/25/2017:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnAMICorporation:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:
+ ACCEL_LOCATION=base
+
 #########################################
 # HP
 #########################################
@@ -274,9 +294,15 @@ sensor:modalias:platform:lis3lv02d:dmi:*svn*Hewlett-Packard*:*
 sensor:modalias:platform:lis3lv02d:dmi:*svn*Hewlett-Packard*:*pnHPProBook4535s*
  ACCEL_LOCATION=base
 
+sensor:modalias:platform:lis3lv02d:dmi:*:svnHewlett-Packard:pnHPENVY17NotebookPC:*
+ ACCEL_LOCATION=base
+
+sensor:modalias:platform:lis3lv02d:dmi:*svnHP:pnHPEliteBook850G3*
+ ACCEL_LOCATION=base
+
 sensor:modalias:acpi:SMO8500*:dmi:*:svnHewlett-Packard:pnHPStream7Tablet:*
 sensor:modalias:acpi:SMO8500*:dmi:*:svnHewlett-Packard:pnHPStream8Tablet:*
 ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
+ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
 
 # HP Pavillion X2 10-n000nd
 sensor:modalias:i2c:bmc150_accel:dmi:*:svnHewlett-Packard:pnHPPavilionx2Detachable:*:rn815D:*
@@ -403,6 +429,10 @@ sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION:pnE3221MD61237:*
 sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION*:pnE3222*:*
  ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
 
+# Medion Akoya E2293 MD61130
+sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION:pnE2293MD61130:*
+ ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
+
 #########################################
 # MSI
 #########################################
@@ -532,6 +562,14 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svnTREKSTOR:pnPrimetabT13B:*
 sensor:modalias:acpi:BOSC0200*:dmi:*:svnTrekStor*:pnSurfTabtwin11.6:*
  ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
 
+sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnPRIMEBOOKC11B:*
+ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, -1
+ ACCEL_LOCATION=display
+
+sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnPRIMEBOOKC11B:*
+ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
+ ACCEL_LOCATION=base
+
 #########################################
 # Umax
 #########################################
index 47eb9df95ed8d040c4c9992c2e5bd80c009e0d20..8194d983587df17f1c8684d5af5fdb4c7acce38b 100644 (file)
@@ -50,6 +50,12 @@ touchpad:usb:v05acp030e:*
 touchpad:usb:v05acp0265:*
  ID_INPUT_TOUCHPAD_INTEGRATION=external
 
+###########################################################
+# HP Elite x2 1013 G3
+###########################################################
+touchpad:usb:v044ep1221:*
+ ID_INPUT_TOUCHPAD_INTEGRATION=external
+
 ###########################################################
 # Logitech
 ###########################################################
index f4d94e880097b751ac36f63e1c2751c6f19a6eb9..ebee065a614f901e1000a5ab723be5c1c8ad43db 100644 (file)
@@ -99,8 +99,8 @@
     be used. If this file is empty or missing, <filename>systemd</filename> will attempt
     to use the D-Bus machine ID from <filename>/var/lib/dbus/machine-id</filename>, the
     value of the kernel command line option <varname>container_uuid</varname>, the KVM DMI
-    <filename>product_uuid</filename> (on KVM systems), and finally a randomly generated
-    UUID.</para>
+    <filename>product_uuid</filename> or the devicetree <filename>vm,uuid</filename>
+    (on KVM systems), and finally a randomly generated UUID.</para>
 
     <para>After the machine ID is established,
     <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
index d8bfcd73fce96c5ae0e1996162a24896ad3cd8f2..87e2ed234adccee7d136bde645615520156ce7fd 100644 (file)
@@ -4,8 +4,7 @@
 <!-- SPDX-License-Identifier: LGPL-2.1+ -->
 
 <refentry id="runlevel"
-    xmlns:xi="http://www.w3.org/2001/XInclude"
-    conditional="ENABLE_UTMP">
+    xmlns:xi="http://www.w3.org/2001/XInclude">
 
   <refentryinfo>
     <title>runlevel</title>
index faaaad39d967496c9a0bd12b1e2192a20108c66d..cacc683b578814f8d22034943f8fe2aa1388e3a8 100644 (file)
@@ -69,7 +69,7 @@
     this feature disabled.</para>
 
     <para>The first watchdog notification message is sent immediately
-    when <function>set_event_set_watchdog()</function> is invoked with
+    when <function>sd_event_set_watchdog()</function> is invoked with
     a true <parameter>b</parameter> parameter.</para>
 
     <para>The watchdog logic is designed to allow the service manager
index fbbfd4f5146852b3e58c24ee500d9e8057045ed2..5cb83afa57822f283129dd6827d81637b4046379 100644 (file)
@@ -2152,16 +2152,17 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
       <varlistentry>
         <term><varname>LogExtraFields=</varname></term>
 
-        <listitem><para>Configures additional log metadata fields to include in all log records generated by processes
-        associated with this unit. This setting takes one or more journal field assignments in the format
-        <literal>FIELD=VALUE</literal> separated by whitespace. See
-        <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
-        details on the journal field concept. Even though the underlying journal implementation permits binary field
-        values, this setting accepts only valid UTF-8 values. To include space characters in a journal field value,
-        enclose the assignment in double quotes ("). The usual specifiers are expanded in all assignments (see
-        below). Note that this setting is not only useful for attaching additional metadata to log records of a unit,
-        but given that all fields and values are indexed may also be used to implement cross-unit log record
-        matching. Assign an empty string to reset the list.</para></listitem>
+        <listitem><para>Configures additional log metadata fields to include in all log records generated by
+        processes associated with this unit. This setting takes one or more journal field assignments in the
+        format <literal>FIELD=VALUE</literal> separated by whitespace. See
+        <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+        for details on the journal field concept. Even though the underlying journal implementation permits
+        binary field values, this setting accepts only valid UTF-8 values. To include space characters in a
+        journal field value, enclose the assignment in double quotes ("). <!-- " fake closing quote for emacs-->
+        The usual specifiers are expanded in all assignments (see below). Note that this setting is not only
+        useful for attaching additional metadata to log records of a unit, but given that all fields and
+        values are indexed may also be used to implement cross-unit log record matching. Assign an empty
+        string to reset the list.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -2355,10 +2356,16 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
       <varlistentry>
         <term><varname>$PATH</varname></term>
 
-        <listitem><para>Colon-separated list of directories to use
-        when launching executables. systemd uses a fixed value of
-        <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
-        </para></listitem>
+        <listitem><para>Colon-separated list of directories to use when launching
+        executables. <command>systemd</command> uses a fixed value of
+        <literal><filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename></literal>
+        in the system manager. When compiled for systems with "unmerged /usr" (<filename>/bin</filename> is
+        not a symlink to <filename>/usr/bin</filename>),
+        <literal>:<filename>/sbin</filename>:<filename>/bin</filename></literal> is appended. In case of the
+        the user manager, each <filename>bin/</filename> and <filename>sbin/</filename> pair is switched, so
+        that programs from <filename>/usr/bin</filename> have higher priority than programs from
+        <filename>/usr/sbin</filename>, etc. It is recommended to not rely on this in any way, and have only
+        one program with a given name in <varname>$PATH</varname>.</para></listitem>
       </varlistentry>
 
       <varlistentry>
index 8307be1d33f66118f549d5df2a96f71f578018f1..acb09d005d87ae6589045b02803b28928d6616cc 100644 (file)
     <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
     </para>
 
-    <para>Unit files are loaded from a set of paths determined during
-    compilation, described in the next section.</para>
-
-    <para>Unit files can be parameterized by a single argument called the "instance name". The unit
-    is then constructed based on a "template file" which serves as the definition of multiple
-    services or other units. A template unit must have a single <literal>@</literal> at the end of
-    the name (right before the type suffix). The name of the full unit is formed by inserting the
-    instance name between <literal>@</literal> and the unit type suffix. In the unit file itself,
-    the instance parameter may be referred to using <literal>%i</literal> and other specifiers, see
-    below.</para>
+    <para>Unit files are loaded from a set of paths determined during compilation, described in the next
+    section.</para>
+
+    <para>Valid unit names consist of a "name prefix" and a dot and a suffix specifying the unit type. The
+    "unit prefix" must consist of one or more valid characters (ASCII letters, digits, <literal>:</literal>,
+    <literal>-</literal>, <literal>_</literal>, <literal>.</literal>, and <literal>\</literal>). The total
+    length of the unit name including the suffix must not exceed 256 characters. The type suffix must be one
+    of <literal>.service</literal>, <literal>.socket</literal>, <literal>.device</literal>,
+    <literal>.mount</literal>, <literal>.automount</literal>, <literal>.swap</literal>,
+    <literal>.target</literal>, <literal>.path</literal>, <literal>.timer</literal>,
+    <literal>.slice</literal>, or <literal>.scope</literal>.</para>
+
+    <para>Units names can be parameterized by a single argument called the "instance name". The unit is then
+    constructed based on a "template file" which serves as the definition of multiple services or other
+    units. A template unit must have a single <literal>@</literal> at the end of the name (right before the
+    type suffix). The name of the full unit is formed by inserting the instance name between
+    <literal>@</literal> and the unit type suffix. In the unit file itself, the instance parameter may be
+    referred to using <literal>%i</literal> and other specifiers, see below.</para>
 
     <para>Unit files may contain additional options on top of those
     listed here. If systemd encounters an unknown option, it will
index d12c39b7651a4c3a7cd781bd2406496f0140be10..c2f2bc95d217dcb0a43e5ff0554ff769e6f9703f 100644 (file)
           <term><option>-a</option></term>
           <term><option>--action=<replaceable>ACTION</replaceable></option></term>
           <listitem>
-            <para>The action string. The special value <literal>help</literal> may be used to list
-            known values.</para>
+            <para>Type of event to be simulated. Possible actions are <literal>add</literal>,
+            <literal>remove</literal>, <literal>change</literal>, <literal>move</literal>,
+            <literal>online</literal>, <literal>offline</literal>, <literal>bind</literal>,
+            and <literal>unbind</literal>. Also, the special value <literal>help</literal> can be used
+            to list the possible actions. The default value is <literal>add</literal>.</para>
           </listitem>
         </varlistentry>
         <varlistentry>
index 67aaa89919bc78ee365bf1dddb906e1261eef101..5dc898eb804803a3f90f2ea20aff6e42ec8eb449 100644 (file)
@@ -144,9 +144,9 @@ option('dbussessionservicedir', type : 'string',
 option('dbussystemservicedir', type : 'string',
        description : 'D-Bus system service directory')
 option('pkgconfigdatadir', type : 'string', value : '',
-       description : 'directory for ')
+       description : 'directory for arch-independent pkg-config files')
 option('pkgconfiglibdir', type : 'string', value : '',
-       description : 'directory for ')
+       description : 'directory for standard pkg-config files')
 option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d',
        description : 'directory for rpm macros ["no" disables]')
 option('pamlibdir', type : 'string',
index fb5392aee3ddc6a478e957ab8baf83201c59ab9a..ba0ce21b597f216adb6d56cee1da35bae0799b39 100755 (executable)
@@ -5,7 +5,7 @@ set -eux
 # default to Debian testing
 DISTRO=${DISTRO:-debian}
 RELEASE=${RELEASE:-buster}
-BRANCH=${BRANCH:-experimental}
+BRANCH=${BRANCH:-master}
 ARCH=${ARCH:-amd64}
 CONTAINER=${RELEASE}-${ARCH}
 CACHE_DIR=${SEMAPHORE_CACHE_DIR:=/tmp}
index 3be0600b9b67c28cee128853409612f2e19f5839..96bf9ae290140193e7e3ab7b78ece3894c687078 100644 (file)
@@ -32,7 +32,7 @@ __get_machines() {
 __get_busnames() {
     local mode=$1
     local a b
-    busctl $mode list --no-legend --no-pager 2>/dev/null |
+    COLUMNS=65535 busctl $mode list --no-legend --no-pager 2>/dev/null |
         { while read a b; do echo " $a"; done; };
 }
 
index 019ffbe87ac8e8a0188540fb93067dadef94c302..43bec9b1d62cebd976c1ef774e883b40de5dd7af 100644 (file)
@@ -116,15 +116,21 @@ _arguments -s \
     '(--directory -D -M --machine --root --file)'{-D+,--directory=}'[Show journal files from directory]:directories:_directories' \
     '(--directory -D -M --machine --root --file)--root=[Operate on catalog hierarchy under specified directory]:directories:_directories' \
     '(--directory -D -M --machine --root)*--file=[Operate on specified journal files]:file:_files' \
-    '--new-id128[Generate a new 128 Bit ID]' \
-    '--header[Show journal header information]' \
     '--disk-usage[Show total disk usage]' \
-    '--list-catalog[List messages in catalog]' \
     '--dump-catalog[Dump messages in catalog]' \
-    '--update-catalog[Update binary catalog database]' \
-    '--setup-keys[Generate a new FSS key pair]' \
+    '--flush[Flush all journal data from /run into /var]' \
     '--force[Force recreation of the FSS keys]' \
+    '--header[Show journal header information]' \
     '--interval=[Time interval for changing the FSS sealing key]:time interval' \
-    '--verify[Verify journal file consistency]' \
+    '--list-catalog[List messages in catalog]' \
+    '--new-id128[Generate a new 128 Bit ID]' \
+    '--rotate[Request immediate rotation of the journal files]' \
+    '--setup-keys[Generate a new FSS key pair]' \
+    '--sync[Synchronize unwritten journal messages to disk]' \
+    '--update-catalog[Update binary catalog database]' \
+    '--vacuum-files=[Leave only the specified number of journal files]:integer' \
+    '--vacuum-size=[Reduce disk usage below specified size]:bytes' \
+    '--vacuum-time=[Remove journal files older than specified time]:time' \
     '--verify-key=[Specify FSS verification key]:FSS key' \
+    '--verify[Verify journal file consistency]' \
     '*::default: _journalctl_none'
index 83767b0a24a5769f4754bf175a09d6d21673c628..26470796eb9acf5169031df717ac75b6282441b3 100644 (file)
@@ -485,6 +485,8 @@ static int merge_env_file_push(
 
         free_and_replace(value, expanded_value);
 
+        log_debug("%s:%u: setting %s=%s", filename, line, key, value);
+
         return load_env_file_push(filename, line, key, value, env, n_pushed);
 }
 
index 1f46cd65c96a0a4e0905576d67b2011c7cd038ec..71fb7041a3cbf8d794ac55f9d09ec3b733dd961c 100644 (file)
 #include "time-util.h"
 
 #define PATH_SPLIT_SBIN_BIN(x) x "sbin:" x "bin"
+#define PATH_SPLIT_BIN_SBIN(x) x "bin:" x "sbin"
 #define PATH_SPLIT_SBIN_BIN_NULSTR(x) x "sbin\0" x "bin\0"
 
