Alan Jenkins [Wed, 28 Feb 2018 15:07:30 +0000 (15:07 +0000)]
core: timer_enter_waiting(): refactor `base` local variable
We have two variables `b` and `base`. `b` is declared within limited
scope; `base` is declared at the top of the function. However `base`
is actually only used within a scope which is exclusive of `b`. Clarify
by moving `base` inside the limited scope as well.
(Also `base` doesn't need initializing any more than `b` does. The
declaration of `base` is now immediately followed by a case analysis of
`v->base`, which serves almost exclusively to determine the value of
`base`).
Lennart Poettering [Wed, 28 Feb 2018 09:37:01 +0000 (10:37 +0100)]
Merge pull request #8283 from poettering/nspawn-user-fix
some trivial nspawn related fixes
Franck Bui [Wed, 28 Feb 2018 09:36:06 +0000 (10:36 +0100)]
rules: skip btrfs check if devices are not ready in 64-btrfs.rules (#8304)
If any devices are marked with 'SYSTEMD_READY=0' then we shouldn't run any
btrfs check on them.
Indeed there's no point in running "btrfs ready" on devices that already have
SYSTEMD_READY=0 set. Most probably such devices are members of a higher layer
aggregate device such as dm-multipath or software RAID. Doing IO on them wastes
time at best, and may cause delays, timeouts, or even hangs at worst (think
active-passive multipath or degraded RAID, for example).
It was initially reported at:
https://bugzilla.opensuse.org/show_bug.cgi?id=872929
Javier Martinez Canillas [Wed, 28 Feb 2018 09:25:19 +0000 (10:25 +0100)]
kernel-install: Don't install BLS kernel images if dest dir doesn't exist (#8306)
The script shouldn't rely on a previous script exiting with a status code
that prevents it to be executed. Instead, should check if the destination
directory for the BLS kernel image exists and exit otherwise.
Zbigniew Jędrzejewski-Szmek [Wed, 28 Feb 2018 09:20:48 +0000 (10:20 +0100)]
meson: install compat symlinks for systemctl and systemd (#8300)
v2:
- init is a symlink to systemd, not systemctl!
Lennart Poettering [Mon, 26 Feb 2018 19:51:04 +0000 (20:51 +0100)]
nspawn: close pipe on error
Lennart Poettering [Mon, 26 Feb 2018 19:50:57 +0000 (20:50 +0100)]
process-util: don't install atfork() handler more than once
Lennart Poettering [Mon, 26 Feb 2018 14:42:45 +0000 (15:42 +0100)]
coccinelle: slightly improve run-coccinelle.sh
Let's include the command line to use to get the requested output. This
makes it easy to copy/paste the command line out, and add "--in-place"
to actually apply the changes "run-coccinelle.sh" outputs.
Lennart Poettering [Mon, 26 Feb 2018 14:41:38 +0000 (15:41 +0100)]
util: add new safe_close_above_stdio() wrapper
At various places we only want to close fds if they are not
stdin/stdout/stderr, i.e. fds 0, 1, 2. Let's add a unified helper call
for that, and port everything over.
Lennart Poettering [Mon, 26 Feb 2018 14:30:19 +0000 (15:30 +0100)]
nspawn: propagate original error. No need to make up -EIO
Lennart Poettering [Mon, 26 Feb 2018 14:30:05 +0000 (15:30 +0100)]
nspawn: use STR_IN_SET() where we can
Lennart Poettering [Mon, 26 Feb 2018 14:29:30 +0000 (15:29 +0100)]
nspawn: port some code to use read_line()
This shortens our code a bit. Which is always nice.
Zbigniew Jędrzejewski-Szmek [Wed, 28 Feb 2018 08:10:16 +0000 (09:10 +0100)]
Merge pull request #8294 from fsateler/debian-patches
Upstreaming some debian patches
Yu Watanabe [Wed, 28 Feb 2018 01:55:59 +0000 (10:55 +0900)]
Merge pull request #8280 from poettering/seccomp-flags
seccomp flags rework + minor other build system/repo changes
Filipe Brandenburger [Wed, 28 Feb 2018 00:11:38 +0000 (16:11 -0800)]
rule-syntax-check: fix handling of runaway strings in comma splitting (#8298)
A runaway string should still be returned by the code that splits on
commas, so add a '?' to the regex so that the last '"?' in a string
still produces a valid block for the split code.
