1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00
Commit Graph

51364 Commits

Author SHA1 Message Date
Yu Watanabe
e6655fbe40 man: mention that drop-in files are merged in alphanumeric order
This addresses the request in https://github.com/systemd/systemd/issues/19467#issuecomment-829332877.
2021-05-20 21:20:51 +02:00
Luca Boccassi
f144f6faa9
Merge pull request #19669 from mrc0mmand/ci-mkosi-arch
ci: work around #19442 to make CI happy again
2021-05-20 10:14:30 +01:00
Yu Watanabe
354dadb30f nspawn: fix build failure
This fixes a conflict between #19555 and #19653.
2021-05-20 10:04:14 +02:00
Anita Zhang
1539124b39 man: document default rlimits
Fixes #19645
2021-05-20 09:58:48 +02:00
Zbigniew Jędrzejewski-Szmek
f78ad5f046 test: enable fuzz regression tests by default
This ensures that the fuzz test code is also built by default.
It also increases the test coverage a bit. Compiling the tests
*with* sanitizers is painfully slow, so this is not enabled. But
just compiling them sauté is hardly noticable. Running the tests
increases the test count and runtime:
  622 tests, 26 s
to
  922 tests, 35 s
I think this is acceptable.
2021-05-20 09:30:43 +02:00
Lennart Poettering
d99c2df2df
Merge pull request #19555 from poettering/nspawn-bind-user
nspawn: add --bind-user= feature for binding  host user+homedir into a container
2021-05-20 07:33:51 +02:00
Lennart Poettering
48b4a760c9
Merge pull request #19591 from poettering/terminal-fixes
five terminal handling fixes
2021-05-20 07:33:21 +02:00
Luca Boccassi
2d4efd1dba build tests: check that Github pages can be built successfully 2021-05-19 23:25:34 +02:00
Lennart Poettering
2adcf6f4f7
Merge pull request #19662 from yuwata/memdup
util: make memdup() or friends safer
2021-05-19 23:24:55 +02:00
Lennart Poettering
ed056c560b
Merge pull request #19653 from poettering/greedy-realloc-more
malloc_usable_size() tweaks
2021-05-19 23:22:44 +02:00
Frantisek Sumsal
27b4d60678 ci: skip root tty login
We use the `autologin` mkosi option (see
mkosi.default.d/10-systemd.conf), so the pexpect root login throws
a (harmless) error:

```
Arch Linux (built from systemd tree)
Kernel 5.4.0-1047-azure on an x86_64 (console)

image login: root (automatic login)

root
root
[root@image ~]# systemctl poweroff
root
-bash: root: command not found
[root@image ~]# systemctl poweroff
```
2021-05-19 23:07:25 +02:00
Frantisek Sumsal
715a273b10 ci: show image summary 2021-05-19 23:07:25 +02:00
Frantisek Sumsal
48a3cf58d5 ci: work around #19442 to make CI happy again
Let's introduce a somewhat ugly workaround for #19442 and retry
the systemd-nspawn image boot test up to three times in case it dies
with the dissect timeout. Since this issue occurs only in the Arch job,
limit the workaround to this job only.
2021-05-19 23:07:19 +02:00
Lennart Poettering
374c80df67
Merge pull request #19603 from yuwata/network-link-get-by-name
network: introduce link_get_by_name() and use it in resolving interface name specifier in MultiPathRoute=
2021-05-19 21:35:48 +02:00
Lennart Poettering
aa4d11a4eb
Merge pull request #19656 from yuwata/network-trivial-cleanups
network: several trivial cleanups
2021-05-19 21:34:59 +02:00
Franck Bui
0495728429 kbd-model-map: add mapping 'es-dvorak'
And update test-keymap-util accordingly.

While at it, make sure to use tabs everywhere.
2021-05-19 21:34:40 +02:00
Yu Watanabe
834f3ba1a0 test: reduce debugging logs in test-event
The logs mostly give no information, but fill CI results.
2021-05-19 21:34:17 +02:00
Lennart Poettering
1d406dceb7 systemctl: re-align colon in status output 2021-05-19 21:33:59 +02:00
Lennart Poettering
11f3c130aa terminal: don't hardcode major number of PTYs
Hardcoding major numbers sucks. And we generally don't do it, except
when determining whether something is a PTY. Thing though is that we
don't actually need to do that here either, hence don#t.
2021-05-19 17:58:01 +02:00
Lennart Poettering
a06c9ac277 man: document new nspawn --bind-user= feature 2021-05-19 17:46:59 +02:00
Lennart Poettering
2f89304490 nspawn: add new --bind-user= option for binding a host user into the container
This new option does three things for a host user specified via
--bind-user=:

1. Bind mount the home directory from the host directory into
   /run/host/home/<username>

2. Install an additional user namepace UID/GID mapping mapping the host
   UID/GID of the host user to an unused one from the container in the range
   60514…60577.

