Lennart Poettering [Fri, 15 Nov 2019 10:11:10 +0000 (11:11 +0100)]
polkit-agent: don't use an inline function
This is long enough to just be a regular function, and is never called
in inner loops, let's hence just make this a plain function.
Torsten Hilbrich [Tue, 12 Nov 2019 07:36:06 +0000 (08:36 +0100)]
nspawn: Allow Capability= to overrule private network setting
The commit:
a3fc6b55ac nspawn: mask out CAP_NET_ADMIN again if settings file turns off private networking
turned off the CAP_NET_ADMIN capability whenever no private networking
feature was enabled. This broke configurations where the CAP_NET_ADMIN
capability was explicitly requested in the configuration.
Changing the order of evalution here to allow the Capability= setting
to overrule this implicit setting:
Order of evaluation:
1. if no private network setting is enabled, CAP_NET_ADMIN is removed
2. if a private network setting is enabled, CAP_NET_ADMIN is added
3. the settings of Capability= are added
4. the settings of DropCapability= are removed
This allows the fix for #11755 to be retained and to still allow the
admin to specify CAP_NET_ADMIN as additional capability.
Fixes:
a3fc6b55acd3f37e50915304d87bed100efa9d9d
Fixes: #13995
Zbigniew Jędrzejewski-Szmek [Thu, 14 Nov 2019 13:28:05 +0000 (14:28 +0100)]
core: do not propagate polkit error to caller
If we fail to start polkit, we get a message like
"org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer.",
which has no meaning for the caller of our StartUnit method. Let's just
return -EACCES.
$ systemctl start apache
Failed to start apache.service: Could not activate remote peer. (before)
Failed to start apache.service: Access denied (after)
Fixes #13865.
Lennart Poettering [Thu, 14 Nov 2019 16:51:30 +0000 (17:51 +0100)]
seccomp: more comprehensive protection against libseccomp's __NR_xyz namespace invasion
A follow-up for
59b657296a2fe104f112b91bbf9301724067cc81, adding the
same conditioning for all cases of our __NR_xyz use.
Fixes: #14031
Tommy J [Fri, 15 Nov 2019 01:25:17 +0000 (02:25 +0100)]
PrefixDelegationHint-section: typo
Zbigniew Jędrzejewski-Szmek [Thu, 14 Nov 2019 09:08:40 +0000 (10:08 +0100)]
Merge pull request #14003 from keszybz/user-path-configurable
meson: make user $PATH configurable
Lennart Poettering [Wed, 13 Nov 2019 19:07:31 +0000 (20:07 +0100)]
ask-password: don't hit assert() when we query pw which the user C-d and caching is enabled
Dimitri John Ledkov [Wed, 13 Nov 2019 01:20:44 +0000 (17:20 -0800)]
boot: Add ARM64 support to the EFI stub
Zbigniew Jędrzejewski-Szmek [Thu, 14 Nov 2019 09:02:20 +0000 (10:02 +0100)]
Merge pull request #14013 from keszybz/cryptsetup-keyfile-with-colons
Support cryptsetup keyfiles with colons agains
Dimitri John Ledkov [Wed, 13 Nov 2019 01:08:57 +0000 (17:08 -0800)]
boot: Load LoadOptions cmdline, if none is available.
Fixes #13694
Filipe Brandenburger [Wed, 13 Nov 2019 18:46:08 +0000 (10:46 -0800)]
test: Disable LUKS devices from initramfs in QEMU tests
We currently use the host's kernel and initramfs in our QEMU tests.
If the host is running on an encrypted LUKS partition, then the initramfs
will have a crypttab setup looking for the particular root disk it needs to
encrypt before booting into the system.
However, this disk obviously doesn't exist in our QEMU VM, so it turns out
our tests end up waiting for this device to become available, which will
never actually happen, and boot hangs for 90s until that service times out.
