Zbigniew Jędrzejewski-Szmek [Wed, 21 Feb 2018 13:04:50 +0000 (14:04 +0100)]
missing_syscall: when adding syscall replacements, use different names (#8229)
In meson.build we check that functions are available using:
meson.get_compiler('c').has_function('foo')
which checks the following:
- if __stub_foo or __stub___foo are defined, return false
- if foo is declared (a pointer to the function can be taken), return true
- otherwise check for __builtin_memfd_create
_stub is documented by glibc as
It defines a symbol '__stub_FUNCTION' for each function
in the C library which is a stub, meaning it will fail
every time called, usually setting errno to ENOSYS.
So if __stub is defined, we know we don't want to use the glibc version, but
this doesn't tell us if the name itself is defined or not. If it _is_ defined,
and we define our replacement as an inline static function, we get an error:
In file included from ../src/basic/missing.h:1358:0,
from ../src/basic/util.h:47,
from ../src/basic/calendarspec.h:29,
from ../src/basic/calendarspec.c:34:
../src/basic/missing_syscall.h:65:19: error: static declaration of 'memfd_create' follows non-static declaration
static inline int memfd_create(const char *name, unsigned int flags) {
^~~~~~~~~~~~
.../usr/include/bits/mman-shared.h:46:5: note: previous declaration of 'memfd_create' was here
int memfd_create (const char *__name, unsigned int __flags) __THROW;
^~~~~~~~~~~~
To avoid this problem, call our inline functions different than glibc,
and use a #define to map the official name to our replacement.
Fixes #8099.
v2:
- use "missing_" as the prefix instead of "_"
v3:
- rebase and update for statx()
Unfortunately "statx" is also present in "struct statx", so the define
causes issues. Work around this by using a typedef.
I checked that systemd compiles with current glibc
(glibc-devel-2.26-24.fc27.x86_64) if HAVE_MEMFD_CREATE, HAVE_GETTID,
HAVE_PIVOT_ROOT, HAVE_SETNS, HAVE_RENAMEAT2, HAVE_KCMP, HAVE_KEYCTL,
HAVE_COPY_FILE_RANGE, HAVE_BPF, HAVE_STATX are forced to 0.
Setting HAVE_NAME_TO_HANDLE_AT to 0 causes an issue, but it's not because of
the define, but because of struct file_handle.
(backported from commit
5187dd2c403caf92d09f3491e41f1ceb3f10491f)
Change-Id: I46ed455f1d0a7c6eacd69b04f22deb756cc7590f
Matija Skala [Wed, 15 Mar 2017 12:21:10 +0000 (13:21 +0100)]
fix includes
linux/sockios.h is needed for the SIOCGSTAMPNS macro
xlocale.h is included indirectly in glibc and doesn't even exist in
other libcs
(cherry picked from commit
284d1cd0a12cad96a5ea61d1afb0dd677dbd147e)
Change-Id: I4c0c42b0a58fb79b165ac168a9ced6bca8e07152
Zbigniew Jędrzejewski-Szmek [Wed, 1 Feb 2017 00:55:33 +0000 (19:55 -0500)]
nss-util: silence warning about deprecated RES_USE_INET6
src/nss-resolve/nss-resolve.c: In function ‘_nss_resolve_gethostbyname_r’:
src/nss-resolve/nss-resolve.c:680:13: warning: RES_USE_INET6 is deprecated
NSS_GETHOSTBYNAME_FALLBACKS(resolve);
^~~~~~~~~~~~~~~~~~~~~~~~~
In glibc bz #19582, RES_USE_INET6 was deprecated. This might make sense for
clients, but they didn't take into account nss module implementations which
*must* continue to support the option. glibc internally defines
DEPRECATED_RES_USE_INET6 which can be used without emitting a warning, but
it's not exported publicly. Let's do the same, and just copy the definition
to our header.
(cherry picked from commit
6154d33de3f15bbd5d5df718103af9c37ba0a768)
Change-Id: Ib3c91b6752800385429c51a95572a3b2b1d31ad3
Mateusz Moscicki [Mon, 18 Nov 2019 13:39:07 +0000 (14:39 +0100)]
core: be stricter when handling PID files and MAINPID sd_notify() messages
Let's be more restrictive when validating PID files and MAINPID=
messages: don't accept PIDs that make no sense, and if the configuration
source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
source is considered trusted when the PID file is owned by root, or the
message was received from root.
This should lock things down a bit, in case service authors write out
PID files from unprivileged code or use NotifyAccess=all with
unprivileged code. Note that doing so was always problematic, just now
it's a bit less problematic.
When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
logic, to ensure that we won't follow an unpriviled-owned symlink to a
privileged-owned file thinking this was a valid privileged PID file,
even though it really isn't.
Fixes: #6632
(cherry picked from commit
db256aab13d8a89d583ecd2bacf0aca87c66effc)
Resolves: #1663143
Change-Id: Id91df4fb9e46224a12dc6c260a1c3b8a9e4cc553
Mateusz Moscicki [Mon, 18 Nov 2019 12:23:52 +0000 (13:23 +0100)]
notify: add new --uid= command
The new --uid= switch allows selecting the UID from which the
notificaiton messages shall originate.
This is primarily useful for testing purposes, but might have other
uses.
