1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

74922 Commits

Author SHA1 Message Date
Luca Boccassi
8b3f38de68 mkosi: temporarily disable panic_on_warn
Due to a BTRFS issue in kernel 6.12 (and backported in Ubuntu to 6.8)
there's a warning triggered by some tests, and it then causes a panic.

The BTRFS issue has a patch but it is not available in any distro yet,
so disable panic_on_warn until it reaches Arch and Ubuntu Noble. Bugs
have been filed.

(cherry picked from commit 930d65ccca)
(cherry picked from commit 72ef5ac211)
2024-12-19 22:14:09 +00:00
Yu Watanabe
fc38a08efa TEST-35-LOGIN: check only tty session
For some reasons, another session logind-test-user may be started.
===
Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ...
(snip)
Dec 13 07:04:16 systemd-logind[2140]: New session 15 of user logind-test-user.
Dec 13 07:04:16 systemd-logind[2140]: VT changed to 2
Dec 13 07:04:16 systemd-logind[2140]: rfkill: Found udev node /dev/rfkill for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: udmabuf: Found udev node /dev/udmabuf for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/timer for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/seq for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/timer for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/rfkill for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/udmabuf for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/seq for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd[1]: user-4712.slice: Changed dead -> active
Dec 13 07:04:16 systemd[1]: user-4712.slice: Job 5951 user-4712.slice/start finished, result=done
Dec 13 07:04:16 systemd[1]: Created slice user-4712.slice.
Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user
Dec 13 07:04:16 systemd-logind[2140]: Choosing session 15 in preference to -
(snip)
Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ...
(snip)
Dec 13 07:04:16 systemd-logind[2140]: New session 16 of user logind-test-user.
Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user
Dec 13 07:04:16 systemd-logind[2140]: Ignoring session 16
===
Let's track only session for the user with tty, which we explicitly created.

Fixes #35597.

(cherry picked from commit 26f65dc0c7)
(cherry picked from commit d23133ef79)
2024-12-19 22:14:09 +00:00
Ronan Pigott
86197c1308 network: don't warn with no NSID assigned
This is nothing interesting to warn about. Also use the symbolic
constant name when testing for this condition.

(cherry picked from commit e803e95760)
(cherry picked from commit 0cddbebfbe)
2024-12-19 22:14:09 +00:00
Luca Boccassi
9678a5a1b3 mkosi: fix section for WithNetwork=
/tmp/autopkgtest.L6NPL0/build.doZ/src/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf: Setting WithNetwork should be configured in [Build], not [Content]

(cherry picked from commit 301c159ce5)
(cherry picked from commit 6186c2735b)
2024-12-19 22:14:09 +00:00
Luca Boccassi
da47621e7c Revert "semaphore: skip some tests"
This reverts commit e19cae12ff.

(cherry picked from commit 7406e0a3af)
(cherry picked from commit 61e321c452)
2024-12-19 22:14:09 +00:00
Luca Boccassi
4d20ee13dd semaphore: bump timeout
When semaphore is overloaded tests can take more than 1hr, bump
timeout

(cherry picked from commit 1855064d4e)
(cherry picked from commit 96b9fe831f)
2024-12-19 22:14:09 +00:00
Zbigniew Jędrzejewski-Szmek
02d10e1d9b tmpfiles: reduce quoting in warning message
We printed:
systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/20-systemd-shell-extra.conf:10: Unknown modifiers in command 'L$'.
systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:10: Unknown modifiers in command 'd$'.
systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:11: Unknown modifiers in command 'd$'.
...

There's a lot of additional characters here make the message harder to parse. We know
that the command is a word without any whitespace, so quoting isn't really necessary.

Change this to:
... unknown modifiers in command: L$

(cherry picked from commit 390bab5392)
(cherry picked from commit 3efa9e717f)
2024-12-19 22:14:09 +00:00
Florian Schmaus
b26b3cbb71 logind: let system-wide idle begin at the time logind was initialized
Initialize the start of the system-wide idle time with the time logind was
initialized and not with the start of the Unix epoch. This means that systemd
will not repport a unreasonable long idle time (around 54 years at the time of
writing this), especially at in the early boot, while no login manager session,
e.g,. gdm, had a chance to provide a more accurate start of the idle period.

Fixes #35163

(cherry picked from commit 718b31138b)
(cherry picked from commit 9d36809256)
2024-12-19 22:14:08 +00:00
Luca Boccassi
aafb208230 test-loop-block: return -77 on skip in more places
(cherry picked from commit 81e0693465)
(cherry picked from commit 1fb4673a69)
2024-12-19 22:14:08 +00:00
Luca Boccassi
0ad28af14c battery-check: parse options before checking for kernel command line
Otherwise --help/--version/etc which exit immediately will do pointless work

(cherry picked from commit 60d23b7f4a)
(cherry picked from commit 29cdad871e)
2024-12-19 22:14:08 +00:00
Ronan Pigott
11b9ec17f4 manager: add list of subscribers to dump info
This is handy for debugging.

