1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

362 Commits

Author SHA1 Message Date
Lennart Poettering
dc288ffeab
Merge pull request #18596 from keszybz/systemctl-quiet-legend
systemctl: hide legends with --quiet, allow overriding
2021-02-17 23:40:04 +01:00
Zbigniew Jędrzejewski-Szmek
599c7c545f tree-wide: add a helper to parse boolean optarg
This nicely covers the case when optarg is optional. The same parser can be
used when the option string passed to getopt_long() requires a parameter and
when it doesn't.

The error messages are made consistent.
Also fixes a log error c&p in --crash-reboot message.
2021-02-17 21:06:31 +01:00
Zbigniew Jędrzejewski-Szmek
15567b3a73 Rename unit_times_free to unit_times_free_array
It frees the whole array and the type is UnitTimes not UnitTime.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
75db809ae5 tree-wide: return NULL from freeing functions
I started working on this because I wanted to change how
DEFINE_TRIVIAL_CLEANUP_FUNC is defined. Even independently of that change, it's
nice to make make things more consistent and predictable.
2021-02-16 17:15:10 +01:00
Zbigniew Jędrzejewski-Szmek
6aa601c56c analyze: use typedefs for structs and inline iterator variable decls 2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
2d3b784dfb core: split out a few funcs into unit-serialize.[ch]
Just a straightforward move and resulting include file adjustments.
2021-02-12 11:36:24 +01:00
Zbigniew Jędrzejewski-Szmek
41b88bb8ad sd-bus: standarize on NULL for empty signature in method calls
We would use sometimes "" and sometimes NULL. They are equivalent, so let's use
NULL everywhere, except for a two places in tests.
2021-02-12 11:36:24 +01:00
Yu Watanabe
fa7924db0b
Merge pull request #11484 from keszybz/udevadm-error-logs
Use real return codes in _from_string() functions
2021-02-11 03:17:47 +09:00
Zbigniew Jędrzejewski-Szmek
7211c853c2 tree-wide: propagate error code from _from_string() functions
Now that we know we have something useful, no need to make an answer up.
2021-02-10 14:46:59 +01:00
Lennart Poettering
77552b9520 analyze: slightly reword PrivatTmp= message
Apparently there way confusion about "does not apply". Let's say "is not
appropriate".

Fixes: #13095
2021-02-10 12:14:29 +01:00
Yu Watanabe
d2acb93dc5 tree-wide: enable colorized logging for daemons when run in console
It may be useful when debugging daemons.
2021-02-01 01:13:44 +09:00
Daan De Meyer
bc556335b1 tree-wide: Drop custom formatting for print() help messages
I think this formatting was originally used because it simplified
adding new options to the help messages. However, these days, most
tools their help message end with "\nSee the %s for details.\n" so
the final line almost never has to be edited which eliminates the
benefit of the custom formatting used for printf() help messages.
Let's make things more consistent and use the same formatting for
printf() help messages that we use everywhere else.

Prompted by https://github.com/systemd/systemd/pull/18355#discussion_r567241580
2021-01-31 13:14:02 +09:00
Susant Sahani
a67f102e79 analyze: tighten variable scope used in loop 2021-01-20 15:13:24 +01:00
Zbigniew Jędrzejewski-Szmek
f1fb046a98
Merge pull request #18300 from yuwata/analyze-verify-18252
analyze: resolve executable path if it is relative
2021-01-19 08:41:15 +01:00
Yu Watanabe
e025c9dfe3 meson: move test or fuzzer definitions to relevant meson.build in subdirectories 2021-01-19 07:06:32 +09:00
Yu Watanabe
b9b442a0cc analyze: resolve executable path if it is relative
Fixes #18252.
2021-01-19 06:39:25 +09:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Lennart Poettering
a748b122be
analyze: show ungrouped syscalls separately (#17343)
This updates the "systemd-analyze syscall-filter" command to show a
special section of syscalls that are included in @known but in no other
group. Typically this should show syscalls we either should add to any
of the existing groups or where we unsure were they best fit in.

