1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00
Commit Graph

25983 Commits

Author SHA1 Message Date
Yu Watanabe
710ce9e537 network: link_check_ready() returns earlier if routes are not configured yet
link_request_set_routes() calls link_check_ready(), so it is not
necessary to continue that here.
2019-05-16 05:53:41 +09:00
Yu Watanabe
05dc2132e0
Merge pull request #12496 from yuwata/network-on-device-default-route
network: add DefaultRouteOnDevice= setting in [Network] section
2019-05-15 22:46:25 +02:00
Balint Reczey
13a43c73d8 Add check to switch VTs only between K_XLATE or K_UNICODE
Switching to K_UNICODE from other than L_XLATE can make the keyboard
unusable and possibly leak keypresses from X.

BugLink: https://launchpad.net/bugs/1803993
2019-05-15 22:28:56 +02:00
Yu Watanabe
80a8a7fb20 analyze: fix help message 2019-05-15 15:09:45 +02:00
Lennart Poettering
73130b0bcf
Merge pull request #12565 from zachsmith/fix-log-message-typos
systemd-sleep: Fix typos in log messages
2019-05-15 10:50:03 +02:00
Thadeu Lima de Souza Cascardo
59c55e73ea ask-password: prevent buffer overrow when reading from keyring
When we read from keyring, a temporary buffer is allocated in order to
determine the size needed for the entire data. However, when zeroing that area,
we use the data size returned by the read instead of the lesser size allocate
for the buffer.

That will cause memory corruption that causes systemd-cryptsetup to crash
either when a single large password is used or when multiple passwords have
already been pushed to the keyring.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
2019-05-15 10:49:46 +02:00
Yu Watanabe
5d5003ab35 network: add DefaultRouteOnDevice= setting in [Network] section
When enabled, then default route bound to the interface will be created.
This is useful when adding routes on point-to-point interfaces.

Closes #788.
2019-05-15 12:44:30 +09:00
Yu Watanabe
807341ec99 network: add missing error check 2019-05-15 12:44:30 +09:00
Susant Sahani
deb2cfa4c6 networkd: do not generate MAC for bridge device.
closes https://github.com/systemd/systemd/issues/12558
2019-05-15 04:03:14 +02:00
Zach Smith
6835d78dfe fix typo in partition device message 2019-05-14 07:08:27 -07:00
Michael Biebl
b62bc66018
Merge pull request #12536 from poettering/rdrand-workaround-on-amd
random-util: eat up bad RDRAND values seen on AMD CPUs
2019-05-14 12:29:41 +02:00
Yu Watanabe
6e114a2475
Merge pull request #12555 from ssahani/route-properties
networkd: route add support to configure fastopen_no_cookie
2019-05-14 09:03:52 +02:00
Susant Sahani
1501b429a9 networkd: DHCP client add support to send RELEASE packet
closes #10820
2019-05-14 09:03:01 +02:00
Zach Smith
45733c9d21 fix typo in wakealarm message 2019-05-13 20:01:36 -07:00
Susant Sahani
67c193bfb0 networkd: route fix coding style 2019-05-14 08:09:54 +05:30
Susant Sahani
633c725865 networkd: route add support to configure fastopen_no_cookie
This patch adds fastopen_no_cookie option to enable/disable TCP fastopen
without a cookie on a per-route basis.
2019-05-14 08:08:36 +05:30
Susant Sahani
bdb397ed10 networkd: bridge FDB support more NTF_* flags
Add support to configure NTF_ROUTER and NTF_USE
2019-05-14 02:24:51 +02:00
Yu Watanabe
d8f31d7d32
Merge pull request #12537 from yuwata/network-link-local-follow-ups
network: do not send ipv6 token to kernel
2019-05-14 02:22:18 +02:00
Susant Sahani
f4679bcb57 sd-netlink: support RTAX_FASTOPEN_NO_COOKIE 2019-05-13 16:44:55 +05:30
Yu Watanabe
bc45457f08
Merge pull request #12516 from yuwata/network-split-link
networkd: split networkd-link.c
2019-05-12 00:51:23 +02:00
Susant Sahani
d70c9bbd6c networkd: Geneve add support for inherit for TTL 2019-05-12 00:39:13 +02:00
Yu Watanabe
9f6e82e6eb network: do not send ipv6 token to kernel
We disabled kernel RA support. Then, we should not send
IFLA_INET6_TOKEN.
Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice.

Follow-up for 0e2fdb83bb and
4eb086a387.
2019-05-12 07:32:00 +09:00
Yu Watanabe
8e2cb51ce0 network: move MulticastRouter to netdev/bridge.[ch] 2019-05-11 06:24:04 +09:00
Yu Watanabe
86e2be7bc3 network: drop unnecessary initializations 2019-05-11 06:24:04 +09:00
Yu Watanabe
4799f19e30 network: move link_set_bond() to netdev/bond.c 2019-05-11 06:24:04 +09:00
Yu Watanabe
9a81f11956 network: move link_set_bridge to netdev/bridge.c 2019-05-11 06:24:04 +09:00
Yu Watanabe
3ddcbeea45 network: move CAN link related functions to networkd-can.c 2019-05-11 06:24:00 +09:00
Yu Watanabe
06d7cee589 network: make BindCarrier= work with CAN devices
If CAN device is set `BindCarrier=` then the interface could not be
down. This fixes the issue.
2019-05-11 06:21:43 +09:00
Yu Watanabe
8e54db83e2 network: make link_drop() can take custom handler
It will be used in the later commit.
2019-05-11 06:15:35 +09:00
Yu Watanabe
7f8539504c network: move sd_lldp related functions to networkd-lldp-rx.c 2019-05-11 06:14:39 +09:00
Susant Sahani
be7468f07a LLDP: Fix logs for LLDP
```
May 10 11:08:54 test systemd-networkd[447]: wwan0: Failed to stop LLDP: Success
May 10 11:08:54 test systemd-networkd[447]: wwan0: Gained carrier
May 10 11:08:54 test systemd-networkd[447]: wwan0: Failed to start LLDP: Success
```
2019-05-11 06:14:39 +09:00
Yu Watanabe
0b20047244 network: move link_lldp_emit_enabled() to networkd-lldp-tx.c 2019-05-11 06:14:39 +09:00
Lennart Poettering
1c53d4a070 random-util: eat up bad RDRAND values seen on AMD CPUs
An ugly, ugly work-around for #11810. And no, we shouldn't have to do
this. This is something for AMD, the firmware or the kernel to
fix/work-around, not us. But nonetheless, this should do it for now.

Fixes: #11810
2019-05-10 15:31:46 -04:00
Lennart Poettering
cb367b1785
Merge pull request #12518 from keszybz/naming-scheme
Document our naming schemes properly
2019-05-10 15:14:59 -04:00
Lennart Poettering
af1060e1ab journalctl: don't output ANSI sequences if disabled 2019-05-10 15:00:55 -04:00
Lennart Poettering
042f472eaa test: add test that shows all colors we define 2019-05-10 15:00:55 -04:00
Lennart Poettering
003aa3e045 terminal-util: add complete set of inline functions for all colors we define
We don#t actually use all combinations, but it's kinda nice if we can
output all combinations in a test, and this is preparation so that we
can do so nicely.
2019-05-10 15:00:55 -04:00
Lennart Poettering
1530bf251a terminal-util: reduce colors we define a bit
three of these colors we never use, so let's drop them. Let's however
add a highlight version of grey, so that at least for all colors we do
define we have all possible styles defined.
2019-05-10 15:00:55 -04:00
Lennart Poettering
bb40c12569 terminal-util: define grey as 256color ANSI sequence
Apparently all relevant terminals implement these sequences, including
the Linux kernel, rxvt, xterm, and of course gnome terminal. Hence it
should be OK to use them, and fixate the grey color in a way that maps
to the same color in all terminals.

Ideally we'd stick to the more symbolic colors that allow terminal
emulators to implement color styles, but this apparently doesn#t work,
since rxvt maps grey to something unreadable by default.

Note that this change has negative effects besides the non-themability
of the palette: the midrange grey this uses maps to regular white on the
linux console. However, that's probably not too bad: allowing things to
be unreadable on some terminals is probably worse than showing no color
on some terminals.

Fixes: #12482
2019-05-10 15:00:55 -04:00
Susant Sahani
f4a8ca329a networkd: VXLAN support keyword 'inherit' for TTL 2019-05-10 20:41:04 +02:00
Yu Watanabe
cd43199671
Merge pull request #12520 from ssahani/geneve
networkd: Geneve add DF feature and allow TTL to bechosen by kernel
2019-05-10 19:47:19 +02:00
Lennart Poettering
1c2a88a2e7
Merge pull request #12526 from keszybz/some-trivial-follow-ups-for-the-varlink-pr
Some trivial follow ups for the varlink PR
2019-05-10 13:29:58 -04:00
Zbigniew Jędrzejewski-Szmek
77740b5993 journalctl: improve error messages
Follow-up for #12230.
2019-05-10 16:55:37 +02:00
Zbigniew Jędrzejewski-Szmek
1d3fe304fd Use sd_event_source_disable_unref() 2019-05-10 16:55:37 +02:00
Zbigniew Jędrzejewski-Szmek
aa7585fd8e sd-event: add sd_event_source_disable_unrefp() too
I do not have any immediate use for it, but let's add it for completeness.
2019-05-10 16:55:37 +02:00
Zbigniew Jędrzejewski-Szmek
afd15bbb4b sd-event: add sd_event_source_disable_unref() helper 2019-05-10 16:55:35 +02:00
Susant Sahani
328184d1fc networkd: Geneve Allow TTL to be zero.
Also verify VNI is set
2019-05-10 22:45:26 +09:00
Susant Sahani
aac350192b networkd: Geneve add support configure IP don't fragment 2019-05-10 22:45:26 +09:00
Susant Sahani
469fd84866 sd-netlink: Add supprt for geneve properties
IFLA_GENEVE_TTL_INHERIT and
IFLA_GENEVE_DF
2019-05-10 22:45:26 +09:00
Yu Watanabe
5af7bc6f4c
Merge pull request #12480 from ssahani/proxy-arp
network: bridge add support to configure proxy ARP/WIFI
2019-05-10 15:30:41 +02:00
Susant Sahani
727b573418 networkd: Add support for blacklisting servers
closes #6260

fuzzer: Add DHCP support for blacklisting servers
2019-05-10 15:29:55 +02:00
Zbigniew Jędrzejewski-Szmek
8c053c83ae udev: drop "en" prefix from ID_NET_NAME_ONBOARD
The comment in udev-builtin-net_id.c (removed in grandparent commit) showed the
property without the prefix. I assume that was always the intent, because it
doesn't make much sense to concatenate anything to an arbitrary user-specified
field.
2019-05-10 10:24:28 +02:00
Zbigniew Jędrzejewski-Szmek
4c27f691a5 udev: fix various comments
In particular: "re-renaming" was just a copy-paste error.
2019-05-10 10:24:28 +02:00
Zbigniew Jędrzejewski-Szmek
0b1e5b6ed8 man: describe naming schemes in a new man page
I decided to make this a separate man page because it is freakin' long.
This content could equally well go in systemd-udevd.service(8), systemd.link(5),
or a new man page for the net_id builtin.

