This makes it possible to run more dbus tests in a build
environment/chroot where no system bus is available.
To run the dbus test one then can use dbus-run-session.
It's confusing to use a single void* to store data with two different
types, i.e. a userdata value which is safe to pass to ->find(), and a
userdata value which identifies the found object.
Name the latter `found_u`. This naming treats (!c->find) as a degenerate
case. (I.e. at that point, we know the object has already been found :).
Before this commit, if you run `loginctl user-status` from
debug-shell.service (and you have no login sessions for root), you always
see this output:
0
Linger: no
because Properties.GetAll is returning success but without any properties,
when the only find() callback had returned 0 to mean "no object found".
After:
Could not get properties: Unknown object:
'/org/freedesktop/login1/user/self'
BTW I have a fix for more user-friendly messages from logind in this case.
It is pending in my local branch for #6829 "fix `loginctl enable-linger`".
Routing Policy rule manipulates rules in the routing policy database control the
route selection algorithm.
This work supports to configure Rule
```
[RoutingPolicyRule]
TypeOfService=0x08
Table=7
From= 192.168.100.18
```
```
ip rule show
0: from all lookup local
0: from 192.168.100.18 tos 0x08 lookup 7
```
V2 changes:
1. Added logic to handle duplicate rules.
2. If rules are changed or deleted and networkd restarted
then those are deleted when networkd restarts next time
V3:
1. Add parse_fwmark_fwmask
As it turns out the authentication phase times out too often than is
good, mostly due to PRNG pools not being populated during boot. Hence,
let's increase the authentication timeout from 25s to 90s, to cover for
that.
(Note that we leave the D-Bus method call timeout at 25s, matching the
reference implementation's value. And if the auth phase managed to
complete then the pools should be populated enough and mehtod calls
shouldn't take needlessly long anymore).
Fixes: #6418
Newer kernels will emit uevents with "bind" and "unbind" actions. These
uevents will be issued when driver is bound to or unbound from a device.
"Bind" events are helpful when device requires a firmware to operate
properly, and driver is unable to create a child device before firmware
is properly loaded.
For some reason systemd validates actions and drops the ones it does not
know, instead of passing them on through as old udev did, so we need to
explicitly teach it about them.
This prevents `systemctl` from runnning /bin/touch when the following
command is used:
```
systemctl -H '-oProxyCommand=/bin/touch i-shouldnt-be-here' show-environment
```
If a message is too large to fit into the output buffer, it will be
transmitted to the kernel in several chunks. However, the FDs must
only ever be transmitted once or they will bereceived by the remote
end repeatedly.
The D-Bus specification disallows several sets of FDs attached to
one message, however, the reference implementation of D-Bus will
not reject such a message, rather it will reassign the duplicate
FDs to subsequent FD-carrying messages.
This attaches the FD array only to the first byte of the message.
Observed when running from the console of a systemd nspawn container
(see failure below).
The value of r was tested, when r was last set by
sd_session_can_graphical(). This did not correspond to the value expected.
Fix the code, so we compare relevant values now. Hopefully :).
Test failure
------------
/* Information printed is from the live system */
sd_pid_get_unit(0, …) → "session-13.scope"
sd_pid_get_user_unit(0, …) → "n/a"
sd_pid_get_slice(0, …) → "user-1000.slice"
sd_pid_get_session(0, …) → "13"
sd_pid_get_owner_uid(0, …) → 1000
sd_pid_get_cgroup(0, …) → "/user.slice/user-1000.slice/session-13.scope"
sd_uid_get_display(1000, …) → "13"
sd_uid_get_sessions(1000, …) → [2] "15 13"
sd_uid_get_seats(1000, …) → [1] "seat0"
sd_session_is_active("13") → yes
sd_session_is_remote("13") → no
sd_session_get_state("13") → "active"
sd_session_get_uid("13") → 1000
sd_session_get_type("13") → "tty"
sd_session_get_class("13") → "user"
sd_session_get_display("13") → "n/a"
sd_session_get_remote_user("13") → "n/a"
sd_session_get_remote_host("13") → "n/a"
sd_session_get_seat("13") → "seat0"
sd_session_can_multi_seat("seat0") → no
sd_session_can_tty("seat0") → no
sd_session_can_graphical("seat0") → no
sd_uid_get_state(1000, …) → active
Assertion '!!k == !!r' failed at ../src/libsystemd/sd-login/test-login.c:191, function test_login(). Aborting.
