summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* varlink,json: introduce new varlink_dispatch() helperLennart Poettering2023-11-0224-116/+171
| | | | | | | | | | | | | | | | | | | | | | | | | | varlink_dispatch() is a simple wrapper around json_dispatch() that returns clean, standards-compliant InvalidParameter error back to clients, if the specified JSON cannot be parsed properly. For this json_dispatch() is extended to return the offending field's name. Because it already has quite a few parameters, I then renamed json_dispatch() to json_dispatch_full() and made json_dispatch() a wrapper around it that passes the new argument as NULL. While doing so I figured we should also get rid of the bad= argument in the short wrapper, since it's only used in the OCI code. To simplify the OCI code this adds a second wrapper oci_dispatch() around json_dispatch_full(), that fills in bad= the way we want. Net result: instead of one json_dispatch() call there are now: 1. json_dispatch_full() for the fully feature mother of all dispathers. 2. json_dispatch() for the simpler version that you want to use most of the time. 3. varlink_dispatch() that generates nice Varlink errors 4. oci_dispatch() that does the OCI specific error handling And that's all there is.
* fuzz: limit the size of the inputFrantisek Sumsal2023-11-021-0/+3
| | | | | | | | | To avoid timeouts in oss-fuzz. The timeout reported in #29736 happened with a ~500K test case, so with a conservative 128K limit we should still be well within a range for any reasonable-ish generated input to get through, while avoiding timeouts. Resolves: #29736
* NEWS: more typo fixesJoerg Behrmann2023-11-011-2/+2
|
* Merge pull request #29816 from bluca/relLuca Boccassi2023-11-0138-10609/+18620
|\ | | | | Busywork for RC1
| * meson: bump versions for v255-rc1Luca Boccassi2023-11-011-3/+3
| |
| * Update syscalls tableLuca Boccassi2023-11-0121-21/+0
| |
| * tools: syscall tables moved to a subdirectoryLuca Boccassi2023-11-011-2/+2
| |
| * Update hwdb autosuspend rulesLuca Boccassi2023-11-012-0/+23
| |
| * Update hwdbLuca Boccassi2023-11-0112-10583/+18558
| |
| * NEWS: add contributors listLuca Boccassi2023-11-011-0/+34
| |
* | NEWS: fix a couple of typos and inconsistenciesFrantisek Sumsal2023-11-011-19/+15
| | | | | | | | And drop one duplicated paragraph.
* | Merge pull request #29817 from YHNdnzj/fchmodat2Yu Watanabe2023-11-015-18/+55
|\ \ | | | | | | Add support for fchmodat2 and use it where appropriate
| * | nspawn-patch-uid: try fchmodat2() to restore mode of symlinkArseny Maslennikov2023-11-011-5/+10
| | | | | | | | | | | | | | | | | | | | | Prior to this commit, if the target had been a symlink, we did nothing with it. Let's try with fchmodat2() and skip gracefully if not supported. Co-authored-by: Mike Yuan <me@yhndnzj.com>
| * | basic/fs-util: prefer fchmodat2 in fchmod_opathArseny Maslennikov2023-11-011-2/+16
| | | | | | | | | | | | Co-authored-by: Mike Yuan <me@yhndnzj.com>
| * | basic/missing_syscall: add missing_fchmodat2()Arseny Maslennikov2023-11-013-11/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow-up for 8b45281daa3a87b4b7a3248263cd0ba929d15596 and preparation for later commits. Since libcs are more interested in the POSIX `fchmodat(3)`, they are unlikely to provide a direct wrapper for this syscall. Thus, the headers we examine to set `HAVE_*` are picked somewhat arbitrarily. Also, hook up `try_fchmodat2()` in `test-seccomp.c`. (Also, correct that function's prototype, despite the fact that mistake would not matter in practice) Co-authored-by: Mike Yuan <me@yhndnzj.com>
* | | parse-util: add parse_tristate() and use it everywhereLennart Poettering2023-11-0111-84/+47
| | | | | | | | | | | | We parse tristates all the time, let's add an explicit parser for them.
