1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-29 21:55:36 +03:00
Commit Graph

55813 Commits

Author SHA1 Message Date
Jan Janssen
b2ba8511e6 meson: Remove test-efi-create-disk.sh
The script was probably not used for a very long time. It is currently
passed systemd_boot.so as boot loader, which cannot work. The test
entries it creates are all pointing at non-existant efi/linux binaries,
which means they would not even show up in the menu if the created image
were actually booted. There is also nothing that actually tries to run
the image in the first place.

If we end up creating a proper systemd-boot test suite, it would be
better to start from scratch. In the meantime, mkosi already covers
the bare minimum with a simple bootup test.
2022-01-26 14:40:51 +01:00
Luca Boccassi
e3f7ed944a portable: add flag to return extension-releases in GetImageMetadataWithExtensions
Return the name of each extension and the associated extension-release
file, and pretty-print them in 'portablectl inspect', if a new flag
is passed.

$ portablectl inspect --extension app2 --extension app0  minimal app0 app1
(Matching unit files with prefixes 'app0', 'app1'.)
Image:
        /run/portables/minimal.raw
Portable Service:
        n/a
Operating System:
        Debian GNU/Linux 10 (buster)
Extension:
        /run/portables/app2.raw
        Extension Scope:
                n/a
        Extension Compatibility Level:
                n/a
        Portable Service:
                n/a
        Portable Prefixes:
                n/a
        Operating System:
                n/a (debian 10)
Extension:
        /run/portables/app0.raw
        Extension Scope:
                n/a
        Extension Compatibility Level:
                n/a
        Portable Service:
                n/a
        Portable Prefixes:
                n/a
        Operating System:
                n/a (debian 10)
Unit files:
        app0.service
2022-01-25 22:22:47 +00:00
Luca Boccassi
0017415cc5 portable: add GetImageStateWithExtensions method
Allow to correctly query a layered portable service for
attached/detached state.
2022-01-25 06:44:27 +09:00
Yu Watanabe
9697662915 hostname: expose hardware serial through dbus
Closes #22119.
2022-01-24 21:09:37 +00:00
Yu Watanabe
f338a496e4 NEWS: update 2022-01-25 03:03:09 +09:00
Yu Watanabe
1d2842d1e6 NEWS: mention about the regression in WireGuard 2022-01-25 02:56:20 +09:00
Yu Watanabe
0850fb78af
Merge pull request #22236 from yuwata/fuzz-dhcp-server
fuzz-dhcp-server: three fixes or improvements
2022-01-25 02:19:22 +09:00
Yu Watanabe
bf2a8b7b13 fuzz-dhcp-server: attach sd_event to make dhcp_server_cleanup_expired_leases() works in the fuzzer
Otherwise, most code paths in dhcp_server_handle_message() are not
evaluated by the fuzzer.
2022-01-25 00:05:02 +09:00
march1993
11cc2a5602 Update systemd.netdev.xml
Mind users to avoid use name gre0, gretap0 and erspan0 for GRE tunnels.
2022-01-24 14:58:14 +00:00
Zbigniew Jędrzejewski-Szmek
4a00b45fa6 user-runtime-dir: error out immediately if mkdir fails
We try to create two directories: /run/user and /run/user/<UID>. For the
first we check the return value and error out if creation fails. But for
the second one we continued based on the assumption that the subsequent
mount will immediately fail anyway. But this has the disadvantage that we
get a somewhat confusing error message:

janv. 23 22:04:31 nsfw systemd-user-runtime-dir[1660]: Failed to mount per-user tmpfs directory /run/user/1000: No such file or directory

Let's instead fail immediately with a precise error message.

For https://bugzilla.redhat.com/show_bug.cgi?id=2044100.
2022-01-24 13:06:45 +00:00
Luca Boccassi
cb94b8acc5
Merge pull request #22203 from brauner/2022-01-21.procsubset.pid
core/namespace: allow using ProtectSubset=pid and ProtectHostname=tru…
2022-01-24 13:04:23 +00:00
Luca Boccassi
aa3160b967
Merge pull request #22231 from yuwata/resolve-synthesize
resolve: synthesize several filtered name
2022-01-24 12:11:29 +00:00
Yu Watanabe
0590f1b58c fuzz-dhcp-server: duplicate input data
As `dhcp_server_handle_message()` -> `ensure_sane_request()` may modify
the input data, and that causes error in some fuzzing engine.
2022-01-24 19:37:37 +09:00
Yu Watanabe
c3da2e4732 fuzz-dhcp-server: also set new lease elements correctly
The fuzzer does not send anything to the address, so it should be not
necessary, but just for safety.
2022-01-24 19:28:21 +09:00
Christian Brauner
fbf90c0d5c
core/namespace: s/normalize_mounts()/drop_unused_mounts()
Rename the normalize_mounts() helper to drop_unused_mounts. All the
helpers called in there get rid of mounts that are unused for a variety
of reasons. And whereas the helpers are aptly prefixed with "drop" the
overall helper isn't and instead uses "normalize".

Make it more obvious what the helper actually does by renaming it from
normalize_mounts() to drop_unused_mounts(). Readers of code calling this
helper will immediately see that it will get rid of unused mounts.

