platform/upstream/systemd.git
6 years agodoc: fix resolvectl(1) per-interface DNS configuration documentation
Daniel Kahn Gillmor [Thu, 23 Aug 2018 20:33:56 +0000 (16:33 -0400)]
doc: fix resolvectl(1) per-interface DNS configuration documentation

You can only have one listitem in each varlistentry.

xmllint says:

    resolvectl.xml:269: element varlistentry: validity error : Element varlistentry content does not follow the DTD, expecting (term+ , listitem), got (term term term term term term term listitem listitem listitem )

6 years agodoc: fix udev(7) documentation about ATTR{} and SYSCTL{}
Daniel Kahn Gillmor [Thu, 23 Aug 2018 20:20:18 +0000 (16:20 -0400)]
doc: fix udev(7) documentation about ATTR{} and SYSCTL{}

Without this fix, udev(7) munges the two items together, like so:

       ATTR{filename}, SYSCTL{kernel parameter}
           Match sysfs attribute values of the event device. Trailing
           whitespace in the attribute values is ignored unless the specified
           match value itself contains trailing whitespace.  Match a kernel
           parameter value.

You're not allowed to have a <term> element after a <listitem> element within a
<varlistentry>.

xmllint complains:

    udev.xml:192: element varlistentry: validity error : Element varlistentry content does not follow the DTD, expecting (term+ , listitem), got (term listitem term listitem )

6 years agoMerge pull request #8135 from shawnl/arg_host
Zbigniew Jędrzejewski-Szmek [Thu, 23 Aug 2018 11:46:54 +0000 (13:46 +0200)]
Merge pull request #8135 from shawnl/arg_host

sd-bus: rework host handling

6 years agonetworkd and sd-netlink: add support for Generic netlink And FooOverUDP to IPIP tunnel
Susant Sahani [Sun, 3 Jun 2018 07:07:41 +0000 (12:37 +0530)]
networkd and sd-netlink: add support for Generic netlink And FooOverUDP to IPIP tunnel

This work add support to generic netlink to sd-netlink.
See https://lwn.net/Articles/208755/

networkd: add support FooOverUDP support to IPIP tunnel netdev
https://lwn.net/Articles/614348/

Example conf:

/lib/systemd/network/1-fou-tunnel.netdev
```
[NetDev]
Name=fou-tun
Kind=fou

[FooOverUDP]
Port=5555
Protocol=4

```

/lib/systemd/network/ipip-tunnel.netdev
```
[NetDev]
Name=ipip-tun
Kind=ipip

[Tunnel]
Independent=true
Local=10.65.208.212
Remote=10.65.208.211
FooOverUDP=true
FOUDestinationPort=5555
```

$ ip -d link show ipip-tun
```
5: ipip-tun@NONE: <POINTOPOINT,NOARP> mtu 1472 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ipip 10.65.208.212 peer 10.65.208.211 promiscuity 0
    ipip remote 10.65.208.211 local 10.65.208.212 ttl inherit pmtudisc encap fou encap-sport auto encap-dport 5555 noencap-csum noencap-csum6 noencap-remcsum numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
```

6 years agoMerge pull request #9406 from yuwata/rfe-9228
Zbigniew Jędrzejewski-Szmek [Thu, 23 Aug 2018 09:11:13 +0000 (11:11 +0200)]
Merge pull request #9406 from yuwata/rfe-9228

Trivial conflict solved in merge and include net/if_arp.h added.

6 years agoNetworkd: Start DHCP server when link is up.
Susant Sahani [Mon, 9 Jul 2018 05:40:54 +0000 (11:10 +0530)]
Networkd: Start DHCP server when link is up.

Closes #9479

6 years agohwdb: Apply Acer mappings to all Gateway and Packard Bell models
Chris Chiu [Tue, 8 Aug 2017 14:27:33 +0000 (22:27 +0800)]
hwdb: Apply Acer mappings to all Gateway and Packard Bell models

Gateway and Packard Bell both belong to Acer and need the same mappings.
This has been checked on several Gateway and Packard Bell models enabled
by Endless and confirmed by Acer Product Manager.

Signed-off-by: Chris Chiu <chiu@endlessm.com>
Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
6 years agohwdb: Map 8a to f20 on the Acer Travelmate P648-G3-M
Chris Chiu [Tue, 8 Aug 2017 14:18:11 +0000 (22:18 +0800)]
hwdb: Map 8a to f20 on the Acer Travelmate P648-G3-M

This model emits 0x8a for the microphone-mute button above the keyboard,
so let's map it to correct keycode.

