diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-06-27 13:23:08 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-07-08 16:37:23 +0200 |
commit | cbc056c81967edd0ba8f0f1d49a13414e7e9630b (patch) | |
tree | 0380c40e405db856af9f78b0fd971b3c407970a7 | |
parent | 2e2f6a01a008156ed457040c4757fa541be4a055 (diff) | |
download | systemd-cbc056c81967edd0ba8f0f1d49a13414e7e9630b.tar.gz |
core: wrap some long lines and other formatting changes
-rw-r--r-- | src/core/namespace.c | 116 | ||||
-rw-r--r-- | src/core/service.c | 6 |
2 files changed, 80 insertions, 42 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c index b2bbcf58f2..56f19c738c 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -649,13 +649,15 @@ add_symlink: return 0; /* Create symlinks like /dev/char/1:9 → ../urandom */ - if (asprintf(&sl, "%s/dev/%s/%u:%u", temporary_mount, S_ISCHR(st.st_mode) ? "char" : "block", major(st.st_rdev), minor(st.st_rdev)) < 0) + if (asprintf(&sl, "%s/dev/%s/%u:%u", + temporary_mount, + S_ISCHR(st.st_mode) ? "char" : "block", + major(st.st_rdev), minor(st.st_rdev)) < 0) return log_oom(); (void) mkdir_parents(sl, 0755); t = strjoina("../", bn); - if (symlink(t, sl) < 0) log_debug_errno(errno, "Failed to symlink '%s' to '%s', ignoring: %m", t, sl); @@ -935,7 +937,8 @@ static int apply_mount( if (errno == ENOENT && m->ignore) return 0; - return log_debug_errno(errno, "Failed to lstat() %s to determine what to mount over it: %m", mount_entry_path(m)); + return log_debug_errno(errno, "Failed to lstat() %s to determine what to mount over it: %m", + mount_entry_path(m)); } if (geteuid() == 0) @@ -962,8 +965,10 @@ static int apply_mount( if (r == -ENOENT && m->ignore) return 0; if (r < 0) - return log_debug_errno(r, "Failed to determine whether %s is already a mount point: %m", mount_entry_path(m)); - if (r > 0) /* Nothing to do here, it is already a mount. We just later toggle the MS_RDONLY bit for the mount point if needed. */ + return log_debug_errno(r, "Failed to determine whether %s is already a mount point: %m", + mount_entry_path(m)); + if (r > 0) /* Nothing to do here, it is already a mount. We just later toggle the MS_RDONLY + * bit for the mount point if needed. */ return 0; /* This isn't a mount point yet, let's make it one. */ what = mount_entry_path(m); @@ -976,9 +981,9 @@ static int apply_mount( case BIND_MOUNT_RECURSIVE: { _cleanup_free_ char *chased = NULL; - /* Since mount() will always follow symlinks we chase the symlinks on our own first. Note that bind - * mount source paths are always relative to the host root, hence we pass NULL as root directory to - * chase_symlinks() here. */ + /* Since mount() will always follow symlinks we chase the symlinks on our own first. Note + * that bind mount source paths are always relative to the host root, hence we pass NULL as + * root directory to chase_symlinks() here. */ r = chase_symlinks(mount_entry_source(m), NULL, CHASE_TRAIL_SLASH, &chased, NULL); if (r == -ENOENT && m->ignore) { @@ -1031,7 +1036,8 @@ static int apply_mount( if (r == -ENOENT && make) { struct stat st; - /* Hmm, either the source or the destination are missing. Let's see if we can create the destination, then try again */ + /* Hmm, either the source or the destination are missing. Let's see if we can create + the destination, then try again. */ if (stat(what, &st) < 0) log_error_errno(errno, "Mount point source '%s' is not accessible: %m", what); @@ -1046,7 +1052,8 @@ static int apply_mount( q = touch(mount_entry_path(m)); if (q < 0) - log_error_errno(q, "Failed to create destination mount point node '%s': %m", mount_entry_path(m)); + log_error_errno(q, "Failed to create destination mount point node '%s': %m", + mount_entry_path(m)); else