platform/upstream/systemd.git
6 years agoman: it appears the description of async signal safety has its own man page now
Lennart Poettering [Tue, 23 Jan 2018 18:09:54 +0000 (19:09 +0100)]
man: it appears the description of async signal safety has its own man page now

Let's refer to the new page.

6 years agojournal: cast to (void) where we knowingly ignore syscall returns
Lennart Poettering [Tue, 23 Jan 2018 18:07:06 +0000 (19:07 +0100)]
journal: cast to (void) where we knowingly ignore syscall returns

6 years agoman: document explicitly that sd_journal_stream_fd() never shares fds
Lennart Poettering [Tue, 23 Jan 2018 18:06:21 +0000 (19:06 +0100)]
man: document explicitly that sd_journal_stream_fd() never shares fds

Also, clarify that O_NONBLOCK is turned off and that the fd is only
half-open.

6 years agoMerge pull request #7834 from jkloetzke/disable-watchdog
Lennart Poettering [Tue, 23 Jan 2018 14:58:17 +0000 (15:58 +0100)]
Merge pull request #7834 from jkloetzke/disable-watchdog

core: add "disable watchdog " function

6 years agoMerge pull request #7940 from sourcejedi/mount
Lennart Poettering [Tue, 23 Jan 2018 12:45:24 +0000 (13:45 +0100)]
Merge pull request #7940 from sourcejedi/mount

mount rationalization

6 years agosd-dhcp6-client: Fix DHCPv6 client file descriptor handling
Patrik Flykt [Tue, 23 Jan 2018 10:34:31 +0000 (12:34 +0200)]
sd-dhcp6-client: Fix DHCPv6 client file descriptor handling

The DHCPv6 client will set its state to DHCP6_STATE_STOPPED if
an error occurs or when receiving an Information Reply DHCPv6
message. Once in DHCP6_STATE_STOPPED, the DHCPv6 client needs
to be restarted by calling sd_dhcp6_client_start().

As of pull request #7796 client_reset() no longer closes the
network socket, thus a call to sd_dhcp6_client_start() needs to
check whether the file descriptor already exists in order not to
create a new one. Likewise, a call to sd_dhcp6_client_unref()
must now close the network socket as client_reset() is not
closing it.

Reported by asavah and Yu Watanabe.

6 years agomount: don't consider activated until /sbin/mount returns
Alan Jenkins [Sat, 20 Jan 2018 20:12:09 +0000 (20:12 +0000)]
mount: don't consider activated until /sbin/mount returns

So far, we considered mount units activated as soon as the mount
appeared.  This avoided seeing a difference between mounts started by
systemd, and e.g. by running `mount` from a terminal.
(`umount` was not handled this way).

However in some cases, options passed to `mount` require additional
system calls after the mount is successfully created.  E.g. the
`private` mount option, or the `ro` option on bind mounts.
It seems best to wait for mount to finish doing that.  E.g. in
the `private` case, the current behaviour could theoretically cause
non-deterministic results, as child mounts inherit the
private/shared propagation setting from their parent.

This also avoids a special case in mount_reload().

6 years agomount: clarify that umount retries do not (anymore) allow multiple timeouts
Alan Jenkins [Mon, 22 Jan 2018 17:42:25 +0000 (17:42 +0000)]
mount: clarify that umount retries do not (anymore) allow multiple timeouts

It _looks_ as if, back when we used to retry unsuccessful calls to umount,
this would have inflated the effective timeout.  Multiplying it by
RETRY_UMOUNT_MAX.  Which is set to 32.

I'm surprised if it's true: I would have expected it to be noticed during
the work on NFS timeouts.  But I can't see what would have stopped it.

Clarify that I do not expect this to happen anymore.  I think each
individual umount call is allowed up to the full timeout, but if umount
ever exited with a signal status, we would stop retrying.

To be extra clear, make sure that we do not retry in the event that umount
perversely returned EXIT_SUCCESS after receiving SIGTERM.

6 years agomount: mountinfo event is supposed to always arrive before SIGCHLD
Alan Jenkins [Sat, 20 Jan 2018 20:05:52 +0000 (20:05 +0000)]
mount: mountinfo event is supposed to always arrive before SIGCHLD

"Due to the io event priority logic we can be sure the new mountinfo is
loaded before we process the SIGCHLD for the mount command."

I think this is a reasonable expectation.  But if it works, then the
other comment must be false:

"Note that mount(8) returning and the kernel sending us a mount table
change event might happen out-of-order."

Therefore we can clean up the code for the latter.

If this is working as advertised, then we can make sure that mount units
fail if the mount we thought we were creating did not actually appear,
due to races or trickery (or because /sbin/mount did something unexpected
despite returning EXIT_SUCCESS).

Include a specific warning message for this failure.

If we give up when the mount point is still mounted after 32 successful
calls to /sbin/umount, that seems a fairly similar case.  So make that
message a LOG_WARN as well (not LOG_DEBUG). Also, this was recently changed to only
retry while umount is returning EXIT_SUCCESS; in that case in particular
there would be no other messages in the log to suggest what had happened.

