1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Commit Graph

56035 Commits

Author SHA1 Message Date
Cristian Rodríguez
7b9fb27c67 resolve: dns_server_feature_level_*_string type is DnsServerFeatureLevel
gcc 13 -Wenum-int-mismatch reminds us that enum != int

(cherry picked from commit e14afe31c3)
(cherry picked from commit ba5f7915d2)
(cherry picked from commit 85ad47e172)
2023-01-28 00:50:04 +00:00
Cristian Rodríguez
1d9065d15e journal-remote: code is of type enum MHD_RequestTerminationCode
Fixes gcc 13 -Wenum-int-mismatch which are enabled by default.

(cherry picked from commit aa70dd624b)
(cherry picked from commit b1b7667a44)
(cherry picked from commit ecb0b018d2)
2023-01-28 00:50:04 +00:00
Guillaume W. Bres
2ced9167eb basic/missing_loop.h: fix missing lo_flags LO_FLAGS_DIRECT_IO
(cherry picked from commit b3fe33ff52)
2023-01-22 22:27:51 +01:00
Yu Watanabe
e7e63274fb basic/missing: move BLKGETDISKSEQ to missing_fs.h
As it is defined at linux/fs.h.

(cherry picked from commit 2076612f84)
2023-01-22 22:27:51 +01:00
Zbigniew Jędrzejewski-Szmek
3a51b2a7f1 Revert "generator: Rename password arg"
This reverts commit 96a958bc61.

This patch was pulled in only to support the now-reverted child.
2022-12-22 17:32:05 +01:00
Zbigniew Jędrzejewski-Szmek
f6d9f2ddbe Revert "cryptsetup: support keyfile-timeout for using a device as the key file"
This reverts commit 64f0e53851.

On Wed, Dec 21, 2022 at 06:19:08PM +0100, Marius Schwarz wrote:
> That patch made things worse and is disfunctional for both, usb drive and
> password.
>
> No idea if more patches are needed, but this build does not unlock a drive
> at all, if usb is configured.

(cherry picked from commit 253cc95c64)
2022-12-22 17:32:00 +01:00
Chih-Hsuan Yen
95088adc66 cryptsetup: support keyfile-timeout for using a device as the key file
Closes https://github.com/systemd/systemd/issues/21993

(cherry picked from commit 7aa0b0121e)
2022-12-21 15:36:50 +01:00
Jan Janssen
96a958bc61 generator: Rename password arg
This function does not expect a password, but a key file path. The
cryptsetup helper binary even calls it that.

No Code changes.

Follow up on: 6e41f4dd91
Fixes: https://github.com/systemd/systemd/security/code-scanning/81

(cherry picked from commit b7de9651db)
2022-12-21 15:36:44 +01:00
Zbigniew Jędrzejewski-Szmek
c5d344ea8b coredump: cescape invalid json data before logging
In both cases, the json string is short, so we can print it, which is useful
for diagnosing invalid data in packages. But we need escape non-printable
characters.

https://bugzilla.redhat.com/show_bug.cgi?id=2152685

I went over the rest of the codebase, and it seems that other calls to
json_parse() don't have this problem.

(cherry picked from commit c5966ab5bf)
(cherry picked from commit 57ab4e2d47)
(cherry picked from commit 6208326afb)
2022-12-20 19:44:28 +01:00
Zbigniew Jędrzejewski-Szmek
1d5e0e9910 coredump: do not allow user to access coredumps with changed uid/gid/capabilities
When the user starts a program which elevates its permissions via setuid,
setgid, or capabilities set on the file, it may access additional information
which would then be visible in the coredump. We shouldn't make the the coredump
visible to the user in such cases.

Reported-by: Matthias Gerstner <mgerstner@suse.de>

This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
PROC_AUXV. Before the coredump is submitted, it is parsed and if either
at_secure was set (which the kernel will do for processes that are setuid,
setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
is not made accessible to the user. If we can't access this data, we assume the
file should not be made accessible either. In principle we could also access
the auxv data from a note in the core file, but that is much more complex and
it seems better to use the stand-alone file that is provided by the kernel.

Attaching auxv is both convient for this patch (because this way it's passed
between the stages along with other fields), but I think it makes sense to save
it in general.

We use the information early in the core file to figure out if the program was
32-bit or 64-bit and its endianness. This way we don't need heuristics to guess
whether the format of the auxv structure. This test might reject some cases on
fringe architecutes. But the impact would be limited: we just won't grant the
user permissions to view the coredump file. If people report that we're missing
some cases, we can always enhance this to support more architectures.

I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
ppc64el, but not the whole coredump handling.