(cherry picked from commit:
65c6b99094580afa186199d8091cd7536900526c)
Change-Id: I1531bb34818ef8daa3eb8a7c8e973ef9d4aa1ba1
Mateusz Moscicki [Mon, 18 Nov 2019 11:42:23 +0000 (12:42 +0100)]
sd-dameon: also sent ucred when our UID differs from EUID
Let's be explicit, and always send the messages from our UID and never
our EUID. Previously this behaviour was conditionalized only on whether
the PID was specified, which made this non-obvious.
(cherry picked from commit
9e1d021ee3f147486c5cfac69b3cbf6f4b36eb79)
Change-Id: I732ce2169e00f2f5fe8e7f7403d6f31dc66842a2
Mateusz Moscicki [Wed, 20 Nov 2019 13:52:46 +0000 (14:52 +0100)]
fs-util: add new chase_symlinks() flag CHASE_OPEN
The new flag returns the O_PATH fd of the final component, which may be
converted into a proper fd by open()ing it again through the
/proc/self/fd/xyz path.
Together with O_SAFE this provides us with a somewhat safe way to open()
files in directories potentially owned by unprivileged code, where we
want to refuse operation if any symlink tricks are played pointing to
privileged files.
(cherry picked from commit
1ed34d75d4f21d2335c5625261954c848d176ae6)
Change-Id: I5e5ce0affec97e4d19483b4f534db99f4f950f89
Related: #1663143
Mateusz Moscicki [Wed, 20 Nov 2019 13:34:23 +0000 (14:34 +0100)]
fs-util: add new CHASE_SAFE flag to chase_symlinks()
When the flag is specified we won't transition to a privilege-owned
file or directory from an unprivileged-owned one. This is useful when
privileged code wants to load data from a file unprivileged users have
write access to, and validates the ownership, but want's to make sure
that no symlink games are played to read a root-owned system file
belonging to a different context.
(cherry picked from commit
f14f1806e329fe92d01f15c22a384702f0cb4ae0)
Change-Id: I86dfede53114a23d708744a9c47abc9eaf05a8d1
Related: #1663143
Mateusz Moscicki [Wed, 13 Nov 2019 15:32:24 +0000 (16:32 +0100)]
backport chase_symlinks
Related: #1663143
Change-Id: I57d945a208ade174c89ea2736357d8bce541a46f
Zbigniew Jędrzejewski-Szmek [Thu, 29 Sep 2016 14:06:02 +0000 (16:06 +0200)]
pid1: process zero-length notification messages again
This undoes
531ac2b234. I acked that patch without looking at the code
carefully enough. There are two problems:
- we want to process the fds anyway
- in principle empty notification messages are valid, and we should
process them as usual, including logging using log_unit_debug().
CVE-2016-7795
Change-Id: I1dfb10c7a3ffeb7a5ed9d0ace4a94bee36c846b4
INSUN PYO [Tue, 5 Nov 2019 02:51:19 +0000 (11:51 +0900)]
logind: change the power key to disabled
Tizen does not support power off without deviced.
So, you need to turn off the power key function in logind.
1. Disable TAG+="power-switch" uevent rules because logind uses "power-switch" uevent to recognize the power key.
2. Change default behavior for power key to ignore.
Change-Id: I0523d4cc46ce2edd05e479e9101c6d20f70b4296
Hyotaek Shim [Mon, 7 Oct 2019 11:43:04 +0000 (20:43 +0900)]
Remove the smack exec label of busctl
Change-Id: Iaab47bd04b0c480fa2c2e9e5deeeded9d461c4b4
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Hyungju Lee [Tue, 10 Sep 2019 02:06:08 +0000 (11:06 +0900)]
Change smack label of /dev/full from '_' to '*'
Change-Id: I706f14f7e8d767b0d7904a08e793f424c47e001b
Hyotaek Shim [Thu, 22 Aug 2019 11:46:11 +0000 (20:46 +0900)]
Add dbus policy for org.tizen.system.BootingDone
Change-Id: I8f0bd7887b5f1cbd7637c00e03240e4d5e09e4c7
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Paweł Szewczyk [Fri, 26 Jul 2019 08:48:24 +0000 (10:48 +0200)]
Use separate udev tag for devices in user session
The system-user tag can be used to mark devices that will be enumerated by
systemd in 'systemd --user' instance.
Change-Id: I5889f50df6c329de36c2544ee5cf1ba1c52ad433
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
INSUN PYO [Fri, 19 Jul 2019 08:23:57 +0000 (17:23 +0900)]
Rework delayed.target
start delayed.service --> finish default.target --> start all of delayed.service -->
finish delayed.target --> StartupFinished
Change-Id: I2f291ea8b5f535157eec4f105f2c37b0cea448c9
INSUN PYO [Wed, 26 Jun 2019 00:12:45 +0000 (09:12 +0900)]
Change the config value of the "RemainAfterExit=" ("true" -> "yes")
Change-Id: I56db28be6f0cecd0562ba8db6bb1d4af0b1a3b7b
INSUN PYO [Fri, 7 Jun 2019 06:30:41 +0000 (15:30 +0900)]
Add delayed target
Change-Id: I0527d1387500c699be0fbc319c702a77d9ae587b
Hyotaek Shim [Wed, 8 May 2019 11:55:31 +0000 (20:55 +0900)]
Change the default smack label of /dev
(Before)
smack access label: *
default access label: _
(After)
smack access label: *
default access label: *
Change-Id: Iffd4793655a8080501388d40a2f812269b8613cb
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Cheoleun Moon [Fri, 19 Apr 2019 07:31:03 +0000 (16:31 +0900)]
Add SECLABEL for /dev/net/tun
Change smack label of /dev/net/tun to *
Change-Id: Ie3c7d4e908a077064cb4d5ba5e4e082a7409da64
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
INSUN PYO [Tue, 16 Apr 2019 04:25:07 +0000 (13:25 +0900)]
Revert "core: fix the CGROUP spawning error as a workaround"
This reverts commit
adce88455e758166ad4f2103724cd34c11c5f141.
