1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-02 19:21:53 +03:00
Commit Graph

39274 Commits

Author SHA1 Message Date
Lennart Poettering
d09a25855f capability: add missing ')'
As pointed out by @polarina

d0b6a10c00 (commitcomment-32857641)
2019-03-21 12:29:18 +01:00
Zbigniew Jędrzejewski-Szmek
c924888ffd sd-id128: look for invocation id in environment first, keyring second
As general principle, we generally check command line args first, the
enviroment second, and external configuration and system state only later.
In case of the invocation ID, checking the keyring before the environment
was implemented as a poor-man's security measure. But this is not really
useful, since we're moving within the same security boundary. So let's just
do the expected thing, and check environment first.

Prompted by https://github.com/systemd/systemd/pull/11991#issuecomment-474647652.
2019-03-21 12:06:15 +01:00
Zbigniew Jędrzejewski-Szmek
6757a01356 util-lib: get rid of a helper variable 2019-03-21 11:08:58 +01:00
Zbigniew Jędrzejewski-Szmek
f1531db5af nspawn-oci: add helper function for free_and_strdup with oom check 2019-03-21 11:08:58 +01:00
Zbigniew Jędrzejewski-Szmek
d0b6a10c00
Merge pull request #9762 from poettering/nspawn-oci
OCI runtime support for nspawn
2019-03-21 11:01:53 +01:00
Zbigniew Jędrzejewski-Szmek
19130626a0 nspawn-oci: use SYNTHETIC_ERRNO 2019-03-21 10:51:43 +01:00
Lennart Poettering
13fbfc3013 update TODO 2019-03-20 21:49:33 +01:00
Lennart Poettering
6f765baf23 core: rework how we reset the TTY after use by a service
This makes two changes:

1. Instead of resetting the configured service TTY each time after a
   process exited, let's do so only when the service goes back to "dead"
   state. This should be preferable in case the started processes leave
   background child processes around that still reference the TTY.

2. chmod() and chown() the TTY at the same time. This should make it
   safe to run "systemd-run -p DynamicUser=1 -p StandardInput=tty -p
   TTYPath=/dev/tty8 /bin/bash" without leaving a TTY owned by a dynamic
   user around.
2019-03-20 21:28:02 +01:00
Lennart Poettering
6c0ae73956 execute: split check if we might touch a tty out of exec_context_may_touch_console()
Some simple refactoring that'll come handy in a later commit.
2019-03-20 21:20:00 +01:00
Lennart Poettering
955f1c852e execute: use path_equal() to compare tty names
After all they might be strings such as pts/1 which we really should
consider the same as pts//1.
2019-03-20 21:18:59 +01:00
Lennart Poettering
4bf953d91b
Merge pull request #12049 from keszybz/assorted-fixups
Assorted fixups
2019-03-20 18:27:34 +01:00
David Michael
82bd4da71e shared/install: Preserve escape characters for escaped unit names
Since switching to extract_first_word with no flags for parsing
unit names in 4c9565eea5, escape
characters will be stripped from escaped unit names such as
"mnt-persistent\x2dvolume.mount" resulting in the unit not being
configured as defined.  Preserve escape characters again for
compatibility with existing preset definitions.
2019-03-20 18:26:24 +01:00
Lennart Poettering
2e13c0c354 systemctl: start_unit() returns > 0 on error, let's catch that properly
Let's make sure we fall back correctly to initctl when start_unit()
returns an error > 0.

Fixes: #11546
2019-03-20 15:05:27 +01:00
Lennart Poettering
9dccc6d3ae systemctl: use strv_consume() where we can 2019-03-20 14:53:07 +01:00
Lennart Poettering
61ff45db95 systemctl: port to static destructors 2019-03-20 14:53:07 +01:00
Zbigniew Jędrzejewski-Szmek
d3bdba3816 test-fileio: avoid warning about ineffective comparison
On arm64 with gcc-8.2.1-5.fc29.aarch64:
../src/test/test-fileio.c:645:29: warning: comparison is always false due to limited range of data type [-Wtype-limits]
                 assert_se(c == EOF || safe_fgetc(f, &c) == 1);
                             ^~

Casting c to int is not enough, gcc is able to figure out that the original
type was unsigned and still warns. So let's just silence the warning like
in test-sizeof.c.
2019-03-20 14:00:12 +01:00
Zbigniew Jędrzejewski-Szmek
afd5c1e373 sd-bus: reduce scope of variable 2019-03-20 13:34:35 +01:00
Zbigniew Jędrzejewski-Szmek
96d2e0978d sd-bus: avoid IN_SET() invocation with two identical values
Fixes #12036.

