shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-12 08:58:20 +03:00
Code
systemd-stable/src
History
Alberto Planas f960fa45c1 creds-util: check for CAP_DAC_READ_SEARCH 
In make_credential_host_secret, the credential.secret file is generated
first as a temporary anonymous file that is later instantiated with
linkat(2).  This system call requires CAP_DAC_READ_SEARCH capability
when the flag AT_EMPTY_PATH is used.

This patch check if the capability is effective, and if not uses the
alternative codepath for creating named temporary files.

Non-root users can now create per-user credentials with:

  export SYSTEMD_CREDENTIAL_SECRET=$HOME/.config/systemd/credential.secret
  systemd-creds setup

Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit 1615578f2792fdeecaf65606861bd3db9eb949c3)
(cherry picked from commit 432ec5a654d5b8b123472ab64b29d9b5baf3cbf2)
(cherry picked from commit d7c8b1b7095b3e80b4e0dc354e1d69cb987c075e)
2023-01-28 00:50:04 +00:00
..
ac-power
util: move on_ac_power() from util.c -> udev-util.c
2022-01-07 15:59:23 +01:00
activate
analyze
analyze: add --image= + --root= to --help text
2022-11-04 13:09:21 +01:00
ask-password
backlight
backlight: ignore error if the backlight device is already removed
2022-01-07 15:52:33 +01:00
basic
basic: Fix incompatible type for arguments errors in C2X
2023-01-28 00:50:04 +00:00
binfmt
binfmt: add logging information
2021-11-12 17:23:36 +01:00
boot
meson: Fix build with --optimization=plain
2022-11-04 13:09:21 +01:00
busctl
busctl: fix introspecting DBus properties
2023-01-28 00:50:04 +00:00
cgls
Merge pull request #20138 from keszybz/coding-style-variable-decls
2021-11-05 13:57:30 +00:00
cgroups-agent
cgroups-agent: connect stdin/stdout/stderr to /dev/null
2022-11-04 13:02:19 +01:00
cgtop
core
swap: tell swapon to reinitialize swap if needed
2023-01-28 00:50:04 +00:00
coredump
coredump: cescape invalid json data before logging
2022-12-20 19:44:28 +01:00
creds
variuos: add missing includes
2021-09-22 12:58:46 +02:00
cryptenroll
cryptenroll: fix memory leak
2022-11-04 13:02:20 +01:00
cryptsetup
Revert "generator: Rename password arg"
2022-12-22 17:32:05 +01:00
debug-generator
shared: clean up mkdir.h/label.h situation
2021-11-16 17:03:28 +01:00
delta
tree-wide: make FOREACH_DIRENT_ALL define the iterator variable
2021-12-15 16:19:13 +01:00
detect-virt
dissect
dissect: add missing --umount to the help output
2022-11-04 13:09:21 +01:00
environment-d-generator
escape
firstboot
firstboot: fix can't overwrite timezone
2022-11-04 13:02:20 +01:00
fsck
generator: skip fsck if fsck command is missing
2022-11-04 13:09:20 +01:00
fstab-generator
fstab-generator: also skip other network filesystems and live image
2022-01-07 16:02:50 +01:00
fundamental
alloc-util: Disallow inlining of expand_to_usable
2023-01-28 00:50:04 +00:00
fuzz
fuzz-fido-id-desc: drop unused case file
2021-10-18 09:43:18 +02:00
getty-generator
getty-generator: add kernel cmdline and env vars to disable it
2021-11-18 10:38:48 +00:00
gpt-auto-generator
gpt-auto: harden ESP/XBOOTLDR mounts with "noexec,nosuid,nodev"
2023-01-28 00:50:04 +00:00
hibernate-resume
shared: clean up mkdir.h/label.h situation
2021-11-16 17:03:28 +01:00
home
homed: properly initialize all return params
2022-11-04 13:09:21 +01:00
hostname
policy files: adjust landing page link
2022-01-12 22:10:55 +01:00
hwdb
hwdb: fix parsing options
2022-04-28 18:51:47 +02:00
id128
import
import: use CURLOPT_PROTOCOLS_STR with libcurl >= 7.85.0
2023-01-28 00:50:04 +00:00
initctl
tree-wide: mark set-but-not-used variables as unused to make LLVM happy
2021-09-15 13:09:45 +02:00
integritysetup
integritysetup: do not use crypt_init_data_device after crypt_init
2022-11-04 13:02:20 +01:00
journal
journalctl: respect --quiet flag during file concistency verification
2022-11-04 13:02:21 +01:00
journal-remote
journal-remote: code is of type enum MHD_RequestTerminationCode
2023-01-28 00:50:04 +00:00
kernel-install
kernel-install: run depmod only if writeable
2023-01-28 00:50:04 +00:00
libsystemd
sd-event: don't mistake USEC_INFINITY passed in for overflow
