| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The general rule should be to be strict when parsing data, but lenient
when printing it. Or in other words, we should verify data in verification
functions, but not when printing things. It doesn't make sense to refuse
to print a value that we are using internally.
We were tripping ourselves in some of the print functions:
we want to report than an address was configured with too-long prefix, but
the log line would use "n/a" if the prefix was too long. This is not useful.
Most of the time, the removal of the check doesn't make any difference,
because we verified the prefix length on input.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we don't need the error value, and the buffer is allocated with a fixed
size, the whole logic provided by in_addr_to_string() becomes unnecessary, so
it's enough to wrap inet_ntop() directly.
inet_ntop() can only fail with ENOSPC. But we specify a buffer that is supposed
to be large enough, so this should never fail. A bunch of tests of this are added.
This allows all the wrappers like strna(), strnull(), strempty() to be dropped.
The guard of 'if (DEBUG_LOGGING)' can be dropped from around log_debug(),
because log_debug() implements the check outside of the function call. But
log_link_debug() does not, so it we need it to avoid unnecessary evaluation of
the formatting.
|
| |
|
|
|
| |
No particular reason to have it in basic/. We should let homectl
and other users share the single copy through libsystemd-shared.
|
| |
|
|
| |
This also drops unused ALIGN4_PTR(), ALIGN8_PTR(), and ALIGN_TO_PTR().
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently have a convoluted and complex selection of which random
numbers to use. We can simplify this down to two functions that cover
all of our use cases:
1) Randomness for crypto: this one needs to wait until the RNG is
initialized. So it uses getrandom(0). If that's not available, it
polls on /dev/random, and then reads from /dev/urandom. This function
returns whether or not it was successful, as before.
2) Randomness for other things: this one uses getrandom(GRND_INSECURE).
If it's not available it uses getrandom(GRND_NONBLOCK). And if that
would block, then it falls back to /dev/urandom. And if /dev/urandom
isn't available, it uses the fallback code. It never fails and
doesn't return a value.
These two cases match all the uses of randomness inside of systemd.
I would prefer to make both of these return void, and get rid of the
fallback code, and simply assert in the incredibly unlikely case that
/dev/urandom doesn't exist. But Luca disagrees, so this commit attempts
to instead keep case (1) returning a return value, which all the callers
already check, and fix the fallback code in (2) to be less bad than
before.
For the less bad fallback code for (2), we now use auxval and some
timestamps, together with various counters representing the invocation,
hash it all together and provide the output. Provided that AT_RANDOM is
secure, this construction is probably okay too, though notably it
doesn't have any forward secrecy. Fortunately, it's only used by
random_bytes() and not by crypto_random_bytes().
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
SIGKILL but processes still remain
After sending a SIGKILL to a process, the process might disappear from
`cgroup.threads` but still show up in `cgroup.procs` and still remains in the
cgroup and cause migrating new processes to `Delegate=yes` cgroups to fail with
`-EBUSY`. This is especially likely for heavyweight processes that consume more
kernel CPU time to clean up.
Fix this by only returning 0 when both `cgroup.threads` and
`cgroup.procs` are empty.
|
| |
|
|
| |
This also sorts them.
|
| | |
|
| |\
| |
| | |
tree-wide: add support for connecting to AF_UNIX sockets in the file system beyond the 108ch limit
|
| | |
| |
| |
| | |
Let's make use of our new helper, and thus allow longer paths.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This way we can connect correctly to any AF_UNIX socket in the file
system, and even save some code. Yay!
This also adds some test code for this, that ensures read_file_full()
works correctly for AF_UNIX sockets that violate the 108 char limit.
Supporting sockets like this kinda matters I think, for the simple
reason that apps want to build socket paths via XDG_RUNTIME_DIR and
suchlike, and we should be able to connect to them, even via
non-normalized paths.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a short helper for connecting to AF_UNIX sockets in the file
system. It works around the 108ch limit of sockaddr_un, and supports
"at" style fds.
This doesn't come with a test of its own, but the next patch will add
that.
|
| |/
|
|
|
|
|
|
|
|
| |
This will be helpful in cases where we are repeatedly adding entries
to a long strv and want to skip the iteration over old entries leading
to quadratic behaviour.
Note that we don't want to calculate the length if not necessary, so
the calculation is delayed until after we've checked that value is not
NULL.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
to work
let's not make up new errors in these checks that validate if connect()
work at all. After all, we don't really know if the ENXIO we saw earlier
actually is really caused by the inode being an AF_UNIX socket, we just
have the suspicion...
|
| |
|
|
|
|
|
|
|
| |
108ch limit
This way we can implement nice fallbacks later on.
