From 28c5f029c2a0e11c9264a9779157e7bfdafacfbb Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Sat, 8 Mar 2025 20:04:17 +0100 Subject: [PATCH 01/37] core/main: log about save_env() error (cherry picked from commit eda75b2cb27f171130191d1613c04c9d5e929efd) (cherry picked from commit 551aee593050ef9219466db05e8d7ba195d19f9b) (cherry picked from commit cc0ef08a48e0cf775c45d0f88c6be7b4fa30cb14) (cherry picked from commit bc59217b1b6940a4319a4ec3dc99ebe220509249) (cherry picked from commit 0ebbae30d9ace8423911ad64016261112bc2551d) --- src/core/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/main.c b/src/core/main.c index f6c76ccdbe..014b6f4817 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -2730,7 +2730,7 @@ static int save_env(void) { l = strv_copy(environ); if (!l) - return -ENOMEM; + return log_oom(); strv_free_and_replace(saved_env, l); return 0; From 3dc5f5f8a664249184251d826dc04c2480fe3a1a Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 13 Mar 2025 11:43:46 +0100 Subject: [PATCH 02/37] manager: explicitly create our private runtime directory So far /run/systemd/ was created as side-effect of initializing the D-Bus client/server. But in one of the next commits we'll suppress connecting to D-Bus in test runs, hence let's move the logic our of the D-Bus code and into manager_startup(). Then, also drop creating it again and again in PID 1 at various places, and just rely on it to exist. (cherry picked from commit e75fbee6248736d2a71aa96438b495887ef761ea) (cherry picked from commit a4bb3316e0324c343a036a6fb87d57381af4b824) (cherry picked from commit d0c4baba4cff48415fae5f21d191e235279d9e21) (cherry picked from commit 61884a1b404d30f4f0537a699d678322ce5724c9) (cherry picked from commit 0314b251c55085add141bd626e25de08b4f525e8) --- src/core/core-varlink.c | 2 +- src/core/dbus.c | 2 -- src/core/manager.c | 25 ++++++++++++++++++++++--- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/src/core/core-varlink.c b/src/core/core-varlink.c index 556328fd22..d2cff4b944 100644 --- a/src/core/core-varlink.c +++ b/src/core/core-varlink.c @@ -500,7 +500,7 @@ static int manager_varlink_init_system(Manager *m) { bool fresh = r > 0; if (!MANAGER_IS_TEST_RUN(m)) { - (void) mkdir_p_label("/run/systemd/userdb", 0755); + (void) mkdir_label("/run/systemd/userdb", 0755); FOREACH_STRING(address, "/run/systemd/userdb/io.systemd.DynamicUser", VARLINK_ADDR_PATH_MANAGED_OOM_SYSTEM) { if (!fresh) { diff --git a/src/core/dbus.c b/src/core/dbus.c index 3268cc58a3..c650e61536 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -33,7 +33,6 @@ #include "fd-util.h" #include "fs-util.h" #include "log.h" -#include "mkdir-label.h" #include "process-util.h" #include "selinux-access.h" #include "serialize.h" @@ -940,7 +939,6 @@ int bus_init_private(Manager *m) { return log_error_errno(r, "Can't set path for AF_UNIX socket to bind to: %m"); sa_len = r; - (void) mkdir_parents_label(sa.un.sun_path, 0755); (void) sockaddr_un_unlink(&sa.un); fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); diff --git a/src/core/manager.c b/src/core/manager.c index ec07f3428f..dc07632d4f 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -305,7 +305,7 @@ static int manager_check_ask_password(Manager *m) { if (!m->ask_password_event_source) { assert(m->ask_password_inotify_fd < 0); - (void) mkdir_p_label("/run/systemd/ask-password", 0755); + (void) mkdir_label("/run/systemd/ask-password", 0755); m->ask_password_inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC); if (m->ask_password_inotify_fd < 0) @@ -946,7 +946,7 @@ int manager_new(LookupScope scope, ManagerTestRunFlags test_run_flags, Manager * r = xdg_user_runtime_dir(&units_path, "/systemd/units"); if (r < 0) return r; - r = mkdir_p_label(units_path, 0755); + r = mkdir_label(units_path, 0755); } if (r < 0 && r != -EEXIST) @@ -996,7 +996,6 @@ static int manager_setup_notify(Manager *m) { m->notify_socket); sa_len = r; - (void) mkdir_parents_label(m->notify_socket, 0755); (void) sockaddr_un_unlink(&sa.un); r = mac_selinux_bind(fd, &sa.sa, sa_len); @@ -1811,11 +1810,31 @@ void manager_reloading_stopp(Manager **m) { } } +static int manager_make_runtime_dir(Manager *m) { + int r; + + assert(m); + + _cleanup_free_ char *d = path_join(m->prefix[EXEC_DIRECTORY_RUNTIME], "systemd"); + if (!d) + return log_oom(); + + r = mkdir_label(d, 0755); + if (r < 0 && r != -EEXIST) + return log_error_errno(r, "Failed to create directory '%s/': %m", d); + + return 0; +} + int manager_startup(Manager *m, FILE *serialization, FDSet *fds, const char *root) { int r; assert(m); + r = manager_make_runtime_dir(m); + if (r < 0) + return r; + /* If we are running in test mode, we still want to run the generators, * but we should not touch the real generator directories. */ r = lookup_paths_init_or_warn(&m->lookup_paths, m->unit_file_scope, From b6c3944fcce8a1c26748b4eb5194a3d10024de4f Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 12 Mar 2025 18:19:34 +0100 Subject: [PATCH 03/37] analyze: don't connect to bus from analyze test run This thing should not be "live", hence don't try to connect to the bus, or bind the private bus socket. Fixes: #36540 (cherry picked from commit 71a737d68db8c8a72fdc076d0ec87f43d3ecd7a1) (cherry picked from commit b4565a757f858ec3b45fe44574b2cd7dc8f7ac90) (cherry picked from commit 071fd1744e2f3302e54f0e96db2a7cf10c0963ba) (cherry picked from commit ad180871acd3b42540e171b2daee3c1c5aaae780) (cherry picked from commit 45a1ae1bb65951957bc85f58bdbfbfbe740c20c6) --- src/core/manager.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/manager.c b/src/core/manager.c index dc07632d4f..f46c73f6ce 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -1734,6 +1734,9 @@ static bool manager_dbus_is_running(Manager *m, bool deserialized) { static void manager_setup_bus(Manager *m) { assert(m); + if (MANAGER_IS_TEST_RUN(m)) + return; + /* Let's set up our private bus connection now, unconditionally */ (void) bus_init_private(m); From 6ce0a5e1ea4a6ae83b4ad5a64d2378037dfa33d2 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Wed, 12 Mar 2025 17:51:39 +0100 Subject: [PATCH 04/37] getty-generator: don't use "3270!tty1" when instantiating serial-getty@.service on s390x Path of the 3270 console in /sys is "/sys/class/tty/3270!tty1" but its device node is "/dev/3270/tty1". (cherry picked from commit dbe61d9ec7d9c197856756378af6add930b5a5a9) (cherry picked from commit 23dc4450cddd5ee89d291600e226a3615b56a185) (cherry picked from commit 7b4d672e07747b1dd7f596248fc479088e4485ad) (cherry picked from commit 26bcf286cb757597d10e7b57d2dd7f50f4bab31e) (cherry picked from commit 0cc15e40c907ad1c5af984634afc05368b682806) --- src/getty-generator/getty-generator.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c index d255e90db5..16b6cc68c4 100644 --- a/src/getty-generator/getty-generator.c +++ b/src/getty-generator/getty-generator.c @@ -214,17 +214,17 @@ static int run(const char *dest, const char *dest_early, const char *dest_late) return r; } - /* Automatically add in a serial getty on the first virtualizer console */ + /* Automatically add a serial getty to each available virtualizer console. */ FOREACH_STRING(j, "hvc0", "xvc0", "hvsi0", "sclp_line0", "ttysclp0", - "3270!tty1") { + "3270/tty1") { _cleanup_free_ char *p = NULL; - p = path_join("/sys/class/tty", j); + p = path_join("/dev", j); if (!p) return -ENOMEM; if (access(p, F_OK) < 0) From 2000f6f225fcfaf8dcde80118d3400d212855c6b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 14 Mar 2025 11:43:07 +0100 Subject: [PATCH 05/37] udevadm: check number of passed arguments We didn't check the number of arguments first, hence ended up outputting some ugly complaints with `(null)` in a format string. And what's worse accepted any number of arguments, where we'd ignore all but the first two though. (cherry picked from commit e5dfe2cd8d32c3ddd3ca6763dbbe2d0ea2ab61aa) (cherry picked from commit 81b821d08ceb5feec4b879d59c194897a957eb5e) (cherry picked from commit 3fc144d45c37bddc930858953aeafb2062fe73c7) (cherry picked from commit cafcfa7c3776c01a8487c5d463752a9c8599a212) (cherry picked from commit d3ddf01f71d978434041cbe0d92b0e3ce1b4bf0f) --- src/udev/udevadm-test-builtin.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/udev/udevadm-test-builtin.c b/src/udev/udevadm-test-builtin.c index affa2f089b..6efe78d579 100644 --- a/src/udev/udevadm-test-builtin.c +++ b/src/udev/udevadm-test-builtin.c @@ -58,16 +58,11 @@ static int parse_argv(int argc, char *argv[]) { assert_not_reached(); } - arg_command = argv[optind++]; - if (!arg_command) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Command missing."); - - arg_syspath = argv[optind++]; - if (!arg_syspath) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "device is missing."); + if (argc != optind + 2) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Expected two arguments: command string and device path."); + arg_command = ASSERT_PTR(argv[optind]); + arg_syspath = ASSERT_PTR(argv[optind+1]); return 1; } From 72de28d59c7588adf6325e57a3ca8074250b0d94 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 17 Mar 2025 12:28:37 +0100 Subject: [PATCH 06/37] sd_bus_open_user_machine(): Don't shortcut without necessary env Don't shortcut if we don't have the necessary environment variables set in sd_bus_open_user_machine(). (cherry picked from commit 9e34c34b7b027da24b084a58246c1d88bdbcc817) (cherry picked from commit bd06aa555603f877774942dcda4664e8e44f21fd) (cherry picked from commit 71cca3e39c63038ace72be1cb3955a5546caf607) (cherry picked from commit 9ab7f1463438498f4a5fc7fb9931f51882e16f9b) (cherry picked from commit 688246adb961682170de65473cd7104c63a4bdb8) --- src/libsystemd/sd-bus/sd-bus.