Yu Watanabe [Sun, 14 Apr 2019 11:46:24 +0000 (20:46 +0900)]
core: add assertion in two inline functions
Yu Watanabe [Sun, 14 Apr 2019 11:45:31 +0000 (20:45 +0900)]
core: use BUS_DEFINE_PROPERTY_GET() macro at more places
Yu Watanabe [Sun, 14 Apr 2019 11:13:40 +0000 (20:13 +0900)]
core: change type of Service::timeout_abort_set to bool
Follow-up for
dc653bf487bae9d1ddf794442bf4176fee173b41 (#11211).
Yu Watanabe [Sat, 13 Apr 2019 13:43:21 +0000 (22:43 +0900)]
Merge pull request #12288 from yuwata/resolve-bond-rafactoring
resolve,network: tiny cleanups
Franck Bui [Fri, 12 Apr 2019 12:45:53 +0000 (14:45 +0200)]
tmpfiles: split tmp.conf out
tmp.conf was dealing with 2 different kind of paths: one dealing with general
temporary paths such as /var/tmp and /tmp and the other one dealing with
temporary directories owned by systemd.
If for example a user wants to adjust the age argument of the general paths
only, he had to overload the whole file which is cumbersome and error prone
since any future changes in tmp.conf shipped by systemd will be lost.
So this patch splits out tmp.conf so the systemd directories are dealt
separately in a dedicated conf file. It's named "systemd-tmp.conf" based on the
naming recommendation made in tmpfiles.d man page.
In practice it shouldn't cause any regression since it's very unlikely that
users override paths owned by systemd.
Dominick Grift [Fri, 12 Apr 2019 18:15:35 +0000 (20:15 +0200)]
nspawn: Fix volatile SELinux label
nspawn should associate the specified nspawn container apifs object label instead of the nspawn container process label with the volatile tmpfs
Yu Watanabe [Sat, 13 Apr 2019 09:23:13 +0000 (18:23 +0900)]
Merge pull request #12296 from poettering/coding-style-sections
split CODING_STYLE document into multiple thematic sections
Yu Watanabe [Sat, 13 Apr 2019 09:19:38 +0000 (18:19 +0900)]
Merge pull request #12290 from poettering/json-foreach-love
some small JSON foreach macro love
Yu Watanabe [Sat, 13 Apr 2019 09:19:15 +0000 (18:19 +0900)]
Merge pull request #12293 from poettering/tiny-journal-modernizations
four simple journal modernizations
Yu Watanabe [Fri, 12 Apr 2019 05:15:29 +0000 (14:15 +0900)]
network: re-indent conf parser and wrap long lines in bond.c
Yu Watanabe [Fri, 12 Apr 2019 05:14:19 +0000 (14:14 +0900)]
network: use OrderedSet for bond ARP ip targets
Yu Watanabe [Fri, 12 Apr 2019 05:13:17 +0000 (14:13 +0900)]
ordered-set: add missing ordered_set_size()
Yu Watanabe [Fri, 12 Apr 2019 04:37:02 +0000 (13:37 +0900)]
network: drop allocation for Bond::ad_actor_system
Yu Watanabe [Fri, 12 Apr 2019 04:29:46 +0000 (13:29 +0900)]
network: drop bond_mode_to_kernel() and bond_xmit_hash_policy_to_kernel()
Yu Watanabe [Thu, 11 Apr 2019 05:36:18 +0000 (14:36 +0900)]
arp-util: use net/ethernet.h instead of netinet/if_ether.h
The header net/ethernet.h is used at all other places where
'struct ether_addr' is required.
Yu Watanabe [Thu, 11 Apr 2019 05:16:51 +0000 (14:16 +0900)]
resolve: use log_link_*() macro
Yu Watanabe [Thu, 11 Apr 2019 05:08:40 +0000 (14:08 +0900)]
resolve: rename Link.name -> Link.ifname
This also changes the type from char[IF_NAMESIZE] to char*.
By changing the type, now resolved-link.h can drop the dependency to
the header net/if.h.
Jan Klötzke [Wed, 29 Nov 2017 06:43:44 +0000 (07:43 +0100)]
service: handle abort stops with dedicated timeout
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.
This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.
If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
Sebastian Jennen [Sat, 23 Feb 2019 16:26:25 +0000 (17:26 +0100)]
code style format: clang-format applied to src/a*/*
[zj: this is a subset of changes generated by clang-format, just the ones
I think improve readability or consistency.]
