Mike Yuan [Thu, 29 May 2025 19:01:01 +0000 (21:01 +0200)]
Use DCS sequence to query terminal name and set $TERM automatically (#37538)
This code seems to work quickly and nicely for a bunch of modern
terminals. Setting $TERM automatically removes an common annoyance for
users. This code will not work for all terminal emulators, but by adding
it in systemd we'll entice maintainers of those terminals to add support
for the sequences. For the terminals that don't support the sequence, we
get a bit of a slowdown of `< 1 ms`, which seems hardly noticeable. The
user can always set TERM explicitly to avoid this if upgrading to a
newer terminal emulator is not possible.
query_term_for_tty() is used in two places: in fixup_environment(),
which affects PID1 itself, and in build_environment(), which affects
spawned services. There is obviously some cost to the extra call,
but I think it's worthwhile to do it. When $TERM is set incorrectly,
basic output works OK, but then there are various annoying corner
cases. In particular, we get the support for color (or lack of it)
wrong, and when output is garbled, users are annoyed. Things like
text editors are almost certain to behave incorrectly. Testing in
test-terminal-util indicates that the time required to make a successful
query is on the order of a dozen microseconds, and an unsuccessful
query costs as much as our timeout, i.e. currently 1/3 ms. I think
this is an acceptable tradeoff.
No caching is used, because fixup_environment() is only called once,
and the other place in build_environment(), only affects services
which are connected to a tty, which is only a handful of services,
and often only started in special circumstances.
As requested in https://github.com/systemd/systemd/issues/36994,
use DCS + q name ST. This works, but has limited terminal support:
xterm, foot, kitty.
Yu Watanabe [Thu, 29 May 2025 01:22:21 +0000 (10:22 +0900)]
login: add device monitor instance to receive events for devices with uaccess tag
With c960ca2be1cfd183675df581f049a0c022c1c802, logind triggers uevents
for devices with uaccess tag, and waits for the events being processed
by udevd.
However, logind received not all triggered events, and might lose some
events. That causes session and user state file not updated, and many
desktop environment application handled the session and user were inactive.
This introduces one more device monitor instance which monitor events
for devices with 'uaccess' tag. Hence, all triggered events will be
recieved by logind, and session and user state file will be updated.
coredump: introduce an enum to wrap dumpable constants
Two constants are described in the man page, but are not defined by a header.
The third constant is described in the kernel docs. Use explicit values to
show that those are values are defined externally.
A new core_pattern specifier was added, %F, to provide a PIDFD
to the usermode helper process referring to the crashed process.
This removes all possible race conditions, ensuring only the
crashed process gets inspected by systemd-coredump.
The check looks plausible, but when I started checking whether it needs
to be lowered for the recent changes, I realized that it doesn't make
much sense.
context_parse_iovw() is called from a few places, e.g.:
- process_socket(), where the other side controls the contents of the
message. We already do other checks on the correctness of the message
and this assert is not needed.
- gather_pid_metadata_from_argv(), which is called after
inserting MESSAGE_ID= and PRIORITY= into the array, so there is no
direct relation between _META_ARGV_MAX and the number of args in the
iovw.
- gather_pid_metadata_from_procfs(), where we insert a bazillion fields,
but without any relation to _META_ARGV_MAX.
Since we already separately check if the required stuff was set, drop this
misleading check.
The kernel provides %d which is documented as
"dump mode—same as value returned by prctl(2) PR_GET_DUMPABLE".
We already query /proc/pid/auxv for this information, but unfortunately this
check is subject to a race, because the crashed process may be replaced by an
attacker before we read this data, for example replacing a SUID process that
was killed by a signal with another process that is not SUID, tricking us into
making the coredump of the original process readable by the attacker.
With this patch, we effectively add one more check to the list of conditions
that need be satisfied if we are to make the coredump accessible to the user.
Reportedy-by: Qualys Security Advisory <qsa@qualys.com>
In principle, %d might return a value other than 0, 1, or 2 in the future.
Thus, we accept those, but emit a notice.
Jan Čermák [Wed, 28 May 2025 18:33:03 +0000 (20:33 +0200)]
journal-gatewayd: add /boots endpoint (#37574)
Add endpoint for listing boots. Output format mimics `journalctl
--list-boots -o json`, so it's a plain array containing index, boot ID
and timestamps of the first and last entry. Initial implementation
returns boots ordered starting with the current one and doesn't allow
any filtering (i.e. equivalent of --lines argument).
A "string" is a concept in C. In a text-based API, this is implicit, especially
if we say that something was "formatted". So change occurences of "decimal
string" to just "decimal". Similarly, "numerics" is unclear, say "digits".
Also, a "timestamp is in a clock" just sounds wrong. Reword those sentences.
Yu Watanabe [Wed, 28 May 2025 02:14:41 +0000 (11:14 +0900)]
sd-bus: rename internal structs and enums
This renames e.g. struct bus_body_part -> BusMessageBodyPart to
follow our usual coding style. Also, several struct and enum
declarations are moved to relevant headers.
Also, this introduces bus-forward.h.
Yu Watanabe [Tue, 27 May 2025 20:39:37 +0000 (05:39 +0900)]
meson: check -ffinite-math-only in more detail
Even if -fno-finite-math-only is specified, -ffinite-math-only,
-ffast-math, or -Ofast may be also specified after that. In that case,
-fno-finite-math-only has no effect, and test-json will fail.
