platform/upstream/systemd.git
3 months agounits: Add SmackProcessLabel under [Service] section for poweroff/reboot/exit service 36/314436/1 accepted/tizen/unified/dev/20240715.080605
Chanwoo Choi [Thu, 11 Jul 2024 12:51:08 +0000 (21:51 +0900)]
units: Add SmackProcessLabel under [Service] section for poweroff/reboot/exit service

Need to contain SmackProcessLabel under [Service] section
to keep the security-config rule.

Change-Id: I72be4c689d86a1dcf3967aa9563c74a903e4479d
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
3 months agotizen: Drop more unused scripts and binaries 60/314360/2 accepted/tizen/unified/dev/20240711.085703
Karol Lewandowski [Wed, 10 Jul 2024 15:54:47 +0000 (17:54 +0200)]
tizen: Drop more unused scripts and binaries

Change-Id: I37dd573d6a7188e78cbf432bf3975449a5d485bb

3 months agotizen: Ensure all .service files have necessary SmackProcessLabel= tag 59/314359/2
Karol Lewandowski [Wed, 10 Jul 2024 15:09:31 +0000 (17:09 +0200)]
tizen: Ensure all .service files have necessary SmackProcessLabel= tag

This is needed for security-config checker script only, as the labels
are set anyway via DefaultSmackProcessLabel=System.

Change-Id: I19ccdf6b8fc042f5a8c755f2ca2d996a6c121e60

4 months agofixup! tizen: socket: Serialize auxiliary file descriptors sandbox/lstelmach/tizen-next accepted/tizen/unified/dev/20240625.015739 accepted/tizen/unified/dev/20240708.054002
Łukasz Stelmach [Fri, 21 Jun 2024 21:27:38 +0000 (23:27 +0200)]
fixup! tizen: socket: Serialize auxiliary file descriptors

5 months agoRevert "execute: Call capability_ambient_set_apply even if ambient set is 0" accepted/tizen/unified/dev/20240619.062926
Łukasz Stelmach [Tue, 28 May 2024 14:56:03 +0000 (16:56 +0200)]
Revert "execute: Call capability_ambient_set_apply even if ambient set is 0"

With ambient capabilities being dropped at the start of process managers
(both system and user) as well as systemd-executor it isn't necessary
to drop them here. Moreover, at this point also the inheritable set can
be preserved. This makes it possible to assign a user session manager
inheritable capabilities which combined with file capabilites (ei sets)
of service executables enable running user services with capabilities
but only when started by the manager.

This reverts commit 943800f4e7728feb2416dd57b8c296614497b94f.

Change-Id: I479f6268373ac8b0772f9ac56dd52f45e6003705
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Forwarded: https://github.com/systemd/systemd/pull/32937

5 months agocore: drop ambient capabilities in systemd-executor
Łukasz Stelmach [Mon, 20 May 2024 14:51:55 +0000 (16:51 +0200)]
core: drop ambient capabilities in systemd-executor

Since the commit 963b6b906e ("core: drop ambient capabilities in
user manager") systemd running as the session manager has dropped ambient
capabilities retaining other sets allowing user services to be started
with elevated capabilities. This, worked fine until the introduction of
sd-executor. For a non-root process to be started with elevated
capabilities by a non-root parent it either needs file capabilities or
ambient capabilities in the parent process. Thus, systemd needs to allow
sd-executor to inherit its ambient capabilities and sd-executor should
drop them as systemd did before.

The ambient set is managed for both system and session managers, but
with the default set for PID#1 being empty, this code does not affect
operation of PID#1.

Change-Id: I79d2ea9519c574cf1be764b26ac62f1144fa16ca
Fixes: bb5232b6a3 ("core: add systemd-executor binary")
Forwarded: https://github.com/systemd/systemd/pull/32937

5 months agopackaging: add packaging for systemd v255
Łukasz Stelmach [Wed, 3 Apr 2024 14:01:50 +0000 (16:01 +0200)]
packaging: add packaging for systemd v255

Change-Id: Ia0f22c8846e88313549ac92fa3239ceda9e2c999
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Install tmpfiles.d/legacy.conf
Łukasz Stelmach [Tue, 23 Apr 2024 15:10:30 +0000 (17:10 +0200)]
tizen: Install tmpfiles.d/legacy.conf

Change-Id: Ic17b4b218f7585e7ef8d8be5e19459a8dc146a01
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: configuration files
Kunhoon Baik [Wed, 10 Aug 2016 13:02:22 +0000 (22:02 +0900)]
tizen: configuration files

The following commits were squashed:
    - Ibef1d780d3a711b9251cddc41b16c91a154951e2
    - I633bf5a15041da8f40f8cde66e488c1b14f25045
    - I6b36320191fcc69d5b45cfec5b27a462d0ab8310
    - I9aa53189eae878464acba58b5fdd490f6b3ba7f8
    - I49f402d56f83700fe7528eab3e034cd845afc0a2
    - I550c07ede30a0bb70a9bb3ca00d5771e1722826b
    - I0523d4cc46ce2edd05e479e9101c6d20f70b4296
    - Ia3759dea4fb248aa88dcd303a4ae4a400d89f580

--8<-------------------------------------------------------->8---

Disable shutdown watchdog as default

Note: The original commit altered the source rather than configuration.

--8<-------------------------------------------------------->8---

Modification of journald configuration for minimal log saving

There were several requirements for minimal disk log.
Especially, Default Tizen tries to keep the the log size under 10MB
because Tizen provides other logging system DLOG.

--8<-------------------------------------------------------->8---

journald: Limit system journal size to 10M

In v219, journald implicitly limits system journal(/var/log/journal) size
to 8MB(twice of the minimum journal file size) with SystemMaxUse=0 setting.
But in v231, journald doesn't stop allocating when max_use is 0.

--8<-------------------------------------------------------->8---

journald: Limit system journal size from 10M to 4M

A journald always loads two journal files (one is current and the other
is just before) in memory using mmap. So it always consumes as much
memory as file size.

A journald rotates the log in 8 files. Each log file has a SystemMaxUse/8
size. (But the minimum value is 512k.)

So SystemMaxUse is 4M to minimize memory usage. (512k * 8 = 4M)

sh-3.2# memps `pidof systemd-journald`
S(CODE)  S(DATA)  P(CODE)  P(DATA)  ADDR(start-end)  OBJECT NAME
-------- -------- -------- -------- -----------------------------------------------
4        0      508        0 f6d80000-f6ec0000 /opt/var/log/journal/999fcdd05c714da0859337c08df2230e/system@800f735a88e44c35bc7cca47\
9a6984b1-00000000000015ad-000561d5c48aab1f.journal
0        4      302        0 f6c40000-f6d80000 /opt/var/log/journal/999fcdd05c714da0859337c08df2230e/system.journal

--8<-------------------------------------------------------->8---

Set the default deny policy for system dbus

org.freedesktop.locale1.conf  - send: deny, own: deny
org.freedesktop.login1.conf   - send: deny, own: deny
org.freedesktop.systemd1.conf - send: deny, own: deny

--8<-------------------------------------------------------->8---

D-Bus policy configs: fixed rules

Removed duplicate rules in all three configs, and specified proper sender
for receiving ActivationRequest signal in org.freedesktop.systemd1.conf.

