Mike Yuan [Fri, 6 Jun 2025 19:47:39 +0000 (21:47 +0200)]
sd-varlink: hook up fd passing control with SO_PASSRIGHTS
This is a tricky one, because we effectively turn fd passing input
toggle into a tristate: unset, disabled, and enabled; whereas unset
and disabled were identical previously. *Unset* state silently
ignores SCM_RIGHTS passed by invoking recv() instead of recvmsg(),
and for disabled we now disable SO_PASSRIGHTS completely.
The plot thickens when it comes to the server, since we want to
turn off the SO_PASSRIGHTS already on the listening socket so that
there's no race between accept() and recvmsg() wrt SO_PASSRIGHTS state.
However, if we do this unconditionally, the existing use case of
creating a custom connection callback and enabling fd passing there
would be broken.
Hence, let's introduce a new flag,
SD_VARLINK_SERVER_FD_PASSING_INPUT_STRICT, which when set
ties the enablement of fd passing to SO_PASSRIGHTS in server,
and set it for all our varlink servers.
Refer to the previous commit for the rationale behind return value
change in sd_varlink_set_allow_fd_passing_input().
Mike Yuan [Mon, 9 Jun 2025 22:01:53 +0000 (00:01 +0200)]
sd-varlink: unify AF_UNIX check in sd_varlink_set_allow_fd_passing_output()
Currently, the socket type is only checked if the fd passing is
being enabled. The special handling seems unnecessary though,
as in the disable case, either fd passing is already false and
would be caught by the (... == !!b) shortcut at the beginning,
or the AF_UNIX check wouldn't have succeeded in the first place,
for the initial toggle to true. Hence, just uniformly check
AF_UNIX.
While at it, sd_varlink_set_allow_fd_passing_*() oddly return 1
iff changed and !b, which doesn't fit into our coding style and
I can't come up with any use case for such behavior. Let's
return 1 on changed and 0 otherwise.
sd_varlink_set_allow_fd_passing_input() will be fixed in the later
commits with other enhancements.
Mike Yuan [Fri, 6 Jun 2025 19:01:33 +0000 (21:01 +0200)]
core/socket: introduce AcceptFileDescriptors=
This controls the new SO_PASSRIGHTS socket option in kernel v6.16.
Note that I intentionally choose a different naming scheme than
Pass*=, since all other Pass*= options controls whether some extra
bits are attached to the message, while this one's about denying
file descriptor transfer and it feels more explicit this way.
And diverging from underlying socket option name is precedented
by Timestamping=. But happy to change it to just say PassRights=
if people disagree.
Arkadiusz Bokowy [Thu, 12 Jun 2025 14:20:29 +0000 (16:20 +0200)]
sd-bus: Preserve interfaces addition order
When adding a new interface to the object add it at the end of the list.
This way, when iterating over the list, e.g., during handling introspect
call, the order of returned interfaces will mach the order in which they
were added.
Luca Boccassi [Mon, 16 Jun 2025 22:28:57 +0000 (23:28 +0100)]
fstab-generator: set mode=0755 with root=tmpfs
If mode= is not set in rootflags= add mode=0755 when a tmpfs
is used on the rootfs, otherwise it will be group/world writable
as that's the default mode for tmpfs filesystems.
* 7de88c66bd Do not mark symlinks as %ghost
* 92c16c1dab Let systemd-{sysusers,shared} conflict with older systemd
* ed6b885327 Version 257.6
* 5a53eac13c Package pcrlock files together with systemd-pcrlock
* 2192e86112 Move mount.ddi symlinks to -container subpackage
* 451184cbea Revert "Disable freezing of user sessions"
* f6af46db12 Backport adb/fastboot udev rules (BZ#2356537)
* f6b814cc0f Backport CI fix
* d304477023 Version 257.5
* 2dc224ae5d Update systemd to version 257.6 / rev 448 via SR 1281804
* 15818e66dd Update systemd to version 257.5 / rev 447 via SR 1278063
* 2480ac89f0 Update 000product to rev 4383
* c381cdada8 update 2025-04-11 16:42
* bb036b2b8e Update systemd to version 257.4 / rev 444 via SR 1252776
* 55ae12d80b Update systemd to version 257.3 / rev 443 via SR 1249841
* a7fcf45b77 Update systemd to version 257.3 / rev 442 via SR 1247443
* 15cb472aeb upgpkg: 257.6-1: new upstream release
* 1c11767e01 upgpkg: 257.5-3: backlight: Drop support for actual_brightness
* 489e88099e upgpkg: 257.5-2: fast-forward to current v257-stable
Yu Watanabe [Mon, 16 Jun 2025 08:55:11 +0000 (17:55 +0900)]
manager: also restart stub listner on reload
Previously, the extra stub listners were stopped but new ones were not
started. Also, the main stub listners were not restarted, hence the
new settings were not applied. This fixes the above two issues.
Note, to fix the issue, we need to keep CAP_NET_BIND_SERVICE capability
to make it allow to bind stub listner later.