try_again = true; } @@ -1302,16 +1309,35 @@ int setup_namespace( if (r < 0) return log_debug_errno(r, "Failed to create loop device for root image: %m"); - r = verity_metadata_load(root_image, root_hash_path, root_hash ? NULL : &root_hash_decoded, root_hash ? NULL : &root_hash_size, root_verity ? NULL : &verity_data, root_hash_sig || root_hash_sig_path ? NULL : &hash_sig_path); + r = verity_metadata_load(root_image, + root_hash_path, + root_hash ? NULL : &root_hash_decoded, + root_hash ? NULL : &root_hash_size, + root_verity ? NULL : &verity_data, + root_hash_sig || root_hash_sig_path ? NULL : &hash_sig_path); if (r < 0) return log_debug_errno(r, "Failed to load root hash: %m"); dissect_image_flags |= root_verity || verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0; - r = dissect_image(loop_device->fd, root_hash ?: root_hash_decoded, root_hash_size, root_verity ?: verity_data, dissect_image_flags, &dissected_image); + r = dissect_image(loop_device->fd, + root_hash ?: root_hash_decoded, + root_hash_size, + root_verity ?: verity_data, + dissect_image_flags, + &dissected_image); if (r < 0) return log_debug_errno(r, "Failed to dissect image: %m"); - r = dissected_image_decrypt(dissected_image, NULL, root_hash ?: root_hash_decoded, root_hash_size, root_verity ?: verity_data, root_hash_sig_path ?: hash_sig_path, root_hash_sig, root_hash_sig_size, dissect_image_flags, &decrypted_image); + r = dissected_image_decrypt(dissected_image, + NULL, + root_hash ?: root_hash_decoded, + root_hash_size, + root_verity ?: verity_data, + root_hash_sig_path ?: hash_sig_path, + root_hash_sig, + root_hash_sig_size, + dissect_image_flags, + &decrypted_image); if (r < 0) return log_debug_errno(r, "Failed to decrypt dissected image: %m"); } @@ -1396,19 +1422,28 @@ int setup_namespace( } if (ns_info->protect_kernel_tunables) { - r = append_static_mounts(&m, protect_kernel_tunables_table, ELEMENTSOF(protect_kernel_tunables_table), ns_info->ignore_protect_paths); + r = append_static_mounts(&m, + protect_kernel_tunables_table, + ELEMENTSOF(protect_kernel_tunables_table), + ns_info->ignore_protect_paths); if (r < 0) goto finish; } if (ns_info->protect_kernel_modules) { - r = append_static_mounts(&m, protect_kernel_modules_table, ELEMENTSOF(protect_kernel_modules_table), ns_info->ignore_protect_paths); + r = append_static_mounts(&m, + protect_kernel_modules_table, + ELEMENTSOF(protect_kernel_modules_table), + ns_info->ignore_protect_paths); if (r < 0) goto finish; } if (ns_info->protect_kernel_logs) { - r = append_static_mounts(&m, protect_kernel_logs_table, ELEMENTSOF(protect_kernel_logs_table), ns_info->ignore_protect_paths); + r = append_static_mounts(&m, + protect_kernel_logs_table, + ELEMENTSOF(protect_kernel_logs_table), + ns_info->ignore_protect_paths); if (r < 0) goto finish; } @@ -1429,7 +1464,10 @@ int setup_namespace( goto finish; if (namespace_info_mount_apivfs(ns_info)) { - r = append_static_mounts(&m, apivfs_table, ELEMENTSOF(apivfs_table), ns_info->ignore_protect_paths); + r = append_static_mounts(&m, + apivfs_table, + ELEMENTSOF(apivfs_table), + ns_info->ignore_protect_paths); if (r < 0) goto finish; } @@ -1477,10 +1515,10 @@ int setup_namespace( if (unshare(CLONE_NEWNS) < 0) { r = log_debug_errno(errno, "Failed to unshare the mount namespace: %m"); if (IN_SET(r, -EACCES, -EPERM, -EOPNOTSUPP, -ENOSYS)) - /* If the kernel doesn't support namespaces, or when there's a MAC or seccomp filter in place - * that doesn't allow us to create namespaces (or a missing cap), then propagate a recognizable - * error back, which the caller can use to detect this case (and only this) and optionally - * continue without namespacing applied. */ + /* If