1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
Commit Graph

53523 Commits

Author SHA1 Message Date
Frantisek Sumsal
f7e0d22d76 tools: shellcheck-ify tool scripts 2021-09-30 12:27:06 +02:00
Frantisek Sumsal
1c3f490f23 test: shellcheck-ify test scripts 2021-09-30 12:12:00 +02:00
Frantisek Sumsal
91c64ad620 test: drop an unused file 2021-09-30 12:11:27 +02:00
Benjamin Berg
e975a94559 test: Add failing/non-failing syscall filter test setting architecture
This adds a high level test verifying that syscall filtering in
combination with a simple architecture filter for the "native"
architecture works fine.
2021-09-30 08:06:25 +09:00
Benjamin Berg
08bf703cc1 test: Check that "native" architecture is always filtered 2021-09-30 08:06:19 +09:00
Benjamin Berg
f833df3848 seccomp: Always install filters for native architecture
The commit 6597686865 ("seccomp: don't install filters for archs that
can't use syscalls") introduced a regression where filters may not be
installed for the "native" architecture. This means that setting
SystemCallArchitectures=native for a unit effectively disables the
SystemCallFilter= and SystemCallLog= options.

Conceptually, we have two filter stages:
 1. architecture used for syscall (SystemCallArchitectures=)
 2. syscall + architecture combination (SystemCallFilter=)

The above commit tried to optimize the filter generation by skipping the
second level filtering when it is not required.

However, systemd will never fully block the "native" architecture using
the first level filter. This makes the code a lot simpler, as systemd
can execve() the target binary using its own architecture. And, it
should be perfectly fine as the "native" architecture will always be the
one with the most restrictive seccomp filtering.

Said differently, the bug arises because (on x86_64):
 1. x86_64 is permitted by libseccomp already
 2. native != x86_64
 3. the loop wants to block x86_64 because the permitted set only
    contains "native" (i.e. "native" != "x86_64")
 4. x86_64 is marked as blocked in seccomp_local_archs

Thereby we have an inconsistency, where it is marked as blocked in the
seccomp_local_archs array but it is allowed by libseccomp. i.e. we will
skip generating filter stage 2 without having stage 1 in place.

The fix is simple, we just skip the native architecture when looping
seccomp_local_archs. This way the inconsistency cannot happen.
2021-09-30 08:04:59 +09:00
alexlzhu
fab79a85af docs: Fixing typo in systemd.device man page and README.
systemd-udevd.service listens to kernel uevents and is needed for device
units to be available.

systemd-udevd.service is misspelled as systemd-udev.service in a couple places.

Fixing typo.
2021-09-29 22:18:38 +01:00
Frantisek Sumsal
8370da9ea6 ci: shellcheck-ify CI scripts 2021-09-29 22:24:12 +02:00
Yu Watanabe
200f77f933
Merge pull request #20876 from poettering/openssl3-creds
creds-util: switch to OpenSSL 3.0 APIs
2021-09-30 04:01:57 +09:00
Luca Boccassi
5386e247f8
Merge pull request #20883 from bluca/bpf_header_license
headers: update bpf_insn.h to dual license
2021-09-29 18:05:28 +01:00
Lennart Poettering
721956f3e9
Merge pull request #20219 from khfeng/use-intel-hid-rfkill
hwdb: Remove intel-hid rfkill mask
2021-09-29 18:53:22 +02:00
Luca Boccassi
f59a1ab4b0 docs: mention that contributed code must be compatible with GPL-2.0-or-later explicitly 2021-09-29 17:42:51 +01:00
Luca Boccassi
13b7d99dad headers: update bpf_insn.h to dual license
This header is copied from the kernel. It was relicensed from GPL-2.0-only
to GPL-2.0-only OR BSD-2-Clause, so update our SPDX tag accordingly.

