summaryrefslogtreecommitdiffstats
path: root/src/shared (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* | mount-util: reorder params for mount_in_userspace, clean up loggingMike Yuan2024-07-232-33/+66
| |
* | mount-util: do not unnecessarily acquire mountns fd twiceMike Yuan2024-07-231-7/+3
| | | | | | | | This also enables us to use pidref_namespace_open().
* | mount-util: clean up mount_exchange_graceful a bit, don't duplicate ↵Mike Yuan2024-07-231-16/+8
|/ | | | move_mount when fallback
* shared/exec-util: add macro to autoinsert sentinel for fork_agent()Zbigniew Jędrzejewski-Szmek2024-07-224-7/+7
|
* selinux-util: add missing char in commentZbigniew Jędrzejewski-Szmek2024-07-221-1/+1
|
* shared: log error when execve failMauri de Souza Meneguzzo2024-07-222-3/+9
| | | | | | | | | | | If there is an error with the execv call in fork_agent the program exits without any meaningful log message. Log the command and errno so the user gets more information about the failure. Fixes: #33418 Signed-off-by: Mauri de Souza Meneguzzo <mauri870@gmail.com>
* udev-builtin-net_id: use firmware_node/sun for ID_NET_NAME_SLOTEtienne Champetier2024-07-212-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | pci_get_hotplug_slot() has the following limitations: - if slots are not hotpluggable, they are not in /sys/bus/pci/slots. - the address at /sys/bus/pci/slots/X/addr doesn't contains the function part, so on some system, 2 different slots with different _SUN end up with the same hotplug_slot, leading to naming conflicts. - it tries all parent devices until it finds a slot number, which is incorrect, and what led to NAMING_BRIDGE_MULTIFUNCTION_SLOT being disabled. The use of PCI hotplug to find the slot (ACPI _SUN) was introduced in https://github.com/systemd/systemd/commit/0035597a30d120f70df2dd7da3d6128fb8ba6051 "udev: net_id - export PCI hotplug slot names" on 2012/11/26. At the same time on the kernel side we got https://github.com/torvalds/linux/commit/bb74ac23b10820d8722c3e1f4add9ef59e703f63 "ACPI: create _SUN sysfs file" on 2012/11/16. Using PCI hotplug was the only way at the time, but now 12 years later we can use firmware_node/sun sysfs file. Looking at a small selection of server HW, for HPE (Gen10 DL325), the _SUN is attached to the NIC device, whereas for Dell (R640/R6515/R6615) and Cisco (UCSC-C220-M5SX), the _SUN is on the first parent pcieport. We still fallback to pci_get_hotplug_slot() to handle the s390 case and maybe some other coner cases (_SUN on grand parent device that is not a bridge ?).
* exec-util: modernize exec_command_flags_{to,from}_strvMike Yuan2024-07-202-28/+25
| | | | | | - Rename ret params following our coding style - Use assertion where appropriate - Use BIT_FOREACH()
* terminal-util: move lock_dev_console() hereLennart Poettering2024-07-192-19/+0
| | | | | | | | It doesn't really make sense to have that in dev-setup.c, which is mostly about setting up /dev/, creating device nodes and stuff. let's move it to the other stuff that deals with /dev/console's peculiarities.
* terminal-util: split out color macros/helpers into its own headerLennart Poettering2024-07-197-0/+7
| | | | | | | | | This is a lot of stuff, and sometimes quite wild, let's turn this into its own header. All stuff color-related that just generates sequences is now in ansi-color.h (no .c file!), and everything more complex that probes/ineracts with terminals remains in termina-util.[ch]
* terminal-util: rename set_terminal_cursor_position() → ↵Lennart Poettering2024-07-191-5/+5
| | | | | | | | terminal_set_cursor_position() Let's prefix these functions with the subsystem name, and clean them up a bit. Specifically, drop the error logging, it's entirely duplicative, since every single caller does it anyway.
* Merge pull request #33591 from teknoraver/o_pathLuca Boccassi2024-07-191-1/+1
|\ | | | | use O_PATH when possible
| * use O_PATH to get the root fdsMatteo Croce2024-07-161-1/+1
| | | | | | | | | | `switch_root()` opens two file descriptors to do the switch but never reads from them. Open them with O_PATH.