[*** ] A start job is running for /dev/disk/by-uuid/
01234567-abcd-1234-abcd-
0123456789ab (20s / 1min 30s)
In order to prevent this issue, let's pass "rd.luks=0" to disable LUKS in
the initramfs only as part of our default kernel command-line in our QEMU
tests.
This is enough to disable this behavior and prevent the timeout, while at
the same time doesn't conflict with our tests that actually check for LUKS
behavior in the systemd running under test (such as TEST-02-CRYPTSETUP).
Tested: `sudo make -C TEST-02-CRYPTSETUP/ clean setup run`
Riccardo Schirone [Wed, 13 Nov 2019 16:37:15 +0000 (17:37 +0100)]
Be more specific in resolved.conf man page with regard to DNSOverTLS
DNSOverTLS in strict mode (value yes) does check the server, as it is said in
the first few lines of the option documentation. The check is not performed in
"opportunistic" mode, however, as that is allowed by RFC 7858, section "4.1.
Opportunistic Privacy Profile".
> With such a discovered DNS server, the client might or might not validate the
> resolver. These choices maximize availability and performance, but they leave
> the client vulnerable to on-path attacks that remove privacy.
Zbigniew Jędrzejewski-Szmek [Wed, 13 Nov 2019 21:22:58 +0000 (22:22 +0100)]
meson: avoid ternary op in .format()
meson 0.49 can't parse that for some reason. I'm keeping this separate so it
can be reverted easily when we bump required meson version.
Zbigniew Jędrzejewski-Szmek [Tue, 12 Nov 2019 14:38:19 +0000 (15:38 +0100)]
meson: make user $PATH configurable
This partially reverts
db11487d1062655f17db54c4d710653f16c87313 (the logic to
calculate the correct value is removed, we always use the same setting as for
the system manager). Distributions have an easy mechanism to override this if
they wish.
I think making this configurable is better, because different distros clearly
want different defaults here, and making this configurable is nice and clean.
If we don't make it configurable, distros which either have to carry patches,
or what would be worse, rely on some other configuration mechanism, like
/etc/profile. Those other solutions do not apply everywhere (they usually
require the shell to be used at some point), so it is better if we provide
a nice way to override the default.
Fixes #13469.
HATAYAMA Daisuke [Wed, 13 Nov 2019 11:30:58 +0000 (06:30 -0500)]
verify: fix segmentation fault
systemd-analyze verify command now results in segmentation fault if two
consecutive non-existent unit file names are given:
# ./build/systemd-analyze a.service b.service
...<snip irrelevant part>...
Unit a.service not found.
Unit b.service not found.
Segmentation fault (core dumped)
The cause of this is a wrong handling of return value of
manager_load_startable_unit_or_warn() in verify_units() in failure case.
It looks that the current logic wants to assign the first error status
throughout verify_units() into variable r and count up variable count only when
a given unit file exists.
However, due to the wrong handling of the return value of
manager_load_startable_unit_or_warn() in verify_units(), the variable count is
unexpectedly incremented even when there is no such unit file because the
variable r already contains non-zero value in the 2nd failure, set by the 1st
failure, and then the condition k < 0 && r == 0 evaluates to false.
This commit fixes the wrong handling of return value of
manager_load_startable_unit_or_warn() in verify_units().
Zbigniew Jędrzejewski-Szmek [Wed, 13 Nov 2019 20:55:30 +0000 (21:55 +0100)]
man: mention $RUNTIME_DIRECTORY & friends in environment list
Zbigniew Jędrzejewski-Szmek [Wed, 13 Nov 2019 16:36:46 +0000 (17:36 +0100)]
Allow overriding /etc/fstab with $SYSTEMD_FSTAB
Zbigniew Jędrzejewski-Szmek [Wed, 13 Nov 2019 09:32:30 +0000 (10:32 +0100)]
cryptsetup-generator: guess whether the keyfile argument is two items or one
Fixes #13615.
See the inline comment for documentation.
