wchang kim [Wed, 28 Sep 2016 09:05:28 +0000 (18:05 +0900)]
Description : Fixed the security hole.
In case of "systemctl --user enable <path>", a application can insert
the malicious user service.
So systemctl can only enable the service with service name.
Change-Id: I570f45985516ee3636720f36787080590e6f90ef
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Mon, 12 Sep 2016 06:51:15 +0000 (15:51 +0900)]
Description : Added the upgrade script from 2.4 to 3.0
systemd_upgrade.sh is installed to /usr/share/upgrade/scripts.
It changes the smack rule for /var/log/wtmp and /var/lib/systemd.
Change-Id: Iebffca3238bcedd195ec2e91afdf5e46a882ec42
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Kunhoon Baik [Mon, 12 Sep 2016 04:05:57 +0000 (13:05 +0900)]
Disable Polkit
Tizen uses Cynara instead of Polkit.
https://wiki.tizen.org/wiki/Security:Cynara:ComparisonWithOtherSolutions
Change-Id: I519d84e41225e9a4c3343bec74871727e51a54ad
Kunhoon Baik [Thu, 1 Sep 2016 07:01:12 +0000 (16:01 +0900)]
Watchdog : support to change timeout to USEC_INFINITY (disable timeout)
Change-Id: I459471c2d210eb31c22a17e0e45653b3de04233a
Kunhoon Baik [Fri, 26 Aug 2016 04:22:20 +0000 (13:22 +0900)]
watchdog: Support changing watchdog_usec during runtime
(#3492)
Add sd_notify() parameter to change watchdog_usec during runtime.
Application can change watchdog_usec value by
sd_notify like this. Example. sd_notify(0, "WATCHDOG_USEC=
20000000").
To reset watchdog_usec as configured value in service file,
restart service.
Notice.
sd_event is not currently supported. If application uses
sd_event_set_watchdog, or sd_watchdog_enabled, do not use
"WATCHDOG_USEC" option through sd_notify.
Origin: https://github.com/systemd/systemd/commit/
2787d83c2
Note: There are two additional patches for clean backport patch
1)rework unit timeout patch - https://github.com/systemd/systemd/commit/
36c16a7cd
2)rework per-object logging - https://github.com/systemd/systemd/commit/
f2341e0a8
However, we will not apply the patch for minimal backport
Change-Id: Ic1a91dc4e611f3e92fdc734fb1eb70e27244aa37
Kunhoon Baik [Wed, 17 Aug 2016 12:25:55 +0000 (21:25 +0900)]
tizen: Patch for unlimited timeout for User Session
This patch should be used for specific purpose of Tizen
Change-Id: Ida7448da300b0c4cf9a5189c6f8903a2e8729df3
Kunhoon Baik [Wed, 10 Aug 2016 13:02:22 +0000 (22:02 +0900)]
Modification of journald configuration for minimal log saving
There were several requirements for minimal disk log.
Especially, Default Tizen tries to keep the the log size under 10MB
because Tizen provides other logging system DLOG.
Change-Id: I633bf5a15041da8f40f8cde66e488c1b14f25045
Sunmin Lee [Mon, 1 Aug 2016 02:48:45 +0000 (11:48 +0900)]
system-update: restore update generator
Tizen is about to support system update.
It would be implemented through systemd feature,
offline system updates. And to do this, the binary
system-update-generator is essential so the removed
file should be restored.
Change-Id: I00f7d5125d9218c474f74a6003d7ae38bad2373c
Signed-off-by: Sunmin Lee <sunm.lee@samsung.com>
Hyeongsik Min [Tue, 19 Jul 2016 01:41:28 +0000 (10:41 +0900)]
packaging: Disable gcrypt to remove dependency
This patch removes gcrypt dependency to save resource and
will disable FSS(anti log-file tampering feature) as well.
In addition, importd depends on gcrypt. Thus, importd was disabled explictly.
Finally, machined feature was disabled because the feature is not used
and some parts of the feature depends on importd.
Change-Id: I44c7ec43d1861d67a18049cdff2821a849c636d6
Signed-off-by: Hyeongsik Min <hyeongsik.min@samsung.com>
wchang kim [Fri, 22 Jul 2016 07:09:38 +0000 (16:09 +0900)]
Description : Fixed the smack error after applying onlycap.
Set exec-label "System" to systemd-cgroup-agent"
Change-Id: I5bf36f7b7e8b8750bacac407f160b56820ae8625
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
jin-gyu.kim [Wed, 20 Jul 2016 11:28:15 +0000 (20:28 +0900)]
Set SmackProcessLabel as System.
