platform/upstream/systemd.git
5 years agounits: enable ProtectHostname=yes
Topi Miettinen [Mon, 18 Feb 2019 22:30:12 +0000 (00:30 +0200)]
units: enable ProtectHostname=yes

5 years agocore: ProtectHostname= feature
Topi Miettinen [Fri, 8 Feb 2019 17:25:00 +0000 (19:25 +0200)]
core: ProtectHostname= feature

Let services use a private UTS namespace. In addition, a seccomp filter is
installed on set{host,domain}name and a ro bind mounts on
/proc/sys/kernel/{host,domain}name.

5 years agorpm: use sh compatible redirects
Jan Engelhardt [Fri, 8 Feb 2019 14:35:55 +0000 (15:35 +0100)]
rpm: use sh compatible redirects

&> is bash-specific. Switch to something that will work with dash
and pbosh.

5 years agoautomount: don't pass non-blocking pipe to kernel.
NeilBrown [Thu, 7 Feb 2019 22:44:06 +0000 (09:44 +1100)]
automount: don't pass non-blocking pipe to kernel.

Creating a pipe with O_NONBLOCK causes both the read and the write end to
be marked as non-blocking.
The "write" end is passed to the kernel autofs module, and it does not
expect a non-blocking pipe.  If it gets -EAGAIN when trying to write
(which is unlikely, but not completely impossible), it will close the
write end of the pipe, which leads to unexpected errors.

So change the code to only set O_NONBLOCK on the "read" end of the
pipe.  This is the only end that systemd interacts with, so the only end
it should be configuring.

5 years agoMerge pull request #11578 from keszybz/gcc-9-fixes
Lennart Poettering [Thu, 7 Feb 2019 14:25:05 +0000 (15:25 +0100)]
Merge pull request #11578 from keszybz/gcc-9-fixes

Packed struct alignment workarounds for gcc-9

5 years agoMerge pull request #11655 from yuwata/fix-11652
Lennart Poettering [Thu, 7 Feb 2019 14:01:31 +0000 (15:01 +0100)]
Merge pull request #11655 from yuwata/fix-11652

sd-device: fix device_copy_properties()

5 years agoMerge pull request #11659 from yuwata/fix-11643
Lennart Poettering [Thu, 7 Feb 2019 13:54:07 +0000 (14:54 +0100)]
Merge pull request #11659 from yuwata/fix-11643

import: fix invalid error check and use after free

5 years agoMerge pull request #11663 from yuwata/follow-up-10712
Lennart Poettering [Thu, 7 Feb 2019 13:46:35 +0000 (14:46 +0100)]
Merge pull request #11663 from yuwata/follow-up-10712

core: make PIDFile= accept empty assignment

5 years agosd-daemon: make sd_booted() return negative errno on unexpected error
Yu Watanabe [Wed, 6 Feb 2019 18:07:34 +0000 (19:07 +0100)]
sd-daemon: make sd_booted() return negative errno on unexpected error

5 years agocore/dbus-service: empty assignment to PIDFile= resets the value
Yu Watanabe [Wed, 6 Feb 2019 16:52:41 +0000 (17:52 +0100)]
core/dbus-service: empty assignment to PIDFile= resets the value

Follow-up for a9353a5c5b512f107955e56a9812724f40b841d3.

5 years agocore/dbus-service: write PIDFile= setting to transient unit file
Yu Watanabe [Wed, 6 Feb 2019 16:44:59 +0000 (17:44 +0100)]
core/dbus-service: write PIDFile= setting to transient unit file

Follow-up for a9353a5c5b512f107955e56a9812724f40b841d3.

5 years agocore/load-fragment: empty assignment to PIDFile= resets the value
Yu Watanabe [Wed, 6 Feb 2019 16:41:26 +0000 (17:41 +0100)]
core/load-fragment: empty assignment to PIDFile= resets the value

Follow-up for a9353a5c5b512f107955e56a9812724f40b841d3.

5 years agocurl-util: fix use after free
Yu Watanabe [Wed, 6 Feb 2019 15:18:58 +0000 (16:18 +0100)]
curl-util: fix use after free

This fixes a bug introduced by c3e658004a66115fa09abcf602d573e65e577aa9.

5 years agopull: fix invalid error check
Yu Watanabe [Wed, 6 Feb 2019 15:17:59 +0000 (16:17 +0100)]
pull: fix invalid error check

This fixes a bug introduced by 0d94088e4e9e00f5ca9afdb8e68c94558fe23268.

5 years agotest-network: ignore tunnel devices automatically added by kernel
Yu Watanabe [Wed, 6 Feb 2019 11:02:15 +0000 (12:02 +0100)]
test-network: ignore tunnel devices automatically added by kernel

Fixes #10934.

