Yu Watanabe
0c7bb54238
network: split out core logic route_type_is_reject()
...
Preparation for later change.
2024-08-05 09:15:15 +09:00
Marc Reisner
2d00f4c306
sleep: add HibernateOnACPower= option ( #33846 )
...
* Add HibernateOnACPower= systemd-sleep configuration option
2024-08-05 00:01:34 +01:00
Luca Boccassi
bd5b586ad0
Merge pull request #33918 from YHNdnzj/exec-cred-cleanup
...
core/exec-credential: several cleanups
2024-08-04 14:20:27 +02:00
Luca Boccassi
fcfec5b28b
Merge pull request #33930 from yuwata/update-syscall-tables-and-linux-headers
...
Update syscall tables and linux headers
2024-08-04 13:31:47 +02:00
Yu Watanabe
ab9af70edb
sd-event: change error code -EINVAL -> -EIO
...
EINVAL should be used when a function is called with an invalid
argument. Here, the signal is not a function argument.
Follow-up for 7a64c5f23e
2024-08-04 11:33:23 +02:00
Yu Watanabe
2e308032f4
basic/linux: update kernel headers from v6.11-rc1
2024-08-04 14:55:32 +09:00
Yu Watanabe
d361ea5f30
seccomp: list fstatat, newfstat, and llseek
2024-08-04 14:55:23 +09:00
Yu Watanabe
da24dacf34
syscall-list: update syscall tables
...
This adds fstatat (and its friends), llseek, and uretprobe.
2024-08-04 14:47:30 +09:00
Yu Watanabe
bcf982223c
systemctl: refuse --capsule=foo with --system
...
Fixes the following assertion:
===
systemctl --capsule=hoge --system reboot
Assertion 'runtime_scope == RUNTIME_SCOPE_USER' failed at src/shared/bus-util.c:479, function bus_connect_transport(). Aborting.
Aborted (core dumped)
===
Follow-up for 56cb74c3cd
2024-08-04 14:21:32 +09:00
Mike Yuan
09001a2c64
core/exec-credential: do not use unlink_and_free for relative path under dfd
2024-08-04 06:51:52 +02:00
Mike Yuan
4c00458e99
core/exec-credential: emit correct error on invalid cred source
...
The (!source && !search_path) branch is effectively not reached,
but rather confusing. Let's return -EINVAL properly.
2024-08-04 06:51:28 +02:00
Mike Yuan
85b265c964
core/exec-credential: use struct load_cred_args everywhere
...
We currently duplicate the same set of params for every funcs.
Let's unify this, and make things more manageable.
2024-08-04 06:51:28 +02:00
Mike Yuan
43705cceb8
core/exec-credential: use maybe_decrypt_and_write_credential() for SetCred= too
2024-08-04 06:51:28 +02:00
Mike Yuan
ef0d7b0ec9
core/exec-credential: drop misleading comment regarding EEXIST
...
Follow-up for 2c2ed3272b
2024-08-04 06:51:28 +02:00
Mike Yuan
6a6e8b79cc
core/exec-credential: trivial coding style cleanup
2024-08-04 06:51:28 +02:00
Mike Yuan
9db676d6bf
core/dbus-execute: normalize "rename" arg properly
...
Follow-up for 40dd2a1c24https://github.com/systemd/systemd/pull/33916#discussion_r1702616229
2024-08-04 06:51:25 +02:00
Marin Kresic
f4911e6bda
po: Translated using Weblate (Croatian)
...
Currently translated at 82.8% (193 of 233 strings)
Co-authored-by: Marin Kresic <marinjurekresic@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/hr/
Translation: systemd/main
2024-08-04 13:28:56 +09:00
Dimitrys Meliates
f4e5d6a050
po: Translated using Weblate (Greek)
...
Currently translated at 37.7% (88 of 233 strings)
Co-authored-by: Dimitrys Meliates <demetresmeliates+fedora@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/el/
Translation: systemd/main
2024-08-04 13:28:56 +09:00
Luca Boccassi
b75c13731e
base-filesystem: do not attempt to create a /lib64 -> /usr/lib/<tuple> symlink
...
In multi-arch distributions (debian and derivatives) multiarch tuples under
/usr/lib are used, such as /usr/lib/x86_64-linux-gnu/ but the /lib64 symlink
should never point there, it should always point to /usr/lib64, as that's
how they are set up by distribution-specific tools.
https://packages.debian.org/bookworm/amd64/libc6-i386/filelist
https://packages.debian.org/bookworm/mipsel/libc6-mips64/filelist
https://salsa.debian.org/md/usrmerge/-/blob/master/convert-usrmerge?ref_type=heads#L295
https://salsa.debian.org/md/usrmerge/-/blob/master/convert-usrmerge?ref_type=heads#L517
http://bugs.debian.org/1076491
Fixes https://github.com/systemd/systemd/issues/33919
2024-08-04 10:03:55 +09:00
Daan De Meyer
ad723ca3e5
meson: Use -fstrict-flex-arrays=3
...
Let's explicitly pass the value to -fstrict-flex-arrays. This does
not change behavior but it does (selfishly) make my error not bug
out with an error saying -fstrict-flex-arrays does not exist.
2024-08-04 09:55:45 +09:00
Nova840
1392b9fad2
hwdb: fix auto rotate on Asus Q551LB ( #33921 )
2024-08-04 09:38:40 +09:00
Mike Yuan
ce31dbf445
core/service: drop redundant flush_n_restarts indicator
...
Now that we track auto-restarts with a dedicated state,
there's no need for a separate variable for this.
I also took the chance to reorder some struct members.