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index 39ba512d13..be5040c723 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -1719,8 +1719,10 @@ _public_ int sd_bus_open_user_machine(sd_bus **ret, const char *user_and_machine assert_return(user_and_machine, -EINVAL); assert_return(ret, -EINVAL); - /* Shortcut things if we'd end up on this host and as the same user. */ - if (user_and_machine_equivalent(user_and_machine)) + /* Shortcut things if we'd end up on this host and as the same user and have one of the necessary + * environment variables set already. */ + if (user_and_machine_equivalent(user_and_machine) && + (secure_getenv("DBUS_SESSION_BUS_ADDRESS") || secure_getenv("XDG_RUNTIME_DIR"))) return sd_bus_open_user(ret); r = user_and_machine_valid(user_and_machine); From c8d97375c9a9079fa852737e92f9d7e4d1a6ae70 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 19 Mar 2025 01:32:12 +0900 Subject: [PATCH 07/37] initctl: fix error handling Fixes a bug introduced by cc090ca7fec93cd6b41bd7a756cd5fe32df44764 (v246). (cherry picked from commit 59cb9b12abc7efb714d15d357c96bd86ef2ddafc) (cherry picked from commit 8e6fa4e7c61f928510ba176c2d3e05f6c7d0a895) (cherry picked from commit 7e7c3bdf9cee7226ff9c5fd8b1dd474bcb8127d0) (cherry picked from commit a5bea0c25b52a711f07837d18e9989fcb7c3ed14) (cherry picked from commit 0371e186bb4b325903c814d48c371b66b5cda52d) --- src/initctl/initctl.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/initctl/initctl.c b/src/initctl/initctl.c index 0882570a66..0a0c8ce2e9 100644 --- a/src/initctl/initctl.c +++ b/src/initctl/initctl.c @@ -325,8 +325,7 @@ static int run(int argc, char *argv[]) { n = sd_listen_fds(true); if (n < 0) - return log_error_errno(errno, - "Failed to read listening file descriptors from environment: %m"); + return log_error_errno(n, "Failed to read listening file descriptors from environment: %m"); if (n <= 0 || n > SERVER_FD_MAX) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), From 78dcb0ba26bd143ba1fec2fa095415811143c8f3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 19 Mar 2025 16:54:27 +0100 Subject: [PATCH 08/37] cgroup: whenever we migrate a PID to a unit, explicitly drop unit from empty notification queue A unit might be pending in the empty queue still when we add a PID to the cgroup. At that point, let's explicitly remove the unit from that queue. Fixes: #36781 (cherry picked from commit bb160976b0d2d84d3b23149ce6a4d5b89a665643) (cherry picked from commit 13b011f0e84bd30d524a10e0dd839b508b8e0011) (cherry picked from commit c834d98ddfb568a26ee4920b7431d384cbcbb069) (cherry picked from commit cc0764c291f3592b42834274cc8908f2661ae233) (cherry picked from commit f94de79f7da3309b517fc4ce0a5d061a30638c65) --- src/core/cgroup.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/core/cgroup.c b/src/core/cgroup.c index a33fbeb667..925aea0ca0 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -51,6 +51,8 @@ * out specific attributes from us. */ #define LOG_LEVEL_CGROUP_WRITE(r) (IN_SET(abs(r), ENOENT, EROFS, EACCES, EPERM) ? LOG_DEBUG : LOG_WARNING) +static void unit_remove_from_cgroup_empty_queue(Unit *u); + uint64_t tasks_max_resolve(const TasksMax *tasks_max) { if (tasks_max->scale == 0) return tasks_max->value; @@ -2423,6 +2425,10 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { else { if (ret >= 0) ret++; /* Count successful additions */ + + /* the cgroup is definitely not empty now, in case the unit was in + * the cgroup empty queue, drop it from there */ + unit_remove_from_cgroup_empty_queue(u); continue; /* When the bus thing worked via the bus we are fully done for this PID. */ } } @@ -2431,8 +2437,10 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { ret = r; /* Remember first error */ continue; - } else if (ret >= 0) + } else if (ret >= 0) { + unit_remove_from_cgroup_empty_queue(u); ret++; /* Count successful additions */ + } r = cg_all_unified(); if (r < 0) From b09cda6d4860a29091a1f82cc600cf933949c9d2 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 13 Mar 2025 12:11:40 +0900 Subject: [PATCH 09/37] TEST-73-LOCALE: do not unnecessarily restart systemd-localed It is not necessary to clear previous keymap assignment, as `localectl set-keymap` will anyway overwrite the previous assignment. This drops the unnecessary restart of systemd-localed in the loop. The mkosi test image contains about 500~700 keymaps. The test performance is greatly improved by reducing the number of restarts, especially when the test is running with sanitizers. On Fedora 41 with sanitizers, Before: 1/1 systemd:integration-tests / TEST-73-LOCALE OK 1157.50s After: 1/1 systemd:integration-tests / TEST-73-LOCALE OK 104.43s (cherry picked from commit d8a353552a924592d41a1538ee95d516c9facf30) (cherry picked from commit 614a284f472c0f162f1ea93092c1b03646138f0b) (cherry picked from commit 593df05716174359dfc2d861fabed6e304974a1e) (cherry picked from commit 7aa1a971081d29aa1d8306e8c3c953f77976b71d) (cherry picked from commit 1002b855246a55b0a4ff6600851a08b3ae2783f7) --- test/units/testsuite-73.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/test/units/testsuite-73.sh b/test/units/testsuite-73.sh index 0f0dda884b..34cb941f93 100755 --- a/test/units/testsuite-73.sh +++ b/test/units/testsuite-73.sh @@ -237,11 +237,6 @@ test_vc_keymap() { assert_in "VC Keymap:" "$(localectl)" for i in $(localectl list-keymaps); do - # clear previous conversion from VC -> X11 keymap - systemctl stop systemd-localed.service - wait_vconsole_setup - rm -f /etc/vconsole.conf /etc/X11/xorg.conf.d/00-keyboard.conf /etc/default/keyboard - # set VC keymap assert_rc 0 localectl set-keymap "$i" output=$(localectl) From 251081f9eacc65ba81787f1536627d6418af4d63 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 21 Mar 2025 17:38:26 +0100 Subject: [PATCH 10/37] core: fix C type handler for ExitCode property (cherry picked from commit 0b0cb6f33d0c1256e8cc2b77ab361b55ac911105) (cherry picked from commit aba08e3edb180b620e5152cdbc2bd8922adc8680) (cherry picked from commit 6300dc3179a9f5657b755e38e2ddc96d9499a4dc) (cherry picked from commit 0bc549f7faa6f0a6a3ebfede0c978483ecd15e0e) (cherry picked from commit 17295b61f79be0a699b420959e07b808103cbb4f) --- src/core/dbus-manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index cffd2ebcb1..b72cf8cdf8 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -2927,7 +2927,7 @@ const sd_bus_vtable bus_manager_vtable[] = { SD_BUS_WRITABLE_PROPERTY("ServiceWatchdogs", "b", bus_property_get_bool, bus_property_set_bool, offsetof(Manager, service_watchdogs), 0), SD_BUS_PROPERTY("ControlGroup", "s", NULL, offsetof(Manager, cgroup_root), 0), SD_BUS_PROPERTY("SystemState", "s", property_get_system_state, 0, 0), - SD_BUS_PROPERTY("ExitCode", "y", bus_property_get_unsigned, offsetof(Manager, return_value), 0), + SD_BUS_PROPERTY("ExitCode", "y", NULL, offsetof(Manager, return_value), 0), SD_BUS_PROPERTY("DefaultTimerAccuracyUSec", "t", bus_property_get_usec, offsetof(Manager, default_timer_accuracy_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("DefaultTimeoutStartUSec", "t", bus_property_get_usec, offsetof(Manager, default_timeout_start_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("DefaultTimeoutStopUSec", "t", bus_property_get_usec, offsetof(Manager, default_timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST), From 0ee68bfc4f42bbf46a408dcfa5acd71e37760795 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Mon, 24 Mar 2025 18:25:29 +0000 Subject: [PATCH 11/37] man: fix typo in org.freedesktop.systemd1.xml (cherry picked from commit b065ff03b1e9a6409d0e4fec10e3b802cc067e8b) (cherry picked from commit 694aa0115d77e41dbda80891d8a4b766313adfae) (cherry picked from commit 00e48cb057cff5caa84ba532e67004faa25310fe) (cherry picked from commit 5959e2f2cba357329c9a4a21bf9a7b085d36c67a) (cherry picked from commit b92a512b419bbb5ffde385c2824fa0a584a73b4c) --- man/org.freedesktop.systemd1.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 62c807925a..fa4b3df340 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -8077,7 +8077,7 @@ node /org/freedesktop/systemd1/unit/systemd_2dtmpfiles_2dclean_2etimer { elapsation point on the CLOCK_REALTIME clock, relative to its epoch. NextElapseUSecRealtime contains the next elapsation point on the - CLOCK_REALTIME clock in miscroseconds since the epoch, or 0 if this timer event + CLOCK_REALTIME clock in microseconds since the epoch, or 0 if this timer event does not include at least one calendar event. Similarly, NextElapseUSecMonotonic contains the next elapsation point on the From 99b6cfe1de47d1c094f6fe08e2c52176ae7f17ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 24 Mar 2025 22:04:04 +0100 Subject: [PATCH 12/37] man/systemd-remount-fs: fix grammar (cherry picked from commit 7a468f277b217b8bf25fca89706364afa99e376c) (cherry picked from commit 2a35f220477ca655d1f49f119348e3f216405d54) (cherry picked from commit 47315320d5e165437eb63570c22557c72e09079b) (cherry picked from commit d7a20c4b0a7c7a860b3327fd22326713cf296312) (cherry picked from commit 4d6bfa3261fc71dd575dc6c85c58fedac13b0083) --- man/systemd-remount-fs.service.