summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS21
-rw-r--r--hwdb/70-mouse.hwdb22
-rwxr-xr-xhwdb/parse_hwdb.py2
-rw-r--r--src/network/networkd-link-bus.c131
-rw-r--r--src/network/networkd-link.h5
-rw-r--r--src/network/networkd-manager.c8
-rw-r--r--src/nspawn/nspawn.c2
-rw-r--r--src/shared/install-printf.c57
-rw-r--r--src/sysusers/sysusers.c3
9 files changed, 87 insertions, 164 deletions
diff --git a/NEWS b/NEWS
index 4924d7c4b6..6378e596f6 100644
--- a/NEWS
+++ b/NEWS
@@ -5,16 +5,19 @@ CHANGES WITH 232 in spe
* The new RemoveIPC= option can be used to remove IPC objects owned by
the user or group of a service when that service exits.
+ * The new ProtectKernelModules= option can be used to disable explicit
+ load and unload operations of kernel modules by a service.
+
* ProtectSystem= option gained a new value "strict", which causes the
whole file system tree with the exception of /dev, /proc, and /sys,
to be remounted read-only for a service.
- The new ProtectedKernelTunables= options can be used to disable
+ * The new ProtectedKernelTunables= option can be used to disable
modification of configuration files in /sys and /proc by a service.
Various directories and files are remounted read-only, so access is
restricted even if the file permissions would allow it.
- The new ProtectControlGroups= option can be used to disable write
+ * The new ProtectControlGroups= option can be used to disable write
access by a service to /sys/fs/cgroup.
* Various systemd services have been hardened with
@@ -569,13 +572,13 @@ CHANGES WITH 230:
of the owners and the ACLs of all files and directories in a
container tree to match the UID/GID user namespacing range selected
for the container invocation. This mode is enabled via the new
- --private-user-chown switch. It also gained support for automatically
- choosing a free, previously unused UID/GID range when starting a
- container, via the new --private-users=pick setting (which implies
- --private-user-chown). Together, these options for the first time
- make user namespacing for nspawn containers fully automatic and thus
- deployable. The systemd-nspawn@.service template unit file has been
- changed to use this functionality by default.
+ --private-users-chown switch. It also gained support for
+ automatically choosing a free, previously unused UID/GID range when
+ starting a container, via the new --private-users=pick setting (which
+ implies --private-users-chown). Together, these options for the first
+ time make user namespacing for nspawn containers fully automatic and
+ thus deployable. The systemd-nspawn@.service template unit file has
+ been changed to use this functionality by default.
* systemd-nspawn gained a new --network-zone= switch, that allows
creating ad-hoc virtual Ethernet links between multiple containers,
diff --git a/hwdb/70-mouse.hwdb b/hwdb/70-mouse.hwdb
index 56e36af0e5..bf3d134c46 100644
--- a/hwdb/70-mouse.hwdb
+++ b/hwdb/70-mouse.hwdb
@@ -48,6 +48,8 @@
# MOUSE_DPI
# MOUSE_WHEEL_CLICK_ANGLE
# MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL
+# MOUSE_WHEEL_CLICK_COUNT
+# MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL
#
#########################################
# ID_INPUT_TRACKBALL #
@@ -104,6 +106,9 @@
# MOUSE_WHEEL_CLICK_ANGLE=<degrees>
#
# Most mice have a 15 degree click stop (24 clicks per full rotation).
+# For backwards-compatibility, the click angle must be an integer.
+# Where a device has non-integer click angles, the MOUSE_WHEEL_CLICK_COUNT
+# property should also be specified.
#
#########################################
# MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL #
@@ -113,6 +118,21 @@
# This property may only be specified if the angle for the horizontal
# scroll wheel differs from the vertical wheel. If so, *both* click angles
# must be specified.
+#
+#########################################
+# MOUSE_WHEEL_CLICK_COUNT #
+# MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL #
+#########################################
+#
+# The number of clicks the wheel sends per 360 degree rotation. This
+# property should only be used where the click angle is not an integer.
