update TODO

test: invoke systemd-nspawn properly from a session
2025-10-09 21:54:44 +02:00 · 2025-07-08 10:53:58 +02:00 · 2025-07-08 09:56:45 +02:00 · 2025-07-08 15:55:01 +09:00 · 2025-07-08 15:54:49 +09:00 · 2025-07-08 06:43:17 +02:00
6 changed files with 36 additions and 65 deletions
--- a/51
+++ b/51
@ -128,6 +128,15 @@ Deprecations and removals:
 Features:
 * Add ELF section to make systemd main binary recognizable cleanly, the same
  way as we make sd-boot recognizable via PE section.
 * Add knob to cryptsetup, to trigger automatic reboot on failure to unlock
  disk. Enable this by default for rootfs, also in gpt-auto-generator
 * Add RebootUptimeMinSec= knob to PID 1, that makes systemd-shutdown sleep
  until the specified uptime has passed, to lengthen tight boot loops.
 * replace bootctl's PE version check to actually use APIs from pe-binary.[ch]
  to find binary version.
@ -166,8 +175,6 @@ Features:
 * nspawn: map foreign UID range through 1:1
 * replace most calls to sd_bus_send() by sd_bus_message_send()
 * replace all uses of fopen_temporary() by fopen_tmpfile_linkable() +
  flink_tmpfile() and then get rid of fopen_temporary(). Benefit: use O_TMPFILE
  pervasively, and avoid rename() wherever we can.
@ -357,13 +364,6 @@ Features:
 * also parse out primary GPT disk label uuid from gpt partition device path at
  boot and pass it as efi var to OS.
 * maybe rework invocation of stub's inner PE payload: since we already parse PE
  anyway, maybe jump directly into the image, after finding the linux UEFI
  entrypoint. After all we invest quite some effort to disable
  validation/measurement of the inner image, i.e. we want nothing from UEFI's
  own image loading code paths. Given that everything's statically linked
  anyway on UEFI it should be easy to just jump into the already loaded image.
 * storagetm: maybe also serve the specified disk via HTTP? we have glue for
  microhttpd anyway already. Idea would also be serve currently booted UKI as
  separate HTTP resource, so that EFI http boot on another system could
@ -433,10 +433,6 @@ Features:
 * Allocate UIDs/GIDs automatically in userdbctl load-credentials if none are
  included in the user/group record credentials
 * the ordering cycle log messages in transaction_verify_order_one() should
  really be recognizable via a message id and come with an explanatory catalog
  message
 * introduce new ANSI sequence for communicating log level and structured error
  metadata to terminals.
@ -460,10 +456,6 @@ Features:
 * resolved: make resolved process DNR DHCP info
 * Teach systemd-ssh-generator to generated an /run/issue.d/ drop-in telling
  users how to connect to the system via the AF_VSOCK, as per:
  https://github.com/systemd/systemd/issues/35071#issuecomment-2462803142
 * maybe introduce an OSC sequence that signals when we ask for a password, so
  that terminal emulators can maybe connect a password manager or so, and
  highlight things specially.
@ -726,12 +718,6 @@ Features:
  a program is invoked, and its output captured, with correct EOF handling and
  exit code propagation
 * new systemd-analyze "join" verb or so, for debugging services. Would be
  nsenter on steroids, i.e invoke a shell or command line in an environment as
  close as we can make it for the MainPID of a service. Should be built around
  pidfd, so that we can reasonably robustly do this. Would only cover the
  execution environment like namespaces, but not the privilege settings.
 * Introduce a CGroupRef structure, inspired by PidRef. Should contain cgroup
  path, cgroup id, and cgroup fd. Use it to continuously pin all v2 cgroups via
  a cgroup_ref field in the CGroupRuntime structure. Eventually switch things
@ -840,8 +826,6 @@ Features:
 * systemd-pcrmachine should probably also measure the SMBIOS system UUID.
 * sd-boot: allow synthesizing additional type1 entries via SMBIOS vendor strings
 * storagetm:
  - add USB mass storage device logic, so that all local disks are also exposed
    as mass storage devices on systems that have a USB controller that can
@ -1163,9 +1147,6 @@ Features:
  access to due to the userns + nfs semantics of the user. Alternatively: use
  the seccomp log action, and allow it.
 * maybe: systemd-loop-generator that sets up loopback devices if requested via kernel
  cmdline. use case: include encrypted/verity root fs in UKI.
 * systemd-gpt-auto-generator: add kernel cmdline option to override block
  device to dissect. also support dissecting a regular file. useccase: include
  encrypted/verity root fs in UKI.
@ -1828,8 +1809,6 @@ Features:
 * add growvol and makevol options for /etc/crypttab, similar to
  x-systemd.growfs and x-systemd-makefs.
