1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

25983 Commits

Author SHA1 Message Date
Yu Watanabe
cab042b843 network: make VXCAN devices go through LINK_STATE_CONFIGURING 2019-05-24 10:55:33 +09:00
Michael Biebl
4450894653 Drop support for /usr/sbin/halt.local
/usr/sbin/halt.local is a Fedora/Red Hat anachronism from pre-systemd
times.
2019-05-23 10:19:01 +02:00
Zbigniew Jędrzejewski-Szmek
ed55dc6084
Merge pull request #12645 from poettering/journal-mmap-einval
journald: output a proper error message when the journal is used on f…
2019-05-23 09:37:54 +02:00
Mike Gilbert
bcb846f30f shared/machine-image: avoid passing NULL to log_debug_errno
Fixes: https://github.com/systemd/systemd/issues/12534
2019-05-23 09:36:50 +02:00
Yu Watanabe
a43b1f8267
Merge pull request #12618 from yuwata/test-network-improvements
network: several cleanups
2019-05-23 11:17:33 +09:00
root
12e982425c login: fixup button_open() fd 2019-05-23 11:16:11 +09:00
Chris Down
3062dddabd test: Remove superfluous error check
This is already checked above before we set any manager attributes,
immediately after manager_new().
2019-05-22 15:27:26 -04:00
Lennart Poettering
93d70b6cf2
Merge pull request #12631 from keszybz/doc-and-error-message-tweaks
Doc and error message tweaks
2019-05-22 19:00:10 +02:00
Lennart Poettering
5087825ea7 journald: output a proper error message when the journal is used on fs that doesn't do mmap() properly
Prompted by:

https://lists.freedesktop.org/archives/systemd-devel/2019-May/042708.html
2019-05-22 18:56:24 +02:00
Zbigniew Jędrzejewski-Szmek
9e099c9fd8
Merge pull request #12431 from poettering/tmpfiles-chmod-chown-order
tmpfiles: run chown() before chmod()
2019-05-22 17:23:28 +02:00
Zbigniew Jędrzejewski-Szmek
7cc5ef5f18 pid1: improve message when setting up namespace fails
I covered the most obvious paths: those where there's a clear problem
with a path specified by the user.

Prints something like this (at error level):
May 21 20:00:01.040418 systemd[125871]: bad-workdir.service: Failed to set up mount namespacing: /run/systemd/unit-root/etc/tomcat9/Catalina: No such file or directory
May 21 20:00:01.040456 systemd[125871]: bad-workdir.service: Failed at step NAMESPACE spawning /bin/true: No such file or directory

Fixes #10972.
2019-05-22 16:28:02 +02:00
Zbigniew Jędrzejewski-Szmek
9d48671c62 core: unset HOME=/ that the kernel gives us
Partially fixes #12389.

%h would return "/" in a machine, but "/root" in a container. Let's fix
this by resetting $HOME to the expected value.
2019-05-22 16:28:02 +02:00
Zbigniew Jędrzejewski-Szmek
8da24acad5 sd-bus: improve error message for invalid org.freedesktop.DBus.Properties.Set signature
Fixes #12551.
2019-05-22 16:28:02 +02:00
Zbigniew Jędrzejewski-Szmek
92c605796d login: use _cleanup_ to simplify error handling
When logging about a device, try to include the path to it everywhere in
messages. Also fixes an invalid assert(fd).

Inspired by b2774a3ae6.
2019-05-22 15:17:24 +02:00
Lennart Poettering
0f6519d43c loop-util: invoke LOOP_CTL_GET_FREE in a loop
if we don't call it in a loop the device it tells us to open might
already be gone, taken by somebody else racing against us. Hence try a
few times.
2019-05-22 13:04:26 +02:00
Yu Watanabe
910feb787f network: unify link_ipv4ll_enabled() and link_ipv4ll_fallback_enabled() 2019-05-22 17:59:39 +09:00
Yu Watanabe
a0ae96149a network: drop unused variable 2019-05-22 17:59:39 +09:00
Yu Watanabe
bb262ef02b network: update master's ifindex in link_update()
And use it in link_is_enslaved().
2019-05-22 17:59:39 +09:00
Yu Watanabe
2292a4c6db network: drop duplicated logs
link_set_state() already logs about state change.
2019-05-22 17:58:46 +09:00
Yu Watanabe
af9ba57aa2 network: make CAN devices go through LINK_STATE_CONFIGURING 2019-05-22 17:58:46 +09:00
Yu Watanabe
3543304057 network: deprecate OneQueue= for tun or tap devices
IFF_ONE_QUEUE has no effect since kernel-3.8. See kernel's commit
5d097109257c03a71845729f8db6b5770c4bbedc.
2019-05-22 17:58:46 +09:00
Yu Watanabe
1df569bf72 network: extend warning messages 2019-05-22 17:58:46 +09:00
Yu Watanabe
75eed300a9 network: Allow IFF_VNET_HDR to also be set for tun devices
f5f07dbf06 adds VnetHeader= for tap
devices, but the flag is also used for tun devices.
This adds VnetHeader= setting in [Tun] section.
2019-05-22 17:58:46 +09:00
Yu Watanabe
f410d46358 network: disable IPv4LL for ipvlan with L3 or L3S mode
As L3 or L3S mode do not support ARP.
2019-05-22 17:58:46 +09:00
Susant Sahani
0307afc681 networkctl: add support to display Transmit/Recieve queue length (#12633)
```
(networkctl) % build/networkctl status veth-test
● 13: veth-test
            Link File: /usr/lib/systemd/network/99-default.link
         Network File: /usr/lib/systemd/network/veth0.network
                 Type: ether
                State: routable (configured)
               Driver: veth
           HW Address: 8a:a6:1c:3f:a6:1a
                  MTU: 1500
          Minimum MTU: 68
          Maximum MTU: 65535
Transmit Queue Length: 1
 Receive Queue Length: 1
              Address: 192.168.5.31
                       fe80::88a6:1cff:fe3f:a61a
              Gateway: 192.168.5.1
                  DNS: 192.168.5.1
                  NTP: 192.168.5.1
            Time Zone: Asia/Kolkata
         Connected To: Zeus on port peer-test
```
2019-05-22 17:53:12 +09:00
ven
b2774a3ae6 bus_open leak sd_event_source when udevadm trigger。
On my host, when executing the udevadm trigger, I only receive the change event, which causes memleak
2019-05-22 10:44:34 +02:00
Zbigniew Jędrzejewski-Szmek
4c6d51390c basic/utf8: reduce memory usage 2019-05-22 10:22:20 +02:00
Zbigniew Jędrzejewski-Szmek
e3b4efd28f Add 8bit-version of get_process_cmdline() and use in cgroup-show.c
This restores show_pid_array() output in legacy locales on the console.
Only one call to get_process_cmdline() is changed, all others retain
utf8-only mode. This affects systemd-cgls, systemctl status, etc, when
working locally.

Calls to get_process_cmdline() that cross a process boundary always use
utf8. It's the callers responsibility to convert this to some encoding that
they use. This means that we always pass utf8 over the bus.
2019-05-22 10:16:00 +02:00
Zbigniew Jędrzejewski-Szmek
09c1dceef1 basic/process-util: convert bool arg to flags
In preparation for the next commit…
2019-05-22 10:15:49 +02:00
Zbigniew Jędrzejewski-Szmek
70d558199c basic/escape: add truncation to xescape too
This does for ASCII and non-unicode encodings what utf8_escape_non_printable_full()
does for utf8-based encodings.
2019-05-22 10:11:00 +02:00
Zbigniew Jędrzejewski-Szmek
0e85cbcfc3 util-lib: do not truncate kernel comm names
It turns out that the kernel allows comm names higher than our expected limit
of 16.
$ wc -c /proc/*/comm|sort -g|tail -n3
35 /proc/1292317/comm
35 /proc/1293610/comm
36 /proc/1287112/comm
$ cat /proc/1287112/comm
kworker/u9:3-kcryptd/253:0
2019-05-22 10:09:35 +02:00
Zbigniew Jędrzejewski-Szmek
bc28751ed2 Rework cmdline printing to use unicode
The functions to retrieve and print process cmdlines were based on the
assumption that they contain printable ASCII, and everything else
should be filtered out. That assumption doesn't hold in today's world,
where people are free to use unicode everywhere.

