summaryrefslogtreecommitdiffstats
path: root/src/shared/condition.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* shared/condition: add missing space after 'if'Mike Yuan2024-07-011-2/+2
| | | | Follow-up for 98b1ecc9175a8bb241292f6f441a754b6759dd97
* Conditional PSI check to reflect changes done in 5.13rhellstrom2024-07-011-2/+8
| | | | | | cpu.pressure 'full' is undefined for system-wide checks since 5.13 but still reported with values set to 0 for backwards compatibility. Made changes to reflect this for system-wide checks so that the conditional comparison is not made against the 0 value and instead fall back to 'some'. https://www.kernel.org/doc/html/latest/accounting/psi.html
* tree-wise: several cleanups for loggingYu Watanabe2024-04-301-8/+8
| | | | | | | | | | | - drop unnecessary SYNTHETIC_ERRNO() when the logger does not propagate error code, - drop unnecessary '%m' in error message when the error code is specified with SYNTHETIC_ERRNO(), - add missing full stop at the end of log message, - use RET_GATHER(), - add missing ", ignoring.", - upeercase the first letter, etc., etc...
* extract-word: modernize extract_many_wordsMike Yuan2024-03-031-2/+2
|
* tree-wide: use "_" rather than "-" as separator in kernel cmdline optionsLennart Poettering2024-02-281-2/+2
| | | | | | | | | | | Most of our kernel cmdline options use underscores as word separators in kernel cmdline options, but there were some exceptions. Let's fix those, and also use underscores. Since our /proc/cmdline parsers don't distinguish between the two characters anyway this should not break anything, but makes sure our own codebase (and in particular docs and log messages) are internally consistent.
* mountpoint-util: introduce path_is_mount_point_fullMike Yuan2024-02-061-1/+1
|
* tree-wide: replace FOREACH_POINTER with FOREACH_ARGUMENTMike Yuan2024-01-241-2/+2
| | | | | The latter is more generic and while being compatible with the former.
* src/basic: rename uid-alloc-range.[ch] to uid-classification.[ch]Zbigniew Jędrzejewski-Szmek2024-01-091-1/+1
| | | | | | | | | We had both uid-range.h and uid-alloc-range.h. The latter now contains helpers like {uid,gid}_is_{system,dynamic,container}(), uid_for_system_journal(), so the existing name is outdated. I think the uid-range.[ch] should stay separate because it has a bunch of helpers for parsing and printing of uid ranges. So let's rename as in $subject to better reflect the contents of the file and make the two sets of files harder to confuse.
* condition: add ConditionSecurity=measured-ukiLennart Poettering2023-09-271-0/+3
| | | | | We have various services that should only run in a measured UKI environment. Let's add an explicit high-level check for that.
* proc-cmdline: make proc_cmdline_get_bool() take flagsYu Watanabe2023-08-091-1/+1
| | | | | | All other command line parsers takes flags. Let's make proc_cmdline_get_bool() also take flags. Though, currently, no flag is set by the caller.
* unit: add "cvm" option for ConditionSecurityDaniel P. Berrangé2023-07-061-0/+3
| | | | | | | | The "cvm" flag indicates whether the OS is running inside a confidential virtual machine. Related: https://github.com/systemd/systemd/issues/27604 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* systemd-analyze: allow --quiet for condition checksRonan Pigott2023-06-211-2/+0
| | | | | | I figure these messages are rather unnecessary, so let the user quiet them with the existing --quiet flag if desired. Makes systemd-analyze condition a little more ergonomic in scripts.
* battery-util: split out code that checks AC power state into its own .c/.h pairLennart Poettering2023-06-051-1/+1
| | | | | | | | No code change, just some splitting out of the relevant code from udev-util.[ch]. This makes sense on its own, but is also prepartion to move the code that checks for low battery state into battery-util.[ch], too.
* shared/condition: add envvar override for the check for first-bootZbigniew Jędrzejewski-Szmek2023-05-231-6/+27
| | | | | | | Before 7cd43e34c5a302ff323c013f437092d2ff5ccbbf, it was possible to use SYSTEMD_PROC_CMDLINE=systemd.condition-first-boot to override autodetection. But now this doesn't work anymore, and it's useful to be able to do that for testing.
* condition: use proc_cmdline_strv()Yu Watanabe2023-03-291-12/+5
|
* strv: move nulstr utilities to nulstr-util.[ch]Lennart Poettering2022-11-131-1/+2
| | | | | | | Let's move them out of the generic, already very long strv.[ch] module into the more specific nulst-util.[ch] No code changes.
* basic: create new basic/initrd-util.[ch] for initrd-related functionsZbigniew Jędrzejewski-Szmek2022-11-081-0/+1
| | | | | | | | | I changed imports of util.h to initrd-util.h, or added an import of initrd-util.h, to keep compilation working. It turns out that many files didn't import util.h directly. When viewing the patch, don't be confused by git rename detection logic: a new .c file is added and two functions moved into it.
