1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

40490 Commits

Author SHA1 Message Date
Iwan Timmer
aedf00a2bd resolved: don't require check when importing resolved-dnstls.h 2019-06-19 13:10:44 +02:00
Iwan Timmer
71a681ae50 resolved: add missing error code check when initializing DNS-over-TLS 2019-06-18 19:16:36 +02:00
Iwan Timmer
e22c5b2064 resolved: move TLS data shared by all servers to manager
Instead of having a context and/or trusted CA list per server this is now moved to the server. Ensures future TLS configuration options are global instead of per server.
2019-06-18 19:16:36 +02:00
Markus Felten
1faba68fd7 fix(journal-gatewayd): use relative urls (not starting with '/')
if journal-gatewayd http is not mounted at '/' (proxy request)
the request lose their initial path component
2019-06-18 17:06:12 +02:00
Frantisek Sumsal
31c9d74d50 hashmap: avoid using TLS in a destructor
Using C11 thread-local storage in destructors causes uninitialized
read. Let's avoid that using a direct comparison instead of using
the cached values. As this code path is taken only when compiled
with -DVALGRIND=1, the performance cost shouldn't matter too much.

Fixes #12814
2019-06-18 13:59:12 +02:00
Lennart Poettering
59da64738b
Merge pull request #12758 from fbuihuu/nspawn-console-tty
Create nspawn console tty in the child
2019-06-18 13:17:14 +02:00
Yu Watanabe
3d9f670783 dhcp: fix comparison with previous lease
Follow-up for f8862395e8.

Fixes #12816.
2019-06-18 10:27:59 +02:00
Franck Bui
dc98caea32 nspawn: make use of openpt_allocate() 2019-06-18 09:27:06 +02:00
Franck Bui
ae1d13db05 terminal-util: introduce openpt_allocate()
Allocating a pty is done in a couple of places so let's introduce a new helper
which does the job.

Also the new function, as well as openpt_in_namespace(), returns both pty
master and slave so the callers don't need to know about the pty slave
allocation details.

For the same reasons machine_openpt() prototype has also been changed to return
both pty master and slave so callers don't need to allocate a pty slave which
might be in a different namespace.

Finally openpt_in_namespace() has been renamed into
openpt_allocate_in_namespace().
2019-06-18 09:26:31 +02:00
Zbigniew Jędrzejewski-Szmek
0ef67b7376
Merge pull request #12805 from yuwata/test-network-cleanups
test: further test-network cleanups
2019-06-18 08:57:26 +02:00
Franck Bui
3acc84ebd9 nspawn: allocate the pty used for /dev/console within the container
The console tty is now allocated from within the container so it's not
necessary anymore to allocate it from the host and bind mount the pty slave
into the container. The pty master is sent to the host.

/dev/console is now a symlink pointing to the pty slave.

This might also be less confusing for applications running inside the container
and the overall result looks cleaner (we don't need to apply manually the
passed selinux context, if any, to the allocated pty for instance).
2019-06-18 08:17:34 +02:00
Franck Bui
ba72801d66 nspawn: use correct error variable when logging errors returned by send_one_fd() 2019-06-18 07:54:51 +02:00
Franck Bui
04c84cd173 namespace-util: make use of TAKE_FD()
No functional changes.
2019-06-18 07:54:51 +02:00
Franck Bui
71ec74d193 fs-util: no need for fchmod_and_chown() to access /proc/self/fd directly
fstat(2) is fine with O_PATH fds.

For changing owership of a file opened with O_PATH, there's fchownat(2).

