1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-24 06:04:05 +03:00

68373 Commits

Author SHA1 Message Date
Arseny Maslennikov
c21566d90b
basic/missing_syscall: add missing_fchmodat2()
Follow-up for 8b45281daa3a87b4b7a3248263cd0ba929d15596
and preparation for later commits.

Since libcs are more interested in the POSIX `fchmodat(3)`, they are
unlikely to provide a direct wrapper for this syscall. Thus, the headers
we examine to set `HAVE_*` are picked somewhat arbitrarily.

Also, hook up `try_fchmodat2()` in `test-seccomp.c`. (Also, correct that
function's prototype, despite the fact that mistake would not matter in
practice)

Co-authored-by: Mike Yuan <me@yhndnzj.com>
2023-11-02 00:23:12 +08:00
Lukas Nykryn
2b5b25f123 udev: add new builtin net_driver
Currently the ID_NET_DRIVER is set in net_setup_link builtin.
But this is called pretty late in the udev processing chain.

Right now in some custom rules it was workarounded by calling ethtool
binary directly, which is ugly.

So let's split this code to a separate builtin.
2023-11-01 16:00:19 +00:00
Lennart Poettering
c2ba2625d7 man: run ninja update-man-rules again
Apparently this has been forgotten a couple of times.
2023-11-01 16:02:05 +01:00
Lennart Poettering
9c21cfdd7d chase: fix corner case when using CHASE_PARENT with a path ending in ".."
If we use CHASE_PARENT on a path ending in ".." then things are a bit
weird, because we the last path we look at is actually the *parent* and not
the *child* of the preceeding path. Hence we cannot just return the 2nd
to last fd we look at. We have to correct it, by going *two* levels up,
to get to the actual parent, and make sure CHASE_PARENT does what it
should.

Example: for the path /a/b/c chase() with CHASE_PARENT will return
/a/b/c as path, and the fd returned points to /a/b. All good.  But now,
for the path /a/b/c/.. chase() with CHASE_PARENT would previously return
/a/b as path (which is OK) but the fd would point to /a/b/c, which is
*not* the parent of /a/b, after all! To get to the actual parent of
/a/b we have to go *two* levels up to get to /a.

Very confusing. But that's what we here for, no?

@mrc0mmand ran into this in https://github.com/systemd/systemd/pull/28891#issuecomment-1782833722
2023-11-01 14:43:24 +00:00
Luca Boccassi
7c2fd96dba
Merge pull request #29764 from dtardon/varlink-io.systemd.service
Add varlink interface io.systemd.service
2023-11-01 14:41:58 +00:00
Luca Boccassi
df594373a4
Merge pull request #29691 from yuwata/dissect
udev: update devlink with the newer device node even when priority is equivalent
2023-11-01 14:36:28 +00:00
Lennart Poettering
ac110243a8 bsod,loop-util: fix fd validity check 2023-11-01 15:21:20 +01:00
Lennart Poettering
943aca96f7 proc-cmdline: use read_virtual_file() for /proc/cmdline 2023-11-01 15:20:54 +01:00
Lennart Poettering
5c2597ab07
Merge pull request #29788 from poettering/nspawn-barrier-fix
nspawn: fix barriers when wiping fully visible procfs/sysfs
2023-11-01 15:20:15 +01:00
Lennart Poettering
a3b46c6bf6 cryptenroll: use erase_and_free() at two more places 2023-11-01 15:19:10 +01:00
Yu Watanabe
4314abf6d4 sd-netlink: res_id is 16bit but serial is 32bit
The explicit value here is not so important.
Let's chop off the higher bits.

Fixes the issue reported at
https://github.com/systemd/systemd/pull/29802#issuecomment-1788637950.
2023-11-01 14:02:49 +00:00
Luca Boccassi
070243ecda
Merge pull request #29803 from poettering/coredump-message-tweaks
coredump: tweaks to log message & more
2023-11-01 13:20:11 +00:00
Yu Watanabe
498a6de596 dhcp6: enterprise ID is 32bit
Follow-up for 6b44099b3baff64af1ef58db8e38ecddc8070e9b.