This replaces the custom cmdline reading code with a more generic approach
using utf8_escape_non_printable_full().
For kernel threads, truncation is done on the parenthesized name, so we'll
get "[worker]", "[worker…]", …, "[w…]", "[…", "…" as we reduce the number of
available columns.

This implementation is most likely slower for very long cmdlines, but I don't
think this is very important. The common case is to have short commandlines,
and should print those properly. Absurdly long cmdlines are the exception,
which needs to be handled correctly and safely, but speed is not too important.

Fixes #12532.

v2:
- use size_t for the number of columns. This change propagates into various
  other functions that call get_process_cmdline(), increasing the size of the
  patch, but the changes are rather trivial.
2019-05-22 10:08:17 +02:00
Zbigniew Jędrzejewski-Szmek
da88f542d9 util-lib: add truncation based on printable width to utf8_escape_non_printable() 2019-05-22 09:50:19 +02:00
Zhang Xianwei
1f7b6872db udev/scsi_id: fix incorrect page length when get device identification VPD page
The length of device identification VPD page is filled with two bytes,
but scsi_id only gets the low byte. Fix it.

Signed-off-by: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
2019-05-22 13:25:20 +09:00
Yu Watanabe
b94fb24b2e
Merge pull request #12629 from ssahani/networkctl
networkctl: MTU enhancements
2019-05-22 02:35:06 +09:00
Lennart Poettering
3aa317943c
Merge pull request #12626 from keszybz/oompolicy-check
Make the check if oom-killer fired more robust
2019-05-21 18:29:01 +02:00
Susant Sahani
2c73f59b81 networkctl: Add support to display min and max MTU
(networkctl) % ./networkctl status enp0s31f6                                                                                                                          ~/tt/networkctl/build
● 4: enp0s31f6
       Link File: /usr/lib/systemd/network/99-default.link
    Network File: n/a
            Type: ether
           State: n/a (unmanaged)
            Path: pci-0000:00:1f.6
          Driver: e1000e
          Vendor: Intel Corporation
           Model: Ethernet Connection (2) I219-LM
      HW Address: 8c:16:45:6c:83:b9 (LCFC(HeFei) Electronics Technology co., ltd)
             MTU: 1500
     Minimum MTU: 68
     Maximum MTU: 9000
2019-05-21 17:44:36 +05:30
Susant Sahani
61de0c42f3 sd-netlink: Add netlink property IFLA_MIN_MTU and IFLA_MAX_MTU, 2019-05-21 17:43:56 +05:30
Susant Sahani
4015d106d4 networkctl: Display MTU
Now the MTU is not displayed. with this patch it's fixed.

(networkctl) % ./networkctl status enp0s31f6                                                                                                                          ~/tt/networkctl/build
WARNING: systemd-networkd is not running, output will be incomplete.

● 4: enp0s31f6
       Link File: /usr/lib/systemd/network/99-default.link
    Network File: n/a
            Type: ether
           State: n/a (unmanaged)
            Path: pci-0000:00:1f.6
          Driver: e1000e
          Vendor: Intel Corporation
           Model: Ethernet Connection (2) I219-LM
      HW Address: 8c:16:45:6c:83:b9 (LCFC(HeFei) Electronics Technology co., ltd)
             MTU: 1500
2019-05-21 17:29:18 +05:30
Zbigniew Jędrzejewski-Szmek
31c294dc41 shared/cgroup-show: fix off-by-one in column counting
We'd get one column too many, and the trailing ellipsis would end up in
the next row.
2019-05-21 10:57:23 +02:00
Zbigniew Jędrzejewski-Szmek
9743846e23 test-utf8: add function headers and rename tests after functions they test 2019-05-21 10:57:23 +02:00
Zbigniew Jędrzejewski-Szmek
21c491e106 Introduce sc_arg_max() helper
Just a cast and an assert.
2019-05-21 10:57:23 +02:00
Zbigniew Jędrzejewski-Szmek
77599f06e1 cgtop,test: use consistent capitalization for CGroup 2019-05-21 10:57:23 +02:00
Zbigniew Jędrzejewski-Szmek
ea62aa24ae analyze: also print unix time in "timestamp" 2019-05-21 09:56:41 +02:00
Zbigniew Jędrzejewski-Szmek
c269607f9b analyze: give a hint about calendar/timestamp/timespan use
This should help clear up the confusion in
https://bugzilla.redhat.com/show_bug.cgi?id=1711065.
2019-05-21 09:56:41 +02:00
Zbigniew Jędrzejewski-Szmek
a6a67f71bb basic/time-util: make output argument optional 2019-05-21 09:56:41 +02:00
Zbigniew Jędrzejewski-Szmek
b12ef71416 shared/cpu-set-util: remove now-unused CPU_SIZE_TO_NUM() 2019-05-21 08:44:09 +02:00
Zbigniew Jędrzejewski-Szmek
a832893f9c shared/cpu-set-util: move the part to print cpu-set into a separate function
Also avoid unnecessary asprintf() when we can write to the output area
directly.
2019-05-21 08:44:03 +02:00
Zbigniew Jędrzejewski-Szmek
bd0abfaea1 core/dbus-execute: remove unnecessary initialization 2019-05-21 08:42:28 +02:00
Yu Watanabe
826c4f35c6
Merge pull request #12612 from keszybz/bootctl-column
Rename TEST-31-OOMPOLICY to avoid conflict and look in $BOOT for kernels
2019-05-21 07:45:12 +09:00
Lennart Poettering
6980b04fb6 json: fix minor memory leak on error path 2019-05-20 18:12:48 +02:00
Zbigniew Jędrzejewski-Szmek
2ba6ae6b2b core: do an extra check if oom was triggered when handling sigchild
Should fix #12425.
2019-05-20 16:37:06 +02:00
Zbigniew Jędrzejewski-Szmek
569554d9e5 core/service: drop {} 2019-05-20 16:37:06 +02:00
Topi Miettinen
0a51b45ce4 small fixes: make get_process_state() static and fix typo 2019-05-20 16:23:22 +02:00
Michael Biebl
98a3c188a1 test-bpf: skip test when run inside containers
The test reliably fails inside LXC and Docker when run on a new enough
kernel. It's unclear whether this is a kernel, LXC/Docker or systemd
issue and apparently there is no real interest to get this fixed, so
let's skip this test.
As this also covers Travis CI, there is no need for this additional
check anymore.

See https://github.com/systemd/systemd/issues/9666
2019-05-19 20:57:07 +02:00
Yu Watanabe
a166cd3aac
Merge pull request #12603 from ssahani/ndisc-blacklist
networkd: Ability to selectively ignore IPv6 prefixes supplied via ro…
2019-05-19 23:19:27 +09:00
Yu Watanabe
030a5d78ed efivars: allow plus in the entry name
Closes #12572.
2019-05-19 16:00:27 +02:00
Susant Sahani
e520ce6440 networkd: Ability to selectively ignore IPv6 prefixes supplied via router advertisement
Closes https://github.com/systemd/systemd/issues/10647
2019-05-19 22:23:06 +09:00
Zbigniew Jędrzejewski-Szmek
aa467bcae1 bootctl: do not allow -x and -p to be used together
-x already prints the path to ESP in some circumstances, and allowing
both to be printed seems confusing.
2019-05-19 12:01:32 +02:00
Zbigniew Jędrzejewski-Szmek
fba4e94506 bootctl: add -x shortcut for --print-boot-path
It's a quite useful option, let's match -p.
2019-05-19 11:55:36 +02:00
Zbigniew Jędrzejewski-Szmek
405b104df6 bootclt: add missing column
This got broken somehow in 44e6a5ef82.
2019-05-19 11:31:19 +02:00
Yu Watanabe
b26ea30801 network: tighten the condition whether link has carrier
ip command requires that IFF_RUNNING is set for that the link has
carrier.
2019-05-19 05:39:45 +09:00
David Tardon
525b95f10e timer: simplify computation of unit activation time 2019-05-18 16:58:27 +02:00
Yu Watanabe
cdd22d5129 network: set_put() here does not returns -EEXIST 2019-05-18 12:46:02 +09:00
Yu Watanabe
5279914e2c network: use in6_addr_hash_ops 2019-05-18 12:29:40 +09:00
Yu Watanabe
2968913e64 util: introduce in6_addr_hash_ops 2019-05-18 12:27:27 +09:00
Yu Watanabe
e7b621ee1f
Merge pull request #12586 from ssahani/route-properties
Route properties
2019-05-18 10:31:37 +09:00
Susant Sahani
9b88f20aba networkd: route add MPLS TTL propagate 2019-05-18 10:30:41 +09:00
Yu Watanabe
c9f0f21e28
Merge pull request #12593 from AdrianBunk/master
Small changes from Yocto/musl builds
2019-05-18 10:25:59 +09:00
Susant Sahani
8f02c9b085 networkd: FOU netdev add support to configure peer port 2019-05-18 10:25:36 +09:00
Zbigniew Jędrzejewski-Szmek
be44e09162 shared/varlink: add missing setting of output_buffer_allocated
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14708,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14735,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14725,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14720,
and probably others.
2019-05-17 15:09:32 +02:00
Zbigniew Jędrzejewski-Szmek
194da5ca51 shared/logs-show: show audit logs in blue
Audit logs always have _TRANSPORT=audit and no PRIORITY= field set.  This means
that they are shown in the default foreground color. There can be quite a lot
of them, and they often repeat the same information that is already logged by
applications, leading to a "wall of text" effect. Let's mark them with a
different color. This splits the logs visually into "normal logs" and "audit
logs".
2019-05-17 15:06:59 +02:00
Zbigniew Jędrzejewski-Szmek
a9009769de terminal-util: define yellow as "Khaki3"
Previously used "highlight yellow" was not visible on urxvt, because it
was too light. This color is shown as bold black by urxvt, but at least
it is readable. On other terminals it is shown as various hues of yellow,
pleasant on the eyes and not too bright. The color shown on linux console
could be called orange rather than yellow, but it is still readable.

