1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

60534 Commits

Author SHA1 Message Date
Frantisek Sumsal
3e35a3302c ci: add a missing SPDX line 2022-10-20 17:03:37 +02:00
Luca Boccassi
701f7f6c8f
Merge pull request #25077 from keszybz/completions-optional-components
Fix completions when machinectl is not installed and other fixes
2022-10-20 15:57:46 +02:00
Luca Boccassi
40c05a3459 service: do fine-grained validation of CPUSchedulingPriority= at execution time
The precise bounds of the scheduling priority depend on the scheduling policy,
so depending on the order in which the two settings are specified the
validation might pass or fail.
When checking the setting only validate the outer range (valid values in general are 0 to 99),
and let the execution fail later if the priority does not match the
specified policy (1 to 99 for RR/FIFO, 0 for the rest).

Fixes https://github.com/systemd/systemd/issues/20320
2022-10-20 14:29:45 +02:00
Weblate
1726ce726f po: Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/
Translation: systemd/main
2022-10-20 12:06:08 +00:00
Frantisek Sumsal
0dc8777eb3
Merge pull request #25078 from mrc0mmand/update-pot
po: regenerate the translation files
2022-10-20 11:43:54 +00:00
Luca Boccassi
63857bf4f7 core: allow-list char-rtc with ProtectClock=yes only if needed
Allow-listing a device implicitly blocks everything else, so this
has the opposite of the intended effect when PrivateDevices= is
not used.
Allow-list char-rtc only if there is a device policy set.

Fixes https://github.com/systemd/systemd/issues/18142
2022-10-20 13:11:10 +02:00
Frantisek Sumsal
de85e1a2f4 docs: update translation strings before new release 2022-10-20 10:39:03 +02:00
Frantisek Sumsal
e9c43e5f22 po: regenerate the translation files
See: https://mesonbuild.com/Localisation.html#generate-pot-file
Resolves: #25071
2022-10-20 10:38:15 +02:00
Leon M. George
3d218676fc man: document effect of --user on --unit with journalctl
Relates to #25061.
2022-10-20 10:28:52 +02:00
Zbigniew Jędrzejewski-Szmek
c2af23b50f
Merge pull request #25073 from mrc0mmand/parse-hwdb-tweaks
test: make parse-hwdb compatible with older pyparsing versions
2022-10-20 10:02:04 +02:00
Zbigniew Jędrzejewski-Szmek
9e7cc6f0d2 shell-completion/zsh: rename helper for clarity 2022-10-20 09:58:00 +02:00
Zbigniew Jędrzejewski-Szmek
4e9183059a shell-completion/zsh: silence error when machinectl is not installed
This fixes a few unrelated issues:
- when ENABLE_MACHINED is false, machinectl is not installed, but _sd_machines
  is still used in a few places that want to complete -M and such.
  Also, bash completion calls machinectl in various places.
  Make missing machinectl mean "no machines" in this case, so
  that no error is generated in the callers.
- machinectl list --full would print multiple lines of output per machine,
  breaking grep, issue introduced in e2268fa437.
  Using --max-addresses=1 would fix the issue, but let's use
  --max-addresses=0 because we now can.
- the lists used in various places were slightly different for no good reason.
- don't use a subshell if not necessary.

The code for bash still uses the same combined list of images and running
machines for various commands. The zsh code uses images for start/clone, and
running machines for the rest. Maybe something to fix in the future.

