From 04bf2001be9428d84c19aa5e988bd9e46ed797fa Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 18:46:38 +0200 Subject: [PATCH 01/16] - PLD merge: drop grsecurity sysctl knobs --- sysctl.conf | 52 ---------------------------------------------------- 1 file changed, 52 deletions(-) diff --git a/sysctl.conf b/sysctl.conf index a34935b..de26cd5 100644 --- a/sysctl.conf +++ b/sysctl.conf @@ -140,58 +140,6 @@ kernel.sysrq = 1 # 0 - never reboot system (suggested 60) #kernel.panic = 60 -# -# GRSECURITY http://www.grsecurity.org -# -# WARNING! -# These values are SET ONCE! -# -#kernel.grsecurity.linking_restrictions = 1 -#kernel.grsecurity.fifo_restrictions = 1 -#kernel.grsecurity.destroy_unused_shm = 0 -#kernel.grsecurity.chroot_caps = 0 -#kernel.grsecurity.chroot_deny_chmod = 0 -#kernel.grsecurity.chroot_deny_chroot = 1 -#kernel.grsecurity.chroot_deny_fchdir = 0 -#kernel.grsecurity.chroot_deny_mknod = 1 -#kernel.grsecurity.chroot_deny_mount = 1 -#kernel.grsecurity.chroot_deny_pivot = 1 -#kernel.grsecurity.chroot_deny_shmat = 0 -#kernel.grsecurity.chroot_deny_sysctl = 1 -#kernel.grsecurity.chroot_deny_unix = 0 -#kernel.grsecurity.chroot_enforce_chdir = 0 -#kernel.grsecurity.chroot_execlog = 0 -#kernel.grsecurity.chroot_findtask = 1 -#kernel.grsecurity.chroot_restrict_nice = 0 - -#kernel.grsecurity.exec_logging = 0 -#kernel.grsecurity.signal_logging = 1 -#kernel.grsecurity.forkfail_logging = 0 -#kernel.grsecurity.timechange_logging = 1 -#kernel.grsecurity.audit_chdir = 0 -#kernel.grsecurity.audit_gid = 65505 -#kernel.grsecurity.audit_group = 0 -#kernel.grsecurity.audit_ipc = 0 -#kernel.grsecurity.audit_mount = 0 - -#kernel.grsecurity.execve_limiting = 1 -#kernel.grsecurity.dmesg = 1 -#kernel.grsecurity.tpe = 1 -#kernel.grsecurity.tpe_gid = 65500 -#kernel.grsecurity.tpe_glibc = 0 -#kernel.grsecurity.tpe_restrict_all = 0 - -#kernel.grsecurity.rand_pids = 1 -#kernel.grsecurity.socket_all = 1 -#kernel.grsecurity.socket_all_gid = 65501 -#kernel.grsecurity.socket_client = 1 -#kernel.grsecurity.socket_client_gid = 65502 -#kernel.grsecurity.socket_server = 1 -#kernel.grsecurity.socket_server_gid = 65503 - -#kernel.grsecurity.disable_modules = 0 -#kernel.grsecurity.grsec_lock = 0 - # kernel.randomize_va_space = 2 # 0 - Turn the process address space randomization off by default. # 1 - Conservative address space randomization makes the addresses of -- 2.45.1 From 0603354acf21cc77a19b97ae3218ae65cef3d138 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 18:49:48 +0200 Subject: [PATCH 02/16] - PLD merge: wait for duplicated IPv6 address detection while interface configuration --- lib/ifup | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/ifup b/lib/ifup index b8536af..be231ce 100755 --- a/lib/ifup +++ b/lib/ifup @@ -219,6 +219,19 @@ else # IPv6 in use ? if is_yes "$IPV6_NETWORKING" && [ -n "${IP6ADDR}" ]; then ip addr add ${IP6ADDR} dev ${DEVICE} ${IP6ADDROPT} + timeout=0 + while [ $timeout -le 20 ] && \ + if_state="`ip -o addr list dev ${DEVICE} to ${IP6ADDR}`" && \ + echo "$if_state" | grep -q tentative && \ + ! echo "$if_state" | grep -q dadfailed ; do + usleep 500000 + timeout=$((timeout+1)) + done + if ip -o addr list dev ${DEVICE} to ${IP6ADDR} | grep -q dadfailed ; then + ip addr del ${IP6ADDR} dev ${DEVICE} + nls '%s: Duplicated address detected: %s' "$DEVICE" "$IP6ADDR" + exit 1 + fi if [ -n "${IP6ADDRLABEL}" ]; then ip addrlabel add prefix ${IP6ADDR} dev ${DEVICE} label ${IP6ADDRLABEL} fi -- 2.45.1 From ab1fdb56eae724010c5c1eb3542e3c54691597a4 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 18:52:55 +0200 Subject: [PATCH 03/16] - PLD merge: vgchange -a n can hang on shutdown waiting for udevd synchronization. Don't do such synchronization since udevd is already killed at this moment anyway (https://listman.redhat.com/archives/linux-lvm/2021-September/msg00011.html) --- rc.d/rc.shutdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rc.d/rc.shutdown b/rc.d/rc.shutdown index 96d7864..8fab3cf 100755 --- a/rc.d/rc.shutdown +++ b/rc.d/rc.shutdown @@ -116,7 +116,7 @@ run_cmd "Remounting root filesystem in ro mode" mount -n -o remount,ro / if [ -x /sbin/vgchange ]; then lvmversion=$(LC_ALL=C /sbin/vgchange --version 2>/dev/null | awk '/LVM version:/{if ($3 >= 2) print "2"}') if [ "$lvmversion" = "2" ]; then - lvmsysinit="--sysinit" + lvmsysinit="--sysinit --noudevsync" else lvmsysinit="" fi -- 2.45.1 From 9688f03ab823fc09f097de03b48bcbd46b7db6ff Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 18:54:13 +0200 Subject: [PATCH 04/16] - PLD merge: keep sys mounted, too (lvm tools use these) --- rc.d/rc.shutdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rc.d/rc.shutdown b/rc.d/rc.shutdown index 8fab3cf..02246c3 100755 --- a/rc.d/rc.shutdown +++ b/rc.d/rc.shutdown @@ -81,7 +81,7 @@ remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \ && $2 !~ ig {print $2}' /proc/mounts) while [ -n "$remaining" -a "$retry" -gt 0 ]; do show "Unmounting file systems"; busy - ERRORS=$(umount -a $force -t noproc 2>&1); rc=$? + ERRORS=$(umount -a $force -t noproc,nosysfs 2>&1); rc=$? # we might had unmounted /usr, recheck $TPUT availability # but well. we need tput only for show() and busy() (ok() and fail() messages are already cached) -- 2.45.1 From 196499bef27e2a6e7b4f321ed9886f550550044c Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 18:56:49 +0200 Subject: [PATCH 05/16] - PLD merge: container related fixes --- lib/functions | 3 +++ lib/functions.network | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/functions b/lib/functions index 012f59c..6821022 100644 --- a/lib/functions +++ b/lib/functions @@ -1028,6 +1028,9 @@ confirm() { # module is needed (ie. is requested, is available and isn't loaded already) is_module() { + # fail if /sbin/lsmod does not exists (ex. in containers) + [ -x /sbin/lsmod ] || return 1 + # module name without .o at end if ! lsmod | grep -q "$1"; then if ls -1R /lib/modules/$(uname -r)/ 2> /dev/null | grep -q "^${1}.\(\|k\)o\(\|.gz\)"; then diff --git a/lib/functions.network b/lib/functions.network index b4ea5d0..ad930e3 100644 --- a/lib/functions.network +++ b/lib/functions.network @@ -345,7 +345,8 @@ setup_routes() # Add ONLY IPv4 address (IPv6 address is added automaticly) set_up_loopback() { - if is_yes "$IPV4_NETWORKING"; then + # test if addr is assigned already as lxd(lxc?) initializes loopback upfront + if is_yes "$IPV4_NETWORKING" && ! ip addr show lo | grep -q "127\.0\.0\.1"; then ip addr add 127.0.0.1/8 dev lo fi ip link set dev lo up -- 2.45.1 From 6c34c3958eb396b515524ec25d2e1b0c61a99ab6 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 19:01:30 +0200 Subject: [PATCH 06/16] - PLD merge: remove internal ipcalc in favor of more feature rich external one --- .gitignore | 1 - README | 10 +- lib/ifup-post | 5 +- man/Makefile.am | 1 - man/ipcalc.1 | 58 -------- src/Makefile.am | 4 - src/ipcalc.c | 361 ------------------------------------------------ 7 files changed, 9 insertions(+), 431 deletions(-) delete mode 100644 man/ipcalc.1 delete mode 100644 src/ipcalc.c diff --git a/.gitignore b/.gitignore index 6337d3c..a909fb2 100644 --- a/.gitignore +++ b/.gitignore @@ -50,7 +50,6 @@ src/doexec src/genhostid src/getkey src/initlog -src/ipcalc src/loglevel src/minilogd src/netreport diff --git a/README b/README index 42defae..4163756 100644 --- a/README +++ b/README @@ -18,15 +18,16 @@ To use IPv6 networking you should compile: Networking options ---> <*/M> The IPv6 protocol (EXPERIMENTAL) - [*] IPv6: enable EUI-64 token format - [*] IPv6: disable provider based addresses + [*] IPv6: enable EUI-64 token format + [*] IPv6: disable provider based addresses -too. +too. Other required or suggested packages: | What? | Package | +-------------+-------------------------------+ + 6to4 ipcalc IPX ncfps fourtun fourtun and kernel module bridge bridge-utils @@ -35,7 +36,7 @@ Other required or suggested packages: serial/ppp ppp, dip, wvdial serial/slip slattach PPPoE pppd + rp-pppoe (plugin or userspace program) - + Also you should know that format of interface configuration files is totally different from these used in RedHat/Mandrake initscripts and even from stable rc-scripts branch. @@ -45,4 +46,3 @@ to TLD developers at . -- TLD Linux Developers - diff --git a/lib/ifup-post b/lib/ifup-post index a271309..5ab4191 100755 --- a/lib/ifup-post +++ b/lib/ifup-post @@ -59,7 +59,10 @@ fi if [ -n "$NEEDHOSTNAME" -a "${DEVICETYPE}" != "ppp" -a "${DEVICETYPE}" != "slip" ]; then IPADDR=$(ip -f inet addr show dev ${DEVICE} | awk '/inet/ { print $2 }' |awk -F"/" '{ print $1 }') - eval $(/bin/ipcalc --silent --hostname ${IPADDR}) && set_hostname $HOSTNAME + if eval $(/bin/ipcalc --silent --hostname ${IPADDR}) ; then + [ "${HOSTNAME}" != "${IPADDR}" ] && set_hostname ${HOSTNAME} + fi + fi # run tleds software diff --git a/man/Makefile.am b/man/Makefile.am index ae48e04..4603c69 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -8,7 +8,6 @@ man_MANS = \ genhostid.1 \ getkey.1 \ initlog.1 \ - ipcalc.1 \ netreport.1 \ ppp-watch.8 \ usernetctl.8 \ diff --git a/man/ipcalc.1 b/man/ipcalc.1 deleted file mode 100644 index fd9b212..0000000 --- a/man/ipcalc.1 +++ /dev/null @@ -1,58 +0,0 @@ -.TH IPCALC 1 "April 30 2001" "Red Hat, Inc." RH \" -*- nroff -*- -.SH NAME -ipcalc \- perform simple manipulation of IP addresses -.SH SYNOPSIS -.B ipcalc -[\fIOPTION\fR]... <\fBIP address\fR>[\fI/prefix\fR] [\fInetmask\fR] - -.SH DESCRIPTION -\fBipcalc\fR provides a simple way to calculate IP information for a host. -The various options specify what information \fBipcalc\fR should display -on standard out. Multiple options may be specified. An IP address to -operate on must always be specified. Most operations also require a -netmask or a CIDR prefix as well. - -.SH OPTIONS -.TP -.TP -\fB\-b\fR, \fB\-\-broadcast\fR -Display the broadcast address for the given IP address and netmask. - -.TP -\fB\-h\fR, \fB\-\-hostname\fR -Display the hostname for the given IP address. - -.TP -\fB\-m\fR, \fB\-\-netmask\fR -Calculate the netmask for the given IP address. It assumes that the IP -address is in a complete class A, B, or C network. Many networks do -not use the default netmasks, in which case an inappropriate value will -be returned. - -.TP -\fB\-p\fR, \fB\-\-prefix\fR -Show the prefix for the given mask/IP address. - -.TP -\fB\-n\fR, \fB\-\-network\fR -Display the network address for the given IP address and netmask. - -.TP -\fB\-s\fR, \fB\-\-silent\fR -Don't ever display error messages. - -.SH AUTHORS -.nf -Erik Troan -.nf -Preston Brown -.fi -.SH "REPORTING BUGS" -Report bugs to our bugtracking system: -http://bugzilla.redhat.com/bugzilla. -.SH COPYRIGHT -Copyright \(co 1997-2001 Red Hat, Inc. -.br -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR -PURPOSE. diff --git a/src/Makefile.am b/src/Makefile.am index cd77139..79acf54 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -7,7 +7,6 @@ sysconf_DATA = \ bin_PROGRAMS = \ doexec \ - ipcalc \ usleep \ run-parts \ resolvesymlink @@ -34,9 +33,6 @@ doexec_SOURCES = doexec.c resolvesymlink_SOURCES = resolvesymlink.c -ipcalc_SOURCES = ipcalc.c -ipcalc_LDADD = -lpopt - genhostid_SOURCES = genhostid.c netreport_SOURCES = netreport.c diff --git a/src/ipcalc.c b/src/ipcalc.c deleted file mode 100644 index f133412..0000000 --- a/src/ipcalc.c +++ /dev/null @@ -1,361 +0,0 @@ -/* - * Copyright (c) 1997-2003 Red Hat, Inc. All rights reserved. - * - * This software may be freely redistributed under the terms of the GNU - * public license. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - * - * Authors: - * Erik Troan - * Preston Brown - */ - - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/*! - \def IPBITS - \brief the number of bits in an IP address. -*/ -#define IPBITS (sizeof(u_int32_t) * 8) -/*! - \def IPBYTES - \brief the number of bytes in an IP address. -*/ -#define IPBYTES (sizeof(u_int32_t)) - - -/*! - \file ipcalc.c - \brief provides utilities for manipulating IP addresses. - - ipcalc provides utilities and a front-end command line interface for - manipulating IP addresses, and calculating various aspects of an ip - address/netmask/network address/prefix/etc. - - Functionality can be accessed from other languages from the library - interface, documented here. To use ipcalc from the shell, read the - ipcalc(1) manual page. - - When passing parameters to the various functions, take note of whether they - take host byte order or network byte order. Most take host byte order, and - return host byte order, but there are some exceptions. - -*/ - -/*! - \fn u_int32_t prefix2mask(int bits) - \brief creates a netmask from a specified number of bits - - This function converts a prefix length to a netmask. As CIDR (classless - internet domain internet domain routing) has taken off, more an more IP - addresses are being specified in the format address/prefix - (i.e. 192.168.2.3/24, with a corresponding netmask 255.255.255.0). If you - need to see what netmask corresponds to the prefix part of the address, this - is the function. See also \ref mask2prefix. - - \param prefix is the number of bits to create a mask for. - \return a network mask, in network byte order. -*/ -u_int32_t prefix2mask(int prefix) { - return htonl(~((1 << (32 - prefix)) - 1)); -} - -/*! - \fn int mask2prefix(u_int32_t mask) - \brief calculates the number of bits masked off by a netmask. - - This function calculates the significant bits in an IP address as specified by - a netmask. See also \ref prefix2mask. - - \param mask is the netmask, specified as an u_int32_teger in network byte order. - \return the number of significant bits. */ -int mask2prefix(u_int32_t mask) -{ - int i; - int count = IPBITS; - - for (i = 0; i < IPBITS; i++) { - if (!(ntohl(mask) & ((2 << i) - 1))) - count--; - } - - return count; -} - -/*! - \fn u_int32_t default_netmask(u_int32_t addr) - - \brief returns the default (canonical) netmask associated with specified IP - address. - - When the Internet was originally set up, various ranges of IP addresses were - segmented into three network classes: A, B, and C. This function will return - a netmask that is associated with the IP address specified defining where it - falls in the predefined classes. - - \param addr an IP address in network byte order. - \return a netmask in network byte order. */ -u_int32_t default_netmask(u_int32_t addr) -{ - if (((ntohl(addr) & 0xFF000000) >> 24) <= 127) - return htonl(0xFF000000); - else if (((ntohl(addr) & 0xFF000000) >> 24) <= 191) - return htonl(0xFFFF0000); - else - return htonl(0xFFFFFF00); -} - -/*! - \fn u_int32_t calc_broadcast(u_int32_t addr, int prefix) - - \brief calculate broadcast address given an IP address and a prefix length. - - \param addr an IP address in network byte order. - \param prefix a prefix length. - - \return the calculated broadcast address for the network, in network byte - order. -*/ -u_int32_t calc_broadcast(u_int32_t addr, - int prefix) -{ - return (addr & prefix2mask(prefix)) | ~prefix2mask(prefix); -} - -/*! - \fn u_int32_t calc_network(u_int32_t addr, int prefix) - \brief calculates the network address for a specified address and prefix. - - \param addr an IP address, in network byte order - \param prefix the network prefix - \return the base address of the network that addr is associated with, in - network byte order. -*/ -u_int32_t calc_network(u_int32_t addr, int prefix) -{ - return (addr & prefix2mask(prefix)); -} - -/*! - \fn const char *get_hostname(u_int32_t addr) - \brief returns the hostname associated with the specified IP address - - \param addr an IP address to find a hostname for, in network byte order - - \return a hostname, or NULL if one cannot be determined. Hostname is stored - in a static buffer that may disappear at any time, the caller should copy the - data if it needs permanent storage. -*/ -const char *get_hostname(u_int32_t addr) -{ - struct hostent * hostinfo; - int