Zbigniew Jędrzejewski-Szmek [Wed, 20 Nov 2019 17:33:32 +0000 (18:33 +0100)]
nspawn: dump capability list with --capabilities=help
Zbigniew Jędrzejewski-Szmek [Tue, 19 Nov 2019 09:15:57 +0000 (10:15 +0100)]
resolve: rename define fixing a typo
Zbigniew Jędrzejewski-Szmek [Wed, 20 Nov 2019 22:53:03 +0000 (23:53 +0100)]
Merge pull request #14093 from poettering/cgroups-delegate-xattr
mark delegated cgroups via xattr, and visualize the cut points in cgls
Lennart Poettering [Wed, 20 Nov 2019 16:49:38 +0000 (17:49 +0100)]
update TODO
Lennart Poettering [Wed, 20 Nov 2019 16:44:54 +0000 (17:44 +0100)]
cgls: visually separate processes from cgroups
Let's show them in grey, since we generally want to focus on showing the
cgroups much less than the processes in them.
Lennart Poettering [Wed, 20 Nov 2019 16:43:09 +0000 (17:43 +0100)]
cgls: show delegation boundaries by underlining the cgroup in the output
This should help visualize where one manager's territory begins and
another's starts. Do this by underlining (since it's a "cut" point an
underline made most sense to me). Since underlining is not visible on
the console let's also show an ellipses for all lines that are
delegation boundaries.
Unfortunately this all is not as useful as it appears. The
"trusted.delegate" xattr is only visible to roo, which means
"systemd-cgls" has be called as root to show the boundaries.
Unfortunately cgroupfs doesn't support unprivileged xattrs on cgroups.
Lennart Poettering [Wed, 20 Nov 2019 16:42:02 +0000 (17:42 +0100)]
core: set "trusted.delegate" xattr on cgroups that are delegation boundaries
Let's mark cgroups that are delegation boundaries to us. This can then
be used by tools such as "systemd-cgls" to show where the next manager
takes over.
Lennart Poettering [Wed, 20 Nov 2019 16:41:48 +0000 (17:41 +0100)]
cgroup-util: add new cg_remove_xattr() for removing xattr from cgroup
Lennart Poettering [Wed, 20 Nov 2019 16:27:56 +0000 (17:27 +0100)]
Merge pull request #14090 from poettering/clonenewns-fix
make sure systemd-logind.service can start if unshare() is blocked
Lennart Poettering [Wed, 20 Nov 2019 11:47:52 +0000 (12:47 +0100)]
update NEWS
Zbigniew Jędrzejewski-Szmek [Wed, 20 Nov 2019 15:15:09 +0000 (16:15 +0100)]
Merge pull request #14036 from keszybz/systectl-add-logs-and-watchdogs
Systemctl add log-level, log-target, service-watchdogs commands
Zbigniew Jędrzejewski-Szmek [Wed, 20 Nov 2019 15:13:46 +0000 (16:13 +0100)]
Merge pull request #14074 from keszybz/rename-system-options
Rename system-options
Lennart Poettering [Wed, 20 Nov 2019 11:27:28 +0000 (12:27 +0100)]
core: don't insist on ProtectHostname= if unshare() is blocked
Previously we'd only skip ProtectHostname= if kernel support for
namespaces was lacking. With this change we also accept if unshare()
fails because it is blocked.
Lennart Poettering [Wed, 20 Nov 2019 11:23:17 +0000 (12:23 +0100)]
core: be more lenient when checking whether sandboxing is necessary
In some containers unshare() is made unavailable entirely. Let's deal
with this that more gracefully and disable our sandboxing of services
then, so that we work in a container, under the assumption the container
manager is then responsible for sandboxing if we can't do it ourselves.
Previously, we'd insist on sandboxing as soon as any form of BindPath=
is used. With this change we only insist on it if we have a setting like
that where source and destination differ, i.e. there's a mapping
established that actually rearranges things, and thus would result in
systematically different behaviour if skipped (as opposed to mappings
that just make stuff read-only/writable that otherwise arent').
(Let's also update a test that intended to test for this behaviour with
a more specific configuration that still triggers the behaviour with
this change in place)
Fixes: #13955
(For testing purposes unshare() can easily be blocked with
systemd-nspawn --system-call-filter=~unshare.)
