| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
test-hashmap is a very good test, but it gets in the way when one wants to
compile and quickly test changes.
|
| |
|
|
|
|
|
| |
- The list of dependencies has been changed
- Added upstream information about the new meson+ninja build system
|
|
|
|
|
|
|
|
| |
Upstream thinks, that the auto tools are too 'legacy', or that they
are at least no longer fitting.
We follow, as the classic auto tools files have been removed, so no
other choice here...
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
upstream does with systemd-login.
|
| |
|
|
|
|
|
|
| |
If manager_gc() does not find the user/session, their respective
finalize_*() method is never called, leaving stale state files in
/run/systemd/sessions and run/systemd/users.
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add -fuse-linker-plugin to work around odd compiler and binutils
installs. Should fix most "plugin needed to handle lto object"
issues.
- Read back whether LTO really has been enabled or not, so we can
display a status line at the end of configure.
- Only enforce gold linker if LTO has been enabled.
These checks can still be disabled with the --disable-lto option,
which will make configure to skip all checks regarding LTO.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 437a85112e02042b62751395b9e7225628c1b708.
The outcome of this isn't that clear, let's revert this for now, see
discussion on #6286.
|
|
|
|
|
|
|
|
|
| |
date (#6327)
This reverts 7635ab8e74ea4a94e81143c3077570a986df375c and makes parse_timestamp()
return -EINVAL if the input is older than 1970-01-01.
Fixes #6290.
|
|
|
|
| |
(#6326)
|
|
|
|
| |
Not that it matters IRL, but let's make this less surprising to read...
|
|
|
|
|
|
| |
When we compare two size values, let's make sure we cast from the
smaller to the bigger type first, if both types differ, rather than the
reverse in order to not run into overflows.
|
|
|
|
|
| |
strv_sort() predates qsort_safe(), but we can convert it to it to
save a few lines.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the input is older than "1970-01-01 UTC", then `parse_timestamp()`
fails and returns -EINVAL. However, if the input is e.g. `-100years`,
then the function succeeds and sets `usec = 0`.
This commit makes the function also succeed for old dates and set
`usec = 0`.
Fixes #6290.
|
|
|
|
|
|
|
| |
RootDirectory/RootImage/DynamicUser
Behaviour of the service is completely different with the option off, so the
service would probably mess up state on disk and do unexpected things.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
secure_getenv does not work when the process has a nonempty permitted
capability set, which means that it's unduly hard to configure logging in
elogind-logind, elogind-resolved, and others.
secure_getenv is useful for code in libraries which might get called from a
setuid application. log_parse_environment() is never called from our library
code, but directly form various top-level executables. None of them are
installed suid, and none are prepared to be used this way, since many
additional changes would be required to make that safe. We may just as well
drop the check and allow SYSTEMD_LOG_* to properly parsed.
Fixes #4900.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test_get_files_in_directory (#6288)
test_readlink_and_make_absolute switches to a temp directory, and then
removes it.
test_get_files_in_directory calls opendir(".") from a directory that has
been removed from the filesystem.
This call sequence triggers a bug in Gentoo's sandbox library. This
library attempts to resolve the "." to an absolute path, and aborts when
it ultimately fails to do so.
Re-ordering the calls works around the issue until the sandbox library
can be fixed to more gracefully deal with this.
Bug: https://bugs.gentoo.org/590084
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit 74dd6b515fa968c5710b396a7664cac335e25ca8 (core: run each system
service with a fresh session keyring) broke adding keys to user keyring.
Added keys could not be accessed with error message:
keyctl_read_alloc: Permission denied
So link the user keyring to our session keyring.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This extends 2d79a0bbb9f651656384a0a86ed814e6306fb5dd to the kernel
command line parsing.
The parsing is changed a bit to only understand "0" as infinity. If units are
specified, parse normally, e.g. "0s" is just 0. This makes it possible to
provide a zero timeout if necessary.
Simple test is added.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
|
|
|
|
|
|
| |
Including the full path is always useful.
Also use PID_FMT in one more place.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Like I said in the previous commit, such values do not seem to appear in normal
use, but it's pretty hard to prove that all paths to assign values properly
check that they contain no spaces. So just in case some slip through, replace
values with spaces (in case of single-valued properties) or spaces and newlines
(in case of array proprties) with "[unprintable]". We were already doing it
in case of properties which we didn't know how to print, so this fits in well.
The advantage is the previous code which used escaping that a) this is easier
to spot, b) does not mess up printing of properties which were properly escaped
already.
v2:
- add comments
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
end-of-line and end-of-item marks"
This reverts commit 27e9c5af817147ea1c678769e45e83f2e4b4ae96.
