| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Add a model-specific entry for Medion Akoya E2228T MD61900 accelerometer to 60-sensor.hwdb so the orientation is detected correctly.
|
| |\
| |
| | |
Pull libfprint autosuspend hwdb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
libfprint includes a list of known fingerprint readers that can be
autosuspended. Upstream libfprint generates this file from the USB IDs
registered to drivers and a list of well-known readers that are
currently unsupported.
Closes: #17663
|
| | |
| |
| |
| |
| | |
This makes sense so that we can extend the script to also update other
files.
|
| |\ \
| | |
| | | |
chroot/sd_notify() fixes
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
MountAPIVFS= implicitly mounts /run as tmpfs now, no need to do this
explicitly.
The notification socket is now implicitly mounted too, if NotifyAccess=
and RootImage=/RootDirectory= are used together.
|
| | | |
| | |
| | |
| | | |
Fixes: #18051
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously if people enabled RootDirectory=/RootImage= and NotifyAccess=
together, things wouldn't work, they'd have to explicitly add
BindReadOnlyPaths=/run/systemd/notify too.
Let's make this implicit. Since both options are opt-in, if people use
them together it would be pointless not also defining the
BindReadOnlyPaths= entry, in which case we can just do it automatically.
See: #18051
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
connection optional
@keszybz's right on
https://github.com/systemd/systemd/pull/18248#issuecomment-760798473:
swapping out the userdata pointer of a live varlink connection is iffy.
Let's fix this by making the userdata inheritance from VarlinkServer
object to the Varlink connection object optional: we want it for most
cases, but not all, i.e. all those cases where the calls implemented as
varlink methods are stateless and can be answered synchronously. For the
other cases (i.e. where we want per-connection objects that wrap the
asynchronous operation as it goes on) let's not do such inheritance but
initialize the userdata pointer only once we have it. THis means the
original manager object must be manually retrieved from the
VarlinkServer object, which in turn needs to be requested from the
Varlink connection object.
The userdata inheritance is now controlled by the
VARLINK_INHERIT_USERDATA flag passed at VarlinkServer construction.
Alternative-to: #18248
|
| |\ \ \
| |/ /
|/| | |
sysext: post-merge fixups
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
As suggested by @yuwata:
https://github.com/systemd/systemd/pull/18181#pullrequestreview-570826113
|
| | | |
| | |
| | |
| | | |
Just some simple refactoring to simplify the logic.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Tree wide various cleanup
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |/ /
|/| |
| | |
| | |
| | |
| | | |
The logging related functions are mistakenly located in main() by
a084b3878955bc1b93adcaa7a41acb83b18eff9b, and dropped by
23afa884d4f3bcd97160a893816f9ba170f62ad4.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Follow-up for ece852c84592220c3d6bb5a055fd8b84ea097290.
This addresses the following comments by the Lennart:
---
hmm, so this now does two access() calls for the case where the fd is
not requested, and opens things up for races (theoretically, …). now,
the access() code path was in place for optimization, but if an optimization
is less sexy than the original (and i think it is less sexy, since more
than one syscall, and non-atomic), i think we shouldn't do the optimization.
maybe we should just always use open(O_PATH) now, and then fstat() it to
check if regular file, and then access_fd() it for checking if its executable.
|
| |/ /
| |
| |
| | |
This reverts commit 71ad75f30641b90f9ca0088869f164d9d085430f.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This was failing s390x ubuntu ci due to an old version of binutils;
the binutils package in use for ubuntu ci tests has been updated and
the build no longer fails, so this can use the macro again.
Fixes: #18165
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Apparently SELinux inserts control data into AF_UNIX datagrams where we
don't expect it, thus miscalculating the control data. This looks like
something to fix in SELinux, but we still should handle this gracefully
and just drop the offending datagram and continue.
recvmsg_safe() actually already drops the datagram, it's just a matter
of actually ignoring EXFULL (which it generates if control data is too
large) in the right places.
This does this wherever an AF_UNIX/SOCK_DGRAM socket is used with
recvmsg_safe() that is not just internal communication.
Fixes: #17795
Follow-up for: 3691bcf3c5eebdcca5b4f1c51c745441c57a6cd1
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
host libudev"
This reverts commit 73484ecff90f2cc235d827c0e955999bffe64dd0.
3976f372ae91e1cbe5ff9873aadfc2c43400452e moved libudev.so to be built in the
main directory, so this addition to $LD_LIBRARY_PATH is now obsolete.
After that commit, we build the following shared libraries:
build/libnss_myhostname.so.2
build/libnss_mymachines.so.2
build/libnss_resolve.so.2
build/libnss_systemd.so.2
build/libsystemd.so.0.30.0
build/libudev.so.1.7.0
build/pam_systemd.so
build/pam_systemd_home.so
build/src/boot/efi/stub.so
build/src/boot/efi/systemd_boot.so
build/src/shared/libsystemd-shared-247.so
EFI stubs don't matter, and libsystemd-shared-nnn.so is loaded through rpath,
and is doesn't need to and shouldn't be in $LD_LIBRARY_PATH. In effect, we only
ever need to add the main build directory to the search path.
|
| | |
| |
| |
| | |
Follow-up for 2d816c9804c1d565797faff85c0fdbfb15f1e9d5
|
| | |
| |
| |
| | |
Fixes: #18238
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
path to namespace logic
Otherwise, the namespace logic will try to mount a dir that doesn't
actually exist.
Fixes: #18116
|
| |\ \
| | |
| | | |
importd: when downloading raw image, also download .roothash.p7s and .verity along with it
|
| | | |
| | |
| | |
| | |
| | | |
Let's split out the actual gpg logic into a helper function, so that we
can add alternative validations later on.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We already had support for downlading a .nspawn and a .roothash file,
let's make the set complete, and also download .verity + roothash.p7s if
it exists, as nspawn consumes that.
Since there are now four kinds of additional resources to acquire, let's
introduce a PullFlags flags value for this instead of separate 'bool'
variables, it's just too many to always pass those around on the
function parameter list.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Previously we'd collect the data from redirects too, which wasn't
particularly terrible, since these typically don't carry the data we
were interested in, but it's still incorrect to do so.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Properly reset all fields that have to do with the current GET job when
we restart things. Previously we freed/reset only some stuff, leaking
some memory even.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously the PullJob object took internal care of rerequested the
SHA256SUMS file, if requesting <image>.sha256 didn't work. This was a
weird a non-abstraction only used when actually getting the checksum
files.
Let's move this out of the PullJob, so that it is generic again, and
does roughly the same stuff for all resources it is used for: let's
define a generic .on_not_found() handler that can be set on a PullJob
object, and is called whenever with see HTTP 404, and may be used to
provide a new URL to try if the first didn't work.
This is also preparation for later work to support PKCS#7 signatures
instead of gpg signatures, where a similar logic is needed, and we thus
should have a generic infrastructure place.
This gets rid of the VerificationStyle field in the PullJob object:
instead of storing this non-generic field we just derive the same
information from the URL itself, which is safe, since we generated it
ourselves earlier.
|
| | | | |
|
| | | | |
|
| | | | |
|