5 years agoMerge pull request #11656 from yuwata/test-network-routing-policy-rule-check-kernel
Frantisek Sumsal [Wed, 6 Feb 2019 10:14:11 +0000 (11:14 +0100)]
Merge pull request #11656 from yuwata/test-network-routing-policy-rule-check-kernel

test-network: check port range and ipproto attributs are supported by kernel and ip command

5 years agotest-network: check port range and ipproto attributes are supported by kernel and...
Yu Watanabe [Wed, 6 Feb 2019 08:27:28 +0000 (09:27 +0100)]
test-network: check port range and ipproto attributes are supported by kernel and ip command

5 years agotest: add a test case for issue #11652
Yu Watanabe [Wed, 6 Feb 2019 07:43:34 +0000 (08:43 +0100)]
test: add a test case for issue #11652

5 years agosd-device: fix device_copy_properties()
Yu Watanabe [Wed, 6 Feb 2019 07:36:48 +0000 (08:36 +0100)]
sd-device: fix device_copy_properties()

This fixes a bug introduced by a3ce813697bcc1c4644e097a2f1cd0459326d6ee.

Fixes #11652.

5 years agotest-sizeof: print the alignments too
Zbigniew Jędrzejewski-Szmek [Tue, 5 Feb 2019 17:56:41 +0000 (18:56 +0100)]
test-sizeof: print the alignments too

5 years agoefivars: remove direct access to unaligned structure members
Zbigniew Jędrzejewski-Szmek [Tue, 5 Feb 2019 16:35:39 +0000 (17:35 +0100)]
efivars: remove direct access to unaligned structure members

Most of the accesses *were* aligned. The only one that definetely wasn't was to
drive_path->part_start and drive_path->part_size, because those both expect
8 byte alignment, and are at offsets 4 and 12 in the packed structure.

Because of the way that device_path structure is defined and used, we expect
that device_path.length is always two-byte aligned.

This adds asserts in various places to ensure the proper alignment, and uses
memcpy in other places where the alignment might be off.

5 years agoefivars: make sure that _packed_ structure members are actually aligned as expected
Zbigniew Jędrzejewski-Szmek [Tue, 5 Feb 2019 16:05:56 +0000 (17:05 +0100)]
efivars: make sure that _packed_ structure members are actually aligned as expected

When looking for the terminating double-NUL, don't just read the memory
until the terminator is found, but use the information we got about the
buffer size.

The length parameter passed to utf16_to_utf8() would include the terminator, so
the converted string would end up with two terminators (the original one
converted to "utf8", still 0, and then the one that was always added anyway).
Instead let's pass just the length of the actual data to utf16_to_utf8().

5 years agoudevadm info: "-a" should enumerate sysfs attributes, not envs (#11642)
Mantas Mikulėnas [Tue, 5 Feb 2019 04:30:49 +0000 (06:30 +0200)]
udevadm info: "-a" should enumerate sysfs attributes, not envs (#11642)

This fixes a bug introduced by 13aca847695f49afeb93367ecdad76035fa6c139.

5 years agotest-resolve: increase timeout to 120s
Zbigniew Jędrzejewski-Szmek [Sun, 27 Jan 2019 17:43:41 +0000 (18:43 +0100)]
test-resolve: increase timeout to 120s

The test queries some domain names. If the DNS servers are unreachable,
e.g. in a rawhide container I get the total runtime of 24.5s usually, but
sometimes slightly longer, enough to reach the default timeout of 30s.

5 years agojournal: drop _packed_ attribute in a few places
Zbigniew Jędrzejewski-Szmek [Sun, 27 Jan 2019 17:04:22 +0000 (18:04 +0100)]
journal: drop _packed_ attribute in a few places

The justification is the safe as for the grandparent commit.

5 years agotest-util: drop _packed_ attribute
Zbigniew Jędrzejewski-Szmek [Sun, 27 Jan 2019 16:13:42 +0000 (17:13 +0100)]
test-util: drop _packed_ attribute

gcc-9 warns:
../src/test/test-util.c:147:19: note: in expansion of macro ‘container_of’
  147 |         assert_se(container_of(&myval.v1, struct mytype, v1) == &myval);
      |                   ^~~~~~~~~~~~

I don't think packing matters here for the test of container_of(), so let's
just remove it.

5 years agolibsystemd-network: remove _packed_ attribute to appease the compiler
Zbigniew Jędrzejewski-Szmek [Sun, 27 Jan 2019 16:09:21 +0000 (17:09 +0100)]
libsystemd-network: remove _packed_ attribute to appease the compiler

gcc-9 warns whenever the elements of a structure defined with _packed_ are used:

../src/network/networkd-dhcp6.c: In function ‘dhcp6_pd_prefix_assign’:
../src/network/networkd-dhcp6.c:92:53: warning: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Waddress-of-packed-member]
   92 |         r = manager_dhcp6_prefix_add(link->manager, &p->opt.in6_addr, link);
      |                                                     ^~~~~~~~~~~~~~~~

And the compiler is right, because in principle the alignment could be wrong.
In this particular case it is not, because the structure is carefully defined
not to have holes. Let's remove _packed_ and use compile-time asserts to verify
that the offsets are not changed.

