Age | Commit message (Collapse) | Author |
|
Kernel default mode is 0600, but distributions change it to group kvm, mode
either 0660 (e.g. Debian) or 0666 (e.g. Fedora). Both approaches have valid
reasons (a stricter mode limits exposure to bugs in the kvm subsystem, a looser
mode makes libvirt and other virtualization mechanisms work out of the box for
unprivileged users over ssh).
In Fedora the qemu package carries the relevant rule, but it's nicer to have it
in systemd, so that the permissions are not dependent on the qemu package being
installed. Use of packaged qemu binaries is not required to make use of
/dev/kvm, e.g. it's possible to use a self-compiled qemu or some alternative.
https://bugzilla.redhat.com/show_bug.cgi?id=1431876
To accomodate both approaches, add a rule to set the mode in 50-udev-default.rules,
but allow the mode to be overridden with a --with-dev-kvm-mode configure rule.
The default is 0660, as the (slightly) more secure option.
|
|
Newer versions of libinput need this to recognise it as an input device.
https://bugs.freedesktop.org/show_bug.cgi?id=99664
|
|
Very few parts of the systemd source require <math.h> or "libm.so".
Linking libbasic with -lm drags the mathematical library in for all
systemd components, and in turn for all users of systemd libraries.
It's just unneeded.
|
|
The emergency.service and rescue.service units have become rather
convoluted. We spawn multiple shells and the help text spans multiple lines
which makes the units hard to read.
Move the logic into a single shell script and call that via ExecStart.
|
|
|
|
|
|
resolved: do not start LLMNR or mDNS stack when no network enables them
|
|
Previously, `SO_REUSEADDR` is set before `bind`-ing socket, Thus,
even if another LLMNR stack is running, `bind` always success and
we cannot detect the other stack. By this commit, we first try to
`bind` without `SO_REUSEADDR`, and if it fails, show warning and
retry with `SO_REUSEADDR`.
|
|
|
|
Previously, `SO_REUSEADDR` is set before `bind`-ing socket, Thus,
even if another mDNS stack (e.g. avahi) is running, `bind` always
success and we cannot detect the other stack.
By this commit, we first try to `bind` without `SO_REUSEADDR`,
and if it fails, show warning and retry with `SO_REUSEADDR`.
|
|
When no network enables LLMNR or mDNS, it is not necessary to create
LLMNR or mDNS related sockets. So, let's create them only when
LLMNR- or mDNS-enabled network becomes active or at least one network
enables `LLMNR=` or `MulticastDNS=` options.
|
|
Follow up for #5528.
|
|
Per man:file-hierarchy(7), /lib is just a compatibility symlink; the
other manpages also refer to /usr/lib.
Found with:
git grep -P '(?<!/usr|/var|local)/lib' man/
|
|
|
|
|
|
|
|
(#5528)
Ideally, plymouth should only be referenced via dependencies,
not ExecStartPre's. This at least avoids the confusing error message
on minimal installations that do not carry plymouth.
|
|
|
|
failed (#5548)
If we are working on a path that was marked to be ignored on errors, and
the mkdirat() fails then add a continue statement and skip fchownat() call.
This avoids the case where UID/GID are valid and we run fchownat() on
non existent path which will fail hard even on paths that we want to
ignore in case of errors.
|
|
check for _GNU_SOURCE as well as sd_event_child_handler_t needs to be
defined correctly while compiling systemd
|
|
|
|
|
|
linux/sockios.h is needed for the SIOCGSTAMPNS macro
xlocale.h is included indirectly in glibc and doesn't even exist in
other libcs
|
|
--with-rpmmacrosdir=no disables installation of the macros.
|
|
https://github.com/systemd/systemd/blob/f97b34a6/src/login/pam_systemd.c#L439
|
|
addresses (#5587)
This is in spirit very similar to commit
4b2419165ce409ee55ce96a926302f89685f2293.
Fixes: #5581
|
|
When mmap is called, the code in correctly checks for p == MAP_FAILED.
But the resource cleanup at the end of busname_peek_message checks for
p == NULL, and if that's not true, munmap is called.
Therefore in error case, munmap is called with a MAP_FAILED argument
which can result in unexpected behaviour depending on sz's value.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
It is possible to overflow uint64_t while validating the header of
a journal file. To prevent this, the addition itself is checked to
be within the limits of UINT64_MAX first.
To keep this readable, I have introduced two stack variables which
hold the converted values during validation.
|
|
Tarball generation tweaks
|
|
That macro is a gcc extension, and while widely supported, not ubiquitous.
In particular the coverity scanner is having trouble with it.
|
|
|
|
|
|
|
|
git is nowadays nice enough to compress based on the output file suffix,
let's make use of that.
|
|
|
|
|
|
Missed in b698b5c.
|
|
hwdb: Add property for keyboards without LEDs
|
|
It is useful for desktop environments to be able to show Caps-Lock or
Num-Lock status changes as an on-screen display when using a keyboard
that doesn't have LEDs for this.
Closes: #5559
|
|
Split up the device matching explanation, and add documentation for
the fixed layout quirk.
|
|
The legacy *.pkla files are not required when running against polkit ≥ 106,
and we want to avoid shipping files in /var if possible (but pkla files
can only be in /etc/ or /var).
Only install the *.pkla files if we detect an old polkit version during
configure. Don't install them if polkit isn't installed during build, as
distributions other than Debian-based ones have moved to the new polkit
long ago.
Fixes #5523
|
|
|
|
|
|
We *do* have the occasional security issue, where it would be nice to have
non-public disclosure and time to fix the issue before it's fully public. Our
github infrastracture does not make it easy to report vulnerabilities in
confidential manner, so let's leverage the distro mechanisms for that. I
think we're better off with this solution than leaving it up to individual
reporters to discover some mechanism on their own.
|
|
(#5539)
Not all bluetooth devices come through the bluetooth subsystem and those that
don't currently lack the ID_BUS=bluetooth env. This again fails to apply udev
rules and/or hwdb entries that rely on the bluetooth bustype to be set.
Fix this by checking the attribute id/bustype on the device instead of just
the subsystem.
Fixes #4566
|
|
|
|
Commit 59f448cf replaced usage of off_t with uint64_t. Change the
format string to use PRIu64 to match it.
|
|
coredump: fix handling of premature-eof for --backtrace
|
|
We'd fail with an assert in journal_importer_process_data(),
because that function requires the caller to handle EOF themselves.
|
|
test: skip instead of fail if crypto kmods are not available
|