1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

53751 Commits

Author SHA1 Message Date
Lennart Poettering
5a5a5d2914 cgroups-show: optionally show cgroup xattrs + cgroup id in cgroup tree output 2021-10-07 11:50:42 +02:00
Lennart Poettering
aa13d38417 cgroups-show: use path_join() when concatenating cgroup paths 2021-10-07 11:50:02 +02:00
Lennart Poettering
40d4320dea cgroups-show: validate specified hostname before including it in fs path
let's make sure the specified hostname is really valid before we build
an fs path from it. Just as a safety future, so that people can't trick
us with hostnames including "/../" or so.
2021-10-07 11:49:57 +02:00
Lennart Poettering
a5edf95ec2 cgroup-util: add reusable union type for cgroupfs file_handle structs
That way we can easily call name_to_handle_at() on cgroupfs2 elsewhere.
2021-10-07 11:49:44 +02:00
Lennart Poettering
c53e07e249 xattr-util: merge various getxattr()/listxattr() helpers into getxattr_at_malloc() + listxattr_at_malloc()
Unfortunately fgetxattr() and flistxattr() don't work via O_PATH fds.
Let's thus add fallbacks to go via /proc/self/fd/ in these cases.

Also, let's merge all the various flavours we have here into singular
implementations that can do everything we need:

1. malloc() loop handling
2. by fd, by path, or combination (i.e. a proper openat() like API)
3. work on O_PATH
2021-10-07 11:49:22 +02:00
Luca Boccassi
c9d1c37c93 test: make OpenSSL checks optional in TEST-50-DISSECT
If the packages are built without libssl simply skip the signature
checks.

Oct 06 21:21:32 H systemd[1]: systemd 249.1249.gcc4df1f787.0 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL
...
Oct 06 21:22:21 H systemd[459]: Activation of signed Verity volume worked neither via the kernel nor in userspace, can't activate.

Follow-up for #20691
2021-10-07 08:41:33 +02:00
Luca Boccassi
0cf250022c
Merge pull request #20926 from yuwata/udev-net-wol-sopass
udev/net: introduce WakeOnLanPassword=
2021-10-06 23:36:05 +01:00
Frantisek Sumsal
f415cdb372 test: test udev with a _very_ long device name
Let's attempt to provide some coverage for #16161, #6867, and similar.
2021-10-07 03:17:44 +09:00
Daan De Meyer
414bd2e786 coredump: Don't log an error if D-Bus isn't running
coredumpctl could be used in a chroot where D-Bus isn't running. If
that's the case, we shouldn't consider it an error if we can't connect
to the D-Bus daemon so let's reduce the severity of the error we log
when we can't connect to D-Bus because the socket doesn't exist.
2021-10-07 02:23:11 +09:00
Yu Watanabe
d489317f59
Merge pull request #20935 from unusual-thoughts/fix-empty-argv
Fix #20933
2021-10-07 01:53:51 +09:00
Yu Watanabe
d3867133f0 udev/net: introduce WakeOnLanPassword=
Closes #20913.
2021-10-07 01:50:37 +09:00
Yu Watanabe
fe2a8b3d3f test-network: add tests for Token= in [IPv6Prefix] 2021-10-07 01:24:50 +09:00
Yu Watanabe
b48b6bd3b9 test-network: replace deprecated settings 2021-10-07 01:24:50 +09:00
Yu Watanabe
34a3a0c480 network: make generate_eui64_address() static 2021-10-07 01:24:50 +09:00
Yu Watanabe
e609cd0694 network: introduce Token= setting in [IPv6Prefix]
Closes #20149.
2021-10-07 01:24:50 +09:00
Yu Watanabe
f5960e0ab5 network: extend Token= setting in [DHCPv6PrefixDelegation]
Now the setting supports the same syntax as the one in the [IPv6AcceptRA]
section.
2021-10-07 01:24:12 +09:00
Yu Watanabe
140bf8dacc network: introduce Token=eui64
So, now user can explicitly request EUI-64 algorithm to generate addresses.
2021-10-07 01:16:36 +09:00
Yu Watanabe
a73628e647 network: rename IPv6Token= in [Network] -> Token= in [IPv6AcceptRA]
The token is only used by received prefixes through RA.
2021-10-07 01:16:36 +09:00
Yu Watanabe
868bd1aa1c network: address-genereation: introduce generate_addresses()
Preparation for later commits. This does not change functionality.
2021-10-07 01:16:29 +09:00
Yu Watanabe
d207581fc5 network: address-generation: use in6_addr_hash_ops_free
Also, downgrade error level, and caller logs the error.
2021-10-07 01:14:51 +09:00
Yu Watanabe
3bac5fe6c9 network: address-generation: modernize config_parse_address_generation_type()
- drop unused _NONE type,
- rename IPv6Token::prefix -> IPv6Token::address,
- clear unused part of IPv6Token::address,
- use Set, instead of OrderedSet.
2021-10-07 01:14:51 +09:00
Yu Watanabe
ffb834cb87 network: address-generation: mask prefix with prefixlen for safety 2021-10-07 01:14:51 +09:00
Yu Watanabe
98692ff3b8 network: address-generation: always start DAD counter from zero
The token is stored in Network, and the .network file may be applied to
multiple links.
2021-10-07 01:14:51 +09:00
Yu Watanabe
ac77e0b315 network: address-generation: always use the first 64 bits of the prefix
Hopefully, the prefix length is usually 64.

