Merge 33319701ca into f6793bbcf0

killall: gracefully handle processes inserted into containers via nsenter -a
"nsenter -a" doesn't migrate the specified process into the target cgroup (it really should). Thus the cgroup will remain in a cgroup that is (due to cgroup ns) outside our visibility. The kernel will report the cgroup path of such cgroups as starting with "/../". Detect that and print a reasonably error message instead of trying to resolve that.
2024-11-20 11:16:45 -08:00 · 2024-11-20 18:11:38 +00:00 · 2024-11-20 18:10:26 +00:00 · 2024-11-20 18:03:44 +00:00 · 2024-11-20 16:48:55 +00:00 · 2024-11-20 17:34:25 +09:00
13 changed files with 196 additions and 52 deletions
--- a/man/veritytab.xml
+++ b/man/veritytab.xml
@ -217,7 +217,10 @@ This is based on crypttab(5).
        <listitem><para>A base64 string encoding the root hash signature prefixed by <literal>base64:</literal> or a
        path to roothash signature file used to verify the root hash (in kernel). This feature requires Linux kernel
-        version 5.4 or more recent.</para>
+        version 5.4 or more recent. Since version 257, if not specified and the data device is in a GPT image with a
        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">
        Discoverable Partitions Specification</ulink> compliant matching signature partition, it will be
        automatically loaded and used.</para>
        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
      </varlistentry>
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@ -803,6 +803,10 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
                if (!path)
                        return -ENOMEM;
                /* Refuse cgroup paths from outside our cgroup namespace */
                if (startswith(path, "/../"))
                        return -EUNATCH;
                /* Truncate suffix indicating the process is a zombie */
                e = endswith(path, " (deleted)");
                if (e)
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@ -102,8 +102,8 @@ int pid_get_comm(pid_t pid, char **ret) {
        _cleanup_free_ char *escaped = NULL, *comm = NULL;
        int r;
        assert(ret);
        assert(pid >= 0);
        assert(ret);
        if (pid == 0 || pid == getpid_cached()) {
                comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
@ -143,6 +143,9 @@ int pidref_get_comm(const PidRef *pid, char **ret) {
        if (!pidref_is_set(pid))
                return -ESRCH;
        if (pidref_is_remote(pid))
                return -EREMOTE;
        r = pid_get_comm(pid->pid, &comm);
        if (r < 0)
                return r;
@ -289,6 +292,9 @@ int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlag
        if (!pidref_is_set(pid))
                return -ESRCH;
        if (pidref_is_remote(pid))
                return -EREMOTE;
        r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
        if (r < 0)
                return r;
@ -331,6 +337,9 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char *
        if (!pidref_is_set(pid))
                return -ESRCH;
        if (pidref_is_remote(pid))
                return -EREMOTE;
        r = pid_get_cmdline_strv(pid->pid, flags, &args);
        if (r < 0)
                return r;
@ -477,6 +486,9 @@ int pidref_is_kernel_thread(const PidRef *pid) {
        if (!pidref_is_set(pid))
                return -ESRCH;
        if (pidref_is_remote(pid))
                return -EREMOTE;
        result = pid_is_kernel_thread(pid->pid);
        if (result < 0)
                return result;
@ -594,6 +606,9 @@ int pidref_get_uid(const PidRef *pid, uid_t *ret) {
        if (!pidref_is_set(pid))
                return -ESRCH;
        if (pidref_is_remote(pid))
                return -EREMOTE;
        r = pid_get_uid(pid->pid, &uid);
        if (r < 0)
                return r;
@ -794,6 +809,9 @@ int pidref_get_start_time(const PidRef *pid, usec_t *ret) {
        if (!pidref_is_set(pid))
                return -ESRCH;
        if (pidref_is_remote(pid))
                return -EREMOTE;
        r = pid_get_start_time(pid->pid, ret ? &t : NULL);
        if (r < 0)
                return r;
@ -1093,6 +1111,9 @@ int pidref_is_my_child(const PidRef *pid) {
        if (!pidref_is_set(pid))
                return -ESRCH;
        if (pidref_is_remote(pid))
                return -EREMOTE;
        result = pid_is_my_child(pid->pid);
        if (result < 0)
                return result;
@ -1128,6 +1149,9 @@ int pidref_is_unwaited(const PidRef *pid) {
        if (!pidref_is_set(pid))
                return -ESRCH;
        if (pidref_is_remote(pid))
                return -EREMOTE;
        if (pid->pid == 1 || pidref_is_self(pid))
                return true;
@ -1169,6 +1193,9 @@ int pidref_is_alive(const PidRef *pidref) {
        if (!pidref_is_set(pidref))
                return -ESRCH;
        if (pidref_is_remote(pidref))
                return -EREMOTE;
