diff options
51 files changed, 443 insertions, 243 deletions
diff --git a/.gitignore b/.gitignore index 56a60ba726..18db046cac 100644 --- a/.gitignore +++ b/.gitignore @@ -246,7 +246,9 @@ /test-ring /test-rlimit-util /test-sched-prio +/test-selinux /test-set +/test-sizeof /test-sigbus /test-signal-util /test-siphash24 diff --git a/Makefile.am b/Makefile.am index 4f9072c0ff..0f17bad8b1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1479,7 +1479,9 @@ tests += \ test-dns-domain \ test-install-root \ test-rlimit-util \ - test-signal-util + test-signal-util \ + test-selinux \ + test-sizeof if HAVE_ACL tests += \ @@ -1873,6 +1875,18 @@ test_signal_util_SOURCES = \ test_signal_util_LDADD = \ libshared.la +test_selinux_SOURCES = \ + src/test/test-selinux.c + +test_selinux_LDADD = \ + libshared.la + +test_sizeof_SOURCES = \ + src/test/test-sizeof.c + +test_sizeof_LDADD = \ + libshared.la + BUILT_SOURCES += \ src/test/test-hashmap-ordered.c diff --git a/hwdb/60-keyboard.hwdb b/hwdb/60-keyboard.hwdb index 01213b6069..46013d3449 100644 --- a/hwdb/60-keyboard.hwdb +++ b/hwdb/60-keyboard.hwdb @@ -378,6 +378,7 @@ evdev:input:b0003v0458p0708* ########################################################### evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pn*:pvr* +evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pn*:pvr* KEYBOARD_KEY_81=fn_esc KEYBOARD_KEY_89=battery # Fn+F8 KEYBOARD_KEY_8a=screenlock # Fn+F6 @@ -488,10 +489,11 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnFalco:pvr* evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPLicrice:pvr* # HP ProBook 440 G2 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP440G2:pvr* -# HP ProBook 445 G1 -evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPProBook445G1NotebookPC:pvr* -# HP ProBook 450 G0 -evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPProBook450G0:pvr* +# several HP ProBooks 4xx +evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP*ProBook4*:pvr* +evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHP*ProBook*4*:pvr* +# HP ZBook +evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPZBook*:pvr* KEYBOARD_KEY_81=f20 # Fn+F8; Microphone mute button, should be micmute # HP ProBook 6555b @@ -500,10 +502,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard:pnHPProBook6555b:* # HP ProBook 440 G3 evdev:atkbd:dmi:bvn*:bvr*:svnHP*:pnHP*ProBook*440*G3* - KEYBOARD_KEY_92=brightnessdown - KEYBOARD_KEY_97=brightnessup - KEYBOARD_KEY_ee=switchvideomode - KEYBOARD_KEY_81=f20 # micmute + KEYBOARD_KEY_85=unknown # lid close; also reported via special evdev + KEYBOARD_KEY_f8=unknown # rf kill; also reported via special evdev ########################################################### # IBM diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml index 2a4d24349b..e84a15c554 100644 --- a/man/systemd-ask-password.xml +++ b/man/systemd-ask-password.xml @@ -192,6 +192,15 @@ This will output one password per line.</para></listitem> </varlistentry> + <varlistentry> + <term><option>--no-output</option></term> + + <listitem><para>Do not print passwords to standard output. + This is useful if you want to store a password in kernel + keyring with <option>--keyname</option> but do not want it + to show up on screen or in logs.</para></listitem> + </varlistentry> + <xi:include href="standard-options.xml" xpointer="help" /> </variablelist> diff --git a/po/zh_CN.po b/po/zh_CN.po index 67639620fb..10c53d4538 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -4,19 +4,20 @@ # # Frank Hill <hxf.prc@gmail.com>, 2014. # Boyuan Yang <073plan@gmail.com>, 2015. +# Jeff Bai <jeffbai@aosc.xyz>, 2016. msgid "" msgstr "" "Project-Id-Version: systemd\n" "Report-Msgid-Bugs-To: https://github.com/systemd/systemd/issues\n" "POT-Creation-Date: 2015-10-27 02:24+0000\n" -"PO-Revision-Date: 2015-10-28 15:00+0800\n" -"Last-Translator: Boyuan Yang <073plan@gmail.com>\n" +"PO-Revision-Date: 2016-03-01 20:38-0700\n" +"Last-Translator: Jeff Bai <jeffbai@aosc.xyz>\n" "Language-Team: Chinese <i18n-zh@googlegroups.com>\n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Lokalize 2.0\n" +"X-Generator: Poedit 1.8.7.1\n" "Plural-Forms: nplurals=1; plural=0;\n" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:1 @@ -26,7 +27,7 @@ msgstr "将密码发回系统" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:2 msgid "" "Authentication is required to send the entered passphrase back to the system." -msgstr "将输入的密码发回系统需要验证。" +msgstr "将输入的密码发回系统需要认证。" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:3 msgid "Manage system services or other units" @@ -34,7 +35,7 @@ msgstr "管理系统服务或其它单元" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:4 msgid "Authentication is required to manage system services or other units." -msgstr "管理系统服务或其它单元需要验证。" +msgstr "管理系统服务或其它单元需要认证。" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:5 msgid "Manage system service or unit files" @@ -42,7 +43,7 @@ msgstr "管理系统服务或单元文件" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:6 msgid "Authentication is required to manage system service or unit files." -msgstr "管理系统服务或单元文件需要验证。" +msgstr "管理系统服务或单元文件需要认证。" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:7 msgid "Set or unset system and service manager environment variables" @@ -52,7 +53,7 @@ msgstr "设置或清除系统及服务管理器的环境变量" msgid "" "Authentication is required to set or unset system and service manager " "environment variables." -msgstr "设置或清除系统及服务管理器的环境变量需要验证。" +msgstr "设置或清除系统及服务管理器的环境变量需要认证。" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:9 msgid "Reload the systemd state" @@ -60,7 +61,7 @@ msgstr "重新载入 systemd 状态" #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:10 msgid "Authentication is required to reload the systemd state." -msgstr "重新载入 systemd 状态需要验证。" +msgstr "重新载入 systemd 状态需要认证。" #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1 msgid "Set host name" @@ -68,7 +69,7 @@ msgstr "设置主机名" #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2 msgid "Authentication is required to set the local host name." -msgstr "设置本地主机名需要验证。" +msgstr "设置本地主机名需要认证。" #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3 msgid "Set static host name" @@ -82,7 +83,7 @@ msgstr "设置静态主机名" msgid "" "Authentication is required to set the statically configured local host name, " "as well as the pretty host name." -msgstr "设置静态本地主机名或漂亮的主机名需要验证。" +msgstr "设置静态本地主机名或美观主机名需要认证。" #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5 msgid "Set machine information" @@ -90,7 +91,7 @@ msgstr "设置机器信息" #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:6 msgid "Authentication is required to set local machine information." -msgstr "设置本地机器信息需要验证。" +msgstr "设置本地机器信息需要认证。" #: ../src/import/org.freedesktop.import1.policy.in.h:1 msgid "Import a VM or container image" @@ -98,7 +99,7 @@ msgstr "导入虚拟机或容器镜像" #: ../src/import/org.freedesktop.import1.policy.in.h:2 msgid "Authentication is required to import a VM or container image" -msgstr "导入虚拟机或容器镜像需要验证" +msgstr "导入虚拟机或容器镜像需要认证" #: ../src/import/org.freedesktop.import1.policy.in.h:3 msgid "Export a VM or container image" @@ -106,7 +107,7 @@ msgstr "导出虚拟机或容器镜像" #: ../src/import/org.freedesktop.import1.policy.in.h:4 msgid "Authentication is required to export a VM or container image" -msgstr "导出虚拟机或容器镜像需要验证" +msgstr "导出虚拟机或容器镜像需要认证" #: ../src/import/org.freedesktop.import1.policy.in.h:5 msgid "Download a VM or container image" @@ -114,7 +115,7 @@ msgstr "下载虚拟机或容器镜像" #: ../src/import/org.freedesktop.import1.policy.in.h:6 msgid "Authentication is required to download a VM or container image" -msgstr "下载虚拟机或容器镜像需要验证。" +msgstr "下载虚拟机或容器镜像需要认证。" #: ../src/locale/org.freedesktop.locale1.policy.in.h:1 msgid "Set system locale" @@ -122,7 +123,7 @@ msgstr "设置系统区域和语言" #: ../src/locale/org.freedesktop.locale1.policy.in.h:2 msgid "Authentication is required to set the system locale." -msgstr "设置系统区域和语言需要验证。" +msgstr "设置系统区域和语言需要认证。" #: ../src/locale/org.freedesktop.locale1.policy.in.h:3 