16062852561

Committed 03 Jul 2025 10:04PM UTC coverage: 72.193% (+0.1%) from 72.096%

Build # 16062852561

Build Type

push

github

Committed by

bluca

Commit Message

pcrlock: process components outside of location window properly

So far, when we tried to match a component to eent log entries we
skipped those components if they were outside of our location window.
That however is too aggressive, since it means any components that are
already in the logs, but outside of the location window will be
considered unrecognized in the logs, and thus removed from the PCR
policy.

Change things around: always try to match up all components, regardless
if inside the location window or outside, but then make it non-fatal we
can't find a component outside of the location window.

Fixes: #36079

Run Details

7 of 9 new or added lines in 1 file covered. (77.78%)

4116 existing lines in 75 files now uncovered.

301219 of 417241 relevant lines covered (72.19%)

730820.5 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

83.33

/src/network/networkctl-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <sys/stat.h>
#include <unistd.h>

#include "sd-bus.h"

#include "alloc-util.h"
#include "ansi-color.h"
#include "log.h"
#include "networkctl.h"
#include "networkctl-util.h"
#include "stdio-util.h"
#include "string-util.h"
#include "strv.h"
#include "varlink-util.h"

int varlink_connect_networkd(sd_varlink **ret_varlink) {
        _cleanup_(sd_varlink_flush_close_unrefp) sd_varlink *vl = NULL;
        sd_json_variant *reply;
        uint64_t id;
        int r;

        r = sd_varlink_connect_address(&vl, "/run/systemd/netif/io.systemd.Network");
        if (r < 0)
                return log_error_errno(r, "Failed to connect to network service /run/systemd/netif/io.systemd.Network: %m");

        (void) sd_varlink_set_description(vl, "varlink-network");

        r = sd_varlink_set_allow_fd_passing_output(vl, true);
        if (r < 0)
                return log_error_errno(r, "Failed to allow passing file descriptor through varlink: %m");

        r = varlink_call_and_log(vl, "io.systemd.Network.GetNamespaceId", /* parameters= */ NULL, &reply);
        if (r < 0)
                return r;

        static const sd_json_dispatch_field dispatch_table[] = {
                { "NamespaceId", SD_JSON_VARIANT_UNSIGNED, sd_json_dispatch_uint64, 0, SD_JSON_MANDATORY },
                {},
        };

        r = sd_json_dispatch(reply, dispatch_table, SD_JSON_LOG|SD_JSON_ALLOW_EXTENSIONS, &id);
        if (r < 0)
                return r;

        if (id == 0)
                log_debug("systemd-networkd.service not running in a network namespace (?), skipping netns check.");
        else {
                struct stat st;

                if (stat("/proc/self/ns/net", &st) < 0)
                        return log_error_errno(errno, "Failed to determine our own network namespace ID: %m");

                if (id != st.st_ino)
                        return log_error_errno(SYNTHETIC_ERRNO(EREMOTE),
                                               "networkctl must be invoked in same network namespace as systemd-networkd.service.");
        }

        if (ret_varlink)
                *ret_varlink = TAKE_PTR(vl);
        return 0;
}

bool networkd_is_running(void) {
        static int cached = -1;
        int r;

        if (cached < 0) {
                r = access("/run/systemd/netif/state", F_OK);
                if (r < 0) {
                        if (errno != ENOENT)
                                log_debug_errno(errno,
                                                "Failed to determine whether networkd is running, assuming it's not: %m");

                        cached = false;
                } else
                        cached = true;
        }

        return cached;
}

int acquire_bus(sd_bus **ret) {
        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
        int r;

        assert(ret);

        r = sd_bus_open_system(&bus);
        if (r < 0)
                return log_error_errno(r, "Failed to connect to system bus: %m");

        (void) sd_bus_set_allow_interactive_authorization(bus, arg_ask_password);

        if (networkd_is_running()) {
                r = varlink_connect_networkd(/* ret_varlink = */ NULL);
                if (r < 0)
                        return r;
        } else
                log_warning("systemd-networkd is not running, output might be incomplete.");

        *ret = TAKE_PTR(bus);
        return 0;
}

int link_get_property(
                sd_bus *bus,
                int ifindex,
                sd_bus_error *error,
                sd_bus_message **reply,
                const char *iface,
                const char *propname,
                const char *type) {

