Adrian Szyndela [Wed, 5 Feb 2020 11:35:36 +0000 (12:35 +0100)]
Merge v234 into tizen
Change-Id: If676fe909a40eadc60ee5ff023abe4ee2c64b44e
Adrian Szyndela [Tue, 25 Feb 2020 15:51:26 +0000 (16:51 +0100)]
tests: correct test-bus-benchmark test name
Additionally, move the entry to the alphabetically correct position after
the name change.
Change-Id: I348bae84a948eb35cfcb9858465156c66b6f01eb
Adrian Szyndela [Tue, 25 Feb 2020 15:36:28 +0000 (16:36 +0100)]
Revert "sd-bus: don't assert() on valid signatures"
This reverts commit
ce8057d08863785b3d4b1b398ce848d42200a913.
This commit added excess 'append'. It caused assert in tests
due to not enough 'read's.
Change-Id: I27e1cb2acbe4a086fde15810ef132d1747ee8d81
Hyotaek Shim [Mon, 17 Feb 2020 04:54:18 +0000 (13:54 +0900)]
Increase the max number of INotify instances per real user ID
Change-Id: I49a2ed1881d03def82be5a83ae5b6eb0db01ce6c
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
INSUN PYO [Wed, 22 Jan 2020 02:21:43 +0000 (11:21 +0900)]
Exclude systemd-remount-fs.service
Change-Id: I653420164edb44a7a941f5c98887dc3ee6d4852e
Hyotaek Shim [Thu, 9 Jan 2020 09:23:18 +0000 (18:23 +0900)]
Apply priv_keygrab:r ACL rule to /dev/input
Change-Id: I8174ccd81aa3970a76a6f3680234dae77d920429
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Zbigniew Jędrzejewski-Szmek [Wed, 21 Feb 2018 13:04:50 +0000 (14:04 +0100)]
missing_syscall: when adding syscall replacements, use different names (#8229)
In meson.build we check that functions are available using:
meson.get_compiler('c').has_function('foo')
which checks the following:
- if __stub_foo or __stub___foo are defined, return false
- if foo is declared (a pointer to the function can be taken), return true
- otherwise check for __builtin_memfd_create
_stub is documented by glibc as
It defines a symbol '__stub_FUNCTION' for each function
in the C library which is a stub, meaning it will fail
every time called, usually setting errno to ENOSYS.
So if __stub is defined, we know we don't want to use the glibc version, but
this doesn't tell us if the name itself is defined or not. If it _is_ defined,
and we define our replacement as an inline static function, we get an error:
In file included from ../src/basic/missing.h:1358:0,
from ../src/basic/util.h:47,
from ../src/basic/calendarspec.h:29,
from ../src/basic/calendarspec.c:34:
../src/basic/missing_syscall.h:65:19: error: static declaration of 'memfd_create' follows non-static declaration
static inline int memfd_create(const char *name, unsigned int flags) {
^~~~~~~~~~~~
.../usr/include/bits/mman-shared.h:46:5: note: previous declaration of 'memfd_create' was here
int memfd_create (const char *__name, unsigned int __flags) __THROW;
^~~~~~~~~~~~
To avoid this problem, call our inline functions different than glibc,
and use a #define to map the official name to our replacement.
Fixes #8099.
v2:
- use "missing_" as the prefix instead of "_"
v3:
- rebase and update for statx()
Unfortunately "statx" is also present in "struct statx", so the define
causes issues. Work around this by using a typedef.
I checked that systemd compiles with current glibc
(glibc-devel-2.26-24.fc27.x86_64) if HAVE_MEMFD_CREATE, HAVE_GETTID,
HAVE_PIVOT_ROOT, HAVE_SETNS, HAVE_RENAMEAT2, HAVE_KCMP, HAVE_KEYCTL,
HAVE_COPY_FILE_RANGE, HAVE_BPF, HAVE_STATX are forced to 0.
Setting HAVE_NAME_TO_HANDLE_AT to 0 causes an issue, but it's not because of
the define, but because of struct file_handle.
(backported from commit
5187dd2c403caf92d09f3491e41f1ceb3f10491f)
Change-Id: I46ed455f1d0a7c6eacd69b04f22deb756cc7590f
Matija Skala [Wed, 15 Mar 2017 12:21:10 +0000 (13:21 +0100)]
fix includes
linux/sockios.h is needed for the SIOCGSTAMPNS macro
xlocale.h is included indirectly in glibc and doesn't even exist in
other libcs
(cherry picked from commit
284d1cd0a12cad96a5ea61d1afb0dd677dbd147e)
Change-Id: I4c0c42b0a58fb79b165ac168a9ced6bca8e07152
Zbigniew Jędrzejewski-Szmek [Wed, 1 Feb 2017 00:55:33 +0000 (19:55 -0500)]
nss-util: silence warning about deprecated RES_USE_INET6
src/nss-resolve/nss-resolve.c: In function ‘_nss_resolve_gethostbyname_r’:
src/nss-resolve/nss-resolve.c:680:13: warning: RES_USE_INET6 is deprecated
NSS_GETHOSTBYNAME_FALLBACKS(resolve);
^~~~~~~~~~~~~~~~~~~~~~~~~
In glibc bz #19582, RES_USE_INET6 was deprecated. This might make sense for
clients, but they didn't take into account nss module implementations which
*must* continue to support the option. glibc internally defines
DEPRECATED_RES_USE_INET6 which can be used without emitting a warning, but
it's not exported publicly. Let's do the same, and just copy the definition
to our header.