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd-remount-fs.service.xml b/man/systemd-remount-fs.service.xml index 266db88461..4c772fb034 100644 --- a/man/systemd-remount-fs.service.xml +++ b/man/systemd-remount-fs.service.xml @@ -51,7 +51,7 @@ Note: systemd-remount-fs.service is usually pulled in by systemd-fstab-generator8, hence it is also affected by the kernel command line option fstab=, which may be used - to disable the generator. It may also pulled in by + to disable the generator. It may also be pulled in by systemd-gpt-auto-generator8, which is affected by systemd.gpt_auto and other options. From 114a1eafdd8239915a7b7d5b73a40366a5340d86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 25 Mar 2025 10:40:12 +0100 Subject: [PATCH 13/37] man/systed.swap: update description of implicit deps This changed in e3e6f996894f0eea0e766b4194922f5c7235fb01. Closes https://github.com/systemd/systemd/issues/36761. (cherry picked from commit 4dd94e5ba1de7e3aa732176e0b60d94aec50c05e) (cherry picked from commit 65b3d7f08a8ecf66164eaafba9e467e558e4cf59) (cherry picked from commit faa5d159df0b19ff03fcf6928a80a2e4d01011ae) (cherry picked from commit b4f19201029831cde8a30ad0c743c90d827ab309) (cherry picked from commit aa6fbe3407ab7bf7046f3e2b78fa69e67b13c33b) --- man/systemd.swap.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd.swap.xml b/man/systemd.swap.xml index 8287382eb6..e0b323af54 100644 --- a/man/systemd.swap.xml +++ b/man/systemd.swap.xml @@ -72,7 +72,7 @@ All swap units automatically get the - BindsTo= and After= + Requires= and After= dependencies on the device units or the mount units of the files they are activated from. From 0a38596d502aeb06d5ad4f8338ff393584354d9f Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 31 Mar 2025 11:51:38 +0200 Subject: [PATCH 14/37] homed: don't log error we don't have (cherry picked from commit 521b6bb1177b534db6cab28c889e6550680517c4) (cherry picked from commit 03605d767ffcd446da876a97de967d4d8b56272c) (cherry picked from commit 92d03c858c59b94d13049ff04da2135c1f22c4dd) (cherry picked from commit a3549e26eea044a10aba6a180d24dac0b7b0ecb1) (cherry picked from commit ed552a030fd5d08f17257cee0824d95e4de31724) --- src/home/homed-manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c index 0c8f78b702..007d21ae2c 100644 --- a/src/home/homed-manager.c +++ b/src/home/homed-manager.c @@ -543,7 +543,7 @@ static int search_quota(uid_t uid, const char *exclude_quota_path) { if ((FLAGS_SET(req.dqb_valid, QIF_SPACE) && req.dqb_curspace > 0) || (FLAGS_SET(req.dqb_valid, QIF_INODES) && req.dqb_curinodes > 0)) { - log_debug_errno(errno, "Quota reports UID " UID_FMT " occupies disk space on %s.", uid, where); + log_debug("Quota reports UID " UID_FMT " occupies disk space on %s.", uid, where); return 1; } } From 3e0a65d0d1c7149a81e5d5ab6fc6b5c6ea4c218d Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sat, 29 Mar 2025 17:55:45 +0000 Subject: [PATCH 15/37] test: skip TEST-75-RESOLVED if resolved is disabled at build time (cherry picked from commit 75b16ac59ed25d6aad77d5a39022476312fb3349) (cherry picked from commit 0a0e4d9bf5817d8f9a36d8dbb4a0d8eaad43dc82) (cherry picked from commit f084ad2db957830f1bda55c0befa3c4780d08ed9) (cherry picked from commit 76a9c2aa6b1e9775370000f5a02c257f80c68352) (cherry picked from commit 63827f0b90c51ccd2a66ed80e85d10990b44b078) --- test/units/testsuite-75.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh index 7c23632db9..c074cd0325 100755 --- a/test/units/testsuite-75.sh +++ b/test/units/testsuite-75.sh @@ -16,6 +16,11 @@ set -o pipefail : >/failed +if ! command -v resolvectl >/dev/null || ! command -v networkctl >/dev/null; then + echo "resolved/networkd not found, skipping..." | tee --append /skipped + exit 77 +fi + RUN_OUT="$(mktemp)" run() { From 53fadb0f48367a89529361ab001b07cc2239dc14 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sat, 29 Mar 2025 17:56:04 +0000 Subject: [PATCH 16/37] test: skip networkd tests if networkd/resolved are disabled at build time (cherry picked from commit da2498352635921621a636014fee0547c53058b2) (cherry picked from commit 88a0d3dfcb7f5769ac1b1add3d66d9699252dfe0) (cherry picked from commit 37ada4a1f5cfd1ca191e228a0ece01a2035126d4) (cherry picked from commit a61f73231f39c363df4088ff41d07e08091bd1fe) (cherry picked from commit 78697aaa0c8b766d3980f6bd4efbaf77eac52e46) --- test/networkd-test.py | 6 ++++++ test/test-network/systemd-networkd-tests.py | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/test/networkd-test.py b/test/networkd-test.py index 349213d831..76c1331ab6 100755 --- a/test/networkd-test.py +++ b/test/networkd-test.py @@ -47,6 +47,12 @@ def setUpModule(): global tmpmounts """Initialize the environment, and perform sanity checks on it.""" + + if shutil.which('networkctl') is None: + raise unittest.SkipTest('networkd not installed') + if shutil.which('resolvectl') is None: + raise unittest.SkipTest('resolved not installed') + if NETWORKD_WAIT_ONLINE is None: raise OSError(errno.ENOENT, 'systemd-networkd-wait-online not found') diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index d1d4762235..12d56413db 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -5892,6 +5892,10 @@ def test_mtu_link_ipv6_mtu(self): if not os.path.exists(os.path.join(systemd_source_dir, "meson_options.txt")): raise RuntimeError(f"{systemd_source_dir} doesn't appear to be a systemd source tree") + if networkd_bin is None or resolved_bin is None or timesyncd_bin is None: + print("networkd tests require networkd/resolved/timesyncd to be enabled") + sys.exit(77) + use_valgrind = ns.use_valgrind enable_debug = ns.enable_debug asan_options = ns.asan_options From f332d3d902f37f5119c0b4fb4497a18d6d445c83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Apr 2025 13:51:21 +0200 Subject: [PATCH 17/37] test-sd-device: limit the number of iterations when testing device parent/child functions The test "hangs" and times out on some arm64 machines. It actually works as expected, but the machine has 2016 children under /sys/devices/system/memory/, and the tests do a double loop over this, which is slow enough to hit the 120 s limit. Add a limit on the number of iterations. Another option would be to exclude "memory" subsystem. But we may have other subsystems which have the same problem in the future, so I think it'll be more robust to not try to limit the fix to a specific subsystem. (cherry picked from commit 74cb65e45fbf3468cf6b522e4b4fa568d95f12c6) (cherry picked from commit e35435b0a11e6c61c8c43b0cf8dc65a563b4a670) (cherry picked from commit 1f71726206006ff18ea0f96b109faff37dcc48f2) (cherry picked from commit d05d968f28eee3b6b23a0cb870258821ff52cb6b) (cherry picked from commit 02b927ee3b069a737d8c8917a717c1189a70ef02) --- src/libsystemd/sd-device/test-sd-device.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c index 8c6d59e040..030e214701 100644 --- a/src/libsystemd/sd-device/test-sd-device.c +++ b/src/libsystemd/sd-device/test-sd-device.c @@ -430,6 +430,8 @@ static void check_parent_match(sd_device_enumerator *e, sd_device *dev) { TEST(sd_device_enumerator_add_match_parent) { _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; sd_device *dev; + /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ + unsigned iterations = 200; int r; assert_se(sd_device_enumerator_new(&e) >= 0); @@ -447,6 +449,9 @@ TEST(sd_device_enumerator_add_match_parent) { const char *syspath; sd_device *parent; + if (iterations-- == 0) + break; + assert_se(sd_device_get_syspath(dev, &syspath) >= 0); r = sd_device_get_parent(dev, &parent); @@ -476,6 +481,8 @@ TEST(sd_device_enumerator_add_match_parent) { TEST(sd_device_get_child) { _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; sd_device *dev; + /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ + unsigned iterations = 3000; int r; assert_se(sd_device_enumerator_new(&e) >= 0); @@ -509,6 +516,9 @@ TEST(sd_device_get_child) { FOREACH_DEVICE_CHILD_WITH_SUFFIX(parent, child, suffix) { const char *s; + if (iterations-- == 0) + return; + assert_se(child); assert_se(suffix); From 513af7428ab40887d29e5743971d791d4cd3b78c Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Mon, 7 Apr 2025 20:55:41 +0100 Subject: [PATCH 18/37] test: switch to new config keyword for bind9 >= 9.21 bind9 9.21 removed the deprecated 'managed-keys', swap it with 'trust-anchors' if the version is 9.21 or newer [ 20.654086] TEST-75-RESOLVED.sh[1217]: + delv -a /etc/bind.keys @ns1.unsigned.test signed.test [ 20.654425] TEST-75-RESOLVED.sh[1218]: + tee /tmp/tmp.D4LNomAKqY [ 20.672599] TEST-75-RESOLVED.sh[1218]: ;; /etc/bind.keys:1: option 'managed-keys' no longer exists (cherry picked from commit 5f8e5297b4699922aa003353ac1db6559805301f) (cherry picked from commit 85df0981b27c59649fa75916ba1efb4fe820a4dd) (cherry picked from commit 80d4bc9577d8f3fda68e3eb25d4dba8cb8ba47f0) (cherry picked from commit 80d9d3778f788761e3f1821427dbc5e73dbb8deb) (cherry picked from commit 161a1c4fcb6205d12f97f90bc5ebbddc96a7676c) --- test/units/testsuite-75.