1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 09:56:51 +03:00
Commit Graph

31830 Commits

Author SHA1 Message Date
Michal Sekletar
877dce40cb man: make clear that accessing network and mounting filesystems is not supported in udev rules (#7916)
These restrictions are implied by systemd options used for
systemd-udevd.service, i.e. MountFlags=slave and
IPAddressDeny=any. However, there are users out there getting tripped by
this, so let's make things clear in the man page so the actual
restrictions we implement by default have better visibility.
2018-01-20 08:47:27 +09:00
Susant Sahani
8cdc46e7ba networkd: ignore Static Routes option when Classless Static Routes is given (#7807)
When the DHCP server returns both a Classless Static Routes
option and a Static Routes option, the DHCP client MUST ignore the
Static Routes option.

Closes #7792
2018-01-20 08:42:45 +09:00
Zbigniew Jędrzejewski-Szmek
c3de717e51
Merge pull request #7675 from shawnl/unaligned
Issue #7654 (unaligned loads on sparc64)
2018-01-20 10:00:14 +11:00
Yu Watanabe
22bc57c58a fs-util: chase_symlinks(): support empty root
The commit b1bfb84804 makes chase_symlinks()
recognize empty string for root as an invalid parameter. However,
empty root is often used e.g. systemd-nspawn.
This makes chase_symlinks() support empty string safely.

Fixes #7927.
2018-01-19 11:41:28 +01:00
Zbigniew Jędrzejewski-Szmek
8f2e968659
Merge pull request #7923 from keszybz/resolved-generic-packet
Resolved generic packet
2018-01-19 17:42:29 +11:00
Alan Jenkins
68f7480b7e
Merge pull request #7913 from sourcejedi/devpts
3 nitpicks from core/namespace.c
2018-01-18 21:56:26 +00:00
jdkbx
51aa88268e hwdb: Add Lenovo IdeaPad Miix 320 sensor mount quirk (#7707) 2018-01-19 05:09:58 +09:00
Alan Jenkins
a30504ed69 man: systemd-nspawn: fix list of default capabilities (#7925)
* Sort them alphabetically.
* Add CAP_MKNOD (commit 7f112f50fe added it).

the list is now in sync with the one at the top of nspawn.c
2018-01-19 04:11:11 +09:00
Alan Jenkins
0970be500d
Merge pull request #7924 from sourcejedi/devpts-regression-fix
core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx
2018-01-18 19:04:12 +00:00
Alan Jenkins
225874dc9c core: clone_device_node(): add debug message
For people who use debug messages, maybe it is helpful to know that
PrivateDevices= failed due to mknod(), and which device node.

(The other (un-logged) failures could be while mounting filesystems e.g. no
CAP_SYS_ADMIN which is the common case, or missing /dev/shm or /dev/pts,
or missing /dev/ptmx).
2018-01-18 13:58:13 +00:00
Alan Jenkins
5a7f87a9e0 core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx
#7886 caused PrivateDevices= to silently fail-open.
https://github.com/systemd/systemd/pull/7886#issuecomment-358542849

Allow PrivateDevices= to succeed, in creating /dev/ptmx, even though
DeviceControl=closed applies.

No specific justification was given for blocking mknod of /dev/ptmx.  Only
that we didn't seem to need it, because we weren't creating it correctly as
a device node.
2018-01-18 12:10:20 +00:00
Zbigniew Jędrzejewski-Szmek
bfc1d7345f resolved: fix confusion with generic data in unparsable packets
Issue 5465.
2018-01-18 20:28:38 +11:00
Zbigniew Jędrzejewski-Szmek
4a49e560d4 resolved: split out parts of dns_packet_extract
This fairly complicated function was deeply nested and
hard to read...
2018-01-18 19:35:47 +11:00
Zbigniew Jędrzejewski-Szmek
0241c1c0ee bus-message: avoid -Wnull-pointer-arithmetic warning on new clang
We just need some pointer, so use alignment directly converted
to the right type.
2018-01-18 17:38:35 +11:00
Zbigniew Jędrzejewski-Szmek
1aaadf859b
Merge pull request #7876 from titanous/oss-fuzz
Add initial fuzzing infrastructure
2018-01-18 12:41:13 +11:00
Jonathan Rudenberg
8b53eb4d47 fuzz: add docs on creating fuzzer targets to HACKING 2018-01-17 13:57:06 -05:00
Jonathan Rudenberg
31e57a35dc fuzz: allow building fuzzers outside of oss-fuzz
Add a new -Dllvm-fuzz=true option that can be used to build against
libFuzzer and update the oss-fuzz script to work outside of the
oss-fuzz build environment.
2018-01-17 13:57:06 -05:00
Jonathan Rudenberg
7d941c0635 fuzz: rebuild everything during each oss-fuzz build
This avoids failures while using the oss-fuzz local testing
infrastructure.
2018-01-17 13:57:06 -05:00
Jonathan Rudenberg
b4081f3ea2 fuzz: disable all deps when building with oss-fuzz
The fuzz targets are intended to be fast and only target systemd
code, so they don't need to call out to any dependencies. They also
shouldn't depend on shared libraries outside of libc, so we disable
every dependency when compiling against oss-fuzz. This also
simplifies the upstream build environment significantly.
2018-01-17 13:57:06 -05:00
Jonathan Rudenberg
7db7d5b733 fuzz: add initial fuzzing infrastructure
The fuzzers will be used by oss-fuzz to automatically and
continuously fuzz systemd.

