1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

70924 Commits

Author SHA1 Message Date
Yu Watanabe
fe0acbf7e0 network: set 'removing' flag to remembered object
Previously, if address_remove() or friends called with a temporary
object, the removing flag is assigned to the temporary object, and is
not set to the remembered object. Hence, e.g.
route_is_ready_to_configure() wrongly judge a required address for a
route is (still) ready, hence networkd fails to configure the route.

Fixes #28009.
2024-02-07 10:25:19 +00:00
Yu Watanabe
10aedb6f9d network/address: do not configure with IFA_F_TENTATIVE
Follow-up for 0a0c2672db.

After the commit, remembered Address objects by Link are always given by
kernel. Hence, it is not necessary to set the flag, as it is always
ignored by the kernel, and the kernel set the flag on notification if it
is necessary.
2024-02-07 10:21:12 +00:00
Luca Boccassi
9182658d3b
Merge pull request #31202 from YHNdnzj/creds-reuse
core: reuse credential dir across start and start-post if populated
2024-02-07 10:17:07 +00:00
Franck Bui
e374109efb test: systemd-update-utmp is optional
It can be disabled with '-Dutmp=false'
2024-02-07 11:00:20 +01:00
Maanya Goenka
34e17203bd
preset: enable confext and sysext by default (#31211) 2024-02-07 04:19:59 +08:00
Zbigniew Jędrzejewski-Szmek
d44934f378 NEWS: announce plan to drop support for nscd
This is in preparation for https://github.com/systemd/systemd/pull/30360 to be
merged in a future release. As described there:

  nscd is known to be racy [1] and it was already deprecated and later dropped
  in Fedora a while back [1,2]. We don't need to support obsolete stuff in
  systemd, and the cache in systemd-resolved provides a better solution anyway.

  [1] https://fedoraproject.org/wiki/Changes/DeprecateNSCD
  [2] https://fedoraproject.org/wiki/Changes/RemoveNSCD

Note that our "support" is only the signal to flush the cache that we send at
various points. Nscd itself may still exist, dropping it is a decision to be
made in glibc.
2024-02-06 18:34:56 +01:00
Mike Yuan
cfbf7538d8
core: reuse credential dir across start and start-post if populated,
fresh otherwise

Currently, exec_setup_credential() always rewrite all credentials
upon exec_invoke(), i.e. invocation of each ExecCommand, and within
a single tmpfs instance. This is problematic though:

* When writing each tmp cred file, we essentially double the size
  of the credential. Therefore, if one cred is bigger than half
  of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also
  https://github.com/systemd/systemd/pull/24734#issuecomment-1925440546)

* Credential is a unit-wide thing and thus should not change
  during the whole lifetime of main process. However, if e.g.
  a on-disk credential or SetCredential= in unit file
  changes between ExecStart= and ExecStartPost=,
  the credentials are overwritten when the latter gets to run,
  and the already-running main process is suddenly seeing
  completely different creds.

So, let's try to reuse final cred dir if the main process has started
and the tmpfs has been populated, so that the creds used is stable
across all ExecStart= and ExecStartPost=-s. We still want to retain
the ability of updating creds through ExecStartPre= though, therefore
we forcibly use a fresh cred dir for those. 'Fresh' means to actually
unmount the old tmpfs first, so the first problem goes away, too.
2024-02-07 00:43:33 +08:00
Mike Yuan
1221ba0f6f
core: introduce exec_params_need_credentials
Also rename EXEC_WRITE_CREDENTIALS to EXEC_SETUP_CREDENTIALS.
2024-02-07 00:43:33 +08:00
Mike Yuan
54c3546188
TEST-54-CREDS: add test for ExecStartPost= (#31194) 2024-02-07 00:43:32 +08:00
Mike Yuan
0f781376c0
core/exec-credential: use FOREACH_ARRAY at one more place 2024-02-07 00:43:32 +08:00
Mike Yuan
3a0f6c217d
core/exec-credential: add missing assertions 2024-02-07 00:43:32 +08:00
Yu Watanabe
6f412c00cf wait-online: by default not all interface need to be online
Fixes an issue caused by ab3aed4a03 (v253).

By default, all managed interface need to be configured, and at least
one interface need to be online. Hence, offline interface should be ignored.

