diff options
| -rw-r--r-- | rules/50-udev-default.rules | 2 | ||||
| -rw-r--r-- | src/core/automount.c | 78 | ||||
| -rw-r--r-- | src/core/service.c | 14 | ||||
| -rw-r--r-- | src/cryptsetup/cryptsetup-generator.c | 8 | ||||
| -rw-r--r-- | src/hostname/hostnamed.c | 1 | ||||
| -rw-r--r-- | src/resolve/resolved-dns-trust-anchor.c | 72 |
6 files changed, 116 insertions, 59 deletions
diff --git a/rules/50-udev-default.rules b/rules/50-udev-default.rules index e9eeb8518e..3347c8cd89 100644 --- a/rules/50-udev-default.rules +++ b/rules/50-udev-default.rules @@ -74,4 +74,6 @@ KERNEL=="tun", MODE="0666", OPTIONS+="static_node=net/tun" KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse" +SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK += "ptp_kvm" + LABEL="default_end" diff --git a/src/core/automount.c b/src/core/automount.c index 8ff1ca90f7..99e8047620 100644 --- a/src/core/automount.c +++ b/src/core/automount.c @@ -101,17 +101,17 @@ static void unmount_autofs(Automount *a) { a->pipe_event_source = sd_event_source_unref(a->pipe_event_source); a->pipe_fd = safe_close(a->pipe_fd); - /* If we reload/reexecute things we keep the mount point - * around */ - if (a->where && - (UNIT(a)->manager->exit_code != MANAGER_RELOAD && - UNIT(a)->manager->exit_code != MANAGER_REEXECUTE)) { + /* If we reload/reexecute things we keep the mount point around */ + if (!IN_SET(UNIT(a)->manager->exit_code, MANAGER_RELOAD, MANAGER_REEXECUTE)) { + automount_send_ready(a, a->tokens, -EHOSTDOWN); automount_send_ready(a, a->expire_tokens, -EHOSTDOWN); - r = repeat_unmount(a->where, MNT_DETACH); - if (r < 0) - log_error_errno(r, "Failed to unmount: %m"); + if (a->where) { + r = repeat_unmount(a->where, MNT_DETACH); + if (r < 0) + log_error_errno(r, "Failed to unmount: %m"); + } } } @@ -186,6 +186,22 @@ static int automount_verify(Automount *a) { return 0; } +static int automount_set_where(Automount *a) { + int r; + + assert(a); + + if (a->where) + return 0; + + r = unit_name_to_path(UNIT(a)->id, &a->where); + if (r < 0) + return r; + + path_kill_slashes(a->where); + return 1; +} + static int automount_load(Unit *u) { Automount *a = AUTOMOUNT(u); int r; @@ -201,13 +217,9 @@ static int automount_load(Unit *u) { if (u->load_state == UNIT_LOADED) { Unit *x; - if (!a->where) { - r = unit_name_to_path(u->id, &a->where); - if (r < 0) - return r; - } - - path_kill_slashes(a->where); + r = automount_set_where(a); + if (r < 0) + return r; r = unit_load_related_unit(u, ".mount", &x); if (r < 0) @@ -256,26 +268,30 @@ static int automount_coldplug(Unit *u) { assert(a); assert(a->state == AUTOMOUNT_DEAD); - if (a->deserialized_state != a->state) { + if (a->deserialized_state == a->state) + return 0; + + if (IN_SET(a->deserialized_state, AUTOMOUNT_WAITING, AUTOMOUNT_RUNNING)) { + + r = automount_set_where(a); + if (r < 0) + return r; r = open_dev_autofs(u->manager); if (r < 0) return r; - if (a->deserialized_state == AUTOMOUNT_WAITING || - a->deserialized_state == AUTOMOUNT_RUNNING) { - assert(a->pipe_fd >= 0); + assert(a->pipe_fd >= 0); - r = sd_event_add_io(u->manager->event, &a->pipe_event_source, a->pipe_fd, EPOLLIN, automount_dispatch_io, u); - if (r < 0) - return r; + r = sd_event_add_io(u->manager->event, &a->pipe_event_source, a->pipe_fd, EPOLLIN, automount_dispatch_io, u); + if (r < 0) + return r; - (void) sd_event_source_set_description(a->pipe_event_source, "automount-io"); - if (a->deserialized_state == AUTOMOUNT_RUNNING) { - r = automount_start_expire(a); - if (r < 0) - log_unit_warning_errno(UNIT(a), r, "Failed to start expiration timer, ignoring: %m"); - } + (void) sd_event_source_set_description(a->pipe_event_source, "automount-io"); + if (a->deserialized_state == AUTOMOUNT_RUNNING) { + r = automount_start_expire(a); + if (r < 0) + log_unit_warning_errno(UNIT(a), r, "Failed to start expiration timer, ignoring: %m"); } automount_set_state(a, a->deserialized_state); @@ -733,6 +749,12 @@ static void automount_enter_runnning(Automount *a) { assert(a); + /* If the user masked our unit in the meantime, fail */ + if (UNIT(a)->load_state != UNIT_LOADED) { + log_unit_error(UNIT(a), "Suppressing automount event since unit is no longer loaded."); + goto fail; + } + /* We don't take mount requests anymore if we are supposed to * shut down anyway */ if (unit_stop_pending(UNIT(a))) { diff --git a/src/core/service.c b/src/core/service.c index 5581ec8b06..74054887b9 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -849,11 +849,8 @@ static int service_load_pid_file(Service *s, bool may_warn) { return r; r = unit_watch_pid(UNIT(s), pid); - if (r < 0) { - /* FIXME: we need to do something here */ - log_unit_warning_errno(UNIT(s), r, "Failed to watch PID "PID_FMT" for service: %m", pid); - return r; - } + if (r < 0) /* FIXME: we need to do something here */ + return log_unit_warning_errno(UNIT(s), r, "Failed to watch PID "PID_FMT" for service: %m", pid); return 0; } @@ -1374,8 +1371,7 @@ static int service_spawn( return r; r = unit_watch_pid(UNIT(s), pid); - if (r < 0) - /* FIXME: we need to do something here */ + if (r < 0) /* FIXME: we need to do something here */ return r; *_pid = pid; @@ -3097,6 +3093,8 @@ static void service_notify_message(Unit *u, pid_t pid, char **tags, FDSet *fds) log_unit_warning(u, "Failed to parse MAINPID= field in notification message: %s", e); else if (pid == s->control_pid) log_unit_warning(u, "A control process cannot also be the main process"); + else if (pid == getpid() || pid == 1) + log_unit_warning(u, "Service manager can't be main process, ignoring sd_notify() MAINPID= field"); else { service_set_main_pid(s, pid); unit_watch_pid(UNIT(s), pid); @@ -3286,7 +3284,7 @@ static void service_bus_name_owner_change( if (r >= 0) r = sd_bus_creds_get_pid(creds, &pid); if (r >= 0) { - log_unit_debug(u, "D-Bus name %s is now owned by process %u", name, (unsigned) pid); + log_unit_debug(u, "D-Bus name %s is now owned by process " PID_FMT, name, pid); service_set_main_pid(s, pid); unit_watch_pid(UNIT(s), pid); diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 23bf014929..b58b6db7c9 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -144,13 +144,17 @@ static int create_disk( } } - if (is_device_path(u)) + if (is_device_path(u)) { fprintf(f, "BindsTo=%s\n" "After=%s\n" "Before=umount.target\n", d, d); - else + + if (swap) + fputs("Before=dev-mapper-%i.swap\n", + f); + } else fprintf(f, "RequiresMountsFor=%s\n", u); diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c index a8df3dd2ed..fe0aa00efb 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -202,6 +202,7 @@ static const char* fallback_chassis(void) { return "tablet"; case 0x1F: /* Convertible */ + case 0x20: /* Detachable */ return "convertible"; } diff --git a/src/resolve/resolved-dns-trust-anchor.c b/src/resolve/resolved-dns-trust-anchor.c index 7e08cba4e1..7e9f9e5a20 100644 --- a/src/resolve/resolved-dns-trust-anchor.c +++ b/src/resolve/resolved-dns-trust-anchor.c @@ -35,11 +35,16 @@ static const char trust_anchor_dirs[] = CONF_PATHS_NULSTR("dnssec-trust-anchors.d"); -/* The DS RR from https://data.iana.org/root-anchors/root-anchors.xml, retrieved December 2015 */ -static const uint8_t root_digest[] = +/* The first DS RR