1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

48361 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
7bbdef621f test: add one more dmidecode dump 2020-12-17 09:21:31 +01:00
Zbigniew Jędrzejewski-Szmek
2b7b142e97 meson: make each dmidecode a separate test
This allows them to be executed in parallel and also gives us
better reporting.

The dump files are renamed to avoid repeating "dmidecode-dump", since that
string is already present in the subdirectory name.
2020-12-17 09:21:29 +01:00
Zbigniew Jędrzejewski-Szmek
68f18549c5
Merge pull request #18001 from systemd/wip/hadess/unsupported-dmi
meson: Disable dmi_memory_id on arches without DMI
2020-12-17 09:16:33 +01:00
Lennart Poettering
ddbf960574 terminal-util: use 256 color mode for PID 1 output, too
Follow-up for: #17702

Alsoe, see earlier review comment: https://github.com/systemd/systemd/pull/17702#pullrequestreview-552329600
2020-12-17 09:15:26 +01:00
Frantisek Sumsal
0ce96f4152
Merge pull request #17998 from mrc0mmand/qemu-drop-trailing-whitespace
test: drop the trailing whitespace from the QEMU version check
2020-12-16 23:48:17 +01:00
Lennart Poettering
e4dde4e87d
Merge pull request #17702 from rnhmjoj/master
Extend $SYSTEMD_COLORS to switch colors mode
2020-12-16 19:26:40 +01:00
Bastien Nocera
2bfb92a978 meson: Disable dmi_memory_id on arches without DMI 2020-12-16 19:21:19 +01:00
Lennart Poettering
a8af734e75
Merge pull request #17026 from fw-strlen/nft_16
add networkd/nspawn nftables backend
2020-12-16 19:18:22 +01:00
Bastien Nocera
2f1bcc4d4d meson: Split off udev helper programs array 2020-12-16 18:43:26 +01:00
Bastien Nocera
4dd465cb4e udev: Extract RAM properties from DMI information
Add memory_id program to set properties about the physical memory
devices in the system. This is useful on machines with removable memory
modules to show how the machine can be upgraded, and on all devices to
detect the actual RAM size, without relying on the OS accessible amount.

Closes: #16651
2020-12-16 18:32:29 +01:00
Yu Watanabe
84a1ff9457 tree-wide: fix typo 2020-12-16 18:30:15 +01:00
Zbigniew Jędrzejewski-Szmek
ac5644635d test-login: skip consistency checks when logind is not active
There are two ways in swich sd_login_* functions acquire data:
some are derived from the cgroup path, but others use the data serialized
by logind.

When the tests are executed under Fedora's mock, without systemd-spawn
but instead in a traditional chroot, test-login gets confused:
the "outside" cgroup path is visible, so sd_pid_get_unit() and
sd_pid_get_session() work, but sd_session_is_active() and other functions
that need logind data fail.

Such a buildroot setup is fairly bad, but it can be encountered in the wild, so
let's just skip the tests in that case.

/* Information printed is from the live system */
sd_pid_get_unit(0, …) → "session-237.scope"
sd_pid_get_user_unit(0, …) → "n/a"
sd_pid_get_slice(0, …) → "user-1000.slice"
sd_pid_get_session(0, …) → "237"
sd_pid_get_owner_uid(0, …) → 1000
sd_pid_get_cgroup(0, …) → "/user.slice/user-1000.slice/session-237.scope"
sd_uid_get_display(1000, …) → "(null)"
sd_uid_get_sessions(1000, …) → [0] ""
sd_uid_get_seats(1000, …) → [0] ""
Assertion 'r >= 0' failed at src/libsystemd/sd-login/test-login.c:104, function test_login(). Aborting.
2020-12-16 18:22:32 +01:00
Devon Pringle
221019166f networkd: handle ignoring ll gateway being link ll
In the event where network discovery gets a route with the gateway being
the interfaces local link address, networkd will fail the interface.

