Merge 18c36b1e24 into 69af4849aa

Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Martin Srebotnjak <miles@filmsi.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/sl/
Translation: systemd/main

po/fi.po

@@ -3,12 +3,13 @@
 # Finnish translation of systemd.
 # Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
 # Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
+# Jiri Grönroos <jiri.gronroos@iki.fi>, 2024.
 msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-09-12 13:43+0000\n"
+"PO-Revision-Date: 2024-11-20 19:13+0000\n"
-"Last-Translator: Ricky Tigg <ricky.tigg@gmail.com>\n"
+"Last-Translator: Jiri Grönroos <jiri.gronroos@iki.fi>\n"
 "Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
 "main/fi/>\n"
 "Language: fi\n"
@@ -16,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 5.7.2\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -112,14 +113,12 @@ msgid "Authentication is required to update a user's home area."
 msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
 msgstr "Päivitä kotialue"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
-msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
+msgstr "Todennus vaaditaan kotialueen päivittämiseksi."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1174,14 +1173,11 @@ msgstr "Todennus vaaditaan vanhojen järjestelmäpäivitysten puhdistamiseen."
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "Hallitse valinnaisia ominaisuuksia"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
-msgstr ""
+msgstr "Todennus vaaditaan valinnaisten ominaisuuksien hallintaan"
-"Todennus vaaditaan aktiivisten istuntojen, käyttäjien ja paikkojen "
-"hallintaan."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

po/fr.po

@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-11-07 09:30+0000\n"
+"PO-Revision-Date: 2024-11-20 19:13+0000\n"
 "Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
 "Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
 "main/fr/>\n"
@@ -360,8 +360,8 @@ msgid ""
 "Authentication is required to set the statically configured local hostname, "
 "as well as the pretty hostname."
 msgstr ""
-"Une authentification est requise pour définir le nom d'hôte local de manière "
+"Une authentification est requise pour définir le nom d'hôte local configuré "
-"statique, ainsi que le nom d'hôte familier."
+"de manière statique, ainsi que le nom d'hôte convivial."
 
 #: src/hostname/org.freedesktop.hostname1.policy:41
 msgid "Set machine information"

po/sl.po

@@ -7,7 +7,7 @@ msgstr ""
 "Project-Id-Version: systemd\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-08-26 19:38+0000\n"
+"PO-Revision-Date: 2024-11-20 19:13+0000\n"
 "Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
 "Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
 "systemd/main/sl/>\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
 "n%100==4 ? 2 : 3;\n"
-"X-Generator: Weblate 5.7\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -125,16 +125,13 @@ msgstr ""
 "območja."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
 msgstr "Posodobite domače območje"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
 msgstr ""
-"Preverjanje pristnosti je potrebno za posodobitev uporabnikovega domačega "
+"Preverjanje pristnosti je potrebno za posodobitev vašega domačega območja."
-"območja."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1234,14 +1231,12 @@ msgstr ""
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "Upravljaj dodatne funkcionalnosti"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
 msgstr ""
-"Preverjanje pristnosti je potrebno za upravljanje aktivnih sej, uporabnikov "
+"Preverjanje pristnosti je potrebno za upravljanje dodatnih funkcionalnosti."
-"in delovišč."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

po/uk.po

@@ -4,12 +4,13 @@
 # Eugene Melnik <jeka7js@gmail.com>, 2014.
 # Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
 # Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
+# Dmytro Markevych <hotr1pak@gmail.com>, 2024.
 msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-08-24 10:36+0000\n"
+"PO-Revision-Date: 2024-11-20 19:13+0000\n"
-"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
+"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n"
 "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
 "systemd/main/uk/>\n"
 "Language: uk\n"
@@ -18,7 +19,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
 "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 5.7\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -118,14 +119,12 @@ msgid "Authentication is required to update a user's home area."
 msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "Оновлення домашньої теки"
+msgstr "Оновіть свій домашній простір"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
-msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
+msgstr "Для оновлення домашньої області потрібна автентифікація."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1212,14 +1211,11 @@ msgstr "Для вилучення застарілих оновлень сист
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "Керування додатковими функціями"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
-msgstr ""
+msgstr "Для керування додатковими функціями потрібна автентифікація"
-"Для того, щоб керувати сеансами, користувачами і робочими місцями, слід "
-"пройти розпізнавання."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

src/basic/cgroup-util.c

@@ -28,6 +28,7 @@
 #include "mkdir.h"
 #include "parse-util.h"
 #include "path-util.h"
+#include "pidfd-util.h"
 #include "process-util.h"
 #include "set.h"
 #include "special.h"
@@ -72,6 +73,28 @@ int cg_cgroupid_open(int cgroupfs_fd, uint64_t id) {
         return fd;
 }
 