Replaces #25048.
2022-10-20 09:58:00 +02:00
Zbigniew Jędrzejewski-Szmek
99b8149ae1 machinectl: allow --max-addresses=0
Sometimes the addresses are not important, so allow skipping them in output.
2022-10-20 09:57:42 +02:00
Frantisek Sumsal
518d16c110 test: make pylint happy 2022-10-19 22:46:33 +02:00
Frantisek Sumsal
ee8d57df44 test: make parse-hwdb compatible with older pyparsing versions
Follow-up to e77fed207a.
2022-10-19 22:46:30 +02:00
Lennart Poettering
5bc58da2bc update TODO 2022-10-19 18:55:34 +02:00
Luca Boccassi
6762c907c4
Merge pull request #25068 from aafeijoo-suse/bash-completion-dissect
dissect: add missing help option and bash-completion support
2022-10-19 17:30:55 +02:00
Frantisek Sumsal
c2c4fc4888
Merge pull request #25059 from keszybz/fopen-re
Use "re" or "r" as appropriate for various calls
2022-10-19 12:49:31 +00:00
Antonio Alvarez Feijoo
808ec9df38
bash-completion: add systemd-dissect support 2022-10-19 14:43:50 +02:00
Antonio Alvarez Feijoo
1b967529d2
dissect: add missing --umount to the help output 2022-10-19 14:42:42 +02:00
Luca Boccassi
875c0bd07e
Merge pull request #25055 from keszybz/coredump-deadlock
Fix coredump deadlock with overly long backtraces
2022-10-19 14:21:33 +02:00
Zbigniew Jędrzejewski-Szmek
6f3cec8a0d TEST-15: add daemon-reload in one place
Quoting https://github.com/systemd/systemd/pull/25050#discussion_r998721845:

This part seems to be quite racy, at least in the C8S job:

[ 1767.520856] H testsuite-15.sh[35]: *** test transient slice drop-ins
[ 1767.520856] H testsuite-15.sh[35]: + mkdir -p /etc/systemd/system/slice.d
[ 1767.522480] H testsuite-15.sh[35]: + mkdir -p /etc/systemd/system/a-.slice.d
[ 1767.524992] H testsuite-15.sh[35]: + mkdir -p /etc/systemd/system/a-b-.slice.d
[ 1767.526799] H testsuite-15.sh[35]: + mkdir -p /etc/systemd/system/a-b-c.slice.d
[ 1767.528302] H testsuite-15.sh[35]: + echo -e '[Unit]\nDocumentation=man:drop1'
[ 1767.528434] H testsuite-15.sh[35]: + echo -e '[Unit]\nDocumentation=man:drop2'
[ 1767.528519] H testsuite-15.sh[35]: + echo -e '[Unit]\nDocumentation=man:drop3'
[ 1767.528595] H testsuite-15.sh[35]: + echo -e '[Unit]\nDocumentation=man:drop4'
[ 1767.528676] H testsuite-15.sh[35]: + systemctl cat a-b-c.slice
[ 1767.541321] H systemctl[1042]: No files found for a-b-c.slice.
[ 1767.542854] H systemd[1]: testsuite-15.service: Main process exited, code=exited, status=1/FAILURE
[ 1767.542995] H systemd[1]: testsuite-15.service: Failed with result 'exit-code'.
[ 1767.543360] H systemd[1]: Failed to start testsuite-15.service.
[ 1767.543542] H systemd[1]: testsuite-15.service: Consumed 1.586s CPU time.
[ 1767.543938] H systemd[1]: Reached target testsuite.target.
[ 1767.545737] H systemd[1]: Starting end.service...
2022-10-19 11:48:59 +00:00
Lennart Poettering
8f598a4635 man: document restrictions on naming interfaces
Let's document that "." is a bad choice of character when naming
interfaces. Let's also document the hard restrictions we make when
naming interfaces.

Result of the mess that is #25052.
2022-10-19 13:04:56 +02:00
Luca Boccassi
10a336cd93
Merge pull request #25056 from yuwata/sd-device-monitor-set-description
tree-wide: set description for device monitor
2022-10-19 13:04:17 +02:00
Frantisek Sumsal
dacaddd90a README.md: add a missing line break
Follow-up to b7a279f9ef.
2022-10-19 11:17:33 +02:00
Joyce
b7a279f9ef
ci: Enable Scorecard Github Action and Badge (#25054)
* chore: enable scorecard action

