2025-11-20 09:14:46 +01:00
10 changed files with 35 additions and 169 deletions
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@ -413,14 +413,6 @@ All tools:
  variable. Similarly, `$SYSTEMD_CONFEXT_MUTABLE_MODE` works for confext images
  and supports the systemd-confext multi-call functionality of sysext.
 * `$SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS` — this variable may be used to
  override the overlayfs mount options applied for hierarchies managed by
  `systemd-sysext`. Similarly, `$SYSTEMD_CONFEXT_OVERLAYFS_MOUNT_OPTIONS` works
  for confext images and supports the systemd-confext multi-call functionality
  of sysext. Read-only hierarchies have no mount options added by
  default. Mutable hierarchies have the following mount options added by
  default: `redirect_dir=on,noatime,metacopy=off,index=off`.
 `systemd-tmpfiles`:
 * `$SYSTEMD_TMPFILES_FORCE_SUBVOL` — if unset, `v`/`q`/`Q` lines will create
--- a/docs/UIDS-GIDS.md
+++ b/docs/UIDS-GIDS.md
@ -275,18 +275,18 @@ i.e. somewhere below `/var/` or similar.
 |                   1…4 | 0x00000001…0x00000004 |          4 | System users                      | Distributions | `/etc/passwd`                 |
 |                     5 |            0x00000005 |          1 | `tty` group                       | `systemd`     | `/etc/passwd`                 |
 |                 6…999 | 0x00000006…0x000003E7 |        994 | System users                      | Distributions | `/etc/passwd`                 |
-|            1000…60000 | 0x000003E8…0x0000EA60 |      59001 | Regular users                     | Distributions | `/etc/passwd` + LDAP/NIS/…    |
+|            1000…60000 | 0x000003E8…0x00001770 |      59000 | Regular users                     | Distributions | `/etc/passwd` + LDAP/NIS/…    |
 |           60001…60513 | 0x0000EA61…0x0000EC61 |        513 | Human users (homed)               | `systemd`     | `nss-systemd`                 |
 |           60514…60577 | 0x0000EC62…0x0000ECA1 |         64 | Host users mapped into containers | `systemd`     | `systemd-nspawn`              |
 |           60578…60705 | 0x0000ECA2…0x0000ED21 |        128 | Dynamic greeter users             | `systemd`     | `nss-systemd`                 |
 |           60706…61183 | 0x0000ED22…0x0000EEFF |        478 | *unused*                          |               |                               |
 |           61184…65519 | 0x0000EF00…0x0000FFEF |       4336 | Dynamic service users             | `systemd`     | `nss-systemd`                 |
-|           65520…65533 | 0x0000FFF0…0x0000FFFD |         14 | *unused*                          |               |                               |
+|           65520…65533 | 0x0000FFF0…0x0000FFFD |         13 | *unused*                          |               |                               |
 |                 65534 |            0x0000FFFE |          1 | `nobody` user                     | Linux         | `/etc/passwd` + `nss-systemd` |
 |                 65535 |            0x0000FFFF |          1 | 16-bit `(uid_t) -1`               | Linux         |                               |
 |          65536…524287 | 0x00010000…0x0007FFFF |     458752 | *unused*                          |               |                               |
 |     524288…1879048191 | 0x00080000…0x6FFFFFFF | 1878523904 | Container UID ranges              | `systemd`     | `nss-systemd`                 |
-| 1879048192…2147352575 | 0x70000000…0x7FFDFFFF |  268304384 | *unused*                          |               |                               |
+| 1879048192…2147352575 | 0x70000000…0x7FFDFFFF | 1879048192 | *unused*                          |               |                               |
 | 2147352576…2147418111 | 0x7FFE0000…0x7FFEFFFF |      65536 | Foreign UID range                 | `systemd`     | `nss-systemd`                 |
 | 2147418112…2147483647 | 0x7FFF0000…0x7FFFFFFF |      65536 | *unused*                          |               |                               |
 | 2147483648…4294967294 | 0x80000000…0xFFFFFFFE | 2147483647 | *HIC SVNT LEONES*                 |               |                               |