6 years agohwdb: map zoomin/out keys to up/down
Martin Pitt [Mon, 22 Jan 2018 20:17:08 +0000 (21:17 +0100)]
hwdb: map zoomin/out keys to up/down

Some keyboards come with a zoom see-saw or rocker which until now got
mapped to the Linux "zoomin/out" keys in hwdb. However, these keycodes
are not recognized by any major desktop. They now produce Up/Down key
events so that they can be used for scrolling.

The internet is full of instructions how to "unbreak" these keys, e. g.

  https://askubuntu.com/questions/471802/make-the-zoom-slider-of-microsoft-natural-ergonomic-keyboard-4000-and-7000-scrol
  https://unix.stackexchange.com/questions/322075/how-to-get-ms-natural-ergonomic-4000-slider-work-on-linux-mint

So let's make it official. But keep their physical meaning in comments
in case desktops start to do something useful with them at some point.

Thanks to Finn Christiansen for the original patch!

Replaces #6953

6 years agohwdb: Add Microsoft Sculpt Comfort Mouse data (#7946)
Maciej S. Szmigiero [Tue, 23 Jan 2018 05:25:24 +0000 (06:25 +0100)]
hwdb: Add Microsoft Sculpt Comfort Mouse data (#7946)

This adds measured Microsoft Sculpt Comfort (Bluetooth) Mouse data to hwdb.

6 years agoresolve: Adjust and unify D-Bus call timeout (#7847)
ott [Tue, 23 Jan 2018 00:53:31 +0000 (01:53 +0100)]
resolve: Adjust and unify D-Bus call timeout (#7847)

DNS queries have a timeout of DNS_TRANSACTION_ATTEMPTS_MAX *
DNS_TIMEOUT_MAX_USEC = 120 s. Calls to the ResolveHostname method of
the org.freedesktop.resolve1.Manager interface have various call
timeouts that are smaller than 120 s. So it seems correct to adjust
the call timeout to the maximum query timeout and to unify the call
timeout among all callers.

A timeout of 120 s might seem large, in particular since BIND does seem
to have a query timeout of 10 s. However, it seems match the timeout
value of 120 s of Unbound. Moreover, the query and timeout handling of
resolve have problems and might be improved in the future, so this
change is at best an interim solution.

6 years agohwdb: Added sensor geometry for Jumper EZpad 6 Pro (#7955)
lbernstone [Tue, 23 Jan 2018 00:51:11 +0000 (17:51 -0700)]
hwdb: Added sensor geometry for Jumper EZpad 6 Pro (#7955)

6 years agoloopback-setup: update log message (#7956)
Yu Watanabe [Tue, 23 Jan 2018 00:50:30 +0000 (09:50 +0900)]
loopback-setup: update log message (#7956)

This makes not log "Failed to ..." when each operation succeeds.

Fixes #7930.

6 years agohwdb: readded accelerometer orientation entry for AsusTek TP500LB (#7958)
Gianluca Boiano [Tue, 23 Jan 2018 00:50:09 +0000 (01:50 +0100)]
hwdb: readded accelerometer orientation entry for AsusTek TP500LB (#7958)

6 years agohwdb: add Ideazon Zboard Merc and Ideazon Zboard Fang (#6954)
Olivier Schwander [Mon, 22 Jan 2018 20:41:11 +0000 (21:41 +0100)]
hwdb: add Ideazon Zboard Merc and Ideazon Zboard Fang (#6954)

6 years agobash-completion: systemd-analyze: add service-watchdogs verb
Jan Klötzke [Mon, 22 Jan 2018 20:39:57 +0000 (21:39 +0100)]
bash-completion: systemd-analyze: add service-watchdogs verb

6 years agoMerge pull request #7719 from gdamjan/efistub-LoaderImageIdentifier
Lennart Poettering [Mon, 22 Jan 2018 19:41:22 +0000 (20:41 +0100)]
Merge pull request #7719 from gdamjan/efistub-LoaderImageIdentifier

EFI stub: add LoaderImageIdentifier, LoaderFirmwareInfo, LoaderFirmwareType and StubInfo

6 years agoMerge pull request #7952 from poettering/tmpfiles-tweaks
Lennart Poettering [Mon, 22 Jan 2018 19:33:40 +0000 (20:33 +0100)]
Merge pull request #7952 from poettering/tmpfiles-tweaks

Some tmpfiles tweaks

6 years agosystemctl: replace manual GetAll call with bus_map_all_properties() in unit_exists()
Reverend Homer [Mon, 22 Jan 2018 15:04:44 +0000 (18:04 +0300)]
systemctl: replace manual GetAll call with bus_map_all_properties() in unit_exists()

6 years agofix reload propagation for device alias
Jérémy Rosen [Sat, 6 Jan 2018 21:55:22 +0000 (22:55 +0100)]
fix reload propagation for device alias

udev-made .device aliases are not normal alias

They are full-fledged units which are linked to
the same sysfs path

we need to explicitely propagate reload to all
alias

6 years agosystemd-analyze: add service-watchdogs verb
Jan Klötzke [Thu, 11 Jan 2018 09:44:38 +0000 (10:44 +0100)]
systemd-analyze: add service-watchdogs verb

New debug verb that enables or disables the service runtime watchdogs
and emergency actions during runtime. This is the systemd-analyze
version of the systemd.service_watchdogs command line option.

