Many programming languages don't allow variable names beginning in dots,
hence let's use double underscores for the location fields instead. This
gets us the simple rule:
__ is the prefix for location fields (i.e. fields that are used to
identify entries, rather than part of the entries)
_ is the prefix for trusted fields (i.e. those fields journald itself
adds to all entries)
no prefix for unrusted fields (i.e. all fields normal client code sends
us)
This reverts commit 9586cdfab6.
(but not the TODO hunk).
The bug was already fixed by 1a710b43. And if other errors occur, we
don't want to leave the socket active in order to avoid having socket
tarpits.
This logic can be turned off by defining SD_JOURNAL_SUPPRESS_LOCATION
before including sd-journal.h.
This also saves/restores errno in all logging functions, in order to be
useful as logging calls without side-effects.
This also adds a couple of __unlikely__ around the early checks in the
logging calls, in order to minimize the runtime impact.
Suppose that foo.service/start is a job waiting on other job bar.service/start
to finish. And then foo.service/restart is enqueued (not using
--ignore-dependencies).
Currently this makes foo.service start immediately, forgetting about the
ordering to bar.service.
The runnability check for JOB_RESTART jobs looks only at dependencies for
stopping. That's actually correct, because restart jobs should be treated the
same as stop jobs at first. The bug is that job_run_and_invalidate() does not
treat them exactly the same as stop jobs. unit_start() gets called without
checking for the runnability of the converted JOB_START job.
The fix is to simplify the switch in job_run_and_invalidate(). Handle
JOB_RESTART identically to JOB_STOP.
Also simplify the handling of JOB_TRY_RESTART - just convert it to JOB_RESTART
if the unit is active and let it fall through to the JOB_RESTART case.
Similarly for JOB_RELOAD_OR_START - have a fall through to JOB_START.
In job_finish_and_invalidate() it's not necessary to check for JOB_TRY_RESTART
with JOB_DONE, because JOB_TRY_RESTART jobs will have been converted to
JOB_RESTART already.
Speeding up the restart of services in "auto-restart" state still works as
before.
Improves: https://bugzilla.redhat.com/show_bug.cgi?id=753586
but it's still not perfect. With this fix the try-restart action will wait for
the restart to complete in the right order, but the optimal behaviour would be
to finish quickly (without disturbing the start job).
If we try to locate a monotonic time in a file that doesn't have any
entries with the matching boot id, then don't fail on it, simply
fall back to calendar time.
For clean session endings ask logind explicitly to get rid of the FIFO
before closing it so that the FIFO logic doesn't result in su/sudo to be
terminated immediately.
This is an S/MIME signed message
The new function ima_setup() loads an IMA custom policy from a file in the
default location '/etc/ima/ima-policy', if present, and writes it to the
path 'ima/policy' in the security filesystem. This function is executed
at early stage in order to avoid that some file operations are not measured
by IMA and it is placed after the initialization of SELinux because IMA
needs the latter (or other security modules) to understand LSM-specific
rules. This feature is enabled by default and can be disabled by providing
the option '--disable-ima' to the configure script.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
This is an S/MIME signed message
The mount of the securityfs filesystem is now performed in the main systemd
executable as it is used by IMA to provide the interface for loading custom
policies. The unit file 'units/sys-kernel-security.mount' has been removed
because it is not longer necessary.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
The function checks if the entry is a directory before recursing, but
there is a window between the check and the open, during which the
directory could be replaced with a symlink.
CVE-2012-1174
https://bugzilla.redhat.com/show_bug.cgi?id=803358
After long consideration we came to the conclusion that user
configuration in /etc should always override the (generally
computer generated) configuration in /run. User configuration
should always be what matters over anything else. Hence rearrange
the search orders accordingly. In general this should change
very little as overriding like this is seldomn done so far,
and the order between /etc and /usr stays the same.
Hi!
I was trying out the journal and the journalctl utility sometimes
crashed on me. After some debugging, I tracked it down to the fact
that next_with_matches() holds the "c" object pointer through the
journal_file_next_entry_for_data() call -- which apparently may re-map
the journal file, invalidating the pointer.
The attached patch fixes this crash for me, but being unfamiliar with
the code, I don't know if I'm doing the right thing.
This patch is also available from my github repository:
git://github.com/intgr/systemd.git
https://github.com/intgr/systemd
Regards,
Marti
For the record, here's the original stack trace at the time of remapping:
ret=0x7fff1d5cdec0) at src/journal/journal-file.c:330
ret=0x7fff1d5cdf28) at src/journal/journal-file.c:414
ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at
src/journal/journal-file.c:1101
i=5705, ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at
src/journal/journal-file.c:1147
p=6413608, data_offset=66600, direction=DIRECTION_DOWN,
ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at
src/journal/journal-file.c:1626
direction=DIRECTION_DOWN, ret=0x7fff1d5ce120, offset=0x7fff1d5ce128)
at src/journal/sd-journal.c:533
direction=DIRECTION_DOWN, ret=0x7fff1d5ce170, offset=0x7fff1d5ce178)
at src/journal/sd-journal.c:595
src/journal/sd-journal.c:651
From 9266fc6a58065a7c5dab67430fd78925e519dce9 Mon Sep 17 00:00:00 2001
From: Marti Raudsepp <marti@juffo.org>
Date: Fri, 9 Mar 2012 16:23:00 +0200
Subject: [PATCH] journal: Don't hold pointers to journal while remapping
This would cause a segfault otherwise.
After long consideration we came to the conclusion that user
configuration in /etc should always override the (generally computer
generated) configuration in /run. User configuration should always be
what matters over anything else. Hence rearrange the search orders
accordingly.
In general this should change very little as overriding like this is
seldomn done so far, and the order between /etc and /usr stays the same.
If a client connects to us repeatedly always using the same source port
and we instantiate a service for the incoming connection this might
clash with an old instance. Hence, include the connection number, the
same way we do it for AF_UNIX to make connections unique.
https://bugs.freedesktop.org/show_bug.cgi?id=45297
<tomegun> kay: is this a valid issue: https://bugs.archlinux.org/task/27060 ?
<kay> tomegun: udev does not really care if that fails
<tomegun> kay: the suggestion there is to treat EINVAL the same way we treat ENOTTY (i.e. as an info only)
<tomegun> if it really does not matter it might make sense to avoid bogus bug reports
<kay> tomegun: done
This device is a combination USB hub, displaylink graphics, and e2i touchscreen
Bus 001 Device 005: ID 058f:6254 Alcor Micro Corp. USB Hub
Bus 001 Device 006: ID 17e9:401a Newnham Research
Bus 001 Device 007: ID 1ac7:0001
|__ Port 1: Dev 5, If 0, Class=hub, Driver=hub/4p, 480M
|__ Port 2: Dev 6, If 0, Class=vend., Driver=udlfb, 480M
|__ Port 2: Dev 6, If 1, Class=HID, Driver=usbhid, 480M
|__ Port 3: Dev 7, If 0, Class=vend., Driver=usbtouchscreen, 12M
we need to make sure that configuration data we expose via the bus ends
up in using getting an assert(). Even though configuration data is only
parsed from trusted sources we should be more careful with what we read.
The use of identifying disks by magic byte sequences outside of the
filesystem or partion table is fragile and usually creates more
problems than it solves.
Udev-acl will be part of a future ConsoleKit release. On systemd systems,
advanced ConsoleKit and udev-acl functionality are natively provided by
systemd.
If the service reaches the start limit, mark the sockets that activate
it as failed (with the result code 'service-broken').
This way the sockets won't act as tarpits for clients connecting to
them.
