platform/upstream/systemd.git
5 years agoMerge pull request #12221 from keszybz/test-cleanups
Lennart Poettering [Fri, 12 Apr 2019 09:02:54 +0000 (11:02 +0200)]
Merge pull request #12221 from keszybz/test-cleanups

Script indentation cleanups

5 years agoMerge pull request #12287 from keszybz/patches-for-coverity-warnings
Lennart Poettering [Fri, 12 Apr 2019 08:56:53 +0000 (10:56 +0200)]
Merge pull request #12287 from keszybz/patches-for-coverity-warnings

Patches for coverity warnings

5 years agoseccomp: check more error codes from seccomp_load()
Anita Zhang [Wed, 10 Apr 2019 23:08:41 +0000 (16:08 -0700)]
seccomp: check more error codes from seccomp_load()

We noticed in our tests that occasionally SystemCallFilter= would
fail to set and the service would run with no syscall filtering.
Most of the time the same tests would apply the filter and fail
the service as expected. While it's not totally clear why this happens,
we noticed seccomp_load() in the systemd code base would fail open for
all errors except EPERM and EACCES.

ENOMEM, EINVAL, and EFAULT seem like reasonable values to add to the
error set based on what I gather from libseccomp code and man pages:

-ENOMEM: out of memory, failed to allocate space for a libseccomp structure, or would exceed a defined constant
-EINVAL: kernel isn't configured to support the operations, args are invalid (to seccomp_load(), seccomp(), or prctl())
-EFAULT: addresses passed as args are invalid

5 years agocore: vodify one more call to mkdir
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 07:03:52 +0000 (09:03 +0200)]
core: vodify one more call to mkdir

CID #1400460.

5 years agotest-exec-util: do not call setenv with NULL arg
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 07:00:37 +0000 (09:00 +0200)]
test-exec-util: do not call setenv with NULL arg

The comment explains that $PATH might not be set in certain circumstances and
takes steps to handle this case. If we do that, let's assume that $PATH indeed
might be unset and not call setenv("PATH", NULL, 1). It is not clear from the
man page if that is allowed.

CID #1400497.

5 years agotest-env-util: allow $PATH to be unset
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 06:55:39 +0000 (08:55 +0200)]
test-env-util: allow $PATH to be unset

Coverity was unhappy, because it doesn't know that $PATH is pretty much always
set. But let's not assume that in the test. CID #1400496.

$ (unset PATH; build/test-env-util)
[1]    31658 segmentation fault (core dumped)  ( unset PATH; build/test-env-util; )

5 years agoCODING_STYLE: adjust indentation rules, and add note about config loading
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 12:14:45 +0000 (14:14 +0200)]
CODING_STYLE: adjust indentation rules, and add note about config loading

5 years agoshell-completion/zsh: add -*type*- headers
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 09:41:35 +0000 (11:41 +0200)]
shell-completion/zsh: add -*type*- headers

Since there's no file extension, emacs and other editors do not know that this is
supposed to be in shell syntax.

5 years agoshell-completion: use 4 space indentation too
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 09:39:14 +0000 (11:39 +0200)]
shell-completion: use 4 space indentation too

The same as in other places, indentation levels were all over the place.

5 years agoscripts: use 4 space indentation
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 12:10:42 +0000 (14:10 +0200)]
scripts: use 4 space indentation

We had all kinds of indentation: 2 sp, 3 sp, 4 sp, 8 sp, and mixed.
4 sp was the most common, in particular the majority of scripts under test/
used that. Let's standarize on 4 sp, because many commandlines are long and
there's a lot of nesting, and with 8sp indentation less stuff fits. 4 sp
also seems to be the default indentation, so this will make it less likely
that people will mess up if they don't load the editor config. (I think people
often use vi, and vi has no support to load project-wide configuration
automatically. We distribute a .vimrc file, but it is not loaded by default,
and even the instructions in it seem to discourage its use for security
reasons.)

Also remove the few vim config lines that were left. We should either have them
on all files, or none.

Also remove some strange stuff like '#!/bin/env bash', yikes.

5 years agotest: filter out messages when stripping binaries
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 13:06:34 +0000 (15:06 +0200)]
test: filter out messages when stripping binaries

We would get an error for every script, which is just noise.