6 years agopid1: add option to disable service watchdogs
Jan Klötzke [Mon, 20 Mar 2017 12:10:43 +0000 (13:10 +0100)]
pid1: add option to disable service watchdogs

Add a "systemd.service_watchdogs=" option to the command line which
disables all service runtime watchdogs and emergency actions.

6 years agojournal: Fix journal dumping for json, cat and export output
Armin Widegreen [Thu, 11 Jan 2018 11:42:56 +0000 (12:42 +0100)]
journal: Fix journal dumping for json, cat and export output

Incorporating the fix from d00f1d57 into other output formats of journalctl.

If journal files are corrupted, e.g. not cleanly closed, some journal
entries can not be read by output options other than 'short' (default).
If such entries has been identified, they will now just be skipped.

6 years agobus-util: add bool property setter
Jan Klötzke [Thu, 11 Jan 2018 09:42:27 +0000 (10:42 +0100)]
bus-util: add bool property setter

6 years agocore/timer: Prevent timer looping when unit cannot start
Michal Koutný [Tue, 16 Jan 2018 18:22:46 +0000 (19:22 +0100)]
core/timer: Prevent timer looping when unit cannot start

When a unit job finishes early (e.g. when fork(2) fails) triggered unit goes
through states
        stopped->failed (or failed->failed),
in case a ExecStart= command fails unit passes through
        stopped->starting->failed.

The former transition doesn't result in unit active/inactive timestamp being
updated and timer (OnUnitActiveSec= or OnUnitInactiveSec=) would use an expired
timestamp triggering immediately again (repeatedly).

This patch exploits timer's last trigger timestamp to ensure the timer isn't
triggered more frequently than OnUnitActiveSec=/OnUnitInactiveSec= period.

Steps to reproduce:

0) Create sample units:

cat >~/.config/systemd/user/looper.service <<EOD
[Service]
ExecStart=/usr/bin/sleep 2
EOD

cat >~/.config/systemd/user/looper.timer <<EOD
[Timer]
AccuracySec=5
OnUnitActiveSec=5
EOD

1) systemctl --user daemon-reload

2) systemctl --user start looper.timer
   # to have first activation timestamp/sentinel
   systemctl --user start looper.service

o  Observe the service is being regularly triggered.

3) systemctl set-property user@$UID.service TasksMax=2

o  Observe the tight looping as long as the looper.service cannot be started.

Ref: #5969

6 years agonetword: tunnel remove unwanted space.
Susant Sahani [Mon, 22 Jan 2018 14:33:22 +0000 (20:03 +0530)]
netword: tunnel remove unwanted space.

6 years agoremove canonicalize_file_name() mention from TODO
Reverend Homer [Mon, 22 Jan 2018 14:26:52 +0000 (17:26 +0300)]
remove canonicalize_file_name() mention from TODO

canonicalize_file_name() invocations were replaced by chase_symlinks() in
Decemeber 2016 with PR #4694, so we don't need this mention in the TODO anymore

6 years agoupdate TODO
Lennart Poettering [Mon, 22 Jan 2018 14:33:26 +0000 (15:33 +0100)]
update TODO

6 years agotmpfiles: use the DEBUG_LOGGING macro where applicable
Lennart Poettering [Mon, 22 Jan 2018 14:33:13 +0000 (15:33 +0100)]
tmpfiles: use the DEBUG_LOGGING macro where applicable

6 years agotmpfiles: add missing OOM check
Lennart Poettering [Mon, 22 Jan 2018 14:32:57 +0000 (15:32 +0100)]
tmpfiles: add missing OOM check

6 years agotmpfiles: avoid using wrong type for strlen() result
Lennart Poettering [Mon, 22 Jan 2018 14:31:50 +0000 (15:31 +0100)]
tmpfiles: avoid using wrong type for strlen() result

The result of strlen is size_t, hence let's not store it in an "int"
just to pass it on as as size_t right-away. In fact let's not store it
at all…

6 years agotmpfiles: in dir_cleanup() take benefit that log_error_errno() returns the error...
Lennart Poettering [Mon, 22 Jan 2018 14:31:01 +0000 (15:31 +0100)]
tmpfiles: in dir_cleanup() take benefit that log_error_errno() returns the error code passed in

6 years agotmpfiles: fold five lines into two
Lennart Poettering [Mon, 22 Jan 2018 14:29:30 +0000 (15:29 +0100)]
tmpfiles: fold five lines into two

log_full_errno() has all these nice benefits, let's make use of them to
shorten five lines into two.