Link: https://github.com/systemd/systemd/issues/22206
2022-01-24 10:22:47 +01:00
Christian Brauner
1361f01577
core/namespace: allow using ProtectSubset=pid and ProtectHostname=true together
If a service requests both ProtectSubset=pid and ProtectHostname=true
then it will currently fail to start. The ProcSubset=pid option
instructs systemd to mount procfs for the service with subset=pid which
hides all entries other than /proc/<pid>. Consequently trying to
interact with the two files /proc/sys/kernel/{hostname,domainname}
covered by ProtectHostname=true will fail.

Fix this by only performing this check when ProtectSubset=pid is not
requested. Essentially ProtectSubset=pid implies/provides
ProtectHostname=true.
2022-01-24 09:41:28 +01:00
dependabot[bot]
da9be066cb build(deps): bump github/codeql-action from 1.0.27 to 1.0.29
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.27 to 1.0.29.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](cd783c8a29...384cfc42b2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-24 11:18:48 +03:00
Yu Watanabe
766527e8ae
Merge pull request #22226 from yuwata/hostname-allow-to-override-hardware-vendor-and-model
hostname: allow to override hardware vendor and model
2022-01-24 06:55:29 +09:00
Yu Watanabe
a6ba7d58f2
Merge pull request #22227 from yuwata/dhcp-server-fix-heap-buffer-overflow
sd-dhcp-server: fix heap buffer overflow
2022-01-24 06:55:02 +09:00
Frantisek Sumsal
ab9760b846 github: point to "tags" instead of "releases" in systemd-stable
since we don't do releases there.

Mentioned in https://github.com/systemd/systemd/issues/22230#issue-1111991271.
2022-01-24 06:53:43 +09:00
Yu Watanabe
46b53e8035 resolve: synthesize null address, IPv4 broadcast address, or invalid domain
These are filtered in `dns_scope_good_domain()`, but not synthesized.

Fixes #22229.
2022-01-24 06:46:50 +09:00
Yu Watanabe
3b2ac14ac4 resolve: synthesize empty name
Do not return any error for empty name. Just returns empty answer.

Before:
---
$ dig .

; <<>> DiG 9.16.24-RH <<>> .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;.				IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jan 24 05:49:30 JST 2022
;; MSG SIZE  rcvd: 28
---

After:
---
$ dig .

; <<>> DiG 9.16.24-RH <<>> .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7957
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;.				IN	A

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jan 24 06:05:02 JST 2022
;; MSG SIZE  rcvd: 28
---

Replaces #22197.

Fixes RHBZ#2039854 (https://bugzilla.redhat.com/show_bug.cgi?id=2039854).
2022-01-24 06:45:37 +09:00
Yu Watanabe
7bdf419830 dns-domain: re-introduce dns_name_is_empty() 2022-01-24 06:06:59 +09:00
Yu Watanabe
7c0601102a Revert "resolve: refuse to resolve empty hostname"
This reverts commit 6e8ecb8974.
2022-01-24 05:51:47 +09:00
Yu Watanabe
a596631808 fuzz: add testcases of heap-buffer-overflow for sd-dhcp-server 2022-01-24 04:52:33 +09:00
Yu Watanabe
ab4f9eeb7b sd-dhcp-server: fix heap buffer overflow
This checks client hardware length earlier.
2022-01-24 04:49:33 +09:00
Yu Watanabe
b87209f933
Merge pull request #22222 from yuwata/dhcp-server-support-non-ethernet-packet
dhcp-server: support packets from non-Ethernet interfaces
2022-01-24 04:19:26 +09:00
Yu Watanabe
54d95d02e3 sd-dhcp-server: support packet from non-Ethernet interface
Fixes #22217.
2022-01-24 04:18:20 +09:00
Yu Watanabe
97fa338dce sd-dhcp-client,sd-dhcp-client-server: set chaddr in dhcp_message_init()
And also set chaddr and hlen for packets on non-Ethernet interfaces,
except for InfiniBand.
2022-01-24 04:18:20 +09:00
Yu Watanabe
a6508f37c9 sd-dhcp-client: fix RFC number 2022-01-24 04:18:20 +09:00
Yu Watanabe
2cb66bbdfb sd-dhcp-server: change the type of the client ID data 2022-01-24 04:18:20 +09:00
Yu Watanabe
255d493324 sd-dhcp-server: use free_and_replace() at one more place 2022-01-24 04:18:20 +09:00
Yu Watanabe
4f9dcf3dc5 sd-dhcp-server: shorten code a bit 2022-01-24 04:18:20 +09:00
Yu Watanabe
f4759ae051 sd-dhcp-server: drop unnecessary buffer duplication
The block try to find and remove the existing static lease which matches
the provided client ID, and the provided client ID will not be stored
anywhere. Hence, it is not necessary to duplicate it.
2022-01-24 04:16:41 +09:00
Yu Watanabe
bb995f747a
Merge pull request #21908 from yonran/environmentfile-docs
man: clarify Environmentfile format
2022-01-24 00:22:50 +09:00
Luca Boccassi
2ef2024462 portable: add support for ExtensionDirectories in --extension
Same as for the root os image, support passing a directory, using
the new ExtensionDirectories setting.
2022-01-24 00:21:15 +09:00
Zbigniew Jędrzejewski-Szmek
e9e982a29d test-env-file: add tests for quoting in env files 2022-01-23 14:40:28 +09:00
Zbigniew Jędrzejewski-Szmek
398a500916 core/execute: use _cleanup_ in exec_context_load_environment()
Also rename variables.
2022-01-23 14:39:46 +09:00
Zbigniew Jędrzejewski-Szmek
3ef86964ed test-load-fragment: add a basic test for config_parse_unit_env_file() 2022-01-23 14:37:07 +09:00
Yonathan Randolph
4bbcde8498 man: clarify Environmentfile format
Remove incorrect claim that C escapes (such as \t and \n) are recognized and that control characters are disallowed. Specify the allowed characters and escapes with single quotes, with double quotes, and without quotes.
2022-01-23 14:37:07 +09:00
ash
de4fe289cf man: note more clearly that $SYSTEMD_PAGER requires $SYSTEMD_PAGERSECURE 2022-01-23 13:29:28 +09:00
Thomas Haller
2091c77931 sd-event: workaround maybe-uninitalized warning in sd_event_add_inotify()
With LTO, the compiler might think that the variable is uninitialized
(from NetworkManager's fork, with gcc-11.2.1-1.fc35):

