Mike Yuan
fe760177fe
core/service: don't give ExecStopPost= commands tty access
...
All tasks spawned later than ExecStart= (e.g. ExecReload=, ExecStop=, ...)
don't get tty access. ExecStopPost= is the odd one out. Fix that.
2024-02-05 00:47:07 +08:00
Mike Yuan
81006ebbd7
core/service: introduce service_exec_flags
...
As suggested in
https://github.com/systemd/systemd/pull/31197#pullrequestreview-1861297477
Note that this slightly changes the behavior for
ExecReload=, ExecCondition= and ExecStartPost=. Will
be explained/corrected in later commits.
2024-02-05 00:46:39 +08:00
Mike Yuan
a5801e9714
core/unit: use ASSERT_PTR and strdup_or_null more
2024-02-05 00:37:00 +08:00
Mike Yuan
d3131ea28c
core/exec-invoke: don't duplicate needs_sandboxing condition
2024-02-04 16:35:16 +08:00
Mike Yuan
881dbad1f1
core/exec-credential: make param const where appropriate
2024-02-04 16:35:13 +08:00
James Muir
c0c852a8bb
bulgarian: use "RateLimitIntervalSec" rather than "RateLimitInterval"
...
Update Bulgarian translation. "RateLimitIntervalSec" is the current option
name. "RateLimitInterval" is the legacy option name.
2024-02-04 02:42:09 +09:00
Frantisek Sumsal
a0485e07b3
test_ukify: use raw string for the regex
...
To get rid of the "invalid escape sequence" warning:
=============================== warnings summary ===============================
../src/ukify/test/test_ukify.py:876
../src/ukify/test/test_ukify.py:876: SyntaxWarning: invalid escape sequence '\s'
assert re.search('Issuer: CN\s?=\s?SecureBoot signing key on host', out)
2024-02-04 02:41:03 +09:00
Anders Jonsson
660be5c5af
po: Translated using Weblate (Swedish)
...
Currently translated at 100.0% (227 of 227 strings)
Co-authored-by: Anders Jonsson <anders.jonsson@norsjovallen.se>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/sv/
Translation: systemd/main
2024-02-03 12:47:07 +01:00
Ivan Shapovalov
00fcd79e65
nspawn: permit --ephemeral with --link-journal=try-* (treat as =no)
...
Common sense says that to "try" something means "to not fail if
something turns out not to be possible", thus do not make this
combination a hard error.
The actual implementation ignores any --link-journal= setting when
--ephemeral is in effect, so the semantics are upheld.
2024-02-03 03:03:41 +09:00
Vladimir Stoiakin
85686b37b0
cryptenroll: allow to use a public key on a token
...
This patch allows systemd-cryptenroll to enroll directly with a public key if a certificate is missing on a token.
Fixes : #30675
2024-02-03 03:00:51 +09:00
Antonio Alvarez Feijoo
e104d77da2
man/systemd-bsod: fix command path
2024-02-03 02:59:44 +09:00
Frantisek Sumsal
ce45fe2a32
test: wait until the test binary starts the test aux scope
...
