1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

78172 Commits

Author SHA1 Message Date
Lennart Poettering
5d1e57b820 serialize: add explicit calls for finishing serialization
These new calls will do three things:

1. in case of FILE* stuff: flush any pending bytes onto the fd, just in
   case
2. seal the backing memfd
3. seek back to the beginning.

Note that this adds sealing to serialization: once we serialized fully,
we'll seal the thing off for further modifications, before we pass the
fd over to the target process. This should add a bit of robustness, and
maybe finds a bug or two one day, if we accidentally write to a
serialization that is complete.
2024-12-17 18:26:15 +01:00
Lennart Poettering
4d98709cb2 memfd-util: introduce memfd_new_full() helper
This is just like memfd_new(), but allows fine grained control of the
sealing flags.

This switches over all uses of memfd_new() where we actually want
sealing to use memfd_new_full().

This then allows use to use memfd_new() for two further calls, where we
previously used the more lowlevel memfd_create_wrapper().
2024-12-17 18:26:15 +01:00
Lennart Poettering
9b1d97cccd memfd-util: explain what memfd_create_wrapper() is for in a comment 2024-12-17 18:26:15 +01:00
Lennart Poettering
caf1436ee8 memfd-util: use TASK_COMM_LEN at one more place
Note this corrects the size of the array from 17 to 16, as the 16
already includes space for a trailing NUL.
2024-12-17 18:26:15 +01:00
Lennart Poettering
ce66a2f2bb sd-journal: drop memfd fallback 2024-12-17 18:26:15 +01:00
Lennart Poettering
52cd287933 serialize: drop memfd fallback when serializing 2024-12-17 18:26:15 +01:00
Lennart Poettering
e1c52c9238 memfd-util: short memfd_clone_fd() 2024-12-17 18:26:15 +01:00
Lennart Poettering
db5381c49c memfd-util: simplify memfd_new_and_seal()
Let's use pwrite() to write the contents of the memfd. This has the
benefit of not moving the file offset, which means we don't have to
reset it after at all.
2024-12-17 18:26:15 +01:00
Lennart Poettering
a87a9625f8 tree-wide: drop acquire_data_fd_full() helper
Let's drop support systems lacking memfds, i.e. pre kernel 3.17 systems.
This allows us to drastically simplify the "data fd" concept, so far
that we can remove it entirely.

This replaces acquire_data_fd() with a specialized call to
memfd_new_and_seal(), not that memfds can be the only implementation of
the concept.
2024-12-17 18:26:15 +01:00
Lennart Poettering
8d08f18b52
discover-image: modernize image discovery around O_PATH (#35513)
let's always pin the image fd as early as we can, then derive all
properties off it, to have a consistent view on things.
2024-12-17 17:39:59 +01:00
Lennart Poettering
00a415fc8f tree-wide: remove support for kernels lacking ambient caps
Let's bump the kernel baseline a bit to 4.3 and thus require ambient
caps.

This allows us to remove support for a variety of special casing, most
importantly the ExecStart=!! hack.
2024-12-17 17:34:46 +01:00
Daan De Meyer
96ec3911f3
machine: introduce io.systemd.Machine.{MapFrom, MapTo} methods (#35064)
This PR introduces varlink's alternatives to the following DBus methods:
- MapFromMachineUser
- MapToMachineUser
- MapFromMachineGroup
- MapToMachineGroup
2024-12-17 16:51:51 +01:00
Antonio Alvarez Feijoo
5aab7ad075 boot: do not build test-hwids-section.c if ukify is disabled
Otherwise the build fails:

```
[22/3075] Generating src/boot/test-hwids-section.c with a custom command (wrapped by meson to capture output)
FAILED: src/boot/test-hwids-section.c
/usr/bin/meson --internal exe --capture src/boot/test-hwids-section.c -- /usr/bin/python3.10 /mnt/work/systemd/upstream-fork/main/src/boot/generate-hwids-section.py /mnt/work/systemd/upstream-fork/main/src/boot/hwids
--- stderr ---
Traceback (most recent call last):
  File "/mnt/work/systemd/upstream-fork/main/src/boot/generate-hwids-section.py", line 12, in <module>
    import ukify
  File "/mnt/work/systemd/upstream-fork/main/src/boot/../ukify/ukify.py", line 61, in <module>
    import pefile  # type: ignore
ModuleNotFoundError: No module named 'pefile'
```