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh index c074cd0325..dbf95a9074 100755 --- a/test/units/testsuite-75.sh +++ b/test/units/testsuite-75.sh @@ -222,10 +222,13 @@ keymgr . generate algorithm=ECDSAP256SHA256 ksk=yes zsk=yes # Create a trust anchor for resolved with our root zone keymgr . ds | sed 's/ DS/ IN DS/g' >/etc/dnssec-trust-anchors.d/root.positive # Create a bind-compatible trust anchor (for delv) -# Note: the trust-anchors directive is relatively new, so use the original -# managed-keys one until it's widespread enough +# Note: managed-keys was removed in version 9.21, use the newer trust-anchors directive { - echo 'managed-keys {' + if systemd-analyze compare-versions "$(delv -v | awk '{print $2}')" ge 9.21; then + echo 'trust-anchors {' + else + echo 'managed-keys {' + fi keymgr . dnskey | sed -r 's/^\. DNSKEY ([0-9]+ [0-9]+ [0-9]+) (.+)$/. static-key \1 "\2";/g' echo '};' } >/etc/bind.keys From 3d922852642b153a0451c9b844d4e3e15e34f2ef Mon Sep 17 00:00:00 2001 From: kmeaw Date: Sun, 30 Mar 2025 13:08:38 +0100 Subject: [PATCH 19/37] shared/calendarspec: fix normalization when DST is negative When trying to calculate the next firing of 'hourly', we'd lose the tm_isdst value on the next iteration. On most systems in Europe/Dublin it would cause a 100% cpu hang due to timers restarting. This happens in Europe/Dublin because Ireland defines the Irish Standard Time as UTC+1, so winter time is encoded in tzdata as negative 1 hour of daylight saving. Before this patch: $ env TZ=IST-1GMT-0,M10.5.0/1,M3.5.0/1 systemd-analyze calendar --base-time='Sat 2025-03-29 22:00:00 UTC' --iterations=5 'hourly' Original form: hourly Normalized form: *-*-* *:00:00 Next elapse: Sat 2025-03-29 23:00:00 GMT (in UTC): Sat 2025-03-29 23:00:00 UTC From now: 13h ago Iteration #2: Sun 2025-03-30 00:00:00 GMT (in UTC): Sun 2025-03-30 00:00:00 UTC From now: 12h ago Iteration #3: Sun 2025-03-30 00:00:00 GMT <-- note every next iteration having the same firing time (in UTC): Sun 2025-03-30 00:00:00 UTC From now: 12h ago ... With this patch: $ env TZ=IST-1GMT-0,M10.5.0/1,M3.5.0/1 systemd-analyze calendar --base-time='Sat 2025-03-29 22:00:00 UTC' --iterations=5 'hourly' Original form: hourly Normalized form: *-*-* *:00:00 Next elapse: Sat 2025-03-29 23:00:00 GMT (in UTC): Sat 2025-03-29 23:00:00 UTC From now: 13h ago Iteration #2: Sun 2025-03-30 00:00:00 GMT (in UTC): Sun 2025-03-30 00:00:00 UTC From now: 12h ago Iteration #3: Sun 2025-03-30 02:00:00 IST <-- the expected 1 hour jump (in UTC): Sun 2025-03-30 01:00:00 UTC From now: 11h ago ... This bug isn't reproduced on Debian and Ubuntu because they mitigate it by using the rearguard version of tzdata. ArchLinux and NixOS don't, so it would cause pid1 to spin during DST transition. This is how the affected tzdata looks like: $ zdump -V -c 2024,2025 Europe/Dublin Europe/Dublin Sun Mar 31 00:59:59 2024 UT = Sun Mar 31 00:59:59 2024 GMT isdst=1 gmtoff=0 Europe/Dublin Sun Mar 31 01:00:00 2024 UT = Sun Mar 31 02:00:00 2024 IST isdst=0 gmtoff=3600 Europe/Dublin Sun Oct 27 00:59:59 2024 UT = Sun Oct 27 01:59:59 2024 IST isdst=0 gmtoff=3600 Europe/Dublin Sun Oct 27 01:00:00 2024 UT = Sun Oct 27 01:00:00 2024 GMT isdst=1 gmtoff=0 Compare it to Europe/London: $ zdump -V -c 2024,2025 Europe/London Europe/London Sun Mar 31 00:59:59 2024 UT = Sun Mar 31 00:59:59 2024 GMT isdst=0 gmtoff=0 Europe/London Sun Mar 31 01:00:00 2024 UT = Sun Mar 31 02:00:00 2024 BST isdst=1 gmtoff=3600 Europe/London Sun Oct 27 00:59:59 2024 UT = Sun Oct 27 01:59:59 2024 BST isdst=1 gmtoff=3600 Europe/London Sun Oct 27 01:00:00 2024 UT = Sun Oct 27 01:00:00 2024 GMT isdst=0 gmtoff=0 Fixes #32039. (cherry picked from commit e4bb033e2fcea504f7496df90be7a3556fcea44b) (cherry picked from commit 07c01efc82d4a239ef0d14da54d36053294ad203) There were some conflicts related to the skipping of 6f5cf41570776f489967d1a7de18260b2bc9acf9, but the tests pass with and the example output above also looks good, so I think the backport is correct. (cherry picked from commit 1568dea89ebb84ed2c9cf8c45aaf90c07858cbc0) (cherry picked from commit f3dc34ec87344f796836ef3b4a98d5e2e099fa14) (cherry picked from commit 2230a5de76081cd2f1532bc8a454cc374d37bc23) --- src/shared/calendarspec.c | 48 +++++++++++++++++++++++++++++++++--- src/test/test-calendarspec.c | 4 ++- 2 files changed, 48 insertions(+), 4 deletions(-) diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c index 86a6d3f608..2a9d6811d4 100644 --- a/src/shared/calendarspec.c +++ b/src/shared/calendarspec.c @@ -1239,14 +1239,43 @@ static bool matches_weekday(int weekdays_bits, const struct tm *tm, bool utc) { return (weekdays_bits & (1 << k)); } +static int tm_compare(const struct tm *t1, const struct tm *t2) { + int r; + + assert(t1); + assert(t2); + + r = CMP(t1->tm_year, t2->tm_year); + if (r != 0) + return r; + + r = CMP(t1->tm_mon, t2->tm_mon); + if (r != 0) + return r; + + r = CMP(t1->tm_mday, t2->tm_mday); + if (r != 0) + return r; + + r = CMP(t1->tm_hour, t2->tm_hour); + if (r != 0) + return r; + + r = CMP(t1->tm_min, t2->tm_min); + if (r != 0) + return r; + + return CMP(t1->tm_sec, t2->tm_sec); +} + /* A safety valve: if we get stuck in the calculation, return an error. * C.f. https://bugzilla.redhat.com/show_bug.cgi?id=1941335. */ #define MAX_CALENDAR_ITERATIONS 1000 static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) { struct tm c; - int tm_usec; - int r; + int tm_usec, r; + bool invalidate_dst = false; /* Returns -ENOENT if the expression is not going to elapse anymore */ @@ -1259,7 +1288,8 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) { for (unsigned iteration = 0; iteration < MAX_CALENDAR_ITERATIONS; iteration++) { /* Normalize the current date */ (void) mktime_or_timegm(&c, spec->utc); - c.tm_isdst = spec->dst; + if (!invalidate_dst) + c.tm_isdst = spec->dst; c.tm_year += 1900; r = find_matching_component(spec, spec->year, &c, &c.tm_year); @@ -1349,6 +1379,18 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) { if (r == 0) continue; + r = tm_compare(tm, &c); + if (r == 0) { + assert(tm_usec + 1 <= 1000000); + r = CMP(*usec, (usec_t) tm_usec + 1); + } + if (r >= 0) { + /* We're stuck - advance, let mktime determine DST transition and try again. */ + invalidate_dst = true; + c.tm_hour++; + continue; + } + *tm = c; *usec = tm_usec; return 0; diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c index 0fcf35bd65..840f118577 100644 --- a/src/test/test-calendarspec.c +++ b/src/test/test-calendarspec.c @@ -48,7 +48,7 @@ static void _test_next(int line, const char *input, const char *new_tz, usec_t a if (old_tz) old_tz = strdupa_safe(old_tz); - if (!isempty(new_tz)) + if (!isempty(new_tz) && !strchr(new_tz, ',')) new_tz = strjoina(":", new_tz); assert_se(set_unset_env("TZ", new_tz, true) == 0); @@ -225,6 +225,8 @@ TEST(calendar_spec_next) { /* Check that we don't start looping if mktime() moves us backwards */ test_next("Sun *-*-* 01:00:00 Europe/Dublin", "", 1616412478000000, 1617494400000000); test_next("Sun *-*-* 01:00:00 Europe/Dublin", "IST", 1616412478000000, 1617494400000000); + /* Europe/Dublin TZ that moves DST backwards */ + test_next("hourly", "IST-1GMT-0,M10.5.0/1,M3.5.0/1", 1743292800000000, 1743296400000000); } TEST(calendar_spec_from_string) { From ee2acbcfa8ae529bcdf776d981f2014a17024821 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 11 Apr 2025 09:11:05 +0900 Subject: [PATCH 20/37] locale-util: fix argument for munmap() (cherry picked from commit 90abb64fd508e8efd937178b3379a62ac97b49ec) (cherry picked from commit 445b4931807089bb7c7b12a8b09f3a580f63f643) (cherry picked from commit 7aba5ce344592df9bb59c36695a35fcab580df34) (cherry picked from commit 4c4d6537539d60254d8fcee5f20072a1485b3209) (cherry picked from commit 881ddcc42b4c9133b2f50d7152f871abd19d1ec0) --- src/basic/locale-util.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c index 84ad7a9dc1..595244dca8 100644 --- a/src/basic/locale-util.c +++ b/src/basic/locale-util.c @@ -97,7 +97,6 @@ static int add_locales_from_archive(Set *locales) { const struct namehashent *e; const void *p = MAP_FAILED; _cleanup_close_ int fd = -EBADF; - size_t sz = 0; struct stat st; int r; @@ -154,9 +153,9 @@ static int add_locales_from_archive(Set *locales) { r = 0; - finish: +finish: if (p != MAP_FAILED) - munmap((void*) p, sz); + munmap((void*) p, st.st_size); return r; } From bc1432e230bf86ded3dd106964785f4eba766412 Mon Sep 17 00:00:00 2001 From: igo95862 Date: Sun, 20 Apr 2025 16:14:23 +0100 Subject: [PATCH 21/37] man/sd_bus_emit_signal: Fix extra const for strv functions The functions `sd_bus_emit_interfaces_added_strv`, `sd_bus_emit_interfaces_removed_strv` and `sd_bus_emit_properties_changed_strv` take an `char **` not `const char **` as last argument. See `src/systemd/sd-bus.h` for the function definition. (cherry picked from commit 3f75684028da5e5e035e51bde773b77e135be26a) (cherry picked from commit 196a1c3ccb81033e1b54076ba984bfbbbe0dd9de) (cherry picked from commit 62a63713776037a1e054be1c7bd4aa1e7de4fa3d) (cherry picked from commit 26ef8b8daacca365d37998ccdc80a3a1b303ad0d) (cherry picked from commit 86689df36102b2c7a422860cd285354643cca20c) --- man/sd_bus_emit_signal.