summaryrefslogtreecommitdiffstats
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Minor follow-ups for recent PRs (#35381)HEADmainYu Watanabe45 hours4-32/+28
|\
| * shared/bootspec: mark _to_string funcs as _const_Mike Yuan46 hours1-5/+4
| | | | | | | | Addresses https://github.com/systemd/systemd/pull/34959#discussion_r1860451777
| * shared/bootspec: use FOREACH_ELEMENT where appropriate, avoid unneeded memzero()Mike Yuan46 hours1-8/+8
| |
| * shared/bootspec: move boot_entry_addons_done() up, drop separate prototypeMike Yuan46 hours1-12/+10
| | | | | | | | Follow-up for e2501a851e10f5279862b2bccbdd9184572cce6a
| * basic/fileio: minor coding style cleanupMike Yuan46 hours2-7/+6
| | | | | | | | Follow-up for bbec1c87d3bf8d14eeb1ee3b4df973a53cca2e58
* | service: don't second guess invocation mode againLennart Poettering45 hours1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | let's just check the debug invocation boolean, and not recheck the restart mode again. It's mostly redundant (because the boolean should not have been become true if the restart mode was not set accordingly). Moreover, i think we might want to eventually allow a manual way to enable debug invocation mode, and hence this pointless checking would become a problem. Also, we never check the restart mode again in other cases, hence we shouldn't here either.
* | nspawn: improve error message when we cannot look into a container tree due ↵Lennart Poettering45 hours1-3/+6
| | | | | | | | to perms
* | nspawn: don't try to unregister a machine we never registeredLennart Poettering45 hours1-1/+1
|/ | | | | | When registering we condition this on "arg_register". Let's do the same when unregistering, otherwise we might end up trying to unregister a machine we never registered.
* bootspec fixups (#34959)Luca Boccassi2 days5-39/+89
|\
| * bootspec: Look at /loader/addons in XBOOTLDRAdrian Vovk2 days4-30/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The bootspec util-lib's handling of global addons didn't previously match the behavior of sd-stub, and this commit corrects that. First, bootspec didn't load global addons from the XBOOTLDR dir, but the stub does. So, bootspec now enumerates addons in XBOOTLDR, not just ESP Second, the stub only loads resources (including addons) from the partition that it was found on. Thus, we must keep track of which partition the global addons come from, and which partition each boot entry comes from. In other words: global addons found on the ESP will NOT apply to UKIs found in XBOOTLDR, and bootspec now reflects that.
| * bootspec: Fixup loading of local addons for UKIsAdrian Vovk3 days1-5/+7
| | | | | | | | Follow-up for 59b3df9
| * bootspec: Fixup memory leakAdrian Vovk3 days2-4/+5
| | | | | | | | | | This would previously leak memory: the array was deleted but contents inside of the array were not
| * sd-stub: Fixup typo & measurement orderAdrian Vovk3 days1-2/+2
| | | | | | | | | | | | | | | | A previous commit accidentally reversed the measurement order of the confext initrds and sysext initrds via a minor typo. This commit fixes the typo and restores the original measurement order Follow-up: ac32323
* | ukify: Switch to JSON HWID description format (#35208)Zbigniew Jędrzejewski-Szmek2 days1-65/+19
|\ \ | |/ |/| Fixes #35176
| * ukify: Switch to JSON HWID description formatanonymix0078 days1-65/+19
| |
* | sysext: set SELinux context for hierarchies and workdirgerblesh3 days4-18/+75
| |
* | sd-varlink: fix bug when enqueuing messages with fds asynchronouslyLennart Poettering3 days1-1/+2
| | | | | | | | | | | | | | When determining the poll events to wait for we need to take the queue of pending messages that carry fds into account. Otherwise we might end up not waking up if such an fd-carrying message is enqueued asynchronously (i.e. not from a dispatch callback).
