| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Also, even if login.defs are not present, don't start allocating at 1, but at
SYSTEM_UID_MIN.
Fixes #9769.
The test is adjusted. Actually, it was busted before, because sysusers would
never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than
SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are
equal, so we didn't notice. Since sysusers now always uses the minimum of the
two, we only need to substitute one value.
|
|
We were looking at ${f%.*}, i.e. the $f with any suffix starting with a dot removed.
This worked fine for paths like /some/path/test-11.input. It also worked
for paths like /some/path/inline (there were no dots, so we got $f back unscathed).
But in the ubuntu CI the package is built in a temporary directory like
/tmp/autopkgtest-lxc.nnnfqb26/downtmp/build.UfW/ (yes, it has a dot, even two.).
That still worked for the first case, but in the second case we truncated things
after the first dot, and we would try to get
/tmp/autopkgtest-lxc.nnnfqb26/downtmp/build and try to load
/tmp/autopkgtest-lxc.nnnfqb26/downtmp/build.expected-password, which obviously
didn't work as expected. To avoid this issue, do the suffix removal only when
we know that there really is a suffix.
A second minor issue was that we would try to copy $1.expected-*, and sometimes
$1 would be given, and sometimes not. Effectively we were relying on there
not being any files matching .expected-*. There weren't any such files, but let's
avoid this ugliness and always pass $1.
|
|
This shouldn't affect the outcome, but makes outputs easier to compare.
|
|
All this test does is manipulate text files in a subdir specified with --testroot.
It can be a normal unittest without the overhead of creating a machine image.
As a bonus, also test the .standalone version.
|
|
|
|
|
|
We don't (and shouldn't I think) look at them when determining the type of the
user, but they should be used during user/group allocation. (For example, an
admin may specify SYS_UID_MIN==200 to allow statically numbered users that are
shared with other systems in the range 1–199.)
|
|
It makes little sense to make the boundary between systemd and user guids
configurable. Nevertheless, a completely fixed compile-time define is not
enough in two scenarios:
- the systemd_uid_max boundary has moved over time. The default used to be
500 for a long time. Systems which are upgraded over time might have users
in the wrong range, but changing existing systems is complicated and
expensive (offline disks, backups, remote systems, read-only media, etc.)
- systems are used in a heterogenous enviornment, where some vendors pick
one value and others another.
So let's make this boundary overridable using /etc/login.defs.
Fixes #3855, #10184.
|
|
|
|
Those are functions that express policy, and nothing in basic/ uses
(or should use) them.
|
|
|
|
Currently translated at 63.1% (118 of 187 strings)
Co-authored-by: Charles Lee <lchopn@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/zh_CN/
Translation: systemd/master
|
|
SYSTEMD_RDRAND=0 will prevent using RDRAND even on systems whose CPUID claims
to support it. All other values have no effect.
Fixes: #17112
|
|
|
|
|
|
(Well, at least the ones where that makes sense. Where it does't make
sense are the ones that re invoked on the root path, which cannot
possibly be a symlink.)
|
|
Let's make umount_verbose() more like mount_verbose_xyz(), i.e. take log
level and flags param. In particular the latter matters, since we
typically don't actually want to follow symlinks when unmounting.
|
|
|
|
It doesn't follow symlinks when we check for the mount flags via
libmount, hence it shouldn't do either when we go via statvfs().
|
|
|
|
Similar reasons as the previous patch.
|
|
Let's make this explicit, just in case this suffers by the same issues
as the loopback devices, and drops in-flight IO when we disassemble it.
|
|
|
|
This is a follow-up for cae1e8fb88c5a6b0960a2d0be3df8755f0c78462: we
also call the detach ioctls in the shutdown code, hence add the fsync()s
there too, just to be safe.
|
|
It's a very basic function very similar to other cases where we go via
/proc/self/fd/, hence do the explicit proc_mounted() check here too.
|
|
its return value
Let's make sure to use strna() on the strings returned by fd_get_path()
where we knowingly ignore any failures. We got this right in most cases,
but two were missing.
|
|
We use it pretty much everywhere else, hence use it here too.
This also changes the error generated from EOPNOTSUPP to ENOSYS, to
match the other cases where we do such a check. One user checked for
EOPNOTSUPP which is updated to check for ENOSYS instead.
|
|
|
|
Let's use _cleanup_ magic to clean up files, let's fully operate by fds
whenever we can.
|
|
|
|
Fixes #13338.
|
|
The error message disagreed with the check that was actually performed. Adjust the check.
|
|
|
|
Fix-up for 97efde65d81b1501a3737f408f1234c6c25da61c
|
|
|
|
|
|
|
|
|
|
parse_boolean returns either 0 or 1 or error, and we checked for errors
earlier already.
|
|
|
|
|
|
|
|
|
|
|
|
Such microoptimization makes sense when the structure is used in many many copies,
but here's it's not, and the few bytes we save are not worth the extra code the
compiler has to generate:
return ns_info->mount_apivfs ||
ns_info->protect_control_groups ||
ns_info->protect_kernel_tunables ||
...
before:
49b187: 48 8b 45 f8 mov -0x8(%rbp),%rax
49b18b: 0f b6 00 movzbl (%rax),%eax
49b18e: 83 e0 80 and $0xffffff80,%eax
49b191: 84 c0 test %al,%al
49b193: 75 32 jne 49b1c7 <namespace_info_mount_apivfs+0x80>
49b195: 48 8b 45 f8 mov -0x8(%rbp),%rax
49b199: 0f b6 00 movzbl (%rax),%eax
49b19c: 83 e0 08 and $0x8,%eax
49b19f: 84 c0 test %al,%al
49b1a1: 75 24 jne 49b1c7 <namespace_info_mount_apivfs+0x80>
49b1a3: 48 8b 45 f8 mov -0x8(%rbp),%rax
49b1a7: 0f b6 00 movzbl (%rax),%eax
49b1aa: 83 e0 10 and $0x10,%eax
49b1ad: 84 c0 test %al,%al
49b1af: 75 16 jne 49b1c7 <namespace_info_mount_apivfs+0x80>
after:
49b024: 48 8b 45 f8 mov -0x8(%rbp),%rax
49b028: 0f b6 40 07 movzbl 0x7(%rax),%eax
49b02c: 84 c0 test %al,%al
49b02e: 75 2e jne 49b05e <namespace_info_mount_apivfs+0x7a>
49b030: 48 8b 45 f8 mov -0x8(%rbp),%rax
49b034: 0f b6 40 03 movzbl 0x3(%rax),%eax
49b038: 84 c0 test %al,%al
49b03a: 75 22 jne 49b05e <namespace_info_mount_apivfs+0x7a>
49b03c: 48 8b 45 f8 mov -0x8(%rbp),%rax
49b040: 0f b6 40 04 movzbl 0x4(%rax),%eax
49b044: 84 c0 test %al,%al
49b046: 75 16 jne 49b05e <namespace_info_mount_apivfs+0x7a>
|
|
|
|
|
|
Only enforce that /usr verity partition is present if a /usr
partition is there
|
|
Copypasta slipped in via https://github.com/systemd/systemd/pull/17101
|
|
Currently the systemd-shutdown command attempts to stop swaps, DM
(crypt, LVM2) and loop devices, but it doesn't attempt to stop MD
RAID devices, which means that if the RAID is set up on crypt,
loop, etc. device, it won't be able to stop those underlying devices.
This code extends the shutdown application to also attempt stopping
the MD RAID devices.
Signed-off-by: Hubert Kario <hubert@kario.pl>
|