--8<-------------------------------------------------------->8---

logind: change the power key to disabled

Tizen does not support power off without deviced.
So, you need to turn off the power key function in logind.

1. Disable TAG+="power-switch" uevent rules because logind uses
   "power-switch" uevent to recognize the power key.
2. Change default behavior for power key to ignore.

--8<-------------------------------------------------------->8---

tizen: Set DefaultSmackProcessLabel to User

Run user session services with the User SMACK label instead of
System::Privileged inherited from systemd.

--8<-------------------------------------------------------->8---

tizen: DefaultSmackProcessLabel=System

Since most system services run with the System SMACK label, to avoid
unnecessary modification to unit files, which results in conflicts
during upgrades, set System as the default label.

--8<-------------------------------------------------------->8---

Author: Kunhoon Baik <knhoon.baik@samsung.com>
Author: Mateusz Moscicki <m.moscicki2@partner.samsung.com>
Author: Adrian Szyndela <adrian.s@samsung.com>
Signed-off-by: Hyeongsik Min <hyeongsik.min@samsung.com>
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
WIP: system.conf.in RebootWatchdogSec=off

Change-Id: I3dda6588884dc804fd944e6385c825865656917b
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: dlog
Michal Bloch [Mon, 8 Feb 2021 14:06:03 +0000 (15:06 +0100)]
tizen: dlog

The following commits were squashed.

Change Ids:
    - Icf7224d1fabd4cdb45971ac9314ed4d19d220bbb
    - I5682de7dce014f76f403406ef73c7bd5a9661d5e
    - I5bcc23a74950d2d8ae0db2ecabf5ea14d358b0ec
    - I5682de7dce014f76f403406ef73c7bd5a9661d5f
    - Ia14de6aeff3828aa0d6a27210fa96c53ee577c8d

--8<-------------------------------------------------------->8---

Basic PoC for DLog stdout redirector

Set Standard{Output,Error}=dlog in a service file,
or DefaultStandard{Output,Error}=dlog for global.

Note that setting the global default should only
really be done if DLog is working under the Android
Logger backend, since the Pipe backend daemon is
not really available early on which can make early
daemons fail.

--8<-------------------------------------------------------->8---

Add "dlog|journal" output redirection option

Journal seems to default to /dev/null even when not explicitly
specified, so there is no separate "dlog|journal|null".

--8<-------------------------------------------------------->8---

Use new dlog-redirect-stdout api function

--8<-------------------------------------------------------->8---

Redirect stdout/stderr to dlog by default

--8<-------------------------------------------------------->8---

Fix an error on dlog-redirection

When both stdout and stderr are set as dlog, log tag and priority of
stderr is not set properly.

--8<-------------------------------------------------------->8---

Signed-off-by: Michal Bloch <m.bloch@samsung.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Signed-off-by: Junghak Sung <jh1009.sung@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: test-runner
Łukasz Stelmach [Thu, 4 Apr 2024 13:41:54 +0000 (15:41 +0200)]
tizen: test-runner

The following commits were squashed:
    - 8bffaa8df51d26cf58cc0080062f6f35d094374a
    - f7dad5e3e6a2fc19b8edaba5eb14641ce3c7b19f
    - 7babb0023de78f342ba4673469a62dbfb79b1937
    - abb5094f9509c92058669adb68fda97b99fe7244
    - cbff03980cc28233d3fa1ca1481336a10935dfa7

--8<-------------------------------------------------------->8---

sd-bus: add support for 'dbus-integration-tests' framework

--8<-------------------------------------------------------->8---

systemd-tests: set common output format

--8<-------------------------------------------------------->8---

license:change test-runner's license from Apache 2.0 to BSD-2-clause

To avoid license conflict between LGPL-2.1 and Apache-2.0, change it.

--8<-------------------------------------------------------->8---

tests: correct test-bus-benchmark test name

Additionally, move the entry to the alphabetically correct position after
the name change.

--8<-------------------------------------------------------->8---

sdbus: kdbus: add test for adding async signal match

--8<-------------------------------------------------------->8---

Change-Id: I23fe21cafe95156846cfc76807fb2305a102be52
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Use openssl3 if needed
Karol Lewandowski [Wed, 19 Jul 2023 13:29:26 +0000 (15:29 +0200)]
tizen: Use openssl3 if needed

This commit updates ssl dependency to openssl3.

However, in default tizen configuration openssl is not
used at all as only component using it (systemd-resolved,
as enabled/disabled via -Dresolve=true/false) is disabled.

Change-Id: I3a51139cef21ce80acecfef84f5c3a47a7d7cca1

5 months agotizen: Make an assertion stricter (SVACE)
Michal Bloch [Mon, 23 Jan 2023 18:32:00 +0000 (19:32 +0100)]
tizen: Make an assertion stricter (SVACE)

Change-Id: I88e5ea15729c2d65638b5eb208d7c2c800010f14

5 months agotizen: Set AmbientCapabilities in user@.service
Łukasz Stelmach [Tue, 28 Jun 2022 13:31:24 +0000 (15:31 +0200)]
tizen: Set AmbientCapabilities in user@.service

Replace[*] obsolete Capabilities option in user@.service with
AmbientCapabilities to provide appropriate set of capabilties for systemd
to manage user session.

According to capability set transformation rules described in
capabilities(7)

    if a process with nonzero user IDs performs an execve(2) then any
    capabilities that are present in its permitted and effective
    sets will be cleared.

This means that for systemd running with nonzero UID (i.e. as the user
session manager) to keep permitted and effective capability
sets non-empty without setting file capabilities for systemd it is
required to use ambient capabilities.

Using file capabilities for systemd may be a wrong choice in the long
term, because different sets of capabilities may be assigned to different
user sessions.

[*] During update to v255 previous commits changing the value of the
    Capabilities options were dropped.

Change-Id: I479fbbcf153737dbf88340ef4eb4be15d707a9a4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Refuse daemon-reload request during boot time
Hyotaek Shim [Thu, 2 Jun 2022 07:53:13 +0000 (16:53 +0900)]
tizen: Refuse daemon-reload request during boot time

daemon-reload operations can empty the cgroup procs of transient unit,
resulting in user@5001.service stop.

org.freedesktop.systemd1.Manager.Reload
  V
unit_free()
  V
unit_unwatch_pid() Unit=user-5001.slice <-- tlm-sessiond
  V
/sys/fs/cgroup/systemd/user.slice/user-5001.slice/session-c1.scope becomes empty
  V
systemd-logind removes session-c1.scope by garbage collection
  V
user@5001.service stops

Change-Id: I6195ed25a99c8506534b3bc8d72fbf83906b107c
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
5 months agotizen: Remove StopWhenUnneeded=yes in user-runtime-dir@.service.in
Hyotaek Shim [Thu, 26 May 2022 09:05:29 +0000 (18:05 +0900)]
tizen: Remove StopWhenUnneeded=yes in user-runtime-dir@.service.in

user-runtime-dir@.service should never stop.
When it stops,
user@5001.service(Requires=user-runtime-dir.service) stops accordingly.

