2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2013-10-17 03:18:36 +02:00
|
|
|
|
2013-11-23 02:47:12 +01:00
|
|
|
#include "sd-daemon.h"
|
2016-11-28 20:42:40 +01:00
|
|
|
#include "sd-event.h"
|
2015-10-25 22:32:30 +01:00
|
|
|
|
2015-10-26 23:32:16 +01:00
|
|
|
#include "capability-util.h"
|
2016-03-31 01:33:55 +02:00
|
|
|
#include "networkd-conf.h"
|
2016-11-13 04:59:06 +01:00
|
|
|
#include "networkd-manager.h"
|
2015-10-25 22:32:30 +01:00
|
|
|
#include "signal-util.h"
|
|
|
|
#include "user-util.h"
|
2013-10-17 03:18:36 +02:00
|
|
|
|
|
|
|
int main(int argc, char *argv[]) {
|
tree-wide: drop redundant _cleanup_ macros (#8810)
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
2018-04-25 12:31:45 +02:00
|
|
|
_cleanup_(manager_freep) Manager *m = NULL;
|
2014-06-01 09:12:00 +02:00
|
|
|
const char *user = "systemd-network";
|
|
|
|
uid_t uid;
|
|
|
|
gid_t gid;
|
2013-10-17 03:18:36 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
log_set_target(LOG_TARGET_AUTO);
|
|
|
|
log_parse_environment();
|
|
|
|
log_open();
|
|
|
|
|
|
|
|
umask(0022);
|
|
|
|
|
|
|
|
if (argc != 1) {
|
|
|
|
log_error("This program takes no arguments.");
|
2013-11-23 02:07:08 +01:00
|
|
|
r = -EINVAL;
|
|
|
|
goto out;
|
2013-10-17 03:18:36 +02:00
|
|
|
}
|
|
|
|
|
2014-06-01 09:12:00 +02:00
|
|
|
r = get_user_creds(&user, &uid, &gid, NULL, NULL);
|
|
|
|
if (r < 0) {
|
2014-11-28 13:19:16 +01:00
|
|
|
log_error_errno(r, "Cannot resolve user name %s: %m", user);
|
2014-06-01 09:12:00 +02:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2018-01-16 19:35:25 +01:00
|
|
|
/* Create runtime directory. This is not necessary when networkd is
|
|
|
|
* started with "RuntimeDirectory=systemd/netif", or after
|
|
|
|
* systemd-tmpfiles-setup.service. */
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, MKDIR_WARN_MODE);
|
2014-03-13 19:02:28 +01:00
|
|
|
if (r < 0)
|
2015-03-16 16:35:12 +01:00
|
|
|
log_warning_errno(r, "Could not create runtime directory: %m");
|
2014-03-13 19:02:28 +01:00
|
|
|
|
2017-08-26 18:40:47 +02:00
|
|
|
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
|
|
|
|
* privileges are already dropped. */
|
|
|
|
if (geteuid() == 0) {
|
|
|
|
r = drop_privileges(uid, gid,
|
|
|
|
(1ULL << CAP_NET_ADMIN) |
|
|
|
|
(1ULL << CAP_NET_BIND_SERVICE) |
|
|
|
|
(1ULL << CAP_NET_BROADCAST) |
|
|
|
|
(1ULL << CAP_NET_RAW));
|
|
|
|
if (r < 0)
|
|
|
|
goto out;
|
|
|
|
}
|
2014-06-01 09:12:00 +02:00
|
|
|
|
2018-01-16 19:35:25 +01:00
|
|
|
/* Always create the directories people can create inotify watches in.
