Compare commits

..

1 Commits

Author SHA1 Message Date
Helmut Grohne 87fe6f909d
Merge 48fa4d2f34 into 248eeec612 2024-11-17 02:09:57 +01:00
76 changed files with 429 additions and 547 deletions

14
TODO
View File

@ -129,20 +129,6 @@ Deprecations and removals:
Features:
* Teach systemd-ssh-generator to generated an /run/issue.d/ drop-in telling
users how to connect to the system via the AF_VSOCK, as per:
https://github.com/systemd/systemd/issues/35071#issuecomment-2462803142
* maybe introduce an OSC sequence that signals when we ask for a password, so
that terminal emulators can maybe connect a password manager or so, and
highlight things specially.
* Port pidref_namespace_open() to use PIDFD_GET_MNT_NAMESPACE and related
ioctls to get nsfds directly from pidfds.
* start using STATX_SUBVOL in btrfs_is_subvol(). Also, make use of it
generically, so that image discovery recognizes bcachefs subvols too.
* format-table: introduce new cell type for strings with ansi sequences in
them. display them in regular output mode (via strip_tab_ansi()), but
suppress them in json mode.

View File

@ -1438,11 +1438,6 @@ evdev:input:b0003v046DpC309*
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
KEYBOARD_KEY_c01b7=audio # My Music (F12)
# Logitech MX Keys for Mac
evdev:input:b0003v046Dp4092*
KEYBOARD_KEY_70035=102nd # '<' key
KEYBOARD_KEY_70064=grave # '^' key
###########################################################
# Maxdata
###########################################################

View File

@ -376,12 +376,11 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni1-TF:*
sensor:modalias:acpi:SMO8500*:dmi:*:svncube:pni7:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B/i18D)
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B)
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni8-L:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni18B:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnALLDOCUBE:pni18D:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# Cube iWork 10 Flagship
@ -953,15 +952,6 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
#########################################
# Pine64
#########################################
# PineTab2
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
#########################################
# Pipo
#########################################

View File

@ -421,7 +421,7 @@
<term><varname>rd.systemd.verity=</varname></term>
<term><varname>systemd.verity_root_data=</varname></term>
<term><varname>systemd.verity_root_hash=</varname></term>
<term><varname>systemd.verity_root_options=</varname></term>
<term><varname>systemd.verity.root_options=</varname></term>
<term><varname>usrhash=</varname></term>
<term><varname>systemd.verity_usr_data=</varname></term>
<term><varname>systemd.verity_usr_hash=</varname></term>

View File

@ -265,11 +265,32 @@
</refsect1>
<refsect1>
<title>Unlocking</title>
<title>Options</title>
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
<para>The following options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
@ -307,45 +328,7 @@
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Simple Enrollment</title>
<para>The following options are understood that may be used to enroll simple user input based
unlocking:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PKCS#11 Enrollment</title>
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry>
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
@ -378,15 +361,7 @@
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FIDO2 Enrollment</title>
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry>
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
@ -486,15 +461,7 @@
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>TPM2 Enrollment</title>
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
<variablelist>
<varlistentry>
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
@ -669,15 +636,7 @@
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Other Options</title>
<para>The following additional options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>

View File

@ -81,7 +81,4 @@
<para id="v255">Added in version 255.</para>
<para id="v256">Added in version 256.</para>
<para id="v257">Added in version 257.</para>
<para id="v258">Added in version 258.</para>
<para id="v259">Added in version 259.</para>
<para id="v260">Added in version 260.</para>
</refsect1>

View File

@ -1,7 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "clangd" ]]; then
exec "$@"
fi

View File

@ -2,6 +2,10 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "clangd" ]]; then
exec "$@"
fi
if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then
echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1

View File

@ -7,7 +7,7 @@ Distribution=arch
Environment=
GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
GIT_BRANCH=main
GIT_COMMIT=29a73017cd380cd8db070dbd560e229d523b3c79
GIT_COMMIT=62c224b60ca150627be58ca2da50f47cc0a5793c
PKG_SUBDIR=arch
[Content]

View File

@ -8,7 +8,7 @@ Distribution=|fedora
Environment=
GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
GIT_BRANCH=rawhide
GIT_COMMIT=7bd1d09f7fd16d20a041de0eb9af7cc8dbef6a99
GIT_COMMIT=e42eed4afd6267cd954d393d8eec79e0e7573de0
PKG_SUBDIR=fedora
[Content]

View File

@ -9,7 +9,7 @@ Environment=
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
GIT_SUBDIR=debian
GIT_BRANCH=debian/master
GIT_COMMIT=51cd22f3684725a1b199012555e7378f2f468c16
GIT_COMMIT=48fabbd5d240a70fce6712b6161f29b40b2fc7de
PKG_SUBDIR=debian
[Content]

View File

@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-17 15:48+0000\n"
"PO-Revision-Date: 2024-11-09 20:13+0000\n"
"Last-Translator: Weblate Translation Memory <noreply-mt-weblate-translation-"
"memory@weblate.org>\n"
"Language-Team: German <https://translate.fedoraproject.org/projects/systemd/"
@ -187,11 +187,9 @@ msgstr ""
"benötigte Speichermedium oder Dateisystem ein."
#: src/home/pam_systemd_home.c:298
#, c-format
#, fuzzy, c-format
msgid "Too frequent login attempts for user %s, try again later."
msgstr ""
"Zu viele Anmeldeversuche für Benutzer %s, versuchen Sie es später noch "
"einmal."
msgstr "Zu häufige Loginversuche für %s. Bitte später erneut probieren."
#: src/home/pam_systemd_home.c:310
msgid "Password: "
@ -1191,16 +1189,18 @@ msgid "Subscribe query results"
msgstr "Abfrageergebnisse abonnieren"
#: src/resolve/org.freedesktop.resolve1.policy:144
#, fuzzy
msgid "Authentication is required to subscribe query results."
msgstr "Legitimierung ist zum Abonnieren von Abfrageergebnissen erforderlich."
msgstr "Legitimierung ist zum Versetzen des Systems in Bereitschaft notwendig."
#: src/resolve/org.freedesktop.resolve1.policy:154
msgid "Dump cache"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:155
#, fuzzy
msgid "Authentication is required to dump cache."
msgstr ""
msgstr "Legitimierung ist zum Festlegen von Domains notwendig."
#: src/resolve/org.freedesktop.resolve1.policy:165
msgid "Dump server state"
@ -1248,21 +1248,20 @@ msgid "Install specific system version"
msgstr "Spezifische Systemversion installieren"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
#, fuzzy
msgid ""
"Authentication is required to update the system to a specific (possibly old) "
"version."
msgstr ""
"Legitimierung ist zum Aktualisieren des Systems auf eine bestimmte ("
"möglicherweise alte) Version erforderlich."
msgstr "Legitimierung ist zum Festlegen der Systemzeitzone notwendig."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates"
msgstr "Alte Systemaktualisierungen bereinigen"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates."
msgstr ""
"Legitimierung ist zum Bereinigen alter Systemaktualisierungen erforderlich."
msgstr "Legitimierung ist zum Festlegen der Systemzeit notwendig."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
@ -1270,8 +1269,11 @@ msgstr "Optionale Funktionen verwalten"
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "Legitimierung ist zur Verwaltung optionaler Funktionen erforderlich"
msgstr ""
"Legitimierung ist zur Verwaltung aktiver Sitzungen, Benutzern und "
"Arbeitsstationen notwendig."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -3,13 +3,12 @@
# Finnish translation of systemd.
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
# Jiri Grönroos <jiri.gronroos@iki.fi>, 2024.
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"Last-Translator: Jiri Grönroos <jiri.gronroos@iki.fi>\n"
"PO-Revision-Date: 2024-09-12 13:43+0000\n"
"Last-Translator: Ricky Tigg <ricky.tigg@gmail.com>\n"
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
"main/fi/>\n"
"Language: fi\n"
@ -17,7 +16,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
"X-Generator: Weblate 5.8.2\n"
"X-Generator: Weblate 5.7.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -113,12 +112,14 @@ msgid "Authentication is required to update a user's home area."
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Päivitä kotialue"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Todennus vaaditaan kotialueen päivittämiseksi."
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1173,11 +1174,14 @@ msgstr "Todennus vaaditaan vanhojen järjestelmäpäivitysten puhdistamiseen."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "Hallitse valinnaisia ominaisuuksia"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "Todennus vaaditaan valinnaisten ominaisuuksien hallintaan"
msgstr ""
"Todennus vaaditaan aktiivisten istuntojen, käyttäjien ja paikkojen "
"hallintaan."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -12,7 +12,7 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
"main/fr/>\n"
@ -360,8 +360,8 @@ msgid ""
"Authentication is required to set the statically configured local hostname, "
"as well as the pretty hostname."
msgstr ""
"Une authentification est requise pour définir le nom d'hôte local configuré "
"de manière statique, ainsi que le nom d'hôte convivial."
"Une authentification est requise pour définir le nom d'hôte local de manière "
"statique, ainsi que le nom d'hôte familier."
#: src/hostname/org.freedesktop.hostname1.policy:41
msgid "Set machine information"

