xdg-autostart: downgrade warning for missing executables
On a system with a shared home directory, I'm getting a bunch of warnings:
systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/org.signal.Signal.desktop: not generating unit, error parsing Exec= line: No such file or directory
systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/im.riot.Riot.desktop: not generating unit, error parsing Exec= line: No such file or directory
systemd-xdg-autostart-generator[76]: Exec binary '/usr/libexec/gnome-tweak-tool-lid-inhibitor' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/ignore-lid-switch-tweak.desktop: not generating unit, error parsing Exec= line: No such file or directory
systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory
systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/org.telegram.desktop.desktop: not generating unit, error parsing Exec= line: No such file or directory
This isn't really a problem. Let's just print an info message.
timesync: fix PropertiesChanges signals for NTP properties
As in their current form they didn't work at all:
systemd-timesyncd[190115]: Assertion 's' failed at src/libsystemd/sd-event/sd-event.c:3058, function sd_event_source_set_enabled(). Ignoring.
systemd-timesyncd[190115]: Failed to reenable system ntp server change event source!
systemd-timesyncd[190115]: Failed to enable ntp server defer event, ignoring: Invalid argument
This was also pointed out in the post-merge review [0].
Let's address this together with the rest of the comments, and add
some tests to make sure everything works as it should.
man: link to new btrfs website for btrfs man pages
https://archive.kernel.org/oldwiki/btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5).html
says "This wiki has been archived and the content is no longer updated."
and redirects to https://btrfs.readthedocs.io/en/latest/btrfs-man5.html.
Let's move all the btrfs links to btrfs.readthedocs.io.
coredumpctl: propagate SIGTERM to the debugger process
If we're waiting for the debugger process to exit and receive SIGTERM,
propagate it to all processes in our process group, including the
debugger, so we can follow it up with a proper cleanup.
kernel-install: make version/kernel image parameters optional for "add"
Let's make kernel-install a bit easier to use:
If the kernel version is not specified, let's imply "uname -r", so that
we regnerate the entries for the current kernel.
If the kernel image is not specified let's imply using
/usr/lib/modules/$version/vmlinuz, i.e. the location distros like Fedora
drop the kernel into, which we generally recommend people to use.
If the kernel is not found there, don't try to automatically pick the
kernel path, and fail, as before.
tree-wide: take in all *our* JSON structures also decimal strings
Let's be friendly in what we accept: whenever we define a JSON
structure, let's also allow decimal strings where we want an integer.
This patch purely replaces JSON_VARIANT_UNSIGNED by
_JSON_VARIANT_TYPE_INVALID in the various JsonDispatch[] tables, so that
we'll happily accept any type in json_dispatch(), so that
json_dispatch_uint64() and related tools can do their thing.
This does not switch over OCI (as a JSON structure not defined by us).
json: teach dispatch logic to also take numbers formatted as strings
JSON famously is problematic with integers beyond 53 bits, because
JavaScript stores everything in double precision floating points.
Various implementations in other languages can deal with signed 64 bit
integers, and a few can deal with unsigned 64bit too (like ours).
Typically program that need more then 53 bit of accuracy encode integers
as decimal strings, to make sure that even if consumers can't really
process larger values they at least won't corrupt the data while passing
it along. This is also recommended by JSON-I (RFC 7493)
To maximize compatibility with other implementations let's add 1st class
parsing support for such objects in the json_dispatch() API.
This makes json_dispatch_uint64() and related calls parse such
integers-formatted-as-decimal-strings as uint64_t. This logic will only
be enabled if the "type" field of JsonDispatch is left unspecified (i.e.
set to negative/_JSON_VARIANT_TYPE_INVALID) though, hence alone does not
change anything in effect.
This purely is about consuming such values, whether we should genreate
them also is a discussion for a separate PR.
test-execute: add no_new_privs tests for SystemCallFilter
When starting a service with a non-root user and a SystemCallFilter and
other settings (like ProtectClock), the no_new_privs flag should not be set.
Also, test that CapabilityBoundingSet behaves correctly, since we need
to preserve some capabilities to do the seccomp filter and restore the
ones set by the service before executing.
core: allow using seccomp without no_new_privs when unprivileged
Until now, using any form of seccomp while being unprivileged (User=)
resulted in systemd enabling no_new_privs.
There's no need for doing this because:
* We trust the filters we apply
* If User= is set and a process wants to apply a new seccomp filter, it
will need to set no_new_privs itself
An example of application that might want seccomp + !no_new_privs is a
program that wants to run as an unprivileged user but uses file
capabilities to start a web server on a privileged port while
benefitting from a restrictive seccomp profile.
We now keep the privileges needed to do seccomp before calling
enforce_user() and drop them after the seccomp filters are applied.
If the syscall filter doesn't allow the needed syscalls to drop the
privileges, we keep the previous behavior by enabling no_new_privs.