Signed-off-by: Chris Chiu <chiu@endlessm.com>
Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
6 years agohwdb: Add keymaps for HP ProBook 11 G1
Carlo Caione [Thu, 14 Apr 2016 15:05:44 +0000 (11:05 -0400)]
hwdb: Add keymaps for HP ProBook 11 G1

Add microphone-mute and touchpad-toggle keymaps for the HP ProBook 11 G1
notebook.

Signed-off-by: Carlo Caione <carlo@endlessm.com>
Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
6 years agoMerge pull request #9904 from yuwata/replace-udev-device
Zbigniew Jędrzejewski-Szmek [Thu, 23 Aug 2018 07:01:44 +0000 (09:01 +0200)]
Merge pull request #9904 from yuwata/replace-udev-device

tree-wide: drop udev_device struct and use sd_device instead

6 years agoman: Fixed grammatical error in systemd.socket.xml (#9916)
Steve Ramage [Thu, 23 Aug 2018 04:14:17 +0000 (21:14 -0700)]
man: Fixed grammatical error in systemd.socket.xml (#9916)

6 years agoudev: move udev cleanup functions from udev-util.h to udev.h
Yu Watanabe [Wed, 22 Aug 2018 07:25:17 +0000 (16:25 +0900)]
udev: move udev cleanup functions from udev-util.h to udev.h

6 years agoudev-util: drop unused function udev_device_new_from_stat_rdev()
Yu Watanabe [Wed, 22 Aug 2018 06:16:10 +0000 (15:16 +0900)]
udev-util: drop unused function udev_device_new_from_stat_rdev()

6 years agologin/sysfs-show: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 05:59:03 +0000 (14:59 +0900)]
login/sysfs-show: replace udev_device by sd_device

6 years agologind: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 05:53:51 +0000 (14:53 +0900)]
logind: replace udev_device by sd_device

6 years agocore: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 05:43:11 +0000 (14:43 +0900)]
core: replace udev_device by sd_device

6 years agocore/umount: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 05:39:12 +0000 (14:39 +0900)]
core/umount: replace udev_device by sd_device

6 years agorfkill: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 05:32:50 +0000 (14:32 +0900)]
rfkill: replace udev_device by sd_device

6 years agonetwork: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 05:30:49 +0000 (14:30 +0900)]
network: replace udev_device by sd_device

6 years agonspawn: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 05:07:59 +0000 (14:07 +0900)]
nspawn: replace udev_device by sd_device

6 years agojournal: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 05:04:11 +0000 (14:04 +0900)]
journal: replace udev_device by sd_device

6 years agosd-device: introduce device_new_from_stat_rdev()
Yu Watanabe [Wed, 22 Aug 2018 05:00:53 +0000 (14:00 +0900)]
sd-device: introduce device_new_from_stat_rdev()

6 years agodissect: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 04:57:36 +0000 (13:57 +0900)]
dissect: replace udev_device by sd_device

6 years agogpt-auto-generator: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 04:55:45 +0000 (13:55 +0900)]
gpt-auto-generator: replace udev_device by sd_device

6 years agomount-tool: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 04:36:15 +0000 (13:36 +0900)]
mount-tool: replace udev_device by sd_device

6 years agobacklight: replace udev_device by sd_device
Yu Watanabe [Wed, 22 Aug 2018 04:35:47 +0000 (13:35 +0900)]
backlight: replace udev_device by sd_device

6 years agolibudev: introduce udev_monitor_receive_sd_device()
Yu Watanabe [Wed, 22 Aug 2018 07:30:33 +0000 (16:30 +0900)]
libudev: introduce udev_monitor_receive_sd_device()

6 years agolibudev: move cleanup functions from udev-util.h to libudev-private.h
Yu Watanabe [Wed, 22 Aug 2018 04:32:03 +0000 (13:32 +0900)]
libudev: move cleanup functions from udev-util.h to libudev-private.h

6 years agolibudev: accept NULL as the argument 'struct udev*' for udev_monitor_new() or friends
Yu Watanabe [Wed, 22 Aug 2018 04:15:46 +0000 (13:15 +0900)]
libudev: accept NULL as the argument 'struct udev*' for udev_monitor_new() or friends

As udev_monitor struct or friends are now almost independent of udev
struct. So, generating these objects without udev struct is reasonable.

6 years agocore: add IODeviceLatencyTargetSec
Tejun Heo [Wed, 13 Jun 2018 21:16:35 +0000 (14:16 -0700)]
core: add IODeviceLatencyTargetSec

This adds support for the following proposed latency based IO control
mechanism.

  https://lkml.org/lkml/2018/6/5/428

6 years agoselinux-util: drop unused variables
Yu Watanabe [Wed, 22 Aug 2018 14:19:32 +0000 (23:19 +0900)]
selinux-util: drop unused variables

Follow-up for 7e531a5265687aef5177b070c36ca4ceab42e768.