114
po/he.po
View File

@ -1,22 +1,22 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023, 2024.
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-19 07:38+0000\n"
"PO-Revision-Date: 2023-11-22 00:01+0000\n"
"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n"
"Language-Team: Hebrew <https://translate.fedoraproject.org/projects/systemd/"
"main/he/>\n"
"master/he/>\n"
"Language: he\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=4; plural=(n == 1) ? 0 : ((n == 2) ? 1 : ((n > 10 && "
"n % 10 == 0) ? 2 : 3));\n"
"X-Generator: Weblate 5.8.2\n"
"X-Generator: Weblate 5.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -106,12 +106,14 @@ msgid "Authentication is required to update a user's home area."
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "עדכון אזור הבית שלך"
msgstr "עדכון אזור בית"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "נדרש אימות כדי לעדכן את אזור הבית שלך."
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -131,12 +133,14 @@ msgid ""
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area"
msgstr "הפעלת אזור בית"
msgstr "יצירת אזור בית"
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "נדרש אימות כדי להפעיל אזור בית של משתמש."
msgstr "נדרש אימות כדי ליצור אזור בית למשתמש."
#: src/home/pam_systemd_home.c:293
#, c-format
@ -347,37 +351,46 @@ msgid "Authentication is required to get system description."
msgstr "נדרש אימות כדי למשוך את תיאור המערכת."
#: src/import/org.freedesktop.import1.policy:22
#, fuzzy
msgid "Import a disk image"
msgstr "ייבוא דמות כונן"
msgstr "לייבא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:23
#, fuzzy
msgid "Authentication is required to import an image."
msgstr "נדרש אימות כדי לייבא דמות."
msgstr ""
"נדרש אימות כדי לייבא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:32
#, fuzzy
msgid "Export a disk image"
msgstr "ייצוא דמות כונן"
msgstr "ייצוא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:33
#, fuzzy
msgid "Authentication is required to export disk image."
msgstr "נדרש אימות כדי לייצא דמות כונן."
msgstr ""
"נדרש אימות כדי לייצא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:42
#, fuzzy
msgid "Download a disk image"
msgstr "הורדת דמות כונן"
msgstr "הורדת מכונה וירטואלית או דמות מכולה"
#: src/import/org.freedesktop.import1.policy:43
#, fuzzy
msgid "Authentication is required to download a disk image."
msgstr "נדרש אימות כדי להוריד דמות כונן."
msgstr "נדרש אימות כדי להוריד מכונה וירטואלית או דמות מכולה"
#: src/import/org.freedesktop.import1.policy:52
msgid "Cancel transfer of a disk image"
msgstr "ביטול העברה של דמות כונן"
msgstr ""
#: src/import/org.freedesktop.import1.policy:53
#, fuzzy
msgid ""
"Authentication is required to cancel the ongoing transfer of a disk image."
msgstr "נדרש אימות כדי לבטל העברה של דמות כונן שמתבצעת בזמן אמת."
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
#: src/locale/org.freedesktop.locale1.policy:22
msgid "Set system locale"
@ -719,8 +732,9 @@ msgid "Set a wall message"
msgstr "הגדרת הודעת קיר"
#: src/login/org.freedesktop.login1.policy:397
#, fuzzy
msgid "Authentication is required to set a wall message."
msgstr "נדרש אימות כדי להגדיר הודעת קיר."
msgstr "נדרש אימות כדי להגדיר הודעת קיר"
#: src/login/org.freedesktop.login1.policy:406
msgid "Change Session"
@ -790,14 +804,16 @@ msgstr ""
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
#: src/machine/org.freedesktop.machine1.policy:95
#, fuzzy
msgid "Create a local virtual machine or container"
msgstr "יצירת מכונה וירטואלית או מכולה מקומיות"
msgstr "ניהול מכונות וירטואליות ומכולות מקומיות"
#: src/machine/org.freedesktop.machine1.policy:96
#, fuzzy
msgid ""
"Authentication is required to create a local virtual machine or container."
msgstr ""
"נדרש אימות כדי ליצור מכונות וירטואליות (VM) או מכולות (container) מקומיות."
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
#: src/machine/org.freedesktop.machine1.policy:106
msgid "Manage local virtual machine and container images"
@ -949,13 +965,13 @@ msgstr "נדרש אימות כדי להגדיר כרטיס רשת מחדש."
#: src/network/org.freedesktop.network1.policy:187
msgid "Specify whether persistent storage for systemd-networkd is available"
msgstr "נא לציין האם יש אחסון קבוע זמין ל־systemd-networkd"
msgstr ""
#: src/network/org.freedesktop.network1.policy:188
msgid ""
"Authentication is required to specify whether persistent storage for systemd-"
"networkd is available."
msgstr "נדרש אימות כדי לציין האם אחסון קבוע זמין ל־systemd-networkd."
msgstr ""
#: src/portable/org.freedesktop.portable1.policy:13
msgid "Inspect a portable service image"
@ -988,16 +1004,18 @@ msgid "Register a DNS-SD service"
msgstr "רישום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:23
#, fuzzy
msgid "Authentication is required to register a DNS-SD service."
msgstr "נדרש אימות כדי לרשום שירות DNS-SD."
msgstr "נדרש אימות כדי לרשום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:33
msgid "Unregister a DNS-SD service"
msgstr "ביטול רישום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:34
#, fuzzy
msgid "Authentication is required to unregister a DNS-SD service."
msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD."
msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:132
msgid "Revert name resolution settings"
@ -1009,85 +1027,95 @@ msgstr "נדרש אימות כדי לאפס את הגדרות פתרון השמ
#: src/resolve/org.freedesktop.resolve1.policy:143
msgid "Subscribe query results"
msgstr "רישום לתוצאות שאילתה"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:144
#, fuzzy
msgid "Authentication is required to subscribe query results."
msgstr "נדרש אימות כדי להירשם לתוצאות שאילתה."
msgstr "נדרש אימות כדי להשהות את המערכת."
#: src/resolve/org.freedesktop.resolve1.policy:154
msgid "Dump cache"
msgstr "היטל המטמון"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:155
#, fuzzy
msgid "Authentication is required to dump cache."
msgstr "נדרש אימות כדי להטיל את המטמון."
msgstr "נדרש אימות כדי להגדיר שמות תחום."
#: src/resolve/org.freedesktop.resolve1.policy:165
msgid "Dump server state"
msgstr "היטל מצב השרת"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:166
#, fuzzy
msgid "Authentication is required to dump server state."
msgstr "נדרש אימות כדי להטיל את מצב השרת."
msgstr "נדרש אימות כדי להגדיר שרתי NTP."
#: src/resolve/org.freedesktop.resolve1.policy:176
msgid "Dump statistics"
msgstr "היטל סטטיסטיקה"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:177
#, fuzzy
msgid "Authentication is required to dump statistics."
msgstr "נדרש אימות כדי להטיל סטטיסטיקה."
msgstr "נדרש אימות כדי להגדיר שמות תחום."
#: src/resolve/org.freedesktop.resolve1.policy:187
msgid "Reset statistics"
msgstr "איפוס סטטיסטיקה"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:188
#, fuzzy
msgid "Authentication is required to reset statistics."
msgstr "נדרש אימות כדי לאפס סטטיסטיקה."
msgstr "נדרש אימות כדי לאפס הגדרות NTP."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:35
msgid "Check for system updates"
msgstr "חיפוש עדכוני מערכת"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:36
#, fuzzy
msgid "Authentication is required to check for system updates."
msgstr "נדרש אימות כדי לחפש עדכוני מערכת."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:45
msgid "Install system updates"
msgstr "התקנת עדכוני מערכת"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:46
#, fuzzy
msgid "Authentication is required to install system updates."
msgstr "נדרש אימות כדי להתקין עדכוני מערכת."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:55
msgid "Install specific system version"
msgstr "התקנת גרסת מערכת מסוימת"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
#, fuzzy
msgid ""
"Authentication is required to update the system to a specific (possibly old) "
"version."
msgstr "נדרש אימות כדי לעדכן את המערכת לגרסה מסוימת (כנראה ישנה)."
msgstr "נדרש אימות כדי להגדיר את אזור הזמן של המערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates"
msgstr "ניקוי עדכוני מערכת ישנים"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates."
msgstr "נדרש אימות כדי לנקות עדכוני מערכת ישנים."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "ניהול יכולות רשות"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "נדרש אימות כדי לנהל יכולות רשות"
msgstr "נדרש אימות כדי לנהל הפעלות, משתמשים ומושבים פעילים."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-18 12:55+0900\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2021-09-09 03:04+0000\n"
"Last-Translator: Takuro Onoue <kusanaginoturugi@gmail.com>\n"
"Language-Team: Japanese <https://translate.fedoraproject.org/projects/"
@ -106,12 +106,14 @@ msgid "Authentication is required to update a user's home area."
msgstr "ユーザのホーム領域の更新には認証が必要です。"
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "ホーム領域の更新"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "ホーム領域の更新には認証が必要です。"
msgstr "ユーザのホーム領域の更新には認証が必要です。"
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1118,11 +1120,12 @@ msgstr "過去のシステム更新を削除するには認証が必要です。
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "任意の機能の管理"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "任意の機能を管理するには認証が必要です。"
msgstr "アクティブなセッションやユーザ,シートを管理するには認証が必要です。"
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -14,7 +14,7 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-17 13:38+0000\n"
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
"Last-Translator: \"Sergey A.\" <Ser82-png@yandex.ru>\n"
"Language-Team: Russian <https://translate.fedoraproject.org/projects/systemd/"
"main/ru/>\n"
@ -1280,7 +1280,7 @@ msgstr "Управление дополнительными функциями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
msgid "Authentication is required to manage optional features"
msgstr ""
"Для управления дополнительными функциями необходимо пройти аутентификацию"
"Для управления дополнительными функциями необходимо пройти аутентификацию."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -7,7 +7,7 @@ msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"PO-Revision-Date: 2024-08-26 19:38+0000\n"
"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
"Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
"systemd/main/sl/>\n"
@ -17,7 +17,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
"n%100==4 ? 2 : 3;\n"
"X-Generator: Weblate 5.8.2\n"
"X-Generator: Weblate 5.7\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -125,13 +125,16 @@ msgstr ""
"območja."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Posodobite domače območje"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr ""
"Preverjanje pristnosti je potrebno za posodobitev vašega domačega območja."
"Preverjanje pristnosti je potrebno za posodobitev uporabnikovega domačega "
"območja."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1231,12 +1234,14 @@ msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "Upravljaj dodatne funkcionalnosti"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Preverjanje pristnosti je potrebno za upravljanje dodatnih funkcionalnosti."
"Preverjanje pristnosti je potrebno za upravljanje aktivnih sej, uporabnikov "
"in delovišč."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -4,12 +4,11 @@
# Eugene Melnik <jeka7js@gmail.com>, 2014.
# Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
# Dmytro Markevych <hotr1pak@gmail.com>, 2024.
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-21 19:38+0000\n"
"PO-Revision-Date: 2024-08-24 10:36+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
"systemd/main/uk/>\n"
@ -19,7 +18,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
"X-Generator: Weblate 5.8.2\n"
"X-Generator: Weblate 5.7\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -119,12 +118,14 @@ msgid "Authentication is required to update a user's home area."
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Оновлення домашньої області"
msgstr "Оновлення домашньої теки"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Для оновлення домашньої області слід пройти розпізнавання."
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1211,11 +1212,14 @@ msgstr "Для вилучення застарілих оновлень сист
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "Керування додатковими функціями"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
msgstr ""
"Для того, щоб керувати сеансами, користувачами і робочими місцями, слід "
"пройти розпізнавання."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -38,12 +38,19 @@ __get_tpm2_devices() {
done
}
__get_block_devices() {
local i
for i in /dev/*; do
[ -b "$i" ] && printf '%s\n' "$i"
done
}
_systemd_cryptenroll() {
local comps
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
local -A OPTS=(
[STANDALONE]='-h --help --version
--password --recovery-key --list-devices'
--password --recovery-key'
[ARG]='--unlock-key-file
--unlock-fido2-device
--unlock-tpm2-device
@ -109,7 +116,7 @@ _systemd_cryptenroll() {
return 0
fi
comps=$(systemd-cryptenroll --list-devices)
comps=$(__get_block_devices)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0
}

