0e42cbe254
sysv: generate warning for every SysV service lacking a native systemd unit
...
It's 2020, let's tighten the screws a bit and start warning about
left-over SysV services that still have no native systemd unit file.
2020-05-26 23:52:30 +02:00
470ab28d07
sysv: use structured initialization
2020-05-26 23:52:26 +02:00
c8aa4b5b86
core: voidify one function return
2020-05-26 23:52:22 +02:00
b0cea477d4
core: some more structured initialization
2020-05-26 23:52:18 +02:00
4c42543429
core: also log about left-over processes during unit stop
...
Only log at LOG_INFO level, i.e. make this informational. During start
let's leave it at LOG_WARNING though.
Of course, it's ugly leaving processes around like that either in start
or in stop, but at start its more dangerous than on stop, so be tougher
there.
2020-05-26 23:52:13 +02:00
d068765b68
core: warn if KillMode=none is used
2020-05-26 23:50:54 +02:00
7b11770bae
gpt: include homed GPT partition type in well-known partition table
2020-05-26 23:38:15 +02:00
8a7b71bd97
Merge pull request #15910 from poettering/tmpfiles-pstore-tweak
...
tmpfiles: let's make pstore sysfs failure silent
2020-05-26 21:59:13 +02:00
4b019d2f2d
tmpfiles: deal with kernel errno change if quota is not enabled
...
Old kernels returned EINVAL if quota was off but we tried to manipulate
it anyway. Since
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8a36e408d40606e21cd4e2dd9601004a67b14868
this changed: now ENOTCONN is returned. This of course is a kernel API
compat breakage, but let's not make a fuss and just map EINVAL to
ENOTCONN to make it recognizable the same way everywhere.
Fixes : #15896
2020-05-26 21:36:29 +02:00
90bdc8be66
resolved-dns-query: remove dns_query_candidate_is_routable
...
Resolved can't reliably determine on whether "it makes sense" to query
AAAA records when not explicitly specifying it in the request, so we
shouldn't remove them.
After having done the resolving, applications can use RFC6724 to
determine whether that address is reachable.
We can't know whether an address is reachable before having resolved it
and inspecting the routing table, and not resolving AAAA just because
there's no IPv6 default route on the main interface link them breaks
various setups, including IPv6-providing wireguard tunnels on a
non-dualstacked environment.
Fixes #5782
Fixes #5915
Fixes #8017
2020-05-26 19:30:23 +02:00
e6190e2882
sd-boot: fix menu ordering with boot counting
...
systemd-boot selects the last valid entry by default, not the first.
Fixes : #15256
2020-05-26 19:27:59 +02:00
7257f717c1
Merge pull request #15920 from keszybz/userwork-proc-title
...
Avoid log noise when setting proc titles and some doc updates
2020-05-26 18:29:06 +02:00
cf3317f63a
Merge pull request #15906 from keszybz/busctl-stdout-stderr
...
Make busctl stdout/stderr split consistent
2020-05-26 15:38:14 +02:00
47eeb381c8
Merge pull request #15909 from keszybz/sd-network-serialization
...
networkd link serialization fix
2020-05-26 15:37:57 +02:00
a53a85b35e
Merge pull request #15914 from poettering/ubsan-float-check
...
json: disable ubsan float checking
2020-05-26 15:11:16 +03:00
201632e314
tree-wide: s/time-out/timeout/g
...
See 3f9a0a522f
2020-05-26 10:28:59 +02:00
e14db35072
userwork: fix typos in comment
2020-05-26 10:28:59 +02:00
c55104ce58
basic/process-util: only try PR_SET_MM once
...
