picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
47437 commits 2 branches 0 tags 166 MiB
Commit graph

30887 commits

Author SHA1 Message Date
Yu Watanabe 8a08bbfc98 network: drop static prefixes and static route prefixes earlier if IPv6PrefixDelegation=no or dhcpv6 2020-10-19 10:09:38 +09:00
Yu Watanabe db5756f3f3 network: sort and rename elements in Network object 2020-10-19 10:09:38 +09:00
Yu Watanabe 69e0f833a3 network: introduce network_adjust_radv() 2020-10-19 10:09:38 +09:00
Yu Watanabe a3c1a94947 network: clear DNS and domains for RA when an empty string is assigned 2020-10-19 10:09:38 +09:00
Yu Watanabe 5e2767720a network: use string_hash_ops_free for search domains 2020-10-19 10:09:38 +09:00
Michal Koutný 0bc2f071e1 meson: Fix missing libseccomp dependencies 
The builds with HAVE_SECCOMP fail on missing include paths:

FAILED: src/basic/libbasic.a.p/parse-util.c.o
cc -Isrc/basic/libbasic.a.p -Isrc/basic -I../src/basic -Isrc/boot -I../src/boot -Isrc/home -I../src/home -Isrc/shared -I../src/shared -Isrc/systemd -I../src/systemd -Isrc/journal -I../src/journal -Isrc/journal-remote -I../src/journal-remote -Isrc/nspawn -I../src/nspawn -Isrc/resolve -I../src/resolve -Isrc/timesync -I../src/timesync -I../src/time-wait-sync -Isrc/login -I../src/login -Isrc/udev -I../src/udev -Isrc/libudev -I../src/libudev -Isrc/core -I../src/core -Isrc/shutdown -I../src/shutdown -I../src/xdg-autostart-generator -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-resolve -Isrc/libsystemd-network -I../src/libsystemd-network -I. -I.. -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu99 -g -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Werror=undef -Wlogical-op -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wfloat-equal -Wsuggest-attribute=noreturn -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=missing-declarations -Werror=return-type -Werror=incompatible-pointer-types -Werror=format=2 -Wstrict-prototypes -Wredundant-decls -Wmissing-noreturn -Wimplicit-fallthrough=5 -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Werror=overflow -Werror=shift-count-overflow -Werror=shift-overflow=2 -Wdate-time -Wnested-externs -Wno-maybe-uninitialized -ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -fstack-protector -fstack-protector-strong --param=ssp-buffer-size=4 -Werror=shadow -include config.h -fPIC -pthread -fvisibility=default -MD -MQ src/basic/libbasic.a.p/parse-util.c.o -MF src/basic/libbasic.a.p/parse-util.c.o.d -o src/basic/libbasic.a.p/parse-util.c.o -c ../src/basic/parse-util.c
In file included from ../src/basic/parse-util.c:20:
../src/shared/seccomp-util.h:4:10: fatal error: seccomp.h: No such file or directory
    4 | #include <seccomp.h>
      |          ^~~~~~~~~~~
compilation terminated.

FAILED: test-parse-util.p/src_test_test-parse-util.c.o
cc -Itest-parse-util.p -I. -I.. -Isrc/basic -I../src/basic -Isrc/boot -I../src/boot -Isrc/home -I../src/home -Isrc/shared -I../src/shared -Isrc/systemd -I../src/systemd -Isrc/journal -I../src/journal -Isrc/journal-remote -I../src/journal-remote -Isrc/nspawn -I../src/nspawn -Isrc/resolve -I../src/resolve -Isrc/timesync -I../src/timesync -I../src/time-wait-sync -Isrc/login -I../src/login -Isrc/udev -I../src/udev -Isrc/libudev -I../src/libudev -Isrc/core -I../src/core -Isrc/shutdown -I../src/shutdown -I../src/xdg-autostart-generator -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-resolve -Isrc/libsystemd-network -I../src/libsystemd-network -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu99 -g -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Werror=undef -Wlogical-op -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wfloat-equal -Wsuggest-attribute=noreturn -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=missing-declarations -Werror=return-type -Werror=incompatible-pointer-types -Werror=format=2 -Wstrict-prototypes -Wredundant-decls -Wmissing-noreturn -Wimplicit-fallthrough=5 -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Werror=overflow -Werror=shift-count-overflow -Werror=shift-overflow=2 -Wdate-time -Wnested-externs -Wno-maybe-uninitialized -ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -fstack-protector -fstack-protector-strong --param=ssp-buffer-size=4 -Werror=shadow -include config.h -MD -MQ test-parse-util.p/src_test_test-parse-util.c.o -MF test-parse-util.p/src_test_test-parse-util.c.o.d -o test-parse-util.p/src_test_test-parse-util.c.o -c ../src/test/test-parse-util.c
In file included from ../src/test/test-parse-util.c:14:
../src/shared/seccomp-util.h:4:10: fatal error: seccomp.h: No such file or directory
    4 | #include <seccomp.h>
      |          ^~~~~~~~~~~
compilation terminated.

