Zbigniew Jędrzejewski-Szmek
afa4e4a9db
docs: let's not close the milestone early
2019-04-03 16:23:43 +02:00
Lennart Poettering
3b4ce4b08c
Merge pull request #12202 from keszybz/seccomp-arm64
...
Fixes for S[GU]ID filter on arm64
2019-04-03 15:47:18 +02:00
Zbigniew Jędrzejewski-Szmek
da4dc9a674
seccomp: rework how the S[UG]ID filter is installed
...
If we know that a syscall is undefined on the given architecture, don't
even try to add it.
Try to install the filter even if some syscalls fail. Also use a helper
function to make the whole a bit less magic.
This allows the S[UG]ID test to pass on arm64.
2019-04-03 13:33:06 +02:00
Zbigniew Jędrzejewski-Szmek
dff6c6295b
test-seccomp: fix compilation on arm64
...
It has no open().
2019-04-03 13:24:43 +02:00
Zbigniew Jędrzejewski-Szmek
51be9a8c41
kernel-install: add a check that the vmlinuz arg is sane
2019-04-03 11:25:40 +02:00
Zbigniew Jędrzejewski-Szmek
f5a44d42af
docs: update release steps for meson
2019-04-03 11:25:15 +02:00
Zbigniew Jędrzejewski-Szmek
7eb8a47e42
build-sys: bump package version
2019-04-03 10:00:14 +02:00
Zbigniew Jędrzejewski-Szmek
d822bd4e26
Merge pull request #12121 from poettering/contrib
2019-04-03 09:53:51 +02:00
Lennart Poettering
570ee29ce1
docs: fix path to unit files
2019-04-03 13:47:12 +09:00
Davide Cavalca
639dd43a36
core: fix build failure if seccomp is disabled
2019-04-03 13:46:32 +09:00
Lennart Poettering
b2b33eb064
Revert "build: install /etc/systemd/{system,user}-generators"
...
This reverts commit 509276f2b7
.
2019-04-02 21:09:35 +02:00
Yu Watanabe
33ca308f38
Merge pull request #12188 from poettering/coccinelle-fixlets
...
tree-wide: let's run coccinelle again
2019-04-03 01:46:54 +09:00
Lennart Poettering
2eb466fc10
update NEWS
2019-04-02 17:31:41 +02:00
Lennart Poettering
bfe6bb2007
meson: bump so versions
...
Since we aren't quite ready for release v242 yet, let's not bump the
package version yet, but let's already bump the soversion.
2019-04-02 17:31:41 +02:00
Lennart Poettering
5b2fc74fca
NEWS: add preliminary contributor list
2019-04-02 17:31:41 +02:00
Lennart Poettering
e67ccb54a2
update .mailmap
2019-04-02 17:31:00 +02:00
Lennart Poettering
82c604607f
Merge pull request #12056 from poettering/seccomp-suid-sgid
...
Introduce RestrictSUIDSGID= for disabling SUID/SGID file creation
2019-04-02 17:30:11 +02:00
Lennart Poettering
6d85ba7299
update TODO
2019-04-02 16:56:48 +02:00
Lennart Poettering
bf65b7e0c9
core: imply NNP and SUID/SGID restriction for DynamicUser=yes service
...
Let's be safe, rather than sorry. This way DynamicUser=yes services can
neither take benefit of, nor create SUID/SGID binaries.
Given that DynamicUser= is a recent addition only we should be able to
get away with turning this on, even though this is strictly speaking a
binary compatibility breakage.
2019-04-02 16:56:48 +02:00
Lennart Poettering
62aa29247c
units: turn on RestrictSUIDSGID= in most of our long-running daemons
2019-04-02 16:56:48 +02:00
Lennart Poettering
7445db6eb7
man: document the new RestrictSUIDSGID= setting
2019-04-02 16:56:48 +02:00
Lennart Poettering
9d880b70ba
analyze: check for RestrictSUIDSGID= in "systemd-analyze security"
...
And let's give it a heigh weight, since it pretty much can be used for
bad things only.
