The rest of our JSON code tries hard to magically convert NULL inputs
into "null" JSON objects, let's make sure this also works with
json_variant_set_field().
- execute.c: bpf functions were in the middle of an #if HAVE_SECCOMP
block for no reason
- test-fd-util.c: make seccomp-util.h includable without depending on
<seccomp.h>, and make is_seccomp_available() hardcoded to returning
false in this case.
Also fix a stray DEFINED() -- HAVE_SECCOMP is defined as 0, so normal
#if should be used like everywhere else.
Per-connection socket instances we currently maintain three fields
related to the socket: a reference to the Socket unit, the connection fd,
and a reference to the SocketPeer object that counts socket peers.
Let's synchronize their lifetime, i.e. always set them all three
together or unset them together, so that their reference counters stay
synchronous.
THis will in particuar ensure that we'll drop the SocketPeer reference
whenever we leave an active state of the service unit, i.e. at the same
time we close the fd for it.
Fixes: #20685
*ret_culprit should be set if ret_culprit has been passed a non-null value,
checking the previous *ret_culprit value does not make sense.
This would cause the culprit to not properly be assigned, leading to
pid1 crash when a unit could not be stopped.
Fixes: #21476
This adds uidmap shifting also when resizing/updating/changing
passwords. Prviously I thought we didn't have to, because the user is
not going to access the uidmap if we only quickly activate the home
area. But this thinking is wrong, because the three operations will
result in an update ~/.identity fie to be written, and we should do that
with uidmap applied, so that its ownership maps down to nobody below as
intended.
Fixes: #21441
When we want to operate on an already activated home area we so far
tried to reapply the uidmapping logic. We shouldn't do that, it's
already applied after all.
We only want to apply this for newly activated home areas. Hence check
for the right HomeSetupFlags flag for it HOME_SETUP_ALREADY_ACTIVATED.
The patch is actually in theory a two-liner. Except that so far we don#t
pass the HomeSetupFlags flags down all necessary functions where the
uidmap stuff will eventually run. Hence this larger than intended
commit.
In 57bb9bcba5 support was added to read
"cheap" passwords from env vars and stuff before issuing the first
operation, instead of waiting for it until the first operation failed.
This was added for most verbs of "homectl", but two were left out:
update + passwd. Add it there too.
We give a path, but the path is only meaningful inside of the image.
Some messages made it clear that it's a path in the image, let's make
them all do that.
The whole point of acquiring metadata is quite often to figure out why the
image does not pass verification. Refusing to provide metadata is just being
hostile to the user.
When called from other places (e.g. image_read_metadata()), verification is
still performed.
Linux 5.15 broke kernel API:
e70344c059
Previously setting IOPRIO_CLASS_NONE for a process would then report
IOPRIO_CLASS_NONE back. But since 5.15 it reports IOPRIO_CLASS_BE
instead. Since IOPRIO_CLASS_NONE is an alias for a special setting of
IOPRIO_CLASS_BE this makes some sense, but it's also a kernel API
breakage that our testsuite trips up on.
(I made some minimal effort to inform the kernel people about this API
breakage during the 5.15 rc phase, but noone was interested.)
Either way let's hadle this gracefully in our test suite and accept
"best-effort" too when "none" was set.
(This is only triggable if the tests are run on 5.15 with full privs)
Let's not mention a redundant setting of "none". Let's instead only
mention "best-effort", which is the same. Also mention the default
settings properly.
(Also, while we are at it, don#t document the numeric alias, that's
totally redundant and harder to use, so no need to push people towards
it.)
Linux 5.15 broke API in ioprio_get(): instead of returning
IOPRIO_CLASS_NONE when that's set it now returns IOPRIO_CLASS_BE, which
is what this actually is (the former is just an alias for the latter
with a priority value of 4).
Let's hide the differences between old and new kernels here, and always
normalize to what the new kernels do.
IOPRIO_CLASS_NONE with any priority value actually is an alias for
IOPRIO_CLASS_BE with priority value 4 – which is the default ioprio for
all processes.
We got this right at one place, but wrong at three others (where we
assumed the default value was 0, not 4). Let's add a
macro that encodes this properly, and use it everywhere.
One of the niceties of recurse_dir()/recurse_dir_at() is that the path
argument is decoration, it's not used for actually accessing the fs in
anyway. That's very handy in environments where chroots and relative
paths are used, as we can path in any path we like and the recursion
function will suffix with whatever it discovers but will not try to make
sense of the prefix you pass.
This works great, except that the recurse_dir_at() wrapper broke that:
it adjusted the path if NULL to "." simply for the sake of making
openat() on the top work. Let's make this adjustment more local and do
it only for the openat() itself, and otherwise pass the path through the
way we got it. This means: if a caller really wants the paths that are
concatenated to start with a "." it can just pass that. This way the
caller gets full control back of the path prefix. Win!
Note that all current users of recurse_dir_at() don't pass NULL as
second arg, hence this check is without any real effect for now. It's
preparation for future uses however.
With this the tool will show whether an image is intended to be a
bootable OS image, a system extension, or a portable service image.
Example output with this patch:
<snip>
Name: image_53.raw
Size: 3.2G
Machine ID: bb9f2921198040feb7c82270bf66e4b8
OS Release: NAME=Fedora
VERSION=34 (Thirty Four)
…
PRIVACY_POLICY_URL=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
IMAGE_VERSION=53
Use As: ✓ bootable system for UEFI
✓ bootable system for container
✗ portable service
✗ extension for system
✗ extension for initrd
✗ extension for portable service
RW DESIGNATOR PARTITION UUID PARTITION LABEL FSTYPE ARCHITECTURE VERITY GROWFS NODE PARTNO
rw root d56af2b4-35eb-2e40-8f08-2d3b7012b0fc Root Partition btrfs x86-64 no no /dev/loop1p2 2
rw esp e3d11339-05c1-a74a-ae77-aae76812c134 ESP System Partition vfat - - no /dev/loop1p1 1
…
</snip>
This should make things a bit more robust since it ensures system
extension can only applied to the right environments. Right now three
different "scopes" are defined:
1. "system" (for regular OS systems, after the initrd transition)
2. "initrd" (for sysext images that apply to the initrd environment)
3. "portable" (for sysext images that apply to portable images)
If not specified we imply a default of "system portable", i.e. any image
where the field is not specified is implicitly OK for application to OS
images and for portable services – but not for initrds.
