Yu Watanabe
8a08bbfc98
network: drop static prefixes and static route prefixes earlier if IPv6PrefixDelegation=no or dhcpv6
2020-10-19 10:09:38 +09:00
Yu Watanabe
db5756f3f3
network: sort and rename elements in Network object
2020-10-19 10:09:38 +09:00
Yu Watanabe
69e0f833a3
network: introduce network_adjust_radv()
2020-10-19 10:09:38 +09:00
Yu Watanabe
a3c1a94947
network: clear DNS and domains for RA when an empty string is assigned
2020-10-19 10:09:38 +09:00
Yu Watanabe
5e2767720a
network: use string_hash_ops_free for search domains
2020-10-19 10:09:38 +09:00
Michal Koutný
0bc2f071e1
meson: Fix missing libseccomp dependencies
...
The builds with HAVE_SECCOMP fail on missing include paths:
FAILED: src/basic/libbasic.a.p/parse-util.c.o
cc -Isrc/basic/libbasic.a.p -Isrc/basic -I../src/basic -Isrc/boot -I../src/boot -Isrc/home -I../src/home -Isrc/shared -I../src/shared -Isrc/systemd -I../src/systemd -Isrc/journal -I../src/journal -Isrc/journal-remote -I../src/journal-remote -Isrc/nspawn -I../src/nspawn -Isrc/resolve -I../src/resolve -Isrc/timesync -I../src/timesync -I../src/time-wait-sync -Isrc/login -I../src/login -Isrc/udev -I../src/udev -Isrc/libudev -I../src/libudev -Isrc/core -I../src/core -Isrc/shutdown -I../src/shutdown -I../src/xdg-autostart-generator -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-resolve -Isrc/libsystemd-network -I../src/libsystemd-network -I. -I.. -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu99 -g -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Werror=undef -Wlogical-op -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wfloat-equal -Wsuggest-attribute=noreturn -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=missing-declarations -Werror=return-type -Werror=incompatible-pointer-types -Werror=format=2 -Wstrict-prototypes -Wredundant-decls -Wmissing-noreturn -Wimplicit-fallthrough=5 -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Werror=overflow -Werror=shift-count-overflow -Werror=shift-overflow=2 -Wdate-time -Wnested-externs -Wno-maybe-uninitialized -ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -fstack-protector -fstack-protector-strong --param=ssp-buffer-size=4 -Werror=shadow -include config.h -fPIC -pthread -fvisibility=default -MD -MQ src/basic/libbasic.a.p/parse-util.c.o -MF src/basic/libbasic.a.p/parse-util.c.o.d -o src/basic/libbasic.a.p/parse-util.c.o -c ../src/basic/parse-util.c
In file included from ../src/basic/parse-util.c:20:
../src/shared/seccomp-util.h:4:10: fatal error: seccomp.h: No such file or directory
4 | #include <seccomp.h>
| ^~~~~~~~~~~
compilation terminated.
FAILED: test-parse-util.p/src_test_test-parse-util.c.o
cc -Itest-parse-util.p -I. -I.. -Isrc/basic -I../src/basic -Isrc/boot -I../src/boot -Isrc/home -I../src/home -Isrc/shared -I../src/shared -Isrc/systemd -I../src/systemd -Isrc/journal -I../src/journal -Isrc/journal-remote -I../src/journal-remote -Isrc/nspawn -I../src/nspawn -Isrc/resolve -I../src/resolve -Isrc/timesync -I../src/timesync -I../src/time-wait-sync -Isrc/login -I../src/login -Isrc/udev -I../src/udev -Isrc/libudev -I../src/libudev -Isrc/core -I../src/core -Isrc/shutdown -I../src/shutdown -I../src/xdg-autostart-generator -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-resolve -Isrc/libsystemd-network -I../src/libsystemd-network -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu99 -g -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Werror=undef -Wlogical-op -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wfloat-equal -Wsuggest-attribute=noreturn -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=missing-declarations -Werror=return-type -Werror=incompatible-pointer-types -Werror=format=2 -Wstrict-prototypes -Wredundant-decls -Wmissing-noreturn -Wimplicit-fallthrough=5 -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Werror=overflow -Werror=shift-count-overflow -Werror=shift-overflow=2 -Wdate-time -Wnested-externs -Wno-maybe-uninitialized -ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -fstack-protector -fstack-protector-strong --param=ssp-buffer-size=4 -Werror=shadow -include config.h -MD -MQ test-parse-util.p/src_test_test-parse-util.c.o -MF test-parse-util.p/src_test_test-parse-util.c.o.d -o test-parse-util.p/src_test_test-parse-util.c.o -c ../src/test/test-parse-util.c
In file included from ../src/test/test-parse-util.c:14:
../src/shared/seccomp-util.h:4:10: fatal error: seccomp.h: No such file or directory
4 | #include <seccomp.h>
| ^~~~~~~~~~~
compilation terminated.
