1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
Commit Graph

46376 Commits

Author SHA1 Message Date
Lennart Poettering
66bff73b4f tty-ask-pw-agent: the message string might not be set 2020-08-26 23:10:05 +02:00
Lennart Poettering
4c4a018cab tty-ask-pw-agent: make sure "--list" works correctly
Fixes: #16836
2020-08-26 23:02:13 +02:00
Zbigniew Jędrzejewski-Szmek
bb2aee7d11
Merge pull request #16757 from poettering/nss-resolve-varlink
resolved: use varlink for communication between nss-resolve and resolved
2020-08-26 22:07:34 +02:00
Lennart Poettering
0c73f4f075 nss-resolve: port over to new varlink interface 2020-08-26 16:48:16 +02:00
Lennart Poettering
9581bb8424 resolved: add minimal varlink api for resolving hostnames/addresses
This allows us to later port nss-resolve to use Varlink rather than
D-Bus for resolution. This has the benefit that nss-resolve based
resoluton works even without D-Bus being up. And it's faster too.
2020-08-26 16:48:06 +02:00
Lennart Poettering
c17b5ce739 resolved: minor clean-ups for resolved-bus.c 2020-08-26 16:48:02 +02:00
Lennart Poettering
65a01e8242 resolved: move query bus tracking to resolved-bus.c
It's strictly bus-specific, hence let's move this to resolved-bus.c like
the rest of the bus specific logic.

This is also in preparation for adding an alternative varlink transport,
which needs similar functionality, but varlink instead of bus-specific.
2020-08-26 16:47:57 +02:00
Lennart Poettering
c9de4e0f5b resolved: rename request → bus_request
Let's prepare for adding a new varlink interface, and thus rename the
"request" field to "bus_request", so that we can later add a
varlink_request field too.
2020-08-26 16:47:53 +02:00
Lennart Poettering
d4f72f0d21 resolved: drop suppress_unroutable_family field
It's unused since 90bdc8be66.
2020-08-26 16:47:49 +02:00
Lennart Poettering
b97e3e3d7a json: also add explicit dispatchers for 'int' and 'unsigned' 2020-08-26 16:47:32 +02:00
Lennart Poettering
0710343ce7 json: add support for byte arrays to json builder 2020-08-26 16:47:16 +02:00
Lennart Poettering
7466e94f13 varlink: add helper for generating errno errors 2020-08-26 16:46:57 +02:00
Lennart Poettering
c7dfa1df8b in-addr-util: add byte accessor array to union in_addr_union
It's pretty useful to be able to access the bytes generically, without
acknowledging a specific family, hence let's a third way to access an
in_addr_union.
2020-08-26 16:46:12 +02:00
Zbigniew Jędrzejewski-Szmek
b6abc2acb4
Merge pull request #16568 from poettering/creds-store
credentials logic to pass privileged data to services
2020-08-26 10:32:30 +02:00
Chris Down
8b5cb69bc8 path: Skip directories when finalising $PATH search
Imagine $PATH /a:/b. There is an echo command at /b/echo. Under this
configuration, this works fine:

    % systemd-run --user --scope echo .
    Running scope as unit: run-rfe98e0574b424d63a641644af511ff30.scope
    .

However, if I do `mkdir /a/echo`, this happens:

    % systemd-run --user --scope echo .
    Running scope as unit: run-rcbe9369537ed47f282ee12ce9f692046.scope
    Failed to execute: Permission denied

We check whether the resulting file is executable for the performing
user, but of course, most directories are anyway, since that's needed to
list within it. As such, another is_dir() check is needed prior to
considering the search result final.

