2025-10-03 18:54:45 +02:00
10 changed files with 66 additions and 93 deletions
--- a/hwdb.d/60-evdev.hwdb
+++ b/hwdb.d/60-evdev.hwdb
@ -265,10 +265,10 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE725

 # Dell Latitude E7470
 evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE7470:*
- EVDEV_ABS_00=29:2930:30:16
- EVDEV_ABS_01=26:1533:29:16
- EVDEV_ABS_35=29:2930:30:16
- EVDEV_ABS_36=26:1533:29:16
+ EVDEV_ABS_00=29:2930:30
+ EVDEV_ABS_01=26:1533:29
+ EVDEV_ABS_35=29:2930:30
+ EVDEV_ABS_36=26:1533:29

 # Dell Precision 5510
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnPrecision5510:*
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@ -801,59 +801,46 @@
      <varlistentry>
        <term><option>--network-interface=</option></term>

-        <listitem><para>Assign the specified network interface to the container. This will remove the
-        specified interface from the calling namespace and place it in the container. When the container
-        terminates, it is moved back to the calling namespace.  Note that
-        <option>--network-interface=</option> implies <option>--private-network</option>. This option may be
-        used more than once to add multiple network interfaces to the container.</para>
-
-        <para>Note that any network interface specified this way must already exist at the time the container
-        is started. If the container shall be started automatically at boot via a
-        <filename>systemd-nspawn@.service</filename> unit file instance, it might hence make sense to add a
-        unit file drop-in to the service instance
-        (e.g. <filename>/etc/systemd/system/systemd-nspawn@foobar.service.d/50-network.conf</filename>) with
-        contents like the following:</para>
-
-        <programlisting>[Unit]
-Wants=sys-subsystem-net-devices-ens1.device
-After=sys-subsystem-net-devices-ens1.device</programlisting>
-
-        <para>This will make sure that activation of the container service will be delayed until the
-        <literal>ens1</literal> network interface has shown up. This is required since hardware probing is
-        fully asynchronous, and network interfaces might be discovered only later during the boot process,
-        after the container would normally be started without these explicit dependencies.</para>
-        </listitem>
+        <listitem><para>Assign the specified network interface to the
+        container. This will remove the specified interface from the
+        calling namespace and place it in the container. When the
+        container terminates, it is moved back to the host namespace.
+        Note that <option>--network-interface=</option> implies
+        <option>--private-network</option>. This option may be used
+        more than once to add multiple network interfaces to the
+        container.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--network-macvlan=</option></term>

-        <listitem><para>Create a <literal>macvlan</literal> interface of the specified Ethernet network
-        interface and add it to the container. A <literal>macvlan</literal> interface is a virtual interface
-        that adds a second MAC address to an existing physical Ethernet link. The interface in the container
-        will be named after the interface on the host, prefixed with <literal>mv-</literal>. Note that
-        <option>--network-macvlan=</option> implies <option>--private-network</option>. This option may be
-        used more than once to add multiple network interfaces to the container.</para>
-
-        <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must
-        already exist at the time the container is started, and thus similar unit file drop-ins as described
-        above might be useful.</para></listitem>
+        <listitem><para>Create a <literal>macvlan</literal> interface
+        of the specified Ethernet network interface and add it to the
+        container. A <literal>macvlan</literal> interface is a virtual
+        interface that adds a second MAC address to an existing
+        physical Ethernet link. The interface in the container will be
+        named after the interface on the host, prefixed with
+        <literal>mv-</literal>. Note that
+        <option>--network-macvlan=</option> implies
+        <option>--private-network</option>. This option may be used
+        more than once to add multiple network interfaces to the
+        container.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--network-ipvlan=</option></term>

