Michal Sekletar [Wed, 31 May 2023 16:50:12 +0000 (18:50 +0200)]
pam: add call to pam_umask
Setting umask for user sessions via UMASK setting in /etc/login.defs is
a well-known feature. Let's make sure that user manager also runs with
this umask value.
The old syntax with linux + initrds as positional arguments is still accepted,
but a warning is emitted. We should remove the support for this after the
next release or so.
Adding a single verb by itself is not very useful, but opens the door to adding
other verbs.
Without this, the tests would generally be skipped, since we haven't made a
release with the addon stub yet. But even if the file is there, we always want
to test the freshly-built item.
Daan De Meyer [Mon, 5 Jun 2023 11:15:04 +0000 (13:15 +0200)]
repart: Do online encryption when loop devices are available
Online encryption is much faster then offline encryption when using
cryptsetup. To take advantage of this, when loop devices are available,
let's use online encryption instead off offline encryption to encrypt
partitions.
The online encryption logic is the same logic as was removed in 48a09a8fff480aab9a68e95e95cc37f6b1438751, except that it's now
integrated with PartitionTarget to ensure that logic outside of
partition_target_encrypt() has to minimally change regardless of
whether we're doing online or offline encryption.
Daan De Meyer [Thu, 1 Jun 2023 11:56:05 +0000 (13:56 +0200)]
fs-util: Allow passing NULL path to xopenat()
We recently codified in the coding style that for openat() style APIs,
an empty path can be passed both as the empty string and as NULL, so
let's make sure we follow that style in xopenat().
generators: change TimeoutSec=0 to TimeoutSec=infinity
With these settings we intend to turn off timeouts for possibly
interactive/slow commands. The officially documented way to turn off the
time-outs is to setting them to infinity. So far we set them to zero
here though.
This lead to some confusiong, for example #18224. Let's fix this by
uniformly spelling out TimeoutSec=infinity.
This doesn't change behaviour. It just makes our generated files match
what we document, without relying on historic compat support.
Turns out we can, apart from just building the module, "shove" it into
the SELinux database in a chroot as well. This brings quite significant
time savings, as the SELinux db rebuild takes 2 - 5 minutes in a VM
without acceleration (and takes currently ~half of the runtime of the test
in the C8S job).
cgls/cgtop: spell field/column "CGroup" rather than "Control Group"
In the documentation we usually spell the concept "control group".
Internally in code we usually call it "cgroup" or "CGroup". In systemctl output we
called the field "CGroup" so far, i.e. a capitalized version of the
internal name. This is of course very unsystematic. Let's clean this up
a bit: let's now say:
* in docs, continue to spell it out "control groups"
* in brief output call it "CGroup"
* internally call it "cgroup" or "CGroup"
99-systemd.rules.in: guard systemd-backlight udev rules by ENABLE_BACKLIGHT
Linux kernel will, as documented in drivers/video/backlight/backlight.c,
report changes to a backlights brightness as a uevent (ACTION=change).
systemd-udev will consume the uevent, match on this rule and try to
activate the systemd-backlight service for the backlight. BUT when
systemd is not compiled with backlight support, this will lead to
failure that is reported in the journal.
Since the failure to activate systemd-backlight and subsequent failure
log entry happens on every backlight brightness change, we found the
resulting logspam during regular operation excessive and came up with
this patch to mitigate it.
The conditional is also extended to "*kbd_backlight" match, since
even though we did not investigate to see if the logspam would be
similar, the unconditional match to activate systemd-backlight here
would also not make sense when the feature is not compiled in.
Signed-off-by: Simon Braunschmidt <simon.braunschmidt@iba-group.com>
The linter is imperfect, but it is useful as a very quick
check for typos and other silly mistakes. Add a few annotations
and do one small change to make it think the code is perfect.
Daan De Meyer [Mon, 5 Jun 2023 13:29:47 +0000 (15:29 +0200)]
test: Test --offline= in TEST-58-REPART
Instead of using a privileged and unprivileged user to test the
offline and online logic of systemd-repart, let's always run repart
as root and use the --offline= argument to specify repart to use
either the offline or online logic.
ac-power: add --low switch to systemd-ac-power tool
This allows checking from shell scripts whether the system is in a low
battery state. It just exposed the code we anyway have in a directly
accessible way.
Stefan Roesch [Tue, 28 Feb 2023 20:39:35 +0000 (12:39 -0800)]
add support for KSM
This adds support for KSM (kernel samepage merging). It adds a new
boolean parameter called MemoryKSM to enable the feature. The feature
can only be enabled with newer kernels.
jonathanmetzman [Mon, 5 Jun 2023 05:37:34 +0000 (01:37 -0400)]
ci: Report results from CIFuzz using SARIF
Upload results from CIFuzz using SARIF.