Another approach might be to check S_ISREG, but there may be more gnarly
edge cases there than just eliminating this obviously pathological
example, so let's just do this for now.
2020-08-26 10:22:02 +02:00
Vito Caputo
d4739bc4d3 sd-journal: narrow scope of boot id variable
Something trivial I noticed during some unrelated code spelunking
2020-08-25 22:41:35 +02:00
Lennart Poettering
f12331cd7a
Merge pull request #16765 from poettering/homed-recovery
homed: add "recovery key" concept plus track "dirty" state of LUKS volumes
2020-08-25 22:01:40 +02:00
Lennart Poettering
fabece9ccb update TODO 2020-08-25 19:46:39 +02:00
Lennart Poettering
30dd9f7391 test: add test suite for new credentials logic 2020-08-25 19:46:36 +02:00
Lennart Poettering
b0d29bfdfd man: document credentials passing in the container interface 2020-08-25 19:46:32 +02:00
Lennart Poettering
60cc90b959 man: document nspawn's new credential switches 2020-08-25 19:46:14 +02:00
Lennart Poettering
3220cf394c man: document pid1's new credentials logic 2020-08-25 19:45:57 +02:00
Lennart Poettering
3652872add nspawn: add --set-credential= and --load-credential=
Let's allow passing in creds to containers, so that PID 1 inside the
container can pick them up.
2020-08-25 19:45:47 +02:00
Lennart Poettering
bbb4e7f39f core: hide /run/credentials whenever namespacing is requested
Ideally we would like to hide all other service's credentials for all
services. That would imply for us to enable mount namespacing for all
services, which is something we cannot do, both due to compatibility
with the status quo ante, and because a number of services legitimately
should be able to install mounts in the host hierarchy.

Hence we do the second best thing, we hide the credentials automatically
for all services that opt into mount namespacing otherwise. This is
quite different from other mount sandboxing options: usually you have to
explicitly opt into each. However, given that the credentials logic is a
brand new concept we invented right here and now, and particularly
security sensitive it's OK to reverse this, and by default hide
credentials whenever we can (i.e. whenever mount namespacing is
otherwise opt-ed in to).

Long story short: if you want to hide other service's credentials, the
most basic options is to just turn on PrivateMounts= and there you go,
they should all be gone.
2020-08-25 19:45:38 +02:00
Lennart Poettering
bb0c0d6f29 core: add credentials logic
Fixes: #15778 #16060
2020-08-25 19:45:35 +02:00
Lennart Poettering
9db59d9283 acl-util: beef up add_acls_for_user()
Let's add support for controlling r/w/x bits separetely. This is useful
for using it to control access to directories, where r + x shall be
enabled.
2020-08-25 18:39:45 +02:00
Lennart Poettering
71281a7655 acl-util: make sure acl_find_uid() initializes return parameters on success
Let's follow our usual coding style and initialize return parameters on
success in all cases.
2020-08-25 18:39:45 +02:00
Lennart Poettering
2899fb024f rm-rf: add new flag REMOVE_CHMOD
When removing a directory tree as unprivileged user we might encounter
files owned by us but not deletable since the containing directory might
have the "r" bit missing in its access mode. Let's try to deal with
this: optionally if we get EACCES try to set the bit and see if it works
then.
2020-08-25 18:39:45 +02:00
Lennart Poettering
594191761a update TODO 2020-08-25 18:18:56 +02:00
Lennart Poettering
9be99f81a7 homed: report a home directory as "dirty" if image file has dirty flag 2020-08-25 18:18:56 +02:00
Lennart Poettering
565ac8b1c8 homed: mark LUKS loopback file as "dirty" via xattr when in use
Let's track the "dirty" state of a home directory backed by a LUKS
volume by setting a new xattr "home.home-dirty" on the backing file
whenever it is in use.

This allows us to later user this information to show a home directory
as "dirty". This is useful because we trim/allocate on log-out, and
if we don't do that a home directory will be larger than necessary. This
fact is something we should communicate to the admin.