(cherry picked from commit 3e4d0f6cf9)
(cherry picked from commit 9b75a3d050)
(cherry picked from commit efca5283dc)
2022-12-20 19:18:20 +01:00
Zbigniew Jędrzejewski-Szmek
45d323fc88 coredump: adjust whitespace
(cherry picked from commit 510a146634)
(cherry picked from commit cc2eb7a9b5)
(cherry picked from commit cb044d734c)
2022-12-20 19:17:53 +01:00
Yu Watanabe
be8d4dfc2e sd-device-monitor: dynamically allocate receive buffer
If udevd broadcasts a processed device with huge amount of properties,
then clients cannot receive the device.

Fixes #24987.

(cherry picked from commit efbd4b3ca8)
(cherry picked from commit cf21555d6d)
2022-11-04 13:09:21 +01:00
Frantisek Sumsal
de218255b6 man: use the correct 'Markers' property name for marking units
Follow-up to c9615f7352 and 70666e28a1.

(cherry picked from commit 1ca1bb03de)
(cherry picked from commit ee42e84968)
2022-11-04 13:09:21 +01:00
Yu Watanabe
a256d9f790 network: forcibly reconfigure all interfaces after sleep
Previously, interfaces are partially reconfigured in a spurious way.
Let's use the same way as `networkctl reconfigure`.

Hopefully fixes #14987 and #24997.

(cherry picked from commit a39a9ac806)
(cherry picked from commit 7eefd2fbb7)
2022-11-04 13:09:21 +01:00
Youfu Zhang
d14ba5808e resolved: fix typo in feature level table
(cherry picked from commit 2ab0042854)
(cherry picked from commit 66fa6110ba)
2022-11-04 13:09:21 +01:00
Lennart Poettering
bc3e925508 resolved: fix copypasta in resolved varlink API
As reported by @holtmann

(cherry picked from commit 6032283b2f)
(cherry picked from commit d94f197818)
2022-11-04 13:09:21 +01:00
Yu Watanabe
49d7fee24f udev: always create device symlinks for USB disks
Previously, ata_id might not be able to retrieve attributes correctly,
and properties from usb_id were used as a fallback. See issue #24921
and PR #24923. To keep backward compatibility, still we need to create
symlinks based on USB serial.

Fixes #25179.

(cherry picked from commit 479da1107a)
(cherry picked from commit b61fcaca1b)
2022-11-04 13:09:21 +01:00
Steve Ramage
7bc34e7f55 man: Add documentation for AssertCredential= (#25178)
Fixes #25177.

Co-authored-by: Steve Ramage <gitcommits@sjrx.net>
(cherry picked from commit 1d87f03a6e)
(cherry picked from commit 6fc2f387af)
2022-11-04 13:09:21 +01:00
Nick Rosbrook
fd95ed0f3b man: document reboot --poweroff exception
When reboot is invoked, the -p/--poweroff option is intentionally
ignored. Update the man page to reflect this exception.

(cherry picked from commit 6dfaeac370)
(cherry picked from commit c339e8d71b)
2022-11-04 13:09:21 +01:00
Yu Watanabe
1ac92e294f network: allow 0 for table number
Fixes #25089.

(cherry picked from commit 513bed294e)
(cherry picked from commit 91b8491e97)
2022-11-04 13:09:21 +01:00
Yu Watanabe
bd3a197ad1 network: Table= also accepts table name
(cherry picked from commit 29de4f7304)
(cherry picked from commit 3f94f03389)
2022-11-04 13:09:21 +01:00
Lennart Poettering
80bbb1ce70 analyze: add --image= + --root= to --help text
(cherry picked from commit 9f5b68d6b7)
(cherry picked from commit bdd84e82e5)
2022-11-04 13:09:21 +01:00
Jan Janssen
ec35091c8a meson: Fix build with --optimization=plain
Note that -O0 is deliberately filtered out as we have to compile with at
least -O1 due to #24202.

Fixes: #24323
(cherry picked from commit 7aa4762ce2)
(cherry picked from commit 23d66a03de)
2022-11-04 13:09:21 +01:00
Zbigniew Jędrzejewski-Szmek
1a09fb995e manager: allow transient units to have drop-ins
In https://github.com/containers/podman/issues/16107, starting of a transient
slice unit fails because there's a "global" drop-in
/usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by
systemd-oomd-defaults package to install some default oomd policy). This means
that the unit_is_pristine() check fails and starting of the unit is forbidden.

It seems pretty clear to me that dropins at any other level then the unit
should be ignored in this check: we now have multiple layers of drop-ins
(for each level of the cgroup path, and also "global" ones for a specific
unit type). If we install a "global" drop-in, we wouldn't be able to start
any transient units of that type, which seems undesired.

