shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-26 14:04:03 +03:00
Code

Merge pull request #21990 from keszybz/indentation-and-comments

Browse Source 
Indentation and comments
This commit is contained in:
Luca Boccassi 2022-01-04 00:18:10 +00:00 committed by GitHub
commit c9b1efdf14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
48 changed files with 86 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.clang-format
View File

@ -1,7 +1,7 @@
# This configuration file can be used to auto-format the code base.
# Not all guidelines specified in CODING_STYLE are followed, so the
# result MUST NOT be committed indiscriminately, but each automated
# change should be reviewed and only the appropriate ones commited.
# change should be reviewed and only the appropriate ones committed.
#
# The easiest way to apply the formatting to your changes ONLY,
# is to use the git-clang-format script (usually installed with clang-format).

4
.github/workflows/run_mkosi.sh vendored
View File

@ -13,7 +13,7 @@ for ((i = 0; i < 5; i++)); do
EC=0
(sudo python3 -m mkosi "$@") |& tee "$TEMPFILE" || EC=$?
if [[ $EC -eq 0 ]]; then
# The command passed - let's return immediatelly
# The command passed — let's return immediately
break
fi
@ -23,7 +23,7 @@ for ((i = 0; i < 5; i++)); do
exit $EC
fi
# The command failed due to the dissect-related timeout - let's try again
# The command failed due to the dissect-related timeout let's try again
sleep 1
done

8
docs/CODE_QUALITY.md
View File

@ -51,8 +51,8 @@ available functionality:
9. There are multiple CI systems in use that run on every github PR submission.
10. [Coverity](https://scan.coverity.com/) is analyzing systemd master in
regular intervals. The reports are available
10. [Coverity](https://scan.coverity.com/) is analyzing systemd `main` branch
in regular intervals. The reports are available
[online](https://scan.coverity.com/projects/systemd).
11. [oss-fuzz](https://oss-fuzz.com/) is continuously fuzzing the
@ -65,7 +65,7 @@ available functionality:
13. When building systemd from a git checkout the build scripts will
automatically enable a git commit hook that ensures whitespace cleanliness.
14. [LGTM](https://lgtm.com/) analyzes every commit pushed to master. The list
14. [LGTM](https://lgtm.com/) analyzes every commit pushed to `main`. The list
of active alerts can be found
[here](https://lgtm.com/projects/g/systemd/systemd/alerts/?mode=list).
@ -75,7 +75,7 @@ available functionality:
for more information.
16. Fossies provides [source code misspelling reports](https://fossies.org/features.html#codespell).
The systemd report can be found [here](https://fossies.org/linux/test/systemd-master.tar.gz/codespell.html).
The systemd report can be found [here](https://fossies.org/linux/misc/systemd/codespell.html).
Access to Coverity and oss-fuzz reports is limited. Please reach out to the
maintainers if you need access.

22
docs/CONTAINER_INTERFACE.md
View File

@ -37,18 +37,18 @@ manager, please consider supporting the following interfaces.
in this context.)
3. Pre-mount `/dev/` as (container private) `tmpfs` for the container and bind
mount some suitable TTY to `/dev/console`. If this is a pty, make sure to not
close the controlling pty master during systemd's lifetime. PID1 will close
mount some suitable TTY to `/dev/console`. If this is a pty, make sure to
not close the controlling pty during systemd's lifetime. PID1 will close
ttys, to avoid being killed by SAK. It only opens ttys for the time it
actually needs to print something. Also, make sure to create device
nodes for `/dev/null`, `/dev/zero`, `/dev/full`, `/dev/random`,
`/dev/urandom`, `/dev/tty`, `/dev/ptmx` in `/dev/`. It is not necessary to
create `/dev/fd` or `/dev/stdout`, as systemd will do that on its own. Make
sure to set up a `BPF_PROG_TYPE_CGROUP_DEVICE` BPF program — on cgroupv2 —
or the `devices` cgroup controller — on cgroupv1 — so that no other devices
but these may be created in the container. Note that many systemd services
use `PrivateDevices=`, which means that systemd will set up a private
`/dev/` for them for which it needs to be able to create these device nodes.
actually needs to print something. Also, make sure to create device nodes
for `/dev/null`, `/dev/zero`, `/dev/full`, `/dev/random`, `/dev/urandom`,
`/dev/tty`, `/dev/ptmx` in `/dev/`. It is not necessary to create `/dev/fd`
or `/dev/stdout`, as systemd will do that on its own. Make sure to set up a
`BPF_PROG_TYPE_CGROUP_DEVICE` BPF program — on cgroupv2 — or the `devices`
cgroup controller — on cgroupv1 — so that no other devices but these may be
created in the container. Note that many systemd services use
`PrivateDevices=`, which means that systemd will set up a private `/dev/`
for them for which it needs to be able to create these device nodes.
Dropping `CAP_MKNOD` for containers is hence generally not advisable, but
see below.