systemd-networkd[44319]: br_lan: Configuring route: dst: fdcd:41a4:5559:ec03::/64, src: n/a, gw: fe80::e4da:7eff:fe77:5c5e, prefsrc: n/a, scope: global, table: main, proto: ra, type: unicast
systemd-networkd[44319]: br_lan: Could not set NDisc route or address: Gateway can not be a local address. Invalid argument
systemd-networkd[44319]: br_lan: Failed
systemd-networkd[44319]: br_lan: State changed: configuring -> failed

This patch, instead of allowing the interface to fail, will instead log
the event and skip setting the route.
2020-12-16 17:56:01 +01:00
Zbigniew Jędrzejewski-Szmek
199f75205b
Merge pull request #17799 from yuwata/oss-fuzz-25353
logs-show: skip non-utf8 name entries
2020-12-16 17:52:35 +01:00
Luna Jernberg
91174d2803 Translated using Weblate (Swedish)
Currently translated at 67.3% (126 of 187 strings)

Co-authored-by: Luna Jernberg <bittin@reimu.nl>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/sv/
Translation: systemd/master
2020-12-16 17:27:22 +01:00
Yu Watanabe
24ee0f9d16 tree-wide: fix typo 2020-12-16 17:21:48 +01:00
Yu Watanabe
ecfbbf098c
Merge pull request #17859 from keszybz/hostnamed-export-hostname-origin-and-simplify-logic
Export hostname origin and simplify logic in hostamed
2020-12-17 00:55:49 +09:00
Frantisek Sumsal
26b127245a test: s/MUMA/NUMA/ 2020-12-16 16:38:44 +01:00
Frantisek Sumsal
f26d091460 test: drop the trailing whitespace from the QEMU version check
I suspect the original version of the regex was written on a system,
which prints both the QEMU version and the QEMU package version in the
--version output, like Fedora:

$ /bin/qemu-system-x86_64 --version
QEMU emulator version 4.2.1 (qemu-4.2.1-1.fc32)
Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers

However, Arch Linux prints only the QEMU version:
$ /bin/qemu-system-x86_64 --version
QEMU emulator version 5.2.0
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers

This causes the awk regex to not match the version string, since there's
no whitespace after it, causing the version check to fail (as well as the
TEST-36-NUMAPOLICY) as well.

Follow-up for 43b49470d1.
2020-12-16 16:38:26 +01:00
Susant Sahani
b43dfb6e6e sd-netlink: routing policy rule port to fib_rule_hdr 2020-12-17 00:17:32 +09:00
Lennart Poettering
5777c6130b resolved: always take a timestamp when first seeing a packet
This is later useful if we want to adjust the TTLs of packets we want to
propagate to clients.
2020-12-16 14:20:49 +01:00
Dan Streetman
8bc63a0b13 sd-dhcp-client: fix renew/rebind timeout calculation to avoid infinite loop
unfortunately I missed adding the timeout to 'now' which results in
an endless loop of renewal timeouts.

Fixes: 3a23834d6b
2020-12-16 19:49:31 +09:00
Zbigniew Jędrzejewski-Szmek
60e4fb4240 hostnamed,shared/hostname-setup: expose the origin of the current hostname
In hostnamed this is exposed as a dbus property, and in the logs in both
places.

This is of interest to network management software and such: if the fallback
hostname is used, it's not as useful as the real configured thing. Right now
various programs try to guess the source of hostname by looking at the string.
E.g. "localhost" is assumed to be not the real hostname, but "fedora" is. Any
such attempts are bound to fail, because we cannot distinguish "fedora" (a
fallback value set by a distro), from "fedora" (received from reverse dns),
from "fedora" read from /etc/hostname.

/run/systemd/fallback-hostname is written with the fallback hostname when
either pid1 or hostnamed sets the kernel hostname to the fallback value. Why
remember the fallback value and not the transient hostname in /run/hostname
instead?
We have three hostname types: "static", "transient", fallback".
– Distinguishing "static" is easy: the hostname that is set matches what
  is in /etc/hostname.
– Distingiushing "transient" and "fallback" is not easy. And the
  "transient" hostname may be set outside of pid1+hostnamed. In particular,
  it may be set by container manager, some non-systemd tool in the initramfs,
  or even by a direct call. All those mechanisms count as "transient". Trying
  to get those cases to write /run/hostname is futile. It is much easier to
  isolate the "fallback" case which is mostly under our control.
And since the file is only used as a flag to mark the hostname as fallback,
it can be hidden inside of our /run/systemd directory.

