Commit graph

47321 commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek 8f335169e2
Merge pull request #17190 from poettering/udev-opath
udev: manipulate device nodes with O_PATH
2020-09-29 13:53:41 +02:00
Lennart Poettering 3354f5003c resolved: imply SD_RESOLVED_NO_SEARCH when looking up trailing dot domains
Let's turn off the search domain logic if a trailing dot is specified
when looking up hostnames and RRs via the Varlink + D-Bus APIs (and thus
also when doing so via nss-resolve). (This doesn't affect lookups via
the stub, since for the any search path logic is done client side
anyway)

It might make sense to force the DNS protocol in this case too (and
disable LLMR + mDNS), but we'll leave that for a different PR — if it
even makes sense. It might also make sense to disable the logic of never
routing single-label lookups to the Internet if a trailing to is
specified, but this needs more discussion too.
2020-09-29 12:12:03 +02:00
Lennart Poettering 64c82c25ab dns-domain: add helper that checks whether domain is dot suffixed 2020-09-29 12:09:16 +02:00
Yu Watanabe 3cb7af5baa man: update InitialCongestionWindow= and InitialAdvertisedReceiveWindow=
Fixes #16643.
2020-09-29 16:05:43 +09:00
Anita Zhang 21892cc46b
Merge pull request #17186 from poettering/tmpfiles-cleanup-man-fix
man: fix reference to unit file
2020-09-28 23:48:28 -07:00
Yu Watanabe fef160b5ab network: limit InitialCongestionWindow= and InitialAdvertisedReceiveWindow= value
Strivtly speaking, this breaks backward compatibility. But setting
too large value into them, then their networking easily breaks.
Note that typically 100 for them is event too large. So, ommiting the
values equal or higher than 1024, and dropping support of k, M, and G
suffixes is OK for normal appropriate use cases.

See discussion in #16643.
2020-09-29 13:55:17 +09:00
Lennart Poettering a7fdc6cbd3 udev: apply access mode/ownership to device nodes with O_PATH
Let's open the device node to modify with O_PATH, and then adjust it
only after verifying everything is in order. This fixes a race where the
a device appears, disappears and quickly reappers, while we are still
running the rules for the first appearance: when going by path we'd
possibly adjust half of the old and half of the new node. By O_PATH we
can pin the node while we operate on it, thus removing the race.

Previously, we'd do a superficial racey check if the device node changed
undearneath us, and would propagate EEXIST in that case, failing the
rule set. With this change we'll instead gracefully handle this, exactly
like in the pre-existing case when the device node disappeared in the
meantime.
2020-09-28 18:45:54 +02:00
Lennart Poettering f25bff5eaf fs-util: add new futimens_opath() helper
futimens() that works for O_PATH fds.
2020-09-28 18:45:54 +02:00
Lennart Poettering 9271daeed7 selinux: add apis to set labels/fix labels per fd instead of path 2020-09-28 18:45:54 +02:00
Lennart Poettering b9daaedbb9 udev-util: simplify device_is_renaming() error handling 2020-09-28 18:45:54 +02:00
Lennart Poettering 6d3702f97c update TODO 2020-09-28 18:43:33 +02:00
Lennart Poettering 6457e88902 man: fix reference to unit file
It' "systemd-tmpfiles-clean" not "systemd-tmpfiles-cleanup"

Fixes: #17171
2020-09-28 16:31:07 +02:00
RussianNeuroMancer 714fdbad84 Prevent triple reporting of rfkill button on HP Elite x2 1013 G3, plus five other hotkeys
1. rfkill hotkey is reported from three source: keyboard, Intel HID and HP Wireless hotkeys. Let's block first two.
2. Correct mapping for calendar, micmute, display and brightness hotkeys.
2020-09-28 12:45:12 +02:00
Anita Zhang 7d9eea2bd3 core: move reset_arguments() to the end of main's finish
Fixes #16991

fb39af4ce4 replaced `free_arguments()` with
`reset_arguments()`, which frees arg_* variables as before, but also resets all
of them to the default values. `reset_arguments()` was positioned
in such a way that it overrode some arg_* values still in use at shutdown.

