Nick Rosbrook [Fri, 22 Aug 2025 19:00:38 +0000 (15:00 -0400)]
test: use numeric prefixes in resolved.conf.d overrides
There are a lot of resolved.conf.d drop-ins used in these tests. Use
proper numeric prefixes, especially to avoid confusion with sorting
relative to test.conf.
Make the test base config 10-test.conf, and use 90-*.conf elsewhere.
Nick Rosbrook [Fri, 22 Aug 2025 14:46:50 +0000 (10:46 -0400)]
resolve: re-create link unicast scopes on reload
On reload, resolved does not apply new DNSSEC= (or DNSOverTLS=) settings
on links, because the link unicast scopes are not re-created. However,
the servers and link states are updated correctly, so resolvectl and link
state files do show the new setting, leading users to believe the change
took effect immediately, the same way `resolvectl dnssec` does.
Fix this by freeing all of the link unicast scopes during reload, so
that they are re-created with the new settings in link_allocate_scopes().
Yu Watanabe [Mon, 25 Aug 2025 16:43:10 +0000 (01:43 +0900)]
bootctl: do not fail on removing unfied kernel image
A boot loader entry for a unified kernel image has
BootEntry.kernel : path to the image relative to ESP or XBOOTLDR,
BootEntry.path : path to the image.
Hence, these two effectively point to the same file.
Hence, by unlink command, the image is removed by
```
deref_unlink_file(&known_files, e->kernel, e->root);
```
then later tried again by
```
r = chase_and_unlink(e->path, root, ...);
```
and of course it fails with -ENOENT.
Let's ignore the failure there. We already ignore ENOENT on removal
at various places, especially in deref_unlink_file().
nsresourced: use a hashed rather than a mangled name as fallback
If we are asked to come up with our own name for the namespace to
allocate (because client enabled "mangle"), then we so far created a
randomized name if shortening what was proposed didn't work. This broke
polkit authorization however, because when polkit is in the mix, we
process method calls twice, submitting the polkit request on the first
and then assuming a response is known on the second invocation. But if
we generate a randomized name for the two checks we'll not be ablet to
match up the requests because it's going to be different. Let's fix that
by not using a randomized name, but one hashed from the socket
connection we are processing mixed with the client provided name. This
will ensure that for the same method call we'll generate the same name,
but different calls (i.e. calls with different names on the same socket,
or with any name on any socket) we'll end up with different names,
minimizing chance of collision.
This ensures PK starts to work with nsresourced userns registration when
a bad or no name is specified, which previously would end up in a PK
query loop.
Kamil Páral [Mon, 25 Aug 2025 20:00:47 +0000 (22:00 +0200)]
70-mouse.hwdb: Add Razer Basilisk V3, Asus Cerberus, +2 more
All mice were measured using mouse-dpi-tool, and the measurements match vendors
specs, with the exception of Asus Cerberus (it officially has
500/*1000/1500/2500 DPI, but my measurements were quite different, so I opted
to include the real values).
Jan Fooken [Fri, 22 Aug 2025 09:26:25 +0000 (11:26 +0200)]
tmpfiles: don't relabel files in dry run mode
tmpfiles attempts to correct the label of a file during various actions
via the function fd_set_perms(). Currently, said function generally
respects the dry-run mode. However, it attempts to fix the label of a
given file regardless of the state of said dry-run mode.
This causes problems, because a user could attempt to run tmpfiles with
elevated permissions and dry run enabled, expecting the tool to not
modify their system. Instead, tmpfiles would falsely relabel a file,
modifying their system.
This commit explicitly checks for when dry-run is enabled and skips the
file relabelling process. Furthermore, I added logging for both cases.
I found helpful during debugging. That said, I don't think it's
necessary to use the level LOG_INFO on the dry-run path, as it would
always produce an info log.
Yu Watanabe [Thu, 21 Aug 2025 17:06:43 +0000 (02:06 +0900)]
core/unit: use UNIT_FOREACH_DEPENDENCY_SAFE() at several more places
manager_add_job() -> transaction_add_job_and_dependencies() may update
dependencies when a unit is not loaded yet. Hence, we need to restart
dependency loop in that case.
