1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-25 23:21:33 +03:00
Commit Graph

30378 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
c05f3c8ff8 Merge pull request #6931 from poettering/job-timeout-sec 2017-10-05 14:43:13 +02:00
Zbigniew Jędrzejewski-Szmek
21723f53db NEWS: some nitpicking and bike-shedding 2017-10-05 14:42:12 +02:00
Zbigniew Jędrzejewski-Szmek
be03929503 Merge pull request #6952 from poettering/seccomp-getrlimit
a seccomp fix regarding ugetrlimit/prlimit64
2017-10-05 13:22:03 +02:00
Lennart Poettering
acd53eaa7e generator: when we insert a '\n', actually place a proper newline, too 2017-10-05 13:06:44 +02:00
Lennart Poettering
eae51da36e unit: when JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too
We added JobRunningTimeoutSec= late, and Dracut configured only
JobTimeoutSec= to turn of root device timeouts before. With this change
we'll propagate a reset of JobTimeoutSec= into JobRunningTimeoutSec=,
but only if the latter wasn't set explicitly.

This should restore compatibility with older systemd versions.

Fixes: #6402
2017-10-05 13:06:44 +02:00
Andrew Jeddeloh
95ab9eff1e Revert "networkd: change UseMTU default to true. (#6837)" (#6950)
This reverts commit 22043e4317.
UseMTU is broken on real hardware and should not be enabled by default.
2017-10-05 12:58:02 +02:00
Zbigniew Jędrzejewski-Szmek
70b491d190 Merge pull request #6988 from poettering/dns-stub-truncate
rework how resolved's dns stub deals with truncation
2017-10-05 12:35:24 +02:00
Lennart Poettering
5102765695 resolved: rework how we handle truncation in the stub resolver
When we a reply message gets longer than the client supports we need to
truncate the response and set the TC bit, and we already do that.
However, we are not supposed to send incomplete RRs in that case, but
instead truncate right at a record boundary. Do that.

This fixes the "Message parser reports malformed message packet."
warning the venerable "host" tool outputs when a very large response is
requested.

See: #6520
2017-10-05 12:22:43 +02:00
Lennart Poettering
9886b6b13c resolved: take benefit of log_xyz_errno() returning the negative error code
Just some modernizations.
2017-10-05 12:21:18 +02:00
Lennart Poettering
448ac526a3 seccomp: ignore (and debug log) errors by all invocations of seccomp_rule_add_exact()
System calls might exist on some archs but not on others, or might be
multiplexed but not on others. Ignore such errors when putting together
a filter at this location like we already do it on all others.
2017-10-05 11:27:34 +02:00
Lennart Poettering
1c6af69b2d seccomp: always handle seccomp_load() failing the same way
Unfortunately libseccomp doesn't return (nor document) clean error
codes, hence until then only check for specific error codes that we
propagate, but ignore (but debug log) all others. Do this at one more
place, we are already doing that at all others.
2017-10-05 11:27:34 +02:00
Lennart Poettering
ff217dc3af seccomp: react gracefully if we can't translate a syscall name
When a libseccomp implementation doesn't know a syscall yet, that's no
reason for us to fail completely. Instead, debug log, and proceed.

This hopefully fixes the preadv2/pwritev2 issues pointed out here:

https://github.com/systemd/systemd/pull/6952#issuecomment-334302923
2017-10-05 11:27:34 +02:00
Lennart Poettering
4c3a917617 seccomp: include prlimit64 and ugetrlimit in @default
Also, move prlimit64() out of @resources.

prlimit64() may be used both for getting and setting resource limits, and
is implicitly called by glibc at various places, on some archs, the same
was as getrlimit(). SImilar, igetrlimit() is an arch-specific
replacement for getrlimit(), and hence should be whitelisted at the same
place as getrlimit() and prlimit64().

Also see: https://lists.freedesktop.org/archives/systemd-devel/2017-September/039543.html
2017-10-05 11:27:34 +02:00
Zbigniew Jędrzejewski-Szmek
c9905d4dd2 Merge pull request #6944 from poettering/suspend-fix
systemctl reboot/suspend tweaks
2017-10-05 11:26:44 +02:00
Hans de Goede
2a2fcbeecd hwdb: Add accelerometer orientation entry for Chuwi Hi8 Pro tablet (#6998)
Add an accelerometer orientation entry for the Chuwi Hi8 Pro tablet.
2017-10-05 01:06:55 +02:00
Lennart Poettering
f6e64b78cc tmpfiles: change btmp mode 0600 → 0660 (#6997)
As discussed in #6994.

