NEWS

@@ -251,7 +251,7 @@ CHANGES WITH 248:
           be restored for individual services with NoExecPaths=/dev (or by allow-
           listing and excluding /dev from ExecPaths=).
 
-        * Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
+        * Permissions for /dev/vsock are now set to 0666, and /dev/vhost-vsock
           and /dev/vhost-net are owned by the kvm group.
 
         * The hardware database has been extended with a list of fingerprint

TODO

@@ -22,11 +22,6 @@ Janitorial Clean-ups:
 
 Features:
 
-* systemd-repart: read LUKS encryption key from $CREDENTIALS_PATH
-
-* introduce /dev/disk/root/* symlinks that allow referencing partitions on the
-  disk the rootfs is on in a reasonably secure way.
-
 * systemd-repart: add a switch to factory reset the partition table without
   immediately applying the new configuration again. i.e. --factory-reset=leave
   or so. (this is useful to factory reset an image, then putting it into

man/systemd.device.xml

@@ -26,10 +26,11 @@
   <refsect1>
     <title>Description</title>
 
-    <para>A unit configuration file whose name ends in <literal>.device</literal> encodes information about a
+    <para>A unit configuration file whose name ends in
-    device unit as exposed in the
+    <literal>.device</literal> encodes information about a device unit
-    sysfs/<citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry> device
+    as exposed in the
-    tree. This may be used to define dependencies between devices and other units.</para>
+    sysfs/<citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+    device tree.</para>
 
     <para>This unit type has no specific options. See
     <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
@@ -39,10 +40,14 @@
     sections. A separate [Device] section does not
     exist, since no device-specific options may be configured.</para>
 
-    <para>systemd will dynamically create device units for all kernel devices that are marked with the
+    <para>systemd will dynamically create device units for all kernel
-    <literal>systemd</literal> udev tag (by default all block and network devices, and a few others). Note
+    devices that are marked with the "systemd" udev tag (by default
-    that <emphasis>if <filename>systemd-udev.service</filename> is not running, no device units will be
+    all block and network devices, and a few others). This may be used
-    available (for example in a typical container)</emphasis>.</para>
+    to define dependencies between devices and other units. To tag a
+    udev device, use <literal>TAG+="systemd"</literal> in the udev
+    rules file, see
+    <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+    for details.</para>
 
     <para>Device units are named after the <filename>/sys/</filename>
     and <filename>/dev/</filename> paths they control. Example: the
@@ -52,10 +57,6 @@
     name see
     <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
 
-    <para>To tag a udev device, use <literal>TAG+="systemd"</literal> in the udev rules file, see
-    <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details.
-    </para>
-
     <para>Device units will be reloaded by systemd whenever the
     corresponding device generates a <literal>changed</literal> event.
     Other units can use <varname>ReloadPropagatedFrom=</varname> to react

shell-completion/bash/systemd-run

@@ -31,20 +31,20 @@ __get_machines() {
 
 _systemd_run() {
     local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
-    local OPTS='--no-ask-password --scope -u --unit -p --property --description --slice --slice-inherit
+    local OPTS='-h --help --version --user --system --scope --unit --description --slice
-                -r --remain-after-exit --send-sighup --service-type --uid --gid --nice
+                -r --remain-after-exit --send-sighup -H --host -M --machine --service-type
-                --working-directory -d --same-dir -E --setenv -t --pty -P --pipe -S --shell -q --quiet
+                --on-active --on-boot --on-startup --on-unit-active --on-unit-inactive
-                --on-active --on-boot --on-startup --on-unit-active --on-unit-inactive --on-calendar
+                --on-calendar --timer-property --path-property --socket-property -t --pty
-                --on-clock-change --on-timezone-change --path-property --socket-property
+                -q --quiet --no-block --uid --gid --nice -E --setenv -p --property
-                --timer-property --no-block --wait -G --collect --user --system -H --host -M --machine
+                --no-ask-password --wait -P --pipe -G --collect --working-directory
-                -h --help --version'
+                -d --same-dir -S --shell'
 