Felix Pehla [Thu, 21 Aug 2025 17:06:07 +0000 (19:06 +0200)]
systemd-boot: don't always log NX_COMPAT info
Commit 70b7e03 introduced 3 calls to log_debug() about the presence or
absence of NX_COMPAT support. Since sd-boot does not yet have the
ability to only print messages above a certain loglevel, these will
always be printed, even on top of the configured splash screen. This
commit removes the log_debug() call after a success and only prints
those for missing firmware support if the UEFI should support them in
the first place (i.e. starting with version 2.10).
Jörg Behrmann [Wed, 20 Aug 2025 13:47:28 +0000 (15:47 +0200)]
tools: ignore root element explicitly in check-version-history
Currently these messages (broken for length)
2025-08-20T12:04:15.9609277Z
/home/runner/work/systemd/systemd/tools/check-version-history.py:26:
FutureWarning: This search incorrectly ignores the root element, and will be fixed in a future version.
If you rely on the current behaviour, change it to './/funcprototype/funcdef/function'
can be seen in CI output. So let's apply the suggestion.
Yu Watanabe [Wed, 20 Aug 2025 18:07:26 +0000 (03:07 +0900)]
TEST-46-HOMED: homectl unregister and friends needs the target is inactive or absent
Hence, we need to wait for the previous operation finished.
Fixes the following failure:
```
TEST-46-HOMED.sh[107]: + homectl unregister signtest
TEST-46-HOMED.sh[1449]: Failed to unregister home: Home signtest is currently being used, or an operation on home signtest is currently being executed.
```
Christopher Head [Thu, 21 Aug 2025 06:52:38 +0000 (23:52 -0700)]
Add Razer Cobra mouse to hwdb
The DPI values are based on the product’s printed documentation. The
frequency values are based on the endpoint descriptor reported by lsusb
(the mouse is a full-speed USB device and bInterval is 1 at all DPI
settings). Both sets of values are for a mouse that has *not* been
touched by the vendor’s configuration tool.
Luca Boccassi [Mon, 18 Aug 2025 12:38:32 +0000 (13:38 +0100)]
Revert "resolved: don't wait for TLS close_notify replies unnecessarily"
This change introduced a regression that stops DNSOverTLS from working
after some time. Revert it for now, as there's no fixup available at
the moment.
Michal Sekletar [Wed, 20 Aug 2025 10:42:30 +0000 (12:42 +0200)]
coredump: drop RestrictSUIDSGID= option (#38640)
systemd-coredump sandbox already has ProtectSystem=strict hence all non
API filesystems are made read-only, thus RestrictSUIDSGID= doesn't buy
us much.
On top of that systemd-coredump's EnterNamespace= feature requires
openat2() to work correctly and that is implicitly blocked by
RestrictSUIDSGID=.
But, this is not necessary in most cases, e.g. when chasing
syspath in sd-device (actually this causes regression in umockdev,
see https://github.com/martinpitt/umockdev/issues/271).
Another example is reading unit files, especially .network files,
as automount may trigger mounting network filesystems...
Also, when this is used in NSS plugins, programs that load the
plugins may fail because of spuriously configured seccomp. See #38565.
Let's not trigger automount by default, and do only when explicitly
requested.
This introduces CHASE_TRIGGER_AUTOFS, and use it in
- service manager,
- bootctl and finding ESP/xbootldr,
- sysupdate,
- mountfsd,
- systemd-mount.
There may be several more places we should trigger automount, but let's
do that later.
As commented https://github.com/systemd/systemd/pull/38569#discussion_r2284978273,
the commit makes autofs check bypassed. Before the commit, when
CHASE_NO_AUTOFS is set, we did not shortcut chasing paths, and refused
any autofs mount points in the path. However, with the commit, the flag
was swapped but even when CHASE_AUTOFS is unset, the autofs check may be
skipped.
To fix the issue, rather than swapping the flag, we should introduce
another flag, say CHASE_TRIGGER_AUTOFS. This revert the commit, and in a
later commit, the new flag will be introduced.