Change-Id: I24f5780ab0eebcfbd2efa4c75141f817a9242bca
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
5 months agotizen: mount /run/user/UID with noexec
Karol Lewandowski [Thu, 24 Mar 2022 16:03:56 +0000 (17:03 +0100)]
tizen: mount /run/user/UID with noexec

There is no point in having /run/user/UID mounted with exec, especially
that /run itself is mounted with noexec.

Change-Id: I16d46c3f3103205edf81764ca479ee0a569f90f7

5 months agotizen: ensure standard reboot/poweroff not return to shell
Karol Lewandowski [Tue, 25 Jan 2022 17:20:21 +0000 (18:20 +0100)]
tizen: ensure standard reboot/poweroff not return to shell

Change-Id: Iece3b236f3f2848179dacd3a7ac8afdb008af482
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Remove final.target dependency from reboot sequence
Hyotaek Shim [Wed, 9 Jun 2021 10:42:35 +0000 (19:42 +0900)]
tizen: Remove final.target dependency from reboot sequence

Change-Id: I289839f05abd3830691119ac8c9a8a7c370e757e
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Do not use shutdown.target for shutdown
Karol Lewandowski [Mon, 10 May 2021 13:58:27 +0000 (15:58 +0200)]
tizen: Do not use shutdown.target for shutdown

shutdown.target is special unit to which systemd automatically adds
Conflicts= with for every unit.

By removing the relation to this target in shutdown units we practically
change the shutdown to use only explicitly configured units.

Change-Id: I93a43cdb3875250920e3e49817ffcd6f7f7725b6

5 months agotizen: unit: fix serial console baudrate to 115200
INSUN PYO [Thu, 4 Mar 2021 06:22:39 +0000 (15:22 +0900)]
tizen: unit: fix serial console baudrate to 115200

Due to noise coming into the serial console or other abnormal behavior,
agetty changes the baudrate in the following order: 115200, 38400, 9600.

Since tizen only uses 115200 baudrate, this is fixed.

It is reported in the DA.

Change-Id: Icf7224d1fabd4cdb45971ac9314ed4d19d220bb1

5 months agotizen: Search for configuration files in /hal dir
Karol Lewandowski [Tue, 1 Dec 2020 11:34:31 +0000 (12:34 +0100)]
tizen: Search for configuration files in /hal dir

Since Tizen 6.5, a HAL image is mounted on the /hal directory,
which contains hardware-specific configurations and drivers,
for better portability of Tizen.

This is the priority of path searching for configuration file.
 1. /etc/
 2. /run/
 3. /usr/local/lib/
 4. /usr/lib/
 5. /hal/lib/

When the same file exists, the higher priority file is used.
In this case, "/etc" is the highest priority.

Because hal can never override platform,
hal has a lower priority than platform.

Change-Id: Ie5e6cf98e64b4317bda23d49571b5c0f60084569
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
[ Change search order for /hal to be searched last ]
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Add an api for early initialization of input udev
Hyotaek Shim [Wed, 28 Oct 2020 07:36:05 +0000 (16:36 +0900)]
tizen: Add an api for early initialization of input udev

KERNEL[3.864698] add      /devices/virtual/rc/rc1/input2 (input)
DEVPATH=/devices/virtual/rc/rc1/input2
UDEV  [6.541278] add      /devices/virtual/rc/rc1/input2 (input)
DEVPATH=/devices/virtual/rc/rc1/input2

For fast input accessing, input udev should be set up early,
so that udev_device_get_is_initialized(input_udev_dev) check can be skipped before UDEV [6.541278].

Change-Id: I8182f856b0169f9c434bb360a49cfef109485c94
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
5 months agotizen: Emergency mode: add emergency-target-holder.service
INSUN PYO [Wed, 7 Oct 2020 03:13:45 +0000 (12:13 +0900)]
tizen: Emergency mode: add emergency-target-holder.service

The emergency-target-holder.service prevents emergency.target from completing.
If emergency.target is not completed,
other services that are not intended can not be run in emergency mode.

Detailed information.
============================================================================================================================
1. If local-fs.target fails, emergency.target is started by 'OnFailure=emergency.target'.

2. By 'OnFailureJobMode=replace-irreversibly' option,
   emergency.target cannot be canceled until completion.

3. When starting a new service by any activation(dbus, path, socket) in emergency mode,
   sysinit.target is always checked and started by 'DefaultDependency=yes'.

4. sysinit.target stops emergency.target because of the 'Conflicts=emergency.target' setting.

5. However, emergency.target can not be stopped
   because it started with 'replace-irreversibly' and not finished yet.

6. So sysinit.target can not be started.

7. New service can not be run because sysinit.target could not be started.
============================================================================================================================

Logs when running new services after applying this patch
=============================================================================================================================
bash-3.2# systemctl start deviced.service
Failed to start deviced.service: Transaction for deviced.service/start is destructive (emergency.target has 'start' job queued, but 'stop' is included in transaction).
See system logs and 'systemctl status deviced.service' for details.

bash-3.2# systemctl start sysinit.target
Failed to start sysinit.target: Transaction for sysinit.target/start is destructive (emergency.target has 'start' job queued, but 'stop' is included in transaction).
See system logs and 'systemctl status sysinit.target' for details.
==============================================================================================================================

Change-Id: I2cefadd7228d463fe1755e0c475f4563d98c8260
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Disable virtualization feature
Insun Pyo [Fri, 18 Sep 2020 06:04:53 +0000 (15:04 +0900)]
tizen: Disable virtualization feature

1. Tizen does not support continer and vm.

2. Resolving Smack error.
==========================================================================================
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322

Jan 01 09:00:19 localhost audit[535]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=535 comm="tlm-sessiond" name="environ" dev="proc" ino=12572
Jan 01 09:00:19 localhost audit[535]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=535 comm="tlm-sessiond" name="sched" dev="proc" ino=12322

Jan 01 09:00:30 localhost audit[949]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=949 comm="systemctl" name="sched" dev="proc" ino=12322
==========================================================================================

Change-Id: I8b947a0de6c030fa7dd4f8d8b080b1f7783a4010
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: test-copy: allow copy from symlinked dir
Łukasz Stelmach [Wed, 20 Mar 2024 09:40:39 +0000 (10:40 +0100)]
tizen: test-copy: allow copy from symlinked dir

Change-Id: I96f7e86c4f3b26bc79431ccd962dffc82befb14f
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: tests: make tests pass with non-utf8 locale
Adrian Szyndela [Fri, 27 Mar 2020 15:29:24 +0000 (16:29 +0100)]
tizen: tests: make tests pass with non-utf8 locale

Change-Id: Id9056e66b5b3619f7f30a8e1a12b184bf82b1991
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: replace realpath with readlink -f
Łukasz Stelmach [Tue, 19 Mar 2024 13:33:16 +0000 (14:33 +0100)]
tizen: replace realpath with readlink -f

Tizen's coreutils doesn't include 'realpath' utility, which was
introduced in coreutils 8.15. However, Tizen's coreutils includes 'readlink'
utility, which is very close to 'realpath' if called with '-f' param.