3. Synthesize a user/group record for the user/group under the same name
   as on the host, with minimized information, and the UID/GID set to
   the mapped UID/GID. This data is written to /run/host/userdb/ where
   nss-system will pick it up.

This should make sharing users and home directories from host into the
container pretty seamless, under some conditions:

1. User namespacing must be used.

2. The host UID/GID of the user/group cannot be in the range assigned to
   the container (kernel already refuses this, as this would mean two
   host UIDs/GIDs might end up being mapped to the same continer
   UID/GID.

3. There's a free UID/GID in the aforementioned range in the container,
   and the name of the user/group is not used in the container.

4. Container payload is new enough to include an nss-systemd version
   that picks up records from /run/host/userdb/
2021-05-19 17:46:59 +02:00
Lennart Poettering
91181e075b nspawn: export userns_mkdir() + userns_lchown() so that it can be used elsewhere in nspawn 2021-05-19 17:33:25 +02:00
Lennart Poettering
1a298a206c user-record: optionally, allow parsing empty user record JSON objects 2021-05-19 17:33:25 +02:00
Lennart Poettering
0ba976e8da execute: don't chown/chmod non-TTY inodes thinking they were TTYs
Fixes: #19213

This is a safety net for invalid configurations, see the original bug
report.
2021-05-19 17:12:01 +02:00
Lennart Poettering
f2df231fed core: use GID_INVALID instead of -1 where appropriate 2021-05-19 17:12:01 +02:00
Lennart Poettering
4768529ff1 terminal-util: use _cleanup_close_ where appropriate 2021-05-19 17:12:01 +02:00
Lennart Poettering
e60a4a3c46 terminal-util: add extra validity checks that we operate on a TTY before doing so
Prompted by #19213, but not fixing it.

This is mostly paranoia that we don't do stuff on inodes that aren't
actually ttys.
2021-05-19 16:53:50 +02:00
Lennart Poettering
7eaee90286 terminal-util: add debug logging for when TTY ioctls fail 2021-05-19 16:53:50 +02:00
Lennart Poettering
319a4f4bc4 alloc-util: simplify GREEDY_REALLOC() logic by relying on malloc_usable_size()
We recently started making more use of malloc_usable_size() and rely on
it (see the string_erase() story). Given that we don't really support
sytems where malloc_usable_size() cannot be trusted beyond statistics
anyway, let's go fully in and rework GREEDY_REALLOC() on top of it:
instead of passing around and maintaining the currenly allocated size
everywhere, let's just derive it automatically from
malloc_usable_size().

I am mostly after this for the simplicity this brings. It also brings
minor efficiency improvements I guess, but things become so much nicer
to look at if we can avoid these allocation size variables everywhere.

Note that the malloc_usable_size() man page says relying on it wasn't
"good programming practice", but I think it does this for reasons that
don't apply here: the greedy realloc logic specifically doesn't rely on
the returned extra size, beyond the fact that it is equal or larger than
what was requested.

(This commit was supposed to be a quick patch btw, but apparently we use
the greedy realloc stuff quite a bit across the codebase, so this ends
up touching *a*lot* of code.)
2021-05-19 16:42:37 +02:00
Lennart Poettering
99480504d4 alloc-util: add MALLOC_ELEMENTSOF() helper
This is a wrapper around malloc_usable_size() but is typesafe, and
divides by the element size.

A test it is also added ensuring what it does it does correcly.
2021-05-19 16:42:19 +02:00
Lennart Poettering
6df28e1f84 alloc-util: introduce MALLOC_SIZEOF_SAFE() helper
It's a wrapper around malloc_usable_size() that is supposed to be
compatible with _FORTIFY_SOURCES=1, by taking the
__builtin_object_size() data into account, the same way as the
_FORTIFY_SOURCES=1 logic does.

