1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-21 22:04:01 +03:00

78222 Commits

Author SHA1 Message Date
Antonio Alvarez Feijoo
b31e63960d
libfido2-util: show also verity features when listing FIDO2 devices
This way, users don't have to check those features using an external program, or
wait for later failure when trying to enroll using an unsupported feature.
2024-12-11 17:28:30 +01:00
Luca Boccassi
d1ecd61176
Fix unit tests in unprivileged docker container (#35556) 2024-12-11 16:28:30 +00:00
Luca Boccassi
446d737cba mkosi: use inetutils package instead of hostname for Archlinux
In Arch the hostname binary is in a different package

Follow-up for cf48bde7aea52b18ac3fa218d3f60fd3d533ef66
2024-12-11 14:21:06 +00:00
Tobias Klauser
d184e6aae3 mailmap: fix entries for Tobias Klauser
Map all previous, no longer used e-mail addresses to my current e-mail
address.
2024-12-11 13:55:07 +00:00
Luca Boccassi
90e6347fef
analyze: add --mask to --help text (#35548) 2024-12-11 13:45:30 +00:00
Mike Yuan
61263e1436
process-util: make sure we don't report ppid == 0
Previously, if pid == 0 and we're PID 1, get_process_ppid()
would set ret to getppid(), i.e. 0, which is inconsistent
when pid is explicitly set to 1. Ensure we always handle
such case by returning -EADDRNOTAVAIL.
2024-12-11 14:44:08 +01:00
Mike Yuan
07612aab66
process-util: use our usual tristate semantics for is_main_thread()
While at it, _unlikely_ is dropped, as requested in
https://github.com/systemd/systemd/pull/35242#discussion_r1880096233
2024-12-11 14:44:07 +01:00
Luca Boccassi
3b32d333e8 test-fd-util: compare FDs to /bin/sh instead of /dev/null
/dev/null is a character device, so same_fd() in the fallback path
that compares fstat will fail, as that bails out if the fd refers
to a char device. This happens on kernels without F_DUPFD_QUERY and
without kcmp.

/* test_same_fd */
Assertion 'same_fd(d, e) > 0' failed at src/test/test-fd-util.c:111, function test_same_fd(). Aborting.

Fixes #35552
2024-12-11 13:42:11 +00:00
Luca Boccassi
630a2e7ee1 test-fd-util: skip test when lacking privileges to create a new namespace
To reproduce, as an unprivileged user start a docker container and build
and run the unit tests inside it:

$ docker run --rm -ti debian:bookworm bash
...
/* test_close_all_fds */
Successfully forked off '(caf-plain)' as PID 10496.
Skipping PR_SET_MM, as we don't have privileges.
(caf-plain) succeeded.
Failed to fork off '(caf-noproc)': Operation not permitted
Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.

Partially fixes #35552
2024-12-11 13:42:11 +00:00
Luca Boccassi
058a07635f test-capability: CAP_LINUX_IMMUTABLE is not available in unprivileged containers
have ambient caps: yes
Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Failed to drop auxiliary groups list: Operation not permitted
Failed to change group ID: Operation not permitted
Capabilities:cap_dac_override,cap_net_raw=ep
Capabilities:cap_dac_override=ep
Successfully forked off '(getambient)' as PID 12505.
Skipping PR_SET_MM, as we don't have privileges.
Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically.
Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting.
(getambient) terminated by signal ABRT.
src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error

Partially fixes #35552
2024-12-11 13:42:11 +00:00
Luca Boccassi
e18768751e
Define flags for manager_is_inhibited() (#35253) 2024-12-11 13:08:29 +00:00
Nick Rosbrook
59e5108fb4 test: set nsec3-salt-length=8 in knot.conf
TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from
knot:

 notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0

Explicitly set nsec3-salt-length=8 to silence.
2024-12-11 12:55:37 +00:00
Mike Yuan
e38a70a19f
basic/user-util: modernize getgroups_alloc() a bit (#35226)
Split out from #35219 for inclusion in v258
2024-12-11 13:50:50 +01:00
Zbigniew Jędrzejewski-Szmek
0c1622aa5a logind: define flags enum for manager_is_inhibited()
The most common case of block=true, ignore_inactive=false is mapped to flags=0.

