Let's properly return the measurement flag tristate, rather than a
boolean. Otherwise we'll mistake "nothing to measure" as "not measured",
which are two different things, and means we'll miscombine the flag
later, claiming to userspace that we measured no dtb data even if there
was.
oldherl [Mon, 24 Jun 2024 18:22:37 +0000 (04:22 +1000)]
hwdb: fix keyboard of RedmiBook Pro 15 2022 (#33465)
Fix two problems of the keyboard of RedmiBook Pro 15 2022.
- Enter key in the main area was mapped to KP_Enter.
- When Fn is locked (to use F1-F12 without pressing Fn),
Right Ctrl was mapped to Menu. Keeping it as Right Ctrl is more useful.
Mike Yuan [Sun, 23 Jun 2024 16:12:33 +0000 (18:12 +0200)]
core: verify WorkingDirectory= is outside of API VFS only under mount namespacing
The purpose of the check is to prevent leaking API VFS fds
from host into a mount namespace/container. When mountns
is not used at all, the check is pointless and causes
inconvenience. E.g. file managers might need to be spawned
under those directories, and they surely won't run in mountns.
Suggested in https://github.com/systemd/systemd/pull/33454#issuecomment-2186351467
Fixes #33361
Yu Watanabe [Sun, 23 Jun 2024 19:18:04 +0000 (04:18 +0900)]
terminal-util: several cleanups for ColorMode
- introduce or rename usual enum values _MAX and _INVALID,
- introduce and use string table lookup functions,
- split out implementation of get_color_mode() to _impl(),
- add tests for get_color_mode().
tree-wide: fix type of read() return variable at a couple of places
read() returns ssize_t (i.e. 64bit typically). We assigned it to int
variables in some cases (i.e. 32bit typically). Let's not be so sloppy,
and not accidentally drop 32bit on the floor.
(of course, this is not an issue IRL since we'll not have allocations
above 2^32 ever we could read into, but still, let's clean this up)
vmspawn: by default, let machined register a cgroup for VMs
This mimics what we do in nspawn: if registration is enabled we'll let
machined allocate a scope unit for us. When --keep-unit is used we'll
register without creating a new scope.
This brings behaviour more inline with what nspawn does, exposing the
same sets of options.
machined: support allocating a scope for machines if needed via varlink
On dbus we have two apis: one for registering a new machne when the
client already has a cgroup (RegisterMachine()) and one where it doesn't
and machined shall create it (CreateMachine()).
Let's add the same for the varlink api. To simplify things we just
implement it via a boolean flag to the existign RegisterMachine()
varlink call, since the differences are mostly minor otherwise.
machined: allow unprivileged registration of VMs/containers
Now that we have a concept of unprivileged VMs and containers, let's
allow unprivileged clients to register with machined too – subject to
Polkit permissions.
Mike Yuan [Tue, 18 Jun 2024 14:18:56 +0000 (16:18 +0200)]
core: expose PrivateTmp=disconnected
As discussed in https://github.com/systemd/systemd/pull/32724#discussion_r1638963071
I don't find the opposite reasoning particularly convincing.
We have ProtectHome=tmpfs and friends, and those can be
pretty much trivially implemented through TemporaryFileSystem=
too. The new logic brings many benefits, and is completely generic,
hence I see no reason not to expose it. We can even get more tests
for the code path if we make it public.
install: collect more install_changes_add() errors
We so far collected most unexpected errors from install_changes_add()
and propagated them – but for some invocations we forgot to do that. Add
that, and take care we only propagated unexpected errors (i.e. ENOMEM
and such), but treat expected errors as before.
Nick Rosbrook [Thu, 20 Jun 2024 15:27:03 +0000 (11:27 -0400)]
test: skip test-cgroup-id on ENOSYS from cg_cgroupid_open
Most container managers will block open_by_handle_at with seccomp to
mitigate a container escape attack. LXD in particular returns ENOSYS
rather than e.g. EPERM like nspawn. Skip this test if we get ENOSYS
from open_by_handle_at via cg_cgroupid_open.
meson: bpf: propagate 'sysroot' for cross compilation
During cross-compilation of systemd, the compiler used to build the bpf's needs
to be pointed at the correct include searchpath. Which can be done by passing
the corresponding directory in through the cflags; for example in yocto/bitbake
this would work: CFLAGS += "--sysroot=${STAGING_DIR_TARGET}"
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
busctl: send BUSERROR= to caller via sd_notify() protocol
varlinkctl has this nice feature that it sends the varlink error it gets
via sd_notify() to the caller. With previous commits this information
is collected and exposed in "systemctl status".
Let's make sure we can provide the same in busctl: also propagate errors
the same way.