Luca Boccassi [Mon, 11 Aug 2025 14:33:35 +0000 (15:33 +0100)]
sd-stub: use memory proto if available and set kernel memory to RX with NX_COMPAT
When NX_COMPAT gets enabled, firmwares will enforce that executable
memory is either writable or executable.
This needs kernel compatibility, when it will happen the kernel will
have the NX_COMPAT bit set. If it is, set the memory buffer to RO.
Note that this must be undone on failure, as EDK2 in some configurations
overwrites memory ranges that are returned with FreePages() with a
fixed pattern, so if the pages are RO it will crash.
This is only an issue with the new custom PE loader, as LoadImage()
and StartImage() will always do the right thing automatically.
Luca Boccassi [Thu, 14 Aug 2025 16:22:30 +0000 (17:22 +0100)]
chase: invert CHASE_NO_AUTOFS and only set it where needed
Since https://github.com/systemd/systemd/commit/c5de7b14ae2e08d267d8d75bc88934ac6aa7dcd6
file searching implies a new mount api syscall by default,
to trigger automounts.
This is problematic in NSS plugins, as they are dlopen'ed inside
processes by glibc, for two reasons.
First of all, potentially searching on a networked filesystem
automount could lead to nasty surprises, such as the process
responsible for setting up the network filesystem trying to
search on that same filesystem.
More importantly, the new mount api syscall was never part of
the filesystem seccomp filter that we provide by default, and
given mounting/remounting/bind mounting is one of the possible
ways to bypass sandboxing it is very likely not allowed when
custom filters are used in sandboxed processes, if they don't
need to do these operations otherwise.
The filesystem seccomp mask we provide has been updated, however
this only takes effect on the next restart of a service. When
systemd is upgraded via a package upgrade, the new nss plugin is
installed and will be immediately dlopen'ed by glibc when needed,
without waiting for the process to restart, which means the existing
seccomp filter applies, causing the filter to trigger.
Given it's not really possible for any arbitrary program to
predict which NSS modules glibc will load, given programs do not
configure that and instead nsswitch is set up by the sysadmin,
it's impossible to handle at each process level. It's also not
possible to know when it will be triggered, given the plugin
is not linked in each binary tools like need-restart cannot
even pre-emptively restart services that may be affected.
This means in practice, upgrading from systemd << v258 to >= v258
requires a reboot to avoid either subtle or catastrophic system
failures.
By avoiding to trigger automounts in nss-systemd we can avoid
both issues.
Note that this happens only when the userdbd service is not running,
as otherwise nss-systemd will go through the varlink IPC, rather than
doing the searches in-process.
So invert CHASE_NO_AUTOFS to CHASE_AUTOFS and set it in the places where
we do want to trigger automounts, like looking for the ESP.
Luca Boccassi [Tue, 19 Aug 2025 11:32:00 +0000 (12:32 +0100)]
test: also edit /etc/os-release if it's not a symlink when patching /usr/lib/os-release (#38628)
mkosi patches up /etc/os-release to add local IDs and fixup certain
issues, so when tests patch /usr/lib/ on the fly, copy to the version in
/etc/ too to avoid test failures when querying
6370s 10/98 systemd:integration-tests / TEST-07-PID1 FAIL 31.03s exit
status 1
6370s 25/98 systemd:integration-tests / TEST-29-PORTABLE FAIL 12.76s
exit status 1
6370s 33/98 systemd:integration-tests / TEST-43-PRIVATEUSER-UNPRIV FAIL
6.57s exit status 1
6370s 37/98 systemd:integration-tests / TEST-50-DISSECT FAIL 16.97s exit
status 1
This is particularly an issue when running these tests on debian unstable,
where mkosi has to fixup os-release to make it valid and avoid further
breakages:
importd: accept a single space as SHA256SUMS separator
The SHA256SUMS files provided by https://images.linuxcontainers.org/
are slightly non-conforming, insted of using " *" or " " as separator
between hash and file name they use " ". Let's accept that too, in the
interest of maximizing compatibility.
Our tools will strip trailing NULs, so this is not causing harm, except for
the corner case when the .sbat section is exactly of the maximum size and now
it wouldn't fit because we're one byte short.
