homed: support LogControl1 D-Bus API too, and make use of it
All our D-Bus services support the LogControl1 API, but homed didn't so
far. Fix that, and make use of it in the test case, to make debugging it
easier.
This macro is like JSON_BUILD_STRING() but uses our json library's
ability to use literal strings directly as JsonVariant objects.
The changes all our codebase to use this new macro whenever we build
JSON objects from literal strings.
(I tried to make this automatic, i.e. to detect in JSON_BUILD_STRING()
whether something is a literal string nicely and thus do this stuff
automatically, but I couldn't find a way.)
This should reduce memory usage of our JSON code a bit. Constant strings
we use very often will now be shared and mapped directly from the ELF
image.
json: don't assert() if we add a NULL element via json_variant_set_field()
The rest of our JSON code tries hard to magically convert NULL inputs
into "null" JSON objects, let's make sure this also works with
json_variant_set_field().
- execute.c: bpf functions were in the middle of an #if HAVE_SECCOMP
block for no reason
- test-fd-util.c: make seccomp-util.h includable without depending on
<seccomp.h>, and make is_seccomp_available() hardcoded to returning
false in this case.
Also fix a stray DEFINED() -- HAVE_SECCOMP is defined as 0, so normal
#if should be used like everywhere else.
socket: always pass socket, fd and SocketPeer ownership to service together
Per-connection socket instances we currently maintain three fields
related to the socket: a reference to the Socket unit, the connection fd,
and a reference to the SocketPeer object that counts socket peers.
Let's synchronize their lifetime, i.e. always set them all three
together or unset them together, so that their reference counters stay
synchronous.
THis will in particuar ensure that we'll drop the SocketPeer reference
whenever we leave an active state of the service unit, i.e. at the same
time we close the fd for it.
homework: also apply uid shifting when changing passwords/resizing/updating home areas
This adds uidmap shifting also when resizing/updating/changing
passwords. Prviously I thought we didn't have to, because the user is
not going to access the uidmap if we only quickly activate the home
area. But this thinking is wrong, because the three operations will
result in an update ~/.identity fie to be written, and we should do that
with uidmap applied, so that its ownership maps down to nobody below as
intended.
homework: don't try to shift uidmap for already activated home areas
When we want to operate on an already activated home area we so far
tried to reapply the uidmapping logic. We shouldn't do that, it's
already applied after all.
We only want to apply this for newly activated home areas. Hence check
for the right HomeSetupFlags flag for it HOME_SETUP_ALREADY_ACTIVATED.
The patch is actually in theory a two-liner. Except that so far we don#t
pass the HomeSetupFlags flags down all necessary functions where the
uidmap stuff will eventually run. Hence this larger than intended
commit.
homectl: also acquire "cheap" passwords for homectl update/passwd
In 57bb9bcba5563c040ee0c41f58e3730a006a8de2 support was added to read
"cheap" passwords from env vars and stuff before issuing the first
operation, instead of waiting for it until the first operation failed.
This was added for most verbs of "homectl", but two were left out:
update + passwd. Add it there too.
dissect-image: always say "file of image" when reporting about the image
We give a path, but the path is only meaningful inside of the image.
Some messages made it clear that it's a path in the image, let's make
them all do that.
dissect-image: do not enable "verification" when trying to acquire metadata
The whole point of acquiring metadata is quite often to figure out why the
image does not pass verification. Refusing to provide metadata is just being
hostile to the user.
When called from other places (e.g. image_read_metadata()), verification is
still performed.
Previously setting IOPRIO_CLASS_NONE for a process would then report
IOPRIO_CLASS_NONE back. But since 5.15 it reports IOPRIO_CLASS_BE
instead. Since IOPRIO_CLASS_NONE is an alias for a special setting of
IOPRIO_CLASS_BE this makes some sense, but it's also a kernel API
breakage that our testsuite trips up on.
(I made some minimal effort to inform the kernel people about this API
breakage during the 5.15 rc phase, but noone was interested.)
Either way let's hadle this gracefully in our test suite and accept
"best-effort" too when "none" was set.
(This is only triggable if the tests are run on 5.15 with full privs)
man: don't mention IOSchedulingClass=none anymore in the docs
Let's not mention a redundant setting of "none". Let's instead only
mention "best-effort", which is the same. Also mention the default
settings properly.
(Also, while we are at it, don#t document the numeric alias, that's
totally redundant and harder to use, so no need to push people towards
it.)
core: normalize ioprio values we acquire from kernel
Linux 5.15 broke API in ioprio_get(): instead of returning
IOPRIO_CLASS_NONE when that's set it now returns IOPRIO_CLASS_BE, which
is what this actually is (the former is just an alias for the latter
with a priority value of 4).
Let's hide the differences between old and new kernels here, and always
normalize to what the new kernels do.
ioprio-util: add macro for default ioprio settings
IOPRIO_CLASS_NONE with any priority value actually is an alias for
IOPRIO_CLASS_BE with priority value 4 – which is the default ioprio for
all processes.
We got this right at one place, but wrong at three others (where we
assumed the default value was 0, not 4). Let's add a
macro that encodes this properly, and use it everywhere.
