1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 07:51:21 +03:00
Commit Graph

54220 Commits

Author SHA1 Message Date
Lennart Poettering
ebcdfc79ab homework: get rid of manual error path in home_create_luks()
Now that all objects we need to destroy are managed by the HomeSetup
object we can drop our manual destruction path and just use the normal
clean-up logic implemented for HomeSetup anyway. More unification, yay!
2021-10-28 08:17:46 +02:00
Lennart Poettering
32dda527d8 homework: move destruction of temporary image file into HomeSetup
Let's simplify things further a bit and move the destruction of the
temporary image file we operate on when creating a LUKS home into
HomeSetup, like all our other resources.
2021-10-28 08:17:46 +02:00
Lennart Poettering
d33f024100 homework: get rid of manual clean up path in home_setup_luks()
Now that we stored all our different objects inside the HomeSetup
structure, we can get rid of our manual clean-up path, since
home_setup_done() will clean up everything stored therein anyway, in the
right order.

This is the main reason we moved everything into HomeSetup in the
previous commits: so that we can share clean-up paths for these objects
with everything else.
2021-10-28 08:17:46 +02:00
Lennart Poettering
80ffbbfbfb homework: move image_fd field in home_setup_luks() also into HomeSetup
Let's unify even more codepaths, and let's reuse the .image_fd field we
already maintain.
2021-10-28 08:17:46 +02:00
Lennart Poettering
ae4d05f649 homework: rework home_setup_luks() to store its root_fd also in HomeSetup 2021-10-28 08:17:46 +02:00
Lennart Poettering
c00b2ddc6e homework: always pass HomeSetup param first, PasswordCache second
Some of our operations did it one way, most the other. Let's unify on
the order that is more popular.
2021-10-28 08:17:46 +02:00
Lennart Poettering
a70e0ad764 homework: replace homegrown syncfs_path() reimplementation by syncfs_path() 2021-10-28 08:17:46 +02:00
Lennart Poettering
a23cf7f4c7 homework: unify similar code for opening existing LUKS DM devices
Let's introduce a new helper acquire_open_luks_device() that combines a
few steps we keep doing at three places into one.
2021-10-28 08:17:46 +02:00
Lennart Poettering
e4d1e79bc5 homework: move all LoopDevice handling into HomeSetup too
Similar story as with the DM objects: let's maintain it all as part of
HomeSetup. We do that for  part of the operations already, let's unify
that.
2021-10-28 08:17:46 +02:00
Lennart Poettering
f7800049eb homework: move all DM detachment/freeing into HomeSetup
We actually already detach/free the LUKS DM devices for most operations
via HomeSetup, let's move the creation logic to also do this, in order
to unify behaviour between operations.
2021-10-28 08:17:46 +02:00
Lennart Poettering
fc032ae197 homework: teach home_lock() + home_unlock() + home_deactivate() to use HomeSetup, too
This is just some minor refactoring, to make these two operations work
like the rest.

home_lock_luks() will now use the root_fd field of HomeSetup already,
but for home_unlock_luks() + home_deactivate() this change has no effect for now. (But a
later commit will change this.)
2021-10-28 08:17:46 +02:00
Lennart Poettering
203f06aa1e homework: make use of .undo_mount field of HomeSetup for LUKS backend too
Let's move more stuff to common infra for the backends.
2021-10-28 08:17:46 +02:00
Lennart Poettering
bc5890c671 homework: use HomeSetup in home_create_luks() too
We use it for all other LUKS operations these days, and for all
home_create_xyz() calls for other backends, let's use it for the LUKS
backend too.
2021-10-28 08:17:46 +02:00
Lennart Poettering
93a5fe3e65
Merge pull request #21162 from poettering/homed-cifs-improvements
homed: various cifs backend improvements
2021-10-28 08:17:05 +02:00
Lennart Poettering
8622e9f2e3
Merge pull request #21161 from poettering/homed-uidmap-fscrypt
homed: teach the fscrypt backend uidmap too
2021-10-28 08:15:44 +02:00
Yu Watanabe
2307bc3180
Merge pull request #21157 from yuwata/network-address-label-verify
network: verify [IPv6AddressLabel] section
2021-10-28 07:13:12 +09:00
Luca Boccassi
df61e79a5d core: make DynamicUser=1 and StateDirectory= work with TemporaryFileSystem=/var/lib
The /var/lib/private/foo -> /var/lib/foo symlink for StateDirectory and
DynamicUser is set up on the host filesystem, before the mount namespacing
is brought up. If an empty /var/lib is used, to ensure the service does not
see other services data, the symlink is then not available despite
/var/lib/private being set up as expected.