For https://bugzilla.redhat.com/show_bug.cgi?id=1892235.
2020-12-16 11:03:36 +01:00
Zbigniew Jędrzejewski-Szmek
d39079fcaa hostnamed: stop discriminating against "localhost" in /etc/hostname
We would sometimes ignore localhost-style names in /etc/hostname. That is
brittle. If the user configured some hostname, it's most likely because they
want to use that as the hostname. If they don't want to use such a hostname,
they should just not create the config. Everything becomes simples if we just
use the configured hostname as-is.

This behaviour seems to have been a workaround for Anaconda installer and other
tools writing out /etc/hostname with the default of "localhost.localdomain".
Anaconda PR to stop doing that: https://github.com/rhinstaller/anaconda/pull/3040.
That might have been useful as a work-around for other programs misbehaving if
/etc/hostname was not present, but nowadays it's not useful because systemd
mostly controls the hostname and it is perfectly happy without that file.

Apart from making things simpler, this allows users to set a hostname like
"localhost" and have it honoured, if such a whim strikes them.
2020-12-16 11:02:18 +01:00
Zbigniew Jędrzejewski-Szmek
468695c8cd hostnamed: improve message about static hostname
Changed static hostname to 'n/a' is not very nice.
2020-12-16 11:02:18 +01:00
Zbigniew Jędrzejewski-Szmek
536970d4f9 hostnamed: minor style cleanups 2020-12-16 11:02:18 +01:00
Zbigniew Jędrzejewski-Szmek
efda832d4f hostnamed: when hostname is set to existing value, suppress notifications
When the hostname is set through network config or such, let's
optimize things a bit by suppressing the logs and dbus notifications.
2020-12-16 11:02:17 +01:00
Zbigniew Jędrzejewski-Szmek
39ede7cc37 shared/hostname-setup: leave the terminator byte alone
gethostname(3) says it's unspecified whether the string is properly terminated
when the hostname is too long. We created a buffer with one extra byte, and it
seems the intent was to let that byte serve as terminator even if we get an
unterminated string from gethostname().
2020-12-16 11:02:17 +01:00
Zbigniew Jędrzejewski-Szmek
b6fad30665 shared/hostname-setup: add mode where we check what would be set, without doing
This allows the 'unsafe' mark to be removed from the test.
2020-12-16 11:02:17 +01:00
Zbigniew Jędrzejewski-Szmek
e2054217d5 Move hostname setup logic to new shared/hostname-setup.[ch]
No functional change, just moving a bunch of things around. Before
we needed a rather complicated setup to test hostname_setup(), because
the code was in src/core/. When things are moved to src/shared/
we can just test it as any function.

The test is still "unsafe" because hostname_setup() may modify the
hostname.
2020-12-16 11:02:15 +01:00
Zbigniew Jędrzejewski-Szmek
7d9ec60990 hostnamed: fix return value 2020-12-16 10:54:57 +01:00
Zbigniew Jędrzejewski-Szmek
ce6b138c75 hostnamed: expose the fallback-hostname setting as a const dbus property
Various users want to know what the fallback hostname is. Since it was made
configurable in 8146c32b92, we didn't expose this
nicely.
2020-12-16 10:54:57 +01:00
Zbigniew Jędrzejewski-Szmek
de31bbc6b1 man/hostnamectl,hostaned,hostname1: adjust the docs to match reality
The semantics were significantly changed in c779a44222
("hostnamed: Fix the way that static and transient host names interact", Feb. 2014),
but when the dbus api documentation was imported much later, it wasn't properly
adjusted to describe those new semantics.

34293dfafd which added systemd.hostname= also
added new behaviour.

