IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I covered the most obvious paths: those where there's a clear problem
with a path specified by the user.
Prints something like this (at error level):
May 21 20:00:01.040418 systemd[125871]: bad-workdir.service: Failed to set up mount namespacing: /run/systemd/unit-root/etc/tomcat9/Catalina: No such file or directory
May 21 20:00:01.040456 systemd[125871]: bad-workdir.service: Failed at step NAMESPACE spawning /bin/true: No such file or directory
Fixes#10972.
This restores show_pid_array() output in legacy locales on the console.
Only one call to get_process_cmdline() is changed, all others retain
utf8-only mode. This affects systemd-cgls, systemctl status, etc, when
working locally.
Calls to get_process_cmdline() that cross a process boundary always use
utf8. It's the callers responsibility to convert this to some encoding that
they use. This means that we always pass utf8 over the bus.
It turns out that the kernel allows comm names higher than our expected limit
of 16.
$ wc -c /proc/*/comm|sort -g|tail -n3
35 /proc/1292317/comm
35 /proc/1293610/comm
36 /proc/1287112/comm
$ cat /proc/1287112/comm
kworker/u9:3-kcryptd/253:0
The functions to retrieve and print process cmdlines were based on the
assumption that they contain printable ASCII, and everything else
should be filtered out. That assumption doesn't hold in today's world,
where people are free to use unicode everywhere.
This replaces the custom cmdline reading code with a more generic approach
using utf8_escape_non_printable_full().
For kernel threads, truncation is done on the parenthesized name, so we'll
get "[worker]", "[worker…]", …, "[w…]", "[…", "…" as we reduce the number of
available columns.
This implementation is most likely slower for very long cmdlines, but I don't
think this is very important. The common case is to have short commandlines,
and should print those properly. Absurdly long cmdlines are the exception,
which needs to be handled correctly and safely, but speed is not too important.
Fixes#12532.
v2:
- use size_t for the number of columns. This change propagates into various
other functions that call get_process_cmdline(), increasing the size of the
patch, but the changes are rather trivial.
The length of device identification VPD page is filled with two bytes,
but scsi_id only gets the low byte. Fix it.
Signed-off-by: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
Now the MTU is not displayed. with this patch it's fixed.
(networkctl)⚡ % ./networkctl status enp0s31f6 ~/tt/networkctl/build
WARNING: systemd-networkd is not running, output will be incomplete.
● 4: enp0s31f6
Link File: /usr/lib/systemd/network/99-default.link
Network File: n/a
Type: ether
State: n/a (unmanaged)
Path: pci-0000:00:1f.6
Driver: e1000e
Vendor: Intel Corporation
Model: Ethernet Connection (2) I219-LM
HW Address: 8c:16:45:6c:83:b9 (LCFC(HeFei) Electronics Technology co., ltd)
MTU: 1500
The test reliably fails inside LXC and Docker when run on a new enough
kernel. It's unclear whether this is a kernel, LXC/Docker or systemd
issue and apparently there is no real interest to get this fixed, so
let's skip this test.
As this also covers Travis CI, there is no need for this additional
check anymore.
See https://github.com/systemd/systemd/issues/9666
Audit logs always have _TRANSPORT=audit and no PRIORITY= field set. This means
that they are shown in the default foreground color. There can be quite a lot
of them, and they often repeat the same information that is already logged by
applications, leading to a "wall of text" effect. Let's mark them with a
different color. This splits the logs visually into "normal logs" and "audit
logs".
Previously used "highlight yellow" was not visible on urxvt, because it
was too light. This color is shown as bold black by urxvt, but at least
it is readable. On other terminals it is shown as various hues of yellow,
pleasant on the eyes and not too bright. The color shown on linux console
could be called orange rather than yellow, but it is still readable.
(I also tried non-highlight "yellow", but it is not as readable.)
This is a follow-up for bb40c12569.
We had 'calendar' and 'timespan', but the third one was missing.
Also consistently order the verbs as calendar/timestamp/timespan in help.
The output from 'timespan' is highlighted more.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1711065.
Fix the following compile error:
src/basic/socket-util.h:187:30: error: implicit declaration of function 'strnlen'; did you mean 'strlen'? [-Werror=implicit-function-declaration]
Fixes the following build failure with musl:
../git/src/udev/udev-event.c: In function 'spawn_wait':
../git/src/udev/udev-event.c:600:53: error: 'WEXITED' undeclared (first use in this function); did you mean 'WIFEXITED'?
r = sd_event_add_child(e, NULL, spawn->pid, WEXITED, on_spawn_sigchld, spawn);
^~~~~~~
This looks like a bug in udev-event.c that could also have broken
the compilation after some future glibc header reshuffle.
