This completes/corrects the documentation for the following fields:
COREDUMP_CGROUP= - doc where wrong, actually covered COREDUMP_PROC_CGROUP=
COREDUMP_CMDLINE= → undocumented so far
COREDUMP_PROC_CGROUP= → docs where there but incorrectly assigned to COREDUMP_CGROUP=
COREDUMP_PROC_AUXV= → undocumented so far
COREDUMP_SESSION= → undocumented so far
41e4ce06fe shortened existing sleeps, which resulted in the check being
sometimes done before the property had a chance to update. Let's do what
what we do with the rest of the checks and retry it a couple of times.
Yu Watanabe [Wed, 8 Nov 2023 04:49:03 +0000 (13:49 +0900)]
sd-dhcp-client,-server: set timestamp based on the time when received a packet
It seems that RFC does not say anything about the timestamp of lease
we should use: time that the client sent a request or received a reply.
In DHCPv6 client and NDisc, we use a timestamp that we receive a packet,
rather than we sent something. So, let's consistently use the same
logic for DHCPv4 client.
Yu Watanabe [Wed, 8 Nov 2023 03:56:57 +0000 (12:56 +0900)]
sd-dhcp-client: make client_handle_message() propagate critical error
Then, stop client in the caller side.
This also makes
- ignore all errors except for resource errors like OOM when FORCERENEW
is received,
- trigger assertion when an message received even if the client is
stopped.
This should not change any functionality. Just refactoring.
../src/src/vmspawn/vmspawn-util.c:33:13: error: implicit declaration of function ‘access’; did you mean ‘accept’? [-Werror=implicit-function-declaration]
meson: enable vmspawn by default in developer mode
This should also implicitly enabled vmspawn in CI. It wasn't passing even the
basic tests, which we didn't see, because it needs to be explicitly enabled.
xdg-autostart: downgrade warning for missing executables
On a system with a shared home directory, I'm getting a bunch of warnings:
systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/org.signal.Signal.desktop: not generating unit, error parsing Exec= line: No such file or directory
systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/im.riot.Riot.desktop: not generating unit, error parsing Exec= line: No such file or directory
systemd-xdg-autostart-generator[76]: Exec binary '/usr/libexec/gnome-tweak-tool-lid-inhibitor' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/ignore-lid-switch-tweak.desktop: not generating unit, error parsing Exec= line: No such file or directory
systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/org.telegram.desktop.desktop: not generating unit, error parsing Exec= line: No such file or directory
This isn't really a problem. Let's just print an info message.
timesync: fix PropertiesChanges signals for NTP properties
As in their current form they didn't work at all:
systemd-timesyncd[190115]: Assertion 's' failed at src/libsystemd/sd-event/sd-event.c:3058, function sd_event_source_set_enabled(). Ignoring.
systemd-timesyncd[190115]: Failed to reenable system ntp server change event source!
systemd-timesyncd[190115]: Failed to enable ntp server defer event, ignoring: Invalid argument
This was also pointed out in the post-merge review [0].
Let's address this together with the rest of the comments, and add
some tests to make sure everything works as it should.
man: link to new btrfs website for btrfs man pages
https://archive.kernel.org/oldwiki/btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5).html
says "This wiki has been archived and the content is no longer updated."
and redirects to https://btrfs.readthedocs.io/en/latest/btrfs-man5.html.
Let's move all the btrfs links to btrfs.readthedocs.io.
Dan Streetman [Tue, 7 Nov 2023 17:18:08 +0000 (12:18 -0500)]
test: fix env var name of persistent handle used for testing so it is removed after test
The cleanup uses PERSISTENT_HANDLE while the test uses PERSISTENT, so change
the test to use PERSISTENT_HANDLE so it's cleaned up (i.e. removed from the
tpm) after the test.
Dan Streetman [Fri, 21 Jul 2023 19:49:16 +0000 (15:49 -0400)]
cryptenroll: add support for calculated TPM2 enrollment
Instead of enrolling the local TPM to a luks volume, use the public key from a
TPM to enroll it into the luks volume. This is useful when enrolling a TPM that
is not currently accessible, for example if the TPM is located on a different
system.
Dan Streetman [Tue, 3 Oct 2023 14:25:19 +0000 (10:25 -0400)]
tpm2: allow using tpm2_get_srk_template() without tpm
The SRK templates are defined by specification, so move the check for TPM
support to the tpm2_get_best_srk_template() function, and allow anyone to get
the ECC and RSA templates.
Also add test to verify the SRK templates are correct.
coredumpctl: propagate SIGTERM to the debugger process
If we're waiting for the debugger process to exit and receive SIGTERM,
propagate it to all processes in our process group, including the
debugger, so we can follow it up with a proper cleanup.
kernel-install: make version/kernel image parameters optional for "add"
Let's make kernel-install a bit easier to use:
If the kernel version is not specified, let's imply "uname -r", so that
we regnerate the entries for the current kernel.
If the kernel image is not specified let's imply using
/usr/lib/modules/$version/vmlinuz, i.e. the location distros like Fedora
drop the kernel into, which we generally recommend people to use.
If the kernel is not found there, don't try to automatically pick the
kernel path, and fail, as before.
tree-wide: take in all *our* JSON structures also decimal strings
Let's be friendly in what we accept: whenever we define a JSON
structure, let's also allow decimal strings where we want an integer.
This patch purely replaces JSON_VARIANT_UNSIGNED by
_JSON_VARIANT_TYPE_INVALID in the various JsonDispatch[] tables, so that
we'll happily accept any type in json_dispatch(), so that
json_dispatch_uint64() and related tools can do their thing.