Change-Id: I37c3c1ee8152f82bf45b50f6e81f7986b62547c1
Kunhoon Baik [Thu, 30 Jun 2016 12:22:10 +0000 (21:22 +0900)]
Disable Online KMSG logging
This is Unavoidable Patch for me - This is quick patch for internal issue.
If you have a question for this patch, contact to hyeongsik.min and jinmin
Change-Id: Ie21692ea85ee2e7fbfa0265f9e606b204d27a558
wchang kim [Wed, 29 Jun 2016 23:38:55 +0000 (08:38 +0900)]
Description : Add smack label(*) to loop device for security policy
Add smack label(*) to loop device for security policy
Change-Id: If9271c209b05f73c20c66f7e30a7d18e070c2b4a
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 29 Jun 2016 00:18:37 +0000 (09:18 +0900)]
Description : Set PATH in local script for security policy
Set PATH in local script for security
Change-Id: If1f6163bdd936222e103822ee01d4c9a7e886a72
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Kunhoon Baik [Tue, 7 Jun 2016 13:51:38 +0000 (22:51 +0900)]
For using persistent storage in AUTO mode.
As Tizen default, /opt is mounted seperately, and the /var -> /opt/var
Thus, systemd flush should be done after mounting /opt.
In generic, I think that systemd-journal-flush should be done after local-fs.target
because several devices have own partition policies.
Change-Id: I4acb4bd26365681ea798441c2f154b8ba5422665
Kunhoon Baik [Mon, 23 May 2016 06:50:59 +0000 (15:50 +0900)]
Disable systemd-timedated and systemd-rfkill
Tizen 3.0 does not use systemd-timedated for changing time-zone and related things.
Alarm-manager will manage the functionalities.
Tizen 3.0 does not use systemd-rfkill any more.
Net-config will manage the functionalities.
Change-Id: Icb3011003060c213b2bdcd0de53480acaaeed70b
Kunhoon Baik [Fri, 15 Apr 2016 05:52:57 +0000 (14:52 +0900)]
Disable systemd-backlight
Tizen does not use systemd-backlight. Deviced will control whole
backlight-related operation.
Change-Id: I59b45eeb5dbc3d4ab716bcbf38df120fd1023a5f
Kunhoon Baik [Fri, 15 Apr 2016 01:08:52 +0000 (10:08 +0900)]
Add nosuid and noexec option for mounting /tmp
Refer to : https://bugs.tizen.org/jira/browse/TM-233
Change-Id: Ibc06d23f6743b2c21007cef5e340048a1e0d1429
Kunhoon Baik [Sat, 2 Apr 2016 05:25:38 +0000 (14:25 +0900)]
Disable systemd-coredump
Tizen 3.0 does not use systemd-coredump due to performance issue.
Instead of systemd coredump, Tizen 3.0 uses crash-manager
Change-Id: Ic73aabc9ab874a8b88db501a0d2eef5727bfbacf
Kunhoon Baik [Sat, 2 Apr 2016 03:06:59 +0000 (12:06 +0900)]
Remove bash-completion (and zsh-completion) of systemd
[Note] Bash shell of current Tizen does not support several completion command due to license issue.
Thus, most bash-completion script of systemd does not work.
In addtion, default Tizen wdoes not support zsh.
Change-Id: I18d6a05866ff375e08402b9b4f832592c11531d0
Kunhoon Baik [Sat, 26 Mar 2016 07:31:34 +0000 (16:31 +0900)]
Run the serial-getty (Open the serial console) eariler for debugging convenience.
Change-Id: I239977c2872ed219bf2591a80c1153eeba4cdc89
boseong choi [Fri, 18 Mar 2016 09:05:49 +0000 (18:05 +0900)]
spec: change LGPL license version 2.0+ to 2.1+
change LGPL license version.
2.0+ -> 2.1+
Change-Id: I56238c288bde2d21a13c390880270cee36bf1d37
Signed-off-by: boseong choi <boseong.choi@samsung.com>
Sangjung Woo [Fri, 11 Mar 2016 04:32:10 +0000 (13:32 +0900)]
spec: Remove unnecessary default.target for IVI profile
This removes unnecessary default.target file for IVI profile.