While we are at it, provide a test for this (one that is a bit over the
top, but then again, we can never have enough tests).
|
| |\
| |
| | |
Add some ref-unref helpers for resolved
|
| | | |
|
| |\|
| |
| | |
resolve: place RRSIG after the corresponding entries
|
| | | |
|
| |\ \
| | |
| | | |
logind: fix crash in logind on bad message string
|
| | | |
| | |
| | |
| | |
| | | |
I'm not _quite_ convinced that this a good idea… I'm at least keeping
it separate to make it easy to revert ;)
|
| | | |
| | |
| | |
| | |
| | | |
This should be enough to get reports if we screw up anywhere, coverity does
analysis of printf format strings.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With an intentional mistake:
../src/login/logind-dbus.c: In function ‘bus_manager_log_shutdown’:
../src/login/logind-dbus.c:1542:39: error: format ‘%s’ expects a matching ‘char *’ argument [-Werror=format=]
1542 | LOG_MESSAGE("%s %s", message),
| ^~~~~~~
|
| | |/
| |
| |
| |
| |
| |
| | |
Also break some long lines for more uniform formatting. No functional change.
I went over all log_struct, log_struct_errno, log_unit_struct,
log_unit_struct_errno calls, and they seem fine.
|
| |\ \
| | |
| | | |
More coverage in fuzz-json
|
| | | |
| | |
| | |
| | | |
Those symbols are not macros anymore, so we can drop parens.
|
| |/ / |
|
| | |
| |
| |
| |
| | |
Let's avoid ambigituies here. (Interesting that the current users
compiled at all, in fact)
|
| |/
|
|
| |
I think it's a bit simpler, we don't have two indexes.
|
| |
|
|
|
|
|
|
|
| |
Plain strv_split() should not care if the strings contains backslashes
or quote characters. But extract_first_word() interprets backslashes
unless EXTRACT_RETAIN_ESCAPE is given.
I wonder how it's possible that nobody noticed this before. I think this
code was introduced in 0645b83a40d1c782f173c4d8440ab2fc82a75006.
|
| |
|
|
|
|
| |
Fixup for a5efbf468c96190c9562bc8121eda32310dfd112: if $COLORTERM was set, we'd
unconditionally turn on colors, which is unexpected and wrong. It even breaks
our own tests when executed in gnome-terminal.
|
| |
|
|
|
|
|
|
|
|
|
| |
With a recent change paths leaving the statically known lookup paths would be
treated differently then those that remained within those. That was done
(AFAIK) to consistently handle alias names. Unfortunately that means that on
some distributions, especially those where /etc/ consists mostly of symlinks,
would trigger that new detection for every single unit in /etc/systemd/system.
The reason for that is that the units directory itself is already a symlink.
Rebased-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a follow-up for f470cb6d13558fc06131dc677d54a089a0b07359 which in
turn is a follow-up for a068aceafbffcba85398cce636c25d659265087a.
The latter started to honour hidden files when deciding whether a
directory is empty. The former reverted to the old behaviour to fix
issue #23220.
It introduced a bug though: when a directory contains a larger number of
hidden entries the getdents64() buffer will not suffice to read them,
since we just allocate three entries for it (which is definitely enough
if we just ignore the . + .. entries, but not ig we ignore more).
I think it's a bit confusing that dir_is_empty() can return true even if
rmdir() on the dir would return ENOTEMPTY. Hence, let's rework the
function to make it optional whether hidden files are ignored or not.
After all, I looking at the users of this function I am pretty sure in
more cases we want to honour hidden files.
|
| |
|
|
|
|
|
|
|
|
| |
Commit https://github.com/systemd/systemd/commit/a068aceafbf
changed dir_is_emtpy_at to use FOREACH_DIRENT_IN_BUFFER instead of
FOREACH_DIRENT, but used dot_or_dotdot which just checks if the name
is literally '.' or '..' which is not enough, previous behaviour was
to ignore all hidden files, so restore that and add a test case.
Fixes https://github.com/systemd/systemd/issues/23220
|
| |\
| |
| | |
test: exclude "bdi" subsystem
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Given we have two different types for the journal object flags and the
Compression enum, let's make the latter a regular non-sparse enum, and
thus remove some surprises. We have to convert anyway between the two,
and already do via COMPRESSION_FROM_OBJECT().
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
The compression helpers are used both in journal code and in coredump
code, and there's a good chance we'll use them later for other stuff.
Let's hence move them into src/basic/, to make them a proper internal
API we can use from everywhere where that's desirable. (pstore might be
a candidate, for example)
No real code changes, just some moving around, build system
rearrangements, and stripping of journal-def.h inclusion.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The overflow check for ref counting should not be subject to NDEBUG,
hence upgrade assert() → assert_se(). (The check for zero is an
immediate bug in our code, and should be impossible to trigger, hence
it's fine if the check is optimized away if people are crazy enough to
set NDEBUG, so that can stay assert())
https://github.com/systemd/systemd/pull/23099#discussion_r854341850
|
| |\
| |
| | |
sd-bus: fix counter
|
| | | |
|
| |\ \
| | |
| | | |
Fixes for post merge review
|
| | | | |
|
