use /etc/clonetab to provide devices to be cloned#1
Open
src-up wants to merge 1465 commits into
Open
Conversation
src-up
pushed a commit
that referenced
this pull request
Jan 21, 2026
Otherwise, if the VM is unexpectedly rebooted, then `importctl --user pull-tar` may fail as the file may already exist. ``` [ 123.351751] TEST-13-NSPAWN.sh[3946]: + run0 -u testuser importctl --user pull-tar file:///var/tmp/image-tar/kurps.tar.gz nurps --verify=checksum -m [ 123.541603] TEST-13-NSPAWN.sh[4311]: Enqueued transfer job 3. Press C-c to continue download in background. [ 123.552456] TEST-13-NSPAWN.sh[4311]: Pulling 'file:///var/tmp/image-tar/kurps.tar.gz', saving as 'nurps'. [ 123.552788] TEST-13-NSPAWN.sh[4311]: Operating on image directory '/home/testuser/.local/state/machines'. [ 123.819942] TEST-13-NSPAWN.sh[4311]: Got 1% of file:///var/tmp/image-tar/kurps.tar.gz. [ 124.156557] TEST-13-NSPAWN.sh[4311]: * shutting down connection #0 [ 124.156896] TEST-13-NSPAWN.sh[4311]: * Could not open file /var/tmp/image-tar/kurps.tar.gz.sha256 [ 124.157223] TEST-13-NSPAWN.sh[4311]: * closing connection #-1 [ 124.159198] TEST-13-NSPAWN.sh[4311]: * Could not open file /var/tmp/image-tar/kurps.nspawn [ 124.159493] TEST-13-NSPAWN.sh[4311]: * closing connection #-1 [ 124.159818] TEST-13-NSPAWN.sh[4311]: Acquired 68.5M. [ 124.160395] TEST-13-NSPAWN.sh[4311]: Download of file:///var/tmp/image-tar/kurps.tar.gz complete. [ 124.160664] TEST-13-NSPAWN.sh[4311]: Transfer failed: Could not read a file:// file [ 124.160923] TEST-13-NSPAWN.sh[4311]: Settings file could not be retrieved, proceeding without. [ 124.404733] TEST-13-NSPAWN.sh[4311]: * shutting down connection #1 [ 124.405162] TEST-13-NSPAWN.sh[4311]: Acquired 79B. [ 124.406170] TEST-13-NSPAWN.sh[4311]: Download of file:///var/tmp/image-tar/SHA256SUMS complete. [ 124.406734] TEST-13-NSPAWN.sh[4311]: SHA256 checksum of file:///var/tmp/image-tar/kurps.tar.gz is valid. [ 124.455446] TEST-13-NSPAWN.sh[4311]: Failed to rename to final image name to /home/testuser/.local/state/machines/.tar-file:\x2f\x2f\x2fvar\x2ftmp\x2fimage-tar\x2fkurps\x2etar\x2egz: File exists [ 124.457251] TEST-13-NSPAWN.sh[4311]: Exiting. ``` Workaround for issue systemd#38240.
src-up
force-pushed
the
PR-etc-clonetab
branch
3 times, most recently
from
aff7c48 to
63e0b1d
Compare
src-up
force-pushed
the
PR-etc-clonetab
branch
3 times, most recently
from
c35a30a to
bccc71a
Compare
src-up
pushed a commit
that referenced
this pull request
Apr 9, 2026
Fix a typo which causes a segfault when processing a user record
with matchHostname when it's an array instead of a simple string:
$ echo '{"userName":"crashhostarray","perMachine":[{"matchHostname":["host1","host2"],"locked":false}]}' | userdbctl -F -
Segmentation fault (core dumped)
$ coredumpctl info
...
Message: Process 1172301 (userdbctl) of user 1000 dumped core.
Module libz.so.1 from rpm zlib-ng-2.3.3-1.fc43.x86_64
Module libcrypto.so.3 from rpm openssl-3.5.4-2.fc43.x86_64
Stack trace of thread 1172301:
#0 0x00007fded7b3a656 __strcmp_evex (libc.so.6 + 0x159656)
#1 0x00007fded7e95397 per_machine_hostname_match (libsystemd-shared-260.so + 0x295397)
systemd#2 0x00007fded7e955b5 per_machine_match (libsystemd-shared-260.so + 0x2955b5)
systemd#3 0x00007fded7e957c6 dispatch_per_machine (libsystemd-shared-260.so + 0x2957c6)
systemd#4 0x00007fded7e96c97 user_record_load (libsystemd-shared-260.so + 0x296c97)
systemd#5 0x000000000040572d display_user (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x572d)
systemd#6 0x00007fded7ea9727 dispatch_verb (libsystemd-shared-260.so + 0x2a9727)
systemd#7 0x000000000041077c run (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x1077c)
systemd#8 0x00000000004107ce main (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x107ce)
systemd#9 0x00007fded79e45b5 __libc_start_call_main (libc.so.6 + 0x35b5)
systemd#10 0x00007fded79e4668 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x3668)
systemd#11 0x00000000004038d5 _start (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x38d5)
ELF object binary architecture: AMD x86-64
src-up
pushed a commit
that referenced
this pull request
Apr 9, 2026
The fido2_hmac_salt/fido2_hmac_credential/recovery_key fields kept
leaking memory as the array itself wasn't deallocated after deallocating
each of its elements data:
$ build-san/userdbctl -F fuzz-corpus-userdb/auth-fido2.json
...