 * userdb: allow uid/gid range checks
 * userdb: allow existence checks
 * pid1: activation by journal search expression
@ -2021,14 +2000,6 @@ Features:
 * beef up pam_systemd to take unit file settings such as cgroups properties as
  parameters
 * maybe hook up xfs/ext4 quotactl() with services? i.e. automatically manage
  the quota of the user indicated in User= via unit file settings, like the
  other resource management concepts. Would mix nicely with DynamicUser=1. Or
  alternatively, do this with projids, so that we can also cover services
  running as root. Quota should probably cover all the special dirs such as
  StateDirectory=, LogsDirectory=, CacheDirectory=, as well as RootDirectory= if it
  is set, plus the whole disk space any image configured with RootImage=.
 * In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant
  disks to see if the UID is already in use.
@ -2054,9 +2025,6 @@ Features:
  "systemd-gdb" for attaching to the start-up of any system service in its
  natural habitat.
 * gpt-auto logic: support encrypted swap, add kernel cmdline option to force
  it, and honour a gpt bit about it, plus maybe a configuration file
 * add a percentage syntax for TimeoutStopSec=, e.g. TimeoutStopSec=150%, and
  then use that for the setting used in user@.service. It should be understood
  relative to the configured default value.
@ -2193,7 +2161,6 @@ Features:
 * add bus api to query unit file's X fields.
 * gpt-auto-generator:
  - Define new partition type for encrypted swap? Support probed LUKS for encrypted swap?
  - Make /home automount rather than mount?
 * add generator that pulls in systemd-network from containers when
--- a/src/machine/machinectl.c
+++ b/src/machine/machinectl.c
@ -484,7 +484,7 @@ static int print_uid_shift(sd_bus *bus, const char *name) {
        if (shift == 0) /* Don't show trivial mappings */
                return 0;
-        printf("       UID Shift: %" PRIu32 "\n", shift);
+        printf("\tID Shift: %" PRIu32 "\n", shift);
        return 0;
 }
--- a/src/nspawn/nspawn-register.c
+++ b/src/nspawn/nspawn-register.c
@ -266,7 +266,7 @@ int allocate_scope(
        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
        _cleanup_free_ char *scope = NULL;
-        const char *description, *object;
+        const char *object;
        int r;
        assert(bus);
@ -292,12 +292,14 @@ int allocate_scope(
        if (r < 0)
                return bus_log_create_error(r);
        description = strjoina("Container ", machine_name);
        r = bus_append_scope_pidref(m, pid, FLAGS_SET(flags, ALLOCATE_SCOPE_ALLOW_PIDFD));
        if (r < 0)
                return bus_log_create_error(r);
        _cleanup_free_ char *description = strjoin("Container ", machine_name);
        if (!description)
                return log_oom();
        r = sd_bus_message_append(m, "(sv)(sv)(sv)(sv)(sv)",
                                  "Description", "s", description,
                                  "Delegate", "b", 1,
@ -387,11 +389,11 @@ int terminate_scope(
        _cleanup_free_ char *scope = NULL;
        int r;
-        r = unit_name_mangle_with_suffix(machine_name, "to terminate", 0, ".scope", &scope);
+        r = unit_name_mangle_with_suffix(machine_name, "to terminate", /* flags= */ 0, ".scope", &scope);
        if (r < 0)
                return log_error_errno(r, "Failed to mangle scope name: %m");
-        r = bus_call_method(bus, bus_systemd_mgr, "AbandonScope", &error, NULL, "s", scope);
+        r = bus_call_method(bus, bus_systemd_mgr, "AbandonScope", &error, /* ret_reply= */ NULL, "s", scope);
        if (r < 0) {
                log_debug_errno(r, "Failed to abandon scope '%s', ignoring: %s", scope, bus_error_message(&error, r));
                sd_bus_error_free(&error);
@ -412,7 +414,7 @@ int terminate_scope(
                sd_bus_error_free(&error);
        }
-        r = bus_call_method(bus, bus_systemd_mgr, "UnrefUnit", &error, NULL, "s", scope);
+        r = bus_call_method(bus, bus_systemd_mgr, "UnrefUnit", &error, /* ret_reply= */ NULL, "s", scope);
        if (r < 0)
                log_debug_errno(r, "Failed to drop reference to scope '%s', ignoring: %s", scope, bus_error_message(&error, r));
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@ -1332,11 +1332,10 @@ static int parse_argv(int argc, char *argv[]) {
                        break;
                case ARG_NOTIFY_READY:
-                        r = parse_boolean(optarg);
+                        r = parse_boolean_argument("--notify-ready=", optarg, &arg_notify_ready);
                        if (r < 0)
-                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                return r;
