Mike Yuan [Fri, 27 Feb 2026 11:11:33 +0000 (12:11 +0100)]
core/exec-invoke: make fd array sizing less error-prone
History has clearly shown that we're terrible at keeping
the size of the dont_close array up-to-date. Hence let's
step away from a hardcoded max size for that, instead
always collect all fds in the array initializer and
let compiler figure it out, taking advantage of the fact
that close_all_fds() gracefully handles invalid fds in
the 'except' array.
It is part of the keep_fds array already, which is intended
for fds that need to survive until the very end of executor
runtime, i.e. across the second close_all_fds() call.
Mike Yuan [Sat, 28 Feb 2026 21:48:14 +0000 (22:48 +0100)]
core/exec-invoke: fix potential double close of socket/bpffs fds on failure
The owned fds should be closed before close_all_fds() along the lines
of exec_params/runtime_close(), otherwise they would be left dangling
afterwards.
Luca Boccassi [Fri, 27 Feb 2026 17:27:30 +0000 (17:27 +0000)]
Translations update from Fedora Weblate (#40876)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
Add the missing 'mstack' value to the ImageType enum in the
io.systemd.sysext Varlink IDL — image_type_table in discover-image.c
already defines IMAGE_MSTACK = "mstack" but it was absent from the IDL.
Export vl_type_ImageType so the test can reference it, and add
TEST_IDL_ENUM(ImageType, ...) to the enums_idl test to catch
similar regressions in the future.
noxiouz [Fri, 27 Feb 2026 00:02:12 +0000 (00:02 +0000)]
import: fix AlreadyInProgress Varlink error missing remote field
The handler sends the remote URL as a parameter via sd_varlink_errorbo()
but the IDL declared the error with no fields, making the payload
undiscoverable via introspection.
Luca Boccassi [Thu, 26 Feb 2026 14:47:39 +0000 (14:47 +0000)]
Translations update from Fedora Weblate (#40842)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
core/socket: fix reversed symlink direction in error message
After the update to 260-rc1 in Fedora Rawhide, we get a lot of messages like
this:
systemd[1]: systemd-resolved-monitor.socket:
Failed to create symlink /run/systemd/resolve/io.systemd.Resolve.Monitor →
/run/varlink/registry/io.systemd.Resolve.Monitor, ignoring: Permission denied
The actual issue will need to be fixed too, but let's fix the message first.
While at it, let's rename the variables to be meaningful.
Luca Boccassi [Wed, 25 Feb 2026 23:12:28 +0000 (23:12 +0000)]
mkosi: explicitly add mount package to build image
Some dependency changed in testing and it's not pulled in anymore:
‣ Running build script /home/runner/work/systemd/systemd/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot…
/work/build-script: line 35: mount: command not found
‣ /work/build-script failed with non-zero exit code 127
‣ (Maybe a program was not found or the script interpreter (e.g. bash) is not installed?)
FAILED: [code=127] mkosi
Luca Boccassi [Tue, 24 Feb 2026 21:09:26 +0000 (21:09 +0000)]
Install hwids in /usr/lib/systemd/boot/hwids/<EFI_ARCH>/
These are meant to ship with ukify, in the same package,
so install them when ukify is enabled. Given they are
hardware-specific, use a per-arch subdirectory to make it
easier to enable them by default in ukify.
Tobias Heider [Mon, 2 Feb 2026 11:08:46 +0000 (12:08 +0100)]
boot: import Snapdragon device hwid json files
Add hwids json files for Snapdragon devices that use of this
feature since they don't ship with devie trees embedded in firmware.
The json files were originally generated for Ubuntu stubble and
are kown to work since they ship in all Ubuntu arm64 ISOs by default.
Some of the devices might not be supported in mainline Linux yet
and use preliminary compatible strings.
* 23a1c1fed9 Install /usr/lib/systemd/boot/hwids/ in ukify package
* 985170fdc6 Version 259.1
* 2e10d7da1e Revert getty changes a bit harder
* 96c683c3de Revert all remaing changes to getty@.service
* 24a305a398 Revert to previous handling of getty@.service
* 6a500eb814 Create getty@tty1.service again and move autovt@.service alias to /usr/lib
* 88bd4ab206 Properly enable systemd-tmpfiles-clear.service in scriptlets
* d9f3f02206 Raise the number of placeholder sections in kernel and addon stubs
* e301db0151 Stop enabling getty@tty1.service
* a1c33507a2 Fix unit names in systemd-udev scriptlet
* b7b3e024d6 Enable getty@.service through presets
* ec5e1b1ed7 Move tpm2 and getty support to -udev subpackage
* 9c9976a7f8 Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* f353d244fd Add 2 patches for automatic aarch64 DTB selection change
* 399885597c Revert "Disable sysinit-path for upstream builds"
Luca Boccassi [Wed, 25 Feb 2026 11:16:28 +0000 (11:16 +0000)]
mkosi: add groupadd/groupmod to ASAN wrappers list
TEST-74-AUX-UTILS.sh[3789]: + groupadd haldo
TEST-74-AUX-UTILS.sh[3875]: ==3875==ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.