(cherry picked from commit
6154d33de3f15bbd5d5df718103af9c37ba0a768)
Change-Id: Ib3c91b6752800385429c51a95572a3b2b1d31ad3
Mateusz Moscicki [Mon, 18 Nov 2019 13:39:07 +0000 (14:39 +0100)]
core: be stricter when handling PID files and MAINPID sd_notify() messages
Let's be more restrictive when validating PID files and MAINPID=
messages: don't accept PIDs that make no sense, and if the configuration
source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
source is considered trusted when the PID file is owned by root, or the
message was received from root.
This should lock things down a bit, in case service authors write out
PID files from unprivileged code or use NotifyAccess=all with
unprivileged code. Note that doing so was always problematic, just now
it's a bit less problematic.
When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
logic, to ensure that we won't follow an unpriviled-owned symlink to a
privileged-owned file thinking this was a valid privileged PID file,
even though it really isn't.
Fixes: #6632
(cherry picked from commit
db256aab13d8a89d583ecd2bacf0aca87c66effc)
Resolves: #1663143
Change-Id: Id91df4fb9e46224a12dc6c260a1c3b8a9e4cc553
Mateusz Moscicki [Mon, 18 Nov 2019 12:23:52 +0000 (13:23 +0100)]
notify: add new --uid= command
The new --uid= switch allows selecting the UID from which the
notificaiton messages shall originate.
This is primarily useful for testing purposes, but might have other
uses.
(cherry picked from commit:
65c6b99094580afa186199d8091cd7536900526c)
Change-Id: I1531bb34818ef8daa3eb8a7c8e973ef9d4aa1ba1
Mateusz Moscicki [Mon, 18 Nov 2019 11:42:23 +0000 (12:42 +0100)]
sd-dameon: also sent ucred when our UID differs from EUID
Let's be explicit, and always send the messages from our UID and never
our EUID. Previously this behaviour was conditionalized only on whether
the PID was specified, which made this non-obvious.
(cherry picked from commit
9e1d021ee3f147486c5cfac69b3cbf6f4b36eb79)
Change-Id: I732ce2169e00f2f5fe8e7f7403d6f31dc66842a2
Mateusz Moscicki [Wed, 20 Nov 2019 13:52:46 +0000 (14:52 +0100)]
fs-util: add new chase_symlinks() flag CHASE_OPEN
The new flag returns the O_PATH fd of the final component, which may be
converted into a proper fd by open()ing it again through the
/proc/self/fd/xyz path.
Together with O_SAFE this provides us with a somewhat safe way to open()
files in directories potentially owned by unprivileged code, where we
want to refuse operation if any symlink tricks are played pointing to
privileged files.
(cherry picked from commit
1ed34d75d4f21d2335c5625261954c848d176ae6)
Change-Id: I5e5ce0affec97e4d19483b4f534db99f4f950f89
Related: #1663143
Mateusz Moscicki [Wed, 20 Nov 2019 13:34:23 +0000 (14:34 +0100)]
fs-util: add new CHASE_SAFE flag to chase_symlinks()
When the flag is specified we won't transition to a privilege-owned
file or directory from an unprivileged-owned one. This is useful when
privileged code wants to load data from a file unprivileged users have
write access to, and validates the ownership, but want's to make sure
that no symlink games are played to read a root-owned system file
belonging to a different context.
(cherry picked from commit
f14f1806e329fe92d01f15c22a384702f0cb4ae0)
Change-Id: I86dfede53114a23d708744a9c47abc9eaf05a8d1
Related: #1663143
Mateusz Moscicki [Wed, 13 Nov 2019 15:32:24 +0000 (16:32 +0100)]
backport chase_symlinks
Related: #1663143
Change-Id: I57d945a208ade174c89ea2736357d8bce541a46f
Zbigniew Jędrzejewski-Szmek [Thu, 29 Sep 2016 14:06:02 +0000 (16:06 +0200)]
pid1: process zero-length notification messages again
This undoes
531ac2b234. I acked that patch without looking at the code
carefully enough. There are two problems:
- we want to process the fds anyway
- in principle empty notification messages are valid, and we should
process them as usual, including logging using log_unit_debug().
CVE-2016-7795
Change-Id: I1dfb10c7a3ffeb7a5ed9d0ace4a94bee36c846b4
INSUN PYO [Tue, 5 Nov 2019 02:51:19 +0000 (11:51 +0900)]
logind: change the power key to disabled
Tizen does not support power off without deviced.
So, you need to turn off the power key function in logind.
1. Disable TAG+="power-switch" uevent rules because logind uses "power-switch" uevent to recognize the power key.
2. Change default behavior for power key to ignore.
Change-Id: I0523d4cc46ce2edd05e479e9101c6d20f70b4296
Hyotaek Shim [Mon, 7 Oct 2019 11:43:04 +0000 (20:43 +0900)]
Remove the smack exec label of busctl
Change-Id: Iaab47bd04b0c480fa2c2e9e5deeeded9d461c4b4
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Hyungju Lee [Tue, 10 Sep 2019 02:06:08 +0000 (11:06 +0900)]
Change smack label of /dev/full from '_' to '*'
Change-Id: I706f14f7e8d767b0d7904a08e793f424c47e001b
Hyotaek Shim [Thu, 22 Aug 2019 11:46:11 +0000 (20:46 +0900)]
Add dbus policy for org.tizen.system.BootingDone
Change-Id: I8f0bd7887b5f1cbd7637c00e03240e4d5e09e4c7
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Yunmi Ha [Tue, 20 Aug 2019 08:06:57 +0000 (08:06 +0000)]
Revert "tizen: Add additional units for "unified" user session"
This reverts commit
a2a4073acee7935040cc25380d4f51010903d9ca.
We've optimized systemd-user without unified system/session.
So, we revert the patch for unified system/session.
Change-Id: I11f6a43185aa3531c05787226a896d4a76cf2e11
Paweł Szewczyk [Fri, 26 Jul 2019 08:48:24 +0000 (10:48 +0200)]
Use separate udev tag for devices in user session
The system-user tag can be used to mark devices that will be enumerated by
systemd in 'systemd --user' instance.
Change-Id: I5889f50df6c329de36c2544ee5cf1ba1c52ad433
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
INSUN PYO [Fri, 19 Jul 2019 08:23:57 +0000 (17:23 +0900)]
Rework delayed.target
start delayed.service --> finish default.target --> start all of delayed.service -->
finish delayed.target --> StartupFinished
Change-Id: I2f291ea8b5f535157eec4f105f2c37b0cea448c9
INSUN PYO [Wed, 26 Jun 2019 00:12:45 +0000 (09:12 +0900)]
Change the config value of the "RemainAfterExit=" ("true" -> "yes")
Change-Id: I56db28be6f0cecd0562ba8db6bb1d4af0b1a3b7b
INSUN PYO [Fri, 7 Jun 2019 06:30:41 +0000 (15:30 +0900)]
Add delayed target
Change-Id: I0527d1387500c699be0fbc319c702a77d9ae587b
INSUN PYO [Mon, 29 Apr 2019 02:48:02 +0000 (11:48 +0900)]
Remove container feature
Change-Id: Ie6c5459f4cb6cafe55bdddf8b1857862ec64c967
INSUN PYO [Wed, 13 Mar 2019 05:42:46 +0000 (14:42 +0900)]
Revert: Description : Adding new interfaces related to user information.
Container feature is removed.
So functions associated with the container user should also be removed.
Change-Id: I862eeacdcc3148be8ac2e66a8de47b240d55b2e2
Mateusz Moscicki [Thu, 25 Apr 2019 10:17:53 +0000 (12:17 +0200)]
tizen: Add additional units for "unified" user session
The unified user session is about moving user session units, managed by
systemd --user, to main systemd, where it's managed as part of newly
created user@.target.
user@.target will contain same units as previously available in user/,
with same UID and environment setup. systemd instance is used for unit
to be able to specify UID (inherited from user@.target).
The rationale behind this work is following:
* VD requirement to remove user session support
* boot time optimization requirements, due to:
+ 'systemd --user' taking 1s its own startup that could be used for
unit startup
+ ability to better rearrange units if these managed by one systemd
instance
Unit installed by this commit will not be used till user login mechanism
will be changed in systemd package (via changing pam_systemd to start
user@.target, rather than user@.service).
Change-Id: I6c9512fda4c0c4275d78a6ca71372debc4d7e96e
Hyotaek Shim [Wed, 8 May 2019 11:55:31 +0000 (20:55 +0900)]
Change the default smack label of /dev
(Before)
smack access label: *
default access label: _
(After)
smack access label: *
default access label: *
Change-Id: Iffd4793655a8080501388d40a2f812269b8613cb
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Cheoleun Moon [Fri, 19 Apr 2019 07:31:03 +0000 (16:31 +0900)]
Add SECLABEL for /dev/net/tun
Change smack label of /dev/net/tun to *
Change-Id: Ie3c7d4e908a077064cb4d5ba5e4e082a7409da64
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
INSUN PYO [Tue, 16 Apr 2019 04:25:07 +0000 (13:25 +0900)]
Revert "core: fix the CGROUP spawning error as a workaround"
This reverts commit
adce88455e758166ad4f2103724cd34c11c5f141.
Change-Id: Ie76d6183f8f5966fa9187666a5777c1c50926353
INSUN PYO [Mon, 15 Apr 2019 11:13:25 +0000 (20:13 +0900)]
Fixed an incorrect parameter passing to the log function.
Change-Id: I5274fd466e79b7773c4903fcfc17f89b3e5cad53
Hyotaek Shim [Mon, 15 Apr 2019 07:08:10 +0000 (16:08 +0900)]
Enable stack protection option, -fstack-clash-protection
http://suprem.sec.samsung.net/jira/browse/SATIZENVUL-1930
http://suprem.sec.samsung.net/jira/browse/SATIZENVUL-1933
Change-Id: I0c3292fd0d7fdd69a1aa902a1e9d8b75a6f11d87
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
INSUN PYO [Mon, 11 Mar 2019 12:27:22 +0000 (21:27 +0900)]
Revert: Mv /etc/systemd/{system,user} to /opt/etc/systemd/
No more modules to modify /etc/systemd.
Change-Id: I39d5303a79201bf9573b83c66b5c64232e67ffae
Yu Watanabe [Fri, 10 Aug 2018 02:07:54 +0000 (11:07 +0900)]
journal: do not remove multiple spaces after identifier in syslog message
Single space is used as separator.
C.f. discussions in #156.
Fixes #9839 introduced by
a6aadf4ae0bae185dc4c414d492a4a781c80ffe5.
Change-Id: I2cabac6e0d99634aeb148b4d7698a67d84b546dd
Yu Watanabe [Wed, 8 Aug 2018 06:06:36 +0000 (15:06 +0900)]
journal: fix syslog_parse_identifier()
Fixes #9829.