Fixes #29506.
2024-02-06 12:45:37 +00:00
Felix Riemann
0119370cbb cryptenroll: Fix reading keyfile from socket
systemd-cryptenroll uses the READ_FULL_FILE_CONNECT_SOCKET flag when
reading the keyfile to also allow reading it from a socket. But it also
sets the offset to 0, causing an unnecessary seek to the beginning of
the newly opened keyfile and disables socket support again, as these do
not support seeking.

Disable seeking entirely to remove the unneeded seek and restore support
for reading the keyfile from a socket again as with systemd-cryptsetup.
2024-02-06 12:44:42 +00:00
Luca Boccassi
d50f58d641
Merge pull request #31210 from poettering/chdir-hardening
WorkingDirectory= hardening
2024-02-06 12:41:43 +00:00
Luca Boccassi
33d7fedca9
Merge pull request #31205 from YHNdnzj/path-is-mount-point
mountpoint-util: expose root and flags as path_is_mount_point_full
2024-02-06 12:37:20 +00:00
Zbigniew Jędrzejewski-Szmek
85a84772a1 units: drop userdbd from homed's Also=
Also= lists units which should be enabled/disabled together with the first unit.
But userdbd is independent of homed, we shouldn't e.g. disable it even if homed
is disabled.
2024-02-06 12:36:04 +00:00
Mike Yuan
c90335403c process-util: minor follow-up for pidfd_spawn 2024-02-06 12:26:38 +00:00
Lennart Poettering
83d5dab4de nspawn: and also add comment, making clear chdir() should come late 2024-02-06 11:13:28 +01:00
Lennart Poettering
f94025a136 nspawn: also refuse paths below API VFS in nspawn's --chdir= field 2024-02-06 11:13:28 +01:00
Lennart Poettering
8049bce619 load-fragment: set PATH_CHECK_NON_API_VFS flag at various other places
I tried to be conservative here, and hence in doubt I left the flag off,
but in some cases I really can't see any reason why it would make sense
to specifiy paths into API VFS, hence add it there, to lock things down
a bit.
2024-02-06 11:13:28 +01:00
Lennart Poettering
e0f6eaeb4f parse-helpers: adjust log level when we say we ignore to LOG_WARNING 2024-02-06 11:13:28 +01:00
Lennart Poettering
14631951ce dbus: make dbus property parsing of WorkingDirectory= equally strict as loading it from the unit files 2024-02-06 11:13:28 +01:00
Lennart Poettering
a13fb98ba7 exec-invoke: extend comment on placement of apply_working_directory() call
Inspired by CVE-2024-21626, let's add a longer comment explaining why
the code really shouldn#t be moved any earlier.

Just in the hope that anyone who feels tempted to move this around maybe
actually reads the comment and reconsiders.
2024-02-06 11:13:28 +01:00
Lennart Poettering
0d1332841e parse-helpers: add new PATH_CHECK_NON_API_VFS flag
In various contexts it's a bit icky to allow paths below /proc/, /sys/,
/dev/ i.e. file hierarchies where API VFS are placed. Let's add a new
flag for path_simplify_and_warn() to check for this and refuse a path if
in these paths.

Enable this when parsing WorkingDirectory=.

This is inspired by CVE-2024-21626, which uses trickery around the cwd
and /proc/self/fd/.

AFAICS we are not actually vulnerable to the same issue as explained in
the CVE since we execute the WorkingDirectory= setting very late, i.e.
long after we set up the new mount namespace. But let's filter out icky
stuff better earlier than later, as extra safety precaution.
2024-02-06 11:13:28 +01:00
Lennart Poettering
0fb08bd5e3 mountpoint-util: add small helper that checks if a path is below the API VFS hierarchies 2024-02-06 11:13:28 +01:00
Lennart Poettering
b63e3bd308 exec-invoke: rework apply_working_directory() around chase()
let's be more careful and get rid of one more prefix_roota() use, in
favour of the safe chase().
2024-02-06 10:28:30 +01:00
Lennart Poettering
e66766ead8 parse-helpers: indent according to coding style 2024-02-06 10:28:30 +01:00
Mike Yuan
027d9f9096
Merge pull request #31209 from bluca/pidfd_spawn
core: add support for pidfd_spawn
2024-02-06 15:14:17 +08:00
Mike Yuan
b409aacb0a
mountpoint-util: introduce path_is_mount_point_full 2024-02-06 15:09:28 +08:00
Mike Yuan
561d879305
login/user-runtime-dir: properly check for mount point 2024-02-06 15:08:58 +08:00
Luca Boccassi
76e00ba2e5 TODO: drop clone3 item 2024-02-05 21:52:36 +00:00
Luca Boccassi
2e106312e2 core: add support for pidfd_spawn
Added in glibc 2.39, allows cloning into a cgroup and to get
a pid fd back instead of a pid. Removes race conditions for
both changing cgroups and getting a reliable reference for the
child process.

