platform/upstream/systemd.git
5 years agonetwork: drop unnecessary strdup()
Yu Watanabe [Fri, 8 Mar 2019 05:42:42 +0000 (14:42 +0900)]
network: drop unnecessary strdup()

5 years agocore/unit: use condition_test_list()
Yu Watanabe [Fri, 8 Mar 2019 05:23:03 +0000 (14:23 +0900)]
core/unit: use condition_test_list()

5 years agocondition: introduce condition_test_list()
Yu Watanabe [Fri, 8 Mar 2019 05:22:31 +0000 (14:22 +0900)]
condition: introduce condition_test_list()

5 years agolog: expose log_object_internalv()
Yu Watanabe [Fri, 8 Mar 2019 05:21:15 +0000 (14:21 +0900)]
log: expose log_object_internalv()

5 years agoMerge pull request #12059 from poettering/nspawn-typos
Zbigniew Jędrzejewski-Szmek [Thu, 21 Mar 2019 14:14:11 +0000 (15:14 +0100)]
Merge pull request #12059 from poettering/nspawn-typos

some typo and other fixes result of the OCI nspawn merge

5 years agoMerge pull request #12058 from keszybz/oci-simplifications
Lennart Poettering [Thu, 21 Mar 2019 12:55:09 +0000 (13:55 +0100)]
Merge pull request #12058 from keszybz/oci-simplifications

Follow-ups for nspawn-oci review

5 years agonspawn: add a few missing flags from --help text
Lennart Poettering [Thu, 21 Mar 2019 12:31:09 +0000 (13:31 +0100)]
nspawn: add a few missing flags from --help text

5 years agoman: adjust nspawn man page to follow same section/order as --help text
Lennart Poettering [Thu, 21 Mar 2019 12:27:48 +0000 (13:27 +0100)]
man: adjust nspawn man page to follow same section/order as --help text

No other changes, just some reshuffling and adding of section headers
(well, admittedly, I changed some "see above" and "see below" in the
text to match the new order.)

5 years agonspawn: reorder --help text, and add section
Lennart Poettering [Thu, 21 Mar 2019 12:27:19 +0000 (13:27 +0100)]
nspawn: reorder --help text, and add section

The list is so long, let's add a bit of structure and order things a
bit.

5 years agomount: when we fail to establish an inaccessible mount gracefully, undo the mount
Lennart Poettering [Thu, 21 Mar 2019 11:41:02 +0000 (12:41 +0100)]
mount: when we fail to establish an inaccessible mount gracefully, undo the mount

5 years agocapability: add a test that fails if we ever enter > 64bit capability territory
Lennart Poettering [Thu, 21 Mar 2019 11:38:18 +0000 (12:38 +0100)]
capability: add a test that fails if we ever enter > 64bit capability territory

5 years agocapability: also cap CAP_LAST_CAP at 63
Lennart Poettering [Thu, 21 Mar 2019 11:37:30 +0000 (12:37 +0100)]
capability: also cap CAP_LAST_CAP at 63

5 years agocapability: typo fix
Lennart Poettering [Thu, 21 Mar 2019 11:31:36 +0000 (12:31 +0100)]
capability: typo fix

5 years agocapability: use UINT64_C() where appropriate
Lennart Poettering [Thu, 21 Mar 2019 11:31:29 +0000 (12:31 +0100)]
capability: use UINT64_C() where appropriate

5 years agocapability: minimize scope of a few variables
Lennart Poettering [Thu, 21 Mar 2019 11:31:14 +0000 (12:31 +0100)]
capability: minimize scope of a few variables

5 years agocapability: minor coding style updates
Lennart Poettering [Thu, 21 Mar 2019 11:30:49 +0000 (12:30 +0100)]
capability: minor coding style updates

5 years agocapability: add missing ')'
Lennart Poettering [Thu, 21 Mar 2019 11:29:18 +0000 (12:29 +0100)]
capability: add missing ')'

As pointed out by @polarina

https://github.com/systemd/systemd/commit/d0b6a10c005ab1fff44d032be995e3f2bcfba225#commitcomment-32857641

5 years agoutil-lib: get rid of a helper variable
Zbigniew Jędrzejewski-Szmek [Thu, 21 Mar 2019 10:08:09 +0000 (11:08 +0100)]
util-lib: get rid of a helper variable