Tested:
ACTION=="remove\"GOTO=""
Which then produced:
$ test/rule-syntax-check.py src/login/70-uaccess.rules
# looking at src/login/70-uaccess.rules
Invalid line src/login/70-uaccess.rules:10: ACTION=="remove\"GOTO=""
clause: ACTION=="remove\"GOTO=""
Ansgar Burchardt [Thu, 24 Jul 2014 17:38:07 +0000 (19:38 +0200)]
Include additional directories in ProtectSystem
Michael Biebl [Thu, 18 Jul 2013 13:33:51 +0000 (15:33 +0200)]
Add note to udev.conf that changes to that file require a rebuild of the initramfs
Based on debian/patches/udev_conf_comments from the old udev package.
Zbigniew Jędrzejewski-Szmek [Tue, 27 Feb 2018 21:35:19 +0000 (22:35 +0100)]
Merge pull request #8297 from filbranden/udevrule1
Udev rule syntax checker updates
Yu Watanabe [Tue, 27 Feb 2018 21:18:06 +0000 (06:18 +0900)]
po: add Japanese translation (#8289)
Robert Antoni Buj Gelonch [Tue, 27 Feb 2018 21:16:41 +0000 (22:16 +0100)]
po: typing mistakes in Catalan translation (#8290)
Filipe Brandenburger [Tue, 27 Feb 2018 21:11:07 +0000 (13:11 -0800)]
rule-syntax-check: allow commas inside quoted strings
Using a regex to match the groups is smarter than the split(',') that
would break in those cases.
Tested:
SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*,*:070202:*", TAG+="uaccess"
Rule checker doesn't break there after this commit.
Filipe Brandenburger [Tue, 27 Feb 2018 19:12:18 +0000 (11:12 -0800)]
rule-syntax-check: add support for escaped double quotes
Add support to backslash-escaped double quote inside a string.
Tested by modifying src/login/70-uaccess.rules to include:
ACTION=="remove" it", GOTO="uaccess_end"
And had the rule checker complain about it:
$ test/rule-syntax-check.py src/login/70-uaccess.rules
# looking at src/login/70-uaccess.rules
Invalid line src/login/70-uaccess.rules:10: ACTION=="remove" it", GOTO="uaccess_end"
clause: ACTION=="remove" it"
Lennart Poettering [Mon, 26 Feb 2018 11:51:35 +0000 (12:51 +0100)]
seccomp: rework functions for parsing system call filters
This reworks system call filter parsing, and replaces a couple of "bool"
function arguments by a single flags parameter.
This shouldn't change behaviour, except for one case: when we
recursively call our parsing function on our own syscall list, then
we'll lower the log level to LOG_DEBUG from LOG_WARNING, because at that
point things are just a problem in our own code rather than in the user
configuration we are parsing, and we shouldn't hence generate confusing
warnings about syntax errors.
Fixes: #8261
Lennart Poettering [Mon, 26 Feb 2018 11:01:45 +0000 (12:01 +0100)]
systemd-sysv-install: unset ROOT rather than setting it to ""
Follow-up for #8264.
It's cleaner to pass no env var at all to forked off processes rather
than an empty one.
Lennart Poettering [Mon, 26 Feb 2018 10:50:12 +0000 (11:50 +0100)]
coccinelle: drop empty-if.cocci script
It doesn't work, spits out only rubbish and was already excluded of
run-coccinelle.sh. It's a pitty it doesn't work, but let's drop this
dead piece of code for now.
Lennart Poettering [Mon, 26 Feb 2018 10:48:46 +0000 (11:48 +0100)]
doc: add a new doc/ directory, and move two markdown docs into them
I figure sooneror later we'll have more of these docs, hence let's give
them a clean place to be.
This leaves NEWS and README/README.md as well as the LICENSE texts in
the root directory of the project since that appears to be customary for
Free Software projects.
Franck Bui [Fri, 23 Feb 2018 16:12:50 +0000 (17:12 +0100)]
rule-syntax-check: values can contain escaped double quotes
This is true since commit
7e760b79ad143b26a5c937afa7666a7c40508f85.