Change-Id: Ib354a9028ab020f504e7c35cb5f9bb16ea112766
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Łukasz Stelmach [Mon, 30 Nov 2015 10:07:56 +0000 (11:07 +0100)]
spec: exclude unused generators to speed up boot
Change-Id: I9dcde28a22d7301c68280c1f72ecb1c5641296d1
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Min Kang [Wed, 13 Jan 2016 10:31:02 +0000 (19:31 +0900)]
spec: remove circular dependency on OBS
remove dbus-1 BuildRequires and dbus Requires
Change-Id: Ic2f4b419c15c5759743fbe3a5df60d4558c5bb53
Signed-off-by: Min Kang <min1023.kang@samsung.com>
Min Kang [Wed, 6 Jan 2016 00:15:16 +0000 (09:15 +0900)]
packaging: remove hwdata package in BuildRequires
hwdata package is unused, so remove BuildRequires and Requires
Change-Id: I705d002269d273985584e4d6b009ab3401a0b626
Signed-off-by: Min Kang <min1023.kang@samsung.com>
Min Kang [Fri, 11 Dec 2015 00:39:51 +0000 (09:39 +0900)]
spec: change default.target file
change default.target file to graphical.target symbolic link
execpt for ivi
Change-Id: Icba283120b59ffae3804ecbf6417dc34792421a3
Signed-off-by: Min Kang <min1023.kang@samsung.com>
Sangjung Woo [Tue, 27 Oct 2015 08:37:54 +0000 (17:37 +0900)]
spec: Remove unnecessary BuildRequires
In order to resolve the cycle build dependency, this removes unnecessary
BuildRequires in spec file.
Change-Id: I60e5bd573986be3febcf417109f79d13f607a732
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Karol Lewandowski [Wed, 21 Oct 2015 16:24:14 +0000 (18:24 +0200)]
cg_get_root_path: Return default root path if it's not accessible due to insufficient permission
This commit provides default value ("/") for root path in case where
/proc/1/cgroup is not readable due to insufficient permission (eg. in
MAC system).
Inability to read root cgroup path leads to failure in determining
instance type being used (system, user), eg.
user@localhost:~$ /usr/lib/systemd/user-generators/systemd-dbus1-generator
[13087.175648] audit: type=1400 audit(
946701489.290:1463): lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System" requested=r pid=14081 comm="systemd-dbus1-g" name="cgroup" dev="proc" ino=11149
Failed to determine whether we are running as user or system instance: Permission denied
strace: open("/proc/1/cgroup", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 EACCES (Permission denied)
Change-Id: I60a17ad05b8b49cd1fb1c8aa3ad8f46d34231df3
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Sangjung Woo [Wed, 14 Oct 2015 06:38:25 +0000 (15:38 +0900)]
units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled
If SMACK is enabled, 'smackfsroot=*' option should be specified in
tmp.mount file since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.
origin: https://github.com/systemd/systemd/commit/
409c2a13fd65692c6
Change-Id: I11df1ad555f376eaf0588d35e91789c9e2b07f8d
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Sangjung Woo [Tue, 8 Sep 2015 05:08:51 +0000 (14:08 +0900)]
spec: disable systemd-randomseed
When systemd-randomseed is enabled, random seed is generated in post
script. However, the smack functionality of Tizen build system is not
enabled so /var/lib/systemd directory is labeled as "_". Because of this
reason, some daemons or tools such as loginctl which is labeled as
"System" eventually failed to create some files in /var/lib/systemd.
This patch resolves this issue by disabling systemd-randomseed since
this functionality is not necessary for Tizen.
Change-Id: Idd95dc97b84de400fbd7a6890bd6d78f8557c2fc
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Sangjung Woo [Mon, 7 Sep 2015 05:17:47 +0000 (14:17 +0900)]
spec: fix systemd-tmpfiles-setup.service failure
systemd-tmpfiles-setup.service is failed since
/usr/share/factory/etc/nsswitch.conf is not installed. This patch fixes
that bug by adding /usr/share/factory/etc/nsswitch.conf into systemd
package. If /etc/nsswitch.conf already exists,
/usr/share/factory/etc/nsswitch.conf file is not installed in /etc
directory since etc.conf uses 'C' as the type of tmpfiles.d
configuration so this patch does not make any error in network
operation.
Change-Id: I1c4ea8dcdaae002d5cfc3db4be53470c8d2169ca
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Rafal Krypa [Wed, 2 Sep 2015 13:27:50 +0000 (15:27 +0200)]
Temporarily disable Smack for POSIX shared memory
Mount /dev/shm directory, used by glibc for implementation of POSIX shared
memory segments, will now be mounted with System::Run label, transmutable.
This effectively disables any access control by Smack on POSIX SHMs.
Programs running with the same UID and GIDs, but different Smack labels
(i.e. applications, user services) will be able to spy on each others SHM.
This is a temporary workaround for problems with audio architecture not
compliant with Tizen 3.0 security architecture. Applications using pulse
audio try to exchange SHM segments.
This patch is to be reverted in the near future. It is needed for now to
have a working release.
Change-Id: I82fa7b33ad415a5b57d6e2c3e8c6ea642c659ab7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Sangjung Woo [Tue, 28 Jul 2015 08:36:37 +0000 (17:36 +0900)]
spec: exclude /usr/share/factory/etc/nsswitch.conf
Since vendor specific nsswitch.conf is not used in Tizen
platform, '/usr/share/factory/etc/nsswitch.conf' is removed and
/etc/nsswitch.conf will be used.
