diff options
Diffstat (limited to 'src')
30 files changed, 731 insertions, 150 deletions
diff --git a/src/basic/clock-util.c b/src/basic/clock-util.c index 05788a360e..c64b2e5e8c 100644 --- a/src/basic/clock-util.c +++ b/src/basic/clock-util.c @@ -146,3 +146,17 @@ int clock_reset_timewarp(void) { return 0; } + +#define TIME_EPOCH_USEC ((usec_t) TIME_EPOCH * USEC_PER_SEC) + +int clock_apply_epoch(void) { + struct timespec ts; + + if (now(CLOCK_REALTIME) >= TIME_EPOCH_USEC) + return 0; + + if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, TIME_EPOCH_USEC)) < 0) + return -errno; + + return 1; +} diff --git a/src/basic/clock-util.h b/src/basic/clock-util.h index fef2d471a6..09d46758f4 100644 --- a/src/basic/clock-util.h +++ b/src/basic/clock-util.h @@ -28,3 +28,4 @@ int clock_set_timezone(int *min); int clock_reset_timewarp(void); int clock_get_hwclock(struct tm *tm); int clock_set_hwclock(const struct tm *tm); +int clock_apply_epoch(void); diff --git a/src/basic/time-util.c b/src/basic/time-util.c index bfc7cf870c..293442cf0e 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c @@ -117,9 +117,8 @@ dual_timestamp* dual_timestamp_from_boottime_or_monotonic(dual_timestamp *ts, us ts->realtime = ts->monotonic = USEC_INFINITY; return ts; } - ts->realtime = now(CLOCK_REALTIME); - ts->monotonic = now(CLOCK_MONOTONIC); + dual_timestamp_get(ts); delta = (int64_t) now(clock_boottime_or_monotonic()) - (int64_t) u; if ((int64_t) ts->realtime > delta) diff --git a/src/basic/time-util.h b/src/basic/time-util.h index b37d5ad5dc..9c7758a959 100644 --- a/src/basic/time-util.h +++ b/src/basic/time-util.h @@ -69,7 +69,7 @@ typedef struct dual_timestamp { #define FORMAT_TIMESTAMP_RELATIVE_MAX 256 #define FORMAT_TIMESPAN_MAX 64 -#define TIME_T_MAX (time_t)((1UL << ((sizeof(time_t) << 3) - 1)) - 1) +#define TIME_T_MAX (time_t)((UINTMAX_C(1) << ((sizeof(time_t) << 3) - 1)) - 1) #define DUAL_TIMESTAMP_NULL ((struct dual_timestamp) { 0ULL, 0ULL }) diff --git a/src/core/busname.c b/src/core/busname.c index ed083a8412..4b0cad8db4 100644 --- a/src/core/busname.c +++ b/src/core/busname.c @@ -972,17 +972,21 @@ static int busname_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) { return unit_kill_common(u, who, signo, -1, BUSNAME(u)->control_pid, error); } -static int busname_get_timeout(Unit *u, uint64_t *timeout) { +static int busname_get_timeout(Unit *u, usec_t *timeout) { BusName *n = BUSNAME(u); + usec_t t; int r; if (!n->timer_event_source) return 0; - r = sd_event_source_get_time(n->timer_event_source, timeout); + r = sd_event_source_get_time(n->timer_event_source, &t); if (r < 0) return r; + if (t == USEC_INFINITY) + return 0; + *timeout = t; return 1; } diff --git a/src/core/job.c b/src/core/job.c index 1dcb872019..b1737c8110 100644 --- a/src/core/job.c +++ b/src/core/job.c @@ -1165,10 +1165,10 @@ void job_shutdown_magic(Job *j) { asynchronous_sync(); } -int job_get_timeout(Job *j, uint64_t *timeout) { +int job_get_timeout(Job *j, usec_t *timeout) { + usec_t x = USEC_INFINITY, y = USEC_INFINITY; Unit *u = j->unit; - uint64_t x = -1, y = -1; - int r = 0, q = 0; + int r; assert(u); @@ -1176,20 +1176,18 @@ int job_get_timeout(Job *j, uint64_t *timeout) { r = sd_event_source_get_time(j->timer_event_source, &x); if (r < 0) return r; - r = 1; } if (UNIT_VTABLE(u)->get_timeout) { - q = UNIT_VTABLE(u)->get_timeout(u, &y); - if (q < 0) - return q; + r = UNIT_VTABLE(u)->get_timeout(u, &y); + if (r < 0) + return r; } - if (r == 0 && q == 0) + if (x == USEC_INFINITY && y == USEC_INFINITY) return 0; *timeout = MIN(x, y); - return 1; } diff --git a/src/core/job.h b/src/core/job.h index bbf5471e8b..4c19ad0c6a 100644 --- a/src/core/job.h +++ b/src/core/job.h @@ -227,6 +227,8 @@ char *job_dbus_path(Job *j); void job_shutdown_magic(Job *j); +int job_get_timeout(Job *j, usec_t *timeout) _pure_; + const char* job_type_to_string(JobType t) _const_; JobType job_type_from_string(const char *s) _pure_; @@ -239,6 +241,4 @@ JobMode job_mode_from_string(const char *s) _pure_; const char* job_result_to_string(JobResult t) _const_; JobResult job_result_from_string(const char *s) _pure_; -int job_get_timeout(Job *j, uint64_t *timeout) _pure_; - const char* job_type_to_access_method(JobType t); diff --git a/src/core/main.c b/src/core/main.c index 99ef723fcb..fb27e897e4 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1424,8 +1424,14 @@ int main(int argc, char *argv[]) { * saving time change. All kernel local time concepts will be treated * as UTC that way. */ - clock_reset_timewarp(); + (void) clock_reset_timewarp(); } + + r = clock_apply_epoch(); + if (r < 0) + log_error_errno(r, "Current system time is before build time, but cannot correct: %m"); + else if (r > 0) + log_info("System time before build time, advancing clock."); } /* Set the default for later on, but don't actually diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index 7a06c24016..321a52c30e 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -158,11 +158,13 @@ static int mount_one(const MountPoint *p, bool relabel) { /* Relabel first, just in case */ if (relabel) - label_fix(p->where, true, true); + (void) label_fix(p->where, true, true); r = path_is_mount_point(p->where, AT_SYMLINK_FOLLOW); - if (r < 0 && r != -ENOENT) - return r; + if (r < 0 && r != -ENOENT) { + log_full_errno((p->mode & MNT_FATAL) ? LOG_ERR : LOG_DEBUG, r, "Failed to determine whether %s is a mount point: %m", p->where); + return (p->mode & MNT_FATAL) ? r : 0; + } if (r > 0) return 0; @@ -173,9 +175,9 @@ static int mount_one(const MountPoint *p, bool relabel) { /* The access mode here doesn't really matter too much, since * the mounted file system will take precedence anyway. */ if (relabel) - mkdir_p_label(p->where, 0755); + (void) mkdir_p_label(p->where, 0755); else - mkdir_p(p->where, 