5 years agoMerge pull request #12267 from keszybz/udev-settle-warning
Lennart Poettering [Thu, 11 Apr 2019 17:01:03 +0000 (19:01 +0200)]
Merge pull request #12267 from keszybz/udev-settle-warning

Udev settle warning

5 years agotree-wide: drop several missing_*.h and import relevant headers from kernel-5.0
Yu Watanabe [Wed, 10 Apr 2019 10:55:53 +0000 (19:55 +0900)]
tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0

5 years agoMerge pull request #12153 from benjarobin/killall-show-not-killed
Lennart Poettering [Thu, 11 Apr 2019 16:58:43 +0000 (18:58 +0200)]
Merge pull request #12153 from benjarobin/killall-show-not-killed

shutdown/killall: Show in the console the processes not yet killed

5 years agoMerge pull request #12226 from poettering/22bit-pids
Lennart Poettering [Thu, 11 Apr 2019 16:58:08 +0000 (18:58 +0200)]
Merge pull request #12226 from poettering/22bit-pids

sysctl: let's by default increase the numeric PID range from 2^16 to …

5 years agoMerge pull request #12037 from poettering/oom-state
Lennart Poettering [Thu, 11 Apr 2019 16:57:47 +0000 (18:57 +0200)]
Merge pull request #12037 from poettering/oom-state

add cgroupv2 oom killer event handling to service management

5 years agoMerge pull request #12219 from keszybz/bootctl-check-entries
Lennart Poettering [Thu, 11 Apr 2019 16:57:18 +0000 (18:57 +0200)]
Merge pull request #12219 from keszybz/bootctl-check-entries

bootctl: check entries when showing them

5 years agoNEWS: update contributors and date v242
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 16:28:36 +0000 (18:28 +0200)]
NEWS: update contributors and date

5 years agohwdb: mark Apple Magic Trackpads as external
Sebastian Krzyszkowiak [Thu, 11 Apr 2019 14:31:09 +0000 (16:31 +0200)]
hwdb: mark Apple Magic Trackpads as external

Applies only to USB - when connected via Bluetooth it already gets marked correctly.

5 years agofstab-generator: use DefaultDependencies=no for /sysroot mounts
Jonathan Lebon [Wed, 10 Apr 2019 21:28:15 +0000 (17:28 -0400)]
fstab-generator: use DefaultDependencies=no for /sysroot mounts

Otherwise we can end up with an ordering cycle. Since d54bab90, all
local mounts now gain a default `Before=local-fs.target` dependency.
This doesn't make sense for `/sysroot` mounts in the initrd though,
since those happen later in the boot process.

Closes: #12231

5 years agoMerge pull request #12279 from keszybz/sd-bus-long-signatures
Lennart Poettering [Thu, 11 Apr 2019 15:03:57 +0000 (17:03 +0200)]
Merge pull request #12279 from keszybz/sd-bus-long-signatures

sd-bus: properly handle messages with overlong signatures

5 years agoMerge pull request #12274 from poettering/nss-fixlets
Lennart Poettering [Thu, 11 Apr 2019 13:21:45 +0000 (15:21 +0200)]
Merge pull request #12274 from poettering/nss-fixlets

some nss module fixlets

5 years agosd-bus: add define for the maximum name length
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 12:07:22 +0000 (14:07 +0200)]
sd-bus: add define for the maximum name length

Less magic numbers in the code…

5 years agosd-bus: add define for the maximum signature length
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 12:02:59 +0000 (14:02 +0200)]
sd-bus: add define for the maximum signature length

Less magic numbers in the code…

5 years agobus-message: validate signature in gvariant messages
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 12:01:38 +0000 (14:01 +0200)]
bus-message: validate signature in gvariant messages

We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.

5 years agonss-resolve: list more errors as cause for fallback
Lennart Poettering [Thu, 11 Apr 2019 09:06:40 +0000 (11:06 +0200)]
nss-resolve: list more errors as cause for fallback

If dbus-daemon kicks us from the bus or hangs, we should fallback too.

Fixes: #12203

5 years agonss-resolve: simplify condition
Lennart Poettering [Thu, 11 Apr 2019 09:00:22 +0000 (11:00 +0200)]
nss-resolve: simplify condition

Of course, if the error is NXDOMAIN then it's not one of the errors
listed for fallback, hence don't bother...

