Luca Boccassi [Wed, 8 May 2024 19:16:05 +0000 (20:16 +0100)]
portable: drop explicit PrivateTmp=yes from profiles
It is already implied by DynamicUser=yes if not set, but dropping it
allows users to instead define TemporaryFileSystem=/tmp/ /var/tmp/
in their portable services, which has fewer side effects.
Luca Boccassi [Wed, 8 May 2024 19:12:57 +0000 (20:12 +0100)]
core: do not imply PrivateTmp with DynamicUser, create a private tmpfs instead
DynamicUser= enables PrivateTmp= implicitly to avoid files owned by reusable uids
leaking into the host. Change it to instead create a fully private tmpfs instance
instead, which also ensures the same result, since it has less impactful semantics
with respect to PrivateTmp=yes, which links the mount namespace to the host's /tmp
instead. If a user specifies PrivateTmp manually, let the existing behaviour
unchanged to ensure backward compatibility is not broken.
reDBo0n [Mon, 17 Jun 2024 14:05:23 +0000 (16:05 +0200)]
hwdb: add support for AIPTEK Media Tablet Ultimate (#33371)
The "AIPTEK Media Tablet Ultimate", detected as "Waltop International Corp. Batteryless Tablet",
is missing the resolution of the x-/y-axes.
Adding a new rule to 60-evdev.hwdb with the same values as another entry
"WALTOP International Corp. Batteryless Tablet" just with another matching string makes the
device usable.
After the mentioned comment, we no longer need to record
the owner to restore the previous bus owner state.
Therefore, bus_name_owner is effectively unused. Kill it.
Mike Yuan [Sat, 15 Jun 2024 15:27:33 +0000 (17:27 +0200)]
man,units: drop "temporary" from description of systemd-tmpfiles
Historically, systemd-tmpfiles was designed to manager temporary
files, but nowadays it has become a generic tool for managing
all kinds of files. To avoid user confusion, let's remove "temporary"
from the tool's description.
man: describe setting of the clock by systemd and systemd-timesyncd
The setting of systemd clock is important and deserves an accurate description,
see for example:
https://discussion.fedoraproject.org/t/f38-to-f39-40-dnf-system-upgrade-can-fail-on-raspberry-pi/92403
https://bugzilla.redhat.com/show_bug.cgi?id=2242759
The meat of the description was in systemd-timesyncd.service(8), but
actually it's systemd that sets the clock. In particular, systemd-timesyncd
doesn't know anything about /usr/lib/clock-epoch, and since systemd sets
the clock to the epoch when initializing, systemd-timesyncd would only
get to advance the clock to the epoch under special circumstances.
Also, systemd-timesyncd is an optional component, so we can't even rely
on its man page being installed in all circumstances. The description needs
to be moved to systemd(1).
The description is updated to describe the changes that were made in
previous commits.
manager: add structured log message about clock bump
Requested in https://github.com/systemd/systemd/pull/33214#discussion_r1630251308.
Also, reword error messages a bit. When /usr/lib/clock-epoch was introduced,
"build time" stopped being acurate. Just say "epoch" instead.
The same message ID is used in the manager and timesyncd. The event is
essentially equivalent for the user, and it seems reasonable that to search for
both at the same time.
The catalog entry is dropped. It provided almost no additional information above
the message. When the same message ID is now applied to messages from PID1 and
timesyncd, and the clock can be both advanced and rewound, it becomes very hard
to make the catalog entry provide something useful, because catalog entries don't
allow conditionalization.
We would attempt to take the built-in epoch twice. Since
advance_tstamp() is only called from one place, we don't need to do that.
Also, just pass usec_t instead of a pointer to stat buf.
Don't say we set the clock to "recorded timestamp" if we just set it
to the built-in epoch. Also, consistently say "advance" to make it clear
that we'll not attempt to rewind the clock here.
If we're updating on a system with an invalid clock, and we're installing
a newer system version with a higher update, adjust the clock. This
way the invariant that the clock is always later than
max(compile time, timestamp file, other timestamp file) is maintained.
Also, adjust the wording of messages. When /usr/lib/clock-epoch was
introduced, "build time" stopped being acurate. Just say "epoch" instead.
manager: use max of: compile epoch, epoch file, timesyncd file
Previously systemd would not use /var/lib/systemd/timesync/clock. This means
that even if /var/ is mounted when systemd is started and the file is
available, we would potentially make one time jump and than another time jump.