Change-Id: I6d48464ad02397990973c93153cdbf2e0a6e26cd
sanghyeok.oh [Tue, 29 Jan 2019 07:19:49 +0000 (16:19 +0900)]
busctl: set execute label as 'System'
Change-Id: Id76f4cc5c2ab52c61355033fb4bcf8681d2cedbf
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
Hyotaek Shim [Fri, 25 Jan 2019 08:50:42 +0000 (17:50 +0900)]
Minor fix regarding "update-alternatives --remove systemd-shutdown.."
Change-Id: I33510d36510a468c9fa67265f3ba3e73934080a0
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Karol Lewandowski [Wed, 9 Jan 2019 15:16:19 +0000 (16:16 +0100)]
tizen: Allow replacing systemd-shutdown
This will be used by deviced to install custom shutdown handler.
Change-Id: I1f921fbae7d05f9ba937bb68cfa997a310407484
INSUN PYO [Tue, 15 Jan 2019 05:19:43 +0000 (14:19 +0900)]
dbus1-generator: Fixed the problem of passing NULL argument to strcmp
If /usr/share/dbus-1/[system-]services does not have "Exec=" field, "exec" variable is NULL.
Passing NULL to strcmp, "Segmentation fault" occurs.
Change-Id: I04fa32d97452ab97dfd4cf4ec70a670fe96a2c09
Paweł Szewczyk [Fri, 30 Nov 2018 11:35:23 +0000 (12:35 +0100)]
fd-util: Fix error handling in safe_fclose
Function fclose_nointr returns negative value on error.
Change-Id: I881469ed78037d531d73e41c77b57aab004a713a
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
Karol Lewandowski [Wed, 21 Nov 2018 14:40:31 +0000 (15:40 +0100)]
Revert "Revert "tizen: All logins should use User::Shell smack label""
This reverts commit
c2d66807f77cd0607bf6d961d2cb11b64f7a97c5.
The problem was in security-config package that removed the service
file during image creation stage. The removal was caused by change
(SmackProcessLabel=) that didn't match its own "saved" policy.
Change-Id: I2680299ae1ea1920538f284a9e6c229d8b71f5c1
Hyotaek Shim [Mon, 19 Nov 2018 06:47:58 +0000 (06:47 +0000)]
Merge "Revert "tizen: All logins should use User::Shell smack label"" into tizen
Hyotaek Shim [Mon, 19 Nov 2018 06:44:39 +0000 (06:44 +0000)]
Revert "tizen: All logins should use User::Shell smack label"
This reverts commit
b94ec26c22938d9d83642732e3642b677bedbeb0.
Change-Id: I44c10ed7b75dc738fad7ef2df5c0ca1d50f22c1f
Hyotaek Shim [Fri, 16 Nov 2018 00:22:26 +0000 (00:22 +0000)]
Merge "tizen: All logins should use User::Shell smack label" into tizen
Karol Lewandowski [Thu, 15 Nov 2018 13:02:51 +0000 (14:02 +0100)]
tizen: All logins should use User::Shell smack label
Change-Id: I8c0e7de59689aa83bd0273af4a66dd7a8f823ec9
Michal Bloch [Mon, 5 Nov 2018 14:26:39 +0000 (15:26 +0100)]
Remove kdbus interface header
kdbus.h is now provided with other linux kernel headers.
Change-Id: Ida7d06aa1f27d88040f949fffd73f0d6cfd5f23e
Signed-off-by: Michal Bloch <m.bloch@samsung.com>
Hyotaek Shim [Thu, 1 Nov 2018 04:38:43 +0000 (13:38 +0900)]
core: don't drop timer expired but not yet processed when system date is changed
There is difference between time set by the user and real elapsed time because of accuracy feature.
If you change the system date(or time) between these times, the timer drops.
You can easily reproduce it with the following command.
-----------------------------------------------------------
$ systemd-run --on-active=3s ls; sleep 3; date -s "`date`"
-----------------------------------------------------------
In the following command, the problem is rarely reproduced. But it exists.
---------------------------------------------------------------------------------------------
$ systemd-run --on-active=3s --timer-property=AccuracySec=1us ls ; sleep 1; date -s "`date`"
---------------------------------------------------------------------------------------------
Note : Global AccuracySec value.
----------------------------------------------------------------------
$ cat /etc/systemd/system.conf
DefaultTimerAccuracySec=1min
----------------------------------------------------------------------
Origin source: https://github.com/systemd/systemd/commit/
fee04d7f3ab810e99b97535ca5fda2f9517acda9
Change-Id: Ibaaa89bec9c55f43336388ee85f07b89c1a50ea4
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Hyotaek Shim [Mon, 29 Oct 2018 06:58:49 +0000 (15:58 +0900)]
Remove unused bluetooth.target
Change-Id: I0ecbde7c179056840f34b05152d7dfaee48a6c0e
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Paweł Szewczyk [Fri, 5 Oct 2018 12:48:39 +0000 (14:48 +0200)]
socket: Serialize auxiliary file descriptors
When socket is serialized/deserialized it's important to keep all file
descriptors. This commit adds the serialization of auxiliary fds.
For now, only ffs sockets are using auxiliary descriptors.
Change-Id: I5fea0152fee51560e160fe5df4806b55a5b369d6
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
Adrian Szyndela [Fri, 21 Sep 2018 14:11:05 +0000 (16:11 +0200)]
D-Bus policy configs: fixed rules
Removed duplicate rules in all three configs, and specified proper sender
for receiving ActivationRequest signal in org.freedesktop.systemd1.conf.