Let's ove various bits and pieces around so that they are in more appropriate
places. Drop recommendations to set the hostname for DHCP or mDNS purposes.
Nowadays we expect tools that want to expose some different hostname to the
outside to manage that internally without affecting visible state. Also drop
mentions of DHCP or mDNS directly setting the hostname, since nowadays network
management software is expected to (and does) go through hostnamed.

Also, add a high-level description of semantics. It glosses over the details of
handling of localhost-style names. Later commits will remove this special handling
anyway.
2020-12-16 10:54:57 +01:00
Michal Fabik
a2be8be2cf coredumpctl: Add --debugger-args= option
This commit adds the possibility to pass command line options to the
debugger invoked with coredumpctl debug.

Resolves: #9905
2020-12-16 12:42:53 +09:00
Yu Watanabe
a7c52e1ee1
Merge pull request #17968 from yuwata/purge-libudev
udev: do not link with libudev
2020-12-16 12:07:46 +09:00
Florian Westphal
bc5a9b82d5 firewall-util-nft: attempt table recreation when add operation fails
When someone runs 'nft flush ruleset' in the same net namespace
this will also tear down the systemd nat table.

Unlike iptables -t nat -F, which will remove all rules added by
the systemd iptables backend, iptables has builtin chains that cannot
be deleted. IOW, the next add operation will 'just work'.

In the nftables case however, the entire table gets removed.

When the systemd nat table is removed by an external entity next
attempt to add a set element will yield -ENOENT.

If this happens, recreate the table, and, if successful, re-do
the add operation.

Note that this doesn't protect against external sabotage such as
a running 'while true; nft flush ruleset;done'. However, there is
nothing that could be done short of extending the kernel to allow
tables to be "frozen" or otherwise tied to a process such as
systemd-networkd.
2020-12-16 01:07:11 +01:00
Florian Westphal
715a70e721 firewall-util: add nftables backend
Idea is to use a static ruleset, added when the first attempt to
add a masquerade or dnat rule is made.

The alternative would be to add the ruleset when the init function is called.
The disadvantage is that this enables connection tracking and NAT in the kernel
(as the ruleset needs this to work), which comes with some overhead that might
not be needed (no nspawn usage and no IPMasquerade option set).

There is no additional dependency on the 'nft' userspace binary or other libraries.
sd-netlinks nfnetlink backend is used to modify the nftables ruleset.

The commit message/comments still use nft syntax since that is what
users will see when they use the nft tool to list the ruleset.

The added initial skeleton (added on first fw_add_masquerade/local_dnat
call) looks like this:

table ip io.systemd.nat {
        set masq_saddr {
                type ipv4_addr
                flags interval
                elements = { 192.168.59.160/28 }
        }

        map map_port_ipport {
                type inet_proto . inet_service : ipv4_addr . inet_service
                elements = { tcp . 2222 : 192.168.59.169 . 22 }
        }

        chain prerouting {
                type nat hook prerouting priority dstnat + 1; policy accept;
                fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
        }

        chain output {
                type nat hook output priority -99; policy accept;
                ip daddr != 127.0.0.0/8 oif "lo" dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
        }

        chain postrouting {
                type nat hook postrouting priority srcnat + 1; policy accept;
                ip saddr @masq_saddr masquerade
        }
}

Next calls to fw_add_masquerade/add_local_dnat will then only add/delete the
element/mapping to masq_saddr and map_port_ipport, i.e. the ruleset doesn't
change -- only the set/map content does.

Running test-firewall-util with this backend gives following output
on a parallel 'nft monitor':

