systemd-stable

mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-18 06:03:42 +03:00

History

Alberto Planas f960fa45c1 creds-util: check for CAP_DAC_READ_SEARCH

In make_credential_host_secret, the credential.secret file is generated
first as a temporary anonymous file that is later instantiated with
linkat(2).  This system call requires CAP_DAC_READ_SEARCH capability
when the flag AT_EMPTY_PATH is used.

This patch check if the capability is effective, and if not uses the
alternative codepath for creating named temporary files.

Non-root users can now create per-user credentials with:

  export SYSTEMD_CREDENTIAL_SECRET=$HOME/.config/systemd/credential.secret
  systemd-creds setup

Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit 1615578f2792fdeecaf65606861bd3db9eb949c3)
(cherry picked from commit 432ec5a654d5b8b123472ab64b29d9b5baf3cbf2)
(cherry picked from commit d7c8b1b7095b3e80b4e0dc354e1d69cb987c075e)

2023-01-28 00:50:04 +00:00

ac-power

util: move on_ac_power() from util.c -> udev-util.c

2022-01-07 15:59:23 +01:00

activate

activate: simplify/rework implementation of --setenv

2021-08-11 10:17:50 +02:00

analyze

analyze: add --image= + --root= to --help text

2022-11-04 13:09:21 +01:00

ask-password

Drop the text argument from assert_not_reached()

2021-08-03 10:05:10 +02:00

backlight

backlight: ignore error if the backlight device is already removed

2022-01-07 15:52:33 +01:00

basic

basic: Fix incompatible type for arguments errors in C2X

2023-01-28 00:50:04 +00:00

binfmt

binfmt: add logging information

2021-11-12 17:23:36 +01:00

boot

meson: Fix build with --optimization=plain

2022-11-04 13:09:21 +01:00

busctl

busctl: fix introspecting DBus properties

2023-01-28 00:50:04 +00:00

cgls

Merge pull request #20138 from keszybz/coding-style-variable-decls

2021-11-05 13:57:30 +00:00

cgroups-agent

cgroups-agent: connect stdin/stdout/stderr to /dev/null

2022-11-04 13:02:19 +01:00

cgtop

tree-wide: voidify unchecked snprintf calls

2021-08-20 18:29:40 +01:00

core

swap: tell swapon to reinitialize swap if needed

2023-01-28 00:50:04 +00:00

coredump

coredump: cescape invalid json data before logging

2022-12-20 19:44:28 +01:00

creds

variuos: add missing includes

2021-09-22 12:58:46 +02:00

cryptenroll

cryptenroll: fix memory leak

2022-11-04 13:02:20 +01:00

cryptsetup

Revert "generator: Rename password arg"

2022-12-22 17:32:05 +01:00

debug-generator

shared: clean up mkdir.h/label.h situation

2021-11-16 17:03:28 +01:00

delta

tree-wide: make FOREACH_DIRENT_ALL define the iterator variable

2021-12-15 16:19:13 +01:00

detect-virt

Drop the text argument from assert_not_reached()

2021-08-03 10:05:10 +02:00

dissect

dissect: add missing --umount to the help output

2022-11-04 13:09:21 +01:00

environment-d-generator

…

escape

escape: improve logging when escaping paths that are slightly non-conforming

2021-09-14 03:04:57 +09:00

firstboot

firstboot: fix can't overwrite timezone

2022-11-04 13:02:20 +01:00

fsck

generator: skip fsck if fsck command is missing

2022-11-04 13:09:20 +01:00

fstab-generator

fstab-generator: also skip other network filesystems and live image

2022-01-07 16:02:50 +01:00

fundamental

alloc-util: Disallow inlining of expand_to_usable

2023-01-28 00:50:04 +00:00

fuzz

fuzz-fido-id-desc: drop unused case file

2021-10-18 09:43:18 +02:00

getty-generator

getty-generator: add kernel cmdline and env vars to disable it

2021-11-18 10:38:48 +00:00

gpt-auto-generator

gpt-auto: harden ESP/XBOOTLDR mounts with "noexec,nosuid,nodev"

2023-01-28 00:50:04 +00:00

hibernate-resume

shared: clean up mkdir.h/label.h situation

2021-11-16 17:03:28 +01:00

home

homed: properly initialize all return params

2022-11-04 13:09:21 +01:00

hostname

policy files: adjust landing page link

2022-01-12 22:10:55 +01:00

hwdb

hwdb: fix parsing options

2022-04-28 18:51:47 +02:00

id128

id128: clarify that the "well-known" IDs are about GPT partition types

2021-09-10 13:39:16 +02:00

import

import: use CURLOPT_PROTOCOLS_STR with libcurl >= 7.85.0

2023-01-28 00:50:04 +00:00

initctl

tree-wide: mark set-but-not-used variables as unused to make LLVM happy

2021-09-15 13:09:45 +02:00

integritysetup

integritysetup: do not use crypt_init_data_device after crypt_init

2022-11-04 13:02:20 +01:00

journal

journalctl: respect --quiet flag during file concistency verification

2022-11-04 13:02:21 +01:00

journal-remote

journal-remote: code is of type enum MHD_RequestTerminationCode

2023-01-28 00:50:04 +00:00

kernel-install

kernel-install: run depmod only if writeable

2023-01-28 00:50:04 +00:00

libsystemd

sd-event: don't mistake USEC_INFINITY passed in for overflow

2023-01-28 00:50:04 +00:00

libsystemd-network

libsystemd-network: FTBS in c2x mode

2023-01-28 00:50:04 +00:00

libudev

meson: drop convenience library that was only used in one place

2021-12-16 11:09:51 +01:00

locale

kbd-model-map: correct variants for cz-qwerty to include comma

2022-11-04 13:02:21 +01:00

logind: fix getting property OnExternalPower via D-Bus

2022-11-04 13:09:20 +01:00

machine

meson: move files' closing brace to separate line

2022-03-05 21:03:32 +00:00

machine-id-setup

tree-wide: port everything over to new sd-id128 compund literal bliss

2021-08-20 11:09:48 +02:00

modules-load

Drop the text argument from assert_not_reached()