Lennart Poettering [Wed, 20 Nov 2019 11:22:40 +0000 (12:22 +0100)]
errno-util: add ERRNO_IS_PRIVILEGE() helper
Anita Zhang [Wed, 20 Nov 2019 05:50:51 +0000 (21:50 -0800)]
id128: fix initializer element is not constant
Was getting:
../src/id128/id128.c:15:1: error: initializer element is not constant
static sd_id128_t arg_app = SD_ID128_NULL;
^
when building on CentOS 7.
Other parts of the code initialize `static sd_id128_t` to {} and this
was the original setting before
a19fdd66c22 anyways.
Lennart Poettering [Tue, 19 Nov 2019 17:54:47 +0000 (18:54 +0100)]
test: make sure our tests get exclusive TTY access
This sould make our test suite a bit more robust if it is slow running.
A few of our test services use StandardOutput=tty or StandardError=tty
in the tests in order to connect test services to the container console.
This gets into conflict with the container getty which wants exclusive
access to the console. Since the container getty is started with
Type=idle it typically gets started after a timeout only if the TTY is
already used, which hence introduces a race: if the test finishes
earlier all is good, if not, then the test gets kicked off the TTY which
then causes bash to abort since it cannot write any error messages
anymore.
Let's fix this hence: all tests that connect to the tty are now
synchronized to getty-pre.target, so they finish before any getty is
started.
Lennart Poettering [Tue, 19 Nov 2019 23:54:28 +0000 (00:54 +0100)]
Merge pull request #14085 from poettering/ask-password-api
make sure asking for a pw works in a container too if keyctl() and friends are blocked
Lennart Poettering [Mon, 19 Aug 2019 13:15:13 +0000 (15:15 +0200)]
pam_systemd: prolong method call timeout when allocating session
Starting a session might involve starting the user@.service instance,
hence let's make the bus call timeout substantially longer.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=83828
Zbigniew Jędrzejewski-Szmek [Tue, 19 Nov 2019 19:46:53 +0000 (20:46 +0100)]
Merge pull request #14078 from poettering/cryptsetup-fixlets
trivial cryptsetup fixlets (mostly: use more STR_IN_SET())
Zbigniew Jędrzejewski-Szmek [Tue, 19 Nov 2019 19:45:15 +0000 (20:45 +0100)]
Merge pull request #14079 from poettering/pam-systemd-fixlets
trivial pam_systemd fixlets
Yu Watanabe [Mon, 18 Nov 2019 11:56:33 +0000 (20:56 +0900)]
udev: do not propagate error in executing PROGRAM and IMPORT{program}
Also, this adds more logs.
Fixes #14027.
Lennart Poettering [Tue, 19 Nov 2019 17:47:31 +0000 (18:47 +0100)]
ask-password: skip kernel keyring logic if we see EPERM
Let's improve compat with container managers that block the keyring
logic and return EPERM for them.
Lennart Poettering [Mon, 15 Jul 2019 11:32:03 +0000 (13:32 +0200)]
errno: add new ERRNO_IS_NOT_SUPPORTED() helper
Lennart Poettering [Tue, 19 Nov 2019 14:42:55 +0000 (15:42 +0100)]
update TODO
Zbigniew Jędrzejewski-Szmek [Tue, 19 Nov 2019 14:35:25 +0000 (15:35 +0100)]
Merge pull request #14080 from poettering/table-uid-pid
format-table: introduce TABLE_UID/TABLE_GID to match TABLE_PID and use it
Lennart Poettering [Wed, 21 Aug 2019 08:45:42 +0000 (10:45 +0200)]
cryptsetup: use STR_IN_SET() where appropriate
Note that this slightly changes behaviour: "none" is only allowed as
option, if it's the only option specified, but not in combination with
other options. I think this makes more sense, since it's the choice when
no options shall be specified.
Lennart Poettering [Wed, 21 Aug 2019 08:40:04 +0000 (10:40 +0200)]
cryptsetup: minor coding style clean-ups
Lennart Poettering [Tue, 13 Aug 2019 12:14:42 +0000 (14:14 +0200)]
pam_systemd: add one more assert
Lennart Poettering [Tue, 13 Aug 2019 12:14:47 +0000 (14:14 +0200)]
pam_systemd: don't use PAM_SYSTEM_ERR for something that isn't precisely a system error
It's not really clear which PAM errors to use for which conditions, but
something called PAM_SYSTEM_ERR should probably not be used when the
error is not the result of some system call failure.
