summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* man: document that sd_bus_message_read_strv() happily spits out empty arrays ↵Lennart Poettering2024-09-061-1/+3
| | | | | | as NULL Fixes: #34163
* coredump: set ProtectHome to read-onlyEtienne Cordonnier2024-09-061-1/+1
| | | | | | | | | | | | In https://github.com/systemd/systemd/pull/5283/commits/924453c22599cc246746a0233b2f52a27ade0819 ProtectHome was set to true for systemd-coredump in order to reduce risk, since an attacker could craft a malicious binary in order to compromise systemd-coredump. At that point the object analysis was done in the main systemd-coredump process. Because of this systemd-coredump is unable to product symbolicated call-stacks for binaries running under /home ("n/a" is shown instead of function names). However, later in https://github.com/systemd/systemd/commit/61aea456c12c54f49c4a76259af130e576130ce9 systemd-coredump was changed to do the object analysis in a forked process, covering those security concerns. Let's set ProtectHome to read-only so that systemd-coredump produces symbolicated call-stacks for processes running under /home.
* Merge pull request #34279 from yuwata/ask-passwordLennart Poettering2024-09-064-11/+25
|\ | | | | ask-password: refuse empty password strv
| * tree-wide: check if non-empty password is acquiredYu Watanabe2024-09-063-3/+4
| |
| * ask-password: refuse empty password strvYu Watanabe2024-09-061-8/+21
| | | | | | | | Fixes #34270.
* | Merge pull request #34285 from poettering/boot-measure-profileLennart Poettering2024-09-065-5/+15
|\ \ | | | | | | measure: introduce support for a new ".profile" section
| * | measure: introduce support for a new ".profile" sectionLennart Poettering2024-09-063-6/+14
| | | | | | | | | | | | | | | This introduces the concept, and makes sure systemd-measure covers it. See a later commit for details on the new section.
| * | uki: add new ".profile" PE section typeLennart Poettering2024-09-063-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | This is the most basic preparatory work for supporting multi-profile UKIs. (This temporarily drops an assert_cc() check which we'll address in the next commit)
* | | po: Translated using Weblate (French)Léane GRASSER2024-09-061-8/+9
|/ / | | | | | | | | | | | | | | Currently translated at 100.0% (253 of 253 strings) Co-authored-by: Léane GRASSER <leane.grasser@proton.me> Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/fr/ Translation: systemd/main
* | network/route: ignore EEXIST reply when the corresponding request is already ↵Yu Watanabe2024-09-061-0/+7
| | | | | | | | | | | | | | detached Follow-ups for db8dc7c1dd7f4620e14fbc4c1560a68a1fc9b85b. Fixes #34275.
* | Merge pull request #34278 from yuwata/timesync-logDaan De Meyer2024-09-062-4/+7
|\ \ | | | | | | timesync: downgrade log level for several messages
| * | timesync: make manager_is_connected() staticYu Watanabe2024-09-062-2/+1
| | |
| * | timesync: downgrade log level about network configuration changeYu Watanabe2024-09-061-2/+6
| | | | | | | | | | | | | | | | | | | | | These message may be unnecessarily shown multiple times when e.g. networkd is restarted, system is wakeup from suspend, and so on. Closes #34262.
* | | Merge pull request #34280 from yuwata/cleanupsDaan De Meyer2024-09-064-15/+23
|\ \ \ | | | | | | | | tree-wide: trivial cleanups
| * | | test: fix copy-and-paste error in commentYu Watanabe2024-09-061-1/+1
| | | |
| * | | nspawn: fix indentationYu Watanabe2024-09-061-1/+1
| | | |
| * | | base-filesystem: use FOREACH_ELEMENT()Yu Watanabe2024-09-061-12/+12
| | | |
| * | | mount-util: wrap long lineYu Watanabe2024-09-061-1/+9
| | | |
* | | | sd-netlink: fix typoYu Watanabe2024-09-061-1/+1
| | | | | | | | | | | | | | | | Fixes #34273.
* | | | nspawn: refuse to bind mount device node from host when --private-users= is ↵Yu Watanabe2024-09-061-5/+5
|/ / / | | | | | | | | | | | | | | | | | | | | | specified Also do not chown if a device node is bind-mounted. Fixes #34243.
* | | Merge pull request #34203 from yuwata/network-conf-parserYu Watanabe2024-09-0611-515/+375
|\ \ \ | |_|/ |/| | network: several cleanups for conf parser
| * | network/address: use log_section_warning()Yu Watanabe2024-09-061-24/+20
| | |
| * | network/address: use generic section parser moreYu Watanabe2024-09-064-204/+101
| | | | | | | | | | | | | | | | | | | | | This also - rename variable n -> address, - use log_syntax_parse_error() where applicable, - add one more assertion for lvalue in config_parse_address().
| * | network/address: introduce generic config parser for [Address] sectionYu Watanabe2024-09-063-152/+41
| | | | | | | | | | | | Then, use generic conf parsers defined in conf-parser.[ch].
| * | firewall-util: several cleanups for config_parse_nft_set()Yu Watanabe2024-09-061-17/+5
| | | | | | | | | | | | | | | | | | | | | - use log_syntax_parse_error(), - return 1 on success, - drop unnecessary or redundant assertions, - add missing log_oom().
| * | conf-parser: introduce config_parse_uint32_invert_flag()Yu Watanabe2024-09-062-0/+26
| | | | | | | | | | | | | | | It is similar to config_parse_uint32_flag(), but drops the specified flag when true.
| * | network: align table in network-gperfYu Watanabe2024-09-061-20/+20
| | |
| * | network/address-label: use log_section_warning_errno()Yu Watanabe2024-09-061-8/+12
| | |
| * | network/address-label: introduce generic conf parser for [IPv6AddressLabel] ↵Yu Watanabe2024-09-064-57/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | section This also - renames n -> label, - use log_syntax_parse_error(). No functional change, just refactoring.
| * | conf-parser: introduce config section parser wrapperYu Watanabe2024-09-063-35/+73
| | | | | | | | | | | | It will be used later.