For more details and ACKS from all copyright holders authorizing the
license change see:

https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=d75fe9cb1dd062684c9fb8a4581738170365dc06
2021-09-29 17:40:55 +01:00
Yu Watanabe
aebff2e7ce core/mount: add implicit unit dependencies even if when mount unit is generated from /proc/self/mountinfo
Hopefully fixes #20566.
2021-09-29 17:25:13 +02:00
Yu Watanabe
209abeac6d
Merge pull request #20824 from yuwata/sd-dhcp6-client-cleanups
sd-dhcp6-client: several cleanups for parsing options
2021-09-30 00:08:16 +09:00
Yu Watanabe
ca6bc7ce0d
Merge pull request #20226 from yuwata/network-introduce-source-and-status
network: introduce NetworkConfigSource and NetworkConfigState
2021-09-30 00:06:17 +09:00
Yu Watanabe
bfcc0fedd0
Merge pull request #20871 from mrc0mmand/udevadm-property-value
udev: teach udevadm --property=NAME and --value options
2021-09-30 00:05:02 +09:00
Yu Watanabe
504cfa6573
Merge pull request #20877 from yuwata/network-test-mode
network: do not update state files when running in test mode
2021-09-30 00:04:41 +09:00
Marcel Menzel
3e90ded70c
doc: network: Move "Independent=" flag to the VXLAN section (#20881) 2021-09-29 23:19:20 +09:00
Yu Watanabe
78fac35811
Merge pull request #20823 from mrc0mmand/test-storage-iscsi
test: iSCSI-related udev tests
2021-09-29 23:17:43 +09:00
Hans de Goede
f813515542 hwdb: sensors: Fix some modalias matches no longer working with newer kernels
Kernels >= 5.8 have added new fields to the dmi/id/modalias file in the
middle of the modalias (instead of adding them at the end).

Specifically new ":br<value>:" and (optional) ":efr<value>:" fields have
been added between the ":bd<value>:" and ":svn<value>:" fields.

Note the 5.13.0 and 5.14.0 kernels also added a new ":sku<value>:" field
between the ":pvr<value>:" and ":rvn<value>:" fields, this has been fixed
in later 5.13.y and 5.14.y releases, by moving the sku field to the end:
https://lore.kernel.org/lkml/20210831130508.14511-1-hdegoede@redhat.com/

Unfortunately the same cannot be done for the new br and efr fields since
those have been added more then a year ago and hwdb even already has some
newer entries relying on the new br field being there (and thus not working
with older kernels).

Fix the issue with the br and efr fields through the following changes:

1. Replace any matches on ":br<value>" from newer entries with an '*'
2. Replace "bd<value>:svn<value>" matches with: "bd<value>:*svn<value>"
   inserting an '*' where newer kernels will have the new br + efr fields

This makes these matches working with old as well as new kernels.

Link: https://github.com/systemd/systemd/issues/20550
Link: https://github.com/systemd/systemd/pull/20562
2021-09-29 16:03:06 +02:00
Lennart Poettering
6d74db7ef6 Revert "ci: temporarily set -Wno-deprecated-declarations in Packit"
This reverts commit af861917c5.
2021-09-29 15:04:24 +02:00
Lennart Poettering
7f12adc300 openssl-util: use EVP API to get RSA bits 2021-09-29 15:04:19 +02:00
Lennart Poettering
18f568b8e6 creds-util: switch to OpenSSL 3.0 APIs
Let's switch from the low-level SHA256 APIs to EVP APIs. The former are
deprecated on OpenSSL 3.0, the latter are supported both by old
OpenSSL and by OpenSSL 3.0, hence are the better choice.

Fixes: #20775
2021-09-29 15:04:14 +02:00
Anita Zhang
14bb729534 basic/unit-file: don't filter out names starting with dot
Fixes #20859
Reverts 3796bdc55d
2021-09-29 14:42:13 +02:00
Lennart Poettering
e30a3ba16a core: drop "const" from NeedsDaemonReload unit dbus property
It's not "const", it can change any time if people change the fs, and we
don#t send out notifications for it. Hence don't claim it was const.
(Otherwise clients might cache it, but they should not)

Prompted-by: #20792
2021-09-29 14:37:07 +02:00
Lennart Poettering
bee07a3995 resolvconf-compat: make "-u" operation a NOP
According to the various man pages of "resolvconf" the -u switch is for:

"-u Just run the update scripts (if updating is enabled)."

