Aaron Plattner [Wed, 16 Jan 2019 18:26:15 +0000 (10:26 -0800)]
core: Fix -EOPNOTSUPP emergency action error string
The error string for operations that are not supported (e.g. "shutdown" for
user-defined units) should take two arguments, where the first one is the type
of action being defined (i.e. "FailureAction" vs. "SuccessAction") and the
second is the string that was invalid.
Currently, the code prints this:
$ systemd-run --user --wait -p SuccessAction=poweroff true
Failed to start transient service unit: EmergencyAction setting invalid for manager type: SuccessAction
Change the format string to instead print:
$ systemd-run --user --wait -p SuccessAction=poweroff true
Failed to start transient service unit: SuccessAction setting invalid for manager type: poweroff
Aaron Plattner [Wed, 16 Jan 2019 18:00:21 +0000 (10:00 -0800)]
core: Fix return argument check for parse_emergency_action
This function returns 0 on success and a negative value on failure. On success,
it writes the parsed action to the address passed in its third argument.
`bus_set_transient_emergency_action` does this:
r = parse_emergency_action(s, system, &v);
if (v < 0)
// handle failure
However, `v` is not updated if the function fails, and this should be checking
`r` instead of `v`.
The result of this is that if an invalid failure (or success) action is
specified, systemd ends up creating the unit anyway and then misbehaves if it
tries to run the failure action because the action value comes from
uninitialized stack data. In my case, this resulted in a failed assertion:
Program received signal SIGABRT, Aborted.
0x00007fe52cca0d7f in raise () from /snap/usr/lib/libc.so.6
(gdb) bt
#0 0x00007fe52cca0d7f in raise () from /snap/usr/lib/libc.so.6
#1 0x00007fe52cc8b672 in abort () from /snap/usr/lib/libc.so.6
#2 0x00007fe52d66f169 in log_assert_failed_realm (realm=LOG_REALM_SYSTEMD, text=0x56177ab8e000 "action < _EMERGENCY_ACTION_MAX", file=0x56177ab8dfb8 "../src/core/emergency-action.c", line=33, func=0x56177ab8e2b0 <__PRETTY_FUNCTION__.14207> "emergency_action") at ../src/basic/log.c:795
#3 0x000056177aa98cf4 in emergency_action (m=0x56177c992cb0, action=
2059118610, options=(unknown: 0), reboot_arg=0x0, exit_status=1, reason=0x7ffdd2df4290 "unit run-u0.service failed") at ../src/core/emergency-action.c:33
#4 0x000056177ab2b739 in unit_notify (u=0x56177c9eb340, os=UNIT_ACTIVE, ns=UNIT_FAILED, flags=(unknown: 0)) at ../src/core/unit.c:2504
#5 0x000056177aaf62ed in service_set_state (s=0x56177c9eb340, state=SERVICE_FAILED) at ../src/core/service.c:1104
#6 0x000056177aaf8a29 in service_enter_dead (s=0x56177c9eb340, f=SERVICE_SUCCESS, allow_restart=true) at ../src/core/service.c:1712
#7 0x000056177aaf9233 in service_enter_signal (s=0x56177c9eb340, state=SERVICE_FINAL_SIGKILL, f=SERVICE_SUCCESS) at ../src/core/service.c:1854
#8 0x000056177aaf921b in service_enter_signal (s=0x56177c9eb340, state=SERVICE_FINAL_SIGTERM, f=SERVICE_SUCCESS) at ../src/core/service.c:1852
#9 0x000056177aaf8eb3 in service_enter_stop_post (s=0x56177c9eb340, f=SERVICE_SUCCESS) at ../src/core/service.c:1788
#10 0x000056177aaf91eb in service_enter_signal (s=0x56177c9eb340, state=SERVICE_STOP_SIGKILL, f=SERVICE_SUCCESS) at ../src/core/service.c:1850
#11 0x000056177aaf91bc in service_enter_signal (s=0x56177c9eb340, state=SERVICE_STOP_SIGTERM, f=SERVICE_FAILURE_EXIT_CODE) at ../src/core/service.c:1848
#12 0x000056177aaf9759 in service_enter_running (s=0x56177c9eb340, f=SERVICE_FAILURE_EXIT_CODE) at ../src/core/service.c:1941
#13 0x000056177ab005b7 in service_sigchld_event (u=0x56177c9eb340, pid=112, code=1, status=1) at ../src/core/service.c:3296
#14 0x000056177aad84b5 in manager_invoke_sigchld_event (m=0x56177c992cb0, u=0x56177c9eb340, si=0x7ffdd2df48f0) at ../src/core/manager.c:2444
#15 0x000056177aad88df in manager_dispatch_sigchld (source=0x56177c994710, userdata=0x56177c992cb0) at ../src/core/manager.c:2508
#16 0x00007fe52d72f807 in source_dispatch (s=0x56177c994710) at ../src/libsystemd/sd-event/sd-event.c:2846
#17 0x00007fe52d730f7d in sd_event_dispatch (e=0x56177c993530) at ../src/libsystemd/sd-event/sd-event.c:3229
#18 0x00007fe52d73142e in sd_event_run (e=0x56177c993530, timeout=
18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:3286
#19 0x000056177aad9f71 in manager_loop (m=0x56177c992cb0) at ../src/core/manager.c:2906
#20 0x000056177aa7c876 in invoke_main_loop (m=0x56177c992cb0, ret_reexecute=0x7ffdd2df4bff, ret_retval=0x7ffdd2df4c04, ret_shutdown_verb=0x7ffdd2df4c58, ret_fds=0x7ffdd2df4c70, ret_switch_root_dir=0x7ffdd2df4c48, ret_switch_root_init=0x7ffdd2df4c50, ret_error_message=0x7ffdd2df4c60) at ../src/core/main.c:1792
#21 0x000056177aa7f251 in main (argc=2, argv=0x7ffdd2df4e78) at ../src/core/main.c:2573
Fix this by checking the correct variable.
