1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-12 09:17:44 +03:00
Commit Graph

57603 Commits

Author SHA1 Message Date
Daan De Meyer
ef2c966acc docs: Clarify where options are read from
Let's merge the footnote with the overall explanation of where systemd
parses its options from and reword the section a bit to hopefully make
things a bit more clear.
2022-05-02 17:49:06 +02:00
Lennart Poettering
fd74ed23c7 update TODO 2022-05-02 16:41:52 +02:00
Lennart Poettering
41be3b099f
Merge pull request #23170 from poettering/creds-copy
import system credentials from sd-stub + qemu fw_cfg + kernel cmdline explicitly in PID 1
2022-05-02 16:32:21 +02:00
Alice S
8099abee00 Fix orientation detection for HP Pavilion X2 10-k010nr 2022-05-02 10:00:36 +09:00
techtino
ad44259225 Fix orientation detection for Asus Transformer T100TAF, copied T100TA rule 2022-05-01 13:43:17 +09:00
Luca Boccassi
6a59dfa108 analyze security: print DeviceAllow list
Many sandboxing options add implicit DeviceAllow rules, which might be confusing
for users running systemd-analyze security and not expecting it.
Print the list.

Fixes https://github.com/systemd/systemd/issues/23185
2022-05-01 13:43:01 +09:00
Luca Boccassi
444d9abd06 analyze: fix crash with online security check
1449b0f8a9 fixed seccomp arch check for the offline case,
but broke it for the normal case, as when coming from D-Bus the
list of seccomp architectures is already converted to string.

Fixes https://github.com/systemd/systemd/issues/23224
2022-05-01 11:47:44 +09:00
Luca Boccassi
f470cb6d13 stat-util: ignore hidden_or_backup_file when checking if dir is empty
Commit https://github.com/systemd/systemd/commit/a068aceafbf
changed dir_is_emtpy_at to use FOREACH_DIRENT_IN_BUFFER instead of
FOREACH_DIRENT, but used dot_or_dotdot which just checks if the name
is literally '.' or '..' which is not enough, previous behaviour was
to ignore all hidden files, so restore that and add a test case.

Fixes https://github.com/systemd/systemd/issues/23220
2022-05-01 11:41:43 +09:00
Yu Watanabe
dfd672f84b
Merge pull request #23230 from yuwata/core-device-cleanups
core/device: several cleanups
2022-04-30 23:10:22 +09:00
Yu Watanabe
08300bb035 core/device: use DEVICE_FOUND_MASK 2022-04-30 04:14:10 +09:00
Yu Watanabe
1363eeca94 core/device: minor coding style updates 2022-04-30 04:14:10 +09:00
Yu Watanabe
42ebcebfef core/device: drop unused unit name generated from path 2022-04-30 04:14:10 +09:00
Yu Watanabe
03a94b73c4 core/device: device_found_node() does not accept DEVICE_FOUND_UDEV 2022-04-30 04:14:10 +09:00
Yu Watanabe
0e38cee883 core/device: use sd_device_new_from_devname() to verify the device node 2022-04-30 04:14:10 +09:00
Yu Watanabe
f374631a56 core/device: use udev_available() 2022-04-30 04:14:10 +09:00
Yu Watanabe
4212fa83d6 core/device: use device_get_property_bool() 2022-04-30 04:14:10 +09:00
Yu Watanabe
15345fc677 sd-device: introduce device_get_property_bool() 2022-04-30 04:14:10 +09:00
Yu Watanabe
dd309fcdb8 core/device: use _cleanup_ attribute at one more place 2022-04-30 04:14:10 +09:00
Yu Watanabe
a7fb1f2eae core/device: unit_name_from_path() does not return -ENAMETOOLONG anymore
Follow-up for 1d0727e76f.
2022-04-30 04:14:10 +09:00
Yu Watanabe
47e72170c1 core/device: use strv_consume() 2022-04-30 04:14:10 +09:00
Zbigniew Jędrzejewski-Szmek
b528a62863 meson: also check c_args to maybe add -Wno-maybe-uninitialized
People (and build systems) sometimes set flags through -Dc_args=… or $CFLAGS.
Let's catch this common case too. meson will set c_args from $CFLAGS, so we
only need to check the former.
2022-04-29 20:03:11 +01:00
Yu Watanabe
df8774263c
Merge pull request #23226 from keszybz/libsystemd-length-assert
Add assert about DHCP packet length in libsystemd-network
2022-04-30 03:03:18 +09:00
Lennart Poettering
6e81415944
Merge pull request #23203 from yuwata/login-runtime
login: make RuntimeDirectoryInodesMax= support K, G, M suffixes
2022-04-29 17:10:34 +02:00
Zbigniew Jędrzejewski-Szmek
6f1b4574b4 libsystemd-network: add assert about packet length
We reject too-short packets in client_receive_message_raw(), so
the packets that dhcp_packet_verify_headers() gets are of sufficient size.
But let's add an assert to clarify this for the reader.

