1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

2345 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
d20a328f97 build-sys,man: describe systemd-umount and hook it up to installation (#5227) 2017-02-05 22:27:38 +01:00
Lennart Poettering
2f3dfc6fb4 verity: add support for setting up verity-protected root disks in the initrd
This adds a generator and a small service that will look for "roothash="
on the kernel command line and use it for setting up a very partition
for the root device.

This provides similar functionality to nspawn's existing --roothash=
switch.
2016-12-21 19:09:30 +01:00
Lennart Poettering
91214a37ef fstab-generator: add support for volatile boots
This adds support for a new kernel command line option "systemd.volatile=" that
provides the same functionality that systemd-nspawn's --volatile= switch
provides, but for host systems (i.e. systems booting with a kernel).

It takes the same parameter and has the same effect.

In order to implement systemd.volatile=yes a new service
systemd-volatile-root.service is introduced that only runs in the initrd and
rearranges the root directory as needed to become a tmpfs instance. Note that
systemd.volatile=state is implemented different: it simply generates a
var.mount unit file that is part of the normal boot and has no effect on the
initrd execution.

The way this is implemented ensures that other explicit configuration for /var
can always override the effect of these options.  Specifically, the var.mount
unit is generated in the "late" generator directory, so that it only is in
effect if nothing else overrides it.
2016-12-21 19:09:29 +01:00
Lennart Poettering
a4c35b6b4d nspawn: split out VolatileMode definitions
This moves the VolatileMode enum and its helper functions to src/shared/. This
is useful to then reuse them to implement systemd.volatile= in a later commit.
2016-12-20 20:00:08 +01:00
Lennart Poettering
9b12360bf6 build-sys: include the builddir in $PATH while testing
udev-test.pl shells out systemd-detect-virt, and it really should invoke the
version from the build tree instead of one supplied by the installed system,
hence let's add the builddir to $PATH while building.
2016-12-14 18:29:30 +01:00
Lennart Poettering
835552511e core: hook up MountFlags= to the transient unit logic
This makes "systemd-run -p MountFlags=shared -t /bin/sh" work, by making
MountFlags= to the list of properties that may be accessed transiently.
2016-12-13 21:22:13 +01:00
Evgeny Vereshchagin
fcb2427055 core: machine_id_setup overwrites broken machine-id 2016-12-13 12:58:42 +00:00
Martin Pitt
142a1afbb9 Merge pull request #4771 from keszybz/udev-property-ordering
Udev property ordering
2016-12-12 16:03:52 +01:00
Lennart Poettering
86bcce5f1f Merge pull request #4844 from hadess/sensor-quirks
udev: Add rules for accelerometer orientation quirks
2016-12-10 16:28:50 +01:00
Bastien Nocera
1f886b50f6 udev: Add rules for accelerometer orientation quirks
This commit adds a rules file to extract the properties from hwdb
to set on i2c IIO devices. This is used to set the ACCEL_MOUNT_MATRIX
property on IIO devices, to be consumed by iio-sensor-proxy or
equivalent daemon.

The hwdb file contains documentation on how to write quirks. Note
however that mount information is usually exported in:
- the device-tree for ARM devices
- the ACPI DSDT for Intel-compatible devices
but currently not extracted by the kernel.

Also note that some devices have the framebuffer rotation that changes
between the bootloader and the main system, which might mean that the
accelerometer is then wrongly oriented. This is a missing feature in the
i915 kernel driver: https://bugs.freedesktop.org/show_bug.cgi?id=94894
which needs to be fixed, and won't require quirks.
2016-12-10 02:25:11 -05:00
Zbigniew Jędrzejewski-Szmek
4a5567d5d6 Merge pull request #4795 from poettering/dissect
Generalize image dissection logic of nspawn, and make it useful for other tools.
2016-12-10 01:08:13 -05:00
Zbigniew Jędrzejewski-Szmek
9258a1cae3 Merge pull request #4686 from poettering/machine-id-app-specific
Add new "khash" API and add new sd_id128_get_machine_app_specific() function
2016-12-08 23:24:28 -05:00
Lennart Poettering
18b5886e56 dissect: add support for encrypted images
This adds support to the image dissector to deal with encrypted images (only
LUKS). Given that we now have a neatly isolated image dissector codebase, let's
add a new feature to it: support for automatically dealing with encrypted
images. This is then exposed in systemd-dissect and nspawn.

It's pretty basic: only support for passphrase-based encryption.

