libtss2-tcti-device0 is not installed by default in the openSUSE
image, but is now required when building the test image. Without it,
the build fails with
```
Shared library 'libtss2-tcti-device.so.0' is not available:
libtss2-tcti-device.so.0: cannot open shared object file: No such file or directory
```
Yu Watanabe [Mon, 23 Mar 2026 05:55:57 +0000 (14:55 +0900)]
networkd: replace D-Bus with Varlink in networkctl (#40780)
networkctl previously called networkd over D-Bus for several operations.
This replaces all of those calls with Varlink, making it the sole IPC
mechanism between networkctl and networkd.
New Varlink methods added to networkd:
- io.systemd.Network.Link (new sub-interface for link-specific
operations):
Supporting changes:
- link_get_bit_rates() extracted from networkd-link.c into
networkd-speed-meter.c
- BitRates added to link_build_json() so Link.Describe returns them
inline
alongside the existing interface description, replacing a separate D-Bus
read
- link_reconfigure_full() and manager_reload() extended to accept
sd_varlink*
for deferred async replies (consistent with existing sd_bus_message*
path)
- DHCP lease display (networkctl status) uses Link.Describe instead of
DHCPServer.Leases; falls back to ClientId when hostname is not present
mips: Fix conditional inclusion of <asm/sgidefs.h>
systemd now has a system call wrapper that does a long series of #ifdef's to
differentiate between architectures and ABIs. This wrapper has two problems.
1. On mips, it needs to differentiate between O32, N32, N64 ABI. It does that
via a code block in src/include/override/sys/generate-syscall.py (and derived
files):
Now the _MIPS_SIM* constants stem from a vendor-specific header file sgidefs.h,
which is included with glibc, but not with musl. It is however always present
in the Linux kernel headers as asm/sgidefs.h ...
2. To work around this, the syscall wrapper already has a block
Turns out, ARCH_MIPS is defined nowhere in Gentoo, neither on glibc nor on musl.
As a result the code (by accident, probably sgidefs.h is included transitively
somehow) works on glibc, but not on musl.
The simplest fix is to replace line 47 in the generator and the derived file
with
47 #ifdef __mips__
Two other source code files require a similar fix since they rely on the
constants.
Bug: https://github.com/systemd/systemd/issues/41239
Bug: https://bugs.gentoo.org/971376 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Yu Watanabe [Sun, 22 Mar 2026 14:39:38 +0000 (23:39 +0900)]
dhcp: fix user class and vendor specific option assignment
The commit 6d7cb9a6b8361d2b327222bc12872a3676358bc3 fixes the assignment
of the these options when specified through SendOption=. However, it
breaks when specified through UserClass= or SendVendorOption=.
When UserClass= or SendVendorOption= is specified, the option length is
calculated from the sd_dhcp_client.user_class or .vendor_options. Hence,
we can use 0 for the length in that case.
Michael Vogt [Sat, 21 Mar 2026 21:36:20 +0000 (22:36 +0100)]
core: allow unset pidref in manager_log_caller
This commit allows unset pidref when calling manager_log_caller().
With that we can log manager calls even if we cannot resolve the
caller. Currently when we cannot resolve the caller we are just
not logging anything. With this commit we at least log the call
(even though we don't know what caller it was).
Michael Vogt [Sat, 21 Mar 2026 21:12:02 +0000 (22:12 +0100)]
core: extract varlink_log_caller() helper
Extract a common helper varlink_log_caller() and use in the varlink
code when logging the caller of a method. It also logs the method
now that was tried (but failed) to be logged with log_notice just
like manager_log_caller() would do.
I was looking into modifying `manager_log_caller` instead and
accept a NULL pidref but could not log more than the method without
pidref and would make the manager_log_caller slightly less nice.
This adds the low-level io.systemd.Manager shutdown support. This
is (much) simpler than the logind one. It mimics dbus but uses
a shared helper for the simple cases.
Note that this is more restrictive than the dbus version. The
dbus version uses SD_BUS_VTABLE_CAPABILITY(CAP_SYS_BOOT) but
the varlink version uses varlink_check_privileged_peer(link).
This is mostly because I'm not sure how to do the equivalent
in a race-free way.
Oblivionsage [Sat, 21 Mar 2026 16:43:50 +0000 (17:43 +0100)]
dns-packet: move p->more unref into the free path
dns_packet_unref() unconditionally unrefs p->more on every call,
even when n_ref > 1. But dns_packet_ref() doesn't ref p->more.
This means if a packet with a ->more chain gets ref'd and unref'd
multiple times, the chain gets freed too early while the parent
still holds a dangling pointer.
