picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
46238 commits 2 branches 0 tags 166 MiB
Commit graph

46 commits

Author SHA1 Message Date
Yu Watanabe 996f7e1cd0 tree-wide: drop dirent.h when dirent-util.h is included 2019-11-04 00:30:32 +09:00
Yu Watanabe 455fa9610c tree-wide: drop string.h when string-util.h or friends are included 2019-11-04 00:30:32 +09:00
Michael Olbrich 28e68bb235 Handle d_type == DT_UNKNOWN correctly 
As documented in the man-page, readdir() may return a directory entry with
d_type == DT_UNKNOWN. This must be handled for regular filesystems.

dirent_ensure_type() is available to set d_type if necessary. Use it in
some more places.

Without this systemd will fail to boot correctly with nfsroot and some
other filesystems.

Closes #13609
 2019-09-30 13:29:59 +01:00
Zbigniew Jędrzejewski-Szmek 2fe21124a6 Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek b636d78aee core/smack-setup: add helper function for openat+fdopen 
Unlocked operations are used in all three places. I don't see why just one was
special.

This also improves logging, since we don't just log the final component of the
path, but the full name.
 2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek ca78ad1de9 headers: remove unneeded includes from util.h 
This means we need to include many more headers in various files that simply
included util.h before, but it seems cleaner to do it this way.
 2019-03-27 11:53:12 +01:00
Chris Down e92aaed30e tree-wide: Remove O_CLOEXEC from fdopen 
fdopen doesn't accept "e", it's ignored. Let's not mislead people into
believing that it actually sets O_CLOEXEC.

From `man 3 fdopen`:

> e (since glibc 2.7):
> Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen()

As mentioned by @jlebon in #11131.
 2018-12-12 20:47:40 +01:00
Zbigniew Jędrzejewski-Szmek fde32028a4 Move LONG_LINE_MAX definition to fileio.h 
All users of the macro (except for one, in serialize.c), use the macro in
connection with read_line(), so they must include fileio.h.  Let's not play
libc games and require multiple header file to be included for the most common
use of a function.

The removal of def.h includes is not exact. I mostly went over the commits that
switch over to use read_line() and add def.h at the same time and reverted the
addition of def.h in those files.
 2018-11-14 16:25:32 +01:00
Yu Watanabe 57512c893e tree-wide: set WRITE_STRING_FILE_DISABLE_BUFFER flag when we write files under /proc or /sys 2018-11-06 21:24:03 +09:00
Yu Watanabe 5e1ee764e1 core: include error cause in log message 2018-10-20 01:40:42 +09:00
Lennart Poettering 9fd0b02913 smack-setup: include error cause in log message 2018-10-18 16:23:45 +02:00
Lennart Poettering ea8b6526b9 smcak-setup: FOREACH_LINE excorcism 2018-10-18 16:23:45 +02:00
Lennart Poettering 810adae9e9 tree-wide: use proper unicode © instead of (C) where we can 
Let's use a proper unicode copyright symbol where we can, it's prettier.

This important patch is very important.
 2018-06-14 10:20:20 +02:00
Lennart Poettering 818bf54632 tree-wide: drop 'This file is part of systemd' blurb 
This part of the copyright blurb stems from the GPL use recommendations:

https://www.gnu.org/licenses/gpl-howto.en.html

The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.

hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
 2018-06-14 10:20:20 +02:00
Zbigniew Jędrzejewski-Szmek 11a1589223 tree-wide: drop license boilerplate 
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.

I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
 2018-04-06 18:58:55 +02:00
Lennart Poettering 0d53667334 tree-wide: use __fsetlocking() instead of fxyz_unlocked() 
Let's replace usage of fputc_unlocked() and friends by __fsetlocking(f,
FSETLOCKING_BYCALLER). This turns off locking for the entire FILE*,
instead of doing individual per-call decision whether to use normal
calls or _unlocked() calls.

This has various benefits:

1. It's easier to read and easier not to forget

2. It's more comprehensive, as fprintf() and friends are covered too
   (as these functions have no _unlocked() counterpart)

3. Philosophically, it's a bit more correct, because it's more a
   property of the file handle really whether we ever pass it on to another
   thread, not of the operations we then apply to it.

This patch reworks all pieces of codes that so far used fxyz_unlocked()
calls to use __fsetlocking() instead. It also reworks all places that
use open_memstream(), i.e. use stdio FILE* for string manipulations.

Note that this in some way a revert of 4b61c87511.
 2017-12-14 10:42:25 +01:00
WaLyong Cho 459aafc6d8 smack: allow comments on smack rules (#7438) 2017-11-23 16:27:19 +01:00
Zbigniew Jędrzejewski-Szmek 53e1b68390 Add SPDX license identifiers to source files under the LGPL 
This follows what the kernel is doing, c.f.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
 2017-11-19 19:08:15 +01:00
Zbigniew Jędrzejewski-Szmek f9fa32f09c build-sys: s/HAVE_SMACK/ENABLE_SMACK/ 
Same justification as for HAVE_UTMP.
 2017-10-04 12:09:50 +02:00
Zbigniew Jędrzejewski-Szmek 349cc4a507 build-sys: use #if Y instead of #ifdef Y everywhere 
The advantage is that is the name is mispellt, cpp will warn us.