Fixes:
```
$ env -i valgrind --leak-check=full ./build/test-bus-chat
...
==7763== 1,888 (1,824 direct, 64 indirect) bytes in 1 blocks are
definitely lost in loss record 2 of 2
==7763== at 0x4C2FA50: calloc (vg_replace_malloc.c:711)
==7763== by 0x4F8FF9A: sd_bus_new (sd-bus.c:175)
==7763== by 0x4F938BF: sd_bus_open_user (sd-bus.c:1138)
==7763== by 0x109ACD: server_init (test-bus-chat.c:70)
==7763== by 0x10BCF8: main (test-bus-chat.c:526)
==7763==
```
Closes#6481
Let's add a proper validation function, since validation isn't entirely
trivial. Make use of it where applicable. Also make use of
AUDIT_SESSION_INVALID where we need a marker for an invalid audit
session.
Some kdbus_flag and memfd related parts are left behind, because they
are entangled with the "legacy" dbus support.
test-bus-benchmark is switched to "manual". It was already broken before
(in the non-kdbus mode) but apparently nobody noticed. Hopefully it can
be fixed later.
As a follow-up for db3f45e2d2 let's do the
same for all other cases where we create a FILE* with local scope and
know that no other threads hence can have access to it.
For most cases this shouldn't change much really, but this should speed
dbus introspection and calender time formatting up a bit.
This moves pretty much all uses of getpid() over to getpid_raw(). I
didn't specifically check whether the optimization is worth it for each
replacement, but in order to keep things simple and systematic I
switched over everything at once.
During early boot, we'd call getrandom(), and immediately fall back to
reading from /dev/urandom unless we got the full requested number of bytes.
Those two sources are the same, so the most likely result is /dev/urandom
producing some pseudorandom numbers for us, complaining widely on the way.
Let's change our behaviour to be more conservative:
- if the numbers are only used to initialize a hash table, a short read is OK,
we don't really care if we get the first part of the seed truly random and
then some pseudorandom bytes. So just do that and return "success".
- if getrandom() returns -EAGAIN, fall back to rand() instead of querying
/dev/urandom again.
The idea with those two changes is to avoid generating a warning about
reading from an /dev/urandom when the kernel doesn't have enough entropy.
- only in the cases where we really need to make the best effort possible
(sd_id128_randomize and firstboot password hashing), fall back to
/dev/urandom.
When calling getrandom(), drop the checks whether the argument fits in an int —
getrandom() should do that for us already, and we call it with small arguments
only anyway.
Note that this does not really change the (relatively high) number of random
bytes we request from the kernel. On my laptop, during boot, PID 1 and all
other processes using this code through libsystemd request:
74780 bytes with high_quality_required == false
464 bytes with high_quality_required == true
and it does not eliminate reads from /dev/urandom completely. If the kernel was
short on entropy and getrandom() would fail, we would fall back to /dev/urandom
for those 464 bytes.
When falling back to /dev/urandom, don't lose the short read we already got,
and just read the remaining bytes.
If getrandom() syscall is not available, we fall back to /dev/urandom same
as before.
Fixes#4167 (possibly partially, let's see).
Newer D-Bus versions implement the GetConnectionCredentials() driver
call to get all connection creds in one go. Make use of that to reduce
the number of bus calls we do.
When only a single credential field is queried we will still use the old
calls, which we'll also use if the new call isn't implemented.
The bus driver service is always implemented by the owner of the bus,
hence let's shortcut the credential operation and use our cached data.
This makes sure things simply work, given that dbus itself doesn't
support GetConnectionSELinuxSecurityContext() on the bus driver name
itself.
Fixes: #6120
Previously we'd propagate errors returned by user callbacks configured
in vtables back to the users only for method handlers and property
get/set handlers. This does the same for child enumeration and when we
check whether a fallback unit exists.
Without this the failure will be treated as a non-recoverable connection
error and result in connection termination.
Fixes: #6059
This prevents udev from reading the data after freeing it.