userwork wants to update the title many times, and a strace is full of
attempts that fail the same way:
[pid 21765] prctl(PR_SET_NAME, "systemd-userwor"...) = 0
[pid 21765] geteuid() = 0
[pid 21765] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedce329000
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_START, 0x7fedce329000, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_END, 0x7fedce32901d, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] munmap(0x7fedce329000, 4096) = 0
[pid 21765] accept4(3, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 21765] prctl(PR_SET_NAME, "systemd-userwor"...) = 0
[pid 21765] geteuid() = 0
[pid 21765] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedce329000
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_START, 0x7fedce329000, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_END, 0x7fedce329020, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] munmap(0x7fedce329000, 4096) = 0
[pid 21765] prctl(PR_SET_NAME, "systemd-userwor"...) = 0
[pid 21765] geteuid() = 0
[pid 21765] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedce329000
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_START, 0x7fedce329000, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_END, 0x7fedce32901d, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] munmap(0x7fedce329000, 4096) = 0
[pid 21765] accept4(3, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 21765] prctl(PR_SET_NAME, "systemd-userwor"...) = 0
[pid 21765] geteuid() = 0
[pid 21765] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedce329000
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_START, 0x7fedce329000, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_END, 0x7fedce329020, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] munmap(0x7fedce329000, 4096) = 0
[pid 21765] prctl(PR_SET_NAME, "systemd-userwor"...) = 0
[pid 21765] geteuid() = 0
[pid 21765] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedce329000
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_START, 0x7fedce329000, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_END, 0x7fedce32901d, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] munmap(0x7fedce329000, 4096) = 0
[pid 21765] accept4(3, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 21765] prctl(PR_SET_NAME, "systemd-userwor"...) = 0
[pid 21765] geteuid() = 0
[pid 21765] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedce329000
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_START, 0x7fedce329000, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] prctl(PR_SET_MM, PR_SET_MM_ARG_END, 0x7fedce329020, 0, 0) = -1 EPERM (Operation not permitted)
[pid 21765] munmap(0x7fedce329000, 4096) = 0
If we get a permission error, don't try again.
2020-05-26 10:28:59 +02:00
ad4f7f6747
basic/process-util: create helper function
...
No functional change.
2020-05-26 10:28:59 +02:00
d8bff5cc37
network: simplify how initial space is handled
2020-05-26 10:19:31 +02:00
d5e172d2fb
networkd: unfoobar serialization of links
...
We'd start writing an entry line, then another one, then another one,
and then output the rest of the first one, and then some other random
stuff, and the rest of some other lines... Results were ...eh... random.
Let's define a helper to avoid some of the copy&paste madness, and separate
blocks that output a single line with /**********************************/.
This rework doesn't change what data is written, it only tries to fix the
format of the output. The fact that some entries only write data from
link->network, and some from either link->network or link, some stuff only
for dhpc4 leases while some for both dhpc4 and dhcp6, etc, looks rather
suspicious too, but I didn't touch this.
2020-05-26 10:08:54 +02:00
00813316b0
sd-dhcp6: constify output arguments in get_{ntp,nds}_addr
...
This matches what we do for ipv4 and is in general better.
2020-05-26 09:47:45 +02:00
dddc8d1e1e
sd-network: reduce scope of some variables
2020-05-26 09:47:45 +02:00
ffec8658db
Merge pull request #15862 from hunger/master
...
repart: Add Uuid option to config files
2020-05-26 09:32:22 +02:00
445bd57e39
busctl: drop unneeded param
2020-05-26 09:13:39 +02:00
50f20d1bc2
busctl: verify args early and always print results to stdout
...
We would print the error sometimes to stdout and sometimes to stderr. It *is*
useful to get the message if one of the names is not found on the bus to
stdout, so that this shows out in the pager. So let's do verification of args
early to catch invalid arguments, and then if we receive an error over the bus
(most likely that the name is not activatable), let's print to stdout so it
gets paged. E.g. 'busctl tree org.freedesktop.systemd1 org.freedesktop.systemd2'
gives a nicely usable output.
2020-05-26 09:07:27 +02:00
8e2fa6e223
json: turn off ubsan for json_variant_has_type()
...
Fixes : #15907
2020-05-26 09:01:26 +02:00
6028d766d1
macro: introduce DISABLE_WARNING_TYPE_LIMITS and make use of it everywhere
2020-05-25 18:25:09 +02:00
56e577c62f
tree-wide: use DISABLE_WARNING_FORMAT_NONLITERAL where appropriate
2020-05-25 18:25:05 +02:00
6a5b28def2
json: use our regular way to turn off compiler warnings
2020-05-25 18:23:50 +02:00
1283366a90
Merge pull request #15167 from ssahani/address-gen-mode
...
networkctl: Add a range to address genmode
2020-05-25 17:32:00 +02:00
a177f05a5c
Merge pull request #15872 from keszybz/networkd-types
...
Type and parsing fixes for networkd
2020-05-25 17:31:00 +02:00
1baaf8aa04
tmpfiles: downgrade log message when we can't write a file and failure is allowed
2020-05-25 16:43:35 +02:00
7b5cb4ceb4
Repart: Add simple tests for Label="" and UUID=""
...
