1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
Commit Graph

53490 Commits

Author SHA1 Message Date
Iago López Galeiras
e59ccd035c core: add RestrictFileSystems= fragment parser
It takes an allow or deny list of filesystems services should have
access to.
2021-10-06 10:52:14 +02:00
Iago Lopez Galeiras
b1994387d3 core: use LSM BPF functions to implement RestrictFileSystems=
It attaches the LSM BPF program when the system manager starts up.

It populates the hash of maps BPF map when services that have
RestrictFileSystems= set start.

It cleans up the hash of maps when the unit cgroup is pruned.

To pass the file descriptor of the BPF map we add it to the keep_fds
array.
2021-10-06 10:52:14 +02:00
Iago Lopez Galeiras
184b4f78cf core: add BPF LSM functions
This adds 6 functions to implement RestrictFileSystems=

* lsm_bpf_supported() checks if LSM BPF is supported. It checks that
  cgroupv2 is used, that BPF LSM is enabled, and tries to load the BPF
  LSM program which makes sure BTF and hash of maps are supported, and
  BPF LSM programs can be loaded.
* lsm_bpf_setup() loads and attaches the LSM BPF program.
* lsm_bpf_unit_restrict_filesystems() populates the hash of maps BPF map with the
  cgroupID and the set of allowed or denied filesystems.
* lsm_bpf_cleanup() removes a cgroupID entry from the hash of maps.
* lsm_bpf_map_restrict_fs_fd() is a helper function to get the file
  descriptor of the BPF map.
* lsm_bpf_destroy() is a wrapper around the destroy function of the BPF
  skeleton file.
2021-10-06 10:52:14 +02:00
Iago López Galeiras
510cdbeb5b shared/bpf-dlopen: expose more libbpf functions
They're needed for the LSM BPF feature.
2021-10-06 10:52:14 +02:00
Iago López Galeiras
d13b60d8af exit-status: add EXIT_BPF
It will be used later.
2021-10-06 10:52:14 +02:00
Iago López Galeiras
535e3dd091 cgroup-util: add cg_path_get_cgroupid()
It returns the cgroupID from a cgroup path.
2021-10-06 10:52:14 +02:00
Iago López Galeiras
021d1e9612 bpf: add restrict_fs BPF program
It hooks into the file_open LSM hook and allows only when the filesystem
where the open will take place is present in a BPF map for a particular
cgroup.

The BPF map used is a hash of maps with the following structure:

    cgroupID -> (s_magic -> uint32)

The inner map is effectively a set.

The entry at key 0 in the inner map encodes whether the program behaves
as an allow list or a deny list: if its value is 0 it is a deny list,
otherwise it is an allow list.

When the cgroupID is present in the map, the program checks the inner
map for the magic number of the filesystem associated with the file
that's being opened. When the program behaves as an allow list, if that
magic number is present it allows the open to succeed, when the program
behaves as a deny list, it only allows access if the that magic number
is NOT present. When access is denied the program returns -EPERM.

The BPF program uses CO-RE (Compile-Once Run-Everywhere) to access
internal kernel structures without needing kernel headers present at
runtime.
2021-10-06 10:52:14 +02:00
Iago López Galeiras
659d19243c basic: use filesystem database 2021-10-06 10:52:14 +02:00
Iago López Galeiras
1315ce3120 basic: add filesystem database
Stores filesystem_name -> magic_number(s).
2021-10-06 10:52:10 +02:00
Iago López Galeiras
3ef4e91abe missing_magic: add several filesystems
They were failing on CI.
2021-10-06 10:48:32 +02:00
Iago Lopez Galeiras
2ac5f90d59 basic: move CIFS magic number to missing_magic.h
It fits better there.
2021-10-06 10:48:32 +02:00
Lennart Poettering
95ef0eaf0d unit-file: tighten unit file discovery checks
Only accept DT_REG/DT_LNK/DT_DIR entries, ignore all others.

Only accpet DT_REG/DT_LNK for file names that are valid unit file names.