* | | build(deps): bump meson from 1.2.2 to 1.2.3 in /.github/workflowsdependabot[bot]2023-11-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [meson](https://github.com/mesonbuild/meson) from 1.2.2 to 1.2.3. - [Release notes](https://github.com/mesonbuild/meson/releases) - [Commits](https://github.com/mesonbuild/meson/compare/1.2.2...1.2.3) --- updated-dependencies: - dependency-name: meson dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | build(deps): bump ninja from 1.11.1 to 1.11.1.1 in /.github/workflowsdependabot[bot]2023-11-011-17/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [ninja](https://github.com/ninja-build/ninja) from 1.11.1 to 1.11.1.1. - [Release notes](https://github.com/ninja-build/ninja/releases) - [Commits](https://github.com/ninja-build/ninja/commits) --- updated-dependencies: - dependency-name: ninja dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | sort-util: make bsearch_safe() actually typesafe, by returning the right typeLennart Poettering2023-11-014-7/+12
|/ /
* | udev: add new builtin net_driverLukas Nykryn2023-11-018-7/+52
| | | | | | | | | | | | | | | | | | | | Currently the ID_NET_DRIVER is set in net_setup_link builtin. But this is called pretty late in the udev processing chain. Right now in some custom rules it was workarounded by calling ethtool binary directly, which is ugly. So let's split this code to a separate builtin.
* | man: run ninja update-man-rules againLennart Poettering2023-11-011-3/+3
| | | | | | | | Apparently this has been forgotten a couple of times.
* | chase: fix corner case when using CHASE_PARENT with a path ending in ".."Lennart Poettering2023-11-012-1/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we use CHASE_PARENT on a path ending in ".." then things are a bit weird, because we the last path we look at is actually the *parent* and not the *child* of the preceeding path. Hence we cannot just return the 2nd to last fd we look at. We have to correct it, by going *two* levels up, to get to the actual parent, and make sure CHASE_PARENT does what it should. Example: for the path /a/b/c chase() with CHASE_PARENT will return /a/b/c as path, and the fd returned points to /a/b. All good. But now, for the path /a/b/c/.. chase() with CHASE_PARENT would previously return /a/b as path (which is OK) but the fd would point to /a/b/c, which is *not* the parent of /a/b, after all! To get to the actual parent of /a/b we have to go *two* levels up to get to /a. Very confusing. But that's what we here for, no? @mrc0mmand ran into this in https://github.com/systemd/systemd/pull/28891#issuecomment-1782833722
* | Merge pull request #29764 from dtardon/varlink-io.systemd.serviceLuca Boccassi2023-11-014-0/+84
|\ \ | | | | | | Add varlink interface io.systemd.service
| * | varlink: add generic impl. of io.systemd.service.SetLogLevel()David Tardon2023-11-012-0/+42
| | |
| * | varlink: add generic impl. of io.systemd.varlink.Ping()David Tardon2023-10-312-0/+14
| | |
| * | varlink: define interface io.systemd.serviceDavid Tardon2023-10-314-0/+28
| | |
* | | Merge pull request #29691 from yuwata/dissectLuca Boccassi2023-11-012-16/+5
|\ \ \ | | | | | | | | udev: update devlink with the newer device node even when priority is equivalent
| * | | udev: revert workarounds for issues caused by the devlink creation optimizationYu Watanabe2023-11-011-11/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts the following two commits: - "udev: decrease devlink priority for encrypted partitions" c4521fc17bb33d10bf5aca3f87f6a394dfecf423. - "udev: decrease devlink priority for iso disks" df1dccd25547b430258bd42ec60428fc9aff1370. These commits are workarounds for issues caused by 331aa7aa15ee5dd12b369b276f575d521435eb52. With the previous commit, these workarounds are not necessary anymore, as partitions are always processed later than their whole disk, and a decrypted volume is also processed later than its backing volume.
| * | | udev: update devlink with the newer device node even when priority is equivalentYu Watanabe2023-11-011-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several udev rules depends on the previous behavior, i.e. that udev replaces the devlink with the newer device node when the priority is equivalent. Let's relax the optimization done by 331aa7aa15ee5dd12b369b276f575d521435eb52. Follow-up for 331aa7aa15ee5dd12b369b276f575d521435eb52. Note, the offending commit drops O(N) of file reads per uevent, and this commit does not change the computational order. So, hopefully the performance impact of this change is small enough. Fixes #28141.