Change-Id: I08b6ed68fc6bf0c384b599f4de3724724345d5c7
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: sd-bus: fix fcntl flag for duplicating fd
Adrian Szyndela [Thu, 26 Mar 2020 10:19:37 +0000 (11:19 +0100)]
tizen: sd-bus: fix fcntl flag for duplicating fd

Change-Id: Ib9da92cc7b4b733ba8edb3bf04f46cce46c8d8fa

5 months agotizen: Increase the max number of INotify instances per real user ID
Hyotaek Shim [Mon, 17 Feb 2020 04:54:18 +0000 (13:54 +0900)]
tizen: Increase the max number of INotify instances per real user ID

Change-Id: I49a2ed1881d03def82be5a83ae5b6eb0db01ce6c
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
5 months agotizen: Use separate udev tag for devices in user session
Paweł Szewczyk [Fri, 26 Jul 2019 08:48:24 +0000 (10:48 +0200)]
tizen: Use separate udev tag for devices in user session

The system-user tag can be used to mark devices that will be enumerated by
systemd in 'systemd --user' instance.

Change-Id: I5889f50df6c329de36c2544ee5cf1ba1c52ad433
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
5 months agotizen: Add SECLABEL for /dev/net/tun
Cheoleun Moon [Fri, 19 Apr 2019 07:31:03 +0000 (16:31 +0900)]
tizen: Add SECLABEL for /dev/net/tun

Change smack label of /dev/net/tun to *

Change-Id: Ie3c7d4e908a077064cb4d5ba5e4e082a7409da64
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
5 months agotizen: All logins should use User::Shell smack label
Karol Lewandowski [Thu, 15 Nov 2018 13:02:51 +0000 (14:02 +0100)]
tizen: All logins should use User::Shell smack label

Change-Id: I8c0e7de59689aa83bd0273af4a66dd7a8f823ec9

5 months agotizen: socket: Serialize auxiliary file descriptors
Paweł Szewczyk [Fri, 5 Oct 2018 12:48:39 +0000 (14:48 +0200)]
tizen: socket: Serialize auxiliary file descriptors

When socket is serialized/deserialized it's important to keep all file
descriptors. This commit adds the serialization of auxiliary fds.

For now, only ffs sockets are using auxiliary descriptors.

Change-Id: I5fea0152fee51560e160fe5df4806b55a5b369d6
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Remove build warnings
pr.jung [Mon, 17 Sep 2018 06:39:43 +0000 (15:39 +0900)]
tizen: Remove build warnings

- Add TIZEN_JOURNALD_KMSG
- Print kmsg log on dlogutil because journald is heavier than dlogutil

Change-Id: I763cfccbb0d877c52d8448de4a50966a33c84981
Signed-off-by: pr.jung <pr.jung@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: logind: change smack label /run/user/%UID/system_share to "*"
INSUN PYO [Wed, 7 Mar 2018 07:40:53 +0000 (16:40 +0900)]
tizen: logind: change smack label /run/user/%UID/system_share to "*"

Change-Id: I7e08e670378f657d97e41b1f3f86c2c1ae16ccb9

5 months agotizen: logind: change group and permission /run/user/%UID
INSUN PYO [Tue, 27 Feb 2018 08:48:52 +0000 (17:48 +0900)]
tizen: logind: change group and permission /run/user/%UID

1. change group and pemission of /run/usre/%UID to uid/system_share,0750
2. make /run/user/%UID/system_share to uid/system_share,0750

Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ie22b8d4e96c1669f7068005952d83f7f4086b60c
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
5 months agotizen: Add well-known-names -> unique names on graph
Dawid Kuczma [Tue, 5 Dec 2017 08:31:16 +0000 (09:31 +0100)]
tizen: Add well-known-names -> unique names on graph

Usage:
--well-known-names=true

Change-Id: Ife01bd8d1a2d6acc4a45c6595bcc52c15d523742

5 months agotizen: Add tool for processing graph generated by busctl dot.
Dawid Kuczma [Mon, 6 Nov 2017 12:50:59 +0000 (13:50 +0100)]
tizen: Add tool for processing graph generated by busctl dot.

Usage:
1) gvpr -f graphinfo.gvpr input_file
2) gvpr -f graphinfo.gvpr input_file -a node -a NODE
3) gvpr -f graphinfo.gvpr input_file -a -node -a NODE

Change-Id: Ie4d05c715df17b61c8c7ad1f7724977c9c2f8bb8
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Generate graph from the traffic observable by busctl monitor.
Dawid Kuczma [Thu, 28 Sep 2017 13:08:20 +0000 (15:08 +0200)]
tizen: Generate graph from the traffic observable by busctl monitor.

Busctl dot is used to visualize IPC traffic.
It generate dot output whitch can be visualized e.g. by using graphviz.
Also adds filtering by sender/receiver pid.
Internally busctl dot works similar to busctl capture.
It reuses monitor() framework.

--pid=PID -only show messages where sender or receiver pid is equal to PID
--sender-pid=PID -only show messages where sender pid is equal to PID
--receiver-pid=PID -same as above, but filtering by receiver pid.

Signed-off-by: Dawid Kuczma <d.kuczma@partner.samsung.com>
Change-Id: Id9ce46f5085dde10010e89057f78d58b3088d3bc

5 months agotizen: units: [user@.service] Set Group as users
INSUN PYO [Wed, 27 Sep 2017 07:10:21 +0000 (16:10 +0900)]
tizen: units: [user@.service] Set Group as users

Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iaf0d6f57e6a4a124ac0301e38527bddcbb7fe679

5 months agotizen: Do not try to read /proc/1/cgroup from unprivileged processes
INSUN PYO [Tue, 11 Apr 2017 07:26:57 +0000 (16:26 +0900)]
tizen: Do not try to read /proc/1/cgroup from unprivileged processes

In Tizen access to /proc/1 is restricted via Smack. However, there are
unprivileged functions that need to work with information from this dir.
This function caches cgroup information in /run, allowing system-wide
access to this information.

Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I2a2977400c7917804599cfb6f225dab897dc8b14

5 months agotizen: Adding to send new system signal for user session done.
wchang kim [Tue, 15 Nov 2016 02:29:15 +0000 (11:29 +0900)]
tizen: Adding to send new system signal for user session done.

When user-session is done, systemd will send new system signal for user-session done.

interface=org.freedesktop.systemd1.Manager,member=UserSessionStartupFinished
UserSessionStartupFinished(t user_id)

Change-Id: I2ee9a2f232c22428894217fc2a519ec9c017fb2c
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
5 months agotizen: Description : Added the local PATH to a shell script.
wchang kim [Thu, 29 Sep 2016 22:17:55 +0000 (07:17 +0900)]
tizen: Description : Added the local PATH to a shell script.

Adding the local PATH into 50-systemd-user.sh

Change-Id: Ic466577a5db001d99a41410c950220cb49f3d55e
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
5 months agotizen: Description : Fixed the security hole.
wchang kim [Wed, 28 Sep 2016 09:05:28 +0000 (18:05 +0900)]
tizen: Description : Fixed the security hole.

In case of "systemctl --user enable <path>", a application can insert
the malicious user service.

So systemctl can only enable the service with service name.