Fixes https://github.com/systemd/systemd/pull/18843
Replaces https://github.com/systemd/systemd/pull/16706
2024-02-05 21:52:36 +00:00
Luca Boccassi
9ca13d60db executor: really set POSIX_SPAWN_SETSIGDEF for posix_spawn
posix_spawnattr_setflags() doesn't OR the input to the current set of flags,
it overwrites them, so we are currently losing POSIX_SPAWN_SETSIGDEF.

Follow-up for: 6ecdfe7d10
2024-02-05 16:26:01 +00:00
Frantisek Sumsal
4e71714bca README: bump the gcc baseline to 8.4
We already use __VA_OPT__ in multiple places, which was introduced in
gcc 8 [0], so let's bump the baseline to reflect that. I chose gcc 8.4,
as that was the lowest 8.x version I could easily get my hands on when I
verified this (on Ubuntu Focal with the gcc-8 package).

Closes: #31191

[0] https://gcc.gnu.org/gcc-8/changes.html
2024-02-05 10:45:10 +00:00
Mike Yuan
9524c519a2
Merge pull request #31197 from YHNdnzj/protect-system-cred
core/service: set up credentials for all start-post commands too
2024-02-05 16:06:42 +08:00
Mike Yuan
39f4504de8
core/service: allow ExecStartPost= cmds to access creds
Fixes #31194
2024-02-05 00:57:06 +08:00
Mike Yuan
a145623bc4
core/service: don't setup credentials for ExecCondition= and ExecReload=
This seems to be a mistake in #27279. I believe credentials should
not be made available to condition or reload tasks. In most cases
they're irrelevant from the actual job of the service. Also, currently
the first ExecCondition= or ExecReload= cannot access creds anyway,
making the incompatibility introduced negligible.

If people actually come up with valid use cases, we can always
revisit this.
2024-02-05 00:52:46 +08:00
Mike Yuan
fe760177fe
core/service: don't give ExecStopPost= commands tty access
All tasks spawned later than ExecStart= (e.g. ExecReload=, ExecStop=, ...)
don't get tty access. ExecStopPost= is the odd one out. Fix that.
2024-02-05 00:47:07 +08:00
Mike Yuan
81006ebbd7
core/service: introduce service_exec_flags
As suggested in
https://github.com/systemd/systemd/pull/31197#pullrequestreview-1861297477

Note that this slightly changes the behavior for
ExecReload=, ExecCondition= and ExecStartPost=. Will
be explained/corrected in later commits.
2024-02-05 00:46:39 +08:00
Mike Yuan
a5801e9714
core/unit: use ASSERT_PTR and strdup_or_null more 2024-02-05 00:37:00 +08:00
Mike Yuan
d3131ea28c
core/exec-invoke: don't duplicate needs_sandboxing condition 2024-02-04 16:35:16 +08:00
Mike Yuan
881dbad1f1
core/exec-credential: make param const where appropriate 2024-02-04 16:35:13 +08:00
James Muir
c0c852a8bb bulgarian: use "RateLimitIntervalSec" rather than "RateLimitInterval"
Update Bulgarian translation.  "RateLimitIntervalSec" is the current option
name.  "RateLimitInterval" is the legacy option name.
2024-02-04 02:42:09 +09:00
Frantisek Sumsal
a0485e07b3 test_ukify: use raw string for the regex
To get rid of the "invalid escape sequence" warning:

=============================== warnings summary ===============================
../src/ukify/test/test_ukify.py:876
  ../src/ukify/test/test_ukify.py:876: SyntaxWarning: invalid escape sequence '\s'
    assert re.search('Issuer: CN\s?=\s?SecureBoot signing key on host', out)
2024-02-04 02:41:03 +09:00
Anders Jonsson
660be5c5af po: Translated using Weblate (Swedish)
Currently translated at 100.0% (227 of 227 strings)

Co-authored-by: Anders Jonsson <anders.jonsson@norsjovallen.se>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/sv/
Translation: systemd/main
2024-02-03 12:47:07 +01:00
Ivan Shapovalov
00fcd79e65 nspawn: permit --ephemeral with --link-journal=try-* (treat as =no)
Common sense says that to "try" something means "to not fail if
something turns out not to be possible", thus do not make this
combination a hard error.