5 years agonspawn-oci: add helper function for free_and_strdup with oom check
Zbigniew Jędrzejewski-Szmek [Thu, 21 Mar 2019 09:54:24 +0000 (10:54 +0100)]
nspawn-oci: add helper function for free_and_strdup with oom check

5 years agoMerge pull request #9762 from poettering/nspawn-oci
Zbigniew Jędrzejewski-Szmek [Thu, 21 Mar 2019 10:01:53 +0000 (11:01 +0100)]
Merge pull request #9762 from poettering/nspawn-oci

OCI runtime support for nspawn

5 years agonspawn-oci: use SYNTHETIC_ERRNO
Zbigniew Jędrzejewski-Szmek [Thu, 21 Mar 2019 09:50:59 +0000 (10:50 +0100)]
nspawn-oci: use SYNTHETIC_ERRNO

5 years agoMerge pull request #12049 from keszybz/assorted-fixups
Lennart Poettering [Wed, 20 Mar 2019 17:27:34 +0000 (18:27 +0100)]
Merge pull request #12049 from keszybz/assorted-fixups

Assorted fixups

5 years agoshared/install: Preserve escape characters for escaped unit names
David Michael [Wed, 20 Mar 2019 15:14:32 +0000 (15:14 +0000)]
shared/install: Preserve escape characters for escaped unit names

Since switching to extract_first_word with no flags for parsing
unit names in 4c9565eea534cd233a913c8c21f7920dba229743, escape
characters will be stripped from escaped unit names such as
"mnt-persistent\x2dvolume.mount" resulting in the unit not being
configured as defined.  Preserve escape characters again for
compatibility with existing preset definitions.

5 years agotest-fileio: avoid warning about ineffective comparison
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 12:43:35 +0000 (13:43 +0100)]
test-fileio: avoid warning about ineffective comparison

On arm64 with gcc-8.2.1-5.fc29.aarch64:
../src/test/test-fileio.c:645:29: warning: comparison is always false due to limited range of data type [-Wtype-limits]
                 assert_se(c == EOF || safe_fgetc(f, &c) == 1);
                             ^~

Casting c to int is not enough, gcc is able to figure out that the original
type was unsigned and still warns. So let's just silence the warning like
in test-sizeof.c.

5 years agosd-bus: reduce scope of variable
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 12:34:35 +0000 (13:34 +0100)]
sd-bus: reduce scope of variable

5 years agosd-bus: avoid IN_SET() invocation with two identical values
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 12:28:29 +0000 (13:28 +0100)]
sd-bus: avoid IN_SET() invocation with two identical values

Fixes #12036.

../../../src/systemd/src/libsystemd/sd-bus/bus-objects.c: In function ‘add_object_vtable_internal’:
../../../src/systemd/src/basic/macro.h:423:19: error: duplicate case value

5 years agotest-alloc-util: add a smoke test for greedy_realloc
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 10:30:34 +0000 (11:30 +0100)]
test-alloc-util: add a smoke test for greedy_realloc

5 years agoTODO: add some bootctl items
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 10:28:35 +0000 (11:28 +0100)]
TODO: add some bootctl items

5 years agoMerge pull request #12033 from fbuihuu/watched-process-improvments
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 12:03:06 +0000 (13:03 +0100)]
Merge pull request #12033 from fbuihuu/watched-process-improvments

Watched process improvments

5 years agoMerge pull request #12047 from poettering/cryptsetup-fixlets
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 12:02:34 +0000 (13:02 +0100)]
Merge pull request #12047 from poettering/cryptsetup-fixlets

some small cryptsetup, ask-password and allocation fixlets

5 years agojournal-file: handle SIGBUS on offlining thread
Chris Morin [Wed, 20 Mar 2019 08:34:23 +0000 (01:34 -0700)]
journal-file: handle SIGBUS on offlining thread

The thread launched in journal_file_set_offline() accesses a memory
mapped file, so it needs to handle SIGBUS. Leave SIGBUS unblocked on the
offlining thread so that it uses the same handler as the main thread.

The result of triggering SIGBUS in a thread where it's blocked is
undefined in Linux. The tested implementations were observed to cause
the default handler to run, taking down the whole journald process.

We can leave SIGBUS unblocked in multiple threads since it's handler is
thread-safe. If SIGBUS is sent to the journald process asynchronously
(i.e. with kill, sigqueue, or raise), either thread handling it will
result in the same behavior: it will install the default handler and
reraise the signal, killing the process.