"-u Force resolvconf to update all its subscribers. resolvconf does not
    update the subscribers when adding a resolv.conf that matches what
    it already has for that interface."

We have no "subscribers", we ourselves are the only "subscriber" we
support. Hence it's probably better to ignore such a request and make it
a NOP, then to fail.

Fixes: #20748
2021-09-29 14:36:47 +02:00
Yu Watanabe
6d350f7d82 Revert "CI: run unit tests in a network namespace"
This reverts commit 8b036b223a.
2021-09-29 20:50:37 +09:00
Yu Watanabe
faa2e64f9b network: do not configure anything when running in test mode 2021-09-29 20:50:37 +09:00
Yu Watanabe
4c78dc17e5 network: do not update state files when running in test mode
Fixes #20862.
2021-09-29 20:50:37 +09:00
Yu Watanabe
92fc611cac
Merge pull request #20802 from yuwata/network-receive-nl80211-multicast-messages
network: receive nl80211 multicast messages
2021-09-29 20:49:38 +09:00
Frantisek Sumsal
6c1482b28d udev: teach udevadm --property=NAME and --value options
which allows limiting the properties listed by the `--query=property` option
(and optionally listing only the respective values).
2021-09-29 13:32:25 +02:00
Frantisek Sumsal
3c318caa6f basic: introduce test_strv_split_and_extend() 2021-09-29 13:32:22 +02:00
Luca Boccassi
c1036042f5 CI: run GCC unit test job on push to main
Allows to get coverage data on coveralls.io
2021-09-29 14:10:42 +03:00
Frantisek Sumsal
bbc1bb0742 udev: sort the options alphabetically 2021-09-29 12:52:57 +02:00
Frantisek Sumsal
9cb41c3326 test: iSCSI-related udev tests 2021-09-29 10:05:21 +02:00
Frantisek Sumsal
aedb60043a test: save journals of only failing test cases in TEST-64 2021-09-29 10:05:21 +02:00
Frantisek Sumsal
7074c047c1 test: explicitly report if we fail to install a file into the image 2021-09-29 10:05:21 +02:00
Frantisek Sumsal
f4e64b6e34 test: add an iSCSI helper 2021-09-29 10:05:21 +02:00
Frantisek Sumsal
5f25c30ee8 test: sort the features alphabetically 2021-09-29 10:05:21 +02:00
Lennart Poettering
41a978fdb1
Merge pull request #20676 from gogsbread/sysctl-minimize-sideeffect
sysctl: minimize side effects when running `systemd-sysctl`
2021-09-29 09:17:48 +02:00
Yu Watanabe
96f5f9ef9a network: receive genl multicast messages about wlan connections 2021-09-29 15:56:20 +09:00
Yu Watanabe
f12629ae38 network: move error handling of enumerating configs to caller side 2021-09-29 15:56:09 +09:00
Yu Watanabe
bdcd4ab2f1 network: make manager_enumerate_internal() take sd_netlink object
Preparation for dumping information through generic netlink.
2021-09-29 15:38:59 +09:00
Yu Watanabe
96243149bd network: split manager_new() into two part
Initialize dbus or netlink is not necessary for fuzzers.
2021-09-29 15:38:59 +09:00
Yu Watanabe
16653f9782 wifi-util: introduce nl80211_cmd_to_string() 2021-09-29 15:38:59 +09:00
Yu Watanabe
77f75f4fff network: rename wifi_iftype -> wlan_iftype 2021-09-29 15:38:59 +09:00
Yu Watanabe
abad436d4c wifi-util: move, rename, and expose wifi_iftype_to_string() 2021-09-29 15:38:59 +09:00
Yu Watanabe
8e310690b0 sd-netlink: add several attributes for nl80211 2021-09-29 15:38:59 +09:00
Yu Watanabe
f3e235ffb2 sd-netlink, wifi-util: fix attribute type of NL80211_ATTR_SSID 2021-09-29 15:38:59 +09:00