platform/upstream/systemd.git
6 years agocore: propagate TasksMax= on the root slice to sysctls
Lennart Poettering [Wed, 17 Jan 2018 17:50:27 +0000 (18:50 +0100)]
core: propagate TasksMax= on the root slice to sysctls

The cgroup "pids" controller is not supported on the root cgroup.
However we expose TasksMax= on it, but currently don't actually apply it
to anything. Let's correct this: if set, let's propagate things to the
right sysctls.

This way we can expose TasksMax= on all units in a somewhat sensible
way.

6 years agocgroup: when querying the number of tasks in the root slice use the pid_max sysctl
Lennart Poettering [Wed, 17 Jan 2018 14:39:39 +0000 (15:39 +0100)]
cgroup: when querying the number of tasks in the root slice use the pid_max sysctl

The root cgroup doesn't expose and properties in the "pids" cgroup
controller, hence we need to get the data from somewhere else.

6 years agocgroup: add proper API to determine whether our unit manags to root cgroup
Lennart Poettering [Wed, 17 Jan 2018 17:41:42 +0000 (18:41 +0100)]
cgroup: add proper API to determine whether our unit manags to root cgroup

6 years agoutil: rework system_tasks_max() to make use of procfs_tasks_max()
Lennart Poettering [Wed, 17 Jan 2018 14:35:01 +0000 (15:35 +0100)]
util: rework system_tasks_max() to make use of procfs_tasks_max()

Let's use our new code.

6 years agoutil-lib: add new procfs-util.[ch] API for dealing with tasks limits
Lennart Poettering [Wed, 17 Jan 2018 17:40:10 +0000 (18:40 +0100)]
util-lib: add new procfs-util.[ch] API for dealing with tasks limits

As it turns out the limit on concurrent tasks on Linux nasty to
determine, hence let's appropriate helpers for this.

6 years agocgroup: use CGROUP_LIMIT_MAX where appropriate
Lennart Poettering [Wed, 17 Jan 2018 14:39:16 +0000 (15:39 +0100)]
cgroup: use CGROUP_LIMIT_MAX where appropriate

6 years agoutil: introduce more accurate definitions of TASKS_MAX
Lennart Poettering [Wed, 17 Jan 2018 14:31:23 +0000 (15:31 +0100)]
util: introduce more accurate definitions of TASKS_MAX

The maximum number of processes a tasks on the system is usually lower
than what pid_t would allow, and is compiled into the kernel (and
documented in proc(5)). Let's add proper defines for that, so that
we can adjust the pid_max sysctl without fearing invalid accesses.

6 years agonetword: tunnel remove unwanted space.
Susant Sahani [Mon, 22 Jan 2018 14:33:22 +0000 (20:03 +0530)]
netword: tunnel remove unwanted space.

6 years agoremove canonicalize_file_name() mention from TODO
Reverend Homer [Mon, 22 Jan 2018 14:26:52 +0000 (17:26 +0300)]
remove canonicalize_file_name() mention from TODO

canonicalize_file_name() invocations were replaced by chase_symlinks() in
Decemeber 2016 with PR #4694, so we don't need this mention in the TODO anymore

6 years agoMerge pull request #7943 from yuwata/fix-chase_symlinks
Lennart Poettering [Mon, 22 Jan 2018 11:42:24 +0000 (12:42 +0100)]
Merge pull request #7943 from yuwata/fix-chase_symlinks

fs-util: use `_cleanup_close_` attribute

6 years agojournald-native: Fix typo in MANDLOCK message
Frantisek Sumsal [Mon, 22 Jan 2018 10:18:53 +0000 (11:18 +0100)]
journald-native: Fix typo in MANDLOCK message

6 years agonetworkd: DHCPv6 client allow to configure Rapid Commit (#6930)
Susant Sahani [Mon, 22 Jan 2018 08:09:18 +0000 (13:39 +0530)]
networkd: DHCPv6 client allow to configure Rapid Commit (#6930)

The DHCPv6 client can obtain configuration parameters from a
DHCPv6 server through a rapid two-message exchange solicit and reply).
When the rapid commit option is enabled by both the DHCPv6 client and
the DHCPv6 server, the two-message exchange is used, rather than the default
four-method exchange (solicit, advertise, request, and reply). The two-message
exchange provides faster client configuration and is beneficial in environments
in which networks are under a heavy load.