5 years agonss-mymachines: return NO_RECOVERY instead of NO_DATA when we fail to do D-Bus and...
Lennart Poettering [Wed, 10 Apr 2019 19:56:37 +0000 (21:56 +0200)]
nss-mymachines: return NO_RECOVERY instead of NO_DATA when we fail to do D-Bus and similar

This makes more semantical sense and is what we do in nss-resolve in a
similar case, hence let's remove the differences here.

5 years agonss-myhostname: unify code that handles NOT_FOUND case
Lennart Poettering [Wed, 10 Apr 2019 19:40:49 +0000 (21:40 +0200)]
nss-myhostname: unify code that handles NOT_FOUND case

Just some minor rework to make this more like nss-resolve.

5 years agonss-resolve: resue a jump target
Lennart Poettering [Wed, 10 Apr 2019 19:57:44 +0000 (21:57 +0200)]
nss-resolve: resue a jump target

We can reuse "fail" here, since it does the same thing.

5 years agonss-resolve: return error properly
Lennart Poettering [Wed, 10 Apr 2019 19:27:16 +0000 (21:27 +0200)]
nss-resolve: return error properly

5 years agonss-resolve: drop unnecessary variable
Lennart Poettering [Wed, 10 Apr 2019 19:26:46 +0000 (21:26 +0200)]
nss-resolve: drop unnecessary variable

We assign the same value to "ret" always, let's just return the value
literally.

5 years agoMerge pull request #12271 from poettering/errno-accept-again
Lennart Poettering [Thu, 11 Apr 2019 08:22:46 +0000 (10:22 +0200)]
Merge pull request #12271 from poettering/errno-accept-again

accept() errno fixes

5 years agotest: make directory for drop-in config
Yu Watanabe [Thu, 11 Apr 2019 06:38:32 +0000 (15:38 +0900)]
test: make directory for drop-in config

Follow-up for a2fbac5875776e9e327f30cf2a8b3070a4c1552a.

5 years agoMerge pull request #12270 from yuwata/test-set-longer-timeout
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 06:31:14 +0000 (08:31 +0200)]
Merge pull request #12270 from yuwata/test-set-longer-timeout

test: set longer timeout

5 years agotree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call
Lennart Poettering [Wed, 10 Apr 2019 17:50:53 +0000 (19:50 +0200)]
tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call

5 years agotest: set longer watchdog timeout for timedated
Yu Watanabe [Wed, 10 Apr 2019 17:27:42 +0000 (02:27 +0900)]
test: set longer watchdog timeout for timedated

5 years agoerrno-util: add new ERRNO_IS_ACCEPT_AGAIN() test
Lennart Poettering [Wed, 10 Apr 2019 17:40:40 +0000 (19:40 +0200)]
errno-util: add new ERRNO_IS_ACCEPT_AGAIN() test

This is modelled after the existing ERRNO_IS_RESOURCES() and in
particular ERRNO_IS_DISCONNECT(). It returns true for all transient
network errors that should be handled like EAGAIN whenever we call
accept() or accept4(). This is per documentation in the accept(2) man
page that explicitly says to do so in the its "RETURN VALUE" section.

The error list we cover is a bit more comprehensive, and based on
existing code of ours. For example EINTR is included too (since we need
that to cover cases where we call accept()/accept4() on a blocking
socket), and of course ERRNO_IS_DISCONNECT() is a bit more comprehensive
than the list in the man page too.

5 years agoerrno-util: rework ERRNO_IS_RESOURCE() from macro into static inline function
Lennart Poettering [Wed, 10 Apr 2019 17:39:12 +0000 (19:39 +0200)]
errno-util: rework ERRNO_IS_RESOURCE() from macro into static inline function

No technical reason, except that later on we want to add a new
ERRNO_IS() which uses the parameter twice and where we want to avoid
double evaluation, and where we'd like to keep things in the same style.

5 years agoerrno-util: add three more error codes to ERRNO_IS_DISCONNECT()
Lennart Poettering [Wed, 10 Apr 2019 17:38:37 +0000 (19:38 +0200)]
errno-util: add three more error codes to ERRNO_IS_DISCONNECT()

This is based on the recommendations in accept4() and the listed error
codes there.

