1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-11 05:17:44 +03:00
Commit Graph

50062 Commits

Author SHA1 Message Date
Lennart Poettering
bef1e1a066 update TODO 2021-03-09 23:20:53 +01:00
Lennart Poettering
9813d8354c fs-util: port symlink_idempotent() to path_extract_directory() 2021-03-09 14:37:23 +00:00
Zbigniew Jędrzejewski-Szmek
9ca6d78061 logind: add …WithFlags methods to policy
Without this, privilege escalation through polkit does not work, because all
methods fail with permission errors.

Forgotten in 8885fed4e3.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1933335.
2021-03-09 14:37:08 +00:00
simmon
e2dba58930 po: Translated using Weblate (Korean)
Currently translated at 87.3% (165 of 189 strings)

Co-authored-by: simmon <simmon@nplob.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/ko/
Translation: systemd/main
2021-03-09 14:14:33 +01:00
Luca Boccassi
1d2e9c48e5
Merge pull request #18930 from anitazha/oomdfixleak
oomd: fix memory leak
2021-03-09 11:37:10 +00:00
Anita Zhang
50c0578b61 oomd: wrap paths in oomd_insert_cgroup_context with empty_to_root 2021-03-09 09:23:22 +01:00
Yu Watanabe
2eaed57bd4
Merge pull request #18932 from poettering/filename-max
Drop use of FILENAME_MAX
2021-03-09 14:15:49 +09:00
Zbigniew Jędrzejewski-Szmek
03a81441b1 timedated: fix skipping of comments in config file
Reading file '/usr/lib/systemd/ntp-units.d/80-systemd-timesync.list'
Failed to add NTP service "# This file is part of systemd.", ignoring: Invalid argument
Failed to add NTP service "# See systemd-timedated.service(8) for more information.", ignoring: Invalid argument

:(
2021-03-09 14:04:21 +09:00
Luca Boccassi
a2aa51b740
Merge pull request #18927 from poettering/dissect-alloca-fix
dissect-image: don't mix two forms of stack allocation in one line
2021-03-08 22:42:55 +00:00
Anita Zhang
45da27fa05 oomd: move TAKE_PTR to end of oomd_insert_cgroup_context()
Fixes #18926
2021-03-08 14:37:15 -08:00
Anita Zhang
399d80ba8c oomd: add unit test to repro #18926 2021-03-08 14:36:24 -08:00
Lennart Poettering
698660620d test: output FILENAME_MAX vs. PATH_MAX sizes
Also, make sure our assumption that FILENAME_MAX == PATH_MAX holds.
2021-03-08 22:52:04 +01:00
Lennart Poettering
445714569d mountpoint-util: replace our last use of FILENAME_MAX by PATH_MAX 2021-03-08 22:47:55 +01:00
Lennart Poettering
db22003233 fs-util: replace use of FILENAME_MAX by PATH_MAX in readlinkat_malloc()
While we are at it, let's also add an overflow check and do other
modernizations.
2021-03-08 22:47:51 +01:00
Lennart Poettering
932401fd61 docs: reference NAME_MAX where we talk about filenames 2021-03-08 22:47:48 +01:00
Lennart Poettering
b775b1828d docs: document not to use FILENAME_MAX in our codebase
It's a weird thing. Let's explain why.
2021-03-08 22:47:44 +01:00
Lennart Poettering
f470d234d3 efi-loader: make efi_loader_entry_name_valid() check a bit stricter
Previously we'd just check if the ID was no-empty an no longer than
FILENAME_MAX. The latter was probably a mistake, given the comment next
to it. Instead of fixing that to check for NAME_MAX let's instead  just
switch over to filename_is_valid() which odes a similar check, plus a
some minor additional checks. After all we do want that valid EFI boot
menu entry ids are usable as filenames.
2021-03-08 22:47:41 +01:00
Lennart Poettering
8ca94009f8 basic: tighten two filename length checks
This fixes two checks where we compare string sizes when validating with
FILENAME_MAX. In both cases the check apparently wants to check if the
name fits in a filename, but that's not actually what FILENAME_MAX can
be used for, as it — in contrast to what the name suggests — actually
encodes the maximum length of a path.