Closes #5845

6 years agofuzz: cast to void when return value is ignored
Yu Watanabe [Mon, 22 Jan 2018 00:56:46 +0000 (09:56 +0900)]
fuzz: cast to void when return value is ignored

6 years agofuzz: check return value
Yu Watanabe [Mon, 22 Jan 2018 00:55:38 +0000 (09:55 +0900)]
fuzz: check return value

Closes CID #1385306 and #1385300.

6 years agofuzz: fix coding style
Yu Watanabe [Sun, 21 Jan 2018 13:25:37 +0000 (22:25 +0900)]
fuzz: fix coding style

6 years agocore: delay logging the taint string until after basic.target is reached (#7935)
Zbigniew Jędrzejewski-Szmek [Sun, 21 Jan 2018 12:17:54 +0000 (23:17 +1100)]
core: delay logging the taint string until after basic.target is reached (#7935)

This happens to be almost the same moment as when we send READY=1 in the user
instance, but the logic is slightly different, since we log taint when
basic.target is reached in the system manager, but we send the notification
only in the user manager. So add a separate flag for this and propagate it
across reloads.

Fixes #7683.

6 years agotest-resolve: check return value
Yu Watanabe [Sun, 21 Jan 2018 10:38:29 +0000 (19:38 +0900)]
test-resolve: check return value

Closes CID #1385310.

6 years agosd-dhcp6-client: do not refer uninitialized variable
Yu Watanabe [Sun, 21 Jan 2018 10:27:27 +0000 (19:27 +0900)]
sd-dhcp6-client: do not refer uninitialized variable

Fixes CID #1385308.

6 years agofs-util: chase_symlinks(): prevent double free
Yu Watanabe [Sun, 21 Jan 2018 10:19:25 +0000 (19:19 +0900)]
fs-util: chase_symlinks(): prevent double free

Fixes CID #1385316.

6 years agofs-util: use _cleanup_close_ attribute
Yu Watanabe [Sun, 21 Jan 2018 10:07:10 +0000 (19:07 +0900)]
fs-util: use _cleanup_close_ attribute

The commit f14f1806e329fe92d01f15c22a384702f0cb4ae0 introduced CHASE_SAFE
flag. When the flag is set, then `fd_parent` may not be properly closed.
This sets `_cleanup_close_` attribute to `fd_parent`.
Thus, now `fd_parent` is always closed properly.

6 years agoman: document that sd_j_stream_fd is signal safe (#7942)
Zbigniew Jędrzejewski-Szmek [Sun, 21 Jan 2018 09:51:55 +0000 (20:51 +1100)]
man: document that sd_j_stream_fd is signal safe (#7942)

Fixes #7912.

6 years agoMerge pull request #7938 from keszybz/get-fd-unsafe
Yu Watanabe [Sat, 20 Jan 2018 04:20:33 +0000 (13:20 +0900)]
Merge pull request #7938 from keszybz/get-fd-unsafe

man: document signal unsafeness of sd_journal_get_fd

6 years agoman: document signal unsafeness of journal functions
Zbigniew Jędrzejewski-Szmek [Sat, 20 Jan 2018 03:23:54 +0000 (14:23 +1100)]
man: document signal unsafeness of journal functions

Fixes #7912.

6 years agoNEWS: fix typo
Zbigniew Jędrzejewski-Szmek [Sat, 20 Jan 2018 03:04:17 +0000 (14:04 +1100)]
NEWS: fix typo

6 years agoman: sd_journal_stream_fd: no, fds are not shared (#7926)
Alan Jenkins [Sat, 20 Jan 2018 03:02:50 +0000 (03:02 +0000)]
man: sd_journal_stream_fd: no, fds are not shared (#7926)

sd_journal_stream_fd() does not return the same file descriptor across
different calls.  It can't possibly do so, because the file descriptor
is created using certain parameters passed by the caller.

Also the implementation clearly isn't doing this, it's just connecting
to a unix socket.

It opens exactly one file descriptor, and does not close it unless there
is a write failure.  Nothing like "temporarily multiple file descriptors
may be open".

6 years agoMerge pull request #7936 from titanous/fuzz-dhcp-server
Zbigniew Jędrzejewski-Szmek [Sat, 20 Jan 2018 02:58:19 +0000 (13:58 +1100)]
Merge pull request #7936 from titanous/fuzz-dhcp-server

fuzz: add DHCP server fuzzer

6 years agofuzz: simplify oss-fuzz build instructions in HACKING
Jonathan Rudenberg [Sat, 20 Jan 2018 01:10:51 +0000 (20:10 -0500)]
fuzz: simplify oss-fuzz build instructions in HACKING

6 years agofuzz: add DHCP server fuzzer
Jonathan Rudenberg [Sat, 20 Jan 2018 00:44:56 +0000 (19:44 -0500)]
fuzz: add DHCP server fuzzer

6 years agoman: fix typo (#7937)
Yu Watanabe [Sat, 20 Jan 2018 02:22:57 +0000 (11:22 +0900)]
man: fix typo (#7937)

Reported by Дилян Палаузов (https://github.com/dilyanpalauzov) in #7870.

