IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Let's make the seed actually work as stable seed, and use siphash24 to generate
the series of addresses, instead of the opaque libc random_r().
This not only makes the seed truly work as stable, portable seed, but also
makes the code quite a bit shorter, and removes a couple of memory allocations.
We try to stick to usec_t for encoding time information, do that here too. In
particular, get rid of "int" second specifications, since signed timespans are
a weird thing.
This state is active immediately after the state engine was started, but before
the first timer hits.
This way multiple _start() invocations on the same object are always detected
correctly.
This is much less confusing, since there's also sd_ipv4acd_stop(), which was
idfferent from ipv4acd_stop().
After renaming it, let's also use the funciton when destroying ipv4acd objects,
as the code is pretty much the same for that.
They are counters after all, and can never go below zero, hence don't pretend
with the chose type that they could.
Also, prefix their name with "n_", to indicate that they are counters.
These objects are only useful when multiple threads are involved, as they
operate with atomic operations. Given that our libraries are explicitly not
thread-safe don't make use of RefCnt here, and make things a bit simpler.
assert_return() should only be used to validate user-facing parameters and
state, assert() should be used for checking our own internal state and
parameters.
After all, it's actually used for resetting the state, not only for the initial
initialization.
While we are at it, also simplify the error path for
sd_ndisc_discovery_start().
A field "index" is not particularly precise and also might conflict with libc's
index() function definition. Also, pretty much everywhere else we call this
concept "ifindex", including in networkd, the primary user of these libraries.
Hence, let's fix this up and call this "ifindex" everywhere here too.
DHCPv6 requires an IPv6 link-local address to work. The client will not be started (even when enabled explicitly with `DHCP=`) if none is configured (either by autoconfiguration or manually). Therefore, disable IPv6 in such case.
Although networkd has option (LinkLocalAddressing=) to toggle IPv6LL autoconfiguration, when it is enabled, the address is autoconfigured by the kernel, but not networkd.
Therefore, we do not statically set IFLA_INET6_ADDR_GEN_MODE to IN6_ADDR_GEN_MODE_EUI64, but dynamically depending on whether stable_secret is set, just as what the kernel does by default.
Note that this does NOT affect the global addresses configured by networkd.
but also on all other consoles. This does help on e.g. mainframes
where often a serial console together with other consoles are
used. Even rack based servers attachted to both a serial console
as well as having a virtual console do sometimes miss a connected
monitor.
To be able to ask on all terminal devices of /dev/console the devices
are collected. If more than one device are found, then on each of the
terminals a inquiring task for passphrase is forked and do not return
to the caller.
Every task has its own session and its own controlling terminal.
If one of the tasks does handle a password, the remaining tasks
will be terminated.
Also let contradictory options on the command of
systemd-tty-ask-password-agent fail.
Spwan for each device of the system console /dev/console a own process.
Replace the system call wait() with with system call waitid().
Use SIGTERM instead of SIGHUP to get unresponsive childs down.
Port the collect_consoles() function forward to a pulbic and strv
based function "get_kernel_consoles()" in terminal-util.c and use this
in tty-ask-password-agent.c.
This reverts commit 483d8bbb4c.
In [1] Michel Dänzer and Daniel Vetter wrote:
>> The scenario you describe isn't possible if the Wayland compositor
>> directly uses the KMS API of /dev/dri/card*, but it may be possible if
>> the Wayland compositor uses the fbdev API of /dev/fb* instead (e.g. if
>> weston uses its fbdev backend).
>
> Yeah, if both weston and your screen grabber uses native fbdev API you can
> now screenshot your desktop. And since fbdev has no concept of "current
> owner of the display hw" like the drm master, I think this is not fixable.
> At least not just in userspace. Also even with native KMS compositors
> fbdev still doesn't have the concept of ownership, which is why it doesn't
> bother clearing it's buffer before KMS takes over. I agree that this
> should be reverted or at least hidden better.
TBH, I think that privilege separation between processes running under the same
UID is tenuous. Even with drm, in common setups any user process can ptrace the
"current owner of the display" and call DROP_MASTER or do whatever. It *is*
possible to prevent that, e.g. by disabling ptrace using yama.ptrace_scope, or
selinux, and so on, but afaik this is not commonly done. E.g. all Fedora
systems pull in elfutils-default-yama-scope.rpm through dependencies which sets
yama.ptrace_scope=0. And even assuming that ptrace was disabled, it is trivial
to modify files on disk, communicate through dbus, etc; there is just to many
ways for a non-sandboxed process to interact maliciously with the display shell
to close them all off. To achieve real protection, some sort of sandboxing
must be implemented, and in that case there is no need to rely on access mode
on the device files, since much more stringent measures have to be implemented
anyway.
