Hans de Goede [Sun, 24 Mar 2024 14:04:47 +0000 (15:04 +0100)]
hwdb: Add mapping for ACPI quickstart keys on Toshiba Z830
The Toshiba Z830 has 3 hotkeys which use the ACPI PNP0C32 quickstart spec:
https://archive.org/details/microsoft-acpi-dirapplaunch
These devices have an ACPI method called GHID() which suggests
it returns a value from the "HID Usage Tables" document, but these
methods simple returns a follow number for the button (1, 2 and 3).
The first 2 buttons are for what the manual calls "TOSHIBA eco button"
and "TOSHIBA Presentation button", since there is no good match for
these simply map them to KEY_PROG1 and KEY_PROG2.
The third button is intended to toggle the touchpad on/off, map
this to F21 which GNOME/KDE will interpret as touchpad toggle.
basic/virt: Fix virtualbox detection on proprietary system via board_vendor
Identify an virtualbox instance even if product_name, sys_vendor and bios_vendor reflect the
information of the real hardware, by checking if board_vendor == "Oracle Corporation"
This fixes #13429 again
The previous fix was removed in #21127
networkException [Sun, 10 Mar 2024 17:55:06 +0000 (18:55 +0100)]
bpf-socket-bind: fix unexpected behavior with either 0 allow or deny rules
This patch fixes an issue where, when not specifiying either at least one
`SocketBindAllow` or `SocketBindDeny` rule, behavior for the bind syscall
filtering would be unexpected.
For example, when trying to bind to a port with only "SocketBindDeny=any"
given, the syscall would succeed:
Expected with this set of rules (also in accordance with the documentation)
would be an Operation not permitted error.
This behavior occurs because a default initialized socket_bind_rule struct
matches what "any" represents. When creating the bpf list all elements get
default initialized, as such represeting "any". Seemingly it is necressarry
to set the size of the map to at least one, as such if no allow rule is
given default initialization and minimal map size cause one any allow rule
to be in the map, causing the behavior observed above.
This patch solves this by introducing a new "match nothing" magic stored in
the rule's address family and setting such a rule as the first one if no
rule is given, making sure that default initialized rule structs are never
used.
Mike Yuan [Fri, 22 Mar 2024 16:35:09 +0000 (00:35 +0800)]
analyze: refuse --global dot/verify
I don't quite understand the rationale of making these
verbs work with --global back in the day. But realistically
they interact with/spawn manager, while there's no
--global runtime scope manager. And to verify/inspect user
units it's sufficient to just use --user.
Mike Yuan [Sat, 23 Mar 2024 11:55:27 +0000 (19:55 +0800)]
core/socket: clean up socket peer handling a bit
Currently, SocketPeer object acquired through
socket_acquire_peer() are referenced twice
in socket_enter_running and service_set_socket_fd,
and the reference taken by former gets dropped
through _cleanup_. This is a bit confusing.
Let's just pass ownership instead.
Adrian Vovk [Tue, 5 Mar 2024 17:25:42 +0000 (12:25 -0500)]
TEST-46-HOMED: Disable auth rate-limiting
Rate limiting authentication attempts in the test can cause somewhat
sporadic test failures: adding a test case might suddenly cause future
test cases to fail because of too many authentication attempts too
quickly
We're not trying to test the rate-limiting, we're trying to test the
functionality of homed. So we effectively disable rate-limiting on all
the home areas we create
Adrian Vovk [Thu, 1 Feb 2024 18:35:03 +0000 (13:35 -0500)]
homework: Implement offline updates
This makes it possible to update a home record (and blob directory) of a
home area that's either completely absent (i.e. on a USB stick that's
unplugged) or just inaccessible due to lack of authentication
Adrian Vovk [Thu, 1 Feb 2024 16:43:48 +0000 (11:43 -0500)]
homework: Accept volume key from keyring
This bypasses authentication (i.e. user_record_authenticate) if the
volume key was loaded from the keyring and no secret section is
provided.