2
docs/CONTRIBUTING.md
View File

@ -31,7 +31,7 @@ See [reporting of security vulnerabilities](SECURITY.md).
## Posting Pull Requests
* Make sure to post PRs only relative to a very recent git master.
* Make sure to post PRs only relative to a very recent git tip.
* Follow our [Coding Style](CODING_STYLE.md) when contributing code. This is a requirement for all code we merge.
* Please make sure to test your change before submitting the PR. See the [Hacking guide](HACKING.md) for details on how to do this.
* Make sure to run the test suite locally, before posting your PR. We use a CI system, meaning we don't even look at your PR, if the build and tests don't pass.

2
docs/JOURNAL_NATIVE_PROTOCOL.md
View File

@ -185,7 +185,7 @@ took place for the current program.
If you are looking for alternative implementations of this protocol (besides
systemd's own in `sd_journal_print()`), consider
[GLib's](https://gitlab.gnome.org/GNOME/glib/-/blob/master/glib/gmessages.c) or
[GLib's](https://gitlab.gnome.org/GNOME/glib/-/blob/main/glib/gmessages.c) or
[`dbus-broker`'s](https://github.com/bus1/dbus-broker/blob/main/src/util/log.c).
And that's already all there is to it.

2
docs/RELEASE.md
View File

@ -21,4 +21,4 @@ SPDX-License-Identifier: LGPL-2.1-or-later
12. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
13. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
14. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released`)
15. [FINAL] Push commits to stable, create an empty -stable branch: `git push systemd-stable origin/master:master origin/master:refs/heads/${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).
15. [FINAL] Push commits to stable, create an empty -stable branch: `git push systemd-stable --atomic origin/main:main origin/main:refs/heads/${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).

2
docs/UIDS-GIDS.md
View File

@ -81,7 +81,7 @@ available during earliest boot, including in the initial RAM disk).
above). However, it does define some special group/GID assignments, which are
primarily used for `systemd-udevd`'s device management. The precise list of the
currently defined groups is found in this `sysusers.d` snippet:
[basic.conf](https://raw.githubusercontent.com/systemd/systemd/master/sysusers.d/basic.conf.in)
[basic.conf](https://raw.githubusercontent.com/systemd/systemd/main/sysusers.d/basic.conf.in)
It's strongly recommended that downstream distributions include these groups in
their default group databases.

1
po/be.po
View File

@ -7,7 +7,6 @@
# Zmicer Turok <nashtlumach@gmail.com>, 2020, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-01-10 18:36+0000\n"

1
po/be@latin.po
View File

@ -6,7 +6,6 @@
# Viktar Vaŭčkievič <victorenator@gmail.com>, 2015, 2016.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2016-06-09 19:50+0300\n"

1
po/bg.po
View File

@ -6,7 +6,6 @@
#
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2016-05-14 13:28+0300\n"

1
po/ca.po
View File

@ -5,7 +5,6 @@
# Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>, 2018. #zanata
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2018-02-27 04:18-0500\n"

1
po/cs.po
View File

@ -4,7 +4,6 @@
#
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2020-10-26 22:48+0100\n"

1
po/da.po
View File

@ -5,7 +5,6 @@
# scootergrisen <scootergrisen@gmail.com>, 2020, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-06-02 16:03+0000\n"

1
po/de.po
View File

@ -9,7 +9,6 @@
# Christian Wehrli <christian@chw.onl>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-11-08 00:49+0000\n"

1
po/el.po
View File

@ -5,7 +5,6 @@
# Dimitris Spingos (Δημήτρης Σπίγγος) <dmtrs32@gmail.com>, 2014.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2014-04-29 09:17+0300\n"

1
po/es.po
View File

@ -8,7 +8,6 @@
# Emilio Herrera <ehespinosa57@gmail.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-08-26 18:05+0000\n"

1
po/fi.po
View File

@ -4,7 +4,6 @@
# Jan Kuparinen <copper_fin@hotmail.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-09-14 19:04+0000\n"

