1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

78094 Commits

Author SHA1 Message Date
Daan De Meyer
12c29e5b3a Revert "repart: Drop unprivileged subvolumes logic for btrfs"
This adds back support for unprivileged btrfs subvolumes which
can be merged once btrfs-progs 6.12 is out.

This reverts commit 4d9ccdc9ae.
2024-12-13 14:05:32 +00:00
Daan De Meyer
18bb30c3b2
core: Bind mount notify socket to /run/host/notify in sandboxed units (#35573)
To be able to run systemd in a Type=notify transient unit, the notify
socket can't be bind mounted to /run/systemd/notify as systemd in the
transient unit wants to use that as its own notify socket which
conflicts with systemd on the host.

Instead, for sandboxed units, let's bind mount the notify socket to
/run/host/notify as documented in the container interface. Since we
don't guarantee a stable location for the notify socket and insist users
use $NOTIFY_SOCKET to get its path, this is safe to do.
2024-12-13 13:48:07 +00:00
Luca Boccassi
ed803ee195
journalctl: make --setup-keys honor --output=json and --quiet (#35507)
Closes #35503.
Closes #35504.
2024-12-13 13:40:09 +00:00
Daan De Meyer
284dd31e9d core: Bind mount notify socket to /run/host/notify in sandboxed units
To be able to run systemd in a Type=notify transient unit, the notify
socket can't be bind mounted to /run/systemd/notify as systemd in the
transient unit wants to use that as its own notify socket which conflicts
with systemd on the host.

Instead, for sandboxed units, let's bind mount the notify socket to
/run/host/notify as documented in the container interface. Since we don't
guarantee a stable location for the notify socket and insist users use
$NOTIFY_SOCKET to get its path, this is safe to do.
2024-12-13 13:37:02 +01:00
Daan De Meyer
5575bf5fac
core/namespace: several fixes for recently merged PRs (#35580)
Fixes #35546.
Fixes #35566.
2024-12-13 12:34:11 +00:00
Soumyadeep Ghosh
1d771e69b2 hwdb: move down touchpad toggle section from generic to product specific
adding `KEYBOARD_KEY_76` in generic section is causing a regression
in MSI GF63. Moving this down fixes.
This commit also adds a probable KEY Code for MSI GF63 touchpad toggling
2024-12-13 12:29:40 +00:00
Luca Boccassi
6dfd290031
core: Add PrivateUsers=full (#35183)
Recently, PrivateUsers=identity was added to support mapping the first
65536 UIDs/GIDs from parent to the child namespace and mapping the other
UID/GIDs to the nobody user.

However, there are use cases where users have UIDs/GIDs > 65536 and need
to do a similar identity mapping. Moreover, in some of those cases,
users want a full identity mapping from 0 -> UID_MAX.

To support this, we add PrivateUsers=full that does identity mapping for
all available UID/GIDs.

Note to differentiate ourselves from the init user namespace, we need to
set up the uid_map/gid_map like:
```
0 0 1
1 1 UINT32_MAX - 1
```

as the init user namedspace uses `0 0 UINT32_MAX` and some applications
- like systemd itself - determine if its a non-init user namespace based
on uid_map/gid_map files.

Note systemd will remove this heuristic in running_in_userns() in
version 258 (https://github.com/systemd/systemd/pull/35382) and uses
namespace inode. But some users may be running a container image with
older systemd < 258 so we keep this hack until version 259 for version
N-1 compatibility.

In addition to mapping the whole UID/GID space, we also set
/proc/pid/setgroups to "allow". While we usually set "deny" to avoid
security issues with dropping supplementary groups
(https://lwn.net/Articles/626665/), this ends up breaking dbus-broker
when running /sbin/init in full OS containers.

Fixes: #35168
Fixes: #35425
2024-12-13 12:25:13 +00:00
Florian Schmaus
718b31138b logind: let system-wide idle begin at the time logind was initialized
Initialize the start of the system-wide idle time with the time logind was
initialized and not with the start of the Unix epoch. This means that systemd
will not repport a unreasonable long idle time (around 54 years at the time of
writing this), especially at in the early boot, while no login manager session,
e.g,. gdm, had a chance to provide a more accurate start of the idle period.