Change-Id: Id2f0665629e4fbf89735e6396fadada5ebb5a396
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Maciej Wereski [Thu, 28 May 2015 16:46:26 +0000 (18:46 +0200)]
tizen-smack: label sound devices with *
Change-Id: Ia41c0f7d8d4d98e34b4260cd9a8a55d99c5a33a7
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Michael I Doherty [Tue, 23 Jul 2013 13:12:50 +0000 (14:12 +0100)]
tizen: Tune of swap
Allow swap to be activated concurrently with sysinit target
Change-Id: I56aef31809e50ae6c4b10174c0f3b144f72b9746
Łukasz Stelmach [Wed, 29 Oct 2014 11:25:32 +0000 (12:25 +0100)]
tizen: Add pam_systemd.so to systemd-user
+ Add pam_systemd.so to /etc/pam.d/systemd-user
Change-Id: I87e9b5514f2cc77c37bc40aac4f15a4c741ee4e4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Michael Demeter [Fri, 11 Oct 2013 22:37:57 +0000 (15:37 -0700)]
tizen-smack: Handling of /dev
Smack enabled systems need /dev special devices correctly labeled
- Add Check for smack in rules.d/meson.build to include smack default rules
- Add smack default rules to label /dev/xxx correctly for access
Change-Id: Iebe2e349cbedb3013abdf32edb55e9310f1d17f5
Michael Demeter [Fri, 11 Oct 2013 22:37:57 +0000 (15:37 -0700)]
tizen-smack: Handling of /run and /sys/fs/cgroup
Make /run a transmuting directory to enable systemd
communications with services in the User domain.
Change-Id: I9e23b78d17a108d8e56ad85a9e839b6ccbe4feff
Anas Nashif [Sun, 9 Dec 2012 17:51:23 +0000 (09:51 -0800)]
tizen-rpm: 2 useful macro for RPM
- Add %install_service macro
- Define %_unitdir_user macro for user session units
Change-Id: Idc7f5c392c96981d95420b0d747eaf28964b2d02
José Bollo [Wed, 18 Mar 2015 13:28:28 +0000 (14:28 +0100)]
packaging: Bump to 219
Change-Id: I65a5d9a0a61b0d63d7563d86e0bcfe40d8bb2621
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
caoxinintel [Tue, 25 Nov 2014 06:08:59 +0000 (14:08 +0800)]
packaging: Make Tizen start faster
The removed services are not useful in Tizen. However, it still wastes time
as systemd tries to load, queue and start them. And disabling these
services will save some time during Tizen boot-up.
Jussi Laako [Wed, 5 Nov 2014 16:02:38 +0000 (18:02 +0200)]
packaging: Add default.target just like user has
Remove graphical.target as default boot target
and replace it with a real default.target that
will Require either multi-user.target or some
other previously final target. This allows proper
use of default.target.wants.
Change-Id: Ic0a3083dff6b3d398d3fccffcedcba2e30809f87
Signed-off-by: Jussi Laako <jussi.laako@linux.intel.com>
Łukasz Stelmach [Wed, 29 Oct 2014 11:25:32 +0000 (12:25 +0100)]
packaging: Bump to 216, conditional kdbus support
+ Rename systemd-coredumpctl to coredumpctl (
f4bab169) and introduce
coredump.conf (
34c10968).
+ Disable some new features: sysusers, firstboot, timesyncd, resolved
and networked.
+ New tools: systemd-escape and systemd-path.
+ New header files in the devel package.
+ Add package-specific rpllint configuration file.
[Dropped kdbus support]
Change-Id: I87e9b5514f2cc77c37bc40aac4f15a4c741ee4e4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Maciej Wereski [Thu, 23 Oct 2014 10:20:21 +0000 (12:20 +0200)]
packaging: proper SMACK label on systemd-coredump
Bug-Tizen: TC-1578
Change-Id: I60001c2310d6ecaea459528846a010d07a4f0439
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Kévin THIERRY [Mon, 26 May 2014 11:51:52 +0000 (13:51 +0200)]
packaging: Bump to v212
Ulf Hofemeier [Mon, 31 Mar 2014 23:09:04 +0000 (16:09 -0700)]
packaging: Set proper smack label for locale.conf
Bug-fix: TIVI-2890
The post install script that creates the /etc/locale.conf
didn't set smack label, which defaults to _, and systemd is
running as System, and couldn't write to it.
