1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

78001 Commits

Author SHA1 Message Date
Lennart Poettering
3c702e8210 condition: add new ConditionKernelModuleLoaded=
This introduces a new unit condition check: that matches if a specific
kmod module is allowed. This should be generally useful, but there's one
usecase in particular: we can optimize modprobe@.service with this and
avoid forking out a bunch of modprobe requests during boot for the same
kmods.

Checking if a kernel module is loaded is more complicated than just
checking if /sys/module/$MODULE/ exists, since kernel modules typically
take a while to initialize and we must check that this is complete (by
checking if the sysfs attr "initstate" is "live").
2024-12-12 05:03:52 +09:00
Yu Watanabe
c9011f170b
journalctl: also mangle unit name when --invocation= or --list-invocations is specified (#35542)
Fixes #35538.
2024-12-12 05:01:54 +09:00
andrejpodzimek
ae2f3af639 Fixing VLAN ranges in man systemd.network.
Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed).
2024-12-12 03:52:00 +09:00
Tobias Klauser
12e33d332b profile.d: don't bail if $SHELL_* variables are unset
If - for whatever reason - a script uses set -u (nounset) and includes
/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via
/etc/profile) the script would fail with:

    /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable

For example:

    $ cat > foo.sh <<EOF
    #!/bin/sh
    set -u

    source /etc/profile
    EOF
    $ chmod 700 foo.sh
    $ ./foo.sh
    /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable

Fix this by using shell parameter substitution[^1] (which is a POSIX
shell concept) to set the $SHELL_* variables to the empty string if
undefined.

[^1]: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html
2024-12-11 18:33:41 +00:00
Lennart Poettering
9948b4668c virt: drop userns detection heuristic
Now that we have an explicit userns check we can drop the heuristic for
it, given that it's kinda wrong (because mapping the full host UID range
into a userns is actually a thing people do).

Hence, just delete the code and only keep the userns inode check in
place.
2024-12-11 19:23:03 +01:00
Lennart Poettering
7f0a615ef8 virt: dont check for cgroupns anymore
Now that we have a reliable pidns check I don't think we really should
look for cgroupns anymore, it's too weak a check. I mean, if I myself
would implement a desktop app sandbox (like flatpak) I'd always enable
cgroupns, simply to hide the host cgroup hierarchy.

Hence drop the check.

I suggested adding this 4 years ago here:

https://github.com/systemd/systemd/pull/17902#issuecomment-745548306
2024-12-11 19:23:03 +01:00
Katariina Lounento
3ca09aa4dd man: document unprivileged is not for reading properties
Document the fact that read-only properties may not have the flag
SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the
flag is accepted for writable properties.

Based on the check in `add_object_vtable_internal` called by
`sd_bus_add_object_vtable` (as of the current tip of the main branch
f7f5ba0192):

    case _SD_BUS_VTABLE_PROPERTY: {
            [...]
            if ([...] ||
                [...]
                (v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
                    r = -EINVAL;
                    goto fail;
            }

(where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas
`_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property).

This was implemented in the commit
adacb9575a ("bus: introduce "trusted" bus
concept and encode access control in object vtables") where
`SD_BUS_VTABLE_UNPRIVILEGED` was introduced:

    Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED
    and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them.
    Note however that read access is unrestricted, as PropertiesChanged
    messages might send out the values anyway as an unrestricted
    broadcast.
2024-12-11 18:32:46 +01:00
Yu Watanabe
7bb1c8f2a3 journalctl: make --invocation and --list-invocations accept unit name with glob
Previously, journalctl -I -u GLOB was not supported, while
journalctl -u GLOB works fine. Let's make them consistent.
2024-12-11 16:32:22 +00:00
Yu Watanabe
48b22321af journalctl: move get_possible_units() to journalctl-util.c
No functional change. Preparation for the next commit.
2024-12-11 16:32:22 +00:00
Yu Watanabe
e8823b5e35 journalctl: make --invocation and --list-invocations accept unit name without suffix
Fixes #35538.
2024-12-11 16:32:22 +00:00
Luca Boccassi
d1ecd61176
Fix unit tests in unprivileged docker container (#35556) 2024-12-11 16:28:30 +00:00
Luca Boccassi
446d737cba mkosi: use inetutils package instead of hostname for Archlinux
In Arch the hostname binary is in a different package

Follow-up for cf48bde7ae
2024-12-11 14:21:06 +00:00
Tobias Klauser
d184e6aae3 mailmap: fix entries for Tobias Klauser
Map all previous, no longer used e-mail addresses to my current e-mail
address.
2024-12-11 13:55:07 +00:00
Luca Boccassi
90e6347fef
analyze: add --mask to --help text (#35548) 2024-12-11 13:45:30 +00:00
Luca Boccassi
3b32d333e8 test-fd-util: compare FDs to /bin/sh instead of /dev/null
/dev/null is a character device, so same_fd() in the fallback path
that compares fstat will fail, as that bails out if the fd refers
to a char device. This happens on kernels without F_DUPFD_QUERY and
without kcmp.