2019-04-02 16:56:48 +02:00
Lennart Poettering
f69567cbe2
core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID=
2019-04-02 16:56:48 +02:00
Lennart Poettering
167fc10cb3
test: add test case for restrict_suid_sgid()
2019-04-02 16:56:48 +02:00
Lennart Poettering
3c27973b13
seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files
2019-04-02 16:56:48 +02:00
Lennart Poettering
9e6e543c17
seccomp: add debug messages to seccomp_protect_hostname()
2019-04-02 16:56:48 +02:00
Lennart Poettering
42561fc99c
core: add a generic helper that forwards per-unit method calls from Manager
...
Quite often we have a method DoSomethingWithUnit() on the Manager object
that is the same as a function DoSomething() on a Unit object. Let's
shorten things by introducing a common function that forwards the
former to the latter, instead of writing this again and again.
2019-04-02 16:38:20 +02:00
Zbigniew Jędrzejewski-Szmek
237ebf61e2
Merge pull request #12013 from yuwata/fix-switchroot-11997
...
core: on switching root do not emit device state change based on enumeration results
2019-04-02 16:06:07 +02:00
Lennart Poettering
568ee8fc46
udev: use strempty() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
02dab76e93
json: use SYNTHETIC_ERRNO() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
bab4820ee2
sd-event: use DIV_ROUND_UP where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
39f2bc6e7e
sd-device: use xsprintf() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
c614711386
tree-wide: use SYNTHETIC_ERRNO() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
c1db999eb8
boot: use TAKE_PTR() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
a7798cd81b
tree-wide: use reallocarray() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
0c21dafb54
util-lib: use FLAGS_SET() where appropriate
2019-04-02 14:54:38 +02:00
Lennart Poettering
d737b451fe
analyze: use empty_or_root() where appropriate
2019-04-02 14:53:25 +02:00
Zbigniew Jędrzejewski-Szmek
84ce204a93
Merge pull request #12185 from poettering/login-unstore-fd
...
logind: remove unused fds from fdstore
2019-04-02 14:27:27 +02:00
Zbigniew Jędrzejewski-Szmek
8a306989b3
Merge pull request #12186 from poettering/lgtm-updates
...
lgtm ruleset updates
2019-04-02 14:19:27 +02:00
Zbigniew Jędrzejewski-Szmek
2356d683f8
Merge pull request #12183 from poettering/askpwargv
...
tty-ask-password: let's copy argv[] before forking
2019-04-02 13:50:14 +02:00
Frantisek Sumsal
1a862e2151
journal: LGTM doesn't recognize suppressions in /* */
2019-04-02 12:47:14 +02:00
Lennart Poettering
f71611fed2
test: stop using dup() needlessly
2019-04-02 12:45:46 +02:00
Lennart Poettering
9b4805421e
lgtm: beef up list of dangerous/questionnable API calls not to make
2019-04-02 12:45:46 +02:00
Lennart Poettering
efc19ee485
logind: when we cannot attach a passed fd to a device, close it
...
Replaces: #8532
2019-04-02 11:52:58 +02:00
Lennart Poettering
883d1b01b0
logind: simplify removal of device fds
...
let's use sd_notifyf(). Let's also stop validating the session ID here.
This is the destructor. if it contains a dash, we are already too late
here anyway.
2019-04-02 11:51:50 +02:00
Chris Morin
924426a703
journal-remote: use source's boot-id
...
systemd-journal-remote always wrote the boot-id of the device it was running on
to the header of its journal files. When the source had a different boot-id
(because it was generated on a different boot, or a different device), the
boot-ids in the file were inconsistent. The _BOOT_ID field was that of the
source, but the journal file header and each entry object header were that of
the device systemd-journal-remote ran on. This breaks journalctl --list-boots
on any of these files.
Set the boot-id in the header to be that of the source. This also fixes the
entry object headers.
2019-04-02 10:32:21 +02:00
Yu Watanabe
52cf2b13a0
ipv4ll: do not reset seed generation counter on restart
...
Fixes #12145 .
2019-04-02 10:27:30 +02:00
Lennart Poettering
d9550542a8
Merge pull request #12007 from poettering/clock-change
...
.timer OnClockChange= and OnTimezoneChange= settings
2019-04-02 10:24:35 +02:00
Lennart Poettering
189b03779e
tty-ask-password: re-break comment
2019-04-02 10:19:23 +02:00
Lennart Poettering
d850296466
tty-ask-password: simplify signal handler installation
2019-04-02 10:19:22 +02:00