Property values already use escaping, so escaping them a second time is
confusing. It also should be mostly unnecessary: we take care to make property
values only contains strings which (after the initial escaping) are printable
and parseable without any futher escaping.
Before revert:
$ systemctl list-dependencies 'dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device'
dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
● ├─dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.swap
● └─elogind-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
$ systemctl show -p Wants,Requires 'dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device'
Requires=elogind-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
Wants=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.swap
Difference between systemctl show before revert and now:
-Slice=system-elogind\x5cx2dcryptsetup.slice
+Slice=system-elogind\x2dcryptsetup.slice
-Id=elogind-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
+Id=elogind-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
-Names=elogind-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
+Names=elogind-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
-Requires=system-elogind\x5cx2dcryptsetup.slice
+Requires=system-elogind\x2dcryptsetup.slice
-BindsTo=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device dev-disk-by\x5cx2duuid-8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device
+BindsTo=dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device dev-disk-by\x2duuid-8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
-RequiredBy=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device cryptsetup.target
+RequiredBy=dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device cryptsetup.target
-WantedBy=dev-disk-by\x5cx2duuid-8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device
+WantedBy=dev-disk-by\x2duuid-8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
|
| |
|
|
|
|
|
|
|
| |
It's not always clear when something is a remote connection, hence only
flag the obvious cases as local.
Fixes: #6207
|
|
|
|
|
|
|
| |
about
Let's check what keys are there, before we actually hang on to the
opened devices.
|
|
|
|
|
|
|
|
|
|
| |
Now that we have support for key/switch masking in logind, we can relax
the rules by which logind picks the devices to watch a bit, after all we
won't wake up anymore for every single event, but instead only the
events we actually care about.
This should make power/suspend keys on normal usb/atkbd keyboards just
work.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
interested in
This way logind will get woken up only when an actual event took place,
and not for every key press on the system.
The ioctl EVIOCSMASK was added by @dvdhrm already in October 2015, for
the use in logind, among others, hence let's actually make use of it
now.
While we are at it, also fix usage of the EVIOCGSW ioctl, where we
assumed a byte array, even though a unsigned long native endian array is
returned.
|
|
|
|
|
|
|
|
|
| |
Newer D-Bus versions implement the GetConnectionCredentials() driver
call to get all connection creds in one go. Make use of that to reduce
the number of bus calls we do.
When only a single credential field is queried we will still use the old
calls, which we'll also use if the new call isn't implemented.
|
|
|
|
|
|
|
|
|
|
|
|
| |
return the bus owner's credentials
The bus driver service is always implemented by the owner of the bus,
hence let's shortcut the credential operation and use our cached data.
This makes sure things simply work, given that dbus itself doesn't
support GetConnectionSELinuxSecurityContext() on the bus driver name
itself.
Fixes: #6120
|
|
|
|
|
|
|
|
|
|
|
|
| |
transient units
This patch is a bit more complex thant I hoped. In particular the single
IOScheduling= property exposed on the bus is split up into
IOSchedulingClass= and IOSchedulingPriority= (though compat is
retained). Otherwise the asymmetry between setting props and getting
them is a bit too nasty.
Fixes #5613
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During early boot, we'd call getrandom(), and immediately fall back to
reading from /dev/urandom unless we got the full requested number of bytes.
Those two sources are the same, so the most likely result is /dev/urandom
producing some pseudorandom numbers for us, complaining widely on the way.
Let's change our behaviour to be more conservative:
- if the numbers are only used to initialize a hash table, a short read is OK,
we don't really care if we get the first part of the seed truly random and
then some pseudorandom bytes. So just do that and return "success".
- if getrandom() returns -EAGAIN, fall back to rand() instead of querying
/dev/urandom again.
The idea with those two changes is to avoid generating a warning about
reading from an /dev/urandom when the kernel doesn't have enough entropy.
- only in the cases where we really need to make the best effort possible
(sd_id128_randomize and firstboot password hashing), fall back to
/dev/urandom.
When calling getrandom(), drop the checks whether the argument fits in an int —
getrandom() should do that for us already, and we call it with small arguments
only anyway.
Note that this does not really change the (relatively high) number of random
bytes we request from the kernel. On my laptop, during boot, PID 1 and all
other processes using this code through libelogind request:
74780 bytes with high_quality_required == false
464 bytes with high_quality_required == true
and it does not eliminate reads from /dev/urandom completely. If the kernel was
short on entropy and getrandom() would fail, we would fall back to /dev/urandom
for those 464 bytes.
When falling back to /dev/urandom, don't lose the short read we already got,
and just read the remaining bytes.
If getrandom() syscall is not available, we fall back to /dev/urandom same
as before.
Fixes #4167 (possibly partially, let's see).
|