6 years agoMerge pull request #7943 from yuwata/fix-chase_symlinks
Lennart Poettering [Mon, 22 Jan 2018 11:42:24 +0000 (12:42 +0100)]
Merge pull request #7943 from yuwata/fix-chase_symlinks

fs-util: use `_cleanup_close_` attribute

6 years agojournald-native: Fix typo in MANDLOCK message
Frantisek Sumsal [Mon, 22 Jan 2018 10:18:53 +0000 (11:18 +0100)]
journald-native: Fix typo in MANDLOCK message

6 years agonetworkd: DHCPv6 client allow to configure Rapid Commit (#6930)
Susant Sahani [Mon, 22 Jan 2018 08:09:18 +0000 (13:39 +0530)]
networkd: DHCPv6 client allow to configure Rapid Commit (#6930)

The DHCPv6 client can obtain configuration parameters from a
DHCPv6 server through a rapid two-message exchange solicit and reply).
When the rapid commit option is enabled by both the DHCPv6 client and
the DHCPv6 server, the two-message exchange is used, rather than the default
four-method exchange (solicit, advertise, request, and reply). The two-message
exchange provides faster client configuration and is beneficial in environments
in which networks are under a heavy load.

Closes #5845

6 years agofuzz: cast to void when return value is ignored
Yu Watanabe [Mon, 22 Jan 2018 00:56:46 +0000 (09:56 +0900)]
fuzz: cast to void when return value is ignored

6 years agofuzz: check return value
Yu Watanabe [Mon, 22 Jan 2018 00:55:38 +0000 (09:55 +0900)]
fuzz: check return value

Closes CID #1385306 and #1385300.

6 years agofuzz: fix coding style
Yu Watanabe [Sun, 21 Jan 2018 13:25:37 +0000 (22:25 +0900)]
fuzz: fix coding style

6 years agocore: delay logging the taint string until after basic.target is reached (#7935)
Zbigniew Jędrzejewski-Szmek [Sun, 21 Jan 2018 12:17:54 +0000 (23:17 +1100)]
core: delay logging the taint string until after basic.target is reached (#7935)

This happens to be almost the same moment as when we send READY=1 in the user
instance, but the logic is slightly different, since we log taint when
basic.target is reached in the system manager, but we send the notification
only in the user manager. So add a separate flag for this and propagate it
across reloads.

Fixes #7683.

6 years agotest-resolve: check return value
Yu Watanabe [Sun, 21 Jan 2018 10:38:29 +0000 (19:38 +0900)]
test-resolve: check return value

Closes CID #1385310.

6 years agosd-dhcp6-client: do not refer uninitialized variable
Yu Watanabe [Sun, 21 Jan 2018 10:27:27 +0000 (19:27 +0900)]
sd-dhcp6-client: do not refer uninitialized variable

Fixes CID #1385308.

6 years agofs-util: chase_symlinks(): prevent double free
Yu Watanabe [Sun, 21 Jan 2018 10:19:25 +0000 (19:19 +0900)]
fs-util: chase_symlinks(): prevent double free

Fixes CID #1385316.

6 years agofs-util: use _cleanup_close_ attribute
Yu Watanabe [Sun, 21 Jan 2018 10:07:10 +0000 (19:07 +0900)]
fs-util: use _cleanup_close_ attribute

The commit f14f1806e329fe92d01f15c22a384702f0cb4ae0 introduced CHASE_SAFE
flag. When the flag is set, then `fd_parent` may not be properly closed.
This sets `_cleanup_close_` attribute to `fd_parent`.
Thus, now `fd_parent` is always closed properly.

6 years agoman: document that sd_j_stream_fd is signal safe (#7942)
Zbigniew Jędrzejewski-Szmek [Sun, 21 Jan 2018 09:51:55 +0000 (20:51 +1100)]
man: document that sd_j_stream_fd is signal safe (#7942)

Fixes #7912.

6 years agomount: forbid mount on path with symlinks
Alan Jenkins [Fri, 19 Jan 2018 17:28:38 +0000 (17:28 +0000)]
mount: forbid mount on path with symlinks

It was forbidden to create mount units for a symlink.  But the reason is
that the mount unit needs to know the real path that will appear in
/proc/self/mountinfo.  The kernel dereferences *all* the symlinks in the
path at mount time (I checked this with `mount -c` running under `strace`).

This will have no effect on most systems.  As recommended by docs, most
systems use /etc/fstab, as opposed to native mount unit files.
fstab-generator dereferences symlinks for backwards compatibility.

A relatively minor issue regarding Time Of Check / Time Of Use also exists
here.  I can't see how to get rid of it entirely.  If we pass an absolute
path to mount, the racing process can replace it with a symlink.  If we
chdir() to the mount point and pass ".", the racing process can move the
directory.  The latter might potentially be nicer, except that it breaks
WorkingDirectory=.

