1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Commit Graph

37767 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
1742aae2aa NEWS: add one more name and adjust location 2018-12-21 19:53:33 +01:00
Zbigniew Jędrzejewski-Szmek
1a2397e985
Merge pull request #11239 from poettering/news-v240-final
NEWS and build system bump for 240
2018-12-21 19:49:54 +01:00
Zbigniew Jędrzejewski-Szmek
cd2a429ed7 tree-wide: use assert_se() for signal operations with constants
Continuation of a3ebe5eb62:
in other places we sometimes use assert_se(), and sometimes normal error
handling. sigfillset and sigaddset can only fail if mask is NULL (which cannot
happen if we are passing in a reference), or if the signal number is invalid
(which really shouldn't happen when we are using a constant like SIGCHLD. If
SIGCHLD is invalid, we have a bigger problem). So let's simplify things and
always use assert_se() in those cases.

In sigset_add_many() we could conceivably pass an invalid signal, so let's keep
normal error handling here. The caller can do assert_se() around the
sigprocmask_many() call if appropriate.

'>= 0' is used for consistency with the rest of the codebase.
2018-12-21 19:49:28 +01:00
Zbigniew Jędrzejewski-Szmek
9d6e839ed8
Merge pull request #11206 from cdown/cgroup_no_v1
cgroup: Imply systemd.unified_cgroup_hierarchy=1 on cgroup_no_v1=all
2018-12-21 19:48:51 +01:00
Dmitry Torokhov
56c886dc7e sd-device: ignore bind/unbind events for now
Until systemd/udev are ready for the new events and do not flush entire
device state on each new event received, we should ignore them.
2018-12-21 19:48:13 +01:00
Zbigniew Jędrzejewski-Szmek
8340b762e4 Revert "sleep: offer hibernation only if the kernel image still exists"
This reverts commit edda44605f.

The kernel explicitly supports resuming with a different kernel than the one
used before hibernation. If this is something that shouldn't be supported, the
place to change this is in the kernel. We shouldn't censor something that this
exclusively in the kernel's domain.

People might be using this to switch kernels without restaring programs, and
we'd break this functionality for them.

Also, even if resuming with a different kernel was a bad idea, we don't really
prevent that with this check, since most users have more than one kernel and
can freely pick a different one from the menu. So this only affected the corner
case where the kernel has been removed, but there is no reason to single it
out.
2018-12-21 18:23:17 +01:00
Lennart Poettering
44f52cce9e
Merge pull request #11050 from poettering/resolved-domain-route
resolved: beef up domain routing
2018-12-21 18:03:58 +01:00
Lennart Poettering
5848a9eb4d
Merge pull request #11210 from thom311/dhcp-set-client-id-no-inval
dhcp: don't enforce hardware address length for sd_dhcp_client_set_client_id()
2018-12-21 18:00:42 +01:00
Zbigniew Jędrzejewski-Szmek
830464c3e4 tree-wide: make new/new0/malloc_multiply/reallocarray safe for size 0
All underlying glibc calls are free to return NULL if the size argument
is 0. We most often call those functions with a fixed argument, or at least
something which obviously cannot be zero, but it's too easy to forget.

E.g. coverity complains about "rows = new0(JsonVariant*, n_rows-1);" in
format-table.c There is an assert that n_rows > 0, so we could hit this
corner case here. Let's simplify callers and make those functions "safe".

CID #1397035.

The compiler is mostly able to optimize this away:
$ size build{,-opt}/src/shared/libsystemd-shared-239.so
(before)
   text	   data	    bss	    dec	    hex	filename
2643329	 580940	   3112	3227381	 313ef5	build/src/shared/libsystemd-shared-239.so     (-O0 -g)
2170013	 578588	   3089	2751690	 29fcca	build-opt/src/shared/libsystemd-shared-239.so (-03 -flto -g)
(after)
   text	   data	    bss	    dec	    hex	filename
2644017	 580940	   3112	3228069	 3141a5	build/src/shared/libsystemd-shared-239.so
2170765	 578588	   3057	2752410	 29ff9a	build-opt/src/shared/libsystemd-shared-239.so
2018-12-21 16:39:34 +01:00
Zbigniew Jędrzejewski-Szmek
5f9026027d analyze: add assert to verify we are not dividing by 0
CID #1397051.
2018-12-21 16:15:14 +01:00
Yu Watanabe
a3ebe5eb62 udevadm: add two more assertions
Suggested by Coverity.