Move the p->more unref into the n_ref == 1 block so the chain
only gets cleaned up when the packet is actually being freed.
Yu Watanabe [Tue, 10 Mar 2026 23:50:24 +0000 (08:50 +0900)]
sd-dhcp-client: drop disabled FORCERENEW message support
FORCERENEW message support has been disabled so long time for security
concern. Most other implementations of DHCP server/client neither
support FORCERENEW. Let's completely drop relevant code.
Daan De Meyer [Fri, 20 Mar 2026 20:52:00 +0000 (21:52 +0100)]
reboot-util: Make clang-tidy happy if xenctrl is not installed
xenctrl is another library that's not widely available across distributions.
Let's make sure clang-tidy is happy with reboot-util.c if it is not
available.
Daan De Meyer [Fri, 20 Mar 2026 20:38:27 +0000 (21:38 +0100)]
selinux-util: Make clang-tidy happy if selinux is not available
Most of our libraries are available on all distributions so we don't
bother with making clang-tidy happy if the library is not available.
The one exception is selinux which isn't available on Arch. Let's
conditionalize the includes in selinux-util.c so that clang-tidy is
still happy on Arch where we can't install libselinux.
vlefebvre [Fri, 20 Mar 2026 14:25:09 +0000 (15:25 +0100)]
kmod-setup: load vsock_loopback alongside vsock
Loading vmw_vsock_virtio_transport early at boot causes vsock to be
resident before any application opens an AF_VSOCK socket. Because the
kernel skips autoloading when the vsock module is already present,
vsock_loopback never gets loaded automatically, and any subsequent
bind() to VMADDR_CID_LOCAL fails with EADDRNOTAVAIL.
Fix this by explicitly loading vsock_loopback on virtio or VMWare
machines via the new may_have_vsock_looopback() helper, wich covers both
vmw_vsock_virtio_transport and vmware_vsock_vmci_transport case.
vsock_loopback is the only module that registers a transport for
VMADDR_CID_LOCAL (CID 1) and has no hard dependency from any of the
vsock transport modules.
Daan De Meyer [Fri, 20 Mar 2026 13:14:28 +0000 (14:14 +0100)]
mountfsd: Add CAP_SYS_PTRACE and CAP_SYS_CHROOT
CAP_SYS_PTRACE for making sure we can open mount namespaces of
peers via /proc/<pid>/ns and CAP_SYS_CHROOT for making sure we can
join those mount namespaces.
David Tardon [Fri, 27 Feb 2026 12:29:44 +0000 (13:29 +0100)]
integritysetup: regularize conversion of integrity alg.
The number of integrity algorithms we handle whose names differ between
integritysetup and dm-integrity continually increases, so let's drop the
ad hoc conversion and use string tables.
In one of the reviews one of the LLMs noticed that the pragma is set but
never unset, so it remains in effect for the rest of the translation
unit. From the comment, it's not clear how old those "old compilers"
were, so let's try if things work without this workaround.
Nick Rosbrook [Fri, 20 Mar 2026 15:23:39 +0000 (11:23 -0400)]
socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()
It has been observed on some systems[1] that ssh-issue may print out:
Try contacting this VM's SSH server via 'ssh vsock%4294967295' from host.
i.e. it suggests connecting with VMADDR_CID_ANY, which is not valid. It
seems that IOCTL_VM_SOCKETS_GET_LOCAL_CID may return VMADDR_CID_ANY in
some cases, e.g. when vsock is not full initialized or so.
Treat VMADDR_CID_ANY as special in vsock_get_local_cid(), the same as
VMADDR_CID_LOCAL and VMADDR_CID_HOST, and return an error.
Nick Rosbrook [Fri, 20 Mar 2026 15:13:28 +0000 (11:13 -0400)]
ssh-proxy: return an error if user supplies VMADDR_CID_ANY
Right now, if a user tries to pass VMADDR_CID_ANY to systemd-ssh-proxy,
an assert is triggered:
$ ssh vsock%4294967295
Assertion 'cid != VMADDR_CID_ANY' failed at src/ssh-generator/ssh-proxy.c:21, function process_vsock_cid(). Aborting.
mm_receive_fd: recvmsg: expected received 1 got 0
proxy dialer did not pass back a connection
This is becauase the value returned from vsock_parse_cid is not checked
before being passed to process_vsock_string. Add a check to prevent
that.
sd-json: when parsing optionally insist top-level variant is object or array
Typically, the top-level JSON object has to be an object, in any json
document we parse, hence let's add a simple way to enforce that.
Make use of this in various places.