I'm not saying the race is relevant to security - I just want to consider
how bad the effect is.  Currently, it can make the mount unit active (and
hence the job return success), despite there never being a matching entry
in /proc/self/mountinfo.  This wart will be removed in the next commit;
i.e. it will make the mount unit fail instead.

6 years agoMerge pull request #7938 from keszybz/get-fd-unsafe
Yu Watanabe [Sat, 20 Jan 2018 04:20:33 +0000 (13:20 +0900)]
Merge pull request #7938 from keszybz/get-fd-unsafe

man: document signal unsafeness of sd_journal_get_fd

6 years agoman: document signal unsafeness of journal functions
Zbigniew Jędrzejewski-Szmek [Sat, 20 Jan 2018 03:23:54 +0000 (14:23 +1100)]
man: document signal unsafeness of journal functions

Fixes #7912.

6 years agoNEWS: fix typo
Zbigniew Jędrzejewski-Szmek [Sat, 20 Jan 2018 03:04:17 +0000 (14:04 +1100)]
NEWS: fix typo

6 years agoman: sd_journal_stream_fd: no, fds are not shared (#7926)
Alan Jenkins [Sat, 20 Jan 2018 03:02:50 +0000 (03:02 +0000)]
man: sd_journal_stream_fd: no, fds are not shared (#7926)

sd_journal_stream_fd() does not return the same file descriptor across
different calls.  It can't possibly do so, because the file descriptor
is created using certain parameters passed by the caller.

Also the implementation clearly isn't doing this, it's just connecting
to a unix socket.

It opens exactly one file descriptor, and does not close it unless there
is a write failure.  Nothing like "temporarily multiple file descriptors
may be open".

6 years agoMerge pull request #7936 from titanous/fuzz-dhcp-server
Zbigniew Jędrzejewski-Szmek [Sat, 20 Jan 2018 02:58:19 +0000 (13:58 +1100)]
Merge pull request #7936 from titanous/fuzz-dhcp-server

fuzz: add DHCP server fuzzer

6 years agofuzz: simplify oss-fuzz build instructions in HACKING
Jonathan Rudenberg [Sat, 20 Jan 2018 01:10:51 +0000 (20:10 -0500)]
fuzz: simplify oss-fuzz build instructions in HACKING

6 years agofuzz: add DHCP server fuzzer
Jonathan Rudenberg [Sat, 20 Jan 2018 00:44:56 +0000 (19:44 -0500)]
fuzz: add DHCP server fuzzer

6 years agoman: fix typo (#7937)
Yu Watanabe [Sat, 20 Jan 2018 02:22:57 +0000 (11:22 +0900)]
man: fix typo (#7937)

Reported by Дилян Палаузов (https://github.com/dilyanpalauzov) in #7870.

6 years agoMerge pull request #7934 from keszybz/man-improvements
Yu Watanabe [Sat, 20 Jan 2018 02:15:52 +0000 (11:15 +0900)]
Merge pull request #7934 from keszybz/man-improvements

Man page improvements

6 years agonetworkd: add quickack option to route (#7896)
Susant Sahani [Fri, 19 Jan 2018 23:49:15 +0000 (05:19 +0530)]
networkd: add quickack option to  route (#7896)

This patch adds quickack option to enable/disable TCP quick ack
mode for per-route.

6 years agoman: make clear that accessing network and mounting filesystems is not supported...
Michal Sekletar [Fri, 19 Jan 2018 23:47:27 +0000 (00:47 +0100)]
man: make clear that accessing network and mounting filesystems is not supported in udev rules (#7916)

These restrictions are implied by systemd options used for
systemd-udevd.service, i.e. MountFlags=slave and
IPAddressDeny=any. However, there are users out there getting tripped by
this, so let's make things clear in the man page so the actual
restrictions we implement by default have better visibility.

6 years agoman: clarify that Requires stop propagation only applies to explit requests
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:45:02 +0000 (10:45 +1100)]
man: clarify that Requires stop propagation only applies to explit requests

Follow-up for e79eabdb1becc93cf4afc909aa18dc40c931eab5. There was an
apparent contradiction:

  man/systemd.unit says for Requires=:

  Besides, with or without specifying After=, this unit will be deactivated
  if one of the other units get deactivated.

  Also, some unit types may deactivate on their own (for example, a service
  process may decide to exit cleanly, or a device may be unplugged by the
  user), which is not propagated to units having a Requires= dependency.

Fixes #7870.

6 years agonetworkd: ignore Static Routes option when Classless Static Routes is given (#7807)
Susant Sahani [Fri, 19 Jan 2018 23:42:45 +0000 (05:12 +0530)]
networkd: ignore Static Routes option when Classless Static Routes is given (#7807)

When the DHCP server returns both a Classless Static Routes
option and a Static Routes option, the DHCP client MUST ignore the
Static Routes option.