2023-01-28 00:50:04 +00:00
libsystemd-network
libsystemd-network: FTBS in c2x mode
2023-01-28 00:50:04 +00:00
libudev
meson: drop convenience library that was only used in one place
2021-12-16 11:09:51 +01:00
locale
kbd-model-map: correct variants for cz-qwerty to include comma
2022-11-04 13:02:21 +01:00
login
logind: fix getting property OnExternalPower via D-Bus
2022-11-04 13:09:20 +01:00
machine
meson: move files' closing brace to separate line
2022-03-05 21:03:32 +00:00
machine-id-setup
modules-load
mount
generator: skip fsck if fsck command is missing
2022-11-04 13:09:20 +01:00
network
network: forcibly reconfigure all interfaces after sleep
2022-11-04 13:09:21 +01:00
notify
nspawn
nspawn: guard acl_free() with a NULL check
2023-01-28 00:50:04 +00:00
nss-myhostname
nss-myhostname: do not apply non-zero offset to null pointer
2022-01-04 16:23:35 +01:00
nss-mymachines
nss: only read logging config from environment variables
2022-01-11 20:31:54 +01:00
nss-resolve
nss: only read logging config from environment variables
2022-01-11 20:31:54 +01:00
nss-systemd
nss: only read logging config from environment variables
2022-01-11 20:31:54 +01:00
oom
meson: add libatomic dependency
2022-11-04 13:02:21 +01:00
partition
repart: always honour --discard=no
2022-11-04 13:09:20 +01:00
path
portable
portable: set PrivateTmp=yes in trusted profile too
2022-11-04 13:02:19 +01:00
pstore
meson: do not use split() in file lists
2022-03-05 21:03:32 +00:00
quotacheck
random-seed
random-seed: hash together old seed and new seed before writing out file
2022-03-24 22:38:29 +00:00
rc-local-generator
shared: clean up mkdir.h/label.h situation
2021-11-16 17:03:28 +01:00
remount-fs
reply-password
resolve
resolved: disable SO_BINDTOIFINDEX hack for localhost IP addresses
2023-01-28 00:50:04 +00:00
rfkill
tree-wide: warn when sd_notify fails with READY=1 or FDSTOREREMOVE=1
2021-11-03 11:29:49 +01:00
rpm
pkgconfig,rpm: expose vars for user-tmpfiles.d location
2022-07-13 13:18:20 +02:00
run
run: make --working-directory= work for --scope too
2022-11-04 13:02:21 +01:00
run-generator
shared
creds-util: check for CAP_DAC_READ_SEARCH
2023-01-28 00:50:04 +00:00
shutdown
meson: move files' closing brace to separate line
2022-03-05 21:03:32 +00:00
sleep
Update sleep.conf HibernateDelaySec default to match implementation
2022-11-04 13:02:19 +01:00
socket-proxy
tree-wide: use ERRNO_IS_TRANSIENT()
2021-11-30 23:06:43 +09:00
stdio-bridge
stdio-bridge: make the error more straightforward
2022-01-18 12:19:47 +01:00
sulogin-shell
sysctl
Make pager_open() return void
2021-11-03 15:24:56 +01:00
sysext
sysext: add missing COMMAND to the help output and man synopsis
2022-11-04 13:02:20 +01:00
system-update-generator
systemctl
systemctl: color ignored exit status in yellow, not red
2022-11-04 13:02:21 +01:00
systemd
Fix 24172: __STDC_VERSION__ may be defined in C++
2022-11-04 13:02:20 +01:00
sysusers
sysusers: add fsync for passwd (#24324)
2022-11-04 13:02:20 +01:00
sysv-generator
Define FOREACH_DIRENT through FOREACH_DIRENT_ALL
2021-12-15 22:50:00 +01:00
test
shared/json: use different return code for empty input
2022-11-04 13:09:21 +01:00
timedate
timedatectl: fix a memory leak
2022-05-25 16:33:44 +02:00
timesync
meson: stop building out convenience libraries by default
2021-12-16 11:01:08 +01:00
tmpfiles
tmpfiles: avoid null free() for acl attributes
2023-01-28 00:50:04 +00:00
tty-ask-password-agent
Define FOREACH_DIRENT through FOREACH_DIRENT_ALL
2021-12-15 22:50:00 +01:00
udev
udev: always create device symlinks for USB disks
2022-11-04 13:09:21 +01:00
update-done
update-utmp
user-sessions
userdb
various: add %m in messages
2022-06-02 20:09:14 +02:00
vconsole
tree-wide: use new RET_NERRNO() helper at various places
2021-11-16 08:04:09 +01:00
veritysetup
veritysetup-generator: generate service for usr device
2021-11-19 15:53:36 -05:00
version
volatile-root
various: add %m in messages
2022-06-02 20:09:14 +02:00
xdg-autostart-generator
xdg-autostart-service: Use common boolean parser
2022-11-04 13:02:21 +01:00