1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 23:21:22 +03:00
Commit Graph

42224 Commits

Author SHA1 Message Date
Yu Watanabe
d8b736bd0c network: rename SendRawOption= to SendOption=
As DHCPv4.SendOption= and DHCPServer.SendRawOption= take the same
format.
2019-11-18 23:35:48 +09:00
Zbigniew Jędrzejewski-Szmek
a2870138c1
Merge pull request #14055 from yuwata/network-send-option-takes-type-field
network: make SendOption= also take type field
2019-11-17 19:17:38 +01:00
Serge
bf9012bbf6 sd-dhcp-client: anonymize DHCPDISCOVER (fixes #13992)
According to RFC7844 section 3 the DHCPDISCOVER message should not contain option 50 («Requested IP Address») when Anonymize is true
2019-11-18 00:06:01 +09:00
Yu Watanabe
586ec936c6 network: make SendOption= also take type field
This makes SendOption= and SendRawOption= takes values in the same
format.
2019-11-17 23:17:29 +09:00
Yu Watanabe
2e5580a8c1 network: rename DHCPRawOption to DHCPOptionDataType
And moves the definition from networkd-dhcp-server.[ch] to networkd-dhcp-common.[ch].
2019-11-17 23:00:11 +09:00
Yu Watanabe
599e10a1d2 network: fix logged error value 2019-11-17 22:51:06 +09:00
Yu Watanabe
62a7c3608e network: fix indentation 2019-11-17 22:45:38 +09:00
Tom Fitzhenry
a0fa3ef7ff Error, rather than warn, if failing to start DHCP server
This would have made diagnosing https://github.com/systemd/systemd/issues/14050 easier.
2019-11-17 22:31:43 +09:00
Cyprien Laplace
4d4ac92c92 basic: add vmware hypervisor detection from device-tree
Allow ConditionVirtualization=vmware to work on ESXi on arm VMs
using device-tree.
2019-11-16 13:56:26 +01:00
Lennart Poettering
836e293585
Merge pull request #14038 from keszybz/hwdb-update
hwdb update
2019-11-16 13:49:01 +01:00
Zbigniew Jędrzejewski-Szmek
852b72727a NEWS: more items
Also reorder some entries to restore the grouping by subject.
2019-11-16 13:48:41 +01:00
Lennart Poettering
addc5f1e25
Merge pull request #14043 from poettering/shutdown-noswap-fix
shutdown: it's OK if /proc/swaps is missing
2019-11-16 13:48:25 +01:00
Lennart Poettering
82e8d02aa4
Merge pull request #14039 from keszybz/systemd-man
systemd(1) and journalctl(1) improvements
2019-11-16 13:47:59 +01:00
Lennart Poettering
19fa17c7c4 sd-bus: invalidate connection when Hello() fails
Fixes: #13969
2019-11-16 13:47:32 +01:00
Lennart Poettering
f0bfae7265
Merge pull request #14037 from poettering/machinectl-pw-agent
spawn ask pw tty agent from "machinectl start"
2019-11-15 16:59:49 +01:00
Lennart Poettering
8af381679d
Merge pull request #13940 from keur/protect_kernel_logs
Add ProtectKernelLogs to systemd.exec
2019-11-15 16:26:10 +01:00
Lennart Poettering
4e201419b7 umount: log on all errors 2019-11-15 14:58:06 +01:00
Lennart Poettering
2cdd0d612d umount: be happy if /proc/swaps doesn't exist
Kernels work without swap just fine.

Fixes: #13993
2019-11-15 14:57:27 +01:00
Lennart Poettering
f795267e3a shutdown: make logging more useful if NULL swap/mount table files are specified
Makes the error output seen in #13993 more readable.
2019-11-15 14:56:35 +01:00
Zbigniew Jędrzejewski-Szmek
c035f3766c man: significantly downgrade the Options section in systemd(1)
This structure of the man page originates from the time when systemd was
installed on top of sysvinit systems, and users had an actual chance to
interact with the systemd binary directly. Nowadays it is almost never called
directly, so let's properly explain this in the overview.

The Options section is moved down below the kernel command line, those options
are only needed in special circumstances. Let's refer the reader to the
description of the kernel command line options, and not duplicate the
descriptions (which makes the text longer than necessary and increases chances
for discrepancies).

Systemd is also prominently used as the user manager, let's mention that in the
Overview.

While at it, use "=" only when an argument is required as we nowadays do.
2019-11-15 13:36:20 +01:00
Zbigniew Jędrzejewski-Szmek
339bf2076b man: share description of $SYSTEMD_COLORS in other tools
It was only described in systemd(1), making it hard to discover.
Fixes #13561.

The same for $SYSTEMD_URLIFY.

