Sometimes it's interesting to condition units not just on the
installation but on the physical device. Let's make ConditionHost=
useful for that kind of checks, and while we are at it, also allow it to
be used for condition checks on the boot id.
Overloading like this is safe, since UUIDs are globally unique after
all, and hence there should be no conflicts between the namespace of
boot ids, machine ids and product ids.
Finally, relax rules on uuid checking: if the specified string parses
as uuid or id, also check it against the hostname, for setups where
people name hosts after uuids. I wouldn't know why anyone would do that,
but also, why not? shouldn'rt hurt allowing them and should not create
ambiguity conflicts.
So far we relied that the temporary file logic would create the key
files with 0600 mode, but let's set the access mode explicitly:
1. Tighten private key file access from 0600 to 0400, after all we never
want to write it again, it's not a mutable file.
2. Relaxed public key file access mode from 0600 to 0444, after all it's
a public key file, and people should be able to see it if they want
This is useful for propagating the key onto other systems if needed.
We already return BUS_ERROR_HOME_ABSENT when we detect the image being
absent before we fork off the homework worker. Let's also return the
same error if the homework process notices the same condition while
actually doing something.
This mostly fixes a race, that the same condition seen at different
points in time results in the same errors.
Let's accept full user records (including status and so on) and simply
eat up the parts we don't care about, instead of refusing the whole
record wholesale.
This makes it easier to just copy a user record from one machine and
registering it at another, without stripping the irrelevant parts first.
When the user/customer sets the time on the system which is prior
than that of the systemd build time, as systemd doesn't allow time
before it's build date after a reboot, systemd is resetting it but
there is no error or exception present in the setTime method due
to which user/customer is unaware of why the time is reset back to
the systemd-build time.
Added a condition check in the set_time() method to return an
error when tried to set time past the systemd build date.
Tested: Verified that it throws an error when we try to set the
time prior to systemd build date.
Change-Id: Ia6b58320bdb7234a21885a44af8fd3bda64c3789
Add --join-signature=hash:sig - when a verity signature partition
has been deferred in a previous run, this allows attaching a signature
that was created offline, for example on a build system like OBS where
the private key is not available to the build process.
Can be specified multiple times, the right partition to act upon will
be selected by matching the data+verity partitions UUIDs with the
provided roothash(es)
Add --join-signature=hash:sig - when a verity signature partition
has been deferred in a previous run, this allows attaching a signature
that was created offline, for example on a build system like OBS where
the private key is not available to the build process.
Can be specified multiple times, the right partition to act upon will
be selected by matching the data+verity partitions UUIDs with the
provided roothash(es)
udev will trigger the uaccess program in 73-seat-late.rules, which
may modify the device's acl permissions. In some cases, udev triggers
the uaccess program when logind is started and active is being set.
At this time, 1) logind sets the user's acl permissions, 2) uaccess
obtains active and sets acl permissions; 3) logind updates seat's
stat_file and writes active. This situation will cause the device to
not have the correct acl permissions, resulting in abnormal situations
such as a black screen. Therefore, it is necessary to write active to
seat's stat file before setting acl.
- FUSE is unconditionally enabled in the container, as our kernel base
line (v5.4) supports userns-safe FUSE, which is supported since v4.18.
- Create /dev/net/tun only when it is accessible.
- Replaces several loops with FOREACH_ARRAY().
This fixes some typos in the documentation, both grammar as well as
incorrect field names.
It also changes the casing of CheckSum to Checksum in L2TP to match
other casings.
- make it return NULL,
- suppress log message about reference counter of writer unless trace
logging is enabled,
- introduce cleanup function for RemoteSource.
Follow-up for 985ea98e7f.
When DevicePolicy= is enabled, but DeviceAllow= for /dev/net/tun is not
specified, bind-mounting the device node from the host system is
meaningless, as it cannot be used in the container anyway.
Let's check the device node is accessible before creating or
bind-mounting.
FUSE is userns-safe since kernel v4.18 (da315f6e03988a7127680bbc26e1028991b899b8),
and now our kernel base line is 5.4. Let's drop the logic of checking
the version of FUSE, and unconditionally enable FUSE.
This split-out common logic from link_drop_routes() and friends.
This is mostly a refactoring, and not change behavior in most cases.
But slightly change behavior for how foreign nexthops and routing
policy rules are managed.
E.g. when KeepConfiguration=static, previously all foreign nexthops and
routing policy rules were kept, but now only foreign nexthops and rules
with RTPROT_STATIC are kept and others are dropped.
Similary, when KeepConfiguration=dynamic, previously all foreign nexthops
and rules were removed, but now foreign configs with a dynamic protocol
e.g. RTPROT_DHCP are kept, and still configs with RTPROT_STATIC are
dropped.
Currently, we do not set/get/manage protocol for neighbor entries.
Hence, the logic of managing foreign neighbor entries is unchanged.
Without this change, only foreign routes with RTPROT_KERNEL, RTPROT_STATIC,
RTPROT_DHCP, RTPROT_RA, and RTPROT_REDIRECT are kept, and foreign routes with
other protocol e.g. RTPROT_BOOT are removed even if KeepConfiguration=yes.
Fixes a regression in dd6d53a8dc (v257).
Fixes#36411.
With this the default canonicalization of paths can be turned off,
giving users explicit control on what shall happen if symlinks are
encountered within a path.
So far, "systemd-umount" executed on a bind mounted file would assume it
is supposed to unmount a loopback mounted file system. Let's address
that by instead checking if the file is a mount.
This also ports over things to use chase() to create/pin the underlying
to mount, and in particular checks that the path does not contain any
symlinks. That's crucial since we cannot allow mounts to be established
with that, since it would mean we couldn't recognize the entries in
/proc/self/mountinfo anymore.
This replaces make_mount_point_inode_from_stat() by
make_mount_point_inode_from_mode() and makes it take a single mode_t
rather than a "struct stat". Moreover, at an "atfd" style directory
parameter.
Then port all users over to new feature, and in particular make use of
the directory fd: use chase() to create and pin parent directories first where
needed.
So far we'd leave the cursor at the end of the Press any key to proceed
message as long as the user didn't type in anything yet, and generated
the newline only after.
Let's switch this around: let's output the newline before.
This should make boot-time output nicer since it means concurrent output
while we wait will start at the beginning of line, and not in the middle.
The hint is not useful, since this is after all invoked as part of the
boot process, and not from an interactive shell, where the user could
directly retry with the changed switch. Hence let's simply suppress the
hint for those cases.
This adds TAB-based auto-completion to various fields we query from the
user, such as locale, keymap, timezone, group membership.
It makes it a lot easier to quickly iterate through firstboot without
typing too much.
This modernizes the function a bit, and adds some bits:
1. whether to show numbers before entries is now optional, and if they
are shown they are displayed in grey.
2. a common prefix can now be grayed out (later useful for completion
support)
3. some variables have been named to clarify their purpose
4. the table display dimensions can now be auto-sized (by specifying
SIZE_MAX and number of columns and column width)
1. Make the message a bit more visible, by adding ANSI color. This
matters in particular during boot, where the message otherwise might
be overprinted by other output
2. Let's turn off terminal echo so that whatever key is entered is not
made visible on screen, and we can handle newline and other keys
reasonably uniformly.
