Yu Watanabe [Wed, 11 Dec 2024 01:17:25 +0000 (10:17 +0900)]
core: Add ProtectHostname=private (#35447)
This PR allows an option for systemd exec units to enable UTS namespaces
but not restrict changing hostname via seccomp. Thus, units can change
hostname without affecting the host. This is useful for OS-like
containers running as units where they should have freedom to change
their container hostname if they want, but not the host's hostname.
Ryan Wilson [Mon, 2 Dec 2024 23:38:46 +0000 (15:38 -0800)]
core: Fix time namespace in RestrictNamespaces=
RestrictNamespaces= would accept "time" but would not actually apply
seccomp filters e.g. systemd-run -p RestrictNamespaces=time unshare -T true
should fail but it succeeded.
This commit actually enables time namespace seccomp filtering.
Previously if one service specified the same unit as their
success and failure handler we bailed out of resolving the triggering unit
even though it is still unique.
Luca Boccassi [Tue, 10 Dec 2024 12:13:06 +0000 (12:13 +0000)]
test: skip TEST-13-NSPAWN.nspawn/machined, TEST-86-MULTI-PROFILE-UKI and TEST-07-PID1.private-pids.sh
These new tests are flaky, so disable them temporarily, until after
the release, to avoid pushing out new flakiness to consumers. They
will be re-enabled immediately after.
Sebastian Gross [Tue, 10 Dec 2024 08:09:41 +0000 (09:09 +0100)]
hostnamectl: respect SYSTEMD_COLORS
Instead of the wrapper functions the color defines where used directly.
This was especially a problem for ANSI_HIGHLIGHT_YELLOW which is not
legible at all for light themes such as solarized. The 16 color palette
fallback can be set to a sane yellow or orange on that matter but it was
not used though `SYSTEMD_COLORS=16` was set.
Use the proper wrapper functions and let the right color be selected the
way other components do it already.
cryptenroll: show which devices support "hmac secret"
We'd silently skip devices which don't have the feature in the list.
This looked wrong esp. if no devices were suitable. Instead, list them
and show which ones are usable.
The values that were previously hardcoded in sd-varlink.c are now defined
in new varlink_set_info_systemd() and that function is called everywhere
where we create a server.
As reported in the bug, the values were hardcoded for the systemd project.
https://varlink.org/Service lists vendor, product, version, url, and interfaces
as the mandatory parameters, so add an interface to set the first four. The
last field is set automatically based on the registered interfaces as before.
If the values are not filled in, we return empty strings. With NULL,
'varlinkctl info' would say:
(string):1:25: Object field 'vendor' has wrong type null, expected string.
Yu Watanabe [Thu, 5 Dec 2024 23:42:41 +0000 (08:42 +0900)]
test-network: check status of networkd after everything cleared on tear down
Otherwise, if networkd is failed, e.g. .network files that triggered the
failure will remain, and the next test case will start with previous
.network files. So, most subsequent test will fail.
Daan De Meyer [Mon, 9 Dec 2024 16:00:24 +0000 (17:00 +0100)]
mkosi: Use rawhide tools tree in CI
To build rawhide images we might need more recent tools from rawhide
itself. While Arch would generally be up-to-date enough as well, it
doesn't provide the selinux tools so we use Fedora Rawhide instead.
When we are reading the system journal, let's set _UID=<systemd-coredump>,
then we can show coredumps for system services again. When we are reading
an external journal, then the uid of systemd-coredump may be different
from the one on the current system, so let's drop the filter condition
for _UID= in that case.
boot: exclude the trailing padding from initrd size in initrd_prepare()
This is a follow-up for f8fa4222c9ac3e74e91c64e25e9532c99559cf99 (boot: Make
initrd_prepare() semantically equivalent to combine_initrds()). That commit
changed the way that the initrd is prepared for type#1 boot loader entries,
also effectively rounding up the sizes to a multiple of 4. In [1], downstream
packagers report that the trailing zeroes result in the calculated hash being
different. To restore compatibility with previous hash calculations and
signatures, change the reported size by excluding the trailing padding. This
should restore the calculation results for the case where only one initrd is
used.
This patch doesn't touch the stub, i.e. doesn't change behaviour for UKIs. The
seems fine, since we didn't change that recently, so any changes there would
break compatiblity. The measurement results for type#1 and type#2 entries are
generally going to be different anyway. ukify and systemd-measure are also out
of scope here, because they are for UKIs.
Fixes https://github.com/systemd/systemd/issues/35439.
The other changes to the way the initrd is constructed are kept, so hopefully
the original issue with booting in qemu is not recreated.