Follow-up for 640f8c3eb8
2024-12-17 11:15:39 +00:00
Ivan Kruglov
1fc1a32941 machine: tests for io.systemd.Machine.{MapFrom, MapTo} methods 2024-12-17 11:25:24 +01:00
Ivan Kruglov
8351463f67 machine: introduce io.systemd.Machine.{MapFrom, MapTo} methods 2024-12-17 11:25:24 +01:00
Lennart Poettering
98e28335b7 discover-image: modernize image discovery around O_PATH
let's always pin the image fd as early as we can, then derive all
properties off it, to have a consistent view on things.
2024-12-17 11:21:57 +01:00
Lennart Poettering
476b7c3a68 discover-image: make sure quota logic works on O_PATH fds 2024-12-17 11:21:57 +01:00
Lennart Poettering
abeedbde90 btrfs-util: make sure btrfs_subvol_get_info_fd() works on O_PATH fds 2024-12-17 11:21:57 +01:00
Lennart Poettering
e837c257d0 chattr-util: move O_PATH conversion from read_attr_at() to read_attr_fd() 2024-12-17 11:19:55 +01:00
Lennart Poettering
7f8c27758b update TODO 2024-12-17 11:18:01 +01:00
Yu Watanabe
c195fdba12
test: Add CHID matching test (#35532) 2024-12-17 13:21:04 +09:00
Yu Watanabe
47f58740aa
core: make ProtectHostname= optionally take a hostname (#35626)
Closes #35623.
2024-12-17 13:20:08 +09:00
Yu Watanabe
b58b00e4c3 systemctl-edit: ignore ENOENT from unit_is_masked()
If a specified unit does not exist, then it is definitely not masked.

Fixes #35632.
2024-12-17 13:19:35 +09:00
Yu Watanabe
a4d1891475 meson: allow to customize the access mode for tty/pts devices
Then, switch the default value to "0600", due to general security
concerns about terminals being written to by other users.

Closing #35599.
2024-12-16 21:36:07 +00:00
Lennart Poettering
0543b02cf8 networkd: show wireguard private key read error number
Noticed while looking at #35641
2024-12-16 18:54:57 +00:00
Luca Boccassi
930d65ccca mkosi: temporarily disable panic_on_warn
Due to a BTRFS issue in kernel 6.12 (and backported in Ubuntu to 6.8)
there's a warning triggered by some tests, and it then causes a panic.

The BTRFS issue has a patch but it is not available in any distro yet,
so disable panic_on_warn until it reaches Arch and Ubuntu Noble. Bugs
have been filed.
2024-12-16 18:54:32 +00:00
anonymix007
640f8c3eb8 test: Add test-chid-match 2024-12-16 21:02:54 +03:00
Yu Watanabe
7c4e351861 boot: introduce smbios_raw_info_get_cached() to cache populated SMBIOS raw info
Then, drop cache in smbios_info_populate().
No functional change, just refactoring and preparation for later commit.
2024-12-16 21:02:54 +03:00
anonymix007
f28cedfa31 boot: Add chid.c to libefitest
Also fix compilation for testing CHID matching in userspace
2024-12-16 21:02:54 +03:00
anonymix007
48acd7fe90 boot: Deduplicate efi.h and efi-fundamental.h
These definitions are needed for both userspace and EFI, so keep them in efi-fundamental.h
2024-12-16 21:02:54 +03:00
Lucas Adriano Salles
56785120a0
hwdb: fix key toggle touchpad for VAIO VJFH52 (#35645)
Fixes #35644.
2024-12-17 00:10:42 +09:00
Yu Watanabe
e76fcd0e40 core: make ProtectHostname= optionally take a hostname
Closes #35623.
2024-12-16 23:55:44 +09:00
Yu Watanabe
0d298a771a core/exec-invoke: fix ProtectHostname= value in log message
Follow-up for cf48bde7ae.
2024-12-16 23:55:44 +09:00
Federico Giovanardi
7fd45eec37 udev: add option to trigger parent devices despite filters
This commit add the `-i` option to `udevadm trigger` that force it to
match parent devices even if they're excluded from filters.
The rationale is that some embedded devices have a huge number of
platform devices ( ~ 4k for MX8 ) they are there because they're defined
in the device tree but there isn't any action or udev rules associated
with them.

