shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-02-04 21:47:31 +03:00
Code
70,801 Commits 4 Branches 400 Tags
Commit Graph

70801 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lennart Poettering
0d1332841e parse-helpers: add new PATH_CHECK_NON_API_VFS flag 
In various contexts it's a bit icky to allow paths below /proc/, /sys/,
/dev/ i.e. file hierarchies where API VFS are placed. Let's add a new
flag for path_simplify_and_warn() to check for this and refuse a path if
in these paths.

Enable this when parsing WorkingDirectory=.

This is inspired by CVE-2024-21626, which uses trickery around the cwd
and /proc/self/fd/.

AFAICS we are not actually vulnerable to the same issue as explained in
the CVE since we execute the WorkingDirectory= setting very late, i.e.
long after we set up the new mount namespace. But let's filter out icky
stuff better earlier than later, as extra safety precaution.
 2024-02-06 11:13:28 +01:00
Lennart Poettering
0fb08bd5e3 mountpoint-util: add small helper that checks if a path is below the API VFS hierarchies 2024-02-06 11:13:28 +01:00
Lennart Poettering
b63e3bd308 exec-invoke: rework apply_working_directory() around chase() 
let's be more careful and get rid of one more prefix_roota() use, in
favour of the safe chase().
 2024-02-06 10:28:30 +01:00
Lennart Poettering
e66766ead8 parse-helpers: indent according to coding style 2024-02-06 10:28:30 +01:00
Mike Yuan
027d9f9096
Merge pull request #31209 from bluca/pidfd_spawn 
core: add support for pidfd_spawn
 2024-02-06 15:14:17 +08:00
Mike Yuan
b409aacb0a
mountpoint-util: introduce path_is_mount_point_full 2024-02-06 15:09:28 +08:00
Mike Yuan
561d879305
login/user-runtime-dir: properly check for mount point 2024-02-06 15:08:58 +08:00
Luca Boccassi
76e00ba2e5 TODO: drop clone3 item 2024-02-05 21:52:36 +00:00
Luca Boccassi
2e106312e2 core: add support for pidfd_spawn 
Added in glibc 2.39, allows cloning into a cgroup and to get
a pid fd back instead of a pid. Removes race conditions for
both changing cgroups and getting a reliable reference for the
child process.

Fixes https://github.com/systemd/systemd/pull/18843
Replaces https://github.com/systemd/systemd/pull/16706
 2024-02-05 21:52:36 +00:00
Luca Boccassi
9ca13d60db executor: really set POSIX_SPAWN_SETSIGDEF for posix_spawn 
posix_spawnattr_setflags() doesn't OR the input to the current set of flags,
it overwrites them, so we are currently losing POSIX_SPAWN_SETSIGDEF.

Follow-up for: 6ecdfe7d1008964eed3f67b489cef8c65a218bf1
 2024-02-05 16:26:01 +00:00
Frantisek Sumsal
4e71714bca README: bump the gcc baseline to 8.4 
We already use __VA_OPT__ in multiple places, which was introduced in
gcc 8 [0], so let's bump the baseline to reflect that. I chose gcc 8.4,
as that was the lowest 8.x version I could easily get my hands on when I
verified this (on Ubuntu Focal with the gcc-8 package).

Closes: #31191

[0] https://gcc.gnu.org/gcc-8/changes.html
 2024-02-05 10:45:10 +00:00
Mike Yuan
9524c519a2
Merge pull request #31197 from YHNdnzj/protect-system-cred 
core/service: set up credentials for all start-post commands too
 2024-02-05 16:06:42 +08:00
Mike Yuan
39f4504de8
core/service: allow ExecStartPost= cmds to access creds 
Fixes #31194
 2024-02-05 00:57:06 +08:00
Mike Yuan
a145623bc4
core/service: don't setup credentials for ExecCondition= and ExecReload= 
This seems to be a mistake in #27279. I believe credentials should
not be made available to condition or reload tasks. In most cases
they're irrelevant from the actual job of the service. Also, currently
the first ExecCondition= or ExecReload= cannot access creds anyway,
making the incompatibility introduced negligible.

