morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity
72,134 Commits 1 Branch 0 Tags
97df75d7bd13ae9843fb55dd7285bf113adc2bd2
Commit Graph

72134 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jakub Sitnicki
97df75d7bd socket: pass socket FDs to all ExecXYZ= commands but ExecStartPre= 
Today listen file descriptors created by socket unit don't get passed to
commands in Exec{Start,Stop}{Pre,Post}= socket options.

This prevents ExecXYZ= commands from accessing the created socket FDs to do
any kind of system setup which involves the socket but is not covered by
existing socket unit options.

One concrete example is to insert a socket FD into a BPF map capable of
holding socket references, such as BPF sockmap/sockhash [1] or
reuseport_sockarray [2]. Or, similarly, send the file descriptor with
SCM_RIGHTS to another process, which has access to a BPF map for storing
sockets.

To unblock this use case, pass ListenXYZ= file descriptors to ExecXYZ=
commands as listen FDs [4]. As an exception, ExecStartPre= command does not
inherit any file descriptors because it gets invoked before the listen FDs
are created.

This new behavior can potentially break existing configurations. Commands
invoked from ExecXYZ= might not expect to inherit file descriptors through
sd_listen_fds protocol.

To prevent breakage, add a new socket unit parameter,
PassFileDescriptorsToExec=, to control whether ExecXYZ= programs inherit
listen FDs.

[1] https://docs.kernel.org/bpf/map_sockmap.html
[2] https://lore.kernel.org/r/20180808075917.3009181-1-kafai@fb.com
[3] https://man.archlinux.org/man/socket.7#SO_INCOMING_CPU
[4] https://www.freedesktop.org/software/systemd/man/latest/sd_listen_fds.html
 2024-03-27 01:41:26 +08:00
Yu Watanabe
d30d0b04ae Merge pull request #31951 from bluca/resolve_reload 
resolved: support reloading configuration at runtime
 2024-03-27 02:37:52 +09:00
Yu Watanabe
18640f8211 Merge pull request #31959 from YHNdnzj/execute-pass-fds 
core/execute: check if EXEC_PASS_FDS is set if got exec_params.fds
 2024-03-27 02:37:23 +09:00
Yu Watanabe
5c7292fa80 Merge pull request #31960 from YHNdnzj/capsule-followup 
Some follow-ups for capsule
 2024-03-27 02:34:43 +09:00
Antonio Alvarez Feijoo
dde1931b06 dissect: fix memory leak 2024-03-27 02:33:00 +09:00
Antonio Alvarez Feijoo
f0896ca557 efi: skip check-alignment-* tests if pefile is not installed 
Otherwise, when building with ukify disabled, no one else requires pefile, and
if it is not installed, those tests fail:

```
================================== 12/1212 ===================================
test:         systemd:efi / check-alignment-systemd-bootx64.efi
start time:   14:21:54
duration:     0.08s
result:       exit status 1
command:      /mnt/work/systemd/upstream-fork/main/tools/check-efi-alignment.py /mnt/work/systemd/upstream-fork/main/build/src/boot/efi/systemd-bootx64.efi
----------------------------------- stderr -----------------------------------
Traceback (most recent call last):
  File "/mnt/work/systemd/upstream-fork/main/tools/check-efi-alignment.py", line 7, in <module>
    import pefile
ModuleNotFoundError: No module named 'pefile'
==============================================================================

================================== 13/1212 ===================================
test:         systemd:efi / check-alignment-linuxx64.efi.stub
start time:   14:21:54
duration:     0.08s
result:       exit status 1
command:      /mnt/work/systemd/upstream-fork/main/tools/check-efi-alignment.py /mnt/work/systemd/upstream-fork/main/build/src/boot/efi/linuxx64.efi.stub
----------------------------------- stderr -----------------------------------
Traceback (most recent call last):
  File "/mnt/work/systemd/upstream-fork/main/tools/check-efi-alignment.py", line 7, in <module>
    import pefile
ModuleNotFoundError: No module named 'pefile'
==============================================================================

================================== 14/1212 ===================================
test:         systemd:efi / check-alignment-addonx64.efi.stub
start time:   14:21:54
duration:     0.07s
result:       exit status 1
command:      /mnt/work/systemd/upstream-fork/main/tools/check-efi-alignment.py /mnt/work/systemd/upstream-fork/main/build/src/boot/efi/addonx64.efi.stub
----------------------------------- stderr -----------------------------------
Traceback (most recent call last):
  File "/mnt/work/systemd/upstream-fork/main/tools/check-efi-alignment.py", line 7, in <module>
    import pefile
ModuleNotFoundError: No module named 'pefile'
==============================================================================
```

