Yu Watanabe [Sat, 7 Oct 2023 05:37:31 +0000 (14:37 +0900)]
network/tc: allow to configure class or qdisc under foreign one
Some qdiscs (e.g. tbf) implicitly create class(es) on create.
Previously, we could not create any child qdisc under the class, as the
implicit class is tagged as foreign.
Yu Watanabe [Sat, 7 Oct 2023 05:25:50 +0000 (14:25 +0900)]
network/tc: re-enumerate traffic control classes when a qdisc created
Some kind of qdisc implicitly creates a class for the qdisc, but the
created class is not notified by the kernel. So, we need to explicitly
enumerate classes after a qdisc is created.
Yu Watanabe [Sat, 7 Oct 2023 05:20:38 +0000 (14:20 +0900)]
network/tc: drop child tree of traffic control nodes on remove
When a node of traffic control tree is removed, all child nodes are also
removed but their removal are not notified by the kernel.
So, previously, removed TC classes or qdiscs under the removed node were
kept in the memory of networkd, and may cause failure on reconfigure.
Emil Velikov [Wed, 4 Oct 2023 10:51:47 +0000 (11:51 +0100)]
sd-boot: add auto-reboot and auto-poweroff entries
Currently only an auto-reboot-to-firmware entry is available. For other
features - like reboot and power off - one needs to press the uppercase
B and O respectively.
Embedded devices may be missing a full fledged keyboard, so allow for
sd-boot to generate those entries.
v2:
- add to the config parser/man/bootctl/sd-boot info screen
- keep them off by default
- add the (O)ff and re(B)oot help text if boot entries are not shown
- drop irrelevant get_os_indications_supported() comment
- s/ShutDown/Shutdown/
v3:
- cast shutdown_system() reboot_system() to void
v4:
- shutdown -> poweroff
- add trailing ",ignoring" in parser message
- drop explicit default state assignment to "false"
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
The naming was confused: suffix 'p' means that the function takes a pointer to
the type that the wrapped function takes. (E.g., a char**, for a wrapped function
taking a char*.) But DEFINE_TRIVIAL_DESTRUCTOR() just changes the return type.
pcrextend: make pcrextend tool acccessible via varlink
This is primarily supposed to be a 1st step with varlinkifying our
various command line tools, and excercise in how this might look like
across our codebase one day. However, at AllSystemsGo! 2023 it was
requested that we provide an API to do a PCR measurement along with a
matching event log record, and this provides that.
This call checks if we are invoked in a socket-activation Varlink server
context. It's useful for commands that can be run from the command line
or as Varlink service and then either serve commands from the cmdline or
those from Varlink.
This is a helper call that runs the specified VarlinkServer object in an
event loop, and exits once no more connections exist.
This is useful for pure varlink servers (i.e. those which only server
varlink requests and do nothing else), to run as long as there's
something to do and exit right after.
This new helper will automatically take listening fds passed in from the
service manager and processes varlink on them. It's useful for Varlink
services that shall be socket activatable.
varlink: add exit-on-idle logic for Varlink server
This adds a logic that if enabled ensures sd_event_exit() is called
whenever the varlink connection count hits zero.
This is useful for implementing pure Varlink services (i.e. services
whose only job is to serve Varlink requests), that shall run only as
long as needed, i.e. as long as at least one request is being served.
oomd: move SubscriptionTaken Varlink error out of generic Varlink code
This error is a private error returned by PID 1 to oomd. It's internal,
and very specific to the use-case. Hence it should not be part of the
org.varlink.service interface (which isn't really our namespace anyway).
Hence, let's clean this up and move it over to the ManagedOOM varlink
interface of PID, where it belongs.
Since this is a private protocol of our two daemons, and the client
(i.e. oomd) doesn't explicitly test for this error anyway we can just
move it over without ill effects.
Daan De Meyer [Thu, 5 Oct 2023 15:04:53 +0000 (17:04 +0200)]
Update HACKING instructions
Let's mention that we just need the latest stable release of mkosi,
not the latest git commit. We also split the instructions for building
on the host and the instructions for building with mkosi into two blocks,
as it's not required to build on the host anymore to build with mkosi.
felixdoerre [Fri, 6 Oct 2023 03:18:21 +0000 (05:18 +0200)]
journalctl: verify that old entries are not sealed with too recent key (#28885)
When verifying seals produced with forward secure sealing, the verification
currently does not check that old entries are only sealed with the key for
their epoch and not a more recent one. This missing check allows an attacker
to remove seals, and create new ones with the currently available key, and
verify will claim everything is in order, although all entries could have
been modified.