To avoid further unintentional resets, I moved `reset_arguments()`
right before the return, when nothing else will be using the arg_* variables.
2020-09-28 12:39:30 +02:00
RussianNeuroMancer e535434d47 Add accel mount matrix for Irbis NB111 transformer 2020-09-28 12:36:45 +02:00
bauen1 19cd4e1967 core: ensure that namespace tmp directories always get the correct label
If a namespace with PrivateTmp=true is constructed we need to restore
the context of the namespaces /tmp directory (i.e.
/tmp/systemd-private-XXXXX/tmp) to the (default) context of /tmp .
Otherwise filetransitions might result in the namespaces tmp directory
having the wrong context.
2020-09-28 12:36:07 +02:00
Samuel BF d99d1aaa21 Removing unused n_fields in journal-gatewayd 2020-09-28 12:18:17 +02:00
Luca Boccassi feee7f6288 libcrypt-util: use build-time check for crypt_preferred_method
After https://github.com/systemd/systemd/pull/16981 only the presence of crypt_gensalt_ra
is checked, but there are cases where that function is available but crypt_preferred_method
is not, and they are used in the same ifdef.
Add a check for the latter as well.
2020-09-28 10:23:48 +02:00
Oğuz Ersen 78d411cb97 Translated using Weblate (Turkish)
Currently translated at 100.0% (133 of 133 strings)

Co-authored-by: Oğuz Ersen <oguzersen@protonmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/tr/
Translation: systemd/master
2020-09-26 19:36:31 +02:00
Lennart Poettering 911ba62408 repart: use proper API to check if block device can do partition scanning
We have the API wrapper already, hence use it, instead of using a
limited version of it that only works for loopback devices.
2020-09-26 18:31:48 +02:00
huangyong 49580df38c Add Chinese translation 2020-09-26 18:23:05 +02:00
Lennart Poettering 3b493d94ae mount-util: show mount source in mount_verbose_full() debug output 2020-09-25 17:55:39 +02:00
Lennart Poettering e25a0a69be
Merge pull request #17166 from poettering/loop-mini-fixes
two minor fixes to the loop block device handling
2020-09-25 17:55:18 +02:00
Zbigniew Jędrzejewski-Szmek 28add648a8 coredump: use uid_is_system() when appropriate 2020-09-25 17:18:56 +02:00
Zbigniew Jędrzejewski-Szmek 98dcb8f4c7 Move {uid,gid}_is_*() from basic to shared
Those are functions that express policy, and nothing in basic/ uses
(or should use) them.
2020-09-25 17:18:56 +02:00
Lennart Poettering 77ad674b51 loop-util: apparently opening a loop device sometimes results in ENXIO, handle this 2020-09-25 16:03:05 +02:00
Lennart Poettering 0950526afd loop-util: use right flags field 2020-09-25 16:02:56 +02:00
Lennart Poettering ea223d3d3e
Merge pull request #17148 from jlebon/pr/crypt-source
cryptsetup-generator: use "/proc/cmdline" as source when appropriate
2020-09-25 15:50:15 +02:00
Zbigniew Jędrzejewski-Szmek 581b2c7359
Merge pull request #17132 from keszybz/test-suite-update
Test suite updates
2020-09-25 13:39:24 +02:00
Zbigniew Jędrzejewski-Szmek b12bd993c8 man: describe comma escaping in crypttab(5) 2020-09-25 13:36:34 +02:00
Zbigniew Jędrzejewski-Szmek 7bb553bb98 fstab,crypttab: allow escaping of commas
Fixes #17035. We use "," as the separator between arguments in fstab and crypttab
options field, but the kernel started using "," within arguments. Users will need
to escape those nested commas.
2020-09-25 13:36:34 +02:00
Zbigniew Jędrzejewski-Szmek 48904c8bfd core/execute: escape the separator in exported paths
Our paths shouldn't even contain ":", but let's escape it if one somehow sneaks
in.
2020-09-25 13:36:34 +02:00
Zbigniew Jędrzejewski-Szmek d4d9f034b1 basic/strv: allow escaping the separator in strv_join()
The new parameter is false everywhere except for tests, so no functional change
is expected.
2020-09-25 13:36:34 +02:00
Jonathan Lebon 263a79642b cryptsetup-generator: avoid magic value in ternary
`startswith` already returns the string with the prefix skipped, so we
can simplify this further and avoid using a magic value.

Noticed in passing.