Fixes: #6994
2017-10-04 21:44:29 +02:00
Lennart Poettering
98e4fcec36 dynamic-user: don't use a UID that currently owns IPC objects (#6962)
This fixes a mostly theoretical potential security hole: if for some
reason we failed to remove IPC objects created for a dynamic user (maybe
because a MAC/SElinux erronously prohibited), then we should not hand
out the same UID again until they are successfully removed.

With this commit we'll enumerate the IPC objects currently existing, and
step away from using a UID for the dynamic UID logic if there are any
matching it.
2017-10-04 21:40:01 +02:00
Zbigniew Jędrzejewski-Szmek
03d4358277 Merge pull request #6975 from sourcejedi/logind_pid_0_v2
Selectively revert "tree-wide: use pid_is_valid() at more places"
2017-10-04 21:33:52 +02:00
Lennart Poettering
e06fafb2d7 NEWS: add comment about change sync/async behaviour for shutdown commands 2017-10-04 20:59:15 +02:00
Lennart Poettering
6324a8a727 man: document which special "systemctl" commands are synchronous and which asynchronous.
This documents the status quo, clarifying when we are synchronous and
when asynchronous by default and when --no-block is support to force
asynchronous operation.

See: #6479
2017-10-04 20:59:15 +02:00
Lennart Poettering
d13f5e164e logind: don's change dry-run boolean before we actually enqueue the operation
Let's not affect change before the PK check.
2017-10-04 20:56:24 +02:00
Lennart Poettering
15e99a4392 logind: reorder things a bit
Let's keep the three sleep method implementations close to each other.
2017-10-04 20:56:24 +02:00
Lennart Poettering
130246d2e8 systemctl: make sure "reboot", "suspend" and friends are always asynchronous
Currently, "systemctl reboot" behaves differently in setups with and
without logind. If logind is used (which is probably the more common
case) the operation is asynchronous, and otherwise synchronous (though
subject to --no-block in this case). Let's clean this up, and always
expose the same behaviour, regardless if logind is used or not: let's
always make it asynchronous.

It might make sense to add a "--block" mode in a future PR that makes
these operations synchronous, but this requires non-trivial work in
logind, and is outside of the scope of this change.

See: #6479
2017-10-04 20:56:24 +02:00
Lennart Poettering
36b69c3131 logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.

Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".

Moreover, let's add the missing PK action.

Fixes: #6957
2017-10-04 20:56:24 +02:00
Lennart Poettering
e65270ad12 Merge pull request #6992 from keszybz/fix-test-copy
test-copy: fix operation when test-copy is too small
2017-10-04 20:00:14 +02:00
Zbigniew Jędrzejewski-Szmek
57056020c5 hwdb: switch meson to use ids_parser.py (#6964)
Also drop the now-unused perl implementation (that doesn't do sorting),
so it's incompatible anyway.
2017-10-04 19:32:59 +02:00
Zbigniew Jędrzejewski-Szmek
5991ce44dc udevadm,basic: replace nulstr_contains with STR_IN_SET (#6965)
STR_IN_SET is a newer approach which is easier to write and read, and which
seems to result in space savings too:

before:
4949848 build/src/shared/libsystemd-shared-234.so
 350704 build/systemctl
4967184 build/systemd
 826216 build/udevadm

after:
4949848 build/src/shared/libsystemd-shared-234.so
 350704 build/systemctl
4966888 build/systemd
 826168 build/udevadm
2017-10-04 19:32:12 +02:00
Yu Watanabe
689ca202e7 nss-systemd: if cannot open bus, then try to read user info directly (#6971)
If sd_bus_open_system() fail, then try to read information about
dynamic users from /run/systemd/dynamic-uid.
This makes services can successfully call getpwuid() or their friends
even if dbus.service is not started yet.

Fixes #6967.
2017-10-04 19:29:36 +02:00
Lennart Poettering
4aa1d31c89 Merge pull request #6974 from keszybz/clean-up-defines
Clean up define definitions
2017-10-04 19:25:30 +02:00
Lennart Poettering
5ad90fe376 Merge pull request #6985 from yuwata/empty
load-fragment: do not create empty array
2017-10-04 17:54:35 +02:00
Alan Jenkins
6f876815c6 logind: use pid_is_valid() where appropriate
These two sites _do_ match the definition of pid_is_valid(); they don't
provide any special handling for the invalid PID value 0.  (They're used
by dbus methods, so the PID value 0 is handled with reference to the dbus
client creds, outside of these functions).
2017-10-04 15:40:20 +01:00
Alan Jenkins
72b3f82e17 systemctl: use pid_is_valid() where appropriate
This was the one valid site in commit
ee043777be.