* | | | bsod,loop-util: fix fd validity checkLennart Poettering2023-11-012-2/+2
| | | |
* | | | proc-cmdline: use read_virtual_file() for /proc/cmdlineLennart Poettering2023-11-011-2/+2
| | | |
* | | | Merge pull request #29788 from poettering/nspawn-barrier-fixLennart Poettering2023-11-012-6/+10
|\ \ \ \ | | | | | | | | | | nspawn: fix barriers when wiping fully visible procfs/sysfs
| * | | | barrier: use EBADF where appropriateLennart Poettering2023-10-311-1/+1
| | | | |
| * | | | nspawn: fix barriers when wiping fully visible procfs/sysfsLennart Poettering2023-10-311-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's wait until the child is fully done with mounting it's own instances of procfs/sysfs before we destroy our fully visible copies of it. This borrows heavily from Christian Brauners fix #29521, but splits the place + sync into two steps so that the child payload is not started before the parent has destroyed the procfs instance. Alternative to: #29521 Fixes: #28157
* | | | | cryptenroll: use erase_and_free() at two more placesLennart Poettering2023-11-012-3/+3
| |_|_|/ |/| | |
* | | | sd-netlink: res_id is 16bit but serial is 32bitYu Watanabe2023-11-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The explicit value here is not so important. Let's chop off the higher bits. Fixes the issue reported at https://github.com/systemd/systemd/pull/29802#issuecomment-1788637950.
* | | | Merge pull request #29803 from poettering/coredump-message-tweaksLuca Boccassi2023-11-011-48/+56
|\ \ \ \ | | | | | | | | | | coredump: tweaks to log message & more
| * | | | coredump: let's always drop privilegesLennart Poettering2023-11-011-42/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's unconditionally drop privileges before submitting the coredump log message. Let's make the codepaths where we acquired a coredump and where we didn't more alike: let's drop privs in both cases. This is not only safer, but means that the coredump messages are always accessible by the owner of the aborted process.
| * | | | coredump: tweak coredump log messageLennart Poettering2023-11-011-8/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's not claim a process dumped core if that was disabled via resource limits. While we are at it, switch from stack to heap allocation for the log message, as it includes a stack trace which can be arbitrarily large. Fixes: #28559
* | | | | dhcp6: enterprise ID is 32bitYu Watanabe2023-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow-up for 6b44099b3baff64af1ef58db8e38ecddc8070e9b. Fixes #29800.
* | | | | build(deps): bump actions/checkout from 4.1.0 to 4.1.1dependabot[bot]2023-11-0111-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | build(deps): bump redhat-plumbers-in-action/differential-shellcheckdependabot[bot]2023-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 4.2.2 to 5.0.1. - [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases) - [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/redhat-plumbers-in-action/differential-shellcheck/compare/ac4483d8c6713bd2011037f44fe626989468af74...aa647ec4466543e8555c2c3b648124a9813cee44) --- updated-dependencies: - dependency-name: redhat-plumbers-in-action/differential-shellcheck dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1dependabot[bot]2023-11-011-1/+1
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/08b4669551908b1024bb425080c797723083c031...0864cf19026789058feabb7e87baa5f140aac736) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | man: Improve text for SystemMaxFileSize when not setAndré Paiusco2023-11-011-3/+3
| | | | | | | | | | | | If one sets the SystemMaxUse=64G by the current documentation would expect that each files size would be around 1/8 of this value (8G), althought if the SystemMaxFileSize is not explicit set, it has a max of 128M per file.
* | | | analyze: handle CAP_BPF supportPeter Hutterer2023-11-013-0/+20
| | | |
* | | | man: explicitly mention that environment.d/ cannot be used to set the ↵Lennart Poettering2023-11-011-11/+17
| | | | | | | | | | | | | | | | | | | | | | | | service manager's own env block Fixes: #29414
* | | | man: fix typoYu Watanabe2023-11-011-1/+1
| | | | | | | | | | | | | | | | Follow-up for ba87a61d05d637be9f0b21707f7fe3b0a74c5a05.
* | | | network: support ID_NET_MANAGED_BY udev propertyYu Watanabe2023-11-012-0/+18
|/ / / | | | | | | | | | | | | | | | | | | If the property is set, networkd manages the interface only when its value is "io.systemd.Network". Closes #29768.
* | | NEWS: fix typoYu Watanabe2023-11-011-2/+2
| | |
* | | Merge pull request #29770 from Werkov/doc-fixesYu Watanabe2023-11-013-3/+7
|\ \ \ | | | | | | | | Doc fixes