Follow-up for faae64fa3d, which increased the
default number of udev workers per cpu regardless of how big the system is.
It's not really clear from the commit message if the new number of workers
improved the overall time for the boot process or only reduced the number of
times the max number of children limit was reached (and in this case
5406c36844 commit might have been more appropriate in the first place).
But systems with ~1000 CPUs are not rare these days and the worker numbers get
quite large with CPU factor of 8. Spawning more than 2000 workers can't be
healthy on any system, no matter how big.
Indeed the main mistake is the belief that udev is CPU-intensive, and thus the
number of allowed workers has to increase with the number of CPUs. It is not,
at probably has never been. It's I/O bound, and sometimes, bound by resources
such as locks.
This is an argument to:
- scale only weakly with the number of CPUs, and the rationale to switch back
to a scale factor C=2 but with a higher offset number which should affect
systems with a small number of CPUs only. With this patch applied the offset
is increased from O=8 to O=16.
- put an absolute maximum limit to make sure no more than 2048 workers are
spawned no matter how big the system is.
This still provides more workers for the laptop cases (where the number of CPUs
is limited), while avoiding sky-rocketing numbers for big systems.
Note that on most desktop systems, the memory limit will kick in. The following
table collects numbers about children-max. For each scenario, the first column
is the "cpu_limit" limit, and the second number is the minimum amount of memory
for the "cpu_limit" limit to become relevant (with less RAM, memory will limit
the number of children thus "mem_limit" will become the active limit).
| > v240 | < v240 | this patch |
CPUs | C = 8, O = 8 | C = 2, O = 8 | C = 2, O = 16 |
-------------------------------------------------------
1 | 16 2 | 10 1.3 | 18 2 |
2 | 24 3 | 12 1.5 | 20 2 |
4 | 40 5 | 16 2 | 24 3 |
8 | 72 9 | 24 3 | 32 4 |
16 | 136 17 | 40 5 | 48 5 |
64 | 520 65 | 136 17 | 144 18 |
1024 | 8200 1025 | 2056 263 | 2048 256 |
2048 |16392 2049 | 4104 513 | 2048 256 |
This patch is mainly based on Martin Wilck's analyze and comments.
When journalctl is compiled with PCRE2 support, let's return a non-zero
exit code when --grep is used and no match for given pattern is found.
This should allow users to use journalctl --grep in scripts instead of
piping journalctl into grep
Fixes#8152
This patch adds netdev ipvtap that is based on the
IP-VLAN network interface, called ipvtap. An ipvtap device can be created
in the same way as an ipvlan device, using 'kind ipvtap', and then accessed
using the tap user space interface.
Switching to K_UNICODE from other than L_XLATE can make the keyboard
unusable and possibly leak keypresses from X.
BugLink: https://launchpad.net/bugs/1803993
When we read from keyring, a temporary buffer is allocated in order to
determine the size needed for the entire data. However, when zeroing that area,
we use the data size returned by the read instead of the lesser size allocate
for the buffer.
That will cause memory corruption that causes systemd-cryptsetup to crash
either when a single large password is used or when multiple passwords have
already been pushed to the keyring.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
We disabled kernel RA support. Then, we should not send
IFLA_INET6_TOKEN.
Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice.
Follow-up for 0e2fdb83bb and
4eb086a387.
```
May 10 11:08:54 test systemd-networkd[447]: wwan0: Failed to stop LLDP: Success
May 10 11:08:54 test systemd-networkd[447]: wwan0: Gained carrier
May 10 11:08:54 test systemd-networkd[447]: wwan0: Failed to start LLDP: Success
```
An ugly, ugly work-around for #11810. And no, we shouldn't have to do
this. This is something for AMD, the firmware or the kernel to
fix/work-around, not us. But nonetheless, this should do it for now.
Fixes: #11810
We don#t actually use all combinations, but it's kinda nice if we can
output all combinations in a test, and this is preparation so that we
can do so nicely.
three of these colors we never use, so let's drop them. Let's however
add a highlight version of grey, so that at least for all colors we do
define we have all possible styles defined.
Apparently all relevant terminals implement these sequences, including
the Linux kernel, rxvt, xterm, and of course gnome terminal. Hence it
should be OK to use them, and fixate the grey color in a way that maps
to the same color in all terminals.
Ideally we'd stick to the more symbolic colors that allow terminal
emulators to implement color styles, but this apparently doesn#t work,
since rxvt maps grey to something unreadable by default.
