mirror of
https://github.com/systemd/systemd.git
synced 2024-10-26 08:55:40 +03:00
Apply all changes
This commit is contained in:
parent
8049370515
commit
d541dd8bbd
@ -119,14 +119,14 @@ static void log_reset_gnutls_level(void) {
|
||||
|
||||
static int log_enable_gnutls_category(const char *cat) {
|
||||
if (streq(cat, "all")) {
|
||||
FOREACH_ELEMENT(log, gnutls_log_map)
|
||||
log->enabled = true;
|
||||
FOREACH_ELEMENT(entry, gnutls_log_map)
|
||||
entry->enabled = true;
|
||||
log_reset_gnutls_level();
|
||||
return 0;
|
||||
} else
|
||||
FOREACH_ELEMENT(log, gnutls_log_map)
|
||||
if (strv_contains((char**)log->names, cat)) {
|
||||
log->enabled = true;
|
||||
FOREACH_ELEMENT(entry, gnutls_log_map)
|
||||
if (strv_contains((char**)entry->names, cat)) {
|
||||
entry->enabled = true;
|
||||
log_reset_gnutls_level();
|
||||
return 0;
|
||||
}
|
||||
|
@ -635,33 +635,33 @@ int mount_all(const char *dest,
|
||||
bool privileged = FLAGS_SET(mount_settings, MOUNT_PRIVILEGED);
|
||||
int r;
|
||||
|
||||
FOREACH_ELEMENT(mount_point, mount_table) {
|
||||
FOREACH_ELEMENT(m, mount_table) {
|
||||
_cleanup_free_ char *where = NULL, *options = NULL, *prefixed = NULL;
|
||||
bool fatal = FLAGS_SET(mount_point->mount_settings, MOUNT_FATAL);
|
||||
bool fatal = FLAGS_SET(m->mount_settings, MOUNT_FATAL);
|
||||
const char *o;
|
||||
|
||||
/* If we are not privileged but the entry is marked as privileged and to be mounted outside the user namespace, then skip it */
|
||||
if (!privileged && FLAGS_SET(mount_point->mount_settings, MOUNT_PRIVILEGED) && !FLAGS_SET(mount_point->mount_settings, MOUNT_IN_USERNS))
|
||||
if (!privileged && FLAGS_SET(m->mount_settings, MOUNT_PRIVILEGED) && !FLAGS_SET(m->mount_settings, MOUNT_IN_USERNS))
|
||||
continue;
|
||||
|
||||
if (in_userns != FLAGS_SET(mount_point->mount_settings, MOUNT_IN_USERNS))
|
||||
if (in_userns != FLAGS_SET(m->mount_settings, MOUNT_IN_USERNS))
|
||||
continue;
|
||||
|
||||
if (!netns && FLAGS_SET(mount_point->mount_settings, MOUNT_APPLY_APIVFS_NETNS))
|
||||
if (!netns && FLAGS_SET(m->mount_settings, MOUNT_APPLY_APIVFS_NETNS))
|
||||
continue;
|
||||
|
||||
if (!ro && FLAGS_SET(mount_point->mount_settings, MOUNT_APPLY_APIVFS_RO))
|
||||
if (!ro && FLAGS_SET(m->mount_settings, MOUNT_APPLY_APIVFS_RO))
|
||||
continue;
|
||||
|
||||
if (!tmpfs_tmp && FLAGS_SET(mount_point->mount_settings, MOUNT_APPLY_TMPFS_TMP))
|
||||
if (!tmpfs_tmp && FLAGS_SET(m->mount_settings, MOUNT_APPLY_TMPFS_TMP))
|
||||
continue;
|
||||
|
||||
r = chase(mount_point->where, dest, CHASE_NONEXISTENT|CHASE_PREFIX_ROOT, &where, NULL);
|
||||
r = chase(m->where, dest, CHASE_NONEXISTENT|CHASE_PREFIX_ROOT, &where, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to resolve %s%s: %m", strempty(dest), mount_point->where);
|
||||
return log_error_errno(r, "Failed to resolve %s%s: %m", strempty(dest), m->where);
|
||||
|
||||
/* Skip this entry if it is not a remount. */
|
||||
if (mount_point->what) {
|
||||
if (m->what) {
|
||||
r = path_is_mount_point(where);
|
||||
if (r < 0 && r != -ENOENT)
|
||||
return log_error_errno(r, "Failed to detect whether %s is a mount point: %m", where);
|
||||
@ -669,10 +669,10 @@ int mount_all(const char *dest,
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((mount_point->mount_settings & (MOUNT_MKDIR|MOUNT_TOUCH)) != 0) {
|
||||