Change-Id: I3639940d742aa7f20741953ae0268775788d656a
Signed-off-by: Ulf Hofemeier <ulf.hofemeier@linux.intel.com>
William Douglas [Mon, 7 Oct 2013 21:23:56 +0000 (14:23 -0700)]
packaging: Bump to v208
- Add System label to systemd
Krzysztof Opasiak [Thu, 18 Apr 2013 07:29:53 +0000 (09:29 +0200)]
packaging-RSA: Import platform restart from RSA
Platform restart functionality patch reorganized.
Previous patch made by Sangjung Woo <sangjung.woo@samsung.com>
had to be reorganized to ensure that it may be applied on any
systemd version. Now it is applied without modifying any
systemd files (ex. Makefile).
Change-Id: I187f05c24f3e8267a9e88c11a0a9ca84a6ae7d71
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Maciej Wereski [Tue, 6 Aug 2013 11:56:31 +0000 (13:56 +0200)]
packaging-RSA: Add pamconsole-tmp.conf from RSA
Anas Nashif [Tue, 8 Jan 2013 23:31:46 +0000 (15:31 -0800)]
packaging: Add packaging
- Add packaging files
- Disable sysv compatibility
- Enable readahead services
- Add baselibs.conf to support multilib
- Fix the dangling symlink /var/lock
In upstream systemd, legacy.conf, which creates /run/lock, is only
installed when sysvcompat is enabled, but this breaks the /var/lock
symlink. Installing legacy.conf fixes the issue.
Luca Boccassi [Wed, 6 Dec 2023 20:32:40 +0000 (20:32 +0000)]
NEWS: finalize for v255
Luca Boccassi [Wed, 6 Dec 2023 20:29:04 +0000 (20:29 +0000)]
Merge pull request #30334 from DaanDeMeyer/repart-fixes
repart: Add Minimize=best to --make-ddi= partition definitions
Lennart Poettering [Wed, 6 Dec 2023 18:20:35 +0000 (19:20 +0100)]
README: mention Matrix channel
Luca Boccassi [Wed, 6 Dec 2023 16:57:29 +0000 (16:57 +0000)]
Merge pull request #30341 from bluca/news
Update hwdb and NEWS
Daan De Meyer [Wed, 6 Dec 2023 11:18:32 +0000 (12:18 +0100)]
test: Add test case for --make-ddi=sysext
Also make sure that the sysext is big enough to not fit in the
minimum partition size so we know Minimize= is being used.
Daan De Meyer [Tue, 5 Dec 2023 13:56:15 +0000 (14:56 +0100)]
repart: Add Minimize=best to --make-ddi= partition definitions
Otherwise, repart won't calculate the minimal size of the partition
automatically and things will fail once the partitions exceed the
minimal partition size (10M).
Luca Boccassi [Wed, 6 Dec 2023 10:06:50 +0000 (10:06 +0000)]
hwdb: update
ninja -C build update-hwdb
Luca Boccassi [Wed, 6 Dec 2023 10:00:25 +0000 (10:00 +0000)]
NEWS: note that newly introduced tools are experimental
So that we can change interfaces for at least one release if needed
Luca Boccassi [Wed, 6 Dec 2023 09:57:38 +0000 (09:57 +0000)]
NEWS: update contributors list
Roland Singer [Wed, 6 Dec 2023 09:49:47 +0000 (10:49 +0100)]
ukify: fix handling of --secureboot-certificate-validity= (#30315)
Before:
$ python src/ukify/ukify.py genkey --secureboot-private-key=sb2.key --secureboot-certificate=sb2.cert --secureboot-certificate-validity=111
Traceback (most recent call last):
File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 1660, in <module>
main()
File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 1652, in main
generate_keys(opts)
File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 943, in generate_keys
key_pem, cert_pem = generate_key_cert_pair(
^^^^^^^^^^^^^^^^^^^^^^^
File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 891, in generate_key_cert_pair
now + ONE_DAY * valid_days
~~~~~~~~^~~~~~~~~~~~
TypeError: can't multiply sequence by non-int of type 'datetime.timedelta'
Now:
$ python src/ukify/ukify.py genkey --secureboot-private-key=sb2.key --secureboot-certificate=sb2.cert --secureboot-certificate-validity=111
Writing SecureBoot private key to sb2.key
Writing SecureBoot certificate to sb2.cert
The new code is also clearer.
Mike Yuan [Tue, 5 Dec 2023 13:53:51 +0000 (21:53 +0800)]
repart: use correct errno
Frantisek Sumsal [Tue, 5 Dec 2023 11:22:20 +0000 (12:22 +0100)]
test: load the io controller before checking if io.latency exists
Otherwise the following test gets always skipped.
