summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2020-06-27 13:23:08 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2020-07-08 16:37:23 +0200
commitcbc056c81967edd0ba8f0f1d49a13414e7e9630b (patch)
tree0380c40e405db856af9f78b0fd971b3c407970a7
parent2e2f6a01a008156ed457040c4757fa541be4a055 (diff)
downloadsystemd-cbc056c81967edd0ba8f0f1d49a13414e7e9630b.tar.gz
core: wrap some long lines and other formatting changes
Diffstat
-rw-r--r--src/core/namespace.c116
-rw-r--r--src/core/service.c6
2 files changed, 80 insertions, 42 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c
index b2bbcf58f2..56f19c738c 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -649,13 +649,15 @@ add_symlink:
return 0;
/* Create symlinks like /dev/char/1:9 → ../urandom */
- if (asprintf(&sl, "%s/dev/%s/%u:%u", temporary_mount, S_ISCHR(st.st_mode) ? "char" : "block", major(st.st_rdev), minor(st.st_rdev)) < 0)
+ if (asprintf(&sl, "%s/dev/%s/%u:%u",
+ temporary_mount,
+ S_ISCHR(st.st_mode) ? "char" : "block",
+ major(st.st_rdev), minor(st.st_rdev)) < 0)
return log_oom();
(void) mkdir_parents(sl, 0755);
t = strjoina("../", bn);
-
if (symlink(t, sl) < 0)
log_debug_errno(errno, "Failed to symlink '%s' to '%s', ignoring: %m", t, sl);
@@ -935,7 +937,8 @@ static int apply_mount(
if (errno == ENOENT && m->ignore)
return 0;
- return log_debug_errno(errno, "Failed to lstat() %s to determine what to mount over it: %m", mount_entry_path(m));
+ return log_debug_errno(errno, "Failed to lstat() %s to determine what to mount over it: %m",
+ mount_entry_path(m));
}
if (geteuid() == 0)
@@ -962,8 +965,10 @@ static int apply_mount(
if (r == -ENOENT && m->ignore)
return 0;
if (r < 0)
- return log_debug_errno(r, "Failed to determine whether %s is already a mount point: %m", mount_entry_path(m));
- if (r > 0) /* Nothing to do here, it is already a mount. We just later toggle the MS_RDONLY bit for the mount point if needed. */
+ return log_debug_errno(r, "Failed to determine whether %s is already a mount point: %m",
+ mount_entry_path(m));
+ if (r > 0) /* Nothing to do here, it is already a mount. We just later toggle the MS_RDONLY
+ * bit for the mount point if needed. */
return 0;
/* This isn't a mount point yet, let's make it one. */
what = mount_entry_path(m);
@@ -976,9 +981,9 @@ static int apply_mount(
case BIND_MOUNT_RECURSIVE: {
_cleanup_free_ char *chased = NULL;
- /* Since mount() will always follow symlinks we chase the symlinks on our own first. Note that bind
- * mount source paths are always relative to the host root, hence we pass NULL as root directory to
- * chase_symlinks() here. */
+ /* Since mount() will always follow symlinks we chase the symlinks on our own first. Note
+ * that bind mount source paths are always relative to the host root, hence we pass NULL as
+ * root directory to chase_symlinks() here. */
r = chase_symlinks(mount_entry_source(m), NULL, CHASE_TRAIL_SLASH, &chased, NULL);
if (r == -ENOENT && m->ignore) {
@@ -1031,7 +1036,8 @@ static int apply_mount(
if (r == -ENOENT && make) {
struct stat st;
- /* Hmm, either the source or the destination are missing. Let's see if we can create the destination, then try again */
+ /* Hmm, either the source or the destination are missing. Let's see if we can create
+ the destination, then try again. */
if (stat(what, &st) < 0)
log_error_errno(errno, "Mount point source '%s' is not accessible: %m", what);
@@ -1046,7 +1052,8 @@ static int apply_mount(
q = touch(mount_entry_path(m));
if (q < 0)
- log_error_errno(q, "Failed to create destination mount point node '%s': %m", mount_entry_path(m));
+ log_error_errno(q, "Failed to create destination mount point node '%s': %m",
+ mount_entry_path(m));
else
try_again = true;
}
@@ -1302,16 +1309,35 @@ int setup_namespace(
if (r < 0)
return log_debug_errno(r, "Failed to create loop device for root image: %m");
- r = verity_metadata_load(root_image, root_hash_path, root_hash ? NULL : &root_hash_decoded, root_hash ? NULL : &root_hash_size, root_verity ? NULL : &verity_data, root_hash_sig || root_hash_sig_path ? NULL : &hash_sig_path);