        result = pid_is_alive(pidref->pid);
        if (result < 0) {
                assert(result != -ESRCH);
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@ -220,9 +220,9 @@ static int synthesize_user_creds(
                if (ret_gid)
                        *ret_gid = GID_NOBODY;
                if (ret_home)
-                        *ret_home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/";
+                        *ret_home = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : "/";
                if (ret_shell)
-                        *ret_shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN;
+                        *ret_shell = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : NOLOGIN;
                return 0;
        }
@ -244,6 +244,7 @@ int get_user_creds(
        assert(username);
        assert(*username);
        assert((ret_home || ret_shell) || !(flags & (USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_CLEAN)));
        if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
            (!ret_home && !ret_shell)) {
@ -315,17 +316,14 @@ int get_user_creds(
        if (ret_home)
                /* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
-                *ret_home = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
+                *ret_home = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && empty_or_root(p->pw_dir)) ||
-                             (empty_or_root(p->pw_dir) ||
+                            (FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_dir) || !path_is_absolute(p->pw_dir)))
-                              !path_is_valid(p->pw_dir) ||
+                            ? NULL : p->pw_dir;
                              !path_is_absolute(p->pw_dir))) ? NULL : p->pw_dir;
        if (ret_shell)
-                *ret_shell = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
+                *ret_shell = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && shell_is_placeholder(p->pw_shell)) ||
-                              (isempty(p->pw_shell) ||
+                             (FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_shell) || !path_is_absolute(p->pw_shell)))
-                               !path_is_valid(p->pw_shell) ||
+                             ? NULL : p->pw_shell;
                               !path_is_absolute(p->pw_shell) ||
                               is_nologin_shell(p->pw_shell))) ? NULL : p->pw_shell;
        if (patch_username)
                *username = p->pw_name;
--- a/src/basic/user-util.h
+++ b/src/basic/user-util.h
@ -12,6 +12,8 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include "string-util.h"
 /* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
 #define HOME_UID_MIN ((uid_t) 60001)
 #define HOME_UID_MAX ((uid_t) 60513)
@ -36,10 +38,20 @@ static inline int parse_gid(const char *s, gid_t *ret_gid) {
 char* getlogname_malloc(void);
 char* getusername_malloc(void);
 const char* default_root_shell_at(int rfd);
 const char* default_root_shell(const char *root);
 bool is_nologin_shell(const char *shell);
 static inline bool shell_is_placeholder(const char *shell) {
        return isempty(shell) || is_nologin_shell(shell);
 }
 typedef enum UserCredsFlags {
        USER_CREDS_PREFER_NSS           = 1 << 0,  /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
        USER_CREDS_ALLOW_MISSING        = 1 << 1,  /* if a numeric UID string is resolved, be OK if there's no record for it */
        USER_CREDS_CLEAN                = 1 << 2,  /* try to clean up shell and home fields with invalid data */
        USER_CREDS_SUPPRESS_PLACEHOLDER = 1 << 3,  /* suppress home and/or shell fields if value is placeholder (root/empty/nologin) */
 } UserCredsFlags;
 int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
@ -125,10 +137,6 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg);
 int putsgent_sane(const struct sgrp *sg, FILE *stream);
 #endif
 bool is_nologin_shell(const char *shell);
 const char* default_root_shell_at(int rfd);
 const char* default_root_shell(const char *root);
 int is_this_me(const char *username);
 const char* get_home_root(void);
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@ -855,9 +855,6 @@ static int get_fixed_user(
        assert(user_or_uid);
        assert(ret_username);
        /* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
         * (i.e. are "/" or "/bin/nologin"). */
        r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
        if (r < 0)
                return r;
@ -1883,7 +1880,10 @@ static int build_environment(
                }
        }
-        if (home && set_user_login_env) {
+        /* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
         * (i.e. are "/" or "/bin/nologin"). */
        if (home && set_user_login_env && !empty_or_root(home)) {
                x = strjoin("HOME=", home);
                if (!x)
                        return -ENOMEM;