        _cleanup_free_ char *path = NULL;
        char ifindex_str[DECIMAL_STR_MAX(int)];
        int r;

        assert(bus);
        assert(ifindex >= 0);
        assert(error);
        assert(reply);
        assert(iface);
        assert(propname);
        assert(type);

        xsprintf(ifindex_str, "%i", ifindex);

        r = sd_bus_path_encode("/org/freedesktop/network1/link", ifindex_str, &path);
        if (r < 0)
                return r;

        return sd_bus_get_property(bus, "org.freedesktop.network1", path, iface, propname, error, reply, type);
}

void operational_state_to_color(const char *name, const char *state, const char **on, const char **off) {
        if (STRPTR_IN_SET(state, "routable", "enslaved") ||
            (streq_ptr(name, "lo") && streq_ptr(state, "carrier"))) {
                if (on)
                        *on = ansi_highlight_green();
                if (off)
                        *off = ansi_normal();
        } else if (streq_ptr(state, "degraded")) {
                if (on)
                        *on = ansi_highlight_yellow();
                if (off)
                        *off = ansi_normal();
        } else {
                if (on)
                        *on = "";
                if (off)
                        *off = "";
        }
}

void setup_state_to_color(const char *state, const char **on, const char **off) {
        if (streq_ptr(state, "configured")) {
                if (on)
                        *on = ansi_highlight_green();
                if (off)
                        *off = ansi_normal();
        } else if (streq_ptr(state, "configuring")) {
                if (on)
                        *on = ansi_highlight_yellow();
                if (off)
                        *off = ansi_normal();
        } else if (STRPTR_IN_SET(state, "failed", "linger")) {
                if (on)
                        *on = ansi_highlight_red();
                if (off)
                        *off = ansi_normal();
        } else {
                if (on)
                        *on = "";
                if (off)
                        *off = "";
        }
}

void online_state_to_color(const char *state, const char **on, const char **off) {
        if (streq_ptr(state, "online")) {
                if (on)
                        *on = ansi_highlight_green();
                if (off)
                        *off = ansi_normal();
        } else if (streq_ptr(state, "partial")) {
                if (on)
                        *on = ansi_highlight_yellow();
                if (off)
                        *off = ansi_normal();
        } else {
                if (on)
                        *on = "";
                if (off)
                        *off = "";
        }
}