Mike Yuan [Tue, 24 Feb 2026 18:40:14 +0000 (19:40 +0100)]
core/namespace: clean up append_private_tmp() a bit
With the previous changes the modes for /tmp/ and /var/tmp/
may come in arbitrary directions, i.e. we may downgrade one
and upgrade another. Hence let's refactor the setup logic
a bit so they're truly independent.
core: simplify requirements in unit_get_private_var_tmp() to just After=
As in the previous commit, checking for both requirements and ordering seems
unnecessary. In practical cases, the mount will be pulled in by the rest
of the transaction, so ordering is the part that matters. (The setup is
racy without the ordering.) If we drop the second check, the admin can
just use After=tmp.mount to achieve the desired behaviour, without needing
to explicitly pull in the unit. This is easier to configure and more robust.
core: upgrade /tmp when PrivateTmp=yes/DefaultDeps=no to disconnected
In https://github.com/systemd/systemd/issues/28515, multiple people report that
services that have PrivateTmp=yes and DefaultDependencies=no fail to create the
temporary directories under /tmp, when /tmp is e.g. a bind mount or some other
kind of mount that takes more time.
Before PrivateTmp=disconnected was added, we didn't have a nice solution:
DefaultDependencies=no is used to start services very early, so we wouldn't
want to add a dependency on /tmp automatically. With PrivateTmp=disconnected we
have a fairly nice solution. Let's "upgrade" to this mode automatically.
Strictly speaking, it is a small compat break, but in practice it's unlikely to
matter for early-boot services whether their /tmp is private or disconnected.
The dependency on /tmp that is checked is After. I think this is enough,
since any tmp.mount would be pulled in by local-fs.target and the rest of
the transaction anyway, so we don't need to check more than After.
The asserts are relaxed, because now the two settings can now diverge
in either way.
Mike Yuan [Tue, 24 Feb 2026 22:11:55 +0000 (23:11 +0100)]
core/execute: stop looking at ExecSharedRuntime to determine PrivateTmp= state
The only reason why ExecSharedRuntime.(var_)tmp_dir might
be suppressed is when (/var)/tmp/ is listed in InaccessiblePaths=,
in which case mount namespace is needed anyways. Moreover,
the current logic imposes a chicken-and-egg problem:
at various places in pid1 we'd need to check whether
the unit runs in a mountns, but the ExecSharedRuntime
may not be allocated for it just yet.
Mike Yuan [Wed, 25 Feb 2026 08:23:50 +0000 (09:23 +0100)]
core/namespace: two fixes for namespace_cleanup_tmpdir()
* Make sure we're not passing NULL to rmdir()
* Remove the inner "tmp" subdir as well, so that callers
can handle this transparently (e.g. exec_shared_runtime_make()
is not aware of the nested rmdir() requirements)
Nick Rosbrook [Mon, 23 Feb 2026 20:25:27 +0000 (15:25 -0500)]
seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default
These syscalls are part of a newer kernel API to replace interaction
with /proc/self/attr, with the goal of allowing LSM stacking. These are
being used now by e.g. libapparmor, so should be more easily available
to services using seccomp filtering.
Daan De Meyer [Fri, 20 Feb 2026 13:16:48 +0000 (14:16 +0100)]
nspawn: Add support for delegated UID ranges
We expose this via --private-users-delegate= which takes the number of
ranges to delegate. On top of delegating the ranges, we also mount in
the nsresourced socket and the mountfsd socket so that nested containers
can use nsresourced to allocate from the delegated ranges and mountfsd to
mount images.
Finally, we also create /run/systemd/dissect-root with systemd-tmpfiles to
make sure it is always available as unpriv users won't be able to create it
themselves.
Luca Boccassi [Fri, 20 Feb 2026 19:28:34 +0000 (19:28 +0000)]
test: avoid hanging forever waiting for udev if not a booted system
test_sd_device_enumerator_filter_subsystem hangs forever in OBS builds,
as it waits for the udev queue to be drained. But this is not a booted
system, with systemd and udev, so nothing will do that.
Skip the test in that case.
projects / thirdparty / systemd.git / log