This commit includes the build tooling necessary to build fuzz
targets, and a fuzzer for the DNS packet parser.
2018-01-17 13:57:06 -05:00
Lennart Poettering
52ffb3d2e9
Merge pull request #7903 from yuwata/fix-7863
network: create runtime sub-directories after drop_privileges()
2018-01-17 19:18:47 +01:00
Lennart Poettering
b79fe07243
Merge pull request #7910 from poettering/getcwd
some getcwd() fixes, and other path-util tweaks
2018-01-17 19:16:42 +01:00
Lennart Poettering
897c8395c7
Merge pull request #7911 from poettering/chase-symlinks-tweaks
chase_symlinks() tweaks
2018-01-17 19:15:49 +01:00
Alan Jenkins
8d95368210 core: namespace: remove unnecessary mode on /dev/shm mount target
This should have no behavioural effect; it just confused me.

All the other mount directories in this function are created as 0755.
Some of the mounts are allowed to fail - mqueue and hugepages.
If the /dev/mqueue mount target was created with the permissive mode 01777,
to match the filesystem we're trying to mount there, then a mount failure
would allow unprivileged users to write to the /dev filesystem, e.g. to
exhaust the available space.  There is no reason to allow this.

(Allowing the user read access (0755) seems a reasonable idea though, e.g. for
quicker troubleshooting.)

We do not allow failure of the /dev/shm mount, so it doesn't matter that
it is created as 01777.  But on the same grounds, we have no *reason* to
create it as any specific mode.  0755 is equally fine.

This function will be clearer by using 0755 throughout, to avoid
unintentionally implying some connection between the mode of the mount
target, and the mode of the mounted filesystem.
2018-01-17 18:04:34 +00:00
Alan Jenkins
45a582d536 README: fix context for CONFIG_DEVPTS_MULTIPLE_INSTANCES
`newinstance` (and `ptmxmode`) options of devpts are _not_ used by
PrivateDevices=.  (/dev/pts is shared, similar to how /dev/shm and
/dev/mqueue are handled).  It is used by nspawn containers though.

Also CONFIG_DEVPTS_MULTIPLE_INSTANCES was removed in 4.7-rc2
eedf265aa0
and no longer needs to be set, so make that clearer to avoid confusion.
2018-01-17 18:04:27 +00:00
Shawn Landden
8a0f6d1f6b resolve: check for underflow of size parameter (#7889)
to dns_packet_read_memdup()

Closes #7888
2018-01-18 00:49:22 +11:00
Alan Jenkins
98b1d2b8d9 core: namespace: nitpick /dev/ptmx error handling
If /dev/tty did not exist, or had st_rdev == 0, we ignored it.  And the
same is true for null, zero, full, random, urandom.

If /dev/ptmx did not exist, we treated this as a failure.  If /dev/ptmx had
st_rdev == 0, we ignored it.

This was a very recent change, but there was no reason for ptmx creation
specifically to treat st_rdev == 0 differently from non-existence.  This
confuses me when reading it.

Change the creation of /dev/ptmx so that st_rdev == 0 is
treated as failure.

This still leaves /dev/ptmx as a special case with stricter handling.
However it is consistent with the immediately preceding creation of
/dev/pts/, which is treated as essential, and is directly related to ptmx.

I don't know why we check st_rdev.  But I'd prefer to have only one
unanswered question here, and not to have a second unanswered question
added on top.
2018-01-17 13:28:32 +00:00
Lennart Poettering
382a5078a6 fs-util: refuse taking a relative path to chase if "root" is specified and CHASE_PREFIX_ROOT is set
If we take a relative path we first make it absolute, based on the
current working directory. But if CHASE_PREFIX_ROOT is passe we are
supposed to make the path absolute taking the specified root path into
account, but that makes no sense if we talk about the current working
directory as that is relative to the host's root in any case. Hence,
let's refuse this politely.
2018-01-17 12:04:15 +01:00
Lennart Poettering
a49424af6a fs-util: extra chase_symlink() safety check on "path" parameter
It's not clear what an empty "path" is even supposed to mean, hence
refuse.
2018-01-17 12:04:15 +01:00
Lennart Poettering
b1bfb84804 fs-util: extra safety checks on chase_symlinks() root parameter
Let's handle root="" and root="/" safely.
2018-01-17 12:04:15 +01:00
Lennart Poettering
7aeeb313ad path-util: don't insert duplicate "/" in path_make_absolute_cwd()
When the working directory is "/" it's prettier not to insert a second
"/" in the path, even though it is technically correct.
2018-01-17 11:17:55 +01:00
Lennart Poettering
d72495759b tree-wide: port all code to use safe_getcwd() 2018-01-17 11:17:38 +01:00
Lennart Poettering
a2556d25ae path-util: introduce new safe_getcwd() wrapper
It's like get_current_dir_name() but protects us from
CVE-2018-1000001-style exploits:

https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
2018-01-17 11:16:31 +01:00
Lennart Poettering
cddd2ce106 path-util: don't add extra "/" when prefix already is suffixed by slash
No need to insert duplicate "/" if we can avoid it. This is particularly
relevant if the prefix passed in is the root directory.
2018-01-17 11:15:00 +01:00
Lennart Poettering
81cce8ded5 path-util: do something useful if the prefix is "" in path_make_absolute()
Do not insert a "/" if the prefix we shall use is empty. It's a corner
case we should probably take care of.
2018-01-17 11:14:28 +01:00
Yu Watanabe
5caf49360b efivars: include errno.h when EFI support is disabled (#7900)
Fixes #7898.
2018-01-17 20:25:42 +11:00
Alan Jenkins
e41090db89
Merge pull request #7886 from gdamjan/fix-ptmx
namespace: make /dev/ptmx a copy of the host not a symlink
2018-01-17 09:24:00 +00:00
Zbigniew Jędrzejewski-Szmek
4e4e3d9766
Merge pull request #7893 from poettering/parse-tweaks
parsing tweaks
2018-01-17 20:22:17 +11:00
Zbigniew Jędrzejewski-Szmek
9b1f89bcb1
Merge pull request #7902 from yuwata/fix-warning-by-clang
network: small fixes
2018-01-17 20:17:23 +11:00
Hans de Goede
66500345ec hwdb: 60-sensors: Add DMI strings for Trekstor Surftab 7.0 newer BIOS versions (#7904)
Some newer BIOS versions of the TrekStor SurfTab wintron 7.0 tablet use
different (better) DMI strings, update the existing 60-sensors.hwdb
entry for this tablet to also work with the newer BIOS.
2018-01-17 20:15:41 +11:00
Jerónimo Borque
252d847a2b hwdb: HP vendor name for ZBooks in 60-keyboard.hwdb (#7905)
Added new HP vendor name to support Zbook's mic mute key mapping
2018-01-17 20:15:00 +11:00
Zbigniew Jędrzejewski-Szmek
58eab88176
Merge pull request #7897 from yuwata/small-man-fixes
Several man fixes
2018-01-17 20:13:54 +11:00
Дамјан Георгиевски
414b304ba2 namespace: only make the symlink /dev/ptmx if it was already a symlink
…otherwise try to clone it as a device node

On most contemporary distros /dev/ptmx is a device node, and
/dev/pts/ptmx has 000 inaccessible permissions. In those cases
the symlink /dev/ptmx -> /dev/pts/ptmx breaks the pseudo tty support.

In that case we better clone the device node.

OTOH, in nspawn containers (and possibly others), /dev/pts/ptmx has
normal permissions, and /dev/ptmx is a symlink. In that case make the
same symlink.

fixes #7878
2018-01-17 01:19:46 +01:00
Дамјан Георгиевски
b5e99f23ed namespace: extract clone_device_node function from mount_private_dev 2018-01-16 21:41:10 +01:00
Yu Watanabe
0a02e38379 network: create runtime sub-directories after drop_privileges()
For old kernels not supporting AmbientCapabilities=, networkd is
started as root with limited capabilities. Then, networkd cannot
chown the directories under runtime directory as
CapabilityBoundingSet= does not contains enough capabilities.
This makes these directories are created after dropping privileges.
Thus, networkd does not need to chown them anymore.

Fixes #7863.
2018-01-17 03:35:28 +09:00
Yu Watanabe
d1c2774b6d timesync: do not fail when started as privileged user 2018-01-17 03:34:45 +09:00
Yu Watanabe
976fade6c1 dhcp6: fix warnings by clang with -Waddress-of-packed-member
This fixes the following warnings:
```
[194/1521] Compiling C object 'src/libsystemd-network/systemd-network@sta/dhcp6-option.c.o'.
../../git/systemd/src/libsystemd-network/dhcp6-option.c:110:25: warning: taking address of packed member 'id' of class or structure 'ia_na' may result in an unaligned pointer value [-Waddress-of-packed-member]
                iaid = &ia->ia_na.id;
                        ^~~~~~~~~~~~
../../git/systemd/src/libsystemd-network/dhcp6-option.c:115:25: warning: taking address of packed member 'id' of class or structure 'ia_ta' may result in an unaligned pointer value [-Waddress-of-packed-member]
                iaid = &ia->ia_ta.id;
                        ^~~~~~~~~~~~
2 warnings generated.
```
2018-01-17 01:53:03 +09:00
Yu Watanabe
b7d16a91d6 networkd: fix wrong argument check 2018-01-17 01:29:13 +09:00
Yu Watanabe
1291a04298 ipvlan: fix wrong assignment in ipvlan_init() 2018-01-17 01:28:09 +09:00
Yu Watanabe
c7612b2005 man: mention that systemctl is-active or is-failed do not load units
See the discussion in the issue #7875.
2018-01-16 23:25:56 +09:00