1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-29 21:55:36 +03:00
Commit Graph

54371 Commits

Author SHA1 Message Date
Slava Bacherikov
af493fb742 network: Add SuppressInterfaceGroup= into routing policy
This adds SuppressInterfaceGroup= option in the [RoutingPolicyRule] section
which has the same semantics as suppress_ifgroup in `ip rule` command.
2021-11-16 01:54:07 +09:00
Slava Bacherikov
10af8bb24b network: change link group type to int32
Both linux kernel kernel and iproute2 uses int32 type for a link group
attribute and -1 has a special meaning, so setting it to 4294967295
would make it -1 in the linux kernel (and ip link cmd).
2021-11-16 01:53:46 +09:00
Evgeny Vereshchagin
e44a47d186 ci: pin the codeql action to SHAs
It's a follow-up to https://github.com/systemd/systemd/pull/21316.

Judging by https://github.com/evverx/systemd/pull/36, Dependabot
supports their release cycle
2021-11-14 10:42:04 +00:00
Evgeny Vereshchagin
e7a966915d ci: mimic the "restricted" mode
Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
it should be enough to grant the "read contents" permission to
most of our actions. The "read metadata" permission is set impliciclty
somewhere and can't be set via the "permissions" setting:
```
The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata'
```
2021-11-14 10:41:06 +00:00
Yu Watanabe
10b1c3cd24
Merge pull request #21355 from bluca/coverity
Coverity and CodeQL fixes
2021-11-14 14:18:08 +09:00
Zbigniew Jędrzejewski-Szmek
b1bcda702c meson: drop mode setting on systemd-update-helper
With a6d1760024, this shouldn't be
necessary anymore.
2021-11-14 13:54:47 +09:00
Jan Janssen
4cf8a6092e meson: Use fs module
Turns out that meson provides a fs module since 0.53.0, making it unnecessary
to call out to test.
2021-11-14 13:54:27 +09:00
Zbigniew Jędrzejewski-Szmek
4728625490 seccomp: move mprotect to @default
With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early
init with a restrictive syscall filter that does not include @system-service.
I think this is caused by 2dd87703d4386f2776c5b5f375a494c91d7f9fe4:

Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 10 10:31:41 2021 +0200

    nptl: Move changing of stack permissions into ld.so

    All the stack lists are now in _rtld_global, so it is possible
    to change stack permissions directly from there, instead of
    calling into libpthread to do the change.

It seems that this call will now be very widely used, so let's just move it to
default to avoid too many failures.
2021-11-14 13:53:50 +09:00
Luca Boccassi
b798490f77 test-strxcpyx: check result of snprintf 2021-11-14 01:28:42 +00:00
Evgeny Vereshchagin
311956ccd9 ci: tighten several GHActions a bit more
with https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions
2021-11-13 22:17:21 +03:00
Luca Boccassi
0a040e6419 sd-event: one more assert when turning off an event source
CID#1465866
2021-11-13 19:12:11 +00:00
Luca Boccassi
25bb459e39 journal-remote: more handling of sd_event_source_set_enabled failures
But avoid clobbering the return value if it works