+# For backwards compatibility it must be specified in addition to
+# MOUSE_WHEEL_CLICK_ANGLE.
+# Clients should prefer MOUSE_WHEEL_CLICK_COUNT where available, it is more
+# precise than MOUSE_WHEEL_CLICK_ANGLE.
+#
+# MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL works the same way but also follows the
+# rules of MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL.
#
# Sort by brand, type (usb, bluetooth), DPI, frequency.
@@ -361,6 +381,8 @@ mouse:usb:v046dp4041:name:Logitech MX Master:
MOUSE_DPI=1000@166
MOUSE_WHEEL_CLICK_ANGLE=15
MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL=26
+ MOUSE_WHEEL_CLICK_COUNT=24
+ MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL=14
# Logitech MK260 Wireless Combo Receiver aka M-R0011
mouse:usb:v046dpc52e:name:Logitech USB Receiver:
diff --git a/hwdb/parse_hwdb.py b/hwdb/parse_hwdb.py
index e163edbc51..2540c8c2f6 100755
--- a/hwdb/parse_hwdb.py
+++ b/hwdb/parse_hwdb.py
@@ -91,6 +91,8 @@ def property_grammar():
props = (('MOUSE_DPI', Group(OneOrMore(setting('SETTINGS*')))),
('MOUSE_WHEEL_CLICK_ANGLE', INTEGER),
('MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL', INTEGER),
+ ('MOUSE_WHEEL_CLICK_COUNT', INTEGER),
+ ('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', INTEGER),
('ID_INPUT_TRACKBALL', Literal('1')),
('POINTINGSTICK_SENSITIVITY', INTEGER),
('POINTINGSTICK_CONST_ACCEL', REAL),
diff --git a/src/network/networkd-link-bus.c b/src/network/networkd-link-bus.c
index 10ec08351a..532557ed6c 100644
--- a/src/network/networkd-link-bus.c
+++ b/src/network/networkd-link-bus.c
@@ -23,7 +23,6 @@
#include "networkd.h"
#include "parse-util.h"
#include "strv.h"
-#include "dhcp-lease-internal.h"
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_operational_state, link_operstate, LinkOperationalState);
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_administrative_state, link_state, LinkState);
@@ -37,50 +36,6 @@ const sd_bus_vtable link_vtable[] = {
SD_BUS_VTABLE_END
};
-static int get_private_options(sd_bus *bus,
- const char *path,
- const char *interface,
- const char *property,
- sd_bus_message *reply,
- void *userdata,
- sd_bus_error *error) {
- sd_dhcp_lease *lease = userdata;
- struct sd_dhcp_raw_option *option = NULL;
- int r;
-
- assert(bus);
- assert(reply);
- assert(lease);
-
- r = sd_bus_message_open_container(reply, SD_BUS_TYPE_ARRAY, "{yay}");
- if (r < 0)
- return r;
-
- LIST_FOREACH(options, option, lease->private_options) {
- r = sd_bus_message_open_container(reply, SD_BUS_TYPE_DICT_ENTRY, "yay");
- if (r < 0)
- return r;
- r = sd_bus_message_append(reply, "y", option->tag);
- if (r < 0)
- return r;
- r = sd_bus_message_append_array(reply, 'y', option->data, option->length);
- if (r < 0)
- return r;
- r = sd_bus_message_close_container(reply);
- if (r < 0)
- return r;
- }
- return sd_bus_message_close_container(reply);
-}
-
-const sd_bus_vtable lease_vtable[] = {
- SD_BUS_VTABLE_START(0),
-
- SD_BUS_PROPERTY("PrivateOptions", "a{yay}", get_private_options, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-
- SD_BUS_VTABLE_END
-};
-
static char *link_bus_path(Link *link) {
_cleanup_free_ char *ifindex = NULL;
char *p;
@@ -99,24 +54,6 @@ static char *link_bus_path(Link *link) {
return p;
}
-static char *lease_bus_path(Link *link) {
- _cleanup_free_ char *p = NULL;
- char *ret = NULL;
- int r;
-
- assert(link);
-
- p = link_bus_path(link);
- if (!p)
- return NULL;
-
- r = sd_bus_path_encode(p, "lease", &ret);
- if (r < 0)
- return NULL;
-
- return ret;
-}
-
int link_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
_cleanup_strv_free_ char **l = NULL;
Manager *m = userdata;
