summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | service: do fine-grained validation of CPUSchedulingPriority= at execution timeLuca Boccassi2022-10-204-13/+11
| | | | | | | | | | | | | | | | | | | | | | The precise bounds of the scheduling priority depend on the scheduling policy, so depending on the order in which the two settings are specified the validation might pass or fail. When checking the setting only validate the outer range (valid values in general are 0 to 99), and let the execution fail later if the priority does not match the specified policy (1 to 99 for RR/FIFO, 0 for the rest). Fixes https://github.com/systemd/systemd/issues/20320
* | po: Update translation filesWeblate2022-10-207-14/+14
| | | | | | | | | | | | | | | | Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/ Translation: systemd/main
* | Merge pull request #25078 from mrc0mmand/update-potFrantisek Sumsal2022-10-2039-629/+931
|\ \ | | | | | | po: regenerate the translation files
| * | docs: update translation strings before new releaseFrantisek Sumsal2022-10-201-9/+10
| | |
| * | po: regenerate the translation filesFrantisek Sumsal2022-10-2038-620/+921
| | | | | | | | | | | | | | | See: https://mesonbuild.com/Localisation.html#generate-pot-file Resolves: #25071
* | | core: allow-list char-rtc with ProtectClock=yes only if neededLuca Boccassi2022-10-201-22/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | Allow-listing a device implicitly blocks everything else, so this has the opposite of the intended effect when PrivateDevices= is not used. Allow-list char-rtc only if there is a device policy set. Fixes https://github.com/systemd/systemd/issues/18142
* | | man: document effect of --user on --unit with journalctlLeon M. George2022-10-201-1/+7
|/ / | | | | | | Relates to #25061.
* | Merge pull request #25073 from mrc0mmand/parse-hwdb-tweaksZbigniew Jędrzejewski-Szmek2022-10-201-14/+20
|\ \ | | | | | | test: make parse-hwdb compatible with older pyparsing versions
| * | test: make pylint happyFrantisek Sumsal2022-10-191-7/+8
| | |
| * | test: make parse-hwdb compatible with older pyparsing versionsFrantisek Sumsal2022-10-191-7/+12
| | | | | | | | | | | | Follow-up to e77fed207a41a77f88853a89a8408fbfa9a17ddd.
* | | update TODOLennart Poettering2022-10-191-0/+13
| |/ |/|
* | Merge pull request #25068 from aafeijoo-suse/bash-completion-dissectLuca Boccassi2022-10-192-0/+105
|\ \ | | | | | | dissect: add missing help option and bash-completion support
| * | bash-completion: add systemd-dissect supportAntonio Alvarez Feijoo2022-10-191-0/+104
| | |
| * | dissect: add missing --umount to the help outputAntonio Alvarez Feijoo2022-10-191-0/+1
| | |
* | | Merge pull request #25059 from keszybz/fopen-reFrantisek Sumsal2022-10-196-19/+20
|\ \ \ | |/ / |/| | Use "re" or "r" as appropriate for various calls
| * | tree-wide: do not use "re" with fmemopenZbigniew Jędrzejewski-Szmek2022-10-194-6/+6
| | | | | | | | | | | | | | | | | | The man page says nothing about "e". Glibc clearly accepts it without fuss, but it is meaningless for a memory object (and probably doesn't work). This use is not portable, so let's avoid it.
| * | shared/tpm2-util: wrap commentsZbigniew Jędrzejewski-Szmek2022-10-191-6/+7
| | |
| * | resolved,test-fileio: use "re" when opening filesZbigniew Jędrzejewski-Szmek2022-10-192-7/+7
| | | | | | | | | | | | | | | This doesn't matter too much, because neither of those programs forks, but let's dot he generally correct thing anyway.