Jan Janssen [Tue, 15 Jan 2019 14:46:32 +0000 (15:46 +0100)]
ethtool: Make sure advertise is actually set when autonegotiation is used
Zbigniew Jędrzejewski-Szmek [Wed, 16 Jan 2019 17:10:54 +0000 (18:10 +0100)]
Merge pull request #11441 from poettering/foreach-string-rework
FOREACH_STRING() rework
Lennart Poettering [Wed, 16 Jan 2019 11:13:37 +0000 (12:13 +0100)]
seccomp: drop mincore() from @system-service syscall filter group
Previously, this system call was included in @system-service since it is
a "getter" only, i.e. only queries information, and doesn't change
anything, and hence was considered not risky.
However, as it turns out, mincore() is actually security sensitive, see
the discussion here:
https://lwn.net/Articles/776034/
Hence, let's adjust the system call filter and drop mincore() from it.
This constitues a compatibility break to some level, however I presume
we can get away with this as the systemcall is pretty exotic. The fact
that it is pretty exotic is also reflected by the fact that the kernel
intends to majorly change behaviour of the system call soon (see the
linked LWN article)
Philip Withnall [Wed, 16 Jan 2019 12:03:53 +0000 (12:03 +0000)]
man: Fix a typo in systemd.exec.xml
Signed-off-by: Philip Withnall <withnall@endlessm.com>
bl33pbl0p [Wed, 16 Jan 2019 00:03:22 +0000 (00:03 +0000)]
Log the job being merged
Makes it easier to understand what was merged (and easier to realize why).
Example is a start job running, and another unit triggering a verify-active job. It is not clear what job was it that from baz.service that merged into the installed job for bar.service in the debug logs. This makes it useful when debugging issues.
Jan 15 11:45:58 jupiter systemd[1218]: baz.service: Trying to enqueue job baz.service/start/replace
Jan 15 11:45:58 jupiter systemd[1218]: baz.service: Installed new job baz.service/start as 498
Jan 15 11:45:58 jupiter systemd[1218]: bar.service: Merged into installed job bar.service/start as 497
Jan 15 11:45:58 jupiter systemd[1218]: baz.service: Enqueued job baz.service/start as 498
It becomes:
Jan 15 11:45:58 jupiter systemd[1218]: bar.service: Merged bar.service/verify-active into installed job bar.service/start as 497
Lennart Poettering [Tue, 15 Jan 2019 23:13:38 +0000 (00:13 +0100)]
strv: rework FOREACH_STRING() macro
So it's apparently problematic that we use STRV_MAKE() (i.e. a compound
initializer) outside of the {} block we use it in (and that includes
outside of the ({}) block, too). Hence, let's rework the macro to not
need that.
This also makes the macro shorter, which is definitely a good and more
readable. Moreover, it will now complain if the iterator is a "char*"
instead of a "const char*", which is good too.
Fixes: #11394
Lennart Poettering [Tue, 15 Jan 2019 23:12:50 +0000 (00:12 +0100)]
test,systemctl,nspawn: use "const char*" instead of "char*" as iterator for FOREACH_STRING()
The macro iterates through literal strings (i.e. constant strings),
hence it's more correct to have the iterator const too.
Lucas Werkmeister [Tue, 15 Jan 2019 23:16:10 +0000 (00:16 +0100)]
Enable regular file and FIFO protection
These sysctls were added in Linux 4.19 (torvalds/linux@
30aba6656f), and
we should enable them just like we enable the older hardlink/symlink
protection since v199. Implements #11414.
Joost Heitbrink [Tue, 15 Jan 2019 20:27:08 +0000 (21:27 +0100)]
Fix omission in docs
change "if is missing" to "if /etc/machine-id is missing".
