Mike Yuan [Mon, 19 May 2025 19:06:17 +0000 (21:06 +0200)]
cgroup-util: modernize cg_get_keyed_attribute()
- assert on supplied keys being unique
- Reject duplicate attributes with -EBADMSG
- Rename 'ret_values' to just 'values', given we don't
allocate the array
- Remove now unused cg_get_keyed_attribute_graceful()
Daan De Meyer [Mon, 19 May 2025 12:49:43 +0000 (14:49 +0200)]
sd-varlink: Expose sd_varlink_idl_parse()
We're planning to do code generation based on the systemd varlink
APIs. To simplify this, let's expose the IDL parser, so we can use
it to do code generation instead of having to write our own IDL
parser.
unit_gc_sweep() might try to add the unit to gc queue again.
While that becomes no-op as Unit.in_gc_queue is not cleared
yet, it induces minor inconsistency of states.
Yu Watanabe [Tue, 13 May 2025 17:56:21 +0000 (02:56 +0900)]
units: kill only udev services and keep udev sockets on switching root
This also makes initrd-cleanup.service explicitly start
initrd-switch-root.service with replace-irreversibly mode, to avoid
systemd-udevd.service being triggered by kernel events and the start
job of initrd-switch-root.service being cancelled.
Those static functions were written to support optional output params, but they
are only ever called with the output param set, and it doesn't make sense to
ever call them without the output param. Since those are internal functions,
drop this unused complexity.
C automatically casts a signed int to unsigned in binary operation with an
unsigned int. Thus that suffix is not useful. Also surrounding code doesn't use
it.
src/boot: assume that intmax_t is the biggest integer
Same as in 81d7934882ae13c64d9b08d365a0baa011cb2fbb, intmax_t by definition is
the widest int. Strictly speaking, the check whether
sizeof(intmax_t) == sizeof(long long)
in the code below is redundant, but I think it's nicer to keep it for symmetry
with the other cases.
Requested in
https://github.com/systemd/systemd/pull/37442#pullrequestreview-2840906908.
Accept=yes has very valid usecases (i.e. for sporadically invoked
services) and strong benefits (i.e. better security because connections
can be sandboxed nicely, isolating them). Let's hence reword things and
stop claiming that Accept=yes was a legacy thing, because it really
isn't.
While message IDs are about more than catalog entries (they make
messages recognizable), I think it makes sense to document at least all
those messages that indicate problems with catalog entries, in an
attempt to be helpful to users.
Let's always make sure the temporary file returned by fopen_tmpfile()
and friends is removed on failure (via _cleanup_). Conversely, make sure
that once the file is renamed into its final place, we no longer try to
remove the temporary file (since it's not going to exist anymore).
The original rules file have some rules for a device that is now
deprecated and so, are not part of this change. AFAIU, 'plugdev' is also
a thing of the past and we now use 'uaccess' which should be given to
all ID_SOFTWARE_RADIO devices. So yeah, hopefully what I have here is
equivalent to the orginal .rules.
The request for this was done here:
https://github.com/analogdevicesinc/plutosdr-fw/issues/101
Luca Boccassi [Thu, 15 May 2025 11:09:03 +0000 (12:09 +0100)]
Update hwdb (#37470)
Update hwdb, even though we are pretty far from a release in order to:
- incrementally test upstream additions to hwdb
- allow backports to stable branches
Tommy Unger [Sat, 19 Apr 2025 01:57:26 +0000 (18:57 -0700)]
test: write file from systemd service in transient unit
This integration test demonstrates that a containerized systemd instance can
write to a bind mounted file observable to the host. Specifically, the bash
script uses systemd-run to start a systemd instance as a transient unit
container. This systemd-run command bind mounts a directory the container will
share with the host, and runs an internal service which creates and writes to a
file from the container's view of this directory. When finished writing, the
service runs the exit target, terminating the internal systemd instance, and
ending the lifetime of the container.
The script waits for the container to finish running, then verifies that the
expected file contents were written on the host side of the filesystem mount.
This test employs a workaround, creating an unmasked procfs mount on the host
which enables the privileged guest to create its own mounts internally. This
may indicate a systemd bug, as the privileged container should not rely on
the existence of an unmasked procfs on the host in order to mount its own
filesystems internally.
As usual, it seems to be mostly additions and corrections.
The last update was in 0d740f4bc0f03b773264ef75eaf1233ffc89c5b2, Dec 10th. I
think it's reasonable to update the hwdb more often. In particular, I want to
push an update to the stable branches, but it should be updated in 'main'
first.
core: name socket unit instances after the socket cookie
On linux sockets have a really good, unique identifier, the SO_COOKIE,
which is used by sockdiag and BPF and elsewhere. Let's expose this more
prominently in the service name of per-connection services invoked via
Accept=yes sockets.
This is really nice, because together with our $SO_COOKIE env var we can
now match up services, process execution contexts, and "ss" outputs, BPF
rules, and more.
Mike Yuan [Mon, 14 Apr 2025 12:07:59 +0000 (14:07 +0200)]
core: always enable CPU accounting
Our baseline is v5.4 and cgroup v2 is enforced now,
which means CPU accounting is cheap everywhere without
requiring any controller, hence just remove the directive.
Daan De Meyer [Wed, 14 May 2025 21:23:31 +0000 (23:23 +0200)]
userns-restrict: Move HAVE_VMLINUX check into functions
Let's do these checks like we try to do them elsewhere, in the
function, not outside. This avoids having to declare the function
arguments twice and keeps the logic for each function together
instead of spread out across the file.
Daan De Meyer [Wed, 14 May 2025 19:41:43 +0000 (21:41 +0200)]
networkd-util: Avoid call to endswith()
Instead of recalculating the length of the string again after
reading it, let's make sd_netlink_message_read_string() return the
length of the string that we then use to check if the last character
is a dot or not.
This allows us to get rid of the string-util.h include in #37344.
Luca Boccassi [Wed, 14 May 2025 19:02:34 +0000 (20:02 +0100)]
test: fix assertion failure with CONFIG_UNIX_DIAG disabled
On OBS the build VM is heavily locked down, with network
disabled in various ways in the custom kernel, to isolate the
build, including disabling CONFIG_UNIX_DIAG.
[ 456s] /* test_af_unix_get_qlen */
[ 456s] src/test/test-socket-netlink.c:393: Assertion failed: Expected "af_unix_get_qlen(unix_fd, &q)" to succeed, but got error: No such file or directory
[ 454s] /* test_sock_diag_unix */
[ 454s] src/libsystemd/sd-netlink/test-netlink.c:727: Assertion failed: Expected "sd_netlink_call(nl, message, 0, &reply)" to succeed, but got error: No such file or directory
Daan De Meyer [Wed, 14 May 2025 16:46:58 +0000 (18:46 +0200)]
capability-util: Ignore unknown capabilities instead of aborting
capability_quintet_mangle() can be called with capability sets
containing unknown capabilities. Let's not crash when this is the
case but instead ignore the unknown capabilities.
projects / thirdparty / systemd.git / log