Note that the changes in the regex expressions relies on the fact that the
script assumes that the comma separator is mandatory.
Add a comment in the script to clarify this.
Franck Bui [Fri, 23 Feb 2018 15:54:40 +0000 (16:54 +0100)]
rule-syntax-check: PROGRAM is not supposed to get value assigned
In udev man page, "PROGRAM" key is part of the keys which are used for
matching purposes so it should only be used with the compare operator "==".
Actually it doesn't really make sense to assign it a value.
udev code allows both "=" and "==" for PROGRAM and both are handled the same
way but for consistencies it's better to have only the compare operator allowed
by the rule syntax checker.
No rules shipped by systemd use PROGRAM key so nothing need to be changed in
our rule files.
Franck Bui [Fri, 23 Feb 2018 15:49:17 +0000 (16:49 +0100)]
rules: add a missing comma in 70-uaccess.rules since it improves readability
rule-syntax-check.py failed with the following error:
$ ./test/rule-syntax-check.py ./src/login/70-uaccess.rules
Invalid line ./src/login/70-uaccess.rules:31: SUBSYSTEM=="sound", TAG+="uaccess" OPTIONS+="static_node=snd/timer", OPTIONS+="static_node=snd/seq"
clause: TAG+="uaccess" OPTIONS+="static_node=snd/timer"
The comma is actually optional but the script makes it mandatory which seems a
good thing since it improves readability.
Zbigniew Jędrzejewski-Szmek [Tue, 27 Feb 2018 12:33:00 +0000 (13:33 +0100)]
missing_syscall: add pkey_mprotect for ppc (#8292)
Accurate for both ppc and ppc64 according to https://fedora.juszkiewicz.com.pl/syscalls.html.
Evgeny Vereshchagin [Tue, 27 Feb 2018 09:34:41 +0000 (12:34 +0300)]
Merge pull request #8282 from poettering/khash-enokey
deal with borked ENOKEY on centos kernel's AF_ALG support
Robert Antoni Buj Gelonch [Tue, 27 Feb 2018 08:20:40 +0000 (09:20 +0100)]
po: update Catalan translation (#8267)
Yu Watanabe [Tue, 27 Feb 2018 07:59:03 +0000 (16:59 +0900)]
man: suggests TemporaryFileSystem= when people want to nest bind mounts inside InaccessiblePaths= (#8288)
Suggested by @sourcejedi in #8242.
Closes #7895, #7153, and #2780.
Zbigniew Jędrzejewski-Szmek [Tue, 27 Feb 2018 07:55:40 +0000 (08:55 +0100)]
Merge pull request #8285 from poettering/logind-close-fixes
various smaller logind fixes
Lennart Poettering [Tue, 27 Feb 2018 06:58:19 +0000 (07:58 +0100)]
fstab-generator: downgrade message when we can't canonicalize fstab entries (#8281)
Let's make this LOG_DEBUG, as this didn't used to be an issue, and
shouldn't really be still.
Replaces: #8132
Lennart Poettering [Mon, 26 Feb 2018 20:20:13 +0000 (21:20 +0100)]
Merge pull request #8284 from keszybz/gcc-warning-fixes
Gcc warning fixes
Zbigniew Jędrzejewski-Szmek [Mon, 26 Feb 2018 20:20:00 +0000 (21:20 +0100)]
tree-wide: use reallocarray instead of our home-grown realloc_multiply (#8279)
There isn't much difference, but in general we prefer to use the standard
functions. glibc provides reallocarray since version 2.26.
I moved explicit_bzero is configure test to the bottom, so that the two stdlib
functions are at the bottom.