     local mode=--system
     local i
     local opts_with_values=(
-        --unit -p --property --slice --description --service-type --uid --gid --nice --working-directory
+        --unit --description --slice --service-type -H --host -M --machine -p --property --on-active
-        -E --setenv --on-active --on-boot --on-startup --on-unit-active --on-unit-inactive --on-calendar
+        --on-boot --on-startup --on-unit-active --on-unit-inactive --on-calendar --timer-property
-        --path-property --socket-property --timer-property -H --host -M --machine
+        --path-property --socket-property --uid --gid --nice -E --setenv --working-directory
     )
     for (( i=1; i <= COMP_CWORD; i++ )); do
         if [[ ${COMP_WORDS[i]} != -* ]]; then

shell-completion/zsh/_systemd-run

@@ -23,25 +23,13 @@ __systemctl() {
     }
 
 _arguments \
-    {-G,--collect}'[Unload the transient unit after it completed]' \
-    '--description=[Description for unit]:description' \
-    '--gid=[Run as system group]:group:_groups' \
     {-h,--help}'[Show help message]' \
+    '--version[Show package version]' \
+    '--user[Run as user unit]' \
     {-H+,--host=}'[Operate on remote host]:[user@]host:_sd_hosts_or_user_at_host' \
     {-M+,--machine=}'[Operate on local container]:machines:_sd_machines' \
-    '--nice=[Nice level]:nice level' \
+    '--scope[Run this as scope rather than service]' \
-    '--no-ask-password[Do not query the user for authentication]' \
+    '--unit=[Run under the specified unit name]:unit name' \
-    '--no-block[Do not synchronously wait for the unit start operation to finish]' \
-    '--on-active=[Run after SEC seconds]:SEC' \
-    '--on-boot=[Run SEC seconds after machine was booted up]:SEC' \
-    '--on-calendar=[Realtime timer]:SPEC' \
-    '--on-clock-change[Defines a trigger based on system clock jumps]' \
-    '--on-startup=[Run SEC seconds after systemd was first started]:SEC' \
-    '--on-timezone-change[Defines a trigger based on system timezone changes]' \
-    '--on-unit-active=[Run SEC seconds after the last activation]:SEC' \
-    '--on-unit-inactive=[Run SEC seconds after the last deactivation]:SEC' \
-    '--path-property=[Set path unit property]:NAME=VALUE' \
-    {-P,--pipe}'[Inherit standard input, output, and error]' \
     {-p+,--property=}'[Set unit property]:NAME=VALUE:(( \
                 CPUAccounting= MemoryAccounting= BlockIOAccounting= SendSIGHUP= \
                 SendSIGKILL= MemoryLimit= CPUShares= BlockIOWeight= User= Group= \
@@ -57,24 +45,21 @@ _arguments \
                 ReadOnlyPaths= InaccessiblePaths= EnvironmentFile= \
                 ProtectSystem= ProtectHome= RuntimeDirectory= PassEnvironment= \
                 ))' \
-    {-t,--pty}'[The service connects to the terminal]' \
+    '--description=[Description for unit]:description' \
-    {-q,--quiet}'[Suppresses additional informational output]' \
+    '--slice=[Run in the specified slice]:slices:__systemd-run_slices' \
     {-r,--remain-after-exit}'[Leave service around until explicitly stopped]' \
-    {-d,--same-dir}'[Run on the current working directory]' \
-    '--scope[Run this as scope rather than service]' \
     '--send-sighup[Send SIGHUP when terminating]' \
     '--service-type=[Service type]:type:(simple forking oneshot dbus notify idle)' \
-    {-E+,--setenv=}'[Set environment]:NAME=VALUE' \
-    {-S,--shell}'[requests an interactive shell in the current working directory]' \
-    '--slice=[Run in the specified slice]:slices:__systemd-run_slices' \
-    '--slice-inherit[Run in the inherited slice]' \
-    '--socket-property=[Set socket unit property]:NAME=VALUE' \
-    '--system[Run as system unit]' \
-    '--timer-property=[Set timer unit property]:NAME=VALUE' \
     '--uid=[Run as system user]:user:_users' \
-    {-u+,--unit=}'[Run under the specified unit name]:unit name' \
+    '--gid=[Run as system group]:group:_groups' \
-    '--user[Run as user unit]' \
+    '--nice=[Nice level]:nice level' \
-    '--version[Show package version]' \
+    '--setenv=[Set environment]:NAME=VALUE' \
+    '--on-active=[Run after SEC seconds]:SEC' \
+    '--on-boot=[Run SEC seconds after machine was booted up]:SEC' \
+    '--on-startup=[Run SEC seconds after systemd was first started]:SEC' \
+    '--on-unit-active=[Run SEC seconds after the last activation]:SEC' \
+    '--on-unit-inactive=[Run SEC seconds after the last deactivation]:SEC' \
+    '--on-calendar=[Realtime timer]:SPEC' \
+    '--timer-property=[Set timer unit property]:NAME=VALUE' \
     '--wait=[Wait until service stopped again]' \
-    '--working-directory=[Run with the specified working directory]' \
     '*::command:_command'