* condition: Check that subsystem is enabled in ConditionSecurity=tpm2Daan De Meyer2022-11-011-5/+4
| | | | | | | | | Instead of succeeding when either the firmware reports a TPM device or we find a TPM device, let's check that the firmware reports a TPM device and the TPM subsystem is enabled in the kernel. To check whether the subsystem enabled, we check if the relevant subdirectory in /sys exists at all.
* shared/condition: avoid nss lookup in PID1Zbigniew Jędrzejewski-Szmek2022-10-121-9/+14
| | | | | | | | | | PID 1 is not allowed to do nss lookups because this may take a long time or even deadlock. While at it, the comparisons are reordered to do the "easy" comparisons which only require a string comparison first. Delay parsing of the UID until it is really necessary. The result is the same, because we know that "root" and "nobody" parse as valid.
* manager: fix/change evaluation of ConditionFirstBootZbigniew Jędrzejewski-Szmek2022-10-011-9/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The code to evaluate the kernel command line option was busted because it was doing 'return b == !!r' at a point where 'r > 0'. Thus we'd return "true" in both cases: $ SYSTEMD_PROC_CMDLINE=systemd.condition-first-boot build/systemd-analyze condition 'ConditionFirstBoot=true' test.service: ConditionFirstBoot=true succeeded. Conditions succeeded. $ SYSTEMD_PROC_CMDLINE=systemd.condition-first-boot build/systemd-analyze condition 'ConditionFirstBoot=false' test.service: ConditionFirstBoot=false succeeded. Conditions succeeded. We only use 'ConditionFirstBoot=true' in units, so this wasn't noticed. But I think the logic is broken in general: the condition should evaluate as true only during initial boot. If we rerun the units at later points, we should not consider ConditionFirstBoot to be true. Also, the first boot logic is also used in pid1 itself. AFAICT, for two things: in first boot machine-id is initialized transiently (this allows first-boot operations to be restarted if boot fails), and preset-all is executed. But this logic was different and separate from the logic to evaluate ConditionFirstBoot. The distinction is abolished, and the operations in pid1 now use the same logic as ConditionFirstBoot, which means that the kernel command line option is checked, and condition_test_first_boot() just tests whether pid1 thinks we're in first boot. This makes things easier to grok for the user: there's just one condition for "first boot" and it applies to both pid1 and units.
* condition: change ConditionKernelVersion= so that =/!= mean literal string ↵Lennart Poettering2022-09-011-1/+1
| | | | | | | | | | | | comparison, and ==/<> version comparison The only reason to do this is to ensure uniformity with the other options, that work like this, i.e. ConditionOSRelease= or ConditionSecurity=. This is a compatibility break, but a minor one, given that string comparison and version comparison is mostly the same for equality and inequality.
* condition: allow literal string compares in SMBIOS conditionLennart Poettering2022-09-011-1/+1
| | | | | | | | | | | This ensures that "=" and "!=" are now interpreted as literal string compares, and "==" and "<>" are for version compares. This is not a compat break, since the SMBIOS stuff has not been included in any release yet. Main reason to do this, is to be systematic with the other conditions that check for text stuff.
* condition: allow fnmatch() matches in ConditionKernelVersion=Lennart Poettering2022-09-011-22/+22
| | | | | | This is mostly to make things systematic, and brings no new functionality, as not specifying any operator is identical to prefixing with =$ anyway.
* compare: add macro for operator charsetLennart Poettering2022-09-011-2/+2
|
* condition: allow fnmatch compares for ConditionOSRelease=Lennart Poettering2022-09-011-2/+2
| | | | | We support this for smbios matches, hence do so for /etc/os-release matches too.
* compare: add flag for parse_compare_operator() to do equality/inequality ↵Lennart Poettering2022-09-011-11/+5
| | | | | | | comparison via simple string compares This allows us to switch condition_test_osrelease() to use generic version_or_fnmatch_compare() for executing the comparison.
* compare: add a proper flags field for parse_compare_operator()Lennart Poettering2022-09-011-5/+5
|
* comapre: add generic implementation for comapring with verscmp+fnmatchLennart Poettering2022-09-011-5/+1
|
* compare: move test_order() → compare-operator.[ch]Lennart Poettering2022-09-011-27/+0
|
* condition: split out order operator enumLennart Poettering2022-09-011-77/+33
| | | | | | | | | | Let's move the operator enum into its own .c/.h file, so that we can reuse it elsewhere, in particular systemd-analyze's compare-versions logic. Let's rename the concept CompareOperator, since it is nowadays genericlaly about both order *and* fnmatch comparisons, hence just naming it "order" is misleading.
* condition: properly handle fnmatch() errors in ConditionHostLennart Poettering2022-08-311-1/+7
|
* condition: fix device-tree firmware pathDaniel Braunwarth2022-08-291-2/+2
| | | | | | | | | The path /sys/firmware/device-tree doesn't exist. This should be either /proc/device-tree or /sys/firmware/devicetree. The first path is only a link. So lets use the second path. See https://github.com/torvalds/linux/blob/v4.14/drivers/of/base.c#L218.
* condition: check for last not first ')' in firmware test expressionsLennart Poettering2022-08-261-2/+2
| | | | | | | | I possess a machine with ')' in its BIOS version string, which will cause the current parser to mistake it as the closing ')' of the smbios-fields() expression. Let's make sure we always fo for the last, not the first ')', hence.