Zbigniew Jędrzejewski-Szmek [Wed, 13 Nov 2019 11:06:58 +0000 (12:06 +0100)]
cryptsetup-generator: allow overriding /run/systemd/cryptsetup with $RUNTIME_DIRECTORY
I added a fairly vague entry to docs/ENVIRONMENT because I think it is worth
mentioning there (in case someone is looking for any environment variable that
might be relevant).
Lennart Poettering [Wed, 13 Nov 2019 19:20:10 +0000 (20:20 +0100)]
Merge pull request #14017 from poettering/analyze-calendar-tweaks
Add --base-time= for systemd-analyze calendar
Zbigniew Jędrzejewski-Szmek [Wed, 13 Nov 2019 09:31:44 +0000 (10:31 +0100)]
cryptsetup-generator: allow overriding crypttab path with $SYSTEMD_CRYPTAB
Lennart Poettering [Wed, 13 Nov 2019 15:38:41 +0000 (16:38 +0100)]
Merge pull request #14010 from poettering/localtime-symlink
tweaks to /etc/localtime management
Lennart Poettering [Wed, 13 Nov 2019 15:36:39 +0000 (16:36 +0100)]
Merge pull request #13994 from keszybz/bpf-refactor
Refactor the bpf devices code and fix some bugs
Lennart Poettering [Wed, 13 Nov 2019 15:36:11 +0000 (16:36 +0100)]
Merge pull request #13868 from keszybz/run-exit-code
run: propagate return code/status from the child
Lennart Poettering [Wed, 13 Nov 2019 11:56:08 +0000 (12:56 +0100)]
analyze: drop spurious newline
Lennart Poettering [Wed, 13 Nov 2019 11:55:59 +0000 (12:55 +0100)]
update TODO
Lennart Poettering [Wed, 13 Nov 2019 11:55:52 +0000 (12:55 +0100)]
man: document --base-time= for systemd-analyze
Lennart Poettering [Wed, 13 Nov 2019 11:55:39 +0000 (12:55 +0100)]
analyze: add --base-time= to specify base time for 'calendar' verb
Lennart Poettering [Tue, 12 Nov 2019 16:52:35 +0000 (17:52 +0100)]
tree-wide: fix how we set $TZ
According to tzset(3) we need to prefix timezone names with ":". Let's
do so hence, to avoid any ambiguities and follow documented behaviour.
Zbigniew Jędrzejewski-Szmek [Tue, 12 Nov 2019 20:10:48 +0000 (21:10 +0100)]
nspawn: do not emit any warning when $UNIFIED_CGROUP_HIERARCHY is used
Initially I thought this is a good idea, but when reviewing a different PR
(https://github.com/systemd/systemd/pull/13862#discussion_r340604313) I changed
my mind about this. At some point we probably should start warning about the
old option name, and yet later remove it. But it'll make it easier for people
to transition to the new option name if there's a period of support for both
names without any fuss. There's nothing particularly wrong about the old name,
and there is no support cost.
Fixes #13919 (by avoiding the issue completely).
Lennart Poettering [Wed, 13 Nov 2019 09:42:58 +0000 (09:42 +0000)]
update TODO
Lennart Poettering [Wed, 13 Nov 2019 09:39:09 +0000 (10:39 +0100)]
timedated: it might be that tzinfo files are just not installed
Lennart Poettering [Wed, 13 Nov 2019 09:32:44 +0000 (10:32 +0100)]
timedated: handle UTC specially, when generating /etc/localtime
Lennart Poettering [Wed, 13 Nov 2019 09:32:26 +0000 (10:32 +0100)]
time-util: treat /etc/localtime missing as UTC
Zbigniew Jędrzejewski-Szmek [Wed, 13 Nov 2019 07:56:49 +0000 (08:56 +0100)]
Merge pull request #13961 from mwilck/udev-no-exit-timeout
udevd: wait for workers to finish when exiting
Anita Zhang [Tue, 12 Nov 2019 18:59:55 +0000 (10:59 -0800)]
Merge pull request #14001 from keszybz/test-unit-name-more
Test unit name more
Zbigniew Jędrzejewski-Szmek [Tue, 12 Nov 2019 18:05:24 +0000 (19:05 +0100)]
Merge pull request #13984 from yuwata/udev-fix-13976
udev: fix issue #13976
Zbigniew Jędrzejewski-Szmek [Tue, 12 Nov 2019 18:03:50 +0000 (19:03 +0100)]
Merge pull request #13989 from keszybz/meson-warning
Adjust compiler option management to avoid warnings from meson
Martin Wilck [Tue, 12 Nov 2019 15:43:42 +0000 (16:43 +0100)]
udevd: fix crash when workers time out after exit is signal caught
If udevd receives an exit signal, it releases its reference on the udev
monitor in manager_exit(). If at this time a worker is hanging, and if
the event timeout for this worker expires before udevd exits, udevd
crashes in on_sigchld()->udev_monitor_send_device(), because the monitor
has already been freed.
