shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-13 17:18:18 +03:00
Code
70,759 Commits 4 Branches 400 Tags 552 MiB
54c3546188
Commit Graph

70759 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Yuan
54c3546188
TEST-54-CREDS: add test for ExecStartPost= (#31194) 2024-02-07 00:43:32 +08:00
Mike Yuan
0f781376c0
core/exec-credential: use FOREACH_ARRAY at one more place 2024-02-07 00:43:32 +08:00
Mike Yuan
3a0f6c217d
core/exec-credential: add missing assertions 2024-02-07 00:43:32 +08:00
Yu Watanabe
6f412c00cf wait-online: by default not all interface need to be online 
Fixes an issue caused by ab3aed4a03 (v253).

By default, all managed interface need to be configured, and at least
one interface need to be online. Hence, offline interface should be ignored.

Fixes #29506.
 2024-02-06 12:45:37 +00:00
Felix Riemann
0119370cbb cryptenroll: Fix reading keyfile from socket 
systemd-cryptenroll uses the READ_FULL_FILE_CONNECT_SOCKET flag when
reading the keyfile to also allow reading it from a socket. But it also
sets the offset to 0, causing an unnecessary seek to the beginning of
the newly opened keyfile and disables socket support again, as these do
not support seeking.

Disable seeking entirely to remove the unneeded seek and restore support
for reading the keyfile from a socket again as with systemd-cryptsetup.
 2024-02-06 12:44:42 +00:00
Luca Boccassi
d50f58d641
Merge pull request #31210 from poettering/chdir-hardening 
WorkingDirectory= hardening
 2024-02-06 12:41:43 +00:00
Luca Boccassi
33d7fedca9
Merge pull request #31205 from YHNdnzj/path-is-mount-point 
mountpoint-util: expose root and flags as path_is_mount_point_full
 2024-02-06 12:37:20 +00:00
Zbigniew Jędrzejewski-Szmek
85a84772a1 units: drop userdbd from homed's Also= 
Also= lists units which should be enabled/disabled together with the first unit.
But userdbd is independent of homed, we shouldn't e.g. disable it even if homed
is disabled.
 2024-02-06 12:36:04 +00:00
Mike Yuan
c90335403c process-util: minor follow-up for pidfd_spawn 2024-02-06 12:26:38 +00:00
Lennart Poettering
83d5dab4de nspawn: and also add comment, making clear chdir() should come late 2024-02-06 11:13:28 +01:00
Lennart Poettering
f94025a136 nspawn: also refuse paths below API VFS in nspawn's --chdir= field 2024-02-06 11:13:28 +01:00
Lennart Poettering
8049bce619 load-fragment: set PATH_CHECK_NON_API_VFS flag at various other places 
I tried to be conservative here, and hence in doubt I left the flag off,
but in some cases I really can't see any reason why it would make sense
to specifiy paths into API VFS, hence add it there, to lock things down
a bit.
 2024-02-06 11:13:28 +01:00
Lennart Poettering
e0f6eaeb4f parse-helpers: adjust log level when we say we ignore to LOG_WARNING 2024-02-06 11:13:28 +01:00
Lennart Poettering
14631951ce dbus: make dbus property parsing of WorkingDirectory= equally strict as loading it from the unit files 2024-02-06 11:13:28 +01:00
Lennart Poettering
a13fb98ba7 exec-invoke: extend comment on placement of apply_working_directory() call 
Inspired by CVE-2024-21626, let's add a longer comment explaining why
the code really shouldn#t be moved any earlier.

Just in the hope that anyone who feels tempted to move this around maybe
actually reads the comment and reconsiders.
 2024-02-06 11:13:28 +01:00
Lennart Poettering
0d1332841e parse-helpers: add new PATH_CHECK_NON_API_VFS flag 
In various contexts it's a bit icky to allow paths below /proc/, /sys/,
/dev/ i.e. file hierarchies where API VFS are placed. Let's add a new
flag for path_simplify_and_warn() to check for this and refuse a path if
in these paths.

Enable this when parsing WorkingDirectory=.

This is inspired by CVE-2024-21626, which uses trickery around the cwd
and /proc/self/fd/.

AFAICS we are not actually vulnerable to the same issue as explained in
the CVE since we execute the WorkingDirectory= setting very late, i.e.
long after we set up the new mount namespace. But let's filter out icky
stuff better earlier than later, as extra safety precaution.
 2024-02-06 11:13:28 +01:00
Lennart Poettering
0fb08bd5e3 mountpoint-util: add small helper that checks if a path is below the API VFS hierarchies 2024-02-06 11:13:28 +01:00
Lennart Poettering
b63e3bd308 exec-invoke: rework apply_working_directory() around chase() 
let's be more careful and get rid of one more prefix_roota() use, in
favour of the safe chase().
 2024-02-06 10:28:30 +01:00
Lennart Poettering
e66766ead8 parse-helpers: indent according to coding style 2024-02-06 10:28:30 +01:00
Mike Yuan
027d9f9096
Merge pull request #31209 from bluca/pidfd_spawn 
core: add support for pidfd_spawn
 2024-02-06 15:14:17 +08:00
Mike Yuan
b409aacb0a
mountpoint-util: introduce path_is_mount_point_full 2024-02-06 15:09:28 +08:00
Mike Yuan
561d879305
login/user-runtime-dir: properly check for mount point 2024-02-06 15:08:58 +08:00
Luca Boccassi
76e00ba2e5 TODO: drop clone3 item 2024-02-05 21:52:36 +00:00
Luca Boccassi
2e106312e2 core: add support for pidfd_spawn 
Added in glibc 2.39, allows cloning into a cgroup and to get
a pid fd back instead of a pid. Removes race conditions for
both changing cgroups and getting a reliable reference for the
child process.

Fixes https://github.com/systemd/systemd/pull/18843
Replaces https://github.com/systemd/systemd/pull/16706
 2024-02-05 21:52:36 +00:00
Luca Boccassi
9ca13d60db executor: really set POSIX_SPAWN_SETSIGDEF for posix_spawn 
posix_spawnattr_setflags() doesn't OR the input to the current set of flags,
it overwrites them, so we are currently losing POSIX_SPAWN_SETSIGDEF.

Follow-up for: 6ecdfe7d10
 2024-02-05 16:26:01 +00:00
Frantisek Sumsal
4e71714bca README: bump the gcc baseline to 8.4 
We already use __VA_OPT__ in multiple places, which was introduced in
gcc 8 [0], so let's bump the baseline to reflect that. I chose gcc 8.4,
as that was the lowest 8.x version I could easily get my hands on when I
verified this (on Ubuntu Focal with the gcc-8 package).

Closes: #31191

[0] https://gcc.gnu.org/gcc-8/changes.html
 2024-02-05 10:45:10 +00:00
Mike Yuan
9524c519a2
Merge pull request #31197 from YHNdnzj/protect-system-cred 
core/service: set up credentials for all start-post commands too
 2024-02-05 16:06:42 +08:00
Mike Yuan
39f4504de8
core/service: allow ExecStartPost= cmds to access creds 
Fixes #31194
 2024-02-05 00:57:06 +08:00
Mike Yuan
a145623bc4
core/service: don't setup credentials for ExecCondition= and ExecReload= 
This seems to be a mistake in #27279. I believe credentials should
not be made available to condition or reload tasks. In most cases
they're irrelevant from the actual job of the service. Also, currently
the first ExecCondition= or ExecReload= cannot access creds anyway,
making the incompatibility introduced negligible.

If people actually come up with valid use cases, we can always
revisit this.
 2024-02-05 00:52:46 +08:00
Mike Yuan
fe760177fe
core/service: don't give ExecStopPost= commands tty access 
All tasks spawned later than ExecStart= (e.g. ExecReload=, ExecStop=, ...)
don't get tty access. ExecStopPost= is the odd one out. Fix that.
 2024-02-05 00:47:07 +08:00
Mike Yuan
81006ebbd7
core/service: introduce service_exec_flags 
As suggested in
https://github.com/systemd/systemd/pull/31197#pullrequestreview-1861297477

Note that this slightly changes the behavior for
ExecReload=, ExecCondition= and ExecStartPost=. Will
be explained/corrected in later commits.
 2024-02-05 00:46:39 +08:00
Mike Yuan
a5801e9714
core/unit: use ASSERT_PTR and strdup_or_null more 2024-02-05 00:37:00 +08:00
Mike Yuan
d3131ea28c
core/exec-invoke: don't duplicate needs_sandboxing condition 2024-02-04 16:35:16 +08:00
Mike Yuan
881dbad1f1
core/exec-credential: make param const where appropriate 2024-02-04 16:35:13 +08:00
James Muir
c0c852a8bb bulgarian: use "RateLimitIntervalSec" rather than "RateLimitInterval" 
Update Bulgarian translation.  "RateLimitIntervalSec" is the current option
name.  "RateLimitInterval" is the legacy option name.
 2024-02-04 02:42:09 +09:00
Frantisek Sumsal
a0485e07b3 test_ukify: use raw string for the regex 
To get rid of the "invalid escape sequence" warning:

=============================== warnings summary ===============================
../src/ukify/test/test_ukify.py:876
  ../src/ukify/test/test_ukify.py:876: SyntaxWarning: invalid escape sequence '\s'
    assert re.search('Issuer: CN\s?=\s?SecureBoot signing key on host', out)
 2024-02-04 02:41:03 +09:00
Anders Jonsson
660be5c5af po: Translated using Weblate (Swedish) 
Currently translated at 100.0% (227 of 227 strings)

Co-authored-by: Anders Jonsson <anders.jonsson@norsjovallen.se>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/sv/
Translation: systemd/main
 2024-02-03 12:47:07 +01:00
Ivan Shapovalov
00fcd79e65 nspawn: permit --ephemeral with --link-journal=try-* (treat as =no) 
Common sense says that to "try" something means "to not fail if
something turns out not to be possible", thus do not make this
combination a hard error.

The actual implementation ignores any --link-journal= setting when
--ephemeral is in effect, so the semantics are upheld.
 2024-02-03 03:03:41 +09:00
Vladimir Stoiakin
85686b37b0 cryptenroll: allow to use a public key on a token 
This patch allows systemd-cryptenroll to enroll directly with a public key if a certificate is missing on a token.

Fixes: #30675
 2024-02-03 03:00:51 +09:00
Antonio Alvarez Feijoo
e104d77da2 man/systemd-bsod: fix command path 2024-02-03 02:59:44 +09:00
Frantisek Sumsal
ce45fe2a32 test: wait until the test binary starts the test aux scope 
Otherwise we might continue too early on slower machines:

[   53.777485] testsuite-07.sh[675]: + systemd-run --unit test-aux-scope.service -p Slice=aux.slice -p Type=exec -p TasksMax=99 -p CPUWeight=199 -p IPAccounting=yes /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   55.399526] testsuite-07.sh[679]: Running as unit: test-aux-scope.service; invocation ID: 375dc3e2d12f4af1bedfe80a23709e37
[   55.512917] testsuite-07.sh[691]: ++ systemctl show --value --property MainPID test-aux-scope.service
[   56.947713] testsuite-07.sh[675]: + kill -s USR1 680
[   56.947713] testsuite-07.sh[675]: + sleep 1
[   58.058809] testsuite-07.sh[675]: + systemctl status test-aux-scope.service
[   58.902808] testsuite-07.sh[695]: ● test-aux-scope.service - /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]:      Loaded: loaded (/run/systemd/transient/test-aux-scope.service; transient)
[   58.902808] testsuite-07.sh[695]:   Transient: yes
[   58.902808] testsuite-07.sh[695]:      Active: active (running) since Thu 2024-02-01 04:53:57 UTC; 3s ago
[   58.902808] testsuite-07.sh[695]:    Main PID: 680 (test-aux-scope)
[   58.902808] testsuite-07.sh[695]:          IP: 0B in, 0B out
[   58.902808] testsuite-07.sh[695]:       Tasks: 11 (limit: 99)
[   58.902808] testsuite-07.sh[695]:      Memory: 3.2M (peak: 3.5M)
[   58.902808] testsuite-07.sh[695]:         CPU: 235ms
[   58.902808] testsuite-07.sh[695]:      CGroup: /aux.slice/test-aux-scope.service
[   58.902808] testsuite-07.sh[695]:              ├─680 /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]:              ├─681 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─682 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─683 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─684 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─685 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─686 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─687 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─688 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─689 "(worker)"
[   58.902808] testsuite-07.sh[695]:              └─690 "(worker)"
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Enqueued job test-aux-scope.service/start as 277
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Will spawn child (service_enter_start): /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Passing 0 fds to service
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: About to execute: /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Forked /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope as 680
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Changed dead -> start
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: Starting test-aux-scope.service...
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd-executor[680]: SELinux enabled state cached to: disabled
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[   58.979659] testsuite-07.sh[701]: ++ ps -eo pid,unit
[   59.014968] testsuite-07.sh[702]: ++ grep -c test-aux-scope.service
[   59.729453] systemd[1]: Cannot find unit for notify message of PID 691, ignoring.
[   60.321547] testsuite-07.sh[675]: + test 11 = 1
[   60.332496] testsuite-07.sh[669]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-07.aux-scope.sh failed'
 2024-02-03 02:57:52 +09:00
Yu Watanabe
2933881ea5
Merge pull request #31032 from yuwata/pam-session-close 
pam: fix warning "Attempted to close sd-bus after fork, this should not happen." on session close
 2024-02-02 09:51:08 +09:00
Harald Brinkmann
2a9b1a76ee coredump: log minimal metadata early 2024-02-02 09:43:50 +09:00
Yu Watanabe
25d2376052
Merge pull request #31166 from mrc0mmand/vpick-tweaks 
vpick: make a working copy of the current dname
 2024-02-02 09:37:13 +09:00
Yu Watanabe
68676af60d test-network: fix typo 
Follow-up for d4c8de21a0.
 2024-02-02 09:29:14 +09:00
Yu Watanabe
58125c1920 test: fix typo 
Follow-up for fa8ff98ea4.
 2024-02-02 09:27:52 +09:00
Yu Watanabe
04a755466b man/creds: fix typo 
Follow-up for 7704c3474d.
 2024-02-02 09:25:57 +09:00
Yu Watanabe
49d6e3c8a8 man: fix typo 
Follow-up for 34bbda18a5.
 2024-02-02 09:24:25 +09:00
Yu Watanabe
35dab29d58 sd-bus: fix typo 
Follow-up for 25fd5343ca.
 2024-02-02 09:22:43 +09:00
Yu Watanabe
431042e901 sd-bus: fix typo 
Follow-up for 71be64064c.
 2024-02-02 09:21:18 +09:00