@ -1892,7 +1892,7 @@ static int build_environment(
                our_env[n_env++] = x;
        }
-        if (shell && set_user_login_env) {
+        if (shell && set_user_login_env && !shell_is_placeholder(shell)) {
                x = strjoin("SHELL=", shell);
                if (!x)
                        return -ENOMEM;
@ -3471,20 +3471,16 @@ static int apply_working_directory(
                const ExecContext *context,
                const ExecParameters *params,
                ExecRuntime *runtime,
-                const char *home,
+                const char *home) {
                int *exit_status) {
        const char *wd;
        int r;
        assert(context);
        assert(exit_status);
        if (context->working_directory_home) {
-                if (!home) {
+                if (!home)
                        *exit_status = EXIT_CHDIR;
                        return -ENXIO;
                }
                wd = home;
        } else
@ -3503,13 +3499,7 @@ static int apply_working_directory(
                if (r >= 0)
                        r = RET_NERRNO(fchdir(dfd));
        }
-
+        return context->working_directory_missing_ok ? 0 : r;
        if (r < 0 && !context->working_directory_missing_ok) {
                *exit_status = EXIT_CHDIR;
                return r;
        }
        return 0;
 }
 static int apply_root_directory(
@ -3785,7 +3775,7 @@ static int acquire_home(const ExecContext *c, const char **home, char **ret_buf)
        if (!c->working_directory_home)
                return 0;
-        if (c->dynamic_user)
+        if (c->dynamic_user || (c->user && is_this_me(c->user) <= 0))
                return -EADDRNOTAVAIL;
        r = get_home_dir(ret_buf);
@ -4543,7 +4533,7 @@ int exec_invoke(
        r = acquire_home(context, &home, &home_buffer);
        if (r < 0) {
                *exit_status = EXIT_CHDIR;
-                return log_exec_error_errno(context, params, r, "Failed to determine $HOME for user: %m");
+                return log_exec_error_errno(context, params, r, "Failed to determine $HOME for the invoking user: %m");
        }
        /* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
@ -5382,9 +5372,11 @@ int exec_invoke(
         * running this service might have the correct privilege to change to the working directory. Also, it
         * is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
         * the cwd cannot be used to pin directories outside of the sandbox. */
-        r = apply_working_directory(context, params, runtime, home, exit_status);
+        r = apply_working_directory(context, params, runtime, home);
-        if (r < 0)
+        if (r < 0) {
                *exit_status = EXIT_CHDIR;
                return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
        }
        if (needs_sandboxing) {
                /* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to
--- a/src/cryptenroll/cryptenroll-fido2.c
+++ b/src/cryptenroll/cryptenroll-fido2.c
@ -193,7 +193,7 @@ int enroll_fido2(
                fflush(stdout);
                fprintf(stderr,
-                        "\nPlease save this FIDO2 credential ID. It is required when unloocking the volume\n"
+                        "\nPlease save this FIDO2 credential ID. It is required when unlocking the volume\n"
                        "using the associated FIDO2 keyslot which we just created. To configure automatic\n"
                        "unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
                        "file, see %s for details.\n", link);
--- a/src/run/run.c
+++ b/src/run/run.c
@ -2297,7 +2297,8 @@ static int start_transient_scope(sd_bus *bus) {
                uid_t uid;
                gid_t gid;
-                r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell, USER_CREDS_CLEAN|USER_CREDS_PREFER_NSS);
+                r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell,
                                   USER_CREDS_CLEAN|USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_PREFER_NSS);
                if (r < 0)
                        return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);
--- a/src/shared/killall.c
+++ b/src/shared/killall.c
@ -46,13 +46,17 @@ static bool argv_has_at(pid_t pid) {
        return c == '@';
 }
-static bool is_survivor_cgroup(const PidRef *pid) {
+static bool is_in_survivor_cgroup(const PidRef *pid) {
        _cleanup_free_ char *cgroup_path = NULL;
        int r;
        assert(pidref_is_set(pid));
        r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path);
        if (r == -EUNATCH) {
                log_warning_errno(r, "Process " PID_FMT " appears to originate in foreign namespace, ignoring.", pid->pid);
                return true;
        }
        if (r < 0) {
                log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid);
                return false;
@ -86,7 +90,7 @@ static bool ignore_proc(const PidRef *pid, bool warn_rootfs) {