6 years agoMerge pull request #7934 from keszybz/man-improvements
Yu Watanabe [Sat, 20 Jan 2018 02:15:52 +0000 (11:15 +0900)]
Merge pull request #7934 from keszybz/man-improvements

Man page improvements

6 years agonetworkd: add quickack option to route (#7896)
Susant Sahani [Fri, 19 Jan 2018 23:49:15 +0000 (05:19 +0530)]
networkd: add quickack option to  route (#7896)

This patch adds quickack option to enable/disable TCP quick ack
mode for per-route.

6 years agoman: make clear that accessing network and mounting filesystems is not supported...
Michal Sekletar [Fri, 19 Jan 2018 23:47:27 +0000 (00:47 +0100)]
man: make clear that accessing network and mounting filesystems is not supported in udev rules (#7916)

These restrictions are implied by systemd options used for
systemd-udevd.service, i.e. MountFlags=slave and
IPAddressDeny=any. However, there are users out there getting tripped by
this, so let's make things clear in the man page so the actual
restrictions we implement by default have better visibility.

6 years agoman: clarify that Requires stop propagation only applies to explit requests
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:45:02 +0000 (10:45 +1100)]
man: clarify that Requires stop propagation only applies to explit requests

Follow-up for e79eabdb1becc93cf4afc909aa18dc40c931eab5. There was an
apparent contradiction:

  man/systemd.unit says for Requires=:

  Besides, with or without specifying After=, this unit will be deactivated
  if one of the other units get deactivated.

  Also, some unit types may deactivate on their own (for example, a service
  process may decide to exit cleanly, or a device may be unplugged by the
  user), which is not propagated to units having a Requires= dependency.

Fixes #7870.

6 years agonetworkd: ignore Static Routes option when Classless Static Routes is given (#7807)
Susant Sahani [Fri, 19 Jan 2018 23:42:45 +0000 (05:12 +0530)]
networkd: ignore Static Routes option when Classless Static Routes is given (#7807)

When the DHCP server returns both a Classless Static Routes
option and a Static Routes option, the DHCP client MUST ignore the
Static Routes option.

Closes #7792

6 years agoman: alphabetize and move targets to proper sections in systemd.special
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:38:09 +0000 (10:38 +1100)]
man: alphabetize and move targets to proper sections in systemd.special

6 years agoman: fix example formatting in systemd.preset
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:33:50 +0000 (10:33 +1100)]
man: fix example formatting in systemd.preset

Repeating "example" everywhere was not useful, so remove
that and improve the formatting a bit.

6 years agoman: document default for WakeOnLan
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:33:15 +0000 (10:33 +1100)]
man: document default for WakeOnLan

6 years agoman: add a note where coredump default values are
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:27:46 +0000 (10:27 +1100)]
man: add a note where coredump default values are

I don't want to include all the default values in the man page
because that's bound to get out of date…

6 years agoman: fix _STREAM_ID, _LINE_BREAK descriptions
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:15:06 +0000 (10:15 +1100)]
man: fix _STREAM_ID, _LINE_BREAK descriptions

Pointed out by Дилян Палаузов (https://github.com/dilyanpalauzov).
Fixes #7870.

6 years agoMerge pull request #7675 from shawnl/unaligned
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:00:14 +0000 (10:00 +1100)]
Merge pull request #7675 from shawnl/unaligned

Issue #7654 (unaligned loads on sparc64)

6 years agofs-util: chase_symlinks(): support empty root
Yu Watanabe [Fri, 19 Jan 2018 09:05:28 +0000 (18:05 +0900)]
fs-util: chase_symlinks(): support empty root

The commit b1bfb848046e457f3cd623286b8cc1a5e5440023 makes chase_symlinks()
recognize empty string for root as an invalid parameter. However,
empty root is often used e.g. systemd-nspawn.
This makes chase_symlinks() support empty string safely.

Fixes #7927.