The actual implementation ignores any --link-journal= setting when
--ephemeral is in effect, so the semantics are upheld.
2024-02-03 03:03:41 +09:00
Vladimir Stoiakin
85686b37b0 cryptenroll: allow to use a public key on a token
This patch allows systemd-cryptenroll to enroll directly with a public key if a certificate is missing on a token.

Fixes: #30675
2024-02-03 03:00:51 +09:00
Antonio Alvarez Feijoo
e104d77da2 man/systemd-bsod: fix command path 2024-02-03 02:59:44 +09:00
Frantisek Sumsal
ce45fe2a32 test: wait until the test binary starts the test aux scope
Otherwise we might continue too early on slower machines:

[   53.777485] testsuite-07.sh[675]: + systemd-run --unit test-aux-scope.service -p Slice=aux.slice -p Type=exec -p TasksMax=99 -p CPUWeight=199 -p IPAccounting=yes /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   55.399526] testsuite-07.sh[679]: Running as unit: test-aux-scope.service; invocation ID: 375dc3e2d12f4af1bedfe80a23709e37
[   55.512917] testsuite-07.sh[691]: ++ systemctl show --value --property MainPID test-aux-scope.service
[   56.947713] testsuite-07.sh[675]: + kill -s USR1 680
[   56.947713] testsuite-07.sh[675]: + sleep 1
[   58.058809] testsuite-07.sh[675]: + systemctl status test-aux-scope.service
[   58.902808] testsuite-07.sh[695]: ● test-aux-scope.service - /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]:      Loaded: loaded (/run/systemd/transient/test-aux-scope.service; transient)
[   58.902808] testsuite-07.sh[695]:   Transient: yes
[   58.902808] testsuite-07.sh[695]:      Active: active (running) since Thu 2024-02-01 04:53:57 UTC; 3s ago
[   58.902808] testsuite-07.sh[695]:    Main PID: 680 (test-aux-scope)
[   58.902808] testsuite-07.sh[695]:          IP: 0B in, 0B out
[   58.902808] testsuite-07.sh[695]:       Tasks: 11 (limit: 99)
[   58.902808] testsuite-07.sh[695]:      Memory: 3.2M (peak: 3.5M)
[   58.902808] testsuite-07.sh[695]:         CPU: 235ms
[   58.902808] testsuite-07.sh[695]:      CGroup: /aux.slice/test-aux-scope.service
[   58.902808] testsuite-07.sh[695]:              ├─680 /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]:              ├─681 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─682 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─683 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─684 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─685 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─686 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─687 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─688 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─689 "(worker)"
[   58.902808] testsuite-07.sh[695]:              └─690 "(worker)"
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Enqueued job test-aux-scope.service/start as 277
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Will spawn child (service_enter_start): /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Passing 0 fds to service
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: About to execute: /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Forked /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope as 680
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Changed dead -> start
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: Starting test-aux-scope.service...
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd-executor[680]: SELinux enabled state cached to: disabled
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[   58.979659] testsuite-07.sh[701]: ++ ps -eo pid,unit
[   59.014968] testsuite-07.sh[702]: ++ grep -c test-aux-scope.service
[   59.729453] systemd[1]: Cannot find unit for notify message of PID 691, ignoring.
[   60.321547] testsuite-07.sh[675]: + test 11 = 1
[   60.332496] testsuite-07.sh[669]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-07.aux-scope.sh failed'
2024-02-03 02:57:52 +09:00
Yu Watanabe
a853cc99e6 network: adjust default RequiredForOnline= and RequiredFamilyForOnline= setting
E.g. a bonding port does not support addressing, hence the default
should be 'enslaved'.

Follow-up for 3255bda698.

Closes #27724.
2024-02-02 15:38:30 +09:00