2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2013-10-17 03:18:36 +02:00
|
|
|
|
2019-05-09 02:33:45 +02:00
|
|
|
#include <netinet/in.h>
|
2019-03-27 11:32:41 +01:00
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
2013-11-23 02:47:12 +01:00
|
|
|
#include "sd-daemon.h"
|
2016-11-28 20:42:40 +01:00
|
|
|
#include "sd-event.h"
|
2015-10-25 22:32:30 +01:00
|
|
|
|
2015-10-26 23:32:16 +01:00
|
|
|
#include "capability-util.h"
|
2018-11-26 08:37:52 +01:00
|
|
|
#include "daemon-util.h"
|
|
|
|
#include "main-func.h"
|
2018-08-22 07:30:49 +02:00
|
|
|
#include "mkdir.h"
|
2016-03-31 01:33:55 +02:00
|
|
|
#include "networkd-conf.h"
|
2016-11-13 04:59:06 +01:00
|
|
|
#include "networkd-manager.h"
|
2015-10-25 22:32:30 +01:00
|
|
|
#include "signal-util.h"
|
|
|
|
#include "user-util.h"
|
2013-10-17 03:18:36 +02:00
|
|
|
|
2018-11-26 08:37:52 +01:00
|
|
|
static int run(int argc, char *argv[]) {
|
|
|
|
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
|
tree-wide: drop redundant _cleanup_ macros (#8810)
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
2018-04-25 12:31:45 +02:00
|
|
|
_cleanup_(manager_freep) Manager *m = NULL;
|
2014-06-01 09:12:00 +02:00
|
|
|
const char *user = "systemd-network";
|
|
|
|
uid_t uid;
|
|
|
|
gid_t gid;
|
2013-10-17 03:18:36 +02:00
|
|
|
int r;
|
|
|
|
|
2018-11-20 11:18:22 +01:00
|
|
|
log_setup_service();
|
2013-10-17 03:18:36 +02:00
|
|
|
|
|
|
|
umask(0022);
|
|
|
|
|
2018-11-26 08:37:52 +01:00
|
|
|
if (argc != 1)
|
|
|
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "This program takes no arguments.");
|
2013-10-17 03:18:36 +02:00
|
|
|
|
2018-08-02 18:36:47 +02:00
|
|
|
r = get_user_creds(&user, &uid, &gid, NULL, NULL, 0);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Cannot resolve user name %s: %m", user);
|
2014-06-01 09:12:00 +02:00
|
|
|
|
2018-01-16 19:35:25 +01:00
|
|
|
/* Create runtime directory. This is not necessary when networkd is
|
|
|
|
* started with "RuntimeDirectory=systemd/netif", or after
|
|
|
|
* systemd-tmpfiles-setup.service. */
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, MKDIR_WARN_MODE);
|
2014-03-13 19:02:28 +01:00
|
|
|
if (r < 0)
|
2015-03-16 16:35:12 +01:00
|
|
|
log_warning_errno(r, "Could not create runtime directory: %m");
|
2014-03-13 19:02:28 +01:00
|
|
|
|
2017-08-26 18:40:47 +02:00
|
|
|
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
|
|
|
|
* privileges are already dropped. */
|
|
|
|
if (geteuid() == 0) {
|
|
|
|
r = drop_privileges(uid, gid,
|
|
|
|
(1ULL << CAP_NET_ADMIN) |
|
|
|
|
(1ULL << CAP_NET_BIND_SERVICE) |
|
|
|
|
(1ULL << CAP_NET_BROADCAST) |
|
|
|
|
(1ULL << CAP_NET_RAW));
|
|
|
|
if (r < 0)
|
2018-11-26 08:37:52 +01:00
|
|
|
return log_error_errno(r, "Failed to drop privileges: %m");
|
2017-08-26 18:40:47 +02:00
|
|
|
}
|
2014-06-01 09:12:00 +02:00
|
|
|
|
2018-01-16 19:35:25 +01:00
|
|
|
/* Always create the directories people can create inotify watches in.
|
|
|
|
* It is necessary to create the following subdirectories after drop_privileges()
|
|
|
|
* to support old kernels not supporting AmbientCapabilities=. */
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, MKDIR_WARN_MODE);
|
2018-01-16 19:35:25 +01:00
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Could not create runtime directory 'links': %m");
|
|
|
|
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, MKDIR_WARN_MODE);
|
2018-01-16 19:35:25 +01:00
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Could not create runtime directory 'leases': %m");
|
|
|
|
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, MKDIR_WARN_MODE);
|
2018-01-16 19:35:25 +01:00
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Could not create runtime directory 'lldp': %m");
|
|
|
|
|
2015-06-15 20:13:23 +02:00
|
|
|
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
|
2014-07-07 23:11:03 +02:00
|
|
|
|
2018-07-18 05:37:50 +02:00
|
|
|
r = manager_new(&m);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not create manager: %m");
|
2015-02-05 18:00:16 +01:00
|
|
|
|
|
|
|
r = manager_connect_bus(m);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not connect to bus: %m");
|
2013-10-17 03:18:36 +02:00
|
|
|
|
2016-03-31 01:33:55 +02:00
|
|
|
r = manager_parse_config_file(m);
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse configuration file: %m");
|
|
|
|
|
2014-03-10 23:40:34 +01:00
|
|
|
r = manager_load_config(m);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not load configuration files: %m");
|
2014-01-05 23:01:10 +01:00
|
|
|
|
2014-04-15 14:21:44 +02:00
|
|
|
r = manager_rtnl_enumerate_links(m);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not enumerate links: %m");
|
2014-01-13 23:48:28 +01:00
|
|
|
|
2014-12-08 19:54:06 +01:00
|
|
|
r = manager_rtnl_enumerate_addresses(m);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not enumerate addresses: %m");
|
2014-12-08 19:54:06 +01:00
|
|
|
|
2019-04-19 09:53:34 +02:00
|
|
|
r = manager_rtnl_enumerate_neighbors(m);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not enumerate neighbors: %m");
|
|
|
|
|
2015-10-25 14:46:21 +01:00
|
|
|
r = manager_rtnl_enumerate_routes(m);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not enumerate routes: %m");
|
2015-10-25 14:46:21 +01:00
|
|
|
|
2017-09-14 21:51:39 +02:00
|
|
|
r = manager_rtnl_enumerate_rules(m);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not enumerate rules: %m");
|
2017-09-14 21:51:39 +02:00
|
|
|
|
2019-10-04 21:40:51 +02:00
|
|
|
r = manager_rtnl_enumerate_nexthop(m);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not enumerate nexthop: %m");
|
|
|
|
|
2016-11-28 20:42:40 +01:00
|
|
|
r = manager_start(m);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Could not start manager: %m");
|
2016-11-28 20:42:40 +01:00
|
|
|
|
2015-02-04 09:47:50 +01:00
|
|
|
log_info("Enumeration completed");
|
|
|
|
|
2018-11-26 08:37:52 +01:00
|
|
|
notify_message = notify_start(NOTIFY_READY, NOTIFY_STOPPING);
|
2013-11-14 16:22:51 +01:00
|
|
|
|
2018-07-18 05:37:50 +02:00
|
|
|
r = sd_event_loop(m->event);
|
2018-11-26 08:37:52 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Event loop failed: %m");
|
2013-10-17 03:18:36 +02:00
|
|
|
|
2018-11-26 08:37:52 +01:00
|
|
|
return 0;
|
2013-10-17 03:18:36 +02:00
|
|
|
}
|
2018-11-26 08:37:52 +01:00
|
|
|
|
|
|
|
DEFINE_MAIN_FUNCTION(run);
|