 #define PATH_NORMAL_SBIN_BIN(x) x "bin"
+#define PATH_NORMAL_BIN_SBIN(x) x "bin"
 #define PATH_NORMAL_SBIN_BIN_NULSTR(x) x "bin\0"
 
 #if HAVE_SPLIT_BIN
 #  define PATH_SBIN_BIN(x) PATH_SPLIT_SBIN_BIN(x)
+#  define PATH_BIN_SBIN(x) PATH_SPLIT_BIN_SBIN(x)
 #  define PATH_SBIN_BIN_NULSTR(x) PATH_SPLIT_SBIN_BIN_NULSTR(x)
 #else
 #  define PATH_SBIN_BIN(x) PATH_NORMAL_SBIN_BIN(x)
+#  define PATH_BIN_SBIN(x) PATH_NORMAL_BIN_SBIN(x)
 #  define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x)
 #endif
 
 #define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/")
+#define DEFAULT_USER_PATH_NORMAL PATH_BIN_SBIN("/usr/local/") ":" PATH_BIN_SBIN("/usr/")
 #define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/")
 #define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/")
+#define DEFAULT_USER_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_BIN_SBIN("/")
 #define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/")
 #define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/")
 
 #if HAVE_SPLIT_USR
 #  define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR
+#  define DEFAULT_USER_PATH DEFAULT_USER_PATH_SPLIT_USR
 #  define DEFAULT_PATH_NULSTR DEFAULT_PATH_SPLIT_USR_NULSTR
 #else
 #  define DEFAULT_PATH DEFAULT_PATH_NORMAL
+#  define DEFAULT_USER_PATH DEFAULT_USER_PATH_NORMAL
 #  define DEFAULT_PATH_NULSTR DEFAULT_PATH_NORMAL_NULSTR
 #endif
 
index e80964acd17bcee0f70fc226c2408b9be88aa514..fbfa96a566589d7da35db2eb8ccc4bc05aeff8b2 100644 (file)
@@ -157,6 +157,18 @@ void strv_print(char **l);
                 _found;                                         \
         })
 
+#define ENDSWITH_SET(p, ...)                                    \
+        ({                                                      \
+                const char *_p = (p);                           \
+                char  *_found = NULL, **_i;                     \
+                STRV_FOREACH(_i, STRV_MAKE(__VA_ARGS__)) {      \
+                        _found = endswith(_p, *_i);             \
+                        if (_found)                             \
+                                break;                          \
+                }                                               \
+                _found;                                         \
+        })
+
 #define FOREACH_STRING(x, y, ...)                                       \
         for (char **_l = STRV_MAKE(({ x = y; }), ##__VA_ARGS__);        \
              x;                                                         \
index d127b0c107282562e6a6d41cb077eae45765a908..3b253bc264dd368120b4845e91750135a2f1c8b2 100644 (file)
@@ -620,16 +620,19 @@ int take_etc_passwd_lock(const char *root) {
         return fd;
 }
 
-bool valid_user_group_name(const char *u) {
+bool valid_user_group_name_full(const char *u, bool strict) {
         const char *i;
         long sz;
 
         /* Checks if the specified name is a valid user/group name. Also see POSIX IEEE Std 1003.1-2008, 2016 Edition,
          * 3.437. We are a bit stricter here however. Specifically we deviate from POSIX rules:
          *
-         * - We don't allow any dots (this would break chown syntax which permits dots as user/group name separator)
          * - We require that names fit into the appropriate utmp field
          * - We don't allow empty user names
+         * - No dots or digits in the first character
+         *
+         * If strict==true, additionally:
+         * - We don't allow any dots (this conflicts with chown syntax which permits dots as user/group name separator)
          *
          * Note that other systems are even more restrictive, and don't permit underscores or uppercase characters.
          */
@@ -642,12 +645,25 @@ bool valid_user_group_name(const char *u) {
             u[0] != '_')
                 return false;
 
+        bool warned = false;
+
         for (i = u+1; *i; i++) {
-                if (!(*i >= 'a' && *i <= 'z') &&
-                    !(*i >= 'A' && *i <= 'Z') &&
-                    !(*i >= '0' && *i <= '9') &&
-                    !IN_SET(*i, '_', '-'))
-                        return false;
+                if (((*i >= 'a' && *i <= 'z') ||
+                     (*i >= 'A' && *i <= 'Z') ||
+                     (*i >= '0' && *i <= '9') ||
+                     IN_SET(*i, '_', '-')))
+                        continue;
+
+                if (*i == '.' && !strict) {
+                        if (!warned) {
+                                log_warning("Bad user or group name \"%s\", accepting for compatibility.", u);
+                                warned = true;
+                        }
+
+                        continue;
+                }
+
+                return false;
         }
 
         sz = sysconf(_SC_LOGIN_NAME_MAX);
@@ -662,15 +678,15 @@ bool valid_user_group_name(const char *u) {
         return true;
 }
 
-bool valid_user_group_name_or_id(const char *u) {
+bool valid_user_group_name_or_id_full(const char *u, bool strict) {
 
-        /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the right
-         * range, and not the invalid user ids. */
+        /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the
+         * right range, and not the invalid user ids. */
 
         if (isempty(u))
                 return false;
 
-        if (valid_user_group_name(u))
+        if (valid_user_group_name_full(u, strict))
                 return true;
 
         return parse_uid(u, NULL) >= 0;
index 52f3df792d7754e9efdc1b3246bf18f82007b278..cfa515f5e8a26be33e2a354dfc206ce84d91f170 100644 (file)
@@ -85,8 +85,20 @@ static inline bool userns_supported(void) {
         return access("/proc/self/uid_map", F_OK) >= 0;
 }
 
-bool valid_user_group_name(const char *u);
-bool valid_user_group_name_or_id(const char *u);
+bool valid_user_group_name_full(const char *u, bool strict);
+bool valid_user_group_name_or_id_full(const char *u, bool strict);
+static inline bool valid_user_group_name(const char *u) {
+        return valid_user_group_name_full(u, true);
+}
+static inline bool valid_user_group_name_or_id(const char *u) {
+        return valid_user_group_name_or_id_full(u, true);
+}
+static inline bool valid_user_group_name_compat(const char *u) {
+        return valid_user_group_name_full(u, false);
+}
+static inline bool valid_user_group_name_or_id_compat(const char *u) {
+        return valid_user_group_name_or_id_full(u, false);
+}
 bool valid_gecos(const char *d);
 bool valid_home(const char *p);
 
index 7a7400773bd8f168931651757708fae1f951c52b..3be3852e35c0e0829e45284a06bce54f7b610423 100644 (file)
@@ -140,17 +140,17 @@ static int detect_vm_dmi(void) {
                 const char *vendor;
                 int id;
         } dmi_vendor_table[] = {
-                { "KVM",           VIRTUALIZATION_KVM       },
-                { "QEMU",          VIRTUALIZATION_QEMU      },
-                /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
-                { "VMware",        VIRTUALIZATION_VMWARE    },
-                { "VMW",           VIRTUALIZATION_VMWARE    },
-                { "innotek GmbH",  VIRTUALIZATION_ORACLE    },
-                { "Xen",           VIRTUALIZATION_XEN       },
-                { "Bochs",         VIRTUALIZATION_BOCHS     },
-                { "Parallels",     VIRTUALIZATION_PARALLELS },
+                { "KVM",                 VIRTUALIZATION_KVM       },
+                { "QEMU",                VIRTUALIZATION_QEMU      },                
+                { "VMware",              VIRTUALIZATION_VMWARE    }, /* https://kb.vmware.com/s/article/1009458 */
+                { "VMW",                 VIRTUALIZATION_VMWARE    },
+                { "innotek GmbH",        VIRTUALIZATION_ORACLE    },
+                { "Oracle Corporation",  VIRTUALIZATION_ORACLE    },
+                { "Xen",                 VIRTUALIZATION_XEN       },
+                { "Bochs",               VIRTUALIZATION_BOCHS     },
+                { "Parallels",           VIRTUALIZATION_PARALLELS },
                 /* https://wiki.freebsd.org/bhyve */
-                { "BHYVE",         VIRTUALIZATION_BHYVE     },
+                { "BHYVE",               VIRTUALIZATION_BHYVE     },
         };
         unsigned i;
         int r;
index 85c310cd33d0585fb5f77fa16bac779913632bdd..2be3db26a683569b4ff5cd81216935f1f102e27e 100644 (file)
@@ -815,6 +815,7 @@ const sd_bus_vtable bus_exec_vtable[] = {
         SD_BUS_PROPERTY("LogsDirectory", "as", NULL, offsetof(ExecContext, directories[EXEC_DIRECTORY_LOGS].paths), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("ConfigurationDirectoryMode", "u", bus_property_get_mode, offsetof(ExecContext, directories[EXEC_DIRECTORY_CONFIGURATION].mode), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("ConfigurationDirectory", "as", NULL, offsetof(ExecContext, directories[EXEC_DIRECTORY_CONFIGURATION].paths), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("TimeoutCleanUSec", "t", bus_property_get_usec, offsetof(ExecContext, timeout_clean_usec), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("MemoryDenyWriteExecute", "b", bus_property_get_bool, offsetof(ExecContext, memory_deny_write_execute), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("RestrictRealtime", "b", bus_property_get_bool, offsetof(ExecContext, restrict_realtime), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("RestrictSUIDSGID", "b", bus_property_get_bool, offsetof(ExecContext, restrict_suid_sgid), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -1182,10 +1183,10 @@ int bus_exec_context_set_transient_property(
         flags |= UNIT_PRIVATE;
 
         if (streq(name, "User"))
-                return bus_set_transient_user(u, name, &c->user, message, flags, error);
+                return bus_set_transient_user_compat(u, name, &c->user, message, flags, error);
 
         if (streq(name, "Group"))
-                return bus_set_transient_user(u, name, &c->group, message, flags, error);
+                return bus_set_transient_user_compat(u, name, &c->group, message, flags, error);
 
         if (streq(name, "TTYPath"))
                 return bus_set_transient_path(u, name, &c->tty_path, message, flags, error);
@@ -1363,10 +1364,10 @@ int bus_exec_context_set_transient_property(
                 if (r < 0)
                         return r;
 
-                STRV_FOREACH(p, l) {
-                        if (!isempty(*p) && !valid_user_group_name_or_id(*p))
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid supplementary group names");
-                }
+                STRV_FOREACH(p, l)
+                        if (!isempty(*p) && !valid_user_group_name_or_id_compat(*p))
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+                                                         "Invalid supplementary group names");
 
                 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
                         if (strv_isempty(l)) {
index fbda8d8a4c6d0a149acfeb1e601fc0c26083a7a1..ad7471c72922844ff0d1648bfd22de486d867ccc 100644 (file)
@@ -101,7 +101,6 @@ const sd_bus_vtable bus_service_vtable[] = {
         SD_BUS_PROPERTY("TimeoutStartUSec", "t", bus_property_get_usec, offsetof(Service, timeout_start_usec), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("TimeoutStopUSec", "t", bus_property_get_usec, offsetof(Service, timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("TimeoutAbortUSec", "t", property_get_timeout_abort_usec, 0, 0),
-        SD_BUS_PROPERTY("TimeoutCleanUSec", "t", bus_property_get_usec, offsetof(Service, timeout_clean_usec), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Service, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("WatchdogUSec", "t", bus_property_get_usec, offsetof(Service, watchdog_usec), SD_BUS_VTABLE_PROPERTY_CONST),
         BUS_PROPERTY_DUAL_TIMESTAMP("WatchdogTimestamp", offsetof(Service, watchdog_timestamp), 0),
index e895c94e12a7f9e30d29ce1539c3f581875b6321..25d3d71391b863419e40a5a69ec0eaf9a0853dd0 100644 (file)
@@ -277,10 +277,10 @@ static int bus_socket_set_transient_property(
                 return bus_set_transient_fdname(u, name, &s->fdname, message, flags, error);
 
         if (streq(name, "SocketUser"))
-                return bus_set_transient_user(u, name, &s->user, message, flags, error);
+                return bus_set_transient_user_compat(u, name, &s->user, message, flags, error);
 
         if (streq(name, "SocketGroup"))
-                return bus_set_transient_user(u, name, &s->group, message, flags, error);
+                return bus_set_transient_user_compat(u, name, &s->group, message, flags, error);
 
         if (streq(name, "BindIPv6Only"))
                 return bus_set_transient_bind_ipv6_only(u, name, &s->bind_ipv6_only, message, flags, error);
index f4fbb72cb99c52246d62f2b3d6bcb930104ba39d..7862beaacb6d164e76b2f3464406d12112307239 100644 (file)
@@ -30,7 +30,7 @@ int bus_property_get_triggered_unit(
 
 BUS_DEFINE_SET_TRANSIENT(mode_t, "u", uint32_t, mode_t, "%040o");
 BUS_DEFINE_SET_TRANSIENT(unsigned, "u", uint32_t, unsigned, "%" PRIu32);
-BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user, valid_user_group_name_or_id);
+BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user_compat, valid_user_group_name_or_id_compat);
 BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(path, path_is_absolute);
 
 int bus_set_transient_string(
index 12b055e4ac9c4f49aab058f70089638942a6b654..a3316c6701831c9ca72a161de8549d690af37b8b 100644 (file)
@@ -235,7 +235,7 @@ int bus_property_get_triggered_unit(sd_bus *bus, const char *path, const char *i
 
 int bus_set_transient_mode_t(Unit *u, const char *name, mode_t *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
 int bus_set_transient_unsigned(Unit *u, const char *name, unsigned *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
-int bus_set_transient_user(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
+int bus_set_transient_user_compat(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
 int bus_set_transient_path(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
 int bus_set_transient_string(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
 int bus_set_transient_bool(Unit *u, const char *name, bool *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
index 21127d4f70262e692400f7734154f760e2f686dd..4c900077789744874e37ddef0c80ce546c6d1271 100644 (file)
@@ -2045,6 +2045,19 @@ static int setup_private_users(uid_t uid, gid_t gid) {
         return 0;
 }
 
+static bool exec_directory_is_private(const ExecContext *context, ExecDirectoryType type) {
+        if (!context->dynamic_user)
+                return false;
+
+        if (type == EXEC_DIRECTORY_CONFIGURATION)
+                return false;
+
+        if (type == EXEC_DIRECTORY_RUNTIME && context->runtime_directory_preserve_mode == EXEC_PRESERVE_NO)
+                return false;
+
+        return true;
+}
+
 static int setup_exec_directory(
                 const ExecContext *context,
                 const ExecParameters *params,
@@ -2091,9 +2104,7 @@ static int setup_exec_directory(
                 if (r < 0)
                         goto fail;
 