* pid1: extend "ConditionFirmware=" for checking SMBIOS system identification ↵Daniel Braunwarth2022-08-251-14/+93
| | | | information
* tree-wide: fix typoYu Watanabe2022-07-201-1/+1
|
* pid1: add mechanism for conditionalizing units/network/netdev/link based on ↵Lennart Poettering2022-07-151-0/+44
| | | | | | | credentials passed in This is useful when provisioning systems via nspawn/qemu and running specific services only if specific data is passed into the system.
* shared/condition: accept size suffixes for ConditionMemoryZbigniew Jędrzejewski-Szmek2022-06-101-2/+2
| | | | Fixes #23697.
* shared/condition: reduce scope of variablesZbigniew Jędrzejewski-Szmek2022-06-071-18/+7
|
* stat-util: fix dir_is_empty() with hidden/backup filesLennart Poettering2022-05-041-1/+1
| | | | | | | | | | | | | | | | | | | | This is a follow-up for f470cb6d13558fc06131dc677d54a089a0b07359 which in turn is a follow-up for a068aceafbffcba85398cce636c25d659265087a. The latter started to honour hidden files when deciding whether a directory is empty. The former reverted to the old behaviour to fix issue #23220. It introduced a bug though: when a directory contains a larger number of hidden entries the getdents64() buffer will not suffice to read them, since we just allocate three entries for it (which is definitely enough if we just ignore the . + .. entries, but not ig we ignore more). I think it's a bit confusing that dir_is_empty() can return true even if rmdir() on the dir would return ENOTEMPTY. Hence, let's rework the function to make it optional whether hidden files are ignored or not. After all, I looking at the users of this function I am pretty sure in more cases we want to honour hidden files.
* condition: rework ConditionSecurity=tpm2 check on top of tpm2_support()Lennart Poettering2022-04-201-21/+7
| | | | No change in behaviour. Let's just use our new helper here.
* tree-wide: use 'Architecture' type consistently across the treeLennart Poettering2022-04-041-1/+1
| | | | | | | Some parts of our tree used 'Architecture' for storing architectures, others used ints. Let's unify on the former. Inspired by #22952's rework of the 'Virtualization' enum.
* virt: make virtualization enum a named typeLennart Poettering2022-04-041-2/+3
| | | | | | | | These days we have a mechanism for safely returning errnos in enum types, via definining -ERRNO_MAX as one special enu value. Let's use that for Virtualization. No change in behaviour, just some typesafety improvement.
* Merge pull request #22649 from ↵Zbigniew Jędrzejewski-Szmek2022-03-291-1/+2
|\ | | | | | | | | keszybz/symlink-enablement-yet-again-punish-me-harder Fixups to the unit enablement logic
| * systemctl: fix silent failure when --root is not foundZbigniew Jędrzejewski-Szmek2022-03-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some calls to lookup_path_init() were not followed by any log emission. E.g.: $ SYSTEMD_LOG_LEVEL=debug systemctl --root=/missing enable unit; echo $? 1 Let's add a helper function and use it in various places. $ SYSTEMD_LOG_LEVEL=debug build/systemctl --root=/missing enable unit; echo $? Failed to initialize unit search paths for root directory /missing: No such file or directory 1 $ SYSTEMCTL_SKIP_SYSV=1 build/systemctl --root=/missing enable unit; echo $? Failed to initialize unit search paths for root directory /missing: No such file or directory Failed to enable: No such file or directory. 1 The repeated error in the second case is not very nice, but this is a niche case and I don't think it's worth the trouble to trying to avoid it.
* | efi-loader: split efi-api.[ch] from efi-loader.[ch]Lennart Poettering2022-03-241-1/+1
|/ | | | | | | | | | | | | | Some refactoring: split efi-loader.[ch] in two: isolate the calls that implement out boot loader interface spec, and those which implement access to upstream UEFI firmware features. They are quite different in nature and behaviour, and even semantically it makes to keep these two separate. At the very least because the previous name "efi-loader.[ch]" suggests all was about loader-specific APIs, but much of it is generic uefi stuff... While we are at it, I renamed a bunch of return parameters to follow our usual ret_xyz naming. But besides renaming no real code changes.
* strv: make iterator in STRV_FOREACH() declaread in the loopYu Watanabe2022-03-191-1/+0
| | | | This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
* list: make LIST_FOREACH() and LIST_FOREACH_BACKWARDS() saferYu Watanabe2022-03-191-1/+1
|
* list: declare iterator of LIST_FOREACH() in the loopYu Watanabe2022-03-191-5/+0
|
* util: move on_ac_power() from util.c -> udev-util.cYu Watanabe2022-01-061-1/+1
|
* core: support user manager with Condition[Memory/CPU/IO]PressureLuca Boccassi2021-12-021-3/+24
| | | | | | | | | | Get the cgroup root path from the current PID, so that when ran by the user manager we can get to the right path. Eg: foo.slice:10% will check under: /sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/foo.slice/cpu.pressure Follow-up for 81513b382b24a7f3602987f71042d075ca27d1a5