5 years agotree-wide: voidify some socket calls
Lennart Poettering [Wed, 10 Apr 2019 17:37:36 +0000 (19:37 +0200)]
tree-wide: voidify some socket calls

5 years agolgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC]
Lennart Poettering [Wed, 10 Apr 2019 17:36:40 +0000 (19:36 +0200)]
lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC]

5 years agocore/killall: Add documentation about broadcast_signal()
Benjamin Robin [Mon, 8 Apr 2019 18:01:12 +0000 (20:01 +0200)]
core/killall: Add documentation about broadcast_signal()

5 years agocore/killall: Log the process names not killed after 10s
Benjamin Robin [Sat, 6 Apr 2019 16:40:44 +0000 (18:40 +0200)]
core/killall: Log the process names not killed after 10s

5 years agoshutdown: Bump sysctl kernel.printk log level in order to see info msg
Benjamin Robin [Wed, 3 Apr 2019 19:00:01 +0000 (21:00 +0200)]
shutdown: Bump sysctl kernel.printk log level in order to see info msg

5 years agotest: set longer timeout for 'udevadm control'
Yu Watanabe [Wed, 10 Apr 2019 17:27:15 +0000 (02:27 +0900)]
test: set longer timeout for 'udevadm control'

5 years agosystemd-udev-settle.service: emit deprecation notice
Zbigniew Jędrzejewski-Szmek [Wed, 10 Apr 2019 09:52:47 +0000 (11:52 +0200)]
systemd-udev-settle.service: emit deprecation notice

5 years agonetwork: fix use-of-uninitialized-value or null dereference
Yu Watanabe [Wed, 10 Apr 2019 05:26:23 +0000 (14:26 +0900)]
network: fix use-of-uninitialized-value or null dereference

This fixes a bug introduced by 6ef5c881dd5568f08dc35013e24f7d857f36b207.

Fixes oss-fuzz#14157 and oss-fuzz#14158.

5 years agoman: add a page for systemd-udev-settle.service
Zbigniew Jędrzejewski-Szmek [Wed, 10 Apr 2019 08:12:43 +0000 (10:12 +0200)]
man: add a page for systemd-udev-settle.service

5 years agoUpdate UEFI URLs (#12260)
Paul Menzel [Tue, 9 Apr 2019 16:37:46 +0000 (18:37 +0200)]
Update UEFI URLs (#12260)

* Use more secure https://www.uefi.org

http://www.uefi.org directs to https://uefi.org/, so this saves one
redirect.

    $ curl -I http://www.uefi.org
    HTTP/1.1 302 Found
    Server: nginx
    Date: Tue, 09 Apr 2019 14:54:46 GMT
    Content-Type: text/html; charset=iso-8859-1
    Connection: keep-alive
    X-Content-Type-Options: nosniff
    Location: https://uefi.org/
    Cache-Control: max-age=1209600
    Expires: Tue, 23 Apr 2019 14:54:46 GMT

Run the command below to update all occurrences.

    git grep -l http://www.uefi.org | xargs sed -i 's,http://www.uefi.org,https://www.uefi.org,'

* Use https://uefi.org to save redirect

Save one redirect by using the target location.

    $ curl -I https://www.uefi.org
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Tue, 09 Apr 2019 14:55:42 GMT
    Content-Type: text/html; charset=iso-8859-1
    Connection: keep-alive
    X-Content-Type-Options: nosniff
    Location: https://uefi.org/
    Cache-Control: max-age=1209600
    Expires: Tue, 23 Apr 2019 14:55:42 GMT

Run the command below to update all occurrences.

    git grep -l https://www.uefi.org | xargs sed -i 's,https://www.uefi.org,https://uefi.org,'

5 years agoMerge pull request #12252 from keszybz/libmount-dont-unescape
Zbigniew Jędrzejewski-Szmek [Tue, 9 Apr 2019 09:56:52 +0000 (11:56 +0200)]
Merge pull request #12252 from keszybz/libmount-dont-unescape

Don't unescape paths from libmount

5 years agosysctl: let's by default increase the numeric PID range from 2^16 to 2^22
Lennart Poettering [Fri, 5 Apr 2019 13:38:16 +0000 (15:38 +0200)]
sysctl: let's by default increase the numeric PID range from 2^16 to 2^22

This should PID collisions a tiny bit less likely, and thus improve
security and robustness.

2^22 isn't particularly a lot either, but it's the current kernel
limitation.

Bumping this limit was suggested by Linus himself:

https://lwn.net/ml/linux-kernel/CAHk-=wiZ40LVjnXSi9iHLE_-ZBsWFGCgdmNiYZUXn1-V5YBg2g@mail.gmail.com/

Let's experiment with this in systemd upstream first. Downstreams and
users can after all still comment this easily.