Fix this by releasing the main process's monitor ref later, in
manager_free().
Lennart Poettering [Tue, 12 Nov 2019 14:30:01 +0000 (15:30 +0100)]
meson: order list of dependencies of libshared alphabetically
Let's make merging patches against this more stable.
Lennart Poettering [Tue, 12 Nov 2019 14:18:37 +0000 (15:18 +0100)]
update TODO
Franck Bui [Fri, 18 Oct 2019 10:44:51 +0000 (12:44 +0200)]
logind: fix (again) the race that might happen when logind restores VT
This patch is a new attempt to fix the race originally described in issue #9754.
The initial fix (commit
ad96887a1205bad9656d280c5681f482e6d04838) consisted in
spawning a sub process that became the controlling process of the VT and hence
kicked the old controlling process off to make sure that the VT wouldn't have
entered in HUP state while logind restored the VT.
But it introduced a regression (see issue #11269) and thus was reverted. But
unlike it was described in the revert commit message, commit
adb8688b3ff445d9c48ed0d72208c7844c2acc01 alone doen't fix the initial race.
This patch fixes the race in a simpler way by trying to restore the VT a second
time after making sure to re-open it if the first attempt fails.
Indeed if the old controlling process dies before or during the first attempt,
logind will fail to restore the VT. At this point the VT is in HUP state but
we're sure that it won't enter in a HUP state a second time. Therefore we will
retry by re-opening the VT to clear the HUP state and by restoring the VT a
second time, which should be safe this time.
Fixes: #9754
Fixes: #13241
Martin Wilck [Wed, 6 Nov 2019 11:24:41 +0000 (12:24 +0100)]
udevd: wait for workers to finish when exiting
On some systems with lots of devices, device probing for certain drivers can
take a very long time. If systemd-udevd detects a timeout and kills the worker
running modprobe using SIGKILL, some devices will not be probed, or end up in
unusable state. The --event-timeout option can be used to modify the maximum
time spent in an uevent handler. But if systemd-udevd exits, it uses a
different timeout, hard-coded to 30s, and exits when this timeout expires,
causing all workers to be KILLed by systemd afterwards. In practice, this may
lead to workers being killed after significantly less time than specified with
the event-timeout. This is particularly significant during initrd processing:
systemd-udevd will be stopped by systemd when initrd-switch-root.target is
about to be isolated, which usually happens quickly after finding and mounting
the root FS.
If systemd-udevd is started by PID 1 (i.e. basically always), systemd will
kill both udevd and the workers after expiry of TimeoutStopSec. This is
actually better than the built-in udevd timeout, because it's more transparent
and configurable for users. This way users can avoid the mentioned boot problem
by simply increasing StopTimeoutSec= in systemd-udevd.service.
If udevd is not started by systemd (standalone), this is still an
improvement. udevd will kill hanging workers when the event timeout is
reached, which is configurable via the udev.event_timeout= kernel
command line parameter. Before this patch, udevd would simply exit with
workers still running, which would then become zombie processes.
With the timeout removed, the sd_event_now() assertion in manager_exit() can be
dropped.