$ nft monitor
add table ip io.systemd.nat
add chain ip io.systemd.nat prerouting { type nat hook prerouting priority dstnat + 1; policy accept; }
add chain ip io.systemd.nat output { type nat hook output priority -99; policy accept; }
add chain ip io.systemd.nat postrouting { type nat hook postrouting priority srcnat + 1; policy accept; }
add set ip io.systemd.nat masq_saddr { type ipv4_addr; flags interval; }
add map ip io.systemd.nat map_port_ipport { type inet_proto . inet_service : ipv4_addr . inet_service; }
add rule ip io.systemd.nat prerouting fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
add rule ip io.systemd.nat output ip daddr != 127.0.0.0/8 fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
add rule ip io.systemd.nat postrouting ip saddr @masq_saddr masquerade
add element ip io.systemd.nat masq_saddr { 10.1.2.3 }
add element ip io.systemd.nat masq_saddr { 10.0.2.0/28 }
delete element ip io.systemd.nat masq_saddr { 10.0.2.0/28 }
delete element ip io.systemd.nat masq_saddr { 10.1.2.3 }
add element ip io.systemd.nat map_port_ipport { tcp . 4711 : 1.2.3.4 . 815 }
delete element ip io.systemd.nat map_port_ipport { tcp . 4711 : 1.2.3.4 . 815 }
add element ip io.systemd.nat map_port_ipport { tcp . 4711 : 1.2.3.5 . 815 }
delete element ip io.systemd.nat map_port_ipport { tcp . 4711 : 1.2.3.5 . 815 }
CTRL-C

Things not implemented/supported:
1. Change monitoring.  The kernel allows userspace to learn about changes
   made by other clients (using nfnetlink notifications). It would be
   possible to detect when e.g. someone removes the systemd nat table.
   This would need more work.  Its also not clear on how to react to
   external changes -- it doesn't seem like a good idea to just auto-undo
   everthing.
2. 'set masq_saddr' doesn't handle overlaps.
   Example:

   fw_add_masquerade(true, AF_INET, "10.0.0.0" , 16);
   fw_add_masquerade(true, AF_INET, "10.0.0.0" , 8); /* fails */

With the iptables backend the second call works, as it adds an
independent iptables rule.

With the nftables backend, the range 10.0.0.0-10.255.255.255 clashes with
the existing range of 10.0.0.0-10.0.255.255 so 2nd add gets rejected by the
kernel.

This will generate an error message from networkd ("Could not enable IP
masquerading: File exists").

To resolve this it would be needed to either keep track of the added elements
and perform range merging when overlaps are detected.

However, the add erquests are done using the configured network on a
device, so no overlaps should occur in normal setups.

IPv6 support is added in a extra changeset.

Fixes: #13307
2020-12-16 01:07:08 +01:00
Florian Westphal
4df42cd99d sd-netlink: add a read function
Will be used by nftables nfnetlink backend.
It sends a series of netlink messages that form a nftables
update transaction.

The transaction will then generate a series of ack messages
(or an error).

This function will be used to read these acks.
2020-12-16 00:35:56 +01:00
Florian Westphal
99c41c0de4 sd-netlink: add sd_netlink_sendv
nftables uses a transaction-based netlink model: one netlink write
comes with multiple messages.

A 'BEGIN' message to tell nf_tables/kernel that a new transaction starts.

Then, one more messages to add/delete tables/chains/rules etc.

Lastly, an END message that commits all changes.

This function will be used to send all the individual messages that should
make up a single transaction as a single write.
2020-12-16 00:35:56 +01:00
Florian Westphal
347ea16797 sd-netlink: add nfnetlink helper routines
add nfnetlink_nftables helper functions to:
 * open a new nfnetlink socket to kernel
 * add tables, chains, rules, sets and maps
 * delete/flush table
 * add and delete elements from sets/maps
2020-12-16 00:35:56 +01:00
Florian Westphal
6f00fd9b7c sd-netlink: add nfnetlink/nftables type system
Will be used by upcoming nftables support -- it will use the netlink
interface directly rather than add another library dependency.
2020-12-16 00:35:56 +01:00
Florian Westphal
bcd1a2bb5c linux: import nf_tables and nfnetlink headers from Linux 5.8
Will be used/needed in the upcoming nfnetlink/nftables support.
This follows existing model where kernel uapi headers are cached
locally.
2020-12-16 00:35:56 +01:00
Florian Westphal
761cf19d7b firewall-util: introduce context structure
for planned nft backend we have three choices:

- open/close a new nfnetlink socket for every operation
- keep a nfnetlink socket open internally
- expose a opaque fw_ctx and stash all internal data here.