v2:
- rename to systemd.net-naming-scheme
- add udevadm test-builtin net_id example
2019-05-10 10:24:03 +02:00
Zbigniew Jędrzejewski-Szmek
e36ddc67ac test-alloc-util: add "test" that cleanup functions are done in expected order 2019-05-10 09:46:55 +02:00
Zbigniew Jędrzejewski-Szmek
53ab531954
Merge pull request #12230 from poettering/varlink-minimal
add simple varlink implementation + allow to move journald logging back from /var to /run
2019-05-10 09:40:49 +02:00
Susant Sahani
8185ca6c0a networkd: Log error if LLDP fails to start/stop
Now LLDP does not log anything why it failed which
is hard to debug. Let's just add some logs.

https://github.com/systemd/systemd/issues/10881
2019-05-10 00:01:01 +02:00
Lennart Poettering
c0dfcb318c journalctl: add new --relinquish and --smart-relinquish options
The latter is identical to the former, but becomes a NOP if
/var/log/journal is on the same mount as /, and thus during shutdown
unmounting /var is not necessary and hence we can keep logging until the
very end.
2019-05-09 14:26:42 -04:00
Lennart Poettering
b4e26d1d8e journald: add API to move logging from /var to /run again
We now have this nice little Varlink API, let's beef it up a bit.
2019-05-09 14:26:42 -04:00
Lennart Poettering
4f413af2a0 journalctl: port --flush/--sync/--rotate to use varlink method calls 2019-05-09 14:26:40 -04:00
Lennart Poettering
1ec23479e1 journald: also offer flush/rotate/sync as varlink method calls
This makes the operations previously available via asynchronous signals
also available as regular varlink method calls, i.e. with sane
completion.
2019-05-09 14:14:20 -04:00
Lennart Poettering
d768467563 fuzzer: add varlink fuzzer 2019-05-09 14:14:20 -04:00
Lennart Poettering
635d059fa5 tests: add varlink test 2019-05-09 14:14:20 -04:00
Lennart Poettering
d41bd96f54 shared: add minimal varlink implementation
This adds a minimal Varlink (https://varlink.org/) implementation to our
tree. Given that we already have a JSON logic it's an easy thing to add.

Why bother?

We currently have major problems with IPC before dbus-daemon is up, and
in all components that dbus-daemon itself makes use of (such as various
NSS modules to resolve users as well as the journal which dbus-daemon
logs to). Because of that we so far ended up creating various (usually
crappy) work-arounds either coming up with secondary IPC systems or
sharing data statelessly in /run or similar. Let's clean this up, and
instead use a clean, well-defined, broker-less IPC for cases like that.

This is a minimal implementation of Varlink, i.e. the most basic logic
only. Stuff that's missing is left out on purpose: there's no
introspection/validation and there's no name service. It might make
sense to add that later, but for now let's only do the minimum buy-in we
can get away with. In particular as I'd assume that at least initially
we only use this IPC for our internal communication avoiding
introspection and the name service should be fine.

Specifically, I'd expect that we add IPC interfaces to the following
concepts with this scheme:

1. nss-resolve (so that hostname lookups with resolved work before
   resolved is up)
2. journald (so that IPC calls to journald don't have to go through
   dbus-daemon thus creating a cyclic dependency between journald and
   dbus-daemon)
3. nss-systemd (so that dynamic user lookups via PID 1 work sanely even
   inside of dbus-daemon, because otherwise we'd want to use dbus to run
   dbus which causes deadlocks)
4. networkd (to make sure one can talk to it in the initrd already,
   long before dbus is around)

And there might be other cases similar to this.
2019-05-09 14:14:20 -04:00
Susant Sahani
0fadb2a46f network: add support to configure proxy ARP/WIFI 2019-05-09 15:03:04 +09:00
Susant Sahani
1189c00a3c networkd: VXLAN add support to configure IP Don't fragment.
Allow users to set the IPv4 DF bit in outgoing packets, or to inherit its
value from the IPv4 inner header. If the encapsulated protocol is IPv6 and
DF is configured to be inherited, always set it.
2019-05-09 06:40:33 +02:00
Susant Sahani
2a36d4006d sd-netlink: Add VXLAN netlink properties
Add IFLA_VXLAN_DF and IFLA_VXLAN_TTL_INHERIT
2019-05-09 06:40:33 +02:00
Susant Sahani
1c8b0eccc7 networkd: Assign VXLAN destination port to when GPE is set
When VXLAN destination port is unset and GPE is set
then assign 4790 to destination port. Kernel does the same as
well as iproute.

IANA VXLAN-GPE port is 4790
2019-05-09 06:40:33 +02:00
Susant Sahani
4eb086a387 networkd: fix link_up() (#12505)
Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up.

Fixes the following error:
```
dummy-test: Could not bring up interface: Invalid argument
```

After reading the kernel code when we do a link up
```
net/core/rtnetlink.c
IFLA_AF_SPEC
 af_ops->set_link_af(dev, af);
  inet6_set_link_af
   if (tb[IFLA_INET6_ADDR_GEN_MODE])
             Here it looks for IFLA_INET6_ADDR_GEN_MODE
```
Since link up we didn't filling up that it's failing.

Closes #12504.
2019-05-09 04:05:35 +02:00
Yu Watanabe
9aa5d8ba84 network: include glibc headers before including kernel headers 2019-05-09 03:21:31 +02:00
Yu Watanabe
d03f390ef2 network: drop arpa/inet.h from networkd-manager.h 2019-05-09 02:33:33 +02:00
Yu Watanabe
fa67272288 sd-netlink: include glibc headers earlier to resolve conflict with kernel headers
Then, hopefully libc-compat.h make everything fine.
2019-05-09 02:29:32 +02:00
Yu Watanabe
004aadcacd network: replace inet_pton() with in_addr_from_string() 2019-05-09 01:44:31 +02:00
Yu Watanabe
57e447078d network: replace inet_ntop() with in_addr_to_string() 2019-05-09 01:44:31 +02:00
Susant Sahani
1087623bac networkd: Add support to configure proxy ARP and proxy ARP Wifi 2019-05-09 01:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
180f1e3359
Merge pull request #12445 from cdown/dmm_docs
cgroup: Some memory protection fixes
2019-05-08 18:09:45 +02:00
Lennart Poettering
e95be7def2
Merge pull request #12411 from keszybz/pr/12394
run: when emitting the calendarspec warning, use red
2019-05-08 10:11:32 -04:00
Lennart Poettering
fd5e11f0bd
Merge pull request #12509 from poettering/table-fixlets
two trivial fixes to table formatting code
2019-05-08 10:10:55 -04:00
Evgeny Vereshchagin
7f2cdceaed util-lib: fix a typo in rdrand
Otherwise, the fuzzers will fail to compile with MSan:
```
../../src/systemd/src/basic/random-util.c:64:40: error: use of undeclared identifier 'sucess'; did you mean 'success'?
        msan_unpoison(&success, sizeof(sucess));
                                       ^~~~~~
                                       success
../../src/systemd/src/basic/alloc-util.h:169:50: note: expanded from macro 'msan_unpoison'
                                                 ^
../../src/systemd/src/basic/random-util.c:38:17: note: 'success' declared here
        uint8_t success;
                ^
1 error generated.
[80/545] Compiling C object 'src/basic/a6ba3eb@@basic@sta/process-util.c.o'.
ninja: build stopped: subcommand failed.
Fuzzers build failed
```
2019-05-08 16:10:06 +02:00
Chris Down
465ace74d9 cgroup: Test that it's possible to set memory protection to 0 again
The previous commit fixes this up, and this should prevent it
regressing.
2019-05-08 12:06:32 +01:00
Chris Down
22bf131be2 cgroup: Support 0-value for memory protection directives
These make sense to be explicitly set at 0 (which has a different effect
than the default, since it can affect processing of `DefaultMemoryXXX`).

Without this, it's not easily possible to relinquish memory protection
for a subtree, which is not great.
2019-05-08 12:06:32 +01:00
Chris Down
7e7223b3d5 cgroup: Readd some plumbing for DefaultMemoryMin
Somehow these got lost in the previous PR, rendering DefaultMemoryMin
not very useful.
2019-05-08 12:06:32 +01:00
Lennart Poettering
fd0a16d8a5
Merge pull request #11887 from evverx/fuzzbuzz
tests: hook up fuzz targets to FuzzBuzz
2019-05-08 12:40:03 +02:00
Lennart Poettering
e82e549fb2 tree-wide: make use of the new WRITE_STRING_FILE_MKDIR_0755 flag 2019-05-08 06:36:20 -04:00
Lennart Poettering
22e596d6d5 tree-wide: voidify a few calls 2019-05-08 06:36:20 -04:00
Lennart Poettering
50ccd86453 fileio: add new WRITE_STRING_FILE_MKDIR_0755 flag for mkdir'ing parent 2019-05-08 06:36:20 -04:00
Lennart Poettering
324d9acab7 machinectl/loginctl: show json output if requested even if zero entries 2019-05-08 06:33:36 -04:00
Lennart Poettering
a1c7a1f057 format-table: correct prototype 2019-05-08 06:33:36 -04:00
Zbigniew Jędrzejewski-Szmek
d1c377da0d
Merge pull request #12489 from ssahani/vxlan
networkd: VXLAN rename Id to VNI
2019-05-08 12:02:54 +02:00
Zbigniew Jędrzejewski-Szmek
ad3b2109c3
Merge pull request #12507 from poettering/random-fixlets
three minor fixes to random-util.c
2019-05-08 12:02:02 +02:00
Zbigniew Jędrzejewski-Szmek
4bea24696a systemctl: show a hint if root privileges might yield more information 2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
62bf89d7d2 shared/verbs: drop now-unused VERB_MUST_BE_ROOT 2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
a004cb75c0 systemctl: drop one must_be_root_check()
(before)
$ build/systemctl list-machines
Need to be root.
$ sudo build/systemctl list-machines
NAME          STATE   FAILED JOBS
krowka (host) running      0    0
rawhide       running      0    0

2 machines listed.

(after)
$ build/systemctl list-machines
NAME          STATE   FAILED JOBS
krowka (host) running      0    0
rawhide       n/a          0    0

2 machines listed.

The output for non-root is missing some bits of information, but we display
what information is missing nicely, and e.g. in the case when no machines are
running at all, or only VMs are running, the unprivileged output would be the
same as the privileged one.
2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
7c3ce8b5a9 bootctl: drop must_be_root() checks
The reasoning is the same as in previous cases. We get an error like
"Failed to update EFI variable: Operation not permitted" anyway, so
the check is not very useful.
2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
ded3a40301 bless-boot: drop must_be_root() checks
If we lack permissions, we will fail anyway. But by not doing the artifial
check, we get more information. For example, on my machine, I see
$ build/systemd-bless-boot good
Not booted with boot counting in effect.

while "Need to be root" is actually untrue, because being root doesn't change
the outcome in any way.

Letting the operation fail on the actual error makes it easier to do test runs:
we *know* the command will fail, but we want to see what the first step would
be.

Not doing the articial check makes it also easier to do create alternative
security arrangements, for example where the directories are mounted with
special ownership mode and an otherwise unprivileged user can perform certain
operations.
2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
569ad251ad udevadm: drop pointless must_be_root() checks
Checking if we are root on the client side is generally pointless, since the
privileged operation will fail anyway and we can than log what precisly went
wrong.

A check like this makes sense only if:
- we need to do some expensive unprivileged operation before attempting the
  privileged operation, and the check allows us avoid wasting resources.
- the privileged operation would fail but in an unclear way.

Neither of those cases applies here.