Only changing permissions is problematic but we introduced fchmod_opath() for
that purpose.
2019-06-18 07:54:51 +02:00
Yu Watanabe
2cf6fdff19 test-network: change default sleep time of start_networkd() 2019-06-18 13:10:23 +09:00
Yu Watanabe
90e3bcbd4d test-network: use wait-online in NetworkdBridgeTests 2019-06-18 13:10:23 +09:00
Yu Watanabe
ff14e2ebcb network: do not configure routing policy rule if it is already configured 2019-06-18 13:10:23 +09:00
Yu Watanabe
34715d8b03 network: make routing_policy_rule_get() require Manager 2019-06-18 13:10:23 +09:00
Yu Watanabe
35a78c5131 test-network: use wait-online in NetworkdBondTests 2019-06-18 12:45:19 +09:00
Yu Watanabe
8d17c386d7 test-network: use setUp() and tearDown() to clear routing policy rule tables 2019-06-18 12:45:17 +09:00
Yu Watanabe
b337d89c68
Merge pull request #12807 from keszybz/net-naming-scheme-yet-again
Extend naming scheme to mac address policy and introduce NAMING_STABLE_VIRTUAL_MACS
2019-06-18 12:02:41 +09:00
Yu Watanabe
ad78d7b027 test-network: rename l2tp_tunnel_remove -> remove_l2tp_tunnels 2019-06-18 11:35:12 +09:00
Yu Watanabe
4ef39b4991 test-network: remove all routing policy rules in specified table 2019-06-18 11:35:12 +09:00
Jan Pokorný
1a31d050f2 docs: CGROUP_DELEGATION: fix a typo in "that" 2019-06-18 11:31:47 +09:00
Evgeny Vereshchagin
28025ba839 travis: turn on all default UBSan checks except for pointer-overflow, object-size and float-cast-overflow 2019-06-17 23:45:36 +03:00
Lennart Poettering
6e2f789484 core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX
Since kernel 5.2 the kernel thankfully returns proper errors when we
write a value out of range to the sysctl. Which however breaks writing
ULONG_MAX to request the maximum value. Hence let's write the new
maximum value instead, LONG_MAX.

/cc @brauner

Fixes: #12803
2019-06-17 15:48:11 +02:00
Lennart Poettering
11344d82f1
Merge pull request #12810 from evverx/nonnull-attribute
travis: turn on nonnull-attribute on Fuzzit
2019-06-17 14:54:18 +02:00
Zbigniew Jędrzejewski-Szmek
96848152fa udev: introduce NAMING_STABLE_VIRTUAL_MACS (retroactively)
This is for 6d36464065. It turns out that this is causing more problems than
expected. Let's retroactively introduce naming scheme v241 to conditionalize
this change.

Follow-up for #12792 and 6d36464065. See also
https://bugzilla.suse.com/show_bug.cgi?id=1136600.

$ SYSTEMD_LOG_LEVEL=debug NET_NAMING_SCHEME=v240 build/udevadm test-builtin net_setup_link /sys/class/net/br11
$ SYSTEMD_LOG_LEVEL=debug NET_NAMING_SCHEME=v241 build/udevadm test-builtin net_setup_link /sys/class/net/br11
...
@@ -20,11 +20,13 @@
 link_config: could not set ethtool features for br11
 Could not set offload features of br11: Operation not permitted
 br11: Device has name_assign_type=3
-Using interface naming scheme 'v240'.
+Using interface naming scheme 'v241'.
 br11: Policy *keep*: keeping existing userspace name
 br11: Device has addr_assign_type=1
-br11: No stable identifying information found
-br11: Could not generate persistent MAC: No data available
+br11: Using "br11" as stable identifying information
+br11: Using generated persistent MAC address
+Could not set Alias=, MACAddress= or MTU= on br11: Operation not permitted
+br11: Could not apply link config, ignoring: Operation not permitted
 Unload module index
 Unloaded link configuration context.
 ID_NET_DRIVER=bridge
2019-06-17 13:43:18 +02:00
Zbigniew Jędrzejewski-Szmek
b889a0ded8 libsystemd-network: rename net_get_name() to net_get_name_persistent()
This reflect its role better.
(I didn't use …_persistent_name(), because which name is actually used
depends on the policy. So it's better not to make this sound like it returns
*the* persistent name.)
2019-06-17 13:43:18 +02:00
Zbigniew Jędrzejewski-Szmek
2ebe027b44 man: clean up naming scheme description a bit
This is in preparation for later changes.  Let's change the documentation of
net.naming-scheme= to also say that it applies to MAC addresses. This commit
doesn't actually implement that though.
2019-06-17 13:42:27 +02:00
Lennart Poettering
98dc9d1f8f sleep: properly pass verb to sleep script
Another fall-out from our rewriting of argv[] now.

