Let's unconditionally drop privileges before submitting the coredump log
message.
Let's make the codepaths where we acquired a coredump and where we
didn't more alike: let's drop privs in both cases.
This is not only safer, but means that the coredump messages are always
accessible by the owner of the aborted process.
Let's not claim a process dumped core if that was disabled via resource
limits.
While we are at it, switch from stack to heap allocation for the log
message, as it includes a stack trace which can be arbitrarily large.
Fixes: #28559
If we have a DDI that contains only a /usr/ tree (and which is thus
combined with a tmpfs for root on boot) we previously would try to apply
idmapping to the tmpfs, but not the /usr/ mount. That's broken of
course.
Fix this by applying it to both trees.
The device node may be different from we want to activate, and we may
try to activate different device in the subsequent loop. In such case,
we should enable the automatic removal for the unexpected device.
Otherwise, it will not be removed even when not necessary anymore.
This module reads password from kernel keyring and sets it as PAM authtok.
It's inspired by gdm's pam_gdm, which reads the LUKS password stored by
systemd-cryptsetup, so Gnome Keyring can be automatically unlocked if set
to the same password (when autologin is enabled so the user doesn't enter
a password in gdm).
When testing the secureboot enroll feature, it can be hard to distinguish without
using the QMP API of QEMU whether we are in a hang situation of the UEFI firmware.
Making it clear that we reached the `ResetSystem` can be helpful towards that need.
Both sleep_mode_supported and write_mode support this,
but parse_sleep_config currently prohibits this - it always
uses our default value if user specifies HibernateMode=<empty>.
When a late error occurs in sd-executor, the cleanup-on-close of the
context structs happen, but at that time all FDs might have already
been closed via close_all_fds(), so a double-close happens. This
can be seen when DynamicUser is enabled, with a non-existing
WorkingDirectory.
Invalidate the FDs in the context structs if close_all_fds succeeds.
Add EINVAL to the list of ignored errnos, since acl_from_text() returns
EINVAL if it can't translate the given string.
~# cat /tmp/tmpfiles-test.conf
a+ /tmp/foo - - - - default:group:foo:rwx
~# build/systemd-tmpfiles /tmp/tmpfiles-test.conf --create --graceful
Failed to parse ACL "default:group:foo:rwx", ignoring: Invalid argument
Resolves: #29742
Let's prefix it with a common prefix, and make sure the names are all
singular and the string table actually matches the names.
No change in behavour, just some rafactoring to make this enum a bit
less special, and make it follow our usual coding style more closely.
The extra space was actually screwing up deserialization:
~# systemd-run --wait --pipe -p SocketBindAllow=any true
Running as unit: run-u167.service
Finished with result: exit-code
Main processes terminated with: code=exited/status=234
Service runtime: 1ms
CPU time consumed: 0
~# journalctl -b -p err
...
Oct 27 16:39:15 arch systemd-executor[5983]: Failed to deserialize: Invalid argument
Let's not do that by default and introduce a simple wrapper which
inserts the space after each item only when necessary.
Prompted by #29705
Note that x-systemd.wanted-by= and x-systemd.required-by= are not
dropped, since we ignore them because they are unnecessary rather
than unapplicable.