Change-Id: Ie76d6183f8f5966fa9187666a5777c1c50926353
INSUN PYO [Mon, 15 Apr 2019 11:13:25 +0000 (20:13 +0900)]
Fixed an incorrect parameter passing to the log function.
Change-Id: I5274fd466e79b7773c4903fcfc17f89b3e5cad53
Hyotaek Shim [Mon, 15 Apr 2019 07:08:10 +0000 (16:08 +0900)]
Enable stack protection option, -fstack-clash-protection
http://suprem.sec.samsung.net/jira/browse/SATIZENVUL-1930
http://suprem.sec.samsung.net/jira/browse/SATIZENVUL-1933
Change-Id: I0c3292fd0d7fdd69a1aa902a1e9d8b75a6f11d87
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Yu Watanabe [Fri, 10 Aug 2018 02:07:54 +0000 (11:07 +0900)]
journal: do not remove multiple spaces after identifier in syslog message
Single space is used as separator.
C.f. discussions in #156.
Fixes #9839 introduced by
a6aadf4ae0bae185dc4c414d492a4a781c80ffe5.
Change-Id: I2cabac6e0d99634aeb148b4d7698a67d84b546dd
Yu Watanabe [Wed, 8 Aug 2018 06:06:36 +0000 (15:06 +0900)]
journal: fix syslog_parse_identifier()
Fixes #9829.
Change-Id: I6d48464ad02397990973c93153cdbf2e0a6e26cd
sanghyeok.oh [Tue, 29 Jan 2019 07:19:49 +0000 (16:19 +0900)]
busctl: set execute label as 'System'
Change-Id: Id76f4cc5c2ab52c61355033fb4bcf8681d2cedbf
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
Hyotaek Shim [Fri, 25 Jan 2019 08:50:42 +0000 (17:50 +0900)]
Minor fix regarding "update-alternatives --remove systemd-shutdown.."
Change-Id: I33510d36510a468c9fa67265f3ba3e73934080a0
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Karol Lewandowski [Wed, 9 Jan 2019 15:16:19 +0000 (16:16 +0100)]
tizen: Allow replacing systemd-shutdown
This will be used by deviced to install custom shutdown handler.
Change-Id: I1f921fbae7d05f9ba937bb68cfa997a310407484
Paweł Szewczyk [Fri, 30 Nov 2018 11:35:23 +0000 (12:35 +0100)]
fd-util: Fix error handling in safe_fclose
Function fclose_nointr returns negative value on error.
Change-Id: I881469ed78037d531d73e41c77b57aab004a713a
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
Karol Lewandowski [Thu, 15 Nov 2018 13:02:51 +0000 (14:02 +0100)]
tizen: All logins should use User::Shell smack label
Change-Id: I8c0e7de59689aa83bd0273af4a66dd7a8f823ec9
Michal Bloch [Mon, 5 Nov 2018 14:26:39 +0000 (15:26 +0100)]
Remove kdbus interface header
kdbus.h is now provided with other linux kernel headers.
Change-Id: Ida7d06aa1f27d88040f949fffd73f0d6cfd5f23e
Signed-off-by: Michal Bloch <m.bloch@samsung.com>
Hyotaek Shim [Thu, 1 Nov 2018 04:38:43 +0000 (13:38 +0900)]
core: don't drop timer expired but not yet processed when system date is changed
There is difference between time set by the user and real elapsed time because of accuracy feature.
If you change the system date(or time) between these times, the timer drops.
You can easily reproduce it with the following command.
-----------------------------------------------------------
$ systemd-run --on-active=3s ls; sleep 3; date -s "`date`"
-----------------------------------------------------------
In the following command, the problem is rarely reproduced. But it exists.
---------------------------------------------------------------------------------------------
$ systemd-run --on-active=3s --timer-property=AccuracySec=1us ls ; sleep 1; date -s "`date`"
---------------------------------------------------------------------------------------------
Note : Global AccuracySec value.
----------------------------------------------------------------------
$ cat /etc/systemd/system.conf
DefaultTimerAccuracySec=1min
----------------------------------------------------------------------
Origin source: https://github.com/systemd/systemd/commit/
fee04d7f3ab810e99b97535ca5fda2f9517acda9
Change-Id: Ibaaa89bec9c55f43336388ee85f07b89c1a50ea4
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Paweł Szewczyk [Fri, 5 Oct 2018 12:48:39 +0000 (14:48 +0200)]
socket: Serialize auxiliary file descriptors
When socket is serialized/deserialized it's important to keep all file
descriptors. This commit adds the serialization of auxiliary fds.
For now, only ffs sockets are using auxiliary descriptors.
Change-Id: I5fea0152fee51560e160fe5df4806b55a5b369d6
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
Adrian Szyndela [Fri, 21 Sep 2018 14:11:05 +0000 (16:11 +0200)]
D-Bus policy configs: fixed rules
Removed duplicate rules in all three configs, and specified proper sender
for receiving ActivationRequest signal in org.freedesktop.systemd1.conf.
