Daan De Meyer [Sun, 14 Dec 2025 12:34:17 +0000 (13:34 +0100)]
namespace: Clone root dir descriptor before use (#39939)
Before doing anything with the root directory file descriptor, let's
make sure we clone it first so that the caller can't mess with mount fd
attributes via mount_setattr() anymore.
We clone during parsing instead of in executor so that the caller can't
mess with the mount fd between invocations.
Daan De Meyer [Fri, 28 Nov 2025 19:28:01 +0000 (20:28 +0100)]
namespace: Clone root dir descriptor before use
Before doing anything with the root directory file descriptor, let's
make sure we clone it first so that the caller can't mess with mount fd
attributes via mount_setattr() anymore.
We clone during parsing instead of in executor so that the caller can't
mess with the mount fd between invocations.
Daan De Meyer [Fri, 28 Nov 2025 18:06:37 +0000 (19:06 +0100)]
mount-util: Add mount_fd_clone() helper
The kernel prevents you from open_tree()'ing an open_tree() fd unless it
was created from the caller's mount namespace. For various use cases, we
want to be able to open_tree() arbitrary mount file descriptors. Turns
out there's a way go get around it by mounting the mount file descriptor
in a throw-away mount namespace and then open_tree()'ing the mount file
descriptor. Let's implement this as a new helper mount_fd_clone() and
add a test for it.
Because move_mount()'ing the original fd makes it pretty useless as it
can't be move_mount()'ed again, we optionally make a second clone which
can replace the original fd so it can be cloned again later.
Daan De Meyer [Wed, 3 Dec 2025 10:08:56 +0000 (11:08 +0100)]
discover-image: Rework image_make()
Currently, image_new() will calculate the image
path as the combination of dir_path and filename,
which is completely broken if filename is absolute
and dir_path is set.
Let's fix this by thoroughly cleaning up the
image_make() interface. Instead of having four
different arguments to pass in the image path,
let's reduce that to two, a file descriptor and a
path. If no file descriptor is provided, we create
own ourselves by opening the given path.
The callsites are updated to pass in an existing file
descriptor when available. Path calculation is moved
to callers instead of image_make().
Daan De Meyer [Thu, 11 Dec 2025 16:21:08 +0000 (17:21 +0100)]
tree-wide: Use meson test -q
meson test output is extremely verbose, printing
a separate line for each successful test. Let's
add -q/--quiet everywhere so it only prints full
lines for skipped and failed tests.
As commented, the unknown values should have been filtered out
in pid1's initial parsing already, and the communication between
pid1 and executor is entirely internal which makes the graceful
practice counterproductive.
Luca Boccassi [Thu, 11 Dec 2025 05:38:26 +0000 (05:38 +0000)]
core: gracefully skip unknown policy designators in RootImagePolicy et al (#40060)
Usually we gracefully ignore unknown configuration parameters, so that
service files can be written by upstreams and used across a variegated
range of distributions with various versions of systemd, to avoid
forcing users to the minimum common denominator and only adding settings
that are supported by the oldest distro supported.
Image policies do not behave like this, and any unknown partition or
policy designator causes the whole unit to fail to parse and a hard
error.
Change it so that parsing RootImagePolicy and friends via unit file or
D-Bus logs but otherwise ignores unknown specifiers, like other options
do.
This allows us to add new specifiers in the future, and users to adopt
them immediately.
Daan De Meyer [Wed, 3 Dec 2025 12:36:52 +0000 (13:36 +0100)]
test: Stop using grep -q in integration test
When a TTY is attached to the test unit, grep -q will generate SIGPIPE
for the previous command in the pipeline which in combo with `pipefail`
will cause the command to fail with exit status 141 which will fail the
test.
Replace with >/dev/null to avoid this from happening.
See also https://www.gnu.org/software/grep/manual/html_node/Usage.html
> There is a related problem with Bash’s set -e -o pipefail. Since grep
> does not always read all its input, a command outputting to a pipe read
> by grep can fail when grep exits before reading all its input, and the
> command’s failure can cause Bash to exit.
tar-util: allow to build without acl support (#39965)
This adds minimal definitions provided by libacl to make tar-util built
without libacl support.