This is a part of https://github.com/systemd/systemd/pull/11811.
Chris Down [Thu, 28 Mar 2019 12:50:50 +0000 (12:50 +0000)]
cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow
In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).
This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow
value.
Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).
Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.
After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.
Lennart Poettering [Fri, 12 Apr 2019 15:01:05 +0000 (17:01 +0200)]
CODING_STYLE: rename "Others" section to "Code Organization and Semantics"
This is a bit of a grabbag, but it's the best I could come up with
without having lots of single-item sections.
Lennart Poettering [Fri, 12 Apr 2019 14:58:46 +0000 (16:58 +0200)]
CODING_STYLE: split out section about runtime behaviour
Lennart Poettering [Fri, 12 Apr 2019 14:53:27 +0000 (16:53 +0200)]
CODING_STYLE: add section about C constructs use
Lennart Poettering [Fri, 12 Apr 2019 14:50:24 +0000 (16:50 +0200)]
CODING_STYLE: split out section about deadlocks
Lennart Poettering [Fri, 12 Apr 2019 14:49:02 +0000 (16:49 +0200)]
CODING_STYLE: split out section about logging
Lennart Poettering [Fri, 12 Apr 2019 14:45:03 +0000 (16:45 +0200)]
CODING_STYLE: export section about exporting symbols
Lennart Poettering [Fri, 12 Apr 2019 14:42:44 +0000 (16:42 +0200)]
CODING_STYLE: split out section about destructors
Lennart Poettering [Fri, 12 Apr 2019 14:40:34 +0000 (16:40 +0200)]
CODING_STYLE: split out section about command line parsing
Lennart Poettering [Fri, 12 Apr 2019 14:38:14 +0000 (16:38 +0200)]
CODING_STYLE: Split out section about error handling
Lennart Poettering [Fri, 12 Apr 2019 14:35:17 +0000 (16:35 +0200)]
CODING_STYLE: split out section about commiting to git
Lennart Poettering [Fri, 12 Apr 2019 14:34:01 +0000 (16:34 +0200)]
CODING_STYLE: split out section about file descriptors
Lennart Poettering [Fri, 12 Apr 2019 14:31:58 +0000 (16:31 +0200)]
CODING_STYLE: split out section about memory allocations
Lennart Poettering [Fri, 12 Apr 2019 14:26:46 +0000 (16:26 +0200)]
CODING_STYLE: move out section about Types
Lennart Poettering [Fri, 12 Apr 2019 14:22:16 +0000 (16:22 +0200)]
CODING_STYLE: add section about how to reference specific concepts
Lennart Poettering [Fri, 12 Apr 2019 14:20:37 +0000 (16:20 +0200)]
CODING_STYLE: split out bits about Formatting into its own section
(And, for now, add a section "Other" to separate the rest of the stuff)
Lennart Poettering [Fri, 12 Apr 2019 14:16:39 +0000 (16:16 +0200)]
CODING_STYLE: add a section about functions not to use
Let's add sections to the document. First off, let's add one about
functions not to use.
Lennart Poettering [Fri, 5 Apr 2019 16:20:06 +0000 (18:20 +0200)]
journald: modernize config_parse_compress() a bit
Lennart Poettering [Fri, 5 Apr 2019 13:31:18 +0000 (15:31 +0200)]
journald: rebreak a few comments
Lennart Poettering [Fri, 5 Apr 2019 13:37:20 +0000 (15:37 +0200)]
journald: no need to check ptr for non-NULL before _unref(), as function does that anyway
Lennart Poettering [Thu, 4 Apr 2019 15:30:51 +0000 (17:30 +0200)]
journald: use structure initialization
Lennart Poettering [Fri, 12 Apr 2019 11:59:30 +0000 (13:59 +0200)]
Merge pull request #12222 from yuwata/macsec
network: introduce MACsec
Lennart Poettering [Fri, 12 Apr 2019 11:51:53 +0000 (13:51 +0200)]
Merge pull request #12217 from keszybz/unlocked-operations
Refactor how we do unlocked file operations
Lennart Poettering [Fri, 12 Apr 2019 10:59:05 +0000 (12:59 +0200)]
json: be more careful when iterating through a JSON object/array
Let's exit the loop early in case the variant is not actually an object
or array. This is safer since otherwise we might end up iterating
through these variants and access fields that aren't of the type we
expect them to be and then bad things happen.