+int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret) {
+        _cleanup_close_ int cgfd = -EBADF;
+        int r;
+
+        cgfd = cg_cgroupid_open(cgroupfs_fd, id);
+        if (cgfd < 0)
+                return cgfd;
+
+        _cleanup_free_ char *path = NULL;
+
+        r = fd_get_path(cgfd, &path);
+        if (r < 0)
+                return r;
+
+        if (isempty(path_startswith(path, "/sys/fs/cgroup/")))
+                return -EINVAL;
+
+        if (ret)
+                *ret = TAKE_PTR(path);
+        return 0;
+}
+
 static int cg_enumerate_items(const char *controller, const char *path, FILE **ret, const char *item) {
         _cleanup_free_ char *fs = NULL;
         FILE *f;
@@ -803,6 +826,10 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
                 if (!path)
                         return -ENOMEM;
 
+                /* Refuse cgroup paths from outside our cgroup namespace */
+                if (startswith(path, "/../"))
+                        return -EUNATCH;
+
                 /* Truncate suffix indicating the process is a zombie */
                 e = endswith(path, " (deleted)");
                 if (e)
@@ -822,6 +849,16 @@ int cg_pidref_get_path(const char *controller, const PidRef *pidref, char **ret_
         if (!pidref_is_set(pidref))
                 return -ESRCH;
 
+        if (pidref->fd >= 0) {
+                uint64_t cgroup_id;
+
+                r = pidfd_get_cgroupid(pidref->fd, &cgroup_id);
+                if (r >= 0)
+                        return cg_path_from_cgroupid(/* cgroupfs_fd = */ -EBADF, cgroup_id, ret_path);
+                if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
+                        return r;
+        }
+
         r = cg_pid_get_path(controller, pidref->pid, &path);
         if (r < 0)
                 return r;

src/basic/cgroup-util.h

@@ -183,6 +183,8 @@ typedef enum CGroupUnified {
 int cg_path_open(const char *controller, const char *path);
 int cg_cgroupid_open(int fsfd, uint64_t id);
 
+int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret);
+
 typedef enum CGroupFlags {
         CGROUP_SIGCONT            = 1 << 0,
         CGROUP_IGNORE_SELF        = 1 << 1,

src/basic/meson.build

@@ -72,6 +72,7 @@ basic_sources = files(
         'parse-util.c',
         'path-util.c',
         'percent-util.c',
+        'pidfd-util.c',
         'pidref.c',
         'prioq.c',
         'proc-cmdline.c',