Zbigniew Jędrzejewski-Szmek [Tue, 12 Nov 2019 10:49:40 +0000 (11:49 +0100)]
test-unit-name: check that unexpanded specifiers not valid unit name make
Zbigniew Jędrzejewski-Szmek [Tue, 12 Nov 2019 10:47:20 +0000 (11:47 +0100)]
test-unit-name: add usual headers and add more verbose output
This makes it easier to see what unit_name_is_valid() returns at a glance.
The output is not whitespace clean, but I think it's good enough for a test.
Zbigniew Jędrzejewski-Szmek [Tue, 12 Nov 2019 09:28:59 +0000 (10:28 +0100)]
Merge pull request #13862 from zachsmith/systemd-tmpfiles-deprecate-for-force
systemd-tmpfiles: deprecate F for f+
Yu Watanabe [Sun, 10 Nov 2019 05:42:55 +0000 (14:42 +0900)]
udev: do not append newline when write attributes
Before
25de7aa7b90c23d33ea50ada1e50c5834a414237, the content is written
by `fprintf()` without new line. So WRITE_STRING_FILE_AVOID_NEWLINE flag
is necessary.
Fixes #13985.
Zbigniew Jędrzejewski-Szmek [Sun, 10 Nov 2019 11:16:41 +0000 (12:16 +0100)]
meson: apply our -Wno-* options also in c++ calls
We compile some c++ code for tests. We would simply use the default options for
those. When the previous commit raised the default warning level, we started
getting warnings from c++ code. Let's add the most important options to the c++
command, so that we get a compilation without any warnings again.
I don't think it makes sense to add *all* the options that we add for c to the
c++ flags, because testing them takes quite a while, and the c++ compilations
are for small amounts of code, mostly to check that the headers have compatible
syntax.
Zbigniew Jędrzejewski-Szmek [Sun, 10 Nov 2019 10:39:15 +0000 (11:39 +0100)]
meson: use warning_level=2 by default
Let's bump up the warning level, and not add by -Wextra by hand. This is the
approach recommended by meson. The idea is that all projects should be as
similar as possible to make it easier for users to switch between projects.
Zbigniew Jędrzejewski-Szmek [Thu, 7 Nov 2019 10:32:26 +0000 (11:32 +0100)]
meson: avoid bogus meson warning
With meson-0.52.0-1.module_f31+6771+
f5d842eb.noarch I get:
src/test/meson.build:19: WARNING: Overriding previous value of environment variable 'PATH' with a new one
When we're using *prepend*, the whole point is to modify an existing variable,
so meson shouldn't warn. But let's set avoid the warning and shorten things by
setting the final value immediately.
Yu Watanabe [Tue, 12 Nov 2019 05:58:25 +0000 (14:58 +0900)]
udev: ignore error caused by device disconnection
During an add or change event, the device may be disconnected.
Fixes #13976.
Yu Watanabe [Tue, 12 Nov 2019 05:58:19 +0000 (14:58 +0900)]
udev: fix error code in the log message
Yu Watanabe [Tue, 12 Nov 2019 05:57:48 +0000 (14:57 +0900)]
udev: ignore ENOENT when chmod_and_chown() device node
Anita Zhang [Tue, 12 Nov 2019 01:56:56 +0000 (17:56 -0800)]
Merge pull request #13997 from khfeng/hwdb-dell-vostro5581-ish
hwdb: Mark Intel Sensor Hub's accel sensor on Vostro 5581 as being in…
Anita Zhang [Tue, 12 Nov 2019 01:47:43 +0000 (17:47 -0800)]
Merge pull request #13996 from poettering/utc-fix
accept UTC timezone explicitly, even if timezone data is missing
Zbigniew Jędrzejewski-Szmek [Mon, 11 Nov 2019 20:04:25 +0000 (21:04 +0100)]
test-bpf-devices: skip test on !unified
The code in cgroup.c has support for all hierarchies, but the test,
as written, will only work on unified. Since the test is really about
bpf code, and not the legacy devices controller, let's just skip
the test.