* | polkit: fix typo in enum nameLuca Boccassi2024-07-181-1/+1
| |
* | polkit: map POLKIT_ALWAYS_QUERY to new polkit flagLuca Boccassi2024-07-182-12/+10
| | | | | | | | | | | | | | | | | | | | | | polkitd by default just waves through requests from a root process. A new POLKIT_CHECK_AUTHORIZATION_FLAGS_ALWAYS_CHECK flag was added to main (will be part of v125 when it ships) that forces it to go through the policy checks for root too. Previous versions will just ignore it. Change the flags handling slightly so that we pass this or the interactive flags through, as the values match what polkit expects.
* | ptyfwd: reset color after two tty reset sequences, tooLennart Poettering2024-07-181-1/+19
| | | | | | | | | | | | | | | | When we patch in a bg color we must make sure that when certain "reset" sequences are transferred we fix up the bg color again. Do so for \033[!p ("soft terminal reset") and \033c ("reset to initial state" aka "full reset").
* | Merge pull request #33092 from YHNdnzj/freezer-cleanupMike Yuan2024-07-172-21/+0
|\ \ | | | | | | UnitFreezer: several cleanups
| * | sleep,home: always initialize UnitFreezer if usedMike Yuan2024-07-172-21/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, unit_freezer_new_freeze() would only return UnitFreezer object if FreezeUnit() succeeds. This is not ideal though, as a failed bus call doesn't mean the action actually failed. E.g. a timeout might occur because pid1 is waiting for cgroup event from kernel, while the bus call timeout was exceeded (#33269). In such a case, ThawUnit() will never be called, resulting in frozen units remain that way after resuming from sleep. Therefore, let's get rid of unit_freezer_new_freeze(), and make sure as long as unit freezer is involved, we'll call ThawUnit() when we're done. This should make things a lot more robust.
* | | table: Improve mangling of JSON field namesAdrian Vovk2024-07-172-7/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First, when displaying JSON we convert dashes into underscores. We want to avoid using dashes in JSON field names in new code, because some JSON parsers don't support dashes very well. Second, we make the first character of every word lower-case. This better matches our JSON field name style, and makes the automatic JSON name mangling a lot more useful for vertical tables, where fields are given a display name. For example, "Foo Bar" would be converted into "foo_bar" instead of "Foo_Bar", which much better matches our style. We don't make the whole string lowercase to support cases like: "fooBar" should stay as "fooBar". Some situations don't behave quite perfectly, such as "Foo BarBaz" gets converted into "foo_barBaz", or all-caps headings get mangled incorrectly. In these situations, the JSON field should be overridden manually. In most cases, or at least more cases than before, this heuristic does good enough.
* | | table: Add TABLE_SET_JSON_FIELD_NAMEAdrian Vovk2024-07-172-0/+15
|/ / | | | | | | | | | | | | | | | | | | | | | | | | Lets you conveniently set JSON field names in table_add_many. Especially useful for vertical tables. For example: table_add_many(t, TABLE_FIELD, "Display Name", TABLE_STRING, obj->display_name, TABLE_SET_JSON_FIELD_NAME, "displayName", TABLE_FIELD, "Timestamp", TABLE_TIMESTAMP, obj->timestamp, TABLE_SET_JSON_FIELD_NAME, "timestampUSec");
* | Merge pull request #33714 from poettering/make-varlink-publicDaan De Meyer2024-07-1754-7855/+961
|\ \ | | | | | | varlink: make API public as "sd-varlink.h"
| * | sd-varlink: make our internal Varlink API public as sd-varlink.[ch]Lennart Poettering2024-07-1654-7855/+961
| |/ | | | | | | | | | | | | | | | | | | It's time. sd-json was already done earlier in this cycle, let's now make sd-varlink public too. This is mostly just a search/replace job of epical proportions. I left some functions internal (mostly IDL handling), and I turned some static inline calls into regular calls.