This fixes calls like 'udevadm control -h' as unprivileged user.
2019-05-08 11:51:51 +02:00
Zbigniew Jędrzejewski-Szmek
0d0464d39d journalctl,shared/log: use yellow for warnings
In program output, highlighting warnings with ANSI_HIGHLIGHT is not enough,
because it doesn't stand out enough. Yellow is more appropriate.

I was worried that yellow wouldn't be visible on white background, but (at
least gnome-terminal) uses a fairly dark yellow that is fully legible on white
and light-colored backgrounds. We also used yellow in many places,
e.g. systemctl, so this should be fine.

Note: yellow is unreadable on urxvt with white background (urxvt +rv). But
grey, which we already used, is also unreadable, so urxvt users would have
to disable colors anyway, so this change does not make the problem
intrinsically worse. See
https://github.com/systemd/systemd/issues/12482#issuecomment-490374210.
2019-05-08 09:50:38 +02:00
Zbigniew Jędrzejewski-Szmek
1a04395959 Enable log colors for most of tools in /usr/bin
When emitting the calendarspec warning we want to see some color.
Follow-up for 04220fda5c.

Exceptions:
- systemctl, because it has a lot hand-crafted coloring
- tmpfiles, sysusers, stdio-bridge, etc, because they are also used in
  services and I'm not sure if this wouldn't mess up something.
2019-05-08 09:50:21 +02:00
Zbigniew Jędrzejewski-Szmek
37b8d2f699 basic/log: use colors to highlight messages like journalctl 2019-05-08 09:45:38 +02:00
Susant Sahani
61b824c561 networkd: bridge fdb add support to configure VXLAN VNI 2019-05-08 03:43:43 +02:00
Susant Sahani
8c32c5884d networkd: VXLAN use correct type for VNI 2019-05-08 06:52:54 +05:30
Susant Sahani
4cc0fd7531 networkd: VXLAN add support to configure Generic Protocol Extension
See https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe-07
2019-05-08 06:52:42 +05:30
Lennart Poettering
b2adc2ae3a
Merge pull request #12501 from keszybz/silence-strncpy-warnings
Silence strncpy warnings
2019-05-08 01:39:32 +02:00
Lennart Poettering
328f850e36 random-util: rename "err" to "success"
After all rdrand returns 1 on success, and 0 on failure, hence let's
name this accordingly.
2019-05-07 18:51:26 -04:00
Evgeny Vereshchagin
87ac55a129 tests: hook up fuzz targets to FuzzBuzz 2019-05-07 21:39:01 +00:00
Lennart Poettering
80eb560a5b random-util: hash AT_RANDOM getauxval() value before using it
Let's be a bit paranoid and hash the 16 bytes we get from getauxval()
before using them. AFter all they might be used by other stuff too (in
particular ASLR), and we probably shouldn't end up leaking that seed
though our crappy pseudo-random numbers.
2019-05-07 17:31:20 -04:00
Lennart Poettering
cc28145d51 random-util: use gcc's bit_RDRND definition if it exists 2019-05-07 17:31:20 -04:00
Lennart Poettering
1a0ffa1e73 random-util: rename RANDOM_DONT_DRAIN → RANDOM_MAY_FAIL
The old flag name was a bit of a misnomer, as /dev/urandom cannot be
"drained". Once it's initialized it's initialized and then is good
forever. (Only /dev/random has a concept of 'draining', but we never use
that, as it's an obsolete interface).

The flag is still useful though, since it allows us to suppress accesses
to the random pool while it is not initialized, as that trips up the
kernel and it logs about any such attempts, which we really don't want.
2019-05-07 17:30:40 -04:00
Zbigniew Jędrzejewski-Szmek
099c77fd5f scsi_serial: replace some crazy strncpy() calls by strnlen()
gcc was warning about strncpy() leaving an unterminated string.
In this case, it was correct.

The code was doing strncpy()+strncat()+strlen() essentially to determine
if the strings have expected length. If the length was correct, a buffer
overread was performed (or at least some garbage bytes were used from the
uninitialized part of the buffer). Let's do the length check first and then
only copy stuff if everything agrees.

For some reason the function was called "prepend", when it obviously does
an "append".
2019-05-07 21:06:44 +02:00
Zbigniew Jędrzejewski-Szmek
6695c200bd shared/utmp-wtmp: silence gcc warning about strncpy truncation
Unfortunately the warning must be known, or otherwise the pragma generates a
warning or an error. So let's do a meson check for it.

Is it worth doing this to silence the warning? I think so, because apparently
the warning was already emitted by gcc-8.1, and with the recent push in gcc to
catch more such cases, we'll most likely only get more of those.
2019-05-07 21:05:26 +02:00
Susant Sahani
76fbd4d73d networkd: VXLan TTL must be <= 255
Ignore when TTL > 255
2019-05-07 20:34:45 +02:00
Susant Sahani
83cb24ac20 networkd: VXLan Make group and remote variable separate
VXLAN Document Group=
2019-05-07 20:34:27 +02:00
Zbigniew Jędrzejewski-Szmek
717e8eda77
Merge pull request #12475 from yuwata/network-fix-12452
network: add network_ref/_unref() and make Link object take a reference of Network object
2019-05-07 20:03:22 +02:00
Zbigniew Jędrzejewski-Szmek
9175aabfb6
Merge pull request #12481 from ssahani/dhcp-max-retry
networkd: Allow DHCP4 client to set the number to attempt to configure/reconfigure
2019-05-07 19:58:40 +02:00
Susant Sahani
6f213e4a34 networkd: VXLAN rename Id to VNI
It makes more sense to call VXLAN ID as

1. the VXLAN Network Identifier (VNI) (or VXLAN Segment ID)
2. test-network: rename VXLAN Id to VNI
3. fuzzer: Add VXLAN VNI directive to fuzzer
2019-05-07 20:52:11 +05:30
Yu Watanabe
aa5f4c7773 network: add error cause in the log 2019-05-07 17:12:09 +02:00
Susant Sahani
715cedfbf0 networkd: Allow DHCP4 client to set the number to attempt to reconfigure.
Otherwise current value is 6 and after 6 it will give up.
2019-05-07 17:12:04 +02:00
Yu Watanabe
67a4683364 network: use IN_ADDR_NULL and ETHER_ADDR_NULL
The change in manager_rtnl_process_address() may not be necessary,
but for safety, let's initialize the value.
2019-05-07 16:55:19 +02:00
Yu Watanabe
ce2ea782c2 network: fix conditional jump depends on uninitialised value(s)
When address is in IPv4, the remaining buffer in in_addr_union may
not be initialized.

Fixes the following valgrind warning:
```
==13169== Conditional jump or move depends on uninitialised value(s)
==13169==    at 0x137FF6: UnknownInlinedFun (networkd-ndisc.c:77)
==13169==    by 0x137FF6: UnknownInlinedFun (networkd-ndisc.c:580)
==13169==    by 0x137FF6: ndisc_handler.lto_priv.83 (networkd-ndisc.c:597)
==13169==    by 0x11BE23: UnknownInlinedFun (sd-ndisc.c:201)
==13169==    by 0x11BE23: ndisc_recv.lto_priv.174 (sd-ndisc.c:254)
==13169==    by 0x4AA18CF: source_dispatch (sd-event.c:2821)
==13169==    by 0x4AA1BC2: sd_event_dispatch (sd-event.c:3234)
==13169==    by 0x4AA1D88: sd_event_run (sd-event.c:3291)
==13169==    by 0x4AA1FAB: sd_event_loop (sd-event.c:3313)
==13169==    by 0x117401: UnknownInlinedFun (networkd.c:113)
==13169==    by 0x117401: main (networkd.c:120)
==13169==  Uninitialised value was created by a stack allocation
==13169==    at 0x1753C8: manager_rtnl_process_address (networkd-manager.c:479)
```
2019-05-07 16:55:19 +02:00
Yu Watanabe
62bbbedf73 sd-radv: fix memleak
Fixes one memleak found in #12452.
2019-05-07 16:55:19 +02:00
Yu Watanabe
2c448c8a17 network: fix use-after-free
The function sd_radv_add_prefix() in dhcp6_pd_prefix_assign() may
return -EEXIST, and in that case the sd_radv_prefix object allocated
in dhcp6_pd_prefix_assign() will be freed when the function returns.
Hence, the key value in Manager::dhcp6_prefixes hashmap is lost.
2019-05-07 16:55:19 +02:00
Yu Watanabe
ca7c792b83 network: fix memleak and double free
Fixes the third issue in #12452.
2019-05-07 16:55:19 +02:00
Yu Watanabe
f535e35417 network: simplify link_free() 2019-05-07 16:55:19 +02:00
Yu Watanabe
715d398e61 network: drop list fields in Network object 2019-05-07 16:55:19 +02:00
Susant Sahani
d4df632674 networkd: manager do not unef netlink and gennetlink early
Because of this the fd is getting closed and we getting errors
like
```
^Ceno1: Could not send rtnetlink message: Bad file descriptor
enp7s0f0: Could not send rtnetlink message: Bad file descriptor
enp7s0f0: Cannot delete unreachable route for DHCPv6 delegated subnet 2a0a:...:fc::/62: Bad file descriptor
Assertion '*_head == _item' failed at ../systemd/src/network/networkd-route.c:126, function route_free(). Aborting.
Aborted
```

Closes one of https://github.com/systemd/systemd/issues/12452
2019-05-07 16:55:19 +02:00
Yu Watanabe
c9c908a60d network: make Link objects take references of Network objects 2019-05-07 16:55:19 +02:00
Yu Watanabe
35ac3b7664 network: introduce reference counter for Network object 2019-05-07 16:55:19 +02:00
Zbigniew Jędrzejewski-Szmek
881a62debb scsi_serial: replace &foo[n] by foo+n 2019-05-07 15:07:43 +02:00
Zbigniew Jędrzejewski-Szmek
f1d553e9df shared/utmp-wtmp: avoid gcc warning about strncpy truncation
The fact that strncpy does the truncation is the whole point here, and gcc
shouldn't warn about this. We can avoid the warning and simplify the
whole procedure by directly copying the interesting part.
2019-05-07 14:15:46 +02:00
Zbigniew Jędrzejewski-Szmek
c98b354500 network: remove redunant link name in message
Fixes #12454.

gcc was complaining that the link->ifname argument is NULL. Adding
assert(link->ifname) right before the call has no effect. It seems that
gcc is confused by the fact that log_link_warning_errno() internally
calls log_object(), with link->ifname passed as the object. log_object()
is also a macro and is does a check whether the passed object is NULL.
So we have a check if something is NULL right next an unconditional use
of it where it cannot be NULL. I think it's a bug in gcc.

Anyway, we don't need to use link->ifname here. log_object() already prepends
the object name to the message.
2019-05-07 13:46:55 +02:00
Yu Watanabe
b30160ff7f
Merge pull request #12478 from yuwata/wireguard-fwmark
network: rename WireGuard.FwMark -> FirewallMark
2019-05-07 05:16:34 +02:00
Yu Watanabe
11793fcd63 sd-dhcp: store number of trial in sd_dhcp_client::attempt
Calling 2^n as attempt is misleading.
2019-05-07 04:08:33 +02:00
Zbigniew Jędrzejewski-Szmek
3759c0bdd3
Merge pull request #12440 from poettering/realloc-again
another shot at the malloc_usable_size() thing
2019-05-06 17:17:22 +02:00
Mike Gilbert
5797a12223 basic/mountpoint-util: whitelist 'exfat' in fstype_can_uid_gid 2019-05-06 16:43:22 +02:00
Susant Sahani
946f8e14d5 networkd: stop clients when networkd shuts down (#12463)
We not stopping the clients when networkd stops. They
should shut down cleanly and then we need to clean the DS.