Zbigniew Jędrzejewski-Szmek [Tue, 15 Jan 2019 20:04:32 +0000 (21:04 +0100)]
Merge pull request #11418 from yuwata/fix-11404
network: fix infinite loop in setting up wireguard
Zbigniew Jędrzejewski-Szmek [Tue, 15 Jan 2019 15:54:19 +0000 (16:54 +0100)]
Merge pull request #11345 from kirbyfan64/tmpfiles-c-empty
tmpfiles: Make C still copy if the destination directory is empty
Zbigniew Jędrzejewski-Szmek [Tue, 15 Jan 2019 15:44:27 +0000 (16:44 +0100)]
Merge pull request #11428 from yuwata/network-issue-9130-v2
network: wait for kernel to reply ipv6 peer address
Zbigniew Jędrzejewski-Szmek [Tue, 15 Jan 2019 07:29:49 +0000 (08:29 +0100)]
NEWS: typos
Yu Watanabe [Sun, 13 Jan 2019 15:30:37 +0000 (00:30 +0900)]
network: make Link and NetDev always have the valid poiter to Manager
c4397d94c3d94909188d82e086ebedf5d3690569 introduces
link_detach_from_manager() and netdev_detach_from_manager(), and they
set Link::manager or NetDev::manager NULL.
But, at the time e.g. link is removed, hence link_drop() is called,
there may be still some asynchronous netlink call is waiting, and
their callbacks hit assertion.
This make {link,netdev}_detach_from_manager() just drop all references
from manager, but keep the pointer to manager.
Fixes #11411.
Mikhail Kasimov [Tue, 15 Jan 2019 13:30:22 +0000 (15:30 +0200)]
Update uk.po
Updated translation for ```src/timedate/org.freedesktop.timedate1.policy```
Zbigniew Jędrzejewski-Szmek [Tue, 15 Jan 2019 07:17:44 +0000 (08:17 +0100)]
udev: do logging before setting variables to NULL
gcc-9 diagnoses this as an error.
Reported by Jeff Law.
Mikhail Kasimov [Tue, 15 Jan 2019 12:52:34 +0000 (14:52 +0200)]
Update systemd-system.conf.xml
Updating due to phrase "Defaults to DefaultTimeoutStartSec= from the manager configuration file, except when Type=oneshot is used, in which case the timeout is disabled by default (see systemd-system.conf)" from [0] https://github.com/systemd/systemd/blob/master/man/systemd.service.xml
Topi Miettinen [Tue, 15 Jan 2019 07:12:28 +0000 (09:12 +0200)]
Remove 'inline' attributes from static functions in .c files (#11426)
Let the compiler perform inlining (see #11397).
Yu Watanabe [Mon, 14 Jan 2019 20:48:39 +0000 (05:48 +0900)]
test: add a testcase for Address.Peer= with ipv6
Testcase for #9130.
Susant Sahani [Mon, 10 Dec 2018 17:05:40 +0000 (22:35 +0530)]
networkd: wait for kernel to reply ipv6 peer address
When we configure address with peer, peer address is repliedby kernel.
Hence add the peer when it is available.
Closes #9130.
Michael Biebl [Mon, 14 Jan 2019 01:39:11 +0000 (02:39 +0100)]
Merge pull request #11417 from yuwata/fix-11416
udevadm: fix segfault
Yu Watanabe [Mon, 14 Jan 2019 01:06:21 +0000 (10:06 +0900)]
test: add a testcase for 23 wirguard peers
Yu Watanabe [Mon, 14 Jan 2019 00:45:20 +0000 (09:45 +0900)]
network: wireguard: rename and split set_wireguard_interface()
This does not change the behavior except for fixing the issue #11404.
Fixes #11404.
Yu Watanabe [Sun, 13 Jan 2019 19:43:33 +0000 (04:43 +0900)]
netlink: set maximum size of WGDEVICE_A_IFNAME
Yu Watanabe [Sun, 13 Jan 2019 21:34:15 +0000 (06:34 +0900)]
udevadm: fix segfault
Fixes #11416.
Yu Watanabe [Sat, 12 Jan 2019 23:42:32 +0000 (08:42 +0900)]
man: fix reference
Fixes #11396.
Zbigniew Jędrzejewski-Szmek [Sun, 13 Jan 2019 10:11:22 +0000 (11:11 +0100)]
Merge pull request #11409 from yuwata/udev-synthetic-errno
udev: update logs
Yu Watanabe [Sun, 13 Jan 2019 08:55:33 +0000 (17:55 +0900)]
udev: use ENODATA when 'No entry found from hwdb'
Before:
IMPORT builtin 'hwdb' fails: No such file or directory
After:
IMPORT builtin 'hwdb' fails: No data available
Previous log is confusing and may be understood as hwdb file not exist.