Closes #7792

6 years agoman: alphabetize and move targets to proper sections in systemd.special
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:38:09 +0000 (10:38 +1100)]
man: alphabetize and move targets to proper sections in systemd.special

6 years agoman: fix example formatting in systemd.preset
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:33:50 +0000 (10:33 +1100)]
man: fix example formatting in systemd.preset

Repeating "example" everywhere was not useful, so remove
that and improve the formatting a bit.

6 years agoman: document default for WakeOnLan
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:33:15 +0000 (10:33 +1100)]
man: document default for WakeOnLan

6 years agoman: add a note where coredump default values are
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:27:46 +0000 (10:27 +1100)]
man: add a note where coredump default values are

I don't want to include all the default values in the man page
because that's bound to get out of date…

6 years agoman: fix _STREAM_ID, _LINE_BREAK descriptions
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:15:06 +0000 (10:15 +1100)]
man: fix _STREAM_ID, _LINE_BREAK descriptions

Pointed out by Дилян Палаузов (https://github.com/dilyanpalauzov).
Fixes #7870.

6 years agoMerge pull request #7675 from shawnl/unaligned
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 23:00:14 +0000 (10:00 +1100)]
Merge pull request #7675 from shawnl/unaligned

Issue #7654 (unaligned loads on sparc64)

6 years agofs-util: chase_symlinks(): support empty root
Yu Watanabe [Fri, 19 Jan 2018 09:05:28 +0000 (18:05 +0900)]
fs-util: chase_symlinks(): support empty root

The commit b1bfb848046e457f3cd623286b8cc1a5e5440023 makes chase_symlinks()
recognize empty string for root as an invalid parameter. However,
empty root is often used e.g. systemd-nspawn.
This makes chase_symlinks() support empty string safely.

Fixes #7927.

6 years agoMerge pull request #7923 from keszybz/resolved-generic-packet
Zbigniew Jędrzejewski-Szmek [Fri, 19 Jan 2018 06:42:29 +0000 (17:42 +1100)]
Merge pull request #7923 from keszybz/resolved-generic-packet

Resolved generic packet

6 years agoMerge pull request #7913 from sourcejedi/devpts
Alan Jenkins [Thu, 18 Jan 2018 21:56:26 +0000 (21:56 +0000)]
Merge pull request #7913 from sourcejedi/devpts

3 nitpicks from core/namespace.c

6 years agohwdb: Add Lenovo IdeaPad Miix 320 sensor mount quirk (#7707)
jdkbx [Thu, 18 Jan 2018 20:09:58 +0000 (21:09 +0100)]
hwdb: Add Lenovo IdeaPad Miix 320 sensor mount quirk (#7707)

6 years agoman: systemd-nspawn: fix list of default capabilities (#7925)
Alan Jenkins [Thu, 18 Jan 2018 19:11:11 +0000 (19:11 +0000)]
man: systemd-nspawn: fix list of default capabilities (#7925)

* Sort them alphabetically.
* Add CAP_MKNOD (commit 7f112f50fe added it).

the list is now in sync with the one at the top of nspawn.c

6 years agoMerge pull request #7924 from sourcejedi/devpts-regression-fix
Alan Jenkins [Thu, 18 Jan 2018 19:04:12 +0000 (19:04 +0000)]
Merge pull request #7924 from sourcejedi/devpts-regression-fix

core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx

6 years agocore: clone_device_node(): add debug message
Alan Jenkins [Thu, 18 Jan 2018 13:58:13 +0000 (13:58 +0000)]
core: clone_device_node(): add debug message

For people who use debug messages, maybe it is helpful to know that
PrivateDevices= failed due to mknod(), and which device node.

(The other (un-logged) failures could be while mounting filesystems e.g. no
CAP_SYS_ADMIN which is the common case, or missing /dev/shm or /dev/pts,
or missing /dev/ptmx).

6 years agocore: un-break PrivateDevices= by allowing it to mknod /dev/ptmx
Alan Jenkins [Thu, 18 Jan 2018 12:07:31 +0000 (12:07 +0000)]
core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx

#7886 caused PrivateDevices= to silently fail-open.
https://github.com/systemd/systemd/pull/7886#issuecomment-358542849

Allow PrivateDevices= to succeed, in creating /dev/ptmx, even though
DeviceControl=closed applies.

No specific justification was given for blocking mknod of /dev/ptmx.  Only
that we didn't seem to need it, because we weren't creating it correctly as
a device node.

6 years agoresolved: fix confusion with generic data in unparsable packets
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jan 2018 09:19:48 +0000 (20:19 +1100)]
resolved: fix confusion with generic data in unparsable packets

Issue 5465.

6 years agoresolved: split out parts of dns_packet_extract
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jan 2018 08:34:07 +0000 (19:34 +1100)]
resolved: split out parts of dns_packet_extract

This fairly complicated function was deeply nested and
hard to read...