    src/libnm-systemd-core/src/libsystemd/sd-event/sd-event.c: In function 'sd_event_add_inotify':
    src/libnm-systemd-core/src/libsystemd/sd-event/sd-event.c:2120: error: 's' may be used uninitialized in this function [-Werror=maybe-uninitialized]
     2120 |                 *ret = s;
          |
    src/libnm-systemd-core/src/libsystemd/sd-event/sd-event.c:2102: note: 's' was declared here
     2102 |         sd_event_source *s;
          |
    lto1: all warnings being treated as errors

In particular, that would happen for codepaths where event_add_inotify_fd_internal()
returns `-errno`, and the compiler cannot be sure that the returned value will
be negative. Technically, the compiler is right, but we rely on libc functions
to set errno correctly, so this only happens in code paths, where something
bad already happend.

While LTO is prone to such false warnings, we are largely able to build systemd
without warnings. So it is feasible and we should make the effort of working
around warnings as they appear.
2022-01-23 13:10:31 +09:00
Yu Watanabe
da60d91c99 rule: fallback to use board information if product information is not set 2022-01-23 13:04:37 +09:00
Yu Watanabe
a93306a22e rule: make ID_SYSFS_ATTRIBUTE_MODEL also accept product_name 2022-01-23 12:54:37 +09:00
Yu Watanabe
4fc7e4f374 hostname: allow to override hardware vendor and model
Sometimes hardware vendor does not set DMI info correctly.
Already there is a way that the dbus properties can be overriden by
using hwdb. But that is not user friendly.

This adds two new fields in /etc/machine-info.

Closes #22207.
2022-01-23 12:48:00 +09:00
Yu Watanabe
8c8b1800e9 hostname: introduce context_get_chassis() and use it everywhere
Follow-up for 4b35eb2579.
2022-01-23 03:11:29 +09:00
Frantisek Sumsal
e7642152ae packit: switch the remaining jobs to F35
gcc-12 seems to be very unstable right now, so to keep our CI builds
useful let's move them to stable F35 for a while.

Follow-up to 478c632e00.
See:
  * https://github.com/systemd/systemd/issues/22215
  * https://bugzilla.redhat.com/show_bug.cgi?id=2043915
2022-01-22 15:27:04 +00:00
Yu Watanabe
f939a8984a
Merge pull request #22209 from systemd/wip/hadess/chassis-override
hostname: Allow overriding the chassis type from hwdb
2022-01-22 16:49:36 +09:00
Julia Kartseva
8fe9dbb926 bpf: name unnamed bpf programs
bpf-firewall and bpf-devices do not have names. This complicates
debugging with bpftool(8).

Assign names starting with 'sd_' prefix:
* firewall program names are 'sd_fw_ingress' for ingress attach
point and 'sd_fw_egress' for egress.
* 'sd_devices' for devices prog

'sd_' prefix is already used in source-compiled programs, e.g.
sd_restrictif_i, sd_restrictif_e, sd_bind6.

The name must not be longer than 15 characters or BPF_OBJ_NAME_LEN - 1.

Assign names only to programs loaded to kernel by systemd since
programs pinned to bpffs are already loaded.
2022-01-22 16:48:42 +09:00
YmrDtnJu
df4ec48f45 Fix journald audit logging with fields > N_IOVEC_AUDIT_FIELDS.
ELEMENTSOF(iovec) is not the correct value for the newly introduced parameter m
to function map_all_fields because it is the maximum number of elements in the
iovec array, including those reserved for N_IOVEC_META_FIELDS. The correct
value is the current number of already used elements in the array plus the
maximum number to use for fields decoded from the kernel audit message.
2022-01-21 23:12:45 +00:00