@@ -150,42 +87,6 @@ int link_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***
return 1;
}
-int lease_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
- _cleanup_strv_free_ char **l = NULL;
- Manager *m = userdata;
- unsigned c = 0;
- Link *link;
- Iterator i;
-
- assert(bus);
- assert(path);
- assert(m);
- assert(nodes);
-
- l = new0(char*, hashmap_size(m->links) + 1);
- if (!l)
- return -ENOMEM;
-
- HASHMAP_FOREACH(link, m->links, i) {
- char *p;
-
- if (!link->dhcp_lease)
- continue;
-
- p = lease_bus_path(link);
- if (!p)
- return -ENOMEM;
-
- l[c++] = p;
- }
-
- l[c] = NULL;
- *nodes = l;
- l = NULL;
-
- return 1;
-}
-
int link_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
_cleanup_free_ char *identifier = NULL;
Manager *m = userdata;
@@ -215,38 +116,6 @@ int link_object_find(sd_bus *bus, const char *path, const char *interface, void
return 1;
}
-int lease_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
- _cleanup_free_ char *identifier = NULL;
- Manager *m = userdata;
- Link *link;
- int ifindex, r;
-
- assert(bus);
- assert(path);
- assert(interface);
- assert(m);
- assert(found);
-
- r = sd_bus_path_decode_many(path, "/org/freedesktop/network1/link/%/lease", &identifier);
- if (r <= 0)
- return 0;
-
- r = parse_ifindex(identifier, &ifindex);
- if (r < 0)
- return 0;
-
- r = link_get(m, ifindex, &link);
- if (r < 0)
- return 0;
-
- if (!link->dhcp_lease)
- return 0;
-
- *found = link->dhcp_lease;
-
- return 1;
-}
-
int link_send_changed(Link *link, const char *property, ...) {
_cleanup_free_ char *p = NULL;
char **l;
diff --git a/src/network/networkd-link.h b/src/network/networkd-link.h
index 1178999bb4..77f72d070e 100644
--- a/src/network/networkd-link.h
+++ b/src/network/networkd-link.h
@@ -179,11 +179,6 @@ int link_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***
int link_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
int link_send_changed(Link *link, const char *property, ...) _sentinel_;
-extern const sd_bus_vtable lease_vtable[];
-
-int lease_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
-int lease_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
-
DEFINE_TRIVIAL_CLEANUP_FUNC(Link*, link_unref);
#define _cleanup_link_unref_ _cleanup_(link_unrefp)
diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index 0ad34e0cc2..9174dcc7f4 100644
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -176,14 +176,6 @@ int manager_connect_bus(Manager *m) {
if (r < 0)
return log_error_errno(r, "Failed to add link enumerator: %m");
- r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/network1/link", "org.freedesktop.network1.Link.Lease", lease_vtable, lease_object_find, m);
- if (r < 0)
- return log_error_errno(r, "Failed to add lease object vtable: %m");
-
- r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/network1/link", lease_node_enumerator, m);
- if (r < 0)
- return log_error_errno(r, "Failed to add lease enumerator: %m");
-
r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/network1/network", "org.freedesktop.network1.Network", network_vtable, network_object_find, m);
if (r < 0)
return log_error_errno(r, "Failed to add network object vtable: %m");
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 14af51fc0e..2cbe563953 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -219,7 +219,7 @@ static void help(void) {
" -U --private-users=pick Run within user namespace, autoselect UID/GID range\n"
" --private-users[=UIDBASE[:NUIDS]]\n"
" Similar, but with user configured UID/GID range\n"
- " --private-user-chown Adjust OS tree ownership to private UID/GID range\n"
+ " --private-users-chown Adjust OS tree ownership to private UID/GID range\n"
