1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

78028 Commits

Author SHA1 Message Date
Yu Watanabe
fc3691a70a exec-util: split out common checks before fork_agent() to can_fork_agent()
No functional change, just refactoring.
2024-12-12 08:32:42 +09:00
Yu Watanabe
388d6c5f37 polkit-agent: modernize code a bit
- Use _cleanup_close_pair_ attribute for the pipe FDs,
- Return earlier on failure in forking polkit agent.
2024-12-12 08:30:55 +09:00
Yu Watanabe
0f81c8406f exec-util: allow to invoke polkit/ask-password agent even if STDIN is not a tty
Closes #35018.
2024-12-12 08:30:55 +09:00
Carlo Teubner
dfbd4d8bc5 systemd-cryptenroll.xml: fix typo 2024-12-11 23:10:59 +00:00
Yu Watanabe
4899255aa2
format-table: trivial cleanups (#35572) 2024-12-12 06:12:07 +09:00
cvlc12
693038fce4
man: update example in systemd-measure.xml (#35506)
In the example from systemd-measure(1), do not bind to PCR 7 in
addition to the PCR policy.

As long as this is still done by default, see #35280.
2024-12-12 06:09:11 +09:00
Mike Yuan
3ae314afdc Revert "run: disable --expand-environment by default for --scope"
This reverts commit 8167c56bfa.

We've announced the breaking change during v254-v257. Let's actually
apply it for v258.
2024-12-12 06:05:30 +09:00
Yu Watanabe
7e438055a6
pretty-print: don't use OSC 8 for incompatible URLs (#35223) 2024-12-12 05:43:36 +09:00
Mike Yuan
eded4272d2 cgroup-util: introduce cg_get_cgroupid_at()
Suggested in https://github.com/systemd/systemd/pull/35242#discussion_r1862658163
2024-12-12 05:19:07 +09:00
Mike Yuan
2522757a89 nsresourced: drop unneeded REMOVE_PHYSICAL flag for rm_rf()
Even without REMOVE_PHYSICAL, rm_rf() permits cgroupfs.
2024-12-12 05:17:17 +09:00
Yu Watanabe
ab5de638e9
process-util: modernize is_main_thread(); make sure get_process_ppid() won't return ppid == 0 (#35561)
Split out from #35242
2024-12-12 05:16:04 +09:00
Lennart Poettering
e11f5aa722 sd-varlink: properly export sd_varlink_reset_fds()
This function was listed in the public sd-varlink.h header, but not
actually made public. Fix that. It's quite useful, the comment in it
describes the usecase nicely.

Fixes: #35554
2024-12-12 05:13:12 +09:00
Yu Watanabe
e53be91e5d
libfido2-util: show also verity features when listing FIDO2 devices (#35295)
This way, users don't have to check those features using an external
program, or wait for later failure when trying to enroll using an
unsupported feature.

E.g.:

```
# systemd-cryptenroll --fido2-device list
PATH         MANUFACTURER PRODUCT               RK  CLIENTPIN UP  UV
/dev/hidraw2 Yubico       YubiKey OTP+FIDO+CCID yes no        yes no
```
2024-12-12 05:11:46 +09:00
Yu Watanabe
bfff0f5ac8
Add credential support for mount units (#34732)
Add `EXEC_SETUP_CREDENTIALS` flag to allow using credentials with mount units.
Fixes: #23535
2024-12-12 05:07:35 +09:00
Daan De Meyer
1c658c639d test-bpf-restrict-fs: Migrate to new assertion macros 2024-12-12 05:05:30 +09:00
Lennart Poettering
3c702e8210 condition: add new ConditionKernelModuleLoaded=
This introduces a new unit condition check: that matches if a specific
kmod module is allowed. This should be generally useful, but there's one
usecase in particular: we can optimize modprobe@.service with this and
avoid forking out a bunch of modprobe requests during boot for the same
kmods.

Checking if a kernel module is loaded is more complicated than just
checking if /sys/module/$MODULE/ exists, since kernel modules typically
take a while to initialize and we must check that this is complete (by
checking if the sysfs attr "initstate" is "live").
2024-12-12 05:03:52 +09:00
Yu Watanabe
c9011f170b
journalctl: also mangle unit name when --invocation= or --list-invocations is specified (#35542)
Fixes #35538.
2024-12-12 05:01:54 +09:00
andrejpodzimek
ae2f3af639 Fixing VLAN ranges in man systemd.network.
Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed).
2024-12-12 03:52:00 +09:00
Tobias Klauser
12e33d332b profile.d: don't bail if $SHELL_* variables are unset
If - for whatever reason - a script uses set -u (nounset) and includes
/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via
/etc/profile) the script would fail with:

    /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable

For example:

    $ cat > foo.sh <<EOF
    #!/bin/sh
    set -u

    source /etc/profile
    EOF
    $ chmod 700 foo.sh
    $ ./foo.sh
    /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable

Fix this by using shell parameter substitution[^1] (which is a POSIX
shell concept) to set the $SHELL_* variables to the empty string if
undefined.

