1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 09:56:51 +03:00
Commit Graph

31814 Commits

Author SHA1 Message Date
Alan Jenkins
0970be500d
Merge pull request #7924 from sourcejedi/devpts-regression-fix
core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx
2018-01-18 19:04:12 +00:00
Alan Jenkins
225874dc9c core: clone_device_node(): add debug message
For people who use debug messages, maybe it is helpful to know that
PrivateDevices= failed due to mknod(), and which device node.

(The other (un-logged) failures could be while mounting filesystems e.g. no
CAP_SYS_ADMIN which is the common case, or missing /dev/shm or /dev/pts,
or missing /dev/ptmx).
2018-01-18 13:58:13 +00:00
Alan Jenkins
5a7f87a9e0 core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx
#7886 caused PrivateDevices= to silently fail-open.
https://github.com/systemd/systemd/pull/7886#issuecomment-358542849

Allow PrivateDevices= to succeed, in creating /dev/ptmx, even though
DeviceControl=closed applies.

No specific justification was given for blocking mknod of /dev/ptmx.  Only
that we didn't seem to need it, because we weren't creating it correctly as
a device node.
2018-01-18 12:10:20 +00:00
Zbigniew Jędrzejewski-Szmek
1aaadf859b
Merge pull request #7876 from titanous/oss-fuzz
Add initial fuzzing infrastructure
2018-01-18 12:41:13 +11:00
Jonathan Rudenberg
8b53eb4d47 fuzz: add docs on creating fuzzer targets to HACKING 2018-01-17 13:57:06 -05:00
Jonathan Rudenberg
31e57a35dc fuzz: allow building fuzzers outside of oss-fuzz
Add a new -Dllvm-fuzz=true option that can be used to build against
libFuzzer and update the oss-fuzz script to work outside of the
oss-fuzz build environment.
2018-01-17 13:57:06 -05:00
Jonathan Rudenberg
7d941c0635 fuzz: rebuild everything during each oss-fuzz build
This avoids failures while using the oss-fuzz local testing
infrastructure.
2018-01-17 13:57:06 -05:00
Jonathan Rudenberg
b4081f3ea2 fuzz: disable all deps when building with oss-fuzz
The fuzz targets are intended to be fast and only target systemd
code, so they don't need to call out to any dependencies. They also
shouldn't depend on shared libraries outside of libc, so we disable
every dependency when compiling against oss-fuzz. This also
simplifies the upstream build environment significantly.
2018-01-17 13:57:06 -05:00
Jonathan Rudenberg
7db7d5b733 fuzz: add initial fuzzing infrastructure
The fuzzers will be used by oss-fuzz to automatically and
continuously fuzz systemd.

This commit includes the build tooling necessary to build fuzz
targets, and a fuzzer for the DNS packet parser.
2018-01-17 13:57:06 -05:00
Lennart Poettering
52ffb3d2e9
Merge pull request #7903 from yuwata/fix-7863
network: create runtime sub-directories after drop_privileges()
2018-01-17 19:18:47 +01:00
Lennart Poettering
b79fe07243
Merge pull request #7910 from poettering/getcwd
some getcwd() fixes, and other path-util tweaks
2018-01-17 19:16:42 +01:00
Lennart Poettering
897c8395c7
Merge pull request #7911 from poettering/chase-symlinks-tweaks
chase_symlinks() tweaks
2018-01-17 19:15:49 +01:00
Shawn Landden
8a0f6d1f6b resolve: check for underflow of size parameter (#7889)
to dns_packet_read_memdup()

Closes #7888
2018-01-18 00:49:22 +11:00
Lennart Poettering
382a5078a6 fs-util: refuse taking a relative path to chase if "root" is specified and CHASE_PREFIX_ROOT is set
If we take a relative path we first make it absolute, based on the
current working directory. But if CHASE_PREFIX_ROOT is passe we are
supposed to make the path absolute taking the specified root path into
account, but that makes no sense if we talk about the current working
directory as that is relative to the host's root in any case. Hence,
let's refuse this politely.
2018-01-17 12:04:15 +01:00
Lennart Poettering
a49424af6a fs-util: extra chase_symlink() safety check on "path" parameter
It's not clear what an empty "path" is even supposed to mean, hence
refuse.
2018-01-17 12:04:15 +01:00
Lennart Poettering
b1bfb84804 fs-util: extra safety checks on chase_symlinks() root parameter
Let's handle root="" and root="/" safely.
2018-01-17 12:04:15 +01:00
Lennart Poettering
7aeeb313ad path-util: don't insert duplicate "/" in path_make_absolute_cwd()
When the working directory is "/" it's prettier not to insert a second
"/" in the path, even though it is technically correct.
2018-01-17 11:17:55 +01:00
Lennart Poettering
d72495759b tree-wide: port all code to use safe_getcwd() 2018-01-17 11:17:38 +01:00
Lennart Poettering
a2556d25ae path-util: introduce new safe_getcwd() wrapper
It's like get_current_dir_name() but protects us from
CVE-2018-1000001-style exploits:

https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
2018-01-17 11:16:31 +01:00
Lennart Poettering
cddd2ce106 path-util: don't add extra "/" when prefix already is suffixed by slash
No need to insert duplicate "/" if we can avoid it. This is particularly
relevant if the prefix passed in is the root directory.
2018-01-17 11:15:00 +01:00
Lennart Poettering
81cce8ded5 path-util: do something useful if the prefix is "" in path_make_absolute()
Do not insert a "/" if the prefix we shall use is empty. It's a corner
case we should probably take care of.
2018-01-17 11:14:28 +01:00
Yu Watanabe
5caf49360b efivars: include errno.h when EFI support is disabled (#7900)
Fixes #7898.
2018-01-17 20:25:42 +11:00
Alan Jenkins
e41090db89
Merge pull request #7886 from gdamjan/fix-ptmx
namespace: make /dev/ptmx a copy of the host not a symlink
2018-01-17 09:24:00 +00:00
Zbigniew Jędrzejewski-Szmek
4e4e3d9766
Merge pull request #7893 from poettering/parse-tweaks
parsing tweaks
2018-01-17 20:22:17 +11:00
Zbigniew Jędrzejewski-Szmek
9b1f89bcb1
Merge pull request #7902 from yuwata/fix-warning-by-clang
network: small fixes
2018-01-17 20:17:23 +11:00
Hans de Goede
66500345ec hwdb: 60-sensors: Add DMI strings for Trekstor Surftab 7.0 newer BIOS versions (#7904)
Some newer BIOS versions of the TrekStor SurfTab wintron 7.0 tablet use
different (better) DMI strings, update the existing 60-sensors.hwdb
entry for this tablet to also work with the newer BIOS.
2018-01-17 20:15:41 +11:00
Jerónimo Borque
252d847a2b hwdb: HP vendor name for ZBooks in 60-keyboard.hwdb (#7905)
Added new HP vendor name to support Zbook's mic mute key mapping
2018-01-17 20:15:00 +11:00
Zbigniew Jędrzejewski-Szmek
58eab88176
Merge pull request #7897 from yuwata/small-man-fixes
Several man fixes
2018-01-17 20:13:54 +11:00
Дамјан Георгиевски
414b304ba2 namespace: only make the symlink /dev/ptmx if it was already a symlink
…otherwise try to clone it as a device node

On most contemporary distros /dev/ptmx is a device node, and
/dev/pts/ptmx has 000 inaccessible permissions. In those cases
the symlink /dev/ptmx -> /dev/pts/ptmx breaks the pseudo tty support.

In that case we better clone the device node.

OTOH, in nspawn containers (and possibly others), /dev/pts/ptmx has
normal permissions, and /dev/ptmx is a symlink. In that case make the
same symlink.

fixes #7878
2018-01-17 01:19:46 +01:00
Дамјан Георгиевски
b5e99f23ed namespace: extract clone_device_node function from mount_private_dev 2018-01-16 21:41:10 +01:00
Yu Watanabe
0a02e38379 network: create runtime sub-directories after drop_privileges()
For old kernels not supporting AmbientCapabilities=, networkd is
started as root with limited capabilities. Then, networkd cannot
chown the directories under runtime directory as
CapabilityBoundingSet= does not contains enough capabilities.
This makes these directories are created after dropping privileges.
Thus, networkd does not need to chown them anymore.