Change-Id: I550c07ede30a0bb70a9bb3ca00d5771e1722826b
pr.jung [Mon, 17 Sep 2018 06:39:43 +0000 (15:39 +0900)]
Remove build warnings
- Add TIZEN_JOURNALD_KMSG
- Print kmsg log on dlogutil because journald is heavier than dlogutil
Change-Id: I763cfccbb0d877c52d8448de4a50966a33c84981
Signed-off-by: pr.jung <pr.jung@samsung.com>
Hyotaek Shim [Wed, 5 Sep 2018 09:23:10 +0000 (18:23 +0900)]
Set the smack label of executable binary tools
Apps (3rd party and even in-house Apps) are not permitted to run systemd tools directly.
User System::Tools rx
User::Shell System::Tools rx
System::TEF System::Tools rx
System::Privileged System::Tools rx
System System::Tools rx
Change-Id: I55a9b00a6ec0583d4673d9a41cdda7fbd9e23310
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Anchor Cat [Wed, 10 May 2017 11:23:58 +0000 (21:23 +1000)]
automount: ack automount requests even when already mounted
If a process accesses an autofs filesystem while systemd is in the
middle of starting the mount unit on top of it, it is possible for the
autofs_ptype_missing_direct request from the kernel to be received after
the mount unit has been fully started:
systemd forks and execs mount ...
... access autofs, blocks
mount exits ...
systemd receives SIGCHLD ...
... kernel sends request
systemd receives request ...
systemd needs to respond to this request, otherwise the kernel will
continue to block access to the mount point.
Cherry-picked from https://github.com/systemd/systemd/commit/
e7d54bf58789545a9eb0b3964233defa0b007318
Change-Id: Ibacc2c0ffee32846321864987324763214648732
(cherry picked from commit
5ccd5b2efc60d9f775a812878528f06b01189da5)
Hyotaek Shim [Wed, 27 Jun 2018 10:47:30 +0000 (19:47 +0900)]
Revert "resolved: apply epoch to system time from PID 1"
This reverts commit
021dd87bc055a5bfb2dcef83fc868fe24648b959.
In Tizen Watch products, users can set the RTC as they want, even to the past.
Here, it has been observed that the system clock is reset every booting.
For instance,
1) After a boot, Kernel RTC is 2018-01-02.
2) Since the system clock initialized by RTC is 2018-01-02 is less than 2018-06-27 (TIME_EPOCH_USEC),
Systemd resets the system clock as TIME_EPOCH_USEC, but does not modify RTC.
Although the system clock shown to users is not an intended value, the time goes by to 2018-06-28.
3) After another reboot, the system clock is restored to 2018-06-27 (TIME_EPOCH_USEC)
because RTC is still less than TIME_EPOCH_USEC.
Change-Id: Ib2c61e9b1fd9d4b0d33f99868dda1daaec21878d
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Łukasz Stelmach [Fri, 31 Mar 2017 11:05:09 +0000 (13:05 +0200)]
spec: configure rpmmacrosdir instead of manually installing rpm macros
Change-Id: Iec5f938f97695f8eafcfc4f3b0b120d5fe77a54e
Lukas Nykryn [Tue, 30 Aug 2016 13:04:07 +0000 (15:04 +0200)]
install: fix disable when /etc/systemd/system is a symlink
Change-Id: I1bafa3e4bfea556e2abceee33b2b2bc6ab97b137
Origin: https://github.com/systemd/systemd/commit/
67852d08e6a35d34b428e8be64efdb3f003f4697
steelman [Tue, 14 Mar 2017 23:16:47 +0000 (00:16 +0100)]
build-sys: make RPM macros installation path configurable (#5564)
--with-rpmmacrosdir=no disables installation of the macros.
Change-Id: Ia663c3fb86bf658da57b59a4c17916c5c22645af
Origin: https://github.com/systemd/systemd/commit/
ff2e33db54719bfe8feea833571652318c6d197c
Mateusz Moscicki [Fri, 11 May 2018 12:58:41 +0000 (14:58 +0200)]
Set the default deny policy for system dbus
org.freedesktop.locale1.conf - send: deny, own: deny
org.freedesktop.login1.conf - send: deny, own: deny
org.freedesktop.systemd1.conf - send: deny, own: deny
Change-Id: I49f402d56f83700fe7528eab3e034cd845afc0a2
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Cristian Rodríguez [Fri, 5 Aug 2016 16:10:41 +0000 (16:10 +0000)]
buildsys,journal: allow -fsanitize=address without VALGRIND defined
Fixed (master) versions of libtool pass -fsanitize=address correctly
into CFLAGS and LDFLAGS allowing ASAN to be used without any special
configure tricks..however ASAN triggers in lookup3.c for the same
reasons valgrind does. take the alternative codepath if
__SANITIZE_ADDRESS__ is defined as well.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I1eb6c14a7d91b4d34fdc792620fe57a329037fa4
INSUN PYO [Wed, 7 Mar 2018 07:40:53 +0000 (16:40 +0900)]
logind: change smack label /run/user/%UID/system_share to "*"
INSUN PYO [Tue, 27 Feb 2018 08:48:52 +0000 (17:48 +0900)]
logind: change group and permission /run/user/%UID
1. change group and pemission of /run/usre/%UID to uid/system_share,0750
2. make /run/user/%UID/system_share to uid/system_share,0750
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ie22b8d4e96c1669f7068005952d83f7f4086b60c
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
INSUN PYO [Wed, 28 Feb 2018 02:29:47 +0000 (11:29 +0900)]
revert: Description : Adding to enable/disable the multiuser feature.
