1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

52914 Commits

Author SHA1 Message Date
Lennart Poettering
724f207d0d
Merge pull request #20521 from DaanDeMeyer/analyze-condition-units
analyze: Support passing unit files to systemd-analyze condition
2021-09-01 13:25:31 +02:00
Daan De Meyer
8de7929de5 mkosi: Add zsh to Arch packages
Useful for testing zsh completion changes.
2021-09-01 10:01:18 +02:00
Daan De Meyer
e11ca6bb4d mkosi: Install bash-completion in Arch image
Useful for testing bash completion changes.
2021-09-01 10:00:12 +02:00
Daan De Meyer
65fcee152d mkosi: Add man-db to arch packages
Required to test systemd-analyze verify.
2021-09-01 10:00:12 +02:00
Jan Kuparinen
9a59d1f22f po: Translated using Weblate (Finnish)
Currently translated at 48.6% (92 of 189 strings)

Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/fi/
Translation: systemd/main
2021-09-01 05:17:52 +09:00
Luca Boccassi
cc3001693d
Merge pull request #20525 from maanyagoenka/custom-security
systemd-analyze: add option to enable users to custom define security requirements in the form of a .json file
2021-08-31 21:15:41 +01:00
Lennart Poettering
322b3b38a8 update TODO 2021-08-31 17:11:10 +02:00
Alvin Šipraga
8e664ab6ec network: print Ethernet Link-Layer DHCP client ID with leading 0's
This is a small cosmetic change.

Before:

   Offered DHCP leases: 192.168.0.183 (to 0:9:a7:36:bc:89)

After:

   Offered DHCP leases: 192.168.0.183 (to 00:09:a7:36:bc:89)
2021-09-01 00:04:04 +09:00
Maanya Goenka
4b6221194d test: add integration tests for systemd-analyze 2021-08-31 08:02:08 -07:00
Maanya Goenka
3838d22cfb systemd-analyze: allow parsing of JSON file to obtain custom security requirements for comparison
The 'security' verb of systemd-analyze needs to be able to parse JSON files to be able to read in
the user-defined requirements and use them to determine the overall exposure level of the specified unit
file(s). The JSON files are expected to have a specific format where the keys in the file are the
unit ids consisting of only alphanumeric characters and underscores and the values are JSON objects
again consisting of key value pairs. The keys in these objects may include one or more of the following
properties: description_na, description_good, description_bad, weight, and range. The first three of these
are expected to be strings and the latter two are expected to be unsigned integer values. If one or more
of these properties is missing from the JSON object, then the default values of the properties as specified
in the hard coded set of security directives is used. The other properties that assess() needs to determine
overall exposure levels for a unit file for example, the assess function and parameter type among others,
are not to be included in the JSON files defined by the user because the values assigned to these fields
are expected to be consistent across unit files for each id.
2021-08-31 08:02:08 -07:00
Maanya Goenka
ecfd082b71 systemd-analyze: add new 'security' option to allow user to choose custom requirements
A new option --security-policy= is added to work with the 'security' verb in order to enable
users to create and pass in a JSON file consisting of user defined requirements
against which to compare the specified unit file(s). These requirements then serve
as the measure of security threats for the file instead of the initial hard coded set of
requirements that the 'security' verb of systemd-analyze relied on.

Example Run:

A snapshot of the user defined testfile.json file is shown below instead of the complete file
for readability purposes.

{
"PrivateDevices":
    {"description_good": "Service has no access to hardware devices",
    "description_bad": "Service potentially has access to hardware devices",
    "weight": 1000,
    "range": 1
    },
"PrivateMounts":
    {"description_good": "Service cannot install system mounts",
    "description_bad": "Service may install system mounts",
    "weight": 1000,
    "range": 1
    },
"PrivateNetwork":
    {"description_good": "Service has no access to the host's network",
    "description_bad": "Service has access to the host's network",
    "weight": 2500,
    "range": 1
    },
"PrivateTmp":
    {"description_good": "Service has no access to other software's temporary files",
    "description_bad": "Service has access to other software's temporary files",
    "weight": 1000,
    "range": 1
    },
"PrivateUsers":
    {"description_good": "Service does not have access to other users",
    "description_bad": "Service has access to other users",
    "weight": 1000,
    "range": 1
    }
}