Make sure Labels and UUIDs taken from destination definitions are
taken into account when no Label/UUID is currently set already.
2020-05-25 15:48:59 +02:00
129635333d
repart: Add UUID option to config files
...
Add a option to provide a UUID for the partition that will get
created and document that.
2020-05-25 15:48:59 +02:00
10b20e5a93
network: allow empty assignment to PreferredLifetime=
...
Users might want to use that to unset a previous setting. The docs seem OK as
they are: we don't need to explictly mention the empty value, since it is
almost always allowed.
2020-05-25 14:52:04 +02:00
d273579667
network: use consistent type when parsing lifetimes
...
Those fields are both uint32_t, so we should use the same type when parsing.
Having a different type didn't change the result, but let's be consistent.
2020-05-25 14:52:00 +02:00
2206aa5c35
sd-network: fix inverted error message
...
We get -ENOMSG when there is no lease.
2020-05-25 11:14:54 +02:00
062ac2ea85
sd-bus: internalize setting of bus is_system/is_user
...
Each of bus_set_address_{user,system} had two users, and each of the two users
would set the internal flag manually. We should do that internally in the
functions instead.
While at it, only set the flag when setting the address is actually successful.
This doesn't change anything for current users, but it seems more correct.
2020-05-25 11:09:21 +02:00
5453a4b1a8
tree-wide: use public sd-bus functions in more places
2020-05-25 11:09:21 +02:00
d2916409ed
sd-bus: make name validation functions public
...
Those are fairly trivial to reimplement, but any non-trivial user of sd-bus
is likely to need them. So let's expose them to save everyone the trouble.
I'm keeping the internal functions and making the public ones thin wrappers,
because for the internal uses we don't need the additional asserts, and also we
can't expose _pure_ annotation easily, and dropping it would likely make the
compiled code a bit less efficient.
2020-05-25 11:09:21 +02:00
4c163bf1f4
busctl: use set_put_strdup()
2020-05-25 11:09:21 +02:00
15dd451535
tree-wide: codespell fixes
...
Another batch of codespell fixes as reported by Fossies.org
2020-05-25 10:29:28 +02:00
cc1c85fbc3
login: limit nr_inodes for /run/user/$UID
...
Limit number of inodes for tmpfs mounts on /run/user/$UID. Default is
RuntimeDirectorySize= divided by 4096.
2020-05-24 22:54:17 +02:00
6a220cdb0b
home: respect user record mount flags
2020-05-24 22:48:50 +02:00
1eb73422f2
network: Fix crash when SendOption= is invalid
...
```
p11-kit-0.23.20-1.fc32.x86_64 pam-1.3.1-26.fc33.x86_64 xz-libs-5.2.5-1.fc33.x86_64 zlib-1.2.11-21.fc32.x86_64
(gdb) bt
lvalue=0x560e10 "SendOption", ltype=2, rvalue=0x560e1b "11:string", data=0x561e20, userdata=0x561cd0) at ../src/network/networkd-dhcp-common.c:580
table=0x4392e0 <network_network_gperf_lookup>, section=0x560ef0 "DHCPv4", section_line=14, lvalue=0x560e10 "SendOption", rvalue=0x560e1b "11:string", flags=CONFIG_PARSE_WARN,
userdata=0x561cd0) at ../src/shared/conf-parser.c:132
lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>, flags=CONFIG_PARSE_WARN, section=0x7fffffffc9f8, section_line=0x7fffffffc9a0,
section_ignored=0x7fffffffc99d, l=0x560e10 "SendOption", userdata=0x561cd0) at ../src/shared/conf-parser.c:270
lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>, flags=CONFIG_PARSE_WARN, userdata=0x561cd0) at ../src/shared/conf-parser.c:395
lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>, flags=CONFIG_PARSE_WARN, userdata=0x561cd0) at ../src/shared/conf-parser.c:452
dropin_dirname=0x7fffffffcbd0 "veth99.network.d", sections=0x4f3a18 "Match", lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>,
flags=CONFIG_PARSE_WARN, userdata=0x561cd0) at ../src/shared/conf-parser.c:511
(gdb) q
A debugging session is active.
Inferior 1 [process 118718] will be killed.