From a user's POV, this doesn't seem useful at all.
Also, we would always let /usr/lib/clock-epoch take priority over the built-in
epoch. But there is no guarantee that this file is actually fresh. In
particular, a user may touch /usr/lib/clock-epoch to work around a broken clock
during installation (as recommended in [1]), and then this file will grow stale
over time.
So just load the three timestamps and use the highest one as the epoch.
json: extend JsonDispatch flags with nullable and refuse-null flags
currently when dispatching json objects into C structs we either insist
on the field type or we don't. Let's extend this model a bit: depending
on two new fields either allow or refuse null types in addition to the
specified type.
This is useful for example when dispatch enums as this allows us
explicitly refuse null in various scenarios where we allow multiple
types.
pretty-print: enable stdio buffering while outputting progress bar
Writing the progress bar so far was irritatingly slow, which was caused
by the fact that the various things we output so far resulted in one
write() syscall each because STDERR is unbuffered by default.
Let's fix that, and temporarily turn on full buffering for stderr,
restoring the normal unbuffered output right after.
This makes progress bar print visibly more efficient (and flicker free
too, since terminals no longer will move the cursor around during
output).
../src/shared/loop-util.c: In function ‘loop_configure_fallback’:
../src/shared/loop-util.c:237:31: error: ‘LOOP_SET_BLOCK_SIZE’ undeclared (first use in this function); did you mean ‘LOOP_SET_DIRECT_IO’?
if (ioctl(fd, LOOP_SET_BLOCK_SIZE, (unsigned long) c->block_size) < 0)
^~~~~~~~~~~~~~~~~~~
LOOP_SET_DIRECT_IO
Nick Rosbrook [Fri, 14 Jun 2024 21:31:22 +0000 (17:31 -0400)]
man: add a bit of a warning to systemd-tmpfiles --purge
Mention that by default, /home is managed by tmpfiles.d/home.conf, and
recommend that users run systemd-tmpfiles --dry-run --purge first to
see exactly what will be removed.
pcrlock: move event_log_reduce_to_safe_pcrs() down a bit
Let's keep the verb_lock_xyz() and verb_unlock_xyz() calls together, and
move event_log_reduce_to_safe_pcrs() which so far was in betwee them all
further down closer to where the function is actually used.
pcrlock: don't override conf_root parameter for boot_entry_token_ensure()
if we pass NULL boot_entry_token_ensure() will use its own default,
which is the same as what we passed so far explicitly, hence let's make
use of that.
vmspawn: report "systemd-vmspawn" as "service" to machined
The "service" field that one is supposed to pass to machine is supposed
to indicate the implementation of the client, not the service unit the
client runs in (which is typically even a scope unit, not a system
unit). Hence fix that, and make it closely match what systemd-nspawn
does.
Mike Yuan [Thu, 23 May 2024 14:19:05 +0000 (22:19 +0800)]
pidref: record pidfd inode number in PidRef struct
Besides internal comparisons, the inode number of pidfds
might be interesting directly to users, too. In the future
this field should also be exposed, so that it can serve as
a unique identifier of a process (but only for display,
as there's no method to map this back to a pid or pidfd).
copy: rework how we determine the number of bytes to copy in copy_bytes_full()
Let's freshly calculate "m" on each iteration and always start with the maximum
size we can. If sendfile() is used we must adhere to its limit of
SSIZE_MAX minus the current offset. Otherwise we can copy more, i.e.
SSIZE_MAX without any restrictions.
Also, if we get too close to having copied SSIZE_MAX, let's turn off
sendfile() for the rest.
iovec-util: add exported constant empty but valid (i.e. non-NULL) iovec
Also, make sure the NUL byte iovec becomes an exported constant too.
This is better than the previous situation where this was a macro
resolving to a compount expression, since the lifetime of the expression
is limited to its invoking scope. By turning this into a proper variable
the lifetime becomes unbounded, which makes it easier to use in various
scenarios, such as "if" blocks.
Kamil Szczęk [Fri, 7 Jun 2024 14:48:41 +0000 (16:48 +0200)]
cryptsetup: manual FIDO2 PIN, UP and UV configuration
When in FIDO2 mode with manual parameters, i.e. when not reading the
parameters off the LUKS2 header, the current behavior in regards to PIN,
UP and UV features is to default to v248 logic, where we use PIN + UP
when needed, and do not configure UV at all. Let's allow users to
configure those features in manual mode too.
projects / thirdparty / systemd.git / log
