1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-29 21:55:36 +03:00
Commit Graph

61828 Commits

Author SHA1 Message Date
dependabot[bot]
9826037476 build(deps): bump stefanbuck/github-issue-parser from 2.0.4 to 3.0.1
Bumps [stefanbuck/github-issue-parser](https://github.com/stefanbuck/github-issue-parser) from 2.0.4 to 3.0.1.
- [Release notes](https://github.com/stefanbuck/github-issue-parser/releases)
- [Commits](f80b14f788...c1a559d78b)

---
updated-dependencies:
- dependency-name: stefanbuck/github-issue-parser
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 19:18:30 +00:00
dependabot[bot]
4371496fa9 build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](99c53751e0...e38b1902ae)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:49:21 +00:00
dependabot[bot]
df242320e5 build(deps): bump github/super-linter from 4.9.6 to 4.9.7
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.9.6 to 4.9.7.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](01d3218744...bb2d833b08)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:48:30 +00:00
dependabot[bot]
5afe9a300a build(deps): bump actions/checkout from 3.0.2 to 3.2.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3.0.2...755da8c3cf115ac066823e79a1e1788f8940201b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:52 +00:00
dependabot[bot]
c129b184c9 build(deps): bump meson from 0.64.1 to 1.0.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.64.1 to 1.0.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.64.1...1.0.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:20 +00:00
Lennart Poettering
46730cd632 update TODO 2023-01-06 16:15:14 +01:00
Lennart Poettering
e793038a5e update TODO 2023-01-06 15:36:58 +01:00
Lennart Poettering
7122aee5ab
Merge pull request #25918 from bluca/smbios_sd_notify
Support AF_VSOCK in sd_notify and pick up notify_socket from creds
2023-01-06 15:21:27 +01:00
Quentin Deslandes
48d8516043 journald: fix followup comments on regex feature
Fix followup comments on PR #24058:
- Use `mempcpy_safe()`.
- Remove unused `pcre2_code` variable.
- Use `static const` when relevant.
2023-01-06 14:59:31 +01:00
Lennart Poettering
34680637e8 nspawn: guard acl_free() with a NULL check
Inspired by #25957 there's one other place where we don't guard
acl_free() calls with a NULL check.

Fix that.
2023-01-06 14:59:09 +01:00
Sam James
9f804ab04d tmpfiles: avoid null free() for acl attributes
When built with ACL support, we might be processing a tmpfiles
entry where there's no cause for us to call parse_acls_from_arg,
then we get to the end of parse_line without having ever populated
i.{acl_access, acl_default}.

Then we pass a null pointer into acl_free().

From UBSAN w/ GCC 13.0.0_pre20230101:
```
$ systemd-tmpfiles --clean
/var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer
    #0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44
    #1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855
    #2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158
    #3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897
    #4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985
    #5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157
    #6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218
    #7 0x7f65d7ebe289  (/usr/lib64/libc.so.6+0x23289)
    #8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344)
    #9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900)
```
2023-01-06 14:58:46 +01:00
Lennart Poettering
578033356d man: document explicitly that LogRateLimit= has no effect on StandardOutput=file:…
Fixes: #25951
2023-01-06 14:13:09 +01:00
Daan De Meyer
e0ff0ee8f9
Merge pull request #25947 from poettering/resolved-dns-creds
resolved: add support for reading DNS config from kernel cmdline + service credentials
2023-01-06 14:11:57 +01:00
Lennart Poettering
2d935bbd22 gpt-auto-generator: improve log messages a bit
Fixes: #20331
2023-01-06 14:04:46 +01:00
Sam James
4e11b54b31 CODING_STYLE: fix 'better' typo 2023-01-06 14:03:19 +01:00
Jan Janssen
6e689dc6ee bootctl: Fix NULL pointer dereference
Fixes: #25952
2023-01-06 10:39:41 +01:00
Lennart Poettering
4a6c6d35e4 bootspec: show default/selected entry info in JSON output
Fixes: #25889
2023-01-06 10:38:03 +01:00
Lennart Poettering
5f9041afec resolved: disable SO_BINDTOIFINDEX hack for localhost IP addresses
Fixes: #23010
2023-01-06 10:37:37 +01:00
Luca Boccassi
03ede612be Update TODO 2023-01-05 23:07:16 +01:00
Luca Boccassi
4a91ace5bc creds: import 'vmm.notify_socket' and use it to set
This is intended to be used with VSOCK, to notify the hypervisor/VMM, eg on the host:

qemu <...> -smbios type=11,value=io.systemd.credential:vmm.notify_socket=vsock:2:1234 -device vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=42

(vsock:2:1234 -> send to host on vsock port 1234, default is to send to 0 which is
the hypervisor itself)

Also on the host:

$ socat - VSOCK-LISTEN:1234,socktype=5
READY=1
STATUS=Ready.
2023-01-05 23:07:16 +01:00
Luca Boccassi
6c94cfcda5 sd_notify: support AF_VSOCK
Allow sending notifications via AF_VSOCK, so that VMs can communicate
to the hypervisor/VMM that they are finished booting.

