analyze: clarify that `security --offline=true` requires an argument
Without `--root` or `--image`, the `security` command inspects all currently
loaded service units if no unit name is specified. But with `--root` or
`--image` with `--offline=true`, the `security` command exits silently if no
unit name is specified.
Also, fixed description of `--root` and `--image` in the man page, and added
missing `--unit` option to help text.
Frantisek Sumsal [Thu, 11 Jan 2024 10:02:05 +0000 (11:02 +0100)]
test: fix dbus installation on Arch
Arch finally made dbus-broker the default dbus daemon [0], but unlike
Fedora they don't use Alias=dbus.service to make the dbus.symlink under
/etc, instead they create the symlink manually under /usr/lib, so let's
account for that.
network: take explicit ownership of our own interfaces
This is a follow-up for #30786 and uses it to assign
ID_NET_MANAGED_BY=io.systemd.Network to all all network interfaces that
we consider ours to manage. This should hopefully have the effect that
other well-behaving managers won't fight for these devices.
This doesn't bother with network interfaces we match inside containers,
since udev is not available there anyway.
Holger Assmann [Tue, 9 Jan 2024 14:05:19 +0000 (15:05 +0100)]
watchdog: ensure configured timeout is used instead of USEC_INFINITY
In some rare cases, a watchdog driver might neither be able to change
the watchdog timeout value, nor read it from the hardware at runtime.
With an otherwise functional watchdog setup, this constellation worked
until systemd v249. Since then, systemd ends up ignoring the timeout
defined by the system.conf and rather uses USEC_INFINITY. Consequently,
the watchdog is not pinged anymore and eventually resets the system.
We therefore want to ensure that the system keeps running with the
originally configured timeout.
pam-util: implement our own pam_prompt() replacement, that doesn't log loudly
pam_prompt() will log very noisely at high error levels if it is called
without a conversation function that works. This is however a frequent
case, given that ssh doesn't provide one. To tone down the misleading
logging a bit, implement our own pam_prompt_graceful() that is just like
pam_prompt(), but reports errors back the caller who then logs (which we
generally do anyway).
Introduce a _very_ simple DNS server using our internal DNS-related
code, that responds to queries with specifically crafted packets, to
cover scenarios that are difficult to reproduce with well-behaving DNS
servers.
Also, hide the test DNS server behind Knot using the dnsproxy module, so
we don't have to switch DNS servers during tests.
Yu Watanabe [Wed, 10 Jan 2024 02:34:44 +0000 (11:34 +0900)]
resolve: introduce DNSSEC_UPSTREAM_FAILURE
and include EDE code and message in the error messages.
This replaces 9ca133e97a0c8795b1f293ccea4965b4ad1accc4, and implements
originally suggested at
https://github.com/systemd/systemd/pull/30513#discussion_r1433823737
- add missing initialization for DnsQuery.answer_ede_rcode,
- clear EDE code and message in dns_transaction_reset_answer(),
otherwise the previous EDE code or message may be mistakenly reused
on restart. This fixes memory leak of DnsTransaction.answer_ede_msg.
- also clear EDE code and message in dns_query_reset_answer(),
otherwise ede message is leaked if dns_query_accept() is called
multiple times for the same DnsQuery.
Nick Rosbrook [Tue, 9 Jan 2024 16:40:52 +0000 (11:40 -0500)]
test: skip test_exec_networknamespacepath if netns setup fails
In some environments, such as a LXD container, the netns setup might
fail because ip netns exec fails trying to mount /sys:
$ systemd-detect-virt
lxc
$ ip link add dummy-test-exec type dummy
$ ip netns add test-execute-netns
$ ip netns exec test-execute-netns ip link add dummy-test-ns type dummy
mount of /sys failed: Operation not permitted
If this setup fails, test_exec_networknamespacepath will fail, so check
the exit codes for these setup calls and skip the test if necessary.
- fix indentation,
- drop incorrect comment, dns_packet_ede_rcode() can handle unknown EDE rcode.
- 0 is a valid EDE rcode,
- DnsTransaction.answer_ede_msg may be NULL, so needs to use strempty()
on logging,
- drop redundant ede_rcode temporary variable.
