summaryrefslogtreecommitdiffstats
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* network/route-nexthop: use generic [Route] section parser moreYu Watanabe2024-10-115-128/+43
|
* network/route-nexthop: use log_syntax_parse_error()Yu Watanabe2024-10-111-16/+6
|
* network/route-metric: merge conf parsers for route metricYu Watanabe2024-10-115-100/+105
| | | | | This introduces a generic [Route] section parser, then embed conf parsers for route metric into it.
* network/route-metric: use log_syntax_parse_error()Yu Watanabe2024-10-111-25/+12
|
* network/address: several cleanups for config_parse_address()Yu Watanabe2024-10-113-41/+36
| | | | | | | | - make it accept an empty string, - use config_parse_in_addr_prefix(), - move null address checker to address_section_verify(). No functional change, just refactoring.
* network/address: warn but ignore Broadcast= setting for an IPv6 addressYu Watanabe2024-10-111-6/+0
| | | | | | | | | | | | | | | | Previously, the below was refused and the IPv6 address would not assigned. === [Address] Address=2001:db8:0:f101::15/64 Broadcast=192.168.0.255 === However, in the following case, networkd warned about the broadcast address would be ignored, and the IPv6 address would be configured. === [Address] Broadcast=192.168.0.255 Address=2001:db8:0:f101::15/64 ===
* network/address: use log_section_warning() moreYu Watanabe2024-10-111-12/+13
|
* network/routing-policy-rule: use in_addr_prefix for From= and To=Yu Watanabe2024-10-114-78/+44
| | | | | | | Also, this makes the settings parsed independently, and the inconsistency will be checked in the section verifier. No functional change, just refactoring.
* conf-parser: introduce config_parse_in_addr_prefix()Yu Watanabe2024-10-112-1/+39
| | | | It is not used currently, but will be used later.
* in-addr-util: rename in_addr_prefix_from_string_auto_internal() -> _full()Yu Watanabe2024-10-114-5/+5
| | | | | The function is also used in other source files. Hence, not internal. No functional change, just refactoring.
* Merge pull request #34717 from anonymix007/fundamental-boot-changesLennart Poettering2024-10-1113-213/+339
|\ | | | | Fundamental and boot changes for multi-dt UKIs
| * fundamental: Add EFI_GUID userspace definitionanonymix0072024-10-112-22/+29
| |
| * boot: Add log_info and log_debuganonymix0072024-10-112-9/+11
| |
| * boot: Add smbios_populate_raw_infoanonymix0072024-10-112-0/+73
| | | | | | | | This function will be used to gather information for DeviceTree matching
| * boot: Move smbios-related functions to a separate fileanonymix0072024-10-117-182/+200
| |
| * boot: Add xcalloc and xcalloc_multiplyanonymix0072024-10-111-0/+15
| |
| * boot: Add EFI_STATUS_IS_ERROR macroanonymix0072024-10-111-0/+2
| |
| * boot: Add bswap_{16,32}anonymix0072024-10-111-0/+3
| |
| * boot: Add be32tohanonymix0072024-10-111-0/+6
| |
* | shared/bus-util: re-break comment, insert missing newline before caseMike Yuan2024-10-111-2/+3
| | | | | | | | Follow-up for a178ffdfcd9d25886a6e563a0fbd9929852e85c4
* | Merge pull request #34686 from DaanDeMeyer/bus-fallbackDaan De Meyer2024-10-113-32/+36
|\ \ | |/ |/| Make sure bus_connect_transport_systemd() actually connects to the private manager bus
| * stdio-bridge: Use customized log message for forwarding busDaan De Meyer2024-10-111-1/+1
| | | | | | | | | | | | Let's more clearly indicate that we failed to set up the server which forwards messages from the remote client to the local bus instead of logging a generic bus client message.
| * stdio-bridge: Use bus_log_connect_error()Daan De Meyer2024-10-111-1/+1
| |
| * bus-util: Move geteuid() check out of bus_connect_system_systemd()Daan De Meyer2024-10-111-7/+6
| | | | | | | | | | | | Let's move this check to bus_connect_transport_systemd() so that bus_connect_system_systemd() will only ever connect to the manager private manager bus instance and fail otherwise.
