Jan Synacek
1147eef0b6
man/udevadm: remove superfluous --version from subcommands ( #8549 )
...
There's need to show the program specific --version for each subcommand.
2018-03-22 19:24:37 +01:00
James Cowgill
f5aeac1439
seccomp: add mmap and address family restrictions for MIPS ( #8547 )
2018-03-22 15:40:44 +01:00
Lennart Poettering
7f19eb3592
Merge pull request #8531 from poettering/dhcp-server-mini-fixes
...
some minor tweaks to sd-dhcp-server
2018-03-22 15:36:48 +01:00
Lennart Poettering
c8475a8f8e
HACKING: small umask tweak for the rootpw ( #8541 )
2018-03-22 15:36:01 +01:00
Peter A. Bigot
1d0b60c481
units: disable systemd-time-sync-wait inside containers ( #8537 )
...
Fixes #8535
2018-03-22 05:27:27 +03:00
Peter A. Bigot
e9cbef7dc9
doc/HACKING: show command to set root password in image ( #8540 )
...
Fixes #8538
2018-03-21 23:56:33 +01:00
juergbi
39362f6f7d
main: add NoNewPrivileges config option ( #8475 )
...
This makes it possible to disable new privileges for the whole system.
2018-03-21 23:41:19 +01:00
Lennart Poettering
57027d0356
dhcp-server: don't propagate erros up the event loop
...
If we can't send a message this is no reason to completely abort the
event handler.
Issue identified by Nandor Han <nandor.han@ge.com>, Sebastian Reichel
<sebastian.reichel@collabora.co.uk>.
Replaces: #8525
2018-03-21 20:32:52 +01:00
Lennart Poettering
cfcbb13583
dhcp-sever: check properly for invalid fds
...
We generally just compare for negativity, not for equlity to -1, let's
do so here too.
2018-03-21 20:30:29 +01:00
Lennart Poettering
c3922c0c1c
dhcp_server_handle_message: don't pretend there was a difference between return code 0 or 1
...
We ignore the difference anyway, hence let's systematically return 0.
2018-03-21 20:29:43 +01:00
Lennart Poettering
6408ba5fa9
dhcp-server: reduce level of indentation a bit
...
Less indentation is good, let's do that where it's easy.
2018-03-21 20:29:07 +01:00
Lennart Poettering
6e741541ed
dhcp-server: introduce log_dhcp_server_errno()
...
Sometimes we want to print the error number, hence do so properly, and
avoid to use strerror() which is not reentrant.
2018-03-21 20:28:01 +01:00
Lennart Poettering
0f01c1f918
dhcp-server: don't assign sendmsg() return value to "int"
...
The type is "ssize_t", not "int", let's be accurate about that, as these
types are different on some archs.
Given that we don't actually care about the return value reall, drop
the whole assignment, just check if negative.
2018-03-21 20:27:16 +01:00
Zbigniew Jędrzejewski-Szmek
37cbc1d579
When mangling names, optionally emit a warning ( #8400 )
...
The warning is not emitted for absolute paths like /dev/sda or /home, which are
converted to .device and .mount unit names without any fuss.
Most of the time it's unlikely that users use invalid unit names on purpose,
so let's warn them. Warnings are silenced when --quiet is used.
$ build/systemctl show -p Id hello@foo-bar/baz
Invalid unit name "hello@foo-bar/baz" was escaped as "hello@foo-bar-baz" (maybe you should use systemd-escape?)
Id=hello@foo-bar-baz.service
$ build/systemd-run --user --slice foo-bar/baz --unit foo-bar/foo true
Invalid unit name "foo-bar/foo" was escaped as "foo-bar-foo" (maybe you should use systemd-escape?)
Invalid unit name "foo-bar/baz" was escaped as "foo-bar-baz" (maybe you should use systemd-escape?)
Running as unit: foo-bar-foo.service
Fixes #8302 .