Lennart Poettering [Mon, 26 Feb 2018 17:45:45 +0000 (18:45 +0100)]
sd-login: make use of _cleanup_close_ where possible
Lennart Poettering [Mon, 26 Feb 2018 17:45:28 +0000 (18:45 +0100)]
journal-upload: make use of safe_close() where appropriate
Lennart Poettering [Mon, 26 Feb 2018 17:34:49 +0000 (18:34 +0100)]
logind: make sure we don't trip up on half-initialized session devices
Fixes: #8035
Lennart Poettering [Mon, 26 Feb 2018 17:34:43 +0000 (18:34 +0100)]
logind: check file is device node before using .st_rdev
Lennart Poettering [Mon, 26 Feb 2018 17:34:13 +0000 (18:34 +0100)]
logind: let's pack a few struct fields we can pack
Lennart Poettering [Mon, 26 Feb 2018 17:33:51 +0000 (18:33 +0100)]
logind: fd 0 is a valid fd
Lennart Poettering [Mon, 26 Feb 2018 17:33:20 +0000 (18:33 +0100)]
logind: let's reduce one level of indentation
Lennart Poettering [Mon, 26 Feb 2018 17:33:05 +0000 (18:33 +0100)]
logind: propagate the right error, don't make up ENOMEM
Lennart Poettering [Mon, 26 Feb 2018 17:32:07 +0000 (18:32 +0100)]
logind: rework sd_eviocrevoke()
Let's initialize static variables properly and get rid of redundant
variables.
Lennart Poettering [Mon, 26 Feb 2018 17:31:06 +0000 (18:31 +0100)]
logind: trivial improvements
Just some addition whitespace, some additional assert()s, and removal of
redundant variables.
Lennart Poettering [Mon, 26 Feb 2018 12:46:58 +0000 (13:46 +0100)]
khash: try to detect broken AF_ALG support in centos kernels
Fixes: #8278
Zbigniew Jędrzejewski-Szmek [Mon, 26 Feb 2018 14:47:54 +0000 (15:47 +0100)]
core/unit: voidify one snprintf statement
One more follow-up for
f810b631cd.
Zbigniew Jędrzejewski-Szmek [Sun, 25 Feb 2018 20:59:04 +0000 (21:59 +0100)]
core/path: add one more assert
Zbigniew Jędrzejewski-Szmek [Sun, 25 Feb 2018 20:25:33 +0000 (21:25 +0100)]
basic/xattr-util: do not cast ssize_t to int
gcc warns about unitialized memory access because it notices that ssize_t which
is < 0 could be cast to positive int value. We know that this can't really
happen because only -1 can be returned, but OTOH, in principle a large
*positive* value cannot be cast properly. This is unlikely too, since xattrs
cannot be too large, but it seems cleaner to just use a size_t to return the
value and avoid the cast altoghter. This makes the code simpler and gcc is
happy too.
The following warning goes away:
[113/1502] Compiling C object 'src/basic/basic@sta/xattr-util.c.o'.
In file included from ../src/basic/alloc-util.h:28:0,
from ../src/basic/xattr-util.c:30:
../src/basic/xattr-util.c: In function ‘fd_getcrtime_at’:
../src/basic/macro.h:207:60: warning: ‘b’ may be used uninitialized in this function [-Wmaybe-uninitialized]
UNIQ_T(A,aq) < UNIQ_T(B,bq) ? UNIQ_T(A,aq) : UNIQ_T(B,bq); \
^
../src/basic/xattr-util.c:155:19: note: ‘b’ was declared here
usec_t a, b;
^
Zbigniew Jędrzejewski-Szmek [Sun, 25 Feb 2018 20:07:18 +0000 (21:07 +0100)]
basic/exec-util: use _exit() to return from child
Zbigniew Jędrzejewski-Szmek [Sun, 25 Feb 2018 16:26:22 +0000 (17:26 +0100)]
basic: shorten the code a bit in two places
gcc complains that len might be used unitialized, but afaict, this is not true.
Zbigniew Jędrzejewski-Szmek [Mon, 26 Feb 2018 14:42:27 +0000 (15:42 +0100)]
Merge pull request #8270 from dmedri/master
po: updates and basic notes for translators
Zbigniew Jędrzejewski-Szmek [Mon, 26 Feb 2018 11:31:08 +0000 (12:31 +0100)]
Merge pull request #8273 from yuwata/fix-test-execute
test: cleanups for test-execute
Yu Watanabe [Thu, 22 Feb 2018 00:02:12 +0000 (09:02 +0900)]
test: use "$$" to pass a literal dollar sign
Follow-up for
932329865741054f52dee2e7fc9bd6159b791fee.