if ((m->mount_settings & (MOUNT_MKDIR|MOUNT_TOUCH)) != 0) {
|
||||
uid_t u = (use_userns && !in_userns) ? uid_shift : UID_INVALID;
|
||||
|
||||
if (FLAGS_SET(mount_point->mount_settings, MOUNT_TOUCH))
|
||||
if (FLAGS_SET(m->mount_settings, MOUNT_TOUCH))
|
||||
r = mkdir_parents_safe(dest, where, 0755, u, u, 0);
|
||||
else
|
||||
r = mkdir_p_safe(dest, where, 0755, u, u, 0);
|
||||
@ -689,7 +689,7 @@ int mount_all(const char *dest,
|
||||
}
|
||||
}
|
||||
|
||||
if (FLAGS_SET(mount_point->mount_settings, MOUNT_TOUCH)) {
|
||||
if (FLAGS_SET(m->mount_settings, MOUNT_TOUCH)) {
|
||||
r = touch(where);
|
||||
if (r < 0 && r != -EEXIST) {
|
||||
if (fatal && r != -EROFS)
|
||||
@ -701,8 +701,8 @@ int mount_all(const char *dest,
|
||||
}
|
||||
}
|
||||
|
||||
o = mount_point->options;
|
||||
if (streq_ptr(mount_point->type, "tmpfs")) {
|
||||
o = m->options;
|
||||
if (streq_ptr(m->type, "tmpfs")) {
|
||||
r = tmpfs_patch_options(o, in_userns ? 0 : uid_shift, selinux_apifs_context, &options);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
@ -710,24 +710,24 @@ int mount_all(const char *dest,
|
||||
o = options;
|
||||
}
|
||||
|
||||
if (FLAGS_SET(mount_point->mount_settings, MOUNT_PREFIX_ROOT)) {
|
||||
if (FLAGS_SET(m->mount_settings, MOUNT_PREFIX_ROOT)) {
|
||||
/* Optionally prefix the mount source with the root dir. This is useful in bind
|
||||
* mounts to be created within the container image before we transition into it. Note
|
||||
* that MOUNT_IN_USERNS is run after we transitioned hence prefixing is not necessary
|
||||
* for those. */
|
||||
r = chase(mount_point->what, dest, CHASE_PREFIX_ROOT, &prefixed, NULL);
|
||||
r = chase(m->what, dest, CHASE_PREFIX_ROOT, &prefixed, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to resolve %s%s: %m", strempty(dest), mount_point->what);
|
||||
return log_error_errno(r, "Failed to resolve %s%s: %m", strempty(dest), m->what);
|
||||
}
|
||||
|
||||
r = mount_verbose_full(
|
||||
fatal ? LOG_ERR : LOG_DEBUG,
|
||||
prefixed ?: mount_point->what,
|
||||
prefixed ?: m->what,
|
||||
where,
|
||||
mount_point->type,
|
||||
mount_point->flags,
|
||||
m->type,
|
||||
m->flags,
|
||||
o,
|
||||
FLAGS_SET(mount_point->mount_settings, MOUNT_FOLLOW_SYMLINKS));
|
||||
FLAGS_SET(m->mount_settings, MOUNT_FOLLOW_SYMLINKS));
|
||||
if (r < 0 && fatal)
|
||||
return r;
|
||||
}
|
||||
|
@ -136,18 +136,18 @@ static int add_syscall_filters(
|
||||
_cleanup_strv_free_ char **added = NULL;
|
||||
int r;
|
||||
|
||||
FOREACH_ELEMENT(syscall, allow_list) {
|
||||
if (syscall->capability != 0 && (cap_list_retain & (1ULL << syscall->capability)) == 0)
|
||||
FOREACH_ELEMENT(i, allow_list) {
|
||||
if (i->capability != 0 && (cap_list_retain & (1ULL << i->capability)) == 0)
|
||||
continue;
|
||||
|
||||
r = seccomp_add_syscall_filter_item(ctx,
|
||||
syscall->name,
|
||||
i->name,
|
||||
SCMP_ACT_ALLOW,
|
||||
syscall_deny_list,
|
||||
false,
|
||||
&added);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add syscall filter item %s: %m", syscall->name);
|
||||
return log_error_errno(r, "Failed to add syscall filter item %s: %m", i->name);
|
||||
}
|
||||
|
||||
STRV_FOREACH(p, syscall_allow_list) {
|
||||
|
@ -3289,14 +3289,14 @@ static int patch_sysctl(void) {
|
||||
STRV_FOREACH_PAIR(k, v, arg_sysctl) {
|
||||
bool good = false;
|
||||
|
||||
FOREACH_ELEMENT(sysctl, safe_sysctl) {
