1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

32368 Commits

Author SHA1 Message Date
Filipe Brandenburger
c9715ffce3 rule-syntax-check: allow commas inside quoted strings
Using a regex to match the groups is smarter than the split(',') that
would break in those cases.

Tested:

  SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*,*:070202:*", TAG+="uaccess"

Rule checker doesn't break there after this commit.
2018-02-27 13:11:07 -08:00
Filipe Brandenburger
d498347a01 rule-syntax-check: add support for escaped double quotes
Add support to backslash-escaped double quote inside a string.

Tested by modifying src/login/70-uaccess.rules to include:

  ACTION=="remove" it", GOTO="uaccess_end"

And had the rule checker complain about it:

  $ test/rule-syntax-check.py src/login/70-uaccess.rules
  # looking at src/login/70-uaccess.rules
  Invalid line src/login/70-uaccess.rules:10: ACTION=="remove" it", GOTO="uaccess_end"
    clause: ACTION=="remove" it"
2018-02-27 11:15:42 -08:00
Franck Bui
75a56cb632 rule-syntax-check: values can contain escaped double quotes
This is true since commit 7e760b79ad.

Note that the changes in the regex expressions relies on the fact that the
script assumes that the comma separator is mandatory.

Add a comment in the script to clarify this.
2018-02-27 14:42:09 +01:00
Franck Bui
905ca72a8f rule-syntax-check: PROGRAM is not supposed to get value assigned
In udev man page, "PROGRAM" key is part of the keys which are used for
matching purposes so it should only be used with the compare operator "==".

Actually it doesn't really make sense to assign it a value.

udev code allows both "=" and "==" for PROGRAM and both are handled the same
way but for consistencies it's better to have only the compare operator allowed
by the rule syntax checker.

No rules shipped by systemd use PROGRAM key so nothing need to be changed in
our rule files.
2018-02-27 14:38:23 +01:00
Franck Bui
71232aac41 rules: add a missing comma in 70-uaccess.rules since it improves readability
rule-syntax-check.py failed with the following error:

$ ./test/rule-syntax-check.py ./src/login/70-uaccess.rules
Invalid line ./src/login/70-uaccess.rules:31: SUBSYSTEM=="sound", TAG+="uaccess"   OPTIONS+="static_node=snd/timer", OPTIONS+="static_node=snd/seq"
  clause: TAG+="uaccess"   OPTIONS+="static_node=snd/timer"

The comma is actually optional but the script makes it mandatory which seems a
good thing since it improves readability.
2018-02-27 14:37:01 +01:00
Lennart Poettering
6084c4efa8
Merge pull request #8252 from keszybz/set-property-man
set-property man-page adjust-ments
2018-02-23 12:20:38 +01:00
Peter Hutterer
774ff9ba69 udev: don't assign INPUT_ID_MOUSE to a touchpad/joystick/touchscreen (#8259)
If a touchpad has MT axes only but not ABS_X/ABS_Y (DualShock 4 controller),
then we hit both the conditions is_touchpad and the later check for
!has_abs_axes here, assigning is_mouse and ID_INPUT_MOUSE later.

This is a bug, we historically only assigned either of of the pointing device
tags ID_INPUT_MOUSE/TOUCHPAD/JOYSTICK/TOUCHSCREEN, never multiple of them.

Note that we cannot just check for has_abs_axes and has_mt_coordinates because
the apple touch mouse has both. We really need to check if the device has
already been assigned something else.

https://bugs.freedesktop.org/show_bug.cgi?id=105050
2018-02-23 09:36:45 +01:00
antizealot1337
6719ca7211 Add missing double quote from log message (#8257) 2018-02-23 00:18:29 +01:00
Alan Jenkins
e8a3144ec4 login: fix user@.service case, so we don't allow nested sessions (#8051)
> logind sessions are mostly bound to the audit session concept, and audit
> sessions remain unaffected by "su", in fact they are defined to be
> "sealed off", i.e. in a way that if a process entered a session once, it
> will always stay with it, and so will its children, i.e. the only way to
> get a new session is by forking off something off PID 1 (or something
> similar) that never has been part of a session.

The code had a gap.  user@.service is a special case PAM session which does
not create a logind session.  Let's remember to check for it.

Fixes #8021
2018-02-22 21:38:44 +01:00
Patrick Uiterwijk
5547c12503 Fix format-truncation compile failure by typecasting USB IDs (#8250)
This patch adds safe_atoux16 for parsing an unsigned hexadecimal 16bit int, and
uses that for parsing USB device and vendor IDs.