| * bus-util: Drop fallback to system/user bus if manager bus doesn't workDaan De Meyer2024-10-111-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | We have various callsites that explicitly need the manager bus and won't work with the system bus, like daemon-reexec and friends which can't properly wait until the operation has finished unless using the manager bus. If we silently fall back to the system bus for these operations, we can end up with rather hard to debug issues so let's remove the fallback as it was added back in 2013 in a6aa89122d2fa5e811a72200773068c13bfffea2 without a clear explanation of why it was needed (I expect as a fallback if kdbus wasn't available but that's not a thing anymore these days).
| * update-utmp: Make reconnect logic more robustDaan De Meyer2024-10-111-20/+25
| | | | | | | | | | | | We might also fail to connect to the private manager bus itself if the daemon-reexec is still ongoing, so let's handle that as well by retrying on ECONNREFUSED.
* | Merge pull request #34718 from poettering/efi-smbios-tweakLennart Poettering2024-10-111-9/+14
|\ \ | | | | | | efi: minor tweaks to smbios parsing
| * | smbios: make code more readable by introducing a "limit" pointerLennart Poettering2024-10-111-2/+3
| | |
| * | smbios: move validation of SMBIOS table sizes fully into get_smbios_table()Lennart Poettering2024-10-111-7/+11
| |/ | | | | | | | | | | | | | | | | | | | | We do half a validation currently ourselves (i.e. check the header fits into the rest of the data), and leave the other half to the caller (i.e. check the table fits into the rest of the data). get_smbios_table() is changed to accept the minimum object size and validates it before returning a table. Based on a discussion with @anonymix007.
* | Merge pull request #34703 from poettering/pidref-varlinkLennart Poettering2024-10-1112-24/+289
|\ \ | | | | | | Serialize "PidRef" in a reasonable way in Varlink interfaces
| * | machined: also take new ProcessId structure when registering processesLennart Poettering2024-10-112-15/+6
| | |
| * | machined: make List() varlink method return a full pidref JSON object for leaderLennart Poettering2024-10-114-2/+14
| | | | | | | | | | | | | | | This new call has not been released yet, hence we can still change the encoding of the "leader" field.
| * | json: add builder/dispatcher for PidRef → JSON and backLennart Poettering2024-10-114-0/+245
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far, at the one place we sent a PID over Varlink we did so as a simple numeric pid_t value. That's of course is racy, since classic PIDs are recycled too eagerly. Let's address that, by passing around JSON objects distantly resembling our PidRef structure. Note that this JSON object does *not* contain the pidfd, however, but just the pidfd inode number if known. I originally planned to include the pidfd in some direct form, but I figured that's not really the best idea, since we always need a side-channel of some form for that (i.e. AF_UNIX/SCM_RIGHTS), but we should be able to report about PIDs even without that. Moreover, while sending the pid number and pidfd id around should always be OK to do, it's a lot more problematic to always send a pidfd around, since that implies that fd passing is on and it is OK to install fds remotely in some IPC peers fd table. For example, when doing a wild dump of service manager service state we really shouldn't end up with a bunch of fds installed in our client's fd table. Hence, all in all I think it is cleaner to define a structure carrying pid number and pidfd inode id, wich is passed directly as JSON. And then optionally, in a separate field also pass around a pidfd where it makes sense. Note that sending around pidfds is not that beneficial anymore if we have the pidfd inode id, because we can always securely and reliably get a pidfd back from a pair of pid + inode id: first we do pidfd_open() on the pid, and then we check if it is really the right one by comparing .st_ino after fstat(). This logic is implemented gracefully: if for some reason pidfd/pidfd inode nrs are not available (too old kernel), we'll fall back to plain PID numbers. The dispatching logic knows two distinct levels of validation of the provided PID data: if SD_JSON_STRICT is specified we'll acquire a pidfd for the PID, thus verifying it currently exists and failing if it doesn't. If the flag is not set, well just store the provided info as-is, will try to acquire a pidfd for it, but not fail if we cannot. Both modes are important in different contexts. Also note that in addition to the pidfd inode nr we always store the current boot ID of the system in the JSON object, since only the combination of pidfd inode nr and boot ID of the system really is a world-wide unique reference to a process. When dispatching a JSON pid field we operate somewhat gracefully: we either support the triplet structure of pid, pid inode nr, boot id, or we accept a simple classic UNIX pid.