2018-03-21 15:26:47 +01:00
Lennart Poettering
b85aca4f92
Merge pull request #8523 from keszybz/oss-fuzz-fixes
...
A fix for oss-fuzz msan ListenNetlink workaround
2018-03-21 15:26:25 +01:00
Franck Bui
100d5f6ee6
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files ( #8521 )
...
The API povided by the glibc is too error-prone as one has to deal directly
with errno in order to detect if errors occured.
Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
Zbigniew Jędrzejewski-Szmek
af3865abf1
fuzz-unit-file: fix check if ListenNetlink is used
...
A line may contain leading spaces which we should skip.
Fixes https://oss-fuzz.com/v2/issue/5546208027213824/7049 .
2018-03-21 13:16:52 +01:00
Zbigniew Jędrzejewski-Szmek
8a37ce6545
shared/conf-parser: fix outdated comment
2018-03-21 13:15:01 +01:00
Lennart Poettering
ed47df8967
ac-power: add simple getopt() argument parsing to systemd-ac-power ( #8516 )
...
We should probably do that for all our tools, hence fill in this gap
here.
2018-03-21 12:52:18 +01:00
Zbigniew Jędrzejewski-Szmek
55c36ec0c1
Merge pull request #8508 from poettering/more-cocci
...
two new coccinelle rules files and their results
2018-03-21 12:50:49 +01:00
Peter A. Bigot
5c3376efcd
time-sync-wait: add service ( #8494 )
...
This one-shot service waits until the kernel time has been set to
synchronized.
2018-03-21 12:42:04 +01:00
Lennart Poettering
d9a43665eb
Merge pull request #8313 from alexgartrell/compression-threshold
...
Compression threshold
2018-03-21 12:37:54 +01:00
Lennart Poettering
0ba6791f46
Merge pull request #8368 from yuwata/nss-systemd-getpwent
...
nss-systemd: make dynamic users enumerable by `getent`
2018-03-21 12:36:47 +01:00
Lennart Poettering
4526113f57
dissect: add dissect_image_and_warn() that unifies error message generation for dissect_image() ( #8517 )
2018-03-21 12:10:01 +01:00
Lennart Poettering
31dc1ca3bf
move MANAGER_IS_RELOADING() check into manager_recheck_{dbus|journal}() ( #8510 )
...
Let's better check this inside of the call than before it, so that we
never issue this while reloading, even should these calls be called due
to other reasons than just the unit notify.
This makes sure the reload state is unset a bit earlier in
manager_reload() so that we can safely call this function from there and
they do the right thing.
Follow-up for e63ebf71ed
.
2018-03-21 12:03:45 +01:00
Lennart Poettering
d56fced9e0
fileio: port parse_env_file_internal() to use _cleanup_free_ ( #8511 )
2018-03-21 11:59:56 +01:00
Long Li
cf3fabacaa
v3: Properly parsing SCSI Hyperv devices ( #8509 )
...
Since 2016, Hyperv devices moved to using standard way to expose UUID to sysfs. Fix the parsing function to work with the newer format.
Change log:
v2: changed code to work with both old and new path format
v3: changed guid_str_len type to size_t, fixed length in char guid[] in handle_scsi_hyperv()
2018-03-21 11:51:28 +01:00
Lennart Poettering
ed1738a24a
Merge pull request #8487 from keszybz/oss-fuzz-fixes
...
Oss fuzz fixes, another batch
2018-03-21 11:50:57 +01:00
Lennart Poettering
2062ada74c
selinux: let's fully (and statically) initialize log callback union ( #8512 )
...
We can make this const and static, and initialize this ahead of time and
fully, hence let's do that.