6 years agoMerge pull request #7923 from keszybz/resolved-generic-packet
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 06:42:29 +0000 (17:42 +1100)]
Merge pull request #7923 from keszybz/resolved-generic-packet

Resolved generic packet

6 years agoMerge pull request #7913 from sourcejedi/devpts
Alan Jenkins [Thu, 18 Jan 2018 21:56:26 +0000 (21:56 +0000)]
Merge pull request #7913 from sourcejedi/devpts

3 nitpicks from core/namespace.c

6 years agohwdb: Add Lenovo IdeaPad Miix 320 sensor mount quirk (#7707)
jdkbx [Thu, 18 Jan 2018 20:09:58 +0000 (21:09 +0100)]
hwdb: Add Lenovo IdeaPad Miix 320 sensor mount quirk (#7707)

6 years agoman: systemd-nspawn: fix list of default capabilities (#7925)
Alan Jenkins [Thu, 18 Jan 2018 19:11:11 +0000 (19:11 +0000)]
man: systemd-nspawn: fix list of default capabilities (#7925)

* Sort them alphabetically.
* Add CAP_MKNOD (commit 7f112f50fe added it).

the list is now in sync with the one at the top of nspawn.c

6 years agoMerge pull request #7924 from sourcejedi/devpts-regression-fix
Alan Jenkins [Thu, 18 Jan 2018 19:04:12 +0000 (19:04 +0000)]
Merge pull request #7924 from sourcejedi/devpts-regression-fix

core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx

6 years agocore: clone_device_node(): add debug message
Alan Jenkins [Thu, 18 Jan 2018 13:58:13 +0000 (13:58 +0000)]
core: clone_device_node(): add debug message

For people who use debug messages, maybe it is helpful to know that
PrivateDevices= failed due to mknod(), and which device node.

(The other (un-logged) failures could be while mounting filesystems e.g. no
CAP_SYS_ADMIN which is the common case, or missing /dev/shm or /dev/pts,
or missing /dev/ptmx).

6 years agocore: un-break PrivateDevices= by allowing it to mknod /dev/ptmx
Alan Jenkins [Thu, 18 Jan 2018 12:07:31 +0000 (12:07 +0000)]
core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx

#7886 caused PrivateDevices= to silently fail-open.
https://github.com/systemd/systemd/pull/7886#issuecomment-358542849

Allow PrivateDevices= to succeed, in creating /dev/ptmx, even though
DeviceControl=closed applies.

No specific justification was given for blocking mknod of /dev/ptmx.  Only
that we didn't seem to need it, because we weren't creating it correctly as
a device node.

6 years agoresolved: fix confusion with generic data in unparsable packets
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jan 2018 09:19:48 +0000 (20:19 +1100)]
resolved: fix confusion with generic data in unparsable packets

Issue 5465.

6 years agoresolved: split out parts of dns_packet_extract
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jan 2018 08:34:07 +0000 (19:34 +1100)]
resolved: split out parts of dns_packet_extract

This fairly complicated function was deeply nested and
hard to read...

6 years agobus-message: avoid -Wnull-pointer-arithmetic warning on new clang
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jan 2018 05:23:09 +0000 (16:23 +1100)]
bus-message: avoid -Wnull-pointer-arithmetic warning on new clang

We just need some pointer, so use alignment directly converted
to the right type.

6 years agoMerge pull request #7876 from titanous/oss-fuzz
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jan 2018 01:41:13 +0000 (12:41 +1100)]
Merge pull request #7876 from titanous/oss-fuzz

Add initial fuzzing infrastructure

6 years agofuzz: add docs on creating fuzzer targets to HACKING
Jonathan Rudenberg [Tue, 16 Jan 2018 17:09:56 +0000 (12:09 -0500)]
fuzz: add docs on creating fuzzer targets to HACKING

6 years agofuzz: allow building fuzzers outside of oss-fuzz
Jonathan Rudenberg [Tue, 16 Jan 2018 15:25:43 +0000 (10:25 -0500)]
fuzz: allow building fuzzers outside of oss-fuzz

Add a new -Dllvm-fuzz=true option that can be used to build against
libFuzzer and update the oss-fuzz script to work outside of the
oss-fuzz build environment.

6 years agofuzz: rebuild everything during each oss-fuzz build
Jonathan Rudenberg [Tue, 16 Jan 2018 13:36:56 +0000 (08:36 -0500)]
fuzz: rebuild everything during each oss-fuzz build

This avoids failures while using the oss-fuzz local testing
infrastructure.