One of requirements to implement
https://github.com/systemd/systemd/issues/10820.

```
^CBus bus-api-network: changing state RUNNING → CLOSED
DHCP SERVER: UNREF
DHCP SERVER: STOPPED
DHCP CLIENT (0x60943df0): STOPPED
veth-test: DHCP lease lost
veth-test: Removing address 192.168.5.31
NDISC: Stopping IPv6 Router Solicitation client
DHCP CLIENT (0x0): FREE
==24308==
==24308== HEAP SUMMARY:
==24308==     in use at exit: 8,192 bytes in 2 blocks
==24308==   total heap usage: 4,230 allocs, 4,228 frees, 1,209,732 bytes allocated
==24308==
==24308== LEAK SUMMARY:
==24308==    definitely lost: 0 bytes in 0 blocks
==24308==    indirectly lost: 0 bytes in 0 blocks
==24308==      possibly lost: 0 bytes in 0 blocks
==24308==    still reachable: 8,192 bytes in 2 blocks
==24308==         suppressed: 0 bytes in 0 blocks
==24308== Rerun with --leak-check=full to see details of leaked memory
==24308==
==24308== For lists of detected and suppressed errors, rerun with: -s
==24308== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==24308== could not unlink /tmp/vgdb-pipe-from-vgdb-to-24308-by-sus-on-Zeus
==24308== could not unlink /tmp/vgdb-pipe-to-vgdb-from-24308-by-sus-on-Zeus
==24308== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-24308-by-sus-on-Zeus

```
2019-05-06 16:06:50 +02:00
Frantisek Sumsal
6ab668337e test: return a non-zero return code when 'nobody' user doesn't exist
Lookup of a non-existing user using getpwnam() is not considered
an error, thus the `errno` is not set appropriately, causing
unexpected fails on systems, where 'nobody' user doesn't exist by
default
2019-05-06 15:13:07 +02:00
Yu Watanabe
1c30b174ed network: rename WireGuard.FwMark -> FirewallMark
For the consistency with FirewallMark= in [RoutingPolicyRule] section.
2019-05-04 17:20:23 +02:00
Yu Watanabe
810ae0dc95 network: warn about Network.IPv4LL= is deprecated 2019-05-04 16:46:02 +02:00
Yu Watanabe
29e81083bd network: disable fallback IPv4ll address assignment when DHCPv4 is disabled 2019-05-04 16:46:02 +02:00
Yu Watanabe
e800fd24a1 network: use DEFINE_STRING_TABLE_LOOKUP() macro for AddressFamilyBoolean 2019-05-04 16:46:02 +02:00
Yu Watanabe
6c0c041a8e network: make link_check_ready() handle LinkLocalAddressing=fallback 2019-05-04 16:46:02 +02:00
Yu Watanabe
552081a499 network: rewrite condition about DHCP in link_check_ready() 2019-05-04 16:46:02 +02:00
Susant Sahani
8bc17bb3f7 networkd: Option to use LinkLocalAddressing only when DHCP fails
When LinkLocalAddressing=fallback or LinkLocalAddressing=ipv4-fallback
then IPv4LL will be started only when DHCP fails.

Closes #9648.
2019-05-04 16:45:57 +02:00
Chris Down
6450ee3f8c
Merge pull request #12466 from yuwata/network-fix-issue-12452
network: fix assertion when link get carrier
2019-05-03 23:01:28 -04:00
Chris Down
b6adba159c
Merge pull request #12441 from ssahani/bridge-fdb
networkd: add support for bridge fdb destination address.
2019-05-03 09:50:47 -04:00
Wieland Hoffmann
8a7033ac2f fstab-generator: Prevent double free of reused FILE*
When the .automount unit file already existed for any reason in the
`normal-dir` passed to `systemd-fstab-generator`, but the normal .mount unit
file did not, `f` was closed (but _not_ set to NULL). The call to
`generator_open_unit_file(..., automount_name, &f)` then failed because the
.mount unit file already existed. Now `f` did not point to an open FILE and the
later cleanup from the `_cleanup_fclose_` attribute failed with a double free.
Reset `f` to NULL before reusing it.
2019-05-03 13:22:36 +02:00
Susant Sahani
c2c2793f39 networkd: Add support to configure destination address for bridge FDB
Closes #5145.

Example conf:
```
[Match]
Name=vxlan1309

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.2

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.4

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.5
```
2019-05-03 06:11:52 +02:00
Yu Watanabe
b9ea3d2e47 network: fix assertion when link get carrier
This fixes a bug introduced by bd08ce5615.
When link is in LINK_STATE_INITIALIZED, `Link::network` may not be
set yet.

Fixes #12452.
2019-05-03 01:14:36 +02:00
Lennart Poettering
4136447576 test-alloc-util: let's test a few more things around GREEDY_REALLOC() 2019-05-02 14:53:40 +02:00
Lennart Poettering
e59054270c alloc-util: reintroduce malloc_usable_size() into greedy_realloc()
This is another attempt at d4b604baea and #12438

Instead of blindly using the extra allocated space, let's do so only
after telling libc about it, via a second realloc(). The second
realloc() should be quick, since it never has to copy memory around.
2019-05-02 14:53:40 +02:00
Zbigniew Jędrzejewski-Szmek
64538af89b udev/cdrom_id: drop unneeded parentheses 2019-05-01 11:46:42 +02:00
Lennart Poettering
adb7b782f8
Merge pull request #12218 from keszybz/use-libmount-more
Use libmount more
2019-04-30 19:44:17 +02:00
Franck Bui
9f3f596477 meson: make source files including nspawn-settings.h depend on libseccomp
Since nspawn-settings.h includes seccomp.h, any file that includes
nspawn-settings.h should depend on libseccomp so the correct header path where
seccomp.h lives is added to the header search paths.

It's especially important for distros such as openSUSE where seccomp.h is not
shipped in /usr/include but /usr/include/libseccomp.

This patch is similar to 8238423095.
2019-04-30 19:31:22 +02:00
Yu Watanabe
8b803ad634 udev: drop unnecessary brackets
Follow-up for ed0cb34682.
2019-04-30 19:10:35 +02:00
Lennart Poettering
0892f3f999
Merge pull request #12420 from mrc0mmand/coccinelle-tweaks
Coccinelle improvements
2019-04-30 11:37:19 +02:00
Lennart Poettering
043d453c40 tests: add test for umask-util.h 2019-04-30 09:53:09 +02:00
Lennart Poettering
650c7a2e8b umask-util: simplify RUN_WITH_UMASK()
Why have a struct to store the iteration bit if we actually have plenty
place in mode_t?
2019-04-30 09:52:35 +02:00
Frantisek Sumsal
ed0cb34682 tree-wide: code improvements suggested by Coccinelle 2019-04-30 09:39:07 +02:00
Susant Sahani
f143c650a3 netword: fdb fix coding style 2019-04-30 13:06:10 +05:30
Lennart Poettering
a9f55d0e7e tmpfiles: be more careful when adjusting chmod() + chown()
chown() might drop the suid/sgid bit from files. hence let's chmod()
after chown().

But also, let's tighten the transition a bit: before issuing chown()
let's set the file mask to the minimum of the old and new access
bitmask, so that at no point in time additional privs are available on
the file with a non-matching ownership.

Fixes: #12354
2019-04-30 09:18:23 +02:00
Lennart Poettering
8b364a3823 tmpfiles: split out ~ mode handling into a helper function
No change of behaviour, just some minor refactoring.
2019-04-30 09:18:23 +02:00
Zbigniew Jędrzejewski-Szmek
cb9ff7532b
Merge pull request #12434 from poettering/rm-rf-children-take-ptr
minor rm_rf_children() modernizations
2019-04-30 08:23:13 +02:00
Aaron Barany
fcc72fd0f1 alloc-util: don't use malloc_usable_size() to determine allocated size
This reverts commit d4b604baea.

When realloc() is called, the extra memory between the originally
requested size and the end of malloc_usable_size() isn't copied. (at
least with the version of glibc that currently ships on Arch Linux)
As a result, some elements get lost and use uninitialized memory, most
commonly 0, and can lead to crashes.

fixes #12384
2019-04-30 08:20:59 +02:00
Lennart Poettering
3862043310 firstboot: port to make_salt()
Also, let's use crypt_r() over crypt(). Not because we actually use
threads, but because it's safer and more future proof in general.
2019-04-29 20:26:38 +02:00
Lennart Poettering
f2c5edbe5a user-util: add generic make_salt() API 2019-04-29 20:26:38 +02:00
Lennart Poettering
987719d37d
Merge pull request #12414 from keszybz/detect-podman
Detect podman as separate container type
2019-04-29 19:07:24 +02:00
Susant Sahani
b5799eeb07 networkd: Add back static routes after DHCPv4 lease expires.
1. When the DHCPv4 lease expires kernel removes the route. So add it back
when we gain lease again.

Closes https://github.com/systemd/systemd/issues/12426

2. When UseRoutes=false do not remove router
2019-04-29 18:13:31 +02:00
Ben Boeckel
5238e95759 codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
Lennart Poettering
50b6eec154 rm-rf: simplify rm_rf_children() a bit by using _cleanup_close_ 2019-04-29 16:21:01 +02:00
Lennart Poettering
c0ba6b9286 switch-root: modernize rm_rf_children() invocation a bit 2019-04-29 16:17:29 +02:00
Zbigniew Jędrzejewski-Szmek
90fb1f0938 basic/virt: treat "podman" as separate container type
We would detect podman as container-other. Let's assign a name to it.
Inspired by https://github.com/containers/libpod/issues/2996.
2019-04-29 15:36:26 +02:00
Zbigniew Jędrzejewski-Szmek
342bed0208 basic/virt: try the /proc/1/sched hack also for PID1
If a container manager does not set $container, we could end up
in a strange situation when detect-virt returns container-other when
run as non-pid-1 and none when run as pid-1.
2019-04-29 15:36:26 +02:00
Yu Watanabe
51aba17b88 network: drop invalid assertion
The link may not have corresponding .network file.
Note that in that case, link_ipv4ll_enabled() and link_dhcp4_enabled()
returns false. So, it is safe to drop the assertion.

