1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

38583 Commits

Author SHA1 Message Date
Theo Ouzhinski
fa44cecae2 man/shutdown: Fix grammar 2019-02-28 15:17:32 +01:00
Lennart Poettering
1f82f5bb42 sd-bus: deal with cookie overruns
Apparently this happens IRL. Let's carefully deal with issues like this:
when we overrun, let's not go back to zero but instead leave the highest
cookie bit set. We use that as indication that we are in "overrun
territory", and then are particularly careful with checking cookies,
i.e. that they haven't been used for still outstanding replies yet. This
should retain the quick cookie generation behaviour we used to have, but
permits dealing with overruns.

Replaces: #11804
Fixes: #11809
2019-02-28 13:44:05 +01:00
Lennart Poettering
e19ebdd66d
Merge pull request #11840 from yuwata/network-route-onlink
network: enable GatewayOnLink= if no static address is configured
2019-02-28 12:02:08 +01:00
Yu Watanabe
358fb6862b fuzz: do not assume the existence of /sys/class/net/lo
Hopefully fixes oss-fuzz#13440.
2019-02-28 10:38:16 +01:00
Yu Watanabe
2850cd40ee network: wrap long lines 2019-02-28 10:57:20 +09:00
Yu Watanabe
33680b0a26 network: simplify config_parse_lifetime() 2019-02-28 10:56:33 +09:00
Yu Watanabe
4aa4c4b0f4 network: avoid address section freed
Otherwise, if HomeAddress= or friends are specified at the first line of
a section, then its assignment will be ignored.
2019-02-28 10:54:20 +09:00
Yu Watanabe
f205a92a5c network: cleanup logging in route related config parsers 2019-02-28 10:39:14 +09:00
Yu Watanabe
01d4e7323c network: do not override previously specified family 2019-02-28 10:37:58 +09:00
Yu Watanabe
af3b1498c6 test-network: add testcase for #1850 2019-02-28 10:34:27 +09:00
Yu Watanabe
4912ab7774 network: enable GatewayOnLink= if Gateway= without static address configured
And warn about that.

But this only done if GatewayOnLink= is not specified. When it is
explicitly disabled, then the flag will not be set.
2019-02-28 10:34:21 +09:00
Yu Watanabe
54901fd222 network: save GatewayOnLink= value as tristate in Route
This should not change any behavior. But used in the later commit.
2019-02-28 10:16:55 +09:00
Yu Watanabe
4bec2f237b network: relax the .network file check
Previously, if a .networ file contains invalid [Address] or [Route]
section, then the file is completely dropped. This makes networkd
just drops invalid sections.
2019-02-28 10:01:56 +09:00
Yu Watanabe
9cb8c55934 network: rename GatewayOnlink= to GatewayOnLink=
But still GatewayOnlink= is supported for backward compatibility.
2019-02-28 10:00:22 +09:00
Lennart Poettering
dc16327c48
Merge pull request #11795 from yuwata/fix-network-routing-policy-11280
network: fix routing policy rule issue #11280
2019-02-27 18:43:56 +01:00
Jörg Sommer
d9e15cbd18 journalctl: New option --cursor-file
The option cursor-file takes a filename as argument. If the file exists and
contains a valid cursor, this is used to start the output after this position.
At the end, the last cursor gets written to the file.

This allows for an easy implementation of a timer that regularly looks in the
journal for some messages.

    journalctl --cursor-file err-cursor -b -p err
    journalctl --cursor-file audit-cursor -t audit --grep DENIED