Fixes the following compile error:
```
../src/shared/tar-util.c:62:9: error: unknown type name 'acl_t'
62 | acl_t acl_access, acl_default;
| ^~~~~
```
hwdb: sensor: Remove Lenovo IdeaPad D330 accel mount matrix
Reading values from iio-sensor we are getting bad values. This matrix was added because the panel was a vertical one but the normal position is horizontal and the sensor is not bad oriented.
Removing the matrix ensure we have correct orientation values and prevent from misleads where the incorrect values we were getting messed up.
For example mutter actually is setting incorrect screen rotation for devices with panel orientation quirks.
I'm pretty sure that there are more devices where we have incorrectly "corrected" the sensor values when the only problem was the panel orientation.
Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
resolve: always read /etc/resolv.conf on reload systemd-resolved
When systemd-resolved is used in resolv.conf foreign mode, reloading the
systemd-resolved daemon does not read resolv.conf when not touched since
the last time resolved read the file. Since the DNS servers list is
flushed during a reload, resolved forgets about the servers
in /etc/resolv.conf
When reloading the daemon it is expected that all configuration is
reloaded regardless of the disk timestamps.
Ricardo Salveti [Tue, 9 Dec 2025 19:55:57 +0000 (04:55 +0900)]
boot: handle empty initrd files (#40040)
Commit f8fa4222c9ac3e74e91c64e25e9532c99559cf99 added extra logic to
account for the size of the initrds before allocating the required memory pages,
but missed checking if the initrds were empty before allocating memory.
Extend the initrd options only when the initrd is valid, and add extra
check for validating that there is at least one valid initrd file before
allocating memory, fixing the following crash when booting with empty
initrd files:
Jeremy Kerr [Tue, 9 Dec 2025 13:22:55 +0000 (22:22 +0900)]
udev-builtin-net_id: fix construction of USB specifier-based names
Commit 0bac1ed242 ("tree-wide: Fix constness issues with newer glibc")
split a temporary var in get_usb_specifier to const and non-const
versions, but missed converting a couple of uses. This means we get
names of with components of:
port: uN
config: cC.I
interface: iC.I
instead of:
port: uN
config: cC
interface: iI
This results in net names like enu1c1.0i1.0, as we also no longer hit
the config==1 and interf==0 elision cases.
Change the config portion handling to start from the correct position,
and the earlier check for NULL.
Lukáš Zaoral [Mon, 8 Dec 2025 14:42:40 +0000 (15:42 +0100)]
ukify: prefer compression.zstd when available
Python 3.14 introduced support for zstd in the standard library [1]. Therefore,
let's prefer it when available to decrease the number of necessary external
dependencies.
David Tardon [Fri, 5 Dec 2025 12:09:16 +0000 (13:09 +0100)]
find-esp: replace assert by a runtime check
The path--as a whole--is no longer being opened with O_DIRECTORY, hence
the assertion is not valid.
Reproducer:
# SYSTEMD_RELAX_ESP_CHECKS=1 bootctl list --esp-path=`pwd`/README
Assertion 'S_ISDIR(sxa.stx_mode)' failed at src/shared/find-esp.c:295, function verify_fsroot_dir(). Aborting.
q66 [Sat, 6 Dec 2025 16:53:29 +0000 (17:53 +0100)]
meson: drop ln --relative check
The coreutils release that included this was in 2012. Since then,
systemd requires a newer meson, mostly uses install_symlink, and
so on. Additionally, where it does use this feature, it uses the
'-r' short flag. There are implementations of 'ln' that do have
support for '-r' but no longopts. Things will still work on those
but this check will fail.