x; - - hostinfo = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET); - if (!hostinfo) - return NULL; - - for (x=0; hostinfo->h_name[x]; x++) { - hostinfo->h_name[x] = tolower(hostinfo->h_name[x]); - } - return hostinfo->h_name; -} - -/*! - \fn main(int argc, const char **argv) - \brief wrapper program for ipcalc functions. - - This is a wrapper program for the functions that the ipcalc library provides. - It can be used from shell scripts or directly from the command line. - - For more information, please see the ipcalc(1) man page. -*/ -int main(int argc, const char **argv) { - int showBroadcast = 0, showPrefix = 0, showNetwork = 0; - int showHostname = 0, showNetmask = 0; - int beSilent = 0; - int rc; - poptContext optCon; - char *ipStr, *prefixStr, *netmaskStr, *hostName, *chptr; - struct in_addr ip, netmask, network, broadcast; - int prefix = 0; - char errBuf[250]; - struct poptOption optionsTable[] = { - { "broadcast", 'b', 0, &showBroadcast, 0, - "Display calculated broadcast address", }, - { "hostname", 'h', 0, &showHostname, 0, - "Show hostname determined via DNS" }, - { "netmask", 'm', 0, &showNetmask, 0, - "Display default netmask for IP (class A, B, or C)" }, - { "network", 'n', 0, &showNetwork, 0, - "Display network address", }, - { "prefix", 'p', 0, &showPrefix, 0, - "Display network prefix", }, - { "silent", 's', 0, &beSilent, 0, - "Don't ever display error messages " }, - POPT_AUTOHELP - { NULL, '\0', 0, 0, 0, NULL, NULL } - }; - - optCon = poptGetContext("ipcalc", argc, argv, optionsTable, 0); - poptReadDefaultConfig(optCon, 1); - - if ((rc = poptGetNextOpt(optCon)) < -1) { - if (!beSilent) { - fprintf(stderr, "ipcalc: bad argument %s: %s\n", - poptBadOption(optCon, POPT_BADOPTION_NOALIAS), - poptStrerror(rc)); - poptPrintHelp(optCon, stderr, 0); - } - return 1; - } - - if (!(ipStr = (char *) poptGetArg(optCon))) { - if (!beSilent) { - fprintf(stderr, "ipcalc: ip address expected\n"); - poptPrintHelp(optCon, stderr, 0); - } - return 1; - } - - if (strchr(ipStr,'/') != NULL) { - prefixStr = strchr(ipStr, '/') + 1; - prefixStr--; - *prefixStr = '\0'; /* fix up ipStr */ - prefixStr++; - } else - prefixStr = NULL; - - if (prefixStr != NULL) { - prefix = atoi(prefixStr); - if (prefix == 0) { - if (!beSilent) - fprintf(stderr, "ipcalc: bad prefix: %s\n", - prefixStr); - return 1; - } - } - - if (showBroadcast || showNetwork || showPrefix) { - if (!(netmaskStr = (char *) poptGetArg(optCon)) && - (prefix == 0)) { - if (!beSilent) { - fprintf(stderr, "ipcalc: netmask or prefix expected\n"); - poptPrintHelp(optCon, stderr, 0); - } - return 1; - } else if (netmaskStr && prefix != 0) { - if (!beSilent) { - fprintf(stderr, "ipcalc: both netmask and prefix specified\n"); - poptPrintHelp(optCon, stderr, 0); - } - return 1; - } else if (netmaskStr) { - if (!inet_aton(netmaskStr, &netmask)) { - if (!beSilent) - fprintf(stderr, "ipcalc: bad netmask: %s\n", - netmaskStr); - return 1; - } - prefix = mask2prefix(netmask.s_addr); - } - } - - if ((chptr = (char *) poptGetArg(optCon))) { - if (!beSilent) { - fprintf(stderr, "ipcalc: unexpected argument: %s\n", chptr); - poptPrintHelp(optCon, stderr, 0); - } - return 1; - } - - /* Handle CIDR entries such as 172/8 */ - if (prefix) { - char *tmp = ipStr; - int i; - - for(i=3; i> 0; i--) { - tmp = strchr(tmp,'.'); - if (!tmp) - break; - else - tmp++; - } - tmp = NULL; - for (; i>0; i--) { - tmp = malloc(strlen(ipStr) + 3); - sprintf(tmp,"%s.0",ipStr); - ipStr = tmp; - } - } - - if (!inet_aton(ipStr, (struct in_addr *) &ip)) { - if (!beSilent) - fprintf(stderr, "ipcalc: bad ip address: %s\n", ipStr); - return 1; - } - - - if (!