Or you might want to walk the journal in steps of 10 messages:

    journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-27 18:43:31 +01:00
Lennart Poettering
200fb167a2
Merge pull request #11844 from keszybz/networkd-fuzzer-fixes
Networkd fuzzer fixes
2019-02-27 17:45:55 +01:00
Zbigniew Jędrzejewski-Szmek
4b151b7132
Merge pull request #11807 from yuwata/test-vlan-mtu
network: increase MTU if VLAN= or MACVLAN= requests higher value
2019-02-27 17:15:29 +01:00
Topi Miettinen
527bd7f185 analyze security: check for ProtectHostname=yes 2019-02-27 16:20:38 +01:00
Zbigniew Jędrzejewski-Szmek
c448459d56 networkd: refuse more than 128 NTP servers
This test case is a bit silly, but it shows that our code is unprepared to
handle so many network servers, with quadratic complexity in various places.
I don't think there are any valid reasons to have hundres of NTP servers
configured, so let's just emit a warning and cut the list short.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13354
2019-02-27 14:52:33 +01:00
Zbigniew Jędrzejewski-Szmek
83ec459276 networkd: fix memleak when the same NetDev is specified twice
hashmap_put() returns 0 if the (key, value) pair is already present in the
hashmap, and -EEXIST if the key exists, but the value is different.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13433
2019-02-27 14:31:28 +01:00
Zbigniew Jędrzejewski-Szmek
3772cfde03 network: wrap some long lines 2019-02-27 13:35:19 +01:00
Michal Sekletar
6227fc14c4 selinux: don't log SELINUX_INFO and SELINUX_WARNING messages to audit
Previously we logged even info message from libselinux as USER_AVC's to
audit. For example, setting SELinux to permissive mode generated
following audit message,

time->Tue Feb 26 11:29:29 2019
type=USER_AVC msg=audit(1551198569.423:334): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received setenforce notice (enforcing=0)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

This is unnecessary and wrong at the same time. First, kernel already
records audit event that SELinux was switched to permissive mode, also
the type of the message really shouldn't be USER_AVC.

Let's ignore SELINUX_WARNING and SELINUX_INFO and forward to audit only
USER_AVC's and errors as these two libselinux message types have clear
mapping to audit message types.
2019-02-27 12:17:19 +01:00
Davide Cavalca
170342c90b man: clarify whitespace handling in systemd.syntax 2019-02-27 11:27:51 +01:00
Lennart Poettering
7bd90528b4
Merge pull request #11837 from yuwata/network-tiny-cleanups
network: tiny cleanups
2019-02-27 11:26:47 +01:00
Yu Watanabe
b677774d69 test-network: add testcase for issue #11280 2019-02-27 19:24:13 +09:00
Yu Watanabe
703bc7a2a6 test-network: drop relevant ip routing policy rules before testing 2019-02-27 19:23:46 +09:00
Yu Watanabe
80be3de31f network: fix error code in log 2019-02-27 16:48:19 +09:00
Yu Watanabe
87d8a4dee8 network: merge conditions and use FLAGS_SET() macro 2019-02-27 16:48:19 +09:00
Yu Watanabe
e8c9b5b06f network: make ndisc_router_process_options() propagate error
And its caller ignore the error.
2019-02-27 16:48:19 +09:00
Davide Cavalca
1c73b06926 fs-util: add missing linux/falloc.h include 2019-02-27 11:04:45 +09:00
Yu Watanabe
031fb59a98 network: do not remove rule when it is requested by existing links
Otherwise, the first link once removes all saved rules in the foreign
rule database, and the second or later links create again...
2019-02-27 10:59:10 +09:00
Yu Watanabe
92cd00b974 network: remove routing policy rule from foreign rule database when it is removed
Previously, When the first link configures rules, it removes all saved
rules, which were configured by networkd previously, in the foreign rule
database, but the rules themselves are still in the database.
Thus, when the second or later link configures rules, it errnously
treats the rules already exist.
This is the root of issue #11280.

This removes rules from the foreign database when they are removed.