(Note, various other JSON parsers insist on this logic right from the
beginning, but I actually thinking making this insisting optional like
this patch does it is the cleaner approach)
Also, in general we prefer variables that are always defined over
checking with #ifdef, so #if defined(HAVE_NO_STACK_PROTECTOR_ATTRIBUTE)
is something that we want to avoid.
When Clang is used (which sets CONFIG_PAHOLE_HAS_BTF_TAG), btf_type_tag
support is enabled. As a result, an rcu type tag is added to
task_struct::cred:
meson: disable __attribute__((__retain__)) on old compilers
This attribute was introduced in gcc 11, and our baseline is currently
8.4. So let's allow using _retain_ everywhere, but make it into a noop
if not supported.
Using __has_attribute was suggested, but with gcc-11.5.0-14.el9.x86_64,
__has__attribute(__retain__) is true, but we get a warning when the
attribute is actually used.
Luca Boccassi [Fri, 20 Mar 2026 00:43:26 +0000 (00:43 +0000)]
test: skip D-Bus FD truncation test with dbus-daemon
dbus-daemon intentionally disconnects peers when FDs get
truncated. Detect it and skip it in that case, as the purpose
of the test is not to exercise the D-Bus implementation, but
our library.
When running with dbus-broker (Fedora, etc) we'll get full
coverage.
firstboot: permit setting the static hostname via a system credential
For the IMDS case there's value in being able to set the static
hostname, instead of just the transient one. Let's introduce
firstboot.hostname, which only applies to first boot, and write the
static hostname. This is different from system.hostname which applies to
any boot, and writes the transient hostname.
udev: tag DMI id device with "systemd", so that we can order units after it
For various usecases it is useful to read relevant data from the DMI
udev device, but this means we need a way to wait for it for this to be
probed to be race-free. Hence tag it with "systemd", so that
sys-devices-virtual-dmi-id.device can be used as synchronization point.
This is very similar to write_string_file_atomic(), but is intentionally
kept separate (after long consideration). It focusses on arbitrary
struct iovec data, not just strings, and hence also doesn't do stdio at
all. It's hence a lot more low-level.
We might want to consider moving write_string_file*() on top of
write_data_file_atomic_at(), but for now don't.
Michael Vogt [Wed, 18 Mar 2026 10:38:48 +0000 (11:38 +0100)]
shared: extract `socket_forward_new()` helper from socket-proxyd
This commit extracts the socket forwarding code from the existing
socket-proxyd into a new shared helper that will be used by the
varlinkctl protocol upgrade support code and is used as is in
the socket-proxyd.c.
It tries to keep the changes as small as possible, its mostly
renaming like:
* connection_create_pipes -> socket_forward_create_pipes
* connection_shovel -> socket_forward_shovel
* connection_enable_event_sources -> socket_forward_enable_event_sources
* traffic_cb -> socket_forward_traffic_cb
and a new socket_forward_new() that creates/starts the forwarding.
All log_error_errno() got downgraded to log_debug_errno().
Michael Vogt [Thu, 19 Mar 2026 15:05:52 +0000 (16:05 +0100)]
units: allow io.systemd.Hostname to be available earlier
Currently the varlink interface for hostname is only available
after sysinit. This means it is not available until systemd-firstboot
is finished. But there is information like the boot-id in there that
is useful to get early.
My use-case is to query the system early via the varlink-http-bridge
and currently I can't get data from io.systemd.Hostname until
systemd-firstboot is completed which is a bit limiting.
So to fix it this commit sets DefaultDependencies=no on both the socket
and service units.
It also changes hostnamed.c to use
bus_open_system_watch_bind_with_description() which means we will
reconnect once dbus is available. This mimics what resolved-bus.c
is doing (and which was originally introduced in d7afd945b).
tests: drop _weak_ from the SYSTEMD_TEST_TABLE definition
This will cause test binaries that reference SYSTEMD_TEST_TABLE,
e.g. by trying to iterate over the test list, to fail if no tests are
defined. I think this is the correct thing to do, as the lack of tests
indicates some kind of mistake.
This file was a bit strange… It was shoehorning a manual test into
the intro block and not using the rest of the TEST machinery. Let's
convert it into a normal executable with a run function as we do
in other similar cases.
systemd-timesyncd always runs as an unprivileged user via the service
file, so the code to resolve the systemd-timesync user, drop privileges
adjust file ownership/permissions, or even create the directory cannot
do anything useful and is unnecessary.