In principle we could reject dropins at the unit level, but I don't think that
is useful. The whole reason for drop-ins is that they are "add ons", and there
isn't any particular reason to disallow them for transient units. It would also
make things harder to implement and describe: one place for drop-ins is good,
but another is bad. (And as a corner case: for instanciated units, a drop-in
in the template would be acceptable, but a instance-specific drop-in bad?)

Thus, $subject.

While at it, adjust the message. All the conditions in unit_is_pristine()
essentially mean that it wasn't loaded (e.g. it might be in an error state),
and that it doesn't have a fragment path (now that drop-ins are acceptable).
If there's a job for it, it necessarilly must have been loaded. If it is
merged into another unit, it also was loaded and found to be an alias.
Based on the discussion in the bugs, it seems that the current message
is far from obvious ;)

Fixes https://github.com/containers/podman/issues/16107,
https://bugzilla.redhat.com/show_bug.cgi?id=2133792.

(cherry picked from commit 1f83244641)
(cherry picked from commit 98a45608c4)
2022-11-04 13:09:21 +01:00
Zbigniew Jędrzejewski-Szmek
5ede3388c5 manager: reformat boolean expression in unit_is_pristine()
Not not IN_SET(…) is just too much for my poor brain. Let's invert
the expression to make it easier to undertand.

(cherry picked from commit b146a7345b)
(cherry picked from commit 228cd82d2c)
2022-11-04 13:09:21 +01:00
Yu Watanabe
33fb3a9d0d network/bridge: fix UseBPDU= and AllowPortToBeRoot=
Fixes bugs caused by 7f9915f0de.

Fixes #24268.

(cherry picked from commit 3f504b892b)
(cherry picked from commit 06dc900efa)
2022-11-04 13:09:21 +01:00
Lennart Poettering
a8675fa1b5 homed: properly initialize all return params
(cherry picked from commit 3b1494ad70)
(cherry picked from commit b0972e4df0)
2022-11-04 13:09:21 +01:00
Zbigniew Jędrzejewski-Szmek
2220f8d28a meson: always use libatomic if found
Semi-quoting https://github.com/systemd/systemd/issues/25057:

clang-16 has made the choice to turn on -Werror=implicit-function-declaration,implicit-int.
(See Gentoo's tracker bug https://bugs.gentoo.org/870412).
Added in commit 132c73b57a, systemd now does a
check to see if libatomic is needed with some compile/link tests with e.g.
__atomic_exchange_1, but the tests don't provide a prototype for
__atomic_exchange_1 so with clang-16 the test fails, breaking the build.

Let's simplify things by linking to libatomic unconditionally if it is found
and seems to work. If actually unneeded, it might be dropped via --as-needed.
This seems to work with gcc and clang.

declare_dependency() is used instead of cc.find_library(), because the latter
picks up a symlink in gcc private directory (e.g.
/usr/lib/gcc/x86_64-redhat-linux/12/libatomic.so), and we don't want that.

Fixes #25057.

(cherry picked from commit 96f8c63601)
(cherry picked from commit d61ccd0252)
2022-11-04 13:09:21 +01:00
Antonio Alvarez Feijoo
c7861e39a6 bash-completion: add systemd-dissect support
(cherry picked from commit 808ec9df38)
(cherry picked from commit 73d1dc665b)
2022-11-04 13:09:21 +01:00
Antonio Alvarez Feijoo
ddceb9ddd1 dissect: add missing --umount to the help output
(cherry picked from commit 1b967529d2)
(cherry picked from commit d89e9993d2)
2022-11-04 13:09:21 +01:00
Zbigniew Jędrzejewski-Szmek
6cd8cc6fab coredump: avoid deadlock when passing processed backtrace data
We would deadlock when passing the data back from the forked-off process that
was doing backtrace generation back to the coredump parent. This is because we
fork the child and wait for it to exit. The child tries to write too much data
to the output pipe, and and after the first 64k blocks on the parent because
the pipe is full. The bug surfaced in Fedora because of a combination of four
factors:
- 87707784c7 was backported to v251.5, which
  allowed coredump processing to be successful.
- 1a0281a3eb was NOT backported, so the output
  was very verbose.
- Fedora has the ELF package metadata available, so a lot of output can be
  generated. Most other distros just don't have the information.
- gnome-calendar crashes and has a bazillion modules and 69596 bytes of output
  are generated for it.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778.

The code is changed to try to write data opportunistically. If we get partial
information, that is still logged. In is generally better to log partial
backtrace information than nothing at all.