-                if (context->dynamic_user &&
-                    (!IN_SET(type, EXEC_DIRECTORY_RUNTIME, EXEC_DIRECTORY_CONFIGURATION) ||
-                     (type == EXEC_DIRECTORY_RUNTIME && context->runtime_directory_preserve_mode != EXEC_PRESERVE_NO))) {
+                if (exec_directory_is_private(context, type)) {
                         _cleanup_free_ char *private_root = NULL;
 
                         /* So, here's one extra complication when dealing with DynamicUser=1 units. In that
@@ -2369,8 +2380,7 @@ static int compile_bind_mounts(
                 if (strv_isempty(context->directories[t].paths))
                         continue;
 
-                if (context->dynamic_user &&
-                    !IN_SET(t, EXEC_DIRECTORY_RUNTIME, EXEC_DIRECTORY_CONFIGURATION) &&
+                if (exec_directory_is_private(context, t) &&
                     !(context->root_directory || context->root_image)) {
                         char *private_root;
 
@@ -2392,8 +2402,7 @@ static int compile_bind_mounts(
                 STRV_FOREACH(suffix, context->directories[t].paths) {
                         char *s, *d;
 
-                        if (context->dynamic_user &&
-                            !IN_SET(t, EXEC_DIRECTORY_RUNTIME, EXEC_DIRECTORY_CONFIGURATION))
+                        if (exec_directory_is_private(context, t))
                                 s = path_join(params->prefix[t], "private", *suffix);
                         else
                                 s = path_join(params->prefix[t], *suffix);
@@ -2402,8 +2411,7 @@ static int compile_bind_mounts(
                                 goto finish;
                         }
 
-                        if (context->dynamic_user &&
-                            !IN_SET(t, EXEC_DIRECTORY_RUNTIME, EXEC_DIRECTORY_CONFIGURATION) &&
+                        if (exec_directory_is_private(context, t) &&
                             (context->root_directory || context->root_image))
                                 /* When RootDirectory= or RootImage= are set, then the symbolic link to the private
                                  * directory is not created on the root directory. So, let's bind-mount the directory
@@ -2854,10 +2862,10 @@ static int compile_suggested_paths(const ExecContext *c, const ExecParameters *p
                 STRV_FOREACH(i, c->directories[t].paths) {
                         char *e;
 
-                        if (t == EXEC_DIRECTORY_RUNTIME)
-                                e = path_join(p->prefix[t], *i);
-                        else
+                        if (exec_directory_is_private(c, t))
                                 e = path_join(p->prefix[t], "private", *i);
+                        else
+                                e = path_join(p->prefix[t], *i);
                         if (!e)
                                 return -ENOMEM;
 
@@ -3924,6 +3932,7 @@ void exec_context_init(ExecContext *c) {
         c->personality = PERSONALITY_INVALID;
         for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++)
                 c->directories[i].mode = 0755;
+        c->timeout_clean_usec = USEC_INFINITY;
         c->capability_bounding_set = CAP_ALL;
         assert_cc(NAMESPACE_FLAGS_INITIAL != NAMESPACE_FLAGS_ALL);
         c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
@@ -4011,7 +4020,10 @@ int exec_context_destroy_runtime_directory(const ExecContext *c, const char *run
         STRV_FOREACH(i, c->directories[EXEC_DIRECTORY_RUNTIME].paths) {
                 _cleanup_free_ char *p;
 
-                p = path_join(runtime_prefix, *i);
+                if (exec_directory_is_private(c, EXEC_DIRECTORY_RUNTIME))
+                        p = path_join(runtime_prefix, "private", *i);
+                else
+                        p = path_join(runtime_prefix, *i);
                 if (!p)
                         return -ENOMEM;
 
@@ -4292,8 +4304,8 @@ static void strv_fprintf(FILE *f, char **l) {
 }
 
 void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
+        char **e, **d, buf_clean[FORMAT_TIMESPAN_MAX];
         ExecDirectoryType dt;
-        char **e, **d;
         unsigned i;
         int r;
 
@@ -4368,6 +4380,10 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
                         fprintf(f, "%s%s: %s\n", prefix, exec_directory_type_to_string(dt), *d);
         }
 
+        fprintf(f,
+                "%sTimeoutCleanSec: %s\n",
+                prefix, format_timespan(buf_clean, sizeof(buf_clean), c->timeout_clean_usec, USEC_PER_SEC));
+
         if (c->nice_set)
                 fprintf(f,
                         "%sNice: %i\n",
@@ -4811,6 +4827,17 @@ int exec_context_get_clean_directories(
                         r = strv_consume(&l, j);
                         if (r < 0)
                                 return r;
+
+                        /* Also remove private directories unconditionally. */
+                        if (t != EXEC_DIRECTORY_CONFIGURATION) {
+                                j = path_join(prefix[t], "private", *i);
+                                if (!j)
+                                        return -ENOMEM;
+
+                                r = strv_consume(&l, j);
+                                if (r < 0)
+                                        return r;
+                        }
                 }
         }
 
index 0d5398acfae473686251c6bc1b612e2dea6ee3cb..cddfafa0d630673bea3248fb04d3f84354631afc 100644 (file)
@@ -287,6 +287,7 @@ struct ExecContext {
 
         ExecDirectory directories[_EXEC_DIRECTORY_TYPE_MAX];
         ExecPreserveMode runtime_directory_preserve_mode;
+        usec_t timeout_clean_usec;
 };
 
 static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
index 10e4801cfe6b8402a95825d37ea3ef853f7cb991..5490ae32fbcdf949c2b75479856a693d71d0ca5f 100644 (file)
@@ -25,9 +25,9 @@ m4_define(`EXEC_CONTEXT_CONFIG_ITEMS',
 `$1.WorkingDirectory,            config_parse_working_directory,     0,                             offsetof($1, exec_context)
 $1.RootDirectory,                config_parse_unit_path_printf,      true,                          offsetof($1, exec_context.root_directory)
 $1.RootImage,                    config_parse_unit_path_printf,      true,                          offsetof($1, exec_context.root_image)
-$1.User,                         config_parse_user_group,            0,                             offsetof($1, exec_context.user)
-$1.Group,                        config_parse_user_group,            0,                             offsetof($1, exec_context.group)
-$1.SupplementaryGroups,          config_parse_user_group_strv,       0,                             offsetof($1, exec_context.supplementary_groups)
+$1.User,                         config_parse_user_group_compat,     0,                             offsetof($1, exec_context.user)
+$1.Group,                        config_parse_user_group_compat,     0,                             offsetof($1, exec_context.group)
+$1.SupplementaryGroups,          config_parse_user_group_strv_compat, 0,                            offsetof($1, exec_context.supplementary_groups)
 $1.Nice,                         config_parse_exec_nice,             0,                             offsetof($1, exec_context)
 $1.OOMScoreAdjust,               config_parse_exec_oom_score_adjust, 0,                             offsetof($1, exec_context)
 $1.IOSchedulingClass,            config_parse_exec_io_class,         0,                             offsetof($1, exec_context)
@@ -138,6 +138,7 @@ $1.LogsDirectoryMode,            config_parse_mode,                  0,
 $1.LogsDirectory,                config_parse_exec_directories,      0,                             offsetof($1, exec_context.directories[EXEC_DIRECTORY_LOGS].paths)
 $1.ConfigurationDirectoryMode,   config_parse_mode,                  0,                             offsetof($1, exec_context.directories[EXEC_DIRECTORY_CONFIGURATION].mode)
 $1.ConfigurationDirectory,       config_parse_exec_directories,      0,                             offsetof($1, exec_context.directories[EXEC_DIRECTORY_CONFIGURATION].paths)
+$1.TimeoutCleanSec,              config_parse_sec,                   0,                             offsetof($1, exec_context.timeout_clean_usec)
 $1.ProtectHostname,              config_parse_bool,                  0,                             offsetof($1, exec_context.protect_hostname)
 m4_ifdef(`HAVE_PAM',
 `$1.PAMName,                     config_parse_unit_string_printf,    0,                             offsetof($1, exec_context.pam_name)',
@@ -316,7 +317,6 @@ Service.TimeoutSec,              config_parse_service_timeout,       0,
 Service.TimeoutStartSec,         config_parse_service_timeout,       0,                             0
 Service.TimeoutStopSec,          config_parse_sec_fix_0,             0,                             offsetof(Service, timeout_stop_usec)
 Service.TimeoutAbortSec,         config_parse_service_timeout_abort, 0,                             0
-Service.TimeoutCleanSec,         config_parse_sec,                   0,                             offsetof(Service, timeout_clean_usec)
 Service.RuntimeMaxSec,           config_parse_sec,                   0,                             offsetof(Service, runtime_max_usec)
 Service.WatchdogSec,             config_parse_sec,                   0,                             offsetof(Service, watchdog_usec)
 m4_dnl The following five only exist for compatibility, they moved into Unit, see above
@@ -365,8 +365,8 @@ Socket.ExecStartPost,            config_parse_exec,                  SOCKET_EXEC
 Socket.ExecStopPre,              config_parse_exec,                  SOCKET_EXEC_STOP_PRE,          offsetof(Socket, exec_command)
 Socket.ExecStopPost,             config_parse_exec,                  SOCKET_EXEC_STOP_POST,         offsetof(Socket, exec_command)
 Socket.TimeoutSec,               config_parse_sec_fix_0,             0,                             offsetof(Socket, timeout_usec)
-Socket.SocketUser,               config_parse_user_group,            0,                             offsetof(Socket, user)
-Socket.SocketGroup,              config_parse_user_group,            0,                             offsetof(Socket, group)
+Socket.SocketUser,               config_parse_user_group_compat,     0,                             offsetof(Socket, user)
+Socket.SocketGroup,              config_parse_user_group_compat,     0,                             offsetof(Socket, group)
 Socket.SocketMode,               config_parse_mode,                  0,                             offsetof(Socket, socket_mode)
 Socket.DirectoryMode,            config_parse_mode,                  0,                             offsetof(Socket, directory_mode)
 Socket.Accept,                   config_parse_bool,                  0,                             offsetof(Socket, accept)
index c7827df95d2701742053baed88b360edf1d63719..8eaf8b33e9828d6924173fb3593be6eac0d9bca1 100644 (file)
@@ -2002,7 +2002,7 @@ int config_parse_sec_fix_0(
         return 0;
 }
 
-int config_parse_user_group(
+int config_parse_user_group_compat(
                 const char *unit,
                 const char *filename,
                 unsigned line,
@@ -2035,7 +2035,7 @@ int config_parse_user_group(
                 return -ENOEXEC;
         }
 
-        if (!valid_user_group_name_or_id(k)) {
+        if (!valid_user_group_name_or_id_compat(k)) {
                 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
                 return -ENOEXEC;
         }
@@ -2043,7 +2043,7 @@ int config_parse_user_group(
         return free_and_replace(*user, k);
 }
 
-int config_parse_user_group_strv(
+int config_parse_user_group_strv_compat(
                 const char *unit,
                 const char *filename,
                 unsigned line,
@@ -2089,7 +2089,7 @@ int config_parse_user_group_strv(
                         return -ENOEXEC;
                 }
 
-                if (!valid_user_group_name_or_id(k)) {
+                if (!valid_user_group_name_or_id_compat(k)) {
                         log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
                         return -ENOEXEC;
                 }
index 326e80893bdee3041e70abb71ab96e76bd3a0297..664643f08ec25e9717463d022c4e4b65a0e22fe1 100644 (file)
@@ -99,8 +99,8 @@ CONFIG_PARSER_PROTOTYPE(config_parse_exec_utmp_mode);
 CONFIG_PARSER_PROTOTYPE(config_parse_working_directory);
 CONFIG_PARSER_PROTOTYPE(config_parse_fdname);
 CONFIG_PARSER_PROTOTYPE(config_parse_sec_fix_0);
-CONFIG_PARSER_PROTOTYPE(config_parse_user_group);
-CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv);
+CONFIG_PARSER_PROTOTYPE(config_parse_user_group_compat);
+CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv_compat);
 CONFIG_PARSER_PROTOTYPE(config_parse_restrict_namespaces);
 CONFIG_PARSER_PROTOTYPE(config_parse_bind_paths);
 CONFIG_PARSER_PROTOTYPE(config_parse_exec_keyring_mode);
index 9d3096e3ac98391bbf3208f3819dbea825175785..284b77c1fcce9d11b4ca0bbb03d13a4c156f96de 100644 (file)
@@ -68,6 +68,11 @@ static int generate_machine_id(const char *root, sd_id128_t *ret) {
                                 log_info("Initializing machine ID from KVM UUID.");
                                 return 0;
                         }
+                        /* on POWER, it's exported here instead */
+                        if (id128_read("/sys/firmware/devicetree/base/vm,uuid", ID128_UUID, ret) >= 0) {
+                                log_info("Initializing machine ID from KVM UUID.");
+                                return 0;
+                        }
                 }
         }
 
index 8d691a19c3d3d45bbb058938665368a8570ced19..d9114bb0c597a4ef9c72f41ed4cda23584ba2ce1 100644 (file)
@@ -603,6 +603,8 @@ static char** sanitize_environment(char **l) {
 }
 
 int manager_default_environment(Manager *m) {
+        int r;
+
         assert(m);
 
         m->transient_environment = strv_free(m->transient_environment);
@@ -616,16 +618,29 @@ int manager_default_environment(Manager *m) {
                  * /proc/self/environ valid; it is used for tagging
                  * the init process inside containers. */
                 m->transient_environment = strv_new("PATH=" DEFAULT_PATH);
+                if (!m->transient_environment)
+                        return log_oom();
 
                 /* Import locale variables LC_*= from configuration */
                 (void) locale_setup(&m->transient_environment);
-        } else
+        } else {
+                _cleanup_free_ char *k = NULL;
+
                 /* The user manager passes its own environment
-                 * along to its children. */
+                 * along to its children, except for $PATH. */
                 m->transient_environment = strv_copy(environ);
+                if (!m->transient_environment)
+                        return log_oom();
 
-        if (!m->transient_environment)
-                return log_oom();
+                k = strdup("PATH=" DEFAULT_USER_PATH);
+                if (!k)
+                        return log_oom();
+
+                r = strv_env_replace(&m->transient_environment, k);
+                if (r < 0)
+                        return log_oom();
+                TAKE_PTR(k);
+        }
 
         sanitize_environment(m->transient_environment);
 
@@ -1629,9 +1644,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
 
         manager_preset_all(m);
 
-        r = lookup_paths_reduce(&m->lookup_paths);
-        if (r < 0)
-                log_warning_errno(r, "Failed to reduce unit file paths, ignoring: %m");
+        lookup_paths_log(&m->lookup_paths);
 
         {
                 /* This block is (optionally) done with the reloading counter bumped */
@@ -3520,9 +3533,7 @@ int manager_reload(Manager *m) {
         (void) manager_run_environment_generators(m);
         (void) manager_run_generators(m);
 
-        r = lookup_paths_reduce(&m->lookup_paths);
-        if (r < 0)
-                log_warning_errno(r, "Failed to reduce unit file paths, ignoring: %m");
+        lookup_paths_log(&m->lookup_paths);
 