Change-Id: I570f45985516ee3636720f36787080590e6f90ef
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
5 months agotizen: Watchdog : support to change timeout to USEC_INFINITY (disable timeout)
Kunhoon Baik [Thu, 1 Sep 2016 07:01:12 +0000 (16:01 +0900)]
tizen: Watchdog : support to change timeout to USEC_INFINITY (disable timeout)

Change-Id: I459471c2d210eb31c22a17e0e45653b3de04233a

5 months agotizen: Patch for unlimited timeout for User Session
Kunhoon Baik [Wed, 17 Aug 2016 12:25:55 +0000 (21:25 +0900)]
tizen: Patch for unlimited timeout for User Session

This patch should be used for specific purpose of Tizen

Change-Id: Ida7448da300b0c4cf9a5189c6f8903a2e8729df3

5 months agotizen: Set SmackProcessLabel to System::Privileged in selected units
jin-gyu.kim [Wed, 20 Jul 2016 11:28:15 +0000 (20:28 +0900)]
tizen: Set SmackProcessLabel to System::Privileged in selected units

The following commits were squashed:
    - I37c3c1ee8152f82bf45b50f6e81f7986b62547c1
    - Icd1e8c7794236670575df68d1fe35c35584f24f2
    - If9f30e57050f01004c56b85235ad50d49710ac53

--8<-------------------------------------------------------->8---

Set SmackProcessLabel to System::Privileged in selected units

Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
--8<-------------------------------------------------------->8---

logind: add SmackProcessLabel=System::Privileged to user-runtime-dir@.service

To change smack label /run/user/5001/system_share to "*", we need System::Privileged.

--8<-------------------------------------------------------->8---

tizen: Change the SMACK label for systemd in the user session

Change the SMACK label for systemd in the user session to
System::Privileged to avoid problems with handling
org.freedesktop.systemd1.Manager.GetUnitByPID method.

--8<-------------------------------------------------------->8---

Author: INSUN PYO <insun.pyo@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Disable Online KMSG logging
Kunhoon Baik [Thu, 30 Jun 2016 12:22:10 +0000 (21:22 +0900)]
tizen: Disable Online KMSG logging

This is Unavoidable Patch for me - This is quick patch for internal issue.
If you have a question for this patch, contact to hyeongsik.min and jinmin

Change-Id: Ie21692ea85ee2e7fbfa0265f9e606b204d27a558

5 months agotizen: Add smack label(*) to loop device for security policy
wchang kim [Wed, 29 Jun 2016 23:38:55 +0000 (08:38 +0900)]
tizen: Add smack label(*) to loop device for security policy

Add smack label(*) to loop device for security policy

Change-Id: If9271c209b05f73c20c66f7e30a7d18e070c2b4a
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
5 months agotizen: Set PATH in local script for security policy
wchang kim [Wed, 29 Jun 2016 00:18:37 +0000 (09:18 +0900)]
tizen: Set PATH in local script for security policy

Set PATH in local script for security

Change-Id: If1f6163bdd936222e103822ee01d4c9a7e886a72
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
5 months agotizen: For using persistent storage in AUTO mode.
Kunhoon Baik [Tue, 7 Jun 2016 13:51:38 +0000 (22:51 +0900)]
tizen: For using persistent storage in AUTO mode.

As Tizen default, /opt is mounted seperately, and the /var -> /opt/var
Thus, systemd flush should be done after mounting /opt.

In generic, I think that systemd-journal-flush should be done after local-fs.target
because several devices have own partition policies.

Change-Id: I4acb4bd26365681ea798441c2f154b8ba5422665
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Run the serial-getty (Open the serial console) eariler for debugging convenience.
Kunhoon Baik [Sat, 26 Mar 2016 07:31:34 +0000 (16:31 +0900)]
tizen: Run the serial-getty (Open the serial console) eariler for debugging convenience.

Change-Id: I239977c2872ed219bf2591a80c1153eeba4cdc89

5 months agotizen: cg_get_root_path: Return default root path if it's not accessible due to insuf...
Karol Lewandowski [Wed, 21 Oct 2015 16:24:14 +0000 (18:24 +0200)]
tizen: cg_get_root_path: Return default root path if it's not accessible due to insufficient permission

This commit provides default value ("/") for root path in case where
/proc/1/cgroup is not readable due to insufficient permission (eg. in
MAC system).

Inability to read root cgroup path leads to failure in determining
instance type being used (system, user), eg.

  user@localhost:~$ /usr/lib/systemd/user-generators/systemd-dbus1-generator
  [13087.175648] audit: type=1400 audit(946701489.290:1463): lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System" requested=r pid=14081 comm="systemd-dbus1-g" name="cgroup" dev="proc" ino=11149
  Failed to determine whether we are running as user or system instance: Permission denied

  strace:  open("/proc/1/cgroup", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 EACCES (Permission denied)

Change-Id: I60a17ad05b8b49cd1fb1c8aa3ad8f46d34231df3
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
5 months agotizen: units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled
Sangjung Woo [Wed, 14 Oct 2015 06:38:25 +0000 (15:38 +0900)]
tizen: units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled

If SMACK is enabled, 'smackfsroot=*' option should be specified in
tmp.mount file since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.

Note: The original commit has been dropped upstream and replaced with
SmackFileSystemRoot  option later renamed to SmackFileSystemRootLabel.
Alas the option didn't work properly and has been dropped too.

Change-Id: I11df1ad555f376eaf0588d35e91789c9e2b07f8d
Origin: https://github.com/systemd/systemd/commit/409c2a13fd65692c6
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Tune of swap
Michael I Doherty [Tue, 23 Jul 2013 13:12:50 +0000 (14:12 +0100)]
tizen: Tune of swap

Allow swap to be activated concurrently with sysinit target

Change-Id: I56aef31809e50ae6c4b10174c0f3b144f72b9746

5 months agotizen: Add pam_systemd.so to systemd-user
Łukasz Stelmach [Wed, 29 Oct 2014 11:25:32 +0000 (12:25 +0100)]
tizen: Add pam_systemd.so to systemd-user

+ Add pam_systemd.so to /etc/pam.d/systemd-user

Change-Id: I87e9b5514f2cc77c37bc40aac4f15a4c741ee4e4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Add 55-udev-smack-default.rules
Michael Demeter [Fri, 11 Oct 2013 22:37:57 +0000 (15:37 -0700)]
tizen: Add 55-udev-smack-default.rules

The following commits were squashed
    - Iebe2e349cbedb3013abdf32edb55e9310f1d17f5
    - Ia41c0f7d8d4d98e34b4260cd9a8a55d99c5a33a7
    - I61c7a3bb1098406172e5ed289cc0510b02794ea5
    - Ie955499c4a0bf1581cd64244cb94acfa6279719d
    - I706f14f7e8d767b0d7904a08e793f424c47e001b
    - I8174ccd81aa3970a76a6f3680234dae77d920429

--8<-------------------------------------------------------->8---

tizen-smack: Handling of /dev

Smack enabled systems need /dev special devices correctly labeled

- Add Check for smack in rules.d/meson.build to include smack default rules
- Add smack default rules to label /dev/xxx correctly for access

--8<-------------------------------------------------------->8---

tizen-smack: label sound devices with *

--8<-------------------------------------------------------->8---

55-udev-smack-default.rules: add group rw permission to input nodes

--8<-------------------------------------------------------->8---

tizen: Change the permission of /dev/kmsg to "root:log 660 *"

Through this patch, /usr/bin/dlog_logger (log:log) can access /dev/kmsg
without root credentials.

