1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

70154 Commits

Author SHA1 Message Date
Yu Watanabe
b87ffa9b5a network/route: use nexthop_is_ready() 2024-01-05 05:33:49 +09:00
Yu Watanabe
ccc55b5ec5 network/nexthop: wait for requests for group members being processed
This also split out the check as nexthop_is_ready().
2024-01-05 05:33:49 +09:00
Yu Watanabe
338fb16ad5 network/nexthop: refuse id == 0 earlier
All requested nexthop has a non-zero ID.
2024-01-05 05:33:49 +09:00
Frantisek Sumsal
96e4c62698 ci: build with -O2 and -Wmaybe-uninitialized
According to the comment in meson.build this should be a supported
configuration, so let's test it in the CI as well.
2024-01-04 21:27:10 +01:00
Frantisek Sumsal
0a87b83497 shared: initialize a couple of values explicitly
As gcc has trouble figuring this itself with -O2 and -Wmaybe-initialized.
2024-01-04 20:57:03 +01:00
Frantisek Sumsal
5169f8cfd5 resolve: initialize r during OOM
Otherwise we'd use some garbage value in the error path.

../src/resolve/resolved-dns-query.c: In function ‘dns_query_accept’:
../src/resolve/resolved-dns-query.c:944:27: error: ‘r’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
  944 |         q->answer_errno = -r;
      |                           ^~
cc1: all warnings being treated as errors

Follow-up for 9ca133e97a.
2024-01-04 20:56:21 +01:00
Frantisek Sumsal
91da9458f8 test: allow sanitized binaries to dump a core
If a binary built with ASan crashes for a reason unrelated to ASan
stuff, we're left with pretty much nothing, as there is neither an ASan
trace nor a coredump. Let's make this slightly more debug-able by
allowing such binaries to dump a core, but without the huge shadow map
(we should be actually fine by just setting disable_coredump=0, since
use_madv_dontdump defaults to true, but let's play it safe and not
potentially dump a 16+ TB core file).
2024-01-04 20:36:25 +01:00
Frantisek Sumsal
7eb234fe2b test: install correct kpartx udev rules on Ubuntu
Follow-up for 519f0074cf.
2024-01-04 20:28:37 +01:00
Yu Watanabe
78265b5b4a test-network: add test case about replacing nexthop 2024-01-05 04:00:16 +09:00
Yu Watanabe
9362f7d5b5 test-network: merge three tests for neighbor
To speed up tests.
2024-01-05 04:00:16 +09:00
Yu Watanabe
dc60ac2960 test-network: show monotonic timestamp and drop hopstname from logs 2024-01-05 04:00:16 +09:00
Adrian Vovk
41fea218ee
tmpfiles: Use statx_timestamp_load
This is a new utility function recently added. Let's use it.
2024-01-04 12:49:39 -05:00
Adrian Vovk
d3c2288c9f
stat-util: Add statx version of timespec_load
statx_timestamp is, for all intents and purposes, the same as a struct
timespec. So, we can trivially convert it and call timespec_load on it.

This commit adds helper functions that do just that.
2024-01-04 12:49:14 -05:00
Yu Watanabe
4f6b801b0d network/queue: stop processing requests when a new request is queued
Otherwise, the loop triggers assertion:
```
Assertion 'e->p.b.key == i->next_key' failed at src/basic/hashmap.c:614, function hashmap_iterate_in_insertion_order(). Aborting.
```
2024-01-05 01:37:42 +09:00
Yu Watanabe
981278e144 network/queue: do not check if a request is ready multiple times in a single event
Some checks are slightly heavy, and there may be huge number of
interfaces. So, prcessing whole queue multiple times in a single event
may decrease the performance. Let's process the queued requests once per
event.
2024-01-05 01:37:42 +09:00
Luca Boccassi
81a183800f tmpfiles: add --purge switch
Any file/directory created by a tmpfiles.d will be deleted. Useful for
purge/factory reset patterns.
2024-01-04 17:36:43 +01:00
Gabríel Arthúr Pétursson
9bf91584c8 Assign noDA attribute to TPM2 objects not dependant on a PIN
All the keys are high-entropy keys that cannot be practically
bruteforced and thus don't require protection from dictionary attacks.
With the exception of PINs, of course, which are low-entropy and user
provided.