If people actually come up with valid use cases, we can always
revisit this.
 2024-02-05 00:52:46 +08:00
Mike Yuan
fe760177fe
core/service: don't give ExecStopPost= commands tty access 
All tasks spawned later than ExecStart= (e.g. ExecReload=, ExecStop=, ...)
don't get tty access. ExecStopPost= is the odd one out. Fix that.
 2024-02-05 00:47:07 +08:00
Mike Yuan
81006ebbd7
core/service: introduce service_exec_flags 
As suggested in
https://github.com/systemd/systemd/pull/31197#pullrequestreview-1861297477

Note that this slightly changes the behavior for
ExecReload=, ExecCondition= and ExecStartPost=. Will
be explained/corrected in later commits.
 2024-02-05 00:46:39 +08:00
Mike Yuan
a5801e9714
core/unit: use ASSERT_PTR and strdup_or_null more 2024-02-05 00:37:00 +08:00
Mike Yuan
d3131ea28c
core/exec-invoke: don't duplicate needs_sandboxing condition 2024-02-04 16:35:16 +08:00
Mike Yuan
881dbad1f1
core/exec-credential: make param const where appropriate 2024-02-04 16:35:13 +08:00
James Muir
c0c852a8bb bulgarian: use "RateLimitIntervalSec" rather than "RateLimitInterval" 
Update Bulgarian translation.  "RateLimitIntervalSec" is the current option
name.  "RateLimitInterval" is the legacy option name.
 2024-02-04 02:42:09 +09:00
Frantisek Sumsal
a0485e07b3 test_ukify: use raw string for the regex 
To get rid of the "invalid escape sequence" warning:

=============================== warnings summary ===============================
../src/ukify/test/test_ukify.py:876
  ../src/ukify/test/test_ukify.py:876: SyntaxWarning: invalid escape sequence '\s'
    assert re.search('Issuer: CN\s?=\s?SecureBoot signing key on host', out)
 2024-02-04 02:41:03 +09:00
Anders Jonsson
660be5c5af po: Translated using Weblate (Swedish) 
Currently translated at 100.0% (227 of 227 strings)

Co-authored-by: Anders Jonsson <anders.jonsson@norsjovallen.se>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/sv/
Translation: systemd/main
 2024-02-03 12:47:07 +01:00
Ivan Shapovalov
00fcd79e65 nspawn: permit --ephemeral with --link-journal=try-* (treat as =no) 
Common sense says that to "try" something means "to not fail if
something turns out not to be possible", thus do not make this
combination a hard error.

The actual implementation ignores any --link-journal= setting when
--ephemeral is in effect, so the semantics are upheld.
 2024-02-03 03:03:41 +09:00
Vladimir Stoiakin
85686b37b0 cryptenroll: allow to use a public key on a token 
This patch allows systemd-cryptenroll to enroll directly with a public key if a certificate is missing on a token.

Fixes: #30675
 2024-02-03 03:00:51 +09:00
Antonio Alvarez Feijoo
e104d77da2 man/systemd-bsod: fix command path 2024-02-03 02:59:44 +09:00
Frantisek Sumsal
ce45fe2a32 test: wait until the test binary starts the test aux scope 
Otherwise we might continue too early on slower machines:

[   53.777485] testsuite-07.sh[675]: + systemd-run --unit test-aux-scope.service -p Slice=aux.slice -p Type=exec -p TasksMax=99 -p CPUWeight=199 -p IPAccounting=yes /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   55.399526] testsuite-07.sh[679]: Running as unit: test-aux-scope.service; invocation ID: 375dc3e2d12f4af1bedfe80a23709e37
[   55.512917] testsuite-07.sh[691]: ++ systemctl show --value --property MainPID test-aux-scope.service
[   56.947713] testsuite-07.sh[675]: + kill -s USR1 680
[   56.947713] testsuite-07.sh[675]: + sleep 1
[   58.058809] testsuite-07.sh[675]: + systemctl status test-aux-scope.service
[   58.902808] testsuite-07.sh[695]: ● test-aux-scope.service - /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]:      Loaded: loaded (/run/systemd/transient/test-aux-scope.service; transient)
[   58.902808] testsuite-07.sh[695]:   Transient: yes
[   58.902808] testsuite-07.sh[695]:      Active: active (running) since Thu 2024-02-01 04:53:57 UTC; 3s ago
[   58.902808] testsuite-07.sh[695]:    Main PID: 680 (test-aux-scope)
[   58.902808] testsuite-07.sh[695]:          IP: 0B in, 0B out
[   58.902808] testsuite-07.sh[695]:       Tasks: 11 (limit: 99)
[   58.902808] testsuite-07.sh[695]:      Memory: 3.2M (peak: 3.5M)
[   58.902808] testsuite-07.sh[695]:         CPU: 235ms
[   58.902808] testsuite-07.sh[695]:      CGroup: /aux.slice/test-aux-scope.service
[   58.902808] testsuite-07.sh[695]:              ├─680 /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]:              ├─681 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─682 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─683 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─684 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─685 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─686 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─687 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─688 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─689 "(worker)"
[   58.902808] testsuite-07.sh[695]:              └─690 "(worker)"
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Enqueued job test-aux-scope.service/start as 277
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Will spawn child (service_enter_start): /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Passing 0 fds to service
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: About to execute: /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Forked /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope as 680
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Changed dead -> start
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: Starting test-aux-scope.service...
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd-executor[680]: SELinux enabled state cached to: disabled
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[   58.979659] testsuite-07.sh[701]: ++ ps -eo pid,unit
[   59.014968] testsuite-07.sh[702]: ++ grep -c test-aux-scope.service
[   59.729453] systemd[1]: Cannot find unit for notify message of PID 691, ignoring.
[   60.321547] testsuite-07.sh[675]: + test 11 = 1
[   60.332496] testsuite-07.sh[669]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-07.aux-scope.sh failed'
 2024-02-03 02:57:52 +09:00
Yu Watanabe
a853cc99e6 network: adjust default RequiredForOnline= and RequiredFamilyForOnline= setting 
E.g. a bonding port does not support addressing, hence the default
should be 'enslaved'.

Follow-up for 3255bda698d2a02ab2f2825a1e652ac6f0871a89.