The antonym of "nay" is usually spelled as "yea" (and pronouced as yā, so it
rhymes with "nay"), see e.g. https://www.cop.senate.gov/general/Features/votes.htm
Daan De Meyer [Tue, 23 Nov 2021 16:54:26 +0000 (17:54 +0100)]
shared: Add support for non-native architectures to dissect_image()
To allow dissecting images of architectures other than the native
(or secondary) one, we add a third designator 'OTHER' to represent
architectures other than the native or secondary one.
If no partitions of the native or secondary arch are available, we
check if a root partition of any other arch is available and use that
instead if we found one.
recurse-dir: give callers of recurse_dir_at() control over path prefix
One of the niceties of recurse_dir()/recurse_dir_at() is that the path
argument is decoration, it's not used for actually accessing the fs in
anyway. That's very handy in environments where chroots and relative
paths are used, as we can path in any path we like and the recursion
function will suffix with whatever it discovers but will not try to make
sense of the prefix you pass.
This works great, except that the recurse_dir_at() wrapper broke that:
it adjusted the path if NULL to "." simply for the sake of making
openat() on the top work. Let's make this adjustment more local and do
it only for the openat() itself, and otherwise pass the path through the
way we got it. This means: if a caller really wants the paths that are
concatenated to start with a "." it can just pass that. This way the
caller gets full control back of the path prefix. Win!
Note that all current users of recurse_dir_at() don't pass NULL as
second arg, hence this check is without any real effect for now. It's
preparation for future uses however.
dissect: show intended purpose of images in dissection output
With this the tool will show whether an image is intended to be a
bootable OS image, a system extension, or a portable service image.
Example output with this patch:
Use As: ✓ bootable system for UEFI
✓ bootable system for container
✗ portable service
✗ extension for system
✗ extension for initrd
✗ extension for portable service
RW DESIGNATOR PARTITION UUID PARTITION LABEL FSTYPE ARCHITECTURE VERITY GROWFS NODE PARTNO
rw root d56af2b4-35eb-2e40-8f08-2d3b7012b0fc Root Partition btrfs x86-64 no no /dev/loop1p2 2
rw esp e3d11339-05c1-a74a-ae77-aae76812c134 ESP System Partition vfat - - no /dev/loop1p1 1
…
</snip>
extension-release.d/: add a new field SYSEXT_SCOPE= for clarifying what a system extension is for
This should make things a bit more robust since it ensures system
extension can only applied to the right environments. Right now three
different "scopes" are defined:
1. "system" (for regular OS systems, after the initrd transition)
2. "initrd" (for sysext images that apply to the initrd environment)
3. "portable" (for sysext images that apply to portable images)
If not specified we imply a default of "system portable", i.e. any image
where the field is not specified is implicitly OK for application to OS
images and for portable services – but not for initrds.
Miika Karanki [Tue, 23 Nov 2021 15:23:01 +0000 (17:23 +0200)]
sd-bus: Fix standard method argument names
The argument names of methods under org.freedesktop.DBus.Properties and
org.freedesktop.DBus.Introspectable interfaces are specifies in D-Bus
specification[1]. They are:
org.freedesktop.DBus.Introspectable.Introspect (out STRING xml_data)
org.freedesktop.DBus.Properties.Get (in STRING interface_name,
in STRING property_name,
out VARIANT value);
org.freedesktop.DBus.Properties.Set (in STRING interface_name,
in STRING property_name,
in VARIANT value);
org.freedesktop.DBus.Properties.GetAll (in STRING interface_name,
out DICT<STRING,VARIANT> props);
sd-bus is using different argument names in the introspection document.
Usually this is not a problem but in case something tries to map the
argument names based on the introspection document to the position of
the arguments in the method call, then using names different than the
ones specified in the D-Bus specification is confusing.
So fix the names to match the D-Bus specification.
There is no functional change, but this reduces the risk that
in some future refactoring we'll forget the do the initialization in all
execution paths.
homework: when creating home dir also treat specified size as hint
The resize logic is now able to handle resize requests that cannot be
fulfilled in full gracefully. Let's do the same when allocating new home
directories.
This means "homectl create foo --disk-size=min" and "homectl create foo
--disk-size=max" may now be used to create the smallest or largest home
directory we support.
homework: upload home password into kernel keyring if needed
If we do automatic disk space rebalancing, we must be able to unlock the
encrypted volume for that in the background, thus we need to decryption
key around in userspace. Let's do this via the kernel keyring. This
allows us to do this in a relatively secure way, so that it sticks
around between homework invocations, but still is destroyed
automatically when homed goes down.
resolved: properly signal transient errors back to NSS stack
NSS mostly knows four error cases: SUCCESS, NOTFOUND, UNAVAIL, TRYAGAIN,
and they can all be used in nsswitch.conf to route requests.
So far nss-resolve would return SUCCESS + NOTFOUND + UNAVAIL. Let's also
return TRYAGAIN in some cases, specifically the ones where we are
currntly unable to resolve a request but likely could later. i.e.
errors caused by networking issues or such.
projects / thirdparty / systemd.git / log