Fixes: #12042

5 years agoMerge pull request #12024 from poettering/bindtoifindex
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 10:16:51 +0000 (11:16 +0100)]
Merge pull request #12024 from poettering/bindtoifindex

use SO_BINDTOIFINDEX where appropriate

5 years agoscope: tiny cleanup: UNIT(s) -> u
Franck Bui [Wed, 20 Mar 2019 07:06:09 +0000 (08:06 +0100)]
scope: tiny cleanup: UNIT(s) -> u

No functional changes.

5 years agocore: only watch processes when it's really necessary
Franck Bui [Tue, 19 Mar 2019 09:59:26 +0000 (10:59 +0100)]
core: only watch processes when it's really necessary

If we know that main pid is our child then it's unnecessary to watch all
other processes of a unit since in this case we will get SIGCHLD when the main
process will exit and will act upon accordingly.

So let's watch all processes only if the main process is not our child since in
this case we need to detect when the cgroup will become empty in order to
figure out when the service becomes dead. This is only needed by cgroupv1.

5 years agocore: reduce the number of stalled PIDs from the watched processes list when possible
Franck Bui [Mon, 18 Mar 2019 19:59:36 +0000 (20:59 +0100)]
core: reduce the number of stalled PIDs from the watched processes list when possible

Some PIDs can remain in the watched list even though their processes have
exited since a long time. It can easily happen if the main process of a forking
service manages to spawn a child before the control process exits for example.

However when a pid is about to be mapped to a unit by calling unit_watch_pid(),
the caller usually knows if the pid should belong to this unit exclusively: if
we just forked() off a child, then we can be sure that its PID is otherwise
unused. In this case we take this opportunity to remove any stalled PIDs from
the watched process list.

If we learnt about a PID in any other form (for example via PID file, via
searching, MAINPID= and so on), then we can't assume anything.

5 years agoprocess-util: introduce pid_is_my_child() helper
Franck Bui [Mon, 18 Mar 2019 10:48:34 +0000 (11:48 +0100)]
process-util: introduce pid_is_my_child() helper

No functional changes.

5 years agoask-password: add extra paranoid overflow check
Lennart Poettering [Wed, 20 Mar 2019 09:33:45 +0000 (10:33 +0100)]
ask-password: add extra paranoid overflow check

5 years agoalloc-util: typo fix
Lennart Poettering [Wed, 20 Mar 2019 09:33:23 +0000 (10:33 +0100)]
alloc-util: typo fix

5 years agoalloc-util: use malloc_usable_size() to determine allocated size
Lennart Poettering [Wed, 20 Mar 2019 09:31:38 +0000 (10:31 +0100)]
alloc-util: use malloc_usable_size() to determine allocated size

It's a glibc-specific API, but supported on FreeBSD and musl too at
least, hence fairly common. This way we can reduce our calls to
realloc() as much as possible.

5 years agoalloc-util: add extra overflow checks to GREEDY_REALLOC()
Lennart Poettering [Wed, 20 Mar 2019 09:31:13 +0000 (10:31 +0100)]
alloc-util: add extra overflow checks to GREEDY_REALLOC()

5 years agoalloc-util: extra paranoid overflow check
Lennart Poettering [Wed, 20 Mar 2019 09:30:31 +0000 (10:30 +0100)]
alloc-util: extra paranoid overflow check

5 years agoask-password: erase character read with _cleanup_
Lennart Poettering [Wed, 20 Mar 2019 09:29:20 +0000 (10:29 +0100)]
ask-password: erase character read with _cleanup_

This is much nicer, since it means we erase the character regardless how
we exit the scope.