But it also is not needed. Sections have an encoded size of the data and the
reader must use that and must be prepared to handle a text section that does
not end in NUL. Appending of the NUL was added in c3f7501c4d014482b17988d5aed1d88127a50b6e, without any discussion of this
change. Since we didn't insert the NUL before, the tools must have been
prepared to work without it. I think it's better to keep the code clean and
not do this unnecessary step.
Fedora's kernels now ship with a .sbat section:
kernel,1,Red Hat,kernel-core,6.17.0-0.rc1.250814g0cc53520e68b.20.fc44.x86_64,mailto:secalert@redhat.com
kernel.fedora,1,Red Hat,kernel-core,6.17.0-0.rc1.250814g0cc53520e68b.20.fc44.x86_64,mailto:secalert@redhat.com
This pushes the combined .sbat section just over its pre-allocated size of 512 bytes:
File "/usr/bin/ukify", line 1048, in pe_add_sections
raise PEError(f'Not enough space in existing section {section.name} to append new data')
PEError: Not enough space in existing section .sbat to append new data
PE sections need to align to 512 bytes, so to make it all fit we pad the .sbat
section with zeros to 1k. Various tools already should strip trailing zeros when
using sbat sections, since ukify always inserts a trailing NUL.
The defines are moved to sbat.h, they are used only in sd-stub and sd-boot.
ukify: fix insertion of padding in merged sections
The padding was done to expand the new section contents to the expected size of
the new section. And this then would be used for the content in the existing
section. The new section cannot be larger than the old section, but it can be
smaller. If the new section was smaller, then we'd not write enough padding and
the output file would be corrupted.
This was observed in CI when the .sbat section in the stub was padded to 1k.
The UKI with an .sbat section that was merged and was fairly short would hit
this scenario and be corrupted.
Currently translated at 100.0% (264 of 264 strings)
Co-authored-by: Fco. Javier F. Serrador <fserrador@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/es/
Translation: systemd/main
Li Tian [Mon, 18 Aug 2025 21:43:41 +0000 (05:43 +0800)]
ukify: rstrip and escape binary null characters from 'inspect' output (#38607)
SBAT section of UKI may contain \u000 null characters. Rstrip them, and if there's anything left in the middle,
escape them so they are displayed as text.
tree-wide: don't play games with alignment around file_handle
The payload of a file_handle structure is not 64bit aligned. So far used
_alignas_() to align it to 64bit as a whole, which by accident has the
side-effect that the payload ends up being aligned to 64bit too, but
this is ugly, because it's really just an accident...
Let's do this properly, and just use proper unaligned 64bit reads to
access the field, and do not assume aligning the structure as a whole
also aligns the payload part of it.
Yu Watanabe [Mon, 18 Aug 2025 06:46:04 +0000 (15:46 +0900)]
ptyfwd: do not try to read from PTYForward.input_fd when read-only mode
Fixes the following error message (the last line):
```
[FAILED] Failed to start TEST-60-MOUNT-RATELIMIT.service.
Sending SIGTERM to remaining processes...
Sending SIGKILL to remaining processes...
All filesystems, swaps, loop devices, MD devices and DM devices detached.
Exiting container.
Failed to read from pty input fd: Bad file descriptor
```
Luca Boccassi [Sun, 17 Aug 2025 23:34:22 +0000 (00:34 +0100)]
vmspawn: fix --smbios
The file used to pass credentials gets created and then immediately deleted:
$ systemd-vmspawn -i image.raw -s "io.systemd.credential.binary:tty.serial.hvc0.agetty.autologin=cm9vdA=="
░ Spawning VM opensuse-2025081621.1 on /tmp/image.raw.
░ Press Ctrl-] three times within 1s to kill VM.
Not overwriting existing state file.
Listening on /run/user/1000/systemd/vmspawn.1c00857c6a3dc2c7/tpm.sock as 3.
qemu-system-x86_64: -smbios type=11,path=/var/tmp/vmspawn-smbios-Hizb4A/.#smbios11e5a842e77d7b4b68: Could not open '/var/tmp/vmspawn-smbios-Hizb4A/.#smbios11e5a842e77d7b4b68': No such file or directory
Yu Watanabe [Sun, 17 Aug 2025 16:15:33 +0000 (01:15 +0900)]
README: drop one FIXME comment
Most compat glue has been already removed, except for several cgroup v1
specific codes. It is too late to remove the remaining things before v258.