Add the respective deps.

Fixes: 005bfaf118 ("exec: Add kill action to system call filters")
 2020-10-16 12:30:24 +09:00
Yu Watanabe dd82626a0d
Merge pull request #17361 from keszybz/oomd-introspection-stub 
Implement --version,--bus-introspect in oomd, add man page for the dbus api
 2020-10-16 12:24:37 +09:00
Lennart Poettering 6f997852c8 pid1: ignore whole /run/host hierarchy 
Let's mark the whole /run/host hierarchy as something to ignore by PID 1
for generation of .mount units, i.e. consider it as "extrinsic".

By unifying container mgr supplied resources in one dir it's also easy
to exclude the whole lot from PID1's management inside the container.
This is the right thing to do, since from the payload's PoV these mounts
are just API and not manipulatable as they are established, managed and
owned by the container manager, not the payload.

(While we are it, also add the boot ID mount to the existing list, as
nspawn and other container managers overmount that too, typically, and
it is thus owned by the container manager and not the payload
typically.)
 2020-10-15 17:16:36 +02:00
Zbigniew Jędrzejewski-Szmek c9a00f5a3b oomd: add names to dbus parameters and implement --bus-introspection 2020-10-15 15:03:49 +02:00
Zbigniew Jędrzejewski-Szmek ddc543bed8 oomd: check number of arguments, add --version, fix indentation 2020-10-15 15:03:07 +02:00
Zbigniew Jędrzejewski-Szmek 69c0807432
Merge pull request #15206 from anitazha/systoomd-v0 
systemd-oomd
 2020-10-15 14:16:52 +02:00
Lennart Poettering edfa55174b systemctl: fix tabs indentations 2020-10-15 10:56:01 +02:00
Lennart Poettering b8f736b30e pager: lets check SYSTEMD_PAGERSECURE with secure_getenv() 
I can't think of any real vulnerability about this, but it still feels
better to check a variable with "secure" in its name with
secure_getenv() rather than plain getenv().

Paranoia FTW!
 2020-10-15 10:54:53 +02:00
Zbigniew Jędrzejewski-Szmek cc6ceec23e
Merge pull request #17354 from dtardon/udev-cleanup 
some udev cleanup
 2020-10-15 08:01:01 +02:00
Zbigniew Jędrzejewski-Szmek 93a59b1ae5 sd-bus: break the loop in bus_ensure_running() if the bus is not connecting 
This might fix #17025:
> the call trace is
> bus_ensure_running -> sd_bus_process -> bus_process_internal -> process_closeing --> sd_bus_close
>                                                                                  |
>                                                                                  \-> process_match

We ended doing callouts to the Disconnected matches from bus_ensure_running()
and shouldn't. bus_ensure_running() should never do callouts. This change
should fix this however: once we notice that the connection is going down we
will now fail instantly with ENOTOCONN instead of calling any callbacks.
 2020-10-15 11:15:03 +09:00
Yu Watanabe 956dbf361b network: warn if dynamic gateway is specified but corresponding protocol is disabled 2020-10-15 07:07:46 +09:00
Yu Watanabe 22d37e5df6 network: introduce network_adjust_dhcp() 2020-10-15 07:06:58 +09:00
Yu Watanabe 3773eb5485 network: introduce network_adjust_ipv6_accept_ra() 2020-10-15 07:06:36 +09:00
Yu Watanabe c27abcf4fb network: when Gateway=_dhcp4, set several properties based on lease if they are not explicitly specified 
Before this commit, event when Gateway=_dhcp4 or _ra is set, the
route was configured with 'protocol static', and other properties
specified by RouteTable=, RouteMTU=, or etc, were ignored.