1
po/fr.po
View File

@ -7,7 +7,6 @@
# Arnaud T. <listes.00@gmail.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-01-14 06:37+0000\n"

1
po/gl.po
View File

@ -3,7 +3,6 @@
# Fran Dieguez <frandieguez@gnome.org>, 2015.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2019-12-29 22:30+0100\n"

1
po/hr.po
View File

@ -6,7 +6,6 @@
# Gogo Gogsi <linux.hr@protonmail.com>, 2020, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-10-03 16:04+0000\n"

1
po/hu.po
View File

@ -7,7 +7,6 @@
# Balázs Úr <urbalazs at gmail dot com>, 2016.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2016-08-23 18:03+0100\n"

1
po/id.po
View File

@ -4,7 +4,6 @@
# Andika Triwidada <andika@gmail.com>, 2014, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-09-24 11:05+0000\n"

1
po/it.po
View File

@ -5,7 +5,6 @@
# Daniele Medri <dmedri@gmail.com>, 2013-2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-01-08 17:51+0100\n"

1
po/ja.po
View File

@ -5,7 +5,6 @@
# Takuro Onoue <kusanaginoturugi@gmail.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-09-09 03:04+0000\n"

1
po/kab.po
View File

@ -4,7 +4,6 @@
# Slimane Selyan Amiri <selyan.kab@gmail.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-10-03 16:04+0000\n"

1
po/ko.po
View File

@ -6,7 +6,6 @@
# simmon <simmon@nplob.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-06-22 10:04+0000\n"

1
po/lt.po
View File

@ -3,7 +3,6 @@
# Moo, 2018. #zanata
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2019-04-08 22:01+0300\n"

1
po/nl.po
View File

@ -4,7 +4,6 @@
# Pjotr Vertaalt <pjotrvertaalt@gmail.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-03-24 09:16+0000\n"

1
po/pa.po
View File

@ -3,7 +3,6 @@
# A S Alam <amanpreet.alam@gmail.com>, 2020, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-01-24 16:38+0000\n"

1
po/pl.po
View File

@ -4,7 +4,6 @@
#
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2020-10-18 13:10+0200\n"

1
po/pt.po
View File

@ -4,7 +4,6 @@
# Hugo Carvalho <hugokarvalho@hotmail.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-09-16 18:04+0000\n"

1
po/pt_BR.po
View File

@ -7,7 +7,6 @@
# Gustavo Costa <xfgusta@gmail.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-08-17 07:04+0000\n"

1
po/ro.po
View File

@ -6,7 +6,6 @@
# Vlad <milovlad@outlook.com>, 2020, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-01-12 17:36+0000\n"

1
po/ru.po
View File

@ -8,7 +8,6 @@
# Alexey Rubtsov <rushills@gmail.com>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-07-02 09:04+0000\n"

1
po/si.po
View File

@ -4,7 +4,6 @@
# Hela Basa <r45xveza@pm.me>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-08-19 07:04+0000\n"

1
po/sk.po
View File

@ -5,7 +5,6 @@
# Frantisek Sumsal <frantisek@sumsal.cz>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-02-22 20:21+0000\n"

1
po/sr.po
View File

@ -4,7 +4,6 @@
# Frantisek Sumsal <frantisek@sumsal.cz>, 2021.
msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-02-23 22:40+0000\n"

1
po/sv.po
View File

@ -8,7 +8,6 @@
# Luna Jernberg <bittin@reimu.nl>, 2020.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-02-10 15:40+0000\n"

1
po/systemd.pot
View File

@ -3,7 +3,6 @@
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"

1
po/tr.po
View File

@ -7,7 +7,6 @@
# Muhammet Kara <muhammetk@gmail.com>, 2015-2020.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2020-11-28 13:35+0000\n"

1
po/uk.po
View File

@ -6,7 +6,6 @@
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021.
msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-01-09 10:51+0000\n"

1
po/zh_CN.po
View File

@ -8,7 +8,6 @@
# Whired Planck <fungdaat31@outlook.com>, 2020.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-03-01 09:40+0000\n"

1
po/zh_TW.po
View File

@ -5,7 +5,6 @@
# pan93412 <pan93412@gmail.com>, 2019.
msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-01-08 17:48+0100\n"
"PO-Revision-Date: 2021-08-10 11:36+0800\n"