Note that this change has negative effects besides the non-themability
of the palette: the midrange grey this uses maps to regular white on the
linux console. However, that's probably not too bad: allowing things to
be unreadable on some terminals is probably worse than showing no color
on some terminals.
Fixes: #12482
The comment in udev-builtin-net_id.c (removed in grandparent commit) showed the
property without the prefix. I assume that was always the intent, because it
doesn't make much sense to concatenate anything to an arbitrary user-specified
field.
I decided to make this a separate man page because it is freakin' long.
This content could equally well go in systemd-udevd.service(8), systemd.link(5),
or a new man page for the net_id builtin.
v2:
- rename to systemd.net-naming-scheme
- add udevadm test-builtin net_id example
The latter is identical to the former, but becomes a NOP if
/var/log/journal is on the same mount as /, and thus during shutdown
unmounting /var is not necessary and hence we can keep logging until the
very end.
This adds a minimal Varlink (https://varlink.org/) implementation to our
tree. Given that we already have a JSON logic it's an easy thing to add.
Why bother?
We currently have major problems with IPC before dbus-daemon is up, and
in all components that dbus-daemon itself makes use of (such as various
NSS modules to resolve users as well as the journal which dbus-daemon
logs to). Because of that we so far ended up creating various (usually
crappy) work-arounds either coming up with secondary IPC systems or
sharing data statelessly in /run or similar. Let's clean this up, and
instead use a clean, well-defined, broker-less IPC for cases like that.
This is a minimal implementation of Varlink, i.e. the most basic logic
only. Stuff that's missing is left out on purpose: there's no
introspection/validation and there's no name service. It might make
sense to add that later, but for now let's only do the minimum buy-in we
can get away with. In particular as I'd assume that at least initially
we only use this IPC for our internal communication avoiding
introspection and the name service should be fine.
Specifically, I'd expect that we add IPC interfaces to the following
concepts with this scheme:
1. nss-resolve (so that hostname lookups with resolved work before
resolved is up)
2. journald (so that IPC calls to journald don't have to go through
dbus-daemon thus creating a cyclic dependency between journald and
dbus-daemon)
3. nss-systemd (so that dynamic user lookups via PID 1 work sanely even
inside of dbus-daemon, because otherwise we'd want to use dbus to run
dbus which causes deadlocks)
4. networkd (to make sure one can talk to it in the initrd already,
long before dbus is around)
And there might be other cases similar to this.
Allow users to set the IPv4 DF bit in outgoing packets, or to inherit its
value from the IPv4 inner header. If the encapsulated protocol is IPv6 and
DF is configured to be inherited, always set it.
When VXLAN destination port is unset and GPE is set
then assign 4790 to destination port. Kernel does the same as
well as iproute.
IANA VXLAN-GPE port is 4790
Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up.
Fixes the following error:
```
dummy-test: Could not bring up interface: Invalid argument
```
After reading the kernel code when we do a link up
```
net/core/rtnetlink.c
IFLA_AF_SPEC
af_ops->set_link_af(dev, af);
inet6_set_link_af
if (tb[IFLA_INET6_ADDR_GEN_MODE])
Here it looks for IFLA_INET6_ADDR_GEN_MODE
```
Since link up we didn't filling up that it's failing.
Closes#12504.
Otherwise, the fuzzers will fail to compile with MSan:
```
../../src/systemd/src/basic/random-util.c:64:40: error: use of undeclared identifier 'sucess'; did you mean 'success'?
msan_unpoison(&success, sizeof(sucess));
^~~~~~
success
../../src/systemd/src/basic/alloc-util.h:169:50: note: expanded from macro 'msan_unpoison'
^
../../src/systemd/src/basic/random-util.c:38:17: note: 'success' declared here
uint8_t success;
^
1 error generated.
[80/545] Compiling C object 'src/basic/a6ba3eb@@basic@sta/process-util.c.o'.
ninja: build stopped: subcommand failed.
Fuzzers build failed
```
These make sense to be explicitly set at 0 (which has a different effect
than the default, since it can affect processing of `DefaultMemoryXXX`).
Without this, it's not easily possible to relinquish memory protection
for a subtree, which is not great.
(before)
$ build/systemctl list-machines
Need to be root.
$ sudo build/systemctl list-machines
NAME STATE FAILED JOBS
krowka (host) running 0 0
rawhide running 0 0
2 machines listed.
(after)
$ build/systemctl list-machines
NAME STATE FAILED JOBS
krowka (host) running 0 0
rawhide n/a 0 0
2 machines listed.
