Yu Watanabe [Fri, 12 Jan 2024 04:22:05 +0000 (13:22 +0900)]
network/route-nexthop: do not update MultipathRoute object
A MultipathRoute object is always owned by a Network object, and the
interface matching with its name specified in a MultipathRoute= setting
may be removed, and re-added later with a different ifindex.
Nick Rosbrook [Fri, 12 Jan 2024 19:02:17 +0000 (14:02 -0500)]
test: skip TEST-43-PRIVATEUSER-UNPRIV if unprivileged userns is restricted
With newer versions of AppArmor, unprivileged user namespace creation
may be restricted by default, in which case user manager instances will
not be able to apply PrivateUsers=yes (or the settings which require it).
This can be tested with the kernel.apparmor_restrict_unprivileged_userns
sysctl.
Daan De Meyer [Thu, 7 Dec 2023 18:52:41 +0000 (19:52 +0100)]
mkosi: Build a directory image by default
Both building and booting a directory image is much faster than
building or booting a disk image so let's default to a directory
image.
In CI, we stick to a disk image to make sure that keeps working as
well.
The only extra dependency this introduces is virtiofsd which is
packaged in all distributions except Debian stable. For users
hacking on systemd on Debian stable, a disk image can be built by
writing the following to mkosi.local.conf:
Daan De Meyer [Fri, 12 Jan 2024 08:55:40 +0000 (09:55 +0100)]
Add --root= support for list and prepare add-all for --root= support
Let's make sure these follow the rest of kernel-install and always
operate on the given root directory, even if the verb itself can't
support --root= just yet.
Yu Watanabe [Tue, 2 Jan 2024 19:41:42 +0000 (04:41 +0900)]
network/address: forget address even if we could not remove it
If we could not remove an address, then previously the corresponding
Address object was never removed, as it was freed only when we receive
remove notification from the kernel. So, we might confused that the
address still exists and being removed, and might block reconfiguring
the address.
With this change, even if we fail to remove an address, the
corresponding Address object will be freed.
In logind we generally want to stop user@.service for a user once they
log out. So the usual rule is that whenever a User object is around that
has no pinning sessions we should close it.
Except that it isn't that easy. We allow that user@.service is also
manually started, in which case the User object is created but not
pinned by any session.
Let's rework how this is handled: we define two different GC modes. In
one GC mode we'll keep the User object around whenever *any* session
exists (thus: including the user@.service session), and one where we
only keep it around whenever a *pinning* session exists (i.e. when a
user actually logs in, but the user@.service session doesn't count like
that).
And the trick is now that we start out in the *any* GC mode, and switch
to the *pinning* GC mode once the first user session logs in.
This should make things more robust as we know exactly in which state we
are and when to GC a user.
logind: rework logic to decide whether lock + idle + display applies to a session
Let's streamline the logic that decides whether the screen lock, idle
timeout or display election mechanism applies to a session class. Let's
add explicitly SESSION_CLASS_IS_XYZ() macros for each, and then resue
them at all suitable places, and refuse any attempts to use the
functionality on the wrong clases with a friendly error message.
This is the same as the "background" class, but does *not* pull in a
service manager. It might be useful for things like select cron jobs
that do not intend to call per-user IPC calls.
logind: track user service managers as 'manager' session class
Previously, all user code was part of a session except for the code run
as part of user@.service, which wasn't. This tries to make this more
uniform: we'll track the user@.service runtime also as a session, but of
the special type "manager".
This means we have a really good overview finally of all user code that
is running and can make decisions on what to start when and how long to
keep it around. The pam_systemd client side will now be reasonably
uniform: it just calls the CreateSession() bus call with the right
class, and we'll return any data it needs. This means the weird
"side-channel" we previously used to initialize XDG_RUNTIME_DIR for the
user@.service goes away (see next commit).
This conditionalizes various behaviours now cleanly depending on the
session class:
1. SESSION_CLASS_WANTS_SCOPE() will be true for all classes except for
the manager class. It declares whther the client shall be migrated
into their own scope, which we generally want for sessions but not
for the manager, since it already has its own service unit.
2. SESSION_CLASS_WANTS_SERVICE_MANAGER() will be true for all classes
except for the manager class. It declares whether we shall start the
service manager if a session of this class is around. Of course, this
is off for the service manager, since this would always pin itself.
3. SESSION_CLASS_PIN_USER() will be true for all classes except for the
manager class. It declares whether the we shall keep the User
structure around for a user as long as the session is around.
Now you might wonder why have these as three functions, even though they
mostly give the same answers?
That's because this all is preparation to add further session classes
later that will return different answers for the three calls. (For
example, a later patch adds "background-light" which will return true
for SESSION_CLASS_WANTS_SCOPE() and SESSION_CLASS_PIN_USER(), but false
for SESSION_CLASS_WANTS_SERVICE_MANAGER(). i.e. it will get a scope, and
pin user tracking, but not start a service manager.
ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK sockets
This adds a tiny binary that is hooked into SSH client config via
ProxyCommand and which simply connects to an AF_UNIX or AF_VSOCK socket
of choice.
The syntax is as simple as this:
ssh unix/some/path # (this connects to AF_UNIX socket /some/path)
or:
ssh vsock/4711
I used "/" as separator of the protocol ID and the value since ":" is
already taken by SSH itself when doing sftp. And "@" is already taken
for separating the user name.