5 years agocryptsetup: small refactoring
Lennart Poettering [Tue, 19 Mar 2019 20:42:21 +0000 (21:42 +0100)]
cryptsetup: small refactoring

5 years agoMerge pull request #12034 from poettering/stdio-bridge-fixes
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 09:46:32 +0000 (10:46 +0100)]
Merge pull request #12034 from poettering/stdio-bridge-fixes

small stdio-bridge and errno-util.h improvements and fixes

5 years agoMerge pull request #12005 from poettering/exec-dir-fixup
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2019 08:48:45 +0000 (09:48 +0100)]
Merge pull request #12005 from poettering/exec-dir-fixup

Some fixes to exec directory management

5 years agoexecute: generalize uid/gid handling in two cases for any kind of uid/gid
Lennart Poettering [Thu, 14 Mar 2019 16:24:47 +0000 (17:24 +0100)]
execute: generalize uid/gid handling in two cases for any kind of uid/gid

5 years agocore: change ownership/mode of the execution directories also for static users
Lennart Poettering [Thu, 14 Mar 2019 16:19:30 +0000 (17:19 +0100)]
core: change ownership/mode of the execution directories also for static users

It's probably unexpected if we do a recursive chown() when dynamic users
are used but not on static users.

hence, let's tweak the logic slightly, and recursively chown in both
cases, except when operating on the configuration directory.

Fixes: #11842

5 years agoexecute: remove one redundant comparison check
Lennart Poettering [Thu, 14 Mar 2019 16:01:46 +0000 (17:01 +0100)]
execute: remove one redundant comparison check

5 years agoexecute: also do the private/ symlink dance when runtime dir preservation is requested
Lennart Poettering [Thu, 14 Mar 2019 16:00:35 +0000 (17:00 +0100)]
execute: also do the private/ symlink dance when runtime dir preservation is requested

In that case it's not safe to leave a regular dir around, hence, move it
to private/ too.

5 years agoexecute: use path_join() where appropriate
Lennart Poettering [Thu, 14 Mar 2019 15:56:45 +0000 (16:56 +0100)]
execute: use path_join() where appropriate

5 years agofs-util: change chmod_and_chown() to not complain if stat data already matches
Lennart Poettering [Thu, 14 Mar 2019 15:47:03 +0000 (16:47 +0100)]
fs-util: change chmod_and_chown() to not complain if stat data already matches

Let's reduce the chance of failure: if we can't apply the chmod/chown
requested, check if it's applied anyway, and if so, supress the error.

This is even race-free since we operate on an O_PATH fd anyway.

5 years agotree-wide: use ERRNO_IS_DISCONNECT() at more places
Lennart Poettering [Tue, 19 Mar 2019 14:39:34 +0000 (15:39 +0100)]
tree-wide: use ERRNO_IS_DISCONNECT() at more places

5 years agoutil: add one more disconnect errno code
Lennart Poettering [Tue, 19 Mar 2019 14:39:07 +0000 (15:39 +0100)]
util: add one more disconnect errno code

5 years agostdio-bridge: slightly optimize formatting of structure
Lennart Poettering [Tue, 19 Mar 2019 12:04:21 +0000 (13:04 +0100)]
stdio-bridge: slightly optimize formatting of structure

5 years agostdio-bridge: use SYNTHETIC_ERRNO() where appropriate
Lennart Poettering [Tue, 19 Mar 2019 12:04:05 +0000 (13:04 +0100)]
stdio-bridge: use SYNTHETIC_ERRNO() where appropriate

5 years agostdio-bridge: tweak getopt() case statement a bit
Lennart Poettering [Tue, 19 Mar 2019 12:03:49 +0000 (13:03 +0100)]
stdio-bridge: tweak getopt() case statement a bit

5 years agostdio-bridge: fix getopt() parameter list to match reality
Lennart Poettering [Tue, 19 Mar 2019 12:03:18 +0000 (13:03 +0100)]
stdio-bridge: fix getopt() parameter list to match reality

5 years agostdio-bridge: use ERRNO_IS_DISCONNECT() to detect disconnects
Lennart Poettering [Tue, 19 Mar 2019 12:02:21 +0000 (13:02 +0100)]
stdio-bridge: use ERRNO_IS_DISCONNECT() to detect disconnects

Let's use the macro we already have to make this safer. Moreover log
about all other errors.

5 years agoutil: move ERRNO_IS_xyz macros to errno-util.h
Lennart Poettering [Tue, 19 Mar 2019 12:00:29 +0000 (13:00 +0100)]
util: move ERRNO_IS_xyz macros to errno-util.h

It's where they fit much better.

5 years agofd-util: beef up ERRNO_IS_xyz() macros a bit
Lennart Poettering [Tue, 19 Mar 2019 11:56:25 +0000 (12:56 +0100)]
fd-util: beef up ERRNO_IS_xyz() macros a bit

Let's implicit drop the negation if there is one, to simplify things a
bit, similar how we do it in log_xyz()...