=================================================================
==1292840==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 112 byte(s) in 1 object(s) allocated from:
#0 0x7f56f00e5e4b in realloc.part.0 (/lib64/libasan.so.8+0xe5e4b) (BuildId: 25975f766867e9e604dc5a71a8befeaed3301942)
#1 0x7f56ed869e42 in greedy_realloc ../src/basic/alloc-util.c:65
systemd#2 0x7f56ed7ff5e9 in dispatch_fido2_hmac_salt ../src/shared/user-record.c:836
systemd#3 0x7f56edd73cbc in sd_json_dispatch_full ../src/libsystemd/sd-json/sd-json.c:5204
systemd#4 0x7f56edd745fc in sd_json_dispatch ../src/libsystemd/sd-json/sd-json.c:5276
systemd#5 0x7f56ed80100b in dispatch_privileged ../src/shared/user-record.c:998
systemd#6 0x7f56edd73cbc in sd_json_dispatch_full ../src/libsystemd/sd-json/sd-json.c:5204
systemd#7 0x7f56edd745fc in sd_json_dispatch ../src/libsystemd/sd-json/sd-json.c:5276
systemd#8 0x7f56ed80622c in user_record_load ../src/shared/user-record.c:1697
systemd#9 0x000000408c15 in display_user ../src/userdb/userdbctl.c:447
systemd#10 0x7f56ed83cc9a in dispatch_verb ../src/shared/verbs.c:137
systemd#11 0x00000041df2b in run ../src/userdb/userdbctl.c:1908
systemd#12 0x00000041dfbe in main ../src/userdb/userdbctl.c:1911
systemd#13 0x7f56ec8105b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4) (BuildId: 2b5beec0fd24fe9c9f43eddfdd5facf0b8a1b805)
systemd#14 0x7f56ec810667 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x3667) (BuildId: 2b5beec0fd24fe9c9f43eddfdd5facf0b8a1b805)
systemd#15 0x000000404a44 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/userdbctl+0x404a44) (BuildId: 19e8b7e7b7038d2cea20bc18a55bea2a9e4406d5)
Direct leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7f56f00e5e4b in realloc.part.0 (/lib64/libasan.so.8+0xe5e4b) (BuildId: 25975f766867e9e604dc5a71a8befeaed3301942)
#1 0x7f56ed869e42 in greedy_realloc ../src/basic/alloc-util.c:65
systemd#2 0x7f56ed7fe779 in dispatch_fido2_hmac_credential_array ../src/shared/user-record.c:775
systemd#3 0x7f56edd73cbc in sd_json_dispatch_full ../src/libsystemd/sd-json/sd-json.c:5204
systemd#4 0x7f56edd745fc in sd_json_dispatch ../src/libsystemd/sd-json/sd-json.c:5276
systemd#5 0x7f56ed80622c in user_record_load ../src/shared/user-record.c:1697
systemd#6 0x000000408c15 in display_user ../src/userdb/userdbctl.c:447
systemd#7 0x7f56ed83cc9a in dispatch_verb ../src/shared/verbs.c:137
systemd#8 0x00000041df2b in run ../src/userdb/userdbctl.c:1908
systemd#9 0x00000041dfbe in main ../src/userdb/userdbctl.c:1911
systemd#10 0x7f56ec8105b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4) (BuildId: 2b5beec0fd24fe9c9f43eddfdd5facf0b8a1b805)
systemd#11 0x7f56ec810667 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x3667) (BuildId: 2b5beec0fd24fe9c9f43eddfdd5facf0b8a1b805)
systemd#12 0x000000404a44 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/userdbctl+0x404a44) (BuildId: 19e8b7e7b7038d2cea20bc18a55bea2a9e4406d5)
SUMMARY: AddressSanitizer: 176 byte(s) leaked in 2 allocation(s).