[^1]: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html
2024-12-11 18:33:41 +00:00
Lennart Poettering
9948b4668c virt: drop userns detection heuristic
Now that we have an explicit userns check we can drop the heuristic for
it, given that it's kinda wrong (because mapping the full host UID range
into a userns is actually a thing people do).

Hence, just delete the code and only keep the userns inode check in
place.
2024-12-11 19:23:03 +01:00
Lennart Poettering
7f0a615ef8 virt: dont check for cgroupns anymore
Now that we have a reliable pidns check I don't think we really should
look for cgroupns anymore, it's too weak a check. I mean, if I myself
would implement a desktop app sandbox (like flatpak) I'd always enable
cgroupns, simply to hide the host cgroup hierarchy.

Hence drop the check.

I suggested adding this 4 years ago here:

https://github.com/systemd/systemd/pull/17902#issuecomment-745548306
2024-12-11 19:23:03 +01:00
Mike Yuan
8f3862ceed
userdbctl: use ansi_highlight_green_red() where appropriate 2024-12-11 19:19:46 +01:00
Mike Yuan
26c29eed53
format-table: drop pointless table_data_rgap_color() func
Follow-up for aab79f5278
2024-12-11 19:19:46 +01:00
Mike Yuan
da7cd0f500
format-table: minor modernization 2024-12-11 19:14:28 +01:00
Katariina Lounento
3ca09aa4dd man: document unprivileged is not for reading properties
Document the fact that read-only properties may not have the flag
SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the
flag is accepted for writable properties.

Based on the check in `add_object_vtable_internal` called by
`sd_bus_add_object_vtable` (as of the current tip of the main branch
f7f5ba0192):

    case _SD_BUS_VTABLE_PROPERTY: {
            [...]
            if ([...] ||
                [...]
                (v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
                    r = -EINVAL;
                    goto fail;
            }

(where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas
`_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property).

This was implemented in the commit
adacb9575a ("bus: introduce "trusted" bus
concept and encode access control in object vtables") where
`SD_BUS_VTABLE_UNPRIVILEGED` was introduced:

    Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED
    and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them.
    Note however that read access is unrestricted, as PropertiesChanged
    messages might send out the values anyway as an unrestricted
    broadcast.
2024-12-11 18:32:46 +01:00
Yu Watanabe
7bb1c8f2a3 journalctl: make --invocation and --list-invocations accept unit name with glob
Previously, journalctl -I -u GLOB was not supported, while
journalctl -u GLOB works fine. Let's make them consistent.
2024-12-11 16:32:22 +00:00
Yu Watanabe
48b22321af journalctl: move get_possible_units() to journalctl-util.c
No functional change. Preparation for the next commit.
2024-12-11 16:32:22 +00:00
Yu Watanabe
e8823b5e35 journalctl: make --invocation and --list-invocations accept unit name without suffix
Fixes #35538.
2024-12-11 16:32:22 +00:00
Antonio Alvarez Feijoo
b31e63960d
libfido2-util: show also verity features when listing FIDO2 devices
This way, users don't have to check those features using an external program, or
wait for later failure when trying to enroll using an unsupported feature.
2024-12-11 17:28:30 +01:00
Luca Boccassi
d1ecd61176
Fix unit tests in unprivileged docker container (#35556) 2024-12-11 16:28:30 +00:00
Luca Boccassi
446d737cba mkosi: use inetutils package instead of hostname for Archlinux
In Arch the hostname binary is in a different package