-                                                       "%s is not a valid notify mode. Valid modes are: yes, no, and ready.", optarg);
+
                        arg_notify_ready = r;
                        arg_settings_mask |= SETTING_NOTIFY_READY;
                        break;
@ -5483,13 +5482,13 @@ static int run_container(
                r = sd_bus_match_signal_async(
                                bus,
-                                NULL,
+                                /* ret= */ NULL,
                                "org.freedesktop.systemd1",
-                                NULL,
+                                /* path= */ NULL,
                                "org.freedesktop.systemd1.Scope",
                                "RequestStop",
                                on_request_stop,
-                                NULL,
+                                /* install_callback= */ NULL,
                                pid);
                if (r < 0)
                        return log_error_errno(r, "Failed to request RequestStop match: %m");
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@ -727,9 +727,12 @@ static int read_vsock_notify(NotifyConnectionData *d, int fd) {
        p = strv_find_startswith(tags, "EXIT_STATUS=");
        if (p) {
-                r = safe_atoi(p, d->exit_status);
+                uint8_t k = 0;
                r = safe_atou8(p, &k);
                if (r < 0)
                        log_warning_errno(r, "Failed to parse exit status from %s, ignoring: %m", p);
                else
                        *d->exit_status = k;
        }
        return 1; /* done */
--- a/test/units/TEST-13-NSPAWN.nspawn.sh
+++ b/test/units/TEST-13-NSPAWN.nspawn.sh
@ -1271,20 +1271,20 @@ testcase_unpriv() {
    create_dummy_ddi "$tmpdir" "$name"
    chown --recursive testuser: "$tmpdir"
-    systemd-run \
+    run0 --pipe -u testuser systemd-run \
        --user \
        --pipe \
        --uid=testuser \
        --property=Delegate=yes \
        -- \
        systemd-nspawn --pipe --private-network --register=no --keep-unit --image="$tmpdir/$name.raw" echo hello >"$tmpdir/stdout.txt"
    echo hello | cmp "$tmpdir/stdout.txt" -
    # Make sure per-user search path logic works
-    systemd-run --pipe --uid=testuser mkdir -p /home/testuser/.local/state/machines
+    run0 -u testuser --pipe mkdir -p /home/testuser/.local/state/machines
-    systemd-run --pipe --uid=testuser ln -s "$tmpdir/$name.raw" /home/testuser/.local/state/machines/"x$name.raw"
+    run0 -u testuser --pipe ln -s "$tmpdir/$name.raw" /home/testuser/.local/state/machines/"x$name.raw"
-    systemd-run \
+    run0 --pipe -u testuser systemd-run \
        --user \
        --pipe \
        --uid=testuser \
        --property=Delegate=yes \
        -- \
        systemd-nspawn --pipe --private-network --register=no --keep-unit --machine="x$name" echo hello >"$tmpdir/stdout.txt"
@ -1351,9 +1351,9 @@ testcase_unpriv_fuse() {
    create_dummy_ddi "$tmpdir" "$name"
    chown --recursive testuser: "$tmpdir"
-    [[ "$(systemd-run \
+    [[ "$(run0 -u testuser --pipe systemd-run \
              --user \
              --pipe \
              --uid=testuser \
              --property=Delegate=yes \
              --setenv=SYSTEMD_LOG_LEVEL \
              --setenv=SYSTEMD_LOG_TARGET \
Author	SHA1	Message	Date
Lennart Poettering	309e269606	update TODO	2025-07-08 10:53:58 +02:00
Lennart Poettering	976444f64f	update TODO	2025-07-08 09:56:45 +02:00
Lennart Poettering	14354d70e1	test: invoke systemd-nspawn properly from a session Let's not run user code outside of user context, that's not how things are deployed, and means we cannot test the session setup properly	2025-07-08 15:55:01 +09:00
Yu Watanabe	5cc21b78b6	minor fixes to nspawn, machined, vmspawn (#38110 ) Nothing earth shattering. Just clean-ups.	2025-07-08 15:54:49 +09:00
Lennart Poettering	5279acb58d	vmspawn: tighten parser of EXIT_STATUS= The EXIT_STATUS is supposed to encapuslate an ANSI C process exit status, which is 8bit unsigned. Hence parse it as such, do not accept negative values, or values > 255.	2025-07-08 06:43:17 +02:00
Lennart Poettering	ba4624ff6c	nspawn: fix parser of --notify-ready= This switch takes a bool only, not an enum, hence don't claim otherwise in the error log message.	2025-07-08 06:42:14 +02:00
Lennart Poettering	3779bdd5a3	nspawn: add argument comments to various calls	2025-07-08 06:42:04 +02:00
Lennart Poettering	93555abe29	nspawn: don't use strjoina() for user controlled strings	2025-07-08 06:40:46 +02:00
Lennart Poettering	a13fda9e67	machinectl: fix status output indentation All other status output lines use tabs, use that for the ID shift line too. otherwise output will appear unaligned if log viewers have fixed tab stop positions.	2025-07-08 06:40:35 +02:00