Fixes #12422.
2019-04-28 19:54:50 +02:00
Frantisek Sumsal
55033662f9 tree-wide: drop !! casts to booleans
Done by coccinelle/bool-cast.cocci
2019-04-28 14:32:19 +02:00
Frantisek Sumsal
4e361acc06 tree-wide: replace explicit NULL checks with their shorter variants
Done by coccinelle/equals-null.cocci
2019-04-28 14:28:49 +02:00
Lennart Poettering
d8974757c4
Merge pull request #12407 from keszybz/two-unrelated-cleanups
Two unrelated cleanups
2019-04-26 23:43:27 +02:00
Ben Boeckel
8f8dfb9552 nspawn-expose-ports: fix a typo in error message 2019-04-26 23:42:55 +02:00
Zbigniew Jędrzejewski-Szmek
e608bf6f7f run: reword a comment
Use unicode m-dash and remove the part about discoverability, since it's just a
warning on the terminal.
2019-04-26 12:11:04 +02:00
Yu Watanabe
aeafd03a2b resolve: use bridge or bonding interfaces in degraded-carrier state
Fixes #12285.
2019-04-26 10:00:06 +02:00
Franck Bui
83a32ea7b0 sd-bus: bump message queue size again
Simliarly to issue #4068, the current limit turns out to be too small for a
big storage setup that uses many small disks. Let's bump it further.
2019-04-26 09:59:02 +02:00
Franck Bui
5406c36844 udevd: notify when max number value of children is reached only once per batch of events
When booting with "udev.log-priority=debug" for example, the output might be
spammed with messages like this:

    systemd-udevd[23545]: maximum number (248) of children reached
    systemd-udevd[23545]: maximum number (248) of children reached
    systemd-udevd[23545]: maximum number (248) of children reached
    systemd-udevd[23545]: maximum number (248) of children reached
    systemd-udevd[23545]: maximum number (248) of children reached
    systemd-udevd[23545]: maximum number (248) of children reached
    systemd-udevd[23545]: maximum number (248) of children reached

While the message itself is useful, printing it per batch of events should be
enough.
2019-04-26 09:58:12 +02:00
Zbigniew Jędrzejewski-Szmek
a6d04b1a17
Merge pull request #12394 from poettering/oncalendar-tweak
systemd-run --on-calendar= follow-up
2019-04-26 08:48:28 +02:00
Lennart Poettering
85318688cc chown-recursive: also check mode before we bypass 2019-04-26 08:31:08 +02:00
Lennart Poettering
cbb3092ce6 json: let's not accept embedded NUL bytes when allocating JSON strings
Let's add an additional paranoia check, and not accept embedded NUL
bytes in strings, just in case.
2019-04-26 08:24:41 +02:00
Lennart Poettering
b2bdf6e456 json: make log message more focussed 2019-04-26 08:22:22 +02:00
Lennart Poettering
04220fda5c run: when we determine a timer cannot elapse anymore, really just warn, nothing else
When we determine that a calendar expression cannot elapse anymore,
print a warning but proceed regardless like we normally would.

Quite possibly a remote system has a different understanding of time
(timezone, system clock) than we have, hence we really shouldn't change
behaviour here client side, but log at best, and then leave the decision
what to do to the server side.

Follow-up for #12299
2019-04-25 13:40:01 +02:00
Lennart Poettering
9bb656bd0c calendarspec: make return time value of calendar_spec_next_usec() optional
If noone is interested, there's no reason to return it.

(Also document the ENOENT error code in a comment)
2019-04-25 13:21:54 +02:00
Zbigniew Jędrzejewski-Szmek
c5b7ae0edb
Merge pull request #12074 from poettering/io-acct
expose IO stats on the bus and in "systemctl status" and "systemd-run --wait"
2019-04-25 11:59:37 +02:00
Frantisek Sumsal
10434dbdfd run: check if the specified calendar event is not in the past
Check if calendar event specification passed by --on-calendar runs in
some time in the future. If not, execute the given command immediately
2019-04-25 11:27:40 +02:00
Zbigniew Jędrzejewski-Szmek
4232cf049f network: drop "return 1" when the return value is ignored by all callers
The reader is tricked into thinking that this has some meaning...
2019-04-25 11:13:39 +02:00
Zbigniew Jędrzejewski-Szmek
c5322608a5 core: adjust unit_get_ancestor_memory_{low,min}() to work with units which don't have a CGroupContext
Coverity doesn't like the fact that unit_get_cgroup_context() returns NULL for
unit types that don't have a CGroupContext. We don't expect to call those
functions with such unit types, so this isn't an immediate problem, but we can
make things more robust by handling this case.

CID #1400683, #1400684.
2019-04-25 11:13:02 +02:00
Zbigniew Jędrzejewski-Szmek
b6411f716c
Merge pull request #12332 from cdown/default_min
cgroup: Add support for propagation of memory.min
2019-04-25 11:06:45 +02:00
Zbigniew Jędrzejewski-Szmek
e87c1a458a
Merge pull request #12382 from yuwata/wireguard-12377
network: fix ListenPort= in [WireGuard] section
2019-04-25 10:55:53 +02:00
Zbigniew Jędrzejewski-Szmek
688fc38537
Merge pull request #12316 from yuwata/network-prevent-multiple-initialization-12315
network: prevent interfaces to be initialized multiple times
2019-04-25 10:54:28 +02:00
Yu Watanabe
5f707e1280 network: fix ref/unref logic for Link object
- bridge or bonding master takes a reference of slave links.
- drop link from bridge or bonding master's slave list when slave link
  is removed.
- change type of Link::slaves to Set*,

Fixes #12315.
2019-04-25 10:47:17 +02:00
Yu Watanabe
bd08ce5615 network: prevent interfaces to be initialized multiple times
When a uevent is received during the relevant interface is in
LINK_STATE_PENDING, then the interface may be initialized twice.
To prevent that, this introduces LINK_STATE_INITIALIZED.
2019-04-25 10:44:46 +02:00
Yu Watanabe
84ea567eb4 udev,network: warn when .link or .network file has no [Match] section
Closes #12098.
2019-04-25 08:41:10 +02:00
Yu Watanabe
a62b7bb79e network: fix ListenPort= in [WireGuard] section
This fixes a bug introduced by f1368a333e.

Fixes #12377.
2019-04-25 02:43:03 +02:00
Balint Reczey
bb5ac84d79 Move verify_vc_kbmode() to terminal-util.c as vt_verify_kbmode() 2019-04-24 18:01:40 +02:00
Lennart Poettering
aba5472979
Merge pull request #12351 from keszybz/sd-bus-add-symbol
Add symbol to tell the linker that new libsystemd version is needed
2019-04-24 10:23:10 +02:00
Jan Klötzke
99b43caf26 core: immediately trigger watchdog action on WATCHDOG=trigger
A service might be able to detect errors by itself that may require the
system to take the same action as if the service locked up. Add a
WATCHDOG=trigger state change notification to sd_notify() to let the
service manager know about the self-detected misery and instantly
trigger the configured watchdog behaviour.
2019-04-24 10:17:10 +02:00
Zbigniew Jędrzejewski-Szmek
2f2d81d957 shared/mount-util: make sure utab is ignored in umount_recursive()
See https://github.com/systemd/systemd/pull/12218#pullrequestreview-226029985.
2019-04-23 23:52:15 +02:00
Zbigniew Jędrzejewski-Szmek
e2857b3d87 Add helper function for mnt_table_parse_{stream,mtab}
This wraps a few common steps. It is defined as inline function instead of in a
.c file to avoid having a .c file. With a .c file, we would have three choices:
- either link it into libshared, but then then libshared would have to be
  linked to libmount.
- or compile the .c file into each target separately. This has the disdvantage
  that configuration of every target has to be updated and stuff will be compiled
  multiple times anyway, which is not too different from keeping this in the
  header file.
- or create a new convenience library just for this. This also has the disadvantage
  that the every target would have to be updated, and a separate library for a
  10 line function seems overkill.

By keeping everything in a header file, we compile this a few times, but
otherwise it's the least painful option. The compiler can optimize most of the
function away, because it knows if 'source' is set or not.
2019-04-23 23:29:29 +02:00
Zbigniew Jędrzejewski-Szmek
7d991d4818 mount-tool: use libmount to parse /proc/self/mountinfo
Same motivation as in other places: let's use a single logic to parse this.

Use path_equal() to compare the path.

A bug in error handling is fixed: if we failed after the GREEDY_REALLOC but
before the line that sets the last item to NULL, we would jump to
_cleanup_strv_free_ with the strv unterminated. Let's use GREEDY_REALLOC0
to avoid the issue.
2019-04-23 23:29:29 +02:00
Zbigniew Jędrzejewski-Szmek
13dcfe4661 shared/mount-util: convert to libmount
It seems better to use just a single parsing algorithm for /proc/self/mountinfo.

Also, unify the naming of variables in all places that use mnt_table_next_fs().
It makes it easier to compare the different call sites.
2019-04-23 23:29:29 +02:00
Zbigniew Jędrzejewski-Szmek
155dc16168 meson: do not use f-strings
Our travis CI still uses python3.5. I'm making this into a separate
commit to make it easy to revert later.
2019-04-23 22:59:19 +02:00
Zbigniew Jędrzejewski-Szmek
bf135d288d sd-bus: when running user find function don't trust the value to be initialized
The find function is externally provided, and we shouldn't trust that the
authors remember to set the output parameter in all cases.
2019-04-23 22:58:39 +02:00
Zbigniew Jędrzejewski-Szmek
d5c8d8233c busctl: add introspect --xml-interface
This wraps the call to org.freedesktop.DBus.Introspectable.Introspect.
Using "busctl call" directly is inconvenient because busctl escapes the
string before printing.

Example:
$ busctl introspect --xml org.freedesktop.systemd1 /org/freedesktop/systemd1 | pygmentize -lxml | less -RF
2019-04-23 22:58:29 +02:00
Zbigniew Jędrzejewski-Szmek
d603324b4b test-bus-{vtable,introspect}: share data and test introspect_path()
test-bus-introspect is also applied to the tables from test-bus-vtable.c.

test-bus-vtable.c is also used as C++ sources to produce test-bus-vtable-cc,
and our hashmap headers are not C++ compatible. So let's do the introspection
part only in the C version.
2019-04-23 22:58:26 +02:00
Zbigniew Jędrzejewski-Szmek
67962036f6 basic/socket-util: put a limit on the loop to flush connections
Follow-up for #12346.
2019-04-23 15:24:56 +02:00
Zbigniew Jędrzejewski-Szmek
644cb4cc7a basic/socket-util: fix typo and reword comment
Comment bike-shedding might be the ultimate form of procrastination, but
I can't stop myself. :)
2019-04-23 15:11:08 +02:00
Zbigniew Jędrzejewski-Szmek
f5f899ef04
Merge pull request #12346 from poettering/accept-flush
socket-util: make sure accept_flush() doesn't hang on EOPNOTSUPP
2019-04-23 15:03:29 +02:00
Jiri Pirko
eaa9d507d8 udev: net_id: introduce predictable names for netdevsim
In order to properly and predictably name netdevsim netdevices,
introduce a separate implementation, as the netdevices reside on a
specific netdevsim bus. Note that this applies only to netdevsim devices
created using sysfs, because those expose phys_port_name attribute.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
2019-04-23 14:01:00 +02:00
Zbigniew Jędrzejewski-Szmek
dff9e25a76 sd-bus: split introspection into the content creation and reply creation parts
Just moving code around, in preparation to allow the content creation
part to be used in other places.

On the surface of things, introspect_path() should be in bus-introspect.c, but
introspect_path() uses many static helper functions in bus-objects.c, so moving
it would require all of them to be exposed, which is too much trouble.

test-bus-introspect is updated to actually write the closing bracket.
2019-04-23 12:23:15 +02:00
Zbigniew Jędrzejewski-Szmek
2abda6d1e4 sd-bus: use _cleanup_ for struct introspect 2019-04-23 12:23:15 +02:00
Zbigniew Jędrzejewski-Szmek
2caef9fba4 sd-bus: allow vtable format structure to grow in the future
We would check the size of sd_bus_vtable entries, requring one of the two known
sizes. But we should be able to extend the structure in the future, by adding
new fields, without breaking backwards compatiblity.

Incidentally, this check was what caused -EINVAL failures before, when programs
were compiled with systemd-242 and run with older libsystemd.
2019-04-23 12:23:15 +02:00
Zbigniew Jędrzejewski-Szmek
8dd8a286d1 sd-bus: add symbol to tell linker that new vtable functions are used
In 856ad2a86b sd_bus_add_object_vtable() and
sd_bus_add_fallback_vtable() were changed to take an updated sd_bus_vtable[]
array with additional 'features' and 'names' fields in the union.

