1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Commit Graph

58503 Commits

Author SHA1 Message Date
Yu Watanabe
5862e5561c analyze-security: always save syscall name
This reverts dd51e725df and fixes bugs
introduced by 1624114d74.

Previously,
- On online scan, the syscall filter was a string Hashmap, but it
  might contain syscall name with errno or error action. Hence, we need
  to drop the errno or error action in the string.
- On offline scan, the syscall filter was a Hashmap of syscall ID, so
  hashmap_contains() with syscall name did not work. We need to convert
  syscall IDs to syscall names.
- If hashmap_contains() in syscall_names_in_filter() is true, then
  the syscall is allowed when the list is an allow-list, and vice versa.
  Hence, the condition in syscall_names_in_filter() was errnously
  inverted by dd51e725df.

This makes syscalls are always stored with its name, instead of ID,
and also correct the condition.

Fixes #23663.
2022-06-17 12:37:56 +09:00
Yu Watanabe
cb649d12bf set: introduce set_put_strndup()
Note, if `n != SIZE_MAX`, we cannot check the existence of the specified
string in the set without duplicating the string. And, set_consume() also
checks the existence of the string. Hence, it is not necessary to call
set_contains() if `n != SIZE_MAX`.
2022-06-17 12:28:36 +09:00
Yu Watanabe
1008d415e7 core/dbus-execute: drop unnecessary flag
The code block is called only when the list was empty, and the newly
requested list is allow-list. Hence, invert_flag is always zero here.
2022-06-17 12:26:50 +09:00
Yu Watanabe
8c93ebbdf0 core/dbus-execute: do not append denied syscalls in allow-list
Follow-up for 68acc1afbe.

Before the commit, SystemCallFilter bus property provides only allowed
syscalls if ExecContext.syscall_filter is an allow-list, and vice versa.

After the commit, if the list is allow-list, it contains allowed
syscalls with value `-1`, and denied syscalls with non-negative values.

To keep the backward compatibility, denied syscalls must be dropped in
SystemCallFilter bus property.
2022-06-17 12:19:39 +09:00
Yu Watanabe
75176c7914
Merge pull request #23741 from mrc0mmand/more-asan-tweaks
test: wrap certain uninstrumented binaries to make them work w/ ASan
2022-06-16 12:10:56 +09:00
Yu Watanabe
05ab439a62 nspawn: fix UID map string
We send/recv the set of payload uid, host uid, payload gid, host gid.
Hence, the index must be incremented with 4, instead of 2.

Fixes #23664.
2022-06-16 11:52:59 +09:00
Vishal Chillara Srinivas
f941c12427 RFC 6762 section 7.1: a Multicast DNS querier SHOULD NOT include records in the
Known-Answer list whose remaining TTL is less than half of their original TTL
2022-06-16 10:44:25 +09:00
Vishal Chillara Srinivas
82af03c223 resolve: mark mDNS RRs in the Additional Records section as cacheable
RFC 6762 does not restrict caching of records in the Additional section.
Caching can improve resolve efficiency.
2022-06-16 10:44:07 +09:00
Frantisek Sumsal
b727d7e02d test: don't wrap binaries built with ASan
since they should handle loading other instrumented libraries without
issues.
2022-06-16 00:02:35 +02:00
Frantisek Sumsal
fa65ba6baa test: drop all LD_PRELOAD-related ASan workarounds
since they shouldn't be necessary anymore, as we tweak the "problematic"
binaries on per-binary basis.
2022-06-16 00:02:35 +02:00
Frantisek Sumsal
3917534d62 test: wrap binaries using systemd DSOs when running w/ ASan
Let's detect & wrap binaries which are linked against systemd DSOs and
we're running under ASan, since otherwise running such binaries ends
with:

```
==633==ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.
```
2022-06-16 00:02:35 +02:00
Yu Watanabe
172cbcdc8b tree-wide: fix typo 2022-06-15 14:50:34 +09:00
Yu Watanabe
eed6ee82df
Merge pull request #23733 from sshedi/cid-1469711
homework: initialize we_detached
2022-06-15 12:03:24 +09:00
Yu Watanabe
4589c1d734
Merge pull request #23709 from yuwata/test-hostname-locale
test: import hostname and locale tests from debian/ubuntu test suite
2022-06-15 12:00:22 +09:00
Frantisek Sumsal
aca811544e Revert "test: fix TEST-70 under sanitizers"
This reverts commit 47d81bc613.
2022-06-14 22:57:07 +02:00
adrian5
b105d41304 man: Add some punctuation; remove double spaces. 2022-06-15 03:22:15 +09:00
Shreenidhi Shedi
c9f5ac0917 sd-journal: check retval of sd_id128_from_string call
Fixes: CID#1469712

CID 1469712 (#1 of 1): Unused value (UNUSED_VALUE)
returned_value: Assigning value from sd_id128_from_string(word + 2, &boot_id) to r here,
but that stored value is overwritten before it can be used.
2022-06-14 17:52:48 +05:30
Shreenidhi Shedi
2f4ad53549 homework: initialize we_detached
Fixes: CID#1469711