msgid "Set system keyboard settings" @@ -130,7 +131,7 @@ msgstr "设置系统键盘" #: ../src/locale/org.freedesktop.locale1.policy.in.h:4 msgid "Authentication is required to set the system keyboard settings." -msgstr "设置系统键盘需要验证。" +msgstr "设置系统键盘需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:1 msgid "Allow applications to inhibit system shutdown" @@ -139,7 +140,7 @@ msgstr "允许应用程序阻止系统关机" #: ../src/login/org.freedesktop.login1.policy.in.h:2 msgid "" "Authentication is required for an application to inhibit system shutdown." -msgstr "要允许应用程序阻止系统关机需要验证。" +msgstr "允许应用程序阻止系统关机需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:3 msgid "Allow applications to delay system shutdown" @@ -147,7 +148,7 @@ msgstr "允许应用程序延迟系统关机" #: ../src/login/org.freedesktop.login1.policy.in.h:4 msgid "Authentication is required for an application to delay system shutdown." -msgstr "要允许应用程序延迟系统关机需要验证。" +msgstr "允许应用程序延迟系统关机需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:5 msgid "Allow applications to inhibit system sleep" @@ -155,7 +156,7 @@ msgstr "允许应用程序阻止系统睡眠" #: ../src/login/org.freedesktop.login1.policy.in.h:6 msgid "Authentication is required for an application to inhibit system sleep." -msgstr "要允许应用程序阻止系统睡眠需要验证。" +msgstr "允许应用程序阻止系统睡眠需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:7 msgid "Allow applications to delay system sleep" @@ -163,7 +164,7 @@ msgstr "允许应用程序延迟系统睡眠" #: ../src/login/org.freedesktop.login1.policy.in.h:8 msgid "Authentication is required for an application to delay system sleep." -msgstr "要允许应用程序延迟系统睡眠需要验证。" +msgstr "允许应用程序延迟系统睡眠需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:9 msgid "Allow applications to inhibit automatic system suspend" @@ -173,7 +174,7 @@ msgstr "允许应用程序阻止系统自动挂起" msgid "" "Authentication is required for an application to inhibit automatic system " "suspend." -msgstr "要允许应用程序阻止系统自动挂起需要验证。" +msgstr "允许应用程序阻止系统自动挂起需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:11 msgid "Allow applications to inhibit system handling of the power key" @@ -183,7 +184,7 @@ msgstr "允许应用程序阻止系统响应电源键" msgid "" "Authentication is required for an application to inhibit system handling of " "the power key." -msgstr "要允许应用程序阻止系统响应电源键需要验证。" +msgstr "允许应用程序阻止系统响应电源键需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:13 msgid "Allow applications to inhibit system handling of the suspend key" @@ -193,7 +194,7 @@ msgstr "允许应用程序阻止系统响应挂起键" msgid "" "Authentication is required for an application to inhibit system handling of " "the suspend key." -msgstr "要允许应用程序阻止系统响应挂起键需要验证。" +msgstr "允许应用程序阻止系统响应挂起键需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:15 msgid "Allow applications to inhibit system handling of the hibernate key" @@ -203,19 +204,17 @@ msgstr "允许应用程序阻止系统响应挂起键" msgid "" "Authentication is required for an application to inhibit system handling of " "the hibernate key." -msgstr "要允许应用程序阻止系统响应挂起键需要验证。" +msgstr "允许应用程序阻止系统响应挂起键需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:17 -#, fuzzy msgid "Allow applications to inhibit system handling of the lid switch" msgstr "允许应用程序阻止系统响应笔记本上盖开关事件" #: ../src/login/org.freedesktop.login1.policy.in.h:18 -#, fuzzy msgid "" "Authentication is required for an application to inhibit system handling of " "the lid switch." -msgstr "要允许应用程序阻止系统响应笔记本上盖开关事件需要验证。" +msgstr "允许应用程序阻止系统响应笔记本上盖开关事件需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:19 msgid "Allow non-logged-in users to run programs" @@ -223,7 +222,7 @@ msgstr "允许未登录用户运行程序" #: ../src/login/org.freedesktop.login1.policy.in.h:20 msgid "Authentication is required to run programs as a non-logged-in user." -msgstr "要允许未登录用户运行程序需要验证。" +msgstr "允许未登录用户运行程序需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:21 msgid "Allow attaching devices to seats" @@ -234,7 +233,7 @@ msgstr "允许将设备附加至会话座位" # To fully understand the meaning, please refer to session management in old ConsoleKit and new systemd-logind. #: ../src/login/org.freedesktop.login1.policy.in.h:22 msgid "Authentication is required for attaching a device to a seat." -msgstr "要允许将设备附加至某个会话座位需要验证。" +msgstr "允许将设备附加至某个会话座位需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:23 msgid "Flush device to seat attachments" @@ -243,7 +242,7 @@ msgstr "刷新设备至会话座位间的连接" #: ../src/login/org.freedesktop.login1.policy.in.h:24 msgid "" "Authentication is required for resetting how devices are attached to seats." -msgstr "重新设定设备的会话座位接入方式时需要验证。" +msgstr "重新设定设备的会话座位接入方式时需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:25 msgid "Power off the system" @@ -251,7 +250,7 @@ msgstr "关闭系统" #: ../src/login/org.freedesktop.login1.policy.in.h:26 msgid "Authentication is required for powering off the system." -msgstr "关闭系统需要验证。" +msgstr "关闭系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:27 msgid "Power off the system while other users are logged in" @@ -261,7 +260,7 @@ msgstr "存在其他已登录用户时仍然关机" msgid "" "Authentication is required for powering off the system while other users are " "logged in." -msgstr "存在其他已登录用户时关闭系统需要验证。" +msgstr "存在其他已登录用户时关闭系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:29 msgid "Power off the system while an application asked to inhibit it" @@ -271,7 +270,7 @@ msgstr "有其它应用程序阻止时仍然关机" msgid "" "Authentication is required for powering off the system while an application " "asked to inhibit it." -msgstr "要在其它应用程序阻止关机时关闭系统需要验证。" +msgstr "在其它应用程序阻止关机时关闭系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:31 msgid "Reboot the system" @@ -279,7 +278,7 @@ msgstr "重启系统" #: ../src/login/org.freedesktop.login1.policy.in.h:32 msgid "Authentication is required for rebooting the system." -msgstr "重启系统需要验证。" +msgstr "重启系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:33 msgid "Reboot the system while other users are logged in" @@ -289,7 +288,7 @@ msgstr "存在其他已登录用户时仍然重启" msgid "" "Authentication is required for rebooting the system while other users are " "logged in." -msgstr "存在其他已登录用户时重启系统需要验证。" +msgstr "存在其他已登录用户时重启系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:35 msgid "Reboot the system while an application asked to inhibit it" @@ -299,7 +298,7 @@ msgstr "有其它应用程序阻止时仍然重启" msgid "" "Authentication is required for rebooting the system while an application " "asked to inhibit it." -msgstr "要在其它应用程序阻止重启时重启系统需要验证。" +msgstr "在其它应用程序阻止重启时重启系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:37 msgid "Suspend the system" @@ -307,7 +306,7 @@ msgstr "挂起系统" #: ../src/login/org.freedesktop.login1.policy.in.h:38 msgid "Authentication is required for suspending the system." -msgstr "挂起系统需要验证。" +msgstr "挂起系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:39 msgid "Suspend the system while other users are logged in" @@ -317,7 +316,7 @@ msgstr "存在其他已登录用户时仍然挂起系统" msgid "" "Authentication is required for suspending the system while other users are " "logged in." -msgstr "存在其他已登录用户时挂起系统需要验证。" +msgstr "存在其他已登录用户时挂起系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:41 msgid "Suspend the system while an application asked to inhibit it" @@ -327,15 +326,15 @@ msgstr "有其它应用程序阻止时仍然挂起系统" msgid "" "Authentication is required for suspending the system while an application " "asked to inhibit it." -msgstr "要在其它应用程序阻止挂起时挂起系统需要验证。" +msgstr "在其它应用程序阻止挂起时挂起系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:43 msgid "Hibernate the system" -msgstr "休眠" +msgstr "休眠系统" #: ../src/login/org.freedesktop.login1.policy.in.h:44 msgid "Authentication is required for hibernating the system." -msgstr "休眠需要验证。" +msgstr "休眠系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:45 msgid "Hibernate the system while other users are logged in" @@ -345,7 +344,7 @@ msgstr "存在其他已登录用户时仍然休眠" msgid "" "Authentication is required for hibernating the system while other users are " "logged in." -msgstr "存在其他已登录用户时进行休眠需要验证。" +msgstr "存在其他已登录用户时进行休眠系统需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:47 msgid "Hibernate the system while an application asked to inhibit it" @@ -355,7 +354,7 @@ msgstr "有其它应用程序阻止时仍然休眠" msgid "" "Authentication is required for hibernating the system while an application " "asked to inhibit it." -msgstr "要在其它应用程序阻止休眠时进行休眠需要验证。" +msgstr "在其它应用程序阻止休眠时进行休眠需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:49 msgid "Manage active sessions, users and seats" @@ -364,42 +363,41 @@ msgstr "管理活动会话、用户与会话座位" #: ../src/login/org.freedesktop.login1.policy.in.h:50 msgid "" "Authentication is required for managing active sessions, users and seats." -msgstr "要管理活动会话、用户与会话座位需要验证。" +msgstr "管理活动会话、用户与会话座位需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:51 msgid "Lock or unlock active sessions" -msgstr "活动会话锁定与解锁" +msgstr "锁定或解锁活动会话" #: ../src/login/org.freedesktop.login1.policy.in.h:52 msgid "Authentication is required to lock or unlock active sessions." -msgstr "要对活动会话进行锁定或解锁需要验证。" +msgstr "对活动会话进行锁定或解锁需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:53 msgid "Allow indication to the firmware to boot to setup interface" -msgstr "允许向固件发出指示以启动至固件设置界面" +msgstr "允许向固件发出指示以启动至设置界面" #: ../src/login/org.freedesktop.login1.policy.in.h:54 msgid "" "Authentication is required to indicate to the firmware to boot to setup " "interface." -msgstr "要允许向固件发出启动时进入设置界面的指令需要验证。" +msgstr "向固件发出启动时进入设置界面的指令需要认证。" #: ../src/login/org.freedesktop.login1.policy.in.h:55 msgid "Set a wall message" -msgstr "" +msgstr "设置 wall 消息" #: ../src/login/org.freedesktop.login1.policy.in.h:56 -#, fuzzy msgid "Authentication is required to set a wall message" -msgstr "" +msgstr "设置 wall 消息需要认证。" #: ../src/machine/org.freedesktop.machine1.policy.in.h:1 msgid "Log into a local container" -msgstr "登入一个本地容器" +msgstr "登入本地容器" #: ../src/machine/org.freedesktop.machine1.policy.in.h:2 msgid "Authentication is required to log into a local container." -msgstr "要登入一个本地容器需要验证。" +msgstr "登录一个本地容器需要认证。" #: ../src/machine/org.freedesktop.machine1.policy.in.h:3 msgid "Log into the local host" @@ -407,7 +405,7 @@ msgstr "登入本地主机" #: ../src/machine/org.freedesktop.machine1.policy.in.h:4 msgid "Authentication is required to log into the local host." -msgstr "要登入本地主机需要验证。" +msgstr "登入本地主机需要认证。" #: ../src/machine/org.freedesktop.machine1.policy.in.h:5 msgid "Acquire a shell in a local container" @@ -415,7 +413,7 @@ msgstr "在本地容器中获取一个 shell" #: ../src/machine/org.freedesktop.machine1.policy.in.h:6 msgid "Authentication is required to acquire a shell in a local container." -msgstr "要在本地容器中获取 shell 需要验证。" +msgstr "在本地容器中获取 shell 需要认证。" #: ../src/machine/org.freedesktop.machine1.policy.in.h:7 msgid "Acquire a shell on the local host" @@ -423,7 +421,7 @@ msgstr "在本地主机中获取一个 shell" #: ../src/machine/org.freedesktop.machine1.policy.in.h:8 msgid "Authentication is required to acquire a shell on the local host." -msgstr "要在本地主机中获取 shell 需要验证。" +msgstr "在本地主机中获取 shell 需要认证。" #: ../src/machine/org.freedesktop.machine1.policy.in.h:9 msgid "Acquire a pseudo TTY in a local container" @@ -432,7 +430,7 @@ msgstr "在本地容器中获取一个假 TTY" #: ../src/machine/org.freedesktop.machine1.policy.in.h:10 msgid "" "Authentication is required to acquire a pseudo TTY in a local container." -msgstr "要在本地容器中获取假 TTY 需要验证。" +msgstr "在本地容器中获取假 TTY 需要认证。" #: ../src/machine/org.freedesktop.machine1.policy.in.h:11 msgid "Acquire a pseudo TTY on the local host" @@ -440,7 +438,7 @@ msgstr "在本地主机中获取一个假 TTY" #: ../src/machine/org.freedesktop.machine1.policy.in.h:12 msgid "Authentication is required to acquire a pseudo TTY on the local host." -msgstr "要在本地主机中获取假 TTY 需要验证。" +msgstr "在本地主机中获取假 TTY 需要认证。" #: ../src/machine/org.freedesktop.machine1.policy.in.h:13 msgid "Manage local virtual machines and containers" @@ -449,7 +447,7 @@ msgstr "管理本地虚拟机和容器" #: ../src/machine/org.freedesktop.machine1.policy.in.h:14 msgid "" "Authentication is required to manage local virtual machines and containers." -msgstr "要管理本地虚拟机和容器需要验证。" +msgstr "管理本地虚拟机和容器需要认证。" #: ../src/machine/org.freedesktop.machine1.policy.in.h:15 msgid "Manage local virtual machine and container images" @@ -459,7 +457,7 @@ msgstr "管理本地虚拟机和容器的镜像" msgid "" "Authentication is required to manage local virtual machine and container " "images." -msgstr "要管理本地的虚拟机和容器镜像需要验证。" +msgstr "管理本地的虚拟机和容器镜像需要认证。" #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:1 msgid "Set system time" @@ -467,7 +465,7 @@ msgstr "设置系统时间" #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:2 msgid "Authentication is required to set the system time." -msgstr "设置系统时间需要验证。" +msgstr "设置系统时间需要认证。" #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:3 msgid "Set system timezone" @@ -475,7 +473,7 @@ msgstr "设置系统时区" #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:4 msgid "Authentication is required to set the system timezone." -msgstr "设置系统时区需要验证。" +msgstr "设置系统时区需要认证。" #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:5 msgid "Set RTC to local timezone or UTC" @@ -485,7 +483,7 @@ msgstr "设置硬件时钟使用本地时间或 UTC" msgid "" "Authentication is required to control whether the RTC stores the local or " "UTC time." -msgstr "设置硬件时钟使用本地时间或 UTC 需要验证。" +msgstr "设置硬件时钟使用本地时间或 UTC 需要认证。" #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:7 msgid "Turn network time synchronization on or off" @@ -495,33 +493,32 @@ msgstr "打开或关闭网络时间同步" msgid "" "Authentication is required to control whether network time synchronization " "shall be enabled." -msgstr "设置是否启用网络时间同步需要验证。" +msgstr "打开或关闭网络时间同步需要认证。" #: ../src/core/dbus-unit.c:430 msgid "Authentication is required to start '$(unit)'." -msgstr "启动“$(unit)”需要验证。" +msgstr "启动“$(unit)”需要认证。" #: ../src/core/dbus-unit.c:431 msgid "Authentication is required to stop '$(unit)'." -msgstr "停止“$(unit)”需要验证。" +msgstr "停止“$(unit)”需要认证。" #: ../src/core/dbus-unit.c:432 msgid "Authentication is required to reload '$(unit)'." -msgstr "重新载入“$(unit)”需要验证。" +msgstr "重新载入“$(unit)”需要认证。" #: ../src/core/dbus-unit.c:433 ../src/core/dbus-unit.c:434 msgid "Authentication is required to restart '$(unit)'." -msgstr "重新启动“$(unit)”需要验证。" +msgstr "重新启动“$(unit)”需要认证。" #: ../src/core/dbus-unit.c:537 msgid "Authentication is required to kill '$(unit)'." -msgstr "杀死“$(unit)”需要验证。" +msgstr "杀死“$(unit)”需要认证。" #: ../src/core/dbus-unit.c:567 msgid "Authentication is required to reset the \"failed\" state of '$(unit)'." -msgstr "重置“$(unit)”的失败(\"failed\")状态需要验证。" +msgstr "重置“$(unit)”的失败(\"failed\")状态需要认证。" #: ../src/core/dbus-unit.c:599 msgid "Authentication is required to set properties on '$(unit)'." -msgstr "设置“$(unit)”的属性需要验证。" - +msgstr "设置“$(unit)”的属性需要认证。" diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c index adc9286612..6d53dd982c 100644 --- a/src/ask-password/ask-password.c +++ b/src/ask-password/ask-password.c @@ -34,6 +34,7 @@ static const char *arg_keyname = NULL; static char *arg_message = NULL; static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC; static bool arg_multiple = false; +static bool arg_no_output = false; static AskPasswordFlags arg_flags = ASK_PASSWORD_PUSH_CACHE; static void help(void) { @@ -48,6 +49,7 @@ static void help(void) { " --no-tty Ask question via agent even on TTY\n" " --accept-cached Accept cached passwords\n" " --multiple List multiple passwords if available\n" + " --no-output Do not print password to standard output\n" , program_invocation_short_name); } @@ -62,6 +64,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_MULTIPLE, ARG_ID, ARG_KEYNAME, + ARG_NO_OUTPUT, }; static const struct option options[] = { @@ -74,6 +77,7 @@ static int parse_argv(int argc, char *argv[]) { { "multiple", no_argument, NULL, ARG_MULTIPLE }, { "id", required_argument, NULL, ARG_ID }, { "keyname", required_argument, NULL, ARG_KEYNAME }, + { "no-output", no_argument, NULL, ARG_NO_OUTPUT }, {} }; @@ -125,6 +129,10 @@ static int parse_argv(int argc, char *argv[]) { arg_keyname = optarg; break; + case ARG_NO_OUTPUT: + arg_no_output = true; + break; + case '?': return -EINVAL; @@ -166,7 +174,8 @@ int main(int argc, char *argv[]) { } STRV_FOREACH(p, l) { - puts(*p); + if (!arg_no_output) + puts(*p); if (!arg_multiple) break; diff --git a/src/basic/fileio.c b/src/basic/fileio.c index 2c454e8ea2..69590941e5 100644 --- a/src/basic/fileio.c +++ b/src/basic/fileio.c @@ -588,7 +588,7 @@ static int parse_env_file_push( va_list aq, *ap = userdata; if (!utf8_is_valid(key)) { - _cleanup_free_ char *p; + _cleanup_free_ char *p = NULL; p = utf8_escape_invalid(key); log_error("%s:%u: invalid UTF-8 in key '%s', ignoring.", strna(filename), line, p); @@ -596,7 +596,7 @@ static int parse_env_file_push( } if (value && !utf8_is_valid(value)) { - _cleanup_free_ char *p; + _cleanup_free_ char *p = NULL; p = utf8_escape_invalid(value); log_error("%s:%u: invalid UTF-8 value for key %s: '%s', ignoring.", strna(filename), line, key, p); @@ -1069,7 +1069,7 @@ int fflush_and_check(FILE *f) { /* This is much like like mkostemp() but is subject to umask(). */ int mkostemp_safe(char *pattern, int flags) { - _cleanup_umask_ mode_t u; + _cleanup_umask_ mode_t u = 0; int fd; assert(pattern); diff --git a/src/basic/formats-util.h b/src/basic/formats-util.h index ce516b117d..9b4e8e98fa 100644 --- a/src/basic/formats-util.h +++ b/src/basic/formats-util.h @@ -49,7 +49,7 @@ #if SIZEOF_TIME_T == 8 # define PRI_TIME PRIi64 #elif SIZEOF_TIME_T == 4 -# define PRI_TIME PRIu32 +# define PRI_TIME "li" #else # error Unknown time_t size #endif diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c index 6f1a049d47..85b8d812b3 100644 --- a/src/basic/hashmap.c +++ b/src/basic/hashmap.c @@ -176,7 +176,7 @@ enum HashmapType { }; struct _packed_ indirect_storage { - char *storage; /* where buckets and DIBs are stored */ + void *storage; /* where buckets and DIBs are stored */ uint8_t hash_key[HASH_KEY_SIZE]; /* hash key; changes during resize */ unsigned n_entries; /* number of stored entries */ @@ -193,7 +193,7 @@ struct direct_storage { /* This gives us 39 bytes on 64bit, or 35 bytes on 32bit. * That's room for 4 set_entries + 4 DIB bytes + 3 unused bytes on 64bit, * or 7 set_entries + 7 DIB bytes + 0 unused bytes on 32bit. */ - char storage[sizeof(struct indirect_storage)]; + uint8_t storage[sizeof(struct indirect_storage)]; }; #define DIRECT_BUCKETS(entry_t) \ @@ -302,7 +302,7 @@ static void n_entries_dec(HashmapBase *h) { h->n_direct_entries--; } -static char *storage_ptr(HashmapBase *h) { +static void *storage_ptr(HashmapBase *h) { return h->has_indirect ? h->indirect.storage : h->direct.storage; } @@ -347,7 +347,7 @@ static void get_hash_key(uint8_t hash_key[HASH_KEY_SIZE], bool reuse_is_ok) { static struct hashmap_base_entry *bucket_at(HashmapBase *h, unsigned idx) { return (struct hashmap_base_entry*) - (storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size); + ((uint8_t*) storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size); } static struct plain_hashmap_entry *plain_bucket_at(Hashmap *h, unsigned idx) { @@ -381,7 +381,7 @@ static struct hashmap_base_entry *bucket_at_virtual(HashmapBase *h, struct swap_ static dib_raw_t *dib_raw_ptr(HashmapBase *h) { return (dib_raw_t*) - (storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h)); + ((uint8_t*) storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h)); } static unsigned bucket_distance(HashmapBase *h, unsigned idx, unsigned from) { @@ -1028,7 +1028,7 @@ static int hashmap_base_put_boldly(HashmapBase *h, unsigned idx, */ static int resize_buckets(HashmapBase *h, unsigned entries_add) { struct swap_entries swap; - char *new_storage; + void *new_storage; dib_raw_t *old_dibs, *new_dibs; const struct hashmap_type_info *hi; unsigned idx, optimal_idx; @@ -1095,7 +1095,7 @@ static int resize_buckets(HashmapBase *h, unsigned entries_add) { h->indirect.n_buckets = (1U << new_shift) / (hi->entry_size + sizeof(dib_raw_t)); - old_dibs = (dib_raw_t*)(new_storage + hi->entry_size * old_n_buckets); + old_dibs = (dib_raw_t*)((uint8_t*) new_storage + hi->entry_size * old_n_buckets); new_dibs = dib_raw_ptr(h); /* diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c index 3cd2f2c872..5a7ee87a20 100644 --- a/src/basic/hostname-util.c +++ b/src/basic/hostname-util.c @@ -150,6 +150,8 @@ char* hostname_cleanup(char *s) { assert(s); + strshorten(s, HOST_NAME_MAX); + for (p = s, d = s, dot = true; *p; p++) { if (*p == '.') { if (dot) @@ -169,8 +171,6 @@ char* hostname_cleanup(char *s) { else *d = 0; - strshorten(s, HOST_NAME_MAX); - return s; } diff --git a/src/basic/macro.h b/src/basic/macro.h index ddf0968d1b..c34441d75d 100644 --- a/src/basic/macro.h +++ b/src/basic/macro.h @@ -361,6 +361,12 @@ static inline unsigned long ALIGN_POWER2(unsigned long u) { _found; \ }) +#define SWAP_TWO(x, y) do { \ + typeof(x) _t = (x); \ + (x) = (y); \ + (y) = (_t); \ + } while (false) + /* Define C11 thread_local attribute even on older gcc compiler * version */ #ifndef thread_local diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c index 33f2ee96d8..5faa2eba05 100644 --- a/src/basic/mount-util.c +++ b/src/basic/mount-util.c @@ -47,7 +47,7 @@ static int fd_fdinfo_mnt_id(int fd, const char *filename, int flags, int *mnt_id if ((flags & AT_EMPTY_PATH) && isempty(filename)) xsprintf(path, "/proc/self/fdinfo/%i", fd); else { - subfd = openat(fd, filename, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_PATH); + subfd = openat(fd, filename, O_CLOEXEC|O_PATH); if (subfd < 0) return -errno; @@ -230,7 +230,7 @@ int path_is_mount_point(const char *t, int flags) { if (!parent) return -ENOMEM; - fd = openat(AT_FDCWD, parent, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_PATH); + fd = openat(AT_FDCWD, parent, O_DIRECTORY|O_CLOEXEC|O_PATH); if (fd < 0) return -errno; diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c index 6c63b9d652..5e6181f662 100644 --- a/src/basic/selinux-util.c +++ b/src/basic/selinux-util.c @@ -80,31 +80,23 @@ void mac_selinux_retest(void) { #endif } -int mac_selinux_init(const char *prefix) { +int mac_selinux_init(void) { int r = 0; #ifdef HAVE_SELINUX usec_t before_timestamp, after_timestamp; struct mallinfo before_mallinfo, after_mallinfo; - if (!mac_selinux_use()) + if (label_hnd) return 0; - if (label_hnd) + if (!mac_selinux_use()) return 0; before_mallinfo = mallinfo(); before_timestamp = now(CLOCK_MONOTONIC); - if (prefix) { - struct selinux_opt options[] = { - { .type = SELABEL_OPT_SUBSET, .value = prefix }, - }; - - label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options)); - } else - label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); - + label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); if (!label_hnd) { log_enforcing("Failed to initialize SELinux context: %m"); r = security_getenforce() == 1 ? -errno : 0; @@ -225,7 +217,7 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) { return -errno; sclass = string_to_security_class("process"); - r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label); + r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label); if (r < 0) return -errno; #endif @@ -304,7 +296,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char * return -ENOMEM; sclass = string_to_security_class("process"); - r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label); + r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label); if (r < 0) return -errno; #endif @@ -358,7 +350,7 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) { log_enforcing("Failed to determine SELinux security context for %s: %m", path); } else { - if (setfscreatecon(filecon) >= 0) + if (setfscreatecon_raw(filecon) >= 0) return 0; /* Success! */ log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, path); diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h index 27e8edb41b..ce6bc8e44c 100644 --- a/src/basic/selinux-util.h +++ b/src/basic/selinux-util.h @@ -29,7 +29,7 @@ bool mac_selinux_use(void); bool mac_selinux_have(void); void mac_selinux_retest(void); -int mac_selinux_init(const char *prefix); +int mac_selinux_init(void); void mac_selinux_finish(void); int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs); diff --git a/src/basic/set.h b/src/basic/set.h index 2bff5062da..e0d9dd001c 100644 --- a/src/basic/set.h +++ b/src/basic/set.h @@ -126,6 +126,9 @@ int set_put_strdupv(Set *s, char **l); #define SET_FOREACH(e, s, i) \ for ((i) = ITERATOR_FIRST; set_iterate((s), &(i), (void**)&(e)); ) +#define SET_FOREACH_MOVE(e, d, s) \ + for (; ({ e = set_first(s); assert_se(!e || set_move_one(d, s, e) >= 0); e; }); ) + DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free); DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free_free); diff --git a/src/basic/xattr-util.c b/src/basic/xattr-util.c index 8d7f14f382..8256899eda 100644 --- a/src/basic/xattr-util.c +++ b/src/basic/xattr-util.c @@ -110,7 +110,7 @@ ssize_t fgetxattrat_fake(int dirfd, const char *filename, const char *attribute, /* The kernel doesn't have a fgetxattrat() command, hence let's emulate one */ - fd = openat(dirfd, filename, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_PATH|(flags & AT_SYMLINK_NOFOLLOW ? O_NOFOLLOW : 0)); + fd = openat(dirfd, filename, O_CLOEXEC|O_PATH|(flags & AT_SYMLINK_NOFOLLOW ? O_NOFOLLOW : 0)); if (fd < 0) return -errno; diff --git a/src/core/failure-action.c b/src/core/failure-action.c index 39f5519ca1..bb2bc3f399 100644 --- a/src/core/failure-action.c +++ b/src/core/failure-action.c @@ -62,7 +62,8 @@ int failure_action( log_and_status(m, "Rebooting as result of failure."); update_reboot_param_file(reboot_arg); - (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_REBOOT_TARGET, JOB_REPLACE, NULL); + (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_REBOOT_TARGET, + JOB_REPLACE_IRREVERSIBLY, NULL); break; @@ -89,7 +90,8 @@ int failure_action( case FAILURE_ACTION_POWEROFF: log_and_status(m, "Powering off as result of failure."); - (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE, NULL); + (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, + JOB_REPLACE_IRREVERSIBLY, NULL); break; case FAILURE_ACTION_POWEROFF_FORCE: diff --git a/src/core/main.c b/src/core/main.c index 2c315930ed..1783b9c7af 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1369,7 +1369,7 @@ int main(int argc, char *argv[]) { dual_timestamp_get(&security_finish_timestamp); } - if (mac_selinux_init(NULL) < 0) { + if (mac_selinux_init() < 0) { error_message = "Failed to initialize SELinux policy"; goto finish; } @@ -1435,9 +1435,7 @@ int main(int argc, char *argv[]) { /* clear the kernel timestamp, * because we are in a container */ - kernel_timestamp.monotonic = 0ULL; - kernel_timestamp.realtime = 0ULL; - + kernel_timestamp = DUAL_TIMESTAMP_NULL; } else { /* Running as user instance */ arg_running_as = MANAGER_USER; diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index 7790ab865d..435e3805c4 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -245,7 +245,7 @@ static int process_locale(void) { int r; etc_localeconf = prefix_roota(arg_root, "/etc/locale.conf"); - if (faccessat(AT_FDCWD, etc_localeconf, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) + if (laccess(etc_localeconf, F_OK) >= 0) return 0; if (arg_copy_locale && arg_root) { @@ -319,7 +319,7 @@ static int process_timezone(void) { int r; etc_localtime = prefix_roota(arg_root, "/etc/localtime"); - if (faccessat(AT_FDCWD, etc_localtime, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) + if (laccess(etc_localtime, F_OK) >= 0) return 0; if (arg_copy_timezone && arg_root) { @@ -399,7 +399,7 @@ static int process_hostname(void) { int r; etc_hostname = prefix_roota(arg_root, "/etc/hostname"); - if (faccessat(AT_FDCWD, etc_hostname, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) + if (laccess(etc_hostname, F_OK) >= 0) return 0; r = prompt_hostname(); @@ -424,7 +424,7 @@ static int process_machine_id(void) { int r; etc_machine_id = prefix_roota(arg_root, "/etc/machine-id"); - if (faccessat(AT_FDCWD, etc_machine_id, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) + if (laccess(etc_machine_id, F_OK) >= 0) return 0; if (sd_id128_equal(arg_machine_id, SD_ID128_NULL)) @@ -450,7 +450,7 @@ static int prompt_root_password(void) { return 0; etc_shadow = prefix_roota(arg_root, "/etc/shadow"); - if (faccessat(AT_FDCWD, etc_shadow, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) + if (laccess(etc_shadow, F_OK) >= 0) return 0; print_welcome(); @@ -533,7 +533,7 @@ static int process_root_password(void) { int r; etc_shadow = prefix_roota(arg_root, "/etc/shadow"); - if (faccessat(AT_FDCWD, etc_shadow, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) + if (laccess(etc_shadow, F_OK) >= 0) return 0; mkdir_parents(etc_shadow, 0755); diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c index c37e32e96b..d11756e615 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -706,7 +706,7 @@ int main(int argc, char *argv[]) { log_open(); umask(0022); - mac_selinux_init("/etc"); + mac_selinux_init(); if (argc != 1) { log_error("This program takes no arguments."); diff --git a/src/journal/compress.c b/src/journal/compress.c index 1933b87b00..c43849c46a 100644 --- a/src/journal/compress.c +++ b/src/journal/compress.c @@ -17,6 +17,7 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ +#include <inttypes.h> #include <stdlib.h> #include <string.h> #include <sys/mman.h> @@ -498,7 +499,7 @@ int compress_stream_lz4(int fdf, int fdt, uint64_t max_bytes) { total_out += n; if (max_bytes != (uint64_t) -1 && total_out > (size_t) max_bytes) { - log_debug("Compressed stream longer than %zd bytes", max_bytes); + log_debug("Compressed stream longer than %"PRIu64" bytes", max_bytes); return -EFBIG; } @@ -649,7 +650,7 @@ int decompress_stream_lz4(int in, int out, uint64_t max_bytes) { total_out += produced; if (max_bytes != (uint64_t) -1 && total_out > (size_t) max_bytes) { - log_debug("Decompressed stream longer than %zd bytes", max_bytes); + log_debug("Decompressed stream longer than %"PRIu64" bytes", max_bytes); r = -EFBIG; goto cleanup; } diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c index ac75e39312..3c21d4129e 100644 --- a/src/journal/sd-journal.c +++ b/src/journal/sd-journal.c @@ -19,6 +19,7 @@ #include <errno.h> #include <fcntl.h> +#include <inttypes.h> #include <linux/magic.h> #include <poll.h> #include <stddef.h> @@ -1957,7 +1958,7 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** &f->compress_buffer, &f->compress_buffer_size, field, field_length, '='); if (r < 0) - log_debug_errno(r, "Cannot decompress %s object of length %zu at offset "OFSfmt": %m", + log_debug_errno(r, "Cannot decompress %s object of length %"PRIu64" at offset "OFSfmt": %m", object_compressed_to_string(compression), l, p); else if (r > 0) { diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c index d484c37a73..1188b31500 100644 --- a/src/libsystemd-network/sd-dhcp-client.c +++ b/src/libsystemd-network/sd-dhcp-client.c @@ -408,7 +408,7 @@ static void client_stop(sd_dhcp_client *client, int error) { static int client_message_init(sd_dhcp_client *client, DHCPPacket **ret, uint8_t type, size_t *_optlen, size_t *_optoffset) { - _cleanup_free_ DHCPPacket *packet; + _cleanup_free_ DHCPPacket *packet = NULL; size_t optlen, optoffset, size; be16_t max_size; usec_t time_now; diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index 7a119fd488..ef50ed17a1 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -825,7 +825,7 @@ int dhcp_lease_save(sd_dhcp_lease *lease, const char *lease_file) { r = sd_dhcp_lease_get_client_id(lease, &client_id, &client_id_len); if (r >= 0) { - _cleanup_free_ char *client_id_hex; + _cleanup_free_ char *client_id_hex = NULL; client_id_hex = hexmem(client_id, client_id_len); if (!client_id_hex) { diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index 542c37e41b..b8958ec7bb 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -1131,10 +1131,7 @@ _public_ int sd_bus_message_set_expect_reply(sd_bus_message *m, int b) { assert_return(!m->sealed, -EPERM); assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EPERM); - if (b) - m->header->flags &= ~BUS_MESSAGE_NO_REPLY_EXPECTED; - else - m->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED; + SET_FLAG(m->header->flags, BUS_MESSAGE_NO_REPLY_EXPECTED, !b); return 0; } @@ -1143,10 +1140,7 @@ _public_ int sd_bus_message_set_auto_start(sd_bus_message *m, int b) { assert_return(m, -EINVAL); assert_return(!m->sealed, -EPERM); - if (b) - m->header->flags &= ~BUS_MESSAGE_NO_AUTO_START; - else - m->header->flags |= BUS_MESSAGE_NO_AUTO_START; + SET_FLAG(m->header->flags, BUS_MESSAGE_NO_AUTO_START, !b); return 0; } @@ -1155,10 +1149,7 @@ _public_ int sd_bus_message_set_allow_interactive_authorization(sd_bus_message * assert_return(m, -EINVAL); assert_return(!m->sealed, -EPERM); - if (b) - m->header->flags |= BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION; - else - m->header->flags &= ~BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION; + SET_FLAG(m->header->flags, BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION, b); return 0; } diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index cc15afeb1c..862f26aad7 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -313,10 +313,7 @@ _public_ int sd_bus_negotiate_creds(sd_bus *bus, int b, uint64_t mask) { assert_return(!IN_SET(bus->state, BUS_CLOSING, BUS_CLOSED), -EPERM); assert_return(!bus_pid_changed(bus), -ECHILD); - if (b) - bus->creds_mask |= mask; - else - bus->creds_mask &= ~mask; + SET_FLAG(bus->creds_mask, mask, b); /* The well knowns we need unconditionally, so that matches can work */ bus->creds_mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME; diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c index 3924300817..f56798674c 100644 --- a/src/libsystemd/sd-netlink/netlink-message.c +++ b/src/libsystemd/sd-netlink/netlink-message.c @@ -107,10 +107,7 @@ int sd_netlink_message_request_dump(sd_netlink_message *m, int dump) { m->hdr->nlmsg_type == RTM_GETNEIGH, -EINVAL); - if (dump) - m->hdr->nlmsg_flags |= NLM_F_DUMP; - else - m->hdr->nlmsg_flags &= ~NLM_F_DUMP; + SET_FLAG(m->hdr->nlmsg_flags, NLM_F_DUMP, dump); return 0; } diff --git a/src/locale/localed.c b/src/locale/localed.c index cc86c61edb..46405ca68a 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@ -1296,7 +1296,7 @@ int main(int argc, char *argv[]) { log_open(); umask(0022); - mac_selinux_init("/etc"); + mac_selinux_init(); if (argc != 1) { log_error("This program takes no arguments."); diff --git a/src/login/logind.c b/src/login/logind.c index 933602eb08..d5f6757bd3 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -1126,7 +1126,7 @@ int main(int argc, char *argv[]) { goto finish; } - r = mac_selinux_init("/run"); + r = mac_selinux_init(); if (r < 0) { log_error_errno(r, "Could not initialize labelling: %m"); goto finish; diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index f175788977..491b9a3efa 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -629,10 +629,7 @@ int config_parse_ipv4ll( * config_parse_address_family_boolean(), except that it * applies only to IPv4 */ - if (parse_boolean(rvalue)) - *link_local |= ADDRESS_FAMILY_IPV4; - else - *link_local &= ~ADDRESS_FAMILY_IPV4; + SET_FLAG(*link_local, ADDRESS_FAMILY_IPV4, parse_boolean(rvalue)); return 0; } diff --git a/src/resolve/resolve-tool.c b/src/resolve/resolve-tool.c index 484fbb4d92..009cc73aec 100644 --- a/src/resolve/resolve-tool.c +++ b/src/resolve/resolve-tool.c @@ -1280,40 +1280,28 @@ static int parse_argv(int argc, char *argv[]) { r = parse_boolean(optarg); if (r < 0) return log_error_errno(r, "Failed to parse --cname= argument."); - if (r == 0) - arg_flags |= SD_RESOLVED_NO_CNAME; - else - arg_flags &= ~SD_RESOLVED_NO_CNAME; + SET_FLAG(arg_flags, SD_RESOLVED_NO_CNAME, r == 0); break; case ARG_SERVICE_ADDRESS: r = parse_boolean(optarg); if (r < 0) return log_error_errno(r, "Failed to parse --service-address= argument."); - if (r == 0) - arg_flags |= SD_RESOLVED_NO_ADDRESS; - else - arg_flags &= ~SD_RESOLVED_NO_ADDRESS; + SET_FLAG(arg_flags, SD_RESOLVED_NO_ADDRESS, r == 0); break; case ARG_SERVICE_TXT: r = parse_boolean(optarg); if (r < 0) return log_error_errno(r, "Failed to parse --service-txt= argument."); - if (r == 0) - arg_flags |= SD_RESOLVED_NO_TXT; - else - arg_flags &= ~SD_RESOLVED_NO_TXT; + SET_FLAG(arg_flags, SD_RESOLVED_NO_TXT, r == 0); break; case ARG_SEARCH: r = parse_boolean(optarg); if (r < 0) return log_error_errno(r, "Failed to parse --search argument."); - if (r == 0) - arg_flags |= SD_RESOLVED_NO_SEARCH; - else - arg_flags &= ~SD_RESOLVED_NO_SEARCH; + SET_FLAG(arg_flags, SD_RESOLVED_NO_SEARCH, r == 0); break; case ARG_STATISTICS: diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index a46674f6fe..706f8c14ed 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -62,6 +62,7 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) { while ((t = set_steal_first(c->transactions))) { set_remove(t->notify_query_candidates, c); + set_remove(t->notify_query_candidates_done, c); dns_transaction_gc(t); } } @@ -139,6 +140,10 @@ static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResource if (r < 0) goto gc; + r = set_ensure_allocated(&t->notify_query_candidates_done, NULL); + if (r < 0) + goto gc; + r = set_put(t->notify_query_candidates, c); if (r < 0) goto gc; diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 57f9455131..a5129c201e 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -52,6 +52,7 @@ static void dns_transaction_flush_dnssec_transactions(DnsTransaction *t) { while ((z = set_steal_first(t->dnssec_transactions))) { set_remove(z->notify_transactions, t); + set_remove(z->notify_transactions_done, t); dns_transaction_gc(z); } } @@ -100,14 +101,26 @@ DnsTransaction* dns_transaction_free(DnsTransaction *t) { set_remove(c->transactions, t); set_free(t->notify_query_candidates); + while ((c = set_steal_first(t->notify_query_candidates_done))) + set_remove(c->transactions, t); + set_free(t->notify_query_candidates_done); + while ((i = set_steal_first(t->notify_zone_items))) i->probe_transaction = NULL; set_free(t->notify_zone_items); + while ((i = set_steal_first(t->notify_zone_items_done))) + i->probe_transaction = NULL; + set_free(t->notify_zone_items_done); + while ((z = set_steal_first(t->notify_transactions))) set_remove(z->dnssec_transactions, t); set_free(t->notify_transactions); + while ((z = set_steal_first(t->notify_transactions_done))) + set_remove(z->dnssec_transactions, t); + set_free(t->notify_transactions_done); + dns_transaction_flush_dnssec_transactions(t); set_free(t->dnssec_transactions); @@ -127,8 +140,11 @@ bool dns_transaction_gc(DnsTransaction *t) { return true; if (set_isempty(t->notify_query_candidates) && + set_isempty(t->notify_query_candidates_done) && set_isempty(t->notify_zone_items) && - set_isempty(t->notify_transactions)) { + set_isempty(t->notify_zone_items_done) && + set_isempty(t->notify_transactions) && + set_isempty(t->notify_transactions_done)) { dns_transaction_free(t); return false; } @@ -266,6 +282,7 @@ static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) { log_debug("We have the lexicographically larger IP address and thus lost in the conflict."); t->block_gc++; + while ((z = set_first(t->notify_zone_items))) { /* First, make sure the zone item drops the reference * to us */ @@ -284,7 +301,6 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) { DnsQueryCandidate *c; DnsZoneItem *z; DnsTransaction *d; - Iterator i; const char *st; char key_str[DNS_RESOURCE_KEY_STRING_MAX]; @@ -333,39 +349,17 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) { * transaction isn't freed while we are still looking at it */ t->block_gc++; - SET_FOREACH(c, t->notify_query_candidates, i) + SET_FOREACH_MOVE(c, t->notify_query_candidates_done, t->notify_query_candidates) dns_query_candidate_notify(c); - SET_FOREACH(z, t->notify_zone_items, i) - dns_zone_item_notify(z); + SWAP_TWO(t->notify_query_candidates, t->notify_query_candidates_done); - if (!set_isempty(t->notify_transactions)) { - DnsTransaction **nt; - unsigned j, n = 0; - - /* We need to be careful when notifying other - * transactions, as that might destroy other - * transactions in our list. Hence, in order to be - * able to safely iterate through the list of - * transactions, take a GC lock on all of them - * first. Then, in a second loop, notify them, but - * first unlock that specific transaction. */ - - nt = newa(DnsTransaction*, set_size(t->notify_transactions)); - SET_FOREACH(d, t->notify_transactions, i) { - nt[n++] = d; - d->block_gc++; - } - - assert(n == set_size(t->notify_transactions)); + SET_FOREACH_MOVE(z, t->notify_zone_items_done, t->notify_zone_items) + dns_zone_item_notify(z); + SWAP_TWO(t->notify_zone_items, t->notify_zone_items_done); - for (j = 0; j < n; j++) { - if (set_contains(t->notify_transactions, nt[j])) - dns_transaction_notify(nt[j], t); - - nt[j]->block_gc--; - dns_transaction_gc(nt[j]); - } - } + SET_FOREACH_MOVE(d, t->notify_transactions_done, t->notify_transactions) + dns_transaction_notify(d, t); + SWAP_TWO(t->notify_transactions, t->notify_transactions_done); t->block_gc--; dns_transaction_gc(t); @@ -1626,6 +1620,10 @@ static int dns_transaction_add_dnssec_transaction(DnsTransaction *t, DnsResource if (r < 0) goto gc; + r = set_ensure_allocated(&aux->notify_transactions_done, NULL); + if (r < 0) + goto gc; + r = set_put(t->dnssec_transactions, aux); if (r < 0) goto gc; diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h index 491c62d772..eaece91533 100644 --- a/src/resolve/resolved-dns-transaction.h +++ b/src/resolve/resolved-dns-transaction.h @@ -118,17 +118,17 @@ struct DnsTransaction { /* Query candidates this transaction is referenced by and that * shall be notified about this specific transaction * completing. */ - Set *notify_query_candidates; + Set *notify_query_candidates, *notify_query_candidates_done; /* Zone items this transaction is referenced by and that shall * be notified about completion. */ - Set *notify_zone_items; + Set *notify_zone_items, *notify_zone_items_done; /* Other transactions that this transactions is referenced by * and that shall be notified about completion. This is used * when transactions want to validate their RRsets, but need * another DNSKEY or DS RR to do so. */ - Set *notify_transactions; + Set *notify_transactions, *notify_transactions_done; /* The opposite direction: the transactions this transaction * created in order to request DNSKEY or DS RRs. */ diff --git a/src/resolve/resolved-dns-zone.c b/src/resolve/resolved-dns-zone.c index 03813da6a2..850eed8cb8 100644 --- a/src/resolve/resolved-dns-zone.c +++ b/src/resolve/resolved-dns-zone.c @@ -38,6 +38,7 @@ void dns_zone_item_probe_stop(DnsZoneItem *i) { i->probe_transaction = NULL; set_remove(t->notify_zone_items, i); + set_remove(t->notify_zone_items_done, i); dns_transaction_gc(t); } @@ -186,6 +187,10 @@ static int dns_zone_item_probe_start(DnsZoneItem *i) { if (r < 0) goto gc; + r = set_ensure_allocated(&t->notify_zone_items_done, NULL); + if (r < 0) + goto gc; + r = set_put(t->notify_zone_items, i); if (r < 0) goto gc; diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c index c7e2ab14d6..161ea03412 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c @@ -48,7 +48,7 @@ int main(int argc, char *argv[]) { umask(0022); - r = mac_selinux_init(NULL); + r = mac_selinux_init(); if (r < 0) { log_error_errno(r, "SELinux setup failed: %m"); goto finish; diff --git a/src/shared/ptyfwd.c b/src/shared/ptyfwd.c index 061d31f4de..02c03b98d8 100644 --- a/src/shared/ptyfwd.c +++ b/src/shared/ptyfwd.c @@ -461,10 +461,7 @@ int pty_forward_set_ignore_vhangup(PTYForward *f, bool b) { if (!!(f->flags & PTY_FORWARD_IGNORE_VHANGUP) == b) return 0; - if (b) - f->flags |= PTY_FORWARD_IGNORE_VHANGUP; - else - f->flags &= ~PTY_FORWARD_IGNORE_VHANGUP; + SET_FLAG(f->flags, PTY_FORWARD_IGNORE_VHANGUP, b); if (!ignore_vhangup(f)) { diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c index 85b99ce161..ce8efce3d5 100644 --- a/src/stdio-bridge/stdio-bridge.c +++ b/src/stdio-bridge/stdio-bridge.c @@ -234,12 +234,14 @@ int main(int argc, char *argv[]) { fd = sd_bus_get_fd(a); if (fd < 0) { + r = fd; log_error_errno(r, "Failed to get fd: %m"); goto finish; } events_a = sd_bus_get_events(a); if (events_a < 0) { + r = events_a; log_error_errno(r, "Failed to get events mask: %m"); goto finish; } @@ -252,6 +254,7 @@ int main(int argc, char *argv[]) { events_b = sd_bus_get_events(b); if (events_b < 0) { + r = events_b; log_error_errno(r, "Failed to get events mask: %m"); goto finish; } diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 8e39b7a342..180c8f9656 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -2616,7 +2616,10 @@ static int start_unit_one( if (!sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) && !sd_bus_error_has_name(error, BUS_ERROR_UNIT_MASKED)) - log_error("See system logs and 'systemctl status %s' for details.", name); + log_error("See %s logs and 'systemctl%s status %s' for details.", + arg_scope == UNIT_FILE_SYSTEM ? "system" : "user", + arg_scope == UNIT_FILE_SYSTEM ? "" : " --user", + name); return r; } @@ -6188,9 +6191,24 @@ static int edit(int argc, char *argv[], void *userdata) { r = daemon_reload(argc, argv, userdata); end: - STRV_FOREACH_PAIR(original, tmp, paths) + STRV_FOREACH_PAIR(original, tmp, paths) { (void) unlink(*tmp); + /* Removing empty dropin dirs */ + if (!arg_full) { + _cleanup_free_ char *dir; + + dir = dirname_malloc(*original); + if (!dir) + return log_oom(); + + /* no need to check if the dir is empty, rmdir + * does nothing if it is not the case. + */ + (void) rmdir(dir); + } + } + return r; } @@ -7289,6 +7307,7 @@ static int parse_argv(int argc, char *argv[]) { return systemctl_parse_argv(argc, argv); } +#ifdef HAVE_SYSV_COMPAT _pure_ static int action_to_runlevel(void) { static const char table[_ACTION_MAX] = { @@ -7306,6 +7325,7 @@ _pure_ static int action_to_runlevel(void) { return table[arg_action]; } +#endif static int talk_initctl(void) { #ifdef HAVE_SYSV_COMPAT diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 863c628323..4377f1b910 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -1820,7 +1820,7 @@ int main(int argc, char *argv[]) { umask(0022); - r = mac_selinux_init(NULL); + r = mac_selinux_init(); if (r < 0) { log_error_errno(r, "SELinux setup failed: %m"); goto finish; diff --git a/src/test/test-clock.c b/src/test/test-clock.c index 92c4f79b98..84f775e5bc 100644 --- a/src/test/test-clock.c +++ b/src/test/test-clock.c @@ -20,17 +20,18 @@ #include <unistd.h> #include <fcntl.h> -#include "macro.h" +#include "clock-util.h" +#include "fd-util.h" #include "fileio.h" #include "log.h" -#include "clock-util.h" +#include "macro.h" static void test_clock_is_localtime(void) { char adjtime[] = "/tmp/test-adjtime.XXXXXX"; - int fd; - FILE* f; + int fd = -1; + _cleanup_fclose_ FILE* f = NULL; - const struct scenario { + static const struct scenario { const char* contents; int expected_result; } scenarios[] = { @@ -55,10 +56,10 @@ static void test_clock_is_localtime(void) { assert_se(clock_is_localtime("/nonexisting/adjtime") == 0); fd = mkostemp_safe(adjtime, O_WRONLY|O_CLOEXEC); - assert(fd > 0); + assert_se(fd >= 0); log_info("adjtime test file: %s", adjtime); f = fdopen(fd, "w"); - assert(f); + assert_se(f); for (size_t i = 0; i < ELEMENTSOF(scenarios); ++i) { log_info("scenario #%zu:, expected result %i", i, scenarios[i].expected_result); @@ -81,10 +82,10 @@ static void test_clock_is_localtime_system(void) { log_info("/etc/adjtime exists, clock_is_localtime() == %i", r); /* if /etc/adjtime exists we expect some answer, no error or * crash */ - assert(r == 0 || r == 1); + assert_se(r == 0 || r == 1); } else /* default is UTC if there is no /etc/adjtime */ - assert(r == 0); + assert_se(r == 0); } int main(int argc, char *argv[]) { diff --git a/src/test/test-selinux.c