In both cases the stricter change doesn't actually change much, but the
use of FILENAME_MAX is still misleading and typically wrong.
2021-03-08 22:47:14 +01:00
Lennart Poettering
c27cb5113f format-table: simplify table_set_display_all() and keep it private 2021-03-08 21:33:35 +00:00
Luca Boccassi
ae43f2341c
Merge pull request #18918 from yuwata/man-no-new-priv-18914
man: update documents about NoNewPrivileges=
2021-03-08 20:57:32 +00:00
Lennart Poettering
794a579f29 dissect-image: don#t mix two forms of stack allocation in one expression
It's not necessarily safe to do this, hence don't.
2021-03-08 17:31:47 +01:00
Lennart Poettering
7533a33b0c dissect-image: remove unnecessary parens 2021-03-08 17:31:35 +01:00
Lennart Poettering
79d5f00ad1
Merge pull request #18925 from keszybz/hwdb-news-syscalls-update
Update of hwdb & news & syscalls for v248
2021-03-08 17:01:40 +01:00
Lennart Poettering
b9dec21409
Merge pull request #18921 from yuwata/seccomp-syscallfilter-18916
seccomp: fix issue in system call filter with errno
2021-03-08 17:01:23 +01:00
Lennart Poettering
00248fc4f7
Merge pull request #18924 from keszybz/homed-inotify-crash
Homed inotify crash
2021-03-08 15:12:30 +01:00
Frantisek Sumsal
c335b7c3f8 test: fix the last subtest of TEST-50-DISSECT under sanitizers
Follow-up to 9f6235e1b4.
2021-03-08 14:38:49 +01:00
Zbigniew Jędrzejewski-Szmek
a3fbf67180 hwdb: update for v248
Seems to be additions and corrections as usual.
Includes an update of the chromiumos autosuspend rules.
2021-03-08 14:27:48 +01:00
Zbigniew Jędrzejewski-Szmek
33e68cce51 NEWS: add items since -rc2 2021-03-08 14:27:48 +01:00
Yu Watanabe
0538d2a811 core/execute: sort conditions to make them match documentation 2021-03-08 21:42:06 +09:00
Yu Watanabe
266d0bb9e0 man: update document about NoNewPrivileges=
Fixes #18914.
2021-03-08 21:42:06 +09:00
Yu Watanabe
a62f651b32 test: add one more test for system call filter with errno 2021-03-08 21:28:42 +09:00
Yu Watanabe
68acc1afbe seccomp: do not ignore deny-listed syscalls with errno when list is allow-list
Previously, if the hashmap is allow-list and a new deny-listed syscall
is added, seccomp_parse_syscall_filter() simply drop the new syscall
from hashmap even if error number is specified.

This makes 'allow-list' hashmap store two types of entries:
- allow-listed syscalls, which are stored with negative value (-1).
- deny-listed syscalls, which are stored with specified errno.

Fixes #18916.
2021-03-08 21:28:42 +09:00
Yu Watanabe
9e29ee4072 seccomp: use FLAGS_SET() macro 2021-03-08 21:28:42 +09:00
Yu Watanabe
084a46d7c5 core,seccomp: refuse to specify errno for allow-listed syscalls 2021-03-08 21:28:38 +09:00
Yu Watanabe
696a13bab7 core: drop meaningless parse_syscall_and_errno() calls
parse_syscall_and_errno() does not check the validity of syscall name or
syscall group name, but it just split into syscall name and errno.
So, it is not necessary to call it for SystemCallLog=.
2021-03-08 21:26:13 +09:00
Yu Watanabe
1862b310c5 seccomp: fix comment and change variable name 2021-03-08 21:25:54 +09:00
Yu Watanabe
335171ca84 test: parse_syscall_and_errno() accepts zero errno 2021-03-08 21:22:24 +09:00
Yu Watanabe
17884f979a test: move test_parse_syscall_and_errno() to test-seccomp.c 2021-03-08 21:22:24 +09:00
Zbigniew Jędrzejewski-Szmek
1d73ffeae1 missing-syscalls: do not generate trailing empty line
The generated .h file was already like this, but what the generator generated
did not match. So we only need to update the generator.
2021-03-08 12:39:50 +01:00
Zbigniew Jędrzejewski-Szmek
36fd31f525 syscalls: update tables
bfin_spinlock and cache_sync are dropped from the table, but didn't have
numbers assigned.