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/man/sd_bus_emit_signal.xml b/man/sd_bus_emit_signal.xml index 52d08b7a92..7114ff2f2b 100644 --- a/man/sd_bus_emit_signal.xml +++ b/man/sd_bus_emit_signal.xml @@ -91,7 +91,7 @@ int sd_bus_emit_interfaces_added_strv sd_bus *bus const char *path - const char **interfaces + char **interfaces @@ -106,7 +106,7 @@ int sd_bus_emit_interfaces_removed_strv sd_bus *bus const char *path - const char **interfaces + char **interfaces @@ -123,7 +123,7 @@ sd_bus *bus const char *path const char *interface - const char **names + char **names From fa594d014594ff02cad0d14ba8053e31e2b1d08d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 21 Apr 2025 05:30:09 +0900 Subject: [PATCH 22/37] man/systemctl: list-sockets command sorts the result This updates the example output of list-sockets command. (cherry picked from commit f7586abfe0ea4c0fa63819148a770851d84506c8) (cherry picked from commit fc078eda7b0a53e0bac3450101c2a6027a6220f5) (cherry picked from commit f3b35f7daa52038cdcaadb227d8a8e4927f96556) (cherry picked from commit e648626a6dc77d2ef502be4ecaa62b34ef8c5024) (cherry picked from commit 61549c5ddccdeb8c40d5ccc4dc802f41c2e51546) --- man/systemctl.xml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/man/systemctl.xml b/man/systemctl.xml index 1625427f9f..61594c6db1 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -139,10 +139,9 @@ binfmt_misc /proc/sys/fs/binfmt_misc yes 0 proc-sys-fs-binfmt_mis shown. Produces output similar to LISTEN UNIT ACTIVATES -/dev/initctl systemd-initctl.socket systemd-initctl.service -… -[::]:22 sshd.socket sshd.service kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service +/dev/rfkill systemd-rfkill.socket systemd-rfkill.service +… 5 sockets listed. Note: because the addresses might contains spaces, this output From 6b42c72ef3d3cbcb25b51e5bd4101160a1318e69 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 21 Apr 2025 10:50:57 +0900 Subject: [PATCH 23/37] man/systemd: fix mapping from SysV runlevel to actual target name See runlevel_to_target() in src/shared/unit-file.c. (cherry picked from commit 70fd998c40649c898b98b413517c142991a29657) (cherry picked from commit 9e2a25fad629dd9d676c829b8b15e76bda6b5460) (cherry picked from commit 8fc23b469004a8e03d40c613d32dff14d3ad016a) (cherry picked from commit 0f566598ec67ec0b48a593550879d2ffa5b4bb78) (cherry picked from commit 21bfaa057fa7e6b2a5f69459386f51e7d9060006) --- man/systemd.xml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/man/systemd.xml b/man/systemd.xml index 126382c4b0..4bb2fe9f52 100644 --- a/man/systemd.xml +++ b/man/systemd.xml @@ -976,12 +976,9 @@ 5 Boot into the specified legacy SysV runlevel. - These are equivalent to - systemd.unit=runlevel2.target, - systemd.unit=runlevel3.target, - systemd.unit=runlevel4.target, and - systemd.unit=runlevel5.target, - respectively, and provided for compatibility reasons and to be + 2, 3, and 4 are equivalent to + systemd.unit=multi-user.target; and 5 is equivalent to + systemd.unit=graphical.target, and provided for compatibility reasons and to be easier to type. From d37cbd457d9cf3cc33d4d2e7b81616b79131d6cf Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 22 Apr 2025 09:24:39 +0900 Subject: [PATCH 24/37] test-specifier: replace /dev/initctl with /dev/fd To make the test work even when systemd is built without SysV compat. (cherry picked from commit b4d51152648fe9c1cd89b04ab84806756f453084) (cherry picked from commit 094865105c10534d6bda3003ffbbea02c00794fd) (cherry picked from commit 1efc8390517000f4ba24bfb706bb236bf59025c2) (cherry picked from commit 33fb4f34365785d84657a49ffaad66e0bf4a39ad) (cherry picked from commit 244e719272217435586b5cd12a039bfad1a6f57c) --- src/test/test-specifier.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/src/test/test-specifier.c b/src/test/test-specifier.c index f5c491b9cf..de5e9a19de 100644 --- a/src/test/test-specifier.c +++ b/src/test/test-specifier.c @@ -3,7 +3,9 @@ #include "sd-id128.h" #include "alloc-util.h" +#include "format-util.h" #include "log.h" +#include "process-util.h" #include "specifier.h" #include "stat-util.h" #include "stdio-util.h" @@ -89,25 +91,27 @@ TEST(specifier_printf) { TEST(specifier_real_path) { static const Specifier table[] = { - { 'p', specifier_string, "/dev/initctl" }, - { 'y', specifier_real_path, "/dev/initctl" }, - { 'Y', specifier_real_directory, "/dev/initctl" }, + { 'p', specifier_string, "/dev/fd" }, + { 'y', specifier_real_path, "/dev/fd" }, + { 'Y', specifier_real_directory, "/dev/fd" }, { 'w', specifier_real_path, "/dev/tty" }, { 'W', specifier_real_directory, "/dev/tty" }, {} }; - _cleanup_free_ char *w = NULL; + _cleanup_free_ char *w = NULL, *expected = NULL; int r; r = specifier_printf("p=%p y=%y Y=%Y w=%w W=%W", SIZE_MAX, table, NULL, NULL, &w); - assert_se(r >= 0 || r == -ENOENT); - assert_se(w || r == -ENOENT); - puts(strnull(w)); + if (r < 0) { + assert_se(r == -ENOENT); + return (void) log_tests_skipped_errno(r, "/dev/fd and/or /dev/tty do not exist"); + } - /* /dev/initctl should normally be a symlink to /run/initctl */ - if (files_same("/dev/initctl", "/run/initctl", 0) > 0) - assert_se(streq(w, "p=/dev/initctl y=/run/initctl Y=/run w=/dev/tty W=/dev")); + assert_se(asprintf(&expected, + "p=/dev/fd y=/proc/"PID_FMT"/fd Y=/proc/"PID_FMT" w=/dev/tty W=/dev", + getpid_cached(), getpid_cached()) >= 0); + assert_se(streq(w, expected)); } TEST(specifier_real_path_missing_file) { From 7cd2a54d86adcfb2cfe3bcffcbb05be4f107e3ad Mon Sep 17 00:00:00 2001 From: Jesper Nilsson Date: Sat, 26 Apr 2025 17:39:56 +0200 Subject: [PATCH 25/37] man/sd_bus_slot_set_floating: Improve wording around b parameter (cherry picked from commit d93292bc599311d07e2b86d048a6a01b96d3e27d) (cherry picked from commit df3529008ef31b4312b7c7e6fab39868f6499a5a) (cherry picked from commit f71d4856a21ba5fe926f7207aacbfed36b6b0799) (cherry picked from commit c6aaa7e62557c3db847ad0fff1414f99035df42c) (cherry picked from commit 5c3eb957e0bba7185a681d9bc8e12113135cdce6) --- man/sd_bus_slot_set_floating.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/sd_bus_slot_set_floating.xml b/man/sd_bus_slot_set_floating.xml index dd3a9500cf..6ab98a6210 100644 --- a/man/sd_bus_slot_set_floating.xml +++ b/man/sd_bus_slot_set_floating.xml @@ -51,8 +51,8 @@ referenced bus slot object around. The floating state hence controls the direction of referencing between the bus object and the bus slot objects: if floating the bus pins the bus slot, and otherwise the bus slot pins the bus objects. Use sd_bus_slot_set_floating() to switch between both modes: if the - b parameter is zero, the slot object is considered floating, otherwise it is made a regular - (non-floating) slot object. + b parameter is zero, the slot object is made into a regular (non-floating) slot object, + otherwise it is made into a floating slot object. Bus slot objects may be allocated with calls such as sd_bus_add_match3. If the From 3c594595b877a1425eacdc5f95db549cb3b8c052 Mon Sep 17 00:00:00 2001 From: Tim Small Date: Sun, 27 Apr 2025 12:47:53 +0100 Subject: [PATCH 26/37] man/network: clarify SR-IOV section description and usage Document effect of the SR-IOV section in .link vs .network files and restructure the SR-IOV section introduction for clarity. (cherry picked from commit 8e24558e611e2ef66552b1da0b62b7ee1220e255) (cherry picked from commit 3a668aae1398762438b9ffee75622e552f9d7f11) (cherry picked from commit f930bd1c74cc49dacf6d99e2ec4eff550f92d0ca) (cherry picked from commit 21a05392ff349cd57b9161a9c0404c7766c0784f) (cherry picked from commit be67b76eabcba0981b49d3be21099ef8ab077cba) --- man/systemd.link.xml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/man/systemd.link.xml b/man/systemd.link.xml index aad3736c36..128aadfd5c 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -1018,11 +1018,18 @@ [SR-IOV] Section Options - The [SR-IOV] section accepts the following keys. Specify several [SR-IOV] sections to - configure several SR-IOVs. SR-IOV provides the ability to partition a single physical PCI resource - into virtual PCI functions which can then be injected into a VM. In the case of network VFs, SR-IOV - improves north-south network performance (that is, traffic with endpoints outside the host machine) - by allowing traffic to bypass the host machine’s network stack. + SR-IOV provides the ability to partition a single physical PCI resource into virtual PCI + functions which can then be e.g. injected into a VM. In the case of network VFs, SR-IOV reduces + latency and CPU utilisation for north-south network traffic (that is, traffic with endpoints + outside the host machine), by allowing traffic to bypass the host machine’s network stack. + + + The presence of an [SR-IOV] section in a .link file will cause the creation and + configuration of the specified virtual function. Within a .network file, the specified virtual + function will be configured, but must already exist. Specify several [SR-IOV] sections to + configure several SR-IOVs. + + The [SR-IOV] section accepts the following keys. From b1ccd70dfffff22c825810773effcbeffec58430 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 30 Apr 2025 15:24:20 +0100 Subject: [PATCH 27/37] busctl: validate argvs on get-property/set-property too Otherwise passing invalid data means asserts get hit instead of handling it gracefully. Other verbs already do the same checks. busctl get-property org.freedesktop.systemd1 '*' org.freedesktop.systemd1.Manager Version Assertion 'object_path_is_valid(path)' failed at src/libsystemd/sd-bus/bus-message.c:562, function sd_bus_message_new_method_call(). Aborting. Aborted (core dumped) (cherry picked from commit b16e6fd76788e74ce7424404445e822655abd6c9) (cherry picked from commit 6961d8ac6e0cc8d81c20c7de07595834ffabd556) (cherry picked from commit da7c0fc714a015dd9d7e8c1d622aa10f2f016111) (cherry picked from commit e26ba16ed64c43dd310fc9deaa86a0205eaaffc0) (cherry picked from commit c87daad0d2ab3f4bd809650781c4ea37431edfe8) --- src/busctl/busctl.