Yu Watanabe [Thu, 22 Feb 2018 12:34:54 +0000 (21:34 +0900)]
test: use setup_fake_runtime_dir() in test-execute
Daniele Medri [Fri, 23 Feb 2018 19:33:48 +0000 (20:33 +0100)]
Some notes for translators
Zbigniew Jędrzejewski-Szmek [Fri, 23 Feb 2018 12:04:45 +0000 (13:04 +0100)]
systemd-sysv-install: avoid using ROOT variable from the environment
Fixes #8180.
Zbigniew Jędrzejewski-Szmek [Fri, 23 Feb 2018 11:49:15 +0000 (12:49 +0100)]
basic/virt: provide a nicer message is /proc/cpuinfo is not available
$ sudo systemd-run -p RootDirectory=/usr -E LD_LIBRARY_PATH=/lib/systemd/ -E SYSTEMD_LOG_LEVEL=debug /bin/systemd-detect-virt
Before
systemd-detect-virt[18498]: No virtualization found in DMI
systemd-detect-virt[18498]: No virtualization found in CPUID
systemd-detect-virt[18498]: Virtualization XEN not found, /proc/xen does not exist
systemd-detect-virt[18498]: This platform does not support /proc/device-tree
systemd-detect-virt[18498]: Failed to check for virtualization: No such file or directory
The first four lines are at debug level, so the user would only see that last
one usually, which is not very enlightening.
This now becomes:
systemd-detect-virt[21172]: No virtualization found in DMI
systemd-detect-virt[21172]: No virtualization found in CPUID
systemd-detect-virt[21172]: Virtualization XEN not found, /proc/xen does not exist
systemd-detect-virt[21172]: This platform does not support /proc/device-tree
systemd-detect-virt[21172]: /proc/cpuinfo not found, assuming no UML virtualization.
systemd-detect-virt[21172]: This platform does not support /proc/sysinfo
systemd-detect-virt[21172]: Found VM virtualization none
systemd-detect-virt[21172]: none
We do more checks, which is good too.
Giacomo Longo [Fri, 23 Feb 2018 18:57:13 +0000 (19:57 +0100)]
hwdb: Fix Chuwi Hi12 orientation sensor (#8266)
hwdb: Fix Chuwi Hi12 orientation sensor
Lennart Poettering [Fri, 23 Feb 2018 18:54:32 +0000 (19:54 +0100)]
Merge pull request #8258 from keszybz/log-issues
Fix some logging issues
Zbigniew Jędrzejewski-Szmek [Fri, 23 Feb 2018 12:29:03 +0000 (13:29 +0100)]
basic/log: add an assert that does not recurse into logging functions
Then it can be used in the asserts in logging functions without causing
infinite recursion. The error is just printed to stderr, it should be
good enough for the common case.
Lennart Poettering [Fri, 23 Feb 2018 11:20:38 +0000 (12:20 +0100)]
Merge pull request #8252 from keszybz/set-property-man
set-property man-page adjust-ments
Zbigniew Jędrzejewski-Szmek [Fri, 23 Feb 2018 10:12:19 +0000 (11:12 +0100)]
udev/net-id: check all snprintf return values
gcc-8 throws an error if it knows snprintf might truncate output and the
return value is ignored:
../src/udev/udev-builtin-net_id.c: In function 'dev_pci_slot':
../src/udev/udev-builtin-net_id.c:297:47: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Werror=format-truncation=]
snprintf(str, sizeof str, "%s/%s/address", slots, dent->d_name);
^~
../src/udev/udev-builtin-net_id.c:297:17: note: 'snprintf' output between 10 and 4360 bytes into a destination of size 4096
snprintf(str, sizeof str, "%s/%s/address", slots, dent->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
Let's check all return values. This actually makes the code better, because there's
no point in trying to open a file when the name has been truncated, etc.
Zbigniew Jędrzejewski-Szmek [Fri, 23 Feb 2018 10:09:13 +0000 (11:09 +0100)]
udev/net-id: use _cleanup_
This fixes a minor memleak of 'address' if the file could not be read.
Zbigniew Jędrzejewski-Szmek [Fri, 23 Feb 2018 09:22:44 +0000 (10:22 +0100)]
systemctl: do not hint logs when a unit cannot be reloaded
The logs don't contain any additional information.