Right now, it mostly shows arch-specific compat syscalls, we probably
should move "@obsolete". This patch doesn't add thta however.
2020-10-14 10:31:59 +02:00
Frantisek Sumsal
d7a0f1f4f9 tree-wide: assorted coccinelle fixes 2020-10-09 15:02:23 +02:00
Zbigniew Jędrzejewski-Szmek
90e74a66e6 tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
Lennart Poettering
b2af819b22 analyze: add 'capability' verb for dumping all known and unknown caps 2020-08-28 18:52:48 +02:00
Lennart Poettering
0f849d0af9 analyze: fix error handling in one case 2020-08-28 18:14:53 +02:00
fangxiuning
05f7a0689e analyze: drop pointless zero initialization 2020-08-25 15:17:52 +08:00
fangxiuning
6f32f8e037 analyze-verify: drop pointless zero initialization 2020-08-25 15:10:15 +08:00
Lennart Poettering
ed125c936c analyze-security: check for ProtectProc=/ProcSubset= 2020-08-24 20:11:10 +02:00
Lennart Poettering
476cfe626d core: remove support for ConditionNull=
The concept is flawed, and mostly useless. Let's finally remove it.

It has been deprecated since 90a2ec10f2 (6
years ago) and we started to warn since
55dadc5c57 (1.5 years ago).

Let's get rid of it altogether.
2020-08-20 14:01:25 +02:00
Lennart Poettering
625a164069 analyze: rework condition testing
Let's drop the private table and just use the generic concepts we have
in place already that make the same information available.

Fixes: #16781
2020-08-20 13:47:45 +02:00
Zbigniew Jędrzejewski-Szmek
a9134af2e3 analyze-security: include an actual syscall name in the message
This information was already available in the debug output, but I think it
is good to include it in the message in the table. This makes it easier to wrap
one's head around the allowlist/denylist filtering.
2020-08-17 19:48:32 +02:00
Zbigniew Jędrzejewski-Szmek
01ecb3674a analyze-security: do not assign badness to filtered-out syscalls
Fixes #16451, https://bugzilla.redhat.com/show_bug.cgi?id=1856273.
2020-08-01 11:54:26 +02:00
fangxiuning
ddbab78f9a bus: use bus_log_connect_error to print error message 2020-07-21 10:02:01 +09:00
Anita Zhang
b5ef66101a analyze: CAP_RAWIO -> CAP_SYS_RAWIO
Fixes #16489
2020-07-16 21:14:59 +02:00
Lennart Poettering
08ef688656 analyze: make testing ConditionPathExistsGlob= work
Fixes: #16439
Alternative-To: #16440
2020-07-14 14:59:18 +02:00
Lennart Poettering
807542bece shared: split out code that maps properties to local structs
Just some refactoring, no code changes.
2020-06-30 15:09:35 +02:00
Lennart Poettering
9b71e4ab90 shared: actually move all BusLocator related calls to bus-locator.c 2020-06-30 15:09:19 +02:00
Lennart Poettering
6b000af4f2 tree-wide: avoid some loaded terms
https://tools.ietf.org/html/draft-knodel-terminology-02
https://lwn.net/Articles/823224/

This gets rid of most but not occasions of these loaded terms:

1. scsi_id and friends are something that is supposed to be removed from
   our tree (see #7594)

2. The test suite defines an API used by the ubuntu CI. We can remove
   this too later, but this needs to be done in sync with the ubuntu CI.

3. In some cases the terms are part of APIs we call or where we expose
   concepts the kernel names the way it names them. (In particular all
   remaining uses of the word "slave" in our codebase are like this,
   it's used by the POSIX PTY layer, by the network subsystem, the mount
   API and the block device subsystem). Getting rid of the term in these
   contexts would mean doing some major fixes of the kernel ABI first.

Regarding the replacements: when whitelist/blacklist is used as noun we
replace with with allow list/deny list, and when used as verb with
allow-list/deny-list.
2020-06-25 09:00:19 +02:00
Filipe Brandenburger
41d1f469cf log: introduce log_parse_environment_cli() and log_setup_cli()
Presently, CLI utilities such as systemctl will check whether they have a tty
attached or not to decide whether to parse /proc/cmdline or EFI variable
SystemdOptions looking for systemd.log_* entries.

But this check will be misleading if these tools are being launched by a
daemon, such as a monitoring daemon or automation service that runs in
background.

Make log handling of CLI tools uniform by never checking /proc/cmdline or EFI
variables to determine the logging level.

Furthermore, introduce a new log_setup_cli() shortcut to set up common options
used by most command-line utilities.
2020-06-24 16:49:26 +02:00
Zbigniew Jędrzejewski-Szmek
934ef6a522 core: create socket service instances with the correct name from the start
Upon an incoming connection for an accepting socket, we'd create a unit like
foo@0.service, then figure out that the instance name should be e.g. "0-41-0",
and then add the name foo@0-41-0.service to the unit. This obviously violates
the rule that any service needs to have a constance instance part.