The idea is that when an admin sees a user with a "dirty" home directory
they can ask them to log in, to clean up the dirty state, and thus trim
everything again.
2020-08-25 18:18:46 +02:00
Lennart Poettering
05c8e12c47 man: document new homectl --recovery-key= switch 2020-08-25 18:14:55 +02:00
Lennart Poettering
64abd37a60 docs: document new recovery key user record fields 2020-08-25 18:14:55 +02:00
Lennart Poettering
80c41552a8 homectl: teach homectl to generate recovery keys 2020-08-25 18:14:55 +02:00
Lennart Poettering
87d7893cfb homed: support recovery keys
For discussion around this see: https://pagure.io/fedora-workstation/issue/82

Recovery keys for homed are very similar to regular passwords, except
that they are exclusively generated by the computer, and not chosen by
the user. The idea is that they are printed or otherwise stored
externally and not what users type in every day.

Taking inspiration from Windows and MacOS this uses 256bit keys. We
format them in 64 yubikey modhex characters, in groups of 8 chars
separated by dashes.

Why yubikey modhex? modhex only uses characters that are are located at
the same place in western keyboard designs. This should reduce the
chance for incorrect inputs for a major chunk of our users, though
certainly not all. This is particular relevant during early boot and
recovery situations, where there's a good chance the keyboard mapping is
not correctly set up.
2020-08-25 18:14:55 +02:00
Lennart Poettering
aecbc87df4 home: add helper to process/normalize modhex64 recovery keys 2020-08-25 18:14:55 +02:00
Lennart Poettering
da3920c3a4 journal: move qrcode printing code to src/shared/
That way we can make use of it in homctl, too.
2020-08-25 17:58:02 +02:00
Lennart Poettering
b3a97fd3ae user-record: add recovery key fields to user record 2020-08-25 17:58:02 +02:00
Lennart Poettering
45374f6503
Merge pull request #15662 from Werkov/fix-cgroup-disable
Fix unsetting cgroup restrictions
2020-08-25 17:36:07 +02:00
Andrew Hangsleben
b2c185bae9 Added sensor configuration for One-netbook OneMix 3 Pro 2020-08-25 14:11:15 +02:00
Lennart Poettering
47d0644e1a
Merge pull request #16833 from JackFangXN/master
analyze-verify: drop pointless zero initialization
2020-08-25 13:20:11 +02:00
Zbigniew Jędrzejewski-Szmek
3b9d671754
Merge pull request #16676 from poettering/repart-mkfs
repart: add new settings Format=, CopyFiles=, Encrypt= and teach --size= a new value "auto"
2020-08-25 12:19:46 +02:00
Alec Moskvin
dd47b25220 rules: don't install 80-drivers.rules when kmod is disabled 2020-08-25 09:35:49 +02:00
Zbigniew Jędrzejewski-Szmek
c3bbc90b4a
Merge pull request #16777 from DaanDeMeyer/kernel-install-followup
kernel-install: "Linux" => "Default" and reuse $BOOT/Default if it already exists
2020-08-25 09:30:44 +02:00
Ronan Pigott
45b156c155 zsh: correct journalctl command completion parsing 2020-08-25 09:29:13 +02:00
Zbigniew Jędrzejewski-Szmek
2c7d33d9e3
Merge pull request #16767 from keszybz/missing-syscall-cleanup
missing_syscall: verify our fallback numbers when possible
2020-08-25 09:21:32 +02:00
Zbigniew Jędrzejewski-Szmek
b20f00599d
Merge pull request #16816 from keszybz/install-templated-presets
Fix preset operation for non-service templates
2020-08-25 09:20:07 +02:00
Zbigniew Jędrzejewski-Szmek
9f56c88aeb
Merge pull request #16819 from keszybz/seccomp-enosys
Return ENOSYS in nspawn for "unknown" syscalls
2020-08-25 09:18:46 +02:00
fangxiuning
05f7a0689e analyze: drop pointless zero initialization 2020-08-25 15:17:52 +08:00
Zbigniew Jędrzejewski-Szmek
d521e6993d
Merge pull request #16824 from keszybz/no-such-unit-error
Add sd_bus_error_has_names() and use it to catch BUS_ERROR_NO_SUCH_UNIT
2020-08-25 09:16:25 +02:00