Yu Watanabe [Sun, 13 Jan 2019 08:50:47 +0000 (17:50 +0900)]
udev: use SYNTHETIC_ERRNO() macro in log_device_*_errno()
Evgeny Vereshchagin [Sun, 13 Jan 2019 01:45:48 +0000 (04:45 +0300)]
Merge pull request #11393 from mrc0mmand/fix-service-masking-in-TEST-01-BASIC
test: drop service masking in TEST-01-BASIC
Yu Watanabe [Sun, 13 Jan 2019 00:42:28 +0000 (09:42 +0900)]
README: mention that meson-0.49 is required to build PIEs
Follow-up for
4e4bbc439eb7f16a608f457d3eaac08c60633212.
Yu Watanabe [Sun, 13 Jan 2019 00:31:27 +0000 (09:31 +0900)]
NEWS: add more entries
Zbigniew Jędrzejewski-Szmek [Sat, 12 Jan 2019 19:35:17 +0000 (20:35 +0100)]
NEWS: document deprecation of PermissionsStartOnly= in v240
https://github.com/systemd/systemd/pull/10802#issuecomment-
453772058
Zbigniew Jędrzejewski-Szmek [Thu, 10 Jan 2019 21:25:52 +0000 (22:25 +0100)]
NEWS: update for v241
Topi Miettinen [Sat, 5 Jan 2019 18:37:34 +0000 (20:37 +0200)]
Delete duplicate lines
Found by inspecting results of running this small program:
int main(int argc, const char **argv) {
for (int i = 1; i < argc; i++) {
FILE *f;
char line[1024], prev[1024], *r;
int lineno;
prev[0] = '\0';
lineno = 1;
f = fopen(argv[i], "r");
if (!f)
exit(1);
do {
r = fgets(line, sizeof(line), f);
if (!r)
break;
if (strcmp(line, prev) == 0)
printf("%s:%d: error: dup %s", argv[i], lineno, line);
lineno++;
strcpy(prev, line);
} while (!feof(f));
fclose(f);
}
}
Zbigniew Jędrzejewski-Szmek [Sat, 12 Jan 2019 15:00:52 +0000 (16:00 +0100)]
Merge pull request #11196 from yuwata/udevd-tiny-cleanups
udev: tiny cleanups
Frantisek Sumsal [Sat, 12 Jan 2019 09:48:13 +0000 (10:48 +0100)]
test: limit environments for systemd-hwdb-update under ASan
Frantisek Sumsal [Fri, 11 Jan 2019 15:51:49 +0000 (16:51 +0100)]
test: bump QEMU_SMP to 4 when running under ASan/UBSan
Frantisek Sumsal [Fri, 11 Jan 2019 15:49:49 +0000 (16:49 +0100)]
test: bump QEMU memory to 1536M when running under ASan/UBSan
Yu Watanabe [Sat, 12 Jan 2019 00:31:56 +0000 (09:31 +0900)]
udevd: refuse devices which do not have ACTION property
Yu Watanabe [Tue, 18 Dec 2018 06:26:54 +0000 (15:26 +0900)]
udevd: drop unnecessary brackets
Yu Watanabe [Tue, 18 Dec 2018 06:18:26 +0000 (15:18 +0900)]
udevd: make worker also log ACTION property
Yu Watanabe [Tue, 18 Dec 2018 06:11:24 +0000 (15:11 +0900)]
udevd: reject devices which do not have SEQNUM
Yu Watanabe [Tue, 18 Dec 2018 06:03:50 +0000 (15:03 +0900)]
udevd: provide worker_hash_ops and drop manager_workers_free()
Yu Watanabe [Tue, 18 Dec 2018 05:50:42 +0000 (14:50 +0900)]
udevd: use structured initializer at one more place
Yu Watanabe [Tue, 18 Dec 2018 05:49:17 +0000 (14:49 +0900)]
udevd: use worker_free() on failure in worker_new()
Otherwise, worker_monitor may not unrefed correctly.
Yu Watanabe [Fri, 11 Jan 2019 20:24:54 +0000 (05:24 +0900)]
sd-device-monitor: fix ordering of setting buffer size
By
b1c097af8df58a94cba031a347061b7cb9b62d9b (#10239), the receive buffer
size for uevents was set by SO_RCVBUF at first, and fallback to
use SO_RCVBUFFORCE. So, as SO_RCVBUF limits to the buffer size
net.core.rmem_max, which is usually much smaller than 128MB udevd requests,
uevents buffer size was not sufficient.
This fixes the ordering of the request: SO_RCVBUFFORCE first, and
fallback to SO_RCVBUF. Then, udevd's uevent buffer size can be set to
128MB.
This also revert
903893237a2105b05671fe87b8f5d5e7417040d2.
Fixes #11314 and #10754.
