1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00
Commit Graph

55920 Commits

Author SHA1 Message Date
Luca Boccassi
e3f7ed944a portable: add flag to return extension-releases in GetImageMetadataWithExtensions
Return the name of each extension and the associated extension-release
file, and pretty-print them in 'portablectl inspect', if a new flag
is passed.

$ portablectl inspect --extension app2 --extension app0  minimal app0 app1
(Matching unit files with prefixes 'app0', 'app1'.)
Image:
        /run/portables/minimal.raw
Portable Service:
        n/a
Operating System:
        Debian GNU/Linux 10 (buster)
Extension:
        /run/portables/app2.raw
        Extension Scope:
                n/a
        Extension Compatibility Level:
                n/a
        Portable Service:
                n/a
        Portable Prefixes:
                n/a
        Operating System:
                n/a (debian 10)
Extension:
        /run/portables/app0.raw
        Extension Scope:
                n/a
        Extension Compatibility Level:
                n/a
        Portable Service:
                n/a
        Portable Prefixes:
                n/a
        Operating System:
                n/a (debian 10)
Unit files:
        app0.service
2022-01-25 22:22:47 +00:00
Ludwig Nussel
48f3bc5cc4 test: add shutdown test
Wraps nspawn to be able to use pexpect. The test logs in on the console
and runs screen. In one screen window it types in shutdown commands and
checks whether a wall message was sent to the other.
2022-01-25 17:43:13 +01:00
Ludwig Nussel
38d55bf264 systemctl: shutdown don't fallback on auth fail
For shutdowns don't fall back to starting the target directly if talking
to logind failed with auth failure. That would just lead to another
polkit auth attempt.
2022-01-25 17:43:13 +01:00
Ludwig Nussel
5ed73478e1 logind: refactor
Avoid hardcoded strings and string compares related to shutdown actions.
Instead put everything into a common structure. Reuse existing
HandleAction as index since it's already exposed as property for the
button handlers.
2022-01-25 17:43:10 +01:00
Ludwig Nussel
ec14fba91c logind: require polkit auth for cancelling shutdowns 2022-01-25 14:56:55 +01:00
Ludwig Nussel
030f37c408 logind: fix wall messages for direct shutdown calls
The wall mechanism uses the scheduled_shutdown_type to determine what
message to send so it needs to be filled in also for the cases that call
for shutdown without schedule.

It's really a hackish way. The overall code needs refacturing.
2022-01-25 14:56:52 +01:00
Ludwig Nussel
cdf370626f logind: enable wall messages by default
Something calling directly into the dbus interface to request a
shutdown may not bother turning wall messages on explicitly.

This has the convenient side effect that no separate polkit auth is
required to turn on wall messages. Was annoying as having a wall
message is the default behavior of the commandline tools. Now it's
the other way around ie eg systemctl reboot --no-wall requires auth
to explicitly turn off the wall message.
2022-01-25 14:52:14 +01:00
Ludwig Nussel
adefc8789b systemctl: simplify halt_main()
The code at this point is not able to tell whether it was called as
halt/poweroff/reboot or shutdown with time "now".
The code also takes a shortcut to skip logind if called as root.
That however means asking shutdown for immediate action won't trigger a
wall message.
As per https://github.com/systemd/systemd/issues/8424#issuecomment-374677315
all commands should trigger a wall message.
That simplifies the code as we can try logind first always.
2022-01-25 14:52:09 +01:00
Ludwig Nussel
90b1ec03b2 logind: fix wall message for immediate shutdowns
An elapse time of zero means NOW which should trigger a wall
message.
2022-01-25 14:46:37 +01:00
Luca Boccassi
0017415cc5 portable: add GetImageStateWithExtensions method
Allow to correctly query a layered portable service for
attached/detached state.
2022-01-25 06:44:27 +09:00
Yu Watanabe
9697662915 hostname: expose hardware serial through dbus
Closes #22119.
2022-01-24 21:09:37 +00:00
Yu Watanabe
f338a496e4 NEWS: update 2022-01-25 03:03:09 +09:00
Yu Watanabe
1d2842d1e6 NEWS: mention about the regression in WireGuard 2022-01-25 02:56:20 +09:00
Yu Watanabe
0850fb78af
Merge pull request #22236 from yuwata/fuzz-dhcp-server
fuzz-dhcp-server: three fixes or improvements
2022-01-25 02:19:22 +09:00
Yu Watanabe
bf2a8b7b13 fuzz-dhcp-server: attach sd_event to make dhcp_server_cleanup_expired_leases() works in the fuzzer
Otherwise, most code paths in dhcp_server_handle_message() are not
evaluated by the fuzzer.
2022-01-25 00:05:02 +09:00
march1993
11cc2a5602 Update systemd.netdev.xml
Mind users to avoid use name gre0, gretap0 and erspan0 for GRE tunnels.
2022-01-24 14:58:14 +00:00
Zbigniew Jędrzejewski-Szmek
4a00b45fa6 user-runtime-dir: error out immediately if mkdir fails
We try to create two directories: /run/user and /run/user/<UID>. For the
first we check the return value and error out if creation fails. But for
the second one we continued based on the assumption that the subsequent
mount will immediately fail anyway. But this has the disadvantage that we
get a somewhat confusing error message:

janv. 23 22:04:31 nsfw systemd-user-runtime-dir[1660]: Failed to mount per-user tmpfs directory /run/user/1000: No such file or directory

Let's instead fail immediately with a precise error message.

For https://bugzilla.redhat.com/show_bug.cgi?id=2044100.
2022-01-24 13:06:45 +00:00
Luca Boccassi
cb94b8acc5
Merge pull request #22203 from brauner/2022-01-21.procsubset.pid
core/namespace: allow using ProtectSubset=pid and ProtectHostname=tru…
2022-01-24 13:04:23 +00:00
Luca Boccassi
aa3160b967
Merge pull request #22231 from yuwata/resolve-synthesize
resolve: synthesize several filtered name
2022-01-24 12:11:29 +00:00
Yu Watanabe
0590f1b58c fuzz-dhcp-server: duplicate input data
As `dhcp_server_handle_message()` -> `ensure_sane_request()` may modify
the input data, and that causes error in some fuzzing engine.
2022-01-24 19:37:37 +09:00
Yu Watanabe
c3da2e4732 fuzz-dhcp-server: also set new lease elements correctly
The fuzzer does not send anything to the address, so it should be not
necessary, but just for safety.
2022-01-24 19:28:21 +09:00
Christian Brauner
fbf90c0d5c
core/namespace: s/normalize_mounts()/drop_unused_mounts()
Rename the normalize_mounts() helper to drop_unused_mounts. All the
helpers called in there get rid of mounts that are unused for a variety
of reasons. And whereas the helpers are aptly prefixed with "drop" the
overall helper isn't and instead uses "normalize".

Make it more obvious what the helper actually does by renaming it from
normalize_mounts() to drop_unused_mounts(). Readers of code calling this
helper will immediately see that it will get rid of unused mounts.

Link: https://github.com/systemd/systemd/issues/22206
2022-01-24 10:22:47 +01:00
Christian Brauner
1361f01577
core/namespace: allow using ProtectSubset=pid and ProtectHostname=true together
If a service requests both ProtectSubset=pid and ProtectHostname=true
then it will currently fail to start. The ProcSubset=pid option
instructs systemd to mount procfs for the service with subset=pid which
hides all entries other than /proc/<pid>. Consequently trying to
interact with the two files /proc/sys/kernel/{hostname,domainname}
covered by ProtectHostname=true will fail.

Fix this by only performing this check when ProtectSubset=pid is not
requested. Essentially ProtectSubset=pid implies/provides
ProtectHostname=true.
2022-01-24 09:41:28 +01:00
dependabot[bot]
da9be066cb build(deps): bump github/codeql-action from 1.0.27 to 1.0.29
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.27 to 1.0.29.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](cd783c8a29...384cfc42b2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-24 11:18:48 +03:00
Yu Watanabe
766527e8ae
Merge pull request #22226 from yuwata/hostname-allow-to-override-hardware-vendor-and-model
hostname: allow to override hardware vendor and model
2022-01-24 06:55:29 +09:00
Yu Watanabe
a6ba7d58f2
Merge pull request #22227 from yuwata/dhcp-server-fix-heap-buffer-overflow
sd-dhcp-server: fix heap buffer overflow
2022-01-24 06:55:02 +09:00
Frantisek Sumsal
ab9760b846 github: point to "tags" instead of "releases" in systemd-stable
since we don't do releases there.

Mentioned in https://github.com/systemd/systemd/issues/22230#issue-1111991271.
2022-01-24 06:53:43 +09:00
Yu Watanabe
46b53e8035 resolve: synthesize null address, IPv4 broadcast address, or invalid domain
These are filtered in `dns_scope_good_domain()`, but not synthesized.

Fixes #22229.
2022-01-24 06:46:50 +09:00
Yu Watanabe
3b2ac14ac4 resolve: synthesize empty name
Do not return any error for empty name. Just returns empty answer.

Before:
---
$ dig .

; <<>> DiG 9.16.24-RH <<>> .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;.				IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jan 24 05:49:30 JST 2022
;; MSG SIZE  rcvd: 28
---

After:
---
$ dig .

; <<>> DiG 9.16.24-RH <<>> .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7957
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;.				IN	A

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jan 24 06:05:02 JST 2022
;; MSG SIZE  rcvd: 28
---

Replaces #22197.

Fixes RHBZ#2039854 (https://bugzilla.redhat.com/show_bug.cgi?id=2039854).
2022-01-24 06:45:37 +09:00
Yu Watanabe
7bdf419830 dns-domain: re-introduce dns_name_is_empty() 2022-01-24 06:06:59 +09:00
Yu Watanabe
7c0601102a Revert "resolve: refuse to resolve empty hostname"
This reverts commit 6e8ecb8974.
2022-01-24 05:51:47 +09:00
Yu Watanabe
a596631808 fuzz: add testcases of heap-buffer-overflow for sd-dhcp-server 2022-01-24 04:52:33 +09:00
Yu Watanabe
ab4f9eeb7b sd-dhcp-server: fix heap buffer overflow
This checks client hardware length earlier.
2022-01-24 04:49:33 +09:00
Yu Watanabe
b87209f933
Merge pull request #22222 from yuwata/dhcp-server-support-non-ethernet-packet
dhcp-server: support packets from non-Ethernet interfaces
2022-01-24 04:19:26 +09:00
Yu Watanabe
54d95d02e3 sd-dhcp-server: support packet from non-Ethernet interface
Fixes #22217.
2022-01-24 04:18:20 +09:00
Yu Watanabe
97fa338dce sd-dhcp-client,sd-dhcp-client-server: set chaddr in dhcp_message_init()
And also set chaddr and hlen for packets on non-Ethernet interfaces,
except for InfiniBand.
2022-01-24 04:18:20 +09:00
Yu Watanabe
a6508f37c9 sd-dhcp-client: fix RFC number 2022-01-24 04:18:20 +09:00
Yu Watanabe
2cb66bbdfb sd-dhcp-server: change the type of the client ID data 2022-01-24 04:18:20 +09:00
Yu Watanabe
255d493324 sd-dhcp-server: use free_and_replace() at one more place 2022-01-24 04:18:20 +09:00
Yu Watanabe
4f9dcf3dc5 sd-dhcp-server: shorten code a bit 2022-01-24 04:18:20 +09:00
Yu Watanabe
f4759ae051 sd-dhcp-server: drop unnecessary buffer duplication
The block try to find and remove the existing static lease which matches
the provided client ID, and the provided client ID will not be stored
anywhere. Hence, it is not necessary to duplicate it.
2022-01-24 04:16:41 +09:00
Yu Watanabe
bb995f747a
Merge pull request #21908 from yonran/environmentfile-docs
man: clarify Environmentfile format
2022-01-24 00:22:50 +09:00
Luca Boccassi
2ef2024462 portable: add support for ExtensionDirectories in --extension
Same as for the root os image, support passing a directory, using
the new ExtensionDirectories setting.
2022-01-24 00:21:15 +09:00
Zbigniew Jędrzejewski-Szmek
e9e982a29d test-env-file: add tests for quoting in env files 2022-01-23 14:40:28 +09:00
Zbigniew Jędrzejewski-Szmek
398a500916 core/execute: use _cleanup_ in exec_context_load_environment()
Also rename variables.
2022-01-23 14:39:46 +09:00
Zbigniew Jędrzejewski-Szmek
3ef86964ed test-load-fragment: add a basic test for config_parse_unit_env_file() 2022-01-23 14:37:07 +09:00
Yonathan Randolph
4bbcde8498 man: clarify Environmentfile format
Remove incorrect claim that C escapes (such as \t and \n) are recognized and that control characters are disallowed. Specify the allowed characters and escapes with single quotes, with double quotes, and without quotes.
2022-01-23 14:37:07 +09:00
ash
de4fe289cf man: note more clearly that $SYSTEMD_PAGER requires $SYSTEMD_PAGERSECURE 2022-01-23 13:29:28 +09:00
Thomas Haller
2091c77931 sd-event: workaround maybe-uninitalized warning in sd_event_add_inotify()
With LTO, the compiler might think that the variable is uninitialized
(from NetworkManager's fork, with gcc-11.2.1-1.fc35):

    src/libnm-systemd-core/src/libsystemd/sd-event/sd-event.c: In function 'sd_event_add_inotify':
    src/libnm-systemd-core/src/libsystemd/sd-event/sd-event.c:2120: error: 's' may be used uninitialized in this function [-Werror=maybe-uninitialized]
     2120 |                 *ret = s;
          |
    src/libnm-systemd-core/src/libsystemd/sd-event/sd-event.c:2102: note: 's' was declared here
     2102 |         sd_event_source *s;
          |
    lto1: all warnings being treated as errors

In particular, that would happen for codepaths where event_add_inotify_fd_internal()
returns `-errno`, and the compiler cannot be sure that the returned value will
be negative. Technically, the compiler is right, but we rely on libc functions
to set errno correctly, so this only happens in code paths, where something
bad already happend.

While LTO is prone to such false warnings, we are largely able to build systemd
without warnings. So it is feasible and we should make the effort of working
around warnings as they appear.
2022-01-23 13:10:31 +09:00
Yu Watanabe
da60d91c99 rule: fallback to use board information if product information is not set 2022-01-23 13:04:37 +09:00