1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
Commit Graph

44456 Commits

Author SHA1 Message Date
Evgeny Vereshchagin
9494b39dac cifuzz: upload artifacts only when the "run fuzzers" step fails 2020-05-02 11:20:30 +02:00
Emmanuel Garette
db1442260a repart: fix partition maximum size segfault
Discovered, tracked down and fix proposed by Emmanuel Garette.

See: https://lists.freedesktop.org/archives/systemd-devel/2020-April/044435.html

(Lennart turned this into a PR)

Fixes: #15608
2020-05-01 17:31:45 +02:00
Zbigniew Jędrzejewski-Szmek
843c631a8e
Merge pull request #15652 from MadMcCrow/master
Fix Chromebook Caroline board accelerometer not having correct orientation
2020-05-01 17:26:55 +02:00
Lennart Poettering
6eb35fd695
Merge pull request #15547 from kkdwivedi/notify-barrier
Introduce sd_notify_barrier
2020-05-01 08:48:42 +02:00
Zbigniew Jędrzejewski-Szmek
b76ef59756
Merge pull request #13512 from msekletar/freezer
core: introduce support for cgroup freezer
2020-05-01 07:52:29 +02:00
Kumar Kartikeya Dwivedi
5ec7a9947e
man: sd_notify() race is gone with sd_notify_barrier()
Add note for change of behaviour in systemd-notify, where parent pid trick
is only used when --no-block is passed, and with enough privileges ofcourse.

Also, fix a small error in systemd(1).
2020-05-01 03:22:59 +05:30
Kumar Kartikeya Dwivedi
4f07ddfa9b
Introduce sd_notify_barrier
This adds the sd_notify_barrier function, to allow users to synchronize against
the reception of sd_notify(3) status messages. It acts as a synchronization
point, and a successful return gurantees that all previous messages have been
consumed by the manager. This can be used to eliminate race conditions where
the sending process exits too early for systemd to associate its PID to a
cgroup and attribute the status message to a unit correctly.

systemd-notify now uses this function for proper notification delivery and be
useful for NotifyAccess=all units again in user mode, or in cases where it
doesn't have a control process as parent.

Fixes: #2739
2020-05-01 03:22:47 +05:30
Dan Streetman
cad6727906 test: find path for systemd-journal-remote
As Debian/Ubuntu use /lib/systemd instead of /usr/lib/systemd,
add systemd-journal-remote to the list of programs that test-functions
detects the correct path to, and replace its direct usage with
$SYSTEMD_JOURNAL_REMOTE

Also use $JOURNALCTL instead of journalctl.

Also minor correction in install_plymouth() to look in /lib/... as
well as /usr/lib/... and /etc/...
2020-04-30 22:33:47 +02:00
Lennart Poettering
a8332698d7
Merge pull request #15592 from kennylevinsen/fdpoll-standalone
Introduce FDPOLL=0
2020-04-30 22:32:28 +02:00
Corey Hinshaw
db72aea4a9 Add SetType method to login Session interface 2020-04-30 21:29:26 +02:00
Kenny Levinsen
3052049260 core: (De-)Serialize poll flag for fds in fdstore
This replaces manual string splitting and unescaping with
extract_first_word.
2020-04-30 19:42:53 +02:00
Kenny Levinsen
cb5a46b845 core: Add optional FDPOLL=0 argument to fdstore
A service can specify FDSTORE=1 FDPOLL=0 to request that PID1 does not
poll the fd to remove them on error. If set, fds will only be removed on
FDSTOREREMOVE=1 or when the service is done.

Fixes: #12086
2020-04-30 19:42:26 +02:00
MadMcCrow
208bf319d3 Fix Chromebook Caroline board accelerometer not having correct orientation 2020-04-30 19:21:41 +02:00
Michal Sekletár
d446ae89c0 test: add test for cgroup v2 freezer support 2020-04-30 19:02:55 +02:00
Michal Sekletár
d9e45bc3ab core: introduce support for cgroup freezer
With cgroup v2 the cgroup freezer is implemented as a cgroup
attribute called cgroup.freeze. cgroup can be frozen by writing "1"
to the file and kernel will send us a notification through
"cgroup.events" after the operation is finished and processes in the
cgroup entered quiescent state, i.e. they are not scheduled to
run. Writing "0" to the attribute file does the inverse and process
execution is resumed.

This commit exposes above low-level functionality through systemd's DBus
API. Each unit type must provide specialized implementation for these
methods, otherwise, we return an error. So far only service, scope, and
slice unit types provide the support. It is possible to check if a
given unit has the support using CanFreeze() DBus property.

Note that DBus API has a synchronous behavior and we dispatch the reply
to freeze/thaw requests only after the kernel has notified us that
requested operation was completed.
2020-04-30 19:02:51 +02:00
Lennart Poettering
9dcd43b149 notify: beef up --pid= logic
Prompted by the discussions on #15547.
2020-04-30 18:36:05 +02:00
Lennart Poettering
484f4e5b2d efi: honour SYSTEMD_EFI_OPTIONS even if we wouldn't honour SystemdOptions EFI var due to SecureBoot
Fixes: #14864
2020-04-30 12:12:14 +02:00
Lennart Poettering
f46ba93944 efi: cache test results of boolean EFI state functions
EFI variable access is nowadays subject to rate limiting by the kernel.
Thus, let's cache the results of checking them, in order to minimize how
often we access them.

