1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

60487 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
9e11abe817
Merge pull request #25007 from keszybz/rename-dbus-dump
manager: rename dbus method
2022-10-18 11:34:16 +02:00
Ted X. Toth
29dbc62d74 manager: use target process context to set socket context
Use target process context to set socket context when using SELinuxContextFromNet
not systemd's context. Currently when using the SELinuxContextFromNet option for
a socket activated services, systemd calls getcon_raw which returns init_t and
uses the resulting context to compute the context to be passed to the
setsockcreatecon call. A socket of type init_t is created and listened on and
this means that SELinux policy cannot be written to control which processes
(SELinux types) can connect to the socket since the ref policy allows all
'types' to connect to sockets of the type init_t. When security accessors see
that any process can connect to a socket this raises serious concerns. I have
spoken with SELinux contributors in person and on the mailing list and the
consensus is that the best solution is to use the target executables context
when computing the sockets context in all cases.

[zjs review/comment:

This removes the branch that was added in 16115b0a7b.
16115b0a7b did two things: it had the branch here
in 'socket_determine_selinux_label()' and a code in 'exec_child()' to call
'label_get_child_mls_label(socket_fd, command->path, &label)'.

Before this patch, the flow was:
'''
mac_selinux_get_child_mls_label:
  peercon = getpeercon_raw(socket_fd);
  if (!exec_label)
     exec_label = getfilecon_raw(exe);

socket_open_fds:
  if (params->selinux_context_net)                 #
     label = mac_selinux_get_our_label();          #  this part is removed
  else                                             #
     label = mac_selinux_get_create_label_from_exe(path);
  socket_address_listen_in_cgroup(s, &p->address, label);

exec_child():
   exec_context = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context);
   setexeccon(exec_context);
'''
]
2022-10-18 11:31:22 +02:00
Zbigniew Jędrzejewski-Szmek
b08d86dc4a analyze: use DumpUnitsMatchingPatternsByFileDescriptor
Similarly to DumpByFileDescriptor vs Dump,
DumpUnitsMatchingPatternsByFileDescriptor is used in preference. Dissimilarly,
a fallback to DumpUnitsMatchingPatterns is not done on error, because there is
no need for backwards compatibility.

The code is still more verbose than I'd like, but there are four different code
paths with slightly different rules in each case, so it's hard to make this all
very brief. Since we have a separate file dedicated to making those calls, the
verbose-but-easy-to-follow implementation should be OK.

Closes #24989.

I only did a quick test that all both variants works locally and over ssh.
2022-10-18 08:45:45 +02:00
Zbigniew Jędrzejewski-Szmek
8ff92848a6
Merge pull request #24777 from medhefgo/stub
stub: Use LoadImage/StartImage
2022-10-18 07:36:20 +02:00
Luca Boccassi
6a0907b8a3
Merge pull request #25035 from keszybz/manager-method-names
Manager method names
2022-10-17 23:11:13 +02:00
Frantisek Sumsal
3113ae1f2b test: call sync() before checking the test logs
Otherwise we might hit a race where we read the test log just before
it's fully written to the disk:

```
======================================================================
FAIL: test_interleaved (__main__.ExecutionResumeTest.test_interleaved)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/systemd/test/test-exec-deserialization.py", line 170, in test_interleaved
    self.check_output(expected_output)
  File "/root/systemd/test/test-exec-deserialization.py", line 111, in check_output
    self.assertEqual(output, expected_output)
AssertionError: 'foo\n' != 'foo\nbar\n'
  foo
+ bar
```

With some debug:
```
test_interleaved (__main__.ExecutionResumeTest.test_interleaved) ...
Assertion failed; file contents just after the assertion:
b'foo\n'

File contents 5 seconds later:
b'foo\nbar\n'
FAIL
```

Seen quite often in CentOS CI on the fast baremetal machines.
2022-10-17 20:24:24 +00:00
Luca Boccassi
61938b3c8d
Merge pull request #25039 from mrc0mmand/test-tewaks
A couple of minor tweaks for recent CI fails
2022-10-17 21:52:00 +02:00
Zbigniew Jędrzejewski-Szmek
725a28fe77
Merge pull request #24992 from yuwata/sd-device-monitor-receive-buffer
sd-device-monitor: dynamically allocate receive buffer
2022-10-17 20:49:18 +02:00
Lennart Poettering
15f9a1525f man: add missing reference to systemd-pcrphase-sysinit.service 2022-10-17 17:12:45 +02:00
Luca Boccassi
7a329f2bac
Merge pull request #25036 from keszybz/plurals
Remove usage of "noun(s)" in messages and docs
2022-10-17 17:12:16 +02:00
David Edmundson
9739bcfd85 xdg-autostart-service: Add comments to tilde expansion, use path_join()
Follow-ups for https://github.com/systemd/systemd/pull/24658
2022-10-17 16:42:39 +02:00
Daan De Meyer
f87338fa26 Update TODO 2022-10-17 16:10:42 +02:00
Daan De Meyer
0aa1d40649 mkosi: Switch to Fedora 37
Official release date is close so let's switch mkosi CI to it already.
2022-10-17 16:02:16 +02:00
Zbigniew Jędrzejewski-Szmek
02df2981b5 meson: drop repeated output in error message 2022-10-17 15:10:53 +02:00
Zbigniew Jędrzejewski-Szmek
0923b4253c tree-wide: replace "plural(s)" by "plurals"
(s) is just ugly with a vibe of DOS. In most cases just using the normal plural
form is more natural and gramatically correct.