Note that if the hypervisor does not support SOCK_DGRAM over AF_VSOCK
(ie: qemu at the time of writing), SOCK_SEQPACKET will be used instead.
2023-01-05 23:07:16 +01:00
Dirk Su
a554057f2b hwdb: Add Dell models that require ACCEL_LOCATION=base 2023-01-05 21:46:33 +01:00
Ludwig Nussel
dd003f1621 kernel-install: run depmod only if writeable 2023-01-05 21:46:09 +01:00
Benjamin Tissoires
a91078bc57 virt: fix container detection
Commit 1b86c7c59e ("virt: make virtualization enum a named type")
made the conversion from `if (!r)` to `if (v != VIRTUALIZATION_NONE)`.

However, the initial test was meaning "if r is null", IOW "if r IS
`VIRTUALIZATION_NONE`).

The test is wrong and this can lead to false detection of the container
environment (when calling `systemctl exit`).

For example, https://gitlab.freedesktop.org/whot/libevdev/-/jobs/34207974
is calling `systemctl exit 0`, and systemd terminates with the exit code
`130`.

Fixing that typo makes `systemctl exit 0` returns `0`.

Fixes: 1b86c7c59e.
2023-01-05 21:45:53 +01:00
Ludwig Nussel
8109b2908d bootctl: print entry token as well 2023-01-05 21:45:18 +01:00
Lennart Poettering
882b011277 units: condition systemd-networkd-wait-online.service like systemd-networkd.service
This adds the same condition that systemd-networkd.service already
carries also to systemd-networkd-wait-online.service. Otherwise we'll
potentially see some logs we'd rather not see about a service we BindTo=
not running. Or in other words, if service X binds to Y then X should be
at least as conditioned as Y.
2023-01-05 21:44:45 +01:00
Lennart Poettering
218db3d9ef dns-domain: dns_name_is_empty() is redundant
dns_name_is_empty() was added later, but does the same thing as the more
accurately called dns_name_is_root(), hence drop the former.
2023-01-05 21:44:26 +01:00
Lennart Poettering
ef503f1cec resolvectl: remove duplicate ':' from output
The second argument to dump_list() actually ends up in a TABLE_FIELD
cell now, where we implicitly append a ":". Hence drop it from the
strings.

Follow-up for: 37a50123fa
2023-01-05 21:44:11 +01:00
Lennart Poettering
17eab9467d update TODO 2023-01-05 18:53:08 +01:00
Lennart Poettering
116687f267 resolved: read DNS conf also from creds and kernel cmdline
Note that this drops ProtectProc=invisible from
systemd-resolved.service.

This is done because othewise access to the booted "kernel" command line is not
necessarily available. That's because in containers we want to read
/proc/1/cmdline for that.

Fixes: #24103
2023-01-05 18:52:15 +01:00
Luca Boccassi
747b5d963e src/shared/: split AF_UNIX/AF_VSOCK address parsing into src/basic/
We'll use it from libsystemd0 later, but AF_INET/6 requires some
netlink calls and thus the additional library dependency
2023-01-05 18:43:47 +01:00
Lennart Poettering
ea575e176a vconsole: permit configuration of vconsole settings via credentials 2023-01-05 18:24:21 +01:00
Luca Boccassi
bc0b2d377f
Merge pull request #25929 from poettering/resolvectl-loopback-fix
resolvectl: show 127.0.0.1 among global DNS servers again
2023-01-05 13:25:13 +01:00
Lennart Poettering
f912cdbc8d update TODO 2023-01-05 11:02:13 +01:00
Mike Yuan
c067e61b85 systemctl: enable: overwrite broken alias symlinks
When switching to an alternative alias provider,
the previous one might have been uninstalled or so.
It should be fine for us to overwrite them directly.