Fixes: #14828
2020-04-30 08:10:31 +02:00
Lennart Poettering
d47df15b11
Merge pull request #15630 from nabijaczleweli/symmetric-buffers
link: Allow configuring RX mini and jumbo ring sizes, too
2020-04-30 08:06:26 +02:00
nabijaczleweli
e81f5fc4e8
link: Allow configuring RX mini and jumbo ring sizes, too
This now covers all ethtool_ringparam configurables (as of v5.6;
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/ethtool.h?h=v5.6#n488)
2020-04-29 18:57:13 +02:00
nabijaczleweli
80af9bdabe
link: Add units and fix typo in (Rx|Tx)BufferSize= manpage. Clean up the implementation slightly 2020-04-29 18:55:42 +02:00
Michal Sekletár
25a1f04c68 basic/cgroup-util: introduce cg_get_keyed_attribute_full()
Callers of cg_get_keyed_attribute_full() can now specify via the flag whether the
missing keyes in cgroup attribute file are OK or not. Also the wrappers for both
strict and graceful version are provided.
2020-04-29 18:41:19 +02:00
Zbigniew Jędrzejewski-Szmek
f20078df0b docs: reorder the section about security reporting to emphasize the sekrit list 2020-04-29 17:20:37 +02:00
Michal Sekletár
08deac6e3e selinux: do preprocessor check only in selinux-access.c
This has the advantage that mac_selinux_access_check() can be used as a
function in all contexts. For example, parameters passed to it won't be
reported as unused if the "function" call is replaced with 0 on SELinux
disabled builds.
2020-04-29 13:56:40 +02:00
Frantisek Sumsal
e83ef04d97
Merge pull request #15626 from poettering/more-specifiers
tmpfiles,sysusers,pid1: add a bunch of more specifiers
2020-04-29 10:07:12 +02:00
Lennart Poettering
384bd937fa
Merge pull request #15628 from poettering/tmpfiles-fuzz-fix
systemd-tmpfiles fuzz issue fix
2020-04-29 09:41:46 +02:00
Lennart Poettering
dfe01841e6 tmpfiles: remove unnecessary assert
if we parse an xattr line that has no valid assignment, we might end up
with an empty ->xattr list. Don't hit assert on that, just go on.

Fixes: #15610
2020-04-29 00:23:28 +02:00
Lennart Poettering
d02933fded tmpfiles: use log_syntax() for all parse errors 2020-04-29 00:23:28 +02:00
Lennart Poettering
33bd857f94 update TODO 2020-04-28 23:16:35 +02:00
Lennart Poettering
503298b724 man: document new specifiers 2020-04-28 23:14:28 +02:00
Lennart Poettering
268f5a5463 tree-wide: support a bunch of additional specifiers 2020-04-28 22:47:21 +02:00
Lennart Poettering
76410e9849 update TODO 2020-04-28 20:02:50 +02:00
Lennart Poettering
04d1ee0f7e main: bump RLIMIT_MEMLOCK by physical RAM size
Let's allow more memory to be locked on beefy machines than on small
ones. The previous limit of 64M is the lower bound still. This
effectively means on a 4GB machine we can lock 512M, which should be
more than enough, but still not lock up the machine entirely under
pressure.

Fixes: #15053
2020-04-28 19:54:21 +02:00
Lennart Poettering
dcff2fa5d1 nspawn: be more careful with creating/chowning directories to overmount
We should never re-chown selinuxfs.

Fixes: #15475
2020-04-28 19:40:46 +02:00
Lennart Poettering
c98fef264b update TODO 2020-04-28 19:38:55 +02:00
Daan De Meyer
bac1b83217 sd-bus: Add sd_bus_query_sender_creds/privilege docs 2020-04-28 19:38:04 +02:00
Zbigniew Jędrzejewski-Szmek
2344aefccf
Merge pull request #15618 from keszybz/help-output
Small adjustments to --help output
2020-04-28 19:31:16 +02:00
Daan De Meyer
8653422b6a sd-bus: Add sd_bus_get_creds_mask docs 2020-04-28 19:30:49 +02:00
Luca Boccassi
4096043f05 Revert "detect-virt: also detect "microsoft" as WSL"
WSL2 will soon (TM) include the "WSL2" string in /proc/sys/kernel/osrelease
so the workaround will no longer be necessary.
We have several different cloud images which do include the "microsoft"
string already, which would break this detection. They are for internal
usage at the moment, but the userspace side can come from all over the
place so it would be quite hard to track and downstream-patch to avoid
breakages.