6 years agobus-message: avoid -Wnull-pointer-arithmetic warning on new clang
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jan 2018 05:23:09 +0000 (16:23 +1100)]
bus-message: avoid -Wnull-pointer-arithmetic warning on new clang

We just need some pointer, so use alignment directly converted
to the right type.

6 years agoMerge pull request #7876 from titanous/oss-fuzz
Zbigniew Jędrzejewski-Szmek [Thu, 18 Jan 2018 01:41:13 +0000 (12:41 +1100)]
Merge pull request #7876 from titanous/oss-fuzz

Add initial fuzzing infrastructure

6 years agofuzz: add docs on creating fuzzer targets to HACKING
Jonathan Rudenberg [Tue, 16 Jan 2018 17:09:56 +0000 (12:09 -0500)]
fuzz: add docs on creating fuzzer targets to HACKING

6 years agofuzz: allow building fuzzers outside of oss-fuzz
Jonathan Rudenberg [Tue, 16 Jan 2018 15:25:43 +0000 (10:25 -0500)]
fuzz: allow building fuzzers outside of oss-fuzz

Add a new -Dllvm-fuzz=true option that can be used to build against
libFuzzer and update the oss-fuzz script to work outside of the
oss-fuzz build environment.

6 years agofuzz: rebuild everything during each oss-fuzz build
Jonathan Rudenberg [Tue, 16 Jan 2018 13:36:56 +0000 (08:36 -0500)]
fuzz: rebuild everything during each oss-fuzz build

This avoids failures while using the oss-fuzz local testing
infrastructure.

6 years agofuzz: disable all deps when building with oss-fuzz
Jonathan Rudenberg [Mon, 15 Jan 2018 23:27:37 +0000 (18:27 -0500)]
fuzz: disable all deps when building with oss-fuzz

The fuzz targets are intended to be fast and only target systemd
code, so they don't need to call out to any dependencies. They also
shouldn't depend on shared libraries outside of libc, so we disable
every dependency when compiling against oss-fuzz. This also
simplifies the upstream build environment significantly.

6 years agofuzz: add initial fuzzing infrastructure
Jonathan Rudenberg [Sun, 14 Jan 2018 00:51:07 +0000 (19:51 -0500)]
fuzz: add initial fuzzing infrastructure

The fuzzers will be used by oss-fuzz to automatically and
continuously fuzz systemd.

This commit includes the build tooling necessary to build fuzz
targets, and a fuzzer for the DNS packet parser.

6 years agoMerge pull request #7903 from yuwata/fix-7863
Lennart Poettering [Wed, 17 Jan 2018 18:18:47 +0000 (19:18 +0100)]
Merge pull request #7903 from yuwata/fix-7863

 network: create runtime sub-directories after drop_privileges()

6 years agoMerge pull request #7910 from poettering/getcwd
Lennart Poettering [Wed, 17 Jan 2018 18:16:42 +0000 (19:16 +0100)]
Merge pull request #7910 from poettering/getcwd

some getcwd() fixes, and other path-util tweaks

6 years agoMerge pull request #7911 from poettering/chase-symlinks-tweaks
Lennart Poettering [Wed, 17 Jan 2018 18:15:49 +0000 (19:15 +0100)]
Merge pull request #7911 from poettering/chase-symlinks-tweaks

chase_symlinks() tweaks

6 years agocore: namespace: remove unnecessary mode on /dev/shm mount target
Alan Jenkins [Wed, 17 Jan 2018 12:53:26 +0000 (12:53 +0000)]
core: namespace: remove unnecessary mode on /dev/shm mount target

This should have no behavioural effect; it just confused me.

All the other mount directories in this function are created as 0755.
Some of the mounts are allowed to fail - mqueue and hugepages.
If the /dev/mqueue mount target was created with the permissive mode 01777,
to match the filesystem we're trying to mount there, then a mount failure
would allow unprivileged users to write to the /dev filesystem, e.g. to
exhaust the available space.  There is no reason to allow this.

(Allowing the user read access (0755) seems a reasonable idea though, e.g. for
quicker troubleshooting.)

We do not allow failure of the /dev/shm mount, so it doesn't matter that
it is created as 01777.  But on the same grounds, we have no *reason* to
create it as any specific mode.  0755 is equally fine.

This function will be clearer by using 0755 throughout, to avoid
unintentionally implying some connection between the mode of the mount
target, and the mode of the mounted filesystem.

6 years agoREADME: fix context for CONFIG_DEVPTS_MULTIPLE_INSTANCES
Alan Jenkins [Mon, 15 Jan 2018 16:55:11 +0000 (16:55 +0000)]
README: fix context for CONFIG_DEVPTS_MULTIPLE_INSTANCES

`newinstance` (and `ptmxmode`) options of devpts are _not_ used by
PrivateDevices=.  (/dev/pts is shared, similar to how /dev/shm and
/dev/mqueue are handled).  It is used by nspawn containers though.