Of course, this doesn't absolve uses of these macros to check the type
of the variant explicitly beforehand, but it makes it less bad if they
forget to do so.
Lennart Poettering [Thu, 4 Apr 2019 14:40:02 +0000 (16:40 +0200)]
json: simplify JSON_VARIANT_OBJECT_FOREACH() macro a bit
There's no point in returning the "key" within each loop iteration as
JsonVariant object. Let's simplify things and return it as string. That
simplifies usage (since the caller doesn't have to convert the object to
the string anymore) and is safe since we already validate that keys are
strings when an object JsonVariant is allocated.
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 10:12:18 +0000 (12:12 +0200)]
Merge pull request #12289 from poettering/news-pid-max
NEWS: explain the kernel.pid_max sysctl change
Lennart Poettering [Fri, 12 Apr 2019 10:01:41 +0000 (12:01 +0200)]
NEWS: document kernel.pid_max change
Lennart Poettering [Fri, 12 Apr 2019 10:01:23 +0000 (12:01 +0200)]
NEWS: fix typo
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 10:24:38 +0000 (12:24 +0200)]
Add fmemopen_unlocked() and use unlocked ops in fuzzers and some other tests
This might make things marginially faster. I didn't benchmark though.
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 09:46:44 +0000 (11:46 +0200)]
Add open_memstream_unlocked() wrapper
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 09:27:21 +0000 (11:27 +0200)]
core/smack-setup: add helper function for openat+fdopen
Unlocked operations are used in all three places. I don't see why just one was
special.
This also improves logging, since we don't just log the final component of the
path, but the full name.
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 09:27:08 +0000 (11:27 +0200)]
Add fdopen_unlocked() wrapper
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 09:02:11 +0000 (11:02 +0200)]
Make fopen_temporary and fopen_temporary_label unlocked
This is partially a refactoring, but also makes many more places use
unlocked operations implicitly, i.e. all users of fopen_temporary().
AFAICT, the uses are always for short-lived files which are not shared
externally, and are just used within the same context. Locking is not
necessary.
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 08:17:16 +0000 (10:17 +0200)]
Add fopen_unlocked() wrapper
Lennart Poettering [Fri, 12 Apr 2019 09:02:54 +0000 (11:02 +0200)]
Merge pull request #12221 from keszybz/test-cleanups
Script indentation cleanups
Lennart Poettering [Fri, 12 Apr 2019 08:56:53 +0000 (10:56 +0200)]
Merge pull request #12287 from keszybz/patches-for-coverity-warnings
Patches for coverity warnings
Anita Zhang [Wed, 10 Apr 2019 23:08:41 +0000 (16:08 -0700)]
seccomp: check more error codes from seccomp_load()
We noticed in our tests that occasionally SystemCallFilter= would
fail to set and the service would run with no syscall filtering.
Most of the time the same tests would apply the filter and fail
the service as expected. While it's not totally clear why this happens,
we noticed seccomp_load() in the systemd code base would fail open for
all errors except EPERM and EACCES.
ENOMEM, EINVAL, and EFAULT seem like reasonable values to add to the
error set based on what I gather from libseccomp code and man pages:
-ENOMEM: out of memory, failed to allocate space for a libseccomp structure, or would exceed a defined constant
-EINVAL: kernel isn't configured to support the operations, args are invalid (to seccomp_load(), seccomp(), or prctl())
-EFAULT: addresses passed as args are invalid
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 07:03:52 +0000 (09:03 +0200)]
core: vodify one more call to mkdir
CID #1400460.
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 07:00:37 +0000 (09:00 +0200)]
test-exec-util: do not call setenv with NULL arg
The comment explains that $PATH might not be set in certain circumstances and
takes steps to handle this case. If we do that, let's assume that $PATH indeed
might be unset and not call setenv("PATH", NULL, 1). It is not clear from the
man page if that is allowed.
CID #1400497.
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 06:55:39 +0000 (08:55 +0200)]
test-env-util: allow $PATH to be unset
Coverity was unhappy, because it doesn't know that $PATH is pretty much always
set. But let's not assume that in the test. CID #1400496.