* | | Merge pull request #25055 from keszybz/coredump-deadlockLuca Boccassi2022-10-194-13/+59
|\ \ \ | | | | | | | | Fix coredump deadlock with overly long backtraces
| * | | coredump: avoid deadlock when passing processed backtrace dataZbigniew Jędrzejewski-Szmek2022-10-191-6/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We would deadlock when passing the data back from the forked-off process that was doing backtrace generation back to the coredump parent. This is because we fork the child and wait for it to exit. The child tries to write too much data to the output pipe, and and after the first 64k blocks on the parent because the pipe is full. The bug surfaced in Fedora because of a combination of four factors: - 87707784c70dc9894ec613df0a6e75e732a362a3 was backported to v251.5, which allowed coredump processing to be successful. - 1a0281a3ebf4f8c16d40aa9e63103f16cd23bb2a was NOT backported, so the output was very verbose. - Fedora has the ELF package metadata available, so a lot of output can be generated. Most other distros just don't have the information. - gnome-calendar crashes and has a bazillion modules and 69596 bytes of output are generated for it. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778. The code is changed to try to write data opportunistically. If we get partial information, that is still logged. In is generally better to log partial backtrace information than nothing at all.
| * | | shared/json: use different return code for empty inputZbigniew Jędrzejewski-Szmek2022-10-193-3/+23
| | | | | | | | | | | | | | | | | | | | It is useful to distinguish if json_parse_file() got no input or invalid input. Use different return codes for the two cases.
| * | | shared/json: allow json_variant_dump() to return an errorZbigniew Jędrzejewski-Szmek2022-10-182-4/+5
| |/ /
* | | TEST-15: add daemon-reload in one placeZbigniew Jędrzejewski-Szmek2022-10-191-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Quoting https://github.com/systemd/systemd/pull/25050#discussion_r998721845: This part seems to be quite racy, at least in the C8S job: [ 1767.520856] H testsuite-15.sh[35]: *** test transient slice drop-ins [ 1767.520856] H testsuite-15.sh[35]: + mkdir -p /etc/systemd/system/slice.d [ 1767.522480] H testsuite-15.sh[35]: + mkdir -p /etc/systemd/system/a-.slice.d [ 1767.524992] H testsuite-15.sh[35]: + mkdir -p /etc/systemd/system/a-b-.slice.d [ 1767.526799] H testsuite-15.sh[35]: + mkdir -p /etc/systemd/system/a-b-c.slice.d [ 1767.528302] H testsuite-15.sh[35]: + echo -e '[Unit]\nDocumentation=man:drop1' [ 1767.528434] H testsuite-15.sh[35]: + echo -e '[Unit]\nDocumentation=man:drop2' [ 1767.528519] H testsuite-15.sh[35]: + echo -e '[Unit]\nDocumentation=man:drop3' [ 1767.528595] H testsuite-15.sh[35]: + echo -e '[Unit]\nDocumentation=man:drop4' [ 1767.528676] H testsuite-15.sh[35]: + systemctl cat a-b-c.slice [ 1767.541321] H systemctl[1042]: No files found for a-b-c.slice. [ 1767.542854] H systemd[1]: testsuite-15.service: Main process exited, code=exited, status=1/FAILURE [ 1767.542995] H systemd[1]: testsuite-15.service: Failed with result 'exit-code'. [ 1767.543360] H systemd[1]: Failed to start testsuite-15.service. [ 1767.543542] H systemd[1]: testsuite-15.service: Consumed 1.586s CPU time. [ 1767.543938] H systemd[1]: Reached target testsuite.target. [ 1767.545737] H systemd[1]: Starting end.service...
* | | man: document restrictions on naming interfacesLennart Poettering2022-10-191-9/+22
| | | | | | | | | | | | | | | | | | | | | | | | Let's document that "." is a bad choice of character when naming interfaces. Let's also document the hard restrictions we make when naming interfaces. Result of the mess that is #25052.
* | | Merge pull request #25056 from yuwata/sd-device-monitor-set-descriptionLuca Boccassi2022-10-195-10/+18
|\ \ \ | |_|/ |/| | tree-wide: set description for device monitor
| * | tree-wide: set description for device managerYu Watanabe2022-10-184-6/+18
| | |
| * | udev: drop redundant description settingYu Watanabe2022-10-181-4/+0
| |/ | | | | | | Follow-up for f714ecd450828e45a6f04e6277011d67a10c323f.
* | README.md: add a missing line breakFrantisek Sumsal2022-10-191-1/+1
| | | | | | | | Follow-up to b7a279f9ef.