Yu Watanabe [Sat, 6 Jan 2024 18:28:19 +0000 (03:28 +0900)]
resolve: cleanup dns_packet_ede_rcode()
This makes the following:
- make dns_packet_ede_rcode() return -EINVAL when EDE code not found.
Otherwise, the caller may be confused that the packet has an unknown
error code.
- make the function escape EDE message only when non-utf8 message is received.
- the message handling logic is applied even if the error code is unknown, as
there is no reason that we escape EDE message only when an known error code
is received.
- reduce scope of variables,
- drop redundant 'else',
- append full stop to the log messages,
- drop redundant log message in the caller,
- split out error in the function and returned EDE error code.
Daan De Meyer [Tue, 9 Jan 2024 10:55:37 +0000 (11:55 +0100)]
mkosi: Update to latest
The mkosi github action doesn't set up the host machine for building
full images anymore. Instead, only sufficient packages are installed
to be able to build tools trees so we configure a fedora tools tree
to build the actual images.
src/basic: rename uid-alloc-range.[ch] to uid-classification.[ch]
We had both uid-range.h and uid-alloc-range.h. The latter now contains helpers
like {uid,gid}_is_{system,dynamic,container}(), uid_for_system_journal(), so
the existing name is outdated. I think the uid-range.[ch] should stay separate
because it has a bunch of helpers for parsing and printing of uid ranges. So
let's rename as in $subject to better reflect the contents of the file and make
the two sets of files harder to confuse.
We don't "uncapitalize" parts of an already-capitalized name when concatenating
words. In particular, we had UidRange in basic/uid-range.h and UGIDAllocationRange
in basic/uid-alloc-range.h, which is annoying.
tests: use relative paths in ExecStart= and friends
We want to retain *some* of the full paths in order to test more code paths.
But the default should be to use the command name only. This makes the tests
less visually cluttered.
hostnamed: always include VSockCID property in describe JSON
that way clients can distinguish whether there is no cid or whether
hostnamed doesn't support it nicely, by just looking if the prop exists
(but is null) or not.
This is similar how we already handle all other props in the JSON
record.
The test cases will call quite a lot of "systemctl stop
systemd-hostnamed", hence let's make sure we reset the start limit
counter each time, to not make this eventually fail.
(At other places we disabled the start limit counter, but here I opted
for resetting it manually via 'systemctl reset-failed', to test another
facet of the mechanism)
AtariDreams [Tue, 9 Jan 2024 01:18:10 +0000 (20:18 -0500)]
simplify bitwise checking (#30722)
Some of these checks before bitwise operations are redundant and compilers
do not always recognize them, so let's simplify the code to make the intentions
clearer.
discover-image: don't accidentally set /run/systemd/nspawn/ access mode too strict
mkdir_p() uses the specified access mode for all dirs that are missing,
hence if we call it on /run/systemd/nspawn/locking and
/run/systemd/nspawn/ doesn't exist yet, we#d create it 0700 here. But
that was never the intention, and all other code creating that dir sets
the mode to 0755. Fix this here to match the rest.
To make things symmetric to the $SYSTEMD_SSH logic that the varlink
transport supports, let's also honour such a variable in sd-bus when
picking ssh transport.
This uses openssh 9.4's -W support for AF_UNIX. Unfortunately older versions
don't work with this, and I couldn#t figure a way that would work for
older versions too, would not be racy and where we'd still could keep
track of the forked off ssh process.
Unfortunately, on older versions -W will just hang (because it tries to
resolve the AF_UNIX path as regular host name), which sucks, but hopefully this
issue will go away sooner or later on its own, as distributions update.
Fedora is still stuck at 9.3 at the time of posting this (even on
Fedora), even though 9.4, 9.5, 9.6 have all already been released by
now.
If we invoke our own varlink implementation we'll turn on O_NONBLOCK
right-away again, hence there is little point in turning it off,
however, I generally think we probably should always path this fd as
blocking, since that is the default after all, and invoked processes
might want to use it like that.
Or to see this differently: I think the varlink fd passed for activation
in many ways is similar to and as fundamental as stdin/stderr/stdout,
hence should probably be synchronous by default.