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 22:55:14 +0000 (23:55 +0100)]
basic/log: make sure header is printed correctly, add test
If log_do_header() was called with overly long parameters, it'd generate
improper output. Essentially, it'd be truncated at random point, in particular
missing a newline at the end, so it'd run with the next field, usually MESSAGE=.
log_do_header is called with parameters from compiled code (file name, lien
nubmer, etc), so in practice this was unlikely to ever be a problem, but it is
possible. In particular, if systemd was compiled from sources in some deeply
nested directory (which happens for example in mock and other build roots), the
filename could be very long.
As a safety measure, let's truncate all parameters to 256 bytes. So we have
5 fields which are 256 bytes (plus the field name prefix), and a few other
fields with fixed width. This must always fit in the 2048 byte buffer.
I don't think there's much gain in calculating the required length precisely,
since it's a lot of fields and a few bytes allocated on the stack don't matter.
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 22:45:27 +0000 (23:45 +0100)]
basic/log: fix confusion with parameters to log_dispatch_internal
log_dispatch_internal has only one caller where the extra_field/extra
params are not null: log_unit_full. When log_unit_full() was called,
when we got to log_dispatch_internal, our header would look like this:
PRIORITY=7
SYSLOG_FACILITY=3
CODE_FILE=../src/core/manager.c
CODE_LINE=2145
CODE_FUNC=manager_invoke_sigchld_event
USER_UNIT=gnome-terminal-server.service
65dffa7a3b984a6d9a46f0b8fb57710bUSER_INVOCATION_ID=
SYSLOG_IDENTIFIER=systemd
It took me a while to understand why I'm not seeing mangled messages in the
journal (after all, "" is a valid rvalue for log messages). The answer is that
journald rejects any field name which starts with a digit, and the MESSAGE_ID
that was used here starts with a digit. Hence, those lines would be silently
filtered out.
Daniele Medri [Fri, 23 Feb 2018 09:49:07 +0000 (10:49 +0100)]
po: update Italian translation
Peter Hutterer [Fri, 23 Feb 2018 08:36:45 +0000 (18:36 +1000)]
udev: don't assign INPUT_ID_MOUSE to a touchpad/joystick/touchscreen (#8259)
If a touchpad has MT axes only but not ABS_X/ABS_Y (DualShock 4 controller),
then we hit both the conditions is_touchpad and the later check for
!has_abs_axes here, assigning is_mouse and ID_INPUT_MOUSE later.
This is a bug, we historically only assigned either of of the pointing device
tags ID_INPUT_MOUSE/TOUCHPAD/JOYSTICK/TOUCHSCREEN, never multiple of them.
Note that we cannot just check for has_abs_axes and has_mt_coordinates because
the apple touch mouse has both. We really need to check if the device has
already been assigned something else.
https://bugs.freedesktop.org/show_bug.cgi?id=105050
antizealot1337 [Thu, 22 Feb 2018 23:18:29 +0000 (18:18 -0500)]
Add missing double quote from log message (#8257)
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 22:39:17 +0000 (23:39 +0100)]
journal: drop left-over header line
Fixup for
53978b98f9ecc16dca216e8dab17d0d5622c9056.
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 22:07:58 +0000 (23:07 +0100)]
basic/log: make log_object_internalv static
It makes the code easier to read, because it's obvious that the function
cannot be called from elsewhere.
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 21:09:16 +0000 (22:09 +0100)]
basic/log: voidify snprintf statements
The buffers are fixed size, so the message may not fit, but we don't
particularly care.
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 21:03:15 +0000 (22:03 +0100)]
Revert "Replace use of snprintf with xsprintf"
This reverts commit
a7419dbc59da5c8cc9e90b3d96bc947cad91ae16.
_All_ changes in that commit were wrong.
Fixes #8211.
Alan Jenkins [Thu, 22 Feb 2018 20:38:44 +0000 (20:38 +0000)]
login: fix user@.service case, so we don't allow nested sessions (#8051)
> logind sessions are mostly bound to the audit session concept, and audit
> sessions remain unaffected by "su", in fact they are defined to be
> "sealed off", i.e. in a way that if a process entered a session once, it
> will always stay with it, and so will its children, i.e. the only way to
> get a new session is by forking off something off PID 1 (or something
> similar) that never has been part of a session.
The code had a gap. user@.service is a special case PAM session which does
not create a logind session. Let's remember to check for it.