                return true; /* also ignore processes where we can't determine this */
        /* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */
-        if (is_survivor_cgroup(pid))
+        if (is_in_survivor_cgroup(pid))
                return true;
        r = pidref_get_uid(pid, &uid);
--- a/src/test/test-audit-util.c
+++ b/src/test/test-audit-util.c
@ -7,24 +7,26 @@ TEST(audit_loginuid_from_pid) {
        _cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
        int r;
-        assert_se(pidref_set_self(&self) >= 0);
+        ASSERT_OK(pidref_set_self(&self));
-        assert_se(pidref_set_pid(&pid1, 1) >= 0);
+        ASSERT_OK(pidref_set_pid(&pid1, 1));
        uid_t uid;
        r = audit_loginuid_from_pid(&self, &uid);
-        assert_se(r >= 0 || r == -ENODATA);
+        if (r != -ENODATA)
                ASSERT_OK(r);
        if (r >= 0)
                log_info("self audit login uid: " UID_FMT, uid);
-        assert_se(audit_loginuid_from_pid(&pid1, &uid) == -ENODATA);
+        ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA);
        uint32_t sessionid;
        r = audit_session_from_pid(&self, &sessionid);
-        assert_se(r >= 0 || r == -ENODATA);
+        if (r != -ENODATA)
                ASSERT_OK(r);
        if (r >= 0)
                log_info("self audit session id: %" PRIu32, sessionid);
-        assert_se(audit_session_from_pid(&pid1, &sessionid) == -ENODATA);
+        ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA);
 }
 static int intro(void) {
--- a/src/veritysetup/veritysetup.c
+++ b/src/veritysetup/veritysetup.c
@ -5,12 +5,16 @@
 #include <sys/stat.h>
 #include "alloc-util.h"
 #include "blockdev-util.h"
 #include "cryptsetup-util.h"
 #include "dissect-image.h"
 #include "fileio.h"
 #include "fstab-util.h"
 #include "hexdecoct.h"
 #include "log.h"
 #include "loop-util.h"
 #include "main-func.h"
 #include "missing_loop.h"
 #include "parse-util.h"
 #include "path-util.h"
 #include "pretty-print.h"
@ -274,6 +278,79 @@ static int parse_options(const char *options) {
        return r;
 }
 static int find_dps_signature(
                const char *data_device,
                void *root_hash,
                size_t root_hash_size,
                char **ret_root_hash_signature) {
        _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
        _cleanup_free_ char *base64_signature = NULL, *string_signature = NULL;
        _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
        _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL;
        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
        DissectImageFlags dissect_image_flags =
                DISSECT_IMAGE_GPT_ONLY |
                DISSECT_IMAGE_USR_NO_ROOT |
                DISSECT_IMAGE_ADD_PARTITION_DEVICES |
                DISSECT_IMAGE_DEVICE_READ_ONLY;
        ssize_t len;
        int r;
        assert(data_device);
        assert(root_hash);
        assert(root_hash_size > 0);
        assert(ret_root_hash_signature);
        if (!startswith(data_device, "/dev/"))
                return -EINVAL;
        verity.root_hash_size = root_hash_size;
        verity.root_hash = malloc(root_hash_size);
        if (!verity.root_hash)
                return log_oom_debug();
        memcpy(verity.root_hash, root_hash, root_hash_size);
        r = block_device_new_from_path(data_device, BLOCK_DEVICE_LOOKUP_WHOLE_DISK, &device);
        if (r < 0)
                return log_debug_errno(r, "Failed to get udev device for data device: %m");
        r = loop_device_open(device, O_RDONLY, LOCK_SH, &loop_device);
        if (r < 0)
                return log_debug_errno(r, "Failed to create loop device for root image: %m");
        r = dissect_loop_device(
                        loop_device,
                        &verity,
                        /* mount_options= */ NULL,
                        /* image_policy= */ NULL,
                        dissect_image_flags,
                        &dissected_image);
        if (r < 0)
                return log_debug_errno(r, "Failed to dissect image: %m");
        r = dissected_image_load_verity_sig_partition(
                        dissected_image,
                        loop_device->fd,
                        &verity);
        if (r < 0)
                return log_debug_errno(r, "Failed to load verity signature partition: %m");
        if (r == 0)
                return -ENOENT;
        len = base64mem(verity.root_hash_sig, verity.root_hash_sig_size, &base64_signature);
        if (len < 0)
                return log_debug_errno(len, "Failed to encode root hash signature: %m");
        string_signature = strjoin("base64:", base64_signature);
        if (!string_signature)
                return log_oom_debug();
        *ret_root_hash_signature = TAKE_PTR(string_signature);
        return 0;
 }
 static int run(int argc, char *argv[]) {
        _cleanup_(crypt_freep) struct crypt_device *cd = NULL;