* | ci: Enable Scorecard Github Action and Badge (#25054)Joyce2022-10-192-0/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * chore: enable scorecard action * chore: add badge to the README file * chore: enable on config file update * chore: update scorecard to 2.0.4 * chore: run scorecard on PR at main branch * chore: add condition to publish_result key * chore: skip upload to code scanning if PR * chore: only runs scorecard in the main repo Resolves: #25042
* | test: skip one test for iszero_safe() on i386 without SSE2Yu Watanabe2022-10-191-0/+9
| | | | | | | | | | | | | | | | We do not provide any numerical libraries, and iszero_safe() is only used in parsing or formatting JSON. Hence, it is not necessary for us to request that the function provides the same result on different systems. Fixes #25044.
* | Merge pull request #25050 from keszybz/transient-drop-ins-2Luca Boccassi2022-10-182-3/+48
|\ \ | |/ |/| TEST-15: add one more variant of the test for drop-ins on transient services
| * TODO: drop entryZbigniew Jędrzejewski-Szmek2022-10-181-3/+0
| | | | | | | | | | This was resolved by 028a981c005e90c36c269e28709bf25032c2e8ca. We don't do the reload in the normal path.
| * TEST-15: add test that shows slice dropin issueZbigniew Jędrzejewski-Szmek2022-10-181-0/+48
| | | | | | | | | | This should be fixed by single-unit reloads. We already have a TODO entry for this.
* | NEWS: add entries after 252-rc1, update contrib listv252-rc2Zbigniew Jędrzejewski-Szmek2022-10-181-38/+106
| |
* | update TODOLennart Poettering2022-10-181-0/+19
| |
* | Merge pull request #25004 from keszybz/transient-drop-insLuca Boccassi2022-10-183-46/+167
|\| | | | | Allow drop-ins for transient units
| * TEST-15: add one more test for drop-in precedenceZbigniew Jędrzejewski-Szmek2022-10-161-0/+36
| |
| * TEST-15: add test for transient units with drop-insZbigniew Jędrzejewski-Szmek2022-10-161-6/+56
| | | | | | | | | | | | | | | | | | | | | | | | We want to test four things: - that the transient units are successfully started when drop-ins exist - that the transient setings override the defaults - the drop-ins override the transient settings (the same as for a normal unit) - that things are the same before and after a reload To make things more fun, we start and stop units in two different ways: via systemctl and via a direct busctl invocation. This gives us a bit more coverage of different code paths.
| * TEST-15: also test hierarchical drop-ins for slicesZbigniew Jędrzejewski-Szmek2022-10-161-3/+34
| | | | | | | | | | | | | | Slices are worth testing too, because they don't need a fragment path so they behave slightly differently than service units. I'm making this a separate patch from the actual tests that I wanted to add later because it's complex enough on its own.
| * TEST-15: allow helper functions to accept other unit typesZbigniew Jędrzejewski-Szmek2022-10-161-24/+26
| | | | | | | | | | | | | | | | | | | | | | clear_services() is renamed to clear_units() and now takes a full unit name including the suffix as an argument. _clear_service() is renamed to clear_unit() and changed likewise. create_service() didn't have the same underscore prefix, and I don't think it's useful or needed for a local function, so it is removed. No functional change.
| * manager: allow transient units to have drop-insZbigniew Jędrzejewski-Szmek2022-10-162-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In https://github.com/containers/podman/issues/16107, starting of a transient slice unit fails because there's a "global" drop-in /usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by systemd-oomd-defaults package to install some default oomd policy). This means that the unit_is_pristine() check fails and starting of the unit is forbidden. It seems pretty clear to me that dropins at any other level then the unit should be ignored in this check: we now have multiple layers of drop-ins (for each level of the cgroup path, and also "global" ones for a specific unit type). If we install a "global" drop-in, we wouldn't be able to start any transient units of that type, which seems undesired. In principle we could reject dropins at the unit level, but I don't think that is useful. The whole reason for drop-ins is that they are "add ons", and there isn't any particular reason to disallow them for transient units. It would also make things harder to implement and describe: one place for drop-ins is good, but another is bad. (And as a corner case: for instanciated units, a drop-in in the template would be acceptable, but a instance-specific drop-in bad?) Thus, $subject. While at it, adjust the message. All the conditions in unit_is_pristine() essentially mean that it wasn't loaded (e.g. it might be in an error state), and that it doesn't have a fragment path (now that drop-ins are acceptable). If there's a job for it, it necessarilly must have been loaded. If it is merged into another unit, it also was loaded and found to be an alias. Based on the discussion in the bugs, it seems that the current message is far from obvious ;) Fixes https://github.com/containers/podman/issues/16107, https://bugzilla.redhat.com/show_bug.cgi?id=2133792.