In order to ensure that "systemd-dissect --mount" results in mount points whose
backing LUKS DM devices are cleaned up automatically we use the DM_DEV_REMOVE
ioctl() directly on the device (in DM_DEFERRED_REMOVE mode). libgcryptsetup at
the moment doesn't provide a proper API for this. Thankfully, the ioctl() API
is pretty easy to use.
2016-12-07 18:38:41 +01:00
Lennart Poettering
a2ea3b2fc8 dissect: add small "systemd-dissect" tool as wrapper around dissect-image.c
This adds a small tool that may be used to look into OS images, and mount them
to any place. This is mostly a friendlier version of test-dissect-image.c. I am
not sure this should really become a proper command of systemd, hence for now
do not install it into bindir, but simply libexecdir.

This tool is already pretty useful since you can mount image files with it,
honouring the various partitions correctly. I figure this is going to become
more interesting if the dissctor learns luks and verity support.
2016-12-07 18:38:41 +01:00
Lennart Poettering
8c1be37e5b util-lib: split out image dissecting code and loopback code from nspawn
This adds two new APIs to systemd:

- loop-util.h is a simple internal API for allocating, setting up and releasing
  loopback block devices.

- dissect-image.h is an internal API for taking apart disk images and figuring
  out what the purpose of each partition is.

Both APIs are basically refactored versions of similar code in nspawn.  This
rework should permit us to reuse this in other places than just nspawn in the
future. Specifically: to implement RootImage= in the service image, similar to
RootDirectory=, but operating on a disk image; to unify the gpt-auto-discovery
generator code with the discovery logic in nspawn; to add new API to machined
for determining the OS version of a disk image (i.e. not just running
containers). This PR does not make any such changes however, it just provides
the new reworked API.

The reworked code is also slightly more powerful than the nspawn original one.
When pointing it to an image or block device with a naked file system (i.e. no
partition table) it will simply make it the root device.
2016-12-07 18:38:40 +01:00
Zbigniew Jędrzejewski-Szmek
49141e0cd1 hwdb: improve and test syntax error messages
Since syntax error are non-fatal, downgrade them to warnings.
Use log_syntax to have uniform formatting including the line number.
State machine states like DATA and MATCH are internal, user-facing
messages should use the names from hwdb(7): match, property, record.
Also change "key/value" to "key-value", since there's no alternative
here, both parts must be present.

[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:2] Property expected, ignoring record with no properties
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:5] Property expected, ignoring record with no properties
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:9] Property expected, ignoring record with no properties
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:11] Key/value pair expected but got " NO_VALUE", ignoring
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:18] Property or empty line expected, got "BAD:7:match at wrong place", ignoring record
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:22] Property or empty line expected, got "BAD:8:match at wrong place", ignoring record
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:23] Match expected but got indented property " Z=z", ignoring line

squash! hwdb: improve syntax error messages
2016-12-01 11:56:50 -05:00
Gabriel Rauter
a9d2d40dba networkctl: install zsh completion from #3062 (#4767)
zsh autocompletion provided by #3062 will be installed when networkd is
enabled.
2016-11-29 13:00:38 -05:00
Lennart Poettering
0fe5f3c5d7 core: add "khash" API to src/basic/ (as wrapper around kernel AF_ALG)
Let's take inspiration from bluez's ELL library, and let's move our
cryptographic primitives away from libgcrypt and towards the kernel's AF_ALG
cryptographic userspace API.

In the long run we should try to remove the dependency on libgcrypt, in favour
of using only the kernel's own primitives, however this is unlikely to happen
anytime soon, as the kernel does not provide Elliptic Curve APIs to userspace
at this time, and we need them for the DNSSEC cryptographic.

This commit only covers hashing for now, symmetric encryption/decryption or
even asymetric encryption/decryption is not available for now.

"khash" is little more than a lightweight wrapper around the kernel's AF_ALG
socket API.
2016-11-29 15:13:00 +01:00
Zbigniew Jędrzejewski-Szmek
953bf4604f units: add system-update-cleanup.service to guard against offline-update loops
Note: the name is "system-update-cleanup.service" rather than
"system-update-done.service", because it should not run normally, and also
because there's already "systemd-update-done.service", and having them named
so similarly would be confusing.

In https://bugzilla.redhat.com/show_bug.cgi?id=1395686 the system repeatedly
entered system-update.target on boot. Because of a packaging issue, the tool
that created the /system-update symlink could be installed without the service
unit that was supposed to perform the upgrade (and remove the symlink). In
fact, if there are no units in system-update.target, and /system-update symlink
is created, systemd always "hangs" in system-update.target. This is confusing
for users, because there's no feedback what is happening, and fixing this
requires starting an emergency shell somehow, and also knowing that the symlink
must be removed. We should be more resilient in this case, and remove the
symlink automatically ourselves, if there are no upgrade service to handle it.