Fixes #35163
2024-12-13 12:12:21 +00:00
Mike Yuan
8a1068931d
Couple small cleanups (#35593) 2024-12-13 13:01:27 +01:00
Daan De Meyer
1c43f92a2a
basic/fileio: two modernizations (#35559) 2024-12-13 11:49:12 +00:00
Luca Boccassi
e7fce6a370 shell-completion: add smbios11 verb to systemd-analyze
Follow-up for 8c5045f9b2
2024-12-13 11:43:48 +00:00
Luca Boccassi
8d20606eec mkosi: update debian commit reference
* e8b7c9a4dd Install 81-net-bridge.rules
* 50d2997a07 Install systemd-creds bash completion
* ff0c42823c test: fix flaky boot-and-services test
* 2a19dee4ba test: fix flaky boot-and-services test
* a15a0bfe60 Update changelog for 257-2 release
* c24eafcb7e Backport patches to fix test failures
* 29840f9b68 udev: install dmi_memory_id and its rules on riscv64
* 44893bdb32 Update changelog for 257-1 release
* 7f71d995fb Update symbols file for v257
* 2dd2b80499 Update upstream source from tag 'upstream/257'
* 51a3271a85 Update changelog for 257~rc3-1 release
* 8e687227c5 Update symbols for 257~rc3
* c9bae527d6 Drop patches, merged upstream
* e8cf329870 Update upstream source from tag 'upstream/257_rc3'
* 794457516d autopkgtest: fix one more tzdata dependency
* 16bb143da1 Bump version in tzdata dependency due to p-u upload
* f2ddf70604 sysctl: Add file trigger on /usr/lib/sysctl.d to restart systemd-sysctl
* 79260cb0f4 Increase minimum sections in stub PE header on arm64/armhf/riscv64 to 500
* ed3af24635 systemd-ukfy: recommend systemd-boot-efi for the stub
2024-12-13 11:43:23 +00:00
Mike Yuan
8abeebdf83 core/mount: don't keep cred mounts around after mounted
Follow-up for 6577cf1ba9
2024-12-13 10:29:27 +00:00
Luca Boccassi
81e0693465 test-loop-block: return -77 on skip in more places 2024-12-12 23:11:29 +00:00
Luca Boccassi
60d23b7f4a battery-check: parse options before checking for kernel command line
Otherwise --help/--version/etc which exit immediately will do pointless work
2024-12-12 23:11:29 +00:00
Luca Boccassi
1ca315be00 units: use PrivateTmp=disconnected instead of 'yes' if DefaultDependencies=no
Avoids subtle race conditions such as the one described at
#35582.

Fixes #35582
2024-12-12 22:48:04 +01:00
Luca Boccassi
9fdf10604b
core: fix loading verity settings for MountImages= (#35577)
The MountEntry logic was refactored to store the verity
settings, and updated for ExtensionImages=, but not for
MountImages=.

Follow-up for a1a40297db
2024-12-12 13:06:07 +00:00
Luca Boccassi
fc35981fda
network: several cleanups (#35267) 2024-12-12 12:47:23 +00:00
Daan De Meyer
3aa7257321 mkosi: Fix opensuse build
The opensuse spec still looks for README.testsuite so hack it to look
for README.md instead now that we changed the name in the repo.
2024-12-12 12:44:04 +00:00
Ryan Wilson
2665425176 core: Set /proc/pid/setgroups to allow for PrivateUsers=full
When trying to run dbus-broker in a systemd unit with PrivateUsers=full,
we see dbus-broker fails with EPERM at `util_audit_drop_permissions`.

The root cause is dbus-broker calls the setgroups() system call and this
is disallowed via systemd's implementation of PrivateUsers= by setting
/proc/pid/setgroups = deny. This is done to remediate potential privilege
escalation vulnerabilities in user namespaces where an attacker can remove
supplementary groups and gain access to resources where those groups are
restricted.

However, for OS-like containers, setgroups() is a pretty common API and
disabling it is not feasible. So we allow setgroups() by setting
/proc/pid/setgroups to allow in PrivateUsers=full. Note security conscious
users can still use SystemCallFilter= to disable setgroups() if they want
to specifically prevent this system call.

Fixes: #35425
2024-12-12 11:36:10 +00:00
Luca Boccassi
184ce19841
gpt-auto: take timeout opts in rootflags= into account; hibernate-resume: always respect user-defined timeout (#35518) 2024-12-12 11:01:40 +00:00
Luca Boccassi
47859053ba
Export two more functions, and update symbol tests (#35578)
Prompted by #35554.
Continuation of #35555.
2024-12-12 10:39:29 +00:00
Yu Watanabe
ef9a3241b3 mkosi: wrap unshare command when running with sanitizers
Follow-up for 219a6dbbf3.
Fixes #35546.
2024-12-12 19:34:07 +09:00
Yu Watanabe
2e6025b1b1 core/namespace: use ProtectHostname in NamespaceParameters
To make the type of NamespaceParameters.protect_hostname consistent
with the one in ExecContext.