Fixes: #12782
2019-06-17 13:04:03 +02:00
Evgeny Vereshchagin
5afed2fc20 fuzzit: sort UBSan checks alphabetically
to make it easier to make sense of them
2019-06-17 12:49:07 +02:00
Yu Watanabe
b349bc59e4 meson: fix error message 2019-06-17 07:44:18 +02:00
Yu Watanabe
3d3dcc6aa9
Merge pull request #12802 from irtimmer/fix-openssl
resolved: fix DNS-over-TLS when using OpenSSL
2019-06-17 10:19:50 +09:00
Evgeny Vereshchagin
9bd2422ac3 travis: turn on nonnull-attribute on Fuzzit 2019-06-15 23:12:24 +02:00
Iwan Timmer
ab8cd6c968 resolved: make no changes to OpenSSL BUF_MEM struct
Fix crash when using OpenSSL 1.1.1c
Fixes: #12763
2019-06-15 22:46:55 +02:00
Iwan Timmer
53d64ebb30 Revert "resolved: Fix incorrect use of OpenSSL BUF_MEM"
This reverts commit 18bddeaaf2.

Revert this because it does not take the OpenSSL internal read pointer
into considoration. Resulting in padding in packetdata and therefore
broken SSL connections.
2019-06-15 21:56:45 +02:00
Zbigniew Jędrzejewski-Szmek
4b381a9ef6
Merge pull request #12753 from jrouleau/fix/hibernate-resume-timeout
hibernate-resume: fix resume device timeout
2019-06-15 17:50:37 +02:00
Yu Watanabe
bafa964144 network: read link specific sysctl value
This introduce link_sysctl_ipv6_enabled() and replaces
manager_sysctl_ipv6_enabled() with it.
2019-06-15 14:56:42 +02:00
Zbigniew Jędrzejewski-Szmek
6ea420a3b6
Merge pull request #12796 from yuwata/test-network-use-wait-online
test-network: several cleanups
2019-06-15 14:53:04 +02:00
Zbigniew Jędrzejewski-Szmek
349a6b3534
Merge pull request #12794 from yuwata/network-configure-without-carrier
network: skip to check dynamic addresses when ConfigureWithoutCarrier=yes
2019-06-15 14:50:41 +02:00
Evgeny Vereshchagin
f920d8a23c
Merge pull request #12761 from evverx/try-fuzzit
Turn on UBSan on Fuzzit
2019-06-15 06:46:38 +03:00
Evgeny Vereshchagin
f789e0b4f8 travis: add more ASan options 2019-06-15 05:19:58 +02:00
Evgeny Vereshchagin
b5e1f0bdf4 travis: clean up bash variables a bit
in preparation for adding more ASan options
2019-06-15 05:19:58 +02:00
Evgeny Vereshchagin
5057d73ba1 travis: use UBSan checks from OSS-Fuzz
This should help to silence UBSan reports mentioned in
https://github.com/systemd/systemd/pull/12771#issuecomment-502139157
for now.
2019-06-15 05:19:52 +02:00
Evgeny Vereshchagin
e87e6962fd travis: turn on UBSan on Fuzzit 2019-06-15 00:09:15 +02:00
Evgeny Vereshchagin
00cc7d6ea9
Merge pull request #12799 from evverx/fuzzit-follow-up
travis: run Coverity after Fuzzit-Fuzzing
2019-06-14 23:28:56 +03:00
Evgeny Vereshchagin
356f607aa3 travis: add 5 more fuzz targets 2019-06-14 22:06:08 +02:00
Evgeny Vereshchagin
4feed0fb69 travis: always run the "Build & test" stage first
Now that the other stages are explicitly listed in the "stages"
section, we should include "Built & test" there to make sure
it's run first.
2019-06-14 22:06:01 +02:00
Evgeny Vereshchagin
baea4bd969 travis: skip the Fuzzit-Sanity stage when it's run by cron 2019-06-14 20:56:10 +02:00