1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

39037 Commits

Author SHA1 Message Date
Lennart Poettering
d449d63a0d
Merge pull request #11975 from keszybz/fuzzer-fixes-n
Fixes for a few fuzzer issues
2019-03-15 17:34:37 +01:00
Lennart Poettering
95658673a0
Merge pull request #12016 from yuwata/fix-two-memleaks-found-by-oss-fuzz
Fix two memleaks found by oss fuzz
2019-03-15 17:33:48 +01:00
Lennart Poettering
4209f6619d
Merge pull request #12015 from keszybz/fix-tests-in-rawhide
Fix compilation and tests in Fedora rawhide
2019-03-15 17:33:20 +01:00
Lennart Poettering
f0e3650de1 man: clarify that /run/media/system/ is where mounts are placed by default
Prompted by the discussions on: https://github.com/systemd/systemd/issues/11982#issuecomment-472781806
2019-03-15 16:37:17 +01:00
Yu Watanabe
50969cff60 network: clear previous assignment
Prompted by oss-fuzz#13719.
2019-03-16 00:12:25 +09:00
Yu Watanabe
c7a67ba5eb fuzz: add testcase for oss-fuzz#13691 2019-03-15 23:54:30 +09:00
Yu Watanabe
1d0c1146ea nspawn: fix memleak
Fixes oss-fuzz#13691.
2019-03-15 23:53:05 +09:00
Yu Watanabe
5ba40bb2cc fuzz: add a testcase for oss-fuzz#13719 2019-03-15 23:47:41 +09:00
Zbigniew Jędrzejewski-Szmek
7acf581a58 Handle or voidify all calls to close_all_fds()
In activate, it is important that we close the fds. In other cases, meh.
2019-03-15 15:46:41 +01:00
Zbigniew Jędrzejewski-Szmek
054d871d41 test-execute: block /sys not /proc
As explained in the previous commit, blocking /proc can cause us
to go into a long loop or fail the test.
2019-03-15 15:46:41 +01:00
Zbigniew Jędrzejewski-Szmek
6a461d1f59 basic/fd-util: refuse "infinite" loop in close_all_fds()
I had a test machine with ulimit -n set to 1073741816 through pam
("session required pam_limits.so set_all", which copies the limits from PID 1,
left over from testing of #10921).

test-execute would "hang" and then fail with a timeout when running
exec-inaccessiblepaths-proc.service. It turns out that the problem was in
close_all_fds(), which would go to the fallback path of doing close()
1073741813 times. Let's just fail if we hit this case. This only matters
for cases where both /proc is inaccessible, and the *soft* limit has been
raised.

  (gdb) bt
  #0  0x00007f7e2e73fdc8 in close () from target:/lib64/libc.so.6
  #1  0x00007f7e2e42cdfd in close_nointr ()
     from target:/home/zbyszek/src/systemd-work3/build-rawhide/src/shared/libsystemd-shared-241.so
  #2  0x00007f7e2e42d525 in close_all_fds ()
     from target:/home/zbyszek/src/systemd-work3/build-rawhide/src/shared/libsystemd-shared-241.so
  #3  0x0000000000426e53 in exec_child ()
  #4  0x0000000000429578 in exec_spawn ()
  #5  0x00000000004ce1ab in service_spawn ()
  #6  0x00000000004cff77 in service_enter_start ()
  #7  0x00000000004d028f in service_enter_start_pre ()
  #8  0x00000000004d16f2 in service_start ()
  #9  0x00000000004568f4 in unit_start ()
  #10 0x0000000000416987 in test ()
  #11 0x0000000000417632 in test_exec_inaccessiblepaths ()
  #12 0x0000000000419362 in run_tests ()
  #13 0x0000000000419632 in main ()
2019-03-15 15:46:41 +01:00
Zbigniew Jędrzejewski-Szmek
9efb96315a test-execute: allow filtering test cases by pattern
When debugging failure in one of the cases, it's annoying to have to wade
through the output from all the other cases. Let's allow picking select
cases.
2019-03-15 15:46:41 +01:00
Zbigniew Jędrzejewski-Szmek
67fb5f338f seccomp: allow shmat to be a separate syscall on architectures which use a multiplexer
After
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0d6040d46817,
those syscalls have their separate numbers and we can block them.
But glibc might still use the old ones. So let's just do a best-effort
block and not assume anything about how effective it is.
2019-03-15 15:46:41 +01:00
Yu Watanabe
5f07d640ca network: clear previous assignment
Fixes oss-fuzz#13719.
2019-03-15 23:44:51 +09:00
Zbigniew Jędrzejewski-Szmek
e55bdf9b6c seccomp: shm{get,at,dt} now have their own numbers everywhere
E.g. on i686:

(previously)
arch x86: SCMP_SYS(mmap) = 90
arch x86: SCMP_SYS(mmap2) = 192
arch x86: SCMP_SYS(shmat) = -221
arch x86: SCMP_SYS(shmat) = -221
arch x86: SCMP_SYS(shmdt) = -222

