We allow omission of the part before and the part after the @. But so
far we didn't allow omitting both. There's no real reason for
disallowing that, hence be systematic and allow it.
Let's be compatible with sd-bus' logic to talk to machine, and support
the usual user@host syntax. We only want the host part, hence chop if
off before passing it to OpenMachinePTY().
Fixes: #32997
The method call already does a PK check, it was just forgotten to
allowlist this in the dbus policy. And in the dbus vtable for
OpenMachinePTY() call. (It was allowlisted in the per-machine
vtable…)
Anyway, clean this up.
Explain what we mean by "payload", and for which RR types this is
intended.
And don#t claim we'd output a full packet, because we don't. We output
only the RR in binary.
Fixes: #37737
Let's also show A/AAAA data in binary form if --raw=payload is used. For
these RR types there's only a single data field, hence it's obbviously
meant.
Inspired by: #37737
blkid, libmount and openssl are not used in src/basic or src/libsystemd,
and so shouldn't be required as deps of libsystemd static, so let's drop
them.
Razer has partnered with Loupedeck to develop some devices.
Add support for the following devices:
- Loupedeck CT
- Loupedeck Live
- Loupedeck Live S
- Razer Stream Controller
- Razer Stream Controller X
We nowadays expose pidfdid at various places, e.g. envvars
and dbus properties. Also the sd_notify() MAINPID= message
has been complemented with MAINPIDFDID=. But acquiring
pidfdid is actually non-trivial especially considering
the 32-bit case, hence let's introduce a public helper
in sd-daemon specifically for that purpose.
I'd like to introduce a libsystemd helper for acquiring pidfd
inode id, which however means the fd passed to pidfd_check_pidfs()
can no longer be trusted. Let's add back the logic of allocating
a genuine pidfd allocated internally, which was remove in
5dc9d5b4ea.
Prompted by https://github.com/systemd/systemd/pull/37646#discussion_r2126882561
Follow-up for 879952a853
Currently, almost all cgroup attr getters check cgroup_path for whether
cgroup is around. This is actually great, because we never want to expose
a non-existent cgroup path via IPC and such. However, it is spuriously
initialized at places where it shouldn't be, e.g. in unit_warn_leftover_processes().
This matters especially to units that *may* carry processes to run, but
not *always*, notably socket units. unit_warn_leftover_processes() is supposed
to be informative only and not try to set cgroup tracking to realized in
a half-assed way.
Hence, let's kill cgroup_realized field, and make sure cgroup_path is set
only if cgroup has been created. Be extra careful with deserialization
though, since the previous versions don't follow this rule and we need
to patch cgroup_path manually based on cgroup_realized we got from deserialization.
Calls to unit_watch_cgroup*() are dropped in cgroup_runtime_deserialize_one(),
because unit_deserialize_state() will invalidate cgroup realized state and
reapply later.
This was from v228, i.e. before cgroup v2 got introduced.
Nowadays cgroup v1 is outright rejected during initialization,
i.e. upgrading isn't possible whatsoever. Remove the compat glue there.
As usual, we need to protect ourselves against concurrent modification
of journal files. We a pretty good at that these days when reading
journal files. But journal_file_copy_entry() so far wasn't too good with
that. journal_file_append_data() so far returned EINVAL when you pass
invalid data to it. Since we pass the source data as-is in there, it's
going to fail if the journal source file is slightly invalid due to a
concurrent update.
Hence, we need to validate data gracefully here that we think comes from
a safe place, because actually it doesn't, it's directly copied from an
unsafe journal file.
Hence, let's introduce a clear error code here, and look for it in
journal_file_copy_entry(), and handle it gracefully.
Pretty sure this fixes#33372, but it's a race, so I don't know for
sure. If this remains reproducible we need to look at this again.
Fixes: #33372
Let's rename the return parameters as "ret_xyz" systematically in
sd-login.
Also, let's make the return parameters systematically optional, like we
typically do these days. So far some where optional, other's weren't.
Let's clean this up.
Since 8065d02e26 ("copy: Fix error handling in fd_copy_directory()")
we immediately abort recursive copy operations on ENOSPC. Let's also
abort on the common case of filesystems not supporting fs-verity: if
it's unsupported for one file, it's unlikely to work for the 1000s that
follow it.
We do this by mapping the two fs-verity "not supported" errors (ENOTTY,
EOPNOTSUPP) to ESOCKTNOSUPPORT as a special "fs-verity not supported
here" error. When we see that error at the top level we exit
immediately.
This prevents us from having to see the same error message literally
thousands of time when using fsverity=copy with systemd-repart on a
filesystem which lacks the proper support.
Adjust the test-copy test case to expect the new errno. Previously this
test case would output multiple failure lines per `copy_tree_at()`
invocation (for the failing cases) but now it only outputs one.