src/basic/missing_pidfd.h

@@ -0,0 +1,43 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <linux/types.h>
+
+#define PIDFS_IOCTL_MAGIC 0xFF
+
+#ifndef PIDFD_GET_CGROUP_NAMESPACE
+#  define PIDFD_GET_CGROUP_NAMESPACE              _IO(PIDFS_IOCTL_MAGIC, 1)
+#  define PIDFD_GET_IPC_NAMESPACE                 _IO(PIDFS_IOCTL_MAGIC, 2)
+#  define PIDFD_GET_MNT_NAMESPACE                 _IO(PIDFS_IOCTL_MAGIC, 3)
+#  define PIDFD_GET_NET_NAMESPACE                 _IO(PIDFS_IOCTL_MAGIC, 4)
+#  define PIDFD_GET_PID_NAMESPACE                 _IO(PIDFS_IOCTL_MAGIC, 5)
+#  define PIDFD_GET_PID_FOR_CHILDREN_NAMESPACE    _IO(PIDFS_IOCTL_MAGIC, 6)
+#  define PIDFD_GET_TIME_NAMESPACE                _IO(PIDFS_IOCTL_MAGIC, 7)
+#  define PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE   _IO(PIDFS_IOCTL_MAGIC, 8)
+#  define PIDFD_GET_USER_NAMESPACE                _IO(PIDFS_IOCTL_MAGIC, 9)
+#  define PIDFD_GET_UTS_NAMESPACE                 _IO(PIDFS_IOCTL_MAGIC, 10)
+#endif
+
+#ifndef PIDFD_GET_INFO
+struct pidfd_info {
+        __u64 mask;
+        __u64 cgroupid;
+        __u32 pid;
+        __u32 tgid;
+        __u32 ppid;
+        __u32 ruid;
+        __u32 rgid;
+        __u32 euid;
+        __u32 egid;
+        __u32 suid;
+        __u32 sgid;
+        __u32 fsuid;
+        __u32 fsgid;
+        __u32 spare0[1];
+};
+
+#define PIDFD_GET_INFO          _IOWR(PIDFS_IOCTL_MAGIC, 11, struct pidfd_info)
+#define PIDFD_INFO_PID          (1UL << 0)
+#define PIDFD_INFO_CREDS        (1UL << 1)
+#define PIDFD_INFO_CGROUPID     (1UL << 2)
+#endif

src/basic/pidfd-util.c

@@ -0,0 +1,161 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <sys/ioctl.h>
+#include <unistd.h>
+
+#include "errno-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "macro.h"
+#include "memory-util.h"
+#include "missing_magic.h"
+#include "missing_pidfd.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "pidfd-util.h"
+#include "stat-util.h"
+#include "string-util.h"
+
+static bool pidfd_get_info_supported = true;
+
+static bool ERRNO_IS_NEG_PIDFD_IOCTL_NOT_SUPPORTED(intmax_t r) {
+        return IN_SET(r, -ENOTTY, -EINVAL);
+}
+_DEFINE_ABS_WRAPPER(PIDFD_IOCTL_NOT_SUPPORTED);
+
+static int pidfd_get_pid_fdinfo(int fd, pid_t *ret) {
+        char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
+        _cleanup_free_ char *fdinfo = NULL;
+        int r;
+
+        assert(fd >= 0);
+
+        xsprintf(path, "/proc/self/fdinfo/%i", fd);
+
+        r = read_full_virtual_file(path, &fdinfo, NULL);
+        if (r == -ENOENT)
+                return proc_fd_enoent_errno();
+        if (r < 0)
+                return r;
+
+        char *p = find_line_startswith(fdinfo, "Pid:");
+        if (!p)
+                return -ENOTTY; /* not a pidfd? */
+
+        p = skip_leading_chars(p, /* bad = */ NULL);
+        p[strcspn(p, WHITESPACE)] = 0;
+
+        if (streq(p, "0"))
+                return -EREMOTE; /* PID is in foreign PID namespace? */
+        if (streq(p, "-1"))
+                return -ESRCH;   /* refers to reaped process? */
+
+        return parse_pid(p, ret);
+}
+
+static int pidfd_get_pid_ioctl(int fd, pid_t *ret) {
+        struct pidfd_info info = { .mask = PIDFD_INFO_PID };
+
+        assert(fd >= 0);
+
+        if (ioctl(fd, PIDFD_GET_INFO, &info) < 0)
+                return -errno;
+
+        assert(FLAGS_SET(info.mask, PIDFD_INFO_PID));
+
+        if (ret)
+                *ret = info.pid;
+        return 0;
+}
+
+int pidfd_get_pid(int fd, pid_t *ret) {
+        int r;
+
+        /* Converts a pidfd into a pid. We try ioctl(PIDFD_GET_INFO) (kernel 6.13+) first,
+         * /proc/self/fdinfo/ as fallback. Well known errors:
+         *
+         *    -EBADF   → fd invalid
+         *    -ESRCH   → fd valid, but process is already reaped
+         *
+         * pidfd_get_pid_fdinfo() might additionally fail for other reasons:
+         *
+         *    -ENOSYS  → /proc/ not mounted
+         *    -ENOTTY  → fd valid, but not a pidfd
+         *    -EREMOTE → fd valid, but pid is in another namespace we cannot translate to the local one
+         */
+
+        assert(fd >= 0);
+
+        if (pidfd_get_info_supported) {
+                r = pidfd_get_pid_ioctl(fd, ret);
+                if (!ERRNO_IS_NEG_PIDFD_IOCTL_NOT_SUPPORTED(r))
+                        return r;
+
+                pidfd_get_info_supported = false;
+        }
+
+        return pidfd_get_pid_fdinfo(fd, ret);
+}
+
+int pidfd_verify_pid(int pidfd, pid_t pid) {
+        pid_t current_pid;
+        int r;
+
+        assert(pidfd >= 0);
+        assert(pid > 0);
+
+        r = pidfd_get_pid(pidfd, &current_pid);
+        if (r < 0)
+                return r;
+
+        return current_pid != pid ? -ESRCH : 0;
+}
+
+int pidfd_get_cgroupid(int fd, uint64_t *ret) {
+        struct pidfd_info info = { .mask = PIDFD_INFO_CGROUP };
+
+        assert(fd >= 0);
+
+        if (!pidfd_get_info_supported)
+                return -EOPNOTSUPP;
+
+        if (ioctl(fd, PIDFD_GET_INFO, &info) < 0) {
+                if (ERRNO_IS_PIDFD_IOCTL_NOT_SUPPORTED(errno)) {
+                        pidfd_get_info_supported = false;
+                        return -EOPNOTSUPP;
+                }
+
+                return -errno;
+        }
+
+        if (!FLAGS_SET(info.mask, PIDFD_INFO_CGROUP))
+                return -ENODATA;
+
+        if (ret)
+                *ret = info.cgroupid;
+        return 0;
+}
+
+int pidfd_get_inode_id(int fd, uint64_t *ret) {
+        static int cached_supported = -1;
+        int r;
+
+        assert(fd >= 0);
+
+        if (cached_supported < 0) {
+                cached_supported = fd_is_fs_type(fd, PID_FS_MAGIC);
+                if (cached_supported < 0)
+                        return cached_supported;
+        }
+        if (cached_supported == 0)
+                return -EOPNOTSUPP;
+
+        struct stat st;
+
+        if (fstat(fd, &st) < 0)
+                return -errno;
+
+        if (ret)
+                *ret = (uint64_t) st.st_ino;
+        return 0;
+}