Fixes #11280.
2019-02-27 10:58:09 +09:00
Yu Watanabe
72b7f1b976 test-network: add test for MTUBytes= in vlan or macvlan devices 2019-02-27 10:05:02 +09:00
Yu Watanabe
40288ecea1 network: bump mtu if stacked vlan or macvlan requests larger size
Closes #5972.
2019-02-27 10:04:56 +09:00
Lennart Poettering
f3892edd5e
Merge pull request #11824 from keszybz/fuzzer-fixes
Fuzzer fixes
2019-02-26 19:02:12 +01:00
Lennart Poettering
9a43fc6a2a
Merge pull request #11827 from keszybz/pkgconfig-variables
Allow overriding pkgconfig prefixes
2019-02-26 18:58:03 +01:00
Lennart Poettering
88a56c7670
Merge pull request #11357 from GiacintoCifelli/dbus_labels
sd-bus: add methods and signals parameter names
2019-02-26 17:22:04 +01:00
Lennart Poettering
8c28360a21
Merge pull request #11823 from keszybz/more-fuzz-coverage
More fuzz coverage
2019-02-26 17:21:32 +01:00
Zbigniew Jędrzejewski-Szmek
9b7f73b03f fuzz-ndisc-rs: avoid assertion failure on samples which dont fit in pipe
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11605.
2019-02-26 13:14:56 +01:00
Zbigniew Jędrzejewski-Szmek
d92e7b8fe4 fuzz-lldp: avoid assertion failure on samples which dont fit in pipe
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11603.
2019-02-26 13:13:02 +01:00
Zbigniew Jędrzejewski-Szmek
eafadd069c fuzz-journal-stream: avoid assertion failure on samples which don't fit in pipe
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11587.
We had a sample which was large enough that write(2) failed to push all the
data into the pipe, and an assert failed. The code could be changed to use
a loop, but then we'd need to interleave writes and sd_event_run (to process
the journal). I don't think the complexity is worth it — fuzzing works best
if the sample is not too huge anyway. So let's just reject samples above 64k,
and tell oss-fuzz about this limit.
2019-02-26 13:00:35 +01:00
Giacinto Cifelli
856ad2a86b sd-bus: add methods and signals parameter names. Fixes: #1564 2019-02-26 12:55:02 +01:00
Zbigniew Jędrzejewski-Szmek
d26eef9252 shared/ask-password-api: when echoing multi-byte characters, print the whole sequence
This is untested, but I don't see how the previous code could have worked
for multibyte characters (with echo on).
2019-02-26 12:43:07 +01:00
Zbigniew Jędrzejewski-Szmek
92e068b465 basic/utf8: do not read past end of string when looking for a multi-byte character
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9341.
2019-02-26 12:37:40 +01:00
Zbigniew Jędrzejewski-Szmek
84319aa76e basic/utf8: change type of function to emphasize that it only looks at one character 2019-02-26 12:17:12 +01:00
Lennart Poettering
a81a4b3b24
Merge pull request #11822 from yuwata/fuzz-udev-database
fuzz: add fuzzer for udev database
2019-02-26 10:26:38 +01:00
Anita Zhang
e51237253e core: consider non-SERVICE_EXEC_START commands for EXIT_CLEAN_COMMAND
When there are multiple ExecStop= statements, the next command would continue
to run even after TimeoutStopSec= is up and sends SIGTERM. This is because,
unless Type= is oneshot, the exit code/status would evaluate to SERVICE_SUCCESS
in service_sigchld_event()'s call to is_clean_exit(). This success indicates
following commands would continue running until the end of the list
is reached, or another timeout is hit and SIGKILL is sent.

Since long running processes should not be invoked in non-SERVICE_EXEC_START
commands, consider them for EXIT_CLEAN_COMMAND instead of EXIT_CLEAN_DAEMON.
Passing EXIT_CLEAN_COMMAND to is_clean_exit() evaluates the SIGTERM exit
code/status to failure and will stop execution after the first timeout is hit.

Fixes #11431
2019-02-26 10:18:39 +01:00
Zbigniew Jędrzejewski-Szmek
453823a290
Merge pull request #11780 from yuwata/fix-4211
network: skip .network files earlier when conditions do not match system environment
2019-02-26 08:31:32 +01:00
Yu Watanabe
10f6188b67 fuzz: add a sample for fuzz-udev-database 2019-02-26 13:28:30 +09:00