IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We would deadlock when passing the data back from the forked-off process that
was doing backtrace generation back to the coredump parent. This is because we
fork the child and wait for it to exit. The child tries to write too much data
to the output pipe, and and after the first 64k blocks on the parent because
the pipe is full. The bug surfaced in Fedora because of a combination of four
factors:
- 87707784c7 was backported to v251.5, which
allowed coredump processing to be successful.
- 1a0281a3eb was NOT backported, so the output
was very verbose.
- Fedora has the ELF package metadata available, so a lot of output can be
generated. Most other distros just don't have the information.
- gnome-calendar crashes and has a bazillion modules and 69596 bytes of output
are generated for it.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778.
The code is changed to try to write data opportunistically. If we get partial
information, that is still logged. In is generally better to log partial
backtrace information than nothing at all.
We do not provide any numerical libraries, and iszero_safe() is only
used in parsing or formatting JSON. Hence, it is not necessary for us to
request that the function provides the same result on different systems.
Fixes#25044.
Use target process context to set socket context when using SELinuxContextFromNet
not systemd's context. Currently when using the SELinuxContextFromNet option for
a socket activated services, systemd calls getcon_raw which returns init_t and
uses the resulting context to compute the context to be passed to the
setsockcreatecon call. A socket of type init_t is created and listened on and
this means that SELinux policy cannot be written to control which processes
(SELinux types) can connect to the socket since the ref policy allows all
'types' to connect to sockets of the type init_t. When security accessors see
that any process can connect to a socket this raises serious concerns. I have
spoken with SELinux contributors in person and on the mailing list and the
consensus is that the best solution is to use the target executables context
when computing the sockets context in all cases.
[zjs review/comment:
This removes the branch that was added in 16115b0a7b.
16115b0a7b did two things: it had the branch here
in 'socket_determine_selinux_label()' and a code in 'exec_child()' to call
'label_get_child_mls_label(socket_fd, command->path, &label)'.
Before this patch, the flow was:
'''
mac_selinux_get_child_mls_label:
peercon = getpeercon_raw(socket_fd);
if (!exec_label)
exec_label = getfilecon_raw(exe);
socket_open_fds:
if (params->selinux_context_net) #
label = mac_selinux_get_our_label(); # this part is removed
else #
label = mac_selinux_get_create_label_from_exe(path);
socket_address_listen_in_cgroup(s, &p->address, label);
exec_child():
exec_context = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context);
setexeccon(exec_context);
'''
]
Similarly to DumpByFileDescriptor vs Dump,
DumpUnitsMatchingPatternsByFileDescriptor is used in preference. Dissimilarly,
a fallback to DumpUnitsMatchingPatterns is not done on error, because there is
no need for backwards compatibility.
The code is still more verbose than I'd like, but there are four different code
paths with slightly different rules in each case, so it's hard to make this all
very brief. Since we have a separate file dedicated to making those calls, the
verbose-but-easy-to-follow implementation should be OK.
Closes#24989.
I only did a quick test that all both variants works locally and over ssh.
Otherwise we might hit a race where we read the test log just before
it's fully written to the disk:
```
======================================================================
FAIL: test_interleaved (__main__.ExecutionResumeTest.test_interleaved)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/systemd/test/test-exec-deserialization.py", line 170, in test_interleaved
self.check_output(expected_output)
File "/root/systemd/test/test-exec-deserialization.py", line 111, in check_output
self.assertEqual(output, expected_output)
AssertionError: 'foo\n' != 'foo\nbar\n'
foo
+ bar
```
With some debug:
```
test_interleaved (__main__.ExecutionResumeTest.test_interleaved) ...
Assertion failed; file contents just after the assertion:
b'foo\n'
File contents 5 seconds later:
b'foo\nbar\n'
FAIL
```
Seen quite often in CentOS CI on the fast baremetal machines.
(s) is just ugly with a vibe of DOS. In most cases just using the normal plural
form is more natural and gramatically correct.
There are some log_debug() statements left, and texts in foreign licenses or
headers. Those are not touched on purpose.
TEST-69 uses a Python wrapper around the systemd-nspawn call, which on
error calls the `spawn.terminate()` method. However, with no arguments
it will only use SIGHUP and SIGINT signals - this might leave a stuck
container around, causing fails if the test is run again. With `force=True`
SIGKILL is used as well (if necessary).
This moves the shim security arch override to the new
ReinstallProtocolInterface based interface. This also has the benefit to
reduce the time window in which we have this override active and also
actually removes it, which was not previously done.
The shim hooks themselves are also modernized too. The upcalls should
really not be neccessary if shim is happy with the provided binary.
Only the compat entry address is used now. This also now only returns
the compat entry address. If the image is native we do not need to try
calling into the entry address again as we would already have done so
from StartImage (and failed).
This is the proper way to start any EFI binary. The fact this even ever
worked was because the kernel does not have any PE relocations.
The only downside is that the embedded kernel image has to be signed and
trusted by the firmware under secure boot. A future commit will try to
deal with that.
This is really the parent image for the kernel that is to be run.
Renaming it as such prevents confusion with any image handles that are
about to be created.
TEST-34 complains in `test_check_writable` when running with gcov, as
the build directory tree is not writable with DynamicUser=true. As I had
no luck with $GCOV_PREFIX and other runtime gcov configuration, let's
just ignore the gcov errors for this test.
This function was returning 0 or 1 on success. It has many callers, and it
wasn't clear if any of them care about the distinction. It turns out they don't
and the return values were done for convenience because manager_load_unit_prepare()
returns 0 or 1. Let's invert the code in the static function to follow the usual
pattern where 0 means "no work was done" and 1 means "work was done", and make
the non-static function always return 0 to make the code easier to read, and
also add comments that explain what is happening.
No functional change.
This adds two more phases to the PCR boot phase logic: "sysinit" +
"final".
The "sysinit" one is placed between sysinit.target and basic.target.
It's good to have a milestone in this place, since this is after all
file systems/LUKS volumes are in place (which sooner or later should
result in measurements of their own) and before services are started
(where we should be able to rely on them to be complete).
This is particularly useful to make certain secrets available for
mounting secondary file systems, but making them unavailable later.
This breaks API in a way (as measurements during runtime will change),
but given that the pcrphase stuff wasn't realeased yet should be OK.