Fixes #7863.
2018-01-17 03:35:28 +09:00
Yu Watanabe
d1c2774b6d timesync: do not fail when started as privileged user 2018-01-17 03:34:45 +09:00
Yu Watanabe
976fade6c1 dhcp6: fix warnings by clang with -Waddress-of-packed-member
This fixes the following warnings:
```
[194/1521] Compiling C object 'src/libsystemd-network/systemd-network@sta/dhcp6-option.c.o'.
../../git/systemd/src/libsystemd-network/dhcp6-option.c:110:25: warning: taking address of packed member 'id' of class or structure 'ia_na' may result in an unaligned pointer value [-Waddress-of-packed-member]
                iaid = &ia->ia_na.id;
                        ^~~~~~~~~~~~
../../git/systemd/src/libsystemd-network/dhcp6-option.c:115:25: warning: taking address of packed member 'id' of class or structure 'ia_ta' may result in an unaligned pointer value [-Waddress-of-packed-member]
                iaid = &ia->ia_ta.id;
                        ^~~~~~~~~~~~
2 warnings generated.
```
2018-01-17 01:53:03 +09:00
Yu Watanabe
b7d16a91d6 networkd: fix wrong argument check 2018-01-17 01:29:13 +09:00
Yu Watanabe
1291a04298 ipvlan: fix wrong assignment in ipvlan_init() 2018-01-17 01:28:09 +09:00
Yu Watanabe
c7612b2005 man: mention that systemctl is-active or is-failed do not load units
See the discussion in the issue #7875.
2018-01-16 23:25:56 +09:00
Yu Watanabe
47dbb99ad7 virt: add comment that we need to use sscanf()
Follow-up for 13e0f9fe83.
See PR #7890 and comment in PR #7581.
2018-01-16 23:00:39 +09:00
Yu Watanabe
fb76275a7a man: remove duplicated line
Follow-up for c46bc7e216.
2018-01-16 22:22:18 +09:00
Lennart Poettering
bac794f607 parse-util: detect overflows in parse_percent_unbounded()
We shouldn't accept percentages beyon INT32_MAX and consider them
valid.
2018-01-16 11:53:43 +01:00
Lennart Poettering
b5ffbc5579 parse-util: coding style fix
Let's not rely on C's downgrade-to-bool feature to check for NUL bytes
2018-01-16 11:53:43 +01:00
Lennart Poettering
e520e0fc2c locale-util: add freelocale() cleanup helper 2018-01-16 11:53:43 +01:00
Lennart Poettering
fc432c2314
Merge pull request #7885 from pfl/dhcp6_fixes
Minor fixes
2018-01-16 10:44:35 +01:00
John Lin
3c887f9733 man: fix broken kernel document links (#7892) 2018-01-16 18:29:35 +09:00
Olaf Hering
13e0f9fe83 Fix parsing of features in detect_vm_xen_dom0 (#7890)
Use sscanf instead of the built-in safe_atolu because the scanned string
lacks the leading "0x", it is generated with snprintf(b, "%08x", val).
As a result strtoull handles it as octal, and parsing fails.

The initial submission already used sscanf, then parsing was replaced by
safe_atolu without retesting the updated PR.

Fixes 575e6588d ("virt: use XENFEAT_dom0 to detect the hardware domain
(#6442, #6662) (#7581)")
2018-01-16 20:24:37 +11:00
Zbigniew Jędrzejewski-Szmek
4579e8ef31
Merge pull request #7540 from fbuihuu/systemd-delta-tweaks
Systemd delta tweaks
2018-01-16 20:22:25 +11:00
Shawn Landden
c46bc7e216 machined: use getent to get default shell for machinectl shell (#7684)
Closes: https://github.com/systemd/systemd/issues/1395
2018-01-16 05:17:51 +11:00
Patrik Flykt
ecf07fb748 sd-dhcp6-client: Use offsetof() instead of sizeof()
The slightly modified review comments say that "...in theory
offsetof(DHCP6Option, data) is nicer than sizeof(DHCP6Option)
because the former removes alignment artifacts. In this
specific case there are no alignment whitespaces hence it's
fine, but out of a matter of principle offsetof() is preferred
over sizeof() in cases like this..."
2018-01-15 18:00:33 +02:00
Patrik Flykt
3c03564911 dhcp6: Fix valgrind nitpick about returned test case value
Calling dhcp6_option_parse_address() will always return a value
< 0 on error even though lt_valid remains unset. This is more
than valgrind can safely detect, but let's fix the valgrind
nitpick anyway.

While fixing, use UINT32_MAX instead of ~0 on the same line.
2018-01-15 18:00:33 +02:00
Lennart Poettering
01816fee33
Merge pull request #7884 from yuwata/small-fixes
Small fixes
2018-01-15 16:40:41 +01:00
Дилян Палаузов
5f79d69cba man: fix typo
Closes #7866.
2018-01-16 00:10:12 +09:00