Let's split out the two codepaths a bit, and emphasize which ones it the
new-style and which the old-style codepath, and let's clearly convert
the params of the old-stye into the new style for further processing, so
that the old style path is brief and isolated.
No change in behaviour.
Follow-up for: 8885fed4e3
As we usually (unfortunately not always though) do not use abbreviations.
Tx may be standard abbreviation, but we already have e.g.
TransmitChecksumOffload=. So, let's use Transmit instead of Tx.
Follow-up for ef4a91a7e8.
Let's tighten the logic behind path_extract_filename() a bit: first of
all, refuse all cases of invalid paths with -EINVAL. More importantly
though return a recognizable error when a valid path is specified that
does not contain any filename. Specifically, "/" will now result in
-EADDRNOTAVAIL.
This changes API, but none of the existing callers care about the return
value, hence the change should be fine.
Otherwise, the list becomes dirty when an entry is freed.
This also remove the entry from the hashmap only when its name is set.
The name should be always set, so that does not change anything. But
just for safety.
This should not change anything. As hashmap_remove() is called before
hashmap_ensure_put(). So, even if hashmap_ensure_put() fails, a wrong
entry will not removed from the hashmap by udev_list_entry_free().
But anyway, just for safety.
Let's make these functions a little more generic so we can have
them work on more than one GUID. More specifically, this allows
using them with the global guid which will be used a bit more to
extend the secure boot support.
Instead of using -nostdinc, we use -nostdlib. This is necessary
to allow moving to C99 as efibind.h includes stdint.h when C99
is enabled. It isn't necessarily problematic to use some standard
library headers as long as they don't contain functions defined in
libc or another system library (or in other words, header only
headers are fine to use in sd-boot).
I think this formatting was originally used because it simplified
adding new options to the help messages. However, these days, most
tools their help message end with "\nSee the %s for details.\n" so
the final line almost never has to be edited which eliminates the
benefit of the custom formatting used for printf() help messages.
Let's make things more consistent and use the same formatting for
printf() help messages that we use everywhere else.
Prompted by https://github.com/systemd/systemd/pull/18355#discussion_r567241580
Follow-up for 4ea8b443de. The logic that manages DnsQueryCandidate is rather
complicated: a calls to dns_query_complete() that wants to destroy a
DnsQueryCandidate can be nested inside a deep chain of calls. Using reference
counts seems like the simplest approach.
DnsSearchDomain already uses reference counting.
This patch effectively brings dns_query_candidate_go() to the state before
4ea8b443de, but wraps the iteration over DnsQueryCandidate.transactions in
dns_query_candidate_ref+dns_query_candidate_unref.
Follow-up for 133b34f69a where this was
forgotten.
While we are at it, bring the parameters into the same order as we
declare them in the PullRaw/PullTar objects, i.e. match them to the
canonical order.
Implement directives `NoExecPaths=` and `ExecPaths=` to control `MS_NOEXEC`
mount flag for the file system tree. This can be used to implement file system
W^X policies, and for example with allow-listing mode (NoExecPaths=/) a
compromised service would not be able to execute a shell, if that was not
explicitly allowed.
Example:
[Service]
NoExecPaths=/
ExecPaths=/usr/bin/daemon /usr/lib64 /usr/lib
Closes: #17942.
