1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

49511 Commits

Author SHA1 Message Date
Yu Watanabe
0008b5aee2 network: nexthop: unset gateway when an empty string is assigned 2021-02-17 15:55:37 +09:00
Giedrius Statkevičius
68337e55f6 condition: add CPUFeature
Taking a stab at implementing #14479.

Add {Condition,Assert}CPUFeature to `systemd-analyze` & friends. Implement it
by executing the CPUID instruction. Add tables for common x86/i386
features.

Tested via unit tests + checked that commands such as:

```bash
systemd-analyze condition 'AssertCPUFeature = rdrand'
```

Succeed as expected and that commands such as

```bash
systemd-analyze condition 'AssertCPUFeature = foobar'
```

Fail as expected. Finally, I have amended the `systemd.unit` manual page
with the new condition and the list of all currently supported flags.
2021-02-17 15:31:29 +09:00
Lennart Poettering
b1b4e9204c
Merge pull request #18007 from fw-strlen/ipv6_masq_and_dnat
Support ipv6 for masquerade and dnat in nspawn and networkd
2021-02-16 23:41:35 +01:00
Vito Caputo
bb1296b55a journal-file: fix archiving offline journals
The existing set_offline() short-circuit erroneously included
when f->archive was true and header->state was STATE_OFFLINE.

This commit makes the short-circuit f->archive aware, so it will
only catch scenarios where there's not an offlining in progress
and the header state matches the target state of either archived
or offline.

Fixes https://github.com/systemd/systemd/issues/17770
2021-02-16 23:09:41 +01:00
Lennart Poettering
356b7a58f3
Merge pull request #18601 from keszybz/env-assign-cleanup
Envvar assignment cleanup
2021-02-16 22:36:48 +01:00
Yu Watanabe
3b4e3ebb51 netlink: introduce sd_netlink_message_has_flag() 2021-02-16 22:36:24 +01:00
Lennart Poettering
0a5393ad68
Merge pull request #18631 from yuwata/sd-netlink-fix-assertions
sd-netlink: update assertions and drop unused functions
2021-02-16 22:36:06 +01:00
Zbigniew Jędrzejewski-Szmek
9a9ca40803 systemd: don't try to run as user manager when called without any arguments
It's better for users if programs don't do "significant" things too easily, and
should be especially conservative when called without any arguments whatsoever.
So far systemd would would try to launch itself as a user manager and fail on
some cgroup permission stuff. systemd --user is run execlusively from user@.service
and there we call it with --user. Calls to the binary without any arguments as
non-pid1 are almost always a mistake.

https://github.com/systemd/systemd/issues/18419#issuecomment-779422571
2021-02-16 22:35:49 +01:00
Lennart Poettering
696e5a8a73 man: make clear that sd-journal notifications always come with extra latency
Replaces: #17699
2021-02-16 22:16:17 +01:00
Lennart Poettering
a9a43d8aa2
Merge pull request #18636 from poettering/resolved-different-server
resolved: tweaks for switching to different DNS servers
2021-02-16 20:27:09 +01:00
Lennart Poettering
23220d8a00
Merge pull request #18620 from bluca/mount_images_fixes
MountImages and core tmpfs fixes
2021-02-16 20:26:06 +01:00
Lennart Poettering
0addd9ba9c
Merge pull request #18616 from keszybz/argv-fuzzer-quick-fix
fuzz-systemctl-parse-argv: avoid "leak" of bus object
2021-02-16 20:25:37 +01:00
Joshua Watt
7820a56ccb logind: Restore chvt as non-root user without polkit
4acf0cfd2f ("logind: check PolicyKit before allowing VT switch") broke
the ability to write user sessions that run graphical sessions (e.g.
weston/X11). This was partially amended in 19bb87fbfa ("login: allow
non-console sessions to change vt") by changing the default PolicyKit
policy so that non-root users with a session are again allowed to switch
the VT. This makes the policy when PolKit is not enabled (as on many
embedded systems) closer the default PolKit policy and allows launching
graphical sessions as a non-root user.

Closes #17473

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
2021-02-16 20:24:53 +01:00
Luca Boccassi
b8f762f2fe stat-util: fix dir_is_empty_at without path
Use the right FD, and do a fd_reopen instead of a dup, since the
latter will still share the internal pointer which then gets
moved by FOREACH_DIRENT, affecting the caller's FD.
2021-02-16 20:24:27 +01:00
Lennart Poettering
42b23010b9
Merge pull request #18624 from poettering/resolved-feature-level-tweak
resolved: three tweaks to server feature level tracking
2021-02-16 20:24:05 +01:00
Yu Watanabe
955b11ffd3
Merge pull request #18629 from yuwata/sd-netlink-nexthop-types
sd-netlink: add nexthop related types
2021-02-17 04:06:15 +09:00
Lennart Poettering
9147b591a1 resolved: unify code for trying a different DNS server
Let's unify some code, and add a common implementation of a function
that checks whether we have tried all DNS servers yet, and retries the
transaction if we don't. We already use this same code twice. Let's use
it at some other places too now — basically all cases where we switch to
a new server — with the one case of packet loss, where we too switch
servers, but don#t care how many times we already tried to switch.
2021-02-16 18:54:33 +01:00
Lennart Poettering
7ef863a76a resolved: improve log message when retrying a transaction with a different server 2021-02-16 18:53:33 +01:00
Lennart Poettering
fba3e94df5 resolved: never go below DNSSEC feature level in DNSSEC strict mode
This adjusts our feature level handling: when DNSSEC strict mode is on,
let's never lower the feature level below the lowest DNSSEC mode.