src-up
pushed a commit
that referenced
this pull request
Apr 9, 2026
…d#40979) Fix a typo which causes a segfault when processing a user record with `matchHostname` when it's an array instead of a simple string: ``` $ echo '{"userName":"crashhostarray","perMachine":[{"matchHostname":["host1","host2"],"locked":false}]}' | userdbctl -F - Segmentation fault (core dumped) $ coredumpctl info ... Message: Process 1172301 (userdbctl) of user 1000 dumped core. Module libz.so.1 from rpm zlib-ng-2.3.3-1.fc43.x86_64 Module libcrypto.so.3 from rpm openssl-3.5.4-2.fc43.x86_64 Stack trace of thread 1172301: #0 0x00007fded7b3a656 __strcmp_evex (libc.so.6 + 0x159656) #1 0x00007fded7e95397 per_machine_hostname_match (libsystemd-shared-260.so + 0x295397) systemd#2 0x00007fded7e955b5 per_machine_match (libsystemd-shared-260.so + 0x2955b5) systemd#3 0x00007fded7e957c6 dispatch_per_machine (libsystemd-shared-260.so + 0x2957c6) systemd#4 0x00007fded7e96c97 user_record_load (libsystemd-shared-260.so + 0x296c97) systemd#5 0x000000000040572d display_user (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x572d) systemd#6 0x00007fded7ea9727 dispatch_verb (libsystemd-shared-260.so + 0x2a9727) systemd#7 0x000000000041077c run (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x1077c) systemd#8 0x00000000004107ce main (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x107ce) systemd#9 0x00007fded79e45b5 __libc_start_call_main (libc.so.6 + 0x35b5) systemd#10 0x00007fded79e4668 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x3668) systemd#11 0x00000000004038d5 _start (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x38d5) ELF object binary architecture: AMD x86-64 ```
…T_ID_UNIQUE) Suppress the following message: ``` $ sudo valgrind --leak-check=full build/networkctl dhcp-lease wlp59s0 ==175708== Memcheck, a memory error detector ==175708== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==175708== Using Valgrind-3.26.0 and LibVEX; rerun with -h for copyright info ==175708== Command: build/networkctl status wlp59s0 ==175708== ==175708== Conditional jump or move depends on uninitialised value(s) ==175708== at 0x4BC33D1: inode_same_at (stat-util.c:610) ==175708== by 0x4BF1972: inode_same (stat-util.h:86) ==175708== by 0x4BF48FE: running_in_chroot (virt.c:817) ==175708== by 0x4B16643: running_in_chroot_or_offline (verbs.c:37) ==175708== by 0x4B175CE: _dispatch_verb_with_args (verbs.c:136) ==175708== by 0x4B17868: dispatch_verb (verbs.c:160) ==175708== by 0x407CBB: networkctl_main (networkctl.c:249) ==175708== by 0x407D06: run (networkctl.c:263) ==175708== by 0x407D39: main (networkctl.c:266) ==175708== ``` Not sure if it is an issue in valgrind or glibc, but at least there is nothing we can do except for working around it.
It is typically used for making C string embedded in a binary data. Hence, the input pointer may not be char*.
The NOTES section in os-release(5) contains an unusual formatting. Switch function and ulink tags and remove a newline within ulink text to keep the entry formatting in sync with others. Also, this preserves the formatting within the text itself. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
This is split out of systemd#41543, but makes sense on its own.
Split out of systemd#41543. These don't make too much sense on their own, but they also don't really hurt. They are preparation for systemd#41543, but in order to make things either to review I split these four commits out, since they are not directly part of what the PR shall achieve
It is similar to crypto_random_bytes_allocate_iovec(), but possibly insecure.
The first commit is prep work for systemd#41543 but I think it makes a ton of sense on its own as it cleans up logging a bit.
systemd-repart currently creates LUKS2 encrypted partitions using libcryptsetup's default KDF (Argon2id), which requires ~1GB of memory during key derivation. This is too much for memory-constrained environments such as kdump with limited crashkernel memory, where luksOpen fails due to insufficient memory. Add an EncryptKDF= option to repart.d partition definitions that allows selecting the KDF type. Supported values are: - "argon2id" — Argon2id with libcryptsetup-benchmarked parameters - "pbkdf2" — PBKDF2 with libcryptsetup-benchmarked parameters - "minimal" — PBKDF2 with SHA-512, 1000 iterations, no benchmarking, matching the existing cryptsetup_set_minimal_pbkdf() behaviour used for TPM2-sealed keys When not specified, the libcryptsetup default (argon2id) is used, preserving existing behaviour. The KDF type is applied via sym_crypt_set_pbkdf_type() after sym_crypt_format() and before any keyslots are added.
