Compare commits

..

No commits in common. "a4df0c004a0e42dfbad02e9595420fcef3965b85" and "c2892a244c82ee142089f8fb7848547dada4ed32" have entirely different histories.

11 changed files with 56 additions and 57 deletions

View File

@ -381,17 +381,11 @@ sensor:modalias:acpi:BMA250*:dmi:*:bvritWORKS.G.WI71C.JGBMRB*:*:svnInsyde:pni71c
ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1 ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
######################################### #########################################
# Irbis # Irbis TW90
######################################### #########################################
#TW90
sensor:modalias:acpi:BOSC0200*:dmi:*:svnIRBIS:pnTW90:* sensor:modalias:acpi:BOSC0200*:dmi:*:svnIRBIS:pnTW90:*
ACCEL_MOUNT_MATRIX=0, 1, 0; -1, 0, 0; 0, 0, 1 ACCEL_MOUNT_MATRIX=0, 1, 0; -1, 0, 0; 0, 0, 1
#TW118
sensor:modalias:acpi:BOSC0200*:dmi:*:svnIRBIS:pnTW118:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
######################################### #########################################
# iOTA 360 # iOTA 360
######################################### #########################################

View File

@ -172,11 +172,6 @@
<entry><varname>proot</varname></entry> <entry><varname>proot</varname></entry>
<entry><ulink url="https://proot-me.github.io/">proot</ulink> userspace chroot/bind mount emulation</entry> <entry><ulink url="https://proot-me.github.io/">proot</ulink> userspace chroot/bind mount emulation</entry>
</row> </row>
<row>
<entry><varname>pouch</varname></entry>
<entry><ulink url="https://github.com/alibaba/pouch">Pouch</ulink> Container Engine</entry>
</row>
</tbody> </tbody>
</tgroup> </tgroup>
</table> </table>

View File

@ -1169,7 +1169,6 @@
<literal>rkt</literal>, <literal>rkt</literal>,
<literal>wsl</literal>, <literal>wsl</literal>,
<literal>proot</literal>, <literal>proot</literal>,
<literal>pouch</literal>,
<literal>acrn</literal> to test <literal>acrn</literal> to test
against a specific implementation, or against a specific implementation, or
<literal>private-users</literal> to check whether we are running in a user namespace. See <literal>private-users</literal> to check whether we are running in a user namespace. See

View File

@ -27,7 +27,7 @@ int xdg_user_runtime_dir(char **ret, const char *suffix) {
if (!e) if (!e)
return -ENXIO; return -ENXIO;
j = path_join(e, suffix); j = strjoin(e, suffix);
if (!j) if (!j)
return -ENOMEM; return -ENOMEM;
@ -44,7 +44,7 @@ int xdg_user_config_dir(char **ret, const char *suffix) {
e = getenv("XDG_CONFIG_HOME"); e = getenv("XDG_CONFIG_HOME");
if (e) if (e)
j = path_join(e, suffix); j = strjoin(e, suffix);
else { else {
_cleanup_free_ char *home = NULL; _cleanup_free_ char *home = NULL;
@ -52,7 +52,7 @@ int xdg_user_config_dir(char **ret, const char *suffix) {
if (r < 0) if (r < 0)
return r; return r;
j = path_join(home, "/.config", suffix); j = strjoin(home, "/.config", suffix);
} }
if (!j) if (!j)
@ -76,7 +76,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) {
e = getenv("XDG_DATA_HOME"); e = getenv("XDG_DATA_HOME");
if (e) if (e)
j = path_join(e, suffix); j = strjoin(e, suffix);
else { else {
_cleanup_free_ char *home = NULL; _cleanup_free_ char *home = NULL;
@ -84,7 +84,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) {
if (r < 0) if (r < 0)
return r; return r;
j = path_join(home, "/.local/share", suffix); j = strjoin(home, "/.local/share", suffix);
} }
if (!j) if (!j)
return -ENOMEM; return -ENOMEM;

