summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* build(deps): bump github/super-linter from 4.8.1 to 4.8.3dependabot/github_actions/github/super-linter-4.8.3dependabot[bot]2021-11-121-1/+1
| | | | | | | | | | | | | | | Bumps [github/super-linter](https://github.com/github/super-linter) from 4.8.1 to 4.8.3. - [Release notes](https://github.com/github/super-linter/releases) - [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md) - [Commits](https://github.com/github/super-linter/compare/fd9c4286d3de3fdd9258a395570cae287f13f974...7d5dc989c55aaba9d3b7194a7496cdfaa4866af3) --- updated-dependencies: - dependency-name: github/super-linter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* Merge pull request #21329 from poettering/homed-compress-defaultLennart Poettering2021-11-122-1/+18
|\ | | | | homed: default to btrfs compression
| * docs: document new mount option env varLennart Poettering2021-11-121-0/+6
| |
| * homed: add env var for overriding default mount optionsLennart Poettering2021-11-121-0/+11
| | | | | | | | | | | | | | | | This adds an esay way to override the default mount options to use for LUKS home dirs via the env vars SYSTEMD_HOME_MOUNT_OPTIONS_EXT4, SYSTEMD_HOME_MOUNT_OPTIONS_BTRFS, SYSTEMD_HOME_MOUNT_OPTIONS_XFS. See: #15120
| * homework: default to btrfs compressionLennart Poettering2021-11-121-1/+1
| | | | | | | | | | | | | | | | This follows what Fedora did with 34: enables compression by default, lowering IO bandwidth and reducing disk space use, at the price of slightly higher CPU use. https://fedoraproject.org/wiki/Changes/BtrfsTransparentCompression
* | man: run ninja -C build update-man-rulesLennart Poettering2021-11-121-1/+3
| |
* | homework: add a const where appropriateLennart Poettering2021-11-121-1/+1
| |
* | keyring-util: add new keyring-util.h helpersLennart Poettering2021-11-124-24/+65
| | | | | | | | | | | | | | | | This adds to new helpers: keyring_read() for reading a key data from a keyring entry, and TAKE_KEY_SERIAL which is what TAKE_FD is for fds, but for key_serial_t. The former is immediately used by ask-password-api.c
* | Merge pull request #21294 from keszybz/binfmt-miscLennart Poettering2021-11-121-41/+48
|\ \ | | | | | | Improve systemd-binfmt logging, fix exit value
| * | binfmt: add logging informationZbigniew Jędrzejewski-Szmek2021-11-121-35/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In delete_rule(), we already checked that the rule name is a valid file name (i.e. no slashes), so we can just trivially append. Also, let's always reject rules that we would later fail to delete. It's probably better to avoid such confusion. And print the operations we do with file name and line number. I hope this helps with cases like https://github.com/systemd/systemd/pull/21178. At least we'll know what rule failed. $ sudo SYSTEMD_LOG_LEVEL=debug build/systemd-binfmt Flushed all binfmt_misc rules. Applying /etc/binfmt.d/kshcomp.conf… /etc/binfmt.d/kshcomp.conf:1: binary format 'kshcomp' registered.
| * | binfmt: unparenthesize a bitZbigniew Jędrzejewski-Szmek2021-11-101-5/+3
| | |
| * | binfmt: fix exit valueZbigniew Jędrzejewski-Szmek2021-11-101-1/+1
| | | | | | | | | | | | | | | Positive values are mapped to 0 by DEFINE_MAIN_FUNCTION(), so e.g. systemd-binfmt --foobar would "succeed".
* | | homework: turn off compression for files backing LUKS volumesLennart Poettering2021-11-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | We need random access read/write files, and compression sucks for that, hence disable it on the underlying files. Compression in the home directory might be desirable, but if so it should be done *inside* the home dir fs, not on the underlying fs.
* | | tree-wide: don't ignore return code from sd_event_source_set_enabled()Luca Boccassi2021-11-122-4/+4
| | | | | | | | | | | | | | | | | | CID#1465793 CID#1465794 CID#1465795
* | | Merge pull request #21320 from poettering/namespace-mkdir-umaskLennart Poettering2021-11-127-33/+51
|\ \ \ | | | | | | | | make pid1 namespace code independent of umask
| * | | tests: add test case for UMask=+BindPaths= combinationLennart Poettering2021-11-122-0/+17
| | | | | | | | | | | | | | | | Inspired by the test case described in #19899
| * | | namespace: make tmp dir handling code independent of umask tooLennart Poettering2021-11-121-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's make all code in namespace.c robust towards weird umask. This doesn't matter too much given that the parent dirs we deal here almost certainly exist anyway, but let's clean this up anyway and make it fully clean.