(now)
arch x86: SCMP_SYS(mmap) = 90
arch x86: SCMP_SYS(mmap2) = 192
arch x86: SCMP_SYS(shmat) = 397
arch x86: SCMP_SYS(shmat) = 397
arch x86: SCMP_SYS(shmdt) = 398

The relevant commit seems to be
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0d6040d46817.
2019-03-15 15:28:43 +01:00
Zbigniew Jędrzejewski-Szmek
a75fcef8fb shared/bootspec: avoid signed-unsigned comparison
../src/shared/bootspec.c: In function ‘find_sections’:
../src/shared/bootspec.c:425:23: warning: comparison of integer expressions of different signedness: ‘ssize_t’ {aka ‘int’} and ‘uint32_t’ {aka ‘unsigned int’} [-Wsign-compare]
  425 |                 if (n != size)
      |                       ^~
2019-03-15 15:28:43 +01:00
Lennart Poettering
75910ed9f4
Merge pull request #12012 from keszybz/generator-man-docs
Generator and documentation improvements
2019-03-15 14:45:00 +01:00
Zbigniew Jędrzejewski-Szmek
d323a99001 man: reorder and add examples to systemd-analyze(1)
The number of verbs supported by systemd-analyze has grown quite a bit, and the
man page has become an unreadable wall of text. Let's put each verb in a
separate subsection, grouping similar verbs together, and add a lot of examples
to guide the user.
2019-03-15 13:55:24 +01:00
Zbigniew Jędrzejewski-Szmek
827f62c3f2 man,units: document what user "default.target" is a bit 2019-03-15 13:55:24 +01:00
Lennart Poettering
9bbd37845c
Merge pull request #11988 from keszybz/test-binaries-installation
Install more requires binaries for tests
2019-03-15 13:06:11 +01:00
Lennart Poettering
1aac9f5dee
Merge pull request #12009 from mrc0mmand/bump-partition-size-for-TEST-02-CRYPTSETUP
test: fix LUKS2 support
2019-03-15 13:01:24 +01:00
Zbigniew Jędrzejewski-Szmek
dea4bef0a2
Merge pull request #11658 from yuwata/systemd-id128
id128: several cleanups
2019-03-15 11:18:28 +01:00
Yu Watanabe
58a6c57b75 bash-completion: add systemd-id128 support 2019-03-15 18:54:53 +09:00
Yu Watanabe
8efb042e0c sd-id128: split the logic obtaining invocation ID from sd_id128_get_invocation() 2019-03-15 18:53:23 +09:00
Yu Watanabe
9363e2f499 id128: no command accepts additional arguments 2019-03-15 18:53:23 +09:00
Zbigniew Jędrzejewski-Szmek
2fffb93b32 analyze: reword explanation in critical-chain header
Let's try to make it a bit clearer.
2019-03-15 10:17:46 +01:00
Frantisek Sumsal
5b69d297c1 test: use PBKDF2 instead of Argon2 in cryptsetup...
to reduce memory requirements for volume manipulation. Also,
to further improve the test performance, reduce number of PBKDF
iterations to 1000 (allowed minimum).
2019-03-15 10:05:33 +01:00
Zbigniew Jędrzejewski-Szmek
9c5ac5ebba man: tell generator writers to provide authorship and source information
Our generators always put a comment who generated the file, but we didn't
recommend it to others.

Let's also strengthen the advice to use SourcePath=.
2019-03-15 08:19:07 +01:00
Zbigniew Jędrzejewski-Szmek
00068caf36 fstab-generator: do not print double header
$ /run/systemd/generator/dev-mapper-fedora_krowka\x2dswap.swap
  # Automatically generated by systemd-fstab-generator

