We expect that if socket() syscall is available, seccomp works for that
architecture. So instead of explicitly listing all architectures where we know
it is not available, just assume it is broken if the number is not defined.
This should have the same effect, except that other architectures where it is
also broken will pass tests without further changes. (Architectures where the
filter should work, but does not work because of missing entries in
seccomp-util.c, will still fail.)
i386, s390, s390x are the exception — setting the filter fails, even though
socket() is available, so it needs to be special-cased
(https://github.com/systemd/systemd/issues/5215#issuecomment-277241488).
This remove the last define in seccomp-util.h that was only used in test-seccomp.c. Porting
the seccomp filter to new architectures should be simpler because now only two places need
to be modified.
RestrictAddressFamilies seems to work on ppc64[bl]e, so enable it (the tests pass).
While adding the defines for arm, I realized that we have pretty much all
known architectures covered, so SECCOMP_RESTRICT_NAMESPACES_BROKEN is not
necessary anymore. clone(2) is adamant that the order of the first two
arguments is only reversed on s390/s390x. So let's simplify things and remove
the #if.
SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN was conflating two separate things:
1. whether shmat/shmdt/shmget can be filtered (if ipc multiplexer is used, they can not)
2. whether we know this for the current architecture
For i386, shmat is implemented as ipc, so seccomp filter is "broken" for shmat,
but not for mmap, and SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN cannot be used
to cover both cases. The define was only used for tests — not in the implementation
in seccomp-util.c. So let's get rid of SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN
and encode the right condition directly in tests.
Also updates the documentation and adds a mention of ppc64 support
which was enabled by #5325.
Tested on Debian mipsel and mips64el. The other 4 mips architectures
should have an identical user <-> kernel ABI to one of the 2 tested
systems.
Using conf.set() with a boolean argument does the right thing:
either #ifdef or #undef. This means that conf.set can be used unconditionally.
Previously I used '1' as the placeholder value, and that needs to be changed to
'true' for consistency (under meson 1 cannot be used in boolean context). All
checks need to be adjusted.
This is similar to what ./configure prints. Instead of a long list of yes/no lines,
I added two lines at the end with "enabled features" and "disabled features".
This is what the mplayer/mencoder ./configure script did back in the day.
The advantage is that it's easy to look at the list of disabled features
and check for any unexpected entries.
Reset also the counter for number of Router Solicitations sent when
the associated file descriptor is closed and the event source
unreferenced. With this change the router discovery can now be
stopped and restarted arbitrary many times.
Those were dropped accidentally in commit
19fe49f62c, most likely by running
make update-man-list. This is a known limitation of the autotools build:
the man pages must be built before update-man-list is called.
The symlinks should be created in the build directory in two cases: when
configuration specifies -Dhtml=true, or when ninja html target is built.
Normally install : {true,false} is used to decide if a target should be built,
but in this case, we cannot use install : true, because, as described in
488477d101, that results in the target file being copied into the
installation directory instead of a symlink. So we need a work-around. To
achieve the first end, the commands to create the symlinks are added as
dependencies of the command to create the html page. To the second end, they
are added as dependencies of the html target.
Follow-up for 488477d101 and 064d9ef0d7.
This adds two somewhat independent rules:
1. to create symlinks to html pages in the build directory
2. to create symlinks in the installation directory
The second part needs to be coded separately, because telling meson to install
the symlinks created in step 1. results in a copy of the target, instead of a
symlink. So step 2. needs to ignore the result of 1. and create the symlink again.
Fixes#5863.
This is useful on systems like NixOS, where python3 is not in
/usr/bin/python3 as well as for people using alternative ways to
install python such as virtualenv/pyenv.
netdev to bond.
There are situations where a link can be in an "UP" state when
systemd-networkd attempts to add the link to a bond device.
This is a problem because the bonding driver will refuse to
enslave a link if it is in the "UP" state.
This check ensures systemd-networkd sets the link to "DOWN"
before attempting to add the link to the bond.
Fixes#5838.
This small fixup removes a compiler warning when passing tcg (a const
arg type) to the uefi call wapper, which does not define it as const.
All other source files in sd-boot do this cast except measure.c, so
let's fix that.
When some error occurs during the initialization of JournalFile,
the JournalFile can be left without hash tables created. When later
trying to append an entry to that file, the assertion in
journal_file_link_data() fails, and journald crashes.
This patch fix this issue by checking *_hash_table_size in
journal_file_verify_header().
Linking dynamically against libudev will fail once
https://github.com/mesonbuild/meson/pull/1545 is merged and apparently
already triggers a link failure on s390x.
Make libshared provide the udev symbols by including libudev_sources
into libshared. This will cause those files to be compiled twice, but it
actually reduces the installed size and is closer to what the autotools
build system is doing.
Closes#5828