Closes CID#1397033 and CID#1395708.
2018-12-21 15:49:18 +01:00
Lennart Poettering
326731624c NEWS: prepare for v240 2018-12-21 15:02:11 +01:00
Lennart Poettering
67bee56fd5 build-sys: bump package/library versions 2018-12-21 14:58:49 +01:00
Chris Down
8f044cf9c9 cgroup: Add NEWS entry for cgroup_no_v1=all implying unified usage 2018-12-21 13:29:27 +00:00
Chris Down
5f086dc7db cgroup: Imply systemd.unified_cgroup_hierarchy=1 on cgroup_no_v1=all
cgroup_no_v1=all doesn't make a whole lot of sense with legacy hierarchy
(where we use v1 hierarchy for everything), or hybrid hierarchy (where
we still use v1 hierarchy for resource control).

Right now we have to tell people to add both cgroup_no_v1=all and
systemd.unified_cgroup_hierarchy=1 to get the desired behaviour,
however in reality it's hard to imagine any situation where someone
passes cgroup_no_v1=all but *doesn't* want to use the unified cgroup
hierarchy.

Make it so that cgroup_no_v1=all produces intuitive behaviour in systemd
by default, although it can still be disabled by passing
systemd.unified_cgroup_hierarchy=0 explicitly.
2018-12-21 13:29:27 +00:00
Lennart Poettering
2e88625f03 man: document new systemd-resolved.service(8) routing features in more detail 2018-12-21 12:10:07 +01:00
Lennart Poettering
396c716c62 man: split long section in systemd-resolved.service man page into three
Also, do some minor updating.
2018-12-21 12:10:07 +01:00
Lennart Poettering
fdb4d3138a resolved: read DNS default route option from networkd 2018-12-21 12:10:07 +01:00
Lennart Poettering
c629354e84 sd-network: add new API sd_network_link_get_dns_default_route()
This simply reads from networkd's state files whether a link shall be
used as DNS default route.
2018-12-21 12:10:07 +01:00
Lennart Poettering
7ece6f5897 networkd: permit DNS "DefaultRoute" configuration in .network files 2018-12-21 12:10:07 +01:00
Lennart Poettering
09451975df networkd: small simplification 2018-12-21 12:10:07 +01:00
Lennart Poettering
f2fd3cdb45 resolvectl: add support for reading/writing per-link 'default-route' boolean 2018-12-21 12:10:07 +01:00
Lennart Poettering
efe55c8165 resolvectl: minor whitespace fix 2018-12-21 12:10:07 +01:00
Lennart Poettering
77673795dc resolved: add bus API to set per-link "default route" boolean 2018-12-21 12:10:07 +01:00
Lennart Poettering
ca5394d260 resolved: add an explicit way to configure whether a link is useful as default route
Previously, we'd use a link as "default" route depending on whether
there are route-only domains defined on it or not. (If there are, it
would not be used as default route, if there aren't it would.)

Let's make this explicit and add a link variable controlling this. The
variable is not changeable from the outside yet, but subsequent commits
are supposed to add that.

Note that making this configurable adds a certain amount of redundancy,
as there are now two ways to ensure a link does not receive "default"
lookup (i.e. DNS queries matching no configured route):

1. By ensuring that at least one other link configures a route on it
   (for example by add "." to its search list)

2. By setting this new boolean to false.

But this is exactly what is intended with this patch: that there is an
explicit way to configure on the link itself whether it receives
'default' traffic, rather than require this to be configured on other
links.

The variable added is a tri-state: if true, the link is suitable for
recieving "default" traffic. If false, the link is not suitable for it.
If unset (i.e. negative) the original logic of "has this route-only
routes" is used, to ensure compatibility with the status quo ante.
2018-12-21 12:10:07 +01:00
Lennart Poettering
f76fa08899 resolved: rework dns_server_limited_domains(), replace by dns_scope_has_route_only_domains()
The function dns_server_limited_domains() was very strange as it
enumerate the domains associated with a DnsScope object to determine
whether any "route-only" domains, but did so as a function associated
with a DnsServer object.

Let's clear this up, and replace it by a function associated with a
DnsScope instead. This makes more sense philosphically and allows us to
reduce the loops through which we need to jump to determine whether a
scope is suitable for default routing a bit.
2018-12-21 12:09:00 +01:00
Lennart Poettering
1750854916 resolved: bind .local domains to mDNS with DNS_SCOPE_YES, similar LLMNR
Previously, we'd return DNS_SCOPE_MAYBE for all domain lookups matching
LLMNR or mDNS. Let's upgrade this to DNS_SCOPE_YES, to make the binding
stronger.

The effect of this is that even if "local" is defined as routing domain
on some iface, we'll still lookup domains in local via mDNS — if mDNS is
turned on. This should not be limiting, as people who don't want such
lookups should turn off mDNS altogether, as it is useless if nothing is
routed to it.