View File

@ -442,7 +442,6 @@ static const char *const container_table[_VIRTUALIZATION_MAX] = {
[VIRTUALIZATION_RKT] = "rkt", [VIRTUALIZATION_RKT] = "rkt",
[VIRTUALIZATION_WSL] = "wsl", [VIRTUALIZATION_WSL] = "wsl",
[VIRTUALIZATION_PROOT] = "proot", [VIRTUALIZATION_PROOT] = "proot",
[VIRTUALIZATION_POUCH] = "pouch",
}; };
DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(container, int); DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(container, int);
@ -680,7 +679,6 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
[VIRTUALIZATION_RKT] = "rkt", [VIRTUALIZATION_RKT] = "rkt",
[VIRTUALIZATION_WSL] = "wsl", [VIRTUALIZATION_WSL] = "wsl",
[VIRTUALIZATION_PROOT] = "proot", [VIRTUALIZATION_PROOT] = "proot",
[VIRTUALIZATION_POUCH] = "pouch",
[VIRTUALIZATION_CONTAINER_OTHER] = "container-other", [VIRTUALIZATION_CONTAINER_OTHER] = "container-other",
}; };

View File

@ -35,7 +35,6 @@ enum {
VIRTUALIZATION_RKT, VIRTUALIZATION_RKT,
VIRTUALIZATION_WSL, VIRTUALIZATION_WSL,
VIRTUALIZATION_PROOT, VIRTUALIZATION_PROOT,
VIRTUALIZATION_POUCH,
VIRTUALIZATION_CONTAINER_OTHER, VIRTUALIZATION_CONTAINER_OTHER,
VIRTUALIZATION_CONTAINER_LAST = VIRTUALIZATION_CONTAINER_OTHER, VIRTUALIZATION_CONTAINER_LAST = VIRTUALIZATION_CONTAINER_OTHER,

View File

@ -44,7 +44,7 @@ static int generate_machine_id(const char *root, sd_id128_t *ret) {
fd = safe_close(fd); fd = safe_close(fd);
} }
if (isempty(root) && running_in_chroot() <= 0) { if (isempty(root)) {
/* If that didn't work, see if we are running in a container, /* If that didn't work, see if we are running in a container,
* and a machine ID was passed in via $container_uuid the way * and a machine ID was passed in via $container_uuid the way
* libvirt/LXC does it */ * libvirt/LXC does it */

View File

@ -2653,31 +2653,6 @@ int main(int argc, char *argv[]) {
goto finish; goto finish;
} }
/* Try to figure out if we can use colors with the console. No need to do that for user instances since
* they never log into the console. */
log_show_color(colors_enabled());
r = make_null_stdio();
if (r < 0)
log_warning_errno(r, "Failed to redirect standard streams to /dev/null, ignoring: %m");
/* Load the kernel modules early. */
if (!skip_setup)
kmod_setup();
/* Mount /proc, /sys and friends, so that /proc/cmdline and /proc/$PID/fd is available. */
r = mount_setup(loaded_policy, skip_setup);
if (r < 0) {
error_message = "Failed to mount API filesystems";
goto finish;
}
/* The efivarfs is now mounted, let's read the random seed off it */
(void) efi_take_random_seed();
/* Cache command-line options passed from EFI variables */
if (!skip_setup)
(void) cache_efi_options_variable();
} else { } else {
/* Running as user instance */ /* Running as user instance */
arg_system = false; arg_system = false;
@ -2693,6 +2668,37 @@ int main(int argc, char *argv[]) {
} }
} }
if (arg_system) {
/* Try to figure out if we can use colors with the console. No need to do that for user instances since
* they never log into the console. */
log_show_color(colors_enabled());
r = make_null_stdio();
if (r < 0)
log_warning_errno(r, "Failed to redirect standard streams to /dev/null, ignoring: %m");
}
/* Mount /proc, /sys and friends, so that /proc/cmdline and /proc/$PID/fd is available. */
if (getpid_cached() == 1) {
/* Load the kernel modules early. */
if (!skip_setup)
kmod_setup();
r = mount_setup(loaded_policy, skip_setup);
if (r < 0) {
error_message = "Failed to mount API filesystems";
goto finish;
}
/* The efivarfs is now mounted, let's read the random seed off it */
(void) efi_take_random_seed();
/* Cache command-line options passed from EFI variables */
if (!skip_setup)
(void) cache_efi_options_variable();
}
/* Save the original RLIMIT_NOFILE/RLIMIT_MEMLOCK so that we can reset it later when /* Save the original RLIMIT_NOFILE/RLIMIT_MEMLOCK so that we can reset it later when
* transitioning from the initrd to the main systemd or suchlike. */ * transitioning from the initrd to the main systemd or suchlike. */
save_rlimits(&saved_rlimit_nofile, &saved_rlimit_memlock); save_rlimits(&saved_rlimit_nofile, &saved_rlimit_memlock);