| * | | namespace: make whole namespace_setup() work regardless of configured umaskLennart Poettering2021-11-121-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's reset the umask during the whole namespace_setup() logic, so that all our mkdir() + mknod() are not subjected to whatever umask might currently be set. This mostly moves the umask save/restore logic out of mount_private_dev() and into the stack frame of namespace_setup() that is further out. Fixes #19899
| * | | namespace: rebreak a few commentsLennart Poettering2021-11-121-16/+14
| | | |
| * | | umask-util: add helper that resets umask until end of current code blockLennart Poettering2021-11-124-9/+9
| | | |
* | | | Merge pull request #21316 from evverx/pin-labelerFrantisek Sumsal2021-11-125-4/+10
|\ \ \ \ | |_|_|/ |/| | | ci: pin labeler
| * | | ci: pin some workflows to SHAsEvgeny Vereshchagin2021-11-113-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to let Dependabot keep track of them using SHAs codeql-actions doesn't point to SHAs because it isn't clear whether Dependabot supports their release cycle mentioned at https://github.com/github/codeql-action/issues/307
| * | | ci: pin labelerEvgeny Vereshchagin2021-11-112-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Turns out GHActions where `pull_request_target` is used are capable of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ labeler doesn't check out the source code or build anything so it's safe in its current form but to avoid surprises let's just pin it to the latest version. It's annoying to manage dependencies like this manually so additionally dependabot.yml is introduced to make it easier to keep GHActions up to date more or less automatically: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
* | | | execute: always log a warning when setting SELinux context failsTopi Miettinen2021-11-122-10/+19
| | | | | | | | | | | | | | | | Update also manual page to explain how the transition can still fail.
* | | | Merge pull request #21321 from yuwata/ether-addr-fix-localZbigniew Jędrzejewski-Szmek2021-11-122-1/+36
|\ \ \ \ | |/ / / |/| | | ether-addr-util: fix ether_addr_is_local()
| * | | test: add tests for MAC address helper functionsYu Watanabe2021-11-121-0/+31
| | | |
| * | | ether-addr-util: fix ether_addr_is_local() and add one more helperYu Watanabe2021-11-121-1/+5
| | | | | | | | | | | | | | | | Follow-up for 1f86a3fe52c71af7f46381bf45c2efe580a19dcc.
* | | | ci: run codeql-analysis dailyEvgeny Vereshchagin2021-11-121-0/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/github/codeql-action Apparently to judge from a couple of warnings I haven't seen before it's a bit different from LGTM.
* | | | Change gendered terms to be gender-neutral (#21325)Emily Gonyer2021-11-128-9/+9
| |/ / |/| | | | | Some typos are also fixed.
* | | pid1: add a manager_trigger_run_queue() helperLennart Poettering2021-11-124-12/+19
|/ / | | | | | | | | | | | | | | We have two different places where we re-trigger the run queue now. let's unify it under a common function, that is part of the Manager code. Follow-up for #20953
* | Merge pull request #20953 from msekletar/mount-ratelimit-followup-20329Lennart Poettering2021-11-1215-38/+134
|\ \ | | | | | | Delay running mount start jobs when we /p/s/mountinfo event source is rate limited
| * | mount: retrigger run queue after ratelimit expired to run delayed mount ↵Michal Sekletar2021-11-111-0/+21
| | | | | | | | | | | | | | | | | | start jobs Fixes #20329
| * | mount: make mount units start jobs not runnable if /p/s/mountinfo ratelimit ↵Michal Sekletar2021-11-111-0/+3
| | | | | | | | | | | | is in effect
| * | core: rename/generalize UNIT(u)->test_start_limit() hookMichal Sekletar2021-11-119-25/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Up until now the main reason why we didn't proceed with starting the unit was exceed start limit burst. However, for unit types like mounts the other reason could be effective ratelimit on /proc/self/mountinfo event source. That means our mount unit state may not reflect current kernel state. Hence, we need to attempt to re-run the start job again after ratelimit on event source expires. As we will be introducing another reason than start limit let's rename the virtual function that implements the check.
| * | sd-event: introduce callback invoked when event source ratelimit expiresMichal Sekletar2021-11-116-13/+85
| | |
* | | test: add regression test for systemd-run --scope [--user]Jonas Witschel2021-11-121-0/+17
| | | | | | | | | | | | | | | | | | systemd-run --scope --user failed to run in system 249.6, cf. #21297. Add tests for systemd-run --scope and systemd-run --scope --user to make sure this does not regress again.