5 years agoanalyze security: fix recursive call of syscall_names_in_filter()
Yu Watanabe [Fri, 1 Feb 2019 10:49:24 +0000 (11:49 +0100)]
analyze security: fix recursive call of syscall_names_in_filter()

When `syscall_names_in_filter()` is called in itself, it is already
examined with `whitelist`. Or, in other words, `syscall_names_in_filter()`
returns bad or good in boolean. So, the returned value should not be
compared with `whitelist` again.

This replaces #11302.

5 years agoportable: document /etc/machine-id and /etc/resolv.conf
Дамјан Георгиевски [Thu, 31 Jan 2019 13:28:59 +0000 (14:28 +0100)]
portable: document /etc/machine-id and /etc/resolv.conf

… requirement for portable service images.

systemd will mount the host machine-id and resolv.conf at these
locations, so for read-only images these must exist in the image,
because they can't be created.

5 years agohwdb: Add support for Gemini NC14 keyboard
Jonathan McDowell [Thu, 31 Jan 2019 13:32:24 +0000 (13:32 +0000)]
hwdb: Add support for Gemini NC14 keyboard

5 years agomachinectl: fix argument index in error log
Yu Watanabe [Sat, 2 Feb 2019 14:03:17 +0000 (15:03 +0100)]
machinectl: fix argument index in error log

Fixes #11628.

5 years agoMerge pull request #11641 from ffontaine/master
Lennart Poettering [Mon, 4 Feb 2019 10:02:54 +0000 (11:02 +0100)]
Merge pull request #11641 from ffontaine/master

fix build without BRIDGE_VLAN_INFO_RANGE_END or IFA_F_NOPREFIXROUTE

5 years agoMerge pull request #11621 from yuwata/man-ref-systemd-system-conf
Lennart Poettering [Mon, 4 Feb 2019 09:46:45 +0000 (10:46 +0100)]
Merge pull request #11621 from yuwata/man-ref-systemd-system-conf

man: add and fix references

5 years agoNEWS fix boolean value for meson options
Christian Hesse [Mon, 4 Feb 2019 09:34:11 +0000 (10:34 +0100)]
NEWS fix boolean value for meson options

Valid boolean values for meson are 'true' and 'false',
not 'yes' and 'no'.

5 years agohwdb: Add key-mapping for GPIO-keys on HP stream 7 tablet (#11631)
Hans de Goede [Sun, 3 Feb 2019 22:58:39 +0000 (23:58 +0100)]
hwdb: Add key-mapping for GPIO-keys on HP stream 7 tablet (#11631)

The HP stream 7 ACPI tables contains a gpio-keys entry for a non connected
GPIO causing spurious events, this commit maps this key to unknown to
disable it.

BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=202279
5 years agoAdd another entry for MX Master to 70-mouse.hwdb (#11633)
Claudius Ellsel [Sun, 3 Feb 2019 22:39:34 +0000 (23:39 +0100)]
Add another entry for MX Master to 70-mouse.hwdb (#11633)

5 years agonetworkd-dhcp6.c: fix build without IFA_F_NOPREFIXROUTE
Fabrice Fontaine [Sun, 3 Feb 2019 17:38:10 +0000 (18:38 +0100)]
networkd-dhcp6.c: fix build without IFA_F_NOPREFIXROUTE

systemd fails to build on kernel without IFA_F_NOPREFIXROUTE
since 9714c02

So put include missing_network.h

Fixes:
 - http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
5 years agonetworkd-address.c: fix build without IFA_F_NOPREFIXROUTE
Fabrice Fontaine [Sun, 3 Feb 2019 17:33:39 +0000 (18:33 +0100)]
networkd-address.c: fix build without IFA_F_NOPREFIXROUTE

systemd fails to build on kernel without IFA_F_NOPREFIXROUTE
since 9714c02

So put include missing_network.h

Fixes:
 - http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
5 years agonetworkd-ndisc.c: fix build without IFA_F_NOPREFIXROUTE
Fabrice Fontaine [Sun, 3 Feb 2019 17:28:16 +0000 (18:28 +0100)]
networkd-ndisc.c: fix build without IFA_F_NOPREFIXROUTE

systemd fails to build on kernel without IFA_F_NOPREFIXROUTE
since 9714c02

So put include missing_network.h

Fixes:
 - http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
5 years agonetworkd-brvlan.c: fix build without BRIDGE_VLAN_INFO_RANGE_END
Fabrice Fontaine [Sun, 3 Feb 2019 16:32:46 +0000 (17:32 +0100)]
networkd-brvlan.c: fix build without BRIDGE_VLAN_INFO_RANGE_END

systemd fails to build on kernel without BRIDGE_VLAN_INFO_RANGE_END
since 9714c02