(I also tried non-highlight "yellow", but it is not as readable.)

This is a follow-up for bb40c12569.
2019-05-17 15:06:59 +02:00
Susant Sahani
cb7e98ab05 sd-netlink: add route netlink properties 2019-05-17 13:44:33 +05:30
Zbigniew Jędrzejewski-Szmek
9a2b3d3df1 shared/calendarspec: make output arg optional 2019-05-17 10:09:32 +02:00
Zbigniew Jędrzejewski-Szmek
2cae4711f3 analyze: add 'timestamp' verb
We had 'calendar' and 'timespan', but the third one was missing.
Also consistently order the verbs as calendar/timestamp/timespan in help.

The output from 'timespan' is highlighted more.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1711065.
2019-05-17 10:09:32 +02:00
Andrej Valek
56e3c9581e fs-util.h: add missing sys/stat include
fix error:
| error: passing argument 5 of 'chase_symlinks_and_stat' from incompatible pointer type [-Werror=incompatible-pointer-types]
2019-05-17 09:40:46 +03:00
Adrian Bunk
8a8e84d297 Replace the legacy ULONG_LONG_MAX with the C99 ULLONG_MAX 2019-05-17 09:39:46 +03:00
Chen Qi
56fb30d93e socket-util.h: include string.h
Fix the following compile error:
src/basic/socket-util.h:187:30: error: implicit declaration of function 'strnlen'; did you mean 'strlen'? [-Werror=implicit-function-declaration]
2019-05-17 09:38:06 +03:00
Adrian Bunk
010f917cf2 src/udev/udev-event.c must #include <sys/wait.h>
Fixes the following build failure with musl:
../git/src/udev/udev-event.c: In function 'spawn_wait':
../git/src/udev/udev-event.c:600:53: error: 'WEXITED' undeclared (first use in this function); did you mean 'WIFEXITED'?
         r = sd_event_add_child(e, NULL, spawn->pid, WEXITED, on_spawn_sigchld, spawn);
                                                     ^~~~~~~

This looks like a bug in udev-event.c that could also have broken
the compilation after some future glibc header reshuffle.
2019-05-17 09:35:43 +03:00
Michael Biebl
dadc7f2e43 meson: stop creating .wants directories for {multi-user,getty}.target (#12569)
Since preset is supposed to be used to enable the services, there is no
need to pre-create those directories either.

Follow-up for #12164
2019-05-17 08:02:45 +02:00
Zbigniew Jędrzejewski-Szmek
b99f4d484b analyze: drop redundant call to calendar_spec_normalize()
calendar_spec_from_string() already does that.
2019-05-16 23:14:41 +02:00
Franck Bui
88bd5a32e8 udevd: change the default value of udev.children-max (again)
Follow-up for faae64fa3d, which increased the
default number of udev workers per cpu regardless of how big the system is.

It's not really clear from the commit message if the new number of workers
improved the overall time for the boot process or only reduced the number of
times the max number of children limit was reached (and in this case
5406c36844 commit might have been more appropriate in the first place).

But systems with ~1000 CPUs are not rare these days and the worker numbers get
quite large with CPU factor of 8. Spawning more than 2000 workers can't be
healthy on any system, no matter how big.

Indeed the main mistake is the belief that udev is CPU-intensive, and thus the
number of allowed workers has to increase with the number of CPUs. It is not,
at probably has never been. It's I/O bound, and sometimes, bound by resources
such as locks.

This is an argument to:

 - scale only weakly with the number of CPUs, and the rationale to switch back
   to a scale factor C=2 but with a higher offset number which should affect
   systems with a small number of CPUs only. With this patch applied the offset
   is increased from O=8 to O=16.

 - put an absolute maximum limit to make sure no more than 2048 workers are
   spawned no matter how big the system is.

This still provides more workers for the laptop cases (where the number of CPUs
is limited), while avoiding sky-rocketing numbers for big systems.

Note that on most desktop systems, the memory limit will kick in. The following
table collects numbers about children-max. For each scenario, the first column
is the "cpu_limit" limit, and the second number is the minimum amount of memory
for the "cpu_limit" limit to become relevant (with less RAM, memory will limit
the number of children thus "mem_limit" will become the active limit).

       |    > v240    |    < v240     |  this patch   |
 CPUs  | C = 8, O = 8 | C = 2, O = 8  | C = 2, O = 16 |
-------------------------------------------------------
   1   |   16      2  |   10    1.3   |   18       2  |
   2   |   24      3  |   12    1.5   |   20       2  |
   4   |   40      5  |   16      2   |   24       3  |
   8   |   72      9  |   24      3   |   32       4  |
  16   |  136     17  |   40      5   |   48       5  |
  64   |  520     65  |  136     17   |  144      18  |
1024   | 8200   1025  | 2056    263   | 2048     256  |
2048   |16392   2049  | 4104    513   | 2048     256  |

This patch is mainly based on Martin Wilck's analyze and comments.
2019-05-16 23:09:41 +02:00
Zbigniew Jędrzejewski-Szmek
e6042f682f
Merge pull request #12535 from poettering/color-grey
redefine how we select the ANSI color grey
2019-05-16 21:15:06 +02:00
Lennart Poettering
8550506439 random-util: add a longer comment explaining our RDRAND use 2019-05-16 19:23:08 +02:00
Frantisek Sumsal
6cda6774bd journalctl: return a non-zero EC when --grep returns no matches
When journalctl is compiled with PCRE2 support, let's return a non-zero
exit code when --grep is used and no match for given pattern is found.
This should allow users to use journalctl --grep in scripts instead of
piping journalctl into grep

Fixes #8152
2019-05-16 18:54:01 +02:00
Yu Watanabe
8688c29b5a varlink: initialize Varlink with 0
Closes oss-fuzz#14688.
2019-05-16 18:51:33 +02:00
Lennart Poettering
9725f1a10f
Merge pull request #12378 from rbalint/vt-kbd-reset-check
VT kbd reset check
2019-05-16 16:39:38 +02:00
Yu Watanabe
a32a00831c
Merge pull request #12574 from yuwata/network-mtu-issue-12552
network: do not always bump MTU with additional 4bytes
2019-05-16 08:25:48 +02:00
Yu Watanabe
fe0e16db09 network: do not use ordered_set_printf() for DOMAINS= or ROUTE_DOMAINS=
This partially reverts 5e2a51d588.

