shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-12 13:18:14 +03:00
Code
64,627 Commits 4 Branches 400 Tags 554 MiB
890c14e343
Commit Graph

64627 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lennart Poettering
890c14e343 mount-util: keep fd to /proc/self/mountinfo continously open in umount_recursive() 
That way, if we end up unmounting /proc/ in our loop we can still
operate correctly, since we don't have to go through /proc/ again to
open the mount table again.
 2023-05-17 10:26:51 +02:00
Yu Watanabe
89572df859
Merge pull request #27664 from mrc0mmand/test-merge 
test: let's merge more tests together
 2023-05-17 09:53:58 +09:00
Frantisek Sumsal
7c6fa5bf16 test: move runas() to the shared utility library 2023-05-16 23:07:45 +02:00
Frantisek Sumsal
e71bac7222 test: make shellcheck happy again 
No functional changes.
 2023-05-16 23:07:45 +02:00
Frantisek Sumsal
16eb568766 test: merge TEST-48-START-STOP-NO-RELOAD into TEST-23-UNIT-FILE 2023-05-16 23:07:45 +02:00
Frantisek Sumsal
518c3e2722 test: merge TEST-49-RUNTIME-BIND-PATHS into TEST-23-UNIT-FILE 2023-05-16 23:07:45 +02:00
Frantisek Sumsal
ab1b2f22fd test: clean up test artifacts 
So we don't run into unexpected fails when two tests use the same paths.
 2023-05-16 23:07:45 +02:00
Frantisek Sumsal
23cb7362f1 test: merge TEST-28-PERCENTJ-WANTEDBY into TEST-23-UNIT-FILE 2023-05-16 22:43:52 +02:00
Frantisek Sumsal
fb03fea2a2 test: merge TEST-56-EXIT-TYPE into TEST-19-CGROUP 
And clean it up a bit.
 2023-05-16 22:43:52 +02:00
Frantisek Sumsal
3999ea001a test: rename TEST-19-DELEGATE to TEST-19-CGROUP 
And clean it up a bit.
 2023-05-16 22:43:52 +02:00
Frantisek Sumsal
5ff1c6fcde test: introduce get_cgroup_hierarchy() 2023-05-16 22:43:52 +02:00
Frantisek Sumsal
cb153b4fe9 test: rename assert.sh to util.sh 
So we can extend it with additional utility functions without making it
confusing.

No functional change.
 2023-05-16 22:43:52 +02:00
Frantisek Sumsal
1fd24da616 test: merge TEST-33-CLEAN-UNIT into TEST-23-UNIT-FILE 2023-05-16 22:43:52 +02:00
Frantisek Sumsal
9245eb3cbd test: merge TEST-27-STDOUTFILE into TEST-23-UNIT-FILE 2023-05-16 21:49:09 +02:00
Frantisek Sumsal
b4d42a82eb test: merge TEST-14-MACHINE-ID into TEST-74-AUX-UTILS 2023-05-16 21:49:09 +02:00
Antonio Alvarez Feijoo
79567763a2 man/systemd-sysext: correct explanation of confexts directories 2023-05-16 18:43:21 +01:00
Lennart Poettering
84b4c78570 switch-root: add a comment regarding the safety limits of rm_rf_children() 2023-05-17 01:42:01 +09:00
Yu Watanabe
871a41f0ef
Merge pull request #27606 from YHNdnzj/loginctl-list-show-state 
loginctl: list-{users,sessions}: add a column for showing state
 2023-05-17 01:41:13 +09:00
Yu Watanabe
8c7dd49ad1
Merge pull request #27655 from yuwata/udev-net-assign-alternative-names-only-on-add-event 
udev/net: assign alternative names only on add event
 2023-05-17 01:39:40 +09:00
Frantisek Sumsal
a5a4d5a18e
Merge pull request #27651 from mrc0mmand/more-nspawn-tests 
nspawn: OCI related fixes & tests
 2023-05-16 17:26:25 +02:00
Mike Yuan
329f4b06f5
Merge pull request #27659 from yuwata/memfd-seal 
memfd-util: handle F_SEAL_EXEC flag
 2023-05-16 22:00:57 +08:00
Mike Yuan
0313c41068
Merge pull request #27638 from YHNdnzj/upheldby-unit-file 
unit-file: support UpheldBy= in [Install] settings (adding Upholds= deps from .upholds/)
 2023-05-16 21:53:24 +08:00
Lennart Poettering
3907b25638
Merge pull request #27573 from poettering/sd-bus-description 
sd-bus: pass bus description (and comm name) to per via socket address binding on AF_UNIX
 2023-05-16 06:46:29 -07:00
Lennart Poettering
93d4a200fb
Merge pull request #27648 from poettering/common-dissect-dir 
pid1: add common root dir inode to mount disk images to in private namespaces
 2023-05-16 05:26:48 -07:00
Lennart Poettering
b10c4acfa3
Merge pull request #27647 from poettering/mount-setup-tweaklets 
mount-setup: minor tweaks
 2023-05-16 05:26:09 -07:00
Lennart Poettering
8a1b590591
Merge pull request #27658 from poettering/base-fs-run 
base-filesystem: also set up /run/ mount point if missing
 2023-05-16 05:25:43 -07:00
Lennart Poettering
7e0aaeb244 man: indicate that the JOB parameter to "systemctl cancel" is optional 
As per:

https://social.treehouse.systems/@grawity/110376583742207755
 2023-05-16 20:18:38 +08:00
Mike Yuan
306ff2e297
test: add test for state in loginctl list-{users,sessions} 2023-05-16 18:09:15 +08:00
Mike Yuan
8b6c039a1a
loginctl: list-sessions: also show state 2023-05-16 18:09:15 +08:00
Mike Yuan
486f61a8c9
loginctl: list-sessions: minor modernization 2023-05-16 18:09:15 +08:00
Mike Yuan
bae05711b5
loginctl: list-users: also show state 2023-05-16 18:09:15 +08:00
Lennart Poettering
acf493390a busctl: set a description for the bus connection 
Unlike most other bus connections in our codebase this one is created
manually and every setting set invididually. It hence does not have a
description by default (as all automatic connections have). Set one
explicitly.
 2023-05-16 12:08:41 +02:00
Lennart Poettering
7b674a9ee8 pid1: debug log client comm/description strings if available for incoming connections 
Very useful for debugging, to see which clients actually connect.
 2023-05-16 12:08:41 +02:00
Lennart Poettering
b587194313 test: add testcase for the new sockaddr metainfo logic 2023-05-16 12:08:41 +02:00
Lennart Poettering
c32f9648cc sd-bus: use the new information in the client's sockaddr in the creds structure 
Now that clients might convey comm/description strings via the sockaddr,
let's actually use them on the other side, read the data via
getpeername() parse it, and include it in the "owner" creds (which is
how we call the peer's creds).
 2023-05-16 12:08:41 +02:00
Yu Watanabe
3418ca21ed test: add basic test for memfd_set_sealed() and memfd_get_sealed() 2023-05-16 18:59:25 +09:00
Yu Watanabe
52e2672af2 memfd-util: set F_SEAL_EXEC flag if supported 2023-05-16 18:50:39 +09:00
Yu Watanabe
17915ea5b3 memfd-util: memfd may also have F_SEAL_EXEC flag 
Follow-up for c29715a8f7.