Make a list of symlinks that need to be set up, and create them after all
the namespaced filesystems have been created, but before any eventual
read-only switch is flipped.
2021-10-27 22:45:26 +01:00
Lennart Poettering
8d3e4ac7cd scope: refuse activation of scopes if no PIDs to add are left
If all processes we are supposed to add are gone by the time we are
ready to do so, let's fail.

THis is heavily based on Cunlong Li's work, who thankfully tracked this
down.

Replaces: #20577
2021-10-27 23:17:50 +02:00
Lennart Poettering
db4229d12f core: normalize 'r' variable handling in unit_attach_pids_to_cgroup() a bit
The 'r' variable is our "go-to" variable for error return codes, all
across our codebase. In unit_attach_pids_to_cgroup() it was so far used
in a strange way for most of the function: instead of directly storing
the error codes of functions we call we'd store it in a local variable
'q' instead, and propagate it to 'r' only  in some cases finally we'd
return the ultimate result of 'r'.

Let's normalize this a bit: let's always store error return values in
'r', and then use 'ret' as the variable to sometimes propagate errors
to, and then return that.

This also allows us to get rid of one local variable.

No actual codeflow changes, just some renaming of variables that allows
us to remove one.
2021-10-27 23:11:23 +02:00
Lennart Poettering
4c2ee5c7f2 homework: allow specifying explicit additional mount options when using CIFS backend
This is useful since certain shares can only be mounted with additional
mount flags. For example the SMB share in modern AVM Fritz!Boxes
requires "noserverino" to be set to work from Linux.
2021-10-27 22:46:46 +02:00
Lennart Poettering
22aba9b2fc homework: actually try all supplied passwords
Unfortunately mount.cifs doesn't really let us know much about the
reason for the failure. Hence, assume it's caused by a bad password, and
retry on any failure with additional passwords that we might have.

A loop to do this was always in place, but none of the possible
codepaths actually allowed to iterate more than once. Fix that.
2021-10-27 22:46:46 +02:00
Lennart Poettering
bf15879b39 homework: allow specifying a dir component in CIFS services
Allow specifying CIFS services in the format //host/service/subdir/… to
allow multiple homedirs on the same share, and not in the main dir of
the share.

All other backends allow placing the data store at arbitrary places,
let's allow this too for the CIFS backend. This is particularly useful
for testing.
2021-10-27 22:37:56 +02:00
Lennart Poettering
2b9855f9d2 homework: make home_move_mount() a bit more generic by renaming first parameter
No actual code change, let's just rename the first parameter, to make it
more generically useful in case the first argument is an arbitrary path,
not necessarily a username/realm.
2021-10-27 22:37:56 +02:00
Lennart Poettering
16b81da684 homectl: validate CIFS service name before accepting it 2021-10-27 22:37:56 +02:00
Lennart Poettering
68def5a975 fs-util: add helper that can split CIFS services names 2021-10-27 22:37:56 +02:00
Lennart Poettering
c9080dfb0b homework: apply mount flags also for CIFS mounts 2021-10-27 22:37:56 +02:00
Lennart Poettering
5971c318d4 homework: move check for CIFS service field initialization to home_setup_cifs()
We need this field not only during activation but any kind of setup,
hence let's move it into the setup code.
2021-10-27 22:37:56 +02:00
Lennart Poettering
812e587696 homework: rework home_setup_cifs() to store "mounted" variable in HomeSetup
We already have a field for that, let's use it. Let's also reduce the
indentation level a bit.