mount_setattr was added in v5.11-rc4-35-g2a1867219c.
2021-03-08 12:31:46 +01:00
Zbigniew Jędrzejewski-Szmek
f76e564437 homed: unref the sd_event object after the sources
Shouldn't make any difference, but let's first flush any pending messages, then
unref the reference-counted stuff, and only at the end do the direct free calls.
2021-03-08 12:00:22 +01:00
Zbigniew Jędrzejewski-Szmek
cf5366387b homed: disable event sources before unreffing them
C.f. 9793530228.

We'd crash when trying to access an already-deallocated object:

Thread no. 1 (7 frames)
 #2 log_assert_failed_realm at ../src/basic/log.c:844
 #3 event_inotify_data_drop at ../src/libsystemd/sd-event/sd-event.c:3035
 #4 source_dispatch at ../src/libsystemd/sd-event/sd-event.c:3250
 #5 sd_event_dispatch at ../src/libsystemd/sd-event/sd-event.c:3631
 #6 sd_event_run at ../src/libsystemd/sd-event/sd-event.c:3689
 #7 sd_event_loop at ../src/libsystemd/sd-event/sd-event.c:3711
 #8 run at ../src/home/homed.c:47

The source in question is an inotify source, and the messages are:

systemd-homed[1340]: /home/ moved or renamed, recreating watch and rescanning.
systemd-homed[1340]: Assertion '*_head == _item' failed at src/libsystemd/sd-event/sd-event.c:3035, function event_inotify_data_drop(). Aborting.

on_home_inotify() got called, then manager_watch_home(), which unrefs the
existing inotify_event_source. I assume that the source gets dispatched again
because it was still in the pending queue.

I can't reproduce the issue (timing?), but this should
fix #17824, https://bugzilla.redhat.com/show_bug.cgi?id=1899264.
2021-03-08 11:59:09 +01:00
Zbigniew Jędrzejewski-Szmek
23d24b76f3 homed: wrap some very long lines 2021-03-08 11:53:22 +01:00
Perry Yuan
9e04eb0d5f hwdb: 60-keyboard:: Update Dell Privacy Micmute Hotkey Map
Dell new Privacy feature provide new hardware level privacy
protect for users
This patch remaps scancode 0x120001 to key code F20 micmute
The old matching string cannot cover some other Dell products
which have the privacy feature,expand the string to all the system
that can load the privacy driver,privacy driver already detect the
system if it can support this feature. So here we can safely just
map the micmute key to scancode 0x120001

Signed-off-by: Perry Yuan <perry_yuan@dell.com>
2021-03-08 10:10:32 +01:00
Zbigniew Jędrzejewski-Szmek
f4929468eb
Merge pull request #18908 from mrc0mmand/fix-packit
ci: correctly drop patches with non four digit indexes
2021-03-07 21:31:31 +01:00
Luca Boccassi
e08c40417e
Merge pull request #18911 from keszybz/coverity-inspired-fixes
Coverity inspired fixes
2021-03-07 15:12:08 +00:00
Zbigniew Jędrzejewski-Szmek
a96a2591a1
Merge pull request #18907 from mrc0mmand/test-dissect-sanitizers
test: fix TEST-50-DISSECT under sanitizers
2021-03-07 12:46:15 +01:00
Zbigniew Jędrzejewski-Szmek
b903f16c2d TEST-15-DROPINS: improve check
https://github.com/systemd/systemd/pull/18579#discussion_r588983813
2021-03-07 12:27:55 +01:00
Zbigniew Jędrzejewski-Szmek
6bc352af1f basic/namespae-util: avoid one allocation 2021-03-07 12:22:28 +01:00
Zbigniew Jędrzejewski-Szmek
9e8a392a9a basic/os-util: adjust indentation 2021-03-07 12:15:42 +01:00