Fixes #12531.
2019-05-16 05:17:26 +02:00
Yu Watanabe
4e14e54638
Merge pull request #12549 from yuwata/network-sittun-disable-link-local-addressing-12547
network: disable LinkLocalAddressing on sit devices
2019-05-16 05:11:05 +02:00
Yu Watanabe
db439337f9
Merge pull request #12576 from ssahani/fou
networkd: FOU tunnel support Local and Peer tunnel addresses
2019-05-16 05:10:35 +02:00
Yu Watanabe
f6fcc1c2a4 network: bump MTU bytes only when MTUByte= is not set 2019-05-16 11:51:03 +09:00
Yu Watanabe
933c70a0a4 network: honor MTUBytes= setting
Closes #12552.
2019-05-16 11:47:41 +09:00
Susant Sahani
4502a61c8a networkd: FOU tunnel support Local and Peer tunnel addresses 2019-05-16 10:24:48 +09:00
Susant Sahani
397a74ddea sd-netlink: Add Fou properties FOU_ATTR_LOCAL_V4/FOU_ATTR_PEER_V4
FOU_ATTR_LOCAL_V6
FOU_ATTR_PEER_V6
FOU_ATTR_PEER_PORT
FOU_ATTR_IFINDEX
2019-05-16 10:24:48 +09:00
Yu Watanabe
a3824444e5 linux: update headers from current kernel master 2019-05-16 10:24:47 +09:00
Susant Sahani
69c317a07f networkd: introduce netdev ipvtap
This patch adds netdev ipvtap that is based on the
IP-VLAN network interface, called ipvtap. An ipvtap device can be created
in the same way as an ipvlan device, using 'kind ipvtap', and then accessed
using the tap user space interface.
2019-05-16 09:48:53 +09:00
Yu Watanabe
af2fa2c116 network: disable link local addressing on ipip, gre, sit, and vti netdevs
Closes #12547.
2019-05-16 05:53:41 +09:00
Yu Watanabe
b71d9a1296 wait-online: ignore -ENODATA on updating link information
When netdev is not created yet, the -ENODATA is returned.
2019-05-16 05:53:41 +09:00
Yu Watanabe
710ce9e537 network: link_check_ready() returns earlier if routes are not configured yet
link_request_set_routes() calls link_check_ready(), so it is not
necessary to continue that here.
2019-05-16 05:53:41 +09:00
Yu Watanabe
05dc2132e0
Merge pull request #12496 from yuwata/network-on-device-default-route
network: add DefaultRouteOnDevice= setting in [Network] section
2019-05-15 22:46:25 +02:00
Balint Reczey
13a43c73d8 Add check to switch VTs only between K_XLATE or K_UNICODE
Switching to K_UNICODE from other than L_XLATE can make the keyboard
unusable and possibly leak keypresses from X.

BugLink: https://launchpad.net/bugs/1803993
2019-05-15 22:28:56 +02:00
Yu Watanabe
80a8a7fb20 analyze: fix help message 2019-05-15 15:09:45 +02:00
Lennart Poettering
73130b0bcf
Merge pull request #12565 from zachsmith/fix-log-message-typos
systemd-sleep: Fix typos in log messages
2019-05-15 10:50:03 +02:00
Thadeu Lima de Souza Cascardo
59c55e73ea ask-password: prevent buffer overrow when reading from keyring
When we read from keyring, a temporary buffer is allocated in order to
determine the size needed for the entire data. However, when zeroing that area,
we use the data size returned by the read instead of the lesser size allocate
for the buffer.

That will cause memory corruption that causes systemd-cryptsetup to crash
either when a single large password is used or when multiple passwords have
already been pushed to the keyring.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
2019-05-15 10:49:46 +02:00
Yu Watanabe
5d5003ab35 network: add DefaultRouteOnDevice= setting in [Network] section
When enabled, then default route bound to the interface will be created.
This is useful when adding routes on point-to-point interfaces.

Closes #788.
2019-05-15 12:44:30 +09:00
Yu Watanabe
807341ec99 network: add missing error check 2019-05-15 12:44:30 +09:00
Susant Sahani
deb2cfa4c6 networkd: do not generate MAC for bridge device.
closes https://github.com/systemd/systemd/issues/12558
2019-05-15 04:03:14 +02:00
Zach Smith
6835d78dfe fix typo in partition device message 2019-05-14 07:08:27 -07:00
Michael Biebl
b62bc66018
Merge pull request #12536 from poettering/rdrand-workaround-on-amd
random-util: eat up bad RDRAND values seen on AMD CPUs
2019-05-14 12:29:41 +02:00
Yu Watanabe
6e114a2475
Merge pull request #12555 from ssahani/route-properties
networkd: route add support to configure fastopen_no_cookie
2019-05-14 09:03:52 +02:00
Susant Sahani
1501b429a9 networkd: DHCP client add support to send RELEASE packet
closes #10820
2019-05-14 09:03:01 +02:00
Zach Smith
45733c9d21 fix typo in wakealarm message 2019-05-13 20:01:36 -07:00
Susant Sahani
67c193bfb0 networkd: route fix coding style 2019-05-14 08:09:54 +05:30
Susant Sahani
633c725865 networkd: route add support to configure fastopen_no_cookie
This patch adds fastopen_no_cookie option to enable/disable TCP fastopen
without a cookie on a per-route basis.
2019-05-14 08:08:36 +05:30
Susant Sahani
bdb397ed10 networkd: bridge FDB support more NTF_* flags
Add support to configure NTF_ROUTER and NTF_USE
2019-05-14 02:24:51 +02:00
Yu Watanabe
d8f31d7d32
Merge pull request #12537 from yuwata/network-link-local-follow-ups
network: do not send ipv6 token to kernel
2019-05-14 02:22:18 +02:00
Susant Sahani
f4679bcb57 sd-netlink: support RTAX_FASTOPEN_NO_COOKIE 2019-05-13 16:44:55 +05:30
Yu Watanabe
bc45457f08
Merge pull request #12516 from yuwata/network-split-link
networkd: split networkd-link.c
2019-05-12 00:51:23 +02:00
Susant Sahani
d70c9bbd6c networkd: Geneve add support for inherit for TTL 2019-05-12 00:39:13 +02:00
Yu Watanabe
9f6e82e6eb network: do not send ipv6 token to kernel
We disabled kernel RA support. Then, we should not send
IFLA_INET6_TOKEN.
Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice.

Follow-up for 0e2fdb83bb and
4eb086a387.
2019-05-12 07:32:00 +09:00
Yu Watanabe
8e2cb51ce0 network: move MulticastRouter to netdev/bridge.[ch] 2019-05-11 06:24:04 +09:00
Yu Watanabe
86e2be7bc3 network: drop unnecessary initializations 2019-05-11 06:24:04 +09:00
Yu Watanabe
4799f19e30 network: move link_set_bond() to netdev/bond.c 2019-05-11 06:24:04 +09:00
Yu Watanabe
9a81f11956 network: move link_set_bridge to netdev/bridge.c 2019-05-11 06:24:04 +09:00
Yu Watanabe
3ddcbeea45 network: move CAN link related functions to networkd-can.c 2019-05-11 06:24:00 +09:00
Yu Watanabe
06d7cee589 network: make BindCarrier= work with CAN devices
If CAN device is set `BindCarrier=` then the interface could not be
down. This fixes the issue.
2019-05-11 06:21:43 +09:00
Yu Watanabe
8e54db83e2 network: make link_drop() can take custom handler
It will be used in the later commit.
2019-05-11 06:15:35 +09:00
Yu Watanabe
7f8539504c network: move sd_lldp related functions to networkd-lldp-rx.c 2019-05-11 06:14:39 +09:00
Susant Sahani
be7468f07a LLDP: Fix logs for LLDP
```
May 10 11:08:54 test systemd-networkd[447]: wwan0: Failed to stop LLDP: Success
May 10 11:08:54 test systemd-networkd[447]: wwan0: Gained carrier
May 10 11:08:54 test systemd-networkd[447]: wwan0: Failed to start LLDP: Success
```
2019-05-11 06:14:39 +09:00
Yu Watanabe
0b20047244 network: move link_lldp_emit_enabled() to networkd-lldp-tx.c 2019-05-11 06:14:39 +09:00
Lennart Poettering
1c53d4a070 random-util: eat up bad RDRAND values seen on AMD CPUs
An ugly, ugly work-around for #11810. And no, we shouldn't have to do
this. This is something for AMD, the firmware or the kernel to
fix/work-around, not us. But nonetheless, this should do it for now.