(cherry picked from commit 076b807be4)
(cherry picked from commit 087cbfd936)
2022-11-04 13:09:21 +01:00
Zbigniew Jędrzejewski-Szmek
aab707b22d shared/json: use different return code for empty input
It is useful to distinguish if json_parse_file() got no input or invalid input.
Use different return codes for the two cases.

(cherry picked from commit 87a16eb8b5)
(cherry picked from commit ab587aaf8e)
2022-11-04 13:09:21 +01:00
Zbigniew Jędrzejewski-Szmek
1c40f074fa shared/json: allow json_variant_dump() to return an error
(cherry picked from commit 7922ead507)
(cherry picked from commit 219272f7b2)
2022-11-04 13:09:21 +01:00
Lennart Poettering
e797ec736d man: document restrictions on naming interfaces
Let's document that "." is a bad choice of character when naming
interfaces. Let's also document the hard restrictions we make when
naming interfaces.

Result of the mess that is #25052.

(cherry picked from commit 8f598a4635)
(cherry picked from commit d1066f33b5)
2022-11-04 13:09:21 +01:00
Daan De Meyer
bad202a76c qrcode-util: Add support for libqrencode 3.0
They didn't actually change API between major versions, so let's
support the previous version as well so we can add CentOS 8 Stream
back to CI.

(cherry picked from commit 3f5225d7f3)
(cherry picked from commit e2a07cdac6)
2022-11-04 13:09:21 +01:00
Celeste Liu
b81d1613ad seccomp: add riscv_flush_icache to allow list
This system call is harmless because it only enforces ordering between stores
and instruction cache fetch.

fixed #24991
Related: https://github.com/felixonmars/archriscv-packages/issues/1840

Signed-off-by: Celeste Liu <CoelacanthusHex@gmail.com>
(cherry picked from commit 09925036cf)
(cherry picked from commit 8be601f7ef)
2022-11-04 13:09:21 +01:00
Michael Biebl
c622de4c9d logind: fix getting property OnExternalPower via D-Bus
The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third
argument, so we need to call manager_is_on_external_power(). Otherwise
the function pointer is interpreted as a boolean and always returns
true:

```
$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower
b true
$ /lib/systemd/systemd-ac-power  --verbose
no
```

Thanks: Helmut Grohne <helmut@subdivi.de>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644
(cherry picked from commit 63168cb517)
(cherry picked from commit 3028e05955)
2022-11-04 13:09:20 +01:00
Zbigniew Jędrzejewski-Szmek
4ddeea92fa shared/condition: avoid nss lookup in PID1
PID 1 is not allowed to do nss lookups because this may take a long time or
even deadlock.

While at it, the comparisons are reordered to do the "easy" comparisons which
only require a string comparison first. Delay parsing of the UID until it is
really necessary. The result is the same, because we know that "root" and
"nobody" parse as valid.

(cherry picked from commit 734f96b849)
(cherry picked from commit 5da595db39)
2022-11-04 13:09:20 +01:00
Yu Watanabe
5a9738b46e test: add more tests for StateDirectory= with DynamicUser=
This also moves the check for writable paths from test-execute to TEST-34.

Closes #10337.

(cherry picked from commit f01f70a9a3)
(cherry picked from commit 40053e60f5)
2022-11-04 13:09:20 +01:00
Yu Watanabe
ef3ef05f39 core: do not create symlink to private directory if parent already exists
The very basic functinality of StateDirectory= or friends is creating
specified directories. That should work if one entry is a subdirectory
of another. However, it does not when combined with DynamicUser=yes.

To support such case, this adds ExecDirectoryItem.only_create flag, and
if it is set PID1 only create private directory, and not create the symlink
to the private directory.

Fixes #24783.

(cherry picked from commit a2ab603cc4)
(cherry picked from commit 0ba2e4bb69)
2022-11-04 13:09:20 +01:00
Yu Watanabe
bfe7236f55 core: make exec_directory_add() extends existing symlinks
Follow-up for 211a3d87fb.

Previously, although ExecDirectoryItem.symlinks is strv, it always
contains at most one symlink.

(cherry picked from commit 564e5c9878)
(cherry picked from commit 1de3cb97ee)
2022-11-04 13:09:20 +01:00
Yu Watanabe
950aa1d702 sd-ndisc: ignore failure in sending solicitation
Even if a bonding master interface has carrier, the underlying slave
interfaces may not. In such a case, sending solicitation fails with
-ENOBUS. Here, let's unconditionally ignore errors, as anyway we will
send a solicitation later.

Fixes #24717.

