1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

31364 Commits

Author SHA1 Message Date
Lennart Poettering
e51faad3d5 busctl: let's make use of the log_error_errno() calls 2017-12-14 10:46:19 +01:00
Lennart Poettering
8d3b9edc6b busctl: modernize code a bit
I am puzzled why coccinelle is unwilling to detect these cases...
2017-12-14 10:46:19 +01:00
Lennart Poettering
35bbbf85e0 basic: turn off stdio locking for a couple of helper calls
These helper calls are potentially called often, and allocate FILE*
objects internally for a very short period of time, let's turn off
locking for them too.
2017-12-14 10:46:19 +01:00
Lennart Poettering
0d53667334 tree-wide: use __fsetlocking() instead of fxyz_unlocked()
Let's replace usage of fputc_unlocked() and friends by __fsetlocking(f,
FSETLOCKING_BYCALLER). This turns off locking for the entire FILE*,
instead of doing individual per-call decision whether to use normal
calls or _unlocked() calls.

This has various benefits:

1. It's easier to read and easier not to forget

2. It's more comprehensive, as fprintf() and friends are covered too
   (as these functions have no _unlocked() counterpart)

3. Philosophically, it's a bit more correct, because it's more a
   property of the file handle really whether we ever pass it on to another
   thread, not of the operations we then apply to it.

This patch reworks all pieces of codes that so far used fxyz_unlocked()
calls to use __fsetlocking() instead. It also reworks all places that
use open_memstream(), i.e. use stdio FILE* for string manipulations.

Note that this in some way a revert of 4b61c87511.
2017-12-14 10:42:25 +01:00
Zbigniew Jędrzejewski-Szmek
966c04cf01
Merge pull request #7625 from thom311/th/const-strlen
Don't use strlen() to declare variable-length arrays
2017-12-14 09:41:09 +01:00
Saran Tunyasuvunakool
30cda194e8 networkd: RouteTable option in [IPv6AcceptRA] is now properly processed (#7633)
Fixes: #7632
2017-12-14 14:11:03 +09:00
Lennart Poettering
59f2725cc8 resolved: fix "in-between" logic when boundaries are equal (#7590)
This changes dns_name_between() to deal properly with checking whether B
is between A and C if A and C are equal. Previously we simply returned
-EINVAL in this case, refusing checking. With this change we correct
behaviour: if A and C are equal, then B is "between" both if it is
different from them. That's logical, since we do < and > comparisons, not
<= and >=, and that means that anything "right of A" and "left of C"
lies in between with wrap-around at the ends. And if A and C are equal
that means everything lies between, except for A itself.

This fixes handling of domains using NSEC3 "white lies", for example the
.it TLD.

Fixes: #7421
2017-12-14 14:08:21 +09:00
Yu Watanabe
1bb8d1fce8
Merge pull request #7618 from tiagosh/sysctl_use_read_line
Make systemd-sysctl use read_line() and LONG_LINE_MAX
2017-12-14 13:58:53 +09:00
Daniel Black
afbc75e686 man: systemd.unit: move note about clearing lists (#7621)
This is mainly for drop-in files.
2017-12-14 13:51:23 +09:00
Yu Watanabe
314a6c0083
Merge pull request #7627 from poettering/lowercase-systemd
always spell out "systemd" in lowercase letters
2017-12-14 13:44:35 +09:00
Tiago Salem Herrmann
12ec9c3099 sysctl: disable buffer while writing to /proc
fputs() writes only first 2048 bytes and fails
to write to /proc when values are larger than that.
This patch adds a new flag to WriteStringFileFlags
that make it possible to disable the buffer under
specific cases.
2017-12-13 15:03:41 -02:00
Tiago Salem Herrmann
a668bfe88a Use read_line() and LONG_LINE_MAX to read values configuration files. 2017-12-13 15:03:33 -02:00
Luca Bruno
2de2abad62 networkd/dhcp: shorten overlong hostname (#7616)
This commit updates networkd behavior to check if the hostname option
received via DHCP is too long for Linux limit, and in case shorten it.
An overlong hostname will be truncated to the first dot or to
`HOST_MAX_LEN`, whatever comes earlier.
2017-12-13 18:00:46 +01:00
Lennart Poettering
c96528fae9 catalog: don't say "systemd" when we mean "system"
Yeah, it's hard to type "system", if all you ever type is "systemd", but
it's still a typo in this case.
2017-12-13 17:43:03 +01:00
Lennart Poettering
f95b0be742 man: "systemd" is to be written in all lower-case, even at beginnings of sentences
This very important commit is very important.
2017-12-13 17:42:04 +01:00
Lennart Poettering
3ce5a5df2c
Merge pull request #7619 from msekletar/cryptsetup-image-name
cryptsetup: when unlocking always put path to the object into Id
2017-12-13 16:46:57 +01:00
Dongsu Park
25fd814316 test: add CLI smoke tests for --network-namespace-path of nspawn
Since the new option `--network-namespace-path=` of systemd-nspawn
cannot be used together with other network-related options, we need
to add more smoke tests for checking these conditions of options.
2017-12-13 10:21:06 +00:00
Dongsu Park
d7bea6b629 nspawn: introduce an option for specifying network namespace path
Add a new option `--network-namespace-path` to systemd-nspawn to allow
users to specify an arbitrary network namespace, e.g. `/run/netns/foo`.
Then systemd-nspawn will open the netns file, pass the fd to
outer_child, and enter the namespace represented by the fd before
running inner_child.

```
$ sudo ip netns add foo
$ mount | grep /run/netns/foo
nsfs on /run/netns/foo type nsfs (rw)
...
$ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \
  /bin/readlink -f /proc/self/ns/net
/proc/1/ns/net:[4026532009]
```