$ (unset PATH; build/test-env-util)
[1] 31658 segmentation fault (core dumped) ( unset PATH; build/test-env-util; )
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 12:14:45 +0000 (14:14 +0200)]
CODING_STYLE: adjust indentation rules, and add note about config loading
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 09:41:35 +0000 (11:41 +0200)]
shell-completion/zsh: add -*type*- headers
Since there's no file extension, emacs and other editors do not know that this is
supposed to be in shell syntax.
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 09:39:14 +0000 (11:39 +0200)]
shell-completion: use 4 space indentation too
The same as in other places, indentation levels were all over the place.
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 12:10:42 +0000 (14:10 +0200)]
scripts: use 4 space indentation
We had all kinds of indentation: 2 sp, 3 sp, 4 sp, 8 sp, and mixed.
4 sp was the most common, in particular the majority of scripts under test/
used that. Let's standarize on 4 sp, because many commandlines are long and
there's a lot of nesting, and with 8sp indentation less stuff fits. 4 sp
also seems to be the default indentation, so this will make it less likely
that people will mess up if they don't load the editor config. (I think people
often use vi, and vi has no support to load project-wide configuration
automatically. We distribute a .vimrc file, but it is not loaded by default,
and even the instructions in it seem to discourage its use for security
reasons.)
Also remove the few vim config lines that were left. We should either have them
on all files, or none.
Also remove some strange stuff like '#!/bin/env bash', yikes.
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 13:06:34 +0000 (15:06 +0200)]
test: filter out messages when stripping binaries
We would get an error for every script, which is just noise.
Yu Watanabe [Fri, 5 Apr 2019 06:58:50 +0000 (15:58 +0900)]
test-network: add tests for MACsec
Yu Watanabe [Wed, 10 Apr 2019 06:53:30 +0000 (15:53 +0900)]
network: re-indent gperf files
Yu Watanabe [Wed, 10 Apr 2019 10:26:57 +0000 (19:26 +0900)]
network: warn when private key is stored in world readable files
Yu Watanabe [Fri, 5 Apr 2019 06:52:26 +0000 (15:52 +0900)]
network: add MACsecTransmitAssociation.UseForEncoding= setting
Yu Watanabe [Fri, 5 Apr 2019 06:33:52 +0000 (15:33 +0900)]
network: add MACsec*Association.Activate= setting
Yu Watanabe [Wed, 10 Apr 2019 09:07:10 +0000 (18:07 +0900)]
network: add MACsec*Association.KeyFile= setting
Yu Watanabe [Wed, 10 Apr 2019 08:53:30 +0000 (17:53 +0900)]
network: explicitly clear security key for macsec
Yu Watanabe [Wed, 10 Apr 2019 08:29:10 +0000 (17:29 +0900)]
network: support multiple security associations for macsec channels
Susant Sahani [Wed, 3 Apr 2019 11:27:36 +0000 (16:57 +0530)]
network: Introduce MACsec
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.
Closes #5754
Yu Watanabe [Fri, 5 Apr 2019 09:10:02 +0000 (18:10 +0900)]
linux: import if_macsec.h from kernel-5.0
MACsec is introduced since kernel-4.6. Let's support order kernels.
Yu Watanabe [Wed, 10 Apr 2019 09:03:42 +0000 (18:03 +0900)]
fileio: add READ_FULL_FILE_UNHEX flag
Similar to READ_FULL_FILE_UNBASE64, read data is decoded with
unhexmem().
Yu Watanabe [Wed, 10 Apr 2019 08:50:27 +0000 (17:50 +0900)]
util: extend unhexmem() to accept secure flag
When the flag is set, buffer is cleared on failure.
This is a continuation of
2432d09c7a7115004b16eb11bf81ffeeb32d15ad.