6 years agofuzz: disable all deps when building with oss-fuzz
Jonathan Rudenberg [Mon, 15 Jan 2018 23:27:37 +0000 (18:27 -0500)]
fuzz: disable all deps when building with oss-fuzz

The fuzz targets are intended to be fast and only target systemd
code, so they don't need to call out to any dependencies. They also
shouldn't depend on shared libraries outside of libc, so we disable
every dependency when compiling against oss-fuzz. This also
simplifies the upstream build environment significantly.

6 years agofuzz: add initial fuzzing infrastructure
Jonathan Rudenberg [Sun, 14 Jan 2018 00:51:07 +0000 (19:51 -0500)]
fuzz: add initial fuzzing infrastructure

The fuzzers will be used by oss-fuzz to automatically and
continuously fuzz systemd.

This commit includes the build tooling necessary to build fuzz
targets, and a fuzzer for the DNS packet parser.

6 years agoMerge pull request #7903 from yuwata/fix-7863
Lennart Poettering [Wed, 17 Jan 2018 18:18:47 +0000 (19:18 +0100)]
Merge pull request #7903 from yuwata/fix-7863

 network: create runtime sub-directories after drop_privileges()

6 years agoMerge pull request #7910 from poettering/getcwd
Lennart Poettering [Wed, 17 Jan 2018 18:16:42 +0000 (19:16 +0100)]
Merge pull request #7910 from poettering/getcwd

some getcwd() fixes, and other path-util tweaks

6 years agoMerge pull request #7911 from poettering/chase-symlinks-tweaks
Lennart Poettering [Wed, 17 Jan 2018 18:15:49 +0000 (19:15 +0100)]
Merge pull request #7911 from poettering/chase-symlinks-tweaks

chase_symlinks() tweaks

6 years agocore: namespace: remove unnecessary mode on /dev/shm mount target
Alan Jenkins [Wed, 17 Jan 2018 12:53:26 +0000 (12:53 +0000)]
core: namespace: remove unnecessary mode on /dev/shm mount target

This should have no behavioural effect; it just confused me.

All the other mount directories in this function are created as 0755.
Some of the mounts are allowed to fail - mqueue and hugepages.
If the /dev/mqueue mount target was created with the permissive mode 01777,
to match the filesystem we're trying to mount there, then a mount failure
would allow unprivileged users to write to the /dev filesystem, e.g. to
exhaust the available space.  There is no reason to allow this.

(Allowing the user read access (0755) seems a reasonable idea though, e.g. for
quicker troubleshooting.)

We do not allow failure of the /dev/shm mount, so it doesn't matter that
it is created as 01777.  But on the same grounds, we have no *reason* to
create it as any specific mode.  0755 is equally fine.

This function will be clearer by using 0755 throughout, to avoid
unintentionally implying some connection between the mode of the mount
target, and the mode of the mounted filesystem.

6 years agoREADME: fix context for CONFIG_DEVPTS_MULTIPLE_INSTANCES
Alan Jenkins [Mon, 15 Jan 2018 16:55:11 +0000 (16:55 +0000)]
README: fix context for CONFIG_DEVPTS_MULTIPLE_INSTANCES

`newinstance` (and `ptmxmode`) options of devpts are _not_ used by
PrivateDevices=.  (/dev/pts is shared, similar to how /dev/shm and
/dev/mqueue are handled).  It is used by nspawn containers though.

Also CONFIG_DEVPTS_MULTIPLE_INSTANCES was removed in 4.7-rc2
https://github.com/torvalds/linux/commit/eedf265aa003b4781de24cfed40a655a664457e6
and no longer needs to be set, so make that clearer to avoid confusion.

6 years agoresolve: check for underflow of size parameter (#7889)
Shawn Landden [Wed, 17 Jan 2018 13:49:22 +0000 (05:49 -0800)]
resolve: check for underflow of size parameter (#7889)

to dns_packet_read_memdup()

Closes #7888

6 years agocore: namespace: nitpick /dev/ptmx error handling
Alan Jenkins [Wed, 17 Jan 2018 13:28:04 +0000 (13:28 +0000)]
core: namespace: nitpick /dev/ptmx error handling

If /dev/tty did not exist, or had st_rdev == 0, we ignored it.  And the
same is true for null, zero, full, random, urandom.

If /dev/ptmx did not exist, we treated this as a failure.  If /dev/ptmx had
st_rdev == 0, we ignored it.

This was a very recent change, but there was no reason for ptmx creation
specifically to treat st_rdev == 0 differently from non-existence.  This
confuses me when reading it.

Change the creation of /dev/ptmx so that st_rdev == 0 is
treated as failure.