  # Automatically generated by systemd-fstab-generator

  [Unit]
  ...
2019-03-15 08:04:54 +01:00
Frantisek Sumsal
32983312ed test: bump the second partition size to 50MB
10MB is not enough for a LUKS2 partition.
2019-03-15 06:12:23 +01:00
Zbigniew Jędrzejewski-Szmek
de04bbdce1 tree-wide: spell "lifecycle" without hyphen everywhere
We had 10 instances of unhyphentated spelling, and 4 of the hyphenated one.
Consistency trumps ispell.
2019-03-14 22:47:44 +01:00
Van Laser
3ac35cbc2b Add accelerometer orientation quirk for the MYRIA MY8307 2-in-1. 2019-03-14 15:55:34 +01:00
Lennart Poettering
b3f6c4531e
Merge pull request #12002 from keszybz/man-headers
Man headers
2019-03-14 15:55:04 +01:00
Zbigniew Jędrzejewski-Szmek
98b0439f08 tests: install /usr/bin/dbus-broker when using dbus-broker
We'd install the service file, and then dbus-broker-launcher because it is
mentioned in ExecStart=, but not the main executable, so nothing would work.
Let's just install dbus-broker executables if found. They are small, so this
doesn't matter much, and is much easier than figuring the exact conditions
under which dbus-broker will be used instead of dbus-daemon.
2019-03-14 15:52:38 +01:00
Lennart Poettering
72830b187f
Merge pull request #11989 from poettering/minimal-portable-image
various documentation updates
2019-03-14 15:43:03 +01:00
Lennart Poettering
beb6196982
Merge pull request #11785 from dvdhrm/implicit-sasl
sd-bus: allow cross-uid-namespace connections
2019-03-14 15:42:03 +01:00
Lennart Poettering
c4d4b5a708 man: say explicitly which settings are not available in --user services
Fixes: #3944
2019-03-14 15:13:33 +01:00
Lennart Poettering
2e34d21b70 man: document that if the main process exits after SIGTERM we go directly to SIGKILL
Fixes: #8122
2019-03-14 15:13:33 +01:00
Lennart Poettering
c4a05aa1a8 networkd: clarify that IPv6 RA uses our own stack, no the kernel's
Fixes: #8906
2019-03-14 15:13:33 +01:00
Lennart Poettering
5f42830079 man: mention O_NOCTTY and it's importance in daemon(7)
Fixes: #9164
2019-03-14 15:13:33 +01:00
Lennart Poettering
e178b335f5 docs: adjust the spec a bit with firmware authros in mind
This borrows heavily from Nico Huber's
https://github.com/systemd/systemd/pull/10398, but makes a number of
changes.

Replaces: #10398
2019-03-14 15:13:33 +01:00
Lennart Poettering
6cc68362d5 man: document the network interface size limits --network-veth= enforces
Fixes: #10721
2019-03-14 15:13:33 +01:00
Lennart Poettering
fba10579f1 man: document that Anonymize=yes makes DHCP leases grow in size
Fixes: #11551
2019-03-14 15:13:33 +01:00
Lennart Poettering
957848db22 docs: comprehensively document what a minimal portable service image needs to include
The docs were incomplete on this. Let's fix that.

Fixes: #11870
2019-03-14 15:13:33 +01:00
Zbigniew Jędrzejewski-Szmek
9e9213cd08
Merge pull request #12000 from poettering/split-more-util
split more files in src/basic/
2019-03-14 15:00:04 +01:00
Zbigniew Jędrzejewski-Szmek
3a54a15760 man: use same header for all files
The "include" files had type "book" for some raeason. I don't think this
is meaningful. Let's just use the same everywhere.

$ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n  "http^gms' man/*.xml
2019-03-14 14:42:05 +01:00
Zbigniew Jędrzejewski-Szmek
0307f79171 man: standarize on one-line license header
No need to waste space, and uniformity is good.

$ perl -i -0pe 's|\n+<!--\s*SPDX-License-Identifier: LGPL-2.1..\s*-->|\n<!-- SPDX-License-Identifier: LGPL-2.1+ -->|gms' man/*.xml
2019-03-14 14:29:37 +01:00
David Rheinsberg
1ed4723d38 sd-bus: skip sending formatted UIDs via SASL
The dbus external authentication takes as optional argument the UID the
sender wants to authenticate as. This uid is purely optional. The
AF_UNIX socket already conveys the same information through the
auxiliary socket data, so we really don't have to provide that
information.

Unfortunately, there is no way to send empty arguments, since they are
interpreted as "missing argument", which has a different meaning. The
SASL negotiation thus changes from:

    AUTH EXTERNAL <uid>
    NEGOTIATE_UNIX_FD                   (optional)
    BEGIN

to:

    AUTH EXTERNAL
    DATA
    NEGOTIATE_UNIX_FD                   (optional)
    BEGIN

And thus the replies we expect as a client change from:

    OK <server-id>
    AGREE_UNIX_FD                       (optional)

to:

    DATA
    OK <server-id>
    AGREE_UNIX_FD                       (optional)

Since the old sd-bus server implementation used the wrong reply for
"AUTH" requests that do not carry the arguments inlined, we decided to
make sd-bus clients accept this as well. Hence, sd-bus now allows
"OK <server-id>\r\n" replies instead of "DATA\r\n" replies.

Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
2019-03-14 13:34:13 +01:00
David Rheinsberg
2010873b4b sd-bus: fix SASL reply to empty AUTH
The correct way to reply to "AUTH <protocol>" without any payload is to
send "DATA" rather than "OK". The "DATA" reply triggers the client to
respond with the requested payload.

In fact, adding the data as hex-encoded argument like
"AUTH <protocol> <hex-data>" is an optimization that skips the "DATA"
roundtrip. The standard way to perform an authentication is to send the
"DATA" line.

This commit fixes sd-bus to properly send the "DATA" line. Surprisingly
no existing implementation depends on this, as they all pass the data
directly as argument to "AUTH". This will not work if we want to pass
an empty argument, though.

Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
2019-03-14 13:33:28 +01:00
David Rheinsberg
3cacdab925 sd-bus: avoid magic number in SASL length calculation
Lets avoid magic numbers and use a constant `strlen()` instead.

Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
2019-03-14 13:31:14 +01:00