(cherry picked from commit 9171384149)
(cherry picked from commit bcf740e4a3)
2024-12-19 21:58:26 +00:00
Ronan Pigott
20be7138fd dbus: log disconnect on api and system busses
This is an interesting event. Let's log about it.

(cherry picked from commit 11ee1bab60)
(cherry picked from commit c189ecc7fe)
2024-12-19 21:58:26 +00:00
Yu Watanabe
b3259d795b journalctl: honor --quiet with --setup-keys
Closes #35504.

(cherry picked from commit a5b2973850)
(cherry picked from commit 644f2a02c8)
2024-12-19 21:58:26 +00:00
Yu Watanabe
43215cfbd3 README: drop CentOS CI badges
CentOS CIs are disabled after ead814a0b0.

(cherry picked from commit 1fe583861f)
(cherry picked from commit 3b6b819a28)
2024-12-19 21:58:26 +00:00
Luca Boccassi
04065a0330 test: add more coverage for extensions and verity
(cherry picked from commit c7fcb08324)
(cherry picked from commit 06467e1dbc)
2024-12-19 21:58:26 +00:00
Luca Boccassi
4cc7809d01 shell completion: add systemd-creds
(cherry picked from commit 783f794e89)
(cherry picked from commit b256e149d4)
2024-12-19 21:58:26 +00:00
Luca Boccassi
72f61bff1a semaphore: skip some tests
semaphore CI runs are always very close to the limit of 1hr, and often
time out when it's particularly oversubscribed.
Skip some low-value test cases to shorten the runtime.

(cherry picked from commit e19cae12ff)
(cherry picked from commit e768cf55b1)
2024-12-19 21:58:26 +00:00
cvlc12
8f8054f3fe man: update example in systemd-measure.xml (#35506)
In the example from systemd-measure(1), do not bind to PCR 7 in
addition to the PCR policy.

As long as this is still done by default, see #35280.

(cherry picked from commit 693038fce4)
(cherry picked from commit 926f5ab6bf)
2024-12-19 21:47:52 +00:00
andrejpodzimek
ed1b804b77 Fixing VLAN ranges in man systemd.network.
Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed).

(cherry picked from commit ae2f3af639)
(cherry picked from commit 9fad72cc52)
2024-12-19 21:47:49 +00:00
Katariina Lounento
1fd1d05392 man: document unprivileged is not for reading properties
Document the fact that read-only properties may not have the flag
SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the
flag is accepted for writable properties.

Based on the check in `add_object_vtable_internal` called by
`sd_bus_add_object_vtable` (as of the current tip of the main branch
f7f5ba0192):

    case _SD_BUS_VTABLE_PROPERTY: {
            [...]
            if ([...] ||
                [...]
                (v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
                    r = -EINVAL;
                    goto fail;
            }

(where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas
`_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property).

This was implemented in the commit
adacb9575a ("bus: introduce "trusted" bus
concept and encode access control in object vtables") where
`SD_BUS_VTABLE_UNPRIVILEGED` was introduced:

    Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED
    and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them.
    Note however that read access is unrestricted, as PropertiesChanged
    messages might send out the values anyway as an unrestricted
    broadcast.

(cherry picked from commit 3ca09aa4dd)
(cherry picked from commit cd727031a4)
2024-12-19 21:47:43 +00:00
Luca Boccassi
abb293e7f1 mkosi: use inetutils package instead of hostname for Archlinux
In Arch the hostname binary is in a different package

Follow-up for cf48bde7ae

(cherry picked from commit 446d737cba)
(cherry picked from commit e1659133e7)
2024-12-19 21:47:43 +00:00
Luca Boccassi
e3d4a1df2e test-fd-util: skip test when lacking privileges to create a new namespace
To reproduce, as an unprivileged user start a docker container and build
and run the unit tests inside it:

$ docker run --rm -ti debian:bookworm bash
...
/* test_close_all_fds */
Successfully forked off '(caf-plain)' as PID 10496.
Skipping PR_SET_MM, as we don't have privileges.
(caf-plain) succeeded.
Failed to fork off '(caf-noproc)': Operation not permitted
Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.