This also changes Update() and Resize() to always try and load the
volume key from the keyring. This makes the secret section optional for
these methods while still letting them function (as long as the home
area is active)
Adrian Vovk [Thu, 1 Feb 2024 04:49:24 +0000 (23:49 -0500)]
homework: Always upload volume key to keyring
This commit makes homework always upload the LUKS volume key into the
kernel keyring. This is different from previous behavior in three
notable ways:
- Previously, we'd only upload if auto-resize was on. In preparation for
upcoming changes, now we always upload
- Previously, we'd upload the user's actual password (or a password
obtained from a FIDO key or similar). Now, we upload the LUKS volume key
itself, to remove a layer of unnecessary indirection.
- Previously, Lock() wouldn't remove the key from the kernel keyring.
This, of course, defeats the purpose of Lock(), so now it removes the
key
This commit also allows the LUKS volume to be unlocked using the volume
key we obtained from the keyring.
Adrian Vovk [Thu, 21 Mar 2024 17:51:16 +0000 (13:51 -0400)]
homed: Ensure closed FD is handled before bus req
Before this fix, the following sequence of events was possible:
1. A client holding a Ref() FD closes their FD
2. kernel sends notification that all clients closed their FDs
3. Another client obtains its own Ref() FD from homed
4. homed handles the notification that all clients have closed their
Ref() FDs. Thus it loses track of the fact that the session is
actually still being held open by the client from step 3
This change makes sure that homed won't respond to bus messages (and
thus won't open more Ref() FDs) until it has handled all notifications
about the existing FDs being closed.
This causes a problem for us, because we try to map the .got to .rodata,
and the subsequent .data to .data, and round down the VMA to the nearest
page, which causes the PE sections to overlap.
https://github.com/llvm/llvm-project/pull/66042 adds .relro_padding to make
sure that the RELRO segment is properly write protected and allocated. For our
binaries, the .got section is empty, so we can skip it safely, and the
.relro_padding section is not useful once .got has been dropped.
We don't expect .got sections, but they are apparently inserted on i386 and
aarch64 builds. Emit a warning until we figure out why they are there.
Daan De Meyer [Wed, 20 Mar 2024 08:34:46 +0000 (09:34 +0100)]
log: Add per target log levels
For CI in mkosi, I want to configure systemd to log at debug level
to the journal, but not to the console. While we already have max
level settings for journald's forwarding settings, not every log line
goes to the journal, specifically during early boot and when units
are connected directly to the console (think systemd-firstboot), so
let's extend the log level options we already have to allow specifying
a comma separated list of values and lets allow prefixing values with
the log target they apply to to make this possible.
Gerd Hoffmann [Tue, 19 Mar 2024 13:49:51 +0000 (14:49 +0100)]
sd-boot: add support for support enrolling dbx
usage:
(1) get latest revocation list for your architecture
from https://uefi.org/revocationlistfile
(2) copy the file to $ESP/loader/keys/$name/dbx.auth
Daan De Meyer [Thu, 21 Mar 2024 14:48:54 +0000 (15:48 +0100)]
logind: Add fallback for when the PIDFDs= property is not available
logind is not zero-downtime restartable yet, specifically it's not yet
restarted in the Fedora spec, so we can end up in situations where we're
running newer logind with older pid1 which doesn't know about the PIDFDs=
property, so let's make sure we have a fallback in place for when that
happens.
Luca Boccassi [Wed, 20 Mar 2024 12:55:02 +0000 (12:55 +0000)]
test: delete private images on clean-again
Private images are not reused, they are unique to tests, so delete them
as they take a lot of disk space, and we are starting to run in /var/tmp
space issues on the Ubuntu CI
If one of the cursor option is specified, we first seek to the cursor position.
So, the current position may be out of the time range specified by --until,
and we need to verify the timestamp of the current position.