So put include missing_if_bridge.h

Fixes:
 - http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
5 years agoMerge pull request #11637 from yuwata/fix-test-network
Frantisek Sumsal [Sun, 3 Feb 2019 12:33:47 +0000 (13:33 +0100)]
Merge pull request #11637 from yuwata/fix-test-network

test-network: fix test_dhcp_server() and test_ipv6_prefix_delegation()

5 years agotravis: stop using the official upstream-systemd-ci repository
Evgeny Vereshchagin [Sun, 3 Feb 2019 05:07:23 +0000 (06:07 +0100)]
travis: stop using the official upstream-systemd-ci repository

Turns out the key for the repository hasn't been propagated properly
so let's restore the kludge that was removed in https://github.com/systemd/systemd/pull/11582.
Of course it's ugly but at least it works.

The issue was kind of reported to the maintainers of the repository
in https://github.com/systemd/systemd/pull/11531#issuecomment-460023474.

5 years agotest-network: add or drop whitespace
Yu Watanabe [Sun, 3 Feb 2019 03:37:51 +0000 (04:37 +0100)]
test-network: add or drop whitespace

5 years agotest-network: fix test_dhcp_server() and test_ipv6_prefix_delegation()
Yu Watanabe [Sun, 3 Feb 2019 03:36:36 +0000 (04:36 +0100)]
test-network: fix test_dhcp_server() and test_ipv6_prefix_delegation()

The tests have been broken since 30d3b54ebad41082e99cabbee815cb113aa0b5c4.

5 years agoshared: Revert commit 49fe5c099 in parts for function parse_acl.
YmrDtnJu [Fri, 1 Feb 2019 10:38:35 +0000 (11:38 +0100)]
shared: Revert commit 49fe5c099 in parts for function parse_acl.

Too much code has been removed while replacing startswith with STARTSWITH_SET
so that every ACL specified e.g. in tmpfiles.d was parsed as a default ACL.

5 years agotest: (ArchLinux) Replace initramfs-linux.img with initramfs-linux-fallback.img.
Taro Yamada [Sat, 2 Feb 2019 04:05:42 +0000 (13:05 +0900)]
test: (ArchLinux) Replace initramfs-linux.img with initramfs-linux-fallback.img.

Currently /boot/initramfs-linux.img is used as the default initrd for ArchLinux.
Although, since the kernel modules that are not necessary for the host  environment are removed from
initramfs-linux.img by mkinitcpio 's autodetect hook, the kernel modules necessary for qemu may be missing.
(ata_piix, ext4, and so on in my case.)
As a result, the test environment may not be built properly and the test will be failed.

initramfs-linux-fallback.img will skip this autodetect hook, so the test will run successfully in more
environments.

Both initramfs-linux.img and initramfs-linux-fallback.img are generated by default.

5 years agotest-execute: unset $HOME before testing
Yu Watanabe [Fri, 1 Feb 2019 11:49:26 +0000 (12:49 +0100)]
test-execute: unset $HOME before testing

Otherwise, test for %h specifier may fail.

Fixes #11609.

5 years agoman: add referecne to systemd-system.conf
Yu Watanabe [Fri, 1 Feb 2019 11:31:51 +0000 (12:31 +0100)]
man: add referecne to systemd-system.conf

5 years agoman: clarify the source of DefaultTimeoutStartSec=
Yu Watanabe [Fri, 1 Feb 2019 11:31:35 +0000 (12:31 +0100)]
man: clarify the source of DefaultTimeoutStartSec=

5 years agoman: fix volume num of journalctl
Yu Watanabe [Fri, 1 Feb 2019 11:30:36 +0000 (12:30 +0100)]
man: fix volume num of journalctl

5 years agopager: improve english a bit
Lennart Poettering [Wed, 23 Jan 2019 16:00:09 +0000 (17:00 +0100)]
pager: improve english a bit

5 years agoAdd Lenovo Yoga 500-14IBD, 80N4 GlidePoint Touchpad (#11606)
govwin [Thu, 31 Jan 2019 04:43:14 +0000 (05:43 +0100)]
Add Lenovo Yoga 500-14IBD, 80N4 GlidePoint Touchpad (#11606)

Touchpad size as listed by kernel was 102x28mm. Update changes it to 106x71mm.
User measured (actual size): 108x72mm.

