1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

74593 Commits

Author SHA1 Message Date
Mike Yuan
c90ae08b0a audit-util: check correct errno
(cherry picked from commit 190a095380)
2024-09-10 14:56:05 +02:00
Daan De Meyer
d5640c4f85 repart: Keep existing directory timestamps intact when copying
Otherwise, when merging multiple directory trees, the output becomes
unreproducible as the directory timestamps will be changed to the current
time when copying identical directories from the second tree.

We introduce a new copy flag to achieve this behavior.

(cherry picked from commit d850a544bc)
2024-09-10 14:56:05 +02:00
Daan De Meyer
c355457fd3 ukify: Skip test on architectures without UEFI
(cherry picked from commit 5121f7c45b)
2024-09-10 14:56:05 +02:00
Ronan Pigott
3a2be65228 resolved: clear the AD bit for bypass packets
When the bypass logic is invoked, such as for queries to the stub with
the DO bit set, be certain to clear the AD bit in the reply before
forwarding it if the answer is not known to be authentic.

(cherry picked from commit 13e15dae9f)
2024-09-10 14:56:05 +02:00
Yu Watanabe
9b0415a5ad udevadm/test,test-builtin: enable debugging logs by default again
The lines were mistakenly dropped by
aa976d8788.

(cherry picked from commit b9142e2ba7)
2024-09-10 14:56:05 +02:00
Mike Yuan
0ce6df4a6b logind-session: downgrade user@.service dep to Wants=
This partially reverts 52bcc872b5.

We explicitly support running without user manager,
hence only user-runtime-dir@.service should be
required.

Fixes #33405

(cherry picked from commit 26f78eff69)
2024-09-10 14:56:05 +02:00
Alyssa Ross
8d7eef9ee5 bootctl: don't load etc/machine-info from cwd
arg_root defaults to null, so if --root isn't given, this would try reading
etc/machine-info from the current working directory, which is likely to fail.

Fixes: 77db9ef2ab ("boot: Make sure we take --root into account everywhere.")
(cherry picked from commit 0452779b00)
2024-09-10 14:56:05 +02:00
maia x.
83f3094173 namespace: Fix extension release memory leak
In apply_one_mount(), in the MOUNT_EXTENSION_DIRECTORY case,
char **extension_release was used as a return pointer twice but only
cleaned up once in the end. Fix it by removing duplicate code that
was causing this issue.

Fixes issue introduced in 55ea4ef096.

(cherry picked from commit 010ea061fc)
2024-09-10 14:56:05 +02:00
Kornilios Kourtis
54c6907e95 process-util: handle pidfd_spawn() returning E2BIG
In some kernels (specifically, 5.4) even though the clone3 syscall is
supported, setting CLONE_INTO_CGROUP is not. The error message returned
in this case is E2BIG.

If posix_spawn_wrapper encounters this error, it does not retry, and
cannot spawn any programs in said kernels.

This commit adds a check for the E2BIG error and retries pidfd_spawn()
without the POSIX_SPAWN_SETCGROUP flag.

If we encounter an E2BIG error, and the pidfd_spawn() succeeds after
removing the POSIX_SPAWN_SETCGROUP flag, then we cache the result so
that we do not retry every time.

Originally, this issue was reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077204.

Signed-off-by: Kornilios Kourtis <kornilios@gmail.com>
(cherry picked from commit 7ac58157ca)
2024-09-10 14:56:05 +02:00
Yu Watanabe
632bf155a2 test: add ASSERT_OK_POSITIVE() and ASSERT_OK_ZERO()
(cherry picked from commit 538766ddf4)
2024-09-10 14:56:05 +02:00
Raphaël Mélotte
0730ec4f3e src/basic/missing_loop.h: fix missing LOOP_SET_BLOCK_SIZE
Builds with kernels headers < 4.14 fail with:

../src/shared/loop-util.c: In function ‘loop_configure_fallback’:
../src/shared/loop-util.c:237:31: error: ‘LOOP_SET_BLOCK_SIZE’ undeclared (first use in this function); did you mean ‘LOOP_SET_DIRECT_IO’?
                 if (ioctl(fd, LOOP_SET_BLOCK_SIZE, (unsigned long) c->block_size) < 0)
                               ^~~~~~~~~~~~~~~~~~~
                               LOOP_SET_DIRECT_IO