(showNetmask|showPrefix|showBroadcast|showNetwork|showHostname)) { - poptPrintHelp(optCon, stderr, 0); - return 1; - } - - poptFreeContext(optCon); - - /* we know what we want to display now, so display it. */ - - if (showNetmask) { - if (prefix) { - netmask.s_addr = prefix2mask(prefix); - } else { - netmask.s_addr = default_netmask(ip.s_addr); - prefix = mask2prefix(netmask.s_addr); - } - - printf("NETMASK=%s\n", inet_ntoa(netmask)); - } - - if (showPrefix) { - if (!prefix) - prefix = mask2prefix(ip.s_addr); - printf("PREFIX=%d\n", prefix); - } - - if (showBroadcast) { - broadcast.s_addr = calc_broadcast(ip.s_addr, prefix); - printf("BROADCAST=%s\n", inet_ntoa(broadcast)); - } - - if (showNetwork) { - network.s_addr = calc_network(ip.s_addr, prefix); - printf("NETWORK=%s\n", inet_ntoa(network)); - } - - if (showHostname) { - if ((hostName = (char *) get_hostname(ip.s_addr)) == NULL) { - if (!beSilent) { - sprintf(errBuf, "ipcalc: cannot find hostname for %s", ipStr); - herror(errBuf); - } - return 1; - } - - printf("HOSTNAME=%s\n", hostName); - } - - return 0; -} -- 2.45.1 From 9bd3fb3ab4feccd2936438b56b996dcd75e2e687 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 19:08:09 +0200 Subject: [PATCH 07/16] - PLD merge: set sysctl setting using syctl --system option --- lib/functions | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/functions b/lib/functions index 6821022..25803f6 100644 --- a/lib/functions +++ b/lib/functions @@ -119,11 +119,7 @@ strstr() { # Apply sysctl settings, including files in /etc/sysctl.d apply_sysctl() { - local file - for file in /etc/sysctl.d/*.conf; do - test -f "$file" && sysctl -q -e -p "$file" - done - sysctl -q -e -p /etc/sysctl.conf + sysctl -q -e --system } if is_yes "$FASTRC" || is_yes "$IN_SHUTDOWN"; then -- 2.45.1 From 007473280f09c23aeba773bafc133456d11e7b2f Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 20:45:54 +0200 Subject: [PATCH 08/16] - PLD merge: remove unknown `gid' mount option for sysfs, selinuxfs --- rc.d/init.d/sys-chroots | 4 ++-- rc.d/rc.sysinit | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rc.d/init.d/sys-chroots b/rc.d/init.d/sys-chroots index b6e88ef..4945393 100755 --- a/rc.d/init.d/sys-chroots +++ b/rc.d/init.d/sys-chroots @@ -103,11 +103,11 @@ start() { fi # sysfs is also needed before any other things (under kernel > 2.5) if grep -q sysfs /proc/filesystems ; then - chroot $dir mount -o gid=17 -t sysfs sysfs /sys + chroot $dir mount -t sysfs sysfs /sys fi # selinux if grep -q selinuxfs /proc/filesystems ; then - chroot $dir mount -o gid=17 -t selinuxfs selinuxfs /selinux + chroot $dir mount -t selinuxfs selinuxfs /selinux fi chroot $dir mount -a # network diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit index b6bfb29..524fe97 100755 --- a/rc.d/rc.sysinit +++ b/rc.d/rc.sysinit @@ -124,7 +124,7 @@ init_selinux() { # no support in kernel, no chance SELINUX=no elif ! is_fsmounted selinuxfs /selinux; then - mount -n -o gid=17 -t selinuxfs selinuxfs /selinux + mount -n -t selinuxfs selinuxfs /selinux fi # Check SELinux status @@ -369,7 +369,7 @@ if [[ "$container" != lxc* ]]; then # sysfs is also needed before any other things (under kernel > 2.5) if ! is_fsmounted sysfs /sys; then - grep -Fq sysfs /proc/filesystems && mount -n -o gid=17 -t sysfs sysfs /sys + grep -Fq sysfs /proc/filesystems && mount -n -t sysfs sysfs /sys fi if grep -Fq securityfs /proc/filesystems; then mount -n -t securityfs securityfs /sys/kernel/security -- 2.45.1 From 20920d818d785137888facc07b84771ded2a70c2 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 20:49:01 +0200 Subject: [PATCH 09/16] - PLD merge: don't delete base pidfile if other pid file was specified --- lib/functions | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/functions b/lib/functions index 25803f6..b4c4840 100644 --- a/lib/functions +++ b/lib/functions @@ -896,7 +896,11 @@ killproc() { # Remove pid file if any. if [ "$notset" = "1" ]; then - rm -f /var/run/${base}.pid + if [ -f "${pidfile}" ] ; then + rm -f "$pidfile" + else + rm -f /var/run/${base}.pid + fi fi return $result -- 2.45.1 From 72819baa8397eafde951f1437b9cdcf964f44c1d Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 21:08:57 +0200 Subject: [PATCH 10/16] - PLD merge: fix first use of modprobe_c, most likely usb or firewire controller setup, use /sys/fs/selinux as selinuxfs mount point if available --- rc.d/rc.sysinit | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit index 524fe97..750e16a 100755 --- a/rc.d/rc.sysinit +++ b/rc.d/rc.sysinit @@ -47,6 +47,7 @@ modprobe_c() { # filter only what is wanted by this script: aliases and options modprobe_c_cache=$(modprobe -c | grep -E '^(alias|options)') + echo "$modprobe_c_cache" } # parse kernel cmdline @@ -123,8 +124,8 @@ init_selinux() { if ! grep -Fq selinuxfs /proc/filesystems; then # no support in kernel, no chance SELINUX=no - elif ! is_fsmounted selinuxfs /selinux; then - mount -n -t selinuxfs selinuxfs /selinux + elif ! is_fsmounted selinuxfs $selinuxfsdir; then + mount -n -t selinuxfs selinuxfs $selinuxfsdir fi # Check SELinux status @@ -378,6 +379,12 @@ if [[ "$container" != lxc* ]]; then mount -n -o rw -t efivarfs efivarfs /sys/firmware/efi/efivars fi + if [ -d /sys/fs/selinux ]; then + # Linux 3.0+ + selinuxfsdir=/sys/fs/selinux + else + selinuxfsdir=/selinux + fi init_selinux # Choose Hardware profile @@ -647,8 +654,8 @@ if [[ "$container" != lxc* ]]; then fi fi - if is_fsmounted selinuxfs /selinux; then - mount -f -t selinuxfs selinuxfs /selinux 2> /dev/null + if is_fsmounted selinuxfs $selinuxfsdir; then + mount -f -t selinuxfs selinuxfs $selinuxfsdir 2> /dev/null fi if [ ! -f /proc/modules ]; then -- 2.45.1 From e146f3ecf19212d46004a24e329527789dbb8f42 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 21:16:39 +0200 Subject: [PATCH 11/16] - PLD merge: add (commented out) vm.oom_kill_allocating_task sysctl knob --- sysctl.conf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sysctl.conf b/sysctl.conf index de26cd5..1f4cf84 100644 --- a/sysctl.conf +++ b/sysctl.conf @@ -127,6 +127,12 @@ net.ipv4.conf.default.rp_filter = 1 # fs.file-max = 8192 # fs.inode-max = 16384 +# Sometimes (read: always) the Linux OOM killer doesn’t kill the offending +# process. Usually, this is because as the system is out of memory, it isn’t +# able to do the memory intensive task of scanning through all the processes. +# Ironic. +#vm.oom_kill_allocating_task = 1 + # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. #kernel.core_uses_pid = 1 @@ -140,7 +146,6 @@ kernel.sysrq = 1 # 0 - never reboot system (suggested 60) #kernel.panic = 60 -# kernel.randomize_va_space = 2 # 0 - Turn the process address space randomization off by default. # 1 - Conservative address space randomization makes the addresses of # mmap base and VDSO page randomized. This, among other things, @@ -154,6 +159,7 @@ kernel.sysrq = 1 # start of the brk area is randomized. There are however no known # non-legacy applications that would be broken this way, so for most # systems it is safe to choose Full randomization. +# kernel.randomize_va_space = 2 # for mplayer #dev.rtc.max-user-freq = 1024 -- 2.45.1 From db7b01aaedc9a70a5c7f349eb438fd9387d2f5ad Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 21:18:54 +0200 Subject: [PATCH 12/16] - PLD merge: skip cgroup/cgroup2 fs, too --- rc.d/rc.shutdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rc.d/rc.shutdown b/rc.d/rc.shutdown index 02246c3..db226b5 100755 --- a/rc.d/rc.shutdown +++ b/rc.d/rc.shutdown @@ -76,7 +76,7 @@ else UMOUNT_IGNORE="/ $UMOUNT_IGNORE" fi remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \ - $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|sysfs|securityfs|squashfs)$/ \ + $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|squashfs)$/ \ && $1 !~ /^(none|\/dev\/root)$/ \ && $2 !~ ig {print $2}' /proc/mounts) while [ -n "$remaining" -a "$retry" -gt 0 ]; do @@ -100,7 +100,7 @@ while [ -n "$remaining" -a "$retry" -gt 0 ]; do sleep 2 remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \ - $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|sysfs|securityfs|squashfs)$/ \ + $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|squashfs)$/ \ && $1 !~ /^(none|\/dev\/root)$/ \ && $2 !