picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
32879 commits 2 branches 0 tags 166 MiB
Commit graph

32879 commits

This branch
This branch
All branches
Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek e3c3d6761b core/load-fragment: reject overly long paths early 
No need to go through the specifier_printf() if the path is already too long in
the unexpanded form (since specifiers increase the length of the string in all
practical cases).

In the oss-fuzz test case, valgrind reports:
  total heap usage: 179,044 allocs, 179,044 frees, 72,687,755,703 bytes allocated
and the original config file is ~500kb. This isn't really a security issue,
since the config file has to be trusted any way, but just a matter of
preventing accidental resource exhaustion.

https://oss-fuzz.com/v2/issue/4651449704251392/6977

While at it, fix order of arguments in the neighbouring log_syntax() call.
 2018-03-21 00:46:13 +01:00
Zbigniew Jędrzejewski-Szmek e127f26b1a basic/calendarspec: add check for repeat values that would overflow 
https://oss-fuzz.com/v2/issue/4651449704251392/7004
 2018-03-21 00:46:13 +01:00
Lennart Poettering e71d1f6c78 journal: don't insist that the journal file header's boot ID matches the last entry 
We update the boot ID whenever the file is opened for writing (i.e. set
to ONLINE stat), even if we never write a single entry to it. Hence,
don't insist that the last entry's boot ID matches the file header.

As pointed out by Matthijs van Duin:

https://lists.freedesktop.org/archives/systemd-devel/2018-March/040499.html
 2018-03-20 23:31:11 +01:00
Lennart Poettering ffe535e43e journal-file: drop unused tail_entry_monotonic_valid field. 
As pointed out by Matthijs van Duin:

https://lists.freedesktop.org/archives/systemd-devel/2018-March/040499.html
 2018-03-20 23:31:11 +01:00
Alex Gartrell 1b7cf0e587 journal: make the compression threshold tunable 
Allow a user to set a number of bytes as Compress to use as the compression
threshold.
 2018-03-20 14:54:07 -07:00
Lennart Poettering 43dc7aa2ba coccinelle: always use fcntl(fd, FD_DUPFD, 3) instead of dup(fd) 
Let's avoid fds 0…2 for safety reasons.
 2018-03-20 22:31:14 +01:00
Lennart Poettering be6b0c2165 coccinelle: make use of DIV_ROUND_UP() wherever appropriate 
Let's use our macros where we can
 2018-03-20 20:59:02 +01:00
Alex Gartrell 57850536d5 journal: provide compress_threshold_bytes parameter 
Previously the compression threshold was hardcoded to 512, which meant that
smaller values wouldn't be compressed. This left some storage savings on the
table, so instead, we make that number tunable.
 2018-03-20 11:48:52 -07:00
Zbigniew Jędrzejewski-Szmek 3ceae1bc14 basic/fs-util: skip fsync_directory_of_file() if /proc/self/fd/ is not available (#8386) 
When systemd is running under lorax (in Fedora compose process), it'd think that
it failed to write /etc/machine-id, even though the write succeeded, because
fsync_directory_of_file() would fail, because /proc/self/fd/ is not available.
fsync_directory_of_file() is mostly an additional safety net, so I think it's best
to just silently ignore the error.

Strace of pid1:
35791 stat("/etc", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
35791 openat(AT_FDCWD, "/etc/machine-id", O_RDWR|O_CREAT|O_NOCTTY|O_CLOEXEC, 0444) = 3
35791 umask(022)                        = 000
35791 read(3, "", 38)                   = 0
35791 openat(AT_FDCWD, "/var/lib/dbus/machine-id", O_RDONLY|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC) = -1 ENOENT (No such file o
r directory)
35791 openat(AT_FDCWD, "/sys/class/dmi/id/product_name", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/sys/class/dmi/id/sys_vendor", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/sys/class/dmi/id/board_vendor", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/sys/class/dmi/id/bios_vendor", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 access("/proc/xen", F_OK)         = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/sys/hypervisor/type", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 openat(AT_FDCWD, "/proc/cpuinfo", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
35791 getrandom("\xb8\x82\xed\xd4\x35\x11\xd0\xeb\xa6\x79\xd7\x31\x6e\x7b\x99\xce", 16, GRND_NONBLOCK) = 16
35791 writev(2, [{iov_base="Initializing machine ID from random generator.", iov_len=46}, {iov_base="\n", iov_len=1}],
 2) = 47
35791 lseek(3, 0, SEEK_SET)             = 0
35791 ftruncate(3, 0)                   = 0
35791 write(3, "b882edd4351140eba679d7316e7b99ce\n", 33) = 33
35791 fsync(3)                          = 0
35791 fstat(3, {st_mode=S_IFREG|0444, st_size=33, ...}) = 0
35791 readlinkat(AT_FDCWD, "/proc/self/fd/3", 0x564df8c694c0, 99) = -1 ENOENT (No such file or directory)
35791 close(3)                          = 0
35791 umask(022)                        = 022
35791 openat(AT_FDCWD, "/run/machine-id", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_CLOEXEC, 0444) = 3
35791 write(3, "b882edd4351140eba679d7316e7b99ce\n", 33) = 33
35791 close(3)                          = 0
35791 umask(022)                        = 022
35791 mount("/run/machine-id", "/etc/machine-id", NULL, MS_BIND, NULL) = 0
35791 writev(2, [{iov_base="Installed transient /etc/machine-id file.", iov_len=41}, {iov_base="\n", iov_len=1}], 2) = 42
35791 mount(NULL, "/etc/machine-id", NULL, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) = 0