The commit tried to check whether the old or the new table format is used, by
looking at the vtable[0].x.start.element_size field, on the assumption that the
added fields caused the structure size to grow. Unfortunately, this assumption
was false, and on arm32 (at least), the structure size is unchanged.

In libsystemd we use symbol versioning and a major.minor.patch semantic
versioning of the library name (major equals the number in the so-name).  When
systemd-242 was released, the minor number was (correctly) bumped, but this is
not enough, because no new symbols were added or symbol versions changed. This
means that programs compiled with the new systemd headers and library could be
successfully linked to older versions of the library. For example rpm only
looks at the so-name and the list of versioned symbols, completely ignoring the
major.minor numbers in the library name. But the older library does not
understand the new vtable format, and would return -EINVAL after failing the
size check (on those architectures where the structure size did change, i.e.
all 64 bit architectures).

To force new libsystemd (with the functions that take the updated
sd_bus_vtable[] format) to be used, let's pull in a dummy symbol from the table
definition. This is a bit wasteful, because a dummy pointer has to be stored,
but the effect is negligible. In particular, the pointer doesn't even change
the size of the structure because if fits in an unused area in the union.

The number stored in the new unsigned integer is not checked anywhere. If the
symbol exists, we already know we have the new version of the library, so an
additional check would not tell us anything.

An alternative would be to make sd_bus_add_{object,fallback}_vtable() versioned
symbols, using .symver linker annotations. We would provide
sd_bus_add_{object,fallback}_vtable@LIBSYSTEMD_221 (for backwards
compatibility) and e.g. sd_bus_add_{object,fallback}_vtable@@LIBSYSTEMD_242
(the default) with the new implementation. This would work too, but is more
work. We would have to version at least those two functions. And it turns out
that the .symver linker instructions have to located in the same compilation
unit as the function being annotated. We first compile libsystemd.a, and then
link it into libsystemd.so and various other targets, including
libsystemd-shared.so, and the nss modules. If the .symver annotations were
placed next to the function definitions (in bus-object.c), they would influence
all targets that link libsystemd.a, and cause problems, because those functions
should not be exported there. To export them only in libsystemd.so, compilation
would have to be rearranged, so that the functions exported in libsystemd.so
would not be present in libsystemd.a, but a separate compilation unit containg
them and the .symver annotations would be linked solely into libsystemd.so.
This is certainly possible, but more work than the approach in this patch.

856ad2a86b has one more issue: it relies on the
undefined fields in sd_bus_vtable[] array to be zeros. But the structure
contains a union, and fields of the union do not have to be zero-initalized by
the compiler. This means that potentially, we could have garbarge values there,
for example when reading the old vtable format definition from the new function
implementation. In practice this should not be an issue at all, because vtable
definitions are static data and are placed in the ro-data section, which is
fully initalized, so we know that those undefined areas will be zero. Things
would be different if somebody defined the vtable array on the heap or on the
stack. Let's just document that they should zero-intialize the unused areas
in this case.

The symbol checking code had to be updated because otherwise gcc warns about a
cast from unsigned to a pointer.
2019-04-23 12:23:12 +02:00
Chris Down
6610200d29
Merge pull request #12336 from anitazha/disablecontroller
core: support DisableControllers= for transient units
2019-04-23 10:42:37 +02:00
Anita Zhang
25cc30c4c8 core: support DisableControllers= for transient units 2019-04-22 11:52:08 -07:00
Lennart Poettering
6cdc62aa97 udev: whitespace fix 2019-04-18 15:18:12 +02:00
Lennart Poettering
5b116c37e1 test: add test for flush_accept()
Fixes: #12335
2019-04-18 15:18:12 +02:00
Lennart Poettering
f3d75364fb socket-util: make sure flush_accept() doesn't hang on unexpected EOPNOTSUPP
So apparently there are two reasons why accept() can return EOPNOTSUPP:
because the socket is not a listening stream socket (or similar), or
because the incoming TCP connection for some reason wasn't acceptable to
the host. THe latter should be a transient error, as suggested on
accept(2). The former however should be considered fatal for
flush_accept(). Let's fix this by explicitly checking whether the socket
is a listening socket beforehand.
2019-04-18 15:18:12 +02:00
Yu Watanabe
0beb9542e9 network: logs link state change 2019-04-17 19:41:50 +09:00
Yu Watanabe
528fcf8d1d bootspec: fix build when EFI support is disabled
Follow-up for ce4c4f8108.
2019-04-17 11:20:04 +02:00
Chris Down
7ad5439e06 unit: Add DefaultMemoryMin 2019-04-16 18:45:04 +01:00
Chris Down
6264b85e92 cgroup: Create UNIT_DEFINE_ANCESTOR_MEMORY_LOOKUP
This is in preparation for creating unit_get_ancestor_memory_min.
2019-04-16 18:39:51 +01:00
Yu Watanabe
ac9b17271f linux: import if_ether.h from kernel-5.0
kernel-4.15's if_ether.h has a bug that the header does not provide
'struct ethhdr'. The bug is introduced by
6926e041a8920c8ec27e4e155efa760aa01551fd (4.15-rc8)
and fixed by da360299b6734135a5f66d7db458dcc7801c826a (4.16-rc3).

This makes systemd built with kernel-4.15 headers.

Fixes #12319.
2019-04-16 10:27:01 +02:00
Lennart Poettering
4d48eabf37
Merge pull request #12305 from yuwata/import-more-headers-from-kernel-5-0
linux: import more headers from kernel-5.0
2019-04-15 11:33:06 +02:00
Lennart Poettering
929b02b5b8
Merge pull request #12301 from keszybz/silence-alignment-warning
Silence alignment warning
2019-04-15 11:21:15 +02:00
Lennart Poettering
a4009bee4a
Merge pull request #12311 from yuwata/timeout_abort_set-change-bool
core: several follow-ups for timeout PR #11211
2019-04-15 11:14:18 +02:00
Florian Dollinger
5a1ee07302 Check for final assignments in RUN keys (#12309)
As described in #12291
2019-04-15 15:59:36 +09:00
Benjamin Robin
c424bed180 basic/fileio: Fix memory leak if READ_FULL_FILE_SECURE flag is used
The memory leak introduced in #12223 (15f8f02)
2019-04-15 13:54:19 +09:00
Yu Watanabe
dcab85be18 core: do not show TimeoutStopSec= in dump message if it is not set 2019-04-14 20:47:13 +09:00
Yu Watanabe
9c79f0e0a0 core: add assertion in two inline functions 2019-04-14 20:46:24 +09:00
Yu Watanabe
3bf0cb65f5 core: use BUS_DEFINE_PROPERTY_GET() macro at more places 2019-04-14 20:45:31 +09:00
Yu Watanabe
54c1a6ab8c core: change type of Service::timeout_abort_set to bool
Follow-up for dc653bf487 (#11211).
2019-04-14 20:13:47 +09:00
Yu Watanabe
aa81290495 linux: also import l2tp.h from kernel-5.0
The L2TP_ATTR_UDP_ZERO_CSUM6_{TX,RX} attributes are introduced by
6b649feafe10b293f4bd5a74aca95faf625ae525, which is included in
kernel-3.16. To support older kernel, let's import the header.

Fixes #12300.
2019-04-13 22:51:05 +09:00
Yu Watanabe
7057b6144f linux: also import linux/in.h and in6.h from kernel-5.0
Now linux/in.h has better conflict detection with glibc's
netinet/in.h. So, let's import the headers.

Note that our code already have many workarounds for the conflict,
but in this commit does not drop them. Let's do that in the later
commits if this really helps.
2019-04-13 22:44:21 +09:00
Yu Watanabe
76566792e3 linux: move netdevice.h from shared/linux to basic/linux
As the header linux/if_arp.h includes linux/netdevice.h.
2019-04-13 22:43:59 +09:00
Yu Watanabe
d90a044f49
Merge pull request #12288 from yuwata/resolve-bond-rafactoring
resolve,network: tiny cleanups
2019-04-13 22:43:21 +09:00
Dominick Grift
8f1ed04ad6 nspawn: Fix volatile SELinux label
nspawn should associate the specified nspawn container apifs object label instead of the nspawn container process label with the volatile tmpfs
2019-04-13 12:03:02 +02:00
Zbigniew Jędrzejewski-Szmek
b48ccda84f sd-netlink: align table 2019-04-13 11:57:42 +02:00
Zbigniew Jędrzejewski-Szmek
e61614099f network: avoid warning about unaligned pointers
With gcc-9.0.1-0.10.fc30.x86_64:
../src/network/netdev/macsec.c: In function ‘config_parse_macsec_port’:
../src/network/netdev/macsec.c:584:24: warning: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Waddress-of-packed-member]
  584 |                 dest = &c->sci.port;
      |                        ^~~~~~~~~~~~
../src/network/netdev/macsec.c:592:24: warning: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Waddress-of-packed-member]
  592 |                 dest = &b->sci.port;
      |                        ^~~~~~~~~~~~

(The alignment was probably OK, but it's nicer to avoid the warning anyway.)
2019-04-13 11:55:04 +02:00
Yu Watanabe
eeda619a1e
Merge pull request #12290 from poettering/json-foreach-love
some small JSON foreach macro love
2019-04-13 18:19:38 +09:00
Yu Watanabe
c12e138f21
Merge pull request #12293 from poettering/tiny-journal-modernizations
four simple journal modernizations
2019-04-13 18:19:15 +09:00
Yu Watanabe
3e8afae5b5 network: re-indent conf parser and wrap long lines in bond.c 2019-04-13 17:52:00 +09:00
Yu Watanabe
674c96fc44 network: use OrderedSet for bond ARP ip targets 2019-04-13 17:52:00 +09:00
Yu Watanabe
45f735815e ordered-set: add missing ordered_set_size() 2019-04-13 17:52:00 +09:00
Yu Watanabe
1e2a490e91 network: drop allocation for Bond::ad_actor_system 2019-04-13 17:51:59 +09:00
Yu Watanabe
f200093337 network: drop bond_mode_to_kernel() and bond_xmit_hash_policy_to_kernel() 2019-04-13 17:51:59 +09:00
Yu Watanabe
ae695a9eda arp-util: use net/ethernet.h instead of netinet/if_ether.h
The header net/ethernet.h is used at all other places where
'struct ether_addr' is required.
2019-04-13 17:51:59 +09:00
Yu Watanabe
603192b2e8 resolve: use log_link_*() macro 2019-04-13 17:51:59 +09:00
Yu Watanabe
6ff79f7640 resolve: rename Link.name -> Link.ifname
This also changes the type from char[IF_NAMESIZE] to char*.
By changing the type, now resolved-link.h can drop the dependency to
the header net/if.h.
2019-04-13 17:51:59 +09:00
Jan Klötzke
dc653bf487 service: handle abort stops with dedicated timeout
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.

This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.

If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
2019-04-12 17:32:52 +02:00
Sebastian Jennen
1ace223ca7 code style format: clang-format applied to src/a*/*
[zj: this is a subset of changes generated by clang-format, just the ones
  I think improve readability or consistency.]

This is a part of https://github.com/systemd/systemd/pull/11811.
2019-04-12 17:26:33 +02:00
Chris Down
c52db42b78 cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow
In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).

This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow
value.

Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).

Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.

