Susant Sahani [Wed, 22 May 2019 09:46:41 +0000 (15:16 +0530)]
networkctl: add support to delete virtual netdevs
We now don't have the support to delete netdevs and dependent
upon iproute to delete. With this we can delete via networkctl
and use in our test cases too.
Note that it supports deleting multiple links at once.
Milan Broz [Mon, 27 May 2019 07:44:14 +0000 (09:44 +0200)]
cryptsetup: Add LUKS2 token support.
LUKS2 supports so-called tokens. The libcryptsetup internally
support keyring token (it tries to open device using specified
keyring entry).
Only if all token fails (or are not available), it uses a passphrase.
This patch aligns the functionality with the cryptsetup utility
(cryptsetup luksOpen tries tokens first) but does not replace
the systemd native ask-password function (can be used the same in
combination with this patch).
Milan Broz [Mon, 27 May 2019 07:27:54 +0000 (09:27 +0200)]
cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails.
If crypt_load() for LUKS succeeds, we know that it is a LUKS device.
Failure of data device setting should fail in this case; remapping
as a PLAIN device late could mean data corruption.
(If a user wants to map PLAIN device over a device with LUKS header,
it should be said explicitly with "plain" argument type.)
Also, if there is no explicit PLAIN type requested and crypt device
is already initialized (crypt_data_type() is set), do not run
the initialization again.
rules: enable hardware-related targets also for user instances
> the odd thing is that these units are also defined for the systemd user
> instance. However, because these are bound to SYSTEMD_USER_WANTS rather than
> SYSTEMD_WANTS they are effectively useless unless some other software
> installs the corresponding udev rules first.
This adds the rules and starts those targets also for user instances.
Fixes #12330.
Yu Watanabe [Sat, 25 May 2019 22:21:00 +0000 (07:21 +0900)]
udev: suppress warning when interface matches 99-default.link
This suppress the following warning:
```
systemd-udevd[437]: Config file /usr/lib/systemd/network/99-default.link
applies to device based on potentially unpredictable interface name 'wlan0'
```
Frantisek Sumsal [Mon, 27 May 2019 17:59:26 +0000 (19:59 +0200)]
test: correctly fail when system is borked
In certain situations, the systemctl commands may fail (e.g. due to
missing shared libraries), but the 'script' continues and creates a
/testok file, marking the test incorrectly as passed. Let's fix this and
bail out immediately when a command exits with a non-zero exit code.
Frantisek Sumsal [Fri, 24 May 2019 20:35:52 +0000 (22:35 +0200)]
test: improve handling of ASan under clang
Running integration tests with ASan is somewhat tricky to begin with, as
we need to pre-load the ASan runtime DSO for certain services (like
dbus), otherwise they won't start or behave as expected. In case of gcc
this is pretty easy, as we need the runtime DSO during compilation, so
it's already present on the host system. For clang things get more
complicated, as ASan is compiled in statically by default, thus to
enable the necessary dynamic-ish behavior one needs to compile with
-shared-libasan and then correctly set LD_PRELOAD_PATH, as the runtime
libraries are not in a standard library path.
Oliver Harley [Sun, 26 May 2019 05:31:29 +0000 (07:31 +0200)]
--bind-device does not take a bool
See https://github.com/systemd/systemd/blob/e95be7def26c6c5feaf08a4135aa4f50c53263a8/src/mount/mount-tool.c#L164
Also makes the man page consistent with the `--help` option
Jack [Sat, 25 May 2019 20:42:00 +0000 (21:42 +0100)]
hwdb: Add support for Linx 12V64 (#12665)
This fixes the accelerometer for the Linx 12V64.
Note that even though the configuration for both models is the same, the 12V64 and 12X64 are different models.
terminal-util: reset access mode in vt_restore(), too
Only changing ownership back to root is not enough we also need to
change the access mode, otherwise the user might have set 666 first, and
thus allow everyone access before and after the chown().
Inspired by #12431 let's also rework chmod_and_chown() and make sure we
never add more rights to a file not owned by the right user.
Also, let's make chmod_and_chown() just a wrapper arond
fchmod_and_chown().
let's also change strategy: instead of chown()ing first and stating
after on failure and supressing errors, let's avoid the chown in the
firts place, in the interest on keeping things minimal.
logind: split out dbus header files into their own
Previously, logind's logind-session.h would define prototypes for
logind-session.c and logind-session-dbus.c. Split that out, so that
there's a separate logind-session-dbus.h for that. Similar for seats and
users as well as the manager itself.
This changes no code, just rearranges where protoypes are located.
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
logind: consider "greeter" sessions suitable as "display" sessions of a user
Interestingly, elect_display_compare() already ordered "user" sessions
before "greeter" sessions, though nothing other than "user" sessions
where ever considered anyway.
logind: add SetBrightness() bus call for setting brightness of leds/backlight devices associated with a seat
This augments the drm/input device management by adding a single method
call for setting the brightness of an "leds" or "backlight" kernel class
device.
This method call requires no privileges to call, but a caller can only
change the brightness on sessions that are currently active, and they
must own the session.
This does not do enumeration of such class devices, feature or range
probing, chnage notification; it doesn't help associating graphics or
input devices with their backlight or leds devices. For all that clients
should go directly to udev/sysfs. The SetBrightness() call is just for
executing the actual change operation, that is otherwise privileged.
The parameter the SetBrightness() call takes are the kernel subsystem
(i.e. "leds" or "backlight"), the device name, and the brightness
value.
On some hw setting the brightness is slow, and implementation and write
access to the sysfs knobs exposes this slowness. Due to this we'll fork
off a writer process in the background so that logind doesn't have to
block. Moreover, write requestes are coalesced: when a write request is
enqueued while one is already being executed it is queued. When another
write reques is then enqueued the earlier one is replaced by the newer
one, so that only one queued write request per device remains at any
time. Method replies are sent as soon as the first write request that
happens after the request was received is completed.
It is recommended that bus clients turn off the "expect_reply" flag on
the dbus messages they send though, that relieves logind from sending
completion notification and is particularly a good idea if clients
implement reactive UI sliders that send a quick secession of write
requests.
udev: tag "leds" and "backlight" devices for association to a seat
These devices do not become user-accessible this way, but they are
logically assigned to a seat, which makes a lot of sense, since they are
human-facing output devices, and such should belong to one.
test-execute: turn off coredump generation in test services
These services are likely to coredump, and we expect that but aren't
interested in the coredump. Hence let's turn off processing by setting
RLIMIT_CORE to 0/0.
test-execute: let's ignore the difference between CLD_KILLED and CLD_DUMPED
Depending on system configuration and whether SCMP_ACT_KILL_PROCESS or
SCMP_ACT_KILL_THREAD is available/used processes might coredump on
specific coredumps or are just plain killed. For our test case the
difference doesn't really matter, hence let's hide it away.