/* test_same_fd */
Assertion 'same_fd(d, e) > 0' failed at src/test/test-fd-util.c:111, function test_same_fd(). Aborting.

Fixes #35552
2024-12-11 13:42:11 +00:00
Luca Boccassi
630a2e7ee1 test-fd-util: skip test when lacking privileges to create a new namespace
To reproduce, as an unprivileged user start a docker container and build
and run the unit tests inside it:

$ docker run --rm -ti debian:bookworm bash
...
/* test_close_all_fds */
Successfully forked off '(caf-plain)' as PID 10496.
Skipping PR_SET_MM, as we don't have privileges.
(caf-plain) succeeded.
Failed to fork off '(caf-noproc)': Operation not permitted
Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.

Partially fixes #35552
2024-12-11 13:42:11 +00:00
Luca Boccassi
058a07635f test-capability: CAP_LINUX_IMMUTABLE is not available in unprivileged containers
have ambient caps: yes
Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Failed to drop auxiliary groups list: Operation not permitted
Failed to change group ID: Operation not permitted
Capabilities:cap_dac_override,cap_net_raw=ep
Capabilities:cap_dac_override=ep
Successfully forked off '(getambient)' as PID 12505.
Skipping PR_SET_MM, as we don't have privileges.
Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically.
Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting.
(getambient) terminated by signal ABRT.
src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error

Partially fixes #35552
2024-12-11 13:42:11 +00:00
Luca Boccassi
e18768751e
Define flags for manager_is_inhibited() (#35253) 2024-12-11 13:08:29 +00:00
Nick Rosbrook
59e5108fb4 test: set nsec3-salt-length=8 in knot.conf
TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from
knot:

 notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0

Explicitly set nsec3-salt-length=8 to silence.
2024-12-11 12:55:37 +00:00
Mike Yuan
e38a70a19f
basic/user-util: modernize getgroups_alloc() a bit (#35226)
Split out from #35219 for inclusion in v258
2024-12-11 13:50:50 +01:00
Zbigniew Jędrzejewski-Szmek
0c1622aa5a logind: define flags enum for manager_is_inhibited()
The most common case of block=true, ignore_inactive=false is mapped to flags=0.

For https://github.com/systemd/systemd/issues/34091.
2024-12-11 10:20:35 +00:00
Zbigniew Jędrzejewski-Szmek
385eccf65b logind: drop one duplicate param in manager_is_inhibited()
In the review in https://github.com/systemd/systemd/pull/30307#pullrequestreview-2255002732
removal of the excessive boolean parameters was requested. We don't need
a separate boolean param here, since we always pass true with a uid and
false otherwise.
2024-12-11 10:20:35 +00:00
Lennart Poettering
4d09f976f6 analyze: add missing --mask option to --help text
Follow-up for: 3e7a029c28
2024-12-11 10:32:38 +01:00
Lennart Poettering
7167bee6c6 analyze: tab fix 2024-12-11 10:32:38 +01:00
Yu Watanabe
b83847eb13
network: optionally bring up interface before joining bridge (#34438)
Closes #34247.
2024-12-11 18:16:34 +09:00
Yu Watanabe
f8bfe16b06 journalctl: do not override explicitly specified -b or -n with -e or -k
Fixes #35248.
2024-12-11 18:12:13 +09:00
Yu Watanabe
c577fe65f3 systemctl: downgrade log level of ECONNREFUSED from system dbus.service
To suppress log message when 'systemctl poweroff' or friends invoked in
rescue shell, which does not have dbus.service.
2024-12-11 18:08:26 +09:00
Yu Watanabe
2dfde4b8f8 network: optionally bring up interface before joining bridge
Closes #34247.
2024-12-11 11:23:48 +09:00
Yu Watanabe
2bb7fe554f network: introduce link_up_now()
This is currently not used. Preparation for later commit.
2024-12-11 11:23:48 +09:00
Yu Watanabe
77064620d7 Revert "coredumpctl: Don't treat no coredumps as failure"
This reverts commit dfe79b9ed2.
2024-12-11 11:14:37 +09:00
Yu Watanabe
94930ff674
bus-creds/time-util: use first_word() and skip_leading_chars() more (#35421)
Prompted by
https://github.com/systemd/systemd/pull/35403#discussion_r1863855098
2024-12-11 10:42:34 +09:00
Yu Watanabe
627d1a9ac1
core: Add ProtectHostname=private (#35447)
This PR allows an option for systemd exec units to enable UTS namespaces
but not restrict changing hostname via seccomp. Thus, units can change
hostname without affecting the host. This is useful for OS-like
containers running as units where they should have freedom to change
their container hostname if they want, but not the host's hostname.