The output for non-root is missing some bits of information, but we display
what information is missing nicely, and e.g. in the case when no machines are
running at all, or only VMs are running, the unprivileged output would be the
same as the privileged one.
The reasoning is the same as in previous cases. We get an error like
"Failed to update EFI variable: Operation not permitted" anyway, so
the check is not very useful.
If we lack permissions, we will fail anyway. But by not doing the artifial
check, we get more information. For example, on my machine, I see
$ build/systemd-bless-boot good
Not booted with boot counting in effect.
while "Need to be root" is actually untrue, because being root doesn't change
the outcome in any way.
Letting the operation fail on the actual error makes it easier to do test runs:
we *know* the command will fail, but we want to see what the first step would
be.
Not doing the articial check makes it also easier to do create alternative
security arrangements, for example where the directories are mounted with
special ownership mode and an otherwise unprivileged user can perform certain
operations.
Checking if we are root on the client side is generally pointless, since the
privileged operation will fail anyway and we can than log what precisly went
wrong.
A check like this makes sense only if:
- we need to do some expensive unprivileged operation before attempting the
privileged operation, and the check allows us avoid wasting resources.
- the privileged operation would fail but in an unclear way.
Neither of those cases applies here.
This fixes calls like 'udevadm control -h' as unprivileged user.
In program output, highlighting warnings with ANSI_HIGHLIGHT is not enough,
because it doesn't stand out enough. Yellow is more appropriate.
I was worried that yellow wouldn't be visible on white background, but (at
least gnome-terminal) uses a fairly dark yellow that is fully legible on white
and light-colored backgrounds. We also used yellow in many places,
e.g. systemctl, so this should be fine.
Note: yellow is unreadable on urxvt with white background (urxvt +rv). But
grey, which we already used, is also unreadable, so urxvt users would have
to disable colors anyway, so this change does not make the problem
intrinsically worse. See
https://github.com/systemd/systemd/issues/12482#issuecomment-490374210.
When emitting the calendarspec warning we want to see some color.
Follow-up for 04220fda5c.
Exceptions:
- systemctl, because it has a lot hand-crafted coloring
- tmpfiles, sysusers, stdio-bridge, etc, because they are also used in
services and I'm not sure if this wouldn't mess up something.
Let's be a bit paranoid and hash the 16 bytes we get from getauxval()
before using them. AFter all they might be used by other stuff too (in
particular ASLR), and we probably shouldn't end up leaking that seed
though our crappy pseudo-random numbers.
The old flag name was a bit of a misnomer, as /dev/urandom cannot be
"drained". Once it's initialized it's initialized and then is good
forever. (Only /dev/random has a concept of 'draining', but we never use
that, as it's an obsolete interface).
The flag is still useful though, since it allows us to suppress accesses
to the random pool while it is not initialized, as that trips up the
kernel and it logs about any such attempts, which we really don't want.
gcc was warning about strncpy() leaving an unterminated string.
In this case, it was correct.
The code was doing strncpy()+strncat()+strlen() essentially to determine
if the strings have expected length. If the length was correct, a buffer
overread was performed (or at least some garbage bytes were used from the
uninitialized part of the buffer). Let's do the length check first and then
only copy stuff if everything agrees.
For some reason the function was called "prepend", when it obviously does
an "append".
Unfortunately the warning must be known, or otherwise the pragma generates a
warning or an error. So let's do a meson check for it.
Is it worth doing this to silence the warning? I think so, because apparently
the warning was already emitted by gcc-8.1, and with the recent push in gcc to
catch more such cases, we'll most likely only get more of those.
It makes more sense to call VXLAN ID as
1. the VXLAN Network Identifier (VNI) (or VXLAN Segment ID)
2. test-network: rename VXLAN Id to VNI
3. fuzzer: Add VXLAN VNI directive to fuzzer
When address is in IPv4, the remaining buffer in in_addr_union may
not be initialized.