Lennart Poettering [Thu, 11 Apr 2019 17:01:03 +0000 (19:01 +0200)]
Merge pull request #12267 from keszybz/udev-settle-warning
Udev settle warning
Yu Watanabe [Wed, 10 Apr 2019 10:55:53 +0000 (19:55 +0900)]
tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0
Lennart Poettering [Thu, 11 Apr 2019 16:58:43 +0000 (18:58 +0200)]
Merge pull request #12153 from benjarobin/killall-show-not-killed
shutdown/killall: Show in the console the processes not yet killed
Lennart Poettering [Thu, 11 Apr 2019 16:58:08 +0000 (18:58 +0200)]
Merge pull request #12226 from poettering/22bit-pids
sysctl: let's by default increase the numeric PID range from 2^16 to …
Lennart Poettering [Thu, 11 Apr 2019 16:57:47 +0000 (18:57 +0200)]
Merge pull request #12037 from poettering/oom-state
add cgroupv2 oom killer event handling to service management
Lennart Poettering [Thu, 11 Apr 2019 16:57:18 +0000 (18:57 +0200)]
Merge pull request #12219 from keszybz/bootctl-check-entries
bootctl: check entries when showing them
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 16:28:36 +0000 (18:28 +0200)]
NEWS: update contributors and date
Sebastian Krzyszkowiak [Thu, 11 Apr 2019 14:31:09 +0000 (16:31 +0200)]
hwdb: mark Apple Magic Trackpads as external
Applies only to USB - when connected via Bluetooth it already gets marked correctly.
Jonathan Lebon [Wed, 10 Apr 2019 21:28:15 +0000 (17:28 -0400)]
fstab-generator: use DefaultDependencies=no for /sysroot mounts
Otherwise we can end up with an ordering cycle. Since
d54bab90, all
local mounts now gain a default `Before=local-fs.target` dependency.
This doesn't make sense for `/sysroot` mounts in the initrd though,
since those happen later in the boot process.
Closes: #12231
Lennart Poettering [Thu, 11 Apr 2019 15:03:57 +0000 (17:03 +0200)]
Merge pull request #12279 from keszybz/sd-bus-long-signatures
sd-bus: properly handle messages with overlong signatures
Lennart Poettering [Thu, 11 Apr 2019 13:21:45 +0000 (15:21 +0200)]
Merge pull request #12274 from poettering/nss-fixlets
some nss module fixlets
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 12:07:22 +0000 (14:07 +0200)]
sd-bus: add define for the maximum name length
Less magic numbers in the code…
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 12:02:59 +0000 (14:02 +0200)]
sd-bus: add define for the maximum signature length
Less magic numbers in the code…
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 12:01:38 +0000 (14:01 +0200)]
bus-message: validate signature in gvariant messages
We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.
Lennart Poettering [Thu, 11 Apr 2019 09:06:40 +0000 (11:06 +0200)]
nss-resolve: list more errors as cause for fallback
If dbus-daemon kicks us from the bus or hangs, we should fallback too.
Fixes: #12203
Lennart Poettering [Thu, 11 Apr 2019 09:00:22 +0000 (11:00 +0200)]
nss-resolve: simplify condition
Of course, if the error is NXDOMAIN then it's not one of the errors
listed for fallback, hence don't bother...
Lennart Poettering [Wed, 10 Apr 2019 19:56:37 +0000 (21:56 +0200)]
nss-mymachines: return NO_RECOVERY instead of NO_DATA when we fail to do D-Bus and similar
This makes more semantical sense and is what we do in nss-resolve in a
similar case, hence let's remove the differences here.
Lennart Poettering [Wed, 10 Apr 2019 19:40:49 +0000 (21:40 +0200)]
nss-myhostname: unify code that handles NOT_FOUND case
Just some minor rework to make this more like nss-resolve.
Lennart Poettering [Wed, 10 Apr 2019 19:57:44 +0000 (21:57 +0200)]
nss-resolve: resue a jump target
We can reuse "fail" here, since it does the same thing.
Lennart Poettering [Wed, 10 Apr 2019 19:27:16 +0000 (21:27 +0200)]
nss-resolve: return error properly
Lennart Poettering [Wed, 10 Apr 2019 19:26:46 +0000 (21:26 +0200)]
nss-resolve: drop unnecessary variable
We assign the same value to "ret" always, let's just return the value
literally.
Lennart Poettering [Thu, 11 Apr 2019 08:22:46 +0000 (10:22 +0200)]
Merge pull request #12271 from poettering/errno-accept-again
accept() errno fixes
Yu Watanabe [Thu, 11 Apr 2019 06:38:32 +0000 (15:38 +0900)]
test: make directory for drop-in config
Follow-up for
a2fbac5875776e9e327f30cf2a8b3070a4c1552a.
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 06:31:14 +0000 (08:31 +0200)]
Merge pull request #12270 from yuwata/test-set-longer-timeout
test: set longer timeout