--8<-------------------------------------------------------->8---

Change smack label of /dev/full from '_' to '*'

--8<-------------------------------------------------------->8---

Apply priv_keygrab:r ACL rule to /dev/input

--8<-------------------------------------------------------->8---

Author: Michael Demeter <michael.demeter@intel.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
5 months agotizen: Temporarily disable Smack for POSIX shared memory
Rafal Krypa [Wed, 2 Sep 2015 13:27:50 +0000 (15:27 +0200)]
tizen: Temporarily disable Smack for POSIX shared memory

Mount /dev/shm directory, used by glibc for implementation of POSIX shared
memory segments, will now be mounted with System::Run label, transmutable.
This effectively disables any access control by Smack on POSIX SHMs.
Programs running with the same UID and GIDs, but different Smack labels
(i.e. applications, user services) will be able to spy on each others SHM.

This is a temporary workaround for problems with audio architecture not
compliant with Tizen 3.0 security architecture. Applications using pulse
audio try to exchange SHM segments.

This patch is to be reverted in the near future. It is needed for now to
have a working release.

Change-Id: I82fa7b33ad415a5b57d6e2c3e8c6ea642c659ab7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
5 months agotizen: Handling of /run and /sys/fs/cgroup
Michael Demeter [Fri, 11 Oct 2013 22:37:57 +0000 (15:37 -0700)]
tizen: Handling of /run and /sys/fs/cgroup

Make /run a transmuting directory to enable systemd
communications with services in the User domain.

Change-Id: I9e23b78d17a108d8e56ad85a9e839b6ccbe4feff

5 months agotizen: Add %install_service rpm macro
Anas Nashif [Sun, 9 Dec 2012 17:51:23 +0000 (09:51 -0800)]
tizen: Add %install_service rpm macro

Change-Id: Idc7f5c392c96981d95420b0d747eaf28964b2d02
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Delayed target
INSUN PYO [Fri, 7 Jun 2019 06:30:41 +0000 (15:30 +0900)]
tizen: Delayed target

The following commits were squashed:
    - I0527d1387500c699be0fbc319c702a77d9ae587b
    - I56db28be6f0cecd0562ba8db6bb1d4af0b1a3b7b
    - I2f291ea8b5f535157eec4f105f2c37b0cea448c9
    - I54e51fc3fe563961f18b953215cee41c3bf4510e
    - I2206ada9509d503ac02733d0cb0c1539d932b184
    - I0d87c574086073b28aa52dccca3e760914e2abbd
    - Ibec5e4f4030e26235dbba6610a5142d0e29e423f
    - Ib742d57963db8cfba2a091d4de1562ab0b95fc7a
    - I7602100652f478b3d66fcba215659f39a63694e2
    - I4ad1ff6a8084ed9db7d630f533a9348b41decbf0
    - I8da0c1f224a74d45badd82f2ac1dda13cb8febbb
    - Ifacc46fcc5c7ec7bb52f9b4f47ed5ea98aa5fd5a
    - I6e2189c2cd0d4a86db995651b43a4dcdc25fcabf
    - I581c5dbcf216806dfcff826bbdf7ca82dc944676
    - Ic17dd0559544c323dedfe7c9b5ad13d01bc65588

--8<-------------------------------------------------------->8---

Add delayed target

--8<-------------------------------------------------------->8---

Change the config value of the "RemainAfterExit=" ("true" -> "yes")

--8<-------------------------------------------------------->8---

Rework delayed.target

start delayed.service --> finish default.target --> start all of delayed.service -->
finish delayed.target --> StartupFinished

--8<-------------------------------------------------------->8---

delayed: replace dbus-send with a dedicated program

In release versions there can be no helper programs for sending
any messages over D-Bus. Thus, dbus-send, busctl etc. are removed.

This commit replaces dbus-send use cases with a specialized little
tool, which does what dbus-send did in those cases.

--8<-------------------------------------------------------->8---

Delayed target: check interval is changed from 1 second to 0.2 seconds.

--8<-------------------------------------------------------->8---

Fix delayed.target

Add binary wait-target-done.c for waiting creation of *.done file.

--8<-------------------------------------------------------->8---

Fix wait-target-done.c

1. Change inotify fd to nonblock.
2. Change timeout to use alarm(). And make it encompass
   the whole process, which now includes wd allocation.
3. Add dependency with tlm.service to
   system-delayed-target-trigger.service
4. Add journal log.

--8<-------------------------------------------------------->8---

Add Conflicts=emergency.service in system-delayed-target-trigger.service

--8<-------------------------------------------------------->8---

Restore 'Default Dependendies' to system-default-target-done.service and system-delayed-target-trigger.service

Add 'Requires=sysinit.target' and 'After=sysinit.target basic.target'

Two dependencies prevent those service from running in emergency mode,
because sysinit.target always fails in emergency mode.

--8<-------------------------------------------------------->8---

Delayed target: add delaying the start of delayed.target

If /etc/systemd/delayed-target.conf exists and has DelayedTargetWait environment value,
delayed.target starts after DelayedTargetWait seconds.

If the /tmp/.systemd_delayed_target_wait file is created within the delayed time,
delayed.target starts immediately.

--8<-------------------------------------------------------->8---

Delayed target: add delaying the start of delayed.target #2

Delay time is also applied to user systemd.
System systemd is already applied.

--8<-------------------------------------------------------->8---

delayed: remove unused file

Change-Id: Ifacc46fcc5c7ec7bb52f9b4f47ed5ea98aa5fd5a

--8<-------------------------------------------------------->8---

delayed: rework dealyed service without capability of /usr/bin/touch

VD security remove capability of /usr/bin/touch. (cap_dac_override=ei)

Change permision and group of /run/systemd/system
from 0755/root/root to 0775/root/systemf_fw.

--8<-------------------------------------------------------->8---

Add device_board_set_boot_success in booting-done.service

/usr/bin/device_board_set_boot_success reports boot success to the bootloader.
If boot success is not reported for, e.g., 10-times booting in a row,
bootloader recovers the system.

-- Bootloader --
If (BOOT_SUCCESS flag is set) {
Clear the BOOT_SUCCESS flag
BOOT_FAIL_COUNT = 0
} Else {
If (++ BOOT_FAIL_COUNT > 10) {
BOOT_FAIL_COUNT = 0
Restore to the other partitions (e.g., b -> a)
Proceed to the recovery booting (ramdisk-recovery, bootmode="recovery")
          }
}

Proceed to the normal booting (ramdisk, bootmode="")

--8<-------------------------------------------------------->8---

Run booting-done.service as root:root System

booting-done.service should be privileged to be responsible for
checkpointing booting status not only for normal booting
but also for FOTA and recovery booting.

--8<-------------------------------------------------------->8---

Author: Insun Pyo <insun.pyo@samsung.com>
Author: Adrian Szyndela <adrian.s@samsung.com>
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
5 months agotizen: Serialize and deserialize Capabilities
Łukasz Stelmach [Tue, 23 Apr 2024 08:38:32 +0000 (10:38 +0200)]
tizen: Serialize and deserialize Capabilities

Pass capabilities as configured in service files to systemd-executor. To
avoid using cap_to_text() the text representation of capabilities from
a unit file is preserved in ExecContext.