0755); + (void) mkdir_p(p->where, 0755); log_debug("Mounting %s to %s of type %s with options %s.", p->what, @@ -188,13 +190,13 @@ static int mount_one(const MountPoint *p, bool relabel) { p->type, p->flags, p->options) < 0) { - log_full((p->mode & MNT_FATAL) ? LOG_ERR : LOG_DEBUG, "Failed to mount %s at %s: %m", p->type, p->where); + log_full_errno((p->mode & MNT_FATAL) ? LOG_ERR : LOG_DEBUG, errno, "Failed to mount %s at %s: %m", p->type, p->where); return (p->mode & MNT_FATAL) ? -errno : 0; } /* Relabel again, since we now mounted something fresh here */ if (relabel) - label_fix(p->where, false, false); + (void) label_fix(p->where, false, false); return 1; } diff --git a/src/core/mount.c b/src/core/mount.c index 7e3a6d578f..e0bd09bbbb 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -1556,17 +1556,21 @@ static void mount_shutdown(Manager *m) { m->mount_monitor = NULL; } -static int mount_get_timeout(Unit *u, uint64_t *timeout) { +static int mount_get_timeout(Unit *u, usec_t *timeout) { Mount *m = MOUNT(u); + usec_t t; int r; if (!m->timer_event_source) return 0; - r = sd_event_source_get_time(m->timer_event_source, timeout); + r = sd_event_source_get_time(m->timer_event_source, &t); if (r < 0) return r; + if (t == USEC_INFINITY) + return 0; + *timeout = t; return 1; } diff --git a/src/core/scope.c b/src/core/scope.c index 7cddee23b8..7dd437d204 100644 --- a/src/core/scope.c +++ b/src/core/scope.c @@ -345,17 +345,21 @@ static int scope_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) { return unit_kill_common(u, who, signo, -1, -1, error); } -static int scope_get_timeout(Unit *u, uint64_t *timeout) { +static int scope_get_timeout(Unit *u, usec_t *timeout) { Scope *s = SCOPE(u); + usec_t t; int r; if (!s->timer_event_source) return 0; - r = sd_event_source_get_time(s->timer_event_source, timeout); + r = sd_event_source_get_time(s->timer_event_source, &t); if (r < 0) return r; + if (t == USEC_INFINITY) + return 0; + *timeout = t; return 1; } diff --git a/src/core/service.c b/src/core/service.c index a9345e38b9..02ce1a566a 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -1635,6 +1635,8 @@ static void service_enter_running(Service *s, ServiceResult f) { if (f != SERVICE_SUCCESS) s->result = f; + service_unwatch_control_pid(s); + if (service_good(s)) { /* If there are any queued up sd_notify() @@ -2788,7 +2790,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) { case SERVICE_START_POST: if (f != SERVICE_SUCCESS) { - service_enter_stop(s, f); + service_enter_signal(s, SERVICE_STOP_SIGTERM, f); break; } @@ -2878,7 +2880,7 @@ static int service_dispatch_timer(sd_event_source *source, usec_t usec, void *us case SERVICE_START_POST: log_unit_warning(UNIT(s), "Start-post operation timed out. Stopping."); - service_enter_stop(s, SERVICE_FAILURE_TIMEOUT); + service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_TIMEOUT); break; case SERVICE_RUNNING: @@ -2887,8 +2889,7 @@ static int service_dispatch_timer(sd_event_source *source, usec_t usec, void *us break; case SERVICE_RELOAD: - log_unit_warning(UNIT(s), "Reload operation timed out. Stopping."); - service_unwatch_control_pid(s); + log_unit_warning(UNIT(s), "Reload operation timed out. Killing reload process."); service_kill_control_processes(s); s->reload_result = SERVICE_FAILURE_TIMEOUT; service_enter_running(s, SERVICE_SUCCESS); @@ -3110,17 +3111,21 @@ static void service_notify_message(Unit *u, pid_t pid, char **tags, FDSet *fds) unit_add_to_dbus_queue(u); } -static int service_get_timeout(Unit *u, uint64_t *timeout) { +static int service_get_timeout(Unit *u, usec_t *timeout) { Service *s = SERVICE(u); + uint64_t t; int r; if (!s->timer_event_source) return 0; - r = sd_event_source_get_time(s->timer_event_source, timeout); + r = sd_event_source_get_time(s->timer_event_source, &t); if (r < 0) return r; + if (t == USEC_INFINITY) + return 0; + *timeout = t; return 1; } diff --git a/src/core/socket.c b/src/core/socket.c index 740b748d65..f0d65577e3 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -2770,17 +2770,21 @@ static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) { return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error); } -static int socket_get_timeout(Unit *u, uint64_t *timeout) { +static int socket_get_timeout(Unit *u, usec_t *timeout) { Socket *s = SOCKET(u); + usec_t t; int r; if (!s->timer_event_source) return 0; - r = sd_event_source_get_time(s->timer_event_source, timeout); + r = sd_event_source_get_time(s->timer_event_source, &t); if (r < 0) return r; + if (t == USEC_INFINITY) + return 0; + *timeout = t; return 1; } diff --git a/src/core/swap.c b/src/core/swap.c index d895e3ced1..b663a029eb 100644 --- a/src/core/swap.c +++ b/src/core/swap.c @@ -1396,17 +1396,21 @@ static int swap_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) { return unit_kill_common(u, who, signo, -1, SWAP(u)->control_pid, error); } -static int swap_get_timeout(Unit *u, uint64_t *timeout) { +static int swap_get_timeout(Unit *u, usec_t *timeout) { Swap *s = SWAP(u); + usec_t t; int r; if (!s->timer_event_source) return 0; - r = sd_event_source_get_time(s->timer_event_source, timeout); + r = sd_event_source_get_time(s->timer_event_source, &t); if (r < 0) return r; + if (t == USEC_INFINITY) + return 0; + *timeout = t; return 1; } diff --git a/src/core/unit.h b/src/core/unit.h index f86a0f687b..8712e03133 100644 --- a/src/core/unit.h +++ b/src/core/unit.h @@ -379,7 +379,8 @@ struct UnitVTable { /* Called whenever CLOCK_REALTIME made a jump */ void (*time_change)(Unit *u); - int (*get_timeout)(Unit *u, uint64_t *timeout); + /* Returns the next timeout of a unit */ + int (*get_timeout)(Unit *u, usec_t *timeout); /* This is called for each unit type and should be used to * enumerate existing devices and load them. However, diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c