6 years agoman: correct journald field name
Chris Morin [Wed, 22 Aug 2018 13:04:27 +0000 (15:04 +0200)]
man: correct journald field name

6 years agoMerge pull request #9903 from yuwata/fuzzer-10007
Yu Watanabe [Wed, 22 Aug 2018 13:25:38 +0000 (22:25 +0900)]
Merge pull request #9903 from yuwata/fuzzer-10007

Fixes issue 10007 by oss-fuzz

6 years agotest: add testcase for issue 10007 by oss-fuzz
Yu Watanabe [Wed, 22 Aug 2018 03:39:40 +0000 (12:39 +0900)]
test: add testcase for issue 10007 by oss-fuzz

6 years agoutil: do not use stack frame for parsing arbitrary inputs
Yu Watanabe [Wed, 22 Aug 2018 03:33:27 +0000 (12:33 +0900)]
util: do not use stack frame for parsing arbitrary inputs

This replaces strndupa() by strndup() in socket_address_parse(),
as input string may be too long.

Fixes issue 10007 by ClusterFuzz-External:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10007

6 years agoMerge pull request #9852 from poettering/namespace-errno
Yu Watanabe [Wed, 22 Aug 2018 02:16:29 +0000 (11:16 +0900)]
Merge pull request #9852 from poettering/namespace-errno

namespace: be more careful when handling namespacing failures

6 years agorandom-util: use RDRAND for randomness if the kernel doesn't want to give us any
Lennart Poettering [Thu, 26 Jul 2018 08:42:01 +0000 (10:42 +0200)]
random-util: use RDRAND for randomness if the kernel doesn't want to give us any

Pretty much all intel cpus have had RDRAND in a long time. While
CPU-internal RNG are widely not trusted, for seeding hash tables it's
perfectly OK to use: we don't high quality entropy in that case, hence
let's use it.

This is only hooked up with 'high_quality_required' is false. If we
require high quality entropy the kernel is the only source we should
use.

6 years agoman: document that most sandboxing options are best effort only
Lennart Poettering [Fri, 10 Aug 2018 13:26:32 +0000 (15:26 +0200)]
man: document that most sandboxing options are best effort only

6 years agonamespace: be more careful when handling namespacing failures gracefully
Lennart Poettering [Fri, 10 Aug 2018 13:07:14 +0000 (15:07 +0200)]
namespace: be more careful when handling namespacing failures gracefully

This makes two changes to the namespacing code:

1. We'll only gracefully skip service namespacing on access failure if
   exclusively sandboxing options where selected, and not mount-related
   options that result in a very different view of the world. For example,
   ignoring RootDirectory=, RootImage= or Bind= is really probablematic,
   but ReadOnlyPaths= is just a weaker sandbox.

2. The namespacing code will now return a clearly recognizable error
   code when it cannot enforce its namespacing, so that we cannot
   confuse EPERM errors from mount() with those from unshare(). Only the
   errors from the first unshare() are now taken as hint to gracefully
   disable namespacing.

Fixes: #9844 #9835

6 years agoumount: Don't use options from fstab on remount
aszlig [Mon, 20 Aug 2018 03:33:58 +0000 (05:33 +0200)]
umount: Don't use options from fstab on remount

The fstab entry may contain comment/application-specific options, like
for example x-systemd.automount or x-initrd.mount.

With the recent switch to libmount, the mount options during remount are
now gathered via mnt_fs_get_options(), which returns the merged fstab
options with the effective options in mountinfo.

Unfortunately if one of these application-specific options are set in
fstab, the remount will fail with -EINVAL.

In systemd 238:

  Remounting '/test-x-initrd-mount' read-only in with options
  'errors=continue,user_xattr,acl'.

In systemd 239:

  Remounting '/test-x-initrd-mount' read-only in with options
  'errors=continue,user_xattr,acl,x-initrd.mount'.
  Failed to remount '/test-x-initrd-mount' read-only: Invalid argument

So instead of using mnt_fs_get_options(), we're now using both
mnt_fs_get_fs_options() and mnt_fs_get_vfs_options() and merging the
results together so we don't get any non-relevant options from fstab.

Signed-off-by: aszlig <aszlig@nix.build>
6 years agotmpfiles: use fd_get_path() even less excessively
Franck Bui [Mon, 20 Aug 2018 15:23:12 +0000 (17:23 +0200)]
tmpfiles: use fd_get_path() even less excessively

A follow-up for commit 9d874aec451b591401d9b14cf8743b9d179159b2.

This patch makes "path" parameter mandatory in fd_set_*() helpers removing the
need to use fd_get_path() when NULL was passed. The caller is supposed to pass
the fd anyway so assuming that it also knows the path should be safe.