src/basic/pidfd-util.h

@@ -0,0 +1,15 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <stdint.h>
+#if HAVE_PIDFD_OPEN
+#include <sys/pidfd.h>
+#endif
+#include <sys/types.h>
+
+int pidfd_get_pid(int fd, pid_t *ret);
+int pidfd_verify_pid(int pidfd, pid_t pid);
+
+int pidfd_get_cgroupid(int fd, uint64_t *ret);
+
+int pidfd_get_inode_id(int fd, uint64_t *ret);

src/basic/pidref.c

@@ -1,36 +1,14 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
-#if HAVE_PIDFD_OPEN
-#include <sys/pidfd.h>
-#endif
-
 #include "errno-util.h"
 #include "fd-util.h"
-#include "missing_magic.h"
 #include "missing_syscall.h"
 #include "missing_wait.h"
 #include "parse-util.h"
+#include "pidfd-util.h"
 #include "pidref.h"
 #include "process-util.h"
 #include "signal-util.h"
-#include "stat-util.h"
-
-static int pidfd_inode_ids_supported(void) {
-        static int cached = -1;
-
-        if (cached >= 0)
-                return cached;
-
-        _cleanup_close_ int fd = pidfd_open(getpid_cached(), 0);
-        if (fd < 0) {
-                if (ERRNO_IS_NOT_SUPPORTED(errno))
-                        return (cached = false);
-
-                return -errno;
-        }
-
-        return (cached = fd_is_fs_type(fd, PID_FS_MAGIC));
-}
 
 int pidref_acquire_pidfd_id(PidRef *pidref) {
         int r;
@@ -49,19 +27,14 @@ int pidref_acquire_pidfd_id(PidRef *pidref) {
         if (pidref->fd_id > 0)
                 return 0;
 