from https://data.iana.org/root-anchors/root-anchors.xml, retrieved December 2015 */ +static const uint8_t root_digest1[] = { 0x49, 0xAA, 0xC1, 0x1D, 0x7B, 0x6F, 0x64, 0x46, 0x70, 0x2E, 0x54, 0xA1, 0x60, 0x73, 0x71, 0x60, 0x7A, 0x1A, 0x41, 0x85, 0x52, 0x00, 0xFD, 0x2C, 0xE1, 0xCD, 0xDE, 0x32, 0xF2, 0x4E, 0x8F, 0xB5 }; +/* The second DS RR from https://data.iana.org/root-anchors/root-anchors.xml, retrieved February 2017 */ +static const uint8_t root_digest2[] = + { 0xE0, 0x6D, 0x44, 0xB8, 0x0B, 0x8F, 0x1D, 0x39, 0xA9, 0x5C, 0x0B, 0x0D, 0x7C, 0x65, 0xD0, 0x84, + 0x58, 0xE8, 0x80, 0x40, 0x9B, 0xBC, 0x68, 0x34, 0x57, 0x10, 0x42, 0x37, 0xC7, 0xF8, 0xEC, 0x8D }; + static bool dns_trust_anchor_knows_domain_positive(DnsTrustAnchor *d, const char *name) { assert(d); @@ -51,9 +56,40 @@ static bool dns_trust_anchor_knows_domain_positive(DnsTrustAnchor *d, const char hashmap_contains(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DS, name)); } -static int dns_trust_anchor_add_builtin_positive(DnsTrustAnchor *d) { +static int add_root_ksk( + DnsAnswer *answer, + DnsResourceKey *key, + uint16_t key_tag, + uint8_t algorithm, + uint8_t digest_type, + const void *digest, + size_t digest_size) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; + int r; + + rr = dns_resource_record_new(key); + if (!rr) + return -ENOMEM; + + rr->ds.key_tag = key_tag; + rr->ds.algorithm = algorithm; + rr->ds.digest_type = digest_type; + rr->ds.digest_size = digest_size; + rr->ds.digest = memdup(digest, rr->ds.digest_size); + if (!rr->ds.digest) + return -ENOMEM; + + r = dns_answer_add(answer, rr, 0, DNS_ANSWER_AUTHENTICATED); + if (r < 0) + return r; + + return 0; +} + +static int dns_trust_anchor_add_builtin_positive(DnsTrustAnchor *d) { _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL; + _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; int r; assert(d); @@ -62,35 +98,29 @@ static int dns_trust_anchor_add_builtin_positive(DnsTrustAnchor *d) { if (r < 0) return r; - /* Only add the built-in trust anchor if there's neither a DS - * nor a DNSKEY defined for the root domain. That way users - * have an easy way to override the root domain DS/DNSKEY - * data. */ + /* Only add the built-in trust anchor if there's neither a DS nor a DNSKEY defined for the root domain. That + * way users have an easy way to override the root domain DS/DNSKEY data. */ if (dns_trust_anchor_knows_domain_positive(d, ".")) return 0; - /* Add the RR from https://data.iana.org/root-anchors/root-anchors.xml */ - rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, ""); - if (!rr) + key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_DS, ""); + if (!key) return -ENOMEM; - rr->ds.key_tag = 19036; - rr->ds.algorithm = DNSSEC_ALGORITHM_RSASHA256; - rr->ds.digest_type = DNSSEC_DIGEST_SHA256; - rr->ds.digest_size = sizeof(root_digest); - rr->ds.digest = memdup(root_digest, rr->ds.digest_size); - if (!rr->ds.digest) - return -ENOMEM; - - answer = dns_answer_new(1); + answer = dns_answer_new(2); if (!answer) return -ENOMEM; - r = dns_answer_add(answer, rr, 0, DNS_ANSWER_AUTHENTICATED); + /* Add the two RRs from https://data.iana.org/root-anchors/root-anchors.xml */ + r = add_root_ksk(answer, key, 19036, DNSSEC_ALGORITHM_RSASHA256, DNSSEC_DIGEST_SHA256, root_digest1, sizeof(root_digest1)); + if (r < 0) + return r; + + r = add_root_ksk(answer, key, 20326, DNSSEC_ALGORITHM_RSASHA256, DNSSEC_DIGEST_SHA256, root_digest2, sizeof(root_digest2)); if (r < 0) return r; - r = hashmap_put(d->positive_by_key, rr->key, answer); + r = hashmap_put(d->positive_by_key, key, answer); if (r < 0) return r; |