See https://github.com/systemd/systemd/issues/6040#issuecomment-306589836
==264== Invalid read of size 1
==264== at 0x4C2E112: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==264== by 0x5943EBD: strdup (in /usr/lib/libc-2.25.so)
==264== by 0x13E263: device_add_property_aux (sd-device.c:122)
==264== by 0x14788C: device_add_property_internal (sd-device.c:150)
==264== by 0x14788C: device_rename (device-private.c:786)
==264== by 0x120DB6: udev_device_rename (libudev-device-private.c:213)
==264== by 0x120DB6: udev_event_execute_rules (udev-event.c:895)
==264== by 0x120DB6: worker_spawn (udevd.c:456)
==264== by 0x1216E5: event_run (udevd.c:584)
==264== by 0x1216E5: event_queue_start (udevd.c:823)
==264== by 0x122213: on_uevent (udevd.c:927)
==264== by 0x141F2F: source_dispatch (sd-event.c:2272)
==264== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==264== by 0x142D52: sd_event_run (sd-event.c:2690)
==264== by 0x142D52: sd_event_loop (sd-event.c:2710)
==264== by 0x1159CB: run (udevd.c:1643)
==264== by 0x1159CB: main (udevd.c:1772)
==264== Address 0x7b251a0 is 0 bytes inside a block of size 5 free'd
==264== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==264== by 0x13E2A2: freep (alloc-util.h:57)
==264== by 0x13E2A2: device_add_property_aux (sd-device.c:111)
==264== by 0x147873: device_add_property_internal (sd-device.c:150)
==264== by 0x147873: device_rename (device-private.c:781)
==264== by 0x120DB6: udev_device_rename (libudev-device-private.c:213)
==264== by 0x120DB6: udev_event_execute_rules (udev-event.c:895)
==264== by 0x120DB6: worker_spawn (udevd.c:456)
==264== by 0x1216E5: event_run (udevd.c:584)
==264== by 0x1216E5: event_queue_start (udevd.c:823)
==264== by 0x122213: on_uevent (udevd.c:927)
==264== by 0x141F2F: source_dispatch (sd-event.c:2272)
==264== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==264== by 0x142D52: sd_event_run (sd-event.c:2690)
==264== by 0x142D52: sd_event_loop (sd-event.c:2710)
==264== by 0x1159CB: run (udevd.c:1643)
==264== by 0x1159CB: main (udevd.c:1772)
==264== Block was alloc'd at
==264== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==264== by 0x5943EC9: strdup (in /usr/lib/libc-2.25.so)
==264== by 0x13E263: device_add_property_aux (sd-device.c:122)
==264== by 0x143B45: device_add_property_internal (sd-device.c:150)
==264== by 0x143B45: device_amend.lto_priv.235 (device-private.c:454)
==264== by 0x1387B7: device_append (device-private.c:516)
==264== by 0x1387B7: device_new_from_nulstr (device-private.c:620)
==264== by 0x1387B7: udev_device_new_from_nulstr (libudev-device-private.c:268)
==264== by 0x1387B7: udev_monitor_receive_device (libudev-monitor.c:682)
==264== by 0x11FC69: worker_spawn (udevd.c:509)
==264== by 0x1216E5: event_run (udevd.c:584)
==264== by 0x1216E5: event_queue_start (udevd.c:823)
==264== by 0x122213: on_uevent (udevd.c:927)
==264== by 0x141F2F: source_dispatch (sd-event.c:2272)
==264== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==264== by 0x142D52: sd_event_run (sd-event.c:2690)
==264== by 0x142D52: sd_event_loop (sd-event.c:2710)
==264== by 0x1159CB: run (udevd.c:1643)
==264== by 0x1159CB: main (udevd.c:1772)
==264==
This prevents udev from double-freeing and crashing.