38
src/basic/path-util.c
View File

@ -1237,8 +1237,6 @@ char *file_in_same_dir(const char *path, const char *filename) {
}
bool hidden_or_backup_file(const char *filename) {
const char *p;
assert(filename);
if (filename[0] == '.' ||
@ -1248,24 +1246,25 @@ bool hidden_or_backup_file(const char *filename) {
endswith(filename, "~"))
return true;
p = strrchr(filename, '.');
if (!p)
const char *dot = strrchr(filename, '.');
if (!dot)
return false;
/* Please, let's not add more entries to the list below. If external projects think it's a good idea to come up
* with always new suffixes and that everybody else should just adjust to that, then it really should be on
* them. Hence, in future, let's not add any more entries. Instead, let's ask those packages to instead adopt
* one of the generic suffixes/prefixes for hidden files or backups, possibly augmented with an additional
* string. Specifically: there's now:
/* Please, let's not add more entries to the list below. If external projects think it's a good idea
* to come up with always new suffixes and that everybody else should just adjust to that, then it
* really should be on them. Hence, in future, let's not add any more entries. Instead, let's ask
* those packages to instead adopt one of the generic suffixes/prefixes for hidden files or backups,
* possibly augmented with an additional string. Specifically: there's now:
*
* The generic suffixes "~" and ".bak" for backup files
* The generic prefix "." for hidden files
*
* Thus, if a new package manager "foopkg" wants its own set of ".foopkg-new", ".foopkg-old", ".foopkg-dist"
* or so registered, let's refuse that and ask them to use ".foopkg.new", ".foopkg.old" or ".foopkg~" instead.
* Thus, if a new package manager "foopkg" wants its own set of ".foopkg-new", ".foopkg-old",
* ".foopkg-dist" or so registered, let's refuse that and ask them to use ".foopkg.new",
* ".foopkg.old" or ".foopkg~" instead.
*/
return STR_IN_SET(p + 1,
return STR_IN_SET(dot + 1,
"rpmnew",
"rpmsave",
"rpmorig",
@ -1287,15 +1286,16 @@ bool hidden_or_backup_file(const char *filename) {
bool is_device_path(const char *path) {
/* Returns true on paths that likely refer to a device, either by path in sysfs or to something in /dev */
/* Returns true for paths that likely refer to a device, either by path in sysfs or to something in
* /dev. */
return PATH_STARTSWITH_SET(path, "/dev/", "/sys/");
}
bool valid_device_node_path(const char *path) {
/* Some superficial checks whether the specified path is a valid device node path, all without looking at the
* actual device node. */
/* Some superficial checks whether the specified path is a valid device node path, all without
* looking at the actual device node. */
if (!PATH_STARTSWITH_SET(path, "/dev/", "/run/systemd/inaccessible/"))
return false;
@ -1309,8 +1309,8 @@ bool valid_device_node_path(const char *path) {
bool valid_device_allow_pattern(const char *path) {
assert(path);
/* Like valid_device_node_path(), but also allows full-subsystem expressions, like DeviceAllow= and DeviceDeny=
* accept it */
/* Like valid_device_node_path(), but also allows full-subsystem expressions like those accepted by
* DeviceAllow= and DeviceDeny=. */
if (STARTSWITH_SET(path, "block-", "char-"))
return true;
@ -1401,8 +1401,8 @@ bool dot_or_dot_dot(const char *path) {
bool empty_or_root(const char *path) {
/* For operations relative to some root directory, returns true if the specified root directory is redundant,
* i.e. either / or NULL or the empty string or any equivalent. */
/* For operations relative to some root directory, returns true if the specified root directory is
* redundant, i.e. either / or NULL or the empty string or any equivalent. */
if (isempty(path))
return true;