1. I created the jsontest.service file in order to test the --security-policy= option as follows:

maanya-goenka@debian:~/systemd (custom-security)$ cat<<EOF>jsontest.service
> [Service]
> ExecStart = echo hello
> PrivateNetwork = yes
> PrivateDevices = yes
> PrivateMounts = yes
> EOF

The security analysis table outputted below has been truncated to include only the first few lines for readability.

maanya-goenka@debian:~/systemd (custom-security)$ sudo build/systemd-analyze security --root= --offline=true
--security-policy=src/analyze/testfile.json jsontest.service
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

  NAME                                                         DESCRIPTION
✓ PrivateNetwork                                               Service has no access to the host's network
✗ UserOrDynamicUser                                            Service runs as root user
✗ CapabilityBoundingSet_CAP_SET_UID_GID_PCAP                   Service may change UID/GID identities/capabilities
✓ PrivateMounts                                                Service cannot install system mounts
✓ PrivateDevices                                               Service has no access to hardware devices

→ Overall exposure level for jsontest.service: 8.3 EXPOSED 🙁

maanya-goenka@debian:~/systemd (custom-security)$ echo $? 0

2. In order to ensure that the JSON data was actually being correctly parsed, I made some changes to the JSON
file, specifically to the id "PrivateNetwork" as follows:

Before:
--------

"PrivateNetwork":
    {"description_good": "Service has no access to the host's network",
    "description_bad": "Service has access to the host's network",
    "weight": 2500,
    "range": 1
    }

After:
--------

"PrivateNetwork":
    {"description_good": "Service runs without access to host network",
    "description_bad": "Service has access to the host's network",
    "weight": 6000,
    "range": 1
    }

As expected, the new description for the description_good field of the Private Network id was updated in
the analysis table outputted below and the overall exposure level of the unit file decreased because
the weight assigned to 'Private Network' (which is set to yes) increased from 2500 to 6000.

maanya-goenka@debian:~/systemd (custom-security)$ sudo build/systemd-analyze security --root= --offline=true
--security-policy=src/analyze/testfile.json jsontest.service

/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

  NAME                                                         DESCRIPTION
✓ PrivateNetwork                                               Service runs without access to the host's network
✗ UserOrDynamicUser                                            Service runs as root user
✗ CapabilityBoundingSet_CAP_SET_UID_GID_PCAP                   Service may change UID/GID identities/capabilities
✓ PrivateMounts                                                Service cannot install system mounts
✓ PrivateDevices                                               Service has no access to hardware devices

→ Overall exposure level for jsontest.service: 7.8 EXPOSED 🙁

maanya-goenka@debian:~/systemd (custom-security)$ echo $? 0

3. When paired with security's --threshold= option, systemd-analyze exits with a non-zero error status indicating
that the overall exposure level for the unit file (=78) is greater than the set threshold (=70). The same
jsontest.service file is used for the demo run below:

maanya-goenka@debian:~/systemd (custom-security)$ sudo build/systemd-analyze security --root= --offline=true
--security-policy=src/analyze/testfile.json --threshold=70 jsontest.service

/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

  NAME                                                         DESCRIPTION
✓ PrivateNetwork                                               Service runs without access to host network
✗ UserOrDynamicUser                                            Service runs as root user
✗ CapabilityBoundingSet_CAP_SET_UID_GID_PCAP                   Service may change UID/GID identities/capabilities
✓ PrivateMounts                                                Service cannot install system mounts
✓ PrivateDevices                                               Service has no access to hardware devices

→ Overall exposure level for jsontest.service: 7.8 EXPOSED 🙁

maanya-goenka@debian:~/systemd (custom-security)$ echo $? 1

new option
2021-08-31 08:02:08 -07:00
Lennart Poettering
37b3e1394a
Merge pull request #20592 from poettering/homed-fix-smb
various fixes to make homed's smb backend work correctly again
2021-08-31 14:20:53 +02:00
Peter Hutterer
08111c7841 tmpfiles.d: remove .Test-unix, it's obsolete
See libxtrans commit 0794b1b712a90b40e2b019c9edc6f96874493c52. The code
to generate this socket was removed 5 years ago and even before it was
conditional on #define TEST_t. There is no reference to that #define in
either the X server nor libX11's git history, or in any of the current
libX*.