Fixes #8021
Patrick Uiterwijk [Thu, 22 Feb 2018 18:41:30 +0000 (19:41 +0100)]
Fix format-truncation compile failure by typecasting USB IDs (#8250)
This patch adds safe_atoux16 for parsing an unsigned hexadecimal 16bit int, and
uses that for parsing USB device and vendor IDs.
This fixes a compile error with gcc-8 because while we know that USB IDs are 2 bytes,
the compiler does not know that.
../src/udev/udev-builtin-hwdb.c:80:38: error: '%04X' directive output may be
truncated writing between 4 and 8 bytes into a region of size between 2 and 6
[-Werror=format-truncation=]
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Beniamino Galvani [Thu, 22 Feb 2018 17:09:33 +0000 (18:09 +0100)]
libsystemd-network: fix endianness in ARP BPF filter (#8255)
Commit
f11cba7479fe ("libsystemd-network: fix unaligned loads (issue #7654)")
changed the way in which the MAC address is read to use native endiannes:
htobe32(*((uint32_t *)x) -> unaligned_read_ne32(x)
This is wrong because loads done with BPF_LD + BPF_ABS are big-endian, as it
can be seen for the ethertype and arp-operation loads above in the
filter. Also, the same commit changed:
htobe32(*((unsigned int *)x) -> unaligned_read_be32(x)
in _bind_raw_socket(), which is the correct form.
The commit broke IPv4LL in presence of loops, as the sender now considers its
own packets as conflicting.
Fixes:
f11cba7479fe29a9dab9e3151bbca4302d173811
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 16:06:29 +0000 (17:06 +0100)]
Merge pull request #8251 from Shuangistan/pr_virt_qnx
Shuang Liu [Thu, 22 Feb 2018 13:46:48 +0000 (14:46 +0100)]
man: add bhyve description for ConditionVirtualization=
The description in man is missing in #3840.
Shuang Liu [Thu, 22 Feb 2018 13:35:47 +0000 (14:35 +0100)]
virt: detect QNX hypervisor
Detect QNX hypervisor based on the CPUID.
Fixes: #7239
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 13:39:06 +0000 (14:39 +0100)]
systemctl: use VARIABLE as the placeholder for a variable name
The man page was already using VARIABLE=VALUE, so no change there.
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 13:37:02 +0000 (14:37 +0100)]
systemctl,man: use PROPERTY as the placeholder for a property name
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 11:58:53 +0000 (12:58 +0100)]
systemctl,man: use UNIT as the placeholder for a unit name
NAME is kind of meaningless, because everything has a name. "Unit"
makes it more obvious that a name of a unit is necessary. I was always
momentarily baffled by "set-property NAME ASSIGNMENT...", where there
are two objects (the unit and the property), and it's not clear which of
the two "NAME" is supposed to signify.
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 11:53:15 +0000 (12:53 +0100)]
man: IPAccounting for slices in now allowed
Also split that description into paragraphs by subject.
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 13:52:48 +0000 (14:52 +0100)]
Merge pull request #8205 from poettering/bpf-multi
bpf/cgroup improvements
Sergey Ptashnick [Thu, 22 Feb 2018 13:25:11 +0000 (16:25 +0300)]
Update Russian translation (#8248)
Used "in"-form here (i.e. "зарегистрировать службу *в* DNS-SD") because
simply "служба DNS-SD" may be confused with resolved itself (at least in
Russian).
Lennart Poettering [Thu, 22 Feb 2018 13:21:30 +0000 (14:21 +0100)]
nologin: extend the /run/nologin descriptions a bit (#8244)
This is an attempt to improve #8228 a bit, by extending the /run/nologin
a bit, but still keeping it somewhat brief.
On purpose I used the vague wording "unprivileged user" rather than
"non-root user" so that pam_nologin can be updated to disable its
behaviour for members of the "wheel" group one day, and our messages
would still make sense.
See #8228.