See https://github.com/systemd/systemd/issues/6040#issuecomment-306589836
==351== Invalid free() / delete / delete[] / realloc()
==351== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==351== by 0x13CBE8: hashmap_clear_free_free (hashmap.c:900)
==351== by 0x13CBE8: hashmap_free_free_free (hashmap.c:852)
==351== by 0x147F4F: sd_device_unref (sd-device.c:88)
==351== by 0x130CCC: udev_device_unref (libudev-device.c:552)
==351== by 0x130CD5: udev_device_unref (libudev-device.c:553)
==351== by 0x11FBBB: worker_spawn (udevd.c:488)
==351== by 0x1216E5: event_run (udevd.c:584)
==351== by 0x1216E5: event_queue_start (udevd.c:823)
==351== by 0x122213: on_uevent (udevd.c:927)
==351== by 0x141F2F: source_dispatch (sd-event.c:2272)
==351== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==351== by 0x142D52: sd_event_run (sd-event.c:2690)
==351== by 0x142D52: sd_event_loop (sd-event.c:2710)
==351== by 0x1159CB: run (udevd.c:1643)
==351== by 0x1159CB: main (udevd.c:1772)
==351== Address 0x81745b0 is 0 bytes inside a block of size 1 free'd
==351== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==351== by 0x1447F0: freep (alloc-util.h:57)
==351== by 0x1447F0: sd_device_set_sysattr_value (sd-device.c:1859)
==351== by 0x132081: udev_device_set_sysattr_value (libudev-device.c:849)
==351== by 0x12E777: set_trackpoint_sensitivity (udev-builtin-keyboard.c:180)
==351== by 0x12E777: builtin_keyboard.lto_priv.170 (udev-builtin-keyboard.c:263)
==351== by 0x14D03F: udev_builtin_run.constprop.75 (udev-builtin.c:133)
==351== by 0x11FAEB: udev_event_execute_run (udev-event.c:957)
==351== by 0x11FAEB: worker_spawn (udevd.c:461)
==351== by 0x1216E5: event_run (udevd.c:584)
==351== by 0x1216E5: event_queue_start (udevd.c:823)
==351== by 0x122213: on_uevent (udevd.c:927)
==351== by 0x141F2F: source_dispatch (sd-event.c:2272)
==351== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==351== by 0x142D52: sd_event_run (sd-event.c:2690)
==351== by 0x142D52: sd_event_loop (sd-event.c:2710)
==351== by 0x1159CB: run (udevd.c:1643)
==351== by 0x1159CB: main (udevd.c:1772)
==351== Block was alloc'd at
==351== at 0x4C2CF35: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==351== by 0x144853: sd_device_set_sysattr_value (sd-device.c:1888)
==351== by 0x132081: udev_device_set_sysattr_value (libudev-device.c:849)
==351== by 0x12E777: set_trackpoint_sensitivity (udev-builtin-keyboard.c:180)
==351== by 0x12E777: builtin_keyboard.lto_priv.170 (udev-builtin-keyboard.c:263)
==351== by 0x14D03F: udev_builtin_run.constprop.75 (udev-builtin.c:133)
==351== by 0x11FAEB: udev_event_execute_run (udev-event.c:957)
==351== by 0x11FAEB: worker_spawn (udevd.c:461)
==351== by 0x1216E5: event_run (udevd.c:584)
==351== by 0x1216E5: event_queue_start (udevd.c:823)
==351== by 0x122213: on_uevent (udevd.c:927)
==351== by 0x141F2F: source_dispatch (sd-event.c:2272)
==351== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==351== by 0x142D52: sd_event_run (sd-event.c:2690)
==351== by 0x142D52: sd_event_loop (sd-event.c:2710)
==351== by 0x1159CB: run (udevd.c:1643)
==351== by 0x1159CB: main (udevd.c:1772)
This adds /sys/firmware lookup for sysname when creating a new device,
which allows device-tree properties lookup. This look-up can then be
used in udev rules, allowing device-tree-based model detection.
The code is mostly correct, but gcc is trying to outsmart us, and emits a
warning for a "llu vs lu" mismatch, even though they are the same size (on alpha):
src/libsystemd/sd-bus/bus-control.c: In function ‘kernel_get_list’:
src/libsystemd/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&n, ":1.%llu", name->id) < 0) {
^
src/libsystemd/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
^
This is hard to work around properly, because kdbus.h uses __u64 which is
defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
solution of using %PRIu64 fails on amd64:
src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) {
^~~~~~
Let's just avoid the whole issue for now by silencing the warning.
After the next release, we should just get rid of the kdbus code.
Fixes#5561.
Other functions in sd-login generally allow the output parameter to be NULL, in
which case only the number of items that would be stored in the array is returned.
Be nice and do the same here.
C.f. 0543105b0f.
This makes if /run/systemd/{seats,sessions,users} are missing, then
sd_get_seats(), sd_get_sessions() and sd_get_uids() return 0, that is,
an empty list, instead of -ENOENT.
The -ENOMEDIUM return value was introduced in v232-1001-g2977724b09,
('core: make hybrid cgroup unified mode keep compat /sys/fs/cgroup/systemd hierarchy'),
and would be returned by cg_pid_get_path_shifted(), but the documented and
expected return value is -ENODATA. Let's just catch ENXIO/ENOMEDIUM and translate
it to ENODATA in all cases.
Complements 171f8f591f, fixes#6012.
All those uses were correct, but I think it's better to be explicit.
Using implicit errno is too error prone, and with this change we can require
(in the sense of a style guideline) that the code is always specified.
Helpful query: git grep -n -P 'log_[^s][a-z]+\(.*%m'