Actually, the only case where this was useful (or used) was when we were
walking through directory trees (in item_do()). But even in those cases the
paths could be constructed trivially, which is still better than relying on
fd_get_path() (which is an ugly API).

A very succinct test case is also added for 'z/Z' operators so the code dealing
with recursive operators is tested minimally.

6 years agoMerge pull request #9712 from filbranden/socket1
Zbigniew Jędrzejewski-Szmek [Tue, 21 Aug 2018 17:45:44 +0000 (19:45 +0200)]
Merge pull request #9712 from filbranden/socket1

socket-util: Introduce send_one_fd_iov() and receive_one_fd_iov()

6 years agoMerge pull request #9783 from poettering/get-user-creds-flags
Zbigniew Jędrzejewski-Szmek [Tue, 21 Aug 2018 08:09:33 +0000 (10:09 +0200)]
Merge pull request #9783 from poettering/get-user-creds-flags

beef up get_user_creds() a bit and other improvements

6 years agoMerge pull request #9811 from poettering/random-seed-tweaks
Zbigniew Jędrzejewski-Szmek [Tue, 21 Aug 2018 08:08:58 +0000 (10:08 +0200)]
Merge pull request #9811 from poettering/random-seed-tweaks

some random seed handling tweaks

6 years agoMerge pull request #9853 from poettering/uneeded-queue
Zbigniew Jędrzejewski-Szmek [Tue, 21 Aug 2018 08:06:30 +0000 (10:06 +0200)]
Merge pull request #9853 from poettering/uneeded-queue

rework StopWhenUnneeded=1 logic

6 years agomeson: rename -Ddebug to -Ddebug-extra
Zbigniew Jędrzejewski-Szmek [Sun, 19 Aug 2018 17:11:30 +0000 (19:11 +0200)]
meson: rename -Ddebug to -Ddebug-extra

Meson added -Doptimization and -Ddebug options, which obviously causes
a conflict with our -Ddebug options. Let's rename it.

Fixes #9883.

6 years agoRename USER_CREDS_SYNTHESIZE_FALLBACK to …_PREFER_NSS
Zbigniew Jędrzejewski-Szmek [Mon, 20 Aug 2018 14:06:41 +0000 (16:06 +0200)]
Rename USER_CREDS_SYNTHESIZE_FALLBACK to …_PREFER_NSS

6 years agouser-util: rework get_user_creds()
Lennart Poettering [Thu, 2 Aug 2018 16:36:47 +0000 (18:36 +0200)]
user-util: rework get_user_creds()

Let's fold get_user_creds_clean() into get_user_creds(), and introduce a
flags argument for it to select "clean" behaviour. This flags parameter
also learns to other new flags:

- USER_CREDS_SYNTHESIZE_FALLBACK: in this mode the user records for
  root/nobody are only synthesized as fallback. Normally, the synthesized
  records take precedence over what is in the user database.  With this
  flag set this is reversed, and the user database takes precedence, and
  the synthesized records are only used if they are missing there. This
  flag should be set in cases where doing NSS is deemed safe, and where
  there's interest in knowing the correct shell, for example if the
  admin changed root's shell to zsh or suchlike.

- USER_CREDS_ALLOW_MISSING: if set, and a UID/GID is specified by
  numeric value, and there's no user/group record for it accept it
  anyway. This allows us to fix #9767

This then also ports all users to set the most appropriate flags.

Fixes: #9767

[zj: remove one isempty() call]

6 years agonetworkd: add O_CLOEXEC where it's missing
Lennart Poettering [Thu, 2 Aug 2018 17:10:01 +0000 (19:10 +0200)]
networkd: add O_CLOEXEC where it's missing

6 years agonspawn: add two missing OOM checks
Lennart Poettering [Thu, 2 Aug 2018 15:57:56 +0000 (17:57 +0200)]
nspawn: add two missing OOM checks

6 years agonspawn: make sure to create /dev/char/x:y symlinks in nspawn containers too
Lennart Poettering [Thu, 2 Aug 2018 15:58:13 +0000 (17:58 +0200)]
nspawn: make sure to create /dev/char/x:y symlinks in nspawn containers too

On the host udev creates these, but they are useful API, hence create
them in nspawn containers too.

6 years agonamespace: when creating device nodes, also create /dev/char/* symlinks
Lennart Poettering [Thu, 2 Aug 2018 15:43:49 +0000 (17:43 +0200)]
namespace: when creating device nodes, also create /dev/char/* symlinks

On the host these symlinks are created by udev, and we consider them API
and make use of them ourselves at various places. Hence when running a
private /dev, also create these symlinks so that lookups by major/minor
work in such an environment, too.

