This informs chase_symlinks that symlinks should be treated as if
the path given by --root= is the root of their file system.
With the parent commit, this allows tmpfiles to create files as the
root user under a prefix that may be owned by an unprivileged user.
In particular, this fixes the case where tmpfiles generates initial
files in a staging root directory for packaging under a directory
owned by the unprivileged packager user (e.g. in Gentoo).
When chase_symlinks is given a root path, it is assumed that all
processed symlinks are restricted under that path. It should not
be necessary to verify components of that prefix path since they
are not relevant to the symlinks.
This change skips unsafe UID transitions in this root prefix, i.e.
it now ignores when an unprivileged user's directory contains a
root-owned directory above the symlink root.
In [PR#11696][1] it came up that the formatting of continued arguments should
follow the default Emacs style. To ensure this happens when someone has changed
his setting in her private config, the value should be set by *dir-locals.el*.
[1]: https://github.com/systemd/systemd/pull/11696#pullrequestreview-205463987
When systemd retrieve the time zone it read what is in the file
/usr/share/zoneinfo/zone.tab provided by the Time Zone Database.
According to the comments in zone.tab its content is for backward-
compatibility aid for older programs. New programs should use
zone1970.tab. This patch replaces zone.tab with zone1970.tab.
Apparently this happens IRL. Let's carefully deal with issues like this:
when we overrun, let's not go back to zero but instead leave the highest
cookie bit set. We use that as indication that we are in "overrun
territory", and then are particularly careful with checking cookies,
i.e. that they haven't been used for still outstanding replies yet. This
should retain the quick cookie generation behaviour we used to have, but
permits dealing with overruns.
Replaces: #11804Fixes: #11809
CID#996458. Coverity warns that we trust desc->bLength as read in
the input data to adjust our position in the buffer. This value could
be anything, leading to overflow. It's unlikely that the kernel feeds
us invalid data, but let's me more careful.
If any error is encountered, more logs are given.
Coverity says:
> Pointer to local outside scope (RETURN_LOCAL)9.
> use_invalid: Using dirs, which points to an out-of-scope temporary variable of type char const *[5].
And indeed, the switch statement forms a scope. Let's use an if to
avoid creating a scope.
Previously, if a .networ file contains invalid [Address] or [Route]
section, then the file is completely dropped. This makes networkd
just drops invalid sections.
This test exposes a race condition when running in LXC, see issue #11848
for details. Until that is understood and fixed, skip the test as it's
not a recent regression.
This avoids a warning:
An address '192.168.42.100' is specified without prefix length. The
behavior of parsing addresses without prefix length will be changed
in the future release. Please specify prefix length explicitly.
The option cursor-file takes a filename as argument. If the file exists and
contains a valid cursor, this is used to start the output after this position.
At the end, the last cursor gets written to the file.
This allows for an easy implementation of a timer that regularly looks in the
journal for some messages.
journalctl --cursor-file err-cursor -b -p err
journalctl --cursor-file audit-cursor -t audit --grep DENIED
Or you might want to walk the journal in steps of 10 messages:
journalctl --cursor-file ./curs -n10 --since=today -t systemd
This test case is a bit silly, but it shows that our code is unprepared to
handle so many network servers, with quadratic complexity in various places.
I don't think there are any valid reasons to have hundres of NTP servers
configured, so let's just emit a warning and cut the list short.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13354
Previously we logged even info message from libselinux as USER_AVC's to
audit. For example, setting SELinux to permissive mode generated
following audit message,
time->Tue Feb 26 11:29:29 2019
type=USER_AVC msg=audit(1551198569.423:334): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
This is unnecessary and wrong at the same time. First, kernel already
records audit event that SELinux was switched to permissive mode, also
the type of the message really shouldn't be USER_AVC.
Let's ignore SELINUX_WARNING and SELINUX_INFO and forward to audit only
USER_AVC's and errors as these two libselinux message types have clear
mapping to audit message types.