Most container managers will block open_by_handle_at with seccomp to
mitigate a container escape attack. LXD in particular returns ENOSYS
rather than e.g. EPERM like nspawn. Skip this test if we get ENOSYS
from open_by_handle_at via cg_cgroupid_open.
During cross-compilation of systemd, the compiler used to build the bpf's needs
to be pointed at the correct include searchpath. Which can be done by passing
the corresponding directory in through the cflags; for example in yocto/bitbake
this would work: CFLAGS += "--sysroot=${STAGING_DIR_TARGET}"
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
If we have a pidfd, we might as well track the machine's leader PID's
lifetime, and enqueue the machine for a GC run.
(This is similar to what we are already doing for logind's session
leaders)
One major omission in machine's logic so far was that the GC was only
run at startup and on the check-idle timeout, which is really slow.
Let's make this more like the GC logic in homed or logind: make sure we
run it in a close-by event loop cycle.
varlinkctl has this nice feature that it sends the varlink error it gets
via sd_notify() to the caller. With previous commits this information
is collected and exposed in "systemctl status".
Let's make sure we can provide the same in busctl: also propagate errors
the same way.
With this we can comprehensively close#6073
Most of our enums are mapped to strings that use dashes ("-") as word
separators, i.e. "foo-bar-baz". However, Varlink enums do not allow "-"
as separator, see:
https://varlink.org/Interface-Definition
Hence, let's add some simple glue to automatucally turn "-" into "_" for
use when serializing our enums.
This is generally useful, but in some cases particularly: when
implementing enumeration calls that use the "more" flag to return
multiple replies then for the first reply we need to return an error in
case the list of objects to enumerate is empty, usually so form of
"NoSuchXYZ" error. In many cases this shouldn't really be treated as
error, as an empty list probably more than not is as valid as a list
with one, two or more entries.
Qualified Varlink symbol names are the combination of an interface name,
followed by a dot, followed by a symbol name. It's a primary concept,
after all it's what we send over the wire for method calls and get back
for error returns.
hence, let's add an explicit validator for it.
Update frameworks that work automatically in the background
occasionally need to schedule reboots. Systemd-logind already
provides a nice mechanism to schedule shutdowns, send notfications
and block logins short before the time. Systemd has a framework for
calendar events, so we may conveniently use logind to define a
maintenance time for reboots.
The existing ScheduleShutdown DBus method in logind expects a usec_t
with an absolute time. Passing USEC_INFINITY as magic value now tells
logind to take the time from the configured maintenance time if set.
"shutdown -r" leverages that and uses the maintenance time
automatically if configured. The one minute default is still used if
nothing was specified.
Similarly the new 'auto' setting for the --when parameter of systemctl
uses the maintenance time if configured or a one minute timer like the
shutdown command.
systemd-cryptsetup supports a FIDO2 mode with manual parameters, where
the user provides all the information necessary for recreating the
secret, such as: credential ID, relaying party ID and the salt. This
feature works great for implementing 2FA schemes, where the salt file
is for example a secret unsealed from the TPM or some other source.
While the unlocking part is quite straightforward to set up, enrolling
such a keyslot - not so easy. There is no clearly documented
way on how to set this up and online resources are scarce on this topic
too. By implementing a straightforward way to enroll such a keyslot
directly from systemd-cryptenroll we streamline the enrollment process
and reduce chances for user error when doing such things manually.
This is mostly intended as test case for the early enum comment bugfix,
as this Varlink IDL description now contains such comments, and
test-varlink-idl will process it forth and back aleady.
This normalizes how we report an empty list of boot entries in
ListBootEntries(). Our usual pattern is to return one item per method
call, but when there is none we usually return a NoSuchXYZ error. Do so
here too.
Before this we'd return a null item instead here, and only here.
This is a minor compat break, but given that this IPC interface is very
new and probably not used so far (we don't use it in our code at least,
and google doesn#t find any other use) I think this normalization is OK
at this point.
And drop spurious assertion.
Fortunately, the previous logic worked, as /run/systemd/unit-private-tmp
is ordered earlier than /tmp or /var/tmp. But, let's ensure the tmpfs
mounted earlier to make the logic clearer.
Follow-up for 0e551b04ef.
In 99% of uses of sd_json_build() we want to build an object as
outermost construct. Let's shorten this most common case a bit, by
adding sd_json_buildo() that implies this. This allows us to shorten
much of our code, all across the tree.
Even though we don't export json_log() in the public API, let's
officially make the SD_JSON_WARNING/SD_JSON_DEBUG that control its
effect in the public API.
After all, for our own dispatcher functions they have a nice effect, and
they are trivially reimplemented in user code independently.
(We might eventually consider exporting json_log() as public API, but
this is quite involved, given its use of macros/inline functions and
iternal logging API).
This mostly just swaps around the bit flags and cleans up comments.
Currently, install_info_apply() only updates r if it's 0,
meaning that if one of the earlier install_info_symlink_alias/wants()
calls returns > 0, errors generated by later calls will be discarded.
Fix that.