Change-Id: I550c07ede30a0bb70a9bb3ca00d5771e1722826b
pr.jung [Fri, 21 Sep 2018 01:11:27 +0000 (01:11 +0000)]
Merge "Remove build warnings" into tizen
pr.jung [Mon, 17 Sep 2018 06:39:43 +0000 (15:39 +0900)]
Remove build warnings
- Add TIZEN_JOURNALD_KMSG
- Print kmsg log on dlogutil because journald is heavier than dlogutil
Change-Id: I763cfccbb0d877c52d8448de4a50966a33c84981
Signed-off-by: pr.jung <pr.jung@samsung.com>
Hyotaek Shim [Wed, 5 Sep 2018 09:23:10 +0000 (18:23 +0900)]
Set the smack label of executable binary tools
Apps (3rd party and even in-house Apps) are not permitted to run systemd tools directly.
User System::Tools rx
User::Shell System::Tools rx
System::TEF System::Tools rx
System::Privileged System::Tools rx
System System::Tools rx
Change-Id: I55a9b00a6ec0583d4673d9a41cdda7fbd9e23310
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Anchor Cat [Wed, 10 May 2017 11:23:58 +0000 (21:23 +1000)]
automount: ack automount requests even when already mounted
If a process accesses an autofs filesystem while systemd is in the
middle of starting the mount unit on top of it, it is possible for the
autofs_ptype_missing_direct request from the kernel to be received after
the mount unit has been fully started:
systemd forks and execs mount ...
... access autofs, blocks
mount exits ...
systemd receives SIGCHLD ...
... kernel sends request
systemd receives request ...
systemd needs to respond to this request, otherwise the kernel will
continue to block access to the mount point.
Cherry-picked from https://github.com/systemd/systemd/commit/
e7d54bf58789545a9eb0b3964233defa0b007318
Change-Id: Ibacc2c0ffee32846321864987324763214648732
(cherry picked from commit
5ccd5b2efc60d9f775a812878528f06b01189da5)
Adrian Szyndela [Fri, 6 Jul 2018 09:07:10 +0000 (11:07 +0200)]
busctl: eliminated some warnings
Eliminated const and casting warnings, along with a declaration
order warning.
Change-Id: I031a5d3d7bab61a2ec7afc6262eb12af159a74c8
Adrian Szyndela [Sat, 14 May 2016 20:10:22 +0000 (22:10 +0200)]
busctl: add usage of Monitoring interface for non-kernel connections
This commit is loosely based on Lars Uebernickel's commit
(reverted in
8f2f0ffe8246) in a way that it takes
his implementation of calling the Monitoring interface.
Unfortunately the original commit broke kernel connections. That's why
this commit makes it different for kernel and non-kernel connections.
To make it cleaner, preparing connections is extracted to separate
functions.
From Lars Uebernickel's original commit message - about Monitoring interface:
This is now the recommended way to do monitoring by upstream D-Bus.
It's also allowed in the default policy, whereas eavesdrop is not
anymore, which effectively broke busctl on many systems.
Change-Id: I886fff5a3ec49df6aab26b217d881f249591ca9a
Hyotaek Shim [Wed, 27 Jun 2018 10:47:30 +0000 (19:47 +0900)]
Revert "resolved: apply epoch to system time from PID 1"
This reverts commit
021dd87bc055a5bfb2dcef83fc868fe24648b959.
In Tizen Watch products, users can set the RTC as they want, even to the past.
Here, it has been observed that the system clock is reset every booting.
For instance,
1) After a boot, Kernel RTC is 2018-01-02.
2) Since the system clock initialized by RTC is 2018-01-02 is less than 2018-06-27 (TIME_EPOCH_USEC),
Systemd resets the system clock as TIME_EPOCH_USEC, but does not modify RTC.
Although the system clock shown to users is not an intended value, the time goes by to 2018-06-28.
3) After another reboot, the system clock is restored to 2018-06-27 (TIME_EPOCH_USEC)
because RTC is still less than TIME_EPOCH_USEC.
Change-Id: Ib2c61e9b1fd9d4b0d33f99868dda1daaec21878d
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Łukasz Stelmach [Fri, 31 Mar 2017 11:05:09 +0000 (13:05 +0200)]
spec: configure rpmmacrosdir instead of manually installing rpm macros
Change-Id: Iec5f938f97695f8eafcfc4f3b0b120d5fe77a54e
Lukas Nykryn [Tue, 30 Aug 2016 13:04:07 +0000 (15:04 +0200)]
install: fix disable when /etc/systemd/system is a symlink
Change-Id: I1bafa3e4bfea556e2abceee33b2b2bc6ab97b137
Origin: https://github.com/systemd/systemd/commit/
67852d08e6a35d34b428e8be64efdb3f003f4697
steelman [Tue, 14 Mar 2017 23:16:47 +0000 (00:16 +0100)]
build-sys: make RPM macros installation path configurable (#5564)
--with-rpmmacrosdir=no disables installation of the macros.