This commit makes set the route protocol based on the protocol the
gateway address is obtained, and apply other settings if it is not
explicitly specified in the [Route] section.
 2020-10-15 07:06:23 +09:00
Yu Watanabe 5bb80a4603 network: determine a [Route] section will be used or not by gateway family instead of route family 
By this commit, user can configure dynamic IPv6 Gateway with IPv4
destination.
 2020-10-15 07:06:03 +09:00
Yu Watanabe c3d679c43f network: when Gateway=_dhcp, assume gateway family based on other settings 2020-10-15 07:05:58 +09:00
Yu Watanabe b8caa4ef34 network: rename Gateway=_dhcp6 -> Gateway=_ipv6ra 2020-10-15 07:04:02 +09:00
Yu Watanabe 1a3a6309a7 network: rename gateway_from_dhcp -> gateway_from_dhcp_or_ra 
As for IPv6 case gateway is given by RA.
 2020-10-15 06:58:53 +09:00
Lennart Poettering 1008f5b069
Merge pull request #17351 from poettering/exec-rt-typo-fix 
fix one character typo in execute.c
 2020-10-14 19:41:27 +02:00
Lennart Poettering 21ad331873
Merge pull request #17350 from poettering/bus-read-array 
sd-bus: initialize return values on success in sd_bus_message_read_ar…
 2020-10-14 19:41:01 +02:00
Lennart Poettering 64a7fcc5cd bootctl: separate boot loader specific commands in man and --help 
bootctl implements three types of operation: those that work with an EFI
boot loader, those which work with any EFI boot loader that implements
the boot loader spec + interface, and finally those specific to sd-boot.
Previously the --help text and the man page mixed them all up. Let's put
them clearly in three separate sections however, to communicate clearly
what is supposed to work everywhere, and what is specific to
systemd-boot or boot loaders implementing the two specs.

This adjusts wording here and there, but is mostly just about
re-ordering existing docs, and putting them under new sections.
 2020-10-14 19:40:39 +02:00
David Tardon af2e52f4aa udev-rules: drop pointless cast 2020-10-14 19:31:30 +02:00
David Tardon 3b57baff7e udev-ctrl: drop workaround for old kernel bug 
It's been 7 years. That should be long enough :-)

This reverts commit b97caef538.
 2020-10-14 19:31:30 +02:00
Lennart Poettering 84fc961082
Merge pull request #17270 from keszybz/less-secure-mode 
Use less in "secure" mode when under sudo
 2020-10-14 18:33:10 +02:00
Lennart Poettering b0eb40cda4
Merge pull request #17188 from keszybz/envvars-posix 
Follow (mostly) POSIX rules for environment variables
 2020-10-14 18:32:22 +02:00
Lennart Poettering fc8bc57f6b
Merge pull request #16968 from yuwata/remove-old-device-on-move-event 
core, udev: remove old device on move event
 2020-10-14 17:49:37 +02:00
Lennart Poettering 6293d958a4 sd-bus: initialize return values on success in sd_bus_message_read_array() 
Fixes: #17346
 2020-10-14 17:35:00 +02:00
Lennart Poettering 7848cb8c57
Merge pull request #17338 from poettering/close-range 
make use of new kernel 5.9 close_range() syscall in close_all_fds()
 2020-10-14 17:22:15 +02:00
Lennart Poettering 670eed4c8c core: debug log about received fds 2020-10-14 16:41:37 +02:00
Lennart Poettering 74aaf59b1a execute: make sure some more functions follow coding style 
Initialize all return values on success, as our usual coding style
suggests.
 2020-10-14 16:41:37 +02:00
Lennart Poettering f5fa352f1e execute: fix single character typo 
Corrects: c413bb28df