Otherwise we might continue too early on slower machines:
[ 53.777485] testsuite-07.sh[675]: + systemd-run --unit test-aux-scope.service -p Slice=aux.slice -p Type=exec -p TasksMax=99 -p CPUWeight=199 -p IPAccounting=yes /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[ 55.399526] testsuite-07.sh[679]: Running as unit: test-aux-scope.service; invocation ID: 375dc3e2d12f4af1bedfe80a23709e37
[ 55.512917] testsuite-07.sh[691]: ++ systemctl show --value --property MainPID test-aux-scope.service
[ 56.947713] testsuite-07.sh[675]: + kill -s USR1 680
[ 56.947713] testsuite-07.sh[675]: + sleep 1
[ 58.058809] testsuite-07.sh[675]: + systemctl status test-aux-scope.service
[ 58.902808] testsuite-07.sh[695]: ● test-aux-scope.service - /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[ 58.902808] testsuite-07.sh[695]: Loaded: loaded (/run/systemd/transient/test-aux-scope.service; transient)
[ 58.902808] testsuite-07.sh[695]: Transient: yes
[ 58.902808] testsuite-07.sh[695]: Active: active (running) since Thu 2024-02-01 04:53:57 UTC; 3s ago
[ 58.902808] testsuite-07.sh[695]: Main PID: 680 (test-aux-scope)
[ 58.902808] testsuite-07.sh[695]: IP: 0B in, 0B out
[ 58.902808] testsuite-07.sh[695]: Tasks: 11 (limit: 99)
[ 58.902808] testsuite-07.sh[695]: Memory: 3.2M (peak: 3.5M)
[ 58.902808] testsuite-07.sh[695]: CPU: 235ms
[ 58.902808] testsuite-07.sh[695]: CGroup: /aux.slice/test-aux-scope.service
[ 58.902808] testsuite-07.sh[695]: ├─680 /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[ 58.902808] testsuite-07.sh[695]: ├─681 "(worker)"
[ 58.902808] testsuite-07.sh[695]: ├─682 "(worker)"
[ 58.902808] testsuite-07.sh[695]: ├─683 "(worker)"
[ 58.902808] testsuite-07.sh[695]: ├─684 "(worker)"
[ 58.902808] testsuite-07.sh[695]: ├─685 "(worker)"
[ 58.902808] testsuite-07.sh[695]: ├─686 "(worker)"
[ 58.902808] testsuite-07.sh[695]: ├─687 "(worker)"
[ 58.902808] testsuite-07.sh[695]: ├─688 "(worker)"
[ 58.902808] testsuite-07.sh[695]: ├─689 "(worker)"
[ 58.902808] testsuite-07.sh[695]: └─690 "(worker)"
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Enqueued job test-aux-scope.service/start as 277
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Will spawn child (service_enter_start): /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Passing 0 fds to service
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: About to execute: /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Forked /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope as 680
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Changed dead -> start
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: Starting test-aux-scope.service...
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd-executor[680]: SELinux enabled state cached to: disabled
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[ 58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[ 58.979659] testsuite-07.sh[701]: ++ ps -eo pid,unit
[ 59.014968] testsuite-07.sh[702]: ++ grep -c test-aux-scope.service
[ 59.729453] systemd[1]: Cannot find unit for notify message of PID 691, ignoring.
[ 60.321547] testsuite-07.sh[675]: + test 11 = 1
[ 60.332496] testsuite-07.sh[669]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-07.aux-scope.sh failed'
2024-02-03 02:57:52 +09:00
Yu Watanabe
2933881ea5
Merge pull request #31032 from yuwata/pam-session-close
...
pam: fix warning "Attempted to close sd-bus after fork, this should not happen." on session close
2024-02-02 09:51:08 +09:00
Harald Brinkmann
2a9b1a76ee
coredump: log minimal metadata early
2024-02-02 09:43:50 +09:00
Yu Watanabe
25d2376052
Merge pull request #31166 from mrc0mmand/vpick-tweaks
...
vpick: make a working copy of the current dname
2024-02-02 09:37:13 +09:00
Yu Watanabe
68676af60d
test-network: fix typo
...
Follow-up for d4c8de21a0
.
2024-02-02 09:29:14 +09:00
Yu Watanabe
58125c1920
test: fix typo
...
Follow-up for fa8ff98ea4
.
2024-02-02 09:27:52 +09:00
Yu Watanabe
04a755466b
man/creds: fix typo
...
Follow-up for 7704c3474d
.
2024-02-02 09:25:57 +09:00
Yu Watanabe
49d6e3c8a8
man: fix typo
...
Follow-up for 34bbda18a5
.
2024-02-02 09:24:25 +09:00
Yu Watanabe
35dab29d58
sd-bus: fix typo
...