Only accept DT_DIR for filenames that are valid unit file names which
are suffixed by .d, .wants, .requires

This doesn't really fix any bugs, but tightens what we insert into the
lookup tables.
2021-10-06 12:28:19 +09:00
Yu Watanabe
1eb3ef78b4
Merge pull request #20937 from poettering/sync-split
split up a few files in src/basic/
2021-10-06 12:27:27 +09:00
Andrew Soutar
5ef97a7122
basic/env-util: correctly parse extended vars after non-extended vars (#20941) 2021-10-06 11:55:27 +09:00
Lennart Poettering
8ac04a6547 repart: use right error variable 2021-10-05 19:41:35 +01:00
Lennart Poettering
01bebba3de basic: move chase_symlinks_and_fopen_unlocked() → chase-symlinks.[ch] 2021-10-05 19:37:30 +01:00
Lennart Poettering
f435195925 basic: spit out chase_symlinks() from fs-util.[ch] → chase-symlinks.[ch] 2021-10-05 16:14:37 +02:00
Lennart Poettering
9e5fd71799 basic: split out inotify-related calls from fs-util.h → inotify-util.h 2021-10-05 16:14:37 +02:00
Lennart Poettering
d8e32c471f basic: split out glyph/emoji related calls from locale-util.[ch] into glyph-util.[ch]
These functions are used pretty much independently of locale, i.e. the
only info relevant is whether th locale is UTF-8 or not. Hence let's
give this its own pair of .c/.h files.
2021-10-05 16:14:37 +02:00
Lennart Poettering
bf819d3ac2 basic: split out sync() family of calls from fs-util.[ch] into new c/h file
No changes in code, just some splitting out.
2021-10-05 15:47:32 +02:00
Luca Boccassi
e66ee1d7e6
Merge pull request #20893 from poettering/per-user-oom-score
default to higher oom scores for user sessions
2021-10-05 09:54:24 +01:00
Anita Zhang
a2ae2ba2ff
Merge pull request #20892 from yuwata/test-network-preferred-lifetime-zero
network: drop and warn duplicated address settings
2021-10-04 18:40:59 -07:00
Luca Boccassi
c82dc15b9f test: create and merge code coverage reports in integration tests
If -Db_coverage=true is used at build time, then ARTIFACT_DIRECTORY/TEST-XX-FOO.coverage-info
files are created with code coverage data, and run-integration-test.sh also
merges them into ARTIFACT_DIRECTORY/merged.coverage-info since the coveralls.io
helpers accept only a single file.
2021-10-04 16:40:49 +01:00
Lennart Poettering
643006f62b man: document the new DefaultOOMScoreAdjust= setting 2021-10-04 16:27:11 +02:00
Lennart Poettering
ce7de0ba8e units: run user service managers at OOM score adjustment 100
Let's make it slightly more likely that a per-user service manager is
killed than any system service. We use a conservative 100 (from a range
that goes all the way to 1000).

Replaces: #17426

Together with the previous commit this means: system manager and system
services are placed at OOM score adjustment 0 (specifically: they
inherit kernel default of 0). User service manager (both for root and
non-root) are placed at 100. User services for non-root are placed at
200, those for root inherit 100.

Note that processes forked off the user *sessions* (i.e. not forked off
the per-user service manager) remain at 0 (e.g. the shell process
created by a tty or ssh login). This probably should be
addressed too one day (maybe in pam_systemd?), but is not covered here.
2021-10-04 16:27:10 +02:00
Lennart Poettering
d4a402e4f6 core: add a new setting DefaultOOMScoreAdjust= and set it to 100 above service manager's by default
Let's make our service managers slightly less likely to be killed by the
OOM killer by adjusting our services' OOM score adjustment to 100 above
ours. Do this conservatively, i.e. only for regular user sessions.
2021-10-04 16:27:10 +02:00
Lennart Poettering
bb2d1d8ea4 test: add test case for {get,set}_oom_score_adjust() 2021-10-04 16:27:10 +02:00
Lennart Poettering
2c37c613a7 process-util: add helper for querying oom score adjustment value 2021-10-04 16:27:10 +02:00
Yu Watanabe
40971657ce test-network: add tests for duplicated address setting
Also, add more tests for PreferredLifetime=0