6 years agoMerge pull request #9801 from yuwata/analyze-cleanups
Zbigniew Jędrzejewski-Szmek [Mon, 20 Aug 2018 11:12:53 +0000 (13:12 +0200)]
Merge pull request #9801 from yuwata/analyze-cleanups

analyze: several improvements

6 years agoMerge pull request #9809 from poettering/tmpfiles-cleanup
Zbigniew Jędrzejewski-Szmek [Mon, 20 Aug 2018 10:51:57 +0000 (12:51 +0200)]
Merge pull request #9809 from poettering/tmpfiles-cleanup

various tmpfiles fixes

6 years agorandom-seed: write the machine ID into /dev/urandom as well
Lennart Poettering [Mon, 6 Aug 2018 13:58:16 +0000 (15:58 +0200)]
random-seed: write the machine ID into /dev/urandom as well

This is some extra protection for sloppy "golden master" systems, where
images are duplicated many times but the random seed is not
deleted (or reset for each copy). That golden master systems have to
reset /etc/machine-id is better known, and easier to notice (as having
the same ID will result in address conflicts and suchlike quite often).
Hence let's write the machine ID into /dev/urandom, in case it has been
initialized and unlikely the stored random seed has been provisioned
differently on each image.

Note that we don't credit the entropy either way, hence in the case
there's a cycle of a) generating the machine-id early at boot and b)
writing it back into /dev/urandom late at boot it shouldn't matter. It's
never going to make things worse, just in a few cases better.

6 years agocore: when setting up PAM, try to get tty of STDIN_FILENO if not set explicitly
Lennart Poettering [Fri, 3 Aug 2018 19:30:16 +0000 (21:30 +0200)]
core: when setting up PAM, try to get tty of STDIN_FILENO if not set explicitly

When stdin/stdout/stderr is initialized from an fd, let's read the tty
name of it if we can, and pass that to PAM.

This makes sure that "machinectl shell" sessions have proper TTY fields
initialized that "loginctl" then shows.

6 years agotree-wide: add clickable man page link to all --help texts
Lennart Poettering [Thu, 9 Aug 2018 08:32:31 +0000 (10:32 +0200)]
tree-wide: add clickable man page link to all --help texts

This is a bit like the info link in most of GNU's --help texts, but we
don't do info but man pages, and we make them properly clickable on
terminal supporting that, because awesome.

I think it's generally advisable to link up our (brief) --help texts and
our (more comprehensive) man pages a bit, so this should be an easy and
straight-forward way to do it.

6 years agocore: rename function to better reflect semantics
Zbigniew Jędrzejewski-Szmek [Mon, 20 Aug 2018 08:43:31 +0000 (10:43 +0200)]
core: rename function to better reflect semantics

6 years agoutil: improve comments why we ignore EACCES and EPERM
Yu Watanabe [Sat, 11 Aug 2018 13:47:22 +0000 (22:47 +0900)]
util: improve comments why we ignore EACCES and EPERM

Follow-up for ef454fd1936813fa45d3e3b459d43fa30be7bf49 (#9848).

6 years agohwdb: explicitly label the XP-PEN STAR 06 as tablet
Peter Hutterer [Tue, 14 Aug 2018 02:59:06 +0000 (12:59 +1000)]
hwdb: explicitly label the XP-PEN STAR 06 as tablet

Exports BTN_LEFT...BTN_FORWARD, BTN_TOUCH, REL_X/Y/WHEEL/MISC and
ABS_X/Y/PRESSURE. Rather than figure out what builtin-input_id tweak we need
for this device, just add the tablet bit.

https://gitlab.freedesktop.org/xorg/driver/xf86-input-libinput/issues/8

6 years agohwdb: Fix wlan keycode for all Dell Latitude and Precision systems
Shih-Yuan Lee (FourDollars) [Tue, 14 Aug 2018 10:40:37 +0000 (18:40 +0800)]
hwdb: Fix wlan keycode for all Dell Latitude and Precision systems

Removing this line is because cab01e9ecf1c69656785e64f5fc94cd4ed09e57f
has contained the wlan keycode fix.

This line will only break the wlan keycode for all Dell Latitude and
Precision systems after cab01e9ecf1c69656785e64f5fc94cd4ed09e57f.

6 years agoshell-completion: replace "gdb" verb with "debug" for coredumpctl
Jan Pokorný [Thu, 16 Aug 2018 16:23:16 +0000 (18:23 +0200)]
shell-completion: replace "gdb" verb with "debug" for coredumpctl

Also offer --debugger option.  Both to reflect changes in v239.