* chore: add badge to the README file

* chore: enable on config file update

* chore: update scorecard to 2.0.4

* chore: run scorecard on PR at main branch

* chore: add condition to publish_result key

* chore: skip upload to code scanning if PR

* chore: only runs scorecard in the main repo

Resolves: #25042
2022-10-19 09:05:39 +00:00
Zbigniew Jędrzejewski-Szmek
f3bd4b3df5 tree-wide: do not use "re" with fmemopen
The man page says nothing about "e". Glibc clearly accepts it without fuss, but
it is meaningless for a memory object (and probably doesn't work). This use is
not portable, so let's avoid it.
2022-10-19 10:10:57 +02:00
Zbigniew Jędrzejewski-Szmek
dc1768131a shared/tpm2-util: wrap comments 2022-10-19 10:10:57 +02:00
Zbigniew Jędrzejewski-Szmek
a3ee0916b1 resolved,test-fileio: use "re" when opening files
This doesn't matter too much, because neither of those programs forks, but
let's dot he generally correct thing anyway.
2022-10-19 10:10:50 +02:00
Zbigniew Jędrzejewski-Szmek
076b807be4 coredump: avoid deadlock when passing processed backtrace data
We would deadlock when passing the data back from the forked-off process that
was doing backtrace generation back to the coredump parent. This is because we
fork the child and wait for it to exit. The child tries to write too much data
to the output pipe, and and after the first 64k blocks on the parent because
the pipe is full. The bug surfaced in Fedora because of a combination of four
factors:
- 87707784c7 was backported to v251.5, which
  allowed coredump processing to be successful.
- 1a0281a3eb was NOT backported, so the output
  was very verbose.
- Fedora has the ELF package metadata available, so a lot of output can be
  generated. Most other distros just don't have the information.
- gnome-calendar crashes and has a bazillion modules and 69596 bytes of output
  are generated for it.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778.

The code is changed to try to write data opportunistically. If we get partial
information, that is still logged. In is generally better to log partial
backtrace information than nothing at all.
2022-10-19 09:46:55 +02:00
Zbigniew Jędrzejewski-Szmek
87a16eb8b5 shared/json: use different return code for empty input
It is useful to distinguish if json_parse_file() got no input or invalid input.
Use different return codes for the two cases.
2022-10-19 09:46:55 +02:00
Yu Watanabe
82c5487894 test: skip one test for iszero_safe() on i386 without SSE2
We do not provide any numerical libraries, and iszero_safe() is only
used in parsing or formatting JSON. Hence, it is not necessary for us to
request that the function provides the same result on different systems.

Fixes #25044.
2022-10-19 00:09:44 +02:00
Yu Watanabe
17bf3c550d tree-wide: set description for device manager 2022-10-19 04:46:24 +09:00
Yu Watanabe
9b784d7c16 udev: drop redundant description setting
Follow-up for f714ecd450.
2022-10-19 04:45:31 +09:00
Luca Boccassi
50675bb98f
Merge pull request #25050 from keszybz/transient-drop-ins-2
TEST-15: add one more variant of the test for drop-ins on transient services
2022-10-18 19:32:36 +02:00
Zbigniew Jędrzejewski-Szmek
7922ead507 shared/json: allow json_variant_dump() to return an error 2022-10-18 18:17:19 +02:00
Zbigniew Jędrzejewski-Szmek
9ca1efbc46 NEWS: add entries after 252-rc1, update contrib list 2022-10-18 14:30:54 +02:00
Zbigniew Jędrzejewski-Szmek
70f0e75ef8 TODO: drop entry
This was resolved by 028a981c00. We don't do
the reload in the normal path.
2022-10-18 12:29:09 +02:00
Zbigniew Jędrzejewski-Szmek
40d4835d69 TEST-15: add test that shows slice dropin issue
This should be fixed by single-unit reloads. We already have a TODO
entry for this.
2022-10-18 12:26:53 +02:00
Lennart Poettering
9ef6330e17 update TODO 2022-10-18 12:10:02 +02:00
Luca Boccassi
af4117037b
Merge pull request #25004 from keszybz/transient-drop-ins
Allow drop-ins for transient units
2022-10-18 11:49:29 +02:00
Zbigniew Jędrzejewski-Szmek
9e11abe817
Merge pull request #25007 from keszybz/rename-dbus-dump
manager: rename dbus method
2022-10-18 11:34:16 +02:00
Ted X. Toth
29dbc62d74 manager: use target process context to set socket context
Use target process context to set socket context when using SELinuxContextFromNet
not systemd's context. Currently when using the SELinuxContextFromNet option for
a socket activated services, systemd calls getcon_raw which returns init_t and
uses the resulting context to compute the context to be passed to the
setsockcreatecon call. A socket of type init_t is created and listened on and
this means that SELinux policy cannot be written to control which processes
(SELinux types) can connect to the socket since the ref policy allows all
'types' to connect to sockets of the type init_t. When security accessors see
that any process can connect to a socket this raises serious concerns. I have
spoken with SELinux contributors in person and on the mailing list and the
consensus is that the best solution is to use the target executables context
when computing the sockets context in all cases.