Follow-up for 25fd5343ca
.
2024-02-02 09:22:43 +09:00
Yu Watanabe
431042e901
sd-bus: fix typo
...
Follow-up for 71be64064c
.
2024-02-02 09:21:18 +09:00
Yu Watanabe
9d7f6b3db4
creds: fix typo
...
Follow-up for 8464f7cbd6
.
2024-02-02 09:20:05 +09:00
Yu Watanabe
14f95de8da
local-addresses: fix typo
...
Follow-up for 5cb56068d0
.
2024-02-02 09:18:38 +09:00
Yu Watanabe
77924eab17
tpm2-util: fix typo
...
Follow-up for d37c312b87
.
2024-02-02 09:17:25 +09:00
Yu Watanabe
6a8026e8ae
network/ndisc: fix typo
...
Follow-up for d4c8de21a0
.
2024-02-02 09:16:02 +09:00
Yu Watanabe
e53fcb0932
repart: fix typo
...
Follow-up for a575f2148f
.
2024-02-02 09:14:50 +09:00
Yu Watanabe
197e77c527
core/unit: fix typo
...
Follow-up for 16b6af6ade
.
2024-02-02 09:13:05 +09:00
Yu Watanabe
d282d55d4f
cgroup-util: fix typo
...
Follow-up for 677e6c14b1
.
2024-02-02 09:11:42 +09:00
Yu Watanabe
a4f1a3087a
user-util: fix typo
...
Follow-up for 75673cd8ae
.
2024-02-02 09:10:02 +09:00
Yu Watanabe
3600b0f401
TODO: fix typo
...
Follow-up for fd40e7da6e
.
2024-02-02 09:07:31 +09:00
Luca Boccassi
556d2bc4a1
core: use PidRef in exec_spawn
2024-02-01 21:06:14 +00:00
Frantisek Sumsal
d049bffc50
vpick: use prefix_roota() to avoid double slash in log messages
...
If the toplevel_path is empty we end up with doubled leading slash,
which looks weird:
[ 4737.028985] testsuite-74.sh[102]: Inode '//var/lib/machines/mytree.v/mytree_37.0_arm64+2-3' has wrong type, found 'dir'.
[ 4737.028985] testsuite-74.sh[102]: Failed to pick version for '/var/lib/machines/mytree.v': Is a directory
...
[ 4316.957536] testsuite-74.sh[99]: Failed to open '//var/lib/machines/mytree.v/mytree_37.0': No such file or directory
...
2024-02-01 14:54:06 +01:00
Frantisek Sumsal
9258784762
vpick: make a working copy of the current dname
...
Since we might edit the string later on by inserting NULs, which then
leads up to using an invalid dname when opening the potential chosen
directory:
[ 4316.957536] testsuite-74.sh[99]: make_choice: entry: mytree_37.0_arm64+2-3
[ 4316.957536] testsuite-74.sh[99]: make_choice: best_version: 37.0
[ 4316.957536] testsuite-74.sh[99]: make_choice: best_filename: mytree_37.0
[ 4316.957536] testsuite-74.sh[99]: Failed to open '//var/lib/machines/mytree.v/mytree_37.0': No such file or directory
Uncovered by vpick tests from TEST-74-AUX-UTILS when run on aarch64.
2024-02-01 14:54:06 +01:00
Ondrej Kozina
7a87d01f28
homework: Use minimal pbkdf2 parameters without benchmark.
2024-02-01 12:32:31 +00:00
dependabot[bot]
f6f00383ff
build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.0.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...26f96dfa69
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-01 12:18:13 +01:00
Mike Yuan
75971cd68a
Merge pull request #31107 from yuwata/pam-setcred-vs-close-session
...
core/exec-invoke: call pam_setcred(PAM_DELETE_CRED) after pam_close_session()
2024-02-01 19:02:40 +08:00
dependabot[bot]
12d1e448b2
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.6 to 3.0.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](71bcf99aef...9e55064634
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-01 10:57:02 +01:00
Yu Watanabe
88b8d08276
test: check pam warning message
2024-02-01 18:00:54 +09:00
Yu Watanabe
34e4ad1796
pam: do not warn closing bus connection which is opened after the fork
...