Also CONFIG_DEVPTS_MULTIPLE_INSTANCES was removed in 4.7-rc2
https://github.com/torvalds/linux/commit/eedf265aa003b4781de24cfed40a655a664457e6
and no longer needs to be set, so make that clearer to avoid confusion.

6 years agoresolve: check for underflow of size parameter (#7889)
Shawn Landden [Wed, 17 Jan 2018 13:49:22 +0000 (05:49 -0800)]
resolve: check for underflow of size parameter (#7889)

to dns_packet_read_memdup()

Closes #7888

6 years agocore: namespace: nitpick /dev/ptmx error handling
Alan Jenkins [Wed, 17 Jan 2018 13:28:04 +0000 (13:28 +0000)]
core: namespace: nitpick /dev/ptmx error handling

If /dev/tty did not exist, or had st_rdev == 0, we ignored it.  And the
same is true for null, zero, full, random, urandom.

If /dev/ptmx did not exist, we treated this as a failure.  If /dev/ptmx had
st_rdev == 0, we ignored it.

This was a very recent change, but there was no reason for ptmx creation
specifically to treat st_rdev == 0 differently from non-existence.  This
confuses me when reading it.

Change the creation of /dev/ptmx so that st_rdev == 0 is
treated as failure.

This still leaves /dev/ptmx as a special case with stricter handling.
However it is consistent with the immediately preceding creation of
/dev/pts/, which is treated as essential, and is directly related to ptmx.

I don't know why we check st_rdev.  But I'd prefer to have only one
unanswered question here, and not to have a second unanswered question
added on top.

6 years agofs-util: refuse taking a relative path to chase if "root" is specified and CHASE_PREF...
Lennart Poettering [Wed, 17 Jan 2018 11:00:40 +0000 (12:00 +0100)]
fs-util: refuse taking a relative path to chase if "root" is specified and CHASE_PREFIX_ROOT is set

If we take a relative path we first make it absolute, based on the
current working directory. But if CHASE_PREFIX_ROOT is passe we are
supposed to make the path absolute taking the specified root path into
account, but that makes no sense if we talk about the current working
directory as that is relative to the host's root in any case. Hence,
let's refuse this politely.

6 years agofs-util: extra chase_symlink() safety check on "path" parameter
Lennart Poettering [Wed, 17 Jan 2018 11:00:12 +0000 (12:00 +0100)]
fs-util: extra chase_symlink() safety check on "path" parameter

It's not clear what an empty "path" is even supposed to mean, hence
refuse.

6 years agofs-util: extra safety checks on chase_symlinks() root parameter
Lennart Poettering [Wed, 17 Jan 2018 10:56:52 +0000 (11:56 +0100)]
fs-util: extra safety checks on chase_symlinks() root parameter

Let's handle root="" and root="/" safely.

6 years agopath-util: don't insert duplicate "/" in path_make_absolute_cwd()
Lennart Poettering [Wed, 17 Jan 2018 10:17:55 +0000 (11:17 +0100)]
path-util: don't insert duplicate "/" in path_make_absolute_cwd()

When the working directory is "/" it's prettier not to insert a second
"/" in the path, even though it is technically correct.

6 years agotree-wide: port all code to use safe_getcwd()
Lennart Poettering [Wed, 17 Jan 2018 10:17:38 +0000 (11:17 +0100)]
tree-wide: port all code to use safe_getcwd()

6 years agopath-util: introduce new safe_getcwd() wrapper
Lennart Poettering [Wed, 17 Jan 2018 10:16:31 +0000 (11:16 +0100)]
path-util: introduce new safe_getcwd() wrapper

It's like get_current_dir_name() but protects us from
CVE-2018-1000001-style exploits:

https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/

6 years agopath-util: don't add extra "/" when prefix already is suffixed by slash
Lennart Poettering [Wed, 17 Jan 2018 10:15:00 +0000 (11:15 +0100)]
path-util: don't add extra "/" when prefix already is suffixed by slash

No need to insert duplicate "/" if we can avoid it. This is particularly
relevant if the prefix passed in is the root directory.

6 years agopath-util: do something useful if the prefix is "" in path_make_absolute()
Lennart Poettering [Wed, 17 Jan 2018 10:13:46 +0000 (11:13 +0100)]
path-util: do something useful if the prefix is "" in path_make_absolute()

Do not insert a "/" if the prefix we shall use is empty. It's a corner
case we should probably take care of.

6 years agoefivars: include errno.h when EFI support is disabled (#7900)
Yu Watanabe [Wed, 17 Jan 2018 09:25:42 +0000 (18:25 +0900)]
efivars: include errno.h when EFI support is disabled (#7900)

Fixes #7898.

6 years agoMerge pull request #7886 from gdamjan/fix-ptmx
Alan Jenkins [Wed, 17 Jan 2018 09:24:00 +0000 (09:24 +0000)]
Merge pull request #7886 from gdamjan/fix-ptmx

namespace: make /dev/ptmx a copy of the host not a symlink