This still leaves /dev/ptmx as a special case with stricter handling.
However it is consistent with the immediately preceding creation of
/dev/pts/, which is treated as essential, and is directly related to ptmx.

I don't know why we check st_rdev.  But I'd prefer to have only one
unanswered question here, and not to have a second unanswered question
added on top.

6 years agofs-util: refuse taking a relative path to chase if "root" is specified and CHASE_PREF...
Lennart Poettering [Wed, 17 Jan 2018 11:00:40 +0000 (12:00 +0100)]
fs-util: refuse taking a relative path to chase if "root" is specified and CHASE_PREFIX_ROOT is set

If we take a relative path we first make it absolute, based on the
current working directory. But if CHASE_PREFIX_ROOT is passe we are
supposed to make the path absolute taking the specified root path into
account, but that makes no sense if we talk about the current working
directory as that is relative to the host's root in any case. Hence,
let's refuse this politely.

6 years agofs-util: extra chase_symlink() safety check on "path" parameter
Lennart Poettering [Wed, 17 Jan 2018 11:00:12 +0000 (12:00 +0100)]
fs-util: extra chase_symlink() safety check on "path" parameter

It's not clear what an empty "path" is even supposed to mean, hence
refuse.

6 years agofs-util: extra safety checks on chase_symlinks() root parameter
Lennart Poettering [Wed, 17 Jan 2018 10:56:52 +0000 (11:56 +0100)]
fs-util: extra safety checks on chase_symlinks() root parameter

Let's handle root="" and root="/" safely.

6 years agopath-util: don't insert duplicate "/" in path_make_absolute_cwd()
Lennart Poettering [Wed, 17 Jan 2018 10:17:55 +0000 (11:17 +0100)]
path-util: don't insert duplicate "/" in path_make_absolute_cwd()

When the working directory is "/" it's prettier not to insert a second
"/" in the path, even though it is technically correct.

6 years agotree-wide: port all code to use safe_getcwd()
Lennart Poettering [Wed, 17 Jan 2018 10:17:38 +0000 (11:17 +0100)]
tree-wide: port all code to use safe_getcwd()

6 years agopath-util: introduce new safe_getcwd() wrapper
Lennart Poettering [Wed, 17 Jan 2018 10:16:31 +0000 (11:16 +0100)]
path-util: introduce new safe_getcwd() wrapper

It's like get_current_dir_name() but protects us from
CVE-2018-1000001-style exploits:

https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/

6 years agopath-util: don't add extra "/" when prefix already is suffixed by slash
Lennart Poettering [Wed, 17 Jan 2018 10:15:00 +0000 (11:15 +0100)]
path-util: don't add extra "/" when prefix already is suffixed by slash

No need to insert duplicate "/" if we can avoid it. This is particularly
relevant if the prefix passed in is the root directory.

6 years agopath-util: do something useful if the prefix is "" in path_make_absolute()
Lennart Poettering [Wed, 17 Jan 2018 10:13:46 +0000 (11:13 +0100)]
path-util: do something useful if the prefix is "" in path_make_absolute()

Do not insert a "/" if the prefix we shall use is empty. It's a corner
case we should probably take care of.

6 years agoefivars: include errno.h when EFI support is disabled (#7900)
Yu Watanabe [Wed, 17 Jan 2018 09:25:42 +0000 (18:25 +0900)]
efivars: include errno.h when EFI support is disabled (#7900)

Fixes #7898.

6 years agoMerge pull request #7886 from gdamjan/fix-ptmx
Alan Jenkins [Wed, 17 Jan 2018 09:24:00 +0000 (09:24 +0000)]
Merge pull request #7886 from gdamjan/fix-ptmx

namespace: make /dev/ptmx a copy of the host not a symlink

6 years agoMerge pull request #7893 from poettering/parse-tweaks
Zbigniew Jędrzejewski-Szmek [Wed, 17 Jan 2018 09:22:17 +0000 (20:22 +1100)]
Merge pull request #7893 from poettering/parse-tweaks

parsing tweaks

6 years agoMerge pull request #7902 from yuwata/fix-warning-by-clang
Zbigniew Jędrzejewski-Szmek [Wed, 17 Jan 2018 09:17:23 +0000 (20:17 +1100)]
Merge pull request #7902 from yuwata/fix-warning-by-clang

network: small fixes

6 years agohwdb: 60-sensors: Add DMI strings for Trekstor Surftab 7.0 newer BIOS versions (...
Hans de Goede [Wed, 17 Jan 2018 09:15:41 +0000 (10:15 +0100)]
hwdb: 60-sensors: Add DMI strings for Trekstor Surftab 7.0 newer BIOS versions (#7904)

Some newer BIOS versions of the TrekStor SurfTab wintron 7.0 tablet use
different (better) DMI strings, update the existing 60-sensors.hwdb
entry for this tablet to also work with the newer BIOS.

