1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 23:21:22 +03:00
Commit Graph

32543 Commits

Author SHA1 Message Date
Franck Bui
936f6bdb80 tmpfiles: don't resolve pathnames when traversing recursively through directory trees
Otherwise we can be fooled if one path component is replaced underneath us.

The patch achieves that by always operating at file descriptor level (by using
*at() helpers) and by making sure we do not any path resolution when traversing
direcotry trees.

However this is not always possible, for instance when listing the content of a
directory or some operations don't provide the *at() helpers or others (such as
fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on
/proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of
objects and requires no checking of type beforehand.

Also O_PATH flag is used when opening file objects in order to prevent
undesired behaviors: device nodes from reacting, automounts from
triggering, etc...

Fixes: #7986
Fixes: CVE-2018-6954
2018-03-05 19:00:11 +01:00
Franck Bui
56114d45d0 tmpfiles: fstat() works with fd opened with O_PATH since Linux 3.6 2018-03-05 19:00:11 +01:00
Franck Bui
774f79b570 tmpfiles: make hardlink_vulnerable() argument constant 2018-03-05 19:00:11 +01:00
Zbigniew Jędrzejewski-Szmek
de5fbba9e2
Merge pull request #8341 from yuwata/test-execute-ambient
test-execute: check capabilities before runnig tests
2018-03-05 17:45:28 +01:00
Zbigniew Jędrzejewski-Szmek
8c6414be15
Merge pull request #8345 from sourcejedi/logind_restart_is_sorely_lacking_in_testing
login: fix for #8343
2018-03-05 17:18:47 +01:00
Zbigniew Jędrzejewski-Szmek
b719b66b0a
Merge pull request #8354 from keszybz/new-NEWS
NEWS for v238
2018-03-05 17:16:04 +01:00
Filipe Brandenburger
2ea09665e2 mkosi: use locale that supports UTF-8, detect one that is available (#8340)
Using C.UTF-8 (as was done before #7244) breaks Arch Linux, but using
en_US.UTF-8 (after #7244) breaks Debian in our .mkosi/mkosi.debian.

So try to detect which one is available and works, first checking
whether we're already running under a valid UTF-8 locale, then trying
C.UTF-8 and finally en_US.UTF-8.

If we fail to find a valid UTF-8 locale, then fail early, instead of
letting the whole build complete only for Mesos to fail midway through
the `ninja test` step.

Tested on all of mkosi.fedora, mkosi.debian and mkosi.arch.

Fixes: #7238
2018-03-05 17:03:52 +01:00
Marco Gulino
81818edc7a Add accel matrix for iOTA 360 (#8342) 2018-03-05 16:47:28 +01:00
Zbigniew Jędrzejewski-Szmek
313c32c3a4 NEWS: update for v238 2018-03-05 16:42:04 +01:00
Zbigniew Jędrzejewski-Szmek
c8fad2e7db man: just use unicode for an mdash 2018-03-05 09:31:17 +01:00
Zbigniew Jędrzejewski-Szmek
46dcfbbdb6 basic/glob-util: do not use names with "_" prefix
Names starting with _ or __ are reserved by the standard, better to
avoid them.
2018-03-05 09:04:39 +01:00
Yu Watanabe
e8fb0238cd coredump: do not leak memory (#8352)
Fixes #8351.
2018-03-05 08:39:52 +01:00
Yu Watanabe
e5ba1d324d test-execute: use CAP_CHOWN instead of CAP_NET_ADMIN
CAP_NET_ADMIN is somtrimes dropped by container runtime.
This changes to use CAP_CHOWN instead of CAP_NET_ADMIN, as it is
less likely to be dropped.
2018-03-05 00:02:22 +09:00
Yu Watanabe
b7856f9218 test-execute: check capabilities before running tests
Fixes #8193.
2018-03-05 00:00:35 +09:00
Andika Triwidada
a8170f9a3f po: Updated Indonesian translation (#8348) 2018-03-04 21:15:21 +09:00
SjonHortensius
fe4a1d0f0d fixed 3 occurences of 'Failed top open' (#8349) 2018-03-04 21:12:45 +09:00
Yu Watanabe
5cd33ccc2c test-execute: change log level from error to notice
Skipping some tests due to the missing e.g., capsh binary
or kernel support, are not error.
This changes the log level for such messages.
2018-03-04 16:53:50 +09:00
Yu Watanabe
b6dc25eebc test-execute: rename tests for AmbientCapabilities=
The unit files for test-execute are named like
`exec-(setting-name-in-lower-character)-(optional-text).service`.
However, test units for AmbientCapabilities= are not following this.
So, let's rename them for the consistency.
This does not change anything in the functionality of the test.
2018-03-04 16:37:58 +09:00
snorreflorre
d5339ab123 hwdb: add axis range corrections for the Lenovo ThinkPad Edge 13 (02173BG) (#8253) 2018-03-04 08:18:46 +01:00
Alan Jenkins
f8f9419e87 login: remember that fds received from PID1 need to be removed eventually
Remember to set sd->pushed_fd when we receive an fd from PID1 on startup,
the same as we set it when we send an fd to PID1.
2018-03-03 20:51:45 +00:00
Alan Jenkins
b5cdfa40ca login: fix FDNAME in call to sd_pid_notify_with_fds()
$ git grep FDNAME
logind-session-device.c: ... "FDNAME=session-", sd->session->id);
logind-session-device.c: ... "FDNAME=session", sd->session->id);

Oops.

