1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 16:59:03 +03:00
Commit Graph

39452 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
2818ddc8f4
Merge pull request #12133 from poettering/rseq-whitelist
whitelist rseq() system call in `@default` syscall group
2019-03-29 14:59:00 +01:00
Lennart Poettering
196f306795 analyze: check both possible mount points of tracefs
Let's try the new one first, the old one second.
2019-03-29 14:57:37 +01:00
Lennart Poettering
bd169c2be0 fsck: copy out device argument from argv[] before forking
We nowadays rename our child processes, hence argv[] will be clobbered,
let's hence copy the device path to dynamic memory before forking.

This is fall-out from 60ffa37a65 since we
now a lot more often end up overriding the argv[] buffer than before,
simple because we know what to override.

These kind of bugs kinda suck. THere are only two options here: stop
overriding argv[] for all cases (or just these cases) or explicitly
copying out everything we need in child processes before forking. With
this patch I opt for the latter, though I am not 100% convinced this is
a great solution. Just a better solution than everything else, i.e.
allowing argv[] to remain out of sync with what others see.

Fixes: #12135
2019-03-29 08:18:25 +01:00
Jörg Thalheim
7232c1f9da wireguard: fix exponential backoff when resolving hosts
It should stop at 25s, not start.
Fixes #12134
2019-03-28 20:00:19 +01:00
Zbigniew Jędrzejewski-Szmek
f2dc22b447 headers: add missing includes
Fixes #12125.
2019-03-28 19:59:56 +01:00
Lennart Poettering
b8a736d7a0 sd-bus: change "int" → "signed int" on bitfield
Apparently by the C standard "int" bitfields can have any signedness
(unlike non-bitfield declarations which are "signed" if the signedness
is not specified).

Let's fix the LGTM warning about this hence and be explicit that we mean
"signed" here.
2019-03-28 19:07:51 +01:00
Lennart Poettering
d629ba7045 tmpfiles: move full chattr flag set to chattr-util.h
It's a pretty generic concept and fits will there, hence let's move it.
2019-03-28 18:43:05 +01:00
Lennart Poettering
70d8401d74 update NEWS 2019-03-28 18:43:04 +01:00
Lennart Poettering
e19ba205ab update TODO 2019-03-28 18:43:04 +01:00
Lennart Poettering
75006470ce tmpfiles: support the FS_PROJINHERIT_FL chattr flag 2019-03-28 18:43:04 +01:00
Lennart Poettering
8a016c746e util-lib: when copying files make sure to apply some chattrs early, some late
Some chattrs only work sensible if you set them right after opening a
file for create (think: FS_NOCOW_FL). Others only work when they are
applied when the file is fully written (think: FS_IMMUTABLE_FL). Let's
take that into account when copying files and applying a chattr to them.
2019-03-28 18:43:04 +01:00
Lennart Poettering
c3272fd4df missing: add FS_PROJINHERIT_FL
It's available since kernel 4.5, but not in older kernels.
2019-03-28 18:43:04 +01:00
Lennart Poettering
da3d198563 update TODO 2019-03-28 17:00:46 +01:00
Lennart Poettering
4a66b5c9bf core: complain and correct /var/run/ → /run/ for listening sockets
We already do that for PIDFile= paths, and for tmpfiles.d/ snippets,
let's also do this for .socket paths.
2019-03-28 16:59:57 +01:00
Lennart Poettering
7d2c9c6b50 load-fragment: use TAKE_PTR() where we can 2019-03-28 16:46:27 +01:00
Michal Sekletar
48da47eeca cryptsetup-generator: set high OOM score for systemd-cryptsetup instances
With new LUKS2 header format it is possible to use Argon2 key derivation
function. This function is "memory-hard" hence keyslot unlocking can
potentially use a lot of RAM as this increases resistance to massively
parallel GPU based password cracking.

However, when multiple systemd-cryptsetup binaries run at the same
time it is very likely that system using Argon2 (e.g. Fedora 30)
will encounter memory-pressure during early boot, following OOM killing
spree.

This patch aims to lower the damage done by OOM killer and sets OOMScore
for systemd-cryptsetup units to 500. Hopefully OOM killer will then
shoot us down and leave rest of the system services alone.
2019-03-28 15:52:41 +01:00
Lennart Poettering
e8413b651b
Merge pull request #12130 from keszybz/fix-ndebug-builds
Fix ndebug builds
2019-03-28 15:52:27 +01:00
Lennart Poettering
d84520e9d9 update TODO 2019-03-28 12:09:38 +01:00
Lennart Poettering
6fee3be0b4 seccomp: add rseq() to default list of syscalls to whitelist
Apparently glibc is going to call this implicitly soon, hence let's
whitelist this by default.

Fixes: #12127
2019-03-28 12:09:38 +01:00
Lennart Poettering
acd142af79 core: break overly long line 2019-03-28 12:09:38 +01:00
Lennart Poettering
2f6b9110fc core: parse '@default' seccomp group permissively
We are about to add system calls (rseq()) not available on old
libseccomp/old kernels, and hence we need to be permissive when parsing
our definitions.
2019-03-28 12:09:38 +01:00
Zbigniew Jędrzejewski-Szmek
c6335c3b51
Merge pull request #12115 from poettering/verbose-job-enqueue
add "systemctl --show-transaction start" as a more verbose "systemctl start" that shows enqueued jobs
2019-03-28 11:04:26 +01:00
Zbigniew Jędrzejewski-Szmek
a73f621384 meson: disable warnings about unused variables for NDEBUG builds
With assertions disabled, we'd get a bunch of warnings that really bring no
value. With this change, a default meson build with -Db_ndebug=true generates
no warnings.
2019-03-28 09:45:19 +01:00
Zbigniew Jędrzejewski-Szmek
ee36fed438 core: avoid unnecessary cast 2019-03-28 09:45:19 +01:00
Zbigniew Jędrzejewski-Szmek
3b1e405f36 test-terminal-util: fix sigsegv when compiled without asserts
I couldn't figure out what is going on here, because LTO inlines everything and
then the backtrace reported a different spot. But when compiled with NDEBUG but
no LTO, it's fairly obvious ;)

C.f. #12008.
2019-03-28 09:45:19 +01:00
Zbigniew Jędrzejewski-Szmek
10c353e1c5 Remove variable only used for an assert
When compiled with -DNDEBUG, we get warnings about set-but-unused variables.
In general, it's not something we care about, but since removing those
variables arguably makes the code nicer, let's just to it in this case.
2019-03-28 09:03:06 +01:00
Zbigniew Jędrzejewski-Szmek
4e494d17db test-terminal-util: add function logging 2019-03-28 09:03:06 +01:00
Lennart Poettering
0a6991e0bb tree-wide: reorder various structures to make them smaller and use fewer cache lines
Some "pahole" spelunking.
2019-03-27 18:11:11 +01:00
Lennart Poettering
6990fb6bc6 tree-wide: (void)ify a few unlink() and rmdir()
Let's be helpful to static analyzers which care about whether we
knowingly ignore return values. We do in these cases, since they are
usually part of error paths.
2019-03-27 18:09:56 +01:00
Lennart Poettering
36dbf97170
Merge pull request #12119 from keszybz/voidify-mkdir-p
Voidify mkdir_p() and normalize util.h includes
2019-03-27 15:05:51 +01:00
Lennart Poettering
93ba507d66
Merge pull request #12113 from poettering/terminal-util-fixlets
tiny terminal-util.c fixlets
2019-03-27 14:15:59 +01:00
Zbigniew Jędrzejewski-Szmek
65aeb9d4ab man: clarify the role of OnBootSec= in containers
https://github.com/systemd/systemd/pull/12104#pullrequestreview-218627236
2019-03-27 14:03:37 +01:00
Zbigniew Jędrzejewski-Szmek
330b8fb379 journalctl: voidify mkdir_p() call and unify two similar code paths
Let's unify the two similar code paths to watch /run/systemd/journal.
The code in manager.c is similar, but it uses mkdir_p_label(), and unifying
that would be too much trouble, so let's just adjust the error messages to
be the same.

CID #1400224.
2019-03-27 13:01:44 +01:00
Lennart Poettering
1fd4c4edce terminal-util: add paranoid overflow check 2019-03-27 12:43:34 +01:00
Lennart Poettering
f171decd3f terminal-util: modernize things with TAKE_PTR a bit 2019-03-27 12:43:34 +01:00
Lennart Poettering
df4a7cb732 man: document the new systemctl --show-transaction option 2019-03-27 12:37:37 +01:00
Lennart Poettering
f087c7e072 test: add some basic testing that "systemctl start -T" does something 2019-03-27 12:37:37 +01:00
Lennart Poettering
85d9b5981b systemctl: add new --show-transaction switch
This new switch uses the new method call EnqueueUnitJob() for enqueuing
a job and showing the jobs it enqueued.

Fixes: #2297
2019-03-27 12:37:37 +01:00
Lennart Poettering
94369fc066 systemctl: split out extra args generation into helper function of its own 2019-03-27 12:37:37 +01:00
Lennart Poettering
5fd77930ad systemctl: reindent table 2019-03-27 12:37:37 +01:00
Lennart Poettering
ee4296496f systemctl: more SYNTHETIC_ERRNO() conversion 2019-03-27 12:37:37 +01:00
Lennart Poettering
c45e5fb877 systemctl: replace switch statement by table of structures 2019-03-27 12:37:37 +01:00
Lennart Poettering
50cbaba4fe core: add new API for enqueing a job with returning the transaction data 2019-03-27 12:37:37 +01:00
Zbigniew Jędrzejewski-Szmek
6e5dcce4b1 Voidify more mkdir_p calls 2019-03-27 11:53:12 +01:00
Zbigniew Jędrzejewski-Szmek
ca78ad1de9 headers: remove unneeded includes from util.h
This means we need to include many more headers in various files that simply
included util.h before, but it seems cleaner to do it this way.
2019-03-27 11:53:12 +01:00
Zbigniew Jędrzejewski-Szmek
b45556375e test-fileio: do not use variable before checking return value
Coverity is unhappy because we use "line" in the assert that checks
the return value. It doesn't matter much, but let's clean this up.
Also, let's not assume that /proc/cmdline contains anything.

CID #1400219.
2019-03-27 11:52:54 +01:00
Lennart Poettering
49bd196d69
Merge pull request #12110 from keszybz/sysv-compat-fix
Sysv-compat compilation fix
2019-03-27 09:29:13 +01:00
Lennart Poettering
175b43cb8e
Merge pull request #12116 from keszybz/mock-compilation-fixes
Fixes for compilation in Fedora 30 mock
2019-03-27 09:27:20 +01:00
Zbigniew Jędrzejewski-Szmek
10fd1d46fc shared/install: try even harder to make sure variable is initalized
Apparently the fix in a05294ff05 was
not sufficient. Let's declare the two arrays as static variables.
2019-03-26 19:58:17 +01:00
Zbigniew Jędrzejewski-Szmek
a1917c55c3
Merge pull request #12109 from poettering/sleep-minifixes
tiny fixes to sleep.c
2019-03-26 19:26:11 +01:00