Fixes #29800.
2023-11-01 13:19:59 +00:00
dependabot[bot]
094632a0ef build(deps): bump actions/checkout from 4.1.0 to 4.1.1
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8ade135a41...b4ffde65f4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 12:32:55 +00:00
dependabot[bot]
ac60a3a41e build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 4.2.2 to 5.0.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](ac4483d8c6...aa647ec446)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 12:30:41 +00:00
dependabot[bot]
f211277934 build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](08b4669551...0864cf1902)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 12:26:57 +00:00
David Tardon
1263055121 varlink: add generic impl. of io.systemd.service.SetLogLevel() 2023-11-01 12:50:52 +01:00
Yu Watanabe
4ef83d9c88 udev: revert workarounds for issues caused by the devlink creation optimization
This reverts the following two commits:
- "udev: decrease devlink priority for encrypted partitions"
  c4521fc17bb33d10bf5aca3f87f6a394dfecf423.
- "udev: decrease devlink priority for iso disks"
  df1dccd25547b430258bd42ec60428fc9aff1370.

These commits are workarounds for issues caused by
331aa7aa15ee5dd12b369b276f575d521435eb52.
With the previous commit, these workarounds are not necessary anymore,
as partitions are always processed later than their whole disk, and
a decrypted volume is also processed later than its backing volume.
2023-11-01 19:47:00 +09:00
Yu Watanabe
7ec5ce5673 udev: update devlink with the newer device node even when priority is equivalent
Several udev rules depends on the previous behavior, i.e. that udev
replaces the devlink with the newer device node when the priority is
equivalent. Let's relax the optimization done by
331aa7aa15ee5dd12b369b276f575d521435eb52.

Follow-up for 331aa7aa15ee5dd12b369b276f575d521435eb52.

Note, the offending commit drops O(N) of file reads per uevent, and this
commit does not change the computational order. So, hopefully the
performance impact of this change is small enough.

Fixes #28141.
2023-11-01 19:46:03 +09:00
André Paiusco
d397191b6d man: Improve text for SystemMaxFileSize when not set
If one sets the SystemMaxUse=64G by the current documentation would expect that each files size would be around 1/8 of this value (8G), althought if the SystemMaxFileSize is not explicit set, it has a max of 128M per file.
2023-11-01 10:41:24 +00:00
Peter Hutterer
4f7a629e6c analyze: handle CAP_BPF support 2023-11-01 10:25:59 +00:00
Lennart Poettering
bebf6fcf22 man: explicitly mention that environment.d/ cannot be used to set the service manager's own env block
Fixes: #29414
2023-11-01 10:25:02 +00:00
Yu Watanabe
2a94838b98 man: fix typo
Follow-up for ba87a61d05d637be9f0b21707f7fe3b0a74c5a05.
2023-11-01 18:38:57 +09:00
Yu Watanabe
ba87a61d05 network: support ID_NET_MANAGED_BY udev property
If the property is set, networkd manages the interface only when its
value is "io.systemd.Network".

Closes #29768.
2023-11-01 10:14:27 +01:00
Lennart Poettering
c8e9476386 coredump: let's always drop privileges
Let's unconditionally drop privileges before submitting the coredump log
message.

Let's make the codepaths where we acquired a coredump and where we
didn't more alike: let's drop privs in both cases.

This is not only safer, but means that the coredump messages are always
accessible by the owner of the aborted process.
2023-11-01 10:02:04 +01:00
Lennart Poettering
6fea39bacc coredump: tweak coredump log message
Let's not claim a process dumped core if that was disabled via resource
limits.

While we are at it, switch from stack to heap allocation for the log
message, as it includes a stack trace which can be arbitrarily large.

Fixes: #28559
2023-11-01 10:02:04 +01:00
Yu Watanabe
da79ae6fc5 NEWS: fix typo 2023-11-01 13:54:15 +09:00
Yu Watanabe
f0e3818632
Merge pull request #29770 from Werkov/doc-fixes
Doc fixes
2023-11-01 13:06:54 +09:00
Yu Watanabe
7122bd12fd
Merge pull request #29786 from mrc0mmand/more-executor-stuff
test: exercise more systemd-executor related stuff
2023-11-01 12:51:08 +09:00
Marc Pervaz Boocha
abca74cb48 Fixed a typo in kernel-install/60-ukify.install.in for globing microcode
searches in a non-existent micocode/* dir instead of micocode* due a typo in #28592
2023-11-01 12:44:52 +09:00
Luca Boccassi
fba173ff6a core: rename and add comment to ExecParameters cleanup functions 2023-11-01 12:43:22 +09:00
Hugo Carvalho
f70a264cf3 po: Translated using Weblate (Portuguese)
Currently translated at 100.0% (227 of 227 strings)