This reverts commit a2f838d590.
2020-04-28 13:13:12 +02:00
Zbigniew Jędrzejewski-Szmek
c11428adf9 homectl: say "home area" in more places
Follow-up for b5947b5b10.
2020-04-28 09:56:24 +02:00
Zbigniew Jędrzejewski-Szmek
460e5af05d meson: test userdbctl and homectl --help 2020-04-28 09:56:24 +02:00
Zbigniew Jędrzejewski-Szmek
7009610ff5 userdbctl: make --help fit in 80 columns 2020-04-28 09:56:24 +02:00
Zbigniew Jędrzejewski-Szmek
6164ec4c93 meson: modernize indentation
By using a newline after executable( and run_target(, we get less
indentation and the indentation level does not change when the returned
object is saved to a variable.
2020-04-28 09:53:51 +02:00
Zbigniew Jędrzejewski-Szmek
7229ec02ab efivars: retry open and read operations
On my laptop (Lenovo X1carbo 4th) I very occasionally see test-boot-timestamps
fail with this tb:

262/494 test-boot-timestamps                    FAIL    0.7348453998565674 s (killed by signal 6 SIGABRT)

08:12:48 SYSTEMD_LANGUAGE_FALLBACK_MAP='/home/zbyszek/src/systemd/src/locale/language-fallback-map' SYSTEMD_KBD_MODEL_MAP='/home/zbyszek/src/systemd/src/locale/kbd-model-map' PATH='/home/zbyszek/src/systemd/build:/home/zbyszek/.local/bin:/usr/lib64/qt-3.3/bin:/usr/share/Modules/bin:/usr/condabin:/usr/lib64/ccache:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/home/zbyszek/bin:/var/lib/snapd/snap/bin' /home/zbyszek/src/systemd/build/test-boot-timestamps
--- stderr ---
Failed to read $container of PID 1, ignoring: Permission denied
Found container virtualization none.
Failed to get SystemdOptions EFI variable, ignoring: Interrupted system call
Failed to read ACPI FPDT: Permission denied
Failed to read LoaderTimeInitUSec: Interrupted system call
Failed to read EFI loader data: Interrupted system call
Assertion 'q >= 0' failed at src/test/test-boot-timestamps.c:84, function main(). Aborting.

Normally it takes ~0.02s, but here there's a slowdown to 0.73 and things fail with EINTR.
This happens only occasionally, and I haven't been able to capture a strace.

It would be to ignore that case in test-boot-timestamps or always translate
EINTR to -ENODATA. Nevertheless, I think it's better to retry, since this gives
as more resilient behaviour and avoids a transient failure.

See
https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L75
and
bef3efbeb8.
2020-04-28 09:00:25 +02:00
Ronan Pigott
4b6d94a1e5 shell-completion/zsh: update systemd-analyze completions 2020-04-27 08:40:15 +02:00
Haochen Tong
f5b3be308d zsh: fix disable/enable completion
The "preset" column introduced in
b01c1f305c breaks zsh completion for
systemctl disable/enable. Fix by ignoring everything after the last
space in a line.
2020-04-27 08:12:27 +02:00
Topi Miettinen
3c14dc61f7 tests: various small fixes for strict systems
Don't assume that 4MB can be allocated from stack since there could be smaller
DefaultLimitSTACK= in force, so let's use malloc(). NUL terminate the huge
strings by hand, also ensure termination in test_lz4_decompress_partial() and
optimize the memset() for the string.

Some items in /proc and /etc may not be accessible to poor unprivileged users
due to e.g. SELinux, BOFH or both, so check for EACCES and EPERM.

/var/tmp may be a symlink to /tmp and then path_compare() will always fail, so
let's stick to /tmp like elsewhere.

/tmp may be mounted with noexec option and then trying to execute scripts from
there would fail.

Detect and warn if seccomp is already in use, which could make seccomp test
fail if the syscalls are already blocked.

Unset $TMPDIR so it will not break specifier tests where %T is assumed to be
/tmp and %V /var/tmp.
2020-04-26 20:18:48 +02:00
Daan De Meyer
7b679a188e sd-bus: Cite sd_bus_creds_unref in sd_bus_get_name_creds docs 2020-04-25 10:01:18 +02:00
Dan Streetman
af5654d35c test-cgroup: skip if /sys/fs/cgroup unknown fs
It's not always mounted, e.g. during the build-time tests, it's running inside
a chroot (that's how Debian/Ubuntu build packages, in chroots) so this test
always fails because /sys/fs/cgroup isn't mounted.
2020-04-25 10:00:43 +02:00
Dan Streetman
0bc5f001db cgroup-util: check for SYSFS_MAGIC when detecting cgroup format
When nothing at all is mounted at /sys/fs/cgroup, the fs.f_type is
SYSFS_MAGIC (0x62656572) which results in the confusing debug log:

"Unknown filesystem type 62656572 mounted on /sys/fs/cgroup."

Instead, if the f_type is SYSFS_MAGIC, a more accurate message is:

"No filesystem is currently mounted on /sys/fs/cgroup."
2020-04-25 10:00:43 +02:00