CID#1465793
CID#1465794
2021-11-13 19:11:55 +00:00
Luca Boccassi
76a7c636a9
Merge pull request #21341 from yuwata/network-route-flags
network: manage route and nexthop flags
2021-11-13 18:43:50 +00:00
dependabot[bot]
5ae4964028 build(deps): bump actions/checkout from 2 to 2.4.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...ec3a7ce113134d7a93b817d10a8272cb61118579)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-13 16:45:32 +03:00
Frantisek Sumsal
66a41360b4
Merge pull request #21342 from evverx/dependabot-error
ci: try to fix a Dependabot error
2021-11-13 09:35:51 +00:00
Lennart Poettering
a4e27f051a
Merge pull request #21337 from poettering/uid-alloc-range-split
split out UID allocation range stuff from user-record.c/h (i.e. login.defs parsing)
2021-11-13 08:13:44 +01:00
Lennart Poettering
b4d4596ffb test: rename test-user-record → test-uid-alloc-range
It doesn't actually test any of the JSON stuff, hence name it
test-uid-alloc-range, since it tests the stuff from uid-alloc-range.
2021-11-13 08:10:13 +01:00
Lennart Poettering
0fa90f7e04 uid-alloc-range: maintain only a single default alloc range structure
Either way we need these four values, let's simplify the code by keeping
only one const struct of this around.
2021-11-13 08:10:13 +01:00
Lennart Poettering
b085d22406 shared: split out UID allocation range stuff from user-record.h
user-record.[ch] are about the UserRecord JSON stuff, and the UID
allocation range stuff (i.e. login.defs handling) is a very different
thing, and complex enough on its own, let's give it its own c/h files.

No code changes, just some splitting out of code.
2021-11-13 08:10:11 +01:00
Lennart Poettering
bb562024a5 homework: sync dir after moving file in, not before 2021-11-13 08:05:02 +01:00
Lennart Poettering
1ca5a6c76e
Merge pull request #21333 from poettering/homed-report-fs-and-access-mode
homed: report actual home dir access mode and fs type in effect
2021-11-13 08:04:33 +01:00
Lennart Poettering
b1beb00406
Merge pull request #21331 from poettering/luks-extra-mount-options
homed: allow per-user additional LUKS mount options
2021-11-13 08:03:55 +01:00
Jan Janssen
9cc6154608 test: Create convenience macros to declare tests 2021-11-13 09:20:24 +09:00
Frantisek Sumsal
c76a838589 ci: run the unit_tests and mkosi jobs on stable branches as well
To provide more coverage for the systemd-stable repo.

See: https://github.com/systemd/systemd-stable/issues/24
2021-11-13 09:09:54 +09:00
Lennart Poettering
6b945d7031 homework: split out password cache logic into its own .c/.h file
Preparation for extending it further down the line.
2021-11-13 00:22:16 +01:00
Yu Watanabe
17f8d8f9b4 network: manage route and nexthop flags 2021-11-13 08:16:06 +09:00
Yu Watanabe
f505de80d2 network: mention that errors will be ignored 2021-11-13 08:16:06 +09:00
Yu Watanabe
5bfee718d2 sd-netlink: introduce sd_rtnl_message_nexthop_get_flags() 2021-11-13 08:16:06 +09:00
Yu Watanabe
45b1299a1e sd-netlink: clear previous flags or state by _set_flags() or _set_state()
Otherwise, there is no way to reset the previous value.
2021-11-13 08:16:06 +09:00
Lennart Poettering
0881991c32
Merge pull request #21329 from poettering/homed-compress-default
homed: default to btrfs compression
2021-11-12 22:55:14 +01:00
Lennart Poettering
e0c311b1aa update TODO 2021-11-12 22:45:03 +01:00
Lennart Poettering
67a6d39953 doc: document the two new accessMode/fileSystemType fields 2021-11-12 22:44:54 +01:00
Lennart Poettering
b0a7fb152a homed: include actual fs type + access mode as part of "status" section of user record
So far we have two properties for the intended fstype + access mode of
home dirs, but they might differ from what is actually used (because the
user record changed from the home dir, after it was created, or vice
versa). Let's hence add these props also to the "status" section of user
record, which report the status quo. That way we can always show the
correct, current settings.
2021-11-12 22:44:54 +01:00
Lennart Poettering
f639f60ed5 homed: allow querying disk free status separetely from generating JSON from it
We later want to query per-home free status for implementing automatic
grow/shrink of home directories, hence let's separate the JSON
generation from the disk free status determination.
2021-11-12 22:44:54 +01:00
Lennart Poettering
5dd57a00d5 doc: document the new luksExtraMountOptions concept 2021-11-12 22:22:06 +01:00
Lennart Poettering
edf0c907e7 homectl: make new LUKS extra mount option field settable 2021-11-12 22:22:06 +01:00
Lennart Poettering
2e0001c281 homework: also add a way to configure additional mount options via a JSON user record field
Fixes: #15120
2021-11-12 22:22:06 +01:00
Lennart Poettering
423de19223 man: run ninja -C build update-man-rules 2021-11-12 22:21:22 +01:00
Lennart Poettering
1783a48c87 homework: add a const where appropriate 2021-11-12 22:15:51 +01:00
Lennart Poettering
cbae575e0f keyring-util: add new keyring-util.h helpers
This adds to new helpers: keyring_read() for reading a key data from a
keyring entry, and TAKE_KEY_SERIAL which is what TAKE_FD is for fds, but
for key_serial_t.