Yu Watanabe [Mon, 16 Jun 2025 08:51:49 +0000 (17:51 +0900)]
resolve: several cleanups for manager_dispatch_reload_signal()
- set defaults after all existing configs and setups cleared,
- mention failures are ignored in log messages,
- drop one redundant log message,
- do not return negative errno but exit event loop on critical failure.
Yu Watanabe [Mon, 16 Jun 2025 07:42:38 +0000 (16:42 +0900)]
network/tunnel: rename Ip6TnlMode to TunnelMode
This also makes ip6tnl can be created without specifying Mode= setting,
as the kernel accepts new-link netlink message without the
IFLA_IPTUN_PROTO attribute.
No effective functional change, just refactoring and preparation for
later change.
nsresourced: make sure "tun" driver is properly loaded and accessible
We need access to /dev/net/tun, hence make sure we can actually see
/dev/. Also make sure the module is properly loaded before we operate,
given that we run with limit caps. But then again give the CAP_NET_ADMIN
cap, since we need to configure the network tap/tun devices.
Yu Watanabe [Thu, 12 Jun 2025 09:25:54 +0000 (18:25 +0900)]
udev/rules.d: import hwdb before calling net_id builtin
The commit cdcb1eeeb883b2ecb3992865f458f874900ddb87 adds
ID_NET_NAME_INCLUDE_DOMAIN property support in net_id builtin.
The property is basically set through hwdb. However, previously hwdb was
imported after calling net_id builtin, hence when net_id is called, the
property was never set.
This makes hwdb is imported before calling net_id builtin, so that the
property is set when net_id is called if hwdb has an entry about that
for the interface.
Yu Watanabe [Fri, 13 Jun 2025 08:12:19 +0000 (17:12 +0900)]
network/dhcpv4: add ability to use BOOTP (#34888)
BOOTP can be used to sign a static IP to clients. Instead of using the
four message exchange, and Option 53 (DHCP Message Type) there is only a
two message exchange.
Add the following network option to enable BOOTP:
[DHCPv4]
BOOTP=yes
This will allow a two message request / reply sequence that doesn't
require DHCP message types.
Colin Foster [Wed, 30 Oct 2024 01:50:58 +0000 (20:50 -0500)]
sd-dhcp-client: add ability to support bootp
BOOTP can be used to sign a static IP to clients. Instead of using the
four message exchange, and Option 53 (DHCP Message Type) there is only a
two message exchange. This adds the support for this exchange.
Yu Watanabe [Wed, 11 Jun 2025 09:05:46 +0000 (18:05 +0900)]
network: also check ID_NET_MANAGED_BY property on reconfigure
Previously, the property was checked only when an uevent is received,
so even if an interface has ID_NET_MANAGED_BY property, the interface
will be configured by networkd when reconfiguration is triggered e.g.
when interface state is changed.
Yu Watanabe [Wed, 11 Jun 2025 04:02:27 +0000 (13:02 +0900)]
login: drop unnecessary dependency to libacl
With c960ca2be1cfd183675df581f049a0c022c1c802, logind does not handle
ACL anymore, but triggers events for udevd and udevd updates ACL.
Hence, libacl is not necessary for logind.
Luca Boccassi [Tue, 10 Jun 2025 22:07:26 +0000 (23:07 +0100)]
add parameter to specify hash alg used for PKCS#1 signature in PKCS#7 creation (#37794)
The pkcs7_new() function currently uses the hash algorithm from the X509
certificate's signature, but the content signature may use a different
hash algorithm. This adds a parameter to allow specifying what hash
algorithm the content signature generation used.
Dan Streetman [Fri, 6 Jun 2025 16:31:40 +0000 (12:31 -0400)]
openssl: add hash_algorithm parameter to pkcs7_new()
The pkcs7_new() function currently uses the hash algorithm from the X509
certificate's signature, but the content signature may use a different hash
algorithm. This adds a parameter to allow specifying what hash algorithm the
content signature generation used.
Daniel Foster [Mon, 26 May 2025 15:08:38 +0000 (01:08 +1000)]
socket-activate: add --now option
Add a --now option that starts the program instantly, instead of waiting for a
connection on the socket. This is useful, for instance, when developing:
Say I have a Rust, socket-activated web service. I can test it with:
systemd-socket-activate -l 8080 --fdname=http cargo run
However this delays running the service (which potentially involves compilation)
to when I try to connect to it, which wastes time. Since it delays compilation,
I also don't see any warning or errors in the code until it gets a connection
either.
The name's now a bit of a misnomer, since starting the service immediately isn't
really socket activation, but oh well ¯\_(ツ)_/⁻
Daniel Foster [Mon, 26 May 2025 14:29:13 +0000 (00:29 +1000)]
socket-activate: validate more argument combinations earlier in runtime
Check user configuration errors and warnings (e.g. more than one socket passed
with --inetd) earlier in runtime. There's no reason not to do this, and it means
invalid configuration will be reported to the user earlier.
Also let the user know that --fdname= has no effect with --inetd.
projects / thirdparty / systemd.git / log
