Let's always make sure the temporary file returned by fopen_tmpfile()
and friends is removed on failure (via _cleanup_). Conversely, make sure
that once the file is renamed into its final place, we no longer try to
remove the temporary file (since it's not going to exist anymore).
The original rules file have some rules for a device that is now
deprecated and so, are not part of this change. AFAIU, 'plugdev' is also
a thing of the past and we now use 'uaccess' which should be given to
all ID_SOFTWARE_RADIO devices. So yeah, hopefully what I have here is
equivalent to the orginal .rules.
The request for this was done here:
https://github.com/analogdevicesinc/plutosdr-fw/issues/101
Luca Boccassi [Thu, 15 May 2025 11:09:03 +0000 (12:09 +0100)]
Update hwdb (#37470)
Update hwdb, even though we are pretty far from a release in order to:
- incrementally test upstream additions to hwdb
- allow backports to stable branches
Tommy Unger [Sat, 19 Apr 2025 01:57:26 +0000 (18:57 -0700)]
test: write file from systemd service in transient unit
This integration test demonstrates that a containerized systemd instance can
write to a bind mounted file observable to the host. Specifically, the bash
script uses systemd-run to start a systemd instance as a transient unit
container. This systemd-run command bind mounts a directory the container will
share with the host, and runs an internal service which creates and writes to a
file from the container's view of this directory. When finished writing, the
service runs the exit target, terminating the internal systemd instance, and
ending the lifetime of the container.
The script waits for the container to finish running, then verifies that the
expected file contents were written on the host side of the filesystem mount.
This test employs a workaround, creating an unmasked procfs mount on the host
which enables the privileged guest to create its own mounts internally. This
may indicate a systemd bug, as the privileged container should not rely on
the existence of an unmasked procfs on the host in order to mount its own
filesystems internally.
As usual, it seems to be mostly additions and corrections.
The last update was in 0d740f4bc0f03b773264ef75eaf1233ffc89c5b2, Dec 10th. I
think it's reasonable to update the hwdb more often. In particular, I want to
push an update to the stable branches, but it should be updated in 'main'
first.
core: name socket unit instances after the socket cookie
On linux sockets have a really good, unique identifier, the SO_COOKIE,
which is used by sockdiag and BPF and elsewhere. Let's expose this more
prominently in the service name of per-connection services invoked via
Accept=yes sockets.
This is really nice, because together with our $SO_COOKIE env var we can
now match up services, process execution contexts, and "ss" outputs, BPF
rules, and more.
Mike Yuan [Mon, 14 Apr 2025 12:07:59 +0000 (14:07 +0200)]
core: always enable CPU accounting
Our baseline is v5.4 and cgroup v2 is enforced now,
which means CPU accounting is cheap everywhere without
requiring any controller, hence just remove the directive.
Daan De Meyer [Wed, 14 May 2025 21:23:31 +0000 (23:23 +0200)]
userns-restrict: Move HAVE_VMLINUX check into functions
Let's do these checks like we try to do them elsewhere, in the
function, not outside. This avoids having to declare the function
arguments twice and keeps the logic for each function together
instead of spread out across the file.
Daan De Meyer [Wed, 14 May 2025 19:41:43 +0000 (21:41 +0200)]
networkd-util: Avoid call to endswith()
Instead of recalculating the length of the string again after
reading it, let's make sd_netlink_message_read_string() return the
length of the string that we then use to check if the last character
is a dot or not.
This allows us to get rid of the string-util.h include in #37344.
Luca Boccassi [Wed, 14 May 2025 19:02:34 +0000 (20:02 +0100)]
test: fix assertion failure with CONFIG_UNIX_DIAG disabled
On OBS the build VM is heavily locked down, with network
disabled in various ways in the custom kernel, to isolate the
build, including disabling CONFIG_UNIX_DIAG.
[ 456s] /* test_af_unix_get_qlen */
[ 456s] src/test/test-socket-netlink.c:393: Assertion failed: Expected "af_unix_get_qlen(unix_fd, &q)" to succeed, but got error: No such file or directory
[ 454s] /* test_sock_diag_unix */
[ 454s] src/libsystemd/sd-netlink/test-netlink.c:727: Assertion failed: Expected "sd_netlink_call(nl, message, 0, &reply)" to succeed, but got error: No such file or directory
Daan De Meyer [Wed, 14 May 2025 16:46:58 +0000 (18:46 +0200)]
capability-util: Ignore unknown capabilities instead of aborting
capability_quintet_mangle() can be called with capability sets
containing unknown capabilities. Let's not crash when this is the
case but instead ignore the unknown capabilities.
With 'or', we ignore the empty string (but not '0'), and we only call
time.time() lazily. So this works the same as the code that is replaced,
but avoids the ugly repetition.
We recommend that users create overriddes. This creates the problem that there
is no syntax to unset a property. Thus, the user needs to just set the property
to "something else" in the override file. But then the blurb saying that
"VAR=1" (or "VAR=0" in some cases) is the only allowed value can be confusing.
Say that both 0 and 1 can be set, since this documentation is also intended
for end users.
In our files, we generally don't want the override values anywhere. But we
have a test which checks the rvalue, which should be enough.
Daan De Meyer [Wed, 14 May 2025 13:33:36 +0000 (15:33 +0200)]
blockdev-util: Remove dependency on string-util.h
Let's insist on a string literal in SYS_BLOCK_PATH_MAX() so that
we don't accidentally allocate VLAs and let's inline strempty() in
xsprintf_sys_block_path() so we don't need to include string-util.h
in blockdev-util.h
We'll remove the actual string-util.h include as part of #37344.
Daan De Meyer [Wed, 14 May 2025 14:51:10 +0000 (16:51 +0200)]
Introduce forward.h header with forward declarations (#37428)
In preparation for adopting forward declarations to reduce unnecessary
transitive includes across the tree, let's introduce a forward.h header
with forward declarations for all libc, libsystemd, basic and shared
types.
Additionally, this header exports all basic integer types and errno
constants, as well as all macros including assertions macros. These
header files contain types often used in headers and are always included
in every source file one way or another anyway.
To avoid having to include memory-util.h and alloc-util.h in forward.h,
we split off the parts we need from both into cleanup-util.h and only
include cleanup-util.h in forward.h.
To keep this commit self-contained, we include cleanup-fundamental.h and
cleanup-util.h from the headers that originally contained the same
macros. We'll remove these again in a later commit that optimizes the
includes in src/basic and src/fundamental.
projects / thirdparty / systemd.git / log