Change-Id: Ia663c3fb86bf658da57b59a4c17916c5c22645af
Origin: https://github.com/systemd/systemd/commit/
ff2e33db54719bfe8feea833571652318c6d197c
Mateusz Moscicki [Fri, 11 May 2018 12:58:41 +0000 (14:58 +0200)]
Set the default deny policy for system dbus
org.freedesktop.locale1.conf - send: deny, own: deny
org.freedesktop.login1.conf - send: deny, own: deny
org.freedesktop.systemd1.conf - send: deny, own: deny
Change-Id: I49f402d56f83700fe7528eab3e034cd845afc0a2
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Cristian Rodríguez [Fri, 5 Aug 2016 16:10:41 +0000 (16:10 +0000)]
buildsys,journal: allow -fsanitize=address without VALGRIND defined
Fixed (master) versions of libtool pass -fsanitize=address correctly
into CFLAGS and LDFLAGS allowing ASAN to be used without any special
configure tricks..however ASAN triggers in lookup3.c for the same
reasons valgrind does. take the alternative codepath if
__SANITIZE_ADDRESS__ is defined as well.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I1eb6c14a7d91b4d34fdc792620fe57a329037fa4
INSUN PYO [Wed, 7 Mar 2018 07:40:53 +0000 (16:40 +0900)]
logind: change smack label /run/user/%UID/system_share to "*"
INSUN PYO [Tue, 27 Feb 2018 08:48:52 +0000 (17:48 +0900)]
logind: change group and permission /run/user/%UID
1. change group and pemission of /run/usre/%UID to uid/system_share,0750
2. make /run/user/%UID/system_share to uid/system_share,0750
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ie22b8d4e96c1669f7068005952d83f7f4086b60c
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
INSUN PYO [Wed, 28 Feb 2018 02:29:47 +0000 (11:29 +0900)]
revert: Description : Adding to enable/disable the multiuser feature.
* I don't revert "unit/user@.service.m4.in (Environment=XDG_RUNTIME_DIR=/run/user/%U)
* If you want to revert this, you should add "session required pam_loginuid.so" to /etc/pam.d/systemd-user
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I6f8e132eb46a150968662bc2574fdf85eb715a52
INSUN PYO [Wed, 31 Jan 2018 01:02:17 +0000 (10:02 +0900)]
journald: Limit system journal size from 10M to 4M
A journald always loads two journal files (one is current and the other is just before) in memory using mmap.
So it always consumes as much memory as file size.
A journald rotates the log in 8 files.
Each log file has a SystemMaxUse/8 size.
(But the minimum value is 512k.)
So SystemMaxUse is 4M to minimize memory usage. (512k * 8 = 4M)
sh-3.2# memps `pidof systemd-journald`
S(CODE) S(DATA) P(CODE) P(DATA) ADDR(start-end) OBJECT NAME
-------- -------- -------- -------- -----------------------------------------------
4 0 508 0
f6d80000-
f6ec0000 /opt/var/log/journal/
999fcdd05c714da0859337c08df2230e/system@
800f735a88e44c35bc7cca47\
9a6984b1-
00000000000015ad-
000561d5c48aab1f.journal
0 4 302 0
f6c40000-
f6d80000 /opt/var/log/journal/
999fcdd05c714da0859337c08df2230e/system.journal
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I9aa53189eae878464acba58b5fdd490f6b3ba7f8
INSUN PYO [Fri, 19 Jan 2018 01:55:39 +0000 (10:55 +0900)]
reboot: change log level of reboot command from warning to debug
To prevent the annoying warning messages below :
"Failed to read reboot parameter file: No such file or directory"
"SYSTEMD_LOG_LEVEL=debug reboot" command can see the original log.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I7bb619998bb2cce8959956f73f3dd62d48525c33
Adrian Szyndela [Fri, 22 Dec 2017 08:08:31 +0000 (08:08 +0000)]
Merge "Add well-known-names -> unique names on graph" into tizen
Adrian Szyndela [Fri, 22 Dec 2017 08:06:28 +0000 (08:06 +0000)]
Merge "Add tool for processing graph generated by busctl dot." into tizen
Adrian Szyndela [Fri, 22 Dec 2017 08:04:30 +0000 (08:04 +0000)]
Merge "Generate graph from the traffic observable by busctl monitor." into tizen
Dawid Kuczma [Tue, 5 Dec 2017 08:31:16 +0000 (09:31 +0100)]
Add well-known-names -> unique names on graph
Usage:
--well-known-names=true
Change-Id: Ife01bd8d1a2d6acc4a45c6595bcc52c15d523742
Dawid Kuczma [Mon, 6 Nov 2017 12:50:59 +0000 (13:50 +0100)]
Add tool for processing graph generated by busctl dot.
Usage:
1) gvpr -f graphinfo.gvpr input_file
2) gvpr -f graphinfo.gvpr input_file -a node -a NODE
3) gvpr -f graphinfo.gvpr input_file -a -node -a NODE
Change-Id: Ie4d05c715df17b61c8c7ad1f7724977c9c2f8bb8
Dawid Kuczma [Thu, 28 Sep 2017 13:08:20 +0000 (15:08 +0200)]
Generate graph from the traffic observable by busctl monitor.
Busctl dot is used to visualize IPC traffic.
It generate dot output whitch can be visualized e.g. by using graphviz.
Also adds filtering by sender/receiver pid.
Internally busctl dot works similar to busctl capture.
It reuses monitor() framework.
--pid=PID -only show messages where sender or receiver pid is equal to PID
--sender-pid=PID -only show messages where sender pid is equal to PID
--receiver-pid=PID -same as above, but filtering by receiver pid.
Signed-off-by: Dawid Kuczma <d.kuczma@partner.samsung.com>
Change-Id: Id9ce46f5085dde10010e89057f78d58b3088d3bc
Hyotaek Shim [Fri, 15 Dec 2017 06:56:43 +0000 (15:56 +0900)]
tizen: Change the permission of /dev/kmsg to "root:log 660 *"
Through this patch, /usr/bin/dlog_logger (log:log) can access /dev/kmsg
without root credentials.