View File

@ -799,20 +799,16 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
continue;
}
_cleanup_free_ char *path = strdup(e + 1);
char *path = strdup(e + 1);
if (!path)
return -ENOMEM;
/* Refuse cgroup paths from outside our cgroup namespace */
if (startswith(path, "/../"))
return -EUNATCH;
/* Truncate suffix indicating the process is a zombie */
e = endswith(path, " (deleted)");
if (e)
*e = 0;
*ret_path = TAKE_PTR(path);
*ret_path = path;
return 0;
}
}

View File

@ -102,8 +102,8 @@ int pid_get_comm(pid_t pid, char **ret) {
_cleanup_free_ char *escaped = NULL, *comm = NULL;
int r;
assert(pid >= 0);
assert(ret);
assert(pid >= 0);
if (pid == 0 || pid == getpid_cached()) {
comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
@ -143,9 +143,6 @@ int pidref_get_comm(const PidRef *pid, char **ret) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_comm(pid->pid, &comm);
if (r < 0)
return r;
@ -292,9 +289,6 @@ int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlag
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
if (r < 0)
return r;
@ -337,9 +331,6 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char *
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_cmdline_strv(pid->pid, flags, &args);
if (r < 0)
return r;
@ -486,9 +477,6 @@ int pidref_is_kernel_thread(const PidRef *pid) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
result = pid_is_kernel_thread(pid->pid);
if (result < 0)
return result;
@ -606,9 +594,6 @@ int pidref_get_uid(const PidRef *pid, uid_t *ret) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_uid(pid->pid, &uid);
if (r < 0)
return r;
@ -809,9 +794,6 @@ int pidref_get_start_time(const PidRef *pid, usec_t *ret) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_start_time(pid->pid, ret ? &t : NULL);
if (r < 0)
return r;
@ -1111,9 +1093,6 @@ int pidref_is_my_child(const PidRef *pid) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
result = pid_is_my_child(pid->pid);
if (result < 0)
return result;
@ -1149,9 +1128,6 @@ int pidref_is_unwaited(const PidRef *pid) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
if (pid->pid == 1 || pidref_is_self(pid))
return true;
@ -1193,9 +1169,6 @@ int pidref_is_alive(const PidRef *pidref) {
if (!pidref_is_set(pidref))
return -ESRCH;
if (pidref_is_remote(pidref))
return -EREMOTE;
result = pid_is_alive(pidref->pid);
if (result < 0) {
assert(result != -ESRCH);

View File

@ -220,9 +220,9 @@ static int synthesize_user_creds(
if (ret_gid)
*ret_gid = GID_NOBODY;
if (ret_home)
*ret_home = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : "/";
*ret_home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/";
if (ret_shell)
*ret_shell = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : NOLOGIN;
*ret_shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN;
return 0;
}
@ -244,7 +244,6 @@ int get_user_creds(
assert(username);
assert(*username);
assert((ret_home || ret_shell) || !(flags & (USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_CLEAN)));
if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
(!ret_home && !ret_shell)) {
@ -316,14 +315,17 @@ int get_user_creds(
if (ret_home)
/* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
*ret_home = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && empty_or_root(p->pw_dir)) ||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_dir) || !path_is_absolute(p->pw_dir)))
? NULL : p->pw_dir;
*ret_home = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
(empty_or_root(p->pw_dir) ||
!path_is_valid(p->pw_dir) ||
!path_is_absolute(p->pw_dir))) ? NULL : p->pw_dir;
if (ret_shell)
*ret_shell = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && shell_is_placeholder(p->pw_shell)) ||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_shell) || !path_is_absolute(p->pw_shell)))
? NULL : p->pw_shell;
*ret_shell = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
(isempty(p->pw_shell) ||
!path_is_valid(p->pw_shell) ||
!path_is_absolute(p->pw_shell) ||
is_nologin_shell(p->pw_shell))) ? NULL : p->pw_shell;
if (patch_username)
*username = p->pw_name;