https://bugzilla.redhat.com/show_bug.cgi?id=1552843
 2018-03-20 18:20:01 +01:00
Lennart Poettering 4279c82075
Merge pull request #8440 from keszybz/use-cleanup-in-efi 
Use cleanup in sd-boot
 2018-03-20 18:17:57 +01:00
Zbigniew Jędrzejewski-Szmek 0441378080 nspawn: move network namespace creation to a separate step (#8430) 
Fixes #8427.

Unsharing the namespace in a separate step changes the ownership of
/proc/net/ip_tables_names (and related files) from nobody:nobody to
root:root. See [1] and [2] for all the details.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881
[2] https://bugzilla.netfilter.org/show_bug.cgi?id=1064#c9
 2018-03-20 18:07:17 +01:00
Lennart Poettering 5c24d63675
Merge pull request #8106 from dqminh/route-expires-kernel 
move route expiration to kernel
 2018-03-20 17:38:30 +01:00
Filipe Brandenburger b454cfb05c mkosi: set file permissions in copy of source tree (#8370) 
Meson keeps permissions around during the build, so details of how umask
was set when cloning the original git tree will leak all the way to the
installed files in the mkosi image.

So reset the permissions of the files in the copy of the tree before
starting the build.

Also set the umask explicitly.

Tested by creating a mkosi image and booting it on a tree that was
cloned with a umask of 027, confirmed that the *.target files were not
created as world-unreadable anymore.
 2018-03-20 17:21:36 +01:00
Mathieu Malaterre 0d9fca76bb seccomp: enable RestrictAddressFamilies on ppc (#8505) 
In commit da1921a5c3 ppc64/ppc64el were added as supported architectures for
socketcall() for the POWER family. Extend the support for the 32bits
architectures.
 2018-03-20 16:08:20 +01:00
Lennart Poettering ed358dbd0e
Merge pull request #8499 from fbuihuu/shadow-support-nis 
sysusers: also add support for NIS entries in /etc/shadow
 2018-03-20 12:16:43 +01:00
Franck Bui 8c1b45aa9c sysusers: make sure to reset errno before calling fget*ent() 
Due to the glibc interface we have to test errno in various places to detect if
an error occured after calling fget*ent() helpers.
 2018-03-20 11:38:39 +01:00
Franck Bui 19ec7de2d6 sysusers: also add support for NIS entries in /etc/shadow 
Commit 563dc6f8e2 added support for
/etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS
entries also for shadow, let's support this case too.
 2018-03-20 11:28:19 +01:00
Jui-Chi Ricky Liang 27b6cb1f59 v4l_id: check mplane video capture and output capailities (#8464) 
Video devices using mplane buffer API declare capture and output
capabilities with V4L2_CAP_VIDEO_CAPTURE_MPLANE and
V4L2_CAP_VIDEO_OUTPUT_MPLANE.
 2018-03-20 09:54:18 +01:00
Zbigniew Jędrzejewski-Szmek 24c44fdf56 man: use unicode ellipsis in one more place (#8496) 
Also add note where it should *not* be used.