Addresses https://github.com/systemd/systemd/pull/35447#discussion_r1880372452.
Fixes #35566.
2024-12-12 19:33:34 +09:00
Daan De Meyer
2d80c9c801
creds: introduce --transcode=help and friends and use them in shell completion (#35579)
Follow-ups for 783f794e89 (#35537).
2024-12-12 09:33:44 +00:00
Yu Watanabe
54944339e5 bash-completion/creds: generate suggestions by systemd-creds itself
Follow-ups for 783f794e89.
2024-12-12 15:25:38 +09:00
Yu Watanabe
831bbaf5cd creds: support --transcode=help and --with-key=help 2024-12-12 15:25:34 +09:00
Yu Watanabe
2a92e0bc6c string-table: make DUMP_STRING_TABLE() returns 0
Then, we can use it as
===
  return DUMP_STRING_TABLE(...);
===
2024-12-12 15:21:16 +09:00
Yu Watanabe
66d2c693ac tpm2-util: allow to control if legend and/or footer shown by tpm2_list_devices() 2024-12-12 15:21:16 +09:00
Yu Watanabe
945d1e5189 ci: enable linter for generate-sym-test.py 2024-12-12 15:04:29 +09:00
Yu Watanabe
0b39dc23ba test: also generate list of symbols from header files
To make the generated tests able to detect issues like #35554.
2024-12-12 15:04:28 +09:00
Yu Watanabe
6e399ece1f test: modernize generate-sym-test.py 2024-12-12 15:03:36 +09:00
Yu Watanabe
5fcabde35b sd-json: properly export sd_json_variant_type_from_string() and _to_string()
These exist in the header file, but were not exporeted.

Continuation of e11f5aa722.
2024-12-12 13:08:35 +09:00
Yu Watanabe
9d8cb69e7f test: rename README.testsuite -> README.md 2024-12-12 12:02:19 +09:00
Yu Watanabe
1fe583861f README: drop CentOS CI badges
CentOS CIs are disabled after ead814a0b0.
2024-12-12 11:58:52 +09:00
Yu Watanabe
fac5a5b747
polkit-agent: allow to invoke polkit agent even if STDIN is not a tty (#35431)
Closes #35018.
2024-12-12 10:32:02 +09:00
Luca Boccassi
c7fcb08324 test: add more coverage for extensions and verity 2024-12-12 00:58:20 +00:00
Luca Boccassi
59a83e1188 core: fix loading verity settings for MountImages=
The MountEntry logic was refactored to store the verity
settings, and updated for ExtensionImages=, but not for
MountImages=.

Follow-up for a1a40297db
2024-12-12 00:58:20 +00:00
Luca Boccassi
783f794e89 shell completion: add systemd-creds 2024-12-12 00:14:42 +00:00
Luca Boccassi
e19cae12ff semaphore: skip some tests
semaphore CI runs are always very close to the limit of 1hr, and often
time out when it's particularly oversubscribed.
Skip some low-value test cases to shorten the runtime.
2024-12-11 23:39:18 +00:00
Yu Watanabe
46c26454bd exec-util: use strv_from_stdarg_alloca()
No functional change, just refactoring.
2024-12-12 08:35:16 +09:00
Yu Watanabe
f0ace1655d exec-util: use open_terminal() in fork_agent() for safety 2024-12-12 08:35:16 +09:00
Yu Watanabe
90579fd0b3 exec-util: drop handling of ENXIO in opening /dev/tty
This effectively reverts 0bcf167900.

The handling is not necessary anymore after 61242b1f0f.
2024-12-12 08:35:16 +09:00
Yu Watanabe
fc3691a70a exec-util: split out common checks before fork_agent() to can_fork_agent()
No functional change, just refactoring.
2024-12-12 08:32:42 +09:00
Yu Watanabe
388d6c5f37 polkit-agent: modernize code a bit
- Use _cleanup_close_pair_ attribute for the pipe FDs,
- Return earlier on failure in forking polkit agent.
2024-12-12 08:30:55 +09:00
Yu Watanabe
0f81c8406f exec-util: allow to invoke polkit/ask-password agent even if STDIN is not a tty
Closes #35018.
2024-12-12 08:30:55 +09:00
Carlo Teubner
dfbd4d8bc5 systemd-cryptenroll.xml: fix typo 2024-12-11 23:10:59 +00:00
Yu Watanabe
4899255aa2
format-table: trivial cleanups (#35572) 2024-12-12 06:12:07 +09:00
cvlc12
693038fce4
man: update example in systemd-measure.xml (#35506)
In the example from systemd-measure(1), do not bind to PCR 7 in
addition to the PCR policy.

As long as this is still done by default, see #35280.
2024-12-12 06:09:11 +09:00
Mike Yuan
3ae314afdc Revert "run: disable --expand-environment by default for --scope"
This reverts commit 8167c56bfa.

We've announced the breaking change during v254-v257. Let's actually
apply it for v258.
2024-12-12 06:05:30 +09:00