Besides compat concern the most often heard issue with such high PIDs is
usability, since they are potentially hard to type. I am not entirely sure though
whether 4194304 (as largest new PID) is that much worse to type or to
copy than 65563.

This should also simplify management of per system tasks limits as by
this move the sysctl /proc/sys/kernel/threads-max becomes the primary
knob to control how many processes to have in parallel.

5 years agoupdate TODO
Lennart Poettering [Tue, 19 Mar 2019 19:16:29 +0000 (20:16 +0100)]
update TODO

5 years agotest: add test case for new OOM logic
Lennart Poettering [Tue, 19 Mar 2019 18:54:46 +0000 (19:54 +0100)]
test: add test case for new OOM logic

5 years agoman: document new OOMPolicy= setting
Lennart Poettering [Tue, 19 Mar 2019 18:54:08 +0000 (19:54 +0100)]
man: document new OOMPolicy= setting

5 years agocatalog: add a new catalog entry explaining the new OOM killer event log msg
Lennart Poettering [Tue, 19 Mar 2019 18:14:53 +0000 (19:14 +0100)]
catalog: add a new catalog entry explaining the new OOM killer event log msg

5 years agocore: implement OOMPolicy= and watch cgroups for OOM killings
Lennart Poettering [Tue, 19 Mar 2019 18:05:19 +0000 (19:05 +0100)]
core: implement OOMPolicy= and watch cgroups for OOM killings

This adds a new per-service OOMPolicy= (along with a global
DefaultOOMPolicy=) that controls what to do if a process of the service
is killed by the kernel's OOM killer. It has three different values:
"continue" (old behaviour), "stop" (terminate the service), "kill" (let
the kernel kill all the service's processes).

On top of that, track OOM killer events per unit: generate a per-unit
structured, recognizable log message when we see an OOM killer event,
and put the service in a failure state if an OOM killer event was seen
and the selected policy was not "continue". A new "result" is defined
for this case: "oom-kill".

All of this relies on new cgroupv2 kernel functionality: the
"memory.events" notification interface and the "memory.oom.group"
attribute (which makes the kernel kill all cgroup processes
automatically).

5 years agoservice: beautify debug log message a bit
Lennart Poettering [Tue, 19 Mar 2019 16:28:02 +0000 (17:28 +0100)]
service: beautify debug log message a bit

5 years agocore: rename cgroup_inotify_wd → cgroup_control_inotify_wd
Lennart Poettering [Tue, 19 Mar 2019 16:17:31 +0000 (17:17 +0100)]
core: rename cgroup_inotify_wd → cgroup_control_inotify_wd

Let's rename the .cgroup_inotify_wd field of the Unit object to
.cgroup_control_inotify_wd. Let's similarly rename the hashmap
.cgroup_inotify_wd_unit of the Manager object to
.cgroup_control_inotify_wd_unit.

Why? As preparation for a later commit that allows us to watch the
"memory.events" cgroup attribute file in addition to the "cgroup.events"
file we already watch with the fields above. In that later commit we'll
add new fields "cgroup_memory_inotify_wd" to Unit and
"cgroup_memory_inotify_wd_unit" to Manager, that are used to watch these
other events file.

No change in behaviour. Just some renaming.

5 years agocore: check for redundant operation before doing allocation
Lennart Poettering [Tue, 19 Mar 2019 12:01:12 +0000 (13:01 +0100)]
core: check for redundant operation before doing allocation

5 years agocore: rearrange cgroup empty events a bit
Lennart Poettering [Mon, 18 Mar 2019 19:21:11 +0000 (20:21 +0100)]
core: rearrange cgroup empty events a bit

So far the priorities for cgroup empty event handling were pretty weird.
The raw events (on cgroupsv2 from inotify, on cgroupsv1 from the agent
dgram socket) where scheduled at a lower priority than the cgroup empty
queue dispatcher. Let's swap that and ensure that we can coalesce events
more agressively: let's process the raw events at higher priority than
the cgroup empty event (which remains at the same prio).

5 years agoMerge pull request #12223 from yuwata/network-wireguard-preshared-key-file
Zbigniew Jędrzejewski-Szmek [Tue, 9 Apr 2019 08:52:52 +0000 (10:52 +0200)]
Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file

network: add PresharedKeyFile= setting and make reading key file failure fatal

5 years agopid1,shutdown: do not cunescape paths from libmount
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 08:17:03 +0000 (10:17 +0200)]
pid1,shutdown: do not cunescape paths from libmount

The test added in previous commit shows that libmount does the unescaping
internally.