Fixes: #11810
2019-05-10 15:31:46 -04:00
Lennart Poettering
cb367b1785
Merge pull request #12518 from keszybz/naming-scheme
Document our naming schemes properly
2019-05-10 15:14:59 -04:00
Lennart Poettering
af1060e1ab journalctl: don't output ANSI sequences if disabled 2019-05-10 15:00:55 -04:00
Lennart Poettering
042f472eaa test: add test that shows all colors we define 2019-05-10 15:00:55 -04:00
Lennart Poettering
003aa3e045 terminal-util: add complete set of inline functions for all colors we define
We don#t actually use all combinations, but it's kinda nice if we can
output all combinations in a test, and this is preparation so that we
can do so nicely.
2019-05-10 15:00:55 -04:00
Lennart Poettering
1530bf251a terminal-util: reduce colors we define a bit
three of these colors we never use, so let's drop them. Let's however
add a highlight version of grey, so that at least for all colors we do
define we have all possible styles defined.
2019-05-10 15:00:55 -04:00
Lennart Poettering
bb40c12569 terminal-util: define grey as 256color ANSI sequence
Apparently all relevant terminals implement these sequences, including
the Linux kernel, rxvt, xterm, and of course gnome terminal. Hence it
should be OK to use them, and fixate the grey color in a way that maps
to the same color in all terminals.

Ideally we'd stick to the more symbolic colors that allow terminal
emulators to implement color styles, but this apparently doesn#t work,
since rxvt maps grey to something unreadable by default.

Note that this change has negative effects besides the non-themability
of the palette: the midrange grey this uses maps to regular white on the
linux console. However, that's probably not too bad: allowing things to
be unreadable on some terminals is probably worse than showing no color
on some terminals.

Fixes: #12482
2019-05-10 15:00:55 -04:00
Susant Sahani
f4a8ca329a networkd: VXLAN support keyword 'inherit' for TTL 2019-05-10 20:41:04 +02:00
Yu Watanabe
cd43199671
Merge pull request #12520 from ssahani/geneve
networkd: Geneve add DF feature and allow TTL to bechosen by kernel
2019-05-10 19:47:19 +02:00
Lennart Poettering
1c2a88a2e7
Merge pull request #12526 from keszybz/some-trivial-follow-ups-for-the-varlink-pr
Some trivial follow ups for the varlink PR
2019-05-10 13:29:58 -04:00
Zbigniew Jędrzejewski-Szmek
77740b5993 journalctl: improve error messages
Follow-up for #12230.
2019-05-10 16:55:37 +02:00
Zbigniew Jędrzejewski-Szmek
1d3fe304fd Use sd_event_source_disable_unref() 2019-05-10 16:55:37 +02:00
Zbigniew Jędrzejewski-Szmek
aa7585fd8e sd-event: add sd_event_source_disable_unrefp() too
I do not have any immediate use for it, but let's add it for completeness.
2019-05-10 16:55:37 +02:00
Zbigniew Jędrzejewski-Szmek
afd15bbb4b sd-event: add sd_event_source_disable_unref() helper 2019-05-10 16:55:35 +02:00
Susant Sahani
328184d1fc networkd: Geneve Allow TTL to be zero.
Also verify VNI is set
2019-05-10 22:45:26 +09:00
Susant Sahani
aac350192b networkd: Geneve add support configure IP don't fragment 2019-05-10 22:45:26 +09:00
Susant Sahani
469fd84866 sd-netlink: Add supprt for geneve properties
IFLA_GENEVE_TTL_INHERIT and
IFLA_GENEVE_DF
2019-05-10 22:45:26 +09:00
Yu Watanabe
5af7bc6f4c
Merge pull request #12480 from ssahani/proxy-arp
network: bridge add support to configure proxy ARP/WIFI
2019-05-10 15:30:41 +02:00
Susant Sahani
727b573418 networkd: Add support for blacklisting servers
closes #6260

fuzzer: Add DHCP support for blacklisting servers
2019-05-10 15:29:55 +02:00
Zbigniew Jędrzejewski-Szmek
8c053c83ae udev: drop "en" prefix from ID_NET_NAME_ONBOARD
The comment in udev-builtin-net_id.c (removed in grandparent commit) showed the
property without the prefix. I assume that was always the intent, because it
doesn't make much sense to concatenate anything to an arbitrary user-specified
field.
2019-05-10 10:24:28 +02:00
Zbigniew Jędrzejewski-Szmek
4c27f691a5 udev: fix various comments
In particular: "re-renaming" was just a copy-paste error.
2019-05-10 10:24:28 +02:00
Zbigniew Jędrzejewski-Szmek
0b1e5b6ed8 man: describe naming schemes in a new man page
I decided to make this a separate man page because it is freakin' long.
This content could equally well go in systemd-udevd.service(8), systemd.link(5),
or a new man page for the net_id builtin.

v2:
- rename to systemd.net-naming-scheme
- add udevadm test-builtin net_id example
2019-05-10 10:24:03 +02:00
Zbigniew Jędrzejewski-Szmek
e36ddc67ac test-alloc-util: add "test" that cleanup functions are done in expected order 2019-05-10 09:46:55 +02:00
Zbigniew Jędrzejewski-Szmek
53ab531954
Merge pull request #12230 from poettering/varlink-minimal
add simple varlink implementation + allow to move journald logging back from /var to /run
2019-05-10 09:40:49 +02:00
Susant Sahani
8185ca6c0a networkd: Log error if LLDP fails to start/stop
Now LLDP does not log anything why it failed which
is hard to debug. Let's just add some logs.

https://github.com/systemd/systemd/issues/10881
2019-05-10 00:01:01 +02:00
Lennart Poettering
c0dfcb318c journalctl: add new --relinquish and --smart-relinquish options
The latter is identical to the former, but becomes a NOP if
/var/log/journal is on the same mount as /, and thus during shutdown
unmounting /var is not necessary and hence we can keep logging until the
very end.
2019-05-09 14:26:42 -04:00
Lennart Poettering
b4e26d1d8e journald: add API to move logging from /var to /run again
We now have this nice little Varlink API, let's beef it up a bit.
2019-05-09 14:26:42 -04:00
Lennart Poettering
4f413af2a0 journalctl: port --flush/--sync/--rotate to use varlink method calls 2019-05-09 14:26:40 -04:00
Lennart Poettering
1ec23479e1 journald: also offer flush/rotate/sync as varlink method calls
This makes the operations previously available via asynchronous signals
also available as regular varlink method calls, i.e. with sane
completion.
2019-05-09 14:14:20 -04:00
Lennart Poettering
d768467563 fuzzer: add varlink fuzzer 2019-05-09 14:14:20 -04:00
Lennart Poettering
635d059fa5 tests: add varlink test 2019-05-09 14:14:20 -04:00
Lennart Poettering
d41bd96f54 shared: add minimal varlink implementation
This adds a minimal Varlink (https://varlink.org/) implementation to our
tree. Given that we already have a JSON logic it's an easy thing to add.

Why bother?

We currently have major problems with IPC before dbus-daemon is up, and
in all components that dbus-daemon itself makes use of (such as various
NSS modules to resolve users as well as the journal which dbus-daemon
logs to). Because of that we so far ended up creating various (usually
crappy) work-arounds either coming up with secondary IPC systems or
sharing data statelessly in /run or similar. Let's clean this up, and
instead use a clean, well-defined, broker-less IPC for cases like that.

This is a minimal implementation of Varlink, i.e. the most basic logic
only. Stuff that's missing is left out on purpose: there's no
introspection/validation and there's no name service. It might make
sense to add that later, but for now let's only do the minimum buy-in we
can get away with. In particular as I'd assume that at least initially
we only use this IPC for our internal communication avoiding
introspection and the name service should be fine.

