1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 18:27:04 +03:00
Commit Graph

28971 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
6dc666886a seccomp: factor out seccomp_rule_add_exact to a helper function 2017-05-07 19:01:11 -04:00
Zbigniew Jędrzejewski-Szmek
2a65bd94e4 seccomp: drop SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN, add test for shmat
SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN was conflating two separate things:
1. whether shmat/shmdt/shmget can be filtered (if ipc multiplexer is used, they can not)
2. whether we know this for the current architecture

For i386, shmat is implemented as ipc, so seccomp filter is "broken" for shmat,
but not for mmap, and SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN cannot be used
to cover both cases. The define was only used for tests — not in the implementation
in seccomp-util.c. So let's get rid of SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN
and encode the right condition directly in tests.
2017-05-07 18:59:37 -04:00
Zbigniew Jędrzejewski-Szmek
dce0e62046 test-seccomp: limit the code under #ifdef
Try to make the paths for supported and unsupported architectures as
similar as possible.
2017-05-03 19:50:39 +00:00
James Cowgill
a3645cc6dd seccomp: add clone syscall definitions for mips (#5880)
Also updates the documentation and adds a mention of ppc64 support
which was enabled by #5325.

Tested on Debian mipsel and mips64el. The other 4 mips architectures
should have an identical user <-> kernel ABI to one of the 2 tested
systems.
2017-05-03 18:35:45 +02:00
Michael Biebl
8251ee109c Merge pull request #5842 from keszybz/meson-status-and-conditionals
Meson status and conditional simplification
2017-05-03 16:45:31 +02:00
Zbigniew Jędrzejewski-Szmek
2c201c2140 meson: use booleans for conf.set and drop unecessary conditionals
Using conf.set() with a boolean argument does the right thing:
either #ifdef or #undef. This means that conf.set can be used unconditionally.

Previously I used '1' as the placeholder value, and that needs to be changed to
'true' for consistency (under meson 1 cannot be used in boolean context). All
checks need to be adjusted.
2017-05-02 16:29:11 -04:00
Zbigniew Jędrzejewski-Szmek
829257d135 meson: add status report
This is similar to what ./configure prints. Instead of a long list of yes/no lines,
I added two lines at the end with "enabled features" and "disabled features".
This is what the mplayer/mencoder ./configure script did back in the day.
The advantage is that it's easy to look at the list of disabled features
and check for any unexpected entries.
2017-05-02 16:29:11 -04:00
Zbigniew Jędrzejewski-Szmek
671677dad1 meson: add forgotten debug options
v2:
-rename -Dextra-debug to -Ddebug to match ./configure --debug
2017-05-02 16:28:40 -04:00
Patrik Flykt
7feeb89980 sd-ndisc: Reset counter for sent Router Solicitations (#5874)
Reset also the counter for number of Router Solicitations sent when
the associated file descriptor is closed and the event source
unreferenced. With this change the router discovery can now be
stopped and restarted arbitrary many times.
2017-05-02 15:36:24 -04:00
Dimitri John Ledkov
f00ff0de40 network: reject bridge port priorities above kernel's max value. (#5877)
Bridge port priority in the kernel can only be between 0 and 63. Therefore
reject values above maximum.

Fixes: #5729
2017-05-02 15:32:42 -04:00
Michael Biebl
b7674ecd5b build-sys: re-add systemd.directives and systemd.index to MANPAGES (#5876)
Those were dropped accidentally in commit
19fe49f62c, most likely by running
make update-man-list. This is a known limitation of the autotools build:
the man pages must be built before update-man-list is called.
2017-05-02 15:30:14 -04:00
Peter Hutterer
c7a5268a20 hwdb: update axis ranges for the Asus UX301LAA touchpad (#5872)
https://bugs.freedesktop.org/show_bug.cgi?id=100873
2017-05-02 08:53:08 +02:00
Michael Biebl
96c1f5904b Merge pull request #5871 from keszybz/meson-html-2
meson: make sure html symlinks are also created in build directory
2017-05-01 19:18:02 +02:00
Zbigniew Jędrzejewski-Szmek
38acf8a721 meson: make sure html symlinks are also created in build directory
The symlinks should be created in the build directory in two cases: when
configuration specifies -Dhtml=true, or when ninja html target is built.
Normally install : {true,false} is used to decide if a target should be built,
but in this case, we cannot use install : true, because, as described in
488477d101, that results in the target file being copied into the
installation directory instead of a symlink. So we need a work-around. To
achieve the first end, the commands to create the symlinks are added as
dependencies of the command to create the html page. To the second end, they
are added as dependencies of the html target.