--- a/hwdb.d/60-input-id.hwdb
+++ b/hwdb.d/60-input-id.hwdb
@ -5,7 +5,6 @@
 #
 # Match string formats:
 # id-input:modalias:<modalias>
 # id-input:<bus>:v<vid>p<pid>:name:<name>:*
 #
 # To add local entries, create a new file
 #   /etc/udev/hwdb.d/61-input-id-local.hwdb
@ -48,20 +47,9 @@
 # id-input:modalias:input:b0003v1234pABCD*
 #  ID_INPUT_TOUCHPAD=1
 #  ID_INPUT=1
 #
 # id-input:usb:v12abp34cd:name:SomeVendor *:*
 #  ID_INPUT_TOUCHPAD=1
 #  ID_INPUT=1
 #
 # For technical reasons the hexadecimal vid/pid in the modalias match are
 # uppercase but lowercase in the bus/vid/pid/name match.
 # Sort by brand, model
 # Any i2c device with a Mouse suffix in the name is not a pointing stick
 id-input:i2c:*:name:*Mouse:
 ID_INPUT_POINTINGSTICK=0
 # Code Mercenaries Hard- und Software GmbH Virtual RC USB
 id-input:modalias:input:b0003v07C0p1125*
 ID_INPUT_MOUSE=
--- a/hwdb.d/parse_hwdb.py
+++ b/hwdb.d/parse_hwdb.py
@ -75,7 +75,7 @@ UDEV_TAG = Word(string.ascii_uppercase, alphanums + '_')
 TYPES = {'mouse':    ('usb', 'bluetooth', 'ps2', '*'),
         'evdev':    ('name', 'atkbd', 'input'),
         'fb':       ('pci', 'vmbus'),
-         'id-input': ('modalias', 'bluetooth', 'i2c', 'usb'),
+         'id-input': ('modalias'),
         'touchpad': ('i8042', 'rmi', 'bluetooth', 'usb'),
         'joystick': ('i8042', 'rmi', 'bluetooth', 'usb'),
         'keyboard': ('name', ),
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@ -924,7 +924,7 @@
        <para><citerefentry><refentrytitle>systemd-dissect</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        <option>--shift</option> switch may be used to shift UID/GID ownership from or to the 0, foreign or
-        specific container UID/GID base outside of any <command>systemd-nspawn</command> invocation.</para>
+        specific container UID/GID base outside of any <command>systemd-nspawn</command></para> invocation.
        <xi:include href="version-info.xml" xpointer="v230"/></listitem>
      </varlistentry>
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@ -673,7 +673,7 @@
        These variables are merged into the existing environment block of the manager process. In particular,
        in case of the system manager, this block includes variables set by the kernel based on the kernel
        command line, and in case of the user manager, the variables passed by the system manager. After
-        those variables have been merged, they will persist until overridden, even if the manager is reloaded
+        those variables have been merged, they will persist until overriden, even if the manager is reloaded
        or reexecuted. In case of the user manager, these variables are also inherited by processes spawned
        by the manager. As with <varname>DefaultEnvironment=</varname>, this environment block is internal,
        and changes are not reflected in the manager's <filename>/proc/PID/environ</filename>.</para>
--- a/rules.d/60-input-id.rules
+++ b/rules.d/60-input-id.rules
@ -5,15 +5,4 @@ ACTION=="remove", GOTO="id_input_end"
 SUBSYSTEM=="input", ENV{ID_INPUT}=="", IMPORT{builtin}="input_id"
 SUBSYSTEM=="input", IMPORT{builtin}="hwdb --subsystem=input --lookup-prefix=id-input:modalias:"
 # id-input:<bus>:v<vid>p<pid>:name:<name>:*
 KERNELS=="input*", ATTRS{id/bustype}=="0003", \
        IMPORT{builtin}="hwdb 'id-input:usb:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:'", \
        GOTO="id_input_end"
 KERNELS=="input*", ATTRS{id/bustype}=="0005", \
        IMPORT{builtin}="hwdb 'id-input:bluetooth:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:'", \
        GOTO="id_input_end"
 KERNELS=="input*", ATTRS{id/bustype}=="0018", \
        IMPORT{builtin}="hwdb 'id-input:i2c:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:'", \
        GOTO="id_input_end"
 LABEL="id_input_end"
--- a/src/boot/stub.c
+++ b/src/boot/stub.c
@ -257,21 +257,11 @@ static void process_arguments(
        EFI_SHELL_PARAMETERS_PROTOCOL *shell;
        if (BS->HandleProtocol(stub_image, MAKE_GUID_PTR(EFI_SHELL_PARAMETERS_PROTOCOL), (void **) &shell) != EFI_SUCCESS) {