2018-03-21 11:48:40 +01:00
Zbigniew Jędrzejewski-Szmek
9d8c9125ed
Merge pull request #8513 from poettering/journal-minifixes
...
two minor journal fixes
2018-03-21 11:48:06 +01:00
Lennart Poettering
68b525d1d1
sd-bus: drop fd_nonblock() calls that are implied by rearrange_stdio() ( #8514 )
2018-03-21 11:46:49 +01:00
Lennart Poettering
43bfe75032
coredumpctl: drop unnecessary NULL initialization, and use const where possible ( #8515 )
2018-03-21 11:46:08 +01:00
Yu Watanabe
23e6c10bbe
doc: update TODO
2018-03-21 13:39:16 +09:00
Yu Watanabe
12c2c56dcb
nss-systemd: make dynamic users enumerable by getent
...
This adds `setpwent()`, `getpwent_r()`, `endpwent()`, `setgrent()`,
`getgrent_r()`, and `endgrent()` interfaces to nss-systemd library.
Thus, dynamic users can be enumerated by e.g. `getent passwd` command.
2018-03-21 13:39:03 +09:00
Yu Watanabe
9b5eaef3d1
nss-systemd: define dynamic user properties
2018-03-21 13:11:30 +09:00
Yu Watanabe
2458541961
nss-systemd: cleanup bypassing dbus logic
2018-03-21 13:11:17 +09:00
Yu Watanabe
f9bfa6962d
core: add new dbus method GetDynamicUsers
...
This intruduces a new dbus method GetDynamicUsers for systemd1.Manager,
which enumerates all dynamic users realized in the system.
2018-03-21 13:11:01 +09:00
Zbigniew Jędrzejewski-Szmek
cb6870f67a
Restore naming of IOPRIO_PRIO defines from linux/ioprio.h
...
This undoes part of 10062bbc35
.
2018-03-21 00:46:22 +01:00
Zbigniew Jędrzejewski-Szmek
e3c3d6761b
core/load-fragment: reject overly long paths early
...
No need to go through the specifier_printf() if the path is already too long in
the unexpanded form (since specifiers increase the length of the string in all
practical cases).
In the oss-fuzz test case, valgrind reports:
total heap usage: 179,044 allocs, 179,044 frees, 72,687,755,703 bytes allocated
and the original config file is ~500kb. This isn't really a security issue,
since the config file has to be trusted any way, but just a matter of
preventing accidental resource exhaustion.
https://oss-fuzz.com/v2/issue/4651449704251392/6977
While at it, fix order of arguments in the neighbouring log_syntax() call.
2018-03-21 00:46:13 +01:00
Zbigniew Jędrzejewski-Szmek
e127f26b1a
basic/calendarspec: add check for repeat values that would overflow
...
https://oss-fuzz.com/v2/issue/4651449704251392/7004
2018-03-21 00:46:13 +01:00
Lennart Poettering
e71d1f6c78
journal: don't insist that the journal file header's boot ID matches the last entry
...
We update the boot ID whenever the file is opened for writing (i.e. set
to ONLINE stat), even if we never write a single entry to it. Hence,
don't insist that the last entry's boot ID matches the file header.
As pointed out by Matthijs van Duin:
https://lists.freedesktop.org/archives/systemd-devel/2018-March/040499.html
2018-03-20 23:31:11 +01:00
Lennart Poettering
ffe535e43e
journal-file: drop unused tail_entry_monotonic_valid field.
...
As pointed out by Matthijs van Duin:
https://lists.freedesktop.org/archives/systemd-devel/2018-March/040499.html
2018-03-20 23:31:11 +01:00
Alex Gartrell
1b7cf0e587
journal: make the compression threshold tunable
...
Allow a user to set a number of bytes as Compress to use as the compression
threshold.
2018-03-20 14:54:07 -07:00
Lennart Poettering
43dc7aa2ba
coccinelle: always use fcntl(fd, FD_DUPFD, 3) instead of dup(fd)
...
Let's avoid fds 0…2 for safety reasons.
2018-03-20 22:31:14 +01:00
Lennart Poettering
be6b0c2165
coccinelle: make use of DIV_ROUND_UP() wherever appropriate
...
Let's use our macros where we can
2018-03-20 20:59:02 +01:00
Alex Gartrell
57850536d5
journal: provide compress_threshold_bytes parameter
...