I think all the tools whose man pages include less-variables.xml support
those variables.
2019-11-15 13:34:52 +01:00
Zbigniew Jędrzejewski-Szmek
18da36a8e7 hwdb: update
As before, the net change seems to be almost only additions, with some
minor removals that seems to be corrections of incomplete entries.
2019-11-15 11:36:59 +01:00
Zbigniew Jędrzejewski-Szmek
62d3999518 meson: add target to update the chromiumos rules
There is no change in the file right now, but the download seems to work
OK.

It's funny that the biggest company in the world cannot provide a
download link in plain text.
2019-11-15 11:36:59 +01:00
Lennart Poettering
e41e9ba8bf machinectl: spawn ask password agent on "start"
We start units in the background, hence it is wise to also have the
ask pasword agent around.

Fixes: #13587
2019-11-15 11:12:34 +01:00
Lennart Poettering
c59e2ec696 ask-password-agent: introduce ask_password_agent_open_if_enabled()
This makes the ask-password agent handling more alike the polkit agent
handling again, and introduces ask_password_agent_open_if_enabled() that
works just like the already existing polkit_agent_open_if_enabled().
2019-11-15 11:11:52 +01:00
Lennart Poettering
385d581b74 polkit-agent: don't use an inline function
This is long enough to just be a regular function, and is never called
in inner loops, let's hence just make this a plain function.
2019-11-15 11:11:14 +01:00
Torsten Hilbrich
7be830c6e8 nspawn: Allow Capability= to overrule private network setting
The commit:

a3fc6b55ac nspawn: mask out CAP_NET_ADMIN again if settings file turns off private networking

turned off the CAP_NET_ADMIN capability whenever no private networking
feature was enabled. This broke configurations where the CAP_NET_ADMIN
capability was explicitly requested in the configuration.

Changing the order of evalution here to allow the Capability= setting
to overrule this implicit setting:

Order of evaluation:

1. if no private network setting is enabled, CAP_NET_ADMIN is removed
2. if a private network setting is enabled, CAP_NET_ADMIN is added
3. the settings of Capability= are added
4. the settings of DropCapability= are removed

This allows the fix for #11755 to be retained and to still allow the
admin to specify CAP_NET_ADMIN as additional capability.

Fixes: a3fc6b55ac
Fixes: #13995
2019-11-15 10:13:51 +01:00
Kevin Kuehler
82dce83b19 systemd-analyze: Add ProtectKernelLogs to security 2019-11-15 00:59:54 -08:00
Kevin Kuehler
6168ae5840 units: set ProtectKernelLogs=yes on relevant units
We set ProtectKernelLogs=yes on all long running services except for
udevd, since it accesses /dev/kmsg, and journald, since it calls syslog
and accesses /dev/kmsg.
2019-11-15 00:59:54 -08:00
Kevin Kuehler
806aea3879 test-namespace: Add test for ProtectKernelLogs= 2019-11-15 00:59:51 -08:00
Zbigniew Jędrzejewski-Szmek
7edd8fb198 core: do not propagate polkit error to caller
If we fail to start polkit, we get a message like
"org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer.",
which has no meaning for the caller of our StartUnit method. Let's just
return -EACCES.

$ systemctl start apache
Failed to start apache.service: Could not activate remote peer. (before)
Failed to start apache.service: Access denied                   (after)

Fixes #13865.
2019-11-15 08:17:01 +01:00
Lennart Poettering
4df8fe8415 seccomp: more comprehensive protection against libseccomp's __NR_xyz namespace invasion
A follow-up for 59b657296a, adding the
same conditioning for all cases of our __NR_xyz use.

Fixes: #14031
2019-11-15 08:13:36 +01:00
Tommy J
48daf51026 PrefixDelegationHint-section: typo 2019-11-15 07:57:32 +01:00
Kevin Kuehler
d916e35b9f man: Add description for ProtectKernelLogs= 2019-11-14 13:31:06 -08:00
Kevin Kuehler
97d05f3b70 test/test-seccomp: add test_protect_syslog 2019-11-14 13:31:03 -08:00
Kevin Kuehler
94a7b2759d core: ProtectKernelLogs= mask kmsg in proc and sys
Block access to /dev/kmsg and /proc/kmsg when ProtectKernelLogs is set.
2019-11-14 12:58:43 -08:00
Zbigniew Jędrzejewski-Szmek
67f5b9e06e
Merge pull request #14003 from keszybz/user-path-configurable
meson: make user $PATH configurable
2019-11-14 10:08:40 +01:00
Lennart Poettering
e013e10d0e ask-password: don't hit assert() when we query pw which the user C-d and caching is enabled 2019-11-14 10:04:11 +01:00
Dimitri John Ledkov
07d5ed536e boot: Add ARM64 support to the EFI stub 2019-11-14 10:03:08 +01:00
Zbigniew Jędrzejewski-Szmek
a079077340
Merge pull request #14013 from keszybz/cryptsetup-keyfile-with-colons
Support cryptsetup keyfiles with colons agains
2019-11-14 10:02:20 +01:00
Dimitri John Ledkov
53a2045521 boot: Load LoadOptions cmdline, if none is available.
Fixes #13694
2019-11-14 10:01:20 +01:00
Filipe Brandenburger
14e0259b49 test: Disable LUKS devices from initramfs in QEMU tests
We currently use the host's kernel and initramfs in our QEMU tests.