Kai-Heng Feng [Mon, 11 Nov 2019 16:30:46 +0000 (00:30 +0800)]
hwdb: Mark Intel Sensor Hub's accel sensor on Vostro 5581 as being in the base
This laptop uses the accelerometer as a freefall sensor, so mark it as
in base to prevent screen rotation.
Lennart Poettering [Mon, 11 Nov 2019 15:56:31 +0000 (16:56 +0100)]
time-util: uniquify timezone list, in case UTC is listed in timezone1970.tab, too
Lennart Poettering [Mon, 11 Nov 2019 15:53:52 +0000 (16:53 +0100)]
time-util: always accept UTC as valid timezone
We already handle it specially in get_timezones(), hence we should OK it
here too, even if the timezone file doesn't actually exist.
Prompted by:
https://serverfault.com/questions/991172/invalid-time-zone-utc
(Yes, Ubuntu should install the UTC timezone data unconditionally: it
should not be an option, even if all other timezone data is excluded,
but since it's our business to validate user input but not out business
to validate distros, let's just accept "UTC" unconditionally, it's magic
after all)
Zbigniew Jędrzejewski-Szmek [Sun, 10 Nov 2019 22:08:21 +0000 (23:08 +0100)]
bpf: make sure the kernel do not submit an invalid program if no pattern matched
It turns out that the kernel verifier would reject a program we would build
if there was a whitelist, but no entries in the whitelist matched.
The program would approximately like this:
0: (61) r2 = *(u32 *)(r1 +0)
1: (54) w2 &= 65535
2: (61) r3 = *(u32 *)(r1 +0)
3: (74) w3 >>= 16
4: (61) r4 = *(u32 *)(r1 +4)
5: (61) r5 = *(u32 *)(r1 +8)
48: (b7) r0 = 0
49: (05) goto pc+1
50: (b7) r0 = 1
51: (95) exit
and insn 50 is unreachable, which is illegal. We would then either keep a
previous version of the program or allow everything. Make sure we build a
valid program that simply rejects everything.
Zbigniew Jędrzejewski-Szmek [Sun, 10 Nov 2019 12:19:51 +0000 (13:19 +0100)]
bpf: optimize device type access away most of the time
Most of the time, we specify the allowed access mode as "rwm", so the check
always trivially passes. In that case, skip the check.
The repeating part changes from:
5: (55) if r2 != 0x2 goto pc+6
6: (bc) w1 = w3
7: (54) w1 &= 7
8: (5d) if r1 != r3 goto pc+3
9: (55) if r4 != 0x1 goto pc+2
10: (55) if r5 != 0x3 goto pc+1
11: (05) goto pc+8
to
6: (55) if r2 != 0x2 goto pc+3
7: (55) if r4 != 0x1 goto pc+2
8: (55) if r5 != 0x3 goto pc+1
9: (05) goto pc+40
Zbigniew Jędrzejewski-Szmek [Sat, 9 Nov 2019 11:32:44 +0000 (12:32 +0100)]
bpf: convert 'c'/'b' to bpf_type at the very end
This makes the code a bit longer, but easier to read I think, because
the cgroup v1 and v2 code paths are more similar. And whent he type is
a char, any backtrace is easier to interpret.
Zbigniew Jędrzejewski-Szmek [Sat, 9 Nov 2019 10:50:25 +0000 (11:50 +0100)]
test-bpf-devices: new test for the devices bpf code
Zbigniew Jędrzejewski-Szmek [Sun, 10 Nov 2019 12:32:36 +0000 (13:32 +0100)]
bpf: fix off-by-one in class whitelisting
We would jump one insn too many, landing in the middle of the subsequent block.
Zbigniew Jędrzejewski-Szmek [Sun, 10 Nov 2019 12:13:31 +0000 (13:13 +0100)]
bpf: fix device type filter
On big endian arches, we were taking the wrong half-word, so the check
was giving bogus results.
https://bugzilla.redhat.com/show_bug.cgi?id=1769148.