So at boot a significant time is spend triggering and processing rules
for devices that don't produce any effect and we would like to filter
them by calling:

```
udevadm trigger --type=device --action=add -s block -s tty
```

instead of the normal

```
udevadm trigger --type=device --action=add
```

so we can use filter to filter out only subsystems for we we know that
we have rules in place that do something useful.

On the other side action / rules are not triggered until the parent is
triggered ( which is part of another subsystem), so the additional option
will allows udev to complete the coldplug with only the devices we care.

Example on iMX8:

.Without the new option
```
root@dev:~# udevadm trigger --dry-run  -s block --action=add -v
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0boot0
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0boot1
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p1
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p2
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p3
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p4
```

.With the new option
```
root@dev:~# udevadm trigger --dry-run -i -s block --action=add -v
/sys/devices/platform
/sys/devices/platform/bus@5b000000
/sys/devices/platform/bus@5b000000/5b010000.mmc
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0boot0
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0boot1
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p1
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p2
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p3
/sys/devices/platform/bus@5b000000/5b010000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p4
```
Boot time reduction with this is place is ~ 1 second.
2024-12-16 15:43:52 +01:00
Lennart Poettering
a0c314d6b0 terminal-util: temporarily turn on nonblocking mode when waiting for ANSI seq responses
We never know, maybe there's some spurious POLLIN and read() will fail
with EAGAIN even though we saw POLLIN. Handle that.

(this can happen if we area not the only process reading from the tty,
or in case of hups and such).

Fixes: #35499
2024-12-16 15:41:53 +01:00
Lennart Poettering
9914b95a3f
ptyfwd: fix OSC sequence termination handling (#35640)
Fixes #35631.
2024-12-16 15:41:32 +01:00
Yu Watanabe
d0a63cf041 TEST-50-DISSECT: add test case with systemd-notify
This also merges the previous test cases into one.

Follow-up for 284dd31e9d and
498c20fad6.
2024-12-16 11:22:39 +00:00
Yu Watanabe
a763364cc9 ptyfwd: fix logic of OSC sequence termination
Previously, when an OSC sequence is terminated with \x1b\x5c, configured
OSC sequence would be inserted between the two characters, rather
than after the two.

Fixes a bug introduced by d848a94998.
Fixes #35631.
2024-12-16 19:21:43 +09:00
Yu Watanabe
9bc2acad8f ptyfwd: clean up logic of color state transition in pty_forward_ansi_process()
Drop all 'continue', to make the logic easy to understand.
No functional change, just refactoring and preparation for later commit.
2024-12-16 16:36:56 +09:00
Bastien Nocera
106f64cbd6 hwdb: Make remote controllable lights work out-of-the-box
Give access to USB/Bluetooth lights such as the Logitech Litra family of
devices.

The Logitech devices in particular are accessible through USB
and Bluetooth.
2024-12-16 14:50:28 +09:00
Yu Watanabe
78ef395947 test/README: Environment= setting for mkosi should be in [Build] section
Otherwise, we get the following warning:

mkosi.local.conf: Setting Environment should be configured in [Build], not [Content].
2024-12-16 02:03:50 +09:00
persmule
93fc2adfa4 hwdb: add scancodes for HP Elitebook 2170p runnning coreboot
HP Elitebook 2170p's keyboard scancodes under coreboot is different
with those under oem firmware. The scan code of backspace key of HP
Elitebook 2170p under coreboot is 0x66, but 93b078c has
KEYBOARD_KEY_66=pickup_phone for general HP laptops, making the
backspace key of the HP Elitebook 2170p running coreboot unusable.