So let's reverse the order: we first determine the instance name and then
create the unit with the correct name from the start.

There are two cases where we don't know the instance name:
- analyze-verify: we just do a quick check that the instance unit can be
  created. So let's use a bogus instance string.
- selinux: the code wants to load the service unit to extract the ExecStart path
  and query it for the selinux label. Do the same as above.

Note that in both cases it is possible that the real unit that is loaded could
be different than the one with the bogus instance value, for example if there
is a dropin for a specific instance name. We can't do much about this, since we
can't figure out the instance name in advance. The old code had the same
shortcoming.
2020-06-10 09:45:55 +02:00
Lennart Poettering
a0b191b705 condition: add ConditionEnvironment=
Prompted by the discussions in #15180.

This is a bit more complex than I hoped, since for PID 1 we need to pass
in the synethetic environment block in we generate on demand.
2020-05-15 16:05:33 +02:00
Lennart Poettering
7f19247b5e condition: add ConditionPathIsEncrypted=
It's easy to add, and should be pretty useful, in particular as in
AssertPathIsEncrypted= as it can be used for checking that
some path is encrypted before some service is invoked that might want to
place secure material there.
2020-05-15 15:50:09 +02:00
Vito Caputo
5e55340ad4
Merge pull request #15681 from vcaputo/buslocator
*: switch to BusLocator-oriented helpers
2020-05-07 09:46:01 -07:00
Vito Caputo
de770b6042 analyze: switch to BusLocator-oriented helpers
Mechanical substitution reducing some verbosity
2020-05-07 08:46:43 -07:00
Zbigniew Jędrzejewski-Szmek
be32732168 basic/set: let set_put_strdup() create the set with string hash ops
If we're using a set with _put_strdup(), most of the time we want to use
string hash ops on the set, and free the strings when done. This defines
the appropriate a new string_hash_ops_free structure to automatically free
the keys when removing the set, and makes set_put_strdup() and set_put_strdupv()
instantiate the set with those hash ops.

hashmap_put_strdup() was already doing something similar.

(It is OK to instantiate the set earlier, possibly with a different hash ops
structure. set_put_strdup() will then use the existing set. It is also OK
to call set_free_free() instead of set_free() on a set with
string_hash_ops_free, the effect is the same, we're just overriding the
override of the cleanup function.)

No functional change intended.
2020-05-06 16:54:06 +02:00
Giedrius Statkevičius
c90c597ee3 verify: ignore nonexistent executables if required
We provide a way via the '-' symbol to ignore errors when nonexistent
executable files are passed to Exec* parameters & so on. In such a case,
the flag `EXEC_COMMAND_IGNORE_FAILURE` is set and we go on happily with
our life if that happens. However, `systemd-analyze verify` complained
about missing executables even in such a case. In such a case it is not
an error for this to happen so check if the flag is set before checking
if the file is accessible and executable.

Add some small tests to check this condition.

Closes #15218.
2020-04-14 21:23:31 +02:00
Haochen Tong
47cc458e97 analyze: fix table time output 2020-03-09 14:58:25 +01:00
Alin Popa
ad5555b42e systemd: Fix busctl crash on aarch64 when setting output table format
The enum used for column names is integer type while table_set_display() is parsing
arguments on size_t alignment which may result in assert in table_set_display() if
the size between types missmatch. This patch cast the enums to size_t.
It also fixes all other occurences for table_set_display() and
table_set_sort().
2020-02-16 02:09:26 +09:00
Kevin Kuehler
9f37272a19 analyze: Add ProtectClock= to analyze-security 2020-01-26 12:44:47 -08:00
Wieland Hoffmann
287cf2d802 typo: "May modify to" -> "May modify" 2020-01-18 10:08:27 +01:00
Yu Watanabe
222a6aace7
Merge pull request #14547 from keszybz/networkctl-matching
networkctl: return error or warning when interfaces are not matched
2020-01-15 11:56:01 +09:00
Zbigniew Jędrzejewski-Szmek
191a3f1634 basic/strv: drop flags argument from strv_fnmatch() 2020-01-14 13:10:29 +01:00
Yu Watanabe
9c46b437fc analyze: optimize table creation by using table_add_many() 2020-01-10 18:28:09 +09:00