Daan De Meyer [Tue, 5 Dec 2023 10:21:15 +0000 (11:21 +0100)]
repart: Fix sysext definitions for --make-ddi=
CopyFiles= does not support multiple directories separated by
whitespace. Instead the setting has to be specified multiple times.
Luca Boccassi [Tue, 5 Dec 2023 11:53:31 +0000 (11:53 +0000)]
selinux: downgrade log about state to trace
It is printed on every invocation of sd-executor, which is noisy and not useful
Follow-up for:
bb5232b6a3b8a
Yu Watanabe [Tue, 5 Dec 2023 14:50:25 +0000 (23:50 +0900)]
basic: fix typo
huyubiao [Tue, 5 Dec 2023 12:53:32 +0000 (20:53 +0800)]
fix: The example2 in hwdb.xml is unreasonable
use evdev:atkbd:dmi:bvnAcer:bvr:bdXXXXX:bd08/05/2010:svnAcer:pnX123: instead of evdev:atkbd:dmi:bvnAcer:bdXXXXX:bd08/05/2010:svnAcer:pnX123
Luca Boccassi [Mon, 4 Dec 2023 18:23:34 +0000 (18:23 +0000)]
Merge pull request #30313 from mrc0mmand/ubuntu-ci
Reduce the number of deny-list files for Ubuntu CI
Yu Watanabe [Mon, 4 Dec 2023 03:36:53 +0000 (12:36 +0900)]
tools/meson-vcs-tag: the third argument is optional
Follow-up for
1a71ac07adafebe7e0074f92d049f72968ca2d47.
Luca Boccassi [Mon, 4 Dec 2023 10:29:06 +0000 (10:29 +0000)]
Merge pull request #30314 from DaanDeMeyer/dmi
Document kernel configs required for reading credentials from SMBIOS
Daan De Meyer [Mon, 4 Dec 2023 10:16:52 +0000 (11:16 +0100)]
mkosi: Update comment why we can't use linux-kvm yet
Daan De Meyer [Mon, 4 Dec 2023 10:13:59 +0000 (11:13 +0100)]
Document kernel configs required for reading credentials from SMBIOS
Frantisek Sumsal [Mon, 4 Dec 2023 09:57:39 +0000 (10:57 +0100)]
test: reenable TEST-30 on i*86
The original reason for deny-listing it was that it's flaky there. I'm
not sure if that's still the case, but the Ubuntu CI jobs for i*86 are
gone, so this file shouldn't be needed anymore anyway.
Frantisek Sumsal [Mon, 4 Dec 2023 09:51:35 +0000 (10:51 +0100)]
test: skip TEST-36 on s390x and powerpc
As QEMU there doesn't support NUMA nodes. Also, drop the now unneeded
deny-list file for Ubuntu CI.
Frantisek Sumsal [Mon, 4 Dec 2023 09:23:42 +0000 (10:23 +0100)]
test: check if 'btrfs filesystem' supports 'mkswapfile'
Instead of deny-listing the test on Ubuntu CI, so it gets enabled
automagically once btrfs-progs is updated to a newer version there.
Frantisek Sumsal [Mon, 4 Dec 2023 09:16:02 +0000 (10:16 +0100)]
test: reenable TEST-25-IMPORT in Ubuntu CI
Let's see if #13973 is still an issue.
Luca Boccassi [Sun, 3 Dec 2023 18:30:07 +0000 (18:30 +0000)]
executor: apply LogLevelMax earlier
SELinux logs before we have a chance to apply it, move it up as it
breaks TEST-04-JOURNAL:
[ 408.578624] testsuite-04.sh[11463]: ++ journalctl -b -q -u silent-success.service
[ 408.578743] testsuite-04.sh[11098]: + [[ -z Dec 03 13:38:41 H systemd-executor[11459]: SELinux enabled state cached to: disabled ]]
Follow-up for:
bb5232b6a3b8a
Yu Watanabe [Mon, 4 Dec 2023 02:44:58 +0000 (11:44 +0900)]
Merge pull request #30305 from yuwata/seccomp-fix
seccomp: override the default action only when the filter is allow-list
Zbigniew Jędrzejewski-Szmek [Sat, 2 Dec 2023 09:26:05 +0000 (10:26 +0100)]
tests: fix section mapping in test_ukify.py
The regexp only worked if the sections were small enough for the size to
start with "0". I have an initrd that is 0x1078ec7e bytes, so the tests
would spuriously fail.
Luca Boccassi [Sun, 3 Dec 2023 12:34:24 +0000 (12:34 +0000)]
Merge pull request #30297 from keszybz/fixups
A few unrelated fixups for recent commits
Yu Watanabe [Sun, 3 Dec 2023 09:01:20 +0000 (18:01 +0900)]
seccomp-util: also use ENOSYS for unknown syscalls in seccomp_load_syscall_filter_set()
Follow-up for
2331c02d06cae97b87637a0fc6bb4961b509ccf2.