Fixes #8343.  Or at least a more minimal reproducer.  Xorg still
dies when logind is restarted, but the Xorg message says this
is entirely deliberate.

(This could also be the reason I hit #8035, instead of the race
condition I originally suggested).
2018-03-03 20:50:18 +00:00
Lennart Poettering
cb77e12288 update TODO 2018-03-02 16:26:03 +01:00
Lennart Poettering
6cc7e918ff
Merge pull request #8314 from poettering/rearrange-stdio
refactor how we rearrange fds for stdin/stdout/stderr
2018-03-02 15:42:03 +01:00
Lennart Poettering
7ddcdb6072
units: use SuccessAction=reboot where appropriate (#8335)
We should really use our own native concepts for rebooting.
2018-03-02 15:41:36 +01:00
Lennart Poettering
650f401123
Merge pull request #8336 from poettering/coccinelle-reallocarray
reallocarray() coccinellization
2018-03-02 15:40:52 +01:00
Lennart Poettering
774a928abf
Merge pull request #8333 from keszybz/hwdb-update
Hwdb update
2018-03-02 15:40:21 +01:00
Zbigniew Jędrzejewski-Szmek
a478fb9229
Merge pull request #8337 from poettering/resolve-fixes
various resolve-tool fixes
2018-03-02 13:33:54 +01:00
Lennart Poettering
f7a4bd9527 man: there's no point in referenceing systemd.unit(5) from itself (#8338) 2018-03-02 13:33:29 +01:00
Zbigniew Jędrzejewski-Szmek
3cca71c456
Merge pull request #8323 from xyproto/ok_color
Make the color of the status OK configurable at build-time
2018-03-02 13:00:07 +01:00
Michael Vogt
1825c909ff sysusers: support u username -:300 style syntax (#8325)
This PR implements the first part of RFE #8046. I.e. this allows to
write:
```
u username -:300
```
Where the uid is chosen automatically but the gid is fixed.
2018-03-02 12:56:44 +01:00
Zbigniew Jędrzejewski-Szmek
283def70cf
Merge pull request #8332 from poettering/logind-open-if-needed
logind device resume fix
2018-03-02 12:56:04 +01:00
Lennart Poettering
39f305a901 mount-setup: change bpf mount mode to 0700 (#8334)
After discussing with the kernel folks, we agreed to default to 0700 for
this. Better safe than sorry.
2018-03-02 12:55:24 +01:00
Zbigniew Jędrzejewski-Szmek
48449f41b4
Merge pull request #8303 from yuwata/fix-8276
test: use synthesize_nobody() in test-execute
2018-03-02 12:53:11 +01:00
Lennart Poettering
c54819ca80 systemctl: document telinit/init matching a bit (#8339)
See: #8305
2018-03-02 12:51:57 +01:00
Lennart Poettering
b351c300ee resolved: debug log about resolv.conf lines we don't grok 2018-03-02 12:43:12 +01:00
Lennart Poettering
e40ec7de3a man: extend synopsys to recently added commands 2018-03-02 12:43:12 +01:00
Lennart Poettering
9f0454a833 resolve-tool: propagate sensible errors from due to dns_name_is_valid() check failures 2018-03-02 12:43:12 +01:00
Lennart Poettering
27d8af3e39 resolve-tool: trivial coding style improvements 2018-03-02 12:43:12 +01:00
Lennart Poettering
8419d45776 coccinelle: similar to reallocarray() let's also systematically use malloc_multiply() 2018-03-02 12:39:07 +01:00
Lennart Poettering
62d74c78b5 coccinelle: add reallocarray() coccinelle script
Let's systematically make use of reallocarray() whereever we invoke
realloc() with a product of two values.
2018-03-02 12:39:07 +01:00
Lennart Poettering
3209c8e650 resolve-tool: use reallocarray() where appropriate 2018-03-02 12:39:07 +01:00
Zbigniew Jędrzejewski-Szmek
04b9d5f975 hwdb: update
usb.ids are not updated, because linux-usb.org is down.

It seems that the updates are corrections and new entries, to major
removal of existing entries.
2018-03-02 12:12:04 +01:00
futpib
ae934a7325 hwdb: add accelerometer mount matrix for Asus TP300LD (#8327) 2018-03-02 12:11:28 +01:00
Lennart Poettering
2589472712
Merge pull request #8237 from sourcejedi/timer_suspend
core: let OnCalendar= timer units expire during suspend (#8231)
2018-03-02 12:11:06 +01:00
Zbigniew Jędrzejewski-Szmek
558ad9cbc8 hwdb: ignore whitespace in downloaded files 2018-03-02 12:09:52 +01:00
Zbigniew Jędrzejewski-Szmek
299597f8d5 tools/hwdb-update: allow downloads to fail
sf.net is down, and linux-usb.org which is hosted there also fails.
That's not nice, but there's not we can do about it now.
2018-03-02 12:06:32 +01:00
Lennart Poettering
340aff15f8 logind: fix typo in comment 2018-03-02 11:56:15 +01:00
Lennart Poettering
4d3900f1b7 logind: open device if needed
Fixes: #8291
2018-03-02 11:55:51 +01:00
Lennart Poettering
4804600b6a logind: cast away return value we don't care about 2018-03-02 11:55:33 +01:00
Lennart Poettering
a3ddf73c0e logind: voidify a function we never check the return value of 2018-03-02 11:55:16 +01:00