Follow-up for 7ff3b88396
 2024-03-27 02:32:42 +09:00
Luxiter
33243f7374 hwdb: fix Asus T300FA rotation matrix (#31973) 
Closes #31972.
 2024-03-27 02:32:03 +09:00
Yu Watanabe
17c512f1cc Merge pull request #31879 from yuwata/journalctl-split 
journalctl: split journalctl.c into small pieces
 2024-03-26 23:45:20 +09:00
Yu Watanabe
073f438365 ndisc-option: sort options in sent message 
To make the sent message reproducible.
 2024-03-26 13:58:36 +00:00
Luca Boccassi
d1b08f2460 Merge pull request #31943 from yuwata/sd-ndisc-option-getter-remover 
sd-ndisc: introduce option getter and remover
 2024-03-26 13:55:46 +00:00
Yu Watanabe
846efaf532 sd-ndisc-protocol: list up all known options 
See below for more details:
https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-5
 2024-03-26 13:53:42 +00:00
Mike Yuan
8e34fdb884 bus-util: dedup bus_set_address_capsule 
Follow-up for ad963c3f56
 2024-03-26 21:40:10 +08:00
Luca Boccassi
14a5217679 resolved: support reloading configuration at runtime 
Drop connections and caches and reload config from files, to allow
for low-interruptions updates, and hook up to the usual SIGHUP and
ExecReload=. Mark servers and services configured directly via D-Bus
so that they can be kept around, and only the configuration file
settings are dropped and reloaded.

Fixes https://github.com/systemd/systemd/issues/17503
Fixes https://github.com/systemd/systemd/issues/20604
 2024-03-26 13:36:42 +00:00
Yu Watanabe
2129240447 journalctl-show: split out seek_journal() 
No functional change, just refactoring.
 2024-03-26 22:25:24 +09:00
Yu Watanabe
ade2db83fe journalctl: split journalctl.c into small pieces 
And introduces per-action functions.
No functional change, just refactoring.
 2024-03-26 22:24:24 +09:00
Yu Watanabe
adc8a60b88 journalctl: use correct type for flags 
This also moves its declaration, as it is not changed in the loop.
 2024-03-26 22:21:13 +09:00
Yu Watanabe
dc586975b2 journalctl: merge three if blocks for seeking to the initial position 
No functional change, just refactoring.
 2024-03-26 22:21:13 +09:00
Mike Yuan
2a17866bbd systemctl,busctl: sort includes 
Follow-up for 56cb74c3cd
and 00431b2b66
 2024-03-26 21:08:49 +08:00
Mike Yuan
20ce9fecaa units: sort lists in meson.build 2024-03-26 21:08:49 +08:00
Luca Boccassi
9065908483 test: use /run/ instead of /etc/ in TEST-75-RESOLVE 2024-03-26 12:52:42 +00:00
Mike Yuan
b377a7cce9 daemon-util: introduce notify_reloading helper 
Prompted by #31951
 2024-03-26 12:52:33 +00:00
Zbigniew Jędrzejewski-Szmek
c38e4e2fda Merge pull request #29721 from poettering/systemd-project 
New capsule@.service feature
 2024-03-26 13:19:33 +01:00
Mike Yuan
07ff03d6b2 core/execute: check if EXEC_PASS_FDS is set if got exec_params.fds 
Prompted by #31789 (specifically
https://github.com/systemd/systemd/pull/31789#discussion_r1525267612)
 2024-03-26 20:08:52 +08:00
Mike Yuan
469ff6b40e core/service: remove redundant Unit.type check 
SOCKET(u) returns NULL if the type doesn't match.
 2024-03-26 18:55:19 +08:00
dependabot[bot]
0d9e4b7aa4 build(deps): bump pkg/opensuse from af49127 to acdb1cd 
Bumps pkg/opensuse from `af49127` to `acdb1cd`.

---
updated-dependencies:
- dependency-name: pkg/opensuse
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-26 10:41:23 +01:00
Dionna Amalie Glaze
dbbd878340 efi: Measure into both CC and TPM if available. (#31939) 
* efi: Measure into both CC and TPM if available.

It's possible that both measurement protocols are made available, so
instead of assuming only one or the other are available, measure into
both to avoid a problem like CVE-2021-42299.