+ r = verity_metadata_load(root_image,
+ root_hash_path,
+ root_hash ? NULL : &root_hash_decoded,
+ root_hash ? NULL : &root_hash_size,
+ root_verity ? NULL : &verity_data,
+ root_hash_sig || root_hash_sig_path ? NULL : &hash_sig_path);
if (r < 0)
return log_debug_errno(r, "Failed to load root hash: %m");
dissect_image_flags |= root_verity || verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
- r = dissect_image(loop_device->fd, root_hash ?: root_hash_decoded, root_hash_size, root_verity ?: verity_data, dissect_image_flags, &dissected_image);
+ r = dissect_image(loop_device->fd,
+ root_hash ?: root_hash_decoded,
+ root_hash_size,
+ root_verity ?: verity_data,
+ dissect_image_flags,
+ &dissected_image);
if (r < 0)
return log_debug_errno(r, "Failed to dissect image: %m");
- r = dissected_image_decrypt(dissected_image, NULL, root_hash ?: root_hash_decoded, root_hash_size, root_verity ?: verity_data, root_hash_sig_path ?: hash_sig_path, root_hash_sig, root_hash_sig_size, dissect_image_flags, &decrypted_image);
+ r = dissected_image_decrypt(dissected_image,
+ NULL,
+ root_hash ?: root_hash_decoded,
+ root_hash_size,
+ root_verity ?: verity_data,
+ root_hash_sig_path ?: hash_sig_path,
+ root_hash_sig,
+ root_hash_sig_size,
+ dissect_image_flags,
+ &decrypted_image);
if (r < 0)
return log_debug_errno(r, "Failed to decrypt dissected image: %m");
}
@@ -1396,19 +1422,28 @@ int setup_namespace(
}
if (ns_info->protect_kernel_tunables) {
- r = append_static_mounts(&m, protect_kernel_tunables_table, ELEMENTSOF(protect_kernel_tunables_table), ns_info->ignore_protect_paths);
+ r = append_static_mounts(&m,
+ protect_kernel_tunables_table,
+ ELEMENTSOF(protect_kernel_tunables_table),
+ ns_info->ignore_protect_paths);
if (r < 0)
goto finish;
}
if (ns_info->protect_kernel_modules) {
- r = append_static_mounts(&m, protect_kernel_modules_table, ELEMENTSOF(protect_kernel_modules_table), ns_info->ignore_protect_paths);
+ r = append_static_mounts(&m,
+ protect_kernel_modules_table,
+ ELEMENTSOF(protect_kernel_modules_table),
+ ns_info->ignore_protect_paths);
if (r < 0)
goto finish;
}
if (ns_info->protect_kernel_logs) {
- r = append_static_mounts(&m, protect_kernel_logs_table, ELEMENTSOF(protect_kernel_logs_table), ns_info->ignore_protect_paths);
+ r = append_static_mounts(&m,
+ protect_kernel_logs_table,
+ ELEMENTSOF(protect_kernel_logs_table),
+ ns_info->ignore_protect_paths);
if (r < 0)
goto finish;
}
@@ -1429,7 +1464,10 @@ int setup_namespace(
goto finish;
if (namespace_info_mount_apivfs(ns_info)) {
- r = append_static_mounts(&m, apivfs_table, ELEMENTSOF(apivfs_table), ns_info->ignore_protect_paths);
+ r = append_static_mounts(&m,
+ apivfs_table,
+ ELEMENTSOF(apivfs_table),
+ ns_info->ignore_protect_paths);
if (r < 0)
goto finish;
}
@@ -1477,10 +1515,10 @@ int setup_namespace(
if (unshare(CLONE_NEWNS) < 0) {
r = log_debug_errno(errno, "Failed to unshare the mount namespace: %m");
if (IN_SET(r, -EACCES, -EPERM, -EOPNOTSUPP, -ENOSYS))
- /* If the kernel doesn't support namespaces, or when there's a MAC or seccomp filter in place
- * that doesn't allow us to create namespaces (or a missing cap), then propagate a recognizable
- * error back, which the caller can use to detect this case (and only this) and optionally
- * continue without namespacing applied. */
+ /* If the kernel doesn't support namespaces, or when there's a MAC or seccomp filter
+ * in place that doesn't allow us to create namespaces (or a missing cap), then
+ * propagate a recognizable error back, which the caller can use to detect this case
+ * (and only this) and optionally continue without namespacing applied. */
r = -ENOANO;
goto finish;
@@ -1544,8 +1582,8 @@ int setup_namespace(
_cleanup_free_ char **deny_list = NULL;
size_t j;
- /* Open /proc/self/mountinfo now as it may become unavailable if we mount anything on top of /proc.