This fixes a compile error with gcc-8 because while we know that USB IDs are 2 bytes,
the compiler does not know that.

../src/udev/udev-builtin-hwdb.c:80:38: error: '%04X' directive output may be
truncated writing between 4 and 8 bytes into a region of size between 2 and 6
[-Werror=format-truncation=]

Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-02-22 19:41:30 +01:00
Beniamino Galvani
6afe9046d5 libsystemd-network: fix endianness in ARP BPF filter (#8255)
Commit f11cba7479 ("libsystemd-network: fix unaligned loads (issue #7654)")
changed the way in which the MAC address is read to use native endiannes:

 htobe32(*((uint32_t *)x)  ->  unaligned_read_ne32(x)

This is wrong because loads done with BPF_LD + BPF_ABS are big-endian, as it
can be seen for the ethertype and arp-operation loads above in the
filter.  Also, the same commit changed:

 htobe32(*((unsigned int *)x) -> unaligned_read_be32(x)

in _bind_raw_socket(), which is the correct form.

The commit broke IPv4LL in presence of loops, as the sender now considers its
own packets as conflicting.

Fixes: f11cba7479
2018-02-22 18:09:33 +01:00
Zbigniew Jędrzejewski-Szmek
d156d1d2c9
Merge pull request #8251 from Shuangistan/pr_virt_qnx 2018-02-22 17:06:29 +01:00
Shuang Liu
9bfaf6ea1f man: add bhyve description for ConditionVirtualization=
The description in man is missing in #3840.
2018-02-22 15:29:34 +01:00
Shuang Liu
1fdf07f56c virt: detect QNX hypervisor
Detect QNX hypervisor based on the CPUID.

Fixes: #7239
2018-02-22 15:29:34 +01:00
Zbigniew Jędrzejewski-Szmek
135775c156 systemctl: use VARIABLE as the placeholder for a variable name
The man page was already using VARIABLE=VALUE, so no change there.
2018-02-22 14:53:56 +01:00
Zbigniew Jędrzejewski-Szmek
fbf3283bdd systemctl,man: use PROPERTY as the placeholder for a property name 2018-02-22 14:53:56 +01:00
Zbigniew Jędrzejewski-Szmek
da5e955fbd systemctl,man: use UNIT as the placeholder for a unit name
NAME is kind of meaningless, because everything has a name. "Unit"
makes it more obvious that a name of a unit is necessary. I was always
momentarily baffled by "set-property NAME ASSIGNMENT...", where there
are two objects (the unit and the property), and it's not clear which of
the two "NAME" is supposed to signify.
2018-02-22 14:53:56 +01:00
Zbigniew Jędrzejewski-Szmek
2f75b05c24 man: IPAccounting for slices in now allowed
Also split that description into paragraphs by subject.
2018-02-22 14:53:55 +01:00
Zbigniew Jędrzejewski-Szmek
94be6463bd
Merge pull request #8205 from poettering/bpf-multi
bpf/cgroup improvements
2018-02-22 14:52:48 +01:00
Sergey Ptashnick
e584b2cc45 Update Russian translation (#8248)
Used "in"-form here (i.e. "зарегистрировать службу *в* DNS-SD") because
simply "служба DNS-SD" may be confused with resolved itself (at least in
Russian).
2018-02-22 14:25:11 +01:00
Lennart Poettering
6e11e7e67d nologin: extend the /run/nologin descriptions a bit (#8244)
This is an attempt to improve #8228 a bit, by extending the /run/nologin
a bit, but still keeping it somewhat brief.

On purpose I used the vague wording "unprivileged user" rather than
"non-root user" so that pam_nologin can be updated to disable its
behaviour for members of the "wheel" group one day, and our messages
would still make sense.

See #8228.
2018-02-22 14:21:30 +01:00
Lennart Poettering
c5c07649c2
Merge pull request #8243 from poettering/statx-syscall-unfuck
statx() syscall macro fix + reboot() handling improvements
2018-02-22 13:15:41 +01:00
Lennart Poettering
de0e78f703
Merge pull request #8218 from keszybz/zanata
po: add basic fedora.zanata.org configuration
2018-02-22 11:56:24 +01:00
Zbigniew Jędrzejewski-Szmek
30c81ce2ce pid1: when creating service directories, don't chown existing files (#8181)
This partially reverts 3536f49e8f and
3536f49e8f.

When the user is dynamic, and we are setting up state, cache, or logs dirs,
behaviour is unchanged, we always do a recursive chown. This is necessary
because the user number might change between invocations.