Specifically, I'd expect that we add IPC interfaces to the following
concepts with this scheme:

1. nss-resolve (so that hostname lookups with resolved work before
   resolved is up)
2. journald (so that IPC calls to journald don't have to go through
   dbus-daemon thus creating a cyclic dependency between journald and
   dbus-daemon)
3. nss-systemd (so that dynamic user lookups via PID 1 work sanely even
   inside of dbus-daemon, because otherwise we'd want to use dbus to run
   dbus which causes deadlocks)
4. networkd (to make sure one can talk to it in the initrd already,
   long before dbus is around)

And there might be other cases similar to this.
2019-05-09 14:14:20 -04:00
Susant Sahani
0fadb2a46f network: add support to configure proxy ARP/WIFI 2019-05-09 15:03:04 +09:00
Susant Sahani
1189c00a3c networkd: VXLAN add support to configure IP Don't fragment.
Allow users to set the IPv4 DF bit in outgoing packets, or to inherit its
value from the IPv4 inner header. If the encapsulated protocol is IPv6 and
DF is configured to be inherited, always set it.
2019-05-09 06:40:33 +02:00
Susant Sahani
2a36d4006d sd-netlink: Add VXLAN netlink properties
Add IFLA_VXLAN_DF and IFLA_VXLAN_TTL_INHERIT
2019-05-09 06:40:33 +02:00
Susant Sahani
1c8b0eccc7 networkd: Assign VXLAN destination port to when GPE is set
When VXLAN destination port is unset and GPE is set
then assign 4790 to destination port. Kernel does the same as
well as iproute.

IANA VXLAN-GPE port is 4790
2019-05-09 06:40:33 +02:00
Susant Sahani
4eb086a387 networkd: fix link_up() (#12505)
Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up.

Fixes the following error:
```
dummy-test: Could not bring up interface: Invalid argument
```

After reading the kernel code when we do a link up
```
net/core/rtnetlink.c
IFLA_AF_SPEC
 af_ops->set_link_af(dev, af);
  inet6_set_link_af
   if (tb[IFLA_INET6_ADDR_GEN_MODE])
             Here it looks for IFLA_INET6_ADDR_GEN_MODE
```
Since link up we didn't filling up that it's failing.

Closes #12504.
2019-05-09 04:05:35 +02:00
Yu Watanabe
9aa5d8ba84 network: include glibc headers before including kernel headers 2019-05-09 03:21:31 +02:00
Yu Watanabe
d03f390ef2 network: drop arpa/inet.h from networkd-manager.h 2019-05-09 02:33:33 +02:00
Yu Watanabe
fa67272288 sd-netlink: include glibc headers earlier to resolve conflict with kernel headers
Then, hopefully libc-compat.h make everything fine.
2019-05-09 02:29:32 +02:00
Yu Watanabe
004aadcacd network: replace inet_pton() with in_addr_from_string() 2019-05-09 01:44:31 +02:00
Yu Watanabe
57e447078d network: replace inet_ntop() with in_addr_to_string() 2019-05-09 01:44:31 +02:00
Susant Sahani
1087623bac networkd: Add support to configure proxy ARP and proxy ARP Wifi 2019-05-09 01:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
180f1e3359
Merge pull request #12445 from cdown/dmm_docs
cgroup: Some memory protection fixes
2019-05-08 18:09:45 +02:00
Lennart Poettering
e95be7def2
Merge pull request #12411 from keszybz/pr/12394
run: when emitting the calendarspec warning, use red
2019-05-08 10:11:32 -04:00
Lennart Poettering
fd5e11f0bd
Merge pull request #12509 from poettering/table-fixlets
two trivial fixes to table formatting code
2019-05-08 10:10:55 -04:00
Evgeny Vereshchagin
7f2cdceaed util-lib: fix a typo in rdrand
Otherwise, the fuzzers will fail to compile with MSan:
```
../../src/systemd/src/basic/random-util.c:64:40: error: use of undeclared identifier 'sucess'; did you mean 'success'?
        msan_unpoison(&success, sizeof(sucess));
                                       ^~~~~~
                                       success
../../src/systemd/src/basic/alloc-util.h:169:50: note: expanded from macro 'msan_unpoison'
                                                 ^
../../src/systemd/src/basic/random-util.c:38:17: note: 'success' declared here
        uint8_t success;
                ^
1 error generated.
[80/545] Compiling C object 'src/basic/a6ba3eb@@basic@sta/process-util.c.o'.
ninja: build stopped: subcommand failed.
Fuzzers build failed
```
2019-05-08 16:10:06 +02:00
Chris Down
465ace74d9 cgroup: Test that it's possible to set memory protection to 0 again
The previous commit fixes this up, and this should prevent it
regressing.
2019-05-08 12:06:32 +01:00
Chris Down
22bf131be2 cgroup: Support 0-value for memory protection directives
These make sense to be explicitly set at 0 (which has a different effect
than the default, since it can affect processing of `DefaultMemoryXXX`).

Without this, it's not easily possible to relinquish memory protection
for a subtree, which is not great.
2019-05-08 12:06:32 +01:00
Chris Down
7e7223b3d5 cgroup: Readd some plumbing for DefaultMemoryMin
Somehow these got lost in the previous PR, rendering DefaultMemoryMin
not very useful.
2019-05-08 12:06:32 +01:00
Lennart Poettering
fd0a16d8a5
Merge pull request #11887 from evverx/fuzzbuzz
tests: hook up fuzz targets to FuzzBuzz
2019-05-08 12:40:03 +02:00
Lennart Poettering
e82e549fb2 tree-wide: make use of the new WRITE_STRING_FILE_MKDIR_0755 flag 2019-05-08 06:36:20 -04:00
Lennart Poettering
22e596d6d5 tree-wide: voidify a few calls 2019-05-08 06:36:20 -04:00
Lennart Poettering
50ccd86453 fileio: add new WRITE_STRING_FILE_MKDIR_0755 flag for mkdir'ing parent 2019-05-08 06:36:20 -04:00
Lennart Poettering
324d9acab7 machinectl/loginctl: show json output if requested even if zero entries 2019-05-08 06:33:36 -04:00
Lennart Poettering
a1c7a1f057 format-table: correct prototype 2019-05-08 06:33:36 -04:00
Zbigniew Jędrzejewski-Szmek
d1c377da0d
Merge pull request #12489 from ssahani/vxlan
networkd: VXLAN rename Id to VNI
2019-05-08 12:02:54 +02:00
Zbigniew Jędrzejewski-Szmek
ad3b2109c3
Merge pull request #12507 from poettering/random-fixlets
three minor fixes to random-util.c
2019-05-08 12:02:02 +02:00
Zbigniew Jędrzejewski-Szmek
4bea24696a systemctl: show a hint if root privileges might yield more information 2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
62bf89d7d2 shared/verbs: drop now-unused VERB_MUST_BE_ROOT 2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
a004cb75c0 systemctl: drop one must_be_root_check()
(before)
$ build/systemctl list-machines
Need to be root.
$ sudo build/systemctl list-machines
NAME          STATE   FAILED JOBS
krowka (host) running      0    0
rawhide       running      0    0

2 machines listed.

(after)
$ build/systemctl list-machines
NAME          STATE   FAILED JOBS
krowka (host) running      0    0
rawhide       n/a          0    0

2 machines listed.

The output for non-root is missing some bits of information, but we display
what information is missing nicely, and e.g. in the case when no machines are
running at all, or only VMs are running, the unprivileged output would be the
same as the privileged one.
2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
7c3ce8b5a9 bootctl: drop must_be_root() checks
The reasoning is the same as in previous cases. We get an error like
"Failed to update EFI variable: Operation not permitted" anyway, so
the check is not very useful.
2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
ded3a40301 bless-boot: drop must_be_root() checks
If we lack permissions, we will fail anyway. But by not doing the artifial
check, we get more information. For example, on my machine, I see
$ build/systemd-bless-boot good
Not booted with boot counting in effect.

while "Need to be root" is actually untrue, because being root doesn't change
the outcome in any way.

Letting the operation fail on the actual error makes it easier to do test runs:
we *know* the command will fail, but we want to see what the first step would
be.

Not doing the articial check makes it also easier to do create alternative
security arrangements, for example where the directories are mounted with
special ownership mode and an otherwise unprivileged user can perform certain
operations.
2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
569ad251ad udevadm: drop pointless must_be_root() checks
Checking if we are root on the client side is generally pointless, since the
privileged operation will fail anyway and we can than log what precisly went
wrong.

A check like this makes sense only if:
- we need to do some expensive unprivileged operation before attempting the
  privileged operation, and the check allows us avoid wasting resources.
- the privileged operation would fail but in an unclear way.

Neither of those cases applies here.

This fixes calls like 'udevadm control -h' as unprivileged user.
2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
0d0464d39d journalctl,shared/log: use yellow for warnings
In program output, highlighting warnings with ANSI_HIGHLIGHT is not enough,
because it doesn't stand out enough. Yellow is more appropriate.