* | cryptsetup: convert pkcs11/fido2 to iovec for key handlingLuca Boccassi3 days5-32/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | key-data might be NULL. Fixes crash: 0 0x0000559c62120530 in attach_luks_or_plain_or_bitlk (cd=0x559c6b192830, name=0x7ffd57981dc4 "root", token_type=TOKEN_FIDO2, key_file=0x0, key_data=0x0, passwords=0x0, flags=524296, until=0) at ../src/cryptsetup/cryptsetup.c:2234 pass_volume_key = false r = 1469577760 __func__ = '\000' <repeats 29 times> 1 0x0000559c6212279c in run (argc=6, argv=0x7ffd5797fe98) at ../src/cryptsetup/cryptsetup.c:2597 discovered_key_data = {iov_base = 0x0, iov_len = 0} key_data = 0x0 token_type = TOKEN_FIDO2 destroy_key_file = 0x0 flags = 524296 until = 0 passphrase_type = PASSPHRASE_NONE volume = 0x7ffd57981dc4 "root" source = 0x7ffd57981dc9 "/dev/disk/by-uuid/8372fb39-9ba4-461a-a618-07dcaae66280" status = CRYPT_INACTIVE tries = 0 key_file = 0x0 config = 0x7ffd57981e05 "luks,discard,fido2-device=auto,x-initrd.attach" use_cached_passphrase = true try_discover_key = true discovered_key_fn = 0x7ffd5797fa70 "root.key" passwords = 0x0 cd = 0x559c6b192830 verb = 0x7ffd57981dbd "attach" r = 0 __func__ = "\000\000\000" 2 0x0000559c621231e6 in main (argc=6, argv=0x7ffd5797fe98) at ../src/cryptsetup/cryptsetup.c:2674 r = 32553 __func__ = "\000\000\000\000" Follow-up for 53b6c99018f918a5d2c9000ac5fe3a2440115ea7
* | updatectl: fix DBus method signature for SetFeatureEnabledAbderrahim Kitouni3 days1-1/+1
| | | | | | | | | | The signature was changed to 'sit' in sysupdated during review, but updatectl kept using 'sbt'
* | core/device: ignore ID_PROCESSING udev property on enumerate (#35332)Zbigniew Jędrzejewski-Szmek4 days1-3/+0
|\ \ | | | | | | Fixes #35329.
| * | core/device: ignore ID_PROCESSING udev property on enumerateYu Watanabe4 days1-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This partially reverts the commit 405be62f05d76f1845f347737b5972158c79dd3e "tree-wide: refuse enumerated device with ID_PROCESSING=1". Otherwise, when systemd-udev-trigger.service is (re)started just before daemon-reexec, which can be easily happen on systemd package update, then udev database files for many devices may have ID_PROCESSING=1 property, thus devices may not be enumerated on daemon-reexec. That causes many units especially mount units being deactivated after daemon-reexec. Fixes #35329.
* | | Check inode number to see if we are in init namespace (#35306)Zbigniew Jędrzejewski-Szmek4 days5-9/+96
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | This is a more comprehensive fix compared to #35273. Also adds a minimal test only. Based on Luca's #35273 but generalizes the code a bit. In v258 we really should get rid of the old heuristics around userns and cgroupns detection, but given we are late in the v257 cycle this keeps them in.
| * | test-namespace: tweak log message a bitLennart Poettering7 days1-1/+1
| | |
| * | virt: make use of ns inode check in running_in_userns() and ↵Lennart Poettering7 days1-0/+16
| | | | | | | | | | | | running_in_cgroupns() too
| * | detect-virt: check the inode number of the pid namespaceLuca Boccassi7 days1-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The indoe number of root pid namespace is hardcoded in the kernel to 0xEFFFFFFC since 3.8, so check the inode number of our pid namespace if all else fails. If it's not 0xEFFFFFFC then we are in a pid namespace, hence a container environment. Fixes https://github.com/systemd/systemd/issues/35249 [Reworked by Lennart, to make use of namespace_is_init()]
| * | namespace-util: add generic namespace_is_init() callLennart Poettering7 days4-8/+60
| | |
* | | ukify: Fix typing errorDaan De Meyer5 days1-1/+1
| | |
* | | Move mypy.ini and ruff.toml to top levelDaan De Meyer5 days2-28/+0
| | | | | | | | | | | | This allows reusing them for integration-test-wrapper.py as well.
* | | curl-util: do not configure new io event source when the event loop is ↵Yu Watanabe6 days1-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | already dead Similar to c5ecf0949460dd0bf3211db128a385ce6375252e, but for io event source. Fixes #35322.
* | | measure: add 'dtbauto' option in help messageAni Sinha6 days1-12/+13
| | | | | | | | | | | | 'dtbauto' command line was missing from the help string. Add it.