But when setting up a directory for non-dynamic user, or a runtime directory
for a dynamic user, do any ownership or mode changes only when the directory
is initially created. Nothing says that the files under those directories have
to be all recursively owned by our user. This restores behaviour before
3536f49e8f, so modifications to the state of
the runtime directory persist between ExecStartPre's and ExecStart's, and even
longer in case the directory is persistent.

I think it _would_ be a nice property if setting a user would automatically
propagate to ownership of any Runtime/Logs/Cache directories. But this is
incompatible with another nice property, namely preserving changes to those
directories made by an admin, and with allowing change of ownership of files
in those directories by the service (e.g. to allow other users to access them).
Of the two, I think the second property is more important. Also, it's backwards
compatible.

https://bugzilla.redhat.com/show_bug.cgi?id=1508495

There is no need to chmod a directory we just created, so move that step
up into a branch. After that, 'effective' is only used once, so get rid of
it too.
2018-02-22 11:30:59 +01:00
Lennart Poettering
1f409a0cbb shutdown: let's not use exit() needlessly
Generally we prefer 'return' from main() over exit() so that automatic
cleanups and such work correct. Let's do that in shutdown.c too, becuase
there's not really any reason not to.

With this we are pretty good in consistently using return from main()
rather than exit() all across the codebase. Yay!
2018-02-22 10:46:26 +01:00
Lennart Poettering
c01dcddf80 reboot-util: unify reboot with parameter in a single implementation
So far, we had two implementations of reboot-with-parameter doing pretty
much the same. Let's unify that in a generic implementation used by
both.

This is particulary nice as it unifies all /run/systemd/reboot-param
handling in a single .c file.
2018-02-22 10:46:26 +01:00
Lennart Poettering
e3631d1c80 basic: split out update_reboot_parameter_and_warn() into its own .c/.h files
This is primarily preparation for a follow-up commit that adds a common
implementation of the other side of the reboot parameter file, i.e. the
code that reads the file and issues reboot() for it.
2018-02-22 10:46:12 +01:00
Lennart Poettering
118cf9523b tree-wide: voidify reboot() invocations
We use (void) in most cases for reboot() already, let's add it to the
others as well.
2018-02-22 10:42:06 +01:00
Lennart Poettering
c52a937b46 basic: add a common syscall wrapper around reboot()
This mimics the raw_clone() call we have in place already and
establishes a new syscall wrapper raw_reboot() that wraps the kernel's
reboot() system call in a bit more low-level fashion that glibc's
reboot() wrapper. The main difference is that the extra "arg" argument
is supported.

Ultimately this just replaces the syscall wrapper implementation we
currently have at three places in our codebase by a single one.

With this change this means that all our syscall() invocations are
neatly separated out in static inline system call wrappers in our header
functions.
2018-02-22 10:42:06 +01:00
Lennart Poettering
d06f3829cd missing: always use __NR_ as prefix for syscall numbers
Apparently, both __NR_ and SYS_ are useful, but we mostly use __NR_
hence use it for these two cases too, so that we settle on __NR_
exclusively.
2018-02-22 10:42:06 +01:00
Lennart Poettering
fd91e3ef49 missing: Fix statx syscall ifdeffery
Fix a copy/paste mistake.

Fixes: #8238
2018-02-22 10:42:06 +01:00
Zbigniew Jędrzejewski-Szmek
a4896a1f14
Merge pull request #8246 from poettering/wait-for-terminate-eproto
some shutdown logging fixes
2018-02-22 08:27:44 +01:00
Lennart Poettering
0b1f3c768c tree-wide: reopen log when we need to log in FORK_CLOSE_ALL_FDS children
In a number of occasions we use FORK_CLOSE_ALL_FDS when forking off a
child, since we don't want to pass fds to the processes spawned (either
because we later want to execve() some other process there, or because
our child might hang around for longer than expected, in which case it
shouldn't keep our fd pinned). This also closes any logging fds, and
thus means logging is turned off in the child. If we want to do proper
logging, explicitly reopen the logs hence in the child at the right
time.