If the host is running on an encrypted LUKS partition, then the initramfs
will have a crypttab setup looking for the particular root disk it needs to
encrypt before booting into the system.

However, this disk obviously doesn't exist in our QEMU VM, so it turns out
our tests end up waiting for this device to become available, which will
never actually happen, and boot hangs for 90s until that service times out.

[***   ] A start job is running for /dev/disk/by-uuid/01234567-abcd-1234-abcd-0123456789ab (20s / 1min 30s)

In order to prevent this issue, let's pass "rd.luks=0" to disable LUKS in
the initramfs only as part of our default kernel command-line in our QEMU
tests.

This is enough to disable this behavior and prevent the timeout, while at
the same time doesn't conflict with our tests that actually check for LUKS
behavior in the systemd running under test (such as TEST-02-CRYPTSETUP).

Tested: `sudo make -C TEST-02-CRYPTSETUP/ clean setup run`
2019-11-13 19:55:18 -08:00
Riccardo Schirone
2f2b28ab35 Be more specific in resolved.conf man page with regard to DNSOverTLS
DNSOverTLS in strict mode (value yes) does check the server, as it is said in
the first few lines of the option documentation. The check is not performed in
"opportunistic" mode, however, as that is allowed by RFC 7858, section "4.1.
Opportunistic Privacy Profile".

> With such a discovered DNS server, the client might or might not validate the
> resolver. These choices maximize availability and performance, but they leave
> the client vulnerable to on-path attacks that remove privacy.
2019-11-13 22:44:15 +01:00
Zbigniew Jędrzejewski-Szmek
5bc655cd20 meson: avoid ternary op in .format()
meson 0.49 can't parse that for some reason. I'm keeping this separate so it
can be reverted easily when we bump required meson version.
2019-11-13 22:34:33 +01:00
Zbigniew Jędrzejewski-Szmek
3602ca6f0c meson: make user $PATH configurable
This partially reverts db11487d10 (the logic to
calculate the correct value is removed, we always use the same setting as for
the system manager). Distributions have an easy mechanism to override this if
they wish.

I think making this configurable is better, because different distros clearly
want different defaults here, and making this configurable is nice and clean.
If we don't make it configurable, distros which either have to carry patches,
or what would be worse, rely on some other configuration mechanism, like
/etc/profile. Those other solutions do not apply everywhere (they usually
require the shell to be used at some point), so it is better if we provide
a nice way to override the default.

Fixes  #13469.
2019-11-13 22:34:14 +01:00
HATAYAMA Daisuke
fc9de36a3b verify: fix segmentation fault
systemd-analyze verify command now results in segmentation fault if two
consecutive non-existent unit file names are given:

    # ./build/systemd-analyze a.service b.service
    ...<snip irrelevant part>...
    Unit a.service not found.
    Unit b.service not found.
    Segmentation fault (core dumped)

The cause of this is a wrong handling of return value of
manager_load_startable_unit_or_warn() in verify_units() in failure case.

It looks that the current logic wants to assign the first error status
throughout verify_units() into variable r and count up variable count only when
a given unit file exists.

However, due to the wrong handling of the return value of
manager_load_startable_unit_or_warn() in verify_units(), the variable count is
unexpectedly incremented even when there is no such unit file because the
variable r already contains non-zero value in the 2nd failure, set by the 1st
failure, and then the condition k < 0 && r == 0 evaluates to false.

This commit fixes the wrong handling of return value of
manager_load_startable_unit_or_warn() in verify_units().
2019-11-13 22:20:01 +01:00
Zbigniew Jędrzejewski-Szmek
1f6597a84c man: mention $RUNTIME_DIRECTORY & friends in environment list 2019-11-13 22:05:11 +01:00
Zbigniew Jędrzejewski-Szmek
ed4ad48897 Allow overriding /etc/fstab with $SYSTEMD_FSTAB 2019-11-13 22:04:51 +01:00
Zbigniew Jędrzejewski-Szmek
32c6237a7c cryptsetup-generator: guess whether the keyfile argument is two items or one
Fixes #13615.

See the inline comment for documentation.
2019-11-13 22:04:45 +01:00
Zbigniew Jędrzejewski-Szmek
3f5ac3038e cryptsetup-generator: allow overriding /run/systemd/cryptsetup with $RUNTIME_DIRECTORY
I added a fairly vague entry to docs/ENVIRONMENT because I think it is worth
mentioning there (in case someone is looking for any environment variable that
might be relevant).
2019-11-13 22:04:38 +01:00