66
src/core/bpf-lsm.c
View File

@ -64,10 +64,10 @@ static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) {
/* TODO Maybe choose a number based on runtime information? */
r = sym_bpf_map__resize(obj->maps.cgroup_hash, CGROUP_HASH_SIZE_MAX);
if (r != 0)
return log_error_errno(r,
"Failed to resize BPF map '%s': %m",
sym_bpf_map__name(obj->maps.cgroup_hash));
assert(r <= 0);
if (r < 0)
return log_error_errno(r, "Failed to resize BPF map '%s': %m",
sym_bpf_map__name(obj->maps.cgroup_hash));
/* Dummy map to satisfy the verifier */
inner_map_fd = sym_bpf_create_map(BPF_MAP_TYPE_HASH, sizeof(uint32_t), sizeof(uint32_t), 128, 0);
@ -75,11 +75,13 @@ static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) {
return log_error_errno(errno, "Failed to create BPF map: %m");
r = sym_bpf_map__set_inner_map_fd(obj->maps.cgroup_hash, inner_map_fd);
assert(r <= 0);
if (r < 0)
return log_error_errno(r, "Failed to set inner map fd: %m");
r = restrict_fs_bpf__load(obj);
if (r)
assert(r <= 0);
if (r < 0)
return log_error_errno(r, "Failed to load BPF object");
*ret_obj = TAKE_PTR(obj);
@ -99,34 +101,27 @@ static int mac_bpf_use(void) {
r = read_one_line_file("/sys/kernel/security/lsm", &lsm_list);
if (r < 0) {
if (errno != ENOENT)
log_debug_errno(r, "Failed to read /sys/kernel/security/lsm, ignoring: %m");
if (r != -ENOENT)
log_notice_errno(r, "Failed to read /sys/kernel/security/lsm, assuming bpf is unavailable: %m");
return 0;
}
const char *p = lsm_list;
for (;;) {
for (const char *p = lsm_list;;) {
_cleanup_free_ char *word = NULL;
r = extract_first_word(&p, &word, ",", 0);
if (r == 0)
break;
return 0;
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_debug_errno(r, "Failed to parse /sys/kernel/security/lsm, ignoring: %m");
log_notice_errno(r, "Failed to parse /sys/kernel/security/lsm, assuming bpf is unavailable: %m");
return 0;
}
if (streq(word, "bpf")) {
cached_use = 1;
break;
}
if (streq(word, "bpf"))
return cached_use = 1;
}
return cached_use;
}
int lsm_bpf_supported(void) {
@ -181,7 +176,7 @@ int lsm_bpf_supported(void) {
}
int lsm_bpf_setup(Manager *m) {
struct restrict_fs_bpf *obj = NULL;
struct restrict_fs_bpf *obj;
_cleanup_(bpf_link_freep) struct bpf_link *link = NULL;
int r;
@ -207,7 +202,6 @@ int lsm_bpf_setup(Manager *m) {
}
int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list) {
int inner_map_fd = -1, outer_map_fd = -1;
uint32_t dummy_value = 1, zero = 0;
const char *fs;
const statfs_f_type_t *magic;
@ -216,7 +210,7 @@ int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allo
assert(filesystems);
assert(u);
inner_map_fd = sym_bpf_create_map(
int inner_map_fd = sym_bpf_create_map(
BPF_MAP_TYPE_HASH,
sizeof(uint32_t),
sizeof(uint32_t),
@ -225,7 +219,7 @@ int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allo
if (inner_map_fd < 0)
return log_unit_error_errno(u, errno, "Failed to create inner LSM map: %m");
outer_map_fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash);
int outer_map_fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash);
if (outer_map_fd < 0)
return log_unit_error_errno(u, errno, "Failed to get BPF map fd: %m");
@ -266,8 +260,6 @@ int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allo
}
int lsm_bpf_cleanup(const Unit *u) {
int fd = -1;
assert(u);
assert(u->manager);
@ -277,7 +269,7 @@ int lsm_bpf_cleanup(const Unit *u) {
if (!u->manager->restrict_fs)
return 0;
fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash);
int fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash);
if (fd < 0)
return log_unit_error_errno(u, errno, "Failed to get BPF map fd: %m");
@ -350,10 +342,10 @@ int lsm_bpf_parse_filesystem(
}
NULSTR_FOREACH(i, set->value) {
/* Call ourselves again, for the group to parse. Note that we downgrade logging here (i.e. take
* away the FILESYSTEM_PARSE_LOG flag) since any issues in the group table are our own problem,
* not a problem in user configuration data and we shouldn't pretend otherwise by complaining
* about them. */
/* Call ourselves again, for the group to parse. Note that we downgrade logging here
* (i.e. take away the FILESYSTEM_PARSE_LOG flag) since any issues in the group table
* are our own problem, not a problem in user configuration data and we shouldn't
* pretend otherwise by complaining about them. */
r = lsm_bpf_parse_filesystem(i, filesystems, flags &~ FILESYSTEM_PARSE_LOG, unit, filename, line);
if (r < 0)
return r;
@ -363,16 +355,10 @@ int lsm_bpf_parse_filesystem(
* we want to allow it, then remove it from the list. */
if (!(flags & FILESYSTEM_PARSE_INVERT) == !!(flags & FILESYSTEM_PARSE_ALLOW_LIST)) {
r = set_put_strdup(filesystems, name);
if (r < 0)
switch (r) {
case -ENOMEM:
return flags & FILESYSTEM_PARSE_LOG ? log_oom() : -ENOMEM;
case -EEXIST:
/* Already in set, ignore */
break;
default:
return r;
}
if (r == -ENOMEM)
return flags & FILESYSTEM_PARSE_LOG ? log_oom() : -ENOMEM;
if (r < 0 && r != -EEXIST) /* When already in set, ignore */
return r;
} else
free(set_remove(*filesystems, name));
}