Yu Watanabe [Tue, 27 May 2025 17:09:52 +0000 (02:09 +0900)]
network/link: update state file when master ifindex is changed
If master ifindex is non-zero, then the carrier state and operational
state of the interface may be the enslaved state.
As the operational state is saved in link state file, and read by
wait-online, we need to update the state file when the master ifindex is
changed.
Yu Watanabe [Tue, 27 May 2025 14:17:40 +0000 (23:17 +0900)]
network/link: ENODATA from reading IFLA_MASTER when an interface has no master
When an interface leaved from the master interface, then reading
IFLA_MASTER attribute causes ENODATA. When the interface was previously
enslaved to another interface, we need to remove reference to the
interface from the previous master interface.
This is especially important when
```
ip link set dev eth0 nomaster
```
is called.
* 5e739ef1ed mkosi-initrd: Optionally match t64 suffix for tss2
libraries
* ec70393077 Merge pull request https://github.com/systemd/mkosi/pull/3742 from DaanDeMeyer/man
|\
| * 94cc136fbe mkosi-tools: Install man tool and pages as part of misc
profile
| * eda2ed533d Enforce C.UTF-8 locale for all commands we run
* | 9821e9a3e3 sandbox: Support using mkosi-sandbox as a library
* | 4145382edf Serialize pid in state and check if still exists on load
* | 3d119cba07 Merge pull request https://github.com/systemd/mkosi/pull/3736 from DaanDeMeyer/rpm-gpgkey
|\ \
| |/
|/|
| * 0a5d87b7bb Only pick up /etc/pki/tls and /etc/pki/ca-trust as
certificate dirs
| * c30eee187f Look for rpm gpg keys from inside the sandbox
|/
* ef2842dfea Fix version bump check if image version was passed on CLI
* 12b6251153 apt: Install apt sources if apt was installed via base tree
* a0b4e1af9a Make sure git doesn't fail when running as root
* 585a47705d repart: use --append-fstab=auto if available
* cec6ae1dda sandbox: handle case where dev node for tty doesn't exist
* a60dade823 initrd: shadow-utils removal is only necessary on old
Fedora
* ca11acbd5b Use SPDX identifier instead of file path for license in
pyproject.toml
* 4d031bc57d Revert license-files property
* c80dd09008 Merge pull request https://github.com/systemd/mkosi/pull/3722 from behrmann/versiontweaks
|\
| * c76e5dc4bc make version test more readable
| * 90ba99dde1 version: add __repr__ to GenericVersion
|/
* dd794ec832 Fix licenses path in pyproject.toml
* 7eeb749840 Merge pull request https://github.com/systemd/mkosi/pull/3702 from aafeijoo-suse/initrd-kmp
|\
| * 565b905aa1 mkosi-initrd: handle symlinks under weak-updates
| * a83ccc10c7 mkosi-initrd: perform basic checks on the kernel dir
before calling mkosi
| * 73cad79c9e mkosi-initrd: --kernel-modules-include ->
--kernel-modules
* bac76904c3 build(deps): bump github/codeql-action from 3.28.13 to
3.28.16
* 44161624a2 Supress ssh unit generation if sshd is not present
* b8758dac28 Partially revert 640000a861e9cd9a3807e4158e110a098c74d078
* 6f11937dc6 Don't use default value if optional settings are set to
none
* 640000a861 Use a default tools tree by default if mkosi.tools.conf
exists
* 63d91cc285 mkosi: Override misconfigured gitconfig HTTP/HTTPS proxy
with ProxyUrl
* a859b5eb13 Make sure we create the default workspace directory as well
For some reasons, if we are running on LXC, even if bpf_program_supported()
returned true, but bpf_program_load_kernel() failed:
```
Attaching device control BPF program to cgroup /system.slice/test-bpf-devices-875b406d56ac7bc3.scope/186c411f6e991777 failed: Operation not permitted
src/test/test-bpf-devices.c:31: Assertion failed: Expected "r" to succeed, but got error: Operation not permitted
```
Jan Vaclav [Tue, 27 May 2025 07:55:50 +0000 (09:55 +0200)]
in-addr-util: use s6_addr* macros everywhere
Currently, the code in in-addr-util.c uses a mix of accessing the
in6_u members directly, as well as using the s6_addr* macros.
Let's unify it so that the s6_addr macros are used everwhere.
This is not a trivial wrapper around user-created-buffer-based
syscall, so do not use _malloc suffix. Most of our functions
return an internally allocated buffer and this one's not special.
repart: Copy fs-verity status for CopyFiles= (#35401)
When populating a filesytem with CopyFiles=, we first copy the files to
a temporary directory. Make sure we use the (new) COPY_FS_VERITY flag
when doing that copy so that the `mkfs` that we invoke can see the files
with fs-verity enabled.
mountfsd: add call for creating a foreign UID owned dir in dir owned by caller
In order to fully support unpriv containers placed in directories owned
by the foreign UID range, below some unpriv user $HOME, we need to away
to actually create these hierarchies in the first place.
Let's add a method call for that. It takes a dir fd, then validates that
its ownership matches the client's identity, and then creates a subdir,
chown()ing it to the foreign UID range. It then returns an fd to the
result.
The result could then be passed to MountDirectory() in order to get a
mount which can then be populated by some code running in a dynamic
userns.
Let's check the leader alive state, and let's log about dbus errors.
This mimics (but is not quite identical to) what we do these days in
logind for GC'ing user sessions.
projects / thirdparty / systemd.git / log