6 years agoRevert "sysctl.d: request ECN on both in and outgoing connections"
Thomas Hindoe Paaboel Andersen [Fri, 17 Aug 2018 19:31:05 +0000 (21:31 +0200)]
Revert "sysctl.d: request ECN on both in and outgoing connections"

Turning on ECN still causes slow or broken network on linux. Our tcp
is not yet ready for wide spread use of ECN.

This reverts commit 919472741dba6ad0a3f6c2b76d390a02d0e2fdc3.

6 years agoMerge pull request #9879 from evverx/get-rid-of-workaround
Yu Watanabe [Fri, 17 Aug 2018 15:11:58 +0000 (00:11 +0900)]
Merge pull request #9879 from evverx/get-rid-of-workaround

 oss-fuzz.sh: just install the shared library

6 years agoresolvectl: free the block of memory 'hashed' points to before reusing it
Evgeny Vereshchagin [Thu, 16 Aug 2018 06:48:06 +0000 (06:48 +0000)]
resolvectl: free the block of memory 'hashed' points to before reusing it

This fixes a memory leak:
```
d5070e2f67ededca022f81f2941900606b16f3196b2268e856295f59._openpgpkey.gmail.com: resolve call failed: 'd5070e2f67ededca022f81f2941900606b16f3196b2268e856295f59._openpgpkey.gmail.com' not found

=================================================================
==224==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 65 byte(s) in 1 object(s) allocated from:
    #0 0x7f71b0878850 in malloc (/usr/lib64/libasan.so.4+0xde850)
    #1 0x7f71afaf69b0 in malloc_multiply ../src/basic/alloc-util.h:63
    #2 0x7f71afaf6c95 in hexmem ../src/basic/hexdecoct.c:62
    #3 0x7f71afbb574b in string_hashsum ../src/basic/gcrypt-util.c:45
    #4 0x56201333e0b9 in string_hashsum_sha256 ../src/basic/gcrypt-util.h:30
    #5 0x562013347b63 in resolve_openpgp ../src/resolve/resolvectl.c:908
    #6 0x562013348b9f in verb_openpgp ../src/resolve/resolvectl.c:944
    #7 0x7f71afbae0b0 in dispatch_verb ../src/basic/verbs.c:119
    #8 0x56201335790b in native_main ../src/resolve/resolvectl.c:2947
    #9 0x56201335880d in main ../src/resolve/resolvectl.c:3087
    #10 0x7f71ad8fcf29 in __libc_start_main (/lib64/libc.so.6+0x20f29)

SUMMARY: AddressSanitizer: 65 byte(s) leaked in 1 allocation(s).
```

6 years agooss-fuzz.sh: just install the shared library
Evgeny Vereshchagin [Thu, 16 Aug 2018 02:06:35 +0000 (02:06 +0000)]
oss-fuzz.sh: just install the shared library

The workaround is no longer necessary, because the scripts
checking fuzzers have stopped going down to the subdirectories
of $OUT and started to look for the string "LLVMFuzzerTestOneInput"
to tell fuzzers and random binaries apart. Some more details can be
found at https://github.com/google/oss-fuzz/issues/1566.

6 years agoMerge pull request #9863 from evverx/issues-found-by-journald-fuzzer
Yu Watanabe [Mon, 13 Aug 2018 11:57:25 +0000 (20:57 +0900)]
Merge pull request #9863 from evverx/issues-found-by-journald-fuzzer

A few fixes for several issues uncovered with a home-brew fuzzer for journald

6 years agoresolved: do not keep dns_server to dns_stream ref if tls connection failed (#9855)
Iwan Timmer [Mon, 13 Aug 2018 06:20:25 +0000 (08:20 +0200)]
resolved: do not keep dns_server to dns_stream ref if tls connection failed (#9855)

The references to the dns_server are now setup after the tls connection is setup.
This ensures that the stream got fully stopped when the initial tls setup failed
instead of having the unref being blocked by the reference to the stream by the server.
Therefore on_stream_io would no longer be called with a half setup encrypted connection.

Fixes the issue reported in #9838.

6 years agoresolve: do not hit CNAME or DNAME entry in NODATA cache (#9836)
Yu Watanabe [Mon, 13 Aug 2018 05:32:33 +0000 (14:32 +0900)]
resolve: do not hit CNAME or DNAME entry in NODATA cache (#9836)

Fixes #9833.