-        r = pidfd_inode_ids_supported();
+        r = pidfd_get_inode_id(pidref->fd, &pidref->fd_id);
-        if (r < 0)
+        if (r < 0) {
+                if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
+                        log_debug_errno(r, "Failed to get inode number of pidfd for pid " PID_FMT ": %m",
+                                        pidref->pid);
                 return r;
-        if (r == 0)
+        }
-                return -EOPNOTSUPP;
 
-        struct stat st;
-
-        if (fstat(pidref->fd, &st) < 0)
-                return log_debug_errno(errno, "Failed to get inode number of pidfd for pid " PID_FMT ": %m",
-                                       pidref->pid);
-
-        pidref->fd_id = (uint64_t) st.st_ino;
         return 0;
 }
 

src/basic/process-util.c

@@ -102,8 +102,8 @@ int pid_get_comm(pid_t pid, char **ret) {
         _cleanup_free_ char *escaped = NULL, *comm = NULL;
         int r;
 
-        assert(ret);
         assert(pid >= 0);
+        assert(ret);
 
         if (pid == 0 || pid == getpid_cached()) {
                 comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
@@ -143,6 +143,9 @@ int pidref_get_comm(const PidRef *pid, char **ret) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_comm(pid->pid, &comm);
         if (r < 0)
                 return r;
@@ -289,6 +292,9 @@ int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlag
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
         if (r < 0)
                 return r;
@@ -331,6 +337,9 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char *
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_cmdline_strv(pid->pid, flags, &args);
         if (r < 0)
                 return r;
@@ -477,6 +486,9 @@ int pidref_is_kernel_thread(const PidRef *pid) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         result = pid_is_kernel_thread(pid->pid);
         if (result < 0)
                 return result;
@@ -594,6 +606,9 @@ int pidref_get_uid(const PidRef *pid, uid_t *ret) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_uid(pid->pid, &uid);
         if (r < 0)
                 return r;
@@ -794,6 +809,9 @@ int pidref_get_start_time(const PidRef *pid, usec_t *ret) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         r = pid_get_start_time(pid->pid, ret ? &t : NULL);
         if (r < 0)
                 return r;
@@ -1093,6 +1111,9 @@ int pidref_is_my_child(const PidRef *pid) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         result = pid_is_my_child(pid->pid);
         if (result < 0)
                 return result;
@@ -1128,6 +1149,9 @@ int pidref_is_unwaited(const PidRef *pid) {
         if (!pidref_is_set(pid))
                 return -ESRCH;
 
+        if (pidref_is_remote(pid))
+                return -EREMOTE;
+
         if (pid->pid == 1 || pidref_is_self(pid))
                 return true;
 
@@ -1169,6 +1193,9 @@ int pidref_is_alive(const PidRef *pidref) {
         if (!pidref_is_set(pidref))
                 return -ESRCH;
 
+        if (pidref_is_remote(pidref))
+                return -EREMOTE;
+
         result = pid_is_alive(pidref->pid);
         if (result < 0) {
                 assert(result != -ESRCH);
@@ -1847,59 +1874,6 @@ int get_oom_score_adjust(int *ret) {
         return 0;
 }
 
-int pidfd_get_pid(int fd, pid_t *ret) {
-        char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
-        _cleanup_free_ char *fdinfo = NULL;
-        int r;
-
-        /* Converts a pidfd into a pid. Well known errors:
-         *
-         *    -EBADF   → fd invalid
-         *    -ENOSYS  → /proc/ not mounted
-         *    -ENOTTY  → fd valid, but not a pidfd
-         *    -EREMOTE → fd valid, but pid is in another namespace we cannot translate to the local one
-         *    -ESRCH   → fd valid, but process is already reaped
-         */
-
-        assert(fd >= 0);
-
-        xsprintf(path, "/proc/self/fdinfo/%i", fd);
-
-        r = read_full_virtual_file(path, &fdinfo, NULL);
-        if (r == -ENOENT)
-                return proc_fd_enoent_errno();
-        if (r < 0)
-                return r;
-
-        char *p = find_line_startswith(fdinfo, "Pid:");
-        if (!p)
-                return -ENOTTY; /* not a pidfd? */
-
-        p = skip_leading_chars(p, /* bad = */ NULL);
-        p[strcspn(p, WHITESPACE)] = 0;
-
-        if (streq(p, "0"))
-                return -EREMOTE; /* PID is in foreign PID namespace? */
-        if (streq(p, "-1"))
-                return -ESRCH;   /* refers to reaped process? */
-
-        return parse_pid(p, ret);
-}
-
-int pidfd_verify_pid(int pidfd, pid_t pid) {
-        pid_t current_pid;
-        int r;
-
-        assert(pidfd >= 0);
-        assert(pid > 0);
-
-        r = pidfd_get_pid(pidfd, &current_pid);
-        if (r < 0)
-                return r;
-
-        return current_pid != pid ? -ESRCH : 0;
-}
-
 static int rlimit_to_nice(rlim_t limit) {
         if (limit <= 1)
                 return PRIO_MAX-1; /* i.e. 19 */

