systemd - systemd

	Commit message (Collapse)	Author	Age	Files	Lines
*	core/dbus-service: refuse bind mounting over /run/credentials/	Mike Yuan	2024-08-17	1	-0/+2
\| \| \| \| \| \|	The credential mounts should be managed singlehandedly by pid1. Preparation for the future introduction of RefreshOnReload=credential, where refreshing creds will be properly supported on reload.
*	core: Add support for renaming credentials with ImportCredential=	Daan De Meyer	2024-07-31	1	-0/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This allows for "per-instance" credentials for units. The use case is best explained with an example. Currently all our getty units have the following stanzas in their unit file: """ ImportCredential=agetty.* ImportCredential=login.* """ This means that setting agetty.autologin=root as a system credential will make every instance of our all our getty units autologin as the root user. This prevents us from doing autologin on /dev/hvc0 while still requiring manual login on all other ttys. To solve the issue, we introduce support for renaming credentials with ImportCredential=. This will allow us to add the following to e.g. serial-getty@.service: """ ImportCredential=tty.serial.%I.agetty.:agetty. ImportCredential=tty.serial.%I.login.:login. """ which for serial-getty@hvc0.service will make the service manager read all credentials of the form "tty.serial.hvc0.agetty.xxx" and pass them to the service in the form "agetty.xxx" (same goes for login). We can apply the same to each of the getty units to allow setting agetty and login credentials for individual ttys instead of globally.
*	core: clean up Set/LoadCredential= parsers	Mike Yuan	2024-07-23	1	-5/+11
\| \| \| \| \|	Make logging consistent, plus introduce helper function for adding creds to ExecContext.set_credential too.
*	core/exec-credential: drop unused unit_add_default_credential_dependencies	Mike Yuan	2024-06-12	1	-3/+1
\|
*	Revert "core/credential,mount: re-read /proc/self/mountinfo before invoking ↵	Mike Yuan	2024-06-12	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	umount command" This reverts commit 1e1225614ca1106116dcad9fb37aaeb6106408ab. This was an incomplete workaround of the race. Now that we stop generating mount units for credential mounts, the logic could be dropped.
*	core: introduce exec_params_need_credentials	Mike Yuan	2024-02-06	1	-0/+2
\| \| \| \|	Also rename EXEC_WRITE_CREDENTIALS to EXEC_SETUP_CREDENTIALS.
*	core/exec-credential: make param const where appropriate	Mike Yuan	2024-02-04	1	-1/+1
\|
*	core/credential,mount: re-read /proc/self/mountinfo before invoking umount ↵	Yu Watanabe	2023-09-06	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	command When a unit has credentials, stopping the service unmounts the credentials directory. On shutdown, stopping the service and the corresponding mount unit may be done mostly simultaneously, and if we invoke umount command soon after umount() being called on stopping the service, the mount unit will fail. This makes Mount.invalidated_state flag set when umount() is called for a path, and re-read /proc/self/mouninfo before invoking umount command if the flag is set. Fixes #25527. Replaces #26959.
*	core/exec-credential: introduce exec_context_get_credential_directory() ↵	Yu Watanabe	2023-09-06	1	-0/+6
\| \| \| \| \| \|	helper function No functional change, just refactoring.
*	core: rename credential.[ch] -> exec-credential.[ch]	Yu Watanabe	2023-09-06	1	-0/+48
	Also rename setup_credentials() -> exec_setup_credentials(). Addresses the post-merge review https://github.com/systemd/systemd/pull/28787#pullrequestreview-1592065048.