Most of our enums are mapped to strings that use dashes ("-") as word
separators, i.e. "foo-bar-baz". However, Varlink enums do not allow "-"
as separator, see:
https://varlink.org/Interface-Definition
Hence, let's add some simple glue to automatucally turn "-" into "_" for
use when serializing our enums.
varlinkctl: add --graceful= option for optionally marking some errors as successes
This is generally useful, but in some cases particularly: when
implementing enumeration calls that use the "more" flag to return
multiple replies then for the first reply we need to return an error in
case the list of objects to enumerate is empty, usually so form of
"NoSuchXYZ" error. In many cases this shouldn't really be treated as
error, as an empty list probably more than not is as valid as a list
with one, two or more entries.
varlink: add helper that validates a qualified Varlink symbol name
Qualified Varlink symbol names are the combination of an interface name,
followed by a dot, followed by a symbol name. It's a primary concept,
after all it's what we send over the wire for method calls and get back
for error returns.
Ludwig Nussel [Mon, 6 May 2024 13:55:16 +0000 (15:55 +0200)]
logind: implement maintenance time
Update frameworks that work automatically in the background
occasionally need to schedule reboots. Systemd-logind already
provides a nice mechanism to schedule shutdowns, send notfications
and block logins short before the time. Systemd has a framework for
calendar events, so we may conveniently use logind to define a
maintenance time for reboots.
The existing ScheduleShutdown DBus method in logind expects a usec_t
with an absolute time. Passing USEC_INFINITY as magic value now tells
logind to take the time from the configured maintenance time if set.
"shutdown -r" leverages that and uses the maintenance time
automatically if configured. The one minute default is still used if
nothing was specified.
Similarly the new 'auto' setting for the --when parameter of systemctl
uses the maintenance time if configured or a one minute timer like the
shutdown command.
Kamil Szczęk [Fri, 7 Jun 2024 11:22:49 +0000 (13:22 +0200)]
cryptenroll: support for enrolling FIDO2 tokens in manual mode
systemd-cryptsetup supports a FIDO2 mode with manual parameters, where
the user provides all the information necessary for recreating the
secret, such as: credential ID, relaying party ID and the salt. This
feature works great for implementing 2FA schemes, where the salt file
is for example a secret unsealed from the TPM or some other source.
While the unlocking part is quite straightforward to set up, enrolling
such a keyslot - not so easy. There is no clearly documented
way on how to set this up and online resources are scarce on this topic
too. By implementing a straightforward way to enroll such a keyslot
directly from systemd-cryptenroll we streamline the enrollment process
and reduce chances for user error when doing such things manually.
This is mostly intended as test case for the early enum comment bugfix,
as this Varlink IDL description now contains such comments, and
test-varlink-idl will process it forth and back aleady.
bootctl: normalize how we report no boot entries found
This normalizes how we report an empty list of boot entries in
ListBootEntries(). Our usual pattern is to return one item per method
call, but when there is none we usually return a NoSuchXYZ error. Do so
here too.
Before this we'd return a null item instead here, and only here.
This is a minor compat break, but given that this IPC interface is very
new and probably not used so far (we don't use it in our code at least,
and google doesn#t find any other use) I think this normalization is OK
at this point.
Yu Watanabe [Wed, 19 Jun 2024 16:33:51 +0000 (01:33 +0900)]
core/namespace: ensure private tmpfs is mounted earlier
And drop spurious assertion.
Fortunately, the previous logic worked, as /run/systemd/unit-private-tmp
is ordered earlier than /tmp or /var/tmp. But, let's ensure the tmpfs
mounted earlier to make the logic clearer.
sd-json: add sd_json_build() wrapper macro that implies SD_JSON_BUILD_OBJECT()
In 99% of uses of sd_json_build() we want to build an object as
outermost construct. Let's shorten this most common case a bit, by
adding sd_json_buildo() that implies this. This allows us to shorten
much of our code, all across the tree.
Even though we don't export json_log() in the public API, let's
officially make the SD_JSON_WARNING/SD_JSON_DEBUG that control its
effect in the public API.
After all, for our own dispatcher functions they have a nice effect, and
they are trivially reimplemented in user code independently.
(We might eventually consider exporting json_log() as public API, but
this is quite involved, given its use of macros/inline functions and
iternal logging API).
This mostly just swaps around the bit flags and cleans up comments.
Mike Yuan [Wed, 19 Jun 2024 16:59:15 +0000 (18:59 +0200)]
shared/install: propagate all errors in install_info_apply()
Currently, install_info_apply() only updates r if it's 0,
meaning that if one of the earlier install_info_symlink_alias/wants()
calls returns > 0, errors generated by later calls will be discarded.
Fix that.
projects / thirdparty / systemd.git / log