Closes #23223.
2022-04-29 15:56:53 +02:00
Zbigniew Jędrzejewski-Szmek
9a94baa6c7 libsystemd-network: do not split messages in half
This makes grepping for the messages unnecessarily painful.
2022-04-29 15:56:53 +02:00
Yu Watanabe
606104bcdb core: drop non-default value for DefaultLimitMEMLOCK= 2022-04-29 21:15:55 +09:00
Yu Watanabe
0bc055cf52 login: drop non-default value for RuntimeDirectoryInodesMax= 2022-04-29 21:15:21 +09:00
Yu Watanabe
08a767f1e0 login: make RuntimeDirectoryInodesMax= support K, G, M suffixes
Fixes #23017.
2022-04-29 21:08:15 +09:00
Evgeny Vereshchagin
2d14ec9b8a ci: actually turn on fatal-meson-warnings in the "build" workflow
It's a follow-up to https://github.com/systemd/systemd/pull/23211
2022-04-29 13:58:27 +09:00
Lennart Poettering
cfa7d57ba1
Merge pull request #23217 from keszybz/oomd-docs
More cross-references in bootctl/systemctl man pages
2022-04-28 22:30:50 +02:00
Evgeny Vereshchagin
67b9732f1b ci: bring fatal-meson-warnings back
It's a follow-up to https://github.com/systemd/systemd/pull/23204

v2: replaced xargs with exec as suggested by Jan Janssen
2022-04-28 21:21:59 +03:00
Zbigniew Jędrzejewski-Szmek
1cd9c04ee9
Merge pull request #23216 from poettering/hwdb-v251-rc2
hwdb: updates for v251-rc2
2022-04-28 19:46:08 +02:00
Lennart Poettering
de62df8103 update TODO 2022-04-28 18:12:00 +02:00
Lennart Poettering
93a1f57db8 test: test new credential features 2022-04-28 18:12:00 +02:00
Lennart Poettering
fe672fe539 doc: add new markdown docs for credentials 2022-04-28 18:12:00 +02:00
Lennart Poettering
72267a55a1 man: document the new credentials features 2022-04-28 18:12:00 +02:00
Lennart Poettering
05eb896f3f creds-tool: properly search for both encrypted + unencrypted creds
Also, properly hook up things with the new fixed paths for system
credentials.
2022-04-28 18:12:00 +02:00
Lennart Poettering
2ad591a3a3 pid1: search for creds in LoadCredential=/LoadCredentialEncrypted=
This adds support for searching for credentials more comprehensively.

Specifically, unless an absolute source path is specified we'll now
search for the credentials in the system credentials first, and then in
/etc/credstore/, /run/credstore/, and /usr/lib/credstore, making these
dirs hence the recommended place for credentials to leave in the system.

For LoadCredentialEncrypted= we'll also look into
/etc/credstore.encrypted/, /run/credstore.encrypted/, …. These dirs are
hence suitable for credentials whose provenience isn't trusted (e.g.
UEFI creds from systemd-stub), and thus require to be authenticated
before use.
2022-04-28 18:12:00 +02:00
Lennart Poettering
4b9a4b0179 pid1: import creds from sd-stub + qemu + kernel cmdline
Let's beef up our system credential game a bit, and explicitly import
creds from sd-stub, from qemu fw_cfg and the kernel cmdline and expose
them in the same way as those passed in from nspawn.

Specifically, this will imprt such credentials to
/run/credentials/@system (if the source can be trusted, as in the
qemu/kernel cmdline case) and /run/credentials/@encrypted (otherwise,
such as sd-stub provided ones).

Once imported we'll set the $CREDENTIALS_PATH env var for PID 1, like it
would be done by a container manager for the payload. (Conversely, we'll
also creat a symlink from /run/credentials/@system to whatever is set in
$CREDENTIALS_PATH in case we are invoked by a container manager, thus
providing a fixed path where system credentials are found).
2022-04-28 18:12:00 +02:00
Lennart Poettering
5c1d67af46 pid1: load 'qemu_fw_cfg' kmod super early, so that we can import credentials from it
In one of the next commits we want to add support for importing system
credentials from qemu_fw_cfg, very early during boot. (So that we can
use the credentials therein for generators and even earlier). But that
means udev won#t load these modules for us, we have to load them
manually first.
2022-04-28 17:54:14 +02:00
Zbigniew Jędrzejewski-Szmek
6ef00eb846
Merge pull request #23200 from keszybz/oomd-docs
Extend the documentation for oomd a bit
2022-04-28 17:46:03 +02:00
Zbigniew Jędrzejewski-Szmek
483091b0f1 TODO: more entries for bootctl
https://bugzilla.redhat.com/show_bug.cgi?id=2079784#c9
2022-04-28 17:45:44 +02:00
Lennart Poettering
27c03586ea hwdb: run "ninja update-hwdb-autosuspend" for v251-rc2 2022-04-28 17:43:27 +02:00
Lennart Poettering
e21f7a133f hwbd: run "update-hwdb" for v251-rc2 2022-04-28 17:42:25 +02:00
Lennart Poettering
133a000369 hwdb: make sure "ninja update-hwdb" works on f35
let's restore compatibility with pyparsing from fedora 35, i.e.:

python3-pyparsing-2.4.7-9.fc35.noarch
2022-04-28 17:42:25 +02:00
Lennart Poettering
98045d12f6 update TODO 2022-04-28 17:16:33 +02:00
Lennart Poettering
61ade25782 NEWS: updates for 251-rc2 2022-04-28 17:16:33 +02:00
Zbigniew Jędrzejewski-Szmek
76c068b77c man: cross-advertize bootctl and systemctl boot loader support 2022-04-28 16:44:40 +02:00
Zbigniew Jędrzejewski-Szmek
4d620b90d9 oomd: "descendent" → "descendant"
The latter is the common spelling apparently.
2022-04-28 15:46:44 +02:00
Zbigniew Jędrzejewski-Szmek
3b18f3017c man: direct users to systemd-oomd if they read about OOMPolicy
OOMPolicy remains valid, but let's push users for the userspace solution.
2022-04-28 15:46:44 +02:00