| * | varlink-idl: introduce c/.h file for common varlink IDL structuresLennart Poettering2024-10-114-7/+20
| | | | | | | | | | | | | | | | | | Some structures we'll use in various varlink interfaces, move them to a common .c/.h file. For now this is only the dual timestamp object, but there will be more soon.
| * | macro: add voffsetof() helper, that operates like offsetof() but on variablesLennart Poettering2024-10-111-0/+1
| | |
| * | test: also dump varlink IDL for Machine interface in the testLennart Poettering2024-10-111-0/+3
| | |
* | | Merge pull request #34681 from ↵Lennart Poettering2024-10-1113-44/+123
|\ \ \ | | | | | | | | | | | | | | | | ikruglov/ikruglov/io-systemd-Machine-post-merge-review machine: address post-merge review #34623
| * | | machine: use sd_json_dispatch_pid() in varlink codeIvan Kruglov2024-10-103-9/+10
| | | |
| * | | sd-json: add sd_json_dispatch_pid()Ivan Kruglov2024-10-104-0/+52
| | | |
| * | | machine: switch to use PidRef when lookup machine by pid in dbus and varlink ↵Ivan Kruglov2024-10-105-20/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | interfaces This commit includes adding introduce manager_get_machine_by_pidref() as a replacement for manager_get_machine_by_pid() and moving surrounding code to utilise PidRef.
| * | | machine: use sd_json_dispatch_signal() in varlink codeIvan Kruglov2024-10-101-4/+1
| | | |
| * | | sd-json: add sd_json_dispatch_signal()Ivan Kruglov2024-10-104-0/+27
| | | |
| * | | machine: remove redundant else if lookup_machine_by_name_or_pid()Ivan Kruglov2024-10-101-1/+1
| | | |
| * | | machine: complete description of io.systemd.Machine.{List, Terminate, Kill, ↵Ivan Kruglov2024-10-101-10/+11
| | | | | | | | | | | | | | | | Unregister} methods
* | | | seccomp: allowlist uretprobe() syscallLennart Poettering2024-10-111-0/+1
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a new syscall provided by the kernel used to implement faster uprobes. It's not supposed to be called by userspace, but only by kernel generated uprobe code. It should be fine to allow this, as the kernel authenticates the invocation itself, and we shouldn't break compat with things. Note that this allowlisting is not sufficient to make ureprobe() work. libseccomp must be tought the syscall too, but this can happen independently. Fixes: #34615
* | | rpm/systemd-update-helper: Use systemctl reload to reexec/reload user managersDaan De Meyer2024-10-111-16/+4
| | | | | | | | | | | | | | | | | | | | | Let's always use systemctl reload to reexec and reload user managers now that it always implies a reexec. This moves all the job management logic to pid 1 instead of bash and reduces the complexity of the logic as we remove systemd-run, pam and systemd-stdio-bridge from the equation.
* | | core/manager-serialize: drop serialization for Manager.ready_sentMike Yuan2024-10-111-11/+1
| | | | | | | | | | | | | | | | | | | | | | | | This field indicates whether READY=1 has been sent to the service manager/supervisor. Whenever we reload/reexec/soft-reboot, manager_send_reloading() always resets it to false first, so that READY=1 is sent after reloading finishes. Hence we utterly get "false" at all times. Kill it.
* | | core/manager: still send out STATUS=Ready for user managerMike Yuan2024-10-111-7/+7
| |/ |/| | | | | | | | | | | | | This effectively reverts 37d15cd132f3a8a0bf42fb252c1604e804171ff2. The offending commit wrongly assumed that the second READY=1 notification is for system scope only, but it also serves the purpose of flushing out previous STATUS= containing user unit job status.
* | sd-netlink: introduce two more _get_family()Yu Watanabe2024-10-102-44/+16
| | | | | | | | Then, use them in sd_rtnl_message_get_family().
* | sd-netlink,network: rename functions and RoutingPolicyRule.typeYu Watanabe2024-10-106-42/+42
| | | | | | | | | | To make them consistent to the netlink message header. No functional change, just refactoring.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 07:49:32 +0100