* | | macro-fundamental: fix bool → sd_boolLennart Poettering2021-11-111-1/+1
| | |
* | | Merge pull request #21285 from poettering/boot-os-rel-fixLuca Boccassi2021-11-1110-102/+238
|\ \ \ | | | | | | | | sd-boot/bootspec: os-release parsing fixes
| * | | types-fundamental: introduce sd_true + sd_falseLennart Poettering2021-11-113-8/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I think we should stick to the rule that stuff defined in types-fundamental.h either: 1. adds a prefixed concept "sd_xyz" that maps differently in the two environments 2. adds a non-prefixed concept "xyz" that adds a type otherwise missing in one of the two environments but with the same definition as in the other. i.e. if have have some concept that might differ the way its set up in the two environments it really should be prefixed by "sd_" to make clear it has semantics we defined. Only drop the prefix if it really means the exact same thin in all environments. Now, sd_bool is defined prefixed, because its either mapped to "BOOLEAN" (which is an integer) in UEFI or "bool" (which is C99 _Bool) in userspace. size_t is not defined prefixed, because it's mapped to the same thing ultimately (on the UEFI its mapped to UINTN, but that in turn is defined as being the type for the size of memory objects, thus it's really the same as userspace size_t). So far "true" and "false" where defined unprefixed even though they map to values of different types. typeof(true) in userspace would reveal _Bool, but typeof(false) in UEFI would reveal BOOLEAN. The distinction actually does matter in comparisons (i.e. (_Bool) 1 == (_Bool) 2 holds while (BOOLEAN) 1 == (BOOLEAN) 2 does not hold). Hence, let's add sd_true and sd_false, thus indicating we defined our own concept here, and it has similar but different semantics in UEFI and in userspace.
| * | | fundamental: rename type.h → types-fundamental.hLennart Poettering2021-11-115-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | "type.h" is a very generic name, but this header is very specific to making the "fundaemtnal" stuff work, it maps genric types in two distinct ways. Hence let's make clear in the header name already what this is about.
| * | | boot: line-break magic[] array to match osrel[] line breaksLennart Poettering2021-11-111-2/+3
| | | |
| * | | bootspec: catch up with sd-boot's bootspec implementationLennart Poettering2021-11-111-12/+37
| | | | | | | | | | | | | | | | | | | | | | | | Let's parse the same fields and use them the same way as in sd-boot. Fixes: #20093
| * | | boot: when we can't boot use the right boot loader entry display title in ↵Lennart Poettering2021-11-111-1/+1
| | | | | | | | | | | | | | | | log message
| * | | boot: clean up unified boot loader entry name/version extractionLennart Poettering2021-11-114-46/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's make sure IMAGE_ID/IMAGE_VERSION are properly honoured, and explain in a long comment why. Let's also use ID= field again, which was lost by accident. (While we are at it do some minimal OOM checks wherever we touch something)
| * | | bootspec: fix comment that says exactly the opposite of what is trueLennart Poettering2021-11-111-1/+1
| | | |
| * | | boot: const arguments should be constLennart Poettering2021-11-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Unfortunately they forgot the "const" decoration on the MetaiMatch() prototype, but let that omission not leak into our code, let's hide it away in the innermost use.
| * | | boot: ternary op is your friendLennart Poettering2021-11-111-6/+2
| | | |
| * | | boot: add comments what closely related ConfigEntry fields are aboutLennart Poettering2021-11-111-4/+4
| |/ /
* | | Merge pull request #21241 from wat-ze-hex/2021-11-04-fix-bpf-foreign-realizationLuca Boccassi2021-11-112-11/+14
|\ \ \ | | | | | | | | core, bpf: fix bpf-foreign cgroup controller realization
| * | | core: check fs type of BPFProgram= property pathJulia Kartseva2021-11-111-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tests: ``` % stat --file-system --format="%T" /root/bpf/trivial/ bpf_fs % systemd-nspawn -D/ --volatile=yes \ --property=BPFProgram=egress:/root/bpf/trivial/cgroup_skb_egress \ --quiet -- ping -c 5 -W 1 ::1 PING ::1(::1) 56 data bytes --- ::1 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4110ms ``` ``` % stat --file-system --format='%T' /root/meh btrfs % systemd-nspawn -D/ --volatile=yes --property=BPFProgram=egress:/root/meh --quiet -- ping -c 5 -W 1 ::1 ``` sudo ./build/systemd-nspawn \ -D/ --volatile=yes --property=BPFProgram=egress:/home/hex --quiet -- \ ping -c 1 -W 1 ::1 PING ::1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.017 ms --- ::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms
View Lorry Controller Status