Add the respective deps.
Fixes: 005bfaf118
("exec: Add kill action to system call filters")
2020-10-16 12:30:24 +09:00
Yu Watanabe
dd82626a0d
Merge pull request #17361 from keszybz/oomd-introspection-stub
...
Implement --version,--bus-introspect in oomd, add man page for the dbus api
2020-10-16 12:24:37 +09:00
Lennart Poettering
6f997852c8
pid1: ignore whole /run/host hierarchy
...
Let's mark the whole /run/host hierarchy as something to ignore by PID 1
for generation of .mount units, i.e. consider it as "extrinsic".
By unifying container mgr supplied resources in one dir it's also easy
to exclude the whole lot from PID1's management inside the container.
This is the right thing to do, since from the payload's PoV these mounts
are just API and not manipulatable as they are established, managed and
owned by the container manager, not the payload.
(While we are it, also add the boot ID mount to the existing list, as
nspawn and other container managers overmount that too, typically, and
it is thus owned by the container manager and not the payload
typically.)
2020-10-15 17:16:36 +02:00
Zbigniew Jędrzejewski-Szmek
c9a00f5a3b
oomd: add names to dbus parameters and implement --bus-introspection
2020-10-15 15:03:49 +02:00
Zbigniew Jędrzejewski-Szmek
ddc543bed8
oomd: check number of arguments, add --version, fix indentation
2020-10-15 15:03:07 +02:00
Zbigniew Jędrzejewski-Szmek
69c0807432
Merge pull request #15206 from anitazha/systoomd-v0
...
systemd-oomd
2020-10-15 14:16:52 +02:00
Lennart Poettering
edfa55174b
systemctl: fix tabs indentations
2020-10-15 10:56:01 +02:00
Lennart Poettering
b8f736b30e
pager: lets check SYSTEMD_PAGERSECURE with secure_getenv()
...
I can't think of any real vulnerability about this, but it still feels
better to check a variable with "secure" in its name with
secure_getenv() rather than plain getenv().
Paranoia FTW!
2020-10-15 10:54:53 +02:00
Zbigniew Jędrzejewski-Szmek
cc6ceec23e
Merge pull request #17354 from dtardon/udev-cleanup
...
some udev cleanup
2020-10-15 08:01:01 +02:00
Zbigniew Jędrzejewski-Szmek
93a59b1ae5
sd-bus: break the loop in bus_ensure_running() if the bus is not connecting
...
This might fix #17025 :
> the call trace is
> bus_ensure_running -> sd_bus_process -> bus_process_internal -> process_closeing --> sd_bus_close
> |
> \-> process_match
We ended doing callouts to the Disconnected matches from bus_ensure_running()
and shouldn't. bus_ensure_running() should never do callouts. This change
should fix this however: once we notice that the connection is going down we
will now fail instantly with ENOTOCONN instead of calling any callbacks.
2020-10-15 11:15:03 +09:00
Yu Watanabe
956dbf361b
network: warn if dynamic gateway is specified but corresponding protocol is disabled
2020-10-15 07:07:46 +09:00
Yu Watanabe
22d37e5df6
network: introduce network_adjust_dhcp()
2020-10-15 07:06:58 +09:00
Yu Watanabe
3773eb5485
network: introduce network_adjust_ipv6_accept_ra()
2020-10-15 07:06:36 +09:00
Yu Watanabe
c27abcf4fb
network: when Gateway=_dhcp4, set several properties based on lease if they are not explicitly specified
...