There are some log_debug() statements left, and texts in foreign licenses or
headers. Those are not touched on purpose.
2022-10-17 15:10:53 +02:00
Zbigniew Jędrzejewski-Szmek
f6cce15bb3 manager: add DumpUnitsMatchingPatternsByFileDescriptor() 2022-10-17 15:00:53 +02:00
Frantisek Sumsal
c0c03d9ce1 test: use SIGKILL to kill the container if necessary
TEST-69 uses a Python wrapper around the systemd-nspawn call, which on
error calls the `spawn.terminate()` method. However, with no arguments
it will only use SIGHUP and SIGINT signals - this might leave a stuck
container around, causing fails if the test is run again. With `force=True`
SIGKILL is used as well (if necessary).
2022-10-17 15:00:12 +02:00
Yu Watanabe
69363f13b5 test: add test for large uevent message 2022-10-17 21:52:35 +09:00
Jan Janssen
09da51f8e9 boot: Rework shim image verification
This moves the shim security arch override to the new
ReinstallProtocolInterface based interface. This also has the benefit to
reduce the time window in which we have this override active and also
actually removes it, which was not previously done.

The shim hooks themselves are also modernized too. The upcalls should
really not be neccessary if shim is happy with the provided binary.
2022-10-17 14:49:11 +02:00
Yu Watanabe
efbd4b3ca8 sd-device-monitor: dynamically allocate receive buffer
If udevd broadcasts a processed device with huge amount of properties,
then clients cannot receive the device.

Fixes #24987.
2022-10-17 21:49:08 +09:00
Jan Janssen
6731a102da stub: Allow loading unsigned kernel images 2022-10-17 14:48:28 +02:00
Jan Janssen
0e3c374e8c boot: Use proper security arch protocol names
This is how the Platform Intregration Specification defines these.
2022-10-17 14:47:42 +02:00
Jan Janssen
dcde6ae165 boot: Remove unused parameters from pe_kernel_info
Only the compat entry address is used now. This also now only returns
the compat entry address. If the image is native we do not need to try
calling into the entry address again as we would already have done so
from StartImage (and failed).
2022-10-17 14:47:42 +02:00
Jan Janssen
a529d8182e stub: Use LoadImage/StartImage to start the kernel
This is the proper way to start any EFI binary. The fact this even ever
worked was because the kernel does not have any PE relocations.

The only downside is that the embedded kernel image has to be signed and
trusted by the firmware under secure boot. A future commit will try to
deal with that.
2022-10-17 14:47:39 +02:00
Jan Janssen
bfc075fa6b stub: Rename image parameter
This is really the parent image for the kernel that is to be run.
Renaming it as such prevents confusion with any image handles that are
about to be created.
2022-10-17 14:41:26 +02:00
Frantisek Sumsal
e6bd46a62c test: drop one layer of escaping 2022-10-17 14:38:00 +02:00
Frantisek Sumsal
6f255fe191 test: ignore gcov errors in TEST-34
TEST-34 complains in `test_check_writable` when running with gcov, as
the build directory tree is not writable with DynamicUser=true. As I had
no luck with $GCOV_PREFIX and other runtime gcov configuration, let's
just ignore the gcov errors for this test.
2022-10-17 14:31:25 +02:00
Lennart Poettering
714c586943 cryptsetup: drop redundant parens/drop ternary op
A ternary op is a bit weird to use if we end up assigning a variable to
itself in one of the branches. Hence use a plain if check.
2022-10-17 13:52:54 +02:00
Zbigniew Jędrzejewski-Szmek
e2d4456f43 man: fix method name 2022-10-17 13:50:17 +02:00
Zbigniew Jędrzejewski-Szmek
535b7fcb44 core: simplify the return convention in manager_load_unit()
This function was returning 0 or 1 on success. It has many callers, and it
wasn't clear if any of them care about the distinction. It turns out they don't
and the return values were done for convenience because manager_load_unit_prepare()
returns 0 or 1. Let's invert the code in the static function to follow the usual
pattern where 0 means "no work was done" and 1 means "work was done", and make
the non-static function always return 0 to make the code easier to read, and
also add comments that explain what is happening.