5 years agoMore NEWS prep for v241
Lennart Poettering [Wed, 30 Jan 2019 18:02:00 +0000 (19:02 +0100)]
More NEWS prep for v241

5 years agotest-network: skip erspan test if not available
Susant Sahani [Wed, 30 Jan 2019 11:52:37 +0000 (12:52 +0100)]
test-network: skip erspan test if not available

5 years agoMerge pull request #11592 from evverx/ignore-memory-leaks-in-dbus
Evgeny Vereshchagin [Wed, 30 Jan 2019 13:24:18 +0000 (16:24 +0300)]
Merge pull request #11592 from evverx/ignore-memory-leaks-in-dbus

tests: ignore memory leaks in dbus-daemon and also crash PID1 if UBSan is unhappy

5 years agoFixed minor typo in man/tmpfiles.d.xml
Ronnie P. Thomas [Wed, 30 Jan 2019 04:32:05 +0000 (23:32 -0500)]
Fixed minor typo in man/tmpfiles.d.xml

5 years agotests: crash PID1 if UBSan is unhappy
Evgeny Vereshchagin [Wed, 30 Jan 2019 02:16:14 +0000 (03:16 +0100)]
tests: crash PID1 if UBSan is unhappy

Now that https://github.com/systemd/systemd/issues/10332 is unlikely to happen
it should be totally fine to try to crash PID1 :-)

5 years agotests: ignore memory leaks in dbus-daemon
Evgeny Vereshchagin [Wed, 30 Jan 2019 01:19:45 +0000 (02:19 +0100)]
tests: ignore memory leaks in dbus-daemon

Otherwise, the test fails on Fedora 28 with
```
Jan 30 01:42:35 systemd-testsuite dbus-daemon[61]: [system] Successfully activated service 'org.freedesktop.systemd1'
Jan 30 01:42:35 systemd-testsuite systemd[61]: dbus.service: Kernel keyring access prohibited, ignoring.
Jan 30 01:42:35 systemd-testsuite systemd[61]: dbus.service: Executing: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]: =================================================================
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]: ==61==ERROR: LeakSanitizer: detected memory leaks
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]: Direct leak of 72 byte(s) in 1 object(s) allocated from:
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]:     #0 0x7f21f9e29088 in __interceptor_realloc (/usr/lib64/libasan.so.5+0xef088)
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]:     #1 0x7f21f9b1b23c  (/lib64/libdbus-1.so.3+0x3323c)
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]:     #2 0x240000001b  (<unknown module>)
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]: Direct leak of 16 byte(s) in 1 object(s) allocated from:
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]:     #0 0x7f21f9e29088 in __interceptor_realloc (/usr/lib64/libasan.so.5+0xef088)
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]:     #1 0x7f21f9b1b23c  (/lib64/libdbus-1.so.3+0x3323c)
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]:     #2 0x7ffffffff  (<unknown module>)
Jan 30 01:42:50 systemd-testsuite dbus-daemon[61]: SUMMARY: AddressSanitizer: 88 byte(s) leaked in 2 allocation(s).
```

The leaks were reported and fixed in https://bugs.freedesktop.org/show_bug.cgi?id=107320.

5 years agotravis: switch to the "official" systemd-ci repository
Evgeny Vereshchagin [Tue, 29 Jan 2019 02:19:43 +0000 (03:19 +0100)]
travis: switch to the "official" systemd-ci repository

Now that add-apt-repository hasn't failed for almost two days on Semaphore
it should be safe to assume that the key has been propagated properly
and the repository is ready to be used on Travis CI.

5 years agoMerge pull request #11540 from taro-yamada/mytest
Lennart Poettering [Tue, 29 Jan 2019 10:27:42 +0000 (11:27 +0100)]
Merge pull request #11540 from taro-yamada/mytest

ReFix #11128

5 years agoMerge pull request #11569 from yuwata/first-step-11307
Lennart Poettering [Tue, 29 Jan 2019 10:25:55 +0000 (11:25 +0100)]
Merge pull request #11569 from yuwata/first-step-11307

util-lib: warn if address is specified without prefix length

5 years agotest-network: set missing prefixlen
Yu Watanabe [Mon, 28 Jan 2019 14:47:25 +0000 (15:47 +0100)]
test-network: set missing prefixlen

5 years agonetwork: warn if Address= is specified without prefixlen
Yu Watanabe [Mon, 28 Jan 2019 14:29:54 +0000 (15:29 +0100)]
network: warn if Address= is specified without prefixlen

This is the first step for #11307.

5 years agoutil: add a new mode for in_addr_prefix_from_string_auto_internal() which refuses...
Yu Watanabe [Mon, 28 Jan 2019 14:28:05 +0000 (15:28 +0100)]
util: add a new mode for in_addr_prefix_from_string_auto_internal() which refuses address without prefixlen

This also drops in_addr_default_prefix_from_string(), as it is only
used by test-in-addr.

