| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Realistically, the only thing that the caller can do is ignore failures related
to missing credentials. If the caller requires some credentials to be present,
they should just check which output variables are not NULL. One of the callers
was already doing that, and the other wanted to, but missed -ENOENT. By
suppressing -ENOENT and -ENXIO, both callers are simplified.
Fixes a warning at boot:
systemd-vconsole-setup[221]: Failed to import credentials, ignoring: No such file or directory
|
|\
| |
| | |
socket-util: introduce CMSG_FIND_AND_COPY_DATA()
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
| |
The old common default was 4096, until 2020 on which all DNS servers (verified
on BIND9, NSD, Unbound, dnsmasq) switched to 1232 as an agreed max size [1].
[1] https://www.dnsflagday.net/2020/#message-size-considerations
|
|
|
|
| |
This query can never be answered, so let's no wait for it to timeout.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All daemons use a similar scheme to read their main config files and theirs
drop-ins. The main config files are always stored in /etc/systemd directory and
it's easy enough to construct the name of the drop-in directories based on the
name of the main config file.
Hence the new helper does that internally, which allows to reduce and simplify
the args passed previously to config_parse_many_nulstr().
Besides the overall code simplification it results:
16 files changed, 87 insertions(+), 159 deletions(-)
it allows to identify clearly the locations in the code where configuration
files are parsed.
|
|
|
|
| |
This will help in a later commit to separate userspace from EFI builds.
|
|
|
|
| |
Function didn't actually return anything useful. Quite a shame.
|
| |
|
| |
|
|\
| |
| | |
meson: Use dicts for test/fuzzer definitions
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Although this slightly more verbose it makes it much easier to reason
about. The code that produces the tests heavily benefits from this.
Test lists are also now sorted by test name.
|
| | |
|
|/
|
|
| |
And make safe_fork_full() takes fds to be assigned to stdio.
|
|
|
|
|
|
| |
If UDP is blocked on the system (e.g. by iptables or BPF), the kernel will
return EPERM on some or all of the system calls (connect, sendmsg, etc.).
In this case, try to fall back to TCP, which hopefully will not be blocked.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, we reported:
nx.example.org: resolve call failed: 'nx.example.org' not found
But the call did succeed, and in fact all communication with the upstream
servers was successful, and we got an authoritative negative answer.
So instead of saying that the call fail, just say that the host doesn't exist:
nx.example.org: Name 'nx.example.org' not found
I wanted to keep the prefix of "<name>: ", to keep the output uniform. But
it'd look a bit strange to say "<name>: <name> not found", so I added "Name "
to make the output more readable. (Another option would be to not display
the error string received from resolved, but that seems risky: even if right
now resolved uses just one message format, it could start doing something else
in the future, so it's better to display the error as received.)
Fixes #26233.
|
|
|
|
|
|
| |
This result is identical after cpp is done, so we don't save anything
by not having the usual macros. And with the usual macros it's easier to
grep and code-crossreferencing works better.
|
|
|
|
|
|
|
|
| |
If we don't have CAP_NET_BIND_SERVICE, we won't be able to bind
the stub listener socket, so let's skip creating it and log a warning.
We do the same for the extra stubs if they're configured on privileged
ports.
|
|
|
|
|
|
| |
Meson+ninja+compiler do this for us and are better at it.
https://mesonbuild.com/FAQ.html#do-i-need-to-add-my-headers-to-the-sources-list-like-in-autotools
|
|
|
|
| |
character buffers to NUL terminated C strings
|
|
|
|
|
| |
Let's use statement expressions to return values instead of passing
in return arguments to the LIST macros.
|
|\
| |
| | |
resolved: add support for reading DNS config from kernel cmdline + service credentials
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Note that this drops ProtectProc=invisible from
systemd-resolved.service.
This is done because othewise access to the booted "kernel" command line is not
necessarily available. That's because in containers we want to read
/proc/1/cmdline for that.
Fixes: #24103
|
| |
| |
| |
| | |
Fixes: #23010
|
| |
| |
| |
| |
| | |
dns_name_is_empty() was added later, but does the same thing as the more
accurately called dns_name_is_root(), hence drop the former.
|
|/
|
|
|
|
|
|
| |
The second argument to dump_list() actually ends up in a TABLE_FIELD
cell now, where we implicitly append a ":". Hence drop it from the
strings.
Follow-up for: 37a50123fac050c7ccde4afcf3f37ee77aad012c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"resolvectl status" shows per-link DNS servers separately from global
ones. When querying the global list, it will contain both per-link and
global servers however. Thus, to not show duplicate info we filter all
entries that actually have a non-zero ifindex set (under the assumption
that that's a per-link server).
This doesn't work if people configured 127.0.0.1 as global server
though, as we'll add ifindex 1 to it since
6e32414a66ff8dbcef233981a7066684d903ee9f unconditionally even for global
servers.
Let's address that by excluding entries with ifindex 1 from suppression.
This is safe as resolved ignores loopback ifaces, hence never will have
per-link servers on ifindex 1.
Note that this splits up the "with_ifindex" parameter into a second
parameter "only_global", since they semantically do two different
things. One controls whether we shall expect/parse an ifindex dbus
field. The other controls whether we shall filter all ifindex values set
!= 0. These are effectively always used in conjunction hence making them
the same actually worked. However this is utterly confusing I think,
which as I guess is resulting in the confusion around #25796 (which
removes the whole check)
Replaces: #25796
|
|
|
|
| |
Let's make this a bit more readable.
|
|
|
|
| |
zero in all code paths
|
|
|
|
|
|
|
|
|
|
| |
Previously, if a client disconnected after sending a lookup request but
before waiting for the reply we'd log at LOG_ERR level. That's
confusing, since it's entirely OK for the client to lose interest.
Hence, let's downgrade to debug level.
Fixes: #25892
|
|
|
|
|
|
|
| |
If less than three parameters are passed a simple comparison is the
better choice.
Lo and behold this found two pretty bad typos.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-1 was used everywhere, but -EBADF or -EBADFD started being used in various
places. Let's make things consistent in the new style.
Note that there are two candidates:
EBADF 9 Bad file descriptor
EBADFD 77 File descriptor in bad state
Since we're initializating the fd, we're just assigning a value that means
"no fd yet", so it's just a bad file descriptor, and the first errno fits
better. If instead we had a valid file descriptor that became invalid because
of some operation or state change, the other errno would fit better.
In some places, initialization is dropped if unnecessary.
|
|
|
|
|
| |
Fixes a bug introduced by 16a6bc5a7a5da2482d96f7dc43da360ceab1c320.
Fixes CID#1501514.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This improves the performance of parsing the file and reduces memory pressure.
Running 'fuzz-etc-hosts timeout-strv' with valgrind,
Before:
total heap usage: 321,020 allocs, 321,020 frees, 15,820,387,193 bytes allocated
real 0m23.531s
user 0m21.458s
sys 0m1.961s
After:
total heap usage: 112,408 allocs, 112,408 frees, 7,297,480 bytes allocated
real 0m8.664s
user 0m8.545s
sys 0m0.065s
Hopefully fixes oss-fuzz#47708 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47708).
|
|
|
|
| |
No functional changes, just refactoring.
|
|
|
|
| |
No functional changes, just refactoring.
|
|
|
|
| |
No functional changes, just refactoring.
|
| |
|
|
|
|
| |
No functional changes, just refactoring.
|
|
|
|
|
| |
No functional change, just refactoring and preparation for later
commits.
|
| |
|
| |
|
| |
|