$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build

squash! build-sys: use #if Y instead of #ifdef Y everywhere

v2:
- fix incorrect setting of HAVE_LIBIDN2
 2017-10-04 12:09:29 +02:00
Lennart Poettering 4b61c87511 tree-wide: fput[cs]() → fput[cs]_unlocked() wherever that makes sense (#6396) 
As a follow-up for db3f45e2d2 let's do the
same for all other cases where we create a FILE* with local scope and
know that no other threads hence can have access to it.

For most cases this shouldn't change much really, but this should speed
dbus introspection and calender time formatting up a bit.
 2017-07-21 10:35:45 +02:00
WaLyong Cho 217f95db7b smack: handling smack onlycap list (#5542) 
To support smack onlycap, read onlycap list from /etc/smack/onlycap and write
to /sys/fs/smackfs/onlycap.

https://lwn.net/Articles/292128/
http://lkml.iu.edu/hypermail/linux/kernel/1505.2/04718.html
http://schaufler-ca.com/description_from_the_linux_source_tree
 2017-06-26 21:00:03 +02:00
Thomas Hindoe Paaboel Andersen 7f508f2c74 tree-wide: indentation fixes 2016-02-26 22:23:38 +01:00
Daniel Mack b26fa1a2fb tree-wide: remove Emacs lines from all files 
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
 2016-02-10 13:41:57 +01:00
Casey Schaufler ae176752f9 smack: Handling network 
- Set Smack ambient to match run label
- Set Smack netlabel host rules

Set Smack ambient to match run label
------------------------------------
Set the Smack networking ambient label to match the
run label of systemd. System services may expect to
communicate with external services over IP. Setting
the ambient label assigns that label to IP packets
that do not include CIPSO headers. This allows systemd
and the services it spawns access to unlabeled IP
packets, and hence external services.

A system may choose to restrict network access to
particular services later in the startup process.
This is easily done by resetting the ambient label
elsewhere.

Set Smack netlabel host rules
-----------------------------
If SMACK_RUN_LABEL is defined set all other hosts to be
single label hosts at the specified label. Set the loopback
address to be a CIPSO host.

If any netlabel host rules are defined in /etc/smack/netlabel.d
install them into the smackfs netlabel interface.

[Patrick Ohly: copied from https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=commit;h=db4f6c9a074644aa2bf]
[Patrick Ohly: adapt to write_string_file() change in "fileio: consolidate write_string_file*()"]
[Patrick Ohly: create write_netlabel_rules() based on the original write_rules() that was removed in "smack: support smack access change-rule"]
[Patrick Ohly: adapted to upstream code review feedback: error logging, string constants]
 2016-01-11 11:12:06 +01:00
Lennart Poettering b5efdb8af4 util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
Lennart Poettering a09561746f util-lib: introduce dirent-util.[ch] for directory entry calls 
Also, move a couple of more path-related functions to path-util.c.
 2015-10-27 13:25:56 +01:00
Lennart Poettering 3ffd4af220 util-lib: split out fd-related operations into fd-util.[ch] 
There are more than enough to deserve their own .c file, hence move them
over.
 2015-10-25 13:19:18 +01:00
Lennart Poettering 07630cea1f util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] 
There are more than enough calls doing string manipulations to deserve
its own files, hence do something about it.

This patch also sorts the #include blocks of all files that needed to be
updated, according to the sorting suggestions from CODING_STYLE. Since
pretty much every file needs our string manipulation functions this
effectively means that most files have sorted #include blocks now.

Also touches a few unrelated include files.
 2015-10-24 23:05:02 +02:00
Michal Schmidt 23446f0148 tree-wide: add missing errno arguments to log_*_errno() 
A few of the recent conversions to log_*_errno() were missing the errno
value arguments.

Fixes: e53fc357a9 "tree-wide: remove a number of invocations of
       strerror() and replace by %m"
 2015-10-01 11:04:08 +02:00
Lennart Poettering e53fc357a9 tree-wide: remove a number of invocations of strerror() and replace by %m 
Let's clean up our tree a bit, and reduce invocations of the
thread-unsafe strerror() by replacing it with printf()'s %m specifier.
 2015-09-30 22:26:16 +02:00
Daniel Mack 4c1fc3e404 fileio: consolidate write_string_file*() 
Merge write_string_file(), write_string_file_no_create() and
write_string_file_atomic() into write_string_file() and provide a flags mask
that allows combinations of atomic writing, newline appending and automatic
file creation. Change all users accordingly.
 2015-07-06 19:19:25 -04:00
WaLyong Cho 6656aefb42 smack: support smack access change-rule 
Smack is also able to have modification rules of existing rules. In
this case, the rule has additional argument to modify previous
rule. /sys/fs/smackfs/load2 node can only take three arguments:
subject object access. So if modification rules are written to
/sys/fs/smackfs/load2, EINVAL error is happen. Those modification
rules have to be written to /sys/fs/smackfs/change-rule.
To distinguish access with operation of cipso2, split write_rules()
for each operation. And, in write access rules, parse the rule and if
the rule has four argument then write into
/sys/fs/smackfs/change-rule.
https://lwn.net/Articles/532340/