         /* We flushed out generated files, for which we don't watch mtime, so we should flush the old map. */
         manager_free_unit_name_maps(m);
index fb6820e109a9e0c2faab21123a512f305ea6e09b..df3aa5c6c1659696ed16ef90c14f8a31071b08ca 100644 (file)
@@ -197,8 +197,6 @@ endforeach
 
 install_data('org.freedesktop.systemd1.conf',
              install_dir : dbuspolicydir)
-install_data('org.freedesktop.systemd1.service',
-             install_dir : dbussystemservicedir)
 
 policy = configure_file(
         input : 'org.freedesktop.systemd1.policy.in',
index 4f37d3e9a9bfab769a8ba15d2f3e0022fb080bae..959b8fbed28896e38877ddbac78df1921796e2b6 100644 (file)
@@ -826,7 +826,7 @@ static void mount_enter_dead(Mount *m, MountResult f) {
 
         m->exec_runtime = exec_runtime_unref(m->exec_runtime, true);
 
-        exec_context_destroy_runtime_directory(&m->exec_context, UNIT(m)->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+        unit_destroy_runtime_directory(UNIT(m), &m->exec_context);
 
         unit_unref_uid_gid(UNIT(m), true);
 
@@ -1996,6 +1996,8 @@ const UnitVTable mount_vtable = {
         .active_state = mount_active_state,
         .sub_state_to_string = mount_sub_state_to_string,
 
+        .will_restart = unit_will_restart_default,
+
         .may_gc = mount_may_gc,
 
         .sigchld_event = mount_sigchld_event,
diff --git a/src/core/org.freedesktop.systemd1.service b/src/core/org.freedesktop.systemd1.service
deleted file mode 100644 (file)
index 8bd7302..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-#  SPDX-License-Identifier: LGPL-2.1+
-#
-#  This file is part of systemd.
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-
-[D-BUS Service]
-Name=org.freedesktop.systemd1
-Exec=/bin/false
-User=root
index d8cfb4014555aa4b6379c67d2fb3ebfc03773c87..73b3c9c316508b467d837c7e782a83afa60e3427 100644 (file)
@@ -108,7 +108,6 @@ static void service_init(Unit *u) {
         s->timeout_abort_set = u->manager->default_timeout_abort_set;
         s->restart_usec = u->manager->default_restart_usec;
         s->runtime_max_usec = USEC_INFINITY;
-        s->timeout_clean_usec = USEC_INFINITY;
         s->type = _SERVICE_TYPE_INVALID;
         s->socket_fd = -1;
         s->stdin_fd = s->stdout_fd = s->stderr_fd = -1;
@@ -794,8 +793,7 @@ static int service_load(Unit *u) {
 
 static void service_dump(Unit *u, FILE *f, const char *prefix) {
         char buf_restart[FORMAT_TIMESPAN_MAX], buf_start[FORMAT_TIMESPAN_MAX], buf_stop[FORMAT_TIMESPAN_MAX],
-                buf_runtime[FORMAT_TIMESPAN_MAX], buf_watchdog[FORMAT_TIMESPAN_MAX], buf_abort[FORMAT_TIMESPAN_MAX],
-                buf_clean[FORMAT_TIMESPAN_MAX];
+                buf_runtime[FORMAT_TIMESPAN_MAX], buf_watchdog[FORMAT_TIMESPAN_MAX], buf_abort[FORMAT_TIMESPAN_MAX];
         ServiceExecCommand c;
         Service *s = SERVICE(u);
         const char *prefix2;
@@ -878,10 +876,8 @@ static void service_dump(Unit *u, FILE *f, const char *prefix) {
                         prefix, format_timespan(buf_abort, sizeof(buf_abort), s->timeout_abort_usec, USEC_PER_SEC));
 
         fprintf(f,
-                "%sTimeoutCleanSec: %s\n"
                 "%sRuntimeMaxSec: %s\n"
                 "%sWatchdogSec: %s\n",
-                prefix, format_timespan(buf_clean, sizeof(buf_clean), s->timeout_clean_usec, USEC_PER_SEC),
                 prefix, format_timespan(buf_runtime, sizeof(buf_runtime), s->runtime_max_usec, USEC_PER_SEC),
                 prefix, format_timespan(buf_watchdog, sizeof(buf_watchdog), s->watchdog_usec, USEC_PER_SEC));
 
@@ -1167,7 +1163,7 @@ static usec_t service_coldplug_timeout(Service *s) {
                 return usec_add(UNIT(s)->inactive_enter_timestamp.monotonic, s->restart_usec);
 
         case SERVICE_CLEANING:
-                return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_clean_usec);
+                return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->exec_context.timeout_clean_usec);
 
         default:
                 return USEC_INFINITY;
@@ -1721,12 +1717,8 @@ static bool service_will_restart(Unit *u) {
                 return true;
         if (s->state == SERVICE_AUTO_RESTART)
                 return true;
-        if (!UNIT(s)->job)
-                return false;
-        if (UNIT(s)->job->type == JOB_START)
-                return true;
 
-        return false;
+        return unit_will_restart_default(u);
 }
 
 static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart) {
@@ -1789,10 +1781,8 @@ static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart)
         /* We want fresh tmpdirs in case service is started again immediately */
         s->exec_runtime = exec_runtime_unref(s->exec_runtime, true);
 
-        if (s->exec_context.runtime_directory_preserve_mode == EXEC_PRESERVE_NO ||
-            (s->exec_context.runtime_directory_preserve_mode == EXEC_PRESERVE_RESTART && !service_will_restart(UNIT(s))))
-                /* Also, remove the runtime directory */
-                exec_context_destroy_runtime_directory(&s->exec_context, UNIT(s)->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+        /* Also, remove the runtime directory */
+        unit_destroy_runtime_directory(UNIT(s), &s->exec_context);
 
         /* Get rid of the IPC bits of the user */
         unit_unref_uid_gid(UNIT(s), true);
@@ -4277,7 +4267,7 @@ static int service_clean(Unit *u, ExecCleanMask mask) {
         s->control_command = NULL;
         s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
 
-        r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_clean_usec));
+        r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->exec_context.timeout_clean_usec));
         if (r < 0)
                 goto fail;
 
index adc05d321841998284d03102e08b6915be5ee34d..11e861a3d4325bf92635662811a0cd648de4c10e 100644 (file)
@@ -101,7 +101,6 @@ struct Service {
         usec_t timeout_stop_usec;
         usec_t timeout_abort_usec;
         bool timeout_abort_set;
-        usec_t timeout_clean_usec;
         usec_t runtime_max_usec;
 
         dual_timestamp watchdog_timestamp;
index 46fe405a17d7212e12e490065ffc4d122cec9085..e94d6feef9a53ad61c003bbcb3f536cd06ac2524 100644 (file)
@@ -2035,7 +2035,7 @@ static void socket_enter_dead(Socket *s, SocketResult f) {
 
         s->exec_runtime = exec_runtime_unref(s->exec_runtime, true);
 
-        exec_context_destroy_runtime_directory(&s->exec_context, UNIT(s)->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+        unit_destroy_runtime_directory(UNIT(s), &s->exec_context);
 
         unit_unref_uid_gid(UNIT(s), true);
 
@@ -3353,6 +3353,8 @@ const UnitVTable socket_vtable = {
         .active_state = socket_active_state,
         .sub_state_to_string = socket_sub_state_to_string,
 
+        .will_restart = unit_will_restart_default,
+
         .may_gc = socket_may_gc,
 
         .sigchld_event = socket_sigchld_event,
index 74381c0c95b4481bd7bdd7f189fbb4b700dc7ad6..4ce9d06280d4faaa6cba4262a8ace0ac4ff79c10 100644 (file)
@@ -683,7 +683,7 @@ static void swap_enter_dead(Swap *s, SwapResult f) {
 
         s->exec_runtime = exec_runtime_unref(s->exec_runtime, true);
 
-        exec_context_destroy_runtime_directory(&s->exec_context, UNIT(s)->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+        unit_destroy_runtime_directory(UNIT(s), &s->exec_context);
 
         unit_unref_uid_gid(UNIT(s), true);
 
@@ -1529,6 +1529,8 @@ const UnitVTable swap_vtable = {
         .active_state = swap_active_state,
         .sub_state_to_string = swap_sub_state_to_string,
 
+        .will_restart = unit_will_restart_default,
+
         .may_gc = swap_may_gc,
 
         .sigchld_event = swap_sigchld_event,
index 31ed473f91057829b77e620a7caa00f6394b5bb3..64eb12733aa783960779f5c3700e519abf51d720 100644 (file)
@@ -1751,7 +1751,6 @@ static bool unit_verify_deps(Unit *u) {
 int unit_start(Unit *u) {
         UnitActiveState state;
         Unit *following;
-        int r;
 
         assert(u);
 
@@ -1776,25 +1775,8 @@ int unit_start(Unit *u) {
          * still be useful to speed up activation in case there is some hold-off time, but we don't want to
          * recheck the condition in that case. */
         if (state != UNIT_ACTIVATING &&
-            !unit_test_condition(u)) {
-
-                /* Let's also check the start limit here. Normally, the start limit is only checked by the
-                 * .start() method of the unit type after it did some additional checks verifying everything
-                 * is in order (so that those other checks can propagate errors properly). However, if a
-                 * condition check doesn't hold we don't get that far but we should still ensure we are not
-                 * called in a tight loop without a rate limit check enforced, hence do the check here. Note
-                 * that ECOMM is generally not a reason for a job to fail, unlike most other errors here,
-                 * hence the chance is big that any triggering unit for us will trigger us again. Note this
-                 * condition check is a bit different from the condition check inside the per-unit .start()
-                 * function, as this one will not change the unit's state in any way (and we shouldn't here,
-                 * after all the condition failed). */
-
-                r = unit_test_start_limit(u);
-                if (r < 0)
-                        return r;
-
+            !unit_test_condition(u))
                 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(ECOMM), "Starting requested but condition failed. Not starting unit.");
-        }
 
         /* If the asserts failed, fail the entire job */
         if (state != UNIT_ACTIVATING &&
@@ -4069,6 +4051,17 @@ bool unit_active_or_pending(Unit *u) {
         return false;
 }
 
+bool unit_will_restart_default(Unit *u) {
+        assert(u);
+
+        if (!u->job)
+                return false;
+        if (u->job->type == JOB_START)
+                return true;
+
+        return false;
+}
+
 bool unit_will_restart(Unit *u) {
         assert(u);
 
@@ -5880,6 +5873,12 @@ int unit_test_trigger_loaded(Unit *u) {
         return 0;
 }
 
+void unit_destroy_runtime_directory(Unit *u, const ExecContext *context) {
+        if (context->runtime_directory_preserve_mode == EXEC_PRESERVE_NO ||
+            (context->runtime_directory_preserve_mode == EXEC_PRESERVE_RESTART && !unit_will_restart(u)))
+                exec_context_destroy_runtime_directory(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
+}
+
 int unit_clean(Unit *u, ExecCleanMask mask) {
         UnitActiveState state;
 
index 4732d72202979548befd5e946b675e12842ba8d6..7f1d2f651cd5fdf8cb2d8625dbd453bb7c1cca87 100644 (file)
@@ -752,6 +752,7 @@ const char *unit_slice_name(Unit *u);
 bool unit_stop_pending(Unit *u) _pure_;
 bool unit_inactive_or_pending(Unit *u) _pure_;
 bool unit_active_or_pending(Unit *u);
+bool unit_will_restart_default(Unit *u);
 bool unit_will_restart(Unit *u);
 
 int unit_add_default_target_dependency(Unit *u, Unit *target);
@@ -860,6 +861,7 @@ int unit_failure_action_exit_status(Unit *u);
 
 int unit_test_trigger_loaded(Unit *u);
 
+void unit_destroy_runtime_directory(Unit *u, const ExecContext *context);
 int unit_clean(Unit *u, ExecCleanMask mask);
 int unit_can_clean(Unit *u, ExecCleanMask *ret_mask);
 
index d1293eff168118da48d0f6029c785b544fb0d50d..5fe51359f60d50a79ed7ae5ae24522640e011dbf 100644 (file)
@@ -28,6 +28,13 @@ static int environment_dirs(char ***ret) {
         if (r < 0)
                 return r;
 
+        if (DEBUG_LOGGING) {
+                _cleanup_free_ char *t;
+
+                t = strv_join(dirs, "\n\t");
+                log_debug("Looking for environment.d files in (higher priority first):\n\t%s", strna(t));
+        }
+
         *ret = TAKE_PTR(dirs);
         return 0;
 }
@@ -49,6 +56,8 @@ static int load_and_print(void) {
          * that in case of failure, a partial update is better than none. */
 
         STRV_FOREACH(i, files) {
+                log_debug("Reading %s…", *i);
+
                 r = merge_env_file(&env, NULL, *i);
                 if (r == -ENOMEM)
                         return r;
index 75cba5827ce0db38df76ce9be4018f9a5d93ea3d..9e4f4fb59e71be38280f98964e9872d43f5c015f 100644 (file)
@@ -116,6 +116,8 @@ static int context_read_data(Context *c) {
                 return r;
 
         r = id128_read("/sys/class/dmi/id/product_uuid", ID128_UUID, &c->uuid);
+        if (r == -ENOENT)
+                r = id128_read("/sys/firmware/devicetree/base/vm,uuid", ID128_UUID, &c->uuid);
         if (r < 0)
                 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r,
                                "Failed to read product UUID, ignoring: %m");
index 2fb0f5207b3339e1ee13d62f52582c50a531b08d..47a0cd224ae8518ba56732305604eec3c521d462 100644 (file)
@@ -45,13 +45,13 @@ if ! [[ $PRETTY_NAME ]]; then
     PRETTY_NAME="Linux $KERNEL_VERSION"
 fi
 
-declare -a BOOT_OPTIONS
-
 if [[ -f /etc/kernel/cmdline ]]; then
     read -r -d '' -a BOOT_OPTIONS < /etc/kernel/cmdline
-fi
+elif [[ -f /usr/lib/kernel/cmdline ]]; then
+    read -r -d '' -a BOOT_OPTIONS < /usr/lib/kernel/cmdline
+else
+    declare -a BOOT_OPTIONS
 
-if ! [[ ${BOOT_OPTIONS[*]} ]]; then
     read -r -d '' -a line < /proc/cmdline
     for i in "${line[@]}"; do
         [[ "${i#initrd=*}" != "$i" ]] && continue
@@ -59,12 +59,6 @@ if ! [[ ${BOOT_OPTIONS[*]} ]]; then
     done
 fi
 