After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.
2019-04-12 17:23:58 +02:00
Lennart Poettering
7a5de3f951 systemctl: show IO stats in 'status' output 2019-04-12 14:25:44 +02:00
Lennart Poettering
826f7cb15b run: show IO stats in --wait resource output 2019-04-12 14:25:44 +02:00
Lennart Poettering
bc40a20ebe core: include IO data in per-unit resource log msg 2019-04-12 14:25:44 +02:00
Lennart Poettering
fbe14fc9a7 croup: expose IO accounting data per unit
This was the last kind of accounting still not exposed on for each unit.
Let's fix that.

Note that this is a relatively simplistic approach: we don't expose
per-device stats, but sum them all up, much like cgtop does. This kind
of metric is probably the most interesting for most usecases, and covers
the "systemctl status" output best. If we want per-device stats one day
we can of course always add that eventually.
2019-04-12 14:25:44 +02:00
Lennart Poettering
83f18c91d0 core: use string_table_lookup() at more places 2019-04-12 14:25:44 +02:00
Lennart Poettering
9b2559a13e core: add new call unit_reset_accounting()
It's a simple wrapper for resetting both IP and CPU accounting in one
go.

This will become particularly useful when we also needs this to reset IO
accounting (to be added in a later commit).
2019-04-12 14:25:44 +02:00
Lennart Poettering
cc6625212f core: no need to initialize ip_accounting twice 2019-04-12 14:25:44 +02:00
Lennart Poettering
0bbff7d638 cgroup: get rid of a local variable 2019-04-12 14:25:44 +02:00
Lennart Poettering
e3d36a8da3 journald: modernize config_parse_compress() a bit 2019-04-12 14:23:12 +02:00
Lennart Poettering
337fabf749 journald: rebreak a few comments 2019-04-12 14:23:12 +02:00
Lennart Poettering
e3d78cb160 journald: no need to check ptr for non-NULL before _unref(), as function does that anyway 2019-04-12 14:23:12 +02:00
Lennart Poettering
e4d9c98512 journald: use structure initialization 2019-04-12 14:23:08 +02:00
Lennart Poettering
b51629ad84
Merge pull request #12222 from yuwata/macsec
network: introduce MACsec
2019-04-12 13:59:30 +02:00
Lennart Poettering
3661dc349e
Merge pull request #12217 from keszybz/unlocked-operations
Refactor how we do unlocked file operations
2019-04-12 13:51:53 +02:00
Lennart Poettering
1b266e3c6f json: be more careful when iterating through a JSON object/array
Let's exit the loop early in case the variant is not actually an object
or array. This is safer since otherwise we might end up iterating
through these variants and access fields that aren't of the type we
expect them to be and then bad things happen.

Of course, this doesn't absolve uses of these macros to check the type
of the variant explicitly beforehand, but it makes it less bad if they
forget to do so.
2019-04-12 13:11:11 +02:00
Lennart Poettering
33d60b8d57 json: simplify JSON_VARIANT_OBJECT_FOREACH() macro a bit
There's no point in returning the "key" within each loop iteration as
JsonVariant object. Let's simplify things and return it as string. That
simplifies usage (since the caller doesn't have to convert the object to
the string anymore) and is safe since we already validate that keys are
strings when an object JsonVariant is allocated.
2019-04-12 13:11:11 +02:00
Zbigniew Jędrzejewski-Szmek
673a1e6fb9 Add fmemopen_unlocked() and use unlocked ops in fuzzers and some other tests
This might make things marginially faster. I didn't benchmark though.
2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek
2fe21124a6 Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek
b636d78aee core/smack-setup: add helper function for openat+fdopen
Unlocked operations are used in all three places. I don't see why just one was
special.

This also improves logging, since we don't just log the final component of the
path, but the full name.
2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek
02e23d1a1a Add fdopen_unlocked() wrapper 2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek
41f6e627d7 Make fopen_temporary and fopen_temporary_label unlocked
This is partially a refactoring, but also makes many more places use
unlocked operations implicitly, i.e. all users of fopen_temporary().
AFAICT, the uses are always for short-lived files which are not shared
externally, and are just used within the same context. Locking is not
necessary.
2019-04-12 11:44:56 +02:00
Zbigniew Jędrzejewski-Szmek
fdeea3f4f1 Add fopen_unlocked() wrapper 2019-04-12 11:44:52 +02:00
Lennart Poettering
25f31130f3
Merge pull request #12221 from keszybz/test-cleanups
Script indentation cleanups
2019-04-12 11:02:54 +02:00
Lennart Poettering
d34f7bd247
Merge pull request #12287 from keszybz/patches-for-coverity-warnings
Patches for coverity warnings
2019-04-12 10:56:53 +02:00
Anita Zhang
7bc5e0b12b seccomp: check more error codes from seccomp_load()
We noticed in our tests that occasionally SystemCallFilter= would
fail to set and the service would run with no syscall filtering.
Most of the time the same tests would apply the filter and fail
the service as expected. While it's not totally clear why this happens,
we noticed seccomp_load() in the systemd code base would fail open for
all errors except EPERM and EACCES.

ENOMEM, EINVAL, and EFAULT seem like reasonable values to add to the
error set based on what I gather from libseccomp code and man pages:

-ENOMEM: out of memory, failed to allocate space for a libseccomp structure, or would exceed a defined constant
-EINVAL: kernel isn't configured to support the operations, args are invalid (to seccomp_load(), seccomp(), or prctl())
-EFAULT: addresses passed as args are invalid
2019-04-12 10:23:07 +02:00
Zbigniew Jędrzejewski-Szmek
17e4b07088 core: vodify one more call to mkdir
CID #1400460.
2019-04-12 09:05:02 +02:00
Zbigniew Jędrzejewski-Szmek
04193fb2ae test-exec-util: do not call setenv with NULL arg
The comment explains that $PATH might not be set in certain circumstances and
takes steps to handle this case. If we do that, let's assume that $PATH indeed
might be unset and not call setenv("PATH", NULL, 1). It is not clear from the
man page if that is allowed.

CID #1400497.
2019-04-12 09:05:02 +02:00
Zbigniew Jędrzejewski-Szmek
1890c53892 test-env-util: allow $PATH to be unset
Coverity was unhappy, because it doesn't know that $PATH is pretty much always
set. But let's not assume that in the test. CID #1400496.

$ (unset PATH; build/test-env-util)
[1]    31658 segmentation fault (core dumped)  ( unset PATH; build/test-env-util; )
2019-04-12 09:05:02 +02:00
Zbigniew Jędrzejewski-Szmek
cc5549ca12 scripts: use 4 space indentation
We had all kinds of indentation: 2 sp, 3 sp, 4 sp, 8 sp, and mixed.
4 sp was the most common, in particular the majority of scripts under test/
used that. Let's standarize on 4 sp, because many commandlines are long and
there's a lot of nesting, and with 8sp indentation less stuff fits. 4 sp
also seems to be the default indentation, so this will make it less likely
that people will mess up if they don't load the editor config. (I think people
often use vi, and vi has no support to load project-wide configuration
automatically. We distribute a .vimrc file, but it is not loaded by default,
and even the instructions in it seem to discourage its use for security
reasons.)

Also remove the few vim config lines that were left. We should either have them
on all files, or none.

Also remove some strange stuff like '#!/bin/env bash', yikes.
2019-04-12 08:30:31 +02:00
Yu Watanabe
e57319dd54 network: re-indent gperf files 2019-04-12 10:12:42 +09:00
Yu Watanabe
70c5754761 network: warn when private key is stored in world readable files 2019-04-12 10:12:42 +09:00
Yu Watanabe
b0e13c3122 network: add MACsecTransmitAssociation.UseForEncoding= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
a7b9c52f1f network: add MACsec*Association.Activate= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
eb4705fb36 network: add MACsec*Association.KeyFile= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
e482018672 network: explicitly clear security key for macsec 2019-04-12 10:12:42 +09:00
Yu Watanabe
e0fde24c97 network: support multiple security associations for macsec channels 2019-04-12 10:12:42 +09:00
Susant Sahani
81962db798 network: Introduce MACsec
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.

Closes #5754
2019-04-12 10:12:41 +09:00
Yu Watanabe
45cae4abfb linux: import if_macsec.h from kernel-5.0
MACsec is introduced since kernel-4.6. Let's support order kernels.
2019-04-12 10:12:30 +09:00
Yu Watanabe
89aaf65586 fileio: add READ_FULL_FILE_UNHEX flag
Similar to READ_FULL_FILE_UNBASE64, read data is decoded with
unhexmem().
2019-04-12 10:10:24 +09:00
Yu Watanabe
7088befb17 util: extend unhexmem() to accept secure flag
When the flag is set, buffer is cleared on failure.
This is a continuation of 2432d09c7a.
2019-04-12 10:10:24 +09:00
Lennart Poettering
03abeb0baf
Merge pull request #12267 from keszybz/udev-settle-warning
Udev settle warning
2019-04-11 19:01:03 +02:00
Yu Watanabe
01234e1fe7 tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0 2019-04-11 19:00:37 +02:00
Lennart Poettering
aa46c28418
Merge pull request #12153 from benjarobin/killall-show-not-killed
shutdown/killall: Show in the console the processes not yet killed
2019-04-11 18:58:43 +02:00
Lennart Poettering
54f802ff8a
Merge pull request #12037 from poettering/oom-state
add cgroupv2 oom killer event handling to service management
2019-04-11 18:57:47 +02:00
Lennart Poettering
3b21fd06ed
Merge pull request #12219 from keszybz/bootctl-check-entries
bootctl: check entries when showing them
2019-04-11 18:57:18 +02:00
Jonathan Lebon
30fdb8962a fstab-generator: use DefaultDependencies=no for /sysroot mounts
Otherwise we can end up with an ordering cycle. Since d54bab90, all
local mounts now gain a default `Before=local-fs.target` dependency.
This doesn't make sense for `/sysroot` mounts in the initrd though,
since those happen later in the boot process.

Closes: #12231
2019-04-11 17:04:24 +02:00
Lennart Poettering
574ef404d8
Merge pull request #12279 from keszybz/sd-bus-long-signatures
sd-bus: properly handle messages with overlong signatures
2019-04-11 17:03:57 +02:00
Zbigniew Jędrzejewski-Szmek
fb270a26b2 sd-bus: add define for the maximum name length
Less magic numbers in the code…
2019-04-11 14:07:22 +02:00
Zbigniew Jędrzejewski-Szmek
cfcc0059bf sd-bus: add define for the maximum signature length
Less magic numbers in the code…
2019-04-11 14:02:59 +02:00
Zbigniew Jędrzejewski-Szmek
f0ae945ecc bus-message: validate signature in gvariant messages
We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.
2019-04-11 14:01:38 +02:00
Lennart Poettering
8baaf650ef nss-resolve: list more errors as cause for fallback
If dbus-daemon kicks us from the bus or hangs, we should fallback too.

