| Commit message (Collapse) | Author | Files | Lines |
|
Follow-up for 4f5fabe7a39f046e0456eba07472df061e85c94e.
|
|
Follow-up for df8f9b88bd41320653fe1c51ea515a2d03a349df.
|
|
Both syntaxes work, but let's use one syntax for consistency.
Fixup for 0641ce809a27cc1bc358924c26770f19d1213ec1.
|
|
It's been a while, but systemd-measure doesn't need root, and
ukify has a more modern syntax.
|
|
|
|
These were forgotten during the initial conversion, probably because
most of them consisted only of a single entry.
Fix that.
|
|
Let's systematically make sure that we link up the D-Bus interfaces from
the daemon man pages once in prose and once in short form at the bottom
("See Also"), for all daemons.
Also, add reverse links at the bottom of the D-Bus API docs.
Fixes: #34996
|
|
|
|
We have this in a similar fashion for the other APIs libsystemd
provides. Add the same for sd-varlink. There isn't too much on it for
now, but at least it's a start.
Also link it up everywhere.
|
|
Processes can easily survive the first kill operation we execute, hence
we shouldn't make strong claims about them having exited already. Let's
just say "likely" hence.
Fixes: #15032
|
|
Fixes: #32751
|
|
Fixes: #33130
|
|
Let's emphasize the privilege thing with a <caution> section.
Let's also point out that other D-Bus libraries are less restrictive
than sd-bus by default regarding permission access.
Fixes: #34735
|
|
|
|
|
|
|
|
.dtbauto section contains DT blobs, just like .dtb, the difference is
that multiple .dtbauto sections are allowed to be in a UKI and only one
is selected automatically
Temporarily drop an assert_cc() check in systemd-measure to make it compilable before the next commit
|
|
|
|
and FW-provided DT
|
|
Fixes: #34840
|
|
drop-in binaries
Fixes: #34949
|
|
[ 23.608342] TEST-55-OOMD.sh[689]: + btrfs filesystem mkswapfile -s 64M /swapfile
[ 23.651930] TEST-55-OOMD.sh[704]: ERROR: cannot create new swapfile: File exists
|
|
It is normal for DHCP leases not to have DNR options. We need to be less
verbose and more forgiving in these cases. Also, if either DHCP does not
have DNR options, make sure to still consider any DHCPv6/RA options.
Fixes: c7c9e3c7c016 (network: adjust log message about DNR)
|
|
Closes #32426.
|
|
It also detects e.g. glusterfs or mounts with "_netdev" option.
|
|
For justification, see 3f9a0a522f2029e9295ea5e9984259022be88413.
|
|
built-in list
|
|
|
|
Add support for matching the DT contained in a .dtb section of the
UKI image against the FW provided FDT or arbitrary compatible.
|
|
And use it when explicit reconfiguration is requested by Reconfigure() DBus method
or networkd certainly detects that connected network is changed.
Otherwise do not use the flag especially when we come back from sleep mode.
|
|
E.g. when a .network file is updated, but DHCP setting is unchanged, it
is not necessary to drop acquired DHCP lease.
So, let's not stop DHCP client and friends in link_reconfigure_impl(),
but stop them later when we know they are not necessary anymore.
Still DHCP clients and friends are stopped and leases are dropped when
the explicit reconfiguration is requested
|
|
When a reconfiguration of an interface is triggered, previously we
call link_foreignize_config(), which sets all static configurations as
foreign, then later call link_drop_foreign_config(), which drops
unnecessary foreign configurations.
This commit merges these two steps into one, link_drop_unmanaged_config(),
which drops unnecessary static and foreign configurations.
Also, this renames link_drop_managed_configs() to
link_drop_static_config(), as it only drops static configurations.
Note that dynamically aquired configurations are dropped by
link_stop_engines().
|
|
Effectively no functional changes, just refactoring and preparation for
later changes.