Fixes: https://github.com/systemd/systemd/issues/33341

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
(cherry picked from commit 56ab1c5449)
2024-09-10 14:56:05 +02:00
Yu Watanabe
44dc95690c test: add test case that 'nspawn --network-veth' enables IP forwarding
(cherry picked from commit 08779d7c55)
2024-09-10 14:56:05 +02:00
Yu Watanabe
93759103e6 test: allow to skip matrix_run_one() if $TEST_MATCH_TESTCASE is set
(cherry picked from commit 7908e1d459)
2024-09-10 14:56:05 +02:00
Yu Watanabe
9ab5eba325 network: make IPMasquerade= imply global IP forwarding settings again
After 3976c43092 (#31423), IPMasquerade=
implies only per-interface IP forwarding. That means, nspawn users need
to manually enable IPv4/IPv6Forwarding= in networkd.conf when
--network-veth or friend is used. Even the change was announced in NEWS,
the change itself breaks backward compatibility and extremely reduces
usability.

Let's make the setting imply the global setting again.

Fixes #34010.

(cherry picked from commit 0b695febb2)
2024-09-10 14:56:05 +02:00
Yu Watanabe
0372b780b1 network/lldp-tx: introduce link_lldp_tx_update_capabilities()
Currently it is unused, but it will be used later.

(cherry picked from commit 8ceca83141)
2024-09-10 14:56:05 +02:00
Yu Watanabe
9a9472d248 sd-lldp-tx: insert missing empty line
(cherry picked from commit fbcd7e054b)
2024-09-10 14:56:05 +02:00
Daan De Meyer
2ccce3513b
Merge pull request #34032 from DaanDeMeyer/backport-tests
Backport various commits to v256-stable
2024-08-19 10:53:53 +02:00
Daan De Meyer
0eec580add Add $SYSTEMD_IN_CHROOT to override chroot detection
When running unprivileged, checking /proc/1/root doesn't work because
it requires privileges. Instead, let's add an environment variable so
the process that chroot's can tell (systemd) subprocesses whether
they're running in a chroot or not.

(cherry picked from commit 2701c2f67d)
2024-08-19 07:49:55 +02:00
Daan De Meyer
2e52cf1df7 test-dhcp-server: Gracefully handle the network being down
(cherry picked from commit 4cf7a676af)
2024-08-19 07:48:30 +02:00
Daan De Meyer
ec5cdf9ba0 test: Gracefully handle running within user namespace with single user
Unprivileged users often make themselves root by unsharing a user namespace
and then mapping their current user to root which does not require privileges.
Let's make sure our tests don't fail in such an environment by adding checks
where required to see if we're not running in a user namespace with only a
single user.

(cherry picked from commit ef31767ed7)
2024-08-19 00:06:15 +02:00
Daan De Meyer
f6f96b0558 test-netlink: Gracefully handle the loopback interface being down
(cherry picked from commit d098b8df6e)
2024-08-19 00:06:08 +02:00
Luca Boccassi
b45730389b meson: bump version to 256.5 2024-08-15 21:46:49 +01:00
Daan De Meyer
553d298c6a
Merge pull request #34003 from bluca/v256-stable
v256 batch
2024-08-15 22:22:56 +02:00
Luca Boccassi
a08ab811de test: add TEST_SKIP to mkosi integration test wrapper
Takes a space-separate list of test names, allows to skip one or more tests

(cherry picked from commit ddc91af4ea)
2024-08-15 14:04:42 +01:00
Yu Watanabe
8e9af7b18a test: remove temporary directory for test-ukify on success
(cherry picked from commit e9a5b4a10e)
2024-08-15 14:04:42 +01:00
Yu Watanabe
4798a2ac4d test: remove temporary directory on success
Also use mkdtemp_open() with specific template.

Follow-up for e7e52ff9b6.

(cherry picked from commit 63be834db8)
2024-08-15 14:04:41 +01:00
Daan De Meyer
91a2152628 mkosi: Fix debian/not-installed build logic
- Expand globs
- Filter out directories
- Append to the list of packaged files, not the list of installed files

Fixes the issue in https://github.com/systemd/systemd/pull/32363

(cherry picked from commit 0409213cbc)
2024-08-15 14:04:41 +01:00
Chengen Du
2a328ce809 udev: Handle PTP device symlink properly on udev action 'change'
PTP device symlink creation rules are currently executed only when the
udev action is 'add'. If a user reloads the rules and runs the udevadm
trigger command to reapply changes, the symlink may be deleted, which
can prevent the chronyd service from restarting properly.