View File

@ -12,8 +12,6 @@
#include <sys/types.h>
#include <unistd.h>
#include "string-util.h"
/* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
#define HOME_UID_MIN ((uid_t) 60001)
#define HOME_UID_MAX ((uid_t) 60513)
@ -38,20 +36,10 @@ static inline int parse_gid(const char *s, gid_t *ret_gid) {
char* getlogname_malloc(void);
char* getusername_malloc(void);
const char* default_root_shell_at(int rfd);
const char* default_root_shell(const char *root);
bool is_nologin_shell(const char *shell);
static inline bool shell_is_placeholder(const char *shell) {
return isempty(shell) || is_nologin_shell(shell);
}
typedef enum UserCredsFlags {
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
USER_CREDS_SUPPRESS_PLACEHOLDER = 1 << 3, /* suppress home and/or shell fields if value is placeholder (root/empty/nologin) */
} UserCredsFlags;
int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
@ -137,6 +125,10 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg);
int putsgent_sane(const struct sgrp *sg, FILE *stream);
#endif
bool is_nologin_shell(const char *shell);
const char* default_root_shell_at(int rfd);
const char* default_root_shell(const char *root);
int is_this_me(const char *username);
const char* get_home_root(void);

View File

@ -855,6 +855,9 @@ static int get_fixed_user(
assert(user_or_uid);
assert(ret_username);
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
* (i.e. are "/" or "/bin/nologin"). */
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
if (r < 0)
return r;
@ -1880,10 +1883,7 @@ static int build_environment(
}
}
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
* (i.e. are "/" or "/bin/nologin"). */
if (home && set_user_login_env && !empty_or_root(home)) {
if (home && set_user_login_env) {
x = strjoin("HOME=", home);
if (!x)
return -ENOMEM;
@ -1892,7 +1892,7 @@ static int build_environment(
our_env[n_env++] = x;
}
if (shell && set_user_login_env && !shell_is_placeholder(shell)) {
if (shell && set_user_login_env) {
x = strjoin("SHELL=", shell);
if (!x)
return -ENOMEM;
@ -3471,16 +3471,20 @@ static int apply_working_directory(
const ExecContext *context,
const ExecParameters *params,
ExecRuntime *runtime,
const char *home) {
const char *home,
int *exit_status) {
const char *wd;
int r;
assert(context);
assert(exit_status);
if (context->working_directory_home) {
if (!home)
if (!home) {
*exit_status = EXIT_CHDIR;
return -ENXIO;
}
wd = home;
} else
@ -3499,7 +3503,13 @@ static int apply_working_directory(
if (r >= 0)
r = RET_NERRNO(fchdir(dfd));
}
return context->working_directory_missing_ok ? 0 : r;
if (r < 0 && !context->working_directory_missing_ok) {
*exit_status = EXIT_CHDIR;
return r;
}
return 0;
}
static int apply_root_directory(
@ -3775,7 +3785,7 @@ static int acquire_home(const ExecContext *c, const char **home, char **ret_buf)
if (!c->working_directory_home)
return 0;
if (c->dynamic_user || (c->user && is_this_me(c->user) <= 0))
if (c->dynamic_user)
return -EADDRNOTAVAIL;
r = get_home_dir(ret_buf);
@ -4533,7 +4543,7 @@ int exec_invoke(
r = acquire_home(context, &home, &home_buffer);
if (r < 0) {
*exit_status = EXIT_CHDIR;
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for the invoking user: %m");
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for user: %m");
}
/* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
@ -5372,11 +5382,9 @@ int exec_invoke(
* running this service might have the correct privilege to change to the working directory. Also, it
* is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
* the cwd cannot be used to pin directories outside of the sandbox. */
r = apply_working_directory(context, params, runtime, home);
if (r < 0) {
*exit_status = EXIT_CHDIR;
r = apply_working_directory(context, params, runtime, home, exit_status);
if (r < 0)
return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
}
if (needs_sandboxing) {
/* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to

View File

@ -3426,12 +3426,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
return 0;
}
r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
r = service_add_fd_store(s, fd, fdn, do_poll);
if (r < 0) {
log_unit_debug_errno(u, r,
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
return 0;
}
TAKE_FD(fd);
} else if (streq(key, "extra-fd")) {
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
_cleanup_close_ int fd = -EBADF;

View File

@ -193,7 +193,7 @@ int enroll_fido2(
fflush(stdout);
fprintf(stderr,
"\nPlease save this FIDO2 credential ID. It is required when unlocking the volume\n"
"\nPlease save this FIDO2 credential ID. It is required when unloocking the volume\n"
"using the associated FIDO2 keyslot which we just created. To configure automatic\n"
"unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
"file, see %s for details.\n", link);

View File

@ -427,9 +427,6 @@ int wipe_slots(struct crypt_device *cd,
for (size_t i = n_ordered_slots; i > 0; i--) {
r = crypt_keyslot_destroy(cd, ordered_slots[i - 1]);
if (r < 0) {
if (r == -ENOENT)
log_warning_errno(r, "Failed to wipe non-existent slot %i, continuing.", ordered_slots[i - 1]);
else
log_warning_errno(r, "Failed to wipe slot %i, continuing: %m", ordered_slots[i - 1]);
if (ret == 0)
ret = r;

View File

@ -193,7 +193,7 @@ static int help(void) {
"\n%3$sSimple Enrollment:%4$s\n"
" --password Enroll a user-supplied password\n"
" --recovery-key Enroll a recovery key\n"
"\n%3$sPKCS#11 Enrollment:%4$s\n"
"\n%3$sPKCS11 Enrollment:%4$s\n"
" --pkcs11-token-uri=URI\n"
" Specify PKCS#11 security token URI\n"
"\n%3$sFIDO2 Enrollment:%4$s\n"

View File

@ -750,7 +750,7 @@ static int ndisc_option_parse_route(Set **options, size_t offset, size_t len, co
usec_t lifetime = unaligned_be32_sec_to_usec(opt + 4, /* max_as_infinity = */ true);
struct in6_addr prefix;
memcpy_safe(&prefix, opt + 8, len - 8);
memcpy(&prefix, opt + 8, len - 8);
in6_addr_mask(&prefix, prefixlen);
return ndisc_option_add_route(options, offset, preference, prefixlen, &prefix, lifetime);

View File

@ -1033,14 +1033,12 @@ global:
sd_varlink_server_listen_fd;
sd_varlink_server_loop_auto;
sd_varlink_server_new;
sd_varlink_server_ref;
sd_varlink_server_set_connections_max;
sd_varlink_server_set_connections_per_uid_max;
sd_varlink_server_set_description;
sd_varlink_server_set_exit_on_idle;
sd_varlink_server_set_userdata;
sd_varlink_server_shutdown;
sd_varlink_server_unref;
sd_varlink_set_allow_fd_passing_input;
sd_varlink_set_allow_fd_passing_output;
sd_varlink_set_description;

View File

@ -3265,7 +3265,7 @@ static sd_varlink_server* varlink_server_destroy(sd_varlink_server *s) {
return mfree(s);
}
DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(sd_varlink_server, sd_varlink_server, varlink_server_destroy);
DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_varlink_server, sd_varlink_server, varlink_server_destroy);
static int validate_connection(sd_varlink_server *server, const struct ucred *ucred) {
int allowed = -1;

View File

@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
int pidfd = sd_varlink_get_peer_pidfd(v);
if (pidfd < 0) {
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd))
return pidfd;
pid_t pid;

View File

@ -642,7 +642,7 @@ static bool netdev_can_set_mac(NetDev *netdev, const struct hw_addr_data *hw_add
if (hw_addr_equal(&link->hw_addr, hw_addr))
return false; /* Unchanged, not necessary to set. */
/* Some netdevs refuse to update MAC address even if the interface is not running, e.g. ipvlan.
/* Soem netdevs refuse to update MAC address even if the interface is not running, e.g. ipvlan.
* Some other netdevs have the IFF_LIVE_ADDR_CHANGE flag and can update update MAC address even if
* the interface is running, e.g. dummy. For those cases, use custom checkers. */
if (NETDEV_VTABLE(netdev)->can_set_mac)

