Luca Boccassi [Wed, 11 Dec 2024 13:40:10 +0000 (13:40 +0000)]
test-fd-util: compare FDs to /bin/sh instead of /dev/null
/dev/null is a character device, so same_fd() in the fallback path
that compares fstat will fail, as that bails out if the fd refers
to a char device. This happens on kernels without F_DUPFD_QUERY and
without kcmp.
/* test_same_fd */
Assertion 'same_fd(d, e) > 0' failed at src/test/test-fd-util.c:111, function test_same_fd(). Aborting.
Luca Boccassi [Wed, 11 Dec 2024 12:01:18 +0000 (12:01 +0000)]
test-fd-util: skip test when lacking privileges to create a new namespace
To reproduce, as an unprivileged user start a docker container and build
and run the unit tests inside it:
$ docker run --rm -ti debian:bookworm bash
...
/* test_close_all_fds */
Successfully forked off '(caf-plain)' as PID 10496.
Skipping PR_SET_MM, as we don't have privileges.
(caf-plain) succeeded.
Failed to fork off '(caf-noproc)': Operation not permitted
Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.
Luca Boccassi [Wed, 11 Dec 2024 12:10:13 +0000 (12:10 +0000)]
test-capability: CAP_LINUX_IMMUTABLE is not available in unprivileged containers
have ambient caps: yes
Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Failed to drop auxiliary groups list: Operation not permitted
Failed to change group ID: Operation not permitted
Capabilities:cap_dac_override,cap_net_raw=ep
Capabilities:cap_dac_override=ep
Successfully forked off '(getambient)' as PID 12505.
Skipping PR_SET_MM, as we don't have privileges.
Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically.
Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting.
(getambient) terminated by signal ABRT.
src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error
logind: drop one duplicate param in manager_is_inhibited()
In the review in https://github.com/systemd/systemd/pull/30307#pullrequestreview-2255002732
removal of the excessive boolean parameters was requested. We don't need
a separate boolean param here, since we always pass true with a uid and
false otherwise.
Yu Watanabe [Wed, 11 Dec 2024 01:17:25 +0000 (10:17 +0900)]
core: Add ProtectHostname=private (#35447)
This PR allows an option for systemd exec units to enable UTS namespaces
but not restrict changing hostname via seccomp. Thus, units can change
hostname without affecting the host. This is useful for OS-like
containers running as units where they should have freedom to change
their container hostname if they want, but not the host's hostname.
Ryan Wilson [Mon, 2 Dec 2024 23:38:46 +0000 (15:38 -0800)]
core: Fix time namespace in RestrictNamespaces=
RestrictNamespaces= would accept "time" but would not actually apply
seccomp filters e.g. systemd-run -p RestrictNamespaces=time unshare -T true
should fail but it succeeded.
This commit actually enables time namespace seccomp filtering.
Previously if one service specified the same unit as their
success and failure handler we bailed out of resolving the triggering unit
even though it is still unique.
Luca Boccassi [Tue, 10 Dec 2024 12:13:06 +0000 (12:13 +0000)]
test: skip TEST-13-NSPAWN.nspawn/machined, TEST-86-MULTI-PROFILE-UKI and TEST-07-PID1.private-pids.sh
These new tests are flaky, so disable them temporarily, until after
the release, to avoid pushing out new flakiness to consumers. They
will be re-enabled immediately after.
Sebastian Gross [Tue, 10 Dec 2024 08:09:41 +0000 (09:09 +0100)]
hostnamectl: respect SYSTEMD_COLORS
Instead of the wrapper functions the color defines where used directly.
This was especially a problem for ANSI_HIGHLIGHT_YELLOW which is not
legible at all for light themes such as solarized. The 16 color palette
fallback can be set to a sane yellow or orange on that matter but it was
not used though `SYSTEMD_COLORS=16` was set.
Use the proper wrapper functions and let the right color be selected the
way other components do it already.
cryptenroll: show which devices support "hmac secret"
We'd silently skip devices which don't have the feature in the list.
This looked wrong esp. if no devices were suitable. Instead, list them
and show which ones are usable.
The values that were previously hardcoded in sd-varlink.c are now defined
in new varlink_set_info_systemd() and that function is called everywhere
where we create a server.
As reported in the bug, the values were hardcoded for the systemd project.
https://varlink.org/Service lists vendor, product, version, url, and interfaces
as the mandatory parameters, so add an interface to set the first four. The
last field is set automatically based on the registered interfaces as before.