Signed-off-by: Chengen Du <chengen.du@canonical.com>
(cherry picked from commit 6bd12be3fa)
2024-08-15 14:04:41 +01:00
Thorsten Scherer
2665618555 repart: Fix misleading typo in GPT partition flag
Bit 60 is the one corresponding to ReadOnly, not 50.  Fix this.

(cherry picked from commit 932cc94436)
2024-08-15 14:04:41 +01:00
Daan De Meyer
c3a6aa495b test: Use usual setup in integration-test-setup script
(cherry picked from commit db043a9b1a)
2024-08-15 14:04:41 +01:00
Daan De Meyer
274d5bf224 test: Fix section of StateDirectory=
(cherry picked from commit dba138b863)
2024-08-15 14:04:41 +01:00
Daan De Meyer
d0e8b7cb19 mkosi: Install llvm
For llvm-symbolizer which is required to sanitize address sanitizer
reports.

(cherry picked from commit c022fcd80c)
2024-08-15 14:04:41 +01:00
Daan De Meyer
46d6146776 mkosi: Disable pagination in gdb
(cherry picked from commit 7628565604)
2024-08-15 14:04:41 +01:00
James Muir
817dcbe7a6 man/systemd-sysusers, man/systemd-tmpfiles: fix sentence fragments
add "are executed" so that those two sentences have a verb.

(cherry picked from commit c5903cde63)
2024-08-15 14:04:41 +01:00
Daan De Meyer
65eff444c4 docs: Mention the new mount API in the container interface doc
Let's mention that the new mount API may be used to establish new
mounts in a container without needing the /run/host/incoming directory.

(cherry picked from commit 74cc5e2041)
2024-08-15 14:04:41 +01:00
Mike Yuan
e608023bc8 edit-util: do not try to recreate temp file if missing
We initially read from temp file, then strip it, and write
back to it. If the file suddenly disappeared during the process,
it indicates someone else is touching our temp file
behind our back. Let's not silently continue.

(cherry picked from commit 3b5b2ff8fa)
2024-08-15 14:04:41 +01:00
Ivan Shapovalov
b628d4dfa6 core/exec-invoke: call setpriority() after sched_setattr()
The nice value is part of struct sched_attr, and consequently invoking
sched_setattr() after setpriority() would clobber the nice value with
the default (as we are not setting it in struct sched_attr).

It would be best to combine both calls, but for now simply invoke
setpriority() after sched_setattr() to make sure Nice= remains effective
when used together with CPUSchedulingPolicy=.

(cherry picked from commit 711a157738)
2024-08-15 14:04:41 +01:00
Nick Rosbrook
6f57f9b8aa core/unit: do not use unit path cache in unit_need_daemon_reload()
When unit_need_daemon_reload() calls unit_find_dropin_paths() to check
for new drop-in configs, the manager's unit path cache is used to limit
which directories are considered. If a new drop-in directory is created,
it may not be in the unit path cache, and hence unit_need_daemon_reload()
may return false, despite a new drop-in being present. However, if a
unit path cache is not given to unit_file_find_dropin_paths() at all,
then it behaves as if the target path was found in the unit path cache.

So, to fix this, adapt unit_find_dropin_paths() to take a boolean
argument indicating whether or not to pass along the unit path cache.
Set this to false in unit_need_daemon_reload().

Fixes #31752

(cherry picked from commit 82c482d573)
2024-08-15 14:04:41 +01:00
Luca Boccassi
195124fd1c test: note in README how to get full list of Ubuntu CI jobs
(cherry picked from commit 79488ac003)
2024-08-15 14:04:41 +01:00
Daan De Meyer
afcc3f39a3 mkosi: Disable debuginfod
We generally don't care about library debuginfo so let's just disable
debuginfod so it doesn't get in the way when debugging.

We use /root/.gdbinit as the systemwide gdbinit location is distribution
specific.

(cherry picked from commit 2561e2a356)
2024-08-15 14:04:41 +01:00
Yu Watanabe
772549666c meson: enable -Wunterminated-string-initialization
With af1a6db58f, now we can build with the
option.

