shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-26 14:04:03 +03:00
Code
72,824 Commits 4 Branches 400 Tags
Commit Graph

8596 Commits

Author SHA1 Message Date
Luca Boccassi
8257508c58 portable: support vpick 
Resolve at attach/detach/inspect time, so that the image is pinned and requires
re-attaching on update, given files are extracted from it so just passing
img.v/ to RootImage= is not enough to get a portable image updated
 2024-04-19 13:25:32 +01:00
Lennart Poettering
dd37963aff
Merge pull request #31790 from poettering/pcrlock-policy-fix 
Replace PolicyAuthValue by PolicySigned as access policy for pcrlock policy nvindex
 2024-04-18 21:11:27 +02:00
Luca Boccassi
b84a0bf3ab
Merge pull request #32144 from bluca/portable_clean 
portablectl: add --clean parameter for detaching
 2024-04-18 18:15:20 +02:00
Lennart Poettering
43a59b8b86 pcrlock: rework --recovery-pin= to take three different arguments 
This reworkds --recovery-pin= from a parameter that takes a boolean to
an enum supporting one of "hide", "show", "query".

If "hide" (default behaviour) we'll generate a recovery pin
automatically, but never show it, and thus just seal it and good.

If "show" we'll generate a recovery pin automatically, but display it in
the output, so the user can write it down.

If "query" we'll ask the user for a recovery pin, and not automatically
generate any.

For compatibility the old boolean behaviour is kept.

With this you can now do "systemd-pcrlock make-policy
--recovery-pin=show" to set up the first policy, write down the recovery
PIN. Later, if the PCR prediction didn't work out one day you can then
do "systemd-pcrlock make-policy --recovery-pin=query" and enter the
recovery key and write a new policy.
 2024-04-18 18:12:24 +02:00
Antonio Alvarez Feijoo
d72835f819 man/systemd-stub: fix typo 2024-04-18 18:10:50 +02:00
Luca Boccassi
82efe05c01
Merge pull request #32326 from jonathan-conder/man_pam_loadkey 
man: pam_system_loadkey additions and fixes
 2024-04-18 14:10:40 +02:00
Luca Boccassi
ef5f7f9437 systemctl: add --clean= values to documentation and shell completion 2024-04-18 14:07:07 +02:00
Luca Boccassi
966d7977c7 portablectl: add --clean parameter for detaching 
Calls CleanUnit on each portable service being removed, after it has
stopped
 2024-04-18 10:47:29 +01:00
Jonathan Conder
08ef6998e3 man: document other keyname options for pam_systemd_loadkey 2024-04-18 20:56:58 +12:00
Lennart Poettering
778abdbfa1 doc: fix .ssh credential examples 
Let's create the .ssh dir with the right perms first.

Suggested by @gcb.

Fixes: #28172
 2024-04-18 10:53:20 +02:00
Yu Watanabe
87fe0a6960
man: fix wrong version info (#31949) 
Fixes #31920.
 2024-04-18 09:45:51 +09:00
Jonathan Conder
0bf317b620 man: add pam_gnome_keyring to auth section after pam_systemd_loadkey 
This is required because pam_sm_open_session [1] only looks at
gkr_system_authtok, which is copied from the kernel keyring in
pam_sm_authenticate.

[1] https://gitlab.gnome.org/GNOME/gnome-keyring/-/blob/46.1/pam/gkr-pam-module.c?ref_type=tags
 2024-04-18 08:32:15 +12:00
Lennart Poettering
94c5c55e3e
Merge pull request #32320 from bluca/softreboot_serialize 
Soft reboot timestamp follow-ups
 2024-04-17 22:12:49 +02:00
Zbigniew Jędrzejewski-Szmek
aea6787f78 man: mention that sd_journal_test_cursor() needs a positioning call 
Fixes #30331.
 2024-04-17 22:01:53 +02:00
Luca Boccassi
b3f548615f core: rename SoftRebootStartTimestamp -> ShutdownStartTimestamp and generalize 
Follow-up for 54f86b86ba8168faccbfc2ad16ceeccefde98a51
 2024-04-17 18:19:27 +01:00
Yu Watanabe
e27f2ad6be
Merge pull request #32300 from mrc0mmand/assorted-tweaks 
test: split TEST-50-DISSECT into smaller parts
 2024-04-17 11:52:30 +09:00
Luca Boccassi
3721f9620c
Merge pull request #32289 from bluca/counter 
soft-reboot counter follow-ups
 2024-04-16 10:44:25 +02:00
Yu Watanabe
78d5bad2f5
Merge pull request #32294 from yuwata/network-generator-creds 
network-generator: also load drop-ins for networkd.conf from credentials
 2024-04-16 16:42:59 +09:00
Yu Watanabe
78281bd53a networkctl: allow to call 'networkctl cat' without arguments 
Then, show networkd.conf and its drop-ins.
 2024-04-16 13:31:14 +09:00
Yu Watanabe
38b4eb228a man: add missing drop-in directory 2024-04-16 13:00:49 +09:00
Yu Watanabe
e12e16e9f7 network-generator: also copy drop-ins for networkd.conf from credential 
Follow-up for 1a30285590c2f40f256d0628950ef9243b2c1938.
 2024-04-16 12:45:08 +09:00
Yu Watanabe
5700e755a9 units: introduce systemd-udev-load-credentials.service 2024-04-16 09:45:43 +09:00
Yu Watanabe
51be364bbb udevadm-control: add --load-credentials option 
When specified, credentials udev.conf.* and udev.rules.* are copied to
the corresponding directories.
 2024-04-16 09:45:25 +09:00
Luca Boccassi
95a289bfe7 man: mention initial value of SoftRebootsCount 
Follow-up for 66f35161f6568386526bdfeab18e6b74b8b13608
 2024-04-16 00:26:04 +01:00
Frantisek Sumsal
ad444dd8e8 man: slightly reword LogFilterPatterns= description 
As there was something missing in the existing sentence.
 2024-04-15 17:16:18 +02:00
Sam Leonard
9bfabe14e5 man: fix incorrect XML in man page 2024-04-15 10:40:11 +02:00
Yu Watanabe
14f3bdaa73
Merge pull request #32271 from YHNdnzj/arch-man 
Fixes for links to man projects
 2024-04-15 14:35:04 +09:00
Kristian Klausen
254e1aa707 vmspawn: Fix incorrect/broken links in the man page 2024-04-15 14:33:33 +09:00
Mike Yuan
e561037517
man/sd-journal: correct project name for man7 
Follow-up for 5aa818039230a08e0af1c6351de4794de8ebb778
 2024-04-14 23:46:54 +08:00
Mike Yuan
311f4b8f6a
man: switch wireguard man project to man7 2024-04-14 23:41:34 +08:00
Mike Yuan
41fead40e6
man/custom-html: update link to Arch manual 2024-04-14 23:38:38 +08:00
Yu Watanabe
ae9fd433d6
Merge pull request #32194 from henryli001/lihl/add-defaultUseDomains-config 
network: add mechanism to configure default UseDomains= setting
 2024-04-14 13:40:06 +09:00
Henry Li
fb57300743 network: add mechanism to configure default UseDomains= setting, update man page and add test 2024-04-13 16:54:31 -07:00
Ole Peder Brandtzæg
712514416e man: remove PrivateMounts= from list of other settings in its own description 
The diff looks bigger, but that's only because it seemed fitting to
reformat the paragraph now that the list is shorter.
 2024-04-14 08:04:12 +09:00
Sam Leonard
edd85c8414 vmspawn: add --discard-disk= to control handling of disk discard requests 
Fixes issue #32024, using --discard-disk=yes will enable handling of disk
discarding requests, saving space for long running VMs as desired.
 2024-04-12 20:32:38 +02:00
Ludwig Nussel
aadbe55925 creds: allow null when decrypting 
pcrlock writes a credential file using null key. Make sure systemd-creds
can show the file
 2024-04-11 12:15:32 +01:00
Pablo Méndez Hernández
ffd0cca34a man/journald: Add missing configuration files 
The man page was missing:

-  `/run/systemd/journald.conf`
-  `/usr/lib/systemd/journald.conf`

as valid configuration files.

Fixes: https://github.com/systemd/systemd/issues/32199
 2024-04-10 20:15:17 +08:00
Luca Boccassi
0f0d001254
Merge pull request #32104 from yuwata/network-ndisc-redirect 
network/ndisc: add support for Redirect message
 2024-04-08 20:03:32 +01:00
Luca Boccassi
b1b5d7e4bf
Merge pull request #32140 from YHNdnzj/socket-per-peer-source 
Minor tweaks to socket manual & shorten the code a bit
 2024-04-08 10:38:07 +01:00
Mike Yuan
6b014a2ac4
man/systemd.socket: be explicit that MaxConnectionsPerSource=0 means disabled 2024-04-08 01:49:49 +08:00
Lennart Poettering
0af7e29434 nspawn: make nspawn work without privileges 2024-04-06 16:08:24 +02:00
Lennart Poettering
702a52f4b5 mountfsd: add new systemd-mountfsd component 2024-04-06 16:08:24 +02:00
Lennart Poettering
8aee931e7a nsresourced: add new daemon for granting clients user namespaces and assigning resources to them 
This adds a small, socket-activated Varlink daemon that can delegate UID
ranges for user namespaces to clients asking for it.

The primary call is AllocateUserRange() where the user passes in an
uninitialized userns fd, which is then set up.

There are other calls that allow assigning a mount fd to a userns
allocated that way, to set up permissions for a cgroup subtree, and to
allocate a veth for such a user namespace.

Since the UID assignments are supposed to be transitive, i.e. not
permanent, care is taken to ensure that users cannot create inodes owned
by these UIDs, so that persistancy cannot be acquired. This is
implemented via a BPF-LSM module that ensures that any member of a
userns allocated that way cannot create files unless the mount it
operates on is owned by the userns itself, or is explicitly
allowelisted.

BPF LSM program with contributions from Alexei Starovoitov.
 2024-04-06 16:08:24 +02:00
Vito Caputo
a7d8cacce0 man: fix typo s/veno/reno/ 2024-04-06 07:12:33 +02:00
Mike Yuan
36b21fac8f
sleep: rename SleepMemMode= to MemorySleepMode= 
Addresses https://github.com/systemd/systemd/pull/31986#discussion_r1554053623
 2024-04-06 02:16:54 +08:00
Yu Watanabe
6df0059441 network/ndisc: add basic support for Redirect message 
Closes #31438.
 2024-04-05 05:57:54 +09:00
Mike Yuan
05d2a63139
man/kernel-command-line: document resume_offset= too 2024-04-05 03:03:09 +08:00
Luca Boccassi
2aef0ac819
Merge pull request #32097 from keszybz/sd-notify-cleanups 
Small cleanups to sd_notify docs
 2024-04-04 17:44:12 +01:00
Daan De Meyer
7b62a246a6
Merge pull request #32033 from DaanDeMeyer/unit-creds 
debug-generator: Add unit and drop-in credentials
 2024-04-04 18:27:20 +02:00
Daan De Meyer
8595f578fe debug-generator: Add unit and drop-in credentials 
These allow adding extra units and drop-ins via credentials.
 2024-04-04 16:17:38 +02:00