Fixes #27608.
 2023-05-16 18:48:32 +09:00
Yu Watanabe
8e3303333f missing: add more F_SEAL_XYZ flags 2023-05-16 18:46:16 +09:00
Lennart Poettering
84c61aea0f base-filesystem: mention why we don't carry an entry for /tmp/ for now 2023-05-16 11:45:21 +02:00
Frantisek Sumsal
cd70372b93 nspawn: make sure the device type survives when setting device mode 2023-05-16 11:40:33 +02:00
Lennart Poettering
4d88d83924 base-filesystem: also set up /run/ mount point if missing 
We don't support images without, hence create this one too, like we
create all other relevant mount points we definitely require for
booting.
 2023-05-16 11:32:56 +02:00
Yu Watanabe
40b6b448bd test: add tests for renaming network interface 2023-05-16 18:28:18 +09:00
Frantisek Sumsal
f00519b5b3 fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-16 11:27:10 +02:00
Frantisek Sumsal
0d5896a949 test: add a couple of tests for nspawn's OCI stuff 2023-05-16 11:27:10 +02:00
Frantisek Sumsal
525c3e3438 nspawn: fix a global-buffer-overflow 
Whoopsie.

=================================================================
==3789231==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000051d0b8 at pc 0x7f70850bc904 bp 0x7ffd9bbdf660 sp 0x7ffd9bbdf658
READ of size 8 at 0x00000051d0b8 thread T0
    #0 0x7f70850bc903 in json_dispatch ../src/shared/json.c:4347
    #1 0x4a5b54 in oci_seccomp_syscalls ../src/nspawn/nspawn-oci.c:1838
    #2 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395
    #3 0x4a668c in oci_seccomp ../src/nspawn/nspawn-oci.c:1905
    #4 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395
    #5 0x4a7d8c in oci_linux ../src/nspawn/nspawn-oci.c:2030
    #6 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395
    #7 0x4aa31c in oci_load ../src/nspawn/nspawn-oci.c:2198
    #8 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744
    #9 0x44ffa7 in run ../src/nspawn/nspawn.c:5477
    #10 0x4552fb in main ../src/nspawn/nspawn.c:5920
    #11 0x7f7083a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
    #12 0x7f7083a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
    #13 0x40d284 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/systemd-nspawn+0x40d284)

0x00000051d0b8 is located 40 bytes to the left of global variable 'bus_standard_errors_copy_0' defined in '../src/libsystemd/sd-bus/bus-error.h:57:1' (0x51d0e0) of size 8
0x00000051d0b8 is located 0 bytes to the right of global variable 'table' defined in '../src/nspawn/nspawn-oci.c:1829:43' (0x51d040) of size 120
SUMMARY: AddressSanitizer: global-buffer-overflow ../src/shared/json.c:4347 in json_dispatch
Shadow bytes around the buggy address:
  0x00008009b9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009b9d0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x00008009b9e0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x00008009b9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x00008009ba10: 00 00 00 00 00 00 00[f9]f9 f9 f9 f9 00 f9 f9 f9
  0x00008009ba20: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==3789231==ABORTING
 2023-05-16 11:27:10 +02:00
Frantisek Sumsal
fc83296547 nspawn: fix inverted condition 2023-05-16 11:27:10 +02:00
Frantisek Sumsal
f4e5c042c9 nspawn: call json_dispatch() with a correct pointer 
Otherwise hilarity ensues:

 AddressSanitizer:DEADLYSIGNAL
 =================================================================
 ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0)
 ==722==The signal is caused by a READ memory access.
     #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb)
     #1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33
     #2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46
     #3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948
     #4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197
     #5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139
     #6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395
     #7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089
     #8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395
     #9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112
     #10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395
     #11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197
     #12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744
     #13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477
     #14 0x4552fb in main ../src/nspawn/nspawn.c:5920
     #15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
     #16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
     #17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284)
 AddressSanitizer can not provide additional info.
 SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0
 ==722==ABORTING
 2023-05-16 11:27:10 +02:00
Frantisek Sumsal
3590d95b2b nspawn: all hooks should be arrays of objects, not just objects 
See: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config.md#posix-platform-hooks
 2023-05-16 11:27:10 +02:00
Frantisek Sumsal
e5c275fedc nspawn: use the just returned errno in the log message 
Use the returned errno even though we are going to ignore it, otherwise
the log message is just confusing:

config.json:119:13: Failed to resolve device node 4:2, ignoring: Success
 2023-05-16 11:27:10 +02:00