system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-01 13:55:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
74559 commits 5 branches 389 tags 501 MiB
Commit graph

74559 commits

This branch
This branch
All branches
Author SHA1 Message Date
Lennart Poettering d0c441f99e stub: unify how we combine 'measured' flags 
We have the same non-trivial ternary op expression at various places,
let's unify it in one call, to make this easier to read and remove
duplication.
 2024-06-24 22:43:45 +02:00
Lennart Poettering ff8d08ab4e uefi: drop redundant local variable 2024-06-24 22:43:45 +02:00
Lennart Poettering 95340b33a4 uefi: drop ill-placed empty line 
Let's not place empty lines between function calls and their immediate
error handling.
 2024-06-24 22:38:24 +02:00
nerdopolis 952b26c75d login: Add a new SecureAttentionKey dbus signal when Ctrl+Alt+Shift+Esc is pressed 2024-06-24 22:29:38 +02:00
Luca Boccassi f8f06462e5
Merge pull request #33042 from poettering/machined-unpriv 
machined: unprivileged machine registration
 2024-06-24 20:45:37 +02:00
Luca Boccassi 9ca01a6475
Merge pull request #33000 from poettering/ssh-proxy-machine 
systemd-ssh-proxy: look for VSOCK CIDs in machined
 2024-06-24 20:35:07 +02:00
Yu Watanabe 08f333b9ff
Merge pull request #33466 from YHNdnzj/open-file-graceful-log 
core/exec-invoke: clean up OpenFile= logging
 2024-06-25 03:26:04 +09:00
Eugeny Shcheglov 1750e30d23
Fix typo in CAP_BPF description (#33464) 
description_good and description_bad are mixed up. Disabling CAP_BPF results in the inability to load BPF, not the other way around.
 2024-06-25 03:23:50 +09:00
oldherl 341f04fa33
hwdb: fix keyboard of RedmiBook Pro 15 2022 (#33465) 
Fix two problems of the keyboard of RedmiBook Pro 15 2022.
- Enter key in the main area was mapped to KP_Enter.
- When Fn is locked (to use F1-F12 without pressing Fn),
  Right Ctrl was mapped to Menu. Keeping it as Right Ctrl is more useful.
 2024-06-25 03:22:37 +09:00
Mike Yuan c24ac9b97b
core/exec-invoke: clean up OpenFile= logging 
Make collect_open_file_fds() the only logging function,
and downgrade various usual errors to debug level
if OPENFILE_GRACEFUL is set.

Fixes #33458
 2024-06-24 18:31:38 +02:00
Mike Yuan b9c5d812d5
core/exec-invoke: reopen OpenFile= fds with O_NOCTTY 2024-06-24 18:31:36 +02:00
Lennart Poettering 21ab3f505a uefi: emphasize a bit that EV_IPL event logs is the past, EV_EVENT_TAG the future 2024-06-24 16:26:43 +02:00
Mike Yuan c53580bf2e
Merge pull request #33401 from yuwata/journal-revert-source-boottime-timestamp 
journal: partially revert recent changes
 2024-06-24 15:34:16 +02:00
Mike Yuan 28cb2803a2
Merge pull request #33456 from yuwata/terminal-util 
terminal-util: use colon as separator for specifying color
 2024-06-24 15:29:36 +02:00
Robin Lee 6efab8c343 vmspawn: define QEMU_MACHINE_TYPE for loongarch64 
Use ["virt"](https://www.qemu.org/docs/master/system/loongarch/virt.html) as a commonly used generic platform on loongarch64.
 2024-06-24 12:43:45 +02:00
Yu Watanabe c8210d98a4 terminal-util: several cleanups for ColorMode 
- introduce or rename usual enum values _MAX and _INVALID,
- introduce and use string table lookup functions,
- split out implementation of get_color_mode() to _impl(),
- add tests for get_color_mode().
 2024-06-24 17:57:07 +09:00
Yu Watanabe 5f0b72e53b terminal-util: merge COLOR_ON with COLOR_24BIT 
Currently, we assume that there is no restriction on coloring when
COLOR_24BIT. Let's merge the two values.