src/basic/process-util.h

@@ -251,9 +251,6 @@ assert_cc(TASKS_MAX <= (unsigned long) PID_T_MAX);
 /* Like TAKE_PTR() but for pid_t, resetting them to 0 */
 #define TAKE_PID(pid) TAKE_GENERIC(pid, pid_t, 0)
 
-int pidfd_get_pid(int fd, pid_t *ret);
-int pidfd_verify_pid(int pidfd, pid_t pid);
-
 int setpriority_closest(int priority);
 
 _noreturn_ void freeze(void);

src/cryptenroll/cryptenroll-fido2.c

@@ -193,7 +193,7 @@ int enroll_fido2(
                 fflush(stdout);
 
                 fprintf(stderr,
-                        "\nPlease save this FIDO2 credential ID. It is required when unloocking the volume\n"
+                        "\nPlease save this FIDO2 credential ID. It is required when unlocking the volume\n"
                         "using the associated FIDO2 keyslot which we just created. To configure automatic\n"
                         "unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
                         "file, see %s for details.\n", link);

src/libsystemd/sd-event/sd-event.c

@@ -1,9 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include <sys/epoll.h>
-#if HAVE_PIDFD_OPEN
-#include <sys/pidfd.h>
-#endif
 #include <sys/timerfd.h>
 #include <sys/wait.h>
 
@@ -31,6 +28,7 @@
 #include "origin-id.h"
 #include "path-util.h"
 #include "prioq.h"
+#include "pidfd-util.h"
 #include "process-util.h"
 #include "psi-util.h"
 #include "set.h"

src/libsystemd/sd-login/sd-login.c

@@ -22,6 +22,7 @@
 #include "macro.h"
 #include "parse-util.h"
 #include "path-util.h"
+#include "pidfd-util.h"
 #include "process-util.h"
 #include "socket-util.h"
 #include "stdio-util.h"

src/nsresourced/userns-registry.c

@@ -525,49 +525,20 @@ int userns_info_add_cgroup(UserNamespaceInfo *userns, uint64_t cgroup_id) {
 }
 
 static int userns_destroy_cgroup(uint64_t cgroup_id) {
-        _cleanup_close_ int cgroup_fd = -EBADF, parent_fd = -EBADF;
+        _cleanup_free_ char *path = NULL;
         int r;
 
-        cgroup_fd = cg_cgroupid_open(/* cgroupfsfd= */ -EBADF, cgroup_id);
+        r = cg_path_from_cgroupid(/* cgroupfs_fd = */ -EBADF, cgroup_id, &path);
-        if (cgroup_fd == -ESTALE) {
+        if (r == -ESTALE) {
-                log_debug_errno(cgroup_fd, "Control group %" PRIu64 " already gone, ignoring: %m", cgroup_id);
+                log_debug_errno(r, "Control group %" PRIu64 " already gone, ignoring.", cgroup_id);
                 return 0;
         }
-        if (cgroup_fd < 0)
-                return log_debug_errno(errno, "Failed to open cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
-
-        _cleanup_free_ char *path = NULL;
-        r = fd_get_path(cgroup_fd, &path);
         if (r < 0)
                 return log_debug_errno(r, "Failed to get path of cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
 