5 years agoMerge pull request #12028 from poettering/start-limit-hit
Zbigniew Jędrzejewski-Szmek [Tue, 19 Mar 2019 12:40:55 +0000 (13:40 +0100)]
Merge pull request #12028 from poettering/start-limit-hit

core: some start limit checking improvements + refactoring

5 years agoRevert "Revert "units: lock down logind with fs namespacing options""
Zbigniew Jędrzejewski-Szmek [Tue, 18 Dec 2018 14:05:48 +0000 (15:05 +0100)]
Revert "Revert "units: lock down logind with fs namespacing options""

This reverts commit 28f38a76345b7548700d2337dd8b9a8c3f5b0643.

The revert was done because Ubuntu CI was completely broken with it. Let's see
if it fares better now.

5 years agounits: turn off keyring handling for user@.service
Lennart Poettering [Wed, 13 Mar 2019 17:47:28 +0000 (18:47 +0100)]
units: turn off keyring handling for user@.service

This service uses PAM anyway, hence let pam_keyring set things up for
us. Moreover, this way we ensure that the invocation ID is not set for
this service as key, and thus can't confuse the user service's
invocation ID.

Fixes: #11649

5 years agojournalctl: support `-b all` to negate effect of -b
dana [Thu, 7 Mar 2019 01:20:06 +0000 (19:20 -0600)]
journalctl: support `-b all` to negate effect of -b

Also fix an issue where -b without argument didn't always behave as -b0

5 years agosystemd-cgls: typo error in help command
Hugo Kindel [Tue, 19 Mar 2019 09:14:51 +0000 (10:14 +0100)]
systemd-cgls: typo error in help command

Correct a small typo error happening on two lines of the help command:
"specifified" instead of "specified".

5 years agoChange Razer Abyssus DPI in 70-mouse.hwdb (#12029)
Claudius Ellsel [Tue, 19 Mar 2019 00:30:22 +0000 (01:30 +0100)]
Change Razer Abyssus DPI in 70-mouse.hwdb (#12029)

As discussed in https://gitlab.freedesktop.org/libinput/libinput/issues/198#note_100642 the DPI for the Razer Abyssus mouse is not 3500 by default, but around 1600-1700 when measured with the mouse-dpi-tool.

So I have done some measurements now and always got a value of about 21000 device units on a distance of 12.5 inch. This would result in a calculated resolution of about 1680 DPI. Since such an odd number does not occur in the hwdb file I decided to round to 1600 DPI.

5 years agohwdb: fix trailing newline issue
Lennart Poettering [Mon, 18 Mar 2019 15:06:14 +0000 (16:06 +0100)]
hwdb: fix trailing newline issue

5 years agocore: split error list in comment for unit_start() in two
Lennart Poettering [Mon, 18 Mar 2019 12:28:59 +0000 (13:28 +0100)]
core: split error list in comment for unit_start() in two

5 years agocore: change emergency_action() to return void
Lennart Poettering [Mon, 18 Mar 2019 12:20:54 +0000 (13:20 +0100)]
core: change emergency_action() to return void

The function so far always returned -ECANCELLED, which is ignored in all
cases the function is invoked, except one: in unit_test_start_limit()
where -ECANCELLED is returned when the start limit is hit, which is part
of unit_start()'s protocol of return values.

Since the emergency_action() logic should be relatively generic and is
used in many places, let's drop the return value from it, since it's
constant anyway, and in alll cases useless. Instead, let's return it in
unit_test_start_limit(), where it's part of the protocol.

No change in behaviour.

5 years agocore: check start limit on condition checks too
Lennart Poettering [Mon, 18 Mar 2019 12:14:19 +0000 (13:14 +0100)]
core: check start limit on condition checks too

Let's add a safety precaution: if the start condition checks for a unit
are tested too often and fail each time, let's rate limit this too.

This should add extra safety in case people define .path, .timer or
.automount units that trigger a service that as a conditoin that always
fails.

5 years agocore: modernize unit_start() a bit
Lennart Poettering [Mon, 18 Mar 2019 11:36:03 +0000 (12:36 +0100)]
core: modernize unit_start() a bit

No change in behaviour, just a re-line-breaking of the various comments
to our current coding style, and some use of SYNTHETIC_ERRNO().