Let's remove them after v258.
Luca Boccassi [Sat, 16 Aug 2025 22:56:11 +0000 (23:56 +0100)]
core: fix crash on audit callback
When check_access() was added, the callback data parameter
was changed from a pointer to a double pointer, resulting
in a crash when it is accessed when logging an error:
#0 __internal_syscall_cancel (a1=a1@entry=0, a2=a2@entry=0,
a3=a3@entry=140726176497168, a4=a4@entry=4, a5=a5@entry=0,
a6=a6@entry=0, nr=247) at ./nptl/cancellation.c:44
#1 0x00007f5d0ec996ad in __syscall_cancel (a1=a1@entry=0,
a2=a2@entry=0, a3=a3@entry=140726176497168, a4=a4@entry=4,
a5=a5@entry=0, a6=a6@entry=0, nr=247) at ./nptl/cancellation.c:75
#2 0x00007f5d0ed047ab in __waitid (idtype=idtype@entry=P_ALL,
id=id@entry=0, infop=infop@entry=0x7ffd5dc2be10,
options=options@entry=4) at ../sysdeps/unix/sysv/linux/waitid.c:29
#3 0x00007f5d0f044412 in freeze () at ../src/basic/process-util.c:2039
#4 0x00005568f181bc2a in freeze_or_exit_or_reboot () at
../src/core/crash-handler.c:55
#5 0x00005568f181be82 in crash (sig=<optimized out>, siginfo=<optimized
out>, context=<optimized out>) at ../src/core/crash-handler.c:184
#6 <signal handler called>
#7 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
#8 0x00007f5d0ec6e300 in __printf_buffer (buf=buf@entry=0x7ffd5dc2ca90,
format=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m",
ap=0x7ffd5dc2d3d0, mode_flags=2) at
./stdio-common/vfprintf-process-arg.c:435
#9 0x00007f5d0ec91daf in __vsnprintf_internal
(string=string@entry=0x7ffd5dc2cb70 "", maxlen=maxlen@entry=2048,
format=format@entry=0x7f5d0f196e60 "%s: Failed to acquire credentials:
%m", args=args@entry=0x7ffd5dc2d3d0, mode_flags=mode_flags@entry=2)
at ./libio/vsnprintf.c:96
#10 0x00007f5d0ed27044 in ___vsnprintf_chk (s=s@entry=0x7ffd5dc2cb70 "",
maxlen=maxlen@entry=2048, flag=flag@entry=1, slen=slen@entry=2048,
format=format@entry=0x7f5d0f196e60 "%s: Failed to acquire credentials:
%m", ap=ap@entry=0x7ffd5dc2d3d0)
at ./debug/vsnprintf_chk.c:34
#11 0x00007f5d0f02de59 in vsnprintf (__s=0x7ffd5dc2cb70 "", __n=2048,
__fmt=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m",
__ap=0x7ffd5dc2d3d0) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:100
#12 log_internalv (level=7, error=-9, file=0x7f5d0f196643
"src/libsystemd/sd-varlink/sd-varlink.c", line=2853, func=0x7f5d0f1d5ca0
<__func__.62> "sd_varlink_get_peer_uid", format=0x7f5d0f196e60 "%s:
Failed to acquire credentials: %m",
ap=0x7ffd5dc2d3d0) at ../src/basic/log.c:865
#13 0x00007f5d0f02ded5 in log_internalv (level=<optimized out>,
error=<optimized out>, file=<optimized out>, line=<optimized out>,
func=<optimized out>, format=<optimized out>, ap=0x7ffd5dc2d3d0) at
../src/basic/log.c:868
#14 0x00007f5d0f02df67 in log_internal (level=<optimized out>,
error=<optimized out>, file=<optimized out>, line=<optimized out>,
func=<optimized out>, format=<optimized out>) at ../src/basic/log.c:882
#15 0x00007f5d0f10a135 in sd_varlink_get_peer_uid (v=0x7f5d0f5ab110
<__func__.44>, ret=ret@entry=0x7ffd5dc2d4f0) at
../src/libsystemd/sd-varlink/sd-varlink.c:2853
#16 0x00007f5d0f50c29e in audit_callback (auditdata=0x7ffd5dc2d698,
cls=<optimized out>, msgbuf=0x55692366e77d "", msgbufsize=995) at
