1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Commit Graph

32028 Commits

Author SHA1 Message Date
Lennart Poettering
9aef9a672d util-lib: add new procfs-util.[ch] API for dealing with tasks limits
As it turns out the limit on concurrent tasks on Linux nasty to
determine, hence let's appropriate helpers for this.
2018-01-22 16:26:55 +01:00
Lennart Poettering
8793fa2565 cgroup: use CGROUP_LIMIT_MAX where appropriate 2018-01-22 16:22:03 +01:00
Lennart Poettering
f3a367d66c util: introduce more accurate definitions of TASKS_MAX
The maximum number of processes a tasks on the system is usually lower
than what pid_t would allow, and is compiled into the kernel (and
documented in proc(5)). Let's add proper defines for that, so that
we can adjust the pid_max sysctl without fearing invalid accesses.
2018-01-22 16:22:03 +01:00
Susant Sahani
3e52ec4301 netword: tunnel remove unwanted space. 2018-01-22 15:50:07 +01:00
Reverend Homer
8ac8c411d7 remove canonicalize_file_name() mention from TODO
canonicalize_file_name() invocations were replaced by chase_symlinks() in
Decemeber 2016 with PR #4694, so we don't need this mention in the TODO anymore
2018-01-22 15:49:45 +01:00
Lennart Poettering
586a8e93a0 update TODO 2018-01-22 15:33:26 +01:00
Lennart Poettering
79c91cecc7 tmpfiles: use the DEBUG_LOGGING macro where applicable 2018-01-22 15:33:13 +01:00
Lennart Poettering
07982ed1ef tmpfiles: add missing OOM check 2018-01-22 15:32:57 +01:00
Lennart Poettering
201be4265f tmpfiles: avoid using wrong type for strlen() result
The result of strlen is size_t, hence let's not store it in an "int"
just to pass it on as as size_t right-away. In fact let's not store it
at all…
2018-01-22 15:31:50 +01:00
Lennart Poettering
920ce82852 tmpfiles: in dir_cleanup() take benefit that log_error_errno() returns the error code passed in 2018-01-22 15:31:24 +01:00
Lennart Poettering
ecc1709c2c tmpfiles: fold five lines into two
log_full_errno() has all these nice benefits, let's make use of them to
shorten five lines into two.
2018-01-22 15:30:05 +01:00
Lennart Poettering
47925d7f32
Merge pull request #7943 from yuwata/fix-chase_symlinks
fs-util: use `_cleanup_close_` attribute
2018-01-22 12:42:24 +01:00
Frantisek Sumsal
1dc52f56f9 journald-native: Fix typo in MANDLOCK message 2018-01-22 12:27:09 +01:00
Susant Sahani
fb5c821664 networkd: DHCPv6 client allow to configure Rapid Commit (#6930)
The DHCPv6 client can obtain configuration parameters from a
DHCPv6 server through a rapid two-message exchange solicit and reply).
When the rapid commit option is enabled by both the DHCPv6 client and
the DHCPv6 server, the two-message exchange is used, rather than the default
four-method exchange (solicit, advertise, request, and reply). The two-message
exchange provides faster client configuration and is beneficial in environments
in which networks are under a heavy load.

Closes #5845
2018-01-22 17:09:18 +09:00
Yu Watanabe
db52db4afa fuzz: cast to void when return value is ignored 2018-01-22 09:58:29 +09:00
Yu Watanabe
0f3da640de fuzz: check return value
Closes CID #1385306 and #1385300.
2018-01-22 09:55:38 +09:00
Yu Watanabe
7444956723 fuzz: fix coding style 2018-01-22 09:54:30 +09:00
Zbigniew Jędrzejewski-Szmek
d8eb10d61a core: delay logging the taint string until after basic.target is reached (#7935)
This happens to be almost the same moment as when we send READY=1 in the user
instance, but the logic is slightly different, since we log taint when
basic.target is reached in the system manager, but we send the notification
only in the user manager. So add a separate flag for this and propagate it
across reloads.