* I don't revert "unit/user@.service.m4.in (Environment=XDG_RUNTIME_DIR=/run/user/%U)
* If you want to revert this, you should add "session required pam_loginuid.so" to /etc/pam.d/systemd-user
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I6f8e132eb46a150968662bc2574fdf85eb715a52
INSUN PYO [Wed, 31 Jan 2018 01:02:17 +0000 (10:02 +0900)]
journald: Limit system journal size from 10M to 4M
A journald always loads two journal files (one is current and the other is just before) in memory using mmap.
So it always consumes as much memory as file size.
A journald rotates the log in 8 files.
Each log file has a SystemMaxUse/8 size.
(But the minimum value is 512k.)
So SystemMaxUse is 4M to minimize memory usage. (512k * 8 = 4M)
sh-3.2# memps `pidof systemd-journald`
S(CODE) S(DATA) P(CODE) P(DATA) ADDR(start-end) OBJECT NAME
-------- -------- -------- -------- -----------------------------------------------
4 0 508 0
f6d80000-
f6ec0000 /opt/var/log/journal/
999fcdd05c714da0859337c08df2230e/system@
800f735a88e44c35bc7cca47\
9a6984b1-
00000000000015ad-
000561d5c48aab1f.journal
0 4 302 0
f6c40000-
f6d80000 /opt/var/log/journal/
999fcdd05c714da0859337c08df2230e/system.journal
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I9aa53189eae878464acba58b5fdd490f6b3ba7f8
INSUN PYO [Fri, 19 Jan 2018 01:55:39 +0000 (10:55 +0900)]
reboot: change log level of reboot command from warning to debug
To prevent the annoying warning messages below :
"Failed to read reboot parameter file: No such file or directory"
"SYSTEMD_LOG_LEVEL=debug reboot" command can see the original log.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I7bb619998bb2cce8959956f73f3dd62d48525c33
Dawid Kuczma [Tue, 5 Dec 2017 08:31:16 +0000 (09:31 +0100)]
Add well-known-names -> unique names on graph
Usage:
--well-known-names=true
Change-Id: Ife01bd8d1a2d6acc4a45c6595bcc52c15d523742
Dawid Kuczma [Mon, 6 Nov 2017 12:50:59 +0000 (13:50 +0100)]
Add tool for processing graph generated by busctl dot.
Usage:
1) gvpr -f graphinfo.gvpr input_file
2) gvpr -f graphinfo.gvpr input_file -a node -a NODE
3) gvpr -f graphinfo.gvpr input_file -a -node -a NODE
Change-Id: Ie4d05c715df17b61c8c7ad1f7724977c9c2f8bb8
Dawid Kuczma [Thu, 28 Sep 2017 13:08:20 +0000 (15:08 +0200)]
Generate graph from the traffic observable by busctl monitor.
Busctl dot is used to visualize IPC traffic.
It generate dot output whitch can be visualized e.g. by using graphviz.
Also adds filtering by sender/receiver pid.
Internally busctl dot works similar to busctl capture.
It reuses monitor() framework.
--pid=PID -only show messages where sender or receiver pid is equal to PID
--sender-pid=PID -only show messages where sender pid is equal to PID
--receiver-pid=PID -same as above, but filtering by receiver pid.
Signed-off-by: Dawid Kuczma <d.kuczma@partner.samsung.com>
Change-Id: Id9ce46f5085dde10010e89057f78d58b3088d3bc
Hyotaek Shim [Fri, 15 Dec 2017 06:56:43 +0000 (15:56 +0900)]
tizen: Change the permission of /dev/kmsg to "root:log 660 *"
Through this patch, /usr/bin/dlog_logger (log:log) can access /dev/kmsg
without root credentials.
Change-Id: Ie955499c4a0bf1581cd64244cb94acfa6279719d
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
[ Minor style change in commit log. ]
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
INSUN PYO [Wed, 27 Sep 2017 07:10:21 +0000 (16:10 +0900)]
units: [user@.service] Set Group as users
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iaf0d6f57e6a4a124ac0301e38527bddcbb7fe679
INSUN PYO [Wed, 27 Sep 2017 07:03:46 +0000 (16:03 +0900)]
smack: [systemd-journald.service] Set SmackProcessLabel as System.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I55a3857e1afbb6f9e583f8901a7bcaf75699fdc8
iplayinsun [Mon, 4 Sep 2017 03:12:27 +0000 (12:12 +0900)]
core: merge the second CapabilityBoundingSet= lines by AND when it is prefixed with tilde (#6724)
If a unit file contains multiple CapabilityBoundingSet= or
AmbientCapabilities= lines, e.g.,
===
CapabilityBoundingSet=CAP_A CAP_B
CapabilityBoundingSet=~CAP_B CAP_C
===
before this commit, it results all capabilities except CAP_C are set to
CapabilityBoundingSet=, as each lines are always merged by OR.
This commit makes lines prefixed with ~ are merged by AND. So, for the
above example only CAP_A is set.
This makes easier to drop capabilities with drop-in config files.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ia5c42cfde0f3937f696f858f384387610477c6ea
INSUN PYO [Thu, 31 Aug 2017 04:10:36 +0000 (13:10 +0900)]
packaging: Remove unused systemd-tmpfiles-clean.service, systemd-tmpfiles-clean.timer
systemd-tmpfiles-clean.service and systemd-tmpfiles-clean.timer are already disabled.