Daan De Meyer [Fri, 6 Dec 2024 14:21:29 +0000 (15:21 +0100)]
mkosi: Set meson --max-lines= to 300 in CI
By default meson only shows the last 100 lines of output for failed
tests. Let's bump this to 300 with the new --max-lines= option I added
so we get more useful output on test failures.
Daan De Meyer [Fri, 6 Dec 2024 14:13:16 +0000 (15:13 +0100)]
test: Set kernel loglevel to INFO when running tests unattended
This makes sure all kernel log messages are logged to the console.
This should be helpful during shutdown to detect possible issues with
journald when the logs can't be written to the journal itself anymore
but are written to kmsg.
Daan De Meyer [Fri, 6 Dec 2024 14:04:56 +0000 (15:04 +0100)]
mkosi: Reduce kernel command line size
The kernel command line has a size limit and we've hit it before so
let's move some stuff to configuration files or scripts to reduce the
kernel command line size a bit.
Yu Watanabe [Sun, 8 Dec 2024 00:22:23 +0000 (09:22 +0900)]
test: tentatively disable SELinux tests
Currently, mkosi GitHub action complains the following:
===
Could not find 'setfiles' which is required to relabel files.
===
Let's tentatively disable SELinux test.
Ryan Wilson [Mon, 2 Dec 2024 16:10:05 +0000 (08:10 -0800)]
core: Add ProtectHostname=private
This allows an option for systemd exec units to enable UTS namespaces
but not restrict changing hostname via seccomp. Thus, units can change
hostname without affecting the host.
We put a timeline of 257 to remove the old bash test runner so since
we're about to release 257, let's remove the old bash test runner in
favor of the meson + mkosi test runner.
After 888e378da2dbf4520e68a9d7e59712a3cd5a830f, coredumps for system
services are stored by systemd-coredump user. Henve, _UID=0 does not
match anything anymore.
After:
```
$ build/journalctl -u systemd-networkd.service -p2 -n1
Dec 06 05:39:55 H systemd-coredump[4187]: [🡕] Process 4145 (systemd-network) of user 192 dumped core.
(snip)
```
test-time-util: do more suppression of time zone checks
The issue is directly triggered by tzdata-2024b, where the setting of timezone
started to fail and the tests stopped passing. But those timestamps in 1/1/1970
appear to have some problems already before:
$ sudo date -s 'Thu 1970-01-01 13:00:01 WET'
Thu Jan 1 03:00:01 PM EET 1970
$ sudo date -s 'Thu 1970-01-01 12:00:01 WET'
date: cannot set date: Invalid argument
Thu Jan 1 02:00:01 PM EET 1970
$ rpm -q tzdata
tzdata-2024a-9.fc41.noarch
The same issue appears with other timezones. So move the first timestamp one
day forward to avoid the issue.
After the previous problem is solved, we also get the problem already seen
previously where the roundtrip returns a time that is off by one hour:
@86401000000 → Fri 1970-01-02 00:00:01 WET → @82801000000 → Thu 1970-01-01 23:00:01 WET
Assertion 'x / USEC_PER_SEC == y / USEC_PER_SEC' failed at src/test/test-time-util.c:415, function test_format_timestamp_impl(). Aborting.
Daan De Meyer [Thu, 5 Dec 2024 13:01:08 +0000 (14:01 +0100)]
test: Implement TEST_PREFER_QEMU and use it in one of the mkosi jobs
We want to make sure the integration tests that don't require qemu
can run successfully both in an nspawn container and in a qemu VM.
So let's add one more knob TEST_PREFER_QEMU=1 to run jobs that normally
require nspawn in qemu instead.
Running these tests in qemu is also possible by not running as root but
that's very implicit so we add an explicit knob instead to make it explicit
that we want to run these in qemu instead of nspawn.
docs/CONTRIBUTING: adjust grammar, info about tests and labels
Unfortunately our CI fails pretty much constantly, so instead of saying that
"tests don't pass", weasel this into "unit tests don't pass". Also fix grammar.
Labels are adjusted automatically now, so remove that sentence.
* 433efb38f4 Only apply the new Recommends in fedora
* 8dc31eaf04 Recommend qemu-kvm-core instead of qemu-kvm
* 53cfdea02a Update tmpfiles --destroy-data patch
* 04f0a692da Version 257~rc3
* 243a055429 Make systemd-network-generator co-owned by -udev and -networkd
* 37c10f5b03 Pull in qemu from systemd-container
projects / thirdparty / systemd.git / log