Change-Id: Ie955499c4a0bf1581cd64244cb94acfa6279719d
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
[ Minor style change in commit log. ]
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
INSUN PYO [Fri, 15 Dec 2017 03:35:07 +0000 (12:35 +0900)]
adjust the uid and secure_uid range
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I03793a7fb43e229999bee511298e39d68bf26f4d
INSUN PYO [Wed, 27 Sep 2017 07:10:21 +0000 (16:10 +0900)]
units: [user@.service] Set Group as users
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iaf0d6f57e6a4a124ac0301e38527bddcbb7fe679
INSUN PYO [Wed, 27 Sep 2017 07:03:46 +0000 (16:03 +0900)]
smack: [systemd-journald.service] Set SmackProcessLabel as System.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I55a3857e1afbb6f9e583f8901a7bcaf75699fdc8
iplayinsun [Mon, 4 Sep 2017 03:12:27 +0000 (12:12 +0900)]
core: merge the second CapabilityBoundingSet= lines by AND when it is prefixed with tilde (#6724)
If a unit file contains multiple CapabilityBoundingSet= or
AmbientCapabilities= lines, e.g.,
===
CapabilityBoundingSet=CAP_A CAP_B
CapabilityBoundingSet=~CAP_B CAP_C
===
before this commit, it results all capabilities except CAP_C are set to
CapabilityBoundingSet=, as each lines are always merged by OR.
This commit makes lines prefixed with ~ are merged by AND. So, for the
above example only CAP_A is set.
This makes easier to drop capabilities with drop-in config files.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ia5c42cfde0f3937f696f858f384387610477c6ea
INSUN PYO [Thu, 31 Aug 2017 04:10:36 +0000 (13:10 +0900)]
packaging: Remove unused systemd-tmpfiles-clean.service, systemd-tmpfiles-clean.timer
systemd-tmpfiles-clean.service and systemd-tmpfiles-clean.timer are already disabled.
Removes the file that was left to identify the history.
Removes the user to remove the systemd-tmpfiles-clean.service manually.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ifb105bedc29d7ab660c303059c8e3378c59a6e31
INSUN PYO [Mon, 28 Aug 2017 07:20:20 +0000 (16:20 +0900)]
smack: Set SmackProcessLabel as System.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I9019b145d0195ab6d5a8983adb15a24ac31ddd43
Yunmi Ha [Fri, 18 Aug 2017 08:37:11 +0000 (17:37 +0900)]
Remove upgrade script file from package
Change-Id: If547cb04400e412c00559881e312f831c2d25688
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
INSUN PYO [Mon, 31 Jul 2017 07:46:46 +0000 (16:46 +0900)]
hostnamed : disable hostnamed
Requested by MCD.
The connman, efl, bluez using hostnamed have also agreed to disable.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iecb82b74305201696caa77d108efa216051181ce
Yunmi Ha [Wed, 26 Jul 2017 06:56:36 +0000 (15:56 +0900)]
Add "NOEXEC" mount flag for /run
Mount flags(nosuid, noexec, nodev) must be set for tmpfs that any app can access.
Change-Id: Ib60e8876abe2641a3dde6caab83a60afca017375
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
florianjacob [Wed, 12 Jul 2017 14:01:10 +0000 (16:01 +0200)]
resolved: consider pointopoint links for local multicast (#6343)
Resolves #6313.
Lennart Poettering [Wed, 12 Jul 2017 14:00:44 +0000 (16:00 +0200)]
Revert "core: link user keyring to session keyring (#6275)" (#6342)
This reverts commit
437a85112e02042b62751395b9e7225628c1b708.
The outcome of this isn't that clear, let's revert this for now, see
discussion on #6286.
Lennart Poettering [Wed, 12 Jul 2017 07:28:20 +0000 (09:28 +0200)]
Merge pull request #6300 from keszybz/refuse-to-load-some-units
Refuse to load some units
Zbigniew Jędrzejewski-Szmek [Wed, 12 Jul 2017 07:25:59 +0000 (03:25 -0400)]
NEWS: say that libidn2 is experimental (#6335)
Handling of "_" and some other details requires more thought:
https://gitlab.com/libidn/libidn2/issues/30
Let's switch the default back to libidn and add a note in NEWS.
Lennart Poettering [Wed, 12 Jul 2017 07:25:09 +0000 (09:25 +0200)]
Merge pull request #6337 from poettering/more-new-v234
Let's try to release v234 tomorrow
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jul 2017 17:36:15 +0000 (13:36 -0400)]
man: add warnings that Private*= settings are not always applied
Zbigniew Jędrzejewski-Szmek [Thu, 6 Jul 2017 17:54:42 +0000 (13:54 -0400)]
core/load-fragment: refuse units with errors in RootDirectory/RootImage/DynamicUser
Behaviour of the service is completely different with the option off, so the
service would probably mess up state on disk and do unexpected things.
Zbigniew Jędrzejewski-Szmek [Thu, 6 Jul 2017 17:28:19 +0000 (13:28 -0400)]
core/load-fragment: refuse units with errors in certain directives
If an error is encountered in any of the Exec* lines, WorkingDirectory,
SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
units), User, or Group, refuse to load the unit. If the config stanza
has support, ignore the failure if '-' is present.