-if ! [[ ${BOOT_OPTIONS[*]} ]]; then
-    echo "Could not determine the kernel command line parameters." >&2
-    echo "Please specify the kernel command line in /etc/kernel/cmdline!" >&2
-    exit 1
-fi
-
 if [[ -f /etc/kernel/tries ]]; then
     read -r TRIES </etc/kernel/tries
     if ! [[ "$TRIES" =~ ^[0-9]+$ ]] ; then
index 303dcea106ff2f3a63950d75f3b9d074ebcf1328..026ac8cb946946c4b6d4596899f31b4f8d0754f2 100644 (file)
@@ -1354,8 +1354,7 @@ _public_ int sd_bus_open_user_with_description(sd_bus **ret, const char *descrip
         b->bus_client = true;
         b->is_user = true;
 
-        /* We don't do any per-method access control on the user
-         * bus. */
+        /* We don't do any per-method access control on the user bus. */
         b->trusted = true;
         b->is_local = true;
 
index d69ca6ac9742179b450c4a755f3dfe203c15f15e..b6350027dd3ede31d867e049b627353d717ac385 100644 (file)
 
 #define DEFAULT_BUS_PATH "unix:path=/run/dbus/system_bus_socket"
 
+static struct context c = {};
+static int happy_finder_object = 0;
+
+static int happy_finder(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+        assert(userdata);
+        assert(userdata == &c);
+
+#ifndef __cplusplus
+        log_info("%s called", __func__);
+#endif
+
+        happy_finder_object++;
+        *found = &happy_finder_object;
+        return 1; /* found */
+}
+
 static void test_vtable(void) {
         sd_bus *bus = NULL;
-        struct context c = {};
         int r;
 
         assert(sd_bus_new(&bus) >= 0);
@@ -32,16 +47,23 @@ static void test_vtable(void) {
         assert(sd_bus_add_object_vtable(bus, NULL, "/foo", "org.freedesktop.systemd.testVtable221",
                                         (const sd_bus_vtable *)vtable_format_221, &c) >= 0);
 
+        assert(sd_bus_add_fallback_vtable(bus, NULL, "/fallback", "org.freedesktop.systemd.testVtable2", test_vtable_2, happy_finder, &c) >= 0);
+
         assert(sd_bus_set_address(bus, DEFAULT_BUS_PATH) >= 0);
         r = sd_bus_start(bus);
         assert(r == 0 ||     /* success */
                r == -ENOENT  /* dbus is inactive */ );
 
 #ifndef __cplusplus
-        _cleanup_free_ char *s = NULL;
+        _cleanup_free_ char *s, *s2;
 
         assert_se(introspect_path(bus, "/foo", NULL, false, true, NULL, &s, NULL) == 1);
         fputs(s, stdout);
+
+        assert_se(introspect_path(bus, "/fallback", NULL, false, true, NULL, &s2, NULL) == 1);
+        fputs(s2, stdout);
+
+        assert_se(happy_finder_object == 1);
 #endif
 
         sd_bus_unref(bus);
index 333dbd5b12f1ad8784fac71df1fed1a95046f405..bc89893814b050209ede42845b8b4164429c2ace 100644 (file)
@@ -42,7 +42,7 @@ static const sd_bus_vtable test_vtable_1[] = {
 
 static const sd_bus_vtable test_vtable_2[] = {
         SD_BUS_VTABLE_START(0),
-        SD_BUS_METHOD("AlterSomething", "s", "s", handler, 0),
+        SD_BUS_METHOD("AlterSomething", "s", "s", handler, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("Exit", "", "", handler, 0),
         SD_BUS_METHOD_WITH_OFFSET("AlterSomething2", "s", "s", handler, 200, 0),
         SD_BUS_METHOD_WITH_OFFSET("Exit2", "", "", handler, 200, 0),
index b36616e55a03bb8966ef5b63eeb1079543aa0262..30b9a66334fa7914e4f6984da46c49dd678e12aa 100644 (file)
@@ -115,7 +115,6 @@ int manager_get_session_from_creds(
         Session *session;
 
         assert(m);
-        assert(message);
         assert(ret);
 
         if (SEAT_IS_SELF(name)) /* the caller's own session */
index 1883c97e4db21cc46175b1ad76e9782afa76543d..67fe9921d4019385f844d9a4da092f53b3388511 100644 (file)
@@ -72,13 +72,13 @@ Inhibitor* inhibitor_free(Inhibitor *i) {
         sd_event_source_unref(i->event_source);
         safe_close(i->fifo_fd);
 
+        hashmap_remove(i->manager->inhibitors, i->id);
+
         /* Note that we don't remove neither the state file nor the fifo path here, since we want both to
          * survive daemon restarts */
         free(i->state_file);
         free(i->fifo_path);
 
-        hashmap_remove(i->manager->inhibitors, i->id);
-
         return mfree(i);
 }
 
index a37bbf56b75ad2b5d18ff0f229938eb1f45364f2..872b9a86d98074e655bb160e4a3e295e512c3570 100644 (file)
@@ -610,8 +610,6 @@ int session_object_find(sd_bus *bus, const char *path, const char *interface, vo
                 return -ENOMEM;
 
         message = sd_bus_get_current_message(bus);
-        if (!message)
-                return 0;
 
         r = manager_get_session_from_creds(m, message, e, error, &session);
         if (r == -ENXIO) {
index 885cda3a035df9d0cb1780f9a06c8d6773bfb53c..4fe55710391b10c741f40759dad9dd1fcbb9d907 100644 (file)
@@ -568,11 +568,6 @@ int address_configure(
         assert(link->manager->rtnl);
         assert(callback);
 
-        if (address->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) {
-                log_link_warning(link, "An IPv6 address is requested, but IPv6 is disabled by sysctl, ignoring.");
-                return 0;
-        }
-
         /* If this is a new address, then refuse adding more than the limit */
         if (address_get(link, address->family, &address->in_addr, address->prefixlen, NULL) <= 0 &&
             set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX)
index 164e46675ccb378825d913fe6f180c8334213cf7..662770b50e30cac992856bd951476da8c0df2f73 100644 (file)
@@ -529,7 +529,7 @@ static int dhcp_lease_lost(Link *link) {
         assert(link);
         assert(link->dhcp_lease);
 
-        log_link_warning(link, "DHCP lease lost");
+        log_link_info(link, "DHCP lease lost");
 
         link->dhcp4_configured = false;
 
index 7ffbd0a66e343fd9ab4fb8c3a77f5405876b5c62..1f688d6716f51511e42fe6d0cd625bfde661acf9 100644 (file)
@@ -123,11 +123,6 @@ int fdb_entry_configure(Link *link, FdbEntry *fdb_entry) {
         assert(link->manager);
         assert(fdb_entry);
 
-        if (fdb_entry->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) {
-                log_link_warning(link, "An IPv6 fdb entry is requested, but IPv6 is disabled by sysctl, ignoring.");
-                return 0;
-        }
-
         /* create new RTM message */
         r = sd_rtnl_message_new_neigh(link->manager->rtnl, &req, RTM_NEWNEIGH, link->ifindex, PF_BRIDGE);
         if (r < 0)
index 47d4d08aeea6ecef337cc003ac264c10b94314cd..f5bb78890a0c51ba0448ffb52dc66032471949fa 100644 (file)
@@ -69,27 +69,6 @@ DUID* link_get_duid(Link *link) {
                 return &link->manager->duid;
 }
 
-int link_sysctl_ipv6_enabled(Link *link) {
-        _cleanup_free_ char *value = NULL;
-        int r;
-
-        assert(link);
-        assert(link->ifname);
-
-        if (link->sysctl_ipv6_enabled >= 0)
-                return link->sysctl_ipv6_enabled;
-
-        const char *ifname = link->ifname; /* work around bogus gcc warning */
-        r = sysctl_read_ip_property(AF_INET6, ifname, "disable_ipv6", &value);
-        if (r < 0)
-                return log_link_warning_errno(link, r,
-                                              "Failed to read net.ipv6.conf.%s.disable_ipv6 sysctl property: %m",
-                                              ifname);
-
-        link->sysctl_ipv6_enabled = value[0] == '0';
-        return link->sysctl_ipv6_enabled;
-}
-
 static bool link_dhcp6_enabled(Link *link) {
         assert(link);
 
@@ -108,9 +87,6 @@ static bool link_dhcp6_enabled(Link *link) {
         if (link->iftype == ARPHRD_CAN)
                 return false;
 
-        if (link_sysctl_ipv6_enabled(link) == 0)
-                return false;
-
         return link->network->dhcp & ADDRESS_FAMILY_IPV6;
 }
 
@@ -199,9 +175,6 @@ static bool link_ipv6ll_enabled(Link *link) {
         if (link->network->bond)
                 return false;
 
-        if (link_sysctl_ipv6_enabled(link) == 0)
-                return false;
-
         return link->network->link_local & ADDRESS_FAMILY_IPV6;
 }
 
@@ -214,14 +187,17 @@ static bool link_ipv6_enabled(Link *link) {
         if (link->network->bond)
                 return false;
 
-        if (link_sysctl_ipv6_enabled(link) == 0)
-                return false;
-
         if (link->iftype == ARPHRD_CAN)
                 return false;
 
         /* DHCPv6 client will not be started if no IPv6 link-local address is configured. */
-        return link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
+        if (link_ipv6ll_enabled(link))
+                return true;
+
+        if (network_has_static_ipv6_configurations(link->network))
+                return true;
+
+        return false;
 }
 
 static bool link_radv_enabled(Link *link) {
@@ -263,9 +239,6 @@ static bool link_ipv6_forward_enabled(Link *link) {
         if (link->network->ip_forward == _ADDRESS_FAMILY_INVALID)
                 return false;
 
-        if (link_sysctl_ipv6_enabled(link) == 0)
-                return false;
-
         return link->network->ip_forward & ADDRESS_FAMILY_IPV6;
 }
 
@@ -329,20 +302,21 @@ static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) {
         return link->network->ipv6_privacy_extensions;
 }
 
-static int link_enable_ipv6(Link *link) {
-        bool disabled;
+static int link_update_ipv6_sysctl(Link *link) {
+        bool enabled;
         int r;
 
         if (link->flags & IFF_LOOPBACK)
                 return 0;
 
-        disabled = !link_ipv6_enabled(link);
+        enabled = link_ipv6_enabled(link);
+        if (enabled) {
+                r = sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false);
+                if (r < 0)
+                        return log_link_warning_errno(link, r, "Cannot enable IPv6: %m");
 
-        r = sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", disabled);
-        if (r < 0)
-                log_link_warning_errno(link, r, "Cannot %s IPv6: %m", enable_disable(!disabled));
-        else
-                log_link_info(link, "IPv6 successfully %sd", enable_disable(!disabled));
+                log_link_info(link, "IPv6 successfully enabled");
+        }
 
         return 0;
 }
@@ -614,7 +588,6 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) {
                 .state = LINK_STATE_PENDING,
                 .ifindex = ifindex,
                 .iftype = iftype,
-                .sysctl_ipv6_enabled = -1,
 
                 .n_dns = (unsigned) -1,
                 .dns_default_route = -1,
@@ -1281,10 +1254,6 @@ int link_set_mtu(Link *link, uint32_t mtu) {
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not allocate RTM_SETLINK message: %m");
 
-        /* If IPv6 not configured (no static IPv6 address and IPv6LL autoconfiguration is disabled)
-         * for this interface, then disable IPv6 else enable it. */
-        (void) link_enable_ipv6(link);
-
         /* IPv6 protocol requires a minimum MTU of IPV6_MTU_MIN(1280) bytes
          * on the interface. Bump up MTU bytes to IPV6_MTU_MIN. */
         if (link_ipv6_enabled(link) && mtu < IPV6_MIN_MTU) {
@@ -2554,6 +2523,10 @@ static int link_configure(Link *link) {
                         return r;
         }
 
+        /* If IPv6 configured that is static IPv6 address and IPv6LL autoconfiguration is enabled
+         * for this interface, then enable IPv6 */
+        (void) link_update_ipv6_sysctl(link);
+
         r = link_set_proxy_arp(link);
         if (r < 0)
                return r;
index d077dfe772964d7c750e5077e5e326a280d4c5a4..3eff6fbc62e0d588e3479d758548cc85d1da0b34 100644 (file)
@@ -133,7 +133,6 @@ typedef struct Link {
         struct rtnl_link_stats64 stats_old, stats_new;
         bool stats_updated;
 
-        int sysctl_ipv6_enabled;
 
         /* All kinds of DNS configuration */
         struct in_addr_data *dns;
@@ -200,8 +199,6 @@ uint32_t link_get_dhcp_route_table(Link *link);
 uint32_t link_get_ipv6_accept_ra_route_table(Link *link);
 int link_request_set_routes(Link *link);
 
-int link_sysctl_ipv6_enabled(Link *link);
-
 #define ADDRESS_FMT_VAL(address)                   \
         be32toh((address).s_addr) >> 24,           \
         (be32toh((address).s_addr) >> 16) & 0xFFu, \
index 6a8766ce689d44b17d08fdfe5cf4123200aa2f71..2b8d0eb2fbbf983fae64282b27e84ba36a1850a3 100644 (file)
@@ -220,6 +220,26 @@ int network_verify(Network *network) {
         if (network->link_local < 0)
                 network->link_local = network->bridge ? ADDRESS_FAMILY_NO : ADDRESS_FAMILY_IPV6;
 
+        if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) {
+                if (network->ipv6_accept_ra > 0) {
+                        log_warning("%s: IPv6AcceptRA= is enabled by the .network file but IPv6 link local addressing is disabled. "
+                                    "Disabling IPv6AcceptRA=.", network->filename);
+                        network->ipv6_accept_ra = false;
+                }
+
+                if (FLAGS_SET(network->dhcp, ADDRESS_FAMILY_IPV6)) {
+                        log_warning("%s: DHCPv6 client is enabled by the .network file but IPv6 link local addressing is disabled. "
+                                    "Disabling DHCPv6 client.", network->filename);
+                        SET_FLAG(network->dhcp, ADDRESS_FAMILY_IPV6, false);
+                }
+
+                if (network->router_prefix_delegation != RADV_PREFIX_DELEGATION_NONE) {
+                        log_warning("%s: IPv6PrefixDelegation= is enabled but IPv6 link local addressing is disabled. "
+                                    "Disabling IPv6PrefixDelegation=.", network->filename);
+                        network->router_prefix_delegation = RADV_PREFIX_DELEGATION_NONE;
+                }
+        }
+
         if (FLAGS_SET(network->link_local, ADDRESS_FAMILY_FALLBACK_IPV4) &&
             !FLAGS_SET(network->dhcp, ADDRESS_FAMILY_IPV4)) {
                 log_warning("%s: fallback assignment of IPv4 link local address is enabled but DHCPv4 is disabled. "
@@ -662,15 +682,35 @@ int network_apply(Network *network, Link *link) {
         return 0;
 }
 
