1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00
Commit Graph

39597 Commits

Author SHA1 Message Date
Lennart Poettering
9b2559a13e core: add new call unit_reset_accounting()
It's a simple wrapper for resetting both IP and CPU accounting in one
go.

This will become particularly useful when we also needs this to reset IO
accounting (to be added in a later commit).
2019-04-12 14:25:44 +02:00
Lennart Poettering
cc6625212f core: no need to initialize ip_accounting twice 2019-04-12 14:25:44 +02:00
Lennart Poettering
0bbff7d638 cgroup: get rid of a local variable 2019-04-12 14:25:44 +02:00
Lennart Poettering
b51629ad84
Merge pull request #12222 from yuwata/macsec
network: introduce MACsec
2019-04-12 13:59:30 +02:00
Lennart Poettering
3661dc349e
Merge pull request #12217 from keszybz/unlocked-operations
Refactor how we do unlocked file operations
2019-04-12 13:51:53 +02:00
Zbigniew Jędrzejewski-Szmek
15de23a0b2
Merge pull request #12289 from poettering/news-pid-max
NEWS: explain the kernel.pid_max sysctl change
2019-04-12 12:12:18 +02:00
Lennart Poettering
6af9058324 NEWS: document kernel.pid_max change 2019-04-12 12:01:41 +02:00
Lennart Poettering
39e445c95d NEWS: fix typo 2019-04-12 12:01:23 +02:00
Zbigniew Jędrzejewski-Szmek
673a1e6fb9 Add fmemopen_unlocked() and use unlocked ops in fuzzers and some other tests
This might make things marginially faster. I didn't benchmark though.
2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek
2fe21124a6 Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek
b636d78aee core/smack-setup: add helper function for openat+fdopen
Unlocked operations are used in all three places. I don't see why just one was
special.

This also improves logging, since we don't just log the final component of the
path, but the full name.
2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek
02e23d1a1a Add fdopen_unlocked() wrapper 2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek
41f6e627d7 Make fopen_temporary and fopen_temporary_label unlocked
This is partially a refactoring, but also makes many more places use
unlocked operations implicitly, i.e. all users of fopen_temporary().
AFAICT, the uses are always for short-lived files which are not shared
externally, and are just used within the same context. Locking is not
necessary.
2019-04-12 11:44:56 +02:00
Zbigniew Jędrzejewski-Szmek
fdeea3f4f1 Add fopen_unlocked() wrapper 2019-04-12 11:44:52 +02:00
Lennart Poettering
25f31130f3
Merge pull request #12221 from keszybz/test-cleanups
Script indentation cleanups
2019-04-12 11:02:54 +02:00
Lennart Poettering
d34f7bd247
Merge pull request #12287 from keszybz/patches-for-coverity-warnings
Patches for coverity warnings
2019-04-12 10:56:53 +02:00
Anita Zhang
7bc5e0b12b seccomp: check more error codes from seccomp_load()
We noticed in our tests that occasionally SystemCallFilter= would
fail to set and the service would run with no syscall filtering.
Most of the time the same tests would apply the filter and fail
the service as expected. While it's not totally clear why this happens,
we noticed seccomp_load() in the systemd code base would fail open for
all errors except EPERM and EACCES.

ENOMEM, EINVAL, and EFAULT seem like reasonable values to add to the
error set based on what I gather from libseccomp code and man pages:

-ENOMEM: out of memory, failed to allocate space for a libseccomp structure, or would exceed a defined constant
-EINVAL: kernel isn't configured to support the operations, args are invalid (to seccomp_load(), seccomp(), or prctl())
-EFAULT: addresses passed as args are invalid
2019-04-12 10:23:07 +02:00
Zbigniew Jędrzejewski-Szmek
17e4b07088 core: vodify one more call to mkdir
CID #1400460.
2019-04-12 09:05:02 +02:00
Zbigniew Jędrzejewski-Szmek
04193fb2ae test-exec-util: do not call setenv with NULL arg
The comment explains that $PATH might not be set in certain circumstances and
takes steps to handle this case. If we do that, let's assume that $PATH indeed
might be unset and not call setenv("PATH", NULL, 1). It is not clear from the
man page if that is allowed.

CID #1400497.
2019-04-12 09:05:02 +02:00
Zbigniew Jędrzejewski-Szmek
1890c53892 test-env-util: allow $PATH to be unset
Coverity was unhappy, because it doesn't know that $PATH is pretty much always
set. But let's not assume that in the test. CID #1400496.

$ (unset PATH; build/test-env-util)
[1]    31658 segmentation fault (core dumped)  ( unset PATH; build/test-env-util; )
2019-04-12 09:05:02 +02:00
Zbigniew Jędrzejewski-Szmek
3b69b18fbf CODING_STYLE: adjust indentation rules, and add note about config loading 2019-04-12 08:37:41 +02:00
Zbigniew Jędrzejewski-Szmek
c1072f6473 shell-completion/zsh: add -*type*- headers
Since there's no file extension, emacs and other editors do not know that this is
supposed to be in shell syntax.
2019-04-12 08:36:18 +02:00
Zbigniew Jędrzejewski-Szmek
843cfcb15c shell-completion: use 4 space indentation too
The same as in other places, indentation levels were all over the place.
2019-04-12 08:34:44 +02:00
Zbigniew Jędrzejewski-Szmek
cc5549ca12 scripts: use 4 space indentation
We had all kinds of indentation: 2 sp, 3 sp, 4 sp, 8 sp, and mixed.
4 sp was the most common, in particular the majority of scripts under test/
used that. Let's standarize on 4 sp, because many commandlines are long and
there's a lot of nesting, and with 8sp indentation less stuff fits. 4 sp
also seems to be the default indentation, so this will make it less likely
that people will mess up if they don't load the editor config. (I think people
often use vi, and vi has no support to load project-wide configuration
automatically. We distribute a .vimrc file, but it is not loaded by default,
and even the instructions in it seem to discourage its use for security
reasons.)