Partially fixes #35552

(cherry picked from commit 630a2e7ee1)
(cherry picked from commit 5573ac7d9c)
2024-12-19 21:47:15 +00:00
Luca Boccassi
fd01929305 test-capability: CAP_LINUX_IMMUTABLE is not available in unprivileged containers
have ambient caps: yes
Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Failed to drop auxiliary groups list: Operation not permitted
Failed to change group ID: Operation not permitted
Capabilities:cap_dac_override,cap_net_raw=ep
Capabilities:cap_dac_override=ep
Successfully forked off '(getambient)' as PID 12505.
Skipping PR_SET_MM, as we don't have privileges.
Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically.
Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting.
(getambient) terminated by signal ABRT.
src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error

Partially fixes #35552

(cherry picked from commit 058a07635f)
(cherry picked from commit d80ab6aed6)
2024-12-19 21:47:15 +00:00
Nick Rosbrook
f707f72865 test: set nsec3-salt-length=8 in knot.conf
TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from
knot:

 notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0

Explicitly set nsec3-salt-length=8 to silence.

(cherry picked from commit 59e5108fb4)
(cherry picked from commit 1b945fb1a7)
2024-12-19 21:47:15 +00:00
Lennart Poettering
5fba8e62bd analyze: tab fix
(cherry picked from commit 7167bee6c6)
(cherry picked from commit f4215e7909)
2024-12-19 21:47:13 +00:00
Zbigniew Jędrzejewski-Szmek
f401393ab2 meson: bump version to 256.9
I forgot to do this before tagging. Let's still do this, for two reasons:
- packagers can easily include the patch if they haven't built yet,
- doing the bump reduces the chances of somebody doing an off-by-one bump
  for the next release.
2024-11-30 16:22:22 +01:00
David Tardon
f15fd96efd execute: free syscall_log hashmap when done
Fixes #35394

(cherry picked from commit c3dc460b6c)
2024-11-29 14:26:57 +01:00
Luca Boccassi
2d975f64d4 test: mask tmpfiles.d file shipped by selinux policy package in containers
This tmpfiles.d wants to write to sysfs, which is read-only in containers,
so systemd-tmpfiles --create fails in TEST-22-TMPFILES when ran in nspawn
if the selinux policy package is instealled. Mask it, as it's not our
config file, we don't need it in the test.

(cherry picked from commit 6fd3496cfd)
2024-11-29 14:26:57 +01:00
Michał Górny
964ced4100 nspawn: Include arm_fadvise64_64 in syscall allow_list
Add the `arm_fadvise64_64` syscall to the allow_list, in addition
to the existing `fadvise64` and `fadvise64_64` syscalls, as this is
the syscall actually defined for `arm` architecture.  Adding it fixes
the syscall being rejected in arm32 containers.

Fixes #35194

(cherry picked from commit 7fd70a5326)
2024-11-29 14:26:57 +01:00
Zbigniew Jędrzejewski-Szmek
a70b65863f hwdb: update to main@{2024-11-28}
git restore -s origin/main hwdb.d/ test/hwdb.d test/hwdb-test.sh
2024-11-29 14:26:57 +01:00
Lennart Poettering
7a307c5939 nspawn: make sure --private-users-ownership=no and =off work the same way
We usually want to use "extended booleans" for cases like this, i.e.
that "off", "no" and "0" can be used interchangably for turning
something off.

(cherry picked from commit 62f3e2f84a)
2024-11-29 14:26:57 +01:00
Lennart Poettering
b4db0ca753 tests: fix access mode of root inode of throw-away container images
Otherwise the root inode will typically have what mkdtemp sets up, which
is something like 0700, which is weird and somewhat broken when trying
to look into containers from unpriv users.

(cherry picked from commit c18a102464)
2024-11-29 14:26:57 +01:00
Lennart Poettering
6f346ef756 nspawn: don't try to unregister a machine we never registered
When registering we condition this on "arg_register". Let's do the same
when unregistering, otherwise we might end up trying to unregister a
machine we never registered.

(cherry picked from commit 0790f4e45f)
2024-11-29 14:26:57 +01:00
Yu Watanabe
d51236d833 man: several more assorted fixes
Continuation of 4ebbb5bfe8.
Closes #35307.

(cherry picked from commit f29a07f3fc)
2024-11-29 14:26:57 +01:00
Lennart Poettering
b2751b9ae9 sd-varlink: fix bug when enqueuing messages with fds asynchronously
When determining the poll events to wait for we need to take the queue
of pending messages that carry fds into account. Otherwise we might end
up not waking up if such an fd-carrying message is enqueued
asynchronously (i.e. not from a dispatch callback).