Change-Id: I9903a741e35ec890747866838747bf5af1fe9f6e
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
5 months agotizen: Revert: "core: drop Capabilities= setting"
Łukasz Stelmach [Thu, 7 Mar 2024 22:22:46 +0000 (23:22 +0100)]
tizen: Revert: "core: drop Capabilities= setting"

This reverts commit 479050b36302a360048c2af5e79683d14ad56fb3

Change-Id: I24367aea159b1decc732b3fbaf448a40e59f2634
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
6 months agoFix _do_log conditions in log_exec_* macros
Łukasz Stelmach [Thu, 25 Apr 2024 14:10:49 +0000 (16:10 +0200)]
Fix _do_log conditions in log_exec_* macros

The expression for calculation of the _do_log values in the log_exec_*
macros need to be the same as the unit_log_level_test() function, used
to calculate _do_log in unit.h. The only difference between execute.h
and unit.h is the lack of the Unit structure.

Change-Id: I14f40cac7b05696e9091fa24fbed314459a737d1
Origin: https://github.com/systemd/systemd/commit/e85be4983d974063b5210e6df77d9109ffbc9932
Fixes: b646fc324a ("core: ensure execute/spawn functions can work without Unit object")
Fixes: 210ca71cb5 ("core/execute: clean up log_exec_full_errno and friends")
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
6 months agocore/execute: clean up log_exec_full_errno and friends
Mike Yuan [Mon, 19 Feb 2024 12:55:51 +0000 (20:55 +0800)]
core/execute: clean up log_exec_full_errno and friends

Also drop unused log_exec_struct_iovec().

Change-Id: I3077b3c05cc7080ea34cdbf408eb72fdc451d1be
Origin: https://github.com/systemd/systemd/commit/210ca71cb5d9f41df3b23eef28d6742bd90a0362
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
6 months agocore/exec-invoke: record correct exit status when failed to locate executable
Mike Yuan [Fri, 16 Feb 2024 12:00:06 +0000 (20:00 +0800)]
core/exec-invoke: record correct exit status when failed to locate executable

Follow-up for 4d8b0f0f7aeadc401ac02f67576ccb1de8cf79e6

After the mentioned commit, when the ExecCommand executable is missing,
and failure will be ignored by manager, we exit with EXIT_SUCCESS at executor
side too. The behavior however contradicts systemd.service(5), which states:

> If the executable path is prefixed with "-", an exit code of the command
> normally considered a failure (i.e. non-zero exit status or abnormal exit
> due to signal is _recorded_, but has no further effect and is considered
> equivalent to success.

and thus makes debugging unexpected failures harder. Therefore, let's still
exit with EXIT_EXEC, but just skip LOG_ERR level log.

Change-Id: Iaa3b66e6f16d5410f94f9bf8b302b710bf611006
Origin: https://github.com/systemd/systemd/commit/80b18d217a0d2ef1f3b6793f8038a40ac0b5f719
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
11 months agoNEWS: finalize for v255 v255
Luca Boccassi [Wed, 6 Dec 2023 20:32:40 +0000 (20:32 +0000)]
NEWS: finalize for v255

11 months agoMerge pull request #30334 from DaanDeMeyer/repart-fixes
Luca Boccassi [Wed, 6 Dec 2023 20:29:04 +0000 (20:29 +0000)]
Merge pull request #30334 from DaanDeMeyer/repart-fixes

repart: Add Minimize=best to --make-ddi= partition definitions

11 months agoREADME: mention Matrix channel
Lennart Poettering [Wed, 6 Dec 2023 18:20:35 +0000 (19:20 +0100)]
README: mention Matrix channel

11 months agoMerge pull request #30341 from bluca/news
Luca Boccassi [Wed, 6 Dec 2023 16:57:29 +0000 (16:57 +0000)]
Merge pull request #30341 from bluca/news

Update hwdb and NEWS

11 months agotest: Add test case for --make-ddi=sysext
Daan De Meyer [Wed, 6 Dec 2023 11:18:32 +0000 (12:18 +0100)]
test: Add test case for --make-ddi=sysext

Also make sure that the sysext is big enough to not fit in the
minimum partition size so we know Minimize= is being used.

11 months agorepart: Add Minimize=best to --make-ddi= partition definitions
Daan De Meyer [Tue, 5 Dec 2023 13:56:15 +0000 (14:56 +0100)]
repart: Add Minimize=best to --make-ddi= partition definitions

Otherwise, repart won't calculate the minimal size of the partition
automatically and things will fail once the partitions exceed the
minimal partition size (10M).

11 months agohwdb: update
Luca Boccassi [Wed, 6 Dec 2023 10:06:50 +0000 (10:06 +0000)]
hwdb: update

ninja -C build update-hwdb

11 months agoNEWS: note that newly introduced tools are experimental
Luca Boccassi [Wed, 6 Dec 2023 10:00:25 +0000 (10:00 +0000)]
NEWS: note that newly introduced tools are experimental

So that we can change interfaces for at least one release if needed

11 months agoNEWS: update contributors list
Luca Boccassi [Wed, 6 Dec 2023 09:57:38 +0000 (09:57 +0000)]
NEWS: update contributors list

11 months agoukify: fix handling of --secureboot-certificate-validity= (#30315)
Roland Singer [Wed, 6 Dec 2023 09:49:47 +0000 (10:49 +0100)]
ukify: fix handling of  --secureboot-certificate-validity= (#30315)

Before:
$ python src/ukify/ukify.py genkey --secureboot-private-key=sb2.key --secureboot-certificate=sb2.cert --secureboot-certificate-validity=111
Traceback (most recent call last):
  File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 1660, in <module>
    main()
  File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 1652, in main
    generate_keys(opts)
  File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 943, in generate_keys
    key_pem, cert_pem = generate_key_cert_pair(
                        ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 891, in generate_key_cert_pair
    now + ONE_DAY * valid_days
          ~~~~~~~~^~~~~~~~~~~~
TypeError: can't multiply sequence by non-int of type 'datetime.timedelta'

Now:
$ python src/ukify/ukify.py genkey --secureboot-private-key=sb2.key --secureboot-certificate=sb2.cert --secureboot-certificate-validity=111
Writing SecureBoot private key to sb2.key
Writing SecureBoot certificate to sb2.cert

The new code is also clearer.

11 months agorepart: use correct errno
Mike Yuan [Tue, 5 Dec 2023 13:53:51 +0000 (21:53 +0800)]
repart: use correct errno

11 months agotest: load the io controller before checking if io.latency exists
Frantisek Sumsal [Tue, 5 Dec 2023 11:22:20 +0000 (12:22 +0100)]
test: load the io controller before checking if io.latency exists

Otherwise the following test gets always skipped.

11 months agorepart: Fix sysext definitions for --make-ddi=
Daan De Meyer [Tue, 5 Dec 2023 10:21:15 +0000 (11:21 +0100)]
repart: Fix sysext definitions for --make-ddi=

CopyFiles= does not support multiple directories separated by
whitespace. Instead the setting has to be specified multiple times.