src/basic/log.c

@@ -252,14 +252,11 @@ int log_open(void) {
 
         /* Do not call from library code. */
 
-        /* This function is often called in preparation for logging. Let's make sure we don't clobber errno,
+        /* If we don't use the console we close it here, to not get
-         * so that a call to a logging function immediately following a log_open() call can still easily
+         * killed by SAK. If we don't use syslog we close it here so
-         * reference an error that happened immediately before the log_open() call. */
+         * that we are not confused by somebody deleting the socket in
-        PROTECT_ERRNO;
+         * the fs, and to make sure we don't use it if prohibit_ipc is
-
+         * set. If we don't use /dev/kmsg we still keep it open,
-        /* If we don't use the console, we close it here to not get killed by SAK. If we don't use syslog, we
-         * close it here too, so that we are not confused by somebody deleting the socket in the fs, and to
-         * make sure we don't use it if prohibit_ipc is set. If we don't use /dev/kmsg we still keep it open,
          * because there is no reason to close it. */
 
         if (log_target == LOG_TARGET_NULL) {

src/basic/process-util.c

@@ -1467,11 +1467,7 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret
 
         /* Spawns a temporary TTY agent, making sure it goes away when we go away */
 
-        r = safe_fork_full(name,
+        r = safe_fork_full(name, except, n_except, FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS, ret_pid);
-                           except,
-                           n_except,
-                           FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG,
-                           ret_pid);
         if (r < 0)
                 return r;
         if (r > 0)

src/home/homed-home.c

@@ -1007,7 +1007,7 @@ static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord
 
         r = safe_fork_full("(sd-homework)",
                            (int[]) { stdin_fd, stdout_fd }, 2,
-                           FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_REOPEN_LOG, &pid);
+                           FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG, &pid);
         if (r < 0)
                 return r;
         if (r == 0) {
@@ -1838,9 +1838,7 @@ int home_killall(Home *h) {
         assert(h->uid > 0); /* We never should be UID 0 */
 
         /* Let's kill everything matching the specified UID */
-        r = safe_fork("(sd-killer)",
+        r = safe_fork("(sd-killer)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG, NULL);
-                      FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
-                      NULL);
         if (r < 0)
                 return r;
         if (r == 0) {

src/home/homework-fscrypt.c

@@ -324,9 +324,7 @@ int home_prepare_fscrypt(
         /* Also install the access key in the user's own keyring */
 
         if (uid_is_valid(h->uid)) {
-                r = safe_fork("(sd-addkey)",
+                r = safe_fork("(sd-addkey)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
-                              FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_REOPEN_LOG,
-                              NULL);
                 if (r < 0)
                         return log_error_errno(r, "Failed install encryption key in user's keyring: %m");
                 if (r == 0) {

src/home/homework-luks.c

@@ -199,15 +199,12 @@ static int run_fsck(const char *node, const char *fstype) {
                 return 0;
         }
 