-        <listitem><para>Create an <literal>ipvlan</literal> interface of the specified Ethernet network
-        interface and add it to the container. An <literal>ipvlan</literal> interface is a virtual interface,
-        similar to a <literal>macvlan</literal> interface, which uses the same MAC address as the underlying
-        interface.  The interface in the container will be named after the interface on the host, prefixed
-        with <literal>iv-</literal>.  Note that <option>--network-ipvlan=</option> implies
-        <option>--private-network</option>. This option may be used more than once to add multiple network
-        interfaces to the container.</para>
-
-        <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must
-        already exist at the time the container is started, and thus similar unit file drop-ins as described
-        above might be useful.</para></listitem>
+        <listitem><para>Create an <literal>ipvlan</literal> interface
+        of the specified Ethernet network interface and add it to the
+        container. An <literal>ipvlan</literal> interface is a virtual
+        interface, similar to a <literal>macvlan</literal> interface,
+        which uses the same MAC address as the underlying interface.
+        The interface in the container will be named after the
+        interface on the host, prefixed with <literal>iv-</literal>.
+        Note that <option>--network-ipvlan=</option> implies
+        <option>--private-network</option>. This option may be used
+        more than once to add multiple network interfaces to the
+        container.</para></listitem>
      </varlistentry>

      <varlistentry>
@ -920,11 +907,7 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
        this option is used, the host side of the Ethernet link will use the <literal>vb-</literal> prefix
        instead of <literal>ve-</literal>. Regardless of the used naming prefix the same network interface
        name length limits imposed by Linux apply, along with the complications this creates (for details see
-        above).</para>
-
-        <para>As with <option>--network-interface=</option>, the underlying bridge network interface must
-        already exist at the time the container is started, and thus similar unit file drop-ins as described
-        above might be useful.</para></listitem>
+        above).</para></listitem>
      </varlistentry>

      <varlistentry>
--- a/src/basic/copy.c
+++ b/src/basic/copy.c
@ -1147,24 +1147,24 @@ int copy_file_atomic_full(
         * writing it. */

        if (copy_flags & COPY_REPLACE) {
-                _cleanup_free_ char *f = NULL;
-
-                r = tempfn_random(to, NULL, &f);
+                r = tempfn_random(to, NULL, &t);
                if (r < 0)
                        return r;

                if (copy_flags & COPY_MAC_CREATE) {
                        r = mac_selinux_create_file_prepare(to, S_IFREG);
-                        if (r < 0)
+                        if (r < 0) {
+                                t = mfree(t);
                                return r;
+                        }
                }
-                fdt = open(f, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|O_WRONLY|O_CLOEXEC, 0600);
+                fdt = open(t, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|O_WRONLY|O_CLOEXEC, 0600);
                if (copy_flags & COPY_MAC_CREATE)
                        mac_selinux_create_file_clear();
-                if (fdt < 0)
+                if (fdt < 0) {
+                        t = mfree(t);
                        return -errno;
-
-                t = TAKE_PTR(f);
+                }
        } else {
                if (copy_flags & COPY_MAC_CREATE) {
                        r = mac_selinux_create_file_prepare(to, S_IFREG);
@ -1232,8 +1232,6 @@ int copy_access(int fdf, int fdt) {
        assert(fdf >= 0);
        assert(fdt >= 0);

-        /* Copies just the access mode (and not the ownership) from fdf to fdt */
-
        if (fstat(fdf, &st) < 0)
                return -errno;

@ -1243,20 +1241,6 @@ int copy_access(int fdf, int fdt) {
        return 0;
 }

-int copy_rights(int fdf, int fdt) {
-        struct stat st;
-
-        assert(fdf >= 0);
-        assert(fdt >= 0);
-
-        /* Copies both access mode and ownership from fdf to fdt */
-
-        if (fstat(fdf, &st) < 0)
-                return -errno;
-
-        return fchmod_and_chown(fdt, st.st_mode & 07777, st.st_uid, st.st_gid);
-}
-
 int copy_xattr(int fdf, int fdt) {
        _cleanup_free_ char *names = NULL;
        int ret = 0, r;
--- a/src/basic/copy.h
+++ b/src/basic/copy.h
@ -64,5 +64,4 @@ static inline int copy_bytes(int fdf, int fdt, uint64_t max_bytes, CopyFlags cop

 int copy_times(int fdf, int fdt, CopyFlags flags);
 int copy_access(int fdf, int fdt);
-int copy_rights(int fdf, int fdt);
 int copy_xattr(int fdf, int fdt);
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@ -548,9 +548,7 @@ int read_full_stream_full(
                }