```
```
$ printf '[DHCPv4]\nSendOption=1:uint8' >crash
$ ./out/fuzz-network-parser ./crash
INFO: Seed: 1158717610
INFO: Loaded 2 modules (199728 inline 8-bit counters): 136668 [0x7faf3e91a930, 0x7faf3e93bf0c), 63060 [0xadf190, 0xaee7e4),
INFO: Loaded 2 PC tables (199728 PCs): 136668 [0x7faf3e93bf10,0x7faf3eb51cd0), 63060 [0xaee7e8,0xbe4d28),
./out/fuzz-network-parser: Running 1 inputs 1 time(s) each.
Running: ./crash
Assertion 's' failed at src/basic/parse-util.c:458, function int safe_atou8(const char *, uint8_t *)(). Aborting.
==5588== ERROR: libFuzzer: deadly signal
#0 0x51811e in __sanitizer_print_stack_trace (/home/vagrant/systemd/out/fuzz-network-parser+0x51811e)
#1 0x46b921 in fuzzer::PrintStackTrace() (/home/vagrant/systemd/out/fuzz-network-parser+0x46b921)
#2 0x44ded6 in fuzzer::Fuzzer::CrashCallback() (.part.0) (/home/vagrant/systemd/out/fuzz-network-parser+0x44ded6)
#3 0x44df9d in fuzzer::Fuzzer::StaticCrashSignalCallback() (/home/vagrant/systemd/out/fuzz-network-parser+0x44df9d)
#4 0x7faf3d6d7b1f (/lib64/libpthread.so.0+0x14b1f)
#5 0x7faf3d3c2624 in raise (/lib64/libc.so.6+0x3c624)
#6 0x7faf3d3ab8d8 in abort (/lib64/libc.so.6+0x258d8)
#7 0x7faf3e12593a in log_assert_failed_realm /home/vagrant/systemd/build/../src/basic/log.c:819:9
#8 0x7faf3e140ce1 in safe_atou8 /home/vagrant/systemd/build/../src/basic/parse-util.c:458:9
#9 0x68089c in config_parse_dhcp_send_option /home/vagrant/systemd/build/../src/network/networkd-dhcp-common.c:517:21
#10 0x7faf3debed4e in next_assignment /home/vagrant/systemd/build/../src/shared/conf-parser.c:132:32
#11 0x7faf3deb7783 in parse_line /home/vagrant/systemd/build/../src/shared/conf-parser.c:270:16
#12 0x7faf3deb606c in config_parse /home/vagrant/systemd/build/../src/shared/conf-parser.c:395:21
#13 0x7faf3deb85ee in config_parse_many_files /home/vagrant/systemd/build/../src/shared/conf-parser.c:452:21
#14 0x7faf3deb8c57 in config_parse_many /home/vagrant/systemd/build/../src/shared/conf-parser.c:511:16
#15 0x57c2eb in network_load_one /home/vagrant/systemd/build/../src/network/networkd-network.c:470:13
#16 0x543490 in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/network/fuzz-network-parser.c:26:16
#17 0x44e3e8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/out/fuzz-network-parser+0x44e3e8)
#18 0x433505 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/out/fuzz-network-parser+0x433505)
#19 0x43c449 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/out/fuzz-network-parser+0x43c449)
#20 0x42c4a6 in main (/home/vagrant/systemd/out/fuzz-network-parser+0x42c4a6)
#21 0x7faf3d3ad1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2)
#22 0x42c4fd in _start (/home/vagrant/systemd/out/fuzz-network-parser+0x42c4fd)
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
```
2020-05-22 11:57:22 +02:00
c8f145adbb
homed: don't insist on authentication against host-copy user record
...
homed maintains two or three copies of the user's identity record per
home directory: one on the host, one inside the LUKS header, and one
embedded in the home directory.
Previously we'd insist that if a user logs in they have to authenticate
against all three, as a safety feature. This broke logging into
unfixated records however, since in that case the host version is
synthetic and thus does not carry any authentication data.
Let's hence losen the strictness here: accept authentication against
host records that carry no auth data. This should be safe as we know
after all that the second/third record will catch invalid accesses.
Fixes : #15178
2020-05-21 23:39:30 +02:00
1a53adb3ab
homed: include error string when in log message if quota doesn't work
2020-05-21 23:39:30 +02:00
2fcbf417b6
bus-util: actually register the object manager
2020-05-21 23:39:30 +02:00
fa3709c5fb
homed: also fsync private/public key pair when storing it
2020-05-21 23:39:30 +02:00
Lennart Poettering