For https://github.com/systemd/systemd/issues/34091.
2024-12-11 10:20:35 +00:00
Zbigniew Jędrzejewski-Szmek
385eccf65b logind: drop one duplicate param in manager_is_inhibited()
In the review in https://github.com/systemd/systemd/pull/30307#pullrequestreview-2255002732
removal of the excessive boolean parameters was requested. We don't need
a separate boolean param here, since we always pass true with a uid and
false otherwise.
2024-12-11 10:20:35 +00:00
Lennart Poettering
0823d96a0b pretty-print: don't use OSC 8 for incompatible URLs 2024-12-11 10:35:03 +01:00
Lennart Poettering
f79562aaee string-util: split out EOT check in strip_tab_ansi()
Let's unify the eot check in one place in order to make things more
readable.
2024-12-11 10:35:03 +01:00
Lennart Poettering
4d09f976f6 analyze: add missing --mask option to --help text
Follow-up for: 3e7a029c2856e7814b930443cc2d4fb089377592
2024-12-11 10:32:38 +01:00
Lennart Poettering
7167bee6c6 analyze: tab fix 2024-12-11 10:32:38 +01:00
Yu Watanabe
b83847eb13
network: optionally bring up interface before joining bridge (#34438)
Closes #34247.
2024-12-11 18:16:34 +09:00
Yu Watanabe
f8bfe16b06 journalctl: do not override explicitly specified -b or -n with -e or -k
Fixes #35248.
2024-12-11 18:12:13 +09:00
Yu Watanabe
c577fe65f3 systemctl: downgrade log level of ECONNREFUSED from system dbus.service
To suppress log message when 'systemctl poweroff' or friends invoked in
rescue shell, which does not have dbus.service.
2024-12-11 18:08:26 +09:00
Antonio Alvarez Feijoo
d950f897d9
libfido2-util: reorder dl symbols alphabetically 2024-12-11 07:33:02 +01:00
Antonio Alvarez Feijoo
62b7b70bb7
man/systemd-cryptenroll: sort --fido2-credential-algorithm after --fido2-device
And also fix a typo.
2024-12-11 07:32:04 +01:00
Yu Watanabe
2dfde4b8f8 network: optionally bring up interface before joining bridge
Closes #34247.
2024-12-11 11:23:48 +09:00
Yu Watanabe
2bb7fe554f network: introduce link_up_now()
This is currently not used. Preparation for later commit.
2024-12-11 11:23:48 +09:00
Yu Watanabe
bfe63cb00c network: add missing template to networkd.conf 2024-12-11 11:21:15 +09:00
Yu Watanabe
246b0a4d26 network/nexthop: replace unreachable condition with assertion 2024-12-11 11:21:15 +09:00
Yu Watanabe
d49312307e network/nexthop: fix argument name
Fixes copy-and-paste error in b5b42b516e791aae8b723866be94a7c3e6e99829.
2024-12-11 11:21:15 +09:00
Yu Watanabe
a4feabd85d network: introduce address_forget() and friends and use it where applicable
No functional change, just refactoring.
2024-12-11 11:21:14 +09:00
Yu Watanabe
290a507f7c network/nexthop: ignore foreign nexthops when ManageForeignNextHops=no 2024-12-11 11:21:14 +09:00
Yu Watanabe
724a296b4f network/nexthop: drop outdated comment and add one debugging log
All NextHop objects are managed by Manager since
352eba2e49453a1b784ffbdb9509ba3f8a945b59.
2024-12-11 11:21:14 +09:00
Yu Watanabe
96fef18ca6 network/ndisc: unref Route objects that depend on the nexthop
No functional change, as when this function is called, the set will be
freed and contained Route objects will be unref()ed anyway soon later
by nexthop_detach() -> nexthop_free().
Even though, when the routes are forgotten from the Manager, then it is
not necessary to keep them by the nexthop. Let's unref earlier.
2024-12-11 11:21:14 +09:00
Yu Watanabe
1168489cd4 network/ndisc: constify several arguments and add several assertions
Follow-up for 0f8afaf94dd29126981219b3ea2b3bc315cc2dd0.