* / gpt: add more architecture aliasesLuca Boccassi2024-07-161-0/+9
|/ | | | | | | Same as the other aliases. Allows chaining commands like: $ systemd-id128 show -P root-$(dpkg-architecture --query DEB_HOST_ARCH) 4f68bce3e8cd4db196e7fbcaf984b709
* machine-id: Add cmdline argument to use VM behaviour on bare metal (#32086)Merlin Jehli2024-07-132-18/+43
| | | Closes #30707
* bootspec: correct log level for fatal errorsLennart Poettering2024-07-121-4/+4
|
* bootspec: implement sorting by tries left/done, to match what sd-boot doesLennart Poettering2024-07-121-1/+18
|
* Merge pull request #33599 from keszybz/link-executor-staticallyZbigniew Jędrzejewski-Szmek2024-07-081-1/+1
|\ | | | | Link executor statically
| * meson: rename libbasic to libbasic_staticZbigniew Jędrzejewski-Szmek2024-07-031-1/+1
| | | | | | | | | | | | | | Our variables for internal libraries are named 'libfoo' for the shared lib variant, and 'libfoo_static' for the static lib variant. The only exception was libbasic, because we didn't have a shared variant for it. But let's rename it for consitency. This makes the build config easier to understand.
* | load-fragment: allow MountImages= with paths starting with /devTopi Miettinen2024-07-042-6/+24
| | | | | | | | | | | | | | For MountImages=, if the source is a block device, it will most likely reside in /dev. It should be also possible to mount a static device file system in place of (or part of) /dev. So let's allow paths starting with /dev as an exception for MountImages=.
* | repart: Allow overriding fstype per partition designatorDaan De Meyer2024-07-032-0/+13
|/ | | | | | $SYSTEMD_REPART_OVERRIDE_FSTYPE is too invasive. Often you want to override the fstype only for a specific designator, so let's support that as well.
* shared/condition: add missing space after 'if'Mike Yuan2024-07-011-2/+2
| | | | Follow-up for 98b1ecc9175a8bb241292f6f441a754b6759dd97
* shared/mount-util: return early if param is NULLMike Yuan2024-07-011-7/+10
| | | | To make things more readable and consistent.
* Merge pull request #33475 from poettering/name-to-handle-at-fidLennart Poettering2024-07-012-0/+13
|\ | | | | teach inode_same() the concept of name_to_handle_at() FIDs to properly detect inode identities
| * test: beef up test case for fid-based equality checksLennart Poettering2024-07-012-0/+13
| |
* | mkfs-util: Simplify logicDaan De Meyer2024-07-011-8/+3
| |
* | Use read_full_file_full() in read_smbios11_field()Daan De Meyer2024-07-011-2/+7
| | | | | | | | | | | | | | | | | | read_virtual_file() will only read up to page size bytes of data from /sys/firmware/dmi/entries/.../raw so let's use read_full_file_full() instead to make sure we read all data. This should be safe since smbios11 data can be considered immutable during the lifetime of the system.
* | util: add generic block device listener helperLennart Poettering2024-07-013-0/+91
| | | | | | | | | | | | | | Various of our tools operate on block devices, and it's not always obvious to know which block devices are actually appropriate for use. Hence, let's add a helper that allows to list block devices, and supports some limited filtering.
* | blockdev-util: add partscan check function that takes an sd_device*Lennart Poettering2024-07-014-10/+19
|/
* Conditional PSI check to reflect changes done in 5.13rhellstrom2024-07-011-2/+8
| | | | | | cpu.pressure 'full' is undefined for system-wide checks since 5.13 but still reported with values set to 0 for backwards compatibility. Made changes to reflect this for system-wide checks so that the conditional comparison is not made against the 0 value and instead fall back to 'some'. https://www.kernel.org/doc/html/latest/accounting/psi.html
* mkfs-util: Set sector size for btrfs as wellDaan De Meyer2024-06-291-0/+9
| | | | | | | | | btrfs used to default the sector size to the page size and didn't support anything else. Since 6.7, it defaults to 4K and using 4K makes the filesystem compatible with all page sizes. So let's make sure we use minimum 4K as well (lower causes failures on systems with a 4K page size) but still allow larger sector sizes if specified by the user.