-        r = safe_fork("(fsck)",
+        r = safe_fork("(fsck)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &fsck_pid);
-                      FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
-                      &fsck_pid);
         if (r < 0)
                 return r;
         if (r == 0) {
                 /* Child */
                 execl("/sbin/fsck", "/sbin/fsck", "-aTl", node, NULL);
-                log_open();
                 log_error_errno(errno, "Failed to execute fsck: %m");
                 _exit(FSCK_OPERATIONAL_ERROR);
         }
@@ -2354,15 +2351,12 @@ static int ext4_offline_resize_fs(HomeSetup *setup, uint64_t new_size, bool disc
         log_info("Temporary unmounting of file system completed.");
 
         /* resize2fs requires that the file system is force checked first, do so. */
-        r = safe_fork("(e2fsck)",
+        r = safe_fork("(e2fsck)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &fsck_pid);
-                      FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
-                      &fsck_pid);
         if (r < 0)
                 return r;
         if (r == 0) {
                 /* Child */
                 execlp("e2fsck" ,"e2fsck", "-fp", setup->dm_node, NULL);
-                log_open();
                 log_error_errno(errno, "Failed to execute e2fsck: %m");
                 _exit(EXIT_FAILURE);
         }
@@ -2386,15 +2380,12 @@ static int ext4_offline_resize_fs(HomeSetup *setup, uint64_t new_size, bool disc
                 return log_oom();
 
         /* Resize the thing */
-        r = safe_fork("(e2resize)",
+        r = safe_fork("(e2resize)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR, &resize_pid);
-                      FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
-                      &resize_pid);
         if (r < 0)
                 return r;
         if (r == 0) {
                 /* Child */
                 execlp("resize2fs" ,"resize2fs", setup->dm_node, size_str, NULL);
-                log_open();
                 log_error_errno(errno, "Failed to execute resize2fs: %m");
                 _exit(EXIT_FAILURE);
         }

src/login/logind-brightness.c

@@ -137,7 +137,7 @@ static int brightness_writer_fork(BrightnessWriter *w) {
         assert(w->child == 0);
         assert(!w->child_event_source);
 
-        r = safe_fork("(sd-bright)", FORK_DEATHSIG|FORK_NULL_STDIO|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_REOPEN_LOG, &w->child);
+        r = safe_fork("(sd-bright)", FORK_DEATHSIG|FORK_NULL_STDIO|FORK_CLOSE_ALL_FDS|FORK_LOG, &w->child);
         if (r < 0)
                 return r;
         if (r == 0) {

src/resolve/resolved-dns-query.c

@@ -433,14 +433,6 @@ int dns_query_new(
         } else {
                 bool good = false;
 
-                /* This (primarily) checks two things:
-                 *
-                 * 1. That the question is not empty
-                 * 2. That all RR keys in the question objects are for the same domain
-                 *
-                 * Or in other words, a single DnsQuery object may be used to look up A+AAAA combination for
-                 * the same domain name, or SRV+TXT (for DNS-SD services), but not for unrelated lookups. */
-
                 if (dns_question_size(question_utf8) > 0) {
                         r = dns_question_is_valid_for_query(question_utf8);
                         if (r < 0)
@@ -990,12 +982,12 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
         r = dns_question_cname_redirect(q->question_idna, cname, &nq_idna);
         if (r < 0)
                 return r;
-        if (r > 0)
+        else if (r > 0)
                 log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q->question_idna), dns_question_first_name(nq_idna));
 
         k = dns_question_is_equal(q->question_idna, q->question_utf8);
         if (k < 0)
-                return k;
+                return r;
         if (k > 0) {
                 /* Same question? Shortcut new question generation */
                 nq_utf8 = dns_question_ref(nq_idna);
@@ -1004,7 +996,7 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
                 k = dns_question_cname_redirect(q->question_utf8, cname, &nq_utf8);
                 if (k < 0)
                         return k;
-                if (k > 0)
+                else if (k > 0)
                         log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q->question_utf8), dns_question_first_name(nq_utf8));
         }
 
@@ -1040,8 +1032,6 @@ int dns_query_process_cname(DnsQuery *q) {
         _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *cname = NULL;
         DnsQuestion *question;
         DnsResourceRecord *rr;
-        bool full_match = true;
-        DnsResourceKey *k;
         int r;
 
         assert(q);
@@ -1051,44 +1041,13 @@ int dns_query_process_cname(DnsQuery *q) {
 
         question = dns_query_question_for_protocol(q, q->answer_protocol);
 