Fixes: #12203
2019-04-11 11:13:11 +02:00
Lennart Poettering
547fde4759 nss-resolve: simplify condition
Of course, if the error is NXDOMAIN then it's not one of the errors
listed for fallback, hence don't bother...
2019-04-11 11:13:11 +02:00
Lennart Poettering
2b0c1bfd8d nss-mymachines: return NO_RECOVERY instead of NO_DATA when we fail to do D-Bus and similar
This makes more semantical sense and is what we do in nss-resolve in a
similar case, hence let's remove the differences here.
2019-04-11 11:13:10 +02:00
Lennart Poettering
e09e7ac3c4 nss-myhostname: unify code that handles NOT_FOUND case
Just some minor rework to make this more like nss-resolve.
2019-04-11 11:13:10 +02:00
Lennart Poettering
a62fc245d0 nss-resolve: resue a jump target
We can reuse "fail" here, since it does the same thing.
2019-04-11 11:13:10 +02:00
Lennart Poettering
c7c468c92a nss-resolve: return error properly 2019-04-11 11:13:10 +02:00
Lennart Poettering
954cba660d nss-resolve: drop unnecessary variable
We assign the same value to "ret" always, let's just return the value
literally.
2019-04-11 11:13:10 +02:00
Lennart Poettering
4ff9bc2ea6 tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call 2019-04-10 22:11:18 +02:00
Lennart Poettering
fb0302ddbc errno-util: add new ERRNO_IS_ACCEPT_AGAIN() test
This is modelled after the existing ERRNO_IS_RESOURCES() and in
particular ERRNO_IS_DISCONNECT(). It returns true for all transient
network errors that should be handled like EAGAIN whenever we call
accept() or accept4(). This is per documentation in the accept(2) man
page that explicitly says to do so in the its "RETURN VALUE" section.

The error list we cover is a bit more comprehensive, and based on
existing code of ours. For example EINTR is included too (since we need
that to cover cases where we call accept()/accept4() on a blocking
socket), and of course ERRNO_IS_DISCONNECT() is a bit more comprehensive
than the list in the man page too.
2019-04-10 20:03:38 +02:00
Lennart Poettering
7f00010601 errno-util: rework ERRNO_IS_RESOURCE() from macro into static inline function
No technical reason, except that later on we want to add a new
ERRNO_IS() which uses the parameter twice and where we want to avoid
double evaluation, and where we'd like to keep things in the same style.
2019-04-10 20:03:38 +02:00
Lennart Poettering
916a9ec7c6 errno-util: add three more error codes to ERRNO_IS_DISCONNECT()
This is based on the recommendations in accept4() and the listed error
codes there.
2019-04-10 20:03:38 +02:00
Lennart Poettering
7ebd758cf6 tree-wide: voidify some socket calls 2019-04-10 20:03:38 +02:00
Benjamin Robin
763e7b5da6 core/killall: Add documentation about broadcast_signal() 2019-04-10 19:30:38 +02:00
Benjamin Robin
2c32f4f47d core/killall: Log the process names not killed after 10s 2019-04-10 19:27:38 +02:00
Benjamin Robin
827156b330 shutdown: Bump sysctl kernel.printk log level in order to see info msg 2019-04-10 19:27:38 +02:00
Zbigniew Jędrzejewski-Szmek
1662732768 systemd-udev-settle.service: emit deprecation notice 2019-04-10 15:58:14 +02:00
Yu Watanabe
86a3d44de5 network: fix use-of-uninitialized-value or null dereference
This fixes a bug introduced by 6ef5c881dd.

Fixes oss-fuzz#14157 and oss-fuzz#14158.
2019-04-10 18:18:11 +09:00
Zbigniew Jędrzejewski-Szmek
74b45889e4
Merge pull request #12252 from keszybz/libmount-dont-unescape
Don't unescape paths from libmount
2019-04-09 11:56:52 +02:00
Lennart Poettering
afcfaa695c core: implement OOMPolicy= and watch cgroups for OOM killings
This adds a new per-service OOMPolicy= (along with a global
DefaultOOMPolicy=) that controls what to do if a process of the service
is killed by the kernel's OOM killer. It has three different values:
"continue" (old behaviour), "stop" (terminate the service), "kill" (let
the kernel kill all the service's processes).

On top of that, track OOM killer events per unit: generate a per-unit
structured, recognizable log message when we see an OOM killer event,
and put the service in a failure state if an OOM killer event was seen
and the selected policy was not "continue". A new "result" is defined
for this case: "oom-kill".

All of this relies on new cgroupv2 kernel functionality: the
"memory.events" notification interface and the "memory.oom.group"
attribute (which makes the kernel kill all cgroup processes
automatically).
2019-04-09 11:17:58 +02:00
Lennart Poettering
a5b5aece01 service: beautify debug log message a bit 2019-04-09 11:17:58 +02:00
Lennart Poettering
0bb814c2c2 core: rename cgroup_inotify_wd → cgroup_control_inotify_wd
Let's rename the .cgroup_inotify_wd field of the Unit object to
.cgroup_control_inotify_wd. Let's similarly rename the hashmap
.cgroup_inotify_wd_unit of the Manager object to
.cgroup_control_inotify_wd_unit.

Why? As preparation for a later commit that allows us to watch the
"memory.events" cgroup attribute file in addition to the "cgroup.events"
file we already watch with the fields above. In that later commit we'll
add new fields "cgroup_memory_inotify_wd" to Unit and
"cgroup_memory_inotify_wd_unit" to Manager, that are used to watch these
other events file.

No change in behaviour. Just some renaming.
2019-04-09 11:17:57 +02:00
Lennart Poettering
5210387ea6 core: check for redundant operation before doing allocation 2019-04-09 11:17:57 +02:00
Lennart Poettering
cbe83389d5 core: rearrange cgroup empty events a bit
So far the priorities for cgroup empty event handling were pretty weird.
The raw events (on cgroupsv2 from inotify, on cgroupsv1 from the agent
dgram socket) where scheduled at a lower priority than the cgroup empty
queue dispatcher. Let's swap that and ensure that we can coalesce events
more agressively: let's process the raw events at higher priority than
the cgroup empty event (which remains at the same prio).
2019-04-09 11:17:57 +02:00
Zbigniew Jędrzejewski-Szmek
52efbd8f0e
Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file
network: add PresharedKeyFile= setting and make reading key file failure fatal
2019-04-09 10:52:52 +02:00
Zbigniew Jędrzejewski-Szmek
9d1b2b2252 pid1,shutdown: do not cunescape paths from libmount
The test added in previous commit shows that libmount does the unescaping
internally.
2019-04-09 09:07:40 +02:00
Zbigniew Jędrzejewski-Szmek
b57adc94cd test-libmount: let's see how libmount parses stuff
With libmount-2.33.1-3.fc30.x86_64 I get:
/* test_libmount_unescaping_one escaped space + utf8 */
from '729 38 0:59 / /tmp/\342\200\236zupa\\040z\304\231bowa\342\200\235 rw,relatime shared:395 - tmpfs die\\040Br\303\274he rw,seclabel'
source: 'die Brühe'
source: 'die Br\303\274he'
source: 'die Brühe'
expected: 'die Brühe'
target: '/tmp/„zupa zębowa”'
target: '/tmp/\342\200\236zupa z\304\231bowa\342\200\235'
target: '/tmp/„zupa zębowa”'
expected: '/tmp/„zupa zębowa”'
/* test_libmount_unescaping_one escaped newline */
from '729 38 0:59 / /tmp/x\\012y rw,relatime shared:395 - tmpfs newline rw,seclabel'
source: 'newline'
source: 'newline'
source: 'newline'
expected: 'newline'
target: '/tmp/x
y'
target: '/tmp/x\ny'
target: '/tmp/x
y'
expected: '/tmp/x
y'
/* test_libmount_unescaping_one empty source */
from '760 38 0:60 / /tmp/emptysource rw,relatime shared:410 - tmpfs  rw,seclabel'
source: ''
source: ''
source: ''
expected: ''
target: '/tmp/emptysource'
target: '/tmp/emptysource'
target: '/tmp/emptysource'
expected: '/tmp/emptysource'
/* test_libmount_unescaping_one foo\rbar */
from '790 38 0:61 / /tmp/foo\rbar rw,relatime shared:425 - tmpfs tmpfs rw,seclabel'
source: 'tmpfs'
source: 'tmpfs'
source: 'tmpfs'
expected: 'tmpfs'
target: '/tmp/foo'
target: '/tmp/foo'
target: '/tmp/foo'
expected: 'n/a'

With https://github.com/karelzak/util-linux/issues/780 fixed, we get

/* test_libmount_unescaping_one foo\rbar */
from '790 38 0:61 / /tmp/foo\rbar rw,relatime shared:425 - tmpfs tmpfs rw,seclabel'
source: 'tmpfs'
source: 'tmpfs'
source: 'tmpfs'
expected: 'tmpfs'
target: '/tmp/foo
bar'
target: '/tmp/foo\rbar'
target: '/tmp/foo
bar'
expected: '/tmp/foo
bar'
2019-04-09 09:07:40 +02:00
Yu Watanabe
2b942a926c network: make wireguard_decode_key_and_warn() take uint8_t buf[static WG_KEY_LEN] 2019-04-09 15:50:23 +09:00
Yu Watanabe
26f86d500e network: warn when wireguard keys are stored in world readable files 2019-04-09 15:50:22 +09:00
Yu Watanabe
a3945c6361 network: add WireGuardPeer.PresharedKeyFile= setting 2019-04-09 15:50:22 +09:00
Yu Watanabe
6ef5c881dd network: clear wireguard keys on failure or on exit 2019-04-09 15:50:22 +09:00
Yu Watanabe
cb31e7c861 network: make reading PrivateKeyFile= failure always fatal
This also refactor wireguard_read_key_file().
2019-04-09 15:50:22 +09:00
Yu Watanabe
07d8c0eb1e fileio: add READ_FULL_FILE_UNBASE64 flag for read_full_file_full() 2019-04-09 15:50:22 +09:00
Yu Watanabe
50caae7b92 fileio: read_full_file_full() also warns when file is world readable and secure flag is set 2019-04-09 15:50:22 +09:00
Yu Watanabe
7a309a8c63 fileio: introduce warn_file_is_world_accessible() 2019-04-09 15:50:22 +09:00
Yu Watanabe
15f8f026cf util: introduce READ_FULL_FILE_SECURE flag for reading secure data 2019-04-09 15:50:16 +09:00
Benjamin Robin
a012f9f7cf core/killall: Propagate errors and return the number of process left 2019-04-08 19:41:16 +02:00
Lennart Poettering
b473691d41 inhibit: fix argv[] usage
Another fix in style of ed179fd710 and
bd169c2be0fbdaf6eb2ea7951e650d5e5983fbf6..

I hope we are soon complete with these.

Fixes: #12246
2019-04-08 16:57:39 +02:00
Lennart Poettering
dc90e0faae basic: add new helper call empty_or_dash_to_null()
We have a function like this at two places already. Let's unify it in
one generic location and let's port a number of users over.
2019-04-08 12:11:11 +02:00
Lennart Poettering
e7b88b7bc1 tree-wide: introduce empty_or_dash() helper
At quite a few places we check isempty() || streq(…, "-"), let's add a
helper to simplify that, and replace that by a single function call.
2019-04-08 12:03:33 +02:00
Lennart Poettering
ea505047c5
Merge pull request #12238 from keszybz/one-genuine-bugfix+lots-of-line-wrapping
One genuine bugfix and lots of line wrapping
2019-04-08 11:19:34 +02:00
Lennart Poettering
83d4ab5533 pam-systemd: use secure_getenv() rather than getenv()
And explain why in a comment.
2019-04-08 10:24:03 +02:00
Zbigniew Jędrzejewski-Szmek
330d1defdb sysusers: use return_error_errno() where possible 2019-04-07 22:00:11 +02:00
Zbigniew Jędrzejewski-Szmek
71fb15888b sysusers: add missing initalizer
I assume that this is the error causing the invalid free in
https://bugzilla.redhat.com/show_bug.cgi?id=1670679.
2019-04-07 21:49:08 +02:00
Zbigniew Jędrzejewski-Szmek
124d7cb2a0 logind: linewrap some long lines and remove unnecessary conditional 2019-04-07 21:48:54 +02:00