11 months agoselinux: downgrade log about state to trace
Luca Boccassi [Tue, 5 Dec 2023 11:53:31 +0000 (11:53 +0000)]
selinux: downgrade log about state to trace

It is printed on every invocation of sd-executor, which is noisy and not useful

Follow-up for: bb5232b6a3b8a

11 months agobasic: fix typo
Yu Watanabe [Tue, 5 Dec 2023 14:50:25 +0000 (23:50 +0900)]
basic: fix typo

11 months agofix: The example2 in hwdb.xml is unreasonable
huyubiao [Tue, 5 Dec 2023 12:53:32 +0000 (20:53 +0800)]
fix: The example2 in hwdb.xml is unreasonable

use evdev:atkbd:dmi:bvnAcer:bvr:bdXXXXX:bd08/05/2010:svnAcer:pnX123: instead of evdev:atkbd:dmi:bvnAcer:bdXXXXX:bd08/05/2010:svnAcer:pnX123

11 months agoMerge pull request #30313 from mrc0mmand/ubuntu-ci
Luca Boccassi [Mon, 4 Dec 2023 18:23:34 +0000 (18:23 +0000)]
Merge pull request #30313 from mrc0mmand/ubuntu-ci

Reduce the number of deny-list files for Ubuntu CI

11 months agotools/meson-vcs-tag: the third argument is optional
Yu Watanabe [Mon, 4 Dec 2023 03:36:53 +0000 (12:36 +0900)]
tools/meson-vcs-tag: the third argument is optional

Follow-up for 1a71ac07adafebe7e0074f92d049f72968ca2d47.

11 months agoMerge pull request #30314 from DaanDeMeyer/dmi
Luca Boccassi [Mon, 4 Dec 2023 10:29:06 +0000 (10:29 +0000)]
Merge pull request #30314 from DaanDeMeyer/dmi

Document kernel configs required for reading credentials from SMBIOS

11 months agomkosi: Update comment why we can't use linux-kvm yet
Daan De Meyer [Mon, 4 Dec 2023 10:16:52 +0000 (11:16 +0100)]
mkosi: Update comment why we can't use linux-kvm yet

11 months agoDocument kernel configs required for reading credentials from SMBIOS
Daan De Meyer [Mon, 4 Dec 2023 10:13:59 +0000 (11:13 +0100)]
Document kernel configs required for reading credentials from SMBIOS

11 months agotest: reenable TEST-30 on i*86
Frantisek Sumsal [Mon, 4 Dec 2023 09:57:39 +0000 (10:57 +0100)]
test: reenable TEST-30 on i*86

The original reason for deny-listing it was that it's flaky there. I'm
not sure if that's still the case, but the Ubuntu CI jobs for i*86 are
gone, so this file shouldn't be needed anymore anyway.

11 months agotest: skip TEST-36 on s390x and powerpc
Frantisek Sumsal [Mon, 4 Dec 2023 09:51:35 +0000 (10:51 +0100)]
test: skip TEST-36 on s390x and powerpc

As QEMU there doesn't support NUMA nodes. Also, drop the now unneeded
deny-list file for Ubuntu CI.

11 months agotest: check if 'btrfs filesystem' supports 'mkswapfile'
Frantisek Sumsal [Mon, 4 Dec 2023 09:23:42 +0000 (10:23 +0100)]
test: check if 'btrfs filesystem' supports 'mkswapfile'

Instead of deny-listing the test on Ubuntu CI, so it gets enabled
automagically once btrfs-progs is updated to a newer version there.

11 months agotest: reenable TEST-25-IMPORT in Ubuntu CI
Frantisek Sumsal [Mon, 4 Dec 2023 09:16:02 +0000 (10:16 +0100)]
test: reenable TEST-25-IMPORT in Ubuntu CI

Let's see if #13973 is still an issue.

11 months agoexecutor: apply LogLevelMax earlier
Luca Boccassi [Sun, 3 Dec 2023 18:30:07 +0000 (18:30 +0000)]
executor: apply LogLevelMax earlier

SELinux logs before we have a chance to apply it, move it up as it
breaks TEST-04-JOURNAL:

[  408.578624] testsuite-04.sh[11463]: ++ journalctl -b -q -u silent-success.service
[  408.578743] testsuite-04.sh[11098]: + [[ -z Dec 03 13:38:41 H systemd-executor[11459]: SELinux enabled state cached to: disabled ]]

Follow-up for: bb5232b6a3b8a

11 months agoMerge pull request #30305 from yuwata/seccomp-fix
Yu Watanabe [Mon, 4 Dec 2023 02:44:58 +0000 (11:44 +0900)]
Merge pull request #30305 from yuwata/seccomp-fix

seccomp: override the default action only when the filter is allow-list

11 months agotests: fix section mapping in test_ukify.py
Zbigniew Jędrzejewski-Szmek [Sat, 2 Dec 2023 09:26:05 +0000 (10:26 +0100)]
tests: fix section mapping in test_ukify.py

The regexp only worked if the sections were small enough for the size to
start with "0". I have an initrd that is 0x1078ec7e bytes, so the tests
would spuriously fail.

11 months agoMerge pull request #30297 from keszybz/fixups
Luca Boccassi [Sun, 3 Dec 2023 12:34:24 +0000 (12:34 +0000)]
Merge pull request #30297 from keszybz/fixups

A few unrelated fixups for recent commits

11 months agoseccomp-util: also use ENOSYS for unknown syscalls in seccomp_load_syscall_filter_set()
Yu Watanabe [Sun, 3 Dec 2023 09:01:20 +0000 (18:01 +0900)]
seccomp-util: also use ENOSYS for unknown syscalls in seccomp_load_syscall_filter_set()

Follow-up for 2331c02d06cae97b87637a0fc6bb4961b509ccf2.

Note, currently, the function is always called with SCMP_ACT_ALLOW as
the default action, except for the test. So, this should not change
anything in the runtime code.

11 months agoseccomp-util: override default action only when the filter is allow-list
Yu Watanabe [Sun, 3 Dec 2023 08:37:02 +0000 (17:37 +0900)]
seccomp-util: override default action only when the filter is allow-list

Follow-up for 2331c02d06cae97b87637a0fc6bb4961b509ccf2.

Fixes #30304.

11 months agostdio-bridge: return immediately if we can
Zbigniew Jędrzejewski-Szmek [Wed, 29 Nov 2023 13:38:06 +0000 (14:38 +0100)]
stdio-bridge: return immediately if we can

Follow-up for 0321248b79d14ceddd36140b327332f145ae68e7.

11 months agorun: fix bad escaping and memory ownership confusion
Zbigniew Jędrzejewski-Szmek [Wed, 29 Nov 2023 13:13:33 +0000 (14:13 +0100)]
run: fix bad escaping and memory ownership confusion

arg_description was either set to arg_unit (i.e. a const char*), or to
char *description, the result of allocation in run(). But description
was decorated with _cleanup_, so it would be freed when going out of the
function. Nothing bad would happen, because the program would exit after
exiting from run(), but this is just all too messy.

Also, strv_join(" ") + shell_escape() is not a good way to escape command
lines. In particular, one the join has happened, we cannot distinguish
empty arguments, or arguments with whitespace, etc. We have a helper
function to do the escaping properly, so let's use that.

Fixup for 2c29813da3421b77eca5e5cdc3b9a863cad473b9.