../src/core/selinux-access.c:65
#17 0x00007f5d0f716079 in avc_suppl_audit (ptr=0x7ffd5dc2d698, class=95,
buf=<optimized out>, len=<optimized out>) at ./src/avc_internal.h:101
#18 avc_audit (ssid=0x5569237f2890, tsid=0x556922d7f4b0,
tclass=<optimized out>, requested=<optimized out>, avd=<optimized out>,
result=0, a=0x7ffd5dc2d698) at ./src/avc.c:721
#19 0x00007f5d0f716367 in avc_has_perm (ssid=0x5569237f2890,
tsid=0x556922d7f4b0, tclass=tclass@entry=95, requested=4,
aeref=aeref@entry=0x0, auditdata=auditdata@entry=0x7ffd5dc2d698) at
./src/avc.c:836
#20 0x00007f5d0f718b0a in selinux_check_access
(scon=scon@entry=0x55692384cbc0 "system_u:system_r:policykit_t:s0",
tcon=tcon@entry=0x556922c98a20
"system_u:object_r:systemd_networkd_unit_t:s0",
class=class@entry=0x7f5d0f580b9e "service",
perm=perm@entry=0x7f5d0f580cc0 "status",
aux=aux@entry=0x7ffd5dc2d698) at ./src/checkAccess.c:64
#21 0x00007f5d0f50bf7e in check_access (scon=0x55692384cbc0
"system_u:system_r:policykit_t:s0", tcon=0x556922c98a20
"system_u:object_r:systemd_networkd_unit_t:s0", tclass=0x7f5d0f580b9e
"service", permission=permission@entry=0x7f5d0f580cc0 "status",
audit_info=<optimized out>, audit_info@entry=0x7ffd5dc2d720,
error=error@entry=0x7ffd5dc2d880) at ../src/core/selinux-access.c:229
#22 0x00007f5d0f5100a1 in mac_selinux_access_check_bus_internal
(message=<optimized out>, unit=<optimized out>,
permission=0x7f5d0f580cc0 "status", function=0x7f5d0f5ab110
<__func__.44> "method_get_unit_by_pidfd", error=0x7ffd5dc2d880)
at ../src/core/selinux-access.c:329
#23 0x00007f5d0f4a024b in method_get_unit_by_pidfd
(message=0x5569236d9010, userdata=<optimized out>, error=0x7ffd5dc2d880)
at ../src/core/dbus-manager.c:657
#24 0x00007f5d0f0c9bd0 in method_callbacks_run (bus=0x5569238684e0,
m=0x5569236d9010, c=<optimized out>, require_fallback=false,
found_object=0x7ffd5dc2d947) at ../src/libsystemd/sd-bus/bus-objects.c:413
#25 object_find_and_run (bus=bus@entry=0x5569238684e0,
m=m@entry=0x5569236d9010, p=<optimized out>,
require_fallback=require_fallback@entry=false,
found_object=found_object@entry=0x7ffd5dc2d947) at
../src/libsystemd/sd-bus/bus-objects.c:1323
#26 0x00007f5d0f0cafa2 in bus_process_object (bus=0x5569238684e0,
m=0x5569236d9010) at ../src/libsystemd/sd-bus/bus-objects.c:1443
#27 0x00007f5d0f0d8c3e in process_message (bus=0x5569238684e0,
m=0x5569236d9010) at ../src/libsystemd/sd-bus/sd-bus.c:3006
#28 process_running (bus=0x5569238684e0, ret=0x0) at
../src/libsystemd/sd-bus/sd-bus.c:3048
#29 bus_process_internal (bus=bus@entry=0x5569238684e0,
ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3275
#30 0x00007f5d0f0d9099 in sd_bus_process (bus=bus@entry=0x5569238684e0,
ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3302
#31 0x00007f5d0f0db3ec in io_callback (s=<optimized out>, fd=<optimized
out>, revents=<optimized out>, userdata=0x5569238684e0) at
../src/libsystemd/sd-bus/sd-bus.c:3643
#32 0x00007f5d0f0a53d9 in source_dispatch (s=s@entry=0x5569236dea60) at
../src/libsystemd/sd-event/sd-event.c:4163
#33 0x00007f5d0f0a563d in sd_event_dispatch (e=<optimized out>,
e@entry=0x5569232f6c00) at ../src/libsystemd/sd-event/sd-event.c:4782
#34 0x00007f5d0f0a6d38 in sd_event_run (e=<optimized out>,
timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:4843
#35 0x00007f5d0f4f7871 in manager_loop (m=m@entry=0x5569232f8250) at
../src/core/manager.c:3310
#36 0x00005568f181517d in invoke_main_loop (m=0x5569232f8250,
saved_rlimit_nofile=0x7ffd5dc2dcb0, saved_rlimit_memlock=0x7ffd5dc2dca0,
ret_retval=<synthetic pointer>, ret_fds=0x7ffd5dc2dc78,
ret_switch_root_dir=<synthetic pointer>,
ret_switch_root_init=<synthetic pointer>,
ret_error_message=0x7ffd5dc2dc90) at ../src/core/main.c:2140
#37 main (argc=<optimized out>, argv=0x7ffd5dc2dfe8) at
../src/core/main.c:3351
Yu Watanabe [Sat, 16 Aug 2025 16:00:37 +0000 (01:00 +0900)]
core/service: do not reset watchdong when unit is frozen
Even watchdog for a service is stopped when freezing the unit is
requested, sd-notify message WATCHDOG=1 or friends may come after
that due to ordering of event priority. In that case,
service_reset_watchdog() is called for frozen unit and thus previously
watchdog was reenabled.
Yu Watanabe [Fri, 15 Aug 2025 04:57:51 +0000 (13:57 +0900)]
signal-util: do not abort when sigprocmask() failed
BLOCK_SIGNALS() is also used in nss modules. If an application is
running with a too strict seccomp loads our nss modules, then the
assertion may be triggered.
Yu Watanabe [Fri, 15 Aug 2025 04:21:59 +0000 (13:21 +0900)]
hostname-setup: do not trigger assertion when uname() is prohibited by seccomp
gethostname_full() is used in nss-myhostname, and hence random
application may indirectly call it. When an application with a too strict
seccomp filter loads the nss module, the application may trigger the
assertion.
* 5598b7f579 fedora: be more persistent when guessing what rawhide could be
* cdd2d1570e Use apt-ftparchive instead of reprepro
* eeb4ce6302 fix dead/404 link
* 30a487d183 mkosi-tools: Drop systemd-boot-efi package
* ad4b4d2cbe Add debug logging for version reported by systemd tools
* 95f5c77fb7 mkosi-tools: move systemd-boot package to conf file matching older releases
* 7da22f33e0 README: clarify that companion tools can also be enabled from the git repo
* ec3fe91532 Drop microsecond resolution for datetime.now()
* 9f7a53b687 mkosi-initrd: install raid rule with 70 prefix
* 32c3ff4677 ci: give a hint about possible fixes for failing reuse lints
* 489c5e9ecc build(deps): bump github/codeql-action from 3.29.2 to 3.29.5
Mate Kukri [Thu, 7 Aug 2025 16:28:58 +0000 (17:28 +0100)]
Reuse the parent_image handle and parent_loaded_image
- Reuse parent_image instead of allocating new ones. Firmware might cast
EFI_LOADED_IMAGE_PROTOCOL * to a larger struct causing issues
- Remove loaded image protocol installation and uninstallation which are no
longer required
Luca Boccassi [Tue, 12 Aug 2025 22:09:06 +0000 (23:09 +0100)]
ukify: drop NX bit from UKI if kernel doesn't have it
If the kernel is not NX_COMPAT ready (W^X memory compatible) then the
UKI should not be marked as NX_COMPAT ready either, as the kernel
section is the loadable code in the image.
While the sd-stub EFI code itself is NX ready, it is more useful
to think of it as one unit of execution together with the kernel
it embeds, as that's what it is used for.
projects / thirdparty / systemd.git / log