|
|
|
|
* It is necessary to create the following subdirectories after drop_privileges()
|
|
|
|
* to support old kernels not supporting AmbientCapabilities=. */
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, MKDIR_WARN_MODE);
|
2018-01-16 19:35:25 +01:00
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Could not create runtime directory 'links': %m");
|
|
|
|
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, MKDIR_WARN_MODE);
|
2018-01-16 19:35:25 +01:00
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Could not create runtime directory 'leases': %m");
|
|
|
|
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, MKDIR_WARN_MODE);
|
2018-01-16 19:35:25 +01:00
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Could not create runtime directory 'lldp': %m");
|
|
|
|
|
2015-06-15 20:13:23 +02:00
|
|
|
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
|
2014-07-07 23:11:03 +02:00
|
|
|
|
2018-07-18 05:37:50 +02:00
|
|
|
r = manager_new(&m);
|
2014-01-16 14:59:26 +01:00
|
|
|
if (r < 0) {
|
2014-11-28 13:19:16 +01:00
|
|
|
log_error_errno(r, "Could not create manager: %m");
|
2015-02-05 18:00:16 +01:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = manager_connect_bus(m);
|
|
|
|
if (r < 0) {
|
|
|
|
log_error_errno(r, "Could not connect to bus: %m");
|
2013-11-23 02:07:08 +01:00
|
|
|
goto out;
|
2014-01-16 14:59:26 +01:00
|
|
|
}
|
2013-10-17 03:18:36 +02:00
|
|
|
|
2016-03-31 01:33:55 +02:00
|
|
|
r = manager_parse_config_file(m);
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse configuration file: %m");
|
|
|
|
|
2014-03-10 23:40:34 +01:00
|
|
|
r = manager_load_config(m);
|
2014-01-16 14:59:26 +01:00
|
|
|
if (r < 0) {
|
2014-11-28 13:19:16 +01:00
|
|
|
log_error_errno(r, "Could not load configuration files: %m");
|
2013-11-23 02:07:08 +01:00
|
|
|
goto out;
|
2014-01-16 14:59:26 +01:00
|
|
|
}
|
2014-01-05 23:01:10 +01:00
|
|
|
|
2014-04-15 14:21:44 +02:00
|
|
|
r = manager_rtnl_enumerate_links(m);
|
2014-01-13 23:48:28 +01:00
|
|
|
if (r < 0) {
|
2014-11-28 13:19:16 +01:00
|
|
|
log_error_errno(r, "Could not enumerate links: %m");
|
2014-01-13 23:48:28 +01:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2014-12-08 19:54:06 +01:00
|
|
|
r = manager_rtnl_enumerate_addresses(m);
|
|
|
|
if (r < 0) {
|
2015-07-03 12:13:35 +02:00
|
|
|
log_error_errno(r, "Could not enumerate addresses: %m");
|
2014-12-08 19:54:06 +01:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2015-10-25 14:46:21 +01:00
|
|
|
r = manager_rtnl_enumerate_routes(m);
|
|
|
|
if (r < 0) {
|
|
|
|
log_error_errno(r, "Could not enumerate routes: %m");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2017-09-14 21:51:39 +02:00
|
|
|
r = manager_rtnl_enumerate_rules(m);
|
|
|
|
if (r < 0) {
|
|
|
|
log_error_errno(r, "Could not enumerate rules: %m");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2016-11-28 20:42:40 +01:00
|
|
|
r = manager_start(m);
|
|
|
|
if (r < 0) {
|
|
|
|
log_error_errno(r, "Could not start manager: %m");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2015-02-04 09:47:50 +01:00
|
|
|
log_info("Enumeration completed");
|
|
|
|
|
2013-11-23 02:07:08 +01:00
|
|
|
sd_notify(false,
|
|
|
|
"READY=1\n"
|
|
|
|
"STATUS=Processing requests...");
|
2013-11-14 16:22:51 +01:00
|
|
|
|
2018-07-18 05:37:50 +02:00
|
|
|
r = sd_event_loop(m->event);
|
2014-01-16 14:59:26 +01:00
|
|
|
if (r < 0) {
|
2014-11-28 13:19:16 +01:00
|
|
|
log_error_errno(r, "Event loop failed: %m");
|
2013-11-23 02:07:08 +01:00
|
|
|
goto out;
|
2014-01-16 14:59:26 +01:00
|
|
|
}
|
2013-11-23 02:07:08 +01:00
|
|
|
out:
|
|
|
|
sd_notify(false,
|
2014-08-21 17:19:28 +02:00
|
|
|
"STOPPING=1\n"
|
2013-11-23 02:07:08 +01:00
|
|
|
"STATUS=Shutting down...");
|
2013-10-17 03:18:36 +02:00
|
|
|
|
2013-11-23 02:07:08 +01:00
|
|
|
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|
2013-10-17 03:18:36 +02:00
|
|
|
}
|