Follow-up for a5efbf468c.
 2024-06-24 17:57:07 +09:00
Yu Watanabe 6eabe9f2ff terminal-util: use colon as separator for specifying color 
Then, terminal will safely ignore unsupported features, like colored
underline.

Fixes a regression caused by 891abc9cf1.
Fixes https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074073.
Fixes #33449.
 2024-06-24 17:57:07 +09:00
Luca Boccassi 59a7019fee
Merge pull request #33452 from bluca/repart_pkg 
mkosi: install new split-out systemd packages
 2024-06-23 13:19:30 +01:00
Luca Boccassi 8a91a43197 mkosi: bump Debian Salsa commit to latest 2024-06-23 10:20:27 +01:00
Luca Boccassi 621a7fe064 mkosi: install new split-out systemd packages 
repart and cryptsetup tools were moved out of the main package
to reduce dependencies.
 2024-06-23 10:18:10 +01:00
Mike Yuan eb37c0c078 bus-unit-util: add PrivateTmpEx to bus_append_execute_property() 
Follow-up for 9d50d053f3
 2024-06-23 06:43:14 +09:00
Stuart Hayhurst 5e717db67c hwdb: Fix Logitech G915 TKL (Bluetooth) appearing as a mouse 2024-06-23 06:41:58 +09:00
Diego Viola a78394a49a man: fix double is typo in systemd-tmpfiles 
Signed-off-by: Diego Viola <diego.viola@gmail.com>
 2024-06-22 17:06:26 +09:00
Lennart Poettering 18eaff4272 tree-wide: fix type of read() return variable at a couple of places 
read() returns ssize_t (i.e. 64bit typically). We assigned it to int
variables in some cases (i.e. 32bit typically). Let's not be so sloppy,
and not accidentally drop 32bit on the floor.

(of course, this is not an issue IRL since we'll not have allocations
above 2^32 ever we could read into, but still, let's clean this up)
 2024-06-22 17:05:36 +09:00
Lennart Poettering 57b41f15e5 varlink: yet another fix around handling of IDL comments 
Skip over them when validating a message against the IDL.

Add test case that tests this.
 2024-06-22 17:03:17 +09:00
Yu Watanabe af6e88432f
Merge pull request #33439 from YHNdnzj/private-tmp-followup 
core: several follow-ups for recent changes to PrivateTmp
 2024-06-22 16:34:55 +09:00
Yu Watanabe 5ab6845036
Merge pull request #33408 from poettering/install-change-fix 
install: some follow-up fixes to #33254
 2024-06-22 16:24:47 +09:00
Lennart Poettering d9a57a550b update TODO 2024-06-21 17:49:26 +02:00
Lennart Poettering ec67cc9785 units: register vmspawn VMs started via systemd-vmspawn@.service by default with machined 2024-06-21 17:49:26 +02:00
Lennart Poettering ecc4287dee vmspawn: by default, let machined register a cgroup for VMs 
This mimics what we do in nspawn: if registration is enabled we'll let
machined allocate a scope unit for us. When --keep-unit is used we'll
register without creating a new scope.

This brings behaviour more inline with what nspawn does, exposing the
same sets of options.
 2024-06-21 17:49:26 +02:00
Lennart Poettering e16be05858 nspawn: machine registration is now available unpriv 2024-06-21 17:38:23 +02:00
Lennart Poettering f98e821cda machined: support allocating a scope for machines if needed via varlink 
On dbus we have two apis: one for registering a new machne when the
client already has a cgroup (RegisterMachine()) and one where it doesn't
and machined shall create it (CreateMachine()).