Fixes: #17313
 2020-10-14 16:41:37 +02:00
Yu Watanabe fd8f865c9f
Merge pull request #17342 from yuwata/network-dhcp-ipv4-acd-fixes 
network: fixes several issues in IPv4 DAD for DHCP4
 2020-10-14 23:12:41 +09:00
Zbigniew Jędrzejewski-Szmek 547f724f7a
Merge pull request #17267 from yuwata/hashmap_put_strdup 
hashmap: make hashmap_put_strdup() take hash_ops
 2020-10-14 15:05:15 +02:00
Zbigniew Jędrzejewski-Szmek 540e0bad3e
Merge pull request #17316 from yuwata/network-address-ipv4-peer-issue-17304 
network: directly compare with in_addr element for IPv4 case
 2020-10-14 15:02:14 +02:00
Yu Watanabe dfc637d0ff
Merge pull request #17341 from yuwata/sd-dhcp-client-fix-eexist-issue-16964 
sd-dhcp: make sd_dhcp_client_set_request_option() not return -EEXIST
 2020-10-14 18:55:39 +09:00
Yu Watanabe 0e569a439a network: start dynamic addressing clients like DHCP after setting netdevs 
The function link_acquire_conf() may make the link state 'configuring'
when DHCP6 PD is enabled. Previously link_acquire_conf() was called
before link_enter_join_netdev(), and thus the assertion in the function
might be triggered.

Fixes #17329.
 2020-10-14 10:52:02 +02:00
Lennart Poettering 59c4bbfb93 test-fd-util: add test case for close_all_fd() 2020-10-14 10:40:32 +02:00
Lennart Poettering b8cfa2da7c fd-util: port close_all_fds() to close_range() 2020-10-14 10:40:29 +02:00
Lennart Poettering 441e0fdb90 missing: add close_range() wrapper 
The syscall was added in 5.9 and is not yet exposed in glibc, hence
define our own wrapper.
 2020-10-14 10:40:10 +02:00
Lennart Poettering 6ea0d25c57 seccomp: allowlist close_range() by default in @basic-io 2020-10-14 10:40:06 +02:00
Lennart Poettering 562b01e996 alloc-util: avoid allocating zero size memory blocks 
It's not clear what libc's make of this. We clamp to 1 byte allocations
in most cases already, let's add this for a few where this was missing.
 2020-10-14 10:39:48 +02:00
Lennart Poettering a748b122be
analyze: show ungrouped syscalls separately (#17343) 
This updates the "systemd-analyze syscall-filter" command to show a
special section of syscalls that are included in @known but in no other
group. Typically this should show syscalls we either should add to any
of the existing groups or where we unsure were they best fit in.

Right now, it mostly shows arch-specific compat syscalls, we probably
should move "@obsolete". This patch doesn't add thta however.
 2020-10-14 10:31:59 +02:00
Zbigniew Jędrzejewski-Szmek 0a42426d79 pager: make pager secure when under euid is changed or explicitly requested 
The variable is renamed to SYSTEMD_PAGERSECURE (because it's not just about
less now), and we automatically enable secure mode in certain cases, but not
otherwise.

This approach is more nuanced, but should provide a better experience for
users:

- Previusly we would set LESSSECURE=1 and trust the pager to make use of
  it. But this has an effect only on less. We need to not start pagers which
  are insecure when in secure mode. In particular more is like that and is a
  very popular pager.

- We don't enable secure mode always, which means that those other pagers can
  reasonably used.

- We do the right thing by default, but the user has ultimate control by
  setting SYSTEMD_PAGERSECURE.

Fixes #5666.

v2:
- also check $PKEXEC_UID

v3:
- use 'sd_pid_get_owner_uid() != geteuid()' as the condition
 2020-10-14 10:04:12 +02:00
Yu Watanabe 5431227400 network: update MAC address in IPv4ACD client for DHCP4 2020-10-14 15:38:29 +09:00
Yu Watanabe a7df5cae54 network: also stop IPv4ACD client in link_stop_clients() 2020-10-14 15:38:29 +09:00