CID 1469711 (#1 of 1): Uninitialized scalar variable (UNINIT)
14. uninit_use: Using uninitialized value we_detached.
2022-06-14 17:52:46 +05:30
Yu Watanabe
6243063824 test: use trap RETURN 2022-06-14 21:08:04 +09:00
Yu Watanabe
4627fb80bf test: move "do" at the end of line 2022-06-14 21:06:06 +09:00
Yu Watanabe
2f34ee3329 test: insert space in for loop 2022-06-14 21:05:10 +09:00
Yu Watanabe
47ba157cc0 test: import localed tests from debian/ubuntu test suite 2022-06-14 20:59:36 +09:00
Yu Watanabe
4ce68ea9b3 test: install C.UTF-8 and English locales 2022-06-14 20:59:36 +09:00
Yu Watanabe
1136175c7f test: install libxkbcommon and x11 keymaps 2022-06-14 20:59:36 +09:00
Yu Watanabe
da0465dc95 test: introduce inst_recursive() helper function 2022-06-14 20:59:32 +09:00
Yu Watanabe
569c6fd1b7 test: add one more path to search keymaps
Now it also supports split-usr.
2022-06-14 20:56:23 +09:00
Yu Watanabe
2b1eb5f871 localectl: use Table to show status 2022-06-14 20:56:23 +09:00
Yu Watanabe
3e5203b3eb locale: rename keymap-util.[ch] -> localed-util.[ch]
As the file contains not only keymap related functions.
2022-06-14 20:56:23 +09:00
Yu Watanabe
3d36b5d7e7 locale-setup: merge locale handling in PID1 and localed 2022-06-14 20:56:23 +09:00
Yu Watanabe
d2e96a4f87 locale-util: align locale entries 2022-06-14 20:56:23 +09:00
Yu Watanabe
a2f7937747 locale-util: check if enumerated locales are valid 2022-06-14 20:56:23 +09:00
Yu Watanabe
065058e63b locale-util: fix memleak on failure 2022-06-14 20:56:23 +09:00
Yu Watanabe
39f4546199 test: import hostnamed tests from debian/ubuntu test suite 2022-06-14 20:56:18 +09:00
Yu Watanabe
aab61a8c99 test: support debian/ubuntu specific timezone config file 2022-06-14 20:52:44 +09:00
Yu Watanabe
8ed2103306 test: drop unnecessary --no-pager option 2022-06-14 20:52:44 +09:00
Yu Watanabe
d170b47535 test: introduce assert_not_in() helper function
This also silence assertions, and replace grep with bash's regular
expression match.
2022-06-14 20:52:38 +09:00
Alexander Graf
70e74a5997 pstore: Run after modules are loaded
The systemd-pstore service takes pstore files on boot and transfers them
to disk. It only does it once on boot and only if it finds any. The typical
location of the pstore on modern systems is the UEFI variable store.

Most distributions ship with CONFIG_EFI_VARS_PSTORE=m. That means, the
UEFI variable store is only available on boot after the respective module
is loaded.

In most situations, the pstore service gets loaded before the UEFI pstore,
so we don't get to transfer logs. Instead, they accumulate, filling up the
pstore over time, potentially breaking the UEFI variable store.

Let's add a service dependency on any kernel module that can provide a
pstore to ensure we only scan for pstate after we can actually see pstate.

I have seen live occurences of systems breaking because we did not erase
the pstates and ran out of UEFI nvram space.

Fixes https://github.com/systemd/systemd/issues/18540
2022-06-14 10:17:20 +09:00
Jan Luebbe
5d049ff920 hwdb: analyzers: remove generic "STM Device in DFU Mode"
The USB ID v0483pDF11 is used by the ROM code in many STMicroelectronics
devices (for firmware download) and not just signal analyzers.
2022-06-14 10:10:05 +09:00
Christian Göttsche
1805fbcf06 sysctl: increase log severity on failed write
Increase the log severity in case of writing to a non existent sysctl
parameter as this can either be caused by a misspelling or a kernel mis-
configuration, e.g. in case YAMA does not get loaded due to a incomplete
lsm= override:

    systemd-sysctl[354]: Couldn't write '1' to 'kernel/yama/ptrace_scope', ignoring: No such file or directory
2022-06-14 09:29:37 +09:00
H A
b0367874d5 po: Translated using Weblate (Estonian)
Currently translated at 70.8% (134 of 189 strings)

Co-authored-by: H A <contact+fedora@hen.ee>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/et/
Translation: systemd/main
2022-06-14 09:27:53 +09:00
Shreenidhi Shedi
a4433b4532 network: l2tp: initialize a to NULL
Fixes: CID#1475788
2022-06-13 08:41:52 +09:00
Zbigniew Jędrzejewski-Szmek
ef55efe823
Merge pull request #23707 from yuwata/dns_service_split
dns-domain: fix buffer-overflow
2022-06-12 11:37:20 +02:00
Yu Watanabe
9d55166018
Merge pull request #23714 from mrc0mmand/networkd-testsuite-tweaks
A couple of assorted tweaks for the systemd-networkd test suite
2022-06-12 13:16:30 +09:00
Luca Boccassi
039f1673e9 meson: add build targets for libudev, libsystemd and pkg-config
Mirror install tags with the same names and content
2022-06-12 13:13:49 +09:00
H A
570ddd3268 po: Translated using Weblate (Estonian)
Currently translated at 69.8% (132 of 189 strings)

Co-authored-by: H A <contact+fedora@hen.ee>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/et/
Translation: systemd/main
2022-06-12 13:10:35 +09:00
Frantisek Sumsal
f4586b70b2 test-network: drop unnecessary global
`global` is needed only when assigning a new value to the global
variable; it's not necessary when modifying a mutable object (in our
case we just append items to the global list).
2022-06-11 18:06:38 +02:00
Frantisek Sumsal
d45476ef5c test-network: explicitly set encoding when open()ing text files 2022-06-11 18:03:28 +02:00
Frantisek Sumsal
e4295d4ddc test-network: make use of f-strings in couple more places 2022-06-11 17:54:59 +02:00
Frantisek Sumsal
004daaf5a1 test-network: override networkctl bin w/ valgrind/sanitizers 2022-06-11 17:47:52 +02:00
Luca Boccassi
24ccd953ba
Merge pull request #23708 from yuwata/update-kernel-headers
Update kernel headers
2022-06-11 10:18:37 +01:00