analyze: don't list filesystems among ungrouped that are aliases
There are a bunch of filesystems that actually are just aliases for
other filesystems. So far we listed them as "ungrouped", suggesting they
should be added to some file system group. But that's not really
something needed, since they are after all not file systems in their own
right, but aliases only (and usually legacy at that).
hence, let's hide them from display (but debug log about them)
devtmpfs and cpuset are not actual filesystems of their own. cpuset used
to be but is now an alias for cgroupsfs. devtmpfs is the same as tmpfs
as its just a "named superblock", i.e. a specific instance of tmpfs, but
not a file system of its own.
filesystems: add group for "application" file system
This group shall cover file systems whose job is to make stuff that
isn't actually storing anything in itself, and isn't just an API file
system, but allows exposing stuff with special semantics in the VFS.
homework: rework how we disassemble a home dir in home_deactivate()
Let's first move the home dir to a new mount point that is only visible
in our own private namespace. Then, do FITRIM and stuff there, so that
we know the regular userspace can't interfere with that, and we know
that the home fs is not used anymore.
(This will become even more important once we add auto-grow/auto-shrink
for home dirs)
by moving the read permissions to the top level and
granting additional permissions to the specific jobs.
It should help to prevent new jobs that could be added
there eventually from having write access to resources they
most likely would never need.
Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
it should be enough to grant the "read contents" permission to
most of our actions. The "read metadata" permission is set impliciclty
somewhere and can't be set via the "permissions" setting:
```
The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata'
```
With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early
init with a restrictive syscall filter that does not include @system-service.
I think this is caused by 2dd87703d4386f2776c5b5f375a494c91d7f9fe4:
nptl: Move changing of stack permissions into ld.so
All the stack lists are now in _rtld_global, so it is possible
to change stack permissions directly from there, instead of
calling into libpthread to do the change.
It seems that this call will now be very widely used, so let's just move it to
default to avoid too many failures.
shared: split out UID allocation range stuff from user-record.h
user-record.[ch] are about the UserRecord JSON stuff, and the UID
allocation range stuff (i.e. login.defs handling) is a very different
thing, and complex enough on its own, let's give it its own c/h files.
homed: include actual fs type + access mode as part of "status" section of user record
So far we have two properties for the intended fstype + access mode of
home dirs, but they might differ from what is actually used (because the
user record changed from the home dir, after it was created, or vice
versa). Let's hence add these props also to the "status" section of user
record, which report the status quo. That way we can always show the
correct, current settings.
homed: allow querying disk free status separetely from generating JSON from it
We later want to query per-home free status for implementing automatic
grow/shrink of home directories, hence let's separate the JSON
generation from the disk free status determination.
This adds to new helpers: keyring_read() for reading a key data from a
keyring entry, and TAKE_KEY_SERIAL which is what TAKE_FD is for fds, but
for key_serial_t.
The former is immediately used by ask-password-api.c
homed: add env var for overriding default mount options
This adds an esay way to override the default mount options to use for
LUKS home dirs via the env vars SYSTEMD_HOME_MOUNT_OPTIONS_EXT4,
SYSTEMD_HOME_MOUNT_OPTIONS_BTRFS, SYSTEMD_HOME_MOUNT_OPTIONS_XFS.
This follows what Fedora did with 34: enables compression by default,
lowering IO bandwidth and reducing disk space use, at the price of
slightly higher CPU use.
In delete_rule(), we already checked that the rule name is a valid file name
(i.e. no slashes), so we can just trivially append.
Also, let's always reject rules that we would later fail to delete. It's
probably better to avoid such confusion.
And print the operations we do with file name and line number. I hope this
helps with cases like https://github.com/systemd/systemd/pull/21178. At least
we'll know what rule failed.
$ sudo SYSTEMD_LOG_LEVEL=debug build/systemd-binfmt
Flushed all binfmt_misc rules.
Applying /etc/binfmt.d/kshcomp.conf…
/etc/binfmt.d/kshcomp.conf:1: binary format 'kshcomp' registered.
namespace: make tmp dir handling code independent of umask too
Let's make all code in namespace.c robust towards weird umask. This
doesn't matter too much given that the parent dirs we deal here almost
certainly exist anyway, but let's clean this up anyway and make it fully
clean.
namespace: make whole namespace_setup() work regardless of configured umask
Let's reset the umask during the whole namespace_setup() logic, so that
all our mkdir() + mknod() are not subjected to whatever umask might
currently be set.
This mostly moves the umask save/restore logic out of
mount_private_dev() and into the stack frame of namespace_setup() that
is further out.
projects / thirdparty / systemd.git / log
