1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

68293 Commits

Author SHA1 Message Date
Luca Boccassi
7b6d3dcdd2 exec-invoke: don't double-close FDs on error
When a late error occurs in sd-executor, the cleanup-on-close of the
context structs happen, but at that time all FDs might have already
been closed via close_all_fds(), so a double-close happens. This
can be seen when DynamicUser is enabled, with a non-existing
WorkingDirectory.

Invalidate the FDs in the context structs if close_all_fds succeeds.
2023-10-28 16:56:25 +02:00
Daan De Meyer
f756bcdf17 mkosi: Use cache and build subdirectories
Next release of mkosi will not use subdirectories under the cache
and build directory by default anymore, so let's make sure we already
start creating those ourselves.
2023-10-28 11:30:18 +01:00
Mike Yuan
6d468648b9
Merge pull request #29740 from YHNdnzj/sleep-round-four
sleep: make sure we clear HibernateLocation on all error paths
2023-10-28 17:53:54 +08:00
Frantisek Sumsal
f939a403ca tmpfiles: ignore EINVAL with --graceful
Add EINVAL to the list of ignored errnos, since acl_from_text() returns
EINVAL if it can't translate the given string.

~# cat /tmp/tmpfiles-test.conf
a+ /tmp/foo - - - - default:group:foo:rwx
~# build/systemd-tmpfiles /tmp/tmpfiles-test.conf --create --graceful
Failed to parse ACL "default:group:foo:rwx", ignoring: Invalid argument

Resolves: #29742
2023-10-28 10:14:07 +01:00
Luca Boccassi
3ad5aedadc test: io.latency cgroup support might not be available, skip test
It doesn't seem to be enabled on Debian stable, and the test fails.

Follow-up for 5efc8183c9
2023-10-28 08:08:42 +00:00
Lennart Poettering
a868e43772 namespace: normalize MountMode type a bit
Let's prefix it with a common prefix, and make sure the names are all
singular and the string table actually matches the names.

No change in behavour, just some rafactoring to make this enum a bit
less special, and make it follow our usual coding style more closely.
2023-10-28 10:27:56 +09:00
Yu Watanabe
2aa246e88f
Merge pull request #29693 from rpigott/dhcp-rapid-commit
network: implement RFC4039 DHCP Rapid Commit
2023-10-28 10:23:23 +09:00
Luca Boccassi
f456fa23b7
Merge pull request #29737 from glance-/tpm2-openssl
tpm2: fix build failure without openssl
2023-10-27 23:21:44 +01:00
Luca Boccassi
8a505d3b6b
Merge pull request #29734 from YHNdnzj/fstab-filter-options
fstab-generator: drop ignored mount options from mount unit Options=
2023-10-27 23:20:46 +01:00
Luca Boccassi
b3e4ee1f6a
Merge pull request #29745 from mrc0mmand/more-tests
test: cover more sd-executor related stuff
2023-10-27 23:20:23 +01:00
Frantisek Sumsal
5efc8183c9 test: cover more sd-executor related stuff
Let's probe directives that have slightly more "complex" handling in
the serialization/deserialization machinery.
2023-10-27 21:01:33 +02:00
Frantisek Sumsal
b0bb3be130 core: don't insert an extra space before each SocketBind{Allow,Deny}= item
The extra space was actually screwing up deserialization:

~# systemd-run --wait --pipe -p SocketBindAllow=any true
Running as unit: run-u167.service
Finished with result: exit-code
Main processes terminated with: code=exited/status=234
Service runtime: 1ms
CPU time consumed: 0
~# journalctl -b -p err
...
Oct 27 16:39:15 arch systemd-executor[5983]: Failed to deserialize: Invalid argument

Let's not do that by default and introduce a simple wrapper which
inserts the space after each item only when necessary.
2023-10-27 20:08:47 +02:00
Ronan Pigott
2beecc7077 test-network: add dhcp rapid commit test 2023-10-27 10:55:55 -07:00
Frantisek Sumsal
a4b156bb24 core: actually set the CPU scheduling policy when deserializing it 2023-10-27 19:50:06 +02:00
Mike Yuan
cc1c8d129f
sleep: make sure we clear HibernateLocation on all error paths
Also, let's say "sleep operation" rather than "sleep state",
the latter of which creates ambiguity with /sys/power/state.
2023-10-28 00:17:15 +08:00
Mike Yuan
b3ee014879
fstab-generator: drop unapplicable mount options for / from mount unit Options=
Prompted by #29705