6 years ago hwdb: HP vendor name for ZBooks in 60-keyboard.hwdb (#7905)
Jerónimo Borque [Wed, 17 Jan 2018 09:15:00 +0000 (06:15 -0300)]
 hwdb: HP vendor name for ZBooks in 60-keyboard.hwdb (#7905)

Added new HP vendor name to support Zbook's mic mute key mapping

6 years agoMerge pull request #7897 from yuwata/small-man-fixes
Zbigniew Jędrzejewski-Szmek [Wed, 17 Jan 2018 09:13:54 +0000 (20:13 +1100)]
Merge pull request #7897 from yuwata/small-man-fixes

Several man fixes

6 years agonamespace: only make the symlink /dev/ptmx if it was already a symlink
Дамјан Георгиевски [Tue, 16 Jan 2018 20:50:36 +0000 (21:50 +0100)]
namespace: only make the symlink /dev/ptmx if it was already a symlink

…otherwise try to clone it as a device node

On most contemporary distros /dev/ptmx is a device node, and
/dev/pts/ptmx has 000 inaccessible permissions. In those cases
the symlink /dev/ptmx -> /dev/pts/ptmx breaks the pseudo tty support.

In that case we better clone the device node.

OTOH, in nspawn containers (and possibly others), /dev/pts/ptmx has
normal permissions, and /dev/ptmx is a symlink. In that case make the
same symlink.

fixes #7878

6 years agonamespace: extract clone_device_node function from mount_private_dev
Дамјан Георгиевски [Tue, 16 Jan 2018 20:27:51 +0000 (21:27 +0100)]
namespace: extract clone_device_node function from mount_private_dev

6 years agonetwork: create runtime sub-directories after drop_privileges()
Yu Watanabe [Tue, 16 Jan 2018 18:35:25 +0000 (03:35 +0900)]
network: create runtime sub-directories after drop_privileges()

For old kernels not supporting AmbientCapabilities=, networkd is
started as root with limited capabilities. Then, networkd cannot
chown the directories under runtime directory as
CapabilityBoundingSet= does not contains enough capabilities.
This makes these directories are created after dropping privileges.
Thus, networkd does not need to chown them anymore.

Fixes #7863.

6 years agotimesync: do not fail when started as privileged user
Yu Watanabe [Tue, 16 Jan 2018 18:34:45 +0000 (03:34 +0900)]
timesync: do not fail when started as privileged user

6 years agodhcp6: fix warnings by clang with -Waddress-of-packed-member
Yu Watanabe [Tue, 16 Jan 2018 16:53:00 +0000 (01:53 +0900)]
dhcp6: fix warnings by clang with -Waddress-of-packed-member

This fixes the following warnings:
```
[194/1521] Compiling C object 'src/libsystemd-network/systemd-network@sta/dhcp6-option.c.o'.
../../git/systemd/src/libsystemd-network/dhcp6-option.c:110:25: warning: taking address of packed member 'id' of class or structure 'ia_na' may result in an unaligned pointer value [-Waddress-of-packed-member]
                iaid = &ia->ia_na.id;
                        ^~~~~~~~~~~~
../../git/systemd/src/libsystemd-network/dhcp6-option.c:115:25: warning: taking address of packed member 'id' of class or structure 'ia_ta' may result in an unaligned pointer value [-Waddress-of-packed-member]
                iaid = &ia->ia_ta.id;
                        ^~~~~~~~~~~~
2 warnings generated.
```

6 years agonetworkd: fix wrong argument check
Yu Watanabe [Tue, 16 Jan 2018 16:29:13 +0000 (01:29 +0900)]
networkd: fix wrong argument check

6 years agoipvlan: fix wrong assignment in ipvlan_init()
Yu Watanabe [Tue, 16 Jan 2018 16:28:09 +0000 (01:28 +0900)]
ipvlan: fix wrong assignment in ipvlan_init()

6 years agoman: mention that systemctl is-active or is-failed do not load units
Yu Watanabe [Tue, 16 Jan 2018 14:25:56 +0000 (23:25 +0900)]
man: mention that systemctl is-active or is-failed do not load units

See the discussion in the issue #7875.