Follow-up for cf48bde7ae
2024-12-11 14:21:06 +00:00
Tobias Klauser
d184e6aae3 mailmap: fix entries for Tobias Klauser
Map all previous, no longer used e-mail addresses to my current e-mail
address.
2024-12-11 13:55:07 +00:00
Luca Boccassi
90e6347fef
analyze: add --mask to --help text (#35548) 2024-12-11 13:45:30 +00:00
Mike Yuan
61263e1436
process-util: make sure we don't report ppid == 0
Previously, if pid == 0 and we're PID 1, get_process_ppid()
would set ret to getppid(), i.e. 0, which is inconsistent
when pid is explicitly set to 1. Ensure we always handle
such case by returning -EADDRNOTAVAIL.
2024-12-11 14:44:08 +01:00
Mike Yuan
07612aab66
process-util: use our usual tristate semantics for is_main_thread()
While at it, _unlikely_ is dropped, as requested in
https://github.com/systemd/systemd/pull/35242#discussion_r1880096233
2024-12-11 14:44:07 +01:00
Luca Boccassi
3b32d333e8 test-fd-util: compare FDs to /bin/sh instead of /dev/null
/dev/null is a character device, so same_fd() in the fallback path
that compares fstat will fail, as that bails out if the fd refers
to a char device. This happens on kernels without F_DUPFD_QUERY and
without kcmp.

/* test_same_fd */
Assertion 'same_fd(d, e) > 0' failed at src/test/test-fd-util.c:111, function test_same_fd(). Aborting.

Fixes #35552
2024-12-11 13:42:11 +00:00
Luca Boccassi
630a2e7ee1 test-fd-util: skip test when lacking privileges to create a new namespace
To reproduce, as an unprivileged user start a docker container and build
and run the unit tests inside it:

$ docker run --rm -ti debian:bookworm bash
...
/* test_close_all_fds */
Successfully forked off '(caf-plain)' as PID 10496.
Skipping PR_SET_MM, as we don't have privileges.
(caf-plain) succeeded.
Failed to fork off '(caf-noproc)': Operation not permitted
Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.

Partially fixes #35552
2024-12-11 13:42:11 +00:00
Luca Boccassi
058a07635f test-capability: CAP_LINUX_IMMUTABLE is not available in unprivileged containers
have ambient caps: yes
Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Failed to drop auxiliary groups list: Operation not permitted
Failed to change group ID: Operation not permitted
Capabilities:cap_dac_override,cap_net_raw=ep
Capabilities:cap_dac_override=ep
Successfully forked off '(getambient)' as PID 12505.
Skipping PR_SET_MM, as we don't have privileges.
Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically.
Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting.
(getambient) terminated by signal ABRT.
src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error

Partially fixes #35552
2024-12-11 13:42:11 +00:00
Luca Boccassi
e18768751e
Define flags for manager_is_inhibited() (#35253) 2024-12-11 13:08:29 +00:00
Nick Rosbrook
59e5108fb4 test: set nsec3-salt-length=8 in knot.conf
TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from
knot:

 notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0

Explicitly set nsec3-salt-length=8 to silence.
2024-12-11 12:55:37 +00:00
Mike Yuan
e38a70a19f
basic/user-util: modernize getgroups_alloc() a bit (#35226)
Split out from #35219 for inclusion in v258
2024-12-11 13:50:50 +01:00
Zbigniew Jędrzejewski-Szmek
0c1622aa5a logind: define flags enum for manager_is_inhibited()
The most common case of block=true, ignore_inactive=false is mapped to flags=0.

For https://github.com/systemd/systemd/issues/34091.
2024-12-11 10:20:35 +00:00
Zbigniew Jędrzejewski-Szmek
385eccf65b logind: drop one duplicate param in manager_is_inhibited()
In the review in https://github.com/systemd/systemd/pull/30307#pullrequestreview-2255002732
removal of the excessive boolean parameters was requested. We don't need
a separate boolean param here, since we always pass true with a uid and
false otherwise.
2024-12-11 10:20:35 +00:00
Lennart Poettering
0823d96a0b pretty-print: don't use OSC 8 for incompatible URLs 2024-12-11 10:35:03 +01:00
Lennart Poettering
f79562aaee string-util: split out EOT check in strip_tab_ansi()
Let's unify the eot check in one place in order to make things more
readable.
2024-12-11 10:35:03 +01:00
Lennart Poettering
4d09f976f6 analyze: add missing --mask option to --help text
Follow-up for: 3e7a029c28
2024-12-11 10:32:38 +01:00
Lennart Poettering
7167bee6c6 analyze: tab fix 2024-12-11 10:32:38 +01:00
Yu Watanabe
b83847eb13
network: optionally bring up interface before joining bridge (#34438)
Closes #34247.
2024-12-11 18:16:34 +09:00
Yu Watanabe
f8bfe16b06 journalctl: do not override explicitly specified -b or -n with -e or -k
Fixes #35248.
2024-12-11 18:12:13 +09:00
Yu Watanabe
c577fe65f3 systemctl: downgrade log level of ECONNREFUSED from system dbus.service
To suppress log message when 'systemctl poweroff' or friends invoked in
rescue shell, which does not have dbus.service.
2024-12-11 18:08:26 +09:00