Necessary for crypto_random_bytes(), which is used in the branch that
HAVE_CRYPT_GENSALT_RA is false. Unfortunately, our CIs tested only the
other branch.
These method calls all already have polkit hookup, hence actually allow
them to go through on all levels.
This is mostly playing catchup with a variety of calls added over the
years.
Not sure why the test failed, but maybe the test environment is too
slow? Even this does not fix the failure, by enabling debugging logs,
this hopefully provides more useful information for debugging.
For issue #37685.
This introduce bus_error_is_connection(), and use it where applicable.
Then, this makes connection errors in acquiring invocation ID by
systemd-run handled gracefully, like we already do other places.
Fixes#37675.
Device ID uses device directory name as is, hence may contain '!', but
sd_device_new_from_subsystem_sysname() expects that the input is sysname.
So, we need to replace '!' with '/'.
Follow-up for 1393c5a2a4.
Fixes#37711.
verity-sig partitions are not kernel concepts, hence dm-verity won't
link them for us from the slaves/ subdir in sysfs. Hence let's instead
look up the partition via udev's database.
Hence: when we search for the data+verity+verity-sig partitions then
search for the first two as usual, but search for the latter by looking
up the udev props on the first two, and then following the paths
provided therein.
Fixes: #34835
This extends the dissect_image builtin to actually add device node
references to the device nodes where the associated data is placed, if
we can find it.
This is kept very generic, and independent from the roothash properties
and suchlike, since it makes sense to make it possible to set these
properties also independently of the dissect-image builtin.
The device path is a /dev/disk/by-diskseq/ symlink, so that we have
stable reference that are not subject to dev_t reuses.
And rework partition_designator_is_verity_sig() to be based on
partition_verity_sig_to_data(), so that we don't have to maintain two
lists of verity sig partition types.
While the `port_vlan_id` field was already present in the
`sd_lldp_neighbor`, it wasn't currently parsed from the LLDP packet.
Added support for that as well as a small parsing test.
Closes#28354.
This is more explicit and ensures that even in testing environments we
operate the same way.
As side effect it also avoids the mess around SELinux blocking access to
cgroupfs.
Fixes: #35723
We should not rely that data stored in the journal files remains
entirely untouched at all times. Because we unallocate files, data might
go away any time. Hence, never assert() on any expectations on what the
file contains. Instead, handle it more gracefully as a corruption issue,
and return EBADMSG.
Fixes: #35229#32436
This is just paranoia: let's determine the compression to use once,
instead of twice, after all te data is in journal files which might be
corrupted any time, and it would be weird if we came to different
results here each time.
We must assume that any data in the mmap can change anytime because the
file is deallocated or similar. Let's strictly use EBADMSG for reporting
invalid file contents though (as opposed to using EINVAL if our own code
passes a wrong parameter somwhere).
Depending on which optional features are enabled, the NSS module
might not have been built, which means the custom install script
will fail to remove the file. Let's pass -f so it succeeds regardless
of whether the file exists or not.