Closes #27724.
 2024-02-02 15:38:30 +09:00
Yu Watanabe
c89efaf9e5 man: fix default behavior of RequiredFamilyForOnline= 2024-02-02 15:38:30 +09:00
Yu Watanabe
2933881ea5
Merge pull request #31032 from yuwata/pam-session-close 
pam: fix warning "Attempted to close sd-bus after fork, this should not happen." on session close
 2024-02-02 09:51:08 +09:00
Harald Brinkmann
2a9b1a76ee coredump: log minimal metadata early 2024-02-02 09:43:50 +09:00
Yu Watanabe
25d2376052
Merge pull request #31166 from mrc0mmand/vpick-tweaks 
vpick: make a working copy of the current dname
 2024-02-02 09:37:13 +09:00
Yu Watanabe
68676af60d test-network: fix typo 
Follow-up for d4c8de21a07d015f2f2c787e0735be5e4d02fb3c.
 2024-02-02 09:29:14 +09:00
Yu Watanabe
58125c1920 test: fix typo 
Follow-up for fa8ff98ea4886442bebecd337da78e4dac3d0cb1.
 2024-02-02 09:27:52 +09:00
Yu Watanabe
04a755466b man/creds: fix typo 
Follow-up for 7704c3474d0f3176f5d84efee5f44f9d815e615f.
 2024-02-02 09:25:57 +09:00
Yu Watanabe
49d6e3c8a8 man: fix typo 
Follow-up for 34bbda18a5f07fa5a52e8d85d20637ce1c00c4ec.
 2024-02-02 09:24:25 +09:00
Yu Watanabe
35dab29d58 sd-bus: fix typo 
Follow-up for 25fd5343ca3a3481d2e0d3f3aebab2fcf4e42bc7.
 2024-02-02 09:22:43 +09:00
Yu Watanabe
431042e901 sd-bus: fix typo 
Follow-up for 71be64064c9e22c9edcb0c25d7ccc9e3c9ed1978.
 2024-02-02 09:21:18 +09:00
Yu Watanabe
9d7f6b3db4 creds: fix typo 
Follow-up for 8464f7cbd652af75566017c62bec5308d1c30775.
 2024-02-02 09:20:05 +09:00
Yu Watanabe
14f95de8da local-addresses: fix typo 
Follow-up for 5cb56068d0aae4c85e97a4ae16e33a7614cdc0bb.
 2024-02-02 09:18:38 +09:00
Yu Watanabe
77924eab17 tpm2-util: fix typo 
Follow-up for d37c312b87aeba4a470ad720eda56cdbc9ea2290.
 2024-02-02 09:17:25 +09:00
Yu Watanabe
6a8026e8ae network/ndisc: fix typo 
Follow-up for d4c8de21a07d015f2f2c787e0735be5e4d02fb3c.
 2024-02-02 09:16:02 +09:00
Yu Watanabe
e53fcb0932 repart: fix typo 
Follow-up for a575f2148f5bf619c75b3c2edadd7a94518ae74d.
 2024-02-02 09:14:50 +09:00
Yu Watanabe
197e77c527 core/unit: fix typo 
Follow-up for 16b6af6adefa4068b10e1a04f46fc895cb9a3af7.
 2024-02-02 09:13:05 +09:00
Yu Watanabe
d282d55d4f cgroup-util: fix typo 
Follow-up for 677e6c14b199c1fa637b7c4c8cae39c31213a79d.
 2024-02-02 09:11:42 +09:00
Yu Watanabe
a4f1a3087a user-util: fix typo 
Follow-up for 75673cd8aee5c6174538e71dd36c7a353c836973.
 2024-02-02 09:10:02 +09:00
Yu Watanabe
3600b0f401 TODO: fix typo 
Follow-up for fd40e7da6e005644445d2f6cb3363daf1e170b8c.
 2024-02-02 09:07:31 +09:00
Luca Boccassi
556d2bc4a1 core: use PidRef in exec_spawn 2024-02-01 21:06:14 +00:00
Gabríel Arthúr Pétursson
47ec2c8a8e cryptenroll: Support rotating PIN on an existing TPM2 enrollment 2024-02-01 13:55:17 +00:00
Frantisek Sumsal
d049bffc50 vpick: use prefix_roota() to avoid double slash in log messages 
If the toplevel_path is empty we end up with doubled leading slash,
which looks weird:

[ 4737.028985] testsuite-74.sh[102]: Inode '//var/lib/machines/mytree.v/mytree_37.0_arm64+2-3' has wrong type, found 'dir'.
[ 4737.028985] testsuite-74.sh[102]: Failed to pick version for '/var/lib/machines/mytree.v': Is a directory
...
[ 4316.957536] testsuite-74.sh[99]: Failed to open '//var/lib/machines/mytree.v/mytree_37.0': No such file or directory
...
 2024-02-01 14:54:06 +01:00
Frantisek Sumsal
9258784762 vpick: make a working copy of the current dname 
Since we might edit the string later on by inserting NULs, which then
leads up to using an invalid dname when opening the potential chosen
directory:

[ 4316.957536] testsuite-74.sh[99]: make_choice: entry: mytree_37.0_arm64+2-3
[ 4316.957536] testsuite-74.sh[99]: make_choice: best_version: 37.0
[ 4316.957536] testsuite-74.sh[99]: make_choice: best_filename: mytree_37.0
[ 4316.957536] testsuite-74.sh[99]: Failed to open '//var/lib/machines/mytree.v/mytree_37.0': No such file or directory

Uncovered by vpick tests from TEST-74-AUX-UTILS when run on aarch64.
 2024-02-01 14:54:06 +01:00