Removes the file that was left to identify the history.
Removes the user to remove the systemd-tmpfiles-clean.service manually.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ifb105bedc29d7ab660c303059c8e3378c59a6e31
INSUN PYO [Mon, 28 Aug 2017 07:20:20 +0000 (16:20 +0900)]
smack: Set SmackProcessLabel as System.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I9019b145d0195ab6d5a8983adb15a24ac31ddd43
Yunmi Ha [Fri, 18 Aug 2017 08:37:11 +0000 (17:37 +0900)]
Remove upgrade script file from package
Change-Id: If547cb04400e412c00559881e312f831c2d25688
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
INSUN PYO [Mon, 31 Jul 2017 07:46:46 +0000 (16:46 +0900)]
hostnamed : disable hostnamed
Requested by MCD.
The connman, efl, bluez using hostnamed have also agreed to disable.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iecb82b74305201696caa77d108efa216051181ce
Yunmi Ha [Wed, 26 Jul 2017 06:56:36 +0000 (15:56 +0900)]
Add "NOEXEC" mount flag for /run
Mount flags(nosuid, noexec, nodev) must be set for tmpfs that any app can access.
Change-Id: Ib60e8876abe2641a3dde6caab83a60afca017375
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
sanghyeok.oh [Thu, 29 Jun 2017 08:19:05 +0000 (17:19 +0900)]
remove caps cap_mac_override
Change-Id: I17f200cbabffd3176cd8d78571c24440f7f35497
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
sanghyeok.oh [Mon, 12 Jun 2017 02:34:22 +0000 (11:34 +0900)]
Security: resolved: bugfix of null pointer p->question dereferencing (#6020)
commit
a924f43f30f9c4acaf70618dd2a055f8b0f166be
Refs: v233-511-ga924f43
Author: Evgeny Vereshchagin <evvers@ya.ru>
AuthorDate: Wed May 24 08:56:48 2017 +0300
Commit: GitHub <noreply@github.com>
CommitDate: Wed May 24 08:56:48 2017 +0300
resolved: bugfix of null pointer p->question dereferencing (#6020)
See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
Change-Id: I49d03500576c24b4b382accf1dcde8e1d4a5060e
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
Hyotaek Shim [Fri, 9 Jun 2017 12:10:29 +0000 (21:10 +0900)]
Remove "Requires(post): gawk" in the spec.
This patch is needed for reducing storage usage in IoT/Headless devices.
Change-Id: Ie0a5833ef1cf114202d9d783eb63135b31a1f6d6
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Hyotaek Shim [Wed, 7 Jun 2017 04:37:29 +0000 (13:37 +0900)]
55-udev-smack-default.rules: add group rw permission to input nodes
Change-Id: I61c7a3bb1098406172e5ed289cc0510b02794ea5
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
INSUN PYO [Wed, 29 Mar 2017 16:25:40 +0000 (01:25 +0900)]
dbus: change session dbus address from /run/user/uid/dbus/user_bus_socket to /usr/user/uid/bus
Sync to upstream.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I40ac5b641e5e7484a19a3fe9d7844c3491e48846
Krzysztof Jackiewicz [Fri, 26 May 2017 08:06:57 +0000 (10:06 +0200)]
rules: watch metadata changes in mmcblk devices
Formatting sd-cards does not trigger "change" uevents. As a result clients
using udev API don't get any updates afterwards and get outdated information
about the device.
Include mmcblk* in a match for watch option assignment.
Origin: https://github.com/systemd/systemd/commit/
e74d0a9a5cdd8562aeaab1994ebd9c4cd07e82c3
Change-Id: Icdac9968d9cca85eb2c5e413433f7f8238182c90
Signed-off-by: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
INSUN PYO [Thu, 25 May 2017 05:50:55 +0000 (14:50 +0900)]
packaging: Disable systemd-tmpfiles-clean.timer
If you change the time in 15 minutes after booting,
some files in /tmp are removed by systemd-tmpfiles-clean.service.
Also, VD and MCD does't want tmpfile cleanup to be run.
I have modified the timer to not run automatically at boot time.
The timer and service are left unerased.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I5ce99c5a37488e5a89af6a49f32150cc7391a5ef
Krzysztof Opasiak [Thu, 18 May 2017 12:04:18 +0000 (14:04 +0200)]
Export sd_bus_message_append_ap. It is renamed to sd_bus_message_appendv to follow systemd naming conventions. (#5753)
Moreover, man page for sd_bus_message_append is updated with reference to new exposed function.
Makefile-man is updated too, to reflect new alias.
Change-Id: I7c02ce686a2699b35afd583fd4646f734adc9c7b
Origin: https://github.com/systemd/systemd/commit/
19fe49f62cc916f1237ea92a04fc80ee75285dde
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
sanghyeok.oh [Tue, 25 Apr 2017 03:22:06 +0000 (12:22 +0900)]
license:change test-runner's license from Apache 2.0 to BSD-2-clause
To avoid license conflict between LGPL-2.1 and Apache-2.0, change it.
Change-Id: I60125a53b19193fb300f516387d08243cfa94698
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
sanghyeok.oh [Fri, 14 Apr 2017 05:50:54 +0000 (14:50 +0900)]
License:add license file for Apache-2.0
Change-Id: I9c6d1128fdc89b099c68c5fc2c7fd46fa193f0bc
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
INSUN PYO [Tue, 11 Apr 2017 07:26:57 +0000 (16:26 +0900)]
tizen: Do not try to read /proc/1/cgroup from unprivileged processes
In Tizen access to /proc/1 is restricted via Smack. However, there are
unprivileged functions that need to work with information from this dir.