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c index b073d5feff..5f4ea0dc81 100644 --- a/src/busctl/busctl.c +++ b/src/busctl/busctl.c @@ -2152,6 +2152,13 @@ static int get_property(int argc, char **argv, void *userdata) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; int r; + if (!service_name_is_valid(argv[1])) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid service name: %s", argv[1]); + if (!object_path_is_valid(argv[2])) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid object path: %s", argv[2]); + if (!interface_name_is_valid(argv[3])) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid interface name: %s", argv[3]); + r = acquire_bus(false, &bus); if (r < 0) return r; @@ -2221,6 +2228,13 @@ static int set_property(int argc, char **argv, void *userdata) { char **p; int r; + if (!service_name_is_valid(argv[1])) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid service name: %s", argv[1]); + if (!object_path_is_valid(argv[2])) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid object path: %s", argv[2]); + if (!interface_name_is_valid(argv[3])) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid interface name: %s", argv[3]); + r = acquire_bus(false, &bus); if (r < 0) return r; From 7d3b8773958b564d9ed0dcdc67a6c52fd088c0a7 Mon Sep 17 00:00:00 2001 From: Tim Small Date: Fri, 2 May 2025 13:40:00 +0100 Subject: [PATCH 28/37] man/network: Note .link early boot caveat, and .network .netdev usage. Document .link .network and .netdev file type distinctions in early introductory text, and document distro-specific need to sync link files with early-boot copies, see Debian bug 1005282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005282 for an example. (cherry picked from commit a50fa2a40f4a91d49503d3588a3dd29ea05e559b) (cherry picked from commit 1f654739f8a05110b68461cf483d5c07b2ef7723) (cherry picked from commit 1e96e999377b03e052a0379223e40255aa767df8) (cherry picked from commit 798a835f8b4840bc7620e673b129def71dd23e2d) (cherry picked from commit 6a1b1f17b6da67afffdbaf7c90d34291e301b36b) --- man/systemd-networkd.service.xml | 24 ++++++++++++++---------- man/systemd.link.xml | 5 +++++ man/systemd.network.xml | 8 ++++++++ 3 files changed, 27 insertions(+), 10 deletions(-) diff --git a/man/systemd-networkd.service.xml b/man/systemd-networkd.service.xml index 12cd4c331b..ed886c8aa7 100644 --- a/man/systemd-networkd.service.xml +++ b/man/systemd-networkd.service.xml @@ -33,12 +33,16 @@ manages networks. It detects and configures network devices as they appear, as well as creating virtual network devices. - To configure low-level link settings independently of - networks, see - systemd.link5. - - systemd-networkd will create network devices based - on the configuration in + Certain low-level settings of physical network devices (e.g. device + names and altnames) as well as the creation of SR-IOV virtual functions on + physical network interfaces may be managed by + systemd-udevd8 + according to the contents of + systemd.link5 + files. + + systemd-networkd will create "virtual" network + devices (e.g. bridges and tunnels) based on the configuration in systemd.netdev5 files, respecting the [Match] sections in those files. @@ -47,10 +51,10 @@ with an appropriate [Match] section, see systemd.network5. For those links, it will flush existing network addresses and routes when - bringing up the device. Any links not matched by one of the - .network files will be ignored. It is also possible to - explicitly tell systemd-networkd to ignore a link by - using Unmanaged=yes option, see + bringing up the device (except when directed not to). Any links not matched + by one of the .network files will be ignored. It is + also possible to explicitly tell systemd-networkd to + ignore a link by using the Unmanaged=yes option, see systemd.network5. diff --git a/man/systemd.link.xml b/man/systemd.link.xml index 128aadfd5c..3051446462 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -32,6 +32,11 @@ systemd.syntax7 for a general description of the syntax. + Note that some distributions may incorporate .link files in their early boot + facilities (e.g. by including copies of the .link files in initramfs). As such it + may be necessary to take manual steps to ensure that any local changes are consistent with early-boot + storage facilities. The relevant distribution-specific documentation should be consulted. + The .link files are read from the files located in the system network directory /usr/lib/systemd/network and /usr/local/lib/systemd/network, the volatile runtime network directory diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 2eef826a06..54ef5e5938 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -37,6 +37,14 @@ The main network file must have the extension .network; other extensions are ignored. Networks are applied to links whenever the links appear. + Note that not all settings and configurations can be made with .network + files, and that it may be necessary to use + systemd.link5) + or + systemd.netdev5) + files in conjuction with .network files when working with physical and virtual + network devices respectively. + The .network files are read from the files located in the system network directories /usr/lib/systemd/network and /usr/local/lib/systemd/network, the volatile runtime network directory From a679235e10e16398e3c0d8b52153c8755f794102 Mon Sep 17 00:00:00 2001 From: Alexander Stepchenko Date: Mon, 5 May 2025 13:48:30 +0300 Subject: [PATCH 29/37] man/systemctl: add preposition for clarity (cherry picked from commit 0cf03a36f287ef898679868a5bc828b17faf797e) (cherry picked from commit e76121a0d2eb288ea02c61b9359b86053fd6ee5f) (cherry picked from commit a5fb520700e0501d9480336b1101578ca02e67ff) (cherry picked from commit 5f33bb32399ef6c27a4f074423e485b38c21e453) (cherry picked from commit 96996098d64fbaf9b0f9a1a1f0988af55a2f4155) --- man/systemctl.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemctl.xml b/man/systemctl.xml index 61594c6db1..a701efde7b 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -843,7 +843,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err preset UNIT - Reset the enable/disable status one or more unit files, as specified on + Reset the enable/disable status of one or more unit files, as specified on the command line, to the defaults configured in the preset policy files. This has the same effect as disable or enable, depending how the unit is listed in the preset From ad9c967457c2c5f29b9bf340e5b54ee7662fb8ac Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 2 May 2025 21:08:55 +0200 Subject: [PATCH 30/37] meson: Ensure that distribution packages own systemenvgeneratordir Currently, Fedora's systemd RPM doesn't own systemenvgeneratordir (ie., /usr/lib/systemd/system-environment-generators) [1] because it's not created when systemd is installed. In contrast, userenvgeneratordir (ie., /usr/lib/systemd/user-environment-generators) is created, unless the environment-d Meson option is explicitly disabled. While this can be worked around elsewhere, it's better if the upstream build system created the directories consistently. It will avoid repetition, and prevent silly bugs or deviations from creeping in. [1] https://bugzilla.redhat.com/show_bug.cgi?id=2284085 (cherry picked from commit ab46feb3e28eee0b9be3dece49f5e4c63f21dc37) (cherry picked from commit bd27edd3de9b3b30f7225994a799e46fba930568) (cherry picked from commit f38abc546d09f99eb011b2bfe8605ac7259baf02) (cherry picked from commit 03e38fbc877e58637a0da7d948b4c18442ed97d0) (cherry picked from commit d5b840bf127ba99222d27edc36fd3dfdf09ca801) --- src/core/meson.build | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/core/meson.build b/src/core/meson.build index 981b46fc0b..e0bab84315 100644 --- a/src/core/meson.build +++ b/src/core/meson.build @@ -166,9 +166,11 @@ install_data('org.freedesktop.systemd1.conf', install_data('org.freedesktop.systemd1.service', install_dir : dbussystemservicedir) +meson.add_install_script('sh', '-c', mkdir_p.format(systemenvgeneratordir)) meson.add_install_script('sh', '-c', mkdir_p.format(systemshutdowndir)) meson.add_install_script('sh', '-c', mkdir_p.format(systemsleepdir)) meson.add_install_script('sh', '-c', mkdir_p.format(systemgeneratordir)) +meson.add_install_script('sh', '-c', mkdir_p.format(userenvgeneratordir)) meson.add_install_script('sh', '-c', mkdir_p.format(usergeneratordir)) if install_sysconfdir From a4d1aee6b186e9981045666ab5265b68db3a3e69 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 6 May 2025 16:39:14 -0600 Subject: [PATCH 31/37] flush_ports: flush POSIX message queues properly On Linux, read() on a message queue descriptor returns the message queue statistics, not the actual message queue data. We need to use mq_receive() to drain the queues instead. Fixes a problem where a POSIX message queue socket unit with messages in the queue at shutdown time could result in a hang on reboot/shutdown. (cherry picked from commit ffb6adb76367d5ab7d43937ccaac5947717b5b78) (cherry picked from commit 4ab235b029f2107ed53f6580a7b57a48b63b4035) (cherry picked from commit 5ac9982bda6429bceb64358f84f5174d4dd0a1b8) (cherry picked from commit c1581f686244313ead56b0be8aa5d3567437265d) (cherry picked from commit ed8f5cb465daadfcd9063664a4f354ede9a256b1) --- src/basic/socket-util.c | 49 +++++++++++++++++++++++++++++++++++++++++ src/basic/socket-util.h | 1 + src/core/socket.c | 8 +++++-- 3 files changed, 56 insertions(+), 2 deletions(-) diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c index 9538367e3d..6cf0f3867a 100644 --- a/src/basic/socket-util.c +++ b/src/basic/socket-util.