This is particularly crucial in the umount/remount children we fork off
the shutdown binary, as otherwise the children can't log, which is
why #8155 is harder to debug than necessary: the log messages we
generate about failing mount() system calls aren't actually visible on
screen, as they done in the child processes where the log fds are
closed.
2018-02-22 00:35:00 +01:00
Lennart Poettering
e18805fbd0 shutdown: explicitly set a log target in shutdown.c
We used to set this, but this was dropped when shutdown got taught to
get the target passed in from the regular PID 1. Let's readd this to
make things more explanatory, and cover all grounds, since after all the
target passed is in theory an optional part of the protocol between the
regular PID 1 and the shutdown PID 1.
2018-02-22 00:33:12 +01:00
Lennart Poettering
d405394c5c shutdown: always pass errno to logging functions
We have them, let's propagate them.
2018-02-22 00:32:31 +01:00
Lennart Poettering
e38b8a407a log: only open kmsg on fallback if we actually want to use it
Previously, we'd try to open kmsg on failure of the journal/syslog even
if no automatic fallback to kmsg was requested — and we wouldn't even
use the open connection afterwards...
2018-02-22 00:31:36 +01:00
Lennart Poettering
00adeed99f umount: beef up logging when umount/remount child processes fail
Let's extend what we log if umount/remount doesn't work correctly as we
expect.

See #8155
2018-02-21 23:57:21 +01:00
Lennart Poettering
6079afa9b0 user-sessions: let's simplify our code paths a bit
Let's always go through mac_selinux_finish(), by making our
success/failure codepaths more alike.

This also saves a few lines of code. Yay!
2018-02-21 23:44:39 +01:00
Zbigniew Jędrzejewski-Szmek
ad383382c7 hwdb: drop bad definition for Cordless Wave Pro keyboard (#8230)
[I'm just submitting the solution originally suggested by @barzog.
Nevertheless, this looks pretty straightforward, we don't want to define
any keys on a universal receiver.

Note that this definition was added back in
aedc2eddd1, when we didn't yet have
support for figuring out what hardware is connected behind a logitech
receiver.]

In 60-keyboard.hwdb there is a definition of # Cordless Wave Pro
evdev:input:b0003v046DpC52[9B]*

which in fact not a cordless keyboard but an USB receiver to which different
types of keyboard can be connected. The solution is to completely clean
definition evdev:input:b0003v046DpC52B* from there.

I: Bus=0003 Vendor=046d Product=c52b Version=0111
N: Name="Logitech USB Receiver"
P: Phys=usb-0000:00:1d.0-1.8/input1
S: Sysfs=/devices/pci0000:00/0000:00:1d.0/usb4/4-1/4-1.8/4-1.8:1.1/0003:046D:C52B.0005/input/input20
U: Uniq=
H: Handlers=kbd mouse0 event8
B: PROP=0
B: EV=1f
B: KEY=3007f 0 0 83ffff17aff32d bf54444600000000 ffff0001 130f978b17c000 6773fad941dfed 9ed68000004400 10000002
B: REL=1c3
B: ABS=100000000
B: MSC=10

Fixed #8095.
2018-02-22 08:21:28 +10:00
Lennart Poettering
5128346127 bpf: reset "extra" IP accounting counters when turning off IP accounting for a unit
We maintain an "extra" set of IP accounting counters that are used when
we systemd is reloaded to carry over the counters from the previous run.
Let's reset these to zero whenever IP accounting is turned off. If we
don't do this then turning off IP accounting and back on later wouldn't
reset the counters, which is quite surprising and different from how our
CPU time counting works.
2018-02-21 16:43:36 +01:00
Lennart Poettering
aa2b6f1d2b bpf: rework how we keep track and attach cgroup bpf programs
So, the kernel's management of cgroup/BPF programs is a bit misdesigned:
if you attach a BPF program to a cgroup and close the fd for it it will
stay pinned to the cgroup with no chance of ever removing it again (or
otherwise getting ahold of it again), because the fd is used for
selecting which BPF program to detach. The only way to get rid of the
program again is to destroy the cgroup itself.

This is particularly bad for root the cgroup (and in fact any other
cgroup that we cannot realistically remove during runtime, such as
/system.slice, /init.scope or /system.slice/dbus.service) as getting rid
of the program only works by rebooting the system.

To counter this let's closely keep track to which cgroup a BPF program
is attached and let's implicitly detach the BPF program when we are
about to close the BPF fd.

This hence changes the bpf_program_cgroup_attach() function to track
where we attached the program and changes bpf_program_cgroup_detach() to
use this information. Moreover bpf_program_unref() will now implicitly
call bpf_program_cgroup_detach().

In order to simplify things, bpf_program_cgroup_attach() will now
implicitly invoke bpf_program_load_kernel() when necessary, simplifying
the caller's side.