Tad Fisher [Fri, 6 Oct 2023 20:52:07 +0000 (13:52 -0700)]
resolve: use exact-match domain as routing domain for single-labels
With ResolveUnicastSingleLabel=yes, a scope's search domains are affixed to the
query even when a routing domain matches the single-label query name,
preventing the use of dotless single-label domains entirely.
This changes dns_scope_name_wants_search_domain() to return false when the
scope contains an exact match of the single-label name in the query, allowing
lookups for dotless domains with ResolveUnicastSingleLabel enabled.
Let's wait for the "latest" message systemd-bsod prints to the console
to appear, otherwise we might be too fast and take a console snapshot
before it contains all the information:
[ 44.237788] testsuite-04.sh[1744]: + setterm --term linux --dump --file /tmp/console.dump
[ 44.246089] systemd-bsod[1858]: QR code could not be printed, ignoring: Operation not supported
[ 44.305692] testsuite-04.sh[1744]: + grep -aq 'The current boot has failed' /tmp/console.dump
[ 44.308047] testsuite-04.sh[1744]: + grep -aq 'Service emergency message' /tmp/console.dump
[ 44.311200] testsuite-04.sh[1744]: + grep -aq 'Press any key to exit' /tmp/console.dump
[ 44.314359] testsuite-04.sh[1744]: + at_exit
[ 44.315087] testsuite-04.sh[1744]: + local EC=1
[ 44.315945] testsuite-04.sh[1744]: + [[ 1 -ne 0 ]]
[ 44.316647] testsuite-04.sh[1744]: + [[ -e /tmp/console.dump ]]
[ 44.318305] testsuite-04.sh[1744]: + cat /tmp/console.dump
[ 44.319320] testsuite-04.sh[1871]: The current boot has failed!
[ 44.319970] testsuite-04.sh[1871]: Service emergency message
<ulinks> contents are used to generate a SEE ALSO section at the
bottom of a man page, so we need to include the title, without additional
words, in the content.
As pointed out in https://github.com/systemd/systemd/issues/29814, we need to
use phrases are are meaningful on their own, because the man page formatter
creates a list at the bottom. With <ulink>see docs</ulink>, we end up with:
NOTES:
1. see docs
https://some.url/page
2. see docs
https://some.url/page2
which is not very useful :(
Also, the text inside the tag should not include punctuation.
Python helper:
from xml_helper import xml_parse
for p in glob.glob('../man/*.xml'):
t = xml_parse(p)
ulinks = t.iterfind('.//ulink')
for ulink in ulinks:
if ulink.text is None: continue
text = ' '.join(ulink.text.split())
print(f'{p}: {text}')
Florian Schmaus [Mon, 6 Nov 2023 12:15:55 +0000 (13:15 +0100)]
cgroup: add support for memory.peak
Linux's Control Group v2 interfaces exposes memory.peak, which contains the
"max memory usage recorded for the cgroup and its descendants since the
creation of the cgroup."
This commit adds a new property "MemoryPeak" for units and makes "systemctl
show" display this value if it is available.
jjimbo137 [Mon, 6 Nov 2023 16:39:01 +0000 (11:39 -0500)]
tcrypt: try all entered passphrases instead of just the first one (#29837)
Previously only the first entered passphrase would be used. Add the ability to check all the passwords entered by the user. The total number of passwords entered is still limited by passphrase entry limit.
I am sorry, I totally forgot adding emojis reflecting the state of each
PCR. I hope I can do better in future, and hereby I'd like to rectify
the situation a bit.
Daan De Meyer [Mon, 23 Oct 2023 09:18:35 +0000 (11:18 +0200)]
kernel-install: Add --json option for inspect verb
In mkosi, we can't use kernel-install directly but we do want to
mimick its behavior as much as possible. Let's make that easier by
making it easy to fetch data from kernel-install as JSON.
To get all the necessary data, we extend the inspect verb to also
allow passing in a kernel version and initrds, to mimick the "add"
verb. The kernel version is used to determine the "Entry Directory",
and in absence of auto-detection of kernel version in kernel-install
we have to allow users to pass it.
Yu Watanabe [Mon, 6 Nov 2023 11:39:46 +0000 (20:39 +0900)]
sd-device-monitor: unconditionally increase buffer size by sd_device_monitor_new()
As suggested at https://github.com/systemd/systemd/pull/29872#discussion_r1382932633:
> socket memory is these days accounted to the process that owns a socket,
> hence we shouldn't be too concerned that this might waste memory.
- link->network->ipv6_hop_limit must not be updated, as it may be used
by multiple interfaces,
- We may receive multiple RA from multiple routers with different hop
limit, and we should not make the default hop limit flicking,
- First of all, there is no reason that we need to update the default hop
limit,
- The original issue should be caused by the hash and compare functions
for Route object.