With the planned extraction of the socket-forward code its useful
to have a basic way to validate the functionality. So add a basic
test that ensures at least base functionality is intact.
test-time-util: restore relaxation of check is special timezones
Fixup for 514fa9d39ae9935ef1e014a3dd48dd5856007df2. We are now getting
failures in CI i386 builds in Fedora rawhide:
TZ=Europe/Lisbon, tzname[0]=WET, tzname[1]=WEST
@212545617716594 → Sun 1976-09-26 00:26:57 WET → @212542017000000 → Sun 1976-09-26 00:26:57 CET
src/test/test-time-util.c:450: Assertion failed: Expected "ignore" to be true
Restore the conditionalization for CAT, EAT, WET that was removed
in the refactoring.
Chris Down [Thu, 19 Mar 2026 13:15:44 +0000 (21:15 +0800)]
dissect-image: Consolidate verity validation and setup
The verity consistency checks and verity setup code also have parallel
blocks for root and usr that do basically identical work. Let's
consolidate them and reduce the footprint for bugs or deviance to
manifest.
Chris Down [Thu, 19 Mar 2026 13:10:21 +0000 (21:10 +0800)]
dissect-image: Merge partition handler code
dissect-image has six(!) different branches with basically the same
code. Let's avoid that and reduce the spaces for bugs or differing
behaviour to subtly creep in.
noxiouz [Thu, 19 Mar 2026 11:50:26 +0000 (11:50 +0000)]
network: add unmanaged interface checks to Link.Renew and Link.ForceRenew Varlink methods
The D-Bus counterparts (bus_link_method_renew, bus_link_method_force_renew)
reject calls on unmanaged interfaces with BUS_ERROR_UNMANAGED_INTERFACE,
but the Varlink methods silently succeed. Add the same guard to both
Varlink methods, returning io.systemd.Network.Link.InterfaceUnmanaged,
and declare the error in the IDL.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
In one of the reviews one of the LLMs noticed that the pragma is set but
never unset, so it remains in effect for the rest of the translation
unit. From the comment, it's not clear how old those "old compilers" were,
so let's try if things work without this workaround.
Daan De Meyer [Thu, 19 Mar 2026 10:34:25 +0000 (11:34 +0100)]
ci: Update prompt to reduce time spent re-checking comments
I noticed looking at the logs that claude spends a lot of time re-checking
existing comments, so let's update the prompt to hopefully reduce
the amount of comments that it re-checks.
Luca Boccassi [Wed, 18 Mar 2026 23:04:03 +0000 (23:04 +0000)]
userdb: add birthDate field to JSON user records (#40954)
Add an optional field that can be used to store a user's birth date.
userdb already stores personal metadata (`emailAddress`, `realName`,
`location`) so `birthDate` is a natural fit.
noxiouz [Sun, 22 Feb 2026 15:11:37 +0000 (15:11 +0000)]
network: extend link_reconfigure_full() and manager_reload() for Varlink
Add an sd_varlink* parameter to both functions so Varlink callers can
receive a deferred reply once all async work completes, symmetrically
with the existing sd_bus_message* path.
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
noxiouz [Sun, 22 Feb 2026 15:09:08 +0000 (15:09 +0000)]
network: extract link_get_bit_rates() into networkd-speed-meter.c
Move the bit-rate computation out of property_get_bit_rates() in
networkd-link-bus.c into a standalone link_get_bit_rates() helper in
networkd-speed-meter.c, which already owns the speed meter state.
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
Dylan M. Taylor [Fri, 6 Mar 2026 12:34:57 +0000 (07:34 -0500)]
userdb: add birthDate field to JSON user records
Add a birthDate field to the JSON user record, stored internally as a
struct tm with INT_MIN/negative sentinels for unset fields. The field
is serialized as a YYYY-MM-DD string in JSON and validated via
parse_birth_date(), which shares its core logic with
parse_calendar_date() through a new parse_calendar_date_full()
function.
For birth dates, timegm() is called directly (rather than
mktime_or_timegm_usec) to support pre-epoch dates. The wday field is
used to distinguish timegm() failure from a valid (time_t) -1 return.
birthDate is excluded from user_record_self_modifiable_fields(), so
only administrators can set or change it via homectl. The field
remains in the regular (non-privileged) JSON section, keeping it
readable by the user and applications.
Luca Boccassi [Wed, 18 Mar 2026 20:42:46 +0000 (20:42 +0000)]
Translations update from Fedora Weblate (#41164)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
A S Alam [Wed, 18 Mar 2026 18:58:46 +0000 (18:58 +0000)]
po: Translated using Weblate (Punjabi)
Currently translated at 34.9% (93 of 266 strings)
Co-authored-by: A S Alam <aalam@users.noreply.translate.fedoraproject.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/pa/
Translation: systemd/main
projects / thirdparty / systemd.git / log
