1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 16:59:03 +03:00
Commit Graph

32873 Commits

Author SHA1 Message Date
Mario Limonciello
17c40b3a8f sleep: Add support for setting a disk offset when hibernating
The Linux kernel is adding support for configuring the offset
into a disk.  This allows swapfiles to be more usable as users
will no longer need to set the offset on their kernel command
line.

Use this API in systemd when hibernating as well.

Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
2018-04-09 13:17:56 -05:00
Yu Watanabe
c75436067f tree-wide: remove unused variables (#8612) 2018-03-29 12:50:50 +02:00
Zbigniew Jędrzejewski-Szmek
3d5b4aaad3
Merge pull request #8606 from dell/rename-suspend-to-hibernate
Rename suspend-to-hibernate to suspend-then-hibernate
2018-03-29 12:30:18 +02:00
Yu Watanabe
984b9c8cfe
Merge pull request #8607 from poettering/trivialities2
tiny, trivial, unrelated fixes
2018-03-29 13:24:11 +09:00
Evgeny Vereshchagin
053edc5b04 tests: run udevadm settle after sfdisk (#8610)
This makes the script wait for the newly created partition to
show up before trying to put a filesystem on it, which should
prevent the tests from failing with the following error:
```
New situation:
Disklabel type: dos
Disk identifier: 0x3541a0ec

Device       Boot  Start    End Sectors  Size Id Type
/dev/loop6p1        2048 800767  798720  390M 83 Linux
/dev/loop6p2      800768 819199   18432    9M 83 Linux

The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
The file /dev/loop6p1 does not exist and no size was specified.
make: *** [setup] Error 1
F: Failed to mkfs -t ext4
Makefile:4: recipe for target 'setup' failed
```
2018-03-29 13:20:57 +09:00
Mario Limonciello
ca037d1e08 Fix description on suspend-then-hibernate units.
Suspend; Idle into hibernate didn't make sense.
2018-03-28 15:26:18 -05:00
Mario Limonciello
e68c79db91 Rename suspend-to-hibernate to suspend-then-hibernate
Per some discussion with Gnome folks, they would prefer this name
as it's more descriptive of what's happening.
2018-03-28 15:11:10 -05:00
Lennart Poettering
771b7ead84 machine-image,mount-setup: minor coding style fixes 2018-03-28 22:04:58 +02:00
Lennart Poettering
39e4f5bc7b man: remove spurious 'system' 2018-03-28 22:04:58 +02:00
Lennart Poettering
4c0e48f9d7 inhibit: make use of EXIT_SUCCESS where appropriate 2018-03-28 22:04:58 +02:00
Lennart Poettering
2901f4b31f util: check for overflows in xbsearch_r() 2018-03-28 22:04:58 +02:00
Lennart Poettering
cf852ff63b journald: make use of fd_get_path() where appropriate 2018-03-28 22:04:58 +02:00
Lennart Poettering
d9b50610e4 update TODO 2018-03-28 22:03:34 +02:00
Lennart Poettering
fda8a89046 CODING_STYLE: document why O_NONBLOCK makes sense when opening regular files, too 2018-03-28 22:03:34 +02:00
Christian Hesse
106f12a08f systemd-inhibit: ignore signal interrupt from keyboard (#8569)
By default both processes, systemd-inhibit and the forked one, receive
the signals. Pressing Ctrl+C on the keyboard results in SIGINT being
sent to the processes, followed by SIGTERM being sent to the forked
process when systemd-inhibit exits. This can cause trouble when the
forked process does not clean up properly but exit immediately.

Instead make systemd-inhibit ignore SIGINT, leaving it to the forked
process to clean up and exit.
2018-03-28 21:58:10 +02:00
Lennart Poettering
2d684e65aa doc: merge docs/ dir → doc/
It's weird having two subdirs for documentation, let's unify this in
one.
2018-03-28 09:38:30 -07:00
Zbigniew Jędrzejewski-Szmek
9d9dd746d4 systemctl: refuse to edit masked units (#8602)
Note: in check_triggering_units 'path' will be allocated twice. This is a
conscious choice, this way the implementation is simpler and not worth
optimizing.

Fixes #8519.
2018-03-28 17:25:04 +02:00
Yu Watanabe
a7e4861c74 bus-util: add flags for bus_map_all_properties() (#8546)
This adds flags BUS_MAP_STRDUP and BUS_MAP_BOOLEAN_AS_BOOL.
If BUS_MAP_STRDUP is set, then each "s" message is duplicated.
If BUS_MAP_BOOLEAN_AS_BOOL is set, then each "b" message is
written to a bool pointer.

Follow-up for #8488.
See https://github.com/systemd/systemd/pull/8488#discussion_r175816270.
2018-03-28 13:37:27 +02:00
Krzysztof Nowicki
6f7729c176 core: dont't remount /sys/fs/cgroup for relabel if not needed (#8595)
The initial fix for relabelling the cgroup filesystem for
SELinux delivered in commit 8739f23e3 was based on the assumption that
the cgroup filesystem is already populated once mount_setup() is
executed, which was true for my system. What I wasn't aware is that this
is the case only when another instance of systemd was running before
this one, which can happen if systemd is used in the initrd (for ex. by
dracut).

In case of a clean systemd start-up the cgroup filesystem is actually
being populated after mount_setup() and does not need relabelling as at
that moment the SELinux policy is already loaded. Since however the root
cgroup filesystem was remounted read-only in the meantime this operation
will now fail.

To fix this check for the filesystem mount flags before relabelling and
only remount ro->rw->ro if necessary and leave the filesystem read-write
otherwise.

Fixes #7901.
2018-03-28 13:36:33 +02:00
Lennart Poettering
54479bf407
Merge pull request #8140 from stuarthayes/new
udev: network device naming improvements (sr-iov, npar, slots)
2018-03-28 13:33:06 +02:00
Sebastian Reichel
4432b94135 backlight: use current brightness if no saved value to trigger clamping (#8526)
This reads current brightness value in case it has not yet been
saved. This results in the brightness properly being clamped.
2018-03-28 13:32:27 +02:00
Lennart Poettering
ce9aa31496
Merge pull request #8600 from keszybz/oss-fuzz-again
Fuzzing- and test-related fixes
2018-03-28 13:01:37 +02:00
Lauri Tirkkonen
8be17c9b13 nspawn: do not insist on locking read-only container on readonly fs (#8589) 2018-03-28 12:57:21 +02:00
Zbigniew Jędrzejewski-Szmek
ee9e629eea Fix compilation w/o smack (#8593) 2018-03-28 12:54:26 +02:00
Zbigniew Jędrzejewski-Szmek
bec8a68cee shared/specifier: use realloc to free some memory after specifier expansion
This is a separate commit only because it actually *increases* memory allocations:
==3256==   total heap usage: 100,120 allocs, 100,120 frees, 13,097,140 bytes allocated
to
==4690==   total heap usage: 100,121 allocs, 100,121 frees, 14,198,329 bytes allocated

Essentially, we do a little more work to reduce the memory footprint a bit. For a
test where we just allocate the memory and drop it soon afterwards, this is not
beneficial, but it should still be useful for a long running program.
2018-03-28 10:38:45 +02:00
Zbigniew Jędrzejewski-Szmek
e2093454a2 shared/specifier: be less extravagant with memory allocations
ubsan times out because we do too many allocations:

$ valgrind build/fuzz-unit-file test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6977-full
...
test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6977-full... ok
==1757==
==1757== HEAP SUMMARY:
==1757==     in use at exit: 0 bytes in 0 blocks
==1757==   total heap usage: 199,997 allocs, 199,997 frees, 90,045,318,585 bytes allocated

...
==3256==   total heap usage: 100,120 allocs, 100,120 frees, 13,097,140 bytes allocated

https://oss-fuzz.com/v2/issue/4651449704251392/6977 should now be really fixed.

e3c3d6761b was the first attempt, but even with this change, e3c3d6761b
still makes sense.
2018-03-28 10:38:45 +02:00
Zbigniew Jędrzejewski-Szmek
27fe58b77b core/main: preserve return value under valgrind 2018-03-28 10:38:45 +02:00
Filipe Brandenburger
2ef044ea1e core/socket: use chase_symlinks to find binary inside chroot when looking for SELinux label (#8591)
This is a follow up for this comment from @poettering:
https://github.com/systemd/systemd/pull/8405#discussion_r175719214

This updates PR #8405.

Tested manually using the same commands in
https://lists.freedesktop.org/archives/systemd-devel/2018-March/040478.html.
2018-03-28 09:00:42 +02:00
Evgeny Vereshchagin
1700f4f42c
Merge pull request #8576 from keszybz/oss-fuzz
oss-fuzz adjustments and other cleanups
2018-03-27 20:30:02 +03:00
Dimitri John Ledkov
e64c2d0b5f core: use setreuid/setregid trick to create session keyring with right ownership (#8447)
Re-use the hacks used to link user keyring, when creating the session
keyring. This way changing ownership of the keyring is not required, and thus
incovation_id can be correctly created in restricted environments.

Creating invocation_id with root permissions works and linking it into session
keyring works, as at that point session keyring is possessed.

Simple way to validate this is with following commands:

$ journalctl -f &
$ sudo systemd-run --uid 1000 /bin/sh -c 'keyctl describe @s; keyctl list @s; keyctl read `keyctl search @s user invocation_id`'

which now works in LXD containers as well as on the host.

Fixes: https://github.com/systemd/systemd/issues/7655
2018-03-27 12:58:10 +02:00
Lennart Poettering
96d4d0244b journal-file: we can't use a chain cache entry if we don't know where it starts (#8542)
It might happen that we try to bisect through a chain of offset arrays in the
journal whose last element was just allocated but no item yet written
to. In that case that array will be all NUL, but it might still end up
in our array chain cache. If it does, we cannot use it for bisection,
since for bisection we need to know the value of the first entry in that
array, but if it's uninitialized it does not have a first value. Hence,
as a simple fix, in this unlikely case, simply ignore the chain cache.

This is supposed to fix the issue pointed out in #8432, but in a more
permissive way, as this case isn't strictly a badly formatted journal
but actually a valid state (though one within a very short time window),
and we should make the best of it, and handle it gracefully.

Background: in each journal file entries are linked up in large arrays
of offsets. In each array the entries are strictly ordered by the
offsets of the entries, which permits search by bisection. These arrays
are allocated with a fixed size and then filled up as entries are added
to the journal file. If an array is fully filled up, a new array
(double in size as the old one) is appended to the journal file, and
linked up. This means, the journal file will contain a series of chained
up arrays, each time doubling in size, and strictly ordered. When
looking for an entry we maintain a "chain cache", which allows us to
bypass traversing the chain in full if we look for entries close to each
other in a short time. With the fix above we make sure we don't
erroneously use a chain cache item that doesn't carry enough information
for this bisection to work.

Original issue identified (with patch) by @Kxuan.

Replaces: #8432
2018-03-27 09:36:49 +02:00
Lennart Poettering
08c849815c label: rework label_fix() implementations (#8583)
This reworks the SELinux and SMACK label fixing calls in a number of
ways:

1. The two separate boolean arguments of these functions are converted
   into a flags type LabelFixFlags.

2. The operations are now implemented based on O_PATH. This should
   resolve TTOCTTOU races between determining the label for the file
   system object and applying it, as it it allows to pin the object
   while we are operating on it.

3. When changing a label fails we'll query the label previously set, and
   if matches what we want to set anyway we'll suppress the error.

Also, all calls to label_fix() are now (void)ified, when we ignore the
return values.

Fixes: #8566
2018-03-27 07:38:26 +02:00
Stuart Hayes
019cb3abf0 NEWS: Warn about predictable network naming changes 2018-03-26 14:00:43 -04:00
Stuart Hayes
6bc04997b6 udev: net_id: Improve predictable names for NPAR devices
NPAR is a technology that allows a single network interface to
be divided into number of partitions. The partitions show up
as functions on the same PCI device... when there are more than
8 functions, ARI (alternative routing-ID interpretation) is
used. With ARI is enabled, the 8 bit field that normally has 5
bits for the PCI device and 3 bits for the PCI function is instead
interpreted as (implicit) device 0, with 8 bits for the function
number.

Because the linux kernel exposes the PCI device/function numbers
to userspace the same regardless of whether ARI is enabled,
systemd predictable device naming can generate unpredictable
names in this case, because network names using the PCI slot use
the function number, but not the device number, causing systemd
to generate the same name for mulitple network devices (so some
will revert to the "ethX" names).

With this patch, device naming code checks if ARI is enabled for
a PCI network device, and uses the full 8-bit function number
for naming to avoid this situation. This should improve
readability and predictability of device names.

Here is an example of how this change would affect naming:

before patch  |  after patch
-----------------------------
ens2f0        |  ens2f0        NPAR partition 0 (in PCI slot 2)
ens2f1        |  ens2f1        NPAR partition 1
...
ens2f7        |  ens2f7        NPAR partition 7
eth1          |  ens2f8        NPAR partition 8
eth2          |  ens2f9        NPAR partition 9
2018-03-26 14:00:43 -04:00
Stuart Hayes
609948c704 udev: net_id: Improve predictable names for SR-IOV virtual devices
With PCI SR-IOV, a number of virtual network devices can be enabled,
all of which share the same physical network device.  Currently,
udev generates names for SR-IOV virtual functions as if they were
independent network devices.

With this change, the predictable network device naming code will
check if a network device is an SR-IOV virtual device, and will
generate a name based on the physical PCI device plus a "v%u"
suffix.  This should improve readability and predictability of
device names.

Here is an example of how this change would affect naming:

before patch  |  after patch
-----------------------------
eno1          |  eno1          onboard NIC, physical function
enp101s0f0    |  eno1v0        onboard NIC, SR-IOV virtual func 0
enp101s0f1    |  eno1v1        onboard NIC, SR-IOV virtual func 1
2018-03-26 14:00:43 -04:00
Stuart Hayes
9009d3b5c3 udev: net_id: search parent devices for PCI slot number
To generate predictable network device names, the code in
udev-builting-net_id.c tries to match the PCI device address
of the network device to the entries in /sys/bus/pci/slots.
However, sometimes the slot number is not associated the
network controller PCI device itself, but rather with one of
its parents.

This change will try to find a match in /sys/bus/pci/slots for
the parents of the PCI network device, if it doesn't find a
match for the device itself.
2018-03-26 13:57:12 -04:00
Zbigniew Jędrzejewski-Szmek
ffb3c2bd70
Merge pull request #8554 from poettering/chase-trail-slash
fs-util: add new CHASE_TRAIL_SLASH flag for chase_symlinks()
2018-03-26 18:00:08 +02:00
mourikwa
de7df3fe97 Fix for alphabetical ordering (#8581)
I read the addition of the purism laptop keyboard and noticed
that the 60-keyboard.hwdb file could/should have an alphabetical ordering.
I scratched that itch with this commit.
2018-03-26 17:50:35 +02:00
Michael Olbrich
227b8a762f core: don't include libmount.h in a header file (#8580)
linux/fs.h sys/mount.h, libmount.h and missing.h all include MS_*
definitions.

To avoid problems, only one of linux/fs.h, sys/mount.h and libmount.h
should be included. And missing.h must be included last.

Without this, building systemd may fail with:

In file included from [...]/libmount/libmount.h:31:0,
                 from ../systemd-238/src/core/manager.h:23,
                 from ../systemd-238/src/core/emergency-action.h:37,
                 from ../systemd-238/src/core/unit.h:34,
                 from ../systemd-238/src/core/dbus-timer.h:25,
                 from ../systemd-238/src/core/timer.c:26:
[...]/sys/mount.h:57:2: error: expected identifier before numeric constant
2018-03-26 17:34:53 +02:00
Lennart Poettering
12b6b3b7a4
Merge pull request #8562 from keszybz/docs
Man page and log message fixes
2018-03-26 15:34:39 +02:00
Zbigniew Jędrzejewski-Szmek
94ac201ac2 README: mention systemd-stable
Fixes #8564.

https://www.freedesktop.org/wiki/Software/systemd/Backports/ has already been
adjusted.
2018-03-26 15:28:03 +02:00
Zbigniew Jędrzejewski-Szmek
435ce146ac basic/strbuf: include empty strings in count
Not that it matters much, but it seems cleaner to also count those
inputs, even if they do not consume extra storage space.

The test is extended to include an empty input and counts in the test are
adjusted to include it.
2018-03-26 15:28:03 +02:00
Zbigniew Jędrzejewski-Szmek
2fb076ad43 basic/strbuf: use structured initalizers to shorten code 2018-03-26 15:28:03 +02:00
Zbigniew Jędrzejewski-Szmek
2e38df5349 journal: use structured initalizer 2018-03-26 15:28:03 +02:00
Zbigniew Jędrzejewski-Szmek
d6c5d19b66 tree-wide: add bsearch_safe and use where appropriate
Should fix #8557.
2018-03-26 15:28:03 +02:00
Zbigniew Jędrzejewski-Szmek
989290dbf1 fuzz-unit-file: add __has_feature(memory_sanitizer) when skipping ListenNetlink=
https://clang.llvm.org/docs/MemorySanitizer.html#id5 documents this
check as the way to detect MemorySanitizer at compilation time. We
only need to skip the test if MemorySanitizer is used.

Also, use this condition in cg_slice_to_path(). There, the code that is
conditionalized is not harmful in any way (it's just unnecessary), so remove
the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION condition.

Fixes #8482.
2018-03-26 15:28:03 +02:00
Zbigniew Jędrzejewski-Szmek
ea7a9e9e2a
Merge pull request #8578 from yuwata/resolve-tool-cleanup
resolve-tool: small cleanups
2018-03-26 14:54:30 +02:00
Zbigniew Jędrzejewski-Szmek
483ed8a6a0 fuzz-unit-file: adjust check for ListenNetlink yet again
The test for ListenNetlink would abort the loop if a line longer then LINE_MAX
was encountered (read_line() returns -ENOBUFS in that case). Let's use the
the line length limit that the unit file parses uses.

https://oss-fuzz.com/v2/issue/5546208027213824/7094.
2018-03-26 10:42:19 +02:00
Yu Watanabe
79b20ad8e2 resolve: always shows global settings 2018-03-25 18:57:19 +09:00
Zbigniew Jędrzejewski-Szmek
5ce6e7f525 core/service: rework the hold-off time over message
"hold-off" is apparently confusing, because we also have HoldoffTimeoutSec=.
Let's use RestartSec= directly in the message.

Fixes #5472.
2018-03-24 14:22:42 +01:00