If the values are not filled in, we return empty strings. With NULL,
'varlinkctl info' would say:
(string):1:25: Object field 'vendor' has wrong type null, expected string.
Yu Watanabe [Thu, 5 Dec 2024 23:42:41 +0000 (08:42 +0900)]
test-network: check status of networkd after everything cleared on tear down
Otherwise, if networkd is failed, e.g. .network files that triggered the
failure will remain, and the next test case will start with previous
.network files. So, most subsequent test will fail.
Daan De Meyer [Mon, 9 Dec 2024 16:00:24 +0000 (17:00 +0100)]
mkosi: Use rawhide tools tree in CI
To build rawhide images we might need more recent tools from rawhide
itself. While Arch would generally be up-to-date enough as well, it
doesn't provide the selinux tools so we use Fedora Rawhide instead.
When we are reading the system journal, let's set _UID=<systemd-coredump>,
then we can show coredumps for system services again. When we are reading
an external journal, then the uid of systemd-coredump may be different
from the one on the current system, so let's drop the filter condition
for _UID= in that case.
boot: exclude the trailing padding from initrd size in initrd_prepare()
This is a follow-up for f8fa4222c9ac3e74e91c64e25e9532c99559cf99 (boot: Make
initrd_prepare() semantically equivalent to combine_initrds()). That commit
changed the way that the initrd is prepared for type#1 boot loader entries,
also effectively rounding up the sizes to a multiple of 4. In [1], downstream
packagers report that the trailing zeroes result in the calculated hash being
different. To restore compatibility with previous hash calculations and
signatures, change the reported size by excluding the trailing padding. This
should restore the calculation results for the case where only one initrd is
used.
This patch doesn't touch the stub, i.e. doesn't change behaviour for UKIs. The
seems fine, since we didn't change that recently, so any changes there would
break compatiblity. The measurement results for type#1 and type#2 entries are
generally going to be different anyway. ukify and systemd-measure are also out
of scope here, because they are for UKIs.
Fixes https://github.com/systemd/systemd/issues/35439.
The other changes to the way the initrd is constructed are kept, so hopefully
the original issue with booting in qemu is not recreated.
Daan De Meyer [Fri, 6 Dec 2024 14:21:29 +0000 (15:21 +0100)]
mkosi: Set meson --max-lines= to 300 in CI
By default meson only shows the last 100 lines of output for failed
tests. Let's bump this to 300 with the new --max-lines= option I added
so we get more useful output on test failures.
Daan De Meyer [Fri, 6 Dec 2024 14:13:16 +0000 (15:13 +0100)]
test: Set kernel loglevel to INFO when running tests unattended
This makes sure all kernel log messages are logged to the console.
This should be helpful during shutdown to detect possible issues with
journald when the logs can't be written to the journal itself anymore
but are written to kmsg.
Daan De Meyer [Fri, 6 Dec 2024 14:04:56 +0000 (15:04 +0100)]
mkosi: Reduce kernel command line size
The kernel command line has a size limit and we've hit it before so
let's move some stuff to configuration files or scripts to reduce the
kernel command line size a bit.
Yu Watanabe [Sun, 8 Dec 2024 00:22:23 +0000 (09:22 +0900)]
test: tentatively disable SELinux tests
Currently, mkosi GitHub action complains the following:
===
Could not find 'setfiles' which is required to relabel files.
===
Let's tentatively disable SELinux test.
Ryan Wilson [Mon, 2 Dec 2024 16:10:05 +0000 (08:10 -0800)]
core: Add ProtectHostname=private
This allows an option for systemd exec units to enable UTS namespaces
but not restrict changing hostname via seccomp. Thus, units can change
hostname without affecting the host.
We put a timeline of 257 to remove the old bash test runner so since
we're about to release 257, let's remove the old bash test runner in
favor of the meson + mkosi test runner.
After 888e378da2dbf4520e68a9d7e59712a3cd5a830f, coredumps for system
services are stored by systemd-coredump user. Henve, _UID=0 does not
match anything anymore.
After:
```
$ build/journalctl -u systemd-networkd.service -p2 -n1
Dec 06 05:39:55 H systemd-coredump[4187]: [🡕] Process 4145 (systemd-network) of user 192 dumped core.
(snip)
```
projects / thirdparty / systemd.git / log