This function caches cgroup information in /run, allowing system-wide
access to this information.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I2a2977400c7917804599cfb6f225dab897dc8b14
INSUN PYO [Tue, 4 Apr 2017 15:29:09 +0000 (00:29 +0900)]
smack: remove duplicated code
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I248de63a01529eb490d5ca1585783f8c0679a640
INSUN PYO [Thu, 30 Mar 2017 06:18:35 +0000 (15:18 +0900)]
License: add license files for systemd-analyze package
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iea4a6b72d5c277e1bcf3a4604ec6c5b603d1d973
INSUN PYO [Mon, 27 Mar 2017 13:50:39 +0000 (22:50 +0900)]
License: add license files
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I39d99a2040f267c29529d331ff5de7591cbf1fa5
Paweł Szewczyk [Mon, 26 Sep 2016 16:45:47 +0000 (18:45 +0200)]
core: Fix USB functionfs activation and clarify its documentation (#4188)
There was no certainty about how the path in service file should look
like for usb functionfs activation. Because of this it was treated
differently in different places, which made this feature unusable.
This patch fixes the path to be the *mount directory* of functionfs, not
ep0 file path and clarifies in the documentation that ListenUSBFunction should be
the location of functionfs mount point, not ep0 file itself.
Change-Id: I320c34c0037f2bd6a6f6cf09a90eba632a54e9e9
Karol Lewandowski [Mon, 20 Mar 2017 16:35:25 +0000 (17:35 +0100)]
packaging: Make documentation package optional
By default documentation is disabled.
Change-Id: I33648ee019945d47d367e5db3abe84afa3400cc0
hk57.kim [Thu, 9 Mar 2017 08:14:32 +0000 (17:14 +0900)]
[4.0] Remove OBS Project Dependency (kdbus/TV)
- When you SR this, you need to create JIRA-TRE issue of:
: add systemd-extension-kdbus for TV/arm-wayland images.
- Without this commit, this package won't be built correctly in Tizen 4.0.
(It's add, not replace.)
Change-Id: Ic616a3b20450d4594857cc268e2dbf25e80dba37
Signed-off-by: hk57.kim <hk57.kim@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: hk57.kim <hk57.kim@samsung.com>
Signed-off-by: insun.pyo <insun.pyo@samsung.com>
Łukasz Stelmach [Mon, 6 Mar 2017 13:36:27 +0000 (14:36 +0100)]
spec: Enable systemd-tests package
This reverts commit
7137c6fe9d362f69d14581ac1bde124b77930f67.
Change-Id: I2679eb43d68d9d74075ed339c7b7f397c43bc340
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Karol Lewandowski [Fri, 2 Dec 2016 12:05:41 +0000 (13:05 +0100)]
Revert "busctl: use Monitoring interface (#3245)"
This reverts commit
17fd746098bb, which reworks busctl monitor to use D-Bus'
new BecomeMonitor call. This broke monitor on kdbus system so revert this
change for now.
Change-Id: I70626c03b375f692a184214a3d5055ec0a96b5c8
Lukasz Skalski [Mon, 21 Nov 2016 10:00:09 +0000 (11:00 +0100)]
systemd-tests: set common output format
Change-Id: Ia52ad37927bca67e36a932982523cfc75e80e640
silas jeon [Wed, 18 Jan 2017 05:42:13 +0000 (14:42 +0900)]
Remove etc tmpfile generation as they are unused
To support read-only root filesystem, there should be nothing modified on /etc.
Also these five files in /etc are handled by other packages as below. So these
are removed.
os-release : tizen-release
localtime : tzdata
mtab : setup
nsswitch.conf : glibc
pam.d : pam
Change-Id: I0dc490ddf6d299d956504405419e6c5d71e52a97
silas jeon [Tue, 17 Jan 2017 10:05:28 +0000 (19:05 +0900)]
Remove mtab generation line from tmpfile
To support read-only root filesystem, there should be nothing modified in root
filesystem. This line was made to make mtab symlink in /etc, so it should be
deleted. Also, it was not used anyway. 'Setup' package is handling the mtabfile
in /etc.
Change-Id: I2ff30ec94ca5833a2b95762cd2d7715bb7f93476
wchang kim [Fri, 6 Jan 2017 00:04:50 +0000 (09:04 +0900)]
tizen : Disable the predictable network interface name
Change-Id: Ic2f2d9b50bb5601d3ec7d5940284f89acab7d3f0
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Fri, 2 Dec 2016 07:52:22 +0000 (16:52 +0900)]
tizen: upgrade script patches
1) tizen : Adding the priority number to the filename of systemd_upgrade.sh
(https://review.tizen.org/gerrit/#/c/101825/)
2) tizen: exclude upgrade script directory
(https://review.tizen.org/gerrit/#/c/104341/)
Change-Id: I708a8505fcd08ed5789e69e716163cf9cd0dd0be
Hyeongsik Min [Wed, 30 Nov 2016 07:33:22 +0000 (16:33 +0900)]
journald: Limit system journal size to 10M
In v219, journald implicitly limits system journal(/var/log/journal) size
to 8MB(twice of the minimum journal file size) with SystemMaxUse=0 setting.
But in v231, journald doesn't stop allocating when max_use is 0.