* | | Merge pull request #34267 from DaanDeMeyer/scriptYu Watanabe2024-09-062-6/+7
|\ \ \ | |/ / |/| | mkosi: Install util-linux-script on Rawhide
| * | mkosi: Remove rpm workaroundDaan De Meyer2024-09-051-6/+0
| | | | | | | | | | | | rpm 4.19.93 (4.20 rc) is in rawhide so let's drop the workaround.
| * | mkosi: Install util-linux-script on RawhideDaan De Meyer2024-09-051-0/+7
| | | | | | | | | | | | | | | | | | It's now subpackaged so we can build images without pulling in libutempter but we use script in the testsuite so let's install the subpackage.
* | | hwdb: Mark Apple Wireless keyboards as not having NumLock LEDBastien Nocera2024-09-061-0/+12
| |/ |/| | | | | | | | | | | | | | | Mark those Apple Wireless keyboards as not having a NumLock key: https://en.wikipedia.org/wiki/Apple_Wireless_Keyboard You can see that they don't have a NumLock LED because they didn't even have a NumLock in the first place: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fea6fe7d5ef1b5fa5f78048d4729f85181c04ca
* | Merge pull request #34155 from poettering/gmtime-safeYu Watanabe2024-09-0617-169/+296
|\ \ | | | | | | handle gmtime_r() errors more robustly
| * | time-util: rework localtime_or_gmtime() into localtime_or_gmtime_usec()Lennart Poettering2024-09-0515-162/+290
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We typically want to deal in usec_t, hence let's change the prototype accordingly, and do proper range checks. Also, make sure are not confused by negative times. Do something similar for mktime_or_timegm(). This is a more comprehensive alternative to #34065 Replaces: #34065
| * | hwclock-util: the struct tm parameter is not a pure return parameter, it's ↵Lennart Poettering2024-09-052-7/+6
| | | | | | | | | | | | also an input parameter
* | | basic: Include <sys/file.h> for LOCK_* constantsA. Wilcox2024-09-061-0/+2
| | | | | | | | | | | | | | | This is needed to ensure LOCK_{EX,SH} are defined in certain environments, including uclibc-ng and musl libc.
* | | Merge pull request #34261 from yuwata/repart-seed-randomYu Watanabe2024-09-062-5/+48
|\ \ \ | | | | | | | | repart: initialize seed earlier
| * | | test: fix indentationYu Watanabe2024-09-051-1/+1
| | | |
| * | | test: add test case for systemd-repart --seed=randomYu Watanabe2024-09-051-0/+43
| | | | | | | | | | | | | | | | For issue #34257.
| * | | repart: initialize seed earlierYu Watanabe2024-09-051-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | As the seed is used by context_load_partition_table() -> derive_uuid(). Fixes #34257.
* | | | edit-util: EditFileContext: avoid reserved 'stdin'A. Wilcox2024-09-064-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | The identifier 'stdin' is reserved in C. It can be #defined to any statement that evaluates to a FILE*. We do not want that for our field, so change to a more descriptive name.
* | | | udev: allow persistent storage rules for rbd devicesPeter Rajnoha2024-09-062-2/+2
| |_|/ |/| | | | | | | | | | | | | | The RADOS Block Device (rbd) can be used as any other block device with further layers on top of it, hence allow the common persistent storage rules to apply, including watching for changes.
* | | Merge pull request #34266 from DaanDeMeyer/fixDaan De Meyer2024-09-051-17/+41
|\ \ \ | |_|/ |/| | mkfs-util: Make sure we pass non option arguments last
| * | mkfs-util: Make sure we pass non option arguments lastDaan De Meyer2024-09-051-13/+25
| | | | | | | | | | | | | | | | | | POSIX specifies that getopt() stops parsing options when it encounters a non-option argument, so let's make sure we pass non-option arguments last.
| * | mkfs-util: Fix error handlingDaan De Meyer2024-09-051-4/+16
| | |
* | | Merge pull request #34256 from YHNdnzj/pid1-followupLennart Poettering2024-09-0519-123/+115
|\ \ \ | | | | | | | | core: follow-ups for recent PRs
| * | | core: rename BindJournalSockets= to BindLogSockets=Mike Yuan2024-09-0415-49/+49
| | | | | | | | | | | | | | | | Addresses https://github.com/systemd/systemd/pull/32487#issuecomment-2328465309
| * | | core/namespace: add comment to explain the non-obvious assumption on ↵Mike Yuan2024-09-041-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /run/systemd/journal/ Follow-up for 119820f8abf587f96a11fb1f28ef854e84bc3122 Addresses https://github.com/systemd/systemd/pull/32487#discussion_r1743493196
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 07:35:59 +0100