Follow-up for 488477d101 and 064d9ef0d7.
2017-05-01 11:55:48 -04:00
Michael Biebl
064d9ef0d7 meson: create index.html symlink pointing at systemd.index.html (#5870)
Re-use bits from 488477d101 to create the
index.html symlink.

Fixes #5862
2017-05-01 11:02:17 -04:00
Michael Biebl
2f10b22557 Merge pull request #5869 from keszybz/meson-html
meson: fix creation of html symlinks
2017-05-01 15:21:51 +02:00
Zbigniew Jędrzejewski-Szmek
488477d101 meson: fix creation of html symlinks
This adds two somewhat independent rules:
1. to create symlinks to html pages in the build directory
2. to create symlinks in the installation directory

The second part needs to be coded separately, because telling meson to install
the symlinks created in step 1. results in a copy of the target, instead of a
symlink. So step 2. needs to ignore the result of 1. and create the symlink again.

Fixes #5863.
2017-05-01 00:19:39 -04:00
Jörg Thalheim
3e67e5c992 more portable python shebangs (#5816)
This is useful on systems like NixOS, where python3 is not in
/usr/bin/python3 as well as for people using alternative ways to
install python such as virtualenv/pyenv.
2017-04-30 20:26:56 -04:00
Michael Biebl
db374ff564 build-sys: don't generate index.html with --disable-manpages (#5865)
Don't generate man/index.html and the dependent man/systemd.index.html
if man pages have been disabled.

Closes #5854
2017-04-30 18:21:59 +02:00
Roelf Wichertjes
14b6bb7762 networkd: Add check to ensure link is down before attempting to enslave (#5853)
netdev to bond.

There are situations where a link can be in an "UP" state when
 systemd-networkd attempts to add the link to a bond device.
This is a problem because the bonding driver will refuse to
 enslave a link if it is in the "UP" state.
This check ensures systemd-networkd sets the link to "DOWN"
 before attempting to add the link to the bond.

Fixes #5838.
2017-04-30 13:12:32 +02:00
Lennart Poettering
2766d951c9 Merge pull request #5808 from ssahani/util
conf parser: add config_parse_ip_port
2017-04-30 11:36:12 +02:00
Max Resch
a0693fc951 sd-boot: remove compiler warning (#5860)
This small fixup removes a compiler warning when passing tcg (a const
arg type) to the uefi call wapper, which does not define it as const.

All other source files in sd-boot do this cast except measure.c, so
let's fix that.
2017-04-29 22:11:34 -04:00
Martin Pitt
815e542b7c Merge pull request #5809 from keszybz/glob-safe
Implement `safe_glob` that ignores "." and ".."
2017-04-29 21:19:24 +02:00
Susant Sahani
9861673574 conf parser: add config_parse_ip_port 2017-04-29 23:34:17 +05:30
Yusuke Nojima
5b3cc0c86a journald: fix assertion failure on journal_file_link_data. (#5843)
When some error occurs during the initialization of JournalFile,
the JournalFile can be left without hash tables created.  When later
trying to append an entry to that file, the assertion in
journal_file_link_data() fails, and journald crashes.

This patch fix this issue by checking *_hash_table_size in
journal_file_verify_header().
2017-04-29 19:37:53 +02:00
Susant Sahani
9cdf4e3d7d networkd: replace geneve/vxlan port parsing with generic config_parse_ip_port 2017-04-29 22:33:50 +05:30
Susant Sahani
177d0b2032 config parser: Introduce config_parse_ip_port 2017-04-29 22:33:50 +05:30
Lennart Poettering
db7076bf78 Merge pull request #5164 from Werkov/ordering-for-_netdev-devices
Ordering for _netdev devices
2017-04-29 18:40:19 +02:00
Lennart Poettering
007f09d487 Merge pull request #5783 from keszybz/compiler-warning-fixes
shared/extract-word: replace enum with int to avoid undefined behaviour
2017-04-29 18:35:56 +02:00
Lennart Poettering
ccefd046c6 Merge pull request #5529 from ssahani/label
networkd / sd-netlink: add support for address label
2017-04-29 13:42:09 +02:00
Martin Pitt
fe685ffb7f Merge pull request #5852 from phomes/trivial
Trivial cleanups
2017-04-29 13:39:47 +02:00
Lennart Poettering
a7c8991383 Merge pull request #5801 from keszybz/help-error
nspawn,cgtop: make sure --version, --help always work
2017-04-29 12:30:29 +02:00
Max Resch
1f8476b197 sd-boot: remove unnecessary defines (#5848)
As discussed in #5829 `#define` is not necessary, meson and autotools
set the correct compiler flags and the default value is provided by them.
2017-04-29 12:24:25 +02:00
Chris Lamb
04e599b1ce test: explain why we explicitly make all despite test/Makefile's check target calling it (#5830) 2017-04-29 08:23:13 +02:00
Michael Biebl
8e899a9293 meson: do not link libshared dynamically against libudev (#5850)
Linking dynamically against libudev will fail once
https://github.com/mesonbuild/meson/pull/1545 is merged and apparently
already triggers a link failure on s390x.