No functional change.
2022-10-17 13:50:16 +02:00
Zbigniew Jędrzejewski-Szmek
4b6a2b3f58 core: modernize style of return param naming 2022-10-17 13:50:16 +02:00
Zbigniew Jędrzejewski-Szmek
c39d018774
Merge pull request #24919 from anitazha/varlinkserialize
varlink/pid1 fixes for systemd-oomd (addresses #20330)
2022-10-17 13:44:28 +02:00
Zbigniew Jędrzejewski-Szmek
70427ec553
Merge pull request #24986 from keszybz/news-systemd-measure
NEWS: rework the description of systemd-measure a bit again
2022-10-17 13:24:07 +02:00
Lennart Poettering
8d9295bbf5 pcrphase: fix --help text
We don't take a command, we just take a "word" which we'll extend into
PCR 11.
2022-10-17 12:39:33 +02:00
Lennart Poettering
047273e6e8 pcrphase: add two additional phases
This adds two more phases to the PCR boot phase logic: "sysinit" +
"final".

The "sysinit" one is placed between sysinit.target and basic.target.
It's good to have a milestone in this place, since this is after all
file systems/LUKS volumes are in place (which sooner or later should
result in measurements of their own) and before services are started
(where we should be able to rely on them to be complete).

This is particularly useful to make certain secrets available for
mounting secondary file systems, but making them unavailable later.

This breaks API in a way (as measurements during runtime will change),
but given that the pcrphase stuff wasn't realeased yet should be OK.
2022-10-17 12:09:43 +02:00
Quentin Deslandes
961549ab41 tests: add nspawn's rootidmap integration test
Add integration test to testsuite-13.sh to ensure rootidmap option map
user IDs as expected.
2022-10-17 12:01:50 +02:00
Luca Boccassi
42fadfb168
Merge pull request #24938 from msizanoen1/journald-harden-clock-jump
journald: harden against forward clock jumps before unclean shutdown
2022-10-17 12:00:02 +02:00
Luca Boccassi
6d4f55f3eb
Merge pull request #25003 from DaanDeMeyer/mkosi-fixes
mkosi: Add Centos Stream 8 back to CI
2022-10-17 11:36:55 +02:00
Lennart Poettering
c868e95ebb update TODO 2022-10-17 11:21:00 +02:00
Daan De Meyer
71205f972b mkosi: Add Centos Stream 8 back to CI
We can build all of systemd's features again on CentOS Stream 8, so
let's add it back to CI.
2022-10-17 08:45:57 +02:00
Daan De Meyer
6afeac1dd6 mkosi: Make sure bpf-framework works on CentOS Stream 8 as well 2022-10-17 08:45:48 +02:00
Daan De Meyer
afd22e3219 README: Fix libbpf minimum version
This didn't get properly updated as part of #24511
2022-10-17 08:45:16 +02:00
Daan De Meyer
3632e90c85 mkosi: Reenable bpf-framework
This got changed by mistake by #24511. Since we still support the
same libbpf version, we can keep this enabled everywhere.
2022-10-17 08:45:16 +02:00
Daan De Meyer
3f5225d7f3 qrcode-util: Add support for libqrencode 3.0
They didn't actually change API between major versions, so let's
support the previous version as well so we can add CentOS 8 Stream
back to CI.
2022-10-17 08:45:16 +02:00
Jan Janssen
d388f3d723 stub: Fix booting with old kernels
This fixes a regression introduced in e1636807 that removed setting this
value as it seemingly was not used by the kernel and would actively
break above 4G boots. But old kernels (4.18 in particular) will not boot
properly if it is not filled out by us.
The original issue was using the truncated value to then jump into the
kernel entry point, which we do not do anymore. So setting this value
again on newer kernels is fine.
2022-10-17 08:43:01 +02:00
Lennart Poettering
235ae69cbe gpt-auto: rename all functions that operate on a DissectedPartition object add_partition_xyz()
The function for handling regular mounts based on DissectedPartition
objects is called add_partition_mount(), so let's follow this scheme for
all other functions that handle them, too. This nicely separates out the
low-level functions (which get split up args) from the high-level
functions (which get a DissectedPartition object): the latter are called
add_partition_xyz() the former just add_xyz().

This makes naming a bit more systematic. No change in behaviour.
2022-10-17 08:07:58 +02:00
Lennart Poettering
e8ede6f57e generator: modernize generator_open_unit_file() 2022-10-17 08:06:55 +02:00
Lennart Poettering
06648fa991 gpt-auto-generator: use our usual ret_xyz parameter naming 2022-10-17 08:05:05 +02:00
Lennart Poettering
346a4e3db8 man: mention that pcrphase also measures into PCR 11 2022-10-17 08:02:53 +02:00
Lennart Poettering
b6fd88a511 cryptsetup: use errno-flavoured logging where we have an errno 2022-10-17 08:02:03 +02:00