* 5a476a92de Use Path.relative_to instead of Path.parts
* 03f41faf9f Update doc for mkosi ssh to mention sd v256 sshd-vsock
* e054976d18 Rewrite note on fw deps of kernel modules in manpage
* a046243a50 Add python3-pefile to fedora tools conf
* 0bab54087e Fix truthy condition
* 01c38544b2 code review
* 563dca41da code review
* 6074d14c0e code review
* 7e842db3b1 Don't discard ordering of include/exclude entries in KernelModules=
* 0047b64785 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6
* f13325bc4b build(deps): bump actions/checkout from 5.0.0 to 6.0.0
* 9ac31d1795 Add zram and nfnetlink to default initrd
* 4bdb47b6da verity: copy signing certificate to /usr/lib/verity.d/
* 8865afde9e Improve manpage output using pandoc lua filter (#4005)
* a425313c58 Pass environment to systemd-sysusers invocation
* 23f09d5de7 Make Ruff check for dangling whitespace
* abeed73d13 qemu: Add missing sandbox
* a05872e523 Ssh=yes maps to Ssh=always, update the manpage
* 79489534ca Warn of mkosi's sshd lacking support in distros' SElinux policy
* 696f99da43 Manpage: Update supported output formats
* 21675c4822 Silence swtpm SHA1 signature deprecation warning
* df53510982 DOC: update Ssh= to note sd-v256+ already generates sshd-vsock
* 50ccef7926 Configure default tools tree with ToolsTree=yes
* 0b701c690d opensuse: do not install openSUSE-release for Leap >= 16.0
* 4bababf421 opensuse: fix mirror URL for Leap >= 16.0
* c43123398c config.py: add config_default_proxy_exclude()
* 07a0a2be67 installer: Only mount configured state subdirs into sandbox
* d5efbf6f8c build(deps): bump github/codeql-action from 3.30.5 to 4.31.2
* 2912ed20d5 PTY forward fixes
* 66dab75259 sandbox: Drop all capabilities that don't make sense in userns
* 8fe5df4400 Respect SYSTEMD_TINT_BACKGROUND and SYSTEMD_ADJUST_TERMINAL_TITLE
* b9d208789d log: Drop konsole hack
* 7fa6eac65c Clarify that mkosi.images is not picked up in mkosi.conf.d
* 08a0f768dd vmspawn: Support BindUser=
* c7c3eaee4e mkosi-vm: Enable universe repository for ubuntu in mkosi-vm
* 688e77f1a8 vmspawn: Use --grow-image
* c47b7fe57b arch: Switch to the newly established fastly mirror
* 7db8f2cda3 Match compressed pacman packages too
* e3b3b93c50 Prevent using Overlay=yes with Format=portable
* 83a25324b3 Make sure apt sources are installed when BaseTrees= is in the mix
* f6fa2fd6a0 test: add unit tests for parents_below() utility function
* 1eafbd8d03 Don't print newlines in stash_terminal_title()
* bbaf92b50e Don't print newline after ansi sequences
* d1b84f5fb3 Look for .sdmagic before we consider a PE binary a UKI/addon
* b4efdbf14e Treat /opt the same as /usr for the sandbox
* 71ffced0f1 Rework PACKAGE_GLOBS to be a PackageManager classmethod
* 29605c2757 Various SPDX and whitespace fixes
Morgan [Sun, 7 Dec 2025 00:48:49 +0000 (09:48 +0900)]
logind: fix initial button state is not fetched when device is registered late (#39978)
If buttons that are not initialized from manager_startup() due to still
being processed by udev, the initial state is not checked. (commit 405be62f05d76f1845f347737b5972158c79dd3e)
This caused a problem which initial "close" state being not recognized
if lid switch of some system getting initialized later.
test: support coreutils built with --enable-single-binary=symlinks
Alpine/postmarketOS build coreutils with --enable-single-binary=symlinks.
In that case, all commands provided by coreutils are symlink to
/usr/bin/coreutils, and it calls prctl(PR_SET_NAME, argv[0]), hence the comm
will be the path to the symlink.
This also makes not kill sleep command with SIGKILL in TEST-17-UDEV, that is
totally unnecessary.
Yu Watanabe [Mon, 24 Nov 2025 15:48:16 +0000 (00:48 +0900)]
TEST-75-RESOLVED: move test cases for NFTSet= to TEST-07-PID1
The test cases are not related to systemd-resolved.
While moving the test cases, now userdbctl is used for obtaining UID/GID
for the dynamic user, as musl does not support nss module, hence getent
does not provide information about the dynamic user.
Yu Watanabe [Wed, 26 Nov 2025 13:44:14 +0000 (22:44 +0900)]
TEST-35-LOGIN: fix bus path when the session does not have corresponding audit session
If there is no corresponding audit session, then the session ID is
prefixed with 'c', and in that case the session ID should be used as is
in bus path.
Yu Watanabe [Mon, 24 Nov 2025 04:37:04 +0000 (13:37 +0900)]
test: always use bash
If sh is not bash, some builtin command behave slightly differently.