../../../src/systemd/src/libsystemd/sd-bus/bus-objects.c: In function ‘add_object_vtable_internal’:
../../../src/systemd/src/basic/macro.h:423:19: error: duplicate case value
2019-03-20 13:28:29 +01:00
Zbigniew Jędrzejewski-Szmek
cc99274d7d test-alloc-util: add a smoke test for greedy_realloc 2019-03-20 13:17:27 +01:00
Zbigniew Jędrzejewski-Szmek
631427d622 TODO: add some bootctl items 2019-03-20 13:17:27 +01:00
Zbigniew Jędrzejewski-Szmek
a49945e663
Merge pull request #12033 from fbuihuu/watched-process-improvments
Watched process improvments
2019-03-20 13:03:06 +01:00
Zbigniew Jędrzejewski-Szmek
ec7b77642c
Merge pull request #12047 from poettering/cryptsetup-fixlets
some small cryptsetup, ask-password and allocation fixlets
2019-03-20 13:02:34 +01:00
Chris Morin
08f9e80b3f journal-file: handle SIGBUS on offlining thread
The thread launched in journal_file_set_offline() accesses a memory
mapped file, so it needs to handle SIGBUS. Leave SIGBUS unblocked on the
offlining thread so that it uses the same handler as the main thread.

The result of triggering SIGBUS in a thread where it's blocked is
undefined in Linux. The tested implementations were observed to cause
the default handler to run, taking down the whole journald process.

We can leave SIGBUS unblocked in multiple threads since it's handler is
thread-safe. If SIGBUS is sent to the journald process asynchronously
(i.e. with kill, sigqueue, or raise), either thread handling it will
result in the same behavior: it will install the default handler and
reraise the signal, killing the process.

Fixes: #12042
2019-03-20 13:02:04 +01:00
Zbigniew Jędrzejewski-Szmek
45ce112002
Merge pull request #12024 from poettering/bindtoifindex
use SO_BINDTOIFINDEX where appropriate
2019-03-20 11:16:51 +01:00
Franck Bui
01542056aa scope: tiny cleanup: UNIT(s) -> u
No functional changes.
2019-03-20 10:51:49 +01:00
Franck Bui
846a07b505 core: only watch processes when it's really necessary
If we know that main pid is our child then it's unnecessary to watch all
other processes of a unit since in this case we will get SIGCHLD when the main
process will exit and will act upon accordingly.

So let's watch all processes only if the main process is not our child since in
this case we need to detect when the cgroup will become empty in order to
figure out when the service becomes dead. This is only needed by cgroupv1.
2019-03-20 10:51:49 +01:00
Franck Bui
f75f613d25 core: reduce the number of stalled PIDs from the watched processes list when possible
Some PIDs can remain in the watched list even though their processes have
exited since a long time. It can easily happen if the main process of a forking
service manages to spawn a child before the control process exits for example.

However when a pid is about to be mapped to a unit by calling unit_watch_pid(),
the caller usually knows if the pid should belong to this unit exclusively: if
we just forked() off a child, then we can be sure that its PID is otherwise
unused. In this case we take this opportunity to remove any stalled PIDs from
the watched process list.