The former is immediately used by ask-password-api.c
2021-11-12 22:15:06 +01:00
Lennart Poettering
7b9eaec069
Merge pull request #21294 from keszybz/binfmt-misc
Improve systemd-binfmt logging, fix exit value
2021-11-12 22:14:12 +01:00
Lennart Poettering
8ccb69aef0 homework: turn off compression for files backing LUKS volumes
We need random access read/write files, and compression sucks for that,
hence disable it on the underlying files.

Compression in the home directory might be desirable, but if so it
should be done *inside* the home dir fs, not on the underlying fs.
2021-11-12 22:13:48 +01:00
Luca Boccassi
c3c50474d2 tree-wide: don't ignore return code from sd_event_source_set_enabled()
CID#1465793
CID#1465794
CID#1465795
2021-11-12 22:13:24 +01:00
Lennart Poettering
fe0777fb94
Merge pull request #21320 from poettering/namespace-mkdir-umask
make pid1 namespace code independent of umask
2021-11-12 22:12:58 +01:00
Frantisek Sumsal
59f5d2f431
Merge pull request #21316 from evverx/pin-labeler
ci: pin labeler
2021-11-12 20:51:26 +00:00
Lennart Poettering
db42f011c6 docs: document new mount option env var 2021-11-12 17:36:53 +01:00
Lennart Poettering
6309512c02 homed: add env var for overriding default mount options
This adds an esay way to override the default mount options to use for
LUKS home dirs via the env vars SYSTEMD_HOME_MOUNT_OPTIONS_EXT4,
SYSTEMD_HOME_MOUNT_OPTIONS_BTRFS, SYSTEMD_HOME_MOUNT_OPTIONS_XFS.

See: #15120
2021-11-12 17:34:31 +01:00
Lennart Poettering
a428a4518b homework: default to btrfs compression
This follows what Fedora did with 34: enables compression by default,
lowering IO bandwidth and reducing disk space use, at the price of
slightly higher CPU use.

https://fedoraproject.org/wiki/Changes/BtrfsTransparentCompression
2021-11-12 17:33:16 +01:00
Zbigniew Jędrzejewski-Szmek
99a041d1ce binfmt: add logging information
In delete_rule(), we already checked that the rule name is a valid file name
(i.e. no slashes), so we can just trivially append.

Also, let's always reject rules that we would later fail to delete. It's
probably better to avoid such confusion.

And print the operations we do with file name and line number. I hope this
helps with cases like https://github.com/systemd/systemd/pull/21178. At least
we'll know what rule failed.

$ sudo SYSTEMD_LOG_LEVEL=debug build/systemd-binfmt
Flushed all binfmt_misc rules.
Applying /etc/binfmt.d/kshcomp.conf…
/etc/binfmt.d/kshcomp.conf:1: binary format 'kshcomp' registered.
2021-11-12 17:23:36 +01:00
Topi Miettinen
006d1864fb execute: always log a warning when setting SELinux context fails
Update also manual page to explain how the transition can still fail.
2021-11-12 17:17:21 +01:00