Closes #23694
2023-01-05 02:10:42 +01:00
Mike Yuan
44db9fbb39 systemctl: edit: rephrase edit markers to avoid misunderstanding
Closes #25856
2023-01-05 01:58:05 +01:00
Joshua Goins
0855ce6772 udev: Fix some tablet pads being classified as mouse or joysticks 2023-01-04 17:50:10 +01:00
Luca Boccassi
0a207d8f23 man: note that DynamicUser=yes is incompatible with D-Bus
Due to policy checks against system users this cannot currently work, and it is non-obvious.
In the future it might be implemented if support is added to dbus-broker/dbus-daemon, e.g.:

https://github.com/bus1/dbus-broker/issues/259
2023-01-04 17:49:41 +01:00
Lennart Poettering
e03fa62b63
Merge pull request #25802 from poettering/bootctl-reseed
move EFI random seed update logic from systemd-random-seed.service into separate service
2023-01-04 17:49:21 +01:00
Lennart Poettering
889a1b9f4e resolvectl: don't filter loopback DNS server from global DNS server list
"resolvectl status" shows per-link DNS servers separately from global
ones. When querying the global list, it will contain both per-link and
global servers however. Thus, to not show duplicate info we filter all
entries that actually have a non-zero ifindex set (under the assumption
that that's a per-link server).

This doesn't work if people configured 127.0.0.1 as global server
though, as we'll add ifindex 1 to it since
6e32414a66 unconditionally even for global
servers.

Let's address that by excluding entries with ifindex 1 from suppression.
This is safe as resolved ignores loopback ifaces, hence never will have
per-link servers on ifindex 1.

Note that this splits up the "with_ifindex" parameter into a second
parameter "only_global", since they semantically do two different
things. One controls whether we shall expect/parse an ifindex dbus
field. The other controls whether we shall filter all ifindex values set
!= 0. These are effectively always used in conjunction hence making them
the same actually worked. However this is utterly confusing I think,
which as I guess is resulting in the confusion around #25796 (which
removes the whole check)

Replaces: #25796
2023-01-04 16:47:40 +01:00
Lennart Poettering
5707fb1297 resolved: add some line-breaks/comments
Let's make this a bit more readable.
2023-01-04 16:32:53 +01:00
Lennart Poettering
a5e6c8498c resolvectl: fix type of ifindex D-Bus field, and make sure to initialize to zero in all code paths 2023-01-04 16:29:34 +01:00
Lennart Poettering
54978e3f3b bootctl: split out setting of system token into function of its own
Let's break a huge function in two. No code change, just some
refactoring.
2023-01-04 15:18:10 +01:00
Lennart Poettering
921fc451cb units: rename/rework systemd-boot-system-token.service → systemd-boot-random-seed.service
This renames systemd-boot-system-token.service to
systemd-boot-random-seed.service and conditions it less strictly.

Previously, the job of the service was to write a "system token" EFI
variable if it was missing. It called "bootctl --graceful random-seed"
for that. With this change we condition it more liberally: instead of
calling it only when the "system token" EFI variable isn't set, we call
it whenever a boot loader interface compatible boot loader is used. This
means, previously it was invoked on the first boot only: now it is
invoked at every boot.

This doesn#t change the command that is invoked. That's because
previously already the "bootctl --graceful random-seed" did two things:
set the system token if not set yet *and* refresh the random seed in the
ESP. Previousy we put the focus on the former, now we shift the focus to
the latter.

With this simple change we can replace the logic
f913c784ad added, but from a service that
can run much later and doesn't keep the ESP pinned.
2023-01-04 15:18:10 +01:00
Lennart Poettering
5019b0cb15 bootctl: downgrade graceful messages to LOG_NOTICE 2023-01-04 15:18:10 +01:00
Lennart Poettering
29d487adb4 random-seed: don't refresh EFI random seed from random-seed.c anymore
The ESP is simply not mounted early enough for this. We want that the
regular random seed handling runs as early as we possibly could, but we
don't want to delay this until the ESP is actually mounted.

Hence, let's remove this from random-seed.c here. A follow-up commit
will then add this back in, in a separate service which just calls
"bootctl random-seed".

Effectively reverts: f913c784ad

Fixes: #25769
2023-01-04 15:18:10 +01:00
Lennart Poettering
a16c65f3c4 sha256: add helper than hashes a buffer *and* its size
We use this pattern all the time in order to thward extension attacks,
add a helper to make it shorter.
2023-01-04 15:18:10 +01:00
Lennart Poettering
114172fbe7 bootctl: when updating EFI random seed file, hash old seed with new one
Let's not regress in entropy in any case.

This does what f913c784ad also does.
2023-01-04 15:18:10 +01:00
Lennart Poettering
60315d5953 bootctl: properly sync fs before/after moving random seed file into place
Let's do a careful, focussed sync at the right places instead of a
blanket sync at the end. After all we want to run this on every boot
soon.
2023-01-04 15:18:10 +01:00
Lennart Poettering
6b97b267bf bootctl: rework random seed logic to use open_mkdir_at() and openat()
This doesn't really fix anything, but in general we should put stronger
emphasis on operating via dir fds rather than paths more (in particular
when writing files as opposed to consuming them).

No real change in behaviour.
2023-01-04 15:18:10 +01:00