index a1bad9fcbe..9086ca5dd7 100644 --- a/src/gpt-auto-generator/gpt-auto-generator.c +++ b/src/gpt-auto-generator/gpt-auto-generator.c @@ -515,14 +515,15 @@ static int add_boot(const char *what) { return log_error_errno(errno ?: EIO, "Failed to probe %s: %m", what); (void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL); - if (!streq(fstype, "vfat")) { + if (!streq_ptr(fstype, "vfat")) { log_debug("Partition for /boot is not a FAT filesystem, ignoring."); return 0; } + errno = 0; r = blkid_probe_lookup_value(b, "PART_ENTRY_UUID", &uuid, NULL); if (r != 0) { - log_debug_errno(r, "Partition for /boot does not have a UUID, ignoring. %m"); + log_debug_errno(errno, "Partition for /boot does not have a UUID, ignoring."); return 0; } diff --git a/src/journal/catalog.c b/src/journal/catalog.c index fcaa54aa0c..ddec6bd503 100644 --- a/src/journal/catalog.c +++ b/src/journal/catalog.c @@ -94,25 +94,87 @@ const struct hash_ops catalog_hash_ops = { .compare = catalog_compare_func }; +static bool next_header(const char **s) { + const char *e; + + e = strchr(*s, '\n'); + + /* Unexpected end */ + if (!e) + return false; + + /* End of headers */ + if (e == *s) + return false; + + *s = e + 1; + return true; +} + +static const char *skip_header(const char *s) { + while (next_header(&s)) + ; + return s; +} + +static char *combine_entries(const char *one, const char *two) { + const char *b1, *b2; + size_t l1, l2, n; + char *dest, *p; + + /* Find split point of headers to body */ + b1 = skip_header(one); + b2 = skip_header(two); + + l1 = strlen(one); + l2 = strlen(two); + dest = new(char, l1 + l2 + 1); + if (!dest) { + log_oom(); + return NULL; + } + + p = dest; + + /* Headers from @one */ + n = b1 - one; + p = mempcpy(p, one, n); + + /* Headers from @two, these will only be found if not present above */ + n = b2 - two; + p = mempcpy(p, two, n); + + /* Body from @one */ + n = l1 - (b1 - one); + if (n > 0) { + memcpy(p, b1, n); + p += n; + + /* Body from @two */ + } else { + n = l2 - (b2 - two); + memcpy(p, b2, n); + p += n; + } + + assert(p - dest <= (ptrdiff_t)(l1 + l2)); + p[0] = '\0'; + return dest; +} + static int finish_item( Hashmap *h, - struct strbuf *sb, sd_id128_t id, const char *language, - const char *payload) { + char *payload) { - ssize_t offset; _cleanup_free_ CatalogItem *i = NULL; + _cleanup_free_ char *combined = NULL, *prev = NULL; int r; assert(h); - assert(sb); assert(payload); - offset = strbuf_add_string(sb, payload, strlen(payload)); - if (offset < 0) - return log_oom(); - i = new0(CatalogItem, 1); if (!i) return log_oom(); @@ -122,17 +184,27 @@ static int finish_item( assert(strlen(language) > 1 && strlen(language) < 32); strcpy(i->language, language); } - i->offset = htole64((uint64_t) offset); - r = hashmap_put(h, i, i); - if (r == -EEXIST) { - log_warning("Duplicate entry for " SD_ID128_FORMAT_STR ".%s, ignoring.", - SD_ID128_FORMAT_VAL(id), language ? language : "C"); - return 0; - } else if (r < 0) - return r; + prev = hashmap_get(h, i); + + /* Already have such an item, combine them */ + if (prev) { + combined = combine_entries(payload, prev); + if (!combined) + return log_oom(); + r = hashmap_update(h, i, combined); + if (r < 0) + return r; + combined = NULL; + + /* A new item */ + } else { + r = hashmap_put(h, i, payload); + if (r < 0) + return r; + i = NULL; + } - i = NULL; return 0; } @@ -189,7 +261,7 @@ static int catalog_entry_lang(const char* filename, int line, return 0; } -int catalog_import_file(Hashmap *h, struct strbuf *sb, const char *path) { +int catalog_import_file(Hashmap *h, const char *path) { _cleanup_fclose_ FILE *f = NULL; _cleanup_free_ char *payload = NULL; unsigned n = 0; @@ -199,7 +271,6 @@ int catalog_import_file(Hashmap *h, struct strbuf *sb, const char *path) { int r; assert(h); - assert(sb); assert(path); f = fopen(path, "re"); @@ -254,10 +325,11 @@ int catalog_import_file(Hashmap *h, struct strbuf *sb, const char *path) { if (sd_id128_from_string(line + 2 + 1, &jd) >= 0) { if (got_id) { - r = finish_item(h, sb, id, lang ?: deflang, payload); + r = finish_item(h, id, lang ?: deflang, payload); if (r < 0) return r; + payload = NULL; lang = mfree(lang); } @@ -310,9 +382,10 @@ int catalog_import_file(Hashmap *h, struct strbuf *sb, const char *path) { } if (got_id) { - r = finish_item(h, sb, id, lang ?: deflang, payload); + r = finish_item(h, id, lang ?: deflang, payload); if (r < 0) return r; + payload = NULL; } return 0; @@ -389,8 +462,10 @@ int catalog_update(const char* database, const char* root, const char* const* di _cleanup_strv_free_ char **files = NULL; char **f; struct strbuf *sb = NULL; - _cleanup_hashmap_free_free_ Hashmap *h = NULL; + _cleanup_hashmap_free_free_free_ Hashmap *h = NULL; _cleanup_free_ CatalogItem *items = NULL; + ssize_t offset; + char *payload; CatalogItem *i; Iterator j; unsigned n; @@ -413,7 +488,7 @@ int catalog_update(const char* database, const char* root, const char* const* di STRV_FOREACH(f, files) { log_debug("Reading file '%s'", *f); - r = catalog_import_file(h, sb, *f); + r = catalog_import_file(h, *f); if (r < 0) { log_error_errno(r, "Failed to import file '%s': %m", *f); goto finish; @@ -426,8 +501,6 @@ int catalog_update(const char* database, const char* root, const char* const* di } else log_debug("Found %u items in catalog.", hashmap_size(h)); - strbuf_complete(sb); - items = new(CatalogItem, hashmap_size(h)); if (!items) { r = log_oom(); @@ -435,16 +508,25 @@ int catalog_update(const char* database, const char* root, const char* const* di } n = 0; - HASHMAP_FOREACH(i, h, j) { + HASHMAP_FOREACH_KEY(payload, i, h, j) { log_debug("Found " SD_ID128_FORMAT_STR ", language %s", SD_ID128_FORMAT_VAL(i->id), isempty(i->language) ? "C" : i->language); + + offset = strbuf_add_string(sb, payload, strlen(payload)); + if (offset < 0) { + r = log_oom(); + goto finish; + } + i->offset = htole64((uint64_t) offset); items[n++] = *i; } assert(n == hashmap_size(h)); qsort_safe(items, n, sizeof(CatalogItem), catalog_compare_func); + strbuf_complete(sb); + sz = write_catalog(database, sb, items, n); if (sz < 0) r = log_error_errno(sz, "Failed to write %s: %m", database); @@ -587,7 +669,7 @@ finish: static char *find_header(const char *s, const char *header) { for (;;) { - const char *v, *e; + const char *v; v = startswith(s, header); if (v) { @@ -595,16 +677,8 @@ static char *find_header(const char *s, const char *header) { return strndup(v, strcspn(v, NEWLINE)); } - /* End of text */ - e = strchr(s, '\n'); - if (!e) + if (!next_header(&s)) return NULL; - - /* End of header */ - if (e == s) - return NULL; - - s = e + 1; } } diff --git a/src/journal/catalog.h b/src/journal/catalog.h index bcc73c2631..b3856d2de0 100644 --- a/src/journal/catalog.h +++ b/src/journal/catalog.h @@ -28,7 +28,7 @@ #include "hashmap.h" #include "strbuf.h" -int catalog_import_file(Hashmap *h, struct strbuf *sb, const char *path); +int catalog_import_file(Hashmap *h, const char *path); int catalog_update(const char* database, const char* root, const char* const* dirs); int catalog_get(const char* database, sd_id128_t id, char **data); int catalog_list(FILE *f, const char* database, bool oneline); diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c index eb4b092e80..a69672ce21 100644 --- a/src/journal/mmap-cache.c +++ b/src/journal/mmap-cache.c @@ -40,9 +40,9 @@ typedef struct FileDescriptor FileDescriptor; struct Window { MMapCache *cache; - bool invalidated; - bool keep_always; - bool in_unused; + bool invalidated:1; + bool keep_always:1; + bool in_unused:1; int prot; void *ptr; @@ -78,7 +78,6 @@ struct MMapCache { unsigned n_hit, n_missed; - Hashmap *fds; Context *contexts[MMAP_CACHE_MAX_CONTEXTS]; @@ -408,7 +407,7 @@ static int try_context( if (c->window->fd->sigbus) return -EIO; - c->window->keep_always |= keep_always; + c->window->keep_always = c->window->keep_always || keep_always; *ret = (uint8_t*) c->window->ptr + (offset - c->window->offset); return 1; @@ -454,7 +453,7 @@ static int find_mmap( return -ENOMEM; context_attach_window(c, w); - w->keep_always += keep_always; + w->keep_always = w->keep_always || keep_always; *ret = (uint8_t*) w->ptr + (offset - w->offset); return 1; diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c index 25980b7744..ae936f6419 100644 --- a/src/journal/test-catalog.c +++ b/src/journal/test-catalog.c @@ -46,61 +46,135 @@ static const char *no_catalog_dirs[] = { NULL }; -static void test_import(Hashmap *h, struct strbuf *sb, - const char* contents, ssize_t size, int code) { +static Hashmap * test_import(const char* contents, ssize_t size, int code) { int r; char name[] = "/tmp/test-catalog.XXXXXX"; _cleanup_close_ int fd; + Hashmap *h; + + if (size < 0) + size = strlen(contents); + + assert_se(h = hashmap_new(&catalog_hash_ops)); fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC); assert_se(fd >= 0); assert_se(write(fd, contents, size) == size); - r = catalog_import_file(h, sb, name); + r = catalog_import_file(h, name); assert_se(r == code); unlink(name); -} -static void test_catalog_importing(void) { - Hashmap *h; - struct strbuf *sb; + return h; +} - assert_se(h = hashmap_new(&catalog_hash_ops)); - assert_se(sb = strbuf_new()); +static void test_catalog_import_invalid(void) { + _cleanup_hashmap_free_free_free_ Hashmap *h = NULL; -#define BUF "xxx" - test_import(h, sb, BUF, sizeof(BUF), -EINVAL); -#undef BUF + h = test_import("xxx", -1, -EINVAL); assert_se(hashmap_isempty(h)); - log_debug("----------------------------------------"); +} -#define BUF \ +static void test_catalog_import_badid(void) { + _cleanup_hashmap_free_free_free_ Hashmap *h = NULL; + const char *input = "-- 0027229ca0644181a76c4e92458afaff dededededededededededededededede\n" \ "Subject: message\n" \ "\n" \ -"payload\n" - test_import(h, sb, BUF, sizeof(BUF), -EINVAL); -#undef BUF +"payload\n"; + h = test_import(input, -1, -EINVAL); +} - log_debug("----------------------------------------"); +static void test_catalog_import_one(void) { + _cleanup_hashmap_free_free_free_ Hashmap *h = NULL; + char *payload; + Iterator j; -#define BUF \ + const char *input = "-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \ "Subject: message\n" \ "\n" \ -"payload\n" - test_import(h, sb, BUF, sizeof(BUF), 0); -#undef BUF +"payload\n"; + const char *expect = +"Subject: message\n" \ +"\n" \ +"payload\n"; + h = test_import(input, -1, 0); assert_se(hashmap_size(h) == 1); - log_debug("----------------------------------------"); + HASHMAP_FOREACH(payload, h, j) { + assert_se(streq(expect, payload)); + } +} - hashmap_free_free(h); - strbuf_cleanup(sb); +static void test_catalog_import_merge(void) { + _cleanup_hashmap_free_free_free_ Hashmap *h = NULL; + char *payload; + Iterator j; + + const char *input = +"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \ +"Subject: message\n" \ +"Defined-By: me\n" \ +"\n" \ +"payload\n" \ +"\n" \ +"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \ +"Subject: override subject\n" \ +"X-Header: hello\n" \ +"\n" \ +"override payload\n"; + + const char *combined = +"Subject: override subject\n" \ +"X-Header: hello\n" \ +"Subject: message\n" \ +"Defined-By: me\n" \ +"\n" \ +"override payload\n"; + + h = test_import(input, -1, 0); + assert_se(hashmap_size(h) == 1); + + HASHMAP_FOREACH(payload, h, j) { + assert_se(streq(combined, payload)); + } } +static void test_catalog_import_merge_no_body(void) { + _cleanup_hashmap_free_free_free_ Hashmap *h = NULL; + char *payload; + Iterator j; + + const char *input = +"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \ +"Subject: message\n" \ +"Defined-By: me\n" \ +"\n" \ +"payload\n" \ +"\n" \ +"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \ +"Subject: override subject\n" \ +"X-Header: hello\n" \ +"\n"; + + const char *combined = +"Subject: override subject\n" \ +"X-Header: hello\n" \ +"Subject: message\n" \ +"Defined-By: me\n" \ +"\n" \ +"payload\n"; + + h = test_import(input, -1, 0); + assert_se(hashmap_size(h) == 1); + + HASHMAP_FOREACH(payload, h, j) { + assert_se(streq(combined, payload)); + } +} static const char* database = NULL; @@ -166,7 +240,11 @@ int main(int argc, char *argv[]) { test_catalog_file_lang(); - test_catalog_importing(); + test_catalog_import_invalid(); + test_catalog_import_badid(); + test_catalog_import_one(); + test_catalog_import_merge(); + test_catalog_import_merge_no_body(); test_catalog_update(); diff --git a/src/nspawn/nspawn-gperf.gperf b/src/nspawn/nspawn-gperf.gperf index 58f9f4c635..116655cdd2 100644 --- a/src/nspawn/nspawn-gperf.gperf +++ b/src/nspawn/nspawn-gperf.gperf @@ -15,7 +15,8 @@ struct ConfigPerfItem; %struct-type %includes %% -Exec.Boot, config_parse_tristate, 0, offsetof(Settings, boot) +Exec.Boot, config_parse_boot, 0, 0 +Exec.ProcessTwo, config_parse_pid2, 0, 0, Exec.Parameters, config_parse_strv, 0, offsetof(Settings, parameters) Exec.Environment, config_parse_strv, 0, offsetof(Settings, environment) Exec.User, config_parse_string, 0, offsetof(Settings, user) @@ -24,6 +25,7 @@ Exec.DropCapability, config_parse_capability, 0, offsetof(Settings, Exec.KillSignal, config_parse_signal, 0, offsetof(Settings, kill_signal) Exec.Personality, config_parse_personality, 0, offsetof(Settings, personality) Exec.MachineID, config_parse_id128, 0, offsetof(Settings, machine_id) +Exec.WorkingDirectory, config_parse_path, 0, offsetof(Settings, working_directory) Files.ReadOnly, config_parse_tristate, 0, offsetof(Settings, read_only) Files.Volatile, config_parse_volatile_mode, 0, offsetof(Settings, volatile_mode) Files.Bind, config_parse_bind, 0, 0 diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c index d6b64d8d5a..12524d3b89 100644 --- a/src/nspawn/nspawn-settings.c +++ b/src/nspawn/nspawn-settings.c @@ -24,6 +24,7 @@ #include "conf-parser.h" #include "nspawn-network.h" #include "nspawn-settings.h" +#include "parse-util.h" #include "process-util.h" #include "strv.h" #include "util.h" @@ -39,7 +40,7 @@ int settings_load(FILE *f, const char *path, Settings **ret) { if (!s) return -ENOMEM; - s->boot = -1; + s->start_mode = _START_MODE_INVALID; s->personality = PERSONALITY_INVALID; s->read_only = -1; @@ -74,6 +75,7 @@ Settings* settings_free(Settings *s) { strv_free(s->parameters); strv_free(s->environment); free(s->user); + free(s->working_directory); strv_free(s->network_interfaces); strv_free(s->network_macvlan); @@ -302,3 +304,93 @@ int config_parse_veth_extra( return 0; } + +int config_parse_boot( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Settings *settings = data; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + + r = parse_boolean(rvalue); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse Boot= parameter %s, ignoring: %m", rvalue); + return 0; + } + + if (r > 0) { + if (settings->start_mode == START_PID2) + goto conflict; + + settings->start_mode = START_BOOT; + } else { + if (settings->start_mode == START_BOOT) + goto conflict; + + if (settings->start_mode < 0) + settings->start_mode = START_PID1; + } + + return 0; + +conflict: + log_syntax(unit, LOG_ERR, filename, line, r, "Conflicting Boot= or ProcessTwo= setting found. Ignoring."); + return 0; +} + +int config_parse_pid2( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Settings *settings = data; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + + r = parse_boolean(rvalue); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse ProcessTwo= parameter %s, ignoring: %m", rvalue); + return 0; + } + + if (r > 0) { + if (settings->start_mode == START_BOOT) + goto conflict; + + settings->start_mode = START_PID2; + } else { + if (settings->start_mode == START_PID2) + goto conflict; + + if (settings->start_mode < 0) + settings->start_mode = START_PID1; + } + + return 0; + +conflict: + log_syntax(unit, LOG_ERR, filename, line, r, "Conflicting Boot= or ProcessTwo= setting found. Ignoring."); + return 0; +} diff --git a/src/nspawn/nspawn-settings.h b/src/nspawn/nspawn-settings.h index 10230a5b83..fdb07486da 100644 --- a/src/nspawn/nspawn-settings.h +++ b/src/nspawn/nspawn-settings.h @@ -27,25 +27,34 @@ #include "nspawn-expose-ports.h" #include "nspawn-mount.h" +typedef enum StartMode { + START_PID1, /* Run parameters as command line as process 1 */ + START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */ + START_BOOT, /* Search for init system, pass arguments as parameters */ + _START_MODE_MAX, + _START_MODE_INVALID = -1 +} StartMode; + typedef enum SettingsMask { - SETTING_BOOT = 1 << 0, - SETTING_ENVIRONMENT = 1 << 1, - SETTING_USER = 1 << 2, - SETTING_CAPABILITY = 1 << 3, - SETTING_KILL_SIGNAL = 1 << 4, - SETTING_PERSONALITY = 1 << 5, - SETTING_MACHINE_ID = 1 << 6, - SETTING_NETWORK = 1 << 7, - SETTING_EXPOSE_PORTS = 1 << 8, - SETTING_READ_ONLY = 1 << 9, - SETTING_VOLATILE_MODE = 1 << 10, - SETTING_CUSTOM_MOUNTS = 1 << 11, - _SETTINGS_MASK_ALL = (1 << 12) -1 + SETTING_START_MODE = 1 << 0, + SETTING_ENVIRONMENT = 1 << 1, + SETTING_USER = 1 << 2, + SETTING_CAPABILITY = 1 << 3, + SETTING_KILL_SIGNAL = 1 << 4, + SETTING_PERSONALITY = 1 << 5, + SETTING_MACHINE_ID = 1 << 6, + SETTING_NETWORK = 1 << 7, + SETTING_EXPOSE_PORTS = 1 << 8, + SETTING_READ_ONLY = 1 << 9, + SETTING_VOLATILE_MODE = 1 << 10, + SETTING_CUSTOM_MOUNTS = 1 << 11, + SETTING_WORKING_DIRECTORY = 1 << 12, + _SETTINGS_MASK_ALL = (1 << 13) -1 } SettingsMask; typedef struct Settings { /* [Run] */ - int boot; + StartMode start_mode; char **parameters; char **environment; char *user; @@ -54,6 +63,7 @@ typedef struct Settings { int kill_signal; unsigned long personality; sd_id128_t machine_id; + char *working_directory; /* [Image] */ int read_only; @@ -89,3 +99,5 @@ int config_parse_volatile_mode(const char *unit, const char *filename, unsigned int config_parse_bind(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); int config_parse_tmpfs(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); int config_parse_veth_extra(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); +int config_parse_boot(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); +int config_parse_pid2(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); diff --git a/src/nspawn/nspawn-stub-pid1.c b/src/nspawn/nspawn-stub-pid1.c new file mode 100644 index 0000000000..2de87e3c63 --- /dev/null +++ b/src/nspawn/nspawn-stub-pid1.c @@ -0,0 +1,170 @@ +/*** + This file is part of systemd. + + Copyright 2016 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <sys/reboot.h> +#include <sys/unistd.h> +#include <sys/wait.h> + +#include "fd-util.h" +#include "log.h" +#include "nspawn-stub-pid1.h" +#include "process-util.h" +#include "signal-util.h" +#include "time-util.h" +#include "def.h" + +int stub_pid1(void) { + enum { + STATE_RUNNING, + STATE_REBOOT, + STATE_POWEROFF, + } state = STATE_RUNNING; + + sigset_t fullmask, oldmask, waitmask; + usec_t quit_usec = USEC_INFINITY; + pid_t pid; + int r; + + /* Implements a stub PID 1, that reaps all processes and processes a couple of standard signals. This is useful + * for allowing arbitrary processes run in a container, and still have all zombies reaped. */ + + assert_se(sigfillset(&fullmask) >= 0); + assert_se(sigprocmask(SIG_BLOCK, &fullmask, &oldmask) >= 0); + + pid = fork(); + if (pid < 0) + return log_error_errno(errno, "Failed to fork child pid: %m"); + + if (pid == 0) { + /* Return in the child */ + assert_se(sigprocmask(SIG_SETMASK, &oldmask, NULL) >= 0); + setsid(); + return 0; + } + + reset_all_signal_handlers(); + + log_close(); + close_all_fds(NULL, 0); + log_open(); + + rename_process("STUBINIT"); + + assert_se(sigemptyset(&waitmask) >= 0); + assert_se(sigset_add_many(&waitmask, + SIGCHLD, /* posix: process died */ + SIGINT, /* sysv: ctrl-alt-del */ + SIGRTMIN+3, /* systemd: halt */ + SIGRTMIN+4, /* systemd: poweroff */ + SIGRTMIN+5, /* systemd: reboot */ + SIGRTMIN+6, /* systemd: kexec */ + SIGRTMIN+13, /* systemd: halt */ + SIGRTMIN+14, /* systemd: poweroff */ + SIGRTMIN+15, /* systemd: reboot */ + SIGRTMIN+16, /* systemd: kexec */ + -1) >= 0); + + /* Note that we ignore SIGTERM (sysv's reexec), SIGHUP (reload), and all other signals here, since we don't + * support reexec/reloading in this stub process. */ + + for (;;) { + siginfo_t si; + usec_t current_usec; + + si.si_pid = 0; + r = waitid(P_ALL, 0, &si, WEXITED|WNOHANG); + if (r < 0) { + r = log_error_errno(errno, "Failed to reap children: %m"); + goto finish; + } + + current_usec = now(CLOCK_MONOTONIC); + + if (si.si_pid == pid || current_usec >= quit_usec) { + + /* The child we started ourselves died or we reached a timeout. */ + + if (state == STATE_REBOOT) { /* dispatch a queued reboot */ + (void) reboot(RB_AUTOBOOT); + r = log_error_errno(errno, "Failed to reboot: %m"); + goto finish; + + } else if (state == STATE_POWEROFF) + (void) reboot(RB_POWER_OFF); /* if this fails, fall back to normal exit. */ + + if (si.si_pid == pid && si.si_code == CLD_EXITED) + r = si.si_status; /* pass on exit code */ + else + r = 255; /* signal, coredump, timeout, … */ + + goto finish; + } + if (si.si_pid != 0) + /* We reaped something. Retry until there's nothing more to reap. */ + continue; + + if (quit_usec == USEC_INFINITY) + r = sigwaitinfo(&waitmask, &si); + else { + struct timespec ts; + r = sigtimedwait(&waitmask, &si, timespec_store(&ts, quit_usec - current_usec)); + } + if (r < 0) { + if (errno == EINTR) /* strace -p attach can result in EINTR, let's handle this nicely. */ + continue; + if (errno == EAGAIN) /* timeout reached */ + continue; + + r = log_error_errno(errno, "Failed to wait for signal: %m"); + goto finish; + } + + if (si.si_signo == SIGCHLD) + continue; /* Let's reap this */ + + if (state != STATE_RUNNING) + continue; + + /* Would love to use a switch() statement here, but SIGRTMIN is actually a function call, not a + * constant… */ + + if (si.si_signo == SIGRTMIN+3 || + si.si_signo == SIGRTMIN+4 || + si.si_signo == SIGRTMIN+13 || + si.si_signo == SIGRTMIN+14) + + state = STATE_POWEROFF; + + else if (si.si_signo == SIGINT || + si.si_signo == SIGRTMIN+5 || + si.si_signo == SIGRTMIN+6 || + si.si_signo == SIGRTMIN+15 || + si.si_signo == SIGRTMIN+16) + + state = STATE_REBOOT; + else + assert_not_reached("Got unexpected signal"); + + /* (void) kill_and_sigcont(pid, SIGTERM); */ + quit_usec = now(CLOCK_MONOTONIC) + DEFAULT_TIMEOUT_USEC; + } + +finish: + _exit(r < 0 ? EXIT_FAILURE : r); +} diff --git a/src/nspawn/nspawn-stub-pid1.h b/src/nspawn/nspawn-stub-pid1.h new file mode 100644 index 0000000000..36c1aaf5dd --- /dev/null +++ b/src/nspawn/nspawn-stub-pid1.h @@ -0,0 +1,22 @@ +#pragma once + +/*** + This file is part of systemd. + + Copyright 2016 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +int stub_pid1(void); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 9dd4c051b2..370161e9bf 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -79,6 +79,7 @@ #include "nspawn-register.h" #include "nspawn-settings.h" #include "nspawn-setuid.h" +#include "nspawn-stub-pid1.h" #include "parse-util.h" #include "path-util.h" #include "process-util.h" @@ -114,6 +115,7 @@ typedef enum LinkJournal { static char *arg_directory = NULL; static char *arg_template = NULL; +static char *arg_chdir = NULL; static char *arg_user = NULL; static sd_id128_t arg_uuid = {}; static char *arg_machine = NULL; @@ -122,7 +124,7 @@ static const char *arg_selinux_apifs_context = NULL; static const char *arg_slice = NULL; static bool arg_private_network = false; static bool arg_read_only = false; -static bool arg_boot = false; +static StartMode arg_start_mode = START_PID1; static bool arg_ephemeral = false; static LinkJournal arg_link_journal = LINK_AUTO; static bool arg_link_journal_try = false; @@ -192,7 +194,9 @@ static void help(void) { " -x --ephemeral Run container with snapshot of root directory, and\n" " remove it after exit\n" " -i --image=PATH File system device or disk image for the container\n" + " -a --as-pid2 Maintain a stub init as PID1, invoke binary as PID2\n" " -b --boot Boot up full system (i.e. invoke init)\n" + " --chdir=PATH Set working directory in the container\n" " -u --user=USER Run the command under specified user or uid\n" " -M --machine=NAME Set the machine name for the container\n" " --uuid=UUID Set a specific machine UUID for the container\n" @@ -231,8 +235,8 @@ static void help(void) { " capability\n" " --drop-capability=CAP Drop the specified capability from the default set\n" " --kill-signal=SIGNAL Select signal to use for shutting down PID 1\n" - " --link-journal=MODE Link up guest journal, one of no, auto, guest, host,\n" - " try-guest, try-host\n" + " --link-journal=MODE Link up guest journal, one of no, auto, guest, \n" + " host, try-guest, try-host\n" " -j Equivalent to --link-journal=try-guest\n" " --read-only Mount the root directory read-only\n" " --bind=PATH[:PATH[:OPTIONS]]\n" @@ -345,6 +349,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_PRIVATE_USERS, ARG_KILL_SIGNAL, ARG_SETTINGS, + ARG_CHDIR, }; static const struct option options[] = { @@ -355,6 +360,7 @@ static int parse_argv(int argc, char *argv[]) { { "ephemeral", no_argument, NULL, 'x' }, { "user", required_argument, NULL, 'u' }, { "private-network", no_argument, NULL, ARG_PRIVATE_NETWORK }, + { "as-pid2", no_argument, NULL, 'a' }, { "boot", no_argument, NULL, 'b' }, { "uuid", required_argument, NULL, ARG_UUID }, { "read-only", no_argument, NULL, ARG_READ_ONLY }, @@ -389,6 +395,7 @@ static int parse_argv(int argc, char *argv[]) { { "private-users", optional_argument, NULL, ARG_PRIVATE_USERS }, { "kill-signal", required_argument, NULL, ARG_KILL_SIGNAL }, { "settings", required_argument, NULL, ARG_SETTINGS }, + { "chdir", required_argument, NULL, ARG_CHDIR }, {} }; @@ -400,7 +407,7 @@ static int parse_argv(int argc, char *argv[]) { assert(argc >= 0); assert(argv); - while ((c = getopt_long(argc, argv, "+hD:u:bL:M:jS:Z:qi:xp:n", options, NULL)) >= 0) + while ((c = getopt_long(argc, argv, "+hD:u:abL:M:jS:Z:qi:xp:n", options, NULL)) >= 0) switch (c) { @@ -491,8 +498,23 @@ static int parse_argv(int argc, char *argv[]) { break; case 'b': - arg_boot = true; - arg_settings_mask |= SETTING_BOOT; + if (arg_start_mode == START_PID2) { + log_error("--boot and --as-pid2 may not be combined."); + return -EINVAL; + } + + arg_start_mode = START_BOOT; + arg_settings_mask |= SETTING_START_MODE; + break; + + case 'a': + if (arg_start_mode == START_BOOT) { + log_error("--boot and --as-pid2 may not be combined."); + return -EINVAL; + } + + arg_start_mode = START_PID2; + arg_settings_mask |= SETTING_START_MODE; break; case ARG_UUID: @@ -849,6 +871,19 @@ static int parse_argv(int argc, char *argv[]) { break; + case ARG_CHDIR: + if (!path_is_absolute(optarg)) { + log_error("Working directory %s is not an absolute path.", optarg); + return -EINVAL; + } + + r = free_and_strdup(&arg_chdir, optarg); + if (r < 0) + return log_oom(); + + arg_settings_mask |= SETTING_WORKING_DIRECTORY; + break; + case '?': return -EINVAL; @@ -859,7 +894,7 @@ static int parse_argv(int argc, char *argv[]) { if (arg_share_system) arg_register = false; - if (arg_boot && arg_share_system) { + if (arg_start_mode != START_PID1 && arg_share_system) { log_error("--boot and --share-system may not be combined."); return -EINVAL; } @@ -907,7 +942,7 @@ static int parse_argv(int argc, char *argv[]) { if (!arg_parameters) return log_oom(); - arg_settings_mask |= SETTING_BOOT; + arg_settings_mask |= SETTING_START_MODE; } /* Load all settings from .nspawn files */ @@ -943,7 +978,7 @@ static int verify_arguments(void) { return -EINVAL; } - if (arg_boot && arg_kill_signal <= 0) + if (arg_start_mode == START_BOOT && arg_kill_signal <= 0) arg_kill_signal = SIGRTMIN+3; return 0; @@ -2563,6 +2598,16 @@ static int inner_child( return -ESRCH; } + if (arg_chdir) + if (chdir(arg_chdir) < 0) + return log_error_errno(errno, "Failed to change to specified working directory %s: %m", arg_chdir); + + if (arg_start_mode == START_PID2) { + r = stub_pid1(); + if (r < 0) + return r; + } + /* Now, explicitly close the log, so that we * then can close all remaining fds. Closing * the log explicitly first has the benefit @@ -2574,7 +2619,7 @@ static int inner_child( log_close(); (void) fdset_close_others(fds); - if (arg_boot) { + if (arg_start_mode == START_BOOT) { char **a; size_t m; @@ -2598,7 +2643,9 @@ static int inner_child( } else if (!strv_isempty(arg_parameters)) execvpe(arg_parameters[0], arg_parameters, env_use); else { - chdir(home ?: "/root"); + if (!arg_chdir) + chdir(home ?: "/root"); + execle("/bin/bash", "-bash", NULL, env_use); execle("/bin/sh", "-sh", NULL, env_use); } @@ -2894,15 +2941,22 @@ static int load_settings(void) { /* Copy over bits from the settings, unless they have been * explicitly masked by command line switches. */ - if ((arg_settings_mask & SETTING_BOOT) == 0 && - settings->boot >= 0) { - arg_boot = settings->boot; + if ((arg_settings_mask & SETTING_START_MODE) == 0 && + settings->start_mode >= 0) { + arg_start_mode = settings->start_mode; strv_free(arg_parameters); arg_parameters = settings->parameters; settings->parameters = NULL; } + if ((arg_settings_mask & SETTING_WORKING_DIRECTORY) == 