fwrite() or fputs() are fancy functions to write byte stream such like
regular file. But special files on linux such like proc, sysfs are not
stream of bytes. Those special files on linux have to be written with
specific size.
By this reason, in some of many case, fputs() was failed to write
buffer to smack load2 node.
The write operation for the smack nodes should be performed with
write().
 2015-06-22 23:44:09 +09:00
Thomas Hindoe Paaboel Andersen 2eec67acbb remove unused includes 
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
 2015-02-23 23:53:42 +01:00
Michal Schmidt 56f64d9576 treewide: use log_*_errno whenever %m is in the format string 
If the format string contains %m, clearly errno must have a meaningful
value, so we might as well use log_*_errno to have ERRNO= logged.

Using:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/'

Plus some whitespace, linewrap, and indent adjustments.
 2014-11-28 19:49:27 +01:00
WaLyong Cho 8a188de9e0 mac: add mac_ prefix to distinguish origin security apis 2014-10-28 14:31:48 +01:00
Philippe De Swert b9289d4c6e core: smack-setup: Actually allow for succesfully loading CIPSO policy 
The line under the last switch statement  *loaded_policy = true;
would never be executed. As all switch cases return 0. Thus the
policy would never be marked as loaded.

Found with Coverity. Fixes: CID#1237785
 2014-09-13 11:54:09 +02:00
Lennart Poettering 03e334a1c7 util: replace close_nointr_nofail() by a more useful safe_close() 
safe_close() automatically becomes a NOP when a negative fd is passed,
and returns -1 unconditionally. This makes it easy to write lines like
this:

        fd = safe_close(fd);

Which will close an fd if it is open, and reset the fd variable
correctly.

By making use of this new scheme we can drop a > 200 lines of code that
was required to test for non-negative fds or to reset the closed fd
variable afterwards.
 2014-03-18 19:31:34 +01:00
Łukasz Stelmach e49d3c0167 smack: set loaded_policy in smack_setup() 
With loaded_policy set to true mount_setup() relabels /dev properly.
 2014-02-24 17:36:13 +01:00
Auke Kok 8b197c3a8a Run with a custom SMACK domain (label). 
Allows the systemd --system process to change its current
SMACK label to a predefined custom label (usually "system")
at boot time.

This is needed to have a few system-generated folders and
sockets automatically be created with the right SMACK
label. Without that, processes either cannot communicate with
systemd or systemd fails to perform some actions.
 2013-10-07 10:23:20 -07:00
Patrick McCarty a1c9563cce smack-setup: fix path to Smack/CIPSO mappings 
The correct path to the dir with CIPSO mappings is /etc/smack/cipso.d/;
/etc/smack/cipso is a file that can include these mappings as well,
though it is no longer supported in upstream libsmack.
 2013-10-01 02:52:46 +02:00
Karol Lewandowski 2b3e18de74 Make it possible to disable smack separately from xattr support 
Additionally, compile out rule loading if feature is disabled.
 2013-05-17 09:58:28 -07:00
Nathaniel Chen abbacb1def smack-setup: enable Smack/CIPSO mapping 
CIPSO is the Common IP Security Option, an IETF standard for setting
security levels for a process sending packets. In Smack kernels,
CIPSO headers are mapped to Smack labels automatically, but can be changed.

This patch writes label/category mappings from /etc/smack/cipso/ to
/sys/fs/smackfs/cipso2. The mapping format is "%s%4d%4d"["%4d"]...

For more information about Smack and CIPSO, see:
  https://kernel.org/doc/Documentation/security/Smack.txt
 2013-03-15 22:56:40 -04:00
Zbigniew Jędrzejewski-Szmek a4783bd17a smack-setup: extract rule writing into a separate function 
Check all errors.
 2013-03-15 22:56:40 -04:00
Zbigniew Jędrzejewski-Szmek fea7838e7e core/smack: downgrade info to debug 
BogdanR> I think it's cool it supports SMACK and that it encourages
         them to use a propper mount point for smackfs but I don't
         think it's cool that it's printing on the screen even when
         I parse quiet to the kernel that "SMACK support is not
         enabled ...".
 2013-03-11 18:03:13 -04:00
Nathaniel Chen ffbd2c4d45 core: mount and initialize Smack 
SMACK is the Simple Mandatory Access Control Kernel, a minimal
approach to Access Control implemented as a kernel LSM.

The kernel exposes the smackfs filesystem API through which access
rules can be loaded. At boot time, we want to load the access rules
as early as possible to ensure all early boot steps are checked by Smack.

This patch mounts smackfs at the new location at /sys/fs/smackfs for
kernels 3.8 and above. The /smack mountpoint is not supported.
After mounting smackfs, rules are loaded from the usual location.

For more information about Smack see:
  http://www.kernel.org/doc/Documentation/security/Smack.txt
 2013-03-07 20:53:14 +01:00