In pam_systemd.so and pam_systemd_home.so, we open a bus connection on
session close, which is called after fork. Closing the connection is
harmless, and should not warn about that.
This suppresses the following log message:
===
(sd-pam)[127]: PAM Attempted to close sd-bus after fork, this should not happen.
===
2024-02-01 17:59:39 +09:00
Yu Watanabe
e1effd2974
exec-invoke: update log message a bit
2024-02-01 17:45:47 +09:00
Yu Watanabe
41ad015205
core/exec-invoke: call pam_setcred(PAM_DELETE_CRED) after pam_close_session()
...
The man page pam_setcred(3) states:
> The credentials should be deleted after the session has been closed
> (with pam_close_session(3)).
Follow-up for 3bb39ea936
.
2024-02-01 17:45:47 +09:00
networkException
de39202426
resolve: include interface name in org.freedesktop.resolve1 polkit checks
...
this patch adds the interface name of the interface to be modified
to *details* when verifying dbus calls to the `org.freedesktop.resolve1`
D-Bus interface for all `Set*` and the `Revert` method.
when defining a polkit rule, this allows limiting the access to a specific
interface:
```js
// This rule prevents the user "vpn" to disable DNSoverTLS for any
// other interface than "vpn0". The vpn service should be allowed
// to disable DNSoverTLS on its own as it provides a local DNS
// server with search domains on the interface and this server does
// not support DNSoverTLS.
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.resolve1.set-dns-over-tls" &&
action.lookup("interface") == "vpn0" &&
subject.user == "vpn") {
return polkit.Result.YES;
}
});
```
2024-01-31 19:06:45 +00:00
Lennart Poettering
cd2f649dc6
Merge pull request #31141 from poettering/resolvectl-more-json
...
resolvectl: add JSON output support for "resolvectl query"
2024-01-31 18:59:11 +01:00
Lennart Poettering
700f5b18e3
resolvectl: add basic ANSI markup to --help text
...
Underline the sections, as we nowadays do.
2024-01-31 16:13:16 +01:00
Lennart Poettering
3557f1a62a
resolvectl: add JSON output support for "resolvectl query"
...
It's easy to add. Let's do so.
This only covers record lookups, i.e. with the --type= switch.
The higher level lookups are not covered, I opted instead to print a
message there to use --type= instead.
I am a bit reluctant to defining a new JSON format for the high-level
lookups, hence I figured for now a helpful error is good enough, that
points people to the right use.
Fixes : #29755
2024-01-31 16:13:16 +01:00
Lennart Poettering
bcb004d5ae
Merge pull request #31144 from poettering/less-loopback
...
don't try to setup a loopback network device unless CLONE_NEWNET is selected (i.e. not in CLONE_NEWIPC case)
2024-01-31 16:05:37 +01:00
Frantisek Sumsal
1d556e9e2a
test: use a dropin for the journald snippet
...
The original way of appending to /etc/systemd/journald.conf doesn't work
anymore, since we no longer ship the default configs in /etc/.
2024-01-31 13:00:01 +00:00
Lennart Poettering
4f6d671dd1
test-namespace: SOCK_CLOEXEC'ify all the things
2024-01-31 13:22:33 +01:00
Lennart Poettering
a5387637c2
namespace: don't invoke loopback_setup() unless we allocate a CLONE_NEWNET namespace
...
It doesn't really make sense to initialize the loopback device if we are
not called for a network namespace.
Follow-up for 54c2459d56
2024-01-31 13:22:07 +01:00
Franck Bui
887b2529eb
man: always install bootctl
...
Since dedb925eaf
/usr/bin/bootctl is always built
so does its man page.
2024-01-31 10:32:46 +00:00