This also has the nice benefit that mDNS/LLMR continue to work if people
use "~." as routing domain on some interface.

Similar for LLMNR and single label names.

Similar also for the link local IPv4 and IPv6 reverse lookups.

Fixes: #10125
2018-12-21 11:41:45 +01:00
Lennart Poettering
a97a3b256c resolved: rework how we determine which scope to send a query to
Fixes: #10830 #9825 #9472
2018-12-21 11:04:11 +01:00
Lennart Poettering
89307df394 resolved: add comment, explaining when Scope variables are copied from Link 2018-12-21 11:04:11 +01:00
Lennart Poettering
2bfdd6dc54 resolved: rename_DNS_SCOPE_INVALID → _DNS_SCOPE_MATCH_INVALID
The _INVALID and _MAX enum fields should always use the full name of
thenum.
2018-12-21 11:04:11 +01:00
Lennart Poettering
dc2bc986eb resolved: check dns_over_tls_mode in link_needs_save()
This was forgotten when DoT was added.
2018-12-21 11:04:11 +01:00
Lennart Poettering
9a1bbc6642 resolved: use structured initialization for DnsScope 2018-12-21 11:04:11 +01:00
Zbigniew Jędrzejewski-Szmek
b72200a8a1 hwdb: update database
I looked over the diff, and it seems it's only additions and fixes, no removals.
The diff for the source files is much bigger, but it seems that the sorting
code is working well.
2018-12-21 10:37:39 +01:00
Yu Watanabe
aa2437e2ae NEWS: mention DynamicUser= is disabled for networkd, resolved and timesyncd
Which was disabled by #10117.
2018-12-21 05:22:21 +09:00
Frantisek Sumsal
67f5c0c776 tests: explicitly enable user namespaces for TEST-13-NSPAWN-SMOKE 2018-12-21 05:19:37 +09:00
Hans de Goede
78a562ee4b hwdb: Add accelerometer orientation quirk for the PoV TAB-P1006W-232-3G
Add accelerometer orientation quirk for the Point of View TAB-P1006W-232-3G
tablet.
2018-12-20 18:46:56 +01:00
Lennart Poettering
614bf4131b
Merge pull request #11223 from poettering/read-line-0x00-0xff
fileio: fix read_one_line() when reading bytes > 0x7F
2018-12-20 14:53:23 +01:00
Jeremy Su
ce3201d004 hwdb: Add support for HP ProBook 645 wifi and slash key (#11207)
hwdb: Add support for HP ProBook 645 wifi and slash key
2018-12-20 13:58:02 +01:00
Lennart Poettering
2881f926a4
Merge pull request #11222 from keszybz/tmpfiles-crash
tmpfiles: fix crash with NULL in arg_root and other fixes and tests
2018-12-20 13:57:16 +01:00
Thomas Haller
ab4a88bc29 dhcp6: don't enforce DUID content for sd_dhcp6_client_set_duid()
There are various functions to set the DUID of a DHCPv6 client.
However, none of them allows to set arbitrary data. The closest is
sd_dhcp6_client_set_duid(), which would still do validation of the
DUID's content via dhcp_validate_duid_len().

Relax the validation and only log a debug message if the DUID
does not validate.

Note that dhcp_validate_duid_len() already is not very strict. For example
with DUID_TYPE_LLT it only ensures that the length is suitable to contain
hwtype and time. It does not further check that the length of hwaddr is non-zero
or suitable for hwtype. Also, non-well-known DUID types are accepted for
extensibility. Why reject certain DUIDs but allowing clearly wrong formats
otherwise?

The validation and failure should happen earlier, when accepting the
unsuitable DUID. At that point, there is more context of what is wrong,
and a better failure reason (or warning) can be reported to the user. Rejecting
the DUID when setting up the DHCPv6 client seems not optimal, in particular
because the DHCPv6 client does not care about actual content of the
DUID and treats it as opaque blob.

Also, NetworkManager (which uses this code) allows to configure the entire
binary DUID in binary. It intentionally does not validate the binary
content any further. Hence, it needs to be able to set _invalid_ DUIDs,
provided that some basic constraints are satisfied (like the maximum length).

sd_dhcp6_client_set_duid() has two callers: both set the DUID obtained
from link_get_duid(), which comes from configuration.
`man networkd.conf` says: "The configured DHCP DUID should conform to
the specification in RFC 3315, RFC 6355.". It does not not state that
it MUST conform.