6 years agofsck: use our usual syntax for defining bit masks
Lennart Poettering [Fri, 10 Aug 2018 13:12:14 +0000 (15:12 +0200)]
fsck: use our usual syntax for defining bit masks

6 years agoupdate TODO
Lennart Poettering [Fri, 10 Aug 2018 14:20:42 +0000 (16:20 +0200)]
update TODO

6 years agocore: rework StopWhenUnneeded= logic
Lennart Poettering [Thu, 9 Aug 2018 14:26:27 +0000 (16:26 +0200)]
core: rework StopWhenUnneeded= logic

Previously, we'd act immediately on StopWhenUnneeded= when a unit state
changes. With this rework we'll maintain a queue instead: whenever
there's the chance that StopWhenUneeded= might have an effect we enqueue
the unit, and process it later when we have nothing better to do.

This should make the implementation a bit more reliable, as the unit notify event
cannot immediately enqueue tons of side-effect jobs that might
contradict each other, but we do so only in a strictly ordered fashion,
from the main event loop.

This slightly changes the check when to consider a unit "unneeded".
Previously, we'd assume that a unit in "deactivating" state could also
be cleaned up. With this new logic we'll only consider units unneeded
that are fully up and have no job queued. This means that whenever
there's something pending for a unit we won't clean it up.

6 years agoMerge pull request #9848 from yuwata/fix-9835-9844
Zbigniew Jędrzejewski-Szmek [Fri, 10 Aug 2018 13:36:34 +0000 (15:36 +0200)]
Merge pull request #9848 from yuwata/fix-9835-9844

core: namespace fixes

6 years agojournald: take leading spaces into account in syslog_parse_identifier
Evgeny Vereshchagin [Fri, 10 Aug 2018 12:55:09 +0000 (12:55 +0000)]
journald: take leading spaces into account in syslog_parse_identifier

This is a kind of follow-up to e88baee88fad8bc59d3 which should finally fix
the issue which that commit was supposed to fix.

6 years agojournald: free the allocated memory before returning from dev_kmsg_record
Evgeny Vereshchagin [Fri, 10 Aug 2018 12:52:07 +0000 (12:52 +0000)]
journald: free the allocated memory before returning from dev_kmsg_record

This fixes a minor memory leak.

6 years agojournald: make it clear that dev_kmsg_record modifies the string passed to it
Evgeny Vereshchagin [Fri, 10 Aug 2018 12:45:42 +0000 (12:45 +0000)]
journald: make it clear that dev_kmsg_record modifies the string passed to it

The function replaces a couple commas, a semicolon and the final newline with
zero bytes in the string passed to it. The 'const' seems to have been added
by accident during a bulk edit (more specifically 3b3154df7e2773332bb814).

6 years agocore/execute: fix dump format for Limit*=
Yu Watanabe [Fri, 10 Aug 2018 04:03:02 +0000 (13:03 +0900)]
core/execute: fix dump format for Limit*=

Fixes #9846.

6 years agojournal: do not remove multiple spaces after identifier in syslog message
Yu Watanabe [Fri, 10 Aug 2018 02:07:54 +0000 (11:07 +0900)]
journal: do not remove multiple spaces after identifier in syslog message

Single space is used as separator.
C.f. discussions in #156.

Fixes #9839 introduced by a6aadf4ae0bae185dc4c414d492a4a781c80ffe5.

6 years agoutil: bind_remount_recursive_with_mountinfo(): ignore submounts which cannot be accessed
Yu Watanabe [Fri, 10 Aug 2018 05:30:55 +0000 (14:30 +0900)]
util: bind_remount_recursive_with_mountinfo(): ignore submounts which cannot be accessed

Fixes #9844.

6 years agocore/namespace: add more log messages
Yu Watanabe [Fri, 10 Aug 2018 04:50:54 +0000 (13:50 +0900)]
core/namespace: add more log messages

Suggested by #9835.

6 years agomeson: actually honor pkgconfig*dir options (#9841)
Benedikt Morbach [Fri, 10 Aug 2018 02:59:54 +0000 (04:59 +0200)]
meson: actually honor pkgconfig*dir options (#9841)

both were silently ignored leading to some of the pkg-config files
ending up in the wrong place

6 years agotimedate: emit property changed signal after all jobs are completed
Yu Watanabe [Thu, 26 Jul 2018 16:32:12 +0000 (01:32 +0900)]
timedate: emit property changed signal after all jobs are completed

Follow-up for 3af0a96c0fcc623bd16649fc3640396a657cf9ef (#9684).

6 years agoMerge pull request #9827 from yuwata/fix-9795-9820
Lennart Poettering [Wed, 8 Aug 2018 12:07:40 +0000 (14:07 +0200)]
Merge pull request #9827 from yuwata/fix-9795-9820

journal: fixes issues reported by ASan

6 years agotmpfiles: don't adjust qgroups on existing subvolumes
Franck Bui [Mon, 6 Aug 2018 10:29:54 +0000 (12:29 +0200)]
tmpfiles: don't adjust qgroups on existing subvolumes

The qgroup logic (types 'q' and 'Q') only has an effect if there's no previous
setup at all, and any explicitly configured subvolumes with their qgroups are
left entirely unmodified.