-                if (loaded_image->LoadOptionsSize < sizeof(char16_t))
+                /* We also do a superficial check whether first character of passed command line
                 * is printable character (for compat with some Dell systems which fill in garbage?). */
                if (loaded_image->LoadOptionsSize < sizeof(char16_t) || ((const char16_t *) loaded_image->LoadOptions)[0] <= 0x1F)
                        goto nothing;
                /* Superficial check to ensure the load options data looks like it might be a printable
                 * string. Some Dell and other systems fill in binary data in UEFI entries that are generated
                 * by the firmware. The UEFI specification allows this. See
                 * https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html#load-options */
                for (size_t i = 0; i < loaded_image->LoadOptionsSize / sizeof(char16_t); i++) {
                        char16_t c = ((const char16_t *) loaded_image->LoadOptions)[i];
                        if (c == L'\0')
                                break;
                        if (c <= 0x1F)
                                goto nothing;
                }
                /* Not running from EFI shell, use entire LoadOptions. Note that LoadOptions is a void*, so
                 * it could actually be anything! */
                char16_t *c = xstrndup16(loaded_image->LoadOptions, loaded_image->LoadOptionsSize / sizeof(char16_t));
--- a/src/sysext/sysext.c
+++ b/src/sysext/sysext.c
@ -92,17 +92,12 @@ static int arg_noexec = -1;
 static ImagePolicy *arg_image_policy = NULL;
 static bool arg_varlink = false;
 static MutableMode arg_mutable = MUTABLE_NO;
 static const char *arg_overlayfs_mount_options = NULL;
 /* Is set to IMAGE_CONFEXT when systemd is called with the confext functionality instead of the default */
 static ImageClass arg_image_class = IMAGE_SYSEXT;
 #define MUTABLE_EXTENSIONS_BASE_DIR "/var/lib/extensions.mutable"
 /* redirect_dir=on and noatime prevent unnecessary upcopies, metacopy=off prevents broken
 * files from partial upcopies after umount, index=off allows reuse of the upper/work dirs */
 #define MUTABLE_EXTENSIONS_MOUNT_OPTIONS "redirect_dir=on,noatime,metacopy=off,index=off"
 STATIC_DESTRUCTOR_REGISTER(arg_hierarchies, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
@ -119,7 +114,6 @@ static const struct {
        const char *scope_env;
        const char *name_env;
        const char *mode_env;
        const char *opts_env;
        const ImagePolicy *default_image_policy;
        unsigned long default_mount_flags;
 } image_class_info[_IMAGE_CLASS_MAX] = {
@ -133,7 +127,6 @@ static const struct {
                .scope_env = "SYSEXT_SCOPE",
                .name_env = "SYSTEMD_SYSEXT_HIERARCHIES",
                .mode_env = "SYSTEMD_SYSEXT_MUTABLE_MODE",
                .opts_env = "SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS",
                .default_image_policy = &image_policy_sysext,
                .default_mount_flags = MS_RDONLY|MS_NODEV,
        },
@ -147,7 +140,6 @@ static const struct {
                .scope_env = "CONFEXT_SCOPE",
                .name_env = "SYSTEMD_CONFEXT_HIERARCHIES",
                .mode_env = "SYSTEMD_CONFEXT_MUTABLE_MODE",
                .opts_env = "SYSTEMD_CONFEXT_OVERLAYFS_MOUNT_OPTIONS",
                .default_image_policy = &image_policy_confext,
                .default_mount_flags = MS_RDONLY|MS_NODEV|MS_NOSUID|MS_NOEXEC,
        }
@ -741,8 +733,7 @@ static int mount_overlayfs(
                const char *where,
                char **layers,
                const char *upper_dir,
-                const char *work_dir,
+                const char *work_dir) {
                const char *mount_options) {
        _cleanup_free_ char *options = NULL;
        bool separator = false;
@ -778,15 +769,12 @@ static int mount_overlayfs(
                r = append_overlayfs_path_option(&options, ",", "workdir", work_dir);
                if (r < 0)
                        return r;
-
+                /* redirect_dir=on and noatime prevent unnecessary upcopies, metacopy=off prevents broken