This also drops unnecessary zero assignments.
This makes even when len == 0, the input buffer is freed. The behavior is consistent with strv_consume() and friends.
I see --help output formatting as contiuation of @keszybz's work on options.[ch], hence let's start to add some really basic infrastructure to unify the --help output more.
The WIN 5 (DMI product G1618-05) ships the same BMI0160 accelerometer with the same physical mounting as the Win Max 2 (G1619-04), so reuse its mount matrix. Verified on hardware: without the matrix iio-sensor-proxy reports AccelerometerOrientation=normal regardless of physical pose, and applying the G1619-04 matrix makes orientation transitions (normal / left-up / right-up / bottom-up) track the device correctly.
The commandline check is tightened to reject extra arguments. Co-developed-by: Claude Opus 4.7 <noreply@anthropic.com>
The commandline check is tightened. Previously the program would crash if called without an argument. Co-developed-by: Claude Opus 4.7 <noreply@anthropic.com>
The commandline check is tightened. Previously the program would crash if called without an argument. Co-developed-by: Claude Opus 4.7 <noreply@anthropic.com>
For some reason, the old code had duplicate {"version", 'v'} entry in
the options table and a matching case that could not be reached.
Commandline parsing is tightened to reject any positional arguments.
Co-developed-by: Claude Opus 4.7 <noreply@anthropic.com>
The commandline check is tightened to reject extra arguments. Co-developed-by: Claude Opus 4.7 <noreply@anthropic.com>
The commandline check is tightened to reject extra arguments. Co-developed-by: Claude Opus 4.7 <noreply@anthropic.com>
Just addressing Claude's last review from systemd#41815
Based on comments here: systemd#41805 (comment)
…_directory_generic()
…s of the root disk There are various definitions of the root disk, let's suppress them all if the flag is set. So far only the outermost is suppressed, which is a bit weird, given it's "further away" from the rootfs.
…emd#41814) nothing earth shattering, but generally useful. without systemd#41776 it has no immediate users though
In format-table.h, TABLE_IN_ADDR is commented as "Takes a union in_addr_union (or a struct in_addr)". However, if we pass struct in_addr to table_add_many(), the function reads more than the size of the struct.
Common page-code parsing extracted into a parse_page_code() helper. While at it, return real error values (-EINVAL, etc.) rather than -1, and rename retval to r throughout for consistency. The body of main is moved to new run. The closing of logging file descriptors is dropped. They will be closed automatically anyway. Not sure what the original purpose of that code was. The code is also modernized in various places… though more changes could be made. The return convention of help() and similar functions is changed to usual negative/0/1, where 0 means that the caller should quit. set_inq_values would return positive error values too, which was previously ignored. It's not entirely clear, but that doesn't seem to have been on purpose.
--help output only has changes expected in the new style. Co-developed-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
So far when a job completed we'd never transition into any new state, we'd just do some final processing work (such as notifying clients) and destroy it. Let's change that, and briefly enter a final state: "finished". This is useful so that code that notifies clients can generically send the quadruplet of id, type, state, result for any change notification and naturally can communicate job completion that way: by setting the state field to "finished". Prompted by the discussions in: systemd#41583
QMP "quit" tells QEMU to exit, which races the reply with the socket EOF: sometimes the disconnect lands in qmp_client_fail_pending() with -ECONNRESET before the reply has been parsed. The shared completion callback then translates that into io.systemd.MachineInstance.NotConnected, turning the desired outcome into a varlink error. This is exactly what TEST-87-AUX-UTILS-VM exposes during its repeated start/pause/resume/terminate stress loop: a successful Pause/Describe followed milliseconds later by a Terminate that fails with NotConnected when the disconnect path wins the race. Give Terminate its own completion callback that treats disconnect-class errors as success, since QEMU shutting down is the whole point of "quit". The other simple commands (Pause, Resume, PowerOff, Reboot) keep the existing semantics: they expect QMP to remain alive, so NotConnected is the correct reply for them. Link: https://github.com/systemd/systemd/actions/runs/24986080288/job/73159585425?pr=41835 Signed-off-by: Christian Brauner (Amutable) <brauner@kernel.org>
Adds dm-clone device setup at boot via a new /etc/clonetab config file, following the crypttab/veritytab pattern. - Add systemd-clonesetup-generator to parse /etc/clonetab and generate units. - Add systemd-clonesetup binary to create/remove dm-clone devices via ioctl. - Add clonesetup.target for ordering dm-clone activation at boot. - Add region_size= option in clonetab to configure dm-clone hydration granularity. - Add clonetab(5) and systemd-clonesetup-generator(8) man pages. Fixes: systemd#39500
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.