|
||||
if (!FLAGS_SET(flags, sysctl->clone_flags))
|
||||
FOREACH_ELEMENT(i, safe_sysctl) {
|
||||
if (!FLAGS_SET(flags, i->clone_flags))
|
||||
continue;
|
||||
|
||||
if (sysctl->prefix)
|
||||
good = startswith(*k, sysctl->key);
|
||||
if (i->prefix)
|
||||
good = startswith(*k, i->key);
|
||||
else
|
||||
good = streq(*k, sysctl->key);
|
||||
good = streq(*k, i->key);
|
||||
|
||||
if (good)
|
||||
break;
|
||||
|
@ -1376,23 +1376,23 @@ int manager_dns_stub_start(Manager *m) {
|
||||
m->dns_stub_listener_mode == DNS_STUB_LISTENER_TCP ? "TCP" :
|
||||
"UDP/TCP");
|
||||
|
||||
FOREACH_ELEMENT(socket, stub_sockets) {
|
||||
FOREACH_ELEMENT(s, stub_sockets) {
|
||||
union in_addr_union a = {
|
||||
.in.s_addr = htobe32(socket->addr),
|
||||
.in.s_addr = htobe32(s->addr),
|
||||
};
|
||||
|
||||
if (m->dns_stub_listener_mode == DNS_STUB_LISTENER_UDP && socket->socket_type == SOCK_STREAM)
|
||||
if (m->dns_stub_listener_mode == DNS_STUB_LISTENER_UDP && s->socket_type == SOCK_STREAM)
|
||||
continue;
|
||||
if (m->dns_stub_listener_mode == DNS_STUB_LISTENER_TCP && socket->socket_type == SOCK_DGRAM)
|
||||
if (m->dns_stub_listener_mode == DNS_STUB_LISTENER_TCP && s->socket_type == SOCK_DGRAM)
|
||||
continue;
|
||||
|
||||
r = manager_dns_stub_fd(m, AF_INET, &a, socket->socket_type);
|
||||
r = manager_dns_stub_fd(m, AF_INET, &a, s->socket_type);
|
||||
if (r < 0) {
|
||||
_cleanup_free_ char *busy_socket = NULL;
|
||||
|
||||
if (asprintf(&busy_socket,
|
||||
"%s socket " IPV4_ADDRESS_FMT_STR ":53",
|
||||
socket->socket_type == SOCK_DGRAM ? "UDP" : "TCP",
|
||||
s->socket_type == SOCK_DGRAM ? "UDP" : "TCP",
|
||||
IPV4_ADDRESS_FMT_VAL(a.in)) < 0)
|
||||
return log_oom();
|
||||
|
||||
|
@ -80,10 +80,10 @@ TEST(free_and_strndup) {
|
||||
_cleanup_free_ char *t = NULL;
|
||||
const char *prev_expected = t;
|
||||
|
||||
FOREACH_ELEMENT(test_case, cases) {
|
||||
FOREACH_ELEMENT(c, cases) {
|
||||
test_free_and_strndup_one(&t,
|
||||
test_case->src, test_case->len, test_case->expected,
|
||||
!streq_ptr(test_case->expected, prev_expected));
|
||||
c->src, c->len, c->expected,
|
||||
!streq_ptr(c->expected, prev_expected));
|
||||
prev_expected = t;
|
||||
}
|
||||
}
|
||||
|
@ -181,11 +181,11 @@ static void _test_pcr_selection_mask_hash(uint32_t mask, TPMI_ALG_HASH hash) {
|
||||
TEST(tpms_pcr_selection_mask_and_hash) {
|
||||
TPMI_ALG_HASH HASH_ALGS[] = { TPM2_ALG_SHA1, TPM2_ALG_SHA256, };
|
||||
|
||||
FOREACH_ELEMENT(HASH, HASH_ALGS)
|
||||
FOREACH_ELEMENT(hash, HASH_ALGS)
|
||||
for (uint32_t m2 = 0; m2 <= 0xffffff; m2 += 0x50000)
|
||||
for (uint32_t m1 = 0; m1 <= 0xffff; m1 += 0x500)
|
||||
for (uint32_t m0 = 0; m0 <= 0xff; m0 += 0x5)
|
||||
_test_pcr_selection_mask_hash(m0 | m1 | m2, *HASH);
|
||||
_test_pcr_selection_mask_hash(m0 | m1 | m2, *hash);
|
||||
}
|
||||
|
||||
static void _test_tpms_sw(
|
||||
|
@ -295,8 +295,8 @@ static bool test_pointers(
|
||||
size_t num_well_known_keys = 0;
|
||||
|
||||
if (has_keys)
|
||||
FOREACH_ELEMENT(well_known_key, well_known_keyboard_keys)
|
||||
if (test_bit(*well_known_key, bitmask_key))
|
||||
FOREACH_ELEMENT(key, well_known_keyboard_keys)
|
||||
if (test_bit(*key, bitmask_key))
|
||||
num_well_known_keys++;
|
||||
|
||||
if (num_well_known_keys >= 4 || num_joystick_buttons + num_joystick_axes < 2) {
|
||||
|
Loading…
Reference in New Issue
Block a user