-bool network_has_static_ipv6_addresses(Network *network) {
+bool network_has_static_ipv6_configurations(Network *network) {
         Address *address;
+        Route *route;
+        FdbEntry *fdb;
+        Neighbor *neighbor;
 
         assert(network);
 
-        LIST_FOREACH(addresses, address, network->static_addresses) {
+        LIST_FOREACH(addresses, address, network->static_addresses)
                 if (address->family == AF_INET6)
                         return true;
-        }
+
+        LIST_FOREACH(routes, route, network->static_routes)
+                if (route->family == AF_INET6)
+                        return true;
+
+        LIST_FOREACH(static_fdb_entries, fdb, network->static_fdb_entries)
+                if (fdb->family == AF_INET6)
+                        return true;
+
+        LIST_FOREACH(neighbors, neighbor, network->neighbors)
+                if (neighbor->family == AF_INET6)
+                        return true;
+
+        if (!LIST_IS_EMPTY(network->address_labels))
+                return true;
+
+        if (!LIST_IS_EMPTY(network->static_prefixes))
+                return true;
 
         return false;
 }
index f8894f86dda5c47dd86c9b215e6a2360ff752652..bc760744e5f5647badc3584c69f5a79bf03fc9b3 100644 (file)
@@ -269,7 +269,7 @@ int network_get(Manager *manager, sd_device *device, const char *ifname, const s
 int network_apply(Network *network, Link *link);
 void network_apply_anonymize_if_set(Network *network);
 
-bool network_has_static_ipv6_addresses(Network *network);
+bool network_has_static_ipv6_configurations(Network *network);
 
 CONFIG_PARSER_PROTOTYPE(config_parse_stacked_netdev);
 CONFIG_PARSER_PROTOTYPE(config_parse_tunnel);
index 8a16e9111ff026e648374738ff63c570f0a7d13c..19055f4e48e8fcb5df0d3bf1b8ec3c44906a7d70 100644 (file)
@@ -636,11 +636,6 @@ int route_configure(
         assert(IN_SET(route->family, AF_INET, AF_INET6));
         assert(callback);
 
-        if (route->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) {
-                log_link_warning(link, "An IPv6 route is requested, but IPv6 is disabled by sysctl, ignoring.");
-                return 0;
-        }
-
         if (route_get(link, route->family, &route->dst, route->dst_prefixlen, &route->gw, route->tos, route->priority, route->table, NULL) <= 0 &&
             set_size(link->routes) >= routes_max())
                 return log_link_error_errno(link, SYNTHETIC_ERRNO(E2BIG),
index 5edc2444a70fd4345f33fefbcfc640532e0c2d12..f032169aebf4a7dca5599bbdf789d3b1b26a34d0 100644 (file)
@@ -453,11 +453,6 @@ int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, link_netl
         assert(link->manager);
         assert(link->manager->rtnl);
 
-        if (rule->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) {
-                log_link_warning(link, "An IPv6 routing policy rule is requested, but IPv6 is disabled by sysctl, ignoring.");
-                return 0;
-        }
-
         r = sd_rtnl_message_new_routing_policy_rule(link->manager->rtnl, &m, RTM_NEWRULE, rule->family);
         if (r < 0)
                 return log_error_errno(r, "Could not allocate RTM_NEWRULE message: %m");
index b65ba3e56a3e1f5b944d7ffb47617c54163760f2..592c4eb8b06fc8d27e99cf071815ba43469162eb 100644 (file)
                 <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
         </action>
 
+        <action id="org.freedesktop.resolve1.set-dns-servers">
+                <description gettext-domain="systemd">Set DNS servers</description>
+                <message gettext-domain="systemd">Authentication is required to set DNS servers.</message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+        </action>
+
+        <action id="org.freedesktop.resolve1.set-domains">
+                <description gettext-domain="systemd">Set domains</description>
+                <message gettext-domain="systemd">Authentication is required to set domains.</message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+        </action>
+
+        <action id="org.freedesktop.resolve1.set-default-route">
+                <description gettext-domain="systemd">Set default route</description>
+                <message gettext-domain="systemd">Authentication is required to set default route.</message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+        </action>
+
+        <action id="org.freedesktop.resolve1.set-llmnr">
+                <description gettext-domain="systemd">Enable/disable LLMNR</description>
+                <message gettext-domain="systemd">Authentication is required to enable or disable LLMNR.</message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+        </action>
+
+        <action id="org.freedesktop.resolve1.set-mdns">
+                <description gettext-domain="systemd">Enable/disable multicast DNS</description>
+                <message gettext-domain="systemd">Authentication is required to enable or disable multicast DNS.</message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+        </action>
+
+        <action id="org.freedesktop.resolve1.set-dns-over-tls">
+                <description gettext-domain="systemd">Enable/disable DNS over TLS</description>
+                <message gettext-domain="systemd">Authentication is required to enable or disable DNS over TLS.</message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+        </action>
+
+        <action id="org.freedesktop.resolve1.set-dnssec">
+                <description gettext-domain="systemd">Enable/disable DNSSEC</description>
+                <message gettext-domain="systemd">Authentication is required to enable or disable DNSSEC.</message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+        </action>
+
+        <action id="org.freedesktop.resolve1.set-dnssec-negative-trust-anchors">
+                <description gettext-domain="systemd">Set DNSSEC Negative Trust Anchors</description>
+                <message gettext-domain="systemd">Authentication is required to set DNSSEC Negative Trust Anchros.</message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+        </action>
+
+        <action id="org.freedesktop.resolve1.revert">
+                <description gettext-domain="systemd">Revert name resolution settings</description>
+                <message gettext-domain="systemd">Authentication is required to revert name resolution settings.</message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
+        </action>
+
 </policyconfig>
index 4fc281e80abbeaef8e2b036b519280dfd3dd3e6d..db0f8381ef077776bf20bc3efa109e6117bd0aaf 100644 (file)
@@ -1638,15 +1638,6 @@ static int bus_method_register_service(sd_bus_message *message, void *userdata,
         if (m->mdns_support != RESOLVE_SUPPORT_YES)
                 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Support for MulticastDNS is disabled");
 
-        r = bus_verify_polkit_async(message, CAP_SYS_ADMIN,
-                                    "org.freedesktop.resolve1.register-service",
-                                    NULL, false, UID_INVALID,
-                                    &m->polkit_registry, error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Polkit will call us back */
-
         service = new0(DnssdService, 1);
         if (!service)
                 return log_oom();
@@ -1771,6 +1762,15 @@ static int bus_method_register_service(sd_bus_message *message, void *userdata,
         if (r < 0)
                 return r;
 
+        r = bus_verify_polkit_async(message, CAP_SYS_ADMIN,
+                                    "org.freedesktop.resolve1.register-service",
+                                    NULL, false, UID_INVALID,
+                                    &m->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
         r = hashmap_ensure_allocated(&m->dnssd_services, &string_hash_ops);
         if (r < 0)
                 return r;
@@ -1854,19 +1854,19 @@ static const sd_bus_vtable resolve_vtable[] = {
         SD_BUS_METHOD("ResolveAddress", "iiayt", "a(is)t", bus_method_resolve_address, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("ResolveRecord", "isqqt", "a(iqqay)t", bus_method_resolve_record, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("ResolveService", "isssit", "a(qqqsa(iiay)s)aayssst", bus_method_resolve_service, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, 0),
-        SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, 0),
-        SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, 0),
+        SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("GetLink", "i", "o", bus_method_get_link, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, 0),
-        SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
-        SD_BUS_METHOD("SetLinkDefaultRoute", "ib", NULL, bus_method_set_link_default_route, 0),
-        SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
-        SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
-        SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, 0),
-        SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
-        SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
-        SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
+        SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetLinkDefaultRoute", "ib", NULL, bus_method_set_link_default_route, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, SD_BUS_VTABLE_UNPRIVILEGED),
 
         SD_BUS_METHOD("RegisterService", "sssqqqaa{say}", "o", bus_method_register_service, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("UnregisterService", "o", NULL, bus_method_unregister_service, SD_BUS_VTABLE_UNPRIVILEGED),
index 81ef5ffaa4fa99957db2958b56b3626dc31aca35..b6c1476f5cbe7e4fd52ab2ea72160daefc3cc645 100644 (file)
@@ -1,6 +1,8 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
 #include <net/if.h>
+#include <netinet/in.h>
+#include <sys/capability.h>
 
 #include "alloc-util.h"
 #include "bus-common-errors.h"
@@ -11,6 +13,7 @@
 #include "resolved-link-bus.h"
 #include "resolved-resolv-conf.h"
 #include "strv.h"
+#include "user-util.h"
 
 static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported);
 static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string);
@@ -262,6 +265,15 @@ int bus_link_method_set_dns_servers(sd_bus_message *message, void *userdata, sd_
         if (r < 0)
                 return r;
 
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+                                    "org.freedesktop.resolve1.set-dns-servers",
+                                    NULL, true, UID_INVALID,
+                                    &l->manager->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
         dns_server_mark_all(l->dns_servers);
 
         for (i = 0; i < n; i++) {
@@ -325,12 +337,21 @@ int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Root domain is not suitable as search domain");
         }
 
-        dns_search_domain_mark_all(l->search_domains);
-
         r = sd_bus_message_rewind(message, false);
         if (r < 0)
                 return r;
 
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+                                    "org.freedesktop.resolve1.set-domains",
+                                    NULL, true, UID_INVALID,
+                                    &l->manager->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
+        dns_search_domain_mark_all(l->search_domains);
+
         for (;;) {
                 DnsSearchDomain *d;
                 const char *name;
@@ -388,6 +409,15 @@ int bus_link_method_set_default_route(sd_bus_message *message, void *userdata, s
         if (r < 0)
                 return r;
 
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+                                    "org.freedesktop.resolve1.set-default-route",
+                                    NULL, true, UID_INVALID,
+                                    &l->manager->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
         if (l->default_route != b) {
                 l->default_route = b;
 
@@ -423,6 +453,15 @@ int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_er
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid LLMNR setting: %s", llmnr);
         }
 
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+                                    "org.freedesktop.resolve1.set-llmnr",
+                                    NULL, true, UID_INVALID,
+                                    &l->manager->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
         l->llmnr_support = mode;
         link_allocate_scopes(l);
         link_add_rrs(l, false);
@@ -457,6 +496,15 @@ int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_err
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid MulticastDNS setting: %s", mdns);
         }
 
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+                                    "org.freedesktop.resolve1.set-mdns",
+                                    NULL, true, UID_INVALID,
+                                    &l->manager->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
         l->mdns_support = mode;
         link_allocate_scopes(l);
         link_add_rrs(l, false);
@@ -491,6 +539,15 @@ int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSOverTLS setting: %s", dns_over_tls);
         }
 
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+                                    "org.freedesktop.resolve1.set-dns-over-tls",
+                                    NULL, true, UID_INVALID,
+                                    &l->manager->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
         link_set_dns_over_tls_mode(l, mode);
 
         (void) link_save_user(l);
@@ -523,6 +580,15 @@ int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_e
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSSEC setting: %s", dnssec);
         }
 
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+                                    "org.freedesktop.resolve1.set-dnssec",
+                                    NULL, true, UID_INVALID,
+                                    &l->manager->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
         link_set_dnssec_mode(l, mode);
 
         (void) link_save_user(l);
@@ -544,6 +610,10 @@ int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, v
         if (r < 0)
                 return r;
 
+        ns = set_new(&dns_name_hash_ops);
+        if (!ns)
+                return -ENOMEM;
+
         r = sd_bus_message_read_strv(message, &ntas);
         if (r < 0)
                 return r;
@@ -553,19 +623,23 @@ int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, v
                 if (r < 0)
                         return r;
                 if (r == 0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid negative trust anchor domain: %s", *i);
-        }
-
-        ns = set_new(&dns_name_hash_ops);
-        if (!ns)
-                return -ENOMEM;
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+                                                 "Invalid negative trust anchor domain: %s", *i);
 
-        STRV_FOREACH(i, ntas) {
                 r = set_put_strdup(ns, *i);
                 if (r < 0)
                         return r;
         }
 
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+                                    "org.freedesktop.resolve1.set-dnssec-negative-trust-anchors",
+                                    NULL, true, UID_INVALID,
+                                    &l->manager->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
         set_free_free(l->dnssec_negative_trust_anchors);
         l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
 
@@ -585,6 +659,15 @@ int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error
         if (r < 0)
                 return r;
 
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
+                                    "org.freedesktop.resolve1.revert",
+                                    NULL, true, UID_INVALID,
+                                    &l->manager->polkit_registry, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Polkit will call us back */
+
         link_flush_settings(l);
         link_allocate_scopes(l);
         link_add_rrs(l, false);
@@ -610,15 +693,15 @@ const sd_bus_vtable link_vtable[] = {
         SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0),
         SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported, 0, 0),
 
-        SD_BUS_METHOD("SetDNS", "a(iay)", NULL, bus_link_method_set_dns_servers, 0),
-        SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, 0),
-        SD_BUS_METHOD("SetDefaultRoute", "b", NULL, bus_link_method_set_default_route, 0),
-        SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, 0),
-        SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, 0),
-        SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, 0),
-        SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, 0),
-        SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, 0),
-        SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, 0),
+        SD_BUS_METHOD("SetDNS", "a(iay)", NULL, bus_link_method_set_dns_servers, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetDefaultRoute", "b", NULL, bus_link_method_set_default_route, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, SD_BUS_VTABLE_UNPRIVILEGED),
 
         SD_BUS_VTABLE_END
 };
index 6af115e7aad8d463430676a2880b332a6dbe973d..e9b0b8a99d9dca6028e14afc74a722968a4641db 100644 (file)
@@ -1681,7 +1681,8 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri
 
         assert(ret);
 
-        /* Match like sd_bus_open_system(), but with the "watch_bind" feature and the Connected() signal turned on. */
+        /* Match like sd_bus_open_system(), but with the "watch_bind" feature and the Connected() signal
+         * turned on. */
 
         r = sd_bus_new(&bus);
         if (r < 0)
@@ -1705,10 +1706,6 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri
         if (r < 0)
                 return r;
 
-        r = sd_bus_set_trusted(bus, true);
-        if (r < 0)
-                return r;
-
         r = sd_bus_negotiate_creds(bus, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS);
         if (r < 0)
                 return r;
@@ -1737,8 +1734,8 @@ int bus_reply_pair_array(sd_bus_message *m, char **l) {
 
         assert(m);
 
-        /* Reply to the specified message with a message containing a dictionary put together from the specified
-         * strv */
+        /* Reply to the specified message with a message containing a dictionary put together from the
+         * specified strv */
 
         r = sd_bus_message_new_method_return(m, &reply);
         if (r < 0)
index f1caddb477d3cb29fd2510afc441a315f727a24b..6bf0ff0316a98d4f7b92c4418ecdd195b263b8c0 100644 (file)
@@ -704,7 +704,7 @@ int lookup_paths_init(
                 return -ENOMEM;
 