b/src/test/test-selinux.c new file mode 100644 index 0000000000..c2152269f8 --- /dev/null +++ b/src/test/test-selinux.c @@ -0,0 +1,117 @@ +/*** + This file is part of systemd. + + Copyright 2016 Zbigniew Jędrzejewski-Szmek + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <sys/stat.h> + +#include "alloc-util.h" +#include "fd-util.h" +#include "log.h" +#include "selinux-util.h" +#include "time-util.h" + +static void test_testing(void) { + bool b; + + log_info("============ %s ==========", __func__); + + b = mac_selinux_use(); + log_info("mac_selinux_use → %d", b); + + b = mac_selinux_have(); + log_info("mac_selinux_have → %d", b); + + mac_selinux_retest(); + + b = mac_selinux_use(); + log_info("mac_selinux_use → %d", b); + + b = mac_selinux_have(); + log_info("mac_selinux_have → %d", b); +} + +static void test_loading(void) { + usec_t n1, n2; + int r; + + log_info("============ %s ==========", __func__); + + n1 = now(CLOCK_MONOTONIC); + r = mac_selinux_init(); + n2 = now(CLOCK_MONOTONIC); + log_info_errno(r, "mac_selinux_init → %d (%m) %.2fs", r, (n2 - n1)/1e6); +} + +static void test_cleanup(void) { + usec_t n1, n2; + + log_info("============ %s ==========", __func__); + + n1 = now(CLOCK_MONOTONIC); + mac_selinux_finish(); + n2 = now(CLOCK_MONOTONIC); + log_info("mac_selinux_finish → %.2fs", (n2 - n1)/1e6); +} + +static void test_misc(const char* fname) { + _cleanup_(mac_selinux_freep) char *label = NULL, *label2 = NULL, *label3 = NULL; + int r; + _cleanup_close_ int fd = -1; + + log_info("============ %s ==========", __func__); + + r = mac_selinux_get_our_label(&label); + log_info_errno(r, "mac_selinux_get_our_label → %d (%m), \"%s\"", r, label); + + r = mac_selinux_get_create_label_from_exe(fname, &label2); + log_info_errno(r, "mac_selinux_create_label_from_exe → %d (%m), \"%s\"", r, label2); + + fd = socket(AF_INET, SOCK_DGRAM, 0); + assert_se(fd >= 0); + + r = mac_selinux_get_child_mls_label(fd, fname, label2, &label3); + log_info_errno(r, "mac_selinux_get_child_mls_label → %d (%m), \"%s\"", r, label3); +} + +static void test_create_file_prepare(const char* fname) { + int r; + + log_info("============ %s ==========", __func__); + + r = mac_selinux_create_file_prepare(fname, S_IRWXU); + log_info_errno(r, "mac_selinux_create_file_prepare → %d (%m)", r); + + mac_selinux_create_file_clear(); +} + +int main(int argc, char **argv) { + const char *path = SYSTEMD_BINARY_PATH; + if (argc >= 2) + path = argv[1]; + + log_set_max_level(LOG_DEBUG); + log_parse_environment(); + + test_testing(); + test_loading(); + test_misc(path); + test_create_file_prepare(path); + test_cleanup(); + + return 0; +} diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c new file mode 100644 index 0000000000..8f99a13772 --- /dev/null +++ b/src/test/test-sizeof.c @@ -0,0 +1,53 @@ +/*** + This file is part of systemd. + + Copyright 2016 Zbigniew Jędrzejewski-Szmek + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include "log.h" +#include "time-util.h" + +/* Print information about various types. Useful when diagnosing + * gcc diagnostics on an unfamiliar architecture. */ + +#pragma GCC diagnostic ignored "-Wtype-limits" + +#define info(t) \ + log_info("%s → %zu bits%s", STRINGIFY(t), \ + sizeof(t)*CHAR_BIT, \ + strstr(STRINGIFY(t), "signed") ? "" : \ + ((t)-1 < (t)0 ? ", signed" : ", unsigned")); + +int main(void) { + info(char); + info(signed char); + info(unsigned char); + info(short unsigned); + info(unsigned); + info(long unsigned); + info(long long unsigned); + + info(float); + info(double); + info(long double); + + info(size_t); + info(ssize_t); + info(time_t); + info(usec_t); + + return 0; +} diff --git a/src/test/test-udev.c b/src/test/test-udev.c index 9cc64f7c68..d01789fe08 100644 --- a/src/test/test-udev.c +++ b/src/test/test-udev.c @@ -93,7 +93,7 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; log_debug("version %s", VERSION); - mac_selinux_init("/dev"); + mac_selinux_init(); action = argv[1]; if (action == NULL) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c index 9406d28abe..ffec609c69 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c @@ -131,10 +131,10 @@ static int context_write_data_local_rtc(Context *c) { size_t a, b; p = strchrnul(s, '\n'); - if (*p == '\0') { + if (*p == '\0') /* only one line, no \n terminator */ prepend = "\n0\n"; - } else if (p[1] == '\0') { + else if (p[1] == '\0') { /* only one line, with \n terminator */ ++p; prepend = "0\n"; @@ -173,7 +173,7 @@ static int context_write_data_local_rtc(Context *c) { } } - mac_selinux_init("/etc"); + mac_selinux_init(); return write_string_file_atomic_label("/etc/adjtime", w); } diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 7b105a6bd4..efd264b34d 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -613,7 +613,7 @@ static int path_set_perms(Item *i, const char *path) { * with AT_SYMLINK_NOFOLLOW, hence we emulate it here via * O_PATH. */ - fd = open(path, O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH|O_NOATIME); + fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); if (fd < 0) return log_error_errno(errno, "Adjusting owner and mode for %s failed: %m", path); @@ -804,7 +804,7 @@ static int path_set_acls(Item *item, const char *path) { assert(item); assert(path); - fd = open(path, O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH|O_NOATIME); + fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); if (fd < 0) return log_error_errno(errno, "Adjusting ACL of %s failed: %m", path); @@ -917,10 +917,7 @@ static int parse_attribute_from_arg(Item *item) { v = attributes[i].value; - if (mode == MODE_ADD || mode == MODE_SET) - value |= v; - else - value &= ~v; + SET_FLAG(value, v, (mode == MODE_ADD || mode == MODE_SET)); mask |= v; } @@ -2288,7 +2285,7 @@ int main(int argc, char *argv[]) { umask(0022); - mac_selinux_init(NULL); + mac_selinux_init(); items = ordered_hashmap_new(&string_hash_ops); globs = ordered_hashmap_new(&string_hash_ops); diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c index 7bd2c1ea42..a6a873e5de 100644 --- a/src/udev/udevadm.c +++ b/src/udev/udevadm.c @@ -93,7 +93,7 @@ int main(int argc, char *argv[]) { log_parse_environment(); log_open(); - mac_selinux_init("/dev"); + mac_selinux_init(); while ((c = getopt_long(argc, argv, "+dhV", options, NULL)) >= 0) switch (c) { diff --git a/src/udev/udevd.c b/src/udev/udevd.c index bb92f16352..243df7386f 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -1695,7 +1695,7 @@ int main(int argc, char *argv[]) { umask(022); - r = mac_selinux_init("/dev"); + r = mac_selinux_init(); if (r < 0) { log_error_errno(r, "could not initialize labelling: %m"); goto exit; diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c index 931e583785..da306a4444 100644 --- a/src/update-done/update-done.c +++ b/src/update-done/update-done.c @@ -101,7 +101,7 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; } - r = mac_selinux_init(NULL); + r = mac_selinux_init(); if (r < 0) { log_error_errno(r, "SELinux setup failed: %m"); goto finish; diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c index 8bf44e2100..9b29b5ba1d 100644 --- a/src/user-sessions/user-sessions.c +++ b/src/user-sessions/user-sessions.c @@ -40,7 +40,7 @@ int main(int argc, char*argv[]) { umask(0022); - mac_selinux_init(NULL); + mac_selinux_init(); if (streq(argv[1], "start")) { int r = 0; diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in index eb10343ac6..1927c4d485 100644 --- a/units/systemd-nspawn@.service.in +++ b/units/systemd-nspawn@.service.in @@ -6,14 +6,14 @@ # (at your option) any later version. [Unit] -Description=Container %I +Description=Container %i Documentation=man:systemd-nspawn(1) PartOf=machines.target Before=machines.target After=network.target [Service] -ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%I +ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%i KillMode=mixed Type=notify RestartForceExitStatus=133 |