2021-08-03 10:05:10 +02:00

mount

generator: skip fsck if fsck command is missing

2022-11-04 13:09:20 +01:00

network

network: forcibly reconfigure all interfaces after sleep

2022-11-04 13:09:21 +01:00

notify

Add implicit sentinel to strv_env_merge()

2021-08-11 09:11:42 +02:00

nspawn

nspawn: guard acl_free() with a NULL check

2023-01-28 00:50:04 +00:00

nss-myhostname

nss-myhostname: do not apply non-zero offset to null pointer

2022-01-04 16:23:35 +01:00

nss-mymachines

nss: only read logging config from environment variables

2022-01-11 20:31:54 +01:00

nss-resolve

nss: only read logging config from environment variables

2022-01-11 20:31:54 +01:00

nss-systemd

nss: only read logging config from environment variables

2022-01-11 20:31:54 +01:00

oom

meson: add libatomic dependency

2022-11-04 13:02:21 +01:00

partition

repart: always honour --discard=no

2022-11-04 13:09:20 +01:00

path

Drop the text argument from assert_not_reached()

2021-08-03 10:05:10 +02:00

portable

portable: set PrivateTmp=yes in trusted profile too

2022-11-04 13:02:19 +01:00

pstore

meson: do not use split() in file lists

2022-03-05 21:03:32 +00:00

quotacheck

…

random-seed

random-seed: hash together old seed and new seed before writing out file

2022-03-24 22:38:29 +00:00

rc-local-generator

shared: clean up mkdir.h/label.h situation

2021-11-16 17:03:28 +01:00

remount-fs

…

reply-password

…

resolve

resolved: disable SO_BINDTOIFINDEX hack for localhost IP addresses

2023-01-28 00:50:04 +00:00

rfkill

tree-wide: warn when sd_notify fails with READY=1 or FDSTOREREMOVE=1

2021-11-03 11:29:49 +01:00

rpm

pkgconfig,rpm: expose vars for user-tmpfiles.d location

2022-07-13 13:18:20 +02:00

run

run: make --working-directory= work for --scope too

2022-11-04 13:02:21 +01:00

run-generator

…

shared

creds-util: check for CAP_DAC_READ_SEARCH

2023-01-28 00:50:04 +00:00

shutdown

meson: move files' closing brace to separate line

2022-03-05 21:03:32 +00:00

sleep

Update sleep.conf HibernateDelaySec default to match implementation

2022-11-04 13:02:19 +01:00

socket-proxy

tree-wide: use ERRNO_IS_TRANSIENT()

2021-11-30 23:06:43 +09:00

stdio-bridge

stdio-bridge: make the error more straightforward

2022-01-18 12:19:47 +01:00

sulogin-shell

…

sysctl

Make pager_open() return void

2021-11-03 15:24:56 +01:00

sysext

sysext: add missing COMMAND to the help output and man synopsis

2022-11-04 13:02:20 +01:00

system-update-generator

meson: use jinja2 for rpm templates

2021-05-19 10:25:26 +09:00

systemctl

systemctl: color ignored exit status in yellow, not red

2022-11-04 13:02:21 +01:00

systemd

Fix 24172: __STDC_VERSION__ may be defined in C++

2022-11-04 13:02:20 +01:00

sysusers

sysusers: add fsync for passwd (#24324 )

2022-11-04 13:02:20 +01:00

sysv-generator

Define FOREACH_DIRENT through FOREACH_DIRENT_ALL

2021-12-15 22:50:00 +01:00

test

shared/json: use different return code for empty input

2022-11-04 13:09:21 +01:00

timedate

timedatectl: fix a memory leak

2022-05-25 16:33:44 +02:00

timesync

meson: stop building out convenience libraries by default

2021-12-16 11:01:08 +01:00

tmpfiles

tmpfiles: avoid null free() for acl attributes

2023-01-28 00:50:04 +00:00

tty-ask-password-agent

Define FOREACH_DIRENT through FOREACH_DIRENT_ALL

2021-12-15 22:50:00 +01:00

udev

udev: always create device symlinks for USB disks

2022-11-04 13:09:21 +01:00

update-done

…

update-utmp

…

user-sessions

…

userdb

various: add %m in messages

2022-06-02 20:09:14 +02:00

vconsole

tree-wide: use new RET_NERRNO() helper at various places

2021-11-16 08:04:09 +01:00

veritysetup

veritysetup-generator: generate service for usr device

2021-11-19 15:53:36 -05:00

version

…

volatile-root

various: add %m in messages

2022-06-02 20:09:14 +02:00

xdg-autostart-generator

xdg-autostart-service: Use common boolean parser

2022-11-04 13:02:21 +01:00