(cherry picked from commit 7b4b3a8f7b)
2024-11-29 14:26:56 +01:00
Winterhuman
09accdb68c man/systemd-system.conf: Correct "struct" to "strict" (#35364)
(cherry picked from commit 5bed97dd57)
2024-11-29 14:26:56 +01:00
Yu Watanabe
6f2483eed8 man: use MIT-0 license for example codes in daemon(7)
This page contains many short example codes. I do not think we should
add SPDX-License-Identifier for all codes.

Closes #35356.

(cherry picked from commit 6046cc3660)
2024-11-29 14:26:56 +01:00
Yu Watanabe
8cca30da53 man: update documentation about basic .netdev file handling
Follow-up for #34909 and later PRs.

(cherry picked from commit d07fbf22ed)
2024-11-29 14:26:56 +01:00
Yu Watanabe
95f9307b65 man: asorted fixes
Closes #35307.

(Changes to files with conflicts were dropped.)
(cherry picked from commit 4ebbb5bfe8)
2024-11-29 14:26:56 +01:00
Yu Watanabe
d696e5aef1 TEST-17: add reproducer for issue #35329
Without the previous commit, the test case will fail.

(cherry picked from commit 675feaf521)
2024-11-29 14:26:56 +01:00
Yu Watanabe
69a95d442f core/device: ignore ID_PROCESSING udev property on enumerate
This partially reverts the commit 405be62f05
"tree-wide: refuse enumerated device with ID_PROCESSING=1".

Otherwise, when systemd-udev-trigger.service is (re)started just before
daemon-reexec, which can be easily happen on systemd package update, then
udev database files for many devices may have ID_PROCESSING=1 property,
thus devices may not be enumerated on daemon-reexec. That causes many
units especially mount units being deactivated after daemon-reexec.

Fixes #35329.

(cherry picked from commit c4fc22c4de)
2024-11-29 14:26:56 +01:00
Yu Watanabe
ce997e944f curl-util: do not configure new io event source when the event loop is already dead
Similar to c5ecf09494, but for io event source.

Fixes #35322.

(cherry picked from commit 5b2926d941)
2024-11-29 14:26:56 +01:00
Lennart Poettering
95c20d0b62 nspawn: improve log message on bad incoming sd_notify() message
It's the PID that is wrong, not the UID/GID, be precise.

(cherry picked from commit 95116bdfd5)
2024-11-29 14:26:56 +01:00
Yu Watanabe
b30364a037 shutdown: close DM block device before issuing DM_DEV_REMOVE ioctl
Otherwise, the ioctl() may fail with EBUSY.

Follow-up for b4b66b2662.
Hopefully fixes #35243.

(cherry picked from commit b76730f3fe)
2024-11-29 14:26:56 +01:00
Zbigniew Jędrzejewski-Szmek
eb841e9b8e Undeprecate commandline params forcequotacheck, fastboot, and forcefsck
Those are historical names, but there is nothing wrong with them. The files on
/ (/fastboot, /forcefsck, and /forcequotacheck) are problematic because they
require a modification of the root file system. But the commandline params work
fine. They have the obvious advantage compared to our "modern" option that they
are much easier to type without looking up the spelling in the docs. Undeprecate
them to avoid unnecessary churn.

(cherry picked from commit 5598454a3f)
2024-11-29 14:26:56 +01:00
Lennart Poettering
3d85366ab8 userdbctl: fix counting
Fixes: #35294
(cherry picked from commit 7f8a4f12df)
2024-11-29 14:26:56 +01:00
Lennart Poettering
aed4e90456 userbdctl: show 'mapped' user range only inside of userns
Outside of userns the concept makes no sense, there cannot be users
mapped from further outside.

(cherry picked from commit e412fc5e04)
2024-11-29 14:26:56 +01:00
Lennart Poettering
ddcc0bc151 cryptenroll: it's called PKCS#11, not PKCS11
In the --help text we really should use the official spelling, just like
in the man page.

(cherry picked from commit cc6baba720)
2024-11-29 14:26:56 +01:00
Yu Watanabe
6dcb53ba0a core/service: service_add_fd_store() consumes passed fd
Without this change, the fd is closed twice on failure.

Fixes a bug introduced by dff9808a62.

Fixes #35288.

(cherry picked from commit d99198819c)
2024-11-29 14:26:56 +01:00
Lennart Poettering
38e0f618ee killall: gracefully handle processes inserted into containers via nsenter -a
"nsenter -a" doesn't migrate the specified process into the target
cgroup (it really should). Thus the cgroup will remain in a cgroup
that is (due to cgroup ns) outside our visibility. The kernel will
report the cgroup path of such cgroups as starting with "/../". Detect
that and print a reasonably error message instead of trying to resolve
that.

(cherry picked from commit f6793bbcf0)
2024-11-28 15:11:07 +01:00