Fixes #7683.
2018-01-21 21:17:54 +09:00
Yu Watanabe
48eae2e480 test-resolve: check return value
Closes CID #1385310.
2018-01-21 19:38:33 +09:00
Yu Watanabe
1eeddba492 sd-dhcp6-client: do not refer uninitialized variable
Fixes CID #1385308.
2018-01-21 19:27:30 +09:00
Yu Watanabe
b539437a05 fs-util: chase_symlinks(): prevent double free
Fixes CID #1385316.
2018-01-21 19:19:28 +09:00
Yu Watanabe
2b6d2dda6b fs-util: use _cleanup_close_ attribute
The commit f14f1806e3 introduced CHASE_SAFE
flag. When the flag is set, then `fd_parent` may not be properly closed.
This sets `_cleanup_close_` attribute to `fd_parent`.
Thus, now `fd_parent` is always closed properly.
2018-01-21 19:07:14 +09:00
Zbigniew Jędrzejewski-Szmek
91ec71c162 man: document that sd_j_stream_fd is signal safe (#7942)
Fixes #7912.
2018-01-21 18:51:55 +09:00
Alan Jenkins
25cd49647c mount: forbid mount on path with symlinks
It was forbidden to create mount units for a symlink.  But the reason is
that the mount unit needs to know the real path that will appear in
/proc/self/mountinfo.  The kernel dereferences *all* the symlinks in the
path at mount time (I checked this with `mount -c` running under `strace`).

This will have no effect on most systems.  As recommended by docs, most
systems use /etc/fstab, as opposed to native mount unit files.
fstab-generator dereferences symlinks for backwards compatibility.

A relatively minor issue regarding Time Of Check / Time Of Use also exists
here.  I can't see how to get rid of it entirely.  If we pass an absolute
path to mount, the racing process can replace it with a symlink.  If we
chdir() to the mount point and pass ".", the racing process can move the
directory.  The latter might potentially be nicer, except that it breaks
WorkingDirectory=.

I'm not saying the race is relevant to security - I just want to consider
how bad the effect is.  Currently, it can make the mount unit active (and
hence the job return success), despite there never being a matching entry
in /proc/self/mountinfo.  This wart will be removed in the next commit;
i.e. it will make the mount unit fail instead.
2018-01-20 22:06:34 +00:00
Yu Watanabe
08fde561ba
Merge pull request #7938 from keszybz/get-fd-unsafe
man: document signal unsafeness of sd_journal_get_fd
2018-01-20 13:20:33 +09:00
Zbigniew Jędrzejewski-Szmek
89f552c0e2 man: document signal unsafeness of journal functions
Fixes #7912.
2018-01-20 15:11:54 +11:00
Zbigniew Jędrzejewski-Szmek
000b1ba561 NEWS: fix typo 2018-01-20 14:04:17 +11:00
Alan Jenkins
bf105e38d5 man: sd_journal_stream_fd: no, fds are not shared (#7926)
sd_journal_stream_fd() does not return the same file descriptor across
different calls.  It can't possibly do so, because the file descriptor
is created using certain parameters passed by the caller.

Also the implementation clearly isn't doing this, it's just connecting
to a unix socket.

It opens exactly one file descriptor, and does not close it unless there
is a write failure.  Nothing like "temporarily multiple file descriptors
may be open".
2018-01-20 14:02:50 +11:00
Zbigniew Jędrzejewski-Szmek
18e3beac2f
Merge pull request #7936 from titanous/fuzz-dhcp-server
fuzz: add DHCP server fuzzer
2018-01-20 13:58:19 +11:00
Jonathan Rudenberg
33d62eba91 fuzz: simplify oss-fuzz build instructions in HACKING 2018-01-19 21:48:14 -05:00
Jonathan Rudenberg
2bd37c5be2 fuzz: add DHCP server fuzzer 2018-01-19 21:48:14 -05:00
Yu Watanabe
fec0ccea86 man: fix typo (#7937)
Reported by Дилян Палаузов (https://github.com/dilyanpalauzov) in #7870.
2018-01-20 13:22:57 +11:00
Yu Watanabe
7e577c30d6
Merge pull request #7934 from keszybz/man-improvements
Man page improvements
2018-01-20 11:15:52 +09:00
Susant Sahani
09f5dfad2c networkd: add quickack option to route (#7896)
This patch adds quickack option to enable/disable TCP quick ack
mode for per-route.
2018-01-20 08:49:15 +09:00
Michal Sekletar
877dce40cb man: make clear that accessing network and mounting filesystems is not supported in udev rules (#7916)
These restrictions are implied by systemd options used for
systemd-udevd.service, i.e. MountFlags=slave and
IPAddressDeny=any. However, there are users out there getting tripped by
this, so let's make things clear in the man page so the actual
restrictions we implement by default have better visibility.
2018-01-20 08:47:27 +09:00
Zbigniew Jędrzejewski-Szmek
22a705631d man: clarify that Requires stop propagation only applies to explit requests
Follow-up for e79eabdb1b. There was an
apparent contradiction:

  man/systemd.unit says for Requires=:

  Besides, with or without specifying After=, this unit will be deactivated
  if one of the other units get deactivated.

  Also, some unit types may deactivate on their own (for example, a service
  process may decide to exit cleanly, or a device may be unplugged by the
  user), which is not propagated to units having a Requires= dependency.

Fixes #7870.
2018-01-20 10:45:02 +11:00
Susant Sahani
8cdc46e7ba networkd: ignore Static Routes option when Classless Static Routes is given (#7807)
When the DHCP server returns both a Classless Static Routes
option and a Static Routes option, the DHCP client MUST ignore the
Static Routes option.

Closes #7792
2018-01-20 08:42:45 +09:00
Zbigniew Jędrzejewski-Szmek
1317f55b9b man: alphabetize and move targets to proper sections in systemd.special 2018-01-20 10:38:09 +11:00
Zbigniew Jędrzejewski-Szmek
1655cdee04 man: fix example formatting in systemd.preset
Repeating "example" everywhere was not useful, so remove
that and improve the formatting a bit.
2018-01-20 10:37:34 +11:00
Zbigniew Jędrzejewski-Szmek
c605bd00d2 man: document default for WakeOnLan 2018-01-20 10:33:15 +11:00
Zbigniew Jędrzejewski-Szmek
8eeaf79c86 man: add a note where coredump default values are
I don't want to include all the default values in the man page
because that's bound to get out of date…
2018-01-20 10:27:46 +11:00
Zbigniew Jędrzejewski-Szmek
ee8f5a58b0 man: fix _STREAM_ID, _LINE_BREAK descriptions
Pointed out by Дилян Палаузов (https://github.com/dilyanpalauzov).
Fixes #7870.
2018-01-20 10:15:06 +11:00
Zbigniew Jędrzejewski-Szmek
c3de717e51
Merge pull request #7675 from shawnl/unaligned
Issue #7654 (unaligned loads on sparc64)
2018-01-20 10:00:14 +11:00
Jonathan Rudenberg
d385cd0cc2 fuzz: add a note on reporting security bugs to HACKING 2018-01-20 09:07:24 +11:00
Jonathan Rudenberg
8137e92dbe test: add regression test for oss-fuzz issue 5465
Fixed in #7923
2018-01-20 09:07:24 +11:00
Jonathan Rudenberg
118452ade6 test: add regression test for #7888 2018-01-20 09:07:14 +11:00
Yu Watanabe
22bc57c58a fs-util: chase_symlinks(): support empty root
The commit b1bfb84804 makes chase_symlinks()
recognize empty string for root as an invalid parameter. However,
empty root is often used e.g. systemd-nspawn.
This makes chase_symlinks() support empty string safely.

Fixes #7927.
2018-01-19 11:41:28 +01:00
Zbigniew Jędrzejewski-Szmek
8f2e968659
Merge pull request #7923 from keszybz/resolved-generic-packet
Resolved generic packet
2018-01-19 17:42:29 +11:00
Alan Jenkins
68f7480b7e
Merge pull request #7913 from sourcejedi/devpts
3 nitpicks from core/namespace.c
2018-01-18 21:56:26 +00:00
jdkbx
51aa88268e hwdb: Add Lenovo IdeaPad Miix 320 sensor mount quirk (#7707) 2018-01-19 05:09:58 +09:00