Lennart Poettering [Mon, 12 Aug 2019 14:39:55 +0000 (16:39 +0200)]
pam-systemd: voidify pam_get_item() calls
Lennart Poettering [Mon, 12 Aug 2019 14:39:40 +0000 (16:39 +0200)]
pam-systemd: remove duplicate error logging
Lennart Poettering [Wed, 7 Aug 2019 12:50:01 +0000 (14:50 +0200)]
login: port tables over to use TABLE_UID/TABLE_PID
Lennart Poettering [Wed, 7 Aug 2019 10:50:42 +0000 (12:50 +0200)]
format-table: add UID/GID output support to format-table.h
Lennart Poettering [Mon, 12 Aug 2019 14:38:21 +0000 (16:38 +0200)]
pam-systemd: include PAM error code in all our log messages where that makes sense
Yu Watanabe [Tue, 19 Nov 2019 10:28:07 +0000 (19:28 +0900)]
NEWS: SendRawOption= -> SendOption=
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 21:21:37 +0000 (22:21 +0100)]
Merge pull request #14064 from yuwata/network-unify-send-option-and-send-raw-option
network: unify SendOption= and SendRawOption=
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 21:20:07 +0000 (22:20 +0100)]
Merge pull request #14030 from keszybz/path-no-trigger
Fix spurious triggering of PathExists=
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 21:18:33 +0000 (22:18 +0100)]
Merge pull request #14007 from keszybz/tasks-max-dynamic
Calculate fractional TasksMax= before actual use
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 18:47:50 +0000 (19:47 +0100)]
Rename "system-options" to "systemd-efi-options"
This makes the naming more consistent: we now have
bootctl systemd-efi-options,
$SYSTEMD_EFI_OPTIONS
and the SystemdOptions EFI variable.
(SystemdEFIOptions would be redundant, because it is only used in the context
of efivars, and users don't interact with that name directly.)
bootctl is adjusted to use 2sp indentation, similarly to systemctl and other
programs.
Remove the prefix with the old name from 'bootctl systemd-efi-options' output,
since it's redundant and we don't want the old name anyway.
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 18:44:54 +0000 (19:44 +0100)]
NEWS: fix antique typo
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 17:19:16 +0000 (18:19 +0100)]
bootctl: update --help text
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 17:15:44 +0000 (18:15 +0100)]
core/path: minor simplification
Yu Watanabe [Mon, 18 Nov 2019 15:03:35 +0000 (00:03 +0900)]
man: add entry about SpeedMeter=
Closes #14002.
Yu Watanabe [Mon, 18 Nov 2019 10:28:11 +0000 (19:28 +0900)]
udev: silence warning about PROGRAM+= or IMPORT+= rules
Closes #14062.
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 14:24:23 +0000 (15:24 +0100)]
man: add entry for systemd-id128 --uuid
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 15:41:13 +0000 (16:41 +0100)]
systemctl: whitespace optimization of --help
Move the explanation of options three columns to the right: then almost
all options fit and we do not need to break lines so often.
When a multi-line explanation precedes a section break, i.e. there is a
half-line on the right side, do not use an empty space. This saves a line,
and actually looks visually better because the text is still clearly
separated, but we don't get the big vertical white space.
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 08:57:24 +0000 (09:57 +0100)]
analyze: deprecate the commands moved to systemctl
This just removes the commands from --help and the man pages, everything works
as before.
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 09:14:57 +0000 (10:14 +0100)]
systemctl: add service-watchdogs command
The rationale is the same as for log-level/log-target: this controls the behaviour
of the manager, and belongs in systemctl.
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 08:55:43 +0000 (09:55 +0100)]
analyze: adjust the description of the default verb
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 08:39:50 +0000 (09:39 +0100)]
systemctl: add log-level and log-target commands
This copies the commands log-level and log-target (to query and set the current
settings) from systemd-analyze to systemctl, essentially reverting
a65615ca5d78be0dcd7d9c9b4a663fa75f758606. Controllling the log level settings
of the manager is basic functionality, that should be available even if
systemd-analyze (which is more of an analysis tool) is not installed. This is
like dmesg and journalctl, which should be available even if a debugger and
more advanced tools to analyze the kernel are not available. (Note that dmesg
is used to control the log level too, not just to browse the kernel logs.)
I chose to copy&paste the methods from analyze.c to the new location. There
isn't enough code to share, because acquire_bus() in both places has a
different signature despite the same name, so the only part that is common
is the invocation of sd_bus_set_property().
Yu Watanabe [Mon, 18 Nov 2019 09:47:16 +0000 (18:47 +0900)]
udevadm: ignore EROFS and return earlier
Fixes #14060.