Yu Watanabe [Fri, 11 Jan 2019 20:51:37 +0000 (05:51 +0900)]
Merge pull request #11400 from ffontaine/master
Fix build with older kernels
Fabrice Fontaine [Fri, 11 Jan 2019 16:30:32 +0000 (17:30 +0100)]
lockfile-util.c: fix build without F_OFD_SETLK
systemd fails to build on kernel without F_OFD_SETLK since
https://github.com/systemd/systemd/commit/
9714c020fc4cda1823c2a77e3fd08aefa7d78b25
So put include missing_fcntl.h
Fixes:
- http://autobuild.buildroot.org/results/
699c078aa078240c6741da4dbd0871450ceeca92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 11 Jan 2019 16:24:21 +0000 (17:24 +0100)]
missing_syscall.h: include errno.h
This include is needed for errno and ENOSYS
Fixes:
- http://autobuild.buildroot.org/results/
699c078aa078240c6741da4dbd0871450ceeca92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 11 Jan 2019 16:08:48 +0000 (17:08 +0100)]
missing_if_link.h: add IFLA_BOND_MODE
systemd fails to build on kernel without IFLA_BOND_MODE (< 3.13) since
https://github.com/systemd/systemd/commit/
9714c020fc4cda1823c2a77e3fd08aefa7d78b25
So put back IFLA_BOND_MODE definition
Fixes:
- http://autobuild.buildroot.org/results/
699c078aa078240c6741da4dbd0871450ceeca92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 11 Jan 2019 15:36:06 +0000 (16:36 +0100)]
basic/tmpfile-util.c: fix build without O_TMPFILE
systemd fails to build on kernel without O_TMPFILE (< 3.11) since
https://github.com/systemd/systemd/commit/
dea72eda9cdbfeedd24cbe8c734ad0639bf96cde
To fix this error, include missing_fcntl.h
Fixes:
- http://autobuild.buildroot.org/results/
699c078aa078240c6741da4dbd0871450ceeca92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 11 Jan 2019 15:07:00 +0000 (16:07 +0100)]
capability: fix build without PR_CAP_AMBIENT
systemd fails to build on kernel without PR_CAP_AMBIENT (< 4.3) since
https://github.com/systemd/systemd/commit/
2a03bb3e65327c73008f1db485ffc75c432dc6b2
To fix this error, include missing_prctl.h in all files using
PR_CAP_AMBIENT
Fixes:
- http://autobuild.buildroot.org/results/
699c078aa078240c6741da4dbd0871450ceeca92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Frantisek Sumsal [Fri, 11 Jan 2019 14:51:07 +0000 (15:51 +0100)]
test: introduce QEMU_MEM
Some tests (mainly under ASan/UBSan) require more than 512M of memory,
so let's make it configurable (but still default to 512M).
Frantisek Sumsal [Fri, 11 Jan 2019 09:20:30 +0000 (10:20 +0100)]
test: drop service masking in TEST-01-BASIC
This test should ensure all systemd starts correctly, so masking them is
counter-productive in this case.
Zbigniew Jędrzejewski-Szmek [Thu, 10 Jan 2019 15:09:52 +0000 (16:09 +0100)]
Revert "nss: prevent PROTECT_ERRNO from squashing changes to *errnop"
This reverts commit
b26c90411343d74b15deb24bd87077848e316dab.
I don't see anythign wrong, but Ubuntu autopkgtest CI started failing fairly
consistently since this was merged. Let's see if reverting fixes things.
Sam Morris [Thu, 10 Jan 2019 17:05:34 +0000 (17:05 +0000)]
docs: note that udev doesn't deal with binary attribute values (#11383)
Related to #5329.
Michael Biebl [Thu, 10 Jan 2019 11:58:27 +0000 (12:58 +0100)]
meson: stop setting -fPIE globally
Setting -fPIE globally can lead to miscompilations on certain
architectures.
This is caused by both -fPIE and -fPIC options being added to various
compilation commands. Only -fPIC is being recorded in the LTO options
section of the object. The gcc-8 LTO plugin merges -fPIC + -fPIE to
nothing. So, the compilations done by the plugin are not
position-independent and fail to link with -pie.
The simplest solution is to stop setting -fPIE globally and instead
using meson's b_pie=true option. This requires meson 0.49 or later.
Since we don't set this option in meson.build but leave it up to the
distro maintainer to set this option, do not bump the meson version
requirement.
Fixes: #10548
Franck Bui [Thu, 10 Jan 2019 11:17:51 +0000 (12:17 +0100)]
Revert "logind: become the controlling terminal process before restoring VT"
This reverts commit
ad96887a1205bad9656d280c5681f482e6d04838.
Commit adb8688 alone should be enough to fix issue #9754.
Fixes #11269
Zbigniew Jędrzejewski-Szmek [Wed, 9 Jan 2019 11:58:00 +0000 (12:58 +0100)]
pam_systemd: reword message about not creating a session
The message is changed from
Cannot create session: Already running in a session...
to
Not creating session: Already running in a session...
This is more neutral and avoids suggesting a problem.