Previously, if the prefix length is smaller than 64, the result address
was undefined.
2021-10-07 01:14:51 +09:00
Yu Watanabe
151b8ea304 network: ndisc: ignore autonomous prefix with prefix length larger than 64 2021-10-07 01:14:47 +09:00
Yu Watanabe
fcd7ad52d7 network: radv: ignore Assign= if prefixlen is larger than 64 2021-10-07 01:09:09 +09:00
Yu Watanabe
00f1261d39 network: make generate_ipv6_eui_64_address() take prefix
Also, rename the function.
2021-10-07 01:03:06 +09:00
Yu Watanabe
397c5418f0 network: fix prefixlen for reserved subnet anycast address
Then, the prefixlen is not a multiplier of 8, we need to use
in6_addr_prefix_covers().

This also constify the reserved addresses, and rename macros.
2021-10-07 01:03:06 +09:00
Yu Watanabe
f09a474760 network: move address generation methods to network-address-generation.[ch] 2021-10-07 01:03:06 +09:00
Yu Watanabe
e174b43fe4 in-addr-util: introduce in{4,6}_addr_prefix_covers() 2021-10-07 01:03:06 +09:00
Yu Watanabe
6df860f3a0 in-addr-util: do not shift 8 or more for uint8_t
See ISO/IEC 9899:TC3 § 6.5.7.3.
2021-10-07 01:03:06 +09:00
Yu Watanabe
333f7d8920 in-addr-util: introduce in{4,6}_addr_mask() 2021-10-07 01:03:06 +09:00
Yu Watanabe
f1cb8933c3 in-addr-util: introduce in6_addr_hash_ops_free 2021-10-07 01:03:06 +09:00
Yu Watanabe
0943b3b7a4 network: radv: reorder functions
In other files, we usually (but not always) place functions in the following order:
- network_adjust_xxx(), which applies default or updates settings
  specified in .network files,
- link_xxx_enabled(), which checks if the functionality is enabled,
- xxx_new() and xxx_free(), allocator and deallocator for sections,
- functions which apply/update/remove configs
- validators of section,
- conf parsers.

This does not change each function, but just changes the order.
2021-10-07 01:02:59 +09:00
Lennart Poettering
9a1ddc8dee
Merge pull request #18145 from kinvolk/iaguis/lsm-bpf
Add RestrictFileSystems= property using LSM BPF
2021-10-06 16:23:27 +02:00
Lennart Poettering
8b4f88d136 user-record: disable two pbkdf fields that don't apply for pkbdf2
Fixes: #20830
2021-10-06 16:21:09 +02:00
Yu Watanabe
9bd3ecdd8d ethtool-util: make ethtool_set_wol() take password 2021-10-06 21:57:14 +09:00
Yu Watanabe
20274ab86a ethtool-util: do not try to enable unsupported WoL options 2021-10-06 21:44:02 +09:00
Yu Watanabe
b4b2a49287 ethtool-util: make wol_options_to_string() not return all flag strings 2021-10-06 21:33:06 +09:00
chlorophyll-zz
1d3d81cf01 Update 60-sensor.hwdb
#20287 was wrong. 
Y Axis was only reversed on Arch Linux because of a problem with iio-sensor-proxy
This restores before the patch.
2021-10-06 13:11:41 +01:00
Yu Watanabe
8688a389ca core/service: also check path in exec commands 2021-10-06 13:06:00 +02:00
Zbigniew Jędrzejewski-Szmek
e5f093bf99 man: add discussion of read-only filesystem support in daemons
This is inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1853293.  Let's
mention that applications should be prepared for /var being read-only.
2021-10-06 09:54:17 +01:00
Iago López Galeiras
20080622de man: document systemd-analyze filesystems 2021-10-06 10:52:15 +02:00
Iago López Galeiras
b41711cd46 analyze: add filesystems command 2021-10-06 10:52:15 +02:00
Iago López Galeiras
ec31dd5a98 README: document LSM BPF requirements 2021-10-06 10:52:15 +02:00
Iago López Galeiras
8216741cf9 test: add test-bpf-lsm 2021-10-06 10:52:15 +02:00
Iago López Galeiras
d6d6f55d8e man: document EXIT_BPF status 2021-10-06 10:52:14 +02:00
Iago López Galeiras
a6826f6b8e man: add RestrictFileSystems= documentation 2021-10-06 10:52:14 +02:00
Iago López Galeiras
af11239196 mkosi: add libbpf dependency
For distros that ship libbpf >=0.2.0.
2021-10-06 10:52:14 +02:00
Iago López Galeiras
cc86a278de core: add dbus RestrictFileSystems= properties 2021-10-06 10:52:14 +02:00