This adds a service which is started after system-update.target is reached and
the symlink still exists. It nukes the symlink and reboots the machine. It
should subsequently boot into the default default.target.

This is a more general fix for
https://bugzilla.redhat.com/show_bug.cgi?id=1395686 (the packaging issue was
already fixed).
2016-11-29 01:40:34 -05:00
Martin Pitt
30dc7898d5 tests: add hwdb parsing test
This calls the built "systemd-hwdb update" on the source tree's hwdb/ in a
temporary directory and verifies that there are no error messages.
2016-11-24 11:46:03 +01:00
Martin Pitt
2c99aba726 networkd: allow networkd to set the timezone in timedated
systemd-networkd runs as user "systemd-network" and thus is not privileged to
set the timezone acquired from DHCP:

  systemd-networkd[4167]: test_eth42: Could not set timezone: Interactive authentication required.

Similarly to commit e8c0de912, add a polkit rule to grant
org.freedesktop.timedate1.set-timezone to the "systemd-network" system user.
Move the polkit rules from src/hostname/ to src/network/ to avoid too many
small distributed policy snippets (there might be more in the future), as it's
easier to specify the privileges for a particular subject in this case.

Add NetworkdClientTest.test_dhcp_timezone() test case to verify this (for
all people except those in Pacific/Honolulu, there the test doesn't prove
anything -- sorry ☺ ).
2016-11-23 16:32:06 +01:00
Martin Pitt
e8c0de9127 hostnamed: allow networkd to set the transient hostname
systemd-networkd runs as user "systemd-network" and thus is not privileged to
set the transient hostname:

  systemd-networkd[516]: ens3: Could not set hostname: Interactive authentication required.

Standard polkit *.policy files do not have a syntax for granting privileges to
a user, so ship a pklocalauthority (for polkit < 106) and a JavaScript rules
file (for polkit >= 106) that grants the "systemd-network" system user that
privilege.

Add DnsmasqClientTest.test_transient_hostname() test to networkd-test.py to
cover this. Make do_test() a bit more flexible by interpreting "coldplug==None"
as "test sets up the interface by itself". Change DnsmasqClientTest to set up
test_eth42 with a fixed MAC address so that we can configure dnsmasq to send a
special host name for that.

Fixes #4646
2016-11-20 12:19:21 +01:00
Djalal Harouni
97e60383c0 test: add tests for RestrictNamespaces= 2016-11-15 15:50:19 +01:00
Tom Gundersen
23f53b99b1 networkd: clean up main header file a bit
Rename networkd.h to networkd-manager.h, to more accurately describe what it
contains.
2016-11-14 01:05:06 +01:00
Tom Gundersen
441e9ae4d9 networkd: netdev - move to separate subdirectory
This could (and should) be made into a separate daemon, at least move
the sourcefiles out for now.
2016-11-13 05:16:49 +01:00
Tom Gundersen
c5fcf6e470 networkd-wait-online: move to separate subdirectory
Also clean up the header files a bit.
2016-11-13 01:29:30 +01:00
Zbigniew Jędrzejewski-Szmek
4318abe8d2 build-sys: do not install ctrl-alt-del.target symlink twice
It was a harmless but pointless duplication. Fixes #4655.

Note: in general we try to install as little as possible in
/etc/systemd/{system,user}. We only install .wants links there for units which
are "user configurable", i.e. which have an [Install] section. Most our units
and aliases are not user configurable, do not have an [Install] section, and
must be symlinked statically during installation. A few units do have an
[Install] section, and are enabled through symlinks in /etc/ during
installation using GENERAL_ALIASES. It *would* be possible to not create those
symlinks, and instead require 'systemctl preset' to be invoked after
installation, but GENERAL_ALIASES works well enough.
2016-11-12 10:14:10 -05:00
Zbigniew Jędrzejewski-Szmek
d85a0f8028 Merge pull request #4536 from poettering/seccomp-namespaces
core: add new RestrictNamespaces= unit file setting

Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.
2016-11-08 19:54:21 -05:00
Zbigniew Jędrzejewski-Szmek
a809cee582 Merge pull request #4612 from keszybz/format-strings
Format string tweaks (and a small fix on 32bit)
2016-11-08 08:09:40 -05:00
Mike Gilbert
d07903848f Adjust pkgconfig files to point at rootlibdir (#4584)
The .so symlinks got moved to rootlibdir in 082210c7.
2016-11-08 09:36:41 +01:00
Zbigniew Jędrzejewski-Szmek
f97b34a629 Rename formats-util.h to format-util.h
We don't have plural in the name of any other -util files and this
inconsistency trips me up every time I try to type this file name
from memory. "formats-util" is even hard to pronounce.
2016-11-07 10:15:08 -05:00
Lennart Poettering
add005357d core: add new RestrictNamespaces= unit file setting
This new setting permits restricting whether namespaces may be created and
managed by processes started by a unit. It installs a seccomp filter blocking
certain invocations of unshare(), clone() and setns().