For those configuration directives, even if we started the unit, it's
pretty likely that it'll do something unexpected (like write files
in a wrong place, or with a wrong context, or run with wrong permissions,
etc). It seems better to refuse to start the unit and have the admin
clean up the configuration without giving the service a chance to mess
up stuff.
Note that all "security" options that restrict what the unit can do
(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
only supplementary, and are not always available depending on the architecture
and compilation options, so unit authors have to make sure that the service
runs correctly without them anyway.
Fixes #6237, #6277.
Lennart Poettering [Tue, 11 Jul 2017 17:26:10 +0000 (19:26 +0200)]
hwdb: update hwdb again for v234
Lennart Poettering [Tue, 11 Jul 2017 17:17:58 +0000 (19:17 +0200)]
update NEWS file, let's try to release this tomorrow
Yu Watanabe [Tue, 11 Jul 2017 17:12:48 +0000 (02:12 +0900)]
time-util: make parse_timestamp() return -EINVAL if the input is very old date (#6327)
This reverts
7635ab8e74ea4a94e81143c3077570a986df375c and makes parse_timestamp()
return -EINVAL if the input is older than 1970-01-01.
Fixes #6290.
Colin Walters [Tue, 11 Jul 2017 16:48:57 +0000 (12:48 -0400)]
fstab-generator: Chase symlinks where possible (#6293)
This has a long history; see see
5261ba901845c084de5a8fd06500ed09bfb0bd80
which originally introduced the behavior. Unfortunately that commit
doesn't include any rationale, but IIRC the basic issue is that
systemd wants to model the real mount state as units, and symlinks
make canonicalization much more difficult.
At the same time, on a RHEL6 system (upstart), one can make e.g. `/home` a
symlink, and things work as well as they always did; but one doesn't have
access to the sophistication of mount units (dependencies, introspection, etc.)
Supporting symlinks here will hence make it easier for people to do upgrades to
RHEL7 and beyond.
The `/home` as symlink case also appears prominently for OSTree; see
https://ostree.readthedocs.io/en/latest/manual/adapting-existing/
Further work has landed in the nspawn case for this; see e.g.
d944dc9553009822deaddec76814f5642a6a8176
A basic limitation with doing this in the fstab generator (and that I hit while
doing some testing) is that we obviously can't chase symlinks into mounts,
since the generator runs early before mounts. Or at least - doing so would
require multiple passes over the fstab data (as well as looking at existing
mount units), and potentially doing multi-phase generation. I'm not sure it's
worth doing that without a real world use case. For now, this will fix at least
the OSTree + `/home` <https://bugzilla.redhat.com/show_bug.cgi?id=1382873> case
mentioned above, and in general anyone who for whatever reason has symlinks in
their `/etc/fstab`.
Yu Watanabe [Tue, 11 Jul 2017 15:30:29 +0000 (00:30 +0900)]
bootctl: allow non-root user to run `bootctl status` (#5964)
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jul 2017 15:25:26 +0000 (11:25 -0400)]
Merge pull request #6329 from poettering/random-mini-fixes
random-util.c mini fixes
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jul 2017 08:45:03 +0000 (04:45 -0400)]
systemd: do not stop units bound to inactive units while coldplugging (#6316)
When running systemd-analyze verify I would get a random subset of warnings
(sometimes none, sometimes one or two):
dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.swap: Unit is bound to inactive unit dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device. Stopping, too.
home.mount: Unit is bound to inactive unit dev-disk-by\x2duuid-
75751556\x2d6e31\x2d438b\x2d99c9\x2dd626330d9a1b.device. Stopping, too.
boot.mount: Unit is bound to inactive unit dev-disk-by\x2duuid-
56c56bfd\x2d93f0\x2d48fb\x2dbc4b\x2d90aa67144ea5.device. Stopping, too.
When running with debug on, it's pretty obvious what is happening:
home.mount: Changed dead -> mounted
home.mount: Unit is bound to inactive unit dev-disk-by\x2duuid-
75751556\x2d6e31\x2d438b\x2d99c9\x2dd626330d9a1b.device. Stopping, too.
home.mount: Trying to enqueue job home.mount/stop/fail
home.mount: Installed new job home.mount/stop as 27
home.mount: Enqueued job home.mount/stop as 27
...
dev-disk-by\x2duuid-
75751556\x2d6e31\x2d438b\x2d99c9\x2dd626330d9a1b.device: Installed new job dev-disk-by\x2duuid-
75751556\x2d6e31\x2d438b\x2d99c9\x2dd626330d9a1b.device/start as 47
dev-disk-by\x2duuid-
75751556\x2d6e31\x2d438b\x2d99c9\x2dd626330d9a1b.device: Changed dead -> plugged
dev-disk-by\x2duuid-
75751556\x2d6e31\x2d438b\x2d99c9\x2dd626330d9a1b.device: Job dev-disk-by\x2duuid-
75751556\x2d6e31\x2d438b\x2d99c9\x2dd626330d9a1b.device/start finished, result=done
Fixes #2206, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808151.
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jul 2017 08:42:21 +0000 (04:42 -0400)]
resolved: allow resolution of names which libidn2 considers invalid (#6315)
https://tools.ietf.org/html/rfc5891#section-4.2.3.1 says that
> The Unicode string MUST NOT contain "--" (two consecutive hyphens) in the third
> and fourth character positions and MUST NOT start or end with a "-" (hyphen).
This means that libidn2 refuses to encode such names.
Let's just resolve them without trying to use IDN.
projects / platform / upstream / systemd.git / log