5 years agocore: unify code for checking whether unit to trigger is loaded
Lennart Poettering [Mon, 18 Mar 2019 11:29:08 +0000 (12:29 +0100)]
core: unify code for checking whether unit to trigger is loaded

5 years agocore: rename unit_{start_limit|condition|assert}_test() to unit_test_xyz()
Lennart Poettering [Mon, 18 Mar 2019 11:21:27 +0000 (12:21 +0100)]
core: rename unit_{start_limit|condition|assert}_test() to unit_test_xyz()

Just some renaming, no change in behaviour.

Background: I'd like to add more functions unit_test_xyz() that test
various things, hence let's streamline the naming a bit.

5 years agocore: add comment explaining ECOMM return value of unit_start()
Lennart Poettering [Mon, 18 Mar 2019 11:16:01 +0000 (12:16 +0100)]
core: add comment explaining ECOMM return value of unit_start()

we explain all other return values, explain these ones too.

5 years agobus: fix memleak on invalid message
Zbigniew Jędrzejewski-Szmek [Sat, 16 Mar 2019 22:39:26 +0000 (23:39 +0100)]
bus: fix memleak on invalid message

Introduced in 6d586a13717ae057aa1b4127400c3de61cd5b9e7.
Reported by Felix Riemann in https://bugzilla.redhat.com/show_bug.cgi?id=1685286.

Reproducer:
for i in `seq 1 100`; do gdbus call --session -d org.freedesktop.systemd1 -m org.freedesktop.systemd1.Manager.StartUnit -o "/$(for x in `seq 0 28000`; do echo -n $x; done)" & done

5 years agotree-wide: fix false search hits with ppp (typos)
Topi Miettinen [Mon, 18 Mar 2019 12:49:53 +0000 (14:49 +0200)]
tree-wide: fix false search hits with ppp (typos)

5 years agotree-wide: port various users over to socket_bind_to_ifindex()
Lennart Poettering [Mon, 18 Mar 2019 11:01:02 +0000 (12:01 +0100)]
tree-wide: port various users over to socket_bind_to_ifindex()

5 years agosocket-util: add wrappers for binding socket to ifindex/ifname
Lennart Poettering [Mon, 18 Mar 2019 10:58:11 +0000 (11:58 +0100)]
socket-util: add wrappers for binding socket to ifindex/ifname

socket_bind_to_ifindex() uses the the SO_BINDTOIFINDEX sockopt of kernel
5.0, with a fallback to SO_BINDTODEVICE on older kernels.

socket_bind_to_ifname() is a trivial wrapper around SO_BINDTODEVICE, the
only benefit of using it instead of SO_BINDTODEVICE directly is that it
determines the size of the interface name properly so that it also works
for unbinding. Moreover, it's an attempt to unify our invocations of the
sockopt with a size of strlen(ifname) rather than strlen(ifname)+1...

5 years agoUpdate 60-sensor.hwdb for Acer Acer One 10 S1002
AndreyYashkin [Sun, 17 Mar 2019 18:54:16 +0000 (01:54 +0700)]
Update 60-sensor.hwdb for Acer Acer One 10 S1002

Tested on GNOME iio-sensor-proxy. With this config touchscreen auto-rotation works fine.

5 years agofuzz-calendarspec: actually run the second part of the fuzzer
Zbigniew Jędrzejewski-Szmek [Sat, 16 Mar 2019 09:57:12 +0000 (10:57 +0100)]
fuzz-calendarspec: actually run the second part of the fuzzer

https://github.com/systemd/systemd/pull/11975#issuecomment-473467475

5 years agoMerge pull request #11975 from keszybz/fuzzer-fixes-n
Lennart Poettering [Fri, 15 Mar 2019 16:34:37 +0000 (17:34 +0100)]
Merge pull request #11975 from keszybz/fuzzer-fixes-n

Fixes for a few fuzzer issues

5 years agoMerge pull request #12016 from yuwata/fix-two-memleaks-found-by-oss-fuzz
Lennart Poettering [Fri, 15 Mar 2019 16:33:48 +0000 (17:33 +0100)]
Merge pull request #12016 from yuwata/fix-two-memleaks-found-by-oss-fuzz