Note that a new enrollment is required for unlocking while in DA
lockdown to function. Existing enrollments are subject to DA lockout.

Fixes: #30330
2024-01-04 15:52:37 +00:00
Mike Yuan
1f233020dc
shared/vpick: don't say "ptr" for TAKE_PICK_RESULT (struct) 2024-01-04 23:35:37 +08:00
Mike Yuan
657febec97
vpick-tool: sort includes 2024-01-04 23:35:13 +08:00
Lennart Poettering
59afe07c21 logind: rework the special casing we give root's sessions
Let's add an explicit session class "user-early" for this, so that
change of behaviour on logind is primarily bound to the "class"
property, and not some explicit root checks. This has the benefit that
we can be more fine grained with implying this class: only do so for tty
sessions, not others.
2024-01-04 16:11:16 +01:00
Lennart Poettering
29e1857b68 logind: explain session class types a bit 2024-01-04 16:11:16 +01:00
Lennart Poettering
115d6abf87
Merge pull request #30744 from poettering/logind-trivial-tweaks
logind: 3 trivial cleanups
2024-01-04 16:02:20 +01:00
Lennart Poettering
20604ff219 logind: do TTY idle logic only for sessions marked as "tty"
Otherwise things might be weird, because background sessions might
become "idle", wich doesn#t really make much sense.

This shouldn't change much in 99% of the cases, but slightly corrects
behaviour as it ensures only "primary"/"foreground" sessions get the
idle logic, i.e. where a user exists that could actually make it
non-idle.
2024-01-04 15:40:27 +01:00
Lennart Poettering
c16167ea10 update TODO 2024-01-04 15:32:14 +01:00
Lennart Poettering
e20bfa5005 logind: don't make idle action timer accuracy more coarse than timeout
If we allow the timer accuracy to grow larger then the timeout itself
things are very confusing, because people might set a 1s time-out and we
turn that into 30s.

Hence, let's just cut off the 30s accuracy to the time-out itself, so
that we stay close to what users configured.
2024-01-04 23:29:09 +09:00
Yu Watanabe
4855d82348
Merge pull request #30739 from poettering/pam-util-many
pam-util: add pam_get_item_many() to shorten some code
2024-01-04 23:28:34 +09:00
Lennart Poettering
0e80e355b2 homed: when empty username is passed to bus calls, operate on client's UID 2024-01-04 23:28:02 +09:00
Lennart Poettering
cc943ab86e homed: fix home_count_bad_authentication() counting
We want to cover not only regular bad password entries, but also bad
recovery key entries. Hence let's move the list of errors into the
function, and add more.
2024-01-04 23:26:49 +09:00
Lennart Poettering
28b42199d0 homed: tone down log message about bad passwords a bit
We usually start out out authentication cycles with an "empty" password
attempt, to give homed the chance to authenticated via any plugged in
tokens. Hence frequently the first attempt will just fail, which is no
reason to complain about.
2024-01-04 23:26:38 +09:00
Yu Watanabe
7903567cb7
Merge pull request #30610 from YHNdnzj/logind-serialize-pidref
logind: serialize session leader pidfd to fdstore
2024-01-04 23:25:18 +09:00
Antonio Alvarez Feijoo
80a8dbb4ea
run: use SPECIAL_USER_SLICE 2024-01-04 15:22:54 +01:00
Antonio Alvarez Feijoo
b431c090be
tree-wide: use SPECIAL_BASIC_TARGET 2024-01-04 15:22:42 +01:00
Yu Watanabe
18c4c5d84f network/route: make the route section invalid when an invalid MTUBytes= is specified
We usually set the invalid flag for a section if a setting in the section has
an invalid value. Let's also do the same thing for MTUBytes= in [Route].
2024-01-04 23:18:28 +09:00
Lennart Poettering
96fc8cab2a
Merge pull request #30578 from bluca/polkit-varlink
varlink: add glue to allow authenticating varlink connections via polkit
2024-01-04 15:15:45 +01:00
Frantisek Sumsal
25cb4c1d53 update-man-rules: skip over standard-conf.xml
bc6fdcbf5d switched its doctype to refentry, so the script started
picking it up and complaining that it's missing required stuff. Since
this file is only included from other man pages, let's skip it when
putting together a list of valid targets.