5 years agoAdd a warning about the difference in permissions between existing directories and...
Taro Yamada [Sun, 27 Jan 2019 04:50:04 +0000 (13:50 +0900)]
Add a warning about the difference in permissions between existing directories and unit settings.

To follows the intent of 30c81ce, this change does not execute chmod() and just add warnings.

5 years agoMerge pull request #11580 from yuwata/fix-11579
Lennart Poettering [Mon, 28 Jan 2019 15:57:08 +0000 (16:57 +0100)]
Merge pull request #11580 from yuwata/fix-11579

network/wireguard: fix sending wireguard peers

5 years agounits: make sure initrd-cleanup.service terminates before switching to rootfs
Franck Bui [Mon, 28 Jan 2019 11:07:37 +0000 (12:07 +0100)]
units: make sure initrd-cleanup.service terminates before switching to rootfs

A follow-up for commit a8cb1dc3e0fa81aff.

Commit a8cb1dc3e0fa81aff made sure that initrd-cleanup.service won't be stopped
when initrd-switch-root.target is isolated.

However even with this change, it might happen that initrd-cleanup.service
survives the switch to rootfs (since it has no ordering constraints against
initrd-switch-root.target) and is stopped right after when default.target is
isolated. This led to initrd-cleanup.service entering in failed state as it
happens when oneshot services are stopped.

This patch along with a8cb1dc3e0fa81aff should fix issue #4343.

Fixes: #4343

5 years agotest-barrier: skip the test in virtualized/containerized environments
Frantisek Sumsal [Sat, 26 Jan 2019 16:03:34 +0000 (17:03 +0100)]
test-barrier: skip the test in virtualized/containerized environments

5 years agonetwork/wireguard: use sd_netlink_message_append_sockaddr_in{,6}()
Yu Watanabe [Mon, 28 Jan 2019 11:27:37 +0000 (12:27 +0100)]
network/wireguard: use sd_netlink_message_append_sockaddr_in{,6}()

5 years agoMerge pull request #11566 from poettering/alloca-assert
Lennart Poettering [Mon, 28 Jan 2019 11:19:36 +0000 (12:19 +0100)]
Merge pull request #11566 from poettering/alloca-assert

add a safety size assert() on most alloca() calls

5 years agosd-netlink: introduce sd_netlink_message_append_sockaddr_in{,6}()
Yu Watanabe [Mon, 28 Jan 2019 11:19:29 +0000 (12:19 +0100)]
sd-netlink: introduce sd_netlink_message_append_sockaddr_in{,6}()

5 years agotest-network: add more checks in NetworkdNetDevTests.test_wireguard
Yu Watanabe [Mon, 28 Jan 2019 09:09:22 +0000 (10:09 +0100)]
test-network: add more checks in NetworkdNetDevTests.test_wireguard

5 years agonetwork/wireguard: fixes sending wireguard peer settings
Yu Watanabe [Mon, 28 Jan 2019 08:42:35 +0000 (09:42 +0100)]
network/wireguard: fixes sending wireguard peer settings

This fixes a bug introduced by e1f717d4a02e15ae11a191dd4962b2f4d117678d.

Fixes #11579.

5 years agojournal: avoid buffer overread when locale name is too long
Zbigniew Jędrzejewski-Szmek [Sun, 27 Jan 2019 08:37:26 +0000 (09:37 +0100)]
journal: avoid buffer overread when locale name is too long

We could potentially create an unterminated string and then call normal string
operations on it. Let's be more careful: first remove the suffix we ignore anyway,
then find if the string is of acceptable length, and possibly ignore it if it
is too long. The code rejects lengths above 31 bytes. Language names that are
actually used are much shorter, so this doesn't matter much.

5 years agokernel-install: fix dracut initrd detection (240 backward compatibility) (#11570)
Marc-Antoine Perennou [Sun, 27 Jan 2019 16:32:21 +0000 (17:32 +0100)]
kernel-install: fix dracut initrd detection (240 backward compatibility) (#11570)

* kernel-install: fix initrd when called as installkernel

Running make install from the kernel runs e.g.:
installkernel 4.20.5 arch/x86/boot/bzImage System.map "/boot"

Since 0912c0b80eb24fb9a4e1cc4abf274a1358b9943d this would
cal 90-loaderentry.install with those arguments:
add 4.20.5 /boot/... arch/x86/boot/bzImage System.map "/boot"

The two last arguments would then be handled as the initrd files.
As System.map exists in current directory but not in /boot/...
it would get copied there, and used as initrd intead of the initrd
which has been generated by dracut.