Also remove the few vim config lines that were left. We should either have them
on all files, or none.

Also remove some strange stuff like '#!/bin/env bash', yikes.
2019-04-12 08:30:31 +02:00
Zbigniew Jędrzejewski-Szmek
408c9a07e5 test: filter out messages when stripping binaries
We would get an error for every script, which is just noise.
2019-04-12 08:23:41 +02:00
Yu Watanabe
02849d8b4f test-network: add tests for MACsec 2019-04-12 10:12:42 +09:00
Yu Watanabe
e57319dd54 network: re-indent gperf files 2019-04-12 10:12:42 +09:00
Yu Watanabe
70c5754761 network: warn when private key is stored in world readable files 2019-04-12 10:12:42 +09:00
Yu Watanabe
b0e13c3122 network: add MACsecTransmitAssociation.UseForEncoding= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
a7b9c52f1f network: add MACsec*Association.Activate= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
eb4705fb36 network: add MACsec*Association.KeyFile= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
e482018672 network: explicitly clear security key for macsec 2019-04-12 10:12:42 +09:00
Yu Watanabe
e0fde24c97 network: support multiple security associations for macsec channels 2019-04-12 10:12:42 +09:00
Susant Sahani
81962db798 network: Introduce MACsec
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.

Closes #5754
2019-04-12 10:12:41 +09:00
Yu Watanabe
45cae4abfb linux: import if_macsec.h from kernel-5.0
MACsec is introduced since kernel-4.6. Let's support order kernels.
2019-04-12 10:12:30 +09:00
Yu Watanabe
89aaf65586 fileio: add READ_FULL_FILE_UNHEX flag
Similar to READ_FULL_FILE_UNBASE64, read data is decoded with
unhexmem().
2019-04-12 10:10:24 +09:00
Yu Watanabe
7088befb17 util: extend unhexmem() to accept secure flag
When the flag is set, buffer is cleared on failure.
This is a continuation of 2432d09c7a.
2019-04-12 10:10:24 +09:00
Lennart Poettering
03abeb0baf
Merge pull request #12267 from keszybz/udev-settle-warning
Udev settle warning
2019-04-11 19:01:03 +02:00
Yu Watanabe
01234e1fe7 tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0 2019-04-11 19:00:37 +02:00
Lennart Poettering
aa46c28418
Merge pull request #12153 from benjarobin/killall-show-not-killed
shutdown/killall: Show in the console the processes not yet killed
2019-04-11 18:58:43 +02:00
Lennart Poettering
3f0e934a37
Merge pull request #12226 from poettering/22bit-pids
sysctl: let's by default increase the numeric PID range from 2^16 to …
2019-04-11 18:58:08 +02:00
Lennart Poettering
54f802ff8a
Merge pull request #12037 from poettering/oom-state
add cgroupv2 oom killer event handling to service management
2019-04-11 18:57:47 +02:00
Lennart Poettering
3b21fd06ed
Merge pull request #12219 from keszybz/bootctl-check-entries
bootctl: check entries when showing them
2019-04-11 18:57:18 +02:00
Zbigniew Jędrzejewski-Szmek
1e5d2d6564 NEWS: update contributors and date 2019-04-11 18:28:36 +02:00
Sebastian Krzyszkowiak
155bc908bc hwdb: mark Apple Magic Trackpads as external
Applies only to USB - when connected via Bluetooth it already gets marked correctly.
2019-04-11 18:27:01 +02:00
Jonathan Lebon
30fdb8962a fstab-generator: use DefaultDependencies=no for /sysroot mounts
Otherwise we can end up with an ordering cycle. Since d54bab90, all
local mounts now gain a default `Before=local-fs.target` dependency.
This doesn't make sense for `/sysroot` mounts in the initrd though,
since those happen later in the boot process.

Closes: #12231
2019-04-11 17:04:24 +02:00
Lennart Poettering
574ef404d8
Merge pull request #12279 from keszybz/sd-bus-long-signatures
sd-bus: properly handle messages with overlong signatures
2019-04-11 17:03:57 +02:00
Lennart Poettering
a3a1f24f81
Merge pull request #12274 from poettering/nss-fixlets
some nss module fixlets
2019-04-11 15:21:45 +02:00
Zbigniew Jędrzejewski-Szmek
fb270a26b2 sd-bus: add define for the maximum name length
Less magic numbers in the code…
2019-04-11 14:07:22 +02:00
Zbigniew Jędrzejewski-Szmek
cfcc0059bf sd-bus: add define for the maximum signature length
Less magic numbers in the code…
2019-04-11 14:02:59 +02:00