Note, currently, the function is always called with SCMP_ACT_ALLOW as
the default action, except for the test. So, this should not change
anything in the runtime code.
Yu Watanabe [Sun, 3 Dec 2023 08:37:02 +0000 (17:37 +0900)]
seccomp-util: override default action only when the filter is allow-list
Follow-up for
2331c02d06cae97b87637a0fc6bb4961b509ccf2.
Fixes #30304.
Zbigniew Jędrzejewski-Szmek [Wed, 29 Nov 2023 13:38:06 +0000 (14:38 +0100)]
stdio-bridge: return immediately if we can
Follow-up for
0321248b79d14ceddd36140b327332f145ae68e7.
Zbigniew Jędrzejewski-Szmek [Wed, 29 Nov 2023 13:13:33 +0000 (14:13 +0100)]
run: fix bad escaping and memory ownership confusion
arg_description was either set to arg_unit (i.e. a const char*), or to
char *description, the result of allocation in run(). But description
was decorated with _cleanup_, so it would be freed when going out of the
function. Nothing bad would happen, because the program would exit after
exiting from run(), but this is just all too messy.
Also, strv_join(" ") + shell_escape() is not a good way to escape command
lines. In particular, one the join has happened, we cannot distinguish
empty arguments, or arguments with whitespace, etc. We have a helper
function to do the escaping properly, so let's use that.
Fixup for
2c29813da3421b77eca5e5cdc3b9a863cad473b9.
Zbigniew Jędrzejewski-Szmek [Wed, 29 Nov 2023 13:01:13 +0000 (14:01 +0100)]
run: adjust indentation
Zbigniew Jędrzejewski-Szmek [Sun, 26 Nov 2023 14:54:11 +0000 (15:54 +0100)]
test-macro: use capital test names for macro tests
It's just easier if the test is named as the thing being tested. Also, this way
inconsistent, because lower in the file uppercase test names are used.
Luca Boccassi [Sat, 2 Dec 2023 02:05:27 +0000 (02:05 +0000)]
NEWS: finalize for v255-rc4
Luca Boccassi [Sat, 2 Dec 2023 02:04:24 +0000 (02:04 +0000)]
Merge pull request #30291 from keszybz/seccomp-unknown-syscall
Backwardscompatibly handle syscalls unknown to us or libseccomp
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2023 22:13:54 +0000 (23:13 +0100)]
core: turn on higher optimization level in seccomp
This mirrors what
d75615f398a0fbf986cf03924462863ca6ee2f9f did for nspawn.
It isn't really a fatal failure if we can't set that, so ignore it in libseccomp
cannot set the attribute.
line OP JT JF K
=================================
0000: 0x20 0x00 0x00 0x00000004 ld $data[4]
0001: 0x15 0x00 0xb7 0x40000003 jeq
1073741827 true:0002 false:0185
0002: 0x20 0x00 0x00 0x00000000 ld $data[0]
0003: 0x15 0xb5 0x00 0x00000000 jeq 0 true:0185 false:0004
0004: 0x15 0xb4 0x00 0x00000001 jeq 1 true:0185 false:0005
0005: 0x15 0xb3 0x00 0x00000002 jeq 2 true:0185 false:0006
0006: 0x15 0xb2 0x00 0x00000003 jeq 3 true:0185 false:0007
0007: 0x15 0xb1 0x00 0x00000004 jeq 4 true:0185 false:0008
0008: 0x15 0xb0 0x00 0x00000005 jeq 5 true:0185 false:0009
0009: 0x15 0xaf 0x00 0x00000006 jeq 6 true:0185 false:0010
...
0438: 0x15 0x03 0x00 0x000001be jeq 446 true:0442 false:0439
0439: 0x15 0x02 0x00 0x000001bf jeq 447 true:0442 false:0440
0440: 0x15 0x01 0x00 0x000001c0 jeq 448 true:0442 false:0441
0441: 0x06 0x00 0x00 0x00050026 ret ERRNO(38)
0442: 0x06 0x00 0x00 0x7fff0000 ret ALLOW
line OP JT JF K
=================================
0000: 0x20 0x00 0x00 0x00000004 ld $data[4]
0001: 0x15 0x00 0x27 0x40000003 jeq
1073741827 true:0002 false:0041
0002: 0x20 0x00 0x00 0x00000000 ld $data[0]
0003: 0x25 0x01 0x00 0x000000b5 jgt 181 true:0005 false:0004
0004: 0x05 0x00 0x00 0x00000143 jmp 0328
0005: 0x25 0x00 0xa1 0x00000139 jgt 313 true:0006 false:0167
0006: 0x25 0x00 0x51 0x00000179 jgt 377 true:0007 false:0088
0007: 0x25 0x00 0x29 0x000001a0 jgt 416 true:0008 false:0049
0008: 0x25 0x00 0x13 0x000001b0 jgt 432 true:0009 false:0028
0009: 0x25 0x00 0x09 0x000001b8 jgt 440 true:0010 false:0019
...