C.f. #20891.
2021-10-04 18:26:35 +09:00
Yu Watanabe
9202b567bc network: do not ignore critical errors like OOM 2021-10-04 18:26:24 +09:00
Yu Watanabe
8f9bdeabe3 network: downgrade log level for non-critical errors 2021-10-04 18:22:49 +09:00
Yu Watanabe
50783f91d4 network: drop and warn duplicated Address= settings
Fixes #20891.
2021-10-04 18:17:38 +09:00
Luca Boccassi
9d0ad242b8 man/glib-event-glue example: relicense to CC0-1.0
All other examples were relicensed to CC0-1.0 since they are intended
to be copied and pasted anywhere without any restrictions.
Relicense the last one too.
2021-10-04 11:05:22 +02:00
Yu Watanabe
5b43c2c843 network: rename address_hash_ops -> address_hash_ops_free
Preparation for later commits.
2021-10-04 17:59:15 +09:00
Yu Watanabe
6bf03f6f4a network: make several hash_ops static 2021-10-04 17:59:15 +09:00
Yu Watanabe
f983155736 network: address: fix flags and lifetime in debugging logs
Prompted by #20891.
2021-10-04 17:59:15 +09:00
Egor
936a7cb66a sleep: don't skip resume device with low priority/available space
this fixes hibernation when there's a higher priority swap preceding
the resume swap in /proc/swaps.

fixes #19486
2021-10-04 10:23:42 +02:00
Frantisek Sumsal
105bb924a9
Merge pull request #20924 from weblate/weblate-systemd-master
Translations update from Weblate
2021-10-03 16:08:50 +00:00
Slimane Selyan Amiri
2eeec9f3cc po: Translated using Weblate (Kabyle)
Currently translated at 2.1% (4 of 189 strings)

Co-authored-by: Slimane Selyan Amiri <selyan.kab@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/kab/
Translation: systemd/main
2021-10-03 18:05:00 +02:00
Gogo Gogsi
200ece8e11 po: Translated using Weblate (Croatian)
Currently translated at 100.0% (189 of 189 strings)

Co-authored-by: Gogo Gogsi <linux.hr@protonmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/hr/
Translation: systemd/main
2021-10-03 18:05:00 +02:00
Luca Boccassi
c40671ba16
Merge pull request #20886 from bluca/license
SPDX: add README and license texts
2021-10-01 22:57:11 +01:00
Weblate
23579882e1 po: Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/
Translation: systemd/main
2021-10-01 21:07:19 +00:00
Luca Boccassi
9c6e32a294 Add all other applicable licenses under LICENSES/
License texts copied from:

https://github.com/spdx/license-list-data/blob/master/text/
2021-10-01 17:27:34 +01:00
Luca Boccassi
7fe57498de add LICENSES/README.md explaining the license situation 2021-10-01 17:27:34 +01:00
Luca Boccassi
f4d74c6105 man: add licenses to all files that lack one
Documentation is licensed under LGPL-2.1-or-later.
Scripts are MIT to facilitate reuse.
Examples are relicensed to CC0-1.0 to maximise copy-and-paste
for users, with permission from authors.
2021-10-01 17:27:34 +01:00
Luca Boccassi
948def4af6 tree-wide: fix SPDX short identifier for LGPL-2.1-or-later
https://spdx.dev/ids/#:~:text=Allowing%20later%20versions%20of%20a%20license
https://spdx.org/licenses/LGPL-2.1-or-later.html
2021-10-01 17:27:34 +01:00
Luca Boccassi
ab885bedbf
Merge pull request #20907 from keszybz/licensing-cleanup
Licensing cleanup
2021-10-01 17:26:08 +01:00
Zbigniew Jędrzejewski-Szmek
0aee5e3dc0 xorg/50-systemd-user: add a full license header
This file is installed onto user systems, so it should have the full
header that says where it came from.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
8f5bcd615b licensing: add forgotten spdx headers
Those are all "our" files, but we forgot to add the headers,
most likely because of non-standard file extensions.
2021-10-01 14:45:00 +02:00
Zbigniew Jędrzejewski-Szmek
098621aff3 licensing: add missing header to one .network file
It should have the full header because it will be installed onto
user systems like the other .network files.
2021-10-01 14:45:00 +02:00