With this change, nothing changes when kernel-install is called
directly, but when it's called as installkernel, we now pass
thos arguments to 90-loaderentry.install:
add 4.20.5 /boot/... arch/x86/boot/bzImage initrd
initrd is thus detected as the file to use for the initrd, and as it
exists, nothing is copied over and the initrd line generated is
consistent with what one would expect

* kernel-install: fix dracut initrd detection when called directly

This brings back the systemd 240 behaviour when called directly too

* kernel-install: unify initrd fallback

* kernel-install: move initrd fallback handling to 90-loaderentry.install

* kernel-install: move initrd fallback just before creating loader entry

5 years agoshared/dissect-image: make sure that we don't truncate device name
Zbigniew Jędrzejewski-Szmek [Sun, 27 Jan 2019 08:35:36 +0000 (09:35 +0100)]
shared/dissect-image: make sure that we don't truncate device name

gcc-9 complains that the string may be truncated when written into the output
structure. This shouldn't happen, but if it did, in principle we could remove a
different structure (with a matching name prefix). Let's just refuse the
operation if the name doesn't fit.

5 years agoRevert "Fixes #11128"
Taro Yamada [Sun, 27 Jan 2019 04:43:30 +0000 (13:43 +0900)]
Revert "Fixes #11128"

This reverts commit 0bf05f0122f0f13cd0c0bc35a31861875d2ead31 because it breaks 30c81ce.
Please see #11540.

5 years agoMerge pull request #11513 from poettering/cryptsetup-msg
Zbigniew Jędrzejewski-Szmek [Sat, 26 Jan 2019 15:43:20 +0000 (16:43 +0100)]
Merge pull request #11513 from poettering/cryptsetup-msg

improve cryptsetup messaging

5 years agotree-wide: use newa() instead of alloca() wherever we can
Lennart Poettering [Sat, 26 Jan 2019 14:52:18 +0000 (15:52 +0100)]
tree-wide: use newa() instead of alloca() wherever we can

Typesafety is nice. And this way we can take benefit of the new size
assert() the previous commit added.

5 years agoalloc-util: whenever any of our alloca() wrappers is used to allocate overly large...
Lennart Poettering [Sat, 26 Jan 2019 14:42:35 +0000 (15:42 +0100)]
alloc-util: whenever any of our alloca() wrappers is used to allocate overly large memory blocks, hit an assert()

Of course, this should never happen, but let's better be safe than
sorry, and abort rather than continue when a too large memory block is
allocated, simply asa safety precaution.

An early abort is better than continuing with a likely memory corruption
later.

5 years agoMerge pull request #11460 from yuwata/fix-11458
Lennart Poettering [Sat, 26 Jan 2019 14:41:06 +0000 (15:41 +0100)]
Merge pull request #11460 from yuwata/fix-11458

network: update address when static address was already configured by DHCP

5 years agobuild-sys: bump package/library versions
Zbigniew Jędrzejewski-Szmek [Thu, 10 Jan 2019 21:29:01 +0000 (22:29 +0100)]
build-sys: bump package/library versions

We added sd_bus_close_unref().

5 years agoMerge pull request #11562 from yuwata/fix-11558
Lennart Poettering [Sat, 26 Jan 2019 13:46:48 +0000 (14:46 +0100)]
Merge pull request #11562 from yuwata/fix-11558

core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set

5 years agoMerge pull request #11466 from keszybz/fix-loop-remounts
Lennart Poettering [Sat, 26 Jan 2019 13:42:02 +0000 (14:42 +0100)]
Merge pull request #11466 from keszybz/fix-loop-remounts

pid1: fix cleanup of stale implicit deps based on /proc/self/mountinfo

5 years agopid1: fix cleanup of stale implicit deps based on /proc/self/mountinfo
Zbigniew Jędrzejewski-Szmek [Thu, 17 Jan 2019 15:09:13 +0000 (16:09 +0100)]
pid1: fix cleanup of stale implicit deps based on /proc/self/mountinfo

The problem was introduced in a37422045fbb68ad68f734e5dc00e0a5b1759773:
we have a unit which has a fragment, and when we'd update it based on
/proc/self/mountinfo, we'd say that e.g. What=/dev/loop8 has origin-fragment.
This commit changes two things:
- origin-fragment is changed to origin-mountinfo-implicit
- when we stop a unit, mountinfo information is flushed and all deps based
  on it are dropped.

The second step is important, because when we restart the unit, we want to
notice that we have "fresh" mountinfo information. We could keep the old info
around and solve this in a different way, but keeping stale information seems
inelegant.

Fixes #11342.