This does not switch over OCI (as a JSON structure not defined by us).
json: teach dispatch logic to also take numbers formatted as strings
JSON famously is problematic with integers beyond 53 bits, because
JavaScript stores everything in double precision floating points.
Various implementations in other languages can deal with signed 64 bit
integers, and a few can deal with unsigned 64bit too (like ours).
Typically program that need more then 53 bit of accuracy encode integers
as decimal strings, to make sure that even if consumers can't really
process larger values they at least won't corrupt the data while passing
it along. This is also recommended by JSON-I (RFC 7493)
To maximize compatibility with other implementations let's add 1st class
parsing support for such objects in the json_dispatch() API.
This makes json_dispatch_uint64() and related calls parse such
integers-formatted-as-decimal-strings as uint64_t. This logic will only
be enabled if the "type" field of JsonDispatch is left unspecified (i.e.
set to negative/_JSON_VARIANT_TYPE_INVALID) though, hence alone does not
change anything in effect.
This purely is about consuming such values, whether we should genreate
them also is a discussion for a separate PR.
test-execute: add no_new_privs tests for SystemCallFilter
When starting a service with a non-root user and a SystemCallFilter and
other settings (like ProtectClock), the no_new_privs flag should not be set.
Also, test that CapabilityBoundingSet behaves correctly, since we need
to preserve some capabilities to do the seccomp filter and restore the
ones set by the service before executing.
core: allow using seccomp without no_new_privs when unprivileged
Until now, using any form of seccomp while being unprivileged (User=)
resulted in systemd enabling no_new_privs.
There's no need for doing this because:
* We trust the filters we apply
* If User= is set and a process wants to apply a new seccomp filter, it
will need to set no_new_privs itself
An example of application that might want seccomp + !no_new_privs is a
program that wants to run as an unprivileged user but uses file
capabilities to start a web server on a privileged port while
benefitting from a restrictive seccomp profile.
We now keep the privileges needed to do seccomp before calling
enforce_user() and drop them after the seccomp filters are applied.
If the syscall filter doesn't allow the needed syscalls to drop the
privileges, we keep the previous behavior by enabling no_new_privs.
Tad Fisher [Fri, 6 Oct 2023 20:52:07 +0000 (13:52 -0700)]
resolve: use exact-match domain as routing domain for single-labels
With ResolveUnicastSingleLabel=yes, a scope's search domains are affixed to the
query even when a routing domain matches the single-label query name,
preventing the use of dotless single-label domains entirely.
This changes dns_scope_name_wants_search_domain() to return false when the
scope contains an exact match of the single-label name in the query, allowing
lookups for dotless domains with ResolveUnicastSingleLabel enabled.
Let's wait for the "latest" message systemd-bsod prints to the console
to appear, otherwise we might be too fast and take a console snapshot
before it contains all the information:
[ 44.237788] testsuite-04.sh[1744]: + setterm --term linux --dump --file /tmp/console.dump
[ 44.246089] systemd-bsod[1858]: QR code could not be printed, ignoring: Operation not supported
[ 44.305692] testsuite-04.sh[1744]: + grep -aq 'The current boot has failed' /tmp/console.dump
[ 44.308047] testsuite-04.sh[1744]: + grep -aq 'Service emergency message' /tmp/console.dump
[ 44.311200] testsuite-04.sh[1744]: + grep -aq 'Press any key to exit' /tmp/console.dump
[ 44.314359] testsuite-04.sh[1744]: + at_exit
[ 44.315087] testsuite-04.sh[1744]: + local EC=1
[ 44.315945] testsuite-04.sh[1744]: + [[ 1 -ne 0 ]]
[ 44.316647] testsuite-04.sh[1744]: + [[ -e /tmp/console.dump ]]
[ 44.318305] testsuite-04.sh[1744]: + cat /tmp/console.dump
[ 44.319320] testsuite-04.sh[1871]: The current boot has failed!
[ 44.319970] testsuite-04.sh[1871]: Service emergency message
<ulinks> contents are used to generate a SEE ALSO section at the
bottom of a man page, so we need to include the title, without additional
words, in the content.
As pointed out in https://github.com/systemd/systemd/issues/29814, we need to
use phrases are are meaningful on their own, because the man page formatter
creates a list at the bottom. With <ulink>see docs</ulink>, we end up with:
NOTES:
1. see docs
https://some.url/page
2. see docs
https://some.url/page2
which is not very useful :(
Also, the text inside the tag should not include punctuation.
Python helper:
from xml_helper import xml_parse
for p in glob.glob('../man/*.xml'):
t = xml_parse(p)
ulinks = t.iterfind('.//ulink')
for ulink in ulinks:
if ulink.text is None: continue
text = ' '.join(ulink.text.split())
print(f'{p}: {text}')
Florian Schmaus [Mon, 6 Nov 2023 12:15:55 +0000 (13:15 +0100)]
cgroup: add support for memory.peak
Linux's Control Group v2 interfaces exposes memory.peak, which contains the
"max memory usage recorded for the cgroup and its descendants since the
creation of the cgroup."
This commit adds a new property "MemoryPeak" for units and makes "systemctl
show" display this value if it is available.
jjimbo137 [Mon, 6 Nov 2023 16:39:01 +0000 (11:39 -0500)]
tcrypt: try all entered passphrases instead of just the first one (#29837)
Previously only the first entered passphrase would be used. Add the ability to check all the passwords entered by the user. The total number of passwords entered is still limited by passphrase entry limit.
I am sorry, I totally forgot adding emojis reflecting the state of each
PCR. I hope I can do better in future, and hereby I'd like to rectify
the situation a bit.