Defer and exit event sources are marked pending once when they are added
and never again afterwards. This means their pending_iteration is never
incremented after they are initially added, which breaks fairness among
event sources with equal priority which depend on the pending_iteration
variable getting updated in source_set_pending(). To fix this, let's assign
iterations for defer and exit sources in source_dispatch() instead so that
those get their pending_iteration updated as well.
Sometimes it's hard to assign responsibility to a specific event source
for exiting when there's no more work to be done. So let's add exit-on-idle
support where we exit when there are no more event sources.
This enables running something like
"mkosi box -- run0 --empower --same-root-dir -E PATH" to get an
empowered session as the current user within the "mkosi box" environment.
As documented in sd_event_add_memory_pressure(), we can only add
the memory pressure fd to epoll once we've written the watch string,
so make sure we don't register the memory pressure in
event_source_online() until we've written the watch string.
More post event sources might get added during dispatching, we want
to make sure those become pending as well if we're dispatching a non-post
event source.
The kernel converts a bunch of errors to ESTALE in the open_by_handle_at()
codepath so we treat it as missing privs but it could be absolutely
anything really.
Currently the only supported integrity algorithm using HMAC is
`hmac-sha256`. Add `hmac-sha512` to the list of supported algorithms as
well.
Also add the `PHMAC` integrity algorithm to the list of supported
algorithms. The `PHMAC` algorithm is like the regular HMAC algorithm,
but it takes a wrapped key as input. A key for the `PHMAC` algorithm is
an opaque key blob, who's physical size has nothing to do with the
cryptographic size. Such a wrapped key can for example be a HSM
protected key. Currently PHMAC is only available for the s390x
architecture (Linux on IBM Z).
Support for PHMAC has just been added to the cryptsetup project via MR
https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/693 by commit
296eb39c60
To allow automatic opening of integrity protected volumes that use PHMAC
via `/etc/integritytab`, this change in systemd's integritysetup tool is
needed as well.
This adds a new `Hostname=` option to the [DHCPServerStaticLease]
section in .network files, allowing an administrator to assign a
specific hostname to a client receiving a static lease.
We automatically select the correct DHCP option to use based on the
format of the provided string:
- Single DNS labels are sent as Option 12.
- Names with multiple DNS labels are sent as Option 81 in wire format.
Fixes: #39634
glibc's sys/stat.h includes linux/stat.h, and we have copy of it from
the latest kernel, hence all new flags are always defined.
However, musl's sys/stat.h does not include linux/stat.h, and moreover,
they conflict with each other, hence we cannot include both header
simultaneously. Let's define missing macros to support musl.
This is to avoid build failures like below for musl.
test-recurse-dir.c:23:24: error: ‘FTW_CONTINUE’ undeclared
Co-authored-by: Yu Watanabe <watanabe.yu+github@gmail.com>
Even 'gshadow' meson option is disabled, src/shared/userdb.c and
src/shared/user-record-nss.c include gshadow.h unconditionally.
Let's introduce dummy header to make them compiled gracefully.
Add the PHMAC integrity algorithm to the list of supported algorithms.
The PHMAC algorithm is like the regular HMAC algorithm, but it takes a wrapped key
as input. A key for the PHMAC algorithm is an opaque key blob, who's physical size
has nothing to do with the cryptographic size. Currently PHMAC is only available
for the s390x architecture.
If we're switching users but not entering a container, then we can
assume that new switches for systemd-stdio-bridge are available, so
make use of them in that case.
When we use stdio-bridge via sd-bus to connect to a bus of a different
user, container or host, stdio-bridge should not log at error level but
at debug level as it's invoked by the sd-bus library and sd-bus should
generally not log above debug level.
We can't actually use the --quiet option yet as that would break connecting
to hosts running older versions of systemd but let's already add the option
now in preparation for a brighter future.
The offset must be specified first, 'whence' second. Fix that.
Except for one case this fix doesn't actually fix any real bug, since
SEEK_SET is defined as 0 anyway, hence the swapped arguments have no
effect.
The one exception is the MTD smartmedia code, which I guess indicates
that noone has been using that hw anymore in a long time?
We try to read again from the beginning, hence let's seek back.
Apparently efivarfs doesn't strictly require this, but it's really weird
that it doesn't.
writev() returns the full size, not just the payload size, hence always
add sizeof(attr) where necessary.
Let's also change a couple of "4" into sizeof(attr) all over the place,
to make clear what they are about.
Fixes: #39695
Follow-up for: 9db9d6806e
We shouldn't ask glibc to keep the old data around (which realloc() is
about), given we overwrite it entirely anyway. Let's hence speed things
up here, and allow glibc to just allocate a new block for us (and
shorten the code a bit)
Follow-up for 3ac4d68498
We have no sensible way to detect why strptime() fails, hence
the fallback path as it is now would fire on glibc systems too,
pointlessly. Let's guard it behind ifdeffery.