The committed scancodes map KEYBOARD_KEY_66 back to backspace, and
provide all Fn-keys of HP Elitebook 2170p under coreboot.
Their evdev string matches the default SMBIOS tables of coreboot
for Elitebook 2170p, to avoid conflict with HP Elitebook 2170p running
oem firmware.

Fixes #35469 and https://ticket.coreboot.org/issues/571
2024-12-15 23:58:02 +09:00
Yu Watanabe
26f65dc0c7 TEST-35-LOGIN: check only tty session
For some reasons, another session logind-test-user may be started.
===
Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ...
(snip)
Dec 13 07:04:16 systemd-logind[2140]: New session 15 of user logind-test-user.
Dec 13 07:04:16 systemd-logind[2140]: VT changed to 2
Dec 13 07:04:16 systemd-logind[2140]: rfkill: Found udev node /dev/rfkill for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: udmabuf: Found udev node /dev/udmabuf for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/timer for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/seq for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/timer for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/rfkill for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/udmabuf for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/seq for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd[1]: user-4712.slice: Changed dead -> active
Dec 13 07:04:16 systemd[1]: user-4712.slice: Job 5951 user-4712.slice/start finished, result=done
Dec 13 07:04:16 systemd[1]: Created slice user-4712.slice.
Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user
Dec 13 07:04:16 systemd-logind[2140]: Choosing session 15 in preference to -
(snip)
Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ...
(snip)
Dec 13 07:04:16 systemd-logind[2140]: New session 16 of user logind-test-user.
Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user
Dec 13 07:04:16 systemd-logind[2140]: Ignoring session 16
===
Let's track only session for the user with tty, which we explicitly created.

Fixes #35597.
2024-12-15 21:10:03 +09:00
Ronan Pigott
e803e95760 network: don't warn with no NSID assigned
This is nothing interesting to warn about. Also use the symbolic
constant name when testing for this condition.
2024-12-15 09:09:26 +09:00
Luca Boccassi
498c20fad6 test: include MAINPID in notify message in TEST-50-DISSECT for notify socket
Copy what systemd-notify does by default by setting it to the PID of the shell,
so that main process tracking works as expected. Also use test -S instead of ls
to check socket.

[   33.980396] (sh)[1024]: run-p1022-i1322.service: Executing: sh -c "echo READY=1 | ncat --unixsock --udp \$NOTIFY_SOCKET --source /run/notify && env"
[   34.138778] systemd[1]: run-p1022-i1322.service: Child 1024 belongs to run-p1022-i1322.service.
[   34.138825] systemd[1]: run-p1022-i1322.service: Main process exited, code=exited, status=0/SUCCESS (success)
[   34.139451] systemd[1]: run-p1022-i1322.service: Failed with result 'protocol'.
[   34.139559] systemd[1]: run-p1022-i1322.service: Service will not restart (restart setting)
[   34.139573] systemd[1]: run-p1022-i1322.service: Changed start -> failed
[   34.139945] systemd[1]: run-p1022-i1322.service: Job 1364 run-p1022-i1322.service/start finished, result=failed

Fixes #35619

Follow-up for 18bb30c3b2
2024-12-15 09:07:57 +09:00
Luca Boccassi
c5f95bc19b
udev: move several definitions (#35613) 2024-12-14 16:32:02 +00:00
Yu Watanabe
3f1d499964 test-time-util: fix truncation of usec to sec
Also
- use ASSERT_XYZ() macros,
- log tzname[] on failure.
2024-12-14 15:23:52 +00:00
Luca Boccassi
301c159ce5 mkosi: fix section for WithNetwork=
/tmp/autopkgtest.L6NPL0/build.doZ/src/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf: Setting WithNetwork should be configured in [Build], not [Content]
2024-12-14 15:12:28 +00:00
Luca Boccassi
d68c8888c2
TEST-07-PID1: fixlets for running with sanitizers (#35616)
Hopefully fixes #35546.
2024-12-14 12:21:45 +00:00
Yu Watanabe
b8f49003d3 TEST-07-PID1: skip test cases that invokes unshare when running with sanitizers
Fixes #35546.
2024-12-14 19:47:47 +09:00