If we learnt about a PID in any other form (for example via PID file, via
searching, MAINPID= and so on), then we can't assume anything.
2019-03-20 10:51:49 +01:00
Franck Bui
4d05154600 process-util: introduce pid_is_my_child() helper
No functional changes.
2019-03-20 10:51:49 +01:00
Lennart Poettering
054b6be05b ask-password: add extra paranoid overflow check 2019-03-20 10:48:33 +01:00
Lennart Poettering
32ae18206f alloc-util: typo fix 2019-03-20 10:48:33 +01:00
Lennart Poettering
d4b604baea alloc-util: use malloc_usable_size() to determine allocated size
It's a glibc-specific API, but supported on FreeBSD and musl too at
least, hence fairly common. This way we can reduce our calls to
realloc() as much as possible.
2019-03-20 10:48:33 +01:00
Lennart Poettering
23964f7faf alloc-util: add extra overflow checks to GREEDY_REALLOC() 2019-03-20 10:48:33 +01:00
Lennart Poettering
e5e21a0507 alloc-util: extra paranoid overflow check 2019-03-20 10:48:33 +01:00
Lennart Poettering
e1ed99c8c8 ask-password: erase character read with _cleanup_
This is much nicer, since it means we erase the character regardless how
we exit the scope.
2019-03-20 10:48:33 +01:00
Lennart Poettering
d5d1ae153f cryptsetup: small refactoring 2019-03-20 10:48:33 +01:00
Zbigniew Jędrzejewski-Szmek
dc502f8916
Merge pull request #12034 from poettering/stdio-bridge-fixes
small stdio-bridge and errno-util.h improvements and fixes
2019-03-20 10:46:32 +01:00
Zbigniew Jędrzejewski-Szmek
bd504f6a22
Merge pull request #12005 from poettering/exec-dir-fixup
Some fixes to exec directory management
2019-03-20 09:48:45 +01:00
Zbigniew Jędrzejewski-Szmek
30222f4b2c util-lib: use a fixed buffer size for terminal path
The loop around ttyname_r() makes it look like we use unbounded stack
allocations. We know that that paths have a maximum size, so let's simplify
the whole thing.

Replaces #12043.
2019-03-20 09:36:45 +01:00
Lennart Poettering
08f6769675 execute: generalize uid/gid handling in two cases for any kind of uid/gid 2019-03-19 16:57:33 +01:00
Lennart Poettering
206e9864de core: change ownership/mode of the execution directories also for static users
It's probably unexpected if we do a recursive chown() when dynamic users
are used but not on static users.

hence, let's tweak the logic slightly, and recursively chown in both
cases, except when operating on the configuration directory.

Fixes: #11842
2019-03-19 16:57:33 +01:00
Lennart Poettering
d484580ca6 execute: remove one redundant comparison check 2019-03-19 16:52:28 +01:00
Lennart Poettering
40cd2ecc26 execute: also do the private/ symlink dance when runtime dir preservation is requested
In that case it's not safe to leave a regular dir around, hence, move it
to private/ too.
2019-03-19 16:52:28 +01:00
Lennart Poettering
edbfeb1204 execute: use path_join() where appropriate 2019-03-19 16:52:28 +01:00
Lennart Poettering
30ff18d8a2 fs-util: change chmod_and_chown() to not complain if stat data already matches
Let's reduce the chance of failure: if we can't apply the chmod/chown
requested, check if it's applied anyway, and if so, supress the error.

This is even race-free since we operate on an O_PATH fd anyway.
2019-03-19 16:52:28 +01:00
Lennart Poettering
f60a028a4e tree-wide: use ERRNO_IS_DISCONNECT() at more places 2019-03-19 15:41:30 +01:00
Lennart Poettering
dd90e39cb6 util: add one more disconnect errno code 2019-03-19 15:39:07 +01:00
Lennart Poettering
d1ded478ee stdio-bridge: slightly optimize formatting of structure 2019-03-19 15:29:44 +01:00
Lennart Poettering
451e16e0cb stdio-bridge: use SYNTHETIC_ERRNO() where appropriate 2019-03-19 15:29:44 +01:00
Lennart Poettering
b6056ea37c stdio-bridge: tweak getopt() case statement a bit 2019-03-19 15:29:44 +01:00
Lennart Poettering
578e95de48 stdio-bridge: fix getopt() parameter list to match reality 2019-03-19 15:29:44 +01:00