This will allow CIFuzz to report issues in the security tab.
This is a better UI than having to look through logs.
TODO(google/oss-fuzz#10452): Add proper descriptions of UBSAN bugs.
As the comment tells, the function futimens_opath() introduced by the
commit f25bff5eaf6881717e873f27c26f2e8264517c16 is similar to the
function fchmod_opath(); therefore, it should reference it.
This fixes the typo in the comment by referencing the proper function
fchmod_opath().
umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not
Whether we put some binaries in /bin or in /usr/bin should not have any
effect on unmounting during shutdown. Even if people split /usr/ off we
should not try to unmount it, no matter what as it is simply where
binaries are placed.
Adrian Vovk [Fri, 26 May 2023 04:47:47 +0000 (00:47 -0400)]
sysupdate.d: Add way to drop binaries into $BOOT
As described in the BLS, we should place binaries into the XBOOTLDR
directory if it is available, otherwise into the ESP. Thus, we might
need to put binaries into /boot or into /efi depending on the existence
of the XBOOTLDR partition.
With this change, we introduce a new PathRelativeTo= config option that
makes this functionality possible
fstab-util: consider /run/nextroot/ among extrinsic mounts
This way we'll not add deps for the mount point that unmount it during
shutdown. This is similar as for /run/initramfs/ which we want to
transition into during shutdown.
This way we don't have to add "-o x-initrd.mount" to all bind mounts for
/run/nextroot anymore to make it survive the reboot, it will be implied.
switch-root: automatically make target switch root dir a mount point
Let's make sure implicitly that the target directory is a mount point,
instead of doing so manually beforehand. This allows us to drop this
step from the transition into the /run/initramfs/ dir at shutdown.
During the initrd→host transition the switch root operations so far
where towards pre-existing mount points, but there are cetrainly
usecases where it might make sense to siwtch into arbitrary
subdirectories, too.
switch-root: disable sync() again when we switch root during shutdown
Our shutdown binary that takes over as PID 1 when shutting down puts
great efforts into a sync() that comes with a time-out once sync'ing
process stops. If we'd add another dumb sync() here, we kinda defeat all
it is good for. Hence, let's keep the sync() in for most codepats, but
let's disable it for the final shutdown logic when we transition back
into the exitrd. After all we sync()ed more than enough here, no need to
sync() even more.
switch-root: introduce SwitchRootFlags flags parameter to switch_root()
Let's replace the current boolean param with a proper flags param. With
a single flag this doesn't appear to make much sense, though it does
already make things more readable I think.
However, once we add a second flag, it starts to make more sense.
Also, while we are at it, condition the "istmp" determinaton with this
flag too, since we only need it when the flag is set.
switch-root: always use MS_BIND to move api vfs over
We previously would use MS_MOVE to move the old procfs, sysfs, /dev/ and
/run to the new place in some places, and MS_BIND in others.
The logic when to use MS_MOVE and when to use MS_BIND was pretty
arbitrary so far: we'd use MS_MOVE during the initrd → host transition
and MS_BIND when transitioning from host into the exitrd during
shutdown.
Traditionally, using MS_MOVE was preferable, because we didn't bother
with unmounting the old mount hierarchy before the switch root, and thus
using MS_MOVE did some clean-up as side-effect (because the old mounts
went away this way). But since we nowadays properly umount all remaining
mount points (since 268d1244e87a35ff8dff56c92ef375ebf69d462e) when
transitioning it's pointless.
Let's just use MS_BIND always. Let's tweak it though: let's use
MS_BIND|MS_REC for the kernel API VFS, and MS_BIND without MS_REC for
/run/. The latter reflects the fact that the submounts /run/ has usually
are not so much about just accessing kernel APIs but about auxiliary
user resources. Hence let's only move the main mount over for that.
While we are at it, also set up the base filesystem *before* we move the
mounts from the old to the new root, since the base filesystem setup
logic creates various needed inodes for us, which we really should make
use of instead of creating on our own.
This adds a new mechanism for rebooting, a form of "userspace reboot"
hereby dubbed "soft-reboot". It will stop all services as in a usual
shutdown, possibly transition into a new root fs and then issue a fresh
initial transaction. The kernel is not replaced.
File descriptors can be passed over, thus opening the door for leaving
certain resources around between such reboots.
Usecase: this is an extremely quick way to reset userspace fully when
updating image based systems, without going through a full
hardware/firmware/boot loader/kernel/initrd cycle. It minimizes "grayout time"
for OS updates. (In particular when combined with kernel live patching)