Yu Watanabe [Mon, 18 Nov 2019 09:29:29 +0000 (18:29 +0900)]
network: unify config_parse_dhcp_server_option_data() and config_parse_dhcp_send_option()
Yu Watanabe [Mon, 18 Nov 2019 09:14:18 +0000 (18:14 +0900)]
dhcp: remove struct sd_dhcp_raw_option
sd_dhcp_raw_option and sd_dhcp_option are essentially equivalent.
Yu Watanabe [Mon, 18 Nov 2019 08:33:58 +0000 (17:33 +0900)]
network: rename SendRawOption= to SendOption=
As DHCPv4.SendOption= and DHCPServer.SendRawOption= take the same
format.
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 14:29:35 +0000 (15:29 +0100)]
Merge pull request #14040 from poettering/root-mount-deps
root mount dep fixes
Yu Watanabe [Sun, 17 Nov 2019 13:39:42 +0000 (22:39 +0900)]
network: add more error logs
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 14:19:43 +0000 (15:19 +0100)]
Merge pull request #14046 from poettering/id128-uuid
add "-u" switch to systemd-uuid for outputting ids in UUID format
Lennart Poettering [Fri, 15 Nov 2019 17:38:44 +0000 (18:38 +0100)]
tree-wide: clean up --help texts a bit
This cleans up and unifies the outut of --help texts a bit:
1. Highlight the human friendly description string, not the command
line via ANSI sequences. Previously both this description string and
the brief command line summary was marked with the same ANSI
highlight sequence, but given we auto-page to less and less does not
honour multi-line highlights only the command line summary was
affectively highlighted. Rationale: for highlighting the description
instead of the command line: the command line summary is relatively
boring, and mostly the same for out tools, the description on the
other hand is pregnant, important and captions the whole thing and
hence deserves highlighting.
2. Always suffix "Options" with ":" in the help text
3. Rename "Flags" → "Options" in one case
4. Move commands to the top in a few cases
5. add coloring to many more help pages
6. Unify on COMMAND instead of {COMMAND} in the command line summary.
Some tools did it one way, others the other way. I am not sure what
precisely {} is supposed to mean, that uppercasing doesn't, hence
let's simplify and stick to the {}-less syntax
And minor other tweaks.
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 13:20:05 +0000 (14:20 +0100)]
core/path: fix spurious triggering of PathExists= on restart/reload
Our handling of the condition was inconsistent. Normally, we'd only fire when
the file was created (or removed and subsequently created again). But on restarts,
we'd do a "recheck" from path_coldplug(), and if the file existed, we'd
always trigger. Daemon restarts and reloads should not be observeable, in
the sense that they should not trigger units which were already triggered and
would not be started again under normal circumstances.
Note that the mechanism for checks is racy: we get a notification from inotify,
and by the time we check, the file could have been created and removed again,
or removed and created again. It would be better if we inotify would give as
an unambiguous signal that the file was created, but it doesn't: IN_DELETE_SELF
triggers on inode removal, not directory entry, so we need to include IN_ATTRIB,
which obviously triggers on other conditions.
Fixes #12801.
Zbigniew Jędrzejewski-Szmek [Mon, 18 Nov 2019 13:13:05 +0000 (14:13 +0100)]
core/path: serialize the previous_exists state
Without that we are prone to generate spurious events after daemon
reload/restart.
Yu Watanabe [Mon, 18 Nov 2019 09:49:45 +0000 (18:49 +0900)]
Merge pull request #14056 from yuwata/dhcp-debug-logs
dhcp: add debug logs and propagate error in restarting client
Zbigniew Jędrzejewski-Szmek [Sun, 17 Nov 2019 18:17:38 +0000 (19:17 +0100)]
Merge pull request #14055 from yuwata/network-send-option-takes-type-field
network: make SendOption= also take type field
Serge [Sat, 16 Nov 2019 12:22:35 +0000 (15:22 +0300)]
sd-dhcp-client: anonymize DHCPDISCOVER (fixes #13992)
According to RFC7844 section 3 the DHCPDISCOVER message should not contain option 50 («Requested IP Address») when Anonymize is true
Yu Watanabe [Sun, 17 Nov 2019 14:57:50 +0000 (23:57 +0900)]
dhcp6: add debug logs
Yu Watanabe [Sun, 17 Nov 2019 14:52:46 +0000 (23:52 +0900)]
dhcp4: propagate error in restarting DHCPv4 client
Yu Watanabe [Sun, 17 Nov 2019 14:48:46 +0000 (23:48 +0900)]
dhcp4: add debug logs
Yu Watanabe [Sun, 17 Nov 2019 14:09:53 +0000 (23:09 +0900)]
network: make SendOption= also take type field
This makes SendOption= and SendRawOption= takes values in the same
format.