the kernel doesn't support namespaces, or when there's a MAC or seccomp filter + * in place that doesn't allow us to create namespaces (or a missing cap), then + * propagate a recognizable error back, which the caller can use to detect this case + * (and only this) and optionally continue without namespacing applied. */ r = -ENOANO; goto finish; @@ -1544,8 +1582,8 @@ int setup_namespace( _cleanup_free_ char **deny_list = NULL; size_t j; - /* Open /proc/self/mountinfo now as it may become unavailable if we mount anything on top of /proc. - * For example, this is the case with the option: 'InaccessiblePaths=/proc' */ + /* Open /proc/self/mountinfo now as it may become unavailable if we mount anything on top of + * /proc. For example, this is the case with the option: 'InaccessiblePaths=/proc'. */ proc_self_mountinfo = fopen("/proc/self/mountinfo", "re"); if (!proc_self_mountinfo) { r = log_debug_errno(errno, "Failed to open /proc/self/mountinfo: %m"); @@ -1570,10 +1608,10 @@ int setup_namespace( goto finish; } if (r == 0) { - /* We hit a symlinked mount point. The entry got rewritten and might point to a - * very different place now. Let's normalize the changed list, and start from - * the beginning. After all to mount the entry at the new location we might - * need some other mounts first */ + /* We hit a symlinked mount point. The entry got rewritten and might + * point to a very different place now. Let's normalize the changed + * list, and start from the beginning. After all to mount the entry + * at the new location we might need some other mounts first */ again = true; break; } @@ -1978,31 +2016,31 @@ bool ns_type_supported(NamespaceType type) { } static const char *const protect_home_table[_PROTECT_HOME_MAX] = { - [PROTECT_HOME_NO] = "no", - [PROTECT_HOME_YES] = "yes", + [PROTECT_HOME_NO] = "no", + [PROTECT_HOME_YES] = "yes", [PROTECT_HOME_READ_ONLY] = "read-only", - [PROTECT_HOME_TMPFS] = "tmpfs", + [PROTECT_HOME_TMPFS] = "tmpfs", }; DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(protect_home, ProtectHome, PROTECT_HOME_YES); static const char *const protect_system_table[_PROTECT_SYSTEM_MAX] = { - [PROTECT_SYSTEM_NO] = "no", - [PROTECT_SYSTEM_YES] = "yes", - [PROTECT_SYSTEM_FULL] = "full", + [PROTECT_SYSTEM_NO] = "no", + [PROTECT_SYSTEM_YES] = "yes", + [PROTECT_SYSTEM_FULL] = "full", [PROTECT_SYSTEM_STRICT] = "strict", }; DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(protect_system, ProtectSystem, PROTECT_SYSTEM_YES); static const char* const namespace_type_table[] = { - [NAMESPACE_MOUNT] = "mnt", + [NAMESPACE_MOUNT] = "mnt", [NAMESPACE_CGROUP] = "cgroup", - [NAMESPACE_UTS] = "uts", - [NAMESPACE_IPC] = "ipc", - [NAMESPACE_USER] = "user", - [NAMESPACE_PID] = "pid", - [NAMESPACE_NET] = "net", + [NAMESPACE_UTS] = "uts", + [NAMESPACE_IPC] = "ipc", + [NAMESPACE_USER] = "user", + [NAMESPACE_PID] = "pid", + [NAMESPACE_NET] = "net", }; DEFINE_STRING_TABLE_LOOKUP(namespace_type, NamespaceType); diff --git a/src/core/service.c b/src/core/service.c index 3daf21296a..4813ce938d 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -2132,9 +2132,9 @@ static void service_enter_start(Service *s) { if (!c) { if (s->type != SERVICE_ONESHOT) { - /* There's no command line configured for the main command? Hmm, that is strange. This can only - * happen if the configuration changes at runtime. In this case, let's enter a failure - * state. */ + /* There's no command line configured for the main command? Hmm, that is strange. + * This can only happen if the configuration changes at runtime. In this case, + * let's enter a failure state. */ log_unit_error(UNIT(s), "There's no 'start' task anymore we could start."); r = -ENXIO; goto fail; |