Lennart Poettering
e594a3b154
repart: add new systemd-repart tool
...
Fixes : #14052
2020-01-20 17:42:03 +01:00
Lennart Poettering
b57ebc6004
conf-parser: add parser for 32bit signed integers
2020-01-20 17:42:03 +01:00
Lennart Poettering
7e70f2cb0e
locale-util: add special glyph Σ
2020-01-20 17:42:03 +01:00
Lennart Poettering
1d2a1a0cb8
locale-util: add block drawing special glyphs
2020-01-20 17:42:03 +01:00
Lennart Poettering
137688dff4
format-table: add support for formatting uuids/id128 values
2020-01-20 17:42:03 +01:00
Lennart Poettering
1293a168f1
id128: move make_v4_uuid into id128-util.h to make it generally useful
2020-01-20 17:42:03 +01:00
Lennart Poettering
449d530700
makefs: simplify SPDX header
2020-01-20 17:42:03 +01:00
Sascha Dewald
fc57f105d9
pkgconf: add full generator paths
2020-01-18 17:48:28 +01:00
Lennart Poettering
7e284b054e
tree-wide: we forgot to destroy some bus errors
2020-01-18 17:47:20 +01:00
Zbigniew Jędrzejewski-Szmek
8a9125cbb3
Merge pull request #14596 from poettering/no-mask-perpetual
...
core: don't allow perpetual units to be masked
2020-01-18 10:17:10 +01:00
Wieland Hoffmann
287cf2d802
typo: "May modify to" -> "May modify"
2020-01-18 10:08:27 +01:00
Lennart Poettering
0879fbd6fe
mount: make checks on perpetual mount units more lax
...
We don#t really care where perpetual mounts are mounted from, since they
have to exist since before we run anyway.
2020-01-17 15:09:18 +01:00
Lennart Poettering
88414eed6f
core: never allow perpetual units to be masked
...
Fixes : #14550
2020-01-17 15:02:15 +01:00
Zbigniew Jędrzejewski-Szmek
4ca739e20a
core: reduce indentation a bit
2020-01-17 08:13:09 +01:00
Zbigniew Jędrzejewski-Szmek
b0a94df963
logind: use loop instead of repeated code
...
https://github.com/systemd/systemd/pull/14096#discussion_r350953689
2020-01-17 08:13:09 +01:00
Zbigniew Jędrzejewski-Szmek
ddee3ada46
shared/user-record-nss: use macro to avoid repeats
...
It's easier to read when each field is intialized in exactly one place.
2020-01-17 08:13:09 +01:00
Zbigniew Jędrzejewski-Szmek
192aee3cae
shared/user-record-nss: shorten code a bit
...
free_and_strdup() already does comparison internally.
2020-01-16 21:57:00 +01:00
Arian van Putten
c7d26acce6
Disable reading SystemdOptions EFI Var when in SecureBoot mode
...
In SecureBoot mode this is probably not what you want. As your cmdline
is cryptographically signed like when using Type #2 EFI Unified Kernel
Images (https://systemd.io/BOOT_LOADER_SPECIFICATION/ ) The user's
intention is then that the cmdline should not be modified. You want to
make sure that the system starts up as exactly specified in the signed
artifact.
2020-01-16 18:46:56 +01:00
Zbigniew Jędrzejewski-Szmek
32458cc968
sysctl: downgrade message when we have no permission
...
We need to run sysctl also in containers, because the network
subtree is namespaces and may legitimately be writable. But logging
all "errors" at notice level creates unwanted noise.
Also downgrade message about missing sysctls to log_info. This might also be
relatively common when configuration is targeted at different kernel
versions. With log_debug it'll still end up in the logs, but isn't really worth
of "notice" most of the time.
https://bugzilla.redhat.com/show_bug.cgi?id=1609806
2020-01-16 14:45:50 +01:00
Zbigniew Jędrzejewski-Szmek
b2ae4d9eb8
sysctl: move hashmap allocation out of main function
...
This allocation is a low level detail, and it seems nicer to keep it
out of run().
2020-01-16 14:45:37 +01:00
Zbigniew Jędrzejewski-Szmek
251d3d20c3
Merge pull request #14581 from poettering/setcred-alternative-fix
...
alternative pam_setcred() fix
2020-01-16 09:53:26 +01:00
Lennart Poettering
4bb68f2fee
core: on each iteration processing /proc/self/mountinfo merge all discovery flags for each path
...
This extends on d253a45e1c
, and instead of
merging just a single flag from previous mount entries of
/proc/self/mountinfo for the same path we merge all three.
This shouldn't change behaviour, but I think make things more readable.
Previously we'd set MOUNT_PROC_IS_MOUNTED unconditionally, we still do.
Previously we'd inherit MOUNT_PROC_JUST_MOUNTED from a previous entry on
the same line, we still do.
MOUNT_PROC_JUST_CHANGED should generally stay set too. Why that? If we
have two mount entries on the same mount point we'd first process one
and then the other, and the almost certainly different mount parameters
of the two would mean we'd set MOUNT_PROC_JUST_CHANGED for the second.
And with this we'll definitely do that still.
This also adds a comment explaining the situation a bit, and why we get
into this situation.
2020-01-15 17:42:12 +01:00
Lennart Poettering
46d7c6afbf
execute: allow pam_setcred() to fail, ignore errors
...