                buf = t;
-                /* Unless a size has been explicitly specified, try to read as much as fits into the memory
-                 * we allocated (minus 1, to leave one byte for the safety NUL byte) */
-                n = size == SIZE_MAX ? malloc_usable_size(buf) - 1 : n_next;
+                n = n_next;

                errno = 0;
                k = fread(buf + l, 1, n - l, f);
@ -1327,6 +1325,15 @@ int warn_file_is_world_accessible(const char *filename, struct stat *st, const c
        return 0;
 }

+int sync_rights(int from, int to) {
+        struct stat st;
+
+        if (fstat(from, &st) < 0)
+                return -errno;
+
+        return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid);
+}
+
 int rename_and_apply_smack_floor_label(const char *from, const char *to) {
        int r = 0;
        if (rename(from, to) < 0)
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@ -118,4 +118,6 @@ int safe_fgetc(FILE *f, char *ret);

 int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line);

+int sync_rights(int from, int to);
+
 int rename_and_apply_smack_floor_label(const char *temp_path, const char *dest_path);
--- a/src/basic/rm-rf.h
+++ b/src/basic/rm-rf.h
@ -24,7 +24,7 @@ static inline char *rm_rf_physical_and_free(char *p) {
        if (!p)
                return NULL;

-        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK|REMOVE_CHMOD);
+        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL);
        free(p);
        return NULL;
 }
@ -37,7 +37,7 @@ static inline char *rm_rf_subvolume_and_free(char *p) {
        if (!p)
                return NULL;

-        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME|REMOVE_MISSING_OK|REMOVE_CHMOD);
+        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
        free(p);
        return NULL;
 }
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@ -675,7 +675,7 @@ static int write_root_passwd(const char *passwd_path, const char *password, cons
        if (original) {
                struct passwd *i;

-                r = copy_rights(fileno(original), fileno(passwd));
+                r = sync_rights(fileno(original), fileno(passwd));
                if (r < 0)
                        return r;

@ -743,7 +743,7 @@ static int write_root_shadow(const char *shadow_path, const char *hashed_passwor
        if (original) {
                struct spwd *i;

-                r = copy_rights(fileno(original), fileno(shadow));
+                r = sync_rights(fileno(original), fileno(shadow));
                if (r < 0)
                        return r;

--- a/src/run/run.c
+++ b/src/run/run.c
@ -956,12 +956,10 @@ static int make_unit_name(sd_bus *bus, UnitType t, char **ret) {
                return 0;
        }

-        /* We managed to get the unique name, then let's use that to name our transient units. */
+        /* We managed to get the unique name, then let's use that to
+         * name our transient units. */

-        id = startswith(unique, ":1."); /* let' strip the usual prefix */
-        if (!id)
-                id = startswith(unique, ":"); /* the spec only requires things to start with a colon, hence
-                                               * let's add a generic fallback for that. */
+        id = startswith(unique, ":");
        if (!id)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Unique name %s has unexpected format.",
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@ -393,7 +393,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char
        original = fopen(passwd_path, "re");
        if (original) {

-                r = copy_rights(fileno(original), fileno(passwd));
+                r = sync_rights(fileno(original), fileno(passwd));
                if (r < 0)
                        return r;

@ -494,7 +494,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
        original = fopen(shadow_path, "re");
        if (original) {

-                r = copy_rights(fileno(original), fileno(shadow));
+                r = sync_rights(fileno(original), fileno(shadow));
                if (r < 0)
                        return r;

@ -590,7 +590,7 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char **
        original = fopen(group_path, "re");
        if (original) {

-                r = copy_rights(fileno(original), fileno(group));
+                r = sync_rights(fileno(original), fileno(group));
                if (r < 0)
                        return r;

@ -688,7 +688,7 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
        if (original) {
                struct sgrp *sg;

-                r = copy_rights(fileno(original), fileno(gshadow));
+                r = sync_rights(fileno(original), fileno(gshadow));
                if (r < 0)
                        return r;