* | | nspawn: improve log message on bad incoming sd_notify() messageLennart Poettering6 days1-1/+1
| | | | | | | | | | | | It's the PID that is wrong, not the UID/GID, be precise.
* | | nspawn: fix userns_mkdir() invocationLennart Poettering6 days1-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | The wrong error code was logged. But actually given that userns_mkdir() is fine with existing dirs, let's drop the redundant conditionalization. Follow-up for: a1fcaa1549d86098d0ba75254b6afc96c786b3b6
* | | shutdown: propagate one more error from sync_making_progress()Yu Watanabe6 days1-4/+2
| | | | | | | | | | | | | | | No functional change, just refactoring, as anyway all errors will be ignored by the caller.
* | | namespace-util: handle -ENOSPC by userns_acquire() gracefully in ↵Yu Watanabe6 days1-4/+8
|\ \ \ | | | | | | | | | | | | | | | | | | | | is_idmapping_supported() (#35313) Follow-up for edae62120f13b24d51812d1d7c0ab24acb420305. Fixes #35311.
| * | | namespace-util: update log messagesYu Watanabe7 days1-4/+4
| | | |
| * | | namespace-util: handle -ENOSPC by userns_acquire() gracefully in ↵Yu Watanabe7 days1-0/+4
| |/ / | | | | | | | | | | | | | | | | | | is_idmapping_supported() Follow-up for edae62120f13b24d51812d1d7c0ab24acb420305. Fixes #35311.
* | | shutdown: close DM block device before issuing DM_DEV_REMOVE ioctlYu Watanabe6 days1-7/+9
| | | | | | | | | | | | | | | | | | | | | Otherwise, the ioctl() may fail with EBUSY. Follow-up for b4b66b26620bfaf5818c95d5cffafd85207694e7. Hopefully fixes #35243.
* | | basic/linux: update kernel headers from v6.12Yu Watanabe6 days10-57/+75
| | |
* | | Undeprecate commandline params forcequotacheck, fastboot, and forcefsckZbigniew Jędrzejewski-Szmek6 days2-13/+3
|/ / | | | | | | | | | | | | | | | | Those are historical names, but there is nothing wrong with them. The files on / (/fastboot, /forcefsck, and /forcequotacheck) are problematic because they require a modification of the root file system. But the commandline params work fine. They have the obvious advantage compared to our "modern" option that they are much easier to type without looking up the spelling in the docs. Undeprecate them to avoid unnecessary churn.
* | varlink: apparently on old kernels SO_PEERPIDFD returns EINVALLennart Poettering7 days1-1/+1
| |
* | userdbctl: two trivial fixlets (#35296)Lennart Poettering7 days1-4/+25
|\ \ | | | | | | Fixes: #35294
| * | userdbctl: respect selected disposition also when showing gid boundariesLennart Poettering7 days1-0/+3
| | | | | | | | | | | | Follow-up for: ad5de3222f7
| * | userdbctl: fix countingLennart Poettering7 days1-4/+8
| | | | | | | | | | | | Fixes: #35294
| * | userbdctl: show 'mapped' user range only inside of usernsLennart Poettering7 days1-0/+14
| | | | | | | | | | | | | | | Outside of userns the concept makes no sense, there cannot be users mapped from further outside.
* | | tpm2-util: fix parameter nameAntonio Alvarez Feijoo7 days1-1/+1
| | |
* | | man: split cryptenroll man page into sections (#35297)Luca Boccassi7 days1-1/+1
|\ \ \ | |/ / |/| |
| * | cryptenroll: it's called PKCS#11, not PKCS11Lennart Poettering7 days1-1/+1
| |/ | | | | | | | | In the --help text we really should use the official spelling, just like in the man page.
* / core/service: service_add_fd_store() consumes passed fdYu Watanabe7 days1-3/+1
|/ | | | | | | | Without this change, the fd is closed twice on failure. Fixes a bug introduced by dff9808a628c31b7ecb1f1aba8fdc3be06ce8372. Fixes #35288.
* cgroup-util: fix memory leak on errorLuca Boccassi8 days1-2/+2
| | | | | | CID#1565824 Follow-up for f6793bbcf0e3f0a6daa77add96183b88d5ec2117
* network: update state files before replying bus methodYu Watanabe9 days1-0/+8
| | | | Follow-up for 2b07a3211ba8b1b81d6cebb9650d5cb24554b08a.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 12:58:12 +0100