Fix two memleaks found by oss fuzz

5 years agoMerge pull request #12015 from keszybz/fix-tests-in-rawhide
Lennart Poettering [Fri, 15 Mar 2019 16:33:20 +0000 (17:33 +0100)]
Merge pull request #12015 from keszybz/fix-tests-in-rawhide

Fix compilation and tests in Fedora rawhide

5 years agoman: clarify that /run/media/system/ is where mounts are placed by default
Lennart Poettering [Thu, 14 Mar 2019 10:22:47 +0000 (11:22 +0100)]
man: clarify that /run/media/system/ is where mounts are placed by default

Prompted by the discussions on: https://github.com/systemd/systemd/issues/11982#issuecomment-472781806

5 years agonetwork: clear previous assignment
Yu Watanabe [Fri, 15 Mar 2019 15:11:22 +0000 (00:11 +0900)]
network: clear previous assignment

Prompted by oss-fuzz#13719.

5 years agofuzz: add testcase for oss-fuzz#13691
Yu Watanabe [Fri, 15 Mar 2019 14:54:30 +0000 (23:54 +0900)]
fuzz: add testcase for oss-fuzz#13691

5 years agonspawn: fix memleak
Yu Watanabe [Fri, 15 Mar 2019 14:53:02 +0000 (23:53 +0900)]
nspawn: fix memleak

Fixes oss-fuzz#13691.

5 years agofuzz: add a testcase for oss-fuzz#13719
Yu Watanabe [Fri, 15 Mar 2019 14:47:41 +0000 (23:47 +0900)]
fuzz: add a testcase for oss-fuzz#13719

5 years agoHandle or voidify all calls to close_all_fds()
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2019 14:35:49 +0000 (15:35 +0100)]
Handle or voidify all calls to close_all_fds()

In activate, it is important that we close the fds. In other cases, meh.

5 years agotest-execute: block /sys not /proc
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2019 14:27:32 +0000 (15:27 +0100)]
test-execute: block /sys not /proc

As explained in the previous commit, blocking /proc can cause us
to go into a long loop or fail the test.

5 years agobasic/fd-util: refuse "infinite" loop in close_all_fds()
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2019 14:13:25 +0000 (15:13 +0100)]
basic/fd-util: refuse "infinite" loop in close_all_fds()

I had a test machine with ulimit -n set to 1073741816 through pam
("session required pam_limits.so set_all", which copies the limits from PID 1,
left over from testing of #10921).

test-execute would "hang" and then fail with a timeout when running
exec-inaccessiblepaths-proc.service. It turns out that the problem was in
close_all_fds(), which would go to the fallback path of doing close()
1073741813 times. Let's just fail if we hit this case. This only matters
for cases where both /proc is inaccessible, and the *soft* limit has been
raised.

  (gdb) bt
  #0  0x00007f7e2e73fdc8 in close () from target:/lib64/libc.so.6
  #1  0x00007f7e2e42cdfd in close_nointr ()
     from target:/home/zbyszek/src/systemd-work3/build-rawhide/src/shared/libsystemd-shared-241.so
  #2  0x00007f7e2e42d525 in close_all_fds ()
     from target:/home/zbyszek/src/systemd-work3/build-rawhide/src/shared/libsystemd-shared-241.so
  #3  0x0000000000426e53 in exec_child ()
  #4  0x0000000000429578 in exec_spawn ()
  #5  0x00000000004ce1ab in service_spawn ()
  #6  0x00000000004cff77 in service_enter_start ()
  #7  0x00000000004d028f in service_enter_start_pre ()
  #8  0x00000000004d16f2 in service_start ()
  #9  0x00000000004568f4 in unit_start ()
  #10 0x0000000000416987 in test ()
  #11 0x0000000000417632 in test_exec_inaccessiblepaths ()
  #12 0x0000000000419362 in run_tests ()
  #13 0x0000000000419632 in main ()

5 years agotest-execute: allow filtering test cases by pattern
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2019 12:42:55 +0000 (13:42 +0100)]
test-execute: allow filtering test cases by pattern

When debugging failure in one of the cases, it's annoying to have to wade
through the output from all the other cases. Let's allow picking select
cases.

5 years agoseccomp: allow shmat to be a separate syscall on architectures which use a multiplexer
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2019 11:46:56 +0000 (12:46 +0100)]
seccomp: allow shmat to be a separate syscall on architectures which use a multiplexer

After
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0d6040d46817,
those syscalls have their separate numbers and we can block them.
But glibc might still use the old ones. So let's just do a best-effort
block and not assume anything about how effective it is.