         *p = (LookupPaths) {
-                .search_path = strv_uniq(paths),
+                .search_path = strv_uniq(TAKE_PTR(paths)),
 
                 .persistent_config = TAKE_PTR(persistent_config),
                 .runtime_config = TAKE_PTR(runtime_config),
@@ -725,7 +725,6 @@ int lookup_paths_init(
                 .temporary_dir = TAKE_PTR(tempdir),
         };
 
-        paths = NULL;
         return 0;
 }
 
@@ -754,64 +753,9 @@ void lookup_paths_free(LookupPaths *p) {
         p->temporary_dir = mfree(p->temporary_dir);
 }
 
-int lookup_paths_reduce(LookupPaths *p) {
-        _cleanup_free_ struct stat *stats = NULL;
-        size_t n_stats = 0, allocated = 0;
-        size_t c = 0;
-        int r;
-
+void lookup_paths_log(LookupPaths *p) {
         assert(p);
 
-        /* Drop duplicates and non-existing directories from the search path. We figure out whether two directories are
-         * the same by comparing their device and inode numbers. */
-
-        if (!p->search_path)
-                return 0;
-
-        while (p->search_path[c]) {
-                struct stat st;
-                size_t k;
-
-                /* Never strip the transient and control directories from the path */
-                if (path_equal_ptr(p->search_path[c], p->transient) ||
-                    path_equal_ptr(p->search_path[c], p->persistent_control) ||
-                    path_equal_ptr(p->search_path[c], p->runtime_control)) {
-                        c++;
-                        continue;
-                }
-
-                r = chase_symlinks_and_stat(p->search_path[c], p->root_dir, 0, NULL, &st);
-                if (r == -ENOENT)
-                        goto remove_item;
-                if (r < 0) {
-                        /* If something we don't grok happened, let's better leave it in. */
-                        log_debug_errno(r, "Failed to chase and stat %s: %m", p->search_path[c]);
-                        c++;
-                        continue;
-                }
-
-                for (k = 0; k < n_stats; k++)
-                        if (stats[k].st_dev == st.st_dev &&
-                            stats[k].st_ino == st.st_ino)
-                                break;
-
-                if (k < n_stats) /* Is there already an entry with the same device/inode? */
-                        goto remove_item;
-
-                if (!GREEDY_REALLOC(stats, allocated, n_stats+1))
-                        return -ENOMEM;
-
-                stats[n_stats++] = st;
-                c++;
-                continue;
-
-        remove_item:
-                free(p->search_path[c]);
-                memmove(p->search_path + c,
-                        p->search_path + c + 1,
-                        (strv_length(p->search_path + c + 1) + 1) * sizeof(char*));
-        }
-
         if (strv_isempty(p->search_path)) {
                 log_debug("Ignoring unit files.");
                 p->search_path = strv_free(p->search_path);
@@ -819,13 +763,8 @@ int lookup_paths_reduce(LookupPaths *p) {
                 _cleanup_free_ char *t;
 
                 t = strv_join(p->search_path, "\n\t");
-                if (!t)
-                        return -ENOMEM;
-
-                log_debug("Looking for unit files in (higher priority first):\n\t%s", t);
+                log_debug("Looking for unit files in (higher priority first):\n\t%s", strna(t));
         }
-
-        return 0;
 }
 
 int lookup_paths_mkdir_generator(LookupPaths *p) {
index 7070b9424983d3b4bc29b126c68c94354e122195..f0762d248a0c65578ea31826939a61bea27de3af 100644 (file)
@@ -63,7 +63,7 @@ int xdg_user_data_dir(char **ret, const char *suffix);
 bool path_is_user_data_dir(const char *path);
 bool path_is_user_config_dir(const char *path);
 
-int lookup_paths_reduce(LookupPaths *p);
+void lookup_paths_log(LookupPaths *p);
 
 int lookup_paths_mkdir_generator(LookupPaths *p);
 void lookup_paths_trim_generator(LookupPaths *p);
index e15ce26940977b4b2cad08e9c7a27ddb791ef65d..4a5f23e6c1bcbb0e76ffe9a508d661022fc98189 100644 (file)
@@ -242,10 +242,19 @@ int unit_file_build_name_map(
                 if (!lookup_paths_mtime_exclude(lp, *dir))
                         mtime = MAX(mtime, timespec_load(&st.st_mtim));
 
-                FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) {
+                FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) {
                         char *filename;
                         _cleanup_free_ char *_filename_free = NULL, *simplified = NULL;
                         const char *suffix, *dst = NULL;
+                        bool valid_unit_name;
+
+                        valid_unit_name = unit_name_is_valid(de->d_name, UNIT_NAME_ANY);
+
+                        /* We only care about valid units and dirs with certain suffixes, let's ignore the
+                         * rest. */
+                        if (!valid_unit_name &&
+                            !ENDSWITH_SET(de->d_name, ".wants", ".requires", ".d"))
+                                continue;
 
                         filename = path_join(*dir, de->d_name);
                         if (!filename)
@@ -260,7 +269,7 @@ int unit_file_build_name_map(
                         } else
                                 _filename_free = filename; /* Make sure we free the filename. */
 
-                        if (!unit_name_is_valid(de->d_name, UNIT_NAME_ANY))
+                        if (!valid_unit_name)
                                 continue;
                         assert_se(suffix = strrchr(de->d_name, '.'));
 
index f20855935866a94118023e2985135f14f1a5e41f..62ebc9c92385aca6b7779fef7629ad99c13a21d1 100644 (file)
@@ -22,15 +22,15 @@ static void test_paths(UnitFileScope scope) {
         assert_se(unsetenv("SYSTEMD_UNIT_PATH") == 0);
         assert_se(lookup_paths_init(&lp_without_env, scope, 0, NULL) >= 0);
         assert_se(!strv_isempty(lp_without_env.search_path));
-        assert_se(lookup_paths_reduce(&lp_without_env) >= 0);
+        lookup_paths_log(&lp_without_env);
 
         systemd_unit_path = strjoina(template, "/systemd-unit-path");
         assert_se(setenv("SYSTEMD_UNIT_PATH", systemd_unit_path, 1) == 0);
         assert_se(lookup_paths_init(&lp_with_env, scope, 0, NULL) == 0);
         assert_se(strv_length(lp_with_env.search_path) == 1);
         assert_se(streq(lp_with_env.search_path[0], systemd_unit_path));
-        assert_se(lookup_paths_reduce(&lp_with_env) >= 0);
-        assert_se(strv_isempty(lp_with_env.search_path));
+        lookup_paths_log(&lp_with_env);
+        assert_se(strv_equal(lp_with_env.search_path, STRV_MAKE(systemd_unit_path)));
 
         assert_se(rm_rf(template, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
 }
index 7fe732cf2ffe9b32bfd3960f81f2cbde51a4c22e..25c649828ef1634800e95cee7fcfee947d3c570e 100644 (file)
@@ -50,6 +50,9 @@ static void test_unit_name_is_valid(void) {
         assert_se(!unit_name_is_valid("foo@.service", UNIT_NAME_INSTANCE));
         assert_se( unit_name_is_valid("foo@.service", UNIT_NAME_TEMPLATE));
         assert_se( unit_name_is_valid("foo@.service", UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE));
+        assert_se( unit_name_is_valid(".test.service", UNIT_NAME_PLAIN));
+        assert_se( unit_name_is_valid(".test@.service", UNIT_NAME_TEMPLATE));
+        assert_se( unit_name_is_valid("_strange::::.service", UNIT_NAME_ANY));
 
         assert_se(!unit_name_is_valid(".service", UNIT_NAME_ANY));
         assert_se(!unit_name_is_valid("", UNIT_NAME_ANY));
index e6d7262e789346132396f03ace1399573ca0528b..9475b99c2803e37fa0297b8e6d6b40b00c842f6f 100644 (file)
@@ -61,6 +61,43 @@ static void test_uid_ptr(void) {
         assert_se(PTR_TO_UID(UID_TO_PTR(1000)) == 1000);
 }
 
+static void test_valid_user_group_name_compat(void) {
+        log_info("/* %s */", __func__);
+
+        assert_se(!valid_user_group_name_compat(NULL));
+        assert_se(!valid_user_group_name_compat(""));
+        assert_se(!valid_user_group_name_compat("1"));
+        assert_se(!valid_user_group_name_compat("65535"));
+        assert_se(!valid_user_group_name_compat("-1"));
+        assert_se(!valid_user_group_name_compat("-kkk"));
+        assert_se(!valid_user_group_name_compat("rööt"));
+        assert_se(!valid_user_group_name_compat("."));
+        assert_se(!valid_user_group_name_compat(".eff"));
+        assert_se(!valid_user_group_name_compat("foo\nbar"));
+        assert_se(!valid_user_group_name_compat("0123456789012345678901234567890123456789"));
+        assert_se(!valid_user_group_name_or_id_compat("aaa:bbb"));
+        assert_se(!valid_user_group_name_compat("."));
+        assert_se(!valid_user_group_name_compat(".1"));
+        assert_se(!valid_user_group_name_compat(".65535"));
+        assert_se(!valid_user_group_name_compat(".-1"));
+        assert_se(!valid_user_group_name_compat(".-kkk"));
+        assert_se(!valid_user_group_name_compat(".rööt"));
+        assert_se(!valid_user_group_name_or_id_compat(".aaa:bbb"));
+
+        assert_se(valid_user_group_name_compat("root"));
+        assert_se(valid_user_group_name_compat("lennart"));
+        assert_se(valid_user_group_name_compat("LENNART"));
+        assert_se(valid_user_group_name_compat("_kkk"));
+        assert_se(valid_user_group_name_compat("kkk-"));
+        assert_se(valid_user_group_name_compat("kk-k"));
+        assert_se(valid_user_group_name_compat("eff.eff"));
+        assert_se(valid_user_group_name_compat("eff."));
+
+        assert_se(valid_user_group_name_compat("some5"));
+        assert_se(!valid_user_group_name_compat("5some"));
+        assert_se(valid_user_group_name_compat("INNER5NUMBER"));
+}
+
 static void test_valid_user_group_name(void) {
         log_info("/* %s */", __func__);
 
@@ -72,10 +109,17 @@ static void test_valid_user_group_name(void) {
         assert_se(!valid_user_group_name("-kkk"));
         assert_se(!valid_user_group_name("rööt"));
         assert_se(!valid_user_group_name("."));
-        assert_se(!valid_user_group_name("eff.eff"));
+        assert_se(!valid_user_group_name(".eff"));
         assert_se(!valid_user_group_name("foo\nbar"));
         assert_se(!valid_user_group_name("0123456789012345678901234567890123456789"));
         assert_se(!valid_user_group_name_or_id("aaa:bbb"));
+        assert_se(!valid_user_group_name("."));
+        assert_se(!valid_user_group_name(".1"));
+        assert_se(!valid_user_group_name(".65535"));
+        assert_se(!valid_user_group_name(".-1"));
+        assert_se(!valid_user_group_name(".-kkk"));
+        assert_se(!valid_user_group_name(".rööt"));
+        assert_se(!valid_user_group_name_or_id(".aaa:bbb"));
 
         assert_se(valid_user_group_name("root"));
         assert_se(valid_user_group_name("lennart"));
@@ -83,12 +127,47 @@ static void test_valid_user_group_name(void) {
         assert_se(valid_user_group_name("_kkk"));
         assert_se(valid_user_group_name("kkk-"));
         assert_se(valid_user_group_name("kk-k"));
+        assert_se(!valid_user_group_name("eff.eff"));
+        assert_se(!valid_user_group_name("eff."));
 
         assert_se(valid_user_group_name("some5"));
         assert_se(!valid_user_group_name("5some"));
         assert_se(valid_user_group_name("INNER5NUMBER"));
 }
 
+static void test_valid_user_group_name_or_id_compat(void) {
+        log_info("/* %s */", __func__);
+
+        assert_se(!valid_user_group_name_or_id_compat(NULL));
+        assert_se(!valid_user_group_name_or_id_compat(""));
+        assert_se(valid_user_group_name_or_id_compat("0"));
+        assert_se(valid_user_group_name_or_id_compat("1"));
+        assert_se(valid_user_group_name_or_id_compat("65534"));
+        assert_se(!valid_user_group_name_or_id_compat("65535"));
+        assert_se(valid_user_group_name_or_id_compat("65536"));
+        assert_se(!valid_user_group_name_or_id_compat("-1"));
+        assert_se(!valid_user_group_name_or_id_compat("-kkk"));
+        assert_se(!valid_user_group_name_or_id_compat("rööt"));
+        assert_se(!valid_user_group_name_or_id_compat("."));
+        assert_se(!valid_user_group_name_or_id_compat(".eff"));
+        assert_se(valid_user_group_name_or_id_compat("eff.eff"));
+        assert_se(valid_user_group_name_or_id_compat("eff."));
+        assert_se(!valid_user_group_name_or_id_compat("foo\nbar"));
+        assert_se(!valid_user_group_name_or_id_compat("0123456789012345678901234567890123456789"));
+        assert_se(!valid_user_group_name_or_id_compat("aaa:bbb"));
+
+        assert_se(valid_user_group_name_or_id_compat("root"));
+        assert_se(valid_user_group_name_or_id_compat("lennart"));
+        assert_se(valid_user_group_name_or_id_compat("LENNART"));
+        assert_se(valid_user_group_name_or_id_compat("_kkk"));
+        assert_se(valid_user_group_name_or_id_compat("kkk-"));
+        assert_se(valid_user_group_name_or_id_compat("kk-k"));
+
+        assert_se(valid_user_group_name_or_id_compat("some5"));
+        assert_se(!valid_user_group_name_or_id_compat("5some"));
+        assert_se(valid_user_group_name_or_id_compat("INNER5NUMBER"));
+}
+
 static void test_valid_user_group_name_or_id(void) {
         log_info("/* %s */", __func__);
 
@@ -103,7 +182,9 @@ static void test_valid_user_group_name_or_id(void) {
         assert_se(!valid_user_group_name_or_id("-kkk"));
         assert_se(!valid_user_group_name_or_id("rööt"));
         assert_se(!valid_user_group_name_or_id("."));
+        assert_se(!valid_user_group_name_or_id(".eff"));
         assert_se(!valid_user_group_name_or_id("eff.eff"));
+        assert_se(!valid_user_group_name_or_id("eff."));
         assert_se(!valid_user_group_name_or_id("foo\nbar"));
         assert_se(!valid_user_group_name_or_id("0123456789012345678901234567890123456789"));
         assert_se(!valid_user_group_name_or_id("aaa:bbb"));
@@ -230,7 +311,9 @@ int main(int argc, char *argv[]) {
         test_parse_uid();
         test_uid_ptr();
 