No change in behaviour.
2021-10-27 22:37:56 +02:00
Lennart Poettering
de7df6c3a6 homework: pass header user record in home_activate_cifs()
Of course unlike in the LUKS case there's not actually any user record
stored in the LUKS header, so what we pass here will always be NULL.

The reason why I am changing is to make this more alike the other
home_activate_xyz() calls, and passing this around doesn't hurt.

(A later commit will replace all backend-specific home_activate_xyz()
calls by a single one)
2021-10-27 22:37:55 +02:00
Lennart Poettering
65400de021 homework: support uidmaps in fscrypt backend 2021-10-27 22:05:22 +02:00
Lennart Poettering
55166094ae homework: add new helper home_setup_undo_mount() 2021-10-27 22:05:20 +02:00
Lennart Poettering
655807f572 homework: make sure fscrypt backend takes a HomeSetup object for all calls
Similar to the same chage we did for the directory backend. Let's always
path the setup context object, i.e. HomeSetup, and store whatever we set
up in there.

No actual change in behaviour.
2021-10-27 22:05:02 +02:00
Lennart Poettering
d5bb2b0375
Merge pull request #20344 from poettering/revert-close-all
Alternative to #20288 – close_all_fds() reworking
2021-10-27 22:02:38 +02:00
Yu Watanabe
3dea470121 test: update comment
Follow-up for 8524db5021.
2021-10-27 19:52:39 +00:00
Yu Watanabe
593524af5d
Merge pull request #21153 from yuwata/network-lifetime-fix
network: fix lifetime handling
2021-10-28 04:52:25 +09:00
Yu Watanabe
ab5d52b79d systemctl: drop redundant "else" 2021-10-28 04:52:06 +09:00
Yu Watanabe
266305484c
Merge pull request #21150 from yuwata/sd-radv-shorten-default-lifetime-2
sd-radv: shorten default lifetime
2021-10-28 04:51:45 +09:00
Yu Watanabe
1462a941fb
Merge pull request #21136 from poettering/homed-uidmap-dir-only
homed uidmapping (just for the directory backend)
2021-10-28 04:51:31 +09:00
Yu Watanabe
4df5799f9b doc: fix typo in command
Follow-up for #21147.
2021-10-28 03:57:24 +09:00
Luca Boccassi
69e0830994 run: do not validate exe early if MountImages/ExtensionImages are used
Same as with RootImage&friends, the executable might be in the
image, so it's not visible in the host before the unit is set up.
2021-10-28 03:56:24 +09:00
Yu Watanabe
99987084f6
Merge pull request #21138 from bluca/show_extensions
systemctl: pretty-print ExtensionImages property
2021-10-28 03:56:04 +09:00
Yu Watanabe
4150584e63 test: do not use alloca() in function call 2021-10-28 03:55:22 +09:00
Yu Watanabe
1ac845ffbe test-network: add more tests for [Address] section 2021-10-28 02:12:34 +09:00
Yu Watanabe
8edcd775e8 test-network: add tests for invalid [IPv6AddressLabel] section 2021-10-28 01:40:19 +09:00
Yu Watanabe
834f4294a7 network: verify [IPv6AddressLabel] section 2021-10-28 01:38:57 +09:00
Yu Watanabe
3dfa7311e2 test-network: add tests for invalid IPv6 token 2021-10-28 01:17:14 +09:00
Lennart Poettering
b689197241 test-fd-util: extend close_all_fds() test to trigger all fallback codepaths
This extends the close_all_fds() logic to overmount /proc with an empty
tmpfs, and/or to block close_range() via seccomp, so that we run the
test case for the function with the fallback paths.

This should make sure that we don't regress in limited environments or
older kernels.
2021-10-27 18:02:49 +02:00
Lennart Poettering
73fc0cbc87 fd-util: export get_max_fd() so that we can use it in tests 2021-10-27 17:56:36 +02:00
Lennart Poettering
ab27b2fe56 exec-util: use close_all_fds_without_malloc() from freeze() 2021-10-27 17:56:36 +02:00
Lennart Poettering
5cfa0798ba fd-util: split out close_all_fds() special case handling and call it from close_all_fds_without_malloc(), too
The optimization is useful there too.
2021-10-27 17:56:36 +02:00