View File

@ -1443,7 +1443,6 @@ int link_reconfigure_impl(Link *link, LinkReconfigurationFlag flags) {
}
typedef struct LinkReconfigurationData {
Manager *manager;
Link *link;
LinkReconfigurationFlag flags;
sd_bus_message *message;
@ -1474,12 +1473,6 @@ static void link_reconfiguration_data_destroy_callback(LinkReconfigurationData *
}
if (!data->counter || *data->counter <= 0) {
/* Update the state files before replying the bus method. Otherwise,
* systemd-networkd-wait-online following networkctl reload/reconfigure may read an
* outdated state file and wrongly handle an interface is already in the configured
* state. */
(void) manager_clean_all(data->manager);
r = sd_bus_reply_method_return(data->message, NULL);
if (r < 0)
log_warning_errno(r, "Failed to reply for DBus method, ignoring: %m");
@ -1528,7 +1521,6 @@ int link_reconfigure_full(Link *link, LinkReconfigurationFlag flags, sd_bus_mess
}
*data = (LinkReconfigurationData) {
.manager = link->manager,
.link = link_ref(link),
.flags = flags,
.message = sd_bus_message_ref(message), /* message may be NULL, but _ref() works fine. */

View File

@ -1610,7 +1610,7 @@ static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
return 0;
}
static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt) {
uint8_t flags, prefixlen;
struct in6_addr a;
int r;
@ -1619,14 +1619,6 @@ static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt, bool zer
assert(link->network);
assert(rt);
usec_t lifetime_usec;
r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_usec);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get prefix lifetime: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_prefix_get_address(rt, &a);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get prefix address: %m");
@ -1672,7 +1664,7 @@ static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt, bool zer
return 0;
}
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
_cleanup_(route_unrefp) Route *route = NULL;
uint8_t preference, prefixlen;
struct in6_addr gateway, dst;
@ -1688,9 +1680,6 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt, bool zero
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get route lifetime from RA: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_route_get_address(rt, &dst);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get route destination address: %m");
@ -1723,6 +1712,10 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt, bool zero
}
r = sd_ndisc_router_route_get_preference(rt, &preference);
if (r == -EOPNOTSUPP) {
log_link_debug_errno(link, r, "Received route prefix with unsupported preference, ignoring: %m");
return 0;
}
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m");
@ -1766,7 +1759,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ndisc_rdnss_compare_func,
free);
static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) {
usec_t lifetime_usec;
const struct in6_addr *a;
struct in6_addr router;
@ -1788,9 +1781,6 @@ static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt, bool zero
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
if (n < 0)
return log_link_warning_errno(link, n, "Failed to get RDNSS addresses: %m");
@ -1861,7 +1851,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ndisc_dnssl_compare_func,
free);
static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) {
char **l;
usec_t lifetime_usec;
struct in6_addr router;
@ -1883,9 +1873,6 @@ static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt, bool zero
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get DNSSL lifetime: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_dnssl_get_domains(rt, &l);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get DNSSL addresses: %m");
@ -1966,7 +1953,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ndisc_captive_portal_compare_func,
ndisc_captive_portal_free);
static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt) {
_cleanup_(ndisc_captive_portal_freep) NDiscCaptivePortal *new_entry = NULL;
_cleanup_free_ char *captive_portal = NULL;
const char *uri;
@ -1993,9 +1980,6 @@ static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt,
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_get_captive_portal(rt, &uri);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get captive portal from RA: %m");
@ -2084,7 +2068,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ndisc_pref64_compare_func,
mfree);
static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt) {
_cleanup_free_ NDiscPREF64 *new_entry = NULL;
usec_t lifetime_usec;
struct in6_addr a, router;
@ -2115,9 +2099,6 @@ static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt, bool zer
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get pref64 prefix lifetime: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
if (lifetime_usec == 0) {
free(set_remove(link->ndisc_pref64,
&(NDiscPREF64) {
@ -2236,7 +2217,7 @@ static int sd_dns_resolver_copy(const sd_dns_resolver *a, sd_dns_resolver *b) {
return 0;
}
static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt) {
int r;
assert(link);
@ -2259,9 +2240,6 @@ static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt, b
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_encrypted_dns_get_resolver(rt, &res);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get encrypted dns resolvers: %m");
@ -2314,7 +2292,7 @@ static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt, b
return 0;
}
static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
size_t n_captive_portal = 0;
int r;
@ -2336,19 +2314,19 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt, bool ze
switch (type) {
case SD_NDISC_OPTION_PREFIX_INFORMATION:
r = ndisc_router_process_prefix(link, rt, zero_lifetime);
r = ndisc_router_process_prefix(link, rt);
break;
case SD_NDISC_OPTION_ROUTE_INFORMATION:
r = ndisc_router_process_route(link, rt, zero_lifetime);
r = ndisc_router_process_route(link, rt);
break;
case SD_NDISC_OPTION_RDNSS:
r = ndisc_router_process_rdnss(link, rt, zero_lifetime);
r = ndisc_router_process_rdnss(link, rt);
break;
case SD_NDISC_OPTION_DNSSL:
r = ndisc_router_process_dnssl(link, rt, zero_lifetime);
r = ndisc_router_process_dnssl(link, rt);
break;
case SD_NDISC_OPTION_CAPTIVE_PORTAL:
if (n_captive_portal > 0) {
@ -2358,15 +2336,15 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt, bool ze
n_captive_portal++;
continue;
}
r = ndisc_router_process_captive_portal(link, rt, zero_lifetime);
r = ndisc_router_process_captive_portal(link, rt);
if (r > 0)
n_captive_portal++;
break;
case SD_NDISC_OPTION_PREF64:
r = ndisc_router_process_pref64(link, rt, zero_lifetime);
r = ndisc_router_process_pref64(link, rt);
break;
case SD_NDISC_OPTION_ENCRYPTED_DNS:
r = ndisc_router_process_encrypted_dns(link, rt, zero_lifetime);
r = ndisc_router_process_encrypted_dns(link, rt);
break;
}
if (r < 0 && r != -EBADMSG)
@ -2674,6 +2652,10 @@ static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
if (r < 0)
return r;
r = ndisc_router_process_default(link, rt);
if (r < 0)
return r;
r = ndisc_router_process_reachable_time(link, rt);
if (r < 0)
return r;
@ -2690,15 +2672,7 @@ static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
if (r < 0)
return r;
r = ndisc_router_process_options(link, rt, /* zero_lifetime = */ true);
if (r < 0)
return r;
r = ndisc_router_process_default(link, rt);
if (r < 0)
return r;
r = ndisc_router_process_options(link, rt, /* zero_lifetime = */ false);
r = ndisc_router_process_options(link, rt);
if (r < 0)
return r;

View File

@ -50,7 +50,6 @@ static int add_syscall_filters(
{ CAP_IPC_LOCK, "@memlock" },
/* Plus a good set of additional syscalls which are not part of any of the groups above */
{ 0, "arm_fadvise64_64" },
{ 0, "brk" },
{ 0, "capget" },
{ 0, "capset" },

View File

@ -2297,8 +2297,7 @@ static int start_transient_scope(sd_bus *bus) {
uid_t uid;
gid_t gid;
r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell,
USER_CREDS_CLEAN|USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_PREFER_NSS);
r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell, USER_CREDS_CLEAN|USER_CREDS_PREFER_NSS);
if (r < 0)
return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);

View File

@ -46,17 +46,13 @@ static bool argv_has_at(pid_t pid) {
return c == '@';
}
static bool is_in_survivor_cgroup(const PidRef *pid) {
static bool is_survivor_cgroup(const PidRef *pid) {
_cleanup_free_ char *cgroup_path = NULL;
int r;
assert(pidref_is_set(pid));
r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path);
if (r == -EUNATCH) {
log_warning_errno(r, "Process " PID_FMT " appears to originate in foreign namespace, ignoring.", pid->pid);
return true;
}
if (r < 0) {
log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid);
return false;
@ -90,7 +86,7 @@ static bool ignore_proc(const PidRef *pid, bool warn_rootfs) {
return true; /* also ignore processes where we can't determine this */
/* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */
if (is_in_survivor_cgroup(pid))
if (is_survivor_cgroup(pid))
return true;
r = pidref_get_uid(pid, &uid);

