| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Follow-ups for 783f794e89996ae7f2ae1872d65c515a672437fa.
|
|
|
|
Then, we can use it as
===
return DUMP_STRING_TABLE(...);
===
|
|
|
|
|
|
To make the generated tests able to detect issues like #35554.
|
|
|
|
These exist in the header file, but were not exporeted.
Continuation of e11f5aa7226253bf31b2ed61be8599bb213c1819.
|
|
|
|
CentOS CIs are disabled after ead814a0b0f64c572282b9e27a0a995893f10cf0.
|
|
|
|
The MountEntry logic was refactored to store the verity
settings, and updated for ExtensionImages=, but not for
MountImages=.
Follow-up for a1a40297dbfa5bcd926d1a19320deb73c033c6f5
|
|
|
|
semaphore CI runs are always very close to the limit of 1hr, and often
time out when it's particularly oversubscribed.
Skip some low-value test cases to shorten the runtime.
|
|
No functional change, just refactoring.
|
|
|
|
This effectively reverts 0bcf1679007e71d1d37666c10ab1f8d46de8d570.
The handling is not necessary anymore after 61242b1f0f9cac399deb67c88c3b62d38218dba3.
|
|
No functional change, just refactoring.
|
|
- Use _cleanup_close_pair_ attribute for the pipe FDs,
- Return earlier on failure in forking polkit agent.
|
|
Closes #35018.
|
|
|
|
In the example from systemd-measure(1), do not bind to PCR 7 in
addition to the PCR policy.
As long as this is still done by default, see #35280.
|
|
This reverts commit 8167c56bfa97525a7b12e7c5685576657364e3cf.
We've announced the breaking change during v254-v257. Let's actually
apply it for v258.
|
|
Suggested in https://github.com/systemd/systemd/pull/35242#discussion_r1862658163
|
|
Even without REMOVE_PHYSICAL, rm_rf() permits cgroupfs.
|
|
This function was listed in the public sd-varlink.h header, but not
actually made public. Fix that. It's quite useful, the comment in it
describes the usecase nicely.
Fixes: #35554
|
|
|
|
This introduces a new unit condition check: that matches if a specific
kmod module is allowed. This should be generally useful, but there's one
usecase in particular: we can optimize modprobe@.service with this and
avoid forking out a bunch of modprobe requests during boot for the same
kmods.
Checking if a kernel module is loaded is more complicated than just
checking if /sys/module/$MODULE/ exists, since kernel modules typically
take a while to initialize and we must check that this is complete (by
checking if the sysfs attr "initstate" is "live").
|
|
Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed).
|
|
If - for whatever reason - a script uses set -u (nounset) and includes
/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via
/etc/profile) the script would fail with:
/etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
For example:
$ cat > foo.sh <<EOF
#!/bin/sh
set -u
source /etc/profile
EOF
$ chmod 700 foo.sh
$ ./foo.sh
/etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
Fix this by using shell parameter substitution[^1] (which is a POSIX
shell concept) to set the $SHELL_* variables to the empty string if
undefined.
[^1]: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html
|
|
Now that we have an explicit userns check we can drop the heuristic for
it, given that it's kinda wrong (because mapping the full host UID range
into a userns is actually a thing people do).
Hence, just delete the code and only keep the userns inode check in
place.
|
|
Now that we have a reliable pidns check I don't think we really should
look for cgroupns anymore, it's too weak a check. I mean, if I myself
would implement a desktop app sandbox (like flatpak) I'd always enable
cgroupns, simply to hide the host cgroup hierarchy.
Hence drop the check.
I suggested adding this 4 years ago here:
https://github.com/systemd/systemd/pull/17902#issuecomment-745548306
|
|
|
|
Follow-up for aab79f52784b4778ae0534452757d9fbf608076a
|
|
|
|
Document the fact that read-only properties may not have the flag
SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the
flag is accepted for writable properties.
Based on the check in `add_object_vtable_internal` called by
`sd_bus_add_object_vtable` (as of the current tip of the main branch
f7f5ba019206cacd486b0892fec76f70f525e04d):
case _SD_BUS_VTABLE_PROPERTY: {
[...]
if ([...] ||
[...]
(v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
r = -EINVAL;
goto fail;
}
(where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas
`_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property).
This was implemented in the commit
adacb9575a09981fcf11279f2f661e3fc21e58ff ("bus: introduce "trusted" bus
concept and encode access control in object vtables") where
`SD_BUS_VTABLE_UNPRIVILEGED` was introduced:
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED
and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them.
Note however that read access is unrestricted, as PropertiesChanged
messages might send out the values anyway as an unrestricted
broadcast.
|
|
Previously, journalctl -I -u GLOB was not supported, while
journalctl -u GLOB works fine. Let's make them consistent.
|
|
No functional change. Preparation for the next commit.
|
|
without suffix
Fixes #35538.
|
|
This way, users don't have to check those features using an external program, or
wait for later failure when trying to enroll using an unsupported feature.
|
|
In Arch the hostname binary is in a different package
Follow-up for cf48bde7aea52b18ac3fa218d3f60fd3d533ef66
|
|
Map all previous, no longer used e-mail addresses to my current e-mail
address.
|
|
Previously, if pid == 0 and we're PID 1, get_process_ppid()
would set ret to getppid(), i.e. 0, which is inconsistent
when pid is explicitly set to 1. Ensure we always handle
such case by returning -EADDRNOTAVAIL.
|
|
While at it, _unlikely_ is dropped, as requested in
https://github.com/systemd/systemd/pull/35242#discussion_r1880096233
|
|
/dev/null is a character device, so same_fd() in the fallback path
that compares fstat will fail, as that bails out if the fd refers
to a char device. This happens on kernels without F_DUPFD_QUERY and
without kcmp.
/* test_same_fd */
Assertion 'same_fd(d, e) > 0' failed at src/test/test-fd-util.c:111, function test_same_fd(). Aborting.
Fixes #35552
|
|
To reproduce, as an unprivileged user start a docker container and build
and run the unit tests inside it:
$ docker run --rm -ti debian:bookworm bash
...
/* test_close_all_fds */
Successfully forked off '(caf-plain)' as PID 10496.
Skipping PR_SET_MM, as we don't have privileges.
(caf-plain) succeeded.
Failed to fork off '(caf-noproc)': Operation not permitted
Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.
Partially fixes #35552
|
|
have ambient caps: yes
Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Failed to drop auxiliary groups list: Operation not permitted
Failed to change group ID: Operation not permitted
Capabilities:cap_dac_override,cap_net_raw=ep
Capabilities:cap_dac_override=ep
Successfully forked off '(getambient)' as PID 12505.
Skipping PR_SET_MM, as we don't have privileges.
Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically.
Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting.
(getambient) terminated by signal ABRT.
src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error
Partially fixes #35552
|
|
TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from
knot:
notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0
Explicitly set nsec3-salt-length=8 to silence.
|
|
The most common case of block=true, ignore_inactive=false is mapped to flags=0.
For https://github.com/systemd/systemd/issues/34091.
|
|
In the review in https://github.com/systemd/systemd/pull/30307#pullrequestreview-2255002732
removal of the excessive boolean parameters was requested. We don't need
a separate boolean param here, since we always pass true with a uid and
false otherwise.
|