Fixes: #19203
2021-05-19 16:42:00 +02:00
Lennart Poettering
871a3a33bb
Merge pull request #19608 from keszybz/resolved-pahole
Pahole optimization for resolved's DnsQuery
2021-05-19 16:35:16 +02:00
Yu Watanabe
6db7b533c6
Merge pull request #19163 from sipraga/online-if-required
network: introduce an online state that respects RequiredForOnline=
2021-05-19 23:08:18 +09:00
Luca Boccassi
a9833ed01d
Merge pull request #19659 from keszybz/mkosi-naming-adjustment
Mkosi dependency naming adjustment
2021-05-19 14:33:56 +01:00
Yu Watanabe
550721c2e3 alloc-util: use memcpy_safe() in memdup() or friends 2021-05-19 21:22:23 +09:00
Yu Watanabe
d1f3b08098 memory-util: make memcpy_safe() return pointer to destination 2021-05-19 21:20:49 +09:00
Frantisek Sumsal
943edd04b5
Merge pull request #19661 from keszybz/restore-liquid-compatibility
Restore liquid compatibility
2021-05-19 13:58:35 +02:00
Zbigniew Jędrzejewski-Szmek
ba777d019f docs: prettify two external links 2021-05-19 13:53:51 +02:00
Zbigniew Jędrzejewski-Szmek
c9d311c787 docs: use {% raw %} to wrap jinja2 tags in documentation
As reported by @mrc0mmand:
> Since 89f52a780e (diff-b842e6ab4a95a695d9449d106f091e6a134d9eac8d2aee1cd8b169fcb6b3a98bR109)
> the GH pages fail to build, since they use the Liquid templating language,
> which coincidentally uses a very similar tags as jinja:
> https://shopify.github.io/liquid/tags/control-flow/
>
>> The tag elif on line 112 in HACKING.md is not a recognized Liquid tag.
2021-05-19 13:53:51 +02:00
Frantisek Sumsal
31db4c20ea test: reintroduce m4 dependency for TEST-06-SELINUX
m4 is required to build the test SELinux module:

```
[   31.321789] sh[483]: /bin/sh: line 1: m4: command not found
[   31.882668] sh[488]: Compiling targeted systemd_test module
[   32.120862] sh[492]: /bin/sh: line 1: m4: command not found
[   32.159897] sh[458]: make: *** [/usr/share/selinux/devel/include/Makefile:156: tmp/systemd_test.mod] Error 127
```
2021-05-19 13:01:07 +02:00
Zbigniew Jędrzejewski-Szmek
c648c176bc mkosi: stop pulling in vi
We have 'nano' everywhere, and it's enough for a casual edit.
2021-05-19 10:55:03 +02:00
Zbigniew Jędrzejewski-Szmek
6c72b0b737 mkosi/fedora: use pkgconfig virtual provides to refer to packages
... and /usr/bin/ path for a library package which provides an executable we
care about (libxslt).

This way the mkosi dependency list corresponds directly to the names which are
used in the dependency() and find_program() lines in meson.build. It also makes
the thing more resilient to package splits and renames.
2021-05-19 10:54:08 +02:00
Zbigniew Jędrzejewski-Szmek
ded2e247e2 mkosi/fedora: drop python3-devel req
I think it was only used for building the python wrappers.

C.f. ec9ca01d16.
2021-05-19 10:54:04 +02:00
Yu Watanabe
70a2d9dd31 network: route: check validity of interface name in MultiPathRoute= 2021-05-19 16:28:53 +09:00
Yu Watanabe
8ed87c4983 network: route: parse earlier if device specifier in MultiPathRoute= is ifindex 2021-05-19 16:28:53 +09:00
Yu Watanabe
0b54c87081 network: introduce link_get_by_name() 2021-05-19 16:28:53 +09:00
Yu Watanabe
8e4b1b35bc network: drop redundant condition
When Network::unmanaged is set, then the Network object is not assigned
to any Link object. Hence, the condition is always false.
2021-05-19 16:25:02 +09:00
Yu Watanabe
3a1dfdb43f network: drop unnecessary call of manager_rtnl_process_address()
The reply should be NLMSG_DONE or NLMSG_ERROR.
Moreover, calling the function for reply of address label configuration
is completely wrong.
2021-05-19 16:17:23 +09:00
Yu Watanabe
f4cc13646f network: drop unused "callback" arguments in route_remove() and address_remove() 2021-05-19 10:38:57 +09:00
Yu Watanabe
50b7477064 network: dhcp4: re-request DHCP4 address and routes immediately
It is not necessary to wait for removal is finished, as network queue
already do the same thing.
2021-05-19 10:38:57 +09:00