[zjs review/comment:

This removes the branch that was added in 16115b0a7b.
16115b0a7b did two things: it had the branch here
in 'socket_determine_selinux_label()' and a code in 'exec_child()' to call
'label_get_child_mls_label(socket_fd, command->path, &label)'.

Before this patch, the flow was:
'''
mac_selinux_get_child_mls_label:
  peercon = getpeercon_raw(socket_fd);
  if (!exec_label)
     exec_label = getfilecon_raw(exe);

socket_open_fds:
  if (params->selinux_context_net)                 #
     label = mac_selinux_get_our_label();          #  this part is removed
  else                                             #
     label = mac_selinux_get_create_label_from_exe(path);
  socket_address_listen_in_cgroup(s, &p->address, label);

exec_child():
   exec_context = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context);
   setexeccon(exec_context);
'''
]
2022-10-18 11:31:22 +02:00
Zbigniew Jędrzejewski-Szmek
b08d86dc4a analyze: use DumpUnitsMatchingPatternsByFileDescriptor
Similarly to DumpByFileDescriptor vs Dump,
DumpUnitsMatchingPatternsByFileDescriptor is used in preference. Dissimilarly,
a fallback to DumpUnitsMatchingPatterns is not done on error, because there is
no need for backwards compatibility.

The code is still more verbose than I'd like, but there are four different code
paths with slightly different rules in each case, so it's hard to make this all
very brief. Since we have a separate file dedicated to making those calls, the
verbose-but-easy-to-follow implementation should be OK.

Closes #24989.

I only did a quick test that all both variants works locally and over ssh.
2022-10-18 08:45:45 +02:00
Zbigniew Jędrzejewski-Szmek
8ff92848a6
Merge pull request #24777 from medhefgo/stub
stub: Use LoadImage/StartImage
2022-10-18 07:36:20 +02:00
Luca Boccassi
6a0907b8a3
Merge pull request #25035 from keszybz/manager-method-names
Manager method names
2022-10-17 23:11:13 +02:00
Frantisek Sumsal
3113ae1f2b test: call sync() before checking the test logs
Otherwise we might hit a race where we read the test log just before
it's fully written to the disk:

```
======================================================================
FAIL: test_interleaved (__main__.ExecutionResumeTest.test_interleaved)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/systemd/test/test-exec-deserialization.py", line 170, in test_interleaved
    self.check_output(expected_output)
  File "/root/systemd/test/test-exec-deserialization.py", line 111, in check_output
    self.assertEqual(output, expected_output)
AssertionError: 'foo\n' != 'foo\nbar\n'
  foo
+ bar
```

With some debug:
```
test_interleaved (__main__.ExecutionResumeTest.test_interleaved) ...
Assertion failed; file contents just after the assertion:
b'foo\n'

File contents 5 seconds later:
b'foo\nbar\n'
FAIL
```

Seen quite often in CentOS CI on the fast baremetal machines.
2022-10-17 20:24:24 +00:00
Luca Boccassi
61938b3c8d
Merge pull request #25039 from mrc0mmand/test-tewaks
A couple of minor tweaks for recent CI fails
2022-10-17 21:52:00 +02:00
Zbigniew Jędrzejewski-Szmek
725a28fe77
Merge pull request #24992 from yuwata/sd-device-monitor-receive-buffer
sd-device-monitor: dynamically allocate receive buffer
2022-10-17 20:49:18 +02:00
Lennart Poettering
15f9a1525f man: add missing reference to systemd-pcrphase-sysinit.service 2022-10-17 17:12:45 +02:00