I was worried that yellow wouldn't be visible on white background, but (at
least gnome-terminal) uses a fairly dark yellow that is fully legible on white
and light-colored backgrounds. We also used yellow in many places,
e.g. systemctl, so this should be fine.

Note: yellow is unreadable on urxvt with white background (urxvt +rv). But
grey, which we already used, is also unreadable, so urxvt users would have
to disable colors anyway, so this change does not make the problem
intrinsically worse. See
https://github.com/systemd/systemd/issues/12482#issuecomment-490374210.
2019-05-08 09:50:38 +02:00
Zbigniew Jędrzejewski-Szmek
1a04395959 Enable log colors for most of tools in /usr/bin
When emitting the calendarspec warning we want to see some color.
Follow-up for 04220fda5c.

Exceptions:
- systemctl, because it has a lot hand-crafted coloring
- tmpfiles, sysusers, stdio-bridge, etc, because they are also used in
  services and I'm not sure if this wouldn't mess up something.
2019-05-08 09:50:21 +02:00
Zbigniew Jędrzejewski-Szmek
37b8d2f699 basic/log: use colors to highlight messages like journalctl 2019-05-08 09:45:38 +02:00
Susant Sahani
61b824c561 networkd: bridge fdb add support to configure VXLAN VNI 2019-05-08 03:43:43 +02:00
Susant Sahani
8c32c5884d networkd: VXLAN use correct type for VNI 2019-05-08 06:52:54 +05:30
Susant Sahani
4cc0fd7531 networkd: VXLAN add support to configure Generic Protocol Extension
See https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe-07
2019-05-08 06:52:42 +05:30
Lennart Poettering
b2adc2ae3a
Merge pull request #12501 from keszybz/silence-strncpy-warnings
Silence strncpy warnings
2019-05-08 01:39:32 +02:00
Lennart Poettering
328f850e36 random-util: rename "err" to "success"
After all rdrand returns 1 on success, and 0 on failure, hence let's
name this accordingly.
2019-05-07 18:51:26 -04:00
Evgeny Vereshchagin
87ac55a129 tests: hook up fuzz targets to FuzzBuzz 2019-05-07 21:39:01 +00:00
Lennart Poettering
80eb560a5b random-util: hash AT_RANDOM getauxval() value before using it
Let's be a bit paranoid and hash the 16 bytes we get from getauxval()
before using them. AFter all they might be used by other stuff too (in
particular ASLR), and we probably shouldn't end up leaking that seed
though our crappy pseudo-random numbers.
2019-05-07 17:31:20 -04:00
Lennart Poettering
cc28145d51 random-util: use gcc's bit_RDRND definition if it exists 2019-05-07 17:31:20 -04:00
Lennart Poettering
1a0ffa1e73 random-util: rename RANDOM_DONT_DRAIN → RANDOM_MAY_FAIL
The old flag name was a bit of a misnomer, as /dev/urandom cannot be
"drained". Once it's initialized it's initialized and then is good
forever. (Only /dev/random has a concept of 'draining', but we never use
that, as it's an obsolete interface).

The flag is still useful though, since it allows us to suppress accesses
to the random pool while it is not initialized, as that trips up the
kernel and it logs about any such attempts, which we really don't want.
2019-05-07 17:30:40 -04:00
Zbigniew Jędrzejewski-Szmek
099c77fd5f scsi_serial: replace some crazy strncpy() calls by strnlen()
gcc was warning about strncpy() leaving an unterminated string.
In this case, it was correct.

The code was doing strncpy()+strncat()+strlen() essentially to determine
if the strings have expected length. If the length was correct, a buffer
overread was performed (or at least some garbage bytes were used from the
uninitialized part of the buffer). Let's do the length check first and then
only copy stuff if everything agrees.

For some reason the function was called "prepend", when it obviously does
an "append".
2019-05-07 21:06:44 +02:00
Zbigniew Jędrzejewski-Szmek
6695c200bd shared/utmp-wtmp: silence gcc warning about strncpy truncation
Unfortunately the warning must be known, or otherwise the pragma generates a
warning or an error. So let's do a meson check for it.

Is it worth doing this to silence the warning? I think so, because apparently
the warning was already emitted by gcc-8.1, and with the recent push in gcc to
catch more such cases, we'll most likely only get more of those.
2019-05-07 21:05:26 +02:00
Susant Sahani
76fbd4d73d networkd: VXLan TTL must be <= 255
Ignore when TTL > 255
2019-05-07 20:34:45 +02:00
Susant Sahani
83cb24ac20 networkd: VXLan Make group and remote variable separate
VXLAN Document Group=
2019-05-07 20:34:27 +02:00
Zbigniew Jędrzejewski-Szmek
717e8eda77
Merge pull request #12475 from yuwata/network-fix-12452
network: add network_ref/_unref() and make Link object take a reference of Network object
2019-05-07 20:03:22 +02:00
Zbigniew Jędrzejewski-Szmek
9175aabfb6
Merge pull request #12481 from ssahani/dhcp-max-retry
networkd: Allow DHCP4 client to set the number to attempt to configure/reconfigure
2019-05-07 19:58:40 +02:00
Susant Sahani
6f213e4a34 networkd: VXLAN rename Id to VNI
It makes more sense to call VXLAN ID as

1. the VXLAN Network Identifier (VNI) (or VXLAN Segment ID)
2. test-network: rename VXLAN Id to VNI
3. fuzzer: Add VXLAN VNI directive to fuzzer
2019-05-07 20:52:11 +05:30
Yu Watanabe
aa5f4c7773 network: add error cause in the log 2019-05-07 17:12:09 +02:00
Susant Sahani
715cedfbf0 networkd: Allow DHCP4 client to set the number to attempt to reconfigure.
Otherwise current value is 6 and after 6 it will give up.
2019-05-07 17:12:04 +02:00
Yu Watanabe
67a4683364 network: use IN_ADDR_NULL and ETHER_ADDR_NULL
The change in manager_rtnl_process_address() may not be necessary,
but for safety, let's initialize the value.
2019-05-07 16:55:19 +02:00
Yu Watanabe
ce2ea782c2 network: fix conditional jump depends on uninitialised value(s)
When address is in IPv4, the remaining buffer in in_addr_union may
not be initialized.

Fixes the following valgrind warning:
```
==13169== Conditional jump or move depends on uninitialised value(s)
==13169==    at 0x137FF6: UnknownInlinedFun (networkd-ndisc.c:77)
==13169==    by 0x137FF6: UnknownInlinedFun (networkd-ndisc.c:580)
==13169==    by 0x137FF6: ndisc_handler.lto_priv.83 (networkd-ndisc.c:597)
==13169==    by 0x11BE23: UnknownInlinedFun (sd-ndisc.c:201)
==13169==    by 0x11BE23: ndisc_recv.lto_priv.174 (sd-ndisc.c:254)
==13169==    by 0x4AA18CF: source_dispatch (sd-event.c:2821)
==13169==    by 0x4AA1BC2: sd_event_dispatch (sd-event.c:3234)
==13169==    by 0x4AA1D88: sd_event_run (sd-event.c:3291)
==13169==    by 0x4AA1FAB: sd_event_loop (sd-event.c:3313)
==13169==    by 0x117401: UnknownInlinedFun (networkd.c:113)
==13169==    by 0x117401: main (networkd.c:120)
==13169==  Uninitialised value was created by a stack allocation
==13169==    at 0x1753C8: manager_rtnl_process_address (networkd-manager.c:479)
```
2019-05-07 16:55:19 +02:00
Yu Watanabe
62bbbedf73 sd-radv: fix memleak
Fixes one memleak found in #12452.
2019-05-07 16:55:19 +02:00
Yu Watanabe
2c448c8a17 network: fix use-after-free
The function sd_radv_add_prefix() in dhcp6_pd_prefix_assign() may
return -EEXIST, and in that case the sd_radv_prefix object allocated
in dhcp6_pd_prefix_assign() will be freed when the function returns.
Hence, the key value in Manager::dhcp6_prefixes hashmap is lost.
2019-05-07 16:55:19 +02:00
Yu Watanabe
ca7c792b83 network: fix memleak and double free
Fixes the third issue in #12452.
2019-05-07 16:55:19 +02:00
Yu Watanabe
f535e35417 network: simplify link_free() 2019-05-07 16:55:19 +02:00
Yu Watanabe
715d398e61 network: drop list fields in Network object 2019-05-07 16:55:19 +02:00
Susant Sahani
d4df632674 networkd: manager do not unef netlink and gennetlink early
Because of this the fd is getting closed and we getting errors
like
```
^Ceno1: Could not send rtnetlink message: Bad file descriptor
enp7s0f0: Could not send rtnetlink message: Bad file descriptor
enp7s0f0: Cannot delete unreachable route for DHCPv6 delegated subnet 2a0a:...:fc::/62: Bad file descriptor
Assertion '*_head == _item' failed at ../systemd/src/network/networkd-route.c:126, function route_free(). Aborting.
Aborted
```