View File

@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
/* Default to PCR 7 only */
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)

View File

@ -28,28 +28,21 @@ const char* user_record_state_color(const char *state) {
return NULL;
}
static void dump_self_modifiable(
const char *heading,
char **field,
const char **value) {
static void dump_self_modifiable(const char *heading, char **field, const char **value) {
assert(heading);
/* Helper function for printing the various self_modifiable_* fields from the user record */
if (!value)
/* Case 1: no value is set and no default either */
printf("%13s %snone%s\n", heading, ansi_highlight(), ansi_normal());
else if (strv_isempty((char**) value))
/* Case 2: the array is explicitly set to empty by the administrator */
printf("%13s %sdisabled by administrator%s\n", heading, ansi_highlight_red(), ansi_normal());
if (strv_isempty((char**) value))
/* Case 1: the array is explicitly set to be empty by the administrator */
printf("%13s %sDisabled by Administrator%s\n", heading, ansi_highlight_red(), ansi_normal());
else if (!field)
/* Case 3: we have values, but the field is NULL. This means that we're using the defaults.
/* Case 2: we have values, but the field is NULL. This means that we're using the defaults.
* We list them anyways, because they're security-sensitive to the administrator */
STRV_FOREACH(i, value)
printf("%13s %s%s%s\n", i == value ? heading : "", ansi_grey(), *i, ansi_normal());
else
/* Case 4: we have a list provided by the administrator */
/* Case 3: we have a list provided by the administrator */
STRV_FOREACH(i, value)
printf("%13s %s\n", i == value ? heading : "", *i);
}

View File

@ -2165,15 +2165,8 @@ const char** user_record_self_modifiable_fields(UserRecord *h) {
assert(h);
/* Note: if the self_modifiable_fields field in UserRecord is NULL we'll apply a default, if we have
* one. If it is a non-NULL empty strv, we'll report it as explicit empty list. When the field is
* NULL and we have no default list we'll return NULL. */
/* Note that we intentionally distinguish between NULL and an empty array here */
if (h->self_modifiable_fields)
return (const char**) h->self_modifiable_fields;
return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
return (const char**) h->self_modifiable_fields ?: (const char**) default_fields;
}
const char** user_record_self_modifiable_blobs(UserRecord *h) {
@ -2187,10 +2180,7 @@ const char** user_record_self_modifiable_blobs(UserRecord *h) {
assert(h);
/* Note that we intentionally distinguish between NULL and an empty array here */
if (h->self_modifiable_blobs)
return (const char**) h->self_modifiable_blobs;
return user_record_disposition(h) == USER_REGULAR ? (const char**) default_blobs : NULL;
return (const char**) h->self_modifiable_blobs ?: (const char**) default_blobs;
}
const char** user_record_self_modifiable_privileged(UserRecord *h) {
@ -2211,10 +2201,7 @@ const char** user_record_self_modifiable_privileged(UserRecord *h) {
assert(h);
/* Note that we intentionally distinguish between NULL and an empty array here */
if (h->self_modifiable_privileged)
return (const char**) h->self_modifiable_privileged;
return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
return (const char**) h->self_modifiable_privileged ?: (const char**) default_fields;
}
static int remove_self_modifiable_json_fields_common(UserRecord *current, sd_json_variant **target) {

View File

@ -245,7 +245,7 @@ static int add_vsock_socket(
if (r < 0)
return r;
log_debug("Binding SSH to AF_VSOCK vsock::22.\n"
log_info("Binding SSH to AF_VSOCK vsock::22.\n"
"→ connect via 'ssh vsock/%u' from host", local_cid);
return 0;
}
@ -280,7 +280,7 @@ static int add_local_unix_socket(
if (r < 0)
return r;
log_debug("Binding SSH to AF_UNIX socket /run/ssh-unix-local/socket.\n"
log_info("Binding SSH to AF_UNIX socket /run/ssh-unix-local/socket.\n"
"→ connect via 'ssh .host' locally");
return 0;
}
@ -336,7 +336,7 @@ static int add_export_unix_socket(
if (r < 0)
return r;
log_debug("Binding SSH to AF_UNIX socket /run/host/unix-export/ssh\n"
log_info("Binding SSH to AF_UNIX socket /run/host/unix-export/ssh\n"
"→ connect via 'ssh unix/run/systemd/nspawn/unix-export/\?\?\?/ssh' from host");
return 0;
@ -387,7 +387,7 @@ static int add_extra_sockets(
if (r < 0)
return r;
log_debug("Binding SSH to socket %s.", *i);
log_info("Binding SSH to socket %s.", *i);
n++;
}
@ -462,7 +462,7 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
_cleanup_free_ char *sshd_binary = NULL;
r = find_executable("sshd", &sshd_binary);
if (r == -ENOENT) {
log_debug("Disabling SSH generator logic, since sshd is not installed.");
log_info("Disabling SSH generator logic, since sshd is not installed.");
return 0;
}
if (r < 0)

View File

@ -724,7 +724,7 @@ static void print_status_info(
printf(" Tasks: %" PRIu64, i->tasks_current);
if (i->tasks_max != UINT64_MAX)
printf("%s (limit: %" PRIu64 ")%s\n", ansi_grey(), i->tasks_max, ansi_normal());
printf(" (limit: %" PRIu64 ")\n", i->tasks_max);
else
printf("\n");
}

View File

@ -105,9 +105,9 @@ int main(void) {
}
for (j = 0; symbols_from_source[j].name; j++) {
struct symbol *n = bsearch(symbols_from_source+j, symbols_from_sym, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback);
struct symbol*n = bsearch(symbols_from_source+j, symbols_from_source, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback);
if (!n)
printf("Found in sources, but not in symbol file: %s\\n", symbols_from_source[j].name);
printf("Found in sources, but not in symbol file: %s\\n", symbols_from_source[i].name);
}
return i == j ? EXIT_SUCCESS : EXIT_FAILURE;

View File

@ -7,26 +7,24 @@ TEST(audit_loginuid_from_pid) {
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
int r;
ASSERT_OK(pidref_set_self(&self));
ASSERT_OK(pidref_set_pid(&pid1, 1));
assert_se(pidref_set_self(&self) >= 0);
assert_se(pidref_set_pid(&pid1, 1) >= 0);
uid_t uid;
r = audit_loginuid_from_pid(&self, &uid);
if (r != -ENODATA)
ASSERT_OK(r);
assert_se(r >= 0 || r == -ENODATA);
if (r >= 0)
log_info("self audit login uid: " UID_FMT, uid);
ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA);
assert_se(audit_loginuid_from_pid(&pid1, &uid) == -ENODATA);
uint32_t sessionid;
r = audit_session_from_pid(&self, &sessionid);
if (r != -ENODATA)
ASSERT_OK(r);
assert_se(r >= 0 || r == -ENODATA);
if (r >= 0)
log_info("self audit session id: %" PRIu32, sessionid);
ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA);
assert_se(audit_session_from_pid(&pid1, &sessionid) == -ENODATA);
}
static int intro(void) {

View File

@ -9,7 +9,7 @@
({ \
typeof(ret) _r = (ret); \
user_record_unref(*_r); \
assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(SD_JSON_BUILD_PAIR_STRING("disposition", "regular"), __VA_ARGS__)) >= 0); \
assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(__VA_ARGS__)) >= 0); \
0; \
})

View File

@ -363,7 +363,7 @@ def test_config_priority(tmp_path):
assert opts.pcr_public_keys == ['PKEY2', 'some/path8']
assert opts.pcr_banks == ['SHA1', 'SHA256']
assert opts.signing_engine == 'ENGINE'
assert opts.signtool == 'sbsign' # from args
assert opts.signtool == ukify.SbSign # from args
assert opts.sb_key == 'SBKEY' # from args
assert opts.sb_cert == pathlib.Path('SBCERT') # from args
assert opts.sb_certdir == 'some/path5' # from config