Fixes: #30348
2024-12-11 10:17:25 +09:00
Yu Watanabe
17e6e4d6b6 tree-wide: replace ANSI_XYZ with ansi_xyz()
Continuation of f0484e096c.
2024-12-11 10:11:53 +09:00
Daan De Meyer
dfe79b9ed2 coredumpctl: Don't treat no coredumps as failure
Having to deal with a process that fails or doesn't fail depending on
whether there are coredumps or not is incredibly annoying for users.
2024-12-10 21:03:20 +01:00
Samuel Dionne-Riel
67f8ddc967 boot: Fix typo in looking_for_dtbauto
Signed-off-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
2024-12-10 20:59:18 +01:00
Ryan Wilson
219a6dbbf3 core: Fix time namespace in RestrictNamespaces=
RestrictNamespaces= would accept "time" but would not actually apply
seccomp filters e.g. systemd-run -p RestrictNamespaces=time unshare -T true
should fail but it succeeded.

This commit actually enables time namespace seccomp filtering.
2024-12-10 20:55:26 +01:00
Lennart Poettering
641714cb30 discover-image: extend r/o check on images via path
If we have no path, let's check the parent's path.
2024-12-10 20:53:56 +01:00
Mike Yuan
f0e8db76ca
basic/user-util: modernize getgroups_alloc() a bit
- Make sure ret is initialized if we return >= 0
- Reduce variable scope
2024-12-10 20:51:14 +01:00
Mike Yuan
8112df6bef
basic/user-util: use FOREACH_ARRAY at one more place 2024-12-10 20:51:14 +01:00
Mike Yuan
5dfccccce9
basic/time-util: modernize parse_time() a bit 2024-12-10 20:50:36 +01:00
Mike Yuan
2cdfe75689
sd-bus/bus-creds: use first_word() where appropriate 2024-12-10 20:50:36 +01:00
Mike Yuan
d6010533df
sd-bus/bus-creds: use proper NULL instead of 0 2024-12-10 20:50:36 +01:00
Mike Yuan
77b40b4f60 units/initrd-parse-etc.service: replace systemctl start with OnSuccess= 2024-12-10 20:50:09 +01:00
Yu Watanabe
c576ba7182 journald: extend STDOUT_STREAMS_MAX to 64k
Closes #35390.
2024-12-10 20:49:42 +01:00
Nils K
e76d83d100
core: improve finding OnSuccess=/OnFailure= dependent (#35468)
Previously if one service specified the same unit as their
success and failure handler we bailed out of resolving the triggering unit
even though it is still unique.
2024-12-10 20:48:09 +01:00
Lennart Poettering
e82677aa07 tree-wide: fd_get_path() already understands AT_FDCWD natively 2024-12-10 20:46:30 +01:00
Luca Boccassi
92acb89735 Revert "test: skip TEST-13-NSPAWN.nspawn/machined, TEST-86-MULTI-PROFILE-UKI and TEST-07-PID1.private-pids.sh"
The release is done, re-enable the skipped flaky tests for main.

This reverts commit ab828def6d.
2024-12-10 19:31:18 +00:00
Luca Boccassi
9df1ca63fb NEWS: add placeholder for v258 2024-12-10 19:31:07 +00:00
Luca Boccassi
8c56f0bc9a meson: update version to 258~devel 2024-12-10 19:30:06 +00:00
Luca Boccassi
70bae7648f Finalize NEWS and meson.version for v257 2024-12-10 19:23:45 +00:00