Also, when asking whether DNSSEC is supproted, always say yes in strict
mode. This means that error reporting about transactions that fail
because of missing DNSSEC RRs will not report "incompatible-server" but
instead "missing-signature" or suchlike.

The main difference here is that DNSSEC failures become local to a
transaction, instead of propagating into the feature level we reuse for
future transactions. This is beneficial with routers that implement
"mostly a DNS proxy", i.e. that propagate most DNS requests 1:1 to their
upstream servers, but synthesize local answers for a select few domains.
For example, AVM Fritz!Boxes operate that way: they proxy most traffic
1:1 upstream in an DNSSEC-compatible fashion, but synthesize the
"fritz.box" locally, so that it can be used to configure the router.
This local domain cannot be DNSSEC verified, it comes without
signatures. Previously this would mean once that domain was resolved
feature level would be downgraded, and we'd thus fail all future DNSSEC
attempts. With this change, the immediate lookup for "fritz.box" will
fail validation, but for all other unrelated future ones that comes
without prejudice.

(While we are at it, also make a couple of other downgrade paths a bit
tighter.)

Fixes: #10570 #14435 #6490
2021-02-16 18:44:01 +01:00
Lennart Poettering
d8592a4e2f resolved: make feature level checks a bit more discriptive
The levels have an order, but the order is sometimes a bit arbitrary.
Hence add simple macros to check for specific features and use those, so
that the ordering leaks a bit less into all files.
2021-02-16 18:41:08 +01:00
Lennart Poettering
2c42a217a2 resolved: when we can't parse a packet, downgrade feature level
So far we didn't really handle the case where we can't parse a reply
packet. Since this apparently happens in real-life though, let's add
some minimal logic, to downgrade/restart if we see this.
2021-02-16 18:41:08 +01:00
Yu Watanabe
8900c05e6e netlink: drop sd_rtnl_message_{route,nexthop}_set_family()
The family is already set when the message is created.
2021-02-17 02:06:26 +09:00
Yu Watanabe
fc80ed5f97 network: drop unnecessary family setting
It is already set in sd_rtnl_message_new_nexthop().
2021-02-17 02:06:26 +09:00
Yu Watanabe
ccb4072e21 man: fix indentation 2021-02-16 17:59:21 +01:00
Lennart Poettering
b52eac2010 resolved: paranoia — ensure DNS reply came over stream we sent it to 2021-02-16 17:43:27 +01:00
heretoenhance
8d186a35cb
Adding an explanation for CONFIG_NET requirement (#18600)
* README: replace CONFIG_NET with CONFIG_UNIX in requirements list
2021-02-16 16:26:51 +00:00
Yu Watanabe
735a3d73b7 netlink: fix assertions 2021-02-17 01:21:03 +09:00
Yu Watanabe
4684ec5e3d netlink: add nexthop related types 2021-02-17 01:16:42 +09:00
Yu Watanabe
f5b7deb969 sd-netlink: add RTA_NH_ID attribute support 2021-02-17 01:16:10 +09:00
Zbigniew Jędrzejewski-Szmek
15567b3a73 Rename unit_times_free to unit_times_free_array
It frees the whole array and the type is UnitTimes not UnitTime.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
cfb1a0e555 Rename strbuf_cleanup to strbuf_free
It frees the whole object.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
425ac7a253 fuzz-systemctl-parse-argv: call static destuctors
With all the preparatory work in previous PRs, we can now call static destructors
repeatedly without issue. We need to do it here so that global variables allocated
during parsing are properly freed.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
36556f6e51 systemctl: use free_and_replace on global variable
In normal usage we cannot set it multiple times, but from a fuzzer we
may. Doing it this way is nicer anyway.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
fd421c4adc tree-wide: reset the cleaned-up variable in cleanup functions
If the cleanup function returns the appropriate type, use that to reset the
variable. For other functions (usually the foreign ones which return void), add
an explicit value to reset to.

This causes a bit of code churn, but I think it might be worth it. In a
following patch static destructors will be called from a fuzzer, and this
change allows them to be called multiple times. But I think such a change might
help with detecting unitialized code reuse too. We hit various bugs like this,
and things are more obvious when a pointer has been set to NULL.