- * For example, this is the case with the option: 'InaccessiblePaths=/proc' */
+ /* Open /proc/self/mountinfo now as it may become unavailable if we mount anything on top of
+ * /proc. For example, this is the case with the option: 'InaccessiblePaths=/proc'. */
proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
if (!proc_self_mountinfo) {
r = log_debug_errno(errno, "Failed to open /proc/self/mountinfo: %m");
@@ -1570,10 +1608,10 @@ int setup_namespace(
goto finish;
}
if (r == 0) {
- /* We hit a symlinked mount point. The entry got rewritten and might point to a
- * very different place now. Let's normalize the changed list, and start from
- * the beginning. After all to mount the entry at the new location we might
- * need some other mounts first */
+ /* We hit a symlinked mount point. The entry got rewritten and might
+ * point to a very different place now. Let's normalize the changed
+ * list, and start from the beginning. After all to mount the entry
+ * at the new location we might need some other mounts first */
again = true;
break;
}
@@ -1978,31 +2016,31 @@ bool ns_type_supported(NamespaceType type) {
}
static const char *const protect_home_table[_PROTECT_HOME_MAX] = {
- [PROTECT_HOME_NO] = "no",
- [PROTECT_HOME_YES] = "yes",
+ [PROTECT_HOME_NO] = "no",
+ [PROTECT_HOME_YES] = "yes",
[PROTECT_HOME_READ_ONLY] = "read-only",
- [PROTECT_HOME_TMPFS] = "tmpfs",
+ [PROTECT_HOME_TMPFS] = "tmpfs",
};
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(protect_home, ProtectHome, PROTECT_HOME_YES);
static const char *const protect_system_table[_PROTECT_SYSTEM_MAX] = {
- [PROTECT_SYSTEM_NO] = "no",
- [PROTECT_SYSTEM_YES] = "yes",
- [PROTECT_SYSTEM_FULL] = "full",
+ [PROTECT_SYSTEM_NO] = "no",
+ [PROTECT_SYSTEM_YES] = "yes",
+ [PROTECT_SYSTEM_FULL] = "full",
[PROTECT_SYSTEM_STRICT] = "strict",
};
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(protect_system, ProtectSystem, PROTECT_SYSTEM_YES);
static const char* const namespace_type_table[] = {
- [NAMESPACE_MOUNT] = "mnt",
+ [NAMESPACE_MOUNT] = "mnt",
[NAMESPACE_CGROUP] = "cgroup",
- [NAMESPACE_UTS] = "uts",
- [NAMESPACE_IPC] = "ipc",
- [NAMESPACE_USER] = "user",
- [NAMESPACE_PID] = "pid",
- [NAMESPACE_NET] = "net",
+ [NAMESPACE_UTS] = "uts",
+ [NAMESPACE_IPC] = "ipc",
+ [NAMESPACE_USER] = "user",
+ [NAMESPACE_PID] = "pid",
+ [NAMESPACE_NET] = "net",
};
DEFINE_STRING_TABLE_LOOKUP(namespace_type, NamespaceType);
diff --git a/src/core/service.c b/src/core/service.c
index 3daf21296a..4813ce938d 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2132,9 +2132,9 @@ static void service_enter_start(Service *s) {
if (!c) {
if (s->type != SERVICE_ONESHOT) {
- /* There's no command line configured for the main command? Hmm, that is strange. This can only
- * happen if the configuration changes at runtime. In this case, let's enter a failure
- * state. */
+ /* There's no command line configured for the main command? Hmm, that is strange.
+ * This can only happen if the configuration changes at runtime. In this case,
+ * let's enter a failure state. */
log_unit_error(UNIT(s), "There's no 'start' task anymore we could start.");
r = -ENXIO;
goto fail;
View Lorry Controller Status