-                if (!mount_options)
+                 * files from partial upcopies after umount, index=off allows reuse of the upper/work dirs */
-                        mount_options = MUTABLE_EXTENSIONS_MOUNT_OPTIONS;
+                if (!strextend(&options, ",redirect_dir=on,noatime,metacopy=off,index=off"))
                        return log_oom();
        }
        if (!isempty(mount_options) && !strextend(&options, ",", mount_options))
                return log_oom();
        /* Now mount the actual overlayfs */
        r = mount_nofollow_verbose(LOG_ERR, image_class_info[image_class].short_identifier, where, "overlay", flags, options);
        if (r < 0)
@ -1351,8 +1339,7 @@ static int mount_overlayfs_with_op(
                ImageClass image_class,
                int noexec,
                const char *overlay_path,
-                const char *meta_path,
+                const char *meta_path) {
                const char *mount_options) {
        int r;
        const char *top_layer = NULL;
@ -1402,7 +1389,7 @@ static int mount_overlayfs_with_op(
        if (chmod(top_layer, op->hierarchy_mode) < 0)
                return log_error_errno(errno, "Failed to set permissions of '%s' to %04o: %m", top_layer, op->hierarchy_mode);
-        r = mount_overlayfs(image_class, noexec, overlay_path, op->lower_dirs, op->upper_dir, op->work_dir, mount_options);
+        r = mount_overlayfs(image_class, noexec, overlay_path, op->lower_dirs, op->upper_dir, op->work_dir);
        if (r < 0)
                return r;
@ -1677,7 +1664,7 @@ static int merge_hierarchy(
        if (r < 0)
                return r;
-        r = mount_overlayfs_with_op(op, image_class, noexec, overlay_path, meta_path, arg_overlayfs_mount_options);
+        r = mount_overlayfs_with_op(op, image_class, noexec, overlay_path, meta_path);
        if (r < 0)
                return r;
@ -2619,34 +2606,6 @@ static int parse_argv(int argc, char *argv[]) {
        return 1;
 }
 static int parse_env(void) {
        const char *env_var;
        int r;
        env_var = secure_getenv(image_class_info[arg_image_class].mode_env);
        if (env_var) {
                r = parse_mutable_mode(env_var);
                if (r < 0)
                        log_warning("Failed to parse %s environment variable value '%s'. Ignoring.",
                                    image_class_info[arg_image_class].mode_env, env_var);
                else
                        arg_mutable = r;
        }
        env_var = secure_getenv(image_class_info[arg_image_class].opts_env);
        if (env_var)
                arg_overlayfs_mount_options = env_var;
        /* For debugging purposes it might make sense to do this for other hierarchies than /usr/ and
         * /opt/, but let's make that a hacker/debugging feature, i.e. env var instead of cmdline
         * switch. */
        r = parse_env_extension_hierarchies(&arg_hierarchies, image_class_info[arg_image_class].name_env);
        if (r < 0)
                return log_error_errno(r, "Failed to parse %s environment variable: %m", image_class_info[arg_image_class].name_env);
        return 0;
 }
 static int sysext_main(int argc, char *argv[]) {
        static const Verb verbs[] = {
@ -2663,16 +2622,23 @@ static int sysext_main(int argc, char *argv[]) {
 }
 static int run(int argc, char *argv[]) {
        const char *env_var;
        int r;
        log_setup();
        arg_image_class = invoked_as(argv, "systemd-confext") ? IMAGE_CONFEXT : IMAGE_SYSEXT;
-        /* Parse environment variables first */
+        /* Parse environment variable first */
-        r = parse_env();
+        env_var = getenv(image_class_info[arg_image_class].mode_env);
-        if (r < 0)
+        if (env_var) {
-                return r;
+                r = parse_mutable_mode(env_var);
                if (r < 0)
                        log_warning("Failed to parse %s environment variable value '%s'. Ignoring.",
                                    image_class_info[arg_image_class].mode_env, env_var);
                else
                        arg_mutable = r;
        }