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include @@ -1157,6 +1158,54 @@ int flush_accept(int fd) { } } +ssize_t flush_mqueue(int fd) { + _cleanup_free_ char *buf = NULL; + struct mq_attr attr; + ssize_t count = 0; + int r; + + assert(fd >= 0); + + /* Similar to flush_fd() but flushes all messages from a POSIX message queue. */ + + for (;;) { + ssize_t l; + + r = fd_wait_for_event(fd, POLLIN, /* timeout= */ 0); + if (r < 0) { + if (r == -EINTR) + continue; + + return r; + } + if (r == 0) + return count; + + if (!buf) { + /* Buffer must be at least as large as mq_msgsize. */ + if (mq_getattr(fd, &attr) < 0) + return -errno; + + buf = malloc(attr.mq_msgsize); + if (!buf) + return -ENOMEM; + } + + l = mq_receive(fd, buf, attr.mq_msgsize, /* msg_prio = */ NULL); + if (l < 0) { + if (errno == EINTR) + continue; + + if (errno == EAGAIN) + return count; + + return -errno; + } + + count += l; + } +} + struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length) { struct cmsghdr *cmsg; diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h index 1a8384ec3f..c0ee8e0db7 100644 --- a/src/basic/socket-util.h +++ b/src/basic/socket-util.h @@ -171,6 +171,7 @@ int receive_one_fd(int transport_fd, int flags); ssize_t next_datagram_size_fd(int fd); int flush_accept(int fd); +ssize_t flush_mqueue(int fd); #define CMSG_FOREACH(cmsg, mh) \ for ((cmsg) = CMSG_FIRSTHDR(mh); (cmsg); (cmsg) = CMSG_NXTHDR((mh), (cmsg))) diff --git a/src/core/socket.c b/src/core/socket.c index 46648dced4..d36faaca02 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -2292,8 +2292,12 @@ static void flush_ports(Socket *s) { if (p->fd < 0) continue; - (void) flush_accept(p->fd); - (void) flush_fd(p->fd); + if (p->type == SOCKET_MQUEUE) + (void) flush_mqueue(p->fd); + else { + (void) flush_accept(p->fd); + (void) flush_fd(p->fd); + } } } From d056f1f80e8744e07759f874b2f3ac1668bc3da4 Mon Sep 17 00:00:00 2001 From: Antonio Alvarez Feijoo Date: Mon, 12 May 2025 15:26:32 +0200 Subject: [PATCH 32/37] log: fix declaration of log_dispatch_internal() (cherry picked from commit 0425fc5eb72d8a66e3c2634f0d61e50ef2c53e41) (cherry picked from commit 764be0a316a5a8ac1cb46aa748c12c70e23355cb) (cherry picked from commit 0c6309e8e48fd541faf9489e551787506e3ed125) (cherry picked from commit e0d06115d1a5cf4a553d05d17cc56e3eb6118dcf) (cherry picked from commit d391cf70300187c975ae03d7b62208d4dbf9a1ce) --- src/basic/log.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/log.h b/src/basic/log.h index fbfb8aa787..ab7521d015 100644 --- a/src/basic/log.h +++ b/src/basic/log.h @@ -96,8 +96,8 @@ int log_dispatch_internal( const char *func, const char *object_field, const char *object, - const char *extra, const char *extra_field, + const char *extra, char *buffer); int log_internal( From b37f35b8c831679ada82eab50bd9bd559e77243b Mon Sep 17 00:00:00 2001 From: Eisuke Kawashima Date: Tue, 13 May 2025 09:04:52 +0900 Subject: [PATCH 33/37] shell-completion: fix completion of `systemctl --user unset-environment` (#37409) Co-authored-by: Eisuke Kawashima (cherry picked from commit 6d07d23b022d48898d9a2e7181ab6493d3d61c43) (cherry picked from commit 11c16d414ebbcb13e39971d90ece4a1e0db183d2) (cherry picked from commit 003a0bb9e3bfef9ab99ce409ea08d6fb544440d0) (cherry picked from commit bd47958cdc0d9e9158cbf934efbf96289c631bdd) (cherry picked from commit 2403c1ebb9b38b1739339d8cc8fd923ef6781375) --- shell-completion/zsh/_systemctl.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell-completion/zsh/_systemctl.in b/shell-completion/zsh/_systemctl.in index 759ffc0206..e8461ca7fd 100644 --- a/shell-completion/zsh/_systemctl.in +++ b/shell-completion/zsh/_systemctl.in @@ -408,7 +408,7 @@ for fun in set-environment unset-environment ; do suf='-S=' fi _wanted systemd-environment expl 'environment variable' \ - compadd "$@" ${suf} - ${${(f)"$(systemctl show-environment)"}%%=*} + compadd "$@" ${suf} - ${${(f)"$(systemctl "$_sys_service_mgr" show-environment)"}%%=*} } done From c134c6c6e2c5d7c2b0d11ba8fd4acb700856bb0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 6 May 2025 11:14:10 +0200 Subject: [PATCH 34/37] man: reword the description of "secure pager" handling The existing description was not *wrong*, but it was a bit muddled. Let's reorder the text to give a short intro and then describe what the options actually do and the clear "true" and "false" cases first, and then describe autodetection. Related to https://yeswehack.com/vulnerability-center/reports/346802. (cherry picked from commit 718dbdb2ca4458cf91711cd9a7de3a972e46658e) (cherry picked from commit d8659058f40186f07799bc2a8e624aece33412ac) (cherry picked from commit f75ad1137ef43bb7a65fd598c807945476631411) (cherry picked from commit 521215222c29ba957c7d0fe37772019443d95cf5) (cherry picked from commit 7281febb35338d9071c1a5d9047b7b221f9553e3) --- man/common-variables.xml | 58 ++++++++++++++++++++++++++-------------- 1 file changed, 38 insertions(+), 20 deletions(-) diff --git a/man/common-variables.xml b/man/common-variables.xml index 4d2092f748..94f5711ca5 100644 --- a/man/common-variables.xml +++ b/man/common-variables.xml @@ -150,28 +150,46 @@ $SYSTEMD_PAGERSECURE - Takes a boolean argument. When true, the "secure" mode of the pager is enabled; if - false, disabled. If $SYSTEMD_PAGERSECURE is not set at all, secure mode is enabled - if the effective UID is not the same as the owner of the login session, see - geteuid2 - and sd_pid_get_owner_uid3. - In secure mode, will be set when invoking the pager, and the pager shall - disable commands that open or create new files or start new subprocesses. When - $SYSTEMD_PAGERSECURE is not set at all, pagers which are not known to implement - secure mode will not be used. (Currently only - less1 - implements secure mode.) - - Note: when commands are invoked with elevated privileges, for example under + Common pager commands like less1, in + addition to "paging", i.e. scrolling through the output, support opening of or writing to other files + and running arbitrary shell commands. When commands are invoked with elevated privileges, for example + under sudo8 or pkexec1, care - must be taken to ensure that unintended interactive features are not enabled. "Secure" mode for the - pager may be enabled automatically as describe above. Setting SYSTEMD_PAGERSECURE=0 - or not removing it from the inherited environment allows the user to invoke arbitrary commands. Note - that if the $SYSTEMD_PAGER or $PAGER variables are to be - honoured, $SYSTEMD_PAGERSECURE must be set too. It might be reasonable to completely - disable the pager using instead. + project='die-net'>pkexec1, the + pager becomes a security boundary. Care must be taken that only programs with strictly limited + functionality are used as pagers, and unintended interactive features like opening or creation of new + files or starting of subprocesses are not allowed. "Secure mode" for the pager may be enabled as + described below, if the pager supports that (most pagers are not written in a way + that takes this into consideration). It is recommended to either explicitly enable "secure mode" or to + completely disable the pager using or PAGER=cat when + allowing untrusted users to execute commands with elevated privileges. + + This option takes a boolean argument. When set to true, the "secure mode" of the pager is + enabled. In "secure mode", will be set when invoking the pager, which + instructs the pager to disable commands that open or create new files or start new subprocesses. + Currently only less1 is known + to understand this variable and implement "secure mode". + + When set to false, no limitation is placed on the pager. Setting + SYSTEMD_PAGERSECURE=0 or not removing it from the inherited environment may allow + the user to invoke arbitrary commands. + + When $SYSTEMD_PAGERSECURE is not set, systemd tools attempt to automatically + figure out if "secure mode" should be enabled and whether the pager supports it. "Secure mode" is + enabled if the effective UID is not the same as the owner of the login session, see + geteuid2 + and + sd_pid_get_owner_uid3. + In this case, SYSTEMD_PAGERSECURE=1 will be set and pagers which are not known to + implement "secure mode" will not be used at all. + + Note that if the $SYSTEMD_PAGER or $PAGER variables are to + be honoured, $SYSTEMD_PAGERSECURE must be set too. + From 5c8d4ea5f9f96f521bac8e2349c819b0f3131aec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 6 May 2025 11:37:26 +0200 Subject: [PATCH 35/37] man: rework the description of $SYSTEMD_PAGER and $PAGER $PAGER wasn't documented, but actually we treat it same as $SYSTEMD_PAGER, except for lower priority. And the two variables can be used to disable the pager, even if $SYSTEMD_PAGERSECURE is not set. Behaviour is (obviously) not changed by this patch, it intentionally just updates the docs to match the code. (cherry picked from commit b6b78170e17727ca0ec320d5703b36d0597d0cc9) (cherry picked from commit affb45d6b2dfdb3a87da2e0241be8c5c5c9a9d8f) (cherry picked from commit ab19d19d3e89a270e40b9b9cff845581d3d9e3a4) (cherry picked from commit 946f7b70d5fae6caf932a8c65786366441a8114d) (cherry picked from commit 661ffe66cbd1635257c0ff8c16aebb1bdb0dfc01) --- man/common-variables.xml | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/man/common-variables.xml b/man/common-variables.xml index 94f5711ca5..0a11973c71 100644 --- a/man/common-variables.xml +++ b/man/common-variables.xml @@ -83,17 +83,22 @@ $SYSTEMD_PAGER + $PAGER - Pager to use when is not given; overrides - $PAGER. If neither $SYSTEMD_PAGER nor $PAGER are set, a - set of well-known pager implementations are tried in turn, including - less1 and - more1, until one is found. If - no pager implementation is discovered no pager is invoked. Setting this environment variable to an empty string - or the value cat is equivalent to passing . + Pager to use when is not given. + $SYSTEMD_PAGER is used if set; otherwise $PAGER is used. + If neither $SYSTEMD_PAGER nor $PAGER are set, a set of well-known + pager implementations is tried in turn, including + less1 + and + more1, + until one is found. If no pager implementation is discovered, no pager is invoked. Setting those + environment variables to an empty string or the value cat is equivalent to passing + . Note: if $SYSTEMD_PAGERSECURE is not set, $SYSTEMD_PAGER - (as well as $PAGER) will be silently ignored. + and $PAGER can only be used to disable the pager (with cat or + ), and are otherwise ignored. @@ -188,8 +193,8 @@ implement "secure mode" will not be used at all. Note that if the $SYSTEMD_PAGER or $PAGER variables are to - be honoured, $SYSTEMD_PAGERSECURE must be set too. - + be honoured, other than to disable the pager, $SYSTEMD_PAGERSECURE must be set + too. From c615dd863684c631bb63ec03124cd4006334ef71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 6 May 2025 14:29:02 +0200 Subject: [PATCH 36/37] pager: also check for $SUDO_UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This returns to the original approach proposed in https://github.com/systemd/systemd/pull/17270. After review, the approach was changed to use sd_pid_get_owner_uid() instead. Back then, when running in a typical graphical session, sd_pid_get_owner_uid() would usually return the user UID, and when running under sudo, geteuid() would return 0, so we'd trigger the secure path. sudo may allocate a new session if is invoked outside of a session (depending on the PAM config). Since nowadays desktop environments usually start the user shell through user units, the typical shell in a terminal emulator is not part of a session, and when sudo is invoked, a new session is allocated, and sd_pid_get_owner_uid() returns 0 too. Technically, the code still works as documented in the man page, but in the common case, it doesn't do the expected thing. $ build/test-sd-login |& rg 'get_(owner_uid|cgroup|session)' sd_pid_get_session(0) → No data available sd_pid_get_owner_uid(0) → 1000 sd_pid_get_cgroup(0) → /user.slice/user-1000.slice/user@1000.service/app.slice/app-ghostty-transient-5088.scope/surfaces/556FAF50BA40.scope $ sudo build/test-sd-login |& rg 'get_(owner_uid|cgroup|session)' sd_pid_get_session(0) → c289 sd_pid_get_owner_uid(0) → 0 sd_pid_get_cgroup(0) → /user.slice/user-0.slice/session-c289.scope I think it's worth checking for sudo because it is a common case used by users. There obviously are other mechanims, so the man page is extended to say that only some common mechanisms are supported, and to (again) recommend setting SYSTEMD_LESSSECURE explicitly. The other option would be to set "secure mode" by default. But this would create an inconvenience for users doing the right thing, running systemctl and other tools directly, because then they can't run privileged commands from the pager, e.g. to save the output to a file. (Or the user would need to explicitly set SYSTEMD_LESSSECURE. One option would be to set it always in the environment and to rely on sudo and other tools stripping it from the environment before running privileged code. But that is also fairly fragile and it obviously relies on the user doing a complicated setup to support a fairly common use case. I think this decreases usability of the system quite a bit. I don't think we should build solutions that work in priniciple, but are painfully inconvenient in common cases.) Fixes https://yeswehack.com/vulnerability-center/reports/346802. Also see https://github.com/polkit-org/polkit/pull/562, which adds support for $SUDO_UID/$SUDO_GID to pkexec. (cherry picked from commit cd93478af8b9dc69478d5667f113b67d175090fa) (cherry picked from commit b93f53c122124582fa80ae246343791063d65074) (cherry picked from commit f3a13eca4ed6b4852153179a2197ee797bbbe898) (cherry picked from commit df9bf670237083bdd434766f1fa61000dbbf7164) (cherry picked from commit a897e45028badfd1127393d11e6941f5538f9f29) --- man/common-variables.xml | 13 ++++++++++--- src/shared/pager.c | 29 +++++++++++++++++++---------- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/man/common-variables.xml b/man/common-variables.xml index 0a11973c71..4392ce27e5 100644 --- a/man/common-variables.xml +++ b/man/common-variables.xml @@ -188,9 +188,16 @@ enabled if the effective UID is not the same as the owner of the login session, see geteuid2 and - sd_pid_get_owner_uid3. - In this case, SYSTEMD_PAGERSECURE=1 will be set and pagers which are not known to - implement "secure mode" will not be used at all. + sd_pid_get_owner_uid3, + or when running under + sudo8 or similar + tools ($SUDO_UID is set + It is recommended for other tools to set and check $SUDO_UID as appropriate, + treating it is a common interface.). In those cases, + SYSTEMD_PAGERSECURE=1 will be set and pagers which are not known to implement + "secure mode" will not be used at all. Note that this autodetection only covers the most common + mechanisms to elevate privileges and is intended as convenience. It is recommended to explicitly set + $SYSTEMD_PAGERSECURE or disable the pager. Note that if the $SYSTEMD_PAGER or $PAGER variables are to be honoured, other than to disable the pager, $SYSTEMD_PAGERSECURE must be set diff --git a/src/shared/pager.c b/src/shared/pager.c index 6ed35a3ca9..e6c6715d58 100644 --- a/src/shared/pager.c +++ b/src/shared/pager.c @@ -82,6 +82,22 @@ static int no_quit_on_interrupt(int exe_name_fd, const char *less_opts) { return r; } +static bool running_with_escalated_privileges(void) { + int r; + + if (getenv("SUDO_UID")) + return true; + + uid_t uid; + r = sd_pid_get_owner_uid(0, &uid); + if (r < 0) { + log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m"); + return true; + } + + return uid != geteuid(); +} + void pager_open(PagerFlags flags) { _cleanup_close_pair_ int fd[2] = PIPE_EBADF, exe_name_pipe[2] = PIPE_EBADF; _cleanup_strv_free_ char **pager_args = NULL; @@ -177,16 +193,9 @@ void pager_open(PagerFlags flags) { * know to be good. */ int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE"); bool trust_pager = use_secure_mode >= 0; - if (use_secure_mode == -ENXIO) { - uid_t uid; - - r = sd_pid_get_owner_uid(0, &uid); - if (r < 0) - log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m"); - - use_secure_mode = r < 0 || uid != geteuid(); - - } else if (use_secure_mode < 0) { + if (use_secure_mode == -ENXIO) + use_secure_mode = running_with_escalated_privileges(); + else if (use_secure_mode < 0) { log_warning_errno(use_secure_mode, "Unable to parse $SYSTEMD_PAGERSECURE, assuming true: %m"); use_secure_mode = true; } From 5cf37a618381b906fb8907cbd0b6593e4a0e9710 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sun, 18 May 2025 13:28:02 +0100 Subject: [PATCH 37/37] CI: undo mkosi.yml overwrite of systemd tools from main The tools from main are no longer compatible with images built in this stable branch. Ubuntu 24.04 ships with v255 which is good enough, so restore those binaries. (cherry picked from commit 92df356fe184fb5ddbe0b1276555271001c196db) (cherry picked from commit b5823d6ef207f5ff80523a25caf26ba97df5786c) --- .github/workflows/mkosi.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index 61aae02025..50b9e49cc6 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -84,6 +84,9 @@ jobs: - name: Configure run: | + # mkosi GHA clones and builds from main but tools are not compatible with this branch, 24.04 ships 255 which is enough + sudo apt install --reinstall systemd systemd-container systemd-boot systemd-ukify + tee mkosi.default <<- EOF [Distribution] Distribution=${{ matrix.distro }} @@ -124,8 +127,6 @@ jobs: CopyFiles=/ Minimize=guess EOF - sudo ln -svf "$(dirname "$(readlink /usr/bin/bootctl)")/systemd-keyutil" /usr/lib/systemd/systemd-keyutil - /usr/lib/systemd/systemd-keyutil --version - name: Generate secure boot key run: sudo mkosi genkey