The second part of this hunk, avoiding using `%m`
when we didn't actually have `errno` set, seems
like a nice enough cleanup to be worthwhile on
it's own.

Also use PID_FMT to improve the error message we print
(pid_t is signed).
2017-10-04 15:40:11 +01:00
Yu Watanabe
4c70109600 tree-wide: use IN_SET macro (#6977) 2017-10-04 16:01:32 +02:00
Zbigniew Jędrzejewski-Szmek
98d9319960 test-sizeof: add pid_t and gid_t
C.f. #6975.
2017-10-04 15:22:07 +02:00
Zbigniew Jędrzejewski-Szmek
6fbdf424b4 test-copy: fix operation when test-copy is too small
Fixes #6981.
2017-10-04 15:17:09 +02:00
Djalal Harouni
6d0aa4db7b Merge pull request #6986 from OpenDZ/tixxdz/seccomp-more-default-syscalls-v1
seccomp: add sched_yield syscall to the @default syscall set
2017-10-04 15:01:21 +02:00
Yu Watanabe
6b5bb2f9d0 man: fix that the same option is listed twice (#6991) 2017-10-04 14:43:00 +02:00
Lennart Poettering
0a9b166b43 units: prohibit all IP traffic on all our long-running services (#6921)
Let's lock things down further.
2017-10-04 14:16:28 +02:00
Zbigniew Jędrzejewski-Szmek
a9149d876b meson: generate ENABLE_* names automatically
After previous changes, the naming of configuration options and internal
defines is consistent.
2017-10-04 12:09:51 +02:00
Zbigniew Jędrzejewski-Szmek
1ec57f3394 build-sys: s/ENABLE_RESOLVED/ENABLE_RESOLVE/
The configuration option was called -Dresolve, but the internal define
was …RESOLVED. This options governs more than just resolved itself, so
let's settle on the version without "d".
2017-10-04 12:09:51 +02:00
Zbigniew Jędrzejewski-Szmek
08cf5b8dc3 build-sys: s/HAVE_MYHOSTNAME/ENABLE_MYHOSTNAME/
Same justification as for HAVE_UTMP. HAVE_MYHOSTNAME was used before mysthostname
was merged into systemd.
2017-10-04 12:09:51 +02:00
Zbigniew Jędrzejewski-Szmek
f9fa32f09c build-sys: s/HAVE_SMACK/ENABLE_SMACK/
Same justification as for HAVE_UTMP.
2017-10-04 12:09:50 +02:00
Zbigniew Jędrzejewski-Szmek
392fd235fd build-sys: s/HAVE_IMA/ENABLE_IMA/
Same justification as for HAVE_UTMP.
2017-10-04 12:09:50 +02:00
Zbigniew Jędrzejewski-Szmek
3211da4bcb build-sys: s/HAVE_UTMP/ENABLE_UTMP/
"Have" should be about the external environment and dependencies. Anything
which is a pure yes/no choice should be "enable".
2017-10-04 12:09:50 +02:00
Zbigniew Jędrzejewski-Szmek
70160ce891 build-sys: require all defines under #if to be present
This should help to catch any errors with typos and HAVE/ENABLE mismatches.
2017-10-04 12:09:50 +02:00
Zbigniew Jędrzejewski-Szmek
8e3e2f5f22 test-nss: fix names of two defines
That's another bug fixed (sys/auxv.h was the first).
2017-10-04 12:09:50 +02:00
Zbigniew Jędrzejewski-Szmek
349cc4a507 build-sys: use #if Y instead of #ifdef Y everywhere
The advantage is that is the name is mispellt, cpp will warn us.

$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build

squash! build-sys: use #if Y instead of #ifdef Y everywhere

v2:
- fix incorrect setting of HAVE_LIBIDN2
2017-10-04 12:09:29 +02:00
Djalal Harouni
8f44de08e9 seccomp: add sched_yield syscall to the @default syscall set 2017-10-04 10:41:42 +01:00
Zbigniew Jędrzejewski-Szmek
ac6e8be66e core: use strv_isempty to check if supplementary_groups is empty
With the previous commit, we know that it will be NULL if empty, but
it's safe to always use strv_isempty() in case the code changes
in the future.
2017-10-04 11:33:30 +02:00
Yu Watanabe
9f2d41a65f load-fragment: do not create empty array
Originally added in 4589f5bb0a.
C.f. 8249bb728d and #6746.
2017-10-04 11:23:42 +02:00