E.g. if sh is provided by busybox, its builtin test command does not check if
the path is a mount point or not, and 'test -w' only checks the access mode of
the inode. So, even if a readonly filesystem is mounted on a directory,
the test command may succeed.
To avoid such confusion, let's unconditionally use bash.
Yu Watanabe [Sat, 6 Dec 2025 00:24:55 +0000 (09:24 +0900)]
Add 82-net-auto-link-local.{hwdb,rules} to build system and add BMC USB-to-USB links to hwdb (#40006)
Using systems with ADLINK COM-HPC-ALT, ASRock Rack ALTRAD8UD-1L2T and
AMPONED8-2T/BCM boards, there's an issue due to the internal network
connection between the BMC and host, which runs over USB (i.e. Linux
running on the BMC configures a USB gadget ethernet device, with a link
local address).
With the default configuration on Ubuntu (I'm using 25.10),
NetworkManager repeatedly tries to get an address for the interface
using DHCP, resulting in an "Activation of network connection failed"
notification every minute or two.
Add 82-net-auto-link-local.hwdb and 82-net-auto-link-local.rules to the
build system and update 82-net-auto-link-local.hwdb to add the USB
device vendor/product pairs I've seen on the various systems I have with
Ampere Altra and AmpereOne CPUs.
Rebecca Cran [Fri, 5 Dec 2025 18:25:15 +0000 (11:25 -0700)]
hwdb: Add BMC USB-to-USB link devices to 82-net-auto-link-local.hwdb
Add BMC USB-to-USB Ethernet gadget devices found on ASRock Rack and
ADLINK boards containing Ampere Altra and AmpereOne CPUs to
82-net-auto-link-local.hwdb. Update 20-usb-vendor-model.hwdb with
devices which were missing.
Rebecca Cran [Fri, 5 Dec 2025 18:20:05 +0000 (11:20 -0700)]
hwdb,rules: add 82-net-auto-link-local.{hwdb,rules} to build
Update hwdb.d/meson.build and rules.d/meson.build to add the
82-net-auto-link-local.{hwdb,rules} files into the build. Commit ec541c569bd19bbb81791139371111a9a7f1a3d8 in 2023 added the files
but didn't add them to the build system.
David Tardon [Fri, 5 Dec 2025 14:17:13 +0000 (15:17 +0100)]
udev-rules: use the right variable
We carefully prepare a copy of a local buffer to save in device cache
and then save the buffer there instead... This leads to abort in free()
on exit (also, copied is leaked).
Luca Boccassi [Fri, 5 Dec 2025 11:58:34 +0000 (11:58 +0000)]
pid1: do not fail if dlopen of libmount fails because it is not compiled in
It is now possible to build and run without libmount. But if support
is compiled in, then we need to be able to load it. Hence gracefully
skip it when support is not compiled in, but fail otherwise.
Luca Boccassi [Fri, 5 Dec 2025 11:54:27 +0000 (11:54 +0000)]
Reapply "pid1: pull in libmount unconditionally"
It was actually intended to load libmount very early, as it is
needed by more than just mount units, such as umount_recursive(),
bind_remount_recursive(), get_sub_mounts(), etc.
Luca Boccassi [Fri, 5 Dec 2025 14:24:23 +0000 (14:24 +0000)]
Translations update from Fedora Weblate (#39998)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
machined: add description to varlink server, unify error messages
manager_varlink_init_resolve_hook and manager_varlink_init_userdb are very
similar, but one didn't set a description and the other one had an error
message which didn't print the offending path.
Define constants for the paths, and also change other similar constants
to have slightly shorter names. (It's an "address" and "path", but we don't
need to have both parts in the name, esp. that it makes the name very long.)
Yu Watanabe [Sun, 30 Nov 2025 02:10:02 +0000 (11:10 +0900)]
musl: introduce wrappers for getopt() and getopt_long()
musl's getopt_long() behaves something different in handling optional arguments:
```
$ journalctl _PID=1 _COMM=systemd --since 19:19:01 -n all --follow
Failed to add match 'all': Invalid argument
```
This introduces getopt_long_fix() that reorders the passed arguments to make
getopt_long() provided by musl works as what we expect.
Also, musl's getopt() always behaves POSIXLY_CORRECT mode, and stops parsing
arguments when a non-option string found. Let's always use getopt_long().
projects / thirdparty / systemd.git / log