RestrictNamespaces=no is the default, and does not restrict namespaces in any
way. RestrictNamespaces=yes takes away the ability to create or manage any kind
of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces
so that only mount and IPC namespaces may be created/managed, but no other
kind of namespaces.

This setting should be improve security quite a bit as in particular user
namespacing was a major source of CVEs in the kernel in the past, and is
accessible to unprivileged processes. With this setting the entire attack
surface may be removed for system services that do not make use of namespaces.
2016-11-04 07:40:13 -06:00
Martin Pitt
e2df6e90b2 build-sys: link test-seccomp against seccomp libs (#4560)
Fixes build error on recent toolchains:

  ../src/test/test-seccomp.c:35: error: undefined reference to 'seccomp_arch_native'
  collect2: error: ld returned 1 exit status
2016-11-03 23:15:33 +02:00
Djalal Harouni
5c67067f0e test: test DynamicUser= with SupplementaryGroups= 2016-11-03 08:38:28 +01:00
Djalal Harouni
2b9ac11ed9 test: test DynamicUser= with a fixed user 2016-11-03 08:37:15 +01:00
Lennart Poettering
515958c9eb build-sys: bump package and library version in preparation for v232 2016-11-02 16:04:40 -06:00
Zbigniew Jędrzejewski-Szmek
8d3eafa161 Merge pull request #4450 from poettering/seccompfixes
Various seccomp fixes and NEWS update.
2016-10-24 20:23:21 -04:00
Lennart Poettering
828d92acbc core: drop -.slice from shipped units
Since this unit is synthesized anyway there's no point in actually shipping it
on disk. This also has the benefit that "cd /usr/lib/systemd/system ; ls *"
won't be confused by the leading dash of the file name anymore.
2016-10-24 20:49:48 +02:00
Lennart Poettering
f6281133de seccomp: add test-seccomp test tool
This validates the system call set table and many of our seccomp-util.c APIs.
2016-10-24 17:32:51 +02:00
Djalal Harouni
50ca7a35a1 test: lets add more tests to cover SupplementaryGroups= cases. 2016-10-24 12:38:53 +02:00
Zbigniew Jędrzejewski-Szmek
60f17f75d1 Merge pull request #4372 from evverx/fix-synced-cgroup-hierarchy-perms 2016-10-23 23:25:57 -04:00
Evgeny Vereshchagin
844da987ef tests/TEST-13-NSPAWN-SMOKE: remove an expected failure check
https://github.com/systemd/systemd/issues/4352 has been fixed
So, we don't need this workaround anymore
2016-10-23 23:23:43 -04:00
Djalal Harouni
bf9ace96fc test: add more tests for SupplementaryGroups= 2016-10-23 23:27:16 +02:00
Djalal Harouni
86b838eaa3 test: Add simple test for supplementary groups 2016-10-23 23:27:14 +02:00
Lukas Nykryn
87a47f99bc failure-action: generalize failure action to emergency action 2016-10-21 15:13:50 +02:00
Evgeny Vereshchagin
c7934185fe tests: add smoke test for systemd-nspawn
Basically, this test runs:
```
    systemd-nspawn --register=no -D "$_root" -b
    systemd-nspawn --register=no -D "$_root" --private-network -b
    systemd-nspawn --register=no -D "$_root" -U -b
    systemd-nspawn --register=no -D "$_root" --private-network -U -b
```
and exports the `UNIFIED_CGROUP_HIERARCHY=[yes|no]`, `SYSTEMD_NSPAWN_USE_CGNS=[yes|no]`

Inspired by
* systemd#3589 (comment)
* systemd#4372 (comment)
* systemd#4223 (comment)
* systemd#1555

and so on :-)
2016-10-17 16:50:09 +00:00
Lennart Poettering
8bfdf29b24 Merge pull request #4243 from endocode/djalal/sandbox-first-protection-kernelmodules-v1
core:sandbox: Add ProtectKernelModules= and some fixes
2016-10-13 18:36:29 +02:00
Felipe Sateler
651742d8ec build-sys: Allow disabling installation of pam config snippet 2016-10-12 14:09:14 -03:00
Djalal Harouni
4982dbcc30 test: add test to make sure that ProtectKernelModules=yes disconnect mount propagation 2016-10-12 14:12:36 +02:00
Djalal Harouni
3ae33295f0 test: add capability tests for ProtectKernelModules=
This just adds capabilities test.
2016-10-12 13:36:27 +02:00