-        const char *e = path_startswith(path, "/sys/fs/cgroup/");
+        log_debug("Destroying cgroup %" PRIu64 " (%s)", cgroup_id, path);
-        if (!e)
-                return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Got cgroup path that doesn't start with /sys/fs/cgroup/, refusing: %s", path);
-        if (isempty(e))
-                return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Got root cgroup path, which can't be right, refusing.");
 
-        log_debug("Path of cgroup %" PRIu64 " is: %s", cgroup_id, path);
+        r = rm_rf(path, REMOVE_ROOT|REMOVE_ONLY_DIRECTORIES|REMOVE_CHMOD);
-
-        _cleanup_free_ char *fname = NULL;
-        r = path_extract_filename(path, &fname);
-        if (r < 0)
-                return log_debug_errno(r, "Failed to extract name of cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
-
-        parent_fd = openat(cgroup_fd, "..", O_CLOEXEC|O_DIRECTORY);
-        if (parent_fd < 0)
-                return log_debug_errno(errno, "Failed to open parent cgroup of %" PRIu64 ", ignoring: %m", cgroup_id);
-
-        /* Safety check, never leave cgroupfs */
-        r = fd_is_fs_type(parent_fd, CGROUP2_SUPER_MAGIC);
-        if (r < 0)
-                return log_debug_errno(r, "Failed to determine if parent directory of cgroup %" PRIu64 " is still a cgroup, ignoring: %m", cgroup_id);
-        if (!r)
-                return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Parent directory of cgroup %" PRIu64 " is not a cgroup, refusing.", cgroup_id);
-
-        cgroup_fd = safe_close(cgroup_fd);
-
-        r = rm_rf_child(parent_fd, fname, REMOVE_ONLY_DIRECTORIES|REMOVE_PHYSICAL|REMOVE_CHMOD);
         if (r < 0)
                 log_debug_errno(r, "Failed to remove delegated cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
 

src/shared/killall.c

@@ -46,13 +46,17 @@ static bool argv_has_at(pid_t pid) {
         return c == '@';
 }
 
-static bool is_survivor_cgroup(const PidRef *pid) {
+static bool is_in_survivor_cgroup(const PidRef *pid) {
         _cleanup_free_ char *cgroup_path = NULL;
         int r;
 
         assert(pidref_is_set(pid));
 
         r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path);
+        if (r == -EUNATCH) {
+                log_warning_errno(r, "Process " PID_FMT " appears to originate in foreign namespace, ignoring.", pid->pid);
+                return true;
+        }
         if (r < 0) {
                 log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid);
                 return false;
@@ -86,7 +90,7 @@ static bool ignore_proc(const PidRef *pid, bool warn_rootfs) {
                 return true; /* also ignore processes where we can't determine this */
 
         /* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */
-        if (is_survivor_cgroup(pid))
+        if (is_in_survivor_cgroup(pid))
                 return true;
 
         r = pidref_get_uid(pid, &uid);

src/test/test-audit-util.c

@@ -7,24 +7,26 @@ TEST(audit_loginuid_from_pid) {
         _cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
         int r;
 
-        assert_se(pidref_set_self(&self) >= 0);
+        ASSERT_OK(pidref_set_self(&self));
-        assert_se(pidref_set_pid(&pid1, 1) >= 0);
+        ASSERT_OK(pidref_set_pid(&pid1, 1));
 
         uid_t uid;
         r = audit_loginuid_from_pid(&self, &uid);
-        assert_se(r >= 0 || r == -ENODATA);
+        if (r != -ENODATA)
+                ASSERT_OK(r);
         if (r >= 0)
                 log_info("self audit login uid: " UID_FMT, uid);
 
-        assert_se(audit_loginuid_from_pid(&pid1, &uid) == -ENODATA);
+        ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA);
 
         uint32_t sessionid;
         r = audit_session_from_pid(&self, &sessionid);
-        assert_se(r >= 0 || r == -ENODATA);
+        if (r != -ENODATA)
+                ASSERT_OK(r);
         if (r >= 0)
                 log_info("self audit session id: %" PRIu32, sessionid);
 
-        assert_se(audit_session_from_pid(&pid1, &sessionid) == -ENODATA);
+        ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA);
 }
 
 static int intro(void) {