- convert boolean flag 'force' to LinkReconfigurationFlag enum,
- merge link_reconfigure() and reconfigure_handler_on_bus_method_reload() as
link_reconfigure_full(),
- Rename ReconfigureData -> LinkReconfigurationData,
- make Reconfigure() DBus message wait for reconfiguration being
started before sending reply.
|
|
No functional change, just refactoring.
|
|
Currently translated at 90.9% (230 of 253 strings)
po: Translated using Weblate (German)
Currently translated at 89.3% (226 of 253 strings)
po: Translated using Weblate (German)
Currently translated at 88.9% (225 of 253 strings)
po: Translated using Weblate (German)
Currently translated at 88.1% (223 of 253 strings)
Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
|
|
Currently translated at 90.9% (230 of 253 strings)
po: Translated using Weblate (German)
Currently translated at 89.3% (226 of 253 strings)
po: Translated using Weblate (German)
Currently translated at 88.9% (225 of 253 strings)
po: Translated using Weblate (German)
Currently translated at 88.1% (223 of 253 strings)
Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
|
|
Fixes: #35022
|
|
This new setting allows unsharing the pid namespace in a unit. Because
you have to fork to get a process into a pid namespace, we fork in
systemd-executor to get into the new pid namespace. The parent then
sends the pid of the child process back to the manager and exits while
the child process continues on with the rest of exec_invoke() and then
executes the actual payload.
Communicating the child pid is done via a new pidref socket pair that is
set up on manager startup.
We unshare the PID namespace right before the mount namespace so we
mount procfs correctly. Note PrivatePIDs=yes always implies MountAPIVFS=yes
to mount procfs.
When running unprivileged in a user session, user namespace is set up first
to allow for PID namespace to be unshared. However, when running in
privileged mode, we unshare the user namespace last to ensure the user
namespace does not own the PID namespace and cannot break out of the sandbox.
Note we disallow Type=forking services from using PrivatePIDs=yes since the
init proess inside the PID namespace must not exit for other processes in
the namespace to exist.
Note Daan De Meyer did the original work for this commit with Ryan Wilson
addressing follow-ups.
Co-authored-by: Daan De Meyer <daan.j.demeyer@gmail.com>
|
|
|
|
Same as xnew but initialized with zeros
|
|
In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting
an error message:
Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory
I expect that this actually comes from dnstls_manager_init(), the
openssl version. But without real logs it's hard to know for sure.
Use EIO instead of ENOMEM, because the problem is unlikely to be actually
related to memory.
|
|
We need a sensible limit on the number of Encrypted DNS options allowed
so that the set of resolvers per link does not grow without bound.
Fixes: 0c90d1d2f243 ("ndisc: Parse RFC9463 encrypted DNS (DNR) option")
|
|
This should catch compilation issues such as:
https://github.com/systemd/systemd/pull/35014
|
|
2024-11-04T20:13:17.3258095Z + for loader in build/src/boot/efi/*{.efi,.efi.stub}
2024-11-04T20:13:17.3258275Z ++ sbverify --list 'build/src/boot/efi/*.efi'
2024-11-04T20:13:17.3258525Z + [[ Error reading file build/src/boot/efi/*.efi: No such file or directory
2024-11-04T20:13:17.3258952Z Can't open image build/src/boot/efi/*.efi != \N\o\ \s\i\g\n\a\t\u\r\e\ \t\a\b\l\e\ \p\r\e\s\e\n\t ]]
|
|
|
|
This allows a single tmpfiles snippet with lines to symlink directories
from /usr/share/factory to be shared across many different configurations
while making sure symlinks only get created if the source actually exists.
|
|
KeepConfiguration=dhcp or dhcp-on-stop already violate RFC. It is not
necessary to honor the RFC about sending decline message on stop.
|
|
They will be used in another file in a later commit.
|
|
This also fixes the position of the logging "Enumeration completed.",
and downgrade its log level.
|
|
We enumerate interfaces at first, then enumerate other configurations
like addresses and so on. If we are running on a container, previously
we started to configure the enumerated interfaces before enumerating other
configurations.
Let's configure interfaces after all configurations are enumerated.
|