IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes a regression caused by ab3aed4a03.
I thought the commit does not cause any severe regression. However,
drivers for network interfaces may be loaded later. So, we should wait
if no network interface is found.
Fixes#27822.
Containers generally don't have permission to mknod() which is
required by test-udev so let's skip the test as well if we detect
we're running in a container.
Currently, ExcludeFiles= supports excluding directories on the host
from being copied. Let's extend this to also support preventing files
from being copied into specific directories in the partition by adding
a new option ExcludeFilesTarget=. An example where this is useful is
when setting up btrfs subvolumes in the top level that are intended to
be mounted into specific locations, so /usr would be stored in @usr,
/home in @home, .... To accomplish this, we need to copy /usr to @usr
and prevent any files from being copied into /usr in the partition,
which with this commit, we'd be able to do as follows:
```
[Partition]
CopyFiles=/usr:@usr
ExcludeFilesTarget=/usr
```
There is really no reason to go out of our way to create the config files as
the unprivileged user. And in the logs, the runas calls are quite verbose,
distracting from the interesting stuff. Also add .defs/.imgs/.root to the
temporary paths to make them easier to distinguish in the logs.
KERNEL_APPEND="systemd.unit=multi-user.target" is not very useful, because the
machine will still shut down as soon as the tests succeeds or fails. But
INTERACTIVE_DEBUG=1 works great, so let's simplify the instructions and
recommend that.
The gc_unit_queue is dispatched before the cgroup_empty_queue. Because
of this, when we enter in on_cgroup_empty_event, the unit in
cgroup_empty_queue may already have been freed and we don't clean up the
corresponding cgroup. With this change, we prevent the unit from being
garbage collected if it is in the cgroup_empty_queue.
When there is no matching entry stored in journal, then initial call of
`sd_journal_previous()` following `sd_journal_seek_tail()` returns
zero, and does not move the read pointer.
In the main loop, on every journal event, we call `sd_journal_next()`,
even though the current location is tail, and it takes no effect.
In such a case, we need to call `sd_journal_previous()` instead of
`sd_journal_next()`.
Temporarily revert the test case for #27167, as the additional
daemon-reexecs exacerbate #27287, making CIs fail quite often.
As the #27167 is also covered by TEST-01-BASIC itself, since we do
daemon-reexec there anyway, we shouldn't lose any coverage, but it
should make CIs more stable until #27287 is figured out.
Resolves (or more like works around): #27807
This reverts commit d689f70a2c.
Previously, dependency chain of JoinsNamespaceOf= did not work, e.g.
- a.service has JoinsNamespaceOf=b.service
- b.service has JoinsNamespaceOf=c.service
if, first c.service, next a.service, finally b.service is started,
then a.service is not joined to the namespace of c.service. And, as
mentioned in the document, the namespace used by b.service is not
deterministic.
This makes when searching exsiting namespace to be joined, all units in
the transitive dependency of JoinsNamespaceOf= are checked.
Previously, even if a.service has JoinsNamespaceOf=b.service, the
inverse direction of reference was not introduced.
Hence, a.service is started earlier than b.service, the namespace will
not shared with b.service.
Also, even if a.service had the reference to b.service, b.service did not.
If b.service is freed earlier, then unit_clear_dependencies() does not clear
the reference from a to b, and will cause use-after-free on unit_free() for
a.service.
Let's make JoinsNamespaceOf=b.service in a.service implies the inverse
dependency, i.e. JoinsNamespaceOf=a.service for b.service. Then, we can safely
free b.service.
We can't dereference the variant object directly, as it might be
a magic object (which has an address on a faulting page); use
json_variant_is_sensitive() instead that handles this case.
For example, with an empty array:
==1547789==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000023 (pc 0x7fd616ca9a18 bp 0x7ffcba1dc7c0 sp 0x7ffcba1dc6d0 T0)
==1547789==The signal is caused by a READ memory access.
==1547789==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
#0 0x7fd616ca9a18 in json_variant_strv ../src/shared/json.c:2190
#1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173
#2 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400
#3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428
#4 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400
#5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187
#6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23
#7 0x40691c in main ../src/fuzz/fuzz-main.c:50
#8 0x7fd61564a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
#9 0x7fd61564a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
#10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4)
DEDUP_TOKEN: json_variant_strv--oci_args--json_dispatch
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../src/shared/json.c:2190 in json_variant_strv
==1547789==ABORTING
Or with an empty string in an array:
../src/shared/json.c:2202:39: runtime error: member access within misaligned address 0x000000000007 for type 'struct JsonVariant', which requires 8 byte alignment
0x000000000007: note: pointer points here
<memory cannot be printed>
#0 0x7f35f4ca9bcf in json_variant_strv ../src/shared/json.c:2202
#1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173
#2 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400
#3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428
#4 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400
#5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187
#6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23
#7 0x40691c in main ../src/fuzz/fuzz-main.c:50
#8 0x7f35f364a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
#9 0x7f35f364a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
#10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/shared/json.c:2202:39 in
Note: this happens only if json_variant_copy() in json_variant_set_source() fails.
Found by Nallocfuzz.
Since bash has no namespaces, let's do the second best thing and prefix
all "internal" stuff with an underscore, to minimize the chance of a name
conflict in the future.
When udevadm verify is invoked by an analyzer tool like rpminspect
to verify individual udev rules files, the summary just clutters the
output, so provide an option to turn the summary off.