+        test_valid_user_group_name_compat();
         test_valid_user_group_name();
+        test_valid_user_group_name_or_id_compat();
         test_valid_user_group_name_or_id();
         test_valid_gecos();
         test_valid_home();
index 2c29514ef92288f69efae761f623635e2c550057..e0e78b11003e7e0b0a237f361d3f5eba2be1e96e 100755 (executable)
@@ -25,7 +25,6 @@ Type=oneshot
 StandardOutput=tty
 StandardError=tty
 ExecStart=/bin/sh -e -x -c 'rm -f /tmp/nonexistent; systemctl start test.socket; printf x > test.file; socat -t20 OPEN:test.file UNIX-CONNECT:/run/test.ctl; >/testok'
-TimeoutStartSec=10s
 EOF
 
        cat  >$initdir/etc/systemd/system/test.socket <<'EOF'
index bf9c0257667a1e2f19e7471fc0fa3d91abc00bfb..6ab2638d8ce3be0c6d239d8cf5e3759aa3442fd2 100755 (executable)
@@ -5,7 +5,7 @@ set -o pipefail
 systemd-run --wait -p FailureAction=poweroff true
 ! systemd-run --wait -p SuccessAction=poweroff false
 
-if test -f /firstphase ; then
+if test -f /firstphase ; then
     echo OK > /firstphase
     systemd-run --wait -p SuccessAction=reboot true
 else
index 15aa6872388de048cf7bafb97bdee0e5b63b10b8..26754f01bae29aee813efcaae912a8ec0691aaba 100755 (executable)
@@ -74,6 +74,101 @@ systemctl clean testservice --what=all
 ! test -e /var/cache/testservice
 ! test -e /var/log/testservice
 
+cat > /etc/systemd/system/testservice.service <<EOF
+[Service]
+DynamicUser=yes
+ConfigurationDirectory=testservice
+RuntimeDirectory=testservice
+StateDirectory=testservice
+CacheDirectory=testservice
+LogsDirectory=testservice
+RuntimeDirectoryPreserve=yes
+ExecStart=/bin/sleep infinity
+Type=exec
+EOF
+
+systemctl daemon-reload
+
+! test -e /etc/testservice
+! test -e /run/testservice
+! test -e /var/lib/testservice
+! test -e /var/cache/testservice
+! test -e /var/log/testservice
+
+systemctl restart testservice
+
+test -d /etc/testservice
+test -d /run/private/testservice
+test -d /var/lib/private/testservice
+test -d /var/cache/private/testservice
+test -d /var/log/private/testservice
+test -L /run/testservice
+test -L /var/lib/testservice
+test -L /var/cache/testservice
+test -L /var/log/testservice
+
+! systemctl clean testservice
+
+systemctl stop testservice
+
+test -d /etc/testservice
+test -d /run/private/testservice
+test -d /var/lib/private/testservice
+test -d /var/cache/private/testservice
+test -d /var/log/private/testservice
+test -L /run/testservice
+test -L /var/lib/testservice
+test -L /var/cache/testservice
+test -L /var/log/testservice
+
+systemctl clean testservice --what=configuration
+
+! test -d /etc/testservice
+test -d /run/private/testservice
+test -d /var/lib/private/testservice
+test -d /var/cache/private/testservice
+test -d /var/log/private/testservice
+test -L /run/testservice
+test -L /var/lib/testservice
+test -L /var/cache/testservice
+test -L /var/log/testservice
+
+systemctl clean testservice
+
+! test -d /etc/testservice
+! test -d /run/private/testservice
+test -d /var/lib/private/testservice
+! test -d /var/cache/private/testservice
+test -d /var/log/private/testservice
+! test -L /run/testservice
+test -L /var/lib/testservice
+! test -L /var/cache/testservice
+test -L /var/log/testservice
+
+systemctl clean testservice --what=logs
+
+! test -d /etc/testservice
+! test -d /run/private/testservice
+test -d /var/lib/private/testservice
+! test -d /var/cache/private/testservice
+! test -d /var/log/private/testservice
+! test -L /run/testservice
+test -L /var/lib/testservice
+! test -L /var/cache/testservice
+! test -L /var/log/testservice
+
+systemctl clean testservice --what=all
+
+! test -d /etc/testservice
+! test -d /run/private/testservice
+! test -d /var/lib/private/testservice
+! test -d /var/cache/private/testservice
+! test -d /var/log/private/testservice
+! test -L /run/testservice
+! test -L /var/lib/testservice
+! test -L /var/cache/testservice
+! test -L /var/log/testservice
+
 echo OK > /testok
 
 exit 0
diff --git a/test/TEST-37-RUNTIMEDIRECTORYPRESERVE/Makefile b/test/TEST-37-RUNTIMEDIRECTORYPRESERVE/Makefile
new file mode 120000 (symlink)
index 0000000..e9f93b1
--- /dev/null
@@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile
\ No newline at end of file
diff --git a/test/TEST-37-RUNTIMEDIRECTORYPRESERVE/test.sh b/test/TEST-37-RUNTIMEDIRECTORYPRESERVE/test.sh
new file mode 100755 (executable)
index 0000000..9e87e61
--- /dev/null
@@ -0,0 +1,44 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+set -e
+TEST_DESCRIPTION="test RuntimeDirectoryPreserve=yes"
+
+. $TEST_BASE_DIR/test-functions
+
+test_setup() {
+    create_empty_image_rootdir
+
+    (
+        LOG_LEVEL=5
+        eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
+
+        setup_basic_environment
+
+        # mask some services that we do not want to run in these tests
+        ln -fs /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
+        ln -fs /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
+        ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.service
+        ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
+        ln -fs /dev/null $initdir/etc/systemd/system/systemd-resolved.service
+        ln -fs /dev/null $initdir/etc/systemd/system/systemd-machined.service
+
+        # setup the testsuite service
+        cat >$initdir/etc/systemd/system/testsuite.service <<EOF
+[Unit]
+Description=Testsuite service
+
+[Service]
+ExecStart=/bin/bash -x /testsuite.sh
+Type=oneshot
+StandardOutput=tty
+StandardError=tty
+EOF
+        cp testsuite.sh $initdir/
+
+        setup_testsuite
+    ) || return 1
+    setup_nspawn_root
+}
+
+do_test "$@"
diff --git a/test/TEST-37-RUNTIMEDIRECTORYPRESERVE/testsuite.sh b/test/TEST-37-RUNTIMEDIRECTORYPRESERVE/testsuite.sh
new file mode 100755 (executable)
index 0000000..4e63a07
--- /dev/null
@@ -0,0 +1,19 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+set -ex
+set -o pipefail
+
+systemd-mount -p RuntimeDirectory=hoge -p RuntimeDirectoryPreserve=yes -t tmpfs tmpfs /tmp/aaa
+
+touch /run/hoge/foo
+touch /tmp/aaa/bbb
+
+systemctl restart tmp-aaa.mount
+
+test -e /run/hoge/foo
+! test -e /tmp/aaa/bbb
+
+echo OK > /testok
+
+exit 0
index 03bfcaf972fc83584c8ed7467d02881a09516dbf..a8b527b5a6257eaeac6535b400f43f2744ffeecd 100644 (file)
@@ -23,6 +23,10 @@ if ! ROOTLIBDIR=$(pkg-config --variable=systemdutildir systemd); then
 fi
 
 PATH_TO_INIT=$ROOTLIBDIR/systemd
+[ "$SYSTEMD_JOURNALD" ] || SYSTEMD_JOURNALD=$(which -a $BUILD_DIR/systemd-journald $ROOTLIBDIR/systemd-journald 2>/dev/null | grep '^/' -m1)
+[ "$SYSTEMD" ] || SYSTEMD=$(which -a $BUILD_DIR/systemd $ROOTLIBDIR/systemd 2>/dev/null | grep '^/' -m1)
+[ "$SYSTEMD_NSPAWN" ] || SYSTEMD_NSPAWN=$(which -a $BUILD_DIR/systemd-nspawn systemd-nspawn 2>/dev/null | grep '^/' -m1)
+[ "$JOURNALCTL" ] || JOURNALCTL=$(which -a $BUILD_DIR/journalctl journalctl 2>/dev/null | grep '^/' -m1)
 
 BASICTOOLS="test sh bash setsid loadkeys setfont login sulogin gzip sleep echo head tail cat mount umount cryptsetup date dmsetup modprobe sed cmp tee rm true false chmod chown ln xargs"
 DEBUGTOOLS="df free ls stty ps ln ip route dmesg dhclient mkdir cp ping dhclient strace less grep id tty touch du sort hostname find vi mv"
@@ -38,7 +42,7 @@ is_built_with_asan() {
     fi
 
     # Borrowed from https://github.com/google/oss-fuzz/blob/cd9acd02f9d3f6e80011cc1e9549be526ce5f270/infra/base-images/base-runner/bad_build_check#L182
-    local _asan_calls=$(objdump -dC $BUILD_DIR/systemd-journald | egrep "callq\s+[0-9a-f]+\s+<__asan" -c)
+    local _asan_calls=$(objdump -dC $SYSTEMD_JOURNALD | egrep "callq\s+[0-9a-f]+\s+<__asan" -c)
     if (( $_asan_calls < 1000 )); then
         return 1
     else
@@ -56,9 +60,9 @@ if [[ "$IS_BUILT_WITH_ASAN" = "yes" ]]; then
     QEMU_SMP=4
 
     # We need to correctly distinguish between gcc's and clang's ASan DSOs.
-    if ldd $BUILD_DIR/systemd | grep -q libasan.so; then
+    if ldd $SYSTEMD | grep -q libasan.so; then
         ASAN_COMPILER=gcc
-    elif ldd $BUILD_DIR/systemd | grep -q libclang_rt.asan; then
+    elif ldd $SYSTEMD | grep -q libclang_rt.asan; then
         ASAN_COMPILER=clang
 
         # As clang's ASan DSO is usually in a non-standard path, let's check if
@@ -66,8 +70,8 @@ if [[ "$IS_BUILT_WITH_ASAN" = "yes" ]]; then
         # We're not setting the LD_LIBRARY_PATH automagically here, because
         # user should encounter (and fix) the same issue when running the unit
         # tests (meson test)
-        if ldd "$BUILD_DIR/systemd" | grep -q "libclang_rt.asan.*not found"; then
-            _asan_rt_name="$(ldd $BUILD_DIR/systemd | awk '/libclang_rt.asan/ {print $1; exit}')"
+        if ldd "$SYSTEMD" | grep -q "libclang_rt.asan.*not found"; then
+            _asan_rt_name="$(ldd $SYSTEMD | awk '/libclang_rt.asan/ {print $1; exit}')"
             _asan_rt_path="$(find /usr/lib* /usr/local/lib* -type f -name "$_asan_rt_name" 2>/dev/null | sed 1q)"
             echo >&2 "clang's ASan DSO ($_asan_rt_name) is not present in the runtime library path"
             echo >&2 "Consider setting LD_LIBRARY_PATH=${_asan_rt_path%/*}"
@@ -240,7 +244,7 @@ $QEMU_OPTIONS \
 run_nspawn() {
     [[ -d /run/systemd/system ]] || return 1
 
-    local _nspawn_cmd="$BUILD_DIR/systemd-nspawn $NSPAWN_ARGUMENTS --register=no --kill-signal=SIGKILL --directory=$TESTDIR/$1 $PATH_TO_INIT $KERNEL_APPEND"
+    local _nspawn_cmd="$SYSTEMD_NSPAWN $NSPAWN_ARGUMENTS --register=no --kill-signal=SIGKILL --directory=$TESTDIR/$1 $PATH_TO_INIT $KERNEL_APPEND"
     if [[ "$NSPAWN_TIMEOUT" != "infinity" ]]; then
         _nspawn_cmd="timeout --foreground $NSPAWN_TIMEOUT $_nspawn_cmd"
     fi
@@ -539,7 +543,7 @@ create_empty_image() {
     fi
     rm -f "$TESTDIR/rootdisk.img"
     # Create the blank file to use as a root filesystem
-    dd if=/dev/null of="$TESTDIR/rootdisk.img" bs=1M seek="$_size"
+    truncate -s "${_size}M" "$TESTDIR/rootdisk.img"
     LOOPDEV=$(losetup --show -P -f $TESTDIR/rootdisk.img)
     [ -b "$LOOPDEV" ] || return 1
     echo "LOOPDEV=$LOOPDEV" >> $STATEFILE
@@ -585,7 +589,7 @@ check_asan_reports() {
         fi
 
         pids=$(
-            "$BUILD_DIR/journalctl" -D "$root/var/log/journal" | perl -alne '
+            "$JOURNALCTL" -D "$root/var/log/journal" | perl -alne '
                  BEGIN {
                      %services_to_ignore = (
                          "dbus-daemon" => undef,
@@ -596,7 +600,7 @@ check_asan_reports() {
         if [[ ! -z "$pids" ]]; then
             ret=$(($ret+1))
             for pid in $pids; do
-                "$BUILD_DIR/journalctl" -D "$root/var/log/journal" _PID=$pid --no-pager
+                "$JOURNALCTL" -D "$root/var/log/journal" _PID=$pid --no-pager
             done
         fi
     fi
index 8d123658a173bc4f1f643ebc4fb1006899500d0f..374d9cdefd33b0e815d573563c5094a09e11be05 100755 (executable)
@@ -1842,13 +1842,14 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
         self.assertRegex(output, 'inet 10.2.3.4/16 brd 10.2.255.255 scope global dummy98')
         output = check_output('ip -6 address show dummy98')
         print(output)
-        self.assertEqual(output, '')
+        self.assertRegex(output, 'inet6 2607:5300:203:3906::/64 scope global')
+        self.assertRegex(output, 'inet6 .* scope link')
         output = check_output('ip -4 route show dev dummy98')
         print(output)
         self.assertEqual(output, '10.2.0.0/16 proto kernel scope link src 10.2.3.4')
         output = check_output('ip -6 route show dev dummy98')
         print(output)
-        self.assertEqual(output, '')
+        self.assertRegex(output, 'default via 2607:5300:203:39ff:ff:ff:ff:ff proto static')
 
         check_output('ip link del dummy98')
 
index cf4fe2e7bfb809e90798ed914ba887109a130407..e1ee9f86c389cdded3972fe3a0bebba86f817b72 100644 (file)
@@ -309,9 +309,6 @@ install_data('user-.slice.d/10-defaults.conf',
 meson.add_install_script(meson_make_symlink,
                          join_paths(pkgsysconfdir, 'user'),
                          join_paths(sysconfdir, 'xdg/systemd/user'))
-meson.add_install_script(meson_make_symlink,
-                         join_paths(dbussystemservicedir, 'org.freedesktop.systemd1.service'),
-                         join_paths(dbussessionservicedir, 'org.freedesktop.systemd1.service'))
 if conf.get('HAVE_SYSV_COMPAT') == 1
         foreach i : [1, 2, 3, 4, 5]
                 meson.add_install_script(