        const char *verb;
@ -371,6 +448,13 @@ static int run(int argc, char *argv[]) {
                if (r < 0)
                        return log_error_errno(r, "Failed to configure data device: %m");
 #if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
                /* If we can support signature checks but we weren't given one, try to find it following the
                 * DPS on the same GPT device */
                if (!arg_root_hash_signature)
                        (void) find_dps_signature(data_device, m, l, &arg_root_hash_signature);
 #endif
                if (arg_root_hash_signature) {
 #if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
                        _cleanup_free_ char *hash_sig = NULL;
--- a/test/units/TEST-07-PID1.working-directory.sh
+++ b/test/units/TEST-07-PID1.working-directory.sh
@ -0,0 +1,20 @@
 #!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -eux
 set -o pipefail
 # shellcheck source=test/units/util.sh
 . "$(dirname "$0")"/util.sh
 (! systemd-run --wait -p DynamicUser=yes \
                      -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
                      -p WorkingDirectory='~' true)
 assert_eq "$(systemd-run --pipe --uid=root -p WorkingDirectory='~' pwd)" "/root"
 assert_eq "$(systemd-run --pipe --uid=nobody -p WorkingDirectory='~' pwd)" "/"
 assert_eq "$(systemd-run --pipe --uid=testuser -p WorkingDirectory='~' pwd)" "/home/testuser"
 (! systemd-run --wait -p DynamicUser=yes -p User=testuser \
                      -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
                      -p WorkingDirectory='~' true)
--- a/units/systemd-confext.service
+++ b/units/systemd-confext.service
@ -16,6 +16,7 @@ ConditionDirectoryNotEmpty=|/run/confexts
 ConditionDirectoryNotEmpty=|/var/lib/confexts
 ConditionDirectoryNotEmpty=|/usr/local/lib/confexts
 ConditionDirectoryNotEmpty=|/usr/lib/confexts
 ConditionDirectoryNotEmpty=|/.extra/confext
 DefaultDependencies=no
 After=local-fs.target
Author	SHA1	Message	Date
Luca Boccassi	73d657162d	Merge `33319701ca` into `f6793bbcf0`	2024-11-20 11:16:45 -08:00
Lennart Poettering	f6793bbcf0	killall: gracefully handle processes inserted into containers via nsenter -a "nsenter -a" doesn't migrate the specified process into the target cgroup (it really should). Thus the cgroup will remain in a cgroup that is (due to cgroup ns) outside our visibility. The kernel will report the cgroup path of such cgroups as starting with "/../". Detect that and print a reasonably error message instead of trying to resolve that.	2024-11-20 18:11:38 +00:00
Mike Yuan	f87863a8ff	process-util: refuse to operate on remote PidRef Follow-up for `7e3e540b88`	2024-11-20 18:10:26 +00:00
Antonio Alvarez Feijoo	58c3c2886d	cryptenroll: fix typo	2024-11-20 18:03:44 +00:00
Daan De Meyer	dbbe895807	test-audit-util: Migrate to new assertion macros	2024-11-20 16:48:55 +00:00
Yu Watanabe	52b0351a15	core/exec-invoke: suppress placeholder home only in build_environment() (#35219 ) Alternative to https://github.com/systemd/systemd/pull/34789 Closes #34789	2024-11-20 17:34:25 +09:00
Luca Boccassi	fe077a1a58	units: add initrd directory to list of conditions for systemd-confext systemd-sysext has the same check, but it was forgotten for confexts. Needed to activate confexts from the ESP in the initrd.	2024-11-20 09:12:24 +01:00
Mike Yuan	b718b86e1b	core/exec-invoke: suppress placeholder home only in build_environment() Currently, get_fixed_user() employs USER_CREDS_SUPPRESS_PLACEHOLDER, meaning home path is set to NULL if it's empty or root. However, the path is also used for applying WorkingDirectory=~, and we'd spuriously use the invoking user's home as fallback even if User= is changed in that case. Let's instead delegate such suppression to build_environment(), so that home is proper initialized for usage at other steps. shell doesn't actually suffer from such problem, but it's changed too for consistency. Alternative to #34789	2024-11-19 00:38:18 +01:00
Mike Yuan	d911778877	core/exec-invoke: minor cleanup for apply_working_directory() error handling Assign exit_status at the same site where error log is emitted, for readability.	2024-11-19 00:38:18 +01:00
Mike Yuan	eea9d3eb10	basic/user-util: split out placeholder suppression from USER_CREDS_CLEAN into its own flag No functional change, preparation for later commits.	2024-11-19 00:38:18 +01:00
Mike Yuan	579ce77ead	basic/user-util: introduce shell_is_placeholder() helper	2024-11-19 00:38:18 +01:00
Luca Boccassi	33319701ca	veritysetup: parse signature from DPS partition If the signature is not specified manually, and sd-veritysetup is running on a device, try to find the parent and if it's a DPS-compliant GPT image with a signature partition, parse it and use it. This allows automatically using the signature on boot, which allows setting an IPE policy that enforces a validated signature on the rootfs too.	2024-09-15 12:02:15 +02:00