-        /* Small reminder: our question will consist of one or more RR keys that match in name, but not in
-         * record type. Specifically, when we do an address lookup the question will typically consist of one
-         * A and one AAAA key lookup for the same domain name. When we get a response from a server we need
-         * to check if the answer answers all our questions to use it. Note that a response of CNAME/DNAME
-         * can answer both an A and the AAAA question for us, but an A/AAAA response only the relevant
-         * type.
-         *
-         * Hence we first check of the answers we collected are sufficient to answer all our questions
-         * directly. If one question wasn't answered we go on, waiting for more replies. However, if there's
-         * a CNAME/DNAME response we use it, and redirect to it, regardless if it was a response to the A or
-         * the AAAA query.*/
-
-        DNS_QUESTION_FOREACH(k, question) {
-                bool match = false;
-
-                DNS_ANSWER_FOREACH(rr, q->answer) {
-                        r = dns_resource_key_match_rr(k, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
-                        if (r < 0)
-                                return r;
-                        if (r > 0) {
-                                match = true; /* Yay, we found an RR that matches the key we are looking for */
-                                break;
-                        }
-                }
-
-                if (!match) {
-                        /* Hmm. :-( there's no response for this key. This doesn't match. */
-                        full_match = false;
-                        break;
-                }
-        }
-
-        if (full_match)
-                return DNS_QUERY_MATCH; /* The answer can answer our question in full, no need to follow CNAMEs/DNAMEs */
-
-        /* Let's see if there is a CNAME/DNAME to match. This case is simpler: we accept the CNAME/DNAME that
-         * matches any of our questions. */
         DNS_ANSWER_FOREACH(rr, q->answer) {
+                r = dns_question_matches_rr(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
+                if (r < 0)
+                        return r;
+                if (r > 0)
+                        return DNS_QUERY_MATCH; /* The answer matches directly, no need to follow cnames */
+
                 r = dns_question_matches_cname_or_dname(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
                 if (r < 0)
                         return r;
@@ -1097,7 +1056,7 @@ int dns_query_process_cname(DnsQuery *q) {
         }
 
         if (!cname)
-                return DNS_QUERY_NOMATCH; /* No match and no CNAME/DNAME to follow */
+                return DNS_QUERY_NOMATCH; /* No match and no cname to follow */
 
         if (q->flags & SD_RESOLVED_NO_CNAME)
                 return -ELOOP;

src/resolve/resolved-dns-query.h

@@ -45,14 +45,7 @@ struct DnsQuery {
          * that even on classic DNS some labels might use UTF8 encoding. Specifically, DNS-SD service names
          * (in contrast to their domain suffixes) use UTF-8 encoding even on DNS. Thus, the difference
          * between these two fields is mostly relevant only for explicit *hostname* lookups as well as the
-         * domain suffixes of service lookups.
+         * domain suffixes of service lookups. */
-         *
-         * Note that questions may consist of multiple RR keys at once, but they must be for the same domain
-         * name. This is used for A+AAAA and TXT+SRV lookups: we'll allocate a single DnsQuery object for
-         * them instead of two separate ones. That allows us minor optimizations with response handling:
-         * CNAME/DNAMEs of the first reply we get can already be used to follow the CNAME/DNAME chain for
-         * both, and we can take benefit of server replies that oftentimes put A responses into AAAA queries
-         * and vice versa (in the additional section). */
         DnsQuestion *question_idna;
         DnsQuestion *question_utf8;
 

src/shared/dissect-image.c

@@ -1287,7 +1287,6 @@ static int run_fsck(const char *node, const char *fstype) {
         if (r == 0) {
                 /* Child */
                 execl("/sbin/fsck", "/sbin/fsck", "-aT", node, NULL);
-                log_open();
                 log_debug_errno(errno, "Failed to execl() fsck: %m");
                 _exit(FSCK_OPERATIONAL_ERROR);
         }