https://github.com/systemd/systemd/pull/8408#discussion_r175606771
 2018-03-20 09:54:01 +01:00
Lennart Poettering 8c637fe242
Merge pull request #8452 from keszybz/use-libmount-more 
Use libmount in systemd-shutdown, add tests
 2018-03-20 09:53:34 +01:00
Matteo F. Vescovi c72102edd5 hwdb: ThinkPad 4x0s and X1 Carbon 3rd gen LEDs (#8492) 2018-03-20 07:41:19 +01:00
Salvo 'LtWorf' Tomaselli bc33509ea0 hwdb: ThinkPad T560 doesn't have a caps lock led (#8490) 
Similar to 16bed3afa1, this model also doesn't have the
LED.
```
cat /sys/class/dmi/id/modalias
dmi:bvnLENOVO:bvrN1KET16W(1.03):bd01/20/2016:svnLENOVO:pn20FH001AMX:pvrThinkPadT560:rvnLENOVO:rn20FH001AMX:rvrSDK0J40705WIN:cvnLENOVO:ct10:cvrNone:
```
 2018-03-20 03:19:53 +09:00
Filipe Brandenburger c2887d565f macros: fix sysusers_create_inline (#8489) 
This typo was introduced in commit dd2490ae12 when using
here-documents for the macro values.
 2018-03-19 18:05:49 +01:00
Zbigniew Jędrzejewski-Szmek 912f7a9877
Merge pull request #8488 from yuwata/client-update 
Many client updates
 2018-03-19 17:58:14 +01:00
Yu Watanabe 11d6e9e9dc resolve: show more global settings in systemd-resolve --status 
Closes #8455.
 2018-03-20 00:44:47 +09:00
Yu Watanabe bf4e5c4cc6 resolve: expose global LLMNR, MulticastDNS, and DNSSEC settings as bus property 2018-03-20 00:44:44 +09:00
Yu Watanabe 3b85dace6d doc: update TODO 2018-03-20 00:44:41 +09:00
Yu Watanabe 07636114b1 bus-util: introduce bus_message_print_all_properties() 
Then, use it where applicable.
 2018-03-20 00:44:37 +09:00
Yu Watanabe 4679a8c301 systemctl: use bus_map_all_properties() in status command 2018-03-20 00:44:34 +09:00
Yu Watanabe 8559e61d64 systemctl: use string table for show() 2018-03-20 00:44:30 +09:00
Yu Watanabe f37f8a61c0 bus-util: make bus_map_all_properties() not copy string 2018-03-20 00:42:48 +09:00
Paride Legovini 16bed3afa1 hwdb: ThinkPad T450s doesn't have a caps lock led (#8433) 2018-03-19 15:56:11 +01:00
Yu Watanabe 4f00a11c73 bus-util: store boolean message to bool 2018-03-19 22:53:45 +09:00
Yu Watanabe 32b4727965 systemctl: use bus_map_all_properties() in list-dependencies command 2018-03-19 22:53:39 +09:00
Yu Watanabe ee5324aa04 tree-wide: voidify pager_open() 
Even if pager_open() fails, in general, we should continue the operations.
All erroneous cases in pager_open() show log message in the function.
So, it is not necessary to check the returned value.
 2018-03-19 21:04:02 +09:00
Yu Watanabe 24fcd009c3 man: mention 'status' is the default command for timedatectl 2018-03-19 21:04:02 +09:00
Yu Watanabe be90a88654 timedatectl: use dispatch_verb() 2018-03-19 21:04:02 +09:00
Yu Watanabe d4e0773b4d man: mention 'status' is the default command for localectl 2018-03-19 21:03:36 +09:00
Yu Watanabe 1d4ecb98be localectl: use dispatch_verb() 2018-03-19 21:03:36 +09:00
Yu Watanabe f46bc484f7 hostnamectl: use dispatch_verb() 2018-03-19 21:03:36 +09:00
Yu Watanabe a456324fef man: mention that 'status' is the default command for hostnamectl 2018-03-19 21:03:36 +09:00
Yu Watanabe 5ce97d33d0 coredumpctl: use dispatch_verb() 2018-03-19 21:03:36 +09:00
Yu Watanabe 5488660154 busctl: drop redundant pager_open() 2018-03-19 21:03:36 +09:00
Yu Watanabe cb05d2a514 busctl: add missing oom check 2018-03-19 21:03:36 +09:00
Yu Watanabe 9bb31a0c9f busctl: use dispatch_verb() 2018-03-19 21:03:36 +09:00
Yu Watanabe 15c3626e06 networkctl,hwdb: make verbs static 2018-03-19 21:03:35 +09:00
Yu Watanabe cc6861006e
Merge pull request #8399 from keszybz/systemctl-kexec 
Systemctl kexec buglet fixes
 2018-03-19 18:35:41 +09:00
Yu Watanabe bcabcde5d2
Merge pull request #8408 from keszybz/ln-relative 
bugs.fd.o bug archelogy
 2018-03-19 18:32:30 +09:00
Jan Janssen ac9cea5ba3 shutdown: Don't limit unmount attempts prematurely (#8469) 
Once upon a time shutdown.c didn't have the logic to check whether any
unmount attempts succeeded or not. So instead it kept looping for
a fixed amount and hoped all was right. Nowadays, we do know if we
changed anything during a iteration and also stop looping then, but
we still limit ourselves to FINALIZE_ATTEMPTS.

But, theoretically, we could have such a complicated and nested
setup that would survive that limit, leaving stuff around we
might actually be able to unmount. And we could also end up in a
situation where the extra loop with raised unmount error level could
be skipped too.

So let's just drop the retries logic and rely fully on the changed
flag.
 2018-03-19 18:27:49 +09:00
futpib e9ee721abd hwdb: fix accelerometer mount matrix for Asus TP300LD (#8327) (#8463) 2018-03-19 18:25:07 +09:00