Yu Watanabe [Sun, 17 Nov 2019 13:59:58 +0000 (22:59 +0900)]
network: rename DHCPRawOption to DHCPOptionDataType
And moves the definition from networkd-dhcp-server.[ch] to networkd-dhcp-common.[ch].
Yu Watanabe [Sun, 17 Nov 2019 13:51:06 +0000 (22:51 +0900)]
network: fix logged error value
Yu Watanabe [Sun, 17 Nov 2019 13:45:38 +0000 (22:45 +0900)]
network: fix indentation
Tom Fitzhenry [Sat, 16 Nov 2019 15:04:18 +0000 (02:04 +1100)]
Error, rather than warn, if failing to start DHCP server
This would have made diagnosing https://github.com/systemd/systemd/issues/14050 easier.
Cyprien Laplace [Thu, 14 Nov 2019 14:42:14 +0000 (09:42 -0500)]
basic: add vmware hypervisor detection from device-tree
Allow ConditionVirtualization=vmware to work on ESXi on arm VMs
using device-tree.
Lennart Poettering [Fri, 15 Nov 2019 13:00:54 +0000 (14:00 +0100)]
mount: do not update exec deps on mountinfo changes
Fixes: #13978
Lennart Poettering [Fri, 15 Nov 2019 13:00:12 +0000 (14:00 +0100)]
mount: extend list of extrinsic mounts a bit
Lennart Poettering [Sat, 16 Nov 2019 12:49:01 +0000 (13:49 +0100)]
Merge pull request #14038 from keszybz/hwdb-update
hwdb update
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 13:16:06 +0000 (14:16 +0100)]
NEWS: more items
Also reorder some entries to restore the grouping by subject.
Lennart Poettering [Sat, 16 Nov 2019 12:48:25 +0000 (13:48 +0100)]
Merge pull request #14043 from poettering/shutdown-noswap-fix
shutdown: it's OK if /proc/swaps is missing
Lennart Poettering [Sat, 16 Nov 2019 12:47:59 +0000 (13:47 +0100)]
Merge pull request #14039 from keszybz/systemd-man
systemd(1) and journalctl(1) improvements
Lennart Poettering [Fri, 15 Nov 2019 13:23:53 +0000 (14:23 +0100)]
sd-bus: invalidate connection when Hello() fails
Fixes: #13969
Lennart Poettering [Fri, 15 Nov 2019 18:04:21 +0000 (19:04 +0100)]
id128: drop "MESSAGE_" prefix of pretty output
Using these IDs for message identication is one use case, but there are
others, hence let's drop the prefix, it only made sense to have while
the tool was part of journalctl.
Lennart Poettering [Fri, 15 Nov 2019 18:02:55 +0000 (19:02 +0100)]
id128: add new "-u" switch for outputting Ids in UUID format
For some unrelated stuff I wanted the machine ID in UUID format, and it
was annoying doing that manually. So let's add a switch for this, so
that this works:
systemd-id128 machine-id -u
Lennart Poettering [Fri, 15 Nov 2019 15:59:49 +0000 (16:59 +0100)]
Merge pull request #14037 from poettering/machinectl-pw-agent
spawn ask pw tty agent from "machinectl start"
Lennart Poettering [Fri, 15 Nov 2019 15:26:10 +0000 (16:26 +0100)]
Merge pull request #13940 from keur/protect_kernel_logs
Add ProtectKernelLogs to systemd.exec
Lennart Poettering [Fri, 15 Nov 2019 13:58:06 +0000 (14:58 +0100)]
umount: log on all errors
Lennart Poettering [Fri, 15 Nov 2019 13:57:27 +0000 (14:57 +0100)]
umount: be happy if /proc/swaps doesn't exist
Kernels work without swap just fine.
Fixes: #13993
Lennart Poettering [Fri, 15 Nov 2019 13:56:35 +0000 (14:56 +0100)]
shutdown: make logging more useful if NULL swap/mount table files are specified
Makes the error output seen in #13993 more readable.
Zbigniew Jędrzejewski-Szmek [Thu, 14 Nov 2019 14:23:05 +0000 (15:23 +0100)]
Remove path_compare_func() alias for path_compare()
Non sunt multiplicanda entia sine necessitate.