Fixes : #14567
Alternative-To: #14569
2020-01-15 17:10:43 +01:00
Lennart Poettering
5b8d1f6b77
execute: add const to array parameters, where possible
2020-01-15 17:10:28 +01:00
Lennart Poettering
f9c1f4e193
pam-systemd: apply user record properties to session
...
This way any component providing us with JSON user record data can use
this for automatic resource management and other session properties.
2020-01-15 15:30:02 +01:00
Lennart Poettering
7bfbf6cc92
pam-systemd: normalize return values of append_session_xyz()
...
Let's propagate the PAM errors we got.
2020-01-15 15:29:59 +01:00
Lennart Poettering
9ab0d3ebe5
pam-systemd: port over to use a UserRecord structure
...
Later on this allows us to set various session properties from user
record.
2020-01-15 15:29:55 +01:00
Lennart Poettering
355c9966c2
pam-systemd: share bus connection with pam_systemd_home if we can
...
Let's use the pam-util.h provided helpers to acquire them.
2020-01-15 15:29:52 +01:00
Lennart Poettering
d750dde2a6
pam-systemd: port to pam_bus_log_{create|parse}_error() and pam_log_oom()
2020-01-15 15:29:48 +01:00
Lennart Poettering
cef9f2a647
shared: add pam utility helpers
2020-01-15 15:29:31 +01:00
Lennart Poettering
d510589fd0
logind: honour per-user stopDelayUSec property
2020-01-15 15:29:27 +01:00
Lennart Poettering
156a363750
logind: honour killProcesses field of user record
2020-01-15 15:29:24 +01:00
Lennart Poettering
e8e4b7a0b6
logind: enforce user record resource settings when user logs in
2020-01-15 15:29:21 +01:00
Lennart Poettering
22c902facc
logind: port to UserRecord object
...
This changes the user tracking of logind to use the new-style UserRecord
object.
In a later commit this enables us to do per-user resource management.
2020-01-15 15:29:17 +01:00
Lennart Poettering
1684c56f40
nss: hook up nss-systemd with userdb varlink bits
...
This changes nss-systemd to use the new varlink user/group APIs for
looking up everything.
(This also changes the factory /etc/nsswitch.conf line to use for
hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we
can properly merge group membership lists).
Fixes : #12492
2020-01-15 15:29:07 +01:00
Lennart Poettering
19d22d433d
core: add user/group resolution varlink interface to PID 1
2020-01-15 15:28:55 +01:00
Lennart Poettering
4bad7eedae
core: make return parameter of dynamic_user_lookup_name() optional
2020-01-15 15:28:52 +01:00
Lennart Poettering
1604937f83
userdbd: add userdbctl tool as client for userdbd
2020-01-15 15:28:42 +01:00
Lennart Poettering
d093b62c94
userdbd: add new service that can merge userdb queries from multiple clients
2020-01-15 15:28:17 +01:00
Lennart Poettering
295c1a6e45
shared: add helpers for displaying new-style user/group records to users
2020-01-15 15:27:59 +01:00
Lennart Poettering
ec8e4a0ef1
shared: add internal API for querying JSON user records via varlink
...
This new API can be used in place of NSS by our own internal code if
more than the classic UNIX records are needed.
2020-01-15 15:27:41 +01:00
Lennart Poettering
9b2d907877
shared: add helpers for converting NSS passwd/group structures to new JSON objects
...
These new calls may be used to convert classic UNIX/glibc NSS struct
passwd and struct group records into new-style JSON-based user/group
objects.
2020-01-15 15:27:23 +01:00
Lennart Poettering
71d0b9d422
shared: add generic user/group record structures and JSON parsers
2020-01-15 15:27:04 +01:00
Lennart Poettering
64aa2622a3
libcrypt-util: add superficial validator for UNIX hashed password strings
2020-01-15 15:26:51 +01:00
Lennart Poettering
42f3b2f975
shared: split out crypt() specific helpers into its own .c/.h in src/shared/
...
This way we can use libxcrypt specific functionality such as
crypt_gensalt() and thus take benefit of the newer algorithms libxcrypt
implements. (Also adds support for a new env var $SYSTEMD_CRYPT_PREFIX
which may be used to select the hash algorithm to use for libxcrypt.)
Also, let's move the weird crypt.h inclusion into libcrypt.h so that
there's a single place for it.
2020-01-15 15:26:27 +01:00
Lennart Poettering
2ee4b118fa
nss-util: add macros for generating getpwent()/getgrent() prototypes
...
We have similar macros already for getpwuid()/getpwnam(), let's add more
of this.
2020-01-15 15:25:32 +01:00
Zbigniew Jędrzejewski-Szmek
98f44b97bb
Merge pull request #14562 from yuwata/table-strv
...
introduce TABLE_STRV and use it in networkctl and resolvectl
2020-01-15 13:59:11 +01:00
Lennart Poettering
eea45a3399
Merge pull request #14424 from poettering/watch-bus-name-rework
...
pid1: simplify drastically how we watch bus names for service's BusName= setting
2020-01-15 11:46:11 +01:00
Yu Watanabe
222a6aace7
Merge pull request #14547 from keszybz/networkctl-matching
...
networkctl: return error or warning when interfaces are not matched
2020-01-15 11:56:01 +09:00
Yu Watanabe
bbaba5748d
test-format-table: add tests for TABLE_STRV
2020-01-15 11:52:40 +09:00