Commit Graph

54455 Commits

Author SHA1 Message Date
Lennart Poettering
2867cb392a filesystems: slightly update common block device groups 2021-11-15 22:43:03 +01:00
Lennart Poettering
73e7576e3b filesystems: add two new filesystem groups
1. @anonymous → for file systems that aren't real file systems but
   simply the backing for sockets, pipes and other "anonymous" fds.

2. @security → for the various MAC security file systems.
2021-11-15 22:43:03 +01:00
Lennart Poettering
c79aaff9d5 test-json: add test that makes sure floats are somewhat reasonably implemented
Test that we don't loose accuracy without bounds for extreme values, and
validate that nan/inf/-inf actually get converted to null properly.
2021-11-15 22:24:49 +01:00
Lennart Poettering
394ac84df9 meson: drop -ffast-math
After reading https://simonbyrne.github.io/notes/fastmath/ I think we
should drop -ffast-math. The JSON code actually looks for NaN, so the
fact it becomes unreliable kinda sucks.

Moreover, we don't do any number crunching. We use floating point fields
only sporadical for trivial math. Hence the optimization is entirely
unnecessary.
2021-11-15 22:24:33 +01:00
Evgeny Vereshchagin
e6ace91eb7 ci: pin mkosi to SHAs as well 2021-11-15 20:52:51 +00:00
dependabot[bot]
f356ad7cf8 build(deps): bump github/super-linter from 4.8.1 to 4.8.3
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.8.1 to 4.8.3.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](fd9c4286d3...7d5dc989c5)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-15 18:20:56 +00:00
Yu Watanabe
6706ce2fd2 network: make IgnoreCarrierLoss= also take timespan
Fixes #18738 and #20887.

Replaces #18746.
2021-11-16 02:04:59 +09:00
Lennart Poettering
a71a0693cd homework: rework how we disassemble a home dir in home_deactivate()
Let's first move the home dir to a new mount point that is only visible
in our own private namespace. Then, do FITRIM and stuff there, so that
we know the regular userspace can't interfere with that, and we know
that the home fs is not used anymore.

(This will become even more important once we add auto-grow/auto-shrink
for home dirs)
2021-11-15 17:56:35 +01:00
Slava Bacherikov
af493fb742 network: Add SuppressInterfaceGroup= into routing policy
This adds SuppressInterfaceGroup= option in the [RoutingPolicyRule] section
which has the same semantics as suppress_ifgroup in `ip rule` command.
2021-11-16 01:54:07 +09:00
Slava Bacherikov
10af8bb24b network: change link group type to int32
Both linux kernel kernel and iproute2 uses int32 type for a link group
attribute and -1 has a special meaning, so setting it to 4294967295
would make it -1 in the linux kernel (and ip link cmd).
2021-11-16 01:53:46 +09:00
Luca Boccassi
e2f8c1124d Merge pull request #21277 from yuwata/permanent-hw-addr
network, udev: several improvement of permanent hardware address handling
2021-11-15 10:57:30 +00:00
Taiki Sugawara
095eaf7130 hwdb: Add Kensington Expert Mouse Wireless Trackball 2021-11-15 08:17:51 +09:00
Yu Watanabe
26591ffffd resolve: do not clear DNS servers or friends on link which is not managed by networkd
When networkd detects an unmanaged link, then the state is changed in
the following order:
pending -> initialized -> unmanaged

The "initialized" state was added by bd08ce5615.
2021-11-15 08:17:34 +09:00
Yu Watanabe
51f6c93d21 Merge pull request #21359 from yuwata/network-split-route
network: log route or nexthop flags
2021-11-15 08:17:07 +09:00
Yu Watanabe
bae62bee43 Merge pull request #21346 from yuwata/network-token-prefixstable
network: extend Token=prefixstable setting
2021-11-15 08:16:48 +09:00
Evgeny Vereshchagin
6f593f7226 Merge pull request #21366 from evverx/ci-follow-ups-3
ci: LGPLv2+ify dependapot config and codeql action and tighten codeql and labeler even more
2021-11-15 00:02:21 +03:00
Evgeny Vereshchagin
510afa460a ci: tighten codeql and labeler even more
by moving the read permissions to the top level and
granting additional permissions to the specific jobs.
It should help to prevent new jobs that could be added
there eventually from having write access to resources they
most likely would never need.
2021-11-14 10:51:07 +00:00
Evgeny Vereshchagin
e44a47d186 ci: pin the codeql action to SHAs
It's a follow-up to https://github.com/systemd/systemd/pull/21316.

Judging by https://github.com/evverx/systemd/pull/36, Dependabot
supports their release cycle
2021-11-14 10:42:04 +00:00
Evgeny Vereshchagin
e7a966915d ci: mimic the "restricted" mode
Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
it should be enough to grant the "read contents" permission to
most of our actions. The "read metadata" permission is set impliciclty
somewhere and can't be set via the "permissions" setting:
```
The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata'
```
2021-11-14 10:41:06 +00:00
Evgeny Vereshchagin
b3a1fb795a ci: LGPLv2+ify dependapot config and codeql action 2021-11-14 09:48:22 +00:00
Yu Watanabe
b07d8145e1 network: include route or nexthop flags in the debug logs 2021-11-14 14:41:37 +09:00
Yu Watanabe
18b23bd493 network: introduce route_flags_to_string_alloc() 2021-11-14 14:41:37 +09:00
Yu Watanabe
344b3cff36 network: split networkd-route.[ch] 2021-11-14 14:41:37 +09:00
Yu Watanabe
10b1c3cd24 Merge pull request #21355 from bluca/coverity
Coverity and CodeQL fixes
2021-11-14 14:18:08 +09:00
Zbigniew Jędrzejewski-Szmek
b1bcda702c meson: drop mode setting on systemd-update-helper
With a6d1760024, this shouldn't be
necessary anymore.
2021-11-14 13:54:47 +09:00
Jan Janssen
4cf8a6092e meson: Use fs module
Turns out that meson provides a fs module since 0.53.0, making it unnecessary
to call out to test.
2021-11-14 13:54:27 +09:00
Zbigniew Jędrzejewski-Szmek
4728625490 seccomp: move mprotect to @default
With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early
init with a restrictive syscall filter that does not include @system-service.
I think this is caused by 2dd87703d4386f2776c5b5f375a494c91d7f9fe4:

Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 10 10:31:41 2021 +0200

    nptl: Move changing of stack permissions into ld.so

    All the stack lists are now in _rtld_global, so it is possible
    to change stack permissions directly from there, instead of
    calling into libpthread to do the change.

It seems that this call will now be very widely used, so let's just move it to
default to avoid too many failures.
2021-11-14 13:53:50 +09:00
Yu Watanabe
7a2e124b08 test-network: add testcases for Token=prefixstable with UUID 2021-11-14 13:29:44 +09:00
Yu Watanabe
f2a3a133ec network: make Token=prefixstable optionally take secret key
Closes #21345.
2021-11-14 13:29:40 +09:00
Yu Watanabe
b7ac128430 network: do not recall link_handle_bound_by_list() or so when the interface is reconfigured 2021-11-14 11:52:49 +09:00
Yu Watanabe
52c3bc708f event-util: introduce event_reset_time_relative() 2021-11-14 10:32:06 +09:00
Yu Watanabe
c463ae74ae man: fix indentation
Also use variablelist tag for listing Token= options.
2021-11-14 10:30:33 +09:00
Luca Boccassi
b798490f77 test-strxcpyx: check result of snprintf 2021-11-14 01:28:42 +00:00
Evgeny Vereshchagin
311956ccd9 ci: tighten several GHActions a bit more
with https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions
2021-11-13 22:17:21 +03:00
Luca Boccassi
0a040e6419 sd-event: one more assert when turning off an event source
CID#1465866
2021-11-13 19:12:11 +00:00
Luca Boccassi
25bb459e39 journal-remote: more handling of sd_event_source_set_enabled failures
But avoid clobbering the return value if it works

CID#1465793
CID#1465794
2021-11-13 19:11:55 +00:00
Luca Boccassi
76a7c636a9 Merge pull request #21341 from yuwata/network-route-flags
network: manage route and nexthop flags
2021-11-13 18:43:50 +00:00
dependabot[bot]
5ae4964028 build(deps): bump actions/checkout from 2 to 2.4.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...ec3a7ce113134d7a93b817d10a8272cb61118579)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-13 16:45:32 +03:00
Frantisek Sumsal
66a41360b4 Merge pull request #21342 from evverx/dependabot-error
ci: try to fix a Dependabot error
2021-11-13 09:35:51 +00:00
Lennart Poettering
a4e27f051a Merge pull request #21337 from poettering/uid-alloc-range-split
split out UID allocation range stuff from user-record.c/h (i.e. login.defs parsing)
2021-11-13 08:13:44 +01:00
Lennart Poettering
b4d4596ffb test: rename test-user-record → test-uid-alloc-range
It doesn't actually test any of the JSON stuff, hence name it
test-uid-alloc-range, since it tests the stuff from uid-alloc-range.
2021-11-13 08:10:13 +01:00
Lennart Poettering
0fa90f7e04 uid-alloc-range: maintain only a single default alloc range structure
Either way we need these four values, let's simplify the code by keeping
only one const struct of this around.
2021-11-13 08:10:13 +01:00
Lennart Poettering
b085d22406 shared: split out UID allocation range stuff from user-record.h
user-record.[ch] are about the UserRecord JSON stuff, and the UID
allocation range stuff (i.e. login.defs handling) is a very different
thing, and complex enough on its own, let's give it its own c/h files.

No code changes, just some splitting out of code.
2021-11-13 08:10:11 +01:00
Lennart Poettering
bb562024a5 homework: sync dir after moving file in, not before 2021-11-13 08:05:02 +01:00
Lennart Poettering
1ca5a6c76e Merge pull request #21333 from poettering/homed-report-fs-and-access-mode
homed: report actual home dir access mode and fs type in effect
2021-11-13 08:04:33 +01:00
Lennart Poettering
b1beb00406 Merge pull request #21331 from poettering/luks-extra-mount-options
homed: allow per-user additional LUKS mount options
2021-11-13 08:03:55 +01:00
Jan Janssen
9cc6154608 test: Create convenience macros to declare tests 2021-11-13 09:20:24 +09:00
Frantisek Sumsal
c76a838589 ci: run the unit_tests and mkosi jobs on stable branches as well
To provide more coverage for the systemd-stable repo.

See: https://github.com/systemd/systemd-stable/issues/24
2021-11-13 09:09:54 +09:00
Yu Watanabe
1de88f3048 udev/net: read hardware address from netlink message 2021-11-13 08:53:33 +09:00
Yu Watanabe
49c351a8ac networkctl: read permanent hardware address from netlink message 2021-11-13 08:53:33 +09:00