"Will not create session: ..." was suggested, but it sounds like the action
would have yet to be performed. I think Using present continuous is better.
Fixes #10822 (for good now, I hope).
Sam Morris [Wed, 9 Jan 2019 10:15:53 +0000 (10:15 +0000)]
nss: prevent PROTECT_ERRNO from squashing changes to *errnop
glibc passes in &errno for errnop, which means PROTECT_ERRNO ends up
squashing our intentional changes to *errnop.
Fixes #11321.
Zbigniew Jędrzejewski-Szmek [Thu, 10 Jan 2019 08:08:57 +0000 (09:08 +0100)]
Merge pull request #11376 from yuwata/11365-v2
udev: initialize sockets before fork()
Yu Watanabe [Thu, 10 Jan 2019 05:26:21 +0000 (14:26 +0900)]
Merge pull request #11350 from yuwata/logind-inhibitwhat-cleanups
login: cleanups for enum InhibitWhat
Yu Watanabe [Thu, 10 Jan 2019 05:25:58 +0000 (14:25 +0900)]
Merge pull request #11361 from yuwata/follow-up-11352
core/socket: two follow-ups for #11352
Yu Watanabe [Thu, 10 Jan 2019 05:25:25 +0000 (14:25 +0900)]
Merge pull request #11366 from keszybz/a-few-unrelated-cleanups
A few unrelated cleanups
Zbigniew Jędrzejewski-Szmek [Wed, 9 Jan 2019 13:08:29 +0000 (14:08 +0100)]
logind: do not pass negative number to strerror
Zbigniew Jędrzejewski-Szmek [Tue, 8 Jan 2019 21:41:16 +0000 (22:41 +0100)]
udev: open control and netlink sockets before daemonization
c4b69e990f962128cc6975e36e91e9ad838fa2c4 effectively moved the initalization of socket.
Before that commit:
run → listen_fds → udev_ctrl_new → udev_ctrl_new_from_fd → socket()
After:
run → main_loop → manager_new → udev_ctrl_new_from_fd → socket()
The problem is that main_loop was called after daemonization. Move manager_new
out of main_loop and before daemonization.
Fixes #11314 (hopefully ;)).
v2: Yu Watanabe
sd_event is initialized in main_loop().
Zbigniew Jędrzejewski-Szmek [Tue, 8 Jan 2019 21:56:50 +0000 (22:56 +0100)]
udevd: drop redundant call to sd_event_get_exit_code
sd_event_loop returns the same thing anyway.
Zbigniew Jędrzejewski-Szmek [Thu, 10 Jan 2019 00:12:22 +0000 (01:12 +0100)]
Merge pull request #11374 from keszybz/journal-fixes
Journal/journal-remote/coredump fixes
Zbigniew Jędrzejewski-Szmek [Fri, 7 Dec 2018 09:48:10 +0000 (10:48 +0100)]
journal-remote: set a limit on the number of fields in a message
Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
reused for the new error condition (too many fields).
This matches the change done for systemd-journald, hence forming the second
part of the fix for CVE-2018-16865
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
Zbigniew Jędrzejewski-Szmek [Fri, 7 Dec 2018 11:47:14 +0000 (12:47 +0100)]
journal-remote: verify entry length from header
Calling mhd_respond(), which ulimately calls MHD_queue_response() is
ineffective at point, becuase MHD_queue_response() immediately returns
MHD_NO signifying an error, because the connection is in state
MHD_CONNECTION_CONTINUE_SENT.
As Christian Grothoff kindly explained:
> You are likely calling MHD_queue_repsonse() too late: once you are
> receiving upload_data, HTTP forces you to process it all. At this time,
> MHD has already sent "100 continue" and cannot take it back (hence you
> get MHD_NO!).
>
> In your request handler, the first time when you are called for a
> connection (and when hence *upload_data_size == 0 and upload_data ==
> NULL) you must check the content-length header and react (with
> MHD_queue_response) based on this (to prevent MHD from automatically
> generating 100 continue).
If we ever encounter this kind of error, print a warning and immediately
abort the connection. (The alternative would be to keep reading the data,
but ignore it, and return an error after we get to the end of data.
That is possible, but of course puts additional load on both the
sender and reciever, and doesn't seem important enough just to return
a good error message.)
Note that sending of the error does not work (the connection is always aborted
when MHD_queue_response is used with MHD_RESPMEM_MUST_FREE, as in this case)
with libµhttpd 0.59, but works with 0.61:
https://src.fedoraproject.org/rpms/libmicrohttpd/pull-request/1
Zbigniew Jędrzejewski-Szmek [Fri, 7 Dec 2018 11:13:10 +0000 (12:13 +0100)]
µhttpd: use a cleanup function to call MHD_destroy_response
Zbigniew Jędrzejewski-Szmek [Wed, 5 Dec 2018 21:52:53 +0000 (22:52 +0100)]
journald: lower the maximum entry size limit to ½ for non-sealed fds
We immediately read the whole contents into memory, making thigs much more
expensive. Sealed fds should be used instead since they are more efficient
on our side.