0 && + settings->working_directory) { + free(arg_chdir); + arg_chdir = settings->working_directory; + settings->working_directory = NULL; + } + if ((arg_settings_mask & SETTING_ENVIRONMENT) == 0 && settings->environment) { strv_free(arg_setenv); @@ -3044,6 +3098,10 @@ int main(int argc, char *argv[]) { log_parse_environment(); log_open(); + /* Make sure rename_process() in the stub init process can work */ + saved_argv = argv; + saved_argc = argc; + r = parse_argv(argc, argv); if (r <= 0) goto finish; @@ -3150,7 +3208,7 @@ int main(int argc, char *argv[]) { } } - if (arg_boot) { + if (arg_start_mode == START_BOOT) { if (path_is_os_tree(arg_directory) <= 0) { log_error("Directory %s doesn't look like an OS root directory (os-release file is missing). Refusing.", arg_directory); r = -EINVAL; @@ -3629,6 +3687,7 @@ finish: free(arg_image); free(arg_machine); free(arg_user); + free(arg_chdir); strv_free(arg_setenv); free(arg_network_bridge); strv_free(arg_network_interfaces); diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c index 9267b67f79..1ac8a223d8 100644 --- a/src/resolve/resolved-dns-cache.c +++ b/src/resolve/resolved-dns-cache.c @@ -51,6 +51,7 @@ struct DnsCacheItem { bool authenticated:1; bool shared_owner:1; + int ifindex; int owner_family; union in_addr_union owner_address; @@ -329,6 +330,7 @@ static void dns_cache_item_update_positive( bool authenticated, bool shared_owner, usec_t timestamp, + int ifindex, int owner_family, const union in_addr_union *owner_address) { @@ -356,6 +358,8 @@ static void dns_cache_item_update_positive( i->authenticated = authenticated; i->shared_owner = shared_owner; + i->ifindex = ifindex; + i->owner_family = owner_family; i->owner_address = *owner_address; @@ -368,6 +372,7 @@ static int dns_cache_put_positive( bool authenticated, bool shared_owner, usec_t timestamp, + int ifindex, int owner_family, const union in_addr_union *owner_address) { @@ -414,6 +419,7 @@ static int dns_cache_put_positive( authenticated, shared_owner, timestamp, + ifindex, owner_family, owner_address); return 0; @@ -436,6 +442,7 @@ static int dns_cache_put_positive( i->until = calculate_until(rr, (uint32_t) -1, timestamp, false); i->authenticated = authenticated; i->shared_owner = shared_owner; + i->ifindex = ifindex; i->owner_family = owner_family; i->owner_address = *owner_address; i->prioq_idx = PRIOQ_IDX_NULL; @@ -615,7 +622,7 @@ int dns_cache_put( DnsResourceRecord *soa = NULL, *rr; DnsAnswerFlags flags; unsigned cache_keys; - int r; + int r, ifindex; assert(c); assert(owner_address); @@ -653,7 +660,7 @@ int dns_cache_put( timestamp = now(clock_boottime_or_monotonic()); /* Second, add in positive entries for all contained RRs */ - DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) { + DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, answer) { if ((flags & DNS_ANSWER_CACHEABLE) == 0) continue; @@ -669,6 +676,7 @@ int dns_cache_put( flags & DNS_ANSWER_AUTHENTICATED, flags & DNS_ANSWER_SHARED_OWNER, timestamp, + ifindex, owner_family, owner_address); if (r < 0) goto fail; @@ -922,7 +930,7 @@ int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, int *rcode, DnsAnswer **r if (!j->rr) continue; - r = dns_answer_add(answer, j->rr, 0, j->authenticated ? DNS_ANSWER_AUTHENTICATED : 0); + r = dns_answer_add(answer, j->rr, j->ifindex, j->authenticated ? DNS_ANSWER_AUTHENTICATED : 0); if (r < 0) return r; } diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 06d30d7863..b8bdff9dfa 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -967,6 +967,17 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname) if (r == 0 && k == 0) /* No actual cname happened? */ return -ELOOP; + if (q->answer_protocol == DNS_PROTOCOL_DNS) { + /* Don't permit CNAME redirects from unicast DNS to LLMNR or MulticastDNS, so that global resources + * cannot invade the local namespace. The opposite way we permit: local names may redirect to global + * ones. */ + + q->flags &= ~(SD_RESOLVED_LLMNR|SD_RESOLVED_MDNS); /* mask away the local protocols */ + } + + /* Turn off searching for the new name */ + q->flags |= SD_RESOLVED_NO_SEARCH; + dns_question_unref(q->question_idna); q->question_idna = nq_idna; nq_idna = NULL; @@ -977,10 +988,8 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname) dns_query_free_candidates(q); dns_query_reset_answer(q); - q->state = DNS_TRANSACTION_NULL; - /* Turn off searching for the new name */ - q->flags |= SD_RESOLVED_NO_SEARCH; + q->state = DNS_TRANSACTION_NULL; return 0; } diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 03239794ee..8f3be4b991 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -57,8 +57,6 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int s->family = family; s->resend_timeout = MULTICAST_RESEND_TIMEOUT_MIN_USEC; - s->dnssec_mode = _DNSSEC_MODE_INVALID; - if (protocol == DNS_PROTOCOL_DNS) { /* Copy DNSSEC mode from the link if it is set there, * otherwise take the manager's DNSSEC mode. Note that @@ -70,7 +68,8 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int s->dnssec_mode = link_get_dnssec_mode(l); else s->dnssec_mode = manager_get_dnssec_mode(m); - } + } else + s->dnssec_mode = DNSSEC_NO; LIST_PREPEND(scopes, m->dns_scopes, s); diff --git a/src/test/test-time.c b/src/test/test-time.c index ca44f81f9c..254a8d0e52 100644 --- a/src/test/test-time.c +++ b/src/test/test-time.c @@ -192,6 +192,8 @@ static void test_usec_add(void) { } int main(int argc, char *argv[]) { + uintmax_t x; + test_parse_sec(); test_parse_time(); test_parse_nsec(); @@ -202,5 +204,13 @@ int main(int argc, char *argv[]) { test_get_timezones(); test_usec_add(); + /* Ensure time_t is signed */ + assert_cc((time_t) -1 < (time_t) 1); + + /* Ensure TIME_T_MAX works correctly */ + x = (uintmax_t) TIME_T_MAX; + x ++; + assert((time_t) x < 0); + return 0; } |