Smack LSM needs the capability CAP_MAC_ADMIN to allow
setting of the current Smack exec label. Consequently,
dropping capabilities must be done after changing the
current exec label.
This is only related to Smack LSM. But for clarity and
regularity, all setting of security context moved before
dropping capabilities.
See Issue 7108
This test runs on the unified hierarchy, and ensures that cgroup
delegation works properly, i.e. writ access is granted and the requested
controllers are enabled.
Make sure to add the delegation mask to the mask of controllers we have
to enable on our own unit. Do not claim it was a members mask, as such
a logic would mean we'd collide with cgroupv2's "no processes on inner
nodes policy".
This change does the right thing: it means any controller enabled
through Controllers= will be made available to subcrgoups of our unit,
but the unit itself has to still enable it through
cgroup.subtree_control (which it can since that file is delegated too)
to be inherited further down.
Or to say this differently: we only should manipulate
cgroup.subtree_control ourselves for inner nodes (i.e. slices), and
for leaves we need to provide a way to enable controllers in the slices
above, but stay away from the cgroup's own cgroup.subtree_control —
which is what this patch ensures.
Fixes: #7355
When a process becomes a zombie its cgroup might be deleted. Let's add
some minimal code to detect cases like this, so that we can still
attribute this back to the original cgroup.
This introduces a new function unit_prepare_exec() that encapsulates a
number of calls we do in preparation for spawning off some processes in
all our unit types that do so.
This allows us to neatly unify a bit of code between unit types and
shorten our code.
Let's rename get_controllers() → get_process_controllers(), in order to
underline the difference to cg_kernel_controllers(). After all, one
returns the controllers available to the process, the other the
controllers enabled in the kernel at all).
Let's also update the code to use read_line() and set_put_strdup() to
shorten the code a bit, and make it more robust.
We shouldn't call alloca() as part of function calls, that's not really
defined in C. Hence, let's first do our stack allocations, and then
invoke functions.
Also, some coding style fixes, and minor shuffling around.
No functional changes.
[346/1860] Compiling C object 'src/shared/systemd-shared-235@sha/firewall-util.c.o'.
../src/shared/firewall-util.c: In function ‘entry_fill_basics’:
../src/shared/firewall-util.c:81:79: warning: logical ‘and’ of equal expressions [-Wlogical-op]
[543/1860] Compiling C object 'src/shared/systemd-shared-235@sta/firewall-util.c.o'.
../src/shared/firewall-util.c: In function ‘entry_fill_basics’:
../src/shared/firewall-util.c:81:79: warning: logical ‘and’ of equal expressions [-Wlogical-op]
When configuring a network address with /31 using networkd, a /31 without a
broadcast specified should be present.
A /31 which has neither a network nor a broadcast address. See
https://tools.ietf.org/html/rfc3021Fixes#4038
The RoutingPolicyRules are not added when we are calling from set_address
the link->message++ and link->message-- never reaches to zero in the callback function
resulting routes are never gets added.
Closes#7200
Let's rework the D-Bus APIs GetImageOSRelease() to use the new internal
metadata API, to query what it needs to know. Augment it with
GetImageHostname(), GetImageMachineID(), GetImageMachineInfo(), that
expose the other new APIS.
This adds an internal API that permits querying metadata from any type
of image, including both subvol/dir images, and raw/block images. In the
latter case we use the new dissection API we just added.
We focus on four kinds of metadata:
1. /etc/hostname
2. /etc/machine-id
3. /etc/machine-info
4. /etc/os-release or /usr/lib/os-release
This makes dissected images nicely self-contained as we can figure out
what they are just by dissecting them.
First of all, let's rename it to read_etc_hostname(), to make clearer
what kind of configuration it actually reads: the file format defined in
/etc/hostname and nothing else.
Secondly: let's port this to use read_line(), i.e. the new way to read
lines from a file in a safe, bounded way.
Thirdly: let's strip leading/trailing whitespace from what we are
reading. Given that we are already pretty lenient what we read (comments
and empty lines), let's be permissive regarding whitespace too.
Fourthly: let's actually validate the hostname when reading it. So far
we tried to make it valid, but that's not always possible (for example,
we can't make an empty hostname valid, ever).
SuccessAction= is similar to FailureAction= but declares what to do on
success of a unit, rather than on failure. This is useful for running
commands in qemu/nspawn images, that shall power down on completion. We
frequently see "ExecStopPost=/usr/bin/systemctl poweroff" or so in unit
files like this. Offer a simple, more declarative alternative for this.
While we are at it, hook up failure action with unit_dump() and
transient units too.