Make libshared provide the udev symbols by including libudev_sources
into libshared. This will cause those files to be compiled twice, but it
actually reduces the installed size and is closer to what the autotools
build system is doing.

Closes #5828
2017-04-29 08:21:07 +02:00
Thomas Hindoe Paaboel Andersen
6eeec374c1 tree-wide: remove unused variables 2017-04-28 23:56:44 +02:00
Thomas Hindoe Paaboel Andersen
85df3c6037 networkd: remove duplicated include 2017-04-28 23:56:44 +02:00
Thomas Hindoe Paaboel Andersen
b3c908b4a2 shared: assert the source for memcpy 2017-04-28 23:56:44 +02:00
userwithuid
232bd67797 build-sys: do not install manpages from disabled features (#5844)
A few of the manpages where missing the "conditional" attribute.
2017-04-28 08:22:17 -04:00
Peter Hutterer
f5e97db00b hwdb: add Samsung 880Z5E series touchpad overrides (#5825)
https://bugs.freedesktop.org/show_bug.cgi?id=100631
2017-04-28 08:19:31 +02:00
Max Resch
489e15a8b3 meson: add compiler flags for "--tpm" in EFI apps (#5829)
Readds boot log tpm feature that was missing in meson by readding a
defines in efi_conf.h
2017-04-27 20:59:37 -04:00
Martin Pitt
b13586206b Merge pull request #5827 from keszybz/meson-libcap
meson: fixes to allow meson builds on Ubuntu Trusty
2017-04-27 22:12:28 +02:00
userwithuid
1c9f131444 meson: do not install files from disabled features (#5811)
Mirror conditions from Makefile.am.
2017-04-27 13:47:04 -04:00
Zbigniew Jędrzejewski-Szmek
5d96ab7d6d Merge pull request #5818 from mbiebl/meson-no-libudev
meson: drop implicit libudev link dependencies
2017-04-27 13:40:15 -04:00
Zbigniew Jędrzejewski-Szmek
0bc9115251 Merge branch 'master' into meson-no-libudev 2017-04-27 13:39:54 -04:00
Zbigniew Jędrzejewski-Szmek
00a313261e Merge pull request #5821 from mbiebl/meson-no-libiptc
Merge libfirewall into libshared, and link libshared to libip[46]tc directly.
2017-04-27 13:37:01 -04:00
userwithuid
d8431fc3f4 build-sys: only install libexecdir/resolv.conf if resolved is enabled (#5826)
as mentioned in https://github.com/systemd/systemd/pull/5811
2017-04-27 13:22:40 -04:00
Zbigniew Jędrzejewski-Szmek
d8c92e8bc7 execute: filter out "." for ".." in EnvironmentFile= globs too
This doesn't really matter much, only in case somebody would use
something strange like

  EnvironmentFile=/etc/something/.*

Make sure that "." and ".." is not returned by that glob. This makes
all our globbing patterns behave the same.
2017-04-27 13:21:08 -04:00
Zbigniew Jędrzejewski-Szmek
84e72b5ef4 tmpfiles: use safe_glob()
This filters out "." and ".." from glob results. Fixes #5655 and #5644.

Any judgements on whether the path is "safe" are removed. We will not remove
"/" under any name (including "/../" and such), but we will remove stuff that
is specified using paths that include "//", "/./" and "/../". Such paths can be
created when joining strings automatically, or for other reasons, and people
generally know what ".." and "." is.

Tests are added to make sure that the helper functions behave as expected.
2017-04-27 13:20:30 -04:00
Zbigniew Jędrzejewski-Szmek
48d7c64805 basic: add readdir_no_dot and safe_glob functions
safe_glob filters out "." and "..".

This converts all users of glob_extend() and glob_exists() to safe_glob.
2017-04-27 13:20:08 -04:00