| * manager: reformat boolean expression in unit_is_pristine()Zbigniew Jędrzejewski-Szmek2022-10-141-6/+6
| | | | | | | | | | Not not IN_SET(…) is just too much for my poor brain. Let's invert the expression to make it easier to undertand.
* | Merge pull request #25007 from keszybz/rename-dbus-dumpZbigniew Jędrzejewski-Szmek2022-10-184-59/+136
|\ \ | | | | | | manager: rename dbus method
| * | analyze: use DumpUnitsMatchingPatternsByFileDescriptorZbigniew Jędrzejewski-Szmek2022-10-181-41/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Similarly to DumpByFileDescriptor vs Dump, DumpUnitsMatchingPatternsByFileDescriptor is used in preference. Dissimilarly, a fallback to DumpUnitsMatchingPatterns is not done on error, because there is no need for backwards compatibility. The code is still more verbose than I'd like, but there are four different code paths with slightly different rules in each case, so it's hard to make this all very brief. Since we have a separate file dedicated to making those calls, the verbose-but-easy-to-follow implementation should be OK. Closes #24989. I only did a quick test that all both variants works locally and over ssh.
| * | manager: add DumpUnitsMatchingPatternsByFileDescriptor()Zbigniew Jędrzejewski-Szmek2022-10-173-11/+39
| | |
| * | manager: rename dbus methodZbigniew Jędrzejewski-Szmek2022-10-144-10/+10
| | | | | | | | | | | | Fixes #24989.
* | | manager: use target process context to set socket contextTed X. Toth2022-10-181-40/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use target process context to set socket context when using SELinuxContextFromNet not systemd's context. Currently when using the SELinuxContextFromNet option for a socket activated services, systemd calls getcon_raw which returns init_t and uses the resulting context to compute the context to be passed to the setsockcreatecon call. A socket of type init_t is created and listened on and this means that SELinux policy cannot be written to control which processes (SELinux types) can connect to the socket since the ref policy allows all 'types' to connect to sockets of the type init_t. When security accessors see that any process can connect to a socket this raises serious concerns. I have spoken with SELinux contributors in person and on the mailing list and the consensus is that the best solution is to use the target executables context when computing the sockets context in all cases. [zjs review/comment: This removes the branch that was added in 16115b0a7b7cdf08fb38084d857d572d8a9088dc. 16115b0a7b7cdf08fb38084d857d572d8a9088dc did two things: it had the branch here in 'socket_determine_selinux_label()' and a code in 'exec_child()' to call 'label_get_child_mls_label(socket_fd, command->path, &label)'. Before this patch, the flow was: ''' mac_selinux_get_child_mls_label: peercon = getpeercon_raw(socket_fd); if (!exec_label) exec_label = getfilecon_raw(exe); socket_open_fds: if (params->selinux_context_net) # label = mac_selinux_get_our_label(); # this part is removed else # label = mac_selinux_get_create_label_from_exe(path); socket_address_listen_in_cgroup(s, &p->address, label); exec_child(): exec_context = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context); setexeccon(exec_context); ''' ]
* | | Merge pull request #24777 from medhefgo/stubZbigniew Jędrzejewski-Szmek2022-10-1812-264/+296
|\ \ \ | | | | | | | | stub: Use LoadImage/StartImage
| * | | boot: Rework shim image verificationJan Janssen2022-10-173-84/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This moves the shim security arch override to the new ReinstallProtocolInterface based interface. This also has the benefit to reduce the time window in which we have this override active and also actually removes it, which was not previously done. The shim hooks themselves are also modernized too. The upcalls should really not be neccessary if shim is happy with the provided binary.
| * | | stub: Allow loading unsigned kernel imagesJan Janssen2022-10-173-2/+145
| | | |