Finally, this adds proper reference counting to BPF programs. This
is useful for working with two BPF programs in parallel: the BPF program
we are preparing for installation and the BPF program we so far
installed, shortening the window when we detach the old one and reattach
the new one.
2018-02-21 16:43:36 +01:00
Lennart Poettering
e0ad39fc52 bpf-program: make bpf_program_load_kernel() idempotent
Let's "seal" off the BPF program as soo as bpf_program_load_kernel() is
called, which allows us to make it idempotent: since the program can't
be modified anymore after being turned into a kernel object it's safe to
shortcut behaviour if called multiple times.
2018-02-21 16:43:36 +01:00
Lennart Poettering
72a1db0bb2 test: don't complain if bpffs is world-writable
Apparently, world-writable bpffs is intended by the kernel folks, hence
let's make sure we don't choke on it on our tests.
2018-02-21 16:43:36 +01:00
Lennart Poettering
13a141f046 namespace: protect bpf file system as part of ProtectKernelTunables=
It also exposes kernel objects, let's better include this in
ProtectKernelTunables=.
2018-02-21 16:43:36 +01:00
Lennart Poettering
6590080851 mount-setup: always use the same source as fstype for the API VFS we mount
So far, for all our API VFS mounts we used the fstype also as mount
source, let's do that for the cgroupsv2 mounts too. The kernel doesn't
really care about the source for API VFS, but it's visible to the user,
hence let's clean this up and follow the rule we otherwise follow.
2018-02-21 16:43:36 +01:00
Lennart Poettering
acf7f253de bpf: use BPF_F_ALLOW_MULTI flag if it is available
This new kernel 4.15 flag permits that multiple BPF programs can be
executed for each packet processed: multiple per cgroup plus all
programs defined up the tree on all parent cgroups.

We can use this for two features:

1. Finally provide per-slice IP accounting (which was previously
   unavailable)

2. Permit delegation of BPF programs to services (i.e. leaf nodes).

This patch beefs up PID1's handling of BPF to enable both.

Note two special items to keep in mind:

a. Our inner-node BPF programs (i.e. the ones we attach to slices) do
   not enforce IP access lists, that's done exclsuively in the leaf-node
   BPF programs. That's a good thing, since that way rules in leaf nodes
   can cancel out rules further up (i.e. for example to implement a
   logic of "disallow everything except httpd.service"). Inner node BPF
   programs to accounting however if that's requested. This is
   beneficial for performance reasons: it means in order to provide
   per-slice IP accounting we don't have to add up all child unit's
   data.

b. When this code is run on pre-4.15 kernel (i.e. where
   BPF_F_ALLOW_MULTI is not available) we'll make IP acocunting on slice
   units unavailable (i.e. revert to behaviour from before this commit).
   For leaf nodes we'll fallback to non-ALLOW_MULTI mode however, which
   means that BPF delegation is not available there at all, if IP
   fw/acct is turned on for the unit. This is a change from earlier
   behaviour, where we use the BPF_F_ALLOW_OVERRIDE flag, so that our
   fw/acct would lose its effect as soon as delegation was turned on and
   some client made use of that. I think the new behaviour is the safer
   choice in this case, as silent bypassing of our fw rules is not
   possible anymore. And if people want proper delegation then the way
   out is a more modern kernel or turning off IP firewalling/acct for
   the unit algother.
2018-02-21 16:43:36 +01:00
Lennart Poettering
43b7f24b5e bpf: mount bpffs by default on boot
We make heavy use of BPF functionality these days, hence expose the BPF
file system too by default now. (Note however, that we don't actually
make use bpf file systems object yet, but we might later on too.)
2018-02-21 16:43:36 +01:00
Lennart Poettering
9b3c189786 bpf-program: optionally take fd of program to detach
This is useful for BPF_F_ALLOW_MULTI programs, where the kernel requires
us to specify the fd.
2018-02-21 16:43:36 +01:00
Lennart Poettering
2ae7ee58fa bpf: beef up bpf detection, check if BPF_F_ALLOW_MULTI is supported
This improves the BPF/cgroup detection logic, and looks whether
BPF_ALLOW_MULTI is supported. This flag allows execution of multiple
BPF filters in a recursive fashion for a whole cgroup tree. It enables
us to properly report IP accounting for slice units, as well as
delegation of BPF support to units without breaking our own IP
accounting.
2018-02-21 16:43:36 +01:00
Lennart Poettering
8b15fca85b bpf: add new bpf.h header copy from 4.15 kernel 2018-02-21 16:43:36 +01:00