diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:18:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:18:14 +0000 |
| commit | 67c5de60daa85b91fa68be4157e248fa31e75316 (patch) | |
| tree | 7d567f3360f705ac21600343ef7f7cea645a9222 /src/shared | |
| parent | Adding upstream version 256.1. (diff) | |
| download | systemd-67c5de60daa85b91fa68be4157e248fa31e75316.tar.xz systemd-67c5de60daa85b91fa68be4157e248fa31e75316.zip | |
Adding upstream version 256.2.upstream/256.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/shared')
| -rw-r--r-- | src/shared/bus-polkit.c | 12 | ||||
| -rw-r--r-- | src/shared/bus-polkit.h | 1 | ||||
| -rw-r--r-- | src/shared/condition.c | 10 | ||||
| -rw-r--r-- | src/shared/mkfs-util.c | 9 | ||||
| -rw-r--r-- | src/shared/parse-helpers.c | 19 | ||||
| -rw-r--r-- | src/shared/parse-helpers.h | 11 | ||||
| -rw-r--r-- | src/shared/pretty-print.c | 7 | ||||
| -rw-r--r-- | src/shared/ptyfwd.c | 16 | ||||
| -rw-r--r-- | src/shared/ptyfwd.h | 2 | ||||
| -rw-r--r-- | src/shared/seccomp-util.c | 56 | ||||
| -rw-r--r-- | src/shared/seccomp-util.h | 1 |
11 files changed, 102 insertions, 42 deletions
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c index 0382d0b..58cffb6 100644 --- a/src/shared/bus-polkit.c +++ b/src/shared/bus-polkit.c @@ -786,11 +786,13 @@ int varlink_verify_polkit_async_full( if (r != 0) log_debug("Found matching previous polkit authentication for '%s'.", action); if (r < 0) { - /* Reply with a nice error */ - if (sd_bus_error_has_name(&error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED)) - (void) varlink_error(link, VARLINK_ERROR_INTERACTIVE_AUTHENTICATION_REQUIRED, NULL); - else if (ERRNO_IS_NEG_PRIVILEGE(r)) - (void) varlink_error(link, VARLINK_ERROR_PERMISSION_DENIED, NULL); + if (!FLAGS_SET(flags, POLKIT_DONT_REPLY)) { + /* Reply with a nice error */ + if (sd_bus_error_has_name(&error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED)) + (void) varlink_error(link, VARLINK_ERROR_INTERACTIVE_AUTHENTICATION_REQUIRED, NULL); + else if (ERRNO_IS_NEG_PRIVILEGE(r)) + (void) varlink_error(link, VARLINK_ERROR_PERMISSION_DENIED, NULL); + } return r; } diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h index f3741b2..e0999bc 100644 --- a/src/shared/bus-polkit.h +++ b/src/shared/bus-polkit.h @@ -11,6 +11,7 @@ typedef enum PolkitFLags { POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */ POLKIT_ALWAYS_QUERY = 1 << 1, /* Query polkit even if client is privileged */ POLKIT_DEFAULT_ALLOW = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */ + POLKIT_DONT_REPLY = 1 << 3, /* Varlink: don't immediately propagate polkit error to the Varlink client */ } PolkitFlags; int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); diff --git a/src/shared/condition.c b/src/shared/condition.c index b53b2ef..1f72ba8 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -1009,6 +1009,7 @@ static int condition_test_psi(Condition *c, char **env) { loadavg_t *current, limit; ResourcePressure pressure; int r; + PressureType preferred_pressure_type = PRESSURE_TYPE_FULL; assert(c); assert(c->parameter); @@ -1029,6 +1030,10 @@ static int condition_test_psi(Condition *c, char **env) { return log_debug_errno(r < 0 ? r : SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s: %m", c->parameter); /* If only one parameter is passed, then we look at the global system pressure rather than a specific cgroup. */ if (r == 1) { + /* cpu.pressure 'full' is reported but undefined at system level */ + if(c->type == CONDITION_CPU_PRESSURE) + preferred_pressure_type = PRESSURE_TYPE_SOME; + pressure_path = path_join("/proc/pressure", pressure_type); if (!pressure_path) return log_oom_debug(); @@ -1133,8 +1138,9 @@ static int condition_test_psi(Condition *c, char **env) { if (r < 0) return log_debug_errno(r, "Failed to parse loadavg: %s", c->parameter); - r = read_resource_pressure(pressure_path, PRESSURE_TYPE_FULL, &pressure); - if (r == -ENODATA) /* cpu.pressure 'full' was added recently, fall back to 'some'. */ + r = read_resource_pressure(pressure_path, preferred_pressure_type, &pressure); + /* cpu.pressure 'full' was recently added at cgroup level, fall back to 'some' */ + if (r == -ENODATA && preferred_pressure_type == PRESSURE_TYPE_FULL) r = read_resource_pressure(pressure_path, PRESSURE_TYPE_SOME, &pressure); if (r == -ENOENT) { /* We already checked that /proc/pressure exists, so this means we were given a cgroup diff --git a/src/shared/mkfs-util.c b/src/shared/mkfs-util.c index 4d44012..14bf82b 100644 --- a/src/shared/mkfs-util.c +++ b/src/shared/mkfs-util.c @@ -461,6 +461,15 @@ int make_filesystem( if (quiet) stdio_fds[1] = -EBADF; + if (sector_size > 0) { + if (strv_extend(&argv, "--sectorsize") < 0) + return log_oom(); + + /* mkfs.btrfs expects a sector size of at least 4k bytes. */ + if (strv_extendf(&argv, "%"PRIu64, MAX(sector_size, 4 * U64_KB)) < 0) + return log_oom(); + } + } else if (streq(fstype, "f2fs")) { argv = strv_new(mkfs, "-g", /* "default options" */ diff --git a/src/shared/parse-helpers.c b/src/shared/parse-helpers.c index ca6842d..63f592d 100644 --- a/src/shared/parse-helpers.c +++ b/src/shared/parse-helpers.c @@ -10,6 +10,22 @@ #include "path-util.h" #include "utf8.h" +static bool validate_api_vfs(const char *path, PathSimplifyWarnFlags flags) { + + assert(path); + + if ((flags & (PATH_CHECK_NON_API_VFS|PATH_CHECK_NON_API_VFS_DEV_OK)) == 0) + return true; + + if (!path_below_api_vfs(path)) + return true; + + if (FLAGS_SET(flags, PATH_CHECK_NON_API_VFS_DEV_OK) && path_startswith(path, "/dev")) + return true; + + return false; +} + int path_simplify_and_warn( char *path, PathSimplifyWarnFlags flags, @@ -23,6 +39,7 @@ int path_simplify_and_warn( assert(path); assert(!FLAGS_SET(flags, PATH_CHECK_ABSOLUTE | PATH_CHECK_RELATIVE)); + assert(!FLAGS_SET(flags, PATH_CHECK_NON_API_VFS | PATH_CHECK_NON_API_VFS_DEV_OK)); assert(lvalue); if (!utf8_is_valid(path)) @@ -56,7 +73,7 @@ int path_simplify_and_warn( "%s= path is not normalized%s: %s", lvalue, fatal ? "" : ", ignoring", path); - if (FLAGS_SET(flags, PATH_CHECK_NON_API_VFS) && path_below_api_vfs(path)) + if (!validate_api_vfs(path, flags)) return log_syntax(unit, level, filename, line, SYNTHETIC_ERRNO(EINVAL), "%s= path is below API VFS%s: %s", lvalue, fatal ? ", refusing" : ", ignoring", diff --git a/src/shared/parse-helpers.h b/src/shared/parse-helpers.h index 6d1034b..29ab60f 100644 --- a/src/shared/parse-helpers.h +++ b/src/shared/parse-helpers.h @@ -4,11 +4,12 @@ #include <stdint.h> typedef enum PathSimplifyWarnFlags { - PATH_CHECK_FATAL = 1 << 0, /* If not set, then error message is appended with 'ignoring'. */ - PATH_CHECK_ABSOLUTE = 1 << 1, - PATH_CHECK_RELATIVE = 1 << 2, - PATH_KEEP_TRAILING_SLASH = 1 << 3, - PATH_CHECK_NON_API_VFS = 1 << 4, + PATH_CHECK_FATAL = 1 << 0, /* If not set, then error message is appended with 'ignoring'. */ + PATH_CHECK_ABSOLUTE = 1 << 1, + PATH_CHECK_RELATIVE = 1 << 2, + PATH_KEEP_TRAILING_SLASH = 1 << 3, + PATH_CHECK_NON_API_VFS = 1 << 4, + PATH_CHECK_NON_API_VFS_DEV_OK = 1 << 5, } PathSimplifyWarnFlags; int path_simplify_and_warn( diff --git a/src/shared/pretty-print.c b/src/shared/pretty-print.c index c75f74a..4692a6a 100644 --- a/src/shared/pretty-print.c +++ b/src/shared/pretty-print.c @@ -17,6 +17,7 @@ #include "string-util.h" #include "strv.h" #include "terminal-util.h" +#include "utf8.h" void draw_cylon(char buffer[], size_t buflen, unsigned width, unsigned pos) { char *p = buffer; @@ -467,8 +468,8 @@ void draw_progress_bar(const char *prefix, double percentage) { if (!terminal_is_dumb()) { size_t cols = columns(); - size_t prefix_length = strlen_ptr(prefix); - size_t length = cols > prefix_length + 6 ? cols - prefix_length - 6 : 0; + size_t prefix_width = utf8_console_width(prefix); + size_t length = cols > prefix_width + 6 ? cols - prefix_width - 6 : 0; if (length > 5 && percentage >= 0.0 && percentage <= 100.0) { size_t p = (size_t) (length * percentage / 100.0); @@ -519,7 +520,7 @@ void clear_progress_bar(const char *prefix) { fputc('\r', stderr); if (terminal_is_dumb()) - fputs(strrepa(" ", strlen_ptr(prefix) + 4), /* 4: %3.0f%% */ + fputs(strrepa(" ", utf8_console_width(prefix) + 4), /* 4: %3.0f%% */ stderr); else fputs(ANSI_ERASE_TO_END_OF_LINE, stderr); diff --git a/src/shared/ptyfwd.c b/src/shared/ptyfwd.c index 998ce96..842aef9 100644 --- a/src/shared/ptyfwd.c +++ b/src/shared/ptyfwd.c @@ -17,6 +17,7 @@ #include "sd-event.h" #include "alloc-util.h" +#include "env-util.h" #include "errno-util.h" #include "extract-word.h" #include "fd-util.h" @@ -367,6 +368,21 @@ static int insert_background_fix(PTYForward *f, size_t offset) { return insert_string(f, offset, s); } +bool shall_set_terminal_title(void) { + static int cache = -1; + + if (cache >= 0) + return cache; + + cache = getenv_bool("SYSTEMD_ADJUST_TERMINAL_TITLE"); + if (cache == -ENXIO) + return (cache = true); + if (cache < 0) + log_debug_errno(cache, "Failed to parse $SYSTEMD_ADJUST_TERMINAL_TITLE, leaving terminal title setting enabled: %m"); + + return cache != 0; +} + static int insert_window_title_fix(PTYForward *f, size_t offset) { assert(f); diff --git a/src/shared/ptyfwd.h b/src/shared/ptyfwd.h index 248646d..b86027e 100644 --- a/src/shared/ptyfwd.h +++ b/src/shared/ptyfwd.h @@ -50,4 +50,6 @@ int pty_forward_set_titlef(PTYForward *f, const char *format, ...) _printf_(2,3) int pty_forward_set_title_prefix(PTYForward *f, const char *prefix); +bool shall_set_terminal_title(void); + DEFINE_TRIVIAL_CLEANUP_FUNC(PTYForward*, pty_forward_free); diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 2469e24..d31d6b4 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -2030,39 +2030,43 @@ int parse_syscall_archs(char **l, Set **ret_archs) { return 0; } -int seccomp_filter_set_add(Hashmap *filter, bool add, const SyscallFilterSet *set) { - int r; +int seccomp_filter_set_add_by_name(Hashmap *filter, bool add, const char *name) { + assert(filter); + assert(name); - assert(set); + if (name[0] == '@') { + const SyscallFilterSet *more; - NULSTR_FOREACH(i, set->value) { + more = syscall_filter_set_find(name); + if (!more) + return -ENXIO; - if (i[0] == '@') { - const SyscallFilterSet *more; + return seccomp_filter_set_add(filter, add, more); + } - more = syscall_filter_set_find(i); - if (!more) - return -ENXIO; + int id = seccomp_syscall_resolve_name(name); + if (id == __NR_SCMP_ERROR) { + log_debug("System call %s is not known, ignoring.", name); + return 0; + } - r = seccomp_filter_set_add(filter, add, more); - if (r < 0) - return r; - } else { - int id; + if (add) + return hashmap_put(filter, INT_TO_PTR(id + 1), INT_TO_PTR(-1)); - id = seccomp_syscall_resolve_name(i); - if (id == __NR_SCMP_ERROR) { - log_debug("System call %s is not known, ignoring.", i); - continue; - } + (void) hashmap_remove(filter, INT_TO_PTR(id + 1)); + return 0; +} - if (add) { - r = hashmap_put(filter, INT_TO_PTR(id + 1), INT_TO_PTR(-1)); - if (r < 0) - return r; - } else - (void) hashmap_remove(filter, INT_TO_PTR(id + 1)); - } +int seccomp_filter_set_add(Hashmap *filter, bool add, const SyscallFilterSet *set) { + int r; + + assert(filter); + assert(set); + + NULSTR_FOREACH(i, set->value) { + r = seccomp_filter_set_add_by_name(filter, add, i); + if (r < 0) + return r; } return 0; diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index 7583357..7be1117 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -70,6 +70,7 @@ extern const SyscallFilterSet syscall_filter_sets[]; const SyscallFilterSet *syscall_filter_set_find(const char *name); +int seccomp_filter_set_add_by_name(Hashmap *s, bool b, const char *name); int seccomp_filter_set_add(Hashmap *s, bool b, const SyscallFilterSet *set); int seccomp_add_syscall_filter_item( |