2024-08-04 09:37:59 +09:00
Yu Watanabe
cec96f12ff
Merge pull request #33925 from YHNdnzj/exec-serialize-path-escape
...
core/execute-serialize: two fixes
2024-08-04 09:35:51 +09:00
Mike Yuan
9be46b1da8
core/execute-serialize: use serialize_item_escaped() for external paths
...
Otherwise, read_stripped_line() would spuriously drop trailing spaces.
Fixes #33924
2024-08-03 22:49:59 +02:00
Mike Yuan
f0fdd13c2f
core/execute-serialize: drop extraneous '=' in ip-{in,e}gress serialization
2024-08-03 22:39:44 +02:00
Mike Yuan
1391f149f0
core/service: actually allow to "hurry up" auto restarts
...
unit_start() advertises that start requests don't get suppressed,
so that it could be used to manually speed up auto restarts.
However, service_start() so far rejected this, stating that
clients should issue restart request in order to trigger
BindsTo=/OnFailure=.
That seems to be a red herring though, because for a long time
the service states between auto-restarts were buggy (#27594 ).
With the introduction of RestartMode=direct, the behavior
is sane again and customizable, hence I see no reason to refuse
this anymore. Whether those deps are triggered solely depends
on RestartMode= now.
Plus, filter out some intermediate states that should never
be seen in service_start().
Fixes #33890
2024-08-03 13:03:28 +02:00
Daan De Meyer
21e9fcf97f
Merge pull request #33916 from yuwata/import-creds-follow-ups
...
core: several follow-ups for ImportCreds=
2024-08-03 10:04:55 +02:00
Yu Watanabe
74d1ee0373
core: refuse credentials with invalid names matching with glob
...
Even if the glob pattern is valid, the pattern may match credentials
with invalid names. So, we need to check the names of the found
credentials.
Follow-up for 947c4d3952
2024-08-03 14:25:35 +09:00
Yu Watanabe
b376dbc83d
test: a credential can be imported multiple times with different names
...
This is supported since 831f208783
2024-08-03 14:23:17 +09:00
Yu Watanabe
40dd2a1c24
core: make ImportCredentialEx= DBus property support without renaming
...
Note that the conf parser for ImportCredential= checks in the same way.
Follow-up for 831f208783
2024-08-03 14:20:07 +09:00
Yu Watanabe
e0fc14a456
creds-util: fix typo
...
Follow-up for 947c4d3952
2024-08-03 13:34:02 +09:00
Yu Watanabe
564547d295
Merge pull request #33911 from YHNdnzj/cgroup-setup-cleanup
...
cgroup-setup/util: several cleanups; make use of cgroup.kill on client request
2024-08-03 06:20:02 +09:00
Yu Watanabe
1c0130e8dc
man/net-naming-scheme: mention that NAMING_BRIDGE_MULTIFUNCTION_SLOT is reverted
...
Follow-up for af7417ac7bCloses #33596 .
2024-08-03 05:58:15 +09:00
Yu Watanabe
347c8822d1
man: extend explanation for ConfigureWithoutCarrier= in systemd.network(5)
...
Prompted by #33702 .
2024-08-03 05:57:55 +09:00
Yu Watanabe
6b8e373ce8
vmspawn: fix typo
...
Follow-up for 862c68a914
2024-08-03 05:56:11 +09:00
Yu Watanabe
bb35a47de2
ukify: fix typo
...
Follow-up for 987f4bce93
2024-08-03 05:55:05 +09:00
Yu Watanabe
2d6df0db7d
udevadm: fix typo
...
Follow-up for 0e789e6d48
2024-08-03 05:54:11 +09:00
Yu Watanabe
7033574293
import: fix typo
...
Follow-up for 17a6043a14
2024-08-03 05:53:08 +09:00
Yu Watanabe
fea380f3b4
login: fix typo
...
Follow-up for 0e10c3d872
2024-08-03 05:51:58 +09:00
Yu Watanabe
af7b3851ea
core/execute: fix typo
...
Follow-up for 628c214656
2024-08-03 05:50:50 +09:00
Yu Watanabe
eb8072ee48
boot: fix typo
...
Follow-up for dcac1e4a9b
2024-08-03 05:49:53 +09:00
Yu Watanabe
ec4964692a
cgroup-util: fix typo
...
Follow-up for 0fbb569de1
2024-08-03 05:48:54 +09:00
Yu Watanabe
f38aac5e01
mkosi: fix typo
...
Follow-up for 7205fc7dc3
2024-08-03 05:47:55 +09:00
Yu Watanabe
b8db3cc373
man: fix typo
...
Follow-up for 7102dc52e63d689b675b
2024-08-03 05:46:51 +09:00
Yu Watanabe
2bb72aadb8
man/net-naming-scheme: add missing period
...
Follow-up for 0a4ecc54cb
2024-08-03 05:36:12 +09:00
Yu Watanabe
c7d9925396
Merge pull request #33913 from berrange/cvm-s390x
...
Add detection of confidential virtualization on s390x architcture
2024-08-03 05:32:39 +09:00
Mike Yuan
3a497fbff5
advanced-issue-labeler: use correct label for env-generator
2024-08-02 21:45:18 +02:00
Daniel P. Berrangé
a8fb5d21fd
man/systemd-detect-virt: list known CVM technologies
...
Add a section which lists the known confidential virtual machine
technologies.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-08-02 16:55:03 +01:00
Daniel P. Berrangé
9ffdfc67c6
man/systemd-detect-virt: fix row spanning for VM header
...
This fixes
commit 9b0688f491
2024-08-02 16:55:03 +01:00
Daniel P. Berrangé
6c35e0a51c
confidential-virt: add detection for s390x target
...
The s390x platform provides confidential VMs using the "Secure Execution"
technology, which is also referred to as "Protected Virtualization" or
just "prot virt" in Linux / QEMU.
This can be detected through a simple sysfs attribute.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-08-02 16:53:20 +01:00