(cherry picked from commit 852bf93826)
(cherry picked from commit d7b83b9986)
2022-11-04 13:09:20 +01:00
Zbigniew Jędrzejewski-Szmek
1316666e98 analyze: add forgotten return statement
We would fail with an assert in sd_bus_message_enter_container() afterwards.

(cherry picked from commit 5475e963c5)
(cherry picked from commit e0ba044985)
2022-11-04 13:09:20 +01:00
Zbigniew Jędrzejewski-Szmek
c54086dad8 basic/log: include the log syntax callback in the errno protection block
In general, log_syntax_internal() must keep errno unchanged. But the
call to log_syntax_callback() was added outside of the block protected
by PROTECT_ERRNO.

(cherry picked from commit 6b7834fe5d)
(cherry picked from commit 40742ac74f)
2022-11-04 13:09:20 +01:00
Zbigniew Jędrzejewski-Szmek
fa93c572f7 logind: do not emit beep in wall messages
Those may go via the PC speaker, which is annoying and unexpected.
Most people have it off, so this doesn't work reliably anyway, so we can
disable it without much loss.

Fixes #23520.

(cherry picked from commit ef3458cd5d)
(cherry picked from commit 3e38c39600)
2022-11-04 13:09:20 +01:00
Yu Watanabe
6475b8902f udev: drop assertion which is always false
Fixes a bug introduced by 67c3e1f63a.

Fixes #24945.

(cherry picked from commit 6209bbbd4b)
(cherry picked from commit bf13ffec59)
2022-11-04 13:09:20 +01:00
anarcat
f7d1325f3c man/shutdown: document how to switch to single-user mode
Before Debian switched to systemd, `shutdown now` would reset the system into
single user mode, doing roughly the equivalent of `telinit 1`.

Now, systemd's `shutdown` command does not behave that way; it defaults to
`poweroff` which might be confusing for users (like me) used to the previous
method.

Because I don't use the command often, I keep being stumped by this behavior,
and every time I look at the `shutdown(1)` manpage, I don't understand why I
can't find what I am looking for. This patch should make sure that people like
me find their way back to some sort of reason.

Maybe the *proper* way to fix this would be to restore the more classic
behavior, but I'm definitely not going to climb that hill. Besides, I clearly
remember the time I found out about the `shutdown` command and was *really*
confused when it brought me back to a command-line prompt. That was really
counter-intuitive and I find that change to actually be a good thing. So I'm
not proposing to change this behavior, merely document it better.

I originally added this to the `-P` option but it was suggested adding a new
`COMPATIBILITY` section instead, where other such issues could be added.

The `COMPATIBILITY` section is not actually officially documented. `man(1)`
talks about a `CONFORMING TO` section, but `shutdown(1)` is not
POSIX (`shutdown(2)` is, of course), so there's no actual standard on how this
should work.

The other option I considered was to add a `BUGS` section, but that seemed to
inflammatory, and definitely counter-productive.

(cherry picked from commit 9aafd310cc)
(cherry picked from commit 78a8e938e4)
2022-11-04 13:09:20 +01:00
Arnaud Ferraris
b1881b45b7 repart: always honour --discard=no
Currently, even if `--discard=no` is passed to `systemd-repart`, the
`context_discard_gap_after()` function still runs normally, discarding
e.g. all blocks between the GPT and the start of the first partition.

This can lead to issues on some embedded devices, where this space
holds the bootloader and shouldn't be modified (creating a protective
partition there is not always possible due to the specifics of the boot
process of some ARM-based SoC's).

This commit ensures passing `--discard=no` would be enough to ensure
the bootloader isn't wiped in such cases.

Signed-off-by: Arnaud Ferraris <arnaud.ferraris@gmail.com>
(cherry picked from commit 5113436b05)
(cherry picked from commit 4abc5b2cfe)
2022-11-04 13:09:20 +01:00
Jacek Migacz
6d6e6a6be1 resolve: unsupported DNSSEC algorithms are considered INSECURE; not BOGUS
Resolves: #19824
(cherry picked from commit 1ca3600120)
(cherry picked from commit e91ea65aba)
2022-11-04 13:09:20 +01:00
Jonas Kümmerlin
f3869ed8df generator: skip fsck if fsck command is missing
This is useful for systems which don't have any fsck.

We already skip emitting the fsck dependency when the fsck.$fstype helper
is missing, but fstab-generator doesn't necessarily know the fstype when
handling the root= parameter.

Previously, systemd-fsck was started for these mounts and then exited
immediately because it couldn't find the fsck.$fstype helper.

(cherry picked from commit 1355672437)
(cherry picked from commit 73db7d9932)
2022-11-04 13:09:20 +01:00