No functional change, just for safety.
2024-12-11 11:21:14 +09:00
Yu Watanabe
b5f2d7a1ec network/nexthop: do not share NextHop.nexthops and NextHop.routes with duplicated object
Otherwise, these may be freed twice.
But, fortunately, when this function is called, both are NULL.
So, this should not change any behavior. But for safety.
2024-12-11 11:21:14 +09:00
Yu Watanabe
00b363bb81 network: drop outdated comment
All Route objects are managed by Manager since
8d01e44c1f0e00b414d36bd1b46ecff548242208.
2024-12-11 11:21:14 +09:00
Yu Watanabe
5c9da83004 journalctl: allow to dump generated key in json format
Closes #35503.
2024-12-11 11:18:06 +09:00
Yu Watanabe
a5b2973850 journalctl: honor --quiet with --setup-keys
Closes #35504.
2024-12-11 11:18:05 +09:00
Yu Watanabe
77064620d7 Revert "coredumpctl: Don't treat no coredumps as failure"
This reverts commit dfe79b9ed21b0feeb5a120e8b994f46cff7cf5b0.
2024-12-11 11:14:37 +09:00
Yu Watanabe
94930ff674
bus-creds/time-util: use first_word() and skip_leading_chars() more (#35421)
Prompted by
https://github.com/systemd/systemd/pull/35403#discussion_r1863855098
2024-12-11 10:42:34 +09:00
Yu Watanabe
627d1a9ac1
core: Add ProtectHostname=private (#35447)
This PR allows an option for systemd exec units to enable UTS namespaces
but not restrict changing hostname via seccomp. Thus, units can change
hostname without affecting the host. This is useful for OS-like
containers running as units where they should have freedom to change
their container hostname if they want, but not the host's hostname.

Fixes: #30348
2024-12-11 10:17:25 +09:00
Yu Watanabe
17e6e4d6b6 tree-wide: replace ANSI_XYZ with ansi_xyz()
Continuation of f0484e096c9cfc22ae99f7452a366e2545255e30.
2024-12-11 10:11:53 +09:00
Daan De Meyer
dfe79b9ed2 coredumpctl: Don't treat no coredumps as failure
Having to deal with a process that fails or doesn't fail depending on
whether there are coredumps or not is incredibly annoying for users.
2024-12-10 21:03:20 +01:00
Samuel Dionne-Riel
67f8ddc967 boot: Fix typo in looking_for_dtbauto
Signed-off-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
2024-12-10 20:59:18 +01:00
davjav
5b66f3df16 test: mount unit with credential
Verify mount unit credential file is present.
2024-12-10 20:57:20 +01:00
davjav
6577cf1ba9 Add credential support for mount units
Add EXEC_SETUP_CREDENTIALS flag to allow using credentials with mount units.
Fixes: https://github.com/systemd/systemd/issues/23535
2024-12-10 20:57:20 +01:00
Ryan Wilson
219a6dbbf3 core: Fix time namespace in RestrictNamespaces=
RestrictNamespaces= would accept "time" but would not actually apply
seccomp filters e.g. systemd-run -p RestrictNamespaces=time unshare -T true
should fail but it succeeded.

This commit actually enables time namespace seccomp filtering.
2024-12-10 20:55:26 +01:00
Lennart Poettering
641714cb30 discover-image: extend r/o check on images via path
If we have no path, let's check the parent's path.
2024-12-10 20:53:56 +01:00
Mike Yuan
f0e8db76ca
basic/user-util: modernize getgroups_alloc() a bit
- Make sure ret is initialized if we return >= 0
- Reduce variable scope
2024-12-10 20:51:14 +01:00
Mike Yuan
8112df6bef
basic/user-util: use FOREACH_ARRAY at one more place 2024-12-10 20:51:14 +01:00