5 years agoMerge pull request #11530 from keszybz/journal-cache-trimming
Lennart Poettering [Sat, 26 Jan 2019 12:55:55 +0000 (13:55 +0100)]
Merge pull request #11530 from keszybz/journal-cache-trimming

Journal cache trimming

5 years agoMerge pull request #11545 from xnox/ppc64el
Lennart Poettering [Sat, 26 Jan 2019 12:55:32 +0000 (13:55 +0100)]
Merge pull request #11545 from xnox/ppc64el

test-functions: fixup PPC64 testing

5 years agounits: drop conditionalization of systemd-tmpfiles-setup-dev.service
Lennart Poettering [Sat, 26 Jan 2019 10:37:06 +0000 (11:37 +0100)]
units: drop conditionalization of systemd-tmpfiles-setup-dev.service

Currently, tmpfiles runs in two separate services at boot. /dev is
populated by systemd-tmpfiles-setup-dev.service and everything else by
systemd-tmpfiles-setup.service. The former was so far conditionalized by
CAP_SYS_MODULES. The reasoning was that the primary purpose of
populating /dev was to create device nodes based on the static device
node info exported in kernel modules through MODALIAS. And without the
privs to load kernel modules doing so is unnecessary. That thinking is
incomplete however, as there might be reason to create stuff in /dev
outside of the static modalias usecase. Thus, let's drop the
conditionalization to ensure that tmpfiles.d rules are always executed
at least once under all conditions.

Fixes: #11544

5 years agonspawn: ignore SIGPIPE for nspawn itself
Lennart Poettering [Sat, 26 Jan 2019 11:18:16 +0000 (12:18 +0100)]
nspawn: ignore SIGPIPE for nspawn itself

Let's not abort due to a dead stdout.

Fixes: #11533

5 years agoprocess-util: don't use overly large buffer to store process command line
Michal Sekletar [Tue, 22 Jan 2019 13:29:50 +0000 (14:29 +0100)]
process-util: don't use overly large buffer to store process command line

Allocate new string as a return value and free our "scratch pad"
buffer that is potentially much larger than needed (up to
_SC_ARG_MAX).

Fixes #11502

5 years agoman: update DefaultDependency= in systemd.mount(5)
Yu Watanabe [Sat, 26 Jan 2019 12:05:27 +0000 (13:05 +0100)]
man: update DefaultDependency= in systemd.mount(5)

Follow-up for d54bab90e64f70c1ecf9b0683a98adb8485ed09e and the
previous commit.

5 years agojournald: periodically drop cache for all dead PIDs
Zbigniew Jędrzejewski-Szmek [Tue, 22 Jan 2019 16:30:48 +0000 (17:30 +0100)]
journald: periodically drop cache for all dead PIDs

In normal use, this allow us to drop dead entries from the cache and reduces
the cache size so that we don't evict entries unnecessarily. The time limit is
there mostly to serve as a guard against malicious logging from many different
PIDs.

5 years agojournal: limit the number of entries in the cache based on available memory
Zbigniew Jędrzejewski-Szmek [Tue, 22 Jan 2019 15:12:52 +0000 (16:12 +0100)]
journal: limit the number of entries in the cache based on available memory

This is far from perfect, but should give mostly reasonable values. My
assumption is that if somebody has a few hundred MB of memory, they are
unlikely to have thousands of processes logging. A hundred would already be a
lot. So let's scale the cache size propritionally to the total memory size,
with clamping on both ends.

The formula gives 64 cache entries for each GB of RAM.

5 years agobasic/prioq: add prioq_peek_item()
Zbigniew Jędrzejewski-Szmek [Sat, 26 Jan 2019 10:27:18 +0000 (11:27 +0100)]
basic/prioq: add prioq_peek_item()

5 years agoUpdate 60-sensor.hwdb
zsergeant77 [Thu, 24 Jan 2019 21:03:30 +0000 (00:03 +0300)]
Update 60-sensor.hwdb

Added mount matrix for Digma CITI E203 hybrid

5 years agocore/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount...
Yu Watanabe [Sat, 26 Jan 2019 11:00:04 +0000 (12:00 +0100)]
core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set

Follow-up for d54bab90e64f70c1ecf9b0683a98adb8485ed09e.

Fixes #11558.

5 years agoAdd missing dash to --all option in the timedatectl man page
Jonathan Roemer [Sat, 26 Jan 2019 00:46:15 +0000 (18:46 -0600)]
Add missing dash to --all option in the timedatectl man page

5 years agotest/test-functions: on PPC64 use hvc0 console
Dimitri John Ledkov [Tue, 20 Feb 2018 12:01:40 +0000 (12:01 +0000)]
test/test-functions: on PPC64 use hvc0 console

5 years agotest/test-functions: on PP64 use vmlinux
Dimitri John Ledkov [Mon, 19 Feb 2018 20:47:41 +0000 (20:47 +0000)]
test/test-functions: on PP64 use vmlinux

At least on Ubuntu, ppc64el uses vmlinux-, not vmlinuz. With this, it should be
possible to run qemu tests on ppc64el as part of Ubuntu autopkgtests.

5 years agodhcp/trivial: fix spelling error in comment
Thomas Haller [Fri, 25 Jan 2019 10:24:06 +0000 (11:24 +0100)]
dhcp/trivial: fix spelling error in comment