Originally I opted for the 2nd option, but during review it was
suggested to avoid static storage duration because of perceived
problems with threaded applications.

This adds fw_ctx and new/free functions, then converts the existing api
and nspawn and networkd to use it.
2020-12-16 00:35:56 +01:00
Florian Westphal
f51343d0af nspawn: pass userdata pointer, not inet_addr union
Next patch will need to pass two pointers to the callback instead
of just the addr mask.  Caller will pass a compound structure, so
make this 'void *userdata' to de-clutter the next patch.
2020-12-16 00:35:56 +01:00
Florian Westphal
3122097217 firewall-util: prepare for alternative to iptables backend
In a nutshell:
1. git mv firewall-util.c firewall-util-iptables.c
2. existing external functions gain _iptables_ in their names
3. firewall-util.c provides old function names
4. build system always compiles firewall-util.c,
   firewall-util-iptables.c is conditional instead (libiptc).
5. On first call to any of the 'old' API functions performs
   a probe that should return the preferred backend.

In a future step, can add firewall-util-FOOTYPE.c, add its
probe function to firewall-util.c and then have calls to
fw_add_masq/local_dnat handed to the detected backend.

For now, only iptables backend exists, and no special probing
takes place for it, i.e. when systemd was built with iptables,
that will be used.  If not, requets to add masquerade/dnat will
fail with same error (-EOPNOTSUPP) as before this change.

For reference, the rules added by the libiptc/iptables backend look like this:

for service export (via systemd-nspawn):
[0:0] -A PREROUTING -p tcp -m tcp --dport $exportedport -m addrtype --dst-type LOCAL -j DNAT --to-destination $containerip:$port
[0:0] -A OUTPUT ! -d 127.0.0.0/8 -p tcp -m tcp --dport $exportedport -m addrtype --dst-type LOCAL -j DNAT --to-destination $containerip:$port

for ip masquerade:
[0:0] -A POSTROUTING -s network/prefix -j MASQUERADE
2020-12-16 00:35:56 +01:00
Florian Westphal
47ed20e1e0 firewall-util: reject NULL source or address with prefixlen 0
Make sure we don't add masquerading rules without a explicitly
specified network range we should be masquerading for.

The only caller aside from test case is
networkd-address.c which never passes a NULL source.

As it also passes the network prefix, that should always be > 0 as well.

This causes expected test failure:
Failed to modify firewall: Invalid argument
Failed to modify firewall: Invalid argument
Failed to modify firewall: Invalid argument
Failed to modify firewall: Protocol not available
Failed to modify firewall: Protocol not available
Failed to modify firewall: Protocol not available
Failed to modify firewall: Protocol not available

The failing test cases are amended to expect failure on
NULL source or prefix instead of success.
2020-12-16 00:35:56 +01:00
Susant Sahani
937e305e93 network: Allow to configure interface promiscuous mode 2020-12-15 20:25:08 +00:00
Christian Ehrhardt
43b49470d1 test: use modern qemu numa arguments
Upgrading to qemu 5.2 breaks TEST-36-NUMAPOLICY like:
  qemu-system-x86_64: total memory for NUMA nodes (0x0) should
  equal RAM size (0x20000000)

Use the new (as in >=2014) form of memdev in test 36:
 -object memory-backend-ram,id=mem0,size=512M -numa node,memdev=mem0,nodeid=0

Since some target systems are as old as qemu 1.5.3 (CentOS7) but the new
kind to specify was added in qemu 2.1 this needs to add version parsing and
add the argument only when qemu is >=5.2.

Fixes #17986.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2020-12-16 05:16:41 +09:00
Lennart Poettering
94b78105c6
Merge pull request #17967 from poettering/connect-user-bus
add support for "systemctl --user --machine=foobar@.host" for connecting to user bus of user "foobar"
2020-12-15 21:14:01 +01:00
d032747
6fe2a70b91 busctl: add a timestamp to the output of the busctl monitor command 2020-12-16 05:06:56 +09:00