Before this commit, event when Gateway=_dhcp4 or _ra is set, the
route was configured with 'protocol static', and other properties
specified by RouteTable=, RouteMTU=, or etc, were ignored.
This commit makes set the route protocol based on the protocol the
gateway address is obtained, and apply other settings if it is not
explicitly specified in the [Route] section.
2020-10-15 07:06:23 +09:00
Yu Watanabe
5bb80a4603
network: determine a [Route] section will be used or not by gateway family instead of route family
...
By this commit, user can configure dynamic IPv6 Gateway with IPv4
destination.
2020-10-15 07:06:03 +09:00
Yu Watanabe
c3d679c43f
network: when Gateway=_dhcp, assume gateway family based on other settings
2020-10-15 07:05:58 +09:00
Yu Watanabe
b8caa4ef34
network: rename Gateway=_dhcp6 -> Gateway=_ipv6ra
2020-10-15 07:04:02 +09:00
Yu Watanabe
1a3a6309a7
network: rename gateway_from_dhcp -> gateway_from_dhcp_or_ra
...
As for IPv6 case gateway is given by RA.
2020-10-15 06:58:53 +09:00
Lennart Poettering
1008f5b069
Merge pull request #17351 from poettering/exec-rt-typo-fix
...
fix one character typo in execute.c
2020-10-14 19:41:27 +02:00
Lennart Poettering
21ad331873
Merge pull request #17350 from poettering/bus-read-array
...
sd-bus: initialize return values on success in sd_bus_message_read_ar…
2020-10-14 19:41:01 +02:00
Lennart Poettering
64a7fcc5cd
bootctl: separate boot loader specific commands in man and --help
...
bootctl implements three types of operation: those that work with an EFI
boot loader, those which work with any EFI boot loader that implements
the boot loader spec + interface, and finally those specific to sd-boot.
Previously the --help text and the man page mixed them all up. Let's put
them clearly in three separate sections however, to communicate clearly
what is supposed to work everywhere, and what is specific to
systemd-boot or boot loaders implementing the two specs.
This adjusts wording here and there, but is mostly just about
re-ordering existing docs, and putting them under new sections.
2020-10-14 19:40:39 +02:00
David Tardon
af2e52f4aa
udev-rules: drop pointless cast
2020-10-14 19:31:30 +02:00
David Tardon
3b57baff7e
udev-ctrl: drop workaround for old kernel bug
...
It's been 7 years. That should be long enough :-)
This reverts commit b97caef538
.
2020-10-14 19:31:30 +02:00
Lennart Poettering
84fc961082
Merge pull request #17270 from keszybz/less-secure-mode
...
Use less in "secure" mode when under sudo
2020-10-14 18:33:10 +02:00
Lennart Poettering
b0eb40cda4
Merge pull request #17188 from keszybz/envvars-posix
...
Follow (mostly) POSIX rules for environment variables
2020-10-14 18:32:22 +02:00
Lennart Poettering
fc8bc57f6b
Merge pull request #16968 from yuwata/remove-old-device-on-move-event
...
core, udev: remove old device on move event
2020-10-14 17:49:37 +02:00
Lennart Poettering
6293d958a4
sd-bus: initialize return values on success in sd_bus_message_read_array()
...
Fixes : #17346
2020-10-14 17:35:00 +02:00
Lennart Poettering
7848cb8c57
Merge pull request #17338 from poettering/close-range
...
make use of new kernel 5.9 close_range() syscall in close_all_fds()
2020-10-14 17:22:15 +02:00
Lennart Poettering
670eed4c8c
core: debug log about received fds
2020-10-14 16:41:37 +02:00
Lennart Poettering
74aaf59b1a
execute: make sure some more functions follow coding style
...
Initialize all return values on success, as our usual coding style
suggests.
2020-10-14 16:41:37 +02:00
Lennart Poettering
f5fa352f1e
execute: fix single character typo
...