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
 2024-03-26 09:26:59 +00:00
Luca Boccassi
b1d18b96c4 Merge pull request #31801 from flatcar-hub/krnowak/sysext-config 
systemd-sysext: Add support for env vars, ephemeral layers and some fixes
 2024-03-26 09:23:19 +00:00
Yu Watanabe
635a3586d8 Merge pull request #31947 from yuwata/test-recently-fixed-issues 
Tests for recently fixed issues
 2024-03-26 14:56:58 +09:00
Yu Watanabe
857f29a772 test: add test cases for journalctl --facility=/--output=help 
Follow-up for d44233503f.
 2024-03-26 04:18:23 +09:00
Yu Watanabe
cbe884f13a test: add test cases for systemd-analyze --global 
Follow-up for ac97053618.
 2024-03-26 04:10:04 +09:00
Yu Watanabe
24578ce63a ndisc-option: introduce ndisc_option_remove() 2024-03-26 03:30:41 +09:00
Yu Watanabe
697c3693b3 ndisc-option: rename ndisc_option_get() -> ndisc_option_get_by_type() 
Then, introduce more generic ndisc_option_get().
 2024-03-26 03:30:41 +09:00
Frantisek Sumsal
4651e1428d ci: build with clang-18 2024-03-26 03:14:33 +09:00
Gaël Donval
7b123f8186 Document SYSTEMD_REPART_MKFS_* in repart.d manual 2024-03-26 03:08:38 +09:00
Mike Yuan
3b09af2004 home/homework: use FOREACH_ARRAY more 
Prompted by #31932
 2024-03-26 03:06:42 +09:00
Yu Watanabe
373452ff9f Merge pull request #31932 from bluca/coverity 
Fix coverity issues
 2024-03-26 03:04:51 +09:00
Vitaly Kuznetsov
df94b28366 kernel-install/60-ukify: do not rebuild existing UKIs 
In case kernel-install is called to install what's already a UKI, 60-ukify
must be skipped. E.g. when distro shipped and signed UKI is being installed,
it is counter-productive to try to rebuild it with ukify. Also, the existing
script is not ready to handle UKIs with embedded initramfs.

Note, it is already possible to disable 60-ukify by setting
KERNEL_INSTALL_UKI_GENERATOR to something but in case it is not set, 60-ukify
assumes it should run.
 2024-03-26 03:01:30 +09:00
Yu Watanabe
0ffcf398e5 Merge pull request #31899 from yuwata/sd-journal-add-match 
sd-journal: introduce two helpers for adding journal filter
 2024-03-26 02:56:58 +09:00
Yu Watanabe
6871b9c638 Merge pull request #31807 from yuwata/sd-ndisc-send 
sd-ndisc: introduce sd_ndisc_send()
 2024-03-26 02:55:33 +09:00
Yu Watanabe
65265b51df Merge pull request #31938 from YHNdnzj/journalctl-facility 
journalctl: explicitly check < 0 for error
 2024-03-26 02:23:50 +09:00
Daan De Meyer
1654330d31 Merge pull request #31870 from CodethinkLabs/base-image-tweaks 
Base image tweaks
 2024-03-25 18:04:49 +01:00
Richard Maw
23a617fd8a mkosi: Add selinux support to CentOS and Fedora initrds 
The base initrd is also used by the system image
so selinux should be there even if not enabled by the base image.
 2024-03-25 15:51:16 +00:00
Richard Maw
10ac38ddd3 mkosi: Remove testuser from base/mkosi.postinst.chroot 
The testuser user is only needed for integration tests,
which are used in the system user and this config
can be provided as drop-ins instead of inline in postinst scripts.
 2024-03-25 15:51:16 +00:00
Mike Yuan
d44233503f journalctl: explicitly check < 0 for error 2024-03-25 23:11:27 +08:00
Mike Yuan
981b033510 basic/string-table: remove unnecessary brackets 2024-03-25 23:10:52 +08:00
Luca Boccassi
650421fb8e Merge pull request #31730 from yuwata/network-dhcp-server-lease-file-follow-ups 
network: several follow-ups for DHCP server lease file
 2024-03-25 14:32:05 +00:00
Daan De Meyer
c8848f53f7 Use .git suffix for all submodule urls 2024-03-25 13:27:12 +00:00
Yu Watanabe
bcd558f12e logs-show: use journal_add_matchf() and journal_add_match_pair() 2024-03-25 21:39:37 +09:00
Yu Watanabe
077f63264f networkctl: use journal_add_matchf() and journal_add_match_pair() 2024-03-25 21:39:37 +09:00
Yu Watanabe
f936ae2120 journal-gateway: use journal_add_match_pair() and add_match_boot_id() 2024-03-25 21:39:37 +09:00