Let's add the same for the varlink api. To simplify things we just
implement it via a boolean flag to the existign RegisterMachine()
varlink call, since the differences are mostly minor otherwise.
 2024-06-21 17:38:23 +02:00
Lennart Poettering 38a7666df3 machined: allow unprivileged registration of VMs/containers 
Now that we have a concept of unprivileged VMs and containers, let's
allow unprivileged clients to register with machined too – subject to
Polkit permissions.
 2024-06-21 17:38:23 +02:00
Mike Yuan 9d50d053f3
core: expose PrivateTmp=disconnected 
As discussed in https://github.com/systemd/systemd/pull/32724#discussion_r1638963071

I don't find the opposite reasoning particularly convincing.
We have ProtectHome=tmpfs and friends, and those can be
pretty much trivially implemented through TemporaryFileSystem=
too. The new logic brings many benefits, and is completely generic,
hence I see no reason not to expose it. We can even get more tests
for the code path if we make it public.
 2024-06-21 17:31:44 +02:00
Lennart Poettering f2b10bebb6 test: add some superficial integration tests 2024-06-21 17:28:16 +02:00
Lennart Poettering 26b455d815 ssh-proxy: add support for connecting to VMs by AF_VSOCK via "machine/…" host specs 
With this one can type "ssh machine/foobar" to connect to locally
registered machine "foobar" via SSH-over-AF_VSOCK.
 2024-06-21 17:28:16 +02:00
Lennart Poettering 1c7642a3b7 machined: add simple varlink API for listing machines 2024-06-21 17:28:16 +02:00
Lennart Poettering 53dca805a2 json: teach json_build() to serialize dual_timestamp structures reasonably 2024-06-21 17:28:16 +02:00
Mike Yuan d7f24848ba
core/namespace: add assertion for PRIVATE_TMP_CONNECTED 2024-06-21 17:24:08 +02:00
Mike Yuan 335b14ade5
core/exec-invoke: respect needs_sandboxing for PrivateTmp 
Follow-up for 0e551b04ef
 2024-06-21 17:24:08 +02:00
Mike Yuan 5f460ae1c2
core/dbus-util: move dbus setter/getter for PrivateTmp to dbus-execute 
As with all other properties for ExecContext
 2024-06-21 17:23:16 +02:00
Lennart Poettering bed73f32ac varlink: yet another fix around handling of IDL comments 
Skip over them when validating a message against the IDL.

Add test case that tests this.
 2024-06-21 17:06:54 +02:00
Mike Yuan 41db82f206
core/dbus-execute: use FOREACH_ARRAY more, drop bus_ prefix for static funcs 2024-06-21 17:04:41 +02:00
Mike Yuan c3662116b9
man/org.freedesktop.systemd1: Status{Bus,Varlink}Error belongs to Service, not Scope 
Follow-up for 9c025022d9

Ugh, shouldn't have done this bit when I was sleepy...
 2024-06-21 16:47:28 +02:00
Lennart Poettering 64d61d1918 install: shorten code a bit 
This changes behaviour a bit, since we now keep track of OOM errors in
install_changes_add(). Which I'd argue is a good thing.
 2024-06-21 16:27:13 +02:00
Lennart Poettering 422f80d59b install: collect more install_changes_add() errors 
We so far collected most unexpected errors from install_changes_add()
and propagated them – but for some invocations we forgot to do that. Add
that, and take care we only propagated unexpected errors (i.e. ENOMEM
and such), but treat expected errors as before.

Follow-up for 5163c9b1e5
 2024-06-21 16:25:57 +02:00
Lennart Poettering 50df39f2dc cryptsetup: minor coding style tweaks 
Don't cram function calls and assignment into if condition checks. It's
not how we usually do things.

Also, define variables at innermost scope.
 2024-06-21 15:57:21 +02:00
Nick Rosbrook 82f57401d9 test: skip test-cgroup-id on ENOSYS from cg_cgroupid_open 
Most container managers will block open_by_handle_at with seccomp to
mitigate a container escape attack. LXD in particular returns ENOSYS
rather than e.g. EPERM like nspawn. Skip this test if we get ENOSYS
from open_by_handle_at via cg_cgroupid_open.
 2024-06-21 15:56:42 +02:00
Yu Watanabe 2c1ada796a
Merge pull request #33424 from poettering/machined-gc-rework 
machined: clean up GC logic
 2024-06-21 08:26:30 +09:00