View File

@ -267,7 +267,7 @@ class UkifyConfig:
signing_engine: Optional[str]
signing_provider: Optional[str]
certificate_provider: Optional[str]
signtool: Optional[str]
signtool: Optional[type['SignTool']]
splash: Optional[Path]
stub: Path
summary: bool
@ -466,17 +466,6 @@ class SignTool:
def verify(opts: UkifyConfig) -> bool:
raise NotImplementedError()
@staticmethod
def from_string(name) -> type['SignTool']:
if name == 'pesign':
return PeSign
elif name == 'sbsign':
return SbSign
elif name == 'systemd-sbsign':
return SystemdSbSign
else:
raise ValueError(f'Invalid sign tool: {name!r}')
class PeSign(SignTool):
@staticmethod
@ -1152,16 +1141,15 @@ def make_uki(opts: UkifyConfig) -> None:
if opts.linux and sign_args_present:
assert opts.signtool is not None
signtool = SignTool.from_string(opts.signtool)
if not sign_kernel:
# figure out if we should sign the kernel
sign_kernel = signtool.verify(opts)
sign_kernel = opts.signtool.verify(opts)
if sign_kernel:
linux_signed = tempfile.NamedTemporaryFile(prefix='linux-signed')
linux = Path(linux_signed.name)
signtool.sign(os.fspath(opts.linux), os.fspath(linux), opts=opts)
opts.signtool.sign(os.fspath(opts.linux), os.fspath(linux), opts=opts)
if opts.uname is None and opts.linux is not None:
print('Kernel version not specified, starting autodetection 😖.')
@ -1322,9 +1310,7 @@ def make_uki(opts: UkifyConfig) -> None:
if sign_args_present:
assert opts.signtool is not None
signtool = SignTool.from_string(opts.signtool)
signtool.sign(os.fspath(unsigned_output), os.fspath(opts.output), opts)
opts.signtool.sign(os.fspath(unsigned_output), os.fspath(opts.output), opts)
# We end up with no executable bits, let's reapply them
os.umask(umask := os.umask(0))
@ -1677,6 +1663,26 @@ class ConfigItem:
return (section_name, key, value)
class SignToolAction(argparse.Action):
def __call__(
self,
parser: argparse.ArgumentParser,
namespace: argparse.Namespace,
values: Union[str, Sequence[Any], None] = None,
option_string: Optional[str] = None,
) -> None:
if values is None:
setattr(namespace, 'signtool', None)
elif values == 'sbsign':
setattr(namespace, 'signtool', SbSign)
elif values == 'pesign':
setattr(namespace, 'signtool', PeSign)
elif values == 'systemd-sbsign':
setattr(namespace, 'signtool', SystemdSbSign)
else:
raise ValueError(f"Unknown signtool '{values}' (this is unreachable)")
VERBS = ('build', 'genkey', 'inspect')
CONFIG_ITEMS = [
@ -1850,6 +1856,7 @@ CONFIG_ITEMS = [
ConfigItem(
'--signtool',
choices=('sbsign', 'pesign', 'systemd-sbsign'),
action=SignToolAction,
dest='signtool',
help=(
'whether to use sbsign or pesign. It will also be inferred by the other '
@ -2166,24 +2173,24 @@ def finalize_options(opts: argparse.Namespace) -> None:
)
elif bool(opts.sb_key) and bool(opts.sb_cert):
# both param given, infer sbsign and in case it was given, ensure signtool=sbsign
if opts.signtool and opts.signtool not in ('sbsign', 'systemd-sbsign'):
if opts.signtool and opts.signtool not in (SbSign, SystemdSbSign):
raise ValueError(
f'Cannot provide --signtool={opts.signtool} with --secureboot-private-key= and --secureboot-certificate=' # noqa: E501
)
if not opts.signtool:
opts.signtool = 'sbsign'
opts.signtool = SbSign
elif bool(opts.sb_cert_name):
# sb_cert_name given, infer pesign and in case it was given, ensure signtool=pesign
if opts.signtool and opts.signtool != 'pesign':
if opts.signtool and opts.signtool != PeSign:
raise ValueError(
f'Cannot provide --signtool={opts.signtool} with --secureboot-certificate-name='
)
opts.signtool = 'pesign'
opts.signtool = PeSign
if opts.signing_provider and opts.signtool != 'systemd-sbsign':
if opts.signing_provider and opts.signtool != SystemdSbSign:
raise ValueError('--signing-provider= can only be used with--signtool=systemd-sbsign')
if opts.certificate_provider and opts.signtool != 'systemd-sbsign':
if opts.certificate_provider and opts.signtool != SystemdSbSign:
raise ValueError('--certificate-provider= can only be used with--signtool=systemd-sbsign')
if opts.sign_kernel and not opts.sb_key and not opts.sb_cert_name:

View File

@ -23,7 +23,6 @@
#include "user-util.h"
#include "userdb.h"
#include "verbs.h"
#include "virt.h"
static enum {
OUTPUT_CLASSIC,
@ -140,16 +139,10 @@ static int show_user(UserRecord *ur, Table *table) {
return 0;
}
static bool test_show_mapped(void) {
/* Show mapped user range only in environments where user mapping is a thing. */
return running_in_userns() > 0;
}
static const struct {
uid_t first, last;
const char *name;
UserDisposition disposition;
bool (*test)(void);
} uid_range_table[] = {
{
.first = 1,
@ -182,12 +175,11 @@ static const struct {
.last = MAP_UID_MAX,
.name = "mapped",
.disposition = USER_REGULAR,
.test = test_show_mapped,
},
};
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
int r, n_added = 0;
int r;
assert(table);
@ -200,9 +192,6 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " users ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -260,11 +249,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same UID */
if (r < 0)
return table_log_add_error(r);
n_added += 2;
}
return n_added;
return ELEMENTSOF(uid_range_table) * 2;
}
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
@ -578,22 +565,16 @@ static int show_group(GroupRecord *gr, Table *table) {
}
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
int r, n_added = 0;
int r;
assert(table);
FOREACH_ELEMENT(i, uid_range_table) {
_cleanup_free_ char *name = NULL, *comment = NULL;
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
continue;
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " groups ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -645,11 +626,9 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same GID */
if (r < 0)
return table_log_add_error(r);
n_added += 2;
}
return n_added;
return ELEMENTSOF(uid_range_table) * 2;
}
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {

View File

@ -2182,10 +2182,6 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
(void) sd_event_add_signal(event, NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, NULL);
r = sd_event_add_memory_pressure(event, NULL, NULL, NULL);
if (r < 0)
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
/* Exit when the child exits */
(void) event_add_child_pidref(event, NULL, &child_pidref, WEXITED, on_child_exit, NULL);

View File

@ -0,0 +1,18 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Name=router-low
[Network]
IPv6AcceptRA=no
IPv6SendRA=yes
[IPv6SendRA]
# changed from low to high
RouterPreference=high
EmitDNS=no
EmitDomains=no
[IPv6Prefix]
Prefix=2002:da8:1:98::/64
PreferredLifetimeSec=1000s
ValidLifetimeSec=2100s

View File

@ -0,0 +1,18 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Name=router-high
[Network]
IPv6AcceptRA=no
IPv6SendRA=yes
[IPv6SendRA]
# changed from high to low
RouterPreference=low
EmitDNS=no
EmitDomains=no
[IPv6Prefix]
Prefix=2002:da8:1:99::/64
PreferredLifetimeSec=1000s
ValidLifetimeSec=2100s