" --private-network Disable network in container\n"
" --network-interface=INTERFACE\n"
" Assign an existing network interface to the\n"
diff --git a/src/shared/install-printf.c b/src/shared/install-printf.c
index 88143361da..cbdf66827f 100644
--- a/src/shared/install-printf.c
+++ b/src/shared/install-printf.c
@@ -27,19 +27,54 @@
#include "install.h"
#include "macro.h"
#include "specifier.h"
+#include "string-util.h"
#include "unit-name.h"
#include "user-util.h"
static int specifier_prefix_and_instance(char specifier, void *data, void *userdata, char **ret) {
- UnitFileInstallInfo *i = userdata;
+ const UnitFileInstallInfo *i = userdata;
+ _cleanup_free_ char *prefix = NULL;
+ int r;
assert(i);
- return unit_name_to_prefix_and_instance(i->name, ret);
+ r = unit_name_to_prefix_and_instance(i->name, &prefix);
+ if (r < 0)
+ return r;
+
+ if (endswith(prefix, "@") && i->default_instance) {
+ char *ans;
+
+ ans = strjoin(prefix, i->default_instance, NULL);
+ if (!ans)
+ return -ENOMEM;
+ *ret = ans;
+ } else {
+ *ret = prefix;
+ prefix = NULL;
+ }
+
+ return 0;
+}
+
+static int specifier_name(char specifier, void *data, void *userdata, char **ret) {
+ const UnitFileInstallInfo *i = userdata;
+ char *ans;
+
+ assert(i);
+
+ if (unit_name_is_valid(i->name, UNIT_NAME_TEMPLATE) && i->default_instance)
+ return unit_name_replace_instance(i->name, i->default_instance, ret);
+
+ ans = strdup(i->name);
+ if (!ans)
+ return -ENOMEM;
+ *ret = ans;
+ return 0;
}
static int specifier_prefix(char specifier, void *data, void *userdata, char **ret) {
- UnitFileInstallInfo *i = userdata;
+ const UnitFileInstallInfo *i = userdata;
assert(i);
@@ -47,7 +82,7 @@ static int specifier_prefix(char specifier, void *data, void *userdata, char **r
}
static int specifier_instance(char specifier, void *data, void *userdata, char **ret) {
- UnitFileInstallInfo *i = userdata;
+ const UnitFileInstallInfo *i = userdata;
char *instance;
int r;
@@ -57,8 +92,8 @@ static int specifier_instance(char specifier, void *data, void *userdata, char *
if (r < 0)
return r;
- if (!instance) {
- instance = strdup("");
+ if (isempty(instance)) {
+ instance = strdup(i->default_instance ?: "");
if (!instance)
return -ENOMEM;
}
@@ -73,9 +108,13 @@ static int specifier_user_name(char specifier, void *data, void *userdata, char
/* If we are UID 0 (root), this will not result in NSS,
* otherwise it might. This is good, as we want to be able to
* run this in PID 1, where our user ID is 0, but where NSS
- * lookups are not allowed. */
+ * lookups are not allowed.
+
+ * We don't user getusername_malloc() here, because we don't want to look
+ * at $USER, to remain consistent with specifer_user_id() below.
+ */
- t = getusername_malloc();
+ t = uid_to_name(getuid());
if (!t)
return -ENOMEM;
@@ -110,7 +149,7 @@ int install_full_printf(UnitFileInstallInfo *i, const char *format, char **ret)
*/
const Specifier table[] = {
- { 'n', specifier_string, i->name },
+ { 'n', specifier_name, NULL },
{ 'N', specifier_prefix_and_instance, NULL },
{ 'p', specifier_prefix, NULL },
{ 'i', specifier_instance, NULL },
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 655f41c610..0684f58fcd 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -190,7 +190,8 @@ static int load_group_database(void) {
static int make_backup(const char *target, const char *x) {
_cleanup_close_ int src = -1;
_cleanup_fclose_ FILE *dst = NULL;
- char *backup, *temp;
+ _cleanup_free_ char *temp = NULL;
+ char *backup;
struct timespec ts[2];
struct stat st;
int r;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-01-11 17:41:58 +0000