When running unprivileged containers, we run into a scenario where an
unpriv owned cgroup has a subcgroup delegated to another user (i.e. the
container's own UIDs). When the owner of that cgroup dies without
cleaning it up then the unpriv service manager might encounter a cgroup
it cannot delete anymore.
Let's address that: let's expose a method call on the service manager
(primarly in PID1) that can be used to delete a subcgroup of a unit one
owns. This would then allow the unpriv service manager to ask the priv
service manager to get rid of such a cgroup.
This commit only adds the method call, the next commit then adds the
code that makes use of this.
Let's liberalize process migration a bit. Previously, PID 1 would only
allow you to move processes into your own cgroups, if those processes
are owned by you too. This is now slightly relaxed: it's now also OK if
the processes are in a userns owned by you.
This makes process migration more useful in context of unpriv userns.
This makes sure the the codepath that derives an nsfd from a pid works
the same for the pidfd case and the non-pidfd case: if we can verify
that /proc/ is mounted but the /proc/$PID/ns/ files are missing, we can
assume the ns type is not supported by the kernel. Hence return the same
ENOPKG error in this case as we already do in the pidfd ioctl based
codepath.
As requested, a list of kernel version to feature mapping
for kernels older than minimum baseline is also included,
in order to ease potential backport work.
Poll fds associated with the bus instead of hardcoding stdin/stdout.
This is consequential under socket activation, when the provided fd
should be used instead of stdin/stdout.
The package is logistically separated, as the rpm sources conflict from Fedora
conflict with the rpm sources from SUSE (some files have the same name and
location but different, incompatible content), so Fedora builds can't be
triggered from the same package. The result is the same.
This is something I think we should have added a long time ago: a
flavour of open() that safely ensures the inode we are opening is a
regular file, before we open it. It does this by means of pinning the
inode via O_PATH first, and after verification actually opening it.
This ports some code over to this, but sooner or later we should
probably use this a lot more, so that we don't accidentally open weird
stuff such as device nodes or pipes, where we should not.
This corrects the closing sequence for the ConEmu progress reporting
final sequence. We by mistake sent two final ;;, where only one was
expected. The terminals I tested this with didn't care, but Ghostty
apparently does. Let's fix things and generate the closing sequence as
per doc:
https://conemu.github.io/en/AnsiEscapeCodes.html#ConEmu_specific_OSC
When copying files from or to a container we so far opened the host side
fd first, then entered the container (specifically, joined it's mount
namespace) in a forked off child process, and opened the other side
there, followed by the (potentially slow) copying from inside the
container mount namespace.
This commit changes this so that we rejoin the host mount namespace
before doing the copying routine. This is relevant, so that we can rely
on /proc/self/fd/… to work, which is not the case otherwise, as we'll
see /proc/ from a pidns that is not our own, in wich case
/proc/self/fd/… is refused. By moving back to the host mount namespace
our own pidns and the pidns the /proc/ mount belongs to will be in sync
again, and all is good.
This is in particular preparation for the next commit, that makes the
copy routine strictly depending on /proc/ being accessible and working.
This PR introduces io.systemd.Machine.CopyFrom and CopyTo method which
are DBus alternatives of:
- CopyFromMachine
- CopyToMachine
- CopyFromMachineWithFlags
- CopyToMachineWithFlags
The PR also contain tests
unit_file_add_dependency() asserts, so check before calling it that the
type is expected, or return EINVAL to the caller.
root@localhost:~# busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager AddDependencyUnitFiles "asssbb" 0 uwhatm8 After 1 1
Broadcast message from systemd-journald@localhost (Mon 2025-01-06 18:12:14 UTC):
systemd[1]: Caught <ABRT>, from our own process.
Fixes https://github.com/systemd/systemd/issues/35882