Let's assume this is well and truly obsolete.
2021-08-31 10:57:37 +02:00
Lennart Poettering
67f9bf897c homed: remove misplaced assert() 2021-08-31 10:51:50 +02:00
Lennart Poettering
9191142ddf homed: add missing SYNTHETIC_ERRNO() 2021-08-31 10:51:50 +02:00
Lennart Poettering
e070b9eac9 homed: fix log message referring to fsck, when we actually mean mount 2021-08-31 10:51:50 +02:00
Lennart Poettering
279e060e25 homed: make sure to use right asssesors for GID + access mode
Don't reach directly into the UserRecord struct, but use the right
assessors, so that the "unspecified" case is covered.
2021-08-31 10:51:50 +02:00
Lennart Poettering
169764332a homed: add missing capabilities for SMB/CIFS backend
In 2020 mount.cifs started to require a bunch for caps to work. let's
add them to the capability bounding set.

Also, SMB support obviously needs network access, hence open that up.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1962920
2021-08-31 10:51:42 +02:00
Luca Boccassi
1f08acf406
Merge pull request #20257 from bluca/seqno
Use new diskseq block device property
2021-08-31 09:06:33 +01:00
Yu Watanabe
e658a37326
Merge pull request #20567 from yuwata/socket-additional-cmsg-buffer
socket-util: add additional cmsg buffer for 64bit timeval or timespec
2021-08-31 13:54:18 +09:00
Kristian Klausen
b00651cf43 gpt-auto-generator: Use volatile-root by default and automatic logic as fallback
Previously volatile-root was only checked if "/" wasn't backed by a
block device, but the block device isn't necessarily original root block
device (ex: if the rootfs is copied to a ext4 fs backed by zram in the
initramfs), so we always want volatile-root checked.

So shuffle the code around so volatile-root is checked first and
fallback to the automatic logic.

Fix #20557
2021-08-31 13:52:52 +09:00
Yu Watanabe
fb6ba2521c
Merge pull request #20583 from poettering/pk-no-tty
some polkit agent tweaks
2021-08-31 13:45:04 +09:00
Thomas Mühlbacher
fee1863c83 man: Don't leak memory in path-documents example
The `sd_path_lookup(3)` man page states that the returned string shall be
`free(3)`'d but then doesn't do so in the example code.

Also add basic error handling as well.
2021-08-31 13:44:49 +09:00
Yu Watanabe
827d1ba730 core: fix typo: they -> the 2021-08-30 22:25:54 +09:00
Lennart Poettering
aecc04f180 hwdb: remove double empty line in --help text 2021-08-30 22:25:04 +09:00
Lennart Poettering
0bcf167900 exec-util: handle gracefully if we want to fork an agent but have no controlling tty
Fixes: #20576
2021-08-30 13:37:06 +02:00
Lennart Poettering
966f3a246c run/mount/systemctl: don't fork off PolicyKit/ask-pw agent when in --user mode
When we are in --user mode there's no point in doing PolicyKit/ask-pw
because both of these systems are only used by system-level services.
Let's disable the two agents for that automaticlly hence.

Prompted by: #20576
2021-08-30 13:37:06 +02:00
Yu Watanabe
37df6d9b8d timesync: check cmsg length 2021-08-30 19:56:44 +09:00
Yu Watanabe
9365e296fe socket-util: introduce CMSG_SPACE_TIMEVAL/TIMESPEC macro to support additional 64bit timeval or timespec
Fixes #20482 and #20564.
2021-08-30 19:56:41 +09:00
jlempen
93d2e0b6b0 Add matrix for the Chuwi SurBook Mini (CWI540) 2021-08-30 12:16:52 +02:00
José Expósito
c5e9aeca0a
hwdb: add a generic rule for trackpoints (#20543)
Check for "TrackPoint" in the device name and add the
ID_INPUT_POINTINGSTICK property.

