potatOS/potatOS-for-linux
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2025-11-05 18:04:45 +01:00
Code Issues Releases Wiki Activity
84,542 Commits 7 Branches 420 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Chris Down 666cd35be4 core: Only apply unprivileged userns logic to user managers 
Commit 38748596f078 ("core: Make DelegateNamespaces= work for user
managers with CAP_SYS_ADMIN") refactored the logic for when an
unprivileged process should create a new user namespace for sandboxing.

This refactor inadvertently removed a check (`params->runtime_scope !=
RUNTIME_SCOPE_USER`) that differentiated between system services and user
services.

This causes a regression in rootless containers where systemd runs
unprivileged. When starting a system service (like `dbus-broker`) that
uses sandboxing features (eg. with `PrivateTmp=yes`), systemd now
incorrectly creates a new, minimal `PRIVATE_USERS_SELF` namespace.

This new namespace only maps UID/GID 0. When dbus-broker attempts to
drop privileges to the `dbus` user (GID 81), the `setresgid(81, 81, 81)`
call fails because GID 81 is not mapped.

Restore the check to ensure that the special unprivileged sandboxing
logic is only applied to user services, as was the original intent.
System services in a rootless context will now correctly run in the
container's main user namespace, where all necessary UIDs/GIDs are
mapped.

Fixes: https://github.com/systemd/systemd/issues/39563
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2391343
2025-11-05 21:12:52 +08:00
.clusterfuzzlite
ci: unpin CFLite
2022-04-26 09:13:57 +00:00
.github
build(deps): bump softprops/action-gh-release from 2.2.2 to 2.4.1
2025-11-01 18:12:26 +09:00
.obs
ci: stop triggering suse-specific package build on OBS
2025-08-08 18:46:07 +01:00
.semaphore
semaphore-runner: disable cgroup setup in lxc
2025-03-16 15:30:38 +01:00
catalog
pcrextend: make use new nvindex-based PCRs
2025-11-02 21:14:35 +01:00
coccinelle
tree-wide: use sd_bus_message_send() instead of sd_bus_send() wherever possible
2025-06-24 23:23:40 +09:00
docs
doc: document NvPCRs briefly
2025-11-02 21:26:13 +01:00
factory
meson: drop explicit custom_target names
2025-06-28 17:14:50 +02:00
hwdb.d
hwdb: add support for the Logitech MX Master 4 (#39490)
2025-10-30 20:16:26 +09:00
LICENSES
licensing: update address of FSF
2025-10-07 13:00:12 +01:00
man
core/service: rework ExecReload= + Type=notify-reload interaction, add ExecReloadPost=
2025-11-04 12:18:33 +01:00
mime
mime: add mimetype for luks home dir
2025-03-07 17:27:20 +01:00
mkosi
mkosi: update fedora commit reference to 8e2833a5b64f7e2ce62ea0a2d0ec9e393e718dfa
2025-11-03 13:31:22 +01:00
modprobe.d
modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0
2024-01-12 23:24:54 +00:00
network
network/dhcp-server: improvements for saving/loading leases (#37835)
2025-06-17 14:31:22 +02:00
po
po: Translated using Weblate (Portuguese (Brazil))
2025-10-30 11:46:06 +09:00
presets
presets: Disable by default for initrd presets
2025-07-04 16:22:27 +01:00
profile.d
Drop machine-id OSC event field if /etc/machine-id doesn't exist
2025-10-09 09:08:13 +02:00
rules.d
rules.d/60-block.rules: fix typo
2025-11-02 10:56:31 +01:00
shell-completion
analyze: add new verb for determining NvPCR values
2025-11-02 21:14:35 +01:00
src
core: Only apply unprivileged userns logic to user managers
2025-11-05 21:12:52 +08:00
sysctl.d
meson: drop explicit custom_target names
2025-06-28 17:14:50 +02:00
sysusers.d
meson: drop explicit custom_target names
2025-06-28 17:14:50 +02:00
test
TEST-64-UDEV-STORAGE: generate debugging logs
2025-11-05 05:16:48 +09:00
tmpfiles.d
fsck,quotacheck: drop support for traditional /forcefsck, /fastboot, and /forcequotacheck files
2025-07-16 05:47:38 +09:00
tools
tree-wide: drop unused libcap dependencies
2025-10-24 01:52:59 +09:00
units
tpm2-setup: measure "anchor" extension early at boot into nvpcrs
2025-11-02 21:14:35 +01:00
xorg
xorg/50-systemd-user: add a full license header
2021-10-01 14:45:00 +02:00
.clang-format
clang-format: Add include sorting directives
2025-04-30 09:30:33 +02:00
.clang-tidy
clang-tidy: enable bugprone-argument-comment check
2025-06-04 15:50:00 +02:00
.clangd
clangd: Enable UnusedIncludes feature again
2025-05-24 20:57:05 +02:00
.ctags
editors: Prevent ctags from following symlinks
2019-02-15 11:01:20 -08:00
.dir-locals.el
scripts: use 4 space indentation
2019-04-12 08:30:31 +02:00
.editorconfig
chore: fix editorconfig pattern and add setting for zsh
2025-05-30 14:53:45 +09:00
.gitattributes
Mark all base64 files as generated
2023-08-16 12:49:45 +02:00
.gitignore
gitignore: add aider
2025-10-20 11:39:25 +01:00
.mailmap
mailmap: deduplicate Daan
2025-09-17 12:08:03 +02:00
.packit.yml
mkosi: update fedora commit reference to 8e2833a5b64f7e2ce62ea0a2d0ec9e393e718dfa
2025-11-03 13:31:22 +01:00
.pylintrc
Add .pylintrc to globally suppress warnings we don't really care about
2023-08-10 18:13:29 +02:00
.vimrc
vimrc: explicitly set shiftwidth for the C file type
2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py
tools: consistently use #!/usr/bin/env python3
2025-07-25 12:33:13 +02:00
CITATION.cff
add CITATION.cff file
2025-06-05 14:39:20 +02:00
LICENSE.GPL2
licensing: update address of FSF
2025-10-07 13:00:12 +01:00
LICENSE.LGPL2.1
licensing: update address of FSF
2025-10-07 13:00:12 +01:00
meson_options.txt
tpm2-util: add infra for allocating nvindex-based PCRs (aka "NvPCRs")
2025-11-02 21:14:35 +01:00
meson.build
tpm2-util: add infra for allocating nvindex-based PCRs (aka "NvPCRs")
2025-11-02 21:14:35 +01:00
meson.version
meson: bump version to 259~devel for next cycle
2025-09-17 13:06:07 +01:00
mypy.ini
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
NEWS
mount-setup: Add memory_hugetlb_accounting to cgroupfs mount
2025-10-30 22:28:41 +01:00
README
mount-setup: Add memory_hugetlb_accounting to cgroupfs mount
2025-10-30 22:28:41 +01:00
README.md
README: update badges
2025-05-22 01:37:05 +09:00
ruff.toml
ruff: Default to python 3.7 version
2025-07-10 18:09:17 +02:00
TODO
update TODO
2025-11-04 14:12:39 +01:00

README.md

Systemd

System and Service Manager

OBS Packages Status
Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Fossies codespell report
Translation status
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack

Repositories with distribution packages built from git main are available on OBS

Description
PotatOS for Linux.
clinuxsystemd
Readme Cite this repository 642 MiB