5 years agonetwork: clear previous assignment
Yu Watanabe [Fri, 15 Mar 2019 14:44:47 +0000 (23:44 +0900)]
network: clear previous assignment

Fixes oss-fuzz#13719.

5 years agonspawn: mask out CAP_NET_ADMIN again if settings file turns off private networking
Lennart Poettering [Fri, 15 Mar 2019 14:31:44 +0000 (15:31 +0100)]
nspawn: mask out CAP_NET_ADMIN again if settings file turns off private networking

Fixes: #11755

5 years agoman: document the various new options nspawn learnt
Lennart Poettering [Tue, 31 Jul 2018 11:18:55 +0000 (13:18 +0200)]
man: document the various new options nspawn learnt

5 years agonspawn: use right constant for shifting for uint64_t caps
Lennart Poettering [Fri, 8 Mar 2019 11:10:16 +0000 (12:10 +0100)]
nspawn: use right constant for shifting for uint64_t caps

5 years agonspawn: add support for executing OCI runtime bundles with nspawn
Lennart Poettering [Wed, 25 Apr 2018 09:23:37 +0000 (11:23 +0200)]
nspawn: add support for executing OCI runtime bundles with nspawn

This is a pretty large patch, and adds support for OCI runtime bundles
to nspawn. A new switch --oci-bundle= is added that takes a path to an
OCI bundle. The JSON file included therein is read similar to a .nspawn
settings files, however with a different feature set.

Implementation-wise this mostly extends the pre-existing Settings object
to carry additional properties for OCI. However, OCI supports some
concepts .nspawn files did not support yet, which this patch also adds:

1. Support for "masking" files and directories. This functionatly is now
   also available via the new --inaccesible= cmdline command, and
   Inaccessible= in .nspawn files.

2. Support for mounting arbitrary file systems. (not exposed through
   nspawn cmdline nor .nspawn files, because probably not a good idea)

3. Ability to configure the console settings for a container. This
   functionality is now also available on the nspawn cmdline in the new
   --console= switch (not added to .nspawn for now, as it is something
   specific to the invocation really, not a property of the container)

4. Console width/height configuration. Not exposed through
   .nspawn/cmdline, but this may be controlled through $COLUMNS and
   $LINES like in most other UNIX tools.

5. UID/GID configuration by raw numbers. (not exposed in .nspawn and on
   the cmdline, since containers likely have different user tables, and
   the existing --user= switch appears to be the better option)

6. OCI hook commands (no exposed in .nspawn/cmdline, as very specific to
   OCI)

7. Creation of additional devices nodes in /dev. Most likely not a good
   idea, hence not exposed in .nspawn/cmdline. There's already --bind=
   to achieve the same, which is the better alternative.

8. Explicit syscall filters. This is not a good idea, due to the skewed
   arch support, hence not exposed through .nspawn/cmdline.

9. Configuration of some sysctls on a whitelist. Questionnable, not
   supported in .nspawn/cmdline for now.

10. Configuration of all 5 types of capabilities. Not a useful concept,
    since the kernel will reduce the caps on execve() anyway. Not
    exposed through .nspawn/cmdline as this is not very useful hence.

Note that this only implements the OCI runtime logic itself. It does not
provide a runc-compatible command line tool. This is left for a later
PR. Only with that in place tools such as "buildah" can use the OCI
support in nspawn as drop-in replacement.

Currently still missing is OCI hook support, but it's already parsed and
everything, and should be easy to add. Other than that it's OCI is
implemented pretty comprehensively.

There's a list of incompatibilities in the nspawn-oci.c file. In a later
PR I'd like to convert this into proper markdown and add it to the
documentation directory.

5 years agonspawn: (void)ify more stuff
Lennart Poettering [Tue, 5 Mar 2019 17:58:56 +0000 (18:58 +0100)]
nspawn: (void)ify more stuff

5 years agonspawn: refactor setuid code a bit
Lennart Poettering [Wed, 6 Mar 2019 10:54:54 +0000 (11:54 +0100)]
nspawn: refactor setuid code a bit

Let's separate out the raw uid_t/gid_t handling from the username
handling. This is useful later on.

Also, let's use the right gid_t type for group types wherever
appropriate.