(cherry picked from commit f548bc4011)
2024-08-15 14:04:41 +01:00
Cristian Rodríguez
ca09bc33e8 basic|boot: silence Wunterminated-string-initialization gcc15 warnings
gcc15 has -Wunterminated-string-initialization in -Wextra and
warns about string constants that are not null terminated even though
the functions do do out of bounds access.
Silence the warnings by simply not providing an explicit size.

(cherry picked from commit af1a6db58f)
2024-08-15 14:04:41 +01:00
Nick Rosbrook
edf52384c2 sysusers: check if requested group name matches user name in queue
When creating a user, check if the requested group name matches a user
name in the queue. If that matched user name is also going to be a group
name, then use it for the new user too. In other words, allow the
following:

 u foo -
 u bar -:foo

when both foo and bar are new users.

Fixes #33547

(cherry picked from commit 18a8f03e51)
2024-08-15 14:04:41 +01:00
Yu Watanabe
b50419e838 systemctl: gracefully adjust bus transport and runtime scope when --boot-loader-entry=help
This fixes the following assertion:
===
SYSTEMD_LOG_LEVEL=debug systemctl --user -H foo --boot-loader-entry=help
Assertion 'transport != BUS_TRANSPORT_REMOTE || runtime_scope == RUNTIME_SCOPE_SYSTEM' failed at src/shared/bus-util.c:284, function bus_connect_transport(). Ignoring.
Failed to connect to bus: Operation not supported
===

Fixes a bug introduced by 97af80c5a7.
Fixes #33661.
Fixes oss-fuzz#70153.

(cherry picked from commit 1056457d11)
2024-08-15 14:04:41 +01:00
Arnaud Patard
74f830e048 src/pcrlock/pcrlock.c: Handle empty pcrlock.d directories
Running the following commands:

  # mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
  # /usr/lib/systemd/systemd-pcrlock predict --pcr=1+2+3+4+5+16

Will result in:

...
Floating point exception

Running the following commands:
  # mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
  # /usr/lib/systemd/systemd-pcrlock make-policy --pcr=1+2+3+4+5+16

Will result to this (partial) log:
...
Predicted future PCRs in 133us.
[]
...
Written policy digest 0000000000000000000000000000000000000000000000000000000000000000 to NV index 0x1921da6
...

So, add missing checks to handle gracefully cases where there's no variant
inside the component.

Signed-off-by: Arnaud Patard <arnaud.patard@collabora.com>
(cherry picked from commit e7a93e7521)
2024-08-15 14:04:41 +01:00
Daan De Meyer
4ba2973515 mkosi: Prevent busybox from getting pulled into opensuse images
OpenSUSE's busybox has a bunch of Provides for basic tools that cause
it to get pulled into images unless the corresponding tool is explicitly
installed so let's add explicit tools to make sure we don't get busybox.

(cherry picked from commit 857e4528f5)
2024-08-15 14:04:41 +01:00
Daan De Meyer
df3736d149 test: Add a way to quickly iterate on an integration test
Rebuilding the integration test every time is very slow. Let's
introduce a way to iterate on an integration test without rebuilding
the image every time. By making a btrfs snapshot before we run the
integration test, we can then systemctl soft-reboot after running
the test to restore the rootfs to a pristine state before running
the test again.

As /run/nextroot will get nuked on reboot or soft-reboot, we introduce
a tmpfiles snippet to make sure it is recreated every (soft-)reboot
and adapt the existing tests to deal with this new symlink.

(cherry picked from commit af153e36ae)
2024-08-15 14:04:41 +01:00
Daan De Meyer
8c61438bd5 mkosi: Switch back to btrfs
The next commit will introduce a way to iterate on integration
tests which depends on btrfs specific features.

We leave CentOS on ext4 as its kernel does not support btrfs.

(cherry picked from commit edc6592e53)
2024-08-15 14:04:41 +01:00
Daan De Meyer
8424539cdf mkosi: Enable Autologin= again on Debian
Debian uses /usr/bin/login from the shadow package instead of util-linux
which doesn't support credentials. Let's enable autologin the old
fashioned way for now.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833256
(cherry picked from commit ea696c5f53)
2024-08-15 14:04:41 +01:00
Daan De Meyer
ad43f87ae8 test: Implement TEST_SHELL for mkosi based test runner
TEST_SHELL can be used to get a shell in the integration test
environment without actually immediately starting the test.

(cherry picked from commit dd1c01b20f)
2024-08-15 14:04:41 +01:00