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 12:30:02 +0000 (13:30 +0100)]
man: significantly downgrade the Options section in systemd(1)
This structure of the man page originates from the time when systemd was
installed on top of sysvinit systems, and users had an actual chance to
interact with the systemd binary directly. Nowadays it is almost never called
directly, so let's properly explain this in the overview.
The Options section is moved down below the kernel command line, those options
are only needed in special circumstances. Let's refer the reader to the
description of the kernel command line options, and not duplicate the
descriptions (which makes the text longer than necessary and increases chances
for discrepancies).
Systemd is also prominently used as the user manager, let's mention that in the
Overview.
While at it, use "=" only when an argument is required as we nowadays do.
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 10:59:34 +0000 (11:59 +0100)]
man: share description of $SYSTEMD_COLORS in other tools
It was only described in systemd(1), making it hard to discover.
Fixes #13561.
The same for $SYSTEMD_URLIFY.
I think all the tools whose man pages include less-variables.xml support
those variables.
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 10:35:27 +0000 (11:35 +0100)]
hwdb: update
As before, the net change seems to be almost only additions, with some
minor removals that seems to be corrections of incomplete entries.
Zbigniew Jędrzejewski-Szmek [Fri, 15 Nov 2019 10:32:24 +0000 (11:32 +0100)]
meson: add target to update the chromiumos rules
There is no change in the file right now, but the download seems to work
OK.
It's funny that the biggest company in the world cannot provide a
download link in plain text.
Lennart Poettering [Fri, 15 Nov 2019 10:12:34 +0000 (11:12 +0100)]
machinectl: spawn ask password agent on "start"
We start units in the background, hence it is wise to also have the
ask pasword agent around.
Fixes: #13587
Lennart Poettering [Fri, 15 Nov 2019 10:11:52 +0000 (11:11 +0100)]
ask-password-agent: introduce ask_password_agent_open_if_enabled()
This makes the ask-password agent handling more alike the polkit agent
handling again, and introduces ask_password_agent_open_if_enabled() that
works just like the already existing polkit_agent_open_if_enabled().
Lennart Poettering [Fri, 15 Nov 2019 10:11:10 +0000 (11:11 +0100)]
polkit-agent: don't use an inline function
This is long enough to just be a regular function, and is never called
in inner loops, let's hence just make this a plain function.
Torsten Hilbrich [Tue, 12 Nov 2019 07:36:06 +0000 (08:36 +0100)]
nspawn: Allow Capability= to overrule private network setting
The commit:
a3fc6b55ac nspawn: mask out CAP_NET_ADMIN again if settings file turns off private networking
turned off the CAP_NET_ADMIN capability whenever no private networking
feature was enabled. This broke configurations where the CAP_NET_ADMIN
capability was explicitly requested in the configuration.
Changing the order of evalution here to allow the Capability= setting
to overrule this implicit setting:
Order of evaluation:
1. if no private network setting is enabled, CAP_NET_ADMIN is removed
2. if a private network setting is enabled, CAP_NET_ADMIN is added
3. the settings of Capability= are added
4. the settings of DropCapability= are removed
This allows the fix for #11755 to be retained and to still allow the
admin to specify CAP_NET_ADMIN as additional capability.
Fixes:
a3fc6b55acd3f37e50915304d87bed100efa9d9d
Fixes: #13995
Kevin Kuehler [Thu, 14 Nov 2019 01:37:05 +0000 (17:37 -0800)]
systemd-analyze: Add ProtectKernelLogs to security
Kevin Kuehler [Thu, 14 Nov 2019 00:56:23 +0000 (16:56 -0800)]
units: set ProtectKernelLogs=yes on relevant units
We set ProtectKernelLogs=yes on all long running services except for
udevd, since it accesses /dev/kmsg, and journald, since it calls syslog
and accesses /dev/kmsg.
Kevin Kuehler [Thu, 14 Nov 2019 00:38:33 +0000 (16:38 -0800)]
test-namespace: Add test for ProtectKernelLogs=
Zbigniew Jędrzejewski-Szmek [Thu, 14 Nov 2019 13:28:05 +0000 (14:28 +0100)]
core: do not propagate polkit error to caller
If we fail to start polkit, we get a message like
"org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer.",
which has no meaning for the caller of our StartUnit method. Let's just
return -EACCES.
$ systemctl start apache
Failed to start apache.service: Could not activate remote peer. (before)
Failed to start apache.service: Access denied (after)
Fixes #13865.