Zbigniew Jędrzejewski-Szmek [Wed, 5 Dec 2018 21:50:39 +0000 (22:50 +0100)]
journald: when processing a native message, bail more quickly on overbig messages
We'd first parse all or most of the message, and only then consider if it
is not too large. Also, when encountering a single field over the limit,
we'd still process the preceding part of the message. Let's be stricter,
and check size limits early, and let's refuse the whole message if it fails
any of the size limits.
Zbigniew Jędrzejewski-Szmek [Wed, 5 Dec 2018 21:45:02 +0000 (22:45 +0100)]
journald: set a limit on the number of fields (1k)
We allocate a iovec entry for each field, so with many short entries,
our memory usage and processing time can be large, even with a relatively
small message size. Let's refuse overly long entries.
CVE-2018-16865
https://bugzilla.redhat.com/show_bug.cgi?id=1653861
What from I can see, the problem is not from an alloca, despite what the CVE
description says, but from the attack multiplication that comes from creating
many very small iovecs: (void* + size_t) for each three bytes of input message.
Zbigniew Jędrzejewski-Szmek [Wed, 5 Dec 2018 20:34:24 +0000 (21:34 +0100)]
coredump: fix message when we fail to save a journald coredump
If creation of the message failed, we'd write a bogus entry:
systemd-coredump[1400]: Cannot store coredump of 416 (systemd-journal): No space left on device
systemd-coredump[1400]: MESSAGE=Process 416 (systemd-journal) of user 0 dumped core.
systemd-coredump[1400]: Coredump diverted to
Zbigniew Jędrzejewski-Szmek [Wed, 5 Dec 2018 17:48:23 +0000 (18:48 +0100)]
basic/process-util: limit command line lengths to _SC_ARG_MAX
This affects systemd-journald and systemd-coredump.
Example entry:
$ journalctl -o export -n1 'MESSAGE=Something logged'
__CURSOR=s=
976542d120c649f494471be317829ef9;i=34e;b=
4871e4c474574ce4a462dfe3f1c37f06;m=
c7d0c37dd2;t=
57c4ac58f3b98;x=
67598e942bd23dc0
__REALTIME_TIMESTAMP=
1544035467475864
__MONOTONIC_TIMESTAMP=
858200964562
_BOOT_ID=
4871e4c474574ce4a462dfe3f1c37f06
PRIORITY=6
_UID=1000
_GID=1000
_CAP_EFFECTIVE=0
_SELINUX_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
_AUDIT_SESSION=1
_AUDIT_LOGINUID=1000
_SYSTEMD_OWNER_UID=1000
_SYSTEMD_UNIT=user@1000.service
_SYSTEMD_SLICE=user-1000.slice
_SYSTEMD_USER_SLICE=-.slice
_SYSTEMD_INVOCATION_ID=
1c4a469986d448719cb0f9141a10810e
_MACHINE_ID=
08a5690a2eed47cf92ac0a5d2e3cf6b0
_HOSTNAME=krowka
_TRANSPORT=syslog
SYSLOG_FACILITY=17
SYSLOG_IDENTIFIER=syslog-caller
MESSAGE=Something logged
_COMM=poc
_EXE=/home/zbyszek/src/systemd-work3/poc
_SYSTEMD_CGROUP=/user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service
_SYSTEMD_USER_UNIT=gnome-terminal-server.service
SYSLOG_PID=4108
SYSLOG_TIMESTAMP=Dec 5 19:44:27
_PID=4108
_CMDLINE=./poc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>
_SOURCE_REALTIME_TIMESTAMP=
1544035467475848
$ journalctl -o export -n1 'MESSAGE=Something logged' --output-fields=_CMDLINE|wc
6 2053 2097410
2MB might be hard for some clients to use meaningfully, but OTOH, it is
important to log the full commandline sometimes. For example, when the program
is crashing, the exact argument list is useful.
Zbigniew Jędrzejewski-Szmek [Wed, 5 Dec 2018 17:38:39 +0000 (18:38 +0100)]
journald: do not store the iovec entry for process commandline on stack
This fixes a crash where we would read the commandline, whose length is under
control of the sending program, and then crash when trying to create a stack
allocation for it.
CVE-2018-16864
https://bugzilla.redhat.com/show_bug.cgi?id=1653855
The message actually doesn't get written to disk, because
journal_file_append_entry() returns -E2BIG.