View File

@ -480,7 +480,7 @@ static int relabel_extra(void) {
#endif #endif
int mount_setup(bool loaded_policy, bool leave_propagation) { int mount_setup(bool loaded_policy, bool leave_propagation) {
int r; int r = 0;
r = mount_points_setup(ELEMENTSOF(mount_table), loaded_policy); r = mount_points_setup(ELEMENTSOF(mount_table), loaded_policy);
if (r < 0) if (r < 0)

View File

@ -3,4 +3,4 @@
#include <sys/types.h> #include <sys/types.h>
int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_list, char **syscall_deny_list); int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_ist, char **syscall_deny_list);

View File

@ -187,7 +187,7 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
} }
int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_action) { int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_action) {
_cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL; scmp_filter_ctx seccomp;
int r; int r;
/* Much like seccomp_init(), but initializes the filter for one specific architecture only, without affecting /* Much like seccomp_init(), but initializes the filter for one specific architecture only, without affecting
@ -202,11 +202,11 @@ int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_
r = seccomp_arch_remove(seccomp, seccomp_arch_native()); r = seccomp_arch_remove(seccomp, seccomp_arch_native());
if (r < 0) if (r < 0)
return r; goto finish;
r = seccomp_arch_add(seccomp, arch); r = seccomp_arch_add(seccomp, arch);
if (r < 0) if (r < 0)
return r; goto finish;
assert(seccomp_arch_exist(seccomp, arch) >= 0); assert(seccomp_arch_exist(seccomp, arch) >= 0);
assert(seccomp_arch_exist(seccomp, SCMP_ARCH_NATIVE) == -EEXIST); assert(seccomp_arch_exist(seccomp, SCMP_ARCH_NATIVE) == -EEXIST);
@ -218,14 +218,18 @@ int seccomp_init_for_arch(scmp_filter_ctx *ret, uint32_t arch, uint32_t default_
r = seccomp_attr_set(seccomp, SCMP_FLTATR_ACT_BADARCH, SCMP_ACT_ALLOW); r = seccomp_attr_set(seccomp, SCMP_FLTATR_ACT_BADARCH, SCMP_ACT_ALLOW);
if (r < 0) if (r < 0)
return r; goto finish;
r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0); r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
if (r < 0) if (r < 0)
return r; goto finish;
*ret = TAKE_PTR(seccomp); *ret = seccomp;
return 0; return 0;
finish:
seccomp_release(seccomp);
return r;
} }
static bool is_basic_seccomp_available(void) { static bool is_basic_seccomp_available(void) {
@ -383,7 +387,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"pidfd_getfd\0" "pidfd_getfd\0"
"ptrace\0" "ptrace\0"
"rtas\0" "rtas\0"
#if defined __s390__ || defined __s390x__ #ifdef __NR_s390_runtime_instr
"s390_runtime_instr\0" "s390_runtime_instr\0"
#endif #endif
"sys_debug_setcontext\0" "sys_debug_setcontext\0"
@ -460,7 +464,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"stat64\0" "stat64\0"
"statfs\0" "statfs\0"
"statfs64\0" "statfs64\0"
#ifdef __NR_statx
"statx\0" "statx\0"
#endif
"symlink\0" "symlink\0"
"symlinkat\0" "symlinkat\0"
"truncate\0" "truncate\0"
@ -706,8 +712,10 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"pciconfig_iobase\0" "pciconfig_iobase\0"
"pciconfig_read\0" "pciconfig_read\0"
"pciconfig_write\0" "pciconfig_write\0"
#if defined __s390__ || defined __s390x__ #ifdef __NR_s390_pci_mmio_read
"s390_pci_mmio_read\0" "s390_pci_mmio_read\0"
#endif
#ifdef __NR_s390_pci_mmio_write
"s390_pci_mmio_write\0" "s390_pci_mmio_write\0"
#endif #endif
}, },