5 years agotest-libmount: let's see how libmount parses stuff
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 07:43:12 +0000 (09:43 +0200)]
test-libmount: let's see how libmount parses stuff

With libmount-2.33.1-3.fc30.x86_64 I get:
/* test_libmount_unescaping_one escaped space + utf8 */
from '729 38 0:59 / /tmp/\342\200\236zupa\\040z\304\231bowa\342\200\235 rw,relatime shared:395 - tmpfs die\\040Br\303\274he rw,seclabel'
source: 'die Brühe'
source: 'die Br\303\274he'
source: 'die Brühe'
expected: 'die Brühe'
target: '/tmp/„zupa zębowa”'
target: '/tmp/\342\200\236zupa z\304\231bowa\342\200\235'
target: '/tmp/„zupa zębowa”'
expected: '/tmp/„zupa zębowa”'
/* test_libmount_unescaping_one escaped newline */
from '729 38 0:59 / /tmp/x\\012y rw,relatime shared:395 - tmpfs newline rw,seclabel'
source: 'newline'
source: 'newline'
source: 'newline'
expected: 'newline'
target: '/tmp/x
y'
target: '/tmp/x\ny'
target: '/tmp/x
y'
expected: '/tmp/x
y'
/* test_libmount_unescaping_one empty source */
from '760 38 0:60 / /tmp/emptysource rw,relatime shared:410 - tmpfs  rw,seclabel'
source: ''
source: ''
source: ''
expected: ''
target: '/tmp/emptysource'
target: '/tmp/emptysource'
target: '/tmp/emptysource'
expected: '/tmp/emptysource'
/* test_libmount_unescaping_one foo\rbar */
from '790 38 0:61 / /tmp/foo\rbar rw,relatime shared:425 - tmpfs tmpfs rw,seclabel'
source: 'tmpfs'
source: 'tmpfs'
source: 'tmpfs'
expected: 'tmpfs'
target: '/tmp/foo'
target: '/tmp/foo'
target: '/tmp/foo'
expected: 'n/a'

With https://github.com/karelzak/util-linux/issues/780 fixed, we get

/* test_libmount_unescaping_one foo\rbar */
from '790 38 0:61 / /tmp/foo\rbar rw,relatime shared:425 - tmpfs tmpfs rw,seclabel'
source: 'tmpfs'
source: 'tmpfs'
source: 'tmpfs'
expected: 'tmpfs'
target: '/tmp/foo
bar'
target: '/tmp/foo\rbar'
target: '/tmp/foo
bar'
expected: '/tmp/foo
bar'

5 years agol10n: Updated Lithuanian translation
welaq [Mon, 8 Apr 2019 19:03:26 +0000 (22:03 +0300)]
l10n: Updated Lithuanian translation

5 years agoNEWS: mention PresharedKeyFile=
Yu Watanabe [Mon, 8 Apr 2019 15:13:56 +0000 (00:13 +0900)]
NEWS: mention PresharedKeyFile=

5 years agotest-network: add tests for WireGuardPeer.PresharedKey= and PresharedKeyFile=
Yu Watanabe [Fri, 5 Apr 2019 08:52:29 +0000 (17:52 +0900)]
test-network: add tests for WireGuardPeer.PresharedKey= and PresharedKeyFile=

5 years agonetwork: make wireguard_decode_key_and_warn() take uint8_t buf[static WG_KEY_LEN]
Yu Watanabe [Mon, 8 Apr 2019 15:11:43 +0000 (00:11 +0900)]
network: make wireguard_decode_key_and_warn() take uint8_t buf[static WG_KEY_LEN]

5 years agonetwork: warn when wireguard keys are stored in world readable files
Yu Watanabe [Sun, 7 Apr 2019 18:48:57 +0000 (03:48 +0900)]
network: warn when wireguard keys are stored in world readable files

5 years agonetwork: add WireGuardPeer.PresharedKeyFile= setting
Yu Watanabe [Fri, 5 Apr 2019 08:33:09 +0000 (17:33 +0900)]
network: add WireGuardPeer.PresharedKeyFile= setting

5 years agonetwork: clear wireguard keys on failure or on exit
Yu Watanabe [Sun, 7 Apr 2019 17:48:02 +0000 (02:48 +0900)]
network: clear wireguard keys on failure or on exit

5 years agonetwork: make reading PrivateKeyFile= failure always fatal
Yu Watanabe [Fri, 5 Apr 2019 08:28:46 +0000 (17:28 +0900)]
network: make reading PrivateKeyFile= failure always fatal

This also refactor wireguard_read_key_file().