Closes one of https://github.com/systemd/systemd/issues/12452
2019-05-07 16:55:19 +02:00
Yu Watanabe
c9c908a60d network: make Link objects take references of Network objects 2019-05-07 16:55:19 +02:00
Yu Watanabe
35ac3b7664 network: introduce reference counter for Network object 2019-05-07 16:55:19 +02:00
Zbigniew Jędrzejewski-Szmek
881a62debb scsi_serial: replace &foo[n] by foo+n 2019-05-07 15:07:43 +02:00
Zbigniew Jędrzejewski-Szmek
f1d553e9df shared/utmp-wtmp: avoid gcc warning about strncpy truncation
The fact that strncpy does the truncation is the whole point here, and gcc
shouldn't warn about this. We can avoid the warning and simplify the
whole procedure by directly copying the interesting part.
2019-05-07 14:15:46 +02:00
Zbigniew Jędrzejewski-Szmek
c98b354500 network: remove redunant link name in message
Fixes #12454.

gcc was complaining that the link->ifname argument is NULL. Adding
assert(link->ifname) right before the call has no effect. It seems that
gcc is confused by the fact that log_link_warning_errno() internally
calls log_object(), with link->ifname passed as the object. log_object()
is also a macro and is does a check whether the passed object is NULL.
So we have a check if something is NULL right next an unconditional use
of it where it cannot be NULL. I think it's a bug in gcc.

Anyway, we don't need to use link->ifname here. log_object() already prepends
the object name to the message.
2019-05-07 13:46:55 +02:00
Yu Watanabe
b30160ff7f
Merge pull request #12478 from yuwata/wireguard-fwmark
network: rename WireGuard.FwMark -> FirewallMark
2019-05-07 05:16:34 +02:00
Yu Watanabe
11793fcd63 sd-dhcp: store number of trial in sd_dhcp_client::attempt
Calling 2^n as attempt is misleading.
2019-05-07 04:08:33 +02:00
Zbigniew Jędrzejewski-Szmek
3759c0bdd3
Merge pull request #12440 from poettering/realloc-again
another shot at the malloc_usable_size() thing
2019-05-06 17:17:22 +02:00
Mike Gilbert
5797a12223 basic/mountpoint-util: whitelist 'exfat' in fstype_can_uid_gid 2019-05-06 16:43:22 +02:00
Susant Sahani
946f8e14d5 networkd: stop clients when networkd shuts down (#12463)
We not stopping the clients when networkd stops. They
should shut down cleanly and then we need to clean the DS.

One of requirements to implement
https://github.com/systemd/systemd/issues/10820.

```
^CBus bus-api-network: changing state RUNNING → CLOSED
DHCP SERVER: UNREF
DHCP SERVER: STOPPED
DHCP CLIENT (0x60943df0): STOPPED
veth-test: DHCP lease lost
veth-test: Removing address 192.168.5.31
NDISC: Stopping IPv6 Router Solicitation client
DHCP CLIENT (0x0): FREE
==24308==
==24308== HEAP SUMMARY:
==24308==     in use at exit: 8,192 bytes in 2 blocks
==24308==   total heap usage: 4,230 allocs, 4,228 frees, 1,209,732 bytes allocated
==24308==
==24308== LEAK SUMMARY:
==24308==    definitely lost: 0 bytes in 0 blocks
==24308==    indirectly lost: 0 bytes in 0 blocks
==24308==      possibly lost: 0 bytes in 0 blocks
==24308==    still reachable: 8,192 bytes in 2 blocks
==24308==         suppressed: 0 bytes in 0 blocks
==24308== Rerun with --leak-check=full to see details of leaked memory
==24308==
==24308== For lists of detected and suppressed errors, rerun with: -s
==24308== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==24308== could not unlink /tmp/vgdb-pipe-from-vgdb-to-24308-by-sus-on-Zeus
==24308== could not unlink /tmp/vgdb-pipe-to-vgdb-from-24308-by-sus-on-Zeus
==24308== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-24308-by-sus-on-Zeus

```
2019-05-06 16:06:50 +02:00
Frantisek Sumsal
6ab668337e test: return a non-zero return code when 'nobody' user doesn't exist
Lookup of a non-existing user using getpwnam() is not considered
an error, thus the `errno` is not set appropriately, causing
unexpected fails on systems, where 'nobody' user doesn't exist by
default
2019-05-06 15:13:07 +02:00
Yu Watanabe
1c30b174ed network: rename WireGuard.FwMark -> FirewallMark
For the consistency with FirewallMark= in [RoutingPolicyRule] section.
2019-05-04 17:20:23 +02:00
Yu Watanabe
810ae0dc95 network: warn about Network.IPv4LL= is deprecated 2019-05-04 16:46:02 +02:00
Yu Watanabe
29e81083bd network: disable fallback IPv4ll address assignment when DHCPv4 is disabled 2019-05-04 16:46:02 +02:00
Yu Watanabe
e800fd24a1 network: use DEFINE_STRING_TABLE_LOOKUP() macro for AddressFamilyBoolean 2019-05-04 16:46:02 +02:00
Yu Watanabe
6c0c041a8e network: make link_check_ready() handle LinkLocalAddressing=fallback 2019-05-04 16:46:02 +02:00
Yu Watanabe
552081a499 network: rewrite condition about DHCP in link_check_ready() 2019-05-04 16:46:02 +02:00
Susant Sahani
8bc17bb3f7 networkd: Option to use LinkLocalAddressing only when DHCP fails
When LinkLocalAddressing=fallback or LinkLocalAddressing=ipv4-fallback
then IPv4LL will be started only when DHCP fails.

Closes #9648.
2019-05-04 16:45:57 +02:00
Chris Down
6450ee3f8c
Merge pull request #12466 from yuwata/network-fix-issue-12452
network: fix assertion when link get carrier
2019-05-03 23:01:28 -04:00
Chris Down
b6adba159c
Merge pull request #12441 from ssahani/bridge-fdb
networkd: add support for bridge fdb destination address.
2019-05-03 09:50:47 -04:00
Wieland Hoffmann
8a7033ac2f fstab-generator: Prevent double free of reused FILE*
When the .automount unit file already existed for any reason in the
`normal-dir` passed to `systemd-fstab-generator`, but the normal .mount unit
file did not, `f` was closed (but _not_ set to NULL). The call to
`generator_open_unit_file(..., automount_name, &f)` then failed because the
.mount unit file already existed. Now `f` did not point to an open FILE and the
later cleanup from the `_cleanup_fclose_` attribute failed with a double free.
Reset `f` to NULL before reusing it.
2019-05-03 13:22:36 +02:00
Susant Sahani
c2c2793f39 networkd: Add support to configure destination address for bridge FDB
Closes #5145.

Example conf:
```
[Match]
Name=vxlan1309

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.2

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.4

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.5
```
2019-05-03 06:11:52 +02:00
Yu Watanabe
b9ea3d2e47 network: fix assertion when link get carrier
This fixes a bug introduced by bd08ce5615.
When link is in LINK_STATE_INITIALIZED, `Link::network` may not be
set yet.

Fixes #12452.
2019-05-03 01:14:36 +02:00
Lennart Poettering
4136447576 test-alloc-util: let's test a few more things around GREEDY_REALLOC() 2019-05-02 14:53:40 +02:00
Lennart Poettering
e59054270c alloc-util: reintroduce malloc_usable_size() into greedy_realloc()
This is another attempt at d4b604baea and #12438

Instead of blindly using the extra allocated space, let's do so only
after telling libc about it, via a second realloc(). The second
realloc() should be quick, since it never has to copy memory around.
2019-05-02 14:53:40 +02:00