6
src/test/test-bpf-lsm.c
View File

@ -51,13 +51,11 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch
}
cld_code = SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code;
if (cld_code != CLD_EXITED) {
if (cld_code != CLD_EXITED)
return log_error_errno(-SYNTHETIC_ERRNO(EBUSY), "ExecStart didn't exited, code='%s'", sigchld_code_to_string(cld_code));
}
if (SERVICE(u)->state != SERVICE_DEAD) {
if (SERVICE(u)->state != SERVICE_DEAD)
return log_error_errno(-SYNTHETIC_ERRNO(EBUSY), "Service is not dead");
}
return 0;
}

37
src/test/test-job-type.c
View File

@ -6,27 +6,24 @@
#include "unit.h"
int main(int argc, char *argv[]) {
JobType a, b, c, ab, bc, ab_c, bc_a, a_bc;
const ServiceState test_states[] = { SERVICE_DEAD, SERVICE_RUNNING };
unsigned i;
bool merged_ab;
/* fake a unit */
static Service s = {
.meta.load_state = UNIT_LOADED,
.type = SERVICE_SIMPLE,
};
Unit *u = UNIT(&s);
for (size_t i = 0; i < ELEMENTSOF(test_states); i++) {
/* fake a unit */
Service s = {
.meta.load_state = UNIT_LOADED,
.type = SERVICE_SIMPLE,
.state = test_states[i],
};
Unit *u = UNIT(&s);
for (i = 0; i < ELEMENTSOF(test_states); i++) {
s.state = test_states[i];
printf("\nWith collapsing for service state %s\n"
"=========================================\n", service_state_to_string(s.state));
for (a = 0; a < _JOB_TYPE_MAX_MERGING; a++) {
for (b = 0; b < _JOB_TYPE_MAX_MERGING; b++) {
for (JobType a = 0; a < _JOB_TYPE_MAX_MERGING; a++) {
for (JobType b = 0; b < _JOB_TYPE_MAX_MERGING; b++) {
ab = a;
merged_ab = (job_type_merge_and_collapse(&ab, b, u) >= 0);
JobType ab = a;
bool merged_ab = job_type_merge_and_collapse(&ab, b, u) >= 0;
if (!job_type_is_mergeable(a, b)) {
assert_se(!merged_ab);
@ -37,7 +34,7 @@ int main(int argc, char *argv[]) {
assert_se(merged_ab);
printf("%s + %s = %s\n", job_type_to_string(a), job_type_to_string(b), job_type_to_string(ab));
for (c = 0; c < _JOB_TYPE_MAX_MERGING; c++) {
for (JobType c = 0; c < _JOB_TYPE_MAX_MERGING; c++) {
/* Verify transitivity of mergeability of job types */
assert_se(!job_type_is_mergeable(a, b) ||
@ -53,18 +50,18 @@ int main(int argc, char *argv[]) {
* either a or b is not mergeable with c either. */
assert_se(job_type_is_mergeable(ab, c) || !job_type_is_mergeable(a, c) || !job_type_is_mergeable(b, c));
bc = b;
JobType bc = b;
if (job_type_merge_and_collapse(&bc, c, u) >= 0) {
/* Verify associativity */
ab_c = ab;
JobType ab_c = ab;
assert_se(job_type_merge_and_collapse(&ab_c, c, u) == 0);
bc_a = bc;
JobType bc_a = bc;
assert_se(job_type_merge_and_collapse(&bc_a, a, u) == 0);
a_bc = a;
JobType a_bc = a;
assert_se(job_type_merge_and_collapse(&a_bc, bc, u) == 0);
assert_se(ab_c == bc_a);