0551: 0x15 0x03 0x00 0x00000002 jeq 2 true:0555 false:0552
0552: 0x15 0x02 0x01 0x00000001 jeq 1 true:0555 false:0554
0553: 0x15 0x01 0x00 0x00000000 jeq 0 true:0555 false:0554
0554: 0x06 0x00 0x00 0x00050026 ret ERRNO(38)
0555: 0x06 0x00 0x00 0x7fff0000 ret ALLOW
The program is longer but hopefully faster because of the binary search.
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2023 18:04:27 +0000 (19:04 +0100)]
shared/seccomp-util: use the same error message for the same condition
We were calling seccomp_syscall_resolve_name three times and using a
slightly different error message in each of the cases.
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2023 18:03:23 +0000 (19:03 +0100)]
core: when applying syscall filters, use ENOSYS for unknown calls
glibc starting using fchmodat2 to implement fchmod with flags [1], but
current version of libseccomp does not support fchmodat2 [2]. This is
causing problems with programs sandboxed by systemd. libseccomp needs to know
a syscall to be able to set any kind of filter for it, so for syscalls unknown
by libseccomp we would always do the default action, i.e. either return the
errno set by SystemCallErrorNumber or send a fatal signal. For glibc to ignore
the unknown syscall and gracefully fall back to the older implementation,
we need to return ENOSYS. In particular, tar now fails with the default
SystemCallFilter="@system-service" sandbox [3].
This is of course a wider problem: any time the kernel gains new syscalls,
before libseccomp and systemd have caught up, we'd behave incorrectly. Let's
do the same as we already were doing in nspawn since
3573e032f26724949e86626eace058d006b8bf70, and do the "default action" only
for syscalls which are known by us and libseccomp, and return ENOSYS for
anything else. This means that users can start using a sandbox with the new
syscalls only after libseccomp and systemd have been updated, but before that
happens they behaviour that is backwards-compatible.
[1] https://github.com/bminor/glibc/commit/
65341f7bbea824d2ff9d37db15d8be162df42bd3
[2] https://github.com/seccomp/libseccomp/issues/406
[2] https://github.com/systemd/systemd/issues/30250
Fixes https://github.com/systemd/systemd/issues/30250.
In seccomp_restrict_sxid() there's a chunk conditionalized with
'#if defined(__SNR_fchmodat2)'. We need to kep that because seccomp_restrict_sxid()
seccomp_restrict_suid_sgid() uses SCMP_ACT_ALLOW as the default action.
Mike Yuan [Fri, 1 Dec 2023 19:06:16 +0000 (03:06 +0800)]
core/cgroup: for non-cached attrs, don't return ENODATA blindly
Follow-up for
f17b07f4d72238da95312920dcc2ad076568cba3
Hope I won't break this thing again...
Zbigniew Jędrzejewski-Szmek [Sat, 2 Dec 2023 00:08:45 +0000 (01:08 +0100)]
Merge pull request #30294 from bluca/news
hwdb and NEWS updates
Neil Wilson [Fri, 1 Dec 2023 16:29:32 +0000 (16:29 +0000)]
systemd-homed.service.in: add quotactl to SystemCallFilter
Standard directories make a call to the quotactl system call to enforce disk size limits.
Fixes #30287
Luca Boccassi [Fri, 1 Dec 2023 22:07:08 +0000 (22:07 +0000)]
hwdb: update
Luca Boccassi [Fri, 1 Dec 2023 22:05:08 +0000 (22:05 +0000)]
NEWS: update contributors list
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2023 18:54:18 +0000 (19:54 +0100)]
Merge pull request #30268 from yuwata/network-fix-too-many-waiting-replies
network: fix issue caused by too many waiting replies
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2023 14:53:06 +0000 (15:53 +0100)]
core: fix comment
Дамјан Георгиевски [Fri, 1 Dec 2023 10:46:36 +0000 (11:46 +0100)]
fix: prefix of dmesg pstore files
A change in the kernel[1] renamed the prefix of the pstore files from
`dmesg-efi-` to `dmesg-efi_pstore-`.
[1]
https://git.kernel.org/linus/
893c5f1de620
Neil Wilson [Fri, 1 Dec 2023 16:32:18 +0000 (16:32 +0000)]
homework-quota.c: correct error message in home_update_quota_btrfs
Fixes #30286