Note that dhcp_validate_duid_len() has another caller: DHCPv4's
dhcp_client_set_iaid_duid_internal(). In this case, continue with
strict validation, as the callers are more controlled. Also, there is
already sd_dhcp_client_set_client_id() which can be used to bypass
this check and set arbitrary client identifiers.
2018-12-20 13:40:39 +01:00
Thomas Haller
bfda0d0f09 dhcp: don't enforce hardware address length for sd_dhcp_client_set_client_id()
sd_dhcp_client_set_client_id() is the only API for setting a raw client-id.
All other setters are more restricted and only allow to set a type 255 DUID.

Also, dhcp4_set_client_identifier() is the only caller, which already
does:

                r = sd_dhcp_client_set_client_id(link->dhcp_client,
                                                 ARPHRD_ETHER,
                                                 (const uint8_t *) &link->mac,
                                                 sizeof(link->mac));

and hence ensures that the data length is indeed ETH_ALEN.

Drop additional input validation from sd_dhcp_client_set_client_id(). The client-id
is an opaque blob, and if a caller wishes to set type 1 (ethernet) or type 32
(infiniband) with unexpected address length, it should be allowed. The actual
client-id is not relevant to the DHCP client, and it's the responsibility of the
caller to generate a suitable client-id.

For example, in NetworkManager you can configure all the bytes of the
client-id, including such _invalid_ settings. I think it makes sense,
to allow the user to fully configure the identifier. Even if such configuration
would be rejected, it would be the responsibility of the higher layers (including
a sensible error message to the user) and not fail later during
sd_dhcp_client_set_client_id().

Still log a debug message if the length is unexpected.
2018-12-20 13:31:48 +01:00
Thomas Haller
b9d8071458 dhcp: fix sd_dhcp_client_set_client_id() for infiniband addresses
Infiniband addresses are 20 bytes (INFINIBAND_ALEN), but only the last
8 bytes are suitable for putting into the client-id.

This bug had no effect for networkd, because sd_dhcp_client_set_client_id()
has only one caller which always uses ARPHRD_ETHER type.

I was unable to find good references for why this is correct ([1]). Fedora/RHEL
has patches for ISC dhclient that also only use the last 8 bytes ([2], [3]).
RFC 4390 (Dynamic Host Configuration Protocol (DHCP) over InfiniBand) [4] does
not discuss the content of the client-id either.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1658057#c29
[2] https://bugzilla.redhat.com/show_bug.cgi?id=660681
[3] 3ccf3c8d81/f/dhcp-lpf-ib.patch
[4] https://tools.ietf.org/html/rfc4390
2018-12-20 13:15:49 +01:00
Lennart Poettering
cdce33f987 test-fileio: add explicit check for safe_fgetc() with 0xFF 2018-12-20 12:11:18 +01:00
Lennart Poettering
517b776042 fileio: fix read_one_line() when reading bytes > 0x7F
Fixes: #11218
2018-12-20 12:11:18 +01:00
Zbigniew Jędrzejewski-Szmek
6ea05ac99f
Merge pull request #10912 from poettering/gpt-root-rw
make sure to propagate GPT root partition r/w flag into mount r/w flag
2018-12-20 11:37:41 +01:00
Zbigniew Jędrzejewski-Szmek
082bb1c59b tmpfiles: fix crash with NULL in arg_root and other fixes and tests
The function to replacement paths into the configuration file list was borked.
Apart from the crash with empty root prefix, it would incorrectly handle the
case where root *was* set, and the replacement file was supposed to override
an existing file.

prefix_root is used instead of path_join because prefix_root removes duplicate
slashes (when --root=dir/ is used).

A test is added.

Fixes #11124.
2018-12-20 09:56:51 +01:00
Zbigniew Jędrzejewski-Szmek
faf9e4426c
Merge pull request #11215 from poettering/gpt-auto-no-udev
gpt-auto-generator: don't wait for udev
2018-12-20 09:29:52 +01:00
Lennart Poettering
f70e7f70c9 dissect: add some assert()s 2018-12-19 23:27:47 +01:00
Lennart Poettering
052eaf5c93 gpt-auto-generator: don't wait for udev
Generators run in a context where waiting for udev is not an option,
simply because it's not running there yet. Hence, let's not wait for it
in this case.

This is generally OK to do as we are operating on the root disk only
here, which should have been probed already by the time we come this
far.

An alternative fix might be to remove the udev dependency from image
dissection again in the long run (and thus replace reliance on
/dev/block/x:y somehow with something else).

Fixes: #11205
2018-12-19 23:27:47 +01:00
Chris Down
2141bedb39
Merge pull request #11212 from keszybz/mount-storm-revert
Revert the patches for mount-storm prevention for now
2018-12-19 12:11:15 +00:00