Co-authored-by: Hugo Carvalho <hugokarvalho@hotmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/pt/
Translation: systemd/main
2023-11-01 11:54:47 +09:00
Lennart Poettering
dba4fa8910 nspawn: make sure idmapped logic works if DDI contains only /usr/ tree
If we have a DDI that contains only a /usr/ tree (and which is thus
combined with a tmpfs for root on boot) we previously would try to apply
idmapping to the tmpfs, but not the /usr/ mount. That's broken of
course.

Fix this by applying it to both trees.
2023-11-01 00:50:43 +00:00
Luca Boccassi
f456764cda Update NEWS 2023-11-01 00:43:55 +00:00
Michal Sekletar
448a21abbd man: change title of the section to better reflect actual content 2023-10-31 18:34:31 +00:00
Frantisek Sumsal
6634e66ded core: fix a couple of typos 2023-10-31 18:52:00 +01:00
Frantisek Sumsal
3d72a9645e test: exercise more systemd-executor related stuff 2023-10-31 18:52:00 +01:00
Lennart Poettering
30e68bbba6 barrier: use EBADF where appropriate 2023-10-31 18:32:13 +01:00
Frantisek Sumsal
72d50da4f6 test: skip SocketBind*= tests when built without a bpf framework
The test intentionally checks for -BPF_FRAMEWORK so we run the test case
(and fail) even if we rename the feature flag.
2023-10-31 17:36:03 +01:00
Frantisek Sumsal
6f93eb159a core: check if we got a valid personality during deserialization 2023-10-31 17:34:37 +01:00
Lennart Poettering
1a8d781495 nspawn: fix barriers when wiping fully visible procfs/sysfs
Let's wait until the child is fully done with mounting it's own
instances of procfs/sysfs before we destroy our fully visible copies of
it.

This borrows heavily from Christian Brauners fix #29521, but splits the
place + sync into two steps so that the child payload is not started
before the parent has destroyed the procfs instance.

Alternative to: #29521
Fixes: #28157
2023-10-31 15:33:49 +01:00
Lennart Poettering
553a596ad9
Merge pull request #29763 from yuwata/vconsole-conf
locale,firstboot: add comments to vconsole.conf
2023-10-31 14:37:47 +01:00
Yu Watanabe
2b43c5cb7a udev: fix device name shown in the log message on failure
Prompted by #29500.
2023-10-31 14:37:10 +01:00
Yu Watanabe
b1cfc95ff9 udevadm-trigger: mention --type=all in help
Follow-up for 1baeee5784f1b859d2a1446f6776efe6d7fde7b6.

Fixes #29779.
2023-10-31 14:36:22 +01:00
Lennart Poettering
d6d9bc01cb
Merge pull request #29769 from poettering/network-generator-ll
network-generator: add new mode ip=link-local
2023-10-31 14:35:49 +01:00
Lennart Poettering
db8618ee82
Merge pull request #29776 from jinliu/pam_kernel_keyring
New PAM module: pam_systemd_loadkey
2023-10-31 14:34:47 +01:00
Michal Koutný
788b7e7630 man: Add remarks about StandardInput=socket and sd_listen_fds()
It confuses users when they cannot find respective environment variables
with config that is supposes for (x)inetd activated service only.

Fix: #29670
2023-10-31 13:08:45 +01:00
Michal Koutný
761791bcf8 sysctl.d: Fix pid_max comment
The actual default is 2^15 and that is also 32b kernels default.
Fix the value, mention 32b and do not talk about default which may
depend on nr_cpus.

Fix: #29607
2023-10-31 13:07:49 +01:00
David Tardon
ca46756cd8 varlink: add generic impl. of io.systemd.varlink.Ping() 2023-10-31 12:49:17 +01:00
David Tardon
4ffe0aedf9 varlink: define interface io.systemd.service 2023-10-31 12:49:16 +01:00