The idea is that if users want a different logic than the one we set up by
default, then by all means they should do that before hand, and tmpfiles won't
override their logic.

6 years agoresolve: do not compress target names in SRV records
Yu Watanabe [Wed, 8 Aug 2018 05:30:40 +0000 (14:30 +0900)]
resolve: do not compress target names in SRV records

Fixes #9793.

6 years agoMerge pull request #9830 from yuwata/journalctl-help
Lennart Poettering [Wed, 8 Aug 2018 10:23:58 +0000 (12:23 +0200)]
Merge pull request #9830 from yuwata/journalctl-help

journal: do not hide options in help message

6 years agotest: make TEST-22 easier to debug, by outputting to /dev/console
Lennart Poettering [Mon, 6 Aug 2018 18:57:26 +0000 (20:57 +0200)]
test: make TEST-22 easier to debug, by outputting to /dev/console

6 years agotest: don't use "nobody:nogroup" for tests
Lennart Poettering [Mon, 6 Aug 2018 18:56:45 +0000 (20:56 +0200)]
test: don't use "nobody:nogroup" for tests

This user/group doesn't apply to Fedora.

Let's use daemon:daemon instead like the other tests, as it actually
tends to exist everywhere.

6 years agotmpfiles: return correct error variable after fd_reopen()
Lennart Poettering [Mon, 6 Aug 2018 18:19:52 +0000 (20:19 +0200)]
tmpfiles: return correct error variable after fd_reopen()

6 years agobtrfs-util: unfuck tmpfiles' subvol creation
Lennart Poettering [Mon, 6 Aug 2018 17:32:00 +0000 (19:32 +0200)]
btrfs-util: unfuck tmpfiles' subvol creation

tmpfiles now passes an O_PATH fd to btrfs_subvol_make_fd() under the
assumption it will accept it like mkdirat() does. So far this assumption
was wrong, let's correct that.

Without that tmpfiles' on btrfs file systems failed systematically...

6 years agotmpfiles: reindent one comment less weirdly
Lennart Poettering [Mon, 6 Aug 2018 13:46:32 +0000 (15:46 +0200)]
tmpfiles: reindent one comment less weirdly

6 years agotmpfiles: use correct error variable
Lennart Poettering [Mon, 6 Aug 2018 13:46:01 +0000 (15:46 +0200)]
tmpfiles: use correct error variable

6 years agotmpfiles: clarify that we ignore file attribute setting errors
Lennart Poettering [Mon, 6 Aug 2018 13:44:47 +0000 (15:44 +0200)]
tmpfiles: clarify that we ignore file attribute setting errors

6 years agotmpfiles: add log message where we previously failed silently
Lennart Poettering [Mon, 6 Aug 2018 13:44:24 +0000 (15:44 +0200)]
tmpfiles: add log message where we previously failed silently

6 years agotmpfiles: use fd_get_path() less excessively
Lennart Poettering [Mon, 6 Aug 2018 13:40:16 +0000 (15:40 +0200)]
tmpfiles: use fd_get_path() less excessively

fd_get_path() is an ugly API, as it creates ambiguities related to the
" (deleted)" suffix /proc/$PID/fd/$FD shows. Let's use it a bit less
excessively, and whenever we have a good valid path already, let's
simply pass that along, instead of forgetting it in one stackframe and
reacquiring it in the next.

6 years agosyslog: fix segfault in syslog_parse_priority()
Yu Watanabe [Wed, 8 Aug 2018 09:27:15 +0000 (18:27 +0900)]
syslog: fix segfault in syslog_parse_priority()

6 years agokernel-install: don't try to run depmod when kernel doesn't support modules
Marc-Antoine Perennou [Tue, 7 Aug 2018 08:19:29 +0000 (10:19 +0200)]
kernel-install: don't try to run depmod when kernel doesn't support modules

Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
6 years agojournal: fix size of buffer
Yu Watanabe [Wed, 8 Aug 2018 03:48:47 +0000 (12:48 +0900)]
journal: fix size of buffer

6 years agoresolve: use memcmp_safe() and memcpy_safe()
Yu Watanabe [Wed, 8 Aug 2018 07:23:20 +0000 (16:23 +0900)]
resolve: use memcmp_safe() and memcpy_safe()

As the length of salt in NSEC3 may be zero.

Fixes #9757.

6 years agoutil: introduce memcmp_safe()
Yu Watanabe [Wed, 8 Aug 2018 07:22:55 +0000 (16:22 +0900)]
util: introduce memcmp_safe()