Resolves: #30715
Follow-up for: bc6fdcbf5d
2024-01-04 15:02:28 +01:00
Lennart Poettering
7b223bdb6b
Merge pull request #30736 from YHNdnzj/loginctl-self
man/loginctl: some improvements
2024-01-04 15:02:05 +01:00
Lennart Poettering
72bbd740a0 homed: add missing bus call to homed access policy 2024-01-04 15:01:51 +01:00
Lennart Poettering
3d010bc53d pam_systemd: drop unnecessary strempty() of 'tty' variable
This probably predates our introduction of streq_ptr(). Let's drop this
now however, as we actually want this to be NULL, further down, and
handle that just fine. In particular as all the special cases we have
explicitly set this to NULL anyway.

No real change in behaviour, just some normalization of handling.
2024-01-04 15:01:38 +01:00
Lennart Poettering
9cb3204f43 tmpfiles: 'x' takes globs, hence clean it with globbing 2024-01-04 14:58:40 +01:00
Lennart Poettering
d88b65f66d tmpfiles: always list tmpfiles line types in same order
otherwise it just gets too confusing to follow.
2024-01-04 14:57:59 +01:00
Luca Boccassi
1323a222d2 sd-dhcp-client: add assert_not_reached in switch case
Tell static analysis that r is always initialised

Follow-up for 1809132064

CID#1533109
2024-01-04 14:30:20 +01:00
Luca Boccassi
5af0f171f9 udev: add upper bound of 5 hours to SYSTEMD_UDEV_EXTRA_TIMEOUT_SEC=
Follow-up for b16c6076cb

CID#1533111
2024-01-04 14:30:20 +01:00
Luca Boccassi
43108bf87a dissect: add assert to guide static analysis
CID#1533112
2024-01-04 14:30:20 +01:00
Luca Boccassi
c658ad79f0 core: add an assert to guide static analysis
Follow-up for 4fb0d2dc14

CID#1533110
2024-01-04 14:30:20 +01:00
Lennart Poettering
5863f1da42 execute: make sure Type=exec and PAMName= work together
If PAMName= is used we'll spawn a PAM session for the service, and leave
a process around that closes the PAM session eventually. That process
must close the "exec_fd" that we use to implement Type=exec. After all
the logic relies on the fact that execve() will implicitly close the
exec_fd, and the EOF seen on it is hence indication for the service
manager that execve() has worked. But if we keep an fd open in the PAM
service process, then this is not going to work.

Hence close the fd explicitly so that it definitely doesn't stay pinned
in the child.
2024-01-04 21:03:51 +08:00
Alberto Planas
59fe7e6ef1 Fix typo in verb_make_policy explanation
Signed-off-by: Alberto Planas <aplanas@suse.com>
2024-01-04 13:46:04 +01:00
Gabríel Arthúr Pétursson
ab39d29606 pcrlock: Print correct NV index when writing new policy 2024-01-04 12:42:57 +00:00
Mike Yuan
17b1c60ccd
Merge pull request #30725 from YHNdnzj/string-util
string-util,strv: follow-ups
2024-01-04 20:34:41 +08:00
Yu Watanabe
f475584ebf network/netdev: call done() per netdev kind before freeing netdev name or so
Otherwise, log_netdev_xyz() does not provide netdev name if it is called
in done(). It is hard to debug.

This should not change any effective behavior, at least with the current
implementation of done() per netdev kind.
2024-01-04 20:34:14 +08:00
Mike Yuan
efc438d928 tpm2-generator: sort includes 2024-01-04 20:33:32 +08:00