This resolves CVE-2023-31439.
Co-authored-by: Felix Dörre <felix.doerre@kit.edu>
sd-journal: make journal_file_next_entry() always return the nearest entry object
Previously, if the input offset 'p' does not point to an entry object,
the function returns the next of the nearest entry object on
DIRECTION_DOWN, as generic_array_bisect() already returns the nearest
entry object.
sd-journal: reduce number of calls generic_array_bisect_plus_one()
If the first call of generic_array_bisect_plus_one() provides the same
offset, then it is not necessary to call the next one, as we already
know the entry object is also liked to the input data object.
Also, this make the function reuse the object returned by
generic_array_bisect_plus_one().
repart: make arg_empty a proper enum with a string table
Now that we translate in both directions (from enum to string, and
string to enum) let's just make the thing a proper enum with a proper
string table, like we generally do.
discover-image: nicely support .sysext.raw + .confext.raw suffix for DDIs
Back at Plumbers 2022 we discussed that we should push people towards
using the .sysext.raw and .confext.raw for their DDIs if they are
extension images. Let's actually support that, by chopping off these
suffixes when turning file names into "pretty image names".
This adds --make-ddi=confext, --make-ddi=sysext, --make-ddi=portable, to
make it really easiy to generate DDIs of the specified class. It
it's ultimately just a fancy wrapper around some defaults and in
particular --definitions=.
This specifies a directory to which CopyFiles= is considered relative.
If unset defaults to the --root=/--image= setting, or host / otherwise.
This is very similar to --root= but is much more focussed: it is really
and exclusively about CopyFiles= (and related settings such as
ExcludeFiles=) and does not affect any of the settings, i.e. it doesn't
affect CopyBlocks=, the machine ID/seed handling, or where definitions
are read from.
In fact, --root= and --copy-source= may be combined for example to
use the machine ID and similar from one tree, but the copy the files
from another.
Introduce a new enum value EMPTY_UNSET to which arg_empty now is set
initially. Only after we finished parsing the command line we'll now set
this to EMPTY_REFUSE as before.
This prepares ground for later changes, where we then can make different
decisions after havig all input from the command line.
As of now this doesn't change behaviour of systemd-repart, it just
rearranges things a bit.
When --dry-run=yes is used it makes sense to spawn a pager to look at
the report it provides you with about what it is about to do. Hoewver,
when we are actually doing it, then the output is more in the category
of "logs" than "review material", and logs we generally don't page when
we generate them.
Let's modernize and clean up search_and_fopen a bit: let's add support
for regular open() (instead of fopen()), as well as access() (if caller
just wants to check if a file exists without opening it.
This unifies much of the code involved, which previously was duplicated
in search_and_fopen() and search_and_fopen_nulstr()
Daan De Meyer [Thu, 5 Oct 2023 10:49:07 +0000 (12:49 +0200)]
mountpoint-util: Check hardcoded list before asking kernel if option is supported
mount_option_supported() will call fsopen() which will probe the
kernel filesystem module. This means that we'll suddenly start
probing filesystem modules when running generators as those determine
which mount options to use. To prevent generators from loading kernel
filesystem modules as much as possible, let's always first check the
hardcoded list of filesystem which we know support a feature before
falling back to asking the kernel.
Emil Velikov [Mon, 2 Oct 2023 16:31:36 +0000 (17:31 +0100)]
man: document LoaderConfigConsoleMode
The variable was introduced with systemd v250 although it went
completely undocumented, even though sd-boot will honour and print it
separately (from the loader.conf one) in the boot help screen.
Document it in the systemd-boot and hint about it in loader.conf manual
pages.
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Emil Velikov [Mon, 2 Oct 2023 16:09:29 +0000 (17:09 +0100)]
bootctl: remove all our non-volatile variables on uninstall
Grepping around showed a few extra entries that are not listed in the
remove_loader_variables() function. Namely:
- BootNext
- OsIndications
- LoaderConfigConsoleMode
- LoaderEntryLastBooted
Of which the latter two are systemd specific, even though they are
undocumented. Ensure they're removed - follow-up commits will add
documentation references.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
projects / thirdparty / systemd.git / log