5 years agofileio: add READ_FULL_FILE_UNBASE64 flag for read_full_file_full()
Yu Watanabe [Mon, 8 Apr 2019 14:40:22 +0000 (23:40 +0900)]
fileio: add READ_FULL_FILE_UNBASE64 flag for read_full_file_full()

5 years agofileio: read_full_file_full() also warns when file is world readable and secure flag...
Yu Watanabe [Mon, 8 Apr 2019 05:15:10 +0000 (14:15 +0900)]
fileio: read_full_file_full() also warns when file is world readable and secure flag is set

5 years agofileio: introduce warn_file_is_world_accessible()
Yu Watanabe [Sun, 7 Apr 2019 18:48:30 +0000 (03:48 +0900)]
fileio: introduce warn_file_is_world_accessible()

5 years agoutil: introduce READ_FULL_FILE_SECURE flag for reading secure data
Yu Watanabe [Sun, 7 Apr 2019 17:22:40 +0000 (02:22 +0900)]
util: introduce READ_FULL_FILE_SECURE flag for reading secure data

5 years agoMerge pull request #12241 from keszybz/two-man-link-additions
Zbigniew Jędrzejewski-Szmek [Mon, 8 Apr 2019 19:58:11 +0000 (21:58 +0200)]
Merge pull request #12241 from keszybz/two-man-link-additions

Two man link additions

5 years agocore/killall: Propagate errors and return the number of process left
Benjamin Robin [Wed, 3 Apr 2019 17:20:12 +0000 (19:20 +0200)]
core/killall: Propagate errors and return the number of process left

5 years agoinhibit: fix argv[] usage
Lennart Poettering [Mon, 8 Apr 2019 12:55:41 +0000 (14:55 +0200)]
inhibit: fix argv[] usage

Another fix in style of ed179fd71030ddd657500591dac37e7499fc7b2c and
bd169c2be0fbdaf6eb2ea7951e650d5e5983fbf6..

I hope we are soon complete with these.

Fixes: #12246

5 years agoNEWS: add mention of time-set.target
Zbigniew Jędrzejewski-Szmek [Mon, 8 Apr 2019 13:45:45 +0000 (15:45 +0200)]
NEWS: add mention of time-set.target

5 years agoman: add a lengthy example for NamePolicy= debugging
Zbigniew Jędrzejewski-Szmek [Mon, 8 Apr 2019 07:20:16 +0000 (09:20 +0200)]
man: add a lengthy example for NamePolicy= debugging

This is still rather opaque, and test-builtin is quite useful in this
case, let's advertise it a bit more.

5 years agoman: say that .link NamePolicy= should be empty for Name= to take effect
Zbigniew Jędrzejewski-Szmek [Mon, 8 Apr 2019 06:59:45 +0000 (08:59 +0200)]
man: say that .link NamePolicy= should be empty for Name= to take effect

The description of NamePolicy= implied this, but didn't spell it out. It's a
very common use case, so let's add a bit of explanation and ehance the example
a bit.

Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1695894.

5 years agoMerge pull request #12244 from poettering/242-news-final
Lennart Poettering [Mon, 8 Apr 2019 13:31:31 +0000 (15:31 +0200)]
Merge pull request #12244 from poettering/242-news-final

final 242 NEWS tweaks + another hwdb update

5 years agoman: add references from the .mount and .service man pages to systemd-{mount,run...
Lennart Poettering [Mon, 8 Apr 2019 13:17:23 +0000 (15:17 +0200)]
man: add references from the .mount and .service man pages to systemd-{mount,run} pages

Fixes: #12235

5 years agoMerge pull request #12245 from poettering/empty-or-dash
Zbigniew Jędrzejewski-Szmek [Mon, 8 Apr 2019 13:22:44 +0000 (15:22 +0200)]
Merge pull request #12245 from poettering/empty-or-dash

introduce empty_or_dash() helper

5 years agoman: elaborate on fd ownership in sd_event_add_io(3)
Lennart Poettering [Mon, 8 Apr 2019 12:43:37 +0000 (14:43 +0200)]
man: elaborate on fd ownership in sd_event_add_io(3)

Replaces: #12239

5 years agounits: add time-set.target
Peter A. Bigot [Mon, 30 Apr 2018 12:05:29 +0000 (07:05 -0500)]
units: add time-set.target

time-sync.target is supposed to indicate system clock is synchronized
with a remote clock, but as used through 241 it only provided a system
clock that was updated based on a locally-maintained timestamp.  Systems
that are powered off for extended periods would not come up with
accurate time.