Lennart Poettering [Thu, 22 Feb 2018 12:15:41 +0000 (13:15 +0100)]
Merge pull request #8243 from poettering/statx-syscall-unfuck
statx() syscall macro fix + reboot() handling improvements
Lennart Poettering [Thu, 22 Feb 2018 10:56:24 +0000 (11:56 +0100)]
Merge pull request #8218 from keszybz/zanata
po: add basic fedora.zanata.org configuration
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 10:30:59 +0000 (11:30 +0100)]
pid1: when creating service directories, don't chown existing files (#8181)
This partially reverts
3536f49e8fa281539798a7bc5004d73302f39673 and
3536f49e8fa281539798a7bc5004d73302f39673.
When the user is dynamic, and we are setting up state, cache, or logs dirs,
behaviour is unchanged, we always do a recursive chown. This is necessary
because the user number might change between invocations.
But when setting up a directory for non-dynamic user, or a runtime directory
for a dynamic user, do any ownership or mode changes only when the directory
is initially created. Nothing says that the files under those directories have
to be all recursively owned by our user. This restores behaviour before
3536f49e8fa281539798a7bc5004d73302f39673, so modifications to the state of
the runtime directory persist between ExecStartPre's and ExecStart's, and even
longer in case the directory is persistent.
I think it _would_ be a nice property if setting a user would automatically
propagate to ownership of any Runtime/Logs/Cache directories. But this is
incompatible with another nice property, namely preserving changes to those
directories made by an admin, and with allowing change of ownership of files
in those directories by the service (e.g. to allow other users to access them).
Of the two, I think the second property is more important. Also, it's backwards
compatible.
https://bugzilla.redhat.com/show_bug.cgi?id=1508495
There is no need to chmod a directory we just created, so move that step
up into a branch. After that, 'effective' is only used once, so get rid of
it too.
Lennart Poettering [Wed, 21 Feb 2018 17:50:34 +0000 (18:50 +0100)]
shutdown: let's not use exit() needlessly
Generally we prefer 'return' from main() over exit() so that automatic
cleanups and such work correct. Let's do that in shutdown.c too, becuase
there's not really any reason not to.
With this we are pretty good in consistently using return from main()
rather than exit() all across the codebase. Yay!
Lennart Poettering [Wed, 21 Feb 2018 17:48:49 +0000 (18:48 +0100)]
reboot-util: unify reboot with parameter in a single implementation
So far, we had two implementations of reboot-with-parameter doing pretty
much the same. Let's unify that in a generic implementation used by
both.
This is particulary nice as it unifies all /run/systemd/reboot-param
handling in a single .c file.
Lennart Poettering [Wed, 21 Feb 2018 16:54:35 +0000 (17:54 +0100)]
basic: split out update_reboot_parameter_and_warn() into its own .c/.h files
This is primarily preparation for a follow-up commit that adds a common
implementation of the other side of the reboot parameter file, i.e. the
code that reads the file and issues reboot() for it.
Lennart Poettering [Wed, 21 Feb 2018 16:46:55 +0000 (17:46 +0100)]
tree-wide: voidify reboot() invocations
We use (void) in most cases for reboot() already, let's add it to the
others as well.
Lennart Poettering [Wed, 21 Feb 2018 16:42:59 +0000 (17:42 +0100)]
basic: add a common syscall wrapper around reboot()
This mimics the raw_clone() call we have in place already and
establishes a new syscall wrapper raw_reboot() that wraps the kernel's
reboot() system call in a bit more low-level fashion that glibc's
reboot() wrapper. The main difference is that the extra "arg" argument
is supported.
Ultimately this just replaces the syscall wrapper implementation we
currently have at three places in our codebase by a single one.
With this change this means that all our syscall() invocations are
neatly separated out in static inline system call wrappers in our header
functions.
Lennart Poettering [Wed, 21 Feb 2018 16:27:34 +0000 (17:27 +0100)]
missing: always use __NR_ as prefix for syscall numbers
Apparently, both __NR_ and SYS_ are useful, but we mostly use __NR_
hence use it for these two cases too, so that we settle on __NR_
exclusively.
Lennart Poettering [Wed, 21 Feb 2018 16:25:01 +0000 (17:25 +0100)]
missing: Fix statx syscall ifdeffery
Fix a copy/paste mistake.
Fixes: #8238
Zbigniew Jędrzejewski-Szmek [Thu, 22 Feb 2018 07:27:44 +0000 (08:27 +0100)]
Merge pull request #8246 from poettering/wait-for-terminate-eproto
some shutdown logging fixes