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <sys/stat.h>
4	#include <unistd.h>
5
6	#include "sd-bus.h"
7
8	#include "alloc-util.h"
9	#include "ansi-color.h"
10	#include "log.h"
11	#include "networkctl.h"
12	#include "networkctl-util.h"
13	#include "stdio-util.h"
14	#include "string-util.h"
15	#include "strv.h"
16	#include "varlink-util.h"
17
18	int varlink_connect_networkd(sd_varlink **ret_varlink) {	3,981✔
19	_cleanup_(sd_varlink_flush_close_unrefp) sd_varlink *vl = NULL;	3,981✔
20	sd_json_variant *reply;	3,981✔
21	uint64_t id;	3,981✔
22	int r;	3,981✔
23
24	r = sd_varlink_connect_address(&vl, "/run/systemd/netif/io.systemd.Network");	3,981✔
25	if (r < 0)	3,981✔
UNCOV 26	return log_error_errno(r, "Failed to connect to network service /run/systemd/netif/io.systemd.Network: %m");	×
27
28	(void) sd_varlink_set_description(vl, "varlink-network");	3,981✔
29
30	r = sd_varlink_set_allow_fd_passing_output(vl, true);	3,981✔
31	if (r < 0)	3,981✔
32	return log_error_errno(r, "Failed to allow passing file descriptor through varlink: %m");	×
33
34	r = varlink_call_and_log(vl, "io.systemd.Network.GetNamespaceId", /* parameters= */ NULL, &reply);	3,981✔
35	if (r < 0)	3,981✔
36	return r;
37
38	static const sd_json_dispatch_field dispatch_table[] = {	3,981✔
39	{ "NamespaceId", SD_JSON_VARIANT_UNSIGNED, sd_json_dispatch_uint64, 0, SD_JSON_MANDATORY },
40	{},
41	};
42
43	r = sd_json_dispatch(reply, dispatch_table, SD_JSON_LOG\|SD_JSON_ALLOW_EXTENSIONS, &id);	3,981✔
44	if (r < 0)	3,981✔
45	return r;
46
47	if (id == 0)	3,981✔
48	log_debug("systemd-networkd.service not running in a network namespace (?), skipping netns check.");	×
49	else {
50	struct stat st;	3,981✔
51
52	if (stat("/proc/self/ns/net", &st) < 0)	3,981✔
53	return log_error_errno(errno, "Failed to determine our own network namespace ID: %m");	×
54
55	if (id != st.st_ino)	3,981✔
56	return log_error_errno(SYNTHETIC_ERRNO(EREMOTE),	×
57	"networkctl must be invoked in same network namespace as systemd-networkd.service.");
58	}
59
60	if (ret_varlink)	3,981✔
61	*ret_varlink = TAKE_PTR(vl);	2,306✔
62	return 0;
63	}
64
65	bool networkd_is_running(void) {	1,695✔
66	static int cached = -1;	1,695✔
67	int r;	1,695✔
68
69	if (cached < 0) {	1,695✔
70	r = access("/run/systemd/netif/state", F_OK);	1,692✔
71	if (r < 0) {	1,692✔
72	if (errno != ENOENT)	×
73	log_debug_errno(errno,	×
74	"Failed to determine whether networkd is running, assuming it's not: %m");
75
76	cached = false;	×
77	} else
78	cached = true;	1,692✔
79	}
80
81	return cached;	1,695✔
82	}
83
84	int acquire_bus(sd_bus **ret) {	1,675✔
85	_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;	1,675✔
86	int r;	1,675✔
87
88	assert(ret);	1,675✔
89
90	r = sd_bus_open_system(&bus);	1,675✔
91	if (r < 0)	1,675✔
92	return log_error_errno(r, "Failed to connect to system bus: %m");	×
93
94	(void) sd_bus_set_allow_interactive_authorization(bus, arg_ask_password);	1,675✔
95
96	if (networkd_is_running()) {	1,675✔
97	r = varlink_connect_networkd(/* ret_varlink = */ NULL);	1,675✔
98	if (r < 0)	1,675✔
99	return r;
100	} else
101	log_warning("systemd-networkd is not running, output might be incomplete.");	×
102
103	*ret = TAKE_PTR(bus);	1,675✔
104	return 0;	1,675✔
105	}
106
107	int link_get_property(	2,836✔
108	sd_bus *bus,
109	int ifindex,
110	sd_bus_error *error,
111	sd_bus_message **reply,
112	const char *iface,
113	const char *propname,
114	const char *type) {
115
116	_cleanup_free_ char *path = NULL;	2,836✔
117	char ifindex_str[DECIMAL_STR_MAX(int)];	2,836✔
118	int r;	2,836✔
119
120	assert(bus);	2,836✔
121	assert(ifindex >= 0);	2,836✔
122	assert(error);	2,836✔
123	assert(reply);	2,836✔
124	assert(iface);	2,836✔
125	assert(propname);	2,836✔
126	assert(type);	2,836✔
127
128	xsprintf(ifindex_str, "%i", ifindex);	2,836✔
129
130	r = sd_bus_path_encode("/org/freedesktop/network1/link", ifindex_str, &path);	2,836✔
131	if (r < 0)	2,836✔
132	return r;
133
134	return sd_bus_get_property(bus, "org.freedesktop.network1", path, iface, propname, error, reply, type);	2,836✔
135	}
136
137	void operational_state_to_color(const char name, const char state, const char on, const char off) {	1,447✔
138	if (STRPTR_IN_SET(state, "routable", "enslaved") \|\|	1,447✔
139	(streq_ptr(name, "lo") && streq_ptr(state, "carrier"))) {	627✔
140	if (on)	825✔
141	*on = ansi_highlight_green();	1,650✔
142	if (off)	825✔
143	*off = ansi_normal();	1,644✔
144	} else if (streq_ptr(state, "degraded")) {	622✔
145	if (on)	374✔
146	*on = ansi_highlight_yellow();	374✔
147	if (off)	374✔
148	*off = ansi_normal();	742✔
149	} else {
150	if (on)	248✔
151	*on = "";	248✔
152	if (off)	248✔
153	*off = "";	226✔
154	}
155	}	1,447✔
156
157	void setup_state_to_color(const char state, const char on, const char *off) {	1,446✔
158	if (streq_ptr(state, "configured")) {	1,446✔
159	if (on)	1,329✔
160	*on = ansi_highlight_green();	2,658✔
161	if (off)	1,329✔
162	*off = ansi_normal();	2,646✔
163	} else if (streq_ptr(state, "configuring")) {	117✔
164	if (on)	41✔
165	*on = ansi_highlight_yellow();	41✔
166	if (off)	41✔
167	*off = ansi_normal();	82✔
168	} else if (STRPTR_IN_SET(state, "failed", "linger")) {	76✔
169	if (on)	×
170	*on = ansi_highlight_red();	×
171	if (off)	×
172	*off = ansi_normal();	×
173	} else {
174	if (on)	76✔
175	*on = "";	76✔
176	if (off)	76✔
177	*off = "";	54✔
178	}
179	}	1,446✔
180
181	void online_state_to_color(const char state, const char on, const char *off) {	1,419✔
182	if (streq_ptr(state, "online")) {	1,419✔
183	if (on)	1,181✔
184	*on = ansi_highlight_green();	2,362✔
185	if (off)	1,181✔
186	*off = ansi_normal();	×
187	} else if (streq_ptr(state, "partial")) {	238✔
188	if (on)	×
189	*on = ansi_highlight_yellow();	×
190	if (off)	×
191	*off = ansi_normal();	×
192	} else {
193	if (on)	238✔
194	*on = "";	238✔
195	if (off)	238✔
196	*off = "";	×
197	}
198	}	1,419✔

systemd / systemd / 16062852561

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous