1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

52802 Commits

Author SHA1 Message Date
Daan De Meyer
66dc9b4634 docs: Add documentation on how to use VSCode to debug systemd via mkosi 2021-08-21 10:31:32 +01:00
Yu Watanabe
218262c0b1
Merge pull request #20500 from poettering/import-tweaks
a few minor tweaks/bugfixlets to importd backends
2021-08-21 12:50:22 +09:00
Yu Watanabe
455bb37a8b
Merge pull request #20499 from poettering/align-to-tweak
ALIGN_TO() tweaks
2021-08-21 12:50:07 +09:00
Yu Watanabe
cc97ef5627
Merge pull request #20494 from bluca/snprintf_voidify
tree-wide: voidify unchecked snprintf calls or use snprintf_ok
2021-08-21 06:45:58 +09:00
Yu Watanabe
0e0e57a484
Merge pull request #20484 from DaanDeMeyer/rx-gro-hw
Add rx-gro-hw support
2021-08-21 06:43:49 +09:00
Frantisek Sumsal
faca95e115 test: make sure test timeout has a higher priority than a pass
otherwise we might mark tests where something crashes during shutdown as
successful, as happened in one of the recent TEST-01-BASIC runs:

```
testsuite-01.service: About to execute rm -f /failed /testok
testsuite-01.service: Forked rm as 606
testsuite-01.service: Executing: rm -f /failed /testoktestsuite-01.service: Changed dead -> start-pre
         Starting TEST-01-BASIC...
...
Child 606 (rm) died (code=exited, status=0/SUCCESS)
testsuite-01.service: Child 606 belongs to testsuite-01.service.
testsuite-01.service: Control process exited, code=exited, status=0/SUCCESS (success)
testsuite-01.service: Got final SIGCHLD for state start-pre.
testsuite-01.service: Passing 0 fds to service
testsuite-01.service: About to execute sh -e -x -c "systemctl --state=failed --no-legend --no-pager >/failed ; systemctl daemon-reload ; echo OK >/testok"
testsuite-01.service: Forked sh as 607
testsuite-01.service: Changed start-pre -> start
testsuite-01.service: Executing: sh -e -x -c "systemctl --state=failed --no-legend --no-pager >/failed ; systemctl daemon-reload ; echo OK >/testok"systemd-journald.service: Got notification message from PID 560 (FDSTORE=1)S
...
testsuite-01.service: Child 607 belongs to testsuite-01.service.
testsuite-01.service: Main process exited, code=exited, status=0/SUCCESS (success)
testsuite-01.service: Deactivated successfully.
testsuite-01.service: Service will not restart (restart setting)
testsuite-01.service: Changed start -> dead
testsuite-01.service: Job 207 testsuite-01.service/start finished, result=done
[  OK  ] Finished TEST-01-BASIC.
...
end.service: About to execute /bin/sh -x -c "systemctl poweroff --no-block"
end.service: Forked /bin/sh as 623end.service: Executing: /bin/sh -x -c "systemctl poweroff --no-block"
...
end.service: Job 213 end.service/start finished, result=canceled
Caught <SEGV>, dumped core as pid 624.
Freezing execution.

CentOS Linux 8
Kernel 4.18.0-305.12.1.el8_4.x86_64 on an x86_64 (ttyS0)

H login: qemu-kvm: terminating on signal 15 from pid 80134 (timeout)
E: Test timed out after 600s
Spawning getter /root/systemd/build/journalctl -o export -D /var/tmp/systemd-test.0UYjAS/root/var/log/journal/ca6031c2491543fe8286c748258df8d1...
Finishing after writing 15125 entries
Spawning getter /root/systemd/build/journalctl -o export -D /var/tmp/systemd-test.0UYjAS/root/var/log/journal/remote...
Finishing after writing 0 entries
-rw-r-----. 1 root root 25165824 Aug 20 12:26 /var/tmp/systemd-test.0UYjAS/system.journal
TEST-01-BASIC RUN: Basic systemd setup [OK]
...
2021-08-21 06:40:25 +09:00
Lennart Poettering
c7ed718720 macro: handle overflow in ALIGN_TO() somewhat reasonably
The helper call rounds up to next multiple of specified boundary. If one
passes a very large value as first argument, then there might not be a
next multiple. So far we ignored that. Let's handle this now and return
SIZE_MAX in this case, as special indicator that we reached the end.

Of course, IRL this should not happen. With this new change we at least
do something somewhat reasonable, leaving it to the caller to handle it
further.
2021-08-20 22:00:48 +02:00
Lennart Poettering
eeed637fea test: split out macro tests into own test-macro.c
No changes in code, just a split out of tests for stuff from macro.h
into test-macro.c
2021-08-20 22:00:48 +02:00
Lennart Poettering
983b69c3f5 import-fs: create paren dirs in --direct mode too
There's no reason not to create these in advance if they are missing.
2021-08-20 21:57:08 +02:00
Lennart Poettering
50b9c30cea import: don't attempt full-file clones if we only are supposed to write a part of the file
Otherwise we'll copy more than we were told to.
2021-08-20 21:57:04 +02:00
Lennart Poettering
bf284aee23 import: enable sparse file writing logic only for files we create
Only if we create a file we know for sure that it is empty and hence our
sparse file logic of skipping over NUL bytes can can work. If we hwoever
are called to write data to some existing file/block device, we must do
regular writes to override everything that might be in place before.

Hence, conditionalize sparse file writing on the write offset not being
configured (which is how we internally distinguish write to existing
file and write to new file)
2021-08-20 21:56:59 +02:00
Lennart Poettering
53e03c9692 import: when completed, say how many bytes we wrote/acquired
This is just too useful.
2021-08-20 21:56:55 +02:00
Lennart Poettering
c456862f87 import: allow file:// in addition to HTTP(S)
Previously we only allows http/https urls, let's open this up a bit.
Why? Because it makes testing *so* *much* *easier* as we don't need to
run a HTTP server all the time.

CURL mostly abstracts the differences of http/https away from us, hence
we can get away with very little extra work.
2021-08-20 21:56:39 +02:00
Lennart Poettering
55b90ee00b import: turn off weird protocols in curl
Let's lock things down a bit and now allow curl's weirder protocols to
be used with our use. i.e. stick to http:// + https:// + file:// and
turn everything else off. (Gopher!)

This is cde that interfaces with the network after all, and we better
shouldn't support protocols needlessly that are much less tested.

(Given that HTTP redirects (and other redirects) exist, this should give
us a security benefit, since we will then be sure that noone can forward
us to a weird protocol, which we never tested, and other people test
neither)
2021-08-20 21:56:00 +02:00
Lennart Poettering
ceea13e20f
Merge pull request #20421 from maanyagoenka/systemd-security
systemd-analyze: refactor security_info struct and add option to perform security analysis of specified unit file(s)
2021-08-20 21:42:11 +02:00
Jan Janssen
492f148f1f journalctl: Use constants for _BOOT_ID= matches 2021-08-20 21:40:35 +02:00
Maanya Goenka
dfbda8799c systemd-analyze: add new 'security' option to compare unit's overall exposure level with
--threshold option added to work with security verb and with the --offline option so that
users can determine what qualifies as a security threat. The threshold set by the user is
compared with the overall exposure level assigned to a unit file and if the exposure is
higher than the threshold, 'security' will return a non-zero exit status. The default value
of the --threshold option is 100.

Example Run:

1. testcase.service is a unit file created for testing the --threshold option

    maanya-goenka@debian:~/systemd (systemd-security)$ cat<<EOF>testcase.service

    > [Service]
    > ExecStart = echo hello
    > EOF

    For the purposes of this demo, the security table outputted below has been cut to show only the first two security settings.

    maanya-goenka@debian:~/systemd (systemd-security)$ sudo build/systemd-analyze security --offline=true testcase.service
    /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
    process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
    Support for KillMode=none is deprecated and will eventually be removed.
    /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
    unit file, and consider removing the setting altogether.
    /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
    /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

      NAME                                        DESCRIPTION                                                       EXPOSURE
    ✗ PrivateNetwork=                             Service has access to the host's network                          0.5
    ✗ User=/DynamicUser=                          Service runs as root user                                         0.4

    → Overall exposure level for testcase.service: 9.6 UNSAFE 😨

    maanya-goenka@debian:~/systemd (systemd-security)$ echo $? 0

2. Next, we use the same testcase.service file but add an additional --threshold=60 parameter. We would expect 'security' to exit
   with a non-zero status because the overall exposure level (= 96) is higher than the set threshold (= 60).

    maanya-goenka@debian:~/systemd (systemd-security)$ sudo build/systemd-analyze security --offline=true --threshold=60 testcase.service
    /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
    process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
    Support for KillMode=none is deprecated and will eventually be removed.
    /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
    unit file, and consider removing the setting altogether.
    /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
    /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

      NAME                                        DESCRIPTION                                                       EXPOSURE
    ✗ PrivateNetwork=                             Service has access to the host's network                          0.5
    ✗ User=/DynamicUser=                          Service runs as root user                                         0.4

    → Overall exposure level for testcase.service: 9.6 UNSAFE 😨

    maanya-goenka@debian:~/systemd (systemd-security)$ echo $? 1
2021-08-20 10:59:13 -07:00
Maanya Goenka
bb43d85319 systemd-analyze: 'security' option to perform offline reviews of the specified unit file(s)
New option --offline which works with the 'security' command and takes in a boolean value. When set to true,
it performs an offline security review of the specified unit file(s). It does not rely on PID 1 to acquire
security information for the files like 'security' when used by itself does. It makes use of the refactored
security_info struct instead (commit #8cd669d3d3cf1b5e8667acc46ba290a9e8a8e529). This means that --offline can be
used with --image and --root as well. When used with --threshold, if a unit's overall exposure level is above
that set by the user, the default value being 100, --offline returns a non-zero exit status.

Example Run:

1. testcase.service is a unit file created for testing the --offline option

maanya-goenka@debian:~/systemd (systemd-security)$ cat<<EOF>testcase.service

> [Service]
> ExecStart = echo hello
> EOF

For the purposes of this demo, the security table outputted below has been cut to show only the first two security settings.

maanya-goenka@debian:~/systemd (systemd-security)$ sudo build/systemd-analyze security --offline=true testcase.service
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

  NAME                                        DESCRIPTION                                                       EXPOSURE
✗ PrivateNetwork=                             Service has access to the host's network                          0.5
✗ User=/DynamicUser=                          Service runs as root user                                         0.4

→ Overall exposure level for testcase.service: 9.6 UNSAFE 😨

maanya-goenka@debian:~/systemd (systemd-security)$ echo $? 0

2. The testcase.service unit file is modified to set PrivateNetwork to "yes". This reduces the exposure level from 9.6 to 9.1.

maanya-goenka@debian:~/systemd (systemd-security)$ nano testcase.service

> [Service]
> ExecStart = echo hello
> PrivateNetwork = yes
> EOF

maanya-goenka@debian:~/systemd (systemd-security)$ sudo build/systemd-analyze security --offline=true testcase.service
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

  NAME                                        DESCRIPTION                                                       EXPOSURE
✓ PrivateNetwork=                             Service has access to the host's network
✗ User=/DynamicUser=                          Service runs as root user                                         0.4

→ Overall exposure level for testcase.service: 9.1 UNSAFE 😨

maanya-goenka@debian:~/systemd (systemd-security)$ echo $? 0

3. Next, we use the same testcase.service unit file but add the additional --threshold=60 option to see how --threshold works with
--offline. Since the overall exposure level is 91 which is greater than the threshold value set by the user (= 60), we can expect
a non-zero exit status.

maanya-goenka@debian:~/systemd (systemd-security)$ sudo build/systemd-analyze security --offline=true --threshold=60 testcase.service
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

  NAME                                        DESCRIPTION                                                       EXPOSURE
✓ PrivateNetwork=                             Service has access to the host's network
✗ User=/DynamicUser=                          Service runs as root user                                         0.4

→ Overall exposure level for testcase.service: 9.1 UNSAFE 😨

maanya-goenka@debian:~/systemd (systemd-security)$ echo $? 1
2021-08-20 10:59:13 -07:00
Maanya Goenka
1624114d74 systemd-analyze: refactor security_info to make use of existing struct variables
In the original implementation of the security_info struct, the struct variables receive its values
via dbus protocol. We want to make use of existing structs ExecContext, Unit, and CGroupContext to
assign values to the security_info variables instead of relying on dbus for the same. This is possible since these
pre-defined structs already contain all the variables that security_info needs to perform security reviews on
unit files that are passed to it in the command line.
2021-08-20 10:59:06 -07:00
Luca Boccassi
121ed16caf tree-wide: voidify unchecked snprintf calls
According to Coverity, 194 ouf of 227 times we check for snprintf return code.
Voidify the rest.

CID#1461512
CID#1461513
CID#1461514
CID#1461515
CID#1461516
CID#1461518
CID#1461519
CID#1461520
CID#1461522
2021-08-20 18:29:40 +01:00
Luca Boccassi
272fff7d84 format-util/sd-bus: do not ignore snprintf result 2021-08-20 18:29:30 +01:00
Luca Boccassi
e4193309c4 hwdb-usb-device: use xsprintf 2021-08-20 18:29:30 +01:00
Maanya Goenka
5ef8b072e9 set: modify the previously incorrect definition of set_copy and add test for it 2021-08-20 10:02:49 -07:00
Lennart Poettering
72fba0c4e5
Merge pull request #20488 from yuwata/timesync-fix
timesync: fix wrong type for receiving timestamp in nanoseconds
2021-08-20 13:34:20 +02:00
Lennart Poettering
fbe3d9591f
Merge pull request #20490 from poettering/id128-format-compound-literal
compound literal love for sd_id128_to_string()
2021-08-20 13:33:51 +02:00
Alfonso Sánchez-Beato
d48f9174cf src/boot/efi/linux: fix linux_exec prototype
Callers to linux_exec() are actually passing an EFI_HANDLE, not a pointer to
it. linux_efi_handover(), which is called by linux_exec(), also expects an
EFI_HANDLE.
2021-08-20 12:33:09 +02:00
Lennart Poettering
85b55869bc tree-wide: port everything over to new sd-id128 compund literal bliss 2021-08-20 11:09:48 +02:00
Lennart Poettering
c970388b22 sd-id128: add compound literal love to sd_id128_to_string() + id128_to_uuid_string() 2021-08-20 11:09:48 +02:00
Lennart Poettering
f3ce631bbc man: reference getrandom(2) instead of urandom from sd_id128_randomize() page
It's 2021, /dev/urandom is mostly a thing of the past now.
2021-08-20 11:09:48 +02:00
Lennart Poettering
7f3c90ed79 man: document SD_ID128_ALLF 2021-08-20 11:09:47 +02:00
Lennart Poettering
f47234b6e6 man: re-run ninja -C update-man-rules 2021-08-20 11:09:47 +02:00
Daan De Meyer
8f821d90bf link: Add support for rx-gro-hw nic feature 2021-08-20 09:15:02 +01:00
Daan De Meyer
f20710c74c link: Stop prefixing features with "the" 2021-08-20 09:14:14 +01:00
Yu Watanabe
7d93b92f31 network: add UseMTU= in [IPv6AcceptRA]
Note that kernel has similar knob in sysctl: accept_ra_mtu.

Closes #18868.
2021-08-20 17:14:08 +09:00
Lennart Poettering
dc131951b5
Merge pull request #18385 from kinvolk/mauricio/restrict-network-interfaces
Add RestrictNetworkInterfaces=
2021-08-20 03:41:11 +02:00
Yu Watanabe
6da22a2fa5 icmp6: drop unnecessary assertion
Follow-up for 3691bcf3c5.
2021-08-20 08:44:31 +09:00
Yu Watanabe
6f96bdc587 timesync: fix wrong type for receiving timestamp in nanoseconds
Fixes #20482.
2021-08-20 08:42:13 +09:00
Daan De Meyer
6c35ea5ef0 udev: Add support for configuring nic coalescing settings
These are configured via the corresponding ethtool ioctl.
2021-08-20 00:32:28 +01:00
Luca Boccassi
a622c58993
Merge pull request #20486 from DaanDeMeyer/sd-bus-eproto
sd-bus: Return detailed (sd-buscntr) error from bus_container_connect_socket().
2021-08-19 23:32:34 +01:00
Luca Boccassi
468d9bc901
Merge pull request #20436 from fbuihuu/add-no-build-support-on-opensuse
Add no build support on opensuse
2021-08-19 21:11:31 +01:00
Daan De Meyer
e4cdadf3bd sd-bus: Improve (sd-buscntr) error logging
We're only doing one thing in the child process which is connecting
to the D-Bus socket so let's mention that in the error message when
something goes wrong instead of having a generic error message.
2021-08-19 15:47:27 +01:00
Daan De Meyer
405a028e65 sd-bus: Return detailed (sd-buscntr) error from bus_container_connect_socket()
Previously, when the connect() call in (sd-buscntr) failed, we returned
-EPROTO without ever reading the actual errno from the error pipe. To fix
the issue, delay checking the process exit status until after we've read
and processed any error from the error pipe.
2021-08-19 15:47:24 +01:00
Lennart Poettering
7b58fcdd70
Merge pull request #19797 from oniko/systemd-fido2-pkcs11-plugins
Add support for remaining systemd fido2 and pkcs11 libcryptsetup plugins
2021-08-19 16:37:55 +02:00
Luca Boccassi
61a6aa21a5
Merge pull request #20471 from poettering/format-str-proc-fd
add FORMAT_PROC_FD_PATH() macro for generating /proc/self/fd/ paths on-the-fly
2021-08-19 14:05:22 +01:00
Mauricio Vásquez
43689840a2 README: add requirements for RestrictNetworkInterfaces=
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
2021-08-19 07:25:01 -05:00
Mauricio Vásquez
7e959a73af systemctl: show RestrictNetworkInterfaces= in systemctl show
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
2021-08-19 07:25:01 -05:00
Mauricio Vásquez
00d6fceeb3 tests: add integration test for RestrictNetworkInterfaces=
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
2021-08-19 07:25:01 -05:00
Ondrej Kozina
8186022c9d Add support for systemd-pkcs11 libcryptsetup plugin.
Add support for systemd-pkcs11 based LUKS2 device activation
via libcryptsetup plugin. This make the feature (pkcs11 sealed
LUKS2 keyslot passphrase) usable from both systemd utilities
and cryptsetup cli.

The feature is configured via -Dlibcryptsetup-plugins combo
with default value set to 'auto'. It get's enabled automatically
when cryptsetup 2.4.0 or later is installed in build system.
2021-08-19 13:58:10 +02:00
Ondrej Kozina
0ff605665a pkcs11-util: split pkcs11_token_login function
Future systemd-pkcs11 plugin requires unlock via single
call with supplied pin. To reduce needless code duplication
in plugin itself split original pkcs_11_token_login call in
two calls:

new pkcs11_token_login_by_pin and the former where loop
for retrying via PIN query callback remains.
2021-08-19 13:58:10 +02:00
Ondrej Kozina
ed3d3af148 cryptsetup-pkcs11: move pkcs11_callback and data in shared utils.
To be used later by both (future) systemd-pkcs11 libcryptsetup
plugin and cryptsetup-pkcs11.
2021-08-19 13:58:10 +02:00