Fixes the following valgrind warning:
```
==13169== Conditional jump or move depends on uninitialised value(s)
==13169== at 0x137FF6: UnknownInlinedFun (networkd-ndisc.c:77)
==13169== by 0x137FF6: UnknownInlinedFun (networkd-ndisc.c:580)
==13169== by 0x137FF6: ndisc_handler.lto_priv.83 (networkd-ndisc.c:597)
==13169== by 0x11BE23: UnknownInlinedFun (sd-ndisc.c:201)
==13169== by 0x11BE23: ndisc_recv.lto_priv.174 (sd-ndisc.c:254)
==13169== by 0x4AA18CF: source_dispatch (sd-event.c:2821)
==13169== by 0x4AA1BC2: sd_event_dispatch (sd-event.c:3234)
==13169== by 0x4AA1D88: sd_event_run (sd-event.c:3291)
==13169== by 0x4AA1FAB: sd_event_loop (sd-event.c:3313)
==13169== by 0x117401: UnknownInlinedFun (networkd.c:113)
==13169== by 0x117401: main (networkd.c:120)
==13169== Uninitialised value was created by a stack allocation
==13169== at 0x1753C8: manager_rtnl_process_address (networkd-manager.c:479)
```
The function sd_radv_add_prefix() in dhcp6_pd_prefix_assign() may
return -EEXIST, and in that case the sd_radv_prefix object allocated
in dhcp6_pd_prefix_assign() will be freed when the function returns.
Hence, the key value in Manager::dhcp6_prefixes hashmap is lost.
Because of this the fd is getting closed and we getting errors
like
```
^Ceno1: Could not send rtnetlink message: Bad file descriptor
enp7s0f0: Could not send rtnetlink message: Bad file descriptor
enp7s0f0: Cannot delete unreachable route for DHCPv6 delegated subnet 2a0a:...:fc::/62: Bad file descriptor
Assertion '*_head == _item' failed at ../systemd/src/network/networkd-route.c:126, function route_free(). Aborting.
Aborted
```
Closes one of https://github.com/systemd/systemd/issues/12452
The fact that strncpy does the truncation is the whole point here, and gcc
shouldn't warn about this. We can avoid the warning and simplify the
whole procedure by directly copying the interesting part.
Fixes#12454.
gcc was complaining that the link->ifname argument is NULL. Adding
assert(link->ifname) right before the call has no effect. It seems that
gcc is confused by the fact that log_link_warning_errno() internally
calls log_object(), with link->ifname passed as the object. log_object()
is also a macro and is does a check whether the passed object is NULL.
So we have a check if something is NULL right next an unconditional use
of it where it cannot be NULL. I think it's a bug in gcc.
Anyway, we don't need to use link->ifname here. log_object() already prepends
the object name to the message.
We not stopping the clients when networkd stops. They
should shut down cleanly and then we need to clean the DS.
One of requirements to implement
https://github.com/systemd/systemd/issues/10820.
```
^CBus bus-api-network: changing state RUNNING → CLOSED
DHCP SERVER: UNREF
DHCP SERVER: STOPPED
DHCP CLIENT (0x60943df0): STOPPED
veth-test: DHCP lease lost
veth-test: Removing address 192.168.5.31
NDISC: Stopping IPv6 Router Solicitation client
DHCP CLIENT (0x0): FREE
==24308==
==24308== HEAP SUMMARY:
==24308== in use at exit: 8,192 bytes in 2 blocks
==24308== total heap usage: 4,230 allocs, 4,228 frees, 1,209,732 bytes allocated
==24308==
==24308== LEAK SUMMARY:
==24308== definitely lost: 0 bytes in 0 blocks
==24308== indirectly lost: 0 bytes in 0 blocks
==24308== possibly lost: 0 bytes in 0 blocks
==24308== still reachable: 8,192 bytes in 2 blocks
==24308== suppressed: 0 bytes in 0 blocks
==24308== Rerun with --leak-check=full to see details of leaked memory
==24308==
==24308== For lists of detected and suppressed errors, rerun with: -s
==24308== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==24308== could not unlink /tmp/vgdb-pipe-from-vgdb-to-24308-by-sus-on-Zeus
==24308== could not unlink /tmp/vgdb-pipe-to-vgdb-from-24308-by-sus-on-Zeus
==24308== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-24308-by-sus-on-Zeus
```
Lookup of a non-existing user using getpwnam() is not considered
an error, thus the `errno` is not set appropriately, causing
unexpected fails on systems, where 'nobody' user doesn't exist by
default
When the .automount unit file already existed for any reason in the
`normal-dir` passed to `systemd-fstab-generator`, but the normal .mount unit
file did not, `f` was closed (but _not_ set to NULL). The call to
`generator_open_unit_file(..., automount_name, &f)` then failed because the
.mount unit file already existed. Now `f` did not point to an open FILE and the
later cleanup from the `_cleanup_fclose_` attribute failed with a double free.
Reset `f` to NULL before reusing it.
This is another attempt at d4b604baea and #12438
Instead of blindly using the extra allocated space, let's do so only
after telling libc about it, via a second realloc(). The second
realloc() should be quick, since it never has to copy memory around.