The situation is similar for framebuffer devices. It is common to add
framebuffer users to video group to allow them unlimited access to /dev/fb*.
Using uaccess would be better solution in that case. Also, since there is no
"current owner" limitation like in DRM, processes running under the same UID
should be able to access /proc/<pid-of-display-server>/fd/* and gain access to
the devices. Nevertheless, weston implements a suid wrapper to access the
devices and then drop privileges, and this patch would make this daemon
pointless. So if the weston developers feel that this change reduces security,
I prefer to revert it.
[1] https://lists.freedesktop.org/archives/wayland-devel/2016-May/029017.html
The statemachine was unable to parse properties with empty values,
reported in [0].
When reaching the start of the KEY, we would unconditionally read
one more character before starting to look for the end-of-line.
Simply look for the end-of-line from the first character.
[0]: <https://bugzilla.redhat.com/show_bug.cgi?id=1338823>
Except for per-device BlockIO, IO and DeviceAllow/Deny settings, all were
missing newline causing the next drop-in to be concatenated at the end of the
line. Fix it.
From the issue #2004 we are receiving packet even if this
packet is not intended for this interface.
This can be reproduced.
lp3s0: Updating address: 2001:db8:1:0:7e7a:91ff:fe6d:ffe2/64 (valid for 1d)
wlp3s0: Updating address: fe80::7e7a:91ff:fe6d:ffe2/64 (valid forever)
NDisc CLIENT: Received RA from non-link-local address ::. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 2 != 6. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 2 != 3. Ignoring.
enp0s25: Updating address: 2001:db8:1:0:2ad2:44ff:fe6a:ae07/64 (valid for 1d)
enp0s25: Updating address: fe80::2ad2:44ff:fe6a:ae07/64 (valid forever)
NDisc CLIENT: Sent Router Solicitation
NDisc CLIENT: Sent Router Solicitation
NDisc CLIENT: Sent Router Solicitation
NDisc CLIENT: Received RA on wrong interface: 3 != 2. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 3 != 6. Ignoring.
NDisc CLIENT: Received RA from non-link-local address ::. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 2 != 6. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 2 != 3. Ignoring.
enp0s25: Updating address: 2001:db8:1:0:2ad2:44ff:fe6a:ae07/64 (valid for 1d)
enp0s25: Updating address: fe80::2ad2:44ff:fe6a:ae07/64 (valid forever)
Add SO_BINDTODEVICE to socket
fixes#2004
This is a follow-up to cf447cb62d.
Let's generally follow the rule to not use read() on SOCK_DGRAM sockets, let's
always use recv() on that.
Also, don't abort IPV4ACD logic in case we read a short packet. Simply log and
ignore.
Fixup for #3304.
Only warn, and not return, because that's what sd_dhcp6_client_start()
does right below the call to sd_dhcp6_client_set_local_address().
We'd call sd_bus_message_unref and then proceed to use
variables pointing into the reply buffer (fd and char*).
dup the fd and copy the string before destorying the reply.
This makes systemd-run run again for me.
https://bugzilla.redhat.com/show_bug.cgi?id=1337636
In order to support stateless systems that support offline /usr updates
properly, let's restore the ConditionNeesUpdate=/etc line that makes sure we
are run when /usr is updated and this update needs to be propagated to the
/etc/ld.so.conf file stored in /etc.
This reverts part of #2859, which snuck this change in, but really shouldn't
have.
According to recv(2) these should be the same, but that is not true.
Passing a buffer of length 0 to read is defined to be a noop according
to read(2), but passing a buffer of length 0 to recv will discard the
pending pacet.
We can easily hit this as we allocate our buffer size depending on
the size of the incoming packet (using FIONREAD). As pointed out in
issue #3299 simply sending an empty UDP packet to the DHCP client
port will trigger a busy loop in networkd as we are polling on the
socket but never discarding the empty packet.
This reverts ad5ae47a0d but fixes the
same issue.
