Compare commits

..

6 Commits

Author SHA1 Message Date
Yu Watanabe 1b97c5cba5 udevadm: ignore -ENODEV on trigger
The commit 88da55e28b erroneously makes
`udevadm trigger` treat -ENODEV error critical.
This makes -ENODEV ignored again.

Fixes #17250.
2020-10-06 08:25:54 +02:00
Michal Suchanek 3224e38bb6 basic/virt: Detect PowerVM hypervisor
Currently systemd-detect-virt fails to detect running under PowerVM.

Add code to detect PowerVM based on code in util-linux.

Signed-off-by: Michal Suchanek <msuchanek@suse.de>
2020-10-06 08:24:12 +02:00
Zbigniew Jędrzejewski-Szmek bf645844f7
Merge pull request #17251 from keszybz/two-man-pages-tweaks
The remaining man page issues listed in #17177
2020-10-06 07:57:53 +02:00
Zbigniew Jędrzejewski-Szmek 41b6ae4da3 man: reword description of KillOnlyUsers=/KillExcludeUsers=
Fixes #17177.
2020-10-05 17:56:28 +02:00
Zbigniew Jędrzejewski-Szmek e6fd398d61 man: reword the descriptions of VXLAN DestinationPort= and PortRange=
The usual: "empty string" is meaningless in this context. We are not assigning
DestinationPort="". Just say "unset".

Fixes #17240.
2020-10-05 14:23:40 +02:00
Zbigniew Jędrzejewski-Szmek e0c60bf6a0 man: reword of fido2 key derivation
"keyed by" is indeed a bit jargony. Say " a HMAC hash of the salt combined with
an internal secret key" instead.

For #17177.
2020-10-05 14:13:14 +02:00
8 changed files with 36 additions and 27 deletions

View File

@ -357,11 +357,11 @@
<listitem><para>Takes a path to a Linux <literal>hidraw</literal> device
(e.g. <filename>/dev/hidraw1</filename>), referring to a FIDO2 security token implementing the
<literal>hmac-secret</literal> extension, that shall be able to unlock the user account. If used, a
random salt value is generated on the host, which is passed to the FIDO2 device, which calculates a
HMAC hash of it, keyed by its internal secret key. The result is then used as key for unlocking the
user account. The random salt is included in the user record, so that whenever authentication is
needed it can be passed again to the FIDO2 token, to retrieve the actual key.</para>
<literal>hmac-secret</literal> extension that shall be able to unlock the user account. A random salt
value is generated on the host and passed to the FIDO2 device, which calculates a HMAC hash of the
salt using an internal secret key. The result is then used as the key to unlock the user account. The
random salt is included in the user record, so that whenever authentication is needed it can be
passed to the FIDO2 token again.</para>
<para>Instead of a valid path to a FIDO2 <literal>hidraw</literal> device the special strings
<literal>list</literal> and <literal>auto</literal> may be specified. If <literal>list</literal> is

View File

@ -125,16 +125,16 @@
<term><varname>KillOnlyUsers=</varname></term>
<term><varname>KillExcludeUsers=</varname></term>
<listitem><para>These settings take space-separated lists of usernames that override
the <varname>KillUserProcesses=</varname> setting. A user name may be added to
<varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
<varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
is checked next. If this setting is specified, only the session scopes of those users
will be killed. Otherwise, users are subject to the
<varname>KillUserProcesses=yes</varname> setting.</para></listitem>
<listitem><para>These settings take space-separated lists of usernames that override the
<varname>KillUserProcesses=</varname> setting. A user name may be added to
<varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of that user from
being killed even if <varname>KillUserProcesses=yes</varname> is set. If
<varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is excluded by
default. <varname>KillExcludeUsers=</varname> may be set to an empty value to override this
default. If a user is not excluded, <varname>KillOnlyUsers=</varname> is checked next. If this
setting is specified, only the processes in the session scopes of those users will be
killed. Otherwise, users are subject to the <varname>KillUserProcesses=yes</varname> setting.
</para></listitem>
</varlistentry>
<varlistentry>