Retain the existing behavior using a new time-set.target leaving
time-sync.target for cases where accuracy is required.

Closes #8861

5 years agococcinelle: add coccinelle script for empty_or_dash() use
Lennart Poettering [Mon, 8 Apr 2019 12:31:15 +0000 (14:31 +0200)]
coccinelle: add coccinelle script for empty_or_dash() use

5 years agoman/systemd-sysusers: Fix typo in *from* to *form*
Paul Menzel [Mon, 8 Apr 2019 08:53:55 +0000 (10:53 +0200)]
man/systemd-sysusers: Fix typo in *from* to *form*

5 years agobasic: add new helper call empty_or_dash_to_null()
Lennart Poettering [Mon, 8 Apr 2019 10:11:11 +0000 (12:11 +0200)]
basic: add new helper call empty_or_dash_to_null()

We have a function like this at two places already. Let's unify it in
one generic location and let's port a number of users over.

5 years agotree-wide: introduce empty_or_dash() helper
Lennart Poettering [Mon, 8 Apr 2019 10:03:33 +0000 (12:03 +0200)]
tree-wide: introduce empty_or_dash() helper

At quite a few places we check isempty() || streq(…, "-"), let's add a
helper to simplify that, and replace that by a single function call.

5 years agohwdb: update hwdb
Lennart Poettering [Mon, 8 Apr 2019 09:42:10 +0000 (11:42 +0200)]
hwdb: update hwdb

5 years agoupdate NEWS for 242 final
Lennart Poettering [Mon, 8 Apr 2019 09:35:45 +0000 (11:35 +0200)]
update NEWS for 242 final

5 years agoMerge pull request #12238 from keszybz/one-genuine-bugfix+lots-of-line-wrapping
Lennart Poettering [Mon, 8 Apr 2019 09:19:34 +0000 (11:19 +0200)]
Merge pull request #12238 from keszybz/one-genuine-bugfix+lots-of-line-wrapping

One genuine bugfix and lots of line wrapping

5 years agopam-systemd: use secure_getenv() rather than getenv()
Lennart Poettering [Mon, 4 Feb 2019 09:23:43 +0000 (10:23 +0100)]
pam-systemd: use secure_getenv() rather than getenv()

And explain why in a comment.

5 years agoman: correct units path usage according to FHS (#11388)
Jonas DOREL [Mon, 8 Apr 2019 06:19:58 +0000 (08:19 +0200)]
man: correct units path usage according to FHS (#11388)

According to the Filesystem Hierarchy Standard, "The /usr/local hierarchy is for use by the system administrator when installing software locally. It needs to be safe from being overwritten when the system software is updated". So it should not be used by installed packages.

5 years agosysusers: use return_error_errno() where possible
Zbigniew Jędrzejewski-Szmek [Sun, 7 Apr 2019 20:00:11 +0000 (22:00 +0200)]
sysusers: use return_error_errno() where possible

5 years agosysusers: add missing initalizer
Zbigniew Jędrzejewski-Szmek [Sun, 7 Apr 2019 19:37:18 +0000 (21:37 +0200)]
sysusers: add missing initalizer

I assume that this is the error causing the invalid free in
https://bugzilla.redhat.com/show_bug.cgi?id=1670679.

5 years agologind: linewrap some long lines and remove unnecessary conditional
Zbigniew Jędrzejewski-Szmek [Sun, 7 Apr 2019 18:51:44 +0000 (20:51 +0200)]
logind: linewrap some long lines and remove unnecessary conditional

5 years agoutil: extend unbase64mem() to accept secure flag
Yu Watanabe [Sun, 7 Apr 2019 18:41:03 +0000 (03:41 +0900)]
util: extend unbase64mem() to accept secure flag

When the flag is set, buffer is cleared on failure.