I was worried whether this change increases text size, but it doesn't seem to:

-Dbuildtype=debug:
before "tree-wide: return NULL from freeing functions":
-rwxrwxr-x 1 zbyszek zbyszek 4117672 Feb 16 14:36 build/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 4494520 Feb 16 15:06 build/systemd*
after "tree-wide: return NULL from freeing functions":
-rwxrwxr-x 1 zbyszek zbyszek 4117672 Feb 16 14:36 build/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 4494576 Feb 16 15:10 build/systemd*
now:
-rwxrwxr-x 1 zbyszek zbyszek 4117672 Feb 16 14:36 build/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 4494640 Feb 16 15:15 build/systemd*

-Dbuildtype=release:
before "tree-wide: return NULL from freeing functions":
-rwxrwxr-x 1 zbyszek zbyszek 5252256 Feb 14 14:47 build-rawhide/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 1834184 Feb 16 15:09 build-rawhide/systemd*
after "tree-wide: return NULL from freeing functions":
-rwxrwxr-x 1 zbyszek zbyszek 5252256 Feb 14 14:47 build-rawhide/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 1834184 Feb 16 15:10 build-rawhide/systemd*
now:
-rwxrwxr-x 1 zbyszek zbyszek 5252256 Feb 14 14:47 build-rawhide/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 1834184 Feb 16 15:16 build-rawhide/systemd*

I would expect that the compiler would be able to elide the setting of a
variable if the variable is never used again. And this seems to be the case:
in optimized builds there is no change in size whatsoever. And the change in
size in unoptimized build is negligible.

Something strange is happening with size of libsystemd: it's bigger in
optimized builds. Something to figure out, but unrelated to this patch.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
75db809ae5 tree-wide: return NULL from freeing functions
I started working on this because I wanted to change how
DEFINE_TRIVIAL_CLEANUP_FUNC is defined. Even independently of that change, it's
nice to make make things more consistent and predictable.
2021-02-16 17:15:10 +01:00
Lennart Poettering
1d123e772d resolved: reduce indentation level a bit 2021-02-16 16:46:01 +01:00
Lennart Poettering
13eb76ef06 resolved: let's preferably route reverse lookups for local subnets to matching interfaces
Let's preferably route traffic for reverse lookups to LLMNR/mDNS/DNS on
the matching interface if the IP address is in the local subnet. Also,
if looking up an IP address of our own host, let's avoid doing
LLMNR/mDNS at all.

This is useful if "~." is a routing domain to DNS, as it means, local
reverse lookups still go to LLMNR/mDNS, too.

Fixes: #16243 #10081
2021-02-16 16:13:42 +01:00
Zbigniew Jędrzejewski-Szmek
13734c75b5 Refactor strv_env_replace() into strv_env_replace_consume()
All callers of strv_env_replace() would free the argument on error.
So let's follow the same pattern as with strv_consume (and similar
naming) and unconditionally "use up" the argument.
2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
b230baaeb7 shared/exec-util: fix minor memleak
p was not freed on error.
2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
73c8cc7164 test-env-util: add tests for the two new functions 2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
99bfce1080 basic/env-util: drop now-unused strv_env_set() 2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
f08231fe07 basic/env-util: add strv_env_assign() helper 2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
6f8f8688e1 shared/user-record: inline iterator variable declarations 2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
ab4ab13c74 locale: inline iterator variable declarations 2021-02-16 16:10:14 +01:00
Luca Boccassi
809ceb8217 namespace: store and use original MountEntry paths when prefixing
Some paths (eg: mount_tmpfs) simply assumed that prefixing always
happens and it always stores the original path in path_const, and
the prefixed path in path_malloc.
But if a MountEntry is set up in a helper function and thus uses
only _malloc struct members, this assumption doesn't hold and there's
a crash.

Refactor so that prefixing is done with a helper which stores the
original path in a separate struct member, and accessing it also
uses a helper which does the right thing.
2021-02-16 14:33:23 +00:00
Luca Boccassi
b850a9b29f MountImages: actually support optional paths
ENOENT did not cause an image mount to be skipped, fix it
2021-02-16 14:33:23 +00:00
Zbigniew Jędrzejewski-Szmek
5d160a2304 networkd: make network_config_section_free() inline 2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
1f38830153 resolved: make dns_transaction_gc return a pointer
_gc() does cleanup if it is possible. So far it returned a bool to
signal if it succeeded (false on success). When working on the resolved
code I had to look at the definition every time, because the (arguably
reversed) calling convention is unobvious. So let's return a pointer
(non-NULL: gc has not been done, NULL: gc has been done).

This fits nicely with the standard to return a pointer from all free
functions obviously.
2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
d3b56a0cad networkd-ndisc: drop confused freepp function
The function to cleanup IPv6Token was defined using freep, i.e. the macro
generated a freepp function. The correct way would be to do something like
  #define ipv6_token_free mfree
  DEFINE_TRIVIAL_CLEANUP_FUNC(IPv6Token *, ipv6_token_free);
which would create ipv6_token_freep().
But since the cleanup function is unused, let's just drop it.
2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
450918d111 coredump: add typedef for struct 2021-02-16 14:27:59 +01:00