View File

@ -62,7 +62,7 @@
</thead>
<tbody>
<row>
<entry valign="top" morerows="12">VM</entry>
<entry valign="top" morerows="13">VM</entry>
<entry><varname>qemu</varname></entry>
<entry>QEMU software virtualization, without KVM</entry>
</row>
@ -92,6 +92,11 @@
<entry>Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems), for legacy and KVM hypervisor</entry>
</row>
<row>
<entry><varname>powervm</varname></entry>
<entry>IBM PowerVM hypervisor - comes as firmware with some IBM POWER servers</entry>
</row>
<row>
<entry><varname>xen</varname></entry>
<entry>Xen hypervisor (only domU, not dom0)</entry>

View File

@ -711,20 +711,16 @@
<varlistentry>
<term><varname>DestinationPort=</varname></term>
<listitem>
<para>Configures the default destination UDP port on a per-device basis.
If destination port is not specified then Linux kernel default will be used.
Set destination port 4789 to get the IANA assigned value. If not set or if the
destination port is assigned the empty string the default port of 4789 is used.</para>
<para>Configures the default destination UDP port. If the destination port is not specified then
Linux kernel default will be used. Set to 4789 to get the IANA assigned value.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>PortRange=</varname></term>
<listitem>
<para>Configures VXLAN port range. VXLAN bases source
UDP port based on flow to help the receiver to be able
to load balance based on outer header flow. It
restricts the port range to the normal UDP local
ports, and allows overriding via configuration.</para>
<para>Configures the source port range for the VXLAN. The kernel assigns the source UDP port based
on the flow to help the receiver to do load balancing. When this option is not set, the normal
range of local UDP ports is used.</para>
</listitem>
</varlistentry>
<varlistentry>

View File

@ -1160,6 +1160,7 @@
<literal>vmware</literal>,
<literal>microsoft</literal>,
<literal>oracle</literal>,
<literal>powervm</literal>,
<literal>xen</literal>,
<literal>bochs</literal>,
<literal>uml</literal>,

View File

@ -93,6 +93,11 @@ static int detect_vm_device_tree(void) {
_cleanup_closedir_ DIR *dir = NULL;
struct dirent *dent;
if (access("/proc/device-tree/ibm,partition-name", F_OK) == 0 &&
access("/proc/device-tree/hmc-managed?", F_OK) == 0 &&
access("/proc/device-tree/chosen/qemu,graphic-width", F_OK) != 0)
return VIRTUALIZATION_POWERVM;
dir = opendir("/proc/device-tree");
if (!dir) {
if (errno == ENOENT) {
@ -679,6 +684,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
[VIRTUALIZATION_BHYVE] = "bhyve",
[VIRTUALIZATION_QNX] = "qnx",
[VIRTUALIZATION_ACRN] = "acrn",
[VIRTUALIZATION_POWERVM] = "powervm",
[VIRTUALIZATION_VM_OTHER] = "vm-other",
[VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn",

View File

@ -22,6 +22,7 @@ enum {
VIRTUALIZATION_BHYVE,
VIRTUALIZATION_QNX,
VIRTUALIZATION_ACRN,
VIRTUALIZATION_POWERVM,
VIRTUALIZATION_VM_OTHER,
VIRTUALIZATION_VM_LAST = VIRTUALIZATION_VM_OTHER,

View File

@ -45,12 +45,12 @@ static int exec_list(sd_device_enumerator *e, const char *action, Set **settle_s
r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER);
if (r < 0) {
bool ignore = r == -ENOENT;
bool ignore = IN_SET(r, -ENOENT, -ENODEV);
log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r,
"Failed to write '%s' to '%s'%s: %m",
action, filename, ignore ? ", ignoring" : "");
if (IN_SET(r, -EACCES, -ENODEV, -EROFS))
if (IN_SET(r, -EACCES, -EROFS))
/* Inovoked by unpriviledged user, or read only filesystem. Return earlier. */
return r;
if (ret == 0 && !ignore)