Zbigniew Jędrzejewski-Szmek [Sat, 9 Nov 2019 11:34:30 +0000 (12:34 +0100)]
bpf: add trace logging
Very helpful when trying to figure out what exactly is going on.
Zbigniew Jędrzejewski-Szmek [Sat, 9 Nov 2019 10:13:02 +0000 (11:13 +0100)]
test-bpf-firewall: fix message
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 19:33:10 +0000 (20:33 +0100)]
bpf: make bpf_devices_apply_policy() independent of any unit code
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 15:57:25 +0000 (16:57 +0100)]
tests: modify enter_cgroup_subroot() to return the new path
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 15:55:28 +0000 (16:55 +0100)]
tests: get rid of test-helper.[ch] completely
I don't think there's any particular reason to keep those functions in a separate
file.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 15:40:11 +0000 (16:40 +0100)]
tests: make is_run_on_travis_ci() static
This is a pretty specific hack, so let's just define it close to the one
place where it is used.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 15:37:15 +0000 (16:37 +0100)]
tests: make manager_skip_test() not a macro and move to tests.h
There is nothing magic in it.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 15:19:43 +0000 (16:19 +0100)]
core: split out one more function
Hans de Goede [Wed, 6 Nov 2019 09:22:21 +0000 (10:22 +0100)]
hwdb: Add accel orientation quirk for Wortmann Terra Pad 1061
Add a quirk to fix the accelerometer orientation on the Wortmann
Terra Pad 1061 tablet.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 15:09:28 +0000 (16:09 +0100)]
core: also split out helper to handle static device nodes
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 14:51:28 +0000 (15:51 +0100)]
core: move bpf devices implementation to bpf-devices.[ch] and rename
The naming of the functions was a complete mess: the most specific functions
which don't know anything about cgroups had "cgroup_" prefix, while more
general functions which took a node path and a cgroup for reporting had no
prefix. Let's use "bpf_devices_" for the latter group, and "bpf_prog_*" for the
rest.
The main goal of this move is to split the implementation from the calling code
and add unit tests in a later patch.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 14:12:23 +0000 (15:12 +0100)]
core: rename CGROUP_AUTO/STRICT/CLOSED to CGROUP_DEVICE_POLICY_…
The old names were very generic, and when used without context it wasn't at all
clear that they are about the devices policy.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 13:58:28 +0000 (14:58 +0100)]
tests: move memlock helper to shared code
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 11:03:23 +0000 (12:03 +0100)]
test-bpf-firewall: do not mlock() a large amount of memory
64MB is not that much, but let's not be greedy, esp. because we may run
many things in parallel.
Also, rlim_cur should never be higher than rlim_max, so let's simplify our
code.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 10:58:55 +0000 (11:58 +0100)]
test-bpf: rename to test-bpf-firewall
Let's make the name better reflect its scope.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 10:24:17 +0000 (11:24 +0100)]
bpf: return normally from whitelist_major()
All callers do (void) anyway, so we can just use normal return here.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 10:17:08 +0000 (11:17 +0100)]
bpf: do not bother adding device patterns after whitelisting the full class
This seems to have been unintentional.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 10:13:20 +0000 (11:13 +0100)]
bpf: refactor how we create device major:minor whitelists
No functional change intended except for minor adjustments to error messages.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 07:55:54 +0000 (08:55 +0100)]
core: constify bpf program arrays
In cases where the programs were modified after being initially declared,
reorder operations so that the declaration is already in final form.
Vito Caputo [Sun, 10 Nov 2019 07:00:19 +0000 (23:00 -0800)]
journal-file: delete some unnecessary braces
Trivial change, just something I noticed skimming the code.
Yu Watanabe [Sat, 9 Nov 2019 14:27:34 +0000 (23:27 +0900)]
Merge pull request #13975 from keszybz/more-seccomp-syscalls
Add more syscalls to the seccomp lists
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 09:25:31 +0000 (10:25 +0100)]
shared/sleep-config: fix potential SEGV
We were looking at the wrong variable, and would always crash if this
comparison was reached. Fixes #13965.