Note that the option `--network-namespace-path=` cannot be used together
with other network-related options such as `--private-network` so that
the options do not conflict with each other.

Fixes https://github.com/systemd/systemd/issues/7361
2017-12-13 10:21:06 +00:00
Thomas Haller
dbcb4a900e tree-wide: use STRLEN() to allocate buffer of constant size
Using strlen() to declare a buffer results in a variable-length array,
even if the compiler likely optimizes it to be a compile time constant.

When building with -Wvla, certain versions of gcc complain about such
buffers. Compiling with -Wvla has the advantage of preventing variably
length array, which defeat static asserts that are implemented by
declaring an array of negative length.
2017-12-13 11:12:19 +01:00
Thomas Haller
6febe75da7 basic/macros: add STRLEN() to get length of string literal as constant expression
While the compiler likely optimizes strlen(x) for string literals,
it is not a constant expression.

Hence,

  char buffer[strlen("OPTION_000") + 1];

declares a variable-length array. STRLEN() can be used instead
when a constant espression is needed.

It's not entirely identical to strlen(), as STRLEN("a\0") counts 2.
Also, it only works with string literals and the macro enforces
that the argument is a literal.
2017-12-13 11:12:07 +01:00
Lennart Poettering
18a121f9b4 networkd: don't try to configure IPv6 proxy NDP if IPv6 is not available (#7613)
Fixes: #7612
2017-12-13 13:47:10 +09:00
Yu Watanabe
ffbae6c978
Merge pull request #7588 from poettering/resolve-route-tweak
resolved domain routing tweaks and /etc/resolv.conf handling improvements
2017-12-13 13:43:55 +09:00
Yu Watanabe
74dc882153
Merge pull request #7569 from keszybz/doc-reverse-settings
Document reverse settings
2017-12-13 13:42:19 +09:00
Zbigniew Jędrzejewski-Szmek
404a048623
Merge pull request #7591 from poettering/retry-on-servfail
resolved: retry with a different server on SERVFAIL
2017-12-12 22:22:06 +01:00
Zbigniew Jędrzejewski-Szmek
4432ac91ee
Merge pull request #7611 from poettering/bootspec-fixes
minor fixes to bootctl.c/bootspec.c to make sure the tool works cleanly on my system
2017-12-12 22:16:34 +01:00
Zbigniew Jędrzejewski-Szmek
bbaa8055ac Merge pull request #7608 from poettering/more-news-v236 2017-12-12 21:11:31 +01:00
Michal Sekletar
ea7e7c1e9c cryptsetup: use more descriptive name for the variable and drop redundant function
Let's rename escaped_name to disk_path since this is an actual content
that pointer refers to. It is either path to encrypted block device
or path to encrypted image file.

Also drop redundant function disk_major_minor(). src is always set, and
it always points to either encrypted block device path (or symlink to
such device) or to encrypted image. In case it is set to device path
there is no need to reset it to /dev/block/major:minor symlink since
those paths are equivalent.
2017-12-12 20:31:25 +01:00
Lennart Poettering
b4b36f4405 meson: link NSS modules with -z nodelete (#7607)
We might end up allocating mempools, and when we are unloaded we might
orphan them, thus leaking them. Hence, let's just stick around for good,
so the mempools remain referenced continously and for good, and thus no
memory is leaked (though the memory isn't cleaned up either).

