Added in 6140be90ec
However, when O_PATH fds are encountered we'd have to go by
/proc/self/fd/ still, since the kernel people are reluctant
to make the new syscalls work with them
(https://lore.kernel.org/linux-fsdevel/20250206-steril-raumplanung-733224062432@brauner/)
Hence getxattrat() and listxattrat() are not employed.
While at it, remove the discrepancy between path being NULL
and empty - I don't grok the "security issue" claimed earlier,
but nowadays even the kernel treats the two as identical:
e896474fe4
This adds `--json=MODE` command line option to `udevadm test`.
This may be useful for parsing e.g. network interface name or device
node symlinks.
Closes#23661.
Follow-up for 97318131fd.
By default, suite of each built test is determined by the directory of
the source file. Hence, before the mentioned commit, all tests in
src/boot/efi/ are in the 'efi' suite. The commit changed the directory
tree, but forgot to update the name of the test suite.
Add a build parameter to take an existing UKI and attach a .pcrsig
section
to it. This allows one to create a UKI with a .pcrpkey section with
--policy-digest to get the json output from sd-measure, sign the digest
offline, and attach the .pcrsig section with the signature later.
This adds --json=MODE option for 'udevadm test' command.
When specified, all messages, except for the final result, will be
written to stderr, and the final result is shown in JSON format to
stdout. It may be useful for parsing the test result.
pefile has an hardcoded limit to 256MB per section:
https://github.com/erocarrera/pefile/issues/396
When building an initrd with large firmware files and
lots of kernel modules, this limit can be reached.
Skip over those warnings.
Add a build parameter to take an existing UKI and attach a .pcrsig section
to it. This allows one to create a UKI with a .pcrpkey section with
--policy-digest to get the json output from sd-measure, sign the digest
offline, and attach the .pcrsig section with the signature later.
Some bind mounts, e.g. /tmp bind mount when PrivateTmp=disconnected,
must be explicitly relabeled because now it would have incorrect SELinux
label. /tmp is expected to have well-known SELinux label, tmp_t. Now it
has label inherited from the source directory of the bind mount.
Let's derive XKBLAYOUT and friends from the given keymap and populate
these as well in vconsole.conf so that if the user configures a keymap
it's also respected in display managers such as gdm.
This allows reusing the logic in systemd-firstboot.c.
To avoid having to link libxkbcommon into libsystemd-shared, we add
a level of indirection to vconsole_convert_to_x11() so that the verify
function is passed in by the caller.
This follows the same recent change in util-linux:
https://github.com/util-linux/util-linux/pull/3354
i.e. we generally want that PAM modules can override $HOME and it is
honoured for the CWD after login.
(This renames the 'home' variable we maintained sofar to 'pwent_home',
to clarify that it's the home directory listed in the struct passwd
entry, and thus not necessarily the one actually used)
- introduces UDEV_BUILTIN_DESTRUCTOR macro,
- normalize log messages on initialize/finalize,
- explicitly initialize global variable,
- drop using _UDEV_BUILTIN_INVALID.