Zbigniew Jędrzejewski-Szmek [Wed, 5 Dec 2018 16:53:50 +0000 (17:53 +0100)]
journald: remove unnecessary {}
Zbigniew Jędrzejewski-Szmek [Wed, 5 Dec 2018 16:33:15 +0000 (17:33 +0100)]
coredump: remove duplicate MESSAGE= prefix from message
systemd-coredump[9982]: MESSAGE=Process 771 (systemd-journal) of user 0 dumped core.
systemd-coredump[9982]: Coredump diverted to /var/lib/systemd/coredump/core...
log_dispatch() calls log_dispatch_internal() which calls write_to_journal()
which appends MESSAGE= on its own.
Yu Watanabe [Tue, 8 Jan 2019 18:35:55 +0000 (03:35 +0900)]
core/mount: make mount_setup_existing_unit() not drop MOUNT_PROC_JUST_MOUNTED flag from units
This fixes a bug introduced by
ec88d1ea0591beccab97d9096fd3fd7b09bc823c.
Fixes #11362.
Zbigniew Jędrzejewski-Szmek [Tue, 8 Jan 2019 22:09:37 +0000 (23:09 +0100)]
timesyncd,resolved,machinectl: drop calls to sd_event_get_exit_code()
In all three cases, sd_event_loop() will return the exit code anyway.
If sd_event_loop() returns negative, failure is logged and results in an
immediate return. Otherwise, we don't care if sd_event_loop() returns 0
or positive, because the return value feeds into DEFINE_MAIN_FUNCTION(), which
doesn't make the distinction.
Zbigniew Jędrzejewski-Szmek [Fri, 4 Jan 2019 20:46:54 +0000 (21:46 +0100)]
Fix a few comments
Zbigniew Jędrzejewski-Szmek [Fri, 4 Jan 2019 17:30:58 +0000 (18:30 +0100)]
sd-device: modernize code a bit
Empty line between setting the output parameter and return is removed. I like
to think about both steps as part of returning from the function, and there's
no need to separate them.
Similarly, if we need to unset a pointer after successfully passing ownership,
use TAKE_PTR and do it immediately after the ownership change, without an empty
line inbetween.
Ryan Gonzalez [Mon, 7 Jan 2019 00:13:13 +0000 (18:13 -0600)]
test: Add tests for tmpfiles C behavior
Ryan Gonzalez [Mon, 7 Jan 2019 00:12:31 +0000 (18:12 -0600)]
tmpfiles: Make C still copy if the destination directory is empty
Fixes #11287.
Ryan Gonzalez [Mon, 7 Jan 2019 00:01:59 +0000 (18:01 -0600)]
copy: Add a COPY_MERGE_EMPTY flag to merge only if the target is empty
Yu Watanabe [Tue, 8 Jan 2019 17:46:03 +0000 (02:46 +0900)]
udev-node: make link_find_prioritized() return negative value when nothing found
Fixes a bug introduced by
a2554acec652fc65c8ed0c6c1fede9ba8c3693b1.
Fixes RHBZ#1662303.
Yu Watanabe [Tue, 8 Jan 2019 17:11:15 +0000 (02:11 +0900)]
core/socket: drop unnecessary assignment to 'r'
Follow-up for
e5417345289b477a70e7515c71551ad34f968a40.
As suggested in #11352.
Yu Watanabe [Tue, 8 Jan 2019 17:08:24 +0000 (02:08 +0900)]
core/socket: use macro to define log_address_error_errno()
Then, it is not necessary to suppress warnings.
Follow-up for
ae05e1b6584eb8f48a4530f963fea2c42e891034.
Ryan Gonzalez [Mon, 7 Jan 2019 18:27:38 +0000 (12:27 -0600)]
stat-util: Add dir_is_empty_at
Yu Watanabe [Mon, 7 Jan 2019 17:43:00 +0000 (02:43 +0900)]
login: simplify the condtion in assertion and slightly decrease binary size
Yu Watanabe [Mon, 7 Jan 2019 17:41:15 +0000 (02:41 +0900)]
login: use free_and_strdup() at one more place
Yu Watanabe [Mon, 7 Jan 2019 17:40:33 +0000 (02:40 +0900)]
login: adjust range of InhibitWhat in assertions
dana [Mon, 24 Dec 2018 11:15:38 +0000 (05:15 -0600)]
zsh completion: Prevent functions from clobbering each other, &c.
- Don't redefine helpers on every call
- Prefix helper names with main function name
- Adjust some helper names for consistency and convention adherance
marvelousblack [Tue, 8 Jan 2019 11:38:56 +0000 (19:38 +0800)]
Add Teclast X80 PLUS (H5C5) accel mount matrix
Zbigniew Jędrzejewski-Szmek [Tue, 8 Jan 2019 14:07:33 +0000 (15:07 +0100)]
Merge pull request #11355 from yuwata/rfe-11343
conf-parse: accept whitespaces before comments
Lennart Poettering [Tue, 8 Jan 2019 10:43:35 +0000 (11:43 +0100)]
Merge pull request #11352 from yuwata/rfe-11348
core/socket: logs address or path which fails to be initialized