Previously the compression threshold was hardcoded to 512, which meant that
smaller values wouldn't be compressed. This left some storage savings on the
table, so instead, we make that number tunable.
2018-03-20 11:48:52 -07:00
Zbigniew Jędrzejewski-Szmek
3ceae1bc14
basic/fs-util: skip fsync_directory_of_file() if /proc/self/fd/ is not available ( #8386 )
...
When systemd is running under lorax (in Fedora compose process), it'd think that
it failed to write /etc/machine-id, even though the write succeeded, because
fsync_directory_of_file() would fail, because /proc/self/fd/ is not available.
fsync_directory_of_file() is mostly an additional safety net, so I think it's best
to just silently ignore the error.
Strace of pid1:
35791 stat("/etc", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
35791 openat(AT_FDCWD, "/etc/machine-id", O_RDWR|O_CREAT|O_NOCTTY|O_CLOEXEC, 0444) = 3
35791 umask(022) = 000
35791 read(3, "", 38) = 0
35791 openat(AT_FDCWD, "/var/lib/dbus/machine-id", O_RDONLY|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC) = -1 ENOENT (No such file o
r directory)
35791 openat(AT_FDCWD, "/sys/class/dmi/id/product_name", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/sys/class/dmi/id/sys_vendor", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/sys/class/dmi/id/board_vendor", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/sys/class/dmi/id/bios_vendor", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 access("/proc/xen", F_OK) = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/sys/hypervisor/type", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/proc/cpuinfo", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 getrandom("\xb8\x82\xed\xd4\x35\x11\xd0\xeb\xa6\x79\xd7\x31\x6e\x7b\x99\xce", 16, GRND_NONBLOCK) = 16
35791 writev(2, [{iov_base="Initializing machine ID from random generator.", iov_len=46}, {iov_base="\n", iov_len=1}],
2) = 47
35791 lseek(3, 0, SEEK_SET) = 0
35791 ftruncate(3, 0) = 0
35791 write(3, "b882edd4351140eba679d7316e7b99ce\n", 33) = 33
35791 fsync(3) = 0
35791 fstat(3, {st_mode=S_IFREG|0444, st_size=33, ...}) = 0
35791 readlinkat(AT_FDCWD, "/proc/self/fd/3", 0x564df8c694c0, 99) = -1 ENOENT (No such file or directory)
35791 close(3) = 0
35791 umask(022) = 022
35791 openat(AT_FDCWD, "/run/machine-id", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_CLOEXEC, 0444) = 3
35791 write(3, "b882edd4351140eba679d7316e7b99ce\n", 33) = 33
35791 close(3) = 0
35791 umask(022) = 022
35791 mount("/run/machine-id", "/etc/machine-id", NULL, MS_BIND, NULL) = 0
35791 writev(2, [{iov_base="Installed transient /etc/machine-id file.", iov_len=41}, {iov_base="\n", iov_len=1}], 2) = 42
35791 mount(NULL, "/etc/machine-id", NULL, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) = 0
https://bugzilla.redhat.com/show_bug.cgi?id=1552843
2018-03-20 18:20:01 +01:00
Lennart Poettering
4279c82075
Merge pull request #8440 from keszybz/use-cleanup-in-efi
...
Use cleanup in sd-boot
2018-03-20 18:17:57 +01:00
Zbigniew Jędrzejewski-Szmek
0441378080
nspawn: move network namespace creation to a separate step ( #8430 )
...
Fixes #8427 .
Unsharing the namespace in a separate step changes the ownership of
/proc/net/ip_tables_names (and related files) from nobody:nobody to
root:root. See [1] and [2] for all the details.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881
[2] https://bugzilla.netfilter.org/show_bug.cgi?id=1064#c9
2018-03-20 18:07:17 +01:00
Lennart Poettering
5c24d63675
Merge pull request #8106 from dqminh/route-expires-kernel
...
move route expiration to kernel
2018-03-20 17:38:30 +01:00