View File

@ -6391,27 +6391,6 @@ class NetworkdRATests(unittest.TestCase, Utilities):
self.check_ipv6_sysctl_attr('client', 'hop_limit', '43')
def check_router_preference(self, suffix, metric_1, preference_1, metric_2, preference_2):
self.wait_online('client:routable')
self.wait_address('client', f'2002:da8:1:99:1034:56ff:fe78:9a{suffix}/64', ipv='-6', timeout_sec=10)
self.wait_address('client', f'2002:da8:1:98:1034:56ff:fe78:9a{suffix}/64', ipv='-6', timeout_sec=10)
self.wait_route('client', rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric {metric_1}', ipv='-6', timeout_sec=10)
self.wait_route('client', rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric {metric_2}', ipv='-6', timeout_sec=10)
print('### ip -6 route show dev client default')
output = check_output('ip -6 route show dev client default')
print(output)
self.assertRegex(output, rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric {metric_1} expires [0-9]*sec pref {preference_1}')
self.assertRegex(output, rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric {metric_2} expires [0-9]*sec pref {preference_2}')
for i in [100, 200, 300, 512, 1024, 2048]:
if i not in [metric_1, metric_2]:
self.assertNotIn(f'metric {i} ', output)
for i in ['low', 'medium', 'high']:
if i not in [preference_1, preference_2]:
self.assertNotIn(f'pref {i}', output)
def test_router_preference(self):
copy_network_unit('25-veth-client.netdev',
'25-veth-router-high.netdev',
@ -6430,47 +6409,72 @@ class NetworkdRATests(unittest.TestCase, Utilities):
networkctl_reconfigure('client')
self.wait_online('client:routable')
self.check_router_preference('00', 512, 'high', 2048, 'low')
# change the map from preference to metric.
self.wait_address('client', '2002:da8:1:99:1034:56ff:fe78:9a00/64', ipv='-6', timeout_sec=10)
self.wait_address('client', '2002:da8:1:98:1034:56ff:fe78:9a00/64', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 512', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 2048', ipv='-6', timeout_sec=10)
print('### ip -6 route show dev client default')
output = check_output('ip -6 route show dev client default')
print(output)
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 512 expires [0-9]*sec pref high')
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 2048 expires [0-9]*sec pref low')
with open(os.path.join(network_unit_dir, '25-veth-client.network'), mode='a', encoding='utf-8') as f:
f.write('\n[Link]\nMACAddress=12:34:56:78:9a:01\n[IPv6AcceptRA]\nRouteMetric=100:200:300\n')
networkctl_reload()
self.check_router_preference('01', 100, 'high', 300, 'low')
self.wait_online('client:routable')
self.wait_address('client', '2002:da8:1:99:1034:56ff:fe78:9a01/64', ipv='-6', timeout_sec=10)
self.wait_address('client', '2002:da8:1:98:1034:56ff:fe78:9a01/64', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 100', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 300', ipv='-6', timeout_sec=10)
print('### ip -6 route show dev client default')
output = check_output('ip -6 route show dev client default')
print(output)
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 100 expires [0-9]*sec pref high')
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 300 expires [0-9]*sec pref low')
self.assertNotIn('metric 512', output)
self.assertNotIn('metric 2048', output)
# swap the preference (for issue #28439)
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
f.write('\n[IPv6SendRA]\nRouterPreference=low\n')
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
f.write('\n[IPv6SendRA]\nRouterPreference=high\n')
remove_network_unit('25-veth-router-high.network', '25-veth-router-low.network')
copy_network_unit('25-veth-router-high2.network', '25-veth-router-low2.network')
networkctl_reload()
self.check_router_preference('01', 300, 'low', 100, 'high')
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 300', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 100', ipv='-6', timeout_sec=10)
print('### ip -6 route show dev client default')
output = check_output('ip -6 route show dev client default')
print(output)
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 300 expires [0-9]*sec pref low')
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 100 expires [0-9]*sec pref high')
self.assertNotRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 100')
self.assertNotRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 300')
self.assertNotIn('metric 512', output)
self.assertNotIn('metric 2048', output)
# Use the same preference, and check if the two routes are not coalesced. See issue #33470.
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
with open(os.path.join(network_unit_dir, '25-veth-router-high2.network'), mode='a', encoding='utf-8') as f:
f.write('\n[IPv6SendRA]\nRouterPreference=medium\n')
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
with open(os.path.join(network_unit_dir, '25-veth-router-low2.network'), mode='a', encoding='utf-8') as f:
f.write('\n[IPv6SendRA]\nRouterPreference=medium\n')
networkctl_reload()
self.check_router_preference('01', 200, 'medium', 200, 'medium')
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 200', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 200', ipv='-6', timeout_sec=10)
# Use route options to configure default routes.
# The preference specified in the RA header should be ignored. See issue #33468.
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
f.write('\n[IPv6SendRA]\nRouterPreference=high\n[IPv6RoutePrefix]\nRoute=::/0\nLifetimeSec=1200\n')
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
f.write('\n[IPv6SendRA]\nRouterPreference=low\n[IPv6RoutePrefix]\nRoute=::/0\nLifetimeSec=1200\n')
networkctl_reload()
self.check_router_preference('01', 200, 'medium', 200, 'medium')
# Set zero lifetime to the route options.
# The preference specified in the RA header should be used.
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
f.write('LifetimeSec=0\n')
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
f.write('LifetimeSec=0\n')
networkctl_reload()
self.check_router_preference('01', 100, 'high', 300, 'low')
print('### ip -6 route show dev client default')
output = check_output('ip -6 route show dev client default')
print(output)
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 200 expires [0-9]*sec pref medium')
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 200 expires [0-9]*sec pref medium')
self.assertNotIn('pref high', output)
self.assertNotIn('pref low', output)
self.assertNotIn('metric 512', output)
self.assertNotIn('metric 2048', output)
def _test_ndisc_vs_static_route(self, manage_foreign_nexthops):
if not manage_foreign_nexthops:

View File

@ -1,20 +0,0 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -eux
set -o pipefail
# shellcheck source=test/units/util.sh
. "$(dirname "$0")"/util.sh
(! systemd-run --wait -p DynamicUser=yes \
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
-p WorkingDirectory='~' true)
assert_eq "$(systemd-run --pipe --uid=root -p WorkingDirectory='~' pwd)" "/root"
assert_eq "$(systemd-run --pipe --uid=nobody -p WorkingDirectory='~' pwd)" "/"
assert_eq "$(systemd-run --pipe --uid=testuser -p WorkingDirectory='~' pwd)" "/home/testuser"
(! systemd-run --wait -p DynamicUser=yes -p User=testuser \
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
-p WorkingDirectory='~' true)

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
{% if LINK_SHELL_EXTRA_DROPIN %}
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
{% if LINK_SSH_PROXY_DROPIN %}
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
# Copy systemd-stub provided metadata such as PCR signature and public key file
# from initrd into /run/, so that it will survive the initrd stage

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
{% if LINK_SSHD_USERDB_DROPIN %}
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
d /etc/credstore 0700 root root
d /etc/credstore.encrypted 0700 root root

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
L /etc/os-release - - - - ../usr/lib/os-release
L+ /etc/mtab - - - - ../proc/self/mounts

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
Q /home 0755 - - -
q /srv 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
# Set the NOCOW attribute for directories of journal files. This flag
# is inherited by their new files and sub-directories. Matters only

View File

@ -5,28 +5,26 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
# The functionality provided by these files and directories has been replaced
# by newer interfaces. Their use is discouraged on legacy-free systems. This
# configuration is provided to maintain backward compatibility.
# These files are considered legacy and are unnecessary on legacy-free
# systems.
d /run/lock 0755 root root -
L /var/lock - - - - ../run/lock
{% if HAVE_SYSV_COMPAT %}
{% if CREATE_LOG_DIRS %}
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
{% endif %}
# /run/lock/subsys is used for serializing SysV service execution, and
# hence without use on SysV-less systems.
d /run/lock/subsys 0755 root root -
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
# 'quotacheck.mode=force'
r! /forcefsck
r! /fastboot
r! /forcequotacheck
{% endif %}

View File

@ -35,7 +35,7 @@ in_files = [
['20-systemd-stub.conf', 'ENABLE_EFI'],
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
['etc.conf'],
['legacy.conf'],
['legacy.conf', 'HAVE_SYSV_COMPAT'],
['static-nodes-permissions.conf'],
['systemd.conf'],
['var.conf'],

View File

@ -1,4 +1,4 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
Q /var/lib/portables 0700

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
# Provision additional login messages from credentials, if they are set. Note
# that these lines are NOPs if the credentials are not set or if the files

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
d$ /run/systemd/netif 0755 systemd-network systemd-network -
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
Q /var/lib/machines 0700 - - -

View File

@ -5,6 +5,6 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
# Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-*

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
d /run/user 0755 root root -
{% if ENABLE_UTMP %}

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
# Clear tmp directories separately, to make them easier to override
q /tmp 1777 root root 10d

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
q /var 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details.
# See tmpfiles.d(5) for details
# Make sure these are created by default so that nobody else can
# or empty them at startup

View File

@ -16,7 +16,6 @@ ConditionDirectoryNotEmpty=|/run/confexts
ConditionDirectoryNotEmpty=|/var/lib/confexts
ConditionDirectoryNotEmpty=|/usr/local/lib/confexts
ConditionDirectoryNotEmpty=|/usr/lib/confexts
ConditionDirectoryNotEmpty=|/.extra/confext
DefaultDependencies=no
After=local-fs.target