Also, fix crash (_cleanup_ called on uninitialized variable) if we failed in
error path.
While at it, let's shorten some messages.
Zach Smith [Fri, 1 Nov 2019 05:10:10 +0000 (22:10 -0700)]
systemd-tmpfiles: cleanup man page program listing
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 11:56:56 +0000 (12:56 +0100)]
Add @pkey syscall group
Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1769299.
This change doesn't solve the issue, but makes it easier to whitelist the
syscall group.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 13:00:10 +0000 (14:00 +0100)]
seccomp: add all *time64 syscalls
From https://bugzilla.redhat.com/show_bug.cgi?id=1770154:
> utime is an obsolete system call. The current kernel interface is
> utimensat_time64. New 32-bit architectures do not even provide the utime
> system call.
Also add all other *time64 syscalls listed in
https://fedora.juszkiewicz.com.pl/syscalls.html.
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 13:19:40 +0000 (14:19 +0100)]
Merge pull request #13554 from keur/systemctl_status_timer
systemctl: Add timer activation to status
Michal Suchanek [Mon, 4 Nov 2019 20:23:15 +0000 (21:23 +0100)]
libblkid: open device in nonblock mode.
When autoclose is set (kernel default but many distributions reverse the
setting) opening a CD-rom device causes the tray to close.
The function of blkid is to report the current state of the device and
not to change it. Hence it should use O_NONBLOCK when opening the
device to avoid closing a CD-rom tray.
blkid is used liberally in scripts so it can potentially interfere with
the user operating the CD-rom hardware.
[kzak@redhat.com: add O_NONBLOCK also to:
- wipefs
- blkid_new_probe_from_filename()
- blkid_evaluate_tag()]
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
(cherry picked from commit
39f5af25982d8b0244000e92a9d0e0e6557d0e17)
Zbigniew Jędrzejewski-Szmek [Fri, 8 Nov 2019 09:18:46 +0000 (10:18 +0100)]
Merge pull request #13962 from keszybz/man-ordering
Describe ordering in case of Conflicts=
Zbigniew Jędrzejewski-Szmek [Wed, 6 Nov 2019 12:42:13 +0000 (13:42 +0100)]
man: describe ordering in case of Conflicts=
Fixes #13421.
Alcaro [Thu, 7 Nov 2019 13:19:18 +0000 (14:19 +0100)]
doc: Fix missing parenthesis
Anita Zhang [Thu, 7 Nov 2019 06:25:43 +0000 (22:25 -0800)]
include missing_fcntl.h where needed
f5947a5e925117c55b390460d592f57504277bf9 dropped missing.h and
replaced with the more specific headers but did not add
missing_fcntl.h in places that use O_TMPFILE. This is needed for
some older versions of glibc.
Zbigniew Jędrzejewski-Szmek [Thu, 7 Nov 2019 07:36:26 +0000 (08:36 +0100)]
Merge pull request #13904 from keur/job_mode_triggering
Job mode triggering
Anita Zhang [Tue, 5 Nov 2019 02:29:55 +0000 (18:29 -0800)]
core: change top-level drop-in from -.service.d to service.d
Discussed in #13743, the -.service semantic conflicts with the
existing root mount and slice names, making this feature not
uniformly extensible to all types. Change the name to be
<type>.d instead.
Updating to this format also extends the top-level dropin to
unit types.
Zbigniew Jędrzejewski-Szmek [Wed, 6 Nov 2019 12:26:29 +0000 (13:26 +0100)]
man: put description of Wants= above Requires=
We want users to use Wants, but we'd describe Requires first and ask users to
look for Wants instead. While at it, let's split the wall of text into sensible
paragraphs: syntax first, followed by semantics and longer description, and
finally hints and comparison to other configuration items last.
Anita Zhang [Wed, 6 Nov 2019 19:44:09 +0000 (11:44 -0800)]
Merge pull request #13960 from keszybz/meson-loop-fix
meson: remove strange dep that causes meson to enter infinite loop