* Merge pull request #30360 from keszybz/nscd-dropLuca Boccassi2024-06-293-154/+0
|\ | | | | Drop support for nscd
| * Drop support for nscdZbigniew Jędrzejewski-Szmek2024-06-283-154/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | nscd is known to be racy [1] and it was already deprecated and later dropped in Fedora a while back [1,2]. We don't need to support obsolete stuff in systemd, and the cache in systemd-resolved provides a better solution anyway. We announced the plan to drop nscd in d44934f3785ad9ca4aab757beb80a9b11ba4bc04. [1] https://fedoraproject.org/wiki/Changes/DeprecateNSCD [2] https://fedoraproject.org/wiki/Changes/RemoveNSCD The option is kept as a stub without any effect to make the transition easier.
* | core: deduplicate identical dm-verity ExtensionImages=Luca Boccassi2024-06-283-13/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It turns out OverlayFS doesn't handle gracefully when the same source is specified multiple times in lowerdir= and it fails with ELOOP: Failed to mount overlay (type overlay) on /run/systemd/mount-rootfs/opt (MS_RDONLY "lowerdir=/run/systemd/unit-extensions/1/opt:/run/systemd/unit-extensions/0/opt:/run/systemd/mount-rootfs/opt"): Too many levels of symbolic links This happens even if we mount each image in a different internal mount path, as OverlayFS will resolve it and look for the backing device, which will be the same device mapper entity, and return a hard error. This error does not appear if dm-verity is not used, so it is very confusing for users, and unnecessary. When mounting ExtensionImages, check if an image is dm-veritied, and drop duplicates if the root hashes match, to avoid this user-unfriendly hard error.
* | Merge pull request #33370 from grawity/run-titleZbigniew Jędrzejewski-Szmek2024-06-282-0/+18
|\ \ | |/ |/| run: add option to prevent the setting of terminal title
| * run: add environment variable to prevent the setting of terminal titleMantas Mikulėnas2024-06-252-0/+18
| | | | | | | | | | | | This goes together with the existing SYSTEMD_TINT_BACKGROUND. Closes https://github.com/systemd/systemd/issues/33301
* | varlink: fix licenseDavid Tardon2024-06-272-2/+2
| | | | | | | | The old license was a copy&paste mistake.
* | cryptsetup: allow customizing cache behaviorKamil Szczęk2024-06-272-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new "password-cache" option allows customizing behavior of the ask-password module in regards to caching credentials in the kernel keyring. There are 3 possible values for this option: * read-only - look for credentials in kernel keyring before asking * on - same as read-only, but also save credentials input by user * off - disable keyring credential cache Currently the cache is forced upon the user and this can cause issues. For example, if user wants to attach two volumes with two different FIDO2 tokens in a quick succession, the attachment operation for the second volume will use the PIN cached from the first FIDO2 token, which of course will fail and since tokens are only attempted once, this will cause fallback to a password prompt.
* | Merge pull request #33503 from poettering/hostnamed-polkit-fixesLennart Poettering2024-06-273-5/+9
|\ \ | | | | | | hostnamed: minor corrects to Varlink polkit handling
| * | hostnamed: make sure we can actually properly parse ↵Lennart Poettering2024-06-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'allowInteractiveAuthentication' varlink parameter If people want they should be able to turn on this flag, to allow interactive auth. Let's make sure this actually works. i.e. add it to the introspection data and don't refuse the parameter in Describe(). (note the varlink handling already does parameter validation through varlink_dispatch(), hence we can just drop any further validation)
| * | hostnamed: if polkit authentication fails for Varlink Describe() call, don't ↵Lennart Poettering2024-06-272-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | reply to client with an error The logic of the Describe() call was supposed to be: if we can acquire the PK priv to get the product UUID then let's return the product UUID, and if we cannot then return the data without it. This didn't work however, since the polkit varlink glue would immediately propagate the error it acquired from polkit its own client. Let's turn this off, optionally, so that hostnamed can handle this nicely.