In reference to libinput issue:
https://gitlab.freedesktop.org/libinput/libinput/-/issues/651
2021-08-30 18:30:42 +10:00
Yu Watanabe
4917c15af7
Merge pull request #20057 from yuwata/sd-netlink-genl-cleanups
sd-netlink: cleanups for generic netlink
2021-08-29 22:37:31 +09:00
Yu Watanabe
98be429243 sd-netlink: make type_system_get_*() and friends return value directly 2021-08-29 18:10:47 +09:00
Yu Watanabe
e1578f608b sd-netlink: introduce sd_genl_add_match()
By using this, we can listen multicast messages for generic netlink.
2021-08-29 18:10:47 +09:00
Yu Watanabe
3f60e4488c sd-netlink: split sd_netlink_add_match() into two parts
This also makes netlink_slot_disconnect() correctly unref multicast
groups.
2021-08-29 18:10:47 +09:00
Yu Watanabe
ef90beb1c5 sd-netlink: introduce sd_genl_message_get_command() 2021-08-29 18:10:47 +09:00
Yu Watanabe
44f1072a9d sd-netlink: determine header size of genl message by using CTRL_ATTR_HDRSIZE attribute
Fortunately, all genl families we currently use do not require additional
header size.
2021-08-29 18:10:47 +09:00
Yu Watanabe
52313394ba sd-netlink: read protocol version of each genl family 2021-08-29 18:10:47 +09:00
Yu Watanabe
56fdc16da8 sd-netlink: drop sd_genl_family_t and introduce GenericNetlinkFamily
Kernel manages each genl family by its name, e.g. "nlctrl" or WG_GENL_NAME,
and its ID (used for nlmsg_type) is determined dynamically when the
corresponding module is loaded.

This commit makes sd-netlink follow the same way; now, sd_genl_family_t
is dropped, and sd_genl_message_new() takes a genl family name. Each
genl family is resolved when it is used first time, and its information
is stored in GenericNetlinkFamily.
2021-08-29 18:10:43 +09:00
Yu Watanabe
1cedca05e4 sd-netlink: split message_new() into two parts and introduces message_new_full() 2021-08-29 18:01:26 +09:00
Yu Watanabe
699c3708df sd-netlink: introduce several macros to define type system 2021-08-29 18:01:26 +09:00
Yu Watanabe
e6dd298935 sd-netlink: drop redundant string table lookup functions to handle type system union 2021-08-29 18:01:26 +09:00
Yu Watanabe
fae9ee25a4 sd-netlink: split type system for nfnl
This makes the root type system for nfnl indexed by subsystem, and
itroduces a next level type system for each subsystem. The second
level type systems are indexed by message types correspond to each
subsystem.
2021-08-29 18:01:26 +09:00
Yu Watanabe
07acd0d90b sd-netlink: drop 'flags' argument from sd_nfnl_nft_message_new_table() 2021-08-29 18:01:26 +09:00
Yu Watanabe
c08ab4a013 sd-netlink: wrap long function declarations 2021-08-29 18:01:26 +09:00
Yu Watanabe
9a9c8f3fcc sd-netlink: add several missing attributes 2021-08-29 18:01:26 +09:00
Yu Watanabe
1370925bc7 basic: copy genetlink.h to repository 2021-08-29 18:01:26 +09:00
Yu Watanabe
aee6309b97 sd-netlink: introduce basic_type_system
Preparation for later commits.
2021-08-29 18:01:26 +09:00
Yu Watanabe
d757e6bdf0 sd-netlink: unify two spurious type system root for genl 2021-08-29 18:01:26 +09:00
Yu Watanabe
9270ec60bc sd-netlink: drop genl type system indexed by command
All type systems of currently supported genl families do not depend on
commands. Hence, at least tentatively, let's drop the tables.

Note that type system for genl ethtool depends on commands. Let's
reintroduce a mechanism to support the deps when we support ethtool on
netlink.
2021-08-29 18:01:26 +09:00