6 years agovirt: add comment that we need to use sscanf()
Yu Watanabe [Tue, 16 Jan 2018 14:00:39 +0000 (23:00 +0900)]
virt: add comment that we need to use sscanf()

Follow-up for 13e0f9fe8334859ee86f4ff725374d1d83f5baf7.
See PR #7890 and comment in PR #7581.

6 years agoman: remove duplicated line
Yu Watanabe [Tue, 16 Jan 2018 13:22:14 +0000 (22:22 +0900)]
man: remove duplicated line

Follow-up for c46bc7e2162d774f55847c1a8cb9d49085cf89bb.

6 years agoparse-util: detect overflows in parse_percent_unbounded()
Lennart Poettering [Tue, 16 Jan 2018 10:50:12 +0000 (11:50 +0100)]
parse-util: detect overflows in parse_percent_unbounded()

We shouldn't accept percentages beyon INT32_MAX and consider them
valid.

6 years agoparse-util: coding style fix
Lennart Poettering [Tue, 16 Jan 2018 10:49:24 +0000 (11:49 +0100)]
parse-util: coding style fix

Let's not rely on C's downgrade-to-bool feature to check for NUL bytes

6 years agolocale-util: add freelocale() cleanup helper
Lennart Poettering [Tue, 16 Jan 2018 10:48:25 +0000 (11:48 +0100)]
locale-util: add freelocale() cleanup helper

6 years agoMerge pull request #7885 from pfl/dhcp6_fixes
Lennart Poettering [Tue, 16 Jan 2018 09:44:35 +0000 (10:44 +0100)]
Merge pull request #7885 from pfl/dhcp6_fixes

Minor fixes

6 years agoman: fix broken kernel document links (#7892)
John Lin [Tue, 16 Jan 2018 09:29:35 +0000 (17:29 +0800)]
man: fix broken kernel document links (#7892)

6 years agoFix parsing of features in detect_vm_xen_dom0 (#7890)
Olaf Hering [Tue, 16 Jan 2018 09:24:37 +0000 (10:24 +0100)]
Fix parsing of features in detect_vm_xen_dom0 (#7890)

Use sscanf instead of the built-in safe_atolu because the scanned string
lacks the leading "0x", it is generated with snprintf(b, "%08x", val).
As a result strtoull handles it as octal, and parsing fails.

The initial submission already used sscanf, then parsing was replaced by
safe_atolu without retesting the updated PR.

Fixes 575e6588d ("virt: use XENFEAT_dom0 to detect the hardware domain
(#6442, #6662) (#7581)")

6 years agoMerge pull request #7540 from fbuihuu/systemd-delta-tweaks
Zbigniew Jędrzejewski-Szmek [Tue, 16 Jan 2018 09:22:25 +0000 (20:22 +1100)]
Merge pull request #7540 from fbuihuu/systemd-delta-tweaks

Systemd delta tweaks

6 years agomachined: use getent to get default shell for machinectl shell (#7684)
Shawn Landden [Mon, 15 Jan 2018 18:17:51 +0000 (10:17 -0800)]
machined: use getent to get default shell for machinectl shell (#7684)

Closes: https://github.com/systemd/systemd/issues/1395

6 years agosd-dhcp6-client: Use offsetof() instead of sizeof()
Patrik Flykt [Mon, 15 Jan 2018 15:37:52 +0000 (17:37 +0200)]
sd-dhcp6-client: Use offsetof() instead of sizeof()

The slightly modified review comments say that "...in theory
offsetof(DHCP6Option, data) is nicer than sizeof(DHCP6Option)
because the former removes alignment artifacts. In this
specific case there are no alignment whitespaces hence it's
fine, but out of a matter of principle offsetof() is preferred
over sizeof() in cases like this..."

6 years agodhcp6: Fix valgrind nitpick about returned test case value
Patrik Flykt [Mon, 15 Jan 2018 15:15:13 +0000 (17:15 +0200)]
dhcp6: Fix valgrind nitpick about returned test case value

Calling dhcp6_option_parse_address() will always return a value
< 0 on error even though lt_valid remains unset. This is more
than valgrind can safely detect, but let's fix the valgrind
nitpick anyway.

While fixing, use UINT32_MAX instead of ~0 on the same line.

6 years agoMerge pull request #7884 from yuwata/small-fixes
Lennart Poettering [Mon, 15 Jan 2018 15:40:41 +0000 (16:40 +0100)]
Merge pull request #7884 from yuwata/small-fixes

Small fixes