Fixes: #7596
2017-12-12 20:13:16 +01:00
Michal Sekletar
5a9f1b05ed cryptsetup: when unlocking always put path to the object into Id
Some ask-password agents (e.g. clevis-luks-askpass) use Id option from
/run/systemd/ask-password/ask* file in order to obtain the password for
the device.

Id option should be in the following format,
e.g. Id=subsystem:data. Where data part is supposed to identify object
that ask-password query is done for. Since
e51b9486d1 this field has format
Id=cryptsetup:/dev/block/major:minor when systemd-cryptsetup is
unlocking encrypted block device. However, crypttab also supports
encrypted image files in which case we usually set data part of Id to
"vol on mountpoint". This is unexpected and actually breaks network
based device encryption as implemented by clevis.

Example:
$ cat /etc/crypttab
clevis-unlocked /clevis-test-disk-image none luks,_netdev
$ systemctl start 'systemd-cryptsetup@clevis\x2dunlocked.service'
$ grep Id /run/systemd/ask-password/ask*

Before:
$ Id=cryptsetup:clevis-unlocked on /clevis-test-disk-image-mnt

After:
$ Id=cryptsetup:/clevis-test-disk-image
2017-12-12 18:28:08 +01:00
ott
cb9eeb062c resolve: add support for RFC 8080 (#7600)
RFC 8080 describes how to use EdDSA keys and signatures in DNSSEC. It
uses the curves Ed25519 and Ed448. Libgcrypt 1.8.1 does not support
Ed448, so only the Ed25519 is supported at the moment. Once Libgcrypt
supports Ed448, support for it can be trivially added to resolve.
2017-12-12 16:30:12 +01:00
Saran Tunyasuvunakool
7715629e9a networkd: Fix race condition in [RoutingPolicyRule] handling (#7615)
The routing policy rule setup logic is moved to the routes setup phase (rather than the addresses setup phase as it is now). Additionally, a call to `link_check_ready` is added to the routing policy rules setup handler. This prevents a race condition with the routes setup handler.

Also give each async handler its own message counter to prevent race conditions when logging successes.

Fixes: #7614
2017-12-12 16:25:36 +01:00
Lennart Poettering
e82b113257 resolved: try a different server if server is too dumb to do DNSSEC
If we are in strict DNSSEC mode it's worthy to try a different DNS
server before accepting that DNSSEC is not actually supported.

Fixes: #7040
2017-12-12 12:10:08 +01:00
Lennart Poettering
5cdb8930e0 resolved: cast dns_scope_get_dns_server() to NULL when we ignore it 2017-12-12 12:10:08 +01:00
Lennart Poettering
44db02d0ef resolved: when a server consistently returns SERVFAIL, try another one
Currently, we accept SERVFAIL after downgrading fully, cache it and move
on. Let's extend this a bit: after downgrading fully, if the SERVFAIL
logic continues to be an issue, then use a different DNS server if there
are any.

Fixes: #7147
2017-12-12 12:10:08 +01:00
Lennart Poettering
0c63eb7138 verbs: add a new VERB_MUSTBEROOT flag
Given that we regularly have verbs that require privileges, let's just
make this a flag of the verb.
2017-12-11 23:19:46 +01:00
Lennart Poettering
fba868fa71 tree-wide: unify logging of "Must be root" message
Let's unify this in one call, generalizing must_be_root() from
bootctl.c.
2017-12-11 23:19:45 +01:00
Lennart Poettering
4fe2ba0e25 bootspec: sprinkle some argument assert()s all over the place
The previous commit fixed a NULL parameter issue, let's check for such,
to make it easier to find issues like this.
2017-12-11 23:19:45 +01:00
Lennart Poettering
ecec2a5d7a bootctl: don't trip up in "bootctl status" when we can't find the ESP because of lack of privilges
On my system the boot and EFI partitions are protected, hence "bootctl
status" can't find the ESP, and then the tool continues with arg_path ==
NULL, which it really should not. Handle these cases, and simply
suppress all output that needs arg_path.
2017-12-11 23:18:56 +01:00
Lennart Poettering
5caa3167ff efi: rework find_esp() error propagation/logging a bit
This renames find_esp() to find_esp_and_warn() and tries to normalize its
behaviour:

1. Change the error that is returned when we can't find the ESP to
   ENOKEY (from ENOENT). This way the error code can only mean one
   thing: that our search loop didn't find a good candidate.
2. Really log about all errors, except for ENOKEY and EACCES, and
   document the letter cases.
3. Normalize parameters to the call: separate out the path parameter in
   two: an input path and an output path. That way the memory management
   is clear: we will access the input parameter only for reading, and
   only write out the output parameter, using malloc() memory.
   Before the calling convention were quire surprising for internal API
   code, as the path parameter had to be malloc() memory and might and
   might not have changed.
4. Rename bootctl's find_esp_warn() to acquire_esp(), and make it a
   simple wrapper around find_esp_warn(), that basically just adds the
   friendly logging for the ENOKEY case. This rework removes double
   logging in a number of error cases, as we no longer log here in
   anything but ENOKEY, and leave that entirely to find_esp_warn().
5. find_esp_and_warn() now takes a bool flag parameter
   "unprivileged_mode", which disables logging in the EACCES case, and
   skips privileged validation of the path. This makes the function less
   magic, and doesn't hide this internal silencing automatism from the
   caller anymore.

With all that in place "bootctl list" and "bootctl status" work properly
(or as good as they can) when I invoke the tools whithout privileges on
my system where /boot is not world-readable
2017-12-11 23:18:56 +01:00
Lennart Poettering
3925496a96 NEWS: more updates for v236 2017-12-11 16:05:41 +01:00
Lennart Poettering
634032cfa5 mailmap: add more names from the v236 cycle
Let's clean up after github's "squash" feature…
2017-12-11 16:05:40 +01:00
Lennart Poettering
234519ae6d tree-wide: drop a few == NULL and != NULL comparison
Our CODING_STYLE suggests not comparing with NULL, but relying on C's
downgrade-to-bool feature for that. Fix up some code to match these
guidelines. (This is not comprehensive, the coccinelle output for this
is unfortunately kinda borked)
2017-12-11 16:05:40 +01:00
Yu Watanabe
f2b9f2c83e run: allow to specify multiple timer options 2017-12-11 21:21:10 +09:00
Yu Watanabe
268833ede7 core,run: add timer related options to Bus-API 2017-12-11 21:19:19 +09:00
Yu Watanabe
2d966746a3 bus-unit-util: check returned value
Follow-up for 784b9a1a32.
2017-12-11 21:04:10 +09:00
Yu Watanabe
4a0e9289bf resolved: fix wrong error code (#7601) 2017-12-10 16:27:19 +01:00
Alan Jenkins
0fd402b012 core: fix undefined behaviour due to uninitialized string buffer (#7597)
Failure of systemd to respond on the bus interface was bisected to af6b0ecc
"core: make "taint" string logic a bit more generic and output it at boot".

Failure was presumably caused by trying to append strings to an
unintialized buffer, leading to writing outside the unterminated buffer
and hence undefined behaviour.
2017-12-10 19:58:01 +09:00
Lennart Poettering
f7757a4993
Merge pull request #7352 from eddiejames/master
Add path configuration for hardware watchdog device
2017-12-08 22:22:02 +01:00
Olaf Hering
575e6588df virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662) (#7581)
The detection of ConditionVirtualisation= relies on the presence of
/proc/xen/capabilities. If the file exists and contains the string
"control_d", the running system is a dom0 and VIRTUALIZATION_NONE should
be set. In case /proc/xen exists, or some sysfs files indicate "xen",
VIRTUALIZATION_XEN should be set to indicate the system is a domU.

With an (old) xenlinux based kernel, /proc/xen/capabilities is always
available and the detection described above works always. But with a
pvops based kernel, xenfs must be mounted on /proc/xen to get
"capabilities". This is done by a proc-xen.mount unit, which is part of
xen.git. Since the mounting happens "late", other units may be scheduled
before "proc-xen.mount". If these other units make use of
"ConditionVirtualisation=", the virtualization detection returns
incorect results. detect_vm() will set VIRTUALIZATION_XEN because "xen"
is found in sysfs. This value will be cached. Once xenfs is mounted, the
next process that runs detect_vm() will get VIRTUALIZATION_NONE.

This misdetection can be fixed by using
/sys/hypervisor/properties/features, which exports the value returned by
the "XENVER_get_features" hypercall. If the bit XENFEAT_dom0 is set, the
domain is the "hardware domain". It is supposed to have permissions to
access all hardware. The used sysfs file is available since v2.6.31.

The commonly used term "dom0" refers to the control domain which runs
the toolstack and has access to all hardware. But the virtualization
host may be configured such that one dedicated domain becomes the
"hardware domain", and another one the "toolstack domain".
2017-12-08 22:21:42 +01:00
Lennart Poettering
1b2aeb08e2
Merge pull request #6993 from rojkov/dnssd
Add support for server-side DNS-SD in mDNS zones.
2017-12-08 22:21:01 +01:00