Co-authored-by: Lennart Poettering <lennart@poettering.net>
2020-09-24 11:19:40 -04:00
mog422 26a63b8132
sd-dhcp6-client: Fix sending prefix delegation request (#17136)
SD_DHCP6_OPTION_IA_NA does not exist in DHCP6_ADVERTISE packet if DHCP server only provides prefix delegation. So the attempt to send the DHCP6_REQUEST packet fails on r = dhcp6_option_append_ia(&opt, &optlen, &client->lease->ia); forever.
2020-09-24 17:04:52 +02:00
Zbigniew Jędrzejewski-Szmek 0af05e485a test-seccomp: accept ENOSYS from sysctl(2) too
It seems that kernel 5.9 started returning that.
2020-09-24 17:02:20 +02:00
Zbigniew Jędrzejewski-Szmek 9309a23b95 test: switch TEST-02-CRYPTSETUP and TEST-24-UNITTESTS
When tests are executed serially (the default), it seems better to launch
the fairly generic test that runs the unittests early in the sequence.
Right now the tests are ordered based on when they were written, but
this doesn't make much sense.
2020-09-24 17:02:20 +02:00
Zbigniew Jędrzejewski-Szmek be36bc1e14 cryptsetup: upgrade log line for option parsing error
If we failed here, we would exit with only a debug message.
2020-09-24 16:36:51 +02:00
Zbigniew Jędrzejewski-Szmek 115a7fb624 cryptsetup-generator: drop unused fstat()
The result stopped being used in 71e4e12584.
2020-09-24 16:36:51 +02:00
Zbigniew Jędrzejewski-Szmek 38ee19c04b nspawn: give better message when invoked as non-root without arguments
When invoked as non-root, we would suggest re-running as root without any
further hint. But this immediately spawns a machine from the local directory,
which can be rather surprising. So let's give a better hint.

(In general, I don't think commandline programs should do "significant" things
when invoked without any arguments. In this regard it would be better if
systemd-nspawn would not spawn a machine from the current directory if called
with no arguments and at least "-D ." would be required.)
2020-09-24 16:36:51 +02:00
Zbigniew Jędrzejewski-Szmek fe79f107ef tree-wide: drop assignments to r when we only need errno
If the whole call is simple and we don't need to look at the return value
apart from the conditional, let's use a form without assignment of the return
value. When the function call is more complicated, it still makes sense to
use a temporary variable.
2020-09-24 16:36:43 +02:00
Zbigniew Jędrzejewski-Szmek d583cf45b6 TEST-50-DISSECT: drop now-unneeded MountAPIVFS=yes and full paths to executables
With the previous changes we can simplify the invocations in the test a bit.
2020-09-24 10:03:18 +02:00
Zbigniew Jędrzejewski-Szmek 6119878480 core: turn on MountAPIVFS=true when RootImage or RootDirectory are specified
Lennart wanted to do this back in
01c33c1eff.
For better or worse, this wasn't done because I thought that turning on MountAPIVFS
is a compat break for RootDirectory and people might be negatively surprised by it.
Without this, search for binaries doesn't work (access_fd() requires /proc).
Let's turn it on, but still allow overriding to "no".

When RootDirectory=/, MountAPIVFS=1 doesn't work. This might be a buglet on its
own, but this patch doesn't change the situation.
2020-09-24 10:03:18 +02:00
Zbigniew Jędrzejewski-Szmek 5e98086d16 core: remember when we set ExecContext.mount_apivfs
No functional change intended so far.
2020-09-24 10:03:18 +02:00
Zbigniew Jędrzejewski-Szmek 960b585ba1
Merge pull request #17145 from poettering/kill-chmod-and-chown-unsafe
remove chmod_and_chown_unsafe()
2020-09-24 09:40:56 +02:00
Lennart Poettering bcaf20dc38
Merge pull request #17143 from keszybz/late-exec-resolution-alt
Late exec resolution (subset)
2020-09-24 09:38:36 +02:00
germanztz 73439a3d76
hwdb: add Medion Akoya E2221T MD60691 (#17147) 2020-09-24 09:33:43 +02:00
Charles Lee 19ad553442 Translated using Weblate (Chinese (Simplified))
Currently translated at 63.1% (118 of 187 strings)

Co-authored-by: Charles Lee <lchopn@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/zh_CN/
Translation: systemd/master
2020-09-24 09:30:56 +02:00
Kyle Huey fbccb980e5 random-util: Add an environment variable to disable RDRAND.
SYSTEMD_RDRAND=0 will prevent using RDRAND even on systems whose CPUID claims
to support it. All other values have no effect.

Fixes: #17112
2020-09-24 09:22:45 +02:00
Anita Zhang 6de6f4891f
Merge pull request #17142 from poettering/catalog-fix-de
catalog: add missing @ to German catalog file
2020-09-23 23:41:38 -07:00