~ ig {print $2}' /proc/mounts) [ -z "$remaining" ] && break -- 2.45.1 From 4d0d99b9003b973c89c2264cc0652d267d3404d4 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 21:23:38 +0200 Subject: [PATCH 13/16] - PLD merge: umount remaining filesystems one by one (using -R) option which helps in cases when we have chroot mounted somewhere with proc, sys etc inside. Also when doing final -a umount skip tmpfs (used by /run) and dev* (used in /dev). --- rc.d/rc.shutdown | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/rc.d/rc.shutdown b/rc.d/rc.shutdown index db226b5..8c86fa4 100755 --- a/rc.d/rc.shutdown +++ b/rc.d/rc.shutdown @@ -80,8 +80,20 @@ remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \ && $1 !~ /^(none|\/dev\/root)$/ \ && $2 !~ ig {print $2}' /proc/mounts) while [ -n "$remaining" -a "$retry" -gt 0 ]; do - show "Unmounting file systems"; busy - ERRORS=$(umount -a $force -t noproc,nosysfs 2>&1); rc=$? + for mnt in $remaining; do + run_cmd "$(nls 'Umounting file system: %s' $mnt)" umount $force -R $mnt + + # we might had unmounted /usr, recheck $TPUT availability + # but well. we need tput only for show() and busy() (ok() and fail() messages are already cached) + # TODO: look ahead the messages? + if is_yes "$TPUT"; then + TPUT= + rc_gettext_init + fi + done + + show "Unmounting remainging file systems"; busy + ERRORS=$(umount -a $force -t noproc,nosysfs,notmpfs,nodevpts,nodevtmpfs 2>&1); rc=$ # we might had unmounted /usr, recheck $TPUT availability # but well. we need tput only for show() and busy() (ok() and fail() messages are already cached) @@ -95,7 +107,10 @@ while [ -n "$remaining" -a "$retry" -gt 0 ]; do ok else fail - [ -n "$ERRORS" ] && echo "$ERRORS" + if [ -n "$ERRORS" ]; then + nls "Umount errors:" + echo "$ERRORS" + fi fi sleep 2 -- 2.45.1 From 45ae276d50ff93eff38f1d160f3c736b7406042f Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 21:25:53 +0200 Subject: [PATCH 14/16] - skip efivarfs when unmounting file systems --- rc.d/rc.shutdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rc.d/rc.shutdown b/rc.d/rc.shutdown index 8c86fa4..efcaecb 100755 --- a/rc.d/rc.shutdown +++ b/rc.d/rc.shutdown @@ -76,7 +76,7 @@ else UMOUNT_IGNORE="/ $UMOUNT_IGNORE" fi remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \ - $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|squashfs)$/ \ + $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|efivarfs|squashfs)$/ \ && $1 !~ /^(none|\/dev\/root)$/ \ && $2 !~ ig {print $2}' /proc/mounts) while [ -n "$remaining" -a "$retry" -gt 0 ]; do @@ -115,7 +115,7 @@ while [ -n "$remaining" -a "$retry" -gt 0 ]; do sleep 2 remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \ - $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|squashfs)$/ \ + $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|efivarfs|squashfs)$/ \ && $1 !~ /^(none|\/dev\/root)$/ \ && $2 !~ ig {print $2}' /proc/mounts) [ -z "$remaining" ] && break -- 2.45.1 From dbe8a0d17ac69e36b5f3abba4ec991947722f358 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 21:32:19 +0200 Subject: [PATCH 15/16] - updated CREDITS entry --- AUTHORS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AUTHORS b/AUTHORS index 252e6a0..b8c84a8 100644 --- a/AUTHORS +++ b/AUTHORS @@ -3,8 +3,7 @@ MAINTAINERS AUTHORS/CREDITS Marcin Krol - fixes, scripts for controlling bonding, - preparation for TLD Linux + modified for TLD Linux, fixes, enhancements Arkadiusz Miśkiewicz networking functions, iproute2 support, -- 2.45.1 From 553f924751b7684aaf6602b35360177303ad42e7 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 22:07:30 +0200 Subject: [PATCH 16/16] - version 0.5.4 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 61fa785..b5761f8 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ -AC_INIT([rc-scripts], [0.5.3], [tld-devel@lists.tld-linux.org], [rc-scripts]) +AC_INIT([rc-scripts], [0.5.4], [tld-devel@lists.tld-linux.org], [rc-scripts]) dnl Do not require AUTHORS, ChangeLog, NEWS, and README to exist AM_INIT_AUTOMAKE([foreign]) -- 2.45.1