Change-Id: I6b36320191fcc69d5b45cfec5b27a462d0ab8310
Signed-off-by: Hyeongsik Min <hyeongsik.min@samsung.com>
Rafal Krypa [Wed, 16 Nov 2016 09:47:49 +0000 (10:47 +0100)]
Revert "Add some groups for user session daemons"
Security-manager 1.1.16 has made this obsolete.
There is no longer a need for manually adding privilege-related supplementary
groups to user sessions. They will be added by a dedicated NSS plugin:
libnss-security-manager.
This reverts commit
78a648a0611caccdd87a38f99f65ba296608da69.
Change-Id: Ic421a2ee65550762356784b585d2fba8645fbd5c
wchang kim [Wed, 16 Nov 2016 01:26:37 +0000 (10:26 +0900)]
Description : Fixed to fail to systemd-hostnamed service
tizen platform links /opt/home to /home.
systemd-hostnamed.service has the parameter - ProtectHome=yes.
In this case, it occurs that systemd-hostnamed.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-hostnamed: Too many levels of symbolic links
I can't change the link. So I removed "ProtectHome=yes".
Change-Id: I640c2f6d410eb9aff7ba3d120a2ffb58b9990c95
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Tue, 15 Nov 2016 02:29:15 +0000 (11:29 +0900)]
Description : Adding to send new system signal for user session done.
When user-session is done, systemd will send new system signal for user-session done.
interface=org.freedesktop.systemd1.Manager,member=UserSessionStartupFinished
UserSessionStartupFinished(t user_id)
Change-Id: I2ee9a2f232c22428894217fc2a519ec9c017fb2c
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Thu, 10 Nov 2016 06:11:24 +0000 (15:11 +0900)]
Description : Added the compatiblie pkgconfig to v219 version.
systemd v231 removed the libraries of login, id128, journal and daemon and merged the
libsystemd.
And it removed thier pkgconfig files.
Other packages in tizen still use them.
So we need to add their pkgconfig files.
Change-Id: Ia120a0f2441cf9744ee192300a33d4b0d0cfb872
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Thu, 10 Nov 2016 02:49:47 +0000 (11:49 +0900)]
Description : Changed the spec file for systemd v231
Change-Id: I50cc42956efb6093286b8bacdc3af4789c8b8fa0
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Thu, 10 Nov 2016 02:48:19 +0000 (11:48 +0900)]
Descrciption : Fixed the mistakes of rebase v231.
Change-Id: I9d770908f4e65d286756483b2e6b5909623949d7
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 9 Nov 2016 23:14:15 +0000 (08:14 +0900)]
Description : Changed the spec file for systemd-231
Change-Id: I44eb84919bddf4d251e082b3a379aaae0b1ee9b5
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 9 Nov 2016 22:10:39 +0000 (07:10 +0900)]
Description : Fixing the mistakes of rebase.
Change-Id: I1309509e17ce5a8f80e962344c6fd79c33725ecc
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 9 Nov 2016 08:15:56 +0000 (17:15 +0900)]
Revert: "core: drop Capabilities= setting"
This reverts commit
479050b36302a360048c2af5e79683d14ad56fb3
Change-Id: I24367aea159b1decc732b3fbaf448a40e59f2634
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Mon, 31 Oct 2016 23:08:26 +0000 (08:08 +0900)]
Description : pid1: don't return any error in manager_dispatch_notify_fd()
If manager_dispatch_notify_fd() fails and returns an error then the handling of
service notifications will be disabled entirely leading to a compromised system.
For example pid1 won't be able to receive the WATCHDOG messages anymore and
will kill all services supposed to send such messages.
This patch is related to CVE-2016-7795 and CVE-2016-7796.
Back-ported fbuihuu's committed on 29 Sep, commit
f1e852245a30b60d5e6e0a487d049a04a40772fe
Change-Id: I27b6b78cff23c774f6fbcc59dacefcdcc45e7326
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Lukasz Skalski [Fri, 16 Sep 2016 15:30:35 +0000 (17:30 +0200)]
sd-bus: add support for 'dbus-integration-tests' framework
Change-Id: Ie5da780d4c90d943676c5d1872d32d76af50478b
Karol Lewandowski [Thu, 6 Oct 2016 09:40:08 +0000 (11:40 +0200)]
Fix for Kdbus-disabled Profiles to avoid busname parsing
Change-Id: Id45193adf624d60fc3bfbda09c4f6c357ff90e2a
wchang kim [Thu, 29 Sep 2016 22:17:55 +0000 (07:17 +0900)]
Description : Added the local PATH to a shell script.
Adding the local PATH into 50-systemd-user.sh
Change-Id: Ic466577a5db001d99a41410c950220cb49f3d55e
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 28 Sep 2016 09:05:28 +0000 (18:05 +0900)]
Description : Fixed the security hole.
In case of "systemctl --user enable <path>", a application can insert
the malicious user service.
So systemctl can only enable the service with service name.
Change-Id: I570f45985516ee3636720f36787080590e6f90ef
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Mon, 12 Sep 2016 06:51:15 +0000 (15:51 +0900)]
Description : Added the upgrade script from 2.4 to 3.0
systemd_upgrade.sh is installed to /usr/share/upgrade/scripts.
It changes the smack rule for /var/log/wtmp and /var/lib/systemd.
Change-Id: Iebffca3238bcedd195ec2e91afdf5e46a882ec42
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
projects / platform / upstream / systemd.git / log