        /* Parse configuration file */
        r = parse_config_file(arg_image_class);
@ -2684,6 +2650,13 @@ static int run(int argc, char *argv[]) {
        if (r <= 0)
                return r;
        /* For debugging purposes it might make sense to do this for other hierarchies than /usr/ and
         * /opt/, but let's make that a hacker/debugging feature, i.e. env var instead of cmdline
         * switch. */
        r = parse_env_extension_hierarchies(&arg_hierarchies, image_class_info[arg_image_class].name_env);
        if (r < 0)
                return log_error_errno(r, "Failed to parse environment variable: %m");
        if (arg_varlink) {
                _cleanup_(sd_varlink_server_unrefp) sd_varlink_server *varlink_server = NULL;
--- a/test/units/TEST-50-DISSECT.sysext.sh
+++ b/test/units/TEST-50-DISSECT.sysext.sh
@ -287,18 +287,6 @@ extension_verify_after_unmerge() (
    extension_verify "$root" "$hierarchy" "after unmerge" "$@"
 )
 extension_verify_mount_option() (
    local target=${1:?}
    local option=${2:?}
    grep "^sysext" /proc/mounts | while read -r _ tgt _ opts _ _; do
        if [[ "$target" == "$tgt" && ! "$opts" =~ .*"$option".* ]]; then
            echo >&2 "Mount options ($opts) do not include expected option ($option)"
            exit 1
        fi
    done
 )
 run_systemd_sysext() {
    local root=${1:-}
    shift
@ -343,26 +331,6 @@ extension_verify_after_unmerge "$fake_root" "$hierarchy" -h
 )
 ( init_trap
 : "No extension data in /var/lib/extensions.mutable/…, R/O hierarchy, mutability disabled by default, read-only merged, default, mount options"
 fake_root=${roots_dir:+"$roots_dir/simple-read-only-with-read-only-hierarchy-options"}
 hierarchy=/opt
 prepare_root "$fake_root" "$hierarchy"
 prepare_extension_image "$fake_root" "$hierarchy"
 prepare_read_only_hierarchy "$fake_root" "$hierarchy"
 SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS="metacopy=off,noatime"\
 run_systemd_sysext "$fake_root" merge
 extension_verify_mount_option "$hierarchy" metacopy=off \
 || (! extension_verify_mount_option "$hierarchy" metacopy=on)
 extension_verify_mount_option "$hierarchy" noatime
 run_systemd_sysext "$fake_root" unmerge
 )
 ( init_trap
 : "No extension data in /var/lib/extensions.mutable/…, mutable hierarchy, mutability disabled by default, read-only merged"
 fake_root=${roots_dir:+"$roots_dir/simple-read-only-with-mutable-hierarchy"}
@ -469,40 +437,6 @@ test ! -f "$fake_root$hierarchy/now-is-mutable"
 )
 ( init_trap
 : "Extension data in /var/lib/extensions.mutable/…, R/O hierarchy, auto-mutability, mutable merged, mount options"
 fake_root=${roots_dir:+"$roots_dir/simple-mutable-with-read-only-hierarchy-options"}
 hierarchy=/opt
 extension_data_dir="$fake_root/var/lib/extensions.mutable$hierarchy"
 [[ "$FSTYPE" == "fuseblk" ]] && exit 0
 prepare_root "$fake_root" "$hierarchy"
 prepare_extension_image "$fake_root" "$hierarchy"
 prepare_extension_mutable_dir "$extension_data_dir"
 prepare_read_only_hierarchy "$fake_root" "$hierarchy"
 run_systemd_sysext "$fake_root" --mutable=auto merge
 extension_verify_mount_option "$fake_root$hierarchy" index=off \
 || (! extension_verify_mount_option "$fake_root$hierarchy" index=on)
 extension_verify_mount_option "$fake_root$hierarchy" metacopy=off \
 || (! extension_verify_mount_option "$fake_root$hierarchy" metacopy=on)
 extension_verify_mount_option "$fake_root$hierarchy" noatime
 (! extension_verify_mount_option "$fake_root$hierarchy" redirect_dir=off)
 SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS="relatime,metacopy=on"\
 run_systemd_sysext "$fake_root" --mutable=auto refresh
 (! extension_verify_mount_option "$fake_root$hierarchy" metacopy=off) \
 || extension_verify_mount_option "$fake_root$hierarchy" metacopy=on
 (! extension_verify_mount_option "$fake_root$hierarchy" noatime)
 extension_verify_mount_option "$fake_root$hierarchy" relatime
 run_systemd_sysext "$fake_root" unmerge
 )
 ( init_trap
 : "Extension data in /var/lib/extensions.mutable/…, missing hierarchy, auto-mutability, mutable merged"
 fake_root=${roots_dir:+"$roots_dir/simple-mutable-with-missing-hierarchy"}