diff options
| -rw-r--r-- | TODO | 3 | ||||
| -rw-r--r-- | hwdb.d/60-sensor.hwdb | 1 | ||||
| -rw-r--r-- | man/systemd-boot.xml | 2 | ||||
| -rw-r--r-- | src/login/logind-dbus.c | 19 | ||||
| -rw-r--r-- | src/shared/discover-image.c | 1 | ||||
| -rw-r--r-- | src/shared/seccomp-util.c | 1 |
6 files changed, 17 insertions, 10 deletions
@@ -1189,6 +1189,9 @@ Features: - introduce API for "making room", that grows/shrinks home directory according to elastic parameters, discards blocks, and removes additional snapshots. Call it either from UI when disk space gets low + - when homed is in use, maybe start the user session manager in a mount namespace with MS_SLAVE, + so that mounts propagate down but not up - eg, user A setting up a backup volume + doesn't mean user B sees it * homed: during login resize fs automatically towards size goal. Specifically, resize to diskSize if possible, but leave a certain amount (configured by a diff --git a/hwdb.d/60-sensor.hwdb b/hwdb.d/60-sensor.hwdb index f1744b8d78..2b1386df75 100644 --- a/hwdb.d/60-sensor.hwdb +++ b/hwdb.d/60-sensor.hwdb @@ -847,6 +847,7 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svnTrekStor:pnSurfTabtwin10.1:* sensor:modalias:acpi:KIOX000A*:dmi:*:svnTREKSTOR*:pnPrimetabS11B:* sensor:modalias:acpi:KIOX000A*:dmi:*:svnTREKSTOR:pnPrimetabT13B:* sensor:modalias:acpi:BOSC0200*:dmi:*:svnTrekStor*:pnSurfTabtwin11.6:* +sensor:modalias:acpi:BOSC0200*:dmi:*:svnTrekStor*:pnSurfTabduoW110.1(VT4):* ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 # alternative version of Trekstor's SurfTab Twin 11.6 diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml index 2135d9eb36..5169bbbd0f 100644 --- a/man/systemd-boot.xml +++ b/man/systemd-boot.xml @@ -294,7 +294,7 @@ <title>EFI Variables</title> <para>The following EFI variables are defined, set and read by <command>systemd-boot</command>, under the vendor - UUID <literal>4a67b082-0a4c-41cf-b6c7-440b29bb8c4</literal>, for communication between the OS and the boot + UUID <literal>4a67b082-0a4c-41cf-b6c7-440b29bb8c4f</literal>, for communication between the OS and the boot loader:</para> <variablelist class='efi-variables'> diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 19c3f9bd6e..999a609519 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1791,6 +1791,9 @@ static int verify_shutdown_creds( assert(message); assert(w >= 0); assert(w <= _INHIBIT_WHAT_MAX); + assert(action); + assert(action_multiple_sessions); + assert(action_ignore_inhibit); r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds); if (r < 0) @@ -1808,7 +1811,7 @@ static int verify_shutdown_creds( blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL); interactive = flags & SD_LOGIND_INTERACTIVE; - if (multiple_sessions && action_multiple_sessions) { + if (multiple_sessions) { r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, interactive, UID_INVALID, &m->polkit_registry, error); if (r < 0) return r; @@ -1822,16 +1825,14 @@ static int verify_shutdown_creds( return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Access denied to root due to active block inhibitor"); - if (action_ignore_inhibit) { - r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, interactive, UID_INVALID, &m->polkit_registry, error); - if (r < 0) - return r; - if (r == 0) - return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ - } + r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, interactive, UID_INVALID, &m->polkit_registry, error); + if (r < 0) + return r; + if (r == 0) + return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ } - if (!multiple_sessions && !blocked && action) { + if (!multiple_sessions && !blocked) { r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, NULL, interactive, UID_INVALID, &m->polkit_registry, error); if (r < 0) return r; diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c index 5c833afc78..521264ec29 100644 --- a/src/shared/discover-image.c +++ b/src/shared/discover-image.c @@ -1208,6 +1208,7 @@ int image_read_metadata(Image *i) { DISSECT_IMAGE_GENERIC_ROOT | DISSECT_IMAGE_REQUIRE_ROOT | DISSECT_IMAGE_RELAX_VAR_CHECK | + DISSECT_IMAGE_READ_ONLY | DISSECT_IMAGE_USR_NO_ROOT, &m); if (r < 0) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index e0f88aec73..cad0af89f2 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -310,6 +310,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "getpgrp\0" "getpid\0" "getppid\0" + "getrandom\0" "getresgid\0" "getresgid32\0" "getresuid\0" |