Corrects: c413bb28df
Fixes : #17313
2020-10-14 16:41:37 +02:00
Yu Watanabe
fd8f865c9f
Merge pull request #17342 from yuwata/network-dhcp-ipv4-acd-fixes
...
network: fixes several issues in IPv4 DAD for DHCP4
2020-10-14 23:12:41 +09:00
Zbigniew Jędrzejewski-Szmek
547f724f7a
Merge pull request #17267 from yuwata/hashmap_put_strdup
...
hashmap: make hashmap_put_strdup() take hash_ops
2020-10-14 15:05:15 +02:00
Zbigniew Jędrzejewski-Szmek
540e0bad3e
Merge pull request #17316 from yuwata/network-address-ipv4-peer-issue-17304
...
network: directly compare with in_addr element for IPv4 case
2020-10-14 15:02:14 +02:00
Yu Watanabe
dfc637d0ff
Merge pull request #17341 from yuwata/sd-dhcp-client-fix-eexist-issue-16964
...
sd-dhcp: make sd_dhcp_client_set_request_option() not return -EEXIST
2020-10-14 18:55:39 +09:00
Yu Watanabe
0e569a439a
network: start dynamic addressing clients like DHCP after setting netdevs
...
The function link_acquire_conf() may make the link state 'configuring'
when DHCP6 PD is enabled. Previously link_acquire_conf() was called
before link_enter_join_netdev(), and thus the assertion in the function
might be triggered.
Fixes #17329 .
2020-10-14 10:52:02 +02:00
Lennart Poettering
59c4bbfb93
test-fd-util: add test case for close_all_fd()
2020-10-14 10:40:32 +02:00
Lennart Poettering
b8cfa2da7c
fd-util: port close_all_fds() to close_range()
2020-10-14 10:40:29 +02:00
Lennart Poettering
441e0fdb90
missing: add close_range() wrapper
...
The syscall was added in 5.9 and is not yet exposed in glibc, hence
define our own wrapper.
2020-10-14 10:40:10 +02:00
Lennart Poettering
6ea0d25c57
seccomp: allowlist close_range() by default in @basic-io
2020-10-14 10:40:06 +02:00
Lennart Poettering
562b01e996
alloc-util: avoid allocating zero size memory blocks
...
It's not clear what libc's make of this. We clamp to 1 byte allocations
in most cases already, let's add this for a few where this was missing.
2020-10-14 10:39:48 +02:00
Lennart Poettering
a748b122be
analyze: show ungrouped syscalls separately ( #17343 )
...
This updates the "systemd-analyze syscall-filter" command to show a
special section of syscalls that are included in @known but in no other
group. Typically this should show syscalls we either should add to any
of the existing groups or where we unsure were they best fit in.
Right now, it mostly shows arch-specific compat syscalls, we probably
should move "@obsolete". This patch doesn't add thta however.
2020-10-14 10:31:59 +02:00
Zbigniew Jędrzejewski-Szmek
0a42426d79
pager: make pager secure when under euid is changed or explicitly requested
...
The variable is renamed to SYSTEMD_PAGERSECURE (because it's not just about
less now), and we automatically enable secure mode in certain cases, but not
otherwise.
This approach is more nuanced, but should provide a better experience for
users:
- Previusly we would set LESSSECURE=1 and trust the pager to make use of
it. But this has an effect only on less. We need to not start pagers which
are insecure when in secure mode. In particular more is like that and is a
very popular pager.
- We don't enable secure mode always, which means that those other pagers can
reasonably used.
- We do the right thing by default, but the user has ultimate control by
setting SYSTEMD_PAGERSECURE.
Fixes #5666 .
v2:
- also check $PKEXEC_UID
v3:
- use 'sd_pid_get_owner_uid() != geteuid()' as the condition
2020-10-14 10:04:12 +02:00
Yu Watanabe
5431227400
network: update MAC address in IPv4ACD client for DHCP4
2020-10-14 15:38:29 +09:00
Yu Watanabe
a7df5cae54
network: also stop IPv4ACD client in link_stop_clients()
2020-10-14 15:38:29 +09:00