Note that x-systemd.wanted-by= and x-systemd.required-by= are not
dropped, since we ignore them because they are unnecessary rather
than unapplicable.
2023-10-27 23:51:01 +08:00
Luca Boccassi
64ec2d073f CI: add a build job with TPM but without OpenSSL
We keep introducing build failures with this combination due to the
high amount of changes, add a combination that covers it
2023-10-27 14:03:23 +01:00
Luca Boccassi
bb42782bff resolved: fix build failure with gnutls
Follow-up for bd1ae17833
2023-10-27 13:54:10 +01:00
Anton Lundin
5629d4e29f tpm2: fix build failure without openssl 2023-10-27 13:54:10 +01:00
Mike Yuan
122f6f1eaa
sleep: minor modernization for lock_all_homes 2023-10-27 18:11:32 +08:00
Mike Yuan
78c21009bf
sleep: rework write_state and write_mode 2023-10-27 18:11:29 +08:00
Mike Yuan
0374cbd668
sleep: update help text for suspend-then-hibernate 2023-10-27 17:57:03 +08:00
Mike Yuan
4706c3ec2b
sleep: log about errno 2023-10-27 17:57:03 +08:00
Mike Yuan
37f80890b2
sleep: drop unneeded includes 2023-10-27 17:57:03 +08:00
Mike Yuan
e024cdd270
sleep: introduce sleep_operation_is_hibernation 2023-10-27 17:57:03 +08:00
Mike Yuan
ba2f3ec832
fstab-generator: use RET_GATHER more 2023-10-27 17:51:18 +08:00
xinpeng wang
2f1d114010 logind: fix abnormal switching causing the screen to go black
After logind receives the SIGRTMIN signal from the kernel, it will execute
manager_vt_switch---session_leave_vt---session_device_pause_all,The device
permissions of the session are removed here;under normal circumstances, the
tty value read from /sys/class/tty/tty0/active changes and switchesto a new
session,give the new session resume device permissions.
But under abnormal circumstances (such as switching quickly on a device using
wayland; and sometimes the kernel will suddenly send a SIGRTMIN signal, but
nothing changes),In these cases, logind does not give session resume device
permission, causing the device to have a black screen and suspended animation.
2023-10-27 10:19:58 +01:00
janana
2b4cdac91a udev: fix typo for persistent flag
The 'parsistent' adjective is misspelt.
2023-10-27 10:19:15 +01:00
Luca Boccassi
6cd1f6546c
Merge pull request #29332 from esposem/ukify_simplify
ukify: automatically infer --signtool from the parameters given
2023-10-27 00:10:28 +01:00
Michal Sekletar
1e9b2e4fdd fstab-generator: drop nofail and noauto options for critical mounts
Setting nofail for /usr mount doesn't make sense because without /usr we
can't really boot. However, having the flag set might cause races in
initrd where we could try to switchroot into rootfs before /usr is
actually mounted. Let's just ignore it so that we always have proper
mount unit ordering for /sysroot/usr mount.
2023-10-27 00:07:54 +01:00
Ronan Pigott
808b65a087 network: implement RFC4039 DHCP Rapid Commit
This implements the DHCPv4 equivalent of the DHCPv6 Rapid Commit option,
enabling a lease to be selected in an accelerated 2-message exchange
instead of the typical 4-message exchange.
2023-10-26 15:26:50 -07:00
Ronan Pigott
5516b0dd20 network: cleanup unreachable condition in dhcp client path
The client state is unconditionally set just above, making this
conditional unreachable.
2023-10-26 15:26:50 -07:00
Ronan Pigott
dc8db30db9 editorconfig: add NEWS whitespace configuration 2023-10-26 22:41:03 +01:00
Lennart Poettering
7113640493 fd-uitl: rename PIPE_EBADF → EBADF_PAIR, and add EBADF_TRIPLET
We use it for more than just pipe() arrays. For example also for
socketpair(). Hence let's give it a generic name.

Also add EBADF_TRIPLET to mirror this for things like
stdin/stdout/stderr arrays, which we use a bunch of times.
2023-10-26 22:30:42 +02:00
Raul Cheleguini
5e21da878c nspawn: Make parameter provided_mac a const for setup_veth() 2023-10-26 21:17:29 +01:00
Luca Boccassi
b44a72da57
Merge pull request #29711 from berrange/tests-silverblue
Fix test suite when developing on Fedora SilverBlue (rpm-ostree) host
2023-10-26 21:17:03 +01:00
Luca Boccassi
554a25eb9d
Merge pull request #29727 from aafeijoo-suse/default-tpm2-public-key-fix
tpm2: fixes related to `tpm2-pcr-public-key.pem`
2023-10-26 21:16:07 +01:00
Luca Boccassi
63862de4b7 core: do not post-process skipped mounts
When a mount is gracefully skipped (e.g.: BindReadOnlyPaths=-/nonexistent)
we still post-process it, like making it read-only. Except if nothing
has been mounted, the mount point will be made read-only for no reason.
Track when mounts are skipped and avoid post-processing.

One day we'll switch all of this to the new mount api and do these
operations atomically or not at all.

Fixes https://github.com/systemd/systemd/issues/29725
2023-10-26 21:15:41 +01:00
Richard Maw
31cfcf5008 test: Skip test-recurse-dir on overlayfs 2023-10-26 19:11:21 +01:00
Daan De Meyer
7b794ba019 mkfs-util: Use actual UID/GID in protofile instead of root 2023-10-26 19:10:31 +01:00
Antonio Alvarez Feijoo
2e9f607284
repart: do not ignore tpm2-pcr-public-key.pem
If `--tpm2-public-key=` is not specified, but `tpm2-pcr-public-key.pem` exists
in /{etc,run,usr/lib}/systemd/, it's being ignored.

Fixes 9e437994
2023-10-26 16:51:37 +02:00
Daniel P. Berrangé
3570ee3688 test-fstab-generator: skip test impacted by /mnt symlink
On rpm-ostree distributions such as Fedora SilverBlue /mnt
(and other well known paths) will be a symlink to a location
under /var. The fstab generator emits correct output in this
case, however, the data does not match the expected output
stored in the source tree.

Rather than trying to adapt the test data, just skip this
single test scenario when we see /mnt is a symlink.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-10-26 14:46:15 +01:00
Daniel P. Berrangé
8473ece90e test-systemd-tmpfiles: skip when /tmp has unexpected ownership
The systemd-tmpfiles binary will report a fatal error if /tmp is not owned
either by root, or by the current user:

  Detected unsafe path transition /tmp (owned by nobody) →
    /tmp/test-systemd-tmpfiles.a8qc6n18 (owned by berrange)
    during canonicalization of
    tmp/test-systemd-tmpfiles.a8qc6n18/test-content.7chd7rdi

When doing development inside a 'toolbox' container (which is required
on a Fedora SilverBlue distro), /tmp is owned by 'nobody', because it
has been passed through from the host and host UID 0 gets mapped to
UID 65536 by usernamespaces. This triggers the unsafe path transition
error message.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-10-26 14:46:15 +01:00
Daniel P. Berrangé
6aa77f9284 test-blockdev-util: avoid abort when /home is a symlink
On rpm-ostree distributions like Fedora SilverBlue /home (and various
other well known locations) are symlinks to somewhere beneath /var.

The path_is_encrypted() method uses O_NOFOLLOW and as a result will
return ELOOP on /home. This causes test-blockdev-util to abort.
Add ELOOP to the ignorable set of errnos for testing.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-10-26 14:46:15 +01:00
Michal Sekletar
76f2191d8e logind: introduce CreateSessionWithPIDFD()
This new D-Bus API uses pidfd to refer to the session leader. Also,
pam_systemd will try to make use of it when pidfd support is available.
2023-10-26 14:28:48 +01:00
Luca Boccassi
c895d047e3
Merge pull request #29720 from poettering/cgls-fix-delegate
cgls: fix display of delegation flag
2023-10-26 14:28:28 +01:00
Luca Boccassi
e34836aa59
Merge pull request #29529 from yuwata/core-namespace-check-priv
core/namespace: check if we have enough privilege
2023-10-26 14:27:56 +01:00
Antonio Alvarez Feijoo
cb7aabf180
cryptenroll: fix bind default TPM2 signed policy to PCR 11
If `--tpm2-public-key=` is not specified, but `tpm2-pcr-public-key.pem` exists
in /{etc,run,usr/lib}/systemd/, the default PCR 11 is not being set.

Fixes 9e437994
2023-10-26 15:14:52 +02:00
Lennart Poettering
34